Convert some JSC code over to std::mutex
[WebKit.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-09  Anders Carlsson  <andersca@apple.com>
2
3         Convert some JSC code over to std::mutex
4         https://bugs.webkit.org/show_bug.cgi?id=128500
5
6         Reviewed by Dan Bernstein.
7
8         * API/JSVirtualMachine.mm:
9         (wrapperCacheMutex):
10         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
11         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
12         * heap/GCThreadSharedData.h:
13         * heap/SlotVisitor.cpp:
14         (JSC::SlotVisitor::mergeOpaqueRoots):
15         * heap/SlotVisitorInlines.h:
16         (JSC::SlotVisitor::containsOpaqueRootTriState):
17         * inspector/remote/RemoteInspector.h:
18         * inspector/remote/RemoteInspector.mm:
19         (Inspector::RemoteInspector::registerDebuggable):
20         (Inspector::RemoteInspector::unregisterDebuggable):
21         (Inspector::RemoteInspector::updateDebuggable):
22         (Inspector::RemoteInspector::sendMessageToRemoteFrontend):
23         (Inspector::RemoteInspector::start):
24         (Inspector::RemoteInspector::stop):
25         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
26         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
27         (Inspector::RemoteInspector::xpcConnectionFailed):
28         (Inspector::RemoteInspector::pushListingSoon):
29         (Inspector::RemoteInspector::receivedIndicateMessage):
30         * inspector/remote/RemoteInspectorDebuggableConnection.h:
31         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
32         (Inspector::RemoteInspectorDebuggableConnection::setup):
33         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
34         (Inspector::RemoteInspectorDebuggableConnection::close):
35         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
36         * jit/ExecutableAllocator.cpp:
37         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
38         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
39         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
40         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
41         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
42         (JSC::DemandExecutableAllocator::allocatorsMutex):
43
44 2014-02-09  Commit Queue  <commit-queue@webkit.org>
45
46         Unreviewed, rolling out r163737.
47         http://trac.webkit.org/changeset/163737
48         https://bugs.webkit.org/show_bug.cgi?id=128491
49
50         Caused 8+ tests to fail on Mavericks and Mountain Lion bots
51         (Requested by rniwa on #webkit).
52
53         * runtime/JSString.h:
54         (JSC::jsSingleCharacterString):
55         (JSC::jsSingleCharacterSubstring):
56         (JSC::jsString):
57         (JSC::jsSubstring8):
58         * runtime/SmallStrings.cpp:
59         (JSC::SmallStringsStorage::SmallStringsStorage):
60         (JSC::SmallStrings::SmallStrings):
61
62 2014-02-08  Anders Carlsson  <andersca@apple.com>
63
64         Simplify single character substrings in JSC
65         https://bugs.webkit.org/show_bug.cgi?id=128483
66
67         Reviewed by Andreas Kling.
68
69         With the recent work to make StringImpl occupy less space, it is actually more
70         efficient to allocate a single character string that it is to use createSubstringSharingImpl!
71         
72         * runtime/JSString.h:
73         (JSC::jsSingleCharacterString):
74         (JSC::jsSingleCharacterSubstring):
75         (JSC::jsString):
76         (JSC::jsSubstring8):
77         * runtime/SmallStrings.cpp:
78         (JSC::SmallStringsStorage::SmallStringsStorage):
79         (JSC::SmallStrings::SmallStrings):
80
81 2014-02-08  Mark Hahnenberg  <mhahnenberg@apple.com>
82
83         Baseline JIT uses the wrong version of checkMarkWord in emitWriteBarrier
84         https://bugs.webkit.org/show_bug.cgi?id=128474
85
86         Reviewed by Michael Saboff.
87
88         * jit/JITPropertyAccess.cpp:
89         (JSC::JIT::emitWriteBarrier):
90
91 2014-02-08  Mark Lam  <mark.lam@apple.com>
92
93         Rename a field and some variables in JSLock to better describe what they contain.
94         <https://webkit.org/b/128475>
95
96         Reviewed by Oliver Hunt.
97
98         * runtime/JSLock.cpp:
99         (JSC::JSLock::dropAllLocks):
100         (JSC::JSLock::dropAllLocksUnconditionally):
101         (JSC::JSLock::grabAllLocks):
102         (JSC::JSLock::DropAllLocks::DropAllLocks):
103         (JSC::JSLock::DropAllLocks::~DropAllLocks):
104         * runtime/JSLock.h:
105
106 2014-02-08  Anders Carlsson  <andersca@apple.com>
107
108         Stop using getCharactersWithUpconvert in JavaScriptCore
109         https://bugs.webkit.org/show_bug.cgi?id=128457
110
111         Reviewed by Andreas Kling.
112
113         Change substituteBackreferencesSlow to take StringViews and use a StringBuilder instead of upconverting
114         if the source or replacement strings area 16-bit.
115
116         * runtime/StringPrototype.cpp:
117         (JSC::substituteBackreferencesSlow):
118         (JSC::substituteBackreferences):
119
120 2014-02-08  Mark Rowe  <mrowe@apple.com>
121
122         <https://webkit.org/b/128452> Don't duplicate the list of input files for postprocess-headers.sh
123
124         Reviewed by Dan Bernstein.
125
126         * postprocess-headers.sh: Pull the list of headers to process out of the environment.
127
128 2014-02-08  Mark Rowe  <mrowe@apple.com>
129
130         Fix the iOS build.
131
132         * API/WebKitAvailability.h: Skip the workarounds specific to OS X when we're building for iOS.
133
134 2014-02-07  Mark Rowe  <mrowe@apple.com>
135
136         <https://webkit.org/b/128448> Fix use of availability macros on recently-added APIs
137
138         Reviewed by Dan Bernstein.
139
140         * API/JSContext.h: Remove some #ifs.
141         * API/JSManagedValue.h: Ditto.
142         * API/WebKitAvailability.h: #define the macros that availability macros mentioning
143         newer OS X versions would expand to when building on older OS versions.
144         * JavaScriptCore.xcodeproj/project.pbxproj: Call the new postprocess-headers.sh.
145         * postprocess-headers.sh: Extracted from the Xcode project. Updated to remove content
146         from headers based on the __MAC_OS_X_VERSION_MIN_REQUIRED macro, and to
147         process WebKitAvailability.h.
148
149 2014-02-07  Mark Lam  <mark.lam@apple.com>
150
151         JSLock should not "restore" VM stack values if it did not re-grab locks.
152         <https://webkit.org/b/128447>
153
154         Reviewed by Geoffrey Garen.
155
156         In the existing code, if DropAllLocks is instantiate with DontAlwaysDropLocks
157         in a thread that does not own the JSLock, then a bug will manifest where:
158
159         1. The DropAllLocks constructor will save the VM's stackPointerAtEntry,
160            lastStackTop, and reservedZoneSize even though it will not drop the JSLock.
161         2. The DropAllLocks destructor will restore those 3 values to the VM even
162            though the JSLock will not grab its internal lock.
163
164         The former only causes busy work but does not impact correctness. The latter
165         however, will corrupt those 3 VM values which belong to the thread that
166         actually owns the JSLock.
167
168         The fix is to only save the values when the JSLock will actually drop its
169         internal lock, and only restore the values if it did re-grab the internal lock.
170
171         * runtime/JSLock.cpp:
172         (JSC::JSLock::dropAllLocks):
173         (JSC::JSLock::dropAllLocksUnconditionally):
174         (JSC::JSLock::grabAllLocks):
175         (JSC::JSLock::DropAllLocks::DropAllLocks):
176         - Moved the saving of VM stack values to dropAllLocks() and
177           dropAllLocksUnconditionally().
178         (JSC::JSLock::DropAllLocks::~DropAllLocks):
179         - Moved the restoring of VM stack values to grabAllLocks().
180
181 2014-02-07  Filip Pizlo  <fpizlo@apple.com>
182
183         Don't throw away code if there is code on the worklists
184         https://bugs.webkit.org/show_bug.cgi?id=128443
185
186         Reviewed by Joseph Pecoraro.
187         
188         If we throw away compiled code and there is code currently being JITed then the JIT
189         will get confused after it resumes: it will see a code block that had claimed to belong
190         to an executable except that it doesn't belong to any executables anymore.
191
192         * dfg/DFGWorklist.h:
193         (JSC::DFG::Worklist::isActive):
194         * heap/Heap.cpp:
195         (JSC::Heap::deleteAllCompiledCode):
196
197 2014-02-07  Filip Pizlo  <fpizlo@apple.com>
198
199         GC should safepoint the DFG worklist in a smarter way rather than just waiting for everything to complete
200         https://bugs.webkit.org/show_bug.cgi?id=128297
201
202         Reviewed by Oliver Hunt.
203         
204         This makes DFG worklist threads have a rightToRun lock that gives them the ability to
205         be safepointed by the GC in much the same way as you'd expect from a fully
206         multithreaded VM.
207         
208         The idea is that the worklist threads's roots are the DFG::Plan. They only touch those
209         roots when holding the rightToRun lock. They currently grab that lock to run the
210         compiler, but relinquish it when accessing - and waiting on - the worklist.
211
212         * bytecode/CodeBlock.h:
213         (JSC::CodeBlockSet::mark):
214         * dfg/DFGCompilationKey.cpp:
215         (JSC::DFG::CompilationKey::visitChildren):
216         * dfg/DFGCompilationKey.h:
217         * dfg/DFGDesiredStructureChains.cpp:
218         (JSC::DFG::DesiredStructureChains::visitChildren):
219         * dfg/DFGDesiredStructureChains.h:
220         * dfg/DFGDesiredTransitions.cpp:
221         (JSC::DFG::DesiredTransition::visitChildren):
222         (JSC::DFG::DesiredTransitions::visitChildren):
223         * dfg/DFGDesiredTransitions.h:
224         * dfg/DFGDesiredWeakReferences.cpp:
225         (JSC::DFG::DesiredWeakReferences::visitChildren):
226         * dfg/DFGDesiredWeakReferences.h:
227         * dfg/DFGDesiredWriteBarriers.cpp:
228         (JSC::DFG::DesiredWriteBarrier::visitChildren):
229         (JSC::DFG::DesiredWriteBarriers::visitChildren):
230         * dfg/DFGDesiredWriteBarriers.h:
231         * dfg/DFGPlan.cpp:
232         (JSC::DFG::Plan::visitChildren):
233         * dfg/DFGPlan.h:
234         * dfg/DFGWorklist.cpp:
235         (JSC::DFG::Worklist::~Worklist):
236         (JSC::DFG::Worklist::finishCreation):
237         (JSC::DFG::Worklist::suspendAllThreads):
238         (JSC::DFG::Worklist::resumeAllThreads):
239         (JSC::DFG::Worklist::visitChildren):
240         (JSC::DFG::Worklist::runThread):
241         (JSC::DFG::Worklist::threadFunction):
242         * dfg/DFGWorklist.h:
243         (JSC::DFG::numberOfWorklists):
244         (JSC::DFG::worklistForIndexOrNull):
245         * heap/CodeBlockSet.h:
246         * heap/Heap.cpp:
247         (JSC::Heap::markRoots):
248         (JSC::Heap::collect):
249         * runtime/IntendedStructureChain.cpp:
250         (JSC::IntendedStructureChain::visitChildren):
251         * runtime/IntendedStructureChain.h:
252         * runtime/VM.cpp:
253         (JSC::VM::~VM):
254         (JSC::VM::prepareToDiscardCode):
255
256 2014-02-07  Mark Lam  <mark.lam@apple.com>
257
258         Unify JSLock implementation for iOS and non-iOS ports.
259         <https://webkit.org/b/128409>
260
261         Reviewed by Michael Saboff.
262
263         The iOS and non-iOS implementations of dropAllLocks(),
264         dropAllLocksUnconditionally(), and grabAllLocks() effectively do the
265         same work. The main difference is that the iOS implementation acquires
266         the JSLock spin lock in the DropAllLocks class while the other ports
267         acquire it when it calls JSLock::lock() and unlock().
268
269         The other difference is that the iOS implementation will only increment
270         m_locksDropDepth if it actually drops locks, whereas other ports will
271         increment it unconditionally. Analogously, iOS decrements the depth only
272         when needed while other ports will decrement it unconditionally when
273         re-grabbing locks.
274
275         We can unify the 2 implementations by having both use the iOS
276         implementation for a start.
277
278         * runtime/JSLock.cpp:
279         (JSC::JSLock::dropAllLocks):
280         (JSC::JSLock::dropAllLocksUnconditionally):
281         (JSC::JSLock::grabAllLocks):
282         (JSC::JSLock::DropAllLocks::DropAllLocks):
283         (JSC::JSLock::DropAllLocks::~DropAllLocks):
284
285 2014-02-06  Filip Pizlo  <fpizlo@apple.com>
286
287         More FTL build scaffolding
288         https://bugs.webkit.org/show_bug.cgi?id=128330
289
290         Reviewed by Geoffrey Garen.
291
292         * Configurations/FeatureDefines.xcconfig:
293         * llvm/library/LLVMAnchor.cpp:
294
295 2014-02-07  Mark Lam  <mark.lam@apple.com>
296
297         iOS port needs to clear VM::stackPointerAtVMEntry when it drops locks.
298         <https://webkit.org/b/128424>
299
300         Reviewed by Geoffrey Garen.
301
302         The iOS code path for dropping locks differ from the non-iOS code path
303         in that it (iOS) does not clear m_vm->stackPointerAtVMEntry nor reset the
304         VM stack limit. This is now fixed by copying that snippit from
305         JSLock::unlock().
306
307         * runtime/JSLock.cpp:
308         (JSC::JSLock::dropAllLocks):
309         (JSC::JSLock::dropAllLocksUnconditionally):
310
311 2014-02-07  Mark Lam  <mark.lam@apple.com>
312
313         Removed superflous JSLock::entryStackPointer field.
314         <https://webkit.org/b/128413>
315
316         Reviewed by Geoffrey Garen.
317
318         * runtime/JSLock.cpp:
319         (JSC::JSLock::lock):
320         * runtime/JSLock.h:
321
322 2014-02-07  Mark Lam  <mark.lam@apple.com>
323
324         Revert workaround committed in http://trac.webkit.org/r163595.
325         <https://webkit.org/b/128408>
326
327         Reviewed by Geoffrey Garen.
328
329         Now that we have fixed the bugs in JSLock's stack limit adjusments
330         in https://bugs.webkit.org/show_bug.cgi?id=128406, we can revert the
331         workaround in r163595.
332
333         * API/JSContextRef.cpp:
334         (JSContextGroupCreate):
335         (JSGlobalContextCreateInGroup):
336         * API/tests/testapi.js:
337         * runtime/VM.cpp:
338         (JSC::VM::VM):
339         (JSC::VM::updateStackLimitWithReservedZoneSize):
340         * runtime/VM.h:
341
342 2014-02-07  Mark Lam  <mark.lam@apple.com>
343
344         Fix bug in stack limit adjustments in JSLock.
345         <https://webkit.org/b/128406>
346
347         Reviewed by Geoffrey Garen.
348
349         1. JSLock::unlock() was only clearing the VM::stackPointerAtEntry when
350            m_vm->stackPointerAtVMEntry == entryStackPointer. FYI,
351            entryStackPointer is a field in JSLock.
352
353            When DropAllLocks::~DropAllLocks() will call JSLock::grabAllLocks()
354            to relock the JSLock, JSLock::grabAllLocks() will set a new
355            entryStackPointer value. Thereafter, DropAllLocks::~DropAllLocks() will
356            restore the saved VM::stackPointerAtEntry, which will now defer from
357            the JSLock's entryStackPointer value.
358
359            It turns out that when m_vm->stackPointerAtVMEntry was initialized,
360            it was set to whatever value entryStackPointer is set to. At no time
361            do we ever expect the 2 values to differ. The only time it differs is
362            when this bug manifests.
363
364            The fix is to remove the entryStackPointer field in JSLock and its uses
365            altogether.
366
367         2. DropAllLocks was unconditionally clearing VM::stackPointerAtEntry in
368            its constructor instead of letting JSLock::unlock() do the clearing.
369
370            However, DropAllLocks will not actually drop locks if it isn't required
371            to (e.g. when alwaysDropLocks is DontAlwaysDropLocks), and when we've
372            already drop locks once (i.e. JSLock::m_lockDropDepth is not 0).
373
374            We should not have cleared VM::stackPointerAtEntry here if we don't
375            actually drop the locks.
376
377         * runtime/JSLock.cpp:
378         (JSC::JSLock::unlock):
379         (JSC::JSLock::DropAllLocks::DropAllLocks):
380
381 2014-02-07  Joseph Pecoraro  <pecoraro@apple.com>
382
383         [iOS] Eliminate race between XPC connection queue and Notification queue
384         https://bugs.webkit.org/show_bug.cgi?id=128384
385
386         Reviewed by Timothy Hatcher.
387
388         * inspector/remote/RemoteInspector.h:
389         * inspector/remote/RemoteInspector.mm:
390         (Inspector::RemoteInspector::RemoteInspector):
391         (Inspector::RemoteInspector::start):
392         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
393         Create the queue to use for RemoteInspector xpc connection
394         management and the connection itself.
395
396         * inspector/remote/RemoteInspectorXPCConnection.h:
397         * inspector/remote/RemoteInspectorXPCConnection.mm:
398         (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
399         Use the passed in queue instead of creating one for itself.
400
401 2014-02-07  Oliver Hunt  <oliver@apple.com>
402
403         REGRESSION (r160628): LLint does not appear to handle impure get own property properly
404         https://bugs.webkit.org/show_bug.cgi?id=127943
405
406         Reviewed by Filip Pizlo.
407
408         Make sure the LLINT doesn't attempt to cache property
409         access on structures with impureGetOwnPropertySlot set.
410
411         * llint/LLIntSlowPaths.cpp:
412         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
413
414 2014-02-06  Michael Saboff  <msaboff@apple.com>
415
416         Workaround REGRESSION(r163195-r163227): Crash beneath NSErrorUserInfoFromJSException when installing AppleInternal.mpkg
417         https://bugs.webkit.org/show_bug.cgi?id=128347
418
419         Reviewed by Geoffrey Garen.
420
421         Added a flag to VM class called m_ignoreStackLimit that disables stack limit checks.
422         We set this flag in JSContextGroupCreate() and JSGlobalContextCreateInGroup().
423
424         Disabled stack overflow tests in testapi.js since it uses these paths.
425
426         THis patch will be reverted as part of a comprehensive solution to the problem.
427
428         * API/JSContextRef.cpp:
429         (JSContextGroupCreate):
430         (JSGlobalContextCreateInGroup):
431         * API/tests/testapi.js:
432         * runtime/VM.cpp:
433         (JSC::VM::VM):
434         (JSC::VM::updateStackLimitWithReservedZoneSize):
435         * runtime/VM.h:
436         (JSC::VM::ignoreStackLimit):
437
438 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
439
440         +[JSContext currentCallee] should return the currently executing JS function
441         https://bugs.webkit.org/show_bug.cgi?id=122621
442
443         Reviewed by Geoffrey Garen.
444
445         It would be useful if there was a +[JSContext currentObject] API which was 
446         callable from ObjC API callbacks. Its purpose would be to allow convenient 
447         access to the JSValue wrapper for the currently-executing block callback.
448
449         * API/JSContext.h:
450         * API/JSContext.mm:
451         (+[JSContext currentCallee]):
452         (-[JSContext beginCallbackWithData:calleeValue:thisValue:argumentCount:arguments:]):
453         * API/JSContextInternal.h:
454         * API/ObjCCallbackFunction.mm:
455         (JSC::objCCallbackFunctionCallAsFunction):
456         (JSC::objCCallbackFunctionCallAsConstructor):
457         * API/tests/testapi.mm:
458
459 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
460
461         Fix iOS builds after r163574
462
463         * API/JSManagedValue.h:
464
465 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
466
467         Heap::writeBarrier shouldn't be static
468         https://bugs.webkit.org/show_bug.cgi?id=127807
469
470         Reviewed by Geoffrey Garen.
471
472         Currently it looks up the Heap in which to fire the write barrier by using 
473         the cell passed to it. Almost every call site already has a reference to the 
474         VM or the Heap itself. It seems wasteful to look it up all over again.
475
476         * GNUmakefile.list.am:
477         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
478         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
479         * JavaScriptCore.xcodeproj/project.pbxproj:
480         * heap/CopyWriteBarrier.h:
481         (JSC::CopyWriteBarrier::set):
482         * heap/Heap.cpp:
483         (JSC::Heap::writeBarrier):
484         * heap/Heap.h:
485         (JSC::Heap::writeBarrier):
486         * jit/JITOperations.cpp:
487         * jit/JITWriteBarrier.h:
488         (JSC::JITWriteBarrierBase::set):
489         * llint/LLIntSlowPaths.cpp:
490         (JSC::LLInt::llint_write_barrier_slow):
491         * runtime/Arguments.h:
492         * runtime/JSWeakMap.cpp:
493         * runtime/MapData.cpp:
494         (JSC::MapData::ensureSpaceForAppend):
495         * runtime/PropertyTable.cpp:
496         (JSC::PropertyTable::PropertyTable):
497         * runtime/Structure.h:
498         * runtime/WriteBarrier.h:
499         * runtime/WriteBarrierInlines.h: Added.
500
501 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
502
503         JSManagedValue should automatically call removeManagedReference:withOwner: upon dealloc
504         https://bugs.webkit.org/show_bug.cgi?id=124053
505
506         Reviewed by Geoffrey Garen.
507
508         * API/JSManagedValue.h:
509         * API/JSManagedValue.mm:
510         (+[JSManagedValue managedValueWithValue:andOwner:]):
511         (-[JSManagedValue initWithValue:]):
512         (-[JSManagedValue dealloc]):
513         (-[JSManagedValue didAddOwner:]):
514         (-[JSManagedValue didRemoveOwner:]):
515         * API/JSManagedValueInternal.h: Added.
516         * API/JSVirtualMachine.mm:
517         (-[JSVirtualMachine addManagedReference:withOwner:]):
518         (-[JSVirtualMachine removeManagedReference:withOwner:]):
519         * API/WebKitAvailability.h:
520         * API/tests/testapi.mm:
521         (-[TextXYZ click]):
522         * JavaScriptCore.xcodeproj/project.pbxproj:
523
524 2014-02-06  Joseph Pecoraro  <pecoraro@apple.com>
525
526         Web Inspector: Add Console support to JSContext Inspection
527         https://bugs.webkit.org/show_bug.cgi?id=127941
528
529         Reviewed by Geoffrey Garen.
530
531         * CMakeLists.txt:
532         * DerivedSources.make:
533         * GNUmakefile.am:
534         * GNUmakefile.list.am:
535         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
536         * JavaScriptCore.xcodeproj/project.pbxproj:
537         Add new files.
538
539         * inspector/agents/InspectorConsoleAgent.cpp: Renamed from Source/WebCore/inspector/InspectorConsoleAgent.cpp.
540         * inspector/agents/InspectorConsoleAgent.h: Added.
541         New agent moved from WebCore. Rename a method to work in JS only context.
542
543         * inspector/JSGlobalObjectInspectorController.cpp:
544         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
545         Instantiate ConsoleAgent.
546
547         * inspector/agents/JSGlobalObjectConsoleAgent.h: Copied from Source/WebCore/inspector/PageInjectedScriptHost.h.
548         * inspector/agents/JSGlobalObjectConsoleAgent.cpp: Copied from Source/WebCore/inspector/PageInjectedScriptHost.h.
549         (Inspector::JSGlobalObjectConsoleAgent::JSGlobalObjectConsoleAgent):
550         (Inspector::JSGlobalObjectConsoleAgent::setMonitoringXHREnabled):
551         (Inspector::JSGlobalObjectConsoleAgent::addInspectedNode):
552         (Inspector::JSGlobalObjectConsoleAgent::addInspectedHeapObject):
553         JSGlobalObject implementation.
554
555         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
556         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
557         (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent):
558         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
559         Use ConsoleAgent to report logs.
560
561         * inspector/ConsoleMessage.cpp: Renamed from Source/WebCore/inspector/ConsoleMessage.cpp.
562         * inspector/ConsoleMessage.h: Renamed from Source/WebCore/inspector/ConsoleMessage.h.
563         * inspector/ConsoleTypes.h: Copied from Source/WebCore/inspector/ConsoleAPITypes.h.
564         * inspector/IdentifiersFactory.cpp: Renamed from Source/WebCore/inspector/IdentifiersFactory.cpp.
565         * inspector/IdentifiersFactory.h: Renamed from Source/WebCore/inspector/IdentifiersFactory.h.
566         * inspector/ScriptArguments.cpp: Renamed from Source/WebCore/inspector/ScriptArguments.cpp.
567         * inspector/ScriptArguments.h: Renamed from Source/WebCore/inspector/ScriptArguments.h.
568         * inspector/ScriptCallFrame.cpp: Renamed from Source/WebCore/inspector/ScriptCallFrame.cpp.
569         * inspector/ScriptCallFrame.h: Renamed from Source/WebCore/inspector/ScriptCallFrame.h.
570         * inspector/ScriptCallStack.cpp: Renamed from Source/WebCore/inspector/ScriptCallStack.cpp.
571         * inspector/ScriptCallStack.h: Renamed from Source/WebCore/inspector/ScriptCallStack.h.
572         * inspector/ScriptCallStackFactory.cpp: Renamed from Source/WebCore/bindings/js/ScriptCallStackFactory.cpp.
573         * inspector/ScriptCallStackFactory.h: Renamed from Source/WebCore/bindings/js/ScriptCallStackFactory.h.
574         * inspector/protocol/Console.json: Renamed from Source/WebCore/inspector/protocol/Console.json.
575         * inspector/scripts/generate-combined-inspector-json.py:
576
577 2014-02-06  Commit Queue  <commit-queue@webkit.org>
578
579         Unreviewed, rolling out r163542.
580         http://trac.webkit.org/changeset/163542
581         https://bugs.webkit.org/show_bug.cgi?id=128324
582
583         Caused many assertion failures (Requested by ap on #webkit).
584
585         * GNUmakefile.list.am:
586         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
587         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
588         * JavaScriptCore.xcodeproj/project.pbxproj:
589         * heap/CopyWriteBarrier.h:
590         (JSC::CopyWriteBarrier::set):
591         * heap/Heap.cpp:
592         (JSC::Heap::writeBarrier):
593         * heap/Heap.h:
594         (JSC::Heap::writeBarrier):
595         * jit/JITOperations.cpp:
596         * jit/JITWriteBarrier.h:
597         (JSC::JITWriteBarrierBase::set):
598         * llint/LLIntSlowPaths.cpp:
599         (JSC::LLInt::llint_write_barrier_slow):
600         * runtime/Arguments.h:
601         * runtime/JSWeakMap.cpp:
602         * runtime/MapData.cpp:
603         (JSC::MapData::ensureSpaceForAppend):
604         * runtime/PropertyTable.cpp:
605         (JSC::PropertyTable::PropertyTable):
606         * runtime/Structure.h:
607         * runtime/WriteBarrier.h:
608         (JSC::WriteBarrierBase::set):
609         (JSC::WriteBarrierBase::setMayBeNull):
610         (JSC::WriteBarrierBase::setEarlyValue):
611         (JSC::WriteBarrierBase<Unknown>::set):
612         * runtime/WriteBarrierInlines.h: Removed.
613
614 2014-02-06  Oliver Hunt  <oliver@apple.com>
615
616         Make 32bit pass the correct this value to custom getters
617         https://bugs.webkit.org/show_bug.cgi?id=128313
618
619         Reviewed by Mark Lam.
620
621         Now that the custom getter calling convetion uses a single register
622         for the slot base we can easily pass the correct |thisValue| instead
623         of simply relying on the thisValue not be relevant to existing
624         custom getters. This also means that 32bit can call custom getters
625         directly.
626
627         * jit/CCallHelpers.h:
628         (JSC::CCallHelpers::setupArgumentsWithExecState):
629         * jit/Repatch.cpp:
630         (JSC::generateProtoChainAccessStub):
631         (JSC::tryBuildGetByIDList):
632
633 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
634
635         Heap::writeBarrier shouldn't be static
636         https://bugs.webkit.org/show_bug.cgi?id=127807
637
638         Reviewed by Geoffrey Garen.
639
640         Currently it looks up the Heap in which to fire the write barrier by using 
641         the cell passed to it. Almost every call site already has a reference to the 
642         VM or the Heap itself. It seems wasteful to look it up all over again.
643
644         * GNUmakefile.list.am:
645         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
646         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
647         * JavaScriptCore.xcodeproj/project.pbxproj:
648         * heap/CopyWriteBarrier.h:
649         (JSC::CopyWriteBarrier::set):
650         * heap/Heap.cpp:
651         (JSC::Heap::writeBarrier):
652         * heap/Heap.h:
653         (JSC::Heap::writeBarrier):
654         * jit/JITOperations.cpp:
655         * jit/JITWriteBarrier.h:
656         (JSC::JITWriteBarrierBase::set):
657         * llint/LLIntSlowPaths.cpp:
658         (JSC::LLInt::llint_write_barrier_slow):
659         * runtime/Arguments.h:
660         * runtime/JSWeakMap.cpp:
661         * runtime/MapData.cpp:
662         (JSC::MapData::ensureSpaceForAppend):
663         * runtime/PropertyTable.cpp:
664         (JSC::PropertyTable::PropertyTable):
665         * runtime/Structure.h:
666         * runtime/WriteBarrier.h:
667         * runtime/WriteBarrierInlines.h: Added.
668
669 2014-02-04  Filip Pizlo  <fpizlo@apple.com>
670
671         Make FTL OSR entry something we only try after we've already compiled the function with the FTL and it still got stuck in a loop after that without ever returning like a sensible function oughta have
672         https://bugs.webkit.org/show_bug.cgi?id=128234
673
674         Reviewed by Geoffrey Garen.
675         
676         Use DFG::JITCode::osrEntryRetry as a counter to decide when to invoke OSR entry. That
677         comes into play only after we've done a replacement compile.
678         
679         This appears to still give us a speed-up on the kinds of things that OSR entry is good
680         for, while also eliminating pointless OSR entry compilations on other things.
681
682         * dfg/DFGJITCode.cpp:
683         (JSC::DFG::JITCode::JITCode):
684         * dfg/DFGJITCode.h:
685         * dfg/DFGOperations.cpp:
686         * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
687         (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
688         * runtime/Options.h:
689
690 2014-02-04  Filip Pizlo  <fpizlo@apple.com>
691
692         Don't speculate on ToThis if we already know that arg0 has a questionable record with structure checks
693         https://bugs.webkit.org/show_bug.cgi?id=128229
694
695         Reviewed by Geoffrey Garen.
696
697         * dfg/DFGByteCodeParser.cpp:
698         (JSC::DFG::ByteCodeParser::parseBlock):
699
700 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
701
702         Handling of opaque roots is wrong in EdenCollections
703         https://bugs.webkit.org/show_bug.cgi?id=128210
704
705         Reviewed by Oliver Hunt.
706
707         The set of opaque roots is always cleared during each collection. We should instead persist 
708         the set of opaque roots across EdenCollections and only clear it at the beginning of FullCollections.
709
710         Also added a couple of custom objects to the jsc shell that allow us to test this.
711
712         * heap/GCThreadSharedData.cpp:
713         (JSC::GCThreadSharedData::reset):
714         (JSC::GCThreadSharedData::didStartMarking):
715         * heap/Heap.cpp:
716         (JSC::Heap::markRoots):
717         * heap/Heap.h:
718         (JSC::Heap::setShouldDoFullCollection):
719         * heap/SlotVisitor.cpp:
720         (JSC::SlotVisitor::didStartMarking):
721         (JSC::SlotVisitor::reset):
722         * heap/SlotVisitor.h:
723         * jsc.cpp:
724         (WTF::Element::Element):
725         (WTF::Element::root):
726         (WTF::Element::setRoot):
727         (WTF::Element::create):
728         (WTF::Element::createStructure):
729         (WTF::ElementHandleOwner::isReachableFromOpaqueRoots):
730         (WTF::Root::Root):
731         (WTF::Root::element):
732         (WTF::Root::setElement):
733         (WTF::Root::create):
734         (WTF::Root::createStructure):
735         (WTF::Root::visitChildren):
736         (WTF::Element::handleOwner):
737         (WTF::Element::finishCreation):
738         (GlobalObject::finishCreation):
739         (functionCreateRoot):
740         (functionCreateElement):
741         (functionGetElement):
742         (functionSetElementRoot):
743         (functionGCAndSweep):
744         (functionFullGC):
745         (functionEdenGC):
746
747 2014-02-05  Anders Carlsson  <andersca@apple.com>
748
749         Remove unused functions.
750
751         * runtime/RegExpConstructor.cpp:
752         (JSC::RegExpConstructor::getOwnPropertySlot):
753         * runtime/RegExpObject.cpp:
754
755 2014-02-05  Oliver Hunt  <oliver@apple.com>
756
757         Change custom getter signature to make the base reference an object pointer
758         https://bugs.webkit.org/show_bug.cgi?id=128279
759
760         Reviewed by Geoffrey Garen.
761
762         Make custom getters take a JSObject* instead of EncodedJSValue as the base
763         reference.  This allows us to drop one pointer from the JSVALUE32_64 calling
764         convention.
765
766         * API/JSCallbackObject.h:
767         * API/JSCallbackObjectFunctions.h:
768         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
769         (JSC::JSCallbackObject<Parent>::callbackGetter):
770         * jit/JITOperations.cpp:
771         * jit/Repatch.cpp:
772         (JSC::generateProtoChainAccessStub):
773         (JSC::tryBuildGetByIDList):
774         * runtime/JSActivation.cpp:
775         (JSC::JSActivation::argumentsGetter):
776         * runtime/JSActivation.h:
777         * runtime/JSFunction.cpp:
778         (JSC::JSFunction::argumentsGetter):
779         (JSC::JSFunction::callerGetter):
780         (JSC::JSFunction::lengthGetter):
781         (JSC::JSFunction::nameGetter):
782         * runtime/JSFunction.h:
783         * runtime/JSObject.h:
784         (JSC::PropertySlot::getValue):
785         * runtime/NumberConstructor.cpp:
786         (JSC::numberConstructorNaNValue):
787         (JSC::numberConstructorNegInfinity):
788         (JSC::numberConstructorPosInfinity):
789         (JSC::numberConstructorMaxValue):
790         (JSC::numberConstructorMinValue):
791         * runtime/PropertySlot.h:
792         * runtime/RegExpConstructor.cpp:
793         (JSC::regExpConstructorDollar1):
794         (JSC::regExpConstructorDollar2):
795         (JSC::regExpConstructorDollar3):
796         (JSC::regExpConstructorDollar4):
797         (JSC::regExpConstructorDollar5):
798         (JSC::regExpConstructorDollar6):
799         (JSC::regExpConstructorDollar7):
800         (JSC::regExpConstructorDollar8):
801         (JSC::regExpConstructorDollar9):
802         (JSC::regExpConstructorInput):
803         (JSC::regExpConstructorMultiline):
804         (JSC::regExpConstructorLastMatch):
805         (JSC::regExpConstructorLastParen):
806         (JSC::regExpConstructorLeftContext):
807         (JSC::regExpConstructorRightContext):
808         * runtime/RegExpObject.cpp:
809         (JSC::regExpObjectGlobal):
810         (JSC::regExpObjectIgnoreCase):
811         (JSC::regExpObjectMultiline):
812         (JSC::regExpObjectSource):
813
814 2014-02-05  Andreas Kling  <akling@apple.com>
815
816         Remove ENABLE(DIRECTORY_UPLOAD).
817         <https://webkit.org/b/128275>
818
819         Rubber-stamped by Ryosuke Niwa.
820
821         * Configurations/FeatureDefines.xcconfig:
822
823 2014-02-05  Filip Pizlo  <fpizlo@apple.com>
824
825         Rename useExperimentalFTL to useFTLJIT.
826
827         Rubber stamped by Mark Hahnenberg.
828
829         * dfg/DFGTierUpCheckInjectionPhase.cpp:
830         (JSC::DFG::TierUpCheckInjectionPhase::run):
831         * runtime/Options.h:
832
833 2014-02-05  Brian Burg  <bburg@apple.com>
834
835         Web Inspector: add probe manager and model objects to the frontend
836         https://bugs.webkit.org/show_bug.cgi?id=127117
837
838         Reviewed by Timothy Hatcher.
839
840         The inspector frontend now assigns breakpoint action identifiers,
841         rather than the backend. Remove return values containing breakpoint
842         identifiers, and remove tracking and assignment of action identifiers.
843
844         * inspector/ScriptDebugListener.h:
845         * inspector/ScriptDebugServer.cpp:
846         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
847         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
848         Pass BreakpointAction by reference rather than just the action identifier.
849
850         * inspector/ScriptDebugServer.h:
851         * inspector/agents/InspectorDebuggerAgent.cpp:
852         (Inspector::objectGroupForBreakpointAction):
853         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
854         (Inspector::InspectorDebuggerAgent::breakpointActionsFromProtocol):
855         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
856         (Inspector::InspectorDebuggerAgent::setBreakpoint):
857         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
858         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
859         * inspector/agents/InspectorDebuggerAgent.h:
860         * inspector/protocol/Debugger.json: Revert change to setBreakpoint return values. Add optional identifier to breakpoint actions.
861
862 2014-02-05  Filip Pizlo  <fpizlo@apple.com>
863
864         JSC on Mac should pull LLVM from prefix=/usr/local/LLVMForJavaScriptCore and not /usr/local
865         https://bugs.webkit.org/show_bug.cgi?id=128269
866
867         Reviewed by Mark Hahnenberg.
868
869         * Configurations/Base.xcconfig:
870         * Configurations/LLVMForJSC.xcconfig:
871
872 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
873
874         Fix 32-bit builds after r163471
875
876         * dfg/DFGOSRExitCompilerCommon.cpp:
877
878 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
879
880         Can no longer run OctaneV2 in browser, crashes in speculationFromCell
881         https://bugs.webkit.org/show_bug.cgi?id=128266
882
883         Reviewed by Filip Pizlo.
884
885         Move the OSR exit write barriers into OSRExitCompilerCommon. Also reorganize some 
886         of the code to be in more appropriate places.
887
888         * dfg/DFGOSRExitCompiler32_64.cpp:
889         (JSC::DFG::OSRExitCompiler::compileExit):
890         * dfg/DFGOSRExitCompiler64.cpp:
891         (JSC::DFG::OSRExitCompiler::compileExit):
892         * dfg/DFGOSRExitCompilerCommon.cpp:
893         (JSC::DFG::osrWriteBarrier):
894         (JSC::DFG::adjustAndJumpToTarget):
895         * dfg/DFGSpeculativeJIT.cpp:
896         * dfg/DFGSpeculativeJIT.h:
897         * jit/AssemblyHelpers.h:
898         (JSC::AssemblyHelpers::genericWriteBarrier):
899
900 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
901
902         Malloc called beneath MachineThreads::gatherFromOtherThread(), while forbidden
903         https://bugs.webkit.org/show_bug.cgi?id=128202
904
905         Reviewed by Geoffrey Garen.
906
907         This patch uses the new GCSegmentedArray to replace the Vector that was used 
908         to record the set of currently executing CodeBlocks during the conservative 
909         stack scan. This is primarily to avoid the possibility of the Vector resizing 
910         while FastMalloc is forbidden.
911
912         * heap/BlockAllocator.h:
913         * heap/CodeBlockSet.cpp:
914         (JSC::CodeBlockSet::CodeBlockSet):
915         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
916         * heap/CodeBlockSet.h:
917         * heap/GCSegmentedArray.h:
918         (JSC::GCSegmentedArray::begin):
919         (JSC::GCSegmentedArray::end):
920         (JSC::GCSegmentedArrayIterator::GCSegmentedArrayIterator):
921         (JSC::GCSegmentedArrayIterator::get):
922         (JSC::GCSegmentedArrayIterator::operator*):
923         (JSC::GCSegmentedArrayIterator::operator->):
924         (JSC::GCSegmentedArrayIterator::operator==):
925         (JSC::GCSegmentedArrayIterator::operator!=):
926         (JSC::GCSegmentedArrayIterator::operator++):
927         * heap/Heap.cpp:
928         (JSC::Heap::Heap):
929
930 2014-02-05  Wojciech Bielawski  <w.bielawski@samsung.com>
931
932         XMLHttpRequest performs too many copies for ArrayBuffer results
933         https://bugs.webkit.org/show_bug.cgi?id=117458
934
935         Reviewed by Alexey Proskuryakov.
936
937         Based on blink change: https://chromium.googlesource.com/chromium/blink/+/bed266aa5a43f7c080c87e527bd35e2b80ecc7b7
938
939         Add SharedBuffer::createArrayBuffer() and use it to create XMLHttpRequest's response in ArrayBuffer
940         This cuts
941             - two memsets (in ArrayBuffer::create and SharedBuffer::m_buffer::resize)
942             - one copy (SharedBuffer::m_buffer to ArrayBufferContents::m_data)
943             - one allocation (SharedBuffer::m_buffer)
944
945         * runtime/ArrayBuffer.h:
946
947 2014-02-05  Csaba Osztrogonác  <ossy@webkit.org>
948
949         Remove ENABLE(SVG) guards
950         https://bugs.webkit.org/show_bug.cgi?id=127991
951
952         Reviewed by Sam Weinig.
953
954         * Configurations/FeatureDefines.xcconfig:
955
956 2014-02-05  Zan Dobersek  <zdobersek@igalia.com>
957
958         Remove CLASS_IF_GCC workarounds
959         https://bugs.webkit.org/show_bug.cgi?id=128207
960
961         Reviewed by Anders Carlsson.
962
963         Remove the CLASS_IF_GCC macro that was defined to 'class' when using the GCC compiler.
964         The macro was then used in class friendship declarations for templated classes to avoid
965         corner-case compiler failures on both GCC pre-4.7 and MSVC pre-2013. The problematic
966         versions of both compilers are no longer supported, so this macro is good to go.
967
968         * heap/HeapBlock.h:
969         * heap/Region.h:
970
971 2014-02-04  Mark Lam  <mark.lam@apple.com>
972
973         The stack limit computation does not work for Windows.
974         <https://webkit.org/b/128226>
975
976         Reviewed by Geoffrey Garen.
977
978         * llint/LowLevelInterpreter.cpp:
979         (JSC::CLoopRegister::CLoopRegister):
980         (JSC::CLoop::execute):
981         - Suppressed some compiler warnings for the C loop build.
982         * runtime/VM.cpp:
983         (JSC::VM::updateStackLimitWithReservedZoneSize):
984         - Use the new StackBounds::recursionLimit() to compute the stack limit
985           the right way.
986
987 2014-02-04  Andreas Kling  <akling@apple.com>
988
989         Remove <iframe seamless> support.
990         <https://webkit.org/b/128213>
991
992         Rubber-stamped by Antti Koivisto.
993
994         * Configurations/FeatureDefines.xcconfig:
995
996 2014-02-04  Mark Lam  <mark.lam@apple.com>
997
998         DFG::operationTypeOf() needs to set the VM::topCallFrame.
999         <https://webkit.org/b/128228>
1000
1001         Reviewed by Mark Hahnenberg.
1002
1003         * dfg/DFGOperations.cpp:
1004         - operationTypeOf() can end up calling into WebCore which may in turn
1005           call back to JSC, and need a valid VM::topCallFrame. So, we need to
1006           set the value of VM::topCallFrame at the top of operationTypeOf().
1007
1008 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1009
1010         Fix !ENABLE(JIT) builds after r163418
1011
1012         * bytecode/CodeBlock.cpp:
1013         (JSC::CodeBlock::reoptimizationRetryCounter): Return 0 if there's no way for us to reoptimize.
1014
1015 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1016
1017         Reduce boilerplate in BlockAllocator.h
1018         https://bugs.webkit.org/show_bug.cgi?id=128222
1019
1020         Reviewed by Filip Pizlo.
1021
1022         There are a lot of template specializations for the various types of HeapBlocks 
1023         in BlockAllocator.h. We could reduce the spew by using a macro.
1024
1025         * heap/BlockAllocator.h:
1026
1027 2014-02-04  Filip Pizlo  <fpizlo@apple.com>
1028
1029         DFG PutByVal on typed arrays should detect OutOfBounds sooner
1030         https://bugs.webkit.org/show_bug.cgi?id=128162
1031
1032         Reviewed by Mark Hahnenberg.
1033         
1034         Just wire the m_outOfBounds flag in ArrayProfile into the OutOfBounds speculation in
1035         DFG::ArrayMode for typed arrays.
1036         
1037         Also make it possible to have tests for convergence.
1038         
1039         Also turn one of the LayoutTests/js/dfg- tests into a stress test because it
1040         was relying on a specific number of recompiles. Stress tests instead take
1041         the approach of just running for a while. That's more robust.
1042
1043         * bytecode/CodeBlock.h:
1044         * dfg/DFGArrayMode.cpp:
1045         (JSC::DFG::ArrayMode::fromObserved):
1046         (JSC::DFG::ArrayMode::refine):
1047         * dfg/DFGArrayMode.h:
1048         (JSC::DFG::ArrayMode::withSpeculationFromProfile):
1049         (JSC::DFG::ArrayMode::withProfile):
1050         * ftl/FTLLowerDFGToLLVM.cpp:
1051         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1052         * jit/JITPropertyAccess.cpp:
1053         (JSC::JIT::emitIntTypedArrayPutByVal):
1054         (JSC::JIT::emitFloatTypedArrayPutByVal):
1055         * jsc.cpp:
1056         (GlobalObject::finishCreation):
1057         (functionReoptimizationRetryCount):
1058         * runtime/TestRunnerUtils.cpp:
1059         (JSC::getExecutableForFunction):
1060         (JSC::getSomeBaselineCodeBlockForFunction):
1061         (JSC::numberOfDFGCompiles):
1062         (JSC::setNeverInline):
1063         * runtime/TestRunnerUtils.h:
1064         * tests/stress/float32-repeat-out-of-bounds.js: Added.
1065         (foo):
1066         * tests/stress/int8-repeat-out-of-bounds.js: Added.
1067         (foo):
1068         * tests/stress/string-out-of-bounds-negative-proto-value.js: Added.
1069         (foo):
1070
1071 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1072
1073         Refactor MarkStackArray to allow more than JSCells to be stored
1074         https://bugs.webkit.org/show_bug.cgi?id=128203
1075
1076         Reviewed by Geoffrey Garen.
1077
1078         This patch refactors MarkStackArray into a separate template class named GCSegmentedArray.
1079         This class allows subclassing to add functionality that only MarkStackArray wants.
1080         Since it uses the JSC BlockAllocator instead of FastMalloc, this class can be used during 
1081         conservative stack scanning, which disallows using FastMalloc.
1082
1083         * GNUmakefile.list.am:
1084         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1085         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1086         * JavaScriptCore.xcodeproj/project.pbxproj:
1087         * heap/BlockAllocator.h:
1088         * heap/GCSegmentedArray.h: Added.
1089         (JSC::GCArraySegment::GCArraySegment):
1090         (JSC::GCArraySegment::data):
1091         * heap/GCSegmentedArrayInlines.h: Added.
1092         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
1093         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
1094         (JSC::GCSegmentedArray<T>::clear):
1095         (JSC::GCSegmentedArray<T>::expand):
1096         (JSC::GCSegmentedArray<T>::refill):
1097         (JSC::GCSegmentedArray<T>::fillVector):
1098         (JSC::GCArraySegment<T>::create):
1099         (JSC::GCSegmentedArray<T>::postIncTop):
1100         (JSC::GCSegmentedArray<T>::preDecTop):
1101         (JSC::GCSegmentedArray<T>::setTopForFullSegment):
1102         (JSC::GCSegmentedArray<T>::setTopForEmptySegment):
1103         (JSC::GCSegmentedArray<T>::top):
1104         (JSC::GCSegmentedArray<T>::validatePrevious):
1105         (JSC::GCSegmentedArray<T>::append):
1106         (JSC::GCSegmentedArray<T>::canRemoveLast):
1107         (JSC::GCSegmentedArray<T>::removeLast):
1108         (JSC::GCSegmentedArray<T>::isEmpty):
1109         (JSC::GCSegmentedArray<T>::size):
1110         * heap/MarkStack.cpp:
1111         (JSC::MarkStackArray::MarkStackArray):
1112         (JSC::MarkStackArray::~MarkStackArray):
1113         (JSC::MarkStackArray::donateSomeCellsTo):
1114         (JSC::MarkStackArray::stealSomeCellsFrom):
1115         * heap/MarkStack.h:
1116         * heap/MarkStackInlines.h:
1117
1118 2014-02-04  Anders Carlsson  <andersca@apple.com>
1119
1120         Rename the substring sharing StringImpl::create variants to better indicate what they do
1121         https://bugs.webkit.org/show_bug.cgi?id=128214
1122
1123         Reviewed by Geoffrey Garen.
1124
1125         * runtime/JSString.h:
1126         (JSC::jsSingleCharacterSubstring):
1127         (JSC::jsSubstring8):
1128         (JSC::jsSubstring):
1129         * runtime/SmallStrings.cpp:
1130         (JSC::SmallStringsStorage::SmallStringsStorage):
1131         * runtime/StringPrototype.cpp:
1132         (JSC::jsSpliceSubstrings):
1133         (JSC::jsSpliceSubstringsWithSeparators):
1134         (JSC::replaceUsingStringSearch):
1135
1136 2014-02-04  Anders Carlsson  <andersca@apple.com>
1137
1138         Rename StringImpl::getCharacters to StringImpl::characters
1139         https://bugs.webkit.org/show_bug.cgi?id=128205
1140
1141         Reviewed by Antti Koivisto.
1142
1143         Update for WTF changes.
1144
1145         * runtime/JSStringJoiner.cpp:
1146         (JSC::joinStrings):
1147         * runtime/StringPrototype.cpp:
1148         (JSC::splitStringByOneCharacterImpl):
1149
1150 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1151
1152         Fix a mismatch of uint64_t and size_t on 32-bit platforms.
1153
1154         * ftl/FTLDWARFDebugLineInfo.h:
1155
1156 2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>
1157
1158         JSC needs to be able to parse DWARF debug_line info
1159         https://bugs.webkit.org/show_bug.cgi?id=127394
1160
1161         Reviewed by Geoffrey Garen.
1162
1163         If we want to encode IR maps in the DWARF debug line info metadata generated by LLVM, 
1164         we'll need to know how to decode the .debug_line DWARF section. This patch implements 
1165         an interpreter for the .debug_line DWARF section in accordance with the version 3 spec 
1166         published at http://www.dwarfstd.org.
1167
1168         * JavaScriptCore.xcodeproj/project.pbxproj:
1169         * ftl/FTLDWARFDebugLineInfo.cpp: Added.
1170         (JSC::FTL::DebugLineInterpreter::DebugLineInterpreter):
1171         (JSC::FTL::read):
1172         (JSC::FTL::DebugLineInterpreter::parseULEB128):
1173         (JSC::FTL::DebugLineInterpreter::parseSLEB128):
1174         (JSC::FTL::DebugLineInterpreter::run):
1175         (JSC::FTL::DebugLineInterpreter::parsePrologue):
1176         (JSC::FTL::DebugLineInterpreter::parseIncludeDirectories):
1177         (JSC::FTL::DebugLineInterpreter::parseFileEntries):
1178         (JSC::FTL::DebugLineInterpreter::parseFileEntry):
1179         (JSC::FTL::DebugLineInterpreter::interpretStatementProgram):
1180         (JSC::FTL::DebugLineInterpreter::interpretOpcode):
1181         (JSC::FTL::DebugLineInterpreter::printLineInfo):
1182         (JSC::FTL::DebugLineInterpreter::resetInterpreterState):
1183         * ftl/FTLDWARFDebugLineInfo.h: Added.
1184         (JSC::FTL::DebugLineInterpreter::Prologue::Prologue):
1185         * ftl/FTLValueRange.cpp: Random build fix for !ENABLE(FTL_JIT).
1186
1187 2014-02-04  Anders Carlsson  <andersca@apple.com>
1188
1189         Rename String::getCharacters to String::characters
1190         https://bugs.webkit.org/show_bug.cgi?id=128196
1191
1192         Reviewed by Andreas Kling.
1193
1194         Update for WTF::String changes.
1195
1196         * yarr/YarrParser.h:
1197         (JSC::Yarr::Parser::Parser):
1198
1199 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1200
1201         JSC needs to be able to parse DWARF debug_line info
1202         https://bugs.webkit.org/show_bug.cgi?id=127394
1203
1204         Reviewed by Geoffrey Garen.
1205
1206         If we want to encode IR maps in the DWARF debug line info metadata generated by LLVM, 
1207         we'll need to know how to decode the .debug_line DWARF section. This patch implements 
1208         an interpreter for the .debug_line DWARF section in accordance with the version 3 spec 
1209         published at http://www.dwarfstd.org.
1210
1211         * CMakeLists.txt:
1212         * GNUmakefile.list.am:
1213         * JavaScriptCore.xcodeproj/project.pbxproj:
1214         * ftl/FTLDWARFDebugLineInfo.cpp: Added.
1215         (JSC::FTL::DebugLineInterpreter::DebugLineInterpreter):
1216         (JSC::FTL::read):
1217         (JSC::FTL::DebugLineInterpreter::parseULEB128):
1218         (JSC::FTL::DebugLineInterpreter::parseSLEB128):
1219         (JSC::FTL::DebugLineInterpreter::run):
1220         (JSC::FTL::DebugLineInterpreter::parsePrologue):
1221         (JSC::FTL::DebugLineInterpreter::parseIncludeDirectories):
1222         (JSC::FTL::DebugLineInterpreter::parseFileEntries):
1223         (JSC::FTL::DebugLineInterpreter::parseFileEntry):
1224         (JSC::FTL::DebugLineInterpreter::interpretStatementProgram):
1225         (JSC::FTL::DebugLineInterpreter::interpretOpcode):
1226         (JSC::FTL::DebugLineInterpreter::printLineInfo):
1227         (JSC::FTL::DebugLineInterpreter::resetInterpreterState):
1228         * ftl/FTLDWARFDebugLineInfo.h: Added.
1229         (JSC::FTL::DebugLineInterpreter::Prologue::Prologue):
1230
1231 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1232
1233         ASSERT in speculateMachineInt on 32-bit platforms
1234         https://bugs.webkit.org/show_bug.cgi?id=128155
1235
1236         Reviewed by Filip Pizlo.
1237
1238         * dfg/DFGPredictionPropagationPhase.cpp:
1239         (JSC::DFG::PredictionPropagationPhase::propagate):
1240
1241 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1242
1243         GC timer should always do a FullCollection
1244         https://bugs.webkit.org/show_bug.cgi?id=128186
1245
1246         Reviewed by Michael Saboff.
1247
1248         Right now the GC timer does whatever type of collection the next collection 
1249         would have been, which is almost always an EdenCollection. It then thinks 
1250         that it has done all of the work it was supposed to do and never schedules 
1251         another GC. Ideally we'd like to have some heuristics for the timer that 
1252         would schedule both EdenCollections and FullCollections, but the easiest 
1253         fix for now is to always do FullCollections since that will at least be 
1254         a non-regression.
1255
1256         * heap/Heap.h:
1257         (JSC::Heap::gcTimerDidFire):
1258         * runtime/GCActivityCallback.cpp:
1259         (JSC::DefaultGCActivityCallback::doWork):
1260
1261 2014-02-03  Filip Pizlo  <fpizlo@apple.com>
1262
1263         Lift the FTL tier-up threshold from 25000 to 100000
1264         https://bugs.webkit.org/show_bug.cgi?id=128158
1265
1266         Rubber stamped by Michael Saboff.
1267
1268         * runtime/Options.h:
1269
1270 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1271
1272         LLInt: Regex for pseudo-instructions is too big
1273         https://bugs.webkit.org/show_bug.cgi?id=128148
1274
1275         Reviewed by Mark Lam.
1276
1277         * offlineasm/instructions.rb:
1278         * offlineasm/parser.rb:
1279
1280 2014-02-03  Brian Burg  <bburg@apple.com>
1281
1282         Web Replay: upstream base input classes and the input cursor interface
1283         https://bugs.webkit.org/show_bug.cgi?id=128110
1284
1285         Reviewed by Joseph Pecoraro.
1286
1287         Add the base class for all replay inputs. Add InputTraits, a trait that
1288         provides an input's queue, type, and encode/decode methods statically so
1289         that they can be used within templated helper functions in InputCursor and
1290         EncodedValue.
1291
1292         Add the InputCursor base class which mediates the saving and fetching of
1293         replay inputs from a replay recording by instrumented nondeterministic code.
1294
1295         Add a dummy cursor implementation. This allows us to return a cursor reference
1296         to clients even if no capturing or replaying is happening.
1297
1298         Add the ability to set an InputCursor instance on a JSGlobalObject. This
1299         is the means for connecting a replay recording to a script context.
1300
1301         * JavaScriptCore.xcodeproj/project.pbxproj:
1302         * replay/EmptyInputCursor.h: Added.
1303         (JSC::EmptyInputCursor::~EmptyInputCursor):
1304         (JSC::EmptyInputCursor::create):
1305         (JSC::EmptyInputCursor::EmptyInputCursor):
1306         * replay/InputCursor.h: Added.
1307         (JSC::InputCursor::InputCursor):
1308         (JSC::InputCursor::~InputCursor):
1309         (JSC::InputCursor::appendInput):
1310         (JSC::InputCursor::fetchInput):
1311         * replay/NondeterministicInput.h: Added.
1312         (JSC::NondeterministicInputBase::NondeterministicInputBase):
1313         (JSC::NondeterministicInputBase::~NondeterministicInputBase):
1314         * runtime/JSGlobalObject.cpp:
1315         (JSC::JSGlobalObject::JSGlobalObject):
1316         (JSC::JSGlobalObject::setInputCursor):
1317         * runtime/JSGlobalObject.h:
1318         (JSC::JSGlobalObject::inputCursor):
1319
1320 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1321
1322         Fix the cloop due to GenGC
1323         https://bugs.webkit.org/show_bug.cgi?id=128137
1324
1325         Reviewed by Geoffrey Garen.
1326
1327         * llint/LLIntSlowPaths.cpp:
1328         (JSC::LLInt::llint_write_barrier_slow):
1329         * llint/LLIntSlowPaths.h:
1330         * llint/LowLevelInterpreter.cpp:
1331         (JSC::CLoopRegister::operator JSCell*):
1332         * llint/LowLevelInterpreter32_64.asm:
1333         * llint/LowLevelInterpreter64.asm:
1334         * offlineasm/cloop.rb:
1335         * offlineasm/instructions.rb:
1336
1337 2014-02-03  Michael Saboff  <msaboff@apple.com>
1338
1339         REGRESSION (r163011-r163031): Web Inspector: Latest nightly crashes when showing the Web Inspector
1340         https://bugs.webkit.org/show_bug.cgi?id=127901
1341
1342         Reviewed by Geoffrey Garen.
1343
1344         Set VM::topCallFrame before making calls to possible C++ code in
1345         generateProtoChainAccessStub() and tryBuildGetByIDList().
1346
1347         * jit/Repatch.cpp:
1348         (JSC::generateProtoChainAccessStub):
1349         (JSC::tryBuildGetByIDList):
1350
1351 2014-02-03  Andreas Kling  <akling@apple.com>
1352
1353         Keep only captured symbols in CodeBlock symbol tables.
1354         <https://webkit.org/b/128050>
1355
1356         Discard all uncaptured symbols at the end of codegen since only
1357         the captured ones will be used after that point.
1358
1359         ~2MB progression on Membuster OSUS.
1360
1361         Reviewed by Geoffrey Garen.
1362
1363         * bytecode/UnlinkedCodeBlock.h:
1364         (JSC::UnlinkedCodeBlock::setSymbolTable):
1365         * bytecompiler/BytecodeGenerator.cpp:
1366         (JSC::BytecodeGenerator::generate):
1367
1368 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1369
1370         Fix the LLInt C loop
1371
1372         Rubber stamped by Mark Lam.
1373
1374         * llint/LLIntSlowPaths.cpp:
1375         (JSC::LLInt::llint_write_barrier_slow):
1376         * llint/LLIntSlowPaths.h:
1377
1378 2014-02-03  Dean Jackson  <dino@apple.com>
1379
1380         Feature flag for shape-inside
1381         https://bugs.webkit.org/show_bug.cgi?id=128001
1382
1383         Reviewed by Simon Fraser.
1384
1385         Add CSS_SHAPE_INSIDE flag.
1386
1387         * Configurations/FeatureDefines.xcconfig:
1388
1389 2014-02-03  Oliver Hunt  <oliver@apple.com>
1390
1391         Deconstructed parameters aren't being placed in the correct scope
1392         https://bugs.webkit.org/show_bug.cgi?id=128126
1393
1394         Reviewed by Antti Koivisto.
1395
1396         Make sure we declare the bound parameter names as variables when
1397         we reparse.  In the BytecodeGenerator we now also directly ensure
1398         that bound parameters are placed in the symbol table of the function
1399         we're currently compiling.  We then delay binding until just before
1400         we start codegen for the body of the function so that we can ensure
1401         the function has completely initialised all scope details.
1402
1403         * bytecompiler/BytecodeGenerator.cpp:
1404         (JSC::BytecodeGenerator::generate):
1405         (JSC::BytecodeGenerator::BytecodeGenerator):
1406         * bytecompiler/BytecodeGenerator.h:
1407         * parser/Parser.cpp:
1408         (JSC::Parser<LexerType>::Parser):
1409         (JSC::Parser<LexerType>::createBindingPattern):
1410
1411 2014-02-03  Alexey Proskuryakov  <ap@apple.com>
1412
1413         Update JS whitespace definition for changes in Unicode 6.3
1414         https://bugs.webkit.org/show_bug.cgi?id=127450
1415
1416         Reviewed by Oliver Hunt.
1417
1418         * parser/Lexer.h: (JSC::Lexer<UChar>::isWhiteSpace): Part 2 of the fix, update lexer too.
1419
1420 2014-02-03  Matthew Mirman  <mmirman@apple.com>
1421
1422         Added GetTypedArrayByteOffset to FTL
1423         https://bugs.webkit.org/show_bug.cgi?id=127589
1424
1425         Reviewed by Filip Pizlo.
1426
1427         * ftl/FTLAbstractHeapRepository.h:
1428         * ftl/FTLCapabilities.cpp:
1429         (JSC::FTL::canCompile):
1430         * ftl/FTLLowerDFGToLLVM.cpp:
1431         (JSC::FTL::LowerDFGToLLVM::compileNode):
1432         (JSC::FTL::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
1433         * tests/stress/ftl-gettypedarrayoffset-simple.js: Added.
1434         (foo):
1435         * tests/stress/ftl-gettypedarrayoffset-wasteful.js: Added.
1436         (foo):
1437
1438 2014-02-03  Mark Lam  <mark.lam@apple.com>
1439
1440         Debugger created JSActivations should account for CodeBlock::framePointerOffsetToGetActivationRegisters().
1441         <https://webkit.org/b/128112>
1442
1443         Reviewed by Geoffrey Garen.
1444
1445         Currently, when the DebuggerCallFrame creates the JSActivation object
1446         for a frame, it does not account for the framePointerOffsetToGetActivationRegisters()
1447         offset that needs to be added for DFG frames.
1448
1449         Instead of special casing the fix in DebuggerCallFrame::scope(), we fix
1450         this by adding CodeBlock::framePointerOffsetToGetActivationRegisters() to
1451         callFrame->registers() in the JSActivation::create() method that does not
1452         explicitly take a Register*. This ensures that JSActivation::create() will
1453         always do the right thing instead of only being a special case for the
1454         LLINT and baselineJIT.
1455
1456         Apart from the DebuggerCallFrame, this create() function is only called by
1457         slow paths in the LLINT and baselineJIT. Hence, it is not performance
1458         critical.
1459
1460         * runtime/JSActivation.h:
1461         (JSC::JSActivation::create):
1462
1463 2014-01-31  Geoffrey Garen  <ggaren@apple.com>
1464
1465         Simplified name scope creation for function expressions
1466         https://bugs.webkit.org/show_bug.cgi?id=128031
1467
1468         Reviewed by Mark Lam.
1469
1470         3X speedup on js/regress/script-tests/function-with-eval.js.
1471
1472         We used to emit bytecode to push a name into local scope every
1473         time a function that needed such a name executed. Now, we push the name
1474         into scope once on the function object, and leave it there.
1475
1476         This is faster, and it also reduces the number of variable resolution
1477         modes you have to worry about when thinking about bytecode and the
1478         debugger.
1479
1480         This patch is slightly complicated by the fact that we don't know if
1481         a function needs a name scope until we parse its body. So, there's some
1482         glue code in here to delay filling in a function's scope until we parse
1483         its body for the first time.
1484
1485         * bytecode/UnlinkedCodeBlock.cpp:
1486         (JSC::generateFunctionCodeBlock):
1487         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1488         * bytecode/UnlinkedCodeBlock.h:
1489         (JSC::UnlinkedFunctionExecutable::functionMode): Renamed
1490         functionNameIsInScopeToggle to functionMode.
1491
1492         * bytecompiler/BytecodeGenerator.cpp:
1493         (JSC::BytecodeGenerator::BytecodeGenerator): No need to emit convert_this
1494         when debugging. The debugger will perform the conversion as needed.
1495
1496         (JSC::BytecodeGenerator::resolveCallee):
1497         (JSC::BytecodeGenerator::addCallee): Simplified this code by removing
1498         the "my function needs a name scope, but didn't allocate one" mode.
1499
1500         * interpreter/Interpreter.cpp:
1501         (JSC::Interpreter::execute):
1502         (JSC::Interpreter::executeCall):
1503         (JSC::Interpreter::executeConstruct):
1504         (JSC::Interpreter::prepareForRepeatCall): Pass a scope slot through to
1505         CodeBlock generation, so we can add a function name scope if the parsed
1506         function body requires one.
1507
1508         * jit/JITOperations.cpp:
1509         * llint/LLIntSlowPaths.cpp:
1510         (JSC::LLInt::setUpCall): Ditto.
1511
1512         * parser/NodeConstructors.h:
1513         (JSC::FuncExprNode::FuncExprNode):
1514         (JSC::FuncDeclNode::FuncDeclNode):
1515         * parser/Nodes.cpp:
1516         (JSC::FunctionBodyNode::finishParsing):
1517         * parser/Nodes.h:
1518         (JSC::FunctionBodyNode::functionMode): Updated for rename.
1519
1520         * parser/ParserModes.h:
1521         (JSC::functionNameIsInScope):
1522         (JSC::functionNameScopeIsDynamic): Helper functions for reasoning about
1523         how crazy JavaScript language semantics are.
1524
1525         * runtime/ArrayPrototype.cpp:
1526         (JSC::isNumericCompareFunction):
1527         (JSC::attemptFastSort): Updated for interface changes above.
1528
1529         * runtime/Executable.cpp:
1530         (JSC::ScriptExecutable::newCodeBlockFor):
1531         (JSC::ScriptExecutable::prepareForExecutionImpl):
1532         (JSC::FunctionExecutable::FunctionExecutable):
1533         * runtime/Executable.h:
1534         (JSC::ScriptExecutable::prepareForExecution):
1535         (JSC::FunctionExecutable::functionMode):
1536         * runtime/JSFunction.cpp:
1537         (JSC::JSFunction::addNameScopeIfNeeded):
1538         * runtime/JSFunction.h:
1539         * runtime/JSNameScope.h:
1540         (JSC::JSNameScope::create):
1541         (JSC::JSNameScope::JSNameScope): Added machinery for pushing a function
1542         name scope onto a function when we first discover that it's needed.
1543
1544 2014-01-25  Darin Adler  <darin@apple.com>
1545
1546         Stop using Unicode.h
1547         https://bugs.webkit.org/show_bug.cgi?id=127633
1548
1549         Reviewed by Anders Carlsson.
1550
1551         * parser/Lexer.h:
1552         * runtime/JSGlobalObjectFunctions.h:
1553         * yarr/YarrCanonicalizeUCS2.h:
1554         * yarr/YarrInterpreter.h:
1555         * yarr/YarrParser.h:
1556         * yarr/YarrPattern.h:
1557         Removed includes of <wtf/unicode/Unicode.h>, adding includes of
1558         ICU headers and <wtf/text/LChar.h> as needed to replace it.
1559
1560 2014-02-03  Dan Bernstein  <mitz@apple.com>
1561
1562         Correctly address Darin’s review comment on the last change.
1563
1564         * runtime/Watchdog.h: Changed an OS(DARWIN) guard around formerly PLATFORM(MAC)-only member
1565         variables to the equivalent OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
1566
1567 2014-02-03  Dan Bernstein  <mitz@apple.com>
1568
1569         Stop using PLATFORM(MAC) in JavaScriptCore except where it means “OS X but not iOS”
1570         https://bugs.webkit.org/show_bug.cgi?id=128098
1571
1572         Reviewed by Darin Adler.
1573
1574         * API/JSValueRef.cpp:
1575         (JSValueUnprotect): Added an explicit !PLATFORM(IOS) in guards for the Evernote workaround,
1576         which is only needed on OS X.
1577
1578         * API/tests/testapi.c:
1579         (main): Changed PLATFORM(MAC) || PLATFORM(IOS) guards to OS(DARWIN), because they were
1580         surrounding tests for code that is itself guarded by OS(DARWIN).
1581
1582         * runtime/Watchdog.h: Changed PLATFORM(MAC) to OS(DARWIN).
1583
1584         * tools/CodeProfiling.cpp:
1585         (JSC::CodeProfiling::begin): Changed PLATFORM(MAC) to
1586         OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
1587         (JSC::CodeProfiling::end): Ditto.
1588
1589 2014-02-02  Mark Lam  <mark.lam@apple.com>
1590
1591         Repatch code is passing the wrong args to lookupExceptionHandler.
1592         <https://webkit.org/b/128085>
1593
1594         Reviewed by Oliver Hunt.
1595
1596         lookupExceptionHandler() is expecting 2 args: VM*, ExecState*.
1597         The repatch code was only passing an ExecState*. A crash ensues.
1598         This is now fixed.
1599
1600         * jit/JIT.cpp:
1601         (JSC::JIT::privateCompileExceptionHandlers):
1602         * jit/Repatch.cpp:
1603         (JSC::generateProtoChainAccessStub):
1604
1605 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
1606
1607         JSC profiler's stub info profiling support should work again
1608         https://bugs.webkit.org/show_bug.cgi?id=128057
1609
1610         Reviewed by Mark Lam.
1611
1612         * bytecode/CodeBlock.cpp:
1613         (JSC::CodeBlock::printGetByIdCacheStatus): We want to know if the cache was ever reset by GC, since the DFG uses this information.
1614         (JSC::CodeBlock::printLocationAndOp): This shouldn't have been inline.
1615         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Ditto.
1616         (JSC::CodeBlock::dumpBytecode): Dump the profiling field, and make sure that the caller can pass a StubInfoMap, which is necessary for dumping StructureStubInfo profiling.
1617         * bytecode/CodeBlock.h: Out-of-line some methods and add the StubInfoMap parameter.
1618         * profiler/ProfilerBytecodeSequence.cpp:
1619         (JSC::Profiler::BytecodeSequence::BytecodeSequence): Create a StubInfoMap before dumping bytecodes.
1620
1621 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
1622
1623         JSC profiler should show reasons for jettison
1624         https://bugs.webkit.org/show_bug.cgi?id=128047
1625
1626         Reviewed by Geoffrey Garen.
1627         
1628         Henceforth if you want to jettison a CodeBlock, you gotta tell the Profiler why you did
1629         it. This makes figuring out convergence issues - where some code seems to take a long
1630         time to get into the top tier compiler - a lot easier.
1631
1632         * CMakeLists.txt:
1633         * GNUmakefile.list.am:
1634         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1635         * JavaScriptCore.xcodeproj/project.pbxproj:
1636         * bytecode/CodeBlock.cpp:
1637         (JSC::CodeBlock::finalizeUnconditionally):
1638         (JSC::CodeBlock::jettison):
1639         (JSC::CodeBlock::addBreakpoint):
1640         (JSC::CodeBlock::setSteppingMode):
1641         * bytecode/CodeBlock.h:
1642         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
1643         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
1644         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
1645         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
1646         * dfg/DFGOperations.cpp:
1647         * jit/JITOperations.cpp:
1648         * profiler/ProfilerCompilation.cpp:
1649         (JSC::Profiler::Compilation::Compilation):
1650         (JSC::Profiler::Compilation::toJS):
1651         * profiler/ProfilerCompilation.h:
1652         (JSC::Profiler::Compilation::setJettisonReason):
1653         * profiler/ProfilerJettisonReason.cpp: Added.
1654         (WTF::printInternal):
1655         * profiler/ProfilerJettisonReason.h: Added.
1656         * runtime/CommonIdentifiers.h:
1657         * runtime/VM.cpp:
1658         (JSC::SetEnabledProfilerFunctor::operator()):
1659
1660 2014-02-01  Mark Lam  <mark.lam@apple.com>
1661
1662         Saying "jitType() == JITCode::DFGJIT" is almost never correct.
1663         <http://webkit.org/b/128045>
1664
1665         Reviewed by Filip Pizlo.
1666
1667         JITCode::isOptimizingJIT(jitType()) is the right way to say it.
1668
1669         * bytecode/CodeBlock.cpp:
1670         (JSC::CodeBlock::addBreakpoint):
1671         (JSC::CodeBlock::setSteppingMode):
1672         * runtime/VM.cpp:
1673         (JSC::SetEnabledProfilerFunctor::operator()):
1674
1675 2014-02-01  Michael Saboff  <msaboff@apple.com>
1676
1677         REGRESSION (r163027?): CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.JavaScriptCore: JSC::ArrayProfile::computeUpdatedPrediction + 4
1678         https://bugs.webkit.org/show_bug.cgi?id=128037
1679
1680         Reviewed by Mark Lam.
1681
1682         op_call_varargs ops now needs an ArrayProfile since DFG inlines these since
1683         change set r162739.
1684
1685         * bytecode/CodeBlock.cpp:
1686         (JSC::CodeBlock::CodeBlock):
1687         * bytecompiler/BytecodeGenerator.cpp:
1688         (JSC::BytecodeGenerator::emitCallVarargs):
1689
1690 2014-01-31  Mark Lam  <mark.lam@apple.com>
1691
1692         Gardening: fix build breakage.
1693
1694         Not reviewed.
1695
1696         * interpreter/CallFrame.h:
1697
1698 2014-01-31  Mark Lam  <mark.lam@apple.com>
1699
1700         Gardening: Fix a merge problem to unbreak bots.
1701
1702         Not reviewed.
1703
1704         * bytecompiler/BytecodeGenerator.cpp:
1705         (JSC::BytecodeGenerator::BytecodeGenerator):
1706
1707 2014-01-31  Oliver Hunt  <oliver@apple.com>
1708
1709         Rollout r163195 and related patches
1710
1711         * API/JSCallbackObjectFunctions.h:
1712         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
1713         (JSC::JSCallbackObject<Parent>::put):
1714         (JSC::JSCallbackObject<Parent>::deleteProperty):
1715         (JSC::JSCallbackObject<Parent>::getStaticValue):
1716         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
1717         (JSC::JSCallbackObject<Parent>::callbackGetter):
1718         * CMakeLists.txt:
1719         * DerivedSources.make:
1720         * GNUmakefile.am:
1721         * GNUmakefile.list.am:
1722         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1723         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1724         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1725         * JavaScriptCore.vcxproj/copy-files.cmd:
1726         * JavaScriptCore.xcodeproj/project.pbxproj:
1727         * builtins/Array.prototype.js: Removed.
1728         * builtins/BuiltinExecutables.cpp: Removed.
1729         * builtins/BuiltinExecutables.h: Removed.
1730         * bytecode/CodeBlock.cpp:
1731         (JSC::CodeBlock::CodeBlock):
1732         * bytecode/CodeBlock.h:
1733         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
1734         * bytecode/UnlinkedCodeBlock.cpp:
1735         (JSC::generateFunctionCodeBlock):
1736         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1737         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1738         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1739         * bytecode/UnlinkedCodeBlock.h:
1740         (JSC::ExecutableInfo::ExecutableInfo):
1741         (JSC::UnlinkedFunctionExecutable::create):
1742         * bytecompiler/BytecodeGenerator.cpp:
1743         (JSC::BytecodeGenerator::BytecodeGenerator):
1744         * bytecompiler/BytecodeGenerator.h:
1745         (JSC::BytecodeGenerator::makeFunction):
1746         * bytecompiler/NodesCodegen.cpp:
1747         (JSC::CallFunctionCallDotNode::emitBytecode):
1748         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1749         * create_hash_table:
1750         * dfg/DFGDominators.cpp:
1751         * dfg/DFGJITCode.cpp:
1752         * dfg/DFGOperations.cpp:
1753         * generate-js-builtins: Removed.
1754         * interpreter/CachedCall.h:
1755         (JSC::CachedCall::CachedCall):
1756         * interpreter/Interpreter.cpp:
1757         * interpreter/ProtoCallFrame.cpp:
1758         * jit/JITOpcodes.cpp:
1759         * jit/JITOpcodes32_64.cpp:
1760         * jit/JITOperations.cpp:
1761         * jit/JITPropertyAccess.cpp:
1762         * jit/JITPropertyAccess32_64.cpp:
1763         * jsc.cpp:
1764         * llint/LLIntOffsetsExtractor.cpp:
1765         * llint/LLIntSlowPaths.cpp:
1766         * parser/ASTBuilder.h:
1767         (JSC::ASTBuilder::makeFunctionCallNode):
1768         * parser/Lexer.cpp:
1769         (JSC::Lexer<T>::Lexer):
1770         (JSC::Lexer<LChar>::parseIdentifier):
1771         (JSC::Lexer<UChar>::parseIdentifier):
1772         (JSC::Lexer<T>::lex):
1773         * parser/Lexer.h:
1774         (JSC::Lexer<T>::lexExpectIdentifier):
1775         * parser/Nodes.cpp:
1776         * parser/Nodes.h:
1777         * parser/Parser.cpp:
1778         (JSC::Parser<LexerType>::Parser):
1779         (JSC::Parser<LexerType>::parseInner):
1780         (JSC::Parser<LexerType>::didFinishParsing):
1781         (JSC::Parser<LexerType>::printUnexpectedTokenText):
1782         * parser/Parser.h:
1783         (JSC::parse):
1784         * parser/ParserModes.h:
1785         * parser/ParserTokens.h:
1786         * runtime/Arguments.h:
1787         * runtime/ArgumentsIteratorPrototype.cpp:
1788         * runtime/ArrayPrototype.cpp:
1789         (JSC::arrayProtoFuncEvery):
1790         * runtime/CodeCache.cpp:
1791         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1792         * runtime/CommonIdentifiers.cpp:
1793         (JSC::CommonIdentifiers::CommonIdentifiers):
1794         * runtime/CommonIdentifiers.h:
1795         * runtime/CommonSlowPaths.cpp:
1796         * runtime/CommonSlowPathsExceptions.cpp:
1797         * runtime/ExceptionHelpers.cpp:
1798         (JSC::createUndefinedVariableError):
1799         * runtime/Executable.h:
1800         (JSC::EvalExecutable::executableInfo):
1801         (JSC::ProgramExecutable::executableInfo):
1802         (JSC::isHostFunction):
1803         * runtime/FunctionPrototype.cpp:
1804         (JSC::functionProtoFuncToString):
1805         * runtime/JSActivation.cpp:
1806         (JSC::JSActivation::symbolTableGet):
1807         (JSC::JSActivation::symbolTablePut):
1808         (JSC::JSActivation::symbolTablePutWithAttributes):
1809         * runtime/JSArgumentsIterator.cpp:
1810         * runtime/JSArray.cpp:
1811         * runtime/JSArrayIterator.cpp:
1812         * runtime/JSCJSValue.cpp:
1813         * runtime/JSCellInlines.h:
1814         * runtime/JSFunction.cpp:
1815         (JSC::JSFunction::calculatedDisplayName):
1816         (JSC::JSFunction::sourceCode):
1817         (JSC::JSFunction::callerGetter):
1818         (JSC::JSFunction::getOwnPropertySlot):
1819         (JSC::JSFunction::getOwnNonIndexPropertyNames):
1820         (JSC::JSFunction::put):
1821         (JSC::JSFunction::defineOwnProperty):
1822         * runtime/JSFunction.h:
1823         * runtime/JSFunctionInlines.h:
1824         (JSC::JSFunction::nativeFunction):
1825         (JSC::JSFunction::nativeConstructor):
1826         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1827         * runtime/JSGenericTypedArrayViewInlines.h:
1828         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
1829         * runtime/JSGlobalObject.cpp:
1830         (JSC::JSGlobalObject::reset):
1831         (JSC::JSGlobalObject::visitChildren):
1832         * runtime/JSGlobalObject.h:
1833         (JSC::JSGlobalObject::symbolTableHasProperty):
1834         * runtime/JSObject.cpp:
1835         (JSC::getClassPropertyNames):
1836         (JSC::JSObject::reifyStaticFunctionsForDelete):
1837         * runtime/JSObject.h:
1838         * runtime/JSPromiseConstructor.cpp:
1839         * runtime/JSPromiseDeferred.cpp:
1840         * runtime/JSPromisePrototype.cpp:
1841         * runtime/JSPromiseReaction.h:
1842         * runtime/JSPropertyNameIterator.cpp:
1843         * runtime/JSPropertyNameIterator.h:
1844         * runtime/JSString.h:
1845         (JSC::JSString::getStringPropertySlot):
1846         (JSC::inlineJSValueNotStringtoString):
1847         (JSC::JSValue::toWTFStringInline):
1848         * runtime/JSStringInlines.h: Removed.
1849         * runtime/JSSymbolTableObject.cpp:
1850         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
1851         * runtime/JSSymbolTableObject.h:
1852         (JSC::symbolTableGet):
1853         (JSC::symbolTablePut):
1854         (JSC::symbolTablePutWithAttributes):
1855         * runtime/Lookup.cpp:
1856         (JSC::setUpStaticFunctionSlot):
1857         * runtime/Lookup.h:
1858         (JSC::HashEntry::propertyGetter):
1859         (JSC::HashEntry::propertyPutter):
1860         (JSC::HashTable::entry):
1861         (JSC::getStaticPropertySlot):
1862         (JSC::getStaticValueSlot):
1863         (JSC::putEntry):
1864         * runtime/NativeErrorConstructor.cpp:
1865         * runtime/NativeErrorConstructor.h:
1866         (JSC::NativeErrorConstructor::finishCreation):
1867         * runtime/PropertySlot.h:
1868         * runtime/RegExpConstructor.cpp:
1869         * runtime/RegExpPrototype.cpp:
1870         * runtime/SetConstructor.cpp:
1871         * runtime/StringObject.cpp:
1872         * runtime/Structure.cpp:
1873         * runtime/VM.cpp:
1874         (JSC::VM::VM):
1875         * runtime/VM.h:
1876
1877 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
1878
1879         DFG->FTL tier-up shouldn't assume that LoopHints stay at the tops of loops
1880         https://bugs.webkit.org/show_bug.cgi?id=128030
1881
1882         Reviewed by Oliver Hunt.
1883         
1884         Remove a bogus assertion. The only thing that matters is that the LoopHint had at one
1885         point in time been at the top of a loop header, and that it is now at the top of a
1886         basic block. But the basic block that it's at the top of now doesn't have to be the
1887         same as the loop header that it once was the top of.
1888
1889         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1890         (JSC::DFG::TierUpCheckInjectionPhase::run):
1891         * tests/stress/tier-up-in-loop-with-cfg-simplification.js: Added.
1892         (foo):
1893
1894 2014-01-31  Mark Lam  <mark.lam@apple.com>
1895
1896         Avoid eagerly creating the JSActivation when the debugger is attached.
1897         <https://webkit.org/b/127910>
1898
1899         Reviewed by Oliver Hunt.
1900
1901         Octane scores for this patch:
1902             baseline w/o WebInspector: 11621
1903             patched  w/o WebInspector: 11801
1904             baseline w/ WebInspector:  3295
1905             patched  w/ WebInspector:  7070   2.1x improvement
1906
1907         1. Because debugger can potentially create a closure from any call frame,
1908            we need every function to allocate an activation register and check for
1909            the need to tear off the activation (if needed) on return.
1910
1911            However, we do not need to eagerly create the activation object.
1912            This patch implements the optimization to defer creation of the
1913            activation object until we actually need it i.e. when:
1914
1915            1. We encounter a "eval", "with", or "catch" statement.
1916            2. We've paused in the debugger, and called DebuggerCallFrame::scope().
1917
1918         2. The UnlinkedCodeBlock provides a needsFullScopeChain flag that is used
1919            to indicate whether the linked CodeBlock will need an activation
1920            object or not. Under normal circumstances, needsFullScopeChain and
1921            needsActivation are synonymous. However, with a debugger attached, we
1922            want the CodeBlock to always allocate an activationRegister even if
1923            it does not need a "full scope chain".
1924
1925            Hence, we apply the following definitions to the "flags":
1926
1927            1. UnlinkedCodeBlock::needsFullScopeChain() - this flag indicates that
1928               the parser discovered JS artifacts (e.g. use of "eval", "with", etc.)
1929               that requires an activation.
1930
1931               BytecodeGenerator's destinationForAssignResult() and leftHandSideNeedsCopy()
1932               checks needsFullScopeChain().
1933
1934            2. UnlinkedCodeBlock::hasActivationRegister() - this flag indicates that
1935               an activation register was created for the UnlinkedCodeBlock either
1936               because it needsFullScopeChain() or because the debugger is attached.
1937
1938            3. CodeBlock::needsActivation() reflects UnlinkedCodeBlock's
1939               hasActivationRegister().
1940
1941         3. Introduced BytecodeGenerator::emitPushFunctionNameScope() and
1942            BytecodeGenerator::emitPushCatchScope() because the JSNameScope
1943            pushed for a function name cannot be popped unlike the JSNameScope
1944            pushed for a "catch". Hence, we have 2 functions to handle the 2 cases
1945            differently.
1946
1947         4. Removed DebuggerCallFrame::evaluateWithCallFrame() and require that all
1948            debugger evaluations go through the DebuggerCallFrame::evaluate(). This
1949            ensures that debugger evaluations require a DebuggerCallFrame.
1950
1951            DebuggerCallFrame::evaluateWithCallFrame() was used previously because
1952            we didn't want to instantiate a DebuggerCallFrame on every debug hook
1953            callback. However, we now only call the debug hooks when needed, and
1954            this no longer poses a performance problem.
1955
1956            In addition, when the debug hook does an eval to test a breakpoint
1957            condition, it is incorrect to evaluate it without a DebuggerCallFrame
1958            anyway.
1959
1960         5. Added some utility functions to the CallFrame to make it easier to work
1961            with the activation register in the frame (if present). These utility
1962            functions should only be called if the CodeBlock::needsActivation() is
1963            true (which indicates the presence of the activation register). The
1964            utlity functions are:
1965
1966            1. CallFrame::hasActivation()
1967               - checks if the frame's activation object has been created.
1968
1969            2. CallFrame::activation()
1970               - returns the frame's activation object.
1971
1972            3. CallFrame::uncheckedActivation()
1973               - returns the JSValue in the frame's activation register. May be null.
1974
1975            4. CallFrame::setActivation()
1976               - sets the frame's activation object.
1977
1978         * bytecode/CodeBlock.cpp:
1979         (JSC::CodeBlock::dumpBytecode):
1980         - added symbollic dumping of ResolveMode and ResolveType values for some
1981           bytecodes.
1982         (JSC::CodeBlock::CodeBlock):
1983         * bytecode/CodeBlock.h:
1984         (JSC::CodeBlock::activationRegister):
1985         (JSC::CodeBlock::uncheckedActivationRegister):
1986         (JSC::CodeBlock::needsActivation):
1987         * bytecode/UnlinkedCodeBlock.h:
1988         (JSC::UnlinkedCodeBlock::needsFullScopeChain):
1989         (JSC::UnlinkedCodeBlock::hasActivationRegister):
1990         * bytecompiler/BytecodeGenerator.cpp:
1991         (JSC::BytecodeGenerator::BytecodeGenerator):
1992         (JSC::BytecodeGenerator::resolveCallee):
1993         (JSC::BytecodeGenerator::createActivationIfNecessary):
1994         (JSC::BytecodeGenerator::emitCallEval):
1995         (JSC::BytecodeGenerator::emitReturn):
1996         (JSC::BytecodeGenerator::emitPushWithScope):
1997         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
1998         (JSC::BytecodeGenerator::emitPushCatchScope):
1999         * bytecompiler/BytecodeGenerator.h:
2000         * bytecompiler/NodesCodegen.cpp:
2001         (JSC::TryNode::emitBytecode):
2002         * debugger/Debugger.cpp:
2003         (JSC::Debugger::hasBreakpoint):
2004         (JSC::Debugger::pauseIfNeeded):
2005         * debugger/DebuggerCallFrame.cpp:
2006         (JSC::DebuggerCallFrame::scope):
2007         (JSC::DebuggerCallFrame::evaluate):
2008         * debugger/DebuggerCallFrame.h:
2009         * dfg/DFGByteCodeParser.cpp:
2010         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2011         * dfg/DFGGraph.h:
2012         - Removed an unused function DFGGraph::needsActivation().
2013         * interpreter/CallFrame.cpp:
2014         (JSC::CallFrame::activation):
2015         (JSC::CallFrame::setActivation):
2016         * interpreter/CallFrame.h:
2017         (JSC::ExecState::hasActivation):
2018         (JSC::ExecState::registers):
2019         * interpreter/CallFrameInlines.h:
2020         (JSC::CallFrame::uncheckedActivation):
2021         * interpreter/Interpreter.cpp:
2022         (JSC::unwindCallFrame):
2023         (JSC::Interpreter::unwind):
2024         * jit/JITOperations.cpp:
2025         * llint/LLIntSlowPaths.cpp:
2026         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2027         * runtime/CommonSlowPaths.cpp:
2028         (JSC::SLOW_PATH_DECL):
2029
2030         * runtime/JSScope.cpp:
2031         * runtime/JSScope.h:
2032         (JSC::resolveModeName):
2033         (JSC::resolveTypeName):
2034         - utility functions for decoding names of the ResolveMode and ResolveType.
2035           These are used in CodeBlock::dumpBytecode().
2036
2037 2014-01-31  Michael Saboff  <msaboff@apple.com>
2038
2039         REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au
2040         https://bugs.webkit.org/show_bug.cgi?id=128017
2041
2042         Reviewed by Filip Pizlo.
2043
2044         Moved the setting and saving of VM::stackPointerAtVMEntry and the corresponding stack limit
2045         to JSLock and JSLock::DropAllLocks.  The saved data is now stored in per-thread in
2046         WTFThreadData.
2047
2048         * runtime/InitializeThreading.cpp:
2049         (JSC::initializeThreading):
2050         * runtime/JSLock.cpp:
2051         (JSC::JSLock::lock):
2052         (JSC::JSLock::unlock):
2053         (JSC::JSLock::DropAllLocks::DropAllLocks):
2054         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2055         * runtime/JSLock.h:
2056         * runtime/VMEntryScope.cpp:
2057         (JSC::VMEntryScope::VMEntryScope):
2058         (JSC::VMEntryScope::~VMEntryScope):
2059         * runtime/VMEntryScope.h:
2060
2061 2014-01-31  Mark Lam  <mark.lam@apple.com>
2062
2063         Don't need a JSNameScope for the callee name just for the debugger.
2064         <https://webkit.org/b/128024>
2065
2066         Reviewed by Geoffrey Garen.
2067
2068         Currently, in the bytecode for a function, we push a JSNamedScope for
2069         the name of the function when a debugger is attached. The name scope for
2070         the function name is only needed for evals which can redefine the name
2071         to resolve to something else, and can later delete the redefined name
2072         which should revert the resolution of the name to the original function.
2073         The debugger does not need this feature because it declares all new vars
2074         in a temporary nested scope. Hence, we can remove the presence of the
2075         debugger as a criteria for pushing the JSNameScope.
2076
2077         * bytecompiler/BytecodeGenerator.cpp:
2078         (JSC::BytecodeGenerator::resolveCallee):
2079         (JSC::BytecodeGenerator::addCallee):
2080
2081 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
2082
2083         Unreviewed, build fix.
2084
2085         * ftl/FTLOSREntry.cpp:
2086
2087 2014-01-31  Oliver Hunt  <oliver@apple.com>
2088
2089         Fix windows
2090
2091         * generate-js-builtins:
2092
2093 2014-01-31  Oliver Hunt  <oliver@apple.com>
2094
2095         Fix 32bit.
2096
2097         * jit/JITPropertyAccess32_64.cpp:
2098
2099 2014-01-31  Mark Lam  <mark.lam@apple.com>
2100
2101         Add options to force debugger / profiler bytecode generation.
2102         <https://webkit.org/b/128014>
2103
2104         Reviewed by Oliver Hunt.
2105
2106         Add Options::forceDebuggerBytecodeGeneration() and
2107         Options::forceProfilerBytecodeGeneration(). These options make it more
2108         convenient to do correctness testing when debugger / profiler bytecodes
2109         are generated.
2110
2111         These options are disabled by default.
2112
2113         * bytecompiler/BytecodeGenerator.cpp:
2114         (JSC::BytecodeGenerator::BytecodeGenerator):
2115         * runtime/Options.h:
2116
2117 2014-01-29  Oliver Hunt  <oliver@apple.com>
2118
2119         Make it possible to implement JS builtins in JS
2120         https://bugs.webkit.org/show_bug.cgi?id=127887
2121
2122         Reviewed by Michael Saboff.
2123
2124         This patch makes it possible to write builtin functions in JS.
2125         The bindings, generators, and definitions are all created automatically
2126         based on js files in the builtins/ directory.  This patch includes one
2127         such case: Array.prototype.js with an implementation of every().
2128
2129         There's a lot of refactoring to make it possible for CommonIdentifiers
2130         to include the output of the generated files (DerivedSources/JSCBuiltins.{h,cpp})
2131         without breaking the offset extractor. The result of this refactoring
2132         is that CommonIdentifiers, and a few other miscellaneous headers now
2133         need to be included directly as they were formerly captured through other
2134         paths.
2135
2136         In addition this adds a flag to the Lookup table's hashentry to indicate
2137         that a static function is actually backed by JS. There is then a lot of
2138         logic to thread the special nature of the functon to where it matters.
2139         This allows toString(), .caller, etc to mimic the behaviour of a host
2140         function.
2141
2142         Notes on writing builtins:
2143          - Each function is compiled independently of the others, and those
2144            implementations cannot currently capture all global properties (as
2145            that could be potentially unsafe). If a function does capture a
2146            global we will deliberately crash.
2147          - For those "global" properties that we do want access to, we use
2148            the @ prefix, e.g. Object(this) becomes @Object(this). The @ identifiers
2149            are private names, and behave just like regular properties, only
2150            without the risk of adulteration. Again, in the @Object case, we
2151            explicitly duplicate the ObjectConstructor reference on the GlobalObject
2152            so that we have guaranteed access to the original version of the
2153            constructor.
2154          - call, apply, eval, and Function are all rejected identifiers, again
2155            to prevent anything from accidentally using an adulterated object.
2156            Instead @call and @apply are available, and happily they completely
2157            drop the neq_ptr instruction as they're defined as always being the
2158            original call/apply functions.
2159
2160         These restrictions are just intended to make it harder to accidentally
2161         make changes that are incorrect (for instance calling whatever has been
2162         assigned to global.Object, instead of the original constructor function).
2163         However, making a mistake like this should result in a purely semantic
2164         error as fundamentally these functions are treated as though they were
2165         regular JS code in the host global, and have no more privileges than
2166         any other JS.
2167
2168         The initial proof of concept is Array.prototype.every, this shows a 65%
2169         performance improvement, and that improvement is significantly hurt by
2170         our poor optimisation of op_in.
2171
2172         As this is such a limited function, we have not yet exported all symbols
2173         that we could possibly need, but as we implement more, the likelihood
2174         of encountering missing features will reduce.
2175
2176         This did require breaking out a JSStringInlines header, and required
2177         fixing a few objects that were trying to using PropertyName::publicName
2178         rather than PropertyName::uid.
2179
2180         * API/JSCallbackObjectFunctions.h:
2181         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
2182         (JSC::JSCallbackObject<Parent>::put):
2183         (JSC::JSCallbackObject<Parent>::deleteProperty):
2184         (JSC::JSCallbackObject<Parent>::getStaticValue):
2185         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
2186         (JSC::JSCallbackObject<Parent>::callbackGetter):
2187         * CMakeLists.txt:
2188         * DerivedSources.make:
2189         * GNUmakefile.list.am:
2190         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2191         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2192         * JavaScriptCore.xcodeproj/project.pbxproj:
2193         * builtins/Array.prototype.js:
2194         (every):
2195         * builtins/BuiltinExecutables.cpp: Added.
2196         (JSC::BuiltinExecutables::BuiltinExecutables):
2197         (JSC::BuiltinExecutables::createBuiltinExecutable):
2198         * builtins/BuiltinExecutables.h:
2199         (JSC::BuiltinExecutables::create):
2200         * bytecode/CodeBlock.cpp:
2201         (JSC::CodeBlock::CodeBlock):
2202         * bytecode/CodeBlock.h:
2203         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
2204         * bytecode/UnlinkedCodeBlock.cpp:
2205         (JSC::generateFunctionCodeBlock):
2206         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2207         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
2208         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2209         * bytecode/UnlinkedCodeBlock.h:
2210         (JSC::ExecutableInfo::ExecutableInfo):
2211         (JSC::UnlinkedFunctionExecutable::create):
2212         (JSC::UnlinkedFunctionExecutable::toStrictness):
2213         (JSC::UnlinkedFunctionExecutable::isBuiltinFunction):
2214         (JSC::UnlinkedCodeBlock::isBuiltinFunction):
2215         * bytecompiler/BytecodeGenerator.cpp:
2216         (JSC::BytecodeGenerator::BytecodeGenerator):
2217         * bytecompiler/BytecodeGenerator.h:
2218         (JSC::BytecodeGenerator::isBuiltinFunction):
2219         (JSC::BytecodeGenerator::makeFunction):
2220         * bytecompiler/NodesCodegen.cpp:
2221         (JSC::CallFunctionCallDotNode::emitBytecode):
2222         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2223         * create_hash_table:
2224         * dfg/DFGOperations.cpp:
2225         * generate-js-builtins: Added.
2226         (getCopyright):
2227         (getFunctions):
2228         (generateCode):
2229         (mangleName):
2230         (FunctionExecutable):
2231         (Identifier):
2232         (JSGlobalObject):
2233         (SourceCode):
2234         (UnlinkedFunctionExecutable):
2235         (VM):
2236         * interpreter/Interpreter.cpp:
2237         * interpreter/ProtoCallFrame.cpp:
2238         * jit/JITOpcodes.cpp:
2239         * jit/JITOpcodes32_64.cpp:
2240         * jit/JITOperations.cpp:
2241         * jit/JITPropertyAccess.cpp:
2242         * jit/JITPropertyAccess32_64.cpp:
2243         * jsc.cpp:
2244         * llint/LLIntSlowPaths.cpp:
2245         * parser/ASTBuilder.h:
2246         (JSC::ASTBuilder::makeFunctionCallNode):
2247         * parser/Lexer.cpp:
2248         (JSC::Lexer<T>::Lexer):
2249         (JSC::isSafeIdentifier):
2250         (JSC::Lexer<LChar>::parseIdentifier):
2251         (JSC::Lexer<UChar>::parseIdentifier):
2252         (JSC::Lexer<T>::lex):
2253         * parser/Lexer.h:
2254         (JSC::isSafeIdentifier):
2255         (JSC::Lexer<T>::lexExpectIdentifier):
2256         * parser/Nodes.cpp:
2257         (JSC::ProgramNode::setClosedVariables):
2258         * parser/Nodes.h:
2259         (JSC::ScopeNode::capturedVariables):
2260         (JSC::ScopeNode::setClosedVariables):
2261         (JSC::ProgramNode::closedVariables):
2262         * parser/Parser.cpp:
2263         (JSC::Parser<LexerType>::Parser):
2264         (JSC::Parser<LexerType>::parseInner):
2265         (JSC::Parser<LexerType>::didFinishParsing):
2266         (JSC::Parser<LexerType>::printUnexpectedTokenText):
2267         * parser/Parser.h:
2268         (JSC::Scope::getUsedVariables):
2269         (JSC::Parser::closedVariables):
2270         (JSC::parse):
2271         * parser/ParserModes.h:
2272         * parser/ParserTokens.h:
2273         * runtime/ArgList.cpp:
2274         * runtime/Arguments.cpp:
2275         * runtime/Arguments.h:
2276         * runtime/ArgumentsIteratorConstructor.cpp:
2277         * runtime/ArgumentsIteratorPrototype.cpp:
2278         * runtime/ArrayPrototype.cpp:
2279         * runtime/CodeCache.cpp:
2280         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2281         * runtime/CommonIdentifiers.cpp:
2282         (JSC::CommonIdentifiers::CommonIdentifiers):
2283         (JSC::CommonIdentifiers::getPrivateName):
2284         (JSC::CommonIdentifiers::getPublicName):
2285         * runtime/CommonIdentifiers.h:
2286         * runtime/CommonSlowPaths.cpp:
2287         * runtime/CommonSlowPathsExceptions.cpp:
2288         * runtime/ExceptionHelpers.cpp:
2289         (JSC::createUndefinedVariableError):
2290         * runtime/Executable.h:
2291         (JSC::EvalExecutable::executableInfo):
2292         (JSC::ProgramExecutable::executableInfo):
2293         (JSC::FunctionExecutable::isBuiltinFunction):
2294         * runtime/FunctionPrototype.cpp:
2295         (JSC::functionProtoFuncToString):
2296         * runtime/JSActivation.cpp:
2297         (JSC::JSActivation::symbolTableGet):
2298         (JSC::JSActivation::symbolTablePut):
2299         (JSC::JSActivation::symbolTablePutWithAttributes):
2300         * runtime/JSArgumentsIterator.cpp:
2301         * runtime/JSArray.cpp:
2302         * runtime/JSArrayIterator.cpp:
2303         * runtime/JSCJSValue.cpp:
2304         * runtime/JSCellInlines.h:
2305         * runtime/JSFunction.cpp:
2306         (JSC::JSFunction::createBuiltinFunction):
2307         (JSC::JSFunction::calculatedDisplayName):
2308         (JSC::JSFunction::sourceCode):
2309         (JSC::JSFunction::isHostOrBuiltinFunction):
2310         (JSC::JSFunction::isBuiltinFunction):
2311         (JSC::JSFunction::callerGetter):
2312         (JSC::JSFunction::getOwnPropertySlot):
2313         (JSC::JSFunction::getOwnNonIndexPropertyNames):
2314         (JSC::JSFunction::put):
2315         (JSC::JSFunction::defineOwnProperty):
2316         * runtime/JSFunction.h:
2317         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
2318         * runtime/JSGenericTypedArrayViewInlines.h:
2319         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
2320         * runtime/JSGlobalObject.cpp:
2321         (JSC::JSGlobalObject::reset):
2322         (JSC::JSGlobalObject::visitChildren):
2323         * runtime/JSGlobalObject.h:
2324         (JSC::JSGlobalObject::objectConstructor):
2325         (JSC::JSGlobalObject::symbolTableHasProperty):
2326         * runtime/JSObject.cpp:
2327         (JSC::getClassPropertyNames):
2328         (JSC::JSObject::reifyStaticFunctionsForDelete):
2329         (JSC::JSObject::putDirectBuiltinFunction):
2330         * runtime/JSObject.h:
2331         * runtime/JSPropertyNameIterator.cpp:
2332         * runtime/JSPropertyNameIterator.h:
2333         * runtime/JSString.h:
2334         * runtime/JSStringInlines.h: Added.
2335         (JSC::JSString::getStringPropertySlot):
2336         (JSC::inlineJSValueNotStringtoString):
2337         (JSC::JSValue::toWTFStringInline):
2338         * runtime/JSSymbolTableObject.cpp:
2339         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
2340            Don't report private names.
2341         * runtime/JSSymbolTableObject.h:
2342         (JSC::symbolTableGet):
2343         (JSC::symbolTablePut):
2344         (JSC::symbolTablePutWithAttributes):
2345         * runtime/Lookup.cpp:
2346         (JSC::setUpStaticFunctionSlot):
2347         * runtime/Lookup.h:
2348         (JSC::HashEntry::builtinGenerator):
2349         (JSC::HashEntry::propertyGetter):
2350         (JSC::HashEntry::propertyPutter):
2351         (JSC::HashTable::entry):
2352         (JSC::getStaticPropertySlot):
2353         (JSC::getStaticValueSlot):
2354         (JSC::putEntry):
2355         * runtime/NativeErrorConstructor.cpp:
2356         (JSC::NativeErrorConstructor::finishCreation):
2357         * runtime/NativeErrorConstructor.h:
2358         * runtime/PropertySlot.h:
2359         * runtime/RegExpPrototype.cpp:
2360         * runtime/SetConstructor.cpp:
2361         * runtime/StringObject.cpp:
2362         * runtime/Structure.cpp:
2363         * runtime/VM.cpp:
2364         (JSC::VM::VM):
2365         * runtime/VM.h:
2366         (JSC::VM::builtinExecutables):
2367
2368 2014-01-31  Gabor Rapcsanyi  <rgabor@webkit.org>
2369
2370         Fix the ARM Thumb2 build after jsCStack branch merge
2371         https://bugs.webkit.org/show_bug.cgi?id=127903
2372
2373         Reviewed by Michael Saboff.
2374
2375         SP register cannot be used as a destination register of SUB or ADD on Thumb mode.
2376
2377         * llint/LowLevelInterpreter.asm:
2378         * llint/LowLevelInterpreter32_64.asm:
2379
2380 2014-01-31  Julien Brianceau  <jbriance@cisco.com>
2381
2382         [arm] Add missing pushPair/popPair implementations in MacroAssemblerARM.h
2383         https://bugs.webkit.org/show_bug.cgi?id=127904
2384
2385         Reviewed by Zoltan Herczeg.
2386
2387         * assembler/MacroAssemblerARM.h:
2388         (JSC::MacroAssemblerARM::popPair):
2389         (JSC::MacroAssemblerARM::pushPair):
2390
2391 2014-01-30  Martin Robinson  <mrobinson@igalia.com>
2392
2393         [GTK] [CMake] Add support for building against GTK+ 2
2394         https://bugs.webkit.org/show_bug.cgi?id=127959
2395
2396         Reviewed by Anders Carlsson.
2397
2398         * PlatformGTK.cmake: Use the new API version variable and don't use GTK3 directly.
2399
2400 2014-01-30  Andreas Kling  <akling@apple.com>
2401
2402         CodeBlock's cloned SymbolTables only need the captured names.
2403         <https://webkit.org/b/127978>
2404
2405         Renamed SymbolTable::clone() to SymbolTable::cloneCapturedNames()
2406         and make it skip over any symbols that aren't captured, since those
2407         won't be needed after codegen.
2408
2409         This is a first step towards getting rid of redundant symbol tables.
2410
2411         Reviewed by Geoffrey Garen.
2412
2413         * bytecode/CodeBlock.cpp:
2414         (JSC::CodeBlock::CodeBlock):
2415         * runtime/SymbolTable.cpp:
2416         (JSC::SymbolTable::cloneCapturedNames):
2417         * runtime/SymbolTable.h:
2418
2419 2014-01-28  Timothy Hatcher  <timothy@apple.com>
2420
2421         Add column number and call timing support to LegacyProfiler.
2422
2423         https://bugs.webkit.org/show_bug.cgi?id=127764
2424
2425         Reviewed by Joseph Pecoraro.
2426
2427         * interpreter/Interpreter.cpp:
2428         (JSC::Interpreter::execute):
2429         * profiler/CallIdentifier.h:
2430         (JSC::CallIdentifier::CallIdentifier):
2431         (JSC::CallIdentifier::functionName):
2432         (JSC::CallIdentifier::url):
2433         (JSC::CallIdentifier::lineNumber):
2434         (JSC::CallIdentifier::columnNumber):
2435         (JSC::CallIdentifier::operator==):
2436         (JSC::CallIdentifier::operator!=):
2437         (JSC::CallIdentifier::Hash::hash):
2438         (WTF::HashTraits<JSC::CallIdentifier>::constructDeletedValue):
2439         (WTF::HashTraits<JSC::CallIdentifier>::isDeletedValue):
2440         * profiler/LegacyProfiler.cpp:
2441         (JSC::LegacyProfiler::willExecute):
2442         (JSC::LegacyProfiler::didExecute):
2443         (JSC::LegacyProfiler::exceptionUnwind):
2444         (JSC::LegacyProfiler::createCallIdentifier):
2445         (JSC::createCallIdentifierFromFunctionImp):
2446         * profiler/LegacyProfiler.h:
2447         * profiler/Profile.cpp:
2448         (JSC::Profile::Profile):
2449         * profiler/Profile.h:
2450         (JSC::Profile::uid):
2451         (JSC::Profile::idleTime):
2452         (JSC::Profile::setIdleTime):
2453         * profiler/ProfileGenerator.cpp:
2454         (JSC::AddParentForConsoleStartFunctor::operator()):
2455         (JSC::ProfileGenerator::addParentForConsoleStart):
2456         (JSC::ProfileGenerator::willExecute):
2457         (JSC::ProfileGenerator::didExecute):
2458         (JSC::ProfileGenerator::stopProfiling):
2459         (JSC::ProfileGenerator::removeProfileStart):
2460         (JSC::ProfileGenerator::removeProfileEnd):
2461         * profiler/ProfileNode.cpp:
2462         (JSC::ProfileNode::ProfileNode):
2463         (JSC::ProfileNode::stopProfiling):
2464         (JSC::ProfileNode::endAndRecordCall):
2465         (JSC::ProfileNode::startTimer):
2466         (JSC::ProfileNode::debugPrintData):
2467         * profiler/ProfileNode.h:
2468         (JSC::ProfileNode::Call::Call):
2469         (JSC::ProfileNode::Call::startTime):
2470         (JSC::ProfileNode::Call::setStartTime):
2471         (JSC::ProfileNode::Call::totalTime):
2472         (JSC::ProfileNode::Call::setTotalTime):
2473         (JSC::ProfileNode::id):
2474         (JSC::ProfileNode::functionName):
2475         (JSC::ProfileNode::url):
2476         (JSC::ProfileNode::lineNumber):
2477         (JSC::ProfileNode::columnNumber):
2478         (JSC::ProfileNode::calls):
2479         (JSC::ProfileNode::lastCall):
2480         (JSC::ProfileNode::numberOfCalls):
2481
2482 2014-01-26  Timothy Hatcher  <timothy@apple.com>
2483
2484         Include profile with FunctionCall and EvaluateScript Timeline records.
2485
2486         https://bugs.webkit.org/show_bug.cgi?id=127663
2487
2488         Reviewed by Joseph Pecoraro.
2489
2490         * inspector/InjectedScriptBase.cpp:
2491         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
2492         * inspector/InspectorEnvironment.h:
2493         * inspector/JSGlobalObjectInspectorController.h:
2494
2495 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
2496
2497         FTL should support GetById(Untyped:)
2498         https://bugs.webkit.org/show_bug.cgi?id=127750
2499
2500         Reviewed by Oliver Hunt.
2501         
2502         This was supposed to be easy. Indeed, the actual GetById UntypedUse case was easy. But
2503         then it expanded coverage by a lot and I got to deal with three bugs. So, this has
2504         some additional changes:
2505         
2506         Also make it safe for LLVM to duplicate calls to patchpoints and stackmaps. Previously
2507         we incorrectly assumed that if we emitted a patchpoint, then there would only be one
2508         copy of that patchpoint (with that ID) in the resulting machine code and in the
2509         stackmaps section. That's obviously a bad assumption - LLVM is allowed to do anything
2510         it wants so long as the outcome of executing the code has a semantically equivalent
2511         meaning to the IR we gave it, and duplicating code is trivially OK under this rule. We
2512         should be OK with it, too. The solution is to add Vectors in a bunch of places that
2513         previously just thought they only had one value. For example, an InlineCacheDescriptor
2514         now has a Vector of generators - one generator for each copy that LLVM stamped out.
2515         Normally there will only be one copy, of course - since duplication is usually
2516         unprofitable. But, if LLVM decides that copying would be groovy then we will no longer
2517         barf.
2518         
2519         Also fix SSA conversion. It turns out that we mishandled the case where a block had
2520         multiple Phi functions for the same local. If any of those CPS Phis fail to trivialize
2521         in the Aycock-Horspool fixpoint, we need to insert an SSA Phi. Previously, it was
2522         assuming that so long as the head CPS Phi was trivial, we could forego SSA Phi
2523         insertion. That's wrong if the head CPS Phi trivialized but ended up pointing to a
2524         non-trivial CPS Phi in the same block. This madness with trees of Phis occurs because
2525         we try to save on compile times: no Phi ever has more than three children even if the
2526         block has more than three predecessors; we just build out a tree of Phis to satisfy
2527         all predecessors. So weird.
2528         
2529         And finally, fix DFG->FTL OSR entry's reconstruction of 'this' in a constructor. That
2530         reconstruction code, JITCode::reconstruct(), had a work-around for the case where we
2531         were entering into a constructor at the prologue. In that case, 'this' is definitely
2532         unavailable. But the OSR code does reconstructions at LoopHints, which aren't at the
2533         prologue, and so 'this' should totally be available.
2534
2535         * dfg/DFGGraph.cpp:
2536         (JSC::DFG::Graph::dump):
2537         * dfg/DFGJITCode.cpp:
2538         (JSC::DFG::JITCode::reconstruct):
2539         * dfg/DFGNode.h:
2540         (JSC::DFG::Node::tryGetVariableAccessData):
2541         * dfg/DFGSSAConversionPhase.cpp:
2542         (JSC::DFG::SSAConversionPhase::run):
2543         * ftl/FTLCapabilities.cpp:
2544         (JSC::FTL::canCompile):
2545         * ftl/FTLCompile.cpp:
2546         (JSC::FTL::generateICFastPath):
2547         (JSC::FTL::fixFunctionBasedOnStackMaps):
2548         * ftl/FTLInlineCacheDescriptor.h:
2549         * ftl/FTLJITFinalizer.cpp:
2550         (JSC::FTL::JITFinalizer::codeSize):
2551         * ftl/FTLJSCall.cpp:
2552         (JSC::FTL::JSCall::JSCall):
2553         * ftl/FTLJSCall.h:
2554         * ftl/FTLLowerDFGToLLVM.cpp:
2555         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2556         (JSC::FTL::LowerDFGToLLVM::getById):
2557         * ftl/FTLOSREntry.cpp:
2558         (JSC::FTL::prepareOSREntry):
2559         * ftl/FTLStackMaps.cpp:
2560         (JSC::FTL::StackMaps::getRecordMap):
2561         * ftl/FTLStackMaps.h:
2562         * tests/stress/get-by-id-untyped.js: Added.
2563         (foo):
2564
2565 2014-01-30  Geoffrey Garen  <ggaren@apple.com>
2566
2567         Part 2: REGRESSION: JavascriptCore crash during OS Installation (due to
2568         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
2569         https://bugs.webkit.org/show_bug.cgi?id=127950
2570
2571         Reviewed by Mark Hahnenberg.
2572
2573         Scope the APICallbackShim to make sure that we re-acquire the lock
2574         before putting the heap back into the "unsafe to allocate" state.
2575         Otherwise, the heap will seem to be in the "unsafe to allocate" state
2576         during any GC that happens before we re-acquire the lock.
2577
2578         No regression test because threads.
2579
2580         * heap/DelayedReleaseScope.h:
2581         (JSC::DelayedReleaseScope::~DelayedReleaseScope):
2582
2583 2014-01-30  Filip Pizlo  <fpizlo@apple.com>
2584
2585         Update FTL StackMaps parser to stackSize change
2586         https://bugs.webkit.org/show_bug.cgi?id=127933
2587
2588         Reviewed by Oliver Hunt.
2589
2590         * ftl/FTLStackMaps.cpp:
2591         (JSC::FTL::StackMaps::parse):
2592
2593 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
2594
2595         [GTK] Only disable -ftree-dce optimization when compiling with GCC
2596         https://bugs.webkit.org/show_bug.cgi?id=127911
2597
2598         Reviewed by Carlos Garcia Campos.
2599
2600         * GNUmakefile.am: Only disable the -ftree-dce optimization when using the GCC compiler.
2601         Some Clang versions/configurations don't support the flag.
2602
2603 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
2604
2605         [GTK] Disable optimizations for JSC that turned out malignant after jsCStack branch merge
2606         https://bugs.webkit.org/show_bug.cgi?id=127909
2607
2608         Reviewed by Carlos Garcia Campos.
2609
2610         * GNUmakefile.am: Disable the -fomit-frame-pointer optimization to achieve proper register usage
2611         in operationCallEval. Disable the -ftree-dce optimization since it is causing additional failures
2612         when using GCC 4.8, possibly due to a bug in the compiler itself.
2613
2614 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
2615
2616         Remove ENABLE(JAVASCRIPT_DEBUGGER) leftovers
2617         https://bugs.webkit.org/show_bug.cgi?id=127845
2618
2619         Reviewed by Joseph Pecoraro.
2620
2621         * Configurations/FeatureDefines.xcconfig:
2622
2623 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
2624
2625         Web Inspector: Play Breakpoint Sound in Frontend
2626         https://bugs.webkit.org/show_bug.cgi?id=127885
2627
2628         Reviewed by Timothy Hatcher.
2629
2630         * inspector/ScriptDebugListener.h:
2631         * inspector/ScriptDebugServer.cpp:
2632         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
2633         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
2634         * inspector/ScriptDebugServer.h:
2635         Pass the breakpoint action identifier through when the
2636         sound breakpoint action is triggered.
2637
2638         * inspector/protocol/Debugger.json:
2639         New "playBreakpointActionSound" event when a "sound" breakpoint action triggers.
2640
2641         * inspector/agents/InspectorDebuggerAgent.h:
2642         * inspector/agents/InspectorDebuggerAgent.cpp:
2643         (Inspector::InspectorDebuggerAgent::breakpointActionSound):
2644         Send the new event so the frontend can handle it.
2645
2646 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
2647
2648         Merge final changesets from the jsCStack branch (r162969, r162975, r162992, r163004, r163069).
2649
2650     2014-01-29  Filip Pizlo  <fpizlo@apple.com>
2651     
2652             DFG ArrayPop double array mishandles the NaN hole installation
2653             https://bugs.webkit.org/show_bug.cgi?id=127813
2654     
2655             Reviewed by Mark Rowe.
2656             
2657             Our object model for arrays inferred double dictates that we use quiet NaN (QNaN) to
2658             mark holes. Holes, in this context, are any entries in the allocated array buffer
2659             (i.e. from index 0 up to the vectorLength) that don't currently hold a value. Popping
2660             creates a hole, since it deletes the value at publicLength - 1.
2661             
2662             But, because of some sloppy copy-and-paste, we were storing (int64_t)0 when creating
2663             the hole, instead of storing QNaN. That's likely because for other kinds of arrays,
2664             64-bit zero is the hole marker, instead of QNaN.
2665             
2666             The attached test case illustrates the problem. In the LLInt and Baseline JIT, the
2667             result returned from foo() is "1.5,2.5,,4.5", since array.pop() removes 3.5 and
2668             replaces it with a hole and then the assignment "array[3] = 4.5" creates an element
2669             just beyond that hole. But, once we tier-up to the DFG, the result previously became
2670             "1.5,2.5,0,4.5", which is wrong. The 0 appeared because the IEEE double
2671             interpretation of 64-bit zero is simply zero.
2672             
2673             This patch fixes that problem. Now the DFG agrees with the other engines.
2674             
2675             This patch also fixes style. For some reason that copy-pasted code wasn't even
2676             indented correctly.
2677     
2678             * dfg/DFGSpeculativeJIT64.cpp:
2679             (JSC::DFG::SpeculativeJIT::compile):
2680             * tests/stress/array-pop-double-hole.js: Added.
2681             (foo):
2682     
2683     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
2684     
2685             FTL should support ArrayPush
2686             https://bugs.webkit.org/show_bug.cgi?id=127748
2687     
2688             Not reviewed, remove some debug code.
2689     
2690             * ftl/FTLLowerDFGToLLVM.cpp:
2691             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
2692     
2693     2014-01-27  Filip Pizlo  <fpizlo@apple.com>
2694     
2695             FTL should support ArrayPush
2696             https://bugs.webkit.org/show_bug.cgi?id=127748
2697     
2698             Reviewed by Oliver Hunt.
2699     
2700             * ftl/FTLAbstractHeapRepository.h:
2701             (JSC::FTL::AbstractHeapRepository::forArrayType):
2702             * ftl/FTLCapabilities.cpp:
2703             (JSC::FTL::canCompile):
2704             * ftl/FTLIntrinsicRepository.h:
2705             * ftl/FTLLowerDFGToLLVM.cpp:
2706             (JSC::FTL::LowerDFGToLLVM::compileNode):
2707             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
2708             * tests/stress/array-push-contiguous.js: Added.
2709             (foo):
2710             * tests/stress/array-push-double.js: Added.
2711             (foo):
2712     
2713     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
2714     
2715             FTL should support ArrayPop
2716             https://bugs.webkit.org/show_bug.cgi?id=127749
2717     
2718             Reviewed by Geoffrey Garen.
2719     
2720             * ftl/FTLCapabilities.cpp:
2721             (JSC::FTL::canCompile):
2722             * ftl/FTLIntrinsicRepository.h:
2723             * ftl/FTLLowerDFGToLLVM.cpp:
2724             (JSC::FTL::LowerDFGToLLVM::compileNode):
2725             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
2726             (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
2727             * tests/stress/array-pop-contiguous.js: Added.
2728             (foo):
2729             * tests/stress/array-pop-double.js: Added.
2730             (foo):
2731             * tests/stress/array-pop-int32.js: Added.
2732             (foo):
2733     
2734 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
2735
2736         DFG::ByteCodeParser::m_dfgCodeBlock is sometimes uninitialized
2737         <rdar://problem/15939032>
2738
2739         Reviewed by Dan Bernstein.
2740
2741         * dfg/DFGByteCodeParser.cpp:
2742         (JSC::DFG::ByteCodeParser::parse):
2743
2744 2014-01-29  Geoffrey Garen  <ggaren@apple.com>
2745
2746         50% time on Dromaeo Selector * benchmark spent allocating oversized backing stores (but not in Chrome)
2747         https://bugs.webkit.org/show_bug.cgi?id=127879
2748
2749         Reviewed by Gavin Barraclough.
2750
2751         Let's not dynamically resize an array whose size is statically known,
2752         mmmkay?
2753
2754         * runtime/ArrayPrototype.cpp:
2755         (JSC::arrayProtoFuncConcat): Use nullptr to disambiguate vs the numeric
2756         argument.
2757
2758         (JSC::arrayProtoFuncSlice): The fix.
2759
2760         (JSC::arrayProtoFuncSort):
2761         (JSC::arrayProtoFuncSplice):
2762         (JSC::arrayProtoFuncFilter):
2763         (JSC::arrayProtoFuncMap): Use nullptr.
2764
2765 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
2766
2767         Web Inspector: Run JSC Inspector EventLoop in a custom run loop mode to prevent default observers from running
2768         https://bugs.webkit.org/show_bug.cgi?id=127865
2769
2770         Reviewed by Geoffrey Garen.
2771
2772         When hitting a breakpoint in a JSContext Inspector we want to entirely
2773         pause the process and all access to the JSContext and only move forward
2774         based on debugger commands. Having the nested run loop run in a default
2775         mode allowed NSTimers scheduled on the thread to regularly run and
2776         evaluate code in the JSContext. Using a custom run loop mode gets us
2777         a bit closer to locking down the context. This doesn't handle scenarios
2778         where background threads also access the JSContext, but it handles the
2779         most common scenario.
2780
2781         * inspector/EventLoop.cpp:
2782         (Inspector::EventLoop::cycle):
2783
2784 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
2785
2786         Web Inspector: Deadlock hitting breakpoint while inspecting JSContext
2787         https://bugs.webkit.org/show_bug.cgi?id=127864
2788
2789         Reviewed by Geoffrey Garen.
2790
2791         Temporarily drop the lock while we run the nested runloop.
2792
2793         * inspector/JSGlobalObjectScriptDebugServer.cpp:
2794         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
2795
2796 2014-01-28  Oliver Hunt  <oliver@apple.com>
2797
2798         Make DOM attributes appear to be faux accessor properties
2799         https://bugs.webkit.org/show_bug.cgi?id=127797
2800
2801         Reviewed by Michael Saboff.
2802
2803         Add flag so we can identify which properties should have the old
2804         custom property semantics vs. the new faux accessors. Update the
2805         inspector protocol accordingly.
2806
2807         These faux accessors produce descriptors with "get" and "set"
2808         properties, but both values are undefined so can't be used
2809         directly. A few custom properties actually require their
2810         existing magical behaviour, so we now have a flag to 
2811         distinguish the expected output.
2812
2813         * inspector/InjectedScriptSource.js:
2814         (.):
2815         * runtime/JSObject.cpp:
2816         (JSC::JSObject::getOwnPropertyDescriptor):
2817         * runtime/PropertyDescriptor.cpp:
2818         (JSC::PropertyDescriptor::setCustomDescriptor):
2819         * runtime/PropertyDescriptor.h:
2820         * runtime/PropertySlot.h:
2821
2822 2014-01-29  Beth Dakin  <bdakin@apple.com>
2823
2824         Build fix.
2825
2826         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
2827         * llint/LowLevelInterpreter.cpp:
2828
2829 2014-01-29  Dan Bernstein  <mitz@apple.com>
2830
2831         Build fix.
2832
2833         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added a newline at the end of the
2834         file.
2835
2836 2014-01-28  Michael Saboff  <msaboff@apple.com>
2837
2838         Merge the jsCStack branch
2839         https://bugs.webkit.org/show_bug.cgi?id=127763
2840
2841         Reviewed by Mark Hahnenberg.
2842
2843         Changes from http://svn.webkit.org/repository/webkit/branches/jsCStack
2844         up to changeset 162958.
2845
2846 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
2847
2848         Remove ENABLE(JAVASCRIPT_DEBUGGER) guards
2849         https://bugs.webkit.org/show_bug.cgi?id=127840
2850
2851         Reviewed by Mark Lam.
2852
2853         * inspector/scripts/CodeGeneratorInspector.py:
2854
2855 2014-01-28  Commit Queue  <commit-queue@webkit.org>
2856
2857         Unreviewed, rolling out r162987.
2858         http://trac.webkit.org/changeset/162987
2859         https://bugs.webkit.org/show_bug.cgi?id=127825
2860
2861         Broke Mountain Lion build (Requested by andersca on #webkit).
2862
2863         * inspector/InjectedScriptSource.js:
2864         (.):
2865         * runtime/JSObject.cpp:
2866         (JSC::JSObject::getOwnPropertyDescriptor):
2867         * runtime/PropertyDescriptor.cpp:
2868         * runtime/PropertyDescriptor.h:
2869         * runtime/PropertySlot.h:
2870
2871 2014-01-28  Oliver Hunt  <oliver@apple.com>
2872
2873         Make DOM attributes appear to be faux accessor properties
2874         https://bugs.webkit.org/show_bug.cgi?id=127797
2875
2876         Reviewed by Michael Saboff.
2877
2878         Add flag so we can identify which properties should have the old
2879         custom property semantics vs. the new faux accessors. Update the
2880         inspector protocol accordingly.
2881
2882         These faux accessors produce descriptors with "get" and "set"
2883         properties, but both values are undefined so can't be used
2884         directly. A few custom properties actually require their
2885         existing magical behaviour, so we now have a flag to 
2886         distinguish the expected output.
2887
2888         * inspector/InjectedScriptSource.js:
2889         (.):
2890         * runtime/JSObject.cpp:
2891         (JSC::JSObject::getOwnPropertyDescriptor):
2892         * runtime/PropertyDescriptor.cpp:
2893         (JSC::PropertyDescriptor::setCustomDescriptor):
2894         * runtime/PropertyDescriptor.h:
2895         * runtime/PropertySlot.h:
2896
2897 2014-01-28  Mark Lam  <mark.lam@apple.com>
2898
2899         Remove some unneeded debugger code.
2900         https://bugs.webkit.org/show_bug.cgi?id=127805.
2901
2902         Reviewed by Oliver Hunt.
2903
2904         JSC will now always support the debugger. Hence, the #if ENABLE(JAVASCRIPT_DEBUGGER)
2905         checks can be removed.
2906
2907         DebuggerCallFrame::callFrame() is also unused and will be removed.
2908
2909         * debugger/Breakpoint.h:
2910         * debugger/Debugger.cpp:
2911         * debugger/DebuggerCallFrame.h:
2912         * inspector/InjectedScript.cpp:
2913         (Inspector::InjectedScript::wrapCallFrames):
2914         * inspector/InjectedScript.h:
2915         * inspector/JSGlobalObjectScriptDebugServer.cpp:
2916         * inspector/JSGlobalObjectScriptDebugServer.h:
2917         * inspector/JSJavaScriptCallFrame.cpp:
2918         * inspector/JSJavaScriptCallFrame.h:
2919         * inspector/JSJavaScriptCallFramePrototype.cpp:
2920         * inspector/JSJavaScriptCallFramePrototype.h:
2921         * inspector/JavaScriptCallFrame.cpp:
2922         * inspector/JavaScriptCallFrame.h:
2923         * inspector/ScriptDebugListener.h:
2924         * inspector/ScriptDebugServer.cpp:
2925         * inspector/ScriptDebugServer.h:
2926         * inspector/agents/InspectorDebuggerAgent.cpp:
2927         * inspector/agents/InspectorDebuggerAgent.h:
2928         * inspector/agents/InspectorRuntimeAgent.cpp:
2929         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
2930         (Inspector::setPauseOnExceptionsState):
2931         (Inspector::InspectorRuntimeAgent::evaluate):
2932         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2933         (Inspector::InspectorRuntimeAgent::getProperties):
2934         * inspector/agents/InspectorRuntimeAgent.h:
2935
2936 2014-01-28  Geoffrey Garen  <ggaren@apple.com>
2937
2938         REGRESSION: JavascriptCore crash during OS Installation (due to
2939         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
2940         https://bugs.webkit.org/show_bug.cgi?id=127793
2941
2942         Reviewed by Mark Hahnenberg.
2943
2944         This was a mistaken ASSERT.
2945
2946         * API/tests/testapi.mm:
2947         (-[EvilAllocationObject doEvilThingsWithContext:]): Added a test to verify
2948         that GC from a DelayedReleaseScope doesn't crash.
2949
2950         * heap/DelayedReleaseScope.h:
2951         (JSC::DelayedReleaseScope::~DelayedReleaseScope): Our contract is that
2952         it is valid to do anything while running a DelayedReleaseScope -dealloc
2953         method, so the Heap must be ready for new allocations and collections.
2954
2955         Change the Heap's operationInProgress value to NoOperation while running
2956         -dealloc methods, so that it doesn't ASSERT in the face of new allocations
2957         and collections.
2958
2959         * heap/Heap.h: Made DelayedReleaseScope a friend because exposing a setter
2960         for m_operationInProgress seemed like the worse of the two options for
2961         encapsulation: we don't really want arbitrary clients to set the Heap's
2962         m_operationInProgress.
2963
2964 2014-01-28  Mark Lam  <mark.lam@apple.com>
2965
2966         Jettison DFG code when neither breakpoints or the profiler are active.
2967         <https://webkit.org/b/127766>
2968
2969         Reviewed by Geoffrey Garen.
2970
2971         We need to jettison the DFG CodeBlocks under the following circumstances:
2972         1. When adding breakpoints to a CodeBlock, jettison it if it is a DFG CodeBlock.
2973         2. When enabling stepping mode in a CodeBlock, jettison it if it a DFG CodeBlock.
2974         3. When settign the enabled profiler in the VM, we need to jettison all DFG
2975            CodeBlocks.
2976
2977         Instead of emitting speculation checks, the DFG code will now treat Breakpoint,
2978         ProfileWillCall, and ProfileDidCall as no-ops similar to a Phantom node. We
2979         still need to track these nodes so that they match the corresponding opcodes
2980         in the baseline JIT when we jettison and OSR exit. Without them, we would OSR
2981         exit to the wrong location in the baseline JIT code.
2982
2983         In DFGDriver's compileImpl() and DFGPlan's finalizeWithoutNotifyingCallback()
2984         we fail the compilation effort with a CompilationInvalidated result. This allows
2985         the DFG compiler to re-attampt the compilation of the function after some time
2986         if it is hot. The CompilationInvalidated result is supposed to cause the DFG
2987         to exercise an exponential back off before re-attempting compilation again
2988         (see runtime/CompilationResult.h).
2989
2990         This patch improves the Octane score from ~2950 to ~3067.
2991
2992         * bytecode/CodeBlock.cpp:
2993         (JSC::CodeBlock::addBreakpoint):
2994         (JSC::CodeBlock::setSteppingMode):
2995         * bytecode/CodeBlock.h:
2996         * debugger/Debugger.h:
2997         * dfg/DFGAbstractInterpreterInlines.h:
2998         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2999         * dfg/DFGClobberize.h:
3000         (JSC::DFG::clobberize):
3001         * dfg/DFGDriver.cpp:
3002         (JSC::DFG::compileImpl):
3003         * dfg/DFGPlan.cpp:
3004         (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
3005         * dfg/DFGSpeculativeJIT32_64.cpp:
3006         (JSC::DFG::SpeculativeJIT::compile):
3007         * dfg/DFGSpeculativeJIT64.cpp:
3008         (JSC::DFG::SpeculativeJIT::compile):
3009         * profiler/LegacyProfiler.cpp:
3010         (JSC::LegacyProfiler::startProfiling):
3011         (JSC::LegacyProfiler::stopProfiling):
3012         * runtime/VM.cpp:
3013         (JSC::VM::VM):
3014         (JSC::SetEnabledProfilerFunctor::operator()):
3015         (JSC::VM::setEnabledProfiler):
3016         * runtime/VM.h:
3017         (JSC::VM::enabledProfiler):
3018
3019 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
3020
3021         -[JSContext evaluteScript:] calls JSEvaluteScript with startingLineNumber 0, later interpreted as a oneBasedInt
3022         https://bugs.webkit.org/show_bug.cgi?id=127648
3023
3024         Reviewed by Geoffrey Garen.
3025
3026         The actual bug being fixed here is that the line number for
3027         scripts evaluated via the JSC APIs is now sane. However,
3028         there is no good infrastructure in place right now to test that.
3029
3030         * API/tests/testapi.c:
3031         (main):
3032         * API/tests/testapi.mm:
3033         (testObjectiveCAPI):
3034         Add tests for exception line numbers and handling of bad
3035         startingLineNumbers in public APIs. These tests were already
3036         passing, I just add them to make sure they are not regressed
3037         in the future.
3038
3039         * API/JSBase.cpp:
3040         (JSEvaluateScript):
3041         (JSCheckScriptSyntax):
3042         * API/JSBase.h:
3043         * API/JSObjectRef.cpp:
3044         (JSObjectMakeFunction):
3045         * API/JSObjectRef.h:
3046         * API/JSScriptRef.cpp:
3047         * API/JSScriptRefPrivate.h:
3048         * API/JSStringRef.h:
3049         - Clarify documentation that startingLineNumber is 1 based and clamped.
3050         - Add clamping in the implementation to put sane values into JSC::SourceProvider.
3051
3052         * inspector/agents/InspectorDebuggerAgent.cpp:
3053         (Inspector::InspectorDebuggerAgent::didParseSource):
3054         Remove the FIXME now that the SourceProvider is giving us expected values.
3055
3056 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
3057
3058         Web Inspector: CRASH when debugger closes remote inspecting JSContext
3059         https://bugs.webkit.org/show_bug.cgi?id=127738
3060
3061         Reviewed by Timothy Hatcher.
3062
3063         RemoteInspectorXPCConnection could be accessed in a background dispatch
3064         queue, while being deallocated on the main thread when a connection
3065         was suddenly terminated.
3066
3067         Make RemoteInspectorXPCConnection a ThreadSafeRefCounted object. Always
3068         keep the connection object ref'd until the main thread calls close()
3069         and removes its reference. At that point we can close the connection,
3070         queue, and deref safely on the background queue.
3071
3072         * inspector/remote/RemoteInspector.h:
3073         * inspector/remote/RemoteInspector.mm:
3074         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
3075         (Inspector::RemoteInspector::xpcConnectionFailed):
3076         For simplicity RemoteInspectorXPCConnections's don't have any threading
3077         primatives to prevent client callbacks after they are closed. RemoteInspector
3078         does, so it just ignores possible callbacks from connections it no longer
3079         cares about.
3080
3081         * inspector/remote/RemoteInspectorXPCConnection.h:
3082         * inspector/remote/RemoteInspectorXPCConnection.mm:
3083         (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
3084         (Inspector::RemoteInspectorXPCConnection::~RemoteInspectorXPCConnection):
3085         (Inspector::RemoteInspectorXPCConnection::close):
3086         Keep the connection alive as long as the queue it can be used on
3087         is alive. Clean up everything on the queue when close() is called.
3088
3089         (Inspector::RemoteInspectorXPCConnection::handleEvent):
3090         Checking if closed here is not thread safe so it is meaningless.
3091         Remove the check.
3092
3093         (Inspector::RemoteInspectorXPCConnection::sendMessage):
3094         Bail based on the m_closed state.
3095
3096 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
3097
3098         JavaScriptCore: Enable -Wimplicit-fallthrough and add FALLTHROUGH annotation where needed
3099         https://bugs.webkit.org/show_bug.cgi?id=127647
3100
3101         Reviewed by Anders Carlsson.
3102
3103         Explicitly annotate switch case fallthroughs in JavaScriptCore and
3104         enable warnings for unannotated fallthroughs.
3105
3106         * dfg/DFGArithMode.h:
3107         (doesOverflow):
3108         Only insert FALLTHROUGH in release builds. In debug builds, the
3109         FALLTHROUGH would be unreachable (due to the ASSERT_NOT_REACHED)
3110         and would through a warning.
3111
3112         * dfg/DFGSpeculativeJIT64.cpp:
3113         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
3114         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
3115         Due to the templatized nature of this function, a fallthrough
3116         in one of the template expansions would be unreachable. Disable
3117         the warning for this function.
3118
3119         * Configurations/Base.xcconfig:
3120         * bytecode/CodeBlock.cpp:
3121         (JSC::CodeBlock::CodeBlock):
3122         * dfg/DFGCFGSimplificationPhase.cpp:
3123         (JSC::DFG::CFGSimplificationPhase::run):
3124         * dfg/DFGValidate.cpp:
3125         (JSC::DFG::Validate::validateCPS):
3126         * parser/Lexer.cpp:
3127         (JSC::Lexer<T>::lex):
3128         * parser/Parser.cpp:
3129         (JSC::Parser<LexerType>::parseStatement):
3130         (JSC::Parser<LexerType>::parseProperty):
3131         * runtime/JSArray.cpp:
3132         (JSC::JSArray::push):
3133         * runtime/JSONObject.cpp:
3134         (JSC::Walker::walk):
3135         * runtime/JSObject.cpp:
3136         (JSC::JSObject::putByIndex):
3137         (JSC::JSObject::putByIndexBeyondVectorLength):
3138         * runtime/JSObject.h:
3139         (JSC::JSObject::setIndexQuickly):
3140         (JSC::JSObject::initializeIndex):
3141         * runtime/LiteralParser.cpp:
3142         (JSC::LiteralParser<CharType>::parse):
3143         * yarr/YarrInterpreter.cpp:
3144         (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
3145         (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
3146         * yarr/YarrParser.h:
3147         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
3148         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
3149         (JSC::Yarr::Parser::parseEscape):
3150         (JSC::Yarr::Parser::parseTokens):
3151
3152 2014-01-27  Andy Estes  <aestes@apple.com>
3153
3154         Scrub WebKit API headers of WTF macros
3155         https://bugs.webkit.org/show_bug.cgi?id=127706
3156
3157         Reviewed by David Kilzer.
3158
3159         * Configurations/FeatureDefines.xcconfig: Added ENABLE_INSPECTOR.
3160
3161 2014-01-27  Mark Lam  <mark.lam@apple.com>
3162
3163         Remove unused CodeBlock::createActivation().
3164         <https://webkit.org/b/127686>
3165
3166         Reviewed by Filip Pizlo.
3167
3168         * bytecode/CodeBlock.cpp:
3169         * bytecode/CodeBlock.h:
3170
3171 2014-01-26  Andreas Kling  <akling@apple.com>
3172
3173         JSC: Pack unlinked instructions harder.
3174         <https://webkit.org/b/127660>
3175
3176         Store UnlinkedCodeBlock's instructions in a variable-length stream
3177         to reduce memory usage. Compression rate ends up around 60-61%.
3178
3179         The format is very simple. Every instruction starts with a 1 byte
3180         opcode. It's followed by an opcode-dependent number of argument
3181         values, each encoded separately for maximum packing. There are
3182         7 packed value formats:
3183
3184             5-bit positive integer
3185             5-bit negative integer
3186             13-bit positive integer
3187             13-bit positive integer
3188             5-bit constant register index
3189             13-bit constant register index
3190             32-bit value (fallback)
3191
3192         27.5 MB progression on Membuster3. (~2% of total memory.)
3193
3194         Reviewed by Filip Pizlo.
3195
3196         * JavaScriptCore.xcodeproj/project.pbxproj:
3197         * bytecode/UnlinkedInstructionStream.h: Added.
3198         (JSC::UnlinkedInstructionStream::count):
3199         (JSC::UnlinkedInstructionStream::Reader::atEnd):
3200         * bytecode/UnlinkedInstructionStream.cpp: Added.
3201         (JSC::UnlinkedInstructionStream::Reader::Reader):
3202         (JSC::UnlinkedInstructionStream::Reader::read8):
3203         (JSC::UnlinkedInstructionStream::Reader::read32):
3204         (JSC::UnlinkedInstructionStream::Reader::next):
3205         (JSC::append8):
3206         (JSC::append32):
3207         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
3208         (JSC::UnlinkedInstructionStream::unpackForDebugging):
3209         * bytecompiler/BytecodeGenerator.cpp:
3210         * bytecode/CodeBlock.cpp:
3211         (JSC::CodeBlock::CodeBlock):
3212         * bytecode/UnlinkedCodeBlock.cpp:
3213         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
3214         (JSC::dumpLineColumnEntry):
3215         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
3216         (JSC::UnlinkedCodeBlock::setInstructions):
3217         (JSC::UnlinkedCodeBlock::instructions):
3218         * bytecode/UnlinkedCodeBlock.h:
3219         (JSC::BytecodeGenerator::generate):
3220
3221 2014-01-26  Joseph Pecoraro  <pecoraro@apple.com>
3222
3223         Web Inspector: Move InspectorDebuggerAgent into JavaScriptCore
3224         https://bugs.webkit.org/show_bug.cgi?id=127629
3225
3226         Rubber-stamped by Sam Weinig.
3227
3228         * CMakeLists.txt:
3229         * GNUmakefile.list.am:
3230         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3231         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3232         * JavaScriptCore.xcodeproj/project.pbxproj:
3233         - Add new files to the build.
3234         - Also, since non REMOTE_INSPECTOR ports cannot yet connect to a
3235           JSGlobalObject for inspection remove those files as they don't
3236           need to be built.
3237
3238         * inspector/EventLoop.cpp: Added.
3239         (Inspector::EventLoop::cycle):
3240         * inspector/EventLoop.h: Added.
3241         (Inspector::EventLoop::EventLoop):
3242         (Inspector::EventLoop::ended):
3243         Add a JavaScriptCore version of EventLoop. This is currently only
3244         used by the Mac port for JSGlobalObject remote inspection. Keep
3245         the WebCore/platform version alive because for the Mac port it does
3246         slightly different things involving AppKit.
3247
3248         * inspector/JSGlobalObjectInspectorController.cpp:
3249         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
3250         Create DebuggerAgent and hook up ScriptDebugServer where needed.
3251
3252         * inspector/JSGlobalObjectScriptDebugServer.cpp: Added.
3253         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
3254         (Inspector::JSGlobalObjectScriptDebugServer::addListener):
3255         (Inspector::JSGlobalObjectScriptDebugServer::removeListener):
3256         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions):
3257         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
3258         * inspector/JSGlobalObjectScriptDebugServer.h: Added.
3259         Simple implementation of ScriptDebugServer with a JSGlobalObject.
3260
3261         * inspector/agents/InspectorDebuggerAgent.cpp: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.cpp.
3262         * inspector/agents/InspectorDebuggerAgent.h: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.h.
3263         Copied from WebCore. A few methods need to be made virtual so that Web implementations
3264         can override and extend the funcitonality. E.g. sourceMapURLForScript and enable/disable.
3265         
3266         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp: Added.
3267         * inspector/agents/JSGlobalObjectDebuggerAgent.h: Added.
3268         (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent):
3269         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer):
3270         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer):
3271         (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
3272         Simple implementation of DebuggerAGent with a JSGlobalObject.
3273
3274 2014-01-25  Mark Lam  <mark.lam@apple.com>
3275
3276         Gardening: fix build breakage from previous commit.
3277
3278         Not reviewed.
3279
3280         * profiler/ProfileNode.cpp:
3281         (JSC::ProfileNode::debugPrintData):
3282         - Removed obsolete references to "visible" timers.
3283
3284 2014-01-25  Timothy Hatcher  <timothy@apple.com>
3285
3286         Remove dead code from the JSC profiler.
3287
3288         https://bugs.webkit.org/show_bug.cgi?id=127643
3289
3290         Reviewed by Mark Lam.
3291
3292         * profiler/Profile.cpp:
3293         * profiler/Profile.h:
3294         * profiler/ProfileGenerator.cpp:
3295         (JSC::ProfileGenerator::stopProfiling):
3296         * profiler/ProfileNode.cpp:
3297         (JSC::ProfileNode::ProfileNode):
3298         (JSC::ProfileNode::stopProfiling):
3299         (JSC::ProfileNode::endAndRecordCall):
3300         (JSC::ProfileNode::debugPrintData):
3301         (JSC::ProfileNode::debugPrintDataSampleStyle):
3302         * profiler/ProfileNode.h:
3303         (JSC::ProfileNode::totalTime):
3304         (JSC::ProfileNode::setTotalTime):
3305         (JSC::ProfileNode::selfTime):
3306         (JSC::ProfileNode::setSelfTime):
3307         (JSC::ProfileNode::totalPercent):
3308         (JSC::ProfileNode::selfPercent):
3309         Remove support for things like focus and exclude. The Inspector does those in JS now.
3310
3311 2014-01-25  Sam Weinig  <sam@webkit.org>
3312
3313         Remove unused support for DRAGGABLE_REGION
3314         https://bugs.webkit.org/show_bug.cgi?id=127642
3315
3316         Reviewed by Simon Fraser.
3317
3318         * Configurations/FeatureDefines.xcconfig:
3319
3320 2014-01-25  Darin Adler  <darin@apple.com>
3321
3322         Try to fix Mac build.
3323
3324         * runtime/DatePrototype.cpp: Put the include of <unicode/udat.h> inside
3325         a conditional since we don't have that header in our Mac build configuration.
3326
3327 2014-01-25  Darin Adler  <darin@apple.com>
3328
3329         Call deprecatedCharacters instead of characters at more call sites
3330         https://bugs.webkit.org/show_bug.cgi?id=127631
3331
3332         Reviewed by Sam Weinig.
3333
3334         * API/JSValueRef.cpp:
3335         (JSValueMakeFromJSONString):
3336         * API/OpaqueJSString.cpp:
3337         (OpaqueJSString::~OpaqueJSString):
3338         * bindings/ScriptValue.cpp:
3339         (Deprecated::jsToInspectorValue):
3340         * inspector/ContentSearchUtilities.cpp:
3341         (Inspector::ContentSearchUtilities::createSearchRegexSource):
3342         * inspector/InspectorValues.cpp:
3343         * runtime/Identifier.h:
3344         (JSC::Identifier::deprecatedCharacters):
3345         * runtime/JSStringBuilder.h:
3346         (JSC::JSStringBuilder::append):
3347         Use the new name.
3348
3349 2014-01-25  Darin Adler  <darin@apple.com>
3350
3351         Get rid of ICU_UNICODE and WCHAR_UNICODE remnants
3352         https://bugs.webkit.org/show_bug.cgi?id=127623
3353
3354         Reviewed by Anders Carlsson.
3355
3356         * runtime/DatePrototype.cpp: Removed USE(ICU_UNICODE) checks, since that's always true now.
3357
3358 2014-01-25  Darin Adler  <darin@apple.com>
3359
3360         [Mac] Rewrite locale-specific date formatting code to remove strange string creation
3361         https://bugs.webkit.org/show_bug.cgi?id=127624
3362
3363         Reviewed by Anders Carlsson.
3364
3365         * runtime/DatePrototype.cpp:
3366         (JSC::formatLocaleDate): Use some smart pointers and conversion operators we already
3367         have to do the formatting in a more straightforward way.
3368
3369 2014-01-25  Anders Carlsson  <andersca@apple.com>
3370
3371         Remove atomicIncrement/atomicDecrement
3372         https://bugs.webkit.org/show_bug.cgi?id=127625
3373
3374         Reviewed by Andreas Kling.
3375
3376         Replace atomicIncrement/atomicDecrement with std::atomic.
3377
3378         * bytecode/Watchpoint.h:
3379         * ftl/FTLLowerDFGToLLVM.cpp:
3380         (JSC::FTL::LowerDFGToLLVM::lower):
3381         * profiler/ProfilerDatabase.cpp:
3382         (JSC::Profiler::Database::Database):
3383         (JSC::Profiler::Database::addDatabaseToAtExit):
3384
3385 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
3386
3387         Web Inspector: Move InspectorRuntimeAgent into JavaScriptCore
3388         https://bugs.webkit.org/show_bug.cgi?id=127605
3389
3390         Reviewed by Timothy Hatcher.
3391
3392         * CMakeLists.txt:
3393         * GNUmakefile.list.am:
3394         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3395         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3396         * JavaScriptCore.xcodeproj/project.pbxproj:
3397         Add new files to the build.
3398
3399         * inspector/agents/InspectorRuntimeAgent.h: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.h.
3400         * inspector/agents/InspectorRuntimeAgent.cpp: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.cpp.
3401         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
3402         (Inspector::InspectorRuntimeAgent::parse):
3403         (Inspector::InspectorRuntimeAgent::evaluate):
3404         (Inspector::InspectorRuntimeAgent::callFunctionOn):
3405         (Inspector::InspectorRuntimeAgent::getProperties):
3406         - Move the agent into JavaScriptCore.
3407         - Modernize and cleanup.
3408         - Make globalVM a pure virtual function for subclasses to implement.
3409
3410         * inspector/agents/JSGlobalObjectRuntimeAgent.h: Added.
3411         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp: Added.
3412         (Inspector::JSGlobalObjectRuntimeAgent::JSGlobalObjectRuntimeAgent):
3413         (Inspector::JSGlobalObjectRuntimeAgent::didCreateFrontendAndBackend):
3414         (Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):
3415         (Inspector::JSGlobalObjectRuntimeAgent::globalVM):
3416         (Inspector::JSGlobalObjectRuntimeAgent::injectedScriptForEval):
3417         Straightforward JSGlobalObject implementation.
3418
3419         * inspector/JSGlobalObjectInspectorController.cpp:
3420         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
3421         Add a runtime agent when inspecting a JSContext!
3422
3423 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
3424
3425         Move JavaScriptCallFrame and ScriptDebugServer into JavaScriptCore for inspector
3426         https://bugs.webkit.org/show_bug.cgi?id=127543
3427
3428         Reviewed by Geoffrey Garen.
3429
3430         * CMakeLists.txt:
3431         * GNUmakefile.list.am:
3432         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3433         * JavaScriptCore.xcodeproj/project.pbxproj:
3434         Add new files.
3435
3436         * inspector/ScriptDebugListener.h:
3437         Extract WebCore knowledge from ScriptDebugServer. This will
3438         eventually be made to work outside of WebCore.
3439
3440         * inspector/ScriptDebugServer.h: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.h.
3441         * inspector/ScriptDebugServer.cpp: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.cpp.
3442         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
3443         (Inspector::ScriptDebugServer::dispatchDidPause):
3444         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
3445         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
3446         (Inspector::ScriptDebugServer::sourceParsed):
3447         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
3448         (Inspector::ScriptDebugServer::handlePause):
3449         Modernize code, and call the new ScriptDebugListener callbacks where appropriate.
3450
3451         * inspector/JSJavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp.
3452         (Inspector::JSJavaScriptCallFrame::JSJavaScriptCallFrame):
3453         (Inspector::JSJavaScriptCallFrame::finishCreation):
3454         (Inspector::JSJavaScriptCallFrame::createPrototype):
3455         (Inspector::JSJavaScriptCallFrame::destroy):
3456         (Inspector::JSJavaScriptCallFrame::releaseImpl):
3457         (Inspector::JSJavaScriptCallFrame::~JSJavaScriptCallFrame):
3458         (Inspector::JSJavaScriptCallFrame::evaluate):
3459         (Inspector::JSJavaScriptCallFrame::scopeType):
3460         (Inspector::JSJavaScriptCallFrame::caller):
3461         (Inspector::JSJavaScriptCallFrame::sourceID):
3462         (Inspector::JSJavaScriptCallFrame::line):
3463         (Inspector::JSJavaScriptCallFrame::column):
3464         (Inspector::JSJavaScriptCallFrame::functionName):
3465         (Inspector::JSJavaScriptCallFrame::scopeChain):
3466         (Inspector::JSJavaScriptCallFrame::thisObject):
3467         (Inspector::JSJavaScriptCallFrame::type):
3468         (Inspector::toJS):
3469         (Inspector::toJSJavaScriptCallFrame):
3470         * inspector/JSJavaScriptCallFrame.h: Added.
3471         (Inspector::JSJavaScriptCallFrame::createStructure):
3472         (Inspector::JSJavaScriptCallFrame::create):
3473         (Inspector::JSJavaScriptCallFrame::impl):
3474         * inspector/JSJavaScriptCallFramePrototype.cpp: Added.