Remove even more Mountain Lion support
[WebKit.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-31  Sam Weinig  <sam@webkit.org>
2
3         Remove even more Mountain Lion support
4         https://bugs.webkit.org/show_bug.cgi?id=141124
5
6         Reviewed by Alexey Proskuryakov.
7
8         * API/tests/DateTests.mm:
9         * Configurations/Base.xcconfig:
10         * Configurations/DebugRelease.xcconfig:
11         * Configurations/FeatureDefines.xcconfig:
12         * Configurations/Version.xcconfig:
13         * jit/ExecutableAllocatorFixedVMPool.cpp:
14
15 2015-01-31  Commit Queue  <commit-queue@webkit.org>
16
17         Unreviewed, rolling out r179426.
18         https://bugs.webkit.org/show_bug.cgi?id=141119
19
20         "caused a memory use regression" (Requested by Guest45 on
21         #webkit).
22
23         Reverted changeset:
24
25         "Use FastMalloc (bmalloc) instead of BlockAllocator for GC
26         pages"
27         https://bugs.webkit.org/show_bug.cgi?id=140900
28         http://trac.webkit.org/changeset/179426
29
30 2015-01-30  Daniel Bates  <dabates@apple.com>
31
32         Clean up: Remove unnecessary <dispatch/dispatch.h> header from RemoteInspectorDebuggableConnection.h
33         https://bugs.webkit.org/show_bug.cgi?id=141067
34
35         Reviewed by Timothy Hatcher.
36
37         Remove the header <dispatch/dispatch.h> from RemoteInspectorDebuggableConnection.h as we
38         do not make use of its functionality. Instead, include this header in RemoteInspectorDebuggableConnection.mm
39         and RemoteInspector.mm. The latter depended on <dispatch/dispatch.h> being included via
40         header RemoteInspectorDebuggableConnection.h.
41
42         * inspector/remote/RemoteInspector.mm: Include header <dispatch/dispatch.h>.
43         * inspector/remote/RemoteInspectorDebuggableConnection.h: Remove header <dispatch/dispatch.h>.
44         * inspector/remote/RemoteInspectorDebuggableConnection.mm: Include header <dispatch/dispatch.h>.
45
46 2015-01-30  Yusuke Suzuki  <utatane.tea@gmail.com>
47
48         Implement ES6 Symbol
49         https://bugs.webkit.org/show_bug.cgi?id=140435
50
51         Reviewed by Geoffrey Garen.
52
53         This patch implements ES6 Symbol. In this patch, we don't support
54         Symbol.keyFor, Symbol.for, Object.getOwnPropertySymbols. They will be
55         supported in the subsequent patches.
56
57         Since ES6 Symbol is introduced as new primitive value, we implement
58         Symbol as a derived class from JSCell. And now JSValue accepts Symbol*
59         as a new primitive value.
60
61         Symbol has a *unique* flagged StringImpl* as an `uid`. Which pointer
62         value represents the Symbol's identity. So don't compare Symbol's
63         JSCell pointer value for comparison.
64         This enables re-producing Symbol primitive value from StringImpl* uid
65         by executing`Symbol::create(vm, uid)`. This is needed to produce
66         Symbol primitive values from stored StringImpl* in `Object.getOwnPropertySymbols`.
67
68         And Symbol.[[Description]] is folded into the string value of Symbol's uid.
69         By doing so, we can represent ES6 Symbol without extending current PropertyTable key; StringImpl*.
70
71         * CMakeLists.txt:
72         * DerivedSources.make:
73         * JavaScriptCore.order:
74         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
75         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
76         * JavaScriptCore.xcodeproj/project.pbxproj:
77         * builtins/BuiltinExecutables.cpp:
78         (JSC::BuiltinExecutables::createBuiltinExecutable):
79         * builtins/BuiltinNames.h:
80         * dfg/DFGOperations.cpp:
81         (JSC::DFG::operationPutByValInternal):
82         * inspector/JSInjectedScriptHost.cpp:
83         (Inspector::JSInjectedScriptHost::subtype):
84         * interpreter/Interpreter.cpp:
85         * jit/JITOperations.cpp:
86         (JSC::getByVal):
87         * llint/LLIntData.cpp:
88         (JSC::LLInt::Data::performAssertions):
89         * llint/LLIntSlowPaths.cpp:
90         (JSC::LLInt::getByVal):
91         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
92         * llint/LowLevelInterpreter.asm:
93         * runtime/CommonIdentifiers.h:
94         * runtime/CommonSlowPaths.cpp:
95         (JSC::SLOW_PATH_DECL):
96         * runtime/CommonSlowPaths.h:
97         (JSC::CommonSlowPaths::opIn):
98         * runtime/ExceptionHelpers.cpp:
99         (JSC::createUndefinedVariableError):
100         * runtime/JSCJSValue.cpp:
101         (JSC::JSValue::synthesizePrototype):
102         (JSC::JSValue::dumpInContextAssumingStructure):
103         (JSC::JSValue::toStringSlowCase):
104         * runtime/JSCJSValue.h:
105         * runtime/JSCJSValueInlines.h:
106         (JSC::JSValue::isSymbol):
107         (JSC::JSValue::isPrimitive):
108         (JSC::JSValue::toPropertyKey):
109
110         It represents ToPropertyKey abstract operation in the ES6 spec.
111         It cleans up the old implementation's `isName` checks.
112         And to prevent performance regressions in
113             js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int.html
114             js/regress/fold-get-by-id-to-multi-get-by-offset.html
115         we annnotate this function as ALWAYS_INLINE.
116
117         (JSC::JSValue::getPropertySlot):
118         (JSC::JSValue::get):
119         (JSC::JSValue::equalSlowCaseInline):
120         (JSC::JSValue::strictEqualSlowCaseInline):
121         * runtime/JSCell.cpp:
122         (JSC::JSCell::put):
123         (JSC::JSCell::putByIndex):
124         (JSC::JSCell::toPrimitive):
125         (JSC::JSCell::getPrimitiveNumber):
126         (JSC::JSCell::toNumber):
127         (JSC::JSCell::toObject):
128         * runtime/JSCell.h:
129         * runtime/JSCellInlines.h:
130         (JSC::JSCell::isSymbol):
131         (JSC::JSCell::toBoolean):
132         (JSC::JSCell::pureToBoolean):
133         * runtime/JSGlobalObject.cpp:
134         (JSC::JSGlobalObject::init):
135         (JSC::JSGlobalObject::visitChildren):
136         * runtime/JSGlobalObject.h:
137         (JSC::JSGlobalObject::symbolPrototype):
138         (JSC::JSGlobalObject::symbolObjectStructure):
139         * runtime/JSONObject.cpp:
140         (JSC::Stringifier::Stringifier):
141         * runtime/JSSymbolTableObject.cpp:
142         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
143         * runtime/JSType.h:
144         * runtime/JSTypeInfo.h:
145         (JSC::TypeInfo::isName): Deleted.
146         * runtime/MapData.cpp:
147         (JSC::MapData::find):
148         (JSC::MapData::add):
149         (JSC::MapData::remove):
150         (JSC::MapData::replaceAndPackBackingStore):
151         * runtime/MapData.h:
152         (JSC::MapData::clear):
153         * runtime/NameInstance.h: Removed.
154         * runtime/NamePrototype.cpp: Removed.
155         * runtime/ObjectConstructor.cpp:
156         (JSC::objectConstructorGetOwnPropertyDescriptor):
157         (JSC::objectConstructorDefineProperty):
158         * runtime/ObjectPrototype.cpp:
159         (JSC::objectProtoFuncHasOwnProperty):
160         (JSC::objectProtoFuncDefineGetter):
161         (JSC::objectProtoFuncDefineSetter):
162         (JSC::objectProtoFuncLookupGetter):
163         (JSC::objectProtoFuncLookupSetter):
164         (JSC::objectProtoFuncPropertyIsEnumerable):
165         * runtime/Operations.cpp:
166         (JSC::jsTypeStringForValue):
167         (JSC::jsIsObjectType):
168         * runtime/PrivateName.h:
169         (JSC::PrivateName::PrivateName):
170         (JSC::PrivateName::operator==):
171         (JSC::PrivateName::operator!=):
172         * runtime/PropertyMapHashTable.h:
173         (JSC::PropertyTable::find):
174         (JSC::PropertyTable::get):
175         * runtime/PropertyName.h:
176         (JSC::PropertyName::PropertyName):
177         (JSC::PropertyName::publicName):
178         * runtime/SmallStrings.h:
179         * runtime/StringConstructor.cpp:
180         (JSC::callStringConstructor):
181
182         In ES6, String constructor accepts Symbol to execute `String(symbol)`.
183
184         * runtime/Structure.cpp:
185         (JSC::Structure::getPropertyNamesFromStructure):
186         * runtime/StructureInlines.h:
187         (JSC::Structure::prototypeForLookup):
188         * runtime/Symbol.cpp: Added.
189         (JSC::Symbol::Symbol):
190         (JSC::SymbolObject::create):
191         (JSC::Symbol::toPrimitive):
192         (JSC::Symbol::toBoolean):
193         (JSC::Symbol::getPrimitiveNumber):
194         (JSC::Symbol::toObject):
195         (JSC::Symbol::toNumber):
196         (JSC::Symbol::destroy):
197         (JSC::Symbol::descriptiveString):
198         * runtime/Symbol.h: Added.
199         (JSC::Symbol::createStructure):
200         (JSC::Symbol::create):
201         (JSC::Symbol::privateName):
202         (JSC::Symbol::finishCreation):
203         (JSC::asSymbol):
204         * runtime/SymbolConstructor.cpp: Renamed from Source/JavaScriptCore/runtime/NameConstructor.cpp.
205         (JSC::SymbolConstructor::SymbolConstructor):
206         (JSC::SymbolConstructor::finishCreation):
207         (JSC::callSymbol):
208         (JSC::SymbolConstructor::getConstructData):
209         (JSC::SymbolConstructor::getCallData):
210         * runtime/SymbolConstructor.h: Renamed from Source/JavaScriptCore/runtime/NameConstructor.h.
211         (JSC::SymbolConstructor::create):
212         (JSC::SymbolConstructor::createStructure):
213         * runtime/SymbolObject.cpp: Renamed from Source/JavaScriptCore/runtime/NameInstance.cpp.
214         (JSC::SymbolObject::SymbolObject):
215         (JSC::SymbolObject::finishCreation):
216         (JSC::SymbolObject::defaultValue):
217
218         Now JSC doesn't support @@toPrimitive. So instead of it, we implement
219         Symbol.prototype[@@toPrimitive] as ES5 Symbol.[[DefaultValue]].
220
221         * runtime/SymbolObject.h: Added.
222         (JSC::SymbolObject::create):
223         (JSC::SymbolObject::internalValue):
224         (JSC::SymbolObject::createStructure):
225         * runtime/SymbolPrototype.cpp: Added.
226         (JSC::SymbolPrototype::SymbolPrototype):
227         (JSC::SymbolPrototype::finishCreation):
228         (JSC::SymbolPrototype::getOwnPropertySlot):
229         (JSC::symbolProtoFuncToString):
230         (JSC::symbolProtoFuncValueOf):
231         * runtime/SymbolPrototype.h: Renamed from Source/JavaScriptCore/runtime/NamePrototype.h.
232         (JSC::SymbolPrototype::create):
233         (JSC::SymbolPrototype::createStructure):
234
235         SymbolPrototype object is ordinary JS object. Not wrapper object of Symbol.
236         It is tested in js/symbol-prototype-is-ordinary-object.html.
237
238         * runtime/VM.cpp:
239         (JSC::VM::VM):
240         * runtime/VM.h:
241
242 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
243
244         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
245         https://bugs.webkit.org/show_bug.cgi?id=140900
246
247         Reviewed by Mark Hahnenberg.
248
249         Re-landing just the HandleBlock piece of this patch.
250
251         * heap/HandleBlock.h:
252         * heap/HandleBlockInlines.h:
253         (JSC::HandleBlock::create):
254         (JSC::HandleBlock::destroy):
255         (JSC::HandleBlock::HandleBlock):
256         (JSC::HandleBlock::payloadEnd):
257         * heap/HandleSet.cpp:
258         (JSC::HandleSet::~HandleSet):
259         (JSC::HandleSet::grow):
260
261 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
262
263         GC marking threads should clear malloc caches
264         https://bugs.webkit.org/show_bug.cgi?id=141097
265
266         Reviewed by Sam Weinig.
267
268         Follow-up based on Mark Hahnenberg's review: Release after the copy
269         phase, rather than after any phase, since we'd rather not release
270         between marking and copying.
271
272         * heap/GCThread.cpp:
273         (JSC::GCThread::waitForNextPhase):
274         (JSC::GCThread::gcThreadMain):
275
276 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
277
278         GC marking threads should clear malloc caches
279         https://bugs.webkit.org/show_bug.cgi?id=141097
280
281         Reviewed by Andreas Kling.
282
283         This is an attempt to ameliorate a potential memory use regression
284         caused by https://bugs.webkit.org/show_bug.cgi?id=140900
285         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages.
286
287         FastMalloc may accumulate a per-thread cache on each of the 8-ish
288         GC marking threads, which can be expensive.
289
290         * heap/GCThread.cpp:
291         (JSC::GCThread::waitForNextPhase): Scavenge the current thread before
292         going to sleep. There's probably not too much value to keeping our
293         per-thread cache between GCs, and it has some memory footprint.
294
295 2015-01-30  Chris Dumez  <cdumez@apple.com>
296
297         Rename shared() static member functions to singleton() for singleton classes.
298         https://bugs.webkit.org/show_bug.cgi?id=141088
299
300         Reviewed by Ryosuke Niwa and Benjamin Poulain.
301
302         Rename shared() static member functions to singleton() for singleton
303         classes as per the recent coding style change.
304
305         * inspector/remote/RemoteInspector.h:
306         * inspector/remote/RemoteInspector.mm:
307         (Inspector::RemoteInspector::singleton):
308         (Inspector::RemoteInspector::start):
309         (Inspector::RemoteInspector::shared): Deleted.
310         * inspector/remote/RemoteInspectorDebuggable.cpp:
311         (Inspector::RemoteInspectorDebuggable::~RemoteInspectorDebuggable):
312         (Inspector::RemoteInspectorDebuggable::init):
313         (Inspector::RemoteInspectorDebuggable::update):
314         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
315         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
316         (Inspector::RemoteInspectorDebuggable::unpauseForInitializedInspector):
317         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
318         (Inspector::RemoteInspectorDebuggableConnection::setup):
319         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToFrontend):
320
321 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
322
323         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
324         https://bugs.webkit.org/show_bug.cgi?id=140900
325
326         Reviewed by Mark Hahnenberg.
327
328         Re-landing just the CopyWorkListSegment piece of this patch.
329
330         * heap/CopiedBlockInlines.h:
331         (JSC::CopiedBlock::reportLiveBytes):
332         * heap/CopyWorkList.h:
333         (JSC::CopyWorkListSegment::create):
334         (JSC::CopyWorkListSegment::destroy):
335         (JSC::CopyWorkListSegment::CopyWorkListSegment):
336         (JSC::CopyWorkList::CopyWorkList):
337         (JSC::CopyWorkList::~CopyWorkList):
338         (JSC::CopyWorkList::append):
339
340 2015-01-29  Commit Queue  <commit-queue@webkit.org>
341
342         Unreviewed, rolling out r179357 and r179358.
343         https://bugs.webkit.org/show_bug.cgi?id=141062
344
345         Suspect this caused WebGL tests to start flaking (Requested by
346         kling on #webkit).
347
348         Reverted changesets:
349
350         "Polymorphic call inlining should be based on polymorphic call
351         inline caching rather than logging"
352         https://bugs.webkit.org/show_bug.cgi?id=140660
353         http://trac.webkit.org/changeset/179357
354
355         "Unreviewed, fix no-JIT build."
356         http://trac.webkit.org/changeset/179358
357
358 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
359
360         Removed op_ret_object_or_this
361         https://bugs.webkit.org/show_bug.cgi?id=141048
362
363         Reviewed by Michael Saboff.
364
365         op_ret_object_or_this was one opcode that would keep us out of the
366         optimizing compilers.
367
368         We don't need a special-purpose opcode; we can just use a branch.
369
370         * bytecode/BytecodeBasicBlock.cpp:
371         (JSC::isTerminal): Removed.
372         * bytecode/BytecodeList.json:
373         * bytecode/BytecodeUseDef.h:
374         (JSC::computeUsesForBytecodeOffset):
375         (JSC::computeDefsForBytecodeOffset): Removed.
376
377         * bytecode/CodeBlock.cpp:
378         (JSC::CodeBlock::dumpBytecode): Removed.
379
380         * bytecompiler/BytecodeGenerator.cpp:
381         (JSC::BytecodeGenerator::emitReturn): Use an explicit branch to determine
382         if we need to substitute 'this' for the return value. Our engine no longer
383         benefits from fused opcodes that dispatch less in the interpreter.
384
385         * jit/JIT.cpp:
386         (JSC::JIT::privateCompileMainPass):
387         * jit/JIT.h:
388         * jit/JITCall32_64.cpp:
389         (JSC::JIT::emit_op_ret_object_or_this): Deleted.
390         * jit/JITOpcodes.cpp:
391         (JSC::JIT::emit_op_ret_object_or_this): Deleted.
392         * llint/LowLevelInterpreter32_64.asm:
393         * llint/LowLevelInterpreter64.asm: Removed.
394
395 2015-01-29  Ryosuke Niwa  <rniwa@webkit.org>
396
397         Implement ES6 class syntax without inheritance support
398         https://bugs.webkit.org/show_bug.cgi?id=140918
399
400         Reviewed by Geoffrey Garen.
401
402         Added the most basic support for ES6 class syntax. After this patch, we support basic class definition like:
403         class A {
404             constructor() { }
405             someMethod() { }
406         }
407
408         We'll add the support for "extends" keyword and automatically generating a constructor in follow up patches.
409         We also don't support block scoping of a class declaration.
410
411         We support both class declaration and class expression. A class expression is implemented by the newly added
412         ClassExprNode AST node. A class declaration is implemented by ClassDeclNode, which is a thin wrapper around
413         AssignResolveNode.
414
415         Tests: js/class-syntax-declaration.html
416                js/class-syntax-expression.html
417
418         * bytecompiler/NodesCodegen.cpp:
419         (JSC::ObjectLiteralNode::emitBytecode): Create a new object instead of delegating the work to PropertyListNode.
420         Also fixed the 5-space indentation.
421         (JSC::PropertyListNode::emitBytecode): Don't create a new object now that ObjectLiteralNode does this.
422         (JSC::ClassDeclNode::emitBytecode): Added. Just let the AssignResolveNode node emit the byte code.
423         (JSC::ClassExprNode::emitBytecode): Create the class constructor and add static methods to the constructor by
424         emitting the byte code for PropertyListNode. Add instance methods to the class's prototype object the same way.
425
426         * parser/ASTBuilder.h:
427         (JSC::ASTBuilder::createClassExpr): Added. Creates a ClassExprNode.
428         (JSC::ASTBuilder::createClassDeclStatement): Added. Creates a AssignResolveNode and wraps it by a ClassDeclNode.
429
430         * parser/NodeConstructors.h:
431         (JSC::ClassDeclNode::ClassDeclNode): Added.
432         (JSC::ClassExprNode::ClassExprNode): Added.
433
434         * parser/Nodes.h:
435         (JSC::ClassExprNode): Added.
436         (JSC::ClassDeclNode): Added.
437
438         * parser/Parser.cpp:
439         (JSC::Parser<LexerType>::parseStatement): Added the support for class declaration.
440         (JSC::stringForFunctionMode): Return "method" for MethodMode.
441         (JSC::Parser<LexerType>::parseClassDeclaration): Added. Uses parseClass to create a class expression and wraps
442         it with ClassDeclNode as described above.
443         (JSC::Parser<LexerType>::parseClass): Parses a class expression.
444         (JSC::Parser<LexerType>::parseProperty):
445         (JSC::Parser<LexerType>::parseGetterSetter): Extracted from parseProperty to share the code between parseProperty
446         and parseClass.
447         (JSC::Parser<LexerType>::parsePrimaryExpression): Added the support for class expression.
448
449         * parser/Parser.h:
450         (FunctionParseMode): Added MethodMode.
451
452         * parser/SyntaxChecker.h:
453         (JSC::SyntaxChecker::createClassExpr): Added.
454         (JSC::SyntaxChecker::createClassDeclStatement): Added.
455
456 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
457
458         Try to fix the Windows build.
459
460         Not reviewed.
461
462         * heap/WeakBlock.h: Use the fully qualified name when declaring our friend.
463
464 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
465
466         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
467         https://bugs.webkit.org/show_bug.cgi?id=140900
468
469         Reviewed by Mark Hahnenberg.
470
471         Re-landing just the WeakBlock piece of this patch.
472
473         * heap/WeakBlock.cpp:
474         (JSC::WeakBlock::create):
475         (JSC::WeakBlock::destroy):
476         (JSC::WeakBlock::WeakBlock):
477         * heap/WeakBlock.h:
478         * heap/WeakSet.cpp:
479         (JSC::WeakSet::~WeakSet):
480         (JSC::WeakSet::addAllocator):
481         (JSC::WeakSet::removeAllocator):
482
483 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
484
485         Use Vector instead of GCSegmentedArray in CodeBlockSet
486         https://bugs.webkit.org/show_bug.cgi?id=141044
487
488         Reviewed by Ryosuke Niwa.
489
490         This is allowed now that we've gotten rid of fastMallocForbid.
491
492         4kB was a bit overkill for just storing a few pointers.
493
494         * heap/CodeBlockSet.cpp:
495         (JSC::CodeBlockSet::CodeBlockSet):
496         * heap/CodeBlockSet.h:
497         * heap/Heap.cpp:
498         (JSC::Heap::Heap):
499
500 2015-01-29  Filip Pizlo  <fpizlo@apple.com>
501
502         Unreviewed, fix no-JIT build.
503
504         * jit/PolymorphicCallStubRoutine.cpp:
505
506 2015-01-28  Filip Pizlo  <fpizlo@apple.com>
507
508         Polymorphic call inlining should be based on polymorphic call inline caching rather than logging
509         https://bugs.webkit.org/show_bug.cgi?id=140660
510
511         Reviewed by Geoffrey Garen.
512         
513         When we first implemented polymorphic call inlining, we did the profiling based on a call
514         edge log. The idea was to store each call edge (a tuple of call site and callee) into a
515         global log that was processed lazily. Processing the log would give precise counts of call
516         edges, and could be used to drive well-informed inlining decisions - polymorphic or not.
517         This was a speed-up on throughput tests but a slow-down for latency tests. It was a net win
518         nonetheless.
519         
520         Experience with this code shows three things. First, the call edge profiler is buggy and
521         complex. It would take work to fix the bugs. Second, the call edge profiler incurs lots of
522         overhead for latency code that we care deeply about. Third, it's not at all clear that
523         having call edge counts for every possible callee is any better than just having call edge
524         counts for the limited number of callees that an inline cache would catch.
525         
526         So, this patch removes the call edge profiler and replaces it with a polymorphic call inline
527         cache. If we miss the basic call inline cache, we inflate the cache to be a jump to an
528         out-of-line stub that cases on the previously known callees. If that misses again, then we
529         rewrite that stub to include the new callee. We do this up to some number of callees. If we
530         hit the limit then we switch to using a plain virtual call.
531         
532         Substantial speed-up on V8Spider; undoes the slow-down that the original call edge profiler
533         caused. Might be a SunSpider speed-up (below 1%), depending on hardware.
534
535         * CMakeLists.txt:
536         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
537         * JavaScriptCore.xcodeproj/project.pbxproj:
538         * bytecode/CallEdge.h:
539         (JSC::CallEdge::count):
540         (JSC::CallEdge::CallEdge):
541         * bytecode/CallEdgeProfile.cpp: Removed.
542         * bytecode/CallEdgeProfile.h: Removed.
543         * bytecode/CallEdgeProfileInlines.h: Removed.
544         * bytecode/CallLinkInfo.cpp:
545         (JSC::CallLinkInfo::unlink):
546         (JSC::CallLinkInfo::visitWeak):
547         * bytecode/CallLinkInfo.h:
548         * bytecode/CallLinkStatus.cpp:
549         (JSC::CallLinkStatus::CallLinkStatus):
550         (JSC::CallLinkStatus::computeFor):
551         (JSC::CallLinkStatus::computeFromCallLinkInfo):
552         (JSC::CallLinkStatus::isClosureCall):
553         (JSC::CallLinkStatus::makeClosureCall):
554         (JSC::CallLinkStatus::dump):
555         (JSC::CallLinkStatus::computeFromCallEdgeProfile): Deleted.
556         * bytecode/CallLinkStatus.h:
557         (JSC::CallLinkStatus::CallLinkStatus):
558         (JSC::CallLinkStatus::isSet):
559         (JSC::CallLinkStatus::variants):
560         (JSC::CallLinkStatus::size):
561         (JSC::CallLinkStatus::at):
562         (JSC::CallLinkStatus::operator[]):
563         (JSC::CallLinkStatus::canOptimize):
564         (JSC::CallLinkStatus::edges): Deleted.
565         (JSC::CallLinkStatus::canTrustCounts): Deleted.
566         * bytecode/CallVariant.cpp:
567         (JSC::variantListWithVariant):
568         (JSC::despecifiedVariantList):
569         * bytecode/CallVariant.h:
570         * bytecode/CodeBlock.cpp:
571         (JSC::CodeBlock::~CodeBlock):
572         (JSC::CodeBlock::linkIncomingPolymorphicCall):
573         (JSC::CodeBlock::unlinkIncomingCalls):
574         (JSC::CodeBlock::noticeIncomingCall):
575         * bytecode/CodeBlock.h:
576         (JSC::CodeBlock::isIncomingCallAlreadyLinked): Deleted.
577         * dfg/DFGAbstractInterpreterInlines.h:
578         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
579         * dfg/DFGByteCodeParser.cpp:
580         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
581         (JSC::DFG::ByteCodeParser::handleCall):
582         (JSC::DFG::ByteCodeParser::handleInlining):
583         * dfg/DFGClobberize.h:
584         (JSC::DFG::clobberize):
585         * dfg/DFGConstantFoldingPhase.cpp:
586         (JSC::DFG::ConstantFoldingPhase::foldConstants):
587         * dfg/DFGDoesGC.cpp:
588         (JSC::DFG::doesGC):
589         * dfg/DFGDriver.cpp:
590         (JSC::DFG::compileImpl):
591         * dfg/DFGFixupPhase.cpp:
592         (JSC::DFG::FixupPhase::fixupNode):
593         * dfg/DFGNode.h:
594         (JSC::DFG::Node::hasHeapPrediction):
595         * dfg/DFGNodeType.h:
596         * dfg/DFGOperations.cpp:
597         * dfg/DFGPredictionPropagationPhase.cpp:
598         (JSC::DFG::PredictionPropagationPhase::propagate):
599         * dfg/DFGSafeToExecute.h:
600         (JSC::DFG::safeToExecute):
601         * dfg/DFGSpeculativeJIT32_64.cpp:
602         (JSC::DFG::SpeculativeJIT::emitCall):
603         (JSC::DFG::SpeculativeJIT::compile):
604         * dfg/DFGSpeculativeJIT64.cpp:
605         (JSC::DFG::SpeculativeJIT::emitCall):
606         (JSC::DFG::SpeculativeJIT::compile):
607         * dfg/DFGTierUpCheckInjectionPhase.cpp:
608         (JSC::DFG::TierUpCheckInjectionPhase::run):
609         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling): Deleted.
610         * ftl/FTLCapabilities.cpp:
611         (JSC::FTL::canCompile):
612         * heap/Heap.cpp:
613         (JSC::Heap::collect):
614         * jit/BinarySwitch.h:
615         * jit/ClosureCallStubRoutine.cpp: Removed.
616         * jit/ClosureCallStubRoutine.h: Removed.
617         * jit/JITCall.cpp:
618         (JSC::JIT::compileOpCall):
619         * jit/JITCall32_64.cpp:
620         (JSC::JIT::compileOpCall):
621         * jit/JITOperations.cpp:
622         * jit/JITOperations.h:
623         (JSC::operationLinkPolymorphicCallFor):
624         (JSC::operationLinkClosureCallFor): Deleted.
625         * jit/JITStubRoutine.h:
626         * jit/JITWriteBarrier.h:
627         * jit/PolymorphicCallStubRoutine.cpp: Added.
628         (JSC::PolymorphicCallNode::~PolymorphicCallNode):
629         (JSC::PolymorphicCallNode::unlink):
630         (JSC::PolymorphicCallCase::dump):
631         (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
632         (JSC::PolymorphicCallStubRoutine::~PolymorphicCallStubRoutine):
633         (JSC::PolymorphicCallStubRoutine::variants):
634         (JSC::PolymorphicCallStubRoutine::edges):
635         (JSC::PolymorphicCallStubRoutine::visitWeak):
636         (JSC::PolymorphicCallStubRoutine::markRequiredObjectsInternal):
637         * jit/PolymorphicCallStubRoutine.h: Added.
638         (JSC::PolymorphicCallNode::PolymorphicCallNode):
639         (JSC::PolymorphicCallCase::PolymorphicCallCase):
640         (JSC::PolymorphicCallCase::variant):
641         (JSC::PolymorphicCallCase::codeBlock):
642         * jit/Repatch.cpp:
643         (JSC::linkSlowFor):
644         (JSC::linkFor):
645         (JSC::revertCall):
646         (JSC::unlinkFor):
647         (JSC::linkVirtualFor):
648         (JSC::linkPolymorphicCall):
649         (JSC::linkClosureCall): Deleted.
650         * jit/Repatch.h:
651         * jit/ThunkGenerators.cpp:
652         (JSC::linkPolymorphicCallForThunkGenerator):
653         (JSC::linkPolymorphicCallThunkGenerator):
654         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator):
655         (JSC::linkClosureCallForThunkGenerator): Deleted.
656         (JSC::linkClosureCallThunkGenerator): Deleted.
657         (JSC::linkClosureCallThatPreservesRegsThunkGenerator): Deleted.
658         * jit/ThunkGenerators.h:
659         (JSC::linkPolymorphicCallThunkGeneratorFor):
660         (JSC::linkClosureCallThunkGeneratorFor): Deleted.
661         * llint/LLIntSlowPaths.cpp:
662         (JSC::LLInt::jitCompileAndSetHeuristics):
663         * runtime/Options.h:
664         * runtime/VM.cpp:
665         (JSC::VM::prepareToDiscardCode):
666         (JSC::VM::ensureCallEdgeLog): Deleted.
667         * runtime/VM.h:
668
669 2015-01-29  Joseph Pecoraro  <pecoraro@apple.com>
670
671         Web Inspector: ES6: Improved Console Format for Set and Map Objects (like Arrays)
672         https://bugs.webkit.org/show_bug.cgi?id=122867
673
674         Reviewed by Timothy Hatcher.
675
676         Add new Runtime.RemoteObject object subtypes for "map", "set", and "weakmap".
677
678         Upgrade Runtime.ObjectPreview to include type/subtype information. Now,
679         an ObjectPreview can be used for any value, in place of a RemoteObject,
680         and not capture / hold a reference to the value. The value will be in
681         the string description.
682
683         Adding this information to ObjectPreview can duplicate some information
684         in the protocol messages if a preview is provided, but simplifies
685         previews, so that all the information you need for any RemoteObject
686         preview is available. To slim messages further, make "overflow" and
687         "properties" only available on previews that may contain properties.
688         So, not primitives or null.
689
690         Finally, for "Map/Set/WeakMap" add an "entries" list to the preview
691         that will return previews with "key" and "value" properties depending
692         on the collection type. To get live, non-preview objects from a
693         collection, use Runtime.getCollectionEntries.
694
695         In order to keep the WeakMap's values Weak the frontend may provide
696         a unique object group name when getting collection entries. It may
697         then release that object group, e.g. when not showing the WeakMap's
698         values to the user, and thus remove the strong reference to the keys
699         so they may be garbage collected.
700
701         * runtime/WeakMapData.h:
702         (JSC::WeakMapData::begin):
703         (JSC::WeakMapData::end):
704         Expose iterators so the Inspector may access WeakMap keys/values.
705
706         * inspector/JSInjectedScriptHostPrototype.cpp:
707         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
708         (Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapEntries):
709         * inspector/JSInjectedScriptHost.h:
710         * inspector/JSInjectedScriptHost.cpp:
711         (Inspector::JSInjectedScriptHost::subtype):
712         Discern "map", "set", and "weakmap" object subtypes.
713
714         (Inspector::JSInjectedScriptHost::weakMapEntries):
715         Return a list of WeakMap entries. These are strong references
716         that the Inspector code is responsible for releasing.
717
718         * inspector/protocol/Runtime.json:
719         Update types and expose the new getCollectionEntries command.
720
721         * inspector/agents/InspectorRuntimeAgent.h:
722         * inspector/agents/InspectorRuntimeAgent.cpp:
723         (Inspector::InspectorRuntimeAgent::getCollectionEntries):
724         * inspector/InjectedScript.h:
725         * inspector/InjectedScript.cpp:
726         (Inspector::InjectedScript::getInternalProperties):
727         (Inspector::InjectedScript::getCollectionEntries):
728         Pass through to the InjectedScript and call getCollectionEntries.
729
730         * inspector/scripts/codegen/generator.py:
731         Add another type with runtime casting.
732
733         * inspector/InjectedScriptSource.js:
734         - Implement getCollectionEntries to get a range of values from a
735         collection. The non-Weak collections have an order to their keys (in
736         order of added) so range'd gets are okay. WeakMap does not have an
737         order, so only allow fetching a number of values.
738         - Update preview generation to address the Runtime.ObjectPreview
739         type changes.
740
741 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
742
743         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
744         https://bugs.webkit.org/show_bug.cgi?id=140900
745
746         Reviewed by Mark Hahnenberg.
747
748         Re-landing just the GCArraySegment piece of this patch.
749
750         * heap/CodeBlockSet.cpp:
751         (JSC::CodeBlockSet::CodeBlockSet):
752         * heap/CodeBlockSet.h:
753         * heap/GCSegmentedArray.h:
754         (JSC::GCArraySegment::GCArraySegment):
755         * heap/GCSegmentedArrayInlines.h:
756         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
757         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
758         (JSC::GCSegmentedArray<T>::clear):
759         (JSC::GCSegmentedArray<T>::expand):
760         (JSC::GCSegmentedArray<T>::refill):
761         (JSC::GCArraySegment<T>::create):
762         (JSC::GCArraySegment<T>::destroy):
763         * heap/GCThreadSharedData.cpp:
764         (JSC::GCThreadSharedData::GCThreadSharedData):
765         * heap/Heap.cpp:
766         (JSC::Heap::Heap):
767         * heap/MarkStack.cpp:
768         (JSC::MarkStackArray::MarkStackArray):
769         * heap/MarkStack.h:
770         * heap/SlotVisitor.cpp:
771         (JSC::SlotVisitor::SlotVisitor):
772
773 2015-01-29  Csaba Osztrogonác  <ossy@webkit.org>
774
775         Move HAVE_DTRACE definition back to Platform.h
776         https://bugs.webkit.org/show_bug.cgi?id=141033
777
778         Reviewed by Dan Bernstein.
779
780         * Configurations/Base.xcconfig:
781         * JavaScriptCore.xcodeproj/project.pbxproj:
782
783 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
784
785         Removed fastMallocForbid / fastMallocAllow
786         https://bugs.webkit.org/show_bug.cgi?id=141012
787
788         Reviewed by Mark Hahnenberg.
789
790         Copy non-current thread stacks before scanning them instead of scanning
791         them in-place.
792
793         This operation is uncommon (i.e., never in the web content process),
794         and even in a stress test with 4 threads it only copies about 27kB,
795         so I think the performance cost is OK.
796
797         Scanning in-place requires a complex dance where we constrain our GC
798         data structures not to use malloc, free, or any other interesting functions
799         that might acquire locks. We've gotten this wrong many times in the past,
800         and I just got it wrong again yesterday. Since this code path is rarely
801         tested, I want it to just make sense, and not depend on or constrain the
802         details of the rest of the GC heap's design.
803
804         * heap/MachineStackMarker.cpp:
805         (JSC::otherThreadStack): Factored out a helper function for dealing with
806         unaligned and/or backwards pointers.
807
808         (JSC::MachineThreads::tryCopyOtherThreadStack): This is now the only
809         constrained function, and it only calls memcpy and low-level thread APIs.
810
811         (JSC::MachineThreads::tryCopyOtherThreadStacks): The design here is that
812         you do one pass over all the threads to compute their combined size,
813         and then a second pass to do all the copying. In theory, the threads may
814         grow in between passes, in which case you'll continue until the threads
815         stop growing. In practice, you never continue.
816
817         (JSC::growBuffer): Helper function for growing.
818
819         (JSC::MachineThreads::gatherConservativeRoots):
820         (JSC::MachineThreads::gatherFromOtherThread): Deleted.
821         * heap/MachineStackMarker.h: Updated for interface changes.
822
823 2015-01-28  Brian J. Burg  <burg@cs.washington.edu>
824
825         Web Inspector: remove CSS.setPropertyText, CSS.toggleProperty and related dead code
826         https://bugs.webkit.org/show_bug.cgi?id=140961
827
828         Reviewed by Timothy Hatcher.
829
830         * inspector/protocol/CSS.json: Remove unused protocol methods.
831
832 2015-01-28  Dana Burkart  <dburkart@apple.com>
833
834         Move ASan flag settings from DebugRelease.xcconfig to Base.xcconfig
835         https://bugs.webkit.org/show_bug.cgi?id=136765
836
837         Reviewed by Alexey Proskuryakov.
838
839         * Configurations/Base.xcconfig:
840         * Configurations/DebugRelease.xcconfig:
841
842 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
843
844         ExitSiteData saying m_takesSlowPath shouldn't mean early returning takesSlowPath() since for the non-LLInt case we later set m_couldTakeSlowPath, which is more precise
845         https://bugs.webkit.org/show_bug.cgi?id=140980
846
847         Reviewed by Oliver Hunt.
848
849         * bytecode/CallLinkStatus.cpp:
850         (JSC::CallLinkStatus::computeFor):
851
852 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
853
854         Move DFGBinarySwitch out of the DFG so that all of the JITs can use it
855         https://bugs.webkit.org/show_bug.cgi?id=140959
856
857         Rubber stamped by Geoffrey Garen.
858         
859         I want to use this for polymorphic stubs for https://bugs.webkit.org/show_bug.cgi?id=140660.
860         This code no longer has DFG dependencies so this is a very clean move.
861
862         * CMakeLists.txt:
863         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
864         * JavaScriptCore.xcodeproj/project.pbxproj:
865         * dfg/DFGBinarySwitch.cpp: Removed.
866         * dfg/DFGBinarySwitch.h: Removed.
867         * dfg/DFGSpeculativeJIT.cpp:
868         * jit/BinarySwitch.cpp: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.cpp.
869         * jit/BinarySwitch.h: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.h.
870
871 2015-01-27  Commit Queue  <commit-queue@webkit.org>
872
873         Unreviewed, rolling out r179192.
874         https://bugs.webkit.org/show_bug.cgi?id=140953
875
876         Caused numerous layout test failures (Requested by mattbaker_
877         on #webkit).
878
879         Reverted changeset:
880
881         "Use FastMalloc (bmalloc) instead of BlockAllocator for GC
882         pages"
883         https://bugs.webkit.org/show_bug.cgi?id=140900
884         http://trac.webkit.org/changeset/179192
885
886 2015-01-27  Michael Saboff  <msaboff@apple.com>
887
888         REGRESSION(r178591): 20% regression in Octane box2d
889         https://bugs.webkit.org/show_bug.cgi?id=140948
890
891         Reviewed by Geoffrey Garen.
892
893         Added check that we have a lexical environment to the arguments is captured check.
894         It doesn't make sense to resolve "arguments" when it really isn't captured.
895
896         * bytecompiler/BytecodeGenerator.cpp:
897         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
898
899 2015-01-26  Geoffrey Garen  <ggaren@apple.com>
900
901         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
902         https://bugs.webkit.org/show_bug.cgi?id=140900
903
904         Reviewed by Mark Hahnenberg.
905
906         Removes some more custom allocation code.
907
908         Looks like a speedup. (See results attached to bugzilla.)
909
910         Will hopefully reduce memory use by improving sharing between the GC and
911         malloc heaps.
912
913         * API/JSBase.cpp:
914         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
915         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
916         * JavaScriptCore.xcodeproj/project.pbxproj: Feed the compiler.
917
918         * heap/BlockAllocator.cpp: Removed.
919         * heap/BlockAllocator.h: Removed. No need for a custom allocator anymore.
920
921         * heap/CodeBlockSet.cpp:
922         (JSC::CodeBlockSet::CodeBlockSet):
923         * heap/CodeBlockSet.h: Feed the compiler.
924
925         * heap/CopiedBlock.h:
926         (JSC::CopiedBlock::createNoZeroFill):
927         (JSC::CopiedBlock::create):
928         (JSC::CopiedBlock::CopiedBlock):
929         (JSC::CopiedBlock::isOversize):
930         (JSC::CopiedBlock::payloadEnd):
931         (JSC::CopiedBlock::capacity):
932         * heap/CopiedBlockInlines.h:
933         (JSC::CopiedBlock::reportLiveBytes): Each copied block now tracks its
934         own size, since we can't rely on Region to tell us our size anymore.
935
936         * heap/CopiedSpace.cpp:
937         (JSC::CopiedSpace::~CopiedSpace):
938         (JSC::CopiedSpace::tryAllocateOversize):
939         (JSC::CopiedSpace::tryReallocateOversize):
940         * heap/CopiedSpaceInlines.h:
941         (JSC::CopiedSpace::recycleEvacuatedBlock):
942         (JSC::CopiedSpace::recycleBorrowedBlock):
943         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
944         (JSC::CopiedSpace::allocateBlock):
945         (JSC::CopiedSpace::startedCopying): Deallocate blocks directly, rather
946         than pushing them onto the block allocator's free list; the block
947         allocator doesn't exist anymore.
948
949         * heap/CopyWorkList.h:
950         (JSC::CopyWorkListSegment::create):
951         (JSC::CopyWorkListSegment::CopyWorkListSegment):
952         (JSC::CopyWorkList::~CopyWorkList):
953         (JSC::CopyWorkList::append):
954         (JSC::CopyWorkList::CopyWorkList): Deleted.
955         * heap/GCSegmentedArray.h:
956         (JSC::GCArraySegment::GCArraySegment):
957         * heap/GCSegmentedArrayInlines.h:
958         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
959         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
960         (JSC::GCSegmentedArray<T>::clear):
961         (JSC::GCSegmentedArray<T>::expand):
962         (JSC::GCSegmentedArray<T>::refill):
963         (JSC::GCArraySegment<T>::create):
964         * heap/GCThreadSharedData.cpp:
965         (JSC::GCThreadSharedData::GCThreadSharedData):
966         * heap/GCThreadSharedData.h: Feed the compiler.
967
968         * heap/HandleBlock.h:
969         * heap/HandleBlockInlines.h:
970         (JSC::HandleBlock::create):
971         (JSC::HandleBlock::HandleBlock):
972         (JSC::HandleBlock::payloadEnd):
973         * heap/HandleSet.cpp:
974         (JSC::HandleSet::~HandleSet):
975         (JSC::HandleSet::grow): Same as above.
976
977         * heap/Heap.cpp:
978         (JSC::Heap::Heap):
979         * heap/Heap.h: Removed the block allocator since it is unused now.
980
981         * heap/HeapBlock.h:
982         (JSC::HeapBlock::destroy):
983         (JSC::HeapBlock::HeapBlock):
984         (JSC::HeapBlock::region): Deleted. Removed the Region pointer from each
985         HeapBlock since a HeapBlock is just a normal allocation now.
986
987         * heap/HeapInlines.h:
988         (JSC::Heap::blockAllocator): Deleted.
989
990         * heap/HeapTimer.cpp:
991         * heap/MarkStack.cpp:
992         (JSC::MarkStackArray::MarkStackArray):
993         * heap/MarkStack.h: Feed the compiler.
994
995         * heap/MarkedAllocator.cpp:
996         (JSC::MarkedAllocator::allocateBlock): No need to use a custom code path
997         based on size, since we use a general purpose allocator now.
998
999         * heap/MarkedBlock.cpp:
1000         (JSC::MarkedBlock::create):
1001         (JSC::MarkedBlock::destroy):
1002         (JSC::MarkedBlock::MarkedBlock):
1003         * heap/MarkedBlock.h:
1004         (JSC::MarkedBlock::capacity): Track block size explicitly, like CopiedBlock.
1005
1006         * heap/MarkedSpace.cpp:
1007         (JSC::MarkedSpace::freeBlock):
1008         * heap/MarkedSpace.h:
1009
1010         * heap/Region.h: Removed.
1011
1012         * heap/SlotVisitor.cpp:
1013         (JSC::SlotVisitor::SlotVisitor): Removed reference to block allocator.
1014
1015         * heap/SuperRegion.cpp: Removed.
1016         * heap/SuperRegion.h: Removed.
1017
1018         * heap/WeakBlock.cpp:
1019         (JSC::WeakBlock::create):
1020         (JSC::WeakBlock::WeakBlock):
1021         * heap/WeakBlock.h:
1022         * heap/WeakSet.cpp:
1023         (JSC::WeakSet::~WeakSet):
1024         (JSC::WeakSet::addAllocator):
1025         (JSC::WeakSet::removeAllocator): Removed reference to block allocator.
1026
1027 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
1028
1029         [ARM] Typo fix after r176083
1030         https://bugs.webkit.org/show_bug.cgi?id=140937
1031
1032         Reviewed by Anders Carlsson.
1033
1034         * assembler/ARMv7Assembler.h:
1035         (JSC::ARMv7Assembler::ldrh):
1036
1037 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
1038
1039         [Win] Unreviewed gardening, skip failing tests.
1040
1041         * tests/exceptionFuzz.yaml: Skip exception fuzz tests due to bug140928.
1042         * tests/mozilla/mozilla-tests.yaml: Skip ecma/Date/15.9.5.28-1.js due to bug140927.
1043
1044 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
1045
1046         [Win] Enable JSC stress tests by default
1047         https://bugs.webkit.org/show_bug.cgi?id=128307
1048
1049         Unreviewed typo fix after r179165.
1050
1051         * tests/mozilla/mozilla-tests.yaml:
1052
1053 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
1054
1055         [Win] Enable JSC stress tests by default
1056         https://bugs.webkit.org/show_bug.cgi?id=128307
1057
1058         Reviewed by Brent Fulgham.
1059
1060         * tests/mozilla/mozilla-tests.yaml: Skipped on Windows.
1061         * tests/stress/ftl-arithcos.js: Skipped on Windows.
1062
1063 2015-01-26  Ryosuke Niwa  <rniwa@webkit.org>
1064
1065         Parse a function expression as a primary expression
1066         https://bugs.webkit.org/show_bug.cgi?id=140908
1067
1068         Reviewed by Mark Lam.
1069
1070         Moved the code to generate an AST node for a function expression from parseMemberExpression
1071         to parsePrimaryExpression to match the ES6 specification terminology:
1072         https://people.mozilla.org/~jorendorff/es6-draft.html#sec-primary-expression
1073
1074         There should be no behavior change from this change since parsePrimaryExpression is only
1075         called in parseMemberExpression other than the fact failIfStackOverflow() is called.
1076
1077         * parser/Parser.cpp:
1078         (JSC::Parser<LexerType>::parsePrimaryExpression):
1079         (JSC::Parser<LexerType>::parseMemberExpression):
1080
1081 2015-01-26  Myles C. Maxfield  <mmaxfield@apple.com>
1082
1083         [iOS] [SVG -> OTF Converter] Flip the switch off on iOS
1084         https://bugs.webkit.org/show_bug.cgi?id=140860
1085
1086         Reviewed by Darin Adler.
1087
1088         The fonts it makes are grotesque. (See what I did there? Typographic
1089         humor is the best humor.)
1090
1091         * Configurations/FeatureDefines.xcconfig:
1092
1093 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
1094
1095         Web Inspector: Rename InjectedScriptHost::type to subtype
1096         https://bugs.webkit.org/show_bug.cgi?id=140841
1097
1098         Reviewed by Timothy Hatcher.
1099
1100         We were using this to set the subtype of an "object" type RemoteObject
1101         so we should clean up the name and call it subtype.
1102
1103         * inspector/InjectedScriptHost.h:
1104         * inspector/InjectedScriptSource.js:
1105         * inspector/JSInjectedScriptHost.cpp:
1106         (Inspector::JSInjectedScriptHost::subtype):
1107         (Inspector::JSInjectedScriptHost::type): Deleted.
1108         * inspector/JSInjectedScriptHost.h:
1109         * inspector/JSInjectedScriptHostPrototype.cpp:
1110         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
1111         (Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
1112         (Inspector::jsInjectedScriptHostPrototypeFunctionType): Deleted.
1113
1114 2015-01-23  Michael Saboff  <msaboff@apple.com>
1115
1116         LayoutTests/js/script-tests/reentrant-caching.js crashing on 32 bit builds
1117         https://bugs.webkit.org/show_bug.cgi?id=140843
1118
1119         Reviewed by Oliver Hunt.
1120
1121         When we are in vmEntryToJavaScript, we keep the stack pointer at an
1122         alignment sutiable for pointing to a call frame header, which is the
1123         alignment post making a call.  We adjust the sp when calling to JS code,
1124         but don't adjust it before calling the out of stack handler.
1125
1126         * llint/LowLevelInterpreter32_64.asm:
1127         Moved stack point down 8 bytes to get it aligned.
1128
1129 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
1130
1131         Web Inspector: Object Previews in the Console
1132         https://bugs.webkit.org/show_bug.cgi?id=129204
1133
1134         Reviewed by Timothy Hatcher.
1135
1136         Update the very old, unused object preview code. Part of this comes from
1137         the earlier WebKit legacy implementation, and the Blink implementation.
1138
1139         A RemoteObject may include a preview, if it is asked for, and if the
1140         RemoteObject is an object. Previews are a shallow (single level) list
1141         of a limited number of properties on the object. The previewed
1142         properties are always stringified (even if primatives). Previews are
1143         limited to just 5 properties or 100 indices. Previews are marked
1144         as lossless if they are a complete snapshot of the object.
1145
1146         There is a path to make previews two levels deep, that is currently
1147         unused but should soon be used for tables (e.g. IndexedDB).
1148
1149         * inspector/InjectedScriptSource.js:
1150         - Move some code off of InjectedScript to be generic functions
1151         usable by RemoteObject as well.
1152         - Update preview generation to use 
1153
1154         * inspector/protocol/Runtime.json:
1155         - Add a new type, "accessor" for preview objects. This represents
1156         a getter / setter. We currently don't get the value.
1157
1158 2015-01-23  Michael Saboff  <msaboff@apple.com>
1159
1160         Immediate crash when setting JS breakpoint
1161         https://bugs.webkit.org/show_bug.cgi?id=140811
1162
1163         Reviewed by Mark Lam.
1164
1165         When the DFG stack layout phase doesn't allocate a register for the scope register,
1166         it incorrectly sets the scope register in the code block to a bad value, one with
1167         an offset of 0.  Changed it so that we set the code block's scope register to the 
1168         invalid VirtualRegister instead.
1169
1170         No tests needed as adding the ASSERT in setScopeRegister() was used to find the bug.
1171         We crash with that ASSERT in testapi and likely many other tests as well.
1172
1173         * bytecode/CodeBlock.cpp:
1174         (JSC::CodeBlock::CodeBlock):
1175         * bytecode/CodeBlock.h:
1176         (JSC::CodeBlock::setScopeRegister):
1177         (JSC::CodeBlock::scopeRegister):
1178         Added ASSERTs to catch any future improper setting of the code block's scope register.
1179
1180         * dfg/DFGStackLayoutPhase.cpp:
1181         (JSC::DFG::StackLayoutPhase::run):
1182
1183 2015-01-22  Mark Hahnenberg  <mhahnenb@gmail.com>
1184
1185         EdenCollections unnecessarily visit SmallStrings
1186         https://bugs.webkit.org/show_bug.cgi?id=140762
1187
1188         Reviewed by Geoffrey Garen.
1189
1190         * heap/Heap.cpp:
1191         (JSC::Heap::copyBackingStores): Also added a GCPhase for copying
1192         backing stores, which is a significant portion of garbage collection.
1193         (JSC::Heap::visitSmallStrings): Check to see if we need to visit
1194         SmallStrings based on the collection type.
1195         * runtime/SmallStrings.cpp:
1196         (JSC::SmallStrings::SmallStrings):
1197         (JSC::SmallStrings::visitStrongReferences): Set the fact that we have
1198         visited the SmallStrings since the last modification.
1199         * runtime/SmallStrings.h:
1200         (JSC::SmallStrings::needsToBeVisited): If we're doing a
1201         FullCollection, we need to visit. Otherwise, it depends on whether
1202         we've been visited since the last modification/allocation.
1203
1204 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
1205
1206         Add a build flag for ES6 class syntax
1207         https://bugs.webkit.org/show_bug.cgi?id=140760
1208
1209         Reviewed by Michael Saboff.
1210
1211         Added ES6_CLASS_SYNTAX build flag and used it in tokenizer to recognize
1212         "class", "extends", "static" and "super" keywords.
1213
1214         * Configurations/FeatureDefines.xcconfig:
1215         * parser/Keywords.table:
1216         * parser/ParserTokens.h:
1217
1218 2015-01-22  Commit Queue  <commit-queue@webkit.org>
1219
1220         Unreviewed, rolling out r178894.
1221         https://bugs.webkit.org/show_bug.cgi?id=140775
1222
1223         Broke JSC and bindings tests (Requested by ap_ on #webkit).
1224
1225         Reverted changeset:
1226
1227         "put_by_val_direct need to check the property is index or not
1228         for using putDirect / putDirectIndex"
1229         https://bugs.webkit.org/show_bug.cgi?id=140426
1230         http://trac.webkit.org/changeset/178894
1231
1232 2015-01-22  Mark Lam  <mark.lam@apple.com>
1233
1234         BytecodeGenerator::initializeCapturedVariable() sets a misleading value for the 5th operand of op_put_to_scope.
1235         <https://webkit.org/b/140743>
1236
1237         Reviewed by Oliver Hunt.
1238
1239         BytecodeGenerator::initializeCapturedVariable() was setting the 5th operand to
1240         op_put_to_scope to an inappropriate value (i.e. 0).  As a result, the execution
1241         of put_to_scope could store a wrong inferred value into the VariableWatchpointSet
1242         for which ever captured variable is at local index 0.  In practice, this turns
1243         out to be the local for the Arguments object.  In this reproduction case in the
1244         bug, the wrong inferred value written there is the boolean true.
1245
1246         Subsequently, DFG compilation occurs and CreateArguments is emitted to first do
1247         a check of the local for the Arguments object.  But because that local has a
1248         wrong inferred value, the check always discovers a non-null value and we never
1249         actually create the Arguments object.  Immediately after this, an OSR exit
1250         occurs leaving the Arguments object local uninitialized.  Later on at arguments
1251         tear off, we run into a boolean true where we had expected to find an Arguments
1252         object, which in turn, leads to the crash.
1253
1254         The fix is to:
1255         1. In the case where the resolveModeType is LocalClosureVar, change the
1256            5th operand of op_put_to_scope to be a boolean.  True means that the
1257            local var is watchable.  False means it is not watchable.  We no longer
1258            pass the local index (instead of true) and UINT_MAX (instead of false).
1259
1260            This allows us to express more clearer in the code what that value means,
1261            as well as remove the redundant way of getting the local's identifier.
1262            The identifier is always the one passed in the 2nd operand. 
1263
1264         2. Previously, though intuitively, we know that the watchable variable
1265            identifier should be the same as the one that is passed in operand 2, this
1266            relationship was not clear in the code.  By code analysis, I confirmed that 
1267            the callers of BytecodeGenerator::emitPutToScope() always use the same
1268            identifier for operand 2 and for filling out the ResolveScopeInfo from
1269            which we get the watchable variable identifier later.  I've changed the
1270            code to make this clear now by always using the identifier passed in
1271            operand 2.
1272
1273         3. In the case where the resolveModeType is LocalClosureVar,
1274            initializeCapturedVariable() and emitPutToScope() will now query
1275            hasWatchableVariable() to determine if the local is watchable or not.
1276            Accordingly, we pass the boolean result of hasWatchableVariable() as
1277            operand 5 of op_put_to_scope.
1278
1279         Also added some assertions.
1280
1281         * bytecode/CodeBlock.cpp:
1282         (JSC::CodeBlock::CodeBlock):
1283         * bytecompiler/BytecodeGenerator.cpp:
1284         (JSC::BytecodeGenerator::initializeCapturedVariable):
1285         (JSC::BytecodeGenerator::hasConstant):
1286         (JSC::BytecodeGenerator::emitPutToScope):
1287         * bytecompiler/BytecodeGenerator.h:
1288         (JSC::BytecodeGenerator::hasWatchableVariable):
1289         (JSC::BytecodeGenerator::watchableVariableIdentifier):
1290         (JSC::BytecodeGenerator::watchableVariable): Deleted.
1291
1292 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
1293
1294         PropertyListNode::emitNode duplicates the code to put a constant property
1295         https://bugs.webkit.org/show_bug.cgi?id=140761
1296
1297         Reviewed by Geoffrey Garen.
1298
1299         Extracted PropertyListNode::emitPutConstantProperty to share the code.
1300
1301         Also made PropertyListNode::emitBytecode private since nobody is calling this function directly.
1302
1303         * bytecompiler/NodesCodegen.cpp:
1304         (JSC::PropertyListNode::emitBytecode):
1305         (JSC::PropertyListNode::emitPutConstantProperty): Added.
1306         * parser/Nodes.h:
1307
1308 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
1309
1310         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
1311         https://bugs.webkit.org/show_bug.cgi?id=140426
1312
1313         Reviewed by Geoffrey Garen.
1314
1315         In the put_by_val_direct operation, we use JSObject::putDirect.
1316         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
1317         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
1318         It forces callers to check the value is index or not explicitly.
1319         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
1320
1321         * bytecode/GetByIdStatus.cpp:
1322         (JSC::GetByIdStatus::computeFor):
1323         * bytecode/PutByIdStatus.cpp:
1324         (JSC::PutByIdStatus::computeFor):
1325         * bytecompiler/BytecodeGenerator.cpp:
1326         (JSC::BytecodeGenerator::emitDirectPutById):
1327         * dfg/DFGOperations.cpp:
1328         (JSC::DFG::operationPutByValInternal):
1329         * jit/JITOperations.cpp:
1330         * jit/Repatch.cpp:
1331         (JSC::emitPutTransitionStubAndGetOldStructure):
1332         * jsc.cpp:
1333         * llint/LLIntSlowPaths.cpp:
1334         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1335         * runtime/Arguments.cpp:
1336         (JSC::Arguments::getOwnPropertySlot):
1337         (JSC::Arguments::put):
1338         (JSC::Arguments::deleteProperty):
1339         (JSC::Arguments::defineOwnProperty):
1340         * runtime/ArrayPrototype.cpp:
1341         (JSC::arrayProtoFuncSort):
1342         * runtime/JSArray.cpp:
1343         (JSC::JSArray::defineOwnProperty):
1344         * runtime/JSCJSValue.cpp:
1345         (JSC::JSValue::putToPrimitive):
1346         * runtime/JSGenericTypedArrayViewInlines.h:
1347         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
1348         (JSC::JSGenericTypedArrayView<Adaptor>::put):
1349         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1350         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
1351         * runtime/JSObject.cpp:
1352         (JSC::JSObject::put):
1353         (JSC::JSObject::putDirectAccessor):
1354         (JSC::JSObject::putDirectCustomAccessor):
1355         (JSC::JSObject::deleteProperty):
1356         (JSC::JSObject::putDirectMayBeIndex):
1357         (JSC::JSObject::defineOwnProperty):
1358         * runtime/JSObject.h:
1359         (JSC::JSObject::getOwnPropertySlot):
1360         (JSC::JSObject::getPropertySlot):
1361         (JSC::JSObject::putDirectInternal):
1362         * runtime/JSString.cpp:
1363         (JSC::JSString::getStringPropertyDescriptor):
1364         * runtime/JSString.h:
1365         (JSC::JSString::getStringPropertySlot):
1366         * runtime/LiteralParser.cpp:
1367         (JSC::LiteralParser<CharType>::parse):
1368         * runtime/PropertyName.h:
1369         (JSC::toUInt32FromCharacters):
1370         (JSC::toUInt32FromStringImpl):
1371         (JSC::PropertyName::asIndex):
1372         * runtime/PropertyNameArray.cpp:
1373         (JSC::PropertyNameArray::add):
1374         * runtime/StringObject.cpp:
1375         (JSC::StringObject::deleteProperty):
1376         * runtime/Structure.cpp:
1377         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1378
1379 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
1380
1381         Consolidate out arguments of parseFunctionInfo into a struct
1382         https://bugs.webkit.org/show_bug.cgi?id=140754
1383
1384         Reviewed by Oliver Hunt.
1385
1386         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
1387
1388         * JavaScriptCore.xcodeproj/project.pbxproj:
1389         * parser/ASTBuilder.h:
1390         (JSC::ASTBuilder::createFunctionExpr):
1391         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
1392         ParserFunctionInfo since the property name and the function name could differ.
1393         (JSC::ASTBuilder::createFuncDeclStatement):
1394         * parser/Parser.cpp:
1395         (JSC::Parser<LexerType>::parseFunctionInfo):
1396         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1397         (JSC::Parser<LexerType>::parseProperty):
1398         (JSC::Parser<LexerType>::parseMemberExpression):
1399         * parser/Parser.h:
1400         * parser/ParserFunctionInfo.h: Added.
1401         * parser/SyntaxChecker.h:
1402         (JSC::SyntaxChecker::createFunctionExpr):
1403         (JSC::SyntaxChecker::createFuncDeclStatement):
1404         (JSC::SyntaxChecker::createClassDeclStatement):
1405         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1406
1407 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
1408
1409         Change Heap::m_compiledCode to use a Vector
1410         https://bugs.webkit.org/show_bug.cgi?id=140717
1411
1412         Reviewed by Andreas Kling.
1413
1414         Right now it's a DoublyLinkedList, which is iterated during each
1415         collection. This contributes to some of the longish Eden pause times.
1416         A Vector would be more appropriate and would also allow ExecutableBase
1417         to be 2 pointers smaller.
1418
1419         * heap/Heap.cpp:
1420         (JSC::Heap::deleteAllCompiledCode):
1421         (JSC::Heap::deleteAllUnlinkedFunctionCode):
1422         (JSC::Heap::clearUnmarkedExecutables):
1423         * heap/Heap.h:
1424         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
1425
1426 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
1427
1428         BytecodeGenerator shouldn't expose all of its member variables
1429         https://bugs.webkit.org/show_bug.cgi?id=140752
1430
1431         Reviewed by Mark Lam.
1432
1433         Added "private:" and removed unused data members as detected by clang.
1434
1435         * bytecompiler/BytecodeGenerator.cpp:
1436         (JSC::BytecodeGenerator::BytecodeGenerator):
1437         * bytecompiler/BytecodeGenerator.h:
1438         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
1439         * bytecompiler/NodesCodegen.cpp:
1440         (JSC::BinaryOpNode::emitBytecode):
1441
1442 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
1443
1444         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
1445         https://bugs.webkit.org/show_bug.cgi?id=140746
1446
1447         Reviewed by Timothy Hatcher.
1448
1449         * inspector/InjectedScriptSource.js:
1450         Do not add impure properties to the descriptor object that will
1451         eventually be sent to the frontend.
1452
1453 2015-01-21  Matthew Mirman  <mmirman@apple.com>
1454
1455         Updated split such that it does not include the empty end of input string match.
1456         https://bugs.webkit.org/show_bug.cgi?id=138129
1457         <rdar://problem/18807403>
1458
1459         Reviewed by Filip Pizlo.
1460
1461         * runtime/StringPrototype.cpp:
1462         (JSC::stringProtoFuncSplit):
1463         * tests/stress/empty_eos_regex_split.js: Added.
1464
1465 2015-01-21  Michael Saboff  <msaboff@apple.com>
1466
1467         Eliminate Scope slot from JavaScript CallFrame
1468         https://bugs.webkit.org/show_bug.cgi?id=136724
1469
1470         Reviewed by Geoffrey Garen.
1471
1472         This finishes the removal of the scope chain slot from the call frame header.
1473
1474         * dfg/DFGOSRExitCompilerCommon.cpp:
1475         (JSC::DFG::reifyInlinedCallFrames):
1476         * dfg/DFGPreciseLocalClobberize.h:
1477         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
1478         * dfg/DFGSpeculativeJIT32_64.cpp:
1479         (JSC::DFG::SpeculativeJIT::emitCall):
1480         * dfg/DFGSpeculativeJIT64.cpp:
1481         (JSC::DFG::SpeculativeJIT::emitCall):
1482         * ftl/FTLJSCall.cpp:
1483         (JSC::FTL::JSCall::emit):
1484         * ftl/FTLLowerDFGToLLVM.cpp:
1485         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
1486         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1487         * interpreter/JSStack.h:
1488         * interpreter/VMInspector.cpp:
1489         (JSC::VMInspector::dumpFrame):
1490         * jit/JITCall.cpp:
1491         (JSC::JIT::compileOpCall):
1492         * jit/JITCall32_64.cpp:
1493         (JSC::JIT::compileOpCall):
1494         * jit/JITOpcodes32_64.cpp:
1495         (JSC::JIT::privateCompileCTINativeCall):
1496         * jit/Repatch.cpp:
1497         (JSC::generateByIdStub):
1498         (JSC::linkClosureCall):
1499         * jit/ThunkGenerators.cpp:
1500         (JSC::virtualForThunkGenerator):
1501         (JSC::nativeForGenerator):
1502         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
1503         read or set.  In most cases this was where we make JS calls.
1504
1505         * interpreter/CallFrameClosure.h:
1506         (JSC::CallFrameClosure::setArgument):
1507         (JSC::CallFrameClosure::resetCallFrame): Deleted.
1508         * interpreter/Interpreter.cpp:
1509         (JSC::Interpreter::execute):
1510         (JSC::Interpreter::executeCall):
1511         (JSC::Interpreter::executeConstruct):
1512         (JSC::Interpreter::prepareForRepeatCall):
1513         * interpreter/ProtoCallFrame.cpp:
1514         (JSC::ProtoCallFrame::init):
1515         * interpreter/ProtoCallFrame.h:
1516         (JSC::ProtoCallFrame::scope): Deleted.
1517         (JSC::ProtoCallFrame::setScope): Deleted.
1518         * llint/LLIntData.cpp:
1519         (JSC::LLInt::Data::performAssertions):
1520         * llint/LowLevelInterpreter.asm:
1521         * llint/LowLevelInterpreter64.asm:
1522         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
1523         registers that needed to be copied from the ProtoCallFrame to a callee's frame
1524         from 5 to 4.
1525
1526         * llint/LowLevelInterpreter32_64.asm:
1527         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
1528
1529 2015-01-21  Michael Saboff  <msaboff@apple.com>
1530
1531         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
1532         https://bugs.webkit.org/show_bug.cgi?id=140708
1533
1534         Reviewed by Mark Lam.
1535
1536         Eliminated construct methods and change getConstructData() for both classes to return
1537         ConstructTypeNone as they can never be called.
1538
1539         * runtime/NullGetterFunction.cpp:
1540         (JSC::NullGetterFunction::getConstructData):
1541         (JSC::constructReturnUndefined): Deleted.
1542         * runtime/NullSetterFunction.cpp:
1543         (JSC::NullSetterFunction::getConstructData):
1544         (JSC::constructReturnUndefined): Deleted.
1545
1546 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
1547
1548         Remove ENABLE(INSPECTOR) ifdef guards
1549         https://bugs.webkit.org/show_bug.cgi?id=140668
1550
1551         Reviewed by Darin Adler.
1552
1553         * Configurations/FeatureDefines.xcconfig:
1554         * bindings/ScriptValue.cpp:
1555         (Deprecated::ScriptValue::toInspectorValue):
1556         * bindings/ScriptValue.h:
1557         * inspector/ConsoleMessage.cpp:
1558         * inspector/ConsoleMessage.h:
1559         * inspector/ContentSearchUtilities.cpp:
1560         * inspector/ContentSearchUtilities.h:
1561         * inspector/IdentifiersFactory.cpp:
1562         * inspector/IdentifiersFactory.h:
1563         * inspector/InjectedScript.cpp:
1564         * inspector/InjectedScript.h:
1565         * inspector/InjectedScriptBase.cpp:
1566         * inspector/InjectedScriptBase.h:
1567         * inspector/InjectedScriptHost.cpp:
1568         * inspector/InjectedScriptHost.h:
1569         * inspector/InjectedScriptManager.cpp:
1570         * inspector/InjectedScriptManager.h:
1571         * inspector/InjectedScriptModule.cpp:
1572         * inspector/InjectedScriptModule.h:
1573         * inspector/InspectorAgentRegistry.cpp:
1574         * inspector/InspectorBackendDispatcher.cpp:
1575         * inspector/InspectorBackendDispatcher.h:
1576         * inspector/InspectorProtocolTypes.h:
1577         * inspector/JSGlobalObjectConsoleClient.cpp:
1578         * inspector/JSGlobalObjectInspectorController.cpp:
1579         * inspector/JSGlobalObjectInspectorController.h:
1580         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1581         * inspector/JSGlobalObjectScriptDebugServer.h:
1582         * inspector/JSInjectedScriptHost.cpp:
1583         * inspector/JSInjectedScriptHost.h:
1584         * inspector/JSInjectedScriptHostPrototype.cpp:
1585         * inspector/JSInjectedScriptHostPrototype.h:
1586         * inspector/JSJavaScriptCallFrame.cpp:
1587         * inspector/JSJavaScriptCallFrame.h:
1588         * inspector/JSJavaScriptCallFramePrototype.cpp:
1589         * inspector/JSJavaScriptCallFramePrototype.h:
1590         * inspector/JavaScriptCallFrame.cpp:
1591         * inspector/JavaScriptCallFrame.h:
1592         * inspector/ScriptCallFrame.cpp:
1593         (Inspector::ScriptCallFrame::buildInspectorObject):
1594         * inspector/ScriptCallFrame.h:
1595         * inspector/ScriptCallStack.cpp:
1596         (Inspector::ScriptCallStack::buildInspectorArray):
1597         * inspector/ScriptCallStack.h:
1598         * inspector/ScriptDebugServer.cpp:
1599         * inspector/agents/InspectorAgent.cpp:
1600         * inspector/agents/InspectorAgent.h:
1601         * inspector/agents/InspectorConsoleAgent.cpp:
1602         * inspector/agents/InspectorConsoleAgent.h:
1603         * inspector/agents/InspectorDebuggerAgent.cpp:
1604         * inspector/agents/InspectorDebuggerAgent.h:
1605         * inspector/agents/InspectorRuntimeAgent.cpp:
1606         * inspector/agents/InspectorRuntimeAgent.h:
1607         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
1608         * inspector/agents/JSGlobalObjectConsoleAgent.h:
1609         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1610         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
1611         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
1612         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
1613         * inspector/scripts/codegen/cpp_generator_templates.py:
1614         (CppGeneratorTemplates):
1615         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1616         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1617         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1618         * inspector/scripts/tests/expected/enum-values.json-result:
1619         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1620         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1621         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1622         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1623         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1624         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1625         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1626         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1627         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1628         * runtime/TypeSet.cpp:
1629         (JSC::TypeSet::inspectorTypeSet):
1630         (JSC::StructureShape::inspectorRepresentation):
1631
1632 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1633
1634         Web Inspector: Clean up InjectedScriptSource.js
1635         https://bugs.webkit.org/show_bug.cgi?id=140709
1636
1637         Reviewed by Timothy Hatcher.
1638
1639         This patch includes some relevant Blink patches and small changes.
1640         
1641         Patch by <aandrey@chromium.org>
1642         DevTools: Remove console last result $_ on console clear.
1643         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
1644
1645         Patch by <eustas@chromium.org>
1646         [Inspect DOM properties] incorrect CSS Selector Syntax
1647         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
1648
1649         * inspector/InjectedScriptSource.js:
1650
1651 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1652
1653         Web Inspector: Cleanup RuntimeAgent a bit
1654         https://bugs.webkit.org/show_bug.cgi?id=140706
1655
1656         Reviewed by Timothy Hatcher.
1657
1658         * inspector/InjectedScript.h:
1659         * inspector/InspectorBackendDispatcher.h:
1660         * inspector/ScriptCallFrame.cpp:
1661         * inspector/agents/InspectorRuntimeAgent.cpp:
1662         (Inspector::InspectorRuntimeAgent::evaluate):
1663         (Inspector::InspectorRuntimeAgent::getProperties):
1664         (Inspector::InspectorRuntimeAgent::run):
1665         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1666         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1667         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
1668
1669 2015-01-20  Matthew Mirman  <mmirman@apple.com>
1670
1671         Made Identity in the DFG allocate a new temp register and move 
1672         the old data to it.
1673         https://bugs.webkit.org/show_bug.cgi?id=140700
1674         <rdar://problem/19339106>
1675
1676         Reviewed by Filip Pizlo.
1677
1678         * dfg/DFGSpeculativeJIT64.cpp:
1679         (JSC::DFG::SpeculativeJIT::compile): 
1680         Added scratch registers for Identity. 
1681         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
1682
1683 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1684
1685         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
1686         https://bugs.webkit.org/show_bug.cgi?id=137306
1687
1688         Reviewed by Timothy Hatcher.
1689
1690         Provide another optional parameter to getProperties, to gather a list
1691         of all own and getter properties.
1692
1693         * inspector/InjectedScript.cpp:
1694         (Inspector::InjectedScript::getProperties):
1695         * inspector/InjectedScript.h:
1696         * inspector/InjectedScriptSource.js:
1697         * inspector/agents/InspectorRuntimeAgent.cpp:
1698         (Inspector::InspectorRuntimeAgent::getProperties):
1699         * inspector/agents/InspectorRuntimeAgent.h:
1700         * inspector/protocol/Runtime.json:
1701
1702 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1703
1704         Web Inspector: Should show dynamic specificity values
1705         https://bugs.webkit.org/show_bug.cgi?id=140647
1706
1707         Reviewed by Benjamin Poulain.
1708
1709         * inspector/protocol/CSS.json:
1710         Clarify CSSSelector optional values and add "dynamic" property indicating
1711         if the selector can be dynamic based on the element it is matched against.
1712
1713 2015-01-20  Commit Queue  <commit-queue@webkit.org>
1714
1715         Unreviewed, rolling out r178751.
1716         https://bugs.webkit.org/show_bug.cgi?id=140694
1717
1718         Caused 32-bit JSC test failures (Requested by JoePeck on
1719         #webkit).
1720
1721         Reverted changeset:
1722
1723         "put_by_val_direct need to check the property is index or not
1724         for using putDirect / putDirectIndex"
1725         https://bugs.webkit.org/show_bug.cgi?id=140426
1726         http://trac.webkit.org/changeset/178751
1727
1728 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
1729
1730         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
1731         https://bugs.webkit.org/show_bug.cgi?id=140426
1732
1733         Reviewed by Geoffrey Garen.
1734
1735         In the put_by_val_direct operation, we use JSObject::putDirect.
1736         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
1737         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
1738         It forces callers to check the value is index or not explicitly.
1739         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
1740
1741         * bytecode/GetByIdStatus.cpp:
1742         (JSC::GetByIdStatus::computeFor):
1743         * bytecode/PutByIdStatus.cpp:
1744         (JSC::PutByIdStatus::computeFor):
1745         * bytecompiler/BytecodeGenerator.cpp:
1746         (JSC::BytecodeGenerator::emitDirectPutById):
1747         * dfg/DFGOperations.cpp:
1748         (JSC::DFG::operationPutByValInternal):
1749         * jit/JITOperations.cpp:
1750         * jit/Repatch.cpp:
1751         (JSC::emitPutTransitionStubAndGetOldStructure):
1752         * jsc.cpp:
1753         * llint/LLIntSlowPaths.cpp:
1754         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1755         * runtime/Arguments.cpp:
1756         (JSC::Arguments::getOwnPropertySlot):
1757         (JSC::Arguments::put):
1758         (JSC::Arguments::deleteProperty):
1759         (JSC::Arguments::defineOwnProperty):
1760         * runtime/ArrayPrototype.cpp:
1761         (JSC::arrayProtoFuncSort):
1762         * runtime/JSArray.cpp:
1763         (JSC::JSArray::defineOwnProperty):
1764         * runtime/JSCJSValue.cpp:
1765         (JSC::JSValue::putToPrimitive):
1766         * runtime/JSGenericTypedArrayViewInlines.h:
1767         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
1768         (JSC::JSGenericTypedArrayView<Adaptor>::put):
1769         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1770         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
1771         * runtime/JSObject.cpp:
1772         (JSC::JSObject::put):
1773         (JSC::JSObject::putDirectAccessor):
1774         (JSC::JSObject::putDirectCustomAccessor):
1775         (JSC::JSObject::deleteProperty):
1776         (JSC::JSObject::putDirectMayBeIndex):
1777         (JSC::JSObject::defineOwnProperty):
1778         * runtime/JSObject.h:
1779         (JSC::JSObject::getOwnPropertySlot):
1780         (JSC::JSObject::getPropertySlot):
1781         (JSC::JSObject::putDirectInternal):
1782         * runtime/JSString.cpp:
1783         (JSC::JSString::getStringPropertyDescriptor):
1784         * runtime/JSString.h:
1785         (JSC::JSString::getStringPropertySlot):
1786         * runtime/LiteralParser.cpp:
1787         (JSC::LiteralParser<CharType>::parse):
1788         * runtime/PropertyName.h:
1789         (JSC::toUInt32FromCharacters):
1790         (JSC::toUInt32FromStringImpl):
1791         (JSC::PropertyName::asIndex):
1792         * runtime/PropertyNameArray.cpp:
1793         (JSC::PropertyNameArray::add):
1794         * runtime/StringObject.cpp:
1795         (JSC::StringObject::deleteProperty):
1796         * runtime/Structure.cpp:
1797         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1798
1799 2015-01-20  Michael Saboff  <msaboff@apple.com>
1800
1801         REGRESSION(178696): Sporadic crashes while garbage collecting
1802         https://bugs.webkit.org/show_bug.cgi?id=140688
1803
1804         Reviewed by Geoffrey Garen.
1805
1806         Added missing visitor.append(&thisObject->m_nullSetterFunction).
1807
1808         * runtime/JSGlobalObject.cpp:
1809         (JSC::JSGlobalObject::visitChildren):
1810
1811 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
1812
1813         Web Replay: code generator should take supplemental specifications and allow cross-framework references
1814         https://bugs.webkit.org/show_bug.cgi?id=136312
1815
1816         Reviewed by Joseph Pecoraro.
1817
1818         Some types are shared between replay inputs from different frameworks.
1819         Previously, these type declarations were duplicated in every input
1820         specification file in which they were used. This caused some type encoding
1821         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
1822
1823         This patch teaches the replay inputs code generator to accept multiple
1824         input specification files. Inputs can freely reference types from other
1825         frameworks without duplicating declarations.
1826
1827         On the code generation side, the model could contain types and inputs from
1828         frameworks that are not the target framework. Only generate code for the
1829         target framework.
1830
1831         To properly generate cross-framework type encoding traits, use
1832         Type.encoding_type_argument in more places, and add the export macro for WebCore
1833         and the Test framework.
1834
1835         Adjust some tests so that enum coverage is preserved by moving the enum types
1836         into "Test" (the target framework for tests).
1837
1838         * JavaScriptCore.vcxproj/copy-files.cmd:
1839         For Windows, copy over JSInputs.json as if it were a private header.
1840
1841         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
1842         * replay/JSInputs.json:
1843         Put all primitive types and WTF types in this specification file.
1844
1845         * replay/scripts/CodeGeneratorReplayInputs.py:
1846         (Input.__init__):
1847         (InputsModel.__init__): Keep track of the input's framework.
1848         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
1849         and allow either types or inputs to be missing from a single file.
1850
1851         (InputsModel.parse_type_with_framework):
1852         (InputsModel.parse_input_with_framework):
1853         (Generator.should_generate_item): Added helper method.
1854         (Generator.generate_header): Filter inputs to generate.
1855         (Generator.generate_implementation): Filter inputs to generate.
1856         (Generator.generate_enum_trait_declaration): Filter enums to generate.
1857         Add WEBCORE_EXPORT macro to enum encoding traits.
1858
1859         (Generator.generate_for_each_macro): Filter inputs to generate.
1860         (Generator.generate_enum_trait_implementation): Filter enums to generate.
1861         (generate_from_specifications): Added.
1862         (generate_from_specifications.parse_json_from_file):
1863         (InputsModel.parse_toplevel): Deleted.
1864         (InputsModel.parse_type_with_framework_name): Deleted.
1865         (InputsModel.parse_input): Deleted.
1866         (generate_from_specification): Deleted.
1867         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
1868         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
1869         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
1870         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
1871         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
1872         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
1873         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
1874         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
1875         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
1876         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
1877         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
1878         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
1879         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
1880         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
1881         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
1882         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
1883         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
1884         * replay/scripts/tests/fail-on-duplicate-input-names.json:
1885         * replay/scripts/tests/fail-on-duplicate-type-names.json:
1886         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
1887         * replay/scripts/tests/fail-on-missing-input-member-name.json:
1888         * replay/scripts/tests/fail-on-missing-input-name.json:
1889         * replay/scripts/tests/fail-on-missing-input-queue.json:
1890         * replay/scripts/tests/fail-on-missing-type-mode.json:
1891         * replay/scripts/tests/fail-on-missing-type-name.json:
1892         * replay/scripts/tests/fail-on-no-inputs.json:
1893         Removed, no longer required to be in a single file.
1894
1895         * replay/scripts/tests/fail-on-no-types.json:
1896         Removed, no longer required to be in a single file.
1897
1898         * replay/scripts/tests/fail-on-unknown-input-queue.json:
1899         * replay/scripts/tests/fail-on-unknown-member-type.json:
1900         * replay/scripts/tests/fail-on-unknown-type-mode.json:
1901         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
1902         * replay/scripts/tests/generate-enum-encoding-helpers.json:
1903         * replay/scripts/tests/generate-enum-with-guard.json:
1904         Include enums that are and are not generated.
1905
1906         * replay/scripts/tests/generate-enums-with-same-base-name.json:
1907         * replay/scripts/tests/generate-event-loop-shape-types.json:
1908         * replay/scripts/tests/generate-input-with-guard.json:
1909         * replay/scripts/tests/generate-input-with-vector-members.json:
1910         * replay/scripts/tests/generate-inputs-with-flags.json:
1911         * replay/scripts/tests/generate-memoized-type-modes.json:
1912
1913 2015-01-20  Tomas Popela  <tpopela@redhat.com>
1914
1915         [GTK] Cannot compile 2.7.3 on PowerPC machines
1916         https://bugs.webkit.org/show_bug.cgi?id=140616
1917
1918         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
1919
1920         Reviewed by Csaba Osztrogonác.
1921
1922         * runtime/BasicBlockLocation.cpp:
1923
1924 2015-01-19  Michael Saboff  <msaboff@apple.com>
1925
1926         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
1927         https://bugs.webkit.org/show_bug.cgi?id=139418
1928
1929         Reviewed by Filip Pizlo.
1930
1931         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
1932         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
1933
1934         * CMakeLists.txt:
1935         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1936         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1937         * JavaScriptCore.xcodeproj/project.pbxproj:
1938         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
1939
1940         * runtime/GetterSetter.h:
1941         (JSC::GetterSetter::GetterSetter):
1942         (JSC::GetterSetter::isSetterNull):
1943         (JSC::GetterSetter::setSetter):
1944         Change setter instances from using NullGetterFunction to using NullSetterFunction.
1945
1946         * runtime/JSGlobalObject.cpp:
1947         (JSC::JSGlobalObject::init):
1948         * runtime/JSGlobalObject.h:
1949         (JSC::JSGlobalObject::nullSetterFunction):
1950         Added m_nullSetterFunction and accessor.
1951
1952         * runtime/NullSetterFunction.cpp: Added.
1953         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
1954         (JSC::GetCallerStrictnessFunctor::operator()):
1955         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
1956         (JSC::callerIsStrict):
1957         Method to determine if the caller is in strict mode.
1958
1959         (JSC::callReturnUndefined):
1960         (JSC::constructReturnUndefined):
1961         (JSC::NullSetterFunction::getCallData):
1962         (JSC::NullSetterFunction::getConstructData):
1963         * runtime/NullSetterFunction.h: Added.
1964         (JSC::NullSetterFunction::create):
1965         (JSC::NullSetterFunction::createStructure):
1966         (JSC::NullSetterFunction::NullSetterFunction):
1967         Class with handlers for a null setter.
1968
1969 2015-01-19  Saam Barati  <saambarati1@gmail.com>
1970
1971         Web Inspector: Provide a front end for JSC's Control Flow Profiler
1972         https://bugs.webkit.org/show_bug.cgi?id=138454
1973
1974         Reviewed by Timothy Hatcher.
1975
1976         This patch puts the final touches on what JSC needs to provide
1977         for the Web Inspector to show a UI for the control flow profiler.
1978
1979         * inspector/agents/InspectorRuntimeAgent.cpp:
1980         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1981         * runtime/ControlFlowProfiler.cpp:
1982         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
1983         * runtime/FunctionHasExecutedCache.cpp:
1984         (JSC::FunctionHasExecutedCache::getFunctionRanges):
1985         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
1986         * runtime/FunctionHasExecutedCache.h:
1987
1988 2015-01-19  David Kilzer  <ddkilzer@apple.com>
1989
1990         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
1991         <http://webkit.org/b/140658>
1992
1993         Reviewed by Filip Pizlo.
1994
1995         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
1996         only when building for 64-bit architectures.
1997
1998 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
1999
2000         ClosureCallStubRoutine no longer needs codeOrigin
2001         https://bugs.webkit.org/show_bug.cgi?id=140659
2002
2003         Reviewed by Michael Saboff.
2004         
2005         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
2006         would start with the CodeBlock according to the caller frame's call frame header. But if the
2007         call was a closure call, the return PC would be inside some closure call stub. So if the
2008         CodeBlock search failed, we would search *all* closure call stub routines to see which one
2009         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
2010         object. This was all a bunch of madness, and we actually got rid of it - we now determine
2011         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
2012         argument count.
2013         
2014         This patch removes the final vestiges of the madness:
2015         
2016         - Remove the totally unused method declaration for the thing that did the closure call stub
2017           search.
2018         
2019         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
2020           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
2021           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
2022           anymore.
2023
2024         * bytecode/CodeBlock.h:
2025         * jit/ClosureCallStubRoutine.cpp:
2026         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
2027         * jit/ClosureCallStubRoutine.h:
2028         (JSC::ClosureCallStubRoutine::executable):
2029         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
2030         * jit/Repatch.cpp:
2031         (JSC::linkClosureCall):
2032
2033 2015-01-19  Saam Barati  <saambarati1@gmail.com>
2034
2035         Basic block start offsets should never be larger than end offsets in the control flow profiler
2036         https://bugs.webkit.org/show_bug.cgi?id=140377
2037
2038         Reviewed by Filip Pizlo.
2039
2040         The bytecode generator will emit code more than once for some AST nodes. For instance, 
2041         the finally block of TryNode will emit two code paths for its finally block: one for 
2042         the normal path, and another for the path where an exception is thrown in the catch block. 
2043         
2044         This repeated code emission of the same AST node previously broke how the control 
2045         flow profiler computed text ranges of basic blocks because when the same AST node 
2046         is emitted multiple times, there is a good chance that there are ranges that span 
2047         from the end offset of one of these duplicated nodes back to the start offset of 
2048         the same duplicated node. This caused a basic block range to report a larger start 
2049         offset than end offset. This was incorrect. Now, when this situation is encountered 
2050         while linking a CodeBlock, the faulty range in question is ignored.
2051
2052         * bytecode/CodeBlock.cpp:
2053         (JSC::CodeBlock::CodeBlock):
2054         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2055         * bytecode/CodeBlock.h:
2056         * bytecompiler/NodesCodegen.cpp:
2057         (JSC::ForInNode::emitMultiLoopBytecode):
2058         (JSC::ForOfNode::emitBytecode):
2059         (JSC::TryNode::emitBytecode):
2060         * parser/Parser.cpp:
2061         (JSC::Parser<LexerType>::parseConditionalExpression):
2062         * runtime/ControlFlowProfiler.cpp:
2063         (JSC::ControlFlowProfiler::ControlFlowProfiler):
2064         * runtime/ControlFlowProfiler.h:
2065         (JSC::ControlFlowProfiler::dummyBasicBlock):
2066
2067 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
2068
2069         [SVG -> OTF Converter] Flip the switch on
2070         https://bugs.webkit.org/show_bug.cgi?id=140592
2071
2072         Reviewed by Antti Koivisto.
2073
2074         * Configurations/FeatureDefines.xcconfig:
2075
2076 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
2077
2078         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
2079         https://bugs.webkit.org/show_bug.cgi?id=140512
2080
2081         Reviewed by Chris Dumez.
2082
2083         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
2084         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
2085         input types, and the type traits macro is defined in namespace WTF.
2086
2087         * replay/NondeterministicInput.h: Make overridden methods public.
2088         * replay/scripts/CodeGeneratorReplayInputs.py:
2089         (Generator.generate_header):
2090         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
2091         (Generator.generate_input_type_trait_declaration): Added.
2092         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
2093         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
2094         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
2095         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
2096         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
2097         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
2098         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
2099         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
2100         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
2101
2102 2015-01-19  Commit Queue  <commit-queue@webkit.org>
2103
2104         Unreviewed, rolling out r178653.
2105         https://bugs.webkit.org/show_bug.cgi?id=140634
2106
2107         Broke multiple SVG tests on Mountain Lion (Requested by ap on
2108         #webkit).
2109
2110         Reverted changeset:
2111
2112         "[SVG -> OTF Converter] Flip the switch on"
2113         https://bugs.webkit.org/show_bug.cgi?id=140592
2114         http://trac.webkit.org/changeset/178653
2115
2116 2015-01-18  Dean Jackson  <dino@apple.com>
2117
2118         ES6: Support Array.of construction
2119         https://bugs.webkit.org/show_bug.cgi?id=140605
2120         <rdar://problem/19513655>
2121
2122         Reviewed by Geoffrey Garen.
2123
2124         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
2125         specification (15 Jan 2015). The Array.of() method creates a new Array
2126         instance with a variable number of arguments, regardless of number or type
2127         of the arguments.
2128
2129         * runtime/ArrayConstructor.cpp:
2130         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
2131         over the arguments, setting them to the appropriate index.
2132
2133 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
2134
2135         [SVG -> OTF Converter] Flip the switch on
2136         https://bugs.webkit.org/show_bug.cgi?id=140592
2137
2138         Reviewed by Antti Koivisto.
2139
2140         * Configurations/FeatureDefines.xcconfig:
2141
2142 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
2143
2144         Web Inspector: highlight data for overlay should use protocol type builders
2145         https://bugs.webkit.org/show_bug.cgi?id=129441
2146
2147         Reviewed by Timothy Hatcher.
2148
2149         Add a new domain for overlay types.
2150
2151         * CMakeLists.txt:
2152         * DerivedSources.make:
2153         * inspector/protocol/OverlayTypes.json: Added.
2154
2155 2015-01-17  Michael Saboff  <msaboff@apple.com>
2156
2157         Crash in JSScope::resolve() on tools.ups.com
2158         https://bugs.webkit.org/show_bug.cgi?id=140579
2159
2160         Reviewed by Geoffrey Garen.
2161
2162         For op_resolve_scope of a global property or variable that needs to check for the var
2163         injection check watchpoint, we need to keep the scope around with a Phantom.  The
2164         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
2165         fired.
2166
2167         * dfg/DFGByteCodeParser.cpp:
2168         (JSC::DFG::ByteCodeParser::parseBlock):
2169
2170 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
2171
2172         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
2173         https://bugs.webkit.org/show_bug.cgi?id=140557
2174
2175         Reviewed by Joseph Pecoraro.
2176
2177         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
2178         This makes it longwinded and confusing to use the type in C++ code.
2179
2180         This patch adds a typedef for array type declarations, so types such as Console::CallStack
2181         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
2182
2183         Some tests were updated to cover array type declarations used as parameters and type members.
2184
2185         * inspector/ScriptCallStack.cpp: Use the new typedef.
2186         (Inspector::ScriptCallStack::buildInspectorArray):
2187         * inspector/ScriptCallStack.h:
2188         * inspector/scripts/codegen/cpp_generator.py:
2189         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
2190         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2191         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
2192         (_generate_typedefs_for_domain.Inspector):
2193         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
2194         (ArrayType.__init__):
2195         (Protocol.resolve_types):
2196         (Protocol.lookup_type_reference):
2197         * inspector/scripts/tests/commands-with-async-attribute.json:
2198         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
2199         * inspector/scripts/tests/events-with-optional-parameters.json:
2200         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2201         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2202         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2203         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2204         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2205         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2206         * inspector/scripts/tests/type-declaration-object-type.json:
2207
2208 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
2209
2210         Web Replay: purge remaining PassRefPtr uses and minor cleanup
2211         https://bugs.webkit.org/show_bug.cgi?id=140456
2212
2213         Reviewed by Andreas Kling.
2214
2215         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
2216         Remove mistaken uses of AtomicString that were not removed as part of r174113.
2217
2218         * replay/EmptyInputCursor.h:
2219         * replay/InputCursor.h:
2220         (JSC::InputCursor::InputCursor):
2221
2222 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
2223
2224         Web Inspector: code generator should fail on duplicate parameter and member names
2225         https://bugs.webkit.org/show_bug.cgi?id=140555
2226
2227         Reviewed by Timothy Hatcher.
2228
2229         * inspector/scripts/codegen/models.py:
2230         (find_duplicates): Add a helper function to find duplicates in a list.
2231         (Protocol.parse_type_declaration):
2232         (Protocol.parse_command):
2233         (Protocol.parse_event):
2234         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
2235         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
2236         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
2237         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
2238         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
2239         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
2240         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
2241         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
2242
2243 2015-01-16  Michael Saboff  <msaboff@apple.com>
2244
2245         REGRESSION (r174226): Header on huffingtonpost.com is too large
2246         https://bugs.webkit.org/show_bug.cgi?id=140306
2247
2248         Reviewed by Filip Pizlo.
2249
2250         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
2251         arguments register or whether we need to resolve "arguments".  If the arguments have
2252         been captured, then they are stored in the lexical environment and the arguments
2253         register is not used.
2254
2255         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
2256         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
2257         better indicate what we are checking.
2258
2259         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
2260         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
2261         incorrectly calculated the location of the reified callee frame.  This alignment resulted
2262         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
2263
2264         * bytecompiler/BytecodeGenerator.cpp:
2265         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
2266         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
2267         (JSC::BytecodeGenerator::emitCall):
2268         (JSC::BytecodeGenerator::emitConstruct):
2269         (JSC::BytecodeGenerator::emitEnumeration):
2270         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
2271         * bytecompiler/BytecodeGenerator.h:
2272         * bytecompiler/NodesCodegen.cpp:
2273         (JSC::BracketAccessorNode::emitBytecode):
2274         (JSC::DotAccessorNode::emitBytecode):
2275         (JSC::getArgumentByVal):
2276         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2277         (JSC::ArrayPatternNode::emitDirectBinding):
2278         * dfg/DFGOSRExitCompilerCommon.cpp:
2279         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
2280         * dfg/DFGOperations.cpp:
2281         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
2282         * dfg/DFGOperations.h:
2283         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
2284
2285 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
2286
2287         Remove ENABLE(SQL_DATABASE) guards
2288         https://bugs.webkit.org/show_bug.cgi?id=140434
2289
2290         Reviewed by Darin Adler.
2291
2292         * CMakeLists.txt:
2293         * Configurations/FeatureDefines.xcconfig:
2294         * DerivedSources.make:
2295         * inspector/protocol/Database.json:
2296
2297 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
2298
2299         Web Inspector and regular console use different source code locations for messages
2300         https://bugs.webkit.org/show_bug.cgi?id=140478
2301
2302         Reviewed by Brian Burg.
2303
2304         * inspector/ConsoleMessage.h: Expose computed source location.
2305
2306         * inspector/agents/InspectorConsoleAgent.cpp:
2307         (Inspector::InspectorConsoleAgent::addMessageToConsole):
2308         (Inspector::InspectorConsoleAgent::stopTiming):
2309         (Inspector::InspectorConsoleAgent::count):
2310         * inspector/agents/InspectorConsoleAgent.h:
2311         addMessageToConsole() now takes a pre-made ConsoleMessage object.
2312
2313         * inspector/JSGlobalObjectConsoleClient.cpp:
2314         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2315         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
2316         * inspector/JSGlobalObjectInspectorController.cpp:
2317         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2318         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
2319         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
2320         Updated for the above changes.
2321
2322 2015-01-15  Mark Lam  <mark.lam@apple.com>
2323
2324         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
2325         <https://webkit.org/b/140093>
2326
2327         Reviewed by Geoffrey Garen.
2328
2329         * interpreter/StackVisitor.cpp:
2330         (JSC::StackVisitor::Frame::createArguments):
2331         - We should not fetching the lexicalEnvironment here.  The reason we've
2332           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
2333           may not be available to us at this point.  Instead, we'll just pass a nullptr.
2334
2335         * runtime/Arguments.cpp:
2336         (JSC::Arguments::tearOffForCloning):
2337         * runtime/Arguments.h:
2338         (JSC::Arguments::finishCreation):
2339         - Use the new tearOffForCloning() to tear off arguments right out of the values
2340           passed on the stack.  tearOff() is not appropriate for this purpose because
2341           it takes slowArgumentsData into account.
2342
2343 2015-01-14  Matthew Mirman  <mmirman@apple.com>
2344
2345         Removed accidental commit of "invalid_array.js" 
2346         http://trac.webkit.org/changeset/178439
2347
2348         * tests/stress/invalid_array.js: Removed.
2349
2350 2015-01-14  Matthew Mirman  <mmirman@apple.com>
2351
2352         Fixes operationPutByIdOptimizes such that they check that the put didn't
2353         change the structure of the object who's property access is being
2354         cached.  Also removes uses of the new base value from the cache generation code.
2355         https://bugs.webkit.org/show_bug.cgi?id=139500
2356
2357         Reviewed by Filip Pizlo.
2358
2359         * jit/JITOperations.cpp:
2360         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2361         (JSC::operationPutByIdNonStrictOptimize): ditto.
2362         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2363         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2364         * jit/Repatch.cpp:
2365         (JSC::generateByIdStub):
2366         (JSC::tryCacheGetByID):
2367         (JSC::tryBuildGetByIDList):
2368         (JSC::emitPutReplaceStub):
2369         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
2370         (JSC::tryCachePutByID):
2371         (JSC::repatchPutByID):
2372         (JSC::tryBuildPutByIdList):
2373         (JSC::tryRepatchIn):
2374         (JSC::emitPutTransitionStub): Deleted.
2375         * jit/Repatch.h:
2376         * llint/LLIntSlowPaths.cpp:
2377         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2378         * runtime/JSPropertyNameEnumerator.h:
2379         (JSC::genericPropertyNameEnumerator):
2380         * runtime/Operations.h:
2381         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
2382         (JSC::normalizePrototypeChain): restructured to not use the base value.
2383         * tests/mozilla/mozilla-tests.yaml:
2384         * tests/stress/proto-setter.js: Added.
2385         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
2386         Added test that fails without this patch.
2387
2388 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
2389
2390         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
2391         https://bugs.webkit.org/show_bug.cgi?id=140404
2392
2393         Reviewed by Timothy Hatcher.
2394
2395         * inspector/protocol/Timeline.json:
2396
2397 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2398
2399         DFG can call PutByValDirect for generic arrays
2400         https://bugs.webkit.org/show_bug.cgi?id=140389
2401
2402         Reviewed by Geoffrey Garen.
2403
2404         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
2405         However, current DFG asserts that put_by_val_direct is not used for the generic array,
2406         the assertion failure is raised.
2407         This patch allow DFG to use put_by_val_direct to generic arrays.
2408
2409         And fix the DFG put_by_val_direct implementation for string properties.
2410         At first, put_by_val_direct is inteded to be used for spread elements.
2411         So the property keys were limited to numbers (indexes).
2412         But now, it's also used for computed properties in object initializers.
2413
2414         * dfg/DFGOperations.cpp:
2415         (JSC::DFG::operationPutByValInternal):
2416         * dfg/DFGSpeculativeJIT64.cpp:
2417         (JSC::DFG::SpeculativeJIT::compile):
2418
2419 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
2420
2421         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
2422         https://bugs.webkit.org/show_bug.cgi?id=140397
2423
2424         Reviewed by Geoffrey Garen.
2425
2426         Patch by Alexey Proskuryakov.
2427
2428         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
2429
2430         No performance change.
2431
2432         No test, since this is a small past-the-end read, which is very
2433         difficult to turn into a reproducible failing test -- and existing tests
2434         crash reliably using ASan.
2435
2436         * bytecompiler/NodesCodegen.cpp:
2437         (JSC::BracketAccessorNode::emitBytecode):
2438         (JSC::DotAccessorNode::emitBytecode):
2439         (JSC::FunctionCallBracketNode::emitBytecode):
2440         (JSC::PostfixNode::emitResolve):
2441         (JSC::DeleteBracketNode::emitBytecode):
2442         (JSC::DeleteDotNode::emitBytecode):
2443         (JSC::PrefixNode::emitResolve):
2444         (JSC::UnaryOpNode::emitBytecode):
2445         (JSC::BitwiseNotNode::emitBytecode):
2446         (JSC::BinaryOpNode::emitBytecode):
2447         (JSC::EqualNode::emitBytecode):
2448         (JSC::StrictEqualNode::emitBytecode):
2449         (JSC::ThrowableBinaryOpNode::emitBytecode):
2450         (JSC::AssignDotNode::emitBytecode):
2451         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
2452         register used across a call to a function that might allocate a new
2453         temporary register must be held in a RefPtr.
2454
2455 2015-01-12  Michael Saboff  <msaboff@apple.com>
2456
2457         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
2458         https://bugs.webkit.org/show_bug.cgi?id=140348
2459
2460         Reviewed by Mark Lam.
2461
2462         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
2463         because those registers may have been spilled on the stack and replaced with other values by
2464         the time we call down to gatherFromCurrentThread().
2465
2466         Now we get the register contents at the same place that we demarcate the current top of
2467         stack using the address of a local variable, in Heap::markRoots().  The register contents
2468         buffer is passed along with the demarcation pointer.  These need to be done at this level 
2469         in the call tree and no lower, as markRoots() calls various functions that visit object
2470         pointers that may be latter proven dead.  Any of those pointers that are left on the
2471         stack or in registers could be incorrectly marked as live if we scan the stack contents
2472         from a called function or one of its callees.  The stack demarcation pointer and register
2473         saving need to be done in the same function so that we have a consistent stack, active
2474         and spilled registers.
2475
2476         Because we don't want to make unnecessary calls to get the register contents, we use
2477         a macro to allocated, and possibly align, the register structure and get the actual
2478         register contents.
2479
2480
2481         * heap/Heap.cpp:
2482         (JSC::Heap::markRoots):
2483         (JSC::Heap::gatherStackRoots):
2484         * heap/Heap.h:
2485         * heap/MachineStackMarker.cpp:
2486         (JSC::MachineThreads::gatherFromCurrentThread):
2487         (JSC::MachineThreads::gatherConservativeRoots):
2488         * heap/MachineStackMarker.h:
2489
2490 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
2491
2492         Add basic pattern matching support to the url filters
2493         https://bugs.webkit.org/show_bug.cgi?id=140283
2494
2495         Reviewed by Andreas Kling.
2496
2497         * JavaScriptCore.xcodeproj/project.pbxproj:
2498         Make YarrParser.h private in order to use it from WebCore.
2499
2500 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
2501
2502         Out of bounds read in IdentifierArena::makeIdentifier
2503         https://bugs.webkit.org/show_bug.cgi?id=140376
2504
2505         Patch by Alexey Proskuryakov.
2506
2507         Reviewed and ChangeLogged by Geoffrey Garen.
2508
2509         No test, since this is a small past-the-end read, which is very
2510         difficult to turn into a reproducible failing test -- and existing tests
2511         crash reliably using ASan.
2512
2513         * parser/ParserArena.h:
2514         (JSC::IdentifierArena::makeIdentifier):
2515         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
2516         zero-length string input, like we do in the literal parser, since it is
2517         not valid to dereference characters in a zero-length string.
2518
2519         A zero-length string is allowed in JavaScript -- for example, "".
2520
2521 2015-01-11  Sam Weinig  <sam@webkit.org>
2522
2523         Remove support for SharedWorkers
2524         https://bugs.webkit.org/show_bug.cgi?id=140344
2525
2526         Reviewed by Anders Carlsson.
2527
2528         * Configurations/FeatureDefines.xcconfig:
2529
2530 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
2531
2532         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
2533         https://bugs.webkit.org/show_bug.cgi?id=136769
2534
2535         Reviewed by Antti Koivisto.
2536
2537         * Configurations/FeatureDefines.xcconfig:
2538
2539 2015-01-12  Commit Queue  <commit-queue@webkit.org>
2540
2541         Unreviewed, rolling out r178266.
2542         https://bugs.webkit.org/show_bug.cgi?id=140363
2543
2544         Broke a JSC test (Requested by ap on #webkit).
2545
2546         Reverted changeset:
2547
2548         "Local JSArray* "keys" in objectConstructorKeys() is not
2549         marked during garbage collection"
2550         https://bugs.webkit.org/show_bug.cgi?id=140348
2551         http://trac.webkit.org/changeset/178266
2552
2553 2015-01-12  Michael Saboff  <msaboff@apple.com>
2554
2555         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
2556         https://bugs.webkit.org/show_bug.cgi?id=140348
2557
2558         Reviewed by Mark Lam.
2559
2560         Move the address of the local variable that is used to demarcate the top of the stack for 
2561         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
2562         the register values using setjmp().  That way we don't lose any callee save register
2563         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
2564         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
2565         erroneously.
2566
2567         * heap/Heap.cpp:
2568         (JSC::Heap::markRoots):
2569         (JSC::Heap::gatherStackRoots):
2570         * heap/Heap.h:
2571         * heap/MachineStackMarker.cpp:
2572         (JSC::MachineThreads::gatherFromCurrentThread):
2573         (JSC::MachineThreads::gatherConservativeRoots):
2574         * heap/MachineStackMarker.h:
2575
2576 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
2577
2578         Fix typo in testate.c error messages
2579         https://bugs.webkit.org/show_bug.cgi?id=140305
2580
2581         Reviewed by Geoffrey Garen.
2582
2583         * API/tests/testapi.c:
2584         (main): "... script did not timed out ..." -> "... script did not time out ..."
2585
2586 2015-01-09  Michael Saboff  <msaboff@apple.com>
2587
2588         Breakpoint doesn't fire in this HTML5 game
2589         https://bugs.webkit.org/show_bug.cgi?id=140269
2590
2591         Reviewed by Mark Lam.
2592
2593         When parsing a single line cached function, use the lineStartOffset of the
2594         location where we found the cached function instead of the cached lineStartOffset.
2595         The cache location's lineStartOffset has not been adjusted for any possible
2596         containing functions.
2597
2598         This change is not needed for multi-line cached functions.  Consider the
2599         single line source:
2600
2601         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
2602
2603         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
2604         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
2605         character is at outer()'s outermost open brace.  That is what we should use for
2606         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
2607         to the saved location for inner1(), including the lineStartOffset of 0.  We need
2608         to use the value of lineStartOffset before we started parsing inner1().  That is
2609         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
2610
2611         For a multi-line function, the close brace is guaranteed to be on a different line
2612         than the open brace.  Hence, its lineStartOffset will not change with the change of
2613         the SourceCode start character
2614
2615         * parser/Parser.cpp:
2616         (JSC::Parser<LexerType>::parseFunctionInfo):
2617
2618 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
2619
2620         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
2621         https://bugs.webkit.org/show_bug.cgi?id=140279
2622         rdar://problem/19422299
2623
2624         Reviewed by Oliver Hunt.
2625
2626         * runtime/MapData.cpp:
2627         (JSC::MapData::replaceAndPackBackingStore):
2628         The cell table also needs to have its values fixed.
2629
2630 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
2631
2632         Web Inspector: Remove or use TimelineAgent Resource related event types
2633         https://bugs.webkit.org/show_bug.cgi?id=140155
2634
2635         Reviewed by Timothy Hatcher.
2636
2637         Remove unused / stale Timeline event types.
2638
2639         * inspector/protocol/Timeline.json:
2640
2641 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
2642
2643         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
2644         https://bugs.webkit.org/show_bug.cgi?id=140098
2645
2646         Reviewed by Brian Burg.
2647
2648         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
2649
2650 2015-01-08  Mark Lam  <mark.lam@apple.com>
2651
2652         Argument object created by "Function dot arguments" should use a clone of the argument values.
2653         <https://webkit.org/b/140093>
2654
2655         Reviewed by Geoffrey Garen.
2656
2657         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
2658         test will crash.  The relevant code which manifests the issue is as follows:
2659
2660             function bar() {
2661                 return foo.arguments;
2662             }
2663
2664             function foo(p) {
2665                 var x = 42;
2666                 if (p)
2667                     return (function() { return x; });
2668                 else
2669                     return bar();
2670             }
2671
2672         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
2673         has dead code eliminated the SetLocal that stores it into its designated local.
2674         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
2675         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
2676         but instead, finds it to be uninitialized.  This results in a null pointer access
2677         which causes a crash.
2678
2679         This can be resolved by having bar() instantiate a clone of the Arguments object
2680         instead, and populate its elements with values fetched directly from foo's frame.
2681         There's no need to reference foo's LexicalEnvironment (whether present or not).
2682
2683         * interpreter/StackVisitor.cpp:
2684         (JSC::StackVisitor::Frame::createArguments):
2685         * runtime/Arguments.h:
2686         (JSC::Arguments::finishCreation):
2687
2688 2015-01-08  Mark Lam  <mark.lam@apple.com>
2689
2690         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
2691         <https://webkit.org/b/140236>
2692
2693         Reviewed by Geoffrey Garen.
2694
2695         Will change the DFG to use the operand on a subsequent pass.  For now,
2696         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
2697         retain the old behavior of getting the lexicalEnviroment from the
2698         ExecState.
2699
2700         * bytecompiler/BytecodeGenerator.cpp:
2701         (JSC::BytecodeGenerator::BytecodeGenerator):
2702         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2703         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2704         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
2705           instead of an empty JSValue as the lexicalEnvironment operand.
2706
2707         * dfg/DFGOperations.cpp:
2708         - Use the lexicalEnvironment from the ExecState for now.
2709
2710         * dfg/DFGSpeculativeJIT32_64.cpp:
2711         (JSC::DFG::SpeculativeJIT::compile):
2712         * dfg/DFGSpeculativeJIT64.cpp:
2713         (JSC::DFG::SpeculativeJIT::compile):
2714         - Use the operationCreateArgumentsForDFG() thunk for now.
2715
2716         * interpreter/CallFrame.cpp:
2717         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
2718         * interpreter/CallFrame.h:
2719         - Added this convenience function to return either the
2720           lexicalEnvironment or a nullptr so that we don't need to do a
2721           conditional check on codeBlock->needsActivation() at multiple sites.
2722
2723         * interpreter/StackVisitor.cpp:
2724         (JSC::StackVisitor::Frame::createArguments):
2725         * jit/JIT.h:
2726         * jit/JITInlines.h:
2727         (JSC::JIT::callOperation):
2728         * jit/JITOpcodes.cpp:
2729         (JSC::JIT::emit_op_create_arguments):
2730         (JSC::JIT::emitSlow_op_get_argument_by_val):
2731         * jit/JITOpcodes32_64.cpp:
2732         (JSC::JIT::emit_op_create_arguments):
2733         (JSC::JIT::emitSlow_op_get_argument_by_val):
2734         * jit/JITOperations.cpp:
2735         * jit/JITOperations.h:
2736         * llint/LLIntSlowPaths.cpp:
2737         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2738         * runtime/Arguments.h:
2739         (JSC::Arguments::create):
2740         (JSC::Arguments::finishCreation):
2741         * runtime/CommonSlowPaths.cpp:
2742         (JSC::SLOW_PATH_DECL):
2743         * runtime/JSLexicalEnvironment.cpp:
2744         (JSC::JSLexicalEnvironment::argumentsGetter):
2745
2746 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
2747
2748         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
2749         https://bugs.webkit.org/show_bug.cgi?id=138991
2750
2751         Reviewed by Timothy Hatcher.
2752
2753         * debugger/Debugger.cpp:
2754         (JSC::Debugger::Debugger):
2755         (JSC::Debugger::pauseIfNeeded):
2756         (JSC::Debugger::didReachBreakpoint):
2757         When actually pausing, if we hit a breakpoint ensure the reason
2758         is PausedForBreakpoint, otherwise use the current reason.
2759
2760         * debugger/Debugger.h:
2761         Make pause reason and pausing breakpoint ID public.
2762
2763         * inspector/agents/InspectorDebuggerAgent.h:
2764         * inspector/agents/InspectorDebuggerAgent.cpp:
2765         (Inspector::buildAssertPauseReason):
2766         (Inspector::buildCSPViolationPauseReason):
2767         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
2768         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
2769         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2770         (Inspector::buildObjectForBreakpointCookie):
2771         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2772         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
2773         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2774         (Inspector::InspectorDebuggerAgent::pause):
2775         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2776         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2777         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
2778         Clean up creation of pause reason objects and other cleanup
2779         of PassRefPtr use and InjectedScript use.
2780
2781         (Inspector::InspectorDebuggerAgent::didPause):
2782         Clean up so that we first check for an Exception, and then fall
2783         back to including a Pause Reason derived from the Debugger.
2784
2785         * inspector/protocol/Debugger.json:
2786         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
2787
2788 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
2789
2790         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
2791         https://bugs.webkit.org/show_bug.cgi?id=140209
2792
2793         Reviewed by Timothy Hatcher.
2794
2795         Check the types of objects in NSArrays for all interfaces (commands, events, types)
2796         when the user can set an array of objects. Previously we were only type checking
2797         they were RWIJSONObjects, now we add an explicit check for the exact object type.
2798
2799         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2800         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2801         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2802         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2803         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2804         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2805         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
2806         * inspector/scripts/codegen/objc_generator.py:
2807         (ObjCGenerator.objc_class_for_array_type):
2808         (ObjCGenerator):
2809
2810 2015-01-07  Mark Lam  <mark.lam@apple.com>
2811
2812         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
2813         <https://webkit.org/b/140233>
2814
2815         Reviewed by Filip Pizlo.
2816
2817         This patch only adds the operand to the bytecode.  It is not in use yet.
2818
2819         * bytecode/BytecodeList.json:
2820         * bytecode/BytecodeUseDef.h:
2821         (JSC::computeUsesForBytecodeOffset):
2822         * bytecode/CodeBlock.cpp:
2823         (JSC::CodeBlock::dumpBytecode):
2824         * bytecompiler/BytecodeGenerator.cpp:
2825         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2826         * llint/LowLevelInterpreter32_64.asm:
2827         * llint/LowLevelInterpreter64.asm:
2828
2829 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2830
2831         Investigate the character type of repeated string instead of checking is8Bit flag
2832         https://bugs.webkit.org/show_bug.cgi?id=140139
2833
2834         Reviewed by Darin Adler.
2835
2836         Instead of checking is8Bit flag of the repeated string, investigate
2837         the actual value of the repeated character since i8Bit flag give a false negative case.
2838
2839         * runtime/StringPrototype.cpp:
2840         (JSC::repeatCharacter):
2841         (JSC::stringProtoFuncRepeat):
2842         (JSC::repeatSmallString): Deleted.
2843
2844 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
2845
2846         Web Inspector: ObjC Generate types from the GenericTypes domain
2847         https://bugs.webkit.org/show_bug.cgi?id=140229
2848
2849         Reviewed by Timothy Hatcher.
2850
2851         Generate types from the GenericTypes domain, as they are expected
2852         by other domains (like Page domain). Also, don't include the @protocol
2853         forward declaration for a domain if it doesn't have any commands.
2854
2855         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2856         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
2857         (ObjCBackendDispatcherHeaderGenerator): Deleted.
2858         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
2859         * inspector/scripts/codegen/objc_generator.py:
2860         (ObjCGenerator):
2861         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2862         * inspector/scripts/tests/expected/enum-values.json-result:
2863         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2864         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2865         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2866         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2867         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2868         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2869         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2870         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2871         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2872
2873 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
2874
2875         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
2876         https://bugs.webkit.org/show_bug.cgi?id=140228
2877
2878         Reviewed by Timothy Hatcher.
2879
2880         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2881         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2882         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2883         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2884         * inspector/scripts/tests/expected/enum-values.json-result:
2885         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2886
2887 2015-01-07  Saam Barati  <saambarati1@gmail.com>
2888
2889         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
2890         https://bugs.webkit.org/show_bug.cgi?id=140165
2891
2892         Reviewed by Michael Saboff.
2893
2894         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
2895         into the LLInt speeds up type profiling.
2896
2897         * llint/LLIntOffsetsExtractor.cpp:
2898         * llint/LowLevelInterpreter.asm:
2899         * llint/LowLevelInterpreter32_64.asm:
2900         * llint/LowLevelInterpreter64.asm:
2901         * runtime/CommonSlowPaths.cpp:
2902         (JSC::SLOW_PATH_DECL):
2903         * runtime/CommonSlowPaths.h:
2904         * runtime/TypeProfilerLog.h:
2905         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
2906
2907 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
2908
2909         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
2910         https://bugs.webkit.org/show_bug.cgi?id=140053
2911
2912         Reviewed by Andreas Kling.
2913
2914         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
2915         related to Web Inspector. It also converts many uses of RefPtr to Ref where
2916         references are always non-null. These two refactorings have been combined since
2917         they tend to require similar changes to the code.
2918
2919         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
2920         have been updated to take a Ref instead of RefPtr.
2921
2922         Builders for typed protocol objects now return a Ref. Since there is no implicit
2923         call to operator&, callsites now must explicitly call .release() to convert a
2924         builder object into the corresponding protocol object once required fields are set.
2925         Update callsites and use auto to eliminate repetition of longwinded protocol types.
2926
2927         Tests for inspector protocol and replay inputs have been rebaselined.
2928
2929         * bindings/ScriptValue.cpp:
2930         (Deprecated::jsToInspectorValue):
2931         (Deprecated::ScriptValue::toInspectorValue):
2932         * bindings/ScriptValue.h:
2933         * inspector/ConsoleMessage.cpp:
2934         (Inspector::ConsoleMessage::addToFrontend):
2935         * inspector/ContentSearchUtilities.cpp:
2936         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2937         (Inspector::ContentSearchUtilities::searchInTextByLines):
2938         * inspector/ContentSearchUtilities.h:
2939         * inspector/InjectedScript.cpp:
2940         (Inspector::InjectedScript::getFunctionDetails):
2941         (Inspector::InjectedScript::getProperties):
2942         (Inspector::InjectedScript::getInternalProperties):
2943         (Inspector::InjectedScript::wrapCallFrames):
2944         (Inspector::InjectedScript::wrapObject):
2945         (Inspector::InjectedScript::wrapTable):
2946         * inspector/InjectedScript.h:
2947         * inspector/InjectedScriptBase.cpp:
2948         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
2949         * inspector/InspectorBackendDispatcher.cpp:
2950         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
2951         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
2952         (Inspector::InspectorBackendDispatcher::create):
2953         (Inspector::InspectorBackendDispatcher::dispatch):
2954         (Inspector::InspectorBackendDispatcher::sendResponse):
2955         (Inspector::InspectorBackendDispatcher::reportProtocolError):
2956         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
2957         (Inspector::InspectorBackendDispatcher::getInteger):
2958         (Inspector::InspectorBackendDispatcher::getDouble):
2959         (Inspector::InspectorBackendDispatcher::getString):
2960         (Inspector::InspectorBackendDispatcher::getBoolean):
2961         (Inspector::InspectorBackendDispatcher::getObject):
2962         (Inspector::InspectorBackendDispatcher::getArray):
2963         (Inspector::InspectorBackendDispatcher::getValue):
2964         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
2965         protocol error strings.
2966         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
2967         Convert the supplemental dispatcher's reference to Ref since it is never null.
2968         * inspector/InspectorEnvironment.h:
2969         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
2970         StructItemTraits. Add more versions of addItem to handle pushing various types.
2971         (Inspector::Protocol::Array::openAccessors):
2972         (Inspector::Protocol::Array::addItem):
2973         (Inspector::Protocol::Array::create):
2974         (Inspector::Protocol::StructItemTraits::push):
2975         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
2976         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
2977         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
2978         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
2979         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
2980         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
2981         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
2982         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
2983         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
2984         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
2985         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
2986         the same call signature as other getters. Use Ref where possible.
2987         (Inspector::InspectorObjectBase::getBoolean):
2988         (Inspector::InspectorObjectBase::getString):
2989         (Inspector::InspectorObjectBase::getObject):
2990         (Inspector::InspectorObjectBase::getArray):
2991         (Inspector::InspectorObjectBase::getValue):
2992         (Inspector::InspectorObjectBase::writeJSON):
2993         (Inspector::InspectorArrayBase::get):
2994         (Inspector::InspectorObject::create):
2995         (Inspector::InspectorArray::create):
2996         (Inspector::InspectorValue::null):
2997         (Inspector::InspectorString::create):
2998         (Inspector::InspectorBasicValue::create):
2999         (Inspector::InspectorObjectBase::get): Deleted.
3000         * inspector/InspectorValues.h:
3001         (Inspector::InspectorObjectBase::setValue):
3002         (Inspector::InspectorObjectBase::setObject):
3003         (Inspector::InspectorObjectBase::setArray):
3004         (Inspector::InspectorArrayBase::pushValue):
3005         (Inspector::InspectorArrayBase::pushObject):
3006         (Inspector::InspectorArrayBase::pushArray):
3007         * inspector/JSGlobalObjectConsoleClient.cpp:
3008         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
3009         (Inspector::JSGlobalObjectConsoleClient::count):
3010         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
3011         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
3012         * inspector/JSGlobalObjectConsoleClient.h:
3013         * inspector/JSGlobalObjectInspectorController.cpp:
3014         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
3015         * inspector/JSGlobalObjectInspectorController.h:
3016         * inspector/ScriptCallFrame.cpp:
3017         (Inspector::ScriptCallFrame::buildInspectorObject):
3018         * inspector/ScriptCallFrame.h:
3019         * inspector/ScriptCallStack.cpp:
3020         (Inspector::ScriptCallStack::create):
3021         (Inspector::ScriptCallStack::buildInspectorArray):
3022         * inspector/ScriptCallStack.h:
3023         * inspector/agents/InspectorAgent.cpp:
3024         (Inspector::InspectorAgent::enable):
3025         (Inspector::InspectorAgent::inspect):
3026         (Inspector::InspectorAgent::activateExtraDomain):
3027         * inspector/agents/InspectorAgent.h:
3028         * inspector/agents/InspectorDebuggerAgent.cpp:
3029         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
3030         (Inspector::buildObjectForBreakpointCookie):
3031         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
3032         (Inspector::InspectorDebuggerAgent::setBreakpoint):
3033         (Inspector::InspectorDebuggerAgent::continueToLocation):
3034         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
3035         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
3036         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
3037         (Inspector::InspectorDebuggerAgent::currentCallFrames):
3038         (Inspector::InspectorDebuggerAgent::didParseSource):
3039         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3040         (Inspector::InspectorDebuggerAgent::breakProgram):
3041         * inspector/agents/InspectorDebuggerAgent.h:
3042         * inspector/agents/InspectorRuntimeAgent.cpp:
3043         (Inspector::buildErrorRangeObject):
3044         (Inspector::InspectorRuntimeAgent::callFunctionOn):
3045         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3046         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3047         * inspector/agents/InspectorRuntimeAgent.h:
3048         * inspector/scripts/codegen/cpp_generator.py:
3049         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
3050         (CppGenerator.cpp_type_for_type_with_name):
3051         (CppGenerator.cpp_type_for_formal_async_parameter):
3052         (CppGenerator.should_use_references_for_type):
3053         (CppGenerator):
3054         * inspector/scripts/codegen/cpp_generator_templates.py:
3055         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
3056         (CppBackendDispatcherHeaderGenerator.generate_output):
3057         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
3058         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
3059         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
3060         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
3061         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
3062         (CppFrontendDispatcherHeaderGenerator.generate_output):
3063         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
3064         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
3065         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
3066         (CppProtocolTypesHeaderGenerator.generate_output):
3067         (_generate_class_for_object_declaration):
3068         (_generate_unchecked_setter_for_member):
3069         (_generate_forward_declarations_for_binding_traits):
3070         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
3071         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
3072         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
3073         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
3074         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
3075         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
3076         (ObjCProtocolTypesImplementationGenerator.generate_output):
3077         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3078         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3079         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3080         * inspector/scripts/tests/expected/enum-values.json-result:
3081         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3082         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3083         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3084         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3085         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3086         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3087         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3088         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3089         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3090         * replay/EncodedValue.cpp:
3091         (JSC::EncodedValue::asObject):
3092         (JSC::EncodedValue::asArray):
3093         (JSC::EncodedValue::put<EncodedValue>):
3094         (JSC::EncodedValue::append<EncodedValue>):
3095         (JSC::EncodedValue::get<EncodedValue>):
3096         * replay/EncodedValue.h:
3097         * replay/scripts/CodeGeneratorReplayInputs.py:
3098         (Type.borrow_type):
3099         (Type.argument_type):
3100         (Generator.generate_member_move_expression):
3101         * runtime/ConsoleClient.cpp:
3102         (JSC::ConsoleClient::printConsoleMessageWithArguments):
3103         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
3104         (JSC::ConsoleClient::logWithLevel):
3105         (JSC::ConsoleClient::clear):
3106         (JSC::ConsoleClient::dir):
3107         (JSC::ConsoleClient::dirXML):
3108         (JSC::ConsoleClient::table):
3109         (JSC::ConsoleClient::trace):
3110         (JSC::ConsoleClient::assertCondition):
3111         (JSC::ConsoleClient::group):
3112         (JSC::ConsoleClient::groupCollapsed):
3113         (JSC::ConsoleClient::groupEnd):
3114         * runtime/ConsoleClient.h:
3115         * runtime/TypeSet.cpp:
3116         (JSC::TypeSet::allStructureRepresentations):
3117         (JSC::TypeSet::inspectorTypeSet):
3118         (JSC::StructureShape::inspectorRepresentation):
3119         * runtime/TypeSet.h:
3120
3121 2015-01-07  Commit Queue  <commit-queue@webkit.org>
3122
3123         Unreviewed, rolling out r178039.
3124         https://bugs.webkit.org/show_bug.cgi?id=140187
3125
3126         Breaks ObjC Inspector Protocol (Requested by JoePeck on
3127         #webkit).
3128
3129         Reverted changeset:
3130
3131         "Web Inspector: purge PassRefPtr from Inspector code and use
3132         Ref for typed and untyped protocol objects"
3133         https://bugs.webkit.org/show_bug.cgi?id=140053
3134         http://trac.webkit.org/changeset/178039
3135
3136 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
3137
3138         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
3139         https://bugs.webkit.org/show_bug.cgi?id=140053
3140
3141         Reviewed by Andreas Kling.
3142
3143         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
3144         related to Web Inspector. It also converts many uses of RefPtr to Ref where
3145         references are always non-null. These two refactorings have been combined since
3146         they tend to require similar changes to the code.
3147
3148         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
3149         have been updated to take a Ref instead of RefPtr.
3150
3151         Builders for typed protocol objects now return a Ref. Since there is no implicit
3152         call to operator&, callsites now must explicitly call .release() to convert a
3153         builder object into the corresponding protocol object once required fields are set.
3154         Update callsites and use auto to eliminate repetition of longwinded protocol types.
3155
3156         Tests for inspector protocol and replay inputs have been rebaselined.
3157
3158         * bindings/ScriptValue.cpp:
3159         (Deprecated::jsToInspectorValue):
3160         (Deprecated::ScriptValue::toInspectorValue):
3161         * bindings/ScriptValue.h:
3162         * inspector/ConsoleMessage.cpp:
3163         (Inspector::ConsoleMessage::addToFrontend):
3164         * inspector/ContentSearchUtilities.cpp:
3165         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
3166         (Inspector::ContentSearchUtilities::searchInTextByLines):
3167         * inspector/ContentSearchUtilities.h:
3168         * inspector/InjectedScript.cpp:
3169         (Inspector::InjectedScript::getFunctionDetails):
3170         (Inspector::InjectedScript::getProperties):
3171         (Inspector::InjectedScript::getInternalProperties):
3172         (Inspector::InjectedScript::wrapCallFrames):
3173         (Inspector::InjectedScript::wrapObject):
3174         (Inspector::InjectedScript::wrapTable):
3175         * inspector/InjectedScript.h:
3176         * inspector/InjectedScriptBase.cpp:
3177         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
3178         * inspector/InspectorBackendDispatcher.cpp:
3179         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
3180         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
3181         (Inspector::InspectorBackendDispatcher::create):
3182         (Inspector::InspectorBackendDispatcher::dispatch):
3183         (Inspector::InspectorBackendDispatcher::sendResponse):
3184         (Inspector::InspectorBackendDispatcher::reportProtocolError):
3185         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
3186         (Inspector::InspectorBackendDispatcher::getInteger):
3187         (Inspector::InspectorBackendDispatcher::getDouble):
3188         (Inspector::InspectorBackendDispatcher::getString):
3189         (Inspector::InspectorBackendDispatcher::getBoolean):
3190         (Inspector::InspectorBackendDispatcher::getObject):
3191         (Inspector::InspectorBackendDispatcher::getArray):
3192         (Inspector::InspectorBackendDispatcher::getValue):
3193         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
3194         protocol error strings.
3195         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
3196         Convert the supplemental dispatcher's reference to Ref since it is never null.
3197         * inspector/InspectorEnvironment.h:
3198         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
3199         StructItemTraits. Add more versions of addItem to handle pushing various types.
3200         (Inspector::Protocol::Array::openAccessors):
3201         (Inspector::Protocol::Array::addItem):
3202         (Inspector::Protocol::Array::create):
3203         (Inspector::Protocol::StructItemTraits::push):
3204         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
3205         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
3206         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
3207         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
3208         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
3209         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
3210         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
3211         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
3212         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
3213         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
3214         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
3215         the same call signature as other getters. Use Ref where possible.
3216         (Inspector::InspectorObjectBase::getBoolean):
3217         (Inspector::InspectorObjectBase::getString):
3218         (Inspector::InspectorObjectBase::getObject):
3219         (Inspector::InspectorObjectBase::getArray):
3220         (Inspector::InspectorObjectBase::getValue):
3221         (Inspector::InspectorObjectBase::writeJSON):
3222         (Inspector::InspectorArrayBase::get):
3223         (Inspector::InspectorObject::create):
3224         (Inspector::InspectorArray::create):
3225         (Inspector::InspectorValue::null):
3226         (Inspector::InspectorString::create):
3227         (Inspector::InspectorBasicValue::create):
3228         (Inspector::InspectorObjectBase::get): Deleted.
3229         * inspector/InspectorValues.h:
3230         (Inspector::InspectorObjectBase::setValue):
3231         (Inspector::InspectorObjectBase::setObject):
3232         (Inspector::InspectorObjectBase::setArray):
3233         (Inspector::InspectorArrayBase::pushValue):
3234         (Inspector::InspectorArrayBase::pushObject):
3235         (Inspector::InspectorArrayBase::pushArray):
3236         * inspector/JSGlobalObjectConsoleClient.cpp:
3237         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
3238         (Inspector::JSGlobalObjectConsoleClient::count):
3239         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
3240         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
3241         * inspector/JSGlobalObjectConsoleClient.h:
3242         * inspector/JSGlobalObjectInspectorController.cpp:
3243         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
3244         * inspector/JSGlobalObjectInspectorController.h:
3245         * inspector/ScriptCallFrame.cpp:
3246         (Inspector::ScriptCallFrame::buildInspectorObject):
3247         * inspector/ScriptCallFrame.h:
3248         * inspector/ScriptCallStack.cpp:
3249         (Inspector::ScriptCallStack::create):
3250         (Inspector::ScriptCallStack::buildInspectorArray):
3251         * inspector/ScriptCallStack.h:
3252         * inspector/agents/InspectorAgent.cpp:
3253         (Inspector::InspectorAgent::enable):
3254         (Inspector::InspectorAgent::inspect):
3255         (Inspector::InspectorAgent::activateExtraDomain):
3256         * inspector/agents/InspectorAgent.h:
3257         * inspector/agents/InspectorDebuggerAgent.cpp:
3258         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
3259         (Inspector::buildObjectForBreakpointCookie):
3260         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
3261         (Inspector::InspectorDebuggerAgent::setBreakpoint):
3262         (Inspector::InspectorDebuggerAgent::continueToLocation):
3263         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
3264         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
3265         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
3266         (Inspector::InspectorDebuggerAgent::currentCallFrames):
3267         (Inspector::InspectorDebuggerAgent::didParseSource):
3268         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3269         (Inspector::InspectorDebuggerAgent::breakProgram):
3270         * inspector/agents/InspectorDebuggerAgent.h:
3271         * inspector/agents/InspectorRuntimeAgent.cpp:
3272         (Inspector::buildErrorRangeObject):
3273         (Inspector::InspectorRuntimeAgent::callFunctionOn):
3274         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3275         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3276         * inspector/agents/InspectorRuntimeAgent.h:
3277         * inspector/scripts/codegen/cpp_generator.py:
3278         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
3279         (CppGenerator.cpp_type_for_type_with_name):
3280         (CppGenerator.cpp_type_for_formal_async_parameter):
3281         (CppGenerator.should_use_references_for_type):
3282         (CppGenerator):
3283         * inspector/scripts/codegen/cpp_generator_templates.py:
3284         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
3285         (CppBackendDispatcherHeaderGenerator.generate_output):
3286         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
3287         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
3288         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
3289         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
3290         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
3291         (CppFrontendDispatcherHeaderGenerator.generate_output):
3292         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
3293         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
3294         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
3295         (CppProtocolTypesHeaderGenerator.generate_output):
3296         (_generate_class_for_object_declaration):
3297         (_generate_unchecked_setter_for_member):
3298         (_generate_forward_declarations_for_binding_traits):
3299         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
3300         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
3301         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
3302         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
3303         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
3304         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
3305         (ObjCProtocolTypesImplementationGenerator.generate_output):
3306         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3307         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3308         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3309         * inspector/scripts/tests/expected/enum-values.json-result:
3310         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3311         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3312         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3313         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3314         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3315         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3316         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3317         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3318         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3319         * replay/EncodedValue.cpp:
3320         (JSC::EncodedValue::asObject):
3321         (JSC::EncodedValue::asArray):
3322         (JSC::EncodedValue::put<EncodedValue>):
3323         (JSC::EncodedValue::append<EncodedValue>):
3324         (JSC::EncodedValue::get<EncodedValue>):
3325         * replay/EncodedValue.h:
3326         * replay/scripts/CodeGeneratorReplayInputs.py:
3327         (Type.borrow_type):
3328         (Type.argument_type):
3329         (Generator.generate_member_move_expression):
3330         * runtime/ConsoleClient.cpp:
3331         (JSC::ConsoleClient::printConsoleMessageWithArguments):
3332         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
3333         (JSC::ConsoleClient::logWithLevel):
3334         (JSC::ConsoleClient::clear):
3335         (JSC::ConsoleClient::dir):
3336         (JSC::ConsoleClient::dirXML):
3337         (JSC::ConsoleClient::table):
3338         (JSC::ConsoleClient::trace):
3339         (JSC::ConsoleClient::assertCondition):
3340         (JSC::ConsoleClient::group):
3341         (JSC::ConsoleClient::groupCollapsed):
3342         (JSC::ConsoleClient::groupEnd):
3343         * runtime/ConsoleClient.h:
3344         * runtime/TypeSet.cpp:
3345         (JSC::TypeSet::allStructureRepresentations):
3346         (JSC::TypeSet::inspectorTypeSet):
3347         (JSC::StructureShape::inspectorRepresentation):
3348         * runtime/TypeSet.h:
3349
3350 2015-01-06  Chris Dumez  <cdumez@apple.com>
3351
3352         Drop ResourceResponseBase::connectionID and connectionReused members
3353         https://bugs.webkit.org/show_bug.cgi?id=140158
3354
3355         Reviewed by Sam Weinig.
3356
3357         Drop ResourceResponseBase::connectionID and connectionReused members.
3358         Those were needed by the Chromium port but are no longer used.
3359
3360         * inspector/protocol/Network.json:
3361
3362 2015-01-06  Mark Lam  <mark.lam@apple.com>
3363
3364         Add the lexicalEnvironment as an operand to op_create_arguments.
3365         <https://webkit.org/b/140148>
3366
3367         Reviewed by Geoffrey Garen.
3368
3369         This patch only adds the operand to the bytecode.  It is not in use yet.
3370
3371         * bytecode/BytecodeList.json:
3372         * bytecode/BytecodeUseDef.h:
3373         (JSC::computeUsesForBytecodeOffset):
3374         * bytecode/CodeBlock.cpp:
3375         (JSC::CodeBlock::dumpBytecode):
3376         * bytecompiler/BytecodeGenerator.cpp:
3377         (JSC::BytecodeGenerator::BytecodeGenerator):
3378         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
3379         - Adds the lexicalEnvironment register (if present) as an operand to
3380           op_create_arguments.  Else, adds a constant empty JSValue.
3381         * llint/LowLevelInterpreter32_64.asm:
3382         * llint/LowLevelInterpreter64.asm:
3383
3384 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
3385
3386         ADDRESS_SANITIZER macro is overloaded
3387         https://bugs.webkit.org/show_bug.cgi?id=140130
3388
3389         Reviewed by Anders Carlsson.
3390
3391         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
3392         This code is nearly unused (only compiled in when JIT is disabled at build time),
3393         however I've been told that it's best to keep it.
3394
3395 2015-01-06  Mark Lam  <mark.lam@apple.com>
3396
3397         Fix Use details for op_create_arguments.
3398         <https://webkit.org/b/140110>
3399
3400         Rubber stamped by Filip Pizlo.
3401
3402         The previous patch was wrong about op_create_arguments not using its 1st operand.
3403         It does read from it (hence, used) to check if the Arguments object has already
3404         been created or not.  This patch reverts the change for op_create_arguments.
3405
3406         * bytecode/BytecodeUseDef.h:
3407         (JSC::computeUsesForBytecodeOffset):
3408
3409 2015-01-06  Mark Lam  <mark.lam@apple.com>
3410
3411         Fix Use details for op_create_lexical_environment and op_create_arguments.
3412         <https://webkit.org/b/140110>
3413
3414         Reviewed by Filip Pizlo.
3415
3416         The current "Use" details for op_create_lexical_environment and
3417         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
3418         1st operand (the output local).  op_create_lexical_environment uses its 2nd
3419         operand (the scope chain) instead of the 1st (the output local).
3420         This patch fixes them to specify the proper uses.