ChangeLog

2014-01-22  Mark Lam  <mark.lam@apple.com>

        Poor man's fast breakpoints for a 2.3x debugger speedup.
        <https://webkit.org/b/122836>

        Reviewed by Geoffrey Garen.

        Previously we gained back some performance (run at baseline JIT speeds)
        when the WebInspector is opened provided no breakpoints are set. This
        was achieved by simply skipping all op_debug callbacks to the debugger
        if no breakpoints are set. If any breakpoints are set, the debugger will
        set a m_needsOpDebugCallbacks flag which causes the callbacks to be
        called, and we don't get the baseline JIT speeds anymore.

        With this patch, we will now track the number of breakpoints set in the
        CodeBlock that they are set in. The LLINT and baseline JIT code will
        check CodeBlock::m_numBreakpoints to determine if the op_debug callbacks
        need to be called. With this, we will only enable op_debug callbacks for
        CodeBlocks that need it i.e. those with breakpoints set in them.

        Debugger::m_needsOpDebugCallbacks is now obsoleted. The LLINT and baseline
        JIT code still needs to check Debugger::m_shouldPause to determine if the
        debugger is in stepping mode and hence, needs op_debug callbacks enabled
        for everything until the debugger "continues" the run and exit stepping
        mode.

        Also in this patch, I fixed a regression in DOM breakpoints which relies
        Debugger::breakProgram() to pause the debugger.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpBytecode):
        - Missed accounting for op_debug's new hasBreakpointFlag operand here when
          it was added.
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::hasOpDebugForLineAndColumn):
        - This is needed in Debugger::toggleBreakpoint() to determine if a
          breakpoint falls within a CodeBlock or not. Simply checking the bounds
          of the CodeBlock is insufficient. For example, let's say we have the
          following JS code:

              // begin global scope
              function f1() {
                  function f2() {
                     ... // set breakpoint here.
                  }
              }
              // end global scope

          Using the CodeBlock bounds alone, the breakpoint above will to appear
          to be in the global program CodeBlock, and the CodeBlocks for function
          f1() and f2(). With CodeBlock::hasOpDebugForLineAndColumn() we can
          rule out the global program CodeBlock and f1(), and only apply the
          breakpoint to f2(0 where it belongs.

          CodeBlock::hasOpDebugForLineAndColumn() works by iterating over all
          the opcodes in the CodeBlock to look for op_debug's. For each op_debug,
          it calls CodeBlock::expressionRangeForBytecodeOffset() to do a binary
          seach to get the line and column info for that op_debug. This is a
          N * log(N) algorithm. However, a quick hands on test using the
          WebInspector (with this patch applied) to exercise setting, breaking
          on, and clearing breakpoints, as well as stepping through some code
          shows no noticeable degradation of the user experience compared to the
          baseline without this patch.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::numBreakpoints):
        (JSC::CodeBlock::numBreakpointsOffset):
        (JSC::CodeBlock::addBreakpoint):
        (JSC::CodeBlock::removeBreakpoint):
        (JSC::CodeBlock::clearAllBreakpoints):
        * debugger/Breakpoint.h:
        - defined Breakpoint::unspecifiedColumn so that we can explicitly indicate
          when the WebInspector was setting a line breakpoint and did not provide
          a column value. CodeBlock::hasOpDebugForLineAndColumn() needs this
          information in order to loosen its matching criteria for op_debug
          bytecodes for the specified breakpoint line and column values provided
          by the debugger.

          Previously, we just hijack a 0 value column as an unspecified column.
          However, the WebInspector operates on 0-based ints for column values.
          Hence, 0 should be a valid column value and should not be hijacked to
          mean an unspecified column.

        * debugger/Debugger.cpp:
        (JSC::Debugger::Debugger):
        - added tracking of the VM that the debugger is used with. This is
          needed by Debugger::breakProgram().

          The VM pointer is attained from the first JSGlobalObject that the debugger
          attaches to. When the debugger detaches from the last JSGlobalObject, it
          will nullify its VM pointer to allow a new one to be set on the next
          attach.

          We were always only using each debugger instance with one VM. This change
          makes it explicit with an assert to ensure that all globalObjects that
          the debugger attaches to beongs to the same VM.

        (JSC::Debugger::attach):
        (JSC::Debugger::detach):
        (JSC::Debugger::setShouldPause):

        (JSC::Debugger::registerCodeBlock):
        (JSC::Debugger::unregisterCodeBlock):
        - registerCodeBlock() is responsible for applying pre-existing breakpoints
          to new CodeBlocks being installed. Similarly, unregisterCodeBlock()
          clears the breakpoints.

        (JSC::Debugger::toggleBreakpoint):
        - This is the workhorse function that checks if a breakpoint falls within
          a CodeBlock or not. If it does, then it can either enable or disable
          said breakpoint in the CodeBlock. In the current implementation,
          enabling/disabling the breakpoint simply means incrementing/decrementing
          the CodeBlock's m_numBreakpoints.

        (JSC::Debugger::applyBreakpoints):

        (JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
        (JSC::Debugger::ToggleBreakpointFunctor::operator()):
        (JSC::Debugger::toggleBreakpoint):
        - Iterates all relevant CodeBlocks and apply the specified breakpoint
          if appropriate. This is called when a new breakpoint is being defined
          by the WebInspector and needs to be applied to an already installed
          CodeBlock.

        (JSC::Debugger::setBreakpoint):
        (JSC::Debugger::removeBreakpoint):
        (JSC::Debugger::hasBreakpoint):
        (JSC::Debugger::ClearBreakpointsFunctor::ClearBreakpointsFunctor):
        (JSC::Debugger::ClearBreakpointsFunctor::operator()):
        (JSC::Debugger::clearBreakpoints):

        (JSC::Debugger::breakProgram):
        - Fixed a regression that broke DOM breakpoints. The issue is that with
          the skipping of op_debug callbacks, we don't always have an updated
          m_currentCallFrame. Normally, m_currentCallFrame is provided as arg
          in the op_debug callback. In this case, we can get the CallFrame* from
          m_vm->topCallFrame.

        (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
        (JSC::Debugger::pauseIfNeeded):
        (JSC::Debugger::willExecuteProgram):
        * debugger/Debugger.h:
        (JSC::Debugger::Debugger):
        (JSC::Debugger::shouldPause):

        * heap/CodeBlockSet.h:
        (JSC::CodeBlockSet::iterate):
        * heap/Heap.h:
        (JSC::Heap::forEachCodeBlock):
        - Added utility to iterate all CodeBlocks in the heap / VM.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::debug):

        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_debug):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_debug):
        * llint/LowLevelInterpreter.asm:
        - These now checks CodeBlock::m_numBreakpoints and Debugger::m_shouldPause
          instead of Debugger::m_needsOpDebugCallbacks.

        * runtime/Executable.cpp:
        (JSC::ScriptExecutable::installCode):

2014-01-22  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove CSS3_TEXT_DECORATION define
        https://bugs.webkit.org/show_bug.cgi?id=127333

        This is required for unprefixing the text-decoration-* CSS properties.

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2014-01-22  Alexey Proskuryakov  <ap@apple.com>

        Update JS whitespace definition for changes in Unicode 6.3
        https://bugs.webkit.org/show_bug.cgi?id=127450
        <rdar://15863457>

        Reviewed by Oliver Hunt.

        Covered by existing tests when running against a Unicode back-end that supports
        Unicode 6.3 or higher.

        * runtime/JSGlobalObjectFunctions.cpp: (JSC::isStrWhiteSpace): Explicitly allow
        U+180E MONGOLIAN VOWEL SEPARATOR, because we need to keep recognizing all characters
        that used to be whitespace.

2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>

        Registers used in writeBarrierOnOperand can cause clobbering on some platforms
        https://bugs.webkit.org/show_bug.cgi?id=127357

        Reviewed by Filip Pizlo.

        Some platforms use t0 and t1 for their first two arguments, so using those to load the 
        cell for the write barrier is a bad idea because it will get clobbered.

        * llint/LowLevelInterpreter32_64.asm:
        * llint/LowLevelInterpreter64.asm:

2014-01-21  Mark Rowe  <mrowe@apple.com>

        Mac production build fix.

        Move the shell script build phase to copy jsc into JavaScriptCore.framework
        out of the jsc target and in to the All target so that it's not run during
        production builds. Xcode appears to the parent directories of paths referenced
        in the Output Files of the build phase, which leads to problems when the
        SYMROOT for the JavaScriptCore framework and the jsc executables are later merged.

        I've also fixed the path to the Resources folder in the script while I'm here.
        On iOS the framework bundle is shallow so the correct destination is Resources/
        rather than Versions/A/Resources. This is handled by tweaking the
        JAVASCRIPTCORE_RESOURCES_DIR configuration setting to be relative rather than
        a complete path so we can reuse it in the script. The references in JSC.xcconfig
        and ToolExecutable.xcconfig are updated to prepend JAVASCRIPTCORE_FRAMEWORKS_DIR
        to preserve their former values.

        * Configurations/Base.xcconfig:
        * Configurations/JSC.xcconfig:
        * Configurations/ToolExecutable.xcconfig:
        * JavaScriptCore.xcodeproj/project.pbxproj:

2014-01-19  Andreas Kling  <akling@apple.com>

        JSC Parser: Shrink BindingNode.
        <https://webkit.org/b/127253>

        The "divot" and "end" source locations are always identical for
        BindingNodes, so store only "start" and "end" instead.

        1.19 MB progression on Membuster3.

        Reviewed by Geoff Garen.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::BindingNode::bindValue):
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createBindingLocation):
        * parser/NodeConstructors.h:
        (JSC::BindingNode::create):
        (JSC::BindingNode::BindingNode):
        * parser/Nodes.h:
        (JSC::BindingNode::divotStart):
        (JSC::BindingNode::divotEnd):
        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::createBindingPattern):
        * parser/SyntaxChecker.h:
        (JSC::SyntaxChecker::operatorStackPop):

2014-01-20  Filip Pizlo  <fpizlo@apple.com>

        op_captured_mov and op_new_captured_func in UnlinkedCodeBlocks should use the IdentifierMap instead of the strings directly
        https://bugs.webkit.org/show_bug.cgi?id=127311
        <rdar://problem/15853958>

        Reviewed by Andreas Kling.
        
        This makes UnlinkedCodeBlocks use 32-bit instruction streams again.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::UnlinkedInstruction::UnlinkedInstruction):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::addVar):
        (JSC::BytecodeGenerator::emitInitLazyRegister):
        (JSC::BytecodeGenerator::createArgumentsIfNecessary):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::watchableVariable):
        (JSC::BytecodeGenerator::hasWatchableVariable):

2014-01-20  Mark Lam  <mark.lam@apple.com>

        Removing CodeBlock::opDebugBytecodeOffsetForLineAndColumn() and friends.
        <https://webkit.org/b/127321>

        Reviewed by Geoffrey Garen.

        We're changing plans and will be going with CodeBlock level breakpoints
        instead of bytecode level breakpoints. As a result, we no longer need
        the services of CodeBlock::opDebugBytecodeOffsetForLineAndColumn() (and
        friends). This patch will remove that unused code.

        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:
        * bytecode/LineColumnInfo.h: Removed.
        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
        * bytecode/UnlinkedCodeBlock.h:

2014-01-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        CodeBlockSet::traceMarked doesn't need to visit the ownerExecutable
        https://bugs.webkit.org/show_bug.cgi?id=127301

        Reviewed by Oliver Hunt.

        We used to just call CodeBlock::visitAggregate, but now we call visitChildren 
        on the ownerExecutable, which is unnecessary. 

        * heap/CodeBlockSet.cpp:
        (JSC::CodeBlockSet::traceMarked):

2014-01-20  Anders Carlsson  <andersca@apple.com>

        Fix build.

        * heap/BlockAllocator.h:

2014-01-20  Anders Carlsson  <andersca@apple.com>

        Stop using ThreadCondition in BlockAllocator
        https://bugs.webkit.org/show_bug.cgi?id=126313

        Reviewed by Sam Weinig.

        * heap/BlockAllocator.cpp:
        (JSC::BlockAllocator::~BlockAllocator):
        (JSC::BlockAllocator::waitForDuration):
        (JSC::BlockAllocator::blockFreeingThreadMain):
        * heap/BlockAllocator.h:
        (JSC::BlockAllocator::deallocate):

2014-01-19  Anders Carlsson  <andersca@apple.com>

        Convert GCThreadSharedData over to STL threading primitives
        https://bugs.webkit.org/show_bug.cgi?id=127256

        Reviewed by Andreas Kling.

        * heap/GCThread.cpp:
        (JSC::GCThread::waitForNextPhase):
        (JSC::GCThread::gcThreadMain):
        * heap/GCThreadSharedData.cpp:
        (JSC::GCThreadSharedData::GCThreadSharedData):
        (JSC::GCThreadSharedData::~GCThreadSharedData):
        (JSC::GCThreadSharedData::startNextPhase):
        (JSC::GCThreadSharedData::endCurrentPhase):
        (JSC::GCThreadSharedData::didStartMarking):
        (JSC::GCThreadSharedData::didFinishMarking):
        * heap/GCThreadSharedData.h:
        * heap/SlotVisitor.cpp:
        (JSC::SlotVisitor::donateKnownParallel):
        (JSC::SlotVisitor::drainFromShared):

2014-01-18  Andreas Kling  <akling@apple.com>

        CodeBlock: Size m_callLinkInfos and m_byValInfos to fit earlier.
        <https://webkit.org/b/127239>

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::setNumberOfByValInfos):
        (JSC::CodeBlock::setNumberOfCallLinkInfos):

            Use resizeToFit() instead of grow() for these vectors, since
            we know the final size here.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::shrinkToFit):

            No need to shrink here anymore. We were not even shrinking
            m_byValInfo before!

2014-01-18  Andreas Kling  <akling@apple.com>

        CodeBlock: Size m_function{Exprs,Decls} to fit from creation.
        <https://webkit.org/b/127238>

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):

            Use resizeToFit() instead of grow() for m_functionExprs and
            m_functionDecls since we know they will never change size.

        (JSC::CodeBlock::shrinkToFit):

            No need to shrink them here anymore.

2014-01-18  Andreas Kling  <akling@apple.com>

        Remove unused CodeBlock::m_additionalIdentifiers member.
        <https://webkit.org/b/127237>

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.h:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::shrinkToFit):

            Remove m_additionalIdentifiers, nothing uses it.

2014-01-18  Andreas Kling  <akling@apple.com>

        Remove two unused CodeBlock functions.
        <https://webkit.org/b/127235>

        Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
        since they are not used.

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:

2014-01-18  Andreas Kling  <akling@apple.com>

        CodeBlock: Size m_exceptionHandlers to fit from creation.
        <https://webkit.org/b/127234>

        Avoid allocation churn for CodeBlock::m_exceptionHandlers.

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.h:

            Removed unused CodeBlock::allocateHandlers() function.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):

            Use resizeToFit() instead of grow() for m_exceptionHandlers
            since we know it's never going to change size.

        (JSC::CodeBlock::shrinkToFit):

            No need to shrink m_exceptionHandlers here since it's already
            the perfect size.

2014-01-18  Mark Lam  <mark.lam@apple.com>

        Add a hasBreakpointFlag arg to the op_debug bytecode.
        https://bugs.webkit.org/show_bug.cgi?id=127230.

        Reviewed by Geoffrey Garen.

        This is in anticipation of upcoming changes to support bytecode level
        breakpoints. This patch adds the flag to the op_debug bytecode and
        initializes it, but does not use it yet.

        * bytecode/Opcode.h:
        (JSC::padOpcodeName):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitDebugHook):
        * llint/LowLevelInterpreter.asm:

2014-01-18  Alberto Garcia  <berto@igalia.com>

        JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
        https://bugs.webkit.org/show_bug.cgi?id=99683

        Reviewed by Anders Carlsson.

        * jit/ThunkGenerators.cpp:
        * tools/CodeProfile.cpp:
        (JSC::symbolName):
        (JSC::CodeProfile::sample):

2014-01-18  Anders Carlsson  <andersca@apple.com>

        Remove ENABLE_THREADED_HTML_PARSER defines everywhere
        https://bugs.webkit.org/show_bug.cgi?id=127225

        Reviewed by Andreas Kling.

        This concludes the removal of over 8.8 million lines of threaded parser code.

        * Configurations/FeatureDefines.xcconfig:

2014-01-18  Mark Lam  <mark.lam@apple.com>

        Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
        https://bugs.webkit.org/show_bug.cgi?id=127127.

        Reviewed by Geoffrey Garen.

        In order to implement bytecode level breakpoints, we need a mechanism
        for computing the best fit op_debug bytecode offset for any valid given
        line and column value in the source. The "best fit" op_debug bytecode
        in this case is defined below in the comment for
        UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().

        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
        - Convert the line and column to unlinked line and column values and
          pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
          to do the real work.

        * bytecode/CodeBlock.h:
        * bytecode/LineColumnInfo.h: Added.
        (JSC::LineColumnInfo::operator <):
        (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
        (JSC::LineColumnInfo::operator ==):
        (JSC::LineColumnInfo::operator !=):
        (JSC::LineColumnInfo::operator <=):
        (JSC::LineColumnInfo::operator >):
        (JSC::LineColumnInfo::operator >=):
        * bytecode/LineInfo.h: Removed.

        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
        - Factored this out of expressionRangeForBytecodeOffset() so that it can
          be called from multiple places.
        (JSC::dumpLineColumnEntry):
        (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
        (JSC::UnlinkedCodeBlock::dumpOpDebugLineColumnInfoList):
        - Some dumpers for debugging use only.
        (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
        (JSC::UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn):
        - Finds the earliest op_debug bytecode whose line and column matches the
          specified line and column values. If an exact match is not found, then
          finds the nearest op_debug bytecode that precedes the specified line
          and column values. If there are more than one op_debug at that preceding
          line and column value, then the earliest of those op_debug bytecodes will
          be be selected. The offset of the selected bytecode will be returned.

          We want the earliest one because when we have multiple op_debug bytecodes
          that map to a given line and column, a debugger user would expect to break
          on the first one and step through the rest thereafter if needed.

        (JSC::compareLineColumnInfo):
        (JSC::UnlinkedCodeBlock::opDebugLineColumnInfoList):
        - Creates the sorted opDebugLineColumnInfoList on demand. This list is
          stored in the UnlinkedCodeBlock's rareData.
        * bytecode/UnlinkedCodeBlock.h:

2014-01-18  Zan Dobersek  <zdobersek@igalia.com>

        Inspector scripts are not compatible with Python v3
        https://bugs.webkit.org/show_bug.cgi?id=127128

        Reviewed by Benjamin Poulain.

        * inspector/scripts/generate-combined-inspector-json.py: Turn print statements into print function calls.
        * inspector/scripts/jsmin.py: Try importing the StringIO class from the StringIO module (which will work for
        Python v2) or, on import error, import the class from the io module (which will work for Python v3).

2014-01-17  Anders Carlsson  <andersca@apple.com>

        String::is8Bit() crashes if m_impl is null, handle this.

        * API/OpaqueJSString.h:
        (OpaqueJSString::OpaqueJSString):

2014-01-17  Anders Carlsson  <andersca@apple.com>

        Try to fix the Windows build.

        * API/OpaqueJSString.cpp:
        (OpaqueJSString::~OpaqueJSString):
        (OpaqueJSString::characters):
        * API/OpaqueJSString.h:
        (OpaqueJSString::OpaqueJSString):

2014-01-17  Anders Carlsson  <andersca@apple.com>

        Get rid of OpaqueJSString::deprecatedCharacters()
        https://bugs.webkit.org/show_bug.cgi?id=127161

        Reviewed by Sam Weinig.

        Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
        code paths for the 8-bit cases.
        
        Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
        Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
        is called and the backing string is 8-bit.
        
        This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
        (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
        causing an unsafe upconversion to a 16-bit string).

        * API/JSStringRef.cpp:
        (JSStringGetCharactersPtr):
        Call OpaqueJSString::characters.

        (JSStringGetUTF8CString):
        Add a code path that handles 8-bit strings.

        (JSStringIsEqual):
        Call OpaqueJSString::equal.

        * API/JSStringRefCF.cpp:
        (JSStringCreateWithCFString):
        Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.

        (JSStringCopyCFString):
        Create an 8-bit CFStringRef if possible.

        * API/OpaqueJSString.cpp:
        (OpaqueJSString::create):
        Use nullptr.

        (OpaqueJSString::~OpaqueJSString):
        Free m_characters.

        (OpaqueJSString::characters):
        Do the up-conversion and store the result in m_characters.

        (OpaqueJSString::equal):
        New helper function.

        * API/OpaqueJSString.h:
        (OpaqueJSString::is8Bit):
        New function that returns whether a string is 8-bit or not.

        (OpaqueJSString::characters8):
        (OpaqueJSString::characters16):
        Add getters.

2014-01-17  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>

        Remove workaround for compilers not supporting deleted functions
        https://bugs.webkit.org/show_bug.cgi?id=127166

        Reviewed by Andreas Kling.

        * inspector/InspectorAgentRegistry.h:

2014-01-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r162185, r162186, and r162187.
        http://trac.webkit.org/changeset/162185
        http://trac.webkit.org/changeset/162186
        http://trac.webkit.org/changeset/162187
        https://bugs.webkit.org/show_bug.cgi?id=127164

        Broke JSStringCreateWithCharactersNoCopy, as evidenced by a
        JSC API test (Requested by ap on #webkit).

        * API/JSStringRef.cpp:
        (JSStringGetCharactersPtr):
        (JSStringGetUTF8CString):
        (JSStringIsEqual):
        * API/JSStringRefCF.cpp:
        (JSStringCreateWithCFString):
        (JSStringCopyCFString):
        * API/OpaqueJSString.cpp:
        (OpaqueJSString::create):
        (OpaqueJSString::identifier):
        * API/OpaqueJSString.h:
        (OpaqueJSString::create):
        (OpaqueJSString::characters):
        (OpaqueJSString::deprecatedCharacters):
        (OpaqueJSString::OpaqueJSString):

2014-01-16  Anders Carlsson  <andersca@apple.com>

        Export OpaqueJSString destructor.

        * API/OpaqueJSString.h:

2014-01-16  Anders Carlsson  <andersca@apple.com>

        Build fix.

        * API/OpaqueJSString.h:

2014-01-16  Anders Carlsson  <andersca@apple.com>

        Get rid of OpaqueJSString::deprecatedCharacters()
        https://bugs.webkit.org/show_bug.cgi?id=127161

        Reviewed by Sam Weinig.

        Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
        code paths for the 8-bit cases.
        
        Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
        Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
        is called. This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
        (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
        causing an unsafe upconversion to a 16-bit string).

        * API/JSStringRef.cpp:
        (JSStringGetCharactersPtr):
        Call OpaqueJSString::characters.

        (JSStringGetUTF8CString):
        Add a code path that handles 8-bit strings.

        (JSStringIsEqual):
        Call OpaqueJSString::equal.

        * API/JSStringRefCF.cpp:
        (JSStringCreateWithCFString):
        Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.

        (JSStringCopyCFString):
        Create an 8-bit CFStringRef if possible.

        * API/OpaqueJSString.cpp:
        (OpaqueJSString::create):
        Use nullptr.

        (OpaqueJSString::~OpaqueJSString):
        Free m_characters.

        (OpaqueJSString::characters):
        Do the up-conversion and store the result in m_characters.

        (OpaqueJSString::equal):
        New helper function.

        * API/OpaqueJSString.h:
        (OpaqueJSString::is8Bit):
        New function that returns whether a string is 8-bit or not.

        (OpaqueJSString::characters8):
        (OpaqueJSString::characters16):
        Add getters.

2014-01-16  Anders Carlsson  <andersca@apple.com>

        Change all uses of FINAL to final now that all our compilers support it
        https://bugs.webkit.org/show_bug.cgi?id=127142

        Reviewed by Benjamin Poulain.

        * inspector/JSGlobalObjectInspectorController.h:
        * inspector/agents/InspectorAgent.h:
        * inspector/remote/RemoteInspector.h:
        * inspector/remote/RemoteInspectorDebuggableConnection.h:
        * inspector/scripts/CodeGeneratorInspector.py:
        (Generator.go):
        * runtime/JSGlobalObjectDebuggable.h:
        * runtime/JSPromiseReaction.cpp:

2014-01-16  Oliver Hunt  <oliver@apple.com>

        throwing an objc object (or general binding object) triggers an assertion
        https://bugs.webkit.org/show_bug.cgi?id=127146

        Reviewed by Alexey Proskuryakov.

        This is simply a bogus assertion as we can't guarantee a bindings object
        won't intercept assignment to .stack

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::unwind):

2014-01-16  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>

        Remove workaround for compilers not supporting explicit override control
        https://bugs.webkit.org/show_bug.cgi?id=127111

        Reviewed by Anders Carlsson.

        Now all compilers support explicit override control, this workaround can be removed.

        * API/JSAPIWrapperObject.mm:
        * API/JSCallbackObject.h:
        * API/JSManagedValue.mm:
        * API/JSScriptRef.cpp:
        * bytecode/CodeBlock.h:
        * bytecode/CodeBlockJettisoningWatchpoint.h:
        * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h:
        * bytecode/StructureStubClearingWatchpoint.h:
        * dfg/DFGArrayifySlowPathGenerator.h:
        * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
        * dfg/DFGFailedFinalizer.h:
        * dfg/DFGJITCode.h:
        * dfg/DFGJITFinalizer.h:
        * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
        * dfg/DFGSlowPathGenerator.h:
        * dfg/DFGSpeculativeJIT64.cpp:
        * heap/Heap.h:
        * heap/IncrementalSweeper.h:
        * heap/SuperRegion.h:
        * inspector/InspectorValues.h:
        * inspector/JSGlobalObjectInspectorController.h:
        * inspector/agents/InspectorAgent.h:
        * inspector/remote/RemoteInspector.h:
        * inspector/remote/RemoteInspectorDebuggableConnection.h:
        * inspector/scripts/CodeGeneratorInspector.py:
        (Generator.go):
        * jit/ClosureCallStubRoutine.h:
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        * jit/GCAwareJITStubRoutine.h:
        * jit/JITCode.h:
        * jit/JITToDFGDeferredCompilationCallback.h:
        * parser/Nodes.h:
        * parser/SourceProvider.h:
        * runtime/DataView.h:
        * runtime/GCActivityCallback.h:
        * runtime/GenericTypedArrayView.h:
        * runtime/JSGlobalObjectDebuggable.h:
        * runtime/JSPromiseReaction.cpp:
        * runtime/RegExpCache.h:
        * runtime/SimpleTypedArrayController.h:
        * runtime/SymbolTable.h:
        * runtime/WeakMapData.h:

2014-01-15  Joseph Pecoraro  <pecoraro@apple.com>

        [iOS] Clean up REMOTE_INSPECTOR code in OpenSource after the iOS merge
        https://bugs.webkit.org/show_bug.cgi?id=127069

        Reviewed by Timothy Hatcher.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        Export XPCConnection because it is needed by RemoteInspector.h.

        * inspector/remote/RemoteInspectorXPCConnection.h:
        * inspector/remote/RemoteInspector.h:
        * inspector/remote/RemoteInspector.mm:
        (Inspector::RemoteInspector::startDisabled):
        (Inspector::RemoteInspector::shared):
        Allow RemoteInspector singleton to start disabled.

2014-01-15  Brian Burg  <bburg@apple.com>

        Web Inspector: capture probe samples on the backend
        https://bugs.webkit.org/show_bug.cgi?id=126668

        Reviewed by Joseph Pecoraro.

        Add the 'probe' breakpoint action to the protocol. Change the setBreakpoint
        commands to return a list of assigned breakpoint action identifiers
        Add a type for breakpoint action identifiers. Add an event for sending
        captured probe samples to the inspector frontend.

        * inspector/protocol/Debugger.json:

2014-01-10  Mark Hahnenberg  <mhahnenberg@apple.com>

        Copying should be generational
        https://bugs.webkit.org/show_bug.cgi?id=126555

        Reviewed by Geoffrey Garen.

        This patch adds support for copying to our generational collector. Eden collections 
        always trigger copying. Full collections use our normal fragmentation-based heuristics.

        The way this works is that the CopiedSpace now has the notion of an old generation set of CopiedBlocks
        and a new generation of CopiedBlocks. During each mutator cycle new CopiedSpace allocations reside
        in the new generation. When a collection occurs, those blocks are moved to the old generation.

        One key thing to remember is that both new and old generation objects in the MarkedSpace can
        refer to old or new generation allocations in CopiedSpace. This is why we must fire write barriers 
        when assigning to an old (MarkedSpace) object's Butterfly.

        * heap/CopiedAllocator.h:
        (JSC::CopiedAllocator::tryAllocateDuringCopying):
        * heap/CopiedBlock.h:
        (JSC::CopiedBlock::CopiedBlock):
        (JSC::CopiedBlock::didEvacuateBytes):
        (JSC::CopiedBlock::isOld):
        (JSC::CopiedBlock::didPromote):
        * heap/CopiedBlockInlines.h:
        (JSC::CopiedBlock::reportLiveBytes):
        (JSC::CopiedBlock::reportLiveBytesDuringCopying):
        * heap/CopiedSpace.cpp:
        (JSC::CopiedSpace::CopiedSpace):
        (JSC::CopiedSpace::~CopiedSpace):
        (JSC::CopiedSpace::init):
        (JSC::CopiedSpace::tryAllocateOversize):
        (JSC::CopiedSpace::tryReallocateOversize):
        (JSC::CopiedSpace::doneFillingBlock):
        (JSC::CopiedSpace::didStartFullCollection):
        (JSC::CopiedSpace::doneCopying):
        (JSC::CopiedSpace::size):
        (JSC::CopiedSpace::capacity):
        (JSC::CopiedSpace::isPagedOut):
        * heap/CopiedSpace.h:
        (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
        * heap/CopiedSpaceInlines.h:
        (JSC::CopiedSpace::contains):
        (JSC::CopiedSpace::recycleEvacuatedBlock):
        (JSC::CopiedSpace::allocateBlock):
        (JSC::CopiedSpace::startedCopying):
        * heap/CopyVisitor.cpp:
        (JSC::CopyVisitor::copyFromShared):
        * heap/CopyVisitorInlines.h:
        (JSC::CopyVisitor::allocateNewSpace):
        (JSC::CopyVisitor::allocateNewSpaceSlow):
        * heap/GCThreadSharedData.cpp:
        (JSC::GCThreadSharedData::didStartCopying):
        * heap/Heap.cpp:
        (JSC::Heap::copyBackingStores):
        * heap/SlotVisitorInlines.h:
        (JSC::SlotVisitor::copyLater):
        * heap/TinyBloomFilter.h:
        (JSC::TinyBloomFilter::add):

2014-01-14  Mark Lam  <mark.lam@apple.com>

        ASSERTION FAILED: !hasError() in JSC::Parser<LexerType>::createSavePoint().
        https://bugs.webkit.org/show_bug.cgi?id=126990.

        Reviewed by Geoffrey Garen.

        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::parseConstDeclarationList):
        - We were missing an error check after attempting to parse an initializer
          expression. This is now fixed.

2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: For Remote Inspection link WebProcess's to their parent UIProcess
        https://bugs.webkit.org/show_bug.cgi?id=126995

        Reviewed by Timothy Hatcher.

        * inspector/remote/RemoteInspector.mm:
        (Inspector::RemoteInspector::listingForDebuggable):
        For each WebView, list the parent process. Listing the parent per WebView
        is already supported back when we supported processes that could host WebViews
        for multiple applications.

        * inspector/remote/RemoteInspectorConstants.h:
        Add a separate key for the bundle identifier, separate from application identifier.

        * inspector/remote/RemoteInspectorDebuggable.cpp:
        (Inspector::RemoteInspectorDebuggable::info):
        * inspector/remote/RemoteInspectorDebuggable.h:
        (Inspector::RemoteInspectorDebuggableInfo::RemoteInspectorDebuggableInfo):
        (Inspector::RemoteInspectorDebuggableInfo::hasParentProcess):
        If a RemoteInspectorDebuggable has a non-zero parent process identifier
        it is a proxy for the parent process.

2014-01-14  Brian J. Burg  <burg@cs.washington.edu>

        Add ENABLE(WEB_REPLAY) feature flag to the build system
        https://bugs.webkit.org/show_bug.cgi?id=126949

        Reviewed by Joseph Pecoraro.

        * Configurations/FeatureDefines.xcconfig:

2014-01-14  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>

        [EFL] FTL buildfix, add missing includes
        https://bugs.webkit.org/show_bug.cgi?id=126641

        Reviewed by Csaba Osztrogonác.

        * ftl/FTLOSREntry.cpp:
        * ftl/FTLOSRExitCompiler.cpp:

2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: RemoteInspector::updateDebuggable may miss a push
        https://bugs.webkit.org/show_bug.cgi?id=126965

        Reviewed by Timothy Hatcher.

        * inspector/remote/RemoteInspector.mm:
        (Inspector::RemoteInspector::updateDebuggable):
        Always push an update. If a debuggable went from allowed to
        not allowed, we would have missed pushing an update.

2014-01-13  Mark Hahnenberg  <mhahnenberg@apple.com>

        Performance regression on dromaeo due to generational marking
        https://bugs.webkit.org/show_bug.cgi?id=126901

        Reviewed by Oliver Hunt.

        We were seeing some performance regression with ENABLE_GGC == 0, so this patch
        ifdefs out more things to get rid of the additional overhead.

        * heap/Heap.cpp:
        (JSC::Heap::markRoots):
        (JSC::Heap::writeBarrier):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::clearMarks):
        (JSC::MarkedBlock::clearMarksWithCollectionType):
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::resetAllocators):
        * heap/MarkedSpace.h:
        (JSC::MarkedSpace::didAllocateInBlock):
        * heap/SlotVisitorInlines.h:
        (JSC::SlotVisitor::internalAppend):
        (JSC::SlotVisitor::reportExtraMemoryUsage):

2014-01-13  Brian Burg  <bburg@apple.com>

        Web Inspector: protocol generator should support integer-typed declarations
        https://bugs.webkit.org/show_bug.cgi?id=126828

        Reviewed by Joseph Pecoraro.

        Add new binding classes for parameter/ad-hoc and normal integer type declarations.

        * inspector/scripts/CodeGeneratorInspector.py:
        (TypeBindings.create_type_declaration_):
        (TypeBindings.create_type_declaration_.PlainInteger):
        (TypeBindings.create_type_declaration_.PlainInteger.resolve_inner):
        (TypeBindings.create_type_declaration_.PlainInteger.request_user_runtime_cast):
        (TypeBindings.create_type_declaration_.PlainInteger.request_internal_runtime_cast):
        (TypeBindings.create_type_declaration_.PlainInteger.get_code_generator):
        (TypeBindings.create_type_declaration_.PlainInteger.get_validator_call_text):
        (TypeBindings.create_type_declaration_.PlainInteger.reduce_to_raw_type):
        (TypeBindings.create_type_declaration_.PlainInteger.get_type_model):
        (TypeBindings.create_type_declaration_.PlainInteger.get_setter_value_expression_pattern):
        (TypeBindings.create_type_declaration_.PlainInteger.get_array_item_c_type_text):
        (TypeBindings.create_type_declaration_.TypedefInteger):
        (TypeBindings.create_type_declaration_.TypedefInteger.resolve_inner):
        (TypeBindings.create_type_declaration_.TypedefInteger.request_user_runtime_cast):
        (TypeBindings.create_type_declaration_.TypedefInteger.request_internal_runtime_cast):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder.int):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.register_use):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.get_generate_pass_id):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_validator_call_text):
        (TypeBindings.create_type_declaration_.TypedefInteger.reduce_to_raw_type):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_type_model):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_setter_value_expression_pattern):
        (TypeBindings.create_type_declaration_.TypedefInteger.get_array_item_c_type_text):

2014-01-13  Zalan Bujtas  <zalan@apple.com>

        Enable SUBPIXEL_LAYOUT on Mac
        <https://webkit.org/b/126283>

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2014-01-13  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Changes in r161686 are exposing a bug in GCC where the global .cfi_startproc directive
        is not inserted early enough into the generated assembler code when building in debug mode, causing
        compilation failures on ports using the GCC compilers. To work around the problem, only utilize the
        OFFLINE_ASM_* macros that use .cfi_ directives when compiling with Clang.

        * llint/LowLevelInterpreter.cpp:

2014-01-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r161840.
        http://trac.webkit.org/changeset/161840
        https://bugs.webkit.org/show_bug.cgi?id=126870

        Caused jsscore and layout test failures (Requested by smfr on
        #webkit).

        * API/JSValueRef.cpp:
        (JSValueMakeFromJSONString):
        * bindings/ScriptValue.cpp:
        (Deprecated::jsToInspectorValue):
        * inspector/InspectorValues.cpp:
        * runtime/DatePrototype.cpp:
        (JSC::formatLocaleDate):
        * runtime/Identifier.h:
        (JSC::Identifier::characters):
        * runtime/JSStringBuilder.h:
        (JSC::JSStringBuilder::append):

2014-01-12  Darin Adler  <darin@apple.com>

        Add deprecatedCharacters as a synonym for characters and convert most call sites
        https://bugs.webkit.org/show_bug.cgi?id=126858

        Reviewed by Anders Carlsson.

        * API/JSStringRef.cpp:
        (JSStringGetCharactersPtr):
        (JSStringGetUTF8CString):
        (JSStringIsEqual):
        * API/JSStringRefCF.cpp:
        (JSStringCopyCFString):
        * API/OpaqueJSString.h:
        (OpaqueJSString::characters):
        (OpaqueJSString::deprecatedCharacters):
        (OpaqueJSString::length):
        (OpaqueJSString::OpaqueJSString):
        * inspector/InspectorValues.cpp:
        (Inspector::InspectorValue::parseJSON):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::parseInt):
        * runtime/StringPrototype.cpp:
        (JSC::localeCompare):
        (JSC::stringProtoFuncFontsize):
        (JSC::stringProtoFuncLink):
        Use deprecatedCharacters instead of characters.

2014-01-12  Darin Adler  <darin@apple.com>

        Reduce use of String::characters
        https://bugs.webkit.org/show_bug.cgi?id=126854

        Reviewed by Sam Weinig.

        * API/JSValueRef.cpp:
        (JSValueMakeFromJSONString): Use characters16 instead of characters for 16-bit case.
        Had to remove length check because an empty string could be either 8 bit or 16 bit.
        Don't need a null string check before calling is8Bit because JSStringRef can't hold
        a null string.

        * bindings/ScriptValue.cpp:
        (Deprecated::jsToInspectorValue): Use the existing string here instead of creating
        a new one by calling characters and length on the old string. I think this may be
        left over from when string types were not the same in JavaScriptCore and WebCore.
        Also rewrite the property names loop to use modern for syntax and fewer locals.

        * inspector/InspectorValues.cpp:
        (Inspector::escapeChar): Changed to use appendLiteral instead of hard-coding string
        lengths. Moved handling of "<" and ">" in here instead of at the call site.
        (Inspector::doubleQuoteString): Simplify the code so there is no use of characters
        and length. This is still an inefficient way of doing this job and could use a rethink.

        * runtime/DatePrototype.cpp:
        (JSC::formatLocaleDate): Use RetainPtr, createCFString, and the conversion from
        CFStringRef to WTF::String to remove a lot of unneeded code.

        * runtime/Identifier.h: Removed unneeded Identifier::characters function.

        * runtime/JSStringBuilder.h:
        (JSC::JSStringBuilder::append): Use characters16 instead of characters function here,
        since we have already checked is8Bit above.

2014-01-12  Andy Estes  <aestes@apple.com>

        [iOS] Enable the JSC Objective-C API

        Rubber-stamped by Simon Fraser.

        * API/JSBase.h:

2014-01-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck.

        * GNUmakefile.am: Add inline-and-minify-stylesheets-and-scripts.py
        to EXTRA_DIST and fix InjectedScriptSource.h generation rule.
        * GNUmakefile.list.am: Move InjectedScriptSource.h to
        built_nosources to make sure it's not disted.

2014-01-11  Anders Carlsson  <andersca@apple.com>

        Try again to fix the build.

        * inspector/InspectorAgentRegistry.cpp:
        * inspector/InspectorAgentRegistry.h:

2014-01-11  Anders Carlsson  <andersca@apple.com>

        Try to prevent the Vector copy constructor from being instantiated.

        * inspector/InspectorAgentRegistry.cpp:
        (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
        * inspector/InspectorAgentRegistry.h:

2014-01-11  Anders Carlsson  <andersca@apple.com>

        Try something else.

        * inspector/InspectorAgentRegistry.cpp:
        (Inspector::InspectorAgentRegistry::~InspectorAgentRegistry):
        * inspector/InspectorAgentRegistry.h:

2014-01-11  Dean Jackson  <dino@apple.com>

        [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
        https://bugs.webkit.org/show_bug.cgi?id=126754

        Reviewed by Filip Pizlo.

        The ECMAScript specification forbids calling the typed array
        constructors without using "new". Change the call data to return
        none so we throw and exception in these cases.

        * runtime/JSGenericTypedArrayViewConstructorInlines.h:
        (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):

2014-01-11  Anders Carlsson  <andersca@apple.com>

        Try to fix the build by introducing a constructor.

        * inspector/InspectorAgentRegistry.cpp:
        (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
        * inspector/InspectorAgentRegistry.h:

2014-01-11  Anders Carlsson  <andersca@apple.com>

        * inspector/InspectorAgentRegistry.h:

        Remove an unused function.

2014-01-11  Anders Carlsson  <andersca@apple.com>

        InspectorAgentRegistry should use std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=126826

        Reviewed by Sam Weinig.

        * inspector/InspectorAgentRegistry.cpp:
        (Inspector::InspectorAgentRegistry::append):
        * inspector/InspectorAgentRegistry.h:
        * inspector/JSGlobalObjectInspectorController.cpp:
        (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
        * inspector/agents/InspectorAgent.h:

2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Push InspectorAgent down into JSC, give JSC an InspectorController
        https://bugs.webkit.org/show_bug.cgi?id=126763

        Reviewed by Timothy Hatcher.

        Introduce JSGlobalObjectInspectorController. This is the InspectorController
        for a JSContext. It is created by the JSGlobalObject Remote Inspector Debuggable
        when a remote frontend connects, and is destroyed when the remote frontend
        disconnects of the JSGlobalObject is destroyed.

        * inspector/JSGlobalObjectInspectorController.h: Added.
        * inspector/JSGlobalObjectInspectorController.cpp: Added.
        (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
        (Inspector::JSGlobalObjectInspectorController::~JSGlobalObjectInspectorController):
        (Inspector::JSGlobalObjectInspectorController::connectFrontend):
        (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
        (Inspector::JSGlobalObjectInspectorController::dispatchMessageFromFrontend):
        (Inspector::JSGlobalObjectInspectorController::functionCallHandler):
        (Inspector::JSGlobalObjectInspectorController::evaluateHandler):
        Create/destory agents, create/destroy dispatches, implement InspectorEnvironment.

        * runtime/JSGlobalObjectDebuggable.h:
        * runtime/JSGlobalObjectDebuggable.cpp:
        (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
        (JSC::JSGlobalObjectDebuggable::connect):
        (JSC::JSGlobalObjectDebuggable::disconnect):
        (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
        Forward actions to the InspectorController object.

        * inspector/agents/InspectorAgent.h: Renamed from Source/WebCore/inspector/InspectorAgent.h.
        * inspector/agents/InspectorAgent.cpp: Renamed from Source/WebCore/inspector/InspectorAgent.cpp.
        (Inspector::InspectorAgent::InspectorAgent):
        (Inspector::InspectorAgent::~InspectorAgent):
        (Inspector::InspectorAgent::didCreateFrontendAndBackend):
        (Inspector::InspectorAgent::inspect):
        (Inspector::InspectorAgent::evaluateForTestInFrontend):
        Implement InspectorAgent in JavaScriptCore in namespace Inspector.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * CMakeLists.txt:
        * ChangeLog:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.vcxproj/copy-files.cmd:
        Add files and new inspector/agents subdirectory.

2014-01-10  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r161702.
        http://trac.webkit.org/changeset/161702
        https://bugs.webkit.org/show_bug.cgi?id=126803

        Broke multiple tests (Requested by ap on #webkit).

        * runtime/JSGenericTypedArrayViewConstructorInlines.h:
        (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):

2014-01-10  David Kilzer  <ddkilzer@apple.com>

        Clean up architectures in xcconfig files
        <http://webkit.org/b/126794>

        Reviewed by Andy Estes.

        * Configurations/Base.xcconfig:
        * Configurations/JavaScriptCore.xcconfig: Remove armv6, ppc.
        * Configurations/ToolExecutable.xcconfig: Sort.
        - Add new arch.

2014-01-10  Dean Jackson  <dino@apple.com>

        [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
        https://bugs.webkit.org/show_bug.cgi?id=126754

        Reviewed by Filip Pizlo.

        The ECMAScript specification forbids calling the typed array
        constructors without using "new". Change the call data to return
        none so we throw and exception in these cases.

        * runtime/JSGenericTypedArrayViewConstructorInlines.h:
        (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):

2014-01-10  Benjamin Poulain  <bpoulain@apple.com>

        Remove the BlackBerry port from trunk
        https://bugs.webkit.org/show_bug.cgi?id=126715

        Reviewed by Anders Carlsson.

        * assembler/ARMAssembler.h:
        (JSC::ARMAssembler::cacheFlush):
        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::replaceWithJump):
        (JSC::ARMv7Assembler::maxJumpReplacementSize):
        (JSC::ARMv7Assembler::cacheFlush):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
        * heap/MachineStackMarker.cpp:
        (JSC::getPlatformThreadRegisters):
        (JSC::otherThreadStackPointer):
        (JSC::freePlatformThreadRegisters):
        * jit/ExecutableAllocator.h:

2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove unimplemented or static ScriptDebugServer features
        https://bugs.webkit.org/show_bug.cgi?id=126784

        Reviewed by Timothy Hatcher.

        * inspector/protocol/Debugger.json:

2014-01-10  Michael Saboff  <msaboff@apple.com>

        REGRESSION(C stack work): stack traces no longer work in CrashTracer, lldb, and other tools
        https://bugs.webkit.org/show_bug.cgi?id=126764

        Reviewed by Geoffrey Garen.

        Updated callToJavaScript and cllToNativeFunction to properly replicate the caller's
        return PC and frame pointer in the sentinel frame.  For X86-64, added .cfi_
        directives to create eh_frame info for all LLInt symbols so that the various
        unwinding code understands that we are using a separate JS stack referenced
        by BP and at what offsets in that frame the prior PC (register 16) and prior
        BP (register 6) can be found.  These two changes are sufficient for stack tracing
        to work for Mac OSX.

        * llint/LowLevelInterpreter.cpp:
        * llint/LowLevelInterpreter64.asm:

2014-01-10  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>

        [EFL][JSC] Enable udis86 disassembler on efl.
        https://bugs.webkit.org/show_bug.cgi?id=125502

        Reviewed by Michael Saboff.

        Enable udis86 disassembler on efl and fix build warnings.

        * CMakeLists.txt:
          Add udis86 disassembler source files.
        * disassembler/udis86/udis86_decode.c:
        (decode_modrm_rm):
          Build warning fixes.
        * disassembler/udis86/udis86_syn-att.c:
        (gen_operand):
          Build warning fixes.
        * disassembler/udis86/udis86_syn-intel.c:
        (gen_operand):
          Build warning fixes.
        * disassembler/udis86/udis86_types.h:
          Correct FMT64 for uint64_t.

2014-01-09  Benjamin Poulain  <bpoulain@apple.com>

        Remove the BlackBerry files outside WebCore
        https://bugs.webkit.org/show_bug.cgi?id=126715

        Reviewed by Anders Carlsson.

        * PlatformBlackBerry.cmake: Removed.
        * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
        * shell/PlatformBlackBerry.cmake: Removed.

2014-01-10  Geoffrey Garen  <ggaren@apple.com>

        Removed Blackberry #ifdefs and platform code from JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=126757

        Reviewed by Sam Weinig.

        * PlatformBlackBerry.cmake: Removed.
        * heap/HeapTimer.cpp:
        * heap/HeapTimer.h:
        * heap/IncrementalSweeper.cpp:
        * heap/IncrementalSweeper.h:
        * jsc.cpp:
        (main):
        * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
        * runtime/MemoryStatistics.cpp:
        (JSC::globalMemoryStatistics):

2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>

        Marking should be generational
        https://bugs.webkit.org/show_bug.cgi?id=126552

        Reviewed by Geoffrey Garen.

        Re-marking the same objects over and over is a waste of effort. This patch implements 
        the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
        overhead during garbage collection caused by rescanning objects.

        There are now two collection modes, EdenCollection and FullCollection. EdenCollections
        only visit new objects or objects that were added to the remembered set by a write barrier.
        FullCollections are normal collections that visit all objects regardless of their 
        generation.

        In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
        https://bugs.webkit.org/show_bug.cgi?id=126555.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlockSet::mark):
        * dfg/DFGOperations.cpp:
        * heap/CodeBlockSet.cpp:
        (JSC::CodeBlockSet::add):
        (JSC::CodeBlockSet::traceMarked):
        (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
        * heap/CodeBlockSet.h:
        * heap/CopiedBlockInlines.h:
        (JSC::CopiedBlock::reportLiveBytes):
        * heap/CopiedSpace.cpp:
        (JSC::CopiedSpace::didStartFullCollection):
        * heap/CopiedSpace.h:
        (JSC::CopiedSpace::heap):
        * heap/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::didAbandon):
        (JSC::Heap::markRoots):
        (JSC::Heap::copyBackingStores):
        (JSC::Heap::addToRememberedSet):
        (JSC::Heap::collectAllGarbage):
        (JSC::Heap::collect):
        (JSC::Heap::didAllocate):
        (JSC::Heap::writeBarrier):
        * heap/Heap.h:
        (JSC::Heap::isInRememberedSet):
        (JSC::Heap::operationInProgress):
        (JSC::Heap::shouldCollect):
        (JSC::Heap::isCollecting):
        (JSC::Heap::isWriteBarrierEnabled):
        (JSC::Heap::writeBarrier):
        * heap/HeapOperation.h:
        * heap/MarkStack.cpp:
        (JSC::MarkStackArray::~MarkStackArray):
        (JSC::MarkStackArray::clear):
        (JSC::MarkStackArray::fillVector):
        * heap/MarkStack.h:
        * heap/MarkedAllocator.cpp:
        (JSC::isListPagedOut):
        (JSC::MarkedAllocator::isPagedOut):
        (JSC::MarkedAllocator::tryAllocateHelper):
        (JSC::MarkedAllocator::addBlock):
        (JSC::MarkedAllocator::removeBlock):
        (JSC::MarkedAllocator::reset):
        * heap/MarkedAllocator.h:
        (JSC::MarkedAllocator::MarkedAllocator):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::clearMarks):
        (JSC::MarkedBlock::clearRememberedSet):
        (JSC::MarkedBlock::clearMarksWithCollectionType):
        (JSC::MarkedBlock::lastChanceToFinalize):
        * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
        than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
        (JSC::MarkedBlock::didConsumeEmptyFreeList):
        (JSC::MarkedBlock::setRemembered):
        (JSC::MarkedBlock::clearRemembered):
        (JSC::MarkedBlock::atomicClearRemembered):
        (JSC::MarkedBlock::isRemembered):
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::~MarkedSpace):
        (JSC::MarkedSpace::resetAllocators):
        (JSC::MarkedSpace::visitWeakSets):
        (JSC::MarkedSpace::reapWeakSets):
        (JSC::VerifyMarked::operator()):
        (JSC::MarkedSpace::clearMarks):
        * heap/MarkedSpace.h:
        (JSC::ClearMarks::operator()):
        (JSC::ClearRememberedSet::operator()):
        (JSC::MarkedSpace::didAllocateInBlock):
        (JSC::MarkedSpace::clearRememberedSet):
        * heap/SlotVisitor.cpp:
        (JSC::SlotVisitor::~SlotVisitor):
        (JSC::SlotVisitor::clearMarkStack):
        * heap/SlotVisitor.h:
        (JSC::SlotVisitor::markStack):
        (JSC::SlotVisitor::sharedData):
        * heap/SlotVisitorInlines.h:
        (JSC::SlotVisitor::internalAppend):
        (JSC::SlotVisitor::unconditionallyAppend):
        (JSC::SlotVisitor::copyLater):
        (JSC::SlotVisitor::reportExtraMemoryUsage):
        (JSC::SlotVisitor::heap):
        * jit/Repatch.cpp:
        * runtime/JSGenericTypedArrayViewInlines.h:
        (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        (JSC::StructureRareData::setEnumerationCache):
        * runtime/JSString.cpp:
        (JSC::JSString::visitChildren):
        * runtime/StructureRareDataInlines.h:
        (JSC::StructureRareData::setPreviousID):
        (JSC::StructureRareData::setObjectToStringValue):
        * runtime/WeakMapData.cpp:
        (JSC::WeakMapData::visitChildren):

2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>

        Unreviewed Windows build fix for r161563.

        Copy all scripts, some may not be .py.

        * JavaScriptCore.vcxproj/copy-files.cmd:

2014-01-09  Filip Pizlo  <fpizlo@apple.com>

        AI for CreateArguments should pass through non-SpecEmpty input values
        https://bugs.webkit.org/show_bug.cgi?id=126709

        Reviewed by Mark Hahnenberg.

        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * tests/stress/use-arguments-as-object-pointer.js: Added.
        (foo):

2014-01-09  Mark Hahnenberg  <mhahnenberg@apple.com>

        Constructors for Objective-C classes do not work properly with instanceof
        https://bugs.webkit.org/show_bug.cgi?id=126670

        Reviewed by Oliver Hunt.

        This bug is due to the fact that the JS constructors created for Objective-C classes via the JSC 
        API inherit from JSCallbackObject, which overrides hasInstance with its own customHasInstance. 
        JSCallbackObject::customHasInstance only checks the JSClassRefs for hasInstance callbacks. 
        If it doesn't find any callbacks, it returns false.

        This patch adds a hasInstance callback to constructors created for Objective-C wrapper classes.

        * API/JSWrapperMap.mm:
        (constructorHasInstance):
        (constructorWithCustomBrand):
        (allocateConstructorForCustomClass):
        * API/tests/testapi.mm:

2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Move InjectedScript classes into JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=126598

        Reviewed by Timothy Hatcher.

        Part 5: Move InjectedScript classes into JavaScriptCore

        There are pieces of logic that WebCore wants to hook into in the InjectedScript
        execution (e.g. for CommandLineAPIModule and InspectorInstrumentation). Create
        hooks for those in a base class called InspectorEnvironment. For now, the
        InspectorControllers (Page, JSGlobalObject, Worker) will be the InspectorEnvironments
        and provide answers to its hooks.

        * inspector/InspectorEnvironment.h: Added.
        New hooks needed by WebCore in various places. Mostly stubbed in JavaScriptCore.

        * inspector/InjectedScript.cpp: Renamed from Source/WebCore/inspector/InjectedScript.cpp.
        * inspector/InjectedScript.h: Added.
        * inspector/InjectedScriptBase.cpp: Renamed from Source/WebCore/inspector/InjectedScriptBase.cpp.
        * inspector/InjectedScriptBase.h: Renamed from Source/WebCore/inspector/InjectedScriptBase.h.
        * inspector/InjectedScriptModule.cpp: Renamed from Source/WebCore/inspector/InjectedScriptModule.cpp.
        * inspector/InjectedScriptModule.h: Renamed from Source/WebCore/inspector/InjectedScriptModule.h.
        Cleanup the style of these files (nullptr, formatting, whitespace, etc).
        Use the InspectorEnvironments call/evaluate function for ScriptFunctionCalls and checking access

        * inspector/InjectedScriptManager.cpp: Renamed from Source/WebCore/inspector/InjectedScriptManager.cpp.
        * inspector/InjectedScriptManager.h: Renamed from Source/WebCore/inspector/InjectedScriptManager.h.
        Take an InspectorEnvironment with multiple hooks, instead of a single hook function.

        * inspector/InjectedScriptHost.cpp: Added.
        * inspector/InjectedScriptHost.h: Added.
        * inspector/JSInjectedScriptHost.cpp: Renamed from Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp.
        * inspector/JSInjectedScriptHost.h: Added.
        * inspector/JSInjectedScriptHostPrototype.cpp: Added.
        * inspector/JSInjectedScriptHostPrototype.h: Added.
        Implementation of InjectedScriptHost which is passed into the script (InjectedScriptSource.js)
        that we inject into the page. This is mostly copied from the original autogenerated code,
        then simplified and cleaned up. InjectedScriptHost can be subclasses to provide specialized
        implementations of isHTMLAllCollection and type for Web/DOM types unknown to a pure JS context.


        Part 4: Move all inspector scripts into JavaScriptCore and update generators.

        For OS X be sure to export the scripts as if they are private headers.

        * GNUmakefile.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * inspector/scripts/cssmin.py: Renamed from Source/WebCore/inspector/Scripts/cssmin.py.
        * inspector/scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/WebCore/inspector/Scripts/inline-and-minify-stylesheets-and-scripts.py.
        * inspector/scripts/jsmin.py: Renamed from Source/WebCore/inspector/Scripts/jsmin.py.
        * inspector/scripts/xxd.pl: Renamed from Source/WebCore/inspector/xxd.pl.


        Part 3: Update CodeGeneratorInspector to avoid inlining virtual destructors.

        This avoids build errors about duplicate exported virtual inlined methods
        are included from multiple places. Just put empty destructors in the
        implementation file instead of inlined.

        * inspector/scripts/CodeGeneratorInspector.py:
        (Generator):
        (Generator.go):
        * inspector/scripts/CodeGeneratorInspectorStrings.py:


        Part 2: Move InjectedScriptSource and generation into JavaScriptCore.

        Move InjectedScriptSource.js and derived sources generation.

        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * inspector/InjectedScriptSource.js: Renamed from Source/WebCore/inspector/InjectedScriptSource.js.

2014-01-09  Balazs Kilvady  <kilvadyb@homejinni.com>

        Regression: failing RegExp tests on 32 bit architectures.
        https://bugs.webkit.org/show_bug.cgi?id=126699

        Reviewed by Michael Saboff.

        Fix setRegExpConstructor functions for 32 bit architectures.

        * runtime/RegExpConstructor.cpp:
        (JSC::setRegExpConstructorInput):
        (JSC::setRegExpConstructorMultiline):

2014-01-09  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r161540.
        http://trac.webkit.org/changeset/161540
        https://bugs.webkit.org/show_bug.cgi?id=126704

        Caused assertion failures on multiple tests (Requested by ap
        on #webkit).

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlockSet::mark):
        * dfg/DFGOperations.cpp:
        * heap/CodeBlockSet.cpp:
        (JSC::CodeBlockSet::add):
        (JSC::CodeBlockSet::traceMarked):
        * heap/CodeBlockSet.h:
        * heap/CopiedBlockInlines.h:
        (JSC::CopiedBlock::reportLiveBytes):
        * heap/CopiedSpace.cpp:
        * heap/CopiedSpace.h:
        * heap/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::didAbandon):
        (JSC::Heap::markRoots):
        (JSC::Heap::copyBackingStores):
        (JSC::Heap::collectAllGarbage):
        (JSC::Heap::collect):
        (JSC::Heap::didAllocate):
        * heap/Heap.h:
        (JSC::Heap::shouldCollect):
        (JSC::Heap::isCollecting):
        (JSC::Heap::isWriteBarrierEnabled):
        (JSC::Heap::writeBarrier):
        * heap/HeapOperation.h:
        * heap/MarkStack.cpp:
        (JSC::MarkStackArray::~MarkStackArray):
        * heap/MarkStack.h:
        * heap/MarkedAllocator.cpp:
        (JSC::MarkedAllocator::isPagedOut):
        (JSC::MarkedAllocator::tryAllocateHelper):
        (JSC::MarkedAllocator::addBlock):
        (JSC::MarkedAllocator::removeBlock):
        * heap/MarkedAllocator.h:
        (JSC::MarkedAllocator::MarkedAllocator):
        (JSC::MarkedAllocator::reset):
        * heap/MarkedBlock.cpp:
        * heap/MarkedBlock.h:
        (JSC::MarkedBlock::lastChanceToFinalize):
        (JSC::MarkedBlock::didConsumeEmptyFreeList):
        (JSC::MarkedBlock::clearMarks):
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::~MarkedSpace):
        (JSC::MarkedSpace::resetAllocators):
        (JSC::MarkedSpace::visitWeakSets):
        (JSC::MarkedSpace::reapWeakSets):
        * heap/MarkedSpace.h:
        (JSC::ClearMarks::operator()):
        (JSC::MarkedSpace::clearMarks):
        * heap/SlotVisitor.cpp:
        (JSC::SlotVisitor::~SlotVisitor):
        * heap/SlotVisitor.h:
        (JSC::SlotVisitor::sharedData):
        * heap/SlotVisitorInlines.h:
        (JSC::SlotVisitor::internalAppend):
        (JSC::SlotVisitor::copyLater):
        (JSC::SlotVisitor::reportExtraMemoryUsage):
        * jit/Repatch.cpp:
        * runtime/JSGenericTypedArrayViewInlines.h:
        (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        (JSC::StructureRareData::setEnumerationCache):
        * runtime/JSString.cpp:
        (JSC::JSString::visitChildren):
        * runtime/StructureRareDataInlines.h:
        (JSC::StructureRareData::setPreviousID):
        (JSC::StructureRareData::setObjectToStringValue):
        * runtime/WeakMapData.cpp:
        (JSC::WeakMapData::visitChildren):

2014-01-09  Andreas Kling  <akling@apple.com>

        Shrink WatchpointSet.
        <https://webkit.org/b/126694>

        Reorder the members of WatchpointSet, shrinking it by 8 bytes.
        767 kB progression on Membuster3.

        Reviewed by Antti Koivisto.

        * bytecode/Watchpoint.h:

2014-01-08  Mark Hahnenberg  <mhahnenberg@apple.com>

        Reverting accidental GC logging

        * heap/Heap.cpp:

2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>

        Marking should be generational
        https://bugs.webkit.org/show_bug.cgi?id=126552

        Reviewed by Geoffrey Garen.

        Re-marking the same objects over and over is a waste of effort. This patch implements 
        the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
        overhead during garbage collection caused by rescanning objects.

        There are now two collection modes, EdenCollection and FullCollection. EdenCollections
        only visit new objects or objects that were added to the remembered set by a write barrier.
        FullCollections are normal collections that visit all objects regardless of their 
        generation.

        In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
        https://bugs.webkit.org/show_bug.cgi?id=126555.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlockSet::mark):
        * dfg/DFGOperations.cpp:
        * heap/CodeBlockSet.cpp:
        (JSC::CodeBlockSet::add):
        (JSC::CodeBlockSet::traceMarked):
        (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
        * heap/CodeBlockSet.h:
        * heap/CopiedBlockInlines.h:
        (JSC::CopiedBlock::reportLiveBytes):
        * heap/CopiedSpace.cpp:
        (JSC::CopiedSpace::didStartFullCollection):
        * heap/CopiedSpace.h:
        (JSC::CopiedSpace::heap):
        * heap/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::didAbandon):
        (JSC::Heap::markRoots):
        (JSC::Heap::copyBackingStores):
        (JSC::Heap::addToRememberedSet):
        (JSC::Heap::collectAllGarbage):
        (JSC::Heap::collect):
        (JSC::Heap::didAllocate):
        (JSC::Heap::writeBarrier):
        * heap/Heap.h:
        (JSC::Heap::isInRememberedSet):
        (JSC::Heap::operationInProgress):
        (JSC::Heap::shouldCollect):
        (JSC::Heap::isCollecting):
        (JSC::Heap::isWriteBarrierEnabled):
        (JSC::Heap::writeBarrier):
        * heap/HeapOperation.h:
        * heap/MarkStack.cpp:
        (JSC::MarkStackArray::~MarkStackArray):
        (JSC::MarkStackArray::clear):
        (JSC::MarkStackArray::fillVector):
        * heap/MarkStack.h:
        * heap/MarkedAllocator.cpp:
        (JSC::isListPagedOut):
        (JSC::MarkedAllocator::isPagedOut):
        (JSC::MarkedAllocator::tryAllocateHelper):
        (JSC::MarkedAllocator::addBlock):
        (JSC::MarkedAllocator::removeBlock):
        (JSC::MarkedAllocator::reset):
        * heap/MarkedAllocator.h:
        (JSC::MarkedAllocator::MarkedAllocator):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::clearMarks):
        (JSC::MarkedBlock::clearRememberedSet):
        (JSC::MarkedBlock::clearMarksWithCollectionType):
        (JSC::MarkedBlock::lastChanceToFinalize):
        * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
        than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
        (JSC::MarkedBlock::didConsumeEmptyFreeList):
        (JSC::MarkedBlock::setRemembered):
        (JSC::MarkedBlock::clearRemembered):
        (JSC::MarkedBlock::atomicClearRemembered):
        (JSC::MarkedBlock::isRemembered):
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::~MarkedSpace):
        (JSC::MarkedSpace::resetAllocators):
        (JSC::MarkedSpace::visitWeakSets):
        (JSC::MarkedSpace::reapWeakSets):
        (JSC::VerifyMarked::operator()):
        (JSC::MarkedSpace::clearMarks):
        * heap/MarkedSpace.h:
        (JSC::ClearMarks::operator()):
        (JSC::ClearRememberedSet::operator()):
        (JSC::MarkedSpace::didAllocateInBlock):
        (JSC::MarkedSpace::clearRememberedSet):
        * heap/SlotVisitor.cpp:
        (JSC::SlotVisitor::~SlotVisitor):
        (JSC::SlotVisitor::clearMarkStack):
        * heap/SlotVisitor.h:
        (JSC::SlotVisitor::markStack):
        (JSC::SlotVisitor::sharedData):
        * heap/SlotVisitorInlines.h:
        (JSC::SlotVisitor::internalAppend):
        (JSC::SlotVisitor::unconditionallyAppend):
        (JSC::SlotVisitor::copyLater):
        (JSC::SlotVisitor::reportExtraMemoryUsage):
        (JSC::SlotVisitor::heap):
        * jit/Repatch.cpp:
        * runtime/JSGenericTypedArrayViewInlines.h:
        (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        (JSC::StructureRareData::setEnumerationCache):
        * runtime/JSString.cpp:
        (JSC::JSString::visitChildren):
        * runtime/StructureRareDataInlines.h:
        (JSC::StructureRareData::setPreviousID):
        (JSC::StructureRareData::setObjectToStringValue):
        * runtime/WeakMapData.cpp:
        (JSC::WeakMapData::visitChildren):

2014-01-08  Sam Weinig  <sam@webkit.org>

        [JS] Should be able to create a promise by calling the Promise constructor as a function
        https://bugs.webkit.org/show_bug.cgi?id=126561

        Reviewed by Geoffrey Garen.

        * runtime/JSPromiseConstructor.cpp:
        (JSC::JSPromiseConstructor::getCallData):
        Add support for calling the Promise constructor as a function (e.g. var p = Promise(...), note
        the missing "new").

2014-01-08  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>

        [EFL] Make FTL buildable
        https://bugs.webkit.org/show_bug.cgi?id=125777

        Reviewed by Csaba Osztrogonác.

        * CMakeLists.txt:
        * ftl/FTLOSREntry.cpp:
        * ftl/FTLOSRExitCompiler.cpp:
        * llvm/library/config_llvm.h:

2014-01-08  Zan Dobersek  <zdobersek@igalia.com>

        [Automake] Scripts for generated build targets do not necessarily produce their output
        https://bugs.webkit.org/show_bug.cgi?id=126378

        Reviewed by Carlos Garcia Campos.

        * GNUmakefile.am: Touch the build targets that are generated through helper scripts that don't
        assure the output is generated every time the script is invoked, most commonly due to unchanged
        input. This assures the build targets are up-to-date and can't be older that their dependencies,
        which would result in constant regeneration at every build.

2014-01-07  Filip Pizlo  <fpizlo@apple.com>

        DFG fixup phase should be responsible for inserting ValueToInt32's as needed and it should use Phantom to keep the original values alive in case of OSR exit
        https://bugs.webkit.org/show_bug.cgi?id=126600

        Reviewed by Michael Saboff.
        
        This fixes an embarrassing OSR exit liveness bug. It also simplifies the code. We were
        already using FixupPhase as the place where conversion nodes get inserted. ValueToInt32
        was the only exception to that rule, and that was one of the reasons why we had this bug.
        
        Henceforth ValueToInt32 is only inserted by FixupPhase, and only when it is necessary:
        we have a BitOp that will want a ToInt32 conversion and the operand is not predicted to
        already be an int32. If FixupPhase inserts any ValueToInt32's then the BitOp will no
        longer appear to use the original operand, which will make OSR exit think that the
        original operand is dead. We work around this they way we always do: insert a Phantom on
        the original operands right after the BitOp. This ensures that any OSR exit in any of the
        ValueToInt32's or in the BitOp itself will have values for the original inputs.

        * dfg/DFGBackwardsPropagationPhase.cpp:
        (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
        (JSC::DFG::BackwardsPropagationPhase::propagate):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleIntrinsic):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        (JSC::DFG::FixupPhase::fixIntEdge):
        (JSC::DFG::FixupPhase::fixBinaryIntEdges):
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
        * tests/stress/bit-op-value-to-int32-input-liveness.js: Added.
        (foo):

2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>

        Repatch write barrier slow path call doesn't align the stack in the presence of saved registers
        https://bugs.webkit.org/show_bug.cgi?id=126093

        Reviewed by Geoffrey Garen.

        * jit/Repatch.cpp: Reworked the stack alignment code for calling out to C code on the write barrier slow path.
        We need to properly account for the number of reused registers that were saved to the stack, so we have to 
        pass the ScratchRegisterAllocator around.
        (JSC::storeToWriteBarrierBuffer):
        (JSC::writeBarrier):
        (JSC::emitPutReplaceStub):
        (JSC::emitPutTransitionStub):
        * jit/ScratchRegisterAllocator.h: Previously the ScratchRegisterAllocator only knew whether or not it had
        reused registers, but not how many. In order to correctly align the stack for calls to C slow paths for 
        the write barriers in inline caches we need to know how the stack is aligned. So now ScratchRegisterAllocator
        tracks how many registers it has reused.
        (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
        (JSC::ScratchRegisterAllocator::allocateScratch):
        (JSC::ScratchRegisterAllocator::didReuseRegisters):
        (JSC::ScratchRegisterAllocator::numberOfReusedRegisters):
        (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
        (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
        * llint/LowLevelInterpreter64.asm: Random typo fix.

2014-01-07  Mark Lam  <mark.lam@apple.com>

        r161364 caused JSC tests regression on non-DFG builds (e.g. C Loop and Windows).
        https://bugs.webkit.org/show_bug.cgi?id=126589.

        Reviewed by Filip Pizlo.

        After the removal of ENABLE(VALUE_PROFILER), the LLINT is now expecting the
        relevant opcode operands to point to ValueProfiler data structures and will
        write profiling data into them. Hence, we need to allocate these data
        structures even though the profiling data won't be used in non-DFG builds.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):

2014-01-07  Filip Pizlo  <fpizlo@apple.com>

        ASSERT in compileArithNegate on pdfjs
        https://bugs.webkit.org/show_bug.cgi?id=126584

        Reviewed by Mark Hahnenberg.
        
        Check negative zero when we should check it, not when we shouldn't check it. :-/

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileArithNegate):

2014-01-07  Gabor Rapcsanyi  <rgabor@webkit.org>

        pushFinallyContext saves wrong m_labelScopes size
        https://bugs.webkit.org/show_bug.cgi?id=124529

        Remove free label scopes before saving finally context.

        Reviewed by Geoffrey Garen.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::pushFinallyContext):

2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>

        Heap::collect shouldn't be responsible for sweeping
        https://bugs.webkit.org/show_bug.cgi?id=126556

        Reviewed by Geoffrey Garen.

        Sweeping happens at an awkward time during collection due to the fact that destructors can 
        cause arbitrary reentry into the VM. This patch separates collecting and sweeping, and delays 
        sweeping until after collection has completely finished.

        * heap/Heap.cpp:
        (JSC::Heap::collectAllGarbage):
        (JSC::Heap::collect):
        (JSC::Heap::collectIfNecessaryOrDefer):
        * heap/Heap.h:
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::sweep):
        * runtime/GCActivityCallback.cpp:
        (JSC::DefaultGCActivityCallback::doWork):

2014-01-07  Mark Rowe  <mrowe@apple.com>

        <https://webkit.org/b/126567> Remove the legacy WebKit availability macros

        They're no longer used.

        Reviewed by Ryosuke Niwa.

        * API/WebKitAvailability.h:

2014-01-07  Filip Pizlo  <fpizlo@apple.com>

        SetLocal for a FlushedArguments should not claim that the dataFormat is DataFormatJS
        https://bugs.webkit.org/show_bug.cgi?id=126563

        Reviewed by Gavin Barraclough.
        
        This was a rookie arguments simplification mistake: the SetLocal needs to record the fact
        that although it set JSValue(), OSR should think it set Arguments. DataFormatArguments
        conveys this, and dataFormatFor(FlushFormat) will do the right thing.

        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * tests/stress/phantom-arguments-set-local-then-exit-in-same-block.js: Added.
        (foo):

2014-01-06  Filip Pizlo  <fpizlo@apple.com>

        Make the different flavors of integer arithmetic more explicit, and don't rely on (possibly stale) results of the backwards propagator to decide integer arithmetic semantics
        https://bugs.webkit.org/show_bug.cgi?id=125519

        Reviewed by Geoffrey Garen.
        
        Adds the Arith::Mode enum to arithmetic nodes, which makes it explicit what sorts of
        checks and overflows the node should do. Previously this would be deduced from
        backwards analysis results.
        
        This also makes "unchecked" variants really mean that you want the int32 wrapped
        result, so ArithIMul is now done in terms of ArithMul(Unchecked). That means that the
        constant folder needs to compute exactly the result implied by ArithMode, instead of
        just folding the double result.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * dfg/DFGArithMode.cpp: Added.
        (WTF::printInternal):
        * dfg/DFGArithMode.h: Added.
        (JSC::DFG::doesOverflow):
        (JSC::DFG::shouldCheckOverflow):
        (JSC::DFG::shouldCheckNegativeZero):
        * dfg/DFGCSEPhase.cpp:
        (JSC::DFG::CSEPhase::pureCSE):
        (JSC::DFG::CSEPhase::performNodeCSE):
        * dfg/DFGConstantFoldingPhase.cpp:
        (JSC::DFG::ConstantFoldingPhase::foldConstants):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::Node):
        (JSC::DFG::Node::hasArithMode):
        (JSC::DFG::Node::arithMode):
        (JSC::DFG::Node::setArithMode):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
        (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
        (JSC::DFG::SpeculativeJIT::compileAdd):
        (JSC::DFG::SpeculativeJIT::compileArithSub):
        (JSC::DFG::SpeculativeJIT::compileArithNegate):
        (JSC::DFG::SpeculativeJIT::compileArithMul):
        (JSC::DFG::SpeculativeJIT::compileArithDiv):
        (JSC::DFG::SpeculativeJIT::compileArithMod):
        * dfg/DFGSpeculativeJIT.h:
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * ftl/FTLLowerDFGToLLVM.cpp:
        (JSC::FTL::LowerDFGToLLVM::compileAddSub):
        (JSC::FTL::LowerDFGToLLVM::compileArithMul):
        (JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
        (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
        (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):

2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>

        Add write barriers to the LLInt
        https://bugs.webkit.org/show_bug.cgi?id=126527

        Reviewed by Filip Pizlo.

        This patch takes a similar approach to how write barriers work in the baseline JIT.
        We execute the write barrier at the beginning of the opcode so we don't have to 
        worry about saving and restoring live registers across write barrier slow path calls 
        to C code.

        * llint/LLIntOfflineAsmConfig.h:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::llint_write_barrier_slow):
        * llint/LLIntSlowPaths.h:
        * llint/LowLevelInterpreter.asm:
        * llint/LowLevelInterpreter32_64.asm:
        * llint/LowLevelInterpreter64.asm:
        * offlineasm/arm64.rb:
        * offlineasm/instructions.rb:
        * offlineasm/x86.rb:

2014-01-05  Sam Weinig  <sam@webkit.org>

        [JS] Implement Promise.all()
        https://bugs.webkit.org/show_bug.cgi?id=126510

        Reviewed by Gavin Barraclough.

        Add Promise.all() implementation and factor out performing resolves and rejects
        on deferreds to share a bit of code. Also moves the abruptRejection helper to
        JSPromiseDeferred so it can be used in JSPromiseFunctions.

        * runtime/CommonIdentifiers.h:
        * runtime/JSPromiseConstructor.cpp:
        (JSC::JSPromiseConstructorFuncCast):
        (JSC::JSPromiseConstructorFuncResolve):
        (JSC::JSPromiseConstructorFuncReject):
        (JSC::JSPromiseConstructorFuncAll):
        * runtime/JSPromiseDeferred.cpp:
        (JSC::updateDeferredFromPotentialThenable):
        (JSC::performDeferredResolve):
        (JSC::performDeferredReject):
        (JSC::abruptRejection):
        * runtime/JSPromiseDeferred.h:
        * runtime/JSPromiseFunctions.cpp:
        (JSC::promiseAllCountdownFunction):
        (JSC::createPromiseAllCountdownFunction):
        * runtime/JSPromiseFunctions.h:
        * runtime/JSPromiseReaction.cpp:
        (JSC::ExecutePromiseReactionMicrotask::run):

2014-01-06  Filip Pizlo  <fpizlo@apple.com>

        Get rid of ENABLE(VALUE_PROFILER). It's on all the time now.

        Rubber stamped by Mark Hahnenberg.

        * bytecode/CallLinkStatus.cpp:
        (JSC::CallLinkStatus::computeFor):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpValueProfiling):
        (JSC::CodeBlock::dumpArrayProfiling):
        (JSC::CodeBlock::dumpRareCaseProfile):
        (JSC::CodeBlock::dumpBytecode):
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::setNumParameters):
        (JSC::CodeBlock::shrinkToFit):
        (JSC::CodeBlock::shouldOptimizeNow):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::valueProfileForBytecodeOffset):
        * bytecode/GetByIdStatus.cpp:
        (JSC::GetByIdStatus::computeForChain):
        (JSC::GetByIdStatus::computeFor):
        * bytecode/LazyOperandValueProfile.cpp:
        * bytecode/LazyOperandValueProfile.h:
        * bytecode/PutByIdStatus.cpp:
        (JSC::PutByIdStatus::computeFor):
        * bytecode/ValueProfile.h:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::newArrayProfile):
        (JSC::BytecodeGenerator::newArrayAllocationProfile):
        (JSC::BytecodeGenerator::emitProfiledOpcode):
        * jit/GPRInfo.h:
        * jit/JIT.cpp:
        (JSC::JIT::JIT):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        * jit/JITArithmetic.cpp:
        (JSC::JIT::compileBinaryArithOp):
        (JSC::JIT::emit_op_mul):
        (JSC::JIT::emit_op_div):
        * jit/JITArithmetic32_64.cpp:
        (JSC::JIT::emitBinaryDoubleOp):
        (JSC::JIT::emit_op_mul):
        (JSC::JIT::emitSlow_op_mul):
        (JSC::JIT::emit_op_div):
        * jit/JITCall.cpp:
        (JSC::JIT::emitPutCallResult):
        * jit/JITCall32_64.cpp:
        (JSC::JIT::emitPutCallResult):
        * jit/JITInlines.h:
        (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
        (JSC::JIT::emitValueProfilingSite):
        (JSC::JIT::emitArrayProfilingSiteForBytecodeIndex):
        (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
        (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase):
        (JSC::arrayProfileSaw):
        (JSC::JIT::chooseArrayMode):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_get_argument_by_val):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_get_argument_by_val):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::emit_op_get_by_val):
        (JSC::JIT::emitSlow_op_get_by_val):
        (JSC::JIT::emit_op_get_by_id):
        (JSC::JIT::emit_op_get_from_scope):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::emit_op_get_by_val):
        (JSC::JIT::emitSlow_op_get_by_val):
        (JSC::JIT::emit_op_get_by_id):
        (JSC::JIT::emit_op_get_from_scope):
        * llint/LLIntOfflineAsmConfig.h:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * llint/LowLevelInterpreter.asm:
        * llint/LowLevelInterpreter32_64.asm:
        * llint/LowLevelInterpreter64.asm:
        * profiler/ProfilerBytecodeSequence.cpp:
        (JSC::Profiler::BytecodeSequence::BytecodeSequence):
        * runtime/CommonSlowPaths.cpp:

2014-01-06  Filip Pizlo  <fpizlo@apple.com>

        LLInt shouldn't check for ENABLE(JIT).

        Rubber stamped by Mark Hahnenberg.

        * llint/LLIntCommon.h:
        * llint/LLIntOfflineAsmConfig.h:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::entryOSR):
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * llint/LowLevelInterpreter.asm:

2014-01-06  Filip Pizlo  <fpizlo@apple.com>

        LLInt shouldnt check for ENABLE(JAVASCRIPT_DEBUGGER).

        Rubber stamped by Mark Hahnenberg.

        * debugger/Debugger.h:
        (JSC::Debugger::Debugger):
        * llint/LLIntOfflineAsmConfig.h:
        * llint/LowLevelInterpreter.asm:

2014-01-05  Sam Weinig  <sam@webkit.org>

        [JS] Implement Promise.race()
        https://bugs.webkit.org/show_bug.cgi?id=126506

        Reviewed by Oliver Hunt.

        * runtime/CommonIdentifiers.h:
        Add identifier for "cast".
    
        * runtime/JSPromiseConstructor.cpp:
        (JSC::abruptRejection):
        Helper for the RejectIfAbrupt abstract operation.
  
        (JSC::JSPromiseConstructorFuncRace):
        Add implementation of Promise.race()

2014-01-05  Martin Robinson  <mrobinson@igalia.com>

        [GTK] [CMake] Ensure that the autotools build and the CMake install the same files
        https://bugs.webkit.org/show_bug.cgi?id=116379

        Reviewed by Gustavo Noronha Silva.

        * PlatformGTK.cmake: Install API headers, gir files, and the pkg-config file.

2014-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use Compiler macros instead of raw "final" and "override"
        https://bugs.webkit.org/show_bug.cgi?id=126490

        Reviewed by Sam Weinig.

        * runtime/JSPromiseReaction.cpp:

2014-01-04  Martin Robinson  <mrobinson@igalia.com>

        [GTK] [CMake] Improve the way we locate gobject-introspection
        https://bugs.webkit.org/show_bug.cgi?id=126452

        Reviewed by Philippe Normand.

        * PlatformGTK.cmake: Use the new introspection variables.

2014-01-04  Zan Dobersek  <zdobersek@igalia.com>

        Explicitly use the std:: nested name specifier when using std::pair, std::make_pair
        https://bugs.webkit.org/show_bug.cgi?id=126439

        Reviewed by Andreas Kling.

        Instead of relying on std::pair and std::make_pair symbols being present in the current scope
        through the pair and make_pair symbols, the std:: specifier should be used explicitly.

        * bytecode/Opcode.cpp:
        (JSC::compareOpcodePairIndices):
        (JSC::OpcodeStats::~OpcodeStats):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::makeBinaryNode):
        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::parseIfStatement):
        * runtime/Structure.cpp:
        (JSC::StructureTransitionTable::contains):
        (JSC::StructureTransitionTable::get):
        (JSC::StructureTransitionTable::add):

2014-01-03  David Farler  <dfarler@apple.com>

        [super dealloc] missing in Source/JavaScriptCore/API/tests/testapi.mm, fails to build with -Werror,-Wobjc-missing-super-calls
        https://bugs.webkit.org/show_bug.cgi?id=126454

        Reviewed by Geoffrey Garen.

        * API/tests/testapi.mm:
        (-[TextXYZ dealloc]):
        add [super dealloc]
        (-[EvilAllocationObject dealloc]):
        add [super dealloc]

2014-01-02  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r160304): [GTK] Disable libtool fast install
        https://bugs.webkit.org/show_bug.cgi?id=126381

        Reviewed by Martin Robinson.

        Remove -no-fast-install ld flag since fast install is now disabled
        globally.

        * GNUmakefile.am:

2014-01-02  Sam Weinig  <sam@webkit.org>

        Update Promises to the https://github.com/domenic/promises-unwrapping spec
        https://bugs.webkit.org/show_bug.cgi?id=120954

        Reviewed by Filip Pizlo.

        Update Promises to the revised spec. Notable changes:
        - JSPromiseResolver is gone.
        - TaskContext has been renamed Microtask and now has a virtual run() function.
        - Instead of using custom InternalFunction subclasses, JSFunctions are used
          with PrivateName properties for internal slots.

        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * interpreter/CallFrame.h:
        (JSC::ExecState::promiseConstructorTable):
        * runtime/CommonIdentifiers.cpp:
        (JSC::CommonIdentifiers::CommonIdentifiers):
        * runtime/CommonIdentifiers.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::visitChildren):
        (JSC::JSGlobalObject::queueMicrotask):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::promiseConstructor):
        (JSC::JSGlobalObject::promisePrototype):
        (JSC::JSGlobalObject::promiseStructure):
        * runtime/JSPromise.cpp:
        (JSC::JSPromise::create):
        (JSC::JSPromise::JSPromise):
        (JSC::JSPromise::finishCreation):
        (JSC::JSPromise::visitChildren):
        (JSC::JSPromise::reject):
        (JSC::JSPromise::resolve):
        (JSC::JSPromise::appendResolveReaction):
        (JSC::JSPromise::appendRejectReaction):
        (JSC::triggerPromiseReactions):
        * runtime/JSPromise.h:
        (JSC::JSPromise::status):
        (JSC::JSPromise::result):
        (JSC::JSPromise::constructor):
        * runtime/JSPromiseCallback.cpp: Removed.
        * runtime/JSPromiseCallback.h: Removed.
        * runtime/JSPromiseConstructor.cpp:
        (JSC::constructPromise):
        (JSC::JSPromiseConstructor::getCallData):
        (JSC::JSPromiseConstructorFuncCast):
        (JSC::JSPromiseConstructorFuncResolve):
        (JSC::JSPromiseConstructorFuncReject):
        * runtime/JSPromiseConstructor.h:
        * runtime/JSPromiseDeferred.cpp: Added.
        (JSC::JSPromiseDeferred::create):
        (JSC::JSPromiseDeferred::JSPromiseDeferred):
        (JSC::JSPromiseDeferred::finishCreation):
        (JSC::JSPromiseDeferred::visitChildren):
        (JSC::createJSPromiseDeferredFromConstructor):
        (JSC::updateDeferredFromPotentialThenable):
        * runtime/JSPromiseDeferred.h: Added.
        (JSC::JSPromiseDeferred::createStructure):
        (JSC::JSPromiseDeferred::promise):
        (JSC::JSPromiseDeferred::resolve):
        (JSC::JSPromiseDeferred::reject):
        * runtime/JSPromiseFunctions.cpp: Added.
        (JSC::deferredConstructionFunction):
        (JSC::createDeferredConstructionFunction):
        (JSC::identifyFunction):
        (JSC::createIdentifyFunction):
        (JSC::promiseAllCountdownFunction):
        (JSC::createPromiseAllCountdownFunction):
        (JSC::promiseResolutionHandlerFunction):
        (JSC::createPromiseResolutionHandlerFunction):
        (JSC::rejectPromiseFunction):
        (JSC::createRejectPromiseFunction):
        (JSC::resolvePromiseFunction):
        (JSC::createResolvePromiseFunction):
        (JSC::throwerFunction):
        (JSC::createThrowerFunction):
        * runtime/JSPromiseFunctions.h: Added.
        * runtime/JSPromisePrototype.cpp:
        (JSC::JSPromisePrototypeFuncThen):
        (JSC::JSPromisePrototypeFuncCatch):
        * runtime/JSPromiseReaction.cpp: Added.
        (JSC::createExecutePromiseReactionMicroTask):
        (JSC::ExecutePromiseReactionMicroTask::run):
        (JSC::JSPromiseReaction::create):
        (JSC::JSPromiseReaction::JSPromiseReaction):
        (JSC::JSPromiseReaction::finishCreation):
        (JSC::JSPromiseReaction::visitChildren):
        * runtime/JSPromiseReaction.h: Added.
        (JSC::JSPromiseReaction::createStructure):
        (JSC::JSPromiseReaction::deferred):
        (JSC::JSPromiseReaction::handler):
        * runtime/JSPromiseResolver.cpp: Removed.
        * runtime/JSPromiseResolver.h: Removed.
        * runtime/JSPromiseResolverConstructor.cpp: Removed.
        * runtime/JSPromiseResolverConstructor.h: Removed.
        * runtime/JSPromiseResolverPrototype.cpp: Removed.
        * runtime/JSPromiseResolverPrototype.h: Removed.
        * runtime/Microtask.h: Added.
        * runtime/VM.cpp:
        (JSC::VM::VM):
        (JSC::VM::~VM):
        * runtime/VM.h:

2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>

        Add support for StoreBarrier and friends to the FTL
        https://bugs.webkit.org/show_bug.cgi?id=126040

        Reviewed by Filip Pizlo.

        * ftl/FTLAbstractHeapRepository.h:
        * ftl/FTLCapabilities.cpp:
        (JSC::FTL::canCompile):
        * ftl/FTLIntrinsicRepository.h:
        * ftl/FTLLowerDFGToLLVM.cpp:
        (JSC::FTL::LowerDFGToLLVM::compileNode):
        (JSC::FTL::LowerDFGToLLVM::compileStoreBarrier):
        (JSC::FTL::LowerDFGToLLVM::compileConditionalStoreBarrier):
        (JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck):
        (JSC::FTL::LowerDFGToLLVM::loadMarkByte):
        (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
        * heap/Heap.cpp:
        (JSC::Heap::Heap):
        * heap/Heap.h:
        (JSC::Heap::writeBarrierBuffer):

2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>

        Storing new CopiedSpace memory into a JSObject should fire a write barrier
        https://bugs.webkit.org/show_bug.cgi?id=126025

        Reviewed by Filip Pizlo.

        Technically this is creating a pointer between a (potentially) old generation object and a young 
        generation chunk of memory, thus there needs to be a barrier.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * dfg/DFGOperations.cpp:
        * heap/CopyWriteBarrier.h: Added. This class functions similarly to the WriteBarrier class. It 
        acts as a proxy for pointers to CopiedSpace. Assignments to the field cause a write barrier to 
        fire for the object that is the owner of the CopiedSpace memory. This is to ensure during nursery 
        collections that objects with new backing stores are visited, even if they are old generation objects. 
        (JSC::CopyWriteBarrier::CopyWriteBarrier):
        (JSC::CopyWriteBarrier::operator!):
        (JSC::CopyWriteBarrier::operator UnspecifiedBoolType*):
        (JSC::CopyWriteBarrier::get):
        (JSC::CopyWriteBarrier::operator*):
        (JSC::CopyWriteBarrier::operator->):
        (JSC::CopyWriteBarrier::set):
        (JSC::CopyWriteBarrier::setWithoutWriteBarrier):
        (JSC::CopyWriteBarrier::clear):
        * heap/Heap.h:
        * runtime/JSArray.cpp:
        (JSC::JSArray::unshiftCountSlowCase):
        (JSC::JSArray::shiftCountWithArrayStorage):
        (JSC::JSArray::unshiftCountWithArrayStorage):
        * runtime/JSCell.h:
        (JSC::JSCell::unvalidatedStructure):
        * runtime/JSGenericTypedArrayViewInlines.h:
        (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
        * runtime/JSObject.cpp:
        (JSC::JSObject::copyButterfly):
        (JSC::JSObject::getOwnPropertySlotByIndex):
        (JSC::JSObject::putByIndex):
        (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
        (JSC::JSObject::createInitialIndexedStorage):
        (JSC::JSObject::createArrayStorage):
        (JSC::JSObject::deletePropertyByIndex):
        (JSC::JSObject::getOwnPropertyNames):
        (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
        (JSC::JSObject::countElements):
        (JSC::JSObject::increaseVectorLength):
        (JSC::JSObject::ensureLengthSlow):
        * runtime/JSObject.h:
        (JSC::JSObject::butterfly):
        (JSC::JSObject::setStructureAndButterfly):
        (JSC::JSObject::setButterflyWithoutChangingStructure):
        (JSC::JSObject::JSObject):
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirectWithoutTransition):
        * runtime/MapData.cpp:
        (JSC::MapData::ensureSpaceForAppend):
        * runtime/Structure.cpp:
        (JSC::Structure::materializePropertyMap):

2013-12-23  Oliver Hunt  <oliver@apple.com>

        Refactor PutPropertySlot to be aware of custom properties
        https://bugs.webkit.org/show_bug.cgi?id=126187

        Reviewed by Antti Koivisto.

        Refactor PutPropertySlot, making the constructor take the thisValue
        used as a target.  This results in a wide range of boilerplate changes
        to pass the new parameter.

        * API/JSObjectRef.cpp:
        (JSObjectSetProperty):
        * dfg/DFGOperations.cpp:
        (JSC::DFG::operationPutByValInternal):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        * jit/JITOperations.cpp:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/Arguments.cpp:
        (JSC::Arguments::putByIndex):
        * runtime/ArrayPrototype.cpp:
        (JSC::putProperty):
        (JSC::arrayProtoFuncPush):
        * runtime/JSCJSValue.cpp:
        (JSC::JSValue::putToPrimitiveByIndex):
        * runtime/JSCell.cpp:
        (JSC::JSCell::putByIndex):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::put):
        * runtime/JSGenericTypedArrayViewInlines.h:
        (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
        * runtime/JSONObject.cpp:
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::putByIndex):
        (JSC::JSObject::putDirectNonIndexAccessor):
        (JSC::JSObject::deleteProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::putDirect):
        * runtime/Lookup.h:
        (JSC::putEntry):
        (JSC::lookupPut):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::PutPropertySlot):
        (JSC::PutPropertySlot::setCustomProperty):
        (JSC::PutPropertySlot::thisValue):
        (JSC::PutPropertySlot::isCacheable):

2014-01-01  Filip Pizlo  <fpizlo@apple.com>

        Rationalize DFG DCE
        https://bugs.webkit.org/show_bug.cgi?id=125523

        Reviewed by Mark Hahnenberg.
        
        Adds the ability to DCE more things. It's now the case that if a node is completely
        pure, we clear NodeMustGenerate and the node becomes a DCE candidate.

        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * dfg/DFGCSEPhase.cpp:
        (JSC::DFG::CSEPhase::performNodeCSE):
        * dfg/DFGClobberize.h:
        (JSC::DFG::clobberize):
        * dfg/DFGDCEPhase.cpp:
        (JSC::DFG::DCEPhase::cleanVariables):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::clobbersWorld):
        * dfg/DFGNodeType.h:
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileAdd):
        * dfg/DFGSpeculativeJIT.h:
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * ftl/FTLLowerDFGToLLVM.cpp:
        (JSC::FTL::LowerDFGToLLVM::compileNode):
        (JSC::FTL::LowerDFGToLLVM::compileValueAdd):

2014-01-02  Benjamin Poulain  <benjamin@webkit.org>

        Attempt to fix the build of WebCore's code generator on CMake based system
        https://bugs.webkit.org/show_bug.cgi?id=126271

        Reviewed by Sam Weinig.

        * CMakeLists.txt:

2013-12-30  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r161157, r161158, r161160, r161161,
        r161163, and r161165.
        http://trac.webkit.org/changeset/161157
        http://trac.webkit.org/changeset/161158
        http://trac.webkit.org/changeset/161160
        http://trac.webkit.org/changeset/161161
        http://trac.webkit.org/changeset/161163
        http://trac.webkit.org/changeset/161165
        https://bugs.webkit.org/show_bug.cgi?id=126332

        Broke WebKit2 on Mountain Lion (Requested by ap on #webkit).

        * heap/BlockAllocator.cpp:
        (JSC::BlockAllocator::~BlockAllocator):
        (JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock):
        (JSC::BlockAllocator::waitForRelativeTime):
        (JSC::BlockAllocator::blockFreeingThreadMain):
        * heap/BlockAllocator.h:
        (JSC::BlockAllocator::deallocate):

2013-12-30  Anders Carlsson  <andersca@apple.com>

        Fix build.

        * heap/BlockAllocator.h:

2013-12-30  Anders Carlsson  <andersca@apple.com>

        Stop using ThreadCondition in BlockAllocator
        https://bugs.webkit.org/show_bug.cgi?id=126313

        Reviewed by Sam Weinig.

        * heap/BlockAllocator.cpp:
        (JSC::BlockAllocator::~BlockAllocator):
        (JSC::BlockAllocator::waitForDuration):
        (JSC::BlockAllocator::blockFreeingThreadMain):
        * heap/BlockAllocator.h:
        (JSC::BlockAllocator::deallocate):

2013-12-30  Anders Carlsson  <andersca@apple.com>

        Stop using ThreadCondition in jsc.cpp
        https://bugs.webkit.org/show_bug.cgi?id=126311

        Reviewed by Sam Weinig.

        * jsc.cpp:
        (timeoutThreadMain):
        (main):

2013-12-30  Anders Carlsson  <andersca@apple.com>

        Replace WTF::ThreadingOnce with std::call_once
        https://bugs.webkit.org/show_bug.cgi?id=126215

        Reviewed by Sam Weinig.

        * dfg/DFGWorklist.cpp:
        (JSC::DFG::globalWorklist):
        * runtime/InitializeThreading.cpp:
        (JSC::initializeThreading):

2013-12-30  Martin Robinson  <mrobinson@igalia.com>

        [CMake] [GTK] Add support for GObject introspection
        https://bugs.webkit.org/show_bug.cgi?id=126162

        Reviewed by Daniel Bates.

        * PlatformGTK.cmake: Add the GIR targets.

2013-12-28  Filip Pizlo  <fpizlo@apple.com>

        Get rid of DFG forward exiting
        https://bugs.webkit.org/show_bug.cgi?id=125531

        Reviewed by Oliver Hunt.
        
        This finally gets rid of forward exiting. Forward exiting was always a fragile concept
        since it involved the compiler trying to figure out how to "roll forward" the
        execution from some DFG node to the next bytecode index. It was always easy to find
        counterexamples where it broke, and it has always served as an obstacle to adding
        compiler improvements - the latest being http://webkit.org/b/125523, which tried to
        make DCE work for more things.
        
        This change finishes the work of removing forward exiting. A lot of forward exiting
        was already removed in some other bugs, but SetLocal still did forward exits. SetLocal
        is in many ways the hardest to remove, since the forward exiting of SetLocal also
        implied that any conversion nodes inserted before the SetLocal would then also be
        marked as forward-exiting. Hence SetLocal's forward-exiting made a bunch of other
        things also forward-exiting, and this was always a source of weirdo bugs.
        
        SetLocal must be able to exit in case it performs a hoisted type speculation. Nodes
        inserted just before SetLocal must also be able to exit - for example type check
        hoisting may insert a CheckStructure, or fixup phase may insert something like
        Int32ToDouble. But if any of those nodes tried to backward exit, then this could lead
        to the reexecution of a side-effecting operation, for example:
        
            a: Call(...)
            b: SetLocal(@a, r1)
        
        For a long time it seemed like SetLocal *had* to exit forward because of this. But
        this change side-steps the problem by changing the ByteCodeParser to always emit a
        kind of "two-phase commit" for stores to local variables. Now when the ByteCodeParser
        wishes to store to a local, it first emits a MovHint and then enqueues a SetLocal.
        The SetLocal isn't actually emitted until the beginning of the next bytecode
        instruction (which the exception of op_enter and op_ret, which emit theirs immediately
        since it's always safe to reexecute those bytecode instructions and since deferring
        SetLocals would be weird there - op_enter has many SetLocals and op_ret is a set
        followed by a jump in case of inlining, so we'd have to emit the SetLocal "after" the
        jump and that would be awkward). This means that the above IR snippet would look
        something like:
        
            a: Call(..., bc#42)
            b: MovHint(@a, r1, bc#42)
            c: SetLocal(@a, r1, bc#47)
        
        Where the SetLocal exits "backwards" but appears at the beginning of the next bytecode
        instruction. This means that by the time we get to that SetLocal, the OSR exit
        analysis already knows that r1 is associated with @a, and it means that the SetLocal
        or anything hoisted above it can exit backwards as normal.
        
        This change also means that the "forward rewiring" can be killed. Previously, we might
        have inserted a conversion node on SetLocal and then the SetLocal died (i.e. turned
        into a MovHint) and the conversion node either died completely or had its lifetime
        truncated to be less than the actual value's bytecode lifetime. This no longer happens
        since conversion nodes are only inserted at SetLocals.
        
        More precisely, this change introduces two laws that we were basically already
        following anyway:
        
        1) A MovHint's child should never be changed except if all other uses of that child
           are also replaced. Specifically, this prohibits insertion of conversion nodes at
           MovHints.
        
        2) Anytime any child is replaced with something else, and all other uses aren't also
           replaced, we must insert a Phantom use of the original child.

        This is a slight compile-time regression but has no effect on code-gen. It unlocks a
        bunch of optimization opportunities so I think it's worth it.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpAssumingJITType):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::instructionCount):
        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * dfg/DFGArgumentsSimplificationPhase.cpp:
        (JSC::DFG::ArgumentsSimplificationPhase::run):
        * dfg/DFGArrayifySlowPathGenerator.h:
        (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
        * dfg/DFGBackwardsPropagationPhase.cpp:
        (JSC::DFG::BackwardsPropagationPhase::propagate):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::setDirect):
        (JSC::DFG::ByteCodeParser::DelayedSetLocal::DelayedSetLocal):
        (JSC::DFG::ByteCodeParser::DelayedSetLocal::execute):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGCSEPhase.cpp:
        (JSC::DFG::CSEPhase::eliminate):
        * dfg/DFGClobberize.h:
        (JSC::DFG::clobberize):
        * dfg/DFGCommon.h:
        * dfg/DFGConstantFoldingPhase.cpp:
        (JSC::DFG::ConstantFoldingPhase::foldConstants):
        * dfg/DFGDCEPhase.cpp:
        (JSC::DFG::DCEPhase::run):
        (JSC::DFG::DCEPhase::fixupBlock):
        (JSC::DFG::DCEPhase::cleanVariables):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        (JSC::DFG::FixupPhase::fixEdge):
        (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
        * dfg/DFGLICMPhase.cpp:
        (JSC::DFG::LICMPhase::run):
        (JSC::DFG::LICMPhase::attemptHoist):
        * dfg/DFGMinifiedNode.cpp:
        (JSC::DFG::MinifiedNode::fromNode):
        * dfg/DFGMinifiedNode.h:
        (JSC::DFG::belongsInMinifiedGraph):
        (JSC::DFG::MinifiedNode::constantNumber):
        (JSC::DFG::MinifiedNode::weakConstant):
        * dfg/DFGNode.cpp:
        (JSC::DFG::Node::hasVariableAccessData):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::convertToPhantom):
        (JSC::DFG::Node::convertToPhantomUnchecked):
        (JSC::DFG::Node::convertToIdentity):
        (JSC::DFG::Node::containsMovHint):
        (JSC::DFG::Node::hasUnlinkedLocal):
        (JSC::DFG::Node::willHaveCodeGenOrOSR):
        * dfg/DFGNodeFlags.cpp:
        (JSC::DFG::dumpNodeFlags):
        * dfg/DFGNodeFlags.h:
        * dfg/DFGNodeType.h:
        * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
        (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
        * dfg/DFGOSREntrypointCreationPhase.cpp:
        (JSC::DFG::OSREntrypointCreationPhase::run):
        * dfg/DFGOSRExit.cpp:
        * dfg/DFGOSRExit.h:
        * dfg/DFGOSRExitBase.cpp:
        * dfg/DFGOSRExitBase.h:
        (JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
        (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
        * dfg/DFGSSAConversionPhase.cpp:
        (JSC::DFG::SSAConversionPhase::run):
        * dfg/DFGSafeToExecute.h:
        (JSC::DFG::safeToExecute):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::speculationCheck):
        (JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
        (JSC::DFG::SpeculativeJIT::typeCheck):
        (JSC::DFG::SpeculativeJIT::compileMovHint):
        (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
        (JSC::DFG::SpeculativeJIT::needsTypeCheck):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGTypeCheckHoistingPhase.cpp:
        (JSC::DFG::TypeCheckHoistingPhase::run):
        (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
        (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
        * dfg/DFGValidate.cpp:
        (JSC::DFG::Validate::validateCPS):
        * dfg/DFGVariableAccessData.h:
        (JSC::DFG::VariableAccessData::VariableAccessData):
        * dfg/DFGVariableEventStream.cpp:
        (JSC::DFG::VariableEventStream::reconstruct):
        * ftl/FTLCapabilities.cpp:
        (JSC::FTL::canCompile):
        * ftl/FTLLowerDFGToLLVM.cpp:
        (JSC::FTL::LowerDFGToLLVM::compileNode):
        (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
        (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
        (JSC::FTL::LowerDFGToLLVM::compileMovHint):
        (JSC::FTL::LowerDFGToLLVM::compileZombieHint):
        (JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
        (JSC::FTL::LowerDFGToLLVM::speculate):
        (JSC::FTL::LowerDFGToLLVM::typeCheck):
        (JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
        (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
        (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
        * ftl/FTLOSRExit.cpp:
        * ftl/FTLOSRExit.h:
        * tests/stress/dead-int32-to-double.js: Added.
        (foo):
        * tests/stress/dead-uint32-to-number.js: Added.
        (foo):

2013-12-25  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r161033 and r161074.
        http://trac.webkit.org/changeset/161033
        http://trac.webkit.org/changeset/161074
        https://bugs.webkit.org/show_bug.cgi?id=126240

        Oliver says that a rollout would be better (Requested by ap on
        #webkit).

        * API/JSObjectRef.cpp:
        (JSObjectSetProperty):
        * dfg/DFGOperations.cpp:
        (JSC::DFG::operationPutByValInternal):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        * jit/JITOperations.cpp:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/Arguments.cpp:
        (JSC::Arguments::putByIndex):
        * runtime/ArrayPrototype.cpp:
        (JSC::putProperty):
        (JSC::arrayProtoFuncPush):
        * runtime/JSCJSValue.cpp:
        (JSC::JSValue::putToPrimitiveByIndex):
        * runtime/JSCell.cpp:
        (JSC::JSCell::putByIndex):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::put):
        * runtime/JSGenericTypedArrayViewInlines.h:
        (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
        * runtime/JSONObject.cpp:
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::putByIndex):
        (JSC::JSObject::putDirectNonIndexAccessor):
        (JSC::JSObject::deleteProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::putDirect):
        * runtime/Lookup.h:
        (JSC::putEntry):
        (JSC::lookupPut):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::PutPropertySlot):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::isCacheable):

2013-12-25  Filip Pizlo  <fpizlo@apple.com>

        DFG PhantomArguments shouldn't rely on a dead Phi graph
        https://bugs.webkit.org/show_bug.cgi?id=126218

        Reviewed by Oliver Hunt.
        
        This change dramatically rationalizes our handling of PhantomArguments (i.e.
        speculative elision of arguments object allocation).
        
        It's now the case that if we decide that we can elide arguments allocation, we just
        turn the arguments-creating node into a PhantomArguments and mark all locals that
        it's stored to as being arguments aliases. Being an arguments alias and being a
        PhantomArguments means basically the same thing: in DFG execution you have the empty
        value, on OSR exit an arguments object is allocated in your place, and all operations
        that use the value now just refer directly to the actual arguments in the call frame
        header (or the arguments we know that we passed to the call, in case of inlining).
        
        This means that we no longer have arguments simplification creating a dead Phi graph
        that then has to be interpreted by the OSR exit logic. That sort of never made any
        sense.
        
        This means that PhantomArguments now has a clear story in SSA: basically SSA just
        gets rid of the "locals" but everything else is the same.
        
        Finally, this means that we can more easily get rid of forward exiting. As I was
        working on the code to get rid of forward exiting, I realized that I'd have to
        carefully preserve the special meanings of MovHint and SetLocal in the case of
        PhantomArguments. It was really bizarre: even the semantics of MovHint were tied to
        our specific treatment of PhantomArguments. After this change this is no longer the
        case.
        
        One of the really cool things about this change is that arguments reification now
        just becomes a special kind of FlushFormat. This further unifies things: it means
        that a MovHint(PhantomArguments) and a SetLocal(PhantomArguments) both have the same
        meaning, since both of them dictate that the way we recover the local on exit is by
        reifying arguments. Previously, the SetLocal(PhantomArguments) case needed some
        special handling to accomplish this.
        
        A downside of this approach is that we will now emit code to store the empty value
        into aliased arguments variables, and we will even emit code to load that empty value
        as well. As far as I can tell this doesn't cost anything, since PhantomArguments are
        most profitable in cases where it allows us to simplify control flow and kill the
        arguments locals entirely. Of course, this isn't an issue in SSA form since SSA form
        also eliminates the locals.

        * dfg/DFGArgumentsSimplificationPhase.cpp:
        (JSC::DFG::ArgumentsSimplificationPhase::run):
        (JSC::DFG::ArgumentsSimplificationPhase::detypeArgumentsReferencingPhantomChild):
        * dfg/DFGFlushFormat.cpp:
        (WTF::printInternal):
        * dfg/DFGFlushFormat.h:
        (JSC::DFG::resultFor):
        (JSC::DFG::useKindFor):
        (JSC::DFG::dataFormatFor):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGValueSource.h:
        (JSC::DFG::ValueSource::ValueSource):
        (JSC::DFG::ValueSource::forFlushFormat):
        * dfg/DFGVariableAccessData.h:
        (JSC::DFG::VariableAccessData::flushFormat):
        * ftl/FTLLowerDFGToLLVM.cpp:
        (JSC::FTL::LowerDFGToLLVM::buildExitArguments):

2013-12-23  Oliver Hunt  <oliver@apple.com>

        Refactor PutPropertySlot to be aware of custom properties
        https://bugs.webkit.org/show_bug.cgi?id=126187

        Reviewed by msaboff.

        Refactor PutPropertySlot, making the constructor take the thisValue
        used as a target.  This results in a wide range of boilerplate changes
        to pass the new parameter.

        * API/JSObjectRef.cpp:
        (JSObjectSetProperty):
        * dfg/DFGOperations.cpp:
        (JSC::DFG::operationPutByValInternal):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        * jit/JITOperations.cpp:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/Arguments.cpp:
        (JSC::Arguments::putByIndex):
        * runtime/ArrayPrototype.cpp:
        (JSC::putProperty):
        (JSC::arrayProtoFuncPush):
        * runtime/JSCJSValue.cpp:
        (JSC::JSValue::putToPrimitiveByIndex):
        * runtime/JSCell.cpp:
        (JSC::JSCell::putByIndex):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::put):
        * runtime/JSGenericTypedArrayViewInlines.h:
        (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
        * runtime/JSONObject.cpp:
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::putByIndex):
        (JSC::JSObject::putDirectNonIndexAccessor):
        (JSC::JSObject::deleteProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::putDirect):
        * runtime/Lookup.h:
        (JSC::putEntry):
        (JSC::lookupPut):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::PutPropertySlot):
        (JSC::PutPropertySlot::setCustomProperty):
        (JSC::PutPropertySlot::thisValue):
        (JSC::PutPropertySlot::isCacheable):

2013-12-23  Benjamin Poulain  <benjamin@webkit.org>

        Add class matching to the Selector Code Generator
        https://bugs.webkit.org/show_bug.cgi?id=126176

        Reviewed by Antti Koivisto and Oliver Hunt.

        Add test and branch based on BaseIndex addressing for x86_64.
        Fast loops are needed to compete with clang on tight loops.

        * assembler/MacroAssembler.h:
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::branch64):
        (JSC::MacroAssemblerX86_64::branchPtr):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::cmpq_rm):

2013-12-23  Oliver Hunt  <oliver@apple.com>

        Update custom setter implementations to perform type checks
        https://bugs.webkit.org/show_bug.cgi?id=126171

        Reviewed by Daniel Bates.

        Modify the setter function signature to take encoded values
        as we're changing the setter usage everywhere anyway.

        * runtime/Lookup.h:
        (JSC::putEntry):

2013-12-23  Lucas Forschler  <lforschler@apple.com>

        <rdar://problem/15682948> Update copyright strings
        
        Reviewed by Dan Bernstein.

        * Info.plist:
        * JavaScriptCore.vcxproj/JavaScriptCore.resources/Info.plist:

2013-12-23  Zan Dobersek  <zdobersek@igalia.com>

        [GTK] Clean up compiler optimizations flags for libWTF, libJSC
        https://bugs.webkit.org/show_bug.cgi?id=126157

        Reviewed by Gustavo Noronha Silva.

        * GNUmakefile.am: Remove the -fstrict-aliasing and -O3 compiler flags for libWTF.la. -O3 gets
        overridden by -O2 that's listed in CXXFLAGS (or -O0 in case of debug builds) and -fstrict-aliasing
        is enabled when -O2 is used (and shouldn't be enabled in debug builds anyway).

2013-12-22  Martin Robinson  <mrobinson@igalia.com>

        [CMake] Fix typo from r160812
        https://bugs.webkit.org/show_bug.cgi?id=126145

        Reviewed by Gustavo Noronha Silva.

        * CMakeLists.txt: Fix typo when detecting the type of library.

2013-12-22  Martin Robinson  <mrobinson@igalia.com>

        [GTK][CMake] libtool-compatible soversion calculation
        https://bugs.webkit.org/show_bug.cgi?id=125511

        Reviewed by Gustavo Noronha Silva.

        * CMakeLists.txt: Use the POPULATE_LIBRARY_VERSION macro and the
        library-specific version information.

2013-12-23  Gustavo Noronha Silva  <gns@gnome.org>

        [GTK] [CMake] Generate pkg-config files
        https://bugs.webkit.org/show_bug.cgi?id=125685

        Reviewed by Martin Robinson.

        * PlatformGTK.cmake: Added. Generate javascriptcoregtk-3.0.pc.

2013-12-22  Benjamin Poulain  <benjamin@webkit.org>

        Create a skeleton for CSS Selector code generation
        https://bugs.webkit.org/show_bug.cgi?id=126044

        Reviewed by Antti Koivisto and Gavin Barraclough.

        * assembler/LinkBuffer.h:
        Add a new owner UID for code compiled for CSS.
        Export the symbols needed to link code from WebCore.

2013-12-19  Mark Hahnenberg  <mhahnenberg@apple.com>

        Clean up DFG write barriers
        https://bugs.webkit.org/show_bug.cgi?id=126047

        Reviewed by Filip Pizlo.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Use the register allocator to 
        determine which registers need saving instead of saving every single one of them.
        (JSC::DFG::SpeculativeJIT::osrWriteBarrier): We don't need to save live register state 
        because the write barriers during OSR execute when there are no live registers. Also we  
        don't need to use pushes to pad the stack pointer for pokes on x86; we can just use an add.
        (JSC::DFG::SpeculativeJIT::writeBarrier):
        * dfg/DFGSpeculativeJIT.h:
        * jit/Repatch.cpp:
        (JSC::emitPutReplaceStub):
        (JSC::emitPutTransitionStub):
        * runtime/VM.h: Get rid of writeBarrierRegisterBuffer since it's no longer used.

2013-12-20  Balazs Kilvady  <kilvadyb@homejinni.com>

        [MIPS] Missing MacroAssemblerMIPS::branchTest8(ResultCondition, BaseIndex, TrustedImm32)
        https://bugs.webkit.org/show_bug.cgi?id=126062

        Reviewed by Mark Hahnenberg.

        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::branchTest8):

2013-12-20  Julien Brianceau  <jbriance@cisco.com>

        [sh4] Add missing implementation in MacroAssembler to fix build.
        https://bugs.webkit.org/show_bug.cgi?id=126063

        Reviewed by Mark Hahnenberg.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchTest8):

2013-12-20  Julien Brianceau  <jbriance@cisco.com>

        [arm] Add missing implementation in MacroAssembler to fix CPU(ARM_TRADITIONAL) build.
        https://bugs.webkit.org/show_bug.cgi?id=126064

        Reviewed by Mark Hahnenberg.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::branchTest8):

2013-12-19  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Add InspectorFrontendHost.debuggableType to let the frontend know it's backend is JavaScript or Web
        https://bugs.webkit.org/show_bug.cgi?id=126016

        Reviewed by Timothy Hatcher.

        * inspector/remote/RemoteInspector.mm:
        (Inspector::RemoteInspector::listingForDebuggable):
        * inspector/remote/RemoteInspectorConstants.h:
        Include a debuggable type identifier in the debuggable listing,
        so the remote frontend can know if it is debugging a Web Page
        or JS Context.

2013-12-19  Benjamin Poulain  <benjamin@webkit.org>

        Add an utility class to simplify generating function calls
        https://bugs.webkit.org/show_bug.cgi?id=125972

        Reviewed by Geoffrey Garen.

        Split branchTest32 in two functions: test32AndSetFlags and branchOnFlags.
        This is done to allow code where the flags are set, multiple operation that
        do not modify the flags occur, then the flags are used.

        This is used for function calls to test the return value while discarding the
        return register.

        * assembler/MacroAssemblerX86Common.h:
        (JSC::MacroAssemblerX86Common::test32AndSetFlags):
        (JSC::MacroAssemblerX86Common::branchOnFlags):
        (JSC::MacroAssemblerX86Common::branchTest32):

2013-12-19  Mark Hahnenberg  <mhahnenberg@apple.com>

        Put write barriers in the right places in the baseline JIT
        https://bugs.webkit.org/show_bug.cgi?id=125975

        Reviewed by Filip Pizlo.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileSlowCases):