https://bugs.webkit.org/show_bug.cgi?id=126763

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Introduce JSGlobalObjectInspectorController. This is the InspectorController
for a JSContext. It is created by the JSGlobalObject Remote Inspector Debuggable
when a remote frontend connects, and is destroyed when the remote frontend
disconnects of the JSGlobalObject is destroyed.

* inspector/JSGlobalObjectInspectorController.h: Added.
* inspector/JSGlobalObjectInspectorController.cpp: Added.
(Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
(Inspector::JSGlobalObjectInspectorController::~JSGlobalObjectInspectorController):
(Inspector::JSGlobalObjectInspectorController::connectFrontend):
(Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
(Inspector::JSGlobalObjectInspectorController::dispatchMessageFromFrontend):
(Inspector::JSGlobalObjectInspectorController::functionCallHandler):
(Inspector::JSGlobalObjectInspectorController::evaluateHandler):
Create/destory agents, create/destroy dispatches, implement InspectorEnvironment.

* runtime/JSGlobalObjectDebuggable.h:
* runtime/JSGlobalObjectDebuggable.cpp:
(JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
(JSC::JSGlobalObjectDebuggable::connect):
(JSC::JSGlobalObjectDebuggable::disconnect):
(JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
Forward actions to the InspectorController object.

* inspector/agents/InspectorAgent.h: Renamed from Source/WebCore/inspector/InspectorAgent.h.
* inspector/agents/InspectorAgent.cpp: Renamed from Source/WebCore/inspector/InspectorAgent.cpp.
(Inspector::InspectorAgent::InspectorAgent):
(Inspector::InspectorAgent::~InspectorAgent):
(Inspector::InspectorAgent::didCreateFrontendAndBackend):
(Inspector::InspectorAgent::inspect):
(Inspector::InspectorAgent::evaluateForTestInFrontend):
Implement InspectorAgent in JavaScriptCore in namespace Inspector.

* JavaScriptCore.xcodeproj/project.pbxproj:
* CMakeLists.txt:
* ChangeLog:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.vcxproj/copy-files.cmd:
Add files and new inspector/agents subdirectory.

Source/WebCore:

No new tests, no observable change in functionality.

* CMakeLists.txt:
* ForwardingHeaders/inspector/InspectorAgent.h: Added.
* GNUmakefile.list.am:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* inspector/InspectorAllInOne.cpp:
InspectorAgent moved to JavaScriptCore.

* inspector/PageConsoleAgent.cpp:
(WebCore::PageConsoleAgent::PageConsoleAgent):
(WebCore::PageConsoleAgent::~PageConsoleAgent):
* inspector/PageConsoleAgent.h:
(WebCore::PageConsoleAgent::create):
* inspector/InspectorApplicationCacheAgent.cpp:
* inspector/InspectorApplicationCacheAgent.h:
InspectorAgent was not used by these files, remove it.

* inspector/CommandLineAPIHost.cpp:
* inspector/CommandLineAPIHost.h:
(WebCore::CommandLineAPIHost::init):
* inspector/InspectorInstrumentation.cpp:
* inspector/InstrumentingAgents.h:
(WebCore::InstrumentingAgents::inspectorAgent):
(WebCore::InstrumentingAgents::setInspectorAgent):
Switch to Inspector::InspectorAgent where applicable.

* inspector/InspectorController.cpp:
(WebCore::InspectorController::InspectorController):
* inspector/InspectorController.h:
Manually add InspectorAgent to the InstrumentingAgents. It is one
of the agents that is always available in InstrumentingAgents.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161733 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125502

Patch by Tamas Gergely <tgergely.u-szeged@partner.samsung.com> on 2014-01-10
Reviewed by Michael Saboff.

Enable udis86 disassembler on efl and fix build warnings.

.:

* Source/cmake/OptionsEfl.cmake:
  Enable udis86 disassembler.

Source/JavaScriptCore:

* CMakeLists.txt:
  Add udis86 disassembler source files.
* disassembler/udis86/udis86_decode.c:
(decode_modrm_rm):
  Build warning fixes.
* disassembler/udis86/udis86_syn-att.c:
(gen_operand):
  Build warning fixes.
* disassembler/udis86/udis86_syn-intel.c:
(gen_operand):
  Build warning fixes.
* disassembler/udis86/udis86_types.h:
  Correct FMT64 for uint64_t.

Source/WTF:

* wtf/Platform.h:
  Enable udis86 disassembler on EFL.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161672 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126598

Source/JavaScriptCore:

Reviewed by Timothy Hatcher.

Part 1: Extract InspectorInstrumentationCookie class from InspectorInstrumentation.
Part 2: Move InjectedScriptSource and generation into JavaScriptCore.
Part 3: Update CodeGeneratorInspector to avoid inlining virtual destructors.
Part 4: Move all inspector scripts into JavaScriptCore and update generators.
Part 5: Move InjectedScript classes into JavaScriptCore
Part 6: Put it all together. Make WebCore use the JavaScriptCore InjectedScript files.

There are pieces of logic that WebCore wants to hook into in the InjectedScript
execution (e.g. for CommandLineAPIModule and InspectorInstrumentation). Create
hooks for those in a base class called InspectorEnvironment. For now, the
InspectorControllers (Page, JSGlobalObject, Worker) will be the InspectorEnvironments
and provide answers to its hooks.

* inspector/InspectorEnvironment.h: Added.
New hooks needed by WebCore in various places. Mostly stubbed in JavaScriptCore.

* inspector/InjectedScript.cpp: Renamed from Source/WebCore/inspector/InjectedScript.cpp.
* inspector/InjectedScript.h: Added.
* inspector/InjectedScriptBase.cpp: Renamed from Source/WebCore/inspector/InjectedScriptBase.cpp.
* inspector/InjectedScriptBase.h: Renamed from Source/WebCore/inspector/InjectedScriptBase.h.
* inspector/InjectedScriptModule.cpp: Renamed from Source/WebCore/inspector/InjectedScriptModule.cpp.
* inspector/InjectedScriptModule.h: Renamed from Source/WebCore/inspector/InjectedScriptModule.h.
Cleanup the style of these files (nullptr, formatting, whitespace, etc).
Use the InspectorEnvironments call/evaluate function for ScriptFunctionCalls and checking access

* inspector/InjectedScriptManager.cpp: Renamed from Source/WebCore/inspector/InjectedScriptManager.cpp.
* inspector/InjectedScriptManager.h: Renamed from Source/WebCore/inspector/InjectedScriptManager.h.
Take an InspectorEnvironment with multiple hooks, instead of a single hook function.

* inspector/InjectedScriptHost.cpp: Added.
* inspector/InjectedScriptHost.h: Added.
* inspector/JSInjectedScriptHost.cpp: Renamed from Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp.
* inspector/JSInjectedScriptHost.h: Added.
* inspector/JSInjectedScriptHostPrototype.cpp: Added.
* inspector/JSInjectedScriptHostPrototype.h: Added.
Implementation of InjectedScriptHost which is passed into the script (InjectedScriptSource.js)
that we inject into the page. This is mostly copied from the original autogenerated code,
then simplified and cleaned up. InjectedScriptHost can be subclasses to provide specialized
implementations of isHTMLAllCollection and type for Web/DOM types unknown to a pure JS context.

For OS X be sure to export the scripts as if they are private headers.

* GNUmakefile.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/scripts/cssmin.py: Renamed from Source/WebCore/inspector/Scripts/cssmin.py.
* inspector/scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/WebCore/inspector/Scripts/inline-and-minify-stylesheets-and-scripts.py.
* inspector/scripts/jsmin.py: Renamed from Source/WebCore/inspector/Scripts/jsmin.py.
* inspector/scripts/xxd.pl: Renamed from Source/WebCore/inspector/xxd.pl.

This avoids build errors about duplicate exported virtual inlined methods
are included from multiple places. Just put empty destructors in the
implementation file instead of inlined.

* inspector/scripts/CodeGeneratorInspector.py:
(Generator):
(Generator.go):
* inspector/scripts/CodeGeneratorInspectorStrings.py:

Move InjectedScriptSource.js and derived sources generation.

* CMakeLists.txt:
* DerivedSources.make:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/InjectedScriptSource.js: Renamed from Source/WebCore/inspector/InjectedScriptSource.js.

Source/WebCore:

Reviewed by Timothy Hatcher.

* CMakeLists.txt:
* DerivedSources.cpp:
* DerivedSources.make:
* GNUmakefile.list.am:
* UseJSC.cmake:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
Remove old InjectedScript files.

* ForwardingHeaders/inspector/InjectedScript.h: Added.
* ForwardingHeaders/inspector/InjectedScriptBase.h: Added.
* ForwardingHeaders/inspector/InjectedScriptHost.h: Added.
* ForwardingHeaders/inspector/InjectedScriptManager.h: Added.
* ForwardingHeaders/inspector/InjectedScriptModule.h: Added.
* ForwardingHeaders/inspector/InspectorEnvironment.h: Added.
Expose headers to WebCore.

* inspector/InspectorController.h:
* inspector/InspectorController.cpp:
(WebCore::InspectorController::InspectorController):
(WebCore::InspectorController::developerExtrasEnabled):
(WebCore::InspectorController::canAccessInspectedScriptState):
(WebCore::InspectorController::functionCallHandler):
(WebCore::InspectorController::evaluateHandler):
(WebCore::InspectorController::willCallInjectedScriptFunction):
(WebCore::InspectorController::didCallInjectedScriptFunction):
* inspector/WorkerInspectorController.h:
* inspector/WorkerInspectorController.cpp:
(WebCore::WorkerInspectorController::WorkerInspectorController):
(WebCore::WorkerInspectorController::functionCallHandler):
(WebCore::WorkerInspectorController::evaluateHandler):
(WebCore::WorkerInspectorController::willCallInjectedScriptFunction):
(WebCore::WorkerInspectorController::didCallInjectedScriptFunction):
Make both InspectorControllers in WebCore be InspectorEnvironments.

* bindings/js/JSMainThreadExecState.h:
* bindings/js/JSMainThreadExecState.cpp:
(WebCore::evaluateHandlerFromAnyThread):
Make JSC::evaluate wrapper like the existing JSC::call wrapper.
These will be the ScriptFunctionCall implementations when debugging
a WebCore::Page or worker, instead of the pure JSC versions.

* inspector/PageInjectedScriptHost.h: Copied from Source/WebCore/inspector/CommandLineAPIModule.h.
* inspector/PageInjectedScriptHost.cpp: Copied from Source/WebCore/inspector/PageInjectedScriptManager.cpp.
(WebCore::PageInjectedScriptHost::type):
(WebCore::PageInjectedScriptHost::isHTMLAllCollection):
WebCore InjectedScriptHost implementation for DOM type handling.

* inspector/PageInjectedScriptManager.h:
* inspector/PageInjectedScriptManager.cpp:
(WebCore::PageInjectedScriptManager::PageInjectedScriptManager):
(WebCore::PageInjectedScriptManager::discardInjectedScriptsFor):
WebCore InjectedScriptManager implementation for CommandLineAPI and
specialized DOMWindow injected script management.

* bindings/js/JSBindingsAllInOne.cpp:
* inspector/CommandLineAPIHost.cpp:
* inspector/CommandLineAPIHost.h:
* inspector/CommandLineAPIModule.cpp:
(WebCore::CommandLineAPIModule::host):
* inspector/CommandLineAPIModule.h:
* inspector/ConsoleMessage.cpp:
(WebCore::ConsoleMessage::addToFrontend):
* inspector/ConsoleMessage.h:
* inspector/InjectedScriptCanvasModule.cpp:
(WebCore::InjectedScriptCanvasModule::InjectedScriptCanvasModule):
* inspector/InjectedScriptCanvasModule.h:
* inspector/InspectorAllInOne.cpp:
* inspector/InspectorCanvasAgent.cpp:
* inspector/InspectorCanvasAgent.h:
(WebCore::InspectorCanvasAgent::create):
* inspector/InspectorConsoleAgent.cpp:
(WebCore::InspectorConsoleAgent::InspectorConsoleAgent):
* inspector/InspectorConsoleAgent.h:
* inspector/InspectorDOMAgent.cpp:
* inspector/InspectorDOMAgent.h:
(WebCore::InspectorDOMAgent::create):
* inspector/InspectorDebuggerAgent.cpp:
* inspector/InspectorDebuggerAgent.h:
(WebCore::InspectorDebuggerAgent::injectedScriptManager):
* inspector/InspectorHeapProfilerAgent.cpp:
(WebCore::InspectorHeapProfilerAgent::create):
(WebCore::InspectorHeapProfilerAgent::InspectorHeapProfilerAgent):
* inspector/InspectorHeapProfilerAgent.h:
* inspector/InspectorIndexedDBAgent.cpp:
* inspector/InspectorIndexedDBAgent.h:
(WebCore::InspectorIndexedDBAgent::create):
* inspector/InspectorPageAgent.cpp:
* inspector/InspectorPageAgent.h:
* inspector/InspectorProfilerAgent.cpp:
(WebCore::PageProfilerAgent::PageProfilerAgent):
(WebCore::InspectorProfilerAgent::create):
(WebCore::WorkerProfilerAgent::WorkerProfilerAgent):
(WebCore::InspectorProfilerAgent::InspectorProfilerAgent):
* inspector/InspectorProfilerAgent.h:
* inspector/InspectorRuntimeAgent.cpp:
* inspector/InspectorRuntimeAgent.h:
(WebCore::InspectorRuntimeAgent::injectedScriptManager):
* inspector/PageConsoleAgent.cpp:
(WebCore::PageConsoleAgent::PageConsoleAgent):
* inspector/PageConsoleAgent.h:
(WebCore::PageConsoleAgent::create):
* inspector/PageDebuggerAgent.cpp:
* inspector/PageDebuggerAgent.h:
* inspector/PageRuntimeAgent.cpp:
* inspector/PageRuntimeAgent.h:
(WebCore::PageRuntimeAgent::create):
* inspector/WorkerConsoleAgent.cpp:
(WebCore::WorkerConsoleAgent::WorkerConsoleAgent):
* inspector/WorkerConsoleAgent.h:
(WebCore::WorkerConsoleAgent::create):
* inspector/WorkerDebuggerAgent.cpp:
* inspector/WorkerDebuggerAgent.h:
* inspector/WorkerRuntimeAgent.cpp:
* inspector/WorkerRuntimeAgent.h:
(WebCore::WorkerRuntimeAgent::create):
Switch to using the Inspector namespace and JSC InjectedScript files.

* bindings/js/JSInjectedScriptManager.cpp: Removed.
* inspector/InjectedScript.h: Removed.
* inspector/InjectedScriptHost.cpp: Removed.
* inspector/InjectedScriptHost.h: Removed.
* inspector/InjectedScriptHost.idl: Removed.

With the updated location switch to using the appropriate INSPECTOR_SCRIPTS_DIR
variable which defines where the scripts are.

* CMakeLists.txt:
* DerivedSources.make:
* GNUmakefile.am:
* GNUmakefile.list.am:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:

Currently InjectedScriptBase uses InspectorInstrumentation directly
to track calling into JavaScript for timeline purposes. We will remove
the direct call from InjectedScriptBase and extracting the Cookie class
will make that easier.

* CMakeLists.txt:
* GNUmakefile.list.am:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* inspector/InspectorAllInOne.cpp:
* inspector/InspectorInstrumentation.cpp:
* inspector/InspectorInstrumentation.h:
* inspector/InspectorInstrumentationCookie.cpp: Added.
(WebCore::InspectorInstrumentationCookie::InspectorInstrumentationCookie):
(WebCore::InspectorInstrumentationCookie::operator=):
(WebCore::InspectorInstrumentationCookie::~InspectorInstrumentationCookie):
* inspector/InspectorInstrumentationCookie.h: Added.
(WebCore::InspectorInstrumentationCookie::isValid):
(WebCore::InspectorInstrumentationCookie::instrumentingAgents):
(WebCore::InspectorInstrumentationCookie::hasMatchingTimelineAgentId):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161563 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125777

Patch by Dániel Bátyai <dbatyai.u-szeged@partner.samsung.com> on 2014-01-08
Reviewed by Csaba Osztrogonác.

.:

* Source/cmake/OptionsEfl.cmake:
* Source/cmakeconfig.h.cmake:

Source/JavaScriptCore:

* CMakeLists.txt:
* ftl/FTLOSREntry.cpp:
* ftl/FTLOSRExitCompiler.cpp:
* llvm/library/config_llvm.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161498 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Make the different flavors of integer arithmetic more explicit, and don't rely on (possibly stale) results of the backwards propagator to decide integer arithmetic semantics
https://bugs.webkit.org/show_bug.cgi?id=125519

Reviewed by Geoffrey Garen.
        
Adds the Arith::Mode enum to arithmetic nodes, which makes it explicit what sorts of
checks and overflows the node should do. Previously this would be deduced from
backwards analysis results.
        
This also makes "unchecked" variants really mean that you want the int32 wrapped
result, so ArithIMul is now done in terms of ArithMul(Unchecked). That means that the
constant folder needs to compute exactly the result implied by ArithMode, instead of
just folding the double result.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArithMode.cpp: Added.
(WTF::printInternal):
* dfg/DFGArithMode.h: Added.
(JSC::DFG::doesOverflow):
(JSC::DFG::shouldCheckOverflow):
(JSC::DFG::shouldCheckNegativeZero):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::pureCSE):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasArithMode):
(JSC::DFG::Node::arithMode):
(JSC::DFG::Node::setArithMode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
(JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
(JSC::DFG::SpeculativeJIT::compileAdd):
(JSC::DFG::SpeculativeJIT::compileArithSub):
(JSC::DFG::SpeculativeJIT::compileArithNegate):
(JSC::DFG::SpeculativeJIT::compileArithMul):
(JSC::DFG::SpeculativeJIT::compileArithDiv):
(JSC::DFG::SpeculativeJIT::compileArithMod):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileAddSub):
(JSC::FTL::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
(JSC::FTL::LowerDFGToLLVM::compileArithNegate):
(JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120954

Reviewed by Filip Pizlo.

Source/JavaScriptCore: 

Update Promises to the revised spec. Notable changes:
- JSPromiseResolver is gone.
- TaskContext has been renamed Microtask and now has a virtual run() function.
- Instead of using custom InternalFunction subclasses, JSFunctions are used
  with PrivateName properties for internal slots.

* CMakeLists.txt:
* DerivedSources.make:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* interpreter/CallFrame.h:
(JSC::ExecState::promiseConstructorTable):
* runtime/CommonIdentifiers.cpp:
(JSC::CommonIdentifiers::CommonIdentifiers):
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
(JSC::JSGlobalObject::queueMicrotask):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::promiseConstructor):
(JSC::JSGlobalObject::promisePrototype):
(JSC::JSGlobalObject::promiseStructure):
* runtime/JSPromise.cpp:
(JSC::JSPromise::create):
(JSC::JSPromise::JSPromise):
(JSC::JSPromise::finishCreation):
(JSC::JSPromise::visitChildren):
(JSC::JSPromise::reject):
(JSC::JSPromise::resolve):
(JSC::JSPromise::appendResolveReaction):
(JSC::JSPromise::appendRejectReaction):
(JSC::triggerPromiseReactions):
* runtime/JSPromise.h:
(JSC::JSPromise::status):
(JSC::JSPromise::result):
(JSC::JSPromise::constructor):
* runtime/JSPromiseCallback.cpp: Removed.
* runtime/JSPromiseCallback.h: Removed.
* runtime/JSPromiseConstructor.cpp:
(JSC::constructPromise):
(JSC::JSPromiseConstructor::getCallData):
(JSC::JSPromiseConstructorFuncCast):
(JSC::JSPromiseConstructorFuncResolve):
(JSC::JSPromiseConstructorFuncReject):
* runtime/JSPromiseConstructor.h:
* runtime/JSPromiseDeferred.cpp: Added.
(JSC::JSPromiseDeferred::create):
(JSC::JSPromiseDeferred::JSPromiseDeferred):
(JSC::JSPromiseDeferred::finishCreation):
(JSC::JSPromiseDeferred::visitChildren):
(JSC::createJSPromiseDeferredFromConstructor):
(JSC::updateDeferredFromPotentialThenable):
* runtime/JSPromiseDeferred.h: Added.
(JSC::JSPromiseDeferred::createStructure):
(JSC::JSPromiseDeferred::promise):
(JSC::JSPromiseDeferred::resolve):
(JSC::JSPromiseDeferred::reject):
* runtime/JSPromiseFunctions.cpp: Added.
(JSC::deferredConstructionFunction):
(JSC::createDeferredConstructionFunction):
(JSC::identifyFunction):
(JSC::createIdentifyFunction):
(JSC::promiseAllCountdownFunction):
(JSC::createPromiseAllCountdownFunction):
(JSC::promiseResolutionHandlerFunction):
(JSC::createPromiseResolutionHandlerFunction):
(JSC::rejectPromiseFunction):
(JSC::createRejectPromiseFunction):
(JSC::resolvePromiseFunction):
(JSC::createResolvePromiseFunction):
(JSC::throwerFunction):
(JSC::createThrowerFunction):
* runtime/JSPromiseFunctions.h: Added.
* runtime/JSPromisePrototype.cpp:
(JSC::JSPromisePrototypeFuncThen):
(JSC::JSPromisePrototypeFuncCatch):
* runtime/JSPromiseReaction.cpp: Added.
(JSC::createExecutePromiseReactionMicroTask):
(JSC::ExecutePromiseReactionMicroTask::run):
(JSC::JSPromiseReaction::create):
(JSC::JSPromiseReaction::JSPromiseReaction):
(JSC::JSPromiseReaction::finishCreation):
(JSC::JSPromiseReaction::visitChildren):
* runtime/JSPromiseReaction.h: Added.
(JSC::JSPromiseReaction::createStructure):
(JSC::JSPromiseReaction::deferred):
(JSC::JSPromiseReaction::handler):
* runtime/JSPromiseResolver.cpp: Removed.
* runtime/JSPromiseResolver.h: Removed.
* runtime/JSPromiseResolverConstructor.cpp: Removed.
* runtime/JSPromiseResolverConstructor.h: Removed.
* runtime/JSPromiseResolverPrototype.cpp: Removed.
* runtime/JSPromiseResolverPrototype.h: Removed.
* runtime/Microtask.h: Added.
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:

Source/WebCore: 

* ForwardingHeaders/runtime/JSPromiseDeferred.h: Added.
* ForwardingHeaders/runtime/JSPromiseResolver.h: Removed.
* bindings/js/JSDOMGlobalObjectTask.cpp:
(WebCore::JSGlobalObjectTask::JSGlobalObjectTask):
* bindings/js/JSDOMGlobalObjectTask.h:
* bindings/js/JSDOMPromise.cpp:
(WebCore::DeferredWrapper::DeferredWrapper):
(WebCore::DeferredWrapper::promise):
(WebCore::DeferredWrapper::resolve):
(WebCore::DeferredWrapper::reject):
* bindings/js/JSDOMPromise.h:
(WebCore::DeferredWrapper::resolve):
(WebCore::DeferredWrapper::reject):
(WebCore::DeferredWrapper::resolve<String>):
(WebCore::DeferredWrapper::resolve<bool>):
(WebCore::char>>):
(WebCore::DeferredWrapper::reject<String>):
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::queueTaskToEventLoop):
* bindings/js/JSDOMWindowBase.h:
* bindings/js/JSSubtleCryptoCustom.cpp:
(WebCore::JSSubtleCrypto::encrypt):
(WebCore::JSSubtleCrypto::decrypt):
(WebCore::JSSubtleCrypto::sign):
(WebCore::JSSubtleCrypto::verify):
(WebCore::JSSubtleCrypto::digest):
(WebCore::JSSubtleCrypto::generateKey):
(WebCore::JSSubtleCrypto::importKey):
(WebCore::JSSubtleCrypto::exportKey):
(WebCore::JSSubtleCrypto::wrapKey):
(WebCore::JSSubtleCrypto::unwrapKey):
* bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):
* bindings/js/JSWorkerGlobalScopeBase.h:

LayoutTests: 

* crypto/subtle/argument-conversion.html:
* crypto/subtle/resources/common.js:
* crypto/subtle/sha-1.html:
* crypto/subtle/sha-224.html:
* crypto/subtle/sha-256.html:
* crypto/subtle/sha-384.html:
* crypto/subtle/sha-512.html:
* js/dom/Promise-already-fulfilled-expected.txt: Removed.
* js/dom/Promise-already-fulfilled.html: Removed.
* js/dom/Promise-already-rejected.html:
* js/dom/Promise-already-resolved.html:
* js/dom/Promise-catch-expected.txt:
* js/dom/Promise-catch-in-workers-expected.txt:
* js/dom/Promise-catch.html:
* js/dom/Promise-chain.html:
* js/dom/Promise-exception-expected.txt:
* js/dom/Promise-exception.html:
* js/dom/Promise-expected.txt:
* js/dom/Promise-fulfill-expected.txt: Removed.
* js/dom/Promise-fulfill-in-workers-expected.txt: Removed.
* js/dom/Promise-fulfill-in-workers.html: Removed.
* js/dom/Promise-fulfill.html: Removed.
* js/dom/Promise-init-callback-receiver-expected.txt: Added.
* js/dom/Promise-init-callback-receiver.html: Added.
* js/dom/Promise-init-expected.txt:
* js/dom/Promise-init-in-workers-expected.txt:
* js/dom/Promise-init.html:
* js/dom/Promise-onFulfilled-deep-expected.txt: Added.
* js/dom/Promise-onFulfilled-deep.html: Added.
* js/dom/Promise-onRejected-deep-expected.txt: Added.
* js/dom/Promise-onRejected-deep.html: Added.
* js/dom/Promise-reject.html:
* js/dom/Promise-resolve-chain.html:
* js/dom/Promise-resolve-expected.txt:
* js/dom/Promise-resolve-in-workers-expected.txt:
* js/dom/Promise-resolve-state-expected.txt: Added.
* js/dom/Promise-resolve-state-in-workers-expected.txt: Added.
* js/dom/Promise-resolve-state-in-workers.html: Added.
* js/dom/Promise-resolve-state.html: Added.
* js/dom/Promise-resolve-with-itself-expected.txt: Added.
* js/dom/Promise-resolve-with-itself.html: Added.
* js/dom/Promise-resolve-with-then-exception.html:
* js/dom/Promise-resolve-with-then-fulfill-expected.txt:
* js/dom/Promise-resolve-with-then-fulfill.html:
* js/dom/Promise-resolve-with-then-reject-expected.txt:
* js/dom/Promise-resolve-with-then-reject.html:
* js/dom/Promise-resolve.html:
* js/dom/Promise-simple-expected.txt:
* js/dom/Promise-simple-fulfill-expected.txt: Removed.
* js/dom/Promise-simple-fulfill-inside-callback-expected.txt: Removed.
* js/dom/Promise-simple-fulfill-inside-callback.html: Removed.
* js/dom/Promise-simple-fulfill.html: Removed.
* js/dom/Promise-simple-in-workers-expected.txt:
* js/dom/Promise-simple-resolve-expected.txt: Added.
* js/dom/Promise-simple-resolve.html: Added.
* js/dom/Promise-simple.html:
* js/dom/Promise-static-all-expected.txt: Added.
* js/dom/Promise-static-all.html: Added.
* js/dom/Promise-static-cast-expected.txt: Added.
* js/dom/Promise-static-cast.html: Added.
* js/dom/Promise-static-fulfill-expected.txt: Removed.
* js/dom/Promise-static-fulfill.html: Removed.
* js/dom/Promise-static-race-expected.txt: Added.
* js/dom/Promise-static-race.html: Added.
* js/dom/Promise-static-resolve.html:
* js/dom/Promise-then-callback-receiver-expected.txt: Added.
* js/dom/Promise-then-callback-receiver.html: Added.
* js/dom/Promise-then-expected.txt:
* js/dom/Promise-then-in-workers-expected.txt:
* js/dom/Promise-then-without-callbacks.html:
* js/dom/Promise-then.html:
* js/dom/Promise-types-expected.txt:
* js/dom/Promise-types.html:
* js/dom/Promise.html:
* js/resources/Promise-catch-in-workers.js:
* js/resources/Promise-fulfill-in-workers.js: Removed.
* js/resources/Promise-init-in-workers.js:
* js/resources/Promise-reject-in-workers.js:
* js/resources/Promise-resolve-in-workers.js:
* js/resources/Promise-resolve-state-in-workers.js: Added.
* js/resources/Promise-simple-in-workers.js:
* js/resources/Promise-then-in-workers.js:
* js/resources/Promise-then-without-callbacks-in-workers.js:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161241 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126271

Reviewed by Sam Weinig.

* CMakeLists.txt:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161206 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126145

Reviewed by Gustavo Noronha Silva.

* CMakeLists.txt: Fix typo when detecting the type of library.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160995 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[GTK][CMake] libtool-compatible soversion calculation
Reviewed by Gustavo Noronha Silva.

* Source/cmake/OptionsGTK.cmake: Specify the appropriate libtool triples and use
the CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE macro to specify the library-specific
version information.
* Source/cmake/WebKitHelpers.cmake: Add some helpful macros.

Source/JavaScriptCore: [GTK][CMake] libtool-compatible soversion calculation
https://bugs.webkit.org/show_bug.cgi?id=125511

Reviewed by Gustavo Noronha Silva.

* CMakeLists.txt: Use the POPULATE_LIBRARY_VERSION macro and the
library-specific version information.

Source/WebKit: [GTK][CMake] libtool-compatible soversion calculation
https://bugs.webkit.org/show_bug.cgi?id=125511

Reviewed by Gustavo Noronha Silva.

* CMakeLists.txt: Use the POPULATE_LIBRARY_VERSION macro and the
library-specific version information.

Source/WebKit2: [GTK][CMake] libtool-compatible soversion calculation
https://bugs.webkit.org/show_bug.cgi?id=125511

Reviewed by Gustavo Noronha Silva.

* CMakeLists.txt: Use the POPULATE_LIBRARY_VERSION macro and the
library-specific version information.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160994 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125512

Reviewed by Martin Robinson.

.:

* CMakeLists.txt: make JavaScriptCore always be a shared library for the GTK+ port.
* Source/cmake/WebKitHelpers.cmake: make -fvisibility=hidden not be applied for GTK+,
visibility of some symbols is required for threading to be initialized properly by
WebKit2 processes, and we will rely on a linker script that will be added later on,
for production builds.

Source/JavaScriptCore:

* CMakeLists.txt: use target type instead of SHARED_CORE to decide whether
JavaScriptCore is a shared library, since it's always shared for GTK+ regardless
of SHARED_CORE.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160812 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125530

Reviewed by Filip Pizlo.

Source/JavaScriptCore: 

This is in preparation for GenGC. We use a separate StoreBarrier node instead of making them implicitly 
part of other nodes so that it's easier to run analyses on them, e.g. for the StoreBarrierElisionPhase. 
They are inserted during the fixup phase. Initially they do not generate any code.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractHeap.h:
* dfg/DFGAbstractInterpreter.h:
(JSC::DFG::AbstractInterpreter::isKnownNotCell):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberizeForAllocation):
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants): Whenever we insert new nodes that require StoreBarriers,
we have to add those new StoreBarriers too. It's important to note that AllocatePropertyStorage and 
ReallocatePropertyStorage nodes require their StoreBarriers to come after them since they allocate first,
which could cause a GC, and then store the resulting buffer into their JSCell, which requires the barrier.
If we ever require that write barriers occur before stores, we'll have to split these nodes into 
AllocatePropertyStorage + StoreBarrier + PutPropertyStorage.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::insertStoreBarrier):
* dfg/DFGNode.h:
(JSC::DFG::Node::isStoreBarrier):
* dfg/DFGNodeType.h:
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileStoreBarrier):
(JSC::DFG::SpeculativeJIT::genericWriteBarrier): The fast path write barrier check. It loads the 
byte that contains the mark bit of the object. 
(JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): If the fast path check fails we try to store the 
cell in the WriteBarrierBuffer so as to avoid frequently flushing all registers in order to make a C call.
(JSC::DFG::SpeculativeJIT::writeBarrier):
(JSC::DFG::SpeculativeJIT::osrWriteBarrier): More barebones version of the write barrier to be executed 
during an OSR exit into baseline code. We must do this so that the baseline JIT object and array profiles 
are properly cleared during GC.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::writeBarrier):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::writeBarrier):
* dfg/DFGStoreBarrierElisionPhase.cpp: Added. New DFG phase that does block-local elision of redundant
StoreBarriers. Every time a StoreBarrier on a particular object is executed, a bit is set indicating that 
that object doesn't need any more StoreBarriers. 
(JSC::DFG::StoreBarrierElisionPhase::StoreBarrierElisionPhase):
(JSC::DFG::StoreBarrierElisionPhase::couldCauseGC): Nodes that could cause a GC reset the bits for all of the 
objects known in the current block. 
(JSC::DFG::StoreBarrierElisionPhase::allocatesFreshObject): A node that creates a new object automatically 
sets the bit for that object since if a GC occurred as the result of that object's allocation then that 
object would not need a barrier since it would be guaranteed to be a young generation object until the 
next GC point.
(JSC::DFG::StoreBarrierElisionPhase::noticeFreshObject):
(JSC::DFG::StoreBarrierElisionPhase::getBaseOfStore):
(JSC::DFG::StoreBarrierElisionPhase::shouldBeElided):
(JSC::DFG::StoreBarrierElisionPhase::elideBarrier):
(JSC::DFG::StoreBarrierElisionPhase::handleNode):
(JSC::DFG::StoreBarrierElisionPhase::handleBlock):
(JSC::DFG::StoreBarrierElisionPhase::run):
(JSC::DFG::performStoreBarrierElision):
* dfg/DFGStoreBarrierElisionPhase.h: Added.
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::flushWriteBarrierBuffer):
* heap/Heap.h:
(JSC::Heap::writeBarrier):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::offsetOfMarks):
* heap/WriteBarrierBuffer.cpp: Added. The WriteBarrierBuffer buffers a set of JSCells that are awaiting 
a pending WriteBarrier. This buffer is used by the DFG to avoid the overhead of calling out to C repeatedly
to invoke a write barrier on a single JSCell. Instead the DFG has inline code to fill the WriteBarrier buffer
until its full, and then to call out to C to flush it. The WriteBarrierBuffer will also be flushed prior to 
each EdenCollection.
(JSC::WriteBarrierBuffer::WriteBarrierBuffer):
(JSC::WriteBarrierBuffer::~WriteBarrierBuffer):
(JSC::WriteBarrierBuffer::flush):
(JSC::WriteBarrierBuffer::reset):
(JSC::WriteBarrierBuffer::add):
* heap/WriteBarrierBuffer.h: Added.
(JSC::WriteBarrierBuffer::currentIndexOffset):
(JSC::WriteBarrierBuffer::capacityOffset):
(JSC::WriteBarrierBuffer::bufferOffset):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* runtime/VM.h:

Source/WTF: 

* wtf/Platform.h: Added an #define for ENABLE(GGC) which will be used for landing things related to GenGC.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160796 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125707

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

* CMakeLists.txt:
* DerivedSources.make:
* GNUmakefile.am:
* inspector/protocol/Debugger.json: Renamed from Source/WebCore/inspector/protocol/Debugger.json.
* inspector/protocol/GenericTypes.json: Added.
* inspector/protocol/InspectorDomain.json: Renamed from Source/WebCore/inspector/protocol/InspectorDomain.json.
Add new files to inspector generation.

* inspector/scripts/CodeGeneratorInspector.py:
(Generator.go):
Only build TypeBuilder output if the domain only has types. Avoid
backend/frontend dispatchers and backend commands.

(TypeBindings.create_type_declaration_.EnumBinding.get_setter_value_expression_pattern):
(format_setter_value_expression):
(Generator.process_command):
(Generator.generate_send_method):
* inspector/scripts/CodeGeneratorInspectorStrings.py:
Export and name the get{JS,Web}EnumConstant function.

Source/WebCore:

  - Switch TypeBuilder::Page::SearchMatch to TypeBuilder::GenericTypes::SearchMatch
    which comes from InspectorJSTypeBuilders.
  - Remove domains that moved to JavaScriptCore.

No new tests, this only moves code around. There are no functional changes.

* CMakeLists.txt:
* DerivedSources.make:
* GNUmakefile.am:
Add new files.

* inspector/ContentSearchUtils.cpp:
(WebCore::ContentSearchUtils::buildObjectForSearchMatch):
(WebCore::ContentSearchUtils::searchInTextByLines):
* inspector/ContentSearchUtils.h:
* inspector/InspectorAgent.cpp:
* inspector/InspectorAgent.h:
* inspector/InspectorDebuggerAgent.h:
* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::searchInResource):
* inspector/InspectorPageAgent.h:
* inspector/protocol/Page.json:
Update includes and type builder type names.

* inspector/InspectorDebuggerAgent.cpp:
(WebCore::breakpointActionTypeForString):
(WebCore::InspectorDebuggerAgent::searchInContent):
* inspector/InspectorTimelineAgent.cpp:
(WebCore::InspectorTimelineAgent::innerAddRecordToTimeline):
Use the new getEnum function names.

Source/WebInspectorUI:

* UserInterface/InspectorJSBackendCommands.js:
* UserInterface/InspectorWebBackendCommands.js:
Regenerate now that domains have moved around.

LayoutTests:

* http/tests/inspector-protocol/resources/InspectorTest.js:
(InspectorTest.checkForError):
Since having a protocol error is likely wrong, make the output
for it as detailed as possible.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160588 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125595

Reviewed by Timothy Hatcher.

* GNUmakefile.am:

Source/JavaScriptCore:

  - Move CodeGeneration scripts from WebCore into JavaScriptCore/inspector/scripts
  - For ports that build WebKit frameworks separately, export the scripts as PrivateHeaders
  - Update CodeGeneratorInspector.py in a few ways:
    - output dynamic filenames, so JavaScriptCore generates InspectorJSFoo.* and WebCore generates InspectorWebFoo.*
    - take in more then one protocol JSON file. The first contains domains to generate, the others are dependencies
      that are generated elsewhere that we can depend on for Types.
  - Add DerivedSources build step to generate the Inspector Interfaces

* CMakeLists.txt:
* DerivedSources.make:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.vcxproj/copy-files.cmd:
* JavaScriptCore.xcodeproj/project.pbxproj:
Add scripts and code generation.

* inspector/protocol/Runtime.json: Renamed from Source/WebCore/inspector/protocol/Runtime.json.
Move protocol file into JavaScriptCore so its types will be generated in JavaScriptCore.

* inspector/scripts/CodeGeneratorInspector.py: Renamed from Source/WebCore/inspector/CodeGeneratorInspector.py.
Updates to the script as listed above.

* inspector/scripts/CodeGeneratorInspectorStrings.py: Renamed from Source/WebCore/inspector/CodeGeneratorInspectorStrings.py.
* inspector/scripts/generate-combined-inspector-json.py: Renamed from Source/WebCore/inspector/Scripts/generate-combined-inspector-json.py.
Moved from WebCore into JavaScriptCore for code generation.

Source/WebCore:

  - CodeGeneration changed to output Frontend and Backend dispatchers
    in namespace Inspector. So update all the agent's appropriately.
  - Update Derived Sources code generation to use the Scripts that had
    moved to JavaScriptCore. Some ports just use JSC/inspector/scripts
    directly, but others have to use the Scripts exported by JSC
    in JavaScriptCore's PrivateHeaders.
  - Add ForwardingHeaders for the files generated in JavaScriptCore.
  - Update the names of Inspector DerivedSources files, since they
    were renamed to InspectorWeb*.

No new tests, this only moves code around. There are no functional changes.

* CMakeLists.txt:
* DerivedSources.make:
* ForwardingHeaders/inspector/InspectorJSBackendDispatchers.h: Added.
* ForwardingHeaders/inspector/InspectorJSFrontendDispatchers.h: Added.
* ForwardingHeaders/inspector/InspectorJSTypeBuilders.h: Added.
* GNUmakefile.am:
* GNUmakefile.list.am:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.vcxproj/build-generated-files.sh:
* WebCore.xcodeproj/project.pbxproj:
Remove files, rename files, update code generation.

* make-generated-sources.sh:
Update this standalone developer script to fill in the new InspectorScripts variable.

* inspector/ConsoleMessage.h:
* inspector/InjectedScriptHost.cpp:
* inspector/InspectorAgent.cpp:
* inspector/InspectorAgent.h:
* inspector/InspectorApplicationCacheAgent.cpp:
* inspector/InspectorApplicationCacheAgent.h:
* inspector/InspectorCSSAgent.h:
* inspector/InspectorCanvasAgent.cpp:
* inspector/InspectorCanvasAgent.h:
* inspector/InspectorConsoleAgent.cpp:
* inspector/InspectorConsoleAgent.h:
* inspector/InspectorController.cpp:
* inspector/InspectorDOMAgent.cpp:
* inspector/InspectorDOMAgent.h:
* inspector/InspectorDOMDebuggerAgent.cpp:
* inspector/InspectorDOMDebuggerAgent.h:
* inspector/InspectorDOMStorageAgent.cpp:
* inspector/InspectorDOMStorageAgent.h:
* inspector/InspectorDatabaseAgent.cpp:
* inspector/InspectorDatabaseAgent.h:
* inspector/InspectorDatabaseResource.cpp:
* inspector/InspectorDatabaseResource.h:
* inspector/InspectorDebuggerAgent.cpp:
* inspector/InspectorDebuggerAgent.h:
* inspector/InspectorFrontendClientLocal.cpp:
* inspector/InspectorHeapProfilerAgent.h:
* inspector/InspectorIndexedDBAgent.cpp:
* inspector/InspectorIndexedDBAgent.h:
* inspector/InspectorInputAgent.h:
* inspector/InspectorLayerTreeAgent.cpp:
* inspector/InspectorLayerTreeAgent.h:
* inspector/InspectorMemoryAgent.cpp:
* inspector/InspectorMemoryAgent.h:
* inspector/InspectorPageAgent.cpp:
* inspector/InspectorPageAgent.h:
* inspector/InspectorProfilerAgent.cpp:
* inspector/InspectorProfilerAgent.h:
* inspector/InspectorResourceAgent.cpp:
* inspector/InspectorResourceAgent.h:
* inspector/InspectorRuntimeAgent.h:
* inspector/InspectorTimelineAgent.cpp:
* inspector/InspectorTimelineAgent.h:
* inspector/InspectorWorkerAgent.cpp:
* inspector/InspectorWorkerAgent.h:
* inspector/PageRuntimeAgent.h:
* inspector/ScriptCallFrame.cpp:
* inspector/WorkerInspectorController.cpp:
* inspector/WorkerRuntimeAgent.h:
Updates header names and class namespace changes.

Source/WebInspectorUI:

* Scripts/copy-user-interface-resources.sh:
Copy all the different backend commands files.

* Scripts/update-InspectorBackendCommands.rb:
Update with respect to new script location and new file names.

* WebInspectorUI.xcodeproj/project.pbxproj:
Remove Inputs and Outputs of build phase, which were wrong.
Now this build phase always runs, and not by accident.

* UserInterface/InspectorJSBackendCommands.js: Added.
* UserInterface/InspectorWebBackendCommands.js: Renamed from Source/WebInspectorUI/UserInterface/InspectorBackendCommands.js.
* UserInterface/Legacy/6.0/InspectorWebBackendCommands.js: Renamed from Source/WebInspectorUI/UserInterface/Legacy/6.0/InspectorBackendCommands.js.
* UserInterface/Legacy/7.0/InspectorWebBackendCommands.js: Renamed from Source/WebInspectorUI/UserInterface/Legacy/7.0/InspectorBackendCommands.js.
* UserInterface/LoadInspectorBackendCommands.js:
* WebInspectorUI.vcxproj/WebInspectorUI.vcxproj:
* WebInspectorUI.vcxproj/WebInspectorUI.vcxproj.filters:

LayoutTests:

* http/tests/inspector-protocol/resources/InspectorTest.js:
(InspectorTest.importInspectorScripts):
Update for the new backend commands files.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160557 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125324

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

* CMakeLists.txt:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
* JavaScriptCore.vcxproj/copy-files.cmd:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bindings/ScriptFunctionCall.cpp: Renamed from Source/WebCore/bindings/js/ScriptFunctionCall.cpp.
* bindings/ScriptFunctionCall.h: Renamed from Source/WebCore/bindings/js/ScriptFunctionCall.h.
* bindings/ScriptObject.cpp: Copied from Source/WebCore/inspector/WorkerConsoleAgent.cpp.
* bindings/ScriptObject.h: Renamed from Source/WebCore/inspector/InspectorBaseAgent.h.
* bindings/ScriptValue.cpp: Renamed from Source/WebCore/bindings/js/ScriptValue.cpp.
* bindings/ScriptValue.h: Renamed from Source/WebCore/bindings/js/ScriptValue.h.
* inspector/InspectorAgentBase.h: Copied from Source/WebCore/inspector/InspectorAgentRegistry.h.
* inspector/InspectorAgentRegistry.cpp: Renamed from Source/WebCore/inspector/InspectorAgentRegistry.cpp.
* inspector/InspectorBackendDispatcher.h: Renamed from Source/WebCore/inspector/InspectorBackendDispatcher.h.
(Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
(Inspector::InspectorSupplementalBackendDispatcher::~InspectorSupplementalBackendDispatcher):
* inspector/InspectorValues.cpp: Renamed from Source/WebCore/inspector/InspectorValues.cpp.
* inspector/InspectorValues.h: Renamed from Source/WebCore/inspector/InspectorValues.h.

Source/WebCore:

Part 1: Push down core inspector classes.

  - Move InspectAgentBase, InspectorAgentRegistry, InspectorBackendDispatcher, InspectorValues
    down to JavaScriptCore and into the Inspector namespace.
  - Add forwarding headers for JavaScriptCore/inspector files.
  - Use the Inspector namespace where appropriate.
  - Rename InspectorBaseAgent to InspectorAgentBase for clarity.

Part 2: Push Script wrapper classes down into JavaScriptCore/bindings.

  - Move ScriptObject and ScriptValue into JavaScriptCore but namespace Deprecated
  - Add forwarding headers
  - Use Deprecated::ScriptObject and Deprecated::ScriptValue everywhere.

Part 3: Push Down ScriptFunctionCall

  - Move ScriptFunctionCall to JavaScriptCore/bindings into namespace Deprecated.
  - Give constructor a function to all for a different JSC::call, because
    WebCore ScriptFunctionCall's use JSMainThreadExecState when isMainThread.
  - Prefer Deprecated::ScriptFunctionCall everywhere it is used in WebCore.

Part 4: Extract InspectorTypeBuilder helper functions

  - There is a chunk of InspectorTypeBuilder that never changes. Extract it into
    its own file, InspectorTypeBuilder.h in JSC/inspector, Inspector namespace.
  - This moves TypeBuilder from namespace WebCore to namespace Inspector
  - Rename the WebCore generated InspectorTypeBuilder to InspectorWebTypeBuilders,
    eventually the CodeGenerator script will do this for more then TypeBuilders
    and there will be "JS" TypeBuilders and "Web" TypeBuilders files.

No new tests. No change in functionality, just moving things around.

* CMakeLists.txt:
* ForwardingHeaders/bindings/ScriptFunctionCall.h: Added.
* ForwardingHeaders/bindings/ScriptObject.h: Added.
* ForwardingHeaders/bindings/ScriptValue.h: Added.
* ForwardingHeaders/inspector/InspectorAgentBase.h: Added.
* ForwardingHeaders/inspector/InspectorAgentRegistry.h: Added.
* ForwardingHeaders/inspector/InspectorBackendDispatcher.h: Added.
* ForwardingHeaders/inspector/InspectorTypeBuilder.h: Added.
* ForwardingHeaders/inspector/InspectorValues.h: Added.
* GNUmakefile.am:
* GNUmakefile.list.am:
* Modules/indexeddb/IDBAny.cpp:
(WebCore::IDBAny::scriptValue):
(WebCore::IDBAny::IDBAny):
* Modules/indexeddb/IDBAny.h:
* Modules/indexeddb/IDBCursor.cpp:
(WebCore::IDBCursor::key):
(WebCore::IDBCursor::primaryKey):
(WebCore::IDBCursor::value):
(WebCore::IDBCursor::update):
(WebCore::IDBCursor::continueFunction):
(WebCore::IDBCursor::setValueReady):
* Modules/indexeddb/IDBCursor.h:
* Modules/indexeddb/IDBFactory.cpp:
(WebCore::IDBFactory::cmp):
* Modules/indexeddb/IDBFactory.h:
* Modules/indexeddb/IDBIndex.cpp:
(WebCore::IDBIndex::openCursor):
(WebCore::IDBIndex::count):
(WebCore::IDBIndex::openKeyCursor):
(WebCore::IDBIndex::get):
(WebCore::IDBIndex::getKey):
* Modules/indexeddb/IDBIndex.h:
(WebCore::IDBIndex::openCursor):
(WebCore::IDBIndex::openKeyCursor):
* Modules/indexeddb/IDBKeyRange.cpp:
(WebCore::IDBKeyRange::lowerValue):
(WebCore::IDBKeyRange::upperValue):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):
* Modules/indexeddb/IDBKeyRange.h:
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):
* Modules/indexeddb/IDBObjectStore.cpp:
(WebCore::IDBObjectStore::get):
(WebCore::generateIndexKeysForValue):
(WebCore::IDBObjectStore::add):
(WebCore::IDBObjectStore::put):
(WebCore::IDBObjectStore::deleteFunction):
(WebCore::IDBObjectStore::openCursor):
(WebCore::IDBObjectStore::count):
* Modules/indexeddb/IDBObjectStore.h:
* Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::setResultCursor):
(WebCore::IDBRequest::onSuccess):
(WebCore::IDBRequest::onSuccessInternal):
* Modules/indexeddb/IDBRequest.h:
* Modules/mediastream/CapabilityRange.cpp:
(WebCore::scriptValue):
(WebCore::CapabilityRange::min):
(WebCore::CapabilityRange::max):
* Modules/mediastream/CapabilityRange.h:
* Modules/mediastream/MediaTrackConstraint.h:
* Modules/mediastream/RTCIceCandidate.cpp:
* Modules/plugins/QuickTimePluginReplacement.cpp:
* Modules/plugins/QuickTimePluginReplacement.h:
* UseJSC.cmake:
* WebCore.exp.in:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/Dictionary.h:
(WebCore::Dictionary::getEventListener):
* bindings/js/IDBBindingUtilities.cpp:
(WebCore::createIDBKeyFromScriptValueAndKeyPath):
(WebCore::injectIDBKeyIntoScriptValue):
(WebCore::canInjectIDBKeyIntoScriptValue):
(WebCore::deserializeIDBValue):
(WebCore::deserializeIDBValueBuffer):
(WebCore::idbKeyToScriptValue):
(WebCore::scriptValueToIDBKey):
* bindings/js/IDBBindingUtilities.h:
* bindings/js/JSBindingsAllInOne.cpp:
* bindings/js/JSDictionary.cpp:
(WebCore::JSDictionary::convertValue):
* bindings/js/JSDictionary.h:
* bindings/js/JSHTMLCanvasElementCustom.cpp:
(WebCore::JSHTMLCanvasElement::getContext):
* bindings/js/JSInjectedScriptHostCustom.cpp:
(WebCore::InjectedScriptHost::scriptValueAsNode):
(WebCore::InjectedScriptHost::nodeAsScriptValue):
(WebCore::JSInjectedScriptHost::inspectedObject):
(WebCore::JSInjectedScriptHost::inspect):
* bindings/js/JSInjectedScriptManager.cpp:
(WebCore::InjectedScriptManager::createInjectedScript):
* bindings/js/JSMainThreadExecState.cpp:
(WebCore::functionCallHandlerFromAnyThread):
* bindings/js/JSMainThreadExecState.h:
(WebCore::JSMainThreadExecState::currentState):
* bindings/js/JSMessageEventCustom.cpp:
(WebCore::JSMessageEvent::data):
(WebCore::handleInitMessageEvent):
* bindings/js/ScheduledAction.cpp:
* bindings/js/ScriptCallStackFactory.cpp:
(WebCore::createScriptArguments):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::evaluateInWorld):
(WebCore::ScriptController::evaluate):
(WebCore::ScriptController::executeScriptInWorld):
(WebCore::ScriptController::executeScript):
(WebCore::ScriptController::executeIfJavaScriptURL):
* bindings/js/ScriptController.h:
* bindings/js/ScriptDebugServer.cpp:
(WebCore::ScriptDebugServer::setScriptSource):
(WebCore::ScriptDebugServer::updateCallStack):
(WebCore::ScriptDebugServer::dispatchDidPause):
(WebCore::ScriptDebugServer::runScript):
* bindings/js/ScriptDebugServer.h:
* bindings/js/ScriptGlobalObject.cpp: Renamed from Source/WebCore/bindings/js/ScriptObject.cpp.
(WebCore::handleException):
(WebCore::ScriptGlobalObject::set):
(WebCore::ScriptGlobalObject::get):
(WebCore::ScriptGlobalObject::remove):
* bindings/js/ScriptGlobalObject.h: Copied from Source/WebCore/inspector/ScriptCallStack.h.
(WebCore::ScriptGlobalObject::ScriptGlobalObject):
* bindings/js/ScriptObject.h: Removed.
* bindings/js/ScriptProfile.cpp:
(WebCore::buildInspectorObjectFor):
(WebCore::ScriptProfile::buildInspectorObjectForHead):
(WebCore::ScriptProfile::buildInspectorObjectForBottomUpHead):
* bindings/js/ScriptProfile.h:
* bindings/js/ScriptProfiler.cpp:
(WebCore::ScriptProfiler::objectByHeapObjectId):
(WebCore::ScriptProfiler::getHeapObjectId):
* bindings/js/ScriptProfiler.h:
* bindings/js/ScriptState.h:
* bindings/js/SerializedScriptValue.cpp:
(WebCore::SerializedScriptValue::deserializeForInspector):
(WebCore::SerializedScriptValue::serialize):
(WebCore::SerializedScriptValue::deserialize):
* bindings/js/SerializedScriptValue.h:
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::evaluate):
(WebCore::WorkerScriptController::setException):
* bindings/js/WorkerScriptController.h:
* bindings/scripts/CodeGeneratorJS.pm:
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::setJSTestObjAnyAttribute):
* dom/CustomEvent.cpp:
(WebCore::CustomEvent::initCustomEvent):
* dom/CustomEvent.h:
(WebCore::CustomEvent::detail):
* dom/MessageEvent.cpp:
(WebCore::MessageEvent::MessageEvent):
(WebCore::MessageEvent::initMessageEvent):
* dom/MessageEvent.h:
(WebCore::MessageEvent::create):
(WebCore::MessageEvent::dataAsScriptValue):
* dom/PopStateEvent.h:
(WebCore::PopStateEvent::state):
* dom/ScriptElement.cpp:
* html/HTMLMediaElement.cpp:
* html/parser/XSSAuditor.cpp:
* html/parser/XSSAuditorDelegate.cpp:
* inspector/CodeGeneratorInspector.py:
(RawTypes.BaseType.get_raw_validator_call_text):
(RawTypes.Object.get_array_item_raw_c_type_text):
(RawTypes.Any.get_array_item_raw_c_type_text):
(RawTypes.Array.get_array_item_raw_c_type_text):
(CommandReturnPassModel.OptOutput.get_return_var_type):
(CommandReturnPassModel.OptOutput.get_output_parameter_type):
(TypeModel.ExactlyInt.get_input_param_type_text):
(TypeModel.ExactlyInt.get_opt_output_type_):
(TypeModel.init_class):
(TypeBindings.create_named_type_declaration.Helper):
(TypeBindings.create_type_declaration_.EnumBinding.get_code_generator.CodeGenerator.generate_type_builder):
(TypeBindings.create_type_declaration_.EnumBinding.get_setter_value_expression_pattern):
(TypeBindings.create_type_declaration_.ClassBinding.get_code_generator.CodeGenerator.generate_type_builder):
(Inspector):
(ArrayBinding.get_array_item_c_type_text):
(Generator.go):
(Generator.process_command):
* inspector/CodeGeneratorInspectorStrings.py:
(void):
(InspectorFrontend_h):
(InspectorBackendDispatchers_h):
* inspector/ConsoleMessage.cpp:
(WebCore::messageSourceValue):
(WebCore::messageTypeValue):
(WebCore::messageLevelValue):
(WebCore::ConsoleMessage::addToFrontend):
* inspector/ConsoleMessage.h:
* inspector/ContentSearchUtils.cpp:
(WebCore::ContentSearchUtils::buildObjectForSearchMatch):
(WebCore::ContentSearchUtils::searchInTextByLines):
* inspector/ContentSearchUtils.h:
* inspector/InjectedScript.cpp:
(WebCore::InjectedScript::InjectedScript):
(WebCore::InjectedScript::evaluate):
(WebCore::InjectedScript::callFunctionOn):
(WebCore::InjectedScript::evaluateOnCallFrame):
(WebCore::InjectedScript::getFunctionDetails):
(WebCore::InjectedScript::getProperties):
(WebCore::InjectedScript::getInternalProperties):
(WebCore::InjectedScript::nodeForObjectId):
(WebCore::InjectedScript::releaseObject):
(WebCore::InjectedScript::wrapCallFrames):
(WebCore::InjectedScript::wrapObject):
(WebCore::InjectedScript::wrapTable):
(WebCore::InjectedScript::wrapNode):
(WebCore::InjectedScript::findObjectById):
(WebCore::InjectedScript::inspectNode):
(WebCore::InjectedScript::releaseObjectGroup):
(WebCore::InjectedScript::nodeAsScriptValue):
* inspector/InjectedScript.h:
* inspector/InjectedScriptBase.cpp:
(WebCore::InjectedScriptBase::InjectedScriptBase):
(WebCore::InjectedScriptBase::initialize):
(WebCore::InjectedScriptBase::injectedScriptObject):
(WebCore::InjectedScriptBase::callFunctionWithEvalEnabled):
(WebCore::InjectedScriptBase::makeCall):
(WebCore::InjectedScriptBase::makeEvalCall):
* inspector/InjectedScriptBase.h:
* inspector/InjectedScriptCanvasModule.cpp:
(WebCore::InjectedScriptCanvasModule::wrapCanvas2DContext):
(WebCore::InjectedScriptCanvasModule::wrapWebGLContext):
(WebCore::InjectedScriptCanvasModule::callWrapContextFunction):
(WebCore::InjectedScriptCanvasModule::markFrameEnd):
(WebCore::InjectedScriptCanvasModule::callStartCapturingFunction):
(WebCore::InjectedScriptCanvasModule::callVoidFunctionWithTraceLogIdArgument):
(WebCore::InjectedScriptCanvasModule::traceLog):
(WebCore::InjectedScriptCanvasModule::replayTraceLog):
(WebCore::InjectedScriptCanvasModule::resourceInfo):
(WebCore::InjectedScriptCanvasModule::resourceState):
* inspector/InjectedScriptCanvasModule.h:
* inspector/InjectedScriptHost.cpp:
(WebCore::InjectedScriptHost::inspectImpl):
(WebCore::InjectedScriptHost::InspectableObject::get):
* inspector/InjectedScriptHost.h:
* inspector/InjectedScriptManager.cpp:
(WebCore::InjectedScriptManager::injectedScriptFor):
* inspector/InjectedScriptManager.h:
* inspector/InjectedScriptModule.cpp:
(WebCore::InjectedScriptModule::ensureInjected):
* inspector/InspectorAgent.cpp:
(WebCore::InspectorAgent::InspectorAgent):
(WebCore::InspectorAgent::didCreateFrontendAndBackend):
(WebCore::InspectorAgent::inspect):
* inspector/InspectorAgent.h:
* inspector/InspectorAllInOne.cpp:
* inspector/InspectorApplicationCacheAgent.cpp:
(WebCore::InspectorApplicationCacheAgent::InspectorApplicationCacheAgent):
(WebCore::InspectorApplicationCacheAgent::didCreateFrontendAndBackend):
(WebCore::InspectorApplicationCacheAgent::getFramesWithManifests):
(WebCore::InspectorApplicationCacheAgent::getApplicationCacheForFrame):
(WebCore::InspectorApplicationCacheAgent::buildObjectForApplicationCache):
(WebCore::InspectorApplicationCacheAgent::buildArrayForApplicationCacheResources):
(WebCore::InspectorApplicationCacheAgent::buildObjectForApplicationCacheResource):
* inspector/InspectorApplicationCacheAgent.h:
* inspector/InspectorCSSAgent.cpp:
(WebCore::SelectorProfile::toInspectorObject):
(WebCore::InspectorCSSAgent::InspectorCSSAgent):
(WebCore::InspectorCSSAgent::didCreateFrontendAndBackend):
(WebCore::InspectorCSSAgent::getMatchedStylesForNode):
(WebCore::InspectorCSSAgent::getInlineStylesForNode):
(WebCore::InspectorCSSAgent::getComputedStyleForNode):
(WebCore::InspectorCSSAgent::getAllStyleSheets):
(WebCore::InspectorCSSAgent::getStyleSheet):
(WebCore::InspectorCSSAgent::setStyleText):
(WebCore::InspectorCSSAgent::setPropertyText):
(WebCore::InspectorCSSAgent::toggleProperty):
(WebCore::InspectorCSSAgent::setRuleSelector):
(WebCore::InspectorCSSAgent::addRule):
(WebCore::InspectorCSSAgent::getSupportedCSSProperties):
(WebCore::InspectorCSSAgent::getNamedFlowCollection):
(WebCore::InspectorCSSAgent::stopSelectorProfiler):
(WebCore::InspectorCSSAgent::stopSelectorProfilerImpl):
(WebCore::InspectorCSSAgent::asInspectorStyleSheet):
(WebCore::InspectorCSSAgent::collectStyleSheets):
(WebCore::InspectorCSSAgent::viaInspectorStyleSheet):
(WebCore::InspectorCSSAgent::detectOrigin):
(WebCore::InspectorCSSAgent::buildObjectForRule):
(WebCore::InspectorCSSAgent::buildArrayForRuleList):
(WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):
(WebCore::InspectorCSSAgent::buildObjectForAttributesStyle):
(WebCore::InspectorCSSAgent::buildArrayForRegions):
(WebCore::InspectorCSSAgent::buildObjectForNamedFlow):
* inspector/InspectorCSSAgent.h:
* inspector/InspectorCanvasAgent.cpp:
(WebCore::InspectorCanvasAgent::InspectorCanvasAgent):
(WebCore::InspectorCanvasAgent::didCreateFrontendAndBackend):
(WebCore::InspectorCanvasAgent::wrapCanvas2DRenderingContextForInstrumentation):
(WebCore::InspectorCanvasAgent::wrapWebGLRenderingContextForInstrumentation):
(WebCore::InspectorCanvasAgent::notifyRenderingContextWasWrapped):
(WebCore::InspectorCanvasAgent::injectedScriptCanvasModule):
* inspector/InspectorCanvasAgent.h:
* inspector/InspectorCanvasInstrumentation.h:
(WebCore::InspectorInstrumentation::wrapCanvas2DRenderingContextForInstrumentation):
(WebCore::InspectorInstrumentation::wrapWebGLRenderingContextForInstrumentation):
* inspector/InspectorClient.cpp:
* inspector/InspectorClient.h:
* inspector/InspectorConsoleAgent.cpp:
(WebCore::InspectorConsoleAgent::InspectorConsoleAgent):
(WebCore::InspectorConsoleAgent::didCreateFrontendAndBackend):
(WebCore::InspectableHeapObject::get):
* inspector/InspectorConsoleAgent.h:
* inspector/InspectorController.cpp:
* inspector/InspectorController.h:
* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::InspectorDOMAgent):
(WebCore::InspectorDOMAgent::didCreateFrontendAndBackend):
(WebCore::InspectorDOMAgent::getDocument):
(WebCore::InspectorDOMAgent::pushChildNodesToFrontend):
(WebCore::InspectorDOMAgent::querySelectorAll):
(WebCore::InspectorDOMAgent::pushNodePathToFrontend):
(WebCore::InspectorDOMAgent::getEventListenersForNode):
(WebCore::InspectorDOMAgent::getSearchResults):
(WebCore::InspectorDOMAgent::resolveNode):
(WebCore::InspectorDOMAgent::getAttributes):
(WebCore::InspectorDOMAgent::buildObjectForNode):
(WebCore::InspectorDOMAgent::buildArrayForElementAttributes):
(WebCore::InspectorDOMAgent::buildArrayForContainerChildren):
(WebCore::InspectorDOMAgent::buildObjectForEventListener):
(WebCore::InspectorDOMAgent::didCommitLoad):
(WebCore::InspectorDOMAgent::didInsertDOMNode):
(WebCore::InspectorDOMAgent::styleAttributeInvalidated):
* inspector/InspectorDOMAgent.h:
* inspector/InspectorDOMDebuggerAgent.cpp:
(WebCore::InspectorDOMDebuggerAgent::InspectorDOMDebuggerAgent):
(WebCore::InspectorDOMDebuggerAgent::didCreateFrontendAndBackend):
(WebCore::InspectorDOMDebuggerAgent::descriptionForDOMEvent):
* inspector/InspectorDOMDebuggerAgent.h:
* inspector/InspectorDOMStorageAgent.cpp:
(WebCore::InspectorDOMStorageAgent::InspectorDOMStorageAgent):
(WebCore::InspectorDOMStorageAgent::didCreateFrontendAndBackend):
(WebCore::InspectorDOMStorageAgent::getDOMStorageItems):
(WebCore::InspectorDOMStorageAgent::storageId):
(WebCore::InspectorDOMStorageAgent::didDispatchDOMStorageEvent):
* inspector/InspectorDOMStorageAgent.h:
* inspector/InspectorDatabaseAgent.cpp:
(WebCore::InspectorDatabaseAgent::InspectorDatabaseAgent):
(WebCore::InspectorDatabaseAgent::didCreateFrontendAndBackend):
(WebCore::InspectorDatabaseAgent::getDatabaseTableNames):
* inspector/InspectorDatabaseAgent.h:
* inspector/InspectorDatabaseResource.cpp:
(WebCore::InspectorDatabaseResource::bind):
* inspector/InspectorDebuggerAgent.cpp:
(WebCore::InspectorDebuggerAgent::InspectorDebuggerAgent):
(WebCore::InspectorDebuggerAgent::didCreateFrontendAndBackend):
(WebCore::breakpointActionTypeForString):
(WebCore::InspectorDebuggerAgent::setBreakpointByUrl):
(WebCore::InspectorDebuggerAgent::setBreakpoint):
(WebCore::InspectorDebuggerAgent::resolveBreakpoint):
(WebCore::scriptToInspectorObject):
(WebCore::InspectorDebuggerAgent::searchInContent):
(WebCore::InspectorDebuggerAgent::setScriptSource):
(WebCore::InspectorDebuggerAgent::getFunctionDetails):
(WebCore::InspectorDebuggerAgent::evaluateOnCallFrame):
(WebCore::InspectorDebuggerAgent::compileScript):
(WebCore::InspectorDebuggerAgent::runScript):
(WebCore::InspectorDebuggerAgent::currentCallFrames):
(WebCore::InspectorDebuggerAgent::didParseSource):
(WebCore::InspectorDebuggerAgent::didPause):
(WebCore::InspectorDebuggerAgent::didContinue):
(WebCore::InspectorDebuggerAgent::clear):
* inspector/InspectorDebuggerAgent.h:
* inspector/InspectorForwarding.h:
* inspector/InspectorFrontendClientLocal.cpp:
(WebCore::InspectorFrontendClientLocal::evaluateAsBoolean):
* inspector/InspectorFrontendHost.cpp:
(WebCore::FrontendMenuProvider::create):
(WebCore::FrontendMenuProvider::disconnect):
(WebCore::FrontendMenuProvider::FrontendMenuProvider):
(WebCore::FrontendMenuProvider::contextMenuItemSelected):
(WebCore::FrontendMenuProvider::contextMenuCleared):
(WebCore::InspectorFrontendHost::showContextMenu):
* inspector/InspectorHeapProfilerAgent.cpp:
(WebCore::InspectorHeapProfilerAgent::InspectorHeapProfilerAgent):
(WebCore::InspectorHeapProfilerAgent::didCreateFrontendAndBackend):
(WebCore::InspectorHeapProfilerAgent::createSnapshotHeader):
(WebCore::InspectorHeapProfilerAgent::getProfileHeaders):
(WebCore::InspectorHeapProfilerAgent::getObjectByHeapObjectId):
(WebCore::InspectorHeapProfilerAgent::getHeapObjectId):
* inspector/InspectorHeapProfilerAgent.h:
* inspector/InspectorIndexedDBAgent.cpp:
(WebCore::InspectorIndexedDBAgent::InspectorIndexedDBAgent):
(WebCore::InspectorIndexedDBAgent::didCreateFrontendAndBackend):
* inspector/InspectorIndexedDBAgent.h:
* inspector/InspectorInputAgent.cpp:
(WebCore::InspectorInputAgent::InspectorInputAgent):
(WebCore::InspectorInputAgent::didCreateFrontendAndBackend):
* inspector/InspectorInputAgent.h:
* inspector/InspectorInstrumentation.cpp:
* inspector/InspectorInstrumentation.h:
* inspector/InspectorLayerTreeAgent.cpp:
(WebCore::InspectorLayerTreeAgent::InspectorLayerTreeAgent):
(WebCore::InspectorLayerTreeAgent::didCreateFrontendAndBackend):
(WebCore::InspectorLayerTreeAgent::layersForNode):
(WebCore::InspectorLayerTreeAgent::gatherLayersUsingRenderObjectHierarchy):
(WebCore::InspectorLayerTreeAgent::gatherLayersUsingRenderLayerHierarchy):
(WebCore::InspectorLayerTreeAgent::buildObjectForLayer):
(WebCore::InspectorLayerTreeAgent::buildObjectForIntRect):
(WebCore::InspectorLayerTreeAgent::reasonsForCompositingLayer):
* inspector/InspectorLayerTreeAgent.h:
* inspector/InspectorMemoryAgent.cpp:
(WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
(WebCore::InspectorMemoryAgent::InspectorMemoryAgent):
* inspector/InspectorMemoryAgent.h:
* inspector/InspectorOverlay.cpp:
* inspector/InspectorOverlay.h:
* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::resourceTypeJson):
(WebCore::InspectorPageAgent::cachedResourceTypeJson):
(WebCore::InspectorPageAgent::InspectorPageAgent):
(WebCore::InspectorPageAgent::didCreateFrontendAndBackend):
(WebCore::buildObjectForCookie):
(WebCore::buildArrayForCookies):
(WebCore::InspectorPageAgent::getCookies):
(WebCore::InspectorPageAgent::getResourceTree):
(WebCore::InspectorPageAgent::searchInResource):
(WebCore::buildObjectForSearchResult):
(WebCore::InspectorPageAgent::searchInResources):
(WebCore::InspectorPageAgent::buildObjectForFrame):
(WebCore::InspectorPageAgent::buildObjectForFrameTree):
* inspector/InspectorPageAgent.h:
* inspector/InspectorProfilerAgent.cpp:
(WebCore::InspectorProfilerAgent::InspectorProfilerAgent):
(WebCore::InspectorProfilerAgent::createProfileHeader):
(WebCore::InspectorProfilerAgent::createSnapshotHeader):
(WebCore::InspectorProfilerAgent::getProfileHeaders):
(WebCore::InspectorProfilerAgent::getCPUProfile):
(WebCore::InspectorProfilerAgent::didCreateFrontendAndBackend):
(WebCore::InspectorProfilerAgent::getObjectByHeapObjectId):
(WebCore::InspectorProfilerAgent::getHeapObjectId):
* inspector/InspectorProfilerAgent.h:
* inspector/InspectorResourceAgent.cpp:
(WebCore::InspectorResourceAgent::didCreateFrontendAndBackend):
(WebCore::buildObjectForTiming):
(WebCore::buildObjectForResourceRequest):
(WebCore::buildObjectForResourceResponse):
(WebCore::buildObjectForCachedResource):
(WebCore::InspectorResourceAgent::willSendRequest):
(WebCore::InspectorResourceAgent::didReceiveResponse):
(WebCore::InspectorResourceAgent::didLoadResourceFromMemoryCache):
(WebCore::InspectorResourceAgent::buildInitiatorObject):
(WebCore::InspectorResourceAgent::willSendWebSocketHandshakeRequest):
(WebCore::InspectorResourceAgent::didReceiveWebSocketHandshakeResponse):
(WebCore::InspectorResourceAgent::didReceiveWebSocketFrame):
(WebCore::InspectorResourceAgent::didSendWebSocketFrame):
(WebCore::InspectorResourceAgent::InspectorResourceAgent):
* inspector/InspectorResourceAgent.h:
* inspector/InspectorRuntimeAgent.cpp:
(WebCore::InspectorRuntimeAgent::InspectorRuntimeAgent):
(WebCore::buildErrorRangeObject):
(WebCore::InspectorRuntimeAgent::parse):
(WebCore::InspectorRuntimeAgent::evaluate):
(WebCore::InspectorRuntimeAgent::callFunctionOn):
(WebCore::InspectorRuntimeAgent::getProperties):
* inspector/InspectorRuntimeAgent.h:
* inspector/InspectorStyleSheet.cpp:
(WebCore::buildSourceRangeObject):
(WebCore::buildMediaObject):
(WebCore::fillMediaListChain):
(WebCore::InspectorStyle::buildObjectForStyle):
(WebCore::InspectorStyle::buildArrayForComputedStyle):
(WebCore::InspectorStyle::styleWithProperties):
(WebCore::InspectorStyleSheet::create):
(WebCore::InspectorStyleSheet::InspectorStyleSheet):
(WebCore::InspectorStyleSheet::buildObjectForStyleSheet):
(WebCore::InspectorStyleSheet::buildObjectForStyleSheetInfo):
(WebCore::selectorsFromSource):
(WebCore::InspectorStyleSheet::buildObjectForSelectorList):
(WebCore::InspectorStyleSheet::buildObjectForRule):
(WebCore::InspectorStyleSheet::buildObjectForStyle):
(WebCore::InspectorStyleSheet::resourceStyleSheetText):
(WebCore::InspectorStyleSheet::buildArrayForRuleList):
(WebCore::InspectorStyleSheetForInlineStyle::create):
(WebCore::InspectorStyleSheetForInlineStyle::InspectorStyleSheetForInlineStyle):
* inspector/InspectorStyleSheet.h:
(WebCore::InspectorCSSId::InspectorCSSId):
(WebCore::InspectorStyleSheet::canBind):
* inspector/InspectorStyleTextEditor.cpp:
* inspector/InspectorTimelineAgent.cpp:
(WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend):
(WebCore::toProtocol):
(WebCore::InspectorTimelineAgent::innerAddRecordToTimeline):
(WebCore::InspectorTimelineAgent::setDOMCounters):
(WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
(WebCore::InspectorTimelineAgent::sendEvent):
* inspector/InspectorTimelineAgent.h:
(WebCore::InspectorTimelineAgent::TimelineRecordEntry::TimelineRecordEntry):
* inspector/InspectorWebAgentBase.h: Renamed from Source/WebCore/inspector/InspectorAgentRegistry.h.
(WebCore::InspectorAgentBase::InspectorAgentBase):
* inspector/InspectorWorkerAgent.cpp:
(WebCore::InspectorWorkerAgent::InspectorWorkerAgent):
(WebCore::InspectorWorkerAgent::didCreateFrontendAndBackend):
* inspector/InspectorWorkerAgent.h:
* inspector/InstrumentingAgents.cpp:
* inspector/NetworkResourcesData.cpp:
* inspector/PageConsoleAgent.cpp:
(WebCore::InspectableNode::get):
* inspector/PageDebuggerAgent.cpp:
* inspector/PageDebuggerAgent.h:
* inspector/PageRuntimeAgent.cpp:
(WebCore::PageRuntimeAgent::didCreateFrontendAndBackend):
* inspector/PageRuntimeAgent.h:
* inspector/ScriptArguments.cpp:
(WebCore::ScriptArguments::create):
(WebCore::ScriptArguments::ScriptArguments):
(WebCore::ScriptArguments::argumentAt):
(WebCore::ScriptArguments::getFirstArgumentAsString):
* inspector/ScriptArguments.h:
* inspector/ScriptCallFrame.cpp:
(WebCore::ScriptCallFrame::buildInspectorObject):
* inspector/ScriptCallFrame.h:
* inspector/ScriptCallStack.cpp:
(WebCore::ScriptCallStack::buildInspectorArray):
* inspector/ScriptCallStack.h:
* inspector/ScriptDebugListener.h:
* inspector/TimelineRecordFactory.cpp:
* inspector/TimelineRecordFactory.h:
(WebCore::TimelineRecordFactory::createWebSocketCreateData):
(WebCore::TimelineRecordFactory::createGenericWebSocketData):
* inspector/WorkerConsoleAgent.cpp:
* inspector/WorkerDebuggerAgent.cpp:
* inspector/WorkerInspectorController.cpp:
* inspector/WorkerInspectorController.h:
* inspector/WorkerRuntimeAgent.cpp:
(WebCore::WorkerRuntimeAgent::didCreateFrontendAndBackend):
* inspector/WorkerRuntimeAgent.h:
* page/Console.cpp:
* page/ContentSecurityPolicy.cpp:
* page/Frame.cpp:
* page/PageConsole.cpp:
* plugins/PluginView.cpp:
(WebCore::PluginView::performRequest):
* testing/Internals.cpp:
(WebCore::Internals::parserMetaData):
* testing/Internals.h:
* workers/SharedWorkerGlobalScope.cpp:
(WebCore::createConnectEvent):
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::importScripts):
* workers/WorkerThread.cpp:
* xml/XMLTreeViewer.cpp:
* xml/parser/XMLDocumentParser.cpp:
* xml/parser/XMLDocumentParserLibxml2.cpp:

Source/WebKit:

* WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in:

Source/WebKit/blackberry:

* Api/WebPage.cpp:

Source/WebKit/efl:

* WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
* ewk/ewk_frame.cpp:

Source/WebKit/gtk:

* webkit/webkitwebview.cpp:

Source/WebKit/mac:

* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
* WebCoreSupport/WebInspectorClient.mm:
* WebView/WebFrame.mm:
* WebView/WebView.mm:

Source/WebKit/win:

* WebFrame.cpp:
* WebView.cpp:

Source/WebKit2:

* WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::performJavaScriptURLRequest):
* WebProcess/WebPage/WebInspector.cpp:
* WebProcess/WebPage/WebInspector.h:
* WebProcess/WebPage/WebPage.cpp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160457 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125253

Reviewed by Oliver Hunt and Mark Hahnenberg.
        
In SSA mode, this reveals array bounds checks and the load of array length in DFG IR,
making this a candidate for LICM.

This also fixes a long-standing performance bug where the JSObject slow paths would
always create contiguous storage, rather than type-specialized storage, when doing a
"storage creating" storage, like:
        
    var o = {};
    o[0] = 42;

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/ExitKind.cpp:
(JSC::exitKindToString):
(JSC::exitKindIsCountable):
* bytecode/ExitKind.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::permitsBoundsCheckLowering):
(JSC::DFG::ArrayMode::permitsBoundsCheckLowering):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::lengthNeedsStorage):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSSALoweringPhase.cpp: Added.
(JSC::DFG::SSALoweringPhase::SSALoweringPhase):
(JSC::DFG::SSALoweringPhase::run):
(JSC::DFG::SSALoweringPhase::handleNode):
(JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
(JSC::DFG::performSSALowering):
* dfg/DFGSSALoweringPhase.h: Added.
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCheckInBounds):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::contiguousPutByValOutOfBounds):
* runtime/JSObject.cpp:
(JSC::JSObject::convertUndecidedForValue):
(JSC::JSObject::createInitialForValueAndSet):
(JSC::JSObject::putByIndexBeyondVectorLength):
(JSC::JSObject::putDirectIndexBeyondVectorLength):
* runtime/JSObject.h:
* tests/stress/float32array-out-of-bounds.js: Added.
(make):
(foo):
(test):
* tests/stress/int32-object-out-of-bounds.js: Added.
(make):
(foo):
(test):
* tests/stress/int32-out-of-bounds.js: Added.
(foo):
(test):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160347 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125252

Source/JavaScriptCore: 

Reviewed by Sam Weinig.
        
This was meant to be easy. The problem is that there was no good place for putting
the folding of typedArray.length to a constant. You can't quite do it in the
bytecode parser because at that point you don't yet know if typedArray is really
a typed array. You can't do it as part of constant folding because the folder
assumes that it can opportunistically forward-flow a constant value without changing
the IR; this doesn't work since we need to first change the IR to register a
desired watchpoint and only after that can we introduce that constant. We could have
done it in Fixup but that would have been awkward since Fixup's code for turning a
GetById of "length" into GetArrayLength is already somewhat complex. We could have
done it in CSE but CSE is already fairly gnarly and will probably get rewritten.
        
So I introduced a new phase, called StrengthReduction. This phase should have any
transformations that don't requite CFA or CSE and that it would be weird to put into
those other phases.
        
I also took the opportunity to refactor some of the other folding code.
        
This also adds a test, but the test couldn't quite be a LayoutTests/js/regress so I
introduced the notion of JavaScriptCore/tests/stress.
        
The goal of this patch isn't really to improve performance or anything like that.
It adds an optimization for completeness, and in doing so it unlocks a bunch of new
possibilities. The one that I'm most excited about is revealing array length checks
in DFG IR, which will allow for array bounds check hoisting and elimination.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetFoldableView):
(JSC::DFG::Graph::tryGetFoldableViewForChild1):
* dfg/DFGGraph.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasTypedArray):
(JSC::DFG::Node::typedArray):
* dfg/DFGNodeType.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
(JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStrengthReductionPhase.cpp: Added.
(JSC::DFG::StrengthReductionPhase::StrengthReductionPhase):
(JSC::DFG::StrengthReductionPhase::run):
(JSC::DFG::StrengthReductionPhase::handleNode):
(JSC::DFG::StrengthReductionPhase::foldTypedArrayPropertyToConstant):
(JSC::DFG::performStrengthReduction):
* dfg/DFGStrengthReductionPhase.h: Added.
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::typedArrayLength):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionTransferArrayBuffer):
* runtime/ArrayBufferView.h:
* tests/stress: Added.
* tests/stress/fold-typed-array-properties.js: Added.
(foo):

Tools: 

Reviewed by Sam Weinig.
        
Add Source/JavaScriptCore/tests/stress to the set of JS tests. This is where you
should put tests that run just like JSRegress but don't run as part of LayoutTests.
Currently I'm using it for tests that require some surgical support from jsc.cpp.

* Scripts/run-javascriptcore-tests:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125205

Source/JavaScriptCore: 

Reviewed by Oliver Hunt and Mark Hahnenberg.
        
If by some other mechanism we have a typed array access on a compile-time constant
typed array pointer, then fold:
        
- Array bounds checks. Specifically, fold the load of length.
        
- Loading the vector.
        
This needs to install a watchpoint on the array itself because of the possibility of
neutering. Neutering is ridiculous. We do this without bloating the size of
ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you
allocated an array that didn't end up becoming a compile-time constant). To install
the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to
the ArrayBuffer, where that incoming reference is from a watchpoint object. The
ArrayBuffer already knows about such incoming references and can fire the
watchpoints that way.
        
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGDesiredWatchpoints.cpp:
(JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
(JSC::DFG::DesiredWatchpoints::addLazily):
* dfg/DFGDesiredWatchpoints.h:
(JSC::DFG::GenericSetAdaptor::add):
(JSC::DFG::GenericSetAdaptor::hasBeenInvalidated):
(JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
(JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
(JSC::DFG::GenericDesiredWatchpoints::areStillValid):
(JSC::DFG::GenericDesiredWatchpoints::isStillValid):
(JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState):
(JSC::DFG::DesiredWatchpoints::isStillValid):
(JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState):
(JSC::DFG::DesiredWatchpoints::isValidOrMixed):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetFoldableView):
* dfg/DFGGraph.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
(JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
(JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
(JSC::DFG::WatchpointCollectionPhase::addLazily):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::typedArrayLength):
* runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::transfer):
* runtime/ArrayBufferNeuteringWatchpoint.cpp: Added.
(JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint):
(JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint):
(JSC::ArrayBufferNeuteringWatchpoint::finishCreation):
(JSC::ArrayBufferNeuteringWatchpoint::destroy):
(JSC::ArrayBufferNeuteringWatchpoint::create):
(JSC::ArrayBufferNeuteringWatchpoint::createStructure):
* runtime/ArrayBufferNeuteringWatchpoint.h: Added.
(JSC::ArrayBufferNeuteringWatchpoint::set):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

LayoutTests: 

Reviewed by Oliver Hunt and Mark Hahnenberg.

* js/regress/fixed-typed-array-storage-expected.txt: Added.
* js/regress/fixed-typed-array-storage-var-index-expected.txt: Added.
* js/regress/fixed-typed-array-storage-var-index.html: Added.
* js/regress/fixed-typed-array-storage.html: Added.
* js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added.
(foo):
* js/regress/script-tests/fixed-typed-array-storage.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124613

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Move the ENABLE(REMOTE_INSPECTOR) remote debugger connection management
into JavaScriptCore (originally from WebKit/mac). Include enhancements:

  * allow for different types of remote debuggable targets,
    eventually at least a JSContext, WebView, WKView.
  * allow debuggables to be registered and debugged on any thread. Unlike
    WebViews, JSContexts may be run entirely off of the main thread.
  * move the remote connection (XPC connection) itself off of the main thread,
    it doesn't need to be on the main thread.

Make JSContext @class and JavaScriptCore::JSContextRef
"JavaScript" Remote Debuggables.

* inspector/remote/RemoteInspectorDebuggable.h: Added.
* inspector/remote/RemoteInspectorDebuggable.cpp: Added.
(Inspector::RemoteInspectorDebuggable::RemoteInspectorDebuggable):
(Inspector::RemoteInspectorDebuggable::~RemoteInspectorDebuggable):
(Inspector::RemoteInspectorDebuggable::init):
(Inspector::RemoteInspectorDebuggable::update):
(Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
(Inspector::RemoteInspectorDebuggable::info):
RemoteInspectorDebuggable defines a debuggable target. As long as
something creates a debuggable and is set to allow remote inspection
it will be listed in remote debuggers. For the different types of
debuggables (JavaScript and Web) there is different basic information
that may be listed.

* inspector/InspectorFrontendChannel.h: Added.
(Inspector::InspectorFrontendChannel::~InspectorFrontendChannel):
The only thing a debuggable needs for remote debugging is an
InspectorFrontendChannel a way to send messages to a remote frontend.
This class provides that method, and is vended to the
RemoteInspectorDebuggable when a remote connection is setup.

* inspector/remote/RemoteInspector.h: Added.
* inspector/remote/RemoteInspector.mm: Added.
Singleton, created at least when the first Debuggable is created.
This class manages the list of debuggables, any connection to a
remote debugger proxy (XPC service "com.apple.webinspector").

(Inspector::dispatchAsyncOnQueueSafeForAnyDebuggable):
(Inspector::RemoteInspector::shared):
(Inspector::RemoteInspector::RemoteInspector):
(Inspector::RemoteInspector::nextAvailableIdentifier):
(Inspector::RemoteInspector::registerDebuggable):
(Inspector::RemoteInspector::unregisterDebuggable):
(Inspector::RemoteInspector::updateDebuggable):
Debuggable management. When debuggables are added, removed, or updated
we stash a copy of the debuggable information and push an update to
debuggers. Stashing a copy of the information in the RemoteInspector
is a thread safe way to avoid walking over all debuggables to gather
the information when it is needed.

(Inspector::RemoteInspector::start):
(Inspector::RemoteInspector::stop):
Runtime API to enable / disable the feature.

(Inspector::RemoteInspector::listingForDebuggable):
(Inspector::RemoteInspector::pushListingNow):
(Inspector::RemoteInspector::pushListingSoon):
Pushing a listing to remote debuggers.

(Inspector::RemoteInspector::sendMessageToRemoteFrontend):
(Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
(Inspector::RemoteInspector::xpcConnectionReceivedMessage):
(Inspector::RemoteInspector::xpcConnectionFailed):
(Inspector::RemoteInspector::xpcConnectionUnhandledMessage):
XPC setup, send, and receive handling.

(Inspector::RemoteInspector::updateHasActiveDebugSession):
Applications being debugged may want to know when a debug
session is active. This provides that notification.

(Inspector::RemoteInspector::receivedSetupMessage):
(Inspector::RemoteInspector::receivedDataMessage):
(Inspector::RemoteInspector::receivedDidCloseMessage):
(Inspector::RemoteInspector::receivedGetListingMessage):
(Inspector::RemoteInspector::receivedIndicateMessage):
(Inspector::RemoteInspector::receivedConnectionDiedMessage):
Dispatching incoming remote debugging protocol messages.
These are wrapping above the inspector protocol messages.

* inspector/remote/RemoteInspectorConstants.h: Added.
Protocol messages and dictionary keys inside the messages.

(Inspector::RemoteInspectorDebuggableInfo::RemoteInspectorDebuggableInfo):
* inspector/remote/RemoteInspectorDebuggableConnection.h: Added.
* inspector/remote/RemoteInspectorDebuggableConnection.mm: Added.
This is a connection between the RemoteInspector singleton and a RemoteInspectorDebuggable.

(Inspector::RemoteInspectorDebuggableConnection::RemoteInspectorDebuggableConnection):
(Inspector::RemoteInspectorDebuggableConnection::~RemoteInspectorDebuggableConnection):
Allow for dispatching messages on JavaScript debuggables on a dispatch_queue
instead of the main queue.

(Inspector::RemoteInspectorDebuggableConnection::destination):
(Inspector::RemoteInspectorDebuggableConnection::connectionIdentifier):
Needed in the remote debugging protocol to identify the remote debugger.

(Inspector::RemoteInspectorDebuggableConnection::dispatchSyncOnDebuggable):
(Inspector::RemoteInspectorDebuggableConnection::dispatchAsyncOnDebuggable):
(Inspector::RemoteInspectorDebuggableConnection::setup):
(Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
(Inspector::RemoteInspectorDebuggableConnection::close):
(Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
(Inspector::RemoteInspectorDebuggableConnection::sendMessageToFrontend):
The connection is a thin channel between the two sides that can be closed
from either side, so there is some logic around multi-threaded access.

* inspector/remote/RemoteInspectorXPCConnection.h: Added.
(Inspector::RemoteInspectorXPCConnection::Client::~Client):
* inspector/remote/RemoteInspectorXPCConnection.mm: Added.
(Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
(Inspector::RemoteInspectorXPCConnection::~RemoteInspectorXPCConnection):
(Inspector::RemoteInspectorXPCConnection::close):
(Inspector::RemoteInspectorXPCConnection::deserializeMessage):
(Inspector::RemoteInspectorXPCConnection::handleEvent):
(Inspector::RemoteInspectorXPCConnection::sendMessage):
This is a connection between the RemoteInspector singleton and an XPC service
named "com.apple.webinspector". This handles serialization of the dictionary
messages to and from the service. The receiving is done on a non-main queue.

* API/JSContext.h:
* API/JSContext.mm:
(-[JSContext name]):
(-[JSContext setName:]):
ObjC API to enable/disable JSContext remote inspection and give a name.

* API/JSContextRef.h:
* API/JSContextRef.cpp:
(JSGlobalContextGetName):
(JSGlobalContextSetName):
C API to give a JSContext a name.

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::setName):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::name):
Shared handling of the APIs above.

* runtime/JSGlobalObjectDebuggable.cpp: Added.
(JSC::JSGlobalObjectDebuggable::JSGlobalObjectDebuggable):
(JSC::JSGlobalObjectDebuggable::name):
(JSC::JSGlobalObjectDebuggable::connect):
(JSC::JSGlobalObjectDebuggable::disconnect):
(JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
* runtime/JSGlobalObjectDebuggable.h: Added.
Stub for the actual remote debugging implementation. We will push
down the appropriate WebCore/inspector peices suitable for debugging
just a JavaScript context.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
Update build files.

Source/WebCore:

Make a WebCore::Page a "Web" Remote Debuggable.

* bindings/js/JSDOMGlobalObject.cpp:
Disable JavaScript context inspection on JSGlobalObjects inside WebCore::Page's.

* page/Page.cpp:
(WebCore::Page::Page):
(WebCore::Page::remoteInspectionAllowed):
(WebCore::Page::setRemoteInspectionAllowed):
(WebCore::Page::remoteInspectorInformationDidChange):
* page/Page.h:
* page/PageDebuggable.h:
* page/PageDebuggable.cpp: Added.
(WebCore::PageDebuggable::PageDebuggable):
(WebCore::PageDebuggable::name):
(WebCore::PageDebuggable::url):
(WebCore::PageDebuggable::hasLocalDebugger):
(WebCore::PageDebuggable::connect):
(WebCore::PageDebuggable::disconnect):
(WebCore::PageDebuggable::dispatchMessageFromRemoteFrontend):
(WebCore::PageDebuggable::setIndicating):
Make a page a "Web" debuggable.

* GNUmakefile.list.am:
* WebCore.exp.in:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
Misc.

* inspector/InspectorClient.h:
(WebCore::InspectorClient::indicate):
(WebCore::InspectorClient::hideIndicate):
Forward indicate methods to WebKit clients.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didChangeTitle):
(WebCore::FrameLoader::dispatchDidCommitLoad):
Push updates when remote debuggable information like the Page's
URL or title change.

* ForwardingHeaders/inspector/InspectorFrontendChannel.h:
* inspector/InspectorForwarding.h:
Re-export Inspector::InspectorFrontendChannel as WebCore::InspectorFrontendChannel
to avoid needlessly updating code all over the place.

* inspector/CodeGeneratorInspectorStrings.py:
* inspector/InspectorWorkerAgent.cpp:
* inspector/WorkerInspectorController.cpp:
* testing/Internals.cpp:
Update include names.

* page/ContextMenuController.cpp:
(WebCore::ContextMenuController::populate):
Make the "Inspect Element" context menu work correctly when there is a
remote inspector instead of a local inspector.

Source/WebKit:

* WebKit.xcodeproj/project.pbxproj:

Source/WebKit/blackberry:

* WebCoreSupport/InspectorClientBlackBerry.h:

Source/WebKit/cf:

* WebCoreSupport/WebInspectorClientCF.cpp:
(WebInspectorClient::sendMessageToFrontend):

Source/WebKit/efl:

* WebCoreSupport/InspectorClientEfl.h:

Source/WebKit/gtk:

* WebCoreSupport/InspectorClientGtk.h:

Source/WebKit/ios:

* WebCoreSupport/WebInspectorClientIOS.mm:
(WebInspectorClient::WebInspectorClient):
(WebInspectorClient::inspectorDestroyed):

Source/WebKit/mac:

Remove the old ENABLE(REMOTE_INSPECTOR) connection management implementation.

* WebCoreSupport/WebInspectorClient.h:
* WebCoreSupport/WebInspectorClient.mm:
(WebInspectorClient::indicate):
(WebInspectorClient::hideIndicate):
Hook up WebView indication through this new path.

* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::dispatchDidReceiveTitle):
* WebCoreSupport/WebInspectorClient.h:
* WebCoreSupport/WebInspectorClient.mm:
(WebInspectorClient::WebInspectorClient):
(WebInspectorClient::inspectorDestroyed):
* WebInspector/remote/WebInspectorClientRegistry.h: Removed.
* WebInspector/remote/WebInspectorClientRegistry.mm: Removed.
* WebInspector/remote/WebInspectorRelayDefinitions.h: Removed.
* WebInspector/remote/WebInspectorRemoteChannel.h: Removed.
* WebInspector/remote/WebInspectorRemoteChannel.mm: Removed.
* WebInspector/remote/WebInspectorServer.h: Removed.
* WebInspector/remote/WebInspectorServer.mm: Removed.
* WebInspector/remote/WebInspectorServerWebViewConnection.h: Removed.
* WebInspector/remote/WebInspectorServerWebViewConnection.mm: Removed.
* WebInspector/remote/WebInspectorServerWebViewConnectionController.h: Removed.
* WebInspector/remote/WebInspectorServerWebViewConnectionController.mm: Removed.
* WebInspector/remote/WebInspectorXPCWrapper.h: Removed.
* WebInspector/remote/WebInspectorXPCWrapper.m: Removed.
* WebKit.exp:
* WebView/WebView.mm:
(-[WebView _commonInitializationWithFrameName:groupName:]):
(+[WebView _enableRemoteInspector]):
(+[WebView _disableRemoteInspector]):
(+[WebView _disableAutoStartRemoteInspector]):
(+[WebView _isRemoteInspectorEnabled]):
(+[WebView _hasRemoteInspectorSession]):
(-[WebView allowsRemoteInspection]):
(-[WebView setAllowsRemoteInspection:]):
(-[WebView setIndicatingForRemoteInspector:]):
(-[WebView setHostApplicationBundleId:name:]):
(-[WebView _didCommitLoadForFrame:]):
* WebView/WebViewData.h:
* WebView/WebViewData.mm:
(-[WebViewPrivate init]):
(-[WebViewPrivate dealloc]):
* WebView/WebViewInternal.h:
* WebView/WebViewPrivate.h:
Remove old REMOTE_INSPECTOR.

Source/WebKit/win:

* WebCoreSupport/WebInspectorClient.h:

Source/WebKit/wince:

* WebCoreSupport/InspectorClientWinCE.h:

Source/WebKit2:

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
* WebProcess/com.apple.WebProcess.sb.in:
Allow the WebProcess to access the "com.apple.webinspector" named
XPC service to expose its WebCore::Page's to remote debuggers.

Source/WTF:

* wtf/ios/WebCoreThread.cpp:
* wtf/ios/WebCoreThread.h:
Expose WebThreadRun/WebThreadRunSync iOS methods defined in WebCore through
WTF so that JavaScriptCore can use it. Another such method already existed.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160099 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=123999

Reviewed by Filip Pizlo.

Changed LLInt and/or JIT enabled ports to allocate the stack frame in the
callToJavaScript stub.  Added an additional stub, callToNativeFunction that
allocates a stack frame in a similar way for calling native entry points
that take a single ExecState* argument.  These stubs are implemented
using common macros in LowLevelInterpreter{32_64,64}.asm.  There are also
Windows X86 and X86-64 versions in the corresponding JitStubsXX.h.
The stubs allocate and create a sentinel frame, then create the callee's
frame, populating  the header and arguments from the passed in ProtoCallFrame*.
It is assumed that the caller of either stub does a check for enough stack space
via JSStack::entryCheck().

For ports using the C-Loop interpreter, the prior method for allocating stack
frame and invoking functions is used, namely with JSStack::pushFrame() and
::popFrame().

Made spelling changes "sentinal" -> "sentinel".

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* interpreter/CachedCall.h:
(JSC::CachedCall::CachedCall):
(JSC::CachedCall::setThis):
(JSC::CachedCall::setArgument):
* interpreter/CallFrameClosure.h:
(JSC::CallFrameClosure::resetCallFrame):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* interpreter/Interpreter.h:
* interpreter/JSStack.h:
* interpreter/JSStackInlines.h:
(JSC::JSStack::entryCheck):
(JSC::JSStack::pushFrame):
(JSC::JSStack::popFrame):
* interpreter/ProtoCallFrame.cpp: Added.
(JSC::ProtoCallFrame::init):
* interpreter/ProtoCallFrame.h: Added.
(JSC::ProtoCallFrame::codeBlock):
(JSC::ProtoCallFrame::setCodeBlock):
(JSC::ProtoCallFrame::setScope):
(JSC::ProtoCallFrame::setCallee):
(JSC::ProtoCallFrame::argumentCountIncludingThis):
(JSC::ProtoCallFrame::argumentCount):
(JSC::ProtoCallFrame::setArgumentCountIncludingThis):
(JSC::ProtoCallFrame::setPaddedArgsCount):
(JSC::ProtoCallFrame::clearCurrentVPC):
(JSC::ProtoCallFrame::setThisValue):
(JSC::ProtoCallFrame::setArgument):
* jit/JITCode.cpp:
(JSC::JITCode::execute):
* jit/JITCode.h:
* jit/JITOperations.cpp:
* jit/JITStubs.h:
* jit/JITStubsMSVC64.asm:
* jit/JITStubsX86.h:
* llint/LLIntOffsetsExtractor.cpp:
* llint/LLIntThunks.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/ArgList.h:
(JSC::ArgList::data):
* runtime/JSArray.cpp:
(JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
* runtime/StringPrototype.cpp:
(JSC::replaceUsingRegExpSearch):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160094 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124634.

Reviewed by Geoffrey Garen.

Source/JavaScriptCore: 

1. Introduced USE(SEPARATE_C_AND_JS_STACK) (defined in Platform.h).
   Currently, it is hardcoded to use separate C and JS stacks. Once we
   switch to using the C stack for JS frames, we'll need to fix this to
   only be enabled when ENABLE(LLINT_C_LOOP).

2. Stack limits are now tracked in the VM.

   Logically, there are 2 stack limits:
   a. m_stackLimit for the native C stack, and
   b. m_jsStackLimit for the JS stack.

   If USE(SEPARATE_C_AND_JS_STACK), then the 2 limits are the same
   value, and are implemented as 2 fields in a union.

3. The VM native stackLimit is set as follows:
   a. Initially, the VM sets it to the limit of the stack of the thread that
      instantiated the VM. This allows the parser and bytecode generator to
      run before we enter the VM to execute JS code.

   b. Upon entry into the VM to execute JS code (via one of the
      Interpreter::execute...() functions), we instantiate a VMEntryScope
      that sets the VM's stackLimit to the limit of the current thread's
      stack. The VMEntryScope will automatically restore the previous
      entryScope and stack limit upon destruction.

   If USE(SEPARATE_C_AND_JS_STACK), the JSStack's methods will set the VM's
   jsStackLimit whenever it grows or shrinks.

4. The VM now provides a isSafeToRecurse() function that compares the
   current stack pointer against its native stackLimit. This subsumes and
   obsoletes the VMStackBounds class.

5. The VMEntryScope class also subsumes DynamicGlobalObjectScope for
   tracking the JSGlobalObject that we last entered the VM with.

6. Renamed dynamicGlobalObject() to vmEntryGlobalObject() since that is
   the value that the function retrieves.

7. Changed JIT and LLINT code to do stack checks against the jsStackLimit
   in the VM class instead of the JSStack.

* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
* API/JSContextRef.cpp:
(JSGlobalContextRetain):
(JSGlobalContextRelease):
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitNode):
(JSC::BytecodeGenerator::emitNodeInConditionContext):
* debugger/Debugger.cpp:
(JSC::Debugger::detach):
(JSC::Debugger::recompileAllJSFunctions):
(JSC::Debugger::pauseIfNeeded):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::vmEntryGlobalObject):
* debugger/DebuggerCallFrame.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGOSREntry.cpp:
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* ftl/FTLOSREntry.cpp:
* heap/Heap.cpp:
(JSC::Heap::lastChanceToFinalize):
(JSC::Heap::deleteAllCompiledCode):
* interpreter/CachedCall.h:
(JSC::CachedCall::CachedCall):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::vmEntryGlobalObject):
* interpreter/CallFrame.h:
* interpreter/Interpreter.cpp:
(JSC::unwindCallFrame):
(JSC::Interpreter::unwind):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
(JSC::Interpreter::debug):
* interpreter/JSStack.cpp:
(JSC::JSStack::JSStack):
(JSC::JSStack::growSlowCase):
* interpreter/JSStack.h:
* interpreter/JSStackInlines.h:
(JSC::JSStack::shrink):
(JSC::JSStack::grow):
- Moved these inlined functions here from JSStack.h. It reduces some
  #include dependencies of JSSTack.h which had previously resulted
  in some EWS bots' unhappiness with this patch.
(JSC::JSStack::updateStackLimit):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITCall.cpp:
(JSC::JIT::compileLoadVarargs):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileLoadVarargs):
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
* llint/LowLevelInterpreter.asm:
* parser/Parser.cpp:
(JSC::::Parser):
* parser/Parser.h:
(JSC::Parser::canRecurse):
* runtime/CommonSlowPaths.h:
* runtime/Completion.cpp:
(JSC::evaluate):
* runtime/FunctionConstructor.cpp:
(JSC::constructFunctionSkippingEvalEnabledCheck):
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/StringRecursionChecker.h:
(JSC::StringRecursionChecker::performCheck):
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::releaseExecutableMemory):
(JSC::VM::throwException):
* runtime/VM.h:
(JSC::VM::addressOfJSStackLimit):
(JSC::VM::jsStackLimit):
(JSC::VM::setJSStackLimit):
(JSC::VM::stackLimit):
(JSC::VM::setStackLimit):
(JSC::VM::isSafeToRecurse):
* runtime/VMEntryScope.cpp: Added.
(JSC::VMEntryScope::VMEntryScope):
(JSC::VMEntryScope::~VMEntryScope):
(JSC::VMEntryScope::requiredCapacity):
* runtime/VMEntryScope.h: Added.
(JSC::VMEntryScope::globalObject):
* runtime/VMStackBounds.h: Removed.

Source/WebCore: 

No new tests.

Renamed dynamicGlobalObject() to vmEntryGlobalObject().
Replaced uses of DynamicGlobalObjectScope with VMEntryScope.

* ForwardingHeaders/runtime/VMEntryScope.h: Added.
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* bindings/js/JSCryptoAlgorithmBuilder.cpp:
(WebCore::JSCryptoAlgorithmBuilder::add):
* bindings/js/JSCustomXPathNSResolver.cpp:
(WebCore::JSCustomXPathNSResolver::create):
* bindings/js/JSDOMBinding.cpp:
(WebCore::firstDOMWindow):
* bindings/js/JSErrorHandler.cpp:
(WebCore::JSErrorHandler::handleEvent):
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::handleEvent):
* bindings/js/JavaScriptCallFrame.h:
(WebCore::JavaScriptCallFrame::vmEntryGlobalObject):
* bindings/js/PageScriptDebugServer.cpp:
(WebCore::PageScriptDebugServer::recompileAllJSFunctions):
* bindings/js/ScriptDebugServer.cpp:
(WebCore::ScriptDebugServer::evaluateBreakpointAction):
(WebCore::ScriptDebugServer::handlePause):
* bindings/js/WorkerScriptDebugServer.cpp:
(WebCore::WorkerScriptDebugServer::recompileAllJSFunctions):
* bindings/objc/WebScriptObject.mm:
(WebCore::addExceptionToConsole):
* bridge/c/c_utility.cpp:
(JSC::Bindings::convertValueToNPVariant):
* bridge/objc/objc_instance.mm:
(ObjcInstance::moveGlobalExceptionToExecState):
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::convertValueToObjcObject):
* bridge/objc/objc_utility.mm:
(JSC::Bindings::convertValueToObjcValue):

Source/WebKit/mac: 

* WebView/WebScriptDebugger.mm:
(WebScriptDebugger::sourceParsed):

Source/WTF: 

* wtf/Platform.h:
* wtf/StackBounds.h:
(WTF::StackBounds::StackBounds):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159605 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124181

Source/JavaScriptCore: 

Reviewed by Sam Weinig.
        
This makes FTL OSR exit use bytecode liveness analysis to determine which variables
to include values for. The decision of how to get the values of variables is based on
forward propagation of MovHints and SetLocals.
        
This fixes a bunch of bugs (like https://bugs.webkit.org/show_bug.cgi?id=124138 but
also others that I noticed when I started writing more targetted tests) and allows us
to remove some sketchy code.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeBasicBlock.h:
* bytecode/BytecodeLivenessAnalysis.cpp:
(JSC::isValidRegisterForLiveness):
(JSC::setForOperand):
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
(JSC::stepOverInstruction):
(JSC::computeLocalLivenessForBytecodeOffset):
(JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
(JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset):
(JSC::getLivenessInfo):
(JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset):
(JSC::BytecodeLivenessAnalysis::computeFullLiveness):
* bytecode/BytecodeLivenessAnalysis.h:
* bytecode/BytecodeLivenessAnalysisInlines.h: Added.
(JSC::operandIsAlwaysLive):
(JSC::operandThatIsNotAlwaysLiveIsLive):
(JSC::operandIsLive):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::captureCount):
(JSC::CodeBlock::captureStart):
(JSC::CodeBlock::captureEnd):
* bytecode/CodeOrigin.cpp:
(JSC::InlineCallFrame::dumpInContext):
* bytecode/FullBytecodeLiveness.h: Added.
(JSC::FullBytecodeLiveness::FullBytecodeLiveness):
(JSC::FullBytecodeLiveness::getOut):
(JSC::FullBytecodeLiveness::operandIsLive):
(JSC::FullBytecodeLiveness::getLiveness):
* dfg/DFGAvailability.cpp: Added.
(JSC::DFG::Availability::dump):
(JSC::DFG::Availability::dumpInContext):
* dfg/DFGAvailability.h: Added.
(JSC::DFG::Availability::Availability):
(JSC::DFG::Availability::unavailable):
(JSC::DFG::Availability::withFlush):
(JSC::DFG::Availability::withNode):
(JSC::DFG::Availability::withUnavailableNode):
(JSC::DFG::Availability::nodeIsUndecided):
(JSC::DFG::Availability::nodeIsUnavailable):
(JSC::DFG::Availability::hasNode):
(JSC::DFG::Availability::node):
(JSC::DFG::Availability::flushedAt):
(JSC::DFG::Availability::operator!):
(JSC::DFG::Availability::operator==):
(JSC::DFG::Availability::merge):
(JSC::DFG::Availability::mergeNodes):
(JSC::DFG::Availability::unavailableMarker):
* dfg/DFGBasicBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::Disassembler):
* dfg/DFGFlushFormat.cpp:
(WTF::printInternal):
* dfg/DFGFlushFormat.h:
(JSC::DFG::resultFor):
(JSC::DFG::useKindFor):
(JSC::DFG::dataFormatFor):
* dfg/DFGFlushedAt.cpp:
(JSC::DFG::FlushedAt::dump):
* dfg/DFGFlushedAt.h:
(JSC::DFG::FlushedAt::FlushedAt):
(JSC::DFG::FlushedAt::merge):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::livenessFor):
(JSC::DFG::Graph::isLiveInBytecode):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::baselineCodeBlockFor):
* dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
(JSC::DFG::OSRAvailabilityAnalysisPhase::run):
* dfg/DFGOSRAvailabilityAnalysisPhase.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGResurrectionForValidationPhase.cpp: Added.
(JSC::DFG::ResurrectionForValidationPhase::ResurrectionForValidationPhase):
(JSC::DFG::ResurrectionForValidationPhase::run):
(JSC::DFG::performResurrectionForValidation):
* dfg/DFGResurrectionForValidationPhase.h: Added.
* dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* dfg/DFGValueSource.h:
(JSC::DFG::ValueSource::forFlushFormat):
* dfg/DFGVariableAccessData.h:
* ftl/FTLExitValue.cpp:
(JSC::FTL::ExitValue::dumpInContext):
* ftl/FTLInlineCacheSize.cpp:
(JSC::FTL::sizeOfGetById):
* ftl/FTLLocation.cpp:
(JSC::FTL::Location::gpr):
(JSC::FTL::Location::fpr):
(JSC::FTL::Location::directGPR):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compileBlock):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileSetLocal):
(JSC::FTL::LowerDFGToLLVM::compileZombieHint):
(JSC::FTL::LowerDFGToLLVM::compilePutById):
(JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
(JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
(JSC::FTL::LowerDFGToLLVM::buildExitArguments):
(JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
(JSC::FTL::LowerDFGToLLVM::observeMovHint):
* ftl/FTLOutput.h:
(JSC::FTL::Output::alloca):
* ftl/FTLValueSource.cpp: Removed.
* ftl/FTLValueSource.h: Removed.
* llvm/LLVMAPIFunctions.h:
* runtime/DumpContext.cpp:
(JSC::DumpContext::DumpContext):
* runtime/DumpContext.h:
* runtime/Options.h:
* runtime/SymbolTable.h:
(JSC::SharedSymbolTable::captureStart):
(JSC::SharedSymbolTable::captureEnd):
(JSC::SharedSymbolTable::captureCount):

Tools: 

Reviewed by Mark Hahnenberg.

* Scripts/run-jsc-stress-tests:

LayoutTests: 

Reviewed by Mark Hahnenberg or Sam Weinig.
        
I totally added this test after the rest of the patch was r+'d. Under the right tier-up
modes this triggers one of the bugs that the rest of the patch is trying to avoid.

* js/regress/script-tests/weird-inlining-const-prop.js: Added.
(foo):
(bar):
(fuzz):
(testImpl):
(test):
* js/regress/weird-inlining-const-prop-expected.txt: Added.
* js/regress/weird-inlining-const-prop.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124435

Reviewed by Geoffrey Garen.

It's empty and has been since it was added 3 years ago.

* CMakeLists.txt:
* runtime/JSChunk.cpp: Removed.
* runtime/JSChunk.h: Removed.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124427

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.cpp:
(JSC::Heap::lastChanceToFinalize):
* heap/Heap.h:
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::callDestructor):
* heap/SlotVisitor.cpp:
(JSC::visitChildren):
* heap/SlotVisitor.h:
* heap/VTableSpectrum.cpp: Removed.
* heap/VTableSpectrum.h: Removed.

Source/WebKit/blackberry:

* WebCoreSupport/AboutDataEnableFeatures.in:

Source/WTF:

* wtf/Platform.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=118546

Reviewed by Filip Pizlo.

This will simplify some things in the DFG related to OSR exits and determining 
which bytecode variables are live at which points during execution. It will
also be useful for making our conservative GC scan more precise. Currently it 
doesn't properly account for liveness while the DFG is running, so it will be 
off by default behing a runtime Options flag.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeBasicBlock.cpp: Added.
(JSC::isBranch): Used to determine the end of basic blocks.
(JSC::isUnconditionalBranch): Used to determine when a branch at the end of a 
basic block can't possibly fall through to the next basic block in program order.
(JSC::isTerminal): Also used to detect the end of a block.
(JSC::isThrow):
(JSC::isJumpTarget): Used to correctly separate basic blocks. Any jump destination 
must be the head of its own basic block.
(JSC::linkBlocks): Links two blocks together in a bi-direcitonal fashion.
(JSC::computeBytecodeBasicBlocks): Creates a set of basic blocks given a particular 
CodeBlock and links them together.
* bytecode/BytecodeBasicBlock.h: Added.
(JSC::BytecodeBasicBlock::isEntryBlock): Entry blocks are a special basic blocks 
that indicate the beginning of the function.
(JSC::BytecodeBasicBlock::isExitBlock): Exit blocks are a special basic block that 
all blocks that exit the function have as a successor. Entry and exit blocks allows 
the various code paths to be more regular.
(JSC::BytecodeBasicBlock::leaderBytecodeOffset): The leader bytecode offset is the 
bytecode offset of the first instruction in the block.
(JSC::BytecodeBasicBlock::totalBytecodeLength): The total length of all the bytecodes 
in this block.
(JSC::BytecodeBasicBlock::bytecodeOffsets): The bytecode offsets in this particular 
basic block. This Vector allows us to iterate over the bytecodes in reverse order 
which wouldn't be possible normally since they are of variable size.
(JSC::BytecodeBasicBlock::addPredecessor): Links a block to a specified predecessor. 
Only creates one direction of the link.
(JSC::BytecodeBasicBlock::addSuccessor): Same as addPredecessor, but for successors.
(JSC::BytecodeBasicBlock::predecessors): Getter for predecessors.
(JSC::BytecodeBasicBlock::successors): Getter for successors.
(JSC::BytecodeBasicBlock::in): Getter for the liveness info at the head of the block.
(JSC::BytecodeBasicBlock::out): Getter for the liveness info at  the tail of the block.
(JSC::BytecodeBasicBlock::BytecodeBasicBlock):
(JSC::BytecodeBasicBlock::addBytecodeLength): When creating basic blocks we call 
this function when we want to add the next bytecode in program order to this block.
* bytecode/BytecodeLivenessAnalysis.cpp: Added.
(JSC::BytecodeLivenessAnalysis::BytecodeLivenessAnalysis):
(JSC::numberOfCapturedVariables): Convenience wrapper. Returns the
number of captured variables for a particular CodeBlock, or 0 if 
the CodeBlock has no SymbolTable.
(JSC::captureStart): Ditto, but for captureStart().
(JSC::captureEnd): Ditto, but for captureEnd().
(JSC::isValidRegisterForLiveness): Returns true if the liveness analysis should 
track the liveness of a particular operand. We ignore constants, arguments, and 
captured variables. We ignore arguments because they're live for the duration of 
a function call. We ignore captured variables because we also treat them as live 
for the duration of the function. This could probably be improved to be more precise, 
but it didn't seem worth it for now.
(JSC::setForOperand): Convenience wrapper that sets the bit in the provided bit 
vector for the provided operand. It handles skipping over captured variables.
(JSC::computeUsesForBytecodeOffset): Computes which operands are used by a particular bytecode.
(JSC::computeDefsForBytecodeOffset): Computes which operands are defined by a particular 
bytecode. Typically this is just the left-most operand.
(JSC::findBasicBlockWithLeaderOffset): 
(JSC::findBasicBlockForBytecodeOffset): Scans over basic blocks to find the block 
which contains a particular bytecode offset.
(JSC::computeLocalLivenessForBytecodeOffset): Computes block-local liveness from the 
bottom of the block until a specified bytecode offset is reached. 
(JSC::computeLocalLivenessForBlock): Computes liveness for the entire block and 
stores the resulting liveness at the head.
(JSC::BytecodeLivenessAnalysis::runLivenessFixpoint): Runs backward flow liveness 
analysis to fixpoint.
(JSC::BytecodeLivenessAnalysis::getLivenessInfoForNonCapturedVarsAtBytecodeOffset): 
Slow path to get liveness info for non-captured, non-argument variable.
(JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset): 
(JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset): Returns the liveness 
info for both captured and non-captured vars at a particular bytecode offset.
(JSC::BytecodeLivenessAnalysis::dumpResults): Dumps the output of the liveness analysis. 
Controlled by new flag in Options.h/.cpp.
(JSC::BytecodeLivenessAnalysis::compute): Creates bytecode basic blocks and runs 
full liveness analysis.
* bytecode/BytecodeLivenessAnalysis.h: Added.
(JSC::BytecodeLivenessAnalysis::hasBeenComputed):
(JSC::BytecodeLivenessAnalysis::computeIfNecessary):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::livenessAnalysis):
* bytecode/PreciseJumpTargets.cpp: Refactored to be able to get the jump targets for 
a particular bytecode offset for use during bytecode basic block construction.
(JSC::getJumpTargetsForBytecodeOffset):
(JSC::computePreciseJumpTargets):
(JSC::findJumpTargetsForBytecodeOffset):
* bytecode/PreciseJumpTargets.h:
* runtime/Options.cpp:
(JSC::Options::initialize):
* runtime/Options.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159136 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124129

Reviewed by Antti Koivisto.

Source/JavaScriptCore:

Add Set iterator classes and implementations

* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSSetIterator.cpp: Added.
(JSC::JSSetIterator::finishCreation):
(JSC::JSSetIterator::visitChildren):
(JSC::JSSetIterator::createPair):
* runtime/JSSetIterator.h: Added.
(JSC::JSSetIterator::createStructure):
(JSC::JSSetIterator::create):
(JSC::JSSetIterator::next):
(JSC::JSSetIterator::JSSetIterator):
* runtime/SetIteratorConstructor.cpp: Added.
(JSC::SetIteratorConstructor::finishCreation):
* runtime/SetIteratorConstructor.h: Added.
(JSC::SetIteratorConstructor::create):
(JSC::SetIteratorConstructor::createStructure):
(JSC::SetIteratorConstructor::SetIteratorConstructor):
* runtime/SetIteratorPrototype.cpp: Added.
(JSC::SetIteratorPrototype::finishCreation):
(JSC::SetIteratorPrototypeFuncIterator):
(JSC::SetIteratorPrototypeFuncNext):
* runtime/SetIteratorPrototype.h: Added.
(JSC::SetIteratorPrototype::create):
(JSC::SetIteratorPrototype::createStructure):
(JSC::SetIteratorPrototype::SetIteratorPrototype):
* runtime/SetPrototype.cpp:
(JSC::SetPrototype::finishCreation):
(JSC::setProtoFuncValues):
(JSC::setProtoFuncEntries):
(JSC::setProtoFuncKeys):

LayoutTests:

Move Set tests to more sensible location and add iterator tests

* js/basic-set-expected.txt: Renamed from LayoutTests/js/dom/basic-set-expected.txt.
* js/basic-set.html: Renamed from LayoutTests/js/dom/basic-set.html.
* js/script-tests/basic-set.js: Renamed from LayoutTests/js/dom/script-tests/basic-set.js.
(set new):
(otherString.string_appeared_here.set add):
(try.set forEach):
(set forEach):
(set gc):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159031 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124109

Reviewed by Andreas Kling.

Source/JavaScriptCore:

Added new Map iterator implementation.  This is a mostly boilerplate patch
however there's a a little bit of additional logic added to the MapData iterator
to deal with the possibility of map mutation between creation of the iterator
and use of it.  We'll be able to improve the performance of this substantially
by using intrinsics, however I'm pondering coming up with a better way to define
these thunks without requiring so much duplicated logic.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSMapIterator.cpp: Added.
(JSC::JSMapIterator::finishCreation):
(JSC::JSMapIterator::visitChildren):
(JSC::JSMapIterator::createPair):
* runtime/JSMapIterator.h: Added.
(JSC::JSMapIterator::createStructure):
(JSC::JSMapIterator::create):
(JSC::JSMapIterator::next):
(JSC::JSMapIterator::JSMapIterator):
* runtime/MapData.h:
(JSC::MapData::const_iterator::ensureSlot):
* runtime/MapIteratorConstructor.cpp: Added.
(JSC::MapIteratorConstructor::finishCreation):
* runtime/MapIteratorConstructor.h: Added.
(JSC::MapIteratorConstructor::create):
(JSC::MapIteratorConstructor::createStructure):
(JSC::MapIteratorConstructor::MapIteratorConstructor):
* runtime/MapIteratorPrototype.cpp: Added.
(JSC::MapIteratorPrototype::finishCreation):
(JSC::MapIteratorPrototypeFuncIterator):
(JSC::MapIteratorPrototypeFuncNext):
* runtime/MapIteratorPrototype.h: Added.
(JSC::MapIteratorPrototype::create):
(JSC::MapIteratorPrototype::createStructure):
(JSC::MapIteratorPrototype::MapIteratorPrototype):
* runtime/MapPrototype.cpp:
(JSC::MapPrototype::finishCreation):
(JSC::mapProtoFuncValues):
(JSC::mapProtoFuncEntries):
(JSC::mapProtoFuncKeys):

LayoutTests:

Moved map tests to a more sensible location, and added new iteration tests.

* js/basic-map-expected.txt: Renamed from LayoutTests/js/dom/basic-map-expected.txt.
* js/basic-map.html: Renamed from LayoutTests/js/dom/basic-map.html.
* js/script-tests/basic-map.js: Renamed from LayoutTests/js/dom/script-tests/basic-map.js.
(set shouldBe):
(set var):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159008 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=123835

Reviewed by Mark Lam.

Source/JavaScriptCore:

Add an ArgumentsIterator object, and associated classes so that we can support
iteration of the arguments object.

This is a largely mechanical patch.  The only gnarliness is in the
logic to avoid reifying the Arguments object in for(... of arguments)
scenarios.

* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitEnumeration):
* runtime/Arguments.cpp:
(JSC::Arguments::getOwnPropertySlot):
(JSC::argumentsFuncIterator):
* runtime/Arguments.h:
* runtime/ArgumentsIteratorConstructor.cpp: Added.
(JSC::ArgumentsIteratorConstructor::finishCreation):
* runtime/ArgumentsIteratorConstructor.h: Added.
(JSC::ArgumentsIteratorConstructor::create):
(JSC::ArgumentsIteratorConstructor::createStructure):
(JSC::ArgumentsIteratorConstructor::ArgumentsIteratorConstructor):
* runtime/ArgumentsIteratorPrototype.cpp: Added.
(JSC::ArgumentsIteratorPrototype::finishCreation):
(JSC::argumentsIteratorPrototypeFuncIterator):
(JSC::argumentsIteratorPrototypeFuncNext):
* runtime/ArgumentsIteratorPrototype.h: Added.
(JSC::ArgumentsIteratorPrototype::create):
(JSC::ArgumentsIteratorPrototype::createStructure):
(JSC::ArgumentsIteratorPrototype::ArgumentsIteratorPrototype):
* runtime/CommonIdentifiers.h:
* runtime/JSArgumentsIterator.cpp: Added.
(JSC::JSArgumentsIterator::finishCreation):
* runtime/JSArgumentsIterator.h: Added.
(JSC::JSArgumentsIterator::createStructure):
(JSC::JSArgumentsIterator::create):
(JSC::JSArgumentsIterator::next):
(JSC::JSArgumentsIterator::JSArgumentsIterator):
* runtime/JSArrayIterator.cpp:
(JSC::createIteratorResult):
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:

LayoutTests:

Add test cases

* js/arguments-iterator-expected.txt: Added.
* js/arguments-iterator.html: Added.
* js/script-tests/arguments-iterator.js: Added.
(shouldThrow.test):
(testAlias):
(testStrict):
(testReifiedArguments):
(testOverwrittenArguments):
(testNullArguments):
(testNonArrayLikeArguments):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=123472

Reviewed by Mark Hahnenberg.
        
This makes a fundamental change to how watchpoints work in the DFG.
        
Previously, a watchpoint was an instruction whose execution semantics were something
like:
        
    if (watchpoint->invalidated)
        exit
        
We would implement this without any branch by using jump replacement.
        
This is a very good optimization. But it's a bit awkward once you get a lot of
watchpoints: semantically we will have lots of these branches in the code, which the
compiler needs to reason about even though they don't actually result in any emitted
code.
        
Separately, we also had a mechanism for jettisoning a CodeBlock. This mechanism would
be invoked if a CodeBlock exited a lot. It would ensure that a CodeBlock wouldn't be
called into again, but it would do nothing for CodeBlocks that were already on the
stack.
        
This change flips jettisoning and watchpoint invalidation on their heads. Now, the jump
replacement has nothing to do with watchpoints; instead it's something that happens if
you ever jettison a CodeBlock. Jump replacement is now an all-or-nothing operation over
all of the potential call-return safe-exit-points in a CodeBlock. We call these
"InvalidationPoint"s. A watchpoint instruction is now "lowered" by having the DFG
collect all of the watchpoint sets that the CodeBlock cares about, and then registering
a CodeBlockJettisoningWatchpoint with all of them. That is, if the watchpoint fires, it
jettisons the CodeBlock, which in turn ensures that the CodeBlock can't be called into
(because the entrypoint now points to baseline code) and can't be returned into
(because returning exits to baseline before the next bytecode instruction).
        
This will allow for a sensible lowering of watchpoints to LLVM IR. It will also allow
for jettison() to be used effectively for things like breakpointing and single-stepping
in the debugger.
        
Well, basically, this mechanism just takes us into the HotSpot-style world where anyone
can, at any time and for any reason, request that an optimized CodeBlock is rendered
immediately invalid. You can use this for many cool things, I'm sure.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/AbstractMacroAssembler.h:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::jettison):
* bytecode/CodeBlock.h:
* bytecode/CodeBlockJettisoningWatchpoint.cpp: Added.
(JSC::CodeBlockJettisoningWatchpoint::fireInternal):
* bytecode/CodeBlockJettisoningWatchpoint.h: Added.
(JSC::CodeBlockJettisoningWatchpoint::CodeBlockJettisoningWatchpoint):
* bytecode/ExitKind.cpp:
(JSC::exitKindToString):
* bytecode/ExitKind.h:
* bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added.
(JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
* bytecode/ProfiledCodeBlockJettisoningWatchpoint.h: Added.
(JSC::ProfiledCodeBlockJettisoningWatchpoint::ProfiledCodeBlockJettisoningWatchpoint):
* dfg/DFGAbstractHeap.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGClobberize.cpp:
(JSC::DFG::writesOverlap):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
(JSC::DFG::AbstractHeapOverlaps::AbstractHeapOverlaps):
(JSC::DFG::AbstractHeapOverlaps::operator()):
(JSC::DFG::AbstractHeapOverlaps::result):
* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::invalidate):
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::CommonData):
* dfg/DFGDesiredWatchpoints.cpp:
(JSC::DFG::DesiredWatchpoints::addLazily):
(JSC::DFG::DesiredWatchpoints::reallyAdd):
* dfg/DFGDesiredWatchpoints.h:
(JSC::DFG::WatchpointForGenericWatchpointSet::WatchpointForGenericWatchpointSet):
(JSC::DFG::GenericDesiredWatchpoints::addLazily):
(JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
(JSC::DFG::GenericDesiredWatchpoints::areStillValid):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGInvalidationPointInjectionPhase.cpp: Added.
(JSC::DFG::InvalidationPointInjectionPhase::InvalidationPointInjectionPhase):
(JSC::DFG::InvalidationPointInjectionPhase::run):
(JSC::DFG::InvalidationPointInjectionPhase::handle):
(JSC::DFG::InvalidationPointInjectionPhase::insertInvalidationCheck):
(JSC::DFG::performInvalidationPointInjection):
* dfg/DFGInvalidationPointInjectionPhase.h: Added.
* dfg/DFGJITCode.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
* dfg/DFGJumpReplacement.cpp: Added.
(JSC::DFG::JumpReplacement::fire):
* dfg/DFGJumpReplacement.h: Added.
(JSC::DFG::JumpReplacement::JumpReplacement):
* dfg/DFGNodeType.h:
* dfg/DFGOSRExitCompilationInfo.h:
* dfg/DFGOperations.cpp:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::reallyAdd):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
(JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGWatchpointCollectionPhase.cpp: Added.
(JSC::DFG::WatchpointCollectionPhase::WatchpointCollectionPhase):
(JSC::DFG::WatchpointCollectionPhase::run):
(JSC::DFG::WatchpointCollectionPhase::handle):
(JSC::DFG::WatchpointCollectionPhase::handleEdge):
(JSC::DFG::WatchpointCollectionPhase::handleMasqueradesAsUndefined):
(JSC::DFG::WatchpointCollectionPhase::handleStringGetByVal):
(JSC::DFG::WatchpointCollectionPhase::addLazily):
(JSC::DFG::WatchpointCollectionPhase::globalObject):
(JSC::DFG::performWatchpointCollection):
* dfg/DFGWatchpointCollectionPhase.h: Added.
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compileGlobalVarWatchpoint):
(JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEqConstant):
(JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
(JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
(JSC::FTL::LowerDFGToLLVM::speculateNonNullObject):
* jit/JITOperations.cpp:
* jit/JumpReplacementWatchpoint.cpp: Removed.
* jit/JumpReplacementWatchpoint.h: Removed.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158304 268f45cc-cd09-0410-ab3c-d52691b4dbfc

StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
https://bugs.webkit.org/show_bug.cgi?id=123076

Source/JavaScriptCore: 

Reviewed by Sam Weinig.
        
Start preparing for a world in which we are patching code generated by LLVM, which may have
very different register usage conventions than our JITs. This requires us being more explicit
about the registers we are using. For example, the repatching code shouldn't take for granted
that tagMaskRegister holds the TagMask or that the register is even in use.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::numberOfRegisters):
(JSC::MacroAssembler::registerIndex):
(JSC::MacroAssembler::numberOfFPRegisters):
(JSC::MacroAssembler::fpRegisterIndex):
(JSC::MacroAssembler::totalNumberOfRegisters):
* bytecode/StructureStubInfo.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::usedRegisters):
* dfg/DFGSpeculativeJIT.h:
* ftl/FTLSaveRestore.cpp:
(JSC::FTL::bytesForGPRs):
(JSC::FTL::bytesForFPRs):
(JSC::FTL::offsetOfGPR):
(JSC::FTL::offsetOfFPR):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
* jit/JITInlineCacheGenerator.h:
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/RegisterSet.cpp: Added.
(JSC::RegisterSet::specialRegisters):
* jit/RegisterSet.h: Added.
(JSC::RegisterSet::RegisterSet):
(JSC::RegisterSet::set):
(JSC::RegisterSet::clear):
(JSC::RegisterSet::get):
(JSC::RegisterSet::merge):
* jit/Repatch.cpp:
(JSC::generateProtoChainAccessStub):
(JSC::tryCacheGetByID):
(JSC::tryBuildGetByIDList):
(JSC::emitPutReplaceStub):
(JSC::tryRepatchIn):
(JSC::linkClosureCall):
* jit/TempRegisterSet.cpp: Added.
(JSC::TempRegisterSet::TempRegisterSet):
* jit/TempRegisterSet.h:

Source/WTF: 

Reviewed by Sam Weinig.
        
Teach BitVector how to efficiently merge (i.e. bitvector |=).

* wtf/BitVector.cpp:
(WTF::BitVector::mergeSlow):
* wtf/BitVector.h:
(WTF::BitVector::merge):
(WTF::BitVector::cleanseInlineBits):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157707 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=122939

Reviewed by Geoffrey Garen.
        
Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
some register info and creates JIT inline caches for you. Used this to even furhter
unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
that it needs to do the equivalent of get_by_id, so with this generator it will be able
to create an IC even though it wasn't associated with a get_by_id bytecode instruction.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::DataLabelCompact::label):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::ecmaMode):
* dfg/DFGInlineCacheWrapper.h: Added.
(JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
* dfg/DFGInlineCacheWrapperInlines.h: Added.
(JSC::DFG::::finalize):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addGetById):
(JSC::DFG::JITCompiler::addPutById):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::isStrictModeFor):
(JSC::AssemblyHelpers::strictModeFor):
* jit/GPRInfo.h:
(JSC::JSValueRegs::tagGPR):
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
* jit/JIT.h:
* jit/JITInlineCacheGenerator.cpp: Added.
(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITByIdGenerator::finalize):
(JSC::JITByIdGenerator::generateFastPathChecks):
(JSC::JITGetByIdGenerator::generateFastPath):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
(JSC::JITPutByIdGenerator::generateFastPath):
(JSC::JITPutByIdGenerator::slowPathFunction):
* jit/JITInlineCacheGenerator.h: Added.
(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
(JSC::JITInlineCacheGenerator::stubInfo):
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITByIdGenerator::reportSlowPathCall):
(JSC::JITByIdGenerator::slowPathJump):
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
* jit/RegisterSet.h:
(JSC::RegisterSet::set):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157685 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=122667

Reviewed by Geoffrey Garen.

The issue this patch is attempting to fix is that there are places in our codebase
where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
operations that can initiate a garbage collection. Garbage collection then calls 
some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
always necessarily run during garbage collection). This causes a deadlock.
 
To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
into a thread-local field that indicates that it is unsafe to perform any operation 
that could trigger garbage collection on the current thread. In debug builds, 
ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
detect deadlocks.
 
This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
which uses the DeferGC mechanism to prevent collections from occurring while the 
lock is held.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/DeferGC.h:
(JSC::DisallowGC::DisallowGC):
(JSC::DisallowGC::~DisallowGC):
(JSC::DisallowGC::isGCDisallowedOnCurrentThread):
(JSC::DisallowGC::initialize):
* jit/Repatch.cpp:
(JSC::repatchPutByID):
(JSC::buildPutByIdList):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/ConcurrentJITLock.h:
(JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
(JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
(JSC::ConcurrentJITLockerBase::unlockEarly):
(JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
(JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
(JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
(JSC::ConcurrentJITLocker::ConcurrentJITLocker):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/JSCellInlines.h:
(JSC::allocateCell):
* runtime/JSSymbolTableObject.h:
(JSC::symbolTablePut):
* runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
before the caller has a chance to use the newly created PropertyTable. The garbage collection
clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
the Structure.
(JSC::Structure::materializePropertyMap):
(JSC::Structure::despecifyDictionaryFunction):
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::attributeChangeTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::isSealed):
(JSC::Structure::isFrozen):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::removePropertyWithoutTransition):
(JSC::Structure::get):
(JSC::Structure::despecifyFunction):
(JSC::Structure::despecifyAllFunctions):
(JSC::Structure::putSpecificValue):
(JSC::Structure::createPropertyMap):
(JSC::Structure::getPropertyNamesFromStructure):
* runtime/Structure.h:
(JSC::Structure::materializePropertyMapIfNecessary):
(JSC::Structure::materializePropertyMapIfNecessaryForPinning):
* runtime/StructureInlines.h:
(JSC::Structure::get):
* runtime/SymbolTable.h:
(JSC::SymbolTable::find):
(JSC::SymbolTable::end):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157539 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/157413
https://bugs.webkit.org/show_bug.cgi?id=122779

Appears to have caused frequent crashes (Requested by ap on
#webkit).

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/DeferGC.cpp: Removed.
* heap/DeferGC.h:
* jit/JITStubs.cpp:
(JSC::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/ConcurrentJITLock.h:
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/JSCellInlines.h:
(JSC::allocateCell):
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyMap):
(JSC::Structure::putSpecificValue):
(JSC::Structure::createPropertyMap):
* runtime/Structure.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157424 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=122667

Reviewed by Filip Pizlo.

The issue this patch is attempting to fix is that there are places in our codebase
where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
operations that can initiate a garbage collection. Garbage collection then calls 
some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
always necessarily run during garbage collection). This causes a deadlock.

To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
into a thread-local field that indicates that it is unsafe to perform any operation 
that could trigger garbage collection on the current thread. In debug builds, 
ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
detect deadlocks.

This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
which uses the DeferGC mechanism to prevent collections from occurring while the 
lock is held.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/DeferGC.cpp: Added.
* heap/DeferGC.h:
(JSC::DisallowGC::DisallowGC):
(JSC::DisallowGC::~DisallowGC):
(JSC::DisallowGC::isGCDisallowedOnCurrentThread):
(JSC::DisallowGC::initialize):
* jit/JITStubs.cpp:
(JSC::tryCachePutByID):
(JSC::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/ConcurrentJITLock.h:
(JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
(JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
(JSC::ConcurrentJITLockerBase::unlockEarly):
(JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
(JSC::ConcurrentJITLocker::ConcurrentJITLocker):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/JSCellInlines.h:
(JSC::allocateCell):
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyMap):
(JSC::Structure::putSpecificValue):
(JSC::Structure::createPropertyMap):
* runtime/Structure.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157413 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=122542

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-09
Reviewed by Csaba Osztrogonác.

.:

* CMakeLists.txt:

Source/JavaScriptCore:

* CMakeLists.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157159 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=122024

Reviewed by Oliver Hunt.
        
The DFG needs to be able to store things at a known offset from frame pointer so that
the runtime can read those things. Prior to this patch, the DFG would use the exact
offsets that the bytecode asked for, even in the case of inlining, where it would use
the callsite stack offset to shift all of the inlined function's variables over just as
they would have been if a bytecode interpreter had really made the call.
        
But this won't work once WebKit-LLVM integration is complete. LLVM has no notion of
storing things at a fixed offset from the frame pointer. We could try to hack LLVM to do
that, but it would seriously complicate LLVM's stack layout. But what we might be able
to do is have LLVM tell us (via an addressof intrinsic and a side-channel) where some
alloca landed relative to the frame pointer. Hence if the DFG can put all of its flushed
variables in a contiguous range that can be expressed to LLVM as a struct that we
alloca, then all of this can still work just fine.
        
Previously the flushed variables didn't fit in a contiguous range, but this patch makes
them contiguous by allowing the stack layout to be compressed.
        
What this really means is that there is now a distinction between where the DFG saw a
variable stored in bytecode and where it will actually store it in the resulting machine
code. Henceforth when the DFG says "local" or "virtual register" it means the variable
according to bytecode (with the stack offsetting for inlined code as before), but when
it says "machine local" or "machine virtual register" it means the actual place where it
will store things in the resulting machine code. All of the OSR exit, inlined arguments,
captured variables, and various stack unwinding machine now knows about all of this.
        
Note that the DFG's abstract interpretation still uses bytecode variables rather than
machine variables. Same for CSE and abstract heaps. This makes sense since it means that
we don't have to decide on machine variable allocation just to do those optimizations.
        
The decision of what a local's machine location becomes is deferred to very late in
compilation. We only need to assign machine locations to variables that must be stored
to the stack. It's now mandatory to run some kind of "stack layout phase" that makes the
decision and updates all data structures.
        
So far the way that this is being used is just to compress the DFG stack layout, which
is something that we should have done anyway, a long time ago. And the compression isn't
even that good - the current StackLayoutPhase just identifies local indices that are
unused in machine code and slides all other variables towards zero. This doesn't achieve
particularly good compression but it is better than nothing. Note that this phase makes
it seem like the bytecode-machine mapping is based on bytecode local indices; for
example if bytecode local 4 is mapped to machine local 3 then it always will be. That's
true for the current StackLayoutPhase but it _will not_ be true for all possible stack
layout phases and it would be incorrect to assume that it should be true. This is why
the current data structures have each VariableAccessData hold its own copy of the
machine virtual register, and also have each InlineCallFrame report their own machine
virtual registers for the various things. The DFG backend is likely to always use the
dumb StackLayoutPhase since it is very cheap to run, but the FTL backend is likely to
eventually get a better one, where we do some kind of constraint-based coloring: we
institute constraints where some VariableAccessData's must have the same indices as some
other ones, and also must be right next to some other ones; then we process all
VariableAccessData's and attempt to assign them machine locals while preserving those
constraints. This could lead to two VariableAccessDatas for the same bytecode local
ending up with different machine locals.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::isCaptured):
(JSC::CodeBlock::framePointerOffsetToGetActivationRegisters):
(JSC::CodeBlock::machineSlowArguments):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::hasSlowArguments):
* bytecode/CodeOrigin.cpp:
(JSC::CodeOrigin::dump):
(JSC::InlineCallFrame::calleeForCallFrame):
(JSC::InlineCallFrame::dumpInContext):
* bytecode/CodeOrigin.h:
(JSC::InlineCallFrame::InlineCallFrame):
(JSC::InlineCallFrame::calleeConstant):
* bytecode/Operands.h:
(JSC::Operands::indexForOperand):
* dfg/DFGBasicBlock.cpp:
(JSC::DFG::BasicBlock::SSAData::SSAData):
* dfg/DFGBasicBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::flushDirect):
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGCommon.h:
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::CommonData):
* dfg/DFGDesiredWriteBarriers.cpp:
(JSC::DFG::DesiredWriteBarrier::trigger):
* dfg/DFGDesiredWriteBarriers.h:
* dfg/DFGFlushLivenessAnalysisPhase.cpp:
(JSC::DFG::FlushLivenessAnalysisPhase::run):
(JSC::DFG::FlushLivenessAnalysisPhase::process):
(JSC::DFG::FlushLivenessAnalysisPhase::reportError):
* dfg/DFGFlushedAt.cpp: Added.
(JSC::DFG::FlushedAt::dump):
(JSC::DFG::FlushedAt::dumpInContext):
* dfg/DFGFlushedAt.h: Added.
(JSC::DFG::FlushedAt::FlushedAt):
(JSC::DFG::FlushedAt::operator!):
(JSC::DFG::FlushedAt::format):
(JSC::DFG::FlushedAt::virtualRegister):
(JSC::DFG::FlushedAt::operator==):
(JSC::DFG::FlushedAt::operator!=):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::bytecodeRegisterForArgument):
(JSC::DFG::Graph::argumentsRegisterFor):
(JSC::DFG::Graph::machineArgumentsRegisterFor):
(JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
(JSC::DFG::Graph::activationRegister):
(JSC::DFG::Graph::uncheckedActivationRegister):
(JSC::DFG::Graph::machineActivationRegister):
(JSC::DFG::Graph::uncheckedMachineActivationRegister):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::noticeOSREntry):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToGetLocalUnlinked):
(JSC::DFG::Node::convertToGetLocal):
(JSC::DFG::Node::machineLocal):
(JSC::DFG::Node::hasUnlinkedMachineLocal):
(JSC::DFG::Node::setUnlinkedMachineLocal):
(JSC::DFG::Node::unlinkedMachineLocal):
(JSC::DFG::Node::hasInlineStartData):
(JSC::DFG::Node::inlineStartData):
* dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntry.h:
(JSC::DFG::OSREntryReshuffling::OSREntryReshuffling):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGScoreBoard.h:
(JSC::DFG::ScoreBoard::ScoreBoard):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInlineStart):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::createOSREntries):
(JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::calleeFrameOffset):
(JSC::DFG::SpeculativeJIT::callFrameSlot):
(JSC::DFG::SpeculativeJIT::argumentSlot):
(JSC::DFG::SpeculativeJIT::callFrameTagSlot):
(JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
(JSC::DFG::SpeculativeJIT::argumentTagSlot):
(JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
(JSC::DFG::SpeculativeJIT::framePointerOffsetToGetActivationRegisters):
(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::recordSetLocal):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStackLayoutPhase.cpp: Added.
(JSC::DFG::StackLayoutPhase::StackLayoutPhase):
(JSC::DFG::StackLayoutPhase::run):
(JSC::DFG::performStackLayout):
* dfg/DFGStackLayoutPhase.h: Added.
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validate):
* dfg/DFGVariableAccessData.h:
(JSC::DFG::VariableAccessData::machineLocal):
(JSC::DFG::VariableAccessData::flushedAt):
* dfg/DFGVirtualRegisterAllocationPhase.cpp:
(JSC::DFG::VirtualRegisterAllocationPhase::run):
* ftl/FTLExitValue.h:
(JSC::FTL::ExitValue::inJSStack):
(JSC::FTL::ExitValue::inJSStackAsInt32):
(JSC::FTL::ExitValue::inJSStackAsInt52):
(JSC::FTL::ExitValue::inJSStackAsDouble):
(JSC::FTL::ExitValue::virtualRegister):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileGetArgument):
(JSC::FTL::LowerDFGToLLVM::compileGetLocal):
(JSC::FTL::LowerDFGToLLVM::compileSetLocal):
(JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* ftl/FTLValueSource.cpp:
(JSC::FTL::ValueSource::dump):
* ftl/FTLValueSource.h:
(JSC::FTL::ValueSource::ValueSource):
(JSC::FTL::ValueSource::kind):
(JSC::FTL::ValueSource::operator!):
(JSC::FTL::ValueSource::node):
(JSC::FTL::ValueSource::virtualRegister):
* interpreter/Interpreter.cpp:
(JSC::unwindCallFrame):
* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::readInlinedFrame):
(JSC::StackVisitor::Frame::createArguments):
(JSC::StackVisitor::Frame::existingArguments):
* interpreter/StackVisitor.h:
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::addressFor):
(JSC::AssemblyHelpers::tagFor):
(JSC::AssemblyHelpers::payloadFor):
(JSC::AssemblyHelpers::offsetOfArgumentsIncludingThis):
* runtime/Arguments.cpp:
(JSC::Arguments::tearOff):
* runtime/Arguments.h:
(JSC::Arguments::allocateSlowArguments):
(JSC::Arguments::tryDeleteArgument):
(JSC::Arguments::isDeletedArgument):
(JSC::Arguments::isArgument):
(JSC::Arguments::argument):
(JSC::Arguments::finishCreation):
* runtime/JSActivation.h:
(JSC::JSActivation::create):
(JSC::JSActivation::JSActivation):
* runtime/JSFunction.cpp:
(JSC::RetrieveArgumentsFunctor::operator()):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156984 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=122195

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Add implementation of ES6 Array iterators for keys(), values() and entries()

Fairly self explanatory as we just need a simple implementation so that we can
implement and test other features.

* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/ArrayIteratorConstructor.cpp: Added.
(JSC::ArrayIteratorConstructor::finishCreation):
* runtime/ArrayIteratorConstructor.h: Added.
(JSC::ArrayIteratorConstructor::create):
(JSC::ArrayIteratorConstructor::createStructure):
(JSC::ArrayIteratorConstructor::ArrayIteratorConstructor):
* runtime/ArrayIteratorPrototype.cpp: Added.
(JSC::ArrayIteratorPrototype::finishCreation):
(JSC::createIteratorResult):
(JSC::arrayIteratorPrototypeNext):
* runtime/ArrayIteratorPrototype.h: Added.
(JSC::ArrayIteratorPrototype::create):
(JSC::ArrayIteratorPrototype::createStructure):
(JSC::ArrayIteratorPrototype::ArrayIteratorPrototype):
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncValues):
(JSC::arrayProtoFuncEntries):
(JSC::arrayProtoFuncKeys):
* runtime/CommonIdentifiers.h:
* runtime/Identifier.h:
(JSC::Identifier::createEmptyUnique):
* runtime/JSArrayIterator.cpp: Added.
(JSC::JSArrayIterator::finishCreation):
* runtime/JSArrayIterator.h: Added.
(JSC::JSArrayIterator::createStructure):
(JSC::JSArrayIterator::create):
(JSC::JSArrayIterator::iterationKind):
(JSC::JSArrayIterator::iteratedObject):
(JSC::JSArrayIterator::nextIndex):
(JSC::JSArrayIterator::setNextIndex):
(JSC::JSArrayIterator::finish):
(JSC::JSArrayIterator::JSArrayIterator):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::iteratorResultStructure):

LayoutTests:

Add tests

* js/Object-getOwnPropertyNames-expected.txt:
* js/array-iterators-expected.txt: Added.
* js/array-iterators.html: Added.
* js/script-tests/Object-getOwnPropertyNames.js:
* js/script-tests/array-iterators.js: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156791 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Get rid of the AlreadyInJSStack recoveries since they are totally redundant with the DisplacedInJSStack recoveries
https://bugs.webkit.org/show_bug.cgi?id=122065

Reviewed by Mark Hahnenberg.
        
This mostly just kills a bunch of code.
        
But incidentaly while killing that code, I uncovered a bug in our FTL OSR entrypoint
creation phase. The phase inserts a sequence of SetLocal(ExtractOSREntryLocal) nodes.
If we hoist some type check into the local, then we might inject a conversion node
between the ExtractOSREntryLocal and the SetLocal - for example we might put in a
Int32ToDouble node. But currently the FixupPhase will make all conversion nodes placed
on an edge of a SetLocal use forward exit. This then confuses the OSR exit machinery.
When OSR exit sees a forward exit, it tries to "roll forward" execution from the exiting
node to the first node that has a different CodeOrigin. This only works if the nodes
after the forward exit are MovHints or other tnings that the OSR exit compiler can
forward-execute. But here, it will see a bunch of SetLocal and ExtractOSREntryLocal
nodes for the same bytecode index. Two possible solutions exist. We could teach the
forward-execution logic how to deal with multiple SetLocals and ExtractOSREntryLocals.
This would be a lot of complexity; right now it just needs to deal with exactly one
SetLocal-like operation. The alternative is to make sure that the conversion node that
we inject ends up exiting *backward* rather than forward.
        
But making the conversion nodes exit backward is somewhat tricky. Before this patch,
conversion nodes always exit forward for SetLocals and backwards otherwise. It turns out
that the solution is to rationalize how we choose the speculation direciton for a
conversion node. The conversion node's speculation direction should be the same as the
speculation direction of the node for which it is doing a conversion. Since SetLocal's
already exit forward by default, this policy preserves our previous behavior. But it
also allows the OSR entrypoint creation phase to make its SetLocals exit backward
instead.
        
Of course, if the SetLocal(ExtractOSREntryLocal) sequences exit backward, then we need
to make sure that the OSR exit machine knows that the local variables are indeed live.
Consider that if we have:
        
    a: ExtractOSREntryLocal(loc1)
    b: SetLocal(@a, loc1)
    c: ExtractOSRentryLocal(loc2)
    d: SetLocal(@c, loc2)
        
Without additional magic, the exit at @b will think that loc2 is dead and the OSR exit
compiler will clobber loc2 with Undefined. So we need to make sure that we actually
emit code like:
        
    a: ExtractOSREntryLocal(loc1)
    b: ExtractOSREntryLocal(loc2)
    c: SetLocal(@a, loc1)
    d: SetLocal(@b, loc2)
    e: SetLocal(@a, loc1)
    f: SetLocal(@b, loc2)

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeOrigin.h:
* bytecode/ValueRecovery.cpp: Added.
(JSC::ValueRecovery::recover):
(JSC::ValueRecovery::dumpInContext):
(JSC::ValueRecovery::dump):
* bytecode/ValueRecovery.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
(JSC::DFG::FixupPhase::fixEdge):
* dfg/DFGJITCode.cpp:
(JSC::DFG::JITCode::reconstruct):
* dfg/DFGNode.h:
(JSC::DFG::Node::speculationDirection):
(JSC::DFG::Node::setSpeculationDirection):
* dfg/DFGOSREntrypointCreationPhase.cpp:
(JSC::DFG::OSREntrypointCreationPhase::run):
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInlineStart):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGValueSource.h:
(JSC::DFG::ValueSource::valueRecovery):
* dfg/DFGVariableEventStream.cpp:
(JSC::DFG::VariableEventStream::reconstruct):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateMachineInt):
* interpreter/Register.h:
(JSC::Register::unboxedStrictInt52):
* runtime/Arguments.cpp:
(JSC::Arguments::tearOff):
* runtime/Arguments.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156677 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=121749.

Reviewed by Geoffrey Garen.

Relanding http://trac.webkit.org/changeset/156235 after rebasing to latest
revision and fixing build breakages on Windows.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::unlink):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resetStubInternal):
* bytecode/StructureStubInfo.h:
* dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
(JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
(JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
* dfg/DFGJITCompiler.h:
* dfg/DFGOSRExitCompiler.h:
* dfg/DFGOperations.cpp:
(JSC::DFG::operationPutByValInternal):
* dfg/DFGOperations.h:
(JSC::DFG::operationNewTypedArrayWithSizeForType):
(JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
* dfg/DFGRegisterSet.h: Removed.
* dfg/DFGRepatch.cpp: Removed.
* dfg/DFGRepatch.h: Removed.
* dfg/DFGScratchRegisterAllocator.h: Removed.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compare):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
(JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
(JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGThunks.cpp:
* dfg/DFGThunks.h:
* ftl/FTLIntrinsicRepository.h:
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
* ftl/FTLOSRExitCompiler.h:
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::writeBarrier):
* jit/JIT.cpp:
(JSC::JIT::linkFor):
(JSC::JIT::linkSlowCall):
* jit/JITCall.cpp:
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::privateCompileClosureCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::privateCompileClosureCall):
* jit/JITOperationWrappers.h: Copied from Source/JavaScriptCore/jit/JITOperationWrappers.h.
* jit/JITOperations.cpp: Copied from Source/JavaScriptCore/jit/JITOperations.cpp.
(JSC::getHostCallReturnValueWithExecState):
* jit/JITOperations.h: Copied from Source/JavaScriptCore/jit/JITOperations.h.
* jit/RegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
* jit/Repatch.cpp: Copied from Source/JavaScriptCore/jit/Repatch.cpp.
(JSC::tryBuildGetByIDList):
* jit/Repatch.h: Copied from Source/JavaScriptCore/jit/Repatch.h.
* jit/ScratchRegisterAllocator.h: Copied from Source/JavaScriptCore/jit/ScratchRegisterAllocator.h.
* jit/ThunkGenerators.cpp:
(JSC::oldStyleGenerateSlowCaseFor):
(JSC::oldStyleLinkForGenerator):
(JSC::oldStyleLinkCallGenerator):
(JSC::oldStyleLinkConstructGenerator):
(JSC::oldStyleLinkClosureCallGenerator):
(JSC::oldStyleVirtualForGenerator):
(JSC::oldStyleVirtualCallGenerator):
(JSC::oldStyleVirtualConstructGenerator):
(JSC::emitPointerValidation):
(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::slowPathFor):
(JSC::linkForThunkGenerator):
(JSC::linkCallThunkGenerator):
(JSC::linkConstructThunkGenerator):
(JSC::linkClosureCallThunkGenerator):
(JSC::virtualForThunkGenerator):
(JSC::virtualCallThunkGenerator):
(JSC::virtualConstructThunkGenerator):
* jit/ThunkGenerators.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156490 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Never use ReturnPC for exception handling and quit using exception check indices as a lame replica of the CodeOrigin index
https://bugs.webkit.org/show_bug.cgi?id=121734

Reviewed by Mark Hahnenberg.
        
Exception handling can deduce where the exception was thrown from by looking at the
code origin that was stored into the call frame header. There is no need to pass any
additional meta-data into the exception throwing logic. But the DFG was still doing it
anyway.
        
This removes all of the logic to pass extra meta-data into lookupExceptionHandler()
and friends. It simplifies a lot of code.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::shrinkToFit):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::codeOrigins):
(JSC::CodeBlock::hasCodeOrigins):
(JSC::CodeBlock::canGetCodeOrigin):
(JSC::CodeBlock::codeOrigin):
* bytecode/CodeOrigin.h:
(JSC::InlineCallFrame::InlineCallFrame):
* bytecode/InlineCallFrameSet.cpp: Added.
(JSC::InlineCallFrameSet::InlineCallFrameSet):
(JSC::InlineCallFrameSet::~InlineCallFrameSet):
(JSC::InlineCallFrameSet::add):
(JSC::InlineCallFrameSet::shrinkToFit):
* bytecode/InlineCallFrameSet.h: Added.
(JSC::InlineCallFrameSet::isEmpty):
(JSC::InlineCallFrameSet::size):
(JSC::InlineCallFrameSet::at):
* dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::addCodeOrigin):
(JSC::DFG::CommonData::shrinkToFit):
* dfg/DFGCommonData.h:
* dfg/DFGDesiredWriteBarriers.cpp:
(JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
(JSC::DFG::DesiredWriteBarrier::trigger):
* dfg/DFGDesiredWriteBarriers.h:
(JSC::DFG::DesiredWriteBarriers::add):
(JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
(JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
* dfg/DFGGraph.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::compileExceptionHandlers):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::emitStoreCodeOrigin):
(JSC::DFG::JITCompiler::exceptionCheck):
(JSC::DFG::JITCompiler::fastExceptionCheck):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryBuildGetByIDList):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
(JSC::DFG::SpeculativeJIT::appendCallSetResult):
(JSC::DFG::SpeculativeJIT::appendCall):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGVirtualRegisterAllocationPhase.cpp:
(JSC::DFG::VirtualRegisterAllocationPhase::run):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::callPreflight):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitExceptionCheck):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156300 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=121762

Reviewed by Gyuyoung Kim.

Sort files and unify style.

* CMakeLists.txt:
* shell/CMakeLists.txt:
* shell/PlatformBlackBerry.cmake:
* shell/PlatformEfl.cmake:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156263 268f45cc-cd09-0410-ab3c-d52691b4dbfc