2016-03-24 Matthew Hanson Merge r198592. rdar://problem/25271136 2016-03-23 Michael Saboff JavaScriptCore ArrayPrototype::join shouldn't cache butterfly when it makes effectful calls https://bugs.webkit.org/show_bug.cgi?id=155776 Reviewed by Saam Barati. Array.join ends up calling toString, possibly on some object. Since these calls could be effectful and could change the array itself, we can't hold the butterfly pointer while making effectful calls. Changed the code to fall back to the general case when an effectful toString() call might be made. * runtime/ArrayPrototype.cpp: (JSC::join): * runtime/JSStringJoiner.h: (JSC::JSStringJoiner::appendWithoutSideEffects): New helper that doesn't make effectful toString() calls. (JSC::JSStringJoiner::append): Built upon appendWithoutSideEffects. 2016-02-09 Babak Shafiei Merge r196179. 2016-02-05 Filip Pizlo Arrayify for a typed array shouldn't create a monster https://bugs.webkit.org/show_bug.cgi?id=153908 rdar://problem/24290639 Reviewed by Mark Lam. Previously if you convinced the DFG to emit an Arrayify to ArrayStorage and then gave it a typed array, you'd corrupt the object. * runtime/JSArrayBufferView.cpp: (WTF::printInternal): * runtime/JSArrayBufferView.h: * runtime/JSGenericTypedArrayViewInlines.h: (JSC::JSGenericTypedArrayView::visitChildren): (JSC::JSGenericTypedArrayView::slowDownAndWasteMemory): * runtime/JSObject.cpp: (JSC::JSObject::copyButterfly): (JSC::JSObject::enterDictionaryIndexingMode): (JSC::JSObject::ensureInt32Slow): (JSC::JSObject::ensureDoubleSlow): (JSC::JSObject::ensureContiguousSlow): (JSC::JSObject::ensureArrayStorageSlow): (JSC::JSObject::growOutOfLineStorage): (JSC::getBoundSlotBaseFunctionForGetterSetter): * runtime/Structure.h: * tests/stress/arrayify-array-storage-typed-array.js: Added. This test failed. * tests/stress/arrayify-int32-typed-array.js: Added. This test case already had other protections, but we beefed them up. 2016-01-13 Matthew Hanson Merge r193939. rdar://problem/24154418 2015-12-10 Daniel Bates [CSP] eval() is not blocked for stringified literals https://bugs.webkit.org/show_bug.cgi?id=152158 Reviewed by Saam Barati. Fixes an issue where stringified literals can be eval()ed despite being disallowed by Content Security Policy of the page. * interpreter/Interpreter.cpp: (JSC::eval): Throw a JavaScript EvalError exception if eval() is disallowed for the page and return undefined. * runtime/JSGlobalObjectFunctions.cpp: (JSC::globalFuncEval): Ditto. 2016-01-11 Matthew Hanson Merge r192186. rdar://problem/24101174 2015-11-09 Joseph Pecoraro Web Inspector: $0 stops working after navigating to a different domain https://bugs.webkit.org/show_bug.cgi?id=147962 Reviewed by Brian Burg. Extract the per-GlobalObject cache of JSValue wrappers for InjectedScriptHost objects to be reused by WebCore for its CommandLineAPIHost objects injected into multiple contexts. * CMakeLists.txt: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: * JavaScriptCore.xcodeproj/project.pbxproj: Add new files. * inspector/PerGlobalObjectWrapperWorld.h: * inspector/PerGlobalObjectWrapperWorld.cpp: (Inspector::PerGlobalObjectWrapperWorld::getWrapper): (Inspector::PerGlobalObjectWrapperWorld::addWrapper): (Inspector::PerGlobalObjectWrapperWorld::clearAllWrappers): Hold a bunch of per-global-object wrappers for an object that will outlive the global object. This inspector does this for host objects that it exposes into scripts it injects into each execution context created by the page. * inspector/InjectedScriptHost.cpp: (Inspector::InjectedScriptHost::wrapper): (Inspector::InjectedScriptHost::clearAllWrappers): (Inspector::InjectedScriptHost::jsWrapper): Deleted. (Inspector::clearWrapperFromValue): Deleted. (Inspector::InjectedScriptHost::clearWrapper): Deleted. Extract and simplify the Per-GlobalObject wrapping into a class. Simplify object construction as well. * inspector/InjectedScriptHost.h: * inspector/InjectedScriptManager.cpp: (Inspector::InjectedScriptManager::createInjectedScript): (Inspector::InjectedScriptManager::discardInjectedScripts): Make discarding virtual so subclasses may also discard injected scripts. * inspector/JSInjectedScriptHost.cpp: (Inspector::JSInjectedScriptHost::JSInjectedScriptHost): (Inspector::JSInjectedScriptHost::releaseImpl): Deleted. (Inspector::JSInjectedScriptHost::~JSInjectedScriptHost): Deleted. (Inspector::toJS): Deleted. (Inspector::toJSInjectedScriptHost): Deleted. * inspector/JSInjectedScriptHost.h: (Inspector::JSInjectedScriptHost::create): (Inspector::JSInjectedScriptHost::impl): Update this code originally copied from older generated bindings to be more like new generated bindings and remove some now unused code. 2015-12-04 Timothy Hatcher Merge r192391. rdar://problem/23581597 2015-11-12 Joseph Pecoraro Web Inspector: Reduce list of saved console messages https://bugs.webkit.org/show_bug.cgi?id=151225 Reviewed by Geoffrey Garen. Inspector saves messages so that when an inspector frontend opens it can report these messages to the frontend. However we were saving a rather large list of 1000 messages. Most pages do not produce a large number of console messages. However pages that live for a long time can generate many errors over time, especially periodic engine issues such as cross-origin access errors. This could result in a lot of wasted memory for console messages that may never be used. Likewise when an inspector first open sending all 1000 messages to the frontend results in a poor experience. Lets reduce the list of saved messages. Developer will still be able to see all messages as long as they have Web Inspector open at the time the messages are generated. * inspector/agents/InspectorConsoleAgent.cpp: Reduce the list from 1000 to 100. Also, when expiring messages from this list, chunk in 10s instead of 100s. 2015-12-04 Timothy Hatcher Merge r191397. rdar://problem/23581597 2015-10-21 Joseph Pecoraro Web Inspector: Array previews with Symbol objects have too few preview values https://bugs.webkit.org/show_bug.cgi?id=150404 Reviewed by Timothy Hatcher. * inspector/InjectedScriptSource.js: (InjectedScript.RemoteObject.prototype._appendPropertyPreviews): We should be continuing inside this loop not returning. 2015-12-04 Timothy Hatcher Merge r191355. rdar://problem/23581597 2015-10-20 Joseph Pecoraro Web Inspector: JavaScriptCore should parse sourceURL and sourceMappingURL directives https://bugs.webkit.org/show_bug.cgi?id=150096 Reviewed by Geoffrey Garen. * inspector/ContentSearchUtilities.cpp: (Inspector::ContentSearchUtilities::scriptCommentPattern): Deleted. (Inspector::ContentSearchUtilities::findScriptSourceURL): Deleted. (Inspector::ContentSearchUtilities::findScriptSourceMapURL): Deleted. * inspector/ContentSearchUtilities.h: No longer need to search script content. * inspector/ScriptDebugServer.cpp: (Inspector::ScriptDebugServer::dispatchDidParseSource): Carry over the sourceURL and sourceMappingURL from the SourceProvider. * inspector/agents/InspectorDebuggerAgent.cpp: (Inspector::InspectorDebuggerAgent::sourceMapURLForScript): (Inspector::InspectorDebuggerAgent::didParseSource): No longer do content searching. * parser/Lexer.cpp: (JSC::Lexer::setCode): (JSC::Lexer::skipWhitespace): (JSC::Lexer::parseCommentDirective): (JSC::Lexer::parseCommentDirectiveValue): (JSC::Lexer::consume): (JSC::Lexer::lex): * parser/Lexer.h: (JSC::Lexer::sourceURL): (JSC::Lexer::sourceMappingURL): (JSC::Lexer::sourceProvider): Deleted. Give lexer the ability to detect script comment directives. This just consumes characters in single line comments and ultimately sets the sourceURL or sourceMappingURL found. * parser/Parser.h: (JSC::Parser::parse): * parser/SourceProvider.h: (JSC::SourceProvider::url): (JSC::SourceProvider::sourceURL): (JSC::SourceProvider::sourceMappingURL): (JSC::SourceProvider::setSourceURL): (JSC::SourceProvider::setSourceMappingURL): After parsing a script, update the Source Provider with the value of directives that may have been found in the script. 2015-12-04 Timothy Hatcher Merge r190542. rdar://problem/23581597 2015-10-02 Matt Baker Web Inspector: Add breakpoint option to ignore n times before stopping https://bugs.webkit.org/show_bug.cgi?id=147664 Reviewed by Timothy Hatcher. * debugger/Breakpoint.h: (JSC::Breakpoint::Breakpoint): Added ignoreCount and hitCount fields. Cleaned up initializers. * debugger/Debugger.cpp: (JSC::Debugger::hasBreakpoint): If a breakpoint matches the current text position, increment breakpoint hit count and compare with ignore count before testing the breakpoint condition. * inspector/ScriptBreakpoint.h: (Inspector::ScriptBreakpoint::ScriptBreakpoint): Added ignoreCount field. Cleaned up initializers. * inspector/ScriptDebugServer.cpp: (Inspector::ScriptDebugServer::setBreakpoint): Added ignoreCount field. * inspector/agents/InspectorDebuggerAgent.cpp: (Inspector::buildObjectForBreakpointCookie): (Inspector::InspectorDebuggerAgent::setBreakpointByUrl): (Inspector::InspectorDebuggerAgent::setBreakpoint): (Inspector::InspectorDebuggerAgent::continueToLocation): (Inspector::InspectorDebuggerAgent::didParseSource): Plumbing for ignoreCount property. * inspector/protocol/Debugger.json: Added optional ignoreCount property to BreakpointOptions object. 2015-12-04 Timothy Hatcher Merge r189415. rdar://problem/23581597 2015-09-04 Joseph Pecoraro Web Inspector: Test Runtime.saveResult and $n values https://bugs.webkit.org/show_bug.cgi?id=148837 Reviewed by Timothy Hatcher. * inspector/InjectedScriptSource.js: (InjectedScript.prototype._evaluateOn): We don't need to be in the console object group to put the value in the saved results list. That strong reference will ensure $n values are always alive even if other object groups were used when creating and subsequently released. 2015-12-04 Timothy Hatcher Merge r188976. rdar://problem/23581597 2015-08-26 Brian Burg Web Inspector: REGRESSION(r188965): BackendDispatcher loses request ids when called re-entrantly https://bugs.webkit.org/show_bug.cgi?id=148480 Reviewed by Joseph Pecoraro. I added an assertion that m_currentRequestId is Nullopt when dispatch() is called, but this should not hold if dispatching a backend command while debugger is paused. I will remove the assertion and add proper scoping for all dispatch() branches. No new tests, this wrong assert caused inspector/dom-debugger/node-removed.html to crash reliably. * inspector/InspectorBackendDispatcher.cpp: (Inspector::BackendDispatcher::dispatch): Cover each exit with an appropriate TemporaryChange scope. 2015-12-02 Timothy Hatcher Merge r188965. rdar://problem/23581597 2015-08-25 Brian Burg Web Inspector: no need to allocate protocolErrors array for every dispatched backend command https://bugs.webkit.org/show_bug.cgi?id=146466 Reviewed by Joseph Pecoraro. Clean up some of the backend dispatcher code, with a focus on eliminating useless allocations of objects in the common case when no protocol errors happen. This is done by saving the current id of each request as it is being processed by the backend dispatcher, and tagging any subsequent errors with that id. This also means we don't have to thread the requestId except in the async command code path. This patch also lifts some common code shared between all generated backend command implementatations into the per-domain dispatch method instead. This reduces generated code size. To be consistent, this patch standardizes on calling the id of a backend message its 'requestId'. Requests can be handled synchronously or asynchronously (triggered via the 'async' property). No new tests, covered by existing protocol tests. * inspector/InspectorBackendDispatcher.cpp: (Inspector::BackendDispatcher::CallbackBase::CallbackBase): Split the two code paths for reporting success and failure. (Inspector::BackendDispatcher::CallbackBase::sendFailure): (Inspector::BackendDispatcher::CallbackBase::sendSuccess): Renamed from sendIfActive. (Inspector::BackendDispatcher::dispatch): Reset counters and current requestId before dispatching. No need to manually thread the requestId to all reportProtocolError calls. (Inspector::BackendDispatcher::hasProtocolErrors): Added. (Inspector::BackendDispatcher::sendResponse): (Inspector::BackendDispatcher::sendPendingErrors): Send any saved protocol errors to the frontend. Always send a 'data' member with all of the errors, even if there's just one. We might want to add more information about errors later. (Inspector::BackendDispatcher::reportProtocolError): Enqueue a protocol error to be sent later. (Inspector::BackendDispatcher::getPropertyValue): Remove useless type parameters and nuke most of the type conversion methods. Use std::function types instead of function pointer types. (Inspector::castToInteger): Added. (Inspector::castToNumber): Added. (Inspector::BackendDispatcher::getInteger): (Inspector::BackendDispatcher::getDouble): (Inspector::BackendDispatcher::getString): (Inspector::BackendDispatcher::getBoolean): (Inspector::BackendDispatcher::getObject): (Inspector::BackendDispatcher::getArray): (Inspector::BackendDispatcher::getValue): (Inspector::getPropertyValue): Deleted. (Inspector::AsMethodBridges::asInteger): Deleted. (Inspector::AsMethodBridges::asDouble): Deleted. (Inspector::AsMethodBridges::asString): Deleted. (Inspector::AsMethodBridges::asBoolean): Deleted. (Inspector::AsMethodBridges::asObject): Deleted. (Inspector::AsMethodBridges::asArray): Deleted. (Inspector::AsMethodBridges::asValue): Deleted. * inspector/InspectorBackendDispatcher.h: * inspector/scripts/codegen/cpp_generator_templates.py: Extract 'params' object in domain dispatch method. Omit requestIds where possible. Convert dispatch tables to use NeverDestroyed. Check the protocol error count to decide whether to abort the dispatch or not, rather than allocating our own errors array. * inspector/scripts/codegen/cpp_generator_templates.py: (void): * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py: Revert to passing RefPtr since parameters are now being passed rather than the message object. Some commands do not require parameters. * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py: (CppBackendDispatcherImplementationGenerator.generate_output): (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain): (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command): * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py: (ObjCBackendDispatcherHeaderGenerator._generate_objc_handler_declaration_for_command): * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py: (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_command): (ObjCConfigurationImplementationGenerator._generate_success_block_for_command): * inspector/scripts/codegen/objc_generator_templates.py: Rebaseline some protocol generator tests. * inspector/scripts/tests/expected/commands-with-async-attribute.json-result: * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result: * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result: * inspector/scripts/tests/expected/enum-values.json-result: * inspector/scripts/tests/expected/events-with-optional-parameters.json-result: * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result: * inspector/scripts/tests/expected/same-type-id-different-domain.json-result: * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result: * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result: * inspector/scripts/tests/expected/type-declaration-array-type.json-result: * inspector/scripts/tests/expected/type-declaration-enum-type.json-result: * inspector/scripts/tests/expected/type-declaration-object-type.json-result: * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result: 2015-12-02 Timothy Hatcher Merge r188897. rdar://problem/23581597 2015-08-24 Brian Burg Web Inspector: add protocol test for existing error handling performed by the backend https://bugs.webkit.org/show_bug.cgi?id=147097 Reviewed by Joseph Pecoraro. A new test revealed that the protocol "method" parameter was being parsed in a naive way. Rewrite it to use String::split and improve error checking to avoid failing later. * inspector/InspectorBackendDispatcher.cpp: (Inspector::BackendDispatcher::dispatch): 2015-12-04 Timothy Hatcher Merge r188656. rdar://problem/23581597 2015-08-19 Joseph Pecoraro Web Inspector: Unexpected node preview format for an element with newlines in className attribute https://bugs.webkit.org/show_bug.cgi?id=148192 Reviewed by Brian Burg. * inspector/InjectedScriptSource.js: (InjectedScript.prototype._nodePreview): Replace whitespace blocks with single spaces to produce a simpler class string for previews. 2015-12-04 Timothy Hatcher Merge r188403. rdar://problem/23581597 2015-08-13 Joseph Pecoraro Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console https://bugs.webkit.org/show_bug.cgi?id=147966 Reviewed by Timothy Hatcher. * inspector/InjectedScriptSource.js: (InjectedScript.prototype._initialPreview): Renamed to initial preview. This is not a complete preview for this object, and it needs some processing in order to be a complete accurate preview. (InjectedScript.RemoteObject.prototype._emptyPreview): This attempts to be an accurate empty preview for the given object. For types with entries, it adds an empty entries list and updates the overflow and lossless properties. (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue): Take a generatePreview parameter to generate a full preview or empty preview. (InjectedScript.RemoteObject.prototype._appendPropertyPreviews): (InjectedScript.RemoteObject.prototype._appendEntryPreviews): (InjectedScript.RemoteObject.prototype._isPreviewableObject): Take care to avoid cycles. 2015-12-04 Timothy Hatcher Merge r187897. rdar://problem/23581597 2015-08-04 Joseph Pecoraro Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text https://bugs.webkit.org/show_bug.cgi?id=147328 Reviewed by Timothy Hatcher. * inspector/InjectedScriptSource.js: Use classList and classList.toString instead of className. 2015-12-02 Timothy Hatcher Merge r191967. rdar://problem/23221163 2015-11-03 Joseph Pecoraro Web Inspector: Handle or Remove ParseHTML Timeline Event Records https://bugs.webkit.org/show_bug.cgi?id=150689 Reviewed by Timothy Hatcher. * inspector/protocol/Timeline.json: 2015-12-04 Timothy Hatcher Merge r191651. rdar://problem/23581597 2015-10-27 Joseph Pecoraro Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available https://bugs.webkit.org/show_bug.cgi?id=150615 Reviewed by Timothy Hatcher. * inspector/protocol/Timeline.json: 2015-12-04 Timothy Hatcher Merge r189104. rdar://problem/23581597 2015-08-28 Joseph Pecoraro Web Inspector: Separate creating a style sheet from adding a new rule in the protocol https://bugs.webkit.org/show_bug.cgi?id=148502 Reviewed by Timothy Hatcher. * inspector/protocol/CSS.json: Add CSS.createStyleSheet. Modify CSS.addRule. 2015-12-04 Timothy Hatcher Merge r189002. rdar://problem/23581597 2015-08-26 Joseph Pecoraro Web Inspector: Implement tracking of active stylesheets in the frontend https://bugs.webkit.org/show_bug.cgi?id=105828 Reviewed by Timothy Hatcher. * inspector/protocol/CSS.json: Add new events for when a StyleSheet is added or removed. 2015-12-04 Timothy Hatcher Merge r188631. rdar://problem/23581597 2015-08-18 Joseph Pecoraro Web Inspector: Links for rules in