diff options
Diffstat (limited to 'Source/JavaScriptCore/ChangeLog-2012-05-22')
| -rw-r--r-- | Source/JavaScriptCore/ChangeLog-2012-05-22 | 70902 |
1 files changed, 70902 insertions, 0 deletions
diff --git a/Source/JavaScriptCore/ChangeLog-2012-05-22 b/Source/JavaScriptCore/ChangeLog-2012-05-22 new file mode 100644 index 000000000..2b3dee1b1 --- /dev/null +++ b/Source/JavaScriptCore/ChangeLog-2012-05-22 @@ -0,0 +1,70902 @@ +2012-05-22 Yong Li <yoli@rim.com> + + [BlackBerry] getPlatformThreadRegisters() should fetch target thread's registers + https://bugs.webkit.org/show_bug.cgi?id=87148 + + Reviewed by George Staikos. + + Our previous implementation of getPlatformThreadRegisters() read registers in current + thread's context but it is supposed to read the target thread's registers. + + * heap/MachineStackMarker.cpp: + (JSC::getPlatformThreadRegisters): + +2012-05-05 Filip Pizlo <fpizlo@apple.com> + + DFG should support reflective arguments access + https://bugs.webkit.org/show_bug.cgi?id=85721 + + Reviewed by Oliver Hunt. + + Merged r116345 from dfgopt. + + This adds support for op_create_arguments to the DFG. No other arguments-related + opcodes are added by this change, though it does add a lot of the scaffolding + necessary for the other ops. + + This also adds GetByVal/PutByVal optimizations for Arguments. + + Finally, this rationalizes slowPathCall with no return. Previously, that would + work via callOperation() overloads that took InvalidGPRReg as the return GPR. + But that creates awful ambiguity, since we had template functions that were + polymorphic over all parameters except the second, which was a GPRReg, and a + bunch of non-template overloads that also potentially had GPRReg as the second + argument. I finally started to hit this ambiguity and was getting absolutely + bizarre compiler errors, that made me feel like I was programming in SML. So, + I changed the no-argument overloads to take NoResultTag instead, which made + everything sensible again by eliminating the overload ambiguity. + + This is a ~7% speed-up on V8/earley and neutral elsewhere. + + * bytecode/PredictedType.h: + (JSC::isArgumentsPrediction): + (JSC): + (JSC::isActionableMutableArrayPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCCallHelpers.h: + (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): + (CCallHelpers): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + (JSC::DFG::canInlineOpcode): + * dfg/DFGCommon.h: + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + * dfg/DFGNode.h: + (JSC::DFG::Node::unmodifiedArgumentsRegister): + (Node): + (JSC::DFG::Node::shouldSpeculateArguments): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): + (DFG): + (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl): + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::pickCanTrample): + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::cachedPutById): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::cachedPutById): + (JSC::DFG::SpeculativeJIT::compile): + * runtime/Arguments.h: + (ArgumentsData): + (Arguments): + (JSC::Arguments::offsetOfData): + +2011-05-21 Geoffrey Garen <ggaren@apple.com> + + GC allocation trigger should be tuned to system RAM + https://bugs.webkit.org/show_bug.cgi?id=87039 + + Reviewed by Darin Adler. + + This helps avoid OOM crashes on small platforms, and helps avoid "too much GC" + performance issues on big platforms. + + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::collect): + * heap/Heap.h: + (Heap): GC balances between a fixed minimum and a proportional multiplier, + which are limited based on system RAM. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::createContextGroup): + (JSC::JSGlobalData::create): + (JSC::JSGlobalData::createLeaked): + * runtime/JSGlobalData.h: + (JSGlobalData): Renamed HeapSize to HeapType because the exact size is + influenced by the heap type, but not determined by it. + +2012-05-21 Gavin Barraclough <barraclough@apple.com> + + Disable private names by default in WebCore + https://bugs.webkit.org/show_bug.cgi?id=87088 + + Reviewed by Geoff Garen. + + r117859 introduced a preliminary implementation of ES6-like private name objects to JSC. + These are probably not yet ready to be web-facing, so disabling by default in WebCore. + Opting-in for JSC & DumpRenderTree so that we can still run the fast/js/names.html test. + + * jsc.cpp: + (GlobalObject): + (GlobalObject::javaScriptExperimentsEnabled): + - Implemented new trap to opt-in to private names support. + * runtime/JSGlobalObject.cpp: + (JSC): + (JSC::JSGlobalObject::reset): + - Only add the Name property to the global object if experiments are enabled. + * runtime/JSGlobalObject.h: + (GlobalObjectMethodTable): + - Added new trap to enabled experiments. + (JSGlobalObject): + (JSC::JSGlobalObject::finishCreation): + - Set the global object's m_experimentsEnabled state on construction. + (JSC::JSGlobalObject::javaScriptExperimentsEnabled): + - Defaults to off. + +2012-05-06 Filip Pizlo <fpizlo@apple.com> + + Truncating multiplication on integers should not OSR exit every time + https://bugs.webkit.org/show_bug.cgi?id=85752 + + Reviewed by Gavin Barraclough. + + Merge r116264 from dfgopt. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::mulShouldSpeculateInteger): + (Graph): + (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileArithMul): + +2012-05-21 Csaba Osztrogonác <ossy@webkit.org> + + DFG should be able to compute dominators + https://bugs.webkit.org/show_bug.cgi?id=85269 + + Unreviewed trivial 32 bit buildfix after r117861. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + +2012-05-21 Filip Pizlo <fpizlo@apple.com> + + DFG should be able to compute dominators + https://bugs.webkit.org/show_bug.cgi?id=85269 + + Reviewed by Oliver Hunt. + + Merged r115754 from dfgopt. + + Implements a naive dominator calculator, which is currently just used to + print information in graph dumps. I've enabled it by default mainly to + be able to track its performance impact. So far it appears that there is + none, which is unsurprising given that the number of basic blocks in most + procedures is small. + + Also tweaked bytecode dumping to reveal more useful information about the + nature of the code block. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * dfg/DFGDominators.cpp: Added. + (DFG): + (JSC::DFG::Dominators::Dominators): + (JSC::DFG::Dominators::~Dominators): + (JSC::DFG::Dominators::compute): + (JSC::DFG::Dominators::iterateForBlock): + * dfg/DFGDominators.h: Added. + (DFG): + (Dominators): + (JSC::DFG::Dominators::invalidate): + (JSC::DFG::Dominators::computeIfNecessary): + (JSC::DFG::Dominators::isValid): + (JSC::DFG::Dominators::dominates): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (Graph): + +2012-05-21 Michael Saboff <msaboff@apple.com> + + Cleanup of Calls to operationStrCat and operationNewArray and Use Constructor after r117729 + https://bugs.webkit.org/show_bug.cgi?id=87027 + + Reviewed by Oliver Hunt. + + Change calls to operationStrCat and operationNewArray to provide the + pointer to the EncodedJSValue* data buffer instead of the ScratchBuffer + that contains it. Added a ScratchBuffer::create() function. + This is a clean-up to r117729. + + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSGlobalData.h: + (JSC::ScratchBuffer::create): + (JSC::ScratchBuffer::dataBuffer): + (JSC::JSGlobalData::scratchBufferForSize): + +2012-05-15 Gavin Barraclough <barraclough@apple.com> + + Add support for private names + https://bugs.webkit.org/show_bug.cgi?id=86509 + + Reviewed by Oliver Hunt. + + The spec isn't final, but we can start adding support to allow property maps + to contain keys that aren't identifiers. + + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertySlot): + (JSC::::put): + (JSC::::deleteProperty): + (JSC::::getStaticValue): + (JSC::::staticFunctionGetter): + (JSC::::callbackGetter): + - Only expose public named properties over the JSC API. + * CMakeLists.txt: + * DerivedSources.make: + * DerivedSources.pri: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + - Added new files to build system. + * dfg/DFGOperations.cpp: + (JSC::DFG::operationPutByValInternal): + - Added support for property access with name objects. + * interpreter/CallFrame.h: + (JSC::ExecState::privateNamePrototypeTable): + - Added hash table for NamePrototype + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + - Added support for property access with name objects. + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + - Added support for property access with name objects. + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::getByVal): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * runtime/CommonSlowPaths.h: + (JSC::CommonSlowPaths::opIn): + * runtime/JSActivation.cpp: + (JSC::JSActivation::symbolTableGet): + (JSC::JSActivation::symbolTablePut): + (JSC::JSActivation::symbolTablePutWithAttributes): + - Added support for property access with name objects. + * runtime/JSGlobalData.cpp: + (JSC): + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + * runtime/JSGlobalData.h: + (JSGlobalData): + - Added hash table for NamePrototype + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSGlobalObject.h: + (JSGlobalObject): + (JSC::JSGlobalObject::privateNameStructure): + (JSC::JSGlobalObject::symbolTableHasProperty): + - Added new global properties. + * runtime/JSType.h: + * runtime/JSTypeInfo.h: + (JSC::TypeInfo::isName): + - Added type for NameInstances, for fast isName check. + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::deleteProperty): + (JSC::JSVariableObject::symbolTableGet): + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::symbolTableGet): + (JSC::JSVariableObject::symbolTablePut): + (JSC::JSVariableObject::symbolTablePutWithAttributes): + - symbol table lookup should take a PropertyName. + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/Lookup.h: + (JSC::HashTable::entry): + - entry lookup should take a PropertyName. + * runtime/NameConstructor.cpp: Added. + (JSC): + (JSC::NameConstructor::NameConstructor): + (JSC::NameConstructor::finishCreation): + (JSC::constructPrivateName): + (JSC::NameConstructor::getConstructData): + (JSC::NameConstructor::getCallData): + * runtime/NameConstructor.h: Added. + (JSC): + (NameConstructor): + (JSC::NameConstructor::create): + (JSC::NameConstructor::createStructure): + - Added constructor. + * runtime/NameInstance.cpp: Added. + (JSC): + (JSC::NameInstance::NameInstance): + (JSC::NameInstance::destroy): + * runtime/NameInstance.h: Added. + (JSC): + (NameInstance): + (JSC::NameInstance::createStructure): + (JSC::NameInstance::create): + (JSC::NameInstance::privateName): + (JSC::NameInstance::nameString): + (JSC::NameInstance::finishCreation): + (JSC::isName): + - Added instance. + * runtime/NamePrototype.cpp: Added. + (JSC): + (JSC::NamePrototype::NamePrototype): + (JSC::NamePrototype::finishCreation): + (JSC::NamePrototype::getOwnPropertySlot): + (JSC::NamePrototype::getOwnPropertyDescriptor): + (JSC::privateNameProtoFuncToString): + * runtime/NamePrototype.h: Added. + (JSC): + (NamePrototype): + (JSC::NamePrototype::create): + (JSC::NamePrototype::createStructure): + - Added prototype. + * runtime/PrivateName.h: Added. + (JSC): + (PrivateName): + (JSC::PrivateName::PrivateName): + (JSC::PrivateName::uid): + - A private name object holds a StringImpl that can be used as a unique key in a property map. + * runtime/PropertyMapHashTable.h: + (JSC::PropertyTable::find): + (JSC::PropertyTable::findWithString): + - Strings should only match keys in the table that are identifiers. + * runtime/PropertyName.h: + (JSC::PropertyName::PropertyName): + (PropertyName): + (JSC::PropertyName::uid): + (JSC::PropertyName::publicName): + (JSC::PropertyName::asIndex): + (JSC::operator==): + (JSC::operator!=): + - replaced impl() & ustring() with uid() [to get the raw impl] and publicName() [impl or null, if not an identifier]. + * runtime/Structure.cpp: + (JSC::Structure::despecifyDictionaryFunction): + (JSC::Structure::addPropertyTransitionToExistingStructure): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::attributeChangeTransition): + (JSC::Structure::get): + (JSC::Structure::despecifyFunction): + (JSC::Structure::putSpecificValue): + (JSC::Structure::remove): + (JSC::Structure::getPropertyNamesFromStructure): + * runtime/Structure.h: + (JSC::Structure::get): + - call uid() to get a PropertyName raw impl, for use as a key. + +2012-04-30 Filip Pizlo <fpizlo@apple.com> + + Bytecode dumps should contain data about the state of get_by_id caches + https://bugs.webkit.org/show_bug.cgi?id=85246 + + Reviewed by Gavin Barraclough. + + Merge r115694 from dfgopt. + + Changed the DFG bytecode parser (and the code that calls it) to be able + to call codeBlock->dump() on the code blocks being parsed. + + Changed bytecode dumping to be able to print the state of get_by_id + caches inline with the bytecode. + + Removed the old StructureStubInfo dumping code, which no longer worked + right, and was incapable of telling us information about chain and list + accesses. + + This change does not add dumping for put_by_id caches. We can add that + at a later time. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::printUnaryOp): + (JSC::CodeBlock::printBinaryOp): + (JSC::CodeBlock::printConditionalJump): + (JSC::CodeBlock::printGetByIdOp): + (JSC::dumpStructure): + (JSC): + (JSC::dumpChain): + (JSC::CodeBlock::printGetByIdCacheStatus): + (JSC::CodeBlock::printCallOp): + (JSC::CodeBlock::printPutByIdOp): + (JSC::printGlobalResolveInfo): + (JSC::CodeBlock::printStructure): + (JSC::CodeBlock::printStructures): + (JSC::CodeBlock::dump): + (JSC::CodeBlock::visitStructures): + (JSC::ProgramCodeBlock::jitCompileImpl): + (JSC::EvalCodeBlock::jitCompileImpl): + (JSC::FunctionCodeBlock::jitCompileImpl): + * bytecode/CodeBlock.h: + (CodeBlock): + (JSC::CodeBlock::jitCompile): + (ProgramCodeBlock): + (EvalCodeBlock): + (FunctionCodeBlock): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (ByteCodeParser): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + (JSC::DFG::parse): + * dfg/DFGByteCodeParser.h: + (DFG): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + (JSC::DFG::tryCompile): + (JSC::DFG::tryCompileFunction): + * dfg/DFGDriver.h: + (DFG): + (JSC::DFG::tryCompile): + (JSC::DFG::tryCompileFunction): + * dfg/DFGOSRExitCompiler.cpp: + * jit/JITDriver.h: + (JSC::jitCompileIfAppropriate): + (JSC::jitCompileFunctionIfAppropriate): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::jitCompileAndSetHeuristics): + * runtime/Executable.cpp: + (JSC::EvalExecutable::jitCompile): + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::jitCompile): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::jitCompileForCall): + (JSC::FunctionExecutable::jitCompileForConstruct): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (EvalExecutable): + (ProgramExecutable): + (FunctionExecutable): + (JSC::FunctionExecutable::jitCompileFor): + * runtime/ExecutionHarness.h: + (JSC::prepareForExecution): + (JSC::prepareFunctionForExecution): + +2012-05-21 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Add missing header files. + +2012-05-21 Allan Sandfeld Jensen <allan.jensen@nokia.com> + + GCC 4.7 and C++11 + https://bugs.webkit.org/show_bug.cgi?id=86465 + + Reviewed by Darin Adler. + + Set emptyValueIsZero flag so RegExpKey can be used with the non-copyable RegExp values. + + * runtime/RegExpKey.h: + +2012-05-20 Michael Saboff <msaboff@apple.com> + + JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection + https://bugs.webkit.org/show_bug.cgi?id=86553 + + Reviewed by Gavin Barraclough. + + Scratch buffers can contain the only reference to live objects. + Therefore visit scratch buffer contents as conservative roots. + Changed the scratch buffers to be a struct with an "active" + length and the actual buffer. The users of the scratch + buffer emit code where needed to set and clear the active + length as appropriate. During marking, the active count is + used for conservative marking. + + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::debugCall): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGThunks.cpp: + (JSC::DFG::osrExitGenerationThunkGenerator): + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::gatherConservativeRoots): + * runtime/JSGlobalData.h: + (JSC::ScratchBuffer::ScratchBuffer): + (ScratchBuffer): + (JSC::ScratchBuffer::allocationSize): + (JSC::ScratchBuffer::setActiveLength): + (JSC::ScratchBuffer::activeLength): + (JSC::ScratchBuffer::activeLengthPtr): + (JSC::ScratchBuffer::dataBuffer): + (JSGlobalData): + (JSC::JSGlobalData::scratchBufferForSize): + +2012-05-20 Filip Pizlo <fpizlo@apple.com> + + Predicted types should know about arguments + https://bugs.webkit.org/show_bug.cgi?id=85165 + + Reviewed by Oliver Hunt. + + Merge r115604 from dfgopt. + + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + (JSC::predictionToAbbreviatedString): + (JSC::predictionFromClassInfo): + * bytecode/PredictedType.h: + (JSC): + (JSC::isMyArgumentsPrediction): + (JSC::isArgumentsPrediction): + +2012-05-20 Filip Pizlo <fpizlo@apple.com> + + Bytecompiler should emit trivially fewer jumps in loops + https://bugs.webkit.org/show_bug.cgi?id=85144 + + Reviewed by Oliver Hunt. + + Merged r115587 from dfgopt. + + 1-2% across the board win. + + * bytecompiler/NodesCodegen.cpp: + (JSC::WhileNode::emitBytecode): + (JSC::ForNode::emitBytecode): + +2012-05-19 Vivek Galatage <vivekgalatage@gmail.com> + + Windows build broken due to changes in the http://trac.webkit.org/changeset/117646 + https://bugs.webkit.org/show_bug.cgi?id=86939 + + The changeset 117646 changed the JSString::toBoolean signature. This + change is for fixing the windows build break. + + Reviewed by Ryosuke Niwa. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-05-18 Filip Pizlo <fpizlo@apple.com> + + REGRESSION(117646): fast/canvas/webgl/glsl-conformance.html is crashing in the DFG + https://bugs.webkit.org/show_bug.cgi?id=86929 + + Reviewed by Oliver Hunt. + + The problem was that if CFG simplification saw a Branch with identical successors, + it would always perform a basic block merge. But that's wrong if the successor has + other predecessors. + + * dfg/DFGCFGSimplificationPhase.cpp: + (JSC::DFG::CFGSimplificationPhase::run): + +2012-05-18 Filip Pizlo <fpizlo@apple.com> + + DFG CFG simplification crashes if it's trying to remove an unreachable block + that has an already-killed-off unreachable successor + https://bugs.webkit.org/show_bug.cgi?id=86918 + + Reviewed by Oliver Hunt. + + This fixes crashes in: + inspector/styles/styles-computed-trace.html + inspector/console/console-big-array.html + + * dfg/DFGCFGSimplificationPhase.cpp: + (JSC::DFG::CFGSimplificationPhase::fixPhis): + +2012-05-18 Filip Pizlo <fpizlo@apple.com> + + DFG should have control flow graph simplification + https://bugs.webkit.org/show_bug.cgi?id=84553 + + Reviewed by Oliver Hunt. + + Merged r115512 from dfgopt. + + This change gives the DFG the ability to simplify the control flow graph + as part of an optimization fixpoint that includes CSE, CFA, and constant + folding. This required a number of interesting changes including: + + - Solidifying the set of invariants that the DFG obeys. For example, the + head and tail of each basic block must advertise the set of live locals + and the set of available locals, respectively. It must do so by + referring to the first access to the local in the block (for head) and + the last one (for tail). This patch introduces the start of a + validation step that may be turned on even with asserts disabled. To + ensure that these invariants are preserved, I had to remove the + redundant phi elimination phase. For now I just remove the call, but in + the future we will probably remove it entirely unless we find a use for + it. + + - Making it easier to get the boolean version of a JSValue. This is a + pure operation, but we previously did not treat it as such. + + - Fixing the merging and filtering of AbstractValues that correspond to + concrete JSValues. This was previously broken and was limiting the + effect of running constant folding. Fixing this meant that I had to + change how constant folding eliminates GetLocal nodes, so as to ensure + that the resulting graph still obeys DFG rules. + + - Introducing simplified getters for some of the things that DFG phases + want to know about, like the Nth child of a node (now just + graph.child(...) if you don't care about performance too much) or + getting successors of a basic block. + + The current CFG simplifier can handle almost all of the cases that it + ought to handle; the noteworthy one that is not yet handled is removing + basic blocks that just have jumps. To do this right we need to be able + to remove jump-only blocks that also perform keep-alive on some values. + To make this work, we need to be able to hoist the keep-alive into (or + just above) a Branch. This is not fundamentally difficult but I opted to + let this patch omit this optimization. We can handle this later. + + This is a big win on programs that include inline functions that are + often called with constant arguments. Of course, SunSpider, V8, and + Kraken don't count. Those benchmarks are completely neutral with this + change. + + * API/JSValueRef.cpp: + (JSValueToBoolean): + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.h: + (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex): + * bytecode/Operands.h: + (JSC::Operands::setOperandFirstTime): + (Operands): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::initialize): + (JSC::DFG::AbstractState::execute): + (JSC::DFG::AbstractState::mergeStateAtTail): + (JSC::DFG::AbstractState::mergeToSuccessors): + * dfg/DFGAbstractValue.h: + (JSC::DFG::AbstractValue::isClear): + (JSC::DFG::AbstractValue::operator!=): + (JSC::DFG::AbstractValue::merge): + (JSC::DFG::AbstractValue::filter): + (JSC::DFG::AbstractValue::validateIgnoringValue): + (AbstractValue): + * dfg/DFGAdjacencyList.h: + (JSC::DFG::AdjacencyList::child): + (JSC::DFG::AdjacencyList::setChild): + (AdjacencyList): + * dfg/DFGBasicBlock.h: + (JSC::DFG::BasicBlock::~BasicBlock): + (BasicBlock): + (JSC::DFG::BasicBlock::numNodes): + (JSC::DFG::BasicBlock::nodeIndex): + (JSC::DFG::BasicBlock::isPhiIndex): + (JSC::DFG::BasicBlock::isInPhis): + (JSC::DFG::BasicBlock::isInBlock): + * dfg/DFGByteCodeParser.cpp: + (ByteCodeParser): + (DFG): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGCFAPhase.cpp: + (JSC::DFG::CFAPhase::run): + (JSC::DFG::CFAPhase::performBlockCFA): + (JSC::DFG::performCFA): + * dfg/DFGCFAPhase.h: + (DFG): + * dfg/DFGCFGSimplificationPhase.cpp: Added. + (DFG): + (CFGSimplificationPhase): + (JSC::DFG::CFGSimplificationPhase::CFGSimplificationPhase): + (JSC::DFG::CFGSimplificationPhase::run): + (JSC::DFG::CFGSimplificationPhase::killUnreachable): + (JSC::DFG::CFGSimplificationPhase::findOperandSource): + (JSC::DFG::CFGSimplificationPhase::keepOperandAlive): + (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal): + (JSC::DFG::CFGSimplificationPhase::jettisonBlock): + (JSC::DFG::CFGSimplificationPhase::fixPhis): + (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors): + (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference): + (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution): + (OperandSubstitution): + (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump): + (JSC::DFG::CFGSimplificationPhase::skipGetLocal): + (JSC::DFG::CFGSimplificationPhase::fixTailOperand): + (JSC::DFG::CFGSimplificationPhase::mergeBlocks): + (JSC::DFG::performCFGSimplification): + * dfg/DFGCFGSimplificationPhase.h: Added. + (DFG): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::run): + (CSEPhase): + (JSC::DFG::CSEPhase::impureCSE): + (JSC::DFG::CSEPhase::globalVarLoadElimination): + (JSC::DFG::CSEPhase::getByValLoadElimination): + (JSC::DFG::CSEPhase::checkStructureLoadElimination): + (JSC::DFG::CSEPhase::getByOffsetLoadElimination): + (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::performNodeCSE): + (JSC::DFG::CSEPhase::performBlockCSE): + (JSC::DFG::performCSE): + * dfg/DFGCSEPhase.h: + (DFG): + * dfg/DFGCommon.h: + * dfg/DFGConstantFoldingPhase.cpp: + (JSC::DFG::ConstantFoldingPhase::run): + (JSC::DFG::performConstantFolding): + * dfg/DFGConstantFoldingPhase.h: + (DFG): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGEdge.h: + (Edge): + (JSC::DFG::Edge::operator UnspecifiedBoolType*): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::run): + (JSC::DFG::FixupPhase::fixupBlock): + (JSC::DFG::performFixup): + * dfg/DFGFixupPhase.h: + (DFG): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::handleSuccessor): + (DFG): + (JSC::DFG::Graph::determineReachability): + (JSC::DFG::Graph::resetReachability): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::deref): + (JSC::DFG::Graph::changeIndex): + (Graph): + (JSC::DFG::Graph::changeEdge): + (JSC::DFG::Graph::numSuccessors): + (JSC::DFG::Graph::successor): + (JSC::DFG::Graph::successorForCondition): + (JSC::DFG::Graph::isPredictedNumerical): + (JSC::DFG::Graph::byValIsPure): + (JSC::DFG::Graph::clobbersWorld): + (JSC::DFG::Graph::numChildren): + (JSC::DFG::Graph::child): + * dfg/DFGNode.h: + (JSC::DFG::Node::convertToConstant): + (JSC::DFG::Node::numSuccessors): + (Node): + (JSC::DFG::Node::successor): + (JSC::DFG::Node::successorForCondition): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * dfg/DFGOperations.cpp: + * dfg/DFGPhase.cpp: + (JSC::DFG::Phase::endPhase): + * dfg/DFGPhase.h: + (JSC::DFG::runPhase): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::run): + (JSC::DFG::performPredictionPropagation): + * dfg/DFGPredictionPropagationPhase.h: + (DFG): + * dfg/DFGRedundantPhiEliminationPhase.cpp: + (JSC::DFG::RedundantPhiEliminationPhase::run): + (JSC::DFG::performRedundantPhiElimination): + * dfg/DFGRedundantPhiEliminationPhase.h: + (DFG): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::use): + (ScoreBoard): + (JSC::DFG::ScoreBoard::useIfHasResult): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::createOSREntries): + (JSC::DFG::SpeculativeJIT::linkOSREntries): + (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): + (JSC::DFG::SpeculativeJIT::compileRegExpExec): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::nextBlock): + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::use): + (JSC::DFG::SpeculativeJIT::jump): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGValidate.cpp: Added. + (DFG): + (Validate): + (JSC::DFG::Validate::Validate): + (JSC::DFG::Validate::validate): + (JSC::DFG::Validate::reportValidationContext): + (JSC::DFG::Validate::dumpData): + (JSC::DFG::Validate::dumpGraphIfAppropriate): + (JSC::DFG::validate): + * dfg/DFGValidate.h: Added. + (DFG): + (JSC::DFG::validate): + * dfg/DFGVirtualRegisterAllocationPhase.cpp: + (JSC::DFG::VirtualRegisterAllocationPhase::run): + (JSC::DFG::performVirtualRegisterAllocation): + * dfg/DFGVirtualRegisterAllocationPhase.h: + (DFG): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncSome): + * runtime/BooleanConstructor.cpp: + (JSC::constructBoolean): + (JSC::callBooleanConstructor): + * runtime/JSCell.h: + (JSCell): + * runtime/JSObject.cpp: + (JSC): + * runtime/JSObject.h: + * runtime/JSString.cpp: + (JSC::JSString::toBoolean): + * runtime/JSString.h: + (JSString): + (JSC::JSCell::toBoolean): + (JSC::JSValue::toBoolean): + * runtime/JSValue.h: + * runtime/ObjectConstructor.cpp: + (JSC::toPropertyDescriptor): + * runtime/RegExpConstructor.cpp: + (JSC::setRegExpConstructorMultiline): + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncToString): + +2012-05-18 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, build fix. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR): + +2012-04-17 Filip Pizlo <fpizlo@apple.com> + + DFG should have constant propagation + https://bugs.webkit.org/show_bug.cgi?id=84004 + + Reviewed by Gavin Barraclough. + + Merge r114554 from dfgopt. + + Changes AbstractValue to be able to hold a "set" of constants, where + the maximum set size is 1 - so merging a value containing constant A + with another value containing constant B where A != B will result in + the AbstractValue claiming that it does not know any constants (i.e. + it'll just have a predicted type and possible a structure). + + Added a constant folding phase that uses this new information to + replace pure operations known to have constant results with + JSConstants. This is OSR-exit-aware, in that it will prepend a Phantom + that refers to all of the kids of the node we replaced. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::beginBasicBlock): + (JSC::DFG::AbstractState::endBasicBlock): + (JSC::DFG::AbstractState::execute): + * dfg/DFGAbstractState.h: + (AbstractState): + * dfg/DFGAbstractValue.h: + (JSC::DFG::AbstractValue::clear): + (JSC::DFG::AbstractValue::isClear): + (JSC::DFG::AbstractValue::makeTop): + (JSC::DFG::AbstractValue::clobberValue): + (AbstractValue): + (JSC::DFG::AbstractValue::valueIsTop): + (JSC::DFG::AbstractValue::value): + (JSC::DFG::AbstractValue::set): + (JSC::DFG::AbstractValue::operator==): + (JSC::DFG::AbstractValue::merge): + (JSC::DFG::AbstractValue::filter): + (JSC::DFG::AbstractValue::validate): + (JSC::DFG::AbstractValue::checkConsistency): + (JSC::DFG::AbstractValue::dump): + * dfg/DFGAdjacencyList.h: + (JSC::DFG::AdjacencyList::initialize): + (AdjacencyList): + (JSC::DFG::AdjacencyList::reset): + * dfg/DFGBasicBlock.h: + (JSC::DFG::BasicBlock::BasicBlock): + (BasicBlock): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::constantCSE): + (CSEPhase): + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGConstantFoldingPhase.cpp: Added. + (DFG): + (ConstantFoldingPhase): + (JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase): + (JSC::DFG::ConstantFoldingPhase::run): + (JSC::DFG::performConstantFolding): + * dfg/DFGConstantFoldingPhase.h: Added. + (DFG): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.h: + (Graph): + (JSC::DFG::Graph::convertToConstant): + * dfg/DFGInsertionSet.h: + (JSC::DFG::InsertionSet::execute): + * dfg/DFGNode.h: + (JSC::DFG::Node::convertToConstant): + (Node): + * runtime/JSValue.cpp: + (JSC::JSValue::description): + * runtime/JSValue.h: + (JSValue): + +2012-05-18 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> + + Fix build for Qt by using ASSERT_UNUSED in DFGSpeculativeJIT + https://bugs.webkit.org/show_bug.cgi?id=86902 + + Reviewed by Andreas Kling. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR): + +2012-04-16 Filip Pizlo <fpizlo@apple.com> + + DFG should have out-of-line slow paths + https://bugs.webkit.org/show_bug.cgi?id=83992 + + Reviewed by Oliver Hunt. + + Merge of r114472 and r114553 from dfgopt. + + Introduces the notion of slow path code generation closures in the DFG. + These are defined in DFGSlowPathGenerator.h, though they are fairly + extensible so DFGSpeculativeJIT64.cpp and DFGSpeculativeJIT32_64.cpp + define a couple special-purpose ones. A slow path generation closure + (DFG::SlowPathGenerator) is executed after the main speculative path is + generated. This makes them great for scheduling slow path code out of + the way of the hot paths. + + This patch also converts most - but not all - of the DFG to use slow + path generators instead of inline slow paths. + + The result is a sub-1% improvement on SunSpider and V8, and a miniscule + regression on Kraken. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr): + (TrustedImmPtr): + (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32): + (TrustedImm32): + * bytecode/StructureStubInfo.h: + * dfg/DFGCommon.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (DFG): + (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): + (PropertyAccessRecord): + (JITCompiler): + * dfg/DFGSilentRegisterSavePlan.h: Added. + (DFG): + (SilentRegisterSavePlan): + (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan): + (JSC::DFG::SilentRegisterSavePlan::spillAction): + (JSC::DFG::SilentRegisterSavePlan::fillAction): + (JSC::DFG::SilentRegisterSavePlan::nodeIndex): + (JSC::DFG::SilentRegisterSavePlan::gpr): + (JSC::DFG::SilentRegisterSavePlan::fpr): + * dfg/DFGSlowPathGenerator.h: Added. + (DFG): + (SlowPathGenerator): + (JSC::DFG::SlowPathGenerator::SlowPathGenerator): + (JSC::DFG::SlowPathGenerator::~SlowPathGenerator): + (JSC::DFG::SlowPathGenerator::generate): + (JSC::DFG::SlowPathGenerator::label): + (JSC::DFG::SlowPathGenerator::call): + (JumpingSlowPathGenerator): + (JSC::DFG::JumpingSlowPathGenerator::JumpingSlowPathGenerator): + (JSC::DFG::JumpingSlowPathGenerator::linkFrom): + (JSC::DFG::JumpingSlowPathGenerator::jumpTo): + (CallSlowPathGenerator): + (JSC::DFG::CallSlowPathGenerator::CallSlowPathGenerator): + (JSC::DFG::CallSlowPathGenerator::call): + (JSC::DFG::CallSlowPathGenerator::setUp): + (JSC::DFG::CallSlowPathGenerator::recordCall): + (JSC::DFG::CallSlowPathGenerator::tearDown): + (CallResultAndNoArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::CallResultAndNoArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::generateInternal): + (CallResultAndOneArgumentSlowPathGenerator): + (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::CallResultAndOneArgumentSlowPathGenerator): + (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::generateInternal): + (CallResultAndTwoArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::CallResultAndTwoArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::generateInternal): + (CallResultAndThreeArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::CallResultAndThreeArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::generateInternal): + (CallResultAndFourArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::CallResultAndFourArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::generateInternal): + (CallResultAndFiveArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::CallResultAndFiveArgumentsSlowPathGenerator): + (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::generateInternal): + (JSC::DFG::slowPathCall): + (AssigningSlowPathGenerator): + (JSC::DFG::AssigningSlowPathGenerator::AssigningSlowPathGenerator): + (JSC::DFG::AssigningSlowPathGenerator::generateInternal): + (JSC::DFG::slowPathMove): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + (DFG): + (JSC::DFG::SpeculativeJIT::~SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::addSlowPathGenerator): + (JSC::DFG::SpeculativeJIT::runSlowPathGenerators): + (JSC::DFG::SpeculativeJIT::compileValueToInt32): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + * dfg/DFGSpeculativeJIT.h: + (DFG): + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR): + (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR): + (JSC::DFG::SpeculativeJIT::silentSpill): + (JSC::DFG::SpeculativeJIT::silentFill): + (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl): + (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters): + (JSC::DFG::SpeculativeJIT::pickCanTrample): + (JSC::DFG::SpeculativeJIT::silentFillAllRegisters): + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (ValueToNumberSlowPathGenerator): + (JSC::DFG::ValueToNumberSlowPathGenerator::ValueToNumberSlowPathGenerator): + (JSC::DFG::ValueToNumberSlowPathGenerator::generateInternal): + (DFG): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::cachedPutById): + (CompareAndBoxBooleanSlowPathGenerator): + (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator): + (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::generateInternal): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (ValueToNumberSlowPathGenerator): + (JSC::DFG::ValueToNumberSlowPathGenerator::ValueToNumberSlowPathGenerator): + (JSC::DFG::ValueToNumberSlowPathGenerator::generateInternal): + (DFG): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::cachedPutById): + (CompareAndBoxBooleanSlowPathGenerator): + (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator): + (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::generateInternal): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::compile): + +2012-05-18 Tony Chang <tony@chromium.org> + + remove the CSS_GRID_LAYOUT compiler define, but default grid layout to off + https://bugs.webkit.org/show_bug.cgi?id=86767 + + Reviewed by Ojan Vafai. + + * Configurations/FeatureDefines.xcconfig: Remove ENABLE_CSS_GRID_LAYOUT. + +2012-05-17 Filip Pizlo <fpizlo@apple.com> + + Setting array index -1 and looping over array causes bad behavior + https://bugs.webkit.org/show_bug.cgi?id=86733 + <rdar://problem/11477670> + + Reviewed by Oliver Hunt. + + * dfg/DFGOperations.cpp: + +2012-05-17 Geoffrey Garen <ggaren@apple.com> + + Not reviewed. + + Rolled out r117495 because it caused som out of memory crashes. + + * heap/Heap.cpp: + (JSC::Heap::collect): + +2012-05-17 Geoffrey Garen <ggaren@apple.com> + + Refactored the Heap to move more MarkedSpace logic into MarkedSpace + https://bugs.webkit.org/show_bug.cgi?id=86790 + + Reviewed by Gavin Barraclough. + + * heap/Heap.cpp: + (JSC::Heap::lastChanceToFinalize): + (JSC::Heap::markRoots): + (JSC): + (JSC::Heap::objectCount): + (JSC::Heap::size): + (JSC::Heap::capacity): + (JSC::Heap::collect): + * heap/Heap.h: + (Heap): Took all the functors from here... + + * heap/MarkedBlock.h: + (CountFunctor): + (JSC::MarkedBlock::CountFunctor::CountFunctor): + (JSC::MarkedBlock::CountFunctor::count): + (JSC::MarkedBlock::CountFunctor::returnValue): + (MarkedBlock): + * heap/MarkedSpace.h: + (JSC::ClearMarks::operator()): + (JSC): + (JSC::Sweep::operator()): + (JSC::MarkCount::operator()): + (JSC::Size::operator()): + (JSC::Capacity::operator()): + (MarkedSpace): + (JSC::MarkedSpace::clearMarks): + (JSC::MarkedSpace::sweep): + (JSC::MarkedSpace::objectCount): + (JSC::MarkedSpace::size): + (JSC::MarkedSpace::capacity): and put them here. + +2012-05-17 Geoffrey Garen <ggaren@apple.com> + + Increase the GC allocation trigger + https://bugs.webkit.org/show_bug.cgi?id=86699 + + Reviewed by Sam Weinig. + + This helps a lot when the heap is growing, and helps to resolve + the regression caused by r116484. + + * heap/Heap.cpp: + (JSC::Heap::collect): + +2012-05-16 Mark Hahnenberg <mhahnenberg@apple.com> + + GC in the middle of JSObject::allocatePropertyStorage can cause badness + https://bugs.webkit.org/show_bug.cgi?id=83839 + + Reviewed by Geoff Garen. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage. + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSObject.cpp: + (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're + growing our already-existing PropertyStorage. + * runtime/JSObject.h: + (JSObject): + (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage + and the new structure so that we can be sure a GC never occurs when our Structure + info is out of sync with our PropertyStorage. + (JSC): + (JSC::JSObject::putDirectInternal): Moved the check to see if we should + allocate more backing store before the actual property insertion into + the structure. + (JSC::JSObject::putDirectWithoutTransition): Ditto. + (JSC::JSObject::transitionTo): Ditto. + * runtime/Structure.cpp: + (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy + for property backing stores contained within the Structure class. + (JSC): + * runtime/Structure.h: + (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion + into the Structure would require resizing the property backing store so that they can + preallocate the required storage. + (Structure): + +2012-05-16 Geoffrey Garen <ggaren@apple.com> + + GC is not thread-safe when moving values between C stacks + https://bugs.webkit.org/show_bug.cgi?id=86672 + + Reviewed by Phil Pizlo. + + GC pauses thread A while marking thread A, and then B while marking B, + which isn't safe against A and B moving values between each others' + stacks. + + This is a theoretical bug -- I haven't been able to reproduce it + in the wild. + + * heap/MachineStackMarker.cpp: + (JSC::MachineThreads::gatherFromOtherThread): + (JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the + duration of stack marking, to avoid missing values that might be moving + between C stacks. + +2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com> + + Block freeing thread should not free blocks when we are actively requesting them + https://bugs.webkit.org/show_bug.cgi?id=86519 + + Reviewed by Geoff Garen. + + * heap/BlockAllocator.h: + (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done + while we hold the lock to ensure proper locking. + +2012-05-15 Filip Pizlo <fpizlo@apple.com> + + shrinkToFit() is often not called for Vectors in CodeBlock + https://bugs.webkit.org/show_bug.cgi?id=86436 + + Reviewed by Oliver Hunt. + + The vectors in CodeBlock are often appended to during various stages of + compilation, but we neglect to shrink them after compilation finishes. This + patch takes the most brutal possible approach: shrink all the vectors after + the bytecompile phase, and then shrink them again after the appropriate + JITing phase. The two shrinks are necessary because the JIT may append more + stuff, but may also generate code that directly references things in other + vectors; hence some can only be shrunk before JIT and some after. Also, + we may allow a CodeBlock to sit around for a long time - possibly forever - + before invoking the JIT, hence it makes sense to have two shrinks. + + This is performance neutral on the major benchmarks we track. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::shrinkToFit): + * bytecode/CodeBlock.h: + (CodeBlock): + (JSC::CodeBlock::appendWeakReferenceTransition): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::generate): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + +2012-05-15 Oliver Hunt <oliver@apple.com> + + Make error information available even if all we have is line number information. + https://bugs.webkit.org/show_bug.cgi?id=86547 + + Reviewed by Filip Pizlo. + + We don't need expression information to generate useful line, file, and stack information, + so only require that we have line number info available. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::throwException): + * runtime/Executable.h: + (JSC): + +2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com> + + Block freeing thread should not free blocks when we are actively requesting them + https://bugs.webkit.org/show_bug.cgi?id=86519 + + Reviewed by Geoffrey Garen. + + The block freeing thread shoots us in the foot if it decides to run while we're actively + requesting blocks and returning them. This situation can arise when there is a lot of copying + collection going on in steady state. We allocate a large swath of pages to copy into, then we + return all the newly free old pages to the BlockAllocator. In this state, if the block freeing + thread wakes up in between collections (which is more likely than it waking up during a + collection) and frees half of these pages, they will be needed almost immediately during the + next collection, causing a storm of VM allocations which we know are going to be very slow. + + What we'd like is for when things have quieted down the block freeing thread can then return + memory to the OS. Usually this will be when a page has fully loaded and has a low allocation + rate. In this situation, our opportunistic collections will only be running at least every few + seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say, + while a page is loading. + + * heap/BlockAllocator.cpp: + (JSC::BlockAllocator::BlockAllocator): Initialize our new field. + (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently. + If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out + on an update, we'll see it when we wake up again. + * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests. + (BlockAllocator): + (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks + that to true. We don't bother locking since we assume that writing to a bool is atomic. + +2012-05-14 Luke Macpherson <macpherson@chromium.org> + + Introduce ENABLE_CSS_VARIABLES compile flag. + https://bugs.webkit.org/show_bug.cgi?id=86338 + + Reviewed by Dimitri Glazkov. + + Add a configuration option for CSS Variables support, disabling it by default. + + * Configurations/FeatureDefines.xcconfig: + +2012-05-14 Gavin Barraclough <barraclough@apple.com> + + Cannot login to iCloud + https://bugs.webkit.org/show_bug.cgi?id=86321 + + Reviewed by Filip Pizlo. + + This is a bug introduced by bug#85853, we shouldn't allow assignment to + the prototype property of functions to be cached, since we need to clear + the cached inheritorID. + + * runtime/JSFunction.cpp: + (JSC::JSFunction::put): + +2012-05-14 Michael Saboff <msaboff@apple.com> + + Enh: Add the Ability to Disable / Enable JavaScript GC Timer + https://bugs.webkit.org/show_bug.cgi?id=86382 + + Reviewed by Darin Adler. + + Add flag to GCActivityCallback to enable / disable activity timer. + Add api via Heap to set the flag's value. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Windows export + * heap/Heap.cpp: + (JSC::Heap::setGarbageCollectionTimerEnabled): + * heap/Heap.h: + * runtime/GCActivityCallback.h: + (JSC::GCActivityCallback::isEnabled): + (JSC::GCActivityCallback::setEnabled): + (JSC::GCActivityCallback::GCActivityCallback): + * runtime/GCActivityCallbackCF.cpp: + (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): + +2012-05-14 Michael Saboff <msaboff@apple.com> + + Increase Debug Logging in MarkStack::validate() + https://bugs.webkit.org/show_bug.cgi?id=86408 + + Rubber-stamped by Filip Pizlo. + + Added some descriptive debug messages for the conditions and + values when a cell validation fails. + + * heap/MarkStack.cpp: + (JSC::MarkStack::validate): + +2012-05-14 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Add missing header file. + +2012-05-14 Yong Li <yoli@rim.com> + + DFG JIT didn't work with ARM EABI. + https://bugs.webkit.org/show_bug.cgi?id=84449 + + Reviewed by Filip Pizlo. + + Add a 32-bit dummy argument for some callOperation() + methods to make it work for ARM EABI. + + * dfg/DFGCCallHelpers.h: + (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): + (CCallHelpers): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::callOperation): + +2012-05-13 Gavin Barraclough <barraclough@apple.com> + + Introduce PropertyName class + https://bugs.webkit.org/show_bug.cgi?id=86241 + + Reviewed by Darin Adler. + + This patch introduced a couple of small bugs. + + * runtime/PropertyName.h: + (JSC::toUInt32FromCharacters): + - Returning wrong value for "" - should not convert to 0. + (JSC::PropertyName::PropertyName): + - Remove the ASSERT, it was a little too aspirational. + +2012-05-13 Filip Pizlo <fpizlo@apple.com> + + DFG performs incorrect constant folding on double-to-uint32 conversion in + Uint32Array PutByVal + https://bugs.webkit.org/show_bug.cgi?id=86330 + + Reviewed by Darin Adler. + + static_cast<int>(d) is wrong, since JS semantics require us to use toInt32(d). + In particular, C++ casts on typical hardware (like x86 and similar) will + return 0x80000000 for double values that are out of range of the int32 domain + (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call + for wrap-around; for example the double value 4294967297 ought to become the + int32 value 1, not 0x80000000. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + +2012-05-11 Gavin Barraclough <barraclough@apple.com> + + Introduce PropertyName class + https://bugs.webkit.org/show_bug.cgi?id=86241 + + Reviewed by Geoff Garen. + + Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type. + This change paves the way to allow for properties keyed by values that are not Identifiers. + + This change is largely a mechanical find & replace. + It also changes JSFunction's constructor to take a UString& instead of an Identifier& + (since in some cases we can no longer guarantee that we'lll have an Identifier), and + unifies Identifier's methods to obtain array indices onto PropertyName. + + The new PropertyName class retains the ability to support .impl() and .ustring(), but + in a future patch we may need to rework this, since not all PropertyNames should be + equal based on their string representation. + + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::finishCreation): + * API/JSCallbackFunction.h: + (JSCallbackFunction): + (JSC::JSCallbackFunction::create): + * API/JSCallbackObject.h: + (JSCallbackObject): + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertySlot): + (JSC::::getOwnPropertyDescriptor): + (JSC::::put): + (JSC::::deleteProperty): + (JSC::::getStaticValue): + (JSC::::staticFunctionGetter): + (JSC::::callbackGetter): + * API/JSObjectRef.cpp: + (JSObjectMakeFunctionWithCallback): + * JSCTypedArrayStubs.h: + (JSC): + * JavaScriptCore.xcodeproj/project.pbxproj: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::getOwnPropertySlot): + (JSC::DebuggerActivation::put): + (JSC::DebuggerActivation::putDirectVirtual): + (JSC::DebuggerActivation::deleteProperty): + (JSC::DebuggerActivation::getOwnPropertyDescriptor): + (JSC::DebuggerActivation::defineOwnProperty): + * debugger/DebuggerActivation.h: + (DebuggerActivation): + * jsc.cpp: + (GlobalObject::addFunction): + (GlobalObject::addConstructableFunction): + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertySlot): + (JSC::Arguments::getOwnPropertyDescriptor): + (JSC::Arguments::put): + (JSC::Arguments::deleteProperty): + (JSC::Arguments::defineOwnProperty): + * runtime/Arguments.h: + (Arguments): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::finishCreation): + (JSC::ArrayConstructor::getOwnPropertySlot): + (JSC::ArrayConstructor::getOwnPropertyDescriptor): + * runtime/ArrayConstructor.h: + (ArrayConstructor): + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::getOwnPropertySlot): + (JSC::ArrayPrototype::getOwnPropertyDescriptor): + (JSC::putProperty): + * runtime/ArrayPrototype.h: + (ArrayPrototype): + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::finishCreation): + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::getOwnPropertySlot): + (JSC::BooleanPrototype::getOwnPropertyDescriptor): + * runtime/BooleanPrototype.h: + (BooleanPrototype): + * runtime/ClassInfo.h: + (MethodTable): + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::finishCreation): + (JSC::DateConstructor::getOwnPropertySlot): + (JSC::DateConstructor::getOwnPropertyDescriptor): + * runtime/DateConstructor.h: + (DateConstructor): + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::getOwnPropertySlot): + (JSC::DatePrototype::getOwnPropertyDescriptor): + * runtime/DatePrototype.h: + (DatePrototype): + * runtime/Error.h: + (JSC::StrictModeTypeErrorFunction::create): + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::finishCreation): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::getOwnPropertySlot): + (JSC::ErrorPrototype::getOwnPropertyDescriptor): + * runtime/ErrorPrototype.h: + (ErrorPrototype): + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::finishCreation): + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::finishCreation): + (JSC::FunctionPrototype::addFunctionProperties): + (JSC::functionProtoFuncBind): + * runtime/FunctionPrototype.h: + (JSC::FunctionPrototype::create): + (FunctionPrototype): + * runtime/Identifier.cpp: + (JSC): + * runtime/Identifier.h: + (Identifier): + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::finishCreation): + * runtime/InternalFunction.h: + (InternalFunction): + * runtime/JSActivation.cpp: + (JSC::JSActivation::symbolTableGet): + (JSC::JSActivation::symbolTablePut): + (JSC::JSActivation::symbolTablePutWithAttributes): + (JSC::JSActivation::getOwnPropertySlot): + (JSC::JSActivation::put): + (JSC::JSActivation::putDirectVirtual): + (JSC::JSActivation::deleteProperty): + (JSC::JSActivation::argumentsGetter): + * runtime/JSActivation.h: + (JSActivation): + * runtime/JSArray.cpp: + (JSC::JSArray::defineOwnProperty): + (JSC::JSArray::getOwnPropertySlot): + (JSC::JSArray::getOwnPropertyDescriptor): + (JSC::JSArray::put): + (JSC::JSArray::deleteProperty): + * runtime/JSArray.h: + (JSArray): + (JSC): + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::create): + (JSC::JSBoundFunction::finishCreation): + * runtime/JSBoundFunction.h: + (JSBoundFunction): + * runtime/JSCell.cpp: + (JSC::JSCell::getOwnPropertySlot): + (JSC::JSCell::put): + (JSC::JSCell::deleteProperty): + (JSC::JSCell::putDirectVirtual): + (JSC::JSCell::defineOwnProperty): + (JSC::JSCell::getOwnPropertyDescriptor): + * runtime/JSCell.h: + (JSCell): + * runtime/JSFunction.cpp: + (JSC::JSFunction::create): + (JSC::JSFunction::finishCreation): + (JSC::JSFunction::argumentsGetter): + (JSC::JSFunction::callerGetter): + (JSC::JSFunction::lengthGetter): + (JSC::JSFunction::getOwnPropertySlot): + (JSC::JSFunction::getOwnPropertyDescriptor): + (JSC::JSFunction::put): + (JSC::JSFunction::deleteProperty): + (JSC::JSFunction::defineOwnProperty): + (JSC::getCalculatedDisplayName): + * runtime/JSFunction.h: + (JSFunction): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::put): + (JSC::JSGlobalObject::putDirectVirtual): + (JSC::JSGlobalObject::defineOwnProperty): + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::createThrowTypeError): + (JSC::JSGlobalObject::getOwnPropertySlot): + (JSC::JSGlobalObject::getOwnPropertyDescriptor): + * runtime/JSGlobalObject.h: + (JSGlobalObject): + (JSC::JSGlobalObject::hasOwnPropertyForWrite): + (JSC::JSGlobalObject::symbolTableHasProperty): + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::getOwnPropertySlot): + (JSC::JSNotAnObject::getOwnPropertyDescriptor): + (JSC::JSNotAnObject::put): + (JSC::JSNotAnObject::deleteProperty): + * runtime/JSNotAnObject.h: + (JSNotAnObject): + * runtime/JSONObject.cpp: + (JSC::JSONObject::getOwnPropertySlot): + (JSC::JSONObject::getOwnPropertyDescriptor): + * runtime/JSONObject.h: + (JSONObject): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC::JSObject::putDirectVirtual): + (JSC::JSObject::putDirectAccessor): + (JSC::JSObject::hasProperty): + (JSC::JSObject::deleteProperty): + (JSC::JSObject::hasOwnProperty): + (JSC::callDefaultValueFunction): + (JSC::JSObject::findPropertyHashEntry): + (JSC::JSObject::getPropertySpecificValue): + (JSC::JSObject::removeDirect): + (JSC::JSObject::getOwnPropertyDescriptor): + (JSC::JSObject::getPropertyDescriptor): + (JSC::putDescriptor): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + (JSObject): + (JSC::JSObject::getDirect): + (JSC::JSObject::getDirectLocation): + (JSC::JSObject::inlineGetOwnPropertySlot): + (JSC::JSObject::getOwnPropertySlot): + (JSC::JSCell::fastGetOwnPropertySlot): + (JSC::JSObject::getPropertySlot): + (JSC::JSObject::get): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putOwnDataProperty): + (JSC::JSObject::putDirect): + (JSC::JSObject::putDirectWithoutTransition): + (JSC::JSValue::get): + (JSC::JSValue::put): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::put): + (JSC::JSStaticScopeObject::putDirectVirtual): + (JSC::JSStaticScopeObject::getOwnPropertySlot): + * runtime/JSStaticScopeObject.h: + (JSStaticScopeObject): + * runtime/JSString.cpp: + (JSC::JSString::getOwnPropertySlot): + (JSC::JSString::getStringPropertyDescriptor): + * runtime/JSString.h: + (JSString): + (JSC::JSString::getStringPropertySlot): + * runtime/JSValue.cpp: + (JSC::JSValue::putToPrimitive): + * runtime/JSValue.h: + (JSC): + (JSValue): + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::deleteProperty): + (JSC::JSVariableObject::symbolTableGet): + (JSC::JSVariableObject::putDirectVirtual): + * runtime/JSVariableObject.h: + (JSVariableObject): + (JSC::JSVariableObject::symbolTableGet): + (JSC::JSVariableObject::symbolTablePut): + (JSC::JSVariableObject::symbolTablePutWithAttributes): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/Lookup.h: + (JSC::HashTable::entry): + (JSC): + (JSC::getStaticPropertySlot): + (JSC::getStaticPropertyDescriptor): + (JSC::getStaticFunctionSlot): + (JSC::getStaticFunctionDescriptor): + (JSC::getStaticValueSlot): + (JSC::getStaticValueDescriptor): + (JSC::lookupPut): + * runtime/MathObject.cpp: + (JSC::MathObject::getOwnPropertySlot): + (JSC::MathObject::getOwnPropertyDescriptor): + * runtime/MathObject.h: + (MathObject): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::finishCreation): + * runtime/NumberConstructor.cpp: + (JSC): + (JSC::NumberConstructor::finishCreation): + (JSC::NumberConstructor::getOwnPropertySlot): + (JSC::NumberConstructor::getOwnPropertyDescriptor): + (JSC::NumberConstructor::put): + (JSC::numberConstructorNaNValue): + (JSC::numberConstructorNegInfinity): + (JSC::numberConstructorPosInfinity): + (JSC::numberConstructorMaxValue): + (JSC::numberConstructorMinValue): + * runtime/NumberConstructor.h: + (NumberConstructor): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::getOwnPropertySlot): + (JSC::NumberPrototype::getOwnPropertyDescriptor): + * runtime/NumberPrototype.h: + (NumberPrototype): + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::finishCreation): + (JSC::ObjectConstructor::getOwnPropertySlot): + (JSC::ObjectConstructor::getOwnPropertyDescriptor): + * runtime/ObjectConstructor.h: + (ObjectConstructor): + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::put): + (JSC::ObjectPrototype::defineOwnProperty): + (JSC::ObjectPrototype::getOwnPropertySlot): + (JSC::ObjectPrototype::getOwnPropertyDescriptor): + * runtime/ObjectPrototype.h: + (ObjectPrototype): + * runtime/PropertySlot.h: + (PropertySlot): + (JSC::PropertySlot::getValue): + * runtime/RegExpConstructor.cpp: + (JSC): + (JSC::RegExpConstructor::finishCreation): + (JSC::RegExpConstructor::getOwnPropertySlot): + (JSC::RegExpConstructor::getOwnPropertyDescriptor): + (JSC::regExpConstructorDollar1): + (JSC::regExpConstructorDollar2): + (JSC::regExpConstructorDollar3): + (JSC::regExpConstructorDollar4): + (JSC::regExpConstructorDollar5): + (JSC::regExpConstructorDollar6): + (JSC::regExpConstructorDollar7): + (JSC::regExpConstructorDollar8): + (JSC::regExpConstructorDollar9): + (JSC::regExpConstructorInput): + (JSC::regExpConstructorMultiline): + (JSC::regExpConstructorLastMatch): + (JSC::regExpConstructorLastParen): + (JSC::regExpConstructorLeftContext): + (JSC::regExpConstructorRightContext): + (JSC::RegExpConstructor::put): + * runtime/RegExpConstructor.h: + (RegExpConstructor): + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::getOwnPropertySlot): + (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): + (JSC::RegExpMatchesArray::put): + (JSC::RegExpMatchesArray::deleteProperty): + (JSC::RegExpMatchesArray::defineOwnProperty): + * runtime/RegExpObject.cpp: + (JSC): + (JSC::RegExpObject::getOwnPropertySlot): + (JSC::RegExpObject::getOwnPropertyDescriptor): + (JSC::RegExpObject::deleteProperty): + (JSC::RegExpObject::defineOwnProperty): + (JSC::regExpObjectGlobal): + (JSC::regExpObjectIgnoreCase): + (JSC::regExpObjectMultiline): + (JSC::regExpObjectSource): + (JSC::RegExpObject::put): + * runtime/RegExpObject.h: + (RegExpObject): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::getOwnPropertySlot): + (JSC::RegExpPrototype::getOwnPropertyDescriptor): + * runtime/RegExpPrototype.h: + (RegExpPrototype): + * runtime/StrictEvalActivation.cpp: + (JSC::StrictEvalActivation::deleteProperty): + * runtime/StrictEvalActivation.h: + (StrictEvalActivation): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::finishCreation): + (JSC::StringConstructor::getOwnPropertySlot): + (JSC::StringConstructor::getOwnPropertyDescriptor): + * runtime/StringConstructor.h: + (StringConstructor): + * runtime/StringObject.cpp: + (JSC::StringObject::getOwnPropertySlot): + (JSC::StringObject::getOwnPropertyDescriptor): + (JSC::StringObject::put): + (JSC::StringObject::defineOwnProperty): + (JSC::StringObject::deleteProperty): + * runtime/StringObject.h: + (StringObject): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::getOwnPropertySlot): + (JSC::StringPrototype::getOwnPropertyDescriptor): + * runtime/StringPrototype.h: + (StringPrototype): + * runtime/Structure.cpp: + (JSC::Structure::despecifyDictionaryFunction): + (JSC::Structure::addPropertyTransitionToExistingStructure): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::removePropertyTransition): + (JSC::Structure::despecifyFunctionTransition): + (JSC::Structure::attributeChangeTransition): + (JSC::Structure::addPropertyWithoutTransition): + (JSC::Structure::removePropertyWithoutTransition): + (JSC::Structure::get): + (JSC::Structure::despecifyFunction): + (JSC::Structure::putSpecificValue): + (JSC::Structure::remove): + * runtime/Structure.h: + (Structure): + (JSC::Structure::get): + +2012-05-11 Michael Saboff <msaboff@apple.com> + + Rolling out r116659. + + Causes ASSERT failures on bots. + + Rubber stamped by Geoff Garen. + + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * heap/MarkStack.cpp: + (JSC::MarkStackThreadSharedData::markingThreadMain): + (JSC::MarkStackThreadSharedData::markingThreadStartFunc): + (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): + (JSC::MarkStackThreadSharedData::reset): + (JSC::MarkStack::reset): + (JSC): + (JSC::SlotVisitor::copyAndAppend): + * heap/MarkStack.h: + (MarkStackThreadSharedData): + (MarkStack): + * runtime/JSString.h: + (JSString): + (JSC::JSString::finishCreation): + (JSC::JSString::is8Bit): + (JSC::JSRopeString::finishCreation): + +2012-05-11 Oliver Hunt <oliver@apple.com> + + Appease thread verifier when dealing with the JSC API's shared VM + https://bugs.webkit.org/show_bug.cgi?id=86268 + + Reviewed by Geoffrey Garen. + + If we're the shared VM, just disable the verifier. This makes debug builds + livable against non-webkit clients. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + +2012-05-11 Filip Pizlo <fpizlo@apple.com> + + JIT memory allocator is not returning memory to the OS on Darwin + https://bugs.webkit.org/show_bug.cgi?id=86047 + + Reviewed by Geoff Garen. + + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree): + +2012-05-11 Geoffrey Garen <ggaren@apple.com> + + Clarified JSGlobalData (JavaScript VM) lifetime + https://bugs.webkit.org/show_bug.cgi?id=85142 + + Reviewed by Alexey Proskuryakov. + + (Follow-up fix.) + + * API/JSContextRef.cpp: + (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef. + (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on + test, because apps might have been linked on older OS's.) + +2012-05-11 Sam Weinig <sam@webkit.org> + + Fix crash seen when running with libgmalloc + <rdar://problem/11435411> + https://bugs.webkit.org/show_bug.cgi?id=86232 + + Reviewed by Gavin Barraclough. + + * heap/MarkStack.cpp: + (JSC::MarkStackThreadSharedData::markingThreadMain): + Don't delete the SlotVisitor before the ParallelModeEnabler has had a chance to run its + destructor. + +2012-05-10 Gavin Barraclough <barraclough@apple.com> + + Remove op_get_callee + + Rubber stamped by Geoff Garen. + + This is now redundant. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + * jit/JITOpcodes.cpp: + (JSC): + * jit/JITOpcodes32_64.cpp: + (JSC): + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + +2012-05-10 Gavin Barraclough <barraclough@apple.com> + + Cache inheritorID on JSFunction + https://bugs.webkit.org/show_bug.cgi?id=85853 + + Reviewed by Geoff Garen & Filip Pizlo. + + An object's prototype is indicated via its structure. To create an otherwise + empty object with object A as its prototype, we require a structure with its + prototype set to point to A. We wish to use this same structure for all empty + objects created with a prototype of A, so we presently store this structure as + a property of A, known as the inheritorID. + + When a function F is invoked as a constructor, where F has a property 'prototype' + set to point to A, in order to create the 'this' value for the constructor to + use the following steps are taken: + - the 'prototype' proptery of F is read, via a regular [[Get]] access. + - the inheritorID internal property of the prototype is read. + - a new, empty object is constructed with its structure set to point to inheritorID. + + There are two drawbacks to the current approach: + - it requires that every object has an inheritorID field. + - it requires a [[Get]] access on every constructor call to access the 'prototype' property. + + Instead, switch to caching a copy of the inheritorID on the function. Constructor + calls now only need read the internal property from the callee, saving a [[Get]]. + This also means that JSObject::m_inheritorID is no longer commonly read, and in a + future patch we can move to storing this in a more memory efficient fashion. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateJSFunction): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_create_this): + (JSC::JIT::emitSlow_op_create_this): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_create_this): + (JSC::JIT::emitSlow_op_create_this): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::cacheInheritorID): + (JSC): + (JSC::JSFunction::put): + (JSC::JSFunction::defineOwnProperty): + * runtime/JSFunction.h: + (JSC::JSFunction::cachedInheritorID): + (JSFunction): + (JSC::JSFunction::offsetOfCachedInheritorID): + +2012-05-10 Michael Saboff <msaboff@apple.com> + + Enh: Hash Const JSString in Backing Stores to Save Memory + https://bugs.webkit.org/show_bug.cgi?id=86024 + + Reviewed by Filip Pizlo. + + During garbage collection, each marking thread keeps a HashMap of + strings. While visiting via MarkStack::copyAndAppend(), we check to + see if the string we are visiting is already in the HashMap. If not + we add it. If so, we change the reference to the current string we're + visiting to the prior string. + + To somewhat reduce the performance impact of this change, if a string + is unique at the end of a marking it will not be checked during further + GC phases. In some cases this won't catch all duplicates, but we are + trying to catch the growth of duplicate strings. + + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * heap/MarkStack.cpp: + (JSC::MarkStackThreadSharedData::resetChildren): New method called by the + main thread to reset the slave threads. This is primarily done to + clear the m_uniqueStrings HashMap. + (JSC): + (JSC::MarkStackThreadSharedData::markingThreadMain): + (JSC::MarkStackThreadSharedData::markingThreadStartFunc): + (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): + (JSC::MarkStackThreadSharedData::reset): + (JSC::MarkStack::reset): Added call to clear m_uniqueStrings. + (JSC::MarkStack::internalAppend): New method that performs the hash consting. + (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash consting + internalAppend() + * heap/MarkStack.h: + (MarkStackThreadSharedData): + (MarkStack): + (JSC::MarkStack::sharedData): + * runtime/JSString.h: + (JSString): Added m_isHashConstSingleton flag, accessors for the flag and + code to initialize the flag. + (JSC::JSString::finishCreation): + (JSC::JSString::isHashConstSingleton): + (JSC::JSString::clearHashConstSingleton): + (JSC::JSString::setHashConstSingleton): + (JSC::JSRopeString::finishCreation): + +2012-05-09 Filip Pizlo <fpizlo@apple.com> + + JIT memory allocator is not returning memory to the OS on Darwin + https://bugs.webkit.org/show_bug.cgi?id=86047 + <rdar://problem/11414948> + + Reviewed by Geoff Garen. + + Work around the problem by using a different madvise() flag, but only for the JIT memory + allocator. Also put in ASSERTs that the call is actually working. + + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage): + (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree): + +2012-05-09 Filip Pizlo <fpizlo@apple.com> + + It should be possible to get useful debug logging from the JIT memory allocator + https://bugs.webkit.org/show_bug.cgi?id=86042 + + Reviewed by Geoff Garen. + + * jit/ExecutableAllocator.h: + +2012-05-09 Gavin Barraclough <barraclough@apple.com> + + GC race condition in OpaqueJSClass::prototype + https://bugs.webkit.org/show_bug.cgi?id=86034 + + Build fix. + + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): + - Eeeep, landed bad version of patch! + +2012-05-09 Gavin Barraclough <barraclough@apple.com> + + GC race condition in OpaqueJSClass::prototype + https://bugs.webkit.org/show_bug.cgi?id=86034 + + Reviewed by Filip Pizlo. + + The bug here is basically: + if (weakref) weakref->method() + where a GC may occur between the if & the method call. + + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): + +2012-05-09 Mark Hahnenberg <mhahnenberg@apple.com> + + CopiedSpace does not add pinned blocks back to the to-space filter + https://bugs.webkit.org/show_bug.cgi?id=86011 + + Reviewed by Geoffrey Garen. + + After a collection has finished, we go through the blocks in from-space + and move any of them that are pinned into to-space. At the beginning of + collection, we reset the to-space block filter that is used during + conservative scanning and add back the blocks that are filled during the + collection. However, we neglect to add back those blocks that are moved + from from-space to to-space, which can cause the conservative scan to + think that some pinned items are not actually in CopiedSpace. + + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the + to-space filter. Also added a comment and assert for future readers that + indicates that it's okay that we don't also add the block to the + to-space block set since it was never removed. + + +2012-05-09 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Use independent version numbers for public libraries + https://bugs.webkit.org/show_bug.cgi?id=85984 + + Reviewed by Gustavo Noronha Silva. + + * GNUmakefile.am: Use LIBJAVASCRIPTCOREGTK_VERSION for library + version. + +2012-05-09 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Do not install JavaScriptCore platform-specific headers + https://bugs.webkit.org/show_bug.cgi?id=85983 + + Reviewed by Gustavo Noronha Silva. + + JavaScriptCore.h includes JSStringRefCF.h unconditionally. It was + renamed to JavaScript.h in r29234 and it still exists for + compatibility with mac and windows users. + + * GNUmakefile.list.am: Remove JavaScriptCore.h, JSStringRefCF.h + and JSStringRefBSTR.h from the sources and headers list. + +2012-05-08 Gavin Barraclough <barraclough@apple.com> + + ROLLING OUT r114255 + + GC in the middle of JSObject::allocatePropertyStorage can cause badness + https://bugs.webkit.org/show_bug.cgi?id=83839 + + Reviewed by nobody. + + This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSObject.cpp: + (JSC::JSObject::allocatePropertyStorage): + * runtime/JSObject.h: + (JSObject): + (JSC::JSObject::isUsingInlineStorage): + (JSC): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putDirectWithoutTransition): + (JSC::JSObject::transitionTo): + * runtime/Structure.cpp: + (JSC): + * runtime/Structure.h: + (JSC::Structure::didTransition): + +2012-05-08 Mark Hahnenberg <mhahnenberg@apple.com> + + Heap should not continually allocate new pages in steady state + https://bugs.webkit.org/show_bug.cgi?id=85936 + + Reviewed by Geoff Garen. + + Currently, in steady state (i.e. a constant amount of live GC + memory with a constant rate of allocation) assuming we've just + finished a collection with X live blocks in CopiedSpace, we + increase our working set by X blocks in CopiedSpace with each + collection we perform. This is due to the fact that we allocate + until we run out of free blocks to use in the Heap before we + consider whether we should run a collection. + + In the longer term, this issue will be mostly resolved by + implementing quick release for the CopiedSpace. In the shorter + term, we should change our policy to check whether we should + allocate before trying to use a free block from the Heap. We + can change our policy to something more appropriate once we + have implemented quick release. + + This change should also have the convenient side effect of + reducing the variance in GC-heavy tests (e.g. v8-splay) due + to fact that we are doing less VM allocation during copying + collection. Overall, this patch is performance neutral across + the benchmarks we track. + + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator + around so that we only do it if the block request must succeed + i.e. after we've already checked whether we should do a collection. + * heap/MarkedAllocator.cpp: + (JSC::MarkedAllocator::allocateSlowCase): Ditto. + (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this + function because by the time we've called it, we've already checked whether we + should run a collection so there's no point in returning null. + * heap/MarkedAllocator.h: Removing old arguments from function declaration. + (MarkedAllocator): + +2012-05-08 Gavin Barraclough <barraclough@apple.com> + + SIGFPE on divide in classic interpreter + https://bugs.webkit.org/show_bug.cgi?id=85917 + + Rubber stamped by Oliver Hunt. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + - check for divisor of -1. + +2012-05-07 Oliver Hunt <oliver@apple.com> + + Rolling out r110287 + + RS=Filip Pizlo + + r110287 was meant to be refactoring only, but changed behavior + enough to break some websites, including qq.com. + +2012-05-07 Andy Estes <aestes@apple.com> + + ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES. + + * Configurations/FeatureDefines.xcconfig: + +2012-05-07 Oliver Hunt <oliver@apple.com> + + Fix release build. + + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + +2012-05-07 Oliver Hunt <oliver@apple.com> + + LLInt doesn't check for Ropes when performing a character switch + https://bugs.webkit.org/show_bug.cgi?id=85837 + + Reviewed by Filip Pizlo. + + Make LLint check if the scrutinee of a char switch is a rope, and if + so fall back to a slow case. + + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (LLInt): + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + +2012-05-07 Eric Seidel <eric@webkit.org> + + Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed + https://bugs.webkit.org/show_bug.cgi?id=85822 + + Reviewed by Adam Barth. + + * Configurations/FeatureDefines.xcconfig: + +2012-05-05 Gavin Barraclough <barraclough@apple.com> + + Remove TrustedImm32::m_isPointer + https://bugs.webkit.org/show_bug.cgi?id=85726 + + Rubber stamped by Sam Weinig. + + We used to rely on being able to generate code with known, fixed offsets – to do so we + would inhibit more optimal code generation for pointers. This is no longer necessary. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32): + (TrustedImm32): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::store32): + (JSC::MacroAssemblerARM::move): + (JSC::MacroAssemblerARM::branch32): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::move): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::add32): + (JSC::MacroAssemblerMIPS::and32): + (JSC::MacroAssemblerMIPS::mul32): + (JSC::MacroAssemblerMIPS::or32): + (JSC::MacroAssemblerMIPS::sub32): + (JSC::MacroAssemblerMIPS::store32): + (JSC::MacroAssemblerMIPS::move): + +2012-05-04 Filip Pizlo <fpizlo@apple.com> + + DFG should not Flush GetLocal's + https://bugs.webkit.org/show_bug.cgi?id=85663 + <rdar://problem/11373600> + + Reviewed by Oliver Hunt. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::flushArgument): + (JSC::DFG::ByteCodeParser::handleCall): + +2012-05-04 Allan Sandfeld Jensen <allan.jensen@nokia.com> + + Doesn't build with ENABLE_JIT=0 + https://bugs.webkit.org/show_bug.cgi?id=85042 + + Reviewed by Gavin Barraclough. + + * bytecode/Operands.h: + +2012-05-03 Oliver Hunt <oliver@apple.com> + + Regression(r114702): Clobbering the caller frame register before we've stored it. + https://bugs.webkit.org/show_bug.cgi?id=85564 + + Reviewed by Filip Pizlo. + + Don't use t0 as a temporary, when we're about to use the value in t0. + + * llint/LowLevelInterpreter32_64.asm: + +2012-05-03 Mark Hahnenberg <mhahnenberg@apple.com> + + Removing remainder of accidental printfs. + + * heap/Heap.cpp: + (JSC::Heap::collect): + +2012-05-03 Andy Estes <aestes@apple.com> + + If you add printf()s to your garbage collector, the layout tests are gonna have a bad time. + + * runtime/GCActivityCallbackCF.cpp: + (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): + +2012-05-03 Mark Hahnenberg <mhahnenberg@apple.com> + + Heap::reportAbandonedObjectGraph should not hasten an allocation-triggered collection + https://bugs.webkit.org/show_bug.cgi?id=85543 + + Reviewed by Filip Pizlo. + + Currently reportAbandonedObjectGraph causes the Heap to think it is closer to its + allocation limit for the current cycle, thus hastening an allocation-triggered collection. + In reality, it should just affect the opportunistic GC timer. We should track the bytes + we think have been abandoned and the bytes that have been allocated separately. + + * heap/Heap.cpp: Added a new field m_abandonedBytes to Heap to keep track of how much + we think we've abandoned. + (JSC::Heap::Heap): + (JSC::Heap::reportAbandonedObjectGraph): + (JSC): + (JSC::Heap::didAbandon): Added this function for reportAbandonedObjectGraph to call + rather than didAllocate. Works the same as didAllocate, but modifies bytes abandoned rather + than bytes allocated. Also notifies the timer, summing the two values together. + (JSC::Heap::collect): + (JSC::Heap::didAllocate): Now adds the bytes allocated and bytes abandoned when reporting + to GCActivityCallback. + * heap/Heap.h: + (Heap): + +2012-05-02 Eric Seidel <eric@webkit.org> + + Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate) + https://bugs.webkit.org/show_bug.cgi?id=85433 + + Reviewed by Adam Barth. + + I have a script which can autogenerate these xcconfig files as well as the + vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists + from a central feature list file. + In preparation for posting such a tool, I'm re-sorting these xcconfig files to be + alphabetically ordered (currently they're close, but not quite). + There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which + I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch. + + * Configurations/FeatureDefines.xcconfig: + +2012-05-02 Hojong Han <hojong.han@samsung.com> + + ARM_TRADITIONAL build fix + https://bugs.webkit.org/show_bug.cgi?id=85358 + + Reviewed by Gavin Barraclough. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::lshift32): + (MacroAssemblerARM): + (JSC::MacroAssemblerARM::or32): + (JSC::MacroAssemblerARM::urshift32): + (JSC::MacroAssemblerARM::xor32): + (JSC::MacroAssemblerARM::branchSub32): + +2012-05-02 Mark Hahnenberg <mhahnenberg@apple.com> + + Opportunistic GC should give up if the Heap is paged out + https://bugs.webkit.org/show_bug.cgi?id=85411 + + Reviewed by Filip Pizlo. + + Opportunistic GC is punishing us severely in limited memory situations because its + assumptions about how much time a collection will take are way out of whack when the Heap + has been paged out by the OS. We should add a simple detection function to the Heap that + detects if its is paged out. It will do this by iterating each block of both the MarkedSpace + and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms), + the function returns true. This function will only be run prior to an opportunistic + collection (i.e. it will not run during our normal allocation-triggered collections). + + In my tests, steady state was drastically improved in high memory pressure situations (i.e. + the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC + would be triggered due to pages doing things in the background, which would cause a + significant pause. As we close pages we now cause normal collections rather than full + collections, which prevents us from collecting all of the dead memory immediately. One + nice way to deal with this issue might be to do incremental sweeping. + + + * heap/CopiedSpace.cpp: + (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over + to-space, from-space, and the oversize blocks. + (JSC): + (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out + by iterating all of the blocks. + * heap/CopiedSpace.h: + (CopiedSpace): + * heap/Heap.cpp: + (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the + MarkedSpace and CopiedSpace if they are paged out. + (JSC): + * heap/Heap.h: + (Heap): + (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off + each time it determines that the Heap is paged out. + * heap/MarkedAllocator.cpp: + (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's + list of blocks are paged out. + (JSC): + * heap/MarkedAllocator.h: + (MarkedAllocator): + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out. + * heap/MarkedSpace.h: + (MarkedSpace): + * runtime/GCActivityCallback.cpp: + (JSC::DefaultGCActivityCallback::cancel): + (JSC): + * runtime/GCActivityCallback.h: + (JSC::GCActivityCallback::cancel): + (DefaultGCActivityCallback): + * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining + whether the Heap is paged out or not. + (JSC): + (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we + should attempt a collection based on whether or not we can iterate the blocks of the Heap in + 100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to + do a collection. This gives us a nice linear backoff so we're not constantly re-trying in + steady state paged-out-ness. + (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing + exactly the same thing as willCollect, is more obvious as to what it's doing when we call it + in timerDidFire. + +2012-05-02 Yong Li <yoli@rim.com> + + Fix GCC X86 build error + https://bugs.webkit.org/show_bug.cgi?id=85379 + + Reviewed by Rob Buis. + + Always explicitly claim ".text" to make sure + functions defined with inline assembly will be + created in the correct section. + + * dfg/DFGOperations.cpp: + (JSC): + +2012-05-02 Oliver Hunt <oliver@apple.com> + + Unreviewed, rolling out r115388. + http://trac.webkit.org/changeset/115388 + https://bugs.webkit.org/show_bug.cgi?id=85011 + + This caused many weird performance problems, and needs to be + landed in pieces. + + * dfg/DFGOperations.cpp: + * heap/Heap.cpp: + (JSC::Heap::getConservativeRegisterRoots): + (JSC::Heap::markRoots): + * interpreter/CallFrame.cpp: + (JSC::CallFrame::dumpCaller): + (JSC): + * interpreter/CallFrame.h: + (JSC::ExecState::init): + (ExecState): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + (JSC::Interpreter::prepareForRepeatCall): + (JSC::Interpreter::privateExecute): + * interpreter/Interpreter.h: + (JSC::Interpreter::execute): + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::growSlowCase): + (JSC::RegisterFile::gatherConservativeRoots): + * interpreter/RegisterFile.h: + (JSC::RegisterFile::end): + (JSC::RegisterFile::size): + (JSC::RegisterFile::addressOfEnd): + (RegisterFile): + (JSC::RegisterFile::RegisterFile): + (JSC::RegisterFile::shrink): + (JSC::RegisterFile::grow): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC::jitCompileFor): + (JSC::lazyLinkFor): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (JSC::LLInt::handleHostCall): + * llint/LowLevelInterpreter.asm: + * runtime/CommonSlowPaths.h: + (JSC::CommonSlowPaths::arityCheckFor): + +2012-05-01 Oliver Hunt <oliver@apple.com> + + Physijs demo crashes due to DFG not updating topCallFrame correctly. + https://bugs.webkit.org/show_bug.cgi?id=85311 + + Reviewed by Filip Pizlo. + + A few of the dfg operations failed to correctly set the topCallFrame, + and so everything goes wrong. This patch corrects the effected operations, + and makes debug builds poison topCallFrame before calling a dfg operation. + + * dfg/DFGOperations.cpp: + (JSC::DFG::putByVal): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::prepareForExternalCall): + (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): + (JSC::DFG::SpeculativeJIT::appendCallSetResult): + +2012-04-30 Gavin Barraclough <barraclough@apple.com> + + Should be able to use YARR JIT without the JS language JIT + https://bugs.webkit.org/show_bug.cgi?id=85252 + + Reviewed by Geoff Garen. + + Need to split canUseRegExpJIT out of canUseJIT. + + * runtime/JSGlobalData.cpp: + (JSC): + (JSC::useJIT): + (JSC::JSGlobalData::JSGlobalData): + - replace m_canUseJIT with m_canUseAssembler + * runtime/JSGlobalData.h: + (JSGlobalData): + (JSC::JSGlobalData::canUseRegExpJIT): + - Added canUseRegExpJIT, distinct from canUseJIT. + * runtime/RegExp.cpp: + (JSC::RegExp::compile): + (JSC::RegExp::compileMatchOnly): + - Call canUseRegExpJIT instead of canUseJIT. + +2012-04-30 Gavin Barraclough <barraclough@apple.com> + + Should be able to build YARR JIT without the JS language JIT + https://bugs.webkit.org/show_bug.cgi?id=85242 + + Reviewed by Michael Saboff. + + Some build macros are wrong. + + * assembler/RepatchBuffer.h: + * jit/ExecutableAllocator.h: + (JSC): + * jit/JITExceptions.cpp: + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + +2012-04-26 Gavin Barraclough <barraclough@apple.com> + + Arguments object resets attributes on redefinition of a parameter + https://bugs.webkit.org/show_bug.cgi?id=84994 + + Rubber stamped by Oliver Hunt. + + There is a bug that we always re-add the original property before + redefinition, doing so in a way that will reset the attributes + without checking configurability. + + * runtime/Arguments.cpp: + (JSC::Arguments::defineOwnProperty): + - Only instantiate the property once - do not re-add if + it has already been added, or if it has been deleted. + +2012-04-30 Ryosuke Niwa <rniwa@webkit.org> + + Remove an erroneous assertion after r115655. + + * runtime/NumberPrototype.cpp: + (JSC::toUStringWithRadix): + +2012-04-30 Myles Maxfield <mmaxfield@google.com> + + End of Interpreter::tryCacheGetByID can trigger the garbage collector + https://bugs.webkit.org/show_bug.cgi?id=84927 + + Reviewed by Oliver Hunt. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::tryCacheGetByID): + +2012-04-30 Benjamin Poulain <benjamin@webkit.org> + + jsSingleCharacterString and jsSingleCharacterSubstring are not inlined + https://bugs.webkit.org/show_bug.cgi?id=85147 + + Reviewed by Darin Adler. + + The functions jsSingleCharacterString() and jsSingleCharacterSubstring() were not inlined + by the compiler. This annihilate the gains of using SmallStrings. + + On stringProtoFuncCharAt(), this patch improves the performance by 11%. + + * runtime/JSString.h: + (JSC::jsSingleCharacterString): + (JSC::jsSingleCharacterSubstring): + +2012-04-30 Benjamin Poulain <bpoulain@apple.com> + + Add fast patch for radix == 10 on numberProtoFuncToString + https://bugs.webkit.org/show_bug.cgi?id=85120 + + Reviewed by Darin Adler. + + When radix, we use to turn the doubleValue into a JSValue just to convert + it to a String. The problem is that was using the slow path for conversion and + for the toString() operation. + + This patch shortcuts the creation of a JSValue and uses NumericStrings directly. + The conversion is split between Integer and Double to ensure the fastest conversion + for the common case of integer arguments. + + Converting number with radix 10 becomes 5% faster. + + Due to the simpler conversion of number to string for integer, converting + integers that do not fall in the two previous optimizations get 32% faster. + + * runtime/NumberPrototype.cpp: + (JSC::extractRadixFromArgs): + (JSC::integerValueToString): + (JSC::numberProtoFuncToString): + +2012-04-30 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Add missing header. + +2012-04-28 Geoffrey Garen <ggaren@apple.com> + + Factored threaded block allocation into a separate object + https://bugs.webkit.org/show_bug.cgi?id=85148 + + Reviewed by Sam Weinig. + + 99% of this patch just moves duplicated block allocation and + deallocation code into a new object named BlockAllocator, with these + exceptions: + + * heap/BlockAllocator.h: Added. + (BlockAllocator::BlockAllocator): The order of declarations here now + guards us against an unlikely race condition during startup. + + * heap/BlockAllocator.cpp: + JSC::BlockAllocator::blockFreeingThreadMain): Added a FIXME to + highlight a lack of clarity we have in our block deallocation routines. + +2012-04-28 Sam Weinig <sam@webkit.org> + + Try to fix the Qt build. + + * heap/Heap.cpp: + (JSC::Heap::lastChanceToFinalize): + +2012-04-28 Geoffrey Garen <ggaren@apple.com> + + Try to fix the Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-04-28 Geoffrey Garen <ggaren@apple.com> + + Clarified JSGlobalData (JavaScript VM) lifetime + https://bugs.webkit.org/show_bug.cgi?id=85142 + + Reviewed by Anders Carlsson. + + This was so confusing that I didn't feel like I could reason about + memory lifetime in the heap without fixing it. + + The rules are: + + (1) JSGlobalData owns the virtual machine and all memory in it. + + (2) Deleting a JSGlobalData frees the virtual machine and all memory + in it. + + (Caveat emptor: if you delete the virtual machine while you're running + JIT code or accessing GC objects, you're gonna have a bad time.) + + (I opted not to make arbitrary sub-objects keep the virtual machine + alive automatically because: + + (a) doing that right would be complex and slow; + + (b) in the case of an exiting thread or process, there's no + clear way to give the garbage collector a chance to try again + later; + + (c) continuing to run the garbage collector after we've been + asked to shut down the virtual machine seems rude; + + (d) we've never really supported that feature, anyway.) + + (3) Normal ref-counting will do. No need to call a battery of + specialty functions to tear down a JSGlobalData. Its foibles + notwithstanding, C++ does in fact know how to execute destructors in + order. + + * API/JSContextRef.cpp: + (JSGlobalContextCreate): Removed compatibility shim for older + operating systems because it's no longer used. + + (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do + the right thing", this code is much simpler. We still have one special + case to notify the garbage collector if we're removing the last + reference to the global object, since this can improve memory behavior. + + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::freeAllBlocks): + * heap/CopiedSpace.h: + (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true + destruction-time behaviors should be limited to our C++ destructor. + + * heap/Heap.cpp: + (JSC::Heap::~Heap): + (JSC): + (JSC::Heap::lastChanceToFinalize): + * heap/Heap.h: + (Heap): + (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because + true destruction-time behaviors should be limited to our C++ + destructor. + + Reorganized the code, putting code that must run before any objects + get torn down into lastChanceToFinalize, and code that just tears down + objects into our destructor. + + * heap/Local.h: + (JSC::LocalStack::LocalStack): + (JSC::LocalStack::push): + (LocalStack): See rule (2). + + * jsc.cpp: + (functionQuit): + (main): + (printUsageStatement): + (parseArguments): + (jscmain): + * testRegExp.cpp: + (main): + (printUsageStatement): + (parseArguments): + (realMain): See rule (3). + + I removed the feature of ensuring orderly tear-down when calling quit() + or running in --help mode because it didn't seem very useful and + making it work with Windows structured exception handling and + NO_RETURN didn't seem like a fun way to spend a Saturday. + + * runtime/JSGlobalData.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data + member in JSGlobalData to ensure that it's destructed last, so other + objects that reference it destruct without crashing. This allowed me + to remove clearBuiltinStructures() altogether, and helped guarantee + rule (3). + + (JSC::JSGlobalData::~JSGlobalData): Explicitly call + lastChanceToFinalize() at the head of our destructor to ensure that + all pending finalizers run while the virtual machine is still in a + valid state. Trying to resurrect (re-ref) the virtual machine at this + point is not valid, but all other operations are. + + Changed a null to a 0xbbadbeef to clarify just how bad this beef is. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::init): + * runtime/JSGlobalObject.h: + (JSGlobalObject): + (JSC::JSGlobalObject::globalData): See rule (3). + +2012-04-27 Geoffrey Garen <ggaren@apple.com> + + Try to fix the Windows build. + + * heap/WeakBlock.h: + (WeakBlock): + +2012-04-27 Geoffrey Garen <ggaren@apple.com> + + Made WeakSet::allocate() static and removed its JSGlobalData argument + https://bugs.webkit.org/show_bug.cgi?id=85128 + + Reviewed by Anders Carlsson. + + This is a step toward faster finalization. + + WeakSet::allocate() now deduces which WeakSet to allocate from based on + its JSCell* argument. (Currently, there's only one WeakSet, but soon + there will be many.) + + This was a global replace of "globalData.heap.weakSet()->allocate" with + "WeakSet::allocate", plus by-hand removal of the JSGlobalData argument. + + * heap/WeakSetInlines.h: Copied from Source/JavaScriptCore/heap/WeakSet.h. + + I had to split out WeakSet::allocate() in to a separate header to avoid + a cycle. + + (JSC::WeakSet::allocate): We can mask the pointer we're passed to + figure out where to allocate our WeakImpl. (Soon, we'll use this to + associate the WeakImpl with the GC block it references.) + +2012-04-27 Geoffrey Garen <ggaren@apple.com> + + Stop using aligned allocation for WeakBlock + https://bugs.webkit.org/show_bug.cgi?id=85124 + + Reviewed by Anders Carlsson. + + We don't actually use the alignment for anything. + + * heap/WeakBlock.cpp: + (JSC::WeakBlock::create): + (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular + allocation. + + * heap/WeakBlock.h: + (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned + allocation. This change required me to add some declarations that we used + to inherit from HeapBlock. + + (WeakBlock::blockFor): Removed. This function relied on aligned allocation + but didn't do anything for us. + + (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation + logic, so it shouldn't own the function. + + * heap/WeakSet.cpp: + (JSC::WeakSet::~WeakSet): + (JSC::WeakSet::finalizeAll): + (JSC::WeakSet::visitLiveWeakImpls): + (JSC::WeakSet::visitDeadWeakImpls): + (JSC::WeakSet::sweep): + (JSC::WeakSet::shrink): + (JSC::WeakSet::resetAllocator): + (JSC::WeakSet::tryFindAllocator): + * heap/WeakSet.h: + (WeakSet): Updated declarations to reflect WeakBlock not inheriting from + HeapBlock. This allowed me to remove some casts, which was nice. + + (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of + asking WeakBlock to do it for us. We don't need to have a WeakBlock + pointer to set the flag, so stop asking for one. + +2012-04-27 Kentaro Hara <haraken@chromium.org> + + [JSC] Implement a helper method createNotEnoughArgumentsError() + https://bugs.webkit.org/show_bug.cgi?id=85102 + + Reviewed by Geoffrey Garen. + + In bug 84787, kbr@ requested to avoid hard-coding + createTypeError(exec, "Not enough arguments") here and there. + This patch implements createNotEnoughArgumentsError(exec) + and uses it in JSC bindings. + + c.f. a corresponding bug for V8 bindings is bug 85097. + + * runtime/Error.cpp: + (JSC::createNotEnoughArgumentsError): + (JSC): + * runtime/Error.h: + (JSC): + +2012-04-27 Geoffrey Garen <ggaren@apple.com> + + Only allow non-null pointers in the WeakSet + https://bugs.webkit.org/show_bug.cgi?id=85119 + + Reviewed by Darin Adler. + + This is a step toward more efficient finalization. + + No clients put non-pointers (JSValues) into Weak<T> and PassWeak<T>. + + Some clients put null pointers into Weak<T> and PassWeak<T>, but this is + more efficient and straight-forward to model with a null in the Weak<T> + or PassWeak<T> instead of allocating a WeakImpl just to hold null. + + * heap/PassWeak.h: + (JSC): Removed the Unknown (JSValue) type of weak pointer because it's + unused now. + + (PassWeak): Don't provide a default initializer for our JSCell* argument. + This feature was only used in one place, and it was a bug. + + (JSC::::get): Don't check for a null stored inside our WeakImpl: that's + not allowed anymore. + + (JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of + allocating a WeakImpl and storing null into it. + + * heap/Weak.h: + (Weak): + (JSC::::Weak): Same changes as in PassWeak<T>. + + * heap/WeakBlock.cpp: + (JSC::WeakBlock::visitLiveWeakImpls): + (JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in + the WeakSet now, so no need to check for non-cells and null cell pointers. + + * heap/WeakImpl.h: + (JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet + now, so ASSERT that. + +2012-04-27 Gavin Barraclough <barraclough@apple.com> + + <rdar://problem/7909395> Math in JavaScript is inaccurate on iOS + + By defalut IEEE754 denormal support is disabled on iOS; + turn it on. + + Reviewed by Filip Pizlo. + + * jsc.cpp: + (main): + - clear the appropriate bit in the fpscr. + +2012-04-27 Michael Saboff <msaboff@apple.com> + + Memory wasted in JSString for non-rope strings + https://bugs.webkit.org/show_bug.cgi?id=84907 + + Reviewed by Geoffrey Garen. + + Split JSString into two classes, JSString as a base class that does not + include the fibers of a Rope, and a subclass JSRopeString that has the + rope functionality. Both classes "share" the same ClassInfo. Added + a bool to JSString to indicate that the string was allocated as a JSRopeString + to properly handle visiting the fiber children when the rope is resolved and + the JSRopeString appears as a JSString. Didn't change the interface of JSString + to require any JIT changes. + + As part of this change, removed "cellSize" from ClassInfo since both classes + share the same ClassInfo, but have different sizes. The only use I could find + for cellSize was an ASSERT in allocateCell(). + + This appears to be neutral on performance tests. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Changed JSString::resolveRope + to JSRopeString::resolveRope + * runtime/ClassInfo.h: + (JSC): + (ClassInfo): + * runtime/JSCell.h: + (JSC::allocateCell): + * runtime/JSString.cpp: + (JSC::JSRopeString::RopeBuilder::expand): + (JSC::JSString::visitChildren): + (JSC): + (JSC::JSRopeString::visitFibers): + (JSC::JSRopeString::resolveRope): + (JSC::JSRopeString::resolveRopeSlowCase8): + (JSC::JSRopeString::resolveRopeSlowCase): + (JSC::JSRopeString::outOfMemory): + (JSC::JSRopeString::getIndexSlowCase): + * runtime/JSString.h: + (JSC): + (JSString): + (JSC::JSString::finishCreation): + (JSC::JSString::create): + (JSC::JSString::isRope): + (JSC::JSString::is8Bit): + (JSRopeString): + (RopeBuilder): + (JSC::JSRopeString::RopeBuilder::RopeBuilder): + (JSC::JSRopeString::RopeBuilder::append): + (JSC::JSRopeString::RopeBuilder::release): + (JSC::JSRopeString::RopeBuilder::length): + (JSC::JSRopeString::JSRopeString): + (JSC::JSRopeString::finishCreation): + (JSC::JSRopeString::createNull): + (JSC::JSRopeString::create): + (JSC::JSString::value): + (JSC::JSString::tryGetValue): + (JSC::JSString::getIndex): + (JSC::jsStringBuilder): + * runtime/Operations.h: + (JSC::jsString): + (JSC::jsStringFromArguments): + +2012-04-27 Oliver Hunt <oliver@apple.com> + + Correct assertion. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::throwException): + +2012-04-27 Oliver Hunt <oliver@apple.com> + + Lazy link phase of baseline jit fails to propagate exception + https://bugs.webkit.org/show_bug.cgi?id=85092 + + Reviewed by Filip Pizlo. + + Very simple patch, when linking produces an error we need to actually store + the exception prior to throwing it. I can't find any other examples of this, + but as we're already in the slow path when throwing an exception I've hardened + exception throwing against null exceptions. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::throwException): + * jit/JITStubs.cpp: + (JSC::lazyLinkFor): + +2012-04-27 Benjamin Poulain <benjamin@webkit.org> + + Generalize the single character optimization of numberProtoFuncToString + https://bugs.webkit.org/show_bug.cgi?id=85027 + + Reviewed by Geoffrey Garen. + + The function numberProtoFuncToString() has an optimization to use SmallStrings::singleCharacterString() + when the radix is 36. + + This patch generalize the optimization for any radix. Any positive number smaller than its radix + can be represented by a single character of radixDigits. + + This makes numberProtoFuncToString() about twice as fast for this case of single digit conversion. + + * runtime/NumberPrototype.cpp: + (JSC::numberProtoFuncToString): + +2012-04-27 Gavin Peters <gavinp@chromium.org> + + Add new ENABLE_LINK_PRERENDER define to control the Prerendering API + https://bugs.webkit.org/show_bug.cgi?id=84871 + + Reviewed by Adam Barth. + + Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering + API separates it from prefetching. Having separate include guards lets ports enable prefetching, + a relatively easy change, without needing to build the infrastructure for prerendering, which + is considerably more complicated. + + * Configurations/FeatureDefines.xcconfig: + +2012-04-26 Oliver Hunt <oliver@apple.com> + + Allocating WeakImpl should not trigger GC, as that makes the world very tricksy. + https://bugs.webkit.org/show_bug.cgi?id=85020 + + Reviewed by Gavin Barraclough. + + Now in the event that we are unable to find an allocator for a new handle, just + add a new allocator rather than trying to recover "dead" handles through a GC. + + Find allocator is now much simpler, and addAllocator directly reports the + increased memory usage to the heap without causing any GC to happen immediately. + + * heap/WeakSet.cpp: + (JSC::WeakSet::findAllocator): + (JSC::WeakSet::addAllocator): + +2012-04-26 Oliver Hunt <oliver@apple.com> + + Remove RegisterFile::end()/m_end + https://bugs.webkit.org/show_bug.cgi?id=85011 + + Reviewed by Gavin Barraclough. + + Get rid of end() and m_end from RegisterFile. From now on + we only care about the end of the committed region when calling + code. When re-entering the VM we now plant the new CallFrame + immediately after whatever the current topCallFrame is. This + required adding a routine to CallFrame to determine exactly what + we should be doing (in the absence of an existing CallFrame, we + can't reason about the frameExtent() so we check for that). + + This also now means that the GC only marks the portion of the + RegisterFile that is actually in use, and that VM re-entry doesn't + exhaust the RegisterFile as rapidly. + + * dfg/DFGOperations.cpp: + * heap/Heap.cpp: + (JSC::Heap::getConservativeRegisterRoots): + (JSC::Heap::markRoots): + * interpreter/CallFrame.h: + (JSC::ExecState::init): + (JSC::ExecState::startOfReusableRegisterFile): + (ExecState): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + (JSC::Interpreter::prepareForRepeatCall): + (JSC::Interpreter::privateExecute): + * interpreter/Interpreter.h: + (JSC::Interpreter::execute): + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::growSlowCase): + (JSC::RegisterFile::gatherConservativeRoots): + * interpreter/RegisterFile.h: + (JSC::RegisterFile::commitEnd): + (JSC::RegisterFile::addressOfEnd): + (RegisterFile): + (JSC::RegisterFile::RegisterFile): + (JSC::RegisterFile::shrink): + (JSC::RegisterFile::grow): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC::jitCompileFor): + (JSC::lazyLinkFor): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (JSC::LLInt::handleHostCall): + * llint/LowLevelInterpreter.asm: + * runtime/CommonSlowPaths.h: + (JSC::CommonSlowPaths::arityCheckFor): + +2012-04-26 Filip Pizlo <fpizlo@apple.com> + + DFG ARMv7 backend should optimize Float32 arrays + https://bugs.webkit.org/show_bug.cgi?id=85000 + <rdar://problem/10652827> + + Reviewed by Gavin Barraclough. + + * assembler/ARMv7Assembler.h: + (ARMv7Assembler): + (JSC::ARMv7Assembler::flds): + (JSC::ARMv7Assembler::fsts): + (JSC::ARMv7Assembler::vcvtds): + (JSC::ARMv7Assembler::vcvtsd): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::loadFloat): + (MacroAssemblerARMv7): + (JSC::MacroAssemblerARMv7::storeFloat): + (JSC::MacroAssemblerARMv7::convertFloatToDouble): + (JSC::MacroAssemblerARMv7::convertDoubleToFloat): + * bytecode/PredictedType.h: + (JSC::isActionableFloatMutableArrayPrediction): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateFloat32Array): + +2012-04-25 Benjamin Poulain <benjamin@webkit.org> + + Add a version of StringImpl::find() without offset + https://bugs.webkit.org/show_bug.cgi?id=83968 + + Reviewed by Sam Weinig. + + Add support for the new StringImpl::find() to UString. + + Change stringProtoFuncIndexOf() to specifically take advatage of the feature. + This gives a 12% gains on a distribution of strings between 30 and 100 characters. + + * runtime/StringPrototype.cpp: + (JSC::substituteBackreferences): + (JSC::stringProtoFuncIndexOf): + * runtime/UString.h: + (UString): + (JSC::UString::find): + +2012-04-25 Mark Hahnenberg <mhahnenberg@apple.com> + + WebCore shouldn't call collectAllGarbage directly + https://bugs.webkit.org/show_bug.cgi?id=84897 + + Reviewed by Geoffrey Garen. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported symbol + for reportAbanondedObjectGraph so WebCore can use it. + * heap/Heap.h: Ditto. + +2012-04-25 Oliver Hunt <oliver@apple.com> + + Biolab disaster crashes on ToT + https://bugs.webkit.org/show_bug.cgi?id=84898 + + Reviewed by Filip Pizlo. + + Whoops, committed without saving reviewer requested change. + + * dfg/DFGVirtualRegisterAllocationPhase.cpp: + (JSC::DFG::VirtualRegisterAllocationPhase::run): + +2012-04-25 Oliver Hunt <oliver@apple.com> + + Biolab disaster crashes on ToT + https://bugs.webkit.org/show_bug.cgi?id=84898 + + Reviewed by Filip Pizlo. + + I recently added an assertion to the Interpreter to catch incorrect + updates of topCallFrame. This caused a bunch of sites (including biolab + disaster) to crash as we were not correctly handling callee registers + of inlined functions, leading to a mismatch. + + I could not actually make this trigger directly, although it does trigger + already on some of the GTK and QT bots. + + * dfg/DFGVirtualRegisterAllocationPhase.cpp: + (JSC::DFG::VirtualRegisterAllocationPhase::run): + +2012-04-25 Kenneth Russell <kbr@google.com> + + Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced + https://bugs.webkit.org/show_bug.cgi?id=83655 + + Reviewed by Oliver Hunt. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.order: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + (JSC::predictionToAbbreviatedString): + (JSC::predictionFromClassInfo): + * bytecode/PredictedType.h: + (JSC): + (JSC::isActionableIntMutableArrayPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::initialize): + (JSC::DFG::AbstractState::execute): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + * dfg/DFGNode.h: + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOperations.cpp: + (JSC::DFG::putByVal): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueSource::forPrediction): + (SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::getByVal): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * runtime/JSByteArray.cpp: Removed. + * runtime/JSByteArray.h: Removed. + * runtime/JSGlobalData.cpp: + +2012-04-25 Filip Pizlo <fpizlo@apple.com> + + http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=84815 + <rdar://problem/11319514> + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): + +2012-04-25 Michael Saboff <msaboff@apple.com> + + Closure in try {} with catch captures all locals from the enclosing function + https://bugs.webkit.org/show_bug.cgi?id=84804 + + Reviewed by Oliver Hunt. + + Changed the capturing of local variables from capturing when eval is used, + within a "with" or within a "catch" to be just when an eval is used. + Renamed the function returning that we should capture from + getCapturedVariables() to usesEval(), since that what it noew returns. + Needed to fix the "with" code to only range check when the activation + has actually been torn off. Added m_isTornOff to JSActivation to + track this. + + * parser/Parser.h: + (JSC::Scope::usesEval): + (JSC::Scope::getCapturedVariables): + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): + (JSC::JSActivation::symbolTableGet): + (JSC::JSActivation::symbolTablePut): + * runtime/JSActivation.h: + (JSActivation): + (JSC::JSActivation::tearOff): + +2012-04-24 Mark Hahnenberg <mhahnenberg@apple.com> + + GC Activity Callback timer should be based on how much has been allocated since the last collection + https://bugs.webkit.org/show_bug.cgi?id=84763 + + Reviewed by Geoffrey Garen. + + The desired behavior for the GC timer is to collect at some point in the future, + regardless of how little we've allocated. A secondary goal, which is almost if not + as important, is for the timer to collect sooner if there is the potential to + collect a greater amount of memory. Conversely, as we allocate more memory we'd + like to reduce the delay to the next collection. If we're allocating quickly enough, + the timer should be preempted in favor of a normal allocation-triggered collection. + If allocation were to slow or stop, we'd like the timer to be able to opportunistically + run a collection without us having to allocate to the hard limit set by the Heap. + + This type of policy can be described in terms of the amount of CPU we are willing + to dedicate to reclaim a single MB of memory. For example, we might be willing to + dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of + the last collection, e.g. if our last collection took 1ms, we would want to wait about + 100ms before running another collection to reclaim 1 MB. These constants should be + tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB. + + * API/JSBase.cpp: Use the new reportAbandonedObjectGraph. + (JSGarbageCollect): + * API/JSContextRef.cpp: Ditto. + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call + this function to notify the Heap that some unknown number of JSC objects might have just + been abandoned and are now garbage. The Heap might schedule a new collection timer based + on this notification. + (JSC): + (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect. + * heap/Heap.h: + (Heap): + * heap/MarkedAllocator.h: + (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the + current allocator's FreeList once zapping was complete. + * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by + Heap::reportAbandonedObjectGraph. + (JSC): + * runtime/GCActivityCallback.h: + (JSC::GCActivityCallback::willCollect): + (DefaultGCActivityCallback): + * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the + timer based on how much we have allocated since the last collection up to a certain amount. + We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered + collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB. + (DefaultGCActivityCallbackPlatformData): + (JSC): + (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback): + (JSC::DefaultGCActivityCallback::commonConstructor): + (JSC::scheduleTimer): + (JSC::cancelTimer): + (JSC::DefaultGCActivityCallback::didAllocate): + +2012-04-24 Michael Saboff <msaboff@apple.com> + + objectProtoFuncToString creates new string every invocation + https://bugs.webkit.org/show_bug.cgi?id=84781 + + Reviewed by Geoffrey Garen. + + Cache the results of object toString() in the attached Structure. + + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncToString): + * runtime/Structure.cpp: + (JSC::Structure::visitChildren): visit new m_hasObjectToStringValue. + * runtime/Structure.h: Added new member m_hasObjectToStringValue + (JSC): + (JSC::Structure::objectToStringValue): + (Structure): + (JSC::Structure::setObjectToStringValue): + +2012-04-24 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=84727. + Fix build when ENABLE_JIT_CONSTANT_BLINDING enabled. + + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::or32): + (JSC::MacroAssemblerSH4::and32): + (JSC::MacroAssemblerSH4::lshift32): + (JSC::MacroAssemblerSH4::xor32): + (JSC::MacroAssemblerSH4::branchSub32): + (JSC::MacroAssemblerSH4::urshift32): + +2012-04-24 Gavin Barraclough <barraclough@apple.com> + + Add explicit patchableBranchPtrWithPatch/patchableJump methods + https://bugs.webkit.org/show_bug.cgi?id=84498 + + Reviewed by Filip Pizlo. + + Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump): + (PatchableJump): + (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&): + (AbstractMacroAssembler): + (JSC::AbstractMacroAssembler::AbstractMacroAssembler): + - Added PatchableJump type, removed inUninterruptedSequence. + * assembler/LinkBuffer.h: + (LinkBuffer): + (JSC::LinkBuffer::locationOf): + - Only allow the location to be taken of patchable branches + * assembler/MacroAssembler.h: + (MacroAssembler): + (JSC::MacroAssembler::patchableBranchPtrWithPatch): + (JSC::MacroAssembler::patchableJump): + (JSC::MacroAssembler::shouldBlind): + - Added default implementation of patchableBranchPtrWithPatch, patchableJump. + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7): + (MacroAssemblerARMv7): + (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch): + (JSC::MacroAssemblerARMv7::patchableJump): + (JSC::MacroAssemblerARMv7::jump): + (JSC::MacroAssemblerARMv7::makeBranch): + - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump. + * dfg/DFGCorrectableJumpPoint.h: + (DFG): + (JSC::DFG::CorrectableJumpPoint::switchToLateJump): + - Late jumps are PatchableJumps. + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::linkOSRExits): + - replace use of inUninterruptedSequence + * dfg/DFGJITCompiler.h: + (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): + (PropertyAccessRecord): + - replace use of inUninterruptedSequence + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::cachedPutById): + - replace use of inUninterruptedSequence + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::cachedPutById): + - replace use of inUninterruptedSequence + * jit/JIT.h: + (PropertyStubCompilationInfo): + - replace use of inUninterruptedSequence + * jit/JITInlineMethods.h: + (JSC::JIT::beginUninterruptedSequence): + (JSC::JIT::endUninterruptedSequence): + - replace use of inUninterruptedSequence + * jit/JITPropertyAccess.cpp: + (JSC::JIT::compileGetByIdHotPath): + - replace use of inUninterruptedSequence + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::compileGetByIdHotPath): + - replace use of inUninterruptedSequence + +2012-04-24 Benjamin Poulain <bpoulain@apple.com> + + Generalize the single character optimization of r114072 + https://bugs.webkit.org/show_bug.cgi?id=83961 + + Reviewed by Eric Seidel. + + Use the regular String::find(StringImpl*) in all cases now that it has been made faster. + + * runtime/StringPrototype.cpp: + (JSC::replaceUsingStringSearch): + +2012-04-24 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, 32-bit build fix. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-04-24 Filip Pizlo <fpizlo@apple.com> + + DFG performs incorrect DCE on (some?) intrinsics + https://bugs.webkit.org/show_bug.cgi?id=84746 + <rdar://problem/11310772> + + Reviewed by Oliver Hunt. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (ByteCodeParser): + (JSC::DFG::ByteCodeParser::setIntrinsicResult): + (JSC::DFG::ByteCodeParser::handleMinMax): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-04-24 Mark Hahnenberg <mhahnenberg@apple.com> + + Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray + https://bugs.webkit.org/show_bug.cgi?id=84648 + + Reviewed by Geoffrey Garen. + + When emit_op_new_array successfully allocates a new JSArray but fails to allocate + the corresponding ArrayStorage for it, it falls back to the out-of-line stub call + to constructArray, which constructs and entirely new JSArray/ArrayStorage pair. + This leaves us with a JSArray hanging around on the stack or in a register that + did not go through its own constructor, thus giving it uninitialized memory in the + two fields that are checked in JSArray::visitChildren. + + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateJSArray): We try to allocate the ArrayStorage first, so that + if we fail we haven't generated the poisonous JSArray that can cause a GC crash. + * jit/JITOpcodes.cpp: + (JSC::JIT::emitSlow_op_new_array): + +2012-04-23 Filip Pizlo <fpizlo@apple.com> + + DFG on ARMv7 should not OSR exit on every integer division + https://bugs.webkit.org/show_bug.cgi?id=84661 + + Reviewed by Oliver Hunt. + + On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since + that was broken with the introduction of Int32ToDouble) nor does it have to know + whether or not to convert its result to integer. This is now taken care of for free + with the addition of the DoubleAsInt32 node, which represents a double-is-really-int + speculation. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): + * dfg/DFGOSRExit.h: + (OSRExit): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32): + (DFG): + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-04-24 Geoffrey Garen <ggaren@apple.com> + + "GlobalHandle" HandleHeap (now WeakSet) allocations grow but do not shrink + https://bugs.webkit.org/show_bug.cgi?id=84740 + <rdar://problem/9917638> + + Reviewed by Gavin Barraclough. + + Shrink! + + * heap/Heap.cpp: + (JSC::Heap::destroy): Be more specific about what's shrinking, since we + can also shrink the WeakSet, but we don't do so here. + + (JSC::Heap::collect): If we're going to shrink the heap, shrink the + WeakSet too. Otherwise, its footprint is permanent. + + * heap/Heap.h: + (Heap): Removed shrink() as a public interface, since it's vague about + which parts of the heap it affects, and it's really an internal detail. + + * heap/WeakSet.cpp: + (JSC::WeakSet::shrink): Nix any free blocks. We assume that sweep() has + already taken place, since that's the convention for shrink() in the heap. + + * heap/WeakSet.h: + (WeakSet): New function! + +2012-04-24 Adam Klein <adamk@chromium.org> + + Fix includes in StrongInlines.h and ScriptValue.h + https://bugs.webkit.org/show_bug.cgi?id=84659 + + Reviewed by Geoffrey Garen. + + * heap/StrongInlines.h: Include JSGlobalData.h, since JSGlobalData's + definiition is required here. + +2012-04-23 Filip Pizlo <fpizlo@apple.com> + + DFG OSR exit should ensure that all variables have been initialized + https://bugs.webkit.org/show_bug.cgi?id=84653 + <rdar://problem/11258183> + + Reviewed by Gavin Barraclough. + + Initialize all uncaptured dead variables to undefined on OSR exit. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + +2012-04-23 Oliver Hunt <oliver@apple.com> + + Call instruction for the baseline JIT stores origin info in wrong callframe + https://bugs.webkit.org/show_bug.cgi?id=84645 + + Reviewed by Gavin Barraclough. + + The baseline JIT was updating the wrong callframe when making a call. If the + call failed during dispatch (unable to perform codegen, calling a non-object) + we would attempt to use this information, but it would be completely wrong. + + * jit/JITCall.cpp: + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCall): + +2012-04-23 Filip Pizlo <fpizlo@apple.com> + + DFG must keep alive values that it will perform speculations on + https://bugs.webkit.org/show_bug.cgi?id=84638 + <rdar://problem/11258183> + + Reviewed by Oliver Hunt. + + * dfg/DFGNodeType.h: + (DFG): + +2012-04-23 Oliver Hunt <oliver@apple.com> + + Fix non-LLInt builds by temporarily removing an over-enthusiastic assertion + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::executeCall): + +2012-04-22 Jon Lee <jonlee@apple.com> + + Remove notifications support on Mac Lion. + https://bugs.webkit.org/show_bug.cgi?id=84554 + <rdar://problem/11297128> + + Reviewed by Sam Weinig. + + * Configurations/FeatureDefines.xcconfig: + +2012-04-21 Darin Adler <darin@apple.com> + + Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints + https://bugs.webkit.org/show_bug.cgi?id=84523 + + Reviewed by Oliver Hunt. + + Profiles showed that checks against -1 were costly, and I saw they could be eliminated. + Streamlined this code to use standard character types and 0 rather than -1. One benefit + of this is that there's no widening and narrowing. Another is that there are many cases + where we already have the correct behavior for 0, so can eliminate a branch that was + used to test for -1 before. Also eliminates typecasts in the code. + + * parser/Lexer.cpp: + (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a + character type, not an int. + (JSC::Lexer::setCode): Use 0 rather than -1 when past the end. + (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit. + (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end + of the code. This can be used places we used to cheeck for -1. + (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment. + (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int. + (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that + had a data-member-style name. + (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart + function already returns false for the 0 character. Updated types in a couple other places. Used + the atEnd function where needed. + (JSC::Lexer::parseIdentifierSlowCase): More of the same. + (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString. + (JSC::Lexer::parseString): Ditto. + (JSC::Lexer::parseStringSlowCase): Ditto. + (JSC::Lexer::parseMultilineComment): Ditto. + (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in + the tokenInfo instead of putting it in a local variable first, saving some memory access. + (JSC::Lexer::scanRegExp): Ditto. + (JSC::Lexer::skipRegExp): Ditto. + + * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to + the character type. Added atEnd function. + (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize. + (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1. + +2012-04-21 Darin Adler <darin@apple.com> + + Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints + https://bugs.webkit.org/show_bug.cgi?id=84523 + + Reviewed by Oliver Hunt. + + Separate preparation step of copyright dates, renaming, and other small tweaks. + + * parser/Lexer.cpp: + (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions. + (JSC::Lexer::peek): Removed meaningless comment. + (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about + what this function does. + (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name. + (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex. + (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage. + + * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class. + Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed + getUnicodeCharacter to parseFourDigitUnicodeHex. + +2012-04-20 Filip Pizlo <fpizlo@apple.com> + + DFG should optimize int8 and int16 arrays on ARMv7 + https://bugs.webkit.org/show_bug.cgi?id=84503 + + Reviewed by Oliver Hunt. + + * assembler/ARMv7Assembler.h: + (ARMv7Assembler): + (JSC::ARMv7Assembler::ldrsb): + (JSC::ARMv7Assembler::ldrsh): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::load16Signed): + (JSC::MacroAssemblerARMv7::load8Signed): + * bytecode/PredictedType.h: + (JSC::isActionableIntMutableArrayPrediction): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateInt8Array): + (JSC::DFG::Node::shouldSpeculateInt16Array): + +2012-04-20 Oliver Hunt <oliver@apple.com> + + Add an ability to find the extent of a callframe + https://bugs.webkit.org/show_bug.cgi?id=84513 + + Reviewed by Filip Pizlo. + + Add a function to get the extent of a callframe and + use that function for a new assertion to make sure the + RegisterFile makes sense using that information. + + * interpreter/CallFrame.cpp: + (JSC::CallFrame::frameExtentInternal): + (JSC): + * interpreter/CallFrame.h: + (JSC::ExecState::frameExtent): + (ExecState): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::executeCall): + +2012-04-20 Benjamin Poulain <bpoulain@apple.com> + + Inline the JSArray constructor + https://bugs.webkit.org/show_bug.cgi?id=84416 + + Reviewed by Geoffrey Garen. + + The constructor is trivial, no reason to jump for it. + + This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays). + + * runtime/JSArray.cpp: + (JSC): + * runtime/JSArray.h: + (JSC::JSArray::JSArray): + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-04-20 Mark Hahnenberg <mhahnenberg@apple.com> + + Heap should cancel GC timer at the start of the collection + https://bugs.webkit.org/show_bug.cgi?id=84477 + + Reviewed by Geoffrey Garen. + + Currently the Heap cancels the GC timer at the conclusion of a collection. + We should change this to be at the beginning because something (e.g. a finalizer) + could call didAbandonObjectGraph(), which will schedule the timer, but then + we'll immediately unschedule the timer at the conclusion of the collection, + thus potentially preventing large swaths of memory from being reclaimed in a timely manner. + + * API/JSBase.cpp: + (JSGarbageCollect): Remove outdated fix-me and remove check for whether the Heap is + busy or not, since we're just scheduling a timer to run a GC in the future. + * heap/Heap.cpp: + (JSC::Heap::collect): Rename didCollect to willCollect and move the call to the + top of Heap::collect. + * runtime/GCActivityCallback.cpp: Renamed didCollect to willCollect. + (JSC::DefaultGCActivityCallback::willCollect): + * runtime/GCActivityCallback.h: Ditto. + (JSC::GCActivityCallback::willCollect): + (DefaultGCActivityCallback): + * runtime/GCActivityCallbackCF.cpp: Ditto. + (JSC::DefaultGCActivityCallback::willCollect): + +2012-04-20 Mark Hahnenberg <mhahnenberg@apple.com> + + JSGarbageCollect should not call collectAllGarbage() + https://bugs.webkit.org/show_bug.cgi?id=84476 + + Reviewed by Geoffrey Garen. + + * API/JSBase.cpp: + (JSGarbageCollect): Notify the Heap's GCActivityCallback using didAbandonObjectGraph. + +2012-04-19 Oliver Hunt <oliver@apple.com> + + Exception stack traces aren't complete when the exception starts in native code + https://bugs.webkit.org/show_bug.cgi?id=84073 + + Reviewed by Filip Pizlo. + + Refactored building the stack trace to so that we can construct + it earlier, and don't rely on any prior work performed in the + exception handling machinery. Also updated LLInt and the DFG to + completely initialise the callframes of host function calls. + + Also fixed a few LLInt paths that failed to correctly update the + topCallFrame. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * dfg/DFGJITCompiler.h: + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + * interpreter/Interpreter.cpp: + (JSC::eval): + (JSC::Interpreter::getStackTrace): + (JSC::Interpreter::addStackTraceIfNecessary): + (JSC): + (JSC::Interpreter::throwException): + * interpreter/Interpreter.h: + (Interpreter): + * jit/JITCall.cpp: + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCall): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTINativeCall): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTINativeCall): + * jsc.cpp: + (functionJSCStack): + * llint/LLIntExceptions.cpp: + (JSC::LLInt::interpreterThrowInCaller): + (JSC::LLInt::returnToThrow): + (JSC::LLInt::callToThrow): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::handleHostCall): + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + * parser/Parser.h: + (JSC::::parse): + * runtime/Error.cpp: + (JSC::addErrorInfo): + (JSC::throwError): + * runtime/Error.h: + (JSC): + +2012-04-19 Mark Hahnenberg <mhahnenberg@apple.com> + + We're collecting pathologically due to small allocations + https://bugs.webkit.org/show_bug.cgi?id=84404 + + Reviewed by Geoffrey Garen. + + No change in performance on run-jsc-benchmarks. + + * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList. + (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): + * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no + longer useful. + (JSC::CopiedSpace::CopiedSpace): + (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than + carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace. + (JSC::CopiedSpace::tryAllocateOversize): Call the new didAllocate to notify the Heap of + newly allocated stuff. + (JSC::CopiedSpace::tryReallocateOversize): + (JSC::CopiedSpace::doneFillingBlock): + (JSC::CopiedSpace::doneCopying): + (JSC::CopiedSpace::destroy): + * heap/CopiedSpace.h: + (CopiedSpace): + * heap/CopiedSpaceInlineMethods.h: + (JSC::CopiedSpace::startedCopying): + * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and + bytesAllocatedLimit to track how much memory has been allocated since the last collection. + (JSC::Heap::Heap): + (JSC::Heap::reportExtraMemoryCostSlowCase): + (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering + a collection to be the size of the Heap after the previous collection. Thus, we still have our + 2x allocation amount. + (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated + thus far and then adds the new number of bytes to the current total. + (JSC): + * heap/Heap.h: Removed water mark related stuff. + (JSC::Heap::notifyIsSafeToCollect): + (Heap): + (JSC::Heap::shouldCollect): + (JSC): + * heap/MarkedAllocator.cpp: + (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct. + (JSC::MarkedAllocator::allocateSlowCase): + (JSC::MarkedAllocator::addBlock): + * heap/MarkedAllocator.h: + (MarkedAllocator): + (JSC::MarkedAllocator::MarkedAllocator): + (JSC::MarkedAllocator::allocate): + (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell. + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::specializedSweep): + (JSC::MarkedBlock::sweep): + (JSC::MarkedBlock::sweepHelper): + (JSC::MarkedBlock::zapFreeList): + * heap/MarkedBlock.h: + (FreeList): Added a new struct that keeps track of the current MarkedAllocator's + free list including the number of bytes of stuff in the free list so that when the free list is + exhausted, the correct amount can be reported to Heap. + (MarkedBlock): + (JSC::MarkedBlock::FreeList::FreeList): + (JSC): + * heap/MarkedSpace.cpp: Removing all water mark related stuff. + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::resetAllocators): + * heap/MarkedSpace.h: + (MarkedSpace): + (JSC): + * heap/WeakSet.cpp: + (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This + function still needs work though now that the Heap knows how many bytes have been allocated + since the last collection. + * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct. + (JSC::JIT::emitAllocateBasicJSObject): Ditto. + * llint/LowLevelInterpreter.asm: Ditto. + * runtime/GCActivityCallback.cpp: + (JSC::DefaultGCActivityCallback::didAllocate): + * runtime/GCActivityCallback.h: + (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that + the allocation that is being reported has already taken place. + (DefaultGCActivityCallback): + * runtime/GCActivityCallbackCF.cpp: + (JSC): + (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of + allocation since the last collection is not above a threshold (initially arbitrarily chosen to + be 128KB). + +2012-04-19 Filip Pizlo <fpizlo@apple.com> + + MacroAssemblerARMv7::branchTruncateDoubleToUint32 should obey the overflow signal + https://bugs.webkit.org/show_bug.cgi?id=84401 + + Reviewed by Gavin Barraclough. + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): + +2012-04-19 Don Olmstead <don.olmstead@am.sony.com> + + KeywordLookupGenerator.py should take an output file as an argument + https://bugs.webkit.org/show_bug.cgi?id=84292 + + Reviewed by Eric Seidel. + + Extended KeywordLookupGenerator to accept an additional argument specifying an output file. If this argument is found stdout is redirected to a file for the duration of the script. + + * KeywordLookupGenerator.py: + +2012-04-19 Filip Pizlo <fpizlo@apple.com> + + It should be possible to perform debugCall on ARMv7 + https://bugs.webkit.org/show_bug.cgi?id=84381 + + Reviewed by Oliver Hunt. + + debugCall() was clobbering the argument to the call it was making, leading to a + corrupt ExecState*. This change fixes that issue by using a scratch register that + does not clobber arguments, and it also introduces more assertions that we have + a valid call frame. + + * dfg/DFGAssemblyHelpers.cpp: + (DFG): + (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::selectScratchGPR): + (AssemblyHelpers): + (JSC::DFG::AssemblyHelpers::debugCall): + (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::linkOSRExits): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::selectScratchGPR): + +2012-04-19 Filip Pizlo <fpizlo@apple.com> + + LLInt no-JIT fallback native call trampoline's exception handler incorrectly assumes that + the PB/PC has been preserved + https://bugs.webkit.org/show_bug.cgi?id=84367 + + Reviewed by Oliver Hunt. + + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + +2012-04-19 Filip Pizlo <fpizlo@apple.com> + + It should be possible to load from Float64 arrays on ARMv7 without crashing + https://bugs.webkit.org/show_bug.cgi?id=84361 + + Reviewed by Oliver Hunt. + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::loadDouble): + (JSC::MacroAssemblerARMv7::storeDouble): + +2012-04-19 Dominik Röttsches <dominik.rottsches@linux.intel.com> + + [CMake] Build fix after r114575 + https://bugs.webkit.org/show_bug.cgi?id=84322 + + Reviewed by Simon Hausmann. + + Build fix, adding WTF when linking jsc shell. + + * shell/CMakeLists.txt: + +2012-04-18 Filip Pizlo <fpizlo@apple.com> + + JSC testing should have complete coverage over typed array types + https://bugs.webkit.org/show_bug.cgi?id=84302 + + Reviewed by Geoff Garen. + + Added Uint8ClampedArray to the set of typed arrays that are supported by jsc + command-line. + + * JSCTypedArrayStubs.h: + (JSC): + * jsc.cpp: + (GlobalObject::finishCreation): + +2012-04-18 Filip Pizlo <fpizlo@apple.com> + + jsc command line should support typed arrays by default + https://bugs.webkit.org/show_bug.cgi?id=84298 + + Rubber stamped by Gavin Barraclough. + + * JSCTypedArrayStubs.h: + (JSC): + * jsc.cpp: + (GlobalObject::finishCreation): + +2012-04-18 Filip Pizlo <fpizlo@apple.com> + + JSVALUE32_64 should be able to perform division on ARM without crashing, and variables + forced double should not be scrambled when performing OSR entry + https://bugs.webkit.org/show_bug.cgi?id=84272 + + Reviewed by Geoff Garen. + + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + +2012-04-18 Don Olmstead <don.olmstead@am.sony.com> + + JavaScriptCore.gypi not current + https://bugs.webkit.org/show_bug.cgi?id=84224 + + Reviewed by Eric Seidel. + + Updated JavaScriptCore.gypi to contain the latest sources. Removed os-win32 as it wasn't used. Also removed references to ICU files in the gypi file as ICU is most likely specified by the port itself. + + Private and public header files were determined by looking at copy-files.cmd within Apple's Visual Studio directory. + + * JavaScriptCore.gypi: + +2012-04-18 Benjamin Poulain <bpoulain@apple.com> + + Remove m_subclassData from JSArray, move the attribute to subclass as needed + https://bugs.webkit.org/show_bug.cgi?id=84249 + + Reviewed by Geoffrey Garen. + + JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves + the attribute to RuntimeArray to avoid allocating memory for the pointer in the common + case. + + This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations + of CopiedSpace. + + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateJSArray): + * runtime/JSArray.cpp: + (JSC::JSArray::JSArray): + * runtime/JSArray.h: + +2012-04-18 Benjamin Poulain <bpoulain@apple.com> + + replaceUsingStringSearch: delay the creation of the replace string until needed + https://bugs.webkit.org/show_bug.cgi?id=83841 + + Reviewed by Geoffrey Garen. + + We do not need to obtain the replaceValue until we have a match. By moving the intialization + of replaceValue when needed, we save a few instructions when there is no match. + + * runtime/StringPrototype.cpp: + (JSC::replaceUsingRegExpSearch): + (JSC::replaceUsingStringSearch): + (JSC::stringProtoFuncReplace): + +2012-04-18 Mark Hahnenberg <mhahnenberg@apple.com> + + GC activity timer should be tied to allocation, not collection + https://bugs.webkit.org/show_bug.cgi?id=83919 + + Reviewed by Geoffrey Garen. + + * API/JSContextRef.cpp: Used the new didAbandonObjectGraph callback to indicate that now that we've + released a global object, we're abandoning a potentially large number of objects that JSC might want + to collect. + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::tryAllocateSlowCase): Added the call to timer's willAllocate function to indicate + that we've hit a slow path and are allocating now, so schedule the timer. + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::collectAllGarbage): Removed the call to discardAllCompiledCode because it was causing us to + throw away too much code during our benchmarks (especially vp8, which is very large and thus has large + amounts of compiled code). + (JSC::Heap::collect): Added the new call to didCollect at the conclusion of a collection so that we + can cancel the timer if we no longer need to run a collection. Also added a check at the beginning of a + collection to see if we should throw away our compiled code. Currently this is set to happen about once + every minute. + * heap/Heap.h: Added field to keep track of the last time we threw away our compiled code. + * heap/MarkedAllocator.cpp: + (JSC::MarkedAllocator::allocateSlowCase): Added call to willAllocate on the allocation slow path, just like + in CopiedSpace. + * runtime/GCActivityCallback.cpp: Added default stubs for non-CF platforms. + (JSC::DefaultGCActivityCallback::willAllocate): + (JSC): + (JSC::DefaultGCActivityCallback::didCollect): + (JSC::DefaultGCActivityCallback::didAbandonObjectGraph): + * runtime/GCActivityCallback.h: Added new functions to make JSC's GC timer less arcane. This includes replacing + the operator () with willAllocate() and adding an explicit didCollect() to cancel the timer after a collection + occurs rather than relying on the way the timer is invoked to cancel itself. Also added a callback for + when somebody else (e.g. WebCore or the JSC API) to notify JSC that they have just abandoned an entire graph of + objects and that JSC might want to clean them up. + (JSC::GCActivityCallback::~GCActivityCallback): + (JSC::GCActivityCallback::willAllocate): + (JSC::GCActivityCallback::didCollect): + (JSC::GCActivityCallback::didAbandonObjectGraph): + (JSC::GCActivityCallback::synchronize): + (DefaultGCActivityCallback): + * runtime/GCActivityCallbackCF.cpp: Re-wired all the run loop stuff to implement the aforementioned functions. + We added a flag to check whether the timer was active because the call to CFRunLoopTimerSetNextFireDate actually + turned out to be quite expensive (although Instruments couldn't tell us this). + (DefaultGCActivityCallbackPlatformData): + (JSC): + (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): + (JSC::DefaultGCActivityCallback::commonConstructor): + (JSC::scheduleTimer): + (JSC::cancelTimer): + (JSC::DefaultGCActivityCallback::willAllocate): + (JSC::DefaultGCActivityCallback::didCollect): + (JSC::DefaultGCActivityCallback::didAbandonObjectGraph): + +2012-04-17 Filip Pizlo <fpizlo@apple.com> + + DFG should not attempt to get rare case counts for op_mod on ARM + https://bugs.webkit.org/show_bug.cgi?id=84218 + + Reviewed by Geoff Garen. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeSafe): + * dfg/DFGCommon.h: + (JSC::DFG::isX86): + (DFG): + +2012-04-17 Myles Maxfield <mmaxfield@google.com> + + BumpPointerAllocator assumes page size is less than MINIMUM_BUMP_POOL_SIZE + https://bugs.webkit.org/show_bug.cgi?id=80912 + + Reviewed by Hajime Morita. + + * wtf/BumpPointerAllocator.h: + (WTF::BumpPointerPool::create): + +2012-04-17 Filip Pizlo <fpizlo@apple.com> + + Attempt to fix Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-04-17 Filip Pizlo <fpizlo@apple.com> + + It should be possible to create an inheritorID for the global this object without crashing + https://bugs.webkit.org/show_bug.cgi?id=84200 + <rdar://problem/11251082> + + Reviewed by Oliver Hunt. + + * runtime/JSGlobalThis.cpp: + (JSC::JSGlobalThis::setUnwrappedObject): + * runtime/JSGlobalThis.h: + (JSC::JSGlobalThis::unwrappedObject): + (JSGlobalThis): + * runtime/JSObject.cpp: + (JSC::JSObject::createInheritorID): + * runtime/JSObject.h: + (JSObject): + (JSC::JSObject::resetInheritorID): + +2012-04-17 Filip Pizlo <fpizlo@apple.com> + + DFG and LLInt should not clobber the frame pointer on ARMv7 + https://bugs.webkit.org/show_bug.cgi?id=84185 + <rdar://problem/10767252> + + Reviewed by Gavin Barraclough. + + Changed LLInt to use a different register. Changed DFG to use one fewer + registers. We should revisit this and switch the DFG to use a different + register instead of r7, but we can do that in a subsequent step since + the performance effect is tiny. + + * dfg/DFGGPRInfo.h: + (GPRInfo): + (JSC::DFG::GPRInfo::toRegister): + (JSC::DFG::GPRInfo::toIndex): + * offlineasm/armv7.rb: + +2012-04-17 Filip Pizlo <fpizlo@apple.com> + + use after free in JSC::DFG::Node::op / JSC::DFG::ByteCodeParser::flushArgument + https://bugs.webkit.org/show_bug.cgi?id=83942 + <rdar://problem/11247370> + + Reviewed by Gavin Barraclough. + + Don't use references to the graph after resizing the graph. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::flushArgument): + +2012-04-16 Gavin Barraclough <barraclough@apple.com> + + Array.prototype.toString should be generic + https://bugs.webkit.org/show_bug.cgi?id=81588 + + Reviewed by Sam Weinig. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + - check for join function, use fast case if base object is array & join is present & default. + * runtime/CommonIdentifiers.h: + - added 'join'. + +2012-04-16 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck issues. + + * GNUmakefile.list.am: Add missing files. + +2012-04-16 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r114309. + http://trac.webkit.org/changeset/114309 + https://bugs.webkit.org/show_bug.cgi?id=84097 + + it broke everything (Requested by olliej on #webkit). + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * bytecode/CodeBlock.h: + * dfg/DFGOperations.cpp: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::getStackTrace): + (JSC::Interpreter::throwException): + * interpreter/Interpreter.h: + (Interpreter): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jsc.cpp: + (functionJSCStack): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::handleHostCall): + * parser/Parser.h: + (JSC::::parse): + * runtime/Error.cpp: + (JSC::addErrorInfo): + (JSC::throwError): + * runtime/Error.h: + (JSC): + +2012-04-16 Oliver Hunt <oliver@apple.com> + + Exception stack traces aren't complete when the exception starts in native code + https://bugs.webkit.org/show_bug.cgi?id=84073 + + Reviewed by Gavin Barraclough. + + Refactored building the stack trace to so that we can construct + it earlier, and don't rely on any prior work performed in the + exception handling machinery. Also updated LLInt and the DFG to + completely initialise the callframes of host function calls. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::codeOriginIndexForReturn): + (CodeBlock): + * dfg/DFGOperations.cpp: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::getStackTrace): + (JSC::Interpreter::addStackTraceIfNecessary): + (JSC): + (JSC::Interpreter::throwException): + * interpreter/Interpreter.h: + (Interpreter): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jsc.cpp: + (functionJSCStack): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::handleHostCall): + * parser/Parser.h: + (JSC::::parse): + * runtime/Error.cpp: + (JSC::addErrorInfo): + (JSC::throwError): + * runtime/Error.h: + (JSC): + +2012-04-16 Oliver Hunt <oliver@apple.com> + + Fix COMMANDLINE_TYPEDARRAYS build + https://bugs.webkit.org/show_bug.cgi?id=84051 + + Reviewed by Gavin Barraclough. + + Update for new putByIndex API and wtf changes. + + * JSCTypedArrayStubs.h: + (JSC): + +2012-04-16 Mark Hahnenberg <mhahnenberg@apple.com> + + GC in the middle of JSObject::allocatePropertyStorage can cause badness + https://bugs.webkit.org/show_bug.cgi?id=83839 + + Reviewed by Geoffrey Garen. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage. + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSObject.cpp: + (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're + growing our already-existing PropertyStorage. + * runtime/JSObject.h: + (JSObject): + (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage + and the new structure so that we can be sure a GC never occurs when our Structure + info is out of sync with our PropertyStorage. + (JSC): + (JSC::JSObject::putDirectInternal): Moved the check to see if we should + allocate more backing store before the actual property insertion into + the structure. + (JSC::JSObject::putDirectWithoutTransition): Ditto. + (JSC::JSObject::transitionTo): Ditto. + * runtime/Structure.cpp: + (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy + for property backing stores contained within the Structure class. + (JSC): + * runtime/Structure.h: + (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion + into the Structure would require resizing the property backing store so that they can + preallocate the required storage. + (Structure): + +2012-04-13 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r114185. + http://trac.webkit.org/changeset/114185 + https://bugs.webkit.org/show_bug.cgi?id=83967 + + Broke a bunch of JavaScript related tests (Requested by + andersca on #webkit). + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + (JSC::arrayProtoFuncToLocaleString): + * runtime/CommonIdentifiers.h: + * tests/mozilla/ecma/Array/15.4.4.2.js: + (getTestCases): + +2012-04-13 Gavin Barraclough <barraclough@apple.com> + + Don't rely on fixed offsets to patch calls + https://bugs.webkit.org/show_bug.cgi?id=83966 + + Rubber stamped by Oliver Hunt. + + These aren't being used anywhere! + + * jit/JIT.h: + * jit/JITCall.cpp: + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCall): + +2012-04-13 Hojong Han <hojong.han@samsung.com> + + Array.prototype.toString and Array.prototype.toLocaleString should be generic + https://bugs.webkit.org/show_bug.cgi?id=81588 + + Reviewed by Gavin Barraclough. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + (JSC::arrayProtoFuncToLocaleString): + * runtime/CommonIdentifiers.h: + * tests/mozilla/ecma/Array/15.4.4.2.js: + (getTestCases.array.item.new.TestCase): + (getTestCases): + +2012-04-13 Gavin Barraclough <barraclough@apple.com> + + Don't rely on fixed offsets to patch method checks + https://bugs.webkit.org/show_bug.cgi?id=83958 + + Reviewed by Oliver Hunt. + + * bytecode/StructureStubInfo.h: + - Add fields for the method check info. + * jit/JIT.cpp: + (JSC::PropertyStubCompilationInfo::copyToStubInfo): + - Store the offsets on the stub info, instead of asserting. + * jit/JIT.h: + - Delete all the method check related offsets. + * jit/JITPropertyAccess.cpp: + (JSC::JIT::patchMethodCallProto): + - Use the offset from the stubInfo. + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + - Pass the stubInfo to patchMethodCallProto. + +2012-04-13 Gavin Barraclough <barraclough@apple.com> + + Don't rely on fixed offsets to patch get_by_id/put_by_id + https://bugs.webkit.org/show_bug.cgi?id=83924 + + Reviewed by Oliver Hunt. + + Store offsets in the structure stub info, as we do for the DFG JIT. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::differenceBetween): + - this method can be static (now used from PropertyStubCompilationInfo::copyToStubInfo, will be removed soon!) + * bytecode/StructureStubInfo.h: + - added new fields for baseline JIT offsets. + * jit/JIT.cpp: + (JSC::PropertyStubCompilationInfo::copyToStubInfo): + - moved out from JIT::privateCompile. + (JSC::JIT::privateCompile): + - moved out code to PropertyStubCompilationInfo::copyToStubInfo. + * jit/JIT.h: + (PropertyStubCompilationInfo): + - added helper functions to initializae PropertyStubCompilationInfo, state to store more offset info. + - removed many offsets. + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::compileGetByIdSlowCase): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emitSlow_op_put_by_id): + (JSC::JIT::patchGetByIdSelf): + (JSC::JIT::patchPutByIdReplace): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + (JSC::JIT::resetPatchGetById): + (JSC::JIT::resetPatchPutById): + - changed code generation to use new interface to store info on PropertyStubCompilationInfo. + - changed repatch functions to read offsets from the structure stub info. + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::compileGetByIdSlowCase): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emitSlow_op_put_by_id): + (JSC::JIT::patchGetByIdSelf): + (JSC::JIT::patchPutByIdReplace): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + (JSC::JIT::resetPatchGetById): + (JSC::JIT::resetPatchPutById): + - changed code generation to use new interface to store info on PropertyStubCompilationInfo. + - changed repatch functions to read offsets from the structure stub info. + +2012-04-13 Rob Buis <rbuis@rim.com> + + Fix some compiler warnings (miscellaneous) + https://bugs.webkit.org/show_bug.cgi?id=80790 + + Reviewed by Antonio Gomes. + + Fix signed/unsigned comparison warning. + + * parser/Lexer.cpp: + (JSC::::record16): + +2012-04-12 Benjamin Poulain <bpoulain@apple.com> + + Improve replaceUsingStringSearch() for case of a single character searchValue + https://bugs.webkit.org/show_bug.cgi?id=83738 + + Reviewed by Geoffrey Garen. + + This patch improves replaceUsingStringSearch() with the following: + -Add a special case for single character search, taking advantage of the faster WTF::find(). + -Inline replaceUsingStringSearch(). + -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds + by definition. + + This gives less than 1% improvement for the multicharacter replace. + The single character search show about 9% improvement. + + * runtime/StringPrototype.cpp: + (JSC::replaceUsingStringSearch): + +2012-04-12 Michael Saboff <msaboff@apple.com> + + StructureStubInfo::reset() causes leaks of PolymorphicAccessStructureList and ExecutableMemoryHandle objects + https://bugs.webkit.org/show_bug.cgi?id=83823 + + Reviewed by Gavin Barraclough. + + Put the clearing of the accessType to after the call to deref() so that + deref() can use the accessType to delete referenced objects as needed. + + * bytecode/StructureStubInfo.h: + (JSC::StructureStubInfo::reset): + +2012-04-12 Balazs Kelemen <kbalazs@webkit.org> + + [Qt] Fix WebKit1 build with V8 + https://bugs.webkit.org/show_bug.cgi?id=83322 + + Reviewed by Adam Barth. + + * yarr/yarr.pri: + +2012-04-12 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=83821 + Move dfg repatching properties of structure stub info into a union + + Reviewed by Oliver Hunt. + + We want to be able to have similar properties for the baseline JIT, some restructuring to prepare for this. + + * bytecode/StructureStubInfo.h: + (StructureStubInfo): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgRepatchByIdSelfAccess): + (JSC::DFG::linkRestoreScratch): + (JSC::DFG::generateProtoChainAccessStub): + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::tryBuildGetByIDList): + (JSC::DFG::tryBuildGetByIDProtoList): + (JSC::DFG::emitPutReplaceStub): + (JSC::DFG::emitPutTransitionStub): + (JSC::DFG::tryCachePutByID): + (JSC::DFG::tryBuildPutByIdList): + (JSC::DFG::dfgResetGetByID): + (JSC::DFG::dfgResetPutByID): + +2012-04-12 Gavin Barraclough <barraclough@apple.com> + + Delete a bunch of unused, copy & pasted values in JIT.h + https://bugs.webkit.org/show_bug.cgi?id=83822 + + Reviewed by Oliver Hunt. + + The only architecture we support the JSVALUE64 JIT on is x86-64, all the patch offsets for other architectures are just nonsense. + + * jit/JIT.h: + (JIT): + +2012-04-12 Csaba Osztrogonác <ossy@webkit.org> + + [Qt][ARM] Buildfix after r113934. + + Reviewed by Zoltan Herczeg. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::compare8): + (MacroAssemblerARM): + +2012-04-11 Filip Pizlo <fpizlo@apple.com> + + It is incorrect to short-circuit Branch(LogicalNot(@a)) if boolean speculations on @a may fail + https://bugs.webkit.org/show_bug.cgi?id=83744 + <rdar://problem/11206946> + + Reviewed by Andy Estes. + + This does the conservative thing: it only short-circuits Branch(LogicalNot(@a)) if @a is a node + that is statically known to return boolean results. + + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + +2012-04-11 Michael Saboff <msaboff@apple.com> + + Invalid Union Reference in StructureStubInfo.{cpp.h} + https://bugs.webkit.org/show_bug.cgi?id=83735 + + Reviewed by Filip Pizlo. + + Changed the references to u.getByIdProtoList and u.getByIdSelfList + to be consistent. + + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::visitWeakReferences): + * bytecode/StructureStubInfo.h: + (JSC::StructureStubInfo::initGetByIdSelfList): + +2012-04-11 Filip Pizlo <fpizlo@apple.com> + + Unreviewed attempting to make Qt's eccentric hardware work. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::compare8): + (MacroAssemblerARM): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::compare8): + (MacroAssemblerMIPS): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::compare8): + (MacroAssemblerSH4): + +2012-04-11 Filip Pizlo <fpizlo@apple.com> + + op_is_foo should be optimized + https://bugs.webkit.org/show_bug.cgi?id=83666 + + Reviewed by Gavin Barraclough. + + This implements inlining of op_is_undefined, op_is_string, op_is_number, + and op_is_boolean in LLInt and the baseline JIT. op_is_object and + op_is_function are not inlined because they are quite a bit more complex. + + This also implements all of the op_is_foo opcodes in the DFG, but it does + not do any type profiling based optimizations, yet. + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::compare8): + (MacroAssemblerARMv7): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::compare8): + (MacroAssemblerX86Common): + * assembler/MacroAssemblerX86_64.h: + (MacroAssemblerX86_64): + (JSC::MacroAssemblerX86_64::testPtr): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCCallHelpers.h: + (JSC::DFG::CCallHelpers::setupArguments): + (CCallHelpers): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + (JSC::DFG::SpeculativeJIT::appendCallSetResult): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + (JIT): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_is_undefined): + (JSC): + (JSC::JIT::emit_op_is_boolean): + (JSC::JIT::emit_op_is_number): + (JSC::JIT::emit_op_is_string): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_is_undefined): + (JSC): + (JSC::JIT::emit_op_is_boolean): + (JSC::JIT::emit_op_is_number): + (JSC::JIT::emit_op_is_string): + * jit/JITStubs.cpp: + (JSC): + * llint/LLIntSlowPaths.cpp: + (LLInt): + * llint/LLIntSlowPaths.h: + (LLInt): + * llint/LowLevelInterpreter.asm: + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + * offlineasm/armv7.rb: + * offlineasm/instructions.rb: + * offlineasm/x86.rb: + +2012-04-11 Filip Pizlo <fpizlo@apple.com> + + If you use an IntegerOperand and want to return it with integerResult, you need to + zero extend to get rid of the box + https://bugs.webkit.org/show_bug.cgi?id=83734 + <rdar://problem/11232296> + + Reviewed by Oliver Hunt. + + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillInteger): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): + +2012-04-11 Filip Pizlo <fpizlo@apple.com> + + SpeculativeJIT::fillStorage() should work with all the states that a cell may be in + https://bugs.webkit.org/show_bug.cgi?id=83722 + + Reviewed by Gavin Barraclough. + + It's now possible to do StorageOperand on a cell, in the case that the storage is + inline. But this means that fillStorage() must be able to handle all of the states + that a cell might be in. Previously it didn't. + + With this change, it now does handle all of the states, and moreover, it does so + by preserving the DataFormat of cells and performing all of the cell speculations + that should be performed if you're using a cell as storage. But if you use this on + something that is known to be storage already then it behaves as it did before. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillStorage): + +2012-04-11 Filip Pizlo <fpizlo@apple.com> + + Global variable predictions should not be coalesced unnecessarily + https://bugs.webkit.org/show_bug.cgi?id=83678 + + Reviewed by Geoff Garen. + + Removed the PredictionTracker and everyone who used it. Converted GetGlobalVar + to have a heapPrediction like a civilized DFG opcode ought to. + + No performance effect. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.h: + * bytecode/PredictionTracker.h: Removed. + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGenerationInfo.h: + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (Graph): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasHeapPrediction): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + +2012-04-11 Benjamin Poulain <bpoulain@apple.com> + + Optimize String.split() for 1 character separator + https://bugs.webkit.org/show_bug.cgi?id=83546 + + Reviewed by Gavin Barraclough. + + This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case + where the separator is a single character. + + The two main gains are: + -Use of the find() function with a single character instead of doing a full string matching. + -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline + function. + + The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits. + + This makes String.split() faster by about 13% in that particular case. + + * runtime/StringPrototype.cpp: + (JSC): + (JSC::splitStringByOneCharacterImpl): + (JSC::stringProtoFuncSplit): + +2012-04-10 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck issues. + + * GNUmakefile.list.am: Ad missing files. + +2012-04-10 Mark Rowe <mrowe@apple.com> + + Attempt to fix the Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-04-10 Patrick Gansterer <paroga@webkit.org> + + Cleanup wtf/Platform.h and config.h files + https://bugs.webkit.org/show_bug.cgi?id=83431 + + Reviewed by Eric Seidel. + + The ENABLE() and USE() macros take care about the case when the flag + isn't defined. So there is no need to define anything with 0. + + Also move duplicated code from the config.h files to Platform.h and + merge a few preprocessor commands to make the file more readable. + + * config.h: + +2012-04-10 Filip Pizlo <fpizlo@apple.com> + + DFG should flush SetLocals to arguments + https://bugs.webkit.org/show_bug.cgi?id=83554 + + Reviewed by Gavin Barraclough. + + This is necessary to match baseline JIT argument capture behavior. + + But to make this work right we need to have a story for arguments into + which we store values of different formats. This patch introduces the + notion of an ArgumentPosition - i.e. an argument in a particular inline + call frame - and forces unification of all data pertinent to selecting + the argument's data format. + + Also fixed an amusing bug in the handling of OSR on SetLocals if there + was any insertion/deletion of nodes in the basic block. This is benign + for now but won't be eventually since the DFG is getting smarter. So + better fix it now. + + Also fixed an amusing bug in the handling of OSR on SetLocals if they + are immediately followed by a Flush. I think this bug might have always + been there but now it'll happen more commonly, and it's covered by the + run-javascriptcore-tests. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGArgumentPosition.h: Added. + (DFG): + (ArgumentPosition): + (JSC::DFG::ArgumentPosition::ArgumentPosition): + (JSC::DFG::ArgumentPosition::addVariable): + (JSC::DFG::ArgumentPosition::mergeArgumentAwareness): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::setLocal): + (JSC::DFG::ByteCodeParser::setArgument): + (InlineStackEntry): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGDoubleFormatState.h: Added. + (DFG): + (JSC::DFG::mergeDoubleFormatStates): + (JSC::DFG::mergeDoubleFormatState): + (JSC::DFG::doubleFormatStateToString): + * dfg/DFGGraph.h: + (Graph): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGVariableAccessData.h: + (JSC::DFG::VariableAccessData::VariableAccessData): + (JSC::DFG::VariableAccessData::predict): + (JSC::DFG::VariableAccessData::argumentAwarePrediction): + (VariableAccessData): + (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction): + (JSC::DFG::VariableAccessData::doubleFormatState): + (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): + (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): + (JSC::DFG::VariableAccessData::mergeDoubleFormatState): + (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat): + +2012-04-10 Adam Klein <adamk@chromium.org> + + Remove unused NonNullPassRefPtr from WTF + https://bugs.webkit.org/show_bug.cgi?id=82389 + + Reviewed by Kentaro Hara. + + * JavaScriptCore.order: Remove nonexistent symbols referencing NonNullPassRefPtr. + +2012-04-10 Darin Adler <darin@apple.com> + + Remove unused data member from Lexer class + https://bugs.webkit.org/show_bug.cgi?id=83429 + + Reviewed by Kentaro Hara. + + I noticed that m_delimited was "write-only", so I deleted it. + + * parser/Lexer.cpp: + (JSC::Lexer::setCode): Removed code to set m_delimited. + (JSC::Lexer::parseIdentifier): Ditto. + (JSC::Lexer::parseIdentifierSlowCase): Ditto. + (JSC::Lexer::lex): Ditto. + * parser/Lexer.h: Deleted m_delimited. + +2012-04-10 Patrick Gansterer <paroga@webkit.org> + + [CMake] Enable USE_FOLDERS property + https://bugs.webkit.org/show_bug.cgi?id=83571 + + Reviewed by Daniel Bates. + + Setting the FOLDER property on targets gives more structure + to the generated Visual Studio solutions. + This does not affect other CMake generators. + + * CMakeLists.txt: + * shell/CMakeLists.txt: + +2012-04-10 Filip Pizlo <fpizlo@apple.com> + + It should be possible to see why a code block was not compiled by the DFG + https://bugs.webkit.org/show_bug.cgi?id=83553 + + Reviewed by Geoff Garen. + + If DFG_ENABLE(DEBUG_VERBOSE) and a code block is rejected, then print the + opcode that caused the rejection. + + * dfg/DFGCapabilities.cpp: + (JSC::DFG::debugFail): + (DFG): + (JSC::DFG::canHandleOpcodes): + +2012-04-09 Gavin Barraclough <barraclough@apple.com> + + If a callback constructor returns a C++ null, throw a type error. + https://bugs.webkit.org/show_bug.cgi?id=83537 + + Rubber Stamped by Geoff Garen. + + * API/JSCallbackConstructor.cpp: + (JSC::constructJSCallback): + - If a callback constructor returns a C++ null, throw a type error. + * API/tests/testapi.c: + (Base_returnHardNull): + * API/tests/testapi.js: + - Add a test case for callback constructors that return a C++ null. + +2012-04-09 Gavin Barraclough <barraclough@apple.com> + + If a callback function returns a C++ null, convert to undefined. + https://bugs.webkit.org/show_bug.cgi?id=83534 + + Reviewed by Geoff Garen. + + * API/JSCallbackFunction.cpp: + - If a callback function returns a C++ null, convert to undefined. + (JSC::JSCallbackFunction::call): + * API/tests/testapi.c: + (Base_returnHardNull): + * API/tests/testapi.js: + - Add a test case for callback functions that return a C++ null. + +2012-04-09 Filip Pizlo <fpizlo@apple.com> + + Classic interpreter's GC hooks shouldn't attempt to scan instructions for code blocks that + are currently being generated + https://bugs.webkit.org/show_bug.cgi?id=83531 + <rdar://problem/11215200> + + Reviewed by Gavin Barraclough. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::stronglyVisitStrongReferences): + +2012-04-09 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks. + + * dfg/DFGOperations.cpp: + (JSC): + * offlineasm/armv7.rb: + +2012-04-09 Patrick Gansterer <paroga@webkit.org> + + Remove HAVE_STDINT_H + https://bugs.webkit.org/show_bug.cgi?id=83434 + + Reviewed by Kentaro Hara. + + HAVE_STDINT_H is defined with 1 all the time and we us stdint.h without HAVE(STDINT_H) already. + + * config.h: + +2012-04-08 Filip Pizlo <fpizlo@apple.com> + + DFG should not load the property storage if it is inline. + https://bugs.webkit.org/show_bug.cgi?id=83455 + + Reviewed by Gavin Barraclough. + + We had previously decided to have all property storage accesses go through + the property storage pointer even if they don't "really" have to, because + we were thinking this would help GC barriers somehow. Well, we never ended + up doing anything with that. Hence, doing these wasted loads of the + property storage pointer when the storage is inline is just a waste of CPU + cycles. + + This change makes the DFG's inline property accesses (GetByOffset and + PutByOffset) go directly to the inline property storage if the structure(s) + tell us that it's OK. + + This looks like an across-the-board 1% win. + + * bytecode/StructureSet.h: + (JSC): + (JSC::StructureSet::allAreUsingInlinePropertyStorage): + (StructureSet): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillStorage): + +2012-04-08 Filip Pizlo <fpizlo@apple.com> + + Command-line jsc's exception handling should be rationalized + https://bugs.webkit.org/show_bug.cgi?id=83437 + + Reviewed by Dan Bernstein. + + - If an exception is thrown during run() execution, it is now propagated, + so that it will terminate program execution unless it is caught. + + - If program execution terminates with an exception, the exception is now + always printed. + + - When printing the exception, the backtrace is now also printed if one is + available. It will only not be available if you use something akin to my + favorite line of code, 'throw "error"', since primitives don't have + properties and hence we cannot attach a "stack" property to them. + + * jsc.cpp: + (functionRun): + (runWithScripts): + +2012-04-04 Filip Pizlo <fpizlo@apple.com> + + Forced OSR exits should lead to recompilation based on count, not rate + https://bugs.webkit.org/show_bug.cgi?id=83247 + <rdar://problem/10720925> + + Reviewed by Geoff Garen. + + Track which OSR exits happen because of inadequate coverage. Count them + separately. If the count reaches a threshold, immediately trigger + reoptimization. + + This is in contrast to the recompilation trigger for all other OSR exits. + Normally recomp is triggered when the exit rate exceeds a certain ratio. + + Looks like a slight V8 speedup (sub 1%). + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::forcedOSRExitCounter): + (JSC::CodeBlock::addressOfForcedOSRExitCounter): + (JSC::CodeBlock::offsetOfForcedOSRExitCounter): + (JSC::CodeBlock::shouldReoptimizeNow): + (JSC::CodeBlock::shouldReoptimizeFromLoopNow): + (CodeBlock): + * bytecode/DFGExitProfile.h: + (JSC::DFG::exitKindToString): + * dfg/DFGOSRExitCompiler.cpp: + (JSC::DFG::OSRExitCompiler::handleExitCounts): + (DFG): + * dfg/DFGOSRExitCompiler.h: + (OSRExitCompiler): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/Options.cpp: + (Options): + (JSC::Options::initializeOptions): + * runtime/Options.h: + (Options): + +2012-04-06 Benjamin Poulain <bpoulain@apple.com> + + Do not abuse ArrayStorage's m_length for testing array consistency + https://bugs.webkit.org/show_bug.cgi?id=83403 + + Reviewed by Geoffrey Garen. + + Array creation from a list of values is a 3 steps process: + -JSArray::tryCreateUninitialized() + -JSArray::initializeIndex() for each values + -JSArray::completeInitialization() + + Previously, the attribute m_length was not set to the final size + JSArray::tryCreateUninitialized() because it was used to test the array + consistency JSArray::initializeIndex(). + + This caused the initialization loop using JSArray::initializeIndex() maintain + two counters: + -index of the loop + -storage->m_length++ + + This patch fixes this by using the index of the initialization loop for the indinces of + JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex + is introduced if CHECK_ARRAY_CONSISTENCY is defined. + + The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined. + + This improves the performance of JSArray creation from literals by 8%. + + * runtime/JSArray.cpp: + (JSC::JSArray::tryFinishCreationUninitialized): + (JSC::JSArray::checkConsistency): + * runtime/JSArray.h: + (ArrayStorage): + (JSC::JSArray::initializeIndex): + (JSC::JSArray::completeInitialization): + +2012-04-06 Jon Lee <jonlee@apple.com> + + Build fix for Windows bots. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: export missing symbol. + +2012-04-06 Geoffrey Garen <ggaren@apple.com> + + Renamed + + WeakHeap => WeakSet + HandleHeap => HandleSet + + Reviewed by Sam Weinig. + + These sets do have internal allocators, but it's confusing to call them + heaps because they're sub-objects of an object called "heap". + + * heap/HandleHeap.cpp: Removed. + * heap/HandleHeap.h: Removed. + * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp. + * heap/WeakHeap.cpp: Removed. + * heap/WeakHeap.h: Removed. + * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp. + * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h. + + Plus global rename using grep. + +2012-04-06 Dan Bernstein <mitz@apple.com> + + <rdar://problem/10912476> HiDPI: Have canvas use a hidpi backing store, but downsample upon access + + Reviewed by Sam Weinig. + + * Configurations/FeatureDefines.xcconfig: Added ENABLE_HIGH_DPI_CANVAS. + +2012-04-06 Rob Buis <rbuis@rim.com> + + Fix cast-align warnings in JSC + https://bugs.webkit.org/show_bug.cgi?id=80790 + + Reviewed by George Staikos. + + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::computeJumpType): + (JSC::ARMv7Assembler::link): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::linkCode): + * heap/MarkStack.cpp: + (JSC::SlotVisitor::copyAndAppend): + * runtime/JSArray.cpp: + (JSC::JSArray::visitChildren): + * wtf/RefCountedArray.h: + (WTF::RefCountedArray::Header::payload): + +2012-04-06 Darin Adler <darin@apple.com> + + Streamline strtod and fix some related problems + https://bugs.webkit.org/show_bug.cgi?id=82857 + + Reviewed by Geoffrey Garen. + + * parser/Lexer.cpp: + (JSC::Lexer<>::lex): Use parseDouble. Since we have already scanned the number + and we know it has only correct characters, leading spaces, trailing junk, and + trailing spaces are not a possibility. No need to add a trailing null character. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::parseInt): Changed overflow based 10 case to use parseDouble. No need + to allow trailing junk since the code above already allows only numeric digits + in the string. This code path is used only in unusual cases, so it's not + optimized for 8-bit strings, but easily could be. + (JSC::jsStrDecimalLiteral): Removed the allow trailing junk argument to this + function template because all the callers are OK with trailing junk. Use the + parseDouble function. No need to copy the data into a byte buffer, because + parseDouble handles that. + (JSC::toDouble): Got rid of the DisallowTrailingJunk argument to the + jsStrDecimalLiteral function template. That's OK because this function + already checks for trailing junk and handles it appropriately. The old code + path was doing it twice. + (JSC::parseFloat): Got rid of the AllowTrailingJunk argument to the + jsStrDecimalLiteral function template; the template allows junk unconditionally. + + * runtime/LiteralParser.cpp: + (JSC::::Lexer::lexNumber): Use parseDouble. Since we have already scanned the number + and we know it has only correct characters, leading spaces, trailing junk, and + trailing spaces are not a possibility. No need to add a trailing null character. + No need to copy the data into a byte buffer, because parseDouble handles that. + We could optimize the UChar case even more because we know all the characters + are ASCII, but not doing that at this time. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated. + +2012-04-06 Patrick Gansterer <paroga@webkit.org> + + Remove JSC dependency from GregorianDateTime + https://bugs.webkit.org/show_bug.cgi?id=83290 + + Reviewed by Geoffrey Garen. + + This allows us to move it to WTF later. + + * runtime/DateConstructor.cpp: + (JSC::callDate): + * runtime/JSDateMath.h: + +2012-04-05 Michael Saboff <msaboff@apple.com> + + Call Heap::discardAllCompiledCode() in low memory situations + https://bugs.webkit.org/show_bug.cgi?id=83335 + + Reviewed by Geoffrey Garen. + + Restructured Heap::discardAllCompiledCode() to do the "Is JavaScriptRunning?" + check inline so that it can be called directly without this check. + + * heap/Heap.cpp: + (JSC::Heap::discardAllCompiledCode): + (JSC::Heap::collectAllGarbage): + * heap/Heap.h: Added JS_EXPORT_PRIVATE to discardAllCompiledCode() so it can be + called from WebCore. + (Heap): + * runtime/JSGlobalData.h: Removed unused " void discardAllCompiledCode()" declaration. + (JSGlobalData): + +2012-04-05 Benjamin Poulain <bpoulain@apple.com> + + Speed up the conversion from JSValue to String for bulk operations + https://bugs.webkit.org/show_bug.cgi?id=83243 + + Reviewed by Geoffrey Garen. + + When making operations on primitive types, we loose some time converting + values to JSString in order to extract the string. + + This patch speeds up some basic Array operations by avoiding the creation + of intermediary JSString when possible. + + For the cases where we need to convert a lot of JSValue in a tight loop, + an inline conversion is used. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + (JSC::arrayProtoFuncToLocaleString): + (JSC::arrayProtoFuncJoin): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncSort): + * runtime/CommonIdentifiers.h: + * runtime/JSArray.cpp: + (JSC::JSArray::sort): + * runtime/JSString.h: + (JSC::JSValue::toUString): + (JSC): + (JSC::inlineJSValueNotStringtoUString): + (JSC::JSValue::toUStringInline): + * runtime/JSValue.cpp: + (JSC::JSValue::toUStringSlowCase): + (JSC): + * runtime/JSValue.h: + (JSValue): + +2012-04-05 Benjamin Poulain <bpoulain@apple.com> + + Use QuickSort when sorting primitive values by string representation + https://bugs.webkit.org/show_bug.cgi?id=83312 + + Reviewed by Gavin Barraclough. + + When the value we are sorting are all primitive values, we do not need to + ensure a stable sort as two values with equal string representation are + indistinguishable from JavaScript. + + This gives about 16% performance increase when sorting primitive values. + + * runtime/JSArray.cpp: + (JSC::JSArray::sort): + +2012-04-05 Oliver Hunt <oliver@apple.com> + + SIGILL in JavaScriptCore on a Geode processor + https://bugs.webkit.org/show_bug.cgi?id=82496 + + Reviewed by Gavin Barraclough. + + Don't attempt to use the DFG when SSE2 is not available. + + * dfg/DFGCapabilities.cpp: + (JSC::DFG::canCompileOpcodes): + +2012-04-05 Oliver Hunt <oliver@apple.com> + + Fix 32-bit build. + + * API/APICast.h: + (toJS): + +2012-04-05 Oliver Hunt <oliver@apple.com> + + Replace static_cast with jsCast when casting JSCell subclasses in JSC + https://bugs.webkit.org/show_bug.cgi?id=83307 + + Reviewed by Gavin Barraclough. + + Replace all usage of static_cast<JSCell subtype*> with jsCast<> in JavaScriptCore. + This results in assertions when unsafe casts are performed, but simply leaves + a static_cast<> in release builds. + + * API/APICast.h: + (toJS): + * API/JSCallbackConstructor.cpp: + (JSC::constructJSCallback): + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::call): + * API/JSCallbackObjectFunctions.h: + (JSC::::asCallbackObject): + (JSC::::finishCreation): + (JSC::::construct): + (JSC::::call): + * API/JSObjectRef.cpp: + (JSObjectGetPrivate): + (JSObjectSetPrivate): + (JSObjectGetPrivateProperty): + (JSObjectSetPrivateProperty): + (JSObjectDeletePrivateProperty): + * API/JSValueRef.cpp: + (JSValueIsObjectOfClass): + * API/JSWeakObjectMapRefPrivate.cpp: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::resolve): + (JSC::BytecodeGenerator::resolveConstDecl): + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::finishCreation): + * dfg/DFGOperations.cpp: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Executable.h: + (JSC::isHostFunction): + * runtime/JSActivation.h: + (JSC::asActivation): + * runtime/JSArray.cpp: + (JSC::JSArray::defineOwnProperty): + * runtime/JSArray.h: + (JSC::asArray): + * runtime/JSBoundFunction.cpp: + (JSC::boundFunctionCall): + (JSC::boundFunctionConstruct): + * runtime/JSByteArray.h: + (JSC::asByteArray): + * runtime/JSCell.cpp: + (JSC::JSCell::toObject): + * runtime/JSCell.h: + (JSC::jsCast): + * runtime/JSGlobalObject.h: + (JSC::asGlobalObject): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncEval): + * runtime/JSObject.cpp: + (JSC::JSObject::setPrototypeWithCycleCheck): + (JSC::JSObject::allowsAccessFrom): + (JSC::JSObject::toThisObject): + (JSC::JSObject::unwrappedObject): + * runtime/JSObject.h: + (JSC::asObject): + * runtime/JSPropertyNameIterator.h: + (JSC::Register::propertyNameIterator): + * runtime/JSString.h: + (JSC::asString): + (JSC::JSValue::toString): + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncSubstr): + +2012-04-05 Benjamin Poulain <bpoulain@apple.com> + + Make something faster than JSStringBuilder for joining an array of JSValue + https://bugs.webkit.org/show_bug.cgi?id=83180 + + Reviewed by Geoffrey Garen. + + This patch add the class JSStringJoiner optimized for join() operations. + + This class makes stricter constraints than JSStringBuilder in order avoid + memory allocations. + + In the best case, the class allocate memory only twice: + -Allocate an array to keep a list of UString to join. + -Allocate the final string. + + We also avoid the conversion from 8bits strings to 16bits strings since + they are costly and unlikly to help for subsequent calls. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToLocaleString): + (JSC::arrayProtoFuncJoin): + * runtime/JSStringJoiner.cpp: Added. + (JSC): + (JSC::appendStringToData): + (JSC::joinStrings): + (JSC::JSStringJoiner::build): + * runtime/JSStringJoiner.h: Added. + (JSC): + (JSStringJoiner): + (JSC::JSStringJoiner::JSStringJoiner): + (JSC::JSStringJoiner::append): + +2012-04-05 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=77293 + [Un]Reserve 'let' + + Rubber stamped by Oliver Hunt. + + Revert r106198. + This does break the web - e.g. https://bvi.bnc.ca/index/bnc/indexen.html + If we're going to reserve let, we're going to have to do so in a more + circumspect fashion. + + * parser/Keywords.table: + +2012-04-05 Michael Saboff <msaboff@apple.com> + + Rolling out http://trac.webkit.org/changeset/113262. + Original code was fine. + + Rubber-stamped by Oliver Hunt. + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::additionBlindedConstant): + +2012-04-05 Patrick Gansterer <paroga@webkit.org> + + [WinCE] Remove unnecessary function decleration + https://bugs.webkit.org/show_bug.cgi?id=83155 + + Reviewed by Kentaro Hara. + + * runtime/JSDateMath.cpp: + +2012-04-04 Patrick Gansterer <paroga@webkit.org> + + Add WTF::getCurrentLocalTime() + https://bugs.webkit.org/show_bug.cgi?id=83164 + + Reviewed by Alexey Proskuryakov. + + Replace the calls to WTF::getLocalTime() with time(0) with the new function. + This allows us to use Win32 API on windows to get the same result in a next step. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/DateConstructor.cpp: + (JSC::callDate): + +2012-04-04 Oliver Hunt <oliver@apple.com> + + Parser fails to revert some state after parsing expression and object literals. + https://bugs.webkit.org/show_bug.cgi?id=83236 + + Reviewed by Gavin Barraclough. + + Reset left hand side counter after parsing the literals. + + * parser/Parser.cpp: + (JSC::::parseObjectLiteral): + (JSC::::parseStrictObjectLiteral): + (JSC::::parseArrayLiteral): + +2012-04-04 Filip Pizlo <fpizlo@apple.com> + + DFG InstanceOf should not uselessly speculate cell + https://bugs.webkit.org/show_bug.cgi?id=83234 + + Reviewed by Oliver Hunt. + + If InstanceOf is the only user of its child then don't speculate cell, since + the not-cell case is super easy to handle. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileInstanceOf): + +2012-04-04 Michael Saboff <msaboff@apple.com> + + Fixed minor error: "& 3" should be "& 2". + + Rubber-stamped by Oliver Hunt. + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::additionBlindedConstant): + +2012-04-04 Michael Saboff <msaboff@apple.com> + + Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP + https://bugs.webkit.org/show_bug.cgi?id=83191 + + Reviewed by Oliver Hunt. + + Make are that blinded constant pairs are similarly aligned to the + original immediate values so that instructions that expect that + alignment work correctly. One example is ARMv7 add/sub imm to SP. + + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned. + (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned. + (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned. + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::additionBlindedConstant): + +2012-04-04 Filip Pizlo <fpizlo@apple.com> + + DFG should short-circuit Branch(LogicalNot(...)) + https://bugs.webkit.org/show_bug.cgi?id=83181 + + Reviewed by Geoff Garen. + + Slight (sub 1%) speed-up on V8. + + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + +2012-04-04 Geoffrey Garen <ggaren@apple.com> + + [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode + https://bugs.webkit.org/show_bug.cgi?id=83139 + + Reviewed by Sam Weinig. + + * heap/PassWeak.h: + (JSC::::get): 32-bit JSValue treats JSValue(nullptr).asCell() as an error, + so work around that here. (Long-term, we should make 32-bit and 64-bit + agree on the right behavior.) + +2012-04-03 Geoffrey Garen <ggaren@apple.com> + + Updated JSC expected test results to reflect recent bug fixes <disapproving look>. + + Reviewed by Sam Weinig. + + * tests/mozilla/expected.html: + +2012-03-29 Geoffrey Garen <ggaren@apple.com> + + First step toward incremental Weak<T> finalization + https://bugs.webkit.org/show_bug.cgi?id=82670 + + Reviewed by Filip Pizlo. + + This patch implements a Weak<T> heap that is compatible with incremental + finalization, while making as few behavior changes as possible. The behavior + changes it makes are: + + (*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically -- + instead, a separate flag indicates that the JSValue is no longer valid. + (This is required so that the JSValue can be preserved for later finalization.) + Objects dealing with WeakImpls directly must change to check the flag. + + (*) Weak<T> is no longer a subclass of Handle<T>. + + (*) DOM GC performance is different -- 9% faster in the geometric mean, + but 15% slower in one specific case: + gc-dom1.html: 6% faster + gc-dom2.html: 23% faster + gc-dom3.html: 17% faster + gc-dom4.html: 15% *slower* + + The key features of this new heap are: + + (*) Each block knows its own state, independent of any other blocks. + + (*) Each block caches its own sweep result. + + (*) The heap visits dead Weak<T>s at the end of GC. (It doesn't + mark them yet, since that would be a behavior change.) + + * API/JSCallbackObject.cpp: + (JSC::JSCallbackObjectData::finalize): + * API/JSCallbackObjectFunctions.h: + (JSC::::init): Updated to use the new WeakHeap API. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: Paid the build system tax since I added some new files. + + * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public, + so we can keep passing a Handle<T> to finalizers, to avoid more surface + area change in this patch. A follow-up patch should change the type we + pass to finalizers. + + * heap/HandleHeap.cpp: + (JSC): + (JSC::HandleHeap::writeBarrier): + (JSC::HandleHeap::isLiveNode): + * heap/HandleHeap.h: + (JSC): + (HandleHeap): + (Node): + (JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since + we have a separate WeakHeap now. + + * heap/Heap.cpp: + (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted + for through our watermark now. Removed m_waterMark because it was unused. + + (JSC::Heap::destroy): Updated for addition of WeakHeap. + + (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own + variable to participating in the watermark strategy. I wanted to standardize + WeakHeap and all other Heap clients on this strategy, to make sure it's + accurate. + + (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap + dead visit pass, as explained above. + + (JSC::Heap::collect): + (JSC::Heap::resetAllocators): Updated for addition of WeakHeap. + + (JSC::Heap::addFinalizer): + (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API. + + * heap/Heap.h: + (JSC::Heap::weakHeap): + (Heap): + (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking + strategy, since this is the best way for WeakHeap to report its memory + cost. (I plan to update this in a follow-up patch to make it more accurate, + but for now it is not less accurate than it used to be.) + + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::resetAllocators): + * heap/MarkedSpace.h: + (MarkedSpace): + (JSC::MarkedSpace::addToWaterMark): + (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because + it was unused, and I didn't want to update WeakHeap to keep an usused + variable working. Added API for above. + + * heap/PassWeak.h: + (JSC): + (WeakImplAccessor): + (PassWeak): + (JSC::::operator): + (JSC::::get): + (JSC::::was): + (JSC::::PassWeak): + (JSC::::~PassWeak): + (JSC::UnspecifiedBoolType): + (JSC::::leakImpl): + (JSC::adoptWeak): + * heap/Strong.h: + (JSC::Strong::operator!): + (Strong): + (JSC::Strong::operator UnspecifiedBoolType*): + (JSC::Strong::get): + * heap/Weak.h: + (Weak): + (JSC::::Weak): + (JSC): + (JSC::::isHashTableDeletedValue): + (JSC::::~Weak): + (JSC::::swap): + (JSC::=): + (JSC::::operator): + (JSC::UnspecifiedBoolType): + (JSC::::release): + (JSC::::clear): + (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil + down to two things: + + (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap. + + (*) Explicitly check WeakImpl::state() for non-liveness before returning + a value (explained above). + + These files implement the new Weak<T> heap behavior described above: + + * heap/WeakBlock.cpp: Added. + * heap/WeakBlock.h: Added. + * heap/WeakHandleOwner.cpp: Added. + * heap/WeakHandleOwner.h: Added. + * heap/WeakHeap.cpp: Added. + * heap/WeakHeap.h: Added. + * heap/WeakImpl.h: Added. + + One interesting difference from the old heap is that we don't allow + clients to overwrite a WeakImpl after allocating it, and we don't recycle + WeakImpls prior to garbage collection. This is required for lazy finalization, + but it will also help us esablish a useful invariant in the future: allocating + a WeakImpl will be a binding contract to run a finalizer at some point in the + future, even if the WeakImpl is later deallocated. + + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of + its JSValue, since that's our API contract now, and the JSValue might + be stale. + + * runtime/JSCell.h: + (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless. + + * runtime/Structure.cpp: + (JSC::StructureTransitionTable::add): I can't remember why I did this. + + * runtime/StructureTransitionTable.h: + * runtime/WeakGCMap.h: I had to update these classes because they allocate + and deallocate weak pointers manually. They should probably stop doing that. + +2012-04-03 Keishi Hattori <keishi@webkit.org> + + Disable ENABLE_DATALIST for now + https://bugs.webkit.org/show_bug.cgi?id=82871 + + Reviewed by Kent Tamura. + + * Configurations/FeatureDefines.xcconfig: Disabled ENABLE_DATALIST. + +2012-04-02 Filip Pizlo <fpizlo@apple.com> + + jsr/sret should be removed + https://bugs.webkit.org/show_bug.cgi?id=82986 + <rdar://problem/11017015> + + Reviewed by Sam Weinig and Geoff Garen. + + Replaces jsr/sret with finally block inlining. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::pushFinallyContext): + (JSC::BytecodeGenerator::emitComplexJumpScopes): + (JSC): + * bytecompiler/BytecodeGenerator.h: + (FinallyContext): + (BytecodeGenerator): + * bytecompiler/NodesCodegen.cpp: + (JSC::TryNode::emitBytecode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompile): + * jit/JIT.h: + (JIT): + * jit/JITOpcodes.cpp: + (JSC): + * jit/JITOpcodes32_64.cpp: + (JSC): + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + +2012-04-03 Mark Rowe <mrowe@apple.com> + + Make it possible to install the JavaScriptCore test tools. + + Part of <rdar://problem/11158607>. + + Reviewed by Filip Pizlo. + + * JavaScriptCore.xcodeproj/project.pbxproj: Introduce an aggregate target named + Test Tools that builds testapi, minidom and testRegExp. Switch All from depending on + those targets individually to depending on the new aggregate target. + +2012-04-03 Filip Pizlo <fpizlo@apple.com> + + Offlineasm ARM backend has a very convoluted way of saying it wants to emit a + three-operand multiply instruction + https://bugs.webkit.org/show_bug.cgi?id=83100 + + Reviewed by Darin Adler. + + Changed the "muli"/"mulp" case to call emitArmV7() since that helper method was + already smart enough to do the Right Thing for multiply. + + * offlineasm/armv7.rb: + +2012-04-03 Filip Pizlo <fpizlo@apple.com> + + Offlineasm ARM backend uses the wrong mnemonic for multiply + https://bugs.webkit.org/show_bug.cgi?id=83098 + <rdar://problem/11168744> + + Reviewed by Gavin Barraclough. + + Use "mul" instead of "muls" since we're passing three operands, not two. + + * offlineasm/armv7.rb: + +2012-04-03 Gavin Barraclough <barraclough@apple.com> + + Linux crashes during boot + https://bugs.webkit.org/show_bug.cgi?id=83096 + + Reviewed by Filip Pizlo. + + The bug here is that we add empty JSValues to the sparse map, and then set them + - but a GC may occur before doing so (due to a call to reportExtraMemory cost). + We may want to consider making it safe to mark empty JSValues, but the simple & + contained fix to this specific bug is to just initialize these values to + something other than JSValue(). + + * runtime/JSArray.cpp: + (JSC::SparseArrayValueMap::add): + - Initialize sparse map entries. + +2012-04-02 Oliver Hunt <oliver@apple.com> + + Incorrect liveness information when inlining + https://bugs.webkit.org/show_bug.cgi?id=82985 + + Reviewed by Filip Pizlo. + + Don't remap register numbers that have already been remapped. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleInlining): + +2012-04-02 Filip Pizlo <fpizlo@apple.com> + + Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we + try to create an arguments object from the activation + https://bugs.webkit.org/show_bug.cgi?id=82947 + <rdar://problem/11058598> + + Reviewed by Gavin Barraclough. + + We now copy the entire call frame header just to be sure. This is mostly perf-netural, + except for a 3.7% slow-down in V8/earley. + + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildren): + * runtime/JSActivation.h: + (JSC::JSActivation::tearOff): + +2012-04-02 Daniel Bates <dbates@webkit.org> + + Remove Source/JavaScriptCore/wtf and its empty subdirectories + + Rubber-stamped by Eric Seidel. + + Following the move of WTF from Source/JavaScriptCore/wtf to Source/WTF + (https://bugs.webkit.org/show_bug.cgi?id=75673), remove directory + Source/JavaScriptCore/wtf and its empty subdirectories. + + * wtf: Removed. + * wtf/android: Removed. + * wtf/blackberry: Removed. + * wtf/chromium: Removed. + * wtf/dtoa: Removed. + * wtf/efl: Removed. + * wtf/gobject: Removed. + * wtf/gtk: Removed. + * wtf/mac: Removed. + * wtf/qt: Removed. + * wtf/qt/compat: Removed. + * wtf/tests: Removed. + * wtf/text: Removed. + * wtf/threads: Removed. + * wtf/threads/win: Removed. + * wtf/unicode: Removed. + * wtf/unicode/glib: Removed. + * wtf/unicode/icu: Removed. + * wtf/unicode/qt4: Removed. + * wtf/unicode/wince: Removed. + * wtf/url: Removed. + * wtf/url/api: Removed. + * wtf/url/src: Removed. + * wtf/win: Removed. + * wtf/wince: Removed. + * wtf/wx: Removed. + +2012-04-02 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck issues. + + * GNUmakefile.list.am: Add missing file. + +2012-04-01 Darin Adler <darin@apple.com> + + Fix incorrect path for libWTF.a in Mac project file. + + * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that + would cause other configurations to try to link with the "Release" version of + libWTF.a instead of the correct version. + +2012-03-29 Filip Pizlo <fpizlo@apple.com> + + DFG should optimize a==b for a being an object and b being either an object or + null/undefined, and vice versa + https://bugs.webkit.org/show_bug.cgi?id=82656 + + Reviewed by Oliver Hunt. + + Implements additional object equality optimizations for the case that one + operand is predicted to be an easily speculated object (like FinalObject or + Array) and the other is either an easily speculated object or Other, i.e. + Null or Undefined. + + 2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8. + + I also took the opportunity to clean up the control flow for the speculation + decisions in the various Compare opcodes. And to fix a build bug in SamplingTool. + And to remove debug cruft I stupidly committed in my last patch. + + * bytecode/SamplingTool.h: + (SamplingRegion): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + (JSC::DFG::SpeculativeJIT::compare): + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): + (DFG): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): + (DFG): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): + +2012-03-30 David Barr <davidbarr@chromium.org> + + Split up top-level .gitignore and .gitattributes + https://bugs.webkit.org/show_bug.cgi?id=82687 + + Reviewed by Tor Arne Vestbø. + + * JavaScriptCore.gyp/.gitignore: Added. + +2012-03-30 Steve Falkenburg <sfalken@apple.com> + + Windows (make based) build fix. + + * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them. + +2012-03-30 Keishi Hattori <keishi@webkit.org> + + Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium + https://bugs.webkit.org/show_bug.cgi?id=80972 + + Reviewed by Kent Tamura. + + * Configurations/FeatureDefines.xcconfig: + +2012-03-29 Mark Hahnenberg <mhahnenberg@apple.com> + + Refactor recompileAllJSFunctions() to be less expensive + https://bugs.webkit.org/show_bug.cgi?id=80330 + + Reviewed by Filip Pizlo. + + This change is performance neutral on the JS benchmarks we track. It's mostly to improve page + load performance, which currently does at least a couple full GCs per navigation. + + * heap/Heap.cpp: + (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode + because the function doesn't actually recompile anything (and never did); it simply throws code + away for it to be recompiled later if we determine we should do so. + (JSC): + (JSC::Heap::collectAllGarbage): + (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list. + (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list. + * heap/Heap.h: + (JSC): + (Heap): + * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can + be used in DoublyLinkedLists. + (JSC::FunctionExecutable::FunctionExecutable): + (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list. + * runtime/Executable.h: + (FunctionExecutable): + (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list. + * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage + the list of FunctionExecutables. + * runtime/JSGlobalData.h: + (JSGlobalData): + * runtime/JSGlobalObject.cpp: + (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode. + +2012-03-29 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for non-x86 platforms. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileSoftModulo): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emitSlow_op_mod): + +2012-03-29 Gavin Barraclough <barraclough@apple.com> + + Windows build fix p2. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-29 Gavin Barraclough <barraclough@apple.com> + + Windows build fix p1. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-29 Gavin Barraclough <barraclough@apple.com> + + Template the Yarr::Interpreter on the character type + https://bugs.webkit.org/show_bug.cgi?id=82637 + + Reviewed by Sam Weinig. + + We should be able to call to the interpreter after having already checked the character type, + without having to re-package the character pointer back up into a string! + + * runtime/RegExp.cpp: + (JSC::RegExp::match): + (JSC::RegExp::matchCompareWithInterpreter): + - Don't pass length. + * yarr/Yarr.h: + - moved function declarations to YarrInterpreter.h. + * yarr/YarrInterpreter.cpp: + (Yarr): + (Interpreter): + (JSC::Yarr::Interpreter::InputStream::InputStream): + (InputStream): + (JSC::Yarr::Interpreter::Interpreter): + (JSC::Yarr::interpret): + - templated Interpreter class on CharType. + * yarr/YarrInterpreter.h: + (Yarr): + - added function declarations. + +2012-03-29 David Kilzer <ddkilzer@apple.com> + + Don't use a flattened framework path when building on OS X + + Reviewed by Mark Rowe. + + * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME + to select different INSTALL_PATH values. + +2012-03-29 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed build fix, add Win-specific sources + the wx port needs after WTF move. + + * wscript: + +2012-03-29 Andy Estes <aestes@apple.com> + + Remove an unused variable that breaks the build with newer versions of clang. + + Rubber stamped by Gavin Barraclough. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): + +2012-03-29 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> + + HashMap<>::add should return a more descriptive object + https://bugs.webkit.org/show_bug.cgi?id=71063 + + Reviewed by Ryosuke Niwa. + + Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps + the iterator type, there's a need for its own AddResult type -- instantiated from + HashTableAddResult template class. + + * API/JSCallbackObject.h: + (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty): + * API/JSClassRef.cpp: + (OpaqueJSClass::contextData): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::addVar): + (JSC::BytecodeGenerator::addGlobalVar): + (JSC::BytecodeGenerator::addConstant): + (JSC::BytecodeGenerator::addConstantValue): + (JSC::BytecodeGenerator::emitLoad): + (JSC::BytecodeGenerator::addStringConstant): + (JSC::BytecodeGenerator::emitLazyNewFunction): + * bytecompiler/NodesCodegen.cpp: + (JSC::PropertyListNode::emitBytecode): + * debugger/Debugger.cpp: + * dfg/DFGAssemblyHelpers.cpp: + (JSC::DFG::AssemblyHelpers::decodedCodeMapFor): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::cellConstant): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * jit/JITStubs.cpp: + (JSC::JITThunks::ctiStub): + (JSC::JITThunks::hostFunctionStub): + * parser/Parser.cpp: + (JSC::::parseStrictObjectLiteral): + * parser/Parser.h: + (JSC::Scope::declareParameter): + * runtime/Identifier.cpp: + (JSC::Identifier::add): + (JSC::Identifier::add8): + (JSC::Identifier::addSlowCase): + * runtime/Identifier.h: + (JSC::Identifier::add): + (JSC::IdentifierTable::add): + * runtime/JSArray.cpp: + (JSC::SparseArrayValueMap::add): + (JSC::SparseArrayValueMap::put): + (JSC::SparseArrayValueMap::putDirect): + (JSC::JSArray::enterDictionaryMode): + (JSC::JSArray::defineOwnNumericProperty): + * runtime/JSArray.h: + (SparseArrayValueMap): + * runtime/PropertyNameArray.cpp: + (JSC::PropertyNameArray::add): + * runtime/StringRecursionChecker.h: + (JSC::StringRecursionChecker::performCheck): + * runtime/Structure.cpp: + (JSC::StructureTransitionTable::add): + * runtime/WeakGCMap.h: + (WeakGCMap): + (JSC::WeakGCMap::add): + (JSC::WeakGCMap::set): + * tools/ProfileTreeNode.h: + (JSC::ProfileTreeNode::sampleChild): + +2012-03-29 Patrick Gansterer <paroga@webkit.org> + + Build fix for !ENABLE(YARR_JIT) after r112454. + + * runtime/RegExp.cpp: + (JSC::RegExp::invalidateCode): + +2012-03-28 Filip Pizlo <fpizlo@apple.com> + + DFG object equality speculations should be simplified + https://bugs.webkit.org/show_bug.cgi?id=82557 + + Reviewed by Gavin Barraclough. + + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateFinalObject): + (JSC::DFG::Node::shouldSpeculateArray): + +2012-03-28 David Kilzer <ddkilzer@apple.com> + + minidom configurations should be based on ToolExecutable.xcconfig + <http://webkit.org/b/82513> + + Reviewed by Mark Rowe. + + Note that this patch changes minidom from being installed in + /usr/local/bin to JavaScriptCore.framework/Resources. + + * Configurations/ToolExecutable.xcconfig: Add semi-colon. + * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom + configurations on ToolExecutable.xcconfig. Remove redundant + PRODUCT_NAME and SKIP_INSTALL variables. + +2012-03-28 Gavin Barraclough <barraclough@apple.com> + + Build fix - some compiles generating NORETURN related warnings. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::setSubpatternStart): + (JSC::Yarr::YarrGenerator::setSubpatternEnd): + (JSC::Yarr::YarrGenerator::clearSubpatternStart): + +2012-03-28 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed. Build fix, move WTF back into JSCore target + until issues with JSCore not linking in all WTF symbols are resolved. + + * wscript: + +2012-03-28 Gavin Barraclough <barraclough@apple.com> + + Yarr: if we're not using the output array, don't populate it! + https://bugs.webkit.org/show_bug.cgi?id=82519 + + Reviewed by Sam Weinig. + + * runtime/RegExp.cpp: + (JSC): + - Missed review comment! - didn't fully remove RegExpRepresentation. + +2012-03-28 Gavin Barraclough <barraclough@apple.com> + + Yarr: if we're not using the output array, don't populate it! + https://bugs.webkit.org/show_bug.cgi?id=82519 + + Reviewed by Sam Weinig. + + Add a new variant of the match method to RegExp that returns a MatchResult, + and modify YarrJIT to be able to compile code that doesn't use an output vector. + + This is a 3% progression on v8-regexp. + + * JavaScriptCore.xcodeproj/project.pbxproj: + - Moved MatchResult into its own header. + * assembler/AbstractMacroAssembler.h: + - Added missing include. + * runtime/MatchResult.h: Added. + (MatchResult::MatchResult): + (MatchResult): + (MatchResult::failed): + (MatchResult::operator bool): + (MatchResult::empty): + - Moved MatchResult into its own header. + * runtime/RegExp.cpp: + (JSC::RegExp::compile): + (JSC::RegExp::compileIfNecessary): + (JSC::RegExp::match): + - Changed due to execute & representation changes. + (JSC::RegExp::compileMatchOnly): + (JSC::RegExp::compileIfNecessaryMatchOnly): + - Added helper to compile MatchOnly code. + (JSC::RegExp::invalidateCode): + (JSC::RegExp::matchCompareWithInterpreter): + (JSC::RegExp::printTraceData): + - Changed due representation changes. + * runtime/RegExp.h: + (RegExp): + (JSC::RegExp::hasCode): + - Made YarrCodeBlock a member. + * runtime/RegExpConstructor.h: + (RegExpConstructor): + (JSC::RegExpConstructor::performMatch): + - Added no-ovector form. + * runtime/RegExpMatchesArray.cpp: + (JSC::RegExpMatchesArray::reifyAllProperties): + - Match now takes a reference to ovector, not a pointer. + * runtime/RegExpObject.h: + (JSC): + - Moved MatchResult into its own header. + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncSplit): + - Match now takes a reference to ovector, not a pointer. + * testRegExp.cpp: + (testOneRegExp): + - Match now takes a reference to ovector, not a pointer. + * yarr/YarrJIT.cpp: + (Yarr): + (YarrGenerator): + (JSC::Yarr::YarrGenerator::initCallFrame): + (JSC::Yarr::YarrGenerator::removeCallFrame): + (JSC::Yarr::YarrGenerator::setSubpatternStart): + (JSC::Yarr::YarrGenerator::setSubpatternEnd): + (JSC::Yarr::YarrGenerator::clearSubpatternStart): + (JSC::Yarr::YarrGenerator::setMatchStart): + (JSC::Yarr::YarrGenerator::getMatchStart): + - Added helper functions to intermediate access to output. + (JSC::Yarr::YarrGenerator::generateDotStarEnclosure): + (JSC::Yarr::YarrGenerator::generate): + (JSC::Yarr::YarrGenerator::backtrack): + (JSC::Yarr::YarrGenerator::generateEnter): + (JSC::Yarr::YarrGenerator::compile): + - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns. + (JSC::Yarr::jitCompile): + - Needs to template of MatchOnly or IncludeSubpatterns. + * yarr/YarrJIT.h: + (YarrCodeBlock): + (JSC::Yarr::YarrCodeBlock::set8BitCode): + (JSC::Yarr::YarrCodeBlock::set16BitCode): + (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly): + (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly): + (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly): + (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly): + (JSC::Yarr::YarrCodeBlock::execute): + (JSC::Yarr::YarrCodeBlock::clear): + - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching. + +2012-03-27 Filip Pizlo <fpizlo@apple.com> + + DFG OSR exit should not generate an exit for variables of inlinees if the + inlinees are not in scope + https://bugs.webkit.org/show_bug.cgi?id=82312 + + Reviewed by Oliver Hunt. + + * bytecode/CodeBlock.h: + (JSC::baselineCodeBlockForInlineCallFrame): + (JSC): + (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::computeNumVariablesForCodeOrigin): + (DFG): + (JSC::DFG::OSRExit::OSRExit): + +2012-03-27 Matt Lilek <mrl@apple.com> + + Stop compiling Interpreter.cpp with -fno-var-tracking + https://bugs.webkit.org/show_bug.cgi?id=82299 + + Reviewed by Anders Carlsson. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2012-03-27 Pratik Solanki <psolanki@apple.com> + + Compiler warning when JIT is not enabled + https://bugs.webkit.org/show_bug.cgi?id=82352 + + Reviewed by Filip Pizlo. + + * runtime/JSFunction.cpp: + (JSC::JSFunction::create): + +2012-03-26 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Unaligned userspace access for SH4 platforms + https://bugs.webkit.org/show_bug.cgi?id=79104 + + Reviewed by Gavin Barraclough. + + * assembler/AbstractMacroAssembler.h: + (Jump): + (JSC::AbstractMacroAssembler::Jump::Jump): + (JSC::AbstractMacroAssembler::Jump::link): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::load16Unaligned): + (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords): + (JSC::MacroAssemblerSH4::branchDouble): + (JSC::MacroAssemblerSH4::branchTrue): + (JSC::MacroAssemblerSH4::branchFalse): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::extraInstrForBranch): + (SH4Assembler): + (JSC::SH4Assembler::bra): + (JSC::SH4Assembler::linkJump): + * jit/JIT.h: + (JIT): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + +2012-03-26 Ryosuke Niwa <rniwa@webkit.org> + + cssText should use shorthand notations + https://bugs.webkit.org/show_bug.cgi?id=81737 + + Reviewed by Enrica Casucci. + + Export symbols of BitVector on Windows. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-26 Filip Pizlo <fpizlo@apple.com> + + DFG should assert that argument value recoveries can only be + AlreadyInRegisterFile or Constant + https://bugs.webkit.org/show_bug.cgi?id=82249 + + Reviewed by Michael Saboff. + + Made the assertions that the DFG makes for argument value recoveries match + what Arguments expects. + + * bytecode/ValueRecovery.h: + (JSC::ValueRecovery::isConstant): + (ValueRecovery): + (JSC::ValueRecovery::isAlreadyInRegisterFile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-03-26 Dan Bernstein <mitz@apple.com> + + Tried to fix the Windows build. + + * yarr/YarrPattern.cpp: + (JSC::Yarr::CharacterClassConstructor::putRange): + +2012-03-26 Gavin Barraclough <barraclough@apple.com> + + Unreviewed - speculative Windows build fix. + + * yarr/YarrCanonicalizeUCS2.h: + (JSC::Yarr::getCanonicalPair): + +2012-03-26 Dan Bernstein <mitz@apple.com> + + Fixed builds with assertions disabled. + + * yarr/YarrCanonicalizeUCS2.h: + (JSC::Yarr::areCanonicallyEquivalent): + +2012-03-26 Gavin Barraclough <barraclough@apple.com> + + Unreviewed - errk! - accidentally the whole pbxproj. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2012-03-25 Gavin Barraclough <barraclough@apple.com> + + Greek sigma is handled wrong in case independent regexp. + https://bugs.webkit.org/show_bug.cgi?id=82063 + + Reviewed by Oliver Hunt. + + The bug here is that we assume that any given codepoint has at most one additional value it + should match under a case insensitive match, and that the pair of codepoints that match (if + a codepoint does not only match itself) can be determined by calling toUpper/toLower on the + given codepoint). Life is not that simple. + + Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters + it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular + we can pack this table quite nicely, and get it down to 364 entries. This means we can use a + simple binary search to find an entry in typically eight compares. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * yarr/yarr.pri: + - Added new files to build systems. + * yarr/YarrCanonicalizeUCS2.cpp: Added. + - New - autogenerated, UCS2 canonicalized comparison tables. + * yarr/YarrCanonicalizeUCS2.h: Added. + (JSC::Yarr::rangeInfoFor): + - Look up the canonicalization info for a UCS2 character. + (JSC::Yarr::getCanonicalPair): + - For a UCS2 character with a single equivalent value, look it up. + (JSC::Yarr::isCanonicallyUnique): + - Returns true if no other UCS2 code points are canonically equal. + (JSC::Yarr::areCanonicallyEquivalent): + - Compare two values, under canonicalization rules. + * yarr/YarrCanonicalizeUCS2.js: Added. + - script used to generate YarrCanonicalizeUCS2.cpp. + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::tryConsumeBackReference): + - Use isCanonicallyUnique, rather than Unicode toUpper/toLower. + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals): + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): + - Use isCanonicallyUnique, rather than Unicode toUpper/toLower. + * yarr/YarrPattern.cpp: + (JSC::Yarr::CharacterClassConstructor::putChar): + - Updated to determine canonical equivalents correctly. + (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase): + - Added, used to put a non-ascii, non-unique character in a case-insensitive match. + (JSC::Yarr::CharacterClassConstructor::putRange): + - Updated to determine canonical equivalents correctly. + (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter): + - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo. + +2012-03-26 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs, + so we make sure it finds the API headers on all platforms. + + * wscript: + +2012-03-26 Patrick Gansterer <paroga@webkit.org> + + Build fix for WinCE after r112039. + + * interpreter/Register.h: + (Register): Removed inline keyword from decleration since + there is an ALWAYS_INLINE at the definition anyway. + +2012-03-26 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Add missing files. + +2012-03-25 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed build fix. Move WTF to its own static lib build. + + * wscript: + +2012-03-25 Filip Pizlo <fpizlo@apple.com> + + DFG int-to-double conversion should be revealed to CSE + https://bugs.webkit.org/show_bug.cgi?id=82135 + + Reviewed by Oliver Hunt. + + This introduces the notion of an Int32ToDouble node, which is injected + into the graph anytime we know that we have a double use of a node that + was predicted integer. The Int32ToDouble simplifies double speculation + on integers by skipping the path that would unbox doubles, if we know + that the value is already proven to be an integer. It allows integer to + double conversions to be subjected to common subexpression elimination + (CSE) by allowing the CSE phase to see where these conversions are + occurring. Finally, it allows us to see when a constant is being used + as both a double and an integer. This is a bit odd, since it means that + sometimes a double use of a constant will not refer directly to the + constant. This should not cause problems, for now, but it may require + some canonizalization in the future if we want to support strength + reductions of double operations based on constants. + + To allow injection of nodes into the graph, this change introduces the + DFG::InsertionSet, which is a way of lazily inserting elements into a + list. This allows the FixupPhase to remain O(N) despite performing + multiple injections in a single basic block. Without the InsertionSet, + each injection would require performing an insertion into a vector, + which is O(N), leading to O(N^2) performance overall. With the + InsertionSet, each injection simply records what insertion would have + been performed, and all insertions are performed at once (via + InsertionSet::execute) after processing of a basic block is completed. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/PredictedType.h: + (JSC::isActionableIntMutableArrayPrediction): + (JSC): + (JSC::isActionableFloatMutableArrayPrediction): + (JSC::isActionableTypedMutableArrayPrediction): + (JSC::isActionableMutableArrayPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGCommon.h: + (JSC::DFG::useKindToString): + (DFG): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::run): + (JSC::DFG::FixupPhase::fixupBlock): + (FixupPhase): + (JSC::DFG::FixupPhase::fixupNode): + (JSC::DFG::FixupPhase::fixDoubleEdge): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGInsertionSet.h: Added. + (DFG): + (Insertion): + (JSC::DFG::Insertion::Insertion): + (JSC::DFG::Insertion::index): + (JSC::DFG::Insertion::element): + (InsertionSet): + (JSC::DFG::InsertionSet::InsertionSet): + (JSC::DFG::InsertionSet::append): + (JSC::DFG::InsertionSet::execute): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + (JSC::DFG::SpeculativeJIT::compileValueToInt32): + (JSC::DFG::SpeculativeJIT::compileInt32ToDouble): + (DFG): + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + (JSC::DFG::IntegerOperand::IntegerOperand): + (JSC::DFG::DoubleOperand::DoubleOperand): + (JSC::DFG::JSValueOperand::JSValueOperand): + (JSC::DFG::StorageOperand::StorageOperand): + (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): + (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): + (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): + (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): + (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-03-25 Filip Pizlo <fpizlo@apple.com> + + DFGOperands should be moved out of the DFG and into bytecode + https://bugs.webkit.org/show_bug.cgi?id=82151 + + Reviewed by Dan Bernstein. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h. + * dfg/DFGBasicBlock.h: + * dfg/DFGNode.h: + * dfg/DFGOSREntry.h: + * dfg/DFGOSRExit.h: + * dfg/DFGOperands.h: Removed. + * dfg/DFGVariableAccessData.h: + +2012-03-24 Filip Pizlo <fpizlo@apple.com> + + DFG 64-bit Branch implementation should not be creating a JSValueOperand that + it isn't going to use + https://bugs.webkit.org/show_bug.cgi?id=82136 + + Reviewed by Geoff Garen. + + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitBranch): + +2012-03-24 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed. Fix the build after WTF move. + + * wscript: + +2012-03-23 Filip Pizlo <fpizlo@apple.com> + + DFG double voting may be overzealous in the case of variables that end up + being used as integers + https://bugs.webkit.org/show_bug.cgi?id=82008 + + Reviewed by Oliver Hunt. + + Cleaned up propagation, making the intent more explicit in most places. + Back-propagate NodeUsedAsInt for cases where a node was used in a context + that is known to strongly prefer integers. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dumpCodeOrigin): + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (Graph): + * dfg/DFGNodeFlags.cpp: + (JSC::DFG::nodeFlagsAsString): + * dfg/DFGNodeFlags.h: + (DFG): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::run): + (JSC::DFG::PredictionPropagationPhase::propagate): + (PredictionPropagationPhase): + (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags): + (JSC::DFG::PredictionPropagationPhase::vote): + (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): + (JSC::DFG::PredictionPropagationPhase::fixupNode): + * dfg/DFGVariableAccessData.h: + (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): + +2012-03-24 Filip Pizlo <fpizlo@apple.com> + + DFG::Node::shouldNotSpeculateInteger() should be eliminated + https://bugs.webkit.org/show_bug.cgi?id=82123 + + Reviewed by Geoff Garen. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGNode.h: + (Node): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + +2012-03-24 Yong Li <yoli@rim.com> + + Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL) + https://bugs.webkit.org/show_bug.cgi?id=81521 + + Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace + for CPU(ARM_TRADITIONAL) to fit actual need. + + Reviewed by Oliver Hunt. + + * jit/JIT.h: + (JIT): + +2012-03-23 Filip Pizlo <fpizlo@apple.com> + + DFG Fixup should be able to short-circuit trivial ValueToInt32's + https://bugs.webkit.org/show_bug.cgi?id=82030 + + Reviewed by Michael Saboff. + + Takes the fixup() method of the prediction propagation phase and makes it + into its own phase. Adds the ability to short-circuit trivial ValueToInt32 + nodes, and mark pure ValueToInt32's as such. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCommon.h: + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGFixupPhase.cpp: Added. + (DFG): + (FixupPhase): + (JSC::DFG::FixupPhase::FixupPhase): + (JSC::DFG::FixupPhase::run): + (JSC::DFG::FixupPhase::fixupNode): + (JSC::DFG::FixupPhase::fixIntEdge): + (JSC::DFG::performFixup): + * dfg/DFGFixupPhase.h: Added. + (DFG): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::run): + (PredictionPropagationPhase): + +2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com> + + tryReallocate could break the zero-ed memory invariant of CopiedBlocks + https://bugs.webkit.org/show_bug.cgi?id=82087 + + Reviewed by Filip Pizlo. + + Removing this optimization turned out to be ~1% regression on kraken, so I simply + undid the modification to the current block if we fail. + + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail + to reallocate from the current block. + +2012-03-23 Alexey Proskuryakov <ap@apple.com> + + [Mac] No need for platform-specific ENABLE_BLOB values + https://bugs.webkit.org/show_bug.cgi?id=82102 + + Reviewed by David Kilzer. + + * Configurations/FeatureDefines.xcconfig: + +2012-03-23 Michael Saboff <msaboff@apple.com> + + DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR + https://bugs.webkit.org/show_bug.cgi?id=81805 + + Reviewed by Filip Pizlo. + + Added SpeculativeJIT::checkGeneratedType() to determine the current format + of an operand. Used that information in SpeculativeJIT::compileValueToInt32 + to generate code that will use integer and JSValue types in integer + format directly without a conversion to double. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkGeneratedType): + (DFG): + (JSC::DFG::SpeculativeJIT::compileValueToInt32): + * dfg/DFGSpeculativeJIT.h: + (DFG): + (SpeculativeJIT): + +2012-03-23 Steve Falkenburg <sfalken@apple.com> + + Update Apple Windows build files for WTF move + https://bugs.webkit.org/show_bug.cgi?id=82069 + + Reviewed by Jessie Berlin. + + * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated. + +2012-03-23 Dean Jackson <dino@apple.com> + + Disable CSS_SHADERS in Apple builds + https://bugs.webkit.org/show_bug.cgi?id=81996 + + Reviewed by Simon Fraser. + + Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h. + + * Configurations/FeatureDefines.xcconfig: + +2012-03-23 Gavin Barraclough <barraclough@apple.com> + + RexExp constructor last match properties should not rely on previous ovector + https://bugs.webkit.org/show_bug.cgi?id=82077 + + Reviewed by Oliver Hunt. + + This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future. + + This patch changes the scheme used to lazily generate the last match properties of the RegExp object. + Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using + a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match + location (the MatchResult). When the match is accessed or the input is set, we reify results. We use + a special value of setting the saved result to MatchResult::failed() to indicated that we're in a + reified state. This means that next time a match is performed, the store of the result will + automatically blow away the reified value. + + * JavaScriptCore.xcodeproj/project.pbxproj: + - Added new files. + * runtime/RegExp.cpp: + (JSC::RegExpFunctionalTestCollector::outputOneTest): + - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common). + * runtime/RegExpCachedResult.cpp: Added. + (JSC::RegExpCachedResult::visitChildren): + (JSC::RegExpCachedResult::lastResult): + (JSC::RegExpCachedResult::setInput): + - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt). + * runtime/RegExpCachedResult.h: Added. + (RegExpCachedResult): + - Added new class. + (JSC::RegExpCachedResult::RegExpCachedResult): + (JSC::RegExpCachedResult::record): + (JSC::RegExpCachedResult::input): + - Initialize the object, record the result of a RegExp match, access the stored input property. + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::RegExpConstructor): + - Initialize m_result/m_multiline properties. + (JSC::RegExpConstructor::visitChildren): + - Make sure the cached results (or lazy source for them) are marked. + (JSC::RegExpConstructor::getBackref): + (JSC::RegExpConstructor::getLastParen): + (JSC::RegExpConstructor::getLeftContext): + (JSC::RegExpConstructor::getRightContext): + - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme. + (JSC::regExpConstructorInput): + (JSC::setRegExpConstructorInput): + - Changed to use RegExpCachedResult. + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::create): + (RegExpConstructor): + (JSC::RegExpConstructor::setMultiline): + (JSC::RegExpConstructor::multiline): + - Move multiline property onto the constructor object; it is not affected by the last match. + (JSC::RegExpConstructor::setInput): + (JSC::RegExpConstructor::input): + - These defer to RegExpCachedResult. + (JSC::RegExpConstructor::performMatch): + * runtime/RegExpMatchesArray.cpp: Added. + (JSC::RegExpMatchesArray::visitChildren): + - Eeeep! added missing visitChildren! + (JSC::RegExpMatchesArray::finishCreation): + (JSC::RegExpMatchesArray::reifyAllProperties): + (JSC::RegExpMatchesArray::reifyMatchProperty): + - Moved from RegExpConstructor.cpp. + (JSC::RegExpMatchesArray::leftContext): + (JSC::RegExpMatchesArray::rightContext): + - Since the match start/ + * runtime/RegExpMatchesArray.h: + (RegExpMatchesArray): + - Declare new methods & structure flags. + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::match): + - performMatch now requires the JSString input, to cache. + * runtime/StringPrototype.cpp: + (JSC::removeUsingRegExpSearch): + (JSC::replaceUsingRegExpSearch): + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + - performMatch now requires the JSString input, to cache. + +2012-03-23 Tony Chang <tony@chromium.org> + + [chromium] rename newwtf target back to wtf + https://bugs.webkit.org/show_bug.cgi?id=82064 + + Reviewed by Adam Barth. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com> + + Simplify memory usage tracking in CopiedSpace + https://bugs.webkit.org/show_bug.cgi?id=80705 + + Reviewed by Filip Pizlo. + + * heap/CopiedAllocator.h: + (CopiedAllocator): Rename currentUtilization to currentSize. + (JSC::CopiedAllocator::currentCapacity): + * heap/CopiedBlock.h: + (CopiedBlock): + (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class + declaration. + (JSC): + (JSC::CopiedBlock::size): Add new function to calculate the block's size. + (JSC::CopiedBlock::capacity): Ditto for capacity. + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new + field for the water mark. + (JSC::CopiedSpace::init): + (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current + block, we need to update our current water mark with the size of the block. + (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we + need to update our current water mark with the size of the used portion of the block. + (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when + reallocating because it will either get accounted for when we fill up the block later + in the case of being able to reallocate in the current block or it will get picked up + immediately because we'll have to get a new block. + (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when + realloc-ing an oversize block because we deallocate the old block and allocate a brand + new one. + (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to + the CopiedSpace by the SlotVisitors. + (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark. + (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or + not we should collect now instead of doing the calculation ourself. + (JSC::CopiedSpace::destroy): + (JSC): + (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how + MarkedSpace does. + (JSC::CopiedSpace::capacity): Ditto for capacity. + * heap/CopiedSpace.h: + (JSC::CopiedSpace::waterMark): + (CopiedSpace): + * heap/CopiedSpaceInlineMethods.h: + (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a + collection. + (JSC::CopiedSpace::allocateNewBlock): + (JSC::CopiedSpace::fitsInBlock): + (JSC::CopiedSpace::allocateFromBlock): + * heap/Heap.cpp: + (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap. + (JSC::Heap::capacity): Ditto for capacity. + (JSC::Heap::collect): + * heap/Heap.h: + (Heap): + (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to + determine whether they should initiate a collection or continue to allocate new blocks. + (JSC): + (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the + Heap (MarkedSpace and CopiedSpace). + * heap/MarkedAllocator.cpp: + (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function. + +2012-03-23 Ryosuke Niwa <rniwa@webkit.org> + + BitVector::resizeOutOfLine doesn't memset when converting an inline buffer + https://bugs.webkit.org/show_bug.cgi?id=82012 + + Reviewed by Filip Pizlo. + + Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore. + + * wtf/BitVector.cpp: + (WTF::BitVector::resizeOutOfLine): + * wtf/BitVector.h: + (BitVector): + (OutOfLineBits): + +2012-03-22 Michael Saboff <msaboff@apple.com> + + ExecutableAllocator::memoryPressureMultiplier() might can return NaN + https://bugs.webkit.org/show_bug.cgi?id=82002 + + Reviewed by Filip Pizlo. + + Guard against divide by zero and then make sure the return + value is >= 1.0. + + * jit/ExecutableAllocator.cpp: + (JSC::ExecutableAllocator::memoryPressureMultiplier): + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::ExecutableAllocator::memoryPressureMultiplier): + +2012-03-22 Jessie Berlin <jberlin@apple.com> + + Windows build fix after r111778. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + Don't include and try to build files owned by WTF. + Also, let VS have its way with the vcproj in terms of file ordering. + +2012-03-22 Raphael Kubo da Costa <rakuco@FreeBSD.org> + + [CMake] Unreviewed build fix after r111778. + + * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in + the include paths so that the right config.h is used. + +2012-03-22 Tony Chang <tony@chromium.org> + + Unreviewed, fix chromium build after wtf move. + + Remove old wtf_config and wtf targets. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2012-03-22 Martin Robinson <mrobinson@igalia.com> + + Fixed the GTK+ WTF/JavaScriptCore build after r111778. + + * GNUmakefile.list.am: Removed an extra trailing backslash. + +2012-03-22 Mark Rowe <mrowe@apple.com> + + Fix the build. + + * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries + rather than only those that contain symbols that JavaScriptCore itself uses. + * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project. + +2012-03-22 Filip Pizlo <fpizlo@apple.com> + + DFG NodeFlags has some duplicate code and naming issues + https://bugs.webkit.org/show_bug.cgi?id=81975 + + Reviewed by Gavin Barraclough. + + Removed most references to "ArithNodeFlags" since those are now just part + of the node flags. Fixed some renaming goofs (EdgedAsNum is once again + NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags() + because the former was never called and the latter did the same things as + mergeFlags(). + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::makeDivSafe): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGNode.h: + (JSC::DFG::Node::arithNodeFlags): + (Node): + * dfg/DFGNodeFlags.cpp: + (JSC::DFG::nodeFlagsAsString): + * dfg/DFGNodeFlags.h: + (DFG): + (JSC::DFG::nodeUsedAsNumber): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): + +2012-03-22 Eric Seidel <eric@webkit.org> + + Actually move WTF files to their new home + https://bugs.webkit.org/show_bug.cgi?id=81844 + + Unreviewed. The details of the port-specific changes + have been seen by contributors from those ports, but + the whole 5MB change isn't very reviewable as-is. + + * GNUmakefile.am: + * GNUmakefile.list.am: + * JSCTypedArrayStubs.h: + * JavaScriptCore.gypi: + * JavaScriptCore.xcodeproj/project.pbxproj: + * jsc.cpp: + +2012-03-22 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed. Adding Source/WTF to the build. + + * wscript: + +2012-03-22 Gavin Barraclough <barraclough@apple.com> + + Add JSValue::isFunction + https://bugs.webkit.org/show_bug.cgi?id=81935 + + Reviewed by Geoff Garen. + + This would be useful in the WebCore bindings code. + Also, remove asFunction, replace with jsCast<JSFunction*>. + + * API/JSContextRef.cpp: + * debugger/Debugger.cpp: + * debugger/DebuggerCallFrame.cpp: + (JSC::DebuggerCallFrame::functionName): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::valueOfFunctionConstant): + * dfg/DFGOperations.cpp: + * interpreter/CallFrame.cpp: + (JSC::CallFrame::isInlineCallFrameSlow): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC::jitCompileFor): + (JSC::lazyLinkFor): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::traceFunctionPrologue): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (JSC::LLInt::setUpCall): + * runtime/Arguments.h: + (JSC::Arguments::finishCreation): + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + * runtime/CommonSlowPaths.h: + (JSC::CommonSlowPaths::arityCheckFor): + * runtime/Executable.h: + (JSC::FunctionExecutable::compileFor): + (JSC::FunctionExecutable::compileOptimizedFor): + * runtime/FunctionPrototype.cpp: + (JSC::functionProtoFuncToString): + * runtime/JSArray.cpp: + (JSC::JSArray::sort): + * runtime/JSFunction.cpp: + (JSC::JSFunction::argumentsGetter): + (JSC::JSFunction::callerGetter): + (JSC::JSFunction::lengthGetter): + * runtime/JSFunction.h: + (JSC): + (JSC::asJSFunction): + (JSC::JSValue::isFunction): + * runtime/JSGlobalData.cpp: + (WTF::Recompiler::operator()): + (JSC::JSGlobalData::releaseExecutableMemory): + * runtime/JSValue.h: + * runtime/StringPrototype.cpp: + (JSC::replaceUsingRegExpSearch): + +2012-03-21 Filip Pizlo <fpizlo@apple.com> + + DFG speculation on booleans should be rationalized + https://bugs.webkit.org/show_bug.cgi?id=81840 + + Reviewed by Gavin Barraclough. + + This removes isKnownBoolean() and replaces it with AbstractState-based + optimization, and cleans up the control flow in code gen methods for + Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber, + and removes isKnownNotBoolean() since that method appeared to be a + helper used solely by 32_64's speculateBooleanOperation(). + + This is performance-neutral. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateNumber): + * dfg/DFGSpeculativeJIT.cpp: + (DFG): + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + +2012-03-21 Mark Rowe <mrowe@apple.com> + + Fix the build. + + * wtf/MetaAllocator.h: + (MetaAllocator): Export the destructor. + +2012-03-21 Eric Seidel <eric@webkit.org> + + Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=81834 + + Reviewed by Adam Barth. + + * jsc.cpp: + * os-win32/WinMain.cpp: + * runtime/JSDateMath.cpp: + * runtime/TimeoutChecker.cpp: + * testRegExp.cpp: + * tools/CodeProfiling.cpp: + +2012-03-21 Eric Seidel <eric@webkit.org> + + WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library) + https://bugs.webkit.org/show_bug.cgi?id=81838 + + Reviewed by Geoffrey Garen. + + My understanding is that weak vtables happen when the compiler/linker cannot + determine which compilation unit should constain the vtable. In this case + because there were only pure virtual functions as well as an "inline" + virtual destructor (thus the virtual destructor was defined in many compilation + units). Since you can't actually "inline" a virtual function (it still has to + bounce through the vtable), the "inline" on this virutal destructor doesn't + actually help performance, and is only serving to confuse the compiler here. + I've moved the destructor implementation to the .cpp file, thus making + it clear to the compiler where the vtable should be stored, and solving the error. + + * wtf/MetaAllocator.cpp: + (WTF::MetaAllocator::~MetaAllocator): + (WTF): + * wtf/MetaAllocator.h: + +2012-03-20 Gavin Barraclough <barraclough@apple.com> + + RegExpMatchesArray should not copy the ovector + https://bugs.webkit.org/show_bug.cgi?id=81742 + + Reviewed by Michael Saboff. + + Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results. + This makes allocation/construction/destruction of these objects more expensive. Instead, just store the + main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping, + and the results never accessed). + If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone. + + * dfg/DFGOperations.cpp: + - RegExpObject match renamed back to test (test returns a bool). + * runtime/RegExpConstructor.cpp: + (JSC): + - Removed RegExpResult, RegExpMatchesArray constructor, destroy method. + (JSC::RegExpMatchesArray::finishCreation): + - Removed RegExpConstructorPrivate parameter. + (JSC::RegExpMatchesArray::reifyAllProperties): + - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray. + If there are sub-pattern properties, the RegExp is re-run to generate their values. + (JSC::RegExpMatchesArray::reifyMatchProperty): + - Reify just the match (index 0) property of the RegExpMatchesArray. + * runtime/RegExpConstructor.h: + (RegExpConstructor): + (JSC::RegExpConstructor::performMatch): + - performMatch now returns a MatchResult, rather than using out-parameters. + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::RegExpMatchesArray): + - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties. + (RegExpMatchesArray): + (JSC::RegExpMatchesArray::create): + - Now passed the input string matched against, the RegExp, and the MatchResult. + (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary): + (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary): + - Helpers to conditionally reify properties. + (JSC::RegExpMatchesArray::getOwnPropertySlot): + (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): + (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): + (JSC::RegExpMatchesArray::put): + (JSC::RegExpMatchesArray::putByIndex): + (JSC::RegExpMatchesArray::deleteProperty): + (JSC::RegExpMatchesArray::deletePropertyByIndex): + (JSC::RegExpMatchesArray::getOwnPropertyNames): + (JSC::RegExpMatchesArray::defineOwnProperty): + - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary + (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0). + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::exec): + (JSC::RegExpObject::match): + - match now returns a MatchResult. + * runtime/RegExpObject.h: + (JSC::MatchResult::MatchResult): + - Added the result of a match is a start & end tuple. + (JSC::MatchResult::failed): + - A failure is indicated by (notFound, 0). + (JSC::MatchResult::operator bool): + - Evaluates to false if the match failed. + (JSC::MatchResult::empty): + - Evaluates to true if the match succeeded with length 0. + (JSC::RegExpObject::test): + - Now returns a bool. + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncTest): + - RegExpObject match renamed back to test (test returns a bool). + * runtime/StringPrototype.cpp: + (JSC::removeUsingRegExpSearch): + (JSC::replaceUsingRegExpSearch): + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + - performMatch now returns a MatchResult, rather than using out-parameters. + +2012-03-21 Hojong Han <hojong.han@samsung.com> + + Fix out of memory by allowing overcommit + https://bugs.webkit.org/show_bug.cgi?id=81743 + + Reviewed by Geoffrey Garen. + + Garbage collection is not triggered and new blocks are added + because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough. + + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): + +2012-03-21 Jessie Berlin <jberlin@apple.com> + + More Windows build fixing. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: + Fix the order of the include directories to look in include/private first before looking + in include/private/JavaScriptCore. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: + Look in the Production output directory (where the wtf headers will be). This is the same + thing that is done for jsc and testRegExp in ReleasePGO. + +2012-03-21 Jessie Berlin <jberlin@apple.com> + + WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not + $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf. + https://bugs.webkit.org/show_bug.cgi?id=81739 + + Reviewed by Dan Bernstein. + + * JavaScriptCore.vcproj/jsc/jsc.vcproj: + Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf + subdirectory of the build output, not the JavaScriptCore/wtf subdirectory. + * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: + Ditto. + + * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: + Get the headers for those 4 files from the wtf subdirectory of the build output, not the + JavaScriptCore/wtf subdirectory. + * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: + Ditto. + +2012-03-20 Eric Seidel <eric@webkit.org> + + Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf + https://bugs.webkit.org/show_bug.cgi?id=80911 + + Reviewed by Adam Barth. + + Update the various build systems to depend on Source/WTF headers + as well as remove references to Platform.h (since it's now moved). + + * CMakeLists.txt: + * JavaScriptCore.pri: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + +2012-03-20 Filip Pizlo <fpizlo@apple.com> + + op_mod fails on many interesting corner cases + https://bugs.webkit.org/show_bug.cgi?id=81648 + + Reviewed by Oliver Hunt. + + Removed most strength reduction for op_mod, and fixed the integer handling + to do the right thing for corner cases. Oddly, this revealed bugs in OSR, + which this patch also fixes. + + This patch is performance neutral on all of the major benchmarks we track. + + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (DFG): + (JSC::DFG::SpeculativeJIT::compileSoftModulo): + (JSC::DFG::SpeculativeJIT::compileArithMod): + * jit/JIT.h: + (JIT): + * jit/JITArithmetic.cpp: + (JSC): + (JSC::JIT::emit_op_mod): + (JSC::JIT::emitSlow_op_mod): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_mod): + (JSC::JIT::emitSlow_op_mod): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC): + * jit/JITStubs.h: + (TrampolineStructure): + (JSC::JITThunks::ctiNativeConstruct): + * llint/LowLevelInterpreter64.asm: + * wtf/Platform.h: + * wtf/SimpleStats.h: + (WTF::SimpleStats::variance): + +2012-03-20 Steve Falkenburg <sfalken@apple.com> + + Windows (make based) build fix. + <rdar://problem/11069015> + + * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead. + +2012-03-20 Steve Falkenburg <sfalken@apple.com> + + Move WTF-related Windows project files out of JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=80680 + + This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF. + It does not move any source code. This is in preparation for the WTF source move out of + JavaScriptCore. + + Reviewed by Jessie Berlin. + + * JavaScriptCore.vcproj/JavaScriptCore.sln: + * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: + * JavaScriptCore.vcproj/WTF: Removed. + * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed. + * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed. + * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed. + * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed. + * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed. + * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed. + * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed. + * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed. + +2012-03-20 Benjamin Poulain <bpoulain@apple.com> + + Cache the type string of JavaScript object + https://bugs.webkit.org/show_bug.cgi?id=81446 + + Reviewed by Geoffrey Garen. + + Instead of creating the JSString every time, we create + lazily the strings in JSGlobalData. + + This avoid the construction of the StringImpl and of the JSString, + which gives some performance improvements. + + * runtime/CommonIdentifiers.h: + * runtime/JSValue.cpp: + (JSC::JSValue::toStringSlowCase): + * runtime/Operations.cpp: + (JSC::jsTypeStringForValue): + * runtime/SmallStrings.cpp: + (JSC::SmallStrings::SmallStrings): + (JSC::SmallStrings::finalizeSmallStrings): + (JSC::SmallStrings::initialize): + (JSC): + * runtime/SmallStrings.h: + (SmallStrings): + +2012-03-20 Oliver Hunt <oliver@apple.com> + + Allow LLINT to work even when executable allocation fails. + https://bugs.webkit.org/show_bug.cgi?id=81693 + + Reviewed by Gavin Barraclough. + + Don't crash if executable allocation fails if we can fall back on LLINT + + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): + +2012-03-20 Csaba Osztrogonác <ossy@webkit.org> + + Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1 + https://bugs.webkit.org/show_bug.cgi?id=81428 + + 32 bit buildfix after r111355. + + 2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int. + The smallest int is -2147483648 (-2^31) == -2147483647 - 1 == -INT32_MAX-1 == INT32_MIN (stdint.h). + + Reviewed by Zoltan Herczeg. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): + +2012-03-19 Jochen Eisinger <jochen@chromium.org> + + Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace + https://bugs.webkit.org/show_bug.cgi?id=80983 + + Reviewed by Darin Adler. + + This allows printing a backtrace acquired by an earlier WTFGetBacktrace + call which is useful for local debugging. + + * wtf/Assertions.cpp: + * wtf/Assertions.h: + +2012-03-19 Benjamin Poulain <benjamin@webkit.org> + + Do not copy the script source in the SourceProvider, just reference the existing string + https://bugs.webkit.org/show_bug.cgi?id=81466 + + Reviewed by Geoffrey Garen. + + * parser/SourceCode.h: Remove the unused, and incorrect, function data(). + * parser/SourceProvider.h: Add OVERRIDE for clarity. + +2012-03-19 Filip Pizlo <fpizlo@apple.com> + + Division optimizations fail to infer cases of truncated division and + mishandle -2147483648/-1 + https://bugs.webkit.org/show_bug.cgi?id=81428 + <rdar://problem/11067382> + + Reviewed by Oliver Hunt. + + If you're a division over integers and you're only used as an integer, then you're + an integer division and remainder checks become unnecessary. If you're dividing + -2147483648 by -1, don't crash. + + * assembler/MacroAssemblerX86Common.h: + (MacroAssemblerX86Common): + (JSC::MacroAssemblerX86Common::add32): + * dfg/DFGSpeculativeJIT.cpp: + (DFG): + (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * llint/LowLevelInterpreter64.asm: + +2012-03-19 Benjamin Poulain <bpoulain@apple.com> + + Simplify SmallStrings + https://bugs.webkit.org/show_bug.cgi?id=81445 + + Reviewed by Gavin Barraclough. + + SmallStrings had two methods that should not be public: count() and clear(). + + The method clear() is effectively replaced by finalizeSmallStrings(). The body + of the method was moved to the constructor since the code is obvious. + + The method count() is unused. + + * runtime/SmallStrings.cpp: + (JSC::SmallStrings::SmallStrings): + * runtime/SmallStrings.h: + (SmallStrings): + +2012-03-19 Filip Pizlo <fpizlo@apple.com> + + DFG can no longer compile V8-v4/regexp in debug mode + https://bugs.webkit.org/show_bug.cgi?id=81592 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-03-19 Filip Pizlo <fpizlo@apple.com> + + Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not + change throughout the fixpoint + https://bugs.webkit.org/show_bug.cgi?id=81583 + + Reviewed by Michael Saboff. + + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + +2012-03-19 Filip Pizlo <fpizlo@apple.com> + + GC should not attempt to clear LLInt instruction inline caches for code blocks that are in + the process of being generated + https://bugs.webkit.org/show_bug.cgi?id=81565 + + Reviewed by Oliver Hunt. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::finalizeUnconditionally): + +2012-03-19 Eric Seidel <eric@webkit.org> + + Fix WTF header include discipline in Chromium WebKit + https://bugs.webkit.org/show_bug.cgi?id=81281 + + Reviewed by James Robinson. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * wtf/unicode/icu/CollatorICU.cpp: + +2012-03-19 Filip Pizlo <fpizlo@apple.com> + + DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList + https://bugs.webkit.org/show_bug.cgi?id=81556 + + Rubber stamped by Gavin Barraclough. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGAbstractState.h: + (JSC::DFG::AbstractState::forNode): + * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h. + (JSC::DFG::AdjacencyList::AdjacencyList): + (JSC::DFG::AdjacencyList::child): + (JSC::DFG::AdjacencyList::setChild): + (JSC::DFG::AdjacencyList::child1): + (JSC::DFG::AdjacencyList::child2): + (JSC::DFG::AdjacencyList::child3): + (JSC::DFG::AdjacencyList::setChild1): + (JSC::DFG::AdjacencyList::setChild2): + (JSC::DFG::AdjacencyList::setChild3): + (JSC::DFG::AdjacencyList::child1Unchecked): + (JSC::DFG::AdjacencyList::initialize): + (AdjacencyList): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addVarArgChild): + (JSC::DFG::ByteCodeParser::processPhiStack): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::canonicalize): + (JSC::DFG::CSEPhase::performSubstitution): + * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h. + (DFG): + (JSC::DFG::Edge::Edge): + (JSC::DFG::Edge::operator==): + (JSC::DFG::Edge::operator!=): + (Edge): + (JSC::DFG::operator==): + (JSC::DFG::operator!=): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::operator[]): + (JSC::DFG::Graph::at): + (JSC::DFG::Graph::ref): + (JSC::DFG::Graph::deref): + (JSC::DFG::Graph::clearAndDerefChild1): + (JSC::DFG::Graph::clearAndDerefChild2): + (JSC::DFG::Graph::clearAndDerefChild3): + (Graph): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::getPrediction): + * dfg/DFGNode.h: + (JSC::DFG::Node::Node): + (JSC::DFG::Node::child1): + (JSC::DFG::Node::child1Unchecked): + (JSC::DFG::Node::child2): + (JSC::DFG::Node::child3): + (Node): + * dfg/DFGNodeFlags.cpp: + (JSC::DFG::arithNodeFlagsAsString): + * dfg/DFGNodeFlags.h: + (DFG): + (JSC::DFG::nodeUsedAsNumber): + * dfg/DFGNodeReferenceBlob.h: Removed. + * dfg/DFGNodeUse.h: Removed. + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): + (JSC::DFG::PredictionPropagationPhase::vote): + (JSC::DFG::PredictionPropagationPhase::fixupNode): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::use): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::useChildren): + (JSC::DFG::SpeculativeJIT::writeBarrier): + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::at): + (JSC::DFG::SpeculativeJIT::canReuse): + (JSC::DFG::SpeculativeJIT::use): + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + (JSC::DFG::IntegerOperand::IntegerOperand): + (JSC::DFG::DoubleOperand::DoubleOperand): + (JSC::DFG::JSValueOperand::JSValueOperand): + (JSC::DFG::StorageOperand::StorageOperand): + (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): + (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): + (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): + (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): + (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::cachedPutById): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::cachedPutById): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + +2012-03-19 Gavin Barraclough <barraclough@apple.com> + + Object.freeze broken on latest Nightly + https://bugs.webkit.org/show_bug.cgi?id=80577 + + Reviewed by Oliver Hunt. + + * runtime/Arguments.cpp: + (JSC::Arguments::defineOwnProperty): + - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't + been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty. + * runtime/JSFunction.cpp: + (JSC::JSFunction::defineOwnProperty): + - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that + the object must be extensible; this is incorrect since these properties should already exist + on the object. In addition, it was asserting that the arguments/caller values must match the + corresponding magic data properties, but for strict mode function this is incorrect. Instead, + just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty. + +2012-03-19 Filip Pizlo <fpizlo@apple.com> + + LLInt get_by_pname slow path incorrectly assumes that the operands are not constants + https://bugs.webkit.org/show_bug.cgi?id=81559 + + Reviewed by Michael Saboff. + + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + +2012-03-19 Yong Li <yoli@rim.com> + + [BlackBerry] Implement OSAllocator::commit/decommit in the correct way + https://bugs.webkit.org/show_bug.cgi?id=77013 + + We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to + implement memory decommitting for QNX. + + Reviewed by Rob Buis. + + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveUncommitted): + (WTF::OSAllocator::commit): + (WTF::OSAllocator::decommit): + +2012-03-19 Gavin Barraclough <barraclough@apple.com> + + Unreviewed - revent a couple of files accidentally committed. + + * runtime/Arguments.cpp: + (JSC::Arguments::defineOwnProperty): + * runtime/JSFunction.cpp: + (JSC::JSFunction::defineOwnProperty): + +2012-03-19 Jessie Berlin <jberlin@apple.com> + + Another Windows build fix after r111129. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-19 Raphael Kubo da Costa <rakuco@FreeBSD.org> + + Cross-platform processor core counter: fix build on FreeBSD. + https://bugs.webkit.org/show_bug.cgi?id=81482 + + Reviewed by Zoltan Herczeg. + + The documentation of sysctl(3) shows that <sys/types.h> should be + included before <sys/sysctl.h> (sys/types.h tends to be the first + included header in general). + + This should fix the build on FreeBSD and other systems where + sysctl.h really depends on types defined in types.h. + + * wtf/NumberOfCores.cpp: + +2012-03-19 Jessie Berlin <jberlin@apple.com> + + Windows build fix after r111129. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-19 Gavin Barraclough <barraclough@apple.com> + + JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType + https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745> + + Reviewed by Oliver Hunt. + + The API specifies that convertToType may opt not to handle a conversion: + "@result The objects's converted value, or NULL if the object was not converted." + In which case, it would propagate first up the JSClass hierarchy, calling its superclass's + conversion functions, and failing that call the JSObject::defaultValue function. + + Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on + the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in + bug#73368, these will return the result from the first convertToType they find, regardless + of whether this result is null, and if no convertToType method is found in the api class + hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype + chain), they will also return a null pointer. This is unsafe. + + It would be easy to make the approach based around toStringCallback/valueOfCallback continue + to walk the api class hierarchy, but making the fallback to defaultValue would be problematic + (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse). + Making the fallback work with toString/valueOf methods attached to api objects is probably + not the right thing to do – instead, we should just implement the defaultValue trap for api + objects. + + In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard + null to be returned from C to JavaScript - this is not okay. Handle with an exception. + + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::call): + - Should be null checking the return value. + (JSC): + - Remove toStringCallback/valueOfCallback. + * API/JSCallbackFunction.h: + (JSCallbackFunction): + - Remove toStringCallback/valueOfCallback. + * API/JSCallbackObject.h: + (JSCallbackObject): + - Add defaultValue mthods to JSCallbackObject. + * API/JSCallbackObjectFunctions.h: + (JSC::::defaultValue): + - Add defaultValue mthods to JSCallbackObject. + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): + - Remove toStringCallback/valueOfCallback. + * API/tests/testapi.js: + - Revert this test, now we no longer artificially introduce a toString method onto the api object. + +2012-03-18 Raphael Kubo da Costa <rakuco@FreeBSD.org> + + [EFL] Include ICU_INCLUDE_DIRS when building. + https://bugs.webkit.org/show_bug.cgi?id=81483 + + Reviewed by Daniel Bates. + + So far, only the ICU libraries were being included when building + JavaScriptCore, however the include path is also needed, otherwise the + build will fail when ICU is installed into a non-standard location. + + * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}. + +2012-03-17 Gavin Barraclough <barraclough@apple.com> + + Strength reduction, RegExp.exec -> RegExp.test + https://bugs.webkit.org/show_bug.cgi?id=81459 + + Reviewed by Sam Weinig. + + RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular + expression for a match against a string - however exec is more expensive, since + it allocates a matches array object. In cases where the result is consumed in a + boolean context the allocation of the matches array can be trivially elided. + + For example: + function f() + { + for (i =0; i < 10000000; ++i) + if(!/a/.exec("a")) + err = true; + } + + This is a 2.5x speedup on this example microbenchmark loop. + + In a more advanced form of this optimization, we may be able to avoid allocating + the array where access to the array can be observed. + + * create_hash_table: + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleIntrinsic): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasHeapPrediction): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileRegExpExec): + (DFG): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jsc.cpp: + (GlobalObject::addConstructableFunction): + * runtime/Intrinsic.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::create): + (JSC): + * runtime/JSFunction.h: + (JSFunction): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::exec): + (JSC::RegExpObject::match): + * runtime/RegExpObject.h: + (RegExpObject): + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncTest): + (JSC::regExpProtoFuncExec): + +2012-03-16 Michael Saboff <msaboff@apple.com> + + Improve diagnostic benefit of JSGlobalData::m_isInitializingObject + https://bugs.webkit.org/show_bug.cgi?id=81244 + + Rubber stamped by Filip Pizlo. + + Changed type and name of JSGlobalData::m_isInitializingObject to + ClassInfo* and m_initializingObjectClass. + Changed JSGlobalData::setInitializingObject to + JSGlobalData::setInitializingObjectClass. This pointer can be used within + the debugger to determine what type of object is being initialized. + + * runtime/JSCell.h: + (JSC::JSCell::finishCreation): + (JSC::allocateCell): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSGlobalData): + (JSC::JSGlobalData::isInitializingObject): + (JSC::JSGlobalData::setInitializingObjectClass): + * runtime/Structure.h: + (JSC::JSCell::finishCreation): + +2012-03-16 Mark Rowe <mrowe@apple.com> + + Build fix. Do not preserve owner and group information when installing the WTF headers. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2012-03-15 David Dorwin <ddorwin@chromium.org> + + Make the array pointer parameters in the Typed Array create() methods const. + https://bugs.webkit.org/show_bug.cgi?id=81147 + + Reviewed by Kenneth Russell. + + This allows const arrays to be passed to these methods. + They use PassRefPtr<Subclass> create(), which already has a const parameter. + + * wtf/Int16Array.h: + (Int16Array): + (WTF::Int16Array::create): + * wtf/Int32Array.h: + (Int32Array): + (WTF::Int32Array::create): + * wtf/Int8Array.h: + (Int8Array): + (WTF::Int8Array::create): + * wtf/Uint16Array.h: + (Uint16Array): + (WTF::Uint16Array::create): + * wtf/Uint32Array.h: + (Uint32Array): + (WTF::Uint32Array::create): + * wtf/Uint8Array.h: + (Uint8Array): + (WTF::Uint8Array::create): + * wtf/Uint8ClampedArray.h: + (Uint8ClampedArray): + (WTF::Uint8ClampedArray::create): + +2012-03-15 Myles Maxfield <mmaxfield@google.com> + + CopiedSpace::tryAllocateOversize assumes system page size + https://bugs.webkit.org/show_bug.cgi?id=80615 + + Reviewed by Geoffrey Garen. + + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::tryAllocateOversize): + * heap/CopiedSpace.h: + (CopiedSpace): + * heap/CopiedSpaceInlineMethods.h: + (JSC::CopiedSpace::oversizeBlockFor): + * wtf/BumpPointerAllocator.h: + (WTF::BumpPointerPool::create): + * wtf/StdLibExtras.h: + (WTF::roundUpToMultipleOf): + +2012-03-15 Mark Hahnenberg <mhahnenberg@apple.com> + + Fixing Windows build breakage + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-15 Patrick Gansterer <paroga@webkit.org> + + [EFL] Make zlib a general build requirement + https://bugs.webkit.org/show_bug.cgi?id=80153 + + Reviewed by Hajime Morita. + + After r109538 WebSocket module needs zlib to support deflate-frame extension. + + * wtf/Platform.h: + +2012-03-15 Benjamin Poulain <bpoulain@apple.com> + + NumericStrings should be inlined + https://bugs.webkit.org/show_bug.cgi?id=81183 + + Reviewed by Gavin Barraclough. + + NumericStrings is not always inlined. When it is not, the class is not faster + than using UString::number() directly. + + * runtime/NumericStrings.h: + (JSC::NumericStrings::add): + (JSC::NumericStrings::lookupSmallString): + +2012-03-15 Andras Becsi <andras.becsi@nokia.com> + + Fix ARM build after r110792. + + Unreviewed build fix. + + * jit/ExecutableAllocator.h: + (JSC::ExecutableAllocator::cacheFlush): + Remove superfluous curly brackets. + +2012-03-15 Gavin Barraclough <barraclough@apple.com> + + ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single) + https://bugs.webkit.org/show_bug.cgi?id=81256 + + Reviewed by Oliver Hunt. + + This is a 0.5% sunspider progression. + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::convertInt32ToDouble): + - switch which form of vmov we use. + +2012-03-15 YoungTaeck Song <youngtaeck.song@samsung.com> + + [EFL] Add OwnPtr specialization for Ecore_Timer. + https://bugs.webkit.org/show_bug.cgi?id=80119 + + Reviewed by Hajime Morita. + + Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port. + + * wtf/OwnPtrCommon.h: + (WTF): + * wtf/efl/OwnPtrEfl.cpp: + (WTF::deleteOwnedPtr): + (WTF): + +2012-03-15 Hojong Han <hojong.han@samsung.com> + + Linux has madvise enough to support OSAllocator::commit/decommit + https://bugs.webkit.org/show_bug.cgi?id=80505 + + Reviewed by Geoffrey Garen. + + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveUncommitted): + (WTF::OSAllocator::commit): + (WTF::OSAllocator::decommit): + +2012-03-15 Steve Falkenburg <sfalken@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: + * JavaScriptCore.vcproj/WTF/copy-files.cmd: + * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: + +2012-03-15 Steve Falkenburg <sfalken@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: + +2012-03-15 Kevin Ollivier <kevino@theolliviers.com> + + Move wx port to using export macros + https://bugs.webkit.org/show_bug.cgi?id=77279 + + Reviewed by Hajime Morita. + + * wscript: + * wtf/Platform.h: + +2012-03-14 Benjamin Poulain <bpoulain@apple.com> + + Avoid StringImpl::getData16SlowCase() when sorting array + https://bugs.webkit.org/show_bug.cgi?id=81070 + + Reviewed by Geoffrey Garen. + + The function codePointCompare() is used intensively when sorting strings. + This patch improves its performance by: + -Avoiding character conversion. + -Inlining the function. + + This makes Peacekeeper's arrayCombined test 30% faster. + + * wtf/text/StringImpl.cpp: + * wtf/text/StringImpl.h: + (WTF): + (WTF::codePointCompare): + (WTF::codePointCompare8): + (WTF::codePointCompare16): + (WTF::codePointCompare8To16): + +2012-03-14 Hojong Han <hojong.han@samsung.com> + + Fix memory allocation failed by fastmalloc + https://bugs.webkit.org/show_bug.cgi?id=79614 + + Reviewed by Geoffrey Garen. + + Memory allocation failed even if the heap grows successfully. + It is wrong to get the span only from the large list after the heap grows, + because new span could be added in the normal list. + + * wtf/FastMalloc.cpp: + (WTF::TCMalloc_PageHeap::New): + +2012-03-14 Hojong Han <hojong.han@samsung.com> + + Run cacheFlush page by page to assure of flushing all the requested ranges + https://bugs.webkit.org/show_bug.cgi?id=77712 + + Reviewed by Geoffrey Garen. + + Current MetaAllocator concept, always coalesces adjacent free spaces, + doesn't meet memory management of Linux kernel. + In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two. + Therefore cacheFlush page by page guarantees a flush-requested range. + + * jit/ExecutableAllocator.h: + (JSC::ExecutableAllocator::cacheFlush): + +2012-03-14 Oliver Hunt <oliver@apple.com> + + Make ARMv7 work again + https://bugs.webkit.org/show_bug.cgi?id=81157 + + Reviewed by Geoffrey Garen. + + We were trying to use the ARMv7 dataRegister as a scratch register in a scenario + where we the ARMv7MacroAssembler would also try to use dataRegister for its own + nefarious purposes. + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::store32): + * assembler/MacroAssemblerARMv7.h: + (MacroAssemblerARMv7): + +2012-03-14 Mark Hahnenberg <mhahnenberg@apple.com> + + Heap::destroy leaks CopiedSpace + https://bugs.webkit.org/show_bug.cgi?id=81055 + + Reviewed by Geoffrey Garen. + + Added a destroy() function to CopiedSpace that moves all normal size + CopiedBlocks from the CopiedSpace to the Heap's list of free blocks + as well as deallocates all of the oversize blocks in the CopiedSpace. + This function is now called in Heap::destroy(). + + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::destroy): + (JSC): + * heap/CopiedSpace.h: + (CopiedSpace): + * heap/Heap.cpp: + (JSC::Heap::destroy): + +2012-03-14 Andrew Lo <anlo@rim.com> + + [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController + https://bugs.webkit.org/show_bug.cgi?id=81000 + + Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry. + + Reviewed by Antonio Gomes. + + * wtf/Platform.h: + +2012-03-13 Filip Pizlo <fpizlo@apple.com> + + ValueToInt32 speculation will cause OSR exits even when it does not have to + https://bugs.webkit.org/show_bug.cgi?id=81068 + <rdar://problem/11043926> + + Reviewed by Anders Carlsson. + + Two related changes: + 1) ValueToInt32 will now always just defer to the non-speculative path, instead + of exiting, if it doesn't know what speculations to perform. + 2) ValueToInt32 will speculate boolean if it sees this to be profitable. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateBoolean): + (Node): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileValueToInt32): + +2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com> + + More Windows build fixing + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com> + + Windows build fix + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com> + + Type conversion of exponential part failed + https://bugs.webkit.org/show_bug.cgi?id=80673 + + Reviewed by Geoffrey Garen. + + * parser/Lexer.cpp: + (JSC::::lex): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::parseInt): + (JSC): + (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not + we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template + parameter for strtod to allow trailing spaces. + (JSC::toDouble): + (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3). + * runtime/LiteralParser.cpp: + (JSC::::Lexer::lexNumber): + * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that + we will run ecma/TypeConversion/9.3.1-3.js as a regression test now. + * wtf/dtoa.cpp: + (WTF): + (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were + broken by changing the default allowance of trailing junk in jsStrDecimalLiteral. + * wtf/dtoa.h: + * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the + Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace. + A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those + here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed). + * wtf/text/WTFString.cpp: + (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff. + +2012-03-13 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, build fix since is_pod<> includes some header that I didn't know about. + Removing the assert for now. + + * dfg/DFGOperations.h: + * llint/LLIntSlowPaths.h: + +2012-03-13 Filip Pizlo <fpizlo@apple.com> + + Functions with C linkage should return POD types + https://bugs.webkit.org/show_bug.cgi?id=81061 + + Reviewed by Mark Rowe. + + * dfg/DFGOperations.h: + * llint/LLIntSlowPaths.h: + (LLInt): + (SlowPathReturnType): + (JSC::LLInt::encodeResult): + +2012-03-13 Filip Pizlo <fpizlo@apple.com> + + Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary + https://bugs.webkit.org/show_bug.cgi?id=80979 + <rdar://problem/11036848> + + Reviewed by Oliver Hunt. + + Also improved DFG IR dumping to include type information in a somewhat more + intuitive way. + + * bytecode/PredictedType.cpp: + (JSC::predictionToAbbreviatedString): + (JSC): + * bytecode/PredictedType.h: + (JSC): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): + (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): + +2012-03-13 George Staikos <staikos@webkit.org> + + The callback is only used if SA_RESTART is defined. Compile it out + otherwise to avoid a warning. + https://bugs.webkit.org/show_bug.cgi?id=80926 + + Reviewed by Alexey Proskuryakov. + + * heap/MachineStackMarker.cpp: + (JSC): + +2012-03-13 Hojong Han <hojong.han@samsung.com> + + Dump the generated code for ARM_TRADITIONAL + https://bugs.webkit.org/show_bug.cgi?id=80975 + + Reviewed by Gavin Barraclough. + + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::dumpCode): + +2012-03-13 Adam Barth <abarth@webkit.org> && Benjamin Poulain <bpoulain@apple.com> + + Always enable ENABLE(CLIENT_BASED_GEOLOCATION) + https://bugs.webkit.org/show_bug.cgi?id=78853 + + Reviewed by Adam Barth. + + * Configurations/FeatureDefines.xcconfig: + * wtf/Platform.h: + +2012-03-13 Kwonjin Jeong <gram@company100.net> + + Remove SlotVisitor::copy() method. + https://bugs.webkit.org/show_bug.cgi?id=80973 + + Reviewed by Geoffrey Garen. + + SlotVisitor::copy() method isn't called anywhere. + + * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method. + * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method. + +2012-03-12 Hojong Han <hojong.han@samsung.com> + + Fix test cases for RegExp multiline + https://bugs.webkit.org/show_bug.cgi?id=80822 + + Reviewed by Gavin Barraclough. + + * tests/mozilla/js1_2/regexp/RegExp_multiline.js: + * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js: + * tests/mozilla/js1_2/regexp/beginLine.js: + * tests/mozilla/js1_2/regexp/endLine.js: + +2012-03-12 Filip Pizlo <fpizlo@apple.com> + + Arithmetic use inference should be procedure-global and should run in tandem + with type propagation + https://bugs.webkit.org/show_bug.cgi?id=80819 + <rdar://problem/11034006> + + Reviewed by Gavin Barraclough. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed. + * dfg/DFGArithNodeFlagsInferencePhase.h: Removed. + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::isNotNegZero): + (PredictionPropagationPhase): + (JSC::DFG::PredictionPropagationPhase::isNotZero): + (JSC::DFG::PredictionPropagationPhase::propagate): + (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): + * dfg/DFGVariableAccessData.h: + (JSC::DFG::VariableAccessData::VariableAccessData): + (JSC::DFG::VariableAccessData::flags): + (VariableAccessData): + (JSC::DFG::VariableAccessData::mergeFlags): + +2012-03-12 Filip Pizlo <fpizlo@apple.com> + + Node::op and Node::flags should be private + https://bugs.webkit.org/show_bug.cgi?id=80824 + <rdar://problem/11033435> + + Reviewed by Gavin Barraclough. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::initialize): + (JSC::DFG::AbstractState::execute): + (JSC::DFG::AbstractState::mergeStateAtTail): + (JSC::DFG::AbstractState::mergeToSuccessors): + * dfg/DFGArithNodeFlagsInferencePhase.cpp: + (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction): + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::flushArgument): + (JSC::DFG::ByteCodeParser::toInt32): + (JSC::DFG::ByteCodeParser::isJSConstant): + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::makeDivSafe): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::linkBlock): + * dfg/DFGCFAPhase.cpp: + (JSC::DFG::CFAPhase::performBlockCFA): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::canonicalize): + (JSC::DFG::CSEPhase::endIndexForPureCSE): + (JSC::DFG::CSEPhase::pureCSE): + (JSC::DFG::CSEPhase::byValIsPure): + (JSC::DFG::CSEPhase::clobbersWorld): + (JSC::DFG::CSEPhase::impureCSE): + (JSC::DFG::CSEPhase::globalVarLoadElimination): + (JSC::DFG::CSEPhase::getByValLoadElimination): + (JSC::DFG::CSEPhase::checkFunctionElimination): + (JSC::DFG::CSEPhase::checkStructureLoadElimination): + (JSC::DFG::CSEPhase::getByOffsetLoadElimination): + (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getScopeChainLoadElimination): + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (DFG): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::addShouldSpeculateInteger): + (JSC::DFG::Graph::negateShouldSpeculateInteger): + (JSC::DFG::Graph::methodOfGettingAValueProfileFor): + * dfg/DFGNode.cpp: Removed. + * dfg/DFGNode.h: + (DFG): + (JSC::DFG::Node::Node): + (Node): + (JSC::DFG::Node::op): + (JSC::DFG::Node::flags): + (JSC::DFG::Node::setOp): + (JSC::DFG::Node::setFlags): + (JSC::DFG::Node::mergeFlags): + (JSC::DFG::Node::filterFlags): + (JSC::DFG::Node::clearFlags): + (JSC::DFG::Node::setOpAndDefaultFlags): + (JSC::DFG::Node::mustGenerate): + (JSC::DFG::Node::isConstant): + (JSC::DFG::Node::isWeakConstant): + (JSC::DFG::Node::valueOfJSConstant): + (JSC::DFG::Node::hasVariableAccessData): + (JSC::DFG::Node::hasIdentifier): + (JSC::DFG::Node::resolveGlobalDataIndex): + (JSC::DFG::Node::hasArithNodeFlags): + (JSC::DFG::Node::arithNodeFlags): + (JSC::DFG::Node::setArithNodeFlag): + (JSC::DFG::Node::mergeArithNodeFlags): + (JSC::DFG::Node::hasConstantBuffer): + (JSC::DFG::Node::hasRegexpIndex): + (JSC::DFG::Node::hasVarNumber): + (JSC::DFG::Node::hasScopeChainDepth): + (JSC::DFG::Node::hasResult): + (JSC::DFG::Node::hasInt32Result): + (JSC::DFG::Node::hasNumberResult): + (JSC::DFG::Node::hasJSResult): + (JSC::DFG::Node::hasBooleanResult): + (JSC::DFG::Node::isJump): + (JSC::DFG::Node::isBranch): + (JSC::DFG::Node::isTerminal): + (JSC::DFG::Node::hasHeapPrediction): + (JSC::DFG::Node::hasFunctionCheckData): + (JSC::DFG::Node::hasStructureTransitionData): + (JSC::DFG::Node::hasStructureSet): + (JSC::DFG::Node::hasStorageAccessData): + (JSC::DFG::Node::hasFunctionDeclIndex): + (JSC::DFG::Node::hasFunctionExprIndex): + (JSC::DFG::Node::child1): + (JSC::DFG::Node::child2): + (JSC::DFG::Node::child3): + (JSC::DFG::Node::firstChild): + (JSC::DFG::Node::numChildren): + * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp. + * dfg/DFGNodeFlags.h: Added. + (DFG): + (JSC::DFG::nodeUsedAsNumber): + (JSC::DFG::nodeCanTruncateInteger): + (JSC::DFG::nodeCanIgnoreNegativeZero): + (JSC::DFG::nodeMayOverflow): + (JSC::DFG::nodeCanSpeculateInteger): + * dfg/DFGNodeType.h: Added. + (DFG): + (JSC::DFG::defaultFlags): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + (JSC::DFG::PredictionPropagationPhase::vote): + (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): + (JSC::DFG::PredictionPropagationPhase::fixupNode): + * dfg/DFGRedundantPhiEliminationPhase.cpp: + (JSC::DFG::RedundantPhiEliminationPhase::run): + (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild): + (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::useChildren): + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + (JSC::DFG::SpeculativeJIT::compileMovHint): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): + (JSC::DFG::SpeculativeJIT::compileAdd): + (JSC::DFG::SpeculativeJIT::compare): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGVirtualRegisterAllocationPhase.cpp: + (JSC::DFG::VirtualRegisterAllocationPhase::run): + +2012-03-12 Laszlo Gombos <laszlo.1.gombos@nokia.com> + + Minor DataLog fixes + https://bugs.webkit.org/show_bug.cgi?id=80826 + + Reviewed by Andreas Kling. + + * bytecode/ExecutionCounter.cpp: + Do not include DataLog.h, it is not used. + + * jit/ExecutableAllocator.cpp: + Ditto. + + * wtf/DataLog.cpp: + (WTF::initializeLogFileOnce): + Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined. + + * wtf/HashTable.cpp: + Include DataLog as it is used. + +2012-03-12 SangGyu Lee <sg5.lee@samsung.com> + + Integer overflow check code in arithmetic operation in classic interpreter + https://bugs.webkit.org/show_bug.cgi?id=80465 + + Reviewed by Gavin Barraclough. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + +2012-03-12 Zeno Albisser <zeno@webkit.org> + + [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863) + https://bugs.webkit.org/show_bug.cgi?id=80827 + + Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT. + + Reviewed by Simon Hausmann. + + * wtf/Platform.h: + +2012-03-12 Simon Hausmann <simon.hausmann@nokia.com> + + Unreviewed prospective Qt/Mac build fix + + * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine + whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData + constructor. + +2012-03-12 Filip Pizlo <fpizlo@apple.com> + + All DFG nodes should have a mutable set of flags + https://bugs.webkit.org/show_bug.cgi?id=80779 + <rdar://problem/11026218> + + Reviewed by Gavin Barraclough. + + Got rid of NodeId, and placed all of the flags that distinguished NodeId + from NodeType into a separate Node::flags field. Combined what was previously + ArithNodeFlags into Node::flags. + + In the process of debugging, I found that the debug support in the virtual + register allocator was lacking, so I improved it. I also realized that the + virtual register allocator was assuming that the nodes in a basic block were + contiguous, which is no longer the case. So I fixed that. The fix also made + it natural to have more extreme assertions, so I added them. I suspect this + will make it easier to catch virtual register allocation bugs in the future. + + This is mostly performance neutral; if anything it looks like a slight + speed-up. + + This patch does leave some work for future refactorings; for example, Node::op + is unencapsulated. This was already the case, though now it feels even more + like it should be. I avoided doing that because this patch has already grown + way bigger than I wanted. + + Finally, this patch creates a DFGNode.cpp file and makes a slight effort to + move some unnecessarily inline stuff out of DFGNode.h. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGArithNodeFlagsInferencePhase.cpp: + (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addToGraph): + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::makeDivSafe): + (JSC::DFG::ByteCodeParser::handleMinMax): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCFAPhase.cpp: + (JSC::DFG::CFAPhase::performBlockCFA): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::endIndexForPureCSE): + (JSC::DFG::CSEPhase::pureCSE): + (JSC::DFG::CSEPhase::clobbersWorld): + (JSC::DFG::CSEPhase::impureCSE): + (JSC::DFG::CSEPhase::setReplacement): + (JSC::DFG::CSEPhase::eliminate): + (JSC::DFG::CSEPhase::performNodeCSE): + (JSC::DFG::CSEPhase::performBlockCSE): + (CSEPhase): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::opName): + (JSC::DFG::Graph::dump): + (DFG): + * dfg/DFGNode.cpp: Added. + (DFG): + (JSC::DFG::arithNodeFlagsAsString): + * dfg/DFGNode.h: + (DFG): + (JSC::DFG::nodeUsedAsNumber): + (JSC::DFG::nodeCanTruncateInteger): + (JSC::DFG::nodeCanIgnoreNegativeZero): + (JSC::DFG::nodeMayOverflow): + (JSC::DFG::nodeCanSpeculateInteger): + (JSC::DFG::defaultFlags): + (JSC::DFG::Node::Node): + (Node): + (JSC::DFG::Node::setOpAndDefaultFlags): + (JSC::DFG::Node::mustGenerate): + (JSC::DFG::Node::arithNodeFlags): + (JSC::DFG::Node::setArithNodeFlag): + (JSC::DFG::Node::mergeArithNodeFlags): + (JSC::DFG::Node::hasResult): + (JSC::DFG::Node::hasInt32Result): + (JSC::DFG::Node::hasNumberResult): + (JSC::DFG::Node::hasJSResult): + (JSC::DFG::Node::hasBooleanResult): + (JSC::DFG::Node::isJump): + (JSC::DFG::Node::isBranch): + (JSC::DFG::Node::isTerminal): + (JSC::DFG::Node::child1): + (JSC::DFG::Node::child2): + (JSC::DFG::Node::child3): + (JSC::DFG::Node::firstChild): + (JSC::DFG::Node::numChildren): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + (JSC::DFG::PredictionPropagationPhase::vote): + (JSC::DFG::PredictionPropagationPhase::fixupNode): + * dfg/DFGScoreBoard.h: + (ScoreBoard): + (JSC::DFG::ScoreBoard::~ScoreBoard): + (JSC::DFG::ScoreBoard::assertClear): + (JSC::DFG::ScoreBoard::use): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::useChildren): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGVirtualRegisterAllocationPhase.cpp: + (JSC::DFG::VirtualRegisterAllocationPhase::run): + +2012-03-10 Filip Pizlo <fpizlo@apple.com> + + LLInt should support JSVALUE64 + https://bugs.webkit.org/show_bug.cgi?id=79609 + <rdar://problem/10063437> + + Reviewed by Gavin Barraclough and Oliver Hunt. + + Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This + patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common + file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be + specialized for value representation. + + Also made some minor changes to offlineasm and the slow-paths. + + * llint/LLIntData.cpp: + (JSC::LLInt::Data::performAssertions): + * llint/LLIntEntrypoints.cpp: + * llint/LLIntSlowPaths.cpp: + (LLInt): + (JSC::LLInt::llint_trace_value): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (JSC::LLInt::jitCompileAndSetHeuristics): + * llint/LLIntSlowPaths.h: + (LLInt): + (SlowPathReturnType): + (JSC::LLInt::SlowPathReturnType::SlowPathReturnType): + (JSC::LLInt::encodeResult): + * llint/LLIntThunks.cpp: + * llint/LowLevelInterpreter.asm: + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + * offlineasm/armv7.rb: + * offlineasm/asm.rb: + * offlineasm/ast.rb: + * offlineasm/backends.rb: + * offlineasm/instructions.rb: + * offlineasm/parser.rb: + * offlineasm/registers.rb: + * offlineasm/transform.rb: + * offlineasm/x86.rb: + * wtf/Platform.h: + +2012-03-10 Yong Li <yoli@rim.com> + + Web Worker crashes with WX_EXCLUSIVE + https://bugs.webkit.org/show_bug.cgi?id=80532 + + Let each JS global object own a meta allocator + for WX_EXCLUSIVE to avoid conflicts from Web Worker. + Also fix a mutex leak in MetaAllocator's dtor. + + Reviewed by Filip Pizlo. + + * jit/ExecutableAllocator.cpp: + (JSC::DemandExecutableAllocator::DemandExecutableAllocator): + (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): + (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): + (DemandExecutableAllocator): + (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): + (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): + (JSC::DemandExecutableAllocator::allocateNewSpace): + (JSC::DemandExecutableAllocator::allocators): + (JSC::DemandExecutableAllocator::allocatorsMutex): + (JSC): + (JSC::ExecutableAllocator::initializeAllocator): + (JSC::ExecutableAllocator::ExecutableAllocator): + (JSC::ExecutableAllocator::underMemoryPressure): + (JSC::ExecutableAllocator::memoryPressureMultiplier): + (JSC::ExecutableAllocator::allocate): + (JSC::ExecutableAllocator::committedByteCount): + (JSC::ExecutableAllocator::dumpProfile): + * jit/ExecutableAllocator.h: + (JSC): + (ExecutableAllocator): + (JSC::ExecutableAllocator::allocator): + * wtf/MetaAllocator.h: + (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock. + * wtf/TCSpinLock.h: + (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations. + +2012-03-09 Gavin Barraclough <barraclough@apple.com> + + Object.freeze broken on latest Nightly + https://bugs.webkit.org/show_bug.cgi?id=80577 + + Reviewed by Oliver Hunt. + + The problem here is that deleteProperty rejects deletion of prototype. + This is correct in most cases, however defineOwnPropery is presently + implemented internally to ensure the attributes change by deleting the + old property, and creating a new one. + + * runtime/JSFunction.cpp: + (JSC::JSFunction::deleteProperty): + - If deletePropery is called via defineOwnPropery, allow old prototype to be removed. + +2012-03-09 Gavin Barraclough <barraclough@apple.com> + + Array.prototype.toLocaleString visits elements in wrong order under certain conditions + https://bugs.webkit.org/show_bug.cgi?id=80663 + + Reviewed by Michael Saboff. + + The bug here is actually that we're continuing to process the array after an exception + has been thrown, and that the second value throw is overriding the first. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToLocaleString): + +2012-03-09 Ryosuke Niwa <rniwa@webkit.org> + + WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html + https://bugs.webkit.org/show_bug.cgi?id=80080 + + Reviewed by Filip Pizlo. + + * bytecode/SamplingTool.cpp: + (JSC::SamplingRegion::Locker::Locker): + (JSC::SamplingRegion::Locker::~Locker): + * bytecode/SamplingTool.h: + (JSC::SamplingRegion::exchangeCurrent): + * wtf/Atomics.h: + (WTF): + (WTF::weakCompareAndSwap): + (WTF::weakCompareAndSwapUIntPtr): + +2012-03-09 Gavin Barraclough <barraclough@apple.com> + + REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN + https://bugs.webkit.org/show_bug.cgi?id=49989 + + Reviewed by Oliver Hunt. + + Patch originally by chris reiss <christopher.reiss@nokia.com>, + allow the year to appear before the timezone in date strings. + + * wtf/DateMath.cpp: + (WTF::parseDateFromNullTerminatedCharacters): + +2012-03-09 Mark Rowe <mrowe@apple.com> + + Ensure that the WTF headers are copied at installhdrs time. + + Reviewed by Dan Bernstein and Jessie Berlin. + + * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES + so that our script phases are invoked at installhdrs time. The only one that + does any useful work at that time is the one that installs WTF headers. + +2012-03-09 Jon Lee <jonlee@apple.com> + + Add support for ENABLE(LEGACY_NOTIFICATIONS) + https://bugs.webkit.org/show_bug.cgi?id=80497 + + Reviewed by Adam Barth. + + Prep for b80472: Update API for Web Notifications + * Configurations/FeatureDefines.xcconfig: + +2012-03-09 Ashod Nakashian <ashodnakashian@yahoo.com> + + Bash scripts should support LF endings only + https://bugs.webkit.org/show_bug.cgi?id=79509 + + Reviewed by David Kilzer. + + * gyp/generate-derived-sources.sh: Added property svn:eol-style. + * gyp/run-if-exists.sh: Added property svn:eol-style. + * gyp/update-info-plist.sh: Added property svn:eol-style. + +2012-03-09 Jessie Berlin <jberlin@apple.com> + + Windows debug build fix. + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::shouldBlind): + Fix unreachable code warnings (which we treat as errors). + +2012-03-09 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Reviewed by Zoltan Herczeg. + + [Qt] Fix the SH4 build after r109834 + https://bugs.webkit.org/show_bug.cgi?id=80492 + + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::branchAdd32): + (JSC::MacroAssemblerSH4::branchSub32): + +2012-03-09 Andy Wingo <wingo@igalia.com> + + Refactor code feature analysis in the parser + https://bugs.webkit.org/show_bug.cgi?id=79112 + + Reviewed by Geoffrey Garen. + + This commit refactors the parser to more uniformly propagate flag + bits down and up the parse process, as the parser descends and + returns into nested blocks. Some flags get passed town to + subscopes, some apply to specific scopes only, and some get + unioned up after parsing subscopes. + + The goal is to eventually be very precise with scoping + information, once we have block scopes: one block scope might use + `eval', which would require the emission of a symbol table within + that block and containing blocks, whereas another block in the + same function might not, allowing us to not emit a symbol table. + + * parser/Nodes.h: + (JSC::ScopeFlags): Rename from CodeFeatures. + (JSC::ScopeNode::addScopeFlags): + (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags. + (JSC::ScopeNode::isStrictMode): + (JSC::ScopeNode::usesEval): + (JSC::ScopeNode::usesArguments): + (JSC::ScopeNode::setUsesArguments): + (JSC::ScopeNode::usesThis): + (JSC::ScopeNode::needsActivationForMoreThanVariables): + (JSC::ScopeNode::needsActivation): Refactor these accessors to + operate on the m_scopeFlags member. + (JSC::ScopeNode::source): + (JSC::ScopeNode::sourceURL): + (JSC::ScopeNode::sourceID): Shuffle these definitions around; no + semantic change. + (JSC::ScopeNode::ScopeNode) + (JSC::ProgramNode::ProgramNode) + (JSC::EvalNode::EvalNode) + (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors + take a ScopeFlags as an argument, instead of a bool inStrictContext. + + * parser/Nodes.cpp: + (JSC::ScopeNode::ScopeNode): + (JSC::ProgramNode::ProgramNode): + (JSC::ProgramNode::create): + (JSC::EvalNode::EvalNode): + (JSC::EvalNode::create): + (JSC::FunctionBodyNode::FunctionBodyNode): + (JSC::FunctionBodyNode::create): Adapt constructors to change. + + * parser/ASTBuilder.h: + (JSC::ASTBuilder::ASTBuilder): + (JSC::ASTBuilder::thisExpr): + (JSC::ASTBuilder::createResolve): + (JSC::ASTBuilder::createFunctionBody): + (JSC::ASTBuilder::createFuncDeclStatement): + (JSC::ASTBuilder::createTryStatement): + (JSC::ASTBuilder::createWithStatement): + (JSC::ASTBuilder::addVar): + (JSC::ASTBuilder::Scope::Scope): + (Scope): + (ASTBuilder): + (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope + features here. Instead rely on the base Parser mechanism to track + features. + + * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags". + + * parser/Parser.h: + (JSC::Scope::Scope): Manage scope through flags, not + bit-booleans. This lets us uniformly propagate them up and down. + (JSC::Scope::declareWrite): + (JSC::Scope::declareParameter): + (JSC::Scope::useVariable): + (JSC::Scope::collectFreeVariables): + (JSC::Scope::getCapturedVariables): + (JSC::Scope::saveFunctionInfo): + (JSC::Scope::restoreFunctionInfo): + (JSC::Parser::pushScope): Adapt to use scope flags and their + accessors instead of bit-booleans. + * parser/Parser.cpp: + (JSC::::Parser): + (JSC::::parseInner): + (JSC::::didFinishParsing): + (JSC::::parseSourceElements): + (JSC::::parseVarDeclarationList): + (JSC::::parseConstDeclarationList): + (JSC::::parseWithStatement): + (JSC::::parseTryStatement): + (JSC::::parseFunctionBody): + (JSC::::parseFunctionInfo): + (JSC::::parseFunctionDeclaration): + (JSC::::parsePrimaryExpression): Hoist some of the flag handling + out of the "context" (ASTBuilder or SyntaxChecker) and to here. + Does not seem to have a performance impact. + + * parser/SourceProviderCacheItem.h (SourceProviderCacheItem): + Cache the scopeflags. + * parser/SyntaxChecker.h: Remove evalCount() decl. + + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::produceCodeBlockFor): + * runtime/Executable.h: + (JSC::ScriptExecutable::ScriptExecutable): + (JSC::ScriptExecutable::usesEval): + (JSC::ScriptExecutable::usesArguments): + (JSC::ScriptExecutable::needsActivation): + (JSC::ScriptExecutable::isStrictMode): + (JSC::ScriptExecutable::recordParse): + (ScriptExecutable): ScopeFlags, not features. + +2012-03-08 Benjamin Poulain <bpoulain@apple.com> + + Build fix for MSVC after r110266 + + Unreviewed. A #ifdef for MSVC was left over in r110266. + + * runtime/RegExpObject.h: + (RegExpObject): + +2012-03-08 Benjamin Poulain <bpoulain@apple.com> + + Allocate the RegExpObject's data with the Cell + https://bugs.webkit.org/show_bug.cgi?id=80654 + + Reviewed by Gavin Barraclough. + + This patch removes the creation of RegExpObject's data to avoid the overhead + create by the allocation and destruction. + + We RegExp are created repeatedly, this provides some performance improvment. + The PeaceKeeper test stringDetectBrowser improves by 10%. + + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::RegExpObject): + (JSC::RegExpObject::visitChildren): + (JSC::RegExpObject::getOwnPropertyDescriptor): + (JSC::RegExpObject::defineOwnProperty): + (JSC::RegExpObject::match): + * runtime/RegExpObject.h: + (JSC::RegExpObject::setRegExp): + (JSC::RegExpObject::regExp): + (JSC::RegExpObject::setLastIndex): + (JSC::RegExpObject::getLastIndex): + (RegExpObject): + +2012-03-08 Steve Falkenburg <sfalken@apple.com> + + Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build + https://bugs.webkit.org/show_bug.cgi?id=80657 + + Preparation for WTF separation from JavaScriptCore. + The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct + dependencies for generated files. + + This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization + versions of the WTF code independent of the JavaScriptCore code. + + Reviewed by Jessie Berlin. + + * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts. + * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts. + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts. + * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed. + * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects. + * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF. + * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make. + * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj. + * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops. + * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops. + * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops. + * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops. + * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops. + * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops. + * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops. + * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed. + * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh. + * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd. + * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py. + +2012-03-08 Benjamin Poulain <benjamin@webkit.org> + + Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf + https://bugs.webkit.org/show_bug.cgi?id=80652 + + Reviewed by Eric Seidel. + + Fix the header, URLSegments.h is not part of the API. + + * wtf/url/api/ParsedURL.h: + +2012-03-08 Ryosuke Niwa <rniwa@webkit.org> + + Mac build fix for micro data API. + + * Configurations/FeatureDefines.xcconfig: + +2012-03-08 Gavin Barraclough <barraclough@apple.com> + + String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10 + https://bugs.webkit.org/show_bug.cgi?id=26890 + + Reviewed by Oliver Hunt. + + Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i. + + * runtime/StringPrototype.cpp: + (JSC::replaceUsingRegExpSearch): + (JSC::stringProtoFuncMatch): + - added calls to setLastIndex. + +2012-03-08 Matt Lilek <mrl@apple.com> + + Don't enable VIDEO_TRACK on all OS X platforms + https://bugs.webkit.org/show_bug.cgi?id=80635 + + Reviewed by Eric Carlson. + + * Configurations/FeatureDefines.xcconfig: + +2012-03-08 Oliver Hunt <oliver@apple.com> + + Build fix. That day is not today. + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::shouldBlind): + * assembler/MacroAssemblerX86Common.h: + (MacroAssemblerX86Common): + (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): + +2012-03-08 Oliver Hunt <oliver@apple.com> + + Build fix. One of these days I'll manage to commit something that works everywhere. + + * assembler/AbstractMacroAssembler.h: + (AbstractMacroAssembler): + * assembler/MacroAssemblerARMv7.h: + (MacroAssemblerARMv7): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): + (MacroAssemblerX86Common): + +2012-03-08 Chao-ying Fu <fu@mips.com> + + Update MIPS patchOffsetGetByIdSlowCaseCall + https://bugs.webkit.org/show_bug.cgi?id=80302 + + Reviewed by Oliver Hunt. + + * jit/JIT.h: + (JIT): + +2012-03-08 Oliver Hunt <oliver@apple.com> + + Missing some places where we should be blinding 64bit values (and blinding something we shouldn't) + https://bugs.webkit.org/show_bug.cgi?id=80633 + + Reviewed by Gavin Barraclough. + + Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind + if there isn't a machine specific implementation (otherwise the 64bit value + got truncated and 32bit checks were used -- leaving 32bits untested). + Also add a bit of logic to ensure that we don't try to blind a few common + constants that go through the ImmPtr paths -- encoded numeric JSValues and + unencoded doubles with common "safe" values. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch): + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::shouldBlindDouble): + (MacroAssembler): + (JSC::MacroAssembler::shouldBlind): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): + +2012-03-08 Mark Rowe <mrowe@apple.com> + + <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore + + Reviewed by Dan Bernstein. + + * Configurations/Base.xcconfig: + +2012-03-08 Steve Falkenburg <sfalken@apple.com> + + Fix line endings for copy-files.cmd. + + If a cmd file doesn't have Windows line endings, it doesn't work properly. + In this case, the label :clean wasn't found, breaking the clean build. + + Reviewed by Jessie Berlin. + + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + +2012-03-07 Filip Pizlo <fpizlo@apple.com> + + DFG CFA incorrectly handles ValueToInt32 + https://bugs.webkit.org/show_bug.cgi?id=80568 + + Reviewed by Gavin Barraclough. + + Changed it match exactly the decision pattern used in + DFG::SpeculativeJIT::compileValueToInt32 + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + +2012-03-08 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com> + + [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared + https://bugs.webkit.org/show_bug.cgi?id=80524 + + Reviewed by Simon Hausmann. + + Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking + of WTF library. + + * runtime/Identifier.cpp: + * wtf/WTFThreadData.cpp: + (JSC): + (JSC::IdentifierTable::~IdentifierTable): + (JSC::IdentifierTable::add): + +2012-03-08 Filip Pizlo <fpizlo@apple.com> + + DFG instruction count threshold should be lifted to 10000 + https://bugs.webkit.org/show_bug.cgi?id=80579 + + Reviewed by Gavin Barraclough. + + * runtime/Options.cpp: + (JSC::Options::initializeOptions): + +2012-03-07 Filip Pizlo <fpizlo@apple.com> + + Incorrect tracking of abstract values of variables forced double + https://bugs.webkit.org/show_bug.cgi?id=80566 + <rdar://problem/11001442> + + Reviewed by Gavin Barraclough. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::mergeStateAtTail): + +2012-03-07 Chao-yng Fu <fu@mips.com> + + [Qt] Fix the MIPS/SH4 build after r109834 + https://bugs.webkit.org/show_bug.cgi?id=80492 + + Reviewed by Oliver Hunt. + + Implement three-argument branch(Add,Sub)32. + + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::add32): + (MacroAssemblerMIPS): + (JSC::MacroAssemblerMIPS::sub32): + (JSC::MacroAssemblerMIPS::branchAdd32): + (JSC::MacroAssemblerMIPS::branchSub32): + +2012-03-07 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r110127. + http://trac.webkit.org/changeset/110127 + https://bugs.webkit.org/show_bug.cgi?id=80562 + + compile failed on AppleWin (Requested by ukai on #webkit). + + * heap/Heap.cpp: + (JSC::Heap::collectAllGarbage): + * heap/Heap.h: + (JSC): + (Heap): + * runtime/Executable.cpp: + (JSC::FunctionExecutable::FunctionExecutable): + (JSC::FunctionExecutable::finalize): + * runtime/Executable.h: + (FunctionExecutable): + (JSC::FunctionExecutable::create): + * runtime/JSGlobalData.cpp: + (WTF): + (Recompiler): + (WTF::Recompiler::operator()): + (JSC::JSGlobalData::recompileAllJSFunctions): + (JSC): + * runtime/JSGlobalData.h: + (JSGlobalData): + * runtime/JSGlobalObject.cpp: + (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): + +2012-03-07 Hojong Han <hojong.han@samsung.com> + + The end atom of the marked block considered to filter invalid cells + https://bugs.webkit.org/show_bug.cgi?id=79191 + + Reviewed by Geoffrey Garen. + + Register file could have stale pointers beyond the end atom of marked block. + Those pointers can weasel out of filtering in-middle-of-cell pointer. + + * heap/MarkedBlock.h: + (JSC::MarkedBlock::isLiveCell): + +2012-03-07 Jessie Berlin <jberlin@apple.com> + + Clean Windows build fails after r110033 + https://bugs.webkit.org/show_bug.cgi?id=80553 + + Rubber-stamped by Jon Honeycutt and Eric Seidel. + + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + Place the implementation files next to their header files in the wtf/text subdirectory. + Use echo -F to tell xcopy that these are files (since there is apparently no flag). + * JavaScriptCore.vcproj/jsc/jsc.vcproj: + Update the path to those implementation files. + * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: + Ditto. + +2012-03-07 Yuqiang Xian <yuqiang.xian@intel.com> + + Eliminate redundant Phis in DFG + https://bugs.webkit.org/show_bug.cgi?id=80415 + + Reviewed by Filip Pizlo. + + Although this may not have any advantage at current stage, this is towards + minimal SSA to make more high level optimizations (like bug 76770) easier. + We have the choices either to build minimal SSA from scratch or to + keep current simple Phi insertion mechanism and remove the redundancy + in another phase. Currently we choose the latter because the change + could be smaller. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGRedundantPhiEliminationPhase.cpp: Added. + (DFG): + (RedundantPhiEliminationPhase): + (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase): + (JSC::DFG::RedundantPhiEliminationPhase::run): + (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement): + (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild): + (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis): + (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation): + (JSC::DFG::performRedundantPhiElimination): + * dfg/DFGRedundantPhiEliminationPhase.h: Added. + (DFG): + +2012-03-07 Mark Hahnenberg <mhahnenberg@apple.com> + + Refactor recompileAllJSFunctions() to be less expensive + https://bugs.webkit.org/show_bug.cgi?id=80330 + + Reviewed by Geoffrey Garen. + + This change is performance neutral on the JS benchmarks we track. It's mostly to improve page + load performance, which currently does at least a couple full GCs per navigation. + + * heap/Heap.cpp: + (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode + because the function doesn't actually recompile anything (and never did); it simply throws code + away for it to be recompiled later if we determine we should do so. + (JSC): + (JSC::Heap::collectAllGarbage): + (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list. + (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list. + * heap/Heap.h: + (JSC): + (Heap): + * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can + be used in DoublyLinkedLists. + (JSC::FunctionExecutable::FunctionExecutable): + (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list. + * runtime/Executable.h: + (FunctionExecutable): + (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list. + * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage + the list of FunctionExecutables. + * runtime/JSGlobalData.h: + (JSGlobalData): + * runtime/JSGlobalObject.cpp: + (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode. + +2012-03-06 Oliver Hunt <oliver@apple.com> + + Further harden 64-bit JIT + https://bugs.webkit.org/show_bug.cgi?id=80457 + + Reviewed by Filip Pizlo. + + This patch implements blinding for ImmPtr. Rather than xor based blinding + we perform randomised pointer rotations in order to avoid the significant + cost in executable memory that would otherwise be necessary (and to avoid + the need for an additional scratch register in some cases). + + As with the prior blinding patch there's a moderate amount of noise as we + correct the use of ImmPtr vs. TrustedImmPtr. + + * assembler/AbstractMacroAssembler.h: + (ImmPtr): + (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr): + * assembler/MacroAssembler.h: + (MacroAssembler): + (JSC::MacroAssembler::storePtr): + (JSC::MacroAssembler::branchPtr): + (JSC::MacroAssembler::shouldBlind): + (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr): + (RotatedImmPtr): + (JSC::MacroAssembler::rotationBlindConstant): + (JSC::MacroAssembler::loadRotationBlindedConstant): + (JSC::MacroAssembler::convertInt32ToDouble): + (JSC::MacroAssembler::move): + (JSC::MacroAssembler::poke): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::storeDouble): + (JSC::MacroAssemblerARMv7::branchAdd32): + * assembler/MacroAssemblerX86_64.h: + (MacroAssemblerX86_64): + (JSC::MacroAssemblerX86_64::rotateRightPtr): + (JSC::MacroAssemblerX86_64::xorPtr): + * assembler/X86Assembler.h: + (X86Assembler): + (JSC::X86Assembler::xorq_rm): + (JSC::X86Assembler::rorq_i8r): + * dfg/DFGCCallHelpers.h: + (CCallHelpers): + (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::createOSREntries): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::silentFillGPR): + (JSC::DFG::SpeculativeJIT::callOperation): + (JSC::DFG::SpeculativeJIT::emitEdgeCode): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillInteger): + (JSC::DFG::SpeculativeJIT::fillDouble): + (JSC::DFG::SpeculativeJIT::fillJSValue): + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitBranch): + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emitSlow_op_post_inc): + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + (JSC::JIT::emitGetVirtualRegister): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_mov): + (JSC::JIT::emit_op_new_object): + (JSC::JIT::emit_op_strcat): + (JSC::JIT::emit_op_ensure_property_exists): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + (JSC::JIT::emit_op_jmp_scopes): + (JSC::JIT::emit_op_switch_imm): + (JSC::JIT::emit_op_switch_char): + (JSC::JIT::emit_op_switch_string): + (JSC::JIT::emit_op_throw_reference_error): + (JSC::JIT::emit_op_debug): + (JSC::JIT::emitSlow_op_resolve_global_dynamic): + (JSC::JIT::emit_op_new_array): + (JSC::JIT::emitSlow_op_new_array): + (JSC::JIT::emit_op_new_array_buffer): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_new_object): + (JSC::JIT::emit_op_strcat): + (JSC::JIT::emit_op_ensure_property_exists): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + (JSC::JIT::emit_op_jmp_scopes): + (JSC::JIT::emit_op_switch_imm): + (JSC::JIT::emit_op_switch_char): + (JSC::JIT::emit_op_switch_string): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_put_by_index): + * jit/JITStubCall.h: + (JITStubCall): + (JSC::JITStubCall::addArgument): + +2012-03-07 Simon Hausmann <simon.hausmann@nokia.com> + + ARM build fix. + + Reviewed by Zoltan Herczeg. + + Implement three-argument branch(Add,Sub)32. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::add32): + (MacroAssemblerARM): + (JSC::MacroAssemblerARM::sub32): + (JSC::MacroAssemblerARM::branchAdd32): + (JSC::MacroAssemblerARM::branchSub32): + +2012-03-07 Andy Wingo <wingo@igalia.com> + + Parser: Inline ScopeNodeData into ScopeNode + https://bugs.webkit.org/show_bug.cgi?id=79776 + + Reviewed by Geoffrey Garen. + + It used to be that some ScopeNode members were kept in a separate + structure because sometimes they wouldn't be needed, and + allocating a ParserArena was expensive. This patch makes + ParserArena lazily allocate its IdentifierArena, allowing the + members to be included directly, which is simpler and easier to + reason about. + + * parser/ParserArena.cpp: + (JSC::ParserArena::ParserArena): + (JSC::ParserArena::reset): + (JSC::ParserArena::isEmpty): + * parser/ParserArena.h: + (JSC::ParserArena::identifierArena): Lazily allocate the + IdentifierArena. + + * parser/Nodes.cpp: + (JSC::ScopeNode::ScopeNode): + (JSC::ScopeNode::singleStatement): + (JSC::ProgramNode::create): + (JSC::EvalNode::create): + (JSC::FunctionBodyNode::create): + * parser/Nodes.h: + (JSC::ScopeNode::destroyData): + (JSC::ScopeNode::needsActivationForMoreThanVariables): + (JSC::ScopeNode::needsActivation): + (JSC::ScopeNode::hasCapturedVariables): + (JSC::ScopeNode::capturedVariableCount): + (JSC::ScopeNode::captures): + (JSC::ScopeNode::varStack): + (JSC::ScopeNode::functionStack): + (JSC::ScopeNode::neededConstants): + (ScopeNode): + * bytecompiler/NodesCodegen.cpp: + (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData + into ScopeNode. Adapt accessors. + +2012-03-06 Eric Seidel <eric@webkit.org> + + Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf + https://bugs.webkit.org/show_bug.cgi?id=80363 + + Reviewed by Mark Rowe. + + Historically WTF has been part of JavaScriptCore, and on Mac and Windows + its headers have appeared as part of the "private" headers exported by + JavaScriptCore. All of the WTF headers there are "flattened" into a single + private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders" + to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes. + + However, very soon, we are moving the WTF source code out of JavaScriptCore into its + own directory and project. As part of such, the WTF headers will no longer be part of + the JavaScriptCore private interfaces. + In preparation for that, this change makes both the Mac and Win builds export + WTF headers in a non-flattened manner. On Mac, that means into usr/local/include/wtf + (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories). + + There are 5 parts to this change. + 1. Updates the JavaScriptCore XCode and VCProj files to actually install these headers + (and header directories) into the appropriate places in the build directory. + 2. Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location + (WebCore, WebKit, etc. had already been taught to look in previous patches). + 3. Fixes all JavaScriptCore source files, and WTF headers to include WTF headers + using fully qualified paths. + 4. Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location. + 5. Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist. + + Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant. + It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF + headers, those will have to be updated to use <wtf/Foo.h> after this change. + I've discussed this proposed change at length with Mark Rowe, and my understanding is they + are ready for (and interested in) this change happening. + + * API/tests/JSNode.c: + * API/tests/JSNodeList.c: + * Configurations/Base.xcconfig: + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/MacroAssemblerCodeRef.h: + * bytecompiler/BytecodeGenerator.h: + * dfg/DFGOperations.cpp: + * heap/GCAssertions.h: + * heap/HandleHeap.h: + * heap/HandleStack.h: + * heap/MarkedSpace.h: + * heap/PassWeak.h: + * heap/Strong.h: + * heap/Weak.h: + * jit/HostCallReturnValue.cpp: + * jit/JIT.cpp: + * jit/JITStubs.cpp: + * jit/ThunkGenerators.cpp: + * parser/Lexer.cpp: + * runtime/Completion.cpp: + * runtime/Executable.cpp: + * runtime/Identifier.h: + * runtime/InitializeThreading.cpp: + * runtime/JSDateMath.cpp: + * runtime/JSGlobalObjectFunctions.cpp: + * runtime/JSStringBuilder.h: + * runtime/JSVariableObject.h: + * runtime/NumberPrototype.cpp: + * runtime/WriteBarrier.h: + * tools/CodeProfile.cpp: + * tools/TieredMMapArray.h: + * wtf/AVLTree.h: + * wtf/Alignment.h: + * wtf/AlwaysInline.h: + * wtf/ArrayBufferView.h: + * wtf/Assertions.h: + * wtf/Atomics.h: + * wtf/Bitmap.h: + * wtf/BoundsCheckedPointer.h: + * wtf/CheckedArithmetic.h: + * wtf/Deque.h: + * wtf/ExportMacros.h: + * wtf/FastAllocBase.h: + * wtf/FastMalloc.h: + * wtf/Float32Array.h: + * wtf/Float64Array.h: + * wtf/Functional.h: + * wtf/HashCountedSet.h: + * wtf/HashFunctions.h: + * wtf/HashMap.h: + * wtf/HashSet.h: + * wtf/HashTable.h: + * wtf/HashTraits.h: + * wtf/Int16Array.h: + * wtf/Int32Array.h: + * wtf/Int8Array.h: + * wtf/IntegralTypedArrayBase.h: + * wtf/ListHashSet.h: + * wtf/MainThread.h: + * wtf/MetaAllocator.h: + * wtf/Noncopyable.h: + * wtf/OwnArrayPtr.h: + * wtf/OwnPtr.h: + * wtf/PackedIntVector.h: + * wtf/ParallelJobs.h: + * wtf/PassOwnArrayPtr.h: + * wtf/PassOwnPtr.h: + * wtf/PassRefPtr.h: + * wtf/PassTraits.h: + * wtf/Platform.h: + * wtf/PossiblyNull.h: + * wtf/RefCounted.h: + * wtf/RefCountedLeakCounter.h: + * wtf/RefPtr.h: + * wtf/RetainPtr.h: + * wtf/SimpleStats.h: + * wtf/Spectrum.h: + * wtf/StdLibExtras.h: + * wtf/TCPageMap.h: + * wtf/TemporaryChange.h: + * wtf/ThreadSafeRefCounted.h: + * wtf/Threading.h: + * wtf/ThreadingPrimitives.h: + * wtf/TypeTraits.h: + * wtf/TypedArrayBase.h: + * wtf/Uint16Array.h: + * wtf/Uint32Array.h: + * wtf/Uint8Array.h: + * wtf/Uint8ClampedArray.h: + * wtf/UnusedParam.h: + * wtf/Vector.h: + * wtf/VectorTraits.h: + * wtf/dtoa/double-conversion.h: + * wtf/dtoa/utils.h: + * wtf/gobject/GRefPtr.h: + * wtf/gobject/GlibUtilities.h: + * wtf/text/AtomicString.h: + * wtf/text/AtomicStringImpl.h: + * wtf/text/CString.h: + * wtf/text/StringConcatenate.h: + * wtf/text/StringHash.h: + * wtf/text/WTFString.h: + * wtf/unicode/CharacterNames.h: + * wtf/unicode/UTF8.h: + * wtf/unicode/glib/UnicodeGLib.h: + * wtf/unicode/qt4/UnicodeQt4.h: + * wtf/unicode/wince/UnicodeWinCE.h: + * wtf/url/api/ParsedURL.h: + * wtf/url/api/URLString.h: + * wtf/wince/FastMallocWinCE.h: + * yarr/YarrJIT.cpp: + +2012-03-06 Gavin Barraclough <barraclough@apple.com> + + Array.prototype functions should throw if delete fails + https://bugs.webkit.org/show_bug.cgi?id=80467 + + Reviewed by Oliver Hunt. + + All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw. + In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations + in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines, + one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift + routines, for handling arrays with holes. These three copies should be unified. + + * runtime/ArrayPrototype.cpp: + (JSC::shift): + (JSC::unshift): + - Added - shared copies of the shift/unshift functionality. + (JSC::arrayProtoFuncPop): + - should throw if the delete fails. + (JSC::arrayProtoFuncReverse): + - should throw if the delete fails. + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + - use shift/unshift. + * runtime/JSArray.cpp: + (JSC::JSArray::shiftCount): + (JSC::JSArray::unshiftCount): + - Don't try to handle arrays with holes; return a value indicating + the generic routine should be used instead. + * runtime/JSArray.h: + - declaration for shiftCount/unshiftCount changed. + * tests/mozilla/js1_6/Array/regress-304828.js: + - this was asserting incorrect behaviour. + +2012-03-06 Raphael Kubo da Costa <kubo@profusion.mobi> + + [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7. + https://bugs.webkit.org/show_bug.cgi?id=80469 + + Reviewed by Antonio Gomes. + + * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target + property on the library being created. + +2012-03-06 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG BasicBlock should group the Phi nodes together and separate them + from the other nodes + https://bugs.webkit.org/show_bug.cgi?id=80361 + + Reviewed by Filip Pizlo. + + This would make it more efficient to remove the redundant Phi nodes or + insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure. + This is performance neutral on SunSpider, V8 and Kraken. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::clobberStructures): + (JSC::DFG::AbstractState::dump): + * dfg/DFGBasicBlock.h: + (JSC::DFG::BasicBlock::BasicBlock): + (BasicBlock): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addToGraph): + (JSC::DFG::ByteCodeParser::insertPhiNode): + * dfg/DFGCFAPhase.cpp: + (JSC::DFG::CFAPhase::performBlockCFA): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::pureCSE): + (JSC::DFG::CSEPhase::impureCSE): + (JSC::DFG::CSEPhase::globalVarLoadElimination): + (JSC::DFG::CSEPhase::getByValLoadElimination): + (JSC::DFG::CSEPhase::checkFunctionElimination): + (JSC::DFG::CSEPhase::checkStructureLoadElimination): + (JSC::DFG::CSEPhase::getByOffsetLoadElimination): + (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getScopeChainLoadElimination): + (JSC::DFG::CSEPhase::performBlockCSE): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-03-06 Mark Hahnenberg <mhahnenberg@apple.com> + + GCActivityCallback timer should vary with the length of the previous GC + https://bugs.webkit.org/show_bug.cgi?id=80344 + + Reviewed by Geoffrey Garen. + + * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last + GC length so that the GC Activity Callback can use it. + (JSC::Heap::Heap): + (JSC::Heap::collect): + * heap/Heap.h: + (JSC::Heap::lastGCLength): + (Heap): + * runtime/GCActivityCallbackCF.cpp: + (JSC): + (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last + GC to determine the length of our timer trigger (currently set at 100x the duration + of the last GC). + +2012-03-06 Rob Buis <rbuis@rim.com> + + BlackBerry] Fix cast-align gcc warnings when compiling JSC + https://bugs.webkit.org/show_bug.cgi?id=80420 + + Reviewed by Gavin Barraclough. + + Fix warnings given in Blackberry build. + + * heap/CopiedBlock.h: + (JSC::CopiedBlock::CopiedBlock): + * wtf/RefCountedArray.h: + (WTF::RefCountedArray::Header::fromPayload): + +2012-03-06 Gavin Barraclough <barraclough@apple.com> + + writable/configurable not respected for some properties of Function/String/Arguments + https://bugs.webkit.org/show_bug.cgi?id=80436 + + Reviewed by Oliver Hunt. + + Special properties should behave like regular properties. + + * runtime/Arguments.cpp: + (JSC::Arguments::defineOwnProperty): + - Mis-nested logic for making read-only properties non-live. + * runtime/JSFunction.cpp: + (JSC::JSFunction::put): + - arguments/length/caller are non-writable, non-configurable - reject appropriately. + (JSC::JSFunction::deleteProperty): + - Attempting to delete prototype/caller should fail. + (JSC::JSFunction::defineOwnProperty): + - Ensure prototype is reified on attempt to reify it. + - arguments/length/caller are non-writable, non-configurable - reject appropriately. + * runtime/JSFunction.h: + - added declaration for defineOwnProperty. + (JSFunction): + * runtime/StringObject.cpp: + (JSC::StringObject::put): + - length is non-writable, non-configurable - reject appropriately. + +2012-03-06 Ulan Degenbaev <ulan@chromium.org> + + TypedArray subarray call for subarray does not clamp the end index parameter properly + https://bugs.webkit.org/show_bug.cgi?id=80285 + + Reviewed by Kenneth Russell. + + * wtf/ArrayBufferView.h: + (WTF::ArrayBufferView::calculateOffsetAndLength): + +2012-03-06 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r109837. + http://trac.webkit.org/changeset/109837 + https://bugs.webkit.org/show_bug.cgi?id=80399 + + breaks Mac Productions builds, too late to try and fix it + tonight (Requested by eseidel on #webkit). + + * API/tests/JSNode.c: + * API/tests/JSNodeList.c: + * Configurations/Base.xcconfig: + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/MacroAssemblerCodeRef.h: + * bytecompiler/BytecodeGenerator.h: + * dfg/DFGOperations.cpp: + * heap/GCAssertions.h: + * heap/HandleHeap.h: + * heap/HandleStack.h: + * heap/MarkedSpace.h: + * heap/PassWeak.h: + * heap/Strong.h: + * heap/Weak.h: + * jit/HostCallReturnValue.cpp: + * jit/JIT.cpp: + * jit/JITStubs.cpp: + * jit/ThunkGenerators.cpp: + * parser/Lexer.cpp: + * runtime/Completion.cpp: + * runtime/Executable.cpp: + * runtime/Identifier.h: + * runtime/InitializeThreading.cpp: + * runtime/JSDateMath.cpp: + * runtime/JSGlobalObjectFunctions.cpp: + * runtime/JSStringBuilder.h: + * runtime/JSVariableObject.h: + * runtime/NumberPrototype.cpp: + * runtime/WriteBarrier.h: + * tools/CodeProfile.cpp: + * tools/TieredMMapArray.h: + * yarr/YarrJIT.cpp: + +2012-03-06 Zoltan Herczeg <zherczeg@webkit.org> + + [Qt][ARM] Speculative buildfix after r109834. + + Reviewed by Csaba Osztrogonác. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::and32): + (MacroAssemblerARM): + +2012-03-05 Gavin Barraclough <barraclough@apple.com> + + Unreviewed windows build fix pt 2. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-05 Gavin Barraclough <barraclough@apple.com> + + Unreviewed windows build fix pt 1. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-03-05 Gavin Barraclough <barraclough@apple.com> + + putByIndex should throw in strict mode + https://bugs.webkit.org/show_bug.cgi?id=80335 + + Reviewed by Filip Pizlo. + + Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter. + + This is a largely mechanical change, simply adding an extra parameter to a number + of functions. Some call sites need perform additional exception checks, and + operationPutByValBeyondArrayBounds needs to know whether it is strict or not. + + This patch doesn't fix a missing throw from some cases of shift/unshift (this is + an existing bug), I'll follow up with a third patch to handle that. + + * API/JSObjectRef.cpp: + (JSObjectSetPropertyAtIndex): + * JSCTypedArrayStubs.h: + (JSC): + * dfg/DFGOperations.cpp: + (JSC::DFG::putByVal): + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jsc.cpp: + (GlobalObject::finishCreation): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * runtime/Arguments.cpp: + (JSC::Arguments::putByIndex): + * runtime/Arguments.h: + (Arguments): + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + * runtime/ClassInfo.h: + (MethodTable): + * runtime/JSArray.cpp: + (JSC::SparseArrayValueMap::put): + (JSC::JSArray::put): + (JSC::JSArray::putByIndex): + (JSC::JSArray::putByIndexBeyondVectorLength): + (JSC::JSArray::push): + (JSC::JSArray::shiftCount): + (JSC::JSArray::unshiftCount): + * runtime/JSArray.h: + (SparseArrayValueMap): + (JSArray): + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::putByIndex): + * runtime/JSByteArray.h: + (JSByteArray): + * runtime/JSCell.cpp: + (JSC::JSCell::putByIndex): + * runtime/JSCell.h: + (JSCell): + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::putByIndex): + * runtime/JSNotAnObject.h: + (JSNotAnObject): + * runtime/JSONObject.cpp: + (JSC::Walker::walk): + * runtime/JSObject.cpp: + (JSC::JSObject::putByIndex): + * runtime/JSObject.h: + (JSC::JSValue::putByIndex): + * runtime/RegExpConstructor.cpp: + (JSC::RegExpMatchesArray::fillArrayInstance): + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::putByIndex): + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncSplit): + +2012-03-05 Yuqiang Xian <yuqiang.xian@intel.com> + + PredictNone is incorrectly treated as isDoublePrediction + https://bugs.webkit.org/show_bug.cgi?id=80365 + + Reviewed by Filip Pizlo. + + Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction. + + * bytecode/PredictedType.h: + (JSC::isFixedIndexedStorageObjectPrediction): + (JSC::isDoublePrediction): + +2012-03-05 Filip Pizlo <fpizlo@apple.com> + + The LLInt should work even when the JIT is disabled + https://bugs.webkit.org/show_bug.cgi?id=80340 + <rdar://problem/10922235> + + Reviewed by Gavin Barraclough. + + * assembler/MacroAssemblerCodeRef.h: + (JSC::MacroAssemblerCodePtr::createLLIntCodePtr): + (MacroAssemblerCodeRef): + (JSC::MacroAssemblerCodeRef::createLLIntCodeRef): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::initialize): + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + * jit/JIT.h: + (JSC::JIT::compileCTINativeCall): + * jit/JITStubs.h: + (JSC::JITThunks::ctiNativeCall): + (JSC::JITThunks::ctiNativeConstruct): + * llint/LLIntEntrypoints.cpp: + (JSC::LLInt::getFunctionEntrypoint): + (JSC::LLInt::getEvalEntrypoint): + (JSC::LLInt::getProgramEntrypoint): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (LLInt): + * llint/LLIntSlowPaths.h: + (LLInt): + * llint/LowLevelInterpreter.h: + * llint/LowLevelInterpreter32_64.asm: + * runtime/Executable.h: + (NativeExecutable): + (JSC::NativeExecutable::create): + (JSC::NativeExecutable::finishCreation): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSGlobalData): + * runtime/Options.cpp: + (Options): + (JSC::Options::parse): + (JSC::Options::initializeOptions): + * runtime/Options.h: + (Options): + * wtf/Platform.h: + +2012-03-05 Yuqiang Xian <yuqiang.xian@intel.com> + + Checks for dead variables are not sufficient when fixing the expected + values in DFG OSR entry + https://bugs.webkit.org/show_bug.cgi?id=80371 + + Reviewed by Filip Pizlo. + + A dead variable should be identified when there's no node referencing it. + But we currently failed to catch the case where there are some nodes + referencing a variable but those nodes are actually not referenced by + others so will be ignored in code generation. In such case we should + also consider that variable to be a dead variable in the block and fix + the expected values. + This is performance neutral on SunSpider, V8 and Kraken. + + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::noticeOSREntry): + +2012-03-05 Oliver Hunt <oliver@apple.com> + + Fix Qt build. + + * assembler/AbstractMacroAssembler.h: + * assembler/MacroAssembler.h: + (MacroAssembler): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileArithSub): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emitSub32Constant): + +2012-03-05 Eric Seidel <eric@webkit.org> + + Update JavaScriptCore files to use fully-qualified WTF include paths + https://bugs.webkit.org/show_bug.cgi?id=79960 + + Reviewed by Adam Barth. + + This change does 5 small/related things: + 1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include + (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj + was not installing headers there.) + 2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their + header search path, as that's where the WTF headers will be installed. + 3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/* + in addition to the current behavior of flattening all headers to PrivateHeaders/*.h. + 4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h" + since soon the WTF headers will not be part of the JavaScriptCore Xcode project. + 5. Makes build-webkit build the WTF XCode project by default. + + * API/tests/JSNode.c: + * API/tests/JSNodeList.c: + * Configurations/Base.xcconfig: + * assembler/MacroAssemblerCodeRef.h: + * bytecompiler/BytecodeGenerator.h: + * dfg/DFGOperations.cpp: + * heap/GCAssertions.h: + * heap/HandleHeap.h: + * heap/HandleStack.h: + * heap/MarkedSpace.h: + * heap/PassWeak.h: + * heap/Strong.h: + * heap/Weak.h: + * jit/HostCallReturnValue.cpp: + * jit/JIT.cpp: + * jit/JITStubs.cpp: + * jit/ThunkGenerators.cpp: + * parser/Lexer.cpp: + * runtime/Completion.cpp: + * runtime/Executable.cpp: + * runtime/Identifier.h: + * runtime/InitializeThreading.cpp: + * runtime/JSDateMath.cpp: + * runtime/JSGlobalObjectFunctions.cpp: + * runtime/JSStringBuilder.h: + * runtime/JSVariableObject.h: + * runtime/NumberPrototype.cpp: + * runtime/WriteBarrier.h: + * tools/CodeProfile.cpp: + * tools/TieredMMapArray.h: + * yarr/YarrJIT.cpp: + +2012-03-05 Oliver Hunt <oliver@apple.com> + + Add basic support for constant blinding to the JIT + https://bugs.webkit.org/show_bug.cgi?id=80354 + + Reviewed by Filip Pizlo. + + This patch adds basic constant blinding support to the JIT, at the + MacroAssembler level. This means all JITs in JSC (Yarr, baseline, and DFG) + get constant blinding. Woo! + + This patch only introduces blinding for Imm32, a later patch will do similar + for ImmPtr. In order to make misuse of Imm32 as a trusted type essentially + impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit + accessor that's needed to access the actual value. This also means you cannot + accidentally pass an untrusted value to a function that does not perform + blinding. + + To make everything work sensibly, this patch also corrects some code that was using + Imm32 when TrustedImm32 could be used, and refactors a few callers that use + untrusted immediates, so that they call slightly different varaints of the functions + that they used previously. This is largely necessary to deal with x86-32 not having + sufficient registers to handle the additional work required when we choose to blind + a constant. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32): + (Imm32): + (JSC::AbstractMacroAssembler::beginUninterruptedSequence): + (JSC::AbstractMacroAssembler::endUninterruptedSequence): + (JSC::AbstractMacroAssembler::AbstractMacroAssembler): + (AbstractMacroAssembler): + (JSC::AbstractMacroAssembler::inUninterruptedSequence): + (JSC::AbstractMacroAssembler::random): + (JSC::AbstractMacroAssembler::scratchRegisterForBlinding): + (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch): + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::addressForPoke): + (MacroAssembler): + (JSC::MacroAssembler::poke): + (JSC::MacroAssembler::branchPtr): + (JSC::MacroAssembler::branch32): + (JSC::MacroAssembler::convertInt32ToDouble): + (JSC::MacroAssembler::shouldBlind): + (JSC::MacroAssembler::BlindedImm32::BlindedImm32): + (BlindedImm32): + (JSC::MacroAssembler::keyForConstant): + (JSC::MacroAssembler::xorBlindConstant): + (JSC::MacroAssembler::additionBlindedConstant): + (JSC::MacroAssembler::andBlindedConstant): + (JSC::MacroAssembler::orBlindedConstant): + (JSC::MacroAssembler::loadXorBlindedConstant): + (JSC::MacroAssembler::add32): + (JSC::MacroAssembler::addPtr): + (JSC::MacroAssembler::and32): + (JSC::MacroAssembler::andPtr): + (JSC::MacroAssembler::move): + (JSC::MacroAssembler::or32): + (JSC::MacroAssembler::store32): + (JSC::MacroAssembler::sub32): + (JSC::MacroAssembler::subPtr): + (JSC::MacroAssembler::xor32): + (JSC::MacroAssembler::branchAdd32): + (JSC::MacroAssembler::branchMul32): + (JSC::MacroAssembler::branchSub32): + (JSC::MacroAssembler::trustedImm32ForShift): + (JSC::MacroAssembler::lshift32): + (JSC::MacroAssembler::rshift32): + (JSC::MacroAssembler::urshift32): + * assembler/MacroAssemblerARMv7.h: + (MacroAssemblerARMv7): + (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding): + (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::branchSubPtr): + (MacroAssemblerX86_64): + (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::linkOSRExits): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::compileArithSub): + (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileDoubleCompare): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compileDoubleCompare): + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + * jit/JITArithmetic.cpp: + (JSC::JIT::compileBinaryArithOp): + (JSC::JIT::emit_op_add): + (JSC::JIT::emit_op_mul): + (JSC::JIT::emit_op_div): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emitAdd32Constant): + (JSC::JIT::emitSub32Constant): + (JSC::JIT::emitBinaryDoubleOp): + (JSC::JIT::emitSlow_op_mul): + (JSC::JIT::emit_op_div): + * jit/JITCall.cpp: + (JSC::JIT::compileLoadVarargs): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileLoadVarargs): + * jit/JITInlineMethods.h: + (JSC::JIT::updateTopCallFrame): + (JSC::JIT::emitValueProfilingSite): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emitSlow_op_jfalse): + (JSC::JIT::emitSlow_op_jtrue): + * jit/JITStubCall.h: + (JITStubCall): + (JSC::JITStubCall::addArgument): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::backtrack): + +2012-03-05 Gavin Barraclough <barraclough@apple.com> + + putByIndex should throw in strict mode + https://bugs.webkit.org/show_bug.cgi?id=80335 + + Reviewed by Filip Pizlo. + + We'll need to pass an additional parameter. + + Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex() + to match the method in the MethodTable, make this take a parameter indicating + whether the put should throw. This fixes the cases where the base of the put + is a primitive. + + * dfg/DFGOperations.cpp: + (DFG): + (JSC::DFG::putByVal): + (JSC::DFG::operationPutByValInternal): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * runtime/JSObject.h: + (JSC::JSValue::putByIndex): + * runtime/JSValue.cpp: + (JSC): + * runtime/JSValue.h: + (JSValue): + +2012-03-05 Sam Weinig <sam@webkit.org> + + Add support for hosting layers in the window server in WebKit2 + <rdar://problem/10400246> + https://bugs.webkit.org/show_bug.cgi?id=80310 + + Reviewed by Anders Carlsson. + + * wtf/Platform.h: + Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER. + +2012-03-05 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, attempted build fix for !ENABLE(JIT) after r109705. + + * bytecode/ExecutionCounter.cpp: + (JSC::ExecutionCounter::applyMemoryUsageHeuristics): + * bytecode/ExecutionCounter.h: + +2012-03-05 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for !ENABLE(JIT) after r109705. + + * bytecode/ExecutionCounter.cpp: + * bytecode/ExecutionCounter.h: + +2012-03-05 Andy Wingo <wingo@igalia.com> + + Lexer: Specialize character predicates for LChar, UChar + https://bugs.webkit.org/show_bug.cgi?id=79677 + + Reviewed by Oliver Hunt. + + This patch specializes isIdentStart, isIdentPart, isWhiteSpace, + and isLineTerminator to perform a more limited number of checks if + the lexer is being instantiated to work on LChar sequences. This + is about a 1.5% win on the --parse-only suite, here. + + * parser/Lexer.cpp: + (JSC::isLatin1): New static helper, specialized for LChar and + UChar. + (JSC::typesOfLatin1Characters): Rename from + typesOfASCIICharacters, and expand to the range of the LChar + type. All uses of isASCII are changed to use isLatin1. Generated + using libunistring. + (JSC::isNonLatin1IdentStart): + (JSC::isIdentStart): + (JSC::isNonLatin1IdentPart): + (JSC::isIdentPart): + (JSC::Lexer::shiftLineTerminator): + (JSC::Lexer::parseIdentifier): + (JSC::Lexer::parseIdentifierSlowCase): + (JSC::Lexer::parseStringSlowCase): + (JSC::Lexer::parseMultilineComment): + (JSC::Lexer::lex): + (JSC::Lexer::scanRegExp): + (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around. + * parser/Lexer.h: + (JSC::Lexer::isWhiteSpace): + (JSC::Lexer::isLineTerminator): + * KeywordLookupGenerator.py: + (Trie.printAsC): Declare specialized isIdentPart static functions. + +2012-03-05 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Add missing header file. + +2012-03-05 Andy Wingo <wingo@igalia.com> + + WTF: Micro-optimize cleanup of empty vectors and hash tables + https://bugs.webkit.org/show_bug.cgi?id=79903 + + Reviewed by Michael Saboff and Geoffrey Garen. + + This patch speeds up cleanup of vectors and hash tables whose + backing store was never allocated. This is the case by default + for most vectors / hash tables that never had any entries added. + + The result for me is that calling checkSyntax 1000 times on + concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a + 2.4% speedup. + + * wtf/HashTable.h: + (WTF::HashTable::~HashTable): + (WTF::::clear): Don't deallocate the storage or frob member + variables if there is no backing storage. + * wtf/Vector.h: + (WTF::VectorBufferBase::deallocateBuffer): Likewise. + +2012-03-04 Filip Pizlo <fpizlo@apple.com> + + JIT heuristics should be hyperbolic + https://bugs.webkit.org/show_bug.cgi?id=80055 + <rdar://problem/10922260> + + Reviewed by Oliver Hunt. + + Added tracking of the amount of executable memory typically used for a bytecode + instruction. Modified the execution counter scheme to use this, and the amount + of free memory, to determine how long to wait before invoking the JIT. + + The result is that even if we bomb the VM with more code than can fit in our + executable memory pool, we still keep running and almost never run out of + executable memory - which ensures that if we have to JIT something critical, then + we'll likely have enough memory to do so. This also does not regress performance + on the three main benchmarks. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::predictedMachineCodeSize): + (JSC): + (JSC::CodeBlock::usesOpcode): + * bytecode/CodeBlock.h: + (CodeBlock): + (JSC::CodeBlock::checkIfJITThresholdReached): + (JSC::CodeBlock::dontJITAnytimeSoon): + (JSC::CodeBlock::jitAfterWarmUp): + (JSC::CodeBlock::jitSoon): + (JSC::CodeBlock::llintExecuteCounter): + (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): + (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): + (JSC::CodeBlock::addressOfJITExecuteCounter): + (JSC::CodeBlock::offsetOfJITExecuteCounter): + (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold): + (JSC::CodeBlock::offsetOfJITExecutionTotalCount): + (JSC::CodeBlock::jitExecuteCounter): + (JSC::CodeBlock::checkIfOptimizationThresholdReached): + (JSC::CodeBlock::optimizeNextInvocation): + (JSC::CodeBlock::dontOptimizeAnytimeSoon): + (JSC::CodeBlock::optimizeAfterWarmUp): + (JSC::CodeBlock::optimizeAfterLongWarmUp): + (JSC::CodeBlock::optimizeSoon): + * bytecode/ExecutionCounter.cpp: Added. + (JSC): + (JSC::ExecutionCounter::ExecutionCounter): + (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet): + (JSC::ExecutionCounter::setNewThreshold): + (JSC::ExecutionCounter::deferIndefinitely): + (JSC::ExecutionCounter::applyMemoryUsageHeuristics): + (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt): + (JSC::ExecutionCounter::hasCrossedThreshold): + (JSC::ExecutionCounter::setThreshold): + (JSC::ExecutionCounter::reset): + * bytecode/ExecutionCounter.h: Added. + (JSC): + (ExecutionCounter): + (JSC::ExecutionCounter::formattedTotalCount): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * jit/ExecutableAllocator.cpp: + (JSC::DemandExecutableAllocator::allocateNewSpace): + (JSC::ExecutableAllocator::underMemoryPressure): + (JSC): + (JSC::ExecutableAllocator::memoryPressureMultiplier): + * jit/ExecutableAllocator.h: + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::ExecutableAllocator::memoryPressureMultiplier): + (JSC): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::jitCompileAndSetHeuristics): + * llint/LowLevelInterpreter32_64.asm: + * runtime/JSGlobalData.h: + (JSGlobalData): + * runtime/Options.cpp: + (Options): + (JSC::Options::initializeOptions): + * runtime/Options.h: + (Options): + * wtf/SimpleStats.h: Added. + (WTF): + (SimpleStats): + (WTF::SimpleStats::SimpleStats): + (WTF::SimpleStats::add): + (WTF::SimpleStats::operator!): + (WTF::SimpleStats::count): + (WTF::SimpleStats::sum): + (WTF::SimpleStats::sumOfSquares): + (WTF::SimpleStats::mean): + (WTF::SimpleStats::variance): + (WTF::SimpleStats::standardDeviation): + +2012-03-04 Raphael Kubo da Costa <kubo@profusion.mobi> + + [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64 + https://bugs.webkit.org/show_bug.cgi?id=71507 + + Reviewed by Antonio Gomes. + + * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib". + +2012-03-04 David Kilzer <ddkilzer@apple.com> + + Fix build when the classic interpreter is enabled + + Reviewed by Gavin Barraclough. + + Fixes the following build error when running the "Generate + Derived Sources" build phase script: + + offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h. + ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception + from JavaScriptCore/offlineasm/asm.rb:131 + Command /bin/sh failed with exit code 1 + + Gavin's fix in r109674 avoided the #error statement in + JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it + caused the "Generate Derived Sources" build phase script to fail + when JavaScriptCore/offlineasm/asm.rb was run. The solution is + to detect when the classic interpreter is being built and simply + exit early from asm.rb in that case. + + * llint/LLIntOffsetsExtractor.cpp: + (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the + JIT is disabled. Note that offsets.rb doesn't care about the + return value here, but instead it cares about finding the magic + values in the binary. The magic values are no longer present + when the JIT is disabled. + * offlineasm/asm.rb: Catch MissingMagicValuesException and exit + early with a status message. + * offlineasm/offsets.rb: + (MissingMagicValuesException): Add new exception class. + (offsetsAndConfigurationIndex): Throw + MissingMagicValuesException when no magic values are found. + +2012-03-04 Jurij Smakov <jurij@wooyd.org> + + SPARC also needs aligned accesses. + + Rubber-stamped by Gustavo Noronha Silva. + + * wtf/Platform.h: + +2012-03-04 Gavin Barraclough <barraclough@apple.com> + + Unreviewed build fix. + + * jit/JITStubs.h: + - Move ENABLE(JIT) to head of file. + +2012-03-03 Gavin Barraclough <barraclough@apple.com> + + Split JSArray's [[Put]] & [[DefineOwnProperty]] traps. + https://bugs.webkit.org/show_bug.cgi?id=80217 + + Reviewed by Filip Pizlo. + + putByIndex() provides similar behavior to put(), but for indexed property names. + Many places in ArrayPrototype call putByIndex() where they really mean to call + [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be + calling numeric accessors (& respecting numeric read only properties) on the + prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's + putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncConcat): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + * runtime/JSArray.cpp: + (JSC): + (JSC::reject): + (JSC::SparseArrayValueMap::putDirect): + (JSC::JSArray::defineOwnNumericProperty): + (JSC::JSArray::putByIndexBeyondVectorLength): + (JSC::JSArray::putDirectIndexBeyondVectorLength): + * runtime/JSArray.h: + (SparseArrayValueMap): + (JSArray): + (JSC::JSArray::putDirectIndex): + +2012-03-03 Benjamin Poulain <benjamin@webkit.org> + + Implement the basis of KURLWTFURL + https://bugs.webkit.org/show_bug.cgi?id=79600 + + Reviewed by Adam Barth. + + Add an API to know if a ParsedURL is valid. + + * wtf/url/api/ParsedURL.cpp: + (WTF::ParsedURL::ParsedURL): + (WTF): + (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread + and by KURL's detach() on write. + (WTF::ParsedURL::baseAsString): + (WTF::ParsedURL::segment): + Add a stronger constraint on accessors: the client of this API should never ask for the segments + on an invalid URL. + * wtf/url/api/ParsedURL.h: + (WTF): + (WTF::ParsedURL::ParsedURL): + (ParsedURL): + (WTF::ParsedURL::isValid): + +2012-03-03 Hans Wennborg <hans@chromium.org> + + Implement Speech JavaScript API + https://bugs.webkit.org/show_bug.cgi?id=80019 + + Reviewed by Adam Barth. + + Add ENABLE_SCRIPTED_SPEECH. + + * Configurations/FeatureDefines.xcconfig: + +2012-03-02 Filip Pizlo <fpizlo@apple.com> + + When getting the line number of a call into a call frame with no code block, it's + incorrect to rely on the returnPC + https://bugs.webkit.org/show_bug.cgi?id=80195 + + Reviewed by Oliver Hunt. + + * interpreter/Interpreter.cpp: + (JSC::getCallerInfo): + * jit/JITCall.cpp: + (JSC::JIT::compileLoadVarargs): + +2012-03-02 Han Hojong <hojong.han@samsung.com> + + Expected results updated for checking type conversion + https://bugs.webkit.org/show_bug.cgi?id=80138 + + Reviewed by Gavin Barraclough. + + * tests/mozilla/ecma/TypeConversion/9.3.1-3.js: + +2012-03-02 Kenichi Ishibashi <bashi@chromium.org> + + Adding WebSocket per-frame DEFLATE extension + https://bugs.webkit.org/show_bug.cgi?id=77522 + + Added USE(ZLIB) flag. + + Reviewed by Kent Tamura. + + * wtf/Platform.h: + +2012-03-02 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + +2012-03-01 Filip Pizlo <fpizlo@apple.com> + + DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by + virtue of being in the transitive closure + https://bugs.webkit.org/show_bug.cgi?id=80098 + + Reviewed by Anders Carlsson. + + If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable, + then you might have the visitAggregate() method called concurrently by multiple threads. + This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be + racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash + due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction(). + + It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are + not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace + any CodeBlock that it knows to be live by virtue of it being reachable from the stack. + Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate() + don't lead to two threads racing over each other as they clobber state. This patch + achieves this with a simple CAS loop: whichever thread wins the CAS race (which is + trivially linearizable) will get to trace the CodeBlock; all other threads give up and + go home. + + Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10 + times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it + even when it's gotten sufficient counts. But that takes a while - sometimes up to a + minute to get a crash. I have no other reliable repro case. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeBlock.h: + (DFGData): + * heap/DFGCodeBlocks.cpp: + (JSC::DFGCodeBlocks::clearMarks): + +2012-03-01 Filip Pizlo <fpizlo@apple.com> + + The JIT should not crash the entire process just because there is not enough executable + memory, if the LLInt is enabled + https://bugs.webkit.org/show_bug.cgi?id=79962 + + Reviewed by Csaba Osztrogonác. + + Fix for ARM, SH4. + + * assembler/AssemblerBufferWithConstantPool.h: + (JSC::AssemblerBufferWithConstantPool::executableCopy): + +2012-03-01 Ryosuke Niwa <rniwa@webkit.org> + + Revert my change. Broke builds. + Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)' + Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i + + * wtf/Atomics.h: + (WTF): + (WTF::weakCompareAndSwap): + +2012-03-01 Ryosuke Niwa <rniwa@webkit.org> + + Gcc build fix. + + Rubber-stamped by Filip Pizlo. + + * wtf/Atomics.h: + (WTF): + (WTF::weakCompareAndSwap): + +2012-03-01 Gavin Barraclough <barraclough@apple.com> + + ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller + https://bugs.webkit.org/show_bug.cgi?id=80011 + + Reviewed by Oliver Hunt. + + Also, fix getting the caller from within a bound function, for within a getter, + or setter (make our implementation match other browsers). + + * interpreter/Interpreter.cpp: + (JSC::getCallerInfo): + - Allow this to get the caller of host functions. + (JSC::Interpreter::retrieveCallerFromVMCode): + - This should use getCallerInfo, and should skip over function bindings. + * runtime/JSFunction.cpp: + (JSC::JSFunction::callerGetter): + - This should never return a strict-mode function. + +2012-03-01 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG local CSE for a node can be terminated earlier + https://bugs.webkit.org/show_bug.cgi?id=80014 + + Reviewed by Filip Pizlo. + + When one of the node's childredn is met in the process of back traversing + the nodes, we don't need to traverse the remaining nodes. + This is performance neutral on SunSpider, V8 and Kraken. + + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::pureCSE): + (JSC::DFG::CSEPhase::impureCSE): + (JSC::DFG::CSEPhase::getByValLoadElimination): + (JSC::DFG::CSEPhase::checkFunctionElimination): + (JSC::DFG::CSEPhase::checkStructureLoadElimination): + (JSC::DFG::CSEPhase::getByOffsetLoadElimination): + (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): + +2012-02-29 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG BasicBlocks should not require that their nodes have continuous indices in the graph + https://bugs.webkit.org/show_bug.cgi?id=79899 + + Reviewed by Filip Pizlo. + + This will make it more convenient to insert nodes into the DFG. + With this capability we now place the Phi nodes in the corresponding + blocks. + Local CSE is modified to not to rely on the assumption of continuous + node indices in a block. + This is performance neutral on SunSpider, V8 and Kraken. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::AbstractState): + (JSC::DFG::AbstractState::beginBasicBlock): + (JSC::DFG::AbstractState::execute): + (JSC::DFG::AbstractState::clobberStructures): + (JSC::DFG::AbstractState::mergeToSuccessors): + (JSC::DFG::AbstractState::dump): + * dfg/DFGAbstractState.h: + (JSC::DFG::AbstractState::forNode): + (AbstractState): + * dfg/DFGArithNodeFlagsInferencePhase.cpp: + (ArithNodeFlagsInferencePhase): + * dfg/DFGBasicBlock.h: + (JSC::DFG::BasicBlock::BasicBlock): + (BasicBlock): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addToGraph): + (ByteCodeParser): + (JSC::DFG::ByteCodeParser::insertPhiNode): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::linkBlock): + (JSC::DFG::ByteCodeParser::determineReachability): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + * dfg/DFGCFAPhase.cpp: + (JSC::DFG::CFAPhase::performBlockCFA): + (CFAPhase): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::CSEPhase): + (JSC::DFG::CSEPhase::endIndexForPureCSE): + (JSC::DFG::CSEPhase::pureCSE): + (JSC::DFG::CSEPhase::impureCSE): + (JSC::DFG::CSEPhase::globalVarLoadElimination): + (JSC::DFG::CSEPhase::getByValLoadElimination): + (JSC::DFG::CSEPhase::checkFunctionElimination): + (JSC::DFG::CSEPhase::checkStructureLoadElimination): + (JSC::DFG::CSEPhase::getByOffsetLoadElimination): + (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getScopeChainLoadElimination): + (JSC::DFG::CSEPhase::performNodeCSE): + (JSC::DFG::CSEPhase::performBlockCSE): + (CSEPhase): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGPhase.cpp: + (JSC::DFG::Phase::beginPhase): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare): + (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): + (JSC::DFG::SpeculativeJIT::compileStrictEq): + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): + * dfg/DFGVirtualRegisterAllocationPhase.cpp: + (JSC::DFG::VirtualRegisterAllocationPhase::run): + +2012-02-29 Filip Pizlo <fpizlo@apple.com> + + The JIT should not crash the entire process just because there is not + enough executable memory, if the LLInt is enabled + https://bugs.webkit.org/show_bug.cgi?id=79962 + <rdar://problem/10922215> + + Unreviewed, adding forgotten file. + + * jit/JITCompilationEffort.h: Added. + (JSC): + +2012-02-29 Filip Pizlo <fpizlo@apple.com> + + The JIT should not crash the entire process just because there is not + enough executable memory, if the LLInt is enabled + https://bugs.webkit.org/show_bug.cgi?id=79962 + <rdar://problem/10922215> + + Reviewed by Gavin Barraclough. + + Added the notion of JITCompilationEffort. If we're JIT'ing as a result of + a tier-up, then we set it to JITCompilationCanFail. Otherwise it's + JITCompilationMustSucceed. This preserves the old behavior of LLInt is + disabled or if we're compiling something that can't be interpreted (like + an OSR exit stub). + + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::executableCopy): + * assembler/ARMAssembler.h: + (ARMAssembler): + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::executableCopy): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::LinkBuffer): + (JSC::LinkBuffer::~LinkBuffer): + (LinkBuffer): + (JSC::LinkBuffer::didFailToAllocate): + (JSC::LinkBuffer::isValid): + (JSC::LinkBuffer::linkCode): + (JSC::LinkBuffer::performFinalization): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::executableCopy): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::executableCopy): + * assembler/X86Assembler.h: + (JSC::X86Assembler::executableCopy): + (JSC::X86Assembler::X86InstructionFormatter::executableCopy): + * bytecode/CodeBlock.cpp: + (JSC::ProgramCodeBlock::jitCompileImpl): + (JSC::EvalCodeBlock::jitCompileImpl): + (JSC::FunctionCodeBlock::jitCompileImpl): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::jitCompile): + (CodeBlock): + (ProgramCodeBlock): + (EvalCodeBlock): + (FunctionCodeBlock): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (JITCompiler): + * jit/ExecutableAllocator.cpp: + (JSC::DemandExecutableAllocator::allocateNewSpace): + (JSC::ExecutableAllocator::allocate): + * jit/ExecutableAllocator.h: + (ExecutableAllocator): + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::ExecutableAllocator::allocate): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JIT.h: + (JSC::JIT::compile): + (JIT): + * jit/JITCompilationEffort.h: Added. + (JSC): + * jit/JITDriver.h: + (JSC::jitCompileIfAppropriate): + (JSC::jitCompileFunctionIfAppropriate): + * llint/LLIntSlowPaths.cpp: + (LLInt): + (JSC::LLInt::jitCompileAndSetHeuristics): + (JSC::LLInt::entryOSR): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * runtime/Executable.cpp: + (JSC::EvalExecutable::jitCompile): + (JSC::ProgramExecutable::jitCompile): + (JSC::FunctionExecutable::jitCompileForCall): + (JSC::FunctionExecutable::jitCompileForConstruct): + * runtime/Executable.h: + (EvalExecutable): + (ProgramExecutable): + (FunctionExecutable): + (JSC::FunctionExecutable::jitCompileFor): + * runtime/ExecutionHarness.h: + (JSC::prepareForExecution): + (JSC::prepareFunctionForExecution): + +2012-02-29 No'am Rosenthal <noam.rosenthal@nokia.com> + + [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy] + https://bugs.webkit.org/show_bug.cgi?id=79501 + + Enable WTF_USE_UI_SIDE_COMPOSITING for Qt. + + Reviewed by Kenneth Rohde Christiansen. + + * wtf/Platform.h: + +2012-02-29 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by Oliver Hunt. + + * tests/mozilla/ecma_2/RegExp/constructor-001.js: + * tests/mozilla/ecma_2/RegExp/function-001.js: + * tests/mozilla/ecma_2/RegExp/properties-001.js: + - Check in new test cases results. + +2012-02-29 Mark Rowe <mrowe@apple.com> + + Stop installing JSCLLIntOffsetsExtractor. + + Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file + that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor. + This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor. + + While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value + for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is + to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That + allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too! + + Reviewed by Filip Pizlo. + + * Configurations/TestRegExp.xcconfig: Removed. + * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig. + * JavaScriptCore.xcodeproj/project.pbxproj: + +2012-02-28 Filip Pizlo <fpizlo@apple.com> + + RefCounted::deprecatedTurnOffVerifier() should not be deprecated + https://bugs.webkit.org/show_bug.cgi?id=79864 + + Reviewed by Oliver Hunt. + + Removed the word "deprecated" from the name of this method, since this method + should not be deprecated. It works just fine as it is, and there is simply no + alternative to calling this method for many interesting JSC classes. + + * parser/SourceProvider.h: + (JSC::SourceProvider::SourceProvider): + * runtime/SymbolTable.h: + (JSC::SharedSymbolTable::SharedSymbolTable): + * wtf/MetaAllocator.cpp: + (WTF::MetaAllocatorHandle::MetaAllocatorHandle): + (WTF::MetaAllocator::allocate): + * wtf/RefCounted.h: + (RefCountedBase): + (WTF::RefCountedBase::turnOffVerifier): + +2012-02-29 Gavin Barraclough <barraclough@apple.com> + + 'source' property of RegExp instance cannot be "" + https://bugs.webkit.org/show_bug.cgi?id=79938 + + Reviewed by Oliver Hunt. + + 15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/', + and also states that the result must be a valid RegularExpressionLiteral. '//' is + not a valid RegularExpressionLiteral (since it is a single line comment), and hence + source cannot ever validly be "". If the source is empty, return a different Pattern + that would match the same thing. + + * runtime/RegExpObject.cpp: + (JSC::regExpObjectSource): + - Do not return "" if the source is empty, this would lead to invalid behaviour in toString. + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncToString): + - No need to special case the empty string - this should be being done by 'source'. + +2012-02-29 Gavin Barraclough <barraclough@apple.com> + + Writable attribute not set correctly when redefining an accessor to a data descriptor + https://bugs.webkit.org/show_bug.cgi?id=79931 + + Reviewed by Oliver Hunt. + + * runtime/JSObject.cpp: + (JSC::JSObject::defineOwnProperty): + - use attributesOverridingCurrent instead of attributesWithOverride. + * runtime/PropertyDescriptor.cpp: + * runtime/PropertyDescriptor.h: + - remove attributesWithOverride - attributesOverridingCurrent does the same thing. + +2012-02-29 Kevin Ollivier <kevino@theolliviers.com> + + Add JSCore symbol exports needed by wx port + https://bugs.webkit.org/show_bug.cgi?id=77280 + + Reviewed by Hajime Morita. + + * wtf/ArrayBufferView.h: + * wtf/ExportMacros.h: + +2012-02-28 Raphael Kubo da Costa <kubo@profusion.mobi> + + [CMake] Always build wtf as a static library. + https://bugs.webkit.org/show_bug.cgi?id=79857 + + Reviewed by Eric Seidel. + + To help the efforts in bug 75673 to move WTF out of + JavaScriptCore, act more like the other ports and remove the + possibility of building WTF as a shared library. + + It does not make much sense to, for example, ship WTF as a + separate .so with webkit-efl packages, and it should be small + enough not to cause problems during linking. + + * wtf/CMakeLists.txt: + +2012-02-28 Dmitry Lomov <dslomov@google.com> + + [JSC] Implement ArrayBuffer transfer + https://bugs.webkit.org/show_bug.cgi?id=73493. + Implement ArrayBuffer transfer, per Khronos spec: http://www.khronos.org/registry/typedarray/specs/latest/#9. + This brings parity with V8 implementation of transferable typed arrays. + + Reviewed by Oliver Hunt. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export. + * wtf/ArrayBuffer.h: + (ArrayBuffer): Added extra export. + +2012-02-28 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed. Build fix after recent LLInt additions. + + * wscript: + +2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com> + + Refactor SpeculativeJIT::emitAllocateJSFinalObject + https://bugs.webkit.org/show_bug.cgi?id=79801 + + Reviewed by Filip Pizlo. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this + function, which is more generic in that it can allocate a variety of classes. + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function. + +2012-02-28 Gavin Barraclough <barraclough@apple.com> + + [[Get]]/[[Put]] for primitives should not wrap on strict accessor call + https://bugs.webkit.org/show_bug.cgi?id=79588 + + Reviewed by Oliver Hunt. + + In the case of [[Get]], this is a pretty trivial bug - just don't wrap + primitives at the point you call a getter. + + For setters, this is a little more involved, since we have already wrapped + the value up in a synthesized object. Stop doing so. There is also a further + subtely, that in strict mode all attempts to create a new data property on + the object should throw. + + * runtime/JSCell.cpp: + (JSC::JSCell::put): + - [[Put]] to a string primitive should use JSValue::putToPrimitive. + * runtime/JSObject.cpp: + (JSC::JSObject::put): + - Remove static function called in one place. + * runtime/JSObject.h: + (JSC::JSValue::put): + - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive. + * runtime/JSValue.cpp: + (JSC::JSValue::synthesizePrototype): + - Add support for synthesizing the prototype of strings. + (JSC::JSValue::putToPrimitive): + - Added, implements [[Put]] for primitive bases, per 8.7.2. + * runtime/JSValue.h: + (JSValue): + - Add declaration for JSValue::putToPrimitive. + * runtime/PropertySlot.cpp: + (JSC::PropertySlot::functionGetter): + - Don't call ToObject on primitive this values. + +2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com> + + Re-enable parallel GC on Mac + https://bugs.webkit.org/show_bug.cgi?id=79837 + + Rubber stamped by Filip Pizlo. + + * runtime/Options.cpp: + (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line, + so we removed it and things should go back to normal. + +2012-02-28 Filip Pizlo <fpizlo@apple.com> + + Some run-javascriptcore-tests broken for 32-bit debug + https://bugs.webkit.org/show_bug.cgi?id=79844 + + Rubber stamped by Oliver Hunt. + + These assertions are just plain wrong for 32-bit. We could either have a massive + assertion that depends on value representation, that has to be changed every + time we change the JITs, resulting in a bug tail of debug-mode crashes, or we + could get rid of the assertions. I pick the latter. + + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + +2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com> + + Get rid of padding cruft in CopiedBlock + https://bugs.webkit.org/show_bug.cgi?id=79686 + + Reviewed by Filip Pizlo. + + * heap/CopiedBlock.h: + (CopiedBlock): Removed the extra padding that was used for alignment purposes until + the calculation of the payload offset into CopiedBlocks was redone recently. + +2012-02-28 Anders Carlsson <andersca@apple.com> + + Fix build with newer versions of clang. + + Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments, + but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common) + takes a string literal. + + * wtf/Assertions.cpp: + +2012-02-28 Mario Sanchez Prada <msanchez@igalia.com> + + [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr + https://bugs.webkit.org/show_bug.cgi?id=79496 + + Reviewed by Martin Robinson. + + Handle GMainLoop and GMainContext in GRefPtr, by calling + g_main_loop_(un)ref and g_main_context_(un)ref in the + implementation of the refGPtr and derefGPtr template functions. + + * wtf/gobject/GRefPtr.cpp: + (WTF::refGPtr): + (WTF): + (WTF::derefGPtr): + * wtf/gobject/GRefPtr.h: + (WTF): + * wtf/gobject/GTypedefs.h: + +2012-02-28 Yong Li <yoli@rim.com> + + JSString::resolveRope() should report extra memory cost to the heap. + https://bugs.webkit.org/show_bug.cgi?id=79555 + + Reviewed by Michael Saboff. + + At the time a JSString is constructed with fibers, it doesn't report + extra memory cost, which is reasonable because it hasn't allocate + new memory. However when the rope is resolved, it should report meory + cost for the new buffer. + + * runtime/JSString.cpp: + (JSC::JSString::resolveRope): + +2012-02-27 Oliver Hunt <oliver@apple.com> + + sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter + https://bugs.webkit.org/show_bug.cgi?id=79728 + + Reviewed by Gavin Barraclough. + + When initialising a chained get instruction we may end up in a state where + the instruction stream says we have a scopechain, but it has not yet been set + (eg. if allocating the StructureChain itself is what leads to the GC). We could + re-order the allocation, but it occurs in a couple of places, so it seems less + fragile simply to null check the scopechain slot before we actually visit the slot. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitStructures): + +2012-02-27 Filip Pizlo <fpizlo@apple.com> + + Old JIT's style of JSVALUE64 strict equality is subtly wrong + https://bugs.webkit.org/show_bug.cgi?id=79700 + + Reviewed by Oliver Hunt. + + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::comparePtr): + (MacroAssemblerX86_64): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): + * jit/JITOpcodes.cpp: + (JSC::JIT::compileOpStrictEq): + (JSC::JIT::emitSlow_op_stricteq): + (JSC::JIT::emitSlow_op_nstricteq): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + +2012-02-27 Gavin Barraclough <barraclough@apple.com> + + Implement support for op_negate and op_bitnot in the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=79617 + + Reviewed by Filip Pizlo. + + Add an ArithNegate op to the DFG JIT, to implement op_negate. + + This patch also adds support for op_negate to the JSVALUE64 baseline JIT + (JSVALUE32_64 already had this), so that we can profile the slowpath usage. + + This is a 2.5%-3% Sunspider progression and a 1% win on Kraken. + + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::sub_S): + - Added sub_S from immediate. + (ARMv7Assembler): + (JSC::ARMv7Assembler::vneg): + - Added double negate. + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::negateDouble): + - Added double negate. + (MacroAssemblerARMv7): + (JSC::MacroAssemblerARMv7::branchNeg32): + - Added. + * assembler/MacroAssemblerX86.h: + (MacroAssemblerX86): + - moved loadDouble, absDouble to common. + * assembler/MacroAssemblerX86Common.h: + (MacroAssemblerX86Common): + (JSC::MacroAssemblerX86Common::absDouble): + - implementation can be shared. + (JSC::MacroAssemblerX86Common::negateDouble): + - Added. + (JSC::MacroAssemblerX86Common::loadDouble): + - allow absDouble to have a common implementation. + * assembler/MacroAssemblerX86_64.h: + (MacroAssemblerX86_64): + - moved loadDouble, absDouble to common. + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + - support ArithNegate. + * dfg/DFGArithNodeFlagsInferencePhase.cpp: + (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): + - support ArithNegate. + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeSafe): + - support ArithNegate. + (JSC::DFG::ByteCodeParser::parseBlock): + - support op_negate. + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::performNodeCSE): + - support ArithNegate. + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + - support op_negate. + * dfg/DFGGraph.h: + (JSC::DFG::Graph::negateShouldSpeculateInteger): + - support ArithNegate. + * dfg/DFGNode.h: + (JSC::DFG::Node::hasArithNodeFlags): + - support ArithNegate. + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + - support ArithNegate. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileArithNegate): + - support ArithNegate. + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + - support ArithNegate. + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - support ArithNegate. + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - support ArithNegate. + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + - Add support for op_negate in JSVALUE64. + * jit/JITArithmetic.cpp: + (JSC::JIT::emit_op_negate): + (JSC::JIT::emitSlow_op_negate): + - Add support for op_negate in JSVALUE64. + +2012-02-27 Mahesh Kulkarni <mahesh.kulkarni@nokia.com> + + Unreviewed. Build fix for linux-bot (qt) after r109021. + + * runtime/Error.cpp: + +2012-02-27 Oliver Hunt <oliver@apple.com> + + REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize + https://bugs.webkit.org/show_bug.cgi?id=79693 + + Reviewed by Filip Pizlo. + + Alas we can't provide the stack trace as an array, as despite everyone wanting + an array, everyone arbitrarily creates the array by calling split on the stack + trace. To create the array we would have provided them in the first place. + + This changes the exception's stack property to a \n separated string. To get the + old array just do <exception>.stack.split("\n"). + + * runtime/Error.cpp: + (JSC::addErrorInfo): + +2012-02-27 Gavin Barraclough <barraclough@apple.com> + + RegExp lastIndex should behave as a regular property + https://bugs.webkit.org/show_bug.cgi?id=79446 + + Reviewed by Sam Weinig. + + lastIndex should be a regular data descriptor, with the attributes configurable:false, + enumerable:false, writable:true. As such, it should be possible to reconfigure writable + as false. If the lastIndex property is reconfigured to be read-only, we should respect + this correctly. + + * runtime/CommonIdentifiers.h: + - Removed some unused identifiers, added lastIndex. + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::getOwnPropertySlot): + - lastIndex is no longer a static value, provided specific handling. + (JSC::RegExpObject::getOwnPropertyDescriptor): + - lastIndex is no longer a static value, provided specific handling. + (JSC::RegExpObject::deleteProperty): + - lastIndex is no longer a static value, provided specific handling. + (JSC::RegExpObject::getOwnPropertyNames): + - lastIndex is no longer a static value, provided specific handling. + (JSC::RegExpObject::getPropertyNames): + - lastIndex is no longer a static value, provided specific handling. + (JSC::reject): + - helper function for defineOwnProperty. + (JSC::RegExpObject::defineOwnProperty): + - lastIndex is no longer a static value, provided specific handling. + (JSC::RegExpObject::put): + - lastIndex is no longer a static value, provided specific handling. + (JSC::RegExpObject::match): + - Pass setLastIndex an ExecState, so it can throw if read-only. + * runtime/RegExpObject.h: + (JSC::RegExpObject::setLastIndex): + - Pass setLastIndex an ExecState, so it can throw if read-only. + (RegExpObjectData): + - Added lastIndexIsWritable. + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncCompile): + - Pass setLastIndex an ExecState, so it can throw if read-only. + +2012-02-27 Gavin Barraclough <barraclough@apple.com> + + Implement support for op_negate and op_bitnot in the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=79617 + + Reviewed by Sam Weinig. + + Remove op_bitnop - this is redundant, ~x === x^-1. + This is a fractional (<1%) progression. + + Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X). + Remove CanReuse from the result type - this was unused. + Remove op_bitnot. + + * assembler/MacroAssemblerARM.h: + (MacroAssemblerARM): + (JSC::MacroAssemblerARM::xor32): + * assembler/MacroAssemblerARMv7.h: + (MacroAssemblerARMv7): + (JSC::MacroAssemblerARMv7::xor32): + * assembler/MacroAssemblerMIPS.h: + (MacroAssemblerMIPS): + (JSC::MacroAssemblerMIPS::xor32): + * assembler/MacroAssemblerSH4.h: + (MacroAssemblerSH4): + (JSC::MacroAssemblerSH4::xor32): + * assembler/MacroAssemblerX86Common.h: + (MacroAssemblerX86Common): + (JSC::MacroAssemblerX86Common::xor32): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * bytecompiler/NodesCodegen.cpp: + (JSC): + (JSC::BitwiseNotNode::emitBytecode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + * jit/JIT.h: + (JIT): + * jit/JITArithmetic32_64.cpp: + (JSC): + * jit/JITOpcodes.cpp: + (JSC): + * jit/JITStubs.cpp: + (JSC): + * jit/JITStubs.h: + * llint/LLIntSlowPaths.cpp: + (LLInt): + * llint/LLIntSlowPaths.h: + (LLInt): + * llint/LowLevelInterpreter32_64.asm: + * parser/NodeConstructors.h: + (JSC::NegateNode::NegateNode): + (JSC::BitwiseNotNode::BitwiseNotNode): + (JSC::MultNode::MultNode): + (JSC::DivNode::DivNode): + (JSC::ModNode::ModNode): + (JSC::SubNode::SubNode): + (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode): + * parser/Nodes.h: + (BitwiseNotNode): + (JSC::BitwiseNotNode::expr): + (JSC): + * parser/ResultType.h: + (ResultType): + (JSC::ResultType::numberTypeIsInt32): + (JSC::ResultType::stringOrNumberType): + (JSC::ResultType::forAdd): + (JSC::ResultType::forBitOp): + +2012-02-27 Michael Saboff <msaboff@apple.com> + + Error check regexp min quantifier + https://bugs.webkit.org/show_bug.cgi?id=70648 + + Reviewed by Gavin Barraclough. + + Added checking for min or only quantifier being UINT_MAX. + When encountered this becomes a SyntaxError during parsing. + + * yarr/YarrParser.h: + (JSC::Yarr::Parser::parseQuantifier): + (JSC::Yarr::Parser::parse): + (Parser): + +2012-02-27 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Add missing files. + +2012-02-26 Hajime Morrita <morrita@chromium.org> + + Move ChromeClient::showContextMenu() to ContextMenuClient + https://bugs.webkit.org/show_bug.cgi?id=79427 + + Reviewed by Adam Barth. + + Added ACCESSIBILITY_CONTEXT_MENUS. + + * wtf/Platform.h: + +2012-02-26 Filip Pizlo <fpizlo@apple.com> + + LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG + https://bugs.webkit.org/show_bug.cgi?id=79616 + + Reviewed by Oliver Hunt. + + Guard against the fact that in JSVALUE64, JSValue().isCell() == true. + + * dfg/DFGAbstractValue.h: + (JSC::DFG::AbstractValue::validate): + +2012-02-26 Filip Pizlo <fpizlo@apple.com> + + DFG should support activations and nested functions + https://bugs.webkit.org/show_bug.cgi?id=79554 + + Reviewed by Sam Weinig. + + Fix 32-bit. The 32-bit function+activation code had some really weird + register reuse bugs. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-02-26 Filip Pizlo <fpizlo@apple.com> + + Getting the instruction stream for a code block should not require two loads + https://bugs.webkit.org/show_bug.cgi?id=79608 + + Reviewed by Sam Weinig. + + Introduced the RefCountedArray class, which contains a single inline pointer + to a ref-counted non-resizeable vector backing store. This satisfies the + requirements of CodeBlock, which desires the ability to share instruction + streams with other CodeBlocks. It also reduces the number of loads required + for getting the instruction stream by one. + + This patch also gets rid of the bytecode discarding logic, since we don't + use it anymore and it's unlikely to ever work right with DFG or LLInt. And + I didn't feel like porting dead code to use RefCountedArray. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::instructionOffsetForNth): + (JSC::CodeBlock::dump): + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::finalizeUnconditionally): + (JSC::CodeBlock::handlerForBytecodeOffset): + (JSC::CodeBlock::lineNumberForBytecodeOffset): + (JSC::CodeBlock::expressionRangeForBytecodeOffset): + (JSC::CodeBlock::shrinkToFit): + * bytecode/CodeBlock.h: + (CodeBlock): + (JSC::CodeBlock::numberOfInstructions): + (JSC::CodeBlock::instructions): + (JSC::CodeBlock::instructionCount): + (JSC::CodeBlock::valueProfileForBytecodeOffset): + (JSC): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::Label::setLocation): + (JSC): + (JSC::BytecodeGenerator::generate): + (JSC::BytecodeGenerator::newLabel): + * bytecompiler/BytecodeGenerator.h: + (JSC): + (BytecodeGenerator): + (JSC::BytecodeGenerator::instructions): + * bytecompiler/Label.h: + (JSC::Label::Label): + (Label): + * dfg/DFGByteCodeCache.h: + (JSC::DFG::ByteCodeCache::~ByteCodeCache): + (JSC::DFG::ByteCodeCache::get): + * jit/JITExceptions.cpp: + (JSC::genericThrow): + * llint/LowLevelInterpreter32_64.asm: + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::codeBlockWithBytecodeFor): + (JSC::FunctionExecutable::produceCodeBlockFor): + * wtf/RefCountedArray.h: Added. + (WTF): + (RefCountedArray): + (WTF::RefCountedArray::RefCountedArray): + (WTF::RefCountedArray::operator=): + (WTF::RefCountedArray::~RefCountedArray): + (WTF::RefCountedArray::size): + (WTF::RefCountedArray::data): + (WTF::RefCountedArray::begin): + (WTF::RefCountedArray::end): + (WTF::RefCountedArray::at): + (WTF::RefCountedArray::operator[]): + (Header): + (WTF::RefCountedArray::Header::size): + (WTF::RefCountedArray::Header::payload): + (WTF::RefCountedArray::Header::fromPayload): + * wtf/Platform.h: + +2012-02-26 Yusuke Suzuki <utatane.tea@gmail.com> + + StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name + https://bugs.webkit.org/show_bug.cgi?id=79571 + + Reviewed by Gavin Barraclough. + + * parser/ASTBuilder.h: + (JSC::ASTBuilder::createGetterOrSetterProperty): + * parser/Parser.cpp: + (JSC::::parseProperty): + * parser/SyntaxChecker.h: + (JSC::SyntaxChecker::createGetterOrSetterProperty): + +2012-02-26 Mark Hahnenberg <mhahnenberg@apple.com> + + Implement fast path for op_new_array in the baseline JIT + https://bugs.webkit.org/show_bug.cgi?id=78612 + + Reviewed by Filip Pizlo. + + heap/CopiedAllocator.h: + (CopiedAllocator): Friended the JIT to allow access to m_currentOffset. + * heap/CopiedSpace.h: + (CopiedSpace): Friended the JIT to allow access to isOversize. + (JSC::CopiedSpace::allocator): + * heap/Heap.h: + (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT + can use it for simple allocation i.e. when we can just bump the offset without having to + do anything else. + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when + we have to bail out because the fast allocation path fails for whatever reason. + * jit/JIT.h: + (JIT): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to + allocate generic backing stores. This function is used by emitAllocateJSArray. + (JSC): + (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to + more easily allocate JSArrays. This function is used by emit_op_new_array and I expect + it will also be used for emit_op_new_array_buffer. + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does + a stub call for oversize arrays. + (JSC): + (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we + fail in any way on the fast path. + * runtime/JSArray.cpp: + (JSC): + * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to + initialize in the JIT. + (ArrayStorage): + (JSC::ArrayStorage::lengthOffset): + (JSC::ArrayStorage::numValuesInVectorOffset): + (JSC::ArrayStorage::allocBaseOffset): + (JSC::ArrayStorage::vectorOffset): + (JSArray): + (JSC::JSArray::sparseValueMapOffset): + (JSC::JSArray::subclassDataOffset): + (JSC::JSArray::indexBiasOffset): + (JSC): + (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file + to being a static function in the JSArray class. This move allows the JIT to call it to + see what size it should allocate. + +2012-02-26 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681. + + * interpreter/Interpreter.cpp: + (JSC::getLineNumberForCallFrame): + (JSC::Interpreter::getStackTrace): + +2012-02-26 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for !ENABLE(JIT) after r108681. + + * interpreter/Interpreter.cpp: + (JSC::getLineNumberForCallFrame): + +2012-02-25 Filip Pizlo <fpizlo@apple.com> + + LLInt assembly file should be split into 32-bit and 64-bit parts + https://bugs.webkit.org/show_bug.cgi?id=79584 + + Reviewed by Sam Weinig. + + Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm + the ability to include files, and correctly track dependencies: it restricts + the include mechanism to using the same directory as the source file, and uses + the SHA1 hash of all .asm files in that directory as an input hash. + + * llint/LLIntOfflineAsmConfig.h: + * llint/LowLevelInterpreter.asm: + * llint/LowLevelInterpreter32_64.asm: Added. + - This is just the entire contents of what was previously LowLevelInterpreter.asm + * llint/LowLevelInterpreter64.asm: Added. + * offlineasm/asm.rb: + * offlineasm/ast.rb: + * offlineasm/generate_offset_extractor.rb: + * offlineasm/parser.rb: + * offlineasm/self_hash.rb: + +2012-02-25 Filip Pizlo <fpizlo@apple.com> + + Offlineasm should support X86_64 + https://bugs.webkit.org/show_bug.cgi?id=79581 + + Reviewed by Oliver Hunt. + + * llint/LLIntOfflineAsmConfig.h: + * offlineasm/backends.rb: + * offlineasm/instructions.rb: + * offlineasm/settings.rb: + * offlineasm/x86.rb: + +2012-02-25 Filip Pizlo <fpizlo@apple.com> + + DFG should support activations and nested functions + https://bugs.webkit.org/show_bug.cgi?id=79554 + + Reviewed by Oliver Hunt. + + Wrote the simplest possible implementation of activations. Big speed-up on + code that uses activations, no speed-up on major benchmarks (SunSpider, V8, + Kraken) because they do not appear to have sufficient coverage over code + that uses activations. + + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + (JSC::predictionFromValue): + * bytecode/PredictedType.h: + (JSC): + (JSC::isEmptyPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (ByteCodeParser): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + (JSC::DFG::canInlineOpcode): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::needsActivation): + * dfg/DFGNode.h: + (DFG): + (JSC::DFG::Node::storageAccessDataIndex): + (Node): + (JSC::DFG::Node::hasFunctionDeclIndex): + (JSC::DFG::Node::functionDeclIndex): + (JSC::DFG::Node::hasFunctionExprIndex): + (JSC::DFG::Node::functionExprIndex): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): + (DFG): + (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-02-25 Benjamin Poulain <benjamin@webkit.org> + + Add an empty skeleton of KURL for WTFURL + https://bugs.webkit.org/show_bug.cgi?id=78990 + + Reviewed by Adam Barth. + + * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL + so that can use them in WebCore. + +2012-02-25 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, fix build for DFG disabled and LLInt enabled. + + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * llint/LLIntSlowPaths.cpp: + (LLInt): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + +2012-02-25 Mark Hahnenberg <mhahnenberg@apple.com> + + Fix the CopiedBlock offset alignment in a cross platform fashion + https://bugs.webkit.org/show_bug.cgi?id=79556 + + Reviewed by Filip Pizlo. + + Replaced m_payload with a payload() method that calculates the offset + of the payload with the proper alignment. This change allows us to + avoid alignment-related issues in a cross-platform manner. + + * heap/CopiedAllocator.h: + (JSC::CopiedAllocator::currentUtilization): + * heap/CopiedBlock.h: + (JSC::CopiedBlock::CopiedBlock): + (JSC::CopiedBlock::payload): + (CopiedBlock): + * heap/CopiedSpace.cpp: + (JSC::CopiedSpace::doneFillingBlock): + * heap/CopiedSpaceInlineMethods.h: + (JSC::CopiedSpace::borrowBlock): + (JSC::CopiedSpace::allocateFromBlock): + +2012-02-24 Michael Saboff <msaboff@apple.com> + + Unreviewed, Windows build fix. Changed signature in export to match + change made in r108858. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-02-24 Filip Pizlo <fpizlo@apple.com> + + DFG support for op_new_regexp should be enabled + https://bugs.webkit.org/show_bug.cgi?id=79538 + + Reviewed by Oliver Hunt. + + No performance change. + + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGCommon.h: + +2012-02-24 Michael Saboff <msaboff@apple.com> + + ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked + https://bugs.webkit.org/show_bug.cgi?id=73728 + + Reviewed by Gavin Barraclough. + + Fixed the mixing of signed and unsigned character indeces in YARR + interpreter. + + * runtime/RegExp.cpp: + (JSC::RegExp::match): Added code to check for match longer than 2^31 and + return no match after resetting the offsets. + * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index + handling except when matching back references. + (JSC::Yarr::Interpreter::InputStream::readChecked): + (JSC::Yarr::Interpreter::InputStream::checkInput): + (JSC::Yarr::Interpreter::InputStream::uncheckInput): + (JSC::Yarr::Interpreter::InputStream::atStart): + (JSC::Yarr::Interpreter::InputStream::atEnd): + (JSC::Yarr::Interpreter::InputStream::isAvailableInput): + (JSC::Yarr::Interpreter::checkCharacter): + (JSC::Yarr::Interpreter::checkCasedCharacter): + (JSC::Yarr::Interpreter::checkCharacterClass): + (JSC::Yarr::Interpreter::tryConsumeBackReference): + (JSC::Yarr::Interpreter::matchAssertionBOL): + (JSC::Yarr::Interpreter::matchAssertionWordBoundary): + (JSC::Yarr::Interpreter::backtrackPatternCharacter): + (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter): + (JSC::Yarr::Interpreter::matchCharacterClass): + (JSC::Yarr::Interpreter::backtrackCharacterClass): + (JSC::Yarr::Interpreter::matchParenthesesOnceBegin): + (JSC::Yarr::Interpreter::matchDisjunction): + (JSC::Yarr::Interpreter::interpret): + (JSC::Yarr::ByteCompiler::assertionBOL): + (JSC::Yarr::ByteCompiler::assertionEOL): + (JSC::Yarr::ByteCompiler::assertionWordBoundary): + (JSC::Yarr::ByteCompiler::atomPatternCharacter): + (JSC::Yarr::ByteCompiler::atomCharacterClass): + (JSC::Yarr::ByteCompiler::atomBackReference): + (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin): + (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin): + (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin): + (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd): + (JSC::Yarr::ByteCompiler::emitDisjunction): + * yarr/YarrInterpreter.h: + +2012-02-24 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, build fix for builds where the DFG is disabled but the LLInt is + enabled. + + * llint/LLIntOfflineAsmConfig.h: + * llint/LowLevelInterpreter.asm: + +2012-02-24 Filip Pizlo <fpizlo@apple.com> + + DFG should be able to handle variables getting captured + https://bugs.webkit.org/show_bug.cgi?id=79469 + + Reviewed by Oliver Hunt. + + Made captured variables work by placing a Flush on the SetLocal and + forcing the emission of the GetLocal even if copy propagation tells us + who has the value. + + Changed the CFA and various prediction codes to understand that we can't + really prove anything about captured variables. Well, we could in the + future by just looking at what side effects are happening, but in this + first cut we just assume that we can't reason about captured variables. + + Also added a mode where the DFG pretends that all variables and arguments + got captured. Used this mode to harden the code. + + This is performance neutral. Capturing all variables is a slow down, but + not too big of one. This seems to predict that when we add activation + support, the amount of speed benefit we'll get from increased coverage + will far outweigh the pessimism that we'll have to endure for captured + variables. + + * bytecode/CodeType.h: + (JSC::codeTypeToString): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::initialize): + (JSC::DFG::AbstractState::endBasicBlock): + (JSC::DFG::AbstractState::execute): + (JSC::DFG::AbstractState::merge): + * dfg/DFGAbstractState.h: + (AbstractState): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::setLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::setArgument): + (JSC::DFG::ByteCodeParser::flushArgument): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGCapabilities.h: + (JSC::DFG::mightInlineFunctionForCall): + (JSC::DFG::mightInlineFunctionForConstruct): + * dfg/DFGCommon.h: + * dfg/DFGGraph.h: + (JSC::DFG::Graph::needsActivation): + (Graph): + (JSC::DFG::Graph::argumentIsCaptured): + (JSC::DFG::Graph::localIsCaptured): + (JSC::DFG::Graph::isCaptured): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldGenerate): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): + * dfg/DFGSpeculativeJIT.cpp: + (DFG): + (JSC::DFG::ValueSource::dump): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (ValueSource): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGVirtualRegisterAllocationPhase.cpp: + (JSC::DFG::VirtualRegisterAllocationPhase::run): + +2012-02-24 Gavin Barraclough <barraclough@apple.com> + + Should not allow malformed \x escapes + https://bugs.webkit.org/show_bug.cgi?id=79462 + + Reviewed by Oliver Hunt. + + * parser/Lexer.cpp: + (JSC::::parseString): + (JSC::::parseStringSlowCase): + - Prohibit malformed '\x' escapes + * tests/mozilla/ecma/Array/15.4.5.1-1.js: + * tests/mozilla/ecma/LexicalConventions/7.7.4.js: + * tests/mozilla/ecma_2/RegExp/hex-001.js: + * tests/mozilla/js1_2/regexp/hexadecimal.js: + - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik). + +2012-02-24 Daniel Bates <dbates@webkit.org> + + Fix change log entry for changeset r108819; add bug URL + https://bugs.webkit.org/show_bug.cgi?id=79504 + + Changeset r108819 is associated with bug #79504. + + * ChangeLog + +2012-02-24 Daniel Bates <dbates@webkit.org> + + Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp + https://bugs.webkit.org/show_bug.cgi?id=79504 + + Reviewed by Oliver Hunt. + + There are a few places in Interpreter.cpp that need to be updated to use + ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to + ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020> + (https://bugs.webkit.org/show_bug.cgi?id=78791). + + * interpreter/Interpreter.cpp: + (JSC::getLineNumberForCallFrame): + (JSC::getCallerInfo): + (JSC::getSourceURLFromCallFrame): + +2012-02-24 Adam Roben <aroben@apple.com> + + Undo the BUILDING_WTF part of r108808 + + This broke the build, which is obviously worse than the linker warning it was trying to + solve. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: + +2012-02-24 Adam Roben <aroben@apple.com> + + Fix linker warnings on Windows + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already + exported via JS_EXPORTDATA. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We + aren't actually building WTF, but we are statically linking it, so we need to define this + symbol so that we export WTF's exports. + +2012-02-24 Philippe Normand <pnormand@igalia.com> + + Fix GTK WebAudio build for WebKitGTK 1.7.90. + + Patch by Priit Laes <plaes@plaes.org> on 2012-02-24 + Rubber-stamped by Philippe Normand. + + * GNUmakefile.list.am: Add Complex.h to the list of files so it + gets disted in the tarballs. + +2012-02-24 Zoltan Herczeg <zherczeg@webkit.org> + + [Qt] Buildfix for "Zero out CopiedBlocks on initialization". + https://bugs.webkit.org/show_bug.cgi?id=79199 + + Ruber stamped by Csaba Osztrogonác. + + Temporary fix since the new member wastes a little space on + 64 bit systems. Although it is harmless, it is only needed + for 32 bit systems. + + * heap/CopiedBlock.h: + (CopiedBlock): + +2012-02-24 Han Hojong <hojong.han@samsung.com> + + Remove useless jump instructions for short circuit + https://bugs.webkit.org/show_bug.cgi?id=75602 + + Reviewed by Michael Saboff. + + Jump instruction is inserted to make short circuit, + however it does nothing but moving to the next instruction. + Therefore useless jump instructions are removed, + and jump list is moved into the case not for a short circuit, + so that only necessary instructions are added to JIT code + unless it has a 16 bit pattern character and an 8 bit string. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): + +2012-02-24 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r108731. + http://trac.webkit.org/changeset/108731 + https://bugs.webkit.org/show_bug.cgi?id=79464 + + Broke Chromium Win tests (Requested by bashi on #webkit). + + * wtf/Platform.h: + +2012-02-24 Andrew Lo <anlo@rim.com> + + [BlackBerry] Enable requestAnimationFrame + https://bugs.webkit.org/show_bug.cgi?id=79408 + + Use timer implementation of requestAnimationFrame on BlackBerry. + + Reviewed by Rob Buis. + + * wtf/Platform.h: + +2012-02-24 Mathias Bynens <mathias@qiwi.be> + + `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5 + https://bugs.webkit.org/show_bug.cgi?id=78908 + + Add additional checks for zero-width non-joiner (0x200C) and + zero-width joiner (0x200D) characters. + + Reviewed by Michael Saboff. + + * parser/Lexer.cpp: + (JSC::isNonASCIIIdentPart) + * runtime/LiteralParser.cpp: + (JSC::::Lexer::lexIdentifier) + +2012-02-23 Kenichi Ishibashi <bashi@chromium.org> + + Adding WebSocket per-frame DEFLATE extension + https://bugs.webkit.org/show_bug.cgi?id=77522 + + Added USE(ZLIB) flag. + + Reviewed by Kent Tamura. + + * wtf/Platform.h: + +2012-02-23 Mark Hahnenberg <mhahnenberg@apple.com> + + Zero out CopiedBlocks on initialization + https://bugs.webkit.org/show_bug.cgi?id=79199 + + Reviewed by Filip Pizlo. + + Made CopyBlocks zero their payloads during construction. This allows + JSArray to avoid having to manually clear its backing store upon allocation + and also alleviates any future pain with regard to the garbage collector trying + to mark what it thinks are values in what is actually uninitialized memory. + + * heap/CopiedBlock.h: + (JSC::CopiedBlock::CopiedBlock): + * runtime/JSArray.cpp: + (JSC::JSArray::finishCreation): + (JSC::JSArray::tryFinishCreationUninitialized): + (JSC::JSArray::increaseVectorLength): + (JSC::JSArray::unshiftCountSlowCase): + +2012-02-23 Oliver Hunt <oliver@apple.com> + + Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided + https://bugs.webkit.org/show_bug.cgi?id=79407 + + Reviewed by Gavin Barraclough. + + Outside of exception handling, we don't know what our source line number is. This + change allows us to pass -1 is as the initial line number, and get the correct line + number in the resultant stack trace. We can't completely elide the initial line + number (yet) due to some idiosyncrasies of the exception handling machinery. + + * interpreter/Interpreter.cpp: + (JSC::getLineNumberForCallFrame): + (JSC): + (JSC::Interpreter::getStackTrace): + +2012-02-22 Filip Pizlo <fpizlo@apple.com> + + DFG OSR exit value profiling should have graceful handling of local variables and arguments + https://bugs.webkit.org/show_bug.cgi?id=79310 + + Reviewed by Gavin Barraclough. + + Previously, if we OSR exited because a prediction in a local was wrong, we'd + only realize what the true type of the local was if the regular value profiling + kicked in and told us. Unless the local was block-locally copy propagated, in + which case we'd know from an OSR exit profile. + + This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR + exit because of a mispredicted local or argument type, we'll know what the type of + the local or argument should be immediately upon exiting. + + The way that local variable OSR exit profiling works is that we now have a lazily + added set of OSR-exit-only value profiles for exit sites that are BadType and that + cited a GetLocal as their value source. The value profiles are only added if the + OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and + operand. The look-up is performed by querying the + CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains + the bytecode index and the operand. Because the value profiles are added at random + times, they are not sorted; instead they are just stored in an arbitrarily-ordered + SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser + creates a LazyOperandValueProfileParser, which turns the + CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration + of DFG parsing. + + Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket + into which values observed during OSR exit would be placed. Now it uses a lazy + thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may + either contain a ValueProfile inside it (which works for previous uses of OSR exit + profiling) or it may just have knowledge of how to go about creating the + LazyOperandValueProfile in the case that the OSR exit is actually taken. This + ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks + value profiling buckets unless we actually did OSR exit on every single operand, + in every single instruction, in each code block (that's probably unlikely). + + This appears to be neutral on the major benchmarks, but is a double-digit speed-up + on code deliberately written to have data flow that spans basic blocks and where + the code exhibits post-optimization polymorphism in a local variable. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::stronglyVisitStrongReferences): + * bytecode/CodeBlock.h: + (CodeBlock): + (JSC::CodeBlock::lazyOperandValueProfiles): + * bytecode/LazyOperandValueProfile.cpp: Added. + (JSC): + (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder): + (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder): + (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions): + (JSC::CompressedLazyOperandValueProfileHolder::add): + (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser): + (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser): + (JSC::LazyOperandValueProfileParser::getIfPresent): + (JSC::LazyOperandValueProfileParser::prediction): + * bytecode/LazyOperandValueProfile.h: Added. + (JSC): + (LazyOperandValueProfileKey): + (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey): + (JSC::LazyOperandValueProfileKey::operator!): + (JSC::LazyOperandValueProfileKey::operator==): + (JSC::LazyOperandValueProfileKey::hash): + (JSC::LazyOperandValueProfileKey::bytecodeOffset): + (JSC::LazyOperandValueProfileKey::operand): + (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue): + (JSC::LazyOperandValueProfileKeyHash::hash): + (JSC::LazyOperandValueProfileKeyHash::equal): + (LazyOperandValueProfileKeyHash): + (WTF): + (JSC::LazyOperandValueProfile::LazyOperandValueProfile): + (LazyOperandValueProfile): + (JSC::LazyOperandValueProfile::key): + (CompressedLazyOperandValueProfileHolder): + (LazyOperandValueProfileParser): + * bytecode/MethodOfGettingAValueProfile.cpp: Added. + (JSC): + (JSC::MethodOfGettingAValueProfile::fromLazyOperand): + (JSC::MethodOfGettingAValueProfile::getSpecFailBucket): + * bytecode/MethodOfGettingAValueProfile.h: Added. + (JSC): + (MethodOfGettingAValueProfile): + (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile): + (JSC::MethodOfGettingAValueProfile::operator!): + * bytecode/ValueProfile.cpp: Removed. + * bytecode/ValueProfile.h: + (JSC): + (ValueProfileBase): + (JSC::ValueProfileBase::ValueProfileBase): + (JSC::ValueProfileBase::dump): + (JSC::ValueProfileBase::computeUpdatedPrediction): + (JSC::MinimalValueProfile::MinimalValueProfile): + (ValueProfileWithLogNumberOfBuckets): + (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets): + (JSC::ValueProfile::ValueProfile): + (JSC::getValueProfileBytecodeOffset): + (JSC::getRareCaseProfileBytecodeOffset): + * dfg/DFGByteCodeParser.cpp: + (ByteCodeParser): + (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction): + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (InlineStackEntry): + (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions): + (DFG): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::valueProfileFor): + (JSC::DFG::Graph::methodOfGettingAValueProfileFor): + (Graph): + * dfg/DFGNode.h: + (Node): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::OSRExit::OSRExit): + * dfg/DFGOSRExit.h: + (OSRExit): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGPhase.cpp: + (JSC::DFG::Phase::beginPhase): + (JSC::DFG::Phase::endPhase): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::speculationCheck): + * dfg/DFGVariableAccessData.h: + (JSC::DFG::VariableAccessData::nonUnifiedPrediction): + (VariableAccessData): + +2012-02-23 Filip Pizlo <fpizlo@apple.com> + + Build fix. + + * llint/LLIntOffsetsExtractor.cpp: + +2012-02-23 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Build fix, disable LLINT for now and fix ENABLE defines for it. + + * llint/LLIntOffsetsExtractor.cpp: + * wtf/Platform.h: + +2012-02-23 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Build fix for non-Mac wx builds. + + * runtime/DatePrototype.cpp: + +2012-02-22 Filip Pizlo <fpizlo@apple.com> + + DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment + https://bugs.webkit.org/show_bug.cgi?id=79334 + + Reviewed by Oliver Hunt. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::flush): + +2012-02-23 Gavin Barraclough <barraclough@apple.com> + + Object.isSealed / Object.isFrozen don't work for native objects + https://bugs.webkit.org/show_bug.cgi?id=79331 + + Reviewed by Sam Weinig. + + Need to inspect all properties, including static ones. + This exposes a couple of bugs in Array & Arguments: + - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length. + - Arguments object's defineOwnProperty does not handle callee/caller/length correctly. + + * runtime/Arguments.cpp: + (JSC::Arguments::defineOwnProperty): + - Add handling for callee/caller/length. + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertyDescriptor): + - report length's writability correctly. + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorSeal): + (JSC::objectConstructorFreeze): + (JSC::objectConstructorIsSealed): + (JSC::objectConstructorIsFrozen): + - Add spec-based implementation for non-final objects. + +2012-02-23 Gavin Barraclough <barraclough@apple.com> + + pop of array hole should get from the prototype chain + https://bugs.webkit.org/show_bug.cgi?id=79338 + + Reviewed by Sam Weinig. + + * runtime/JSArray.cpp: + (JSC::JSArray::pop): + - If the fast fast vector case fails, more closely follow the spec. + +2012-02-23 Yong Li <yoli@rim.com> + + JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope() + https://bugs.webkit.org/show_bug.cgi?id=79268 + + Reviewed by Michael Saboff. + + resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory() + after it fails to allocate a buffer for m_value. So outOfMemory() should assert + isRope() rather than !isRope(). + + * runtime/JSString.cpp: + (JSC::JSString::outOfMemory): + +2012-02-23 Patrick Gansterer <paroga@webkit.org> + + [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro + https://bugs.webkit.org/show_bug.cgi?id=79371 + + Reviewed by Daniel Bates. + + * CMakeLists.txt: + * shell/CMakeLists.txt: + * wtf/CMakeLists.txt: + +2012-02-23 Aron Rosenberg <arosenberg@logitech.com> + + Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer. + https://bugs.webkit.org/show_bug.cgi?id=76210 + + Add compile time check for Visual Studio 2005 or newer. + + Reviewed by Simon Hausmann. + + * os-win32/inttypes.h: + +2012-02-22 Gavin Barraclough <barraclough@apple.com> + + Implement [[DefineOwnProperty]] for the arguments object + https://bugs.webkit.org/show_bug.cgi?id=79309 + + Reviewed by Sam Weinig. + + * runtime/Arguments.cpp: + (JSC::Arguments::deletePropertyByIndex): + (JSC::Arguments::deleteProperty): + - Deleting an argument should also delete the copy on the object, if any. + (JSC::Arguments::defineOwnProperty): + - Defining a property may override the live mapping. + * runtime/Arguments.h: + (Arguments): + +2012-02-22 Gavin Barraclough <barraclough@apple.com> + + Fix Object.freeze for non-final objects. + https://bugs.webkit.org/show_bug.cgi?id=79286 + + Reviewed by Oliver Hunt. + + For vanilla objects we implement this with a single transition, for objects + with special properties we should just follow the spec defined algorithm. + + * runtime/JSArray.cpp: + (JSC::SparseArrayValueMap::put): + - this does need to handle inextensible objects. + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorSeal): + (JSC::objectConstructorFreeze): + - Implement spec defined algorithm for non-final objects. + * runtime/Structure.cpp: + (JSC::Structure::Structure): + (JSC::Structure::freezeTransition): + - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto. + * runtime/Structure.h: + (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): + (JSC::Structure::setHasGetterSetterProperties): + (JSC::Structure::setContainsReadOnlyProperties): + (Structure): + - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto. + +2012-02-22 Mark Hahnenberg <mhahnenberg@apple.com> + + Allocations from CopiedBlocks should always be 8-byte aligned + https://bugs.webkit.org/show_bug.cgi?id=79271 + + Reviewed by Geoffrey Garen. + + * heap/CopiedAllocator.h: + (JSC::CopiedAllocator::allocate): + * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always + guaranteed to be 8 byte aligned on both 64- and 32-bit platforms. + (CopiedBlock): + * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned. + (JSC::CopiedSpace::tryAllocateOversize): + (JSC::CopiedSpace::getFreshBlock): + * heap/CopiedSpaceInlineMethods.h: + (JSC::CopiedSpace::allocateFromBlock): + * runtime/JSArray.h: + (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte + aligned on both 64- and 32-bit platforms. + * wtf/StdLibExtras.h: + (WTF::is8ByteAligned): Added new utility function that functions similarly to the + way isPointerAligned does, but it just always checks for 8 byte alignment. + (WTF): + +2012-02-22 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r108456. + http://trac.webkit.org/changeset/108456 + https://bugs.webkit.org/show_bug.cgi?id=79223 + + Broke fast/regex/pcre-test-4.html and cannot find anyone on + IRC (Requested by zherczeg on #webkit). + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): + +2012-02-22 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r108468. + http://trac.webkit.org/changeset/108468 + https://bugs.webkit.org/show_bug.cgi?id=79219 + + Broke Chromium Win release build (Requested by bashi on + #webkit). + + * wtf/Platform.h: + +2012-02-22 Kenichi Ishibashi <bashi@chromium.org> + + Adding WebSocket per-frame DEFLATE extension + https://bugs.webkit.org/show_bug.cgi?id=77522 + + Added USE(ZLIB) flag. + + Reviewed by Kent Tamura. + + * wtf/Platform.h: + +2012-02-22 Hojong Han <hojong.han@samsung.com> + + Short circuit fixed for a 16 bt pattern character and an 8 bit string. + https://bugs.webkit.org/show_bug.cgi?id=75602 + + Reviewed by Gavin Barraclough. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): + +2012-02-21 Filip Pizlo <fpizlo@apple.com> + + Build fix for systems with case sensitive disks. + + * llint/LLIntOfflineAsmConfig.h: + +2012-02-21 Filip Pizlo <fpizlo@apple.com> + + JSC should be a triple-tier VM + https://bugs.webkit.org/show_bug.cgi?id=75812 + <rdar://problem/10079694> + + Reviewed by Gavin Barraclough. + + Implemented an interpreter that uses the JIT's calling convention. This + interpreter is called LLInt, or the Low Level Interpreter. JSC will now + will start by executing code in LLInt and will only tier up to the old + JIT after the code is proven hot. + + LLInt is written in a modified form of our macro assembly. This new macro + assembly is compiled by an offline assembler (see offlineasm), which + implements many modern conveniences such as a Turing-complete CPS-based + macro language and direct access to relevant C++ type information + (basically offsets of fields and sizes of structs/classes). + + Code executing in LLInt appears to the rest of the JSC world "as if" it + were executing in the old JIT. Hence, things like exception handling and + cross-execution-engine calls just work and require pretty much no + additional overhead. + + This interpreter is 2-2.5x faster than our old interpreter on SunSpider, + V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider, + V8, and Kraken, but appear to get a double-digit improvement on real-world + websites due to a huge reduction in the amount of JIT'ing. + + * CMakeLists.txt: + * GNUmakefile.am: + * GNUmakefile.list.am: + * JavaScriptCore.pri: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * assembler/LinkBuffer.h: + * assembler/MacroAssemblerCodeRef.h: + (MacroAssemblerCodePtr): + (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): + * bytecode/BytecodeConventions.h: Added. + * bytecode/CallLinkStatus.cpp: + (JSC::CallLinkStatus::computeFromLLInt): + (JSC): + (JSC::CallLinkStatus::computeFor): + * bytecode/CallLinkStatus.h: + (JSC::CallLinkStatus::isSet): + (JSC::CallLinkStatus::operator!): + (CallLinkStatus): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::~CodeBlock): + (JSC::CodeBlock::finalizeUnconditionally): + (JSC::CodeBlock::stronglyVisitStrongReferences): + (JSC): + (JSC::CodeBlock::unlinkCalls): + (JSC::CodeBlock::unlinkIncomingCalls): + (JSC::CodeBlock::bytecodeOffset): + (JSC::ProgramCodeBlock::jettison): + (JSC::EvalCodeBlock::jettison): + (JSC::FunctionCodeBlock::jettison): + (JSC::ProgramCodeBlock::jitCompileImpl): + (JSC::EvalCodeBlock::jitCompileImpl): + (JSC::FunctionCodeBlock::jitCompileImpl): + * bytecode/CodeBlock.h: + (JSC): + (CodeBlock): + (JSC::CodeBlock::baselineVersion): + (JSC::CodeBlock::linkIncomingCall): + (JSC::CodeBlock::bytecodeOffset): + (JSC::CodeBlock::jitCompile): + (JSC::CodeBlock::hasOptimizedReplacement): + (JSC::CodeBlock::addPropertyAccessInstruction): + (JSC::CodeBlock::addGlobalResolveInstruction): + (JSC::CodeBlock::addLLIntCallLinkInfo): + (JSC::CodeBlock::addGlobalResolveInfo): + (JSC::CodeBlock::numberOfMethodCallLinkInfos): + (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): + (JSC::CodeBlock::likelyToTakeSlowCase): + (JSC::CodeBlock::couldTakeSlowCase): + (JSC::CodeBlock::likelyToTakeSpecialFastCase): + (JSC::CodeBlock::likelyToTakeDeepestSlowCase): + (JSC::CodeBlock::likelyToTakeAnySlowCase): + (JSC::CodeBlock::addFrequentExitSite): + (JSC::CodeBlock::dontJITAnytimeSoon): + (JSC::CodeBlock::jitAfterWarmUp): + (JSC::CodeBlock::jitSoon): + (JSC::CodeBlock::llintExecuteCounter): + (ProgramCodeBlock): + (EvalCodeBlock): + (FunctionCodeBlock): + * bytecode/GetByIdStatus.cpp: + (JSC::GetByIdStatus::computeFromLLInt): + (JSC): + (JSC::GetByIdStatus::computeFor): + * bytecode/GetByIdStatus.h: + (JSC::GetByIdStatus::GetByIdStatus): + (JSC::GetByIdStatus::wasSeenInJIT): + (GetByIdStatus): + * bytecode/Instruction.h: + (JSC): + (JSC::Instruction::Instruction): + (Instruction): + * bytecode/LLIntCallLinkInfo.h: Added. + (JSC): + (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo): + (LLIntCallLinkInfo): + (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo): + (JSC::LLIntCallLinkInfo::isLinked): + (JSC::LLIntCallLinkInfo::unlink): + * bytecode/MethodCallLinkStatus.cpp: + (JSC::MethodCallLinkStatus::computeFor): + * bytecode/Opcode.cpp: + (JSC): + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * bytecode/PutByIdStatus.cpp: + (JSC::PutByIdStatus::computeFromLLInt): + (JSC): + (JSC::PutByIdStatus::computeFor): + * bytecode/PutByIdStatus.h: + (PutByIdStatus): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitGetById): + (JSC::BytecodeGenerator::emitPutById): + (JSC::BytecodeGenerator::emitDirectPutById): + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitConstruct): + (JSC::BytecodeGenerator::emitCatch): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOperations.cpp: + * heap/Heap.h: + (JSC): + (JSC::Heap::firstAllocatorWithoutDestructors): + (Heap): + * heap/MarkStack.cpp: + (JSC::visitChildren): + * heap/MarkedAllocator.h: + (JSC): + (MarkedAllocator): + * heap/MarkedSpace.h: + (JSC): + (MarkedSpace): + (JSC::MarkedSpace::firstAllocator): + * interpreter/CallFrame.cpp: + (JSC): + (JSC::CallFrame::bytecodeOffsetForNonDFGCode): + (JSC::CallFrame::setBytecodeOffsetForNonDFGCode): + (JSC::CallFrame::currentVPC): + (JSC::CallFrame::setCurrentVPC): + (JSC::CallFrame::trueCallerFrame): + * interpreter/CallFrame.h: + (JSC::ExecState::hasReturnPC): + (JSC::ExecState::clearReturnPC): + (ExecState): + (JSC::ExecState::bytecodeOffsetForNonDFGCode): + (JSC::ExecState::currentVPC): + (JSC::ExecState::setCurrentVPC): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::Interpreter): + (JSC::Interpreter::~Interpreter): + (JSC): + (JSC::Interpreter::initialize): + (JSC::Interpreter::isOpcode): + (JSC::Interpreter::unwindCallFrame): + (JSC::getCallerInfo): + (JSC::Interpreter::privateExecute): + (JSC::Interpreter::retrieveLastCaller): + * interpreter/Interpreter.h: + (JSC): + (Interpreter): + (JSC::Interpreter::getOpcode): + (JSC::Interpreter::getOpcodeID): + (JSC::Interpreter::classicEnabled): + * interpreter/RegisterFile.h: + (JSC): + (RegisterFile): + * jit/ExecutableAllocator.h: + (JSC): + * jit/HostCallReturnValue.cpp: Added. + (JSC): + (JSC::getHostCallReturnValueWithExecState): + * jit/HostCallReturnValue.h: Added. + (JSC): + (JSC::initializeHostCallReturnValue): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + * jit/JITCode.h: + (JSC::JITCode::isOptimizingJIT): + (JITCode): + (JSC::JITCode::isBaselineCode): + (JSC::JITCode::JITCode): + * jit/JITDriver.h: + (JSC::jitCompileIfAppropriate): + (JSC::jitCompileFunctionIfAppropriate): + * jit/JITExceptions.cpp: + (JSC::jitThrow): + * jit/JITInlineMethods.h: + (JSC::JIT::updateTopCallFrame): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC): + * jit/JITStubs.h: + (JSC): + * jit/JSInterfaceJIT.h: + * llint: Added. + * llint/LLIntCommon.h: Added. + * llint/LLIntData.cpp: Added. + (LLInt): + (JSC::LLInt::Data::Data): + (JSC::LLInt::Data::performAssertions): + (JSC::LLInt::Data::~Data): + * llint/LLIntData.h: Added. + (JSC): + (LLInt): + (Data): + (JSC::LLInt::Data::exceptionInstructions): + (JSC::LLInt::Data::opcodeMap): + (JSC::LLInt::Data::performAssertions): + * llint/LLIntEntrypoints.cpp: Added. + (LLInt): + (JSC::LLInt::getFunctionEntrypoint): + (JSC::LLInt::getEvalEntrypoint): + (JSC::LLInt::getProgramEntrypoint): + * llint/LLIntEntrypoints.h: Added. + (JSC): + (LLInt): + (JSC::LLInt::getEntrypoint): + * llint/LLIntExceptions.cpp: Added. + (LLInt): + (JSC::LLInt::interpreterThrowInCaller): + (JSC::LLInt::returnToThrowForThrownException): + (JSC::LLInt::returnToThrow): + (JSC::LLInt::callToThrow): + * llint/LLIntExceptions.h: Added. + (JSC): + (LLInt): + * llint/LLIntOfflineAsmConfig.h: Added. + * llint/LLIntOffsetsExtractor.cpp: Added. + (JSC): + (LLIntOffsetsExtractor): + (JSC::LLIntOffsetsExtractor::dummy): + (main): + * llint/LLIntSlowPaths.cpp: Added. + (LLInt): + (JSC::LLInt::llint_trace_operand): + (JSC::LLInt::llint_trace_value): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (JSC::LLInt::traceFunctionPrologue): + (JSC::LLInt::shouldJIT): + (JSC::LLInt::entryOSR): + (JSC::LLInt::resolveGlobal): + (JSC::LLInt::getByVal): + (JSC::LLInt::handleHostCall): + (JSC::LLInt::setUpCall): + (JSC::LLInt::genericCall): + * llint/LLIntSlowPaths.h: Added. + (JSC): + (LLInt): + * llint/LLIntThunks.cpp: Added. + (LLInt): + (JSC::LLInt::generateThunkWithJumpTo): + (JSC::LLInt::functionForCallEntryThunkGenerator): + (JSC::LLInt::functionForConstructEntryThunkGenerator): + (JSC::LLInt::functionForCallArityCheckThunkGenerator): + (JSC::LLInt::functionForConstructArityCheckThunkGenerator): + (JSC::LLInt::evalEntryThunkGenerator): + (JSC::LLInt::programEntryThunkGenerator): + * llint/LLIntThunks.h: Added. + (JSC): + (LLInt): + * llint/LowLevelInterpreter.asm: Added. + * llint/LowLevelInterpreter.cpp: Added. + * llint/LowLevelInterpreter.h: Added. + * offlineasm: Added. + * offlineasm/armv7.rb: Added. + * offlineasm/asm.rb: Added. + * offlineasm/ast.rb: Added. + * offlineasm/backends.rb: Added. + * offlineasm/generate_offset_extractor.rb: Added. + * offlineasm/instructions.rb: Added. + * offlineasm/offset_extractor_constants.rb: Added. + * offlineasm/offsets.rb: Added. + * offlineasm/opt.rb: Added. + * offlineasm/parser.rb: Added. + * offlineasm/registers.rb: Added. + * offlineasm/self_hash.rb: Added. + * offlineasm/settings.rb: Added. + * offlineasm/transform.rb: Added. + * offlineasm/x86.rb: Added. + * runtime/CodeSpecializationKind.h: Added. + (JSC): + * runtime/CommonSlowPaths.h: + (JSC::CommonSlowPaths::arityCheckFor): + (CommonSlowPaths): + * runtime/Executable.cpp: + (JSC::jettisonCodeBlock): + (JSC): + (JSC::EvalExecutable::jitCompile): + (JSC::samplingDescription): + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::jitCompile): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::baselineCodeBlockFor): + (JSC::FunctionExecutable::jitCompileForCall): + (JSC::FunctionExecutable::jitCompileForConstruct): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (JSC): + (EvalExecutable): + (ProgramExecutable): + (FunctionExecutable): + (JSC::FunctionExecutable::jitCompileFor): + * runtime/ExecutionHarness.h: Added. + (JSC): + (JSC::prepareForExecution): + (JSC::prepareFunctionForExecution): + * runtime/JSArray.h: + (JSC): + (JSArray): + * runtime/JSCell.h: + (JSC): + (JSCell): + * runtime/JSFunction.h: + (JSC): + (JSFunction): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSC): + (JSGlobalData): + * runtime/JSGlobalObject.h: + (JSC): + (JSGlobalObject): + * runtime/JSObject.h: + (JSC): + (JSObject): + (JSFinalObject): + * runtime/JSPropertyNameIterator.h: + (JSC): + (JSPropertyNameIterator): + * runtime/JSString.h: + (JSC): + (JSString): + * runtime/JSTypeInfo.h: + (JSC): + (TypeInfo): + * runtime/JSValue.cpp: + (JSC::JSValue::description): + * runtime/JSValue.h: + (LLInt): + (JSValue): + * runtime/JSVariableObject.h: + (JSC): + (JSVariableObject): + * runtime/Options.cpp: + (Options): + (JSC::Options::initializeOptions): + * runtime/Options.h: + (Options): + * runtime/ScopeChain.h: + (JSC): + (ScopeChainNode): + * runtime/Structure.cpp: + (JSC::Structure::addPropertyTransition): + * runtime/Structure.h: + (JSC): + (Structure): + * runtime/StructureChain.h: + (JSC): + (StructureChain): + * wtf/InlineASM.h: + * wtf/Platform.h: + * wtf/SentinelLinkedList.h: + (SentinelLinkedList): + (WTF::SentinelLinkedList::isEmpty): + * wtf/text/StringImpl.h: + (JSC): + (StringImpl): + +2012-02-21 Oliver Hunt <oliver@apple.com> + + Unbreak double-typed arrays on ARMv7 + https://bugs.webkit.org/show_bug.cgi?id=79177 + + Reviewed by Gavin Barraclough. + + The existing code had completely broken address arithmetic. + + * JSCTypedArrayStubs.h: + (JSC): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::storeDouble): + (JSC::MacroAssemblerARMv7::storeFloat): + +2012-02-21 Gavin Barraclough <barraclough@apple.com> + + Should be able to reconfigure a non-configurable property as read-only + https://bugs.webkit.org/show_bug.cgi?id=79170 + + Reviewed by Sam Weinig. + + See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable, + but does not inhibit making a writable property read-only. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::setInDefineOwnProperty): + (JSGlobalData): + (JSC::JSGlobalData::isInDefineOwnProperty): + - Added flag, tracking whether we are in JSObject::defineOwnProperty. + * runtime/JSObject.cpp: + (JSC::JSObject::deleteProperty): + (DefineOwnPropertyScope): + - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing! + (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope): + (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope): + - Added RAII helper. + (JSC::JSObject::defineOwnProperty): + - Track on the globalData when we are in this method. + +2012-02-21 Oliver Hunt <oliver@apple.com> + + Make TypedArrays be available in commandline jsc + https://bugs.webkit.org/show_bug.cgi?id=79163 + + Reviewed by Gavin Barraclough. + + Adds a compile time option to have jsc support a basic implementation + of the TypedArrays available in WebCore. This lets us test the typed + array logic in the JIT witout having to build webcore. + + * JSCTypedArrayStubs.h: Added. + (JSC): + * JavaScriptCore.xcodeproj/project.pbxproj: + * jsc.cpp: + (GlobalObject::finishCreation): + (GlobalObject): + (GlobalObject::addConstructableFunction): + * runtime/JSGlobalData.h: + (JSGlobalData): + +2012-02-21 Tom Sepez <tsepez@chromium.org> + + equalIgnoringNullity() only comparing half the bytes for equality + https://bugs.webkit.org/show_bug.cgi?id=79135 + + Reviewed by Adam Barth. + + * wtf/text/StringImpl.h: + (WTF::equalIgnoringNullity): + +2012-02-21 Roland Takacs <takacs.roland@stud.u-szeged.hu> + + Unnecessary preprocessor macros in MainThread.h/cpp + https://bugs.webkit.org/show_bug.cgi?id=79083 + + Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro. + + * wtf/MainThread.cpp: + (WTF): + * wtf/MainThread.h: + (WTF): + +2012-02-21 Sam Weinig <sam@webkit.org> + + Attempt to fix the Snow Leopard build. + + * Configurations/Base.xcconfig: + +2012-02-21 Sam Weinig <sam@webkit.org> + + Use libc++ when building with Clang on Mac + https://bugs.webkit.org/show_bug.cgi?id=78981 + + Reviewed by Dan Bernstein. + + * Configurations/Base.xcconfig: + +2012-02-21 Adam Roben <aroben@apple.com> + + Roll out r108309, r108323, and r108326 + + They broke the 32-bit Lion build. + + Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>. + + * CMakeLists.txt: + * GNUmakefile.am: + * GNUmakefile.list.am: + * JavaScriptCore.pri: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * assembler/LinkBuffer.h: + * assembler/MacroAssemblerCodeRef.h: + * bytecode/BytecodeConventions.h: Removed. + * bytecode/CallLinkStatus.cpp: + * bytecode/CallLinkStatus.h: + * bytecode/CodeBlock.cpp: + * bytecode/CodeBlock.h: + * bytecode/GetByIdStatus.cpp: + * bytecode/GetByIdStatus.h: + * bytecode/Instruction.h: + * bytecode/LLIntCallLinkInfo.h: Removed. + * bytecode/MethodCallLinkStatus.cpp: + * bytecode/Opcode.cpp: + * bytecode/Opcode.h: + * bytecode/PutByIdStatus.cpp: + * bytecode/PutByIdStatus.h: + * bytecompiler/BytecodeGenerator.cpp: + * dfg/DFGByteCodeParser.cpp: + * dfg/DFGCapabilities.h: + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOperations.cpp: + * heap/Heap.h: + * heap/MarkStack.cpp: + * heap/MarkedAllocator.h: + * heap/MarkedSpace.h: + * interpreter/CallFrame.cpp: + * interpreter/CallFrame.h: + * interpreter/Interpreter.cpp: + * interpreter/Interpreter.h: + * interpreter/RegisterFile.h: + * jit/ExecutableAllocator.h: + * jit/HostCallReturnValue.cpp: Removed. + * jit/HostCallReturnValue.h: Removed. + * jit/JIT.cpp: + * jit/JITCode.h: + * jit/JITDriver.h: + * jit/JITExceptions.cpp: + * jit/JITInlineMethods.h: + * jit/JITStubs.cpp: + * jit/JITStubs.h: + * jit/JSInterfaceJIT.h: + * llint/LLIntCommon.h: Removed. + * llint/LLIntData.cpp: Removed. + * llint/LLIntData.h: Removed. + * llint/LLIntEntrypoints.cpp: Removed. + * llint/LLIntEntrypoints.h: Removed. + * llint/LLIntExceptions.cpp: Removed. + * llint/LLIntExceptions.h: Removed. + * llint/LLIntOfflineAsmConfig.h: Removed. + * llint/LLIntOffsetsExtractor.cpp: Removed. + * llint/LLIntSlowPaths.cpp: Removed. + * llint/LLIntSlowPaths.h: Removed. + * llint/LLIntThunks.cpp: Removed. + * llint/LLIntThunks.h: Removed. + * llint/LowLevelInterpreter.asm: Removed. + * llint/LowLevelInterpreter.cpp: Removed. + * llint/LowLevelInterpreter.h: Removed. + * offlineasm/armv7.rb: Removed. + * offlineasm/asm.rb: Removed. + * offlineasm/ast.rb: Removed. + * offlineasm/backends.rb: Removed. + * offlineasm/generate_offset_extractor.rb: Removed. + * offlineasm/instructions.rb: Removed. + * offlineasm/offset_extractor_constants.rb: Removed. + * offlineasm/offsets.rb: Removed. + * offlineasm/opt.rb: Removed. + * offlineasm/parser.rb: Removed. + * offlineasm/registers.rb: Removed. + * offlineasm/self_hash.rb: Removed. + * offlineasm/settings.rb: Removed. + * offlineasm/transform.rb: Removed. + * offlineasm/x86.rb: Removed. + * runtime/CodeSpecializationKind.h: Removed. + * runtime/CommonSlowPaths.h: + * runtime/Executable.cpp: + * runtime/Executable.h: + * runtime/ExecutionHarness.h: Removed. + * runtime/JSArray.h: + * runtime/JSCell.h: + * runtime/JSFunction.h: + * runtime/JSGlobalData.cpp: + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.h: + * runtime/JSObject.h: + * runtime/JSPropertyNameIterator.h: + * runtime/JSString.h: + * runtime/JSTypeInfo.h: + * runtime/JSValue.cpp: + * runtime/JSValue.h: + * runtime/JSVariableObject.h: + * runtime/Options.cpp: + * runtime/Options.h: + * runtime/ScopeChain.h: + * runtime/Structure.cpp: + * runtime/Structure.h: + * runtime/StructureChain.h: + * wtf/InlineASM.h: + * wtf/Platform.h: + * wtf/SentinelLinkedList.h: + * wtf/text/StringImpl.h: + +2012-02-21 Gustavo Noronha Silva <kov@debian.org> and Bob Tracy <rct@frus.com> + + Does not build on IA64, SPARC and Alpha + https://bugs.webkit.org/show_bug.cgi?id=79047 + + Rubber-stamped by Kent Tamura. + + * wtf/dtoa/utils.h: these architectures also have correct double + operations, so add them to the appropriate side of the check. + +2012-02-21 Filip Pizlo <fpizlo@apple.com> + + Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build. + https://bugs.webkit.org/show_bug.cgi?id=75812 + + Reviewed by Csaba Osztrogonác. + + * dfg/DFGOperations.cpp: + (JSC): + * jit/HostCallReturnValue.h: + (JSC::initializeHostCallReturnValue): + +2012-02-21 Filip Pizlo <fpizlo@apple.com> + + Attempted build fix for ELF platforms. + + * dfg/DFGOperations.cpp: + (JSC): + (JSC::getHostCallReturnValueWithExecState): + * jit/HostCallReturnValue.cpp: + (JSC): + * jit/HostCallReturnValue.h: + (JSC::initializeHostCallReturnValue): + +2012-02-20 Filip Pizlo <fpizlo@apple.com> + + JSC should be a triple-tier VM + https://bugs.webkit.org/show_bug.cgi?id=75812 + <rdar://problem/10079694> + + Reviewed by Gavin Barraclough. + + Implemented an interpreter that uses the JIT's calling convention. This + interpreter is called LLInt, or the Low Level Interpreter. JSC will now + will start by executing code in LLInt and will only tier up to the old + JIT after the code is proven hot. + + LLInt is written in a modified form of our macro assembly. This new macro + assembly is compiled by an offline assembler (see offlineasm), which + implements many modern conveniences such as a Turing-complete CPS-based + macro language and direct access to relevant C++ type information + (basically offsets of fields and sizes of structs/classes). + + Code executing in LLInt appears to the rest of the JSC world "as if" it + were executing in the old JIT. Hence, things like exception handling and + cross-execution-engine calls just work and require pretty much no + additional overhead. + + This interpreter is 2-2.5x faster than our old interpreter on SunSpider, + V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider, + V8, and Kraken, but appear to get a double-digit improvement on real-world + websites due to a huge reduction in the amount of JIT'ing. + + * CMakeLists.txt: + * GNUmakefile.am: + * GNUmakefile.list.am: + * JavaScriptCore.pri: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * assembler/LinkBuffer.h: + * assembler/MacroAssemblerCodeRef.h: + (MacroAssemblerCodePtr): + (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): + * bytecode/BytecodeConventions.h: Added. + * bytecode/CallLinkStatus.cpp: + (JSC::CallLinkStatus::computeFromLLInt): + (JSC): + (JSC::CallLinkStatus::computeFor): + * bytecode/CallLinkStatus.h: + (JSC::CallLinkStatus::isSet): + (JSC::CallLinkStatus::operator!): + (CallLinkStatus): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::~CodeBlock): + (JSC::CodeBlock::finalizeUnconditionally): + (JSC::CodeBlock::stronglyVisitStrongReferences): + (JSC): + (JSC::CodeBlock::unlinkCalls): + (JSC::CodeBlock::unlinkIncomingCalls): + (JSC::CodeBlock::bytecodeOffset): + (JSC::ProgramCodeBlock::jettison): + (JSC::EvalCodeBlock::jettison): + (JSC::FunctionCodeBlock::jettison): + (JSC::ProgramCodeBlock::jitCompileImpl): + (JSC::EvalCodeBlock::jitCompileImpl): + (JSC::FunctionCodeBlock::jitCompileImpl): + * bytecode/CodeBlock.h: + (JSC): + (CodeBlock): + (JSC::CodeBlock::baselineVersion): + (JSC::CodeBlock::linkIncomingCall): + (JSC::CodeBlock::bytecodeOffset): + (JSC::CodeBlock::jitCompile): + (JSC::CodeBlock::hasOptimizedReplacement): + (JSC::CodeBlock::addPropertyAccessInstruction): + (JSC::CodeBlock::addGlobalResolveInstruction): + (JSC::CodeBlock::addLLIntCallLinkInfo): + (JSC::CodeBlock::addGlobalResolveInfo): + (JSC::CodeBlock::numberOfMethodCallLinkInfos): + (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): + (JSC::CodeBlock::likelyToTakeSlowCase): + (JSC::CodeBlock::couldTakeSlowCase): + (JSC::CodeBlock::likelyToTakeSpecialFastCase): + (JSC::CodeBlock::likelyToTakeDeepestSlowCase): + (JSC::CodeBlock::likelyToTakeAnySlowCase): + (JSC::CodeBlock::addFrequentExitSite): + (JSC::CodeBlock::dontJITAnytimeSoon): + (JSC::CodeBlock::jitAfterWarmUp): + (JSC::CodeBlock::jitSoon): + (JSC::CodeBlock::llintExecuteCounter): + (ProgramCodeBlock): + (EvalCodeBlock): + (FunctionCodeBlock): + * bytecode/GetByIdStatus.cpp: + (JSC::GetByIdStatus::computeFromLLInt): + (JSC): + (JSC::GetByIdStatus::computeFor): + * bytecode/GetByIdStatus.h: + (JSC::GetByIdStatus::GetByIdStatus): + (JSC::GetByIdStatus::wasSeenInJIT): + (GetByIdStatus): + * bytecode/Instruction.h: + (JSC): + (JSC::Instruction::Instruction): + (Instruction): + * bytecode/LLIntCallLinkInfo.h: Added. + (JSC): + (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo): + (LLIntCallLinkInfo): + (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo): + (JSC::LLIntCallLinkInfo::isLinked): + (JSC::LLIntCallLinkInfo::unlink): + * bytecode/MethodCallLinkStatus.cpp: + (JSC::MethodCallLinkStatus::computeFor): + * bytecode/Opcode.cpp: + (JSC): + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * bytecode/PutByIdStatus.cpp: + (JSC::PutByIdStatus::computeFromLLInt): + (JSC): + (JSC::PutByIdStatus::computeFor): + * bytecode/PutByIdStatus.h: + (PutByIdStatus): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitGetById): + (JSC::BytecodeGenerator::emitPutById): + (JSC::BytecodeGenerator::emitDirectPutById): + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitConstruct): + (JSC::BytecodeGenerator::emitCatch): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOperations.cpp: + * heap/Heap.h: + (JSC): + (JSC::Heap::firstAllocatorWithoutDestructors): + (Heap): + * heap/MarkStack.cpp: + (JSC::visitChildren): + * heap/MarkedAllocator.h: + (JSC): + (MarkedAllocator): + * heap/MarkedSpace.h: + (JSC): + (MarkedSpace): + (JSC::MarkedSpace::firstAllocator): + * interpreter/CallFrame.cpp: + (JSC): + (JSC::CallFrame::bytecodeOffsetForNonDFGCode): + (JSC::CallFrame::setBytecodeOffsetForNonDFGCode): + (JSC::CallFrame::currentVPC): + (JSC::CallFrame::setCurrentVPC): + (JSC::CallFrame::trueCallerFrame): + * interpreter/CallFrame.h: + (JSC::ExecState::hasReturnPC): + (JSC::ExecState::clearReturnPC): + (ExecState): + (JSC::ExecState::bytecodeOffsetForNonDFGCode): + (JSC::ExecState::currentVPC): + (JSC::ExecState::setCurrentVPC): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::Interpreter): + (JSC::Interpreter::~Interpreter): + (JSC): + (JSC::Interpreter::initialize): + (JSC::Interpreter::isOpcode): + (JSC::Interpreter::unwindCallFrame): + (JSC::getCallerInfo): + (JSC::Interpreter::privateExecute): + (JSC::Interpreter::retrieveLastCaller): + * interpreter/Interpreter.h: + (JSC): + (Interpreter): + (JSC::Interpreter::getOpcode): + (JSC::Interpreter::getOpcodeID): + (JSC::Interpreter::classicEnabled): + * interpreter/RegisterFile.h: + (JSC): + (RegisterFile): + * jit/ExecutableAllocator.h: + (JSC): + * jit/HostCallReturnValue.cpp: Added. + (JSC): + (JSC::getHostCallReturnValueWithExecState): + * jit/HostCallReturnValue.h: Added. + (JSC): + (JSC::initializeHostCallReturnValue): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + * jit/JITCode.h: + (JSC::JITCode::isOptimizingJIT): + (JITCode): + (JSC::JITCode::isBaselineCode): + (JSC::JITCode::JITCode): + * jit/JITDriver.h: + (JSC::jitCompileIfAppropriate): + (JSC::jitCompileFunctionIfAppropriate): + * jit/JITExceptions.cpp: + (JSC::jitThrow): + * jit/JITInlineMethods.h: + (JSC::JIT::updateTopCallFrame): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC): + * jit/JITStubs.h: + (JSC): + * jit/JSInterfaceJIT.h: + * llint: Added. + * llint/LLIntCommon.h: Added. + * llint/LLIntData.cpp: Added. + (LLInt): + (JSC::LLInt::Data::Data): + (JSC::LLInt::Data::performAssertions): + (JSC::LLInt::Data::~Data): + * llint/LLIntData.h: Added. + (JSC): + (LLInt): + (Data): + (JSC::LLInt::Data::exceptionInstructions): + (JSC::LLInt::Data::opcodeMap): + (JSC::LLInt::Data::performAssertions): + * llint/LLIntEntrypoints.cpp: Added. + (LLInt): + (JSC::LLInt::getFunctionEntrypoint): + (JSC::LLInt::getEvalEntrypoint): + (JSC::LLInt::getProgramEntrypoint): + * llint/LLIntEntrypoints.h: Added. + (JSC): + (LLInt): + (JSC::LLInt::getEntrypoint): + * llint/LLIntExceptions.cpp: Added. + (LLInt): + (JSC::LLInt::interpreterThrowInCaller): + (JSC::LLInt::returnToThrowForThrownException): + (JSC::LLInt::returnToThrow): + (JSC::LLInt::callToThrow): + * llint/LLIntExceptions.h: Added. + (JSC): + (LLInt): + * llint/LLIntOfflineAsmConfig.h: Added. + * llint/LLIntOffsetsExtractor.cpp: Added. + (JSC): + (LLIntOffsetsExtractor): + (JSC::LLIntOffsetsExtractor::dummy): + (main): + * llint/LLIntSlowPaths.cpp: Added. + (LLInt): + (JSC::LLInt::llint_trace_operand): + (JSC::LLInt::llint_trace_value): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (JSC::LLInt::traceFunctionPrologue): + (JSC::LLInt::shouldJIT): + (JSC::LLInt::entryOSR): + (JSC::LLInt::resolveGlobal): + (JSC::LLInt::getByVal): + (JSC::LLInt::handleHostCall): + (JSC::LLInt::setUpCall): + (JSC::LLInt::genericCall): + * llint/LLIntSlowPaths.h: Added. + (JSC): + (LLInt): + * llint/LLIntThunks.cpp: Added. + (LLInt): + (JSC::LLInt::generateThunkWithJumpTo): + (JSC::LLInt::functionForCallEntryThunkGenerator): + (JSC::LLInt::functionForConstructEntryThunkGenerator): + (JSC::LLInt::functionForCallArityCheckThunkGenerator): + (JSC::LLInt::functionForConstructArityCheckThunkGenerator): + (JSC::LLInt::evalEntryThunkGenerator): + (JSC::LLInt::programEntryThunkGenerator): + * llint/LLIntThunks.h: Added. + (JSC): + (LLInt): + * llint/LowLevelInterpreter.asm: Added. + * llint/LowLevelInterpreter.cpp: Added. + * llint/LowLevelInterpreter.h: Added. + * offlineasm: Added. + * offlineasm/armv7.rb: Added. + * offlineasm/asm.rb: Added. + * offlineasm/ast.rb: Added. + * offlineasm/backends.rb: Added. + * offlineasm/generate_offset_extractor.rb: Added. + * offlineasm/instructions.rb: Added. + * offlineasm/offset_extractor_constants.rb: Added. + * offlineasm/offsets.rb: Added. + * offlineasm/opt.rb: Added. + * offlineasm/parser.rb: Added. + * offlineasm/registers.rb: Added. + * offlineasm/self_hash.rb: Added. + * offlineasm/settings.rb: Added. + * offlineasm/transform.rb: Added. + * offlineasm/x86.rb: Added. + * runtime/CodeSpecializationKind.h: Added. + (JSC): + * runtime/CommonSlowPaths.h: + (JSC::CommonSlowPaths::arityCheckFor): + (CommonSlowPaths): + * runtime/Executable.cpp: + (JSC::jettisonCodeBlock): + (JSC): + (JSC::EvalExecutable::jitCompile): + (JSC::samplingDescription): + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::jitCompile): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::baselineCodeBlockFor): + (JSC::FunctionExecutable::jitCompileForCall): + (JSC::FunctionExecutable::jitCompileForConstruct): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (JSC): + (EvalExecutable): + (ProgramExecutable): + (FunctionExecutable): + (JSC::FunctionExecutable::jitCompileFor): + * runtime/ExecutionHarness.h: Added. + (JSC): + (JSC::prepareForExecution): + (JSC::prepareFunctionForExecution): + * runtime/JSArray.h: + (JSC): + (JSArray): + * runtime/JSCell.h: + (JSC): + (JSCell): + * runtime/JSFunction.h: + (JSC): + (JSFunction): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSC): + (JSGlobalData): + * runtime/JSGlobalObject.h: + (JSC): + (JSGlobalObject): + * runtime/JSObject.h: + (JSC): + (JSObject): + (JSFinalObject): + * runtime/JSPropertyNameIterator.h: + (JSC): + (JSPropertyNameIterator): + * runtime/JSString.h: + (JSC): + (JSString): + * runtime/JSTypeInfo.h: + (JSC): + (TypeInfo): + * runtime/JSValue.cpp: + (JSC::JSValue::description): + * runtime/JSValue.h: + (LLInt): + (JSValue): + * runtime/JSVariableObject.h: + (JSC): + (JSVariableObject): + * runtime/Options.cpp: + (Options): + (JSC::Options::initializeOptions): + * runtime/Options.h: + (Options): + * runtime/ScopeChain.h: + (JSC): + (ScopeChainNode): + * runtime/Structure.cpp: + (JSC::Structure::addPropertyTransition): + * runtime/Structure.h: + (JSC): + (Structure): + * runtime/StructureChain.h: + (JSC): + (StructureChain): + * wtf/InlineASM.h: + * wtf/Platform.h: + * wtf/SentinelLinkedList.h: + (SentinelLinkedList): + (WTF::SentinelLinkedList::isEmpty): + * wtf/text/StringImpl.h: + (JSC): + (StringImpl): + +2012-02-20 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, rolling out http://trac.webkit.org/changeset/108291 + It completely broke the 32-bit JIT. + + * heap/CopiedAllocator.h: + * heap/CopiedSpace.h: + (CopiedSpace): + * heap/Heap.h: + (JSC::Heap::allocatorForObjectWithDestructor): + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): + * jit/JIT.h: + (JIT): + * jit/JITInlineMethods.h: + (JSC): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_array): + * runtime/JSArray.cpp: + (JSC::storageSize): + (JSC): + * runtime/JSArray.h: + (ArrayStorage): + (JSArray): + +2012-02-20 Gavin Barraclough <barraclough@apple.com> + + [[Put]] should throw if prototype chain contains a readonly property. + https://bugs.webkit.org/show_bug.cgi?id=79069 + + Reviewed by Oliver Hunt. + + Currently we only check the base of the put, not the prototype chain. + Fold this check in with the test for accessors. + + * runtime/JSObject.cpp: + (JSC::JSObject::put): + - Updated to test all objects in the propotype chain for readonly properties. + (JSC::JSObject::putDirectAccessor): + (JSC::putDescriptor): + - Record the presence of readonly properties on the structure. + * runtime/Structure.cpp: + (JSC::Structure::Structure): + - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto. + * runtime/Structure.h: + (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): + (JSC::Structure::setHasGetterSetterProperties): + - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto. + (JSC::Structure::setContainsReadOnlyProperties): + - Added. + +2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com> + + Implement fast path for op_new_array in the baseline JIT + https://bugs.webkit.org/show_bug.cgi?id=78612 + + Reviewed by Filip Pizlo. + + * heap/CopiedAllocator.h: + (CopiedAllocator): Friended the JIT to allow access to m_currentOffset. + * heap/CopiedSpace.h: + (CopiedSpace): Friended the JIT to allow access to + (JSC::CopiedSpace::allocator): + * heap/Heap.h: + (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT + can use it for simple allocation i.e. when we can just bump the offset without having to + do anything else. + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when + we have to bail out because the fast allocation path fails for whatever reason. + * jit/JIT.h: + (JIT): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to + allocate generic backing stores. This function is used by emitAllocateJSArray. + (JSC): + (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to + more easily allocate JSArrays. This function is used by emit_op_new_array and I expect + it will also be used for emit_op_new_array_buffer. + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does + a stub call for oversize arrays. + (JSC): + (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on + the fast path. + * runtime/JSArray.cpp: + (JSC): + * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to + initialize in the JIT. + (ArrayStorage): + (JSC::ArrayStorage::lengthOffset): + (JSC::ArrayStorage::numValuesInVectorOffset): + (JSC::ArrayStorage::allocBaseOffset): + (JSC::ArrayStorage::vectorOffset): + (JSArray): + (JSC::JSArray::sparseValueMapOffset): + (JSC::JSArray::subclassDataOffset): + (JSC::JSArray::indexBiasOffset): + (JSC): + (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file + to being a static function in the JSArray class. This move allows the JIT to call it to + see what size it should allocate. + +2012-02-20 Gavin Barraclough <barraclough@apple.com> + + DefineOwnProperty fails with numeric properties & Object.prototype + https://bugs.webkit.org/show_bug.cgi?id=79059 + + Reviewed by Oliver Hunt. + + ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names), + calls to defineOwnProperty need to update this cache. + + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::put): + (JSC::ObjectPrototype::defineOwnProperty): + (JSC): + (JSC::ObjectPrototype::getOwnPropertySlotByIndex): + * runtime/ObjectPrototype.h: + (ObjectPrototype): + +2012-02-20 Pino Toscano <pino@debian.org> + + Does not build on GNU Hurd + https://bugs.webkit.org/show_bug.cgi?id=79045 + + Reviewed by Gustavo Noronha Silva. + + * wtf/Platform.h: define WTF_OS_HURD. + * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix + for the lack of PTHREAD_KEYS_MAX definition, with a value which + should not cause issues. + +2012-02-20 Gavin Barraclough <barraclough@apple.com> + + Unreviewed windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com> + + Undoing accidental changes + + * heap/Heap.cpp: + (JSC::Heap::collectAllGarbage): + +2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com> + + Factor out allocation in CopySpace into a separate CopyAllocator + https://bugs.webkit.org/show_bug.cgi?id=78610 + + Reviewed by Oliver Hunt. + + Added a new CopyAllocator class, which allows us to do allocations without + having to load the current offset and store the current offset in the current + block. This change will allow us to easily do inline assembly in the JIT for + array allocations. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/CopiedAllocator.h: Added. + (JSC): + (CopiedAllocator): + (JSC::CopiedAllocator::currentBlock): + (JSC::CopiedAllocator::CopiedAllocator): + (JSC::CopiedAllocator::allocate): + (JSC::CopiedAllocator::fitsInCurrentBlock): + (JSC::CopiedAllocator::wasLastAllocation): + (JSC::CopiedAllocator::startedCopying): + (JSC::CopiedAllocator::resetCurrentBlock): + (JSC::CopiedAllocator::currentUtilization): + (JSC::CopiedAllocator::resetLastAllocation): + * heap/CopiedBlock.h: + (CopiedBlock): + * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we + weren't really getting any benefits from having such big functions in a header file. + (JSC::CopiedSpace::CopiedSpace): + (JSC): + (JSC::CopiedSpace::init): + (JSC::CopiedSpace::tryAllocateSlowCase): + (JSC::CopiedSpace::tryAllocateOversize): + (JSC::CopiedSpace::tryReallocate): + (JSC::CopiedSpace::tryReallocateOversize): + (JSC::CopiedSpace::doneFillingBlock): + (JSC::CopiedSpace::doneCopying): + (JSC::CopiedSpace::getFreshBlock): + * heap/CopiedSpace.h: + (CopiedSpace): + * heap/CopiedSpaceInlineMethods.h: + (JSC): + (JSC::CopiedSpace::startedCopying): + (JSC::CopiedSpace::addNewBlock): + (JSC::CopiedSpace::allocateNewBlock): + (JSC::CopiedSpace::fitsInBlock): + (JSC::CopiedSpace::tryAllocate): + (JSC::CopiedSpace::allocateFromBlock): + * heap/Heap.cpp: + (JSC::Heap::collectAllGarbage): + * heap/HeapBlock.h: + (HeapBlock): + +2012-02-20 Patrick Gansterer <paroga@webkit.org> + + Fix Visual Studio 2010 build. + + * bytecompiler/NodesCodegen.cpp: + (JSC::PropertyListNode::emitBytecode): + +2012-02-16 Gavin Barraclough <barraclough@apple.com> + + Move special __proto__ property to Object.prototype + https://bugs.webkit.org/show_bug.cgi?id=78409 + + Reviewed by Oliver Hunt. + + Re-implement this as a regular accessor property. This has three key benefits: + 1) It makes it possible for objects to be given properties named __proto__. + 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. + 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. + + * parser/Parser.cpp: + (JSC::::parseFunctionInfo): + - No need to prohibit functions named __proto__. + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + - Add __proto__ accessor to Object.prototype. + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncProtoGetter): + (JSC::globalFuncProtoSetter): + - Definition of the __proto__ accessor functions. + * runtime/JSGlobalObjectFunctions.h: + - Declaration of the __proto__ accessor functions. + * runtime/JSObject.cpp: + (JSC::JSObject::put): + - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. + (JSC::JSObject::putDirectAccessor): + - Track on the structure whether an object contains accessors other than one for __proto__. + (JSC::JSObject::defineOwnProperty): + - No need to prohibit definition of own properties named __proto__. + * runtime/JSObject.h: + (JSC::JSObject::inlineGetOwnPropertySlot): + - Remove the special handling for __proto__. + (JSC::JSValue::get): + - Remove the special handling for __proto__. + * runtime/JSString.cpp: + (JSC::JSString::getOwnPropertySlot): + - Remove the special handling for __proto__. + * runtime/JSValue.h: + (JSValue): + - Made synthesizePrototype public (this may be needed by the __proto__ getter). + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorGetPrototypeOf): + - Perform the security check & call prototype() directly. + * runtime/Structure.cpp: + (JSC::Structure::Structure): + - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. + * runtime/Structure.h: + (JSC::Structure::hasGetterSetterPropertiesExcludingProto): + (JSC::Structure::setHasGetterSetterProperties): + (Structure): + - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. + +2012-02-20 Michael Saboff <msaboff@apple.com> + + Update toLower and toUpper tests for Unicode 6.1 changes + https://bugs.webkit.org/show_bug.cgi?id=78923 + + Reviewed by Oliver Hunt. + + * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test + to handle a third set of results for updated Unicode 6.1 + changes. + (getTestCases): + (TestCaseMultiExpected): + (writeTestCaseResultMultiExpected): + (getTestCaseResultMultiExpected): + (test): + (GetUnicodeValues): + (DecimalToHexString): + +2012-02-20 Andy Wingo <wingo@igalia.com> + + Remove unused features from CodeFeatures + https://bugs.webkit.org/show_bug.cgi?id=78804 + + Reviewed by Gavin Barraclough. + + * parser/Nodes.h: + * parser/ASTBuilder.h: + (JSC::ClosureFeature): + (JSC::ASTBuilder::createFunctionBody): + (JSC::ASTBuilder::usesClosures): + Remove "ClosureFeature". Since we track captured variables more + precisely, this bit doesn't do us any good. + + (JSC::AssignFeature): + (JSC::ASTBuilder::makeAssignNode): + (JSC::ASTBuilder::makePrefixNode): + (JSC::ASTBuilder::makePostfixNode): + (JSC::ASTBuilder::usesAssignment): + Similarly, remove AssignFeature. It is unused. + +2012-02-19 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck issues. + + * GNUmakefile.list.am: Add missing files. + +2012-02-18 Sam Weinig <sam@webkit.org> + + Fix style issues in DFG Phase classes + https://bugs.webkit.org/show_bug.cgi?id=78983 + + Reviewed by Ryosuke Niwa. + + * dfg/DFGArithNodeFlagsInferencePhase.cpp: + * dfg/DFGCFAPhase.cpp: + * dfg/DFGCSEPhase.cpp: + * dfg/DFGPredictionPropagationPhase.cpp: + * dfg/DFGVirtualRegisterAllocationPhase.cpp: + Add a space before the colon in class declarations. + +2012-02-18 Filip Pizlo <fpizlo@apple.com> + + Attempt to fix Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-02-18 Sam Weinig <sam@webkit.org> + + Fix the libc++ build. + + Reviewed by Anders Carlsson. + + * heap/Weak.h: + Libc++'s nullptr emulation does not allow default construction + of the nullptr_t type. Work around this with the arguably clearer + just returning nullptr. + +2012-02-18 Filip Pizlo <fpizlo@apple.com> + + DFGPropagator.cpp has too many things + https://bugs.webkit.org/show_bug.cgi?id=78956 + + Reviewed by Oliver Hunt. + + Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its + various things and put them into separate files. These new phases follow + the naming convention "DFG<name>Phase" where <name> is a noun. They are + called via functions of the form "perform<name>". + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added. + (DFG): + (JSC::DFG::performArithNodeFlagsInference): + * dfg/DFGArithNodeFlagsInferencePhase.h: Added. + (DFG): + * dfg/DFGCFAPhase.cpp: Added. + (DFG): + (JSC::DFG::performCFA): + * dfg/DFGCFAPhase.h: Added. + (DFG): + * dfg/DFGCSEPhase.cpp: Added. + (DFG): + (JSC::DFG::performCSE): + * dfg/DFGCSEPhase.h: Added. + (DFG): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGPhase.cpp: Added. + (DFG): + (JSC::DFG::Phase::beginPhase): + (JSC::DFG::Phase::endPhase): + * dfg/DFGPhase.h: Added. + (DFG): + (Phase): + (JSC::DFG::Phase::Phase): + (JSC::DFG::Phase::~Phase): + (JSC::DFG::Phase::globalData): + (JSC::DFG::Phase::codeBlock): + (JSC::DFG::Phase::profiledBlock): + (JSC::DFG::Phase::beginPhase): + (JSC::DFG::Phase::endPhase): + (JSC::DFG::runPhase): + * dfg/DFGPredictionPropagationPhase.cpp: Added. + (DFG): + (JSC::DFG::performPredictionPropagation): + * dfg/DFGPredictionPropagationPhase.h: Added. + (DFG): + * dfg/DFGPropagator.cpp: Removed. + * dfg/DFGPropagator.h: Removed. + * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added. + (DFG): + (JSC::DFG::performVirtualRegisterAllocation): + * dfg/DFGVirtualRegisterAllocationPhase.h: Added. + (DFG): + +2012-02-17 Filip Pizlo <fpizlo@apple.com> + + DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and + the CodeBlock that was used for profiling + https://bugs.webkit.org/show_bug.cgi?id=78954 + + Reviewed by Gavin Barraclough. + + * bytecode/CodeBlock.h: + (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): + (JSC): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::AbstractState): + (JSC::DFG::AbstractState::execute): + * dfg/DFGAbstractState.h: + * dfg/DFGAssemblyHelpers.h: + (AssemblyHelpers): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::parse): + * dfg/DFGByteCodeParser.h: + (DFG): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::Graph): + (Graph): + (JSC::DFG::Graph::getJSConstantPrediction): + (JSC::DFG::Graph::addShouldSpeculateInteger): + (JSC::DFG::Graph::isInt32Constant): + (JSC::DFG::Graph::isDoubleConstant): + (JSC::DFG::Graph::isNumberConstant): + (JSC::DFG::Graph::isBooleanConstant): + (JSC::DFG::Graph::isFunctionConstant): + (JSC::DFG::Graph::valueOfJSConstant): + (JSC::DFG::Graph::valueOfInt32Constant): + (JSC::DFG::Graph::valueOfNumberConstant): + (JSC::DFG::Graph::valueOfBooleanConstant): + (JSC::DFG::Graph::valueOfFunctionConstant): + (JSC::DFG::Graph::baselineCodeBlockFor): + (JSC::DFG::Graph::valueProfileFor): + (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::JITCompiler): + (JITCompiler): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::Propagator): + (JSC::DFG::Propagator::isNotNegZero): + (JSC::DFG::Propagator::isNotZero): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::doRoundOfDoubleVoting): + (JSC::DFG::Propagator::globalCFA): + (JSC::DFG::propagate): + * dfg/DFGPropagator.h: + (DFG): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + (JSC::DFG::SpeculativeJIT::compileAdd): + (JSC::DFG::SpeculativeJIT::compileArithSub): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isConstant): + (JSC::DFG::SpeculativeJIT::isJSConstant): + (JSC::DFG::SpeculativeJIT::isInt32Constant): + (JSC::DFG::SpeculativeJIT::isDoubleConstant): + (JSC::DFG::SpeculativeJIT::isNumberConstant): + (JSC::DFG::SpeculativeJIT::isBooleanConstant): + (JSC::DFG::SpeculativeJIT::isFunctionConstant): + (JSC::DFG::SpeculativeJIT::valueOfInt32Constant): + (JSC::DFG::SpeculativeJIT::valueOfNumberConstant): + (JSC::DFG::SpeculativeJIT::valueOfJSConstant): + (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant): + (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant): + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + +2012-02-17 Ahmad Sharif <asharif.tools@gmail.com> + + There is a warning in memset in glibc that gets triggered through a + warndecl when the fill-value of memset is a non-zero constant and the + size is zero. This warning is enabled when building with + -D_FORTIFY_SOURCE=2. This patch fixes the warning. + + https://bugs.webkit.org/show_bug.cgi?id=78513 + + Reviewed by Alexey Proskuryakov + + * wtf/Vector.h: + +2012-02-17 Kalev Lember <kalevlember@gmail.com> + + Remove unused parameters from WTF threading API + https://bugs.webkit.org/show_bug.cgi?id=78389 + + Reviewed by Adam Roben. + + waitForThreadCompletion() had an out param 'void **result' to get the + 'void *' returned by ThreadFunction. However, the implementation in + ThreadingWin.cpp ignored the out param, not filling it in. This had + led to a situation where none of the client code made use of the param + and just ignored it. + + To clean this up, the patch changes the signature of ThreadFunction to + return void instead of void* and drops the the unused 'void **result' + parameter from waitForThreadCompletion. Also, all client code is + updated for the API change. + + As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even + though the change only affects internal API, Safari is using it + directly and we'll need to keep the old versions around for ABI + compatibility. For this, the patch adds compatibility wrappers with + the old ABI. + + * JavaScriptCore.order: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * bytecode/SamplingTool.cpp: + (JSC::SamplingThread::threadStartFunc): + (JSC::SamplingThread::stop): + * bytecode/SamplingTool.h: + (SamplingThread): + * heap/Heap.cpp: + (JSC::Heap::~Heap): + (JSC::Heap::blockFreeingThreadStartFunc): + * heap/Heap.h: + * heap/MarkStack.cpp: + (JSC::MarkStackThreadSharedData::markingThreadStartFunc): + (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData): + * heap/MarkStack.h: + (MarkStackThreadSharedData): + * wtf/ParallelJobsGeneric.cpp: + (WTF::ParallelEnvironment::ThreadPrivate::workerThread): + * wtf/ParallelJobsGeneric.h: + (ThreadPrivate): + * wtf/ThreadFunctionInvocation.h: Update the signature of + ThreadFunction. + (WTF): + * wtf/Threading.cpp: + (WTF::threadEntryPoint): Update for ThreadFunction signature change. + (WTF): + (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation): + ABI compatibility function for Safari. + (ThreadFunctionWithReturnValueInvocation): Ditto. + (WTF::compatEntryPoint): Ditto. + (WTF::createThread): Ditto. + (WTF::waitForThreadCompletion): Ditto. + * wtf/Threading.h: Update the signature of ThreadFunction and + waitForThreadCompletion. + (WTF): + * wtf/ThreadingPthreads.cpp: Implement the new API. + (WTF::wtfThreadEntryPoint): + (WTF): + (WTF::createThreadInternal): + (WTF::waitForThreadCompletion): + * wtf/ThreadingWin.cpp: Implement the new API. + (WTF::wtfThreadEntryPoint): + (WTF::waitForThreadCompletion): + +2012-02-16 Oliver Hunt <oliver@apple.com> + + Implement Error.stack + https://bugs.webkit.org/show_bug.cgi?id=66994 + + Reviewed by Gavin Barraclough. + + Implement support for stack traces on exception objects. This is a rewrite + of the core portion of the last stack walking logic, but the mechanical work + of adding the information to an exception comes from the original work by + Juan Carlos Montemayor Elosua. + + * interpreter/Interpreter.cpp: + (JSC::getCallerInfo): + (JSC): + (JSC::getSourceURLFromCallFrame): + (JSC::getStackFrameCodeType): + (JSC::Interpreter::getStackTrace): + (JSC::Interpreter::throwException): + (JSC::Interpreter::privateExecute): + * interpreter/Interpreter.h: + (JSC): + (StackFrame): + (JSC::StackFrame::toString): + (Interpreter): + * jsc.cpp: + (GlobalObject::finishCreation): + (functionJSCStack): + * parser/Nodes.h: + (JSC::FunctionBodyNode::setInferredName): + * parser/Parser.h: + (JSC::::parse): + * runtime/CommonIdentifiers.h: + * runtime/Error.cpp: + (JSC::addErrorInfo): + * runtime/Error.h: + (JSC): + +2012-02-17 Mark Hahnenberg <mhahnenberg@apple.com> + + Rename Bump* to Copy* + https://bugs.webkit.org/show_bug.cgi?id=78573 + + Reviewed by Geoffrey Garen. + + Renamed anything with "Bump" in the name to have "Copied" instead. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * heap/BumpBlock.h: Removed. + * heap/BumpSpace.cpp: Removed. + * heap/BumpSpace.h: Removed. + * heap/BumpSpaceInlineMethods.h: Removed. + * heap/ConservativeRoots.cpp: + (JSC::ConservativeRoots::ConservativeRoots): + (JSC::ConservativeRoots::genericAddPointer): + * heap/ConservativeRoots.h: + (ConservativeRoots): + * heap/CopiedBlock.h: Added. + (JSC): + (CopiedBlock): + (JSC::CopiedBlock::CopiedBlock): + * heap/CopiedSpace.cpp: Added. + (JSC): + (JSC::CopiedSpace::tryAllocateSlowCase): + * heap/CopiedSpace.h: Added. + (JSC): + (CopiedSpace): + (JSC::CopiedSpace::isInCopyPhase): + (JSC::CopiedSpace::totalMemoryAllocated): + (JSC::CopiedSpace::totalMemoryUtilized): + * heap/CopiedSpaceInlineMethods.h: Added. + (JSC): + (JSC::CopiedSpace::CopiedSpace): + (JSC::CopiedSpace::init): + (JSC::CopiedSpace::contains): + (JSC::CopiedSpace::pin): + (JSC::CopiedSpace::startedCopying): + (JSC::CopiedSpace::doneCopying): + (JSC::CopiedSpace::doneFillingBlock): + (JSC::CopiedSpace::recycleBlock): + (JSC::CopiedSpace::getFreshBlock): + (JSC::CopiedSpace::borrowBlock): + (JSC::CopiedSpace::addNewBlock): + (JSC::CopiedSpace::allocateNewBlock): + (JSC::CopiedSpace::fitsInBlock): + (JSC::CopiedSpace::fitsInCurrentBlock): + (JSC::CopiedSpace::tryAllocate): + (JSC::CopiedSpace::tryAllocateOversize): + (JSC::CopiedSpace::allocateFromBlock): + (JSC::CopiedSpace::tryReallocate): + (JSC::CopiedSpace::tryReallocateOversize): + (JSC::CopiedSpace::isOversize): + (JSC::CopiedSpace::isPinned): + (JSC::CopiedSpace::oversizeBlockFor): + (JSC::CopiedSpace::blockFor): + * heap/Heap.cpp: + * heap/Heap.h: + (JSC): + (Heap): + * heap/MarkStack.cpp: + (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): + (JSC::SlotVisitor::drainFromShared): + (JSC::SlotVisitor::startCopying): + (JSC::SlotVisitor::allocateNewSpace): + (JSC::SlotVisitor::doneCopying): + * heap/MarkStack.h: + (MarkStackThreadSharedData): + * heap/SlotVisitor.h: + (SlotVisitor): + * runtime/JSArray.cpp: + * runtime/JSObject.cpp: + +2012-02-16 Yuqiang Xian <yuqiang.xian@intel.com> + + Add JSC code profiling support on Linux x86 + https://bugs.webkit.org/show_bug.cgi?id=78871 + + Reviewed by Gavin Barraclough. + + We don't unwind the stack for now as we cannot guarantee all the + libraries are compiled without -fomit-frame-pointer. + + * tools/CodeProfile.cpp: + (JSC::CodeProfile::sample): + * tools/CodeProfiling.cpp: + (JSC): + (JSC::profilingTimer): + (JSC::CodeProfiling::begin): + (JSC::CodeProfiling::end): + +2012-02-16 Csaba Osztrogonác <ossy@webkit.org> + + Unreviewed. Rolling out r107980, because it broke 32 bit platforms. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::throwException): + (JSC::Interpreter::privateExecute): + * interpreter/Interpreter.h: + (JSC): + (Interpreter): + * jsc.cpp: + (GlobalObject::finishCreation): + * parser/Nodes.h: + (JSC::FunctionBodyNode::setInferredName): + * parser/Parser.h: + (JSC::::parse): + * runtime/CommonIdentifiers.h: + * runtime/Error.cpp: + (JSC::addErrorInfo): + * runtime/Error.h: + (JSC): + +2012-02-16 Filip Pizlo <fpizlo@apple.com> + + ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER + https://bugs.webkit.org/show_bug.cgi?id=78791 + + Rubber stamped by Oliver Hunt. + + Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to + COMPUTED_GOTO_CLASSIC_INTERPRETER. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + (JSC::CodeBlock::stronglyVisitStrongReferences): + (JSC): + (JSC::CodeBlock::shrinkToFit): + * bytecode/CodeBlock.h: + (CodeBlock): + * bytecode/Instruction.h: + (JSC::Instruction::Instruction): + * bytecode/Opcode.h: + (JSC::padOpcodeName): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitGetById): + (JSC::BytecodeGenerator::emitPutById): + (JSC::BytecodeGenerator::emitDirectPutById): + * interpreter/AbstractPC.cpp: + (JSC::AbstractPC::AbstractPC): + * interpreter/AbstractPC.h: + (AbstractPC): + * interpreter/CallFrame.h: + (ExecState): + * interpreter/Interpreter.cpp: + (JSC): + (JSC::Interpreter::initialize): + (JSC::Interpreter::isOpcode): + (JSC::Interpreter::unwindCallFrame): + (JSC::Interpreter::execute): + (JSC::Interpreter::privateExecute): + (JSC::Interpreter::retrieveLastCaller): + * interpreter/Interpreter.h: + (JSC::Interpreter::getOpcode): + (JSC::Interpreter::getOpcodeID): + (Interpreter): + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (NativeExecutable): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::getHostFunction): + * runtime/JSGlobalData.h: + (JSGlobalData): + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): + * wtf/Platform.h: + +2012-02-15 Geoffrey Garen <ggaren@apple.com> + + Made Weak<T> single-owner, adding PassWeak<T> + https://bugs.webkit.org/show_bug.cgi?id=78740 + + Reviewed by Sam Weinig. + + This works basically the same way as OwnPtr<T> and PassOwnPtr<T>. + + This clarifies the semantics of finalizers: It's ambiguous and probably + a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor + twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a + Weak<T>, we now use PassWeak<T>. + + This also makes Weak<T> HashMaps more efficient. + + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since + set() is gone now. + + * JavaScriptCore.xcodeproj/project.pbxproj: Export! + + * heap/PassWeak.h: Added. + (JSC): + (PassWeak): + (JSC::PassWeak::PassWeak): + (JSC::PassWeak::~PassWeak): + (JSC::PassWeak::get): + (JSC::::leakHandle): + (JSC::adoptWeak): + (JSC::operator==): + (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>. + + * heap/Weak.h: + (Weak): + (JSC::Weak::Weak): + (JSC::Weak::release): + (JSC::Weak::hashTableDeletedValue): + (JSC::=): + (JSC): Changed to be non-copyable, removing a lot of copying-related + APIs. Added hash traits so hash maps still work. + + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): + * runtime/RegExpCache.cpp: + (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by + our new hash map API. + +2012-02-16 Mark Hahnenberg <mhahnenberg@apple.com> + + Fix the broken viewport tests + https://bugs.webkit.org/show_bug.cgi?id=78774 + + Reviewed by Kenneth Rohde Christiansen. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/text/WTFString.cpp: + (WTF): + (WTF::toDoubleType): Template-ized to allow other functions to specify whether they + want to allow trailing junk or not when calling strtod. + (WTF::charactersToDouble): + (WTF::charactersToFloat): + (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows + trailing junk. + * wtf/text/WTFString.h: + (WTF): + +2012-02-16 Oliver Hunt <oliver@apple.com> + + Implement Error.stack + https://bugs.webkit.org/show_bug.cgi?id=66994 + + Reviewed by Gavin Barraclough. + + Implement support for stack traces on exception objects. This is a rewrite + of the core portion of the last stack walking logic, but the mechanical work + of adding the information to an exception comes from the original work by + Juan Carlos Montemayor Elosua. + + * interpreter/Interpreter.cpp: + (JSC::getCallerInfo): + (JSC): + (JSC::getSourceURLFromCallFrame): + (JSC::getStackFrameCodeType): + (JSC::Interpreter::getStackTrace): + (JSC::Interpreter::throwException): + (JSC::Interpreter::privateExecute): + * interpreter/Interpreter.h: + (JSC): + (StackFrame): + (JSC::StackFrame::toString): + (Interpreter): + * jsc.cpp: + (GlobalObject::finishCreation): + (functionJSCStack): + * parser/Nodes.h: + (JSC::FunctionBodyNode::setInferredName): + * parser/Parser.h: + (JSC::::parse): + * runtime/CommonIdentifiers.h: + * runtime/Error.cpp: + (JSC::addErrorInfo): + * runtime/Error.h: + (JSC): + +2012-02-15 Gavin Barraclough <barraclough@apple.com> + + Numerous trivial bugs in Object.defineProperty + https://bugs.webkit.org/show_bug.cgi?id=78777 + + Reviewed by Sam Weinig. + + There are a handful of really trivial bugs, related to Object.defineProperty: + * Redefining an accessor with different attributes changes the attributes, but not the get/set functions! + * Calling an undefined setter should only throw in strict mode. + * When redefining an accessor to a data decriptor, if writable is not specified we should default to false. + * Any attempt to redefine a non-configurable property of an array as configurable should be rejected. + * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object. + * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail. + * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). + * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes. + * Should be able to define an non-configurable accessor. + These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute. + + * runtime/JSArray.cpp: + (JSC::SparseArrayValueMap::put): + - Added ASSERT. + - Calling an undefined setter should only throw in strict mode. + (JSC::JSArray::putDescriptor): + - Should be able to define an non-configurable accessor. + (JSC::JSArray::defineOwnNumericProperty): + - Any attempt to redefine a non-configurable property of an array as configurable should be rejected. + (JSC::JSArray::putByIndexBeyondVectorLength): + - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail. + * runtime/JSArray.h: + (JSArray): + - made enterDictionaryMode public, called from JSObject. + * runtime/JSObject.cpp: + (JSC::JSObject::put): + - Calling an undefined setter should only throw in strict mode. + (JSC::JSObject::preventExtensions): + - Put array objects into dictionary mode to handle this! + (JSC::JSObject::defineOwnProperty): + - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes. + - Redefining an accessor with different attributes changes the attributes, but not the get/set functions! + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorDefineProperties): + - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object. + * runtime/PropertyDescriptor.cpp: + (JSC::PropertyDescriptor::attributesWithOverride): + - When redefining an accessor to a data decriptor, if writable is not specified we should default to false. + (JSC::PropertyDescriptor::attributesOverridingCurrent): + - When redefining an accessor to a data decriptor, if writable is not specified we should default to false. + * runtime/Structure.cpp: + (JSC::Structure::freezeTransition): + - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). + (JSC::Structure::isFrozen): + - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). + +2012-02-13 Filip Pizlo <fpizlo@apple.com> + + DFG should not check the types of arguments that are dead + https://bugs.webkit.org/show_bug.cgi?id=78518 + + Reviewed by Geoff Garen. + + The argument checks are now elided if the corresponding SetArgument is dead, + and the abstract value of the argument is set to bottom (None, []). This is + performance neutral on the benchmarks we currently track. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::initialize): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + +2012-02-15 Oliver Hunt <oliver@apple.com> + + Ensure that the DFG JIT always plants a CodeOrigin when making calls + https://bugs.webkit.org/show_bug.cgi?id=78763 + + Reviewed by Gavin Barraclough. + + Make all calls plant a CodeOrigin prior to the actual + call. Also clobbers the Interpreter with logic to ensure + that the interpreter always plants a bytecode offset. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (CallBeginToken): + (JSC::DFG::JITCompiler::beginJSCall): + (JSC::DFG::JITCompiler::beginCall): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryBuildGetByIDList): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + * interpreter/AbstractPC.cpp: + (JSC::AbstractPC::AbstractPC): + * interpreter/CallFrame.cpp: + (JSC::CallFrame::trueCallFrame): + * interpreter/CallFrame.h: + (JSC::ExecState::bytecodeOffsetForNonDFGCode): + (ExecState): + (JSC::ExecState::setBytecodeOffsetForNonDFGCode): + (JSC::ExecState::codeOriginIndexForDFG): + +2012-02-14 Oliver Hunt <oliver@apple.com> + + Fix Interpreter. + + * runtime/Executable.cpp: + (JSC): + * runtime/Executable.h: + (ExecutableBase): + +2012-02-14 Matt Lilek <mrl@apple.com> + + Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms + https://bugs.webkit.org/show_bug.cgi?id=78629 + + Reviewed by David Kilzer. + + * Configurations/FeatureDefines.xcconfig: + +2012-02-14 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, build fix for non-DFG platforms. + + * assembler/MacroAssembler.h: + (MacroAssembler): + +2012-02-14 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, fix build and configuration goof. + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::invert): + * dfg/DFGCommon.h: + +2012-02-13 Filip Pizlo <fpizlo@apple.com> + + DFG should be able to emit code on control flow edges + https://bugs.webkit.org/show_bug.cgi?id=78515 + + Reviewed by Gavin Barraclough. + + This gets us a few steps closer to being able to perform global register allocation, + by allowing us to have landing pads on control flow edges. This will let us reshuffle + registers if it happens to be necessary due to different reg alloc decisions in + differen blocks. + + This also introduces the notion of a landing pad for OSR entry, which will allow us + to emit code that places data into registers when we're entering into the DFG from + the old JIT. + + Finally, this patch introduces a verification mode that checks that the landing pads + are actually emitted and do actually work as advertised. When verification is disabled, + this has no effect on behavior. + + * assembler/MacroAssembler.h: + (MacroAssembler): + (JSC::MacroAssembler::invert): + (JSC::MacroAssembler::isInvertible): + * dfg/DFGCommon.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::createOSREntries): + (DFG): + (JSC::DFG::SpeculativeJIT::linkOSREntries): + (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): + * dfg/DFGSpeculativeJIT.h: + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::branchDouble): + (JSC::DFG::SpeculativeJIT::branchDoubleNonZero): + (JSC::DFG::SpeculativeJIT::branch32): + (JSC::DFG::SpeculativeJIT::branchTest32): + (JSC::DFG::SpeculativeJIT::branchPtr): + (JSC::DFG::SpeculativeJIT::branchTestPtr): + (JSC::DFG::SpeculativeJIT::branchTest8): + (JSC::DFG::SpeculativeJIT::jump): + (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit): + (JSC::DFG::SpeculativeJIT::emitEdgeCode): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + +2012-02-14 Filip Pizlo <fpizlo@apple.com> + + Assertion failure under JSC::DFG::AbstractState::execute loading economist.com + https://bugs.webkit.org/show_bug.cgi?id=78153 + <rdar://problem/10861712> <rdar://problem/10861947> + + Reviewed by Oliver Hunt. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileAdd): + +2012-02-14 Eric Seidel <eric@webkit.org> + + Upstream Android's additions to Platform.h + https://bugs.webkit.org/show_bug.cgi?id=78536 + + Reviewed by Adam Barth. + + * wtf/Platform.h: + +2012-02-12 Mark Hahnenberg <mhahnenberg@apple.com> + + Replace old strtod with new strtod + https://bugs.webkit.org/show_bug.cgi?id=68044 + + Reviewed by Geoffrey Garen. + + * parser/Lexer.cpp: Added template argument. This version allows junk after numbers. + (JSC::::lex): + * runtime/JSGlobalObjectFunctions.cpp: Ditto. + (JSC::parseInt): + (JSC::jsStrDecimalLiteral): + * runtime/LiteralParser.cpp: Ditto. + (JSC::::Lexer::lexNumber): + * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter. + It takes a template argument to allow clients to determine statically whether it should allow + junk after the numbers or not. + (WTF): + (WTF::strtod): + * wtf/dtoa.h: + (WTF): + * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers. + (WTF::toDoubleType): + +2012-02-13 Mark Hahnenberg <mhahnenberg@apple.com> + + More windows build fixing + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-02-13 Oliver Hunt <oliver@apple.com> + + Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match + https://bugs.webkit.org/show_bug.cgi?id=76315 + + Reviewed by Gavin Barraclough. + + Perform a 3 byte compare using two comparisons, rather than trying to perform the + operation with a four byte load. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + +2012-02-13 Mark Hahnenberg <mhahnenberg@apple.com> + + Windows build fix + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-02-12 Mark Hahnenberg <mhahnenberg@apple.com> + + Replace old strtod with new strtod + https://bugs.webkit.org/show_bug.cgi?id=68044 + + Reviewed by Geoffrey Garen. + + * parser/Lexer.cpp: Added template argument. This version allows junk after numbers. + (JSC::::lex): + * runtime/JSGlobalObjectFunctions.cpp: Ditto. + (JSC::parseInt): + (JSC::jsStrDecimalLiteral): + * runtime/LiteralParser.cpp: Ditto. + (JSC::::Lexer::lexNumber): + * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter. + It takes a template argument to allow clients to determine statically whether it should allow + junk after the numbers or not. + (WTF): + (WTF::strtod): + * wtf/dtoa.h: + (WTF): + * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers. + (WTF::toDoubleType): + +2012-02-13 Sam Weinig <sam@webkit.org> + + Move JSC related assertions out of Assertions.h and into their own header + https://bugs.webkit.org/show_bug.cgi?id=78508 + + Reviewed by Gavin Barraclough. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + Add GCAssertions.h + + * heap/GCAssertions.h: Added. + Move assertions here. + + * runtime/WriteBarrier.h: + Add #include of GCAssertions.h + + * wtf/Assertions.h: + Remove JSC related assertions. + + * wtf/Compiler.h: + Add compiler check for __has_trivial_destructor. + +2012-02-13 Chao-ying Fu <fu@mips.com> + + Update MIPS patchOffsetGetByIdSlowCaseCall + https://bugs.webkit.org/show_bug.cgi?id=78392 + + Reviewed by Gavin Barraclough. + + * jit/JIT.h: + (JIT): + +2012-02-13 Patrick Gansterer <paroga@webkit.org> + + Remove obsolete #if from ThreadSpecific.h + https://bugs.webkit.org/show_bug.cgi?id=78485 + + Reviewed by Adam Roben. + + Since alle platform use either pthread or Win32 for threading, + we can remove all PLATFORM() preprocessor statements. + + * wtf/ThreadSpecific.h: + (ThreadSpecific): + +2012-02-13 Jessie Berlin <jberlin@apple.com> + + Fix the Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-02-13 Sam Weinig <sam@webkit.org> + + Use C11's _Static_assert for COMPILE_ASSERT if it is available + https://bugs.webkit.org/show_bug.cgi?id=78506 + + Rubber-stamped by Antti Koivisto. + + Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly + better error messages. + + * wtf/Assertions.h: + Use _Static_assert if it is available. + + * wtf/Compiler.h: + Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler. + +2012-02-13 Mario Sanchez Prada <msanchez@igalia.com> + + [GTK] Add GSList to the list of GObject types in GOwnPtr + https://bugs.webkit.org/show_bug.cgi?id=78487 + + Reviewed by Philippe Normand. + + Handle the GSList type in GOwnPtr, by calling g_slist_free in the + implementation of the freeOwnedGPtr template function. + + * wtf/gobject/GOwnPtr.cpp: + (WTF::GSList): + (WTF): + * wtf/gobject/GOwnPtr.h: + (WTF): + * wtf/gobject/GTypedefs.h: + +2012-02-06 Raphael Kubo da Costa <kubo@profusion.mobi> + + [EFL] Drop support for the Curl network backend. + https://bugs.webkit.org/show_bug.cgi?id=77874 + + Reviewed by Eric Seidel. + + Nobody seems to be maintaining the Curl backend in WebCore, the + EFL port developers all seem to be using the Soup backend and the + port itself has many features which are only implemented for the + latter. + + * wtf/PlatformEfl.cmake: Always build the gobject-dependent source + files. + +2012-02-13 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for !ENABLE(JIT) after r107485. + + * bytecode/PolymorphicPutByIdList.cpp: + +2012-02-13 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=78434 + Unreviewed - temporarily reverting r107498 will I fix a couple of testcases. + + * parser/Parser.cpp: + (JSC::::parseFunctionInfo): + * runtime/ClassInfo.h: + (MethodTable): + (JSC): + * runtime/JSCell.cpp: + (JSC): + * runtime/JSCell.h: + (JSCell): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC): + * runtime/JSGlobalObjectFunctions.h: + (JSC): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC): + (JSC::JSObject::putDirectAccessor): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + (JSC::JSObject::inlineGetOwnPropertySlot): + (JSC::JSValue::get): + * runtime/JSString.cpp: + (JSC::JSString::getOwnPropertySlot): + * runtime/JSValue.h: + (JSValue): + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorGetPrototypeOf): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + * runtime/Structure.h: + (JSC::Structure::setHasGetterSetterProperties): + (Structure): + +2012-02-12 Ashod Nakashian <ashodnakashian@yahoo.com> + + KeywordLookupGenerator.py script fails in some cases + https://bugs.webkit.org/show_bug.cgi?id=77886 + + Reviewed by Benjamin Poulain. + + * parser/Keywords.table: Converted to LF-only. + +2012-02-12 Shinya Kawanaka <shinyak@google.com> + + Introduce ShadowRootList. + https://bugs.webkit.org/show_bug.cgi?id=78069 + + Reviewed by Hajime Morita. + + DoublyLinkedList should have tail() method to take the last element. + + * wtf/DoublyLinkedList.h: + (DoublyLinkedList): + (WTF::::tail): + (WTF): + +2012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi> + + [CMake] Move source files in WTF_HEADERS to WTF_SOURCES. + https://bugs.webkit.org/show_bug.cgi?id=78436 + + Reviewed by Daniel Bates. + + * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES, + and correctly sort the files which start with 'M'. + +2012-02-12 Sam Weinig <sam@webkit.org> + + Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj. + + Rubber-stamped by Anders Carlsson. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi> + + [CMake] Remove unused or empty variable definitions. + https://bugs.webkit.org/show_bug.cgi?id=78437 + + Reviewed by Daniel Bates. + + * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition. + * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition. + * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will + be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES). + +2012-02-12 Filip Pizlo <fpizlo@apple.com> + + DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution() + https://bugs.webkit.org/show_bug.cgi?id=78431 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + +2012-02-11 Benjamin Poulain <benjamin@webkit.org> + + Add back WTFURL to WebKit + https://bugs.webkit.org/show_bug.cgi?id=77291 + + Reviewed by Adam Barth. + + WTFURL was removed from WebKit in r86787. + + This patch adds the code back to WTF with the following changes: + -Guard the feature with USE(WTFURL). + -Change the typename CHAR to CharacterType to follow recent WebKit conventions. + -Fix some coding style to make check-webkit-style happy. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/Platform.h: + * wtf/url/api/ParsedURL.cpp: Added. + (WTF): + (WTF::ParsedURL::ParsedURL): + (WTF::ParsedURL::scheme): + (WTF::ParsedURL::username): + (WTF::ParsedURL::password): + (WTF::ParsedURL::host): + (WTF::ParsedURL::port): + (WTF::ParsedURL::path): + (WTF::ParsedURL::query): + (WTF::ParsedURL::fragment): + (WTF::ParsedURL::segment): + * wtf/url/api/ParsedURL.h: Added. + (WTF): + (ParsedURL): + (WTF::ParsedURL::spec): + * wtf/url/api/URLString.h: Added. + (WTF): + (URLString): + (WTF::URLString::URLString): + (WTF::URLString::string): + * wtf/url/src/RawURLBuffer.h: Added. + (WTF): + (RawURLBuffer): + (WTF::RawURLBuffer::RawURLBuffer): + (WTF::RawURLBuffer::~RawURLBuffer): + (WTF::RawURLBuffer::resize): + * wtf/url/src/URLBuffer.h: Added. + (WTF): + (URLBuffer): + (WTF::URLBuffer::URLBuffer): + (WTF::URLBuffer::~URLBuffer): + (WTF::URLBuffer::at): + (WTF::URLBuffer::set): + (WTF::URLBuffer::capacity): + (WTF::URLBuffer::length): + (WTF::URLBuffer::data): + (WTF::URLBuffer::setLength): + (WTF::URLBuffer::append): + (WTF::URLBuffer::grow): + * wtf/url/src/URLCharacterTypes.cpp: Added. + (WTF): + (): + * wtf/url/src/URLCharacterTypes.h: Added. + (WTF): + (URLCharacterTypes): + (WTF::URLCharacterTypes::isQueryChar): + (WTF::URLCharacterTypes::isIPv4Char): + (WTF::URLCharacterTypes::isHexChar): + (): + (WTF::URLCharacterTypes::isCharOfType): + * wtf/url/src/URLComponent.h: Added. + (WTF): + (URLComponent): + (WTF::URLComponent::URLComponent): + (WTF::URLComponent::fromRange): + (WTF::URLComponent::isValid): + (WTF::URLComponent::isNonEmpty): + (WTF::URLComponent::isEmptyOrInvalid): + (WTF::URLComponent::reset): + (WTF::URLComponent::operator==): + (WTF::URLComponent::begin): + (WTF::URLComponent::setBegin): + (WTF::URLComponent::length): + (WTF::URLComponent::setLength): + (WTF::URLComponent::end): + * wtf/url/src/URLEscape.cpp: Added. + (WTF): + (): + * wtf/url/src/URLEscape.h: Added. + (WTF): + (WTF::appendURLEscapedCharacter): + * wtf/url/src/URLParser.h: Added. + (WTF): + (URLParser): + (): + (WTF::URLParser::isPossibleAuthorityTerminator): + (WTF::URLParser::parseAuthority): + (WTF::URLParser::extractScheme): + (WTF::URLParser::parseAfterScheme): + (WTF::URLParser::parseStandardURL): + (WTF::URLParser::parsePath): + (WTF::URLParser::parsePathURL): + (WTF::URLParser::parseMailtoURL): + (WTF::URLParser::parsePort): + (WTF::URLParser::extractFileName): + (WTF::URLParser::extractQueryKeyValue): + (WTF::URLParser::isURLSlash): + (WTF::URLParser::shouldTrimFromURL): + (WTF::URLParser::trimURL): + (WTF::URLParser::consecutiveSlashes): + (WTF::URLParser::isPortDigit): + (WTF::URLParser::nextAuthorityTerminator): + (WTF::URLParser::parseUserInfo): + (WTF::URLParser::parseServerInfo): + * wtf/url/src/URLQueryCanonicalizer.h: Added. + (WTF): + (URLQueryCanonicalizer): + (WTF::URLQueryCanonicalizer::canonicalize): + (WTF::URLQueryCanonicalizer::isAllASCII): + (WTF::URLQueryCanonicalizer::isRaw8Bit): + (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString): + (WTF::URLQueryCanonicalizer::convertToQueryEncoding): + * wtf/url/src/URLSegments.cpp: Added. + (WTF): + (WTF::URLSegments::length): + (WTF::URLSegments::charactersBefore): + * wtf/url/src/URLSegments.h: Added. + (WTF): + (URLSegments): + (): + (WTF::URLSegments::URLSegments): + +2012-02-11 Filip Pizlo <fpizlo@apple.com> + + Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path + https://bugs.webkit.org/show_bug.cgi?id=78430 + <rdar://problem/10849469> <rdar://problem/10849684> + + Reviewed by Gavin Barraclough. + + The old JIT's put_by_id transition caching involves repatching the slow call to + a generated stub. That means that the call is counted as "slow case". So, this + patch inserts code to decrement the slow case count if the stub succeeds. + + Looks like a ~1% speed-up on V8. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + +2012-02-11 Filip Pizlo <fpizlo@apple.com> + + Build fix for Qt. + + * wtf/DataLog.h: + +2012-02-11 Filip Pizlo <fpizlo@apple.com> + + It should be possible to send all JSC debug logging to a file + https://bugs.webkit.org/show_bug.cgi?id=78418 + + Reviewed by Sam Weinig. + + Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog, + and WTF::dataLogV. Changed all debugging- and profiling-related printfs + to use WTF::dataLog() or one of its friends. By default, debug logging + goes to stderr, unless you change the setting in wtf/DataLog.cpp. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::dumpLinkStatistics): + (JSC::LinkBuffer::dumpCode): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::vprintfStdoutInstr): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::printUnaryOp): + (JSC::CodeBlock::printBinaryOp): + (JSC::CodeBlock::printConditionalJump): + (JSC::CodeBlock::printGetByIdOp): + (JSC::CodeBlock::printCallOp): + (JSC::CodeBlock::printPutByIdOp): + (JSC::printGlobalResolveInfo): + (JSC::printStructureStubInfo): + (JSC::CodeBlock::printStructure): + (JSC::CodeBlock::printStructures): + (JSC::CodeBlock::dump): + (JSC::CodeBlock::dumpStatistics): + (JSC::CodeBlock::finalizeUnconditionally): + (JSC::CodeBlock::shouldOptimizeNow): + (JSC::CodeBlock::tallyFrequentExitSites): + (JSC::CodeBlock::dumpValueProfiles): + * bytecode/Opcode.cpp: + (JSC::OpcodeStats::~OpcodeStats): + * bytecode/SamplingTool.cpp: + (JSC::SamplingFlags::stop): + (JSC::SamplingRegion::dumpInternal): + (JSC::SamplingTool::dump): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::endBasicBlock): + (JSC::DFG::AbstractState::mergeStateAtTail): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::makeDivSafe): + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::linkBlock): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGCommon.h: + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.cpp: + (JSC::DFG::printWhiteSpace): + (JSC::DFG::Graph::dumpCodeOrigin): + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOperations.cpp: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::propagateArithNodeFlagsForward): + (JSC::DFG::Propagator::propagateArithNodeFlagsBackward): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::propagatePredictionsForward): + (JSC::DFG::Propagator::propagatePredictionsBackward): + (JSC::DFG::Propagator::doRoundOfDoubleVoting): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::fixup): + (JSC::DFG::Propagator::startIndexForChildren): + (JSC::DFG::Propagator::endIndexForPureCSE): + (JSC::DFG::Propagator::setReplacement): + (JSC::DFG::Propagator::eliminate): + (JSC::DFG::Propagator::performNodeCSE): + (JSC::DFG::Propagator::localCSE): + (JSC::DFG::Propagator::allocateVirtualRegisters): + (JSC::DFG::Propagator::performBlockCFA): + (JSC::DFG::Propagator::performForwardCFA): + * dfg/DFGRegisterBank.h: + (JSC::DFG::RegisterBank::dump): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::dump): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::dump): + (JSC::DFG::SpeculativeJIT::checkConsistency): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + * heap/Heap.cpp: + (JSC::Heap::destroy): + * heap/MarkedBlock.h: + * interpreter/CallFrame.cpp: + (JSC::CallFrame::dumpCaller): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::dumpRegisters): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * profiler/Profile.cpp: + (JSC::Profile::debugPrintData): + (JSC::Profile::debugPrintDataSampleStyle): + * profiler/ProfileNode.cpp: + (JSC::ProfileNode::debugPrintData): + (JSC::ProfileNode::debugPrintDataSampleStyle): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::dumpRegExpTrace): + * runtime/RegExp.cpp: + (JSC::RegExp::matchCompareWithInterpreter): + * runtime/SamplingCounter.cpp: + (JSC::AbstractSamplingCounter::dump): + * runtime/SamplingCounter.h: + (JSC::DeletableSamplingCounter::~DeletableSamplingCounter): + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::print): + * runtime/Structure.cpp: + (JSC::Structure::dumpStatistics): + (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger): + * tools/CodeProfile.cpp: + (JSC::CodeProfile::report): + * tools/ProfileTreeNode.h: + (JSC::ProfileTreeNode::dumpInternal): + * wtf/CMakeLists.txt: + * wtf/DataLog.cpp: Added. + (WTF): + (WTF::initializeLogFileOnce): + (WTF::initializeLogFile): + (WTF::dataFile): + (WTF::dataLogV): + (WTF::dataLog): + * wtf/DataLog.h: Added. + (WTF): + * wtf/HashTable.cpp: + (WTF::HashTableStats::~HashTableStats): + * wtf/MetaAllocator.cpp: + (WTF::MetaAllocator::dumpProfile): + * wtf/text/WTFString.cpp: + (String::show): + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::ByteCompiler::dumpDisjunction): + +2012-02-11 Gavin Barraclough <barraclough@apple.com> + + Move special __proto__ property to Object.prototype + https://bugs.webkit.org/show_bug.cgi?id=78409 + + Reviewed by Oliver Hunt. + + Re-implement this as a regular accessor property. This has three key benefits: + 1) It makes it possible for objects to be given properties named __proto__. + 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. + 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. + + * parser/Parser.cpp: + (JSC::::parseFunctionInfo): + - No need to prohibit functions named __proto__. + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + - Add __proto__ accessor to Object.prototype. + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncProtoGetter): + (JSC::globalFuncProtoSetter): + - Definition of the __proto__ accessor functions. + * runtime/JSGlobalObjectFunctions.h: + - Declaration of the __proto__ accessor functions. + * runtime/JSObject.cpp: + (JSC::JSObject::put): + - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. + (JSC::JSObject::putDirectAccessor): + - Track on the structure whether an object contains accessors other than one for __proto__. + (JSC::JSObject::defineOwnProperty): + - No need to prohibit definition of own properties named __proto__. + * runtime/JSObject.h: + (JSC::JSObject::inlineGetOwnPropertySlot): + - Remove the special handling for __proto__. + (JSC::JSValue::get): + - Remove the special handling for __proto__. + * runtime/JSString.cpp: + (JSC::JSString::getOwnPropertySlot): + - Remove the special handling for __proto__. + * runtime/JSValue.h: + (JSValue): + - Made synthesizePrototype public (this may be needed by the __proto__ getter). + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorGetPrototypeOf): + - Perform the security check & call prototype() directly. + * runtime/Structure.cpp: + (JSC::Structure::Structure): + - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. + * runtime/Structure.h: + (JSC::Structure::hasGetterSetterPropertiesExcludingProto): + (JSC::Structure::setHasGetterSetterProperties): + (Structure): + - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. + +2012-02-11 Filip Pizlo <fpizlo@apple.com> + + DFG CFA assumes that a WeakJSConstant's structure is known + https://bugs.webkit.org/show_bug.cgi?id=78428 + <rdar://problem/10849492> <rdar://problem/10849621> + + Reviewed by Gavin Barraclough. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + +2012-02-11 Mark Hahnenberg <mhahnenberg@apple.com> + + Qt debug build fix + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate + JSFinalObjects in the destuctor subspace, so we should remove this assert so it + doesn't cause crashes. + +2012-02-11 Filip Pizlo <fpizlo@apple.com> + + Old 32_64 JIT should assert that its use of map() is consistent with the DFG + OSR exit's expectations + https://bugs.webkit.org/show_bug.cgi?id=78419 + <rdar://problem/10817121> + + Reviewed by Oliver Hunt. + + * jit/JITInlineMethods.h: + (JSC::JIT::map): + +2012-02-11 Mark Hahnenberg <mhahnenberg@apple.com> + + Reduce the reentrancy limit of the interpreter for the iOS simulator + https://bugs.webkit.org/show_bug.cgi?id=78400 + + Reviewed by Gavin Barraclough. + + * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks. + (JSC): + +2012-02-11 Filip Pizlo <fpizlo@apple.com> + + [DFG] Misuse of WeakJSConstants in silentFillGPR code. + https://bugs.webkit.org/show_bug.cgi?id=78423 + <rdar://problem/10849353> <rdar://problem/10804043> + + Reviewed by Sam Weinig. + + The code was using Node::isConstant(), when it was supposed to use Node::hasConstant(). + This patch is a surgical fix; the bigger problem is: why do we have isConstant() and + hasConstant() when hasConstant() is correct and isConstant() is almost always wrong? + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::silentFillGPR): + +2012-02-11 Sam Weinig <sam@webkit.org> + + Prepare JavaScriptCore to build with libc++ + <rdar://problem/10426673> + https://bugs.webkit.org/show_bug.cgi?id=78424 + + Reviewed by Anders Carlsson. + + * wtf/NullPtr.cpp: + * wtf/NullPtr.h: + libc++ provides std::nullptr emulation, so we don't have to. + +2012-02-07 Filip Pizlo <fpizlo@apple.com> + + DFG should have polymorphic put_by_id caching + https://bugs.webkit.org/show_bug.cgi?id=78062 + <rdar://problem/10326439> <rdar://problem/10824839> + + Reviewed by Oliver Hunt. + + Implemented polymorphic put_by_id caching in the DFG, and added much of the + machinery that would be needed to implement it in the old JIT as well. + + I decided against using the old PolymorphicAccessStructureList mechanism as + this didn't quite fit with put_by_id. In particular, I wanted the ability to + have one list that captured all relevant cases (including proto put_by_id + if we ever decided to do it). And I wanted the code to have better + encapsulation. And I didn't want to get confused by the fact that the + original (non-list) put_by_id cache may itself consist of a stub routine. + + This code is still sub-optimal (for example adding a replace to a list whose + previous elements are all transitions should just repatch the original code, + but here it will generate a stub) but it already generates a >20% speed-up + on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/PolymorphicPutByIdList.cpp: Added. + (JSC): + (JSC::PutByIdAccess::fromStructureStubInfo): + (JSC::PutByIdAccess::visitWeak): + (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList): + (JSC::PolymorphicPutByIdList::from): + (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList): + (JSC::PolymorphicPutByIdList::isFull): + (JSC::PolymorphicPutByIdList::isAlmostFull): + (JSC::PolymorphicPutByIdList::addAccess): + (JSC::PolymorphicPutByIdList::visitWeak): + * bytecode/PolymorphicPutByIdList.h: Added. + (JSC): + (PutByIdAccess): + (JSC::PutByIdAccess::PutByIdAccess): + (JSC::PutByIdAccess::transition): + (JSC::PutByIdAccess::replace): + (JSC::PutByIdAccess::isSet): + (JSC::PutByIdAccess::operator!): + (JSC::PutByIdAccess::type): + (JSC::PutByIdAccess::isTransition): + (JSC::PutByIdAccess::isReplace): + (JSC::PutByIdAccess::oldStructure): + (JSC::PutByIdAccess::structure): + (JSC::PutByIdAccess::newStructure): + (JSC::PutByIdAccess::chain): + (JSC::PutByIdAccess::stubRoutine): + (PolymorphicPutByIdList): + (JSC::PolymorphicPutByIdList::currentSlowPathTarget): + (JSC::PolymorphicPutByIdList::isEmpty): + (JSC::PolymorphicPutByIdList::size): + (JSC::PolymorphicPutByIdList::at): + (JSC::PolymorphicPutByIdList::operator[]): + (JSC::PolymorphicPutByIdList::kind): + * bytecode/PutKind.h: Added. + (JSC): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::deref): + (JSC::StructureStubInfo::visitWeakReferences): + * bytecode/StructureStubInfo.h: + (JSC): + (JSC::isPutByIdAccess): + (JSC::StructureStubInfo::initPutByIdList): + (StructureStubInfo): + (JSC::StructureStubInfo::reset): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + (DFG): + * dfg/DFGRepatch.cpp: + (JSC::DFG::appropriateGenericPutByIdFunction): + (JSC::DFG::appropriateListBuildingPutByIdFunction): + (DFG): + (JSC::DFG::emitPutReplaceStub): + (JSC::DFG::emitPutTransitionStub): + (JSC::DFG::tryCachePutByID): + (JSC::DFG::dfgRepatchPutByID): + (JSC::DFG::tryBuildPutByIdList): + (JSC::DFG::dfgBuildPutByIdList): + (JSC::DFG::dfgResetPutByID): + * dfg/DFGRepatch.h: + (DFG): + * runtime/WriteBarrier.h: + (WriteBarrierBase): + (JSC::WriteBarrierBase::copyFrom): + +2012-02-10 Vineet Chaudhary <rgf748@motorola.com> + + https://bugs.webkit.org/show_bug.cgi?id=72756 + DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it + + Reviewed by Timothy Hatcher. + + * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and + AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions. + +2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com> + + Fixing windows build + + Unreviewed build fix + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-02-10 Adam Klein <adamk@chromium.org> + + Enable MUTATION_OBSERVERS by default on all platforms + https://bugs.webkit.org/show_bug.cgi?id=78196 + + Reviewed by Ojan Vafai. + + * Configurations/FeatureDefines.xcconfig: + +2012-02-10 Yong Li <yoli@rim.com> + + ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable. + https://bugs.webkit.org/show_bug.cgi?id=76724 + + Reviewed by Rob Buis. + + This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on. + The size used to call makeExecutable can be smaller than the one that was used for makeWritable. + So it can leave pages behind that are not set back to default flags. When an assembly on one of those + pages is executed or JIT returns to those pages in the case it was already executing from there, the + software will crash. + + * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization(). + (JSC::LinkBuffer::LinkBuffer): + (JSC::LinkBuffer::linkCode): + (JSC::LinkBuffer::performFinalization): + (LinkBuffer): + +2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com> + + Split MarkedSpace into destructor and destructor-free subspaces + https://bugs.webkit.org/show_bug.cgi?id=77761 + + Reviewed by Geoffrey Garen. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space. + * heap/Heap.h: + (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to + pick which subspace they want to allocate out of. + (JSC::Heap::allocatorForObjectWithDestructor): Ditto. + (Heap): + (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use. + (JSC): + (JSC::Heap::allocateWithoutDestructor): Ditto. + * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate + their MarkedBlocks correctly. + (JSC::MarkedAllocator::allocateBlock): + * heap/MarkedAllocator.h: + (JSC::MarkedAllocator::cellsNeedDestruction): + (MarkedAllocator): + (JSC::MarkedAllocator::MarkedAllocator): + (JSC): + (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with + an init function that does all of that stuff in fewer lines. + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::create): + (JSC::MarkedBlock::recycle): + (JSC::MarkedBlock::MarkedBlock): + (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make + checking the m_cellsNeedDestructor flag faster and cleaner looking. + (JSC): + (JSC::MarkedBlock::specializedSweep): + (JSC::MarkedBlock::sweep): + (JSC::MarkedBlock::sweepHelper): + * heap/MarkedBlock.h: + (MarkedBlock): + (JSC::MarkedBlock::cellsNeedDestruction): + (JSC): + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::resetAllocators): + (JSC::MarkedSpace::canonicalizeCellLivenessData): + (JSC::TakeIfUnmarked::operator()): + * heap/MarkedSpace.h: + (MarkedSpace): + (Subspace): + (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of + allocators. + (JSC): + (JSC::MarkedSpace::destructorAllocatorFor): Ditto. + (JSC::MarkedSpace::allocateWithoutDestructor): Ditto. + (JSC::MarkedSpace::allocateWithDestructor): Ditto. + (JSC::MarkedSpace::forEachBlock): + * jit/JIT.h: + * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others. + (JSC::JIT::emitAllocateBasicJSObject): + (JSC::JIT::emitAllocateJSFinalObject): + (JSC::JIT::emitAllocateJSFunction): + * runtime/JSArray.cpp: + (JSC): + * runtime/JSArray.h: + (JSArray): + (JSC::JSArray::create): + (JSC): + (JSC::JSArray::tryCreateUninitialized): + * runtime/JSCell.h: + (JSCell): + (JSC): + (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires + destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this + constant to decide whether to allocate in the destructor or destructor-free parts of the heap. + (JSC::allocateCell): + * runtime/JSFunction.cpp: + (JSC): + * runtime/JSFunction.h: + (JSFunction): + * runtime/JSObject.cpp: + (JSC): + * runtime/JSObject.h: + (JSNonFinalObject): + (JSC): + (JSFinalObject): + (JSC::JSFinalObject::create): + +2012-02-10 Adrienne Walker <enne@google.com> + + Remove implicit copy constructor usage in HashMaps with OwnPtr + https://bugs.webkit.org/show_bug.cgi?id=78071 + + Reviewed by Darin Adler. + + Change the return type of emptyValue() in PairHashTraits to be the + actual type returned rather than the trait type to avoid an implicit + generation of the OwnPtr copy constructor. This happens for hash + traits involving OwnPtr where the empty value is not zero and each + hash bucket needs to be initialized with emptyValue(). + + Also, update StructureTransitionTable to use default hash traits + rather than rolling its own, in order to update it to handle + EmptyValueType. + + Test: patch from bug 74154 compiles on Clang with this patch + + * runtime/StructureTransitionTable.h: + (StructureTransitionTable): + * wtf/HashTraits.h: + (GenericHashTraits): + (PairHashTraits): + (WTF::PairHashTraits::emptyValue): + +2012-02-10 Aron Rosenberg <arosenberg@logitech.com> + + [Qt] Fix compiler warning in Visual Studio 2010 about TR1 + https://bugs.webkit.org/show_bug.cgi?id=63642 + + Reviewed by Simon Hausmann. + + * JavaScriptCore.pri: + +2012-02-10 Michael Saboff <msaboff@apple.com> + + Yarr assert with regexp where alternative in *-quantified group matches empty + https://bugs.webkit.org/show_bug.cgi?id=67752 + + Reviewed by Gavin Barraclough. + + Added backtracking for the prior alternative if it matched + but didn't consume any input characters. + + * yarr/YarrJIT.cpp: + (YarrOp): New jump. + (JSC::Yarr::YarrGenerator::generate): Emit conditional jump + when an alternative matches and no input was consumed. Moved the + zero length match check for a set of alternatives to the alternative + code from the parentheses cases to the alternative end cases. + Converted the existing zero length checks in the parentheses cases + to runtime assertion checks. + (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack + to prior term. + +2012-02-10 Roland Takacs <takacs.roland@stud.u-szeged.hu> + + [Qt] GC should be parallel on Qt platform + https://bugs.webkit.org/show_bug.cgi?id=73309 + + Reviewed by Zoltan Herczeg. + + These changes made the parallel gc feature available for Qt port. + The implementation of "registerGCThread" and "isMainThreadOrGCThread", + and a local static function [initializeGCThreads] is moved from + MainThreadMac.mm to the common MainThread.cpp to make them available + for other platforms. + + Measurement results: + V8 speed-up: 1.025x as fast [From: 663.4ms To: 647.0ms ] + V8 Splay speed-up: 1.185x as fast [From: 138.4ms To: 116.8ms ] + + Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. + + * JavaScriptCore.order: + * wtf/MainThread.cpp: + (WTF::initializeMainThread): + (WTF): + (WTF::initializeGCThreads): + (WTF::registerGCThread): + (WTF::isMainThreadOrGCThread): + * wtf/MainThread.h: + (WTF): + * wtf/Platform.h: + * wtf/mac/MainThreadMac.mm: + (WTF): + +2012-02-09 Andy Wingo <wingo@igalia.com> + + Eliminate dead code in BytecodeGenerator::resolve() + https://bugs.webkit.org/show_bug.cgi?id=78242 + + Reviewed by Gavin Barraclough. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::resolve): + BytecodeGenerator::shouldOptimizeLocals() is only true for + FunctionCode, and thus cannot be true for GlobalCode. + +2012-02-09 Andy Wingo <wingo@igalia.com> + + Remove BytecodeGenerator::isLocal + https://bugs.webkit.org/show_bug.cgi?id=78241 + + Minor refactor to BytecodeGenerator. + + Reviewed by Gavin Barraclough. + + * bytecompiler/BytecodeGenerator.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::isLocal): + (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused + methods. + * bytecompiler/NodesCodegen.cpp: + (JSC::ResolveNode::isPure): Use the ResolveResult mechanism + instead of isLocal. This will recognize more resolve nodes as + being pure. + (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the + location instead of isLocalConstant. + +2012-02-09 Oliver Hunt <oliver@apple.com> + + The JS Parser scope object needs a VectorTrait specialization + https://bugs.webkit.org/show_bug.cgi?id=78308 + + Reviewed by Gavin Barraclough. + + This showed up as a periodic crash in various bits of generated code + originally, but I've added an assertion in the bytecode generator + that makes the effected code much more crash-happy should it go + wrong again. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + (JSC::BytecodeGenerator::resolve): + * parser/Parser.cpp: + * parser/Parser.h: + (JSC): + * runtime/JSActivation.h: + (JSC::JSActivation::isValidScopedLookup): + (JSActivation): + +2012-02-08 Oliver Hunt <oliver@apple.com> + + Whoops, fix the build. + + * runtime/Executable.cpp: + (JSC::FunctionExecutable::FunctionExecutable): + +2012-02-08 Oliver Hunt <oliver@apple.com> + + Fix issue encountered while debugging stacktraces + https://bugs.webkit.org/show_bug.cgi?id=78147 + + Reviewed by Gavin Barraclough. + + Debugging is easier if we always ensure that we have a non-null + inferred name. + + * runtime/Executable.cpp: + (JSC::FunctionExecutable::FunctionExecutable): + +2012-02-08 Oliver Hunt <oliver@apple.com> + + updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs + https://bugs.webkit.org/show_bug.cgi?id=78145 + + Reviewed by Gavin Barraclough. + + Fix the updateTopCallFrame helper to store additional information + that becomes necessary when we are trying to provide more stack + frame information. + + * interpreter/CallFrame.h: + (JSC::ExecState::bytecodeOffsetForBaselineJIT): + (ExecState): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JIT.h: + (JSC::JIT::compileGetByIdProto): + (JSC::JIT::compileGetByIdSelfList): + (JSC::JIT::compileGetByIdProtoList): + (JSC::JIT::compileGetByIdChainList): + (JSC::JIT::compileGetByIdChain): + (JSC::JIT::compilePutByIdTransition): + (JIT): + * jit/JITInlineMethods.h: + (JSC::JIT::updateTopCallFrame): + +2012-02-07 Robert Kroeger <rjkroege@chromium.org> + + [chromium] Remove the enable marcro for the no longer necessary Chromium + gesture recognizer. + https://bugs.webkit.org/show_bug.cgi?id=77492 + + Reviewed by Adam Barth. + + * wtf/Platform.h: + +2012-02-07 Tony Chang <tony@chromium.org> + + merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in + https://bugs.webkit.org/show_bug.cgi?id=78036 + + Reviewed by Darin Adler. + + * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES. + +2012-02-07 Gyuyoung Kim <gyuyoung.kim@samsung.com> + + [CMAKE] Use *bin* and *lib* directories for executable and libraries. + https://bugs.webkit.org/show_bug.cgi?id=77928 + + Reviewed by Daniel Bates. + + CMake has used *Programs* directory for executable. In addition, shared libraries are being + built in source directory. It is better to set common places in order to maintain executable + and libraries. *bin* is for executable and *lib* is for library. + + * shell/CMakeLists.txt: Change *Programs* with *bin*. + +2012-02-07 Gavin Barraclough <barraclough@apple.com> + + Crash on http://www.rickshawbags.com/ + https://bugs.webkit.org/show_bug.cgi?id=78045 + + Reviewed by Darin Adler. + + Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag() + + This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933, + isVariableObject() checks were excluding StaticScopeObjects, this patch + inadvertently changed them to be included. + + * runtime/JSType.h: + - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType, + and thus is excluded from isVariableObject() checks. + +2012-02-06 Jer Noble <jer.noble@apple.com> + + Use CMClock as a timing source for PlatformClock where available. + https://bugs.webkit.org/show_bug.cgi?id=77885 + + Reviewed by Eric Carlson. + + * wtf/Platform.h: Added WTF_USE_COREMEDIA. + +2012-02-06 Filip Pizlo <fpizlo@apple.com> + + ValueToNumber and ValueToDouble nodes don't do anything and should be removed + https://bugs.webkit.org/show_bug.cgi?id=77855 + <rdar://problem/10811325> + + Reviewed by Gavin Barraclough. + + Removed ValueToNumber and ValueToDouble, because the only thing they were doing + was wasting registers. + + This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken, + mostly due to a >10% win on gaussian-blur. No win anywhere else. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getToInt32): + (ByteCodeParser): + (JSC::DFG::ByteCodeParser::handleMinMax): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + (DFG): + (JSC::DFG::Node::hasArithNodeFlags): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::vote): + (JSC::DFG::Propagator::doRoundOfDoubleVoting): + (Propagator): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::canonicalize): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-02-06 Patrick Gansterer <paroga@webkit.org> + + Unreviewed WinCE build fix after r106197. + + * tools/CodeProfiling.cpp: + (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it. + +2012-02-05 Gavin Barraclough <barraclough@apple.com> + + Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter + https://bugs.webkit.org/show_bug.cgi?id=77451 + + Reviewed by Sam Weinig. + + These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor. + Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor. + + * JavaScriptCore.exp: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::defineOwnProperty): + * debugger/DebuggerActivation.h: + (DebuggerActivation): + * runtime/ClassInfo.h: + (MethodTable): + (JSC): + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::finishCreation): + * runtime/JSCell.cpp: + (JSC): + * runtime/JSCell.h: + (JSCell): + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertySlot): + (JSC::JSFunction::getOwnPropertyDescriptor): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::defineOwnProperty): + (JSC): + * runtime/JSGlobalObject.h: + (JSGlobalObject): + * runtime/JSObject.cpp: + (JSC): + * runtime/JSObject.h: + (JSObject): + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncDefineGetter): + (JSC::objectProtoFuncDefineSetter): + (JSC::objectProtoFuncLookupGetter): + (JSC::objectProtoFuncLookupSetter): + +2012-02-06 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Add missing files. + +2012-02-05 Filip Pizlo <fpizlo@apple.com> + + DFG's child references from one node to another should have room for type information + https://bugs.webkit.org/show_bug.cgi?id=77797 + + Reviewed by Oliver Hunt. + + The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned) + and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated + together as a DFG::NodeUse, which can in most cases still be used as an index (for + example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places + where they really want a NodeIndex). + + The NodeUse stores both the index and the UseKind without bloating the memory usage of + DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is + roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile + something - likely a sensible assumption! - then we will only be able to have room for + about 24 million nodes, which means we only need about 24.5 bits for the node index). + Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index, + but stores the index as a signed number to make NoNode work naturally. Hence we really + just have 27 bits for the index. + + This is performance-neutral on all benchmarks we track. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGAbstractState.h: + (JSC::DFG::AbstractState::forNode): + (AbstractState): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::toInt32): + (JSC::DFG::ByteCodeParser::addVarArgChild): + (JSC::DFG::ByteCodeParser::processPhiStack): + * dfg/DFGCommon.h: + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (DFG): + * dfg/DFGGraph.h: + (Graph): + (JSC::DFG::Graph::operator[]): + (JSC::DFG::Graph::at): + (JSC::DFG::Graph::ref): + (JSC::DFG::Graph::deref): + (JSC::DFG::Graph::clearAndDerefChild1): + (JSC::DFG::Graph::clearAndDerefChild2): + (JSC::DFG::Graph::clearAndDerefChild3): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::getPrediction): + * dfg/DFGNode.h: + (JSC::DFG::Node::Node): + (JSC::DFG::Node::child1): + (JSC::DFG::Node::child1Unchecked): + (JSC::DFG::Node::child2): + (JSC::DFG::Node::child3): + (JSC::DFG::Node::firstChild): + (JSC::DFG::Node::numChildren): + (JSC::DFG::Node::dumpChildren): + (Node): + * dfg/DFGNodeReferenceBlob.h: Added. + (DFG): + (NodeReferenceBlob): + (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob): + (JSC::DFG::NodeReferenceBlob::child): + (JSC::DFG::NodeReferenceBlob::child1): + (JSC::DFG::NodeReferenceBlob::child2): + (JSC::DFG::NodeReferenceBlob::child3): + (JSC::DFG::NodeReferenceBlob::child1Unchecked): + (JSC::DFG::NodeReferenceBlob::initialize): + (JSC::DFG::NodeReferenceBlob::firstChild): + (JSC::DFG::NodeReferenceBlob::setFirstChild): + (JSC::DFG::NodeReferenceBlob::numChildren): + (JSC::DFG::NodeReferenceBlob::setNumChildren): + * dfg/DFGNodeUse.h: Added. + (DFG): + (NodeUse): + (JSC::DFG::NodeUse::NodeUse): + (JSC::DFG::NodeUse::indexUnchecked): + (JSC::DFG::NodeUse::index): + (JSC::DFG::NodeUse::setIndex): + (JSC::DFG::NodeUse::useKind): + (JSC::DFG::NodeUse::setUseKind): + (JSC::DFG::NodeUse::isSet): + (JSC::DFG::NodeUse::operator!): + (JSC::DFG::NodeUse::operator==): + (JSC::DFG::NodeUse::operator!=): + (JSC::DFG::NodeUse::shift): + (JSC::DFG::NodeUse::makeWord): + (JSC::DFG::operator==): + (JSC::DFG::operator!=): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::vote): + (JSC::DFG::Propagator::toDouble): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::canonicalize): + (JSC::DFG::Propagator::startIndex): + (JSC::DFG::Propagator::globalVarLoadElimination): + (JSC::DFG::Propagator::getByValLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::performSubstitution): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::use): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::useChildren): + (JSC::DFG::SpeculativeJIT::writeBarrier): + (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::compileMovHint): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compileSoftModulo): + (JSC::DFG::SpeculativeJIT::compileAdd): + (JSC::DFG::SpeculativeJIT::compileArithSub): + (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): + (JSC::DFG::SpeculativeJIT::compileStrictEq): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::at): + (JSC::DFG::SpeculativeJIT::canReuse): + (JSC::DFG::SpeculativeJIT::use): + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + (JSC::DFG::IntegerOperand::IntegerOperand): + (JSC::DFG::DoubleOperand::DoubleOperand): + (JSC::DFG::JSValueOperand::JSValueOperand): + (JSC::DFG::StorageOperand::StorageOperand): + (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): + (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): + (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): + (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): + (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): + (JSC::DFG::SpeculativeJIT::cachedPutById): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compileValueAdd): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): + (JSC::DFG::SpeculativeJIT::cachedPutById): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::emitCall): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileValueAdd): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + +2012-02-05 Gyuyoung Kim <gyuyoung.kim@samsung.com> + + [CMAKE] Support javascriptcore test for EFL port. + https://bugs.webkit.org/show_bug.cgi?id=77425 + + Reviewed by Daniel Bates. + + Efl and WinCE as well as Blackberry port are now using Cmake as its build system + and they are share the make file to create jsc excutable. In order to run + "run-javascriptcore-tests", EFL port needs to change jsc installation configuration + with executable output directory(e.g. Programs). So, this patch change jsc installation + configuration only for EFL port. + + * shell/CMakeLists.txt: + +2012-02-04 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by Sam Weinig. + + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPatternConstructor::quantifyAtom): + - Fix comment. + +2012-02-04 Kalev Lember <kalevlember@gmail.com> + + [GTK] CurrentTime: Reorder headers for win32 + https://bugs.webkit.org/show_bug.cgi?id=77808 + + Reviewed by Martin Robinson. + + In GTK+ win32 port, monotonicallyIncreasingTime() implementation is + based on g_get_monotonic_time(). Reorder headers to make sure glib.h + gets included even when the platform is win32. + + CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()': + CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope + CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type] + + * wtf/CurrentTime.cpp: + +2012-02-03 Anders Carlsson <andersca@apple.com> + + Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores + https://bugs.webkit.org/show_bug.cgi?id=77788 + + Reviewed by Andreas Kling. + + The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to + code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening. + + * wtf/FastAllocBase.h: + +2012-02-03 Rob Buis <rbuis@rim.com> + + Fix alignment warnings in ARMv7 + https://bugs.webkit.org/show_bug.cgi?id=55368 + + Reviewed by Filip Pizlo. + + Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code. + + * heap/HandleTypes.h: + (JSC::HandleTypes::getFromSlot): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::specializedSweep): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::forEachCell): + * runtime/WriteBarrier.h: + (JSC::WriteBarrierBase::get): + (JSC::WriteBarrierBase::unvalidatedGet): + +2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com> + + Build fix + + Unreviewed build fix + + Forgot to add a couple files. + + * heap/MarkedAllocator.cpp: Added. + (JSC): + (JSC::MarkedAllocator::tryAllocateHelper): + (JSC::MarkedAllocator::tryAllocate): + (JSC::MarkedAllocator::allocateSlowCase): + (JSC::MarkedAllocator::allocateBlock): + (JSC::MarkedAllocator::addBlock): + (JSC::MarkedAllocator::removeBlock): + * heap/MarkedAllocator.h: Added. + (JSC): + (DFG): + (MarkedAllocator): + (JSC::MarkedAllocator::cellSize): + (JSC::MarkedAllocator::heap): + (JSC::MarkedAllocator::setHeap): + (JSC::MarkedAllocator::setCellSize): + (JSC::MarkedAllocator::setMarkedSpace): + (JSC::MarkedAllocator::MarkedAllocator): + (JSC::MarkedAllocator::allocate): + (JSC::MarkedAllocator::reset): + (JSC::MarkedAllocator::zapFreeList): + (JSC::MarkedAllocator::forEachBlock): + +2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com> + + Refactor MarkedBlock::SizeClass into a separate class + https://bugs.webkit.org/show_bug.cgi?id=77600 + + Reviewed by Geoffrey Garen. + + We pulled SizeClass out into its own class, named MarkedAllocator, and gave it + the responsibility of allocating objects from the collection of MarkedBlocks + that it manages. Also limited the amount of coupling to internal data fields + from other places, although it's mostly unavoidable in the JIT code. + + Eventually MarkedAllocator will implement various policies to do with object + management, e.g. whether or not to run destructors on objects that it manages. + MarkedSpace will manage a collection of MarkedAllocators with varying policies, + as it does now but to a larger extent. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): + * heap/Heap.cpp: + (JSC::Heap::collect): + (JSC::Heap::resetAllocators): + * heap/Heap.h: + (JSC::Heap::allocatorForObject): + (Heap): + * heap/MarkedAllocator.cpp: Added. + (JSC): + (JSC::MarkedAllocator::tryAllocateHelper): + (JSC::MarkedAllocator::tryAllocate): + (JSC::MarkedAllocator::allocateSlowCase): + (JSC::MarkedAllocator::allocateBlock): + (JSC::MarkedAllocator::addBlock): + (JSC::MarkedAllocator::removeBlock): + * heap/MarkedAllocator.h: Added. + (JSC): + (DFG): + (MarkedAllocator): + (JSC::MarkedAllocator::cellSize): + (JSC::MarkedAllocator::heap): + (JSC::MarkedAllocator::setHeap): + (JSC::MarkedAllocator::setCellSize): + (JSC::MarkedAllocator::setMarkedSpace): + (JSC::MarkedAllocator::MarkedAllocator): + (JSC::MarkedAllocator::allocate): + (JSC::MarkedAllocator::reset): + (JSC::MarkedAllocator::zapFreeList): + (JSC::MarkedAllocator::forEachBlock): + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::resetAllocators): + (JSC::MarkedSpace::canonicalizeCellLivenessData): + (JSC::TakeIfUnmarked::operator()): + * heap/MarkedSpace.h: + (MarkedSpace): + (JSC::MarkedSpace::allocatorFor): + (JSC::MarkedSpace::allocate): + (JSC::MarkedSpace::forEachBlock): + (JSC::MarkedSpace::didAddBlock): + (JSC::MarkedSpace::didConsumeFreeList): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateBasicJSObject): + +2012-02-03 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] Replace GNU linker script for exports with export macros in WTF/JSC + https://bugs.webkit.org/show_bug.cgi?id=77723 + + Reviewed by Tor Arne Vestbø. + + * wtf/Platform.h: Enable use of export macros. + +2012-02-02 Hajime Morrita <morrita@chromium.org> + + Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation. + + * interpreter/Interpreter.h: + (Interpreter): + +2012-01-31 Hajime Morrita <morrita@chromium.org> + + [Mac] eliminate JavaScriptCore.exp + https://bugs.webkit.org/show_bug.cgi?id=72854 + + Reviewed by Darin Adler. + + - Removed exp files and corresponding makefile entries. + - Changed the build configuration no to use exp file. + + * Configurations/JavaScriptCore.xcconfig: + * DerivedSources.make: + * JavaScriptCore.JSVALUE32_64only.exp: Removed. + * JavaScriptCore.JSVALUE64only.exp: Removed. + * JavaScriptCore.exp: Removed. + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/Platform.h: + +2012-02-02 Benjamin Poulain <bpoulain@apple.com> + + Running a Web Worker on about:blank crashes the interpreter + https://bugs.webkit.org/show_bug.cgi?id=77593 + + Reviewed by Michael Saboff. + + The method Interpreter::execute() was crashing on empty programs because + the assumption is made the source is not null. + + This patch shortcut the execution when the String is null to avoid invalid + memory access. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + +2012-02-02 Kalev Lember <kalevlember@gmail.com> + + [GTK] Use win32 native threading + https://bugs.webkit.org/show_bug.cgi?id=77676 + + Reviewed by Martin Robinson. + + r97269 switched from glib threading to pthreads, breaking win32 GTK+. + This is a follow up, removing some leftovers in ThreadSpecific.h and + switching win32 to use the native threading in ThreadingWin.cpp. + + * GNUmakefile.list.am: Compile in win32 native threading support + * wtf/ThreadSpecific.h: Remove GTK+-specific definitions + (ThreadSpecific): + (WTF::::destroy): + +2012-02-02 Filip Pizlo <fpizlo@apple.com> + + retrieveCallerFromVMCode should call trueCallerFrame + https://bugs.webkit.org/show_bug.cgi?id=77684 + + Reviewed by Oliver Hunt. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::retrieveCallerFromVMCode): + +2012-02-02 Kalev Lember <kalevlember@gmail.com> + + [GTK] Implement current executable path finding for win32 + https://bugs.webkit.org/show_bug.cgi?id=77677 + + Reviewed by Martin Robinson. + + The WTF helper for getting the binary path that was added in r101710 + left out the win32 implementation. Fix this. + + * wtf/gobject/GlibUtilities.cpp: + (getCurrentExecutablePath): + +2012-02-02 Filip Pizlo <fpizlo@apple.com> + + Throwing away bytecode and then reparsing during DFG optimization is just + plain wrong and makes things crash + https://bugs.webkit.org/show_bug.cgi?id=77680 + <rdar://problem/10798490> + + Reviewed by Oliver Hunt. + + This is the minimal surgical fix: it removes the code that triggered bytecode + throw-away. Once we're confident that this is a good idea, we can kill all of + the code that implements the feature. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::discardBytecodeLater): + (JSC::CodeBlock::addValueProfile): + * jit/JITDriver.h: + (JSC::jitCompileIfAppropriate): + (JSC::jitCompileFunctionIfAppropriate): + +2012-02-02 Filip Pizlo <fpizlo@apple.com> + + Release build debugging should be easier + https://bugs.webkit.org/show_bug.cgi?id=77669 + + Reviewed by Gavin Barraclough. + + * assembler/ARMAssembler.h: + (ARMAssembler): + (JSC::ARMAssembler::debugOffset): + * assembler/ARMv7Assembler.h: + (ARMv7Assembler): + (JSC::ARMv7Assembler::debugOffset): + (ARMInstructionFormatter): + (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset): + * assembler/AbstractMacroAssembler.h: + (AbstractMacroAssembler): + (JSC::AbstractMacroAssembler::debugOffset): + * assembler/AssemblerBuffer.h: + (AssemblerBuffer): + (JSC::AssemblerBuffer::debugOffset): + * assembler/LinkBuffer.h: + (LinkBuffer): + (JSC::LinkBuffer::debugSize): + * assembler/MIPSAssembler.h: + (MIPSAssembler): + (JSC::MIPSAssembler::debugOffset): + * assembler/X86Assembler.h: + (X86Assembler): + (JSC::X86Assembler::debugOffset): + (X86InstructionFormatter): + (JSC::X86Assembler::X86InstructionFormatter::debugOffset): + * bytecode/CodeBlock.cpp: + (JSC): + * bytecode/CodeBlock.h: + (CodeBlock): + * bytecode/CodeOrigin.h: + (CodeOrigin): + (JSC): + (JSC::CodeOrigin::inlineStack): + * bytecode/DFGExitProfile.h: + (JSC::DFG::exitKindToString): + * bytecode/DataFormat.h: + (JSC::dataFormatToString): + * bytecode/PredictedType.cpp: + (JSC): + (JSC::predictionToString): + * bytecode/PredictedType.h: + (JSC): + * bytecode/ValueRecovery.h: + (ValueRecovery): + (JSC::ValueRecovery::dump): + * bytecompiler/BytecodeGenerator.cpp: + (JSC): + (JSC::BytecodeGenerator::setDumpsGeneratedCode): + (JSC::BytecodeGenerator::dumpsGeneratedCode): + (JSC::BytecodeGenerator::generate): + * dfg/DFGAbstractValue.h: + (StructureAbstractValue): + (JSC::DFG::StructureAbstractValue::dump): + (AbstractValue): + (JSC::DFG::AbstractValue::dump): + * dfg/DFGAssemblyHelpers.h: + (DFG): + (AssemblyHelpers): + (JSC::DFG::AssemblyHelpers::debugCall): + * dfg/DFGFPRInfo.h: + (FPRInfo): + (JSC::DFG::FPRInfo::debugName): + * dfg/DFGGPRInfo.h: + (GPRInfo): + (JSC::DFG::GPRInfo::debugName): + * dfg/DFGGraph.cpp: + (DFG): + * dfg/DFGGraph.h: + (Graph): + * dfg/DFGNode.h: + (DFG): + (JSC::DFG::arithNodeFlagsAsString): + (Node): + (JSC::DFG::Node::hasIdentifier): + (JSC::DFG::Node::dumpChildren): + * dfg/DFGOSRExit.cpp: + (DFG): + (JSC::DFG::OSRExit::dump): + * dfg/DFGOSRExit.h: + (OSRExit): + * runtime/JSValue.cpp: + (JSC): + (JSC::JSValue::description): + * runtime/JSValue.h: + (JSValue): + * wtf/BitVector.cpp: + (WTF): + (WTF::BitVector::dump): + * wtf/BitVector.h: + (BitVector): + +2012-02-02 Oliver Hunt <oliver@apple.com> + + Getters and setters cause line numbers in errors/console.log to be offset for the whole file + https://bugs.webkit.org/show_bug.cgi?id=77675 + + Reviewed by Timothy Hatcher. + + Our default literal parsing logic doesn't handle the extra work required for + getters and setters. When it encounters one, it rolls back the lexer and + then switches to a more complete parsing function. Unfortunately it was only + winding back the character position, and was ignoring the line number and + other lexer data. This led to every getter and setter causing the line number + to be incorrectly incremented leading to increasingly incorrect numbers for + the rest of the file. + + * parser/Parser.cpp: + (JSC::::parseObjectLiteral): + +2012-02-02 Andy Wingo <wingo@igalia.com> + + Fix type punning warning in HashTable.h debug builds + https://bugs.webkit.org/show_bug.cgi?id=77422 + + Reviewed by Gavin Barraclough. + + * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning + warning appearing in debug builds with gcc-4.6.2 on GNU/Linux. + +2012-02-01 Michael Saboff <msaboff@apple.com> + + Yarr crash with regexp replace + https://bugs.webkit.org/show_bug.cgi?id=67454 + + Reviewed by Gavin Barraclough. + + Properly handle the case of a back reference to an unmatched + subpattern by always matching without consuming any characters. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::matchBackReference): + (JSC::Yarr::Interpreter::backtrackBackReference): + +2012-02-01 Gavin Barraclough <barraclough@apple.com> + + calling function on catch block scope containing an eval result in wrong this value being passed + https://bugs.webkit.org/show_bug.cgi?id=77581 + + Reviewed by Oliver Hunt. + + javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); } + + * bytecompiler/NodesCodegen.cpp: + (JSC::TryNode::emitBytecode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + * parser/ASTBuilder.h: + (JSC::ASTBuilder::createTryStatement): + * parser/NodeConstructors.h: + (JSC::TryNode::TryNode): + * parser/Nodes.h: + (TryNode): + * parser/Parser.cpp: + (JSC::::parseTryStatement): + * parser/SyntaxChecker.h: + (JSC::SyntaxChecker::createTryStatement): + * runtime/JSObject.h: + (JSObject): + (JSC::JSObject::isStaticScopeObject): + (JSC): + +2012-02-01 Oliver Hunt <oliver@apple.com> + + Add support for inferred function names + https://bugs.webkit.org/show_bug.cgi?id=77579 + + Reviewed by Gavin Barraclough. + + Add new "inferred" names to function expressions, getters, and setters. + This property is not exposed to JS, so is only visible in the debugger + and profiler. + + * JavaScriptCore.exp: + * bytecompiler/BytecodeGenerator.h: + (JSC::BytecodeGenerator::makeFunction): + * debugger/DebuggerCallFrame.cpp: + (JSC::DebuggerCallFrame::calculatedFunctionName): + * parser/ASTBuilder.h: + (JSC::ASTBuilder::createAssignResolve): + (JSC::ASTBuilder::createGetterOrSetterProperty): + (JSC::ASTBuilder::createProperty): + (JSC::ASTBuilder::makeAssignNode): + * parser/Nodes.h: + (JSC::FunctionBodyNode::setInferredName): + (JSC::FunctionBodyNode::inferredName): + (FunctionBodyNode): + * profiler/Profiler.cpp: + (JSC): + (JSC::Profiler::createCallIdentifier): + (JSC::createCallIdentifierFromFunctionImp): + * runtime/Executable.cpp: + (JSC::FunctionExecutable::FunctionExecutable): + (JSC::FunctionExecutable::fromGlobalCode): + * runtime/Executable.h: + (JSC::FunctionExecutable::create): + (JSC::FunctionExecutable::inferredName): + (FunctionExecutable): + * runtime/JSFunction.cpp: + (JSC::JSFunction::calculatedDisplayName): + (JSC): + (JSC::getCalculatedDisplayName): + * runtime/JSFunction.h: + (JSC): + +2012-02-01 Filip Pizlo <fpizlo@apple.com> + + DFG should fold double-to-int conversions + https://bugs.webkit.org/show_bug.cgi?id=77532 + + Reviewed by Oliver Hunt. + + Performance neutral on major benchmarks. But it makes calling V8's + Math.random() 4x faster. + + * bytecode/CodeBlock.cpp: + (JSC): + (JSC::CodeBlock::addOrFindConstant): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addConstant): + (CodeBlock): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::toInt32): + (ByteCodeParser): + (JSC::DFG::ByteCodeParser::getJSConstantForValue): + (JSC::DFG::ByteCodeParser::isInt32Constant): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::addShouldSpeculateInteger): + (Graph): + (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::doRoundOfDoubleVoting): + (JSC::DFG::Propagator::fixupNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileAdd): + (DFG): + (JSC::DFG::SpeculativeJIT::compileArithSub): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32): + (SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSValueInlineMethods.h: + (JSC::JSValue::asDouble): + +2012-02-01 Filip Pizlo <fpizlo@apple.com> + + DFG graph dump for GetScopedVar should show the correct prediction + https://bugs.webkit.org/show_bug.cgi?id=77530 + + Reviewed by Geoff Garen. + + GetScopedVar has a heap prediction, not a variable prediction. But it does + have a variable. Hence we need to check for heap predictions before checking + for variable predictions. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + +2012-02-01 Mark Hahnenberg <mhahnenberg@apple.com> + + Replace JSArray destructor with finalizer + https://bugs.webkit.org/show_bug.cgi?id=77488 + + Reviewed by Geoffrey Garen. + + * JavaScriptCore.exp: + * runtime/JSArray.cpp: + (JSC::JSArray::finalize): Added finalizer. + (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps. + (JSC): + (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps. + (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode + because the old name was confusing because we could have a sparse array that never + called enterSparseMode. + (JSC::JSArray::defineOwnNumericProperty): + (JSC::JSArray::setLengthWritable): + (JSC::JSArray::putByIndexBeyondVectorLength): + (JSC::JSArray::setLength): + (JSC::JSArray::pop): + (JSC::JSArray::sort): + (JSC::JSArray::compactForSorting): + * runtime/JSArray.h: + (JSArray): + +2012-02-01 Andy Wingo <wingo@igalia.com> + + Refactor identifier resolution in BytecodeGenerator + https://bugs.webkit.org/show_bug.cgi?id=76285 + + Reviewed by Geoffrey Garen. + + * bytecompiler/BytecodeGenerator.h: + (JSC::ResolveResult): New class, to describe the storage + location corresponding to an identifier in a program. + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::resolve): New function, replacing + findScopedProperty. + (JSC::BytecodeGenerator::resolveConstDecl): New function, + encapsulating what ConstDeclNode::emitBytecode used to do. + (JSC::BytecodeGenerator::emitGetStaticVar): + (JSC::BytecodeGenerator::emitPutStaticVar): New functions, + corresponding to the old emitGetScopedVar and emitPutScopedVar. + (JSC::BytecodeGenerator::registerFor): Remove version that took an + Identifier&; replaced by ResolveResult::local(). + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveBase): + (JSC::BytecodeGenerator::emitResolveBaseForPut): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a + "resolveResult" argument. This is more clear, and reduces the + amount of double analysis happening at compile-time. + * bytecompiler/NodesCodegen.cpp: + (JSC::ResolveNode::emitBytecode): + (JSC::EvalFunctionCallNode::emitBytecode): + (JSC::FunctionCallResolveNode::emitBytecode): + (JSC::PostfixResolveNode::emitBytecode): + (JSC::DeleteResolveNode::emitBytecode): + (JSC::TypeOfResolveNode::emitBytecode): + (JSC::PrefixResolveNode::emitBytecode): + (JSC::ReadModifyResolveNode::emitBytecode): + (JSC::AssignResolveNode::emitBytecode): + (JSC::ConstDeclNode::emitCodeSingle): + (JSC::ForInNode::emitBytecode): Refactor to use the new + ResolveResult structure. + +2012-02-01 Csaba Osztrogonác <ossy@webkit.org> + + Implement Error.stack + https://bugs.webkit.org/show_bug.cgi?id=66994 + + Unreviewed, rolling out r106407. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/AbstractPC.cpp: + (JSC::AbstractPC::AbstractPC): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::throwException): + * interpreter/Interpreter.h: + (JSC): + (Interpreter): + * jsc.cpp: + (GlobalObject::finishCreation): + * parser/Parser.h: + (JSC::::parse): + * runtime/CommonIdentifiers.h: + * runtime/Error.cpp: + (JSC::addErrorInfo): + * runtime/Error.h: + (JSC): + +2012-01-31 Hajime Morrita <morrita@chromium.org> + + Add missing JS_PRIVATE_EXPORTs + https://bugs.webkit.org/show_bug.cgi?id=77507 + + Reviewed by Kevin Ollivier. + + * heap/MarkedSpace.h: + (MarkedSpace): + * interpreter/Interpreter.h: + (Interpreter): + * runtime/JSValue.h: + (JSValue): + * wtf/text/AtomicString.h: + (WTF::AtomicString::add): + * wtf/text/WTFString.h: + (WTF): + +2012-01-31 Geoffrey Garen <ggaren@apple.com> + + Stop using -fomit-frame-pointer + https://bugs.webkit.org/show_bug.cgi?id=77403 + + Reviewed by Filip Pizlo. + + JavaScriptCore is too fast. I'm just the man to fix it. + + * Configurations/JavaScriptCore.xcconfig: + +2012-01-31 Michael Saboff <msaboff@apple.com> + + StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase + https://bugs.webkit.org/show_bug.cgi?id=76647 + + Reviewed by Darin Adler. + + Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar + to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle to special + cases. One case is s-sharp (0xdf) which converts to "SS". The other case is + for characters which become 16 bit values when converted to upper case. For + those, we up convert the the source string and use the 16 bit path. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncToUpperCase): + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::upper): + * wtf/unicode/CharacterNames.h: + (smallLetterSharpS): New constant + +2012-01-31 Oliver Hunt <oliver@apple.com> + + Remove unneeded sourceId property + https://bugs.webkit.org/show_bug.cgi?id=77495 + + Reviewed by Filip Pizlo. + + sourceId isn't used anymore, so we'll just remove it. + + * runtime/Error.cpp: + (JSC): + (JSC::addErrorInfo): + (JSC::hasErrorInfo): + +2012-01-31 Oliver Hunt <oliver@apple.com> + + Implement Error.stack + https://bugs.webkit.org/show_bug.cgi?id=66994 + + Reviewed by Gavin Barraclough. + + Original patch by Juan Carlos Montemayor Elosua: + This patch utilizes topCallFrame to create a stack trace when + an error is thrown. Users will also be able to use the stack() + command in jsc to get arrays with stack trace information. + + Modified to be correct on ToT, with a variety of correctness, + performance, and security improvements. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::getCallerLine): + (JSC::getSourceURLFromCallFrame): + (JSC::getStackFrameCodeType): + (JSC::Interpreter::getStackTrace): + (JSC::Interpreter::throwException): + * interpreter/Interpreter.h: + (JSC::StackFrame::toString): + * jsc.cpp: + (GlobalObject::finishCreation): + (functionJSCStack): + * parser/Parser.h: + (JSC::Parser::parse): + * runtime/CommonIdentifiers.h: + * runtime/Error.cpp: + (JSC::addErrorInfo): + * runtime/Error.h: + +2012-01-31 Scott Graham <scottmg@chromium.org> + + [Chromium] Remove references to gyp cygwin build target + https://bugs.webkit.org/show_bug.cgi?id=77253 + + Reviewed by Julien Chaffraix. + + Target dependency is no longer required, it's done earlier in the + build process. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2012-01-31 Michael Saboff <msaboff@apple.com> + + ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor + https://bugs.webkit.org/show_bug.cgi?id=77443 + + Reviewed by Gavin Barraclough. + + Removed failing ASSERT() and thus destructor. The ASSERT isn't needed. + We are hitting it in the YARR JIT case where we bail out and go to the + interpreter with a partially JIT'ed function. Since we haven't linked + the JIT'ed code, there is likely to be some unresolved jumps in the vector + when the ARMv7Assembler destructor is called. For the case where we + complete the JIT process, we clear the vector at the end of + LinkBuffer::linkCode (LinkBuffer.h:292). + + * assembler/ARMv7Assembler.h: + (ARMv7Assembler): + +2012-01-31 Anders Carlsson <andersca@apple.com> + + Vector<T>::operator== shouldn't require T to have operator!= + https://bugs.webkit.org/show_bug.cgi?id=77448 + + Reviewed by Andreas Kling. + + Change VectorComparer::compare to use !(a == b) instead of a != b since + it makes more sense for Vector::operator== to use the element's operator==. + + * wtf/Vector.h: + +2012-01-30 Oliver Hunt <oliver@apple.com> + + get_by_val_arguments is broken in the interpreter + https://bugs.webkit.org/show_bug.cgi?id=77389 + + Reviewed by Gavin Barraclough. + + When get_by_val had wad a value profile added, the same slot was not added to + get_by_val_arguments. This broke the interpreter as the interpreter falls + back on its regular get_by_val implementation. + + No tests are added as the interpreter is fairly broken in its + current state (multiple tests fail due to this bug). + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + (JSC): + (): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitGetArgumentByVal): + +2012-01-30 Oliver Hunt <oliver@apple.com> + + Unexpected syntax error + https://bugs.webkit.org/show_bug.cgi?id=77340 + + Reviewed by Gavin Barraclough. + + Function calls and new expressions have the same semantics for + assignment, so should simply share their lhs handling. + + * parser/Parser.cpp: + (JSC::::parseMemberExpression): + +2012-01-30 Gavin Barraclough <barraclough@apple.com> + + Unreviewed ARMv7 build fix. + + * tools/CodeProfiling.cpp: + (JSC): + (JSC::setProfileTimer): + (JSC::CodeProfiling::begin): + (JSC::CodeProfiling::end): + +2012-01-30 David Levin <levin@chromium.org> + + Using OS(WIN) or OS(MAC) should cause a build error. + https://bugs.webkit.org/show_bug.cgi?id=77162 + + Reviewed by Darin Adler. + + * wtf/Platform.h: Expand them into something that will + cause a compile error. + +2012-01-30 Yong Li <yoli@rim.com> + + [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM + https://bugs.webkit.org/show_bug.cgi?id=77360 + + Reviewed by Rob Buis. + + Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM) + for OS(QNX). + + * wtf/Platform.h: + +2012-01-30 Gavin Barraclough <barraclough@apple.com> + + Speculative Windows build fix. + + * assembler/MacroAssemblerCodeRef.h: + (FunctionPtr): + +2012-01-30 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=77163 + MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS) + + Rubber stamped by Geoff Garen + + * assembler/MacroAssemblerCodeRef.h: + +2012-01-30 Gavin Barraclough <barraclough@apple.com> + + Unreviewed build fix for interpreter builds. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + * bytecode/CodeBlock.h: + (CodeBlock): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * tools/CodeProfile.cpp: + (JSC::CodeProfile::sample): + +2012-01-30 Gavin Barraclough <barraclough@apple.com> + + Unreviewed build fix following bug#76855 + + * JavaScriptCore.exp: + +2012-01-30 Michael Saboff <msaboff@apple.com> + + CaseFoldingHash::hash() doesn't handle 8 bit strings directly + https://bugs.webkit.org/show_bug.cgi?id=76652 + + Reviewed by Andreas Kling. + + * wtf/text/StringHash.h: + (WTF::CaseFoldingHash::hash): Added 8 bit string code path. + +2012-01-30 Michael Saboff <msaboff@apple.com> + + stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement + https://bugs.webkit.org/show_bug.cgi?id=76651 + + Reviewed by Geoffrey Garen. + + Made local function substituteBackreferencesSlow a template function + based on character width. Cleaned up getCharacters() in both UString + and StringImpl. Changed getCharacters<UChar> to up convert an 8 bit + string to 16 bits if necessary. + + * runtime/StringPrototype.cpp: + (JSC::substituteBackreferencesSlow): + (JSC::substituteBackreferences): + * runtime/UString.h: + (JSC::LChar): + (JSC::UChar): + * wtf/text/StringImpl.h: + (WTF::UChar): + +2012-01-30 Gavin Barraclough <barraclough@apple.com> + + Clean up putDirect + https://bugs.webkit.org/show_bug.cgi?id=76232 + + Reviewed by Sam Weinig. + + Part 3 - merge op_put_getter & op_put_setter. + + Putting these separately is inefficient (and makes future optimiation, + e.g. making GetterSetter immutable) harder. Change to emit a single + op_put_getter_setter bytecode op. Ultimately we should probably be + able to merge this with put direct, to create a common op to initialize + object literal properties. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + (JSC): + (): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitPutGetterSetter): + * bytecompiler/BytecodeGenerator.h: + (BytecodeGenerator): + * bytecompiler/NodesCodegen.cpp: + (JSC::PropertyListNode::emitBytecode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + (JIT): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_put_getter_setter): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_put_getter_setter): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + (): + * runtime/JSObject.cpp: + (JSC::JSObject::putDirectVirtual): + (JSC::JSObject::putDirectAccessor): + (JSC): + (JSC::putDescriptor): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + (): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putDirect): + (JSC::JSObject::putDirectWithoutTransition): + +2012-01-30 Michael Saboff <msaboff@apple.com> + + Dromaeo tests call parseSimpleLengthValue() on 8 bit strings + https://bugs.webkit.org/show_bug.cgi?id=76649 + + Reviewed by Geoffrey Garen. + + * JavaScriptCore.exp: Added export for charactersToDouble. + +2012-01-30 Michael Saboff <msaboff@apple.com> + + WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding. + https://bugs.webkit.org/show_bug.cgi?id=76648 + + Reviewed by Geoffrey Garen. + + Added a new overloaded append member that takes a String& argument, an offest + and a length to do direct sub string appending to a StringBuilder. + + * wtf/text/StringBuilder.h: + (WTF::StringBuilder::append): + +2012-01-29 Zoltan Herczeg <zherczeg@webkit.org> + + Custom written CSS lexer + https://bugs.webkit.org/show_bug.cgi?id=70107 + + Reviewed by Antti Koivisto and Oliver Hunt. + + Add new helper functions for the custom written CSS lexer. + + * wtf/ASCIICType.h: + (WTF::toASCIILowerUnchecked): + (WTF): + (WTF::isASCIIAlphaCaselessEqual): + +2012-01-29 Filip Pizlo <fpizlo@apple.com> + + REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const + https://bugs.webkit.org/show_bug.cgi?id=77146 + <rdar://problem/10770586> + + Reviewed by Oliver Hunt. + + The old JIT expects that the result of the last operation is in the lastResultRegister. The DFG JIT is + designed to correctly track the lastResultRegister by looking at SetLocal nodes. However, when the DFG + JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the + lastResultRegister. Hence if we OSR exit on the first node following the end of an inlined code block + that had a return value, and that first node uses the return value, the old JIT will get massively + confused. This patch takes a surgical approach: instead of making the DFG smarter, it makes the old + JIT slightly dumber. + + * jit/JITCall.cpp: + (JSC::JIT::emit_op_call_put_result): + +2012-01-29 Filip Pizlo <fpizlo@apple.com> + + Build fix for Mac non-x64 platforms. + + * tools/CodeProfiling.cpp: + (JSC): + +2012-01-28 Gavin Barraclough <barraclough@apple.com> + + Reserve 'let' + https://bugs.webkit.org/show_bug.cgi?id=77293 + + Rubber stamped by Oliver Hunt. + + 'let' may become a keyword in ES6. We're going to try experimentally reserving it, + to see if this breaks the web. + + * parser/Keywords.table: + +2012-01-27 Gavin Barraclough <barraclough@apple.com> + + Implement a JIT-code aware sampling profiler for JSC + https://bugs.webkit.org/show_bug.cgi?id=76855 + + Reviewed by Oliver Hunt. + + To enable the profiler, set the JSC_CODE_PROFILING environment variable to + 1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively + trace all samples). + + The profiler requires -fomit-frame-pointer to be removed from the build flags. + + * JavaScriptCore.exp: + - Removed an export. + * JavaScriptCore.xcodeproj/project.pbxproj: + - Added new files + * bytecode/CodeBlock.cpp: + - For baseline codeblocks, cache the result of canCompileWithDFG. + * bytecode/CodeBlock.h: + - For baseline codeblocks, cache the result of canCompileWithDFG. + * jit/ExecutableAllocator.cpp: + (JSC::ExecutableAllocator::initializeAllocator): + - Notify the profiler when the allocator is created. + (JSC::ExecutableAllocator::allocate): + - Inform the allocated of the ownerUID. + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::ExecutableAllocator::initializeAllocator): + - Notify the profiler when the allocator is created. + (JSC::ExecutableAllocator::allocate): + - Inform the allocated of the ownerUID. + * jit/JITStubs.cpp: + - If profiling, don't mask the return address in JIT code. + (We do so to provide nicer backtraces in debug builds). + * runtime/Completion.cpp: + (JSC::evaluate): + - Notify the profiler of script evaluations. + * tools: Added. + * tools/CodeProfile.cpp: Added. + (JSC::symbolName): + - Helper function to get the name of a symbol in the framework. + (JSC::truncateTrace): + - Helper to truncate traces into methods know to have uninformatively deep stacks. + (JSC::CodeProfile::sample): + - Record a stack trace classifying samples. + (JSC::CodeProfile::report): + - {Print profiler output. + * tools/CodeProfile.h: Added. + - new class, captures a set of samples associated with an evaluated script, + and nested to record samples from subscripts. + * tools/CodeProfiling.cpp: Added. + (JSC::CodeProfiling::profilingTimer): + - callback fired then a timer event occurs. + (JSC::CodeProfiling::notifyAllocator): + - called when the executable allocator is constructed. + (JSC::CodeProfiling::getOwnerUIDForPC): + - helper to lookup the codeblock from an address in JIT code + (JSC::CodeProfiling::begin): + - enter a profiling scope. + (JSC::CodeProfiling::end): + - exit a profiling scope. + * tools/CodeProfiling.h: Added. + - new class, instantialed from Completion to define a profiling scope. + * tools/ProfileTreeNode.h: Added. + - new class, used to construct a tree of samples. + * tools/TieredMMapArray.h: Added. + - new class, a malloc-free vector (can be used while the main thread is suspended, + possibly holding the malloc heap lock). + * wtf/MetaAllocator.cpp: + (WTF::MetaAllocatorHandle::MetaAllocatorHandle): + (WTF::MetaAllocator::allocate): + - Allow allocation handles to track information about their owner. + * wtf/MetaAllocator.h: + (MetaAllocator): + - Allow allocation handles to track information about their owner. + * wtf/MetaAllocatorHandle.h: + (MetaAllocatorHandle): + (WTF::MetaAllocatorHandle::ownerUID): + - Allow allocation handles to track information about their owner. + * wtf/OSAllocator.h: + (WTF::OSAllocator::reallocateCommitted): + - reallocate an existing, committed memory allocation. + +2012-01-28 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r106187. + http://trac.webkit.org/changeset/106187 + https://bugs.webkit.org/show_bug.cgi?id=77276 + + The last rollout was a false charge. (Requested by morrita on + #webkit). + + * runtime/ExceptionHelpers.h: + (InterruptedExecutionError): + * runtime/JSBoundFunction.h: + (JSBoundFunction): + * runtime/RegExp.h: + (RegExp): + * runtime/RegExpMatchesArray.h: + (RegExpMatchesArray): + +2012-01-28 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r106151. + http://trac.webkit.org/changeset/106151 + https://bugs.webkit.org/show_bug.cgi?id=77275 + + may break windows build (Requested by morrita on #webkit). + + * runtime/ExceptionHelpers.h: + (InterruptedExecutionError): + * runtime/JSBoundFunction.h: + (JSBoundFunction): + * runtime/RegExp.h: + (RegExp): + * runtime/RegExpMatchesArray.h: + (RegExpMatchesArray): + +2012-01-28 Filip Pizlo <fpizlo@apple.com> + + GC invoked while doing an old JIT property storage reallocation may lead + to an object that refers to a dead structure + https://bugs.webkit.org/show_bug.cgi?id=77273 + <rdar://problem/10770565> + + Reviewed by Gavin Barraclough. + + The put_by_id transition was already saving the old structure by virtue of + having the object on the stack, so that wasn't going to get deleted. But the + new structure was unprotected in the transition. I've now changed the + transition code to save the new structure, ensuring that the GC will know it + to be marked if invoked from within put_by_id_transition_realloc. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + (JSC): + (): + +2012-01-27 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r106167. + http://trac.webkit.org/changeset/106167 + https://bugs.webkit.org/show_bug.cgi?id=77264 + + broke LayoutTests/fast/js/string-capitalization.html + (Requested by msaboff on #webkit). + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncToLowerCase): + (JSC::stringProtoFuncToUpperCase): + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::upper): + +2012-01-27 Filip Pizlo <fpizlo@apple.com> + + Build fix for interpreter platforms. + + * interpreter/AbstractPC.cpp: + (JSC::AbstractPC::AbstractPC): + +2012-01-27 Michael Saboff <msaboff@apple.com> + + StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase + https://bugs.webkit.org/show_bug.cgi?id=76647 + + Reviewed by Geoffrey Garen. + + Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar + to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle the two + 8 bit characters that when converted to upper case become 16 bit characters. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace. + (JSC::stringProtoFuncToUpperCase): + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::upper): + +2012-01-27 Hajime Morita <morrita@google.com> + + [JSC] ThunkGenerators.cpp should hide its asm-defined symbols + https://bugs.webkit.org/show_bug.cgi?id=77244 + + Reviewed by Filip Pizlo. + + * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS() + * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp + +2012-01-27 Simon Hausmann <simon.hausmann@nokia.com> + + [JSC] Asm-originated symbols should be marked as hidden + https://bugs.webkit.org/show_bug.cgi?id=77150 + + Reviewed by Filip Pizlo. + + * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches, + but they were missing in the CPU(X86) and the CPU(X86_64) cases. + +2012-01-27 MORITA Hajime <morrita@google.com> + + [JSC] Some JS_EXPORTDATA may not be necessary. + https://bugs.webkit.org/show_bug.cgi?id=77145 + + Reviewed by Darin Adler. + + Removed JS_EXPORTDATA attributes whose attributing symbols are + not exported on Mac port. + + * runtime/ExceptionHelpers.h: + (InterruptedExecutionError): + * runtime/JSBoundFunction.h: + (JSBoundFunction): + * runtime/RegExp.h: + (RegExp): + * runtime/RegExpMatchesArray.h: + (RegExpMatchesArray): + +2012-01-27 MORITA Hajime <morrita@google.com> + + [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs + https://bugs.webkit.org/show_bug.cgi?id=77113 + + Reviewed by Darin Adler. + + * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export. + +2012-01-27 Zeno Albisser <zeno@webkit.org> + + [Qt][Mac] Build fails after adding ICU support (r105997). + https://bugs.webkit.org/show_bug.cgi?id=77118 + + Use Apple code path for unicode date formats on mac. + + Reviewed by Tor Arne Vestbø. + + * runtime/DatePrototype.cpp: + (): + +2012-01-27 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Add a GKeyFile especialization to GOwnPtr + https://bugs.webkit.org/show_bug.cgi?id=77191 + + Reviewed by Martin Robinson. + + * wtf/gobject/GOwnPtr.cpp: + (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile. + * wtf/gobject/GOwnPtr.h: Add GKeyFile template. + * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile. + +2012-01-25 Yury Semikhatsky <yurys@chromium.org> + + Web Inspector: should be possible to open function declaration from script popover + https://bugs.webkit.org/show_bug.cgi?id=76913 + + Added display function name and source location to the popover in scripts panel. + Now when a function is hovered user can navigate to its definition. + + Reviewed by Pavel Feldman. + + * JavaScriptCore/JavaScriptCore.exp + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSFunction.h: + (JSFunction): + +2012-01-26 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior. + + * runtime/DatePrototype.cpp: + (): + +2012-01-26 Mark Hahnenberg <mhahnenberg@apple.com> + + Merge AllocationSpace into MarkedSpace + https://bugs.webkit.org/show_bug.cgi?id=77116 + + Reviewed by Geoffrey Garen. + + Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to + MarkedSpace allocation. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * heap/AllocationSpace.cpp: Removed. + * heap/AllocationSpace.h: Removed. + * heap/BumpSpace.h: + (BumpSpace): + * heap/Heap.h: + (JSC::Heap::objectSpace): + (Heap): + (): + * heap/HeapBlock.h: + (): + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::tryAllocateHelper): + (JSC): + (JSC::MarkedSpace::tryAllocate): + (JSC::MarkedSpace::allocateSlowCase): + (JSC::MarkedSpace::allocateBlock): + (JSC::MarkedSpace::freeBlocks): + (TakeIfUnmarked): + (JSC::TakeIfUnmarked::TakeIfUnmarked): + (JSC::TakeIfUnmarked::operator()): + (JSC::TakeIfUnmarked::returnValue): + (JSC::MarkedSpace::shrink): + (GatherDirtyCells): + (JSC::GatherDirtyCells::returnValue): + (JSC::GatherDirtyCells::GatherDirtyCells): + (JSC::GatherDirtyCells::operator()): + (JSC::MarkedSpace::gatherDirtyCells): + * heap/MarkedSpace.h: + (MarkedSpace): + (JSC::MarkedSpace::blocks): + (JSC::MarkedSpace::forEachCell): + (JSC): + (JSC::MarkedSpace::allocate): + +2012-01-26 Oliver Hunt <oliver@apple.com> + + MSVC bug fix. + <rdar://problem/10703671> MSVC generates bad code for enum compare. + + RS=Geoff + + Make bitfield large enough to work around MSVC's desire to make enums + signed types. + + * bytecode/CallLinkInfo.h: + (CallLinkInfo): + +2012-01-26 Filip Pizlo <fpizlo@apple.com> + + All DFG helpers that may call out to arbitrary JS code must know where they + were called from due to inlining and call stack walking + https://bugs.webkit.org/show_bug.cgi?id=77070 + <rdar://problem/10750834> + + Reviewed by Geoff Garen. + + Changed the DFG to always record a code origin index in the tag of the argument + count (which we previously left blank for the benefit of LLInt, but is still + otherwise unused by the DFG), so that if we ever need to walk the stack accurately + we know where to start. In particular, if the current ExecState* points several + semantic call frames away from the true semantic call frame because we had + performed inlining, having the code origin index recorded means that we can reify + those call frames as necessary to give runtime/library code an accurate view of + the current JS state. + + This required several large but mechanical changes: + + - Calling a function from the DFG now plants a store32 instruction to store the + code origin index. But the indices of code origins were previously picked by + the DFG::JITCompiler after code generation completed. I changed this somewhat; + even though the code origins are put into the CodeBlock after code gen, the + code gen now knows a priori what their indices will be. Extensive assertions + are in place to ensure that the two don't get out of sync, in the form of the + DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls; + those don't need the code origin index set in the call frame because we can get + it by doing a binary search on the return PC. + + - Stack walking now always calls trueCallFrame() first before beginning the walk, + since even the top call frame may be wrong. It still calls trueCallerFrame() as + before to get to the next frame, though trueCallerFrame() is now mostly a + wrapper around callerFrame()->trueCallFrame(). + + - Because the mechanism for getting the code origin of a call frame is bimodal + (either the call frame knows its code origin because the code origin index was + set, or it's necessary to use the callee frame's return PC), I put in extra + mechanisms to determine whether your caller, or your callee, corresponds to + a call out of C++ code. Previously we just had the host call flag, but this is + insufficient as it does not cover the case of someone calling JSC::call(). But + luckily we can determine this just by looking at the return PC: if the return + PC is in range of the ctiTrampiline, then two things are true: this call + frame's PC will tell you nothing about where you came from in your caller, and + the caller already knows where it's at because it must have set the code origin + index (unless it's not DFG code, in which case we don't care because there is + no inlining to worry about). + + - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's + inlining code, so I fixed it. + + - Finally because I was tired of doing random #if's for checking if I should be + passing around an Instruction* or a ReturnAddressPtr, I created a class called + AbstractPC that holds whatever notion of a PC is appropriate for the current + execution environment. It's designed to work gracefully even if both the + interpreter and the JIT are compiled in, and should integrate nicely with the + LLInt. + + This is neutral on all benchmarks and fixes some nasty corner-case regressions of + evil code that uses combinations of getters/setters and function.arguments. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.h: + (JSC::CodeBlock::codeOrigin): + (CodeBlock): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleInlining): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (CallBeginToken): + (JSC::DFG::CallBeginToken::CallBeginToken): + (JSC::DFG::CallBeginToken::assertCodeOriginIndex): + (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex): + (DFG): + (JSC::DFG::CallExceptionRecord::CallExceptionRecord): + (CallExceptionRecord): + (JSC::DFG::JITCompiler::JITCompiler): + (JITCompiler): + (JSC::DFG::JITCompiler::nextCallBeginToken): + (JSC::DFG::JITCompiler::beginCall): + (JSC::DFG::JITCompiler::notifyCall): + (JSC::DFG::JITCompiler::addExceptionCheck): + (JSC::DFG::JITCompiler::addFastExceptionCheck): + * dfg/DFGOperations.cpp: + (): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryBuildGetByIDList): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + * interpreter/AbstractPC.cpp: Added. + (JSC): + (JSC::AbstractPC::AbstractPC): + * interpreter/AbstractPC.h: Added. + (JSC): + (AbstractPC): + (JSC::AbstractPC::AbstractPC): + (JSC::AbstractPC::hasJITReturnAddress): + (JSC::AbstractPC::jitReturnAddress): + (JSC::AbstractPC::hasInterpreterReturnAddress): + (JSC::AbstractPC::interpreterReturnAddress): + (JSC::AbstractPC::isSet): + (JSC::AbstractPC::operator!): + (): + * interpreter/CallFrame.cpp: + (JSC): + (JSC::CallFrame::trueCallFrame): + (JSC::CallFrame::trueCallerFrame): + * interpreter/CallFrame.h: + (JSC::ExecState::abstractReturnPC): + (JSC::ExecState::codeOriginIndexForDFGWithInlining): + (ExecState): + (JSC::ExecState::trueCallFrame): + (JSC::ExecState::trueCallFrameFromVMCode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::retrieveArgumentsFromVMCode): + (JSC::Interpreter::retrieveCallerFromVMCode): + (JSC::Interpreter::findFunctionCallFrameFromVMCode): + * interpreter/Interpreter.h: + (Interpreter): + (): + * jit/JITStubs.cpp: + (JSC): + (): + * jit/JITStubs.h: + (JSC): + (JSC::returnAddressIsInCtiTrampoline): + * runtime/JSFunction.cpp: + (JSC::JSFunction::argumentsGetter): + (JSC::JSFunction::callerGetter): + (JSC::JSFunction::getOwnPropertyDescriptor): + +2012-01-26 Peter Varga <pvarga@webkit.org> + + Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG + https://bugs.webkit.org/show_bug.cgi?id=77104 + + Reviewed by Filip Pizlo. + + * dfg/DFGOperations.cpp: + (): + +2012-01-26 Michael Saboff <msaboff@apple.com> + + String::latin1() should take advantage of 8 bit strings + https://bugs.webkit.org/show_bug.cgi?id=76646 + + Reviewed by Geoffrey Garen. + + * wtf/text/WTFString.cpp: + (WTF::String::latin1): For 8 bit strings, use existing buffer + without conversion. + +2012-01-26 Michael Saboff <msaboff@apple.com> + + Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions + https://bugs.webkit.org/show_bug.cgi?id=76645 + + Reviewed by Geoffrey Garen. + + * wtf/text/StringImpl.cpp: + (WTF::equalIgnoringCase): New LChar version. + (WTF::findInner): New helper function. + (WTF::StringImpl::find): Added 8 bit path. + (WTF::reverseFindInner): New helper funciton. + (WTF::StringImpl::reverseFind): Added 8 bit path. + (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path. + * wtf/text/StringImpl.h: + (WTF): + +2012-01-26 Csaba Osztrogonác <ossy@webkit.org> + + [Qt][Win] One more speculative buildfix after r105970. + + * JavaScriptCore.pri: + +2012-01-26 Csaba Osztrogonác <ossy@webkit.org> + + [Qt][Win] Speculative buildfix after r105970. + + * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC(). + +2012-01-26 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r105982. + http://trac.webkit.org/changeset/105982 + https://bugs.webkit.org/show_bug.cgi?id=77090 + + breaks the world (Requested by WildFox on #webkit). + + * wtf/MainThread.cpp: + (WTF): + * wtf/Platform.h: + * wtf/mac/MainThreadMac.mm: + (WTF): + (WTF::registerGCThread): + (WTF::isMainThreadOrGCThread): + +2012-01-26 Roland Takacs <takacs.roland@stud.u-szeged.hu> + + [Qt] GC should be parallel on Qt platform + https://bugs.webkit.org/show_bug.cgi?id=73309 + + Reviewed by Zoltan Herczeg. + + These changes made the parallel gc feature available for Qt port. + The implementation of "registerGCThread" and "isMainThreadOrGCThread" + is moved from MainThreadMac.mm to the common MainThread.cpp to make + them available for other platforms. + + Measurement results: + V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ] + WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms] + V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ] + + Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. + + * wtf/MainThread.cpp: + (WTF): + (WTF::registerGCThread): + (WTF::isMainThreadOrGCThread): + * wtf/Platform.h: + * wtf/mac/MainThreadMac.mm: + +2012-01-26 Andy Estes <aestes@apple.com> + + REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types + https://bugs.webkit.org/show_bug.cgi?id=77073 + + Reviewed by Ryosuke Niwa. + + r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined. + This should have been changed to OS(WINDOWS). This causes the + preprocessor to strip out Win32 data type overrides for deleteOwnedPtr, + causing allocations made by Win32 to be deleted by fastmalloc. + + * wtf/OwnPtrCommon.h: + (WTF): Use OS(WINDOWS) instead of OS(WIN). + +2012-01-25 Mark Rowe <mrowe@apple.com> + + Attempted Mac build fix after r105939. + + * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS. + It isn't used on these platforms and isn't available in the ICU headers + for Mac. + +2012-01-25 Mark Rowe <mrowe@apple.com> + + Build in to an alternate location when USE_STAGING_INSTALL_PATH is set. + + <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH + + Reviewed by David Kilzer. + + * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains + the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR + to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. + * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on + the normal framework location. This prevents an incorrect install name from being used when + installing in to the staged frameworks directory. + +2012-01-25 Eli Fidler <efidler@rim.com> + + Implement Date.toLocaleString() using ICU + https://bugs.webkit.org/show_bug.cgi?id=76714 + + Reviewed by Darin Adler. + + * runtime/DatePrototype.cpp: + (JSC::formatLocaleDate): + +2012-01-25 Hajime Morita <morrita@google.com> + + ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom + https://bugs.webkit.org/show_bug.cgi?id=76863 + + Reviewed by Dimitri Glazkov. + + Added a feature flag. + + * Configurations/FeatureDefines.xcconfig: + +2012-01-25 Yong Li <yoli@rim.com> + + [BlackBerry] Implement OSAllocator::commit/decommit. + BlackBerry port should support virtual memory decommiting. + https://bugs.webkit.org/show_bug.cgi?id=77013 + + Reviewed by Rob Buis. + + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveUncommitted): + (WTF::OSAllocator::commit): + (WTF::OSAllocator::decommit): + * wtf/Platform.h: + +2012-01-24 Oliver Hunt <oliver@apple.com> + + Make DFG update topCallFrame + https://bugs.webkit.org/show_bug.cgi?id=76969 + + Reviewed by Filip Pizlo. + + Add NativeCallFrameTracer to manage topCallFrame assignment + in the DFG operations, and make use of it. + + * dfg/DFGOperations.cpp: + (JSC::DFG::operationPutByValInternal): + (): + * interpreter/Interpreter.h: + (JSC): + (NativeCallFrameTracer): + (JSC::NativeCallFrameTracer::NativeCallFrameTracer): + +2012-01-24 Filip Pizlo <fpizlo@apple.com> + + Inlining breaks call frame walking when the walking is done from outside the inlinee, + but inside a code block that had inlining + https://bugs.webkit.org/show_bug.cgi?id=76978 + <rdar://problem/10720904> + + Reviewed by Oliver Hunt. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::codeOriginForReturn): + * interpreter/CallFrame.cpp: + (JSC::CallFrame::trueCallerFrame): + +2012-01-24 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=76855 + Implement a JIT-code aware sampling profiler for JSC + + Reviewed by Oliver Hunt. + + Add support to MetaAllocator.cpp to track all live handles in a map, + allowing lookup based on any address within the allocation. + + * wtf/MetaAllocator.cpp: + (WTF::MetaAllocatorTracker::notify): + (WTF::MetaAllocatorTracker::release): + - Track live handle objects in a map. + (WTF::MetaAllocator::release): + - Removed support for handles with null m_allocator (no longer used). + - Notify the tracker of handles being released. + (WTF::MetaAllocatorHandle::~MetaAllocatorHandle): + - Moved functionality out into MetaAllocator::release. + (WTF::MetaAllocatorHandle::shrink): + - Removed support for handles with null m_allocator (no longer used). + (WTF::MetaAllocator::MetaAllocator): + - Initialize m_tracker. + (WTF::MetaAllocator::allocate): + - Notify the tracker of new allocations. + * wtf/MetaAllocator.h: + (WTF::MetaAllocatorTracker::find): + - Lookup a MetaAllocatorHandle based on an address inside the allocation. + (WTF::MetaAllocator::trackAllocations): + - Register a callback object to track allocation state. + * wtf/MetaAllocatorHandle.h: + - Remove unused createSelfManagedHandle/constructor. + (WTF::MetaAllocatorHandle::key): + - Added, for use in RedBlackTree. + +2012-01-24 Mark Hahnenberg <mhahnenberg@apple.com> + + Use copying collector for out-of-line JSObject property storage + https://bugs.webkit.org/show_bug.cgi?id=76665 + + Reviewed by Geoffrey Garen. + + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. + Also added a temporary variable to avoid warnings from GCC. + (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to + operator new. Also added a temporary variable to avoid warnings from GCC. + * runtime/JSObject.h: + +2012-01-24 Geoffrey Garen <ggaren@apple.com> + + JSValue::toString() should return a JSString* instead of a UString + https://bugs.webkit.org/show_bug.cgi?id=76861 + + Fixed two failing layout tests after my last patch. + + Reviewed by Gavin Barraclough. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncSort): Call value() after calling toString(), as + in all other cases. + + I missed this case because the JSString* type has a valid operator<, + so the compiler didn't complain. + +2012-01-24 Kenichi Ishibashi <bashi@chromium.org> + + [V8] Add Uint8ClampedArray support + https://bugs.webkit.org/show_bug.cgi?id=76803 + + Reviewed by Kenneth Russell. + + * wtf/ArrayBufferView.h: + (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added. + * wtf/Uint8ClampedArray.h: + (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true. + +2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Add WebKitDownload to WebKit2 GTK+ API + https://bugs.webkit.org/show_bug.cgi?id=72949 + + Reviewed by Martin Robinson. + + * wtf/gobject/GOwnPtr.cpp: + (WTF::GTimer): Use g_timer_destroy() to free a GTimer. + * wtf/gobject/GOwnPtr.h: Add GTimer template. + * wtf/gobject/GTypedefs.h: Add GTimer forward declaration. + +2012-01-24 Ilya Tikhonovsky <loislo@chromium.org> + + Unreviewed build fix for Qt LinuxSH4 build after r105698. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + +2012-01-23 Geoffrey Garen <ggaren@apple.com> + + JSValue::toString() should return a JSString* instead of a UString + https://bugs.webkit.org/show_bug.cgi?id=76861 + + Reviewed by Gavin Barraclough. + + This makes the common case -- toString() on a string -- faster and + inline-able. (Not a measureable speedup, but we can now remove a bunch + of duplicate hand-rolled code for this optimization.) + + This also clarifies the boundary between "C++ strings" and "JS strings". + + In all cases other than true, false, null, undefined, and multi-digit + numbers, the JS runtime was just retrieving a UString from a JSString, + so returning a JSString* is strictly better. In the other cases, we can + optimize to avoid creating a new JSString if we care to, but it doesn't + seem to be a big deal. + + * JavaScriptCore.exp: Export! + + * jsc.cpp: + (functionPrint): + (functionDebug): + (functionRun): + (functionLoad): + (functionCheckSyntax): + (runWithScripts): + (runInteractive): + * API/JSValueRef.cpp: + (JSValueToStringCopy): + * bytecode/CodeBlock.cpp: + (JSC::valueToSourceString): Call value() after calling toString(), to + convert from "JS string" (JSString*) to "C++ string" (UString), since + toString() no longer returns a "C++ string". + + * dfg/DFGOperations.cpp: + (JSC::DFG::operationValueAddNotNumber): + * jit/JITStubs.cpp: + (op_add): Updated for removal of toPrimitiveString(): + all '+' operands can use toString(), except for object operands, which + need to take a slow path to call toPrimitive(). + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + (JSC::arrayProtoFuncToLocaleString): + (JSC::arrayProtoFuncJoin): + (JSC::arrayProtoFuncPush): + * runtime/CommonSlowPaths.h: + (JSC::CommonSlowPaths::opIn): + * runtime/DateConstructor.cpp: + (JSC::dateParse): + * runtime/DatePrototype.cpp: + (JSC::formatLocaleDate): Call value() after calling toString(), as above. + + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::create): Simplified down to one canonical create() + function, to make string handling easier. + + * runtime/ErrorPrototype.cpp: + (JSC::errorProtoFuncToString): + * runtime/ExceptionHelpers.cpp: + (JSC::createInvalidParamError): + (JSC::createNotAConstructorError): + (JSC::createNotAFunctionError): + (JSC::createNotAnObjectError): + * runtime/FunctionConstructor.cpp: + (JSC::constructFunctionSkippingEvalEnabledCheck): + * runtime/FunctionPrototype.cpp: + (JSC::functionProtoFuncBind): + * runtime/JSArray.cpp: + (JSC::JSArray::sort): Call value() after calling toString(), as above. + + * runtime/JSCell.cpp: + * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this + job now. Doing it in JSCell is slower (requires extra type checking), and + creates the misimpression that language-defined toString() behavior is + an implementation detail of JSCell. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::encode): + (JSC::decode): + (JSC::globalFuncEval): + (JSC::globalFuncParseInt): + (JSC::globalFuncParseFloat): + (JSC::globalFuncEscape): + (JSC::globalFuncUnescape): Call value() after calling toString(), as above. + + * runtime/JSONObject.cpp: + (JSC::unwrapBoxedPrimitive): + (JSC::Stringifier::Stringifier): + (JSC::JSONProtoFuncParse): Removed some manual optimization that toString() + takes care of. + + * runtime/JSObject.cpp: + (JSC::JSObject::toString): + * runtime/JSObject.h: Updated to return JSString*. + + * runtime/JSString.cpp: + * runtime/JSString.h: + (JSC::JSValue::toString): Removed, since I removed JSCell::toString(). + + * runtime/JSValue.cpp: + (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re- + spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString() + basically did what we want all the time. (Note that the toPrimitive() + preference changes from NoPreference to PreferString, because that's + how ToString is defined in the language. op_add does not want this behavior.) + + * runtime/NumberPrototype.cpp: + (JSC::numberProtoFuncToString): + (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString() + returns a JSString*. + + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorGetOwnPropertyDescriptor): + (JSC::objectConstructorDefineProperty): + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncHasOwnProperty): + (JSC::objectProtoFuncDefineGetter): + (JSC::objectProtoFuncDefineSetter): + (JSC::objectProtoFuncLookupGetter): + (JSC::objectProtoFuncLookupSetter): + (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above. + + * runtime/Operations.cpp: + (JSC::jsAddSlowCase): Need to check for object before taking the toString() + fast path becuase adding an object to a string requires calling toPrimitive() + on the object, not toString(). (They differ in their preferred conversion + type.) + + * runtime/Operations.h: + (JSC::jsString): + (JSC::jsStringFromArguments): This code gets simpler, now that toString() + does the right thing. + + (JSC::jsAdd): Now checks for object, just like jsAddSlowCase(). + + * runtime/RegExpConstructor.cpp: + (JSC::setRegExpConstructorInput): + (JSC::constructRegExp): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::match): + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncCompile): + (JSC::regExpProtoFuncToString): More calls to value(), as above. + + * runtime/StringConstructor.cpp: + (JSC::constructWithStringConstructor): + (JSC::callStringConstructor): This code gets simpler, now that toString() + does the right thing. + + * runtime/StringPrototype.cpp: + (JSC::replaceUsingRegExpSearch): + (JSC::replaceUsingStringSearch): + (JSC::stringProtoFuncReplace): + (JSC::stringProtoFuncCharAt): + (JSC::stringProtoFuncCharCodeAt): + (JSC::stringProtoFuncConcat): + (JSC::stringProtoFuncIndexOf): + (JSC::stringProtoFuncLastIndexOf): + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + (JSC::stringProtoFuncSlice): + (JSC::stringProtoFuncSplit): + (JSC::stringProtoFuncSubstr): + (JSC::stringProtoFuncSubstring): + (JSC::stringProtoFuncToLowerCase): + (JSC::stringProtoFuncToUpperCase): + (JSC::stringProtoFuncLocaleCompare): + (JSC::stringProtoFuncBig): + (JSC::stringProtoFuncSmall): + (JSC::stringProtoFuncBlink): + (JSC::stringProtoFuncBold): + (JSC::stringProtoFuncFixed): + (JSC::stringProtoFuncItalics): + (JSC::stringProtoFuncStrike): + (JSC::stringProtoFuncSub): + (JSC::stringProtoFuncSup): + (JSC::stringProtoFuncFontcolor): + (JSC::stringProtoFuncFontsize): + (JSC::stringProtoFuncAnchor): + (JSC::stringProtoFuncLink): + (JSC::trimString): Some of this code gets simpler, now that toString() + does the right thing. More calls to value(), as above. + +2012-01-23 Luke Macpherson <macpherson@chromium.org> + + Unreviewed, rolling out r105676. + http://trac.webkit.org/changeset/105676 + https://bugs.webkit.org/show_bug.cgi?id=76665 + + Breaks build on max due to compile warnings. + + * runtime/JSObject.cpp: + (JSC::JSObject::finalize): + (JSC::JSObject::visitChildren): + (JSC::JSObject::allocatePropertyStorage): + * runtime/JSObject.h: + +2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com> + + Use copying collector for out-of-line JSObject property storage + https://bugs.webkit.org/show_bug.cgi?id=76665 + + Reviewed by Geoffrey Garen. + + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. + (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to + operator new. + * runtime/JSObject.h: + +2012-01-23 Brian Weinstein <bweinstein@apple.com> + + More build fixing after r105646. + + * JavaScriptCore.exp: + +2012-01-23 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=76855 + Implement a JIT-code aware sampling profiler for JSC + + Reviewed by Geoff Garen. + + Step 2: generalize RedBlackTree. The profiler is going to want tio use + a RedBlackTree, allow this class to work with subclasses of + RedBlackTree::Node, Node should not need to know the names of the m_key + and m_value fields (the subclass can provide a key() accessor), and + RedBlackTree does not need to know anything about ValueType. + + * JavaScriptCore.exp: + * wtf/MetaAllocator.cpp: + (WTF::MetaAllocator::findAndRemoveFreeSpace): + (WTF::MetaAllocator::debugFreeSpaceSize): + (WTF::MetaAllocator::addFreeSpace): + * wtf/MetaAllocator.h: + (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode): + (WTF::MetaAllocator::FreeSpaceNode::key): + * wtf/MetaAllocatorHandle.h: + (WTF::MetaAllocatorHandle::key): + * wtf/RedBlackTree.h: + (WTF::RedBlackTree::Node::successor): + (WTF::RedBlackTree::Node::predecessor): + (WTF::RedBlackTree::Node::parent): + (WTF::RedBlackTree::Node::setParent): + (WTF::RedBlackTree::Node::left): + (WTF::RedBlackTree::Node::setLeft): + (WTF::RedBlackTree::Node::right): + (WTF::RedBlackTree::Node::setRight): + (WTF::RedBlackTree::insert): + (WTF::RedBlackTree::remove): + (WTF::RedBlackTree::findExact): + (WTF::RedBlackTree::findLeastGreaterThanOrEqual): + (WTF::RedBlackTree::findGreatestLessThanOrEqual): + (WTF::RedBlackTree::first): + (WTF::RedBlackTree::last): + (WTF::RedBlackTree::size): + (WTF::RedBlackTree::treeMinimum): + (WTF::RedBlackTree::treeMaximum): + (WTF::RedBlackTree::treeInsert): + (WTF::RedBlackTree::leftRotate): + (WTF::RedBlackTree::rightRotate): + (WTF::RedBlackTree::removeFixup): + +2012-01-23 Andy Estes <aestes@apple.com> + + Fix the build after r105635. + + * JavaScriptCore.exp: + +2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove StackBounds from JSGlobalData + https://bugs.webkit.org/show_bug.cgi?id=76310 + + Reviewed by Sam Weinig. + + Removed StackBounds and the stack() function from JSGlobalData since it no + longer accessed any members of JSGlobalData. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + * heap/MachineStackMarker.cpp: + (JSC::MachineThreads::addCurrentThread): + (JSC::MachineThreads::gatherFromCurrentThread): + * parser/Parser.cpp: + (JSC::::Parser): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + +2012-01-23 Gavin Barraclough <barraclough@apple.com> + + Implement a JIT-code aware sampling profiler for JSC + https://bugs.webkit.org/show_bug.cgi?id=76855 + + Rubber stanmped by Geoff Garen. + + Mechanical change - pass CodeBlock through to the executable allocator, + such that we will be able to map ranges of JIT code back to their owner. + + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::executableCopy): + * assembler/ARMAssembler.h: + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::executableCopy): + * assembler/AssemblerBufferWithConstantPool.h: + (JSC::AssemblerBufferWithConstantPool::executableCopy): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::LinkBuffer): + (JSC::LinkBuffer::linkCode): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::executableCopy): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::executableCopy): + * assembler/X86Assembler.h: + (JSC::X86Assembler::executableCopy): + (JSC::X86Assembler::X86InstructionFormatter::executableCopy): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGRepatch.cpp: + (JSC::DFG::generateProtoChainAccessStub): + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::tryBuildGetByIDList): + (JSC::DFG::tryCachePutByID): + * dfg/DFGThunks.cpp: + (JSC::DFG::osrExitGenerationThunkGenerator): + * jit/ExecutableAllocator.cpp: + (JSC::ExecutableAllocator::allocate): + * jit/ExecutableAllocator.h: + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::ExecutableAllocator::allocate): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITStubs.cpp: + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::finalize): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::compile): + +2012-01-23 Xianzhu Wang <wangxianzhu@chromium.org> + + Basic enhancements to StringBuilder + https://bugs.webkit.org/show_bug.cgi?id=67081 + + This change contains the following enhancements to StringBuilder, + for convenience, performance, testability, etc.: + - Change toStringPreserveCapacity() to const + - new public methods: capacity(), swap(), toAtomicString(), canShrink() + and append(const StringBuilder&) + - == and != opearators to compare StringBuilders and a StringBuilder/String + + Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp + + Reviewed by Darin Adler. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/text/AtomicString.cpp: + (WTF::SubstringTranslator::hash): + (WTF::SubstringTranslator::equal): + (WTF::SubstringTranslator::translate): + (WTF::AtomicString::add): + (WTF::AtomicString::addSlowCase): + * wtf/text/AtomicString.h: + (WTF::AtomicString::AtomicString): + (WTF::AtomicString::add): + * wtf/text/StringBuilder.cpp: + (WTF::StringBuilder::reifyString): + (WTF::StringBuilder::resize): + (WTF::StringBuilder::canShrink): + (WTF::StringBuilder::shrinkToFit): + * wtf/text/StringBuilder.h: + (WTF::StringBuilder::append): + (WTF::StringBuilder::toString): + (WTF::StringBuilder::toStringPreserveCapacity): + (WTF::StringBuilder::toAtomicString): + (WTF::StringBuilder::isEmpty): + (WTF::StringBuilder::capacity): + (WTF::StringBuilder::is8Bit): + (WTF::StringBuilder::swap): + (WTF::equal): + (WTF::operator==): + (WTF::operator!=): + * wtf/text/StringImpl.h: + +2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Add missing files, remove deleted files and + fix indentation. + +2012-01-22 Filip Pizlo <fpizlo@apple.com> + + Build fix for non-DFG platforms that error out on warn-unused-parameter. + + * bytecode/CallLinkStatus.cpp: + (JSC::CallLinkStatus::computeFor): + * bytecode/GetByIdStatus.cpp: + (JSC::GetByIdStatus::computeFor): + * bytecode/MethodCallLinkStatus.cpp: + (JSC::MethodCallLinkStatus::computeFor): + * bytecode/PutByIdStatus.cpp: + (JSC::PutByIdStatus::computeFor): + +2012-01-22 Filip Pizlo <fpizlo@apple.com> + + Build fix for non-DFG platforms. + + * bytecode/CallLinkStatus.cpp: + (JSC::CallLinkStatus::computeFor): + * bytecode/GetByIdStatus.cpp: + (JSC::GetByIdStatus::computeFor): + * bytecode/MethodCallLinkStatus.cpp: + (JSC::MethodCallLinkStatus::computeFor): + * bytecode/PutByIdStatus.cpp: + (JSC::PutByIdStatus::computeFor): + +2012-01-20 Filip Pizlo <fpizlo@apple.com> + + DFG should not have code that directly decodes the states of old JIT inline + cache data structures + https://bugs.webkit.org/show_bug.cgi?id=76768 + + Reviewed by Sam Weinig. + + Introduced new classes (like GetByIdStatus) that encapsulate the set of things + that the DFG would like to know about property accesses and calls. Whereas it + previously got this information by directly decoding the data structures used + by the old JIT for inline caching, it now uses these classes, which do the work + for it. This should make it somewhat more straight forward to introduce new + ways of profiling the same information. + + Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by + code in bytecode/. + + Making this work right involved carefully ensuring that the heuristics for + choosing how to handle property accesses was at least as good as what we had + before, since I completely restructured that code. Currently the performance + looks neutral. Since I rewrote the code I did change some things that I never + liked before, like previously if a put_bu_id had executed exactly once then + we'd compile it as if it had taken slow-path. Executing once is special because + then the inline cache is not baked in, so there is no information about how the + DFG should optimize the code. Now this is rationalized: if the put_by_id does + not offer enough information to be optimized (i.e. had executed 0 or 1 times) + then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id + still has the old behavior; I left it that way because I didn't want to make + too many changes at once. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CallLinkStatus.cpp: Added. + (JSC::CallLinkStatus::computeFor): + * bytecode/CallLinkStatus.h: Added. + (JSC::CallLinkStatus::CallLinkStatus): + (JSC::CallLinkStatus::isSet): + (JSC::CallLinkStatus::operator!): + (JSC::CallLinkStatus::couldTakeSlowPath): + (JSC::CallLinkStatus::callTarget): + * bytecode/GetByIdStatus.cpp: Added. + (JSC::GetByIdStatus::computeFor): + * bytecode/GetByIdStatus.h: Added. + (JSC::GetByIdStatus::GetByIdStatus): + (JSC::GetByIdStatus::state): + (JSC::GetByIdStatus::isSet): + (JSC::GetByIdStatus::operator!): + (JSC::GetByIdStatus::isSimpleDirect): + (JSC::GetByIdStatus::takesSlowPath): + (JSC::GetByIdStatus::makesCalls): + (JSC::GetByIdStatus::structureSet): + (JSC::GetByIdStatus::offset): + * bytecode/MethodCallLinkStatus.cpp: Added. + (JSC::MethodCallLinkStatus::computeFor): + * bytecode/MethodCallLinkStatus.h: Added. + (JSC::MethodCallLinkStatus::MethodCallLinkStatus): + (JSC::MethodCallLinkStatus::isSet): + (JSC::MethodCallLinkStatus::operator!): + (JSC::MethodCallLinkStatus::needsPrototypeCheck): + (JSC::MethodCallLinkStatus::structure): + (JSC::MethodCallLinkStatus::prototypeStructure): + (JSC::MethodCallLinkStatus::function): + (JSC::MethodCallLinkStatus::prototype): + * bytecode/PutByIdStatus.cpp: Added. + (JSC::PutByIdStatus::computeFor): + * bytecode/PutByIdStatus.h: Added. + (JSC::PutByIdStatus::PutByIdStatus): + (JSC::PutByIdStatus::state): + (JSC::PutByIdStatus::isSet): + (JSC::PutByIdStatus::operator!): + (JSC::PutByIdStatus::isSimpleReplace): + (JSC::PutByIdStatus::isSimpleTransition): + (JSC::PutByIdStatus::takesSlowPath): + (JSC::PutByIdStatus::oldStructure): + (JSC::PutByIdStatus::newStructure): + (JSC::PutByIdStatus::structureChain): + (JSC::PutByIdStatus::offset): + * bytecode/StructureSet.h: Added. + (JSC::StructureSet::StructureSet): + (JSC::StructureSet::clear): + (JSC::StructureSet::add): + (JSC::StructureSet::addAll): + (JSC::StructureSet::remove): + (JSC::StructureSet::contains): + (JSC::StructureSet::isSubsetOf): + (JSC::StructureSet::isSupersetOf): + (JSC::StructureSet::size): + (JSC::StructureSet::at): + (JSC::StructureSet::operator[]): + (JSC::StructureSet::last): + (JSC::StructureSet::predictionFromStructures): + (JSC::StructureSet::operator==): + (JSC::StructureSet::dump): + * dfg/DFGAbstractValue.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGStructureSet.h: Removed. + +2012-01-20 Filip Pizlo <fpizlo@apple.com> + + JIT compilation should not require ExecState + https://bugs.webkit.org/show_bug.cgi?id=76729 + <rdar://problem/10731545> + + Reviewed by Gavin Barraclough. + + Changed the relevant JIT driver functions to take JSGlobalData& instead of + ExecState*, since really they just needed the global data. + + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + (JSC::DFG::tryCompile): + (JSC::DFG::tryCompileFunction): + * dfg/DFGDriver.h: + (JSC::DFG::tryCompile): + (JSC::DFG::tryCompileFunction): + * jit/JITDriver.h: + (JSC::jitCompileIfAppropriate): + (JSC::jitCompileFunctionIfAppropriate): + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + +2012-01-20 David Levin <levin@chromium.org> + + Make OwnPtr<HDC> work for the Chromium Windows port. + https://bugs.webkit.org/show_bug.cgi?id=76738 + + Reviewed by Jian Li. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the + Chromium Windows build. + * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for + OwnPtr<HDC> and similar constructs. + +2012-01-19 Geoffrey Garen <ggaren@apple.com> + + Removed some regexp entry boilerplate code + https://bugs.webkit.org/show_bug.cgi?id=76687 + + Reviewed by Darin Adler. + + 1% - 2% speedup on regexp tests, no change overall. + + * runtime/RegExp.cpp: + (JSC::RegExp::match): + - ASSERT that our startIndex is non-negative, because anything less + would be uncivilized. + + - ASSERT that our input is not the null string for the same reason. + + - No need to test for startOffset being past the end of the string, + since the regular expression engine will do this test for us. + + - No need to initialize the output vector, since the regular expression + engine will fill it in for us. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::interpret): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::compile): + + RegExp used to do these jobs for us, but now we do them for ourselves + because it's a better separation of concerns, and the JIT can do them + more efficiently than C++ code: + + - Test for "past the end" before doing any matching -- otherwise + a* will match with zero length past the end of the string, which is wrong. + + - Initialize the output vector before doing any matching. + +2012-01-20 Filip Pizlo <fpizlo@apple.com> + + Build fix for no-DFG configuration. + Needed for <rdar://problem/10727689>. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitProfiledOpcode): + * jit/JIT.h: + (JSC::JIT::emitValueProfilingSite): + +2012-01-19 Filip Pizlo <fpizlo@apple.com> + + Bytecode instructions that may have value profiling should have a direct inline + link to the ValueProfile instance + https://bugs.webkit.org/show_bug.cgi?id=76682 + <rdar://problem/10727689> + + Reviewed by Sam Weinig. + + Each opcode that gets value profiled now has a link to its ValueProfile. This + required rationalizing the emission of value profiles for opcode combos, like + op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes + sense for one of them to have a value profile link, and it makes most sense + for it to be the one that actually sets the result. The previous behavior was + to have op_method_check profile for op_get_by_id when they were used together, + but otherwise for op_get_by_id to have its own profiles. op_call already did + the right thing; all profiling was done by op_call_put_result. + + But rationalizing this code required breaking some of the natural boundaries + that the code had; for instance the code in DFG that emits a GetById in place + of both op_method_check and op_get_by_id must now know that it's the latter of + those that has the value profile, while the first of those constitutes the OSR + target. Hence each CodeOrigin must now have two bytecode indices - one for + OSR exit and one for profiling. + + Finally this change required some refiddling of our optimization heuristics, + because now all code blocks have "more instructions" due to the value profile + slots. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::printGetByIdOp): + (JSC::CodeBlock::dump): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::valueProfileForBytecodeOffset): + * bytecode/CodeOrigin.h: + (JSC::CodeOrigin::CodeOrigin): + (JSC::CodeOrigin::bytecodeIndexForValueProfile): + * bytecode/Instruction.h: + (JSC::Instruction::Instruction): + * bytecode/Opcode.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitProfiledOpcode): + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitGetScopedVar): + (JSC::BytecodeGenerator::emitResolveBase): + (JSC::BytecodeGenerator::emitResolveBaseForPut): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitResolveWithThis): + (JSC::BytecodeGenerator::emitGetById): + (JSC::BytecodeGenerator::emitGetByVal): + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitCallVarargs): + (JSC::BytecodeGenerator::emitConstruct): + * bytecompiler/BytecodeGenerator.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::currentCodeOrigin): + (JSC::DFG::ByteCodeParser::addCall): + (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): + (JSC::DFG::ByteCodeParser::getPrediction): + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::valueProfileFor): + * jit/JIT.h: + (JSC::JIT::emitValueProfilingSite): + * jit/JITCall.cpp: + (JSC::JIT::emit_op_call_put_result): + * jit/JITCall32_64.cpp: + (JSC::JIT::emit_op_call_put_result): + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_resolve): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emit_op_resolve_global): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + (JSC::JIT::emitSlow_op_resolve_global_dynamic): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_resolve): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emit_op_resolve_global): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_get_by_val): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::emit_op_method_check): + (JSC::JIT::emitSlow_op_method_check): + (JSC::JIT::emit_op_get_by_id): + (JSC::JIT::emitSlow_op_get_by_id): + (JSC::JIT::emit_op_get_scoped_var): + (JSC::JIT::emit_op_get_global_var): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_method_check): + (JSC::JIT::emitSlow_op_method_check): + (JSC::JIT::emit_op_get_by_val): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::emit_op_get_by_id): + (JSC::JIT::emitSlow_op_get_by_id): + (JSC::JIT::emit_op_get_scoped_var): + (JSC::JIT::emit_op_get_global_var): + * jit/JITStubCall.h: + (JSC::JITStubCall::callWithValueProfiling): + * runtime/Options.cpp: + (JSC::Options::initializeOptions): + +2012-01-20 ChangSeok Oh <shivamidow@gmail.com> + + undefined reference to symbol eina_module_free + https://bugs.webkit.org/show_bug.cgi?id=76681 + + Reviewed by Martin Robinson. + + eina_module_free has been used without including eina libraries after r104936. + + * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES. + +2012-01-19 Tony Chang <tony@chromium.org> + + [chromium] Remove an obsolete comment about features.gypi + https://bugs.webkit.org/show_bug.cgi?id=76643 + + There can be only one features.gypi. + + Reviewed by James Robinson. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2012-01-19 Geoffrey Garen <ggaren@apple.com> + + Implicit creation of a regular expression should eagerly check for syntax errors + https://bugs.webkit.org/show_bug.cgi?id=76642 + + Reviewed by Oliver Hunt. + + This is a correctness fix and a slight optimization. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): Check for syntax errors because that's the + correct behavior. + + * runtime/RegExp.cpp: + (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line + of code change, many lines of indentation change.) + + Since we have no clients that try to match a RegExp that is a syntax error, + let's optimize out the check. + +2012-01-19 Mark Hahnenberg <mhahnenberg@apple.com> + + Implement a new allocator for backing stores + https://bugs.webkit.org/show_bug.cgi?id=75181 + + Reviewed by Filip Pizlo. + + We want to move away from using fastMalloc for the backing stores for + some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing + stores have a nice property in that they only have a single owner (i.e. a + single pointer to them at any one time). One way that we can take advantage + of this property is to implement a simple bump allocator/copying collector, + which will run alongside our normal mark/sweep collector, that only needs to + update the single owner pointer rather than having to redirect an arbitrary + number of pointers in from-space to to-space. + + This plan can give us a number of benefits. We can beat fastMalloc in terms + of both performance and memory usage, we can track how much memory we're using + far more accurately than our rough estimation now through the use of + reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed + to being limited to size classes like we have been historically). This is also + another step toward moving away from lazy destruction, which will improve our memory footprint. + + We start by creating said allocator and moving the ArrayStorage for JSArray + to use it rather than fastMalloc. + + The design of the collector is as follows: + Allocation: + -The collector allocates 64KB chunks from the OS to use for object allocation. + -Each chunk contains an offset, a flag indicating if the block has been pinned, + and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists. + -Any allocation greater than 64KB gets its own separate oversize block, which + is managed separately from the rest. + -If the allocator receives a request for more than the remaining amount in the + current block, it grabs a fresh block. + -Grabbing a fresh block means grabbing one off of the global free list (which is now + shared between the mark/sweep allocator and the bump allocator) if there is one. + If there isn't a new one we do one of two things: allocate a new block from the OS + if we're not ready for a GC yet, or run a GC and then try again. If we still don't + have enough space after the GC, we allocate a new block from the OS. + + Garbage collection: + -At the start of garbage collection during conservative stack scanning, if we encounter + what appears to be a pointer to a bump-allocated block of memory, we pin that block so + that it will not be copied for this round of collection. + -We also pin any oversize blocks that we encounter, which effectively doubles as a + "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying + are given back to the OS. + -Marking threads are now also responsible for copying bump-allocated objects to newSpace + -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters. + -When that block fills up, the marking thread gives it back to the allocator and requests a new one. + -When all marking has concluded, each thread gives back its copy block, even if it isn't full. + -At the conclusion of copying (which is done by the end of the marking phase), we un-pin + any pinned blocks and give any blocks left in from-space to the global free list. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * heap/AllocationSpace.cpp: + (JSC::AllocationSpace::allocateSlowCase): + (JSC::AllocationSpace::allocateBlock): + (JSC::AllocationSpace::freeBlocks): + * heap/AllocationSpace.h: + (JSC::AllocationSpace::waterMark): + * heap/BumpBlock.h: Added. + (JSC::BumpBlock::BumpBlock): + * heap/BumpSpace.cpp: Added. + (JSC::BumpSpace::tryAllocateSlowCase): + * heap/BumpSpace.h: Added. + (JSC::BumpSpace::isInCopyPhase): + (JSC::BumpSpace::totalMemoryAllocated): + (JSC::BumpSpace::totalMemoryUtilized): + * heap/BumpSpaceInlineMethods.h: Added. + (JSC::BumpSpace::BumpSpace): + (JSC::BumpSpace::init): + (JSC::BumpSpace::contains): + (JSC::BumpSpace::pin): + (JSC::BumpSpace::startedCopying): + (JSC::BumpSpace::doneCopying): + (JSC::BumpSpace::doneFillingBlock): + (JSC::BumpSpace::recycleBlock): + (JSC::BumpSpace::getFreshBlock): + (JSC::BumpSpace::borrowBlock): + (JSC::BumpSpace::addNewBlock): + (JSC::BumpSpace::allocateNewBlock): + (JSC::BumpSpace::fitsInBlock): + (JSC::BumpSpace::fitsInCurrentBlock): + (JSC::BumpSpace::tryAllocate): + (JSC::BumpSpace::tryAllocateOversize): + (JSC::BumpSpace::allocateFromBlock): + (JSC::BumpSpace::tryReallocate): + (JSC::BumpSpace::tryReallocateOversize): + (JSC::BumpSpace::isOversize): + (JSC::BumpSpace::isPinned): + (JSC::BumpSpace::oversizeBlockFor): + (JSC::BumpSpace::blockFor): + * heap/ConservativeRoots.cpp: + (JSC::ConservativeRoots::ConservativeRoots): + (JSC::ConservativeRoots::genericAddPointer): + (JSC::ConservativeRoots::add): + * heap/ConservativeRoots.h: + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::blockFreeingThreadMain): + (JSC::Heap::reportExtraMemoryCostSlowCase): + (JSC::Heap::getConservativeRegisterRoots): + (JSC::Heap::markRoots): + (JSC::Heap::collect): + (JSC::Heap::releaseFreeBlocks): + * heap/Heap.h: + (JSC::Heap::waterMark): + (JSC::Heap::highWaterMark): + (JSC::Heap::setHighWaterMark): + (JSC::Heap::tryAllocateStorage): + (JSC::Heap::tryReallocateStorage): + * heap/HeapBlock.h: Added. + (JSC::HeapBlock::HeapBlock): + * heap/MarkStack.cpp: + (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): + (JSC::SlotVisitor::drain): + (JSC::SlotVisitor::drainFromShared): + (JSC::SlotVisitor::startCopying): + (JSC::SlotVisitor::allocateNewSpace): + (JSC::SlotVisitor::copy): + (JSC::SlotVisitor::copyAndAppend): + (JSC::SlotVisitor::doneCopying): + * heap/MarkStack.h: + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::recycle): + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedBlock.h: + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + * heap/MarkedSpace.h: + (JSC::MarkedSpace::allocate): + (JSC::MarkedSpace::forEachBlock): + (JSC::MarkedSpace::SizeClass::resetAllocator): + * heap/SlotVisitor.h: + (JSC::SlotVisitor::SlotVisitor): + * heap/TinyBloomFilter.h: + (JSC::TinyBloomFilter::reset): + * runtime/JSArray.cpp: + (JSC::JSArray::JSArray): + (JSC::JSArray::finishCreation): + (JSC::JSArray::tryFinishCreationUninitialized): + (JSC::JSArray::~JSArray): + (JSC::JSArray::enterSparseMode): + (JSC::JSArray::defineOwnNumericProperty): + (JSC::JSArray::setLengthWritable): + (JSC::JSArray::getOwnPropertySlotByIndex): + (JSC::JSArray::getOwnPropertyDescriptor): + (JSC::JSArray::putByIndexBeyondVectorLength): + (JSC::JSArray::deletePropertyByIndex): + (JSC::JSArray::getOwnPropertyNames): + (JSC::JSArray::increaseVectorLength): + (JSC::JSArray::unshiftCountSlowCase): + (JSC::JSArray::setLength): + (JSC::JSArray::pop): + (JSC::JSArray::unshiftCount): + (JSC::JSArray::visitChildren): + (JSC::JSArray::sortNumeric): + (JSC::JSArray::sort): + (JSC::JSArray::compactForSorting): + (JSC::JSArray::subclassData): + (JSC::JSArray::setSubclassData): + (JSC::JSArray::checkConsistency): + * runtime/JSArray.h: + (JSC::JSArray::inSparseMode): + (JSC::JSArray::isLengthWritable): + * wtf/CheckedBoolean.h: Added. + (CheckedBoolean::CheckedBoolean): + (CheckedBoolean::~CheckedBoolean): + (CheckedBoolean::operator bool): + * wtf/DoublyLinkedList.h: + (WTF::::push): + * wtf/StdLibExtras.h: + (WTF::isPointerAligned): + +2012-01-19 Joi Sigurdsson <joi@chromium.org> + + Enable use of precompiled headers in Chromium port on Windows. + + Bug 76381 - Use precompiled headers in Chromium port on Windows + https://bugs.webkit.org/show_bug.cgi?id=76381 + + Reviewed by Tony Chang. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi. + +2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu> + + Cross-platform processor core counter fix + https://bugs.webkit.org/show_bug.cgi?id=76540 + + Reviewed by Zoltan Herczeg. + + I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)" + and I removed the OS checking macros from ParallelJobsGeneric.cpp because + the NumberOfCores.cpp contains them for counting CPU cores. + The processor core counter patch located at + https://bugs.webkit.org/show_bug.cgi?id=76530 + + * wtf/NumberOfCores.cpp: + * wtf/ParallelJobsGeneric.cpp: + +2012-01-18 Csaba Osztrogonác <ossy@webkit.org> + + Cross-platform processor core counter + https://bugs.webkit.org/show_bug.cgi?id=76530 + + Unreviewed cross-MinGW buildfix after r105270. + + * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h. + +2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu> + + Cross-platform processor core counter + https://bugs.webkit.org/show_bug.cgi?id=76530 + + Reviewed by Zoltan Herczeg. + + Two files have been created that include the processor core counter function. + It used to be in ParallelJobsGeneric.h/cpp before. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/Options.cpp: + (JSC::Options::initializeOptions): + * wtf/CMakeLists.txt: + * wtf/NumberOfCores.cpp: Added. + (WTF::numberOfProcessorCores): + * wtf/NumberOfCores.h: Added. + * wtf/ParallelJobsGeneric.cpp: + (WTF::ParallelEnvironment::ParallelEnvironment): + * wtf/ParallelJobsGeneric.h: + +2012-01-18 Balazs Kelemen <kbalazs@webkit.org> + + [Qt] Consolidate layout test crash logging + https://bugs.webkit.org/show_bug.cgi?id=75088 + + Reviewed by Simon Hausmann. + + Move backtrace generating logic into WTFReportBacktrace + and add a way to deinstall signal handlers if we know + that we have already printed the backtrace. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/Assertions.cpp: + (WTFLogLocker::WTFReportBacktrace): + (WTFLogLocker::WTFSetCrashHook): + (WTFLogLocker::WTFInvokeCrashHook): + * wtf/Assertions.h: + +2012-01-17 Geoffrey Garen <ggaren@apple.com> + + Factored out some code into a helper function. + + I think this might help getting rid of omit-frame-pointer. + + Reviewed by Sam Weinig. + + No benchmark change. + + * runtime/StringPrototype.cpp: + (JSC::removeUsingRegExpSearch): Moved to here... + (JSC::replaceUsingRegExpSearch): ...from here. + +2012-01-17 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> + + Uint8ClampedArray support + https://bugs.webkit.org/show_bug.cgi?id=74455 + + Reviewed by Filip Pizlo. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + (JSC::predictionFromClassInfo): + * bytecode/PredictedType.h: + (JSC::isUint8ClampedArrayPrediction): + (JSC::isActionableMutableArrayPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::initialize): + (JSC::DFG::AbstractState::execute): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateUint8ClampedArray): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::clampDoubleToByte): + (JSC::DFG::compileClampIntegerToByte): + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSCell.h: + * runtime/JSGlobalData.h: + * wtf/Forward.h: + * wtf/Uint8Array.h: + * wtf/Uint8ClampedArray.h: Added. + (WTF::Uint8ClampedArray::set): + (WTF::Uint8ClampedArray::create): + (WTF::Uint8ClampedArray::Uint8ClampedArray): + (WTF::Uint8ClampedArray::subarray): + +2012-01-17 Sam Weinig <sam@webkit.org> + + Add helper macro for forward declaring objective-c classes + https://bugs.webkit.org/show_bug.cgi?id=76485 + + Reviewed by Anders Carlsson. + + * wtf/Compiler.h: + Add OBJC_CLASS macro which helps reduce code when forward declaring an + objective-c class in a header which can be included from both Objective-C + and non-Objective-C files. + +2012-01-17 Filip Pizlo <fpizlo@apple.com> + + DFG should be able to do JS and custom getter caching + https://bugs.webkit.org/show_bug.cgi?id=76361 + + Reviewed by Csaba Osztrogonác. + + Fix for 32-bit. + + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryBuildGetByIDList): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-01-15 Filip Pizlo <fpizlo@apple.com> + + DFG should be able to do JS and custom getter caching + https://bugs.webkit.org/show_bug.cgi?id=76361 + <rdar://problem/10698060> + + Reviewed by Geoff Garen. + + Added the ability to cache JS getter calls and custom getter calls in the DFG. + Most of this is pretty mundane, since the old JIT supported this functionality + as well. But a couple interesting things had to happen: + + - There are now two variants of GetById: GetById, which works as before, and + GetByIdFlush, which flushes registers prior to doing the GetById. Only + GetByIdFlush can be used for caching getters. We detect which GetById style + to use by looking at the inline caches of the old JIT. + + - Exception handling for getter calls planted in stubs uses a separate lookup + handler routine, which uses the CodeOrigin stored in the StructureStubInfo. + + This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of + the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and + Kraken. + + * bytecode/StructureStubInfo.h: + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::emitExceptionCheck): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::willNeedFlush): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCCallHelpers.h: + (JSC::DFG::CCallHelpers::setupResults): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): + (JSC::DFG::JITCompiler::addExceptionCheck): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasIdentifier): + (JSC::DFG::Node::hasHeapPrediction): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::tryBuildGetByIDList): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::compile): + +2012-01-16 Jon Lee <jonlee@apple.com> + + Build fix for r105086. + + * Configurations/FeatureDefines.xcconfig: + * wtf/Platform.h: + +2012-01-16 Jon Lee <jonlee@apple.com> + + Remove HTML notifications support on Mac + https://bugs.webkit.org/show_bug.cgi?id=76401 + <rdar://problem/10589881> + + Reviewed by Sam Weinig. + + * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro. + +2012-01-16 Zeno Albisser <zeno@webkit.org> + + [Qt] Fix QT_VERSION related warnings when building on Mac OS X + https://bugs.webkit.org/show_bug.cgi?id=76340 + + This bug was caused by r104826. + As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239 + we should not use "using namespace WebCore" in header files, + because it might cause ambiguous references. + This patch reverts the changes from r104826 and r104981 + and removes the "using namespace WebCore" statement from + two header files. + + Reviewed by Tor Arne Vestbø. + + * wtf/Platform.h: + +2012-01-16 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck. + + * GNUmakefile.list.am: Fix typo. + +2012-01-16 Pavel Heimlich <tropikhajma@gmail.com> + + Solaris Studio supports alignment macros too + https://bugs.webkit.org/show_bug.cgi?id=75453 + + Reviewed by Hajime Morita. + + * wtf/Alignment.h: + +2012-01-16 Yuqiang Xian <yuqiang.xian@intel.com> + + Build fix on 32bit if verbose debug is enabled in DFG + https://bugs.webkit.org/show_bug.cgi?id=76351 + + Reviewed by Hajime Morita. + + Mostly change "%lu" to "%zu" to print a "size_t" variable. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::endBasicBlock): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + +2012-01-15 Filip Pizlo <fpizlo@apple.com> + + The C calling convention logic in DFG::SpeculativeJIT should be available even + when not generating code for the DFG speculative path + https://bugs.webkit.org/show_bug.cgi?id=76355 + + Reviewed by Dan Bernstein. + + Moved all of the logic for placing C call arguments into the right place (stack + or registers) into a new class, DFG::CCallHelpers. This class inherits from + AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved + this code into AssemblyHelpers, but decided against it, because I wanted to + limit the number of methods each class in the JIT has. Hence now we have a + slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction + emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers + (understands calls to C functions) <= JITCompiler (can compile a graph to machine + code). Each of these except for JITCompiler can be reused for stub compilation. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGCCallHelpers.h: Added. + (JSC::DFG::CCallHelpers::CCallHelpers): + (JSC::DFG::CCallHelpers::resetCallArguments): + (JSC::DFG::CCallHelpers::addCallArgument): + (JSC::DFG::CCallHelpers::setupArguments): + (JSC::DFG::CCallHelpers::setupArgumentsExecState): + (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): + (JSC::DFG::CCallHelpers::setupTwoStubArgs): + (JSC::DFG::CCallHelpers::setupStubArguments): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::JITCompiler): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + +2012-01-15 Pablo Flouret <pablof@motorola.com> + + Fix compilation errors on build-webkit --debug --no-video on mac. + https://bugs.webkit.org/show_bug.cgi?id=75867 + + Reviewed by Philippe Normand. + + Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature + doesn't build without video. + + * wtf/Platform.h: + +2012-01-14 David Levin <levin@chromium.org> + + HWndDC should be in platform/win instead of wtf. + https://bugs.webkit.org/show_bug.cgi?id=76314 + + Reviewed by Sam Weinig. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + +2012-01-13 David Levin <levin@chromium.org> + + check-webkit-style: should encourage the use of Own* classes for Windows DC. + https://bugs.webkit.org/show_bug.cgi?id=76227 + + Reviewed by Dirk Pranke. + + * wtf/win/HWndDCWin.h: + (WTF::HwndDC::HwndDC): Add a way to do GetDCEx. + There are no users, but I want to catch this in check-webkit-style + and tell any users to use HwndDC to avoid leaks. + +2012-01-13 David Levin <levin@chromium.org> + + Header file is missing header guard. + + Reviewed by Dirk Pranke. + + * wtf/win/HWndDCWin.h: Added the guards. + +2012-01-13 Andy Wingo <wingo@igalia.com> + + Eval in strict mode does not need dynamic checks + https://bugs.webkit.org/show_bug.cgi?id=76286 + + Reviewed by Oliver Hunt. + + * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation): + Eval in strict mode cannot introduce variables, so it not impose + the need for dynamic checks. + +2012-01-13 David Levin <levin@chromium.org> + + HWndDC is a better name than HwndDC. + https://bugs.webkit.org/show_bug.cgi?id=76281 + + Reviewed by Darin Adler. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h. + (WTF::HWndDC::HWndDC): + (WTF::HWndDC::~HWndDC): + (WTF::HWndDC::operator HDC): + +2012-01-13 YoungTaeck Song <youngtaeck.song@samsung.com> + + [EFL] Add OwnPtr specialization for Eina_Module. + https://bugs.webkit.org/show_bug.cgi?id=76255 + + Reviewed by Andreas Kling. + + Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port. + + * wtf/OwnPtrCommon.h: + * wtf/efl/OwnPtrEfl.cpp: + (WTF::deleteOwnedPtr): + +2012-01-13 Yuqiang Xian <yuqiang.xian@intel.com> + + Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined + + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + +2012-01-12 Hajime Morrita <morrita@chromium.org> + + JavaScriptCore: Mark all exported symbols in the header file automatically. + https://bugs.webkit.org/show_bug.cgi?id=72855 + + Reviewed by Darin Adler. + + Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files. + The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables) + + * API/OpaqueJSString.h: + * bytecode/CodeBlock.h: + * bytecode/SamplingTool.h: + * debugger/Debugger.h: + * debugger/DebuggerActivation.h: + * debugger/DebuggerCallFrame.h: + * heap/AllocationSpace.h: + * heap/HandleHeap.h: + * heap/Heap.h: + * heap/MachineStackMarker.h: + * heap/MarkStack.h: + * heap/VTableSpectrum.h: + * heap/WriteBarrierSupport.h: + * parser/Nodes.h: + * parser/ParserArena.h: + * profiler/Profile.h: + * runtime/ArgList.h: + * runtime/CallData.h: + * runtime/Completion.h: + * runtime/ConstructData.h: + * runtime/DateInstance.h: + * runtime/Error.h: + * runtime/ExceptionHelpers.h: + * runtime/FunctionConstructor.h: + * runtime/Identifier.h: + * runtime/InitializeThreading.h: + * runtime/InternalFunction.h: + * runtime/JSArray.h: + * runtime/JSByteArray.h: + * runtime/JSCell.h: + * runtime/JSFunction.h: + * runtime/JSGlobalData.cpp: + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.h: + * runtime/JSGlobalThis.h: + * runtime/JSLock.h: + * runtime/JSObject.h: + * runtime/JSString.h: + * runtime/JSValue.h: + * runtime/JSVariableObject.h: + * runtime/Lookup.h: + * runtime/MemoryStatistics.h: + * runtime/ObjectPrototype.h: + * runtime/Options.h: + * runtime/PropertyDescriptor.h: + * runtime/PropertyNameArray.h: + * runtime/PropertySlot.h: + * runtime/RegExp.h: + * runtime/RegExpObject.h: + * runtime/SamplingCounter.h: + * runtime/SmallStrings.h: + * runtime/StringObject.h: + * runtime/Structure.h: + * runtime/TimeoutChecker.h: + * runtime/UString.h: + * runtime/WriteBarrier.h: + * wtf/ArrayBufferView.h: + * wtf/ByteArray.h: + * wtf/CryptographicallyRandomNumber.h: + * wtf/CurrentTime.h: + * wtf/DateMath.h: + * wtf/DecimalNumber.h: + * wtf/FastMalloc.cpp: + * wtf/FastMalloc.h: + * wtf/MD5.h: + * wtf/MainThread.h: + * wtf/MetaAllocator.h: + * wtf/MetaAllocatorHandle.h: + * wtf/OSAllocator.h: + * wtf/PageBlock.h: + * wtf/RandomNumber.h: + * wtf/RefCountedLeakCounter.h: + * wtf/SHA1.h: + * wtf/Threading.cpp: + * wtf/Threading.h: + * wtf/ThreadingPrimitives.h: + * wtf/WTFThreadData.h: + * wtf/dtoa.h: + * wtf/text/AtomicString.h: + * wtf/text/CString.h: + * wtf/text/StringBuilder.h: + * wtf/text/StringImpl.h: + * wtf/text/WTFString.h: + * wtf/unicode/Collator.h: + * wtf/unicode/UTF8.h: + * yarr/Yarr.h: + * yarr/YarrPattern.h: + +2012-01-12 MORITA Hajime <morrita@google.com> + + [Chromium] JSExportMacros.h should be visible. + https://bugs.webkit.org/show_bug.cgi?id=76147 + + Reviewed by Tony Chang. + + * config.h: + +2012-01-12 David Levin <levin@chromium.org> + + HwndDC is a better name than OwnGetDC. + https://bugs.webkit.org/show_bug.cgi?id=76235 + + Reviewed by Dmitry Titov. + + This is a better name for two reasons: + 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC). + 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr) + classes always take something to hold on to. In this case, the object (the DC) + is created by the class once it is given a Window to ensure that the HDC + was actually created using GetDC. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h. + (WTF::HwndDC::HwndDC): + (WTF::HwndDC::~HwndDC): + (WTF::HwndDC::operator HDC): + +2012-01-12 Gavin Barraclough <barraclough@apple.com> + + Clean up putDirect (part 2) + https://bugs.webkit.org/show_bug.cgi?id=76232 + + Reviewed by Sam Weinig. + + Rename putWithAttributes to putDirectVirtual, to identify that this + has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal + to be templated on an enum indicating which behaviour it is supposed to be + implementing, and change clients that are defining properties to call + putDirectInternal correctly. + + * API/JSObjectRef.cpp: + (JSObjectSetProperty): + * JavaScriptCore.exp: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::putDirectVirtual): + * debugger/DebuggerActivation.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + * runtime/ClassInfo.h: + * runtime/Error.cpp: + (JSC::addErrorInfo): + * runtime/JSActivation.cpp: + (JSC::JSActivation::putDirectVirtual): + * runtime/JSActivation.h: + * runtime/JSCell.cpp: + (JSC::JSCell::putDirectVirtual): + * runtime/JSCell.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::putDirectVirtual): + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC::JSObject::putDirectVirtual): + (JSC::JSObject::defineGetter): + (JSC::JSObject::initializeGetterSetterProperty): + (JSC::JSObject::defineSetter): + (JSC::putDescriptor): + * runtime/JSObject.h: + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putOwnDataProperty): + (JSC::JSObject::putDirect): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::putDirectVirtual): + * runtime/JSStaticScopeObject.h: + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::putDirectVirtual): + * runtime/JSVariableObject.h: + +2012-01-12 Gavin Barraclough <barraclough@apple.com> + + Clean up putDirect (part 1) + https://bugs.webkit.org/show_bug.cgi?id=76232 + + Reviewed by Sam Weinig. + + putDirect has ambiguous semantics, clean these up a bit. + + putDirect generally behaves a bit like a fast defineOwnProperty, but one that + always creates the property, with no checking to validate the put it permitted. + + It also encompasses two slightly different behaviors. + (1) a fast form of put for JSActivation, which doesn't have to handle searching + the prototype chain, getter/setter properties, or the magic __proto__ value. + Break this out as a new method, 'putOwnDataProperty'. + (2) the version of putDirect on JSValue will also check for overwriting ReadOnly + values, in strict mode. This is, however, not so smart on a few level, since + it is only called from op_put_by_id with direct set, which is only used with + an object as the base, and is only used to put new properties onto objects. + + * dfg/DFGOperations.cpp: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSActivation.cpp: + (JSC::JSActivation::put): + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertySlot): + * runtime/JSObject.h: + (JSC::JSObject::putOwnDataProperty): + * runtime/JSValue.h: + +2012-01-12 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=76141 + defineSetter/defineGetter may fail to update Accessor attribute + + Reviewed by Oliver Hunt. + + * runtime/JSObject.cpp: + (JSC::JSObject::defineGetter): + (JSC::JSObject::initializeGetterSetterProperty): + (JSC::JSObject::defineSetter): + * runtime/Structure.cpp: + (JSC::Structure::attributeChangeTransition): + * runtime/Structure.h: + +2012-01-12 David Levin <levin@chromium.org> + + [chromium] Fix DC leak in WebScreenInfoFactory. + https://bugs.webkit.org/show_bug.cgi?id=76203 + + Reviewed by Dmitry Titov. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h + * JavaScriptCore.gypi: Added OwnGetDCWin.h + * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC. + +2012-01-11 Gavin Barraclough <barraclough@apple.com> + + Allow accessor get/set property to be set to undefined + https://bugs.webkit.org/show_bug.cgi?id=76148 + + Reviewed by Oliver Hunt. + + AccessorDescriptor properties may have their get & set properties defined to reference a function + (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor + (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of + three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object). + + On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and + any JSObject* (with a constraint that this must be callable). + + Logically the get/set property of an accessor descriptor on an object might be in any of the three + states above, but in practice there is no way to distinguish between the first two states. As such + we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or + undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value. + + * runtime/GetterSetter.h: + (JSC::GetterSetter::setGetter): + (JSC::GetterSetter::setSetter): + - Allow the getter/setter to be cleared. + * runtime/JSArray.cpp: + (JSC::JSArray::putDescriptor): + - Changed to call getterObject/setterObject. + (JSC::JSArray::defineOwnNumericProperty): + - Added ASSERT. + * runtime/JSObject.cpp: + (JSC::putDescriptor): + (JSC::JSObject::defineOwnProperty): + - Changed to call getterObject/setterObject. + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorGetOwnPropertyDescriptor): + - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'. + (JSC::toPropertyDescriptor): + - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined. + * runtime/PropertyDescriptor.cpp: + (JSC::PropertyDescriptor::getterObject): + (JSC::PropertyDescriptor::setterObject): + - Accessors to convert the get/set property to an object pointer, converting undefined to 0. + (JSC::PropertyDescriptor::setDescriptor): + (JSC::PropertyDescriptor::setAccessorDescriptor): + - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present. + * runtime/PropertyDescriptor.h: + - Declare getterObject/setterObject. + +2012-01-12 Zeno Albisser <zeno@webkit.org> + + [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560. + https://bugs.webkit.org/show_bug.cgi?id=76175 + + Defining ENABLE_CSS_FILTERS leads to ambiguous references + due to MacTypes.h being included. + Defining CF_OPEN_SOURCE works around this problem. + + Reviewed by Simon Hausmann. + + * wtf/Platform.h: + +2012-01-12 Simon Hausmann <simon.hausmann@nokia.com> + + Make the new WTF module build on Qt + https://bugs.webkit.org/show_bug.cgi?id=76163 + + Reviewed by Tor Arne Vestbø. + + * JavaScriptCore.pro: Removed wtf from the subdirs to build. + +2012-01-11 Filip Pizlo <fpizlo@apple.com> + + CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter + https://bugs.webkit.org/show_bug.cgi?id=76144 + <rdar://problem/10681711> + + Rubber stamped by Gavin Barraclough. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addressOfJITExecuteCounter): + (JSC::CodeBlock::offsetOfJITExecuteCounter): + (JSC::CodeBlock::jitExecuteCounter): + (JSC::CodeBlock::optimizeNextInvocation): + (JSC::CodeBlock::dontOptimizeAnytimeSoon): + (JSC::CodeBlock::optimizeAfterWarmUp): + (JSC::CodeBlock::optimizeAfterLongWarmUp): + (JSC::CodeBlock::optimizeSoon): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + +2012-01-11 Gavin Barraclough <barraclough@apple.com> + + Merge 'Getter'/'Setter' attributes into 'Accessor' + https://bugs.webkit.org/show_bug.cgi?id=76141 + + Reviewed by Filip Pizlo. + + These are currently ambiguous (and used inconsistently). It would logically appear + that either being bit set implies that the corresponding type of accessor is present + but (a) we don't correctly enforce this, and (b) this means the attributes would not + be able to distinguish between a data descriptor and an accessor descriptor with + neither a getter nor setter defined (which is a descriptor permissible under the spec). + This ambiguity would lead to unsafe property caching behavior (though this does not + represent an actual current bug, since we are currently unable to create descriptors + that have neither a getter nor setter, it just prevents us from doing so). + + * runtime/Arguments.cpp: + (JSC::Arguments::createStrictModeCallerIfNecessary): + (JSC::Arguments::createStrictModeCalleeIfNecessary): + * runtime/JSArray.cpp: + (JSC::SparseArrayValueMap::put): + (JSC::JSArray::putDescriptor): + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::finishCreation): + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertySlot): + (JSC::JSFunction::getOwnPropertyDescriptor): + * runtime/JSObject.cpp: + (JSC::JSObject::defineGetter): + (JSC::JSObject::initializeGetterSetterProperty): + (JSC::JSObject::defineSetter): + (JSC::putDescriptor): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorDefineProperty): + * runtime/PropertyDescriptor.cpp: + (JSC::PropertyDescriptor::setDescriptor): + (JSC::PropertyDescriptor::setAccessorDescriptor): + (JSC::PropertyDescriptor::setSetter): + (JSC::PropertyDescriptor::setGetter): + (JSC::PropertyDescriptor::attributesOverridingCurrent): + +2012-01-11 Gavin Barraclough <barraclough@apple.com> + + Object.defineProperty([], 'length', {}) should not make length read-only + https://bugs.webkit.org/show_bug.cgi?id=76097 + + Reviewed by Oliver Hunt. + + * runtime/JSArray.cpp: + (JSC::JSArray::defineOwnProperty): + - We should be checking writablePresent(). + +2012-01-11 Filip Pizlo <fpizlo@apple.com> + + Code duplication for invoking the JIT and DFG should be reduced + https://bugs.webkit.org/show_bug.cgi?id=76117 + <rdar://problem/10680189> + + Rubber stamped by Geoff Garen. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * jit/JITDriver.h: Added. + (JSC::jitCompileIfAppropriate): + (JSC::jitCompileFunctionIfAppropriate): + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + +2012-01-11 Geoffrey Garen <ggaren@apple.com> + + Bytecode dumping is broken for call opcodes (due to two new operands) + https://bugs.webkit.org/show_bug.cgi?id=75886 + + Reviewed by Oliver Hunt. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have + to fix this more than once. The helper function skips the extra two operands + at the end of the opcode, used for optimization. + + (JSC::CodeBlock::dump): Used the helper function. + + * bytecode/CodeBlock.h: Declared the helper function. + +2012-01-09 Geoffrey Garen <ggaren@apple.com> + + REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken) + https://bugs.webkit.org/show_bug.cgi?id=75911 + + * bytecompiler/BytecodeGenerator.h: + (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to + explicitly cast to our return type in C++. + + * bytecompiler/NodesCodegen.cpp: + (JSC::FunctionCallResolveNode::emitBytecode): + (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function + into a temporary register before evaluating our arguments, since argument + evaluation might include function calls or assignments that overwrite our callee by name. + +2012-01-11 Michael Saboff <msaboff@apple.com> + + v8-regexp spends 35% of its time allocating and copying internal regexp results data + https://bugs.webkit.org/show_bug.cgi?id=76079 + + Reviewed by Geoffrey Garen. + + Added a new RegExpResults struct that has the input string, the number of + subexpressions and the output vector. Changed RegExpConstructor to + include a RegExpConstructorPrivate instead of having a reference to one. + Changed RegExpMatchesArray to include a RegExpResults instead of a + reference to a RegExpConstructorPrivate. Created an overloaded assignment + operator to assign a RegExpConstructorPrivate to a RegExpResults. + Collectively this change is worth 24% performance improvement to v8-regexp. + + * runtime/RegExpConstructor.cpp: + (JSC::RegExpResult::operator=): + (JSC::RegExpConstructor::RegExpConstructor): + (JSC::RegExpMatchesArray::RegExpMatchesArray): + (JSC::RegExpMatchesArray::finishCreation): + (JSC::RegExpMatchesArray::~RegExpMatchesArray): + (JSC::RegExpMatchesArray::fillArrayInstance): + (JSC::RegExpConstructor::arrayOfMatches): + (JSC::RegExpConstructor::getBackref): + (JSC::RegExpConstructor::getLastParen): + (JSC::RegExpConstructor::getLeftContext): + (JSC::RegExpConstructor::getRightContext): + (JSC::RegExpConstructor::setInput): + (JSC::RegExpConstructor::input): + (JSC::RegExpConstructor::setMultiline): + (JSC::RegExpConstructor::multiline): + * runtime/RegExpConstructor.h: + (JSC::RegExpResult::RegExpResult): + (JSC::RegExpConstructor::performMatch): + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::create): + (JSC::RegExpMatchesArray::getOwnPropertySlot): + (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): + (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): + (JSC::RegExpMatchesArray::put): + (JSC::RegExpMatchesArray::putByIndex): + (JSC::RegExpMatchesArray::deleteProperty): + (JSC::RegExpMatchesArray::deletePropertyByIndex): + (JSC::RegExpMatchesArray::getOwnPropertyNames): + +2012-01-11 Eugene Girard <girard@google.com> + + Typo in error message: Unexpected token 'defualt' + https://bugs.webkit.org/show_bug.cgi?id=75105 + + Reviewed by Simon Fraser. + + * parser/Parser.h: + (JSC::Parser::getTokenName): + +2012-01-11 Anders Carlsson <andersca@apple.com> + + Assertion failure in JSC::allocateCell trying to allocate a JSString + https://bugs.webkit.org/show_bug.cgi?id=76101 + + Reviewed by Adam Roben. + + Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and + export them explicitly using the JS_EXPORTDATA macro. + + member variables explicitly using + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/Executable.h: + * runtime/JSString.h: + +2012-01-10 Mark Rowe <mrowe@apple.com> + + <rdar://problem/10673792> jsc should install directly in to versioned Resources subfolder + + This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT + as JavaScriptCore.framework or in to a different one. + + Rubber-stamped by Dan Bernstein. + + * Configurations/JSC.xcconfig: Update INSTALL_PATH. + +2012-01-10 Filip Pizlo <fpizlo@apple.com> + + DFG inlining block linking compares BlockIndex against bytecode index + https://bugs.webkit.org/show_bug.cgi?id=76018 + <rdar://problem/10671979> + + Reviewed by Gavin Barraclough. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseCodeBlock): + +2012-01-10 Filip Pizlo <fpizlo@apple.com> + + CodeBlock.h declares too many things + https://bugs.webkit.org/show_bug.cgi?id=76001 + + Rubber stamped by Gavin Barraclough. + + Removed all non-CodeBlock type declarations from CodeBlock.h, and put them + into separate header files. Also removed all non-CodeBlock method implementations + from CodeBlock.cpp and put them into corresponding cpp files. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * assembler/RepatchBuffer.h: + * bytecode/CallLinkInfo.cpp: Added. + (JSC::CallLinkInfo::unlink): + * bytecode/CallLinkInfo.h: Added. + (JSC::CallLinkInfo::callTypeFor): + (JSC::CallLinkInfo::CallLinkInfo): + (JSC::CallLinkInfo::~CallLinkInfo): + (JSC::CallLinkInfo::isLinked): + (JSC::CallLinkInfo::seenOnce): + (JSC::CallLinkInfo::setSeen): + (JSC::getCallLinkInfoReturnLocation): + (JSC::getCallLinkInfoBytecodeIndex): + * bytecode/CallReturnOffsetToBytecodeOffset.h: Added. + (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset): + (JSC::getCallReturnOffset): + * bytecode/CodeBlock.cpp: + * bytecode/CodeBlock.h: + * bytecode/CodeType.h: Added. + * bytecode/ExpressionRangeInfo.h: Added. + * bytecode/GlobalResolveInfo.h: Added. + (JSC::GlobalResolveInfo::GlobalResolveInfo): + * bytecode/HandlerInfo.h: Added. + * bytecode/LineInfo.h: Added. + * bytecode/MethodCallLinkInfo.cpp: Added. + (JSC::MethodCallLinkInfo::reset): + * bytecode/MethodCallLinkInfo.h: Added. + (JSC::MethodCallLinkInfo::MethodCallLinkInfo): + (JSC::MethodCallLinkInfo::seenOnce): + (JSC::MethodCallLinkInfo::setSeen): + (JSC::getMethodCallLinkInfoReturnLocation): + (JSC::getMethodCallLinkInfoBytecodeIndex): + * bytecode/StructureStubInfo.h: + (JSC::getStructureStubInfoReturnLocation): + (JSC::getStructureStubInfoBytecodeIndex): + +2012-01-10 Anders Carlsson <andersca@apple.com> + + Hang opening movie that requires authentication + https://bugs.webkit.org/show_bug.cgi?id=75989 + <rdar://problem/9601915> + + Reviewed by Sam Weinig. + + * wtf/Functional.h: + Add function wrapper for a function that takes three parameters. + +2012-01-10 Filip Pizlo <fpizlo@apple.com> + + CodeBlock::m_numParameters should be encapsulated + https://bugs.webkit.org/show_bug.cgi?id=75985 + <rdar://problem/10671020> + + Reviewed by Oliver Hunt. + + Encapsulated CodeBlock::m_numParameters and hooked argument profile creation + into it. This appears to be performance neutral. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::setNumParameters): + (JSC::CodeBlock::addParameter): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::numParameters): + (JSC::CodeBlock::addressOfNumParameters): + (JSC::CodeBlock::offsetOfNumParameters): + (JSC::CodeBlock::numberOfArgumentValueProfiles): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + (JSC::BytecodeGenerator::addParameter): + (JSC::BytecodeGenerator::emitReturn): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::AbstractState): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::slideRegisterWindowForCall): + (JSC::Interpreter::dumpRegisters): + (JSC::Interpreter::execute): + (JSC::Interpreter::prepareForRepeatCall): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JITStubs.cpp: + (JSC::arityCheckFor): + (JSC::lazyLinkFor): + * runtime/Executable.cpp: + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + +2012-01-10 Gavin Barraclough <barraclough@apple.com> + + Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935 + + Fix 32-bit builds. + + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertyNames): + (JSC::JSArray::setLength): + +2012-01-10 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-01-10 Gavin Barraclough <barraclough@apple.com> + + Do not allow Array length to be set if it is non-configurable + https://bugs.webkit.org/show_bug.cgi?id=75935 + + Reviewed by Sam Weinig. + + Do not allow Array length to be set if it is non-configurable, and if the new + length is less than the old length then intervening properties should removed + in reverse order. Removal of properties should cease if an intervening indexed + property being removed is non-configurable. + + * JavaScriptCore.exp: + - Removed export for setLength. + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncConcat): + - JSArray::setLength now takes an ExecState* + (JSC::arrayProtoFuncSlice): + - JSArray::setLength now takes an ExecState* + * runtime/JSArray.cpp: + (JSC::JSArray::defineOwnProperty): + - JSArray::setLength now takes an ExecState* + (JSC::JSArray::put): + - JSArray::setLength now takes an ExecState* + (JSC::compareKeysForQSort): + - Keys extracted from the map can be stored as unsigneds. + (JSC::JSArray::getOwnPropertyNames): + - Keys extracted from the map can be stored as unsigneds. + (JSC::JSArray::setLength): + - Check lengthIsReadOnly(), rather than copying the entire map to iterate + over to determine which keys to remove, instead just copy the keys from + the map to a Vector. When inSparseMode sort the keys in the Vector so + that we can remove properties in reverse order. + * runtime/JSArray.h: + - JSArray::setLength now takes an ExecState* + +2012-01-10 Gavin Barraclough <barraclough@apple.com> + + Use SameValue to compare property descriptor values + https://bugs.webkit.org/show_bug.cgi?id=75975 + + Reviewed by Sam Weinig. + + Rather than strictEqual. + + * runtime/JSArray.cpp: + (JSC::JSArray::defineOwnNumericProperty): + - Missing configurablePresent() check. + * runtime/JSObject.cpp: + (JSC::JSObject::defineOwnProperty): + - call sameValue. + * runtime/PropertyDescriptor.cpp: + (JSC::sameValue): + - Moved from JSArray.cpp, fix NaN comparison. + (JSC::PropertyDescriptor::equalTo): + - call sameValue. + * runtime/PropertyDescriptor.h: + - Added declaration for sameValue. +2012-01-09 Gavin Barraclough <barraclough@apple.com> + + Error handling : in ISO8601 timezone + https://bugs.webkit.org/show_bug.cgi?id=75919 + + Reviewed by Sam Weinig. + + * wtf/DateMath.cpp: + (WTF::parseDateFromNullTerminatedCharacters): + - need to increment the string position. + +2012-01-09 Mark Rowe <mrowe@apple.com> + + JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target + <http://webkit.org/b/75907> / <rdar://problem/10659862> + + We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit + dependencies prevent this. + + Reviewed by Dan Bernstein. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2012-01-09 Adam Treat <atreat@rim.com> + + Log is a little to verbose for blackberry port + https://bugs.webkit.org/show_bug.cgi?id=75728 + + The BlackBerry::Platform::Log* functions take care of the call to vfprintf + which is resulting in unintentional noise in our logs. Add a conditional + directive to fix. + + Change to using BlackBerry::Platform::logStreamV which does not insert + threading info and newlines unlike BlackBerry::Platform::log. + + Finally, add log locking and unlocking which the BlackBerry platform + uses to ensure that N threads do not trample on each other's logs. + + Reviewed by Rob Buis. + + * wtf/Assertions.cpp: + (WTFLogLocker::WTFReportAssertionFailure): + (WTFLogLocker::WTFReportAssertionFailureWithMessage): + (WTFLogLocker::WTFReportArgumentAssertionFailure): + (WTFLogLocker::WTFReportFatalError): + (WTFLogLocker::WTFReportError): + (WTFLogLocker::WTFLog): + (WTFLogLocker::WTFLogVerbose): + +2012-01-09 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75789 + defineOwnProperty not implemented for Array objects + + Reviewed by Sam Weinig. + + Implements support for getter/setter & non-default attribute properties on arrays, + by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262 + test failures. + + * JavaScriptCore.exp: + - Updated exports. + * dfg/DFGOperations.cpp: + - JSArray::pop now requires an exec state. + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncPop): + - JSArray::pop now requires an exec state. + * runtime/JSArray.cpp: + (JSC::SparseArrayValueMap::add): + - Add a potentially empty entry into the map. + (JSC::SparseArrayValueMap::put): + - Changed to call setter. + (JSC::SparseArrayEntry::get): + - calls getters. + (JSC::SparseArrayEntry::getNonSparseMode): + - does not call getters. + (JSC::JSArray::enterSparseMode): + - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated. + (JSC::JSArray::putDescriptor): + - Create a numeric property based on a descriptor. + (JSC::sameValue): + - See ES5.1 9.12. + (JSC::reject): + - Helper for the [[DefineOwnProperty]] algorithm. + (JSC::JSArray::defineOwnNumericProperty): + - Define an indexed property on an array object. + (JSC::JSArray::setLengthWritable): + - Marks the length read-only, enters SparseMode as necessary. + (JSC::JSArray::defineOwnProperty): + - Defines either an indexed property or 'length' on an array object. + (JSC::JSArray::getOwnPropertySlotByIndex): + - Updated to correctly handle accessor descriptors & attributes. + (JSC::JSArray::getOwnPropertyDescriptor): + - Updated to correctly handle accessor descriptors & attributes. + (JSC::JSArray::put): + - Pass strict mode flag to setLength. + (JSC::JSArray::putByIndex): + - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. + (JSC::JSArray::putByIndexBeyondVectorLength): + - Pass exec to SparseArrayValueMap::put. + (JSC::JSArray::deletePropertyByIndex): + - Do not allow deletion of non-configurable properties. + (JSC::compareKeysForQSort): + - used in implementation of getOwnPropertyNames. + (JSC::JSArray::getOwnPropertyNames): + - Properties in the sparse map should be iterated in order. + (JSC::JSArray::setLength): + - Updated to take a 'shouldThrow' flag, return a result indicating error. + (JSC::JSArray::pop): + - pop should throw an error if length is not writable, even if the array is empty. + (JSC::JSArray::push): + - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. + (JSC::JSArray::sort): + - Changed 'get' to 'getNonSparseMode' (can't be getters to call). + (JSC::JSArray::compactForSorting): + - Changed 'get' to 'getNonSparseMode' (can't be getters to call). + * runtime/JSArray.h: + (JSC::SparseArrayValueMap::lengthIsReadOnly): + - Check if the length is read only. + (JSC::SparseArrayValueMap::setLengthIsReadOnly): + - Mark the length as read only. + (JSC::SparseArrayValueMap::find): + - Moved into header. + (JSC::JSArray::isLengthWritable): + - Wraps SparseArrayValueMap::lengthIsReadOnly. + * runtime/JSObject.cpp: + (JSC::JSObject::defineOwnProperty): + - Should be returning the result of putDescriptor. + * runtime/PropertyDescriptor.cpp: + (JSC::PropertyDescriptor::attributesOverridingCurrent): + - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride. + * runtime/PropertyDescriptor.h: + - Added attributesOverridingCurrent. + +2012-01-09 Pavel Heimlich <tropikhajma@gmail.com> + + There is no support for fastcall in Solaris Studio. + Fixes build on Solaris. + https://bugs.webkit.org/show_bug.cgi?id=75736 + + Reviewed by Gavin Barraclough. + + * jit/JITStubs.h: + +2012-01-09 Pavel Heimlich <tropikhajma@gmail.com> + + Fix build failure on Solaris + https://bugs.webkit.org/show_bug.cgi?id=75733 + + Reviewed by Gavin Barraclough. + + * wtf/ByteArray.h: + +2012-01-01 Raphael Kubo da Costa <kubo@profusion.mobi> + + [CMake] Clean up some cruft from WTF's CMakeLists.txt + https://bugs.webkit.org/show_bug.cgi?id=75420 + + Reviewed by Daniel Bates. + + * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add + all needed paths to WTF_INCLUDE_DIRECTORIES in a single place. + +2012-01-08 Xianzhu Wang <wangxianzhu@chromium.org> + + Fix compilation error about ListHashSetReverseIterator + https://bugs.webkit.org/show_bug.cgi?id=75372 + + Reviewed by Darin Adler. + + There is a typo in class ListHashSetReverseIterator: + typedef ListHashSetConstIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator; + Should be + typedef ListHashSetConstReverseIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator; + + * wtf/ListHashSet.h: + +2012-01-08 Ryosuke Niwa <rniwa@webkit.org> + + WinCE build fix after r104415. + + * jit/JITExceptions.cpp: + * jit/JITExceptions.h: + +2012-01-08 Filip Pizlo <fpizlo@apple.com> + + The JIT's protocol for exception handling should be available to other parts of the system + https://bugs.webkit.org/show_bug.cgi?id=75808 + <rdar://problem/10661025> + + Reviewed by Oliver Hunt. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * jit/JITExceptions.cpp: Added. + (JSC::genericThrow): + (JSC::jitThrow): + * jit/JITExceptions.h: Added. + * jit/JITStubs.cpp: + * runtime/JSGlobalData.h: + +2012-01-06 Hajime Morrita <morrita@chromium.org> + + https://bugs.webkit.org/show_bug.cgi?id=75296 + JSString should not have JS_EXPORTCLASS annotation + + Reviewed by Kevin Ollivier. + + * runtime/JSString.h: Removed JS_EXPORTCLASS annotation. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Added missing symbols which were hidden by JS_EXPORTCLASS. + +2012-01-06 Michael Saboff <msaboff@apple.com> + + JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound() + https://bugs.webkit.org/show_bug.cgi?id=75757 + + Reviewed by Gavin Barraclough. + + * runtime/JSArray.cpp: + (JSC::JSArray::pop): Changed map->end() to map->notFound(). + +2012-01-06 Filip Pizlo <fpizlo@apple.com> + + JIT stub slow paths that would be identical to that of an interpreter should be factored out + https://bugs.webkit.org/show_bug.cgi?id=75743 + <rdar://problem/10657024> + + Reviewed by Geoff Garen. + + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/CommonSlowPaths.h: Added. + (JSC::CommonSlowPaths::opInstanceOfSlow): + (JSC::CommonSlowPaths::opIn): + (JSC::CommonSlowPaths::opResolve): + (JSC::CommonSlowPaths::opResolveSkip): + (JSC::CommonSlowPaths::opResolveWithBase): + (JSC::CommonSlowPaths::opResolveWithThis): + +2012-01-06 Sam Weinig <sam@webkit.org> + + Fix windows build. + + * wtf/TypeTraits.cpp: + +2012-01-05 Michael Saboff <msaboff@apple.com> + + Default HashTraits for Opcode don't work for Opcode = 0 + https://bugs.webkit.org/show_bug.cgi?id=75595 + + Reviewed by Oliver Hunt. + + Removed the populating of the m_opcodeIDTable table in the + case where the OpcodeID and Opcode are the same (m_enabled is false). + Instead we just cast the one type to the other. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::initialize): + (JSC::Interpreter::isOpcode): + * interpreter/Interpreter.h: + (JSC::Interpreter::getOpcodeID): + +2012-01-06 Sam Weinig <sam@webkit.org> + + Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr + https://bugs.webkit.org/show_bug.cgi?id=75737 + + Reviewed by Anders Carlsson. + + * wtf/TypeTraits.cpp: + * wtf/TypeTraits.h: + Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray + is composed of some helpers which are also exposed, Conditional<>, which + can provide one type or another based on a boolean predicate, IsArray<> + which can deduce array types, and RemoveExtent<>, which removes the extent + from an array type. + +2012-01-06 Oliver Hunt <oliver@apple.com> + + GetByteArrayLength is incorrect + https://bugs.webkit.org/show_bug.cgi?id=75735 + + Reviewed by Filip Pizlo. + + Load the byte array length from the correct location. + This stops an existing test from hanging. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-01-06 Filip Pizlo <fpizlo@apple.com> + + Fix build. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2012-01-06 Oliver Hunt <oliver@apple.com> + + DFG no longer optimises CanvasPixelArray + https://bugs.webkit.org/show_bug.cgi?id=75729 + + Reviewed by Gavin Barraclough. + + Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match + the future name when we switch over to the new typed-array based + ImageData specification. + + * runtime/JSByteArray.cpp: + +2012-01-06 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> + + Use HashMap<OwnPtr> for SourceProviderCache items + https://bugs.webkit.org/show_bug.cgi?id=75346 + + Reviewed by Daniel Bates. + + * parser/Parser.cpp: + * parser/SourceProviderCache.cpp: + (JSC::SourceProviderCache::clear): + (JSC::SourceProviderCache::add): + * parser/SourceProviderCache.h: + +2012-01-06 Sam Weinig <sam@webkit.org> + + Remove unused OwnFastMallocPtr class. + https://bugs.webkit.org/show_bug.cgi?id=75722 + + Reviewed by Geoffrey Garen. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + * wtf/OwnFastMallocPtr.h: Removed. + * wtf/text/StringImpl.h: + * wtf/wtf.pro: + +2012-01-06 Benjamin Poulain <bpoulain@webkit.org> + + [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates + https://bugs.webkit.org/show_bug.cgi?id=75631 + + Reviewed by Andreas Kling. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2012-01-06 Eric Seidel <eric@webkit.org> and Gustavo Noronha Silva <gustavo.noronha@collabora.com> + + Make the new WTF module build on Gtk + https://bugs.webkit.org/show_bug.cgi?id=75669 + + * GNUmakefile.am: + +2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> + + [Qt] Remove un-needed VPATHs from project includes + + Reviewed by Simon Hausmann. + + * JavaScriptCore.pri: + * wtf/wtf.pri: + +2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> + + [Qt] Move listing of include paths and libs to pri files in sources + + Includepaths are sometimes modified by non-Qt contributors so keeping + them in files inside Sources makes it more likely that they are updated + along with project files for the other ports. + + Using pri files instead of prf files for this also has the benefit that + the include() from the main target file can be parsed and followed by + Qt Creator -- something that does not work with load(). + + Dependency from a target to a library through the WEBKIT variable are + handled through forwarding-files in Tools/qmake/mkspecs/modules, which + set the source root of the module and include the right pri file. + + Ideally we'd use the variant of include() that takes an optional + namespace to read the variables into, or the fromfile() function, + but both of these add an overhead of about 40% on the total qmake + runtime, due to making a deep copy of all the variables in the + project or re-reading all the prf files from scratch. + + Reviewed by Simon Hausmann. + Reviewed by Ossy. + + * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf. + * Target.pri: + * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf. + * wtf/wtf.pro: + +2012-01-06 Hajime Morrita <morrita@chromium.org> + + WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE + https://bugs.webkit.org/show_bug.cgi?id=75612 + + Reviewed by Kevin Ollivier. + + * wtf/text/WTFString.h: + (WTF::String::findIgnoringCase): + (WTF::String::append): + (WTF::String::fromUTF8): + (WTF::String::fromUTF8WithLatin1Fallback): + (WTF::String::isHashTableDeletedValue): + +2012-01-05 Dan Bernstein <mitz@apple.com> + + <rdar://problem/10633760> Update copyright strings + + Reviewed by Mark Rowe. + + * Info.plist: + +2012-01-05 Gavin Barraclough <barraclough@apple.com> + + Date constructor handles infinite values incorrectly. + https://bugs.webkit.org/show_bug.cgi?id=70998 + + Reviewed by Filip Pizlo. + + * runtime/DateConstructor.cpp: + (JSC::constructDate): + - should be checking !finite rather then isnan. + +2012-01-05 Gavin Barraclough <barraclough@apple.com> + + date.toISOString produces incorrect results for dates with ms prior to 1970 + https://bugs.webkit.org/show_bug.cgi?id=75684 + + Reviewed by Sam Weinig. + + * runtime/DatePrototype.cpp: + (JSC::dateProtoFuncToISOString): + +2012-01-05 Gavin Barraclough <barraclough@apple.com> + + Array.prototype.lastIndexOf ignores undefined fromIndex. + https://bugs.webkit.org/show_bug.cgi?id=75678 + + Reviewed by Sam Weinig. + + array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x) + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncLastIndexOf): + - should check argumnet count, rather than checking agument value for undefined. + +2012-01-05 Gavin Barraclough <barraclough@apple.com> + + Date parsing is too restrictive. + https://bugs.webkit.org/show_bug.cgi?id=75671 + + Reviewed by Oliver Hunt. + + ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15). + The spec allow a date to be date only, or date + time. + + The date portion on the should match: (pseudocode!:) + [(+|-)YY]YYYY[-MM[-DD]] + though we are slightly more liberal (permitted by the spec), allowing: + [+|-]Y+[-MM[-DD]] + The time portion should match: + THH:mm[:ss[.sss]][Z|(+|-)HH:mm] + again we're slightly more liberal, allowing: + THH:mm[:ss[.s+]][Z|(+|-)HH:mm] + + * wtf/DateMath.cpp: + (WTF::parseES5DatePortion): + - Month/day fields are optional, default to 01. + (WTF::parseES5TimePortion): + - Hours/Minutes are requires, seconds/timezone are optional. + (WTF::parseES5DateFromNullTerminatedCharacters): + - Dates may be date only, or date + time. + +2012-01-05 Bruno Dilly <bdilly@profusion.mobi> + + [EFL] Undefined references to ICU_I18N symbols on WTF + https://bugs.webkit.org/show_bug.cgi?id=75642 + + Unreviewed build fix. + + Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake. + Some undefined references were ucol_setAttribute_44, ucol_close_44, + ucol_getAttribute_44... + + * wtf/PlatformEfl.cmake: + +2012-01-05 Geoffrey Garen <ggaren@apple.com> + + Refined the fast path for StringImpl::hash() + https://bugs.webkit.org/show_bug.cgi?id=75178 + + Reviewed by Darin Adler. + + Moved the hash calculation code into an out-of-line function to clean up + the hot path. + + No measurable benchmark change, but this knocks some samples off in + Instruments, and I think this is a step toward removing -fomit-frame-pointer. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::hashSlowCase): + * wtf/text/StringImpl.h: + (WTF::StringImpl::hash): The patch. + + * wtf/text/StringStatics.cpp: + (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build + scheme, which requires all out-of-line StringImpl functions used by + WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.) + +2012-01-05 Gavin Barraclough <barraclough@apple.com> + + Literal tab in JSONString fails + https://bugs.webkit.org/show_bug.cgi?id=71772 + + Reviewed by Oliver Hunt. + + rfc4627 does not allow literal tab characters in JSON source. + + * runtime/LiteralParser.cpp: + (JSC::isSafeStringCharacter): + - do not allow literal tab in StrictJSON mode. + +2012-01-05 Gavin Barraclough <barraclough@apple.com> + + push/shift fifo may consume excessive memory + https://bugs.webkit.org/show_bug.cgi?id=75610 + + Reviewed by Sam Weinig. + + Array object commonly store data in a vector, consisting of a portion that is + in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between + m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and + the current algorithm for increaseVectorLength (used by push, or [[Put]]) will + never shrink the pre-capacity, so a push/shift fifo may consume an inordinate + amount of memory, whilst having a relatively small active length. + + * runtime/JSArray.cpp: + (JSC::JSArray::increaseVectorLength): + - If m_indexBias is non-zero, decay it over time. + +2012-01-05 Csaba Osztrogonác <ossy@webkit.org> + + unshift/pop fifo may consume excessive memory + https://bugs.webkit.org/show_bug.cgi?id=75588 + + Reviewed by Zoltan Herczeg. + + Buildfix after r104120. + + * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true + (JSC::JSArray::unshiftCount): + +2012-01-05 Zoltan Herczeg <zherczeg@webkit.org> + + Unreviewed gardening after r104134. + + * wtf/Assertions.cpp: + +2012-01-05 Zoltan Herczeg <zherczeg@webkit.org> + + Unreviewed gardening after r75605. + + Rubber stamped by NOBODY Csaba Osztrogonác. + + * wtf/Assertions.cpp: + +2012-01-05 Benjamin Poulain <benjamin@webkit.org> + + Improve charactersAreAllASCII() to compare multiple characters at a time + https://bugs.webkit.org/show_bug.cgi?id=74063 + + Reviewed by Darin Adler. + + A new header ASCIIFastPath.h contains the functions related to + the detection of ASCII by using machine words. Part of it comes from + WebCore's TextCodecASCIIFastPath.h. + + The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h + and is implemented with computer word comparison. + The gain over the previous implementation of charactersAreAllASCII() is of + the order of how many comparison are avoided (4x, 8x, 16x depending on the + format and the CPU type). + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/text/ASCIIFastPath.h: Added. + (WTF::isAlignedToMachineWord): + (WTF::alignToMachineWord): + (WTF::isAllASCII): + (WTF::charactersAreAllASCII): + * wtf/text/WTFString.h: + * wtf/wtf.pro: + +2012-01-05 Mark Rowe <mrowe@apple.com> + + <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL + + We should always log to both ASL and stderr on platforms where this won't result in launchd + duplicating the messages. + + Reviewed by Dan Bernstein. + + * wtf/Assertions.cpp: + (vprintf_stderr_common): + +2012-01-05 Mark Rowe <mrowe@apple.com> + + <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line + + Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a + single line of text. This results in strangely formatted output if vprintf_stderr_common is + retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented + like stderr. + + Reviewed by Dan Bernstein. + + * wtf/Assertions.cpp: + (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format + string before handing it off to vprintf_stderr_common. This requires disabling warnings about + calling a printf-like function with a non-literal format string for this piece of code. It's + safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix. + (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the + given format string if one does not already exist. It requires the same treatment with regards + to the non-literal format string warning. + (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix. + (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common. + (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix. + (WTFReportError): Ditto. + (WTFLog): Switch to using vprintf_stderr_with_trailing_newline. + (WTFLogVerbose): Ditto. + +2012-01-04 Gavin Barraclough <barraclough@apple.com> + + unshift/pop fifo may consume excessive memory + https://bugs.webkit.org/show_bug.cgi?id=75588 + + Reviewed by Sam Weinig. + + The Array object commonly store data in a vector, consisting of a portion that + is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between + m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the + current algorithm for increasePrefixVectorLength (used by unshift) will never + stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount + of memory, whilst having a relatively small active length. + + * runtime/JSArray.cpp: + (JSC::storageSize): + - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>) + (JSC::SparseArrayValueMap::put): + - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>) + (JSC::JSArray::increaseVectorLength): + - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>) + (JSC::JSArray::unshiftCountSlowCase): + - renamed from increaseVectorPrefixLength (this was a bad name, since it + also moved the ArrayStorage header), rewritten. + (JSC::JSArray::shiftCount): + - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned + (JSC::JSArray::unshiftCount): + - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned, + increaseVectorPrefixLength renamed to unshiftCountSlowCase + (JSC::JSArray::sortNumeric): + * runtime/JSArray.h: + - Updated function declarations, m_indexBias should be unsigned. + +2012-01-04 Mark Rowe <mrowe@apple.com> + + <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments + + Since JSC::Arguments has an OwnPtr for a member it needs to override destroy + to ensure that the correct destructor is invoked. This is necessary because + JSCell subclasses all intentionally have non-virtual destructors. + + Reviewed by Filip Pizlo. + + * runtime/Arguments.cpp: + (JSC::Arguments::destroy): + * runtime/Arguments.h: + +2012-01-04 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, accidentally turned off the JIT in previous commit. Turning + it back on. + + * wtf/Platform.h: + +2012-01-04 Filip Pizlo <fpizlo@apple.com> + + Changed "return" to "break" in some macrology I introduced in + http://trac.webkit.org/changeset/104086. This is a benign change, as + "return" was technically correct for all uses of the macro. + + Reviewed by Oliver Hunt. + + * dfg/DFGGraph.cpp: + * wtf/Platform.h: + +2012-01-04 Michael Saboff <msaboff@apple.com> + + StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset + https://bugs.webkit.org/show_bug.cgi?id=75583 + + Reviewed by Filip Pizlo. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding + StructureStubInfo and reset the appropriate JIT and + the StructureStubInfo itself when reseting a MethodCallLinkInfo. + +2012-01-04 Michael Saboff <msaboff@apple.com> + + Invalid ASSERT() in DFGRepatch.cpp near line 385 + https://bugs.webkit.org/show_bug.cgi?id=75584 + + Reviewed by Filip Pizlo. + + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==. + +2012-01-04 Filip Pizlo <fpizlo@apple.com> + + Incorrect use of DFG node reference counts when mutating the graph + https://bugs.webkit.org/show_bug.cgi?id=75580 + <rdar://problem/10644607> + + Reviewed by Oliver Hunt. + + Made deref(node) follow the pattern of ref(node), which it should have + to begin with. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::refChildren): + (JSC::DFG::Graph::derefChildren): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::deref): + (JSC::DFG::Graph::clearAndDerefChild1): + (JSC::DFG::Graph::clearAndDerefChild2): + (JSC::DFG::Graph::clearAndDerefChild3): + * dfg/DFGNode.h: + (JSC::DFG::Node::deref): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::fixupNode): + +2012-01-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> + + [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies + + The custom qmake variable 'WEBKIT' is used for signaling that a + target depends in some way on other subproject of the WebKit + project. For now this is limited to the set of intermediate + libraries: wtf, javascriptcore, webcore, and webkit2. + + This replaces the previous convension of using load(foo) for + just include paths, and CONFIG += foo to also link against foo. + + Adding a dependency results in additional include paths being + available, and potentially linking to the library. This is + decided by the build system based on conditions such as what + kind of target is being built and the general build config. + + An advantage to his approach is that it simplifies the individual + foo.prf files, for example by allowing us to use INCLUDEPATH += + and LIBS += as normal instead of prepending. + + Reviewed by Simon Hausmann. + + * Target.pri: + * jsc.pro: + * wtf/wtf.pro: + +2012-01-03 Filip Pizlo <fpizlo@apple.com> + + DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong + https://bugs.webkit.org/show_bug.cgi?id=75516 + <rdar://problem/10640266> + + Reviewed by Gavin Barraclough. + + Removed the offending assertion, since it was wrong. Also hardened the code to make + this case less likely by first having the propagator fixpoint converge, and then doing + double voting combined with a second fixpoint. This is neutral on benchmarks and + fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double + until we've converged to the conclusion that it really is double). + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagatePredictions): + * dfg/DFGVariableAccessData.h: + (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): + +2012-01-03 Filip Pizlo <fpizlo@apple.com> + + REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds + https://bugs.webkit.org/show_bug.cgi?id=75303 + <rdar://problem/10633533> + + Reviewed by Gavin Barraclough. + + The this argument was not being kept alive in some cases during inlining and intrinsic + optimizations. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::emitFunctionCheck): + (JSC::DFG::ByteCodeParser::handleInlining): + +2012-01-03 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-01-03 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-01-03 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75140 + + Reviewed by Sam Weinig. + + Rewrite JSArray::putSlowCase to be much cleaner & simpler. + + This rewrite only significantly changes behaviour for sparse array, specifically + in how sparse arrays are reified back to vector form. This does not affect arrays + with less than 10000 entries (since these always use a vector). The more common + cases of sparse array behavior (though large sparse arrays are rare) - arrays that + always remain sparse, and arrays that are filled in reverse sequential order - + should be just as fast or faster (since reification is simpler & no longer + requires map lookups) after these changes. + + Simplifying this code allows all cases of putByIndex that need to grow the vector + to do so via increaseVectorLength, which means that this method can encapsulate + the policy of determining how the vector should be grown. + + No performance impact. + + * runtime/JSArray.cpp: + (JSC::isDenseEnoughForVector): + - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector. + (JSC::JSArray::putByIndex): + - simplify & comment. + (JSC::JSArray::putByIndexBeyondVectorLength): + - Re-written to be much clearer & simpler. + (JSC::JSArray::increaseVectorLength): + (JSC::JSArray::increaseVectorPrefixLength): + - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so. + (JSC::JSArray::push): + - simplify & comment. + * runtime/JSArray.h: + - removed SparseArrayValueMap::take. + +2012-01-03 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2012-01-03 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75140 + + Reviewed by Sam Weinig. + + Simplify JSArray creation - remove ArgsList/JSValue* create methods + (this functionality can be implemented in terms of tryCreateUninitialized). + + * JavaScriptCore.exp: + * runtime/ArrayConstructor.cpp: + - use constructArray/constructEmptyArray instead of calling JSArray::create directly + (JSC::constructArrayWithSizeQuirk): + * runtime/JSArray.cpp: + * runtime/JSArray.h: + - removed ArgsList/JSValue* create methods + * runtime/JSGlobalObject.h: + (JSC::constructEmptyArray): + (JSC::constructArray): + - changed to be implemented in terms of JSArray::tryCreateUninitialized + +2012-01-03 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75429 + ThrowTypeError should be a singleton object + + Reviewed by Sam Weinig. + + Per section 13.2.3 of the spec. + We could change setAccessorDescriptor to be able to share the global + GetterSetter object, rather than storing the accessor functions and + creating a new GetterSetter in defineProperty - but this won't be a + small change to PropertyDescriptors (and would probably mean making + GetterSetter objects immutable?) - so I'll leave that for another + patch. + + * JavaScriptCore.exp: + - don't export setAccessorDescriptor + * runtime/Arguments.cpp: + (JSC::Arguments::createStrictModeCallerIfNecessary): + (JSC::Arguments::createStrictModeCalleeIfNecessary): + - call throwTypeErrorGetterSetter instead of createTypeErrorFunction + * runtime/Error.cpp: + * runtime/Error.h: + - remove createTypeErrorFunction + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + - remove unused createDescriptorForThrowingProperty + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::visitChildren): + - removed m_strictModeTypeErrorFunctionStructure. + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::internalFunctionStructure): + - removed m_strictModeTypeErrorFunctionStructure. + * runtime/PropertyDescriptor.cpp: + (JSC::PropertyDescriptor::setAccessorDescriptor): + - changed to take a GetterSetter + * runtime/PropertyDescriptor.h: + - changed to take a GetterSetter + +2012-01-02 Gavin Barraclough <barraclough@apple.com> + + Check in fixes for jsc tests following bug #75455. + + * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js: + * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js: + +2012-01-02 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75452 + If argument to Error is undefined, message is not set + + Reviewed by Sam Weinig. + + Per section 15.11.1.1 of the spec. + + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::create): + (JSC::ErrorInstance::finishCreation): + +2012-01-02 Gavin Barraclough <barraclough@apple.com> + + ES5 prohibits parseInt from supporting octal + https://bugs.webkit.org/show_bug.cgi?id=75455 + + Reviewed by Sam Weinig. + + See sections 15.1.2.2 and annex E. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::parseInt): + +2012-01-02 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=55343 + Global JSON should be configurable but isn't + + Reviewed by Sam Weinig. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + - make JSON configurable + +2012-01-01 Filip Pizlo <fpizlo@apple.com> + + Call instructions should leave room for linking information + https://bugs.webkit.org/show_bug.cgi?id=75422 + <rdar://problem/10633985> + + Reviewed by Oliver Hunt. + + * bytecode/Opcode.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitConstruct): + +2011-12-31 Dan Bernstein <mitz@apple.com> + + Continue trying to fix the Windows build after r103823. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-12-31 Dan Bernstein <mitz@apple.com> + + Start trying to fix the Windows build after r103823. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-12-30 Anders Carlsson <andersca@apple.com> + + Add a ParamStorageTraits specialization for RetainPtr + https://bugs.webkit.org/show_bug.cgi?id=75392 + + Reviewed by Daniel Bates. + + * wtf/Functional.h: + Add a partial specialization of ParamStorageTraits for RetainPtr<T>. + + * wtf/RetainPtr.h: + Bring in the retainPtr function template from WTF. + +2011-12-29 Sam Weinig <sam@webkit.org> + + It should be easier to iterate a Vector backwards + https://bugs.webkit.org/show_bug.cgi?id=75359 + + Reviewed by Anders Carlsson. + + Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(), + a new proxy driven way to access a vector backwards. One can use + reversed() in a range-based for loop like so: + + for (auto val: myVector.reversed()) + doSomething(val) + + * wtf/Vector.h: + (WTF::Vector::~Vector): + Fix style. + + (WTF::Vector::rbegin): + (WTF::Vector::rend): + Added using standard adaptor std::reverse_iterator. + + (WTF::Vector::reversed): + (WTF::Vector::VectorReverseProxy::begin): + (WTF::Vector::VectorReverseProxy::end): + Add proxy similar to one used in HashMap for keys() and values() + which allows access to a Vector backwards for use in range-based + for loops. + +2011-12-29 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75140 + + Reviewed by Oliver Hunt. + + Start cleaning up JSArray construction. JSArray has a set of create methods, + one of which (currently) takes a 'creation mode' enum parameter. Based on that + parameter, the constructor does one of two completely different things. If the + parameter is 'CreateInitialized' it creates an array, setting the length, but + does not eagerly allocate a storage vector of the specified length. A small + (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property + access to the vector will read the hole value (return undefined). The alternate + usage of this method ('CreateCompact') does something very different. It tries + to create an array of the requested length, and also allocates a storage vector + large enough to hold all properties. It does not clear the storage vector, + leaving the memory uninitialized and requiring the user to call a method + 'uncheckedSetIndex' to initialize values in the vector. + + This patch factors out these two behaviours, moving the 'CreateCompact' mode + into its own method, 'tryCreateUninitialized' (matching the naming for this + functionality in the string classes). 'tryCreateUninitialized' may return 0 if + memory allocation fails during construction of the object. The construction + pattern changes such that values added during initialization will be marked if + a GC is triggered during array allocation. 'CreateInitialized' no longer need + be passed to create a normal, fully constructed array with a length, and this + method is merged with the version of 'create' that does not take an initial + length (length parameter defaults to 0). + + * JavaScriptCore.exp: + * runtime/ArrayConstructor.cpp: + (JSC::constructArrayWithSizeQuirk): + - removed 'CreateInitialized' argument + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncSplice): + - changed to call 'tryCreateUninitialized' + * runtime/FunctionPrototype.cpp: + (JSC::functionProtoFuncBind): + - changed to call 'tryCreateUninitialized' + * runtime/JSArray.cpp: + (JSC::JSArray::JSArray): + - initialize m_storage to null; if construction fails, make destruction safe + (JSC::JSArray::finishCreation): + - merge versions of this method, takes an initialLength parameter defaulting to zero + (JSC::JSArray::tryFinishCreationUninitialized): + - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0 + (JSC::JSArray::~JSArray): + - check for null m_storage, in case array construction failed. + (JSC::JSArray::increaseVectorPrefixLength): + * runtime/JSArray.h: + (JSC::JSArray::create): + - merge versions of this method, takes an initialLength parameter defaulting to zero + (JSC::JSArray::tryCreateUninitialized): + - version of 'create' that tries to eagerly allocate storage; may fail & return 0 + (JSC::JSArray::initializeIndex): + (JSC::JSArray::completeInitialization): + - used in conjunction with 'tryCreateUninitialized' to initialize the array + * runtime/JSGlobalObject.h: + (JSC::constructEmptyArray): + - removed 'CreateInitialized' argument + * runtime/RegExpConstructor.cpp: + (JSC::RegExpMatchesArray::finishCreation): + - removed 'CreateInitialized' argument + +2011-12-29 Anders Carlsson <andersca@apple.com> + + Add a retainPtr function template + https://bugs.webkit.org/show_bug.cgi?id=75365 + + Reviewed by Dan Bernstein. + + This makes it easier to make a RetainPtr using template argument deduction, which + is useful when passing RetainPtr objects as function arguments. + + * wtf/RetainPtr.h: + (WTF::retainPtr): + +2011-12-28 Yuqiang Xian <yuqiang.xian@intel.com> + + spill unboxed values in DFG 32_64 + https://bugs.webkit.org/show_bug.cgi?id=75291 + + Reviewed by Filip Pizlo. + + Currently all the values are spilled as boxed in DFG 32_64, which is + not necessary and introduces additional stores/loads. Instead we + can spill them as unboxed if feasible. It can be applied to the + Integers, Cells and Booleans in DFG 32_64. Doubles are left as is + because they don't need to be boxed at all. The modifications to the + spill/fill and the OSR exit are required, as well as a bug fix to the + "isUnknownJS" logic. + + * bytecode/ValueRecovery.h: + (JSC::ValueRecovery::displacedInRegisterFile): + (JSC::ValueRecovery::virtualRegister): + (JSC::ValueRecovery::dump): + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::isUnknownJS): + (JSC::DFG::GenerationInfo::spill): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::isKnownNotBoolean): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::silentFillGPR): + (JSC::DFG::SpeculativeJIT::spill): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillInteger): + (JSC::DFG::SpeculativeJIT::fillDouble): + (JSC::DFG::SpeculativeJIT::fillJSValue): + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-28 Anders Carlsson <andersca@apple.com> + + Add an implicit block conversion operator to WTF::Function + https://bugs.webkit.org/show_bug.cgi?id=75325 + + Reviewed by Dan Bernstein. + + * wtf/Compiler.h: + Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation + is buggy, especially when it comes to C++. + + * wtf/Functional.h: + Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed. + +2011-12-27 Anders Carlsson <andersca@apple.com> + + Add a new WTF::bind overload that takes 6 parameters + https://bugs.webkit.org/show_bug.cgi?id=75287 + + Reviewed by Sam Weinig. + + * wtf/Functional.h: + +2011-12-27 Sam Weinig <sam@webkit.org> + + Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro + https://bugs.webkit.org/show_bug.cgi?id=75268 + + Reviewed by Anders Carlsson. + + * wtf/Compiler.h: + Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). + + * wtf/Noncopyable.h: + Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). + + * wtf/NullPtr.cpp: + * wtf/NullPtr.h: + Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR). + + * wtf/RefPtr.h: + * wtf/RetainPtr.h: + Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR). + +2011-12-27 Anders Carlsson <andersca@apple.com> + + Misc fixes and cleanups in Functional.h + https://bugs.webkit.org/show_bug.cgi?id=75281 + + Reviewed by Andreas Kling. + + - Reformat template declarations so that the class begins on a new line. + - Change the parameter template parameters to start at P1 instead of P0. + - Add function wrappers and bind overloads for 4 and 5 parameter functions. + - Change the Function call operator to be const so const functions can be called. + + * wtf/Functional.h: + +2011-12-27 Tony Chang <tony@chromium.org> + + [chromium] Minor cleanup of gyp files. + https://bugs.webkit.org/show_bug.cgi?id=75269 + + Reviewed by Adam Barth. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed + and vim/emacs specific hooks should be added by the user. + +2011-12-27 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75260 + Null name for host function can result in dereference of uninitialize memory + + Reviewed by Filip Pizlo. + + This is a recent regression in ToT, if the name passed to finishCreation of a host function is null, + we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the + aspect of the change that introduced the issue. It might be better if functions that don't have a + name don't have this property at all, but that's change should be separate from fixing the bug. + + * runtime/JSFunction.cpp: + (JSC::JSFunction::finishCreation): + - Always initialize the name property. + +2011-12-27 Anders Carlsson <andersca@apple.com> + + Function should handle wrapping/unwrapping RefPtr and PassRefPtr + https://bugs.webkit.org/show_bug.cgi?id=75266 + + Reviewed by Sam Weinig. + + Add ParamStorageTraits that can be used for deciding how bound parameters should be stored + and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn. + For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking. + + * wtf/Functional.h: + (WTF::ParamStorageTraits::wrap): + (WTF::ParamStorageTraits::unwrap): + +2011-12-27 Tony Chang <tony@chromium.org> + + [chromium] really enable wpo for WebCore libs and for WTF + https://bugs.webkit.org/show_bug.cgi?id=75264 + + Reviewed by Adam Barth. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr. + +2011-12-26 Gavin Barraclough <barraclough@apple.com> + + Errk! OS X build fix. + + * JavaScriptCore.exp: + +2011-12-26 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSObject.h: + +2011-12-26 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75231 + Fail to throw in strict mode on assign to read only static properties + + Reviewed by Filip Pizlo. + + There are three bugs here: + * symbolTablePut should throw for strict mode accesses. + * lookupPut should throw for strict mode accesses. + * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties. + + * runtime/JSActivation.cpp: + (JSC::JSActivation::symbolTablePut): + (JSC::JSActivation::put): + * runtime/JSActivation.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::put): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::put): + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::symbolTablePut): + * runtime/Lookup.h: + (JSC::lookupPut): + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::put): + * runtime/NumberConstructor.h: + +2011-12-26 Gavin Barraclough <barraclough@apple.com> + + Fix miss-commit of utf8 change. + + Reviewed by Filip Pizlo + + Eeep, patch as landed a while ago had no effect! - acidentally landed + modified version of patch used for performance testing. + + (This isn't covered by layout tests because layour tests don't use jsc, + and the tests/mozilla tests use latin1, which was already supported!) + + Landing changes as intended (and as originally reviewed). + + * jsc.cpp: + (jscSource): + +2011-12-26 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for ARMv7. + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::load16Signed): + (JSC::MacroAssemblerARMv7::load8Signed): + +2011-12-26 Hajime Morrita <morrita@google.com> + + Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE + https://bugs.webkit.org/show_bug.cgi?id=74990 + + Reviewed by Kevin Ollivier. + + * runtime/JSExportMacros.h: Removed JS_INLINE + * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE + +2011-12-24 Filip Pizlo <fpizlo@apple.com> + + The ArgumentCount field in the CallFrame should have its tag left blank for other uses + https://bugs.webkit.org/show_bug.cgi?id=75199 + <rdar://problem/10625105> + <rdar://problem/10625106> + + Reviewed by Oliver Hunt. + + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + * interpreter/CallFrame.h: + (JSC::ExecState::argumentCountIncludingThis): + (JSC::ExecState::setArgumentCountIncludingThis): + * interpreter/Register.h: + (JSC::Register::unboxedInt32): + (JSC::Register::unboxedBoolean): + (JSC::Register::unboxedCell): + (JSC::Register::payload): + (JSC::Register::tag): + * jit/JITCall.cpp: + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileLoadVarargs): + (JSC::JIT::compileOpCall): + +2011-12-25 Andreas Kling <awesomekling@apple.com> + + Yarr: Avoid copying vectors in CharacterClassConstructor. + <http://webkit.org/b/75206> + + Reviewed by Darin Adler. + + Yarr::CharacterClassConstructor::charClass() was hot when loading twitter + feeds (1.2%), replace the usage of Vector::append() by swap() since we're + always clearing the source vector afterwards anyway. + + * yarr/YarrPattern.cpp: + (JSC::Yarr::CharacterClassConstructor::charClass): + +2011-12-24 Darin Adler <darin@apple.com> + + Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn + https://bugs.webkit.org/show_bug.cgi?id=72476 + + Reviewed by Sam Weinig. + + * wtf/HashTraits.h: Defined PassInType and store function in HashTraits<RefPtr>. + +2011-12-23 Geoffrey Garen <ggaren@apple.com> + + Inlined Yarr::execute + https://bugs.webkit.org/show_bug.cgi?id=75180 + + Reviewed reluctantly by Beth Dakin. + + Tiny speedup on SunSpider string tests. Removes some samples from + Instruments. A step toward removing -fomit-frame-pointer. + + * yarr/YarrJIT.cpp: + * yarr/YarrJIT.h: + (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?! + +2011-12-23 Filip Pizlo <fpizlo@apple.com> + + DFG loads from signed 8-bit and 16-bit typed arrays are broken + https://bugs.webkit.org/show_bug.cgi?id=75163 + + Reviewed by Geoffrey Garen. + + Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm + currently disabling Int8Array and Int16Array optimizations on ARM. + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::load8Signed): + (JSC::MacroAssemblerX86Common::load16Signed): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movswl_mr): + (JSC::X86Assembler::movsbl_mr): + * bytecode/PredictedType.h: + (JSC::isActionableMutableArrayPrediction): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateInt8Array): + (JSC::DFG::Node::shouldSpeculateInt16Array): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): + +2011-12-23 Filip Pizlo <fpizlo@apple.com> + + DFG does double-to-int conversion incorrectly when storing into int typed arrays + https://bugs.webkit.org/show_bug.cgi?id=75164 + <rdar://problem/10557547> + + Reviewed by Geoffrey Garen. + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32): + (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + +2011-12-23 Geoffrey Garen <ggaren@apple.com> + + Refactored String.prototype.replace + https://bugs.webkit.org/show_bug.cgi?id=75114 + + Reviewed by Darin Adler. + + No performance difference. + + I think this is a step toward removing -fomit-frame-pointer. + + * runtime/JSString.cpp: + * runtime/JSString.h: Removed the test and special case for a single-character + search string because the standard path does this test and special case + for us. (As an aside, if we do come up with a unique single-character + replace optimization in future, it probably belongs in the replace function, + and not in JSString.) + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncReplace): Split this mega-sized function into: + (JSC::replaceUsingStringSearch): - This reasonably sized function, and + (JSC::replaceUsingRegExpSearch): - This still mega-sized function. + +2011-12-23 Pierre Rossi <pierre.rossi@gmail.com> + + [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html + https://bugs.webkit.org/show_bug.cgi?id=75087 + + monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds. + + Reviewed by Darin Adler. + + * wtf/CurrentTime.cpp: + (WTF::monotonicallyIncreasingTime): + +2011-12-22 Filip Pizlo <fpizlo@apple.com> + + DFG should not speculate array even when predictions say that the base is not an array + https://bugs.webkit.org/show_bug.cgi?id=75160 + <rdar://problem/10622646> + <rdar://problem/10622649> + + Reviewed by Oliver Hunt. + + Added the ability to call slow path when the base is known to not be an array. + Also rationalized the logic for deciding when the index is not an int, and + cleaned up the logic for deciding when to speculate typed array. + + Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can + likely be mitigated by having the notion of a polymorphic array access, where we + try, but don't speculate, to access the array one way before either trying some + other ways or calling slow path. + + * bytecode/PredictedType.h: + (JSC::isActionableMutableArrayPrediction): + (JSC::isActionableArrayPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateInt8Array): + (JSC::DFG::Node::shouldSpeculateInt16Array): + (JSC::DFG::Node::shouldSpeculateInt32Array): + (JSC::DFG::Node::shouldSpeculateUint8Array): + (JSC::DFG::Node::shouldSpeculateUint16Array): + (JSC::DFG::Node::shouldSpeculateUint32Array): + (JSC::DFG::Node::shouldSpeculateFloat32Array): + (JSC::DFG::Node::shouldSpeculateFloat64Array): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::byValIsPure): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-22 Gavin Barraclough <barraclough@apple.com> + + Unreviewed - fix stylebot issues from last patch. + + * runtime/JSArray.cpp: + (JSC::JSArray::putSlowCase): + +2011-12-22 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=75151 + Add attributes field to JSArray's SparseMap + + Reviewed by Sam Weinig. + + This will be necessary to be able to support non- writable/configurable/enumerable + properties, and helpful for getters/setters. + + Added a concept of being 'inSparseMode' - this indicates the array has a non-standard + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncSort): + - JSArray::sort methods not allowed on arrays that are 'inSparseMode'. + (must fall back to generic sort alogrithm). + * runtime/JSArray.cpp: + (JSC::JSArray::finishCreation): + - moved reportedMapCapacity into the SparseArrayValueMap object. + (JSC::SparseArrayValueMap::find): + (JSC::SparseArrayValueMap::put): + (JSC::SparseArrayValueMap::visitChildren): + - Added. + (JSC::JSArray::getOwnPropertySlotByIndex): + (JSC::JSArray::getOwnPropertyDescriptor): + (JSC::JSArray::putSlowCase): + (JSC::JSArray::deletePropertyByIndex): + (JSC::JSArray::getOwnPropertyNames): + (JSC::JSArray::setLength): + (JSC::JSArray::pop): + (JSC::JSArray::visitChildren): + - Updated for changes in SparseArrayValueMap. + (JSC::JSArray::sortNumeric): + (JSC::JSArray::sort): + (JSC::JSArray::compactForSorting): + - Disallow on 'SparseMode' arrays. + * runtime/JSArray.h: + (JSC::SparseArrayEntry::SparseArrayEntry): + - An entry in the sparse array - value (WriteBarrier) + attributes. + (JSC::SparseArrayValueMap::SparseArrayValueMap): + (JSC::SparseArrayValueMap::sparseMode): + (JSC::SparseArrayValueMap::setSparseMode): + - Flags to track whether an Array is forced into SparseMode. + (JSC::SparseArrayValueMap::remove): + (JSC::SparseArrayValueMap::notFound): + (JSC::SparseArrayValueMap::isEmpty): + (JSC::SparseArrayValueMap::contains): + (JSC::SparseArrayValueMap::size): + (JSC::SparseArrayValueMap::begin): + (JSC::SparseArrayValueMap::end): + - accessors to the map + (JSC::SparseArrayValueMap::take): + - only for use on non-SpareMode arrays. + (JSC::JSArray::inSparseMode): + - Added. + +2011-12-22 Filip Pizlo <fpizlo@apple.com> + + DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array + https://bugs.webkit.org/show_bug.cgi?id=75150 + <rdar://problem/10621900> + + Reviewed by Gavin Barraclough. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + +2011-12-22 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does exactly the wrong thing when doing strict equality on two known cells + https://bugs.webkit.org/show_bug.cgi?id=75138 + <rdar://problem/10621526> + + Reviewed by Oliver Hunt. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + +2011-12-22 Balazs Kelemen <kbalazs@webkit.org> + + Fix debug build with assertions disabled + https://bugs.webkit.org/show_bug.cgi?id=75075 + + Reviewed by Darin Adler. + + Check whether assertions are disabled instead of NDEBUG + where appropriate to avoid "defined but not used" warnings. + + * wtf/DateMath.cpp: + (WTF::initializeDates): + +2011-12-22 Mariusz Grzegorczyk <mariusz.g@samsung.com> + + [EFL] Missing plugins support for efl port + https://bugs.webkit.org/show_bug.cgi?id=44505 + + Reviewed by Anders Carlsson. + + Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port. + + * wtf/Platform.h: + +2011-12-22 Wei Charles <charles.wei@torchmobile.com.cn> + + Remove un-used data member of LiteralParser::Lex::m_string + https://bugs.webkit.org/show_bug.cgi?id=68216 + + Reviewed by George Staikos. + + * runtime/LiteralParser.h: + +2011-12-21 Dan Bernstein <mitz@apple.com> + + OS X build fix after r103488. + + * JavaScriptCore.exp: + +2011-12-21 Konrad Piascik <kpiascik@rim.com> + + Implement the JavaScriptCore bindings for eventListenerHandlerLocation + https://bugs.webkit.org/show_bug.cgi?id=74313 + + Reviewed by Eric Seidel. + + Updated project files to get Windows and Mac builds working. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-12-21 Filip Pizlo <fpizlo@apple.com> + + DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object + https://bugs.webkit.org/show_bug.cgi?id=75058 + <rdar://problem/10616612> + <rdar://problem/10617500> + + Reviewed by Oliver Hunt. + + Added a call to toThisObject() in the DFG when planting a direct reference to the global this object. + Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed + a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState* + is optional. + + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::globalThisObjectFor): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSObject.h: + +2011-12-21 Pierre Rossi <pierre.rossi@gmail.com> + + Implement montonicallyIncreasingClock() on Qt + https://bugs.webkit.org/show_bug.cgi?id=62159 + + Reviewed by Darin Adler. + + * wtf/CurrentTime.cpp: + (WTF::monotonicallyIncreasingTime): + +2011-12-20 Filip Pizlo <fpizlo@apple.com> + + 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails + https://bugs.webkit.org/show_bug.cgi?id=74997 + <rdar://problem/10612389> + + Reviewed by Gavin Barraclough. + + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_div): + +2011-12-20 Filip Pizlo <fpizlo@apple.com> + + JavaScriptCore should be consistent about how it reads and writes ArgumentCount + https://bugs.webkit.org/show_bug.cgi?id=74989 + <rdar://problem/10612006> + + Reviewed by Gavin Barraclough. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileLoadVarargs): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_get_arguments_length): + (JSC::JIT::emit_op_get_argument_by_val): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::SpecializedThunkJIT): + +2011-12-20 Filip Pizlo <fpizlo@apple.com> + + Value Profiles for arguments should be more easily accessible to the interpreter + https://bugs.webkit.org/show_bug.cgi?id=74984 + <rdar://problem/10611364> + + Reviewed by Gavin Barraclough. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::stronglyVisitStrongReferences): + (JSC::CodeBlock::shouldOptimizeNow): + (JSC::CodeBlock::dumpValueProfiles): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::setArgumentValueProfileSize): + (JSC::CodeBlock::numberOfArgumentValueProfiles): + (JSC::CodeBlock::valueProfileForArgument): + (JSC::CodeBlock::addValueProfile): + (JSC::CodeBlock::valueProfile): + (JSC::CodeBlock::valueProfileForBytecodeOffset): + (JSC::CodeBlock::totalNumberOfValueProfiles): + (JSC::CodeBlock::getFromAllValueProfiles): + * bytecode/ValueProfile.h: + (JSC::ValueProfile::ValueProfile): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + +2011-12-20 Gavin Barraclough <barraclough@apple.com> + + JSC shell should accept utf8 input. + + Reviewed by Filip Pizlo. + + * jsc.cpp: + (jscSource): + (functionRun): + (functionLoad): + (functionCheckSyntax): + (runWithScripts): + (runInteractive): + +2011-12-20 Gavin Barraclough <barraclough@apple.com> + + Rubber Stamped by Sam Weinig + + * runtime/JSGlobalData.cpp: + - removed some dead code. + +2011-12-19 Geoffrey Garen <ggaren@apple.com> + + Tightened up Vector<T>::append + https://bugs.webkit.org/show_bug.cgi?id=74906 + + Reviewed by Sam Weinig. + + Not a measurable speedup, but code inspection shows better code generated, + and I believe this is a step toward turning off -fomit-frame-pointer. + + * wtf/Vector.h: + (WTF::::append): + (WTF::::appendSlowCase): Split out the slow case into a separate function + to keep unnecessary instructions off the hot path. This means the hot + path can now be inlined more often. + + Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a + compiler work-around from 2007. + +2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com> + + Temporary GPR should not be lazily allocated in DFG JIT on X86 + https://bugs.webkit.org/show_bug.cgi?id=74908 + + Reviewed by Filip Pizlo. + + On X86, we used to allocate a temporary GPR lazily when it's really + used rather than defined. This may cause potential issues of + allocating registers inside control flow and result in problems in + subsequent code generation, for example the DFG JIT may think an + operand already being spilled (to satisfy the allocation request) and + generate code to read the data from memory, but the allocation and + spilling are in a branch which is not taken at runtime, so the + generated code is incorrect. + + Although current DFG JIT code doesn't have this problematic pattern, + it's better to cut-off the root to avoid any potential issues in the + future. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::GPRTemporary::GPRTemporary): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::GPRTemporary::gpr): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com> + + Remove unused code for non-speculative Arith operations from DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=74905 + + Reviewed by Filip Pizlo. + + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + * dfg/DFGSpeculativeJIT64.cpp: + +2011-12-19 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=74903 + Exceptions not thrown correctly from DFG JIT on 32bit + + Reviewed by Oliver Hunt. + + Arguments for lookupExceptionHandler are not setup correctly. + In the case of ARMv7 we rely on lr being preserved over a call, + this in invalid. On x86 we don't should be poking the arguments onto the stack! + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::bytecodeOffsetForCallAtIndex): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): + * dfg/DFGGPRInfo.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileBody): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addExceptionCheck): + (JSC::DFG::JITCompiler::addFastExceptionCheck): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + +2011-12-19 Filip Pizlo <fpizlo@apple.com> + + If we detect that we can use the JIT, don't use computed opcode lookups + https://bugs.webkit.org/show_bug.cgi?id=74899 + <rdar://problem/10604551> + + Reviewed by Gavin Barraclough. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::Interpreter): + (JSC::Interpreter::initialize): + (JSC::Interpreter::privateExecute): + * interpreter/Interpreter.h: + (JSC::Interpreter::getOpcode): + (JSC::Interpreter::getOpcodeID): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + +2011-12-19 Geoffrey Garen <ggaren@apple.com> + + Try to fix the Qt build. + + Unreviewed. + + * wtf/ThreadSpecific.h: #include! + +2011-12-18 Filip Pizlo <fpizlo@apple.com> + + It should be possible to change the value of an Options variable without recompiling the world + https://bugs.webkit.org/show_bug.cgi?id=74807 + + Reviewed by Gavin Barraclough. + + * runtime/Options.cpp: + (JSC::Options::initializeOptions): + * runtime/Options.h: + +2011-12-19 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r103250. + http://trac.webkit.org/changeset/103250 + https://bugs.webkit.org/show_bug.cgi?id=74877 + + it still breaks codegen (Requested by olliej on #webkit). + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::byValIsPure): + (JSC::DFG::Propagator::clobbersWorld): + (JSC::DFG::Propagator::getByValLoadElimination): + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::getPropertyStorageLoadElimination): + (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-16 Oliver Hunt <oliver@apple.com> + + Rolling r103120 back in with merge errors corrected. + + PutByVal[Alias] unnecessarily reloads the storage buffer + https://bugs.webkit.org/show_bug.cgi?id=74747 + + Reviewed by Gavin Barraclough. + + Make PutByVal use GetIndexedStorage to load the storage buffer. + This required switching PutByVal to a vararg node (which is + responsible for most of the noise in this patch). This fixes the + remaining portion of the kraken regression caused by the GetByVal + storage load elimination, and a 1-5% win on some of the sub tests of + the typed array benchmark at: + http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::byValIndexIsPure): + (JSC::DFG::Propagator::clobbersWorld): + (JSC::DFG::Propagator::getByValLoadElimination): + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::getPropertyStorageLoadElimination): + (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-15 Geoffrey Garen <ggaren@apple.com> + + Placement new does an unnecessary NULL check + https://bugs.webkit.org/show_bug.cgi?id=74676 + + Reviewed by Sam Weinig. + + We can define our own version, which skips the NULL check. + + Not a measurable speedup, but code inspection shows better code generated, + and I believe this is a step toward turning off -fomit-frame-pointer. + + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::create): + * API/JSCallbackFunction.h: + (JSC::JSCallbackFunction::create): Use the NotNull version of placement + new to skip the NULL check. + + * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new. + + (JSC::JSCallbackObject::create): + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::create): + * heap/HandleHeap.cpp: + (JSC::HandleHeap::grow): + * heap/HandleHeap.h: + (JSC::HandleHeap::allocate): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::create): + (JSC::MarkedBlock::recycle): + * jit/JITCode.h: + (JSC::JITCode::clear): + * jsc.cpp: + (GlobalObject::create): + * profiler/CallIdentifier.h: + * runtime/Arguments.h: + (JSC::Arguments::create): + * runtime/ArrayConstructor.h: + (JSC::ArrayConstructor::create): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::create): + * runtime/BooleanConstructor.h: + (JSC::BooleanConstructor::create): + * runtime/BooleanObject.h: + (JSC::BooleanObject::create): + * runtime/BooleanPrototype.h: + (JSC::BooleanPrototype::create): + * runtime/DateConstructor.h: + (JSC::DateConstructor::create): + * runtime/DateInstance.h: + (JSC::DateInstance::create): + * runtime/DatePrototype.h: + (JSC::DatePrototype::create): + * runtime/Error.h: + (JSC::StrictModeTypeErrorFunction::create): + * runtime/ErrorConstructor.h: + (JSC::ErrorConstructor::create): + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::create): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::create): + * runtime/ExceptionHelpers.h: + (JSC::InterruptedExecutionError::create): + (JSC::TerminatedExecutionError::create): + * runtime/Executable.h: + (JSC::NativeExecutable::create): + (JSC::EvalExecutable::create): + (JSC::ProgramExecutable::create): + (JSC::FunctionExecutable::create): + * runtime/FunctionConstructor.h: + (JSC::FunctionConstructor::create): + * runtime/FunctionPrototype.h: + (JSC::FunctionPrototype::create): + * runtime/GetterSetter.h: + (JSC::GetterSetter::create): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::create): + * runtime/JSActivation.h: + (JSC::JSActivation::create): + * runtime/JSArray.h: + (JSC::JSArray::create): + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::create): + * runtime/JSByteArray.h: + (JSC::JSByteArray::create): Use the NotNull version of placement + new to skip the NULL check. + + * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new. + + * runtime/JSFunction.cpp: + (JSC::JSFunction::create): + * runtime/JSFunction.h: + (JSC::JSFunction::create): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::create): + * runtime/JSGlobalThis.h: + (JSC::JSGlobalThis::create): + * runtime/JSNotAnObject.h: + (JSC::JSNotAnObject::create): + * runtime/JSONObject.h: + (JSC::JSONObject::create): + * runtime/JSObject.h: + (JSC::JSFinalObject::create): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::create): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::create): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::create): + * runtime/JSString.cpp: + (JSC::StringObject::create): + * runtime/JSString.h: + (JSC::RopeBuilder::createNull): + (JSC::RopeBuilder::create): + (JSC::RopeBuilder::createHasOtherOwner): + * runtime/MathObject.h: + (JSC::MathObject::create): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::create): + * runtime/NativeErrorPrototype.h: + (JSC::NativeErrorPrototype::create): + * runtime/NumberConstructor.h: + (JSC::NumberConstructor::create): + * runtime/NumberObject.h: + (JSC::NumberObject::create): + * runtime/NumberPrototype.h: + (JSC::NumberPrototype::create): + * runtime/ObjectConstructor.h: + (JSC::ObjectConstructor::create): + * runtime/ObjectPrototype.h: + (JSC::ObjectPrototype::create): + * runtime/RegExp.cpp: + (JSC::RegExp::createWithoutCaching): + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::create): + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::create): + * runtime/RegExpObject.h: + (JSC::RegExpObject::create): + * runtime/RegExpPrototype.h: + (JSC::RegExpPrototype::create): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::create): + * runtime/StrictEvalActivation.h: + (JSC::StrictEvalActivation::create): + * runtime/StringConstructor.h: + (JSC::StringConstructor::create): + * runtime/StringObject.h: + (JSC::StringObject::create): + * runtime/StringPrototype.h: + (JSC::StringPrototype::create): + * runtime/Structure.h: + (JSC::Structure::create): + (JSC::Structure::createStructure): + * runtime/StructureChain.h: + (JSC::StructureChain::create): + * testRegExp.cpp: + (GlobalObject::create): + * wtf/BitVector.cpp: + (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement + new to skip the NULL check. + + * wtf/BumpPointerAllocator.h: + (WTF::BumpPointerPool::create): Standardized spacing to make grep easier. + + * wtf/ByteArray.cpp: + (WTF::ByteArray::create): + * wtf/Deque.h: + (WTF::::append): + (WTF::::prepend): Use NotNull, as above. + + * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise + hide the name of the global placement new. + + (WTF::fastNew): Standardized spacing. Most of these functions don't need + NotNull, since they check for NULL, and the optimizer can see that. + + * wtf/HashTable.h: + * wtf/HashTraits.h: + (WTF::SimpleClassHashTraits::constructDeletedValue): + * wtf/MetaAllocator.cpp: + (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above. + + * wtf/StdLibExtras.h: + (throw): This is our NotNull placement new. Declaring that we throw is + the C++ way to say that operator new will not return NULL. + + * wtf/ThreadSpecific.h: + (WTF::T): + * wtf/Vector.h: + (WTF::::append): + (WTF::::tryAppend): + (WTF::::uncheckedAppend): + (WTF::::insert): + * wtf/text/AtomicStringHash.h: + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::createUninitialized): + (WTF::StringImpl::reallocate): + * wtf/text/StringImpl.h: + (WTF::StringImpl::tryCreateUninitialized): + * wtf/text/StringStatics.cpp: + (WTF::AtomicString::init): Use NotNull, as above. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::allocDisjunctionContext): + (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext): + (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized + spacing for easy grep. + +2011-12-19 Eric Carlson <eric.carlson@apple.com> + + Enable <track> for Mac build + https://bugs.webkit.org/show_bug.cgi?id=74838 + + Reviewed by Darin Adler. + + * wtf/Platform.h: + +2011-12-18 Filip Pizlo <fpizlo@apple.com> + + DFG is too sloppy with register allocation + https://bugs.webkit.org/show_bug.cgi?id=74835 + + Reviewed by Gavin Barraclough. + + Added assertions that at the end of a successfully generated basic block, + all use counts should be zero. This revealed a number of bugs: + + - Array length optimizations were turning a must-generate node into one + that is not must-generate, but failing to change the ref count + accordingly. + + - Indexed property storage optimizations were failing to deref their + children, or to deref the indexed property storage node itself. Also, + they used the Phantom node as a replacement. But the Phantom node is + must-generate, which was causing bizarre issues. So this introduces a + Nop node, which should be used in cases where you want a node that is + skipped and has no children. + + This does not have any significant performance effect, but it should + relieve some register pressure. The main thing this patch adds, though, + are the assertions, which should make it easier to do register allocation + related changes in the future. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::initConstant): + (JSC::DFG::GenerationInfo::initInteger): + (JSC::DFG::GenerationInfo::initJSValue): + (JSC::DFG::GenerationInfo::initCell): + (JSC::DFG::GenerationInfo::initBoolean): + (JSC::DFG::GenerationInfo::initDouble): + (JSC::DFG::GenerationInfo::initStorage): + (JSC::DFG::GenerationInfo::use): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::clearAndDerefChild1): + (JSC::DFG::Graph::clearAndDerefChild2): + (JSC::DFG::Graph::clearAndDerefChild3): + * dfg/DFGNode.h: + (JSC::DFG::Node::deref): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-18 Benjamin Poulain <bpoulain@apple.com> + + Remove the duplicated code from ASCIICType.h + https://bugs.webkit.org/show_bug.cgi?id=74771 + + Reviewed by Andreas Kling. + + Use isASCIIDigit() and isASCIIAlpha() instead of copying the code. + + * wtf/ASCIICType.h: + (WTF::isASCIIDigit): + (WTF::isASCIIAlphanumeric): + (WTF::isASCIIHexDigit): + +2011-12-18 Anders Carlsson <andersca@apple.com> + + Set the main frame view scroll position asynchronously + https://bugs.webkit.org/show_bug.cgi?id=74823 + + Reviewed by Sam Weinig. + + * JavaScriptCore.exp: + +2011-12-10 Andreas Kling <kling@webkit.org> + + OpaqueJSClass: Remove RVCT2 workarounds. + <http://webkit.org/b/74250> + + Reviewed by Benjamin Poulain. + + We no longer need workarounds for the RVCT2 compiler since it was + only used for the Symbian port of WebKit which is now defunct. + + * API/JSClassRef.cpp: + (OpaqueJSClass::OpaqueJSClass): + (OpaqueJSClassContextData::OpaqueJSClassContextData): + +2011-12-16 Benjamin Poulain <bpoulain@apple.com> + + Remove the duplicated code from ASCIICType.h + https://bugs.webkit.org/show_bug.cgi?id=74771 + + Reviewed by Andreas Kling. + + The functions were sharing similar code and were defined for the various input types. + Use templates instead to avoid code duplication. + + * wtf/ASCIICType.h: + (WTF::isASCII): + (WTF::isASCIIAlpha): + (WTF::isASCIIAlphanumeric): + (WTF::isASCIIDigit): + (WTF::isASCIIHexDigit): + (WTF::isASCIILower): + (WTF::isASCIIOctalDigit): + (WTF::isASCIIPrintable): + (WTF::isASCIISpace): + (WTF::isASCIIUpper): + (WTF::toASCIILower): + (WTF::toASCIIUpper): + (WTF::toASCIIHexValue): + (WTF::lowerNibbleToASCIIHexDigit): + (WTF::upperNibbleToASCIIHexDigit): + +2011-12-16 Filip Pizlo <fpizlo@apple.com> + + DFG OSR exit may get confused about where in the scratch buffer it stored a value + https://bugs.webkit.org/show_bug.cgi?id=74695 + + Reviewed by Oliver Hunt. + + The code that reads from the scratch buffer now explicitly knows which locations to + read from. No new tests, since this patch covers a case so uncommon that I don't know + how to make a test for it. + + * dfg/DFGOSRExitCompiler.h: + (JSC::DFG::OSRExitCompiler::badIndex): + (JSC::DFG::OSRExitCompiler::initializePoisoned): + (JSC::DFG::OSRExitCompiler::poisonIndex): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + +2011-12-16 Oliver Hunt <oliver@apple.com> + + PutByVal[Alias] unnecessarily reloads the storage buffer + https://bugs.webkit.org/show_bug.cgi?id=74747 + + Reviewed by Gavin Barraclough. + + Make PutByVal use GetIndexedStorage to load the storage buffer. + This required switching PutByVal to a vararg node (which is + responsible for most of the noise in this patch). This fixes the + remaining portion of the kraken regression caused by the GetByVal + storage load elimination, and a 1-5% win on some of the sub tests of + the typed array benchmark at: + http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::byValIndexIsPure): + (JSC::DFG::Propagator::clobbersWorld): + (JSC::DFG::Propagator::getByValLoadElimination): + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::getPropertyStorageLoadElimination): + (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-16 Daniel Bates <dbates@rim.com> + + Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h + + Rubber-stamped by Antonio Gomes. + + BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't + declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h + instead of BlackBerryPlatformMisc.h. + + * wtf/Assertions.cpp: + +2011-12-16 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize destructors + https://bugs.webkit.org/show_bug.cgi?id=74331 + + Reviewed by Geoffrey Garen. + + This is a megapatch which frees us from the chains of virtual destructors. + + In order to remove the virtual destructors, which are the last of the virtual + functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to + the cell rather than to the structure because in order to be able to lazily call + the static destroy() functions that will replace the virtual destructors, we + need to be able to access the ClassInfo without the danger of the object's + Structure being collected before the object itself. + + After adding the ClassInfo to the cell, we can then begin to remove our use + of vptrs for optimizations within the JIT and the GC. When we have removed + all of the stored vptrs from JSGlobalData, we can then also remove all of + the related VPtrStealingHack code. + + The replacement for virtual destructors will be to add a static destroy function + pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has + a non-trivial destructor will require its own static destroy function to static + call its corresponding destructor, which will now be non-virtual. In future + patches we will slowly move away from destructors altogether as we make more and + more objects backed by GC memory rather than malloc-ed memory. The GC will now + call the static destroy method rather than the virtual destructor. + + As we go through the hierarchy and add static destroy functions to classes, + we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes + to which it applies. The future goal is to eventually have every class have that assert. + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call + ~JSCallbackConstructor because it has some extra destruction logic. + * API/JSCallbackConstructor.h: + * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction. + * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject + because it has a member OwnPtr that needs destruction. + (JSC::::destroy): + * API/JSCallbackObject.h: + * JavaScriptCore.exp: Add/remove necessary symbols for JSC. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols. + * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't + have its own ClassInfo despite the fact that it overrides a number of MethodTable + methods. Added the ClassInfo, along with an assertion that its destructor is trivial. + * debugger/DebuggerActivation.h: + * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray, + isJSString, as it is no longer necessary. + (JSC::DFG::putByVal): + * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the + JSArray ClassInfo pointer. + (JSC::DFG::tryCacheGetByID): + * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo + comparisons since we don't have vptrs anymore. + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileStrictEq): + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + * dfg/DFGSpeculativeJIT.h: Ditto. + (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): + * dfg/DFGSpeculativeJIT32_64.cpp: Ditto. + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: Ditto. + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with + ClassInfo comparisons. + (JSC::Heap::Heap): + * heap/MarkStack.cpp: Ditto. + (JSC::MarkStackThreadSharedData::markingThreadMain): + (JSC::visitChildren): + (JSC::SlotVisitor::drain): + * heap/MarkStack.h: Ditto. + (JSC::MarkStack::MarkStack): + * heap/MarkedBlock.cpp: Ditto. + (JSC::MarkedBlock::callDestructor): + (JSC::MarkedBlock::specializedSweep): + * heap/MarkedBlock.h: Ditto. + * heap/SlotVisitor.h: Ditto. + (JSC::SlotVisitor::SlotVisitor): + * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them. + We'll have to rename this class and make it use ClassInfo ptrs in a future patch. + (JSC::VTableSpectrum::count): + * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray, + etc. functions. + (JSC::loadVarargs): + (JSC::Interpreter::tryCacheGetByID): + (JSC::Interpreter::privateExecute): + * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject + * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting, + remove all vtable related code. + (JSC::JIT::emitLoadCharacterString): + (JSC::JIT::emitAllocateBasicJSObject): + (JSC::JIT::emitAllocateJSFinalObject): + (JSC::JIT::emitAllocateJSFunction): + * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo. + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::emit_op_to_primitive): + (JSC::JIT::emit_op_convert_this): + * jit/JITOpcodes32_64.cpp: Ditto. + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::emit_op_to_primitive): + (JSC::JIT::emitSlow_op_eq): + (JSC::JIT::emitSlow_op_neq): + (JSC::JIT::compileOpStrictEq): + (JSC::JIT::emit_op_convert_this): + * jit/JITPropertyAccess.cpp: Ditto. + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::emit_op_get_by_val): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::emit_op_put_by_val): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + * jit/JITPropertyAccess32_64.cpp: Ditto. + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::emit_op_get_by_val): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::emit_op_put_by_val): + (JSC::JIT::privateCompilePatchGetArrayLength): + * jit/JITStubs.cpp: Remove global data argument from isJSString, etc. + (JSC::JITThunks::tryCacheGetByID): + (JSC::DEFINE_STUB_FUNCTION): + * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff. + (JSC::SpecializedThunkJIT::loadJSStringArgument): + * runtime/ArrayConstructor.cpp: Add trivial destructor assert. + * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray. + (JSC::arrayProtoFuncToString): + (JSC::arrayProtoFuncJoin): + (JSC::arrayProtoFuncPop): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + * runtime/BooleanConstructor.cpp: Add trivial destructor assert. + * runtime/BooleanObject.cpp: Ditto. + * runtime/BooleanPrototype.cpp: Ditto. + * runtime/ClassInfo.h: Add destroy function pointer to MethodTable. + * runtime/DateConstructor.cpp: Add trivial destructor assert. + * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr + that needs destruction. + (JSC::DateInstance::destroy): + * runtime/DateInstance.h: + * runtime/Error.cpp: Ditto (because of UString member). + (JSC::StrictModeTypeErrorFunction::destroy): + * runtime/Error.h: + * runtime/ErrorConstructor.cpp: Add trivial destructor assert. + * runtime/ErrorInstance.cpp: Ditto. + * runtime/ExceptionHelpers.cpp: Ditto. + * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses. + (JSC::ExecutableBase::destroy): + (JSC::NativeExecutable::destroy): + (JSC::ScriptExecutable::destroy): + (JSC::EvalExecutable::destroy): + (JSC::ProgramExecutable::destroy): + (JSC::FunctionExecutable::destroy): + * runtime/Executable.h: + * runtime/FunctionConstructor.cpp: Add trivial destructor assert. + * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray. + (JSC::functionProtoFuncApply): + * runtime/GetterSetter.cpp: Ditto. + * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no + longer exists. + (JSC::initializeThreadingOnce): + * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert, + remove first arg from isJSString. + (JSC::InternalFunction::displayName): + * runtime/InternalFunction.h: Remove VPtrStealingHack. + * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert. + * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in + destructor with ClassInfo checks. + (JSC::JSArray::~JSArray): + (JSC::JSArray::destroy): + * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray + and change them to check the ClassInfo rather than the vptrs. + (JSC::isJSArray): + * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray. + (JSC::boundFunctionCall): + (JSC::boundFunctionConstruct): + * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks. + (JSC::JSByteArray::~JSByteArray): + (JSC::JSByteArray::destroy): + * runtime/JSByteArray.h: Remove VPtrStealingHack code. + (JSC::isJSByteArray): + * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function. + (JSC::JSCell::destroy): + * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset + of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to + the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions, + as they are no longer used. Add a validatedClassInfo function to JSCell for any clients + that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the + same one as that contained in the Structure. This isn't used too often, because most of + the places where we compare the ClassInfo to things can be called during destruction. + Since the Structure is unreliable during the phase when destructors are being called, + we can't call validatedClassInfo. + (JSC::JSCell::classInfoOffset): + (JSC::JSCell::structure): + (JSC::JSCell::classInfo): + * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor, + remove first arg from call to isJSString. + (JSC::JSFunction::destroy): + (JSC::JSFunction::displayName): + * runtime/JSFunction.h: + * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs, + as these vptrs are no longer needed in the codebase. + * runtime/JSGlobalData.h: + (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use + ClassInfo rather than the vptr. + * runtime/JSGlobalObject.cpp: Add static destroy function. + (JSC::JSGlobalObject::destroy): + * runtime/JSGlobalObject.h: + * runtime/JSGlobalThis.cpp: Add trivial destructor assert. + * runtime/JSNotAnObject.cpp: Ditto. + * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls. + (JSC::Stringifier::Holder::appendNextProperty): + (JSC::Walker::walk): + * runtime/JSObject.cpp: + (JSC::JSFinalObject::destroy): + (JSC::JSNonFinalObject::destroy): + (JSC::JSObject::destroy): + * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor + from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and + JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code. + (JSC::JSObject::finishCreation): + (JSC::JSNonFinalObject::finishCreation): + (JSC::JSFinalObject::finishCreation): + (JSC::isJSFinalObject): + * runtime/JSPropertyNameIterator.cpp: Add static destroy. + (JSC::JSPropertyNameIterator::destroy): + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.cpp: Ditto. + (JSC::JSStaticScopeObject::destroy): + * runtime/JSStaticScopeObject.h: Ditto. + * runtime/JSString.cpp: + (JSC::JSString::destroy): + * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code, + since we no longer need to fixup vptrs. + (JSC::jsSingleCharacterString): + (JSC::jsSingleCharacterSubstring): + (JSC::jsNontrivialString): + (JSC::jsString): + (JSC::jsSubstring8): + (JSC::jsSubstring): + (JSC::jsOwnedString): + (JSC::jsStringBuilder): + (JSC::isJSString): + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::destroy): + * runtime/JSVariableObject.h: Ditto. + * runtime/JSWrapperObject.cpp: + * runtime/JSWrapperObject.h: Add trivial destructor assert. + * runtime/MathObject.cpp: Ditto. + * runtime/NativeErrorConstructor.cpp: Ditto. + * runtime/NumberConstructor.cpp: Ditto. + * runtime/NumberObject.cpp: Ditto. + * runtime/NumberPrototype.cpp: Ditto. + * runtime/ObjectConstructor.cpp: Ditto. + * runtime/ObjectPrototype.cpp: Ditto. + * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString. + (JSC::jsString): + (JSC::jsLess): + (JSC::jsLessEq): + * runtime/RegExp.cpp: Add static destroy. + (JSC::RegExp::destroy): + * runtime/RegExp.h: + * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray. + (JSC::RegExpConstructor::destroy): + (JSC::RegExpMatchesArray::destroy): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + * runtime/RegExpObject.cpp: Add static destroy. + (JSC::RegExpObject::destroy): + * runtime/RegExpObject.h: + * runtime/ScopeChain.cpp: Add trivial destructor assert. + * runtime/ScopeChain.h: + * runtime/StrictEvalActivation.cpp: Ditto. + * runtime/StringConstructor.cpp: + * runtime/StringObject.cpp: Ditto. Remove vtableAnchor. + * runtime/StringObject.h: + * runtime/StringPrototype.cpp: Ditto. + * runtime/Structure.cpp: Add static destroy. + (JSC::Structure::destroy): + * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h + because they need to have the full Structure type to access the ClassInfo to store in the JSCell. + (JSC::JSCell::setStructure): + (JSC::JSCell::validatedClassInfo): + (JSC::JSCell::JSCell): + (JSC::JSCell::finishCreation): + * runtime/StructureChain.cpp: Add static destroy. + (JSC::StructureChain::destroy): + * runtime/StructureChain.h: + * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs + ability to tell us when a class has a trivial destructor. We will use this assert + more in future patches as we move toward having all JSC objects backed by GC memory, + which means moving away from using destructors/finalizers. + +2011-12-15 Martin Robinson <mrobinson@igalia.com> + + Fix 'make dist' in preparation for the GTK+ release. + + * GNUmakefile.list.am: Add missing header. + +2011-12-15 Sam Weinig <sam@webkit.org> + + <rdar://problem/10552550> JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly + + Reviewed by Gavin Barraclough. + + Original patch by Jim Grosbach. + + * jit/JITStubs.cpp: + (JSC::ctiTrampoline): + (JSC::ctiVMThrowTrampoline): + Replace uses of the 'cpy' mnemonic with 'mov'. + +2011-12-15 Filip Pizlo <fpizlo@apple.com> + + Value profiling should distinguished between NaN and non-NaN doubles + https://bugs.webkit.org/show_bug.cgi?id=74682 + + Reviewed by Gavin Barraclough. + + Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union + of the two. + + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + (JSC::predictionFromValue): + * bytecode/PredictedType.h: + (JSC::isDoubleRealPrediction): + (JSC::isDoublePrediction): + +2011-12-15 Anders Carlsson <andersca@apple.com> + + Regression (r102866): Navigating away from or closing a page with a plugin crashes + https://bugs.webkit.org/show_bug.cgi?id=74655 + <rdar://problem/10590024> + + Reviewed by Sam Weinig. + + Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes, + using a modified version of the technique described here: + http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699 + + * wtf/Functional.h: + +2011-12-15 Andy Wingo <wingo@igalia.com> + + Warnings fixes in Interpreter.cpp and PrivateExecute.cpp + https://bugs.webkit.org/show_bug.cgi?id=74624 + + Reviewed by Darin Adler. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): Fix variables unused in + release mode. + * wtf/ParallelJobsGeneric.cpp: + (WTF::ParallelEnvironment::ParallelEnvironment): Fix + signed/unsigned comparison warning, with a cast. + +2011-12-15 Andy Wingo <wingo@igalia.com> + + Use more macrology in JSC::Options + https://bugs.webkit.org/show_bug.cgi?id=72938 + + Reviewed by Filip Pizlo. + + * runtime/Options.cpp: + (JSC::Options::initializeOptions): + * runtime/Options.h: Use macros to ensure that all heuristics are + declared and have initializers. + +2011-12-15 Anders Carlsson <andersca@apple.com> + + Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define + https://bugs.webkit.org/show_bug.cgi?id=74639 + + Reviewed by Andreas Kling. + + Add ENABLE_THREADED_SCROLLING #define. + + * wtf/Platform.h: + +2011-12-15 Anders Carlsson <andersca@apple.com> + + EventDispatcher should handle wheel events on the connection queue + https://bugs.webkit.org/show_bug.cgi?id=74627 + + Reviewed by Andreas Kling. + + Add a BoundFunctionImpl specialization that takes three parameters. + + * wtf/Functional.h: + (WTF::C::): + (WTF::R): + (WTF::bind): + +2011-12-14 Anders Carlsson <andersca@apple.com> + + Add WTF::Function to wtf/Forward.h + https://bugs.webkit.org/show_bug.cgi?id=74576 + + Reviewed by Adam Roben. + + * jsc.cpp: + Work around a name conflict in the readline library. + + * wtf/Forward.h: + Add Function. + +2011-12-15 Igor Oliveira <igor.oliveira@openbossa.org> + + [Qt] Support requestAnimationFrame API + https://bugs.webkit.org/show_bug.cgi?id=74528 + + Let Qt port use REQUEST_ANIMATION_FRAME_TIMER. + + Reviewed by Kenneth Rohde Christiansen. + + * wtf/Platform.h: + +2011-12-15 Andy Wingo <wingo@igalia.com> + + Minor refactor to Parser::parseTryStatement + https://bugs.webkit.org/show_bug.cgi?id=74507 + + Reviewed by Geoffrey Garen. + + * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the + Parser's declareVariable instead of going directly to the scope. + This will facilitate future checks related to harmony block + scoping. + +2011-12-15 Andy Wingo <wingo@igalia.com> + + Rename JSC::Heuristics to JSC::Options + https://bugs.webkit.org/show_bug.cgi?id=72889 + + Reviewed by Filip Pizlo. + + * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp. + * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::shouldOptimizeNow): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::likelyToTakeSlowCase): + (JSC::CodeBlock::couldTakeSlowCase): + (JSC::CodeBlock::likelyToTakeSpecialFastCase): + (JSC::CodeBlock::likelyToTakeDeepestSlowCase): + (JSC::CodeBlock::likelyToTakeAnySlowCase): + (JSC::CodeBlock::reoptimizationRetryCounter): + (JSC::CodeBlock::countReoptimization): + (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): + (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): + (JSC::CodeBlock::optimizeNextInvocation): + (JSC::CodeBlock::dontOptimizeAnytimeSoon): + (JSC::CodeBlock::optimizeSoon): + (JSC::CodeBlock::largeFailCountThreshold): + (JSC::CodeBlock::largeFailCountThresholdForLoop): + (JSC::CodeBlock::shouldReoptimizeNow): + (JSC::CodeBlock::shouldReoptimizeFromLoopNow): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleInlining): + * dfg/DFGCapabilities.h: + (JSC::DFG::mightCompileEval): + (JSC::DFG::mightCompileProgram): + (JSC::DFG::mightCompileFunctionForCall): + (JSC::DFG::mightCompileFunctionForConstruct): + (JSC::DFG::mightInlineFunctionForCall): + (JSC::DFG::mightInlineFunctionForConstruct): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGVariableAccessData.h: + (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): + * heap/MarkStack.cpp: + (JSC::MarkStackSegmentAllocator::allocate): + (JSC::MarkStackSegmentAllocator::shrinkReserve): + (JSC::MarkStackArray::MarkStackArray): + (JSC::MarkStackArray::donateSomeCellsTo): + (JSC::MarkStackArray::stealSomeCellsFrom): + (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): + (JSC::SlotVisitor::donateSlow): + (JSC::SlotVisitor::drain): + (JSC::SlotVisitor::drainFromShared): + * heap/MarkStack.h: + (JSC::MarkStack::mergeOpaqueRootsIfProfitable): + (JSC::MarkStack::addOpaqueRoot): + (JSC::MarkStackArray::canDonateSomeCells): + * heap/SlotVisitor.h: + (JSC::SlotVisitor::donate): + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): Adapt callers and build systems. + + * testRegExp.cpp: + (CommandLine::CommandLine): + * jsc.cpp: + (CommandLine::CommandLine): + Rename from Options, to avoid name conflict. + +2011-12-14 Sam Weinig <sam@webkit.org> + + Revert unintentional change to JavaScriptCore.def + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-12-14 Sam Weinig <weinig@apple.com> + + Remove whitespace from InheritedPropertySheets attributes in + vsprops files to appease the Visual Studio project migrator. + + Reviewed by Adam Roben. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: + * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: + * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: + * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: + * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: + * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: + * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: + * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: + * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: + * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: + * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: + * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: + * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: + * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: + * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: + * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: + * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: + * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: + * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: + * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: + * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: + * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: + * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: + * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: + * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: + * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: + * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: + * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: + +2011-12-14 Anders Carlsson <andersca@apple.com> + + binding a member function should ref/deref the object pointer if needed + https://bugs.webkit.org/show_bug.cgi?id=74552 + + Reviewed by Sam Weinig. + + Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref + member functions which the right type. Use this to determine if we should ref/deref the first parameter. + + * wtf/Functional.h: + (WTF::R): + (WTF::C::): + (WTF::RefAndDeref::ref): + (WTF::RefAndDeref::deref): + +2011-12-14 Hajime Morrita <morrita@chromium.org> + + JS_INLINE and WTF_INLINE should be visible from WebCore + https://bugs.webkit.org/show_bug.cgi?id=73191 + + - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. + - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. + - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. + + Reviewed by Kevin Ollivier. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * config.h: + * runtime/JSExportMacros.h: Added. + * wtf/ExportMacros.h: + * wtf/Platform.h: + * wtf/WTFThreadData.h: + * wtf/text/AtomicString.h: + * wtf/text/StringStatics.cpp: + +2011-12-14 Anders Carlsson <andersca@apple.com> + + Work around a bug in the MSVC2005 compiler + https://bugs.webkit.org/show_bug.cgi?id=74550 + + Reviewed by Sam Weinig. + + Add template parameters for the return types of the partial specializations of BoundFunctionImpl. + + * wtf/Functional.h: + (WTF::R): + +2011-12-13 Jon Lee <jonlee@apple.com> + + Enable notifications on Mac. + + Reviewed by Sam Weinig. + + * Configurations/FeatureDefines.xcconfig: + +2011-12-14 David Kilzer <ddkilzer@apple.com> + + Remove definition of old ENABLE(YARR) macro + <http://webkit.org/b/74532> + + Reviewed by Darin Adler. + + * wtf/Platform.h: Removed ENABLE_YARR macros. + +2011-12-14 Anders Carlsson <andersca@apple.com> + + bind should handle member functions + https://bugs.webkit.org/show_bug.cgi?id=74529 + + Reviewed by Sam Weinig. + + Add FunctionWrapper partial specializations for member function pointers. + + * wtf/Functional.h: + (WTF::C::): + +2011-12-14 Gavin Barraclough <barraclough@apple.com> + + DFG relies on returning a struct in registers + https://bugs.webkit.org/show_bug.cgi?id=74527 + + Reviewed by Geoff Garen. + + This will not work on all platforms. Returning a uint64_t will more reliably achieve + what we want, on 32-bit platforms (on 64-bit, stick with the struct return). + + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + (JSC::DFG::DFGHandler::dfgHandlerEncoded): + +2011-12-14 Anders Carlsson <andersca@apple.com> + + Add unary and binary bind overloads + https://bugs.webkit.org/show_bug.cgi?id=74524 + + Reviewed by Sam Weinig. + + * wtf/Functional.h: + (WTF::R): + (WTF::FunctionWrapper::ResultType): + (WTF::bind): + +2011-12-14 Anders Carlsson <andersca@apple.com> + + Add back the callOnMainThread overload that takes a WTF::Function + https://bugs.webkit.org/show_bug.cgi?id=74512 + + Reviewed by Darin Adler. + + Add back the overload; the changes to WebCore should hopefully keep Windows building. + + * wtf/MainThread.cpp: + (WTF::callFunctionObject): + (WTF::callOnMainThread): + * wtf/MainThread.h: + +2011-12-13 Filip Pizlo <fpizlo@apple.com> + + DFG should infer when local variables are doubles + https://bugs.webkit.org/show_bug.cgi?id=74480 + + Reviewed by Oliver Hunt. + + Introduced the notion that a local variable (though not an argument, yet!) can + be stored as a double, and will be guaranteed to always contain a double. This + requires more magic in the OSR (conversion in both entry and exit). The inference + is quite unorthodox: all uses of a variable vote on whether they think it should + be a double or a JSValue, based on how they use it. If they use it in an integer + or boxed value context, they vote JSValue. If they use it in a double context, + they vote double. This voting is interleaved in the propagator's fixpoint, so + that variables voted double then have a double prediction propagated from them. + This interleaving is needed because a variable that actually always contains an + integer that always gets used in arithmetic that involves doubles may end up + being voted double, which then means that all uses of the variable will see a + double rather than an integer. + + This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7% + to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to + Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial. + It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar + results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall + win on SunSpider. + + * bytecode/ValueRecovery.h: + (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble): + (JSC::ValueRecovery::dump): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::boxDouble): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::noticeOSREntry): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * dfg/DFGOSREntry.h: + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::vote): + (JSC::DFG::Propagator::doRoundOfDoubleVoting): + (JSC::DFG::Propagator::propagatePredictions): + (JSC::DFG::Propagator::fixupNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGVariableAccessData.h: + (JSC::DFG::VariableAccessData::VariableAccessData): + (JSC::DFG::VariableAccessData::clearVotes): + (JSC::DFG::VariableAccessData::vote): + (JSC::DFG::VariableAccessData::doubleVoteRatio): + (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): + (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): + (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): + * runtime/Arguments.cpp: + (JSC::Arguments::tearOff): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: + +2011-12-13 Anders Carlsson <andersca@apple.com> + + Try to fix the Windows build. + + Remove the callOnMainThread overload that takes a WTF::Function since it's not being used. + + * wtf/MainThread.cpp: + * wtf/MainThread.h: + +2011-12-13 Anders Carlsson <andersca@apple.com> + + Add a very bare-bones implementation of bind and Function to WTF + https://bugs.webkit.org/show_bug.cgi?id=74462 + + Reviewed by Sam Weinig. + + In order to make it easier to package up function calls and send them across + threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new + wtf/Functional.h header. + + Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied, + but I'll add more as the need arises. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/Functional.h: Added. + (WTF::R): + (WTF::FunctionImplBase::~FunctionImplBase): + (WTF::FunctionWrapper::ResultType): + (WTF::FunctionBase::isNull): + (WTF::FunctionBase::FunctionBase): + (WTF::FunctionBase::impl): + (WTF::bind): + * wtf/MainThread.cpp: + (WTF::callFunctionObject): + (WTF::callOnMainThread): + * wtf/MainThread.h: + * wtf/wtf.pro: + +2011-12-13 Geoffrey Garen <ggaren@apple.com> + + <rdar://problem/10577239> GC Crash introduced in r102545 + + Reviewed by Gavin Barraclough. + + MarkedArgumentBuffer was still marking items in forwards order, even though + the argument order has been reversed. + + I fixed this bug, and replaced address calculation code with some helper + functions -- mallocBase() and slotFor() -- so it stays fixed everywhere. + + * runtime/ArgList.cpp: + (JSC::MarkedArgumentBuffer::markLists): + (JSC::MarkedArgumentBuffer::slowAppend): + * runtime/ArgList.h: + (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): + (JSC::MarkedArgumentBuffer::at): + (JSC::MarkedArgumentBuffer::append): + (JSC::MarkedArgumentBuffer::last): + (JSC::MarkedArgumentBuffer::slotFor): + (JSC::MarkedArgumentBuffer::mallocBase): + +2011-12-13 Filip Pizlo <fpizlo@apple.com> + + DFG OSR exit for UInt32ToNumber should roll forward, not roll backward + https://bugs.webkit.org/show_bug.cgi?id=74463 + + Reviewed by Gavin Barraclough. + + Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing + how to execute the slow path of UInt32ToNumber. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::lastOSRExit): + * bytecode/CodeOrigin.h: + (JSC::CodeOrigin::operator!=): + * bytecode/ValueRecovery.h: + (JSC::ValueRecovery::uint32InGPR): + (JSC::ValueRecovery::gpr): + (JSC::ValueRecovery::dump): + * dfg/DFGAssemblyHelpers.cpp: + * dfg/DFGAssemblyHelpers.h: + * dfg/DFGOSRExit.h: + (JSC::DFG::OSRExit::valueRecoveryForOperand): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): + (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-13 Oliver Hunt <oliver@apple.com> + + Arguments object doesn't handle mutation of length property correctly + https://bugs.webkit.org/show_bug.cgi?id=74454 + + Reviewed by Gavin Barraclough. + + Correct handling of arguments objects with overridden length property + + * interpreter/Interpreter.cpp: + (JSC::loadVarargs): + * runtime/Arguments.cpp: + (JSC::Arguments::copyToArguments): + (JSC::Arguments::fillArgList): + +2011-12-13 Filip Pizlo <fpizlo@apple.com> + + DFG GetByVal CSE rule should match PutByValAlias + https://bugs.webkit.org/show_bug.cgi?id=74390 + + Reviewed by Geoff Garen. + + Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::getByValLoadElimination): + +2011-12-13 Andy Wingo <wingo@igalia.com> + + Fix interpreter debug build. + https://bugs.webkit.org/show_bug.cgi?id=74439 + + Reviewed by Geoffrey Garen. + + * bytecode/ValueRecovery.h: Include stdio.h on debug builds. + +2011-12-13 Filip Pizlo <fpizlo@apple.com> + + DFG should know exactly why recompilation was triggered + https://bugs.webkit.org/show_bug.cgi?id=74362 + + Reviewed by Oliver Hunt. + + Each OSR exit is now individually counted, as well as counting the total number + of OSR exits that occurred in a code block. If recompilation is triggered, we + check to see if there are OSR exit sites that make up a sufficiently large + portion of the total OSR exits that occurred. For any such OSR exit sites, we + add a description of the site (bytecode index, kind) to a data structure in the + corresponding baseline CodeBlock. Then, when we recompile the code, we immediately + know which speculations would be unwise based on the fact that previous such + speculations proved to be fruitless. + + This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue, + and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less + than 0.5%. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::tallyFrequentExitSites): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addFrequentExitSite): + (JSC::CodeBlock::exitProfile): + (JSC::CodeBlock::reoptimize): + (JSC::CodeBlock::tallyFrequentExitSites): + * bytecode/DFGExitProfile.cpp: Added. + (JSC::DFG::ExitProfile::ExitProfile): + (JSC::DFG::ExitProfile::~ExitProfile): + (JSC::DFG::ExitProfile::add): + (JSC::DFG::QueryableExitProfile::QueryableExitProfile): + (JSC::DFG::QueryableExitProfile::~QueryableExitProfile): + * bytecode/DFGExitProfile.h: Added. + (JSC::DFG::exitKindToString): + (JSC::DFG::exitKindIsCountable): + (JSC::DFG::FrequentExitSite::FrequentExitSite): + (JSC::DFG::FrequentExitSite::operator!): + (JSC::DFG::FrequentExitSite::operator==): + (JSC::DFG::FrequentExitSite::hash): + (JSC::DFG::FrequentExitSite::bytecodeOffset): + (JSC::DFG::FrequentExitSite::kind): + (JSC::DFG::FrequentExitSite::isHashTableDeletedValue): + (JSC::DFG::FrequentExitSiteHash::hash): + (JSC::DFG::FrequentExitSiteHash::equal): + (JSC::DFG::QueryableExitProfile::hasExitSite): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock): + (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::makeDivSafe): + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): + * dfg/DFGOSRExit.h: + (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): + (JSC::DFG::SpeculativeJIT::compileGetByValOnString): + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): + (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): + (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject): + (JSC::DFG::SpeculativeJIT::compileSoftModulo): + (JSC::DFG::SpeculativeJIT::compileArithMul): + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: + +2011-12-13 Michael Saboff <msaboff@apple.com> + + Cleanup of StringImpl::equal in r102631 post commit + https://bugs.webkit.org/show_bug.cgi?id=74421 + + Reviewed by Darin Adler. + + * wtf/text/AtomicString.h: + (WTF::operator==): Removed cast no longer needed. + * wtf/text/StringImpl.h: + (WTF::equal): Changed template to several overloaded methods. + +2011-12-12 Michael Saboff <msaboff@apple.com> + + Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h + https://bugs.webkit.org/show_bug.cgi?id=73622 + + Reviewed by Oliver Hunt. + + Moved equal(charType1 *, charType2, unsigned) template methods + from static StringImpl.cpp to StringImpl.h and then replaced the + processor specific character comparison code in StringHash::equal + with calls to these methods. + + This change is worth 3% on SunSpider string-unpack-code as reported + by the SunSpider command line harness. No other tests appear to + have measurable performance changes. + + * wtf/text/AtomicString.h: + (WTF::operator==): + * wtf/text/StringHash.h: + (WTF::StringHash::equal): + * wtf/text/StringImpl.cpp: + * wtf/text/StringImpl.h: + (WTF::LChar): + (WTF::UChar): + (WTF::equal): + +2011-12-12 Filip Pizlo <fpizlo@apple.com> + + ARMv7 version of DFG soft modulo does register allocation inside of control flow + https://bugs.webkit.org/show_bug.cgi?id=74354 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileSoftModulo): + +2011-12-12 Andy Wingo <wingo@igalia.com> + + Simplify autotools configure.ac + https://bugs.webkit.org/show_bug.cgi?id=74312 + + Reviewed by Martin Robinson. + + * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags. + +2011-12-12 Filip Pizlo <fpizlo@apple.com> + + DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber + https://bugs.webkit.org/show_bug.cgi?id=74329 + + Reviewed by Gavin Barraclough. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::getByValLoadElimination): + +2011-12-09 Alexander Pavlov <apavlov@chromium.org> + + WebKit does not enumerate over CSS properties in HTMLElement.style + https://bugs.webkit.org/show_bug.cgi?id=23946 + + Reviewed by Darin Adler. + + Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, + introduce an std::sort() comparator function. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/text/WTFString.h: + (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. + +2011-12-12 Alexander Pavlov <apavlov@chromium.org> + + Unreviewed, build fix. + + Revert r102570 which broke SnowLeopard builders. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/text/WTFString.h: + +2011-12-09 Alexander Pavlov <apavlov@chromium.org> + + WebKit does not enumerate over CSS properties in HTMLElement.style + https://bugs.webkit.org/show_bug.cgi?id=23946 + + Reviewed by Darin Adler. + + Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, + introduce an std::sort() comparator function. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/text/WTFString.h: + (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. + +2011-12-12 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck issues. + + * GNUmakefile.list.am: + +2011-12-11 Sam Weinig <sam@webkit.org> + + Fix another signed vs. unsigned warning + + * runtime/ArgList.h: + (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): + +2011-12-11 Sam Weinig <sam@webkit.org> + + Fix a signed vs. unsigned warning. + + * runtime/ArgList.cpp: + (JSC::MarkedArgumentBuffer::slowAppend): + Cast inlineCapacity to an int to appease the warning. This is known OK + since inlineCapacity is defined to be 8. + +2011-12-11 Geoffrey Garen <ggaren@apple.com> + + Rolled out *another* debugging change I committed accidentally. + + Unreviewed. + + * Configurations/Base.xcconfig: + +2011-12-11 Geoffrey Garen <ggaren@apple.com> + + Rolled out a debug counter I committed accidentally. + + Unreviewed. + + * jit/JITStubs.cpp: + (JSC::arityCheckFor): + +2011-12-10 Geoffrey Garen <ggaren@apple.com> + + v8 benchmark takes 12-13 million function call slow paths due to extra arguments + https://bugs.webkit.org/show_bug.cgi?id=74244 + + Reviewed by Filip Pizlo. + + .arguments function of order the Reversed + + 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken + and SunSpider. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface + to this function is an argument number. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitConstruct): + (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame + helper functions for computing offsets for arguments, rather than doing + the math by hand. + + Switched to iterating argument offsets backwards (--) instead of forwards (++). + + * bytecompiler/BytecodeGenerator.h: + (JSC::CallArguments::thisRegister): + (JSC::CallArguments::argumentRegister): + (JSC::CallArguments::registerOffset): Updated for arguments being reversed. + + * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::setArgument): + (JSC::DFG::ByteCodeParser::flush): + (JSC::DFG::ByteCodeParser::addCall): + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::handleMinMax): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices + that just-in-time convert to bytecode operands (i.e., indexes in the register + file) through helper functions. This means only one piece of code needs + to know how arguments are laid out in the register file. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): Ditto. + + * dfg/DFGGraph.h: + (JSC::DFG::Graph::valueProfileFor): Ditto. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch: + Treat too many arguments as an arity match. + + * dfg/DFGOSRExit.h: + (JSC::DFG::OSRExit::variableForIndex): + (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above. + + * dfg/DFGOperands.h: + (JSC::DFG::operandToArgument): + (JSC::DFG::argumentToOperand): These are now the only two lines of code in + the DFG compiler that know how arguments are laid out in memory. + + (JSC::DFG::Operands::operand): + (JSC::DFG::Operands::setOperand): Use helper functions, as above. + + * dfg/DFGOperations.cpp: The whole point of this patch: + Treat too many arguments as an arity match. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. + + Also, don't tag the caller frame slot as a cell, because it's not a cell. + + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above. + + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed + argument virtual register instead of recomputing by hand. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callFrameSlot): + (JSC::DFG::SpeculativeJIT::argumentSlot): + (JSC::DFG::SpeculativeJIT::callFrameTagSlot): + (JSC::DFG::SpeculativeJIT::callFramePayloadSlot): + (JSC::DFG::SpeculativeJIT::argumentTagSlot): + (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper + functions for dealing with callee arguments specifically. These still + build on top of our other helper functions, and have no direct knowledge + of how arguments are laid out in the register file. + + (JSC::DFG::SpeculativeJIT::resetCallArguments): + (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to + argumentOffset to match CallFrame naming. + + (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper + functions, as above. + + * interpreter/CallFrame.h: + (JSC::ExecState::argumentOffset): + (JSC::ExecState::argumentOffsetIncludingThis): + (JSC::ExecState::argument): + (JSC::ExecState::setArgument): + (JSC::ExecState::thisArgumentOffset): + (JSC::ExecState::thisValue): + (JSC::ExecState::setThisValue): + (JSC::ExecState::offsetFor): + (JSC::ExecState::hostThisRegister): + (JSC::ExecState::hostThisValue): Added a bunch of helper functions for + computing where an argument is in the register file. Anything in the + runtime that needs to access arguments should use these helpers. + + * interpreter/CallFrameClosure.h: + (JSC::CallFrameClosure::setThis): + (JSC::CallFrameClosure::setArgument): + (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now + that too many arguments counts as an arity match and doesn't require + preserving two copies of our arguments. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something + special if the caller provided too few arguments. + + Key simplification: We never need to maintain two copies of our arguments + anymore. + + (JSC::eval): + (JSC::loadVarargs): Use helper functions. + + (JSC::Interpreter::unwindCallFrame): Updated for new interface. + + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper + functions. + + (JSC::Interpreter::privateExecute): No need to check for stack overflow + when calling host functions because they have zero callee registers. + + (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments + object, since there's no special constructor for this anymore. + + * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some + workers tests were hitting stack overflow in some of my testing. We should + make this test more exact in future. + + * interpreter/RegisterFile.h: Death to all runtime knowledge of argument + location that does not belong to the CallFrame class! + + * jit/JIT.cpp: + (JSC::JIT::privateCompile): I am a broken record and I use helper functions. + + Also, the whole point of this patch: Treat too many arguments as an arity match. + + * jit/JITCall32_64.cpp: + (JSC::JIT::compileLoadVarargs): + * jit/JITCall.cpp: + (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use + helper functions, for backwards-correctness. Removed the condition + pertaining to declared argument count because, now that arguments are + always in just one place, this optimization is valid for all functions. + Standardized the if predicate for each line of the optimization. This might + fix a bug, but I couldn't get the bug to crash in practice. + + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_create_arguments): + (JSC::JIT::emit_op_get_argument_by_val): + (JSC::JIT::emitSlow_op_get_argument_by_val): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_create_arguments): + (JSC::JIT::emit_op_get_argument_by_val): + (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params + optimization because it's no longer an optimization, now that arguments + are always contiguous in a known location. + + Updated argument access opcode math for backwards-correctness. + + * jit/JITStubs.cpp: + (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This + function is slightly different because it copies the call frame in + addition to the arguments. (In the Interpreter, the call frame is not + set up by this point.) + + (JSC::lazyLinkFor): The whole point of this patch: Treat too many + arguments as an arity match. + + (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff(). + + * jit/JITStubs.h: + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::loadDoubleArgument): + (JSC::SpecializedThunkJIT::loadCellArgument): + (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They + build strong bones and teeth! + + * runtime/ArgList.cpp: + (JSC::ArgList::getSlice): + (JSC::MarkedArgumentBuffer::slowAppend): + * runtime/ArgList.h: + (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer): + (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): + (JSC::MarkedArgumentBuffer::at): + (JSC::MarkedArgumentBuffer::clear): + (JSC::MarkedArgumentBuffer::append): + (JSC::MarkedArgumentBuffer::removeLast): + (JSC::MarkedArgumentBuffer::last): + (JSC::ArgList::ArgList): + (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't + play nice with backwards-ness, so I changed to using manual allocation. + + Fixed a FIXME about not all values being marked in the case of out-of-line + arguments. I had to rewrite the loop anyway, and I didn't feel like + maintaining fidelity to its old bugs. + + * runtime/Arguments.cpp: + (JSC::Arguments::visitChildren): + (JSC::Arguments::copyToArguments): + (JSC::Arguments::fillArgList): + (JSC::Arguments::getOwnPropertySlotByIndex): + (JSC::Arguments::getOwnPropertySlot): + (JSC::Arguments::getOwnPropertyDescriptor): + (JSC::Arguments::putByIndex): + (JSC::Arguments::put): + (JSC::Arguments::tearOff): + * runtime/Arguments.h: + (JSC::Arguments::create): + (JSC::Arguments::Arguments): + (JSC::Arguments::argument): + (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted + lots of tricky code designed to maintain two different copies of function + arguments. Now that arguments are always contiguous in one place in memory, + this complexity can go away. + + Reduced down to one create function for the Arguments class, from three. + + Moved tearOff() into an out-of-line function because it's huge. + + Moved logic about whether to tear off eagerly into the Arguments class, + so we didn't have to duplicate it elsewhere. + + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): + (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to + m_numCapturedArgs because if the value really were m_numParametersMinusThis + we would be marking too much. (We shouldn't mark 'this' because it can't + be captured.) Also, use helper functions. + + * runtime/JSActivation.h: + (JSC::JSActivation::tearOff): Use helper functions. + + * runtime/JSArray.cpp: + (JSC::JSArray::copyToArguments): + * runtime/JSArray.h: Use helper functions, as above. + +2011-12-10 Mark Hahnenberg <mhahnenberg@apple.com> + + JSC testapi is crashing on Windows + https://bugs.webkit.org/show_bug.cgi?id=74233 + + Reviewed by Sam Weinig. + + Same error we've encountered before where we are calling the wrong version of + visitChildren and objects that are still reachable aren't getting marked. + This problem will go away soon with the removal of vptrs for these sorts of + optimizations in favor of using the ClassInfo, but for now we can simply give + JSFinalObject a bogus virtual method that Visual Studio can't optimize away to + ensure that JSFinalObject will always have a unique vptr. We don't have to worry + about JSString or JSArray right now, which are the other two special cases for + visitChildren, since they already have their own virtual functions. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSObject.cpp: + (JSC::JSFinalObject::vtableAnchor): + * runtime/JSObject.h: + +2011-12-10 Alexis Menard <alexis.menard@openbossa.org> + + Unused variable in YarrJIT.cpp. + https://bugs.webkit.org/show_bug.cgi?id=74237 + + Reviewed by Andreas Kling. + + Variable is set but not used so we can remove it. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + +2011-12-09 Filip Pizlo <fpizlo@apple.com> + + DFG ArithMul power-of-two case does not check for overflow + https://bugs.webkit.org/show_bug.cgi?id=74230 + + Reviewed by Gavin Barraclough. + + Disabled power-of-2 peephole optimization for multiplication, because it was wrong, + and any attempt to fix it would likely introduce code bloat and register pressure. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileArithMul): + +2011-12-09 David Levin <levin@chromium.org> + + REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock + https://bugs.webkit.org/show_bug.cgi?id=73886 + + Reviewed by Darin Adler. + + * runtime/SymbolTable.h: + (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for + another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads. + Bug 58091 is about changing these deprecated calls to something else but that something + else will still need to be in all of these places. + +2011-12-09 Konrad Piascik <kpiascik@rim.com> + + Remove unnecessary file DissasemblerARM.cpp from build system + https://bugs.webkit.org/show_bug.cgi?id=74184 + + Reviewed by Daniel Bates. + + * PlatformBlackBerry.cmake: + +2011-12-09 Filip Pizlo <fpizlo@apple.com> + + DFG's interpretation of rare case profiles should be frequency-based not count-based + https://bugs.webkit.org/show_bug.cgi?id=74170 + + Reviewed by Geoff Garen. + + DFG optimizes for rare cases only when the rare case counter is above some threshold + and it also constitutes a large enough fraction of total function executions. Also + added some minor debug logic. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::likelyToTakeSlowCase): + (JSC::CodeBlock::couldTakeSlowCase): + (JSC::CodeBlock::likelyToTakeSpecialFastCase): + (JSC::CodeBlock::likelyToTakeDeepestSlowCase): + (JSC::CodeBlock::likelyToTakeAnySlowCase): + (JSC::CodeBlock::executionEntryCount): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::makeDivSafe): + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: + +2011-12-09 Oliver Hunt <oliver@apple.com> + + PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage + https://bugs.webkit.org/show_bug.cgi?id=74223 + + Reviewed by Geoffrey Garen. + + Don't clobber GetIndexedPropertyStorage when we see PutByValAlias + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): + +2011-12-09 David Levin <levin@chromium.org> + + Hash* iterators should allow comparison between const and const versions. + https://bugs.webkit.org/show_bug.cgi?id=73370 + + Reviewed by Darin Adler. + + * wtf/HashTable.h: Add the operators needed to do this. + (WTF::HashTableConstIterator::operator==): + (WTF::HashTableConstIterator::operator!=): + (WTF::HashTableIterator::operator==): + (WTF::HashTableIterator::operator!=): + (WTF::operator==): + (WTF::operator!=): + +2011-12-09 Michael Saboff <msaboff@apple.com> + + YARR: Multi-character read optimization for 8bit strings + https://bugs.webkit.org/show_bug.cgi?id=74191 + + Reviewed by Oliver Hunt. + + Changed generatePatternCharacterOnce to generate + code for 1 to 4 characters in the 8 bit case. + This is worth 29% improvement on SunSpider regexp-dna test. + It provides no benefit to v8-regexp. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment. + +2011-12-09 David Levin <levin@chromium.org> + + Regression(r53595): Sync xhr requests in workers aren't terminated on worker close. + https://bugs.webkit.org/show_bug.cgi?id=71695 + + Reviewed by Zoltan Herczeg. + + * wtf/MessageQueue.h: + (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages + even after the queue has been killed. This is useful when one wants to + kill a queue but then go through it to run clean up tasks from it. + +2011-12-09 Adrienne Walker <enne@google.com> + + Fix HashMap<..., OwnPtr<...> >::add compilation errors + https://bugs.webkit.org/show_bug.cgi?id=74159 + + Reviewed by Darin Adler. + + Add a constructor to OwnPtr that takes the empty value (nullptr_t) + from HashTraits so that this function can compile. + + * wtf/OwnPtr.h: + (WTF::OwnPtr::OwnPtr): + +2011-12-09 Oliver Hunt <oliver@apple.com> + + Avoid reloading storage pointer for indexed properties unnecessarily + https://bugs.webkit.org/show_bug.cgi?id=74136 + + Reviewed by Filip Pizlo. + + Add a node to represent loading property storage for indexed properties. + This allows us to reduce code generated for sequential access of arrays, + strings, etc. This results in up to 5% improvement in code that is + very heavy on indexed reads, such as matrix operations in typed arrays + and 20% faster on microbenchmarks. + + Currently this is only supported by GetByVal and other similar indexed reads. + + * bytecode/PredictedType.h: + (JSC::isFixedIndexedStorageObjectPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleIntrinsic): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): + (JSC::DFG::SpeculativeJIT::compileGetByValOnString): + (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-08 Fady Samuel <fsamuel@chromium.org> + + [Chromium] Enable viewport metatag + https://bugs.webkit.org/show_bug.cgi?id=73495 + + Reviewed by Darin Fisher. + + * wtf/Platform.h: Added ENABLE(VIEWPORT) tag. + +2011-12-08 Adam Klein <adamk@chromium.org> + + Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope + https://bugs.webkit.org/show_bug.cgi?id=73964 + + Reviewed by Darin Adler. + + * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs. + +2011-12-08 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + https://bugs.webkit.org/show_bug.cgi?id=74005 + fix unaligned access memory in generatePatternCharacterOnce function + for SH4 platforms. + + Reviewed by Gavin Barraclough. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::load16Unaligned): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::load16Unaligned): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::load16Unaligned): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::lshift32): + (JSC::MacroAssemblerSH4::load8): + (JSC::MacroAssemblerSH4::load16): + (JSC::MacroAssemblerSH4::load16Unaligned): + (JSC::MacroAssemblerSH4::branch8): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::load16Unaligned): + * jit/JIT.h: + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + +2011-12-08 Michael Saboff <msaboff@apple.com> + + Add 8 bit paths for StringTypeAdapter classes + https://bugs.webkit.org/show_bug.cgi?id=73882 + + Reviewed by Darin Adler. + + Added is8Bit() method and writeTo(LChar*) methods + to StringTypeAdapter<> classes. The writeTo(LChar*) + method can be used if is8Bit() returns true. The + non-native 8 bit classes contain ASSERT(is8Bit()) + in their writeTo(LChar*). + + Updated all of the various versions of tryMakeString() to + use 8 bit processing in the updated StringTypeAdapter<> + classes. + + This has slight if any performance improvement on kraken. + + * runtime/UStringConcatenate.h: + * wtf/text/StringConcatenate.h: + (WTF::tryMakeString): + * wtf/text/StringOperators.h: + (WTF::StringAppend::is8Bit): + (WTF::StringAppend::writeTo): + +2011-12-07 Filip Pizlo <fpizlo@apple.com> + + DFG CSE should know that CheckFunction is pure + https://bugs.webkit.org/show_bug.cgi?id=74044 + + Reviewed by Oliver Hunt. + + Possible slight win on V8, no regressions. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::checkFunctionElimination): + +2011-12-07 Michael Saboff <msaboff@apple.com> + + StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing. + https://bugs.webkit.org/show_bug.cgi?id=73995 + + Reviewed by Geoffrey Garen. + + Problem was that a call to characters on an StringImpl associated + with a StringBuilder that is being appended to gets stale. + Added a new m_valid16BitShadowlen that keeps the length of + the 16 bit shadow that has been upconverted or will be up converted + with the first getCharacters(). When StringBuilder::characters or + ::reifyString is called, further characters are upconverted if + we have a shadow16bit copy and the m_valid16BitShadowlen is updated. + + * JavaScriptCore.exp: + * wtf/text/StringBuilder.cpp: + (WTF::StringBuilder::reifyString): + * wtf/text/StringBuilder.h: + (WTF::StringBuilder::StringBuilder): + (WTF::StringBuilder::characters): + (WTF::StringBuilder::clear): Cleaned up as part of the change. + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::getData16SlowCase): + (WTF::StringImpl::upconvertCharacters): + * wtf/text/StringImpl.h: + +2011-12-07 Filip Pizlo <fpizlo@apple.com> + + Compare and Swap should be enabled on ARMv7 + https://bugs.webkit.org/show_bug.cgi?id=74023 + + Reviewed by Geoff Garen. + + Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC. + It gives the expected speed-up on multi-core ARMv7 devices. + + * wtf/Atomics.h: + (WTF::weakCompareAndSwap): + * wtf/Platform.h: + +2011-12-07 Filip Pizlo <fpizlo@apple.com> + + DFG CSE is overzealous with GetByVal + https://bugs.webkit.org/show_bug.cgi?id=74042 + + Reviewed by Oliver Hunt. + + Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal + is tested in all places that matter. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::byValIsPure): + (JSC::DFG::Propagator::clobbersWorld): + (JSC::DFG::Propagator::getByValLoadElimination): + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::getPropertyStorageLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + +2011-12-07 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r102267. + http://trac.webkit.org/changeset/102267 + https://bugs.webkit.org/show_bug.cgi?id=74032 + + Breaks build on Chromium Mac Debug (Requested by aklein on + #webkit). + + * wtf/HashTraits.h: + +2011-12-07 Adam Klein <adamk@chromium.org> + + Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope + https://bugs.webkit.org/show_bug.cgi?id=73964 + + Reviewed by Ryosuke Niwa. + + * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null. + +2011-12-07 Filip Pizlo <fpizlo@apple.com> + + Non-Mac devices should benefit from a larger heap + https://bugs.webkit.org/show_bug.cgi?id=74015 + + Reviewed by Geoff Garen. + + Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in + Heap.cpp, and got in the way of having more granular, per-platform control over + what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB). + + * heap/Heap.cpp: + (JSC::GCTimer::heapSizeForHint): + * wtf/Platform.h: + +2011-11-30 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] V8 build fixes. + + Reviewed by Tor Arne Vestbø. + + * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in + VPATH. Prefix SOURCES correctly and make sure that runtime/ is + in the include search path when building with v8. + +2011-12-06 Filip Pizlo <fpizlo@apple.com> + + Zapping a block that is Marked leads to dead objects being mistaken for live ones + https://bugs.webkit.org/show_bug.cgi?id=73982 + + Reviewed by Geoff Garen. + + Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally, + the code asserts that: + + - If we zap a Marked or Zapped block then the free list is empty, because this + can only happen if the block was never free-listed. + + - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated + blocks are those that cannot be referred to by SizeClass::currentBlock (since + SizeClass::currentBlock only refers to blocks that are candidates for allocation, + and Allocated blocks are those who have been exhausted by allocation and will not + be allocated from again), and New blocks cannot be referred to by anything except + during a brief window inside the allocation slow-path. + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::zapFreeList): + +2011-12-06 Filip Pizlo <fpizlo@apple.com> + + DFG 32_64 call linking does not handle non-cell callees correctly + https://bugs.webkit.org/show_bug.cgi?id=73965 + + Reviewed by Sam Weinig. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitCall): + +2011-12-06 Sam Weinig <sam@webkit.org> + + Remove unintentional type name shadowing in the Interpreter + https://bugs.webkit.org/show_bug.cgi?id=73963 + + Reviewed by Oliver Hunt. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable, + which shadows the FunctionExecutable type name, with functionExecutable. + +2011-12-06 Michael Saboff <msaboff@apple.com> + + r102146 from 73875 broke fast/js/encode-URI-test.html + https://bugs.webkit.org/show_bug.cgi?id=73950 + + Reviewed by Gavin Barraclough. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncUnescape): Restructured to handle + the %uHHHH case to output the resulting character + and continue so that a failure in finding 4 hex + digits will fall through and output the '%'. + Due to style check, changed the temporary + character variable to a more descriptive name. + +2011-12-06 Filip Pizlo <fpizlo@apple.com> + + GC zapping logic could benefit from some more assertions + https://bugs.webkit.org/show_bug.cgi?id=73947 + + Reviewed by Gavin Barraclough. + + - If you're in a zapped block and you're zapped, then your mark bit should + never be set. + + - If you're being marked, then you should never be zapped. + + * heap/MarkedBlock.h: + (JSC::MarkedBlock::isLive): + * runtime/Structure.h: + (JSC::MarkStack::internalAppend): + +2011-12-06 Oliver Hunt <oliver@apple.com> + + Don't allocate register in typedarray control flow + https://bugs.webkit.org/show_bug.cgi?id=73944 + + Reviewed by Gavin Barraclough. + + Move a temporary allocation outside of control flow. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): + +2011-12-06 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=68328 + The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant + + Reviewed by Geoff Garen. + + Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions + that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the + hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select + a thunk genertaor to use based on the Intrinsic. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * create_hash_table: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + * dfg/DFGCapabilities.h: + * dfg/DFGIntrinsic.h: Removed. + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): + * jit/JITStubs.h: + * runtime/Executable.cpp: + (JSC::ExecutableBase::intrinsic): + (JSC::NativeExecutable::intrinsic): + * runtime/Executable.h: + (JSC::ExecutableBase::intrinsicFor): + (JSC::NativeExecutable::create): + (JSC::NativeExecutable::finishCreation): + * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h. + * runtime/JSGlobalData.cpp: + (JSC::thunkGeneratorForIntrinsic): + (JSC::JSGlobalData::getHostFunction): + * runtime/JSGlobalData.h: + * runtime/Lookup.cpp: + (JSC::HashTable::createTable): + (JSC::setUpStaticFunctionSlot): + * runtime/Lookup.h: + (JSC::HashEntry::initialize): + (JSC::HashEntry::intrinsic): + +2011-12-06 Michael Saboff <msaboff@apple.com> + + Add 8 bit paths to global object functions + https://bugs.webkit.org/show_bug.cgi?id=73875 + + Added 8 bit paths for converions methods. + + This is worth 1.5% on kraken audio-oscillator, + 1.6% on stanford-crypto-ccm and 2.5% on + stanford-crypto-sha256-iterative. See bug for + a full report. + + Reviewed by Oliver Hunt. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::decode): Split into a templated helper. + (JSC::parseInt): Split into a templated helper. + (JSC::parseFloat): Added an 8 bit path + (JSC::globalFuncEscape): Added 8 bit path + (JSC::globalFuncUnescape): Added 8 bit path + * runtime/JSStringBuilder.h: + (JSC::JSStringBuilder::append): New append for LChar + * wtf/text/StringBuilder.h: + (WTF::StringBuilder::append): New append for LChar + +2011-11-21 Balazs Kelemen <kbalazs@webkit.org> + + Enable ParallelJobs by default + https://bugs.webkit.org/show_bug.cgi?id=70032 + + Reviewed by Zoltan Herczeg. + + According to measurements on Mac and Linux it is a + considerable speedup for SVG on multicore. + + Remove the ENABLE(PARALLEL_JOBS) guard. + Fix build on Windows and Chromium. + + * JavaScriptCore.gypi: Add the files to the build. It was + missing for the gyp build system. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Export symbols. + * wtf/ParallelJobs.h: + * wtf/ParallelJobsGeneric.cpp: + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::execute): + Deinline these to avoid exporting a lot of symbols. + These are non-trivial and called only once on a given object + so it doesn't seems to be worthwile to inline them. + Additionally fix a signed-unsigned comparison in the constructor. + * wtf/ParallelJobsGeneric.h: + * wtf/Platform.h: + +2011-12-06 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] build-jsc script doesn't work + https://bugs.webkit.org/show_bug.cgi?id=73910 + + Reviewed by Tor Arne Vestbø. + + * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC + (moved from top-level WebKit.pro). Also add v8 scopes to only build + WTF during v8 builds. + +2011-12-05 Anders Carlsson <andersca@apple.com> + + Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11. + + Reviewed by Darin Adler. + + * wtf/HashMap.h: + +2011-12-05 Michael Saboff <msaboff@apple.com> + + Create StringImpl::empty() as an 8 bit string + https://bugs.webkit.org/show_bug.cgi?id=73871 + + Reviewed by Oliver Hunt. + + * wtf/text/StringStatics.cpp: + (WTF::StringImpl::empty): Changed to be an 8 bit string. + +2011-12-05 Darin Adler <darin@apple.com> + + Convert JSClassRef to use HashMap<OwnPtr> + https://bugs.webkit.org/show_bug.cgi?id=73780 + + Reviewed by Andreas Kling. + + * API/JSCallbackObjectFunctions.h: + (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map + entries because the hash map now has an OwnPtr instead of a raw pointer. + + * API/JSClassRef.cpp: + (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and + m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating. + Removed the code that gets and deletes existing entries, and just use set, + which now handles deletion automatically due to it being OwnPtr. + (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion + with assertion-only NDEBUG-only code. + (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when + allocating. Use OwnPtr when adding. Removed unneeded code to set + staticValues and staticFunctions to 0. Removed unneeded destructor. + (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local. + (OpaqueJSClass::staticFunctions): Ditto. + (OpaqueJSClass::prototype): Added use of adoptPtr. + + * API/JSClassRef.h: Made the static values and static functions tables + use OwnPtr for the entries. Also used OwnPtr for the pointers to the + tables themselves. Also removed ~OpaqueJSClassContextData(), letting + the compiler generate it. + +2011-12-05 Oliver Hunt <oliver@apple.com> + + Land uncommitted bit of float array support + https://bugs.webkit.org/show_bug.cgi?id=73873 + + Reviewed by Filip Pizlo. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): + +2011-12-05 Benjamin Poulain <benjamin@webkit.org> + + Update String::containsOnlyASCII() to handle 8 bits strings + https://bugs.webkit.org/show_bug.cgi?id=73799 + + Reviewed by Darin Adler. + + Implement String::containsOnlyASCII() so that it does not + call String::characters(). + + * wtf/text/WTFString.h: + (WTF::String::containsOnlyASCII): + +2011-12-05 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for non-DFG platforms. + + * dfg/DFGRepatch.h: + +2011-12-05 Filip Pizlo <fpizlo@apple.com> + + Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they + were compact offsets + https://bugs.webkit.org/show_bug.cgi?id=73861 + + Reviewed by Gavin Barraclough. + + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::resetPatchPutById): + +2011-12-05 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, build fixes for ARM. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::unreachableForPlatform): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::loadDouble): + (JSC::MacroAssemblerARMv7::loadFloat): + (JSC::MacroAssemblerARMv7::storeFloat): + (JSC::MacroAssemblerARMv7::convertFloatToDouble): + (JSC::MacroAssemblerARMv7::convertDoubleToFloat): + +2011-12-05 Benjamin Poulain <benjamin@webkit.org> + + Update String::containsOnlyLatin1() to avoid converting to 16 bits + https://bugs.webkit.org/show_bug.cgi?id=73797 + + Reviewed by Andreas Kling. + + When the String use 8bits StringImpl, there is no need to iterate + over the string. + + The function charactersAreAllLatin1() is removed because it is not + used anywhere. + + * wtf/text/WTFString.h: + (WTF::String::containsOnlyLatin1): + +2011-12-05 Michael Saboff <msaboff@apple.com> + + 8 bit string work slows down Kraken json-stringify-tinderbox + https://bugs.webkit.org/show_bug.cgi?id=73457 + + Added 8 bit path to StringBuilder. StringBuilder starts + assuming 8 bit contents and gets converted to 16 bit upon + seeing the first 16 bit character or string. Split + appendUninitialiezed into an inlined fast and function call + slow case. + + Factored out the processing of the UString argument from + Stringifier::appendQuotedString() to a static templated function + based on character size. + + This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox. + This change introduces a 4.8% slowdown to json-parse-financial. + This slowdown will be addressed in a subsequent patch to StringImpl::equal. + + Reviewed by Oliver Hunt. + + * runtime/JSONObject.cpp: + (JSC::appendStringToUStringBuilder): + (JSC::Stringifier::appendQuotedString): + * wtf/text/StringBuilder.cpp: + (WTF::StringBuilder::resize): + (WTF::StringBuilder::allocateBuffer): + (WTF::StringBuilder::allocateBufferUpConvert): + (WTF::LChar): + (WTF::UChar): + (WTF::StringBuilder::reserveCapacity): + (WTF::StringBuilder::appendUninitialized): + (WTF::StringBuilder::appendUninitializedSlow): + (WTF::StringBuilder::append): + (WTF::StringBuilder::shrinkToFit): + * wtf/text/StringBuilder.h: + (WTF::StringBuilder::StringBuilder): + (WTF::StringBuilder::append): + (WTF::StringBuilder::operator[]): + (WTF::StringBuilder::characters8): + (WTF::StringBuilder::characters16): + (WTF::StringBuilder::charactersBlah): + (WTF::LChar): + (WTF::UChar): + +2011-12-01 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=73624 + JIT + INTERPRETER builds are broken + + Reviewed by Geoff Garen, Sam Weinig. + + These don't fallback to the interpreter correctly. + Thunk creation assumes that is the JIT is compiled in, then it is enabled. + + * jit/JITStubs.cpp: + (JSC::JITThunks::JITThunks): + * runtime/Executable.h: + (JSC::NativeExecutable::create): + (JSC::NativeExecutable::finishCreation): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::getHostFunction): + +2011-12-05 Zoltan Herczeg <zherczeg@webkit.org> + + MacroAssemblerSH4 does not implement readCallTarget + https://bugs.webkit.org/show_bug.cgi?id=73434 + + Reviewed by Csaba Osztrogonác. + + * assembler/MacroAssemblerSH4.h: Support for SH4. + (JSC::MacroAssemblerSH4::readCallTarget): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::readCallTarget): + +2011-12-04 Filip Pizlo <fpizlo@apple.com> + + DFG should optimize strict equality + https://bugs.webkit.org/show_bug.cgi?id=73764 + + Reviewed by Oliver Hunt. + + 1% speed-up on V8. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): + (JSC::DFG::SpeculativeJIT::compileStrictEq): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compileIntegerCompare): + (JSC::DFG::SpeculativeJIT::compileDoubleCompare): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compileIntegerCompare): + (JSC::DFG::SpeculativeJIT::compileDoubleCompare): + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-03 Darin Adler <darin@apple.com> + + Use HashMap<OwnPtr> for ScriptSampleRecordMap + https://bugs.webkit.org/show_bug.cgi?id=73758 + + Reviewed by Andreas Kling. + + * bytecode/SamplingTool.cpp: + (JSC::SamplingTool::notifyOfScope): Added adoptPtr. + (JSC::SamplingTool::dump): Added get. + * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr. + +2011-12-03 Darin Adler <darin@apple.com> + + Use HashMap<OwnPtr> for the opaqueJSClassData map + https://bugs.webkit.org/show_bug.cgi?id=73759 + + Reviewed by Andreas Kling. + + * API/JSClassRef.cpp: + (OpaqueJSClass::contextData): Update types. + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the + timing the same. If we didn't care about the order of operations, we could remove this, too. + * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the + opaqueJSClassData map. + +2011-12-03 Darin Adler <darin@apple.com> + + Change HashMap implementation to use the pass type and peek type from traits for the mapped value + https://bugs.webkit.org/show_bug.cgi?id=72474 + + Reviewed by Anders Carlsson. + + * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType, + and PeekType from the traits of the mapped value instead of hard-coding them here. + Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself, + to accomodate a PassInType that can't be copied. Use the store, peek, and passOut + functions from the traits as well. + + * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include + PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had + an earlier version that was just PassType, PeekType, pass, and peek. Also commented + the HashTraits for RefPtr to foreshadow some work we can do there. + + * wtf/RefPtrHashMap.h: Same changes as HashMap.h. + +2011-12-02 David Levin <levin@chromium.org> + + Rename WTF class from TemporarilyChange to TemporaryChange. + https://bugs.webkit.org/show_bug.cgi?id=73479 + + Reviewed by Eric Seidel. + + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h. + (WTF::TemporaryChange::TemporaryChange): + (WTF::TemporaryChange::~TemporaryChange): + +2011-12-02 Mark Hahnenberg <mhahnenberg@apple.com> + + REGRESSION (r99754): All layout tests crash on Windows + https://bugs.webkit.org/show_bug.cgi?id=72305 + + Reviewed by Geoffrey Garen. + + Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in + JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of + a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an + incorrect version of visitChildren on the object, which left its children unmarked, causing them to be + collected when they were still reachable. + + * runtime/JSFunction.cpp: + (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away. + * runtime/JSFunction.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization + purposes are distinct from one another. + +2011-12-02 Oliver Hunt <oliver@apple.com> + + Improve float array support in the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=73722 + + Reviewed by Gavin Barraclough. + + Add basic support for float typed arrays in JSC. This is currently + less optimal than it could be in the following ways: + * float32Array1[0] = float32Array2[0] (eg. an element by element copy) + promotes float to double and then back to float. + * float64Array[0] will always perform NaN tests in order to prevent + signalling NaNs from entering the engine. + + We also don't support Float32Array on ARMv7 + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::loadDouble): + (JSC::MacroAssemblerARMv7::loadFloat): + (JSC::MacroAssemblerARMv7::storeDouble): + (JSC::MacroAssemblerARMv7::storeFloat): + (JSC::MacroAssemblerARMv7::convertFloatToDouble): + (JSC::MacroAssemblerARMv7::convertDoubleToFloat): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::loadDouble): + (JSC::MacroAssemblerX86Common::loadFloat): + (JSC::MacroAssemblerX86Common::storeDouble): + (JSC::MacroAssemblerX86Common::storeFloat): + (JSC::MacroAssemblerX86Common::convertDoubleToFloat): + (JSC::MacroAssemblerX86Common::convertFloatToDouble): + * assembler/X86Assembler.h: + (JSC::X86Assembler::cvtsd2ss_rr): + (JSC::X86Assembler::cvtss2sd_rr): + (JSC::X86Assembler::movsd_rm): + (JSC::X86Assembler::movss_rm): + (JSC::X86Assembler::movsd_mr): + (JSC::X86Assembler::movss_mr): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateFloat32Array): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::compile): + +2011-12-02 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r101801. + http://trac.webkit.org/changeset/101801 + https://bugs.webkit.org/show_bug.cgi?id=73667 + + Build is still broken (Requested by Ossy on #webkit). + + * assembler/SH4Assembler.h: + +2011-12-01 Darin Adler <darin@apple.com> + + Prepare to deploy pass and peek types in the HashMap class + https://bugs.webkit.org/show_bug.cgi?id=73477 + + Reviewed by Adam Roben. + + This patch adds private typedefs inside the HashMap class, + and uses them as appropriate. A future patch will actually + tie those typedefs to hash traits, which will allow us to + make HashMap work with OwnPtr mapped values and to optimize + how HashMap works with RefPtr mapped values. + + Also changed the hash translator and adapter struct templates + to use template functions to simplify them and make them more + flexible. + + Also removed some unused template arguments. + + This goes out of its way to not change behavior. Future patches + will change the peek type to be a reference type, which will + reduce reference count churn a bit for hash tables with RefPtr + mapped values, and then do further optimizations for RefPtr + and OwnPtr by getting types from the hash traits. + + * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType, + and MappedPeekType typedefs, and used them for the arguments + and return types of the get, set, add, take, and inlineAdd + functions. + (WTF::HashMapTranslator): Changed this struct template to take + fewer arguments, and changed its member functions to be + function templates instead. This allows the compiler to + determine types more flexibly and also simplifies use of it. + (WTF::HashMapTranslatorAdapter): Ditto. + (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter. + Also reduced the arguments passed to the HashTable function template. + (WTF::HashMap::contains): Ditto. + (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. + (WTF::HashMap::set): Ditto. + (WTF::HashMap::add): Ditto. + (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. + (WTF::HashMap::get): Ditto. + (WTF::HashMap::take): Ditto, but return MappedPassOutType and use + that type in the implementation. + (WTF::deleteAllValues): Removed unneeded template arguments from + call to deleteAllPairSeconds. + (WTF::deleteAllKeys): Removed unneeded template arguments from + call to deleteAllPairFirsts. + + * wtf/HashSet.h: + (WTF::IdentityExtractor): Changed this to be a struct rather than + a struct template, and replaced the extract function with a function + template. This allows the compiler to deduce the type. + (WTF::HashSetTranslatorAdapter): Changed this struct template to take + fewer arguments, and changed its member functions to be + function templates instead. This allows the compiler to + determine types more flexibly and also simplifies use of it. + (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter. + Also reduced the arguments passed to the HashTable function template. + (WTF::HashSet::contains): Ditto. + (WTF::HashSet::add): Ditto. + + * wtf/HashTable.h: + (WTF::IdentityHashTranslator): Changed this struct template to take + fewer arguments, and changed its member functions to be + function templates instead. This allows the compiler to + determine types more flexibly and also simplifies use of it. + (WTF::HashTable::add): Reduced arguments passed to the function template. + (WTF::HashTable::find): Ditto, also reversed the template arguments so the + translator comes first so the compiler can deduce the other type. + (WTF::HashTable::contains): Ditto. + (WTF::HashTable::lookup): Ditto. + (WTF::HashTable::lookupForWriting): Ditto. + (WTF::HashTable::checkKey): Ditto. + (WTF::HashTable::fullLookupForWriting): Ditto. + (WTF::HashTable::add): Ditto. + (WTF::HashTable::addPassingHashCode): Ditto. + (WTF::HashTable::find): Ditto. + (WTF::HashTable::contains): Ditto. + + * wtf/ListHashSet.h: + (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take + fewer arguments, and changed its member functions to be function templates + instead. This allows the compiler to determine types more flexibly and + also simplifies use of it. + (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable + functon template. + (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the + same way we changed ListHashSetNodeHashFunctions above. + (WTF::ListHashSetTranslatorAdapter::equal): + (WTF::::contains): + (WTF::::add): + (WTF::::insertBefore): + + * wtf/RefPtrHashMap.h: Updated comments. Removed the + RefPtrHashMapRawKeyTranslator struct template; we can use the + HashMapTranslator struct template from HashMap.h instead now that + it is more flexible. Added MappedPassInType, MappedPassOutType, + and MappedPeekType typedefs, and used them for the arguments + and return types of the get, inlineGet, set, add, take, and inlineAdd + functions. Changed the name of the RawKeyTranslator type to + Translator since it's now a class that can handle both raw keys + and conventional keys. + (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator. + Reduced the arguments passed to the HashTable function template. + (WTF::HashMap::contains): Ditto. + (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. + (WTF::HashMap::set): Ditto. + (WTF::HashMap::add): Ditto. + (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. + (WTF::HashMap::get): Ditto. + (WTF::HashMap::take): Ditto, but return MappedPassOutType and use + that type in the implementation. + (WTF::deleteAllValues): Removed unneeded template arguments from + call to deleteAllPairSeconds. + (WTF::deleteAllKeys): Removed unneeded template arguments from + call to deleteAllPairFirsts. + +2011-12-02 Zoltan Herczeg <zherczeg@webkit.org> + + MacroAssemblerSH4 does not implement readCallTarget + https://bugs.webkit.org/show_bug.cgi?id=73434 + + Reviewed by Csaba Osztrogonác. + + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::readCallTarget): Support for SH4. + +2011-12-02 Hajime Morrita <morrita@chromium.org> + + Unreviewed, rolling out r101751 and r101775. + http://trac.webkit.org/changeset/101751 + http://trac.webkit.org/changeset/101775 + https://bugs.webkit.org/show_bug.cgi?id=73191 + + breaks Windows build + + * JavaScriptCore.xcodeproj/project.pbxproj: + * config.h: + * runtime/JSExportMacros.h: Removed. + * wtf/ExportMacros.h: + * wtf/Platform.h: + * wtf/WTFThreadData.h: + * wtf/text/AtomicString.h: + * wtf/text/StringStatics.cpp: + +2011-12-01 Hajime Morrita <morrita@chromium.org> + + JS_INLINE and WTF_INLINE should be visible from WebCore + https://bugs.webkit.org/show_bug.cgi?id=73191 + + - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. + - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. + - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. + + Reviewed by Kevin Ollivier. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * config.h: + * runtime/JSExportMacros.h: Added. + * wtf/ExportMacros.h: + * wtf/Platform.h: + * wtf/WTFThreadData.h: + * wtf/text/AtomicString.h: + * wtf/text/StringStatics.cpp: + +2011-12-01 Michael Saboff <msaboff@apple.com> + + Changes proposed for 73457 slow down Kraken json-parse-financial + https://bugs.webkit.org/show_bug.cgi?id=73584 + + Restructured StringImpl::equal to take advantage of 8 or 4 bytes + at a time when possible. + + This is worth ~3% on Kraken json-parse-financial. It provides + ~2% on SunSpider string-unpack-code. + + Reviewed by Sam Weinig. + + * wtf/text/StringImpl.cpp: + (WTF::equal): + +2011-12-01 Oliver Hunt <oliver@apple.com> + + Support integer typed arrays in the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=73608 + + Reviewed by Filip Pizlo. + + Add support for all the integral typed arrays in the DFG JIT. + Currently this loads the contents of Uint32 arrays as doubles, + which is clearly not as efficient as it could be, but this is + still in the order of 10-20x faster than the existing behaviour. + + This needed us to add support for writing 16bit values to the + macroassembler, and also to support double<->unsigned conversion. + + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::strh): + (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::store16): + (JSC::MacroAssemblerARMv7::truncateDoubleToUint32): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::store16): + (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movw_rm): + (JSC::X86Assembler::cvttsd2siq_rr): + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + (JSC::predictionFromClassInfo): + * bytecode/PredictedType.h: + (JSC::isInt8ArrayPrediction): + (JSC::isInt16ArrayPrediction): + (JSC::isInt32ArrayPrediction): + (JSC::isUint8ArrayPrediction): + (JSC::isUint16ArrayPrediction): + (JSC::isUint32ArrayPrediction): + (JSC::isFloat32ArrayPrediction): + (JSC::isFloat64ArrayPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::initialize): + (JSC::DFG::AbstractState::execute): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateInt8Array): + (JSC::DFG::Node::shouldSpeculateInt16Array): + (JSC::DFG::Node::shouldSpeculateInt32Array): + (JSC::DFG::Node::shouldSpeculateUint8Array): + (JSC::DFG::Node::shouldSpeculateUint16Array): + (JSC::DFG::Node::shouldSpeculateUint32Array): + (JSC::DFG::Node::shouldSpeculateFloat32Array): + (JSC::DFG::Node::shouldSpeculateFloat64Array): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): + (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSGlobalData.h: + +2011-12-01 Benjamin Poulain <benjamin@webkit.org> + + URLs are encoded in UTF-8, then decoded as if they are Latin1 + https://bugs.webkit.org/show_bug.cgi?id=71758 + + Reviewed by Darin Adler. + + Add the operator == between a String and a Vector of char. The implementation + is the same as the comparison of String and char* but adds the length as a + parameter for comparing the strings. + + * JavaScriptCore.exp: + * wtf/text/StringImpl.h: + (WTF::equal): + * wtf/text/WTFString.h: + (WTF::operator==): + (WTF::operator!=): + +2011-12-01 Martin Robinson <mrobinson@igalia.com> + + [GTK] Read fonts from the jhbuild root + https://bugs.webkit.org/show_bug.cgi?id=73487 + + Reviewed by Gustavo Noronha Silva. + + Read fonts from the jhbuild root instead of from the system. This will ensure + that all testers use the same fonts instead of leaving this up to luck. + + * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner. + +2011-12-01 Martin Robinson <mrobinson@igalia.com> + + [GTK] Add a helper function to find the current executable's path + https://bugs.webkit.org/show_bug.cgi?id=73473 + + Reviewed by Gustavo Noronha Silva. + + Add a WTF helper which gets the binary path. This is currently only used + in WebKit2. + + * GNUmakefile.list.am: Add the new file to the source list. + * wtf/gobject/GlibUtilities.cpp: Added. + (getCurrentExecutablePath): + * wtf/gobject/GlibUtilities.h: Added. + +2011-12-01 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r101691. + http://trac.webkit.org/changeset/101691 + https://bugs.webkit.org/show_bug.cgi?id=73588 + + Tests fail on Chromium bots, early warning system warned + committer, please adjust test_expectations in patch (Requested + by scheib on #webkit). + + * JavaScriptCore.exp: + * wtf/text/StringImpl.h: + * wtf/text/WTFString.h: + +2011-12-01 Filip Pizlo <fpizlo@apple.com> + + ARMv7 only allows for one-shot patching of compact offsets, while the + JIT expects to be able to repatch + https://bugs.webkit.org/show_bug.cgi?id=73548 + + Reviewed by Oliver Hunt. + + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::setUInt7ForLoad): + +2011-11-30 Benjamin Poulain <benjamin@webkit.org> + + URLs are encoded in UTF-8, then decoded as if they are Latin1 + https://bugs.webkit.org/show_bug.cgi?id=71758 + + Reviewed by Darin Adler. + + Add the operator == between a String and a Vector of char. The implementation + is the same as the comparison of String and char* but adds the length as a + parameter for comparing the strings. + + * JavaScriptCore.exp: + * wtf/text/StringImpl.h: + (WTF::equal): + * wtf/text/WTFString.h: + (WTF::operator==): + (WTF::operator!=): + +2011-11-30 Dmitry Lomov <dslomov@google.com> + + https://bugs.webkit.org/show_bug.cgi?id=73503 + [Chromium][V8] Implement ArrayBuffer transfer in chromium. + Portions of this patch come from Luke Zarko. + + Reviewed by David Levin. + + * wtf/ArrayBuffer.cpp: + (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr. + * wtf/ArrayBuffer.h: + (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr. + (WTF::ArrayBuffer::isNeutered): + * wtf/TypedArrayBase.h: + (WTF::TypedArrayBase::neuter): + +2011-12-01 Chao-ying Fu <fu@mips.com> + + MacroAssemblerMIPS does not implement readCallTarget + https://bugs.webkit.org/show_bug.cgi?id=73432 + + Reviewed by Zoltan Herczeg. + + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::readCallTarget): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::readCallTarget): + +2011-12-01 Noel Gordon <noel.gordon@gmail.com> + + [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects + https://bugs.webkit.org/show_bug.cgi?id=73527 + + Reviewed by Simon Hausmann. + + wtf/qt/ThreadingQt.cpp was removed in r101477 + + * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp + +2011-12-01 Filip Pizlo <fpizlo@apple.com> + + BitVector isInline check could fail + https://bugs.webkit.org/show_bug.cgi?id=70691 + + Reviewed by Gavin Barraclough. + + Switch back to using the high bit as the inline marker, to make + all of the bit indexing operations simpler. Computing the size in + words and in bytes of a bitvector, using the number of bits as + input is error-prone enough; and with the current approach to + solving the X86 bug we end up getting it wrong. Making it right + seems hard. + + So instead, to solve the original problem (the high bit may be + meaningful on 32-bit systems), the out-of-line storage pointer is + right-shifted by 1. Compared to the original BitVector code, this + is a much smaller change (just three lines). + + This solves a bug where the DFG was corrupting its call frame + because BitVector lost track of some bits. + + * wtf/BitVector.cpp: + (WTF::BitVector::setSlow): + (WTF::BitVector::resizeOutOfLine): + * wtf/BitVector.h: + (WTF::BitVector::quickGet): + (WTF::BitVector::quickSet): + (WTF::BitVector::quickClear): + (WTF::BitVector::makeInlineBits): + (WTF::BitVector::isInline): + (WTF::BitVector::outOfLineBits): + +2011-11-30 Filip Pizlo <fpizlo@apple.com> + + DFG should make it easier to notice node boundaries in disassembly + https://bugs.webkit.org/show_bug.cgi?id=73509 + + Rubber-stamped by Gavin Barraclough + + If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will + be emitted at node boundaries, where the immediate being xor'd is the + node index. + + * dfg/DFGCommon.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-30 Geoffrey Garen <ggaren@apple.com> + + Removed ArgList iterators. + + Reviewed by Gavin Barraclough. + + Another step toward reversing the argument order. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): Switched from iterator to int. + + * runtime/ArgList.h: + (JSC::ArgList::ArgList): + (JSC::ArgList::isEmpty): Removed iterators. + + * runtime/JSArray.cpp: + (JSC::JSArray::finishCreation): Switched from iterator to int. + +2011-11-30 Yuqiang Xian <yuqiang.xian@intel.com> + + 32 bit DFG should handle logicalNot slow case instead of simply bailing out + https://bugs.webkit.org/show_bug.cgi?id=73515 + + Reviewed by Filip Pizlo. + + This improves Kraken performance by 14%, mainly due to ~3X improvement + on imaging-desaturate. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + +2011-11-30 Max Vujovic <mvujovic@adobe.com> + + Some date values not handled consistently with IE/Firefox + https://bugs.webkit.org/show_bug.cgi?id=14176 + + Reviewed by Gavin Barraclough. + + Changed time zone offset parsing behavior to match IE/Firefox/Opera's in + implementation dependent cases like "GMT-4". + + * wtf/DateMath.cpp: + (WTF::parseDateFromNullTerminatedCharacters): + +2011-11-30 Mark Hahnenberg <mhahnenberg@apple.com> + + toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback + https://bugs.webkit.org/show_bug.cgi?id=73368 + + Reviewed by Darin Adler. + + We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever + happens to be in the first class of the chain, which potentially could be null. + + <rdar://problem/10493218> + + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::toStringCallback): + (JSC::JSCallbackFunction::valueOfCallback): + +2011-11-29 Sam Weinig <sam@webkit.org> + + Add adoptCF and adoptNS convenience functions to RetainPtr.h + https://bugs.webkit.org/show_bug.cgi?id=73399 + + Reviewed by Anders Carlsson. + + * wtf/RetainPtr.h: + (WTF::adoptCF): + (WTF::adoptNS): + These adoption functions match the pattern we use in other + smart pointer classes. + +2011-11-30 Adam Roben <aroben@apple.com> + + Fix RetainPtr's move assignment operators + + Fixes <http://webkit.org/b/73449> RetainPtr's move assignment operators don't modify the + pointer being assigned to + + I didn't write a test for this because we don't have a way of unit testing C++11 code (see + <http://webkit.org/b/73448>). + + Reviewed by Anders Carlsson. + + * wtf/RetainPtr.h: + (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own + pointer. + +2011-11-30 Csaba Osztrogonác <ossy@webkit.org> + + Unreviewed rolling out incorrect r101481. + + * assembler/MIPSAssembler.h: + * assembler/MacroAssemblerMIPS.h: + +2011-11-30 Simon Hausmann <simon.hausmann@nokia.com> + + Fix compilation with MingW. + + Reviewed by Csaba Osztrogonác. + + * wtf/ThreadingWin.cpp: + (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for + the time being make the thread name setting unimplemented for MingW. + +2011-11-30 Simon Hausmann <simon.hausmann@nokia.com> + + Unreviewed propective build fix for Qt/Windows part 2 after r101477. + + * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific<T>::Data + +2011-11-30 Simon Hausmann <simon.hausmann@nokia.com> + + Unreviewed propective build fix for Qt/Windows after r101477. + + * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's + only referenced from within another OS(WINDOWS) section. + +2011-11-30 Csaba Osztrogonác <ossy@webkit.org> + + Unreviewed speculative buildfix after r101457. + + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::readCallTarget): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::readCallTarget): + +2011-11-30 Andrew Wason <rectalogic@rectalogic.com> + + Replace Qt QThread threading back-end with pthread/Win32 threading back-ends + https://bugs.webkit.org/show_bug.cgi?id=72155 + + Reviewed by Simon Hausmann. + + Use ThreadingPthreads and ThreadingWin instead of ThreadingQt. + + * heap/MachineStackMarker.cpp: + * wtf/MainThread.cpp: + (WTF::initializeMainThread): + * wtf/Platform.h: + * wtf/ThreadSpecific.h: Drop QThreadStorage related code. + (WTF::::destroy): + * wtf/ThreadingPrimitives.h: + * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread(). + (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread. + (WTF::scheduleDispatchFunctionsOnMainThread): + * wtf/qt/ThreadingQt.cpp: Removed. + * wtf/wtf.pro: + +2011-11-30 Csaba Osztrogonác <ossy@webkit.org> + + MacroAssemblerARM does not implement readCallTarget + https://bugs.webkit.org/show_bug.cgi?id=73413 + + Based on Filip Pizlo's patch. + + Buildfix. Rubber-stamped by Gabor Loki. + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::readCallTarget): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::readCallTarget): + +2011-11-29 Filip Pizlo <fpizlo@apple.com> + + Resetting a put_by_id inline cache should preserve the "isDirect" bit + https://bugs.webkit.org/show_bug.cgi?id=73375 + + Reviewed by Gavin Barraclough. + + For the replace case, we can find out if it was direct by looking at the + slow call. For the transition case, we explicitly remember if it was + direct. + + * bytecode/CodeBlock.cpp: + (JSC::printStructureStubInfo): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::deref): + (JSC::StructureStubInfo::visitWeakReferences): + * bytecode/StructureStubInfo.h: + (JSC::isPutByIdAccess): + (JSC::StructureStubInfo::initPutByIdTransition): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCachePutByID): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::resetPatchPutById): + (JSC::JIT::isDirectPutById): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::resetPatchPutById): + * jit/JITStubs.cpp: + (JSC::JITThunks::tryCachePutByID): + +2011-11-29 Sam Weinig <sam@webkit.org> + + Remove RetainPtr::releaseRef + https://bugs.webkit.org/show_bug.cgi?id=73396 + + Reviewed by Dan Bernstein. + + * wtf/RetainPtr.h: + Be gone releaseRef! Long live leakRef! + +2011-11-29 Sam Weinig <sam@webkit.org> + + Add move semantics to RetainPtr + https://bugs.webkit.org/show_bug.cgi?id=73393 + + Reviewed by Anders Carlsson. + + * wtf/RetainPtr.h: + (WTF::RetainPtr::RetainPtr): + Add a move constructor and move enabled assignment operators + to RetainPtr if the compiler being used supports rvalue + references. If the compiler does not support it, we fallback + to the copy semantics we have always had. + +2011-11-29 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG local CSE may cause incorrect reference counting for a node + https://bugs.webkit.org/show_bug.cgi?id=73390 + + Reviewed by Filip Pizlo. + + When performing a node substitution, the ref count of the replaced + child will be increased, no matter whether the user node is skipped in + code generation or not. This will cause the reference count of the + replaced child never get the chance to become zero and so the + registers occupied by it cannot be reused simply without spilling, if + it's used by a "skipped" node. + This is a 1% gain on V8 benchmark, tested on IA32 Linux. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::performSubstitution): + (JSC::DFG::Propagator::performNodeCSE): + +2011-11-29 David Levin <levin@chromium.org> + + Add a way to revert a variable to its previous value after leaving a scope. + https://bugs.webkit.org/show_bug.cgi?id=73371 + + Reviewed by Adam Barth. + + In case anyone from Chromium sees this, it is nearly identical to AutoReset + but if the same name were used, it causes unnecessary ambiguity. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/TemporarilyChange.h: Added. + (WTF::TemporarilyChange::TemporarilyChange): + (WTF::TemporarilyChange::~TemporarilyChange): + +2011-11-29 Sam Weinig <sam@webkit.org> + + Add COMPILER_SUPPORTS macro to allow for compiler feature testing + https://bugs.webkit.org/show_bug.cgi?id=73386 + + Reviewed by Anders Carlsson. + + * wtf/Compiler.h: + Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and + rvalue references for Clang. + +2011-11-29 Oliver Hunt <oliver@apple.com> + + Allow WebCore to describe typed arrays to JSC + https://bugs.webkit.org/show_bug.cgi?id=73355 + + Reviewed by Gavin Barraclough. + + Allow globaldata to track the structure of typed arrays. + + * runtime/JSGlobalData.h: + (JSC::TypedArrayDescriptor::TypedArrayDescriptor): + +2011-11-28 Filip Pizlo <fpizlo@apple.com> + + DFG debugCall() mechanism only works on X86 and X86-64 + https://bugs.webkit.org/show_bug.cgi?id=73282 + + Reviewed by Oliver Hunt. + + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::debugCall): + +2011-11-28 Filip Pizlo <fpizlo@apple.com> + + DFG non-X86 ArithDiv does speculation failure after mutating state, + without a value recovery + https://bugs.webkit.org/show_bug.cgi?id=73286 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-28 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fixes for ARM. + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::readCallTarget): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): + +2011-11-20 Roland Steiner <rolandsteiner@chromium.org> + + <style scoped>: add ENABLE(STYLE_SCOPED) flag to WebKit + https://bugs.webkit.org/show_bug.cgi?id=72848 + + Add ENABLE_STYLE_SCOPED flag. + + Reviewed by Dimitri Glazkov. + + * Configurations/FeatureDefines.xcconfig: + +2011-11-28 Jon Lee <jonlee@apple.com> + + Create skeleton framework for notifications support in WK2 + https://bugs.webkit.org/show_bug.cgi?id=73253 + <rdar://problem/10356943> + + * Configurations/FeatureDefines.xcconfig: Split out ENABLE_NOTIFICATIONS based on platform. + +2011-11-28 Oliver Hunt <oliver@apple.com> + + Fix windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-11-28 Oliver Hunt <oliver@apple.com> + + Fix gyp build + + * JavaScriptCore.gypi: + +2011-11-28 Filip Pizlo <fpizlo@apple.com> + + GetById should not always speculate cell + https://bugs.webkit.org/show_bug.cgi?id=73181 + + Reviewed by Gavin Barraclough. + + GetById will now speculate cell if the predictions of the base are cell. + Otherwise it will do like the old JIT (and like the old non-speculative + DFG JIT): if not cell, go straight to slow-path but otherwise don't OSR + out. This is a 1% speed-up on SunSpider. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-28 Oliver Hunt <oliver@apple.com> + + Move typed array implementations into wtf + https://bugs.webkit.org/show_bug.cgi?id=73248 + + Reviewed by Sam Weinig. + + Move typed array implementation files from WebCore to wtf. Inline the + .cpp files for each of the array views to cut down on unnecessary exports + and function call overhead for trivial operations. + + Added files to all the project files. + + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/ArrayBuffer.cpp: Renamed from Source/WebCore/html/canvas/Float32Array.cpp. + (WTF::ArrayBuffer::transfer): + (WTF::ArrayBuffer::addView): + (WTF::ArrayBuffer::removeView): + * wtf/ArrayBuffer.h: Renamed from Source/WebCore/html/canvas/ArrayBuffer.cpp. + (WTF::ArrayBufferContents::ArrayBufferContents): + (WTF::ArrayBufferContents::data): + (WTF::ArrayBufferContents::sizeInBytes): + (WTF::ArrayBufferContents::transfer): + (WTF::ArrayBuffer::~ArrayBuffer): + (WTF::ArrayBuffer::clampValue): + (WTF::ArrayBuffer::create): + (WTF::ArrayBuffer::ArrayBuffer): + (WTF::ArrayBuffer::data): + (WTF::ArrayBuffer::byteLength): + (WTF::ArrayBuffer::slice): + (WTF::ArrayBuffer::sliceImpl): + (WTF::ArrayBuffer::clampIndex): + (WTF::ArrayBufferContents::tryAllocate): + (WTF::ArrayBufferContents::~ArrayBufferContents): + * wtf/ArrayBufferView.cpp: Copied from Source/WebCore/bindings/js/JSArrayBufferCustom.cpp. + (WTF::ArrayBufferView::ArrayBufferView): + (WTF::ArrayBufferView::~ArrayBufferView): + (WTF::ArrayBufferView::neuter): + * wtf/ArrayBufferView.h: Renamed from Source/WebCore/html/canvas/ArrayBufferView.h. + (WTF::ArrayBufferView::isByteArray): + (WTF::ArrayBufferView::isUnsignedByteArray): + (WTF::ArrayBufferView::isShortArray): + (WTF::ArrayBufferView::isUnsignedShortArray): + (WTF::ArrayBufferView::isIntArray): + (WTF::ArrayBufferView::isUnsignedIntArray): + (WTF::ArrayBufferView::isFloatArray): + (WTF::ArrayBufferView::isDoubleArray): + (WTF::ArrayBufferView::isDataView): + (WTF::ArrayBufferView::buffer): + (WTF::ArrayBufferView::baseAddress): + (WTF::ArrayBufferView::byteOffset): + (WTF::ArrayBufferView::verifySubRange): + (WTF::ArrayBufferView::clampOffsetAndNumElements): + (WTF::ArrayBufferView::setImpl): + (WTF::ArrayBufferView::setRangeImpl): + (WTF::ArrayBufferView::zeroRangeImpl): + (WTF::ArrayBufferView::calculateOffsetAndLength): + * wtf/CMakeLists.txt: + * wtf/Float32Array.h: Renamed from Source/WebCore/html/canvas/Float32Array.h. + (WTF::Float32Array::set): + (WTF::Float32Array::item): + (WTF::Float32Array::isFloatArray): + (WTF::Float32Array::create): + (WTF::Float32Array::Float32Array): + (WTF::Float32Array::subarray): + * wtf/Float64Array.h: Renamed from Source/WebCore/html/canvas/Float64Array.h. + (WTF::Float64Array::set): + (WTF::Float64Array::item): + (WTF::Float64Array::isDoubleArray): + (WTF::Float64Array::create): + (WTF::Float64Array::Float64Array): + (WTF::Float64Array::subarray): + * wtf/Int16Array.h: Renamed from Source/WebCore/html/canvas/Int16Array.cpp. + (WTF::Int16Array::set): + (WTF::Int16Array::isShortArray): + (WTF::Int16Array::create): + (WTF::Int16Array::Int16Array): + (WTF::Int16Array::subarray): + * wtf/Int32Array.h: Renamed from Source/WebCore/html/canvas/Int32Array.cpp. + (WTF::Int32Array::set): + (WTF::Int32Array::isIntArray): + (WTF::Int32Array::create): + (WTF::Int32Array::Int32Array): + (WTF::Int32Array::subarray): + * wtf/Int8Array.h: Renamed from Source/WebCore/html/canvas/Int8Array.cpp. + (WTF::Int8Array::set): + (WTF::Int8Array::isByteArray): + (WTF::Int8Array::create): + (WTF::Int8Array::Int8Array): + (WTF::Int8Array::subarray): + * wtf/IntegralTypedArrayBase.h: Renamed from Source/WebCore/html/canvas/IntegralTypedArrayBase.h. + (WTF::IntegralTypedArrayBase::set): + (WTF::IntegralTypedArrayBase::item): + (WTF::IntegralTypedArrayBase::IntegralTypedArrayBase): + * wtf/TypedArrayBase.h: Renamed from Source/WebCore/html/canvas/TypedArrayBase.h. + (WTF::TypedArrayBase::data): + (WTF::TypedArrayBase::set): + (WTF::TypedArrayBase::setRange): + (WTF::TypedArrayBase::zeroRange): + (WTF::TypedArrayBase::length): + (WTF::TypedArrayBase::byteLength): + (WTF::TypedArrayBase::TypedArrayBase): + (WTF::TypedArrayBase::create): + (WTF::TypedArrayBase::subarrayImpl): + * wtf/Uint16Array.h: Renamed from Source/WebCore/html/canvas/Uint16Array.cpp. + (WTF::Uint16Array::set): + (WTF::Uint16Array::isUnsignedShortArray): + (WTF::Uint16Array::create): + (WTF::Uint16Array::Uint16Array): + (WTF::Uint16Array::subarray): + * wtf/Uint32Array.h: Renamed from Source/WebCore/html/canvas/Uint32Array.cpp. + (WTF::Uint32Array::set): + (WTF::Uint32Array::isUnsignedIntArray): + (WTF::Uint32Array::create): + (WTF::Uint32Array::Uint32Array): + (WTF::Uint32Array::subarray): + * wtf/Uint8Array.h: Renamed from Source/WebCore/html/canvas/Uint8Array.h. + (WTF::Uint8Array::set): + (WTF::Uint8Array::isUnsignedByteArray): + (WTF::Uint8Array::create): + (WTF::Uint8Array::Uint8Array): + (WTF::Uint8Array::subarray): + * wtf/wtf.pro: + +2011-11-27 Filip Pizlo <fpizlo@apple.com> + + Don't try to optimize huge code blocks + https://bugs.webkit.org/show_bug.cgi?id=73187 + + Reviewed by Oliver Hunt. + + This unifies the heuristics used for deciding if a code block is too big + to optimize, and sets this heuristic to 1000, which is intuitively better + than numeric_limits<unsigned>::max(). It also results in what looks like + a speed-up on both SunSpider and V8 (in Tools/Scripts/bencher). + + * dfg/DFGCapabilities.h: + (JSC::DFG::mightCompileEval): + (JSC::DFG::mightCompileProgram): + (JSC::DFG::mightCompileFunctionForCall): + (JSC::DFG::mightCompileFunctionForConstruct): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: + +2011-11-28 Filip Pizlo <fpizlo@apple.com> + + Either remove the GetMethod node from the DFG backend, or find a use for it + https://bugs.webkit.org/show_bug.cgi?id=73178 + + Reviewed by Gavin Barraclough. + + More testing seemed to imply that the GetMethod code was indeed not profitable + in any major test. So, it's probably best to just remove it. + + * bytecode/CodeBlock.cpp: + (JSC::MethodCallLinkInfo::reset): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + * dfg/DFGNode.h: + (JSC::DFG::Node::hasIdentifier): + (JSC::DFG::Node::hasHeapPrediction): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGRepatch.cpp: + * dfg/DFGRepatch.h: + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-28 Michael Saboff <msaboff@apple.com> + + Change set 101187 from bug 73154 removed already lower case optimization + https://bugs.webkit.org/show_bug.cgi?id=73174 + + Added back the "string is already lower case" optimization. + + Reviewed by Geoffrey Garen. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncToLowerCase): + +2011-11-28 Simon Hausmann <simon.hausmann@nokia.com> + + Unreviewed prospective build fix. Touch the file to trigger correct + rebuild on the Qt mips/sh4/sl bot. + + * wtf/unicode/qt4/UnicodeQt4.h: + +2011-11-28 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> + + [Qt] Remove cruft from project file + + Reviewed by Simon Hausmann. + + * Target.pri: + +2011-11-28 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] WTF should be built as separate static library + https://bugs.webkit.org/show_bug.cgi?id=73201 + + Reviewed by Tor Arne Vestbø. + + * Target.pri: Don't claim to build WTF, as that would cause + the debug-with-shlibs build to not link in wtf. + * jsc.pro: Require wtf. + * wtf/wtf.pri: Removed. + * wtf/wtf.pro: Added. Pro file to build wtf statically. + +2011-11-28 Martin Robinson <mrobinson@igalia.com> + + [GTK] JavaScriptCore generated sources should build in the DerivedSources directory + https://bugs.webkit.org/show_bug.cgi?id=73197 + + Reviewed by Philippe Normand. + + Build all JavaScriptCore generated sources in DerivedSources. + + * GNUmakefile.am: Update generation rules. + * GNUmakefile.list.am: Update source lists. + +2011-11-27 Filip Pizlo <fpizlo@apple.com> + + DFG should not emit GetMethod node + https://bugs.webkit.org/show_bug.cgi?id=73175 + + Reviewed by Gavin Barraclough. + + Replaces all instances of the GetMethod node with GetById. This appears to + be a slight win on V8. This patch leaves GetMethod support in the code-base, + making this decision easy to reverse, for now. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + +2011-11-26 Hajime Morrita <morrita@chromium.org> + + Needs WTF_INLINE and JS_INLINE + https://bugs.webkit.org/show_bug.cgi?id=72853 + + Reviewed by Kevin Ollivier. + + Added WTF_HIDDEN, WTF_INLINE and JS_INLINE which + indirect __attribute__((visibility("hidden")) + + * config.h: + * wtf/ExportMacros.h: + +2011-11-25 Michael Saboff <msaboff@apple.com> + + String.prototype.toLower should be optimized for 8 bit strings + https://bugs.webkit.org/show_bug.cgi?id=73154 + + Changed stringProtoFuncToLowerCase to use StringImpl::lower() which has + been optimized for 8 bit strings. + + This is worth ~7% to sunspider string.tagcloud. + + Reviewed by Filip Pizlo. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncToLowerCase): + +2011-11-25 Michael Saboff <msaboff@apple.com> + + Array.toString always uses StringImpl::characters() + https://bugs.webkit.org/show_bug.cgi?id=72969 + + If all component strings are 8 bit, create an 8 bit result string for toString(). + + This appears to be performance neutral to sunspider and v8. + + Reviewed by Filip Pizlo. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + +2011-11-24 Michael Saboff <msaboff@apple.com> + + UString methods are not character size aware + https://bugs.webkit.org/show_bug.cgi?id=72975 + + Changed the UString number constructors to build 8 bit strings. + Modified the other methods to check string bitness and process + with 8 bits wherre appropriate. + + * runtime/UString.cpp: + (JSC::UString::number): + (JSC::operator==): + (JSC::operator<): + (JSC::UString::ascii): + +2011-11-24 Michael Saboff <msaboff@apple.com> + + JavaScript string to number conversion functions use characters() + https://bugs.webkit.org/show_bug.cgi?id=72974 + + Change the various JS to number routines to process strings + using characters8() or characters16() as appropriate. + Implemented using static template methods. + + Reviewed by Filip Pizlo. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::isInfinity): + (JSC::jsHexIntegerLiteral): + (JSC::jsStrDecimalLiteral): + (JSC::toDouble): + (JSC::jsToNumber): + +2011-11-24 Michael Saboff <msaboff@apple.com> + + Empty JSStrings are created as 16 bit + https://bugs.webkit.org/show_bug.cgi?id=72968 + + Clear m_is8Bit flag for empty strings. + + Reviewed by Filip Pizlo. + + * runtime/JSString.h: + (JSC::RopeBuilder::finishCreation): + +2011-11-24 Michael Saboff <msaboff@apple.com> + + Tune JSStringBuilder for 8 bit Strings + https://bugs.webkit.org/show_bug.cgi?id=72683 + + Changed JSStringBuilder to use 8 bit buffers until 16 bit data is added. + When 16 bit data is to be added, the 8 bit buffer is converted to 16 bit + and building continues with a 16 bit buffer. + + Reviewed by Filip Pizlo. + + * runtime/JSStringBuilder.h: + (JSC::JSStringBuilder::JSStringBuilder): + (JSC::JSStringBuilder::append): + (JSC::JSStringBuilder::upConvert): + (JSC::JSStringBuilder::build): + * runtime/UString.h: + (JSC::UString::adopt): + * wtf/text/StringImpl.h: + (WTF::StringImpl::adopt): + +2011-11-24 Zeno Albisser <zeno@webkit.org> + + [Qt]WK2][Mac] Use Mac port's IPC implementation instead of Unix sockets + https://bugs.webkit.org/show_bug.cgi?id=72495 + + Update defines to not use Unix Domain Sockets for platform Qt on Mac. + This enables Qt to reuse existing code for mach ports and Grand + Central Dispatch based IPC. + + Reviewed by Simon Hausmann. + + * wtf/Platform.h: + +2011-11-24 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] REGRESSION(r101131): WTF::scheduleDispatchFunctionsOnMainThread() doesn't work reliably + + Reviewed by Andreas Kling. + + We must make sure that the MainThreadInvoker object lives in the gui thread. There are a few + ways of doing that and this fix seems like the least intrusive one by simply pushing the + invoker to the gui thread if it's not there already. + + * wtf/qt/MainThreadQt.cpp: + (WTF::scheduleDispatchFunctionsOnMainThread): + +2011-11-24 Patrick Gansterer <paroga@webkit.org> + + [Qt] Use QEvent for dispatchFunctionsFromMainThread() + https://bugs.webkit.org/show_bug.cgi?id=72704 + + Reviewed by Simon Hausmann. + + Replace QMetaObject::invokeMethod with QCoreApplication::postEvent. + This is the same as what invokeMethod does internally, but reduces + the dependency on some internal QThread stuff. + + * wtf/qt/MainThreadQt.cpp: + (WTF::MainThreadInvoker::MainThreadInvoker): + (WTF::MainThreadInvoker::event): + (WTF::scheduleDispatchFunctionsOnMainThread): + +2011-11-23 George Staikos <staikos@webkit.org> + + Remove BlackBerry OS support from RandomNumberSeed, making QNX=UNIX. + https://bugs.webkit.org/show_bug.cgi?id=73028 + + Reviewed by Daniel Bates. + + * wtf/RandomNumberSeed.h: + (WTF::initializeRandomNumberGenerator): + +2011-11-23 Nikolas Zimmermann <nzimmermann@rim.com> + + Add flags/precision arguments to String::number(double) to allow fine-grained control over the result string + https://bugs.webkit.org/show_bug.cgi?id=72793 + + Reviewed by Zoltan Herczeg. + + This new code will be used in follow-up patches to replace the String::format("%.2f") usage in + platform/text/TextStream.cpp, and String::format("%.6lg") usage in svg/SVGPathStringBuilder.cpp. + + The String::number(double) currently calls String::format("%.6lg") in trunk. In order to replace + this by a variant that properly rounds to six significant figures, JSC code could be refactored. + JSCs Number.toPrecision/toFixed uses wtf/dtoa/double-conversion which provides all features we need, + except truncating trailing zeros, needed to mimic the "g" format, which is either f or e but with + trailing zeros removed, producing shorter results. Changed the default signature to: + + "static String number(double, unsigned = ShouldRoundSignificantFigures | ShouldTruncateTrailingZeros, unsigned precision = 6);". + + In WebCore we can now replace String::format() calls like this: + String::format("%.2f", f) -> String::number(f, ShouldRoundDecimalPlaces, 2) + String::format("%.6lg", f) -> String::number(f) + + The default parameters for precison & flags exactly match the format of the string produced now, except that the result + is rounded according to the rounding mode / formatting mode and precision. This paves the way towards reliable results + in the d="" attribute dumps of SVG paths across platforms. The dtoa rounding code enforces a unique zero, resolving + all 0.0 vs. -0.0 issues currently seen on Windows, and some Gtk/Qt bots. + + This patch needs a rebaseline of svg/dom/length-list-parser.html as we don't perfecly mimic the String::format() "lg" mode + result for exponentials, we used to return eg. "e-7" and now return "e-07" - the trailing zero truncation hasn't been + implemented for exponentials, as this really affects only this test and thus wasn't worth the trouble - in contrary the + trailing zero truncation is needed for thousands of other results in "f" notation, and thus needed to match the DRT results. + + Here's a performance comparision using a JSC release build and some arbitary numbers: + Converting 123.456 using old approach took 95.527100ms. avg 0.000955ms/call. + Converting 123.456 using new approach took 28.126953ms. avg 0.000281ms/call. + + Converting 123 using old approach took 85.411133ms. avg 0.000854ms/call. + Converting 123 using new approach took 24.190186ms. avg 0.000242ms/call. + + Converting 0.1 using old approach took 92.622803ms. avg 0.000926ms/call. + Converting 0.1 using new approach took 23.317871ms. avg 0.000233ms/call. + + Converting 1/i using old approach took 106.893066ms. avg 0.001069ms/call. + Converting 1/i using new approach took 27.164062ms. avg 0.000272ms/call. + + For all numbers I've tested in RoundingSignificantFigures mode and 6 digit precision the speedup was at least 250%. + + * JavaScriptCore.exp: Change String::number(double) signature. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Ditto. + * runtime/NumberPrototype.cpp: + (JSC::numberProtoFuncToFixed): Refactor this into numberToFixedPrecisionString(), move to wtf/dtoa.cpp. + (JSC::numberProtoFuncToPrecision): Ditto, refactor this into numberToFixedWidthString. + * wtf/dtoa.cpp: Moved fixedWidth/Precision helpers into dtoa, extend numberToFixedPrecisionString(). Add a mode which allows to truncate trailing zeros/decimal point. + to make it possible to use them to generate strings that match the output from String::format("%6.lg"), while using our dtoas rounding facilities. + * wtf/dtoa.h: + * wtf/dtoa/utils.h: Expose new helper method, which allows us to truncate the result, before generating the output const char*. + (WTF::double_conversion::StringBuilder::SetPosition): + * wtf/text/WTFString.cpp: + (WTF::String::number): Remove String::format("%6.lg") usage! Switch to rounding to six significant figures, while matching the output of String::format. + * wtf/text/WTFString.h: + +2011-11-23 Hajime Morrita <morrita@chromium.org> + + WTF::String has extra WTF_EXPORT_PRIVATE + https://bugs.webkit.org/show_bug.cgi?id=72858 + + Reviewed by Kevin Ollivier. + + * wtf/text/WTFString.h: + (WTF::String::String): + +2011-11-23 Raphael Kubo da Costa <kubo@profusion.mobi> + + [CMake] Move the top-level logic to the top-level directory. + https://bugs.webkit.org/show_bug.cgi?id=72685 + + Reviewed by Brent Fulgham. + + * CMakeLists.txt: Point to the right Source/ directory. + * wtf/CMakeLists.txt: Ditto. + +2011-11-22 Yuqiang Xian <yuqiang.xian@intel.com> + + Strength reduction for Mul and Mod operations for known constants in DFG + https://bugs.webkit.org/show_bug.cgi?id=72878 + + Reviewed by Filip Pizlo. + + Also the code should be commonly shared by both 32_64 and 64. + + * dfg/DFGNode.h: + (JSC::DFG::nodeMayOverflow): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::fmodAsDFGOperation): + (JSC::DFG::SpeculativeJIT::compileInstanceOf): + (JSC::DFG::isPowerOfTwo): + (JSC::DFG::logTwo): + (JSC::DFG::SpeculativeJIT::compileSoftModulo): + (JSC::DFG::SpeculativeJIT::compileArithMul): + (JSC::DFG::SpeculativeJIT::compileArithMod): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-22 Daniel Bates <dbates@rim.com> + + Add WTF infrastructure for the BlackBerry port + https://bugs.webkit.org/show_bug.cgi?id=72970 + + Reviewed by Antonio Gomes. + + * wtf/Assertions.cpp: Added BlackBerry-specific logging directive. + * wtf/MathExtras.h: + (abs): Added; stdlib doesn't contain abs() on QNX. + * wtf/Platform.h: Define WTF_PLATFORM_BLACKBERRY and enable some platform features. + * wtf/RandomNumberSeed.h: + (WTF::initializeRandomNumberGenerator): For the BlackBerry port, we initialize + the bad pseudo random number generator using time(3) before initializing the + Mersenne Twister random number generator. + * wtf/ThreadingPthreads.cpp: + (WTF::createThreadInternal): Added. + * wtf/blackberry: Added. + * wtf/blackberry/MainThreadBlackBerry.cpp: Added. + (WTF::initializeMainThreadPlatform): + (WTF::scheduleDispatchFunctionsOnMainThread): + * wtf/text/WTFString.h: Added constructor and conversion operator for + BlackBerry WebString string object. + +2011-11-22 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r100988. + http://trac.webkit.org/changeset/100988 + https://bugs.webkit.org/show_bug.cgi?id=72941 + + "Broke pixel tests on Chromium-Linux" (Requested by kbalazs on + #webkit). + + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/ParallelJobs.h: + * wtf/ParallelJobsGeneric.cpp: + * wtf/ParallelJobsGeneric.h: + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::execute): + * wtf/Platform.h: + +2011-11-21 Balazs Kelemen <kbalazs@webkit.org> + + Enable ParallelJobs by default + https://bugs.webkit.org/show_bug.cgi?id=70032 + + Reviewed by Zoltan Herczeg. + + According to measurements on Mac and Linux it is a + considerable speedup for SVG on multicore. + + Remove the ENABLE(PARALLEL_JOBS) guard. + Fix build on Windows and Chromium. + + * JavaScriptCore.gypi: Add the files to the build. It was + missing for the gyp build system. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Export symbols. + * wtf/ParallelJobs.h: + * wtf/ParallelJobsGeneric.cpp: + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::execute): + Deinline these to avoid exporting a lot of symbols. + These are non-trivial and called only once on a given object + so it doesn't seems to be worthwile to inline them. + Additionally fix a signed-unsigned comparison in the constructor. + * wtf/ParallelJobsGeneric.h: + * wtf/Platform.h: + +2011-11-21 Filip Pizlo <fpizlo@apple.com> + + DFG should have richer debug output for CFA and phi processing + https://bugs.webkit.org/show_bug.cgi?id=72922 + + Reviewed by Gavin Barraclough. + + In the default verbose mode, we now print information about variable + state at the bottom of basic blocks in addition to the top, and we + also print local variable linking. In the verbose propagation mode, + the state of phi processing is dumped more richly and CFA merging (the + most subtle part of CFA) is traced as well. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::endBasicBlock): + (JSC::DFG::AbstractState::mergeStateAtTail): + * dfg/DFGAbstractValue.h: + (JSC::DFG::StructureAbstractValue::dump): + (JSC::DFG::AbstractValue::dump): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGCommon.h: + (JSC::DFG::NodeIndexTraits::dump): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGNode.h: + (JSC::DFG::Node::dumpChildren): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOperands.h: + (JSC::DFG::OperandValueTraits::dump): + (JSC::DFG::dumpOperands): + +2011-11-21 Filip Pizlo <fpizlo@apple.com> + + Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken + https://bugs.webkit.org/show_bug.cgi?id=71505 + + Reviewed by Gavin Barraclough. + + It turns out that we were corrupting phi nodes in case of overflow. The bug is + really obvious, but producing a test case that causes the badness is hard. Even + when the phi nodes do get corrupt, there's more that has to happen before it + causes incorrect execution - and I wasn't able to reproduce in any kind of + sensible reduced case. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::processPhiStack): + +2011-11-21 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] Speed up debug builds. + https://bugs.webkit.org/show_bug.cgi?id=72882 + + Reviewed by Tor Arne Vestbø. + + * Target.pri: Make BUILDING_JavaScriptCore available earlier, so it can be + used by the build system. + +2011-11-21 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r100913. + http://trac.webkit.org/changeset/100913 + https://bugs.webkit.org/show_bug.cgi?id=72885 + + "Break Windows build" (Requested by kbalazs on #webkit). + + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/ParallelJobs.h: + * wtf/ParallelJobsGeneric.cpp: + * wtf/ParallelJobsGeneric.h: + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::execute): + * wtf/Platform.h: + +2011-11-21 Balazs Kelemen <kbalazs@webkit.org> + + Enable ParallelJobs by default + https://bugs.webkit.org/show_bug.cgi?id=70032 + + Reviewed by Zoltan Herczeg. + + According to measurements on Mac and Linux it is a + considerable speedup for SVG on multicore. + + Remove the ENABLE(PARALLEL_JOBS) guard. + Fix build on Windows and Chromium. + + * JavaScriptCore.gypi: Add the files to the build. It was + missing for the gyp build system. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Export symbols. + * wtf/ParallelJobs.h: + * wtf/ParallelJobsGeneric.cpp: + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::execute): + Deinline these to avoid exporting a lot of symbols. + These are non-trivial and called only once on a given object + so it doesn't seems to be worthwile to inline them. + Additionally fix a signed-unsigned comparison in the constructor. + * wtf/ParallelJobsGeneric.h: + * wtf/Platform.h: + +2011-11-21 Andy Wingo <wingo@igalia.com> + + Add .dir-locals.el file for better Emacs defaults + https://bugs.webkit.org/show_bug.cgi?id=72483 + + Reviewed by Xan Lopez. + + * .dir-locals.el: Set appropriate directory-local variables for Emacs. + +2011-11-21 Filip Pizlo <fpizlo@apple.com> + + Another attempt at a build fix. + + * dfg/DFGRepatch.h: + (JSC::DFG::dfgResetGetByID): + (JSC::DFG::dfgResetPutByID): + +2011-11-20 Filip Pizlo <fpizlo@apple.com> + + Unreviewed interpreter build fix. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::finalizeUnconditionally): + * dfg/DFGRepatch.h: + +2011-11-20 Yuqiang Xian <yuqiang.xian@intel.com> + + Improve modulo operation on 32bit platforms + https://bugs.webkit.org/show_bug.cgi?id=72501 + + Reviewed by Filip Pizlo. + + Extend softModulo to support X86 and MIPS in baseline JIT. + Apply the same optimization to 32bit DFG JIT. + 1% gain on Kraken, tested on Linux Core i7 Nehalem 32bit. + + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compileSoftModulo): + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_mod): + (JSC::JIT::emitSlow_op_mod): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::softModulo): + * wtf/Platform.h: + +2011-11-18 Filip Pizlo <fpizlo@apple.com> + + Inline caches that refer to otherwise dead objects should be cleared + https://bugs.webkit.org/show_bug.cgi?id=72311 + + Reviewed by Geoff Garen. + + DFG code blocks now participate in the weak reference harvester fixpoint + so that they only consider themselves to be live if either they are + currently executing, or their owner is live and all of their weak references + are live. If not, the relevant code blocks are jettisoned. + + Inline caches in both the old JIT and the DFG are now cleared if any of + their references are not marked at the end of a GC. + + This is performance-neutral on SunSpider, V8, and Kraken. With the clear- + all-code-on-GC policy that we currently have, it shows a slight reduction + in memory usage. If we turn that policy off, it's pretty easy to come up + with an example program that will cause ToT to experience linear heap + growth, while with this patch, the heap stays small and remains at a + constant size. + + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::readCallTarget): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::readCallTarget): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::readCallTarget): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::readCallTarget): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + (JSC::CodeBlock::performTracingFixpointIteration): + (JSC::CodeBlock::visitWeakReferences): + (JSC::CodeBlock::finalizeUnconditionally): + (JSC::CodeBlock::stronglyVisitStrongReferences): + (JSC::MethodCallLinkInfo::reset): + (JSC::ProgramCodeBlock::jettison): + (JSC::EvalCodeBlock::jettison): + (JSC::FunctionCodeBlock::jettison): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::reoptimize): + (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan): + * bytecode/Instruction.h: + (JSC::PolymorphicAccessStructureList::visitWeak): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::visitWeakReferences): + * bytecode/StructureStubInfo.h: + (JSC::isGetByIdAccess): + (JSC::isPutByIdAccess): + (JSC::StructureStubInfo::reset): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGOperations.cpp: + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgRepatchByIdSelfAccess): + (JSC::DFG::dfgResetGetByID): + (JSC::DFG::dfgResetPutByID): + * dfg/DFGRepatch.h: + (JSC::DFG::dfgResetGetByID): + (JSC::DFG::dfgResetPutByID): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::resetPatchGetById): + (JSC::JIT::resetPatchPutById): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::resetPatchGetById): + (JSC::JIT::resetPatchPutById): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITWriteBarrier.h: + (JSC::JITWriteBarrierBase::clearToMaxUnsigned): + +2011-11-20 Filip Pizlo <fpizlo@apple.com> + + Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken + https://bugs.webkit.org/show_bug.cgi?id=71505 + + Reviewed by Oliver Hunt. + + The bytecode generator was assuming that call_varargs never reuses the base register + (i.e. the function being called) for the result. This is no longer true. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitCallVarargs): + * bytecompiler/BytecodeGenerator.h: + * bytecompiler/NodesCodegen.cpp: + (JSC::ApplyFunctionCallDotNode::emitBytecode): + +2011-11-20 Filip Pizlo <fpizlo@apple.com> + + DFG 32_64 should directly store double virtual registers on SetLocal + https://bugs.webkit.org/show_bug.cgi?id=72845 + + Reviewed by Oliver Hunt. + + 2% win on Kraken. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-20 Noel Gordon <noel.gordon@gmail.com> + + [chromium] Remove DFG::JITCodeGenerator from the gyp projects + https://bugs.webkit.org/show_bug.cgi?id=72842 + + Reviewed by Filip Pizlo. + + dfg/DFGJITCodeGenerator.{h,cpp} were removed in r100244 + + * JavaScriptCore.gypi: remove dfg/DFGJITCodeGenerator.{h,cpp} + +2011-11-18 Daniel Bates <dbates@rim.com> + + Add CMake build infrastructure for the BlackBerry port + https://bugs.webkit.org/show_bug.cgi?id=72768 + + Reviewed by Antonio Gomes. + + * PlatformBlackBerry.cmake: Added. + * shell/PlatformBlackBerry.cmake: Added. + * wtf/PlatformBlackBerry.cmake: Added. + +2011-11-18 Filip Pizlo <fpizlo@apple.com> + + DFG JIT fails speculation on InstanceOf if the base is not an object + https://bugs.webkit.org/show_bug.cgi?id=72709 + + Reviewed by Geoff Garen. + + InstanceOf already leverages the fact that we only allow the default + hasInstance implementation. So, if the base is predicted to possibly + be not an object and the CFA has not yet proven otherwise, InstanceOf + will abstain from speculating cell and instead return false if the + base is not a cell. + + This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so + speed-up in earley-boyer. Neutral according to bencher on SunSpider, + V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9% + win on V8 even on my harness, due to a 12.5% win on earley-boyer. + + I also took this opportunity to make the code for InstanceOf common + between the two JITs. This was partially successful, in that the + "common code" has a bunch of #if's, but overall it seems like a code + size reduction. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject): + (JSC::DFG::SpeculativeJIT::compileInstanceOf): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com> + + Forgot to completely de-virtualize isDynamicScope + https://bugs.webkit.org/show_bug.cgi?id=72763 + + Reviewed by Darin Adler. + + * runtime/JSActivation.h: Removed virtual keyword. + +2011-11-18 Filip Pizlo <fpizlo@apple.com> + + Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*) + https://bugs.webkit.org/show_bug.cgi?id=72292 + + Reviewed by Darin Adler. + + Fix this for 32_64. + + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + +2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize ExecutableBase::intrinsic + https://bugs.webkit.org/show_bug.cgi?id=72548 + + Reviewed by Oliver Hunt. + + * runtime/Executable.cpp: + (JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value. + * runtime/Executable.h: + * runtime/JSCell.h: + (JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo + rather than requiring C++ RTTI. + +2011-11-18 Patrick Gansterer <paroga@webkit.org> + + [CMake] Remove duplicate dtoa files from CMakeLists.txt + https://bugs.webkit.org/show_bug.cgi?id=72711 + + Reviewed by Brent Fulgham. + + * wtf/CMakeLists.txt: + +2011-11-17 Michael Saboff <msaboff@apple.com> + + [Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=72602 + + Fixed StringImpl::foldCase by adding return in the case we need to handle + folding of 8 bit strings with Latin-1 characters. + + Fixed case where StringImpl::replace was using a char temp instead of an + LChar temp. + + Because of the second change, I changed other uses of char or + unsigned char to LChar. + + Reviewed by Zoltan Herczeg. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::upper): + (WTF::StringImpl::foldCase): + (WTF::equal): + (WTF::equalIgnoringCase): + (WTF::StringImpl::replace): + +2011-11-17 Patrick Gansterer <paroga@webkit.org> + + [CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt + https://bugs.webkit.org/show_bug.cgi?id=72644 + + Reviewed by Brent Fulgham. + + All ports need to do the same determination about fast malloc. Move the CMake code from + platform specific files into the generic one, so that additional ports can reuse it. + + * wtf/CMakeLists.txt: + * wtf/PlatformEfl.cmake: + * wtf/PlatformWinCE.cmake: + +2011-11-17 Mark Hahnenberg <mhahnenberg@apple.com> + + Add finalizer to JSActivation + https://bugs.webkit.org/show_bug.cgi?id=72575 + + Reviewed by Geoffrey Garen. + + * runtime/JSActivation.cpp: + (JSC::JSActivation::finishCreation): Attach finalize function to objects during creation. + (JSC::JSActivation::finalize): + * runtime/JSActivation.h: Replaced virtual destructor with static finalize function. + +2011-11-15 Filip Pizlo <fpizlo@apple.com> + + Code block jettisoning should be part of the GC's transitive closure + https://bugs.webkit.org/show_bug.cgi?id=72467 + + Reviewed by Geoff Garen. + + Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all + DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak + references) and helps track what state each of those code blocks is in during + GC. The state consists of two flags; mayBeExecuting, which tells if the code block + is live from call frames; and isJettisoned, which tells if the code block is + not owned by any executable and thus should be deleted as soon as it is not + mayBeExecuting. + + - Not executing, Not jettisoned: The code block may or may not be reachable from + any executables, but it is owned by an executable, and hence should be + kept alive if its executable is live and if all of its weak references are + live. Otherwise it should be deleted during the current GC cycle, and its + outgoing references should not be scanned. + + - Not executing but jettisoned: The code block should be deleted as soon as + possible and none of its outgoing references should be scanned. + + - Executing but not jettisoned: The code block should be kept alive during this + GC cycle, and all of its outgoing references (including the weak ones) + should be scanned and marked strongly. The mayBeExecuting bit will be cleared at + the end of the GC cycle. + + - Executing and jettisoned: The code block should be kept alive during this + GC cycle, and all of its outgoing references (including the weak ones) + should be scanned and marked strongly. However, on the next GC cycle, it + will have its mayBeExecuting bit cleared and hence it will become a candidate + for immediate deletion provided it is not executing again. + + This is performance-neutral. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::~CodeBlock): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::setJITCode): + (JSC::CodeBlock::DFGData::DFGData): + (JSC::DFGCodeBlocks::mark): + * heap/ConservativeRoots.cpp: + (JSC::ConservativeRoots::add): + * heap/ConservativeRoots.h: + * heap/DFGCodeBlocks.cpp: Added. + (JSC::DFGCodeBlocks::DFGCodeBlocks): + (JSC::DFGCodeBlocks::~DFGCodeBlocks): + (JSC::DFGCodeBlocks::jettison): + (JSC::DFGCodeBlocks::clearMarks): + (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks): + (JSC::DFGCodeBlocks::traceMarkedCodeBlocks): + * heap/DFGCodeBlocks.h: Added. + * heap/Heap.cpp: + (JSC::Heap::jettisonDFGCodeBlock): + (JSC::Heap::markRoots): + (JSC::Heap::collect): + * heap/Heap.h: + * heap/JettisonedCodeBlocks.cpp: Removed. + * heap/JettisonedCodeBlocks.h: Removed. + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::gatherConservativeRoots): + * interpreter/RegisterFile.h: + * runtime/Executable.cpp: + (JSC::jettisonCodeBlock): + +2011-11-16 Filip Pizlo <fpizlo@apple.com> + + Unreviewed, build fix for 32-bit. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-16 Geoffrey Garen <ggaren@apple.com> + + Some CachedCall cleanup, in preparation for reversing argument order. + + Reviewed by Gavin Barraclough. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter, + so I can test it. + + * interpreter/CachedCall.h: + (JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because + we are not that desperate for character saving. + + (JSC::CachedCall::setThis): + (JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for + CallFrameClosure. + + * interpreter/CallFrameClosure.h: + (JSC::CallFrameClosure::setThis): + (JSC::CallFrameClosure::setArgument): + (JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing, + with an explicit setter for 'this', since that's how most clients think. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::prepareForRepeatCall): + * interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis, + for clarity. + +2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize ScriptExecutable::unlinkCalls + https://bugs.webkit.org/show_bug.cgi?id=72546 + + Reviewed by Geoffrey Garen. + + * runtime/Executable.cpp: + (JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error + due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which + didn't have complete type information on the things that needed to be destructed in the implicit destructor. + * runtime/Executable.h: + (JSC::EvalExecutable::createStructure): Used new type value from JSType + (JSC::ProgramExecutable::createStructure): Ditto + (JSC::FunctionExecutable::createStructure): Ditto + (JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation. + * runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable. Remove explicit numbers, since + that just adds noise to patches and they currently have no significance. + +2011-11-16 Filip Pizlo <fpizlo@apple.com> + + JSC::CodeBlock should know which references generated by the DFG are weak + https://bugs.webkit.org/show_bug.cgi?id=72563 + + Reviewed by Geoff Garen. + + CodeBlock::m_dfgData now tracks weak references and weak reference transitions + (like ephemerons) generated by the DFG. The DFG makes sure to notify the + CodeBlock of all uses of weak references and weak reference transitions. + CodeBlock currently marks them strongly, since the weak marking logic is not + in place, yet. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + (JSC::CodeBlock::stronglyVisitWeakReferences): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::appendWeakReference): + (JSC::CodeBlock::shrinkWeakReferencesToFit): + (JSC::CodeBlock::appendWeakReferenceTransition): + (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit): + (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition): + * bytecode/CodeOrigin.h: + (JSC::CodeOrigin::codeOriginOwner): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addWeakReference): + (JSC::DFG::JITCompiler::addWeakReferenceTransition): + (JSC::DFG::JITCompiler::branchWeakPtr): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillJSValue): + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-16 Michael Saboff <msaboff@apple.com> + + LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185) + https://bugs.webkit.org/show_bug.cgi?id=72561 + + Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED(). + Simplified the code in the process. + + Reviewed by James Robinson. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::CharAccess::CharAccess): + (JSC::Yarr::Interpreter::CharAccess::~CharAccess): + +2011-11-16 Geoffrey Garen <ggaren@apple.com> + + Interpreter build fixes. + + * bytecode/CodeBlock.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + +2011-11-16 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for !ENABLE(JIT) after r100363. + + * bytecode/CodeBlock.h: + +2011-11-16 Geoffrey Garen <ggaren@apple.com> + + Rolled back in r100375 and r100385 with 32-bit build fixed. + + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArgList.cpp: + (JSC::ArgList::getSlice): + * runtime/ArgList.h: + * runtime/JSArray.cpp: + (JSC::JSArray::finishCreation): + * runtime/JSArray.h: + (JSC::JSArray::create): + * runtime/JSGlobalObject.h: + (JSC::constructArray): + +2011-11-16 Filip Pizlo <fpizlo@apple.com> + + DFG global variable CSE mishandles the cross-global-object inlining corner case + https://bugs.webkit.org/show_bug.cgi?id=72542 + + Reviewed by Geoff Garen. + + Moved code to get the global object for a code origin into CodeBlock, so it is + more broadly accessible. Fixed CSE to compare both the variable number, and the + global object, before deciding to perform elimination. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::globalObjectFor): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::globalObjectFor): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::globalVarLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + +2011-11-16 Michael Saboff <msaboff@apple.com> + + Enable 8 Bit Strings in JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=71337 + + This patch turns on 8 bit strings in StringImpl and enables + their use in JavaScriptCore. Some of the changes are to + turn on code that had been staged (Lexer.cpp, Identifier.cpp, + SmallStrings.cpp and some of StringImpl.{h,cpp}). + Other changes are minor fixes to make 8 bit strings work + (UString.h, StringImpl::getData16SlowCase()). + Changed StringBuffer to be a templated class based on character + type. This change rippled into WebCore code as well. + + Reviewed by Geoffrey Garen. + + * JavaScriptCore.exp: + * parser/Lexer.cpp: + (JSC::::append8): Changed to use 8 bit buffers. + (JSC::::parseIdentifier): Changed to use 8 bit buffers. + (JSC::::parseString): Changed to use 8 bit buffers. + * runtime/Identifier.cpp: + (JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit + (JSC::Identifier::toUInt32FromCharacters): Templated helper. + (JSC::Identifier::toUInt32): Added 8 bit optimized path. + * runtime/SmallStrings.cpp: + (JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings + * runtime/UString.h: + (JSC::UString::characters): Now calls StringImpl::characters() + * wtf/Forward.h: + * wtf/text/StringBuffer.h: Made StringBuffer a template base on character type. + (WTF::StringBuffer::StringBuffer): + (WTF::StringBuffer::characters): + (WTF::StringBuffer::release): + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::create): + (WTF::StringImpl::getData16SlowCase): Fixed null terminated case. + (WTF::StringImpl::removeCharacters): Added 8 bit path. + (WTF::StringImpl::simplifyMatchedCharactersToSpace): + (WTF::StringImpl::simplifyWhiteSpace): + (WTF::equal): Removed bug from code copied from null terminated version. + (WTF::StringImpl::adopt): Added 8 bit path. + (WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation. + * wtf/text/StringImpl.h: + (WTF::StringImpl::StringImpl): Added new 8 bit constructor. + (WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED(). + (WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings. + (WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings. + * wtf/text/WTFString.h: + (WTF::String::adopt): Changed to use StringBuffer template. + +2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize ExecutableBase::clearCodeVirtual + https://bugs.webkit.org/show_bug.cgi?id=72337 + + Reviewed by Darin Adler. + + Added static finalize functions to the subclasses of ExecutableBase that provide an implementation + of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method, + and had the finalize functions call the corresponding clearCode methods. + + * runtime/Executable.cpp: + (JSC::ExecutableBase::clearCode): + (JSC::NativeExecutable::finalize): + (JSC::EvalExecutable::finalize): + (JSC::EvalExecutable::clearCode): + (JSC::ProgramExecutable::finalize): + (JSC::ProgramExecutable::clearCode): + (JSC::FunctionExecutable::discardCode): + (JSC::FunctionExecutable::finalize): + (JSC::FunctionExecutable::clearCode): + * runtime/Executable.h: + (JSC::ExecutableBase::finishCreation): + (JSC::NativeExecutable::create): + (JSC::EvalExecutable::create): + (JSC::ProgramExecutable::create): + (JSC::FunctionExecutable::create): + +2011-11-16 Yusuke Suzuki <utatane.tea@gmail.com> + + String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral + https://bugs.webkit.org/show_bug.cgi?id=71572 + + Reviewed by Gavin Barraclough and Darin Adler. + + * runtime/RegExpObject.cpp: + (JSC::regExpObjectSource): + +2011-11-16 Darin Adler <darin@apple.com> + + Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer + https://bugs.webkit.org/show_bug.cgi?id=72475 + + Reviewed by Adam Roben. + + * wtf/HashTraits.h: Specialize HashTraits for OwnPtr. + Do overloads so we can pass a nullptr and also be sure to get the + raw pointer type from the OwnPtr template so we handle both forms + of OwnPtr: OwnPtr<T> and OwnPtr<T*>. + +2011-11-16 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions + + Reviewed by Tor Arne Vestbø. + + * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf. + +2011-11-16 Simon Hausmann <simon.hausmann@nokia.com> + + Unreviewed, rolling out r100266. + http://trac.webkit.org/changeset/100266 + + Broke WTR. + + * Target.pri: + +2011-11-16 Darin Adler <darin@apple.com> + + Add a "pass type" and "peek type" concept to HashTraits + https://bugs.webkit.org/show_bug.cgi?id=72473 + + Reviewed by Filip Pizlo. + + * wtf/HashTraits.h: Added the pass type and peek type. + For OwnPtr, the pass type will be PassOwnPtr and the peek + type will be a raw pointer. + +2011-11-16 Darin Adler <darin@apple.com> + + Fix some hash traits that don't derive from the base hash traits + https://bugs.webkit.org/show_bug.cgi?id=72470 + + Reviewed by Filip Pizlo. + + Hash traits structures need to derive from the base hash traits in + HashTraits.h, but some were not. This is needed for compatibility with + some additional traits we will be adding to make OwnPtr work with HashMap. + + * runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from + HashTraits<int>. This enabled removal of all the members except for the + ones that control the empty value, because this is otherwise the same + as the standard int hash. + + * runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive + from HashTraits<SymbolTableEntry> and removed redundant members. + +2011-11-15 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r100375 and r100385. + http://trac.webkit.org/changeset/100375 + http://trac.webkit.org/changeset/100385 + https://bugs.webkit.org/show_bug.cgi?id=72465 + + They broke 32 bit builds on Qt (Requested by ossy on #webkit). + + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArgList.cpp: + (JSC::ArgList::getSlice): + * runtime/ArgList.h: + (JSC::ArgList::ArgList): + * runtime/JSArray.cpp: + * runtime/JSArray.h: + * runtime/JSGlobalObject.h: + +2011-11-15 George Staikos <staikos@webkit.org> + + Remove the guard page from the addressable stack region on QNX. + https://bugs.webkit.org/show_bug.cgi?id=72455 + + Reviewed by Daniel Bates. + + * wtf/StackBounds.cpp: + (WTF::StackBounds::initialize): + +2011-11-15 Michael Saboff <msaboff@apple.com> + + Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings + https://bugs.webkit.org/show_bug.cgi?id=72323 + + Added 8 bit optimized paths for String and UString ascii() and utf8() methods. + + Added String::characters8(), characters16() and is8Bit() helper methods. + + Added an new Unicode::convertLatin1ToUTF8() method that works on + LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8(). + + Reviewed by Geoff Garen. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/UString.cpp: + (JSC::UString::utf8): + * wtf/text/WTFString.cpp: + (WTF::String::ascii): + (WTF::String::utf8): + * wtf/text/WTFString.h: + (WTF::String::characters8): + (WTF::String::characters16): + (WTF::String::is8Bit): + (WTF::LChar): + (WTF::UChar): + * wtf/unicode/UTF8.cpp: + (WTF::Unicode::convertLatin1ToUTF8): + * wtf/unicode/UTF8.h: + * wtf/unicode/Unicode.h: + +2011-11-15 Darin Adler <darin@apple.com> + + REGRESSION (r98887): ParserArena and Keywords leaking + https://bugs.webkit.org/show_bug.cgi?id=72428 + + Reviewed by Sam Weinig. + + * parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr + need to be able to destroy it. + + * parser/Parser.cpp: + (JSC::Parser::Parser): Use get now that parserArena is an OwnPtr. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members. + + * runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr. + +2011-11-15 Geoffrey Garen <ggaren@apple.com> + + Removed another use of ArgList that baked in the assumption that arguments + are forward in the regiter file. + + Reviewed by Sam Weinig. + + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of + working through ArgList. + + * runtime/ArgList.h: Removed! + +2011-11-15 Geoffrey Garen <ggaren@apple.com> + + Removed a use of ArgList that baked in the assumption that arguments + are forward in the regiter file. + + Reviewed by Sam Weinig. + + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): Use new API. + + * runtime/ArgList.cpp: + (JSC::ArgList::getSlice): No need to provide an arbitrary constructor -- + getSlice can do the right thing by using its rights to private data. + + * runtime/ArgList.h: Removed constructor that took a forward-contiguous + set of arguments. + + * runtime/JSArray.cpp: + (JSC::JSArray::finishCreation): + * runtime/JSArray.h: + (JSC::JSArray::create): + * runtime/JSGlobalObject.h: + (JSC::constructArray): Added explicit support for creating an array from + a pre-allocated set of values, so we could stop relying on the ArgList + API we want to remove. + +2011-11-15 Filip Pizlo <fpizlo@apple.com> + + Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*) + https://bugs.webkit.org/show_bug.cgi?id=72292 + + Reviewed by Geoff Garen. + + We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling + an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion() + instead of CodeBlock::alternative(). + + No performance effect. + + No tests because all of our heuristics work very hard to make sure that this never happens in + the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation) + is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still + because the whole point of jettisoning is to bring the probability of future OSR exits to as + close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR + exit after a jettison to be the first of its kind; our whole design tries to ensure that + CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning + is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR + compilation. So this is a truly evil case, and any test for it would be quite fragile. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::specializationKind): + (JSC::CodeBlock::largeFailCountThreshold): + (JSC::CodeBlock::largeFailCountThresholdForLoop): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::AssemblyHelpers): + (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor): + (JSC::DFG::AssemblyHelpers::baselineCodeBlock): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + +2011-11-15 Geoffrey Garen <ggaren@apple.com> + + Use MarkedArgumentBuffer to avoid making assumptions about argument order + https://bugs.webkit.org/show_bug.cgi?id=72418 + + Reviewed by Sam Weinig. + + A step toward reversing the argument order. + + * runtime/JSONObject.cpp: + (JSC::Stringifier::toJSON): + (JSC::Stringifier::appendStringifiedValue): + (JSC::Walker::callReviver): Don't assume that ArgList wants to point + at arguments in forward order. Instead, use MarkedArgumentBuffer, which + will make the decision for us. + +2011-11-15 Filip Pizlo <fpizlo@apple.com> + + DFG should distinguish between constants in the constant pool and weak + constants added as artifacts of code generation + https://bugs.webkit.org/show_bug.cgi?id=72367 + + Reviewed by Geoff Garen. + + Added the notion of a WeakJSConstant, which is like a JSConstant except that + it can only refer to JSCell*. Currently all WeakJSConstants are also backed + by constants in the constant pool, since weak references originated from + machine code are not yet properly handled. + + Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant + and CheckStructure. This results in improved CSE, leading to a 1% win on V8. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::cellConstant): + (JSC::DFG::ByteCodeParser::prepareToParseBlock): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::getJSConstantPrediction): + (JSC::DFG::Graph::valueOfJSConstant): + (JSC::DFG::Graph::valueOfInt32Constant): + (JSC::DFG::Graph::valueOfNumberConstant): + (JSC::DFG::Graph::valueOfBooleanConstant): + * dfg/DFGNode.h: + (JSC::DFG::Node::isWeakConstant): + (JSC::DFG::Node::hasConstant): + (JSC::DFG::Node::weakConstant): + (JSC::DFG::Node::valueOfJSConstant): + (JSC::DFG::Node::isInt32Constant): + (JSC::DFG::Node::isDoubleConstant): + (JSC::DFG::Node::isNumberConstant): + (JSC::DFG::Node::isBooleanConstant): + (JSC::DFG::Node::hasIdentifier): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-15 Michael Saboff <msaboff@apple.com> + + Towards 8 bit Strings - Initial JS String Tuning + https://bugs.webkit.org/show_bug.cgi?id=72326 + + Added 8 bit optimized paths for the methods below. + + Reviewed by Geoffrey Garen. + + * runtime/JSString.h: + (JSC::jsSubstring8): + * runtime/StringPrototype.cpp: + (JSC::jsSpliceSubstrings): + (JSC::jsSpliceSubstringsWithSeparators): + (JSC::stringProtoFuncReplace): + (JSC::stringProtoFuncCharCodeAt): + +2011-11-15 Gavin Barraclough <barraclough@apple.com> + + Result of Error.prototype.toString not ES5 conformant + https://bugs.webkit.org/show_bug.cgi?id=70889 + + Reviewed by Oliver Hunt. + + * runtime/ErrorPrototype.cpp: + (JSC::errorProtoFuncToString): + +2011-11-15 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions + + Reviewed by Tor Arne Vestbø. + + * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf. + +2011-11-15 Yuqiang Xian <yuqiang.xian@intel.com> + + Remove DFGJITCompilerInlineMethods + https://bugs.webkit.org/show_bug.cgi?id=72366 + + Reviewed by Filip Pizlo. + + Those methods are actually seldom used. Modify the few such places and + remove DFGJITCompilerInlineMethods stuffs totally. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addressOfDoubleConstant): + * dfg/DFGJITCompilerInlineMethods.h: Removed. + * dfg/DFGSpeculativeJIT.cpp: + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::silentFillFPR): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillJSValue): + (JSC::DFG::SpeculativeJIT::cachedGetMethod): + +2011-11-14 Filip Pizlo <fpizlo@apple.com> + + DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined + https://bugs.webkit.org/show_bug.cgi?id=72348 + + Reviewed by Gavin Barraclough. + + Moved all of JITCodeGenerator into SpeculativeJIT. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGJITCodeGenerator.cpp: Removed. + * dfg/DFGJITCodeGenerator.h: Removed. + * dfg/DFGJITCodeGenerator32_64.cpp: Removed. + * dfg/DFGJITCodeGenerator64.cpp: Removed. + * dfg/DFGJITCompiler.cpp: + * dfg/DFGRepatch.cpp: + (JSC::DFG::generateProtoChainAccessStub): + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::tryCachePutByID): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::clearGenerationInfo): + (JSC::DFG::SpeculativeJIT::fillStorage): + (JSC::DFG::SpeculativeJIT::useChildren): + (JSC::DFG::SpeculativeJIT::isStrictInt32): + (JSC::DFG::SpeculativeJIT::isKnownInteger): + (JSC::DFG::SpeculativeJIT::isKnownNumeric): + (JSC::DFG::SpeculativeJIT::isKnownCell): + (JSC::DFG::SpeculativeJIT::isKnownNotCell): + (JSC::DFG::SpeculativeJIT::isKnownNotInteger): + (JSC::DFG::SpeculativeJIT::isKnownNotNumber): + (JSC::DFG::SpeculativeJIT::isKnownBoolean): + (JSC::DFG::SpeculativeJIT::writeBarrier): + (JSC::DFG::SpeculativeJIT::markCellCard): + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare): + (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): + (JSC::DFG::dataFormatString): + (JSC::DFG::SpeculativeJIT::dump): + (JSC::DFG::SpeculativeJIT::checkConsistency): + (JSC::DFG::GPRTemporary::GPRTemporary): + (JSC::DFG::GPRTemporary::adopt): + (JSC::DFG::FPRTemporary::FPRTemporary): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::at): + (JSC::DFG::SpeculativeJIT::lock): + (JSC::DFG::SpeculativeJIT::unlock): + (JSC::DFG::SpeculativeJIT::canReuse): + (JSC::DFG::SpeculativeJIT::reuse): + (JSC::DFG::SpeculativeJIT::allocate): + (JSC::DFG::SpeculativeJIT::tryAllocate): + (JSC::DFG::SpeculativeJIT::fprAllocate): + (JSC::DFG::SpeculativeJIT::isFilled): + (JSC::DFG::SpeculativeJIT::isFilledDouble): + (JSC::DFG::SpeculativeJIT::use): + (JSC::DFG::SpeculativeJIT::selectScratchGPR): + (JSC::DFG::SpeculativeJIT::silentSpillGPR): + (JSC::DFG::SpeculativeJIT::silentSpillFPR): + (JSC::DFG::SpeculativeJIT::silentFillGPR): + (JSC::DFG::SpeculativeJIT::silentFillFPR): + (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters): + (JSC::DFG::SpeculativeJIT::silentFillAllRegisters): + (JSC::DFG::SpeculativeJIT::boxDouble): + (JSC::DFG::SpeculativeJIT::unboxDouble): + (JSC::DFG::SpeculativeJIT::spill): + (JSC::DFG::SpeculativeJIT::isConstant): + (JSC::DFG::SpeculativeJIT::isJSConstant): + (JSC::DFG::SpeculativeJIT::isInt32Constant): + (JSC::DFG::SpeculativeJIT::isDoubleConstant): + (JSC::DFG::SpeculativeJIT::isNumberConstant): + (JSC::DFG::SpeculativeJIT::isBooleanConstant): + (JSC::DFG::SpeculativeJIT::isFunctionConstant): + (JSC::DFG::SpeculativeJIT::valueOfInt32Constant): + (JSC::DFG::SpeculativeJIT::valueOfNumberConstant): + (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant): + (JSC::DFG::SpeculativeJIT::valueOfJSConstant): + (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant): + (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant): + (JSC::DFG::SpeculativeJIT::isNullConstant): + (JSC::DFG::SpeculativeJIT::identifier): + (JSC::DFG::SpeculativeJIT::flushRegisters): + (JSC::DFG::SpeculativeJIT::isFlushed): + (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr): + (JSC::DFG::SpeculativeJIT::bitOp): + (JSC::DFG::SpeculativeJIT::shiftOp): + (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): + (JSC::DFG::SpeculativeJIT::addressOfCallData): + (JSC::DFG::SpeculativeJIT::tagOfCallData): + (JSC::DFG::SpeculativeJIT::payloadOfCallData): + (JSC::DFG::SpeculativeJIT::integerResult): + (JSC::DFG::SpeculativeJIT::noResult): + (JSC::DFG::SpeculativeJIT::cellResult): + (JSC::DFG::SpeculativeJIT::booleanResult): + (JSC::DFG::SpeculativeJIT::jsValueResult): + (JSC::DFG::SpeculativeJIT::storageResult): + (JSC::DFG::SpeculativeJIT::doubleResult): + (JSC::DFG::SpeculativeJIT::initConstantInfo): + (JSC::DFG::SpeculativeJIT::resetCallArguments): + (JSC::DFG::SpeculativeJIT::addCallArgument): + (JSC::DFG::SpeculativeJIT::setupArguments): + (JSC::DFG::SpeculativeJIT::setupArgumentsExecState): + (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): + (JSC::DFG::SpeculativeJIT::setupTwoStubArgs): + (JSC::DFG::SpeculativeJIT::setupStubArguments): + (JSC::DFG::SpeculativeJIT::callOperation): + (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): + (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): + (JSC::DFG::SpeculativeJIT::setupResults): + (JSC::DFG::SpeculativeJIT::appendCallSetResult): + (JSC::DFG::SpeculativeJIT::addBranch): + (JSC::DFG::SpeculativeJIT::linkBranches): + (JSC::DFG::SpeculativeJIT::block): + (JSC::DFG::SpeculativeJIT::checkConsistency): + (JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord): + (JSC::DFG::IntegerOperand::IntegerOperand): + (JSC::DFG::IntegerOperand::~IntegerOperand): + (JSC::DFG::IntegerOperand::index): + (JSC::DFG::IntegerOperand::format): + (JSC::DFG::IntegerOperand::gpr): + (JSC::DFG::IntegerOperand::use): + (JSC::DFG::DoubleOperand::DoubleOperand): + (JSC::DFG::DoubleOperand::~DoubleOperand): + (JSC::DFG::DoubleOperand::index): + (JSC::DFG::DoubleOperand::fpr): + (JSC::DFG::DoubleOperand::use): + (JSC::DFG::JSValueOperand::JSValueOperand): + (JSC::DFG::JSValueOperand::~JSValueOperand): + (JSC::DFG::JSValueOperand::index): + (JSC::DFG::JSValueOperand::gpr): + (JSC::DFG::JSValueOperand::jsValueRegs): + (JSC::DFG::JSValueOperand::isDouble): + (JSC::DFG::JSValueOperand::fill): + (JSC::DFG::JSValueOperand::tagGPR): + (JSC::DFG::JSValueOperand::payloadGPR): + (JSC::DFG::JSValueOperand::fpr): + (JSC::DFG::JSValueOperand::use): + (JSC::DFG::StorageOperand::StorageOperand): + (JSC::DFG::StorageOperand::~StorageOperand): + (JSC::DFG::StorageOperand::index): + (JSC::DFG::StorageOperand::gpr): + (JSC::DFG::StorageOperand::use): + (JSC::DFG::GPRTemporary::~GPRTemporary): + (JSC::DFG::GPRTemporary::gpr): + (JSC::DFG::FPRTemporary::~FPRTemporary): + (JSC::DFG::FPRTemporary::fpr): + (JSC::DFG::FPRTemporary::FPRTemporary): + (JSC::DFG::GPRResult::GPRResult): + (JSC::DFG::GPRResult2::GPRResult2): + (JSC::DFG::FPRResult::FPRResult): + (JSC::DFG::FPRResult::lockedResult): + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillInteger): + (JSC::DFG::SpeculativeJIT::fillDouble): + (JSC::DFG::SpeculativeJIT::fillJSValue): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): + (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): + (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp): + (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp): + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::cachedPutById): + (JSC::DFG::SpeculativeJIT::cachedGetMethod): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::emitCall): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillInteger): + (JSC::DFG::SpeculativeJIT::fillDouble): + (JSC::DFG::SpeculativeJIT::fillJSValue): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): + (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): + (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): + (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp): + (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp): + (JSC::DFG::SpeculativeJIT::cachedGetById): + (JSC::DFG::SpeculativeJIT::cachedPutById): + (JSC::DFG::SpeculativeJIT::cachedGetMethod): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::SpeculativeJIT::emitCall): + * runtime/JSFunction.h: + +2011-11-14 Filip Pizlo <fpizlo@apple.com> + + Weak reference harvesters should run to fixpoint + https://bugs.webkit.org/show_bug.cgi?id=72346 + + Reviewed by Oliver Hunt. + + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * heap/ListableHandler.h: + (JSC::ListableHandler::next): + (JSC::ListableHandler::List::head): + (JSC::ListableHandler::List::removeNext): + (JSC::ListableHandler::List::removeAll): + * heap/MarkStack.cpp: + (JSC::MarkStackThreadSharedData::reset): + (JSC::SlotVisitor::harvestWeakReferences): + * heap/MarkStack.h: + (JSC::MarkStack::isEmpty): + +2011-11-14 Oliver Hunt <oliver@apple.com> + + Start migrating typed array impl types to WTF + https://bugs.webkit.org/show_bug.cgi?id=72336 + + Reviewed by Geoffrey Garen. + + Add typed array impls to WTF forwarding header. + + * wtf/Forward.h: + +2011-11-14 Julien Chaffraix <jchaffraix@webkit.org> + + Add --css-grid-layout to build-webkit and the build systems + https://bugs.webkit.org/show_bug.cgi?id=72320 + + Reviewed by Ojan Vafai. + + * Configurations/FeatureDefines.xcconfig: + +2011-11-14 Geoffrey Garen <ggaren@apple.com> + + A little bit of arguments / activation cleanup + https://bugs.webkit.org/show_bug.cgi?id=72339 + + Reviewed by Gavin Barraclough. + + Renamed copyRegisters => tearOff to match bytecode and other terminology. + + Renamed setActivation => didTearOffActivation to indicate that this is a + notification the object may choose to ignore. Moved "Should I ignore?" + code into the arguments object to avoid duplication elsewhere. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::unwindCallFrame): + (JSC::Interpreter::privateExecute): + (JSC::Interpreter::retrieveArguments): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Arguments.h: + (JSC::Arguments::createAndTearOff): + (JSC::Arguments::didTearOffActivation): + (JSC::Arguments::finishCreationButDontTearOff): + (JSC::Arguments::finishCreation): + (JSC::Arguments::finishCreationAndTearOff): + (JSC::Arguments::tearOff): + + * runtime/JSActivation.h: + (JSC::JSActivation::tearOff): Moved Activation's code into its own header + because that's where it belongs. + +2011-11-14 Gavin Barraclough <barraclough@apple.com> + + Should sign the jsc binary + https://bugs.webkit.org/show_bug.cgi?id=72332 + + Reviewed by David Kilzer. + + * Configurations/JSC.xcconfig: + * entitlements.plist: Added. + +2011-11-14 Filip Pizlo <fpizlo@apple.com> + + DFG's inline references to objects should be tracked + https://bugs.webkit.org/show_bug.cgi?id=72313 + + Reviewed by Gavin Barraclough. + + Added a pinCell() method in the parser that currently creates a + dummy constant in CodeBlock. Added calls to pinCell() wherever the + DFG would inline a constant reference that the original code would + not have referred to. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getCellConstantIndex): + (JSC::DFG::ByteCodeParser::pinCell): + (JSC::DFG::ByteCodeParser::cellConstant): + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + +2011-11-14 Filip Pizlo <fpizlo@apple.com> + + DFG put_by_id transition optimizations test the wrong structures + https://bugs.webkit.org/show_bug.cgi?id=72324 + + Reviewed by Gavin Barraclough. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::structureChainIsStillValid): + (JSC::DFG::ByteCodeParser::parseBlock): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + +2011-11-14 Michael Saboff <msaboff@apple.com> + + Further changes and cleanup to JSString.h and cpp. + + Reviewed by Darin Adler. + + * runtime/JSString.cpp: + (JSC::JSString::resolveRope): Change PassRefPtr to RefPtr. Eliminated exec in slow case calls. + (JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name. + (JSC::JSString::resolveRopeSlowCase): Removed exec parameter. + * runtime/JSString.h: + +2011-11-14 Adam Barth <abarth@webkit.org> + + DateMath.cpp should not depend on JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=71747 + + Reviewed by Darin Adler. + + This patch moves the JSC-specific parts of DateMath into JSDateMath in + JavaScriptCore. There shouldn't be any behavior change. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * runtime/DateConstructor.cpp: + * runtime/DateConversion.cpp: + * runtime/DateInstance.cpp: + * runtime/DateInstanceCache.h: + * runtime/DatePrototype.cpp: + * runtime/InitializeThreading.cpp: + * runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp. + (JSC::timeToMS): + (JSC::msToSeconds): + * runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h. + * wtf/DateMath.cpp: + (WTF::isLeapYear): + (WTF::msToDays): + (WTF::msToMinutes): + (WTF::msToHours): + (WTF::parseDateFromNullTerminatedCharacters): + (WTF::makeRFC2822DateString): + * wtf/DateMath.h: + +2011-11-14 Michael Saboff <msaboff@apple.com> + + Towards 8 bit strings - Add 8 bit handling to JSString Ropes + https://bugs.webkit.org/show_bug.cgi?id=72317 + + Added bit to track that a rope is made up of all 8 bit fibers. + Created an 8 bit path (fast and slow cases) to handle 8 bit + only ropes. + + Reviewed by Oliver Hunt. + + * runtime/JSString.cpp: + (JSC::JSString::resolveRope): + (JSC::JSString::resolveRopeSlowCase8): + (JSC::JSString::resolveRopeSlowCase16): + * runtime/JSString.h: + (JSC::RopeBuilder::finishCreation): + (JSC::RopeBuilder::is8Bit): + (JSC::jsSubstring8): + +2011-11-14 Geoffrey Garen <ggaren@apple.com> + + A little bit of function call cleanup + https://bugs.webkit.org/show_bug.cgi?id=72314 + + Reviewed by Oliver Hunt. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset + because this value doesn't give you the offset of the callee's call frame. + + (JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead + of greater-than. Removed comment since its reasoning was wrong. + + (JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above. + + (JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way + to ask this question, giving the bytecode generator more freedom to change + internal implementation details. + + * bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because + 16 was overkill. + (JSC::CallArguments::registerOffset): Updated for rename mentioned above. + + * bytecompiler/NodesCodegen.cpp: + (JSC::CallArguments::CallArguments): + (JSC::CallArguments::newArgument): Factored out argument allocation into + a helper function, so I can change it later. + + (JSC::CallFunctionCallDotNode::emitBytecode): + (JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above. + +2011-11-14 Tony Chang <tony@chromium.org> + + Remove the CSS3_FLEXBOX compile time flag and enable on all ports + https://bugs.webkit.org/show_bug.cgi?id=72196 + + Reviewed by Ojan Vafai. + + * Configurations/FeatureDefines.xcconfig: + +2011-11-14 Mark Rowe <mrowe@apple.com> + + <rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore + + testRegExp and testapi.js were being installed in the JavaScriptCore framework. + As test-only tools they shouldn't be installed there by default, only when + FORCE_TOOL_INSTALL is set to YES. + + This patch incorprorates a few related changes: + 1) Make the jsc and testRegExp targets be configured via .xcconfig files. + 2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when + FORCE_TOOL_INSTALL is YES. + 3) Switches the testapi target to using a script build phase to install testapi.js + so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure + why this isn't the built-in behavior when a Copy Files build phase has "Copy only + when installing" checked, but it doesn't seem to be. + 4) Other random cleanup such as removing a bogus group that refers to files that do + not exist, moving testRegExp.cpp in to the tests group, etc. + + Reviewed by Geoff Garen. + + * Configurations/JSC.xcconfig: Added. + * Configurations/TestRegExp.xcconfig: Added. + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-11-14 Michael Saboff <msaboff@apple.com> + + Towards 8 bit strings - Add 8 bit paths to StringImpl methods + https://bugs.webkit.org/show_bug.cgi?id=72290 + + Added 8 bit patchs to StringImpl to number and find methods. + + Reviewed by Oliver Hunt. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::toIntStrict): + (WTF::StringImpl::toUIntStrict): + (WTF::StringImpl::toInt64Strict): + (WTF::StringImpl::toUInt64Strict): + (WTF::StringImpl::toIntPtrStrict): + (WTF::StringImpl::toInt): + (WTF::StringImpl::toUInt): + (WTF::StringImpl::toInt64): + (WTF::StringImpl::toUInt64): + (WTF::StringImpl::toIntPtr): + (WTF::StringImpl::toDouble): + (WTF::StringImpl::toFloat): + (WTF::StringImpl::find): + (WTF::StringImpl::reverseFind): + * wtf/text/WTFString.cpp: + (WTF::toIntegralType): + (WTF::lengthOfCharactersAsInteger): + (WTF::charactersToIntStrict): + (WTF::charactersToUIntStrict): + (WTF::charactersToInt64Strict): + (WTF::charactersToUInt64Strict): + (WTF::charactersToIntPtrStrict): + (WTF::charactersToInt): + (WTF::charactersToUInt): + (WTF::charactersToInt64): + (WTF::charactersToUInt64): + (WTF::charactersToIntPtr): + (WTF::toDoubleType): + (WTF::charactersToDouble): + (WTF::charactersToFloat): + * wtf/text/WTFString.h: + (WTF::find): + (WTF::reverseFind): + +2011-11-14 Vincent Scheib <scheib@chromium.org> + + Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags + https://bugs.webkit.org/show_bug.cgi?id=72286 + + Reviewed by Adam Barth. + + * wtf/Platform.h: + +2011-11-14 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=72280 + + Rubber stamped by Geoff Garen. + + Fix 32-bit Lion. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): + +2011-11-14 Geoffrey Garen <ggaren@apple.com> + + 32-bit Build fix: declare virtual register indices to be int rather than + unsigned, since they can be positive or negative. + + For better clarity, explicitly use ReturnPC instead of -1 as the "invalid" + state, since we'll never load and operate on the ReturnPC as a JS value. + + * jit/JIT.cpp: + (JSC::JIT::JIT): + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitLoadTag): + (JSC::JIT::emitLoadPayload): + (JSC::JIT::emitLoad): + (JSC::JIT::emitLoad2): + (JSC::JIT::emitLoadDouble): + (JSC::JIT::emitLoadInt32ToDouble): + (JSC::JIT::emitStore): + (JSC::JIT::emitStoreInt32): + (JSC::JIT::emitStoreAndMapInt32): + (JSC::JIT::emitStoreCell): + (JSC::JIT::emitStoreBool): + (JSC::JIT::emitStoreDouble): + (JSC::JIT::map): + (JSC::JIT::unmap): + (JSC::JIT::isMapped): + (JSC::JIT::getMappedPayload): + (JSC::JIT::getMappedTag): + (JSC::JIT::emitJumpSlowCaseIfNotJSCell): + +2011-11-14 Michael Saboff <msaboff@apple.com> + + Remove unused m_data member from UStringSourceProvider + https://bugs.webkit.org/show_bug.cgi?id=72289 + + Removed unused m_data member from UStringSourceProvider. + + Reviewed by Oliver Hunt. + + * parser/SourceProvider.h: + (JSC::UStringSourceProvider::UStringSourceProvider): + +2011-11-14 Michael Saboff <msaboff@apple.com> + + Towards 8 Bit Strings: Templatize YARR Parser + https://bugs.webkit.org/show_bug.cgi?id=72288 + + Changed Yarr::Parser to be a template based on character type. + + Reviewed by Oliver Hunt. + + * yarr/YarrParser.h: + (JSC::Yarr::Parser::Parser): + (JSC::Yarr::parse): + +2011-11-14 Geoffrey Garen <ggaren@apple.com> + + 32-bit build fix: Removed unused declaration. + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + +2011-11-12 Geoffrey Garen <ggaren@apple.com> + + Standardized the JS calling convention + https://bugs.webkit.org/show_bug.cgi?id=72221 + + Reviewed by Oliver Hunt. + + This patch standardizes the calling convention so that the caller always + sets up the callee's CallFrame. Adjustments for call type, callee type, + argument count, etc. now always take place after that initial setup. + + This is a step toward reversing the argument order, but also has these + immediate benefits (measured on x64): + + (1) 1% benchmark speedup across the board. + + (2) 50% code size reduction in baseline JIT function calls. + + (3) 1.5x speedup for single-dispatch .apply forwarding. + + (4) 1.1x speedup for multi-dispatch .apply forwarding. + + This change affected the baseline JIT most, since the baseline JIT had + lots of ad hoc calling conventions for different caller / callee types. + + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::branchPtr): + (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into + a test, like other assemblers do. (I added some compares to 0, and didn't + want them to be slow.) + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so + op_call_varargs could share code generation with other forms of op_call. + This is also a small optimization, since op_*varargs no longer have to + pass arguments to each other through the register file. + + (JSC::CallLinkInfo::unlink): + * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows + us to link functions called through .apply syntax. We need to distinguish + CallVarargs from Call because CallVarargs changes its argument count + on each inovcation, so we must always link to the argument count checking + version of the callee. + + * bytecode/Opcode.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitCallVarargs): + * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs. + + * bytecompiler/NodesCodegen.cpp: + (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified + some of this bytecode generation to remove redundant copies. + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs. + DFG doesn't support this type, but its code needs to change slightly + to accomodate a 3-state variable. + + Stopped passing the argument count in regT1 because this is non-standard. + (The argument count goes in the CallFrame. This trades speed on the slow + path for speed and code size on the fast path, and simplicity on all paths. + A good trade, in my opinion.) + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::link): + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame + setup more obvious when single-stepping. Also, updated for argument count + not being in regT1. + + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addJSCall): + (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call + type: CallVarargs. + + * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before + doing anything else. Don't check for stack overflow because we have no callee + registers, and our caller has already checked for its own registers. + + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument + count doesn't match -- we just need to link to the argument count checking + version. + + * interpreter/CallFrameClosure.h: + (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many + arguments from C++, we need to supply a full copy of the arguments prior + to the subset copy that matches our callee's argument count. (That is what + the standard calling convention would have produced in JS.) I would have + split this into its own patch, but I couldn't find a way to get the JIT + to fail a regression test in this area without my patch applied. + + * interpreter/Interpreter.cpp: Let the true code bomb begin! + + (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame, + and not eval()'s caller frame. We no longer leave the CallFrame pointing + to eval()'s caller during a call to eval(), since that is not standard. + + (JSC::loadVarargs): Factored out a shared helper function for use by JIT + and interpreter because half the code means one quarter the bugs -- in my + programming, at least. + + (JSC::Interpreter::execute): Removed a now-unused way to invoke eval. + + (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following + putDirect, because it got in the way of my testing. (When putting a + function, the cached base of a PutPropertySlot can be 0 to signify "do + not optimize".) + + op_call_eval: Updated for new, standard eval calling convention. + + op_load_varargs: Merged op_load_varargs into op_call_varargs. + + op_call_varags: Updated for new, standard eval calling convention. Don't + check for stack overflow because the loadVarargs helper function already + checked. + + * interpreter/Interpreter.h: + (JSC::Interpreter::execute): Headers are fun and educational! + + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::growSlowCase): + * interpreter/RegisterFile.h: + (JSC::RegisterFile::grow): Factored out the slow case into a slow + case because it was cramping the style of my fast case. + + * jit/JIT.cpp: + (JSC::JIT::privateCompile): Moved initialization of + RegisterFile::CodeBlock to make it more obvious when debugging. Removed + assumption that argument count is in regT1, as above. Removed call to + restoreArgumentReference() because the JITStubCall abstraction does this for us. + + (JSC::JIT::linkFor): Link even if we miss on argument count, as above. + + * jit/JIT.h: + * jit/JITCall32_64.cpp: + (JSC::JIT::emitSlow_op_call): + (JSC::JIT::emitSlow_op_call_eval): + (JSC::JIT::emitSlow_op_call_varargs): + (JSC::JIT::emitSlow_op_construct): + (JSC::JIT::emit_op_call_eval): + (JSC::JIT::emit_op_call_varargs): Share all function call code generation. + Don't count call_eval when accounting for linkable function calls because + eval doesn't link. (Its fast path is to perform the eval.) + + (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization + to our new calling convention. The key to this optimization is the + observation that, in a function that declares no arguments, if any + arguments are passed, they all end up right behind 'this'. + + (JSC::JIT::compileCallEval): + (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity. + + (JSC::JIT::compileOpCall): + (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader, + this is the whole point of my patch. The caller now unconditionally moves + the CallFrame forward and fills in the data it knows before taking any + branches to deal with weird caller/callee pairs. + + This also means that there is almost no slow path for calls -- it all + gets folded into the shared virtual call stub. The only things remaining + in the slow path are the rare case counter and a call to the stub. + + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): Updated for values being in + different registers or in memory, based on our new standard calling + convention. + + Added a shared path for calling out to CTI helper functions for non-JS + calls. + + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_method_check): method_check emits its own code and + the following get_by_id's code, so it needs to add both when informing + result chaining of its result. This is important because the standard + calling convention can now take advantage of this chaining. + + * jit/JITCall.cpp: + (JSC::JIT::compileLoadVarargs): + (JSC::JIT::compileCallEval): + (JSC::JIT::compileCallEvalSlowCase): + (JSC::JIT::compileOpCall): + (JSC::JIT::compileOpCallSlowCase): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::emit_op_call_eval): + (JSC::JIT::emit_op_call_varargs): + (JSC::JIT::emitSlow_op_call): + (JSC::JIT::emitSlow_op_call_eval): + (JSC::JIT::emitSlow_op_call_varargs): + (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a + second time, now with 64 bits. + + * jit/JITStubs.cpp: + (JSC::throwExceptionFromOpCall): + (JSC::jitCompileFor): + (JSC::arityCheckFor): + (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose: + Exceptions thrown in the middle of a function call now use a shared helper + function (throwExceptionFromOpCall). This function understands that the + CallFrame currently points to the callEE, and the exception must be + thrown by the callER. (The old calling convention would often still have + the CallFrame pointing at the callER at the point of an exception. That + is not the way of our new, standard calling convention.) + + (JSC::op_call_eval): Finish standard CallFrame setup before calling + our eval helper function, which now depends on that setup. + + * runtime/Arguments.h: + (JSC::Arguments::length): Renamed numProvidedArguments() to length() + because that's what other objects call it, and the difference made our + new loadVarargs helper function hard to read. + + * runtime/Executable.cpp: + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build + fixes. + + * runtime/FunctionPrototype.cpp: + (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when + the .apply call_varargs optimization fails. (This bug appears on layout + tests when you disable the optimization.) + +2011-11-11 Jer Noble <jer.noble@apple.com> + + Implement MediaController. + https://bugs.webkit.org/show_bug.cgi?id=71408 + + Reviewed by Eric Carlson. + + Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as + CoreAudioClock.h is not available there. + + * wtf/Platform.h: + +2011-11-14 Patrick Gansterer <paroga@webkit.org> + + [WIN] Remove dependency on pthread from FastMalloc + https://bugs.webkit.org/show_bug.cgi?id=72098 + + Reviewed by Adam Roben. + + All pthread calls are already ported to native Windows calls. + Use the native version for all OS(WINDOWS) to remove the + runtime dependency on the pthread dll. + + * wtf/FastMalloc.cpp: + +2011-11-14 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] Replace use of QApplication with QGuiApplication. + + Reviewed by Tor Arne Vestbø. + + * wtf/qt/compat/qguiapplication.h: + (QGuiApplication::styleHints): Introduce styleHints wrapper hack. + +2011-11-14 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck build. + + * GNUmakefile.list.am: Add missing files. + +2011-11-11 Yury Semikhatsky <yurys@chromium.org> + + Web Inspector: function remote objetct should provide access to function position in the script + https://bugs.webkit.org/show_bug.cgi?id=71808 + + Exposed accessor for function source code. + + Reviewed by Pavel Feldman. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSFunction.cpp: + (JSC::JSFunction::sourceCode): + * runtime/JSFunction.h: + +2011-11-13 Yuqiang Xian <yuqiang.xian@intel.com> + + Fix silent spilling/filling GPRs in DFG 32_64 + https://bugs.webkit.org/show_bug.cgi?id=72201 + + Reviewed by Gavin Barraclough. + + Current silentSpillGPR/silentFillGPR may not work as expected for some + cases in 32_64. If there's a JSValue which was retained by two GPRs, + we may end up failing to spill/fill some GPRs or redundantly + spilling/filling some GPRs. For example, if we tend to exclude "eax" + from spilling while a JSValue is retained by both "eax" and "edx", + then "edx" won't be spilled as well (wrong). And if another JSValue is + retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled + twice. The similar problem applies to silentFillGPR. + The fix is to make silentSpillGPR/silentFillGPR more straightforward, + i.e., spilling/filling based on the GPR instead of the virtual + register. FPR spilling/filling is also modified accordingly to make it + consistent with GPR spilling/filling. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentSpillGPR): + (JSC::DFG::JITCodeGenerator::silentSpillFPR): + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::silentFillFPR): + (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): + (JSC::DFG::JITCodeGenerator::silentFillAllRegisters): + +2011-11-12 Laszlo Gombos <laszlo.1.gombos@nokia.com> + + [Qt][Symbian] Remove support for WINSCW compiler + https://bugs.webkit.org/show_bug.cgi?id=70178 + + Reviewed by Chang Shu. + + * API/JSStringRef.h: + * create_hash_table: Revert r45553. + * runtime/JSGlobalData.cpp: Revert r45553. + * runtime/LiteralParser.cpp: Remove WINSCW comment. + (JSC::LiteralParser::Lexer::lexString): + * runtime/Lookup.h: Revert r45553. + * runtime/Structure.h: Revert r48461. + * wtf/Alignment.h: + * wtf/Assertions.h: Revert r52337. + * wtf/Compiler.h: + * wtf/ListRefPtr.h: Revert r48988. + (WTF::ListRefPtr::~ListRefPtr): + * wtf/OwnArrayPtr.h: Revert r45911. + (WTF::OwnArrayPtr::operator UnspecifiedBoolType): + * wtf/PassOwnArrayPtr.h: + (WTF::PassOwnArrayPtr::operator UnspecifiedBoolType): + * wtf/PassRefPtr.h: + * wtf/StaticConstructors.h: + * wtf/unicode/qt4/UnicodeQt4.h: + +2011-11-12 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code. + + * dfg/DFGCorrectableJumpPoint.cpp: + * dfg/DFGCorrectableJumpPoint.h: + +2011-11-12 Patrick Gansterer <paroga@webkit.org> + + [CMake] Move list of DFG source files into correct file + https://bugs.webkit.org/show_bug.cgi?id=72212 + + Reviewed by Daniel Bates. + + The DFG files are platform independent. So move them from + the EFL specific file into the general CMakeLists.txt. + + * CMakeLists.txt: + * PlatformEfl.cmake: + +2011-11-12 Patrick Gansterer <paroga@webkit.org> + + Fix "unused variable" warning in JSLock + https://bugs.webkit.org/show_bug.cgi?id=72213 + + Reviewed by Anders Carlsson. + + Use ASSERT_UNUSED() instead of ASSERT() to make sure + that the variable is also used in the release build. + + * runtime/JSLock.cpp: + (JSC::JSLock::lock): + (JSC::JSLock::unlock): + +2011-11-11 Gavin Barraclough <barraclough@apple.com> + + Update iOS compiler version. + + Reviewed by David Kilzer. + + * Configurations/CompilerVersion.xcconfig: + - Update compiler version. + +2011-11-11 Gavin Barraclough <barraclough@apple.com> + + Update iOS port's configuration setting, particularly in Platform.h + https://bugs.webkit.org/show_bug.cgi?id=72187 + + Reviewed by David Kilzer. + + * interpreter/Interpreter.h: + - Lower the reentry depth. + * runtime/DatePrototype.cpp: + - iOS also uses CF. + * wtf/FastMalloc.cpp: + (WTF::TCMalloc_PageHeap::IncrementalScavenge): + - Update fastmalloc configuration for iOS. + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): + - Added flag. + * wtf/Platform.h: + - Update platform configuration for iOS. + +2011-11-11 David Kilzer <ddkilzer@apple.com> + + Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X + <http://webkit.org/b/72175> + + Reviewed by Joseph Pecoraro. + + * wtf/Platform.h: Move the definition of the BUILDING_ON_* and + TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined + so that they're only defined on Mac OS X builds. Also include + Availability.h, which is needed on iOS builds. + +2011-11-11 Darin Adler <darin@apple.com> + + Remove all releaseRef implementations except for RetainPtr + https://bugs.webkit.org/show_bug.cgi?id=71423 + + Reviewed by Julien Chaffraix. + + * API/JSRetainPtr.h: Removed releaseRef. + * wtf/PassRefPtr.h: Removed releaseRef. + +2011-11-11 Darin Adler <darin@apple.com> + + * JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file. + If an older Xcode downgrades this file and we have a risk of some kind of + oscillating commit situation, please contact me so I know not to do this again. + +2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com> + + Add jsCast to replace static_cast + https://bugs.webkit.org/show_bug.cgi?id=72071 + + Reviewed by Geoffrey Garen. + + Added new jsCast and changed all of the static_cast sites in functions that + are in the MethodTable to use jsCast instead. + + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::toStringCallback): + (JSC::JSCallbackFunction::valueOfCallback): + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::visitChildren): + * API/JSCallbackObjectFunctions.h: + (JSC::::className): + (JSC::::getOwnPropertySlot): + (JSC::::getOwnPropertyDescriptor): + (JSC::::put): + (JSC::::deleteProperty): + (JSC::::deletePropertyByIndex): + (JSC::::getConstructData): + (JSC::::hasInstance): + (JSC::::getCallData): + (JSC::::getOwnPropertyNames): + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::visitChildren): + (JSC::DebuggerActivation::className): + (JSC::DebuggerActivation::getOwnPropertySlot): + (JSC::DebuggerActivation::put): + (JSC::DebuggerActivation::putWithAttributes): + (JSC::DebuggerActivation::deleteProperty): + (JSC::DebuggerActivation::getOwnPropertyNames): + (JSC::DebuggerActivation::getOwnPropertyDescriptor): + (JSC::DebuggerActivation::defineGetter): + (JSC::DebuggerActivation::defineSetter): + * runtime/Arguments.cpp: + (JSC::Arguments::visitChildren): + (JSC::Arguments::getOwnPropertySlotByIndex): + (JSC::Arguments::getOwnPropertySlot): + (JSC::Arguments::getOwnPropertyDescriptor): + (JSC::Arguments::getOwnPropertyNames): + (JSC::Arguments::putByIndex): + (JSC::Arguments::put): + (JSC::Arguments::deletePropertyByIndex): + (JSC::Arguments::deleteProperty): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::getOwnPropertySlot): + (JSC::ArrayConstructor::getOwnPropertyDescriptor): + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::getOwnPropertySlot): + (JSC::ArrayPrototype::getOwnPropertyDescriptor): + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::getOwnPropertySlot): + (JSC::BooleanPrototype::getOwnPropertyDescriptor): + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::getOwnPropertySlot): + (JSC::DateConstructor::getOwnPropertyDescriptor): + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::getOwnPropertySlot): + (JSC::DatePrototype::getOwnPropertyDescriptor): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::getOwnPropertySlot): + (JSC::ErrorPrototype::getOwnPropertyDescriptor): + * runtime/Executable.cpp: + (JSC::ExecutableBase::clearCode): + (JSC::EvalExecutable::visitChildren): + (JSC::ProgramExecutable::visitChildren): + (JSC::FunctionExecutable::visitChildren): + * runtime/GetterSetter.cpp: + (JSC::GetterSetter::visitChildren): + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildren): + (JSC::JSActivation::getOwnPropertyNames): + (JSC::JSActivation::getOwnPropertySlot): + (JSC::JSActivation::put): + (JSC::JSActivation::putWithAttributes): + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertySlotByIndex): + (JSC::JSArray::getOwnPropertySlot): + (JSC::JSArray::getOwnPropertyDescriptor): + (JSC::JSArray::put): + (JSC::JSArray::putByIndex): + (JSC::JSArray::deleteProperty): + (JSC::JSArray::deletePropertyByIndex): + (JSC::JSArray::getOwnPropertyNames): + (JSC::JSArray::visitChildren): + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::hasInstance): + (JSC::JSBoundFunction::visitChildren): + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::getOwnPropertySlot): + (JSC::JSByteArray::getOwnPropertyDescriptor): + (JSC::JSByteArray::getOwnPropertySlotByIndex): + (JSC::JSByteArray::put): + (JSC::JSByteArray::putByIndex): + (JSC::JSByteArray::getOwnPropertyNames): + * runtime/JSCell.h: + (JSC::JSCell::visitChildren): + (JSC::jsCast): + * runtime/JSFunction.cpp: + (JSC::JSFunction::visitChildren): + (JSC::JSFunction::getCallData): + (JSC::JSFunction::getOwnPropertySlot): + (JSC::JSFunction::getOwnPropertyDescriptor): + (JSC::JSFunction::getOwnPropertyNames): + (JSC::JSFunction::put): + (JSC::JSFunction::deleteProperty): + (JSC::JSFunction::getConstructData): + * runtime/JSGlobalData.cpp: + (JSC::StackPreservingRecompiler::operator()): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::put): + (JSC::JSGlobalObject::putWithAttributes): + (JSC::JSGlobalObject::defineGetter): + (JSC::JSGlobalObject::defineSetter): + (JSC::JSGlobalObject::visitChildren): + (JSC::JSGlobalObject::getOwnPropertySlot): + (JSC::JSGlobalObject::getOwnPropertyDescriptor): + (JSC::JSGlobalObject::clearRareData): + * runtime/JSGlobalThis.cpp: + (JSC::JSGlobalThis::visitChildren): + * runtime/JSONObject.cpp: + (JSC::JSONObject::getOwnPropertySlot): + (JSC::JSONObject::getOwnPropertyDescriptor): + * runtime/JSObject.cpp: + (JSC::JSObject::finalize): + (JSC::JSObject::visitChildren): + (JSC::JSObject::getOwnPropertySlotByIndex): + (JSC::JSObject::put): + (JSC::JSObject::putByIndex): + (JSC::JSObject::deleteProperty): + (JSC::JSObject::deletePropertyByIndex): + * runtime/JSObject.h: + (JSC::JSObject::getOwnPropertySlot): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::visitChildren): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::visitChildren): + (JSC::JSStaticScopeObject::put): + (JSC::JSStaticScopeObject::putWithAttributes): + (JSC::JSStaticScopeObject::getOwnPropertySlot): + * runtime/JSString.cpp: + (JSC::JSString::visitChildren): + (JSC::JSString::toThisObject): + (JSC::JSString::getOwnPropertySlot): + (JSC::JSString::getOwnPropertySlotByIndex): + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::deleteProperty): + (JSC::JSVariableObject::getOwnPropertyNames): + * runtime/JSWrapperObject.cpp: + (JSC::JSWrapperObject::visitChildren): + * runtime/MathObject.cpp: + (JSC::MathObject::getOwnPropertySlot): + (JSC::MathObject::getOwnPropertyDescriptor): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::visitChildren): + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getOwnPropertySlot): + (JSC::NumberConstructor::getOwnPropertyDescriptor): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::getOwnPropertySlot): + (JSC::NumberPrototype::getOwnPropertyDescriptor): + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::getOwnPropertySlot): + (JSC::ObjectConstructor::getOwnPropertyDescriptor): + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::put): + (JSC::ObjectPrototype::getOwnPropertySlotByIndex): + (JSC::ObjectPrototype::getOwnPropertySlot): + (JSC::ObjectPrototype::getOwnPropertyDescriptor): + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::getOwnPropertySlot): + (JSC::RegExpConstructor::getOwnPropertyDescriptor): + (JSC::RegExpConstructor::put): + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::getOwnPropertySlot): + (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): + (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): + (JSC::RegExpMatchesArray::put): + (JSC::RegExpMatchesArray::putByIndex): + (JSC::RegExpMatchesArray::deleteProperty): + (JSC::RegExpMatchesArray::deletePropertyByIndex): + (JSC::RegExpMatchesArray::getOwnPropertyNames): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::visitChildren): + (JSC::RegExpObject::getOwnPropertySlot): + (JSC::RegExpObject::getOwnPropertyDescriptor): + (JSC::RegExpObject::put): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::getOwnPropertySlot): + (JSC::RegExpPrototype::getOwnPropertyDescriptor): + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::visitChildren): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::getOwnPropertySlot): + (JSC::StringConstructor::getOwnPropertyDescriptor): + * runtime/StringObject.cpp: + (JSC::StringObject::getOwnPropertySlot): + (JSC::StringObject::getOwnPropertySlotByIndex): + (JSC::StringObject::getOwnPropertyDescriptor): + (JSC::StringObject::deleteProperty): + (JSC::StringObject::getOwnPropertyNames): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::getOwnPropertySlot): + (JSC::StringPrototype::getOwnPropertyDescriptor): + * runtime/Structure.cpp: + (JSC::Structure::visitChildren): + * runtime/StructureChain.cpp: + (JSC::StructureChain::visitChildren): + +2011-11-11 Gavin Barraclough <barraclough@apple.com> + + Enable DFG JIT for ARMv7/iOS. + + Rubber stamped by Oliver Hunt. + + * wtf/Platform.h: + - enable DFG JIT for ARMv7/iOS. + +2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject + https://bugs.webkit.org/show_bug.cgi?id=72035 + + Reviewed by Geoffrey Garen. + + De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable. + (JSC::BytecodeGenerator::BytecodeGenerator): + * interpreter/Interpreter.cpp: Ditto. + (JSC::Interpreter::execute): + * runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers. + * runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table. + (JSC::JSGlobalObject::JSGlobalObject): + (JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers. + (JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table. + (JSC::JSGlobalObject::supportsRichSourceInfo): Ditto. + (JSC::JSGlobalObject::shouldInterruptScript): Ditto. + * runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup. + (JSC::TimeoutChecker::didTimeOut): + +2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSGlobalObject::allowsAccessFrom + https://bugs.webkit.org/show_bug.cgi?id=71969 + + Reviewed by Darin Adler. + + * runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to + JSDOMWindowBase and WebScriptObject. + +2011-11-11 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r99950. + http://trac.webkit.org/changeset/99950 + https://bugs.webkit.org/show_bug.cgi?id=72117 + + "Landed wrong patch by mistake" (Requested by yurys on + #webkit). + + * JavaScriptCore.exp: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + +2011-11-11 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for !ENABLE(JIT) after r99898. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + +2011-11-10 Dan Bernstein <mitz@apple.com> + + Disabling assertions breaks the debug build + https://bugs.webkit.org/show_bug.cgi?id=72091 + + Reviewed by Geoff Garen. + + * dfg/DFGNode.h: Made hasIdentifier() available when assertions are + disabled. It is used in Graph::dump(). + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation + only if assertions are enabled. + * wtf/Deque.h: + (WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED. + * wtf/ThreadRestrictionVerifier.h: + (WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of + a local variable that is only used in an assertion. + +2011-11-10 Filip Pizlo <fpizlo@apple.com> + + JSString forgets to clear m_fibers when resolving ropes + https://bugs.webkit.org/show_bug.cgi?id=72089 + + Reviewed by Geoff Garen. + + * runtime/JSString.cpp: + (JSC::JSString::resolveRopeSlowCase): + +2011-11-09 Filip Pizlo <fpizlo@apple.com> + + DFG byte array support sometimes clamps values incorrectly + https://bugs.webkit.org/show_bug.cgi?id=71975 + + Reviewed by Oliver Hunt. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + +2011-11-10 Filip Pizlo <fpizlo@apple.com> + + ValueProfile/PredictedType contains dead code, and doesn't recognize functions + https://bugs.webkit.org/show_bug.cgi?id=72065 + + Reviewed by Gavin Barraclough and Geoff Garen. + + Added PredictFunction support, and did some cleaning up along the way. + ValueProfile no longer has statistics machinery, because we never used + it. Rearranged some bits in PredictedType to more easily make room for + one more object type. Changed some debug code to use more consistent + conventions (ByteArray becomes Bytearray so that if we ever have a + "Byte" prediction we don't get confused between a prediction that is + the union of Byte and Array and a prediction that indicates precisely + a ByteArray). + + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + (JSC::predictionFromClassInfo): + * bytecode/PredictedType.h: + (JSC::isFunctionPrediction): + * bytecode/ValueProfile.cpp: + * bytecode/ValueProfile.h: + (JSC::ValueProfile::dump): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + +2011-11-10 David Kilzer <ddkilzer@apple.com> + + <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR + + Reviewed by Joseph Pecoraro. + + * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js + script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath + for installation. Also removed "Versions/A/" from the path + since this is unneeded due the default symlinks present in the + framework. + +2011-11-10 Gavin Barraclough <barraclough@apple.com> + + Add ARMv7 support to the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=72061 + + Reviewed by Geoff Garen. + + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall): + (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): + (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader): + (JSC::DFG::AssemblyHelpers::boxDouble): + (JSC::DFG::AssemblyHelpers::unboxDouble): + - Add CPU(ARM) copies of these functions. + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::spill): + - Fix matching of '}' re #if blocks, makes some tools happy. + (JSC::DFG::JITCodeGenerator::setupArguments): + (JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState): + (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult): + (JSC::DFG::JITCodeGenerator::appendCallSetResult): + - Add CPU(ARM) / 4 argument register copies of these functions. + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + - Should use callOperation to plant a call to a DFG_OPERATION. + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + - These methods need to plant a relinkable jump; we currently do so + using beginUninterruptedSequence() / endUninterruptedSequence(). + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + - Should use callOperation to plant a call to a DFG_OPERATION. + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::linkOSRExits): + - This method needs to plant a relinkable jump; we currently do so + using beginUninterruptedSequence() / endUninterruptedSequence(). + (JSC::DFG::JITCompiler::compileBody): + - Add abstraction to retrieve the pc after a call. + * dfg/DFGOSRExitCompiler.cpp: + - Fix a bug - CodeLocationLabel needs a data address rather than an + executable one, but can just take a MacroAssemblerCodePtr instead! + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::compileClampDoubleToByte): + - Add FIXME comment to come back to! - bug#72054. + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::speculationCheck): + - Add missing method (ooops, required by bug#72047) + * dfg/DFGSpeculativeJIT32_64.cpp: + - Need to wrap fmod on ARMv7. + + +2011-11-10 Filip Pizlo <fpizlo@apple.com> + + DFG should not reparse code that was just parsed + https://bugs.webkit.org/show_bug.cgi?id=71977 + + Reviewed by Geoff Garen. + + The instruction stream of a code block is now kept around until + the next GC. When doing either an optimizing compilation of an + executable, or inlining of an executable, we now try to find the + already preexisting bytecode. If we find it, we don't have to parse. + If we don't find it, we parse as before. Inlining takes the extra + step of caching code blocks, so if the same executable gets inlined + multiple times into the same caller, then we parse it at most once + even if prior to inlining that executable did not have any code + blocks with an instruction stream. + + Also fixed a silly bug where the strict mode for various operations + was being determined by looking at the machine code block rather + than the inlinee. + + To enable the delete-on-next-GC policy, I introduced the notion + of an ultra weak finalizer, which anyone can register during + tracing. This is thread-safe (for parallel GC) and + stop-the-world-safe (so calls to free() are postponed until the + world is resumed). This required reusing some facilities previously + created for WeakReferenceHarvester, so I created a common utility + class. I also retweaked the handling of WeakReferenceHarvesters, + since they should be executed during stop-the-world since in the + future we may want to allow them to call drain(). + + 2% win on SunSpider. 2% win on V8, when run in my harness. Neutral + elsewhere. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::visitAggregate): + (JSC::CodeBlock::copyPostParseDataFrom): + (JSC::CodeBlock::copyPostParseDataFromAlternative): + (JSC::CodeBlock::finalizeUnconditionally): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::canProduceCopyWithBytecode): + (JSC::CodeBlock::discardBytecodeLater): + (JSC::CodeBlock::handleBytecodeDiscardingOpportunity): + (JSC::GlobalCodeBlock::GlobalCodeBlock): + (JSC::ProgramCodeBlock::ProgramCodeBlock): + (JSC::EvalCodeBlock::EvalCodeBlock): + (JSC::FunctionCodeBlock::FunctionCodeBlock): + (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker): + (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::strictModeFor): + * dfg/DFGByteCodeCache.h: Added. + (JSC::DFG::CodeBlockKey::CodeBlockKey): + (JSC::DFG::CodeBlockKey::operator==): + (JSC::DFG::CodeBlockKey::hash): + (JSC::DFG::CodeBlockKey::executable): + (JSC::DFG::CodeBlockKey::kind): + (JSC::DFG::CodeBlockKey::isHashTableDeletedValue): + (JSC::DFG::CodeBlockKeyHash::hash): + (JSC::DFG::CodeBlockKeyHash::equal): + (JSC::DFG::ByteCodeCache::ByteCodeCache): + (JSC::DFG::ByteCodeCache::~ByteCodeCache): + (JSC::DFG::ByteCodeCache::get): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleInlining): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * heap/Heap.cpp: + (JSC::Heap::finalizeUnconditionally): + (JSC::Heap::markRoots): + (JSC::Heap::collect): + * heap/Heap.h: + * heap/ListableHandler.h: Added. + (JSC::ListableHandler::ListableHandler): + (JSC::ListableHandler::~ListableHandler): + (JSC::ListableHandler::List::List): + (JSC::ListableHandler::List::addNotThreadSafe): + (JSC::ListableHandler::List::addThreadSafe): + (JSC::ListableHandler::List::hasNext): + (JSC::ListableHandler::List::removeNext): + * heap/MarkStack.cpp: + (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): + (JSC::SlotVisitor::harvestWeakReferences): + (JSC::SlotVisitor::finalizeUnconditionally): + * heap/MarkStack.h: + (JSC::MarkStack::addWeakReferenceHarvester): + (JSC::MarkStack::addUnconditionalFinalizer): + * heap/SlotVisitor.h: + * heap/UnconditionalFinalizer.h: Added. + (JSC::UnconditionalFinalizer::~UnconditionalFinalizer): + * heap/WeakReferenceHarvester.h: + (JSC::WeakReferenceHarvester::WeakReferenceHarvester): + (JSC::WeakReferenceHarvester::~WeakReferenceHarvester): + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::baselineCodeBlockFor): + (JSC::FunctionExecutable::codeBlockWithBytecodeFor): + (JSC::FunctionExecutable::produceCodeBlockFor): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (JSC::FunctionExecutable::profiledCodeBlockFor): + +2011-11-10 Gavin Barraclough <barraclough@apple.com> + + Add ARMv7 register info for the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=72050 + + Reviewed by Geoff Garen. + + * dfg/DFGFPRInfo.h: + (JSC::DFG::FPRInfo::toRegister): + (JSC::DFG::FPRInfo::toIndex): + (JSC::DFG::FPRInfo::debugName): + * dfg/DFGGPRInfo.h: + (JSC::DFG::GPRInfo::toRegister): + (JSC::DFG::GPRInfo::toIndex): + (JSC::DFG::GPRInfo::debugName): + +2011-11-10 Gavin Barraclough <barraclough@apple.com> + + #ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64 + https://bugs.webkit.org/show_bug.cgi?id=72047 + + Reviewed by Geoff Garen. + + We currently don't attempt to abstract divide through the macro assembler, + due to these instructions commonly having specific requirements. This means + there is architecture specific code in the JIT - #ifdef it, and provide a + common implementation. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::fmodAsDFGOperation): + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-10 Gavin Barraclough <barraclough@apple.com> + + Add ENABLE_VALUE_PROFILER support for ARMv7 + https://bugs.webkit.org/show_bug.cgi?id=72043 + + Reviewed by Geoff Garen. + + This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code. + + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emitSlow_op_mod): + - cleanup location of UNUSED_PARAM + * jit/JITStubs.cpp: + (JSC::ctiTrampoline): + (JSC::ctiVMThrowTrampoline): + (JSC::ctiOpThrowNotCaught): + (JSC::JITThunks::JITThunks): + * jit/JITStubs.h: + - Update JITStackFrame structure & asm code to spill more registers. + * jit/JSInterfaceJIT.h: + - Assign a bucketCounterRegister. + +2011-11-10 Gavin Barraclough <barraclough@apple.com> + + Fix sampling counters on ARMv7, move add64 functionality to macro assembler + https://bugs.webkit.org/show_bug.cgi?id=72040 + + Reviewed by Geoff Garen. + + The ability to add an integer to a uint64_t in memory is poorly copied in + multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly + designed interface since add32 is not required to set flags (we have no + concept of flags in the macro assembler interface). + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::add64): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::add64): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::add64): + * dfg/DFGAssemblyHelpers.cpp: + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::emitCount): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::writeBarrier): + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitCount): + +011-11-10 Ryuan Choi <ryuan.choi@samsung.com> + + [CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake + https://bugs.webkit.org/show_bug.cgi?id=56705 + + Reviewed by Adam Roben. + + * CMakeLists.txt: + * PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt. + * PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt. + * shell/CMakeLists.txt: + * shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt. + * shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt. + * wtf/CMakeLists.txt: + * wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt. + * wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt. + +2011-11-10 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix make distcheck build. + + * GNUmakefile.list.am: Add missing files. + +2011-11-09 Michael Saboff <msaboff@apple.com> + + Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type + https://bugs.webkit.org/show_bug.cgi?id=71862 + + Changed LiteralParser to be templatized of character type. + + Moved five enums out of class definition to work around a clang compiler defect. + + Added lexIdentifier templated method to break out character specific versions. + Added static setParserTokenString templated method to handle setting approriately + sized string pointer. + + To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two + flavors of LiteralParser are explicitly instantiated at the end of + LiteralParser.cpp. + + Reviewed by Oliver Hunt. + + * API/JSValueRef.cpp: + (JSValueMakeFromJSONString): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + (JSC::Interpreter::execute): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncEval): + * runtime/JSONObject.cpp: + (JSC::JSONProtoFuncParse): + * runtime/LiteralParser.cpp: + (JSC::isJSONWhiteSpace): + (JSC::::tryJSONPParse): + (JSC::::makeIdentifier): + (JSC::::Lexer::lex): + (JSC::::Lexer::lexIdentifier): + (JSC::::Lexer::next): + (JSC::LChar): + (JSC::UChar): + (JSC::isSafeStringCharacter): + (JSC::::Lexer::lexString): + (JSC::::Lexer::lexNumber): + (JSC::::parse): + * runtime/LiteralParser.h: + (JSC::LiteralParser::LiteralParser): + (JSC::LiteralParser::getErrorMessage): + (JSC::LiteralParser::tryLiteralParse): + (JSC::LiteralParser::Lexer::Lexer): + (JSC::LiteralParser::Lexer::currentToken): + (JSC::LiteralParser::Lexer::getErrorMessage): + * runtime/UString.h: + (JSC::LChar): + (JSC::UChar): + * wtf/text/StringBuilder.cpp: + (WTF::StringBuilder::append): + * wtf/text/StringBuilder.h: + (WTF::StringBuilder::append): + +2011-11-09 Filip Pizlo <fpizlo@apple.com> + + Multiple CodeBlock should be able to share the same instruction + stream without copying + https://bugs.webkit.org/show_bug.cgi?id=71978 + + Reviewed by Oliver Hunt. + + This refactors CodeBlock::m_instructions to be a Vector boxed in a + ref-counted object, but otherwise does not take advantage of this. + + This is performance neutral. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::printStructure): + (JSC::CodeBlock::printStructures): + (JSC::CodeBlock::dump): + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::visitAggregate): + (JSC::CodeBlock::shrinkToFit): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::hasInstructions): + (JSC::CodeBlock::numberOfInstructions): + (JSC::CodeBlock::instructions): + * jit/JIT.cpp: + (JSC::JIT::JIT): + +2011-11-09 Gavin Barraclough <barraclough@apple.com> + + Renovate ARMv7 assembler/macro-assembler + https://bugs.webkit.org/show_bug.cgi?id=71982 + + Reviewed by Geoff Garen. + + ARMv7Assembler: + * add support for strb (byte stores) + * rename the VMOV_CtoS opcodes (there are currently backwards!) + * add support for adc (add with carry) + * add support for vsqrt, vabs + * add support for vmov (between FPRs, and to/from GPR pairs). + * remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures). + * rename vcvt_F64_S32 to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32). + * rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates). + + MacroAssemblerARMv7: + * add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32, + * add store8, and store32 imm to base-index. + * fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code). + * Update supportsFloating* flags (all features now supported). + * add moveDouble, storeDouble to absolute address, addDouble to absolute address + * add 3-operand double operations. + * implement sqrtDouble/absDouble + * add branchTruncateDoubleToInt32, implement truncateDoubleToInt32 + * move should do nothing if src == dest + * branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed). + * add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address. + +2011-11-09 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=71873 + + Reviewed by Geoff Garen. + + Incrementally re-landing these changes, trying to determine what went wrong. + (The whole patch failed tests on the build bot but worked locally. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleIntrinsic): + +2011-11-09 Filip Pizlo <fpizlo@apple.com> + + DFG OSR exit code should be lazily generated + https://bugs.webkit.org/show_bug.cgi?id=71744 + + Reviewed by Gavin Barraclough. + + The OSR exit code is now generated the first time it is executed, + rather than right after speculative compilation. Because most OSR + exits are never taken, this should greatly reduce both code size + and compilation time. + + This is a 1% win on SunSpider, and a 1% win on V8 when running in + my harness. No change in V8 in V8's harness (due to the long runs, + so compile time is not an issue) and no change in Kraken (again, + long runs of small code so compile time has no measurable effect). + + * CMakeListsEfl.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * assembler/AbstractMacroAssembler.h: + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::jump): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::jump): + * assembler/X86Assembler.h: + (JSC::X86Assembler::jmp_m): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::createDFGDataIfNecessary): + (JSC::CodeBlock::appendDFGOSREntryData): + (JSC::CodeBlock::numberOfDFGOSREntries): + (JSC::CodeBlock::dfgOSREntryData): + (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex): + (JSC::CodeBlock::appendOSRExit): + (JSC::CodeBlock::appendSpeculationRecovery): + (JSC::CodeBlock::numberOfOSRExits): + (JSC::CodeBlock::numberOfSpeculationRecoveries): + (JSC::CodeBlock::osrExit): + (JSC::CodeBlock::speculationRecovery): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::debugCall): + * dfg/DFGCorrectableJumpPoint.cpp: Added. + (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch): + * dfg/DFGCorrectableJumpPoint.h: Added. + (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint): + (JSC::DFG::CorrectableJumpPoint::switchToLateJump): + (JSC::DFG::CorrectableJumpPoint::correctInitialJump): + (JSC::DFG::CorrectableJumpPoint::correctLateJump): + (JSC::DFG::CorrectableJumpPoint::initialJump): + (JSC::DFG::CorrectableJumpPoint::lateJump): + (JSC::DFG::CorrectableJumpPoint::correctJump): + (JSC::DFG::CorrectableJumpPoint::getJump): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::linkOSRExits): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + * dfg/DFGOSRExit.cpp: Added. + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::OSRExit::dump): + * dfg/DFGOSRExit.h: + * dfg/DFGOSRExitCompiler.cpp: Added. + * dfg/DFGOSRExitCompiler.h: + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::speculationCheck): + * dfg/DFGThunks.cpp: Added. + (JSC::DFG::osrExitGenerationThunkGenerator): + * dfg/DFGThunks.h: Added. + * jit/JITCode.h: + (JSC::JITCode::dataAddressAtOffset): + * runtime/JSGlobalData.h: + +2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> + + Fixing build breakage + + Unreviewed build fix + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSVariableObject::isDynamicScope + https://bugs.webkit.org/show_bug.cgi?id=71933 + + Reviewed by Geoffrey Garen. + + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope + (JSC::JSActivation::isDynamicScope): + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope + (JSC::JSGlobalObject::isDynamicScope): + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope + (JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType + (JSC::JSStaticScopeObject::isDynamicScope): + * runtime/JSType.h: Added new type for JSStaticScopeObject + * runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the + object's type and calls the corresponding implementation. + (JSC::JSVariableObject::isDynamicScope): + * runtime/JSVariableObject.h: + +2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSGlobalObject::hasOwnPropertyForWrite + https://bugs.webkit.org/show_bug.cgi?id=71934 + + Reviewed by Geoffrey Garen. + + * runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it. + +2011-11-09 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=71873 + + Reviewed by Geoff Garen. + + Incrementally re-landing these changes, trying to determine what went wrong. + (The whole patch failed tests on the build bot but worked locally. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::absDouble): + * assembler/MacroAssemblerARMv7.h: + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::absDouble): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::absDouble): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::absDouble): + * assembler/MacroAssemblerX86Common.h: + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::absDouble): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/ThunkGenerators.cpp: + (JSC::absThunkGenerator): + +2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::getOwnPropertyDescriptor + https://bugs.webkit.org/show_bug.cgi?id=71523 + + Reviewed by Sam Weinig. + + Added getOwnPropertyDescriptor to the MethodTable, changed all of the + virtual versions of getOwnPropertyDescriptor to static ones, and + changed all of the call sites to the corresponding lookup in the MethodTable. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertyDescriptor): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::getOwnPropertyDescriptor): + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertyDescriptor): + * runtime/Arguments.h: + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::getOwnPropertyDescriptor): + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::getOwnPropertyDescriptor): + * runtime/ArrayPrototype.h: + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::getOwnPropertyDescriptor): + * runtime/BooleanPrototype.h: + * runtime/ClassInfo.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::getOwnPropertyDescriptor): + * runtime/DateConstructor.h: + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::getOwnPropertyDescriptor): + * runtime/DatePrototype.h: + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::getOwnPropertyDescriptor): + * runtime/ErrorPrototype.h: + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertyDescriptor): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::getOwnPropertyDescriptor): + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getOwnPropertyDescriptor): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertyDescriptor): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::getOwnPropertyDescriptor): + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::getOwnPropertyDescriptor): + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::JSONObject::getOwnPropertyDescriptor): + * runtime/JSONObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::vtableAnchor): + (JSC::JSObject::propertyIsEnumerable): + (JSC::JSObject::getOwnPropertyDescriptor): + (JSC::JSObject::getPropertyDescriptor): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a + bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject. There were + no call sites for this version of getOwnPropertyDescriptor in the entire project. + * runtime/JSString.h: + * runtime/Lookup.h: + (JSC::getStaticPropertyDescriptor): + (JSC::getStaticFunctionDescriptor): + (JSC::getStaticValueDescriptor): + * runtime/MathObject.cpp: + (JSC::MathObject::getOwnPropertyDescriptor): + * runtime/MathObject.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getOwnPropertyDescriptor): + * runtime/NumberConstructor.h: + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::getOwnPropertyDescriptor): + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::getOwnPropertyDescriptor): + (JSC::objectConstructorGetOwnPropertyDescriptor): + * runtime/ObjectConstructor.h: + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::getOwnPropertyDescriptor): + * runtime/ObjectPrototype.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::getOwnPropertyDescriptor): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::getOwnPropertyDescriptor): + * runtime/RegExpObject.h: + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::getOwnPropertyDescriptor): + * runtime/RegExpPrototype.h: + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::getOwnPropertyDescriptor): + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable. + (JSC::StringObject::getOwnPropertyDescriptor): + * runtime/StringObject.h: + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::getOwnPropertyDescriptor): + * runtime/StringPrototype.h: + +2011-11-09 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=71873 + + Reviewed by Geoff Garen. + + Incrementally re-landing these changes, trying to determine what went wrong. + (The whole patch failed tests on the build bot but worked locally. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::supportsFloatingPoint): + (JSC::MacroAssemblerARM::supportsFloatingPointTruncate): + (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): + (JSC::MacroAssemblerARM::supportsFloatingPointAbs): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::supportsFloatingPoint): + (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate): + (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): + (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::supportsFloatingPoint): + (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate): + (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt): + (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::supportsFloatingPoint): + (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate): + (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt): + (JSC::MacroAssemblerSH4::supportsFloatingPointAbs): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::supportsFloatingPoint): + (JSC::MacroAssemblerX86::supportsFloatingPointTruncate): + (JSC::MacroAssemblerX86::supportsFloatingPointSqrt): + (JSC::MacroAssemblerX86::supportsFloatingPointAbs): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::supportsFloatingPoint): + (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate): + (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt): + (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs): + * jit/ThunkGenerators.cpp: + (JSC::absThunkGenerator): + +2011-11-08 Darin Adler <darin@apple.com> + + Add code path in HashTable for emptyValueIsZero that does not require copying the empty value + https://bugs.webkit.org/show_bug.cgi?id=71875 + + Reviewed by Anders Carlsson. + + This is a step along the path of making OwnPtr work as HashMap value types. + + * wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here. + Also fixed include style. To include other WTF headers inside WTF, we use "" includes. + I did not change the code to fix style checker complaints. + + * wtf/HashTable.h: Added includes as needed and fixed include style. + (WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which + gave it internal linkage for no good reason. + (WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid + construction/destruction problems instead of doing the trick where we construct and destroy + an empty value twice. It's cleaner and simpler and avoids copying the empty value. + (WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the + empty value is zero rather than copying an empty value. + + * wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h. + +2011-11-09 Gabor Rapcsanyi <rgabor@webkit.org> + + Buildfix for 32bit debug mode. + + Reviewed by Csaba Osztrogonác. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::dump): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + +2011-11-09 Andy Wingo <wingo@igalia.com> + + Enable the DFG JIT on X86-64 Linux platforms + https://bugs.webkit.org/show_bug.cgi?id=71373 + + Reviewed by Csaba Osztrogonác. + + * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the + x86-64 GNU/Linux platform. + * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build. + +2011-11-09 Csaba Osztrogonác <ossy@webkit.org> + + Enable the DFG JIT on x86-64 Linux platforms + https://bugs.webkit.org/show_bug.cgi?id=71373 + + Enable DFG JIT by default on X86 Linux and Mac platforms + https://bugs.webkit.org/show_bug.cgi?id=71686 + + Buildfix for stricter compilers: -Werror=unused-but-set-variable + + Reviewed by Zoltan Herczeg. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-09 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r99678. + http://trac.webkit.org/changeset/99678 + https://bugs.webkit.org/show_bug.cgi?id=71882 + + broke the build with -Werror=unused-but-set-variable + (Requested by tronical_ on #webkit). + + * CMakeListsEfl.txt: + * wtf/Platform.h: + +2011-11-09 Andy Wingo <wingo@igalia.com> + + Enable the DFG JIT on X86-64 Linux platforms + https://bugs.webkit.org/show_bug.cgi?id=71373 + + Reviewed by Filip Pizlo. + + * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the + x86-64 GNU/Linux platform. + * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build. + +2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::defineOwnProperty + https://bugs.webkit.org/show_bug.cgi?id=71429 + + Reviewed by Geoffrey Garen. + + Added defineOwnProperty to the MethodTable, changed all the virtual + implementations of defineOwnProperty to static ones, and replaced + all call sites with corresponding lookups in the MethodTable. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/Arguments.cpp: + (JSC::Arguments::createStrictModeCallerIfNecessary): + (JSC::Arguments::createStrictModeCalleeIfNecessary): + * runtime/ClassInfo.h: + * runtime/JSCell.cpp: + (JSC::JSCell::defineOwnProperty): + * runtime/JSCell.h: + * runtime/JSObject.cpp: + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorDefineProperty): + (JSC::defineProperties): + +2011-11-09 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] Build system cleanup + https://bugs.webkit.org/show_bug.cgi?id=71815 + + Reviewed by Kenneth Rohde Christiansen. + + * wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf. + +2011-11-08 Simon Hausmann <simon.hausmann@nokia.com> + + [Qt] Replace use of QApplication with QGuiApplication + https://bugs.webkit.org/show_bug.cgi?id=71794 + + Reviewed by Andreas Kling. + + Add compat headers for use when building with Qt 4: QGuiApplication + is typedef'ed to QApplication. + + * wtf/qt/compat/QGuiApplication: Added. + * wtf/qt/compat/qguiapplication.h: Added. + +2011-11-08 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r99647. + http://trac.webkit.org/changeset/99647 + https://bugs.webkit.org/show_bug.cgi?id=71876 + + It broke jsc and layout tests on all bot (Requested by + Ossy_night on #webkit). + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::supportsFloatingPoint): + (JSC::MacroAssemblerARM::supportsFloatingPointTruncate): + (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): + (JSC::MacroAssemblerARM::supportsDoubleBitops): + (JSC::MacroAssemblerARM::andnotDouble): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::supportsFloatingPoint): + (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate): + (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): + (JSC::MacroAssemblerARMv7::supportsDoubleBitops): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::andnotDouble): + (JSC::MacroAssemblerMIPS::supportsFloatingPoint): + (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate): + (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt): + (JSC::MacroAssemblerMIPS::supportsDoubleBitops): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::supportsFloatingPoint): + (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate): + (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt): + (JSC::MacroAssemblerSH4::supportsDoubleBitops): + (JSC::MacroAssemblerSH4::andnotDouble): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::MacroAssemblerX86): + (JSC::MacroAssemblerX86::supportsFloatingPoint): + (JSC::MacroAssemblerX86::supportsFloatingPointTruncate): + (JSC::MacroAssemblerX86::supportsFloatingPointSqrt): + (JSC::MacroAssemblerX86::supportsDoubleBitops): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::andnotDouble): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::supportsFloatingPoint): + (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate): + (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt): + (JSC::MacroAssemblerX86_64::supportsDoubleBitops): + * assembler/X86Assembler.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleIntrinsic): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/ThunkGenerators.cpp: + (JSC::absThunkGenerator): + * runtime/JSGlobalData.cpp: + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + Better abstract 'abs' operation through the MacroAssembler. + https://bugs.webkit.org/show_bug.cgi?id=71873 + + Reviewed by Geoff Garen. + + Currently the x86 specific instruction sequence to perform a double abs + is duplicated throughout the JITs / thunk generators. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::supportsFloatingPoint): + (JSC::MacroAssemblerARM::supportsFloatingPointTruncate): + (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): + (JSC::MacroAssemblerARM::supportsFloatingPointAbs): + (JSC::MacroAssemblerARM::absDouble): + - Renamed supportsFloatingPointAbs, make these methods static so that + we can check the JIT's capabilites before we begin compilation. + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::supportsFloatingPoint): + (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate): + (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): + (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs): + - Renamed supportsFloatingPointAbs, make these methods static so that + we can check the JIT's capabilites before we begin compilation. + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::absDouble): + (JSC::MacroAssemblerMIPS::supportsFloatingPoint): + (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate): + (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt): + (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs): + - Renamed supportsFloatingPointAbs, make these methods static so that + we can check the JIT's capabilites before we begin compilation. + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::supportsFloatingPoint): + (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate): + (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt): + (JSC::MacroAssemblerSH4::supportsFloatingPointAbs): + (JSC::MacroAssemblerSH4::absDouble): + - Renamed supportsFloatingPointAbs, make these methods static so that + we can check the JIT's capabilites before we begin compilation. + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::absDouble): + (JSC::MacroAssemblerX86::supportsFloatingPoint): + (JSC::MacroAssemblerX86::supportsFloatingPointTruncate): + (JSC::MacroAssemblerX86::supportsFloatingPointSqrt): + (JSC::MacroAssemblerX86::supportsFloatingPointAbs): + - Made supports* methods static so that we can check the JIT's + capabilites before we begin compilation. Added absDouble. + * assembler/MacroAssemblerX86Common.h: + - Removed andnotDouble, added s_maskSignBit. + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::absDouble): + (JSC::MacroAssemblerX86_64::supportsFloatingPoint): + (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate): + (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt): + (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs): + - Made supports* methods static so that we can check the JIT's + capabilites before we begin compilation. Added absDouble. + * assembler/X86Assembler.h: + (JSC::X86Assembler::andpd_rr): + (JSC::X86Assembler::andpd_mr): + - Added support for andpd instruction. + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleIntrinsic): + - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt. + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - Switched to use doubleAbs, we can now also reuse the operand register for the result. + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - Switched to use doubleAbs, we can now also reuse the operand register for the result. + * jit/ThunkGenerators.cpp: + - Switched to use doubleAbs. + (JSC::absThunkGenerator): + * runtime/JSGlobalData.cpp: + - Declared MacroAssemblerX86Common::s_maskSignBit here. + This is a little ugly, but it doesn't seem worth adding a whole extra .cpp + to the compile for just one constant. + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + Move duplicates of SYMBOL_STRING* macros to the single location + https://bugs.webkit.org/show_bug.cgi?id=71456 + + Reviewed by Sam Weinig. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + * wtf/InlineASM.h: Added. + - Moved asm related macros. + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + Move code to handle 8bit regs from X86Assembler to MacroAssembler + https://bugs.webkit.org/show_bug.cgi?id=71867 + + Reviewed by Oliver Hunt. + + This code is fine, but is in the wrong place really. X86 assembler should + basically just format up exactly the instruction you request - not expand + out to a set of instructions (that is what the macro assembler layer is + for!). For other 8-bit ops, on X86 we don't guard against clients accessing + the XH registers. + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::store8): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movb_rm): + - moved some code. + +2011-11-08 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for GTK. + + * GNUmakefile.list.am: + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + Build fix. + + * assembler/X86Assembler.h: + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + Errrk, failed to commit this in last change. + + * assembler/X86Assembler.h: + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + Remove an unused method. + + Rubber stamped by Geoff Garen. + + * assembler/AbstractMacroAssembler.h: + * assembler/AssemblerBuffer.h: + - removed rewindToLabel. + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + Fix OSR entry points to calculate offsets correctly WRT to branch compaction. + https://bugs.webkit.org/show_bug.cgi?id=71864 + + Reviewed by Filip Pizlo. + + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::offsetOf): + - We use this to return the offsets into the code of the entry points. + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): + - Move the construction of the speculative JIT outside of + compileBody, such that it is still available to link the + OSR entry points at the point we are linking. + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::noticeOSREntry): + - Pass the label of the block & linkbuffer into noticeOSREntry. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::linkOSREntries): + - Moved call to noticeOSREntry until we we linking. + * dfg/DFGSpeculativeJIT.h: + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + - Moved calculation of entries until we we linking. + * jit/JIT.h: + - Removed some members. + +2011-11-08 Filip Pizlo <fpizlo@apple.com> + + DFG OSR exit code should be generated by a separate compiler, not + related to DFG::JITCompiler + https://bugs.webkit.org/show_bug.cgi?id=71787 + + Reviewed by Gavin Barraclough. + + Moves the exitSpeculativeWithOSR() method from JITCompiler to + OSRExitCompiler::compileExit(). + + * CMakeListsEfl.txt: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::linkOSRExits): + * dfg/DFGJITCompiler32_64.cpp: Removed. + * dfg/DFGOSRExitCompiler.h: Added. + (JSC::DFG::OSRExitCompiler::OSRExitCompiler): + * dfg/DFGOSRExitCompiler32_64.cpp: Added. + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: Added. + (JSC::DFG::OSRExitCompiler::compileExit): + * runtime/JSValue.h: + +2011-11-08 Filip Pizlo <fpizlo@apple.com> + + Basic DFG definitions should be moved out of DFGNode.h + https://bugs.webkit.org/show_bug.cgi?id=71861 + + Rubber-stamped by Gavin Barraclough. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGCommon.h: Added. + (JSC::DFG::NodeIndexTraits::defaultValue): + * dfg/DFGNode.h: + * dfg/DFGOSRExit.h: + * dfg/DFGRegisterBank.h: + +2011-11-08 Michael Saboff <msaboff@apple.com> + + Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type + https://bugs.webkit.org/show_bug.cgi?id=71761 + + Templatized Parser based on Lexer<T>. Moved two enums, + SourceElementsMode and FunctionRequirements out of Parser definition + to work around a clang compiler defect. + + Cleaned up SourceCode data() to return StringImpl* and eliminated + the recently added stringData() virtual method. + + To keep code in Parser.cpp and keep Parser.h small, the two flavors + of Parser are explicitly instantiated at the end of Parser.cpp. + + Reviewed by Gavin Barraclough. + + * interpreter/Interpreter.cpp: + (JSC::appendSourceToError): + * parser/Lexer.cpp: + (JSC::::setCode): + (JSC::::sourceCode): + * parser/Parser.cpp: + (JSC::::Parser): + (JSC::::~Parser): + (JSC::::parseInner): + (JSC::::didFinishParsing): + (JSC::::allowAutomaticSemicolon): + (JSC::::parseSourceElements): + (JSC::::parseVarDeclaration): + (JSC::::parseConstDeclaration): + (JSC::::parseDoWhileStatement): + (JSC::::parseWhileStatement): + (JSC::::parseVarDeclarationList): + (JSC::::parseConstDeclarationList): + (JSC::::parseForStatement): + (JSC::::parseBreakStatement): + (JSC::::parseContinueStatement): + (JSC::::parseReturnStatement): + (JSC::::parseThrowStatement): + (JSC::::parseWithStatement): + (JSC::::parseSwitchStatement): + (JSC::::parseSwitchClauses): + (JSC::::parseSwitchDefaultClause): + (JSC::::parseTryStatement): + (JSC::::parseDebuggerStatement): + (JSC::::parseBlockStatement): + (JSC::::parseStatement): + (JSC::::parseFormalParameters): + (JSC::::parseFunctionBody): + (JSC::::parseFunctionInfo): + (JSC::::parseFunctionDeclaration): + (JSC::::parseExpressionOrLabelStatement): + (JSC::::parseExpressionStatement): + (JSC::::parseIfStatement): + (JSC::::parseExpression): + (JSC::::parseAssignmentExpression): + (JSC::::parseConditionalExpression): + (JSC::::isBinaryOperator): + (JSC::::parseBinaryExpression): + (JSC::::parseProperty): + (JSC::::parseObjectLiteral): + (JSC::::parseStrictObjectLiteral): + (JSC::::parseArrayLiteral): + (JSC::::parsePrimaryExpression): + (JSC::::parseArguments): + (JSC::::parseMemberExpression): + (JSC::::parseUnaryExpression): + * parser/Parser.h: + (JSC::::parse): + (JSC::parse): + * parser/SourceCode.h: + (JSC::SourceCode::data): + (JSC::SourceCode::subExpression): + * parser/SourceProvider.h: + (JSC::UStringSourceProvider::data): + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + Fix PropertyAccessRecords in DFG JIT to take account of branch compaction. + https://bugs.webkit.org/show_bug.cgi?id=71855 + + Reviewed by Filip Pizlo. + + The DFG JIT presently calculates a set of offsets early, before branches have been compacted. + This won't work on ARMv7. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::differenceBetweenCodePtr): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::locationOf): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): + (JSC::DFG::JITCompiler::addPropertyAccess): + +2011-11-08 Gavin Barraclough <barraclough@apple.com> + + DFG JIT calculation of OSR entry points is not THUMB2 safe + https://bugs.webkit.org/show_bug.cgi?id=71852 + + Reviewed by Oliver Hunt. + + Executable addresses are tagged with a low bit set to distinguish + between THUMB2 and traditional ARM. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * jit/JITCode.h: + (JSC::JITCode::executableAddressAtOffset): + (JSC::JITCode::start): + (JSC::JITCode::size): + +2011-11-08 Michael Saboff <msaboff@apple.com> + + JSC::Parser::Parser leaks Lexer member + https://bugs.webkit.org/show_bug.cgi?id=71847 + + Changed m_lexer member of Parser to be OwnPtr to fix a memory leak. + + Reviewed by Oliver Hunt. + + * parser/Parser.cpp: + (JSC::Parser::Parser): + (JSC::Parser::parseFunctionBody): + * parser/Parser.h: + +2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com> + + Enable DFG JIT by default on X86 Linux and Mac platforms + https://bugs.webkit.org/show_bug.cgi?id=71686 + + Reviewed by Filip Pizlo. + + We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86. + + * wtf/Platform.h: + +2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519 + https://bugs.webkit.org/show_bug.cgi?id=71768 + + Reviewed by Geoffrey Garen. + + Also includes a fix to make the newly introduced AssemblyHelpers + friend of JSValue as we need the Tag definitions. + + * CMakeListsEfl.txt: + * GNUmakefile.list.am: + * Target.pri: + * runtime/JSValue.h: + +2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com> + + Fix gcc 4.4 compilation warnings in DFG 32_64 + https://bugs.webkit.org/show_bug.cgi?id=71762 + + Reviewed by Filip Pizlo. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::registersMatched): + +2011-11-07 Filip Pizlo <fpizlo@apple.com> + + DFG code base should allow for classes not related to DFG::JITCompiler + to use DFG idioms + https://bugs.webkit.org/show_bug.cgi?id=71746 + + Reviewed by Gavin Barraclough. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGAssemblyHelpers.cpp: Added. + (JSC::DFG::AssemblyHelpers::decodedCodeMapFor): + (JSC::DFG::AssemblyHelpers::emitCount): + (JSC::DFG::AssemblyHelpers::setSamplingFlag): + (JSC::DFG::AssemblyHelpers::clearSamplingFlag): + (JSC::DFG::AssemblyHelpers::jitAssertIsInt32): + (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32): + (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber): + (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble): + (JSC::DFG::AssemblyHelpers::jitAssertIsCell): + * dfg/DFGAssemblyHelpers.h: Added. + * dfg/DFGJITCompiler.cpp: + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::JITCompiler): + (JSC::DFG::JITCompiler::graph): + * dfg/DFGJITCompiler32_64.cpp: + * dfg/DFGOSRExit.h: Added. + (JSC::DFG::SpeculationRecovery::SpeculationRecovery): + (JSC::DFG::SpeculationRecovery::type): + (JSC::DFG::SpeculationRecovery::dest): + (JSC::DFG::SpeculationRecovery::src): + (JSC::DFG::OSRExit::numberOfRecoveries): + (JSC::DFG::OSRExit::valueRecovery): + (JSC::DFG::OSRExit::isArgument): + (JSC::DFG::OSRExit::isVariable): + (JSC::DFG::OSRExit::argumentForIndex): + (JSC::DFG::OSRExit::variableForIndex): + (JSC::DFG::OSRExit::operandForArgument): + (JSC::DFG::OSRExit::operandForIndex): + * dfg/DFGSpeculativeJIT.h: + +2011-11-07 Filip Pizlo <fpizlo@apple.com> + + Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet, + but it appears to help on other benchmarks. + + Rubber stamped by Oliver Hunt. + + * bytecode/ValueProfile.h: + +2011-11-07 Ariya Hidayat <ariya@sencha.com> + + "use strict" can not contain escape sequences or line continuation + https://bugs.webkit.org/show_bug.cgi?id=71532 + + Reviewed by Darin Adler. + + Store the actual literal length (before the escapes and line + continuation are encoded) while parsing the directive and use it + for the directive comparison. + + * parser/Parser.cpp: + (JSC::Parser::parseSourceElements): + (JSC::Parser::parseStatement): + * parser/Parser.h: + +2011-11-06 Filip Pizlo <fpizlo@apple.com> + + DFG operationCreateThis slow path may get the wrong callee in case of inlining + https://bugs.webkit.org/show_bug.cgi?id=71647 + + Reviewed by Oliver Hunt. + + No new tests because I only saw this manifest itself when I had other bugs + leading to spurious slow path executions. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-07 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::putWithAttributes + https://bugs.webkit.org/show_bug.cgi?id=71716 + + Reviewed by Darin Adler. + + Added putWithAttributes to the MethodTable, changed all the virtual + implementations of putWithAttributes to static ones, and replaced + all call sites with corresponding lookups in the MethodTable. + + * API/JSObjectRef.cpp: + (JSObjectSetProperty): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::putWithAttributes): + * debugger/DebuggerActivation.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + * runtime/ClassInfo.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::putWithAttributes): + * runtime/JSActivation.h: + * runtime/JSCell.cpp: + (JSC::JSCell::putWithAttributes): + * runtime/JSCell.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::putWithAttributes): + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::putWithAttributes): + (JSC::putDescriptor): + * runtime/JSObject.h: + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::putWithAttributes): + * runtime/JSStaticScopeObject.h: + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::putWithAttributes): + * runtime/JSVariableObject.h: + +2011-11-07 Dmitry Lomov <dslomov@google.com> + + Unreviewed. Release build fix. + + * parser/Lexer.cpp: + (JSC::assertCharIsIn8BitRange): + +2011-11-07 Filip Pizlo <fpizlo@apple.com> + + Switch the value profiler back to 8 buckets, because we suspect that while this + is more expensive it's also more stable. + + Rubber stamped by Geoff Garen. + + * bytecode/ValueProfile.h: + +2011-11-07 Andrew Wason <rectalogic@rectalogic.com> + + Uninitialized Heap member var + https://bugs.webkit.org/show_bug.cgi?id=71722 + + Reviewed by Filip Pizlo. + + * heap/Heap.cpp: + (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit + +2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible + https://bugs.webkit.org/show_bug.cgi?id=71684 + + Reviewed by Filip Pizlo. + + Currently in DFG JIT, we try to reuse the physical register of an + operand for temporary usage if the current use of the operand is the + last use. But sometimes this can be wrong, for example if there are + possible speculation failures and we need to fallback to baseline JIT, + the value of the operand which is supposed to be hold in the physical + register can be modified by register reusing. The fixes the last + inspector failures in layout test on Mac 32-bit if switching on DFG. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-07 Ryosuke Niwa <rniwa@webkit.org> + + REGRESSION(r99436): Broke Snow Leopard debug build + https://bugs.webkit.org/show_bug.cgi?id=71713 + + Reviewed by Darin Adler. + + Put the assertion in a template and use template specialization + to avoid warning when instantiated with UChar or LChar. + + In the long term, we should have traits for unsigned integral types + and use that to specialize template instead of specializing it for UChar and LChar. + + * parser/Lexer.cpp: + (JSC::assertCharIsIn8BitRange): + (JSC::::append8): + +2011-11-07 ChangSeok Oh <shivamidow@gmail.com> + + [EFL] Support requestAnimationFrame API + https://bugs.webkit.org/show_bug.cgi?id=67112 + + Reviewed by Andreas Kling. + + Let EFL port use REQUEST_ANIMATION_FRAME_TIMER. + + * wtf/Platform.h: + +2011-11-07 Michael Saboff <msaboff@apple.com> + + Towards 8 Bit Strings: Templatize JSC::Lexer class by character type + https://bugs.webkit.org/show_bug.cgi?id=71331 + + Change the Lexer class to be a template class based on the character + type of the source. In the process updated the parseIdentifier() + and parseString() methods to create 8 bit strings where possible. + Also added some helper methods for accumulating temporary string + data in the 8 and 16 bit vectors. + + Changed the SourceProvider::data() virtual method to return a + StringImpl* instead of a UChar*. + + Updated the KeywordLookup generator to create code to match keywords + for both 8 and 16 bit source strings. + + Due to a compiler bug (<rdar://problem/10194295>) moved enum + definition outside of Lexer class declaration. Remove second enum + no longer needed. + + Reviewed by Darin Adler. + + * KeywordLookupGenerator.py: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + * parser/Lexer.cpp: + (JSC::::Lexer): + (JSC::::~Lexer): + (JSC::::getInvalidCharMessage): + (JSC::::currentCharacter): + (JSC::::setCode): + (JSC::::internalShift): + (JSC::::shift): + (JSC::::peek): + (JSC::::getUnicodeCharacter): + (JSC::::shiftLineTerminator): + (JSC::::lastTokenWasRestrKeyword): + (JSC::::record8): + (JSC::::append8): + (JSC::::append16): + (JSC::::record16): + (JSC::::parseIdentifier): + (JSC::::parseIdentifierSlowCase): + (JSC::::parseString): + (JSC::::parseStringSlowCase): + (JSC::::parseHex): + (JSC::::parseOctal): + (JSC::::parseDecimal): + (JSC::::parseNumberAfterDecimalPoint): + (JSC::::parseNumberAfterExponentIndicator): + (JSC::::parseMultilineComment): + (JSC::::nextTokenIsColon): + (JSC::::lex): + (JSC::::scanRegExp): + (JSC::::skipRegExp): + (JSC::::clear): + (JSC::::sourceCode): + * parser/Lexer.h: + (JSC::Lexer::append16): + (JSC::Lexer::currentOffset): + (JSC::Lexer::setOffsetFromCharOffset): + (JSC::::isWhiteSpace): + (JSC::::isLineTerminator): + (JSC::::convertHex): + (JSC::::convertUnicode): + (JSC::::makeIdentifier): + (JSC::::setCodeStart): + (JSC::::makeIdentifierLCharFromUChar): + (JSC::::lexExpectIdentifier): + * parser/Parser.cpp: + (JSC::Parser::Parser): + (JSC::Parser::parseProperty): + (JSC::Parser::parseMemberExpression): + * parser/Parser.h: + (JSC::Parser::next): + (JSC::Parser::nextExpectIdentifier): + * parser/ParserArena.h: + (JSC::IdentifierArena::makeIdentifier): + (JSC::IdentifierArena::makeIdentifierLCharFromUChar): + * parser/SourceCode.h: + (JSC::SourceCode::subExpression): + * parser/SourceProvider.h: + (JSC::UStringSourceProvider::stringData): + * parser/SourceProviderCache.h: + * parser/SyntaxChecker.h: + * runtime/FunctionPrototype.cpp: + (JSC::insertSemicolonIfNeeded): + * runtime/Identifier.cpp: + (JSC::IdentifierTable::add): + (JSC::IdentifierLCharFromUCharTranslator::hash): + (JSC::IdentifierLCharFromUCharTranslator::equal): + (JSC::IdentifierLCharFromUCharTranslator::translate): + (JSC::Identifier::add8): + * runtime/Identifier.h: + (JSC::Identifier::Identifier): + (JSC::Identifier::createLCharFromUChar): + (JSC::Identifier::canUseSingleCharacterString): + (JSC::IdentifierCharBufferTranslator::hash): + (JSC::IdentifierCharBufferTranslator::equal): + (JSC::IdentifierCharBufferTranslator::translate): + (JSC::Identifier::add): + (JSC::Identifier::equal): + (JSC::IdentifierTable::add): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::decode): + (JSC::parseIntOverflow): + (JSC::globalFuncUnescape): + * runtime/JSGlobalObjectFunctions.h: + (JSC::parseIntOverflow): + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::tryJSONPParse): + (JSC::LiteralParser::Lexer::lexString): + * wtf/text/StringImpl.h: + +2011-11-07 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> + + [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree + + Allows us to not package up the whole Source/JavaScriptCore directory for the + buildbots. + + Reviewed-by Simon Hausmann. + + * jsc.pro: + +2011-11-06 Filip Pizlo <fpizlo@apple.com> + + REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call + to initializeMainThread, and crashes + https://bugs.webkit.org/show_bug.cgi?id=71643 + + Reviewed by Sam Weinig. + + * jsc.cpp: + (main): + +2011-11-06 Sam Weinig <sam@webkit.org> + + Add space missing from some class declarations + https://bugs.webkit.org/show_bug.cgi?id=71632 + + Reviewed by Anders Carlsson. + + * assembler/AssemblerBufferWithConstantPool.h: + * bytecode/CodeBlock.h: + * dfg/DFGVariableAccessData.h: + * heap/VTableSpectrum.h: + * jit/ExecutableAllocator.cpp: + * jit/ExecutableAllocatorFixedVMPool.cpp: + * wtf/MetaAllocatorHandle.h: + * wtf/UnionFind.h: + +2011-11-06 Sam Weinig <sam@webkit.org> + + Allow use of FINAL in JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=71630 + + Reviewed by Anders Carlsson. + + * Configurations/Base.xcconfig: + Don't warn about C++11 extensions used in C++98 mode. + +2011-11-05 Filip Pizlo <fpizlo@apple.com> + + Value profiling should just use two buckets + https://bugs.webkit.org/show_bug.cgi?id=71619 + + Reviewed by Gavin Barraclough. + + Added one more configuration options (like Heuristics::minimumOptimizationDelay), + improved debugging in JIT optimization support, changed the number of buckets + in the value profile from 9 to 2, and wrote a more optimal value profiling path + in the old JIT to take advantage of this. It's still possible to play around with + larger numbers of buckets, and we should probably keep this for a little while + until we convince ourselves that using just two buckets is the right call. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::shouldOptimizeNow): + * bytecode/ValueProfile.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: + +2011-11-03 Filip Pizlo <fpizlo@apple.com> + + JSC should be able to sample itself in a more flexible way than just sampling flags + https://bugs.webkit.org/show_bug.cgi?id=71522 + + Reviewed by Gavin Barraclough. + + Added a construct that looks like SamplingRegion samplingRegion("name"). + + * JavaScriptCore.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/SamplingTool.cpp: + (JSC::SamplingRegion::Locker::Locker): + (JSC::SamplingRegion::Locker::~Locker): + (JSC::SamplingRegion::sample): + (JSC::SamplingRegion::dump): + (JSC::SamplingRegion::dumpInternal): + (JSC::SamplingThread::threadStartFunc): + * bytecode/SamplingTool.h: + (JSC::SamplingRegion::SamplingRegion): + (JSC::SamplingRegion::~SamplingRegion): + (JSC::SamplingRegion::exchangeCurrent): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::generate): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * heap/Heap.cpp: + (JSC::Heap::markRoots): + (JSC::Heap::collect): + * heap/VTableSpectrum.cpp: + (JSC::VTableSpectrum::countVPtr): + (JSC::VTableSpectrum::dump): + * heap/VTableSpectrum.h: + * jsc.cpp: + (main): + (runWithScripts): + * parser/Parser.h: + (JSC::parse): + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * wtf/Atomics.h: + (WTF::weakCompareAndSwap): + * wtf/Platform.h: + * wtf/Spectrum.h: Added. + (WTF::Spectrum::Spectrum): + (WTF::Spectrum::add): + (WTF::Spectrum::get): + (WTF::Spectrum::begin): + (WTF::Spectrum::end): + (WTF::Spectrum::KeyAndCount::KeyAndCount): + (WTF::Spectrum::KeyAndCount::operator<): + (WTF::Spectrum::buildList): + * wtf/wtf.pri: + +2011-11-05 Sam Weinig <sam@webkit.org> + + Fix windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-11-04 Sam Weinig <sam@webkit.org> + + Reduce the number of putWithAttributes + https://bugs.webkit.org/show_bug.cgi?id=71597 + + Reviewed by Adam Roben. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Remove exports of removed functions. + + * runtime/JSActivation.cpp: + (JSC::JSActivation::putWithAttributes): + Calling the overload without the extra parameters does the same thing. + + * runtime/JSObject.cpp: + (JSC::JSObject::putWithAttributes): + * runtime/JSObject.h: + Remove four unused JSObject::putWithAttributes overloads and make one of the remaining + two overloads not virtual, since no one overrides it. + +2011-11-04 Pratik Solanki <psolanki@apple.com> + + sqrtDouble and andnotDouble should be declared noreturn + https://bugs.webkit.org/show_bug.cgi?id=71592 + + Reviewed by Sam Weinig. + + * assembler/MacroAssemblerARMv7.h: + +2011-11-04 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::hasInstance + https://bugs.webkit.org/show_bug.cgi?id=71430 + + Reviewed by Darin Adler. + + Added hasInstance to the MethodTable, changed all the virtual + implementations of hasInstance to static ones, and replaced + all call sites with corresponding lookups in the MethodTable. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::hasInstance): + * API/JSValueRef.cpp: + (JSValueIsInstanceOfConstructor): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ClassInfo.h: + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::hasInstance): + * runtime/JSBoundFunction.h: + * runtime/JSCell.cpp: + (JSC::JSCell::hasInstance): + * runtime/JSCell.h: + * runtime/JSObject.cpp: + (JSC::JSObject::hasInstance): + * runtime/JSObject.h: + +2011-11-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> + + [Qt] Refactor and clean up the qmake build system + + The qmake build system has accumulated a bit of cruft and redundancy + over time. There's also a fairly tight coupling between how to build + the various targets, and _what_ to build, making it harder to add new + rules or sources. This patch aims to elevate these issues somewhat. + + This is a short-list of the changes: + + * The rules for how to build targets are now mostly contained as + prf-files in Tools/qmake/mkspecs/features. Using mkspecs also + allows us to do pre- and post-processing of each project file, + which helps to clean up the actual project files. + + * Derived sources are no longer generated as a separate make-step + but is part of each target's project file as a subdir. Makefile + rules are used to ensure that we run make on the derived sources + before running qmake on the actual target makefile. This makes + it easier to keep a proper dependency between derived sources + and the target. + + * We use GNU make and the compiler to generate dependencies on + UNIX-based systems running Qt 5. This allows us to lessen the + need to run qmake, which should reduce compile time. + + * WebKit2 is now build by default if building with Qt 5. It can + be disabled by passing --no-webkit2 to build-webkit. + + The result of these changes are hopefully a cleaner and easier + build system to modify, and faster build times due to no longer + running qmake on every single build. It's also a first step + towards possibly generating the list of sources using another + build system. + + https://bugs.webkit.org/show_bug.cgi?id=71222 + + Reviewed by Simon Hausmann. + + * DerivedSources.pri: Added. + * DerivedSources.pro: Removed. + * JavaScriptCore.pro: + * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro. + * headers.pri: Removed. + * jsc.pro: + * wtf/wtf.pri: + * yarr/yarr.pri: + +2011-11-04 Yuqiang Xian <yuqiang.xian@intel.com> + + More code clean-up in DFG 32_64 + https://bugs.webkit.org/show_bug.cgi?id=71540 + + Remove unnecessary code duplications, and fix compilation warnings. + + Reviewed by Gavin Barraclough. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::emitCount): + (JSC::DFG::JITCompiler::setSamplingFlag): + (JSC::DFG::JITCompiler::clearSamplingFlag): + (JSC::DFG::JITCompiler::jitAssertIsCell): + * dfg/DFGJITCompiler32_64.cpp: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-04 Csaba Osztrogonác <ossy@webkit.org> + + De-virtualize JSObject::hasInstance + https://bugs.webkit.org/show_bug.cgi?id=71430 + + Unreviewed rolling out r99238, because it made a test crash on all platform. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::hasInstance): + * API/JSValueRef.cpp: + (JSValueIsInstanceOfConstructor): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ClassInfo.h: + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::hasInstance): + * runtime/JSBoundFunction.h: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSObject.cpp: + (JSC::JSObject::hasInstance): + * runtime/JSObject.h: + +2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::getPropertyNames + https://bugs.webkit.org/show_bug.cgi?id=71306 + + Reviewed by Darin Adler. + + Added getPropertyNames to the MethodTable, changed all the virtual + implementations of getPropertyNames to static ones, and replaced + all call sites with corresponding lookups in the MethodTable. + + * API/JSObjectRef.cpp: + (JSObjectCopyPropertyNames): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::getOwnPropertyNames): + * runtime/ClassInfo.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getPropertyNames): + * runtime/JSCell.h: + * runtime/JSObject.cpp: + (JSC::JSObject::getPropertyNames): + (JSC::JSObject::getOwnPropertyNames): + * runtime/JSObject.h: + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::create): + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::print): + * runtime/Structure.cpp: + (JSC::Structure::getPropertyNamesFromStructure): + * runtime/Structure.h: + +2011-11-03 Darin Adler <darin@apple.com> + + Change remaining callers of releaseRef to call leakRef + https://bugs.webkit.org/show_bug.cgi?id=71422 + + * wtf/text/AtomicString.cpp: + (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef. + +2011-11-02 Darin Adler <darin@apple.com> + + Change remaining callers of releaseRef to call leakRef + https://bugs.webkit.org/show_bug.cgi?id=71422 + + * wtf/text/AtomicString.cpp: + (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef. + +2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::hasInstance + https://bugs.webkit.org/show_bug.cgi?id=71430 + + Reviewed by Darin Adler. + + Added hasInstance to the MethodTable, changed all the virtual + implementations of hasInstance to static ones, and replaced + all call sites with corresponding lookups in the MethodTable. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::hasInstance): + * API/JSValueRef.cpp: + (JSValueIsInstanceOfConstructor): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ClassInfo.h: + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::hasInstance): + * runtime/JSBoundFunction.h: + * runtime/JSCell.cpp: + (JSC::JSCell::hasInstance): + * runtime/JSCell.h: + * runtime/JSObject.cpp: + (JSC::JSObject::hasInstance): + * runtime/JSObject.h: + +2011-11-03 Filip Pizlo <fpizlo@apple.com> + + JIT-specific code should be able to refer to register types even on JIT-disabled builds + https://bugs.webkit.org/show_bug.cgi?id=71498 + + Reviewed by Gavin Barraclough. + + * assembler/MacroAssembler.h: + (MacroAssembler::MacroAssembler): + +2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::className + https://bugs.webkit.org/show_bug.cgi?id=71428 + + Reviewed by Sam Weinig. + + Added className to the MethodTable, changed all the virtual + implementations of className to static ones, and replaced + all call sites with corresponding lookups in the MethodTable. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::className): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::className): + * debugger/DebuggerActivation.h: + * jsc.cpp: + (GlobalObject::createStructure): + * profiler/Profiler.cpp: + (JSC::Profiler::createCallIdentifier): + * runtime/ClassInfo.h: + * runtime/JSCell.cpp: + (JSC::JSCell::className): + * runtime/JSCell.h: + * runtime/JSObject.cpp: + (JSC::JSObject::className): + * runtime/JSObject.h: + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncToString): + * testRegExp.cpp: + (GlobalObject::createStructure): + +2011-11-02 Jer Noble <jer.noble@apple.com> + + Add Clock class and platform-specific implementations. + https://bugs.webkit.org/show_bug.cgi?id=71341 + + Reviewed by Sam Weinig. + + Add WTF_USE_COREAUDIO macro for use by PlatformClockCA. + + * wtf/Platform.h: + +2011-11-03 Pavel Feldman <pfeldman@chromium.org> + + Not reviewed: fixing win build. step2. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-11-03 Pavel Feldman <pfeldman@chromium.org> + + Not reviewed: fix windows build, step1 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-11-03 Pavel Feldman <pfeldman@google.com> + + Web Inspector: preserve script location for inline handlers. + https://bugs.webkit.org/show_bug.cgi?id=71367 + + Makes SourceCode factories receive TextPosition instead of the line number; + Stores consistent position values in SourceCode and SourceProvider; + + Reviewed by Yury Semikhatsky. + + * API/JSBase.cpp: + (JSEvaluateScript): + (JSCheckScriptSyntax): + * API/JSObjectRef.cpp: + (JSObjectMakeFunction): + * parser/SourceCode.h: + (JSC::makeSource): + * parser/SourceProvider.h: + (JSC::SourceProvider::SourceProvider): + (JSC::SourceProvider::startPosition): + (JSC::UStringSourceProvider::create): + (JSC::UStringSourceProvider::UStringSourceProvider): + * runtime/FunctionConstructor.cpp: + (JSC::constructFunction): + (JSC::constructFunctionSkippingEvalEnabledCheck): + * runtime/FunctionConstructor.h: + +2011-11-03 Kentaro Hara <haraken@chromium.org> + + Fixed wrong implementation of doubleValue % 2^{64}. + https://bugs.webkit.org/show_bug.cgi?id=67980 + + Reviewed by Hajime Morita. + + fast/events/constructors/progress-event-constructor.html was failing + because of the wrong implementation of conversion from an ECMAScript value + to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long). + In particular, the calculation of doubleValue % 2^{64} was wrong. + This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h. + + * wtf/MathExtras.h: + (doubleToInteger): Implemented the spec correctly. + +2011-11-03 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r99089. + http://trac.webkit.org/changeset/99089 + https://bugs.webkit.org/show_bug.cgi?id=71448 + + @plt postfix for math functions cause crash on Linux 32 (the + symbol is defined but it points to NULL) (Requested by + zherczeg on #webkit). + + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + * jit/ThunkGenerators.cpp: + +2011-11-02 Filip Pizlo <fpizlo@apple.com> + + DFG inlining breaks function.arguments[something] if the argument being + retrieved was subjected to DFG's unboxing optimizations + https://bugs.webkit.org/show_bug.cgi?id=71436 + + Reviewed by Oliver Hunt. + + This makes inlined arguments retrieval use some of the same machinery as + OSR to determine where from, and how, to retrieve a value that the DFG + might have somehow squirreled away while the old JIT would put it in its + obvious location, using an obvious format. + + To that end, previously DFG-internal notions such as DataFormat, + VirtualRegister, and ValueRecovery are now in bytecode/ since they are + stored as part of InlineCallFrames. + + * bytecode/CodeOrigin.h: + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * interpreter/CallFrame.cpp: + (JSC::CallFrame::trueCallerFrame): + * interpreter/CallFrame.h: + (JSC::ExecState::inlineCallFrame): + * interpreter/Register.h: + (JSC::Register::asInlineCallFrame): + (JSC::Register::unboxedInt32): + (JSC::Register::unboxedBoolean): + (JSC::Register::unboxedCell): + * runtime/Arguments.h: + (JSC::Arguments::finishCreationAndCopyRegisters): + +2011-11-02 Filip Pizlo <fpizlo@apple.com> + + ValueRecovery should be moved out of the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=71439 + + Reviewed by Oliver Hunt. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/DataFormat.h: Added. + (JSC::dataFormatToString): + (JSC::needDataFormatConversion): + (JSC::isJSFormat): + (JSC::isJSInteger): + (JSC::isJSDouble): + (JSC::isJSCell): + (JSC::isJSBoolean): + * bytecode/ValueRecovery.h: Added. + (JSC::ValueRecovery::ValueRecovery): + (JSC::ValueRecovery::alreadyInRegisterFile): + (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32): + (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell): + (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean): + (JSC::ValueRecovery::inGPR): + (JSC::ValueRecovery::inPair): + (JSC::ValueRecovery::inFPR): + (JSC::ValueRecovery::displacedInRegisterFile): + (JSC::ValueRecovery::constant): + (JSC::ValueRecovery::technique): + (JSC::ValueRecovery::isInRegisters): + (JSC::ValueRecovery::gpr): + (JSC::ValueRecovery::tagGPR): + (JSC::ValueRecovery::payloadGPR): + (JSC::ValueRecovery::fpr): + (JSC::ValueRecovery::virtualRegister): + (JSC::ValueRecovery::dump): + * bytecode/VirtualRegister.h: Added. + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::isJSFormat): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGVariableAccessData.h: + +2011-11-02 Sam Weinig <sam@webkit.org> + + Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter + https://bugs.webkit.org/show_bug.cgi?id=71333 + + Reviewed by Gavin Barraclough. + + Tested by fast/dom/getter-on-window-object2.html + + * runtime/PropertyDescriptor.cpp: + (JSC::PropertyDescriptor::setDescriptor): + The attributes returned from Structure::get do not include Getter or Setter, so + instead check if the value is a GetterSetter like we do elsewhere. If it is, update + the descriptor's attributes accordingly. + +2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com> + + FunctionPtr should accept FASTCALL functions on X86 + https://bugs.webkit.org/show_bug.cgi?id=71434 + + Reviewed by Filip Pizlo. + + On X86 we sometimes use FASTCALL convention functions, for example the + cti functions, and we may need the pointers to such functions, e.g., + in current DFG register file check and arity check, though long term + we may avoid such usage of cti calls in DFG. + + * assembler/MacroAssemblerCodeRef.h: + (JSC::FunctionPtr::FunctionPtr): + +2011-11-02 Filip Pizlo <fpizlo@apple.com> + + Inlined uses of the global object should use the right global object + https://bugs.webkit.org/show_bug.cgi?id=71427 + + Reviewed by Oliver Hunt. + + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::globalObjectFor): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com> + + Remove some unnecessary loads/stores in DFG JIT 32_64 + https://bugs.webkit.org/show_bug.cgi?id=71090 + + Reviewed by Filip Pizlo. + + In fillSpeculateCell and OSR exit, some unnecessary loads/stores can + be eliminated. + + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + +2011-11-02 Adam Klein <adamk@chromium.org> + + Replace usage of StringImpl with String where possible in CharacterData and Text + https://bugs.webkit.org/show_bug.cgi?id=71383 + + Reviewed by Darin Adler. + + * wtf/text/WTFString.h: + (WTF::String::containsOnlyWhitespace): Added new method. + +2011-11-02 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::getOwnPropertyNames + https://bugs.webkit.org/show_bug.cgi?id=71307 + + Reviewed by Darin Adler. + + Added getOwnPropertyNames to the MethodTable, changed all the virtual + implementations of getOwnPropertyNames to static ones, and replaced + all call sites with corresponding lookups in the MethodTable. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertyNames): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::getOwnPropertyNames): + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertyNames): + * runtime/Arguments.h: + * runtime/ClassInfo.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::getOwnPropertyNames): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertyNames): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::getOwnPropertyNames): + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getOwnPropertyNames): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertyNames): + * runtime/JSFunction.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::getOwnPropertyNames): + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::Stringifier::Holder::appendNextProperty): + (JSC::Walker::walk): + * runtime/JSObject.cpp: + (JSC::JSObject::getPropertyNames): + (JSC::JSObject::getOwnPropertyNames): + * runtime/JSObject.h: + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::~JSVariableObject): + (JSC::JSVariableObject::getOwnPropertyNames): + * runtime/JSVariableObject.h: + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorGetOwnPropertyNames): + (JSC::objectConstructorKeys): + (JSC::defineProperties): + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::getOwnPropertyNames): + * runtime/StringObject.cpp: + (JSC::StringObject::getOwnPropertyNames): + * runtime/StringObject.h: + * runtime/Structure.h: + +2011-11-02 Dean Jackson <dino@apple.com> + + Add ENABLE_CSS_SHADERS flag + https://bugs.webkit.org/show_bug.cgi?id=71394 + + Reviewed by Sam Weinig. + + * Configurations/FeatureDefines.xcconfig: + +2011-11-02 Alexey Shabalin <a.shabalin@gmail.com> + + TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586) + https://bugs.webkit.org/show_bug.cgi?id=70610 + + Reviewed by Martin Robinson. + + Properly annotate ASM on BSD and Linux x86 systems. + + * dfg/DFGOperations.cpp: Add annotation for X86. + * jit/JITStubs.cpp: Ditto. + * jit/ThunkGenerators.cpp: Ditto. + +2011-11-02 Xianzhu Wang <wangxianzhu@chromium.org> + + Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate() + https://bugs.webkit.org/show_bug.cgi?id=71347 + + Reviewed by Geoffrey Garen. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::reallocate): + +2011-11-01 Darin Adler <darin@apple.com> + + Cut down on malloc/free a bit in the parser arena + https://bugs.webkit.org/show_bug.cgi?id=71343 + + Reviewed by Oliver Hunt. + + * parser/ParserArena.cpp: + (JSC::ParserArena::deallocateObjects): Call the destructors of + the deletable objects before freeing the pools. Don't call + fastFree on the deletable objects any more. + + * parser/ParserArena.h: + (JSC::ParserArena::allocateDeletable): Use allocateFreeable + instead of fastMalloc here. + +2011-11-01 Sam Weinig <sam@webkit.org> + + Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor + https://bugs.webkit.org/show_bug.cgi?id=71336 + + Reviewed by Darin Adler. + + * debugger/DebuggerActivation.cpp: + * debugger/DebuggerActivation.h: + Remove overrides of lookupGetter/lookupSetter, which are no longer needed + due to implementing getPropertyDescriptor. + + * runtime/JSObject.cpp: + (JSC::JSObject::lookupGetter): + (JSC::JSObject::lookupSetter): + * runtime/JSObject.h: + De-virtualize lookupGetter/lookupSetter, and implement them in terms of + getPropertyDescriptor. + +2011-11-01 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::defineSetter + https://bugs.webkit.org/show_bug.cgi?id=71303 + + Reviewed by Darin Adler. + + Added defineSetter to the MethodTable, changed all the virtual + implementations of defineSetter to static ones, and replaced + all call sites with corresponding lookups in the MethodTable. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::defineSetter): + * debugger/DebuggerActivation.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ClassInfo.h: + * runtime/JSCell.cpp: + (JSC::JSCell::defineSetter): + * runtime/JSCell.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::defineSetter): + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::defineSetter): + (JSC::putDescriptor): + * runtime/JSObject.h: + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncDefineSetter): + +2011-11-01 Filip Pizlo <fpizlo@apple.com> + + DFG inlining breaks function.arguments + https://bugs.webkit.org/show_bug.cgi?id=71329 + + Reviewed by Oliver Hunt. + + The DFG was forgetting to store code origin mappings for inlined + call sites. Some of the fast-path optimizations for + CallFrame::trueCallerFrame() were wrong. An assertion in Arguments + was wrong. + + I also took the opportunity to decrease code duplication between + DFG64 and DFG32_64, because I didn't feel like writing the same + code twice. + + * bytecode/CodeBlock.h: + (JSC::ExecState::isInlineCallFrame): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler32_64.cpp: + * dfg/DFGNode.h: + * interpreter/CallFrame.cpp: + (JSC::CallFrame::trueCallerFrame): + * interpreter/CallFrame.h: + * runtime/Arguments.h: + (JSC::Arguments::getArgumentsData): + +2011-11-01 Xianzhu Wang <wangxianzhu@chromium.org> + + StringImpl::reallocate() should have a 8-bit version + https://bugs.webkit.org/show_bug.cgi?id=71210 + + Reviewed by Geoffrey Garen. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::reallocate): + * wtf/text/StringImpl.h: + +2011-10-31 Filip Pizlo <fpizlo@apple.com> + + The GC should be parallel + https://bugs.webkit.org/show_bug.cgi?id=70995 + + Reviewed by Geoff Garen. + + Added parallel tracing to the GC. This works by having local mark + stacks per thread, and a global shared one. Threads sometimes + donate cells from the mark stack to the global one if the heuristics + tell them that it's affordable to do so. Threads that have depleted + their local mark stacks try to steal some from the shared one. + + Marking is now done using an atomic weak relaxed CAS (compare-and-swap). + + This is a 23% speed-up on V8-splay when I use 4 marking threads, + leading to a 3.5% speed-up on V8. + + It also appears that this reduces GC pause times on real websites by + more than half. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::~Heap): + (JSC::Heap::markRoots): + * heap/Heap.h: + * heap/MarkStack.cpp: + (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator): + (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator): + (JSC::MarkStackSegmentAllocator::allocate): + (JSC::MarkStackSegmentAllocator::release): + (JSC::MarkStackSegmentAllocator::shrinkReserve): + (JSC::MarkStackArray::MarkStackArray): + (JSC::MarkStackArray::~MarkStackArray): + (JSC::MarkStackArray::expand): + (JSC::MarkStackArray::refill): + (JSC::MarkStackArray::donateSomeCellsTo): + (JSC::MarkStackArray::stealSomeCellsFrom): + (JSC::MarkStackThreadSharedData::markingThreadMain): + (JSC::MarkStackThreadSharedData::markingThreadStartFunc): + (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): + (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData): + (JSC::MarkStackThreadSharedData::reset): + (JSC::MarkStack::reset): + (JSC::SlotVisitor::donateSlow): + (JSC::SlotVisitor::drain): + (JSC::SlotVisitor::drainFromShared): + (JSC::MarkStack::mergeOpaqueRoots): + (JSC::SlotVisitor::harvestWeakReferences): + * heap/MarkStack.h: + (JSC::MarkStackSegment::data): + (JSC::MarkStackSegment::capacityFromSize): + (JSC::MarkStackSegment::sizeFromCapacity): + (JSC::MarkStackArray::postIncTop): + (JSC::MarkStackArray::preDecTop): + (JSC::MarkStackArray::setTopForFullSegment): + (JSC::MarkStackArray::setTopForEmptySegment): + (JSC::MarkStackArray::top): + (JSC::MarkStackArray::validatePrevious): + (JSC::MarkStack::addWeakReferenceHarvester): + (JSC::MarkStack::mergeOpaqueRootsIfNecessary): + (JSC::MarkStack::mergeOpaqueRootsIfProfitable): + (JSC::MarkStack::MarkStack): + (JSC::MarkStack::addOpaqueRoot): + (JSC::MarkStack::containsOpaqueRoot): + (JSC::MarkStack::opaqueRootCount): + (JSC::MarkStackArray::append): + (JSC::MarkStackArray::canRemoveLast): + (JSC::MarkStackArray::removeLast): + (JSC::MarkStackArray::isEmpty): + (JSC::MarkStackArray::canDonateSomeCells): + (JSC::MarkStackArray::size): + (JSC::ParallelModeEnabler::ParallelModeEnabler): + (JSC::ParallelModeEnabler::~ParallelModeEnabler): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::testAndSetMarked): + * heap/SlotVisitor.h: + (JSC::SlotVisitor::donate): + (JSC::SlotVisitor::donateAndDrain): + (JSC::SlotVisitor::donateKnownParallel): + (JSC::SlotVisitor::SlotVisitor): + * heap/WeakReferenceHarvester.h: + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: + * wtf/Atomics.h: + (WTF::weakCompareAndSwap): + * wtf/Bitmap.h: + (WTF::::Bitmap): + (WTF::::get): + (WTF::::set): + (WTF::::testAndSet): + (WTF::::testAndClear): + (WTF::::concurrentTestAndSet): + (WTF::::concurrentTestAndClear): + (WTF::::clear): + (WTF::::clearAll): + (WTF::::nextPossiblyUnset): + (WTF::::findRunOfZeros): + (WTF::::count): + (WTF::::isEmpty): + (WTF::::isFull): + * wtf/MainThread.h: + (WTF::isMainThreadOrGCThread): + * wtf/Platform.h: + * wtf/ThreadSpecific.h: + (WTF::::isSet): + * wtf/mac/MainThreadMac.mm: + (WTF::initializeGCThreads): + (WTF::initializeMainThreadPlatform): + (WTF::initializeMainThreadToProcessMainThreadPlatform): + (WTF::registerGCThread): + (WTF::isMainThreadOrGCThread): + +2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::defaultValue + https://bugs.webkit.org/show_bug.cgi?id=71146 + + Reviewed by Sam Weinig. + + Added defaultValue to the MethodTable. Replaced all virtual versions of + defaultValue with static versions. Replaced all call sites with lookups in the + MethodTable. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/ClassInfo.h: + * runtime/ExceptionHelpers.cpp: + (JSC::InterruptedExecutionError::defaultValue): + (JSC::TerminatedExecutionError::defaultValue): + * runtime/ExceptionHelpers.h: + * runtime/JSCell.cpp: + (JSC::JSCell::defaultValue): + * runtime/JSCell.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::defaultValue): + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::getPrimitiveNumber): + (JSC::JSObject::defaultValue): + * runtime/JSObject.h: + (JSC::JSObject::toPrimitive): + +2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com> + + Interpreter build fix + + Unreviewed build fix + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * runtime/Executable.cpp: + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + +2011-10-31 Filip Pizlo <fpizlo@apple.com> + + DFG OSR exits should add to value profiles + https://bugs.webkit.org/show_bug.cgi?id=71202 + + Reviewed by Oliver Hunt. + + Value profiles now have an extra special slot not used by the old JIT's + profiling, which is reserved for OSR exits. + + The DFG's OSR exit code now knows which register, node index, and value + profiling site was responsible for the (possibly flawed) information that + led to the OSR failure. This is somewhat opportunistic and imperfect; + if there's a lot of control flow between the value profiling site and the + OSR failure point, then this mechanism simply gives up. It also gives up + if the OSR failure is caused by either known deficiencies in the DFG + (like that we always assume that the index in a strict charCodeAt access + is within bounds) or where the OSR failure would be catalogues and + profiled through other means (like slow case counters). + + This patch also adds the notion of a JSValueRegs, which is either a + single register in JSVALUE64 or a pair in JSVALUE32_64. We should + probably move the 32_64 DFG towards using this, since it often makes it + easier to share code between 64 and 32_64. + + Also fixed a number of pathologies that this uncovered. op_method_check + didn't have a value profiling site on the slow path. GetById should not + always force OSR exit if it never executed in the old JIT; we may be + able to infer its type if it's a array or string length get. Finally, + these changes benefit from a slight tweak to optimization delay + heuristics (profile fullness is now 0.35 instead of 0.25). + + 3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes + and imaging-darkroom. + + * bytecode/ValueProfile.cpp: + (JSC::ValueProfile::computeStatistics): + (JSC::ValueProfile::computeUpdatedPrediction): + * bytecode/ValueProfile.h: + (JSC::ValueProfile::ValueProfile): + (JSC::ValueProfile::specFailBucket): + (JSC::ValueProfile::numberOfSamples): + (JSC::ValueProfile::isLive): + (JSC::ValueProfile::numberOfInt32s): + (JSC::ValueProfile::numberOfDoubles): + (JSC::ValueProfile::numberOfCells): + (JSC::ValueProfile::numberOfObjects): + (JSC::ValueProfile::numberOfFinalObjects): + (JSC::ValueProfile::numberOfStrings): + (JSC::ValueProfile::numberOfArrays): + (JSC::ValueProfile::numberOfBooleans): + (JSC::ValueProfile::dump): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): + (JSC::DFG::ByteCodeParser::getPrediction): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGPRInfo.h: + (JSC::DFG::JSValueRegs::JSValueRegs): + (JSC::DFG::JSValueRegs::operator!): + (JSC::DFG::JSValueRegs::gpr): + (JSC::DFG::JSValueSource::JSValueSource): + (JSC::DFG::JSValueSource::unboxedCell): + (JSC::DFG::JSValueSource::operator!): + (JSC::DFG::JSValueSource::isAddress): + (JSC::DFG::JSValueSource::offset): + (JSC::DFG::JSValueSource::base): + (JSC::DFG::JSValueSource::gpr): + (JSC::DFG::JSValueSource::asAddress): + (JSC::DFG::JSValueSource::notAddress): + (JSC::DFG::JSValueRegs::tagGPR): + (JSC::DFG::JSValueRegs::payloadGPR): + (JSC::DFG::JSValueSource::tagGPR): + (JSC::DFG::JSValueSource::payloadGPR): + (JSC::DFG::JSValueSource::hasKnownTag): + (JSC::DFG::JSValueSource::tag): + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::jsValueRegs): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::valueProfileFor): + * dfg/DFGJITCodeGenerator.h: + (JSC::JSValueOperand::jsValueRegs): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::valueProfileFor): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): + (JSC::DFG::SpeculativeJIT::compileGetByValOnString): + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emitSlow_op_method_check): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emitSlow_op_method_check): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/JSValue.h: + +2011-10-31 Sam Weinig <sam@webkit.org> + + Remove need for virtual JSObject::unwrappedObject + https://bugs.webkit.org/show_bug.cgi?id=71034 + + Reviewed by Geoffrey Garen. + + * JavaScriptCore.exp: + Update exports. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + Add JSGlobalThis.cpp. + + * runtime/JSGlobalThis.cpp: Added. + (JSC::JSGlobalThis::visitChildren): + (JSC::JSGlobalThis::unwrappedObject): + * runtime/JSGlobalThis.h: + (JSC::JSGlobalThis::createStructure): + Move underlying object from JSDOMWindowShell down to JSGlobalThis + and corresponding visitChildren method. + + * runtime/JSObject.cpp: + (JSC::JSObject::unwrappedObject): + Change unwrappedObject from virtual, to just needing an if check. + + * runtime/JSObject.h: + (JSC::JSObject::isGlobalThis): + * runtime/JSType.h: + Add isGlobalThis predicate and type. + +2011-10-31 Xianzhu Wang <wangxianzhu@chromium.org> + + WTF::StringImpl::create(const char*, unsigned) calls itself + https://bugs.webkit.org/show_bug.cgi?id=71206 + + The original implementation just calls itself, causing infinite recursion. + Cast the first parameter to const LChar* to fix that. + + Reviewed by Ryosuke Niwa. + + * wtf/text/StringImpl.h: + (WTF::StringImpl::create): + +2011-10-31 Andy Wingo <wingo@igalia.com> + + Fix DFG JIT compilation on Linux targets. + https://bugs.webkit.org/show_bug.cgi?id=70904 + + Reviewed by Darin Adler. + + * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this + macro. + + * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the + simplified definition from jit/JITStubs.cpp. + (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue): + Use the macro to access trampoline targets through the PLT on PIC + systems, instead of introducing a text relocation. Otherwise, the + library fails to link. + +2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSObject::defineGetter + https://bugs.webkit.org/show_bug.cgi?id=71134 + + Reviewed by Darin Adler. + + Added defineGetter to the MethodTable. Replaced all virtual versions of defineGetter + with static versions. Replaced all call sites with lookups in the MethodTable. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::defineGetter): + * debugger/DebuggerActivation.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ClassInfo.h: + * runtime/JSCell.cpp: + (JSC::JSCell::defineGetter): + * runtime/JSCell.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::defineGetter): + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::defineGetter): + (JSC::putDescriptor): + * runtime/JSObject.h: + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncDefineGetter): + +2011-10-31 Michael Saboff <msaboff@apple.com> + + Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData + https://bugs.webkit.org/show_bug.cgi?id=71138 + + Restructure and movement of Lexer and Parser code. + Moved Lexer and Parser objects out of JSGlobalData. + Added a new ParserTokens class and instance to JSGlobalData that + have JavaScript token related definitions. + Replaced JSGlobalData arguments to Node classes with lineNumber, + as that was the only use of the JSGlobalData. + Combined JSParser and Parser classes into one class, + eliminating JSParser.h and .cpp. + Various supporting #include changes. + + These mostly mechanical changes are done in preparation to + making the Lexer and Parser template classes. + + Reviewed by Darin Adler. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecompiler/NodesCodegen.cpp: + (JSC::ArrayNode::toArgumentList): + (JSC::ApplyFunctionCallDotNode::emitBytecode): + * parser/ASTBuilder.h: + (JSC::ASTBuilder::ASTBuilder): + (JSC::ASTBuilder::createSourceElements): + (JSC::ASTBuilder::createCommaExpr): + (JSC::ASTBuilder::createLogicalNot): + (JSC::ASTBuilder::createUnaryPlus): + (JSC::ASTBuilder::createVoid): + (JSC::ASTBuilder::thisExpr): + (JSC::ASTBuilder::createResolve): + (JSC::ASTBuilder::createObjectLiteral): + (JSC::ASTBuilder::createArray): + (JSC::ASTBuilder::createNumberExpr): + (JSC::ASTBuilder::createString): + (JSC::ASTBuilder::createBoolean): + (JSC::ASTBuilder::createNull): + (JSC::ASTBuilder::createBracketAccess): + (JSC::ASTBuilder::createDotAccess): + (JSC::ASTBuilder::createRegExp): + (JSC::ASTBuilder::createNewExpr): + (JSC::ASTBuilder::createConditionalExpr): + (JSC::ASTBuilder::createAssignResolve): + (JSC::ASTBuilder::createFunctionExpr): + (JSC::ASTBuilder::createFunctionBody): + (JSC::ASTBuilder::createGetterOrSetterProperty): + (JSC::ASTBuilder::createArguments): + (JSC::ASTBuilder::createArgumentsList): + (JSC::ASTBuilder::createPropertyList): + (JSC::ASTBuilder::createElementList): + (JSC::ASTBuilder::createFormalParameterList): + (JSC::ASTBuilder::createClause): + (JSC::ASTBuilder::createClauseList): + (JSC::ASTBuilder::createFuncDeclStatement): + (JSC::ASTBuilder::createBlockStatement): + (JSC::ASTBuilder::createExprStatement): + (JSC::ASTBuilder::createIfStatement): + (JSC::ASTBuilder::createForLoop): + (JSC::ASTBuilder::createForInLoop): + (JSC::ASTBuilder::createEmptyStatement): + (JSC::ASTBuilder::createVarStatement): + (JSC::ASTBuilder::createReturnStatement): + (JSC::ASTBuilder::createBreakStatement): + (JSC::ASTBuilder::createContinueStatement): + (JSC::ASTBuilder::createTryStatement): + (JSC::ASTBuilder::createSwitchStatement): + (JSC::ASTBuilder::createWhileStatement): + (JSC::ASTBuilder::createDoWhileStatement): + (JSC::ASTBuilder::createLabelStatement): + (JSC::ASTBuilder::createWithStatement): + (JSC::ASTBuilder::createThrowStatement): + (JSC::ASTBuilder::createDebugger): + (JSC::ASTBuilder::createConstStatement): + (JSC::ASTBuilder::appendConstDecl): + (JSC::ASTBuilder::combineCommaNodes): + (JSC::ASTBuilder::appendBinaryOperation): + (JSC::ASTBuilder::createAssignment): + (JSC::ASTBuilder::createNumber): + (JSC::ASTBuilder::makeTypeOfNode): + (JSC::ASTBuilder::makeDeleteNode): + (JSC::ASTBuilder::makeNegateNode): + (JSC::ASTBuilder::makeBitwiseNotNode): + (JSC::ASTBuilder::makeMultNode): + (JSC::ASTBuilder::makeDivNode): + (JSC::ASTBuilder::makeModNode): + (JSC::ASTBuilder::makeAddNode): + (JSC::ASTBuilder::makeSubNode): + (JSC::ASTBuilder::makeLeftShiftNode): + (JSC::ASTBuilder::makeRightShiftNode): + (JSC::ASTBuilder::makeURightShiftNode): + (JSC::ASTBuilder::makeBitOrNode): + (JSC::ASTBuilder::makeBitAndNode): + (JSC::ASTBuilder::makeBitXOrNode): + (JSC::ASTBuilder::makeFunctionCallNode): + (JSC::ASTBuilder::makeBinaryNode): + (JSC::ASTBuilder::makeAssignNode): + (JSC::ASTBuilder::makePrefixNode): + (JSC::ASTBuilder::makePostfixNode): + * parser/JSParser.cpp: Removed. + * parser/JSParser.h: Removed. + * parser/Lexer.cpp: + (JSC::Keywords::Keywords): + (JSC::Lexer::Lexer): + (JSC::Lexer::~Lexer): + (JSC::Lexer::setCode): + (JSC::Lexer::parseIdentifier): + * parser/Lexer.h: + (JSC::Keywords::isKeyword): + (JSC::Keywords::getKeyword): + (JSC::Keywords::~Keywords): + (JSC::Lexer::setIsReparsing): + (JSC::Lexer::isReparsing): + (JSC::Lexer::lineNumber): + (JSC::Lexer::setLastLineNumber): + (JSC::Lexer::lastLineNumber): + (JSC::Lexer::prevTerminator): + (JSC::Lexer::sawError): + (JSC::Lexer::getErrorMessage): + (JSC::Lexer::currentOffset): + (JSC::Lexer::setOffset): + (JSC::Lexer::setLineNumber): + (JSC::Lexer::sourceProvider): + (JSC::Lexer::isWhiteSpace): + (JSC::Lexer::isLineTerminator): + (JSC::Lexer::convertHex): + (JSC::Lexer::convertUnicode): + (JSC::Lexer::makeIdentifier): + (JSC::Lexer::lexExpectIdentifier): + * parser/NodeConstructors.h: + (JSC::ParserArenaFreeable::operator new): + (JSC::ParserArenaDeletable::operator new): + (JSC::ParserArenaRefCounted::ParserArenaRefCounted): + (JSC::Node::Node): + (JSC::ExpressionNode::ExpressionNode): + (JSC::StatementNode::StatementNode): + (JSC::NullNode::NullNode): + (JSC::BooleanNode::BooleanNode): + (JSC::NumberNode::NumberNode): + (JSC::StringNode::StringNode): + (JSC::RegExpNode::RegExpNode): + (JSC::ThisNode::ThisNode): + (JSC::ResolveNode::ResolveNode): + (JSC::ElementNode::ElementNode): + (JSC::ArrayNode::ArrayNode): + (JSC::PropertyNode::PropertyNode): + (JSC::PropertyListNode::PropertyListNode): + (JSC::ObjectLiteralNode::ObjectLiteralNode): + (JSC::BracketAccessorNode::BracketAccessorNode): + (JSC::DotAccessorNode::DotAccessorNode): + (JSC::ArgumentListNode::ArgumentListNode): + (JSC::ArgumentsNode::ArgumentsNode): + (JSC::NewExprNode::NewExprNode): + (JSC::EvalFunctionCallNode::EvalFunctionCallNode): + (JSC::FunctionCallValueNode::FunctionCallValueNode): + (JSC::FunctionCallResolveNode::FunctionCallResolveNode): + (JSC::FunctionCallBracketNode::FunctionCallBracketNode): + (JSC::FunctionCallDotNode::FunctionCallDotNode): + (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode): + (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode): + (JSC::PrePostResolveNode::PrePostResolveNode): + (JSC::PostfixResolveNode::PostfixResolveNode): + (JSC::PostfixBracketNode::PostfixBracketNode): + (JSC::PostfixDotNode::PostfixDotNode): + (JSC::PostfixErrorNode::PostfixErrorNode): + (JSC::DeleteResolveNode::DeleteResolveNode): + (JSC::DeleteBracketNode::DeleteBracketNode): + (JSC::DeleteDotNode::DeleteDotNode): + (JSC::DeleteValueNode::DeleteValueNode): + (JSC::VoidNode::VoidNode): + (JSC::TypeOfResolveNode::TypeOfResolveNode): + (JSC::TypeOfValueNode::TypeOfValueNode): + (JSC::PrefixResolveNode::PrefixResolveNode): + (JSC::PrefixBracketNode::PrefixBracketNode): + (JSC::PrefixDotNode::PrefixDotNode): + (JSC::PrefixErrorNode::PrefixErrorNode): + (JSC::UnaryOpNode::UnaryOpNode): + (JSC::UnaryPlusNode::UnaryPlusNode): + (JSC::NegateNode::NegateNode): + (JSC::BitwiseNotNode::BitwiseNotNode): + (JSC::LogicalNotNode::LogicalNotNode): + (JSC::BinaryOpNode::BinaryOpNode): + (JSC::MultNode::MultNode): + (JSC::DivNode::DivNode): + (JSC::ModNode::ModNode): + (JSC::AddNode::AddNode): + (JSC::SubNode::SubNode): + (JSC::LeftShiftNode::LeftShiftNode): + (JSC::RightShiftNode::RightShiftNode): + (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode): + (JSC::LessNode::LessNode): + (JSC::GreaterNode::GreaterNode): + (JSC::LessEqNode::LessEqNode): + (JSC::GreaterEqNode::GreaterEqNode): + (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode): + (JSC::InstanceOfNode::InstanceOfNode): + (JSC::InNode::InNode): + (JSC::EqualNode::EqualNode): + (JSC::NotEqualNode::NotEqualNode): + (JSC::StrictEqualNode::StrictEqualNode): + (JSC::NotStrictEqualNode::NotStrictEqualNode): + (JSC::BitAndNode::BitAndNode): + (JSC::BitOrNode::BitOrNode): + (JSC::BitXOrNode::BitXOrNode): + (JSC::LogicalOpNode::LogicalOpNode): + (JSC::ConditionalNode::ConditionalNode): + (JSC::ReadModifyResolveNode::ReadModifyResolveNode): + (JSC::AssignResolveNode::AssignResolveNode): + (JSC::ReadModifyBracketNode::ReadModifyBracketNode): + (JSC::AssignBracketNode::AssignBracketNode): + (JSC::AssignDotNode::AssignDotNode): + (JSC::ReadModifyDotNode::ReadModifyDotNode): + (JSC::AssignErrorNode::AssignErrorNode): + (JSC::CommaNode::CommaNode): + (JSC::ConstStatementNode::ConstStatementNode): + (JSC::SourceElements::SourceElements): + (JSC::EmptyStatementNode::EmptyStatementNode): + (JSC::DebuggerStatementNode::DebuggerStatementNode): + (JSC::ExprStatementNode::ExprStatementNode): + (JSC::VarStatementNode::VarStatementNode): + (JSC::IfNode::IfNode): + (JSC::IfElseNode::IfElseNode): + (JSC::DoWhileNode::DoWhileNode): + (JSC::WhileNode::WhileNode): + (JSC::ForNode::ForNode): + (JSC::ContinueNode::ContinueNode): + (JSC::BreakNode::BreakNode): + (JSC::ReturnNode::ReturnNode): + (JSC::WithNode::WithNode): + (JSC::LabelNode::LabelNode): + (JSC::ThrowNode::ThrowNode): + (JSC::TryNode::TryNode): + (JSC::ParameterNode::ParameterNode): + (JSC::FuncExprNode::FuncExprNode): + (JSC::FuncDeclNode::FuncDeclNode): + (JSC::CaseClauseNode::CaseClauseNode): + (JSC::ClauseListNode::ClauseListNode): + (JSC::CaseBlockNode::CaseBlockNode): + (JSC::SwitchNode::SwitchNode): + (JSC::ConstDeclNode::ConstDeclNode): + (JSC::BlockNode::BlockNode): + (JSC::ForInNode::ForInNode): + * parser/NodeInfo.h: + * parser/Nodes.cpp: + (JSC::StatementNode::setLoc): + (JSC::ScopeNode::ScopeNode): + (JSC::ProgramNode::ProgramNode): + (JSC::ProgramNode::create): + (JSC::EvalNode::EvalNode): + (JSC::EvalNode::create): + (JSC::FunctionBodyNode::FunctionBodyNode): + (JSC::FunctionBodyNode::create): + * parser/Nodes.h: + (JSC::Node::lineNo): + * parser/Parser.cpp: + (JSC::Parser::Parser): + (JSC::Parser::~Parser): + (JSC::Parser::parseInner): + (JSC::Parser::allowAutomaticSemicolon): + (JSC::Parser::parseSourceElements): + (JSC::Parser::parseVarDeclaration): + (JSC::Parser::parseConstDeclaration): + (JSC::Parser::parseDoWhileStatement): + (JSC::Parser::parseWhileStatement): + (JSC::Parser::parseVarDeclarationList): + (JSC::Parser::parseConstDeclarationList): + (JSC::Parser::parseForStatement): + (JSC::Parser::parseBreakStatement): + (JSC::Parser::parseContinueStatement): + (JSC::Parser::parseReturnStatement): + (JSC::Parser::parseThrowStatement): + (JSC::Parser::parseWithStatement): + (JSC::Parser::parseSwitchStatement): + (JSC::Parser::parseSwitchClauses): + (JSC::Parser::parseSwitchDefaultClause): + (JSC::Parser::parseTryStatement): + (JSC::Parser::parseDebuggerStatement): + (JSC::Parser::parseBlockStatement): + (JSC::Parser::parseStatement): + (JSC::Parser::parseFormalParameters): + (JSC::Parser::parseFunctionBody): + (JSC::Parser::parseFunctionInfo): + (JSC::Parser::parseFunctionDeclaration): + (JSC::LabelInfo::LabelInfo): + (JSC::Parser::parseExpressionOrLabelStatement): + (JSC::Parser::parseExpressionStatement): + (JSC::Parser::parseIfStatement): + (JSC::Parser::parseExpression): + (JSC::Parser::parseAssignmentExpression): + (JSC::Parser::parseConditionalExpression): + (JSC::isUnaryOp): + (JSC::Parser::isBinaryOperator): + (JSC::Parser::parseBinaryExpression): + (JSC::Parser::parseProperty): + (JSC::Parser::parseObjectLiteral): + (JSC::Parser::parseStrictObjectLiteral): + (JSC::Parser::parseArrayLiteral): + (JSC::Parser::parsePrimaryExpression): + (JSC::Parser::parseArguments): + (JSC::Parser::parseMemberExpression): + (JSC::Parser::parseUnaryExpression): + * parser/Parser.h: + (JSC::isEvalNode): + (JSC::EvalNode): + (JSC::DepthManager::DepthManager): + (JSC::DepthManager::~DepthManager): + (JSC::ScopeLabelInfo::ScopeLabelInfo): + (JSC::Scope::Scope): + (JSC::Scope::startSwitch): + (JSC::Scope::endSwitch): + (JSC::Scope::startLoop): + (JSC::Scope::endLoop): + (JSC::Scope::inLoop): + (JSC::Scope::breakIsValid): + (JSC::Scope::continueIsValid): + (JSC::Scope::pushLabel): + (JSC::Scope::popLabel): + (JSC::Scope::getLabel): + (JSC::Scope::setIsFunction): + (JSC::Scope::isFunction): + (JSC::Scope::isFunctionBoundary): + (JSC::Scope::declareVariable): + (JSC::Scope::declareWrite): + (JSC::Scope::preventNewDecls): + (JSC::Scope::allowsNewDecls): + (JSC::Scope::declareParameter): + (JSC::Scope::useVariable): + (JSC::Scope::setNeedsFullActivation): + (JSC::Scope::collectFreeVariables): + (JSC::Scope::getUncapturedWrittenVariables): + (JSC::Scope::getCapturedVariables): + (JSC::Scope::setStrictMode): + (JSC::Scope::strictMode): + (JSC::Scope::isValidStrictMode): + (JSC::Scope::shadowsArguments): + (JSC::Scope::copyCapturedVariablesToVector): + (JSC::Scope::saveFunctionInfo): + (JSC::Scope::restoreFunctionInfo): + (JSC::ScopeRef::ScopeRef): + (JSC::ScopeRef::operator->): + (JSC::ScopeRef::index): + (JSC::ScopeRef::hasContainingScope): + (JSC::ScopeRef::containingScope): + (JSC::Parser::AllowInOverride::AllowInOverride): + (JSC::Parser::AllowInOverride::~AllowInOverride): + (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef): + (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef): + (JSC::Parser::AutoPopScopeRef::setPopped): + (JSC::Parser::currentScope): + (JSC::Parser::pushScope): + (JSC::Parser::popScopeInternal): + (JSC::Parser::popScope): + (JSC::Parser::declareVariable): + (JSC::Parser::declareWrite): + (JSC::Parser::findCachedFunctionInfo): + (JSC::Parser::isFunctionBodyNode): + (JSC::Parser::next): + (JSC::Parser::nextExpectIdentifier): + (JSC::Parser::nextTokenIsColon): + (JSC::Parser::consume): + (JSC::Parser::getToken): + (JSC::Parser::match): + (JSC::Parser::tokenStart): + (JSC::Parser::tokenLine): + (JSC::Parser::tokenEnd): + (JSC::Parser::getTokenName): + (JSC::Parser::updateErrorMessageSpecialCase): + (JSC::Parser::updateErrorMessage): + (JSC::Parser::updateErrorWithNameAndMessage): + (JSC::Parser::startLoop): + (JSC::Parser::endLoop): + (JSC::Parser::startSwitch): + (JSC::Parser::endSwitch): + (JSC::Parser::setStrictMode): + (JSC::Parser::strictMode): + (JSC::Parser::isValidStrictMode): + (JSC::Parser::declareParameter): + (JSC::Parser::breakIsValid): + (JSC::Parser::continueIsValid): + (JSC::Parser::pushLabel): + (JSC::Parser::popLabel): + (JSC::Parser::getLabel): + (JSC::Parser::autoSemiColon): + (JSC::Parser::canRecurse): + (JSC::Parser::lastTokenEnd): + (JSC::Parser::DepthManager::DepthManager): + (JSC::Parser::DepthManager::~DepthManager): + (JSC::Parser::parse): + (JSC::parse): + * parser/ParserTokens.h: Added. + (JSC::JSTokenInfo::JSTokenInfo): + * parser/SourceCode.h: + (JSC::SourceCode::subExpression): + * parser/SourceProviderCacheItem.h: + * parser/SyntaxChecker.h: + (JSC::SyntaxChecker::SyntaxChecker): + (JSC::SyntaxChecker::makeFunctionCallNode): + (JSC::SyntaxChecker::createCommaExpr): + (JSC::SyntaxChecker::makeAssignNode): + (JSC::SyntaxChecker::makePrefixNode): + (JSC::SyntaxChecker::makePostfixNode): + (JSC::SyntaxChecker::makeTypeOfNode): + (JSC::SyntaxChecker::makeDeleteNode): + (JSC::SyntaxChecker::makeNegateNode): + (JSC::SyntaxChecker::makeBitwiseNotNode): + (JSC::SyntaxChecker::createLogicalNot): + (JSC::SyntaxChecker::createUnaryPlus): + (JSC::SyntaxChecker::createVoid): + (JSC::SyntaxChecker::thisExpr): + (JSC::SyntaxChecker::createResolve): + (JSC::SyntaxChecker::createObjectLiteral): + (JSC::SyntaxChecker::createArray): + (JSC::SyntaxChecker::createNumberExpr): + (JSC::SyntaxChecker::createString): + (JSC::SyntaxChecker::createBoolean): + (JSC::SyntaxChecker::createNull): + (JSC::SyntaxChecker::createBracketAccess): + (JSC::SyntaxChecker::createDotAccess): + (JSC::SyntaxChecker::createRegExp): + (JSC::SyntaxChecker::createNewExpr): + (JSC::SyntaxChecker::createConditionalExpr): + (JSC::SyntaxChecker::createAssignResolve): + (JSC::SyntaxChecker::createFunctionExpr): + (JSC::SyntaxChecker::createFunctionBody): + (JSC::SyntaxChecker::createArguments): + (JSC::SyntaxChecker::createArgumentsList): + (JSC::SyntaxChecker::createProperty): + (JSC::SyntaxChecker::createPropertyList): + (JSC::SyntaxChecker::createFuncDeclStatement): + (JSC::SyntaxChecker::createBlockStatement): + (JSC::SyntaxChecker::createExprStatement): + (JSC::SyntaxChecker::createIfStatement): + (JSC::SyntaxChecker::createForLoop): + (JSC::SyntaxChecker::createForInLoop): + (JSC::SyntaxChecker::createEmptyStatement): + (JSC::SyntaxChecker::createVarStatement): + (JSC::SyntaxChecker::createReturnStatement): + (JSC::SyntaxChecker::createBreakStatement): + (JSC::SyntaxChecker::createContinueStatement): + (JSC::SyntaxChecker::createTryStatement): + (JSC::SyntaxChecker::createSwitchStatement): + (JSC::SyntaxChecker::createWhileStatement): + (JSC::SyntaxChecker::createWithStatement): + (JSC::SyntaxChecker::createDoWhileStatement): + (JSC::SyntaxChecker::createLabelStatement): + (JSC::SyntaxChecker::createThrowStatement): + (JSC::SyntaxChecker::createDebugger): + (JSC::SyntaxChecker::createConstStatement): + (JSC::SyntaxChecker::appendConstDecl): + (JSC::SyntaxChecker::createGetterOrSetterProperty): + (JSC::SyntaxChecker::combineCommaNodes): + (JSC::SyntaxChecker::operatorStackPop): + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::checkSyntax): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::produceCodeBlockFor): + (JSC::FunctionExecutable::fromGlobalCode): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::tryJSONPParse): + +2011-10-31 Filip Pizlo <fpizlo@apple.com> + + REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding + https://bugs.webkit.org/show_bug.cgi?id=71227 + + Reviewed by Oliver Hunt. + + No new tests, since while I can see exactly where the DFG went wrong on the + site in question from looking at the generated machine code, and while I can + certainly believe that such a scenario would happen, I cannot visualize how + to make it happen reproducibly. It requires an odd combination of double + values getting spilled and then refilled, but then reboxed at just the right + time so that the spilled value is an unboxed double while the in-register + value is a boxed double. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillGPR): + +2011-10-30 Filip Pizlo <fpizlo@apple.com> + + JSParser::parsePrimaryExpression should have an overflow check + https://bugs.webkit.org/show_bug.cgi?id=71197 + + Reviewed by Geoff Garen. + + * parser/JSParser.cpp: + (JSC::JSParser::parsePrimaryExpression): + +2011-10-30 Filip Pizlo <fpizlo@apple.com> + + DFG ValueAdd(string, int) should not fail speculation + https://bugs.webkit.org/show_bug.cgi?id=71195 + + Reviewed by Geoff Garen. + + 1% speed-up on V8. + + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldNotSpeculateInteger): + (JSC::DFG::Node::shouldSpeculateInteger): + +2011-10-30 Filip Pizlo <fpizlo@apple.com> + + The DFG inliner should not flush the callee + https://bugs.webkit.org/show_bug.cgi?id=71191 + + Reviewed by Oliver Hunt. + + 0.6% speed-up on V8. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeOrigin.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::flush): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * interpreter/CallFrame.cpp: + (JSC::CallFrame::trueCallerFrameSlow): + +2011-10-28 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject + https://bugs.webkit.org/show_bug.cgi?id=70968 + + Reviewed by Geoffrey Garen. + + * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their + TypeInfo. Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that + needed it because Windows wouldn't build without it. + (JSC::::createStructure): + * API/JSCallbackObject.h: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. + (JSC::ErrorInstance::createStructure): + * runtime/ErrorPrototype.h: Ditto + (JSC::ErrorPrototype::createStructure): + * runtime/JSActivation.h: Ditto + (JSC::JSActivation::createStructure): + * runtime/JSGlobalObject.h: Ditto + (JSC::JSGlobalObject::createStructure): + * runtime/JSObject.h: De-virtualized functions. They now check the JSType of the object for the corresponding type. + (JSC::JSObject::isGlobalObject): + (JSC::JSObject::isVariableObject): + (JSC::JSObject::isActivationObject): + (JSC::JSObject::isErrorInstance): + * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance. + * runtime/JSVariableObject.cpp: Removed virtual function. + * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure. + (JSC::JSVariableObject::createStructure): + +2011-10-28 Pavel Feldman <pfeldman@google.com> + + Reset line numbers for scripts generated with document.write. + https://bugs.webkit.org/show_bug.cgi?id=71099 + + Reviewed by Yury Semikhatsky. + + * wtf/text/TextPosition.h: + (WTF::OrdinalNumber::OrdinalNumber): + +2011-10-27 Daniel Bates <dbates@rim.com> + + CMake: Add support to optionally install the built JavaScript shell + https://bugs.webkit.org/show_bug.cgi?id=71062 + + Reviewed by Antonio Gomes. + + Generate an installation rule for installing the JavaScript shell in + /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL + is defined. + + * shell/CMakeLists.txt: + +2011-10-27 Kentaro Hara <haraken@chromium.org> + + Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL + https://bugs.webkit.org/show_bug.cgi?id=70215 + + Reviewed by Adam Barth. + + Added a method that judges if a given JSValue is empty. + + Tests: transforms/svg-vs-css.xhtml + transforms/cssmatrix-2d-interface.xhtml + transforms/cssmatrix-3d-interface.xhtml + + * runtime/JSValue.h: + * runtime/JSValueInlineMethods.h: + (JSC::JSValue::isEmpty): + +2011-10-27 Michael Saboff <msaboff@apple.com> + + ENH: Add 8 bit string support to JSC JIT + https://bugs.webkit.org/show_bug.cgi?id=71073 + + Changed the JIT String character access generation to create code + to check the character size and load8() or load16() as approriate. + + Reviewed by Gavin Barraclough. + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::load8): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movzbl_mr): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): + (JSC::DFG::SpeculativeJIT::compileGetByValOnString): + * jit/JITInlineMethods.h: + (JSC::JIT::emitLoadCharacterString): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::stringGetByValStubGenerator): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::stringGetByValStubGenerator): + * jit/JSInterfaceJIT.h: + (JSC::ThunkHelpers::stringImplFlagsOffset): + (JSC::ThunkHelpers::stringImpl8BitFlag): + * jit/ThunkGenerators.cpp: + (JSC::stringCharLoad): + +2011-10-27 Filip Pizlo <fpizlo@apple.com> + + If the bytecode generator emits code after the return in the first basic block, + DFG's inliner crashes + https://bugs.webkit.org/show_bug.cgi?id=71071 + + Reviewed by Gavin Barraclough. + + Removed some cruft dealing with parsing failures due to unsupported functionality + (that's never reached anymore due to it being caught in DFGCapabilities). This + allowed me to repurpose the bool return from parseBlock() to mean: true if we + should continue to parse, or false if we've already parsed all live code. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + +2011-10-27 Joseph Pecoraro <pecoraro@apple.com> + + Reviewed by David Kilzer. + + Make FeatureDefines Identical Across OS X Projects + https://bugs.webkit.org/show_bug.cgi?id=71051 + + * Configurations/FeatureDefines.xcconfig: + +2011-10-27 Filip Pizlo <fpizlo@apple.com> + + Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic + https://bugs.webkit.org/show_bug.cgi?id=71045 + + Reviewed by Geoff Garen. + + Make sure that if a structure is pinned, it also has a property map. + + * runtime/Structure.cpp: + (JSC::Structure::changePrototypeTransition): + (JSC::Structure::despecifyFunctionTransition): + (JSC::Structure::getterSetterTransition): + (JSC::Structure::toDictionaryTransition): + (JSC::Structure::preventExtensionsTransition): + (JSC::Structure::addPropertyWithoutTransition): + (JSC::Structure::removePropertyWithoutTransition): + (JSC::Structure::pin): + (JSC::Structure::copyPropertyTableForPinning): + * runtime/Structure.h: + (JSC::Structure::materializePropertyMapIfNecessaryForPinning): + +2011-10-27 Michael Saboff <msaboff@apple.com> + + 32bit build failure after r98624 + https://bugs.webkit.org/show_bug.cgi?id=71064 + + Disambiguated operator overload with unsigned index (0u). + + Reviewed by Sam Weinig. + + * runtime/UString.h: + (JSC::operator==): + +2011-10-27 Gustavo Noronha Silva <gns@gnome.org> + + Fix building on GNU/kFreeBSD + https://bugs.webkit.org/show_bug.cgi?id=71005 + + Reviewed by Darin Adler. + + * config.h: + * wtf/Platform.h: + +2011-10-27 Michael Saboff <msaboff@apple.com> + + Investigate storing strings in 8-bit buffers when possible + https://bugs.webkit.org/show_bug.cgi?id=66161 + + Investigate storing strings in 8-bit buffers when possible + https://bugs.webkit.org/show_bug.cgi?id=66161 + + Added support for 8 bit string data in StringImpl. Changed + (UChar*) m_data to m_data16. Added char* m_data8 as a union + with m_data16. Added UChar* m_copyData16 to the other union + to store a 16 bit copy of an 8 bit string when needed. + Added characters8() and characters16() accessor methods + that assume the caller has checked the underlying string type + via the new is8Bit() method. The characters() method will + return a UChar* of the string, materializing a 16 bit copy if the + string is an 8 bit string. Added two flags, one for 8 bit buffer + and a second for a 16 bit copy for an 8 bit string. + + Fixed method name typo (StringHasher::defaultCoverter()). + + Over time the goal is to eliminate calls to characters() and + us the character8() and characters16() accessors. + + This patch does not include changes that actually create 8 bit + strings. This is the first of at least 8 patches. Subsequent + patches will be submitted for JIT changes, making the JSC lexer, + parser and literal parser, JavaScript string changes and + then changes in webcore to take advantage of the 8 bit strings. + + This change is performance neutral for SunSpider and V8 when + run from the command line with "jsc". + + Reviewed by Geoffrey Garen. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + * parser/SourceProvider.h: + (JSC::UStringSourceProvider::data): + (JSC::UStringSourceProvider::UStringSourceProvider): + * runtime/Identifier.cpp: + (JSC::IdentifierCStringTranslator::hash): + (JSC::IdentifierCStringTranslator::equal): + (JSC::IdentifierCStringTranslator::translate): + (JSC::Identifier::add): + (JSC::Identifier::toUInt32): + * runtime/Identifier.h: + (JSC::Identifier::equal): + (JSC::operator==): + (JSC::operator!=): + * runtime/JSString.cpp: + (JSC::JSString::resolveRope): + (JSC::JSString::resolveRopeSlowCase): + * runtime/RegExp.cpp: + (JSC::RegExp::match): + * runtime/StringPrototype.cpp: + (JSC::jsSpliceSubstringsWithSeparators): + * runtime/UString.cpp: + (JSC::UString::UString): + (JSC::equalSlowCase): + (JSC::UString::utf8): + * runtime/UString.h: + (JSC::UString::characters): + (JSC::UString::characters8): + (JSC::UString::characters16): + (JSC::UString::is8Bit): + (JSC::UString::operator[]): + (JSC::UString::find): + (JSC::operator==): + * wtf/StringHasher.h: + (WTF::StringHasher::computeHash): + (WTF::StringHasher::defaultConverter): + * wtf/text/AtomicString.cpp: + (WTF::CStringTranslator::hash): + (WTF::CStringTranslator::equal): + (WTF::CStringTranslator::translate): + (WTF::AtomicString::add): + * wtf/text/AtomicString.h: + (WTF::AtomicString::AtomicString): + (WTF::AtomicString::contains): + (WTF::AtomicString::find): + (WTF::AtomicString::add): + (WTF::operator==): + (WTF::operator!=): + (WTF::equalIgnoringCase): + * wtf/text/StringConcatenate.h: + * wtf/text/StringHash.h: + (WTF::StringHash::equal): + (WTF::CaseFoldingHash::hash): + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::~StringImpl): + (WTF::StringImpl::createUninitialized): + (WTF::StringImpl::create): + (WTF::StringImpl::getData16SlowCase): + (WTF::StringImpl::containsOnlyWhitespace): + (WTF::StringImpl::substring): + (WTF::StringImpl::characterStartingAt): + (WTF::StringImpl::lower): + (WTF::StringImpl::upper): + (WTF::StringImpl::fill): + (WTF::StringImpl::foldCase): + (WTF::StringImpl::stripMatchedCharacters): + (WTF::StringImpl::removeCharacters): + (WTF::StringImpl::simplifyMatchedCharactersToSpace): + (WTF::StringImpl::toIntStrict): + (WTF::StringImpl::toUIntStrict): + (WTF::StringImpl::toInt64Strict): + (WTF::StringImpl::toUInt64Strict): + (WTF::StringImpl::toIntPtrStrict): + (WTF::StringImpl::toInt): + (WTF::StringImpl::toUInt): + (WTF::StringImpl::toInt64): + (WTF::StringImpl::toUInt64): + (WTF::StringImpl::toIntPtr): + (WTF::StringImpl::toDouble): + (WTF::StringImpl::toFloat): + (WTF::equal): + (WTF::equalIgnoringCase): + (WTF::StringImpl::find): + (WTF::StringImpl::findIgnoringCase): + (WTF::StringImpl::reverseFind): + (WTF::StringImpl::replace): + (WTF::StringImpl::defaultWritingDirection): + (WTF::StringImpl::adopt): + (WTF::StringImpl::createWithTerminatingNullCharacter): + * wtf/text/StringImpl.h: + (WTF::StringImpl::StringImpl): + (WTF::StringImpl::create): + (WTF::StringImpl::create8): + (WTF::StringImpl::tryCreateUninitialized): + (WTF::StringImpl::flagsOffset): + (WTF::StringImpl::flagIs8Bit): + (WTF::StringImpl::dataOffset): + (WTF::StringImpl::is8Bit): + (WTF::StringImpl::characters8): + (WTF::StringImpl::characters16): + (WTF::StringImpl::characters): + (WTF::StringImpl::has16BitShadow): + (WTF::StringImpl::setHash): + (WTF::StringImpl::hash): + (WTF::StringImpl::copyChars): + (WTF::StringImpl::operator[]): + (WTF::StringImpl::find): + (WTF::StringImpl::findIgnoringCase): + (WTF::equal): + (WTF::equalIgnoringCase): + (WTF::StringImpl::isolatedCopy): + * wtf/text/WTFString.cpp: + (WTF::String::String): + (WTF::String::append): + (WTF::String::format): + (WTF::String::fromUTF8): + (WTF::String::fromUTF8WithLatin1Fallback): + * wtf/text/WTFString.h: + (WTF::String::find): + (WTF::String::findIgnoringCase): + (WTF::String::contains): + (WTF::String::append): + (WTF::String::fromUTF8): + (WTF::String::fromUTF8WithLatin1Fallback): + (WTF::operator==): + (WTF::operator!=): + (WTF::equalIgnoringCase): + * wtf/unicode/Unicode.h: + * yarr/YarrJIT.cpp: + (JSC::Yarr::execute): + * yarr/YarrJIT.h: + (JSC::Yarr::YarrCodeBlock::execute): + * yarr/YarrParser.h: + (JSC::Yarr::Parser::Parser): + +2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com> + + Fixing windows build + + Unreviewed build fix + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com> + + Add ability to check for presence of static members at compile time + https://bugs.webkit.org/show_bug.cgi?id=70986 + + Reviewed by Geoffrey Garen. + + Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the + HAS_MEMBER_NAMED macro to use that template to check if the specified class + does indeed have a method with that name. This mechanism is not currently + used anywhere, but will be in the future when adding virtual methods from + JSObject to the MethodTable. + + * runtime/ClassInfo.h: + +2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSCell::toThisObject + https://bugs.webkit.org/show_bug.cgi?id=70958 + + Reviewed by Geoffrey Garen. + + Converted all instances of toThisObject to static functions, + added toThisObject to the MethodTable, and replaced all call sites + with a corresponding lookup in the MethodTable. + + * API/JSContextRef.cpp: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/ClassInfo.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::toThisObject): + * runtime/JSActivation.h: + * runtime/JSCell.cpp: + (JSC::JSCell::toThisObject): + * runtime/JSCell.h: + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC::JSObject::toThisObject): + * runtime/JSObject.h: + (JSC::JSValue::toThisObject): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::toThisObject): + * runtime/JSStaticScopeObject.h: + * runtime/JSString.cpp: + (JSC::JSString::toThisObject): + * runtime/JSString.h: + * runtime/StrictEvalActivation.cpp: + (JSC::StrictEvalActivation::toThisObject): + * runtime/StrictEvalActivation.h: + +2011-10-27 Yuqiang Xian <yuqiang.xian@intel.com> + + Fix a small bug in callOperation after r98431 + https://bugs.webkit.org/show_bug.cgi?id=70984 + + Reviewed by Geoffrey Garen. + + TrustedImmPtr is not expecting "int" type parameters. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + +2011-10-26 Oliver Hunt <oliver@apple.com> + + Restore structure-clearing behaviour of allocateCell<> + https://bugs.webkit.org/show_bug.cgi?id=70976 + + Reviewed by Geoffrey Garen. + + This restores the logic that allows the markstack to filter + live objects that have not yet been initialised. + + * runtime/JSCell.h: + (JSC::JSCell::clearStructure): + Validation-safe method to clear a cell's structure. + (JSC::allocateCell): + Call the above method. + * runtime/Structure.h: + (JSC::MarkStack::internalAppend): + Don't visit cells that haven't been initialised. + +2011-10-26 Filip Pizlo <fpizlo@apple.com> + + REGRESSION (r97030): Cannot log in to progressive.com + https://bugs.webkit.org/show_bug.cgi?id=70094 + + Reviewed by Oliver Hunt. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleCall): + +2011-10-26 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove getOwnPropertySlotVirtual + https://bugs.webkit.org/show_bug.cgi?id=70741 + + Reviewed by Geoffrey Garen. + + Removed all declarations and definitions of getOwnPropertySlotVirtual. + Also replaced all call sites to getOwnPropertyVirtualVirtual with a + corresponding lookup in the MethodTable. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertyDescriptor): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::getOwnPropertySlot): + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + * runtime/Arguments.h: + * runtime/ArrayConstructor.cpp: + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + * runtime/ArrayPrototype.h: + * runtime/BooleanPrototype.cpp: + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.cpp: + * runtime/DateConstructor.h: + * runtime/DatePrototype.cpp: + * runtime/DatePrototype.h: + (JSC::DatePrototype::create): + * runtime/ErrorPrototype.cpp: + * runtime/ErrorPrototype.h: + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertySlotByIndex): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertyDescriptor): + (JSC::JSFunction::getOwnPropertyNames): + (JSC::JSFunction::put): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::Stringifier::Holder::appendNextProperty): + (JSC::Walker::walk): + * runtime/JSONObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::getOwnPropertySlotByIndex): + (JSC::JSObject::hasOwnProperty): + * runtime/JSObject.h: + (JSC::JSCell::fastGetOwnPropertySlot): + (JSC::JSObject::getPropertySlot): + (JSC::JSValue::get): + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: + * runtime/JSString.cpp: + (JSC::JSString::getOwnPropertySlot): + * runtime/JSString.h: + * runtime/MathObject.cpp: + * runtime/MathObject.h: + (JSC::MathObject::create): + * runtime/NumberConstructor.cpp: + * runtime/NumberConstructor.h: + * runtime/NumberPrototype.cpp: + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + * runtime/ObjectConstructor.h: + * runtime/ObjectPrototype.cpp: + * runtime/ObjectPrototype.h: + * runtime/RegExpConstructor.cpp: + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::createStructure): + * runtime/RegExpObject.cpp: + * runtime/RegExpObject.h: + * runtime/RegExpPrototype.cpp: + * runtime/RegExpPrototype.h: + * runtime/StringConstructor.cpp: + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + * runtime/StringObject.h: + * runtime/StringPrototype.cpp: + * runtime/StringPrototype.h: + +2011-10-26 Alejandro G. Castro <alex@igalia.com> + + [GTK] [WK2] Add WebKit2 distcheck support + https://bugs.webkit.org/show_bug.cgi?id=70933 + + Reviewed by Martin Robinson. + + * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list. + +2011-10-26 Michael Saboff <msaboff@apple.com> + + Increase StringImpl Flag Bits for 8 bit Strings + https://bugs.webkit.org/show_bug.cgi?id=70937 + + Increased the number of bits used for flags in StringImpl + from 6 to 8 bits. This frees up 2 flag bits that will be + used for 8-bit string support. Updated hash methods accordingly. + Changed hash value masking from the low bits to the high + bits. + + Reviewed by Darin Adler. + + * create_hash_table: + * wtf/StringHasher.h: + (WTF::StringHasher::hash): + * wtf/text/StringImpl.h: + +2011-10-26 Dan Bernstein <mitz@apple.com> + + Build fix. + + Reverted r98488, which caused the scripts’ status messages to be included in the generated + files. + + * create_hash_table: + * create_jit_stubs: + +2011-10-26 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> + + Don't print regular output to STDERR when generating hashtables and JIT stubs + + Reviewed by Simon Hausmann. + + * create_hash_table: + * create_jit_stubs: + +2011-10-25 Gavin Barraclough <barraclough@apple.com> + + Split DFGJITCodeGenerator::callOperation methods + https://bugs.webkit.org/show_bug.cgi?id=70870 + + Reviewed by Filip Pizlo. + + The DFGJITCodeGenerator currently contains two sets of callOperation methods. + One set works with the JSVALUE64 value representation and passes arguments in + registers (suitable for use on x86-64), and one set works with the JSVALUE32_64 + value representation and passes arguments in memory (suitable for use on x86). + By refactoring out the representation and calling convention specific aspects + of the code we can also configure the DFG JIT to operator on platforms that use + the JSVALUE32_64 value representation but pass arguments in registers. + + On platforms supported by the JIT, the payload precedes the tag of a value in + argument/result ordering, as such, in order to make the setupResults method + generally applicable to return the results of a function that are returned in + two registers, the ordering of arguments to this function has been reversed - + as is the ordering of augments passed to setupArguments methods, with respect + to the ordering with which they are passed in to callOperation. + This inconsistency will be resolved in a later change when we combine the pairs + of arguments passed into callOperation, such that the function signatures can + be made consistent across the two value representations (the callOperation + methods will be passed a reference to a struct representing the JSValue + temporary, this will consist of two gprs on 32_64 and one on 64). + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::resetCallArguments): + (JSC::DFG::addCallArgument): + - moved, removed tag,payload version of this method. + (JSC::DFG::setupArguments): + (JSC::DFG::setupArgumentsExecState): + (JSC::DFG::setupArgumentsWithExecState): + - Calling convention specific portion of callOperation refactored out into these methods. + (JSC::DFG::callOperation): + - updated these methods to use setupArguments* methods. + (JSC::DFG::setupResults): + - setupResults is now passed payload,tag. + (JSC::DFG::appendCallWithExceptionCheckSetResult): + - Added fpr versions of this function. + (JSC::DFG::appendCallSetResult): + - Added versions of this function without exception check. + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + - setupResults is now passed payload,tag. + +2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove deletePropertyVirtual + https://bugs.webkit.org/show_bug.cgi?id=70738 + + Reviewed by Geoffrey Garen. + + Removed all declarations and definitions of deletePropertyVirtual. + Also replaced all call sites to deletePropertyVirtual with a + corresponding lookup in the MethodTable. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::deletePropertyByIndex): + * API/JSObjectRef.cpp: + (JSObjectDeleteProperty): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::deleteProperty): + * debugger/DebuggerActivation.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Arguments.cpp: + * runtime/Arguments.h: + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncPop): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::deleteProperty): + (JSC::JSArray::deletePropertyByIndex): + * runtime/JSArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::deleteProperty): + (JSC::JSCell::deletePropertyByIndex): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::Walker::walk): + * runtime/JSObject.cpp: + (JSC::JSObject::deletePropertyByIndex): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + * runtime/JSVariableObject.cpp: + * runtime/JSVariableObject.h: + * runtime/RegExpMatchesArray.h: + * runtime/StrictEvalActivation.cpp: + * runtime/StrictEvalActivation.h: + * runtime/StringObject.cpp: + * runtime/StringObject.h: + +2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove putVirtual + https://bugs.webkit.org/show_bug.cgi?id=70740 + + Reviewed by Geoffrey Garen. + + Removed all declarations and definitions of putVirtual. + Also replaced all call sites to putVirtual with a + corresponding lookup in the MethodTable. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + * API/JSObjectRef.cpp: + (JSObjectSetProperty): + (JSObjectSetPropertyAtIndex): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::put): + * debugger/DebuggerActivation.h: + * dfg/DFGOperations.cpp: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::privateExecute): + * jsc.cpp: + (GlobalObject::finishCreation): + * runtime/Arguments.cpp: + * runtime/Arguments.h: + * runtime/ArrayPrototype.cpp: + (JSC::putProperty): + (JSC::arrayProtoFuncConcat): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::putSlowCase): + (JSC::JSArray::push): + (JSC::JSArray::shiftCount): + (JSC::JSArray::unshiftCount): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::put): + (JSC::JSCell::putByIndex): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::Walker::walk): + * runtime/JSObject.cpp: + (JSC::JSObject::putByIndex): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + (JSC::JSValue::put): + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: + * runtime/ObjectPrototype.cpp: + * runtime/ObjectPrototype.h: + * runtime/RegExpConstructor.cpp: + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + * runtime/RegExpObject.cpp: + * runtime/RegExpObject.h: + * runtime/StringObject.cpp: + * runtime/StringObject.h: + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncSplit): + +2011-10-25 Gavin Barraclough <barraclough@apple.com> + + Separate out function linking & exception check data structures. + https://bugs.webkit.org/show_bug.cgi?id=70858 + + Reviewed by Oliver Hunt. + + This will make it easier to refactor the callOperation methods to spilt the value + representation specific handling from the cpu/calling-convention implementation. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::appendCallWithExceptionCheck): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (JSC::DFG::CallLinkRecord::CallLinkRecord): + (JSC::DFG::CallExceptionRecord::CallExceptionRecord): + (JSC::DFG::JITCompiler::JITCompiler): + (JSC::DFG::JITCompiler::notifyCall): + (JSC::DFG::JITCompiler::appendCall): + (JSC::DFG::JITCompiler::addExceptionCheck): + (JSC::DFG::JITCompiler::addFastExceptionCheck): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + +2011-10-25 Filip Pizlo <fpizlo@apple.com> + + Tiered compilation may introduce dangling pointers in constant buffers + https://bugs.webkit.org/show_bug.cgi?id=70854 + + Reviewed by Oliver Hunt. + + Tiered compilation now copies constant buffers, which fixes the regression in + https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this + regression relies on a subtle interleaving of optimized compilation and garbage + collection, and cannot be reproduced in a simple test. + + This also adds some new debug support, which was used to fix this bug and is + likely to be useful in the future. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::copyDataFrom): + (JSC::CodeBlock::usesOpcode): + * bytecode/CodeBlock.h: + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + +2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com> + + Fixing Windows build after r98367 + + Unreviewed build fix + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-10-25 Yuqiang Xian <yuqiang.xian@intel.com> + + Add missing DFG file entries to the make lists for GTK and Qt ports + https://bugs.webkit.org/show_bug.cgi?id=70806 + + Reviewed by Darin Adler. + + * GNUmakefile.list.am: + * JavaScriptCore.pro: + +2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com> + + Add getOwnPropertySlot to MethodTable + https://bugs.webkit.org/show_bug.cgi?id=69807 + + Reviewed by Oliver Hunt. + + * JavaScriptCore.exp: + * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable. + * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can + reference it in their MethodTables. + +2011-10-25 Oliver Hunt <oliver@apple.com> + + Need to support marking of multiple nested codeblocks when compiling + https://bugs.webkit.org/show_bug.cgi?id=70832 + + Reviewed by Gavin Barraclough. + + When inlining a function we end up with multiple codeblocks being + compiled at the same time, so we need to support a list of live + codeblocks. + + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::startedCompiling): + (JSC::JSGlobalData::finishedCompiling): + +2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger + https://bugs.webkit.org/show_bug.cgi?id=70798 + + Reviewed by Filip Pizlo. + + When filling an integer for a known integer node (not speculated), it + should accept DataFormatJSInteger as well. + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + +2011-10-24 Geoffrey Garen <ggaren@apple.com> + + Build fix: removed some cases of threadsafeCopy() that I missed in + my previous patch. + + * JavaScriptCore.order: + +2011-10-24 Geoffrey Garen <ggaren@apple.com> + + Removed SharedUChar and tightened language around its previous uses + https://bugs.webkit.org/show_bug.cgi?id=70698 + + Reviewed by David Levin. + + - Removed SharedUChar because most of its functionality has moved into + other abstraction layers, and we want remaining clients to choose their + abstractions explicitly instead of relying on StringImpl to provide this + behavior implicitly, since we think they can sometimes make more efficient + choices. + + - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because + the former names could give the impression that the resulting object was + thread-safe, but actually it's just an isolated copy, which is not + thread-safe by itself, but can be used to implement a thread-safe + algorithm through isolation. + + * wtf/CrossThreadRefCounted.h: Removed. + + * JavaScriptCore.exp: Export! + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above. + + * wtf/text/StringImpl.h: + (WTF::StringImpl::length): Ditto. + + (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial. + + * wtf/text/WTFString.cpp: + (WTF::String::isolatedCopy): + * wtf/text/WTFString.h: Updated for StringImpl changes. + + * API/OpaqueJSString.h: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.order: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + * wtf/OwnFastMallocPtr.h: + * wtf/RefCounted.h: + * wtf/SizeLimits.cpp: + * wtf/ThreadSafeRefCounted.h: + * wtf/wtf.pri: + * yarr/YarrPattern.h: Updated these files to accomodate removal of + CrossThreadRefCounted.h. + +2011-10-24 Oliver Hunt <oliver@apple.com> + + Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*) + https://bugs.webkit.org/show_bug.cgi?id=70689 + + Reviewed by Filip Pizlo. + + While performing codegen we need to make the GlobalData explicitly + aware of the codeblock being compiled, as compilation may trigger GC + and CodeBlock holds GC values, but has not yet been assigned to its + owner executable. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + (JSC::BytecodeGenerator::~BytecodeGenerator): + * bytecompiler/BytecodeGenerator.h: + * heap/AllocationSpace.cpp: + (JSC::AllocationSpace::allocateSlowCase): + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::startedCompiling): + (JSC::JSGlobalData::finishedCompiling): + +2011-10-24 Filip Pizlo <fpizlo@apple.com> + + Object-or-other branch speculation may corrupt the state for OSR if the child of the + branch is an integer + https://bugs.webkit.org/show_bug.cgi?id=70777 + + Reviewed by Oliver Hunt. + + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + +2011-10-24 Filip Pizlo <fpizlo@apple.com> + + op_new_array_buffer is not inlined correctly + https://bugs.webkit.org/show_bug.cgi?id=70770 + + Reviewed by Oliver Hunt. + + Disabled inlining of op_new_array_buffer, for now. + + * dfg/DFGCapabilities.h: + (JSC::DFG::canInlineOpcode): + +2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com> + + Add boolean speculations to DFG JIT 32_64 + https://bugs.webkit.org/show_bug.cgi?id=70706 + + Reviewed by Filip Pizlo. + + Different from the boolean speculations in DFG 64, the boolean + speculations in DFG 32_64 will use a 32bit GPR to hold the primitive + boolean instead of a JSBoolean. This choice is not only for + performance, but also to save a register as we're short of registers on + X86. + To accomplish this we make use of DataFormatBoolean, allow a value to + be represented as a primitive boolean and converted from/to a + JSBoolean. + This patch also fixes SpillOrder in 32_64, which should be different + from 64, and fixes needDataFormatConversion logic in 32_64. + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::branchTest32): + We don't expect byte test actually as it doesn't work for registers + esp..edi on X86. + * dfg/DFGGenerationInfo.h: + (JSC::DFG::needDataFormatConversion): + (JSC::DFG::GenerationInfo::initBoolean): + (JSC::DFG::GenerationInfo::gpr): + (JSC::DFG::GenerationInfo::fillInteger): + (JSC::DFG::GenerationInfo::fillBoolean): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::checkConsistency): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::use): + (JSC::DFG::JITCodeGenerator::silentSpillGPR): + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::spill): + (JSC::DFG::cellResult): + (JSC::DFG::booleanResult): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + (JSC::DFG::ValueRecovery::dump): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueSource::forPrediction): + (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean): + (JSC::DFG::ValueRecovery::inGPR): + (JSC::DFG::ValueRecovery::gpr): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com> + + Fixing Windows build + + Unreviewed build fix + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com> + + BitVector isInline check could fail + https://bugs.webkit.org/show_bug.cgi?id=70691 + + Reviewed by Geoffrey Garen. + + Current BitVector uses the highest bit of m_bitsOrPointer to indicate + whether it's an inlined bit set or a pointer to an outOfLine bit set. + This check may fail in case the pointer also has the highest bit set, + which is surely possible on IA32 (Linux). + In this case the check failure can result in unexpected behaviors, + for example if the BitVector is incorrectly determined as having an + inlined bit set, then setting a bit exceeding maxInlineBits will wrongly + modify the memory adjacent to the BitVector object. + This fix is to use the lowest bit of m_bitsOrPointer to indicate inline + or outofline, based on the assumption that the pointer to OutOfLineBits + should be 4 or 8 byte aligned. + We could mark the lowest bit (bit 0) with 1 for inlined bit set, + and bits 1~bitsInPointer are used for bit set/test. + In this case we need do one bit more shift for bit set/test. + + * wtf/BitVector.cpp: + (WTF::BitVector::resizeOutOfLine): + * wtf/BitVector.h: + (WTF::BitVector::quickGet): + (WTF::BitVector::quickSet): + (WTF::BitVector::quickClear): + (WTF::BitVector::makeInlineBits): + (WTF::BitVector::isInline): + +2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com> + + Rename static getOwnPropertySlot to getOwnPropertySlotByIndex + https://bugs.webkit.org/show_bug.cgi?id=70271 + + Reviewed by Darin Adler. + + Renaming versions of getOwnPropertySlot that use an unsigned as the property + name to "getOwnPropertySlotByIndex" in preparation for adding them to the + MethodTable, which requires unique names for each method. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertySlotVirtual): + (JSC::Arguments::getOwnPropertySlotByIndex): + * runtime/Arguments.h: + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertySlotVirtual): + (JSC::JSArray::getOwnPropertySlotByIndex): + (JSC::JSArray::getOwnPropertySlot): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::getOwnPropertySlotVirtual): + (JSC::JSByteArray::getOwnPropertySlotByIndex): + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getOwnPropertySlotVirtual): + (JSC::JSCell::getOwnPropertySlotByIndex): + * runtime/JSCell.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::getOwnPropertySlotVirtual): + (JSC::JSNotAnObject::getOwnPropertySlotByIndex): + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::getOwnPropertySlotVirtual): + (JSC::JSObject::getOwnPropertySlotByIndex): + * runtime/JSObject.h: + * runtime/JSString.cpp: + (JSC::JSString::getOwnPropertySlotVirtual): + (JSC::JSString::getOwnPropertySlotByIndex): + * runtime/JSString.h: + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::getOwnPropertySlotVirtual): + (JSC::ObjectPrototype::getOwnPropertySlotByIndex): + * runtime/ObjectPrototype.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual): + (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): + * runtime/StringObject.cpp: + (JSC::StringObject::getOwnPropertySlotVirtual): + (JSC::StringObject::getOwnPropertySlotByIndex): + * runtime/StringObject.h: + +2011-10-24 Patrick Gansterer <paroga@webkit.org> + + Interpreter build fix after r98179. + + * bytecode/CodeBlock.h: + Moved CodeBlock::baselineVersion() into ENABLE(JIT) block, + since it is only used there. + +2011-10-23 Geoffrey Garen <ggaren@apple.com> + + Fixed a typo Darin spotted. + + * wtf/StringHasher.h: + (WTF::StringHasher::hash): Expelliarmus! + +2011-10-23 Geoffrey Garen <ggaren@apple.com> + + Removed StringImpl::createStrippingNullCharacters + https://bugs.webkit.org/show_bug.cgi?id=70700 + + Reviewed by David Levin. + + It was unused. + + * JavaScriptCore.exp: + * wtf/text/StringImpl.cpp: + * wtf/text/StringImpl.h: + +2011-10-22 Filip Pizlo <fpizlo@apple.com> + + DFG should inline constructors + https://bugs.webkit.org/show_bug.cgi?id=70675 + + Reviewed by Oliver Hunt. + + Adds support for inlining constructors. Also fixes two pathologies + uncovered along the way: CheckMethod claimed that it never returned a + result (causing CheckMethod -> SetLocal -> GetLocal sequences to + result in the GetLocal doing OSR exit), and get_by_id parsing never + checked if it was hot in slow path. Also fiddled with inlining + heuristics; it appears that for now, the more inlining, the happier + V8 is. Finally, a bug was uncovered where a silent spill of a boxed + integer that had previously been spilled unboxed causes the silent + fill to forget to unbox. + + This appears to be a 4% speed-up on V8 in their harness, or a 1% + speed-up in my harness. The difference is due to warm-up: in my + harness we see significant amounts of time spent in compilation, but + in V8's harness compilation gets amortizes. Profiling indicates that + we have the potential for a 5% win from basic optimizations like + generating OSR exits lazily and holding onto bytecode longer. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleCall): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::handleMinMax): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGCapabilities.h: + (JSC::DFG::mightInlineFunctionForConstruct): + (JSC::DFG::canInlineOpcode): + (JSC::DFG::mightInlineFunctionFor): + (JSC::DFG::canInlineFunctionFor): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillGPR): + * runtime/Executable.h: + (JSC::isCall): + (JSC::ExecutableBase::intrinsicFor): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: + +2011-10-23 Noel Gordon <noel.gordon@gmail.com> + + [chromium] Remove RopeImpl.{h,cpp} from the gyp projects + https://bugs.webkit.org/show_bug.cgi?id=70703 + + Reviewed by Kent Tamura. + + runtime/RopeImpl.{h,cpp} were removed in r97872, remove references + to these files from the gyp project files. + + * JavaScriptCore.gypi: + +2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com> + + Add deleteProperty to the MethodTable + https://bugs.webkit.org/show_bug.cgi?id=70162 + + Reviewed by Sam Weinig. + + * JavaScriptCore.exp: + * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable. + * runtime/JSFunction.h: Changed JSFunction::deleteProperty to + be protected rather than private for subclasses who don't provide their own + implementation. + +2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove getConstructDataVirtual + https://bugs.webkit.org/show_bug.cgi?id=70638 + + Reviewed by Darin Adler. + + Removed all declarations and definitions of getConstructDataVirtual. + Also replaced all call sites to getConstructDataVirtual with a + corresponding lookup in the MethodTable. + + * API/JSCallbackConstructor.cpp: + * API/JSCallbackConstructor.h: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + * API/JSObjectRef.cpp: + (JSObjectIsConstructor): + (JSObjectCallAsConstructor): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * dfg/DFGOperations.cpp: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArrayConstructor.cpp: + * runtime/ArrayConstructor.h: + * runtime/BooleanConstructor.cpp: + * runtime/BooleanConstructor.h: + * runtime/DateConstructor.cpp: + * runtime/DateConstructor.h: + * runtime/Error.h: + (JSC::StrictModeTypeErrorFunction::getConstructData): + * runtime/ErrorConstructor.cpp: + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + * runtime/FunctionConstructor.h: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + * runtime/JSObject.h: + (JSC::getConstructData): + * runtime/NativeErrorConstructor.cpp: + * runtime/NativeErrorConstructor.h: + * runtime/NumberConstructor.cpp: + * runtime/NumberConstructor.h: + * runtime/ObjectConstructor.cpp: + * runtime/ObjectConstructor.h: + * runtime/RegExpConstructor.cpp: + * runtime/RegExpConstructor.h: + * runtime/StringConstructor.cpp: + * runtime/StringConstructor.h: + +2011-10-23 Geoffrey Garen <ggaren@apple.com> + + Try to fix the SL build. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast + away int vs unisgned warning. + +2011-10-21 Geoffrey Garen <ggaren@apple.com> + + Separated string lifetime bits from character buffer state bits + https://bugs.webkit.org/show_bug.cgi?id=70673 + + Reviewed by Anders Carlsson. + + Moved the static/immortal bit into the bottom bit of the refcount, and + moved all other bits into the high bits of the hash code. + + This is the first step toward a new Characters/PassString class, and it + makes ref/deref slightly more efficient. + + * create_hash_table: + * wtf/StringHasher.h: + (WTF::StringHasher::hash): Tweaked the string hashing function to leave + the top bits clear, so they can be used as flags. + + Fixed some small differences between the PERL copy of this function and + the C++ copy of this function, which could have in theory caused subtle + crashes. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::sharedBuffer): + (WTF::StringImpl::createWithTerminatingNullCharacter): + * wtf/text/StringImpl.h: + (WTF::StringImpl::StringImpl): + (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to + s_didReportExtraCost, since the original name was both self-contradictory + and used as a double-negative. + + (WTF::StringImpl::isIdentifier): + (WTF::StringImpl::setIsIdentifier): + (WTF::StringImpl::hasTerminatingNullCharacter): + (WTF::StringImpl::isAtomic): + (WTF::StringImpl::setIsAtomic): + (WTF::StringImpl::setHash): + (WTF::StringImpl::rawHash): + (WTF::StringImpl::hasHash): + (WTF::StringImpl::existingHash): + (WTF::StringImpl::hash): + (WTF::StringImpl::hasOneRef): + (WTF::StringImpl::ref): + (WTF::StringImpl::deref): + (WTF::StringImpl::bufferOwnership): + (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom + bit of the refcount. Now, all lifetime information lives in the refcount + field. Moved the other bits into the hash code field. + +2011-10-21 Filip Pizlo <fpizlo@apple.com> + + DFG inlining sometimes fails to reset constant references + https://bugs.webkit.org/show_bug.cgi?id=70668 + + Reviewed by Anders Carlsson. + + Reset constant references when we need to (new block created) and not + when we don't (change of inlining depth). + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::prepareToParseBlock): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + +2011-10-21 Filip Pizlo <fpizlo@apple.com> + + DFG should have inlining + https://bugs.webkit.org/show_bug.cgi?id=69996 + + Reviewed by Oliver Hunt. + + Implements inlining that's hooked into the bytecode parser. Only + works for calls, for now, though nothing fundamentally prevents us + from inlining constructor calls. 2% overall speed-up on all + benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and + richards respectively), neutral on Kraken and SunSpider. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::baselineVersion): + (JSC::CodeBlock::setInstructionCount): + (JSC::CodeBlock::likelyToTakeSlowCase): + (JSC::CodeBlock::couldTakeSlowCase): + (JSC::CodeBlock::likelyToTakeSpecialFastCase): + (JSC::CodeBlock::likelyToTakeDeepestSlowCase): + (JSC::CodeBlock::likelyToTakeAnySlowCase): + * bytecode/CodeOrigin.h: + (JSC::CodeOrigin::inlineDepthForCallFrame): + (JSC::CodeOrigin::inlineDepth): + (JSC::CodeOrigin::operator==): + (JSC::CodeOrigin::inlineStack): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::generate): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::beginBasicBlock): + (JSC::DFG::AbstractState::execute): + (JSC::DFG::AbstractState::mergeStateAtTail): + * dfg/DFGBasicBlock.h: + (JSC::DFG::BasicBlock::BasicBlock): + (JSC::DFG::BasicBlock::ensureLocals): + (JSC::DFG::UnlinkedBlock::UnlinkedBlock): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::getDirect): + (JSC::DFG::ByteCodeParser::get): + (JSC::DFG::ByteCodeParser::setDirect): + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::flush): + (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry): + (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand): + (JSC::DFG::ByteCodeParser::handleInlining): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::linkBlock): + (JSC::DFG::ByteCodeParser::linkBlocks): + (JSC::DFG::ByteCodeParser::handleSuccessor): + (JSC::DFG::ByteCodeParser::determineReachability): + (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGCapabilities.cpp: + (JSC::DFG::canHandleOpcodes): + (JSC::DFG::canCompileOpcodes): + (JSC::DFG::canInlineOpcodes): + * dfg/DFGCapabilities.h: + (JSC::DFG::mightCompileEval): + (JSC::DFG::mightCompileProgram): + (JSC::DFG::mightCompileFunctionForCall): + (JSC::DFG::mightCompileFunctionForConstruct): + (JSC::DFG::mightInlineFunctionForCall): + (JSC::DFG::mightInlineFunctionForConstruct): + (JSC::DFG::canInlineOpcode): + (JSC::DFG::canInlineOpcodes): + (JSC::DFG::canInlineFunctionForCall): + (JSC::DFG::canInlineFunctionForConstruct): + * dfg/DFGGraph.cpp: + (JSC::DFG::printWhiteSpace): + (JSC::DFG::Graph::dumpCodeOrigin): + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::GetBytecodeBeginForBlock::operator()): + (JSC::DFG::Graph::blockIndexForBytecodeOffset): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::decodedCodeMapFor): + (JSC::DFG::JITCompiler::linkOSRExits): + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::debugCall): + (JSC::DFG::JITCompiler::baselineCodeBlockFor): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasVariableAccessData): + (JSC::DFG::Node::shouldGenerate): + * dfg/DFGOperands.h: + (JSC::DFG::Operands::ensureLocals): + (JSC::DFG::Operands::setLocal): + (JSC::DFG::Operands::getLocal): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * interpreter/CallFrame.cpp: + (JSC::CallFrame::trueCallerFrameSlow): + * jit/JITCall.cpp: + (JSC::JIT::compileOpCallSlowCase): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Executable.cpp: + (JSC::FunctionExecutable::baselineCodeBlockFor): + (JSC::FunctionExecutable::produceCodeBlockFor): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (JSC::FunctionExecutable::profiledCodeBlockFor): + (JSC::FunctionExecutable::parameterCount): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: + * runtime/JSFunction.h: + +2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com> + + Add put to the MethodTable + https://bugs.webkit.org/show_bug.cgi?id=70439 + + Reviewed by Oliver Hunt. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable. + * runtime/JSFunction.h: Changed access modifier for put to protected since some + subclasses of JSFunction need to reference it in their MethodTables. + +2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com> + + Add finalizer to JSObject + https://bugs.webkit.org/show_bug.cgi?id=70336 + + Reviewed by Darin Adler. + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::callDestructor): Skip the call to the destructor + if we're a JSFinalObject, since the finalizer takes care of things. + * runtime/JSCell.h: + (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with + future changes and the fact that we no longer always call the destructor, making + the information provided less useful. + * runtime/JSObject.cpp: + (JSC::JSObject::finalize): Add finalizer for JSObject. + (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line + property storage, we add a finalizer to ourself. + * runtime/JSObject.h: + +2011-10-21 Simon Hausmann <simon.hausmann@nokia.com> + + Remove QtScript source code from WebKit. + https://bugs.webkit.org/show_bug.cgi?id=64088 + + Reviewed by Tor Arne Vestbø. + + Removed dead code that isn't developed anymore. + + * JavaScriptCore.gypi: + * JavaScriptCore.pri: + * qt/api/QtScript.pro: Removed. + * qt/api/qscriptconverter_p.h: Removed. + * qt/api/qscriptengine.cpp: Removed. + * qt/api/qscriptengine.h: Removed. + * qt/api/qscriptengine_p.cpp: Removed. + * qt/api/qscriptengine_p.h: Removed. + * qt/api/qscriptfunction.cpp: Removed. + * qt/api/qscriptfunction_p.h: Removed. + * qt/api/qscriptoriginalglobalobject_p.h: Removed. + * qt/api/qscriptprogram.cpp: Removed. + * qt/api/qscriptprogram.h: Removed. + * qt/api/qscriptprogram_p.h: Removed. + * qt/api/qscriptstring.cpp: Removed. + * qt/api/qscriptstring.h: Removed. + * qt/api/qscriptstring_p.h: Removed. + * qt/api/qscriptsyntaxcheckresult.cpp: Removed. + * qt/api/qscriptsyntaxcheckresult.h: Removed. + * qt/api/qscriptsyntaxcheckresult_p.h: Removed. + * qt/api/qscriptvalue.cpp: Removed. + * qt/api/qscriptvalue.h: Removed. + * qt/api/qscriptvalue_p.h: Removed. + * qt/api/qscriptvalueiterator.cpp: Removed. + * qt/api/qscriptvalueiterator.h: Removed. + * qt/api/qscriptvalueiterator_p.h: Removed. + * qt/api/qtscriptglobal.h: Removed. + * qt/benchmarks/benchmarks.pri: Removed. + * qt/benchmarks/benchmarks.pro: Removed. + * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed. + * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed. + * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed. + * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed. + * qt/tests/qscriptengine/qscriptengine.pro: Removed. + * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed. + * qt/tests/qscriptstring/qscriptstring.pro: Removed. + * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed. + * qt/tests/qscriptvalue/qscriptvalue.pro: Removed. + * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed. + * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed. + * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed. + * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed. + * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed. + * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed. + * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed. + * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed. + * qt/tests/tests.pri: Removed. + * qt/tests/tests.pro: Removed. + +2011-10-21 Zheng Liu <zheng.z.liu@intel.com> + + bytecompiler sometimes generates incorrect bytecode for put_by_id + https://bugs.webkit.org/show_bug.cgi?id=70403 + + Reviewed by Filip Pizlo. + + * bytecompiler/NodesCodegen.cpp: + (JSC::AssignDotNode::emitBytecode): + (JSC::AssignBracketNode::emitBytecode): + +2011-10-20 Filip Pizlo <fpizlo@apple.com> + + DFG should not try to predict argument types by looking at the values of + argument registers at the time of compilation + https://bugs.webkit.org/show_bug.cgi?id=70578 + + Reviewed by Oliver Hunt. + + * bytecode/CodeBlock.cpp: + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + (JSC::DFG::tryCompile): + (JSC::DFG::tryCompileFunction): + * dfg/DFGDriver.h: + (JSC::DFG::tryCompileFunction): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGGraph.h: + * runtime/Executable.cpp: + (JSC::FunctionExecutable::compileOptimizedForCall): + (JSC::FunctionExecutable::compileOptimizedForConstruct): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (JSC::FunctionExecutable::compileForCall): + (JSC::FunctionExecutable::compileForConstruct): + (JSC::FunctionExecutable::compileFor): + (JSC::FunctionExecutable::compileOptimizedFor): + +2011-10-20 Filip Pizlo <fpizlo@apple.com> + + DFG call optimization handling will fail if the call had been unlinked due + to the callee being optimized + https://bugs.webkit.org/show_bug.cgi?id=70468 + + Reviewed by Geoff Garen. + + If a call had ever been linked, we remember this fact as well as the function + to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are + called. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeBlock.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgLinkFor): + * jit/JIT.cpp: + (JSC::JIT::linkFor): + +2011-10-20 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG JIT 32_64 - Fix ByteArray speculation + https://bugs.webkit.org/show_bug.cgi?id=70571 + + Reviewed by Filip Pizlo. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueSource::forPrediction): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-20 Vincent Scheib <scheib@chromium.org> + + MouseLock compile and run time flags. + https://bugs.webkit.org/show_bug.cgi?id=70530 + + Reviewed by Darin Fisher. + + * wtf/Platform.h: + +2011-10-20 Mark Hahnenberg <mhahnenberg@apple.com> + + Rename static deleteProperty to deletePropertyByIndex + https://bugs.webkit.org/show_bug.cgi?id=70257 + + Reviewed by Geoffrey Garen. + + Renaming versions of deleteProperty that use an unsigned as the property + name to "deletePropertyByIndex" in preparation for adding them to the + MethodTable, which requires unique names for each method. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::deletePropertyVirtual): + (JSC::::deletePropertyByIndex): + * runtime/Arguments.cpp: + (JSC::Arguments::deletePropertyVirtual): + (JSC::Arguments::deletePropertyByIndex): + * runtime/Arguments.h: + * runtime/JSArray.cpp: + (JSC::JSArray::deletePropertyVirtual): + (JSC::JSArray::deletePropertyByIndex): + * runtime/JSArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::deletePropertyVirtual): + (JSC::JSCell::deletePropertyByIndex): + * runtime/JSCell.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::deletePropertyVirtual): + (JSC::JSNotAnObject::deletePropertyByIndex): + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::deletePropertyVirtual): + (JSC::JSObject::deletePropertyByIndex): + * runtime/JSObject.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::deletePropertyVirtual): + (JSC::RegExpMatchesArray::deletePropertyByIndex): + +2011-10-20 Filip Pizlo <fpizlo@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=70482 + DFG-related stubs in the old JIT should not be built if the DFG is disabled + + Reviewed by Zoltan Herczeg. + + Aiming for a slight code size/build time reduction if the DFG is not in + play. This should also make further DFG development slightly easier since + the bodies of these JIT stubs can now safely refer to things that are only + declared when the DFG is enabled. + + * jit/JITStubs.cpp: + * jit/JITStubs.h: + +2011-10-19 Filip Pizlo <fpizlo@apple.com> + + DFG ConvertThis emits slow code when the source node is known to be, + but not predicted to be, a final object + https://bugs.webkit.org/show_bug.cgi?id=70466 + + Reviewed by Oliver Hunt. + + Added a new case in ConvertThis compilation. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-19 Filip Pizlo <fpizlo@apple.com> + + Optimization triggers in the old JIT may sometimes fire repeatedly even + though there is no optimization to be done + https://bugs.webkit.org/show_bug.cgi?id=70467 + + Reviewed by Oliver Hunt. + + If optimize_from_ret does nothing, it delays the next optimization trigger. + This is performance-neutral. + + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Heuristics.cpp: + (JSC::Heuristics::initializeHeuristics): + +2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble + https://bugs.webkit.org/show_bug.cgi?id=70460 + + Reviewed by Filip Pizlo. + + As pointed out by Gavin in bug #70418, when a value is already in memory + we can avoid loading it to two GPRs at first and then unboxing them to a FPR. + This gives 9% improvement on Kraken if without the change in bug #70418, + and 1% if based on the code with bug #70418 change. + Performance is neutral in V8 and SunSpider. + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + +2011-10-19 Gavin Barraclough <barraclough@apple.com> + + Poisoning of strict caller,arguments inappropriately poisoning "in" + https://bugs.webkit.org/show_bug.cgi?id=63398 + + Reviewed by Oliver Hunt. + + This fixes the problem by correctly implementing the spec - + the error should actually be being thrown from a standard JS getter/setter. + This implements spec correct behaviour for strict mode JS functions & bound + functions, I'll follow up with a patch to do the same for arguments. + + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::finishCreation): + - Add the poisoned caller/arguments properties. + * runtime/JSBoundFunction.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::finishCreation): + (JSC::JSFunction::getOwnPropertySlot): + (JSC::JSFunction::getOwnPropertyDescriptor): + (JSC::JSFunction::put): + - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter. + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::createThrowTypeError): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::throwTypeErrorGetterSetter): + - Add a ThrowTypeError type, per ES5 13.2.3. + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncThrowTypeError): + * runtime/JSGlobalObjectFunctions.h: + - Implementation of ThrowTypeError. + * runtime/JSObject.cpp: + (JSC::JSObject::initializeGetterSetterProperty): + * runtime/JSObject.h: + - This function adds a new property (must not exist already) that is an initialized getter/setter. + +2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG JIT 32_64 - improve double boxing/unboxing + https://bugs.webkit.org/show_bug.cgi?id=70418 + + Reviewed by Gavin Barraclough. + + Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently, + which tries to exchange data through memory. + On X86 some SSE instructions can help us on such operations with better performance. + This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider, + and 2% on V8, tested on Linux X86 (Core i7 Nehalem). + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::lshiftPacked): + (JSC::MacroAssemblerX86Common::rshiftPacked): + (JSC::MacroAssemblerX86Common::orPacked): + (JSC::MacroAssemblerX86Common::moveInt32ToPacked): + (JSC::MacroAssemblerX86Common::movePackedToInt32): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movd_rr): + (JSC::X86Assembler::psllq_i8r): + (JSC::X86Assembler::psrlq_i8r): + (JSC::X86Assembler::por_rr): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::boxDouble): + (JSC::DFG::JITCodeGenerator::unboxDouble): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::boxDouble): + (JSC::DFG::JITCompiler::unboxDouble): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::convertToDouble): + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-19 Gyuyoung Kim <gyuyoung.kim@samsung.com> + + [EFL] Fix DSO linkage of wtf_efl. + + Unreviewed build fix. + + Need to add -ldl to jsc_efl (requested by dladdr). + + * wtf/CMakeListsEfl.txt: + +2011-10-19 Geoffrey Garen <ggaren@apple.com> + + Removed StringImplBase, fusing it into StringImpl + https://bugs.webkit.org/show_bug.cgi?id=70443 + + Reviewed by Gavin Barraclough. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.order: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + * wtf/text/StringImpl.h: + (WTF::StringImpl::StringImpl): + (WTF::StringImpl::ref): + (WTF::StringImpl::length): + * wtf/text/StringImplBase.h: Removed. + * wtf/wtf.pri: Removed! + +2011-10-19 Mark Hahnenberg <mhahnenberg@apple.com> + + Add getConstructData to the MethodTable + https://bugs.webkit.org/show_bug.cgi?id=70163 + + Reviewed by Geoffrey Garen. + + Adding getConstructData to the MethodTable in order to be able to + remove all calls to getConstructDataVirtual soon. Part of the process + of de-virtualizing JSCell. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/ClassInfo.h: + +2011-10-18 Oliver Hunt <oliver@apple.com> + + Support CanvasPixelArray in the DFG + https://bugs.webkit.org/show_bug.cgi?id=70384 + + Reviewed by Filip Pizlo. + + Add support for the old CanvasPixelArray optimisations to the + DFG. This removes the regression seen in the DFG when using + a CPA. + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::store8): + (JSC::MacroAssemblerX86Common::truncateDoubleToInt32): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movb_rm): + (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8): + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + (JSC::predictionFromClassInfo): + * bytecode/PredictedType.h: + (JSC::isByteArrayPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::initialize): + (JSC::DFG::AbstractState::execute): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateByteArray): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::compileClampDoubleToByte): + (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSByteArray.h: + (JSC::JSByteArray::offsetOfStorage): + * wtf/ByteArray.cpp: + * wtf/ByteArray.h: + (WTF::ByteArray::offsetOfSize): + (WTF::ByteArray::offsetOfData): + +2011-10-18 Geoffrey Garen <ggaren@apple.com> + + Some rope cleanup following r97827 + https://bugs.webkit.org/show_bug.cgi?id=70398 + + Reviewed by Oliver Hunt. + + 9% speedup on date-format-xparb, neutral overall. + + - Removed RopeImpl*. + - Removed JSString::m_fiberCount, since this can be deduced from other data. + - Renamed a jsString() variant to jsStringFromArguments for clarity. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.order: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): + (JSC::DFG::SpeculativeJIT::compileGetByValOnString): + * jit/JITInlineMethods.h: + (JSC::JIT::emitLoadCharacterString): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::stringGetByValStubGenerator): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::stringGetByValStubGenerator): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::loadJSStringArgument): + * jit/ThunkGenerators.cpp: + (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead + of testing m_fiberCount, since m_fiberCount is gone now. + + * runtime/JSString.cpp: + (JSC::JSString::RopeBuilder::expand): + (JSC::JSString::visitChildren): + (JSC::JSString::resolveRope): + (JSC::JSString::resolveRopeSlowCase): + (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber + in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now. + + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + (JSC::RopeBuilder::finishCreation): + (JSC::RopeBuilder::offsetOfLength): + (JSC::RopeBuilder::isRope): + (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed + jsString => jsStringFromArguments for clarity. + + * runtime/Operations.h: + (JSC::jsStringFromArguments): Renamed. + + * runtime/RopeImpl.cpp: Removed. + * runtime/RopeImpl.h: Removed. + + * runtime/SmallStrings.cpp: + (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty, + which is slightly faster. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncConcat): Updated for rename. + + * wtf/text/StringImplBase.h: + (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid + StringImpl, since this was only used by RopeImpl, which is now gone. + +2011-10-19 Rafael Antognolli <antognolli@profusion.mobi> + + [EFL] Fix DSO linkage of jsc_efl. + https://bugs.webkit.org/show_bug.cgi?id=70412 + + Unreviewed build fix. + + Need to add -ldl to jsc_efl (requested by dladdr). + + * shell/CMakeListsEfl.txt: + +2011-10-18 Geoffrey Garen <ggaren@apple.com> + + Rolled out last Windows build fix because it was wrong. + +2011-10-18 Geoffrey Garen <ggaren@apple.com> + + Rolled out last Windows build fix because it was wrong. + +2011-10-18 Geoffrey Garen <ggaren@apple.com> + + Try to fix part of the Windows build. + + Export! + +2011-10-18 Geoffrey Garen <ggaren@apple.com> + + Switched ropes from malloc memory to GC memory + https://bugs.webkit.org/show_bug.cgi?id=70364 + + Reviewed by Gavin Barraclough. + + ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings + having C++ destructors. + + * heap/MarkStack.cpp: + (JSC::visitChildren): Call the JSString visitChildren function now, + since it's no longer a no-op. + + * runtime/JSString.cpp: + (JSC::JSString::~JSString): Moved this destructor out of line because + it's called virtually, so there's no value to inlining. + + (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin + initializing wrapper around JSString. JSString now represents ropes + directly, rather than relying on an underlying malloc object. + + (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC + objects now. + + (JSC::JSString::resolveRope): + (JSC::JSString::resolveRopeSlowCase): + (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead + of malloc objects. + + (JSC::JSString::replaceCharacter): Removed optimizations for substringing + ropes and replacing subsections of ropes. We want to reimplement versions + of these optimizations in the future, but this patch already has good + performance without them. + + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + (JSC::RopeBuilder::finishCreation): + (JSC::RopeBuilder::createNull): + (JSC::RopeBuilder::create): + (JSC::RopeBuilder::createHasOtherOwner): + (JSC::jsSingleCharacterString): + (JSC::jsSingleCharacterSubstring): + (JSC::jsNontrivialString): + (JSC::jsString): + (JSC::jsSubstring): + (JSC::jsOwnedString): Lots of mechanical changes here. The two important + things are: (1) The fibers in JSString::m_fibers are JSStrings now, not + malloc objects; (2) I simplified the JSString constructor interface to + only accept PassRefPtr<StringImpl>, instead of variations on that like + UString, reducing refcount churn. + + * runtime/JSValue.h: + * runtime/JSValue.cpp: + (JSC::JSValue::toPrimitiveString): Updated this function to return a + JSString instead of a UString, since that's what clients want now. + + * runtime/Operations.cpp: + (JSC::jsAddSlowCase): + * runtime/Operations.h: + (JSC::jsString): + * runtime/SmallStrings.cpp: + (JSC::SmallStrings::createEmptyString): Updated for interface changes above. + + * runtime/StringConstructor.cpp: + (JSC::constructWithStringConstructor): + * runtime/StringObject.h: + (JSC::StringObject::create): Don't create a new JSString if we already + have a JSString. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncConcat): Updated for interface changes above. + +2011-10-18 Gavin Barraclough <barraclough@apple.com> + + Errrk, fix partial commit of r97825! + + * runtime/DatePrototype.cpp: + (JSC::dateProtoFuncToISOString): + +2011-10-18 Gavin Barraclough <barraclough@apple.com> + + Date.prototype.toISOString fails to throw exception + https://bugs.webkit.org/show_bug.cgi?id=70394 + + Reviewed by Sam Weinig. + + * runtime/DatePrototype.cpp: + (JSC::dateProtoFuncToISOString): + - Should throw a range error if the internal value is not finite. + +2011-10-18 Mark Hahnenberg <mhahnenberg@apple.com> + + Rename static put to putByIndex + https://bugs.webkit.org/show_bug.cgi?id=70281 + + Reviewed by Geoffrey Garen. + + Renaming versions of deleteProperty that use an unsigned as the property + name to "deletePropertyByIndex" in preparation for adding them to the + MethodTable, which requires unique names for each method. + + * dfg/DFGOperations.cpp: + (JSC::DFG::putByVal): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Arguments.cpp: + (JSC::Arguments::putVirtual): + (JSC::Arguments::putByIndex): + * runtime/Arguments.h: + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncMap): + * runtime/JSArray.cpp: + (JSC::JSArray::put): + (JSC::JSArray::putVirtual): + (JSC::JSArray::putByIndex): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::putVirtual): + (JSC::JSByteArray::putByIndex): + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::putVirtual): + (JSC::JSCell::putByIndex): + * runtime/JSCell.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::putVirtual): + (JSC::JSNotAnObject::putByIndex): + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::putVirtual): + (JSC::JSObject::putByIndex): + * runtime/JSObject.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpMatchesArray::fillArrayInstance): + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::putVirtual): + (JSC::RegExpMatchesArray::putByIndex): + +2011-10-18 Gavin Barraclough <barraclough@apple.com> + + Array.prototype methods missing exception checks + https://bugs.webkit.org/show_bug.cgi?id=70360 + + Reviewed by Geoff Garen. + + Missing exception checks after calls to the static getProperty helper, + these may result in the wrong exception being thrown (or an ASSERT being hit, + as is currently the case running test-262). + + No performance impact. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncConcat): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + (JSC::arrayProtoFuncIndexOf): + (JSC::arrayProtoFuncLastIndexOf): + +2011-10-18 Adam Barth <abarth@webkit.org> + + Always enable ENABLE(XPATH) + https://bugs.webkit.org/show_bug.cgi?id=70217 + + Reviewed by Eric Seidel. + + * Configurations/FeatureDefines.xcconfig: + +2011-10-18 Gavin Barraclough <barraclough@apple.com> + + Indexed arguments on the Arguments object should be enumerable. + https://bugs.webkit.org/show_bug.cgi?id=70302 + + Reviewed by Sam Weinig. + + See ECMA-262 5.1 chapter 10.6 step 11b. + This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in. + + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertyDescriptor): + - The 'enumerable' property should be true for indexed arguments. + (JSC::Arguments::getOwnPropertyNames): + - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'. + +2011-10-18 Gustavo Noronha Silva <gns@gnome.org> + + Fix distcheck. + + * GNUmakefile.list.am: fix a typo and add a missing header to the + list. + +2011-10-18 Balazs Kelemen <kbalazs@webkit.org> + + ParallelJobs: maximum number of threads should be determined dynamically + https://bugs.webkit.org/show_bug.cgi?id=68540 + + Reviewed by Zoltan Herczeg. + + Add logic to determine the number of cores and use this as + the maximum number of threads. The implementation currently + covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD. + The patch was tested on Linux, Mac and Windows which was enough to + cover all code path. It should work on the rest accoring to the + documentation of those OS's. The hard coded constant is still used + on uncovered OS's which should be fixed in the future. + + * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber + argument because clients should always fill it and the 0 default value + was incorrect anyway. + (WTF::ParallelJobs::ParallelJobs): + * wtf/ParallelJobsGeneric.cpp: + (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads): + * wtf/ParallelJobsGeneric.h: + (WTF::ParallelEnvironment::ParallelEnvironment): + +2011-10-17 Gavin Barraclough <barraclough@apple.com> + + Reverted r997709, this caused test failures. + + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSObject.cpp: + (JSC::JSObject::hasProperty): + (JSC::JSObject::hasOwnProperty): + +2011-10-17 Ryosuke Niwa <rniwa@webkit.org> + + Rename deregister* to unregister* + https://bugs.webkit.org/show_bug.cgi?id=70272 + + Reviewed by Darin Adler. + + Renamed deregisterWeakMap to unregisterWeakMap. + + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::unregisterWeakMap): + +2011-10-17 Gavin Barraclough <barraclough@apple.com> + + Poisoning of strict caller/arguments inappropriately poisoning "in" + https://bugs.webkit.org/show_bug.cgi?id=63398 + + Reviewed by Sam Weinig. + + The problem here is that the has[Own]Property methods get the slot rather than + the descriptor, and getting the slot may cause the property to be eagerly accessed. + + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + - We don't expect hasProperty to ever throw. If it does, it won't get caught + (since it is after the exception check), so ASSERT to guard against this. + * runtime/JSObject.cpp: + (JSC::JSObject::hasProperty): + (JSC::JSObject::hasOwnProperty): + - These methods should not check for the presence of the descriptor; never get the value. + +2011-10-17 Gavin Barraclough <barraclough@apple.com> + + Exception ordering in String.prototype.replace + https://bugs.webkit.org/show_bug.cgi?id=70290 + + If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called. + + Reviewed by Oliver Hunt. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncReplace): + +2011-10-17 Filip Pizlo <fpizlo@apple.com> + + DFG bytecode parser should understand inline stacks + https://bugs.webkit.org/show_bug.cgi?id=70278 + + Reviewed by Oliver Hunt. + + The DFG bytecode parser is now capable of parsing multiple code blocks at + once. This remains turned off since not all inlining functionality is + implemented. + + This required making a few changes elsewhere in the system. The bytecode + parser now may do some of the same things that the bytecode generator does, + like allocating constants and identifiers. Basic block linking relies on + bytecode indices, which are only meaningful within the context of one basic + block. This is fine, so long as linking is done eagerly whenever switching + from one code block to another. + + * bytecode/CodeOrigin.h: + (JSC::CodeOrigin::CodeOrigin): + * bytecompiler/BytecodeGenerator.h: + * dfg/DFGBasicBlock.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::get): + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::getThis): + (JSC::DFG::ByteCodeParser::setThis): + (JSC::DFG::ByteCodeParser::currentCodeOrigin): + (JSC::DFG::ByteCodeParser::getPrediction): + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::makeDivSafe): + (JSC::DFG::ByteCodeParser::InlineStackEntry::executable): + (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry): + (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::linkBlock): + (JSC::DFG::ByteCodeParser::linkBlocks): + (JSC::DFG::ByteCodeParser::setupPredecessors): + (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + (JSC::DFG::ByteCodeParser::parseCodeBlock): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.h: + (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock): + (JSC::DFG::GetBytecodeBeginForBlock::operator()): + (JSC::DFG::Graph::blockIndexForBytecodeOffset): + * dfg/DFGNode.h: + * runtime/Identifier.h: + (JSC::IdentifierMapIndexHashTraits::emptyValue): + * runtime/JSValue.h: + * wtf/StdLibExtras.h: + (WTF::binarySearchWithFunctor): + +2011-10-17 Gavin Barraclough <barraclough@apple.com> + + Incorrect behavior from String match/search & undefined pattern + https://bugs.webkit.org/show_bug.cgi?id=70286 + + Reviewed by Sam weinig. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncMatch): + - In case of undefined, pattern is "". + (JSC::stringProtoFuncSearch): + - In case of undefined, pattern is "". + +2011-10-17 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=70207 + After deleting __defineSetter__, it is absent but appears in name list + + Reviewed by Darin Adler. + + * runtime/JSObject.cpp: + (JSC::JSObject::getOwnPropertyNames): + - This should check whether static functions have been reified. + +2011-10-17 Geoffrey Garen <ggaren@apple.com> + + Mac build fix. + + * JavaScriptCore.exp: Export! + +2011-10-17 Geoffrey Garen <ggaren@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export! + +2011-10-17 Geoffrey Garen <ggaren@apple.com> + + Windows build fix. + + * heap/HandleStack.cpp: Added a missing #include. + +2011-10-17 Geoffrey Garen <ggaren@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no + longer existant symbol. + + * heap/MarkStack.cpp: + (JSC::MarkStackArray::shrinkAllocation): Cast to the right type. + +2011-10-17 Geoffrey Garen <ggaren@apple.com> + + Simplified GC marking logic + https://bugs.webkit.org/show_bug.cgi?id=70258 + + Reviewed by Filip Pizlo. + + No perf. change. + + This is a first step toward GC allocating string backing stores, starting + with ropes. It also enables future simplifications and optimizations. + + - Replaced some complex mark stack logic with a simple linear stack of + JSCell pointers. + + - Replaced logic for short-circuiting marking based on JSType and/or + Structure flags with special cases for object, array, and string. + + - Fiddled with inlining for better codegen. + + * JavaScriptCore.exp: + * heap/HandleStack.cpp: Build! + + * heap/Heap.cpp: + (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking. + + * heap/HeapRootVisitor.h: Removed unused functions that no longer build. + + * heap/MarkStack.cpp: + (JSC::MarkStackArray::MarkStackArray): + (JSC::MarkStackArray::~MarkStackArray): + (JSC::MarkStackArray::expand): + (JSC::MarkStackArray::shrinkAllocation): + (JSC::MarkStack::reset): + (JSC::visitChildren): + (JSC::SlotVisitor::drain): + * heap/MarkStack.h: + (JSC::MarkStack::MarkStack): + (JSC::MarkStack::~MarkStack): + (JSC::MarkStackArray::append): + (JSC::MarkStackArray::removeLast): + (JSC::MarkStackArray::isEmpty): + (JSC::MarkStack::append): + (JSC::MarkStack::appendUnbarrieredPointer): + (JSC::MarkStack::internalAppend): Replaced complex mark set logic with + simple linear stack. + + * heap/SlotVisitor.h: + (JSC::SlotVisitor::SlotVisitor): Updated for above changes. + + * runtime/JSArray.cpp: + (JSC::JSArray::visitChildren): + * runtime/JSArray.h: + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): + * runtime/JSObject.h: Don't inline visitChildren; it's too big. + + * runtime/Structure.h: + (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType + because it prevented strings from owning GC pointers. + + * runtime/WriteBarrier.h: + (JSC::MarkStack::appendValues): No need to validate; internalAppend will + do that for us. + +2011-10-17 Adam Roben <aroben@apple.com> + + Windows build fix after r97536, part 3 + + * runtime/JSAPIValueWrapper.h: + * runtime/JSObject.h: + Use JS_EXPORTDATA to export the s_info members. + +2011-10-17 Adam Roben <aroben@apple.com> + + Interpreter build fix after r97564 + + * runtime/Executable.cpp: + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used + there. + +2011-10-17 Adam Roben <aroben@apple.com> + + Windows build fix after r97536, part 2 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back + JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I + was at it. + +2011-10-17 Adam Roben <aroben@apple.com> + + Windows build fix after r97536 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of + JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of + s_info members, which need to be exported via JS_EXPORTDATA instead. + +2011-10-17 Patrick Gansterer <paroga@webkit.org> + + Interpreter build fix after r97436, r97506, r97532 and r97537. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + +2011-10-16 Adam Barth <abarth@webkit.org> + + Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code + https://bugs.webkit.org/show_bug.cgi?id=70216 + + Reviewed by Eric Seidel. + + * wtf/Platform.h: + +2011-10-16 Noel Gordon <noel.gordon@gmail.com> + + [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files + https://bugs.webkit.org/show_bug.cgi?id=70205 + + Reviewed by James Robinson. + + wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557. + wtf/gtk/ThreadingGtk.cpp was removed in r97269. + + * JavaScriptCore.gypi: + +2011-10-16 Adam Barth <abarth@webkit.org> + + Always enable ENABLE(DOM_STORAGE) + https://bugs.webkit.org/show_bug.cgi?id=70189 + + Reviewed by Eric Seidel. + + * Configurations/FeatureDefines.xcconfig: + +2011-10-15 Dan Horák <dan@danny.cz> + + The s390 and s390x architectures both use 64-bit double type + that conforms to the IEEE-754 standard. + + https://bugs.webkit.org/show_bug.cgi?id=69940 + + Reviewed by Gavin Barraclough. + + * wtf/dtoa/utils.h: + +2011-10-14 Filip Pizlo <fpizlo@apple.com> + + FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks + https://bugs.webkit.org/show_bug.cgi?id=70157 + + Reviewed by Geoff Garen. + + Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal() + and compileForConstructInternal() to use this method. This required more cleanly + exposing some of CodeBlock's tiering functionality and moving the CompilationKind + enum to Executable.h, as this was the easiest way to make it available to the + declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::copyDataFrom): + (JSC::CodeBlock::copyDataFromAlternative): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::setAlternative): + * bytecompiler/BytecodeGenerator.h: + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::produceCodeBlockFor): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (JSC::FunctionExecutable::codeBlockFor): + +2011-10-15 Laszlo Gombos <laszlo.1.gombos@nokia.com> + + [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port + https://bugs.webkit.org/show_bug.cgi?id=69920 + + Reviewed by Kenneth Rohde Christiansen. + + * JavaScriptCore.pri: + * JavaScriptCore.pro: + * heap/MarkStack.h: + (JSC::::shrinkAllocation): + * jit/ExecutableAllocator.cpp: + * jit/ExecutableAllocator.h: + (JSC::ExecutableAllocator::cacheFlush): + * jit/JITStubs.cpp: + * jsc.pro: + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + * runtime/DatePrototype.cpp: + (JSC::formatLocaleDate): + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncLastIndexOf): + * runtime/TimeoutChecker.cpp: + (JSC::getCPUTime): + * wtf/Assertions.cpp: + * wtf/Assertions.h: + * wtf/Atomics.h: + * wtf/MathExtras.h: + * wtf/OSAllocator.h: + (WTF::OSAllocator::decommitAndRelease): + * wtf/OSAllocatorSymbian.cpp: Removed. + * wtf/OSRandomSource.cpp: + (WTF::cryptographicallyRandomValuesFromOS): + * wtf/PageAllocation.h: + * wtf/PageAllocatorSymbian.h: Removed. + * wtf/PageBlock.cpp: + * wtf/Platform.h: + * wtf/StackBounds.cpp: + * wtf/wtf.pri: + +2011-10-15 Yuqiang Xian <yuqiang.xian@intel.com> + + Trivial fix for a missing change in r97512 + https://bugs.webkit.org/show_bug.cgi?id=70166 + + Reviewed by Gavin Barraclough. + + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::link): + +2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com> + + Rename getOwnPropertySlot to getOwnPropertySlotVirtual + https://bugs.webkit.org/show_bug.cgi?id=69810 + + Reviewed by Geoffrey Garen. + + Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual + in preparation for when we add the static getOwnPropertySlot to the MethodTable + in ClassInfo. + + Also added a few static getOwnPropertySlot functions where they had been overlooked + before (especially in CodeGeneratorJS.pm). + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertySlotVirtual): + (JSC::::getOwnPropertySlot): + (JSC::::getOwnPropertyDescriptor): + (JSC::::staticFunctionGetter): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::getOwnPropertySlotVirtual): + (JSC::DebuggerActivation::getOwnPropertySlot): + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertySlotVirtual): + (JSC::Arguments::getOwnPropertySlot): + * runtime/Arguments.h: + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::getOwnPropertySlotVirtual): + (JSC::ArrayConstructor::getOwnPropertySlot): + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::getOwnPropertySlotVirtual): + * runtime/ArrayPrototype.h: + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::getOwnPropertySlotVirtual): + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::getOwnPropertySlotVirtual): + * runtime/DateConstructor.h: + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::getOwnPropertySlotVirtual): + * runtime/DatePrototype.h: + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::getOwnPropertySlotVirtual): + * runtime/ErrorPrototype.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::getOwnPropertySlotVirtual): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertySlotVirtual): + (JSC::JSArray::getOwnPropertySlot): + * runtime/JSArray.h: + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::getOwnPropertySlotVirtual): + * runtime/JSBoundFunction.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::getOwnPropertySlotVirtual): + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getOwnPropertySlotVirtual): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertySlotVirtual): + (JSC::JSFunction::getOwnPropertyDescriptor): + (JSC::JSFunction::getOwnPropertyNames): + (JSC::JSFunction::put): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::getOwnPropertySlotVirtual): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::hasOwnPropertyForWrite): + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::getOwnPropertySlotVirtual): + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::Stringifier::Holder::appendNextProperty): + (JSC::JSONObject::getOwnPropertySlotVirtual): + (JSC::Walker::walk): + * runtime/JSONObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::getOwnPropertySlotVirtual): + (JSC::JSObject::getOwnPropertySlot): + (JSC::JSObject::hasOwnProperty): + * runtime/JSObject.h: + (JSC::JSObject::getOwnPropertySlotVirtual): + (JSC::JSCell::fastGetOwnPropertySlot): + (JSC::JSObject::getPropertySlot): + (JSC::JSValue::get): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual): + * runtime/JSStaticScopeObject.h: + * runtime/JSString.cpp: + (JSC::JSString::getOwnPropertySlotVirtual): + (JSC::JSString::getOwnPropertySlot): + * runtime/JSString.h: + * runtime/Lookup.h: + (JSC::getStaticPropertySlot): + (JSC::getStaticFunctionSlot): + (JSC::getStaticValueSlot): + * runtime/MathObject.cpp: + (JSC::MathObject::getOwnPropertySlotVirtual): + * runtime/MathObject.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getOwnPropertySlotVirtual): + * runtime/NumberConstructor.h: + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::getOwnPropertySlotVirtual): + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::getOwnPropertySlotVirtual): + * runtime/ObjectConstructor.h: + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::getOwnPropertySlotVirtual): + * runtime/ObjectPrototype.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::getOwnPropertySlotVirtual): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::getOwnPropertySlotVirtual): + * runtime/RegExpObject.h: + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::getOwnPropertySlotVirtual): + * runtime/RegExpPrototype.h: + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::getOwnPropertySlotVirtual): + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + (JSC::StringObject::getOwnPropertySlotVirtual): + * runtime/StringObject.h: + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::getOwnPropertySlotVirtual): + * runtime/StringPrototype.h: + +2011-10-14 Gavin Barraclough <baraclough@apple.com> + + Most built-in properties are not deletable + https://bugs.webkit.org/show_bug.cgi?id=61014 + + Reviewed by Filip Pizlo. + + Our static hash tables don't allow for deleting properties. + This is the cause of a bunch of expected failures in LayoutTests/sputnik. + + This fixes the problem by reifying all static functions immediately prior + to the first deletion. Reification is tracked by a flag on the structure, + so properties will no longer 'bounce-back' on later access. + + Theoretically there could probably also be an issue with custom accessor + properties, but we probably do not really require any of these to be + Configurable anyway. I'll follow up with a separate patch to address this. + + * runtime/ClassInfo.h: + (JSC::ClassInfo::hasStaticProperties): + - detects static property tables. + * runtime/JSObject.cpp: + (JSC::JSObject::deleteProperty): + - call reifyStaticFunctions before deletion. + (JSC::JSObject::reifyStaticFunctions): + - If the class has static functions, set them up now. + * runtime/JSObject.h: + (JSC::JSObject::staticFunctionsReified): + - returns true if static functions have been reified, + and as such should no longer be added. + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + - If static functions have been reified do not add. + * runtime/Lookup.h: + (JSC::HashTable::ConstIterator::ConstIterator): + (JSC::HashTable::ConstIterator::operator->): + (JSC::HashTable::ConstIterator::operator*): + (JSC::HashTable::ConstIterator::operator!=): + (JSC::HashTable::ConstIterator::operator++): + (JSC::HashTable::ConstIterator::skipInvalidKeys): + (JSC::HashTable::begin): + (JSC::HashTable::end): + (JSC::getStaticPropertySlot): + (JSC::getStaticPropertyDescriptor): + (JSC::getStaticFunctionSlot): + (JSC::getStaticFunctionDescriptor): + - setUpStaticFunctionSlot may not add, returns a bool. + (JSC::lookupPut): + - remove redundant branch. + * runtime/Structure.cpp: + (JSC::Structure::Structure): + - initialize new flag in constructors. + * runtime/Structure.h: + (JSC::Structure::staticFunctionsReified): + (JSC::Structure::setStaticFunctionsReified): + - added flag + +2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com> + + Rename virtual put to putVirtual + https://bugs.webkit.org/show_bug.cgi?id=69851 + + Reviewed by Darin Adler. + + Renamed virtual versions of put to putVirtual in prepration for + adding the static put to the MethodTable in ClassInfo since the + compiler gets mad if the virtual and static versions have the same + name. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::putVirtual): + * API/JSObjectRef.cpp: + (JSObjectSetProperty): + (JSObjectSetPropertyAtIndex): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::putVirtual): + (JSC::DebuggerActivation::put): + * debugger/DebuggerActivation.h: + * dfg/DFGOperations.cpp: + (JSC::DFG::putByVal): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jsc.cpp: + (GlobalObject::finishCreation): + * runtime/Arguments.cpp: + (JSC::Arguments::putVirtual): + * runtime/Arguments.h: + * runtime/ArrayPrototype.cpp: + (JSC::putProperty): + (JSC::arrayProtoFuncConcat): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + * runtime/JSActivation.cpp: + (JSC::JSActivation::putVirtual): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::putVirtual): + (JSC::JSArray::putSlowCase): + (JSC::JSArray::push): + (JSC::JSArray::shiftCount): + (JSC::JSArray::unshiftCount): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::putVirtual): + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::putVirtual): + (JSC::JSCell::put): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::putVirtual): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::putVirtual): + (JSC::JSGlobalObject::putWithAttributes): + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::putVirtual): + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::Walker::walk): + * runtime/JSObject.cpp: + (JSC::JSObject::putVirtual): + (JSC::JSObject::put): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + (JSC::JSValue::put): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::putVirtual): + * runtime/JSStaticScopeObject.h: + * runtime/Lookup.h: + (JSC::lookupPut): + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::putVirtual): + * runtime/ObjectPrototype.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpMatchesArray::fillArrayInstance): + (JSC::RegExpConstructor::putVirtual): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::putVirtual): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::putVirtual): + * runtime/RegExpObject.h: + * runtime/StringObject.cpp: + (JSC::StringObject::putVirtual): + * runtime/StringObject.h: + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncSplit): + +2011-10-13 Filip Pizlo <fpizlo@apple.com> + + Reflective Arguments retrieval should be hardened for the + possibility of inlining + https://bugs.webkit.org/show_bug.cgi?id=70068 + + Reviewed by Oliver Hunt. + + CodeBlock can now track, as part of its RareData, the virtual inline + stack at callsites. CallFrame walking can now rematerialize "inline" + CallFrames by combining the meta-data in CodeBlock with the information + already in the JS stack. Arguments can now safely retrieve the + arguments from inline CallFrames. + + The DFG already had the notion of a "CodeOrigin" in preparation for + inlining. This notion will now be saved into the CodeBlock, if the DFG + had done inlining. So, CodeOrigin has been moved to bytecode/ and has + been changed to behave more like a struct since that is how it's + meant to be used. + + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.h: + (JSC::CodeBlock::inlineCallFrames): + (JSC::CodeBlock::codeOrigins): + (JSC::CodeBlock::hasCodeOrigins): + (JSC::CodeBlock::codeOriginForReturn): + * bytecode/CodeOrigin.h: Added. + (JSC::CodeOrigin::CodeOrigin): + (JSC::CodeOrigin::isSet): + (JSC::getCallReturnOffsetForCodeOrigin): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGNode.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * interpreter/CallFrame.cpp: + (JSC::CallFrame::isInlineCallFrame): + (JSC::CallFrame::trueCallerFrame): + * interpreter/CallFrame.h: + (JSC::ExecState::inlineCallFrame): + (JSC::ExecState::setInlineCallFrame): + (JSC::ExecState::isInlineCallFrame): + (JSC::ExecState::trueCallerFrame): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::findFunctionCallFrame): + * interpreter/Register.h: + (JSC::Register::operator=): + (JSC::Register::inlineCallFrame): + * runtime/Arguments.h: + (JSC::Arguments::getArgumentsData): + (JSC::Arguments::finishCreationButDontCopyRegisters): + (JSC::Arguments::finishCreation): + (JSC::Arguments::finishCreationAndCopyRegisters): + * runtime/Executable.h: + (JSC::FunctionExecutable::parameterCount): + +2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com> + + Rename virtual deleteProperty to deletePropertyVirtual + https://bugs.webkit.org/show_bug.cgi?id=69884 + + Reviewed by Darin Adler. + + Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for + adding the static deleteProperty to the MethodTable in ClassInfo since the + compiler gets mad if the virtual and static versions have the same name. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::deletePropertyVirtual): + (JSC::::deleteProperty): + * API/JSObjectRef.cpp: + (JSObjectDeleteProperty): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::deletePropertyVirtual): + (JSC::DebuggerActivation::deleteProperty): + * debugger/DebuggerActivation.h: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Arguments.cpp: + (JSC::Arguments::deletePropertyVirtual): + * runtime/Arguments.h: + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncPop): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + * runtime/JSActivation.cpp: + (JSC::JSActivation::deletePropertyVirtual): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::deletePropertyVirtual): + (JSC::JSArray::deleteProperty): + * runtime/JSArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::deletePropertyVirtual): + (JSC::JSCell::deleteProperty): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::deletePropertyVirtual): + * runtime/JSFunction.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::deletePropertyVirtual): + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::Walker::walk): + * runtime/JSObject.cpp: + (JSC::JSObject::deletePropertyVirtual): + (JSC::JSObject::deleteProperty): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::deletePropertyVirtual): + * runtime/JSVariableObject.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::deletePropertyVirtual): + * runtime/StrictEvalActivation.cpp: + (JSC::StrictEvalActivation::deletePropertyVirtual): + * runtime/StrictEvalActivation.h: + * runtime/StringObject.cpp: + (JSC::StringObject::deletePropertyVirtual): + * runtime/StringObject.h: + +2011-10-14 Peter Beverloo <peter@chromium.org> + + [Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo + https://bugs.webkit.org/show_bug.cgi?id=70028 + + Reviewed by Adam Barth. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-10-14 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG JIT 32_64 - Performance fix for ResolveGlobal + https://bugs.webkit.org/show_bug.cgi?id=70096 + + Reviewed by Gavin Barraclough. + + Structure check of global object should be a pointer comparison + instead of a tag and payload pair comparison. This fix improves + SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X. + Also two trivial fixes for successful 32-bit build are included. + + * dfg/DFGSpeculativeJIT.cpp: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-13 Filip Pizlo <fpizlo@apple.com> + + Speculation failures in ValueToInt32 are causing a 2x slow-down + in Kraken/stanford-crypto-pbkdf2 + https://bugs.webkit.org/show_bug.cgi?id=70089 + + Reviewed by Gavin Barraclough. + + If we can't truncate to Int32 using machine code, then don't fail + speculation. Just call JSC::toInt32. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileValueToInt32): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com> + + Rename virtual getConstructData to getConstructDataVirtual + https://bugs.webkit.org/show_bug.cgi?id=69872 + + Reviewed by Geoffrey Garen. + + Renamed virtual getConstructData functions to getConstructDataVirtual to + avoid conflicts when we add static getConstructData to the MethodTable. + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::getConstructDataVirtual): + * API/JSCallbackConstructor.h: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::getConstructDataVirtual): + * API/JSObjectRef.cpp: + (JSObjectIsConstructor): + (JSObjectCallAsConstructor): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::getConstructDataVirtual): + * runtime/ArrayConstructor.h: + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::getConstructDataVirtual): + * runtime/BooleanConstructor.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::getConstructDataVirtual): + * runtime/DateConstructor.h: + * runtime/Error.h: + (JSC::StrictModeTypeErrorFunction::getConstructDataVirtual): + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::getConstructDataVirtual): + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::getConstructDataVirtual): + * runtime/FunctionConstructor.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getConstructDataVirtual): + * runtime/JSCell.h: + (JSC::getConstructData): + * runtime/JSFunction.cpp: + (JSC::JSFunction::getConstructDataVirtual): + * runtime/JSFunction.h: + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::getConstructDataVirtual): + * runtime/NativeErrorConstructor.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getConstructDataVirtual): + * runtime/NumberConstructor.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::getConstructDataVirtual): + * runtime/ObjectConstructor.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::getConstructDataVirtual): + * runtime/RegExpConstructor.h: + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::getConstructDataVirtual): + * runtime/StringConstructor.h: + +2011-10-13 Filip Pizlo <fpizlo@apple.com> + + Rubber stamped Stephanie Lewis. + + DFG_ENABLE() macro was always returning false. + + * dfg/DFGNode.h: + +2011-10-13 Gavin Barraclough <baraclough@apple.com> + + Speculative build fix for !DFG builds. + + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + +2011-10-13 Oliver Hunt <oliver@apple.com> + + Fix performance of ValueToInt32 node when predicting double + https://bugs.webkit.org/show_bug.cgi?id=70063 + + Reviewed by Filip Pizlo. + + Currently we fail to inline double to int conversion when + performing a ValueToInt32 operation on a value we predict + to be a double. + + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + Apply correct filter for the double prediction path + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + Support double parameters even when value has been spilled. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileValueToInt32): + Moved old valueToInt32 code to this function, and added + path for double prediction + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + Made the two implementations of ValueToInt32 call a single + shared compileValueToInt32 function. + +2011-10-13 Chris Marrin <cmarrin@apple.com> + + Sync requestAnimationFrame callback to CVDisplayLink on Mac + https://bugs.webkit.org/show_bug.cgi?id=68911 + + Reviewed by Simon Fraser. + + Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations + that use the DisplayRefreshMonitor logic. + + * wtf/Platform.h: + +2011-10-13 Gavin Barraclough <baraclough@apple.com> + + DFG JIT should not be using ENABLE macro to enable features + https://bugs.webkit.org/show_bug.cgi?id=70060 + + Reviewed by Oliver Hunt. + + The ENABLE macro is only intended to be used to detect features that are configured + in Platform.h. Using its to detect settings defined in other headers is an error. + + The problem is that the ENABLE macro checks if the value is defined, so will silently + return false if you fail to include the header defining the switch. This is not a problem + if (1) the settings are defined in the same header that defines the macro that tests them, + or (2) the header is included everywhere. In the case of ENABLE settings defined in + Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro. + + * bytecode/CodeBlock.cpp: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getPrediction): + (JSC::DFG::ByteCodeParser::makeSafe): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGJITCodeGenerator.cpp: + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::noticeOSREntry): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + * dfg/DFGNode.h: + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::propagateArithNodeFlagsForward): + (JSC::DFG::Propagator::propagateArithNodeFlagsBackward): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::propagatePredictionsForward): + (JSC::DFG::Propagator::propagatePredictionsBackward): + (JSC::DFG::Propagator::propagatePredictions): + (JSC::DFG::Propagator::toDouble): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::fixup): + (JSC::DFG::Propagator::startIndexForChildren): + (JSC::DFG::Propagator::endIndexForPureCSE): + (JSC::DFG::Propagator::setReplacement): + (JSC::DFG::Propagator::eliminate): + (JSC::DFG::Propagator::performNodeCSE): + (JSC::DFG::Propagator::localCSE): + (JSC::DFG::Propagator::allocateVirtualRegisters): + (JSC::DFG::Propagator::performBlockCFA): + (JSC::DFG::Propagator::performForwardCFA): + (JSC::DFG::Propagator::globalCFA): + * dfg/DFGScoreBoard.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + +2011-10-13 Gavin Barraclough <baraclough@apple.com> + + terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell + + Rubber stamped by Filip Pizlo + + This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + +2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualized JSCell::toNumber + https://bugs.webkit.org/show_bug.cgi?id=69858 + + Reviewed by Sam Weinig. + + + Removed JSCallbackObject::toNumber because its no longer necessary since + JSObject::toNumber now suffices since we implicitly add valueOf to an object's + prototype whenever a convertToType callback is provided. + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + + De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber. + * runtime/JSCell.cpp: + (JSC::JSCell::toNumber): + * runtime/JSCell.h: + * runtime/JSObject.h: + * runtime/JSString.h: + + Removed JSNotAnObject::toNumber because its result doesn't matter and it implements + defaultValue, therefore JSObject::toNumber can cover its case. + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + +2011-10-13 Xianzhu Wang <wangxianzhu@chromium.org> + + Use realloc() to expand/shrink StringBuilder buffer + https://bugs.webkit.org/show_bug.cgi?id=69913 + + Reviewed by Darin Adler. + + * wtf/text/StringBuilder.cpp: + (WTF::StringBuilder::reserveCapacity): + (WTF::StringBuilder::reallocateBuffer): + (WTF::StringBuilder::appendUninitialized): + (WTF::StringBuilder::shrinkToFit): + * wtf/text/StringBuilder.h: + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer. + * wtf/text/StringImpl.h: + +2011-10-12 Filip Pizlo <fpizlo@apple.com> + + If an Arguments object is being used to copy the arguments, then + make this explicit + https://bugs.webkit.org/show_bug.cgi?id=69995 + + Reviewed by Sam Weinig. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::retrieveArguments): + * runtime/Arguments.h: + (JSC::Arguments::createAndCopyRegisters): + (JSC::Arguments::finishCreationButDontCopyRegisters): + (JSC::Arguments::finishCreation): + (JSC::Arguments::finishCreationAndCopyRegisters): + +2011-10-12 Filip Pizlo <fpizlo@apple.com> + + DFG CFA does not filter structures aggressively enough. + https://bugs.webkit.org/show_bug.cgi?id=69989 + + Reviewed by Oliver Hunt. + + * dfg/DFGAbstractValue.h: + (JSC::DFG::AbstractValue::clear): + (JSC::DFG::AbstractValue::makeTop): + (JSC::DFG::AbstractValue::clobberStructures): + (JSC::DFG::AbstractValue::set): + (JSC::DFG::AbstractValue::merge): + (JSC::DFG::AbstractValue::filter): + (JSC::DFG::AbstractValue::checkConsistency): + +2011-10-12 Adam Barth <abarth@webkit.org> + + Remove ENABLE(XHTMLMP) and associated code + https://bugs.webkit.org/show_bug.cgi?id=69729 + + Reviewed by David Levin. + + * Configurations/FeatureDefines.xcconfig: + +2011-10-12 Gavin Barraclough <baraclough@apple.com> + + MacroAssemblerX86 8-bit register ops unsafe on CPU(X86) + https://bugs.webkit.org/show_bug.cgi?id=69978 + + Reviewed by Filip Pizlo. + + Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ). + + compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding + a couple of xchg instructions. + + branchTest8 with a register argument is also affected. In all cases this is currently used + this is testing a value that is correct to 32 or more bits, so we can simply switch these + to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the + 32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction). + + This fixes the remaining fast/js failures with the DFG JIT 32_64. + + * assembler/MacroAssemblerARMv7.h + - removed branchTest8. + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::compare32): + (JSC::MacroAssemblerX86Common::test8): + (JSC::MacroAssemblerX86Common::test32): + (JSC::MacroAssemblerX86Common::set32): + - added set32 helper that is 'h' register safe. + - removed branchTest8. + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + - switch uses of branchTest8 to branchTest32. + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + - switch uses of branchTest8 to branchTest32. + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitBranch): + - switch uses of branchTest8 to branchTest32. + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitBranch): + - switch uses of branchTest8 to branchTest32. + +2011-10-12 Gavin Barraclough <baraclough@apple.com> + + Errrk, revert accidental commit! + + * wtf/Platform.h: + +2011-10-12 Gavin Barraclough <baraclough@apple.com> + + Unreviewed, re-land changes from #69890, #69903. + + These were reverted due to bug #69897, but #69903 fixed this problem. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillGPR): + +2011-10-12 Filip Pizlo <fpizlo@apple.com> + + ValueProfile::computeUpdatedPrediction doesn't merge statistics correctly + https://bugs.webkit.org/show_bug.cgi?id=69906 + + Reviewed by Gavin Barraclough. + + It turns out that the simplest fix is to switch computeUpdatedPredictions() + to using predictionFromValue() combined with mergePrediction(). Doing so + allowed me to kill off weakBuckets and visitWeakReferences(). Hence this + not only fixes a performance bug but kills off a lot of code that I never + liked to begin with. + + This appears to be a 1% win on V8. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeBlock.h: + * bytecode/PredictedType.cpp: + (JSC::predictionFromValue): + * bytecode/ValueProfile.cpp: + (JSC::ValueProfile::computeStatistics): + (JSC::ValueProfile::computeUpdatedPrediction): + * bytecode/ValueProfile.h: + (JSC::ValueProfile::classInfo): + (JSC::ValueProfile::numberOfSamples): + (JSC::ValueProfile::isLive): + (JSC::ValueProfile::dump): + +2011-10-12 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSCell::toString + https://bugs.webkit.org/show_bug.cgi?id=69677 + + Reviewed by Sam Weinig. + + Removed toString from JSCallbackObject, since it is no + longer necessary since we now implicitly add toString and valueOf + functions to object prototypes when a convertToType callback + is provided, which is now the standard way to override toString + and valueOf in the JSC C API. + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + + Removed toString from InterruptedExecutionError and + TerminatedExecutionError and replaced it with defaultValue, + which JSObject::toString calls. We'll probably have to de-virtualize + defaultValue eventually, but we'll cross that bridge when we + come to it. + * runtime/ExceptionHelpers.cpp: + (JSC::InterruptedExecutionError::defaultValue): + (JSC::TerminatedExecutionError::defaultValue): + * runtime/ExceptionHelpers.h: + + Removed toString from JSNotAnObject, since its return value doesn't + actually matter and JSObject::toString can cover it. + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + + De-virtualized JSCell::toString, JSObject::toString and JSString::toString. + Added handling of all cases for JSCell to JSCell::toString. + * runtime/JSObject.h: + * runtime/JSString.h: + * runtime/JSCell.cpp: + (JSC::JSCell::toString): + * runtime/JSCell.h: + +2011-10-12 Oliver Hunt <oliver@apple.com> + + Global stringStructure caches its prototype chain, abandoning a web page + https://bugs.webkit.org/show_bug.cgi?id=69952 + + Reviewed by Filip Pizlo. + + When visiting a structure, we don't keep the prototype chain + alive if we're not the structure for an object type. + + * runtime/Structure.cpp: + (JSC::Structure::visitChildren): + +2011-10-12 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG JIT 32_64 - Fix ArrayPop + https://bugs.webkit.org/show_bug.cgi?id=69918 + + Reviewed by Filip Pizlo. + + The storageLengthGPR is polluted by EmptyValueTag and later used to + index the array, which results in abnormal behaviors in execution. + This fix makes 32_64 DFG pass v8-deltablue and kraken + crypto-sha256-iterative on Linux ia32. + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::store32): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movl_i32m): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-12 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> + + Fix build with GLib 2.31 + https://bugs.webkit.org/show_bug.cgi?id=69840 + + Reviewed by Martin Robinson. + + * GNUmakefile.list.am: removed ThreadingGtk.cpp. + * wtf/ThreadingPrimitives.h: remove GTK+-specific definitions. + * wtf/gobject/GOwnPtr.cpp: remove GCond and GMutex specializations. + * wtf/gobject/GOwnPtr.h: ditto. + * wtf/gobject/GTypedefs.h: remove GCond and GMutex forward declarations. + * wtf/gtk/ThreadingGtk.cpp: Removed. + +2011-10-12 Filip Pizlo <fpizlo@apple.com> + + Layout tests crashing in DFG JIT code + https://bugs.webkit.org/show_bug.cgi?id=69897 + + Reviewed by Gavin Barraclough. + + Abstract value filtration didn't take into account cases where a structure + set filter, combined with predicted type knowledge, could lead to a stronger + filter for the structure abstract value. + + This bug would have been benign in release builds; it would have just meant + that the analysis was less precise and some optimization opportunities would + be missed. I have an ASSERT that is meant to catch such cases, and it was + triggering sporadically in one of the LayoutTests. + + * dfg/DFGAbstractValue.h: + (JSC::DFG::AbstractValue::filter): + +2011-10-11 Gavin Barraclough <baraclough@apple.com> + + Unreviewed, temporarily reverted r97216 due to bug #69897. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillGPR): + +2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG 32_64 - fix silentFillGPR + https://bugs.webkit.org/show_bug.cgi?id=69903 + + Reviewed by Filip Pizlo. + + Fix a small bug in silentFillGPR, + and add the newly introduced DFG file to CMakeListsEfl. + + * CMakeListsEfl.txt: + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillGPR): + +2011-10-08 Filip Pizlo <fpizlo@apple.com> + + DFG does not have flow-sensitive intraprocedural control flow analysis + https://bugs.webkit.org/show_bug.cgi?id=69690 + + Reviewed by Gavin Barraclough. + + Implemented a control flow analysis (CFA). It currently propagates type + proofs only. For example, if all predecessors to a basic block have + checks that variable X is a JSFinalObject with structure 0xabcdef, then + this basic block will now know this fact and will know that it does not + have to emit either JSFinalObject checks or any structure checks since + the structure is precisely known. The CFA takes heap side-effects into + account (though somewhat conservatively), so that if the object pointed + to by variable X could have possibly undergone a structure transition + then this is reflected: the analysis may simply say that X's structure + is unknown. + + This also propagates a wealth of other type information which is + currently not being used. For example, we now know when a variable can + only hold doubles. Even if a variable may hold other types at different + points in its live range, we can still prove exactly when it will only + be double. + + There's a bunch of stuff that the CFA could do that it still does not + do, like precise handling of PutStructure (i.e. structure transitions), + precise handling of CheckFunction and CheckMethod, etc. So this is + very much intended to be a starting point rather than an end unto + itself. + + This is a 1% win on V8 (mostly due to a 3% win on richards and deltablue) + and a 1% win on Kraken (mostly due to a 6% win on imaging-desaturate). + Neutral on SunSpider. + + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/ActionablePrediction.h: Removed. + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + * bytecode/PredictedType.h: + * dfg/DFGAbstractState.cpp: Added. + (JSC::DFG::AbstractState::AbstractState): + (JSC::DFG::AbstractState::~AbstractState): + (JSC::DFG::AbstractState::beginBasicBlock): + (JSC::DFG::AbstractState::initialize): + (JSC::DFG::AbstractState::endBasicBlock): + (JSC::DFG::AbstractState::reset): + (JSC::DFG::AbstractState::execute): + (JSC::DFG::AbstractState::clobberStructures): + (JSC::DFG::AbstractState::mergeStateAtTail): + (JSC::DFG::AbstractState::merge): + (JSC::DFG::AbstractState::mergeToSuccessors): + (JSC::DFG::AbstractState::mergeVariableBetweenBlocks): + (JSC::DFG::AbstractState::dump): + * dfg/DFGAbstractState.h: Added. + (JSC::DFG::AbstractState::forNode): + (JSC::DFG::AbstractState::isValid): + * dfg/DFGAbstractValue.h: Added. + (JSC::DFG::StructureAbstractValue::StructureAbstractValue): + (JSC::DFG::StructureAbstractValue::clear): + (JSC::DFG::StructureAbstractValue::makeTop): + (JSC::DFG::StructureAbstractValue::top): + (JSC::DFG::StructureAbstractValue::add): + (JSC::DFG::StructureAbstractValue::addAll): + (JSC::DFG::StructureAbstractValue::contains): + (JSC::DFG::StructureAbstractValue::isSubsetOf): + (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan): + (JSC::DFG::StructureAbstractValue::isSupersetOf): + (JSC::DFG::StructureAbstractValue::filter): + (JSC::DFG::StructureAbstractValue::isClear): + (JSC::DFG::StructureAbstractValue::isTop): + (JSC::DFG::StructureAbstractValue::size): + (JSC::DFG::StructureAbstractValue::at): + (JSC::DFG::StructureAbstractValue::operator[]): + (JSC::DFG::StructureAbstractValue::last): + (JSC::DFG::StructureAbstractValue::predictionFromStructures): + (JSC::DFG::StructureAbstractValue::operator==): + (JSC::DFG::StructureAbstractValue::dump): + (JSC::DFG::AbstractValue::AbstractValue): + (JSC::DFG::AbstractValue::clear): + (JSC::DFG::AbstractValue::isClear): + (JSC::DFG::AbstractValue::makeTop): + (JSC::DFG::AbstractValue::clobberStructures): + (JSC::DFG::AbstractValue::isTop): + (JSC::DFG::AbstractValue::top): + (JSC::DFG::AbstractValue::set): + (JSC::DFG::AbstractValue::operator==): + (JSC::DFG::AbstractValue::merge): + (JSC::DFG::AbstractValue::filter): + (JSC::DFG::AbstractValue::validate): + (JSC::DFG::AbstractValue::dump): + * dfg/DFGBasicBlock.h: Added. + (JSC::DFG::BasicBlock::BasicBlock): + (JSC::DFG::BasicBlock::getBytecodeBegin): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::setLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::setArgument): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::setupPredecessors): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::block): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::noticeOSREntry): + * dfg/DFGNode.h: + (JSC::DFG::NodeIndexTraits::defaultValue): + (JSC::DFG::Node::variableAccessData): + (JSC::DFG::Node::takenBytecodeOffsetDuringParsing): + (JSC::DFG::Node::notTakenBytecodeOffsetDuringParsing): + (JSC::DFG::Node::setTakenBlockIndex): + (JSC::DFG::Node::setNotTakenBlockIndex): + (JSC::DFG::Node::takenBlockIndex): + (JSC::DFG::Node::notTakenBlockIndex): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * dfg/DFGOSREntry.h: + * dfg/DFGOperands.h: Added. + (JSC::DFG::operandIsArgument): + (JSC::DFG::OperandValueTraits::defaultValue): + (JSC::DFG::Operands::Operands): + (JSC::DFG::Operands::numberOfArguments): + (JSC::DFG::Operands::numberOfLocals): + (JSC::DFG::Operands::argument): + (JSC::DFG::Operands::local): + (JSC::DFG::Operands::setLocal): + (JSC::DFG::Operands::setArgumentFirstTime): + (JSC::DFG::Operands::setLocalFirstTime): + (JSC::DFG::Operands::operand): + (JSC::DFG::Operands::setOperand): + (JSC::DFG::Operands::clear): + (JSC::DFG::dumpOperands): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::propagatePredictions): + (JSC::DFG::Propagator::performBlockCFA): + (JSC::DFG::Propagator::performForwardCFA): + (JSC::DFG::Propagator::globalCFA): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): + (JSC::DFG::SpeculativeJIT::compileGetByValOnString): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGStructureSet.h: + (JSC::DFG::StructureSet::clear): + (JSC::DFG::StructureSet::predictionFromStructures): + (JSC::DFG::StructureSet::operator==): + (JSC::DFG::StructureSet::dump): + * dfg/DFGVariableAccessData.h: Added. + +2011-10-11 Gavin Barraclough <baraclough@apple.com> + + DFG JIT 32_64 - Fix silentFillGPR for non-integer constants. + https://bugs.webkit.org/show_bug.cgi?id=69890 + + Reviewed by Oliver Hunt. + + Cell constants are currently hitting the valueOfInt32Constant case, there is no constant handling for JSValues. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillGPR): + +2011-10-11 Ryosuke Niwa <rniwa@webkit.org> + + GTK build fix attempt after r97197. + + * wtf/BitVector.h: + +2011-10-11 Oliver Hunt <oliver@apple.com> + + Remove unintentional logging. + + * heap/Heap.cpp: + +2011-10-11 Oliver Hunt <oliver@apple.com> + + Tidy up card walking logic + https://bugs.webkit.org/show_bug.cgi?id=69883 + + Reviewed by Gavin Barraclough. + + Special case common cell sizes when walking a block's + cards. + + * heap/CardSet.h: + (JSC::::testAndClear): + * heap/Heap.cpp: + (JSC::GCTimer::GCCounter::GCCounter): + (JSC::GCTimer::GCCounter::count): + (JSC::GCTimer::GCCounter::~GCCounter): + (JSC::Heap::markRoots): + * heap/MarkStack.cpp: + (JSC::MarkStack::reset): + * heap/MarkStack.h: + (JSC::MarkStack::visitCount): + (JSC::MarkStack::MarkStack): + (JSC::MarkStack::append): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::gatherDirtyCellsWithSize): + (JSC::MarkedBlock::gatherDirtyCells): + * runtime/Structure.h: + (JSC::MarkStack::internalAppend): + +2011-10-11 Filip Pizlo <fpizlo@apple.com> + + DFG virtual register allocator should be more aggressive in + reusing temporary slots + https://bugs.webkit.org/show_bug.cgi?id=69868 + + Reviewed by Oliver Hunt. + + 1.2% win on V8, neutral elsewhere. The win is probably because it + increases precision of GC conservative scans. + + This required making the DFG::ScoreBoard operate over a bitvector + of preserved variables, rather than just a preserved variable + threshold. To do this, I improved the WTF::BitVector class to make + it more user-friendly. It still retains all previous functionality. + Also made changes to PackedIntVector to accomodate those changes. + Finally, this adds more debugging to the virtual register allocator + and to the OSR exit code, as this was necessary to track down bugs + in an earlier version of this patch. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::getLocal): + * dfg/DFGGraph.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::allocateVirtualRegisters): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::ScoreBoard): + (JSC::DFG::ScoreBoard::~ScoreBoard): + (JSC::DFG::ScoreBoard::allocate): + (JSC::DFG::ScoreBoard::use): + (JSC::DFG::ScoreBoard::highWatermark): + (JSC::DFG::ScoreBoard::dump): + (JSC::DFG::ScoreBoard::max): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueRecovery::dump): + * wtf/BitVector.cpp: + (WTF::BitVector::setSlow): + (WTF::BitVector::resizeOutOfLine): + (WTF::BitVector::dump): + * wtf/BitVector.h: + (WTF::BitVector::BitVector): + (WTF::BitVector::operator=): + (WTF::BitVector::quickGet): + (WTF::BitVector::quickSet): + (WTF::BitVector::quickClear): + (WTF::BitVector::get): + (WTF::BitVector::set): + (WTF::BitVector::clear): + * wtf/PackedIntVector.h: + (WTF::PackedIntVector::get): + (WTF::PackedIntVector::set): + +2011-10-11 Gavin Barraclough <baraclough@apple.com> + + DFG JIT 32_64 - Switch to cdecl calling convention. + https://bugs.webkit.org/show_bug.cgi?id=69863 + + Reviewed by Oliver Hunt. + + This makes it easier to keep the stack correctly aligned, which is required on OS X. + + * assembler/MacroAssemblerCodeRef.h: + (JSC::FunctionPtr::FunctionPtr): + - Provide default FunctionPtr constructors for CDECL functions on STDCALL platforms. + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + - Switch calls to poke arguments rather than pushing them. + (JSC::DFG::resetCallArguments): + (JSC::DFG::addCallArgument): + (JSC::DFG::addCallArgumentBoxed): + - Helper functions to stack up call arguments on X86. + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + - Don't push, poke! + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::compileBody): + - Don't push, poke! + * dfg/DFGOperations.cpp: + - Switch ReturnAddress wrappers to push return address last, update asm trampolines. + * dfg/DFGOperations.h: + - switch DFG_OPERATION to assert CDECL on STDCALL platforms. + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::fmodWithCDecl): + (JSC::DFG::SpeculativeJIT::compile): + - On STDCALL platforms wrap fmod, since DFG_OPERATION wrappers are CDECL. + +2011-10-11 Gavin Barraclough <baraclough@apple.com> + + Switch RegisterSizedBoolean/dfgConvertJSValueToInt32 return type to size_t + https://bugs.webkit.org/show_bug.cgi?id=69821 + + Reviewed by Filip Pizlo. + + Operations returning types Z (int32_t) and B (RegisterSizedBoolean - implemented as an + intptr_t) are indistinguishable on 32-bit Linux, preventing the DFG JIT from building. + + dfgConvertJSValueToInt32 would be better returning a value known to be register sized, for + JSVALUE64 (we currently zero-extend in JIT code, potentially introducing an unnecessary + move), so by switching all associated operations to return a size_t we can fix the type + problem on Linux & make it a small tweak that removes an unnecessary instruction. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): + - comparisons now return a size_t. + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + - Removed Z_DFGOperation_EJ form. + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + - comparisons now return a size_t. + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + - comparisons now return a size_t. + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + - Change return types for comparison operations & dfgConvertJSValueToInt32 to size_t, + Both need to return values zero extended to fill a register. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + - comparisons now return a size_t. + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compare): + - comparisons now return a size_t. + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compare): + - comparisons now return a size_t. + +2011-10-11 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> + + [Qt] Remove all references to QTDIR_build and standalone_package + + Qt is now modularized, which means we no longer import WebKit into + the Qt source tree. Instead we use git submodules, and building + QtWebKit as "part of Qt" is really building QtWebKit as from trunk. + + To decrease the number of buildsystem configurations we also remove + the standalone_package code-path used when we were providing tarballs + with the derived sources pre-generated. + + Reviewed by Simon Hausmann. + + * DerivedSources.pro: + * JavaScriptCore.pri: + * JavaScriptCore.pro: + +2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com> + + Add missing copyright notice in DFG JIT files + https://bugs.webkit.org/show_bug.cgi?id=69809 + + Reviewed by Gavin Barraclough. + + * dfg/DFGJITCodeGenerator32_64.cpp: + * dfg/DFGJITCompiler32_64.cpp: + * dfg/DFGJITCompilerInlineMethods.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + +2011-10-10 Filip Pizlo <fpizlo@apple.com> + + DFG JSVALUE64 spill/fill code should not box integers and doubles + https://bugs.webkit.org/show_bug.cgi?id=69782 + + Reviewed by Oliver Hunt. + + Added the notion of DataFormatInteger and DataFormatDouble to the spillFormat. + This required changing all of the places that spill registers (both silently + and not) and filling registers (both silently and on demand). It also required + changing OSR exit to recognize that a spilled value (DisplacedInRegisterFile) + may have the wrong format for the old JIT (unboxed int or double). + + This is a slight win on Kraken (0.25%) and neutral elsewhere. + + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::spill): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillFPR): + (JSC::DFG::JITCodeGenerator::spill): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueRecovery::displacedInRegisterFile): + (JSC::DFG::ValueRecovery::virtualRegister): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + +2011-10-10 Gavin Barraclough <baraclough@apple.com> + + DFG JIT switch dfgConvert methods to use callOperation + https://bugs.webkit.org/show_bug.cgi?id=69806 + + Reviewed by Filip Pizlo. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + * dfg/DFGOperations.h: + +2011-10-10 Gavin Barraclough <baraclough@apple.com> + + Remove some unused methods from the DFG JIT. + + Rubber stamped by Oliver Hunt + + Thee methods were only used by the non-speculative JIT, and can be removed. + + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGJITCodeGenerator32_64.cpp: + * dfg/DFGJITCodeGenerator64.cpp: + - removed: + nonSpeculativeAdd + nonSpeculativeArithSub + nonSpeculativeArithMod + nonSpeculativeCheckHasInstance + nonSpeculativeInstanceOf + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + - removed: + operationArithMod + operationInstanceOf + operationThrowHasInstanceError + +2011-10-10 Gavin Barraclough <baraclough@apple.com> + + Switch most calls in DFGJITCodeGenerator to use callOperation. + https://bugs.webkit.org/show_bug.cgi?id=69802 + + Reviewed by Oliver Hunt. + + Compares, add, mod are the easy cases. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + +2011-10-10 Gavin Barraclough <baraclough@apple.com> + + DFG: Switch GetById / PutById to use callOperation + https://bugs.webkit.org/show_bug.cgi?id=69795 + + Reviewed by Oliver Hunt. + + Also make the take base as a cell, so 32_64 doesn't have to set up the cell tag. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::appropriatePutByIdFunction): + +2011-10-10 Filip Pizlo <fpizlo@apple.com> + + REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs + https://bugs.webkit.org/show_bug.cgi?id=69412 + + Reviewed by Oliver Hunt. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JIT.h: + +2011-10-10 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove getCallDataVirtual methods + https://bugs.webkit.org/show_bug.cgi?id=69186 + + Reviewed by Geoffrey Garen. + + Removed all getCallDataVirtual methods and replaced their call sites + with an explicit lookup in the MethodTable. + + * API/JSCallbackFunction.cpp: + * API/JSCallbackFunction.h: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + * API/JSObjectRef.cpp: + (JSObjectIsFunction): + (JSObjectCallAsFunction): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArrayConstructor.cpp: + * runtime/ArrayConstructor.h: + * runtime/BooleanConstructor.cpp: + * runtime/BooleanConstructor.h: + * runtime/DateConstructor.cpp: + * runtime/DateConstructor.h: + + Moved StrictModeTypeErrorFunction to Error.h in order to be able to include + the class definition in JSGlobalObject.cpp. + * runtime/Error.cpp: + (JSC::createTypeErrorFunction): + * runtime/Error.h: + (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): + (JSC::StrictModeTypeErrorFunction::create): + (JSC::StrictModeTypeErrorFunction::constructThrowTypeError): + (JSC::StrictModeTypeErrorFunction::getConstructData): + (JSC::StrictModeTypeErrorFunction::callThrowTypeError): + (JSC::StrictModeTypeErrorFunction::getCallData): + (JSC::StrictModeTypeErrorFunction::createStructure): + * runtime/ErrorConstructor.cpp: + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + * runtime/FunctionPrototype.h: + + To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have + to declare their own ClassInfo if they don't override getCallData, provided + an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same + functionality as of the pure virtual method InternalFunction used to have. + Also made this new implementation protected rather than private for the same reason. + Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever + object is being created provides their own implementation of getCallData. This + just makes execution fail earlier in a place where the source of the error is + easy to trace. These ASSERTs are better than putting a null in the MethodTable because + they appear much more intentional to anybody who fails to provide their own + implementation or who tries to explicitly call InternalFunction::getCallData. + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::finishCreation): + (JSC::InternalFunction::getCallData): + * runtime/InternalFunction.h: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + + Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable + it to be reused rather than creating a new Structure every time we instantiate it. + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure): + * runtime/JSONObject.cpp: + (JSC::Stringifier::Stringifier): + (JSC::Stringifier::toJSON): + (JSC::Stringifier::appendStringifiedValue): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + * runtime/JSObject.h: + (JSC::getCallData): + * runtime/NativeErrorConstructor.cpp: + * runtime/NativeErrorConstructor.h: + * runtime/NumberConstructor.cpp: + * runtime/NumberConstructor.h: + * runtime/ObjectConstructor.cpp: + * runtime/ObjectConstructor.h: + * runtime/Operations.cpp: + (JSC::jsTypeStringForValue): + (JSC::jsIsObjectType): + (JSC::jsIsFunctionType): + * runtime/PropertySlot.cpp: + (JSC::PropertySlot::functionGetter): + * runtime/RegExpConstructor.cpp: + * runtime/RegExpConstructor.h: + * runtime/StringConstructor.cpp: + * runtime/StringConstructor.h: + * runtime/Structure.h: + +2011-10-10 Gavin Barraclough <barraclough@apple.com> + + Switch last calls from DFGSpeculativeJIT to use callOperation. + https://bugs.webkit.org/show_bug.cgi?id=69780 + + Reviewed by Oliver Hunt. + + Also, rename type in operations for booleans from Z to B, since Z is the mathematical symbol for integers. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compile): + * wtf/Platform.h: + +2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com> + + JSVALUE32_64 DFG JIT - bug fix for V8 benchmark cases "crypto" and "raytrace" + https://bugs.webkit.org/show_bug.cgi?id=69748 + + Reviewed by Filip Pizlo. + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetMethod): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + +2011-10-10 Adam Roben <aroben@apple.com> + + Build fix + + * wtf/MainThread.h: Pull in Platform.h since this file uses PLATFORM() macros. + +2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com> + + JSVALUE32_64 DFG JIT - Bug fix for BranchNull + https://bugs.webkit.org/show_bug.cgi?id=69743 + + Reviewed by Darin Adler. + + This fixes the error in access-binary-trees. All SunSpider cases passed. + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): + +2011-10-07 Gavin Barraclough <barraclough@apple.com> + + DFG JIT: callOperation should return the Call. + https://bugs.webkit.org/show_bug.cgi?id=69682 + + Reviewed by Oliver Hunt. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + (JSC::DFG::appendCallWithExceptionCheckSetResult): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::appendCall): + * wtf/Platform.h: + +2011-10-10 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r97045. + http://trac.webkit.org/changeset/97045 + https://bugs.webkit.org/show_bug.cgi?id=69746 + + makes apple bots very crashy :( (Requested by kling on + #webkit). + + * config.h: + +2011-10-10 Andreas Kling <kling@webkit.org> + + Shrink BorderValue. + https://bugs.webkit.org/show_bug.cgi?id=69521 + + Reviewed by Antti Koivisto. + + * config.h: Touch to force full rebuild. + +2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> + + Improve Null or Undefined test in 32_64 DFG + https://bugs.webkit.org/show_bug.cgi?id=69734 + + Reviewed by Darin Adler. + + Currently Null or Undefined value test in 32_64 DFG will check + Null and Undefined tag separately and introduce one more branch. + It can be improved in the way how the baseline JIT is doing - by + relying on the fact that "UndefinedTag + 1 == NullTag and NullTag & 1". + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + +2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> + + JSVALUE32_64 DFG JIT - Bug fix for ConvertThis + https://bugs.webkit.org/show_bug.cgi?id=69721 + + Reviewed by Darin Adler. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> + + Remove unused callOperation code of DFG JIT on X86 + https://bugs.webkit.org/show_bug.cgi?id=69722 + + Reviewed by Filip Pizlo. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + +2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> + + JSVALUE32_64 DFG JIT - fillJSValue with a pair of GPRs should not set the registerFormat to be DataFormatJSDouble + https://bugs.webkit.org/show_bug.cgi?id=69720 + + Reviewed by Filip Pizlo. + + In JSVALUE32_64 DFG, DataFormatJSDouble is assumed to be represented by + a FPR and will be used for further optimizations, though we currently + don't fully utilize it. For now when filling a JS value which was + spilled as a JSDouble with a pair of GPRs, we'll set the registerFormat + to DataFormatJS to avoid compilation errors. + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillJSValue): + +2011-10-09 Filip Pizlo <fpizlo@apple.com> + + DFG should not always speculate that a ByVal access has an integer index + https://bugs.webkit.org/show_bug.cgi?id=69716 + + Reviewed by Oliver Hunt. + + 1% win on SunSpider, neutral elsewhere. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGNode.h: + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::byValHasIntBase): + (JSC::DFG::Propagator::clobbersWorld): + (JSC::DFG::Propagator::getMethodLoadElimination): + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::getPropertyStorageLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> + + Fix value profiling in 32_64 JIT + https://bugs.webkit.org/show_bug.cgi?id=69717 + + Reviewed by Filip Pizlo. + + Current value profiling for 32_64 JIT is broken and cannot record + correct predicated types, which results in many speculation failures + in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations + again and again. + With this fix 32_64 DFG JIT can demonstrate real performance gains. + + * bytecode/ValueProfile.cpp: + (JSC::ValueProfile::computeStatistics): + * bytecode/ValueProfile.h: + (JSC::ValueProfile::classInfo): + (JSC::ValueProfile::numberOfSamples): + (JSC::ValueProfile::isLive): + (JSC::ValueProfile::numberOfInt32s): + (JSC::ValueProfile::numberOfDoubles): + (JSC::ValueProfile::numberOfBooleans): + (JSC::ValueProfile::dump): + Empty value check should be performed on decoded JSValue, + as for 32_64 empty value is not identical to encoded 0. + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + * jit/JITStubCall.h: + (JSC::JITStubCall::callWithValueProfiling): + Record the right profiling result for 32_64. + +2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> + + Remove 32 bit restrictions in DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=69711 + + Reviewed by Filip Pizlo. + + op_call/op_construct support was disabled for 32 bit DFG JIT because + there was regression in javascriptcore tests. Now the bugs are fixed + and there should be no regression. This makes 32 bit DFG have the same + capability as 64 bit DFG, and improves the coverage. + + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + +2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com> + + Add static version of JSCell::getConstructData + https://bugs.webkit.org/show_bug.cgi?id=69673 + + Reviewed by Geoffrey Garen. + + Added static version of getConstructData to all classes that + override it and changed the virtual versions to call the static + versions. This is the first step in de-virtualizing JSCell::getConstructData. + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::getConstructData): + * API/JSCallbackConstructor.h: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::getConstructData): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::getConstructData): + * runtime/ArrayConstructor.h: + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::getConstructData): + * runtime/BooleanConstructor.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::getConstructData): + * runtime/DateConstructor.h: + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::getConstructData): + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::getConstructData): + * runtime/FunctionConstructor.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getConstructData): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::getConstructData): + * runtime/JSFunction.h: + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::getConstructData): + * runtime/NativeErrorConstructor.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getConstructData): + * runtime/NumberConstructor.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::getConstructData): + * runtime/ObjectConstructor.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::getConstructData): + * runtime/RegExpConstructor.h: + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::getConstructData): + * runtime/StringConstructor.h: + +2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com> + + Add static version of JSCell::getOwnPropertySlot + https://bugs.webkit.org/show_bug.cgi?id=69593 + + Reviewed by Geoffrey Garen. + + Added static version of getOwnPropertySlot to every class that overrides + JSCell::getOwnPropertySlot. The virtual versions now call the static versions. + This is the first step in de-virtualizing JSCell::getOwnPropertySlot. + + * JavaScriptCore.exp: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::getOwnPropertySlot): + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertySlot): + * runtime/Arguments.h: + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::getOwnPropertySlot): + * runtime/ArrayPrototype.h: + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::getOwnPropertySlot): + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::getOwnPropertySlot): + * runtime/DateConstructor.h: + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::getOwnPropertySlot): + * runtime/DatePrototype.h: + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::getOwnPropertySlot): + * runtime/ErrorPrototype.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::getOwnPropertySlot): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertySlot): + * runtime/JSArray.h: + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::getOwnPropertySlot): + * runtime/JSBoundFunction.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::getOwnPropertySlot): + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getOwnPropertySlot): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertySlot): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::getOwnPropertySlot): + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::getOwnPropertySlot): + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + (JSC::JSONObject::getOwnPropertySlot): + * runtime/JSONObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::getOwnPropertySlot): + * runtime/JSObject.h: + (JSC::JSObject::getOwnPropertySlot): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::getOwnPropertySlot): + * runtime/JSStaticScopeObject.h: + * runtime/JSString.cpp: + (JSC::JSString::getOwnPropertySlot): + * runtime/JSString.h: + * runtime/MathObject.cpp: + (JSC::MathObject::getOwnPropertySlot): + * runtime/MathObject.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getOwnPropertySlot): + * runtime/NumberConstructor.h: + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::getOwnPropertySlot): + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::getOwnPropertySlot): + * runtime/ObjectConstructor.h: + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::getOwnPropertySlot): + * runtime/ObjectPrototype.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::getOwnPropertySlot): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::getOwnPropertySlot): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::getOwnPropertySlot): + * runtime/RegExpObject.h: + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::getOwnPropertySlot): + * runtime/RegExpPrototype.h: + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::getOwnPropertySlot): + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + (JSC::StringObject::getOwnPropertySlot): + * runtime/StringObject.h: + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::getOwnPropertySlot): + * runtime/StringPrototype.h: + +2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com> + + JSVALUE32_64 DFG JIT - GetLocal should produce a cell result for Array predictions + https://bugs.webkit.org/show_bug.cgi?id=69699 + + Reviewed by Filip Pizlo. + + It should match SetLocal where only payload is stored for array predictions. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com> + + JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot + https://bugs.webkit.org/show_bug.cgi?id=69702 + + Reviewed by Filip Pizlo. + + There are some errors in generating code for Branch and LogicalNot, + when the operand is predicted as ObjectOrOther. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + +2011-10-08 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r96996. + http://trac.webkit.org/changeset/96996 + https://bugs.webkit.org/show_bug.cgi?id=69697 + + It broke all tests on the Qt bot (Requested by Ossy_night on + #webkit). + + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::getCallDataVirtual): + * API/JSCallbackFunction.h: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::getCallDataVirtual): + * API/JSObjectRef.cpp: + (JSObjectIsFunction): + (JSObjectCallAsFunction): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::getCallDataVirtual): + * runtime/ArrayConstructor.h: + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::getCallDataVirtual): + * runtime/BooleanConstructor.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::getCallDataVirtual): + * runtime/DateConstructor.h: + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): + (JSC::StrictModeTypeErrorFunction::create): + (JSC::StrictModeTypeErrorFunction::constructThrowTypeError): + (JSC::StrictModeTypeErrorFunction::getConstructData): + (JSC::StrictModeTypeErrorFunction::callThrowTypeError): + (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): + (JSC::StrictModeTypeErrorFunction::getCallData): + (JSC::StrictModeTypeErrorFunction::createStructure): + (JSC::createTypeErrorFunction): + * runtime/Error.h: + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::getCallDataVirtual): + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::getCallDataVirtual): + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::getCallDataVirtual): + * runtime/FunctionPrototype.h: + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::finishCreation): + * runtime/InternalFunction.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getCallDataVirtual): + * runtime/JSCell.h: + (JSC::getCallData): + * runtime/JSFunction.cpp: + (JSC::JSFunction::getCallDataVirtual): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + * runtime/JSONObject.cpp: + (JSC::Stringifier::Stringifier): + (JSC::Stringifier::toJSON): + (JSC::Stringifier::appendStringifiedValue): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + * runtime/JSObject.h: + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::getCallDataVirtual): + * runtime/NativeErrorConstructor.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getCallDataVirtual): + * runtime/NumberConstructor.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::getCallDataVirtual): + * runtime/ObjectConstructor.h: + * runtime/Operations.cpp: + (JSC::jsTypeStringForValue): + (JSC::jsIsObjectType): + (JSC::jsIsFunctionType): + * runtime/PropertySlot.cpp: + (JSC::PropertySlot::functionGetter): + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::getCallDataVirtual): + * runtime/RegExpConstructor.h: + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::getCallDataVirtual): + * runtime/StringConstructor.h: + * runtime/Structure.h: + +2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG JIT - only Array predictions can result in unboxed cells in register file + https://bugs.webkit.org/show_bug.cgi?id=69695 + + Reviewed by Filip Pizlo. + + In current DFG JIT, only array predictions can result in unboxed cells + in register file, not for the other cell predictions. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueSource::forPrediction): + +2011-10-07 Yuqiang Xian <yuqiang.xian@intel.com> + + bug fixes for ArrayPush and ArrayPop in 32_64 DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=69696 + + Reviewed by Filip Pizlo. + + On 32-bit, we should use TimesEight (8) instead of ScalePtr (4) + to compute the address of a JS array element. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com> + + Add static version of JSCell::deleteProperty + https://bugs.webkit.org/show_bug.cgi?id=69659 + + Reviewed by Geoffrey Garen. + + Added static version of both versions of put to all classes that + override them and changed the virtual versions to call the static + versions. This is the first step in de-virtualizing JSCell::deleteProperty. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::deleteProperty): + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::deleteProperty): + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + (JSC::Arguments::deleteProperty): + * runtime/Arguments.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::deleteProperty): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::deleteProperty): + * runtime/JSArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::deleteProperty): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::deleteProperty): + * runtime/JSFunction.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::deleteProperty): + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::deleteProperty): + * runtime/JSObject.h: + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::deleteProperty): + * runtime/JSVariableObject.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::deleteProperty): + * runtime/StrictEvalActivation.cpp: + (JSC::StrictEvalActivation::deleteProperty): + * runtime/StrictEvalActivation.h: + * runtime/StringObject.cpp: + (JSC::StringObject::deleteProperty): + * runtime/StringObject.h: + +2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove getCallDataVirtual methods + https://bugs.webkit.org/show_bug.cgi?id=69186 + + Reviewed by Geoffrey Garen. + + Removed all getCallDataVirtual methods and replaced their call sites + with an explicit lookup in the MethodTable. + + * API/JSCallbackFunction.cpp: + * API/JSCallbackFunction.h: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + * API/JSObjectRef.cpp: + (JSObjectIsFunction): + (JSObjectCallAsFunction): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArrayConstructor.cpp: + * runtime/ArrayConstructor.h: + * runtime/BooleanConstructor.cpp: + * runtime/BooleanConstructor.h: + * runtime/DateConstructor.cpp: + * runtime/DateConstructor.h: + * runtime/Error.cpp: + (JSC::createTypeErrorFunction): + + Moved StrictModeTypeErrorFunction to Error.h in order to be able to include + the class definition in JSGlobalObject.cpp. + * runtime/Error.h: + (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): + (JSC::StrictModeTypeErrorFunction::create): + (JSC::StrictModeTypeErrorFunction::constructThrowTypeError): + (JSC::StrictModeTypeErrorFunction::getConstructData): + (JSC::StrictModeTypeErrorFunction::callThrowTypeError): + (JSC::StrictModeTypeErrorFunction::getCallData): + (JSC::StrictModeTypeErrorFunction::createStructure): + * runtime/ErrorConstructor.cpp: + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + * runtime/FunctionPrototype.h: + + To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have + to declare their own ClassInfo if they don't override getCallData, provided + an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same + functionality as of the pure virtual method InternalFunction used to have. + Also made this new implementation protected rather than private for the same reason. + Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever + object is being created provides their own implementation of getCallData. This + just makes execution fail earlier in a place where the source of the error is + easy to trace. These ASSERTs are better than putting a null in the MethodTable because + they appear much more intentional to anybody who fails to provide their own + implementation or who tries to explicitly call InternalFunction::getCallData. + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::finishCreation): + (JSC::InternalFunction::getCallData): + * runtime/InternalFunction.h: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + + Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable + it to be reused rather than creating a new Structure every time we instantiate it. + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure): + * runtime/JSONObject.cpp: + (JSC::Stringifier::Stringifier): + (JSC::Stringifier::toJSON): + (JSC::Stringifier::appendStringifiedValue): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + * runtime/JSObject.h: + (JSC::getCallData): + * runtime/NativeErrorConstructor.cpp: + * runtime/NativeErrorConstructor.h: + * runtime/NumberConstructor.cpp: + * runtime/NumberConstructor.h: + * runtime/ObjectConstructor.cpp: + * runtime/ObjectConstructor.h: + * runtime/Operations.cpp: + (JSC::jsTypeStringForValue): + (JSC::jsIsObjectType): + (JSC::jsIsFunctionType): + * runtime/PropertySlot.cpp: + (JSC::PropertySlot::functionGetter): + * runtime/RegExpConstructor.cpp: + * runtime/RegExpConstructor.h: + * runtime/StringConstructor.cpp: + * runtime/StringConstructor.h: + * runtime/Structure.h: + +2011-10-07 Oliver Hunt <oliver@apple.com> + + Add missing break statement. + + Reviewed by Gavin Barraclough. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + +2011-10-07 Oliver Hunt <oliver@apple.com> + + Support some string intrinsics in the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=69678 + + Reviewed by Gavin Barraclough. + + Add support for charAt and charCodeAt intrinsics in the DFG. + + * create_hash_table: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleIntrinsic): + * dfg/DFGIntrinsic.h: + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com> + + Add static version of JSCell::put + https://bugs.webkit.org/show_bug.cgi?id=69382 + + Reviewed by Geoffrey Garen. + + Added static version of both versions of put to all classes that + override them and changed the virtual versions to call the static + versions. + + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::put): + * JavaScriptCore.exp: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::put): + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + (JSC::Arguments::put): + * runtime/Arguments.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::put): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::put): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::put): + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + (JSC::JSCell::put): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::put): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::put): + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::put): + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::put): + * runtime/JSObject.h: + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::put): + * runtime/JSStaticScopeObject.h: + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::put): + * runtime/ObjectPrototype.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::put): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::put): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::put): + * runtime/RegExpObject.h: + * runtime/StringObject.cpp: + (JSC::StringObject::put): + * runtime/StringObject.h: + +2011-10-07 Gavin Barraclough <barraclough@apple.com> + + Refactor DFG to make for use of callOperation + https://bugs.webkit.org/show_bug.cgi?id=69672 + + Reviewed by Oliver Hunt. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + - Added new callOperation calls, don't ASSERT flushed (use helpers for unexpected calls, too). + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + - Switch operationNewObject/operationCreateThis to return Cells, + - Added C_DFGOperation_E/C_DFGOperation_EC/J_DFGOperation_EA/J_DFGOperation_EJA call types. + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + - Replace code plating calls to operations to with calls to callOperation. + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + - Replace code plating calls to operations to with calls to callOperation. + +2011-10-07 Oliver Hunt <oliver@apple.com> + + Support string indexing in the DFG + https://bugs.webkit.org/show_bug.cgi?id=69671 + + Reviewed by Gavin Barraclough. + + Emit code to support inline indexing of strings + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetByValOnString): + Shared code to perform string indexing. + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + Use compileGetByValOnString if we predict that the base object + is a string in GetByVal. + * runtime/JSString.h: + (JSC::JSString::offsetOfFiberCount): + (JSC::JSString::offsetOfValue): + +2011-10-07 Filip Pizlo <fpizlo@apple.com> + + DFG ConvertThis speculation logic is wrong + https://bugs.webkit.org/show_bug.cgi?id=69663 + + Reviewed by Oliver Hunt. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::fixupNode): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-07 Oliver Hunt <oliver@apple.com> + + Verify that our call speculation is valid. + + Reviewed by Filip Pizlo. + + Before specialising an intrinsic we need to verify that + we our speculation is correct. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + +2011-10-07 Brent Fulgham <bfulgham@webkit.org> + + [WinCairo] Unreviewed build correction for the build bot. + + * JavaScriptCore.vcproj/JavaScriptCore.sln: Add the missing + Release_Cairo_CFLite and Debug_Cairo_CFLite targets so that + build-jsc can find the target it needs to run the JSC tests. + +2011-10-07 Oliver Hunt <oliver@apple.com> + + Fix 32-bit build. + + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCall): + +2011-10-07 Oliver Hunt <oliver@apple.com> + + Support direct calls to intrinsic functions + https://bugs.webkit.org/show_bug.cgi?id=69646 + + Reviewed by Gavin Barraclough. + + Add support for optimising non-method_check calls + to intrinsic functions (eg. when Math.abs, etc are + cached in local variables). + + * bytecode/CodeBlock.h: + (JSC::getCallLinkInfoBytecodeIndex): + Support searching CallLinkInfos by bytecode index + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + Add support for linked calls in addition to method_check + when searching for intrinsics + * dfg/DFGNode.h: + (JSC::DFG::Node::hasFunctionCheckData): + (JSC::DFG::Node::function): + Add ability to store a JSFunction* in a node - this is safe + as the function will be marked by the codeblock we're compiling + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::checkFunctionElimination): + (JSC::DFG::Propagator::performNodeCSE): + Add support for new CheckFunction node, and implement CSE pass. + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + Rather trivial implementation of CheckFunction + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JIT.h: + * jit/JITCall.cpp: + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCall): + Need to propagate bytecode index for calls now. + +2011-10-07 Dominic Cooney <dominicc@chromium.org> + + [JSC] Disable ThreadRestrictionVerifier for JIT ExecutableMemoryHandles + https://bugs.webkit.org/show_bug.cgi?id=69599 + + Reviewed by Sam Weinig. + + DFG JIT manipulates MetaAllocatorHandles across threads, eg in + allocating JITCode buffers on a background thread to execute a + proxy autoconfiguration PAC file but garbage collecting it in + response to allocation on the main thread. Disabling + ThreadRestrictionVerification until there is a verification scheme + that understands this handoff. + + * wtf/MetaAllocator.cpp: + (WTF::MetaAllocator::allocate): + +2011-10-06 Filip Pizlo <fpizlo@apple.com> + + DFG should not always speculate that ConvertThis is operating on an object + https://bugs.webkit.org/show_bug.cgi?id=69570 + + Reviewed by Oliver Hunt. + + Mostly neutral, but with a slight regression in Kraken since it increases + coverage in DFG and thus reveals some performance pathologies (which I + prefer to think of as performance opportunities, in a good way). + + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + * bytecode/PredictedType.h: + (JSC::isOtherPrediction): + (JSC::mergePredictions): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com> + + Windows build fix + + Unreviewed build fix. Weird runtime failures on Windows due to + linking issues caused by the ClassInfo struct in JSByteArray not + being declared with JS_EXPORTDATA. + + * runtime/JSByteArray.h: + +2011-10-06 Filip Pizlo <fpizlo@apple.com> + + Structure does not reset m_previous when pinning the property map + https://bugs.webkit.org/show_bug.cgi?id=69583 + + Reviewed by Gavin Barraclough. + + This is an 0.6% performance improvement in V8, and 0.2% overall. + + * runtime/Structure.cpp: + (JSC::Structure::changePrototypeTransition): + (JSC::Structure::despecifyFunctionTransition): + (JSC::Structure::getterSetterTransition): + (JSC::Structure::toDictionaryTransition): + (JSC::Structure::preventExtensionsTransition): + (JSC::Structure::addPropertyWithoutTransition): + (JSC::Structure::removePropertyWithoutTransition): + (JSC::Structure::pin): + * runtime/Structure.h: + +2011-10-06 Anders Carlsson <andersca@apple.com> + + When building with clang, enable -Wglobal-constructors and -Wexit-time-destructors + https://bugs.webkit.org/show_bug.cgi?id=69586 + + Reviewed by Darin Adler. + + * Configurations/Base.xcconfig: + Add -Wglobal-constructors and -Wexit-time-destructors when building with clang. + + * JavaScriptCore.xcodeproj/project.pbxproj: + When building with clang, we don't need to run the check-for-global-initializers and + check-for-exit-time-destructors anymore. + + * jsc.cpp: + (runInteractive): + Move interpreterName into runInteractive. + + * wtf/StdLibExtras.h: + When building with clang, disable the -Wglobal-constructors and -Wexit-time-destructors + warnings around the variable declaration. + +2011-10-06 Anders Carlsson <andersca@apple.com> + + Add DEFINE_DEBUG_ONLY_GLOBAL for globals that should be defined in debug builds + https://bugs.webkit.org/show_bug.cgi?id=69584 + + Reviewed by Darin Adler. + + Add DEFINE_DEBUG_ONLY_GLOBAL macro. + + * wtf/StdLibExtras.h: + +2011-10-06 Oliver Hunt <oliver@apple.com> + + Write barrier shouldn't allocate temporaries inside control flow + https://bugs.webkit.org/show_bug.cgi?id=69582 + + Reviewed by Gavin Barraclough. + + Reorder the code to avoid spill-related badness. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::writeBarrier): + +2011-10-06 Filip Pizlo <fpizlo@apple.com> + + DFG::shouldSpeculate methods are too complicated + https://bugs.webkit.org/show_bug.cgi?id=69560 + + Reviewed by Geoffrey Garen. + + Moved shouldSpeculate methods to DFG::Node, and cleaned them up to + just use node predictions. + + By itself this would have meant that SpeculativeJIT code would have + had to say things like m_jit.graph()[nodeIndex].shouldSpeculateXYZ(). + So this adds an at(NodeIndex) method to JITCodeGenerator. I replaced + all uses of the m_jit.graph()[nodeIndex] idiom with at(nodeIndex). + + This is an 0.4% progression overall that shows up in all benchmarks, + for reasons unknown. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::at): + (JSC::DFG::JITCodeGenerator::canReuse): + (JSC::DFG::JITCodeGenerator::isFilled): + (JSC::DFG::JITCodeGenerator::isFilledDouble): + (JSC::DFG::JITCodeGenerator::use): + (JSC::DFG::JITCodeGenerator::silentSpillFPR): + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::silentFillFPR): + (JSC::DFG::detectPeepHoleBranch): + (JSC::DFG::integerResult): + (JSC::DFG::noResult): + (JSC::DFG::cellResult): + (JSC::DFG::jsValueResult): + (JSC::DFG::storageResult): + (JSC::DFG::doubleResult): + (JSC::DFG::initConstantInfo): + (JSC::DFG::appendCallWithExceptionCheck): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGNode.h: + (JSC::DFG::Node::shouldSpeculateInteger): + (JSC::DFG::Node::shouldSpeculateDouble): + (JSC::DFG::Node::shouldSpeculateNumber): + (JSC::DFG::Node::shouldNotSpeculateInteger): + (JSC::DFG::Node::shouldSpeculateFinalObject): + (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther): + (JSC::DFG::Node::shouldSpeculateArray): + (JSC::DFG::Node::shouldSpeculateArrayOrOther): + (JSC::DFG::Node::shouldSpeculateObject): + (JSC::DFG::Node::shouldSpeculateCell): + (JSC::DFG::Node::canSpeculateInteger): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isInteger): + (JSC::DFG::SpeculativeJIT::isKnownArray): + (JSC::DFG::SpeculativeJIT::isKnownString): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::convertToDouble): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitBranch): + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-06 Gavin Peters <gavinp@chromium.org> + + REGRESSION (r96595): First frame in assertion backtraces is no longer labeled "1" + https://bugs.webkit.org/show_bug.cgi?id=69556 + + Reviewed by Adam Roben. + + * wtf/Assertions.cpp: + +2011-10-06 Filip Pizlo <fpizlo@apple.com> + + DFG implementation of UInt32ToNumber is missing a break statement + https://bugs.webkit.org/show_bug.cgi?id=69552 + + Reviewed by Oliver Hunt. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-06 Gavin Barraclough <barraclough@apple.com> + + Unreviewed build fix for DFG JIT 32_64 release builds. + + * dfg/DFGJITCompiler.cpp: + * dfg/DFGJITCompiler.h: + * dfg/DFGJITCompiler32_64.cpp: + - Remove three unused methods. + +2011-10-06 Gavin Barraclough <barraclough@apple.com> + + DFG JIT 32_64 should check type of values being filled by fillSpeculateInt + https://bugs.webkit.org/show_bug.cgi?id=69549 + + Reviewed by Oliver Hunt. + + This breaks sunspider/3d-cube. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + - Speculation check on the tag. + +2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com> + + Snow Leopard build fix + + Unreviewed build fix + + * JavaScriptCore.exp: + +2011-10-05 Gavin Barraclough <barraclough@apple.com> + + Add explicit JSGlobalThis type. + https://bugs.webkit.org/show_bug.cgi?id=69478 + + Reviewed by Darin Adler. + + JSC supports a split global object, as used by WebCore for the Window. As a stage + of making this visible to JSC, make it so that if the global this value is not the + global object itself, it must be a subclass of JSGlobalThis. + + * API/JSCallbackObjectFunctions.h: + (JSC::::finishCreation): + - Don't pass the thisValue to JSGlobalObject::finishCreation. + * JavaScriptCore.xcodeproj/project.pbxproj: + - Added JSGlobalThis.h + * jsc.cpp: + (GlobalObject::finishCreation): + - Don't pass the thisValue to JSGlobalObject::finishCreation. + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::create): + (JSC::JSGlobalObject::finishCreation): + - finishCreation takes a JSGlobalThis, or thisValue is implicit. + * runtime/JSGlobalThis.h: Added. + (JSC::JSGlobalThis::create): + (JSC::JSGlobalThis::JSGlobalThis): + (JSC::JSGlobalThis::finishCreation): + - Thin wrapper on JSNonFinalObject to allow type checking. + * testRegExp.cpp: + (GlobalObject::finishCreation): + - Don't pass the thisValue to JSGlobalObject::finishCreation. + +2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com> + + JSC objects need to know their own cell size at runtime. + https://bugs.webkit.org/show_bug.cgi?id=69390 + + Reviewed by Geoffrey Garen. + + Added the cellSize field to ClassInfo and the static calculation of + size of each class to the CREATE_METHOD_TABLE macro, which will be + renamed in a followup patch to make its name match its broader use. + + Also added a few ClassInfo structs so that each object that is allocated has its + correct size. + + * JavaScriptCore.exp: + * runtime/ClassInfo.h: + + Changed JSByteArray s_defaultInfo to s_info so that the template will get the + correct ClassInfo struct from it when it's allocated. + * runtime/JSByteArray.cpp: + * runtime/JSByteArray.h: + * runtime/JSCell.h: + (JSC::allocateCell): + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + * runtime/JSObject.h: + (JSC::JSCell::cellSize): + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: + * runtime/StrictEvalActivation.cpp: + * runtime/StrictEvalActivation.h: + +2011-10-06 Gavin Peters <gavinp@chromium.org> + + export new stack dumping method + https://bugs.webkit.org/show_bug.cgi?id=69018 + + The original landing of bug 69018 didn't export WTFGetBacktrace, so that when bug 69453 landed, the first use + of this function, many builds broke. So here we add the exports, so that the function is usable. + + Reviewed by Adam Roben. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-10-06 Csaba Osztrogonác <ossy@webkit.org> + + REGRESSION(r96347): Build is broken with MSVC compiler if !PLATFORM(WINDOWS) + https://bugs.webkit.org/show_bug.cgi?id=69413 + + Reviewed by Darin Adler. + + * assembler/MacroAssemblerCodeRef.h: Define STDCALL for MSVC in a proper way. + +2011-10-05 Filip Pizlo <fpizlo@apple.com> + + SpeculativeJIT::isKnownString() is wrong + https://bugs.webkit.org/show_bug.cgi?id=69501 + + Reviewed by Oliver Hunt. + + Removed the wrong case (GetLocal predicted String) and added a case that + works (StrCat). + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isKnownString): + +2011-10-05 Ryosuke Niwa <rniwa@webkit.org> + + Windows build fix attempt after r96760. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-10-05 Chris Rogers <crogers@google.com> + + Define a log2f() function for Windows in wtf/MathExtras.h + https://bugs.webkit.org/show_bug.cgi?id=69491 + + Reviewed by Darin Adler. + + * wtf/MathExtras.h: + (log2f): + +2011-10-05 Jer Noble <jer.noble@apple.com> + + Enable WEB_AUDIO by default in the WebKit/mac port. + https://bugs.webkit.org/show_bug.cgi?id=68587 + + Reviewed by Simon Fraser. + + * Configurations/FeatureDefines.xcconfig: + * wtf/Platform.h: + +2011-10-05 Filip Pizlo <fpizlo@apple.com> + + Assertion hit in JSC::DFG::SpeculativeJIT::compile on SL bots + https://bugs.webkit.org/show_bug.cgi?id=69346 + + Reviewed by Oliver Hunt. + + Removed the assertion, since it was completely wrong for op_post_inc. + Short of having specialized PostInc nodes in the DFG, there is no + robust way of asserting what this assertion was trying to assert while + also supporting op_post_inc. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-05 Geoffrey Garen <ggaren@apple.com> + + Added a simpler mechanism for registering one-off finalizers + https://bugs.webkit.org/show_bug.cgi?id=69466 + + Reviewed by Oliver Hunt. + + * heap/Heap.cpp: + (JSC::Heap::addFinalizer): + (JSC::Heap::FinalizerOwner::finalize): + * heap/Heap.h: New function for adding an arbitrary finalizer for an + arbitrary cell without declaring any special classes or Handles yourself. + + * JavaScriptCore.exp: Fix build. + + * runtime/Executable.cpp: + (JSC::ExecutableBase::clearCode): + (JSC::ExecutableBase::clearCodeVirtual): + (JSC::EvalExecutable::clearCodeVirtual): + (JSC::ProgramExecutable::clearCodeVirtual): + (JSC::FunctionExecutable::discardCode): + (JSC::FunctionExecutable::clearCodeVirtual): + * runtime/Executable.h: + (JSC::ExecutableBase::finishCreation): Use the new mechanism for eager + finalization of executables. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::clearRareData): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::createRareDataIfNeeded): + (JSC::JSGlobalObject::registerWeakMap): Use the new mechanism for eager + finalization of weak maps. + +2011-10-05 Adam Roben <aroben@apple.com> + + Ensure RetainPtr::hashTableDeletedValue returns a pointer, not a pointer to a pointer + + RetainPtr's behavior of allowing the template parameter to be either a pointer type or a + pointed-to type confused us when we implemented hashTableDeletedValue. + + Fixes <http://webkit.org/b/69414> <rdar://problem/10236833> Using RetainPtr as the key type + in HashMap/HashSet fails to compile + + Reviewed by John Sullivan. + + * wtf/RetainPtr.h: + (WTF::RetainPtr::hashTableDeletedValue): Changed to use the PtrType typedef rather than T*, + since T might itself be a pointer. + + (WTF::PtrHash<RetainPtr<P> >): Updated this to use PtrType everywhere, even though T* didn't + seem to be causing a problem. + +2011-10-05 Oliver Hunt <oliver@apple.com> + + Remove last vestiges of anonymous storage. + + Reviewed by Gavin Barraclough. + + One anonymous storage function escaped my prior purge of + this feature, this patch removes it. + + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::finishCreation): + * runtime/JSObject.h: + +2011-10-04 Filip Pizlo <fpizlo@apple.com> + + DFG should be capable of a broader range of speculations on branch and not + https://bugs.webkit.org/show_bug.cgi?id=69322 + + Reviewed by Oliver Hunt. + + * bytecode/PredictedType.h: + (JSC::isFinalObjectOrOtherPrediction): + (JSC::isArrayOrOtherPrediction): + * dfg/DFGJITCodeGenerator.cpp: + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::JITCodeGenerator): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObjectOrOther): + (JSC::DFG::SpeculativeJIT::shouldSpeculateArrayOrOther): + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitBranch): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): + (JSC::DFG::SpeculativeJIT::emitBranch): + +2011-10-05 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r96733. + http://trac.webkit.org/changeset/96733 + https://bugs.webkit.org/show_bug.cgi?id=69454 + + Broke GCC for some reason (Requested by andersca on #webkit). + + * wtf/ListHashSet.h: + (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator): + (WTF::ListHashSetReverseIterator::get): + (WTF::ListHashSetReverseIterator::operator*): + (WTF::ListHashSetReverseIterator::operator->): + (WTF::ListHashSetReverseIterator::operator++): + (WTF::ListHashSetReverseIterator::operator--): + (WTF::ListHashSetReverseIterator::operator==): + (WTF::ListHashSetReverseIterator::operator!=): + (WTF::ListHashSetReverseIterator::operator const_reverse_iterator): + (WTF::ListHashSetReverseIterator::node): + (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator): + (WTF::ListHashSetConstReverseIterator::get): + (WTF::ListHashSetConstReverseIterator::operator*): + (WTF::ListHashSetConstReverseIterator::operator->): + (WTF::ListHashSetConstReverseIterator::operator++): + (WTF::ListHashSetConstReverseIterator::operator--): + (WTF::ListHashSetConstReverseIterator::operator==): + (WTF::ListHashSetConstReverseIterator::operator!=): + (WTF::ListHashSetConstReverseIterator::node): + (WTF::::rbegin): + (WTF::::rend): + (WTF::::makeReverseIterator): + (WTF::::makeConstReverseIterator): + +2011-10-04 Oliver Hunt <oliver@apple.com> + + Add rudimentary filtering to write barriers + https://bugs.webkit.org/show_bug.cgi?id=69392 + + Reviewed by Filip Pizlo. + + Add approximate filtering for write barriers based on the + target's mark bit. Also add some macros to support dumping + GC phase timings. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::markCellCard): + * heap/Heap.cpp: + (JSC::GCTimer::GCTimerScope::GCTimerScope): + (JSC::GCTimer::GCTimerScope::~GCTimerScope): + (JSC::Heap::markRoots): + (JSC::Heap::collect): + Add phase timing information. + * heap/MarkedBlock.h: + (JSC::MarkedBlock::offsetOfMarks): + (JSC::MarkedBlock::gatherDirtyCells): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emitWriteBarrier): + +2011-10-05 Anders Carlsson <andersca@apple.com> + + Use std::reverse_iterator for ListHashSet reverse iterators + https://bugs.webkit.org/show_bug.cgi?id=69446 + + Reviewed by Darin Adler. + + * wtf/ListHashSet.h: + Use the std::reverse_iterator iterator adaptor for the ListHashSet reverse iterators + and get rid of the ListHashSetReverseIterator and ListHashSetConstReverseIterator classes. + +2011-10-04 Gavin Barraclough <barraclough@apple.com> + + Make Object.prototype getter/setter methods match ES5 behaviour + https://bugs.webkit.org/show_bug.cgi?id=69393 + + Reviewed by Sam Weinig. + + The rest of Object.prototype no longer substitute Null/Undefined with the global object, + this is old ES3 behaviour. Remove it here too. + + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncDefineGetter): + (JSC::objectProtoFuncDefineSetter): + (JSC::objectProtoFuncLookupGetter): + (JSC::objectProtoFuncLookupSetter): + +2011-10-05 Patrick Gansterer <paroga@webkit.org> + + Get rid of posixThread in MachineStackMarker::Thread + https://bugs.webkit.org/show_bug.cgi?id=54836 + + Reviewed by Oliver Hunt. + + * heap/MachineStackMarker.cpp: + (JSC::MachineThreads::Thread::Thread): + (JSC::getCurrentPlatformThread): + (JSC::equalThread): + (JSC::MachineThreads::addCurrentThread): + (JSC::MachineThreads::removeCurrentThread): + (JSC::MachineThreads::gatherConservativeRoots): + +2011-10-04 Geoffrey Garen <ggaren@apple.com> + + Removed JSValue::toJSNumber + https://bugs.webkit.org/show_bug.cgi?id=69399 + + No perf. change. + + toJSNumber() used to provide an implicit fast path for immediate numbers, + but those fast paths are all explicit now, so it's just cruft. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSValue.h: + * runtime/JSValueInlineMethods.h: + +2011-10-05 Gavin Peters <gavinp@chromium.org> + + REGRESSION (r96595): WTFReportBacktrace listed as the top frame in all assertion backtraces + https://bugs.webkit.org/show_bug.cgi?id=69424 + + Skip an extra frame in WTFReportBacktrace. As well, I now don't count skipped frames in maxFrames, + so I've updated maxFrames to 31, as with one skipped frame the previous value was effectively + 31 reported frames. + + Reviewed by Adam Roben. + + * wtf/Assertions.cpp: + * wtf/Assertions.h: + +2011-10-05 Patrick Gansterer <paroga@webkit.org> + + Unreviewed WinCE build fix for r96595. + + * wtf/Assertions.cpp: + RtlCaptureStackBackTrace() isn't available on WinCE. + +2011-10-04 Kent Tamura <tkent@chromium.org> + + Introduce feature flags for incomplete input types + https://bugs.webkit.org/show_bug.cgi?id=68971 + + Reviewed by Hajime Morita. + + * Configurations/FeatureDefines.xcconfig: + Add ENABLE_INPUT_TYPE_* flags. They are enabled only for iOS. + +2011-10-04 Geoffrey Garen <ggaren@apple.com> + + Build fix. + + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): Use an explicit cast when shortening. + +2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com> + + Add static ClassInfo structs to classes that override JSCell::getCallData + https://bugs.webkit.org/show_bug.cgi?id=69311 + + Reviewed by Darin Adler. + + Added ClassInfo structs to each class that defined its own getCallData + function but did not already have its own ClassInfo struct. This is a + necessary addition for when we switch over to looking up getCallData from + the MethodTable in ClassInfo rather than doing the virtual call (which we + are removing). These new ClassInfo structs are public because we often + use these structs in other areas of the code to uniquely identify JSC classes and + to enforce runtime invariants based on those class identities using ASSERTs. + Also added new createStructure methods to those classes that didn't have + them so that the new ClassInfo structs would be used when creating the Structures + in these classes. + + * runtime/BooleanConstructor.cpp: + * runtime/BooleanConstructor.h: + (JSC::BooleanConstructor::createStructure): + + getCallData was not marked as static in StrictModeTypeErrorFunction. + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): + (JSC::StrictModeTypeErrorFunction::getCallData): + (JSC::StrictModeTypeErrorFunction::createStructure): + * runtime/ErrorConstructor.cpp: + * runtime/ErrorConstructor.h: + (JSC::ErrorConstructor::createStructure): + * runtime/FunctionConstructor.cpp: + * runtime/FunctionConstructor.h: + (JSC::FunctionConstructor::createStructure): + * runtime/FunctionPrototype.cpp: + * runtime/FunctionPrototype.h: + +2011-10-03 Geoffrey Garen <ggaren@apple.com> + + Some JSValue cleanup + https://bugs.webkit.org/show_bug.cgi?id=69320 + + Reviewed by Darin Adler. + + No measurable performance change. + + Removed some JSValue::get* functions. get* used to be an optimization + when every value operation was a virtual function call: get* would combine + two virtual calls into one. Now, with non-virtual, inlined functions, get* + isn't faster, and may be slightly slower. + + Merged getBoolean(bool&) and getBoolean() into asBoolean(). + + Merged uncheckedGetNumber(), getJSNumber() and getNumber() into + asNumber(). + + * runtime/JSValue.h: + * runtime/JSValueInlineMethods.h: + (JSC::JSValue::asNumber): + (JSC::JSValue::asBoolean): As promised! + + * runtime/NumberPrototype.cpp: + (JSC::toThisNumber): + (JSC::numberProtoFuncToExponential): + (JSC::numberProtoFuncToFixed): + (JSC::numberProtoFuncToPrecision): + (JSC::numberProtoFuncToString): + (JSC::numberProtoFuncToLocaleString): + (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber() + by switching to toThisNumber(). + + * API/JSCallbackObjectFunctions.h: + (JSC::::toNumber): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::valueOfNumberConstant): + (JSC::DFG::Graph::valueOfBooleanConstant): + * dfg/DFGOperations.cpp: + (JSC::DFG::putByVal): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/DateInstance.h: + (JSC::DateInstance::internalNumber): + * runtime/FunctionPrototype.cpp: + (JSC::functionProtoFuncBind): + * runtime/JSArray.cpp: + (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber(). + getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber(). + + * runtime/JSCell.cpp: + * runtime/JSCell.h: Nixed getJSNumber(). + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncParseInt): + * runtime/JSONObject.cpp: + (JSC::gap): + (JSC::Stringifier::Stringifier): + (JSC::Stringifier::appendStringifiedValue): + * runtime/NumberObject.cpp: + * runtime/NumberObject.h: + (JSC::NumberObject::createStructure): + * runtime/Operations.h: + (JSC::JSValue::equalSlowCaseInline): + (JSC::JSValue::strictEqual): + (JSC::jsLess): + (JSC::jsLessEq): + (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber(). + getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber(). + +2011-10-04 Scott Graham <scottmg@chromium.org> + + Add GAMEPAD feature flag + https://bugs.webkit.org/show_bug.cgi?id=66859 + + Reviewed by Darin Fisher. + + * Configurations/FeatureDefines.xcconfig: + +2011-10-03 Filip Pizlo <fpizlo@apple.com> + + JITCodeGenerator should no longer have code that tries too hard + to be both speculative and non-speculative + https://bugs.webkit.org/show_bug.cgi?id=69321 + + Reviewed by Gavin Barraclough. + + Removed m_isSpeculative and speculationCheck() from JITCodeGenerator. + This required moving emitBranch() to SpeculativeJIT, since it was + the main user of that field and method. Other than trvial clean-ups + in emitBranch(), the code is unchanged (and still has some disparity + between 64 and 32_64, and still lacks some obvious optimizations). + + * dfg/DFGJITCodeGenerator.cpp: + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::JITCodeGenerator): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + * dfg/DFGJITCodeGenerator64.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitBranch): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::emitBranch): + +2011-10-04 David Hyatt <hyatt@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=69372 + + [CSS3 Regions] Make sure overflow:visible lets content spill out of regions. + + Add support for reverse iteration to ListHashSet to support being able to walk them + backwards easily. + + Reviewed by Anders Carlsson. + + * wtf/ListHashSet.h: + (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator): + (WTF::ListHashSetReverseIterator::get): + (WTF::ListHashSetReverseIterator::operator*): + (WTF::ListHashSetReverseIterator::operator->): + (WTF::ListHashSetReverseIterator::operator++): + (WTF::ListHashSetReverseIterator::operator--): + (WTF::ListHashSetReverseIterator::operator==): + (WTF::ListHashSetReverseIterator::operator!=): + (WTF::ListHashSetReverseIterator::operator const_reverse_iterator): + (WTF::ListHashSetReverseIterator::node): + (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator): + (WTF::ListHashSetConstReverseIterator::get): + (WTF::ListHashSetConstReverseIterator::operator*): + (WTF::ListHashSetConstReverseIterator::operator->): + (WTF::ListHashSetConstReverseIterator::operator++): + (WTF::ListHashSetConstReverseIterator::operator--): + (WTF::ListHashSetConstReverseIterator::operator==): + (WTF::ListHashSetConstReverseIterator::operator!=): + (WTF::ListHashSetConstReverseIterator::node): + (WTF::::rbegin): + (WTF::::rend): + (WTF::::makeReverseIterator): + (WTF::::makeConstReverseIterator): + (WTF::::makeConstIterator): + +2011-10-04 Gavin Peters <gavinp@chromium.org> + + fix gtk breakage caused by changeset 96595 + https://bugs.webkit.org/show_bug.cgi?id=69371 + + ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes + the pretty printer on gtk, which should fix the build on that platform. + + Reviewed by NOBODY, this is a build fix. + + * wtf/Assertions.cpp: + +2011-10-04 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r96630. + http://trac.webkit.org/changeset/96630 + https://bugs.webkit.org/show_bug.cgi?id=69368 + + Caused assertion failures in validateCell (Requested by + mhahnenberg on #webkit). + + * runtime/BooleanConstructor.cpp: + * runtime/BooleanConstructor.h: + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): + (JSC::StrictModeTypeErrorFunction::getCallData): + * runtime/ErrorConstructor.cpp: + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + * runtime/FunctionPrototype.h: + +2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com> + + Add static ClassInfo structs to classes that override JSCell::getCallData + https://bugs.webkit.org/show_bug.cgi?id=69311 + + Reviewed by Darin Adler. + + Added ClassInfo structs to each class that defined its own getCallData + function but did not already have its own ClassInfo struct. This is a + necessary addition for when we switch over to looking up getCallData from + the MethodTable in ClassInfo rather than doing the virtual call (which we + are removing). These new ClassInfo structs are public because we often + use these structs in other areas of the code to uniquely identify JSC classes and + to enforce runtime invariants based on those class identities using ASSERTs. + + * runtime/BooleanConstructor.cpp: + * runtime/BooleanConstructor.h: + + getCallData was not marked as static is StrictModeTypeErrorFunction. + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): + (JSC::StrictModeTypeErrorFunction::getCallData): + * runtime/ErrorConstructor.cpp: + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + * runtime/FunctionPrototype.h: + +2011-10-04 Ryosuke Niwa <rniwa@webkit.org> + + Leopard build fix after r96613. + + * wtf/Platform.h: + +2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com> + + Implicitly add toString and valueOf to prototype when convertToType callback is provided + https://bugs.webkit.org/show_bug.cgi?id=69156 + + Reviewed by Geoffrey Garen. + + Added callbacks for toString and valueOf which are implicitly added to a client object's + prototype if they provide a convertToType callback when declaring their class through + the JSC API. + + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::toStringCallback): + (JSC::JSCallbackFunction::valueOfCallback): + * API/JSCallbackFunction.h: + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): + * API/tests/testapi.js: + +2011-10-03 Jon Lee <jonlee@apple.com> + + Extend DOM WheelEvent to differentiate between physical and logical scroll directions + https://bugs.webkit.org/show_bug.cgi?id=68959 + <rdar://problem/10036688> + + Reviewed by Sam Weinig. + + * wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later. + +2011-10-04 Csaba Osztrogonác <ossy@webkit.org> + + MinGW warning fix after r96286. + + Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h: + #define __stdcall __attribute__((stdcall)) + #define STDCALL __stdcall + + Reviewed by Tor Arne Vestbø. + + * assembler/MacroAssemblerCodeRef.h: + +2011-10-04 Gavin Peters <gavinp@chromium.org> + + add more stack dumping methods + https://bugs.webkit.org/show_bug.cgi?id=69018 + + In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets + WebKit programmatically retrieve the current stack. This is useful if you need to add more + reporting to field crash report uploads, if you're tracking down an irreproducable bug, + for instance. + + Reviewed by Darin Adler. + + * wtf/Assertions.cpp: + * wtf/Assertions.h: + +2011-10-03 Filip Pizlo <fpizlo@apple.com> + + DFG should inline Array.push and Array.pop + https://bugs.webkit.org/show_bug.cgi?id=69314 + + Reviewed by Geoff Garen. + + Fix 32-bit. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-03 Filip Pizlo <fpizlo@apple.com> + + DFG should inline Array.push and Array.pop + https://bugs.webkit.org/show_bug.cgi?id=69314 + + Reviewed by Oliver Hunt. + + 1% speed-up in V8 due to 6% speed-up in V8-deltablue. + + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::storePtr): + * create_hash_table: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleIntrinsic): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGIntrinsic.h: + * dfg/DFGNode.h: + (JSC::DFG::Node::hasHeapPrediction): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::getByValLoadElimination): + (JSC::DFG::Propagator::getMethodLoadElimination): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-03 Filip Pizlo <fpizlo@apple.com> + + JSC ASSERT Opening the Web Inspector + https://bugs.webkit.org/show_bug.cgi?id=69293 + + Reviewed by Oliver Hunt. + + If a polymorphic access structure list has a duplicated structure, then + don't crash. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + +2011-10-03 Gavin Barraclough <barraclough@apple.com> + + On X86, switch bucketCount into a register, timeoutCheck into memory + https://bugs.webkit.org/show_bug.cgi?id=69299 + + Reviewed by Geoff Garen. + + We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi; + it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!), + but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub + function too frequently (regressing performance). This patch has no perf impact on sunspider. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::branchAdd32): + (JSC::MacroAssemblerX86::branchSub32): + - Added branchSub32 with AbsoluteAddress. + * jit/JIT.cpp: + (JSC::JIT::emitTimeoutCheck): + - Keep timeout count in memory on X86. + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + - remove X86 specific code, switch bucket count back into a register. + * jit/JITStubs.cpp: + - Stop initializing esi (it is no longer the timeoutCheck!) + * jit/JSInterfaceJIT.h: + - change definition of esi to be the bucketCountRegister. + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + - Add timeoutCount as a property to global data (the counter should be per-thread). + +2011-10-03 Filip Pizlo <fpizlo@apple.com> + + DFG backends don't have access to per-node predictions from the propagator + https://bugs.webkit.org/show_bug.cgi?id=69291 + + Reviewed by Oliver Hunt. + + Nodes now have two notion of predictions: the heap prediction, which is + what came directly from value profiling, and the propagator's predictions, + which arise out of abstract interpretation. Every node has a propagator + prediction, but not every node has a heap prediction; and there is no + guarantee that a node that has both will keep them consistent as the + propagator may have additional information available to it. + + This is performance neutral. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::getPrediction): + * dfg/DFGNode.h: + (JSC::DFG::Node::Node): + (JSC::DFG::Node::hasHeapPrediction): + (JSC::DFG::Node::getHeapPrediction): + (JSC::DFG::Node::predictHeap): + (JSC::DFG::Node::prediction): + (JSC::DFG::Node::predict): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::Propagator): + (JSC::DFG::Propagator::setPrediction): + (JSC::DFG::Propagator::mergePrediction): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::isPredictedNumerical): + (JSC::DFG::Propagator::logicalNotIsPure): + (JSC::DFG::Propagator::setReplacement): + +2011-10-03 Jer Noble <jer.noble@apple.com> + + Unreviewed, rolling out r96526. + http://trac.webkit.org/changeset/96526 + https://bugs.webkit.org/show_bug.cgi?id=68587 + + WEB_AUDIO has numerous 64->32 bit casting warnings, causing + build breakages where -Wall is enabled. + + * Configurations/FeatureDefines.xcconfig: + * wtf/Platform.h: + +2011-10-03 Gavin Barraclough <barraclough@apple.com> + + Unreviewed build fix for DFG JIT 32_64. + + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-10-02 Filip Pizlo <fpizlo@apple.com> + + DFG should speculate more aggressively on obvious cases on + polymorphic get_by_id + https://bugs.webkit.org/show_bug.cgi?id=69235 + + Reviewed by Oliver Hunt. + + This implements trivial polymorphic get_by_id. It also fixes + problems in the CSE for CheckStructure in the put_by_id + transition case. + + Doing this required knowing whether a polymorphic get_by_id stub + was doing a direct access rather than a call of some kind. + + Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the + scaled mean of all benchmarks. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/Instruction.h: + (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): + (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::cellConstant): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::addStructureSet): + (JSC::DFG::Graph::addStructureTransitionData): + * dfg/DFGNode.h: + (JSC::DFG::StructureTransitionData::StructureTransitionData): + (JSC::DFG::Node::hasStructureTransitionData): + (JSC::DFG::Node::structureTransitionData): + (JSC::DFG::Node::hasStructureSet): + (JSC::DFG::Node::structureSet): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryBuildGetByIDList): + (JSC::DFG::tryBuildGetByIDProtoList): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGStructureSet.h: Added. + (JSC::DFG::StructureSet::StructureSet): + (JSC::DFG::StructureSet::add): + (JSC::DFG::StructureSet::addAll): + (JSC::DFG::StructureSet::remove): + (JSC::DFG::StructureSet::contains): + (JSC::DFG::StructureSet::isSubsetOf): + (JSC::DFG::StructureSet::isSupersetOf): + (JSC::DFG::StructureSet::size): + (JSC::DFG::StructureSet::at): + (JSC::DFG::StructureSet::operator[]): + (JSC::DFG::StructureSet::last): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC::getPolymorphicAccessStructureListSlot): + +2011-10-03 Jer Noble <jer.noble@apple.com> + + Enable WEB_AUDIO by default in the WebKit/mac port. + https://bugs.webkit.org/show_bug.cgi?id=68587 + + Reviewed by Simon Fraser. + + * Configurations/FeatureDefines.xcconfig: + * wtf/Platform.h: + +2011-10-03 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Fix make distcheck build + https://bugs.webkit.org/show_bug.cgi?id=69243 + + Reviewed by Martin Robinson. + + * GNUmakefile.list.am: + +2011-10-03 Pierre Rossi <pierre.rossi@gmail.com> + + [Qt] Build fix: Qt::escape is deprecated in Qt5 + https://bugs.webkit.org/show_bug.cgi?id=69162 + + Use QString::toHtmlEscaped in the Qt5 case. + + Reviewed by Andreas Kling. + + * JavaScriptCore.pri: + * wtf/qt/UtilsQt.h: Added. + (escapeHtml): + * wtf/wtf.pri: + +2011-10-03 Balazs Kelemen <kbalazs@webkit.org> + + libdispatch based ParallelJobs is not enough parallel + https://bugs.webkit.org/show_bug.cgi?id=66378 + + Reviewed by Zoltan Herczeg. + + Use the appropriate libdispatch API for our use case. + Throw away the hard coded limit of parallel threads + and use dispatch_apply with the default priority normal + queue istead of using our own custom serial queue (which + was a misuse of the API). Enabling PARALLEL_JOBS is now + a 60% win (2.63x as fast) on the methanol benchmark + (https://gitorious.org/methanol) with an SVG centric test set + while the old implementation was almost identical (less than 5% win). + + * wtf/ParallelJobsLibdispatch.h: + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::execute): + +2011-10-02 Zoltan Herczeg <zherczeg@webkit.org> + + [Qt]REGRESSION(r95912): It made sputnik tests flakey + https://bugs.webkit.org/show_bug.cgi?id=68990 + + Reviewed by Geoffrey Garen. + + Changing signed char to int in r96354 solved the + problem. However transitionCount still returns + with a signed char and should be changed to int. + + * runtime/Structure.h: + (JSC::Structure::transitionCount): + +2011-10-02 Filip Pizlo <fpizlo@apple.com> + + DFG misses some obvious opportunities for common subexpression elimination + https://bugs.webkit.org/show_bug.cgi?id=69233 + + Reviewed by Oliver Hunt. + + 0.7% speed-up on SunSpider. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::getByValLoadElimination): + (JSC::DFG::Propagator::getMethodLoadElimination): + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::getPropertyStorageLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + +2011-10-02 Gavin Barraclough <barraclough@apple.com> + + Bug 67455 - Different regular expression result + + Reviewed by Darin Adler. + + Fix a regression introduced in r72140. A return was added to the backtracking loop for + backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration. + This is incorrect. The additional return should only trigger to force an early return if + an error has occured. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::matchParentheses): + - Simplify some nested if else logic. + (JSC::Yarr::Interpreter::backtrackParentheses): + - Simplify some nested if else logic. + - Only return early from backtrackParentheses on success/error, not on failure. + +2011-10-01 Geoffrey Garen <ggaren@apple.com> + + Removed redundant helper functions for allocating Strong handles + https://bugs.webkit.org/show_bug.cgi?id=69218 + + Reviewed by Sam Weinig. + + * heap/Heap.h: + (JSC::Heap::handleHeap): + * runtime/JSGlobalData.h: Removed these helper functions, since they + just created indirection. + + * heap/StrongInlines.h: Added. Broke out a header for inline functions + to resolve circular dependencies created by inlining. I'm told this is + the future for JavaScriptCore. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build. + + * API/JSCallbackObjectFunctions.h: + (JSC::::init): + * runtime/WeakGCMap.h: + (JSC::WeakGCMap::add): + (JSC::WeakGCMap::set): + * runtime/StructureTransitionTable.h: + (JSC::StructureTransitionTable::setSingleTransition): + * heap/Local.h: + (JSC::::Local): + * heap/Strong.h: + (JSC::::Strong): + (JSC::::set): + * heap/Weak.h: + (JSC::Weak::Weak): + (JSC::Weak::set): Allocate handles directly instead of going through a + chain of forwarding functions. + + * bytecompiler/BytecodeGenerator.cpp: + * runtime/JSGlobalData.cpp: + * runtime/LiteralParser.cpp: + * runtime/RegExpCache.cpp: Updated for header changes. + +2011-09-30 Filip Pizlo <fpizlo@apple.com> + + All of JSC's heuristics should be in one place for easier tuning + https://bugs.webkit.org/show_bug.cgi?id=69201 + + Reviewed by Oliver Hunt. + + This makes it possible to change tiered compilation heuristics in + one place (Heuristics.cpp) without recompiling the whole project. + + It also makes it possible to enable setting heuristics using + environment variables. This is off by default. When turned on, it + makes tuning the system much easier. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::shouldOptimizeNow): + * bytecode/CodeBlock.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + * runtime/Heuristics.cpp: Added. + (JSC::Heuristics::parse): + (JSC::Heuristics::setHeuristic): + (JSC::Heuristics::initializeHeuristics): + * runtime/Heuristics.h: Added. + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + +2011-10-01 Oliver Hunt <oliver@apple.com> + + Support string length in the DFG + https://bugs.webkit.org/show_bug.cgi?id=69215 + + Reviewed by Geoff Garen. + + Adds a GetStringLength node to the DFG so that we can support + string.length inline. + + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isKnownString): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSString.h: + (JSC::JSString::offsetOfLength): + +2011-10-01 Yuqiang Xian <yuqiang.xian@intel.com> + + JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=69205 + + Reviewed by Gavin Barraclough. + + If there are unboxed integers and cells in register file (e.g. by SetLocal), + they must be reboxed before exiting from the speculative DFG JIT execution. + This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new + ValueRecoveryTechnique (AlreadyInRegisterFileAsCell). + + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + (JSC::DFG::ValueRecovery::dump): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueSource::forPrediction): + (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell): + +2011-10-01 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r96421. + http://trac.webkit.org/changeset/96421 + https://bugs.webkit.org/show_bug.cgi?id=69206 + + It broke Qt-WK2 build (Requested by ossy on #webkit). + + * JavaScriptCore.pri: + * wtf/qt/UtilsQt.h: Removed. + * wtf/wtf.pri: + +2011-09-30 Daniel Bates <dbates@webkit.org> + + Attempt to fix the Apple Windows and WinCairo Debug builds after + <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203). + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol + ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the + corresponding function, JSValue::toStrictThisObject(), was removed. + +2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG operation results are not set correctly in JSVALUE32_64 DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=69126 + + Reviewed by Gavin Barraclough. + + The setupResults routine has the bug of reversing the source and destination. + Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::setupTwoStubArgs): + (JSC::DFG::setupResults): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + +2011-09-30 Gavin Barraclough <barraclough@apple.com> + + Remove toStrictThisObject, toThisString, toThisJSString + https://bugs.webkit.org/show_bug.cgi?id=69203 + + Rubber stamped by Sam Weinig + + These are no longer used. + + * JavaScriptCore.exp: + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSObject.cpp: + * runtime/JSObject.h: + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: + * runtime/JSValue.h: + * runtime/StrictEvalActivation.cpp: + * runtime/StrictEvalActivation.h: + +2011-09-30 Filip Pizlo <fpizlo@apple.com> + + DFG does not speculate aggressively enough on put_by_id + https://bugs.webkit.org/show_bug.cgi?id=69114 + + Reviewed by Oliver Hunt. + + This adds new nodes along with optimizations for those nodes: + + GetPropertyStorage: CheckStructure used to do both the structure + check and retrieve the storage pointer. Now CheckStructure just + checks the structure, and GetPropertyStorage retrieves the + storage pointer. + + PutStructure: Changes the structure, and has the expected store + to load optimization with CheckStructure. + + PutByOffset: Directly sets the value. Has store to load + optimization with GetByOffset. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::cellConstant): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::writeBarrier): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGNode.h: + (JSC::DFG::Node::hasStructure): + (JSC::DFG::Node::hasStorageAccessData): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::impureCSE): + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::getPropertyStorageLoadElimination): + (JSC::DFG::Propagator::eliminate): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-30 Gavin Barraclough <barraclough@apple.com> + + StringRecursionChecker should not work in terms of EncodedJSValue + https://bugs.webkit.org/show_bug.cgi?id=69188 + + Reviewed by Oliver Hunt. + + 0 is not the empty value on 32_64. + Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + (JSC::arrayProtoFuncToLocaleString): + (JSC::arrayProtoFuncJoin): + * runtime/ErrorPrototype.cpp: + (JSC::errorProtoFuncToString): + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncToString): + * runtime/StringRecursionChecker.cpp: + (JSC::StringRecursionChecker::throwStackOverflowError): + (JSC::StringRecursionChecker::emptyString): + * runtime/StringRecursionChecker.h: + (JSC::StringRecursionChecker::performCheck): + (JSC::StringRecursionChecker::earlyReturnValue): + +2011-09-30 Gavin Barraclough <barraclough@apple.com> + + DFG JIT, Branch on integer can always be a 32-bit compare. + https://bugs.webkit.org/show_bug.cgi?id=69174 + + Reviewed by Sam Weinig. + + if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())), + the JSVALUE64 JIT will currently compare all 64bits in the register, but in + these cases the DataFormat is always a JS boxed integer. In these cases we + can just compare the low 32bits anyway - no need to check the tag. + This allows the code to be unified with the JSVALUE32_64 JIT. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-30 Oliver Hunt <oliver@apple.com> + + Need a sensible GGC policy + + Reviewed by Geoff Garen. + + This replaces the existing random collection policy + with a deterministic policy based on nursery size. + + * heap/AllocationSpace.cpp: + (JSC::AllocationSpace::allocateSlowCase): + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::markRoots): + (JSC::Heap::collect): + * heap/Heap.h: + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::resetAllocator): + * heap/MarkedSpace.h: + (JSC::MarkedSpace::nurseryWaterMark): + (JSC::MarkedSpace::allocate): + +2011-09-30 Filip Pizlo <fpizlo@apple.com> + + DFG 32-bit support for op_call and op_construct causes + run-javascriptcore-tests to fail + https://bugs.webkit.org/show_bug.cgi?id=69171 + + Reviewed by Gavin Barraclough. + + This fixes one obvious bug that was causing test failures (no + support for dummy slow case for op_add in 32_64), and disables + op_call and op_construct by default. + + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_add): + (JSC::JIT::emitSlow_op_add): + +2011-09-30 Geoffrey Garen <ggaren@apple.com> + + Crash due to out of bounds read/write in MarkedSpace + https://bugs.webkit.org/show_bug.cgi?id=69148 + + This was a case of being surprised by a poorly aritulcated cell size limit, + plus an incorrect ASSERT guarding the cell size limit. + + Reviewed by Oliver Hunt. + + * heap/MarkedSpace.h: + (JSC::MarkedSpace::sizeClassFor): Changed heap size ranges to be inclusive, + since it makes the ranges easier to understand. + + Bumped up the max cell size to support the use case in this bug. Since the + atomSize is much bigger than it used to be, there isn't much accounting + cost to handling more size classes. + + Switched to FixedArray, to help catch SizeClass indexing bugs in the future. + + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::resetAllocator): + (JSC::MarkedSpace::canonicalizeCellLivenessData): Updated for size ranges + being inclusive. + +2011-09-30 Pierre Rossi <pierre.rossi@gmail.com> + + [Qt] Build fix: Qt::escape is deprecated in Qt5 + https://bugs.webkit.org/show_bug.cgi?id=69162 + + Use QString::toHtmlEscaped in the Qt5 case. + + Reviewed by Andreas Kling. + + * JavaScriptCore.pri: + * wtf/qt/UtilsQt.h: Added. + (escapeHtml): + * wtf/wtf.pri: + +2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com> + + Fix bug in getHostCallReturnValue of DFG JIT on X86 + https://bugs.webkit.org/show_bug.cgi?id=69133 + + Reviewed by Gavin Barraclough. + + We need to insert the additional argument in the stack slot before + return address instead of simply pushing it afterwards. + Also getHostCallReturnValue* should be attributed as stdcall + to make the stack cleaned up by the callee. + + * dfg/DFGOperations.cpp: + +2011-09-30 Pierre Rossi <pierre.rossi@gmail.com> + + [Qt] wtf header files are unknown to Qt Creator + https://bugs.webkit.org/show_bug.cgi?id=69158 + + Adding the HEADERS variable in wtf.pri so that + the header files can be accessed easily. + + Reviewed by Andreas Kling. + + * wtf/wtf.pri: + +2011-09-30 Gavin Barraclough <barraclough@apple.com> + + Merge some more of DFGSpeculativeJIT 32_64/64 + https://bugs.webkit.org/show_bug.cgi?id=69164 + + Reviewed by Oliver Hunt. + + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGJITCodeGenerator32_64.cpp: + * dfg/DFGJITCodeGenerator64.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileValueAdd): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compileValueAdd): + (JSC::DFG::SpeculativeJIT::compileLogicalNot): + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-30 Mark Hahnenberg <mhahnenberg@apple.com> + + Add getCallData to MethodTable in ClassInfo + https://bugs.webkit.org/show_bug.cgi?id=69024 + + Reviewed by Sam Weinig. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + + Added the getCallData to the MethodTable in the ClassInfo struct. + * runtime/ClassInfo.h: + +2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> + + Add op_call/op_constructor support to JSVALUE32_64 DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=69120 + + Reviewed by Gavin Barraclough. + + Improve the coverage of JSVALUE32_64 DFG JIT. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::tagOfCallData): + (JSC::DFG::payloadOfCallData): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + +2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG JIT - register not unlocked after usage in ArithDiv + https://bugs.webkit.org/show_bug.cgi?id=69122 + + Reviewed by Geoffrey Garen. + + Some allocated register is not unlocked after the usage in ArithDiv. + Also there's a typo in "ENBALE_DFG_CONSISTENTCY_CHECK". + + * dfg/DFGNode.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSCell::toObject + https://bugs.webkit.org/show_bug.cgi?id=68937 + + Reviewed by Darin Adler. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + + De-virtualized JSCell::toObject and changed its implementation to manually check the + cases for JSString and JSObject rather than leaving it up to the virtual method call. + * runtime/JSCell.cpp: + (JSC::JSCell::toObject): + * runtime/JSCell.h: + + Removed JSNotAnObject::toObject because the case for JSObject works for it. + Also removed JSObject::toObject because it was essentially the identity function, + which is not necessary since toObject is no longer virtual. + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + * runtime/JSObject.h: + + De-virtualized JSObject::toObject and JSString::toObject. + * runtime/JSString.h: + +2011-09-29 Gavin Barraclough <barraclough@apple.com> + + Start refactoring DFGSpeculativeJIT + https://bugs.webkit.org/show_bug.cgi?id=69112 + + Reviewed by Oliver Hunt. + + Again, move JSVALUE64 code into a DFJSpeculativeJIT64.cpp + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + (JSC::DFG::ValueRecovery::dump): + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::OSRExit::dump): + (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compare): + * dfg/DFGSpeculativeJIT64.cpp: Copied from Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp. + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-29 Gavin Barraclough <barraclough@apple.com> + + Refactor out trivially duplicated code in DFGJITCodeGenerator. + https://bugs.webkit.org/show_bug.cgi?id=69109 + + Reviewed by Oliver Hunt. + + Some code is trivially redundant between DFGJITCodeGenerator.cpp & DFGJITCodeGenerator32_64.cpp + + Basically move a JSVALUE64 specific code into a new DFGJITCodeGenerator64.cpp, leave common code + in DFGJITCodeGenerator.cpp, and remove copies from DFGJITCodeGenerator32_64.cpp. + + For some function differences are trivial & make more sense to ifdef individually, and some + Operand methods make more sense left in DFGJITCodeGenerator.cpp alongside similar constructors. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isKnownNotNumber): + (JSC::DFG::JITCodeGenerator::isKnownBoolean): + (JSC::DFG::JITCodeGenerator::writeBarrier): + (JSC::DFG::JITCodeGenerator::dump): + (JSC::DFG::JITCodeGenerator::checkConsistency): + (JSC::DFG::GPRTemporary::GPRTemporary): + (JSC::DFG::FPRTemporary::FPRTemporary): + * dfg/DFGJITCodeGenerator32_64.cpp: + * dfg/DFGJITCodeGenerator64.cpp: Copied from Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp. + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::branchIfNotCell): + * dfg/DFGJITCompilerInlineMethods.h: + +2011-09-28 Filip Pizlo <fpizlo@apple.com> + + DFG JIT should infer which uses of a variable are not aliased + https://bugs.webkit.org/show_bug.cgi?id=68593 + + Reviewed by Oliver Hunt. + + This separates how a variable is stored (i.e. its virtual register) + from how it's predicted. Each variable now takes a + VariableAccessData as its operand, instead of the virtual register. + The VariableAccessData stores the operand and the prediction. If + multiple uses of a variable are aliased, their VariableAccessDatas + are unified. + + This also adds tracking of which argument values are used. It + correctly observes that an argument value is not used, if the + argument is assigned to inside the function before being used. + + This also adds tracking of which variables are live at the head of + a basic block, and separates that from a variable being live at the + tail. + + Finally, this communicates to both OSR entry and OSR exit code how + a variable is predicted at a particular point in the code, rather + than just communicating how it was predicted in the entire code + block (since with this patch there is no longer the notion of a + variable having just one prediction for a code block). + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/ActionablePrediction.h: Added. + (JSC::actionablePredictionFromPredictedType): + (JSC::valueObeysPrediction): + (JSC::actionablePredictionToString): + (JSC::ActionablePredictions::ActionablePredictions): + (JSC::ActionablePredictions::setArgument): + (JSC::ActionablePredictions::argument): + (JSC::ActionablePredictions::setVariable): + (JSC::ActionablePredictions::variable): + (JSC::ActionablePredictions::argumentUpperBound): + (JSC::ActionablePredictions::variableUpperBound): + (JSC::ActionablePredictions::pack): + (JSC::ActionablePredictions::packVector): + * bytecode/CodeBlock.h: + * bytecode/PredictionTracker.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::newVariableAccessData): + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::setLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::setArgument): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::nameOfVariableAccessData): + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGGraph.h: + (JSC::DFG::operandIsArgument): + (JSC::DFG::VariableRecord::setFirstTime): + (JSC::DFG::BasicBlock::BasicBlock): + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::getPrediction): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::noticeOSREntry): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasVariableAccessData): + (JSC::DFG::Node::hasLocal): + (JSC::DFG::Node::variableAccessData): + (JSC::DFG::Node::local): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * dfg/DFGOSREntry.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueSource::ValueSource): + (JSC::DFG::ValueSource::forPrediction): + (JSC::DFG::ValueSource::isSet): + (JSC::DFG::ValueSource::kind): + (JSC::DFG::ValueSource::nodeIndex): + (JSC::DFG::ValueSource::nodeIndexFromKind): + (JSC::DFG::ValueSource::kindFromNodeIndex): + (JSC::DFG::SpeculativeJIT::isKnownArray): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * wtf/PackedIntVector.h: Added. + (WTF::PackedIntVector::PackedIntVector): + (WTF::PackedIntVector::operator=): + (WTF::PackedIntVector::size): + (WTF::PackedIntVector::ensureSize): + (WTF::PackedIntVector::resize): + (WTF::PackedIntVector::clearAll): + (WTF::PackedIntVector::get): + (WTF::PackedIntVector::set): + (WTF::PackedIntVector::mask): + * wtf/Platform.h: + * wtf/UnionFind.h: Added. + (WTF::UnionFind::UnionFind): + (WTF::UnionFind::find): + (WTF::UnionFind::unify): + +2011-09-29 Oliver Hunt <oliver@apple.com> + + Build fix. + + * heap/AllocationSpace.h: + +2011-09-29 Oliver Hunt <oliver@apple.com> + + Add logic to collect dirty objects as roots + https://bugs.webkit.org/show_bug.cgi?id=69100 + + Reviewed by Geoff Garen. + + This gives us the ability to walk all the MarkedBlocks in an + AllocationSpace and collect the dirty objects, and then use + them as GC roots. + + I also rearranged the order of these instructions because it + makes them smaller on some platforms with some card sizes. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::markCellCard): + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::markCellCard): + * heap/AllocationSpace.cpp: + Tidy up the write barrier logic a bit. + (JSC::MarkedBlock::gatherDirtyObjects): + (JSC::TakeIfDirty::returnValue): + (JSC::TakeIfDirty::TakeIfDirty): + (JSC::TakeIfDirty::operator()): + (JSC::AllocationSpace::gatherDirtyObjects): + * heap/AllocationSpace.h: + * heap/CardSet.h: + (JSC::::isCardMarked): + (JSC::::clearCard): + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * heap/Heap.h: + (JSC::Heap::writeBarrier): + * heap/MarkStack.cpp: + (JSC::SlotVisitor::visitChildren): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::setDirtyObject): + (JSC::MarkedBlock::addressOfCardFor): + * heap/SlotVisitor.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emitWriteBarrier): + Tidy the write barrier a bit. + +2011-09-29 Gavin Barraclough <barraclough@apple.com> + + Unreviewed windows build fix. + + * assembler/MacroAssemblerCodeRef.h: + * dfg/DFGOperations.h: + +2011-09-29 Filip Pizlo <fpizlo@apple.com> + + Structure transitions involving many (> 64) properties sometimes cause structure corruption + https://bugs.webkit.org/show_bug.cgi?id=69102 + + Reviewed by Darin Adler. + + Made m_offset an int instead of a signed char. Changed the code to ensure that transitions + don't lead to the dictionary kind being forgotten. + + * runtime/Structure.cpp: + (JSC::Structure::Structure): + * runtime/Structure.h: + +2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> + + DFG operation calls should be stdcall in Linux JSVALUE32_64 DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=69058 + + Reviewed by Gavin Barraclough. + + Also Fixed the stdcall FunctionPtr constructors to make them compiled correctly on Linux + + * assembler/MacroAssemblerCodeRef.h: + (JSC::FunctionPtr::FunctionPtr): + +2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods + https://bugs.webkit.org/show_bug.cgi?id=68839 + + Reviewed by Geoffrey Garen. + + Removed the remaining visitChildrenVirtual methods. This patch completes the process of + de-virtualizing visitChildren. + + * API/JSCallbackObject.h: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + * runtime/Arguments.h: + * runtime/Executable.cpp: + * runtime/Executable.h: + * runtime/GetterSetter.cpp: + * runtime/GetterSetter.h: + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + * runtime/JSArray.h: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + * runtime/JSPropertyNameIterator.cpp: + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: + * runtime/JSValue.h: + * runtime/NativeErrorConstructor.cpp: + * runtime/NativeErrorConstructor.h: + * runtime/RegExpObject.cpp: + * runtime/RegExpObject.h: + * runtime/Structure.cpp: + * runtime/Structure.h: + * runtime/StructureChain.cpp: + * runtime/StructureChain.h: + + Inlined the method table access and call to the visitChildren function (the only call sites + to visitChildren are here). + * heap/MarkStack.cpp: + (JSC::SlotVisitor::visitChildren): + + Changed the field name for the visitChildren function pointer to visitChildren (from + visitChildrenFunctionPtr) to make call sites less verbose. + * runtime/ClassInfo.h: + + Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but + overrides visitChildren, so it needs to have its own ClassInfo. + * runtime/JSBoundFunction.cpp: + * runtime/JSBoundFunction.h: + + Had to move className up to make sure that the virtual destructor in JSObject wasn't + the first non-inline virtual method in JSObject (as per the comment in the file). + Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able + to mitigate the cost of an extra method call. + + Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make + call sites more concise. Implementation is inline in JSObject.h. + * runtime/JSObject.h: + (JSC::JSCell::methodTable): + * runtime/JSCell.h: + + Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to + appease the vtable gods. It refused to compile if there were no virtual methods in + both of these classes due to the presence of a weak vtable pointer. + * runtime/JSWrapperObject.cpp: + (JSC::JSWrapperObject::~JSWrapperObject): + * runtime/JSWrapperObject.h: + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::~ScopeChainNode): + * runtime/ScopeChain.h: + +2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> + + Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=69075 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> + + JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor + https://bugs.webkit.org/show_bug.cgi?id=69054 + + Reviewed by Gavin Barraclough. + + size_t is equal to uint32_t on most 32-bit platforms, except for Mac OS. + + * dfg/DFGNode.h: + +2011-09-28 Filip Pizlo <fpizlo@apple.com> + + DFG checkArgumentTypes fails to check boolean predictions + https://bugs.webkit.org/show_bug.cgi?id=69059 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + +2011-09-28 Gavin Barraclough <barraclough@apple.com> + + Build fix pt 2 for r96286. + + * assembler/MacroAssemblerCodeRef.h: + +2011-09-28 Ryosuke Niwa <rniwa@webkit.org> + + Build fix attempt for r96286. + + * assembler/MacroAssemblerCodeRef.h: + +2011-09-28 Gavin Barraclough <barraclough@apple.com> + + DFG JIT Operations on 32_64 should use stdcall calling convention. + https://bugs.webkit.org/show_bug.cgi?id=69046 + + Reviewed by Sam Weinig. + + All calls out are expecting stdcall conventions, but the default on OS X are cdecl. + Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link + directly to std library functions like fmod - leave these calls obeying the default + platform calling convention. + + * assembler/MacroAssemblerCodeRef.h: + (JSC::FunctionPtr::FunctionPtr): + - Add implicit constructors for std calls. + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + - Make this work non-Mac platforms. + * dfg/DFGOperations.cpp: + (JSC::DFG::operationPutByValInternal): + * dfg/DFGOperations.h: + - Mark all operations as stdcalls. + +2011-09-28 Filip Pizlo <fpizlo@apple.com> + + DFG JIT falls back on numerical comparisons when it does not + recognize a prediction + https://bugs.webkit.org/show_bug.cgi?id=68977 + + Reviewed by Geoffrey Garen. + + This fixes both the way comparison implementations are selected. It + also fixes a bug where comparisons other than equality (like < or >) + on objects are compiled as if the comparison was equality. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compare): + +2011-09-28 Gavin Barraclough <barraclough@apple.com> + + Implement callOperation(D_DFGOperation_DD) for DFG JIT 32_64 + https://bugs.webkit.org/show_bug.cgi?id=69026 + + Reviewed by Sam Weinig. + + * assembler/X86Assembler.h: + (JSC::X86Assembler::fstpl): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + +2011-09-28 Gavin Barraclough <barraclough@apple.com> + + Merge bug#68580, bug#68932 for DFG JIT with JSVALUE32_64 + https://bugs.webkit.org/show_bug.cgi?id=69017 + + Reviewed by Oliver Hunt. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-28 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64679 + Fix bugs in Array.prototype this handling. + + Reviewed by Oliver Hunt. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncJoin): + (JSC::arrayProtoFuncConcat): + (JSC::arrayProtoFuncPop): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + (JSC::arrayProtoFuncIndexOf): + (JSC::arrayProtoFuncLastIndexOf): + - These methods should throw if this value is undefined. + +2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com> + + Value profiling in baseline JIT for JSVALUE32_64 + https://bugs.webkit.org/show_bug.cgi?id=68750 + + Reviewed by Geoff Garen. + + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_mul): + (JSC::JIT::emit_op_div): + * jit/JITCall32_64.cpp: + (JSC::JIT::emit_op_call_put_result): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_resolve): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emit_op_resolve_global): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_method_check): + (JSC::JIT::emit_op_get_by_val): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::emit_op_get_by_id): + (JSC::JIT::emitSlow_op_get_by_id): + (JSC::JIT::emit_op_get_scoped_var): + (JSC::JIT::emit_op_get_global_var): + * jit/JITStubCall.h: + (JSC::JITStubCall::callWithValueProfiling): + +2011-09-28 Yuqiang Xian <yuqiang.xian@intel.com> + + Wrong integer checks in JSVALUE32_64 DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=68985 + + Reviewed by Geoffrey Garen. + + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + +2011-09-28 Adam Barth <abarth@webkit.org> + + Remove empty directories. + + * wtf/brew: Removed. + * wtf/unicode/brew: Removed. + +2011-09-27 Filip Pizlo <fpizlo@apple.com> + + DFG JIT cannot compile op_new_object, op_new_array, + op_new_array_buffer, or op_new_regexp + https://bugs.webkit.org/show_bug.cgi?id=68580 + + Reviewed by Oliver Hunt. + + This implements all four opcodes, but has op_new_regexp turns off + by default because it unveils some bad speculation logic when + compiling string-validate-input. + + With op_new_regexp turned off, this is a 5% win on Kraken and a + 0.7% speed-up on V8. Neutral on SunSpider. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::callOperation): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasConstantBuffer): + (JSC::DFG::Node::startConstant): + (JSC::DFG::Node::numConstants): + (JSC::DFG::Node::hasRegexpIndex): + (JSC::DFG::Node::regexpIndex): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isKnownArray): + +2011-09-27 Filip Pizlo <fpizlo@apple.com> + + DFG JIT should speculate more aggressively on reads of array.length + https://bugs.webkit.org/show_bug.cgi?id=68932 + + Reviewed by Oliver Hunt. + + This is a 2% speed-up on Kraken, neutral elsewhere. + + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-27 Gavin Barraclough <barraclough@apple.com> + + DFG JIT - merge changes between 95905 - 96175 + https://bugs.webkit.org/show_bug.cgi?id=68963 + + Reviewed by Sam Weinig. + + Merge missing changes from bug#68677, bug#68784, bug#68785. + + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::compileBody): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-27 Gavin Barraclough <barraclough@apple.com> + + Get JSVALUE32_64 DFG JIT building on OS X. + https://bugs.webkit.org/show_bug.cgi?id=68961 + + Reviewed by Geoff Garen. + + * Merge bug #68763 (DFG JIT should not eagerly initialize integer tags in the register file). + * Forward-declare functions in DFGOperations.cpp + * UNUSED_PARAM for unused arguments + * NO_RETURN for unimplemented function that ASSERT_NOT_REACHED + * Fix argument types handled by OpInfo constructor. + * Use SYMBOL_STRING instead of STRINGIZE for asm symbols. + * Add files to Xcode project. + +2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com> + + Bug fixes for GetById, PutById, and GetByOffset in JSVALUE32_64 DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=68755 + + Reviewed by Gavin Barraclough. + + We need to load/store and repatch both tag and payload of a property + for GetById/PutById. Also reorder the loads of tag and payload for + GetByOffset as the result tag GPR could reuse the storage GPR. + + * bytecode/StructureStubInfo.h: + * dfg/DFGJITCodeGenerator32_64.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addPropertyAccess): + (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): + * dfg/DFGJITCompiler32_64.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgRepatchByIdSelfAccess): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-24 Gavin Barraclough <barraclough@apple.com> + + Macro assembler branch8 & 16 methods vary in treatment of upper bits + https://bugs.webkit.org/show_bug.cgi?id=68301 + + Reviewed by Sam Weinig. + + Fix for branch16 - remove it! + No performance impact. + + * assembler/MacroAssembler.h: + * assembler/MacroAssemblerARM.h: + * assembler/MacroAssemblerARMv7.h: + * assembler/MacroAssemblerMIPS.h: + * assembler/MacroAssemblerSH4.h: + * assembler/MacroAssemblerX86Common.h: + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals): + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): + (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): + +2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com> + + Add static version of JSCell::getCallData + https://bugs.webkit.org/show_bug.cgi?id=68741 + + Reviewed by Darin Adler. + + In this patch we just extract the bodies of the virtual getCallData methods + throughout the JSCell inheritance hierarchy out into static methods, which are + now called from the virtual methods. This is an intermediate step in trying to + move the virtual-ness of getCallData into our own method table stored in + ClassInfo. We need to convert the methods to static methods because static methods + can be represented as function pointers rather than pointers to member functions, and + function pointers are smaller and faster to call than pointers to member functions. + + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::getCallDataVirtual): + (JSC::JSCallbackFunction::getCallData): + * API/JSCallbackFunction.h: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::getCallDataVirtual): + (JSC::::getCallData): + * API/JSObjectRef.cpp: + (JSObjectIsFunction): + (JSObjectCallAsFunction): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::getCallDataVirtual): + (JSC::ArrayConstructor::getCallData): + * runtime/ArrayConstructor.h: + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::getCallDataVirtual): + (JSC::BooleanConstructor::getCallData): + * runtime/BooleanConstructor.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::getCallDataVirtual): + (JSC::DateConstructor::getCallData): + * runtime/DateConstructor.h: + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): + (JSC::StrictModeTypeErrorFunction::getCallData): + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::getCallDataVirtual): + (JSC::ErrorConstructor::getCallData): + * runtime/ErrorConstructor.h: + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::getCallDataVirtual): + (JSC::FunctionConstructor::getCallData): + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::getCallDataVirtual): + (JSC::FunctionPrototype::getCallData): + * runtime/FunctionPrototype.h: + * runtime/InternalFunction.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getCallDataVirtual): + (JSC::JSCell::getCallData): + * runtime/JSCell.h: + (JSC::getCallData): + * runtime/JSFunction.cpp: + (JSC::JSFunction::getCallDataVirtual): + (JSC::JSFunction::getCallData): + * runtime/JSFunction.h: + * runtime/JSONObject.cpp: + (JSC::Stringifier::Stringifier): + (JSC::Stringifier::toJSON): + (JSC::Stringifier::appendStringifiedValue): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::getCallDataVirtual): + (JSC::NativeErrorConstructor::getCallData): + * runtime/NativeErrorConstructor.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getCallDataVirtual): + (JSC::NumberConstructor::getCallData): + * runtime/NumberConstructor.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::getCallDataVirtual): + (JSC::ObjectConstructor::getCallData): + * runtime/ObjectConstructor.h: + * runtime/Operations.cpp: + (JSC::jsTypeStringForValue): + (JSC::jsIsObjectType): + (JSC::jsIsFunctionType): + * runtime/PropertySlot.cpp: + (JSC::PropertySlot::functionGetter): + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::getCallDataVirtual): + (JSC::RegExpConstructor::getCallData): + * runtime/RegExpConstructor.h: + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::getCallDataVirtual): + (JSC::StringConstructor::getCallData): + * runtime/StringConstructor.h: + +2011-09-27 Tim Horton <timothy_horton@apple.com> + + Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption + https://bugs.webkit.org/show_bug.cgi?id=68816 + <rdar://problem/10186468> + + Reviewed by Simon Fraser. + + Add ByteArray::clear, which zeros the memory in the ByteArray. + + * wtf/ByteArray.h: + (WTF::ByteArray::clear): Added. + +2011-09-27 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r96131. + http://trac.webkit.org/changeset/96131 + https://bugs.webkit.org/show_bug.cgi?id=68927 + + It made 18+ tests crash on all platform (Requested by + Ossy_night on #webkit). + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::throwException): + * interpreter/Interpreter.h: + * jsc.cpp: + (GlobalObject::finishCreation): + * parser/Parser.h: + (JSC::Parser::parse): + * runtime/CommonIdentifiers.h: + * runtime/Error.cpp: + (JSC::addErrorInfo): + * runtime/Error.h: + +2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSCell::getPrimitiveNumber + https://bugs.webkit.org/show_bug.cgi?id=68851 + + Reviewed by Darin Adler. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + + Changed JSCell::getPrimitiveNumber to manually handle the dispatch for + JSCells (JSObject and JSString in this case). + * runtime/JSCell.cpp: + (JSC::JSCell::getPrimitiveNumber): + * runtime/JSCell.h: + + Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't + matter and it already implements defaultValue, so JSObject::getPrimitiveNumber + can cover the case for JSNotAnObject. + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + + De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber + and changed them to be const. Also made JSString::getPrimitiveNumber public + because it needs to be called from JSCell::getPrimitiveNumber and also since it's + no longer virtual, we want people who have a more specific pointer (JSString* + instead of JSCell*) to not have to pay the cost of a virtual method call. + * runtime/JSObject.cpp: + (JSC::JSObject::getPrimitiveNumber): + * runtime/JSObject.h: + * runtime/JSString.cpp: + (JSC::JSString::getPrimitiveNumber): + * runtime/JSString.h: + +2011-09-27 Juan Carlos Montemayor Elosua <j.mont@me.com> + + Implement Error.stack + https://bugs.webkit.org/show_bug.cgi?id=66994 + + Reviewed by Oliver Hunt. + + This patch utilizes topCallFrame to create a stack trace when + an error is thrown. Users will also be able to use the stack() + command in jsc to get arrays with stack trace information. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::getCallerLine): + (JSC::getSourceURLFromCallFrame): + (JSC::getStackFrameCodeType): + (JSC::Interpreter::getStackTrace): + (JSC::Interpreter::throwException): + * interpreter/Interpreter.h: + (JSC::StackFrame::toString): + * jsc.cpp: + (GlobalObject::finishCreation): + (functionJSCStack): + * parser/Parser.h: + (JSC::Parser::parse): + * runtime/CommonIdentifiers.h: + * runtime/Error.cpp: + (JSC::addErrorInfo): + * runtime/Error.h: + +2011-09-27 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Reorganize header files + https://bugs.webkit.org/show_bug.cgi?id=65616 + + Reviewed by Martin Robinson. + + Install header files under $libwebkitgtkincludedir/JavaScriptCore. + + * GNUmakefile.am: Use $libwebkitgtkincludedir. + * javascriptcoregtk.pc.in: Use webkitgtk-<api-version> as include dir. + +2011-09-26 Geoffrey Garen <ggaren@apple.com> + + REGRESSION (r95912): Conservative marking doesn't filter out pointers to + MarkedBlock metadata + https://bugs.webkit.org/show_bug.cgi?id=68860 + + Reviewed by Oliver Hunt. + + Bencher says no performance change, maybe a 7% speedup on kraken-imaging-darkroom. + + * heap/MarkedBlock.h: + (JSC::MarkedBlock::isAtomAligned): Renamed atomMask to atomAlignment mask + because the mask doesn't produce the actual atom number. + + (JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good + enough; we also need to test that a pointer is beyond the metadata section + of a MarkedBlock, to avoid treating random metadata as a JSCell. + +2011-09-26 Mark Hahnenberg <mhahnenberg@apple.com> + + Make JSCell::toBoolean non-virtual + https://bugs.webkit.org/show_bug.cgi?id=67727 + + Reviewed by Geoffrey Garen. + + JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where + before it was simply virtual and would crash if its implementation was called). + Its descendants in JSObject and JSString have also been made non-virtual. JSCell now + explicitly covers all cases of toBoolean, so having a virtual implementation of + JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + * runtime/JSObject.h: + * runtime/JSString.h: + (JSC::JSCell::toBoolean): + (JSC::JSValue::toBoolean): + +2011-09-26 Chris Marrin <cmarrin@apple.com> + + Enable requestAnimationFrame on Windows + https://bugs.webkit.org/show_bug.cgi?id=68397 + + Reviewed by Simon Fraser. + + Enabled REQUEST_ANIMATION_FRAME_TIMER for Windows + + * wtf/Platform.h: + +2011-09-26 Noel Gordon <noel.gordon@gmail.com> + + [Chromium] Remove DFGAliasTracker.h references from gyp project files + https://bugs.webkit.org/show_bug.cgi?id=68787 + + Reviewed by Geoffrey Garen. + + DFG/DFGAliasTracker.h was removed in r95389. Cleanup (remove) references + to that file from the gyp project files. + + * JavaScriptCore.gypi: + +2011-09-26 Zoltan Herczeg <zherczeg@webkit.org> + + [Qt]REGRESSION(r95865): It made 4 tests crash + https://bugs.webkit.org/show_bug.cgi?id=68780 + + Reviewed by Oliver Hunt. + + emitJumpSlowCaseIfNotJSCell(...) cannot be moved + away since the next load depends on it. + + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_put_by_val): + +2011-09-25 Mark Hahnenberg <mhahnenberg@apple.com> + + Add custom vtable struct to ClassInfo struct + https://bugs.webkit.org/show_bug.cgi?id=68567 + + Reviewed by Oliver Hunt. + + Declared/defined the MethodTable struct and added it to the ClassInfo struct. + Also defined the CREATE_METHOD_TABLE macro to generate these method tables + succinctly where they need to be defined. + + Also added to it the first function to use this macro, visitChildren. + + This is part of the process of getting rid of all C++ virtual methods in JSCell. + Eventually all virtual functions in JSCell that can't easily be converted to + non-virtual functions will be put into this custom vtable structure. + * runtime/ClassInfo.h: + + Added the CREATE_METHOD_TABLE macro call as the last argument to each of the + ClassInfo structs declared in these classes. This saves us from having to visit + each s_info definition in the future when we add more methods to the MethodTable. + * API/JSCallbackConstructor.cpp: + * API/JSCallbackFunction.cpp: + * API/JSCallbackObject.cpp: + * JavaScriptCore.exp: + * runtime/Arguments.cpp: + * runtime/ArrayConstructor.cpp: + * runtime/ArrayPrototype.cpp: + * runtime/BooleanObject.cpp: + * runtime/BooleanPrototype.cpp: + * runtime/DateConstructor.cpp: + * runtime/DateInstance.cpp: + * runtime/DatePrototype.cpp: + * runtime/ErrorInstance.cpp: + * runtime/ErrorPrototype.cpp: + * runtime/ExceptionHelpers.cpp: + * runtime/Executable.cpp: + * runtime/GetterSetter.cpp: + * runtime/InternalFunction.cpp: + * runtime/JSAPIValueWrapper.cpp: + * runtime/JSActivation.cpp: + * runtime/JSArray.cpp: + * runtime/JSByteArray.cpp: + * runtime/JSFunction.cpp: + * runtime/JSGlobalObject.cpp: + * runtime/JSONObject.cpp: + * runtime/JSObject.cpp: + * runtime/JSPropertyNameIterator.cpp: + * runtime/JSString.cpp: + * runtime/MathObject.cpp: + * runtime/NativeErrorConstructor.cpp: + * runtime/NumberConstructor.cpp: + * runtime/NumberObject.cpp: + * runtime/NumberPrototype.cpp: + * runtime/ObjectConstructor.cpp: + * runtime/ObjectPrototype.cpp: + * runtime/RegExp.cpp: + * runtime/RegExpConstructor.cpp: + * runtime/RegExpObject.cpp: + * runtime/RegExpPrototype.cpp: + * runtime/ScopeChain.cpp: + * runtime/StringConstructor.cpp: + * runtime/StringObject.cpp: + * runtime/StringPrototype.cpp: + * runtime/Structure.cpp: + * runtime/StructureChain.cpp: + + Had to make visitChildren and visitChildrenVirtual protected instead of private + because some of the subclasses of JSWrapperObject need access to JSWrapperObject's + visitChildren function pointer in their vtable since they don't provide their own + implementation. Same for RegExpObject. + * runtime/JSWrapperObject.h: + * runtime/RegExpObject.h: + +2011-09-25 Adam Barth <abarth@webkit.org> + + Finish removing PLATFORM(BREWMP) by removing associated code + https://bugs.webkit.org/show_bug.cgi?id=68779 + + Reviewed by Sam Weinig. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + * wscript: + * wtf/FastMalloc.cpp: + (WTF::fastMallocSize): + * wtf/Vector.h: + * wtf/brew: Removed. + * wtf/brew/MainThreadBrew.cpp: Removed. + * wtf/brew/OwnPtrBrew.cpp: Removed. + * wtf/brew/RefPtrBrew.h: Removed. + * wtf/brew/ShellBrew.h: Removed. + * wtf/brew/StringBrew.cpp: Removed. + * wtf/brew/SystemMallocBrew.h: Removed. + * wtf/unicode/brew: Removed. + * wtf/unicode/brew/UnicodeBrew.cpp: Removed. + * wtf/unicode/brew/UnicodeBrew.h: Removed. + +2011-09-25 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not count speculation successes correctly + https://bugs.webkit.org/show_bug.cgi?id=68785 + + Reviewed by Geoffrey Garen. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::compileBody): + * dfg/DFGOperations.cpp: + +2011-09-25 Filip Pizlo <fpizlo@apple.com> + + DFG support for op_resolve_global is not enabled + https://bugs.webkit.org/show_bug.cgi?id=68786 + + Reviewed by Geoffrey Garen. + + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + +2011-09-25 Filip Pizlo <fpizlo@apple.com> + + DFG static prediction code is no longer needed and should be removed + https://bugs.webkit.org/show_bug.cgi?id=68784 + + Reviewed by Oliver Hunt. + + This gets rid of static prediction code, and ensures that we do not + try to compile code where dynamic predictions are not available. + This is accomplished by immediately performing an OSR exit wherever + a value is retrieved for which no predictions exist. + + This also adds value profiling for this on functions used for calls. + + The heuristics for deciding when to optimize code are also tweaked, + since it is now profitable to optimize sooner. This may need to be + tweaked further, but this patch only makes minimal changes. + + This results in a 16% speed-up on Kraken/ai-astar, leading to a 3% + overall win on Kraken. It's neutral elsewhere. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::shouldOptimizeNow): + (JSC::CodeBlock::dumpValueProfiles): + * bytecode/CodeBlock.h: + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + * bytecode/PredictedType.h: + (JSC::isCellPrediction): + (JSC::isObjectPrediction): + (JSC::isFinalObjectPrediction): + (JSC::isStringPrediction): + (JSC::isArrayPrediction): + (JSC::isInt32Prediction): + (JSC::isDoublePrediction): + (JSC::isNumberPrediction): + (JSC::isBooleanPrediction): + (JSC::mergePredictions): + * bytecode/PredictionTracker.h: + (JSC::PredictionTracker::predictArgument): + (JSC::PredictionTracker::predict): + (JSC::PredictionTracker::predictGlobalVar): + * bytecode/ValueProfile.cpp: + (JSC::ValueProfile::computeUpdatedPrediction): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::addCall): + (JSC::DFG::ByteCodeParser::getPrediction): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::predictGlobalVar): + (JSC::DFG::Graph::getMethodCheckPrediction): + (JSC::DFG::Graph::getJSConstantPrediction): + (JSC::DFG::Graph::getPrediction): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::writeBarrier): + (JSC::DFG::JITCodeGenerator::emitBranch): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::getPrediction): + * dfg/DFGNode.h: + (JSC::DFG::Node::valueOfJSConstantNode): + (JSC::DFG::Node::isInt32Constant): + (JSC::DFG::Node::isDoubleConstant): + (JSC::DFG::Node::isNumberConstant): + (JSC::DFG::Node::isBooleanConstant): + (JSC::DFG::Node::predict): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::Propagator): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::isPredictedNumerical): + (JSC::DFG::Propagator::logicalNotIsPure): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): + (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble): + (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber): + (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger): + (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject): + (JSC::DFG::SpeculativeJIT::shouldSpeculateArray): + (JSC::DFG::SpeculativeJIT::shouldSpeculateObject): + (JSC::DFG::SpeculativeJIT::shouldSpeculateCell): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + +2011-09-25 Filip Pizlo <fpizlo@apple.com> + + DFG JIT Construct opcode takes a this argument even though it's + not passed + https://bugs.webkit.org/show_bug.cgi?id=68782 + + Reviewed by Oliver Hunt. + + This is performance-neutral, mostly. It's a slight speed-up on + v8-splay. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addCall): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + +2011-09-25 Filip Pizlo <fpizlo@apple.com> + + DFG tracking of the value in cachedResultRegister does not handle + op_mov correctly + https://bugs.webkit.org/show_bug.cgi?id=68781 + + Reviewed by Oliver Hunt. + + This takes the simplest approach: it makes the old JIT dumber rather + than making the DFG JIT smarter. This is performance-neutral. + + * jit/JIT.h: + (JSC::JIT::canBeOptimized): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_mov): + +2011-09-25 Adam Barth <abarth@webkit.org> + + Remove PLATFORM(HAIKU) and associated code + https://bugs.webkit.org/show_bug.cgi?id=68774 + + Reviewed by Sam Weinig. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + * heap/MachineStackMarker.cpp: + * wtf/PageAllocation.h: + * wtf/Platform.h: + * wtf/StackBounds.cpp: + * wtf/haiku: Removed. + * wtf/haiku/MainThreadHaiku.cpp: Removed. + * wtf/haiku/StringHaiku.cpp: Removed. + * wtf/text/WTFString.h: + +2011-09-24 Adam Barth <abarth@webkit.org> + + Always enable ENABLE(OFFLINE_WEB_APPLICATIONS) + https://bugs.webkit.org/show_bug.cgi?id=68767 + + Reviewed by Eric Seidel. + + * Configurations/FeatureDefines.xcconfig: + +2011-09-24 Filip Pizlo <fpizlo@apple.com> + + JIT implementation of put_by_val increments m_length instead of setting + it to index+1 + https://bugs.webkit.org/show_bug.cgi?id=68766 + + Reviewed by Geoffrey Garen. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_put_by_val): + +2011-09-24 Geoffrey Garen <ggaren@apple.com> + + More build fixage. + + * heap/ConservativeRoots.cpp: Our system of #includes, it is chaos. + +2011-09-24 Filip Pizlo <fpizlo@apple.com> + + The DFG should not attempt to guess types in the absence of value + profiles + https://bugs.webkit.org/show_bug.cgi?id=68677 + + Reviewed by Oliver Hunt. + + This adds the ForceOSRExit node, which is ignored by the propagator + and virtual register allocator (and hence ensuring that liveness analysis + works correctly), but forces terminateSpeculativeExecution() in the + back-end. This appears to be a slight speed-up on benchmark averages, + with ~5% swings on individual benchmarks, in both directions. But it's + never a regression on any average, and appears to be a ~1% progression + in the SunSpider average. + + This also adds a bit better debugging support in the old JIT and in DFG, + as this was necessary to debug the much more frequent OSR transitions + that occur with this change. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addCall): + (JSC::DFG::ByteCodeParser::getStrongPrediction): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + * jit/JIT.h: + +2011-09-24 Geoffrey Garen <ggaren@apple.com> + + Some Windows build fixage. + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::sweep): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::isLive): Show the compiler that all control paths + return a value. There, there, compiler. Everything's going to be OK. + + * runtime/JSCell.h: + (JSC::JSCell::setVPtr): Oops! Unrename this function. + +2011-09-24 Geoffrey Garen <ggaren@apple.com> + + Allocate new objects unmarked + https://bugs.webkit.org/show_bug.cgi?id=68764 + + Reviewed by Oliver Hunt. + + This is a pre-requisite to using the mark bit to determine object age. + + ~2% v8 speedup, mostly due to a 12% v8-splay speedup. + + * heap/MarkedBlock.h: + (JSC::MarkedBlock::isLive): + (JSC::MarkedBlock::isLiveCell): These two functions are the reason for + this patch. They can now determine object liveness without relying on + newly allocated objects having their mark bits set. Each MarkedBlock + now has a state variable that tells us how to determine whether its + cells are live. (This new state variable supercedes the old one about + destructor state. The rest of this patch is just refactoring to support + the invariants of this new state variable without introducing a + performance regression.) + + (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal + state when a block becomes fully allocated. + + (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into + this function because, logically, clearing all mark bits is the first + step in saying "mark bits now exactly reflect object liveness". + + (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify + that this function only tells you about the mark bits, so it's only + meaningful if you've put the mark bits into a meaningful state before + calling it. + + (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function + instead of testing mark bits, since mark bits are not always the right + way to find out if an object is live anymore. (New objects are live, but + not marked.) + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::recycle): + (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even + initialization when recycling an old block -- into the MarkedBlock + constructor, for simplicity. + + (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for + a zapped cell before running a destructor, and always zap after + running a destructor. This does not seem to be expensive, and the + alternative just creates a too-confusing matrix of possible cell states + ((zombie undestructed cell + zombie destructed cell + zapped destructed + cell) * 5! permutations for progressing through block states = "Oh my!"). + + (JSC::MarkedBlock::specializedSweep): + (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing + optimization to use template specialization to constant fold lots of + branches and elide certain operations entirely during a sweep. Merged + four or five functions that were logically about sweeping into this one + function pair, so there's only one way to do things now, it's + automatically correct, and it's always fast. + + (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit + about exactly what it does, and to honor the new block state system. + + * heap/AllocationSpace.cpp: + (JSC::AllocationSpace::allocateBlock): Updated for rename. + + (JSC::AllocationSpace::freeBlocks): Updated for changed interface. + + (JSC::TakeIfUnmarked::TakeIfUnmarked): + (JSC::TakeIfUnmarked::operator()): + (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed + to clarify that this functor only tests the mark bits, so it's only + valid if you've put the mark bits into a meaningful state before + calling it. + + (JSC::AllocationSpace::shrink): Updated for rename. + + * heap/AllocationSpace.h: + (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a + little more specific about what we're making canonical. + + (JSC::AllocationSpace::forEachCell): Updated for rename. + + (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell + liveness data before iterating blocks -- clients that want iterated + blocks to have valid cell lieveness data should make this call for + themselves. (And not all clients want it.) + + * heap/ConservativeRoots.cpp: + (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed + obsolete comment. + + * heap/Heap.cpp: + (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...() + because clearMarks() now does that implicitly. + + (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since + tear-down tests cell liveness when running destructors. + + (JSC::Heap::markRoots): + (JSC::Heap::collect): Moved weak reference harvesting out of markRoots() + and into collect, since it strictly depends on root marking, and does + not contribute to root marking. + + (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more + specific about what we're making canonical. + + * heap/Heap.h: + (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness + data before iterating protected cells, since we know they're all live, + and don't need to test for it. + + * heap/Local.h: + (JSC::::set): Can't make the same ASSERT we used to because we just don't + have the mark bits for it anymore. Perhaps we can bring this ASSERT back + in a weaker form in the future. + + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::addBlock): + (JSC::MarkedSpace::removeBlock): Updated for interface change. + (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more + specific about what we're making canonical. + + * heap/MarkedSpace.h: + (JSC::MarkedSpace::allocate): + (JSC::MarkedSpace::SizeClass::SizeClass): + (JSC::MarkedSpace::SizeClass::resetAllocator): + (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator + functionality a bit. We now track only one block -- "currentBlock" -- + and rely on its internal state to know whether it has more cells to + allocate. + + * heap/Weak.h: + (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't + have the mark bits for it anymore. Perhaps we can bring this ASSERT back + in a weaker form in the future. + + * runtime/JSCell.h: + (JSC::JSCell::vptr): + (JSC::JSCell::zap): + (JSC::JSCell::isZapped): + (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction. + In the future, exactly how a JSCell zaps itself will change, as the + internal representation of JSCell changes. + +2011-09-24 Filip Pizlo <fpizlo@apple.com> + + DFG JIT should not eagerly initialize integer tags in the register file + https://bugs.webkit.org/show_bug.cgi?id=68763 + + Reviewed by Oliver Hunt. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueRecovery::dump): + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32): + (JSC::DFG::OSRExit::operandForArgument): + (JSC::DFG::OSRExit::operandForIndex): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + +2011-09-23 Yuqiang Xian <yuqiang.xian@intel.com> + + Add JSVALUE32_64 support to DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=67460 + + Reviewed by Gavin Barraclough. + + This is the initial attempt to add JSVALUE32_64 support to DFG JIT. + It's tested on IA32 Linux EFL port currently. It still cannot run + all the test cases and benchmarks so should be turned off now. + + The major work includes: + 1) dealing with JSVALUE32_64 data format in DFG JIT; + 2) bindings between 64-bit JS Value and 32-bit registers; + 3) handling of function calls. Currently for DFG operation function + calls we follow the X86 cdecl calling convention on Linux, and the + implementation is in a naive way by pushing the arguments into stack + one by one. + + The known issues include: + 1) some code duplicates unnecessarily, especially in Speculative JIT + code generation, where most of the operations on SpeculataInteger / + SpeculateDouble should be identical to the JSVALUE64 code. Refactoring + is needed in the future; + 2) lack of op_call and op_construct support, comparing to current + JSVALUE64 DFG; + 3) currently integer speculations assume to be StrictInt32; + 4) lack of JSBoolean speculations; + 5) boxing and unboxing doubles could be improved; + 6) DFG X86 register description is different with the baseline JIT, + the timeoutCheckRegister is used for general purpose usage; + 7) calls to runtime functions with primitive double parameters (e.g. + fmod) don't work. Support needs to be added to the assembler to + implement the mechanism of passing double parameters for X86 cdecl + convention. + + And there should be many other hidden bugs which should be exposed and + resolved in later debugging process. + + * CMakeListsEfl.txt: + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::loadDouble): + (JSC::MacroAssemblerX86::storeDouble): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movsd_rm): + * bytecode/StructureStubInfo.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGFPRInfo.h: + (JSC::DFG::FPRInfo::debugName): + * dfg/DFGGPRInfo.h: + (JSC::DFG::GPRInfo::toRegister): + (JSC::DFG::GPRInfo::toIndex): + (JSC::DFG::GPRInfo::debugName): + * dfg/DFGGenerationInfo.h: + (JSC::DFG::needDataFormatConversion): + (JSC::DFG::GenerationInfo::initJSValue): + (JSC::DFG::GenerationInfo::initDouble): + (JSC::DFG::GenerationInfo::gpr): + (JSC::DFG::GenerationInfo::tagGPR): + (JSC::DFG::GenerationInfo::payloadGPR): + (JSC::DFG::GenerationInfo::fpr): + (JSC::DFG::GenerationInfo::fillJSValue): + (JSC::DFG::GenerationInfo::fillCell): + (JSC::DFG::GenerationInfo::fillDouble): + * dfg/DFGJITCodeGenerator.cpp: + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::allocate): + (JSC::DFG::JITCodeGenerator::use): + (JSC::DFG::JITCodeGenerator::registersMatched): + (JSC::DFG::JITCodeGenerator::silentSpillGPR): + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::silentFillFPR): + (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): + (JSC::DFG::JITCodeGenerator::silentFillAllRegisters): + (JSC::DFG::JITCodeGenerator::boxDouble): + (JSC::DFG::JITCodeGenerator::unboxDouble): + (JSC::DFG::JITCodeGenerator::spill): + (JSC::DFG::addressOfDoubleConstant): + (JSC::DFG::integerResult): + (JSC::DFG::jsValueResult): + (JSC::DFG::setupResults): + (JSC::DFG::callOperation): + (JSC::JSValueOperand::JSValueOperand): + (JSC::JSValueOperand::~JSValueOperand): + (JSC::JSValueOperand::isDouble): + (JSC::JSValueOperand::fill): + (JSC::JSValueOperand::tagGPR): + (JSC::JSValueOperand::payloadGPR): + (JSC::JSValueOperand::fpr): + (JSC::GPRTemporary::~GPRTemporary): + (JSC::GPRTemporary::gpr): + (JSC::GPRResult2::GPRResult2): + * dfg/DFGJITCodeGenerator32_64.cpp: Added. + (JSC::DFG::JITCodeGenerator::clearGenerationInfo): + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::fillStorage): + (JSC::DFG::JITCodeGenerator::useChildren): + (JSC::DFG::JITCodeGenerator::isStrictInt32): + (JSC::DFG::JITCodeGenerator::isKnownInteger): + (JSC::DFG::JITCodeGenerator::isKnownNumeric): + (JSC::DFG::JITCodeGenerator::isKnownCell): + (JSC::DFG::JITCodeGenerator::isKnownNotInteger): + (JSC::DFG::JITCodeGenerator::isKnownNotNumber): + (JSC::DFG::JITCodeGenerator::isKnownBoolean): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod): + (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance): + (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf): + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::writeBarrier): + (JSC::DFG::JITCodeGenerator::cachedPutById): + (JSC::DFG::JITCodeGenerator::cachedGetMethod): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq): + (JSC::DFG::JITCodeGenerator::emitBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot): + (JSC::DFG::JITCodeGenerator::emitCall): + (JSC::DFG::JITCodeGenerator::speculationCheck): + (JSC::DFG::dataFormatString): + (JSC::DFG::JITCodeGenerator::dump): + (JSC::DFG::JITCodeGenerator::checkConsistency): + (JSC::DFG::GPRTemporary::GPRTemporary): + (JSC::DFG::FPRTemporary::FPRTemporary): + * dfg/DFGJITCompiler.cpp: + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::tagForGlobalVar): + (JSC::DFG::JITCompiler::payloadForGlobalVar): + (JSC::DFG::JITCompiler::appendCallWithExceptionCheck): + (JSC::DFG::JITCompiler::addressOfDoubleConstant): + (JSC::DFG::JITCompiler::boxDouble): + (JSC::DFG::JITCompiler::unboxDouble): + (JSC::DFG::JITCompiler::addPropertyAccess): + (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): + * dfg/DFGJITCompiler32_64.cpp: Added. + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::JITCompiler::fillInt32ToInteger): + (JSC::DFG::JITCompiler::fillToJS): + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + (JSC::DFG::JITCompiler::linkOSRExits): + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): + (JSC::DFG::JITCompiler::jitAssertIsInt32): + (JSC::DFG::JITCompiler::jitAssertIsJSInt32): + (JSC::DFG::JITCompiler::jitAssertIsJSNumber): + (JSC::DFG::JITCompiler::jitAssertIsJSDouble): + (JSC::DFG::JITCompiler::jitAssertIsCell): + (JSC::DFG::JITCompiler::emitCount): + (JSC::DFG::JITCompiler::setSamplingFlag): + (JSC::DFG::JITCompiler::clearSamplingFlag): + * dfg/DFGJITCompilerInlineMethods.h: Added. + (JSC::DFG::JITCompiler::emitLoadTag): + (JSC::DFG::JITCompiler::emitLoadPayload): + (JSC::DFG::JITCompiler::emitLoad): + (JSC::DFG::JITCompiler::emitLoad2): + (JSC::DFG::JITCompiler::emitLoadDouble): + (JSC::DFG::JITCompiler::emitLoadInt32ToDouble): + (JSC::DFG::JITCompiler::emitStore): + (JSC::DFG::JITCompiler::emitStoreInt32): + (JSC::DFG::JITCompiler::emitStoreCell): + (JSC::DFG::JITCompiler::emitStoreBool): + (JSC::DFG::JITCompiler::emitStoreDouble): + * dfg/DFGNode.h: + * dfg/DFGOperations.cpp: + * dfg/DFGRepatch.cpp: + (JSC::DFG::generateProtoChainAccessStub): + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::tryBuildGetByIDList): + (JSC::DFG::tryCachePutByID): + * dfg/DFGSpeculativeJIT.cpp: + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueRecovery::inGPR): + (JSC::DFG::ValueRecovery::inPair): + (JSC::DFG::ValueRecovery::tagGPR): + (JSC::DFG::ValueRecovery::payloadGPR): + * dfg/DFGSpeculativeJIT32_64.cpp: Added. + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::ValueSource::dump): + (JSC::DFG::ValueRecovery::dump): + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::OSRExit::dump): + (JSC::DFG::SpeculativeJIT::fillSpeculateInt): + (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::convertToDouble): + (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::compileMovHint): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::initializeVariableTypes): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * runtime/JSValue.h: + +2011-09-23 Filip Pizlo <fpizlo@apple.com> + + wtf/BitVector.h has a variety of bugs which manifest when the + vector grows beyond 63 bits + https://bugs.webkit.org/show_bug.cgi?id=68746 + + Reviewed by Oliver Hunt. + + Out-of-lined slow path code in BitVector so that not every user + of CodeBlock ends up having to compile it. Fixed a variety of + index computation and size computation bugs. + + I have not seen these issues manifest themselves, but they are + blocking a patch that uses BitVector more aggressively. + + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/BitVector.cpp: Added. + (BitVector::BitVector): + (BitVector::operator=): + (BitVector::resize): + (BitVector::clearAll): + (BitVector::OutOfLineBits::create): + (BitVector::OutOfLineBits::destroy): + (BitVector::resizeOutOfLine): + * wtf/BitVector.h: + (WTF::BitVector::ensureSize): + (WTF::BitVector::get): + (WTF::BitVector::set): + (WTF::BitVector::clear): + (WTF::BitVector::byteCount): + (WTF::BitVector::OutOfLineBits::numWords): + (WTF::BitVector::OutOfLineBits::bits): + (WTF::BitVector::outOfLineBits): + * wtf/CMakeLists.txt: + * wtf/wtf.pri: + +2011-09-23 Adam Klein <adamk@chromium.org> + + Add ENABLE_MUTATION_OBSERVERS feature flag + https://bugs.webkit.org/show_bug.cgi?id=68732 + + Reviewed by Ojan Vafai. + + This flag will guard an implementation of the "Mutation Observers" proposed in + http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html + + * Configurations/FeatureDefines.xcconfig: + +2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com> + + De-virtualize JSCell::getJSNumber + https://bugs.webkit.org/show_bug.cgi?id=68651 + + Reviewed by Oliver Hunt. + + Added a new JSType to check whether or not something is a + NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not + currently a better way to determine whether something is indeed a NumberObject. + Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo + for whether the object is a NumberObject or not. This patch is part of + the larger process of de-virtualizing JSCell. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSCell.cpp: + (JSC::JSCell::getJSNumber): + * runtime/JSCell.h: + (JSC::JSValue::getJSNumber): + * runtime/JSType.h: + * runtime/JSTypeInfo.h: + (JSC::TypeInfo::isNumberObject): + * runtime/JSValue.h: + * runtime/NumberObject.cpp: + (JSC::NumberObject::getJSNumber): + * runtime/NumberObject.h: + (JSC::NumberObject::createStructure): + * runtime/NumberPrototype.h: + (JSC::NumberPrototype::createStructure): + +2011-09-23 Filip Pizlo <fpizlo@apple.com> + + Resolve opcodes should have value profiling. + https://bugs.webkit.org/show_bug.cgi?id=68723 + + Reviewed by Oliver Hunt. + + This adds value profiling to all forms of op_resolve in the + old JIT, and patches that information into the DFG along with + performing the appropriate type propagation. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasIdentifier): + (JSC::DFG::Node::resolveGlobalDataIndex): + (JSC::DFG::Node::hasPrediction): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_resolve): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emit_op_resolve_global): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + (JSC::JIT::emitSlow_op_resolve_global_dynamic): + * jit/JITStubCall.h: + (JSC::JITStubCall::callWithValueProfiling): + +2011-09-23 Oliver Hunt <oliver@apple.com> + + Fix windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-09-23 Gavin Barraclough <barraclough@apple.com> + + Strict mode does not work in non-trivial nested functions. + https://bugs.webkit.org/show_bug.cgi?id=68740 + + Reviewed by Oliver Hunt. + + Function-info caching does not preserve all state that it should. + + * parser/JSParser.cpp: + (JSC::JSParser::Scope::saveFunctionInfo): + (JSC::JSParser::Scope::restoreFunctionInfo): + (JSC::JSParser::parseFunctionInfo): + * parser/SourceProviderCacheItem.h: + +2011-09-23 Filip Pizlo <fpizlo@apple.com> + + ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED + https://bugs.webkit.org/show_bug.cgi?id=68724 + + Reviewed by Oliver Hunt. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + +2011-09-23 Oliver Hunt <oliver@apple.com> + + Build fix. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-09-23 Filip Pizlo <fpizlo@apple.com> + + DFG implementation of PutScopedVar corrupts register allocation + https://bugs.webkit.org/show_bug.cgi?id=68735 + + Reviewed by Oliver Hunt. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-23 Oliver Hunt <oliver@apple.com> + + Make write barriers actually do something when enabled + https://bugs.webkit.org/show_bug.cgi?id=68717 + + Reviewed by Geoffrey Garen. + + Add a basic card marking style write barrier to JSC (currently + turned off). This requires two scratch registers in the JIT + so there was some register re-arranging to satisfy that requirement. + Happily this produced a minor perf bump in sunspider (~0.5%). + + Turning the barriers on causes an overall regression of around 1.5% + + * JavaScriptCore.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::store8): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movb_i8m): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isKnownNotCell): + (JSC::DFG::JITCodeGenerator::writeBarrier): + (JSC::DFG::JITCodeGenerator::markCellCard): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCachePutByID): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * heap/CardSet.h: Added. + (JSC::CardSet::CardSet): + (JSC::::cardForAtom): + (JSC::::cardMarkedForAtom): + (JSC::::markCardForAtom): + * heap/Heap.cpp: + * heap/Heap.h: + (JSC::Heap::addressOfCardFor): + (JSC::Heap::writeBarrierFastCase): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::setDirtyObject): + (JSC::MarkedBlock::addressOfCardFor): + (JSC::MarkedBlock::offsetOfCards): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_put_by_val): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_put_global_var): + (JSC::JIT::emitWriteBarrier): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_put_by_val): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emitSlow_op_put_by_id): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_put_global_var): + +2011-09-23 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + https://bugs.webkit.org/show_bug.cgi?id=68077 + SH4 assemblers doesn't refer to executable memory handle. + + Reviewed by Gavin Barraclough. + + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::branch8): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::executableCopy): + +2011-09-23 Oliver Hunt <oliver@apple.com> + + PutScopedVar nodes should report that it has a var number + https://bugs.webkit.org/show_bug.cgi?id=68721 + + Reviewed by Anders Carlsson. + + Another assertion fix. + + * dfg/DFGNode.h: + (JSC::DFG::Node::hasVarNumber): + +2011-09-23 Oliver Hunt <oliver@apple.com> + + Add a bunch of unhandled node types to the propagator + https://bugs.webkit.org/show_bug.cgi?id=68716 + + Reviewed by Darin Adler. + + Remove the ASSERT_NOT_REACHED() default for debug builds in the + prediction propagator, this way unhandled nodes will just cause + compile time failures rather than failing at some point in the + future. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + +2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com> + + Add static version of JSCell::visitChildren + https://bugs.webkit.org/show_bug.cgi?id=68404 + + Reviewed by Darin Adler. + + In this patch we just extract the bodies of the virtual visitChildren methods + throughout the JSCell inheritance hierarchy out into static methods, which are + now called from the virtual methods. This is an intermediate step in trying to + move the virtual-ness of visitChildren into our own custom vtable stored in + ClassInfo. We need to convert the methods to static methods in order to be + able to more easily store and refer to them in our custom vtable since normal + member methods store some implicit information in their types, making it + impossible to store them generically in ClassInfo. + + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::visitChildrenVirtual): + (JSC::JSCallbackObject::visitChildren): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::visitChildrenVirtual): + (JSC::DebuggerActivation::visitChildren): + * debugger/DebuggerActivation.h: + * heap/MarkStack.cpp: + (JSC::SlotVisitor::visitChildren): + (JSC::SlotVisitor::drain): + * runtime/Arguments.cpp: + (JSC::Arguments::visitChildrenVirtual): + (JSC::Arguments::visitChildren): + * runtime/Arguments.h: + * runtime/Executable.cpp: + (JSC::EvalExecutable::visitChildrenVirtual): + (JSC::EvalExecutable::visitChildren): + (JSC::ProgramExecutable::visitChildrenVirtual): + (JSC::ProgramExecutable::visitChildren): + (JSC::FunctionExecutable::visitChildrenVirtual): + (JSC::FunctionExecutable::visitChildren): + * runtime/Executable.h: + * runtime/GetterSetter.cpp: + (JSC::GetterSetter::visitChildrenVirtual): + (JSC::GetterSetter::visitChildren): + * runtime/GetterSetter.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildrenVirtual): + (JSC::JSActivation::visitChildren): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::visitChildrenVirtual): + (JSC::JSArray::visitChildren): + * runtime/JSArray.h: + * runtime/JSBoundFunction.cpp: + (JSC::JSBoundFunction::visitChildrenVirtual): + (JSC::JSBoundFunction::visitChildren): + * runtime/JSBoundFunction.h: + * runtime/JSCell.h: + (JSC::JSCell::visitChildrenVirtual): + (JSC::JSCell::visitChildren): + * runtime/JSFunction.cpp: + (JSC::JSFunction::visitChildrenVirtual): + (JSC::JSFunction::visitChildren): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::visitChildrenVirtual): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildrenVirtual): + (JSC::JSObject::visitChildren): + * runtime/JSObject.h: + (JSC::JSObject::visitChildrenDirect): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::visitChildrenVirtual): + (JSC::JSPropertyNameIterator::visitChildren): + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::visitChildrenVirtual): + (JSC::JSStaticScopeObject::visitChildren): + * runtime/JSStaticScopeObject.h: + * runtime/JSWrapperObject.cpp: + (JSC::JSWrapperObject::visitChildrenVirtual): + (JSC::JSWrapperObject::visitChildren): + * runtime/JSWrapperObject.h: + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::visitChildrenVirtual): + (JSC::NativeErrorConstructor::visitChildren): + * runtime/NativeErrorConstructor.h: + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::visitChildrenVirtual): + (JSC::RegExpObject::visitChildren): + * runtime/RegExpObject.h: + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::visitChildrenVirtual): + (JSC::ScopeChainNode::visitChildren): + * runtime/ScopeChain.h: + * runtime/Structure.cpp: + (JSC::Structure::visitChildrenVirtual): + (JSC::Structure::visitChildren): + * runtime/Structure.h: + * runtime/StructureChain.cpp: + (JSC::StructureChain::visitChildrenVirtual): + (JSC::StructureChain::visitChildren): + * runtime/StructureChain.h: + +2011-09-23 Oliver Hunt <oliver@apple.com> + + Node propagation doesn't handle PutScopedVar + https://bugs.webkit.org/show_bug.cgi?id=68713 + + Reviewed by Sam Weinig. + + This was causing assertion failures. + + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + +2011-09-23 Anders Carlsson <andersca@apple.com> + + Make sure to define OVERRIDE and FINAL for older builds of clang. + + * wtf/Compiler.h: + +2011-09-23 Gavin Barraclough <barraclough@apple.com> + + Implement op_resolve_global in the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=68704 + + Reviewed by Oliver Hunt. + + This is performance neutral, but increases coverage. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasIdentifier): + (JSC::DFG::Node::resolveInfoIndex): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-23 Mark Rowe <mrowe@apple.com> + + Define BUILDING_ON_LION / TARGETING_LION when appropriate in Platform.h. + + * wtf/Platform.h: + +2011-09-22 Anders Carlsson <andersca@apple.com> + + We should add support for OVERRIDE and FINAL annotations + https://bugs.webkit.org/show_bug.cgi?id=68654 + + Reviewed by David Hyatt. + + Add OVERRIDE and FINAL macros for compilers that support them. + + * wtf/Compiler.h: + +2011-09-22 Filip Pizlo <fpizlo@apple.com> + + GetScopedVar should have value profiling + https://bugs.webkit.org/show_bug.cgi?id=68676 + + Reviewed by Oliver Hunt. + + Added GetScopedVar value profiling and predictin propagation. + Added GetScopeChain to CSE. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasPrediction): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::getScopeChainLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_get_scoped_var): + +2011-09-22 Filip Pizlo <fpizlo@apple.com> + + PPC build fix, part 3. + + * runtime/Executable.cpp: + (JSC::FunctionExecutable::compileForConstructInternal): + +2011-09-22 Filip Pizlo <fpizlo@apple.com> + + Another PPC build fix. + + * runtime/Executable.cpp: + * runtime/Executable.h: + +2011-09-22 Dean Jackson <dino@apple.com> + + Add ENABLE_CSS_FILTERS + https://bugs.webkit.org/show_bug.cgi?id=68652 + + Reviewed by Simon Fraser. + + * Configurations/FeatureDefines.xcconfig: + +2011-09-22 Gavin Barraclough <barraclough@apple.com> + + Incorrect this value passed to callbacks. + https://bugs.webkit.org/show_bug.cgi?id=68668 + + Reviewed by Oliver Hunt. + + From Array/String prototype function. Should be undefined, but + global object is passed instead (this is visible for strict callbacks). + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + * runtime/JSArray.cpp: + (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key): + (JSC::JSArray::sort): + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncReplace): + +2011-09-22 Gavin Barraclough <barraclough@apple.com> + + Function.prototype.bind.length shoudl be 1. + + Rubber stamped by Olier Hunt. + + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::addFunctionProperties): + +2011-09-22 Filip Pizlo <fpizlo@apple.com> + + PPC build fix. + + * bytecode/CodeBlock.h: + +2011-09-22 Gavin Barraclough <barraclough@apple.com> + + Windows build fix pt. 2 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-09-22 Gavin Barraclough <barraclough@apple.com> + + Windows build fix pt. 1 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-09-21 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not support to_primitive or strcat + https://bugs.webkit.org/show_bug.cgi?id=68582 + + Reviewed by Darin Adler. + + This adds functional support for to_primitive and strcat. It focuses + on minimizing the amount of code emitted on to_primitive (if we know + that it is a primitive or can speculate cheaply, then we omit the + slow path) and on keeping the implementation of strcat simple while + leveraging whatever optimizations we have already. In particular, + unlike the Call and Construct nodes which require extending the size + of the DFG's callee registers, StrCat takes advantage of the fact + that no JS code can run while StrCat is in progress and uses a + scratch buffer, rather than the register file, to store the list of + values to concatenate. This was done mainly to keep the code simple, + but there are probably other benefits to keeping call frame sizes + down. Essentially, this patch ensures that the presence of an + op_strcat does not mess up any other optimizations we might do while + ensuring that if you do execute it, it'll work about as well as you'd + expect. + + When combined with the previous patch for integer division, this is a + 14% speed-up on Kraken. Without it, it would have been a 2% loss. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::callOperation): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + * dfg/DFGNode.h: + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::scratchBufferForSize): + +2011-09-22 Filip Pizlo <fpizlo@apple.com> + + DFG JIT should support integer division + https://bugs.webkit.org/show_bug.cgi?id=68597 + + Reviewed by Darin Adler. + + This adds support for ArithDiv speculating integer, and speculating + that the result is integer (i.e. remainder = 0). + + This is a 4% win on Kraken and a 1% loss on V8. + + * bytecode/CodeBlock.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeDivSafe): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasArithNodeFlags): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITArithmetic.cpp: + (JSC::JIT::emit_op_div): + +2011-09-22 Oliver Hunt <oliver@apple.com> + + Implement put_scoped_var in the DFG jit + https://bugs.webkit.org/show_bug.cgi?id=68653 + + Reviewed by Gavin Barraclough. + + Naive implementation of put_scoped_var. Same story as the + get_scoped_var implementation, although I've hoisted scope + object acquisition into a separate dfg node. Ideally in the + future we would reuse the resolved scope chain object, but + for now we don't. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasScopeChainDepth): + (JSC::DFG::Node::scopeChainDepth): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-22 Gavin Barraclough <barraclough@apple.com> + + Implement Function.prototype.bind + https://bugs.webkit.org/show_bug.cgi?id=26382 + + Reviewed by Sam Weinig. + + This patch provides a basic functional implementation + for Function.bind. It should (hopefully!) be fully + functionally correct, and the bound functions can be + called to quickly (since they are a subclass of + JSFunction, not InternalFunction), but we'll probably + want to follow up with some optimization work to keep + bound calls in JIT code. + + * JavaScriptCore.JSVALUE32_64only.exp: + * JavaScriptCore.JSVALUE64only.exp: + * JavaScriptCore.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): + * jit/JITStubs.h: + * jsc.cpp: + (GlobalObject::addFunction): + * runtime/CommonIdentifiers.h: + * runtime/ConstructData.h: + * runtime/Executable.h: + (JSC::NativeExecutable::NativeExecutable): + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::addFunctionProperties): + (JSC::functionProtoFuncBind): + * runtime/FunctionPrototype.h: + * runtime/JSBoundFunction.cpp: Added. + (JSC::boundFunctionCall): + (JSC::boundFunctionConstruct): + (JSC::JSBoundFunction::create): + (JSC::JSBoundFunction::hasInstance): + (JSC::JSBoundFunction::getOwnPropertySlot): + (JSC::JSBoundFunction::getOwnPropertyDescriptor): + (JSC::JSBoundFunction::JSBoundFunction): + (JSC::JSBoundFunction::finishCreation): + * runtime/JSBoundFunction.h: Added. + (JSC::JSBoundFunction::targetFunction): + (JSC::JSBoundFunction::boundThis): + (JSC::JSBoundFunction::boundArgs): + (JSC::JSBoundFunction::createStructure): + * runtime/JSFunction.cpp: + (JSC::JSFunction::create): + (JSC::JSFunction::finishCreation): + (JSC::createDescriptorForThrowingProperty): + (JSC::JSFunction::getOwnPropertySlot): + * runtime/JSFunction.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::getHostFunction): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::boundFunctionStructure): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + +2011-09-22 Oliver Hunt <oliver@apple.com> + + Implement get_scoped_var in the DFG + https://bugs.webkit.org/show_bug.cgi?id=68640 + + Reviewed by Gavin Barraclough. + + Naive implementation of get_scoped_var in the DFG. Essentially this + is the bare minimum required to get correct behaviour, so there's no + load/store coalescing or type profiling involved, even though these + would be wins. No impact on SunSpider or V8. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasVarNumber): + (JSC::DFG::Node::hasScopeChainDepth): + (JSC::DFG::Node::scopeChainDepth): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-22 Adam Roben <aroben@apple.com> + + Remove FindSafari from all our .sln files + + It isn't used anymore, so there's no point in building it. + + Part of <http://webkit.org/b/68628> Remove FindSafari + + Reviewed by Steve Falkenburg. + + * JavaScriptCore.vcproj/JavaScriptCore.sln: + +2011-09-22 Filip Pizlo <fpizlo@apple.com> + + 32-bit call code clobbers the function cell tag + https://bugs.webkit.org/show_bug.cgi?id=68606 + + Reviewed by Csaba Osztrogonác. + + This is a minimalistic fix: it simply emits code to restore the + cell tag on the slow path, if we know that we failed due to + emitCallIfNotType. + + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCallVarargsSlowCase): + (JSC::JIT::compileOpCallSlowCase): + +2011-09-21 Gavin Barraclough <barraclough@apple.com> + + Add missing addPtr->add32 mapping for X86. + + Rubber stamped by Sam Weinig. + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::addPtr): + +2011-09-21 Gavin Barraclough <barraclough@apple.com> + + Add missing addDouble for AbsoluteAddress to X86 + + Rubber stamped by Geoff Garen. + + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::addDouble): + * assembler/X86Assembler.h: + (JSC::X86Assembler::addsd_mr): + (JSC::X86Assembler::cvtsi2sd_rr): + (JSC::X86Assembler::cvtsi2sd_mr): + +2011-09-21 Gavin Barraclough <barraclough@apple.com> + + Build fix following fix for bug #68586. + + * jit/JIT.cpp: + * jit/JITInlineMethods.h: + +2011-09-21 Filip Pizlo <fpizlo@apple.com> + + DFG JIT should be able to compile op_throw + https://bugs.webkit.org/show_bug.cgi?id=68571 + + Reviewed by Geoffrey Garen. + + This compiles op_throw in the simplest way possible: it's an OSR + point back to the old JIT. This is a good step towards increasing + coverage, particularly on Kraken, but it's neutral because the + same functions that do throw also use some other unsupported + opcodes. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-21 Filip Pizlo <fpizlo@apple.com> + + DFG should support continuous optimization + https://bugs.webkit.org/show_bug.cgi?id=68329 + + Reviewed by Geoffrey Garen. + + This adds the ability to reoptimize a code block if speculation + failures happen frequently. 6% speed-up on Kraken, 1% slow-down + on V8, neutral on SunSpider. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + (JSC::ProgramCodeBlock::jettison): + (JSC::EvalCodeBlock::jettison): + (JSC::FunctionCodeBlock::jettison): + (JSC::CodeBlock::shouldOptimizeNow): + (JSC::CodeBlock::dumpValueProfiles): + * bytecode/CodeBlock.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getStrongPrediction): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::compileBody): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::noticeOSREntry): + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * dfg/DFGOSREntry.h: + (JSC::DFG::getOSREntryDataBytecodeIndex): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * heap/ConservativeRoots.cpp: + (JSC::ConservativeRoots::ConservativeRoots): + (JSC::ConservativeRoots::~ConservativeRoots): + (JSC::DummyMarkHook::mark): + (JSC::ConservativeRoots::genericAddPointer): + (JSC::ConservativeRoots::genericAddSpan): + (JSC::ConservativeRoots::add): + * heap/ConservativeRoots.h: + * heap/Heap.cpp: + (JSC::Heap::addJettisonCodeBlock): + (JSC::Heap::markRoots): + * heap/Heap.h: + * heap/JettisonedCodeBlocks.cpp: Added. + (JSC::JettisonedCodeBlocks::JettisonedCodeBlocks): + (JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks): + (JSC::JettisonedCodeBlocks::addCodeBlock): + (JSC::JettisonedCodeBlocks::clearMarks): + (JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks): + (JSC::JettisonedCodeBlocks::traceCodeBlocks): + * heap/JettisonedCodeBlocks.h: Added. + (JSC::JettisonedCodeBlocks::mark): + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::gatherConservativeRoots): + * interpreter/RegisterFile.h: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Executable.cpp: + (JSC::jettisonCodeBlock): + (JSC::EvalExecutable::jettisonOptimizedCode): + (JSC::ProgramExecutable::jettisonOptimizedCode): + (JSC::FunctionExecutable::jettisonOptimizedCodeForCall): + (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct): + * runtime/Executable.h: + (JSC::FunctionExecutable::jettisonOptimizedCodeFor): + * wtf/BitVector.h: Added. + (WTF::BitVector::BitVector): + (WTF::BitVector::~BitVector): + (WTF::BitVector::operator=): + (WTF::BitVector::size): + (WTF::BitVector::ensureSize): + (WTF::BitVector::resize): + (WTF::BitVector::clearAll): + (WTF::BitVector::get): + (WTF::BitVector::set): + (WTF::BitVector::clear): + (WTF::BitVector::bitsInPointer): + (WTF::BitVector::maxInlineBits): + (WTF::BitVector::byteCount): + (WTF::BitVector::makeInlineBits): + (WTF::BitVector::OutOfLineBits::numBits): + (WTF::BitVector::OutOfLineBits::numWords): + (WTF::BitVector::OutOfLineBits::bits): + (WTF::BitVector::OutOfLineBits::create): + (WTF::BitVector::OutOfLineBits::destroy): + (WTF::BitVector::OutOfLineBits::OutOfLineBits): + (WTF::BitVector::isInline): + (WTF::BitVector::outOfLineBits): + (WTF::BitVector::resizeOutOfLine): + (WTF::BitVector::bits): + +2011-09-21 Gavin Barraclough <barraclough@apple.com> + + Add X86 GPRInfo for DFG JIT. + https://bugs.webkit.org/show_bug.cgi?id=68586 + + Reviewed by Geoff Garen. + + * dfg/DFGGPRInfo.h: + (JSC::DFG::GPRInfo::toRegister): + (JSC::DFG::GPRInfo::toIndex): + (JSC::DFG::GPRInfo::debugName): + +2011-09-21 Gavin Barraclough <barraclough@apple.com> + + Should support value profiling on CPU(X86) + https://bugs.webkit.org/show_bug.cgi?id=68575 + + Reviewed by Sam Weinig. + + Fix verbose profiling in ToT (SlowCaseProfile had been + partially renamed to RareCaseProfile), add in-memory + bucket counter for CPU(X86), move JIT::m_canBeOptimized + out of the DFG_JIT ifdef. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::resetRareCaseProfiles): + (JSC::CodeBlock::dumpValueProfiles): + * bytecode/CodeBlock.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeSafe): + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + +2011-09-21 Filip Pizlo <fpizlo@apple.com> + + DFG does not support compiling functions as constructors + https://bugs.webkit.org/show_bug.cgi?id=68500 + + Reviewed by Oliver Hunt. + + This adds support for compiling constructors to the DFG. It's a + 1% speed-up on V8, mostly due to a 6% speed-up on early-boyer. + It's also a 13% win on access-binary-trees, but it's neutral in + the SunSpider and Kraken averages. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::mightCompileFunctionForConstruct): + (JSC::DFG::canCompileOpcode): + * dfg/DFGNode.h: + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/Executable.cpp: + (JSC::FunctionExecutable::compileOptimizedForConstruct): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (JSC::FunctionExecutable::compileForConstruct): + (JSC::FunctionExecutable::compileFor): + (JSC::FunctionExecutable::compileOptimizedFor): + +2011-09-21 Gavin Barraclough <barraclough@apple.com> + + Replace jsFunctionVPtr compares with a type check on the Structure. + https://bugs.webkit.org/show_bug.cgi?id=68557 + + Reviewed by Oliver Hunt. + + This will permit calls to still optimize to subclasses of JSFunction + that have the correct type (but a different C++ vptr). + + This patch stops passing the globalData into numerous functions. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::isFunctionConstant): + (JSC::DFG::Graph::valueOfFunctionConstant): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::isFunctionConstant): + (JSC::DFG::JITCompiler::valueOfFunctionConstant): + * dfg/DFGOperations.cpp: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.h: + * jit/JITCall.cpp: + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCallSlowCase): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCallSlowCase): + * jit/JITInlineMethods.h: + (JSC::JIT::emitJumpIfNotType): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Executable.h: + (JSC::isHostFunction): + * runtime/JSFunction.h: + (JSC::JSFunction::createStructure): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC::JSObject::putWithAttributes): + * runtime/JSObject.h: + (JSC::getJSFunction): + (JSC::JSObject::putDirect): + (JSC::JSObject::putDirectWithoutTransition): + * runtime/JSType.h: + +2011-09-21 Geoffrey Garen <ggaren@apple.com> + + Removed WTFTHREADDATA_MULTITHREADED, making it always true + https://bugs.webkit.org/show_bug.cgi?id=68549 + + Reviewed by Darin Adler. + + Another part of making threads exist in WebKit. + + * wtf/WTFThreadData.cpp: + * wtf/WTFThreadData.h: + (WTF::wtfThreadData): + +2011-09-21 Dan Bernstein <mitz@apple.com> + + JavaScriptCore Part of: Prevent the WebKit frameworks from defining inappropriately-named Objective-C classes + https://bugs.webkit.org/show_bug.cgi?id=68451 + + Reviewed by Darin Adler. + + * JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase that invokes + check-for-inappropriate-objc-class-names, allowing only class names prefixed with "JS". + +2011-09-20 Gavin Barraclough <barraclough@apple.com> + + MacroAssembler fixes. + https://bugs.webkit.org/show_bug.cgi?id=68494 + + Reviewed by Sam Weinig. + + Add X86-64's 3 operand or32 to other MacroAssembler, fix load32's [const] void* mismatch + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::orPtr): + (JSC::MacroAssembler::loadPtr): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::or32): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::or32): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::or32): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::or32): + (JSC::MacroAssemblerSH4::load32): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::load32): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::load32): + +2011-09-20 Geoffrey Garen <ggaren@apple.com> + + Some Heap cleanup. + + Reviewed by Beth Dakin. + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::blessNewBlock): Removed blessNewBlockForSlowPath() + because it was unused; renamed blessNewBlockForFastPath() to blessNewBlock() + since there is only one now. + + * heap/MarkedBlock.h: Removed ownerSet-related stuff since it was unused. + Updated mark bit overhead calculation. Deployed atomsPerBlock in one + place where we were recalculating it. + + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::addBlock): Updated for rename. + +2011-09-20 Filip Pizlo <fpizlo@apple.com> + + DFG JIT always speculates integer on modulo + https://bugs.webkit.org/show_bug.cgi?id=68485 + + Reviewed by Oliver Hunt. + + Added support for double modulo, which is a call to fmod(). + Also added support for recording the old JIT's statistics + on op_mod and propagating them along the graph. Finally, + fixed a goof in the ArithNodeFlags propagation logic that + was made obvious when I started testing ArithMod. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasArithNodeFlags): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::fixupNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-20 ChangSeok Oh <shivamidow@gmail.com> + + [GTK] requestAnimationFrame support for gtk port + https://bugs.webkit.org/show_bug.cgi?id=66280 + + Reviewed by Martin Robinson. + + Let GTK port use REQUEST_ANIMATION_FRAME_TIMER. + + * wtf/Platform.h: + +2011-09-20 Filip Pizlo <fpizlo@apple.com> + + DFG JIT performs too many negative zero checks, and too many + overflow checks + https://bugs.webkit.org/show_bug.cgi?id=68430 + + Reviewed by Oliver Hunt. + + This adds comprehensive support for deciding how to perform an + arithmetic operations based on a combination of overflow profiling, + negative zero profiling, value profiling, and a static analysis of + how the results of these operations get used. + + This is a 72% speed-up on stanford-crypto-sha256-iterative, and a + 2.5% speed-up on the Kraken average, a 1.4% speed-up on the V8 + geomean, and neutral on SunSpider. It's also an 8.5% speed-up on + V8-crypto, because apparenty everything we do speeds up crypto. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::toInt32): + (JSC::DFG::ByteCodeParser::toNumber): + (JSC::DFG::ByteCodeParser::isSmallInt32Constant): + (JSC::DFG::ByteCodeParser::valueOfInt32Constant): + (JSC::DFG::ByteCodeParser::weaklyPredictInt32): + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::handleMinMax): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): + * dfg/DFGNode.h: + (JSC::DFG::nodeUsedAsNumber): + (JSC::DFG::nodeCanTruncateInteger): + (JSC::DFG::nodeCanIgnoreNegativeZero): + (JSC::DFG::nodeCanSpeculateInteger): + (JSC::DFG::arithNodeFlagsAsString): + (JSC::DFG::Node::Node): + (JSC::DFG::Node::hasArithNodeFlags): + (JSC::DFG::Node::rawArithNodeFlags): + (JSC::DFG::Node::arithNodeFlags): + (JSC::DFG::Node::arithNodeFlagsForCompare): + (JSC::DFG::Node::setArithNodeFlag): + (JSC::DFG::Node::mergeArithNodeFlags): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::isNotNegZero): + (JSC::DFG::Propagator::isNotZero): + (JSC::DFG::Propagator::propagateArithNodeFlags): + (JSC::DFG::Propagator::propagateArithNodeFlagsForward): + (JSC::DFG::Propagator::propagateArithNodeFlagsBackward): + (JSC::DFG::Propagator::propagateNodePredictions): + (JSC::DFG::Propagator::propagatePredictionsForward): + (JSC::DFG::Propagator::propagatePredictionsBackward): + (JSC::DFG::Propagator::toDouble): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::fixup): + (JSC::DFG::Propagator::startIndexForChildren): + (JSC::DFG::Propagator::endIndexForPureCSE): + (JSC::DFG::Propagator::pureCSE): + (JSC::DFG::Propagator::clobbersWorld): + (JSC::DFG::Propagator::setReplacement): + (JSC::DFG::Propagator::performNodeCSE): + (JSC::DFG::Propagator::localCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + +2011-09-19 Oliver Hunt <oliver@apple.com> + + Refactor Heap allocation logic into separate AllocationSpace class + https://bugs.webkit.org/show_bug.cgi?id=68409 + + Reviewed by Gavin Barraclough. + + This patch hoists direct manipulation of the MarkedSpace and related + data out of Heap and into a separate class. This will allow us to + have multiple allocation spaces in future, so easing the way towards + having GC'd backing stores for objects. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * debugger/Debugger.cpp: + (JSC::Debugger::recompileAllJSFunctions): + * heap/AllocationSpace.cpp: Added. + (JSC::AllocationSpace::tryAllocate): + (JSC::AllocationSpace::allocateSlowCase): + (JSC::AllocationSpace::allocateBlock): + (JSC::AllocationSpace::freeBlocks): + (JSC::TakeIfEmpty::TakeIfEmpty): + (JSC::TakeIfEmpty::operator()): + (JSC::TakeIfEmpty::returnValue): + (JSC::AllocationSpace::shrink): + * heap/AllocationSpace.h: Added. + (JSC::AllocationSpace::AllocationSpace): + (JSC::AllocationSpace::blocks): + (JSC::AllocationSpace::sizeClassFor): + (JSC::AllocationSpace::setHighWaterMark): + (JSC::AllocationSpace::highWaterMark): + (JSC::AllocationSpace::canonicalizeBlocks): + (JSC::AllocationSpace::resetAllocator): + (JSC::AllocationSpace::forEachCell): + (JSC::AllocationSpace::forEachBlock): + (JSC::AllocationSpace::allocate): + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::reportExtraMemoryCostSlowCase): + (JSC::Heap::getConservativeRegisterRoots): + (JSC::Heap::markRoots): + (JSC::Heap::clearMarks): + (JSC::Heap::sweep): + (JSC::Heap::objectCount): + (JSC::Heap::size): + (JSC::Heap::capacity): + (JSC::Heap::globalObjectCount): + (JSC::Heap::objectTypeCounts): + (JSC::Heap::collect): + (JSC::Heap::canonicalizeBlocks): + (JSC::Heap::resetAllocator): + (JSC::Heap::freeBlocks): + (JSC::Heap::shrink): + * heap/Heap.h: + (JSC::Heap::objectSpace): + (JSC::Heap::sizeClassForObject): + (JSC::Heap::allocate): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateBasicJSObject): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::recompileAllJSFunctions): + (JSC::JSGlobalData::releaseExecutableMemory): + +2011-09-19 Geoffrey Garen <ggaren@apple.com> + + Removed BREWMP* platform #ifdefs + https://bugs.webkit.org/show_bug.cgi?id=68425 + + BREWMP* has no maintainer, and this is dead code. + + Reviewed by Darin Adler. + + * heap/MarkStack.h: + (JSC::::shrinkAllocation): + * jit/ExecutableAllocator.h: + (JSC::ExecutableAllocator::cacheFlush): + * runtime/TimeoutChecker.cpp: + (JSC::getCPUTime): + * wtf/Assertions.cpp: + * wtf/Assertions.h: + * wtf/CurrentTime.cpp: + * wtf/DateMath.cpp: + (WTF::calculateUTCOffset): + * wtf/FastMalloc.cpp: + (WTF::fastMalloc): + (WTF::fastCalloc): + (WTF::fastMallocSize): + * wtf/FastMalloc.h: + * wtf/MainThread.cpp: + * wtf/MathExtras.h: + * wtf/OwnPtrCommon.h: + * wtf/Platform.h: + * wtf/RandomNumber.cpp: + (WTF::randomNumber): + * wtf/RandomNumberSeed.h: + (WTF::initializeRandomNumberGenerator): + * wtf/text/WTFString.h: + * wtf/unicode/Unicode.h: + +2011-09-20 Adam Roben <aroben@apple.com> + + Windows build fix after r95523 + + * wtf/CheckedArithmetic.h: Added stdint.h so we can have int64_t defined. + +2011-09-18 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not speculate aggressively enough on GetById + https://bugs.webkit.org/show_bug.cgi?id=68320 + + Reviewed by Oliver Hunt. + + This adds the ability to access properties directly, by offset. + This optimization kicks in when at the time of DFG compilation, + it appears that the given get_by_id is self-cached by the old JIT. + Two new opcodes get introduced: CheckStructure and GetByOffset. + CheckStructure performs a speculation check on the object's + structure, and returns the storage pointer. GetByOffset performs + a direct read of the field from the storage pointer. Both + CheckStructure and GetByOffset can be CSE'd, so that we can + eliminate redundant structure checks, and redundant reads of the + same field. + + This is a 4% speed-up on V8, a 2% slow-down on Kraken, and + neutral on SunSpider. + + * bytecode/PredictedType.cpp: + (JSC::predictionFromClassInfo): + (JSC::predictionFromStructure): + (JSC::predictionFromCell): + * bytecode/PredictedType.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGenerationInfo.h: + (JSC::DFG::dataFormatToString): + (JSC::DFG::needDataFormatConversion): + (JSC::DFG::GenerationInfo::initStorage): + (JSC::DFG::GenerationInfo::spill): + (JSC::DFG::GenerationInfo::fillStorage): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::getPrediction): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::fillStorage): + (JSC::DFG::GPRTemporary::GPRTemporary): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentSpillGPR): + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::spill): + (JSC::DFG::JITCodeGenerator::storageResult): + (JSC::DFG::StorageOperand::StorageOperand): + (JSC::DFG::StorageOperand::~StorageOperand): + (JSC::DFG::StorageOperand::index): + (JSC::DFG::StorageOperand::gpr): + (JSC::DFG::StorageOperand::use): + * dfg/DFGNode.h: + (JSC::DFG::OpInfo::OpInfo): + (JSC::DFG::Node::Node): + (JSC::DFG::Node::hasPrediction): + (JSC::DFG::Node::hasStructure): + (JSC::DFG::Node::structure): + (JSC::DFG::Node::hasStorageAccessData): + (JSC::DFG::Node::storageAccessDataIndex): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNode): + (JSC::DFG::Propagator::globalVarLoadElimination): + (JSC::DFG::Propagator::getMethodLoadElimination): + (JSC::DFG::Propagator::checkStructureLoadElimination): + (JSC::DFG::Propagator::getByOffsetLoadElimination): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compile): + * wtf/StdLibExtras.h: + (WTF::safeCast): + +2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove toPrimitive from JSCell + https://bugs.webkit.org/show_bug.cgi?id=67875 + + Reviewed by Darin Adler. + + Part of the refactoring process to un-virtualize JSCell. We move + all of the implicit functionality provided by the virtual toPrimitive method + in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while + also de-virtualizing JSCell::toPrimitive. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSCell.cpp: + (JSC::JSCell::toPrimitive): + * runtime/JSCell.h: + + We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from + JSObject. This pushes the virtual method further down, enabling us to get rid + of the virtual call in JSCell. Eventually we'll probably have to deal with this + again, but we'll cross that bridge when we come to it. + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::defaultValue): + * runtime/JSNotAnObject.h: + * runtime/JSObject.h: + * runtime/JSString.h: + +2011-09-19 Geoffrey Garen <ggaren@apple.com> + + Removed ENABLE_LAZY_BLOCK_FREEING and related #ifdefs + https://bugs.webkit.org/show_bug.cgi?id=68424 + + As discussed on webkit-dev. All ports build with threads enabled in JSC now. + + This may break WinCE and other ports that have not built and tested with + this configuration. I've filed bugs for port maintainers. It's time for + WebKit to move forward. + + Reviewed by Mark Rowe. + + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::~Heap): + (JSC::Heap::destroy): + (JSC::Heap::blockFreeingThreadMain): + (JSC::Heap::allocateBlock): + (JSC::Heap::freeBlocks): + (JSC::Heap::releaseFreeBlocks): + * heap/Heap.h: + * wtf/Platform.h: + +2011-09-19 Geoffrey Garen <ggaren@apple.com> + + Removed ENABLE_WTF_MULTIPLE_THREADS and related #ifdefs + https://bugs.webkit.org/show_bug.cgi?id=68423 + + As discussed on webkit-dev. All ports build with threads enabled in WTF now. + + This may break WinCE and other ports that have not built and tested with + this configuration. I've filed bugs for port maintainers. It's time for + WebKit to move forward. + + Reviewed by Mark Rowe. + + * wtf/CryptographicallyRandomNumber.cpp: + (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber): + (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues): + * wtf/FastMalloc.cpp: + * wtf/Platform.h: + * wtf/RandomNumber.cpp: + (WTF::randomNumber): + * wtf/RefCountedLeakCounter.cpp: + (WTF::RefCountedLeakCounter::increment): + (WTF::RefCountedLeakCounter::decrement): + * wtf/ThreadingPthreads.cpp: + (WTF::initializeThreading): + * wtf/ThreadingWin.cpp: + (WTF::initializeThreading): + * wtf/dtoa.cpp: + (WTF::pow5mult): + * wtf/gtk/ThreadingGtk.cpp: + (WTF::initializeThreading): + * wtf/qt/ThreadingQt.cpp: + (WTF::initializeThreading): + +2011-09-19 Geoffrey Garen <ggaren@apple.com> + + Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs. + https://bugs.webkit.org/show_bug.cgi?id=68422 + + As discussed on webkit-dev. All ports build with threads enabled in JSC now. + + This may break WinCE and other ports that have not built and tested with + this configuration. I've filed bugs for port maintainers. It's time for + WebKit to move forward. + + Reviewed by Sam Weinig. + + * API/APIShims.h: + (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): + * API/JSContextRef.cpp: + * heap/MachineStackMarker.cpp: + (JSC::MachineThreads::MachineThreads): + (JSC::MachineThreads::~MachineThreads): + (JSC::MachineThreads::gatherConservativeRoots): + * heap/MachineStackMarker.h: + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + (JSC::initializeThreading): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::sharedInstance): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::makeUsableFromMultipleThreads): + * runtime/JSLock.cpp: + * runtime/Structure.cpp: + * wtf/Platform.h: + +2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r95493 and r95496. + http://trac.webkit.org/changeset/95493 + http://trac.webkit.org/changeset/95496 + https://bugs.webkit.org/show_bug.cgi?id=68418 + + Broke Windows build (Requested by rniwa on #webkit). + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * debugger/Debugger.cpp: + (JSC::Debugger::recompileAllJSFunctions): + * heap/AllocationSpace.cpp: Removed. + * heap/AllocationSpace.h: Removed. + * heap/Heap.cpp: + (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty): + (JSC::CountFunctor::TakeIfEmpty::operator()): + (JSC::CountFunctor::TakeIfEmpty::returnValue): + (JSC::Heap::Heap): + (JSC::Heap::reportExtraMemoryCostSlowCase): + (JSC::Heap::tryAllocate): + (JSC::Heap::allocateSlowCase): + (JSC::Heap::getConservativeRegisterRoots): + (JSC::Heap::markRoots): + (JSC::Heap::clearMarks): + (JSC::Heap::sweep): + (JSC::Heap::objectCount): + (JSC::Heap::size): + (JSC::Heap::capacity): + (JSC::Heap::globalObjectCount): + (JSC::Heap::objectTypeCounts): + (JSC::Heap::collect): + (JSC::Heap::canonicalizeBlocks): + (JSC::Heap::resetAllocator): + (JSC::Heap::allocateBlock): + (JSC::Heap::freeBlocks): + (JSC::Heap::shrink): + * heap/Heap.h: + (JSC::Heap::markedSpace): + (JSC::Heap::forEachCell): + (JSC::Heap::forEachBlock): + (JSC::Heap::sizeClassFor): + (JSC::Heap::allocate): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateBasicJSObject): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::recompileAllJSFunctions): + (JSC::JSGlobalData::releaseExecutableMemory): + +2011-09-19 Gavin Barraclough <barraclough@apple.com> + + Errrk, missed stylebot comments in last commit. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncSplit): + +2011-09-19 Gavin Barraclough <barraclough@apple.com> + + String#split is buggy + https://bugs.webkit.org/show_bug.cgi?id=68348 + + Reviewed by Sam Weinig. + + * runtime/StringPrototype.cpp: + (JSC::jsStringWithReuse): + - added helper function to reuse original JSString value. + (JSC::stringProtoFuncSplit): + - Rewritten from the spec. + * tests/mozilla/ecma/String/15.5.4.8-2.js: + (getTestCases): + - This test is not ES5 compliant. + +2011-09-19 Geoffrey Garen <ggaren@apple.com> + + Removed lots of friend declarations from JSCell, so we can more + effectively make use of private and protected. + + Reviewed by Sam Weinig. + + * runtime/JSCell.h: Removed MSVCBugWorkaround because it was a lot of + confusion for not much safety. + (JSC::JSCell::operator new): Made this public because it is used by a + few clients, and not really dangerous. + + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC::JSObject::deleteProperty): + (JSC::JSObject::defineGetter): + (JSC::JSObject::defineSetter): + (JSC::JSObject::getPropertySpecificValue): + (JSC::JSObject::getOwnPropertyNames): + (JSC::JSObject::seal): + (JSC::JSObject::freeze): + (JSC::JSObject::preventExtensions): + (JSC::JSObject::removeDirect): + (JSC::JSObject::createInheritorID): + (JSC::JSObject::allocatePropertyStorage): + (JSC::JSObject::getOwnPropertyDescriptor): + * runtime/JSObject.h: + (JSC::JSObject::getDirect): + (JSC::JSObject::getDirectLocation): + (JSC::JSObject::hasCustomProperties): + (JSC::JSObject::hasGetterSetterProperties): + (JSC::JSObject::isSealed): + (JSC::JSObject::isFrozen): + (JSC::JSObject::isExtensible): + (JSC::JSObject::flattenDictionaryObject): + (JSC::JSObject::finishCreation): + (JSC::JSObject::prototype): + (JSC::JSObject::setPrototype): + (JSC::JSObject::inlineGetOwnPropertySlot): + (JSC::JSCell::fastGetOwnProperty): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putDirectWithoutTransition): + (JSC::JSObject::transitionTo): + (JSC::JSObject::visitChildrenDirect): Changed all use of m_structure to + structure() / setStructure(), so we don't have to be a friend of JSCell. + + * runtime/Structure.h: + (JSC::JSCell::setStructure): Added, to avoid direct access by JSObject + to JSCell::m_structure. + +2011-09-19 Adam Barth <abarth@webkit.org> + + Always enable ENABLE(EVENTSOURCE) + https://bugs.webkit.org/show_bug.cgi?id=68414 + + Reviewed by Eric Seidel. + + * Configurations/FeatureDefines.xcconfig: + +2011-09-19 Eli Fidler <efidler@rim.com> + + Enable JSC_MULTIPLE_THREADS for OS(QNX). + https://bugs.webkit.org/show_bug.cgi?id=68047 + + Reviewed by Daniel Bates. + + SA_RESTART was required for SIGUSR2-based debugging, but is not + present on QNX. This debugging doesn't seem critical to + JSC_MULTIPLE_THREADS, so allow it to proceed. + + * heap/MachineStackMarker.cpp: + (JSC::MachineThreads::Thread::Thread): + (JSC::getPlatformThreadRegisters): + (JSC::otherThreadStackPointer): + (JSC::freePlatformThreadRegisters): + * wtf/Platform.h: enable PTHREADS for OS(QNX) + +2011-09-19 Oliver Hunt <oliver@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-09-19 Oliver Hunt <oliver@apple.com> + + Refactor Heap allocation logic into separate AllocationSpace class + https://bugs.webkit.org/show_bug.cgi?id=68409 + + Reviewed by Gavin Barraclough. + + This patch hoists direct manipulation of the MarkedSpace and related + data out of Heap and into a separate class. This will allow us to + have multiple allocation spaces in future, so easing the way towards + having GC'd backing stores for objects. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * debugger/Debugger.cpp: + (JSC::Debugger::recompileAllJSFunctions): + * heap/AllocationSpace.cpp: Added. + (JSC::AllocationSpace::tryAllocate): + (JSC::AllocationSpace::allocateSlowCase): + (JSC::AllocationSpace::allocateBlock): + (JSC::AllocationSpace::freeBlocks): + (JSC::TakeIfEmpty::TakeIfEmpty): + (JSC::TakeIfEmpty::operator()): + (JSC::TakeIfEmpty::returnValue): + (JSC::AllocationSpace::shrink): + * heap/AllocationSpace.h: Added. + (JSC::AllocationSpace::AllocationSpace): + (JSC::AllocationSpace::blocks): + (JSC::AllocationSpace::sizeClassFor): + (JSC::AllocationSpace::setHighWaterMark): + (JSC::AllocationSpace::highWaterMark): + (JSC::AllocationSpace::canonicalizeBlocks): + (JSC::AllocationSpace::resetAllocator): + (JSC::AllocationSpace::forEachCell): + (JSC::AllocationSpace::forEachBlock): + (JSC::AllocationSpace::allocate): + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::reportExtraMemoryCostSlowCase): + (JSC::Heap::getConservativeRegisterRoots): + (JSC::Heap::markRoots): + (JSC::Heap::clearMarks): + (JSC::Heap::sweep): + (JSC::Heap::objectCount): + (JSC::Heap::size): + (JSC::Heap::capacity): + (JSC::Heap::globalObjectCount): + (JSC::Heap::objectTypeCounts): + (JSC::Heap::collect): + (JSC::Heap::canonicalizeBlocks): + (JSC::Heap::resetAllocator): + (JSC::Heap::freeBlocks): + (JSC::Heap::shrink): + * heap/Heap.h: + (JSC::Heap::objectSpace): + (JSC::Heap::sizeClassForObject): + (JSC::Heap::allocate): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateBasicJSObject): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::recompileAllJSFunctions): + (JSC::JSGlobalData::releaseExecutableMemory): + +2011-09-19 Adam Roben <aroben@apple.com> + + Windows build fix after r95310 + + * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added + include\private\JavaScriptCore to the include path so DFGIntrinsic.h can be found. + +2011-09-19 Filip Pizlo <fpizlo@apple.com> + + DFG speculation failures should act as additional value profiles + https://bugs.webkit.org/show_bug.cgi?id=68335 + + Reviewed by Oliver Hunt. + + This adds slow-case counters to the old JIT. It also ensures that + negative zero in multiply is handled carefully. The old JIT + previously took slow path if the result of a multiply was zero, + which, without any changes, would cause the DFG to think that + every such multiply produced a double result. + + This also fixes a bug in the old JIT's handling of decrements. It + would take the slow path if the result was zero, but not if it + underflowed. + + By itself, this would be a 1% slow-down on V8 and Kraken. But then + I wrote optimizations in the DFG that take advantage of this new + information. It's no longer the case that every multiply needs to + do a check for negative zero; it only happens if the negative + zero is ignored. + + This results in a 12% speed-up on v8-crypto, for a 1.4% geomean + speed-up in V8. It's mostly neutral on Kraken. I can see an + 0.5% slow-down and it appears to be significant. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::resetRareCaseProfiles): + (JSC::CodeBlock::dumpValueProfiles): + * bytecode/CodeBlock.h: + * bytecode/ValueProfile.h: + (JSC::RareCaseProfile::RareCaseProfile): + (JSC::getRareCaseProfileBytecodeOffset): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::toInt32): + (JSC::DFG::ByteCodeParser::makeSafe): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::GPRTemporary::GPRTemporary): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNode): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::clobbersWorld): + (JSC::DFG::Propagator::performNodeCSE): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): + * jit/JIT.h: + (JSC::JIT::linkDummySlowCase): + * jit/JITArithmetic.cpp: + (JSC::JIT::emit_op_post_dec): + (JSC::JIT::emit_op_pre_dec): + (JSC::JIT::compileBinaryArithOp): + (JSC::JIT::emit_op_add): + (JSC::JIT::emitSlow_op_add): + * jit/JITInlineMethods.h: + (JSC::JIT::addSlowCase): + +2011-09-19 Adam Roben <aroben@apple.com> + + Windows build fix after r94575 + + * JavaScriptCore.vcproj/JavaScriptCore.sln: Relinearized project dependencies. testRegExp + now builds just before FindSafari. + +2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r95466. + http://trac.webkit.org/changeset/95466 + https://bugs.webkit.org/show_bug.cgi?id=68389 + + Incorrect version of the patch. (Requested by mhahnenberg on + #webkit). + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSCell.cpp: + (JSC::JSCell::toPrimitive): + * runtime/JSCell.h: + (JSC::JSCell::JSValue::toPrimitive): + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::toPrimitive): + * runtime/JSNotAnObject.h: + * runtime/JSObject.h: + * runtime/JSString.h: + +2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove toPrimitive from JSCell + https://bugs.webkit.org/show_bug.cgi?id=67875 + + Reviewed by Geoffrey Garen. + + Part of the refactoring process to un-virtualize JSCell. We move + all of the implicit functionality provided by the virtual toPrimitive method + in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while + also de-virtualizing JSCell::toPrimitive. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSCell.cpp: + (JSC::JSCell::toPrimitive): + * runtime/JSCell.h: + + We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from + JSObject. This pushes the virtual method further down, enabling us to get rid + of the virtual call in JSCell. Eventually we'll probably have to deal with this + again, but we'll cross that bridge when we come to it. + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::defaultValue): + * runtime/JSNotAnObject.h: + * runtime/JSObject.h: + * runtime/JSString.h: + (JSC::JSValue::toPrimitive): + +2011-09-19 Oliver Hunt <oliver@apple.com> + + Build fix. + + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::compileGetDirectOffset): + +2011-09-19 Oliver Hunt <oliver@apple.com> + + Rename NewSpace.{h,cpp} to MarkedSpace.{h,cpp} + https://bugs.webkit.org/show_bug.cgi?id=68376 + + Reviewed by Gavin Barraclough. + + Renamed the the MarkedSpace files to match new name, and + updated the relevant references. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/Heap.h: + * heap/MarkedSpace.cpp: Renamed from Source/JavaScriptCore/heap/NewSpace.cpp. + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::addBlock): + (JSC::MarkedSpace::removeBlock): + (JSC::MarkedSpace::resetAllocator): + (JSC::MarkedSpace::canonicalizeBlocks): + * heap/MarkedSpace.h: Renamed from Source/JavaScriptCore/heap/NewSpace.h. + (JSC::MarkedSpace::waterMark): + (JSC::MarkedSpace::highWaterMark): + (JSC::MarkedSpace::setHighWaterMark): + (JSC::MarkedSpace::sizeClassFor): + (JSC::MarkedSpace::allocate): + (JSC::MarkedSpace::forEachBlock): + (JSC::MarkedSpace::SizeClass::SizeClass): + (JSC::MarkedSpace::SizeClass::resetAllocator): + (JSC::MarkedSpace::SizeClass::canonicalizeBlock): + * runtime/JSCell.h: + +2011-09-19 Oliver Hunt <oliver@apple.com> + + Rename NewSpace to MarkedSpace + https://bugs.webkit.org/show_bug.cgi?id=68375 + + Reviewed by Gavin Barraclough. + + Rename NewSpace to a more accurate name, and update all uses. + This patch doesn't rename the files themselves as that will + just make the patch appear bigger than it is. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * heap/Heap.cpp: + (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty): + (JSC::CountFunctor::TakeIfEmpty::operator()): + (JSC::Heap::Heap): + (JSC::Heap::reportExtraMemoryCostSlowCase): + (JSC::Heap::tryAllocate): + (JSC::Heap::allocateSlowCase): + (JSC::Heap::collect): + (JSC::Heap::canonicalizeBlocks): + (JSC::Heap::resetAllocator): + (JSC::Heap::isValidAllocation): + (JSC::Heap::shrink): + * heap/Heap.h: + (JSC::Heap::markedSpace): + (JSC::Heap::sizeClassFor): + (JSC::Heap::allocate): + * heap/NewSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::addBlock): + (JSC::MarkedSpace::removeBlock): + (JSC::MarkedSpace::resetAllocator): + (JSC::MarkedSpace::canonicalizeBlocks): + * heap/NewSpace.h: + (JSC::MarkedSpace::waterMark): + (JSC::MarkedSpace::highWaterMark): + (JSC::MarkedSpace::setHighWaterMark): + (JSC::MarkedSpace::sizeClassFor): + (JSC::MarkedSpace::allocate): + (JSC::MarkedSpace::forEachBlock): + (JSC::MarkedSpace::SizeClass::SizeClass): + (JSC::MarkedSpace::SizeClass::resetAllocator): + (JSC::MarkedSpace::SizeClass::canonicalizeBlock): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateBasicJSObject): + +2011-09-19 Peter Rybin <peter.rybin@gmail.com> + + TextPosition refactoring: Merge ZeroBasedNumber and OneBasedNumber classes + https://bugs.webkit.org/show_bug.cgi?id=63541 + + Reviewed by Adam Barth. + + * parser/SourceProvider.h: + (JSC::SourceProvider::startPosition): + * wtf/text/TextPosition.h: + (WTF::OrdinalNumber::fromZeroBasedInt): + (WTF::OrdinalNumber::fromOneBasedInt): + (WTF::OrdinalNumber::OrdinalNumber): + (WTF::OrdinalNumber::zeroBasedInt): + (WTF::OrdinalNumber::oneBasedInt): + (WTF::OrdinalNumber::operator==): + (WTF::OrdinalNumber::operator!=): + (WTF::OrdinalNumber::first): + (WTF::OrdinalNumber::beforeFirst): + (WTF::TextPosition::TextPosition): + (WTF::TextPosition::minimumPosition): + (WTF::TextPosition::belowRangePosition): + +2011-09-19 Dan Bernstein <mitz@apple.com> + + JavaScriptCore part of [mac] WebKit contains Objective-C classes that are not prefixed with its standard prefixes + https://bugs.webkit.org/show_bug.cgi?id=68323 + + Reviewed by Sam Weinig. + + Renamed WTFMainThreadCaller to JSWTFMainThreadCaller. + + * wtf/mac/MainThreadMac.mm: + (WTF::initializeMainThreadPlatform): + (WTF::initializeMainThreadToProcessMainThreadPlatform): + +2011-09-19 Oliver Hunt <oliver@apple.com> + + Remove direct property slot pointers from the instruction stream + https://bugs.webkit.org/show_bug.cgi?id=68373 + + Reviewed by Gavin Barraclough. + + Use an indirect load to access prototype properties rather than directly + storing the property address in the instruction stream. This should allow + further optimisations in future, and also provides a 0.5% win to sunspider. + + * dfg/DFGRepatch.cpp: + (JSC::DFG::generateProtoChainAccessStub): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::compileGetDirectOffset): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::compileGetDirectOffset): + * runtime/JSObject.h: + (JSC::JSObject::addressOfPropertyStorage): + +2011-09-19 Oliver Hunt <oliver@apple.com> + + Remove bump allocator + https://bugs.webkit.org/show_bug.cgi?id=68370 + + Reviewed by Sam Weinig. + + Can't do anything with this allocator currently, and it's + increasing the complexity of the GC code. Slight progression + on SunSpider, slight regression (undoing the original progression) + in V8. + + * heap/Heap.cpp: + (JSC::Heap::collect): + * heap/Heap.h: + * heap/NewSpace.cpp: + (JSC::NewSpace::NewSpace): + * heap/NewSpace.h: + (JSC::NewSpace::allocate): + * runtime/JSObject.cpp: + (JSC::JSObject::allocatePropertyStorage): + * runtime/JSObject.h: + (JSC::JSObject::~JSObject): + (JSC::JSObject::visitChildrenDirect): + * runtime/StorageBarrier.h: + (JSC::StorageBarrier::set): + +2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Fix distcheck build + https://bugs.webkit.org/show_bug.cgi?id=68346 + + Reviewed by Philippe Normand. + + * GNUmakefile.list.am: + +2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Fix distcheck build + https://bugs.webkit.org/show_bug.cgi?id=68241 + + Reviewed by Martin Robinson. + + * GNUmakefile.list.am: + +2011-09-18 Dan Bernstein <mitz@apple.com> + + Removed ProfilerServer. + + Reviewed by Mark Rowe. + + * JavaScriptCore.gypi: + * JavaScriptCore.xcodeproj/project.pbxproj: + * profiler/ProfilerServer.h: Removed. + * profiler/ProfilerServer.mm: Removed. + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * wscript: + +2011-09-17 Filip Pizlo <fpizlo@apple.com> + + DFG JIT should inline Math.min, Math.max, and Math.sqrt + https://bugs.webkit.org/show_bug.cgi?id=68318 + + Reviewed by Gavin Barraclough. + + Adds Math.min, Math.max, and Math.sqrt intrinsics. Adds support for + a function to have an intrinsic but not a thunk generator. This is + a 7% speed-up on access-nbody, and neutral elsewhere, mainly because + we're still not DFG compiling the bulk of the hot code in Kraken audio + benchmarks. + + * create_hash_table: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleMinMax): + (JSC::DFG::ByteCodeParser::handleIntrinsic): + * dfg/DFGIntrinsic.h: + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNode): + (JSC::DFG::Propagator::fixupNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + +2011-09-18 Nico Weber <thakis@chromium.org> + + Remove two files from JavaScriptCore.gypi that were removed in r95240 + https://bugs.webkit.org/show_bug.cgi?id=68327 + + Unreviewed, build warning fix. + + * JavaScriptCore.gypi: + +2011-09-17 Oliver Hunt <oliver@apple.com> + + Remove special case handling of inline storage from the JIT + https://bugs.webkit.org/show_bug.cgi?id=68319 + + Reviewed by Gavin Barraclough. + + Simplify logic used for reading and writing to property storage + by removing the special cases for inline storage. This has no + perf impact. + + * dfg/DFGRepatch.cpp: + (JSC::DFG::generateProtoChainAccessStub): + (JSC::DFG::tryBuildGetByIDList): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::compilePutDirectOffset): + (JSC::JIT::compileGetDirectOffset): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompileGetByIdSelfList): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::compilePutDirectOffset): + (JSC::JIT::compileGetDirectOffset): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompileGetByIdSelfList): + +2011-09-17 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not have full block-local CSE + https://bugs.webkit.org/show_bug.cgi?id=68316 + + Reviewed by Oliver Hunt. + + This adds block-local CSE to the DFG. CSE runs in the propagator just after + type propagation. It is part of the propagator itself because it needs to + use the propagator's internal data structures to determine which operations + may have side effects. Because it changes the live-ranges of nodes, the + virtual register allocator had to be moved into the propagator so that it + runs after CSE. To ensure that the back-end knows to keep the inputs to + any eliminated node alive for OSR, a new node type, Phantom, was introduced. + It is a no-op but prolonges the live-range of its inputs. + + This is an 80% speed-up on imaging-gaussian-blur, and a 10% speed-up on + Kraken. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGAliasTracker.h: Removed. + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::MethodCheckData::operator==): + (JSC::DFG::MethodCheckData::operator!=): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasVirtualRegister): + (JSC::DFG::Node::setRefCount): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::Propagator): + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::propagateNode): + (JSC::DFG::Propagator::canonicalize): + (JSC::DFG::Propagator::computeStartIndex): + (JSC::DFG::Propagator::startIndex): + (JSC::DFG::Propagator::pureCSE): + (JSC::DFG::Propagator::globalVarLoadElimination): + (JSC::DFG::Propagator::getByValLoadElimination): + (JSC::DFG::Propagator::getMethodLoadElimination): + (JSC::DFG::Propagator::performSubstitution): + (JSC::DFG::Propagator::setReplacement): + (JSC::DFG::Propagator::performNodeCSE): + (JSC::DFG::Propagator::performBlockCSE): + (JSC::DFG::Propagator::localCSE): + (JSC::DFG::Propagator::allocateVirtualRegisters): + (JSC::DFG::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-16 Filip Pizlo <fpizlo@apple.com> + + method_check should repatch itself if it finds that the new structure(s) + are the result of transitions from the old structure(s) + https://bugs.webkit.org/show_bug.cgi?id=68294 + + Reviewed by Gavin Barraclough. + + Previously a patched method_check would slow-path to get_by_id. Now it + slow-paths to method_check_update, which attempts to correct the + method_check due to structure transitions before bailing to get_by_id. + + This is a 1-2% speed-up on some benchmarks and is not a slow-down + anywhere, leading to a 0.6% speed-up on the Kraken geomean. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::patchMethodCallProto): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + * runtime/Structure.h: + (JSC::Structure::transitivelyTransitionedFrom): + +2011-09-16 Ryosuke Niwa <rniwa@webkit.org> + + Touch Platform.h in the hope to fix SnowLeopard Intel Release (WebKit2 Tests). + + * wtf/Platform.h: + +2011-09-16 Sam Weinig <sam@webkit.org> + + Rename APIValueWrapper type to APIValueWrapperType for consistency + https://bugs.webkit.org/show_bug.cgi?id=68306 + + Reviewed by Anders Carlsson. + + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + Update name. + + * runtime/JSType.h: + Update name and un-indent. + + * runtime/Structure.h: + (JSC::JSCell::isAPIValueWrapper): + Update name. + +2011-09-16 Sam Weinig <sam@webkit.org> + + Remove unused isStrictModeFunction function + https://bugs.webkit.org/show_bug.cgi?id=68305 + + Reviewed by Anders Carlsson. + + * runtime/JSObject.h: + (JSC::JSObject::isStrictModeFunction): + +2011-09-16 Sam Weinig <sam@webkit.org> + + Cleanup JSTypeInfo a bit + https://bugs.webkit.org/show_bug.cgi?id=68289 + + Reviewed by Anders Carlsson. + + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + Replace direct access to flags() with predicate. + + * runtime/JSObject.h: + (JSC::JSFinalObject::createStructure): + Pass FinalObjectType instead of using special IsJSFinalObject. + + * runtime/JSTypeInfo.h: + (JSC::TypeInfo::TypeInfo): + Add additional assert that you should no object should OverridesHasInstance but not have ImplementsHasInstance set. + + (JSC::TypeInfo::isFinalObject): + Added. + + (JSC::TypeInfo::masqueradesAsUndefined): + (JSC::TypeInfo::implementsHasInstance): + (JSC::TypeInfo::isEnvironmentRecord): + (JSC::TypeInfo::overridesHasInstance): + (JSC::TypeInfo::implementsDefaultHasInstance): + (JSC::TypeInfo::overridesGetOwnPropertySlot): + (JSC::TypeInfo::overridesVisitChildren): + (JSC::TypeInfo::overridesGetPropertyNames): + (JSC::TypeInfo::prohibitsPropertyCaching): + (JSC::TypeInfo::isSetOnFlags1): + (JSC::TypeInfo::isSetOnFlags2): + Replace direct bit twiddling with helper functions. + + * runtime/Structure.cpp: + (JSC::Structure::Structure): + Use new isFinalObject() predicate. + +2011-09-16 Gavin Barraclough <barraclough@apple.com> + + Unsigned bit shift fails under certain conditions in 32 bit builds + https://bugs.webkit.org/show_bug.cgi?id=68166 + + Reviewed by Geoff Garen. + + The major bug here is that the slow case (which handles shifts of + doubles) doesn't check for negative results from an unsigned shift + (which should be unsigned, and as such can't be represented by a + signed integer immediate). The implementation is also flawed for + shifts by negative shift amounts (treats as shift by zero). + + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emitRightShift): + (JSC::JIT::emitRightShiftSlowCase): + +2011-09-16 Geoffrey Garen <ggaren@apple.com> + + Removed undetectable style.filter. + + Reviewed by Sam Weinig. + + This feature was added in http://trac.webkit.org/changeset/15557 to + support housingmaps.com. But housingmaps.com no longer needs this hack, + we don't know of other websites that need it, and we don't know of + any other browsers that have implemented this feature. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/JSTypeInfo.h: + * runtime/StringObjectThatMasqueradesAsUndefined.h: Removed. + +2011-09-15 Sam Weinig <sam@webkit.org> + + Prepare JSTypes for more Object subtypes + https://bugs.webkit.org/show_bug.cgi?id=68200 + + Reviewed by Gavin Barraclough. + + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::branchIfNotObject): + * jit/JITInlineMethods.h: + (JSC::JIT::emitJumpIfNotObject): + * runtime/JSGlobalObject.h: + (JSC::Structure::prototypeForLookup): + * runtime/JSObject.h: + (JSC::JSObject::finishCreation): + * runtime/JSType.h: + * runtime/JSTypeInfo.h: + (JSC::TypeInfo::type): + (JSC::TypeInfo::isObject): + (JSC::TypeInfo::isFinal): + (JSC::TypeInfo::prohibitsPropertyCaching): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::finishCreation): + * runtime/Operations.cpp: + (JSC::jsIsObjectType): + * runtime/Structure.cpp: + (JSC::Structure::addPropertyTransitionToExistingStructure): + (JSC::Structure::addPropertyTransition): + * runtime/Structure.h: + (JSC::Structure::isObject): + (JSC::JSCell::isObject): + +2011-09-16 Geoffrey Garen <ggaren@apple.com> + + Rolled back in r95201 with test failure fixed. + + I missed two cases of jumpSlowToHot in rshift -- these cases need to be + sure to initialize regT1 to the int tag, since it will otherwise hold + the top 32 bits of a double. + + * jit/JIT.h: + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_lshift): + (JSC::JIT::emitRightShift): + (JSC::JIT::emitRightShiftSlowCase): + (JSC::JIT::emit_op_bitand): + (JSC::JIT::emit_op_bitor): + (JSC::JIT::emit_op_bitxor): + (JSC::JIT::emit_op_bitnot): + (JSC::JIT::emit_op_post_inc): + (JSC::JIT::emit_op_post_dec): + (JSC::JIT::emit_op_pre_inc): + (JSC::JIT::emit_op_pre_dec): + * jit/JITInlineMethods.h: + (JSC::JIT::emitStoreAndMapInt32): + +2011-09-16 Filip Pizlo <fpizlo@apple.com> + + Unreviewed Windows build fix after 95318. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-09-16 Adam Roben <aroben@apple.com> + + Windows build fix after r95310 + + * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added include\private\JavaScriptCore to the + include path so DFGIntrinsic.h can be found. + +2011-09-16 Gavin Barraclough <barraclough@apple.com> + + Rationalize JSObject::putDirect* methods + https://bugs.webkit.org/show_bug.cgi?id=68274 + + Reviewed by Sam Weinig. + + Delete the *Function variants. These are overall inefficient, + in the way they get the name back from the function rather + than just passing it in. + + * JavaScriptCore.exp: + * jsc.cpp: + (GlobalObject::finishCreation): + (GlobalObject::addFunction): + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::addFunctionProperties): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC::JSObject::putWithAttributes): + (JSC::JSObject::defineGetter): + (JSC::JSObject::defineSetter): + * runtime/JSObject.h: + (JSC::JSObject::putDirect): + (JSC::JSObject::putDirectWithoutTransition): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/Lookup.h: + (JSC::lookupPut): + +2011-09-16 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for Windows. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + +2011-09-16 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for non-DFG builds. + + * runtime/Executable.h: + (JSC::NativeExecutable::finishCreation): + +2011-09-16 Filip Pizlo <fpizlo@apple.com> + + DFG JIT should inline Math.abs + https://bugs.webkit.org/show_bug.cgi?id=68227 + + Reviewed by Oliver Hunt. + + This adds the ability to track intrinsic functions throughout the + host function infrastructure, so that the DFG can easily query + whether or not a call's target is intrinsic, and if so, which + intrinsic it is. + + On top of this, it adds Math.abs intrinsics to DFG. Call(Math.abs) + is transformed into ValueToNumber<-ArithAbs nodes. These nodes + then get optimized using the usual tricks. + + Also had to make a completely unrelated change to + DateInstanceCache.h in order to fix a preexisting alphabetical + sorting problem in JSGlobalData.h + + This results in a big win in imaging-gaussian-blur: 61% faster + than before. The net win on Kraken is around 13%. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * create_hash_table: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::isFunctionConstant): + (JSC::DFG::Graph::valueOfFunctionConstant): + * dfg/DFGIntrinsic.h: Added. + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::isFunctionConstant): + (JSC::DFG::JITCodeGenerator::valueOfFunctionConstant): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::isFunctionConstant): + (JSC::DFG::JITCompiler::valueOfFunctionConstant): + * dfg/DFGNode.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): + * jit/JITStubs.h: + * runtime/DateInstanceCache.h: + * runtime/Executable.cpp: + (JSC::ExecutableBase::intrinsic): + (JSC::NativeExecutable::intrinsic): + * runtime/Executable.h: + (JSC::NativeExecutable::create): + (JSC::NativeExecutable::finishCreation): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::getHostFunction): + * runtime/JSGlobalData.h: + * runtime/Lookup.cpp: + (JSC::HashTable::createTable): + (JSC::setUpStaticFunctionSlot): + * runtime/Lookup.h: + (JSC::HashEntry::initialize): + (JSC::HashEntry::intrinsic): + +2011-09-16 Filip Pizlo <fpizlo@apple.com> + + REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences + using Domino's online ordering + https://bugs.webkit.org/show_bug.cgi?id=68220 + + Reviewed by Oliver Hunt. + + Weak handle processing can result in new objects being marked, which + results in new WeakReferencesHarvesters being added. But weak + reference harvesters are only processed before weak handle processing, + so there's the risk that a weak reference harvester will persist + until the next collection, by which time it may have been deleted. + + * heap/Heap.cpp: + (JSC::Heap::markRoots): + +2011-09-16 Csaba Osztrogonác <ossy@webkit.org> + + REGRESSION(r95201): It made two tests fail + https://bugs.webkit.org/show_bug.cgi?id=68230 + + Unreviewed rolling out r95201. + + * jit/JIT.h: + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_lshift): + (JSC::JIT::emitRightShift): + (JSC::JIT::emit_op_bitand): + (JSC::JIT::emit_op_bitor): + (JSC::JIT::emit_op_bitxor): + (JSC::JIT::emit_op_bitnot): + (JSC::JIT::emit_op_post_inc): + (JSC::JIT::emit_op_post_dec): + (JSC::JIT::emit_op_pre_inc): + (JSC::JIT::emit_op_pre_dec): + * jit/JITInlineMethods.h: + +2011-09-15 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not optimize method_check + https://bugs.webkit.org/show_bug.cgi?id=68215 + + Reviewed by Oliver Hunt. + + MethodCallLinkInfo and StructureStubInfo are now searchable by + bytecodeIndex, so that DFG::ByteCodeParser can use that information + to determine how to optimize GetMethod. + + A new node op has been added to DFG: CheckMethod. This is a variant + of GetMethod that has been optimized for the case that GetMethod + always takes the fast path. CheckMethod results in only a very + small amount of code (two loads and two branches in the worst case, + one load and one branch in the best case). CheckMethod behaves as + if it were a constant. + + Introduced the notion that a DFG node that is not JSConstant + behaves as a constant. CheckMethod uses this functionality. + + This is a 3% speed-up on Kraken, and a small speed-up on V8. + Appears to be neutral on SunSpider. + + * bytecode/CodeBlock.h: + (JSC::getStructureStubInfoBytecodeIndex): + (JSC::getMethodCallLinkInfoBytecodeIndex): + * bytecode/PredictedType.cpp: + (JSC::predictionFromCell): + (JSC::predictionFromValue): + * bytecode/PredictedType.h: + * bytecode/StructureStubInfo.h: + * dfg/DFGAliasTracker.h: + (JSC::DFG::AliasTracker::recordGetMethod): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::getMethodCheckPrediction): + (JSC::DFG::Graph::getPrediction): + (JSC::DFG::Graph::isConstant): + (JSC::DFG::Graph::isJSConstant): + (JSC::DFG::Graph::valueOfJSConstant): + (JSC::DFG::Graph::valueOfInt32Constant): + (JSC::DFG::Graph::valueOfNumberConstant): + (JSC::DFG::Graph::valueOfBooleanConstant): + (JSC::DFG::Graph::valueOfJSConstantNode): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::isKnownNotInteger): + (JSC::DFG::JITCodeGenerator::isKnownNotNumber): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentSpillFPR): + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::silentFillFPR): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::JITCompiler::fillInt32ToInteger): + (JSC::DFG::JITCompiler::fillToJS): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasConstant): + (JSC::DFG::Node::hasIdentifier): + (JSC::DFG::Node::hasMethodCheckData): + (JSC::DFG::Node::methodCheckDataIndex): + (JSC::DFG::Node::valueOfJSConstant): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JIT.h: + (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo): + (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::emit_op_put_by_id): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::emit_op_put_by_id): + * runtime/JSCell.h: + (JSC::JSCell::JSCell::structureAddress): + +2011-09-15 Adam Barth <abarth@webkit.org> + + Rename ENABLE(DATABASE) to ENABLE(SQL_DATABASE) + https://bugs.webkit.org/show_bug.cgi?id=68205 + + Reviewed by Eric Seidel. + + * Configurations/FeatureDefines.xcconfig: + * wtf/Platform.h: + +2011-09-15 Mark Hahnenberg <mhahnenberg@apple.com> + + Unzip initialization lists and constructors in JSCell hierarchy (7/7) + https://bugs.webkit.org/show_bug.cgi?id=68122 + + Reviewed by Geoffrey Garen. + + Completed the seventh and final level of the refactoring to add finishCreation() + methods to all classes within the JSCell hierarchy with non-trivial + constructor bodies. + + JSCallbackObject was missed in previous patches due to the fact that + it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so + this is just a bit of retroactive cleanup. + + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::create): + * API/JSCallbackObjectFunctions.h: + (JSC::::JSCallbackObject): + +2011-09-15 Filip Pizlo <fpizlo@apple.com> + + The DFG non-speculative JIT is no longer used and should be removed. + https://bugs.webkit.org/show_bug.cgi?id=68177 + + Reviewed by Geoffrey Garen. + + This removes the non-speculative JIT and everything that relied on it, + including the ability to turn on DFG but not tiered compilation the, + ability to perform speculation failure into non-speculative JIT code, + and the ability to statically terminate speculation. + + * GNUmakefile.list.am: + * JavaScriptCore.pro: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitLoopHint): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::getStrongPrediction): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGenerationInfo.h: + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGJITCodeGenerator.cpp: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::linkOSRExits): + (JSC::DFG::JITCompiler::compileBody): + * dfg/DFGJITCompiler.h: + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: Removed. + * dfg/DFGNonSpeculativeJIT.h: Removed. + * dfg/DFGOSREntry.cpp: + (JSC::DFG::prepareOSREntry): + * dfg/DFGPropagator.cpp: + * dfg/DFGPropagator.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::osrExits): + (JSC::DFG::SpeculativeJIT::speculationRecovery): + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompile): + * jit/JIT.h: + * jit/JITCode.h: + (JSC::JITCode::bottomTierJIT): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + * runtime/JSGlobalData.h: + * wtf/Platform.h: + +2011-09-15 Eric Seidel <eric@webkit.org> + + Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default + https://bugs.webkit.org/show_bug.cgi?id=68182 + + Reviewed by Adam Barth. + + * Configurations/FeatureDefines.xcconfig: + +2011-09-15 Filip Pizlo <fpizlo@apple.com> + + DFG speculative JIT sometimes asserts that a value is not a number + even when it doesn't know anything about the number + https://bugs.webkit.org/show_bug.cgi?id=68189 + + Reviewed by Oliver Hunt. + + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::isUnknownJS): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isKnownNotNumber): + +2011-09-15 Filip Pizlo <fpizlo@apple.com> + + All of the functionality in the non-speculative JIT should be + available to the speculative JIT via helper methods + https://bugs.webkit.org/show_bug.cgi?id=68186 + + Reviewed by Oliver Hunt. + + Stole all of the goodness from NonSpeculativeJIT and placed it + in JITCodeGenerator. Left all of the badness (i.e. subtle code + duplication with SpeculativeJIT, etc). This is in preparation + for removing the NonSpeculativeJIT entirely, but having its + goodness available for reuse in the SpeculativeJIT if necessary. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): + (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber): + (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): + (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod): + (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance): + (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::nonSpeculativeAdd): + (JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + +2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r95167. + http://trac.webkit.org/changeset/95167 + https://bugs.webkit.org/show_bug.cgi?id=68191 + + Patch needs further work. (Requested by mhahnenberg on + #webkit). + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSCell.cpp: + (JSC::JSCell::toBoolean): + * runtime/JSCell.h: + (JSC::JSCell::JSValue::toBoolean): + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::toBoolean): + * runtime/JSNotAnObject.h: + * runtime/JSObject.h: + * runtime/JSString.h: + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::toBoolean): + +2011-09-15 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for platforms that expect a linkable symbol + for primitive static const's. + + * bytecode/CodeBlock.h: + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + +2011-09-15 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for assertion on existence of alternative + CodeBlock. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + Value profiles collect no information for global variables + https://bugs.webkit.org/show_bug.cgi?id=68143 + + Reviewed by Geoffrey Garen. + + 17% speed-up on string-fasta. Neutral elsewhere. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getStrongPrediction): + (JSC::DFG::ByteCodeParser::stronglyPredict): + (JSC::DFG::ByteCodeParser::parseBlock): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_get_global_var): + +2011-09-15 Eric Seidel <eric@webkit.org> + + Remove ENABLE_SVG_ANIMATION as all major ports have it on by default + https://bugs.webkit.org/show_bug.cgi?id=68022 + + Reviewed by Ryosuke Niwa. + + * Configurations/FeatureDefines.xcconfig: + +2011-09-15 Gavin Barraclough <barraclough@apple.com> + + Ooops, revert accidentally commited unreviewed changes. + + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_jfalse): + (JSC::JIT::emit_op_jtrue): + * jit/JSInterfaceJIT.h: + * runtime/JSValue.h: + +2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r95163. + http://trac.webkit.org/changeset/95163 + https://bugs.webkit.org/show_bug.cgi?id=68180 + + [Qt] The QT_GCC_X variables were removed in Qt5 by accident. + (Requested by darktears on #webkit). + + * JavaScriptCore.pro: + +2011-09-15 Gavin Barraclough <barraclough@apple.com> + + Windows build fix p1. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_jfalse): + (JSC::JIT::emit_op_jtrue): + * jit/JSInterfaceJIT.h: + * runtime/JSValue.h: + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + Tiered compilation should be enabled by default on platforms + that support the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=68136 + + Reviewed by Sam Weinig. + + Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on + Kraken. Large progressions on some benchmarks, including + 3x on imaging-desaturate. + + * wtf/Platform.h: + +2011-09-15 Gavin Barraclough <barraclough@apple.com> + + devirtualize preventExtensions + https://bugs.webkit.org/show_bug.cgi?id=68176 + + Reviewed by Oliver Hunt. + + This is virtual due to problems in JSFunction putting the prototype + property, but we can fix this problem a different way, just setting + the checkReadOnly flag to false in the put. + + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertySlot): + * runtime/JSFunction.h: + * runtime/JSObject.h: + +2011-09-15 Geoffrey Garen <ggaren@apple.com> + + Value chaining for JSValue32_64 bitops. + + Reviewed by Sam Weinig. + + SunSpider says 2.3% faster, v8 ~1% faster (mostly due to crypto). + + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitStoreAndMapInt32): New int32 helper function for stores + that can chain their results, which is the common case. + + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_lshift): + (JSC::JIT::emitRightShift): + (JSC::JIT::emit_op_bitand): + (JSC::JIT::emit_op_bitor): + (JSC::JIT::emit_op_bitxor): + (JSC::JIT::emit_op_bitnot): + (JSC::JIT::emit_op_pre_inc): + (JSC::JIT::emit_op_pre_dec): Deployed new function. + (JSC::JIT::emit_op_post_inc): + (JSC::JIT::emit_op_post_dec): Had to reorder these functions so they + computed their result values last, to make them elligible for chaining. + +2011-09-15 Adam Roben <aroben@apple.com> + + Clang build fix after r95172 + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject): + (JSC::DFG::SpeculativeJIT::shouldSpeculateArray): + Added parentheses to make precendence clear. + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + DFG does not speculate aggressively enough on comparisons + https://bugs.webkit.org/show_bug.cgi?id=68138 + + Reviewed by Oliver Hunt. + + This is a 75% speed-up on Kraken/ai-astar. It's a 1% win on + V8 and an 8.5% win on Kraken. Neutral on SunSpider. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): + (JSC::DFG::SpeculativeJIT::compileObjectEquality): + (JSC::DFG::SpeculativeJIT::compare): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject): + (JSC::DFG::SpeculativeJIT::shouldSpeculateArray): + (JSC::DFG::SpeculativeJIT::shouldSpeculateObject): + (JSC::DFG::SpeculativeJIT::shouldSpeculateCell): + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not leverage integer speculations on branches + https://bugs.webkit.org/show_bug.cgi?id=68140 + + Reviewed by Oliver Hunt. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isStrictInt32): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-14 Gavin Barraclough <barraclough@apple.com> + + [n]stricteq code is bogus in JSValue32_64 JIT + https://bugs.webkit.org/show_bug.cgi?id=68141 + + Reviewed by Sam Weinig. + + The code tries to check for both ints or cells, but this check also + catches cases where values that are undefined, null, etc (probably + was incorrectly assuming cell was the 2nd highest tag?). + + Also, there is no need not to handle int on the fast path. + stricteq is just a case of comparing the payloads, if we: + * handle cases of differing tags on a slow path + * handle doubles a slow path + * handle both-are-string on a slow path + + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::compileOpStrictEq): + (JSC::JIT::emitSlow_op_stricteq): + (JSC::JIT::emitSlow_op_nstricteq): + +2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com> + + Make JSCell::toBoolean non-virtual + https://bugs.webkit.org/show_bug.cgi?id=67727 + + Reviewed by Sam Weinig. + + JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where + before it was simply virtual and would crash if its implementation was called). + Its descendants in JSObject and JSString have also been made non-virtual. JSCell now + explicitly covers all cases of toBoolean, so having a virtual implementation of + JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + * runtime/JSObject.h: + * runtime/JSString.h: + (JSC::JSCell::toBoolean): + (JSC::JSValue::toBoolean): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + +2011-09-14 Alexis Menard <alexis.menard@openbossa.org> + + [Qt] Replace QT_GCC_X as they don't exist in Qt5 anymore. + https://bugs.webkit.org/show_bug.cgi?id=68114 + + Reviewed by Kenneth Rohde Christiansen. + + Use the new GCC_X variables defined in WebKit.pri to replace + the usage of QT_GCC_X. + + * JavaScriptCore.pro: + +2011-09-14 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r95145. + http://trac.webkit.org/changeset/95145 + https://bugs.webkit.org/show_bug.cgi?id=68139 + + The GTK+ build is working now, so revert this trial build fix. + (Requested by mrobinson on #webkit). + + * GNUmakefile.list.am: + +2011-09-14 Patrick Gansterer <paroga@webkit.org> + + Port MachineStackMarker to Windows ARM and MIPS + https://bugs.webkit.org/show_bug.cgi?id=68068 + + Reviewed by Geoffrey Garen. + + Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS). + Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for + CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for + CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS). + + * heap/MachineStackMarker.cpp: + (JSC::getPlatformThreadRegisters): + (JSC::otherThreadStackPointer): + +2011-09-12 Filip Pizlo <fpizlo@apple.com> + + DFG JIT always speculates that ValueAdd is a numeric addition + https://bugs.webkit.org/show_bug.cgi?id=67956 + + Reviewed by Geoffrey Garen. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isKnownNotNumber): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + (JSC::DFG::NonSpeculativeJIT::basicArithOp): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber): + +2011-09-14 Anders Carlsson <andersca@apple.com> + + Stop building BinarySemaphore to see if that's what's breaking the GTK+ build. + + * GNUmakefile.list.am: + +2011-09-14 Anders Carlsson <andersca@apple.com> + + This is getting old. Yet another build fix attempt. + + * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: + +2011-09-14 Anders Carlsson <andersca@apple.com> + + Yet another build fix attempt. + + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + +2011-09-14 Anders Carlsson <andersca@apple.com> + + How I "love" Visual Studio... + + Try to fix build again. + + * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: + +2011-09-14 Anders Carlsson <andersca@apple.com> + + Try to fix Windows build. + + * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: + +2011-09-14 Anders Carlsson <andersca@apple.com> + + Add BinarySemaphore class from WebKit2 to WTF + https://bugs.webkit.org/show_bug.cgi?id=68132 + + Reviewed by Sam Weinig. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + Update build systems. + + * wtf/threads: Added. + * wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp. + * wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h. + * wtf/threads/win: Added. + * wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp. + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for Interpreter. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + +2011-09-14 Anders Carlsson <andersca@apple.com> + + Add wtf/threads and wtf/threads/win, so we can be sure that the EWS + bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132 + + Rubber-stamped by Sam Weinig. + + * wtf/threads: Added. + * wtf/threads/win: Added. + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + DFG JIT should not speculate integer if the value is always going to be + used as a double anyway + https://bugs.webkit.org/show_bug.cgi?id=68127 + + Reviewed by Oliver Hunt. + + Added a ValueToDouble node, which is a variant of ValueToNumber that + hints that it will only be used as a double and never as an integer. + Thus, it turns off integer speculation even if the value profiler + told us that the value source is an int. The logic for converting a + ValueToNumber into a ValueToDouble is found in Propagator. + + This appears to be a 22% speed-up in imaging-darkroom. + + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::toDouble): + (JSC::DFG::Propagator::fixupNode): + (JSC::DFG::Propagator::fixup): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + Tiered compilation heuristics do not account for value profile fullness + https://bugs.webkit.org/show_bug.cgi?id=68116 + + Reviewed by Oliver Hunt. + + Tiered compilation avoids invoking the DFG JIT if it finds that value + profiles contain insufficient information. Instead, it produces a + prediction from the current value profile, and then clears the value + profile. This allows the value profile to heat up from scratch for + some number of additional executions. The new profiles will then be + merged with the previous prediction. Once the amount of information + in predictions is enough according to heuristics in CodeBlock.cpp, + DFG optimization is allowed to proceed. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::~CodeBlock): + (JSC::CodeBlock::visitAggregate): + (JSC::CodeBlock::visitWeakReferences): + (JSC::CodeBlock::shouldOptimizeNow): + (JSC::CodeBlock::dumpValueProfiles): + * bytecode/CodeBlock.h: + * bytecode/PredictedType.cpp: + (JSC::predictionToString): + * bytecode/PredictedType.h: + * bytecode/ValueProfile.cpp: Added. + (JSC::ValueProfile::computeStatistics): + (JSC::ValueProfile::computeUpdatedPrediction): + * bytecode/ValueProfile.h: + (JSC::ValueProfile::ValueProfile): + (JSC::ValueProfile::classInfo): + (JSC::ValueProfile::numberOfSamples): + (JSC::ValueProfile::totalNumberOfSamples): + (JSC::ValueProfile::isLive): + (JSC::ValueProfile::numberOfInt32s): + (JSC::ValueProfile::numberOfDoubles): + (JSC::ValueProfile::numberOfBooleans): + (JSC::ValueProfile::dump): + (JSC::getValueProfileBytecodeOffset): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::stronglyPredict): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + DFG should not speculate that the child of LogicalNot is a boolean if + predictions tell us otherwise + https://bugs.webkit.org/show_bug.cgi?id=68118 + + Reviewed by Geoffrey Garen. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-09-14 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix. Turn off tiered compilation. + + * wtf/Platform.h: + +2011-09-13 Filip Pizlo <fpizlo@apple.com> + + Prediction tracking is not precise enough + https://bugs.webkit.org/show_bug.cgi?id=67993 + + Reviewed by Oliver Hunt. + + Added a richer set of type predictions, including JSFinalObject, JSString, + object that is not a JSFinalObject or JSArray (ObjectOther), some object + but we don't or care know what kind (SomeObject), definitely an object, + cell that is not an object or JSString, an value that is none of the above + (so either Undefined or Null). Made the propagator and value profiler work + with the new types. + + Performance is neutral, because the DFG JIT does not take advantage of this + new knowledge yet. + + In the process of writing predictionToString() (which is now considerably + more complex) I decided to finally add a BoundsCheckedPointer, which + should come in handy in other places, like at least the OSR scratch buffer + and the CompactJITCodeMap. It's great for cases where you want to + do pointer arithmetic, you want to have assertions about the + pointer not going out of bounds, but you don't want to write those + assertions yourself. + + This also required refactoring inherits(), since the ValueProfiler may + want to do the equivalent of inherits() but given two ClassInfo's. + + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/PredictedType.cpp: Added. + (JSC::predictionToString): + (JSC::makePrediction): + (JSC::predictionFromValue): + * bytecode/PredictedType.h: + (JSC::isCellPrediction): + (JSC::isObjectPrediction): + (JSC::isFinalObjectPrediction): + (JSC::isStringPrediction): + (JSC::mergePredictions): + * bytecode/ValueProfile.h: + (JSC::ValueProfile::numberOfObjects): + (JSC::ValueProfile::numberOfFinalObjects): + (JSC::ValueProfile::numberOfStrings): + (JSC::ValueProfile::probabilityOfObject): + (JSC::ValueProfile::probabilityOfFinalObject): + (JSC::ValueProfile::probabilityOfString): + (JSC::ValueProfile::dump): + (JSC::ValueProfile::Statistics::Statistics): + (JSC::ValueProfile::computeStatistics): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::stronglyPredict): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGNode.h: + (JSC::DFG::Node::predict): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::propagateNode): + * runtime/ClassInfo.h: + (JSC::ClassInfo::isSubClassOf): + * runtime/JSObject.h: + (JSC::JSCell::inherits): + * wtf/BoundsCheckedPointer.h: Added. + (WTF::BoundsCheckedPointer::BoundsCheckedPointer): + (WTF::BoundsCheckedPointer::operator=): + (WTF::BoundsCheckedPointer::operator+=): + (WTF::BoundsCheckedPointer::operator-=): + (WTF::BoundsCheckedPointer::operator+): + (WTF::BoundsCheckedPointer::operator-): + (WTF::BoundsCheckedPointer::operator++): + (WTF::BoundsCheckedPointer::operator--): + (WTF::BoundsCheckedPointer::operator<): + (WTF::BoundsCheckedPointer::operator<=): + (WTF::BoundsCheckedPointer::operator>): + (WTF::BoundsCheckedPointer::operator>=): + (WTF::BoundsCheckedPointer::operator==): + (WTF::BoundsCheckedPointer::operator!=): + (WTF::BoundsCheckedPointer::operator!): + (WTF::BoundsCheckedPointer::get): + (WTF::BoundsCheckedPointer::operator*): + (WTF::BoundsCheckedPointer::operator[]): + (WTF::BoundsCheckedPointer::strcat): + (WTF::BoundsCheckedPointer::validate): + * wtf/CMakeLists.txt: + +2011-09-14 Csaba Osztrogonác <ossy@webkit.org> + + [Qt] Win32 builds with threads turned off + https://bugs.webkit.org/show_bug.cgi?id=67864 + + Reviewed by Geoffrey Garen. + + * JavaScriptCore.pri: Link pthread library on Windows platform. + * wtf/Platform.h: Enable multiple threads. + +2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com> + + Unzip initialization lists and constructors in JSCell hierarchy (6/7) + https://bugs.webkit.org/show_bug.cgi?id=67692 + + Reviewed by Geoffrey Garen. + + Completed the sixth level of the refactoring to add finishCreation() + methods to all classes within the JSCell hierarchy with non-trivial + constructor bodies. + + This primarily consists of pushing the calls to finishCreation() down + into the constructors of the subclasses of the fifth level of the hierarchy + as well as pulling the finishCreation() calls out into the class's corresponding + create() method if it has one. Doing both simultaneously allows us to + maintain the invariant that the finishCreation() method chain is called exactly + once during the creation of an object, since calling it any other number of + times (0, 2, or more) will cause an assertion failure. + + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::JSCallbackFunction): + * API/JSCallbackFunction.h: + (JSC::JSCallbackFunction::create): + * jsc.cpp: + (GlobalObject::create): + (GlobalObject::GlobalObject): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::ArrayConstructor): + * runtime/ArrayConstructor.h: + (JSC::ArrayConstructor::create): + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::BooleanConstructor): + * runtime/BooleanConstructor.h: + (JSC::BooleanConstructor::create): + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + * runtime/BooleanPrototype.h: + (JSC::BooleanPrototype::create): + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::DateConstructor): + * runtime/DateConstructor.h: + (JSC::DateConstructor::create): + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::DatePrototype): + * runtime/DatePrototype.h: + (JSC::DatePrototype::create): + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): + (JSC::StrictModeTypeErrorFunction::create): + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::ErrorConstructor): + * runtime/ErrorConstructor.h: + (JSC::ErrorConstructor::create): + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::FunctionConstructor): + * runtime/FunctionConstructor.h: + (JSC::FunctionConstructor::create): + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::FunctionPrototype): + * runtime/FunctionPrototype.h: + (JSC::FunctionPrototype::create): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::create): + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + (JSC::NativeErrorPrototype::finishCreation): + * runtime/NativeErrorPrototype.h: + (JSC::NativeErrorPrototype::create): + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::NumberConstructor): + * runtime/NumberConstructor.h: + (JSC::NumberConstructor::create): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + * runtime/NumberPrototype.h: + (JSC::NumberPrototype::create): + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::ObjectConstructor): + * runtime/ObjectConstructor.h: + (JSC::ObjectConstructor::create): + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::RegExpConstructor): + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::create): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + * runtime/RegExpPrototype.h: + (JSC::RegExpPrototype::create): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::StringConstructor): + * runtime/StringConstructor.h: + (JSC::StringConstructor::create): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::create): + (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::StringPrototype): + * runtime/StringPrototype.h: + (JSC::StringPrototype::create): + +2011-09-13 Eric Seidel <eric@webkit.org> + + Remove ENABLE_SVG_USE as <use> is required by HTML5 + https://bugs.webkit.org/show_bug.cgi?id=68019 + + Reviewed by Ryosuke Niwa. + + * Configurations/FeatureDefines.xcconfig: + +2011-09-14 Iain Merrick <husky@google.com> + + HashTraits.h should include template specialization for WTF::String + https://bugs.webkit.org/show_bug.cgi?id=67851 + + Ensure that the template specialization for HashTraits<String> is always + picked up. (Previously it was possible to include HashSet and String but + not the correct HashTraits, so you would get an inefficient template + instantiation.) + + Reviewed by Darin Adler. + + * wtf/HashTraits.h: + * wtf/text/StringHash.h: + +2011-09-13 Filip Pizlo <fpizlo@apple.com> + + SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should + return false if either node can be double + https://bugs.webkit.org/show_bug.cgi?id=67985 + + Reviewed by Geoffrey Garen. + + This is a 17% speed-up on 3d-cube. + + This required allowing us to check if a constant is double but not + integer, and making the shouldSpeculateInteger() check test for + any hints of doubly-ness in its operands. This also required + changing some terminology: previously "isDouble" often meant + "isDouble or isInt32". Now "isDouble" means exactly what the name + suggests, and "isNumber" means "isDouble or isInt32". + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::toNumber): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGenerationInfo.h: + (JSC::DFG::isJSFormat): + (JSC::DFG::isJSInteger): + (JSC::DFG::isJSDouble): + (JSC::DFG::isJSCell): + (JSC::DFG::isJSBoolean): + (JSC::DFG::GenerationInfo::isJSFormat): + (JSC::DFG::GenerationInfo::isJSInteger): + (JSC::DFG::GenerationInfo::isJSDouble): + (JSC::DFG::GenerationInfo::isJSCell): + (JSC::DFG::GenerationInfo::isJSBoolean): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::isNumberConstant): + (JSC::DFG::Graph::valueOfNumberConstant): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::isKnownInteger): + (JSC::DFG::JITCodeGenerator::isKnownNumeric): + (JSC::DFG::JITCodeGenerator::isKnownCell): + (JSC::DFG::JITCodeGenerator::isKnownNotInteger): + (JSC::DFG::JITCodeGenerator::isKnownBoolean): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillFPR): + (JSC::DFG::JITCodeGenerator::isNumberConstant): + (JSC::DFG::JITCodeGenerator::valueOfNumberConstant): + (JSC::DFG::JITCodeGenerator::initConstantInfo): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::JITCompiler::fillToJS): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::isNumberConstant): + (JSC::DFG::JITCompiler::valueOfNumberConstant): + * dfg/DFGNode.h: + (JSC::DFG::Node::isDoubleConstant): + (JSC::DFG::Node::isNumberConstant): + (JSC::DFG::Node::valueOfNumberConstant): + (JSC::DFG::Node::hasNumberResult): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isInteger): + (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble): + (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger): + (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): + +2011-09-13 Anders Carlsson <andersca@apple.com> + + Disable C++ exceptions when building with clang + https://bugs.webkit.org/show_bug.cgi?id=68031 + <rdar://problem/9556880> + + Reviewed by Mark Rowe. + + * Configurations/Base.xcconfig: + +2011-09-13 Eric Seidel <eric@webkit.org> + + Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5 + https://bugs.webkit.org/show_bug.cgi?id=68018 + + Reviewed by Ryosuke Niwa. + + * Configurations/FeatureDefines.xcconfig: + +2011-09-13 Sam Weinig <sam@webkit.org> + + Object.getPrototypeOf should use JSValue::get() + https://bugs.webkit.org/show_bug.cgi?id=67973 + + Reviewed by Darin Adler. + + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorGetPrototypeOf): + Pipe through JSValue::get() to allow overrides. + +2011-09-12 Filip Pizlo <fpizlo@apple.com> + + JavaScriptCore does not have baseline->speculative OSR + https://bugs.webkit.org/show_bug.cgi?id=67920 + + Reviewed by Oliver Hunt. + + This adds the ability to on-stack-replace (OSR) from code that is + running hot in the old JIT to code compiled by the new JIT. This + ensures that long-running loops benefit from DFG optimization. + It also ensures that if code experiences a speculation failure + in DFG code, it has an opportunity to reenter the DFG once every + 1,000 loop iterations or so. + + This results in a 2.88x speed-up on Kraken/imaging-desaturate, + and is a pure win on the main three benchmark suites (SunSpider, + V8, Kraken), when tiered compilation is enabled. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + (JSC::CodeBlock::CodeBlock): + (JSC::ProgramCodeBlock::compileOptimized): + (JSC::EvalCodeBlock::compileOptimized): + (JSC::FunctionCodeBlock::compileOptimized): + * bytecode/CodeBlock.h: + * bytecode/Opcode.h: + * bytecode/PredictedType.h: Added. + (JSC::isCellPrediction): + (JSC::isArrayPrediction): + (JSC::isInt32Prediction): + (JSC::isDoublePrediction): + (JSC::isNumberPrediction): + (JSC::isBooleanPrediction): + (JSC::isStrongPrediction): + (JSC::predictionToString): + (JSC::mergePredictions): + (JSC::mergePrediction): + (JSC::makePrediction): + * bytecode/PredictionTracker.h: Added. + (JSC::operandIsArgument): + (JSC::PredictionSlot::PredictionSlot): + (JSC::PredictionTracker::PredictionTracker): + (JSC::PredictionTracker::initializeSimilarTo): + (JSC::PredictionTracker::copyLocalsFrom): + (JSC::PredictionTracker::numberOfArguments): + (JSC::PredictionTracker::numberOfVariables): + (JSC::PredictionTracker::argumentOffsetForOperand): + (JSC::PredictionTracker::predictArgument): + (JSC::PredictionTracker::predict): + (JSC::PredictionTracker::predictGlobalVar): + (JSC::PredictionTracker::getArgumentPrediction): + (JSC::PredictionTracker::getPrediction): + (JSC::PredictionTracker::getGlobalVarPrediction): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitLoopHint): + * bytecompiler/BytecodeGenerator.h: + * bytecompiler/NodesCodegen.cpp: + (JSC::DoWhileNode::emitBytecode): + (JSC::WhileNode::emitBytecode): + (JSC::ForNode::emitBytecode): + (JSC::ForInNode::emitBytecode): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::BasicBlock::BasicBlock): + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::getPrediction): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::compileBody): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::noticeOSREntry): + * dfg/DFGNode.h: + * dfg/DFGOSREntry.cpp: Added. + (JSC::DFG::predictionIsValid): + (JSC::DFG::prepareOSREntry): + * dfg/DFGOSREntry.h: Added. + (JSC::DFG::prepareOSREntry): + * dfg/DFGPredictionTracker.h: Removed. + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::mergeUse): + (JSC::DFG::Propagator::mergePrediction): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/CompactJITCodeMap.h: + (JSC::CompactJITCodeMap::numberOfEntries): + (JSC::CompactJITCodeMap::decode): + (JSC::CompactJITCodeMap::Decoder::Decoder): + (JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining): + (JSC::CompactJITCodeMap::Decoder::read): + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + (JSC::JIT::emitTimeoutCheck): + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + (JSC::JIT::emit_op_loop_hint): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + +2011-09-12 Sam Weinig <sam@webkit.org> + + Don't allow setting __proto__ to be a getter or setter + https://bugs.webkit.org/show_bug.cgi?id=67982 + + Reviewed by Gavin Barraclough. + + * runtime/JSObject.cpp: + (JSC::JSObject::defineGetter): + (JSC::JSObject::defineSetter): + Disallow setting a getter or setter on __proto__. + +2011-09-12 James Robinson <jamesr@chromium.org> + + Unreviewed build fix for chromium. + + Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which + is currently only compiled in by ports that use JavaScriptCore. This code is currently unreachable in builds so + no change in functionality. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::CharAccess::CharAccess): + +2011-09-09 Filip Pizlo <fpizlo@apple.com> + + JavaScriptCore does not have speculative->baseline OSR + https://bugs.webkit.org/show_bug.cgi?id=67826 + + Reviewed by Oliver Hunt. + + This adds the ability to bail out of DFG speculative JIT execution by + performing an on-stack replacement (OSR) that results in the control + flow going to the equivalent code generated by the old JIT. + + This required a number of new features, as well as taking advantage of + some features that happened to already be present: + + We already had a policy of storing the bytecode index for which a DFG + node was generated inside the DFG::Node class. This was previously + called exceptionInfo. It's now renamed to codeOrigin to reflect that + it's used for more than just excpetions. OSR uses this to figure out + which bytecode index to use to look up the machine code location in + the code generated by the old JIT that we should be jumping to. + + CodeBlock now stores a mapping between bytecode indices and machine + code offsets for code generated by the old JIT. This is implemented + by CompactJITCodeMap, which tries to compress this data a bit. The + OSR compiler decodes this and uses it to find the machine code + locations it should be jumping to. + + We already had a mechanism that emitted SetLocal nodes in the DFG graph + that told us the time at which the old JIT would have stored something + into its register file, and the DFG::Node that corresponds to the value + that it would have stored. These SetLocal's were mostly dead-code- + eliminated, but our DCE leaves the nodes intact except for making them + have 0 as the ref count. This allows the OSR compiler to construct a + mapping between the state as it would have been seen by the old JIT + and the state as the DFG JIT sees it. The OSR compiler uses this to + generate code that reshapes the call frame so that it is like what the + old JIT would expect. + + Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION) + we no longer emit the non-speculative path. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::currentCodeOrigin): + (JSC::DFG::ByteCodeParser::addToGraph): + * dfg/DFGGPRInfo.h: + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::alive): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): + (JSC::DFG::JITCompiler::linkOSRExits): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (JSC::DFG::CallRecord::CallRecord): + (JSC::DFG::JITCompiler::notifyCall): + (JSC::DFG::JITCompiler::appendCallWithExceptionCheck): + (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck): + (JSC::DFG::JITCompiler::addJSCall): + (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): + * dfg/DFGNode.h: + (JSC::DFG::CodeOrigin::CodeOrigin): + (JSC::DFG::CodeOrigin::isSet): + (JSC::DFG::CodeOrigin::bytecodeIndex): + (JSC::DFG::Node::Node): + (JSC::DFG::Node::child1Unchecked): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + (JSC::DFG::ValueRecovery::dump): + (JSC::DFG::OSRExit::OSRExit): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::compileMovHint): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::ValueSource::ValueSource): + (JSC::DFG::ValueSource::isSet): + (JSC::DFG::ValueSource::nodeIndex): + (JSC::DFG::ValueRecovery::ValueRecovery): + (JSC::DFG::ValueRecovery::alreadyInRegisterFile): + (JSC::DFG::ValueRecovery::inGPR): + (JSC::DFG::ValueRecovery::inFPR): + (JSC::DFG::ValueRecovery::displacedInRegisterFile): + (JSC::DFG::ValueRecovery::constant): + (JSC::DFG::ValueRecovery::technique): + (JSC::DFG::ValueRecovery::gpr): + (JSC::DFG::ValueRecovery::fpr): + (JSC::DFG::ValueRecovery::virtualRegister): + (JSC::DFG::OSRExit::numberOfRecoveries): + (JSC::DFG::OSRExit::valueRecovery): + (JSC::DFG::OSRExit::isArgument): + (JSC::DFG::OSRExit::argumentForIndex): + (JSC::DFG::OSRExit::variableForIndex): + (JSC::DFG::OSRExit::operandForIndex): + (JSC::DFG::SpeculativeJIT::osrExits): + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::valueSourceForOperand): + (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand): + (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator): + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + * jit/CompactJITCodeMap.h: Added. + (JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset): + (JSC::BytecodeAndMachineOffset::getBytecodeIndex): + (JSC::BytecodeAndMachineOffset::getMachineCodeOffset): + (JSC::CompactJITCodeMap::~CompactJITCodeMap): + (JSC::CompactJITCodeMap::decode): + (JSC::CompactJITCodeMap::CompactJITCodeMap): + (JSC::CompactJITCodeMap::at): + (JSC::CompactJITCodeMap::decodeNumber): + (JSC::CompactJITCodeMap::Encoder::Encoder): + (JSC::CompactJITCodeMap::Encoder::~Encoder): + (JSC::CompactJITCodeMap::Encoder::append): + (JSC::CompactJITCodeMap::Encoder::finish): + (JSC::CompactJITCodeMap::Encoder::appendByte): + (JSC::CompactJITCodeMap::Encoder::encodeNumber): + (JSC::CompactJITCodeMap::Encoder::ensureCapacityFor): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompile): + * jit/JIT.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::osrScratchBufferForSize): + * runtime/JSValue.cpp: + (JSC::JSValue::description): + +2011-09-12 Geoffrey Garen <ggaren@apple.com> + + Re-enabled ENABLE(LAZY_BLOCK_FREEING). + + Reviewed by Stephanie Lewis. + + I accidentally disabled this in r94890, causing a big performance regression. + + * wtf/Platform.h: + +2011-09-12 Michael Saboff <msaboff@apple.com> + + Broken Build for ARM - lshift32() needs TrustedImm32 arg + https://bugs.webkit.org/show_bug.cgi?id=67965 + + Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1); + + Reviewed by Anders Carlsson. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::branch16): + +2011-09-12 Michael Saboff <msaboff@apple.com> + + Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h + https://bugs.webkit.org/show_bug.cgi?id=67961 + + Added missing semicolon. + + Reviewed by Ryosuke Niwa. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::branch16): + +2011-09-12 Michael Saboff <msaboff@apple.com> + + Update RegExp and related classes to use 8 bit strings when available + https://bugs.webkit.org/show_bug.cgi?id=67337 + + Modified both the Yarr interpreter and JIT to handle 8 bit subject strings. + The code paths are triggered by the UString::is8bit() method which currently + returns false. Implemented JIT changes for all current architectures. + Tested X86_64 and ARM v7. + + This includes some code that will likely change as we complete the + 8 bit string changes. This includes the way the raw buffer pointers + are accessed as well as replacing the CharAccess class with a + string interator returned from UString. + + Fixed build breakage in testRegExp.cpp due to globalObject construction + changes. + + Reviewed by Gavin Barraclough. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * testRegExp.cpp: + (GlobalObject::finishCreation): + (GlobalObject::GlobalObject): + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::baseIndexTransfer32): + * assembler/ARMAssembler.h: + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::ubfx): + (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::load8): + (JSC::MacroAssemblerARM::branch8): + (JSC::MacroAssemblerARM::branch16): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::load8): + (JSC::MacroAssemblerARMv7::branch16): + (JSC::MacroAssemblerARMv7::branch8): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::load8): + (JSC::MacroAssemblerMIPS::branch8): + (JSC::MacroAssemblerMIPS::branch16): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::load8): + (JSC::MacroAssemblerSH4::branch8): + (JSC::MacroAssemblerSH4::branch16): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::load8): + (JSC::MacroAssemblerX86Common::branch16): + (JSC::MacroAssemblerX86Common::branch8): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::extub): + (JSC::SH4Assembler::printInstr): + * assembler/X86Assembler.h: + (JSC::X86Assembler::cmpw_ir): + (JSC::X86Assembler::movzbl_mr): + * runtime/RegExp.cpp: + (JSC::RegExp::compile): + (JSC::RegExp::compileIfNecessary): + (JSC::RegExp::match): + (JSC::RegExp::matchCompareWithInterpreter): + * runtime/RegExp.h: + * runtime/UString.h: + (JSC::UString::is8Bit): + * yarr/Yarr.h: + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::CharAccess::CharAccess): + (JSC::Yarr::Interpreter::CharAccess::~CharAccess): + (JSC::Yarr::Interpreter::CharAccess::operator[]): + (JSC::Yarr::Interpreter::InputStream::InputStream): + (JSC::Yarr::Interpreter::Interpreter): + (JSC::Yarr::interpret): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals): + (JSC::Yarr::YarrGenerator::readCharacter): + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): + (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): + (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): + (JSC::Yarr::YarrGenerator::generateDotStarEnclosure): + (JSC::Yarr::YarrGenerator::YarrGenerator): + (JSC::Yarr::YarrGenerator::compile): + (JSC::Yarr::jitCompile): + (JSC::Yarr::execute): + * yarr/YarrJIT.h: + (JSC::Yarr::YarrCodeBlock::has8BitCode): + (JSC::Yarr::YarrCodeBlock::has16BitCode): + (JSC::Yarr::YarrCodeBlock::set8BitCode): + (JSC::Yarr::YarrCodeBlock::set16BitCode): + (JSC::Yarr::YarrCodeBlock::execute): + * yarr/YarrParser.h: + (JSC::Yarr::Parser::Parser): + +2011-09-12 Andras Becsi <andras.becsi@nokia.com> + + [Qt] Build fails after r94920 with strict compiler + https://bugs.webkit.org/show_bug.cgi?id=67928 + + Reviewed by Csaba Osztrogonác. + + * wtf/RedBlackTree.h: + (WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot. + +2011-09-12 Patrick Gansterer <paroga@webkit.org> + + Unreviewed build fix after r94871. + + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + * wtf/FastMalloc.cpp: + * wtf/RefCountedLeakCounter.h: + +2011-09-11 Filip Pizlo <fpizlo@apple.com> + + DFGNode.h has macros that indicate the enabling of a feature, but + they do not use the ENABLE() idiom. + https://bugs.webkit.org/show_bug.cgi?id=67907 + + Reviewed by Oliver Hunt. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::stronglyPredict): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGJITCodeGenerator.cpp: + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillInt32ToInteger): + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::propagateNode): + (JSC::DFG::Propagator::propagateForward): + (JSC::DFG::Propagator::propagateBackward): + (JSC::DFG::propagate): + * dfg/DFGScoreBoard.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + +2011-09-11 Fumitoshi Ukai <ukai@chromium.org> + + Unreviewed build fix for chromium/mac & clang. + + Fix the macro redefinition error by r94927, because chromium set + ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and + it is not PLATFORM(QT). + ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror] + #define ENABLE_JSC_MULTIPLE_THREADS 1 + <command line>:43:9: note: previous definition is here + #define ENABLE_JSC_MULTIPLE_THREADS 0 + 1 error generated. + + * wtf/Platform.h: + +2011-09-11 Sam Weinig <sam@webkit.org> + + Remove JSCell::isPropertyNameIterator(), it is unused + https://bugs.webkit.org/show_bug.cgi?id=67911 + + Reviewed by Oliver Hunt. + + * runtime/JSCell.h: + * runtime/JSPropertyNameIterator.h: + +2011-09-11 Sam Weinig <sam@webkit.org> + + De-virtualize JSCell::isAPIValueWrapper + https://bugs.webkit.org/show_bug.cgi?id=67909 + + Reviewed by Oliver Hunt. + + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + Set the correct type on structure creation. + + * runtime/JSCell.h: + Remove virtual keyword and default implementation. + + * runtime/JSType.h: + Add type for APIValueWrapper. It must come after CompoundType since + the APIValueWrapper has children in need of marking. + + * runtime/Structure.h: + (JSC::JSCell::isAPIValueWrapper): + Implement predicate using type info. + +2011-09-10 Sam Weinig <sam@webkit.org> + + De-virtualize JSCell::isGetterSetter, type information is available for it + https://bugs.webkit.org/show_bug.cgi?id=67902 + + Reviewed by Dan Bernstein. + + * runtime/GetterSetter.cpp: + * runtime/GetterSetter.h: + Remove override of isGetterSetter. + + * runtime/JSCell.cpp: + * runtime/JSCell.h: + De-virtualize and remove silly base implementation. + + * runtime/Structure.h: + (JSC::JSCell::isGetterSetter): + Use type info to determine getter-setter-hood. + +2011-09-09 Oliver Hunt <oliver@apple.com> + + Remove support for anonymous storage from jsobjects + https://bugs.webkit.org/show_bug.cgi?id=67881 + + Reviewed by Sam Weinig. + + Remove all use of anonymous slots, essentially a mechanical change + in JavaScriptCore + + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::createStructure): + * API/JSCallbackFunction.h: + (JSC::JSCallbackFunction::createStructure): + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::createStructure): + * JavaScriptCore.exp: + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::createStructure): + * heap/MarkStack.cpp: + (JSC::MarkStack::validateValue): + * heap/MarkStack.h: + * runtime/Arguments.h: + (JSC::Arguments::createStructure): + * runtime/ArrayConstructor.h: + (JSC::ArrayConstructor::createStructure): + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::finishCreation): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::createStructure): + * runtime/BooleanObject.h: + (JSC::BooleanObject::createStructure): + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + * runtime/BooleanPrototype.h: + (JSC::BooleanPrototype::createStructure): + * runtime/DateConstructor.h: + (JSC::DateConstructor::createStructure): + * runtime/DateInstance.h: + (JSC::DateInstance::createStructure): + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::DatePrototype): + * runtime/DatePrototype.h: + (JSC::DatePrototype::createStructure): + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::createStructure): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::finishCreation): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::createStructure): + * runtime/ExceptionHelpers.h: + (JSC::InterruptedExecutionError::createStructure): + (JSC::TerminatedExecutionError::createStructure): + * runtime/Executable.h: + (JSC::ExecutableBase::createStructure): + (JSC::NativeExecutable::createStructure): + (JSC::EvalExecutable::createStructure): + (JSC::ProgramExecutable::createStructure): + (JSC::FunctionExecutable::createStructure): + * runtime/FunctionPrototype.h: + (JSC::FunctionPrototype::createStructure): + * runtime/GetterSetter.h: + (JSC::GetterSetter::createStructure): + * runtime/InternalFunction.h: + (JSC::InternalFunction::createStructure): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + * runtime/JSActivation.h: + (JSC::JSActivation::createStructure): + * runtime/JSArray.h: + (JSC::JSArray::createStructure): + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::createStructure): + * runtime/JSCell.h: + * runtime/JSFunction.h: + (JSC::JSFunction::createStructure): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::finishCreation): + (JSC::JSGlobalObject::createStructure): + * runtime/JSNotAnObject.h: + (JSC::JSNotAnObject::createStructure): + * runtime/JSONObject.h: + (JSC::JSONObject::createStructure): + * runtime/JSObject.h: + (JSC::JSObject::createStructure): + (JSC::JSNonFinalObject::createStructure): + (JSC::JSFinalObject::createStructure): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::create): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::createStructure): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::createStructure): + * runtime/JSString.h: + (JSC::RopeBuilder::createStructure): + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::createStructure): + * runtime/JSWrapperObject.h: + (JSC::JSWrapperObject::createStructure): + * runtime/MathObject.h: + (JSC::MathObject::createStructure): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::createStructure): + * runtime/NumberConstructor.h: + (JSC::NumberConstructor::createStructure): + * runtime/NumberObject.h: + (JSC::NumberObject::createStructure): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + * runtime/NumberPrototype.h: + (JSC::NumberPrototype::createStructure): + * runtime/ObjectConstructor.h: + (JSC::ObjectConstructor::createStructure): + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::finishCreation): + * runtime/ObjectPrototype.h: + (JSC::ObjectPrototype::createStructure): + * runtime/RegExp.h: + (JSC::RegExp::createStructure): + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::createStructure): + * runtime/RegExpObject.h: + (JSC::RegExpObject::createStructure): + * runtime/RegExpPrototype.h: + (JSC::RegExpPrototype::createStructure): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::createStructure): + * runtime/StrictEvalActivation.h: + (JSC::StrictEvalActivation::createStructure): + * runtime/StringConstructor.h: + (JSC::StringConstructor::createStructure): + * runtime/StringObject.h: + (JSC::StringObject::createStructure): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::createStructure): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::StringPrototype): + * runtime/StringPrototype.h: + (JSC::StringPrototype::createStructure): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + (JSC::Structure::materializePropertyMap): + (JSC::Structure::addPropertyTransitionToExistingStructure): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::removePropertyTransition): + (JSC::Structure::changePrototypeTransition): + (JSC::Structure::despecifyFunctionTransition): + (JSC::Structure::getterSetterTransition): + (JSC::Structure::toDictionaryTransition): + (JSC::Structure::preventExtensionsTransition): + (JSC::Structure::flattenDictionaryStructure): + (JSC::Structure::addPropertyWithoutTransition): + (JSC::Structure::removePropertyWithoutTransition): + (JSC::Structure::get): + (JSC::Structure::putSpecificValue): + (JSC::Structure::remove): + (JSC::Structure::checkConsistency): + * runtime/Structure.h: + (JSC::Structure::create): + (JSC::Structure::propertyStorageSize): + (JSC::Structure::get): + * runtime/StructureChain.h: + (JSC::StructureChain::createStructure): + +2011-09-11 Jarred Nicholls <jarred@sencha.com> + + [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library + https://bugs.webkit.org/show_bug.cgi?id=67864 + + Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build. + + Reviewed by Csaba Osztrogonác. + + * wtf/Platform.h: + +2011-09-11 Filip Pizlo <fpizlo@apple.com> + + ARM and MIPS assemblers still refer to executable pools. + https://bugs.webkit.org/show_bug.cgi?id=67903 + + Reviewed by Csaba Osztrogonác. + + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::executableCopy): + * assembler/ARMAssembler.h: + * assembler/AssemblerBufferWithConstantPool.h: + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::executableCopy): + +2011-09-08 Filip Pizlo <fpizlo@apple.com> + + The executable allocator makes it difficult to free individual + chunks of executable memory + https://bugs.webkit.org/show_bug.cgi?id=66363 + + Reviewed by Oliver Hunt. + + Introduced a best-fit, balanced-tree based allocator. The allocator + required a balanced tree that does not allocate memory and that + permits the removal of individual nodes directly (as opposed to by + key); neither AVLTree nor WebCore's PODRedBlackTree supported this. + Changed all references to executable code to use a reference counted + handle. + + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::executableCopy): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::LinkBuffer): + (JSC::LinkBuffer::finalizeCode): + (JSC::LinkBuffer::linkCode): + * assembler/MacroAssemblerCodeRef.h: + (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef): + (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef): + (JSC::MacroAssemblerCodeRef::executableMemory): + (JSC::MacroAssemblerCodeRef::code): + (JSC::MacroAssemblerCodeRef::size): + (JSC::MacroAssemblerCodeRef::operator!): + * assembler/X86Assembler.h: + (JSC::X86Assembler::executableCopy): + (JSC::X86Assembler::X86InstructionFormatter::executableCopy): + * bytecode/CodeBlock.h: + * bytecode/Instruction.h: + * bytecode/StructureStubInfo.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compile): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGRepatch.cpp: + (JSC::DFG::generateProtoChainAccessStub): + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::tryBuildGetByIDList): + (JSC::DFG::tryBuildGetByIDProtoList): + (JSC::DFG::tryCachePutByID): + * jit/ExecutableAllocator.cpp: + (JSC::ExecutableAllocator::initializeAllocator): + (JSC::ExecutableAllocator::ExecutableAllocator): + (JSC::ExecutableAllocator::allocate): + (JSC::ExecutableAllocator::committedByteCount): + (JSC::ExecutableAllocator::dumpProfile): + * jit/ExecutableAllocator.h: + (JSC::ExecutableAllocator::dumpProfile): + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::ExecutableAllocator::initializeAllocator): + (JSC::ExecutableAllocator::ExecutableAllocator): + (JSC::ExecutableAllocator::isValid): + (JSC::ExecutableAllocator::underMemoryPressure): + (JSC::ExecutableAllocator::allocate): + (JSC::ExecutableAllocator::committedByteCount): + (JSC::ExecutableAllocator::dumpProfile): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JIT.h: + (JSC::JIT::compileCTIMachineTrampolines): + (JSC::JIT::compileCTINativeCall): + * jit/JITCode.h: + (JSC::JITCode::operator !): + (JSC::JITCode::addressForCall): + (JSC::JITCode::offsetOf): + (JSC::JITCode::execute): + (JSC::JITCode::start): + (JSC::JITCode::size): + (JSC::JITCode::getExecutableMemory): + (JSC::JITCode::HostFunction): + (JSC::JITCode::JITCode): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITStubs.cpp: + (JSC::JITThunks::JITThunks): + (JSC::DEFINE_STUB_FUNCTION): + (JSC::getPolymorphicAccessStructureListSlot): + (JSC::JITThunks::ctiStub): + (JSC::JITThunks::hostFunctionStub): + * jit/JITStubs.h: + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::SpecializedThunkJIT): + (JSC::SpecializedThunkJIT::finalize): + * jit/ThunkGenerators.cpp: + (JSC::charCodeAtThunkGenerator): + (JSC::charAtThunkGenerator): + (JSC::fromCharCodeThunkGenerator): + (JSC::sqrtThunkGenerator): + (JSC::floorThunkGenerator): + (JSC::ceilThunkGenerator): + (JSC::roundThunkGenerator): + (JSC::expThunkGenerator): + (JSC::logThunkGenerator): + (JSC::absThunkGenerator): + (JSC::powThunkGenerator): + * jit/ThunkGenerators.h: + * runtime/Executable.h: + (JSC::NativeExecutable::create): + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::dumpSampleData): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::getCTIStub): + * wtf/CMakeLists.txt: + * wtf/MetaAllocator.cpp: Added. + (WTF::MetaAllocatorHandle::MetaAllocatorHandle): + (WTF::MetaAllocatorHandle::~MetaAllocatorHandle): + (WTF::MetaAllocatorHandle::shrink): + (WTF::MetaAllocator::MetaAllocator): + (WTF::MetaAllocator::allocate): + (WTF::MetaAllocator::currentStatistics): + (WTF::MetaAllocator::findAndRemoveFreeSpace): + (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle): + (WTF::MetaAllocator::addFreshFreeSpace): + (WTF::MetaAllocator::debugFreeSpaceSize): + (WTF::MetaAllocator::addFreeSpace): + (WTF::MetaAllocator::incrementPageOccupancy): + (WTF::MetaAllocator::decrementPageOccupancy): + (WTF::MetaAllocator::roundUp): + (WTF::MetaAllocator::allocFreeSpaceNode): + (WTF::MetaAllocator::freeFreeSpaceNode): + (WTF::MetaAllocator::dumpProfile): + * wtf/MetaAllocator.h: Added. + (WTF::MetaAllocator::bytesAllocated): + (WTF::MetaAllocator::bytesReserved): + (WTF::MetaAllocator::bytesCommitted): + (WTF::MetaAllocator::dumpProfile): + (WTF::MetaAllocator::~MetaAllocator): + * wtf/MetaAllocatorHandle.h: Added. + * wtf/RedBlackTree.h: Added. + (WTF::RedBlackTree::Node::Node): + (WTF::RedBlackTree::Node::successor): + (WTF::RedBlackTree::Node::predecessor): + (WTF::RedBlackTree::Node::reset): + (WTF::RedBlackTree::Node::parent): + (WTF::RedBlackTree::Node::setParent): + (WTF::RedBlackTree::Node::left): + (WTF::RedBlackTree::Node::setLeft): + (WTF::RedBlackTree::Node::right): + (WTF::RedBlackTree::Node::setRight): + (WTF::RedBlackTree::Node::color): + (WTF::RedBlackTree::Node::setColor): + (WTF::RedBlackTree::RedBlackTree): + (WTF::RedBlackTree::insert): + (WTF::RedBlackTree::remove): + (WTF::RedBlackTree::findExact): + (WTF::RedBlackTree::findLeastGreaterThanOrEqual): + (WTF::RedBlackTree::findGreatestLessThanOrEqual): + (WTF::RedBlackTree::first): + (WTF::RedBlackTree::last): + (WTF::RedBlackTree::size): + (WTF::RedBlackTree::isEmpty): + (WTF::RedBlackTree::treeMinimum): + (WTF::RedBlackTree::treeMaximum): + (WTF::RedBlackTree::treeInsert): + (WTF::RedBlackTree::leftRotate): + (WTF::RedBlackTree::rightRotate): + (WTF::RedBlackTree::removeFixup): + * wtf/wtf.pri: + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::compile): + * yarr/YarrJIT.h: + (JSC::Yarr::YarrCodeBlock::execute): + (JSC::Yarr::YarrCodeBlock::getAddr): + +2011-09-10 Sam Weinig <sam@webkit.org> + + Remove JSC::isZombie() function, it did nothing and was called by no-one. + https://bugs.webkit.org/show_bug.cgi?id=67901 + + Reviewed by Andy Estes. + + * JavaScriptCore.exp: + * runtime/JSCell.cpp: + * runtime/JSValue.h: + +2011-09-10 Sam Weinig <sam@webkit.org> + + Add isInterruptedExecutionException and isTerminatedExecutionException predicates + https://bugs.webkit.org/show_bug.cgi?id=67892 + + Reviewed by Andy "First Time Reviewer" Estes. + + * JavaScriptCore.exp: + Add symbols. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::throwException): + Use new predicates. + + * runtime/ExceptionHelpers.cpp: + (JSC::createInterruptedExecutionException): + (JSC::isInterruptedExecutionException): + (JSC::createTerminatedExecutionException): + (JSC::isTerminatedExecutionException): + * runtime/ExceptionHelpers.h: + (JSC::InterruptedExecutionError::InterruptedExecutionError): + Add predicates. + +2011-09-10 Filip Pizlo <fpizlo@apple.com> + + DFG JIT completely undoes speculative compilation even in the case of + a partial static speculation failure + https://bugs.webkit.org/show_bug.cgi?id=67798 + + Reviewed by Geoffrey Garen. + + This is a regression with static speculation, so it is turned off by + default. But it is a necessary prerequisite for further work on + dynamic speculation. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::clearGenerationInfo): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + +2011-09-09 Chris Marrin <cmarrin@apple.com> + + requestAnimationFrame doesn't throttle on Mac + https://bugs.webkit.org/show_bug.cgi?id=67171 + + Reviewed by Simon Fraser. + + Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run + requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController. + Currently only enabled for PLATFORM(MAC) + + * wtf/Platform.h: + +2011-09-09 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Dan Bernstein. + + Removed ENABLE(SINGLE_THREADED) support, since it is always false + https://bugs.webkit.org/show_bug.cgi?id=67862 + + Next step toward making the baseline platform assumption that threads exist. + + * wtf/wtf.pri: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to + ThreadingNone.cpp, which was only compiled in single-threaded mode. + + * wtf/Platform.h: + * wtf/ThreadSpecific.h: + (WTF::::destroy): + * wtf/qt/ThreadingQt.cpp: Removed now-dead code. + + * wtf/ThreadingNone.cpp: Removed. + +2011-09-09 Mark Hahnenberg <mhahnenberg@apple.com> + + Unzip initialization lists and constructors in JSCell hierarchy (5/7) + https://bugs.webkit.org/show_bug.cgi?id=67420 + + Reviewed by Geoffrey Garen. + + Completed the fifth level of the refactoring to add finishCreation() + methods to all classes within the JSCell hierarchy with non-trivial + constructor bodies. + + This primarily consists of pushing the calls to finishCreation() down + into the constructors of the subclasses of the second level of the hierarchy + as well as pulling the finishCreation() calls out into the class's corresponding + create() method if it has one. Doing both simultaneously allows us to + maintain the invariant that the finishCreation() method chain is called exactly + once during the creation of an object, since calling it any other number of + times (0, 2, or more) will cause an assertion failure. + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::JSCallbackConstructor): + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::create): + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::JSCallbackFunction): + (JSC::JSCallbackFunction::finishCreation): + * API/JSCallbackFunction.h: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::JSCallbackObject): + (JSC::::finishCreation): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::create): + * jsc.cpp: + (GlobalObject::finishCreation): + (GlobalObject::GlobalObject): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::ArrayConstructor): + (JSC::ArrayConstructor::finishCreation): + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::ArrayPrototype): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::create): + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::BooleanConstructor): + (JSC::BooleanConstructor::finishCreation): + * runtime/BooleanConstructor.h: + * runtime/BooleanObject.cpp: + (JSC::BooleanObject::BooleanObject): + * runtime/BooleanObject.h: + (JSC::BooleanObject::create): + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + (JSC::BooleanPrototype::finishCreation): + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::DateConstructor): + (JSC::DateConstructor::finishCreation): + * runtime/DateConstructor.h: + * runtime/DateInstance.cpp: + (JSC::DateInstance::DateInstance): + * runtime/DateInstance.h: + (JSC::DateInstance::create): + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::DatePrototype): + (JSC::DatePrototype::finishCreation): + * runtime/DatePrototype.h: + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::ErrorConstructor): + (JSC::ErrorConstructor::finishCreation): + * runtime/ErrorConstructor.h: + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::create): + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::FunctionConstructor): + (JSC::FunctionConstructor::finishCreation): + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::FunctionPrototype): + (JSC::FunctionPrototype::finishCreation): + * runtime/FunctionPrototype.h: + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::InternalFunction): + * runtime/InternalFunction.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): + * runtime/JSActivation.h: + (JSC::JSActivation::create): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::create): + (JSC::JSGlobalObject::JSGlobalObject): + * runtime/JSONObject.cpp: + (JSC::JSONObject::JSONObject): + * runtime/JSONObject.h: + (JSC::JSONObject::create): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::create): + (JSC::JSStaticScopeObject::JSStaticScopeObject): + * runtime/JSString.cpp: + (JSC::StringObject::create): + * runtime/MathObject.cpp: + (JSC::MathObject::MathObject): + * runtime/MathObject.h: + (JSC::MathObject::create): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::finishCreation): + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + (JSC::NativeErrorPrototype::finishCreation): + * runtime/NativeErrorPrototype.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::NumberConstructor): + (JSC::NumberConstructor::finishCreation): + * runtime/NumberConstructor.h: + * runtime/NumberObject.cpp: + (JSC::NumberObject::NumberObject): + * runtime/NumberObject.h: + (JSC::NumberObject::create): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + (JSC::NumberPrototype::finishCreation): + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::ObjectConstructor): + (JSC::ObjectConstructor::finishCreation): + * runtime/ObjectConstructor.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::RegExpConstructor): + (JSC::RegExpConstructor::finishCreation): + (JSC::RegExpMatchesArray::RegExpMatchesArray): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::create): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::RegExpObject): + * runtime/RegExpObject.h: + (JSC::RegExpObject::create): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::StringConstructor): + (JSC::StringConstructor::finishCreation): + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + (JSC::StringObject::StringObject): + * runtime/StringObject.h: + (JSC::StringObject::create): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::StringPrototype): + (JSC::StringPrototype::finishCreation): + * runtime/StringPrototype.h: + +2011-09-09 Geoffrey Garen <ggaren@apple.com> + + Build fix: Guard against double-#define for something already #defined + by the build system. + + * wtf/Platform.h: + +2011-09-09 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Dan Bernstein. + + Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or + !ENABLE_WTF_MULTIPLE_THREADS + https://bugs.webkit.org/show_bug.cgi?id=67860 + + First step toward making the baseline platform assumption that threads + exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, + or !ENABLE_WTF_MULTIPLE_THREADS. + + * wtf/Platform.h: + +2011-09-09 Laszlo Gombos <laszlo.1.gombos@nokia.com> + + [Qt] Remove common.pri + https://bugs.webkit.org/show_bug.cgi?id=67814 + + Reviewed by Andreas Kling. + + * JavaScriptCore.pri: + +2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com> + + REGRESSION(r94811): Assertion failure in 2 worker tests + https://bugs.webkit.org/show_bug.cgi?id=67829 + + Reviewed by Sam Weinig. + + Fixing a couple tests that were broken due to the wrong values being + set in the parent class pointers in the ClassInfo structs for + TerminatedExecutionError and InterruptedExecutionError. + + * runtime/ExceptionHelpers.cpp: + +2011-09-08 Oliver Hunt <oliver@apple.com> + + Use bump allocator for initial property storage + https://bugs.webkit.org/show_bug.cgi?id=67494 + + Reviewed by Geoffrey Garen. + + Use a bump allocator for initial allocation of property storage, + and promote to fastMalloc memory only if it survives a GC pass. + + Comes out as a 1% win on v8, and is a useful step on the way to + GC allocation of all property storage. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/Heap.cpp: + (JSC::Heap::collect): + * heap/Heap.h: + (JSC::Heap::allocatePropertyStorage): + (JSC::Heap::inPropertyStorageNursery): + * heap/MarkedBlock.h: + * heap/NewSpace.cpp: + (JSC::NewSpace::NewSpace): + * heap/NewSpace.h: + (JSC::NewSpace::resetPropertyStorageNursery): + (JSC::NewSpace::allocatePropertyStorage): + (JSC::NewSpace::inPropertyStorageNursery): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSObject.cpp: + (JSC::JSObject::allocatePropertyStorage): + * runtime/JSObject.h: + (JSC::JSObject::isUsingInlineStorage): + (JSC::JSObject::JSObject): + (JSC::JSObject::propertyStorage): + (JSC::JSObject::~JSObject): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putDirectWithoutTransition): + (JSC::JSObject::putDirectFunctionWithoutTransition): + (JSC::JSObject::transitionTo): + (JSC::JSObject::visitChildrenDirect): + * runtime/StorageBarrier.h: Added. + (JSC::StorageBarrier::StorageBarrier): + (JSC::StorageBarrier::set): + (JSC::StorageBarrier::operator->): + (JSC::StorageBarrier::operator*): + (JSC::StorageBarrier::operator[]): + (JSC::StorageBarrier::get): + +2011-09-08 Sam Weinig <sam@webkit.org> + + Remove the Completion object from JSC, I have never liked it + https://bugs.webkit.org/show_bug.cgi?id=67755 + + Reviewed by Gavin Barraclough. + + - Removes the Completion object and replaces its use with out parameter exceptions. + - Remove ComplType and virtual exceptionType() function on JSObject. Replace with + ClassInfo for InterruptedExecutionError and TerminatedExecutionError. + + * API/JSBase.cpp: + (JSEvaluateScript): + (JSCheckScriptSyntax): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::throwException): + * jsc.cpp: + (functionLoad): + (functionCheckSyntax): + (runWithScripts): + (runInteractive): + * runtime/Completion.cpp: + (JSC::checkSyntax): + (JSC::evaluate): + * runtime/Completion.h: + * runtime/ExceptionHelpers.cpp: + (JSC::InterruptedExecutionError::toString): + (JSC::TerminatedExecutionError::toString): + (JSC::createInterruptedExecutionException): + * runtime/ExceptionHelpers.h: + (JSC::InterruptedExecutionError::InterruptedExecutionError): + (JSC::InterruptedExecutionError::create): + (JSC::InterruptedExecutionError::createStructure): + (JSC::TerminatedExecutionError::TerminatedExecutionError): + (JSC::TerminatedExecutionError::create): + (JSC::TerminatedExecutionError::createStructure): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSObject.h: + +2011-09-08 Ryosuke Niwa <rniwa@webkit.org> + + Build fix. + + * dfg/DFGCapabilities.cpp: + +2011-09-08 Filip Pizlo <fpizlo@apple.com> + + Value profling and execution count profiling is performed even for + code that cannot be optimized + https://bugs.webkit.org/show_bug.cgi?id=67694 + + Reviewed by Gavin Barraclough. + + This is a 2% speed-up on V8 when tiered compilation is enabled. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::ProgramCodeBlock::canCompileWithDFG): + (JSC::EvalCodeBlock::canCompileWithDFG): + (JSC::FunctionCodeBlock::canCompileWithDFG): + * bytecode/CodeBlock.h: + * dfg/DFGCapabilities.cpp: Added. + (JSC::DFG::canCompileOpcodes): + * dfg/DFGCapabilities.h: Added. + (JSC::DFG::mightCompileEval): + (JSC::DFG::mightCompileProgram): + (JSC::DFG::mightCompileFunctionForCall): + (JSC::DFG::mightCompileFunctionForConstruct): + (JSC::DFG::canCompileOpcode): + (JSC::DFG::canCompileEval): + (JSC::DFG::canCompileProgram): + (JSC::DFG::canCompileFunctionForCall): + (JSC::DFG::canCompileFunctionForConstruct): + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + (JSC::JIT::privateCompile): + * jit/JIT.h: + (JSC::JIT::shouldEmitProfiling): + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + +2011-09-08 Filip Pizlo <fpizlo@apple.com> + + DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries + https://bugs.webkit.org/show_bug.cgi?id=67840 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::initializeVariableTypes): + +2011-09-08 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + https://bugs.webkit.org/show_bug.cgi?id=67771 + + Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace + and patchOffsetGetByIdSlowCaseCall + and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms. + + Reviewed by Gavin Barraclough. + + * jit/JIT.h: + * wtf/dtoa/utils.h: + +2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove getUInt32 from JSCell + https://bugs.webkit.org/show_bug.cgi?id=67691 + + Reviewed by Oliver Hunt. + + We don't use JSCell::getUInt32 anymore, so it has been removed. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + +2011-09-07 Filip Pizlo <fpizlo@apple.com> + + PPC build fix. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::~CodeBlock): + +2011-09-07 Oliver Hunt <oliver@apple.com> + + Release mode build fix. + + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::create): + +2011-09-06 Oliver Hunt <oliver@apple.com> + + Remove JSObjectWithGlobalObject + https://bugs.webkit.org/show_bug.cgi?id=67689 + + Reviewed by Geoff Garen. + + Remove JSObjectWithGlobalObject, and update code to stop using anonymous + storage to access the global object that a JSObject comes from. Largely + mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject. + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::JSCallbackConstructor): + (JSC::JSCallbackConstructor::finishCreation): + * API/JSCallbackConstructor.h: + * API/JSCallbackObject.cpp: + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::create): + * API/JSCallbackObjectFunctions.h: + (JSC::::JSCallbackObject): + (JSC::::finishCreation): + (JSC::::staticFunctionGetter): + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): + * API/JSObjectRef.cpp: + (JSObjectMake): + (JSObjectGetPrivate): + (JSObjectSetPrivate): + (JSObjectGetPrivateProperty): + (JSObjectSetPrivateProperty): + (JSObjectDeletePrivateProperty): + * API/JSValueRef.cpp: + (JSValueIsObjectOfClass): + * API/JSWeakObjectMapRefPrivate.cpp: + * JavaScriptCore.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgRepatchGetMethodFast): + (JSC::DFG::tryCacheGetMethod): + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateJSFunction): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::patchMethodCallProto): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/DatePrototype.cpp: + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::InternalFunction): + (JSC::InternalFunction::finishCreation): + * runtime/InternalFunction.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::finishCreation): + * runtime/JSFunction.h: + (JSC::JSFunction::create): + (JSC::JSFunction::createStructure): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSONObject.cpp: + (JSC::JSONObject::JSONObject): + (JSC::JSONObject::finishCreation): + * runtime/JSONObject.h: + * runtime/JSObject.h: + (JSC::JSObject::globalObject): + * runtime/JSObjectWithGlobalObject.cpp: Removed. + * runtime/JSObjectWithGlobalObject.h: Removed. + * runtime/JSValue.cpp: + (JSC::JSValue::isValidCallee): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/Lookup.h: + * runtime/MathObject.cpp: + (JSC::MathObject::MathObject): + (JSC::MathObject::finishCreation): + * runtime/MathObject.h: + * runtime/NumberPrototype.cpp: + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::RegExpObject): + (JSC::RegExpObject::finishCreation): + * runtime/RegExpObject.h: + * runtime/Structure.cpp: + (JSC::Structure::Structure): + * runtime/Structure.h: + (JSC::Structure::create): + (JSC::Structure::globalObject): + +2011-09-07 Gavin Barraclough <barraclough@apple.com> + + Refactor JIT checks for ObjectType into helper functions. + + Rubber stamped by Sam Weinig. + + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::branchIfNotObject): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.h: + * jit/JITCall32_64.cpp: + (JSC::JIT::emit_op_ret_object_or_this): + * jit/JITInlineMethods.h: + (JSC::JIT::emitJumpIfNotObject): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_instanceof): + (JSC::JIT::emit_op_ret_object_or_this): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_create_this): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_instanceof): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_create_this): + +2011-09-07 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r94627 and r94632. + http://trac.webkit.org/changeset/94627 + http://trac.webkit.org/changeset/94632 + https://bugs.webkit.org/show_bug.cgi?id=67698 + + It broke tests on GTK and Qt (Requested by Ossy on #webkit). + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::JSCallbackConstructor): + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::create): + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::JSCallbackFunction): + * API/JSCallbackFunction.h: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::create): + * debugger/DebuggerActivation.h: + * jsc.cpp: + (GlobalObject::constructorBody): + (GlobalObject::GlobalObject): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::ArrayConstructor): + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::ArrayPrototype): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::create): + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::BooleanConstructor): + * runtime/BooleanConstructor.h: + * runtime/BooleanObject.cpp: + (JSC::BooleanObject::BooleanObject): + * runtime/BooleanObject.h: + (JSC::BooleanObject::create): + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::DateConstructor): + * runtime/DateConstructor.h: + * runtime/DateInstance.cpp: + (JSC::DateInstance::DateInstance): + * runtime/DateInstance.h: + (JSC::DateInstance::create): + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::DatePrototype): + * runtime/DatePrototype.h: + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::ErrorConstructor): + * runtime/ErrorConstructor.h: + (JSC::ErrorConstructor::create): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::create): + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::FunctionConstructor): + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::FunctionPrototype): + * runtime/FunctionPrototype.h: + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::InternalFunction): + * runtime/InternalFunction.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): + * runtime/JSActivation.h: + (JSC::JSActivation::create): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::create): + (JSC::JSGlobalObject::JSGlobalObject): + * runtime/JSONObject.cpp: + (JSC::JSONObject::JSONObject): + * runtime/JSONObject.h: + (JSC::JSONObject::create): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::create): + (JSC::JSStaticScopeObject::JSStaticScopeObject): + * runtime/JSString.cpp: + (JSC::StringObject::create): + * runtime/MathObject.cpp: + (JSC::MathObject::MathObject): + * runtime/MathObject.h: + (JSC::MathObject::create): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::constructorBody): + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + (JSC::NativeErrorPrototype::constructorBody): + * runtime/NativeErrorPrototype.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::NumberConstructor): + * runtime/NumberConstructor.h: + * runtime/NumberObject.cpp: + (JSC::NumberObject::NumberObject): + * runtime/NumberObject.h: + (JSC::NumberObject::create): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::ObjectConstructor): + * runtime/ObjectConstructor.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::RegExpConstructor): + (JSC::RegExpMatchesArray::RegExpMatchesArray): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::create): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::RegExpObject): + * runtime/RegExpObject.h: + (JSC::RegExpObject::create): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::StringConstructor): + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + (JSC::StringObject::StringObject): + * runtime/StringObject.h: + (JSC::StringObject::create): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::StringPrototype): + * runtime/StringPrototype.h: + +2011-09-06 Xianzhu Wang <wangxianzhu@chromium.org> + + Replace usages of Vector<UChar> with existing StringBuilder + https://bugs.webkit.org/show_bug.cgi?id=67079 + + Reviewed by Gavin Barraclough. + + This is part of work to support 8-bit string buffers. + Adds StringBuilder::characters() because the original Vector<UChar>::data() + is widely used. + Sets the minimum size of buffer to 16 to prevent possible performance + regression. Further performance investigation should be done in + https://bugs.webkit.org/show_bug.cgi?id=67084. + + * wtf/Forward.h: + * wtf/text/StringBuilder.cpp: + (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes. + * wtf/text/StringBuilder.h: + (WTF::StringBuilder::operator[]): + (WTF::StringBuilder::characters): Added. + +2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com> + + Fix broken snow leopard build + https://bugs.webkit.org/show_bug.cgi?id=67693 + + Reviewed by Daniel Bates. + + Removed unnecessary symbol export. + + * JavaScriptCore.exp: + +2011-09-06 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not optimize booleans + https://bugs.webkit.org/show_bug.cgi?id=67670 + + Reviewed by Gavin Barraclough. + + This adds boolean value profiling, boolean prediction in the DFG, + boolean forward flow propagation in the DFGPropagator, boolean + data format in DFG generation info, and comprehensive optimizations + based on both boolean prediction and boolean generation info. + This is brings the speed-up on v8-richards to 12%, and gives slight + speed-ups elsewhere as well. + + Making this work right required navigating some subtleties in + value profiling. Some functions get compiled with insufficient + information because some important path of the function never + executed. In these cases, we wish to fall back on static + speculation. But to do so, we need to ensure that predictions that + are inherent in the code (like that GetById almost certainly takes + a cell operand) are reflected in predictions that we make in + DFGPropagator. Thus, DFGPropagator now does both backward and + forward flow, using a both forward and backward fixpoint. + + The backward flow in DFGPropagator is a separate static analysis, + and needs to keep a set of backward flow abstract values for + variables, arguments, and globals. To make this easy, this patch + factors out DFGGraph's prediction tracking capability into + DFGPredictionTracker, which now gets used by both DFGGraph (for + forward flow predictions) and DFGPropagator (for backward flow + predictions). Backward flow predictions eventually get merged + into forward flow ones, but the two are not equivalent: a forward + flow prediction is a superset of the backward flow prediction. + + Debugging these prediction issues required a better understanding + of where we fail speculation, and what our value predictions look + like. This patch also adds optional verbose speculation failure + (so an informative printf fires whenever speculation failure occurs) + and slight improvements to the verbosity in other places. + + * bytecode/ValueProfile.h: + (JSC::ValueProfile::numberOfBooleans): + (JSC::ValueProfile::probabilityOfBoolean): + (JSC::ValueProfile::dump): + (JSC::ValueProfile::computeStatistics): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::stronglyPredict): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGenerationInfo.h: + (JSC::DFG::dataFormatToString): + (JSC::DFG::needDataFormatConversion): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::Graph): + (JSC::DFG::Graph::predictions): + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::predictGlobalVar): + (JSC::DFG::Graph::getPrediction): + (JSC::DFG::Graph::getGlobalVarPrediction): + (JSC::DFG::Graph::isBooleanConstant): + (JSC::DFG::Graph::valueOfBooleanConstant): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::isKnownNotInteger): + (JSC::DFG::JITCodeGenerator::isKnownBoolean): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::emitBranch): + (JSC::DFG::JITCodeGenerator::speculationCheck): + (JSC::DFG::GPRTemporary::GPRTemporary): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::isBooleanConstant): + (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::debugCall): + (JSC::DFG::JITCompiler::isBooleanConstant): + (JSC::DFG::JITCompiler::valueOfBooleanConstant): + * dfg/DFGNode.h: + (JSC::DFG::isBooleanPrediction): + (JSC::DFG::predictionToString): + (JSC::DFG::mergePredictions): + (JSC::DFG::makePrediction): + (JSC::DFG::Node::isBooleanConstant): + (JSC::DFG::Node::valueOfBooleanConstant): + (JSC::DFG::Node::hasBooleanResult): + (JSC::DFG::Node::hasNumericResult): + (JSC::DFG::Node::predict): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPredictionTracker.h: Added. + (JSC::DFG::operandIsArgument): + (JSC::DFG::PredictionSlot::PredictionSlot): + (JSC::DFG::PredictionTracker::PredictionTracker): + (JSC::DFG::PredictionTracker::initializeSimilarTo): + (JSC::DFG::PredictionTracker::numberOfArguments): + (JSC::DFG::PredictionTracker::numberOfVariables): + (JSC::DFG::PredictionTracker::argumentOffsetForOperand): + (JSC::DFG::PredictionTracker::predictArgument): + (JSC::DFG::PredictionTracker::predict): + (JSC::DFG::PredictionTracker::predictGlobalVar): + (JSC::DFG::PredictionTracker::getArgumentPrediction): + (JSC::DFG::PredictionTracker::getPrediction): + (JSC::DFG::PredictionTracker::getGlobalVarPrediction): + * dfg/DFGPropagator.cpp: + (JSC::DFG::Propagator::Propagator): + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::setPrediction): + (JSC::DFG::Propagator::mergeUse): + (JSC::DFG::Propagator::mergePrediction): + (JSC::DFG::Propagator::propagateNode): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): + (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand): + (JSC::DFG::SpeculateBooleanOperand::index): + (JSC::DFG::SpeculateBooleanOperand::gpr): + (JSC::DFG::SpeculateBooleanOperand::use): + * runtime/JSGlobalData.h: + * runtime/JSValue.cpp: + (JSC::JSValue::description): + +2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com> + + Unzip initialization lists and constructors in JSCell hierarchy (5/7) + https://bugs.webkit.org/show_bug.cgi?id=67420 + + Reviewed by Geoffrey Garen. + + Completed the fifth level of the refactoring to add finishCreation() + methods to all classes within the JSCell hierarchy with non-trivial + constructor bodies. + + This primarily consists of pushing the calls to finishCreation() down + into the constructors of the subclasses of the second level of the hierarchy + as well as pulling the finishCreation() calls out into the class's corresponding + create() method if it has one. Doing both simultaneously allows us to + maintain the invariant that the finishCreation() method chain is called exactly + once during the creation of an object, since calling it any other number of + times (0, 2, or more) will cause an assertion failure. + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::JSCallbackConstructor): + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::create): + * API/JSCallbackFunction.cpp: + (JSC::JSCallbackFunction::JSCallbackFunction): + (JSC::JSCallbackFunction::finishCreation): + * API/JSCallbackFunction.h: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::create): + * jsc.cpp: + (GlobalObject::finishCreation): + (GlobalObject::GlobalObject): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::ArrayConstructor): + (JSC::ArrayConstructor::finishCreation): + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::ArrayPrototype): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::create): + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::BooleanConstructor): + (JSC::BooleanConstructor::finishCreation): + * runtime/BooleanConstructor.h: + * runtime/BooleanObject.cpp: + (JSC::BooleanObject::BooleanObject): + * runtime/BooleanObject.h: + (JSC::BooleanObject::create): + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + (JSC::BooleanPrototype::finishCreation): + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::DateConstructor): + (JSC::DateConstructor::finishCreation): + * runtime/DateConstructor.h: + * runtime/DateInstance.cpp: + (JSC::DateInstance::DateInstance): + * runtime/DateInstance.h: + (JSC::DateInstance::create): + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::DatePrototype): + (JSC::DatePrototype::finishCreation): + * runtime/DatePrototype.h: + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::ErrorConstructor): + (JSC::ErrorConstructor::finishCreation): + * runtime/ErrorConstructor.h: + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::create): + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::FunctionConstructor): + (JSC::FunctionConstructor::finishCreation): + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::FunctionPrototype): + (JSC::FunctionPrototype::finishCreation): + * runtime/FunctionPrototype.h: + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::InternalFunction): + * runtime/InternalFunction.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): + * runtime/JSActivation.h: + (JSC::JSActivation::create): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::create): + (JSC::JSGlobalObject::JSGlobalObject): + * runtime/JSONObject.cpp: + (JSC::JSONObject::JSONObject): + * runtime/JSONObject.h: + (JSC::JSONObject::create): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::create): + (JSC::JSStaticScopeObject::JSStaticScopeObject): + * runtime/JSString.cpp: + (JSC::StringObject::create): + * runtime/MathObject.cpp: + (JSC::MathObject::MathObject): + * runtime/MathObject.h: + (JSC::MathObject::create): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::finishCreation): + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + (JSC::NativeErrorPrototype::finishCreation): + * runtime/NativeErrorPrototype.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::NumberConstructor): + (JSC::NumberConstructor::finishCreation): + * runtime/NumberConstructor.h: + * runtime/NumberObject.cpp: + (JSC::NumberObject::NumberObject): + * runtime/NumberObject.h: + (JSC::NumberObject::create): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + (JSC::NumberPrototype::finishCreation): + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::ObjectConstructor): + (JSC::ObjectConstructor::finishCreation): + * runtime/ObjectConstructor.h: + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::RegExpConstructor): + (JSC::RegExpConstructor::finishCreation): + (JSC::RegExpMatchesArray::RegExpMatchesArray): + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::create): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::RegExpObject): + * runtime/RegExpObject.h: + (JSC::RegExpObject::create): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::StringConstructor): + (JSC::StringConstructor::finishCreation): + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + (JSC::StringObject::StringObject): + * runtime/StringObject.h: + (JSC::StringObject::create): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::StringPrototype): + (JSC::StringPrototype::finishCreation): + * runtime/StringPrototype.h: + +2011-09-06 Filip Pizlo <fpizlo@apple.com> + + Accessibility tests crashing in BasicRawSentinelNode code + https://bugs.webkit.org/show_bug.cgi?id=67682 + + Reviewed by Geoffrey Garen. + + A CodeBlock should ensure that no other CodeBlocks have references to it after + it is destroyed. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::~CodeBlock): + +2011-09-06 Yong Li <yoli@rim.com> + + https://bugs.webkit.org/show_bug.cgi?id=67486 + This reverts r65993 which gives wrong results for rshift + in some corner cases (see the test). + + Reviewed by Gavin Barraclough. + + New test: fast/js/floating-point-truncate-rshift.html + + * assembler/ARMAssembler.h: + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::supportsFloatingPointTruncate): + (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32): + +2011-09-06 Filip Pizlo <fpizlo@apple.com> + + Unreviewed build fix for r94559. + + Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded + new out-of-line JIT-specific method definitions with !ENABLE(JIT). + + * bytecode/CodeBlock.cpp: + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + +2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com> + + Fix broken PPC build due to new dtoa library + https://bugs.webkit.org/show_bug.cgi?id=67654 + + Reviewed by Dan Bernstein. + + Added condition for PPC in the new dtoa compatibility check so that + building won't fail. + + * wtf/dtoa/utils.h: + +2011-09-05 Oliver Hunt <oliver@apple.com> + + An object's structure should reference the global object responsible for its creation + https://bugs.webkit.org/show_bug.cgi?id=67624 + + Reviewed by Gavin Barraclough. + + Add a reference to a GlobalObject to Structure, and update all calls to + Structure::create() to pass the global object that is the origin for that + structure. For objects where the appropriate global object isn't available + at construction time (global object prototypes, etc), or objects that + logically don't have a global object (strings, etc) we just pass null. + + This change is largely mechanical (passing a new globalObject parameter + around). + + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::createStructure): + * API/JSCallbackFunction.h: + (JSC::JSCallbackFunction::createStructure): + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::createStructure): + * API/JSContextRef.cpp: + * JavaScriptCore.exp: + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::createStructure): + * runtime/Arguments.h: + (JSC::Arguments::createStructure): + * runtime/ArrayConstructor.h: + (JSC::ArrayConstructor::createStructure): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::createStructure): + * runtime/BooleanObject.h: + (JSC::BooleanObject::createStructure): + * runtime/BooleanPrototype.h: + (JSC::BooleanPrototype::createStructure): + * runtime/DateConstructor.h: + (JSC::DateConstructor::createStructure): + * runtime/DateInstance.h: + (JSC::DateInstance::createStructure): + * runtime/DatePrototype.h: + (JSC::DatePrototype::createStructure): + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::createStructure): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::createStructure): + * runtime/Executable.h: + (JSC::ExecutableBase::createStructure): + (JSC::NativeExecutable::createStructure): + (JSC::EvalExecutable::createStructure): + (JSC::ProgramExecutable::createStructure): + (JSC::FunctionExecutable::createStructure): + * runtime/FunctionPrototype.h: + (JSC::FunctionPrototype::createStructure): + * runtime/GetterSetter.h: + (JSC::GetterSetter::createStructure): + * runtime/InternalFunction.h: + (JSC::InternalFunction::createStructure): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + * runtime/JSActivation.h: + (JSC::JSActivation::createStructure): + * runtime/JSArray.h: + (JSC::JSArray::createStructure): + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::createStructure): + * runtime/JSByteArray.h: + * runtime/JSFunction.h: + (JSC::JSFunction::createStructure): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::finishCreation): + (JSC::JSGlobalObject::createStructure): + * runtime/JSNotAnObject.h: + (JSC::JSNotAnObject::createStructure): + * runtime/JSONObject.h: + (JSC::JSONObject::createStructure): + * runtime/JSObject.cpp: + (JSC::JSObject::createInheritorID): + * runtime/JSObject.h: + (JSC::JSObject::createStructure): + (JSC::JSNonFinalObject::createStructure): + (JSC::JSFinalObject::createStructure): + (JSC::createEmptyObjectStructure): + * runtime/JSObjectWithGlobalObject.h: + (JSC::JSObjectWithGlobalObject::createStructure): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::createStructure): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::createStructure): + * runtime/JSString.h: + (JSC::RopeBuilder::createStructure): + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::createStructure): + * runtime/JSWrapperObject.h: + (JSC::JSWrapperObject::createStructure): + * runtime/MathObject.h: + (JSC::MathObject::createStructure): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::createStructure): + (JSC::NativeErrorConstructor::constructorBody): + * runtime/NumberConstructor.h: + (JSC::NumberConstructor::createStructure): + * runtime/NumberObject.h: + (JSC::NumberObject::createStructure): + * runtime/NumberPrototype.h: + (JSC::NumberPrototype::createStructure): + * runtime/ObjectConstructor.h: + (JSC::ObjectConstructor::createStructure): + * runtime/ObjectPrototype.h: + (JSC::ObjectPrototype::createStructure): + * runtime/RegExp.h: + (JSC::RegExp::createStructure): + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::createStructure): + * runtime/RegExpObject.h: + (JSC::RegExpObject::createStructure): + * runtime/RegExpPrototype.h: + (JSC::RegExpPrototype::createStructure): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::createStructure): + * runtime/StrictEvalActivation.h: + (JSC::StrictEvalActivation::createStructure): + * runtime/StringConstructor.h: + (JSC::StringConstructor::createStructure): + * runtime/StringObject.h: + (JSC::StringObject::createStructure): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::create): + (JSC::StringObjectThatMasqueradesAsUndefined::createStructure): + * runtime/StringPrototype.h: + (JSC::StringPrototype::createStructure): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + (JSC::Structure::visitChildren): + * runtime/Structure.h: + (JSC::Structure::create): + (JSC::Structure::globalObject): + (JSC::Structure::setGlobalObject): + * runtime/StructureChain.h: + (JSC::StructureChain::createStructure): + +2011-09-06 Michael Saboff <msaboff@apple.com> + + Add windows changes for JSC:RegExp functional tests + https://bugs.webkit.org/show_bug.cgi?id=67521 + + Windows build changes for regular expression functional test. + + Rubber-stamped by Gavin Barraclough. + + * JavaScriptCore.vcproj/JavaScriptCore.sln: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/testRegExp: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added. + +2011-09-06 Filip Pizlo <fpizlo@apple.com> + + JavaScriptCore does not have tiered compilation + https://bugs.webkit.org/show_bug.cgi?id=67176 + + Reviewed by Gavin Barraclough. + + This adds the ability to have multiple CodeBlocks associated with + a particular role in an Executable. These are stored in + descending order of compiler tier. CodeBlocks are optimized when + a counter (m_executeCounter) that is incremented in loops and + epilogues becomes positive. Optimizing means that all calls to + the old CodeBlock are unlinked. + + The DFG can now pull in predictions from ValueProfiles, and + propagate them along the graph. To support the new phase while + maintaing some level of abstraction, a DFGDriver was introduced + that encapsulates how to run the DFG compiler. + + This is turned off by default because it's not yet a performance + win on all benchmarks. It speeds up crypto and richards by + 10% and 6% respectively, but still does not do as good of a job + as it could. Notably, the DFG backend has not changed, and + is largely oblivious to the new information being made available + to it. + + When turned off (the default), this patch is performance neutral. + + * CMakeLists.txt: + * GNUmakefile.am: + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::branchAdd32): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::branchAdd32): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::~CodeBlock): + (JSC::CodeBlock::visitAggregate): + (JSC::CallLinkInfo::unlink): + (JSC::CodeBlock::unlinkCalls): + (JSC::CodeBlock::unlinkIncomingCalls): + (JSC::CodeBlock::clearEvalCache): + (JSC::replaceExistingEntries): + (JSC::CodeBlock::copyDataFromAlternative): + (JSC::ProgramCodeBlock::replacement): + (JSC::EvalCodeBlock::replacement): + (JSC::FunctionCodeBlock::replacement): + (JSC::ProgramCodeBlock::compileOptimized): + (JSC::EvalCodeBlock::compileOptimized): + (JSC::FunctionCodeBlock::compileOptimized): + * bytecode/CodeBlock.h: + (JSC::GlobalCodeBlock::GlobalCodeBlock): + (JSC::ProgramCodeBlock::ProgramCodeBlock): + (JSC::EvalCodeBlock::EvalCodeBlock): + (JSC::FunctionCodeBlock::FunctionCodeBlock): + * bytecode/ValueProfile.h: + (JSC::ValueProfile::dump): + (JSC::ValueProfile::computeStatistics): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + * bytecompiler/BytecodeGenerator.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::addCall): + (JSC::DFG::ByteCodeParser::dynamicallyPredict): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::parse): + * dfg/DFGDriver.cpp: Added. + (JSC::DFG::compile): + (JSC::DFG::tryCompile): + (JSC::DFG::tryCompileFunction): + * dfg/DFGDriver.h: Added. + (JSC::DFG::tryCompile): + (JSC::DFG::tryCompileFunction): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::predictGlobalVar): + (JSC::DFG::Graph::isConstant): + (JSC::DFG::Graph::isJSConstant): + (JSC::DFG::Graph::isInt32Constant): + (JSC::DFG::Graph::isDoubleConstant): + (JSC::DFG::Graph::valueOfJSConstant): + (JSC::DFG::Graph::valueOfInt32Constant): + (JSC::DFG::Graph::valueOfDoubleConstant): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::isConstant): + (JSC::DFG::JITCompiler::isJSConstant): + (JSC::DFG::JITCompiler::isInt32Constant): + (JSC::DFG::JITCompiler::isDoubleConstant): + (JSC::DFG::JITCompiler::valueOfJSConstant): + (JSC::DFG::JITCompiler::valueOfInt32Constant): + (JSC::DFG::JITCompiler::valueOfDoubleConstant): + * dfg/DFGNode.h: + (JSC::DFG::isCellPrediction): + (JSC::DFG::isNumberPrediction): + (JSC::DFG::predictionToString): + (JSC::DFG::mergePrediction): + (JSC::DFG::makePrediction): + (JSC::DFG::Node::valueOfJSConstant): + (JSC::DFG::Node::isInt32Constant): + (JSC::DFG::Node::isDoubleConstant): + (JSC::DFG::Node::valueOfInt32Constant): + (JSC::DFG::Node::valueOfDoubleConstant): + (JSC::DFG::Node::predict): + * dfg/DFGPropagation.cpp: Added. + (JSC::DFG::Propagator::Propagator): + (JSC::DFG::Propagator::fixpoint): + (JSC::DFG::Propagator::setPrediction): + (JSC::DFG::Propagator::mergePrediction): + (JSC::DFG::Propagator::propagateNode): + (JSC::DFG::Propagator::propagateForward): + (JSC::DFG::Propagator::propagateBackward): + (JSC::DFG::propagate): + * dfg/DFGPropagation.h: Added. + (JSC::DFG::propagate): + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgLinkFor): + * heap/HandleHeap.h: + (JSC::HandleHeap::Node::Node): + * jit/JIT.cpp: + (JSC::JIT::emitOptimizationCheck): + (JSC::JIT::emitTimeoutCheck): + (JSC::JIT::privateCompile): + (JSC::JIT::linkFor): + * jit/JIT.h: + (JSC::JIT::emitOptimizationCheck): + * jit/JITCall32_64.cpp: + (JSC::JIT::emit_op_ret): + (JSC::JIT::emit_op_ret_object_or_this): + * jit/JITCode.h: + (JSC::JITCode::JITCode): + (JSC::JITCode::bottomTierJIT): + (JSC::JITCode::topTierJIT): + (JSC::JITCode::nextTierJIT): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_ret): + (JSC::JIT::emit_op_ret_object_or_this): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileOptimized): + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileOptimized): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileOptimizedForCall): + (JSC::FunctionExecutable::compileOptimizedForConstruct): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/Executable.h: + (JSC::EvalExecutable::compile): + (JSC::ProgramExecutable::compile): + (JSC::FunctionExecutable::compileForCall): + (JSC::FunctionExecutable::compileForConstruct): + (JSC::FunctionExecutable::compileOptimizedFor): + * wtf/Platform.h: + * wtf/SentinelLinkedList.h: + (WTF::BasicRawSentinelNode::BasicRawSentinelNode): + (WTF::BasicRawSentinelNode::setPrev): + (WTF::BasicRawSentinelNode::setNext): + (WTF::BasicRawSentinelNode::prev): + (WTF::BasicRawSentinelNode::next): + (WTF::BasicRawSentinelNode::isOnList): + (WTF::::remove): + (WTF::::SentinelLinkedList): + (WTF::::begin): + (WTF::::end): + (WTF::::push): + +2011-09-05 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r94445 and r94448. + http://trac.webkit.org/changeset/94445 + http://trac.webkit.org/changeset/94448 + https://bugs.webkit.org/show_bug.cgi?id=67595 + + It broke everything (Requested by ossy on #webkit). + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * heap/Heap.cpp: + (JSC::Heap::collect): + * heap/Heap.h: + * heap/NewSpace.cpp: + (JSC::NewSpace::NewSpace): + * heap/NewSpace.h: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSObject.cpp: + (JSC::JSObject::allocatePropertyStorage): + * runtime/JSObject.h: + (JSC::JSObject::~JSObject): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putDirectWithoutTransition): + (JSC::JSObject::putDirectFunctionWithoutTransition): + (JSC::JSObject::transitionTo): + (JSC::JSObject::visitChildrenDirect): + +2011-09-05 Patrick Gansterer <paroga@webkit.org> + + Unreviewed build fix for r94452. + + Add config.h as the first header to the cc files as required by the coding style. + Reuse macros from Assertions.h instead of adding addional #ifdefs. + + * wtf/dtoa/bignum-dtoa.cc: + * wtf/dtoa/bignum.cc: + * wtf/dtoa/cached-powers.cc: + * wtf/dtoa/diy-fp.cc: + * wtf/dtoa/double-conversion.cc: + * wtf/dtoa/fast-dtoa.cc: + * wtf/dtoa/fixed-dtoa.cc: + * wtf/dtoa/strtod.cc: + * wtf/dtoa/utils.h: + +2011-09-05 Andras Becsi <andras.becsi@nokia.com> + + [Qt][WK2] Fix the build + + Rubber-stamped by Csaba Osztrogonác. + + * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452. + The variable fractional_part is only set but never used. + +2011-09-04 Mark Hahnenberg <mhahnenberg@apple.com> + + REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release + https://bugs.webkit.org/show_bug.cgi?id=67562 + + Reviewed by Darin Adler. + + Fixing the build (again which was broken by the dtoa patch. Needed + to make sure WTF::double_conversion::initialize() is called for Qt + as well as adding a check for WinCE in dtoa/utils.h + + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + * wtf/dtoa/cached-powers.cc: + * wtf/dtoa/utils.h: + +2011-09-03 Filip Pizlo <fpizlo@apple.com> + + ThunkGenerators does not convert positive double zero into integer zero + https://bugs.webkit.org/show_bug.cgi?id=67553 + + Reviewed by Gavin Barraclough. + + This is an 0.5% speed-up on V8 and neutral elsewhere. + + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::returnDouble): + +2011-09-03 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed build fix. Add wtf/dtoa directory to build. + + * wscript: + +2011-09-03 Filip Pizlo <fpizlo@apple.com> + + DFG variable predictions only work for local variables, not temporaries + https://bugs.webkit.org/show_bug.cgi?id=67554 + + Reviewed by Gavin Barraclough. + + This appears to be a slight speed-up in Kraken (0.3% but significant) + and neutral elsewhere. + + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + +2011-09-02 Filip Pizlo <fpizlo@apple.com> + + DFG JIT speculation failure does recovery of additions in reverse and + doesn't rebox + https://bugs.webkit.org/show_bug.cgi?id=67551 + + Reviewed by Sam Weinig. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + +2011-09-02 Filip Pizlo <fpizlo@apple.com> + + ValueProfile does not make it safe to introspect cell values + after garbage collection + https://bugs.webkit.org/show_bug.cgi?id=67354 + + Reviewed by Gavin Barraclough. + + ValueProfile buckets are now weak references, implemented using a + light-weight weak reference mechanism that this patch also adds (the + WeakReferenceHarvester). If a cell stored in a ValueProfile bucket + is not marked, then the bucket is transformed into a Structure + pointer. If the Structure is not marked either, then it is turned + into a ClassInfo pointer. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::~CodeBlock): + (JSC::CodeBlock::visitAggregate): + (JSC::CodeBlock::visitWeakReferences): + * bytecode/CodeBlock.h: + * bytecode/ValueProfile.h: + (JSC::ValueProfile::ValueProfile): + (JSC::ValueProfile::classInfo): + (JSC::ValueProfile::numberOfInt32s): + (JSC::ValueProfile::numberOfDoubles): + (JSC::ValueProfile::numberOfCells): + (JSC::ValueProfile::numberOfArrays): + (JSC::ValueProfile::probabilityOfArray): + (JSC::ValueProfile::WeakBucket::WeakBucket): + (JSC::ValueProfile::WeakBucket::operator!): + (JSC::ValueProfile::WeakBucket::isEmpty): + (JSC::ValueProfile::WeakBucket::isClassInfo): + (JSC::ValueProfile::WeakBucket::isStructure): + (JSC::ValueProfile::WeakBucket::asStructure): + (JSC::ValueProfile::WeakBucket::asClassInfo): + (JSC::ValueProfile::WeakBucket::getClassInfo): + * heap/Heap.cpp: + (JSC::Heap::harvestWeakReferences): + (JSC::Heap::markRoots): + * heap/Heap.h: + * heap/MarkStack.cpp: + (JSC::SlotVisitor::drain): + (JSC::SlotVisitor::harvestWeakReferences): + * heap/MarkStack.h: + (JSC::MarkStack::addWeakReferenceHarvester): + (JSC::MarkStack::MarkStack): + (JSC::MarkStack::appendUnbarrieredPointer): + * heap/SlotVisitor.h: + * heap/WeakReferenceHarvester.h: Added. + (JSC::WeakReferenceHarvester::WeakReferenceHarvester): + (JSC::WeakReferenceHarvester::~WeakReferenceHarvester): + +2011-09-02 Michael Saboff <msaboff@apple.com> + + Replace local implementation of string equals() methods with UString versions + https://bugs.webkit.org/show_bug.cgi?id=67342 + + In preparation to allowing StringImpl to be backed by 8 bit + characters when appropriate, we need to eliminate or change the + usage of StringImpl::characters(). Change the uses of characters() + that are used to implement redundant equals() methods. + + Reviewed by Gavin Barraclough. + + * runtime/Identifier.cpp: + (JSC::Identifier::equal): + * runtime/Identifier.h: + (JSC::Identifier::equal): + * wtf/text/AtomicString.cpp: + (WTF::CStringTranslator::equal): Moved an optimized method to here. + (WTF::operator==): + * wtf/text/StringImpl.cpp: + (WTF::equal): + * wtf/text/StringImpl.h: + +2011-09-02 Michael Saboff <msaboff@apple.com> + + Add JSC:RegExp functional tests + https://bugs.webkit.org/show_bug.cgi?id=67339 + + Added new test driver program (testRegExp) and corresponding data file + along with build scripts changes. + + Reviewed by Gavin Barraclough. + + * JavaScriptCore.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * testRegExp.cpp: Added. + (Options::Options): + (StopWatch::start): + (StopWatch::stop): + (StopWatch::getElapsedMS): + (RegExpTest::RegExpTest): + (GlobalObject::create): + (GlobalObject::className): + (GlobalObject::GlobalObject): + (main): + (cleanupGlobalData): + (testOneRegExp): + (scanString): + (parseRegExpLine): + (parseTestLine): + (runFromFiles): + (printUsageStatement): + (parseArguments): + (realMain): + * tests/regexp: Added. + * tests/regexp/RegExpTest.data: Added. + +2011-09-02 Michael Saboff <msaboff@apple.com> + + Add JSC:RegExp functional test data generator + https://bugs.webkit.org/show_bug.cgi?id=67519 + + Add a data generator for regular expressions. To enable, change the + #undef REGEXP_FUNC_TEST_DATA_GEN to #define. Then compile and use + regular expressions. The resulting data will be in /tmp/RegExpTestsData. + + Reviewed by Gavin Barraclough. + + * runtime/RegExp.cpp: + (JSC::regExpFlags): + (JSC::RegExpFunctionalTestCollector::clearRegExp): + (JSC::RegExpFunctionalTestCollector::get): + (JSC::RegExpFunctionalTestCollector::outputOneTest): + (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector): + (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector): + (JSC::RegExpFunctionalTestCollector::outputEscapedUString): + (JSC::RegExp::~RegExp): + (JSC::RegExp::compile): + (JSC::RegExp::match): + (JSC::RegExp::matchCompareWithInterpreter): + +2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com> + + Fix the broken build due to dtoa patch + https://bugs.webkit.org/show_bug.cgi?id=67534 + + Reviewed by Oliver Hunt. + + Fixing the build. + + * GNUmakefile.list.am: + * wtf/dtoa/bignum.cc: + * wtf/dtoa/fast-dtoa.cc: + * wtf/dtoa/utils.h: + +2011-09-02 Oliver Hunt <oliver@apple.com> + + Remove OldSpace classes + https://bugs.webkit.org/show_bug.cgi?id=67533 + + Reviewed by Gavin Barraclough. + + Remove the unused OldSpace classes + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/Heap.cpp: + (JSC::Heap::writeBarrierSlowCase): + * heap/MarkedBlock.h: + * heap/OldSpace.cpp: Removed. + * heap/OldSpace.h: Removed. + +2011-09-02 James Robinson <jamesr@chromium.org> + + Compile fix for mac build. + + * wtf/CheckedArithmetic.h: + (WTF::operator+): + (WTF::operator-): + (WTF::operator*): + +2011-08-30 Matthew Delaney <mdelaney@apple.com> + + Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData + https://bugs.webkit.org/show_bug.cgi?id=65352 + + Reviewed by Simon Fraser. + + New test: fast/canvas/canvas-getImageData-large-crash.html + + This patch prevents overflows from happening in getImageData, createImageData, and canvas creation + calls that specify widths and heights that end up overflowing the ints that we store those values in + as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer + arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC + is just to add a new helper method described below. + + * wtf/MathExtras.h: + (isWithinIntRange): Reports if a float's value is within the range expressible by an int. + +2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com> + + Incorporate newer, faster dtoa library + https://bugs.webkit.org/show_bug.cgi?id=66346 + + Reviewed by Oliver Hunt. + + Added new dtoa library at http://code.google.com/p/double-conversion/. + Replaced old call to dtoa. The new library is much faster than the old one. + We still use the old dtoa for some stuff in WebCore as well as the old strtod, + but we can phase these out eventually as well. + + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/InitializeThreading.cpp: + * runtime/NumberPrototype.cpp: + (JSC::numberProtoFuncToExponential): + (JSC::numberProtoFuncToFixed): + (JSC::numberProtoFuncToPrecision): + * runtime/UString.cpp: + (JSC::UString::number): + * wtf/CMakeLists.txt: + * wtf/ThreadingPthreads.cpp: + (WTF::initializeThreading): + * wtf/ThreadingWin.cpp: + (WTF::initializeThreading): + * wtf/dtoa.cpp: + (WTF::dtoa): + * wtf/dtoa.h: + * wtf/dtoa/COPYING: Added. + * wtf/dtoa/LICENSE: Added. + * wtf/dtoa/README: Added. + * wtf/dtoa/bignum-dtoa.cc: Added. + * wtf/dtoa/bignum-dtoa.h: Added. + * wtf/dtoa/bignum.cc: Added. + * wtf/dtoa/bignum.h: Added. + (WTF::double_conversion::Bignum::Times10): + (WTF::double_conversion::Bignum::Equal): + (WTF::double_conversion::Bignum::LessEqual): + (WTF::double_conversion::Bignum::Less): + (WTF::double_conversion::Bignum::PlusEqual): + (WTF::double_conversion::Bignum::PlusLessEqual): + (WTF::double_conversion::Bignum::PlusLess): + (WTF::double_conversion::Bignum::EnsureCapacity): + (WTF::double_conversion::Bignum::BigitLength): + * wtf/dtoa/cached-powers.cc: Added. + * wtf/dtoa/cached-powers.h: Added. + * wtf/dtoa/diy-fp.cc: Added. + * wtf/dtoa/diy-fp.h: Added. + (WTF::double_conversion::DiyFp::DiyFp): + (WTF::double_conversion::DiyFp::Subtract): + (WTF::double_conversion::DiyFp::Minus): + (WTF::double_conversion::DiyFp::Times): + (WTF::double_conversion::DiyFp::Normalize): + (WTF::double_conversion::DiyFp::f): + (WTF::double_conversion::DiyFp::e): + (WTF::double_conversion::DiyFp::set_f): + (WTF::double_conversion::DiyFp::set_e): + * wtf/dtoa/double-conversion.cc: Added. + * wtf/dtoa/double-conversion.h: Added. + (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter): + (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter): + * wtf/dtoa/double.h: Added. + (WTF::double_conversion::double_to_uint64): + (WTF::double_conversion::uint64_to_double): + (WTF::double_conversion::Double::Double): + (WTF::double_conversion::Double::AsDiyFp): + (WTF::double_conversion::Double::AsNormalizedDiyFp): + (WTF::double_conversion::Double::AsUint64): + (WTF::double_conversion::Double::NextDouble): + (WTF::double_conversion::Double::Exponent): + (WTF::double_conversion::Double::Significand): + (WTF::double_conversion::Double::IsDenormal): + (WTF::double_conversion::Double::IsSpecial): + (WTF::double_conversion::Double::IsNan): + (WTF::double_conversion::Double::IsInfinite): + (WTF::double_conversion::Double::Sign): + (WTF::double_conversion::Double::UpperBoundary): + (WTF::double_conversion::Double::NormalizedBoundaries): + (WTF::double_conversion::Double::value): + (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude): + (WTF::double_conversion::Double::Infinity): + (WTF::double_conversion::Double::NaN): + (WTF::double_conversion::Double::DiyFpToUint64): + * wtf/dtoa/fast-dtoa.cc: Added. + * wtf/dtoa/fast-dtoa.h: Added. + * wtf/dtoa/fixed-dtoa.cc: Added. + * wtf/dtoa/fixed-dtoa.h: Added. + * wtf/dtoa/strtod.cc: Added. + * wtf/dtoa/strtod.h: Added. + * wtf/dtoa/utils.h: Added. + (WTF::double_conversion::Max): + (WTF::double_conversion::Min): + (WTF::double_conversion::StrLength): + (WTF::double_conversion::Vector::Vector): + (WTF::double_conversion::Vector::SubVector): + (WTF::double_conversion::Vector::length): + (WTF::double_conversion::Vector::is_empty): + (WTF::double_conversion::Vector::start): + (WTF::double_conversion::Vector::operator[]): + (WTF::double_conversion::Vector::first): + (WTF::double_conversion::Vector::last): + (WTF::double_conversion::StringBuilder::StringBuilder): + (WTF::double_conversion::StringBuilder::~StringBuilder): + (WTF::double_conversion::StringBuilder::size): + (WTF::double_conversion::StringBuilder::position): + (WTF::double_conversion::StringBuilder::Reset): + (WTF::double_conversion::StringBuilder::AddCharacter): + (WTF::double_conversion::StringBuilder::AddString): + (WTF::double_conversion::StringBuilder::AddSubstring): + (WTF::double_conversion::StringBuilder::AddPadding): + (WTF::double_conversion::StringBuilder::Finalize): + (WTF::double_conversion::StringBuilder::is_finalized): + (WTF::double_conversion::BitCast): + * wtf/wtf.pri: + +2011-09-02 Filip Pizlo <fpizlo@apple.com> + + DFG graph has no way of distinguishing or reconciling between static + and dynamic predictions + https://bugs.webkit.org/show_bug.cgi?id=67343 + + Reviewed by Gavin Barraclough. + + PredictedType now stores the source of the prediction. Merging predictions, + which was previously done with a bitwise or, is now done via the + mergePredictions (equivalent to |) and mergePrediction (equivalent to |=) + functions, which correctly handle combinations of static and dynamic. + + This is performance-neutral, since all predictions are currently static and + so the code has no visible effects. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::staticallyPredictArray): + (JSC::DFG::ByteCodeParser::staticallyPredictInt32): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::predictGlobalVar): + * dfg/DFGNode.h: + (JSC::DFG::isArrayPrediction): + (JSC::DFG::isInt32Prediction): + (JSC::DFG::isDoublePrediction): + (JSC::DFG::isDynamicPrediction): + (JSC::DFG::mergePredictions): + (JSC::DFG::mergePrediction): + (JSC::DFG::makePrediction): + (JSC::DFG::Node::predict): + +2011-09-02 Oliver Hunt <oliver@apple.com> + + Fix 32bit build. + + * heap/NewSpace.h: + (JSC::NewSpace::allocatePropertyStorage): + (JSC::NewSpace::inPropertyStorageNursery): + +2011-09-02 Oliver Hunt <oliver@apple.com> + + Use bump allocator for initial property storage + https://bugs.webkit.org/show_bug.cgi?id=67494 + + Reviewed by Gavin Barraclough. + + Switch to a bump allocator for the initial out of line + property storage. This gives us slightly faster allocation + for short lived objects that need out of line storage at + the cost of an additional memcpy when the object survives + a GC pass. + + No performance impact. + + * JavaScriptCore.exp: + * heap/Heap.cpp: + (JSC::Heap::collect): + * heap/Heap.h: + (JSC::Heap::allocatePropertyStorage): + (JSC::Heap::inPropertyStorageNursary): + * heap/NewSpace.cpp: + (JSC::NewSpace::NewSpace): + * heap/NewSpace.h: + (JSC::NewSpace::resetPropertyStorageNursary): + (JSC::NewSpace::allocatePropertyStorage): + (JSC::NewSpace::inPropertyStorageNursary): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSObject.cpp: + (JSC::JSObject::allocatePropertyStorage): + * runtime/JSObject.h: + (JSC::JSObject::~JSObject): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putDirectWithoutTransition): + (JSC::JSObject::putDirectFunctionWithoutTransition): + (JSC::JSObject::transitionTo): + (JSC::JSObject::visitChildrenDirect): + +2011-09-01 Mark Rowe <mrowe@apple.com> + + Fix the build. + + * JavaScriptCore.JSVALUE32_64only.exp: + * JavaScriptCore.JSVALUE64only.exp: + * JavaScriptCore.exp: + +2011-09-01 Mark Hahnenberg <mhahnenberg@apple.com> + + Unzip initialization lists and constructors in JSCell hierarchy (4/7) + https://bugs.webkit.org/show_bug.cgi?id=67174 + + Reviewed by Oliver Hunt. + + Completed the fourth level of the refactoring to add finishCreation() + methods to all classes within the JSCell hierarchy with non-trivial + constructor bodies. + + This primarily consists of pushing the calls to finishCreation() down + into the constructors of the subclasses of the second level of the hierarchy + as well as pulling the finishCreation() calls out into the class's corresponding + create() method if it has one. Doing both simultaneously allows us to + maintain the invariant that the finishCreation() method chain is called exactly + once during the creation of an object, since calling it any other number of + times (0, 2, or more) will cause an assertion failure. + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::JSCallbackConstructor): + (JSC::JSCallbackConstructor::finishCreation): + * API/JSCallbackConstructor.h: + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::create): + * API/JSCallbackObjectFunctions.h: + (JSC::::JSCallbackObject): + (JSC::::finishCreation): + * JavaScriptCore.JSVALUE64only.exp: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::DebuggerActivation): + (JSC::DebuggerActivation::create): + * debugger/DebuggerActivation.h: + * runtime/Arguments.h: + (JSC::Arguments::create): + (JSC::Arguments::createNoParameters): + (JSC::Arguments::Arguments): + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::ArrayPrototype): + (JSC::ArrayPrototype::finishCreation): + * runtime/ArrayPrototype.h: + * runtime/BooleanObject.cpp: + (JSC::BooleanObject::BooleanObject): + (JSC::BooleanObject::finishCreation): + * runtime/BooleanObject.h: + * runtime/DateInstance.cpp: + (JSC::DateInstance::DateInstance): + (JSC::DateInstance::finishCreation): + * runtime/DateInstance.h: + * runtime/ErrorInstance.cpp: + (JSC::ErrorInstance::ErrorInstance): + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::create): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + (JSC::ErrorPrototype::finishCreation): + * runtime/ErrorPrototype.h: + * runtime/ExceptionHelpers.cpp: + (JSC::InterruptedExecutionError::InterruptedExecutionError): + (JSC::InterruptedExecutionError::create): + (JSC::TerminatedExecutionError::TerminatedExecutionError): + (JSC::TerminatedExecutionError::create): + * runtime/Executable.cpp: + (JSC::EvalExecutable::EvalExecutable): + (JSC::ProgramExecutable::ProgramExecutable): + (JSC::FunctionExecutable::FunctionExecutable): + * runtime/Executable.h: + (JSC::NativeExecutable::create): + (JSC::NativeExecutable::NativeExecutable): + (JSC::EvalExecutable::create): + (JSC::ProgramExecutable::create): + (JSC::FunctionExecutable::create): + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::InternalFunction): + (JSC::InternalFunction::finishCreation): + * runtime/InternalFunction.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): + (JSC::JSActivation::finishCreation): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::JSArray): + * runtime/JSArray.h: + (JSC::JSArray::create): + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::JSByteArray): + * runtime/JSByteArray.h: + (JSC::JSByteArray::create): + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::finishCreation): + * runtime/JSFunction.h: + (JSC::JSFunction::create): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::JSGlobalObject): + (JSC::JSGlobalObject::finishCreation): + * runtime/JSNotAnObject.h: + (JSC::JSNotAnObject::JSNotAnObject): + (JSC::JSNotAnObject::create): + * runtime/JSONObject.cpp: + (JSC::JSONObject::JSONObject): + (JSC::JSONObject::finishCreation): + * runtime/JSONObject.h: + * runtime/JSObjectWithGlobalObject.cpp: + (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject): + * runtime/JSObjectWithGlobalObject.h: + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::create): + (JSC::JSStaticScopeObject::finishCreation): + (JSC::JSStaticScopeObject::JSStaticScopeObject): + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::JSVariableObject): + * runtime/JSWrapperObject.h: + (JSC::JSWrapperObject::JSWrapperObject): + * runtime/MathObject.cpp: + (JSC::MathObject::MathObject): + (JSC::MathObject::finishCreation): + * runtime/MathObject.h: + * runtime/NumberObject.cpp: + (JSC::NumberObject::NumberObject): + (JSC::NumberObject::finishCreation): + * runtime/NumberObject.h: + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::ObjectPrototype): + * runtime/ObjectPrototype.h: + (JSC::ObjectPrototype::create): + * runtime/RegExpConstructor.cpp: + (JSC::RegExpMatchesArray::RegExpMatchesArray): + (JSC::RegExpMatchesArray::finishCreation): + * runtime/RegExpMatchesArray.h: + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::RegExpObject): + (JSC::RegExpObject::finishCreation): + * runtime/RegExpObject.h: + * runtime/StrictEvalActivation.cpp: + (JSC::StrictEvalActivation::StrictEvalActivation): + * runtime/StrictEvalActivation.h: + (JSC::StrictEvalActivation::create): + * runtime/StringObject.cpp: + (JSC::StringObject::StringObject): + (JSC::StringObject::finishCreation): + * runtime/StringObject.h: + +2011-09-01 Daniel Bates <dbates@rim.com> + + QNX GCC distribution doesn't support vasprintf() + https://bugs.webkit.org/show_bug.cgi?id=67423 + + Reviewed by Antonio Gomes. + + * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX. + +2011-09-01 Michael Saboff <msaboff@apple.com> + + Remove simple usage of UString::characters() from JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=67340 + + In preparation to allowing StringImpl to be backed by 8 bit + characters when appropriate, we need to eliminate or change the + usage of StringImpl::characters(). Most of the changes below + change s->characters()[0] to s[0]. + + Reviewed by Geoffrey Garen. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::keyForCharacterSwitch): + * bytecompiler/NodesCodegen.cpp: + (JSC::processClauseList): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Identifier.cpp: + (JSC::Identifier::addSlowCase): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::jsToNumber): + (JSC::parseFloat): + * runtime/JSString.cpp: + (JSC::JSString::substringFromRope): + * runtime/JSString.h: + (JSC::jsSingleCharacterSubstring): + (JSC::jsString): + (JSC::jsSubstring): + (JSC::jsOwnedString): + * runtime/RegExp.cpp: + (JSC::regExpFlags): + * wtf/text/StringBuilder.h: + (WTF::StringBuilder::operator[]): + +2011-09-01 Ada Chan <adachan@apple.com> + + Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160. + + Reviewed by Darin Adler. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-09-01 Hao Zheng <zhenghao@chromium.org> + + Define PTHREAD_KEYS_MAX to fix Android port build. + https://bugs.webkit.org/show_bug.cgi?id=67362 + + Reviewed by Adam Barth. + + PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it. + + * wtf/ThreadIdentifierDataPthreads.cpp: + +2011-08-31 Oliver Hunt <oliver@apple.com> + + Fix build. + + * wtf/CheckedArithmetic.h: + (WTF::Checked::Checked): + (WTF::Checked::operator=): + +2011-08-31 Oliver Hunt <oliver@apple.com> + + fast/regex/overflow.html asserts in debug builds + https://bugs.webkit.org/show_bug.cgi?id=67326 + + Reviewed by Gavin Barraclough. + + The deliberate overflows in these expressions don't interact nicely + with Checked<32bit-type> so we just bump up to Checked<int64_t> for the + intermediate calculations. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): + (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): + +2011-08-31 Jeff Miller <jeffm@apple.com> + + REGRESSION(92210): AVFoundation media engine is disabled on OS X + https://bugs.webkit.org/show_bug.cgi?id=67316 + + Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h, + since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the + changes that were made in r92210. + + Reviewed by Darin Adler. + + * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac. + +2011-08-31 Peter Beverloo <peter@chromium.org> + + Add Android's platform specification and the right atomic functions. + https://bugs.webkit.org/show_bug.cgi?id=66687 + + Reviewed by Adam Barth. + + * wtf/Atomics.h: + (WTF::atomicIncrement): + (WTF::atomicDecrement): + * wtf/Platform.h: + +2011-08-30 Oliver Hunt <oliver@apple.com> + + Add support for checked arithmetic + https://bugs.webkit.org/show_bug.cgi?id=67095 + + Reviewed by Sam Weinig. + + Add a checked arithmetic class Checked<T> that provides overflow-safe + arithmetic over all integral types. Checked<T> supports addition, subtraction + and multiplication, along with "bool" conversions and equality operators. + + Checked<> can be used in either CRASH() on overflow or delayed failure modes, + although the default is to CRASH(). + + To ensure the code is actually in use (rather than checking in dead code) I've + made a couple of properties in YARR use Checked<int> and Checked<unsigned> + instead of raw value arithmetic. This has resulted in a moderate set of changes, + to YARR - mostly adding .get() calls, but a couple of casts from unsigned long + to unsigned for some uses of sizeof, as Checked<> currently does not support + mixed signed-ness of types wider that 32 bits. + + Happily the increased type safety of Checked<> means that it's not possible to + accidentally assign away precision, nor accidentally call integer overload of + a function instead of the bool version. + + No measurable regression in performance, and SunSpider claims this patch to be + a progression of 0.3%. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CheckedArithmetic.h: Added. + (WTF::CrashOnOverflow::overflowed): + (WTF::CrashOnOverflow::clearOverflow): + (WTF::CrashOnOverflow::hasOverflowed): + (WTF::RecordOverflow::RecordOverflow): + (WTF::RecordOverflow::overflowed): + (WTF::RecordOverflow::clearOverflow): + (WTF::RecordOverflow::hasOverflowed): + (WTF::isInBounds): + (WTF::safeAdd): + (WTF::safeSub): + (WTF::safeMultiply): + (WTF::safeEquals): + (WTF::workAroundClangBug): + (WTF::Checked::Checked): + (WTF::Checked::operator=): + (WTF::Checked::operator++): + (WTF::Checked::operator--): + (WTF::Checked::operator!): + (WTF::Checked::operator UnspecifiedBoolType*): + (WTF::Checked::get): + (WTF::Checked::operator+=): + (WTF::Checked::operator-=): + (WTF::Checked::operator*=): + (WTF::Checked::operator==): + (WTF::Checked::operator!=): + (WTF::operator+): + (WTF::operator-): + (WTF::operator*): + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::ByteCompiler::atomPatternCharacter): + (JSC::Yarr::ByteCompiler::atomCharacterClass): + (JSC::Yarr::ByteCompiler::atomBackReference): + (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd): + (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd): + (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd): + (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd): + * yarr/YarrInterpreter.h: + (JSC::Yarr::ByteTerm::ByteTerm): + (JSC::Yarr::ByteTerm::CheckInput): + (JSC::Yarr::ByteTerm::UncheckInput): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generateAssertionEOL): + (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): + (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): + (JSC::Yarr::YarrGenerator::generateCharacterClassOnce): + (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): + (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy): + (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets): + * yarr/YarrPattern.h: + +2011-08-31 Andrei Popescu <andreip@google.com> + + Investigate current uses of OS(ANDROID) + https://bugs.webkit.org/show_bug.cgi?id=66761 + + Unreviewed, build fix for ARM platforms. + + * wtf/Platform.h: + +2011-08-31 Andrei Popescu <andreip@google.com> + + Investigate current uses of OS(ANDROID) + https://bugs.webkit.org/show_bug.cgi?id=66761 + + Reviewed by Darin Adler. + + Remove the last legacy Android code. + + No new tests needed as the code wasn't tested in the first place. + + * wtf/Atomics.h: + * wtf/Platform.h: + * wtf/ThreadingPthreads.cpp: + (WTF::createThreadInternal): + +2011-08-30 Aaron Colwell <acolwell@chromium.org> + + Add MediaSource API to HTMLMediaElement + https://bugs.webkit.org/show_bug.cgi?id=64731 + + Reviewed by Eric Carlson. + + * Configurations/FeatureDefines.xcconfig: + +2011-08-30 Oliver Hunt <oliver@apple.com> + + TypedArrays don't ensure that denormalised values are normalised + https://bugs.webkit.org/show_bug.cgi?id=67178 + + Reviewed by Gavin Barraclough. + + Add a couple of assertions to jsNumber() to ensure that + we block signaling NaNs + + * runtime/JSValue.h: + (JSC::jsDoubleNumber): + (JSC::jsNumber): + +2011-08-30 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org> + + [Qt] Do not unconditionally use pkg-config in .pro files + https://bugs.webkit.org/show_bug.cgi?id=67055 + + Reviewed by Andreas Kling. + + Original patch from Rohan McGovern <rohan.mcgovern@nokia.com> + + Using the first pkg-config in PATH is prone to errors when cross + compiling inside the Qt repository (using Qt's build-system). + + This patch protect calls for pkg-config with + !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to + QT_CONFIG by Qt's 'configure' when cross-compiling on systems + without pkg-config. + + The respective change in Qt's configure has been submited already. + + No new tests as this is just a build change. + + * wtf/wtf.pri: protect pkg-config calls + +2011-08-29 Daniel Bates <dbates@webkit.org> + + Add HAVE(VASPRINTF) macro to test for vasprintf() support + https://bugs.webkit.org/show_bug.cgi?id=67156 + + Reviewed by Darin Adler. + + Encapsulate testing of vasprintf() support in a HAVE macro + instead of hardcoding the list of supported/unsupported + compilers at the call site. + + * wtf/Platform.h: + +2011-08-29 Mark Hahnenberg <mhahnenberg@apple.com> + + Unzip initialization lists and constructors in JSCell hierarchy (3/7) + https://bugs.webkit.org/show_bug.cgi?id=67064 + + Reviewed by Darin Adler. + + Completed the third level of the refactoring to add finishCreation() + methods to all classes within the JSCell hierarchy with non-trivial + constructor bodies. + + This primarily consists of pushing the calls to finishCreation() down + into the constructors of the subclasses of the second level of the hierarchy + as well as pulling the finishCreation() calls out into the class's corresponding + create() method if it has one. Doing both simultaneously allows us to + maintain the invariant that the finishCreation() method chain is called exactly + once during the creation of an object, since calling it any other number of + times (0, 2, or more) will cause an assertion failure. + + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::DebuggerActivation): + (JSC::DebuggerActivation::finishCreation): + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::create): + * runtime/Arguments.h: + (JSC::Arguments::create): + (JSC::Arguments::createNoParameters): + (JSC::Arguments::Arguments): + (JSC::Arguments::finishCreation): + * runtime/ErrorInstance.cpp: + (JSC::ErrorInstance::ErrorInstance): + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::finishCreation): + * runtime/ExceptionHelpers.cpp: + (JSC::InterruptedExecutionError::InterruptedExecutionError): + (JSC::TerminatedExecutionError::TerminatedExecutionError): + * runtime/Executable.cpp: + (JSC::EvalExecutable::EvalExecutable): + (JSC::ProgramExecutable::ProgramExecutable): + (JSC::FunctionExecutable::FunctionExecutable): + Moved the assignment of m_firstLine and m_lastLine into the + FunctionExecutable::finishCreation() method in Executable.h + * runtime/Executable.h: + (JSC::ScriptExecutable::ScriptExecutable): + (JSC::EvalExecutable::create): + (JSC::ProgramExecutable::create): + (JSC::FunctionExecutable::create): + (JSC::FunctionExecutable::finishCreation): + * runtime/JSArray.cpp: + (JSC::JSArray::JSArray): + (JSC::JSArray::finishCreation): + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::JSByteArray): + * runtime/JSByteArray.h: + (JSC::JSByteArray::finishCreation): + * runtime/JSNotAnObject.h: + (JSC::JSNotAnObject::JSNotAnObject): + * runtime/JSObject.h: + (JSC::JSNonFinalObject::JSNonFinalObject): + * runtime/JSObjectWithGlobalObject.cpp: + (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject): + (JSC::JSObjectWithGlobalObject::finishCreation): + * runtime/JSObjectWithGlobalObject.h: + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::JSVariableObject): + (JSC::JSVariableObject::finishCreation): + * runtime/JSWrapperObject.h: + (JSC::JSWrapperObject::JSWrapperObject): + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::ObjectPrototype): + (JSC::ObjectPrototype::finishCreation): + * runtime/ObjectPrototype.h: + * runtime/StrictEvalActivation.cpp: + (JSC::StrictEvalActivation::StrictEvalActivation): + +2011-08-29 Andreas Kling <kling@webkit.org> + + Unreviewed build fix after r93990. + + * wtf/HashTable.h: + +2011-08-29 Andreas Kling <kling@webkit.org> + + Viewing a post on reddit.com wastes a lot of memory on event listeners. + https://bugs.webkit.org/show_bug.cgi?id=67133 + + Reviewed by Darin Adler. + + Add a minimum table size to the HashTraits, instead of having it hard coded. + The default value remains at 64, but can now be specialized. + + * runtime/StructureTransitionTable.h: + * wtf/HashTable.h: + (WTF::HashTable::shouldShrink): + (WTF::::expand): + (WTF::::checkTableConsistencyExceptSize): + * wtf/HashTraits.h: + +2011-08-28 Jonathan Liu <net147@gmail.com> + + Fix build error when compiling with MinGW-w64 by disabling JIT + on Windows 64-bit + https://bugs.webkit.org/show_bug.cgi?id=61235 + + Reviewed by Gavin Barraclough. + + The fixed mmap executable allocator for JIT on x86_64 requires + sys/mman.h which is not available on Windows. + + * wtf/Platform.h: + +2011-08-27 Filip Pizlo <fpizlo@apple.com> + + JSC::Executable is inconsistent about using weak handle finalizers + and destructors for releasing memory + https://bugs.webkit.org/show_bug.cgi?id=67072 + + Reviewed by Darin Adler. + + Moved more of the destruction of Executable state into the finalizer, + which also resulted in an opportunity to mostly combine this with + discardCode(). This also means that the finalizer is now enabled even + when the JIT is turned off. This is performance neutral on SunSpider, + V8, and Kraken. + + * runtime/Executable.cpp: + (JSC::ExecutableBase::clearCode): + (JSC::ExecutableFinalizer::finalize): + (JSC::EvalExecutable::clearCode): + (JSC::ProgramExecutable::clearCode): + (JSC::FunctionExecutable::discardCode): + (JSC::FunctionExecutable::clearCode): + * runtime/Executable.h: + (JSC::ExecutableBase::finishCreation): + +2011-08-26 Gavin Barraclough <barraclough@apple.com> + + DFG JIT - ArithMod may clobber operands. + https://bugs.webkit.org/show_bug.cgi?id=67085 + + Reviewed by Sam Weinig. + + unboxDouble must be called on a temporary. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::boxDouble): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + +2011-08-26 Mark Hahnenberg <mhahnenberg@apple.com> + + Unzip initialization lists and constructors in JSCell hierarchy (2/7) + https://bugs.webkit.org/show_bug.cgi?id=66957 + + Reviewed by Darin Adler. + + Completed the second level of the refactoring to add finishCreation() + methods to all classes within the JSCell hierarchy with non-trivial + constructor bodies. + + * runtime/Executable.h: + (JSC::ExecutableBase::ExecutableBase): + (JSC::ExecutableBase::create): + (JSC::NativeExecutable::create): + (JSC::NativeExecutable::finishCreation): + (JSC::NativeExecutable::NativeExecutable): + (JSC::ScriptExecutable::ScriptExecutable): + (JSC::ScriptExecutable::finishCreation): + * runtime/GetterSetter.h: + (JSC::GetterSetter::GetterSetter): + (JSC::GetterSetter::create): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::create): + (JSC::JSAPIValueWrapper::JSAPIValueWrapper): + * runtime/JSObject.h: + (JSC::JSNonFinalObject::JSNonFinalObject): + (JSC::JSNonFinalObject::finishCreation): + (JSC::JSFinalObject::create): + (JSC::JSFinalObject::finishCreation): + (JSC::JSFinalObject::JSFinalObject): + (JSC::JSObject::JSObject): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::JSPropertyNameIterator): + (JSC::JSPropertyNameIterator::create): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::create): + * runtime/RegExp.cpp: + (JSC::RegExp::RegExp): + (JSC::RegExp::createWithoutCaching): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::ScopeChainNode): + (JSC::ScopeChainNode::create): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + * runtime/Structure.h: + (JSC::Structure::create): + (JSC::Structure::finishCreation): + (JSC::Structure::createStructure): + * runtime/StructureChain.cpp: + (JSC::StructureChain::StructureChain): + * runtime/StructureChain.h: + (JSC::StructureChain::create): + +2011-08-26 Filip Pizlo <fpizlo@apple.com> + + The GC does not have a facility for profiling the kinds of objects + that occupy the heap + https://bugs.webkit.org/show_bug.cgi?id=66849 + + Reviewed by Geoffrey Garen. + + Destructor calls and object scans are now optionally counted, per + vtable. When the heap is destroyed and profiling is enabled, the + counts are dumped, with care taken to print the names of classes + (modulo C++ mangling) sorted in descending commonality. + + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/Heap.cpp: + (JSC::Heap::destroy): + * heap/Heap.h: + * heap/MarkStack.cpp: + (JSC::SlotVisitor::visitChildren): + (JSC::SlotVisitor::drain): + * heap/MarkStack.h: + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::callDestructor): + * heap/MarkedBlock.h: + * heap/VTableSpectrum.cpp: Added. + (JSC::VTableSpectrum::VTableSpectrum): + (JSC::VTableSpectrum::~VTableSpectrum): + (JSC::VTableSpectrum::countVPtr): + (JSC::VTableSpectrum::count): + (JSC::VTableAndCount::VTableAndCount): + (JSC::VTableAndCount::operator<): + (JSC::VTableSpectrum::dump): + * heap/VTableSpectrum.h: Added. + * wtf/Platform.h: + +2011-08-26 Juan C. Montemayor <jmont@apple.com> + + Update topCallFrame when calling host functions in the JIT + https://bugs.webkit.org/show_bug.cgi?id=67010 + + Reviewed by Oliver Hunt. + + The topCallFrame is not being updated when a host function is + called by the JIT. This causes problems when trying to create a + stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994). + + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + +2011-08-26 Alexey Proskuryakov <ap@apple.com> + + Get rid of frame life support timer + https://bugs.webkit.org/show_bug.cgi?id=66874 + + Reviewed by Geoff Garen. + + * runtime/JSGlobalObject.h: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase. + +2011-08-26 Chao-ying Fu <fu@mips.com> + + Fix MIPS patchOffsetGetByIdSlowCaseCall + https://bugs.webkit.org/show_bug.cgi?id=67046 + + Reviewed by Gavin Barraclough. + + * jit/JIT.h: + +2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com> + + Fixing broken build due to unused variables in release mode + https://bugs.webkit.org/show_bug.cgi?id=67004 + + Unreviewed, release build fix. + + Fixing broken build due to unused variables in ASSERTs in release build. + + * runtime/JSObject.h: + (JSC::JSObject::finishCreation): + * runtime/JSString.h: + (JSC::RopeBuilder::finishCreation): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::finishCreation): + +2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com> + + Unzip initialization lists and constructors in JSCell hierarchy (1/7) + https://bugs.webkit.org/show_bug.cgi?id=66827 + + Reviewed by Geoffrey Garen. + + Added finishCreation() methods to all immediately subclasses of JSCell with + non-empty constructors. Part of a larger refactoring to "unzip" initialization + lists and constructor bodies. Also renamed JSCell's constructorBody() method + to finishCreation(). + + * runtime/Executable.h: + (JSC::ExecutableBase::ExecutableBase): + (JSC::ExecutableBase::constructorBody): + * runtime/GetterSetter.h: + (JSC::GetterSetter::GetterSetter): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::constructorBody): + (JSC::JSAPIValueWrapper::JSAPIValueWrapper): + * runtime/JSCell.h: + (JSC::JSCell::JSCell::JSCell): + (JSC::JSCell::JSCell::constructorBody): + * runtime/JSObject.h: + (JSC::JSObject::constructorBody): + (JSC::JSObject::JSObject): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::constructorBody): + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + (JSC::RopeBuilder::constructorBody): + * runtime/RegExp.cpp: + (JSC::RegExp::RegExp): + (JSC::RegExp::constructorBody): + * runtime/RegExp.h: + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::ScopeChainNode): + (JSC::ScopeChainNode::constructorBody): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + * runtime/StructureChain.cpp: + (JSC::StructureChain::StructureChain): + * runtime/StructureChain.h: + (JSC::StructureChain::create): + (JSC::StructureChain::constructorBody): + +2011-08-25 Gabor Loki <loki@webkit.org> + + REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot + https://bugs.webkit.org/show_bug.cgi?id=66956 + + Rebaseline constants for patching GetByIdSlowCaseCall on ARM. + + Reviewed by Oliver Hunt. + + * jit/JIT.h: + +2011-08-24 Juan C. Montemayor <jmont@apple.com> + + Keep track of topCallFrame for Stack traces + https://bugs.webkit.org/show_bug.cgi?id=66571 + + Reviewed by Geoffrey Garen. + + This patch adds a TopCallFrame to JSC in order to have that information + when an error is thrown to create a stack trace. The TopCallFrame is + updated throughout select points in the Interpreter and the JSC. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::unwindCallFrame): + (JSC::Interpreter::throwException): + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + (JSC::Interpreter::privateExecute): + * interpreter/Interpreter.h: + (JSC::TopCallFrameSetter::TopCallFrameSetter): + (JSC::TopCallFrameSetter::~TopCallFrameSetter): + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::updateTopCallFrame): + * jit/JITStubCall.h: + (JSC::JITStubCall::call): + * jit/JITStubs.cpp: + (JSC::throwExceptionFromOpCall): + (JSC::DEFINE_STUB_FUNCTION): + (JSC::arityCheckFor): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + +2011-08-24 Filip Pizlo <fpizlo@apple.com> + + ErrorInstance::create sometimes has two heap object constructions + in flight at once + https://bugs.webkit.org/show_bug.cgi?id=66845 + + Reviewed by Darin Adler. + + The fix is simple since there is already a second create() method + that takes a UString. + + * runtime/ErrorInstance.cpp: + (JSC::ErrorInstance::create): + +2011-08-24 Filip Pizlo <fpizlo@apple.com> + + There is no facility for profiling how the write barrier is used + https://bugs.webkit.org/show_bug.cgi?id=66747 + + Reviewed by Geoffrey Garen. + + Added facilities for the JIT to specify the kind of write barrier + being executed. Added code for profiling the number of each kind + of barrier encountered. + + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::writeBarrier): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::emitCount): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::emitCount): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCachePutByID): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * heap/Heap.h: + (JSC::Heap::writeBarrier): + * heap/WriteBarrierSupport.cpp: Added. + (JSC::WriteBarrierCounters::initialize): + * heap/WriteBarrierSupport.h: Added. + (JSC::WriteBarrierCounters::WriteBarrierCounters): + (JSC::WriteBarrierCounters::jitCounterFor): + (JSC::WriteBarrierCounters::countWriteBarrier): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_put_global_var): + (JSC::JIT::emitWriteBarrier): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_put_by_val): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_put_global_var): + (JSC::JIT::emitWriteBarrier): + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + * runtime/WriteBarrier.h: + (JSC::WriteBarrierBase::setWithoutWriteBarrier): + +2011-08-23 Mark Hahnenberg <mhahnenberg@apple.com> + + Add checks to ensure allocation does not take place during initialization of GC-managed objects + https://bugs.webkit.org/show_bug.cgi?id=65288 + + Reviewed by Darin Adler. + + Adding the new validation functionality. In its current state, it will performs checks, + but they don't fail unless you do allocation in the arguments to the parent constructor in the + initialization list of a class. The allocateCell() method turns on the global flag disallowing any new + allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still + allowed in constructor bodies while other refactoring efforts continue. + + * runtime/JSCell.h: + (JSC::JSCell::JSCell::constructorBody): + (JSC::JSCell::JSCell::JSCell): + (JSC::JSCell::allocateCell): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::isInitializingObject): + (JSC::JSGlobalData::setInitializingObject): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::create): + +2011-08-23 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=55347 + "name" and "message" enumerable on *Error.prototype + + Reviewed by Sam Weinig. + + The default value of a NativeErrorPrototype's message + property is "", not the name of the error. + + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::create): + (JSC::NativeErrorConstructor::constructorBody): + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + (JSC::NativeErrorPrototype::constructorBody): + * runtime/NativeErrorPrototype.h: + (JSC::NativeErrorPrototype::create): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::StringPrototype): + * runtime/StringPrototype.h: + (JSC::StringPrototype::create): + +2011-08-23 Steve Block <steveblock@google.com> + + Remove last occurrences of PLATFORM(ANDROID) + https://bugs.webkit.org/show_bug.cgi?id=66763 + + Reviewed by Tony Gentilcore. + + * wtf/Platform.h: + +2011-08-23 Steve Block <steveblock@google.com> + + Remove all mention of removed Android files from build scripts + https://bugs.webkit.org/show_bug.cgi?id=66755 + + Reviewed by Tony Gentilcore. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + +2011-08-23 Adam Barth <abarth@webkit.org> + + Remove WebCore/editing/android and other Android-specific directories + https://bugs.webkit.org/show_bug.cgi?id=66739 + + Reviewed by Steve Block. + + Now that Android shares more code with Chromium, we don't need these + Android-specific files. + + * wtf/android: Removed. + * wtf/android/AndroidThreading.h: Removed. + * wtf/android/MainThreadAndroid.cpp: Removed. + +2011-08-23 Ilya Tikhonovsky <loislo@chromium.org> + + Unreviewed build fix for compile error on Windows for r93560. + + * runtime/SamplingCounter.h: + +2011-08-22 Filip Pizlo <fpizlo@apple.com> + + Sampling counter support is in the bytecode directory + https://bugs.webkit.org/show_bug.cgi?id=66724 + + Reviewed by Darin Adler. + + Moved SamplingCounter to a separate header in runtime/. + + * GNUmakefile.list.am: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/SamplingTool.cpp: + * bytecode/SamplingTool.h: + * runtime/SamplingCounter.cpp: Added. + (JSC::AbstractSamplingCounter::dump): + * runtime/SamplingCounter.h: Added. + (JSC::AbstractSamplingCounter::count): + (JSC::AbstractSamplingCounter::addressOfCounter): + (JSC::AbstractSamplingCounter::init): + (JSC::SamplingCounter::SamplingCounter): + (JSC::GlobalSamplingCounter::name): + (JSC::DeletableSamplingCounter::DeletableSamplingCounter): + (JSC::DeletableSamplingCounter::~DeletableSamplingCounter): + +2011-08-21 Martin Robinson <mrobinson@igalia.com> + + Fix 'make dist' for WebKitGTK+. + + * GNUmakefile.list.am: Add a missing header to the sources list. + +2011-08-20 Filip Pizlo <fpizlo@apple.com> + + JavaScriptCore bytecompiler does not compute scope depth correctly + in the case of constant declarations + https://bugs.webkit.org/show_bug.cgi?id=66572 + + Reviewed by Oliver Hunt. + + Changed the handling of const to add the dynamic scope depth. + + * bytecompiler/NodesCodegen.cpp: + (JSC::ConstDeclNode::emitCodeSingle): + +2011-08-19 Daniel Bates <dbates@webkit.org> + + Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS + https://bugs.webkit.org/show_bug.cgi?id=66617 + + Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS). + But we cause a compile error if the platform doesn't support SA_RESTART regardless of + whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require + SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled. + + Reviewed by Antonio Gomes. + + * heap/MachineStackMarker.cpp: + +2011-08-19 Filip Pizlo <fpizlo@apple.com> + + The JSC JIT currently has no facility to profile and report + the types of values + https://bugs.webkit.org/show_bug.cgi?id=65901 + + Reviewed by Gavin Barraclough. + + Added the ability to profile the values seen at function calls (both + arguments and results) and heap loads. This is done with emphasis + on performance. A value profiling site consists of: add, and, + move, and store; no branching is necessary. Each value profiling + site (called a ValueProfile) has a ring buffer of 8 recently-seen + values. ValueProfiles are stored in the CodeBlock; there will be + one for each argument (excluding this) and each heap load or callsite. + Each time a value profiling site executes, it stores the value into + a pseudo-random element in the ValueProfile buffer. The point is + that for frequently executed code, we will have 8 somewhat recent + values in the buffer and will be able to not only figure out what + type it is, but also to be able to reason about the actual values + if we wish to do so. + + This feature is currently disabled by default. When enabled, it + results in a 3.7% slow-down on SunSpider. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::~CodeBlock): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addValueProfile): + (JSC::CodeBlock::numberOfValueProfiles): + (JSC::CodeBlock::valueProfile): + (JSC::CodeBlock::valueProfileForBytecodeOffset): + * bytecode/ValueProfile.h: Added. + (JSC::ValueProfile::ValueProfile): + (JSC::ValueProfile::numberOfSamples): + (JSC::ValueProfile::computeProbability): + (JSC::ValueProfile::numberOfInt32s): + (JSC::ValueProfile::numberOfDoubles): + (JSC::ValueProfile::numberOfCells): + (JSC::ValueProfile::probabilityOfInt32): + (JSC::ValueProfile::probabilityOfDouble): + (JSC::ValueProfile::probabilityOfCell): + (JSC::getValueProfileBytecodeOffset): + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + * jit/JIT.h: + (JSC::JIT::emitValueProfilingSite): + * jit/JITCall.cpp: + (JSC::JIT::emit_op_call_put_result): + * jit/JITInlineMethods.h: + (JSC::JIT::emitValueProfilingSite): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_get_by_val): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::emit_op_method_check): + (JSC::JIT::emit_op_get_by_id): + (JSC::JIT::emitSlow_op_get_by_id): + * jit/JSInterfaceJIT.h: + * wtf/Platform.h: + * wtf/StdLibExtras.h: + (WTF::binarySearch): + (WTF::genericBinarySearch): + +2011-08-19 Daniel Bates <dbates@webkit.org> + + Don't include DisallowCType.h when building on QNX + https://bugs.webkit.org/show_bug.cgi?id=66616 + + Reviewed by Antonio Gomes. + + * config.h: + +2011-08-19 Daniel Bates <dbates@webkit.org> + + Implement ExecutableAllocator::cacheFlush() for QNX + https://bugs.webkit.org/show_bug.cgi?id=66611 + + Reviewed by Antonio Gomes. + + * jit/ExecutableAllocator.h: + (JSC::ExecutableAllocator::cacheFlush): + +2011-08-19 Daniel Bates <dbates@webkit.org> + + Implement WTF::atomic{Increment, Decrement}() for QNX + https://bugs.webkit.org/show_bug.cgi?id=66605 + + Reviewed by Darin Adler. + + * wtf/Atomics.h: + (WTF::atomicIncrement): + (WTF::atomicDecrement): + +2011-08-19 Beth Dakin <bdakin@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=66590 + Re-name scrollbar painter types + + Reviewed by Sam Weinig. + + WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer + applies. + * wtf/Platform.h: + +2011-08-18 Mark Hahnenberg <mhahnenberg@apple.com> + + Move allocation in constructors into separate constructorBody() methods + https://bugs.webkit.org/show_bug.cgi?id=66265 + + Reviewed by Oliver Hunt. + + Refactoring to put all allocations that need to be done after the object's + initialization list has executed but before the object is ready for use + into a separate constructorBody() method. This method is still called by the constructor, + so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * jsc.cpp: + (GlobalObject::constructorBody): + (GlobalObject::GlobalObject): + * runtime/ErrorInstance.cpp: + (JSC::ErrorInstance::ErrorInstance): + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::constructorBody): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + (JSC::ErrorPrototype::constructorBody): + * runtime/ErrorPrototype.h: + * runtime/Executable.cpp: + (JSC::FunctionExecutable::FunctionExecutable): + * runtime/Executable.h: + (JSC::FunctionExecutable::constructorBody): + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::InternalFunction): + * runtime/InternalFunction.h: + (JSC::InternalFunction::constructorBody): + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::JSByteArray): + * runtime/JSByteArray.h: + (JSC::JSByteArray::constructorBody): + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::constructorBody): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::JSGlobalObject): + (JSC::JSGlobalObject::constructorBody): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::JSPropertyNameIterator): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::constructorBody): + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + (JSC::RopeBuilder::constructorBody): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::constructorBody): + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + (JSC::NativeErrorPrototype::constructorBody): + * runtime/NativeErrorPrototype.h: + * runtime/StringObject.cpp: + * runtime/StringObject.h: + (JSC::StringObject::create): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::create): + (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::StringPrototype): + * runtime/StringPrototype.h: + (JSC::StringPrototype::create): + +2011-08-10 Filip Pizlo <fpizlo@apple.com> + + DFG non-speculative JIT does not inline the double case of ValueAdd + https://bugs.webkit.org/show_bug.cgi?id=66025 + + Reviewed by Gavin Barraclough. + + This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few + benchmarks (imaging-darkroom, stanford-crypto-pbkdf2, + stanford-crypto-sha256-iterative). It looks like it might have + a speed-up in SunSpider (though not statistically significant or + particularly reproducible) and a slight slow-down in V8 (0.14%, + not statistically significant). It does slow down v8-crypto by + 1.5%. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isKnownInteger): + (JSC::DFG::JITCodeGenerator::isKnownNumeric): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + (JSC::DFG::NonSpeculativeJIT::basicArithOp): + * dfg/DFGOperations.cpp: + +2011-08-18 Filip Pizlo <fpizlo@apple.com> + + [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly + https://bugs.webkit.org/show_bug.cgi?id=66426 + + Reviewed by Oliver Hunt. + + Changed the branchTestPtr to branchTest32. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-08-17 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + https://bugs.webkit.org/show_bug.cgi?id=66379 + implements load32WithCompactAddressOffsetPatch function + and fixes store32 and moveWithPatch functions for SH4 platforms. + + Reviewed by Gavin Barraclough. + + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::rshift32): + (JSC::MacroAssemblerSH4::store32): + (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch): + (JSC::MacroAssemblerSH4::moveWithPatch): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::movlMemRegCompact): + (JSC::SH4Assembler::readPointer): + (JSC::SH4Assembler::repatchCompact): + * jit/JIT.h: + +2011-08-17 Filip Pizlo <fpizlo@apple.com> + + JSC verbose debugging output sometimes doesn't work as expected. + https://bugs.webkit.org/show_bug.cgi?id=66107 + + Reviewed by Gavin Barraclough. + + Hardened the CodeBlock::dump() code so that it no longer crashes. Improved + the DFG verbose code so that it prints slightly more useful information. + + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::debugSize): + * bytecode/CodeBlock.cpp: + (JSC::valueToSourceString): + (JSC::CodeBlock::dump): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::numberOfRegExps): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::link): + +2011-08-16 Michael Saboff <msaboff@apple.com> + + Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure + https://bugs.webkit.org/show_bug.cgi?id=66351 + + JIT::privateCompilePutByIdTransition expects that regT0 and regT1 + have the basePayload and baseTag respectively. In some cases, + we may get to this generated code with one or both of these + registers trash. One know case is that regT0 on ARM may be + trashed as regT0 (r0) is also arg0 and can be overrun with sp due + to calls to JIT::restoreReturnAddress(). This patch uses the + values on the stack. A longer term solution is to work out all + cases so that the register entry assumptions can assured. + + While fixing this, also determined that the additional stack offset + of sizeof(void*) is not needed for ARM. + + Reviewed by Gavin Barraclough. + + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + +2011-08-15 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=66263 + DFG JIT does not always zero extend boolean result of DFG operations + + Reviewed by Sam Weinig. + + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + - Change bool return values to a 64-bit type. + +2011-08-15 Gavin Barraclough <barraclough@apple.com> + + Crash accessing static property on sealed object + https://bugs.webkit.org/show_bug.cgi?id=66242 + + Reviewed by Sam Weinig. + + * runtime/JSObject.h: + (JSC::JSObject::putDirectInternal): + - should only check isExtensible if checkReadOnly. + +2011-08-15 Sam Weinig <sam@webkit.org> + + Fix release build when building with Clang. + + Reviewed by Anders Carlsson. + + * runtime/Identifier.cpp: + (JSC::Identifier::checkCurrentIdentifierTable): + Add NO_RETURN_DUE_TO_CRASH. + +2011-08-15 Oliver Varga <Varga.Oliver@stud.u-szeged.hu> + + Reviewed by Nikolas Zimmermann. + + Speed up SVGSMILElement::findInstanceTime. + https://bugs.webkit.org/show_bug.cgi?id=61025 + + Add a new parameter to StdlibExtras.h::binarySerarch function + to also handle cases when the array does not contain the key value. + This is needed for an svg function. + + * wtf/StdLibExtras.h: + (WTF::binarySearch): + +2011-08-13 Sam Weinig <sam@webkit.org> + + Add back 0xbbadbeef to CRASH to allow for old habits + https://bugs.webkit.org/show_bug.cgi?id=66190 + + Reviewed by David Kilzer. + + * wtf/Assertions.h: + Add back the assignment to the memory address 0xbbadbeef in the CRASH + macro, as it does not cause issue in the clang static analyzer and many + people use its presence in crash reports to easily identify ASSERTs. + +2011-08-13 Sam Weinig <sam@webkit.org> + + Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=66182 + + Reviewed by Dan Bernstein. + + Fixes 10 warnings in JavaScriptCore and 2 in testapi. + + * API/tests/testapi.c: + (main): + Remove dead variables. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + Initialize hasPrinted and silence an unused warning by casting to void (Ok here + since it is debug code and I want to keep it clear that if other cases are added, + the hasPrinted flag would be needed). + + * wtf/dtoa.cpp: + (WTF::d2b): + The variable "de" in the else block is always zero, so there is no reason to + use it. + +2011-08-12 Sam Weinig <sam@webkit.org> + + Use __builtin_trap() for CRASH when building with clang + https://bugs.webkit.org/show_bug.cgi?id=66152 + + Reviewed by Anders Carlsson. + + * wtf/Assertions.h: + Add Clang specific CRASH macro that calls __builtin_trap() instead + of silly techniques to crash. This allows the static analyzer to understand + that we are intentionally crashing. As a result, we need to mark some functions + as not returning. + + Also adds a macros that annotates a function as never returning due to ASSERT or CRASH. + + * wtf/Compiler.h: + Add COMPILIER(CLANG) and fix some formatting and spelling mistakes. + + * wtf/FastMalloc.cpp: + (WTF::Internal::fastMallocMatchFailed): + Add NO_RETURN_DUE_TO_CRASH. + + * yarr/YarrParser.h: + (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary): + (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference): + Add NO_RETURN_DUE_TO_ASSERT. + +2011-08-12 Filip Pizlo <fpizlo@apple.com> + + DFG JIT has inconsistent use of boxDouble and unboxDouble, + inconsistent use of assertions regarding doubles, and those + assertions are not turned on in debug builds + https://bugs.webkit.org/show_bug.cgi?id=66160 + + Reviewed by Gavin Barraclough. + + JIT assertions are now turned on in debug builds. JIT + assertions are now used for boxing and unboxing doubles, and boxing + and unboxing no longer involves code duplication. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::boxDouble): + (JSC::DFG::JITCodeGenerator::unboxDouble): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::GeneralizedRegister::moveTo): + (JSC::DFG::GeneralizedRegister::swapWith): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::boxDouble): + (JSC::DFG::JITCompiler::unboxDouble): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::convertToDouble): + +2011-08-12 Mark Rowe <mrowe@apple.com> + + Be more forward-looking in the choice of compiler. + + Rubber-stamped by Jon Honeycutt. + + * Configurations/CompilerVersion.xcconfig: + +2011-08-12 Kalev Lember <kalevlember@gmail.com> + + [GTK] Fix non-pthreads build after r91906. + https://bugs.webkit.org/show_bug.cgi?id=66151 + + Reviewed by David Levin. + + r91906 broke the non-pthreads GTK+ build by including a header which + doesn't exist. Fix it by including DateMath.h instead of DateMap.h. + + * wtf/gtk/ThreadingGtk.cpp: + +2011-08-12 Mark Rowe <mrowe@apple.com> + + Update some configuration settings that were missed back in r92432. + + * Configurations/CompilerVersion.xcconfig: + +2011-08-12 Filip Pizlo <fpizlo@apple.com> + + REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation: + Matrix3D.invert) + https://bugs.webkit.org/show_bug.cgi?id=66038 + + Reviewed by Gavin Barraclough. + + Simplest and lowest-impact fix for the case where the spilled format + of a DFG node differs from the register format: if the format is + converted then indicate that the spilled value is no longer valid + ("kill the spill"). + + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::killSpilled): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + +2011-08-12 Sam Weinig <sam@webkit.org> + + Move compiler specific macros to their own header + https://bugs.webkit.org/show_bug.cgi?id=66119 + + Reviewed by Anders Carlsson. + + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + Add Compiler.h + + * wtf/AlwaysInline.h: + Move the contents of this file (which no longer was just about ALWAYS_INLINE) to + Compiler.h. We can remove this file in a later commit. + + * wtf/Compiler.h: Added. + Put all compiler specific checks and features in this file. + + * wtf/Platform.h: + Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature) + to Compiler.h. Include Compiler.h since it is necessary. + +2011-08-11 Filip Pizlo <fpizlo@apple.com> + + DFG JIT-specific structure stub info code offset fields are signed + 8-bit, but it is possible for the offsets to be greater than 127 + https://bugs.webkit.org/show_bug.cgi?id=66122 + + Reviewed by Gavin Barraclough. + + * bytecode/StructureStubInfo.h: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + +2011-08-11 Filip Pizlo <fpizlo@apple.com> + + DFG JIT speculation failure code sometimes picks the wrong register + as a scratch register. + https://bugs.webkit.org/show_bug.cgi?id=66104 + + Reviewed by Gavin Barraclough. + + Hardened the code with more assertions and fixed the bug. Now a + spilled register is only used for scratch if it also isn't being + used for shuffling. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation): + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + +2011-08-11 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r92880. + http://trac.webkit.org/changeset/92880 + https://bugs.webkit.org/show_bug.cgi?id=66123 + + Breaks compile in VS2010 (Requested by jamesr_ on #webkit). + + * wtf/PassRefPtr.h: + +2011-08-11 Mark Rowe <mrowe@apple.com> + + Don't conditionalize the use of -fomit-frame-pointer on compiler version as + all of our supported compilers are now new enough to have the same, sane behavior. + + Rubber-stamped by Sam Weinig. + + * Configurations/JavaScriptCore.xcconfig: + +2011-08-11 Filip Pizlo <fpizlo@apple.com> + + DFG JIT verbose mode does not report the generated types of nodes + https://bugs.webkit.org/show_bug.cgi?id=65830 + + Reviewed by Sam Weinig. + + Added code that prints the type selected for each node's result. + + * dfg/DFGGenerationInfo.h: + (JSC::DFG::dataFormatToString): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-08-11 James Robinson <jamesr@chromium.org> + + nullptr can't be used for PassRefPtr + https://bugs.webkit.org/show_bug.cgi?id=66024 + + Reviewed by Anders Carlsson. + + * wtf/PassRefPtr.h: + (WTF::PassRefPtr::PassRefPtr): + +2011-08-11 Daniel Bates <dbates@rim.com> + + Removed unused variable in StackBounds::initialize() to resolve + compiler warning when building on QNX. + https://bugs.webkit.org/show_bug.cgi?id=66072 + + Reviewed by Antonio Gomes. + + * wtf/StackBounds.cpp: + (WTF::StackBounds::initialize): + +2011-08-11 Devdatta Deshpande <pwjd73@motorola.com> + + Implementation of monotonically increasing clock on GTK + https://bugs.webkit.org/show_bug.cgi?id=62175 + + Reviewed by Martin Robinson. + + * wtf/CurrentTime.cpp: + (WTF::monotonicallyIncreasingTime): + The default implementation of monotonicallyIncreasingTime only + guarantees the result to be non-decreasing. + If the system time is changed to past then default implementation will + still fail and WebCore timers will not fire. + +2011-08-10 Geoffrey Garen <ggaren@apple.com> + + Removed some incorrect code that was dead. + + Reviewed by Oliver Hunt. + + clearSingleTransition() wasn't resetting m_data. Luckily, + no one cares, because its caller was unused. Removed both. + + * runtime/Structure.cpp: + * runtime/StructureTransitionTable.h: + (JSC::StructureTransitionTable::~StructureTransitionTable): + +2011-08-10 Filip Pizlo <fpizlo@apple.com> + + REGRESSION(r92670-r92744): WebKit crashes when opening Gmail + https://bugs.webkit.org/show_bug.cgi?id=66010 + + Reviewed by Oliver Hunt. + + Made sure that Construct calls use() on the this argument. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + +2011-08-10 Mark Hahnenberg <mhahnenberg@apple.com> + + JSC should always throw when function arg list is too long + https://bugs.webkit.org/show_bug.cgi?id=65869 + + Reviewed by Oliver Hunt. + + Changed the behavior of the interpreter and JIT to throw an exception + when too many arguments are passed rather than truncating the list. Added + a new method to create a "Too many arguments." exception used by this + new functionality. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ExceptionHelpers.cpp: + (JSC::createTooManyParamsError): + * runtime/ExceptionHelpers.h: + +2011-08-10 Oliver Hunt <oliver@apple.com> + + Make GC checks more aggressive in release builds + https://bugs.webkit.org/show_bug.cgi?id=66001 + + Reviewed by Gavin Barraclough. + + * heap/HandleHeap.cpp: + (JSC::HandleHeap::visitStrongHandles): + (JSC::HandleHeap::visitWeakHandles): + (JSC::HandleHeap::finalizeWeakHandles): + (JSC::HandleHeap::writeBarrier): + (JSC::HandleHeap::isLiveNode): + (JSC::HandleHeap::isValidWeakNode): + Increase handle heap validation logic, and make some of + the crashes trigger in release builds as well as debug. + * heap/HandleHeap.h: + (JSC::HandleHeap::allocate): + (JSC::HandleHeap::makeWeak): + Ditto + * runtime/JSGlobalData.cpp: + (WTF::Recompiler::operator()): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::visitChildren): + Fix GC bugs found while testing this patch + +2011-08-10 Oliver Hunt <oliver@apple.com> + + JSEvaluteScript does not return the correct object when given JSONP data + https://bugs.webkit.org/show_bug.cgi?id=66003 + + Reviewed by Gavin Barraclough. + + Make sure we propagate the result of the function call rather than the + argument. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + +2011-08-10 Filip Pizlo <fpizlo@apple.com> + + DFG JIT heap prediction causes regressions when combined with + aggressive integer prediction + https://bugs.webkit.org/show_bug.cgi?id=65954 + + Reviewed by Gavin Barraclough. + + Disabled heap prediction, but did not remove the capability. + This improves V8 crypto performance by 20%. + + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + +2011-08-09 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not speculative integers as aggressively as it should + https://bugs.webkit.org/show_bug.cgi?id=65949 + + Reviewed by Gavin Barraclough. + + Added a tree walk to propagate integer predictions through arithmetic + expressions. + + This is a 71% speed-up on Kraken's imaging-gaussian-blur, which + translates to a 19% speed-up on Kraken overall. It's neutral on + other benchmarks. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::predictInt32): + +2011-08-09 Filip Pizlo <fpizlo@apple.com> + + DFG JIT has no way of propagating predictions to loads and calls + https://bugs.webkit.org/show_bug.cgi?id=65883 + + Reviewed by Gavin Barraclough. + + This introduces the capability to store predictions on graph + nodes. To save space while being somewhat consistent, the + prediction is always stored in the second OpInfo slot (since + a GetById will use the first one for the identifier). This + change is a natural extension of r92593 (global variable + prediction). + + This is a 1.5% win on V8 in the arithmetic mean, and a 0.6% + win on V8 in the geometric mean. It is neutral on SunSpider + and Kraken. Interestingly, on V8 it regresses crypto by 3% + while progressing deltablue and richards by 2.6% and 4.3%, + respectively. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addToGraph): + (JSC::DFG::ByteCodeParser::addCall): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::getPrediction): + * dfg/DFGNode.h: + (JSC::DFG::isCellPrediction): + (JSC::DFG::isArrayPrediction): + (JSC::DFG::isInt32Prediction): + (JSC::DFG::isDoublePrediction): + (JSC::DFG::isNumberPrediction): + (JSC::DFG::predictionToString): + (JSC::DFG::Node::Node): + (JSC::DFG::Node::hasPrediction): + (JSC::DFG::Node::getPrediction): + (JSC::DFG::Node::predict): + +2011-08-09 Filip Pizlo <fpizlo@apple.com> + + DFG JIT passes the this argument to constructors even though + it's not necessary + https://bugs.webkit.org/show_bug.cgi?id=65943 + + Reviewed by Gavin Barraclough. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + +2011-08-09 Chao-ying Fu <fu@mips.com> + + Fix one MIPS instruction to call JITStubThunked_##op + https://bugs.webkit.org/show_bug.cgi?id=65942 + + Reviewed by Gavin Barraclough. + + Changed "bal" to "jalr" for a possible processor mode change from + MIPS32 to MIPS16. + + * jit/JITStubs.cpp: + +2011-08-09 Filip Pizlo <fpizlo@apple.com> + + DFG JIT failure loading web site + https://bugs.webkit.org/show_bug.cgi?id=65930 + + Reviewed by Oliver Hunt. + + Put the use() call after the fpr()/gpr() calls, since doing otherwise + breaks the register allocator. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + +2011-08-09 Mark Hahnenberg <mhahnenberg@apple.com> + + Add ParentClass typedef in all JSC classes + https://bugs.webkit.org/show_bug.cgi?id=65731 + + Reviewed by Oliver Hunt. + + Just added the Base typedefs in all the classes that are a subclass of JSCell + to point at their parent classes. This is a change to support future changes to the way + constructors and destructors are implemented in JS objects, among other things. + + * API/JSCallbackConstructor.h: + * API/JSCallbackFunction.h: + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::createStructure): + (JSC::JSCallbackObject::visitChildren): + * API/JSCallbackObjectFunctions.h: + (JSC::::asCallbackObject): + (JSC::::JSCallbackObject): + (JSC::::init): + (JSC::::className): + (JSC::::getOwnPropertySlot): + (JSC::::getOwnPropertyDescriptor): + (JSC::::put): + (JSC::::deleteProperty): + (JSC::::getConstructData): + (JSC::::construct): + (JSC::::hasInstance): + (JSC::::getCallData): + (JSC::::call): + (JSC::::getOwnPropertyNames): + (JSC::::toNumber): + (JSC::::toString): + (JSC::::setPrivate): + (JSC::::getPrivate): + (JSC::::inherits): + (JSC::::getStaticValue): + (JSC::::staticFunctionGetter): + (JSC::::callbackGetter): + * debugger/DebuggerActivation.h: + * jsc.cpp: + * runtime/Arguments.h: + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.h: + * runtime/BooleanConstructor.h: + * runtime/BooleanObject.h: + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.h: + * runtime/DateInstance.h: + * runtime/DatePrototype.h: + * runtime/Error.cpp: + * runtime/ErrorConstructor.h: + * runtime/ErrorInstance.h: + * runtime/ErrorPrototype.h: + * runtime/ExceptionHelpers.cpp: + * runtime/Executable.h: + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.h: + * runtime/GetterSetter.h: + * runtime/InternalFunction.h: + * runtime/JSAPIValueWrapper.h: + * runtime/JSActivation.h: + * runtime/JSArray.h: + * runtime/JSFunction.h: + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.h: + * runtime/JSONObject.h: + * runtime/JSObject.h: + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.h: + * runtime/JSString.h: + * runtime/JSVariableObject.h: + * runtime/JSWrapperObject.h: + * runtime/MathObject.h: + * runtime/NativeErrorConstructor.h: + * runtime/NativeErrorPrototype.h: + * runtime/NumberConstructor.h: + * runtime/NumberObject.h: + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.h: + * runtime/ObjectPrototype.h: + * runtime/RegExp.h: + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.h: + * runtime/RegExpObject.h: + (JSC::RegExpObject::create): + * runtime/RegExpPrototype.h: + * runtime/ScopeChain.h: + * runtime/StrictEvalActivation.h: + * runtime/StringConstructor.h: + * runtime/StringObject.h: + * runtime/StringObjectThatMasqueradesAsUndefined.h: + * runtime/StringPrototype.h: + * runtime/Structure.h: + * runtime/StructureChain.h: + +2011-08-08 Oliver Hunt <oliver@apple.com> + + Using mprotect to create guard pages breaks our use of madvise to release executable memory + https://bugs.webkit.org/show_bug.cgi?id=65870 + + Reviewed by Gavin Barraclough. + + Use mmap rather than mprotect to clear guard page permissions. + + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): + +2011-08-08 Oliver Hunt <oliver@apple.com> + + Non-extensibility does not prevent mutating [[Prototype]] + https://bugs.webkit.org/show_bug.cgi?id=65832 + + Reviewed by Gavin Barraclough. + + Disallow mutation of __proto__ on objects that are not extensible. + + * runtime/JSObject.cpp: + (JSC::JSObject::put): + +2011-08-08 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not track speculation decisions for global variables + https://bugs.webkit.org/show_bug.cgi?id=65825 + + Reviewed by Gavin Barraclough. + + Added the capability to track predictions for global variables, and + ensured that code can abstract over the source of prediction (local + versus global variable) wherever it is appropriate to do so. Also + cleaned up the code in SpeculativeJIT that decides how to speculate + based on recorded predictions (for example instead of using isInteger, + which makes sense for local predictions where the GetLocal would + return an integer value, we now tend to use shouldSpeculateInteger, + which checks if the value is either already an integer or should be + speculated to be an integer). + + This is an 0.8% win on SunSpider, almost entirely thanks to a 25% + win on controlflow-recursive. It's also a 4.8% win on v8-crypto. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::predictArray): + (JSC::DFG::ByteCodeParser::predictInt32): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::predictGlobalVar): + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::getGlobalVarPrediction): + (JSC::DFG::Graph::getPrediction): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): + (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble): + +2011-08-07 Martin Robinson <mrobinson@igalia.com> + + Distribution fix for GTK+. + + * GNUmakefile.list.am: Strip removed files from the source list. + +2011-08-06 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=65821 + Don't form identifiers the first time a string is used as a property name. + + Reviewed by Oliver Hunt. + + This is a 1% win on SunSpider. + + * dfg/DFGOperations.cpp: + - Use fastGetOwnProperty. + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + - Use fastGetOwnProperty. + * runtime/JSCell.h: + * runtime/JSObject.h: + (JSC::JSCell::fastGetOwnProperty): + - Fast call to get a property without creating an identifier the first time. + * runtime/PropertyMapHashTable.h: + (JSC::PropertyTable::find): + (JSC::PropertyTable::findWithString): + - Add interface to look up by either strinsg or identifiers. + * runtime/Structure.h: + (JSC::Structure::get): + - Add a get() call that takes a UString, not an Identifier. + * wtf/text/StringImpl.h: + (WTF::StringImpl::hasHash): + - Add a call to check if the has has been set (to detect the first use as a property name). + +2011-08-06 Aron Rosenberg <arosenberg@logitech.com> + + Reviewed by Benjamin Poulain. + + [Qt] Fix build with Intel compiler on Windows + https://bugs.webkit.org/show_bug.cgi?id=65088 + + Intel compiler needs .lib suffixes instead of .a + Intel compiler doesn't support nullptr + Intel compiler supports unsized arrays + + * JavaScriptCore.pri: + * jsc.cpp: + * wtf/ByteArray.h: + * wtf/NullPtr.h: + +2011-08-05 Gavin Barraclough <barraclough@apple.com> + + String replace with the empty string means string removal + https://bugs.webkit.org/show_bug.cgi?id=65799 + + Reviewed by Sam Weinig. + + Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%. + + * runtime/StringPrototype.cpp: + (JSC::jsSpliceSubstrings): + (JSC::stringProtoFuncReplace): + +2011-08-05 Noel Gordon <noel.gordon@gmail.com> + + [Chromium] Remove JSZombie references from gyp project files. + https://bugs.webkit.org/show_bug.cgi?id=65798 + + JSC runtime/JSZombie.{cpp,h} were removed in r92046. Remove references to these + file names from the gyp projects. + + Reviewed by Darin Adler. + + * JavaScriptCore.gypi: zombies be gone. + +2011-08-05 Mark Rowe <mrowe@apple.com> + + <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object + is tied to a particular dispatch queue + + A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier + with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier + to ensure that all operations are performed on the given dispatch queue. + + Reviewed by Anders Carlsson. + + * wtf/RefCounted.h: + (WTF::RefCountedBase::setDispatchQueueForVerifier): + * wtf/ThreadRestrictionVerifier.h: + (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier): + (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier): + (WTF::ThreadRestrictionVerifier::setDispatchQueueMode): + (WTF::ThreadRestrictionVerifier::setShared): + (WTF::ThreadRestrictionVerifier::isSafeToUse): + +2011-08-05 Oliver Hunt <oliver@apple.com> + + Inline allocation of function objects + https://bugs.webkit.org/show_bug.cgi?id=65779 + + Reviewed by Gavin Barraclough. + + Inline allocation and initilisation of function objects + in generated code. This ended up being a 60-70% improvement + in function allocation performance. This improvement shows + up as a ~2% improvement in 32bit sunspider and V8, but is a + wash on 64-bit. + + We currently don't inline the allocation of named function + expressions, as that requires being able to gc allocate a + variable object. + + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): + * jit/JIT.h: + (JSC::JIT::emitStoreCell): + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateBasicJSObject): + (JSC::JIT::emitAllocateJSFinalObject): + (JSC::JIT::emitAllocateJSFunction): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_func): + (JSC::JIT::emitSlow_op_new_func): + (JSC::JIT::emit_op_new_func_exp): + (JSC::JIT::emitSlow_op_new_func_exp): + * jit/JITOpcodes32_64.cpp: + Removed duplicate implementation of op_new_func and op_new_func_exp + * runtime/JSFunction.h: + (JSC::JSFunction::offsetOfScopeChain): + (JSC::JSFunction::offsetOfExecutable): + +2011-08-04 David Levin <levin@chromium.org> + + CStringBuffer should have thread safety checks turned on. + https://bugs.webkit.org/show_bug.cgi?id=58093 + + Reviewed by Dmitry Titov. + + * wtf/text/CString.h: + (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that + turned this off for Chromium. + +2011-08-04 Mark Rowe <mrowe@apple.com> + + Future-proof Xcode configuration settings. + + * Configurations/Base.xcconfig: + * Configurations/DebugRelease.xcconfig: + * Configurations/JavaScriptCore.xcconfig: + * Configurations/Version.xcconfig: + +2011-08-04 Mark Hahnenberg <mhahnenberg@apple.com> + + Interpreter can potentially GC in the middle of initializing a structure chain + https://bugs.webkit.org/show_bug.cgi?id=65638 + + Reviewed by Oliver Hunt. + + Moved the allocation of a prototype StructureChain before the initialization of + the structure chain within the interpreter that was causing intermittent GC crashes. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::tryCachePutByID): + * wtf/Platform.h: + +2011-08-04 Filip Pizlo <fpizlo@apple.com> + + Eval handling attempts literal parsing even when the eval + string is in the cache + https://bugs.webkit.org/show_bug.cgi?id=65675 + + Reviewed by Oliver Hunt. + + This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall + in SunSpider. It's neutral on V8. + + * bytecode/EvalCodeCache.h: + (JSC::EvalCodeCache::tryGet): + (JSC::EvalCodeCache::getSlow): + (JSC::EvalCodeCache::get): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + +2011-08-03 Mark Rowe <mrowe@apple.com> + + Bring some order to FeatureDefines.xcconfig to make it easier to follow. + + Reviewed by Sam Weinig. + + * Configurations/FeatureDefines.xcconfig: + +2011-08-03 Mark Rowe <mrowe@apple.com> + + Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings + + Reviewed by Dave Kilzer. + + * Configurations/FeatureDefines.xcconfig: + +2011-08-03 Filip Pizlo <fpizlo@apple.com> + + JSC GC heap size improvement breaks build on some platforms due to + unused parameter + https://bugs.webkit.org/show_bug.cgi?id=65641 + + Reviewed by Darin Adler. + + Fix build on non-x86 platforms, by ensuring that the relevant + parameter always appears to be used even when it isn't. + + * heap/Heap.cpp: + +2011-08-03 Carlos Garcia Campos <cgarcia@igalia.com> + + [GTK] Reorganize pkg-config files + https://bugs.webkit.org/show_bug.cgi?id=65548 + + Reviewed by Martin Robinson. + + * GNUmakefile.am: + * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in. + +2011-08-01 David Levin <levin@chromium.org> + + Add asserts to RefCounted to make sure ref/deref happens on the right thread. + https://bugs.webkit.org/show_bug.cgi?id=31639 + + Reviewed by Dmitry Titov. + + * GNUmakefile.list.am: Added new files to the build. + * JavaScriptCore.gypi: Ditto. + * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto. + * JavaScriptCore.xcodeproj/project.pbxproj: Ditto. + * jit/ExecutableAllocator.h: + (JSC::ExecutablePool::ExecutablePool): Turned off checks for this + due to not being able to figure out what was guarding it (bug 58091). + * parser/SourceProvider.h: + (JSC::SourceProvider::SourceProvider): Ditto. + * wtf/CMakeLists.txt: Added new files to the build. + * wtf/ThreadRestrictionVerifier.h: Added. + Everything is done in the header to avoid the issue with exports + that are only useful in debug but still needing to export them. + * wtf/RefCounted.h: + (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier. + and filed bug 58171 about making it stricter. + (WTF::RefCountedBase::hasOneRef): Ditto. + (WTF::RefCountedBase::refCount): Ditto. + (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based + on a mutex. This is in the header to avoid adding more exports from JavaScriptCore. + (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification. + Filed bug 58174 to remove this method. + (WTF::RefCountedBase::derefBase): + * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted. + * wtf/text/CString.h: + (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being + done in Chromium (bug 58093). + +2011-08-02 Filip Pizlo <fpizlo@apple.com> + + JSC GC may not be able to reuse partially-free blocks after a + full collection + https://bugs.webkit.org/show_bug.cgi?id=65585 + + Reviewed by Darin Adler. + + This fixes the linked list management bug. This fix is performance + neutral on SunSpider. + + * heap/NewSpace.cpp: + (JSC::NewSpace::removeBlock): + +2011-07-30 Oliver Hunt <oliver@apple.com> + + Simplify JSFunction creation for functions written in JS + https://bugs.webkit.org/show_bug.cgi?id=65422 + + Reviewed by Gavin Barraclough. + + Remove hash lookups used to write name property and transition + function structure by caching the resultant structure and property + offset in JSGlobalObject. This doesn't impact performance, but + we can use this change to make other improvements later. + + * runtime/Executable.cpp: + (JSC::FunctionExecutable::FunctionExecutable): + * runtime/Executable.h: + (JSC::ScriptExecutable::ScriptExecutable): + (JSC::FunctionExecutable::jsName): + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::namedFunctionStructure): + (JSC::JSGlobalObject::functionNameOffset): + +2011-08-02 Filip Pizlo <fpizlo@apple.com> + + JSC GC uses dummy cells to avoid having to remember which cells + it has already destroyed + https://bugs.webkit.org/show_bug.cgi?id=65556 + + Reviewed by Oliver Hunt. + + This gets rid of dummy cells, and ensures that it's not necessary + to invoke a destructor on cells that have already been swept. In + the common case, a block knows that either all of its free cells + still need to have destructors called, or none of them do, which + minimizes the amount of branching that needs to happen per cell + when performing a sweep. + + This is performance neutral on SunSpider and V8. It is meant as + a stepping stone to simplify the implementation of more + sophisticated sweeping algorithms. + + * heap/Heap.cpp: + (JSC::CountFunctor::ClearMarks::operator()): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::initForCellSize): + (JSC::MarkedBlock::callDestructor): + (JSC::MarkedBlock::specializedReset): + (JSC::MarkedBlock::reset): + (JSC::MarkedBlock::specializedSweep): + (JSC::MarkedBlock::sweep): + (JSC::MarkedBlock::produceFreeList): + (JSC::MarkedBlock::lazySweep): + (JSC::MarkedBlock::blessNewBlockForFastPath): + (JSC::MarkedBlock::blessNewBlockForSlowPath): + (JSC::MarkedBlock::canonicalizeBlock): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::FreeCell::setNoObject): + (JSC::MarkedBlock::setDestructorState): + (JSC::MarkedBlock::destructorState): + (JSC::MarkedBlock::notifyMayHaveFreshFreeCells): + * runtime/JSCell.cpp: + * runtime/JSCell.h: + (JSC::JSCell::JSCell::JSCell): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::clearBuiltinStructures): + * runtime/JSGlobalData.h: + * runtime/Structure.h: + +2011-08-01 Michael Saboff <msaboff@apple.com> + + Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors + https://bugs.webkit.org/show_bug.cgi?id=65502 + + Reviewed by Anders Carlsson. + + With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail, + added an assert to the return code of madvise to catch any regressions. + + * wtf/TCSystemAlloc.cpp: + (TCMalloc_SystemRelease): + +2011-08-02 Anders Carlsson <andersca@apple.com> + + Fix Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-08-02 Anders Carlsson <andersca@apple.com> + + Fix a Windows build error. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-08-02 Filip Pizlo <fpizlo@apple.com> + + JSC GC is far too conservative about growing the heap size, particularly + on desktop platforms + https://bugs.webkit.org/show_bug.cgi?id=65438 + + Reviewed by Oliver Hunt. + + The minimum heap size is now 16MB instead of 512KB, provided all of the + following are true: + a) ENABLE(LARGE_HEAP) is set, which currently only happens on + x86 targets, but could reasonably happen on any platform that is + known to have a decent amount of RAM. + b) JSGlobalData is initialized with HeapSize = LargeHeap, which + currently only happens when it's the JSDOMWindowBase in WebCore or + in the jsc command-line tool. + + This is a 4.1% speed-up on SunSpider. + + * JavaScriptCore.exp: + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::collect): + * heap/Heap.h: + * jsc.cpp: + (main): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::createContextGroup): + (JSC::JSGlobalData::create): + (JSC::JSGlobalData::createLeaked): + (JSC::JSGlobalData::sharedInstance): + * runtime/JSGlobalData.h: + * wtf/Platform.h: + +2011-08-02 Filip Pizlo <fpizlo@apple.com> + + JSC does a GC even when the heap still has free pages + https://bugs.webkit.org/show_bug.cgi?id=65445 + + Reviewed by Oliver Hunt. + + If the high watermark is not reached, then we allocate new blocks as + before. If the current watermark does reach (or exceed) the high + watermark, then we check if there is a block on the free block pool. + If there is, we simply allocation from it. If there isn't, we + invoke a collectin as before. This effectively couples the elastic + scavenging to the collector's decision function. That is, if an + application rapidly varies its heap usage (sometimes using more and + sometimes less) then the collector will not thrash as it used to. + But if heap usage drops and stays low then the scavenger thread and + the GC will eventually reach a kind of consensus: the GC will set + the watermark low because of low heap usage, and the scavenger thread + will steadily eliminate pages from the free page pool, until the size + of the free pool is below the high watermark. + + On command-line, this is neutral on SunSpider and Kraken and a 3% win + on V8. In browser, this is a 1% win on V8 and neutral on the other + two. + + * heap/Heap.cpp: + (JSC::Heap::allocateSlowCase): + (JSC::Heap::allocateBlock): + * heap/Heap.h: + +2011-08-02 Jeff Miller <jeffm@apple.com> + + Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h + https://bugs.webkit.org/show_bug.cgi?id=65552 + + Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h. + + Reviewed by Adam Roben. + + * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION. + +2011-08-01 Jean-luc Brouillet <jeanluc@chromium.org> + + Removing old source files in gyp files that slow build + https://bugs.webkit.org/show_bug.cgi?id=65503 + + Reviewed by Adam Barth. + + A number of stale files are listed in the gyp files. These slow the + build on Visual Studio 2010. Removing them. + + * JavaScriptCore.gypi: + +2011-07-14 David Levin <levin@chromium.org> + + currentThread is too slow! + https://bugs.webkit.org/show_bug.cgi?id=64577 + + Reviewed by Darin Adler and Dmitry Titov. + + The problem is that currentThread results in a pthread_once call which always takes a lock. + With this change, currentThread is 10% faster than isMainThread in release mode and only + 5% slower than isMainThread in debug. + + * wtf/ThreadIdentifierDataPthreads.cpp: + (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff + which is no longer needed because this is called from initializeThreading(). + (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because + intialization of the pthread key should already be done. + (WTF::ThreadIdentifierData::initialize): Ditto. + * wtf/ThreadIdentifierDataPthreads.h: + * wtf/ThreadingPthreads.cpp: + (WTF::initializeThreading): Acquire the pthread key here. + +2011-08-01 Filip Pizlo <fpizlo@apple.com> + + DFG JIT sometimes creates speculation check data structures that have + invalid information about the format of a register + https://bugs.webkit.org/show_bug.cgi?id=65490 + + Reviewed by Gavin Barraclough. + + The code now makes sure to (1) always have correct and up-to-date + information about register format at the time that a speculation + check is emitted, (2) assert that speculation data is correct + inside the speculation check implementation, and (3) avoid creating + speculation data altogether if compilation has already failed, since + at that point the format data is almost guaranteed to be bogus. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::EntryLocation::EntryLocation): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculationCheck::SpeculationCheck): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::speculationCheck): + +2011-08-01 Filip Pizlo <fpizlo@apple.com> + + REGRESSION(r92092): Build fails on 64 bit + https://bugs.webkit.org/show_bug.cgi?id=65458 + + Reviewed by Oliver Hunt. + + The build was broken because some compilers were smart enough to see + an array index out of bounds due to the decision fuction for when to + go from precise size classes to imprecise size classes being broken: + it would assume that sizes in the range 97..128 belonged to a precise + size class when in fact they belonged to an imprecise one. + + In fact, the code would have run correctly, by way of a fluke, because + though the 4th precise size class (for 97..128) didn't exist, the next + array over from m_preciseSizeClasses was m_impreciseSizeClasses, and + its first entry would have been a size class that is appropriate for + allocations in the range 97..128. However, this relies on specific + ordering of fields in NewSpace, so it's still a bug. + + This fixes the bug by ensuring that allocations larger than 96 use + the imprecise size classes. + + * heap/NewSpace.h: + (JSC::NewSpace::sizeClassFor): + +2011-07-31 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64679 + Fix bugs in Array.prototype this handling. + + Unreviewed - rolling out r91290. + + Looks like the wild wild web isn't ready for this yet. + + This change broke http://slides.html5rocks.com/#landing-slide. + Interestingly, this might only be due to our lack of bind support - + it looks like this site is calling Array.prototype.slice as a part + of its bind implementation. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncJoin): + (JSC::arrayProtoFuncConcat): + (JSC::arrayProtoFuncPop): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + (JSC::arrayProtoFuncIndexOf): + (JSC::arrayProtoFuncLastIndexOf): + +2011-07-31 Filip Pizlo <fpizlo@apple.com> + + JSC GC lays out size classes under wrong assumptions about expected + object size. + https://bugs.webkit.org/show_bug.cgi?id=65437 + + Reviewed by Oliver Hunt. + + Changed the atom size - which is both the smallest allocation size and + the smallest possible stepping unit for size class spacing - from + 8 bytes to 4 pointer-size words. This is a 1% win on SunSpider. + + * heap/MarkedBlock.h: + +2011-07-31 Filip Pizlo <fpizlo@apple.com> + + DFG non-speculative JIT does not optimize PutByVal + https://bugs.webkit.org/show_bug.cgi?id=65424 + + Reviewed by Gavin Barraclough. + + Added code to emit PutByVal inline fast path. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + +2011-07-31 Filip Pizlo <fpizlo@apple.com> + + The JSC garbage collector returns memory to the operating system too + eagerly. + https://bugs.webkit.org/show_bug.cgi?id=65382 + + Reviewed by Oliver Hunt. + + This introduces a memory reuse model similar to the one in FastMalloc. + A periodic scavenger thread runs in the background and returns half the + free memory to the OS on each timer fire. New block allocations first + attempt to get the memory from the collector's internal pool, reverting + to OS allocation only when this pool is empty. + + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::~Heap): + (JSC::Heap::destroy): + (JSC::Heap::waitForRelativeTimeWhileHoldingLock): + (JSC::Heap::waitForRelativeTime): + (JSC::Heap::blockFreeingThreadStartFunc): + (JSC::Heap::blockFreeingThreadMain): + (JSC::Heap::allocateBlock): + (JSC::Heap::freeBlocks): + (JSC::Heap::releaseFreeBlocks): + * heap/Heap.h: + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::destroy): + (JSC::MarkedBlock::MarkedBlock): + (JSC::MarkedBlock::initForCellSize): + (JSC::MarkedBlock::reset): + * heap/MarkedBlock.h: + * wtf/Platform.h: + +2011-07-30 Filip Pizlo <fpizlo@apple.com> + + DFG JIT speculation failure pass sometimes forgets to emit code to + move certain registers. + https://bugs.webkit.org/show_bug.cgi?id=65421 + + Reviewed by Oliver Hunt. + + Restructured the offending loops (for gprs and fprs). It's once again + possible to use spreadsheets on docs.google.com. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + +2011-07-30 Patrick Gansterer <paroga@webkit.org> + + Remove inclusion of MainThread.h from Threading.h + https://bugs.webkit.org/show_bug.cgi?id=65081 + + Reviewed by Darin Adler. + + Add missing and remove unneeded include statements for MainThread. + + * wtf/CryptographicallyRandomNumber.cpp: + * wtf/Threading.h: + * wtf/ThreadingPthreads.cpp: + * wtf/text/StringStatics.cpp: + +2011-07-30 Oliver Hunt <oliver@apple.com> + + Reduce the size of JSGlobalObject slightly + https://bugs.webkit.org/show_bug.cgi?id=65417 + + Reviewed by Dan Bernstein. + + Push a few members that either aren't commonly used, + or aren't frequently accessed into a separate struct. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::init): + (JSC::JSGlobalObject::WeakMapsFinalizer::finalize): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData): + (JSC::JSGlobalObject::createRareDataIfNeeded): + (JSC::JSGlobalObject::setProfileGroup): + (JSC::JSGlobalObject::profileGroup): + (JSC::JSGlobalObject::registerWeakMap): + (JSC::JSGlobalObject::deregisterWeakMap): + +2011-07-30 Balazs Kelemen <kbalazs@webkit.org> + + MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion + https://bugs.webkit.org/show_bug.cgi?id=65263 + + Reviewed by Dmitry Titov. + + * wtf/Deque.h: + (WTF::::operator): Don't check the validity of an iterator + that will be reassigned right now. + * wtf/MessageQueue.h: + (WTF::::removeIf): Revert r51198 as I beleave this is the better + solution for the problem that was solved by that. + +2011-07-29 Filip Pizlo <fpizlo@apple.com> + + JSC GC zombie support no longer works, and is likely no longer needed. + https://bugs.webkit.org/show_bug.cgi?id=65404 + + Reviewed by Darin Adler. + + This removes zombies, because they no longer work, are not tested, are + probably not needed, and are getting in the way of GC optimization + work. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/Handle.h: + (JSC::HandleConverter::operator->): + (JSC::HandleConverter::operator*): + * heap/HandleHeap.cpp: + (JSC::HandleHeap::isValidWeakNode): + * heap/Heap.cpp: + (JSC::Heap::destroy): + (JSC::Heap::collect): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::sweep): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::clearMarks): + * interpreter/Register.h: + (JSC::Register::Register): + (JSC::Register::operator=): + * runtime/ArgList.h: + (JSC::MarkedArgumentBuffer::append): + (JSC::ArgList::ArgList): + * runtime/JSCell.cpp: + (JSC::isZombie): + * runtime/JSCell.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::clearBuiltinStructures): + * runtime/JSGlobalData.h: + * runtime/JSValue.h: + * runtime/JSValueInlineMethods.h: + (JSC::JSValue::JSValue): + * runtime/JSZombie.cpp: Removed. + * runtime/JSZombie.h: Removed. + * runtime/WriteBarrier.h: + (JSC::WriteBarrierBase::setEarlyValue): + (JSC::WriteBarrierBase::operator*): + (JSC::WriteBarrierBase::setWithoutWriteBarrier): + * wtf/Platform.h: + +2011-07-29 Filip Pizlo <fpizlo@apple.com> + + DFG JIT verbose mode provides no details about predictions + https://bugs.webkit.org/show_bug.cgi?id=65389 + + Reviewed by Darin Adler. + + Added a print-out of the predictions to the IR dump, with names as follows: + "p-bottom" = the parser made no predictions + "p-int32" = the parser predicted int32 + ... (same for array, cell, double, number) + "p-top" = the parser made conflicting predictions which will be ignored. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::predictionToString): + +2011-07-29 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not have any way of undoing double speculation. + https://bugs.webkit.org/show_bug.cgi?id=65334 + + Reviewed by Gavin Barraclough. + + This adds code to do a branchConvertDoubleToInt on specualtion failure. + This is performance-neutral on most benchmarks but does result in + a slight improvement in Kraken. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::GeneralizedRegister::moveTo): + (JSC::DFG::GeneralizedRegister::swapWith): + (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation): + (JSC::DFG::ShuffledRegister::handleCyclingPermutation): + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + +2011-07-29 Filip Pizlo <fpizlo@apple.com> + + Crash when opening docs.google.com + https://bugs.webkit.org/show_bug.cgi?id=65327 + + Reviewed by Gavin Barraclough. + + The speculative JIT was only checking whether a value is an array when + we had already checked that it was, rather then when we hadn't. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-28 Oliver Hunt <oliver@apple.com> + + *_list instructions are only used in one place, where the code is wrong. + https://bugs.webkit.org/show_bug.cgi?id=65348 + + Reviewed by Darin Adler. + + Simply remove the instructions and all users. Speeds up the interpreter + slightly due to code motion, but otherwise has no effect (because none + of the _list instructions are ever used). + + * bytecode/CodeBlock.cpp: + (JSC::isPropertyAccess): + (JSC::CodeBlock::dump): + (JSC::CodeBlock::visitStructures): + * bytecode/Instruction.h: + * bytecode/Opcode.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + +2011-07-28 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=65325 + Performance tweak to parseInt + + Reviewed by Oliver Hunt. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncParseInt): + - This change may an existing optimization redundant, + cleanup from Darin's comments, plus fix existing bugs. + +2011-07-28 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=65325 + Performance tweak to parseInt + + Reviewed by Oliver Hunt. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncParseInt): + - parseInt applied to small positive numbers = floor. + +2011-07-28 Dan Bernstein <mitz@apple.com> + + Build fix. + + * runtime/Executable.cpp: + (JSC::FunctionExecutable::compileForCallInternal): + +2011-07-28 Kent Tamura <tkent@chromium.org> + + Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace(). + https://bugs.webkit.org/show_bug.cgi?id=65300 + + Reviewed by Darin Adler. + + r91837 had performance regression of StringImpl::stripWhiteSpace() + and simplifyWhiteSpace(). This changes the code so that compilers + generates code equivalent to r91836 or piror. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::stripMatchedCharacters): + A template member function for stripWhiteSpace(). This function takes a functor. + (WTF::UCharPredicate): + A functor for generic predicate for single UChar argument. + (WTF::SpaceOrNewlinePredicate): + A special functor for isSpaceOrNewline(). + (WTF::StringImpl::stripWhiteSpace): + Use stripmatchedCharacters(). + (WTF::StringImpl::simplifyMatchedCharactersToSpace): + A template member function for simplifyWhiteSpace(). + (WTF::StringImpl::simplifyWhiteSpace): + Use simplifyMatchedCharactersToSpace(). + * wtf/text/StringImpl.h: + +2011-07-27 Dmitry Lomov <dslomov@google.com> + + [chromium] Turn on WTF_MULTIPLE_THREADS. + https://bugs.webkit.org/show_bug.cgi?id=61017 + The patch turns on WTF_MULTIPLE_THREADS in chromium and + pushes some relevant initializations from JSC::initializeThreading + to WTF::initializeThreading. + + Reviewed by David Levin. + + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + * wtf/FastMalloc.cpp: + (WTF::isForbidden): + (WTF::fastMallocForbid): + (WTF::fastMallocAllow): + * wtf/Platform.h: + * wtf/ThreadingPthreads.cpp: + (WTF::initializeThreading): + * wtf/ThreadingWin.cpp: + (WTF::initializeThreading): + * wtf/gtk/ThreadingGtk.cpp: + (WTF::initializeThreading): + * wtf/qt/ThreadingQt.cpp: + (WTF::initializeThreading): + +2011-07-27 Mark Hahnenberg <mhahnenberg@apple.com> + + Remove operator new from JSCell + https://bugs.webkit.org/show_bug.cgi?id=64999 + + Reviewed by Oliver Hunt. + + Removed the implementation of operator new in JSCell, so any further uses + will not successfully link. Also removed any remaining uses of operator new. + + * API/JSContextRef.cpp: + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::create): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::createExceptionScope): + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSCell.h: + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::create): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::create): + (JSC::JSStaticScopeObject::JSStaticScopeObject): + * runtime/StrictEvalActivation.h: + (JSC::StrictEvalActivation::create): + +2011-07-27 Filip Pizlo <fpizlo@apple.com> + + DFG graph has no notion of double prediction. + https://bugs.webkit.org/show_bug.cgi?id=65234 + + Reviewed by Gavin Barraclough. + + Added the notion of PredictDouble, and PredictNumber, which is the least + upper bound of PredictInt32 and PredictDouble. Least upper bound is + defined as the bitwise-or of two predictions. Bottom is defined as 0, + and Top is defined as all bits being set. Added the ability to explicitly + distinguish between a node having had a prediction associated with it, + and that prediction still being valid (i.e. no conflicting predictions + have also been added). Used this to guard the speculative JIT from + speculating Int32 in cases where the graph knows that the value is + double, which currently only happens for GetLocal nodes on arguments + which were double at compile-time. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + * dfg/DFGGraph.h: + (JSC::DFG::isCellPrediction): + (JSC::DFG::isArrayPrediction): + (JSC::DFG::isInt32Prediction): + (JSC::DFG::isDoublePrediction): + (JSC::DFG::isNumberPrediction): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::initializeVariableTypes): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble): + +2011-07-27 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=65294 + DFG JIT - may speculate based on wrong arguments. + + Reviewed by Oliver Hunt + + In the case of a DFG compiled function calling to and compiling a second function that + also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp), + we call compileFor passing the caller functions exec state, rather than the callee's. + This may lead to mis-optimization, since the DFG compiler will example the exec state's + arguments on the assumption that these will be passed to the callee - it is wanting the + callee exec state, not the caller's exec state. + + Fixing this for all cases of compilation is tricksy, due to the way the numeric sort + function is compiled, & the structure of the calls in the Interpreter::execute methods. + Only fix for compilation from the JIT, in other calls don't speculate based on arguments + for now. + + * dfg/DFGOperations.cpp: + * runtime/Executable.cpp: + (JSC::tryDFGCompile): + (JSC::tryDFGCompileFunction): + (JSC::FunctionExecutable::compileForCallInternal): + * runtime/Executable.h: + (JSC::FunctionExecutable::compileForCall): + (JSC::FunctionExecutable::compileFor): + +2011-07-27 Oliver Hunt <oliver@apple.com> + + Handle callback oriented JSONP + https://bugs.webkit.org/show_bug.cgi?id=65271 + + Reviewed by Gavin Barraclough. + + Handle the callback oriented versions of JSONP. The Literal parser + now handles <Identifier> (. <Identifier>)* (jsonData). + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::tryJSONPParse): + (JSC::LiteralParser::Lexer::lex): + * runtime/LiteralParser.h: + +2011-07-27 Stephanie Lewis <slewis@apple.com> + + Revert http://trac.webkit.org/changeset/90415. + Caused a 5% sunspider regression in-browser. + + Unreviewed rollout. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * heap/Heap.cpp: + (JSC::Heap::collectAllGarbage): + * heap/MarkStack.h: + (JSC::MarkStack::MarkStack): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::releaseExecutableMemory): + * runtime/RegExp.cpp: + (JSC::RegExp::compile): + (JSC::RegExp::invalidateCode): + * runtime/RegExp.h: + +2011-07-27 Shinya Kawanaka <shinyak@google.com> + + Added an interface to take IsWhiteSpaceFunctionPtr. + https://bugs.webkit.org/show_bug.cgi?id=57746 + + Reviewed by Kent Tamura. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::stripWhiteSpace): + Added an interface to take IsWhiteSpaceFunctionPtr. + (WTF::StringImpl::simplifyWhiteSpace): ditto. + * wtf/text/StringImpl.h: + * wtf/text/WTFString.cpp: + (WTF::String::stripWhiteSpace): ditto. + (WTF::String::simplifyWhiteSpace): ditto. + * wtf/text/WTFString.h: + +2011-07-27 Filip Pizlo <fpizlo@apple.com> + + DFG JIT speculation failure code performs incorrect conversions in + the case where two registers need to be swapped. + https://bugs.webkit.org/show_bug.cgi?id=65233 + + Reviewed by Gavin Barraclough. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::GeneralizedRegister::swapWith): + +2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com> + + reduce and reduceRight bind callback's this to null rather than undefined + https://bugs.webkit.org/show_bug.cgi?id=62264 + + Reviewed by Oliver Hunt. + + Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly + when calling the callback function without an argument for this, which means it should + be undefined according to ES 15.4.4.21 and 15.4.4.22. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + +2011-07-26 Filip Pizlo <fpizlo@apple.com> + + JSC command-line tool does not come with any facility for + measuring time precisely. + https://bugs.webkit.org/show_bug.cgi?id=65223 + + Reviewed by Gavin Barraclough. + + Exposed WTF::currentTime() as currentTimePrecise(). + + * jsc.cpp: + (GlobalObject::GlobalObject): + (functionPreciseTime): + +2011-07-26 Filip Pizlo <fpizlo@apple.com> + + DFG speculative JIT never emits inline double comparisons, even when it + would be obvious more efficient to do so. + https://bugs.webkit.org/show_bug.cgi?id=65212 + + Reviewed by Gavin Barraclough. + + This handles the obvious case of inlining double comparisons: it only addresses + the speculative JIT, and only for fused compare/branch sequences. But it does + handle the case where both operands are double (and there is no slow path), + or where one operand is double and the other is unknown type (in which case it + attempts to unbox the double, otherwise taking slow path). This is an 0.8% + speed-up on SunSpider. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::convertToDouble): + (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble): + (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): + +2011-07-26 Filip Pizlo <fpizlo@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64969 + DFG JIT generates inefficient code for speculation failures. + + Reviewed by Gavin Barraclough. + + This implements a speculation failure strategy where (1) values spilled on + non-speculative but not spilled on speculative are spilled, (2) values that + are in registers on both paths are rearranged without ever touching memory, + and (3) values spilled on speculative but not spilled on non-speculative are + filled. + + The register shuffling is the most interesting part of this patch. It + constructs a permutation graph for registers. Each node represents a + register, and each directed edge corresponds to the register's value having + to be moved to a different register as part of the shuffling. This is a + directed graph where each node may only have 0 or 1 incoming edges, and + 0 or 1 outgoing edges. The algorithm then first finds maximal non-cyclic + subgraphs where all nodes in the subgraph are reachable from a start node. + Such subgraphs always resemble linked lists, and correspond to simply + moving the value in the second-to-last register into the last register, and + then moving the value in the third-to-last register into the second-to-last + register, and so on. Once these subgraphs are taken care of, the remaining + subgraphs are cycles, and are handled using either (a) conversion or no-op + if the cycle involves one node, (b) swap if it involves two nodes, or (c) + a cyclic shuffle involving a scratch register if there are three or more + nodes. + + * dfg/DFGGenerationInfo.h: + (JSC::DFG::needDataFormatConversion): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::GeneralizedRegister::GeneralizedRegister): + (JSC::DFG::GeneralizedRegister::createGPR): + (JSC::DFG::GeneralizedRegister::createFPR): + (JSC::DFG::GeneralizedRegister::dump): + (JSC::DFG::GeneralizedRegister::findInSpeculationCheck): + (JSC::DFG::GeneralizedRegister::findInEntryLocation): + (JSC::DFG::GeneralizedRegister::previousDataFormat): + (JSC::DFG::GeneralizedRegister::nextDataFormat): + (JSC::DFG::GeneralizedRegister::convert): + (JSC::DFG::GeneralizedRegister::moveTo): + (JSC::DFG::GeneralizedRegister::swapWith): + (JSC::DFG::ShuffledRegister::ShuffledRegister): + (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation): + (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation): + (JSC::DFG::ShuffledRegister::handleCyclingPermutation): + (JSC::DFG::ShuffledRegister::lookup): + (JSC::DFG::lookupForRegister): + (JSC::DFG::NodeToRegisterMap::Tuple::Tuple): + (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap): + (JSC::DFG::NodeToRegisterMap::set): + (JSC::DFG::NodeToRegisterMap::end): + (JSC::DFG::NodeToRegisterMap::find): + (JSC::DFG::NodeToRegisterMap::clear): + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + (JSC::DFG::JITCompiler::linkSpeculationChecks): + * dfg/DFGJITCompiler.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::EntryLocation::EntryLocation): + * dfg/DFGNonSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculationCheck::SpeculationCheck): + * dfg/DFGSpeculativeJIT.h: + +2011-07-26 Oliver Hunt <oliver@apple.com> + + Buffer overflow creating error messages for JSON.parse + https://bugs.webkit.org/show_bug.cgi?id=65211 + + Reviewed by Darin Adler. + + Parse string length to the UString constructor. + + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::parse): + +2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com> + + Refactor automatically generated JS DOM bindings to replace operator new with static create methods + https://bugs.webkit.org/show_bug.cgi?id=64732 + + Reviewed by Oliver Hunt. + + Replacing the public constructors in the automatically generated JS DOM bindings with static + create methods. JSByteArray is used by several of these bindings in WebCore. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::create): + * runtime/JSByteArray.h: + +2011-07-26 Alexis Menard <alexis.menard@openbossa.org> + + Unreviewed build fix for Qt/Linux. + + On platforms with no glib and gstreamer we should not build javascriptcore + with the Glib support. This is related to http://trac.webkit.org/changeset/91752. + + * wtf/wtf.pri: + +2011-07-26 Juan C. Montemayor <jmont@apple.com> + + JSON errors should be informative + https://bugs.webkit.org/show_bug.cgi?id=63339 + + Added error messages to the JSON Parser. + + Reviewed by Oliver Hunt. + + * runtime/JSONObject.cpp: + (JSC::JSONProtoFuncParse): + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::Lexer::lex): + (JSC::LiteralParser::Lexer::lexString): + (JSC::LiteralParser::Lexer::lexNumber): + (JSC::LiteralParser::parse): + * runtime/LiteralParser.h: + (JSC::LiteralParser::getErrorMessage): + (JSC::LiteralParser::Lexer::sawError): + (JSC::LiteralParser::Lexer::getErrorMessage): + +2011-07-26 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r91746. + http://trac.webkit.org/changeset/91746 + https://bugs.webkit.org/show_bug.cgi?id=65180 + + It broke SL build (Requested by Ossy on #webkit). + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::stripWhiteSpace): + (WTF::StringImpl::simplifyWhiteSpace): + * wtf/text/StringImpl.h: + * wtf/text/WTFString.cpp: + * wtf/text/WTFString.h: + +2011-07-26 Alexis Menard <alexis.menard@openbossa.org> + + Reviewed by Andreas Kling. + + [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac. + https://bugs.webkit.org/show_bug.cgi?id=63472 + + Enable the bits needed for GStreamer only when QtMultimedia is not used. + + * wtf/wtf.pri: + +2011-07-26 Shinya Kawanaka <shinyak@google.com> + + Added an interface to take IsWhiteSpaceFunctionPtr. + https://bugs.webkit.org/show_bug.cgi?id=57746 + + Reviewed by Kent Tamura. + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::stripWhiteSpace): + Added an interface to take IsWhiteSpaceFunctionPtr. + (WTF::StringImpl::simplifyWhiteSpace): ditto. + * wtf/text/StringImpl.h: + * wtf/text/WTFString.cpp: + (WTF::String::stripWhiteSpace): ditto. + (WTF::String::simplifyWhiteSpace): ditto. + * wtf/text/WTFString.h: + +2011-07-25 Filip Pizlo <fpizlo@apple.com> + + DFG non-speculative JIT emits inefficient code for arithmetic + involving two registers + https://bugs.webkit.org/show_bug.cgi?id=65160 + + Reviewed by Gavin Barraclough. + + The non-speculative JIT now emits inline code for double arithmetic, but + still attempts integer arithmetic first. This is a speed-up on SunSpider + (albeit a small one), and a large speed-up on Kraken. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::basicArithOp): + +2011-07-25 Ryuan Choi <ryuan.choi@samsung.com> + + [EFL] Build break with --debug after r89153. + https://bugs.webkit.org/show_bug.cgi?id=65150 + + Unreviewed build fix. + + * wtf/CMakeListsEfl.txt: Add missing libraries. + +2011-07-25 Filip Pizlo <fpizlo@apple.com> + + DFG non-speculative JIT emits obviously inefficient code for arithmetic + where one operand is a constant. + https://bugs.webkit.org/show_bug.cgi?id=65146 + + Reviewed by Gavin Barraclough. + + Changed the code to emit double arithmetic inline. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + +2011-07-25 Filip Pizlo <fpizlo@apple.com> + + DFG JIT bytecode parser misuses pointers into objects allocated as part of a + WTF::Vector. + https://bugs.webkit.org/show_bug.cgi?id=65128 + + Reviewed by Gavin Barraclough. + + The bytecode parser code seems to be right to have a DFGNode& phiNode reference + into the graph, since this makes the code greatly more readable. This patch + thus makes the minimal change necessary to make the code right: it uses a + pointer (to disambiguate between reloading the pointer and performing a + copy from one location of the vector to another) and reloads it after the + calls to addToGraph(). + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::processPhiStack): + +2011-07-25 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r91686. + http://trac.webkit.org/changeset/91686 + https://bugs.webkit.org/show_bug.cgi?id=65144 + + 1.5% regression in JSC (Requested by jmontemayor on #webkit). + + * runtime/JSONObject.cpp: + (JSC::JSONProtoFuncParse): + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::Lexer::lex): + (JSC::LiteralParser::Lexer::lexString): + (JSC::LiteralParser::Lexer::lexNumber): + (JSC::LiteralParser::parse): + * runtime/LiteralParser.h: + +2011-07-25 Jon Lee <jonlee@apple.com> + + Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available + https://bugs.webkit.org/show_bug.cgi?id=65132 + <rdar://problem/9836297> + + Reviewed by Oliver Hunt. + + Make sure the JIT is available to use before running the following calls: + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available. + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion. + +2011-07-25 Juan C. Montemayor <jmont@apple.com> + + JSON errors should be informative + https://bugs.webkit.org/show_bug.cgi?id=63339 + + Added error messages to the JSON Parser. + + Reviewed by Oliver Hunt. + + * runtime/JSONObject.cpp: + (JSC::JSONProtoFuncParse): + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::Lexer::lex): + (JSC::LiteralParser::Lexer::lexString): + (JSC::LiteralParser::Lexer::lexNumber): + (JSC::LiteralParser::parse): + * runtime/LiteralParser.h: + (JSC::LiteralParser::getErrorMessage): + (JSC::LiteralParser::Lexer::sawError): + (JSC::LiteralParser::Lexer::getErrorMessage): + +2011-07-25 Filip Pizlo <fpizlo@apple.com> + + X86-64 assembler emits three instructions instead of two for certain + loads and stores. + https://bugs.webkit.org/show_bug.cgi?id=65095 + + Reviewed by Gavin Barraclough. + + Simply made these four methods in the assembler use the scratch register, + which they were previously avoiding. It still optimizes for the case where + an absolute address memory accesses is using EAX. This results in a slight + performance improvement. + + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::load32): + (JSC::MacroAssemblerX86_64::store32): + (JSC::MacroAssemblerX86_64::loadPtr): + (JSC::MacroAssemblerX86_64::storePtr): + +2011-07-25 Ryuan Choi <ryuan.choi@samsung.com> + + [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime. + https://bugs.webkit.org/show_bug.cgi?id=64354 + + Use ecore_time_unix_get which returns unix time as double type for currentTime + and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime. + + Reviewed by Kent Tamura. + + * wtf/CurrentTime.cpp: + (WTF::currentTime): + (WTF::monotonicallyIncreasingTime): + +2011-07-22 Sommer Panage <panage@apple.com> + + Reviewed by Oliver Hunt. + + export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h + https://bugs.webkit.org/show_bug.cgi?id=64981 + + UIAutomation for iOS would like to support a Javascript backtrace in our error logs. + Currently, the C API does not provide the tools to do this. However, the private API + does expose the necessary functionality to get a backtrace + (via Interpreter::retrieveLastCaller). We recognize this information may result in + failure in the cases of programs run by 'eval', stack frames beneath host function + call frames, and in programs run from other programs. Thus, we propose exporting our + JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools + we need while not advertising an API that isn't really ready for full use. + + * API/JSContextRef.cpp: + * API/JSContextRefPrivate.h: + * JavaScriptCore.exp: + + +2011-07-22 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=65051 + DFG JIT - Enable by default for mac platform on x86-64. + + Rubber Stamped by Geoff Garen. + + This is now a performance progression. + + * wtf/Platform.h: + - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS. + +2011-07-22 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=65047 + DFG JIT - Add support for op_resolve/op_resolve_base + + Reviewed by Sam Weinig. + + These are necessary for any significant eval code coverage + (and as such increase LayoutTest coverage). + + * dfg/DFGAliasTracker.h: + (JSC::DFG::AliasTracker::recordResolve): + - Conservatively blow aliasing optimizations for now. + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + - Add support for op_resolve/op_resolve_base. + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::callOperation): + - Add call with exec, identifer aguments. + * dfg/DFGNode.h: + - Add new node types. + (JSC::DFG::Node::hasIdentifier): + - Resolve nodes have identifiers, too! + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + - Add generation for new Nodes. + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + - Added new operations. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - Add generation for new Nodes. + +2011-07-22 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=65036 + Messing with the register allocation within flow control = badness. + + Reviewed by Sam Weinig. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + - Fix register allocation. + +2011-07-22 Mark Hahnenberg <mhahnenberg@apple.com> + + Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly. + https://bugs.webkit.org/show_bug.cgi?id=63986 + + Reviewed by Geoffrey Garen. + + Changed the implementation of Date.prototype.toISOString() to use the extended year + format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1. + + * runtime/DatePrototype.cpp: + (JSC::dateProtoFuncToISOString): + +2011-07-21 Gavin Barraclough <barraclough@apple.com> + + Windows build fix + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-07-21 Ryosuke Niwa <rniwa@webkit.org> + + Build fix after r91555. + + * JavaScriptCore.exp: + +2011-07-21 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=19271 + eliminate PIC branches by changing NaN handling in JSValue::toNumber + + Reviewed by Sam Weinig. + + Moving the non-numeric cases out of line seems to be a consistent + win on SunSpider for me, to the order of about 0.5%. + + * runtime/JSCell.h: + (JSC::JSCell::JSValue::toNumber): + - Changed to only handle values that are already numbers, moce non-numeric cases out of line. + * runtime/JSValue.cpp: + (JSC::JSValue::toNumberSlowCase): + - Added toNumberSlowCase, handling non-numeric cases. + * runtime/JSValue.h: + - Add declaration of toNumberSlowCase. + +2011-07-21 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64875 + Use of `yield` keyword is broken + + Reviewed by Sam Weinig. + + * parser/Lexer.cpp: + (JSC::Lexer::parseIdentifier): + - The bug here is that a successful match of a RESERVED_IF_STRICT token from + parseKeyword is being nullified back to IDENT. The problem is that in the + case of IDENT matches parseKeyword should not move the lexer's input + position, but in the case of RESERVED_IF_STRICT it has done so. + +2011-07-21 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64900 + Function.prototype.apply should accept an array-like object as its second argument + + Reviewed by Sam Weinig. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/FunctionPrototype.cpp: + (JSC::functionProtoFuncApply): + - Remove the type error if object is not an array. + +2011-07-21 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64964 + DFG JIT - Enable support for eval code + + Reviewed by Sam Weinig. + + This is basically the same as program code, to the JIT! + + * bytecode/Opcode.cpp: + * bytecode/Opcode.h: + - Enable opcodeNames in !NDEBUG builds. + * dfg/DFGOperations.cpp: + - Fix a bug exposed by eval support, throw correct type error for new. + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + - Enable DFG JIT for eval code. + +2011-07-20 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r91380. + http://trac.webkit.org/changeset/91380 + https://bugs.webkit.org/show_bug.cgi?id=64924 + + Caused assertion failures in Chromium's IndexedDB tests + (Requested by rniwa on #webkit). + + * wtf/ThreadIdentifierDataPthreads.cpp: + (WTF::ThreadIdentifierData::identifier): + (WTF::ThreadIdentifierData::initialize): + (WTF::ThreadIdentifierData::initializeKeyOnceHelper): + (WTF::ThreadIdentifierData::initializeKeyOnce): + * wtf/ThreadIdentifierDataPthreads.h: + * wtf/ThreadingPthreads.cpp: + (WTF::initializeThreading): + +2011-07-20 Filip Pizlo <fpizlo@apple.com> + + DFG non-speculative JIT does not use() the aliased GetByVal, + resulting in bloated use counts. + https://bugs.webkit.org/show_bug.cgi?id=64911 + + Reviewed by Gavin Barraclough. + + Inserted a call to use() for the aliased GetByVal. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + +2011-07-20 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64909 + DFG JIT - Missing ToInt32 conversions for double constants. + + Reviewed by Sam Weinig. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::toInt32): + - We cannot trivially omit ToInt32 conversions on double constants. + +2011-07-20 Filip Pizlo <fpizlo@apple.com> + + DFG speculative JIT sometimes claims to use compare operands twice, leading to + use count corruption. + https://bugs.webkit.org/show_bug.cgi?id=64903 + + Reviewed by Gavin Barraclough. + + Move the calls to use() in SpeculativeJIT::compare() so that they only happen + if the JITCodeGenerator's helper method (which also calls use()) is not called. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compare): + +2011-07-20 Oliver Hunt <oliver@apple.com> + + Don't throw away code when JSGarbageCollect API is called + https://bugs.webkit.org/show_bug.cgi?id=64894 + + Reviewed by Sam Weinig. + + Just call collectAllGarbage. That will clean up all unneeded + code without causing any pathological recompilation problems. + + * API/JSBase.cpp: + (JSGarbageCollect): + +2011-07-20 Oliver Hunt <oliver@apple.com> + + Codeblock doesn't visit cached structures in global resolve instructions + https://bugs.webkit.org/show_bug.cgi?id=64889 + + Reviewed by Sam Weinig. + + Visit the global resolve instructions. This fixes a couple + of random crashes seen in the jquery tests when using the + interpreter. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + +2011-07-20 James Robinson <jamesr@chromium.org> + + Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock + https://bugs.webkit.org/show_bug.cgi?id=64841 + + Reviewed by Mark Rowe. + + http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the + monotonic clock instead of WTF::currentTime(). This broke many plugin tests on WebKit2 for reasons that are + unclear. This reverts everything except for WebCore::ThreadTimers back to the previous behavior. + + * wtf/ThreadingPthreads.cpp: + (WTF::ThreadCondition::timedWait): + * wtf/ThreadingWin.cpp: + (WTF::absoluteTimeToWaitTimeoutInterval): + * wtf/gtk/ThreadingGtk.cpp: + (WTF::ThreadCondition::timedWait): + * wtf/qt/ThreadingQt.cpp: + (WTF::ThreadCondition::timedWait): + +2011-07-14 David Levin <levin@chromium.org> + + currentThread is too slow! + https://bugs.webkit.org/show_bug.cgi?id=64577 + + Reviewed by Darin Adler and Dmitry Titov. + + The problem is that currentThread results in a pthread_once call which always takes a lock. + With this change, currentThread is 10% faster than isMainThread in release mode and only + 5% slower than isMainThread in debug. + + * wtf/ThreadIdentifierDataPthreads.cpp: + (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff + which is no longer needed because this is called from initializeThreading(). + (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because + intialization of the pthread key should already be done. + (WTF::ThreadIdentifierData::initialize): Ditto. + * wtf/ThreadIdentifierDataPthreads.h: + * wtf/ThreadingPthreads.cpp: + (WTF::initializeThreading): Acquire the pthread key here. + +2011-07-20 Mark Rowe <mrowe@apple.com> + + Fix the 32-bit build. + + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncToString): + +2011-07-19 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64678 + Fix bugs in Object.prototype this handling. + + Reviewed by Darin Adler. + + Fix ES5.1 correctness issues identified by Mads Ager. + + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncToString): + - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]". + +2011-07-19 Mark Hahnenberg <mhahnenberg@apple.com> + + [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation + https://bugs.webkit.org/show_bug.cgi?id=63918 + + Reviewed by Darin Adler. + + When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost + method due to additional string copying within several of the constructors when dealing with + UStrings. This has been added to the UString version of the appendStringInConstruct method + within the JSString class. + + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + (JSC::RopeBuilder::appendStringInConstruct): + +2011-07-19 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64679 + Fix bugs in Array.prototype this handling. + + Reviewed by Oliver Hunt. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncJoin): + (JSC::arrayProtoFuncConcat): + (JSC::arrayProtoFuncPop): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + (JSC::arrayProtoFuncIndexOf): + (JSC::arrayProtoFuncLastIndexOf): + - These methods should throw if this value is undefined. + +2011-07-19 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64677 + Fix bugs in String.prototype this handling. + + Reviewed by Oliver Hunt. + + undefined/null this values should throw TypeErrors, not convert to + the global object, and primitive values should not be converted via + object types. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncReplace): + (JSC::stringProtoFuncCharAt): + (JSC::stringProtoFuncCharCodeAt): + (JSC::stringProtoFuncIndexOf): + (JSC::stringProtoFuncLastIndexOf): + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + (JSC::stringProtoFuncSlice): + (JSC::stringProtoFuncSplit): + (JSC::stringProtoFuncSubstr): + (JSC::stringProtoFuncSubstring): + (JSC::stringProtoFuncToLowerCase): + (JSC::stringProtoFuncToUpperCase): + (JSC::stringProtoFuncLocaleCompare): + (JSC::stringProtoFuncBig): + (JSC::stringProtoFuncSmall): + (JSC::stringProtoFuncBlink): + (JSC::stringProtoFuncBold): + (JSC::stringProtoFuncFixed): + (JSC::stringProtoFuncItalics): + (JSC::stringProtoFuncStrike): + (JSC::stringProtoFuncSub): + (JSC::stringProtoFuncSup): + (JSC::stringProtoFuncFontcolor): + (JSC::stringProtoFuncFontsize): + (JSC::stringProtoFuncAnchor): + (JSC::stringProtoFuncLink): + (JSC::trimString): + - These methods should throw if this value is undefined, + convert ToString directly, not via ToObject. + +2011-07-19 Filip Pizlo <fpizlo@apple.com> + + DFG JIT sometimes emits spill code even when the respective values + are never needed. + https://bugs.webkit.org/show_bug.cgi?id=64774 + + Reviewed by Gavin Barraclough. + + The main high-level change is that it is now easier to call use() on a + virtual register. JSValueOperand and its other-typed relatives now have + a handy use() method, and jsValueResult() and friends now make it easier to + pass UseChildrenCalledExplicitly. + + The rest of this patch hoists the call to use() as high as possible for + all of those cases where either flushRegisters() or silentSpillAllRegisters() + may be called. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedGetMethod): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq): + (JSC::DFG::JITCodeGenerator::emitBranch): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::use): + (JSC::DFG::JITCodeGenerator::integerResult): + (JSC::DFG::JITCodeGenerator::jsValueResult): + (JSC::DFG::IntegerOperand::use): + (JSC::DFG::DoubleOperand::use): + (JSC::DFG::JSValueOperand::use): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::valueToNumber): + (JSC::DFG::NonSpeculativeJIT::valueToInt32): + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + (JSC::DFG::NonSpeculativeJIT::basicArithOp): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculateStrictInt32Operand::use): + (JSC::DFG::SpeculateCellOperand::use): + +2011-07-19 Xan Lopez <xlopez@igalia.com> + + ARMv7 backend broken, lacks 3 parameter rshift32 method + https://bugs.webkit.org/show_bug.cgi?id=64571 + + Reviewed by Zoltan Herczeg. + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method. + +2011-07-18 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not optimize strict equality as effectively as the old JIT does. + https://bugs.webkit.org/show_bug.cgi?id=64759 + + Reviewed by Gavin Barraclough. + + This adds a more complete set of strict equality optimizations. If either + operand is known numeric, then the code reverts to the old style of optimizing + (first try integer comparison). Otherwise it uses the old JIT's trick of + first simultaneously checking if both operands are either numbers or cells; + if not then a fast path is taken. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): + (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-18 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64760 + DFG JIT - Should be able to compile program code. + + Reviewed by Geoff Garen. + + Add support for op_end, hooks to compile program code in Executable.cpp. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + - Add support for op_end + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileEntry): + (JSC::DFG::JITCompiler::compileBody): + (JSC::DFG::JITCompiler::link): + - Added, separate out steps of compileFunction. + (JSC::DFG::JITCompiler::compile): + - Added, compile program code. + (JSC::DFG::JITCompiler::compileFunction): + - Sections separated out to helper functions. + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::JITCompiler): + - Added m_exceptionCheckCount. + * runtime/Executable.cpp: + (JSC::tryDFGCompile): + (JSC::tryDFGCompileFunction): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code. + +2011-07-18 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64678 + Fix bugs in Object.prototype this handling. + + Reviewed by Oliver Hunt. + + undefined/null this values should throw TypeErrors, not convert to the global object, + also, to toLocaleString should be calling the ToObject & invoking the object's toString + function, even for values that are already strings. + + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncValueOf): + (JSC::objectProtoFuncHasOwnProperty): + (JSC::objectProtoFuncIsPrototypeOf): + (JSC::objectProtoFuncPropertyIsEnumerable): + (JSC::objectProtoFuncToLocaleString): + (JSC::objectProtoFuncToString): + +2011-07-18 Filip Pizlo <fpizlo@apple.com> + + JSC GC lazy sweep does not inline the common cases of cell destruction. + https://bugs.webkit.org/show_bug.cgi?id=64745 + + Reviewed by Oliver Hunt. + + This inlines the case of JSFinalObject destruction. + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::lazySweep): + +2011-07-18 Oliver Hunt <oliver@apple.com> + + Interpreter build-fix + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + +2011-07-18 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not optimize equal-null comparisons and branches. + https://bugs.webkit.org/show_bug.cgi?id=64659 + + Reviewed by Gavin Barraclough. + + Added a peephole-aware compare-to-null implementation to JITCodeGenerator, + which is used by both the speculative and non-speculative JIT. Through + the use of the new isNullConstant helper, the two JITs invoke the + nonSpecualtiveCompareNull() helper instead of their regular comparison + helpers when compiling CompareEq. Through the use of the new isKnownCell + helper, the compare-null code will skip the is-a-cell check if the + speculative JIT had been speculating cell. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isKnownCell): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): + (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::isNullConstant): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-18 James Robinson <jamesr@chromium.org> + + Timer scheduling should be based off the monotonic clock + https://bugs.webkit.org/show_bug.cgi?id=64544 + + Reviewed by Darin Adler. + + Switches ThreadCondition::timedWait and related utility functions from currentTime() to + monotonicallyIncreasingTime(). + + Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/ThreadingPthreads.cpp: + (WTF::ThreadCondition::timedWait): + * wtf/ThreadingWin.cpp: + (WTF::absoluteTimeToWaitTimeoutInterval): + * wtf/gtk/ThreadingGtk.cpp: + (WTF::ThreadCondition::timedWait): + * wtf/qt/ThreadingQt.cpp: + (WTF::ThreadCondition::timedWait): + +2011-07-18 Filip Pizlo <fpizlo@apple.com> + + JSC JIT does not inline GC allocation fast paths + https://bugs.webkit.org/show_bug.cgi?id=64582 + + Reviewed by Oliver Hunt. + + This addresses inlining allocation for the easiest-to-allocate cases: + op_new_object and op_create_this. Inlining GC allocation fast paths + required three changes. First, the JSGlobalData now saves the vtable + pointer of JSFinalObject, since that's what op_new_object and + op_create_this allocate. Second, the Heap exposes a reference to + the appropriate SizeClass, so that the JIT may inline accesses + directly to the SizeClass for JSFinalObject allocations. And third, + the JIT is extended with code to emit inline fast paths for GC + allocation. A stub call is emitted in the case where the inline fast + path fails. + + * heap/Heap.h: + (JSC::Heap::sizeClassFor): + (JSC::Heap::allocate): + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitAllocateJSFinalObject): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_object): + (JSC::JIT::emitSlow_op_new_object): + (JSC::JIT::emit_op_create_this): + (JSC::JIT::emitSlow_op_create_this): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_new_object): + (JSC::JIT::emitSlow_op_new_object): + (JSC::JIT::emit_op_create_this): + (JSC::JIT::emitSlow_op_create_this): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::storeVPtrs): + * runtime/JSGlobalData.h: + * runtime/JSObject.h: + (JSC::JSFinalObject::JSFinalObject): + (JSC::JSObject::offsetOfInheritorID): + +2011-07-18 Mark Hahnenberg <mhahnenberg@apple.com> + + Refactor JSC to replace JSCell::operator new with static create method + https://bugs.webkit.org/show_bug.cgi?id=64466 + + Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com). + + First step in a longer refactoring process to remove the use of + operator new overloading in order to allocate GC objects and to replace + this method with static create methods for each individual type of heap-allocated + JS object. This particular patch only deals with replacing uses of + operator new within JSC proper. Future patches will remove it from the + parts that interface with the DOM. Due to the DOM's continued dependence + on it, operator new has not actually been removed from JSCell. + + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::create): + * API/JSCallbackFunction.h: + (JSC::JSCallbackFunction::create): + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::operator new): + (JSC::JSCallbackObject::create): + * API/JSCallbackObjectFunctions.h: + (JSC::::staticFunctionGetter): + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): + * API/JSContextRef.cpp: + * API/JSObjectRef.cpp: + (JSObjectMake): + (JSObjectMakeFunctionWithCallback): + (JSObjectMakeConstructor): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::createActivation): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + * bytecompiler/BytecodeGenerator.h: + (JSC::BytecodeGenerator::makeFunction): + * bytecompiler/NodesCodegen.cpp: + (JSC::RegExpNode::emitBytecode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + (JSC::Interpreter::retrieveArguments): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jsc.cpp: + (GlobalObject::create): + (GlobalObject::GlobalObject): + (functionRun): + (jscmain): + * runtime/Arguments.h: + (JSC::Arguments::create): + (JSC::Arguments::createNoParameters): + * runtime/ArrayConstructor.cpp: + (JSC::constructArrayWithSizeQuirk): + * runtime/ArrayConstructor.h: + (JSC::ArrayConstructor::create): + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncSplice): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::create): + * runtime/BooleanConstructor.cpp: + (JSC::constructBoolean): + (JSC::constructBooleanFromImmediateBoolean): + * runtime/BooleanConstructor.h: + (JSC::BooleanConstructor::create): + * runtime/BooleanObject.h: + (JSC::BooleanObject::create): + * runtime/BooleanPrototype.h: + (JSC::BooleanPrototype::create): + * runtime/DateConstructor.cpp: + (JSC::constructDate): + * runtime/DateConstructor.h: + (JSC::DateConstructor::create): + * runtime/DateInstance.h: + (JSC::DateInstance::create): + * runtime/DatePrototype.h: + (JSC::DatePrototype::create): + * runtime/Error.cpp: + (JSC::createError): + (JSC::createEvalError): + (JSC::createRangeError): + (JSC::createReferenceError): + (JSC::createSyntaxError): + (JSC::createTypeError): + (JSC::createURIError): + (JSC::StrictModeTypeErrorFunction::create): + (JSC::createTypeErrorFunction): + * runtime/ErrorConstructor.h: + (JSC::ErrorConstructor::create): + * runtime/ErrorInstance.cpp: + (JSC::ErrorInstance::ErrorInstance): + (JSC::ErrorInstance::create): + * runtime/ErrorInstance.h: + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::create): + * runtime/ExceptionHelpers.cpp: + (JSC::InterruptedExecutionError::InterruptedExecutionError): + (JSC::InterruptedExecutionError::create): + (JSC::createInterruptedExecutionException): + (JSC::TerminatedExecutionError::TerminatedExecutionError): + (JSC::TerminatedExecutionError::create): + (JSC::createTerminatedExecutionException): + * runtime/Executable.cpp: + (JSC::FunctionExecutable::FunctionExecutable): + (JSC::FunctionExecutable::fromGlobalCode): + * runtime/Executable.h: + (JSC::ExecutableBase::create): + (JSC::NativeExecutable::create): + (JSC::ScriptExecutable::ScriptExecutable): + (JSC::EvalExecutable::create): + (JSC::ProgramExecutable::create): + (JSC::FunctionExecutable::create): + (JSC::FunctionExecutable::make): + * runtime/FunctionConstructor.cpp: + (JSC::constructFunctionSkippingEvalEnabledCheck): + * runtime/FunctionConstructor.h: + (JSC::FunctionConstructor::create): + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::addFunctionProperties): + * runtime/FunctionPrototype.h: + (JSC::FunctionPrototype::create): + * runtime/GetterSetter.h: + (JSC::GetterSetter::create): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::create): + (JSC::jsAPIValueWrapper): + * runtime/JSActivation.cpp: + (JSC::JSActivation::argumentsGetter): + * runtime/JSActivation.h: + (JSC::JSActivation::create): + * runtime/JSArray.h: + (JSC::JSArray::create): + * runtime/JSCell.h: + (JSC::JSCell::allocateCell): + * runtime/JSFunction.h: + (JSC::JSFunction::create): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::init): + (JSC::JSGlobalObject::reset): + * runtime/JSGlobalObject.h: + (JSC::constructEmptyArray): + (JSC::constructArray): + * runtime/JSNotAnObject.h: + (JSC::JSNotAnObject::create): + * runtime/JSONObject.h: + (JSC::JSONObject::create): + * runtime/JSObject.cpp: + (JSC::JSObject::defineGetter): + (JSC::JSObject::defineSetter): + (JSC::putDescriptor): + * runtime/JSObject.h: + (JSC::JSFinalObject::create): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::create): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::create): + * runtime/JSString.cpp: + (JSC::JSString::substringFromRope): + (JSC::JSString::replaceCharacter): + (JSC::StringObject::create): + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + (JSC::RopeBuilder::create): + (JSC::RopeBuilder::createHasOtherOwner): + (JSC::jsSingleCharacterString): + (JSC::jsSingleCharacterSubstring): + (JSC::jsNontrivialString): + (JSC::jsString): + (JSC::jsSubstring): + (JSC::jsOwnedString): + * runtime/JSValue.cpp: + (JSC::JSValue::toObjectSlowCase): + (JSC::JSValue::synthesizeObject): + (JSC::JSValue::synthesizePrototype): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/MathObject.h: + (JSC::MathObject::create): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::create): + * runtime/NativeErrorPrototype.h: + (JSC::NativeErrorPrototype::create): + * runtime/NumberConstructor.cpp: + (JSC::constructWithNumberConstructor): + * runtime/NumberConstructor.h: + (JSC::NumberConstructor::create): + * runtime/NumberObject.cpp: + (JSC::constructNumber): + * runtime/NumberObject.h: + (JSC::NumberObject::create): + * runtime/NumberPrototype.h: + (JSC::NumberPrototype::create): + * runtime/ObjectConstructor.h: + (JSC::ObjectConstructor::create): + * runtime/ObjectPrototype.h: + (JSC::ObjectPrototype::create): + * runtime/Operations.h: + (JSC::jsString): + * runtime/RegExp.cpp: + (JSC::RegExp::RegExp): + (JSC::RegExp::createWithoutCaching): + (JSC::RegExp::create): + * runtime/RegExp.h: + * runtime/RegExpCache.cpp: + (JSC::RegExpCache::lookupOrCreate): + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::arrayOfMatches): + (JSC::constructRegExp): + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::create): + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::create): + * runtime/RegExpObject.h: + (JSC::RegExpObject::create): + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncCompile): + * runtime/RegExpPrototype.h: + (JSC::RegExpPrototype::create): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::create): + (JSC::ScopeChainNode::push): + * runtime/SmallStrings.cpp: + (JSC::SmallStrings::createEmptyString): + (JSC::SmallStrings::createSingleCharacterString): + * runtime/StringConstructor.cpp: + (JSC::constructWithStringConstructor): + * runtime/StringConstructor.h: + (JSC::StringConstructor::create): + * runtime/StringObject.h: + (JSC::StringObject::create): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::create): + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + * runtime/StringPrototype.h: + (JSC::StringPrototype::create): + * runtime/Structure.h: + (JSC::Structure::create): + (JSC::Structure::createStructure): + * runtime/StructureChain.h: + (JSC::StructureChain::create): + +2011-07-17 Ryuan Choi <ryuan.choi@samsung.com> + + [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash. + https://bugs.webkit.org/show_bug.cgi?id=64337 + + Replace ecore_timer_add to Ecore_Pipe. + This is needed because ecore_timer should not be called in a child thread, + but in the main thread. + + Reviewed by Antonio Gomes. + + * wtf/efl/MainThreadEfl.cpp: + (WTF::pipeObject): + (WTF::monitorDispatchFunctions): + (WTF::initializeMainThreadPlatform): + (WTF::scheduleDispatchFunctionsOnMainThread): + +2011-07-17 Filip Pizlo <fpizlo@apple.com> + + DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline. + https://bugs.webkit.org/show_bug.cgi?id=64637 + + Reviewed by Gavin Barraclough. + + * dfg/DFGOperations.cpp: + +2011-07-16 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64657 + Converted this value not preserved when accessed via direct eval. + + Reviewed by Oliver Hunt. + + Upon entry into a non-strict function, primitive this values should be boxed as Object types + (or substituted with the global object) - which is done by op_convert_this. However we only + do so where this is used lexically within the function (we omit the conversion op if not). + The problem comes if a direct eval (running within the function's scope) accesses the this + value. + + We are safe in the case of a single eval, since the this object will be converted within + callEval, however the converted value is not preserved, and a new wrapper object is allocated + each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper + object will be lost between eval statements. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + - If a function uses eval, we always need to convert this. + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + - Don't convert primitive values here - this is too late! + (JSC::Interpreter::privateExecute): + - Changed op_convert_this to call new isPrimitive method. + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + - Changed op_convert_this to call new isPrimitive method. + * runtime/JSCell.h: + (JSC::JSCell::JSValue::isPrimitive): + - Added JSValue::isPrimitive. + * runtime/JSValue.h: + - Added JSValue::isPrimitive. + +2011-07-16 Filip Pizlo <fpizlo@apple.com> + + DFG JIT compare/branch code emits is-integer tests even when a value is + definitely not an integer. + https://bugs.webkit.org/show_bug.cgi?id=64654 + + Reviewed by Gavin Barraclough. + + Added the isKnownNotInteger() method, which returns true if a node is + definitely not an integer and will always fail any is-integer test. Then + modified the compare and branch code to use this method; if it returns + true then is-int tests are omitted and the compiler always emits a slow + call. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isKnownNotInteger): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): + (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compare): + +2011-07-16 Filip Pizlo <fpizlo@apple.com> + + DFG speculative JIT has dead code for slow calls for branches. + https://bugs.webkit.org/show_bug.cgi?id=64653 + + Reviewed by Gavin Barraclough. + + Removed SpeculativeJIT::compilePeepHoleCall. + + * dfg/DFGSpeculativeJIT.cpp: + * dfg/DFGSpeculativeJIT.h: + +2011-07-15 Mark Rowe <mrowe@apple.com> + + Fix the build. + + * dfg/DFGGraph.h: + +2011-07-15 Gavin Barraclough <barraclough@apple.com> + + NativeError.prototype objects have [[Class]] of "Object" but should be "Error" + https://bugs.webkit.org/show_bug.cgi?id=55346 + + Reviewed by Sam Weinig. + + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + - Switch to putDirect since we're not the only ones tranitioning this Structure now. + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + * runtime/NativeErrorPrototype.h: + - Switch base class to ErrorPrototype. + +2011-07-15 Gavin Barraclough <barraclough@apple.com> + + DFG JIT - Where arguments passed are integers, speculate this. + https://bugs.webkit.org/show_bug.cgi?id=64630 + + Reviewed by Sam Weinig. + + Presently the DFG JIT is overly aggressively predicting double. + Use a bit of dynamic information, and curtail this a little. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::predictArgumentTypes): + - Check for integer arguments. + * dfg/DFGGraph.h: + - Function declaration. + * runtime/Executable.cpp: + (JSC::tryDFGCompile): + (JSC::FunctionExecutable::compileForCallInternal): + - Add call to predictArgumentTypes. + +2011-07-15 Filip Pizlo <fpizlo@apple.com> + + DFG JIT is inconsistent about fusing branches and speculating + integer comparisons for branches. + https://bugs.webkit.org/show_bug.cgi?id=64573 + + Reviewed by Gavin Barraclough. + + This patch moves some of NonSpeculativeJIT's functionality up into the + JITCodeGenerator superclass so that it can be used from both JITs. Now, + in cases where the speculative JIT doesn't want to speculate but still + wants to emit good code, it can reliably emit the same code sequence as + the non-speculative JIT. This patch also extends the non-speculative + JIT's compare optimizations to include compare/branch fusing, and + extends the speculative JIT's compare optimizations to cover StrictEqual. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::isKnownInteger): + (JSC::DFG::JITCodeGenerator::isKnownNumeric): + (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): + (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + * wtf/Platform.h: + +2011-07-14 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64250 + Global strict mode function leaking global object as "this". + + Reviewed by Oliver Hunt. + + The root problem here is that we pass the wrong values into + calls, and then try to fix them up in the callee. Correct + behaviour per the spec is to pass in the value undefined, + as this unless either (1) the function call is based on an + explicit property access or (2) the base of the call comes + directly from a 'with'. + + This change does away with the need for this conversion of + objects (non strict code should only box primitives), and + does away with all this conversion for strict functions. + + This patch may have web compatibility ramifications, and may + require some advocacy. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + - Removed op_convert_this_strict, added op_resolve_with_this. + * bytecode/Opcode.h: + - Removed op_convert_this_strict, added op_resolve_with_this. + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + (JSC::BytecodeGenerator::emitResolveWithThis): + - Removed op_convert_this_strict, added op_resolve_with_this. + * bytecompiler/BytecodeGenerator.h: + - Removed op_convert_this_strict, added op_resolve_with_this. + * bytecompiler/NodesCodegen.cpp: + (JSC::EvalFunctionCallNode::emitBytecode): + (JSC::FunctionCallResolveNode::emitBytecode): + - Removed op_convert_this_strict, added op_resolve_with_this. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - Change NeedsThisConversion check to test for JSString's vptr + (objects no longer need conversion). + * interpreter/Interpreter.cpp: + (JSC::Interpreter::resolveThisAndProperty): + - Based on resolveBaseAndProperty, but produce correct this value. + (JSC::Interpreter::privateExecute): + - Removed op_convert_this_strict, added op_resolve_with_this. + * interpreter/Interpreter.h: + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + - Removed op_convert_this_strict, added op_resolve_with_this. + * jit/JIT.h: + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_resolve_with_this): + - Removed op_convert_this_strict, added op_resolve_with_this. + (JSC::JIT::emit_op_convert_this): + (JSC::JIT::emitSlow_op_convert_this): + - Change NeedsThisConversion check to test for JSString's vptr + (objects no longer need conversion). + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_resolve_with_this): + - Removed op_convert_this_strict, added op_resolve_with_this. + (JSC::JIT::emit_op_convert_this): + (JSC::JIT::emitSlow_op_convert_this): + - Change NeedsThisConversion check to test for JSString's vptr + (objects no longer need conversion). + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + - Removed op_convert_this_strict, added op_resolve_with_this. + * jit/JITStubs.h: + - Removed op_convert_this_strict, added op_resolve_with_this. + * runtime/JSActivation.h: + - removed NeedsThisConversion flag, added IsEnvironmentRecord. + * runtime/JSStaticScopeObject.h: + - removed NeedsThisConversion flag, added IsEnvironmentRecord. + * runtime/JSString.h: + (JSC::RopeBuilder::createStructure): + - removed NeedsThisConversion. + * runtime/JSTypeInfo.h: + (JSC::TypeInfo::isEnvironmentRecord): + (JSC::TypeInfo::overridesHasInstance): + - removed NeedsThisConversion flag, added IsEnvironmentRecord. + * runtime/JSValue.h: + - removed NeedsThisConversion. + * runtime/JSVariableObject.h: + - Corrected StructureFlags inheritance. + * runtime/StrictEvalActivation.h: + (JSC::StrictEvalActivation::createStructure): + - Added IsEnvironmentRecord to StructureFlags, addded createStructure. + * runtime/Structure.h: + - removed NeedsThisConversion. + * tests/mozilla/ecma/String/15.5.4.6-2.js: + (getTestCases): + - Removed invalid test case. + +2011-07-15 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r91082, r91087, and r91089. + http://trac.webkit.org/changeset/91082 + http://trac.webkit.org/changeset/91087 + http://trac.webkit.org/changeset/91089 + https://bugs.webkit.org/show_bug.cgi?id=64616 + + gtk tests are failing a lot after this change. (Requested by + dave_levin on #webkit). + + * wtf/ThreadIdentifierDataPthreads.cpp: + (WTF::ThreadIdentifierData::identifier): + (WTF::ThreadIdentifierData::initialize): + (WTF::ThreadIdentifierData::initializeKeyOnceHelper): + (WTF::ThreadIdentifierData::initializeKeyOnce): + * wtf/ThreadIdentifierDataPthreads.h: + * wtf/ThreadingPthreads.cpp: + (WTF::initializeThreading): + +2011-07-15 David Levin <levin@chromium.org> + + Another attempted build fix. + + * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick + up the definition of PTHREAD_KEYS_MAX. + +2011-07-15 David Levin <levin@chromium.org> + + Chromium build fix. + + * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick + up the definition of PTHREAD_KEYS_MAX. + +2011-07-14 David Levin <levin@chromium.org> + + currentThread is too slow! + https://bugs.webkit.org/show_bug.cgi?id=64577 + + Reviewed by Darin Adler and Dmitry Titov. + + The problem is that currentThread results in a pthread_once call which always takes a lock. + With this change, currentThread is 10% faster than isMainThread in release mode and only + 5% slower than isMainThread in debug. + + * wtf/ThreadIdentifierDataPthreads.cpp: + (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff + which is no longer needed because this is called from initializeThreading(). + (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because + intialization of the pthread key should already be done. + (WTF::ThreadIdentifierData::initialize): Ditto. + * wtf/ThreadIdentifierDataPthreads.h: + * wtf/ThreadingPthreads.cpp: + (WTF::initializeThreading): Acquire the pthread key here. + +2011-07-14 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not optimize Branch as well as it could. + https://bugs.webkit.org/show_bug.cgi?id=64574 + + Reviewed by Gavin Barraclough. + + This creates a common code path for emitting unfused branches, which does + no speculation, and only performs a slow call if absolutely necessary. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitBranch): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-14 Filip Pizlo <fpizlo@apple.com> + + GC allocation fast path has too many operations. + https://bugs.webkit.org/show_bug.cgi?id=64493 + + Reviewed by Darin Adler. + + Changed the timing of the lazy sweep so that it occurs when we land on + a previously-unsweeped block, rather than whenever we land on an unsweeped + cell. After the per-block lazy sweep occurs, the block is turned into a + singly linked list of free cells. The allocation fast path is now just a + load-branch-store to remove a cell from the head of the list. + + Additionally, this changes the way new blocks are allocated. Previously, + they would be populated with dummy cells. With this patch, they are + turned into a free list, which means that there will never be destructor + calls for allocations in fresh blocks. + + These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on + SunSpider. There are no observed statistically significant slow-downs + on any individual benchmark. + + * JavaScriptCore.exp: + * heap/Heap.cpp: + (JSC::Heap::allocateSlowCase): + (JSC::Heap::collect): + (JSC::Heap::canonicalizeBlocks): + (JSC::Heap::resetAllocator): + * heap/Heap.h: + (JSC::Heap::forEachProtectedCell): + (JSC::Heap::forEachCell): + (JSC::Heap::forEachBlock): + (JSC::Heap::allocate): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + (JSC::MarkedBlock::lazySweep): + (JSC::MarkedBlock::blessNewBlockForFastPath): + (JSC::MarkedBlock::blessNewBlockForSlowPath): + (JSC::MarkedBlock::canonicalizeBlock): + * heap/MarkedBlock.h: + * heap/NewSpace.cpp: + (JSC::NewSpace::addBlock): + (JSC::NewSpace::canonicalizeBlocks): + * heap/NewSpace.h: + (JSC::NewSpace::allocate): + (JSC::NewSpace::SizeClass::SizeClass): + (JSC::NewSpace::SizeClass::canonicalizeBlock): + * heap/OldSpace.cpp: + (JSC::OldSpace::addBlock): + +2011-07-14 Filip Pizlo <fpizlo@apple.com> + + DFG JIT crashes on host constructor calls in debug mode. + https://bugs.webkit.org/show_bug.cgi?id=64562 + + Reviewed by Gavin Barraclough. + + Fixed the relevant ASSERT. + + * dfg/DFGOperations.cpp: + +2011-07-14 Filip Pizlo <fpizlo@apple.com> + + DFG speculative JIT contains a FIXME for rewinding speculative code generation that + has already been fixed. + https://bugs.webkit.org/show_bug.cgi?id=64022 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + +2011-07-14 Ryuan Choi <ryuan.choi@samsung.com> + + [EFL] Add OwnPtr specialization for Ecore_Pipe. + https://bugs.webkit.org/show_bug.cgi?id=64515 + + Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port. + + Reviewed by Xan Lopez. + + * wtf/OwnPtrCommon.h: + * wtf/efl/OwnPtrEfl.cpp: + (WTF::deleteOwnedPtr): + +2011-07-14 Filip Pizlo <fpizlo@apple.com> + + DFG JIT unnecessarily boxes and unboxes values during silent spilling. + https://bugs.webkit.org/show_bug.cgi?id=64068 + + Reviewed by Gavin Barraclough. + + Silent spilling and filling of registers is done during slow-path C + function calls. The silent spill/fill logic does not affect register + allocation on paths that don't involve the C function call. + + This changes the silent spilling code to spill in unboxed form. The + silent fill will refill in whatever form the register was spilled in. + For example, the silent spill code may choose not to spill the register + because it was already spilled previously, which would imply that it + was spilled in boxed form. The filling code detects this and either + unboxes, or not, depending on what is appropriate. + + This change also results in a simplification of the silent spill/fill + API: silent spilling no longer needs to know about the set of registers + that cannot be trampled, since it never does boxing and hence does not + need a temporary register. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentSpillGPR): + (JSC::DFG::JITCodeGenerator::silentSpillFPR): + (JSC::DFG::JITCodeGenerator::silentFillFPR): + (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::valueToNumber): + (JSC::DFG::NonSpeculativeJIT::valueToInt32): + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + (JSC::DFG::NonSpeculativeJIT::basicArithOp): + (JSC::DFG::NonSpeculativeJIT::compare): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-13 Michael Saboff <msaboff@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64202 + Enh: Improve handling of RegExp in the form of /.*blah.*/ + + Reviewed by Gavin Barraclough. + + Added code to both the Yarr interpreter and JIT to handle + these expressions a little differently. First off, the terms + in between the leading and trailing .*'s cannot capture and + also this enhancement is limited to single alternative expressions. + If an expression is of the right form with the aforementioned + restrictions, we process the inner terms and then look for the + beginning of the string and end of the string. There is handling + for multiline expressions to allow the beginning and end to be + right after and right before newlines. + + This enhancement speeds up expressions of this type 12x on + a MacBookPro. + + Cleaned up 'case' statement indentation. + + A new set of tests was added as LayoutTests/fast/regex/dotstar.html + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::InputStream::end): + (JSC::Yarr::Interpreter::matchDotStarEnclosure): + (JSC::Yarr::Interpreter::matchDisjunction): + (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure): + (JSC::Yarr::ByteCompiler::emitDisjunction): + * yarr/YarrInterpreter.h: + (JSC::Yarr::ByteTerm::DotStarEnclosure): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generateDotStarEnclosure): + (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure): + (JSC::Yarr::YarrGenerator::generateTerm): + (JSC::Yarr::YarrGenerator::backtrackTerm): + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets): + (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms): + (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions): + (JSC::Yarr::YarrPattern::compile): + * yarr/YarrPattern.h: + (JSC::Yarr::PatternTerm::PatternTerm): + +2011-07-13 Xan Lopez <xlopez@igalia.com> + + [GTK] Fix distcheck + + Reviewed by Martin Robinson. + + * GNUmakefile.list.am: add missing files. + +2011-07-13 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not implement prototype chain or list caching for get_by_id. + https://bugs.webkit.org/show_bug.cgi?id=64147 + + Reviewed by Gavin Barraclough. + + This implements unified support for prototype caching, prototype chain + caching, and polymorphic (i.e. list) prototype and prototype chain + caching. This is done by creating common code for emitting prototype + or chain access stubs, and having it factored out into + generateProtoChainAccessStub(). This function is called by + tryCacheGetByID once the latter determines that some form of prototype + access caching is necessary (i.e. the slot being accessed is not on the + base value but on some other object). + + Direct prototype list, and prototype chain list, caching is implemented by + linking the slow path to operationGetByIdProtoBuildList(), which uses the + same helper function (generateProtoChainAccessStub()) as tryCacheGetByID. + + This change required ensuring that the value in the scratchGPR field in + StructureStubInfo is preserved even after the stub info is in the + chain, or proto_list, states. Hence scratchGPR was moved out of the union + and into the top-level of StructureStubInfo. + + * bytecode/StructureStubInfo.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::emitRestoreScratch): + (JSC::DFG::linkRestoreScratch): + (JSC::DFG::generateProtoChainAccessStub): + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::tryBuildGetByIDProtoList): + (JSC::DFG::dfgBuildGetByIDProtoList): + (JSC::DFG::tryCachePutByID): + * dfg/DFGRepatch.h: + +2011-07-12 Brent Fulgham <bfulgham@webkit.org> + + Standardize WinCairo conditionalized code under PLATFORM macro. + https://bugs.webkit.org/show_bug.cgi?id=64377 + + Reviewed by Maciej Stachowiak. + + * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests. + +2011-07-13 David Levin <levin@chromium.org> + + Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger. + https://bugs.webkit.org/show_bug.cgi?id=64465 + + Reviewed by Dmitry Titov. + + There isn't a good way to test this as it is very highly unlikely to occur. + + * wtf/ThreadIdentifierDataPthreads.cpp: + (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization + isn't thread-safe, change the initialization to be global. + +2011-07-12 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64424 + Our direct eval behaviour deviates slightly from the spec. + + Reviewed by Oliver Hunt. + + The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where + behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();" + or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables + may be introduced into the caller's environment. + + ES5 direct calls are any call where the callee function is provided by a reference, a base + of that Reference is an EnvironmentRecord (this corresponds to all productions + "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name + of the reference is "eval". This means any expression of the form "eval(...)", and that + calls the standard built in eval method from on the Global Object, is considered to be + direct. + + In JavaScriptCore we are currently overly restrictive. We also check that the + EnvironmentRecord that is the base of the reference is the Declaractive Environment Record + at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement + that hits a var eval in a nested scope is not considered to be direct. This behaviour does + not emanate from the spec, and is incorrect. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + - Fixed direct eval check in op_call_eval. + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + - Fixed direct eval check in op_call_eval. + * runtime/Executable.h: + (JSC::isHostFunction): + - Added check for host function with specific NativeFunction. + +2011-07-13 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org> + + Reviewed by Andreas Kling. + + Broken build on QNX + https://bugs.webkit.org/show_bug.cgi?id=63717 + + QNX doesn't support pthread's SA_RESTART (required by + JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a + few minor compilation errors here and there. + + Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also + tested by him on QNX v6.5 (x86) + + * wtf/DateMath.cpp: fix usage of abs/labs + * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS + * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them) + +2011-07-12 Anders Carlsson <andersca@apple.com> + + If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition + https://bugs.webkit.org/show_bug.cgi?id=64429 + + Include the cstddef which has the nullptr_t typedef according to the C++0x standard. + + * wtf/NullPtr.h: + +2011-07-13 MORITA Hajime <morrita@google.com> + + Refactoring: Ignored ExceptionCode value should be less annoying. + https://bugs.webkit.org/show_bug.cgi?id=63688 + + Added ASSERT_AT macro. + + Reviewed by Darin Adler. + + * wtf/Assertions.h: + +2011-07-12 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not implement op_construct. + https://bugs.webkit.org/show_bug.cgi?id=64066 + + Reviewed by Gavin Barraclough. + + This is a fixed implementation of op_construct. Constructor calls are implemented + by reusing almost all of the code for Call, with care taken to make sure that + where the are differences (like selecting different code blocks), those differences + are respected. The two fixes over the last patch are: (1) make sure the + CodeBlock::unlinkCalls respects differences between Call and Construct, and (2) + make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind + (either CodeForCall or CodeForConstruct) when invoking the compiler. + + * dfg/DFGAliasTracker.h: + (JSC::DFG::AliasTracker::recordConstruct): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addCall): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgLinkFor): + * dfg/DFGRepatch.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/CodeBlock.cpp: + (JSC::CodeBlock::unlinkCalls): + +2011-07-12 Oliver Hunt <oliver@apple.com> + + Overzealous type validation in method_check + https://bugs.webkit.org/show_bug.cgi?id=64415 + + Reviewed by Gavin Barraclough. + + method_check is essentially just a value look up + optimisation, but it internally stores the value + as a JSFunction, even though it never relies on + this fact. Under GC validation however we end up + trying to enforce that assumption. The fix is + simply to store the value as a correct supertype. + + * bytecode/CodeBlock.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgRepatchGetMethodFast): + (JSC::DFG::tryCacheGetMethod): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::patchMethodCallProto): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + +2011-07-12 Filip Pizlo <fpizlo@apple.com> + + COLLECT_ON_EVERY_ALLOCATION no longer works. + https://bugs.webkit.org/show_bug.cgi?id=64388 + + Reviewed by Oliver Hunt. + + Added a flag to Heap that determines if it's safe to collect (which for now means that + JSGlobalObject has actually been initialized, but it should work for other things, too). + This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of + GCing it just grows the heap, if necessary. + + Then changed Heap::allocate() to not recurse ad infinitum when + COLLECT_ON_EVERY_ALLOCATION is set. This also makes the allocator generally more + resilient against bugs; this change allowed me to put in handy assertions, such as that + an allocation must succeed after either a collection or after a new block was added. + + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::tryAllocate): + (JSC::Heap::allocate): + (JSC::Heap::collectAllGarbage): + (JSC::Heap::collect): + * heap/Heap.h: + (JSC::Heap::notifyIsSafeToCollect): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + +2011-07-12 Filip Pizlo <fpizlo@apple.com> + + DFG JIT put_by_id transition caching does not inform the GC about the structure and + prototype chain that it is referencing. + https://bugs.webkit.org/show_bug.cgi?id=64387 + + Reviewed by Gavin Barraclough. + + Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition(). + + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCachePutByID): + +2011-07-12 Adam Roben <aroben@apple.com> + + Ensure no intermediate WTF::Strings are created when concatenating with string literals + + Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using + operator+ is suboptimal + + Reviewed by Darin Adler. + + * wtf/text/StringConcatenate.h: + (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how + many WTF::Strings get copied while evaluating an operator+ expression. + + * wtf/text/StringOperators.h: + (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand + side, since operator+ is left-associative. Having the StringAppend on the right-hand side + was causing us to make intermediate WTF::Strings when evaluating expressions that contained + multiple calls to operator+. Added some more overloads for that take a left-hand side of + const char* to resolve overload ambiguity for certain expressions. Added overloads that take + a left-hand side of const UChar* (matching the const char* overloads) so that wide string + literals don't first have to be converted to a WTF::String in operator+ expressions. + +2011-07-12 Adam Roben <aroben@apple.com> + + Unreviewed, rolling out r90811. + http://trac.webkit.org/changeset/90811 + https://bugs.webkit.org/show_bug.cgi?id=61025 + + Several svg tests failing assertions beneath + SVGSMILElement::findInstanceTime + + * wtf/StdLibExtras.h: + (WTF::binarySearch): + +2011-07-12 Oliver Varga <Varga.Oliver@stud.u-szeged.hu> + + Reviewed by Nikolas Zimmermann. + + Speed up SVGSMILElement::findInstanceTime. + https://bugs.webkit.org/show_bug.cgi?id=61025 + + Add a new parameter to StdlibExtras.h::binarySerarch function + to also handle cases when the array does not contain the key value. + This is needed for an svg function. + + * wtf/StdLibExtras.h: + (WTF::binarySearch): + +2011-07-11 Filip Pizlo <fpizlo@apple.com> + + DFG speculative JIT does not guard itself against floating point speculation + failures on non-floating-point constants. + https://bugs.webkit.org/show_bug.cgi?id=64330 + + Reviewed by Gavin Barraclough. + + Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as + soon as it notices that it's speculating on something that is a non-numeric + JSConstant. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + +2011-07-11 Filip Pizlo <fpizlo@apple.com> + + DFG Speculative JIT does not always insert speculation checks when speculating + arrays. + https://bugs.webkit.org/show_bug.cgi?id=64254 + + Reviewed by Gavin Barraclough. + + Changed the SetLocal instruction to always validate that the value being stored + into the local variable is an array, if that variable was marked PredictArray. + This is necessary since uses of arrays assume that if a PredictArray value is + in a local variable then the speculation check validating that the value is an + array was already performed. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-11 Gabor Loki <loki@webkit.org> + + Fix the condition of the optimized code in doubleTransfer + https://bugs.webkit.org/show_bug.cgi?id=64261 + + Reviewed by Zoltan Herczeg. + + The condition of the optimized code in doubleTransfer is wrong. The + data transfer should be executed with four bytes aligned address. + VFP cannot perform unaligned memory access. + + Reported by Jacob Bramley. + + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::doubleTransfer): + +2011-07-11 Gabor Loki <loki@webkit.org> + + Signed arithmetic bug in dataTransfer32. + https://bugs.webkit.org/show_bug.cgi?id=64257 + + Reviewed by Zoltan Herczeg. + + An arithmetic bug is fixed. If the offset of dataTransfer is half of the + addressable memory space on a 32-bit machine (-2147483648 = 0x80000000) + a load instruction is emitted with a wrong zero offset. + + Inspired by Jacob Bramley's patch from JaegerMonkey. + + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::dataTransfer32): + +2011-07-09 Thouraya Andolsi <thouraya.andolsi@st.com> + + Fix unaligned userspace access for SH4 platforms. + https://bugs.webkit.org/show_bug.cgi?id=62993 + + * wtf/Platform.h: + +2011-07-09 Chao-ying Fu <fu@mips.com> + + Fix MIPS build due to readInt32 and readPointer + https://bugs.webkit.org/show_bug.cgi?id=63962 + + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::readInt32): + (JSC::MIPSAssembler::readPointer): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::rshift32): + +2011-07-08 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=64181 + REGRESSION (r90602): Gmail doesn't load + + Rolling out r90601, r90602. + + * dfg/DFGAliasTracker.h: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addVarArgChild): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::dfgLinkCall): + * dfg/DFGRepatch.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/JSObject.h: + (JSC::JSObject::isUsingInlineStorage): + +2011-07-08 Kalev Lember <kalev@smartlink.ee> + + Reviewed by Adam Roben. + + Add missing _WIN32_WINNT and WINVER definitions + https://bugs.webkit.org/show_bug.cgi?id=59702 + + Moved _WIN32_WINNT and WINVER definitions to config.h so that they are + available for all source files. + + In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and + DeleteTimerQueueTimer which are both guarded by + #if (_WIN32_WINNT >= 0x0500) + in MinGW headers. + + * config.h: + * wtf/Assertions.cpp: + +2011-07-08 Chang Shu <cshu@webkit.org> + + Rename "makeSecure" to "fill" and remove the support for displaying last character + to avoid layering violatation. + https://bugs.webkit.org/show_bug.cgi?id=59114 + + Reviewed by Alexey Proskuryakov. + + * JavaScriptCore.exp: + * JavaScriptCore.order: + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::fill): + * wtf/text/StringImpl.h: + * wtf/text/WTFString.h: + (WTF::String::fill): + +2011-07-08 Benjamin Poulain <benjamin@webkit.org> + + [WK2] Do not forward touch events to the web process when it does not need them + https://bugs.webkit.org/show_bug.cgi?id=64164 + + Reviewed by Kenneth Rohde Christiansen. + + Add a convenience function to obtain a reference to the last element of a Deque. + + * wtf/Deque.h: + (WTF::Deque::last): + +2011-07-07 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not implement op_construct. + https://bugs.webkit.org/show_bug.cgi?id=64066 + + Reviewed by Gavin Barraclough. + + * dfg/DFGAliasTracker.h: + (JSC::DFG::AliasTracker::recordConstruct): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addCall): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgLinkFor): + * dfg/DFGRepatch.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-07 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not implement get_by_id prototype caching. + https://bugs.webkit.org/show_bug.cgi?id=64077 + + Reviewed by Gavin Barraclough. + + * dfg/DFGRepatch.cpp: + (JSC::DFG::emitRestoreScratch): + (JSC::DFG::linkRestoreScratch): + (JSC::DFG::tryCacheGetByID): + * runtime/JSObject.h: + (JSC::JSObject::addressOfPropertyAtOffset): + +2011-07-07 Filip Pizlo <fpizlo@apple.com> + + DFG JIT method_check implementation does not link to optimized get_by_id + slow path. + https://bugs.webkit.org/show_bug.cgi?id=64073 + + Reviewed by Gavin Barraclough. + + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgRepatchGetMethodFast): + +2011-07-07 Oliver Hunt <oliver@apple.com> + + Encode jump and link sizes into the appropriate enums + https://bugs.webkit.org/show_bug.cgi?id=64123 + + Reviewed by Sam Weinig. + + Finally kill off the out of line jump and link size arrays, + so we can avoid icky loads and constant fold the linking arithmetic. + + * assembler/ARMv7Assembler.cpp: + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::jumpSizeDelta): + (JSC::ARMv7Assembler::computeJumpType): + +2011-07-06 Juan C. Montemayor <jmont@apple.com> + + ASSERT_NOT_REACHED running test 262 + https://bugs.webkit.org/show_bug.cgi?id=63951 + + Added a case to the switch statement where the code was failing. Fixed + some logic as well that gave faulty error messages. + + Reviewed by Gavin Barraclough. + + * parser/JSParser.cpp: + (JSC::JSParser::getTokenName): + (JSC::JSParser::updateErrorMessageSpecialCase): + (JSC::JSParser::updateErrorMessage): + +2011-07-06 Filip Pizlo <fpizlo@apple.com> + + DFG JIT implementation of op_call results in regressions on sunspider + controlflow-recursive. + https://bugs.webkit.org/show_bug.cgi?id=64039 + + Reviewed by Gavin Barraclough. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::isSmallInt32Constant): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isInteger): + +2011-07-06 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not support method_check + https://bugs.webkit.org/show_bug.cgi?id=63972 + + Reviewed by Gavin Barraclough. + + * assembler/CodeLocation.h: + (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeBlock.h: + (JSC::MethodCallLinkInfo::MethodCallLinkInfo): + (JSC::MethodCallLinkInfo::seenOnce): + (JSC::MethodCallLinkInfo::setSeen): + * dfg/DFGAliasTracker.h: + (JSC::DFG::AliasTracker::recordGetMethod): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedGetMethod): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addMethodGet): + (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasIdentifier): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgRepatchGetMethodFast): + (JSC::DFG::tryCacheGetMethod): + (JSC::DFG::dfgRepatchGetMethod): + * dfg/DFGRepatch.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITWriteBarrier.h: + (JSC::JITWriteBarrier::set): + +2011-07-06 Filip Pizlo <fpizlo@apple.com> + + DFG JIT op_call implementation will flush registers even when those registers are dead + https://bugs.webkit.org/show_bug.cgi?id=64023 + + Reviewed by Gavin Barraclough. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::integerResult): + (JSC::DFG::JITCodeGenerator::noResult): + (JSC::DFG::JITCodeGenerator::cellResult): + (JSC::DFG::JITCodeGenerator::jsValueResult): + (JSC::DFG::JITCodeGenerator::doubleResult): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-06 Filip Pizlo <fpizlo@apple.com> + + DFG speculative JIT may crash when speculating int on a non-int JSConstant. + https://bugs.webkit.org/show_bug.cgi?id=64017 + + Reviewed by Gavin Barraclough. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-06 Dmitriy Vyukov <dvyukov@google.com> + + Reviewed by David Levin. + + Allow substitution of dynamic annotations and prevent identical code folding by the linker. + https://bugs.webkit.org/show_bug.cgi?id=62443 + + * wtf/DynamicAnnotations.cpp: + (WTFAnnotateBenignRaceSized): + (WTFAnnotateHappensBefore): + (WTFAnnotateHappensAfter): + +2011-07-06 Zoltan Herczeg <zherczeg@inf.u-szeged.hu> + + Calls on 32 bit machines are failed after r90423 + https://bugs.webkit.org/show_bug.cgi?id=63980 + + Reviewed by Gavin Barraclough. + + Copy the necessary lines from JITCall.cpp. + + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCall): + +2011-07-05 Filip Pizlo <fpizlo@apple.com> + + DFG JIT virtual call implementation is inefficient. + https://bugs.webkit.org/show_bug.cgi?id=63974 + + Reviewed by Gavin Barraclough. + + * dfg/DFGOperations.cpp: + * runtime/Executable.h: + (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck): + (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck): + (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor): + (JSC::ExecutableBase::hasJITCodeForCall): + (JSC::ExecutableBase::hasJITCodeForConstruct): + (JSC::ExecutableBase::hasJITCodeFor): + * runtime/JSFunction.h: + (JSC::JSFunction::scopeUnchecked): + +2011-07-05 Oliver Hunt <oliver@apple.com> + + Force inlining of simple functions that show up as not being inlined + https://bugs.webkit.org/show_bug.cgi?id=63964 + + Reviewed by Gavin Barraclough. + + Looking at profile data indicates the gcc is failing to inline a + number of trivial functions. This patch hits the ones that show + up in profiles with the ALWAYS_INLINE hammer. + + We also replace the memcpy() call in linking with a manual loop. + Apparently memcpy() is almost never faster than an inlined loop. + + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::add): + (JSC::ARMv7Assembler::add_S): + (JSC::ARMv7Assembler::ARM_and): + (JSC::ARMv7Assembler::asr): + (JSC::ARMv7Assembler::b): + (JSC::ARMv7Assembler::blx): + (JSC::ARMv7Assembler::bx): + (JSC::ARMv7Assembler::clz): + (JSC::ARMv7Assembler::cmn): + (JSC::ARMv7Assembler::cmp): + (JSC::ARMv7Assembler::eor): + (JSC::ARMv7Assembler::it): + (JSC::ARMv7Assembler::ldr): + (JSC::ARMv7Assembler::ldrCompact): + (JSC::ARMv7Assembler::ldrh): + (JSC::ARMv7Assembler::ldrb): + (JSC::ARMv7Assembler::lsl): + (JSC::ARMv7Assembler::lsr): + (JSC::ARMv7Assembler::movT3): + (JSC::ARMv7Assembler::mov): + (JSC::ARMv7Assembler::movt): + (JSC::ARMv7Assembler::mvn): + (JSC::ARMv7Assembler::neg): + (JSC::ARMv7Assembler::orr): + (JSC::ARMv7Assembler::orr_S): + (JSC::ARMv7Assembler::ror): + (JSC::ARMv7Assembler::smull): + (JSC::ARMv7Assembler::str): + (JSC::ARMv7Assembler::sub): + (JSC::ARMv7Assembler::sub_S): + (JSC::ARMv7Assembler::tst): + (JSC::ARMv7Assembler::linkRecordSourceComparator): + (JSC::ARMv7Assembler::link): + (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8): + (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3): + (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3): + (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8): + (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143): + (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7): + (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3): + (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours): + (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours): + (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16): + (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm): + (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12): + (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp): + (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::linkCode): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::nearCall): + (JSC::MacroAssemblerARMv7::call): + (JSC::MacroAssemblerARMv7::ret): + (JSC::MacroAssemblerARMv7::moveWithPatch): + (JSC::MacroAssemblerARMv7::branchPtrWithPatch): + (JSC::MacroAssemblerARMv7::storePtrWithPatch): + (JSC::MacroAssemblerARMv7::tailRecursiveCall): + (JSC::MacroAssemblerARMv7::makeTailRecursiveCall): + (JSC::MacroAssemblerARMv7::jump): + (JSC::MacroAssemblerARMv7::makeBranch): + +2011-07-05 Zoltan Herczeg <zherczeg@inf.u-szeged.hu> + + Make "Add optimised paths for a few maths functions" work on Qt + https://bugs.webkit.org/show_bug.cgi?id=63893 + + Reviewed by Oliver Hunt. + + Move the generated code to the .text section instead of .data section. + Fix alignment for the 32 bit thunk code. + + * jit/ThunkGenerators.cpp: + +2011-07-05 Filip Pizlo <fpizlo@apple.com> + + DFG JIT does not implement op_call. + https://bugs.webkit.org/show_bug.cgi?id=63858 + + Reviewed by Gavin Barraclough. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::unlinkCalls): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::setNumberOfCallLinkInfos): + (JSC::CodeBlock::numberOfCallLinkInfos): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitConstruct): + * dfg/DFGAliasTracker.h: + (JSC::DFG::AliasTracker::lookupGetByVal): + (JSC::DFG::AliasTracker::recordCall): + (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::toInt32): + (JSC::DFG::ByteCodeParser::addToGraph): + (JSC::DFG::ByteCodeParser::addVarArgChild): + (JSC::DFG::ByteCodeParser::predictInt32): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::opName): + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::refChildren): + * dfg/DFGGraph.h: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::useChildren): + (JSC::DFG::JITCodeGenerator::emitCall): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::addressOfCallData): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (JSC::DFG::CallRecord::CallRecord): + (JSC::DFG::JITCompiler::notifyCall): + (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck): + (JSC::DFG::JITCompiler::addJSCall): + (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): + (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): + * dfg/DFGNode.h: + (JSC::DFG::Node::Node): + (JSC::DFG::Node::child1): + (JSC::DFG::Node::child2): + (JSC::DFG::Node::child3): + (JSC::DFG::Node::firstChild): + (JSC::DFG::Node::numChildren): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::basicArithOp): + (JSC::DFG::NonSpeculativeJIT::compare): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgLinkCall): + * dfg/DFGRepatch.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::compilePeepHoleCall): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): + * interpreter/CallFrame.h: + (JSC::ExecState::calleeAsValue): + * jit/JIT.cpp: + (JSC::JIT::JIT): + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + (JSC::JIT::linkCall): + (JSC::JIT::linkConstruct): + * jit/JITCall.cpp: + (JSC::JIT::compileOpCall): + * jit/JITCode.h: + (JSC::JITCode::JITCode): + (JSC::JITCode::jitType): + (JSC::JITCode::HostFunction): + * runtime/JSFunction.h: + * runtime/JSGlobalData.h: + +2011-07-05 Oliver Hunt <oliver@apple.com> + + Initialize new MarkStack member + + * heap/MarkStack.h: + (JSC::MarkStack::MarkStack): + +2011-07-05 Oliver Hunt <oliver@apple.com> + + Don't throw out compiled code repeatedly + https://bugs.webkit.org/show_bug.cgi?id=63960 + + Reviewed by Gavin Barraclough. + + Stop throwing away all compiled code every time + we're told to do a full GC. Instead unlink all + callsites during such GC passes to maximise the + number of collectable functions, but otherwise + leave compiled functions alone. + + * API/JSBase.cpp: + (JSGarbageCollect): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * heap/Heap.cpp: + (JSC::Heap::collectAllGarbage): + * heap/MarkStack.h: + (JSC::MarkStack::shouldUnlinkCalls): + (JSC::MarkStack::setShouldUnlinkCalls): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::recompileAllJSFunctions): + (JSC::JSGlobalData::releaseExecutableMemory): + * runtime/RegExp.cpp: + (JSC::RegExp::compile): + (JSC::RegExp::invalidateCode): + * runtime/RegExp.h: + +2011-07-05 Filip Pizlo <fpizlo@apple.com> + + JSC JIT has code duplication for the handling of call and construct + https://bugs.webkit.org/show_bug.cgi?id=63957 + + Reviewed by Gavin Barraclough. + + * jit/JIT.cpp: + (JSC::JIT::linkFor): + * jit/JIT.h: + * jit/JITStubs.cpp: + (JSC::jitCompileFor): + (JSC::DEFINE_STUB_FUNCTION): + (JSC::arityCheckFor): + (JSC::lazyLinkFor): + * runtime/Executable.h: + (JSC::ExecutableBase::generatedJITCodeFor): + (JSC::FunctionExecutable::compileFor): + (JSC::FunctionExecutable::isGeneratedFor): + (JSC::FunctionExecutable::generatedBytecodeFor): + (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor): + +2011-07-05 Gavin Barraclough <barraclough@apple.com> + + Build fix following last patch. + + * runtime/JSFunction.cpp: + (JSC::createPrototypeProperty): + +2011-07-05 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=63947 + ASSERT running Object.preventExtensions(Math.sin) + + Reviewed by Oliver Hunt. + + This is due to calling scope() on a hostFunction as a part of + calling createPrototypeProperty to reify the prototype property. + But host functions don't have a prototype property anyway! + + Prevent callling createPrototypeProperty on a host function. + + * runtime/JSFunction.cpp: + (JSC::JSFunction::createPrototypeProperty): + (JSC::JSFunction::preventExtensions): + +2011-07-04 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=63880 + Evaluation order of conversions of operands to >, >= incorrect. + + Reviewed by Sam Weinig. + + Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5 + spec. This allows these methods to be reused to perform >, >= relational compares + with correct ordering of type conversions. + + * dfg/DFGOperations.cpp: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Operations.h: + (JSC::jsLess): + (JSC::jsLessEq): + +2011-07-04 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=16652 + Firefox and JavaScriptCore differ in Number.toString(integer) + + Our arbitrary radix (2..36) toString conversion is inaccurate. + This is partly because it uses doubles to perform math that requires + higher accuracy, and partly becasue it does not attempt to correctly + detect where to terminate, instead relying on a simple 'epsilon'. + + * runtime/NumberPrototype.cpp: + (JSC::decomposeDouble): + - helper function to extract sign, exponent, mantissa from IEEE doubles. + (JSC::Uint16WithFraction::Uint16WithFraction): + - helper class, u16int with infinite precision fraction, used to convert + the fractional part of the number to a string. + (JSC::Uint16WithFraction::operator*=): + - Multiply by a uint16. + (JSC::Uint16WithFraction::operator<): + - Compare two Uint16WithFractions. + (JSC::Uint16WithFraction::floorAndSubtract): + - Extract the integer portion of the number, and subtract it (clears the integer portion). + (JSC::Uint16WithFraction::comparePoint5): + - Compare to 0.5. + (JSC::Uint16WithFraction::sumGreaterThanOne): + - Passed a second Uint16WithFraction, returns true if the result of adding + the two values would be greater than one. + (JSC::Uint16WithFraction::isNormalized): + - Used by ASSERTs to consistency check internal representation. + (JSC::BigInteger::BigInteger): + - helper class, unbounded integer value, used to convert the integer part + of the number to a string. + (JSC::BigInteger::divide): + - Divide this value through by a uint32. + (JSC::BigInteger::operator!): + - test for zero. + (JSC::toStringWithRadix): + - Performs number to string conversion, with the given radix (2..36). + (JSC::numberProtoFuncToString): + - Changed to use toStringWithRadix. + +2011-07-04 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=63881 + Need separate bytecodes for handling >, >= comparisons. + + Reviewed by Oliver Hunt. + + This clears the way to fix Bug#63880. We currently handle greater-than comparisons + as being using the corresponding op_less, etc opcodes. This is incorrect with + respect to evaluation ordering of the implicit conversions performed on operands - + we should be calling ToPrimitive on the LHS and RHS operands to the greater than, + but instead convert RHS then LHS. + + This patch adds opcodes for greater-than comparisons mirroring existing ones used + for less-than. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitJumpIfTrue): + (JSC::BytecodeGenerator::emitJumpIfFalse): + * bytecompiler/NodesCodegen.cpp: + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compare): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compare): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + * jit/JIT.h: + (JSC::JIT::emit_op_loop_if_greater): + (JSC::JIT::emitSlow_op_loop_if_greater): + (JSC::JIT::emit_op_loop_if_greatereq): + (JSC::JIT::emitSlow_op_loop_if_greatereq): + * jit/JITArithmetic.cpp: + (JSC::JIT::emit_op_jgreater): + (JSC::JIT::emit_op_jgreatereq): + (JSC::JIT::emit_op_jngreater): + (JSC::JIT::emit_op_jngreatereq): + (JSC::JIT::emitSlow_op_jgreater): + (JSC::JIT::emitSlow_op_jgreatereq): + (JSC::JIT::emitSlow_op_jngreater): + (JSC::JIT::emitSlow_op_jngreatereq): + (JSC::JIT::emit_compareAndJumpSlow): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emitBinaryDoubleOp): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + * parser/NodeConstructors.h: + (JSC::GreaterNode::GreaterNode): + (JSC::GreaterEqNode::GreaterEqNode): + * parser/Nodes.h: + +2011-07-03 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=63879 + Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq. + + Reviewed by Sam Weinig. + + There is a lot of copy & paste code here; we can reduce duplication by making + a shared implementation. + + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::branch32): + (JSC::MacroAssembler::commute): + - Make these function platform agnostic. + * assembler/MacroAssemblerX86Common.h: + - Moved branch32/commute up to MacroAssembler. + * jit/JIT.h: + (JSC::JIT::emit_op_loop_if_lesseq): + (JSC::JIT::emitSlow_op_loop_if_lesseq): + - Add an implementation matching that for op_loop_if_less, which just calls op_jless. + * jit/JITArithmetic.cpp: + (JSC::JIT::emit_op_jless): + (JSC::JIT::emit_op_jlesseq): + (JSC::JIT::emit_op_jnless): + (JSC::JIT::emit_op_jnlesseq): + (JSC::JIT::emitSlow_op_jless): + (JSC::JIT::emitSlow_op_jlesseq): + (JSC::JIT::emitSlow_op_jnless): + (JSC::JIT::emitSlow_op_jnlesseq): + - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64. + (JSC::JIT::emit_compareAndJump): + (JSC::JIT::emit_compareAndJumpSlow): + - Internal implmementation of jless etc for JSVALUE64. + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_compareAndJump): + (JSC::JIT::emit_compareAndJumpSlow): + - Internal implmementation of jless etc for JSVALUE32_64. + * jit/JITOpcodes.cpp: + * jit/JITOpcodes32_64.cpp: + * jit/JITStubs.cpp: + * jit/JITStubs.h: + - Remove old implementation of emit_op_loop_if_lesseq. + +2011-07-03 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r90347. + http://trac.webkit.org/changeset/90347 + https://bugs.webkit.org/show_bug.cgi?id=63886 + + Build breaks on Leopard, Chromium-win, WinCairo, and WinCE. + (Requested by tkent on #webkit). + + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/BigInteger.h: Removed. + * runtime/NumberPrototype.cpp: + (JSC::numberProtoFuncToPrecision): + (JSC::numberProtoFuncToString): + * runtime/Uint16WithFraction.h: Removed. + * wtf/MathExtras.h: + +2011-06-30 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=16652 + Firefox and JavaScriptCore differ in Number.toString(integer) + + Our arbitrary radix (2..36) toString conversion is inaccurate. + This is partly because it uses doubles to perform math that requires + higher accuracy, and partly becasue it does not attempt to correctly + detect where to terminate, instead relying on a simple 'epsilon'. + + * runtime/NumberPrototype.cpp: + (JSC::decomposeDouble): + - helper function to extract sign, exponent, mantissa from IEEE doubles. + (JSC::Uint16WithFraction::Uint16WithFraction): + - helper class, u16int with infinite precision fraction, used to convert + the fractional part of the number to a string. + (JSC::Uint16WithFraction::operator*=): + - Multiply by a uint16. + (JSC::Uint16WithFraction::operator<): + - Compare two Uint16WithFractions. + (JSC::Uint16WithFraction::floorAndSubtract): + - Extract the integer portion of the number, and subtract it (clears the integer portion). + (JSC::Uint16WithFraction::comparePoint5): + - Compare to 0.5. + (JSC::Uint16WithFraction::sumGreaterThanOne): + - Passed a second Uint16WithFraction, returns true if the result of adding + the two values would be greater than one. + (JSC::Uint16WithFraction::isNormalized): + - Used by ASSERTs to consistency check internal representation. + (JSC::BigInteger::BigInteger): + - helper class, unbounded integer value, used to convert the integer part + of the number to a string. + (JSC::BigInteger::divide): + - Divide this value through by a uint32. + (JSC::BigInteger::operator!): + - test for zero. + (JSC::toStringWithRadix): + - Performs number to string conversion, with the given radix (2..36). + (JSC::numberProtoFuncToString): + - Changed to use toStringWithRadix. + +2011-07-02 Gavin Barraclough <barraclough@apple.com> + + https://bugs.webkit.org/show_bug.cgi?id=63866 + DFG JIT - implement instanceof + + Reviewed by Sam Weinig. + + Add ops CheckHasInstance & InstanceOf to implement bytecodes + op_check_has_instance & op_instanceof. This is an initial + functional implementation, performance is a wash. We can + follow up with changes to fuse the InstanceOf node with + a subsequant branch, as we do with other comparisons. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::jitAssertIsCell): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::jitAssertIsCell): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-07-01 Oliver Hunt <oliver@apple.com> + + IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren() + https://bugs.webkit.org/show_bug.cgi?id=63732 + + Reviewed by Gavin Barraclough. + + Initialise the memory at the head of the new storage so that + GC is safe if triggered by reportExtraMemoryCost. + + * runtime/JSArray.cpp: + (JSC::JSArray::increaseVectorPrefixLength): + +2011-07-01 Oliver Hunt <oliver@apple.com> + + GC sweep can occur before an object is completely initialised + https://bugs.webkit.org/show_bug.cgi?id=63836 + + Reviewed by Gavin Barraclough. + + In rare cases it's possible for a GC sweep to occur while a + live, but not completely initialised object is on the stack. + In such a case we may incorrectly choose to mark it, even + though it has no children that need marking. + + We resolve this by always zeroing out the structure of any + value returned from JSCell::operator new(), and making the + markstack tolerant of a null structure. + + * runtime/JSCell.h: + (JSC::JSCell::JSCell::~JSCell): + (JSC::JSCell::JSCell::operator new): + * runtime/Structure.h: + (JSC::MarkStack::internalAppend): + +2011-07-01 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + DFG non-speculative JIT always performs slow C calls for div and mod. + https://bugs.webkit.org/show_bug.cgi?id=63684 + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + +2011-07-01 Juan C. Montemayor <jmont@apple.com> + + Reviewed by Oliver Hunt. + + Lexer error messages are currently appalling + https://bugs.webkit.org/show_bug.cgi?id=63340 + + Added error messages for the Lexer. These messages will be displayed + instead of the lexer error messages from the parser that are currently + shown. + + * parser/Lexer.cpp: + (JSC::Lexer::getInvalidCharMessage): + (JSC::Lexer::setCode): + (JSC::Lexer::parseString): + (JSC::Lexer::lex): + (JSC::Lexer::clear): + * parser/Lexer.h: + (JSC::Lexer::getErrorMessage): + (JSC::Lexer::setOffset): + * parser/Parser.cpp: + (JSC::Parser::parse): + +2011-07-01 Jungshik Shin <jshin@chromium.org> + + Reviewed by Alexey Proskuryakov. + + Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in + build files for ports not using ICU. + Add icu/unicode/uscript.h for ports using ICU. It's taken from + ICU 3.6 (the version used on Mac OS 10.5) + + http://bugs.webkit.org/show_bug.cgi?id=20797 + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * icu/unicode/uscript.h: Added for UScriptCode enum. + * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added. + * wtf/unicode/icu/UnicodeIcu.h: + * wtf/unicode/brew/UnicodeBrew.h: + * wtf/unicode/glib/UnicodeGLib.h: + * wtf/unicode/qt4/UnicodeQt4.h: + * wtf/unicode/wince/UnicodeWinCE.h: + +2011-07-01 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=63819 + Escaping of forwardslashes in strings incorrect if multiple exist. + + The bug is in the parameters passed to a substring - should be + start & length, but we're passing start & end indices! + + * runtime/RegExpObject.cpp: + (JSC::regExpObjectSource): + +2011-07-01 Adam Roben <aroben@apple.com> + + Roll out r90194 + http://trac.webkit.org/changeset/90194 + https://bugs.webkit.org/show_bug.cgi?id=63778 + + Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing + assertions in WriteBarrierBase<JSC::Structure>::get + + * runtime/JSCell.h: + (JSC::JSCell::JSCell::~JSCell): + +2011-06-30 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Add optimised paths for a few maths functions + https://bugs.webkit.org/show_bug.cgi?id=63757 + + Relanding as a Mac only patch. + + This adds specialised thunks for Math.abs, Math.round, Math.ceil, + Math.floor, Math.log, and Math.exp as they are apparently more + important in real web content than we thought, which is somewhat + mind-boggling. On average doubles the performance of the common + cases (eg. actually passing numbers in). They're not as efficient + as they could be, but this way gives them the most portability. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::supportsDoubleBitops): + (JSC::MacroAssemblerARM::andnotDouble): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::supportsDoubleBitops): + (JSC::MacroAssemblerARMv7::andnotDouble): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::andnotDouble): + (JSC::MacroAssemblerMIPS::supportsDoubleBitops): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::supportsDoubleBitops): + (JSC::MacroAssemblerSH4::andnotDouble): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::supportsDoubleBitops): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::andnotDouble): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::supportsDoubleBitops): + * assembler/X86Assembler.h: + (JSC::X86Assembler::andnpd_rr): + * create_hash_table: + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::finalize): + (JSC::SpecializedThunkJIT::callDoubleToDouble): + * jit/ThunkGenerators.cpp: + (JSC::floorThunkGenerator): + (JSC::ceilThunkGenerator): + (JSC::roundThunkGenerator): + (JSC::expThunkGenerator): + (JSC::logThunkGenerator): + (JSC::absThunkGenerator): + * jit/ThunkGenerators.h: + +2011-07-01 David Kilzer <ddkilzer@apple.com> + + <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp + + Fixes the following build error in clang: + + JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3] + map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0); + ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ + JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3] + map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0); + ^ + ( ) + fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"(" + fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")" + JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3] + map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0); + ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + 1 error generated. + + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the + tertiary expression evaluate first. + +2011-07-01 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r90177 and r90179. + http://trac.webkit.org/changeset/90177 + http://trac.webkit.org/changeset/90179 + https://bugs.webkit.org/show_bug.cgi?id=63790 + + It caused crashes on Qt in debug mode (Requested by Ossy on + #webkit). + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::rshift32): + (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): + (JSC::MacroAssemblerARM::sqrtDouble): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): + (JSC::MacroAssemblerARMv7::sqrtDouble): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::sqrtDouble): + (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::sqrtDouble): + * assembler/MacroAssemblerX86.h: + * assembler/MacroAssemblerX86Common.h: + * assembler/MacroAssemblerX86_64.h: + * assembler/X86Assembler.h: + * create_hash_table: + * jit/JSInterfaceJIT.h: + (JSC::JSInterfaceJIT::emitLoadDouble): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::finalize): + * jit/ThunkGenerators.cpp: + * jit/ThunkGenerators.h: + +2011-06-30 Oliver Hunt <oliver@apple.com> + + Reviewed by Beth Dakin. + + Make GC validation clear cell structure on destruction + https://bugs.webkit.org/show_bug.cgi?id=63778 + + * runtime/JSCell.h: + (JSC::JSCell::JSCell::~JSCell): + +2011-06-30 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Gavin Barraclough. + + Added write barrier that was missing from put_by_id_transition + https://bugs.webkit.org/show_bug.cgi?id=63775 + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a + MacroAssembler& argument so our patching functions could use it. + + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change. + + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCachePutByID): Missing barrier! + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): Updated for signature change. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier + because its meaning isn't clear -- maybe in the future we'll have a + clear way to pass all stores through a common function that guarantees + a write barrier, but that's not the case right now. + +2011-06-30 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + DFG non-speculative JIT does not reuse registers when compiling comparisons. + https://bugs.webkit.org/show_bug.cgi?id=63565 + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + (JSC::DFG::NonSpeculativeJIT::basicArithOp): + (JSC::DFG::NonSpeculativeJIT::compare): + +2011-06-30 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Gavin Barraclough. + + Added empty write barrier stubs in all the right places in the DFG JIT + https://bugs.webkit.org/show_bug.cgi?id=63764 + + SunSpider thinks this might be a 0.5% speedup. Meh. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub. + + (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special + for the case where base == scratch, since we now require base and scratch + to be not equal, for the sake of the write barrier. + + * dfg/DFGJITCodeGenerator.h: Le stub. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register + as the scratch register, since that's incompatible with the write barrier, + which needs a distinct base and scratch. + + Do put the global object into a register before loading its var storage, + since it needs to be in a register for the write barrier to operate on it. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emitWriteBarrier): Second verse, same as the first. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_get_scoped_var): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more + places. + + (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function + is a little more than meaningless. + + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_get_scoped_var): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more + places. + + (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function + is a little more than meaningless. + + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since + we put the global object in a register and only then load its var storage + by offset. + + (JSC::JIT::emitWriteBarrier): + +2011-06-30 Oliver Hunt <oliver@apple.com> + + Fix ARMv6 build + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::rshift32): + +2011-06-30 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Add optimised paths for a few maths functions + https://bugs.webkit.org/show_bug.cgi?id=63757 + + This adds specialised thunks for Math.abs, Math.round, Math.ceil, + Math.floor, Math.log, and Math.exp as they are apparently more + important in real web content than we thought, which is somewhat + mind-boggling. On average doubles the performance of the common + cases (eg. actually passing numbers in). They're not as efficient + as they could be, but this way gives them the most portability. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::supportsDoubleBitops): + (JSC::MacroAssemblerARM::andnotDouble): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::supportsDoubleBitops): + (JSC::MacroAssemblerARMv7::andnotDouble): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::andnotDouble): + (JSC::MacroAssemblerMIPS::supportsDoubleBitops): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::supportsDoubleBitops): + (JSC::MacroAssemblerSH4::andnotDouble): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::supportsDoubleBitops): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::andnotDouble): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::supportsDoubleBitops): + * assembler/X86Assembler.h: + (JSC::X86Assembler::andnpd_rr): + * create_hash_table: + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::finalize): + (JSC::SpecializedThunkJIT::callDoubleToDouble): + * jit/ThunkGenerators.cpp: + (JSC::floorThunkGenerator): + (JSC::ceilThunkGenerator): + (JSC::roundThunkGenerator): + (JSC::expThunkGenerator): + (JSC::logThunkGenerator): + (JSC::absThunkGenerator): + * jit/ThunkGenerators.h: + +2011-06-30 Cary Clark <caryclark@google.com> + + Reviewed by James Robinson. + + Use Skia if Skia on Mac Chrome is enabled + https://bugs.webkit.org/show_bug.cgi?id=62999 + + * wtf/Platform.h: + Add switch to use Skia if, externally, + Skia has been enabled by a gyp define. + +2011-06-30 Juan C. Montemayor <jmont@apple.com> + + Reviewed by Geoffrey Garen. + + Web Inspector fails to display source for eval with syntax error + https://bugs.webkit.org/show_bug.cgi?id=63583 + + Web Inspector now displays a link to an eval statement that contains + a syntax error. + + * parser/Parser.h: + (JSC::isEvalNode): + (JSC::EvalNode): + (JSC::Parser::parse): + +2011-06-30 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + X86Assembler does not encode byte registers in 64-bit mode correctly. + https://bugs.webkit.org/show_bug.cgi?id=63665 + + * assembler/X86Assembler.h: + (JSC::X86Assembler::testb_rr): + (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8): + +2011-06-30 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r90102. + http://trac.webkit.org/changeset/90102 + https://bugs.webkit.org/show_bug.cgi?id=63714 + + Lots of tests asserting beneath + SVGSMILElement::findInstanceTime (Requested by aroben on + #webkit). + + * wtf/StdLibExtras.h: + (WTF::binarySearch): + +2011-06-30 Oliver Varga <Varga.Oliver@stud.u-szeged.hu> + + Reviewed by Nikolas Zimmermann. + + Speed up SVGSMILElement::findInstanceTime. + https://bugs.webkit.org/show_bug.cgi?id=61025 + + Add a new parameter to StdlibExtras.h::binarySerarch function + to also handle cases when the array does not contain the key value. + This is needed for an svg function. + + * wtf/StdLibExtras.h: + (WTF::binarySearch): + +2011-06-29 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + https://bugs.webkit.org/show_bug.cgi?id=63669 + DFG JIT - fix spectral-norm regression + + The problem is a mis-speculation leading to us falling off the speculative path. + Make the speculation logic slightly smarter, don't predict int if one of the + operands is already loaded as a double (we use this logic already for compares). + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): + +2011-06-29 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + DFG JIT does not do put_by_id transition caching. + https://bugs.webkit.org/show_bug.cgi?id=63662 + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addPropertyAccess): + * dfg/DFGRepatch.cpp: + (JSC::DFG::testPrototype): + (JSC::DFG::tryCachePutByID): + +2011-06-29 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Added a dummy write barrier emitting function in all the right places in the old JIT + https://bugs.webkit.org/show_bug.cgi?id=63667 + + SunSpider reports no change. + + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emit_op_put_scoped_var): Do it. + + (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register + for the sake of the write barrier. + + (JSC::JIT::emitWriteBarrier): Empty for now. Not for long! + + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_put_by_val): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emit_op_put_scoped_var): Do it. + + (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register + for the sake of the write barrier. + + (JSC::JIT::emitWriteBarrier): Empty for now. Not for long! + +2011-06-29 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + DFG JIT does not perform get_by_id self list caching. + https://bugs.webkit.org/show_bug.cgi?id=63605 + + * bytecode/StructureStubInfo.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::tryBuildGetByIDList): + (JSC::DFG::dfgBuildGetByIDList): + * dfg/DFGRepatch.h: + +2011-06-28 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + DFG JIT lacks array.length caching. + https://bugs.webkit.org/show_bug.cgi?id=63505 + + * bytecode/StructureStubInfo.h: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::tryAllocate): + (JSC::DFG::JITCodeGenerator::selectScratchGPR): + (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addPropertyAccess): + (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): + * dfg/DFGRegisterBank.h: + (JSC::DFG::RegisterBank::tryAllocate): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCacheGetByID): + +2011-06-28 Pierre Rossi <pierre.rossi@gmail.com> + + Reviewed by Eric Seidel. + + Warnings in JSC's JIT on 32 bit + https://bugs.webkit.org/show_bug.cgi?id=63259 + + Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies. + + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::emit_op_put_by_id): + +2011-06-28 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r89968. + http://trac.webkit.org/changeset/89968 + https://bugs.webkit.org/show_bug.cgi?id=63581 + + Broke chromium windows compile (Requested by jamesr on + #webkit). + + * wtf/Platform.h: + +2011-06-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Fix sampling build + https://bugs.webkit.org/show_bug.cgi?id=63579 + + Gets opcode sampling building again, doesn't seem to work alas + + * bytecode/SamplingTool.cpp: + (JSC::SamplingTool::notifyOfScope): + * bytecode/SamplingTool.h: + (JSC::SamplingTool::SamplingTool): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::enableSampler): + * runtime/Executable.h: + (JSC::ScriptExecutable::ScriptExecutable): + +2011-06-28 Cary Clark <caryclark@google.com> + + Reviewed by James Robinson. + + Use Skia if Skia on Mac Chrome is enabled + https://bugs.webkit.org/show_bug.cgi?id=62999 + + * wtf/Platform.h: + Add switch to use Skia if, externally, + Skia has been enabled by a gyp define. + +2011-06-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + ASSERT when launching debug builds with interpreter and jit enabled + https://bugs.webkit.org/show_bug.cgi?id=63566 + + Add appropriate guards to the various Executable's memory reporting + logic. + + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + +2011-06-28 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=63563 + DFG JIT - add support for double arith to speculative path + + Add integer support for div & mod, add double support for div, mod, + add, sub & mul, dynamically selecting based on operand types. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::FPRTemporary::FPRTemporary): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::assembler): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): + (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand): + (JSC::DFG::SpeculateDoubleOperand::index): + (JSC::DFG::SpeculateDoubleOperand::fpr): + +2011-06-28 Oliver Hunt <oliver@apple.com> + + Fix interpreter build. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + +2011-06-28 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=63561 + DFG JIT - don't always assume integer in relational compare + + If neither operand is known integer, or either is in double representation, + then at least use a function call (don't bail off the speculative path). + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleCall): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isDataFormatDouble): + (JSC::DFG::SpeculativeJIT::compareIsInteger): + +2011-06-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Make constant array optimisation less strict about what constitutes a constant + https://bugs.webkit.org/show_bug.cgi?id=63554 + + Now allow string constants in array literals to actually be considered constant, + and so avoid codegen in array literals with strings in them. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addConstantBuffer): + (JSC::CodeBlock::constantBuffer): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::addConstantBuffer): + (JSC::BytecodeGenerator::addStringConstant): + (JSC::BytecodeGenerator::emitNewArray): + * bytecompiler/BytecodeGenerator.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + +2011-06-28 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=63560 + DFG_JIT allow allocation of specific machine registers + + This allow us to allocate the registers necessary to perform x86 + idiv instructions for div/mod, and may be useful for shifts, too. + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::GPRTemporary::GPRTemporary): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::allocate): + (JSC::DFG::GPRResult::GPRResult): + * dfg/DFGRegisterBank.h: + (JSC::DFG::RegisterBank::allocateSpecific): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isInteger): + +2011-06-28 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=55040 + RegExp constructor returns the argument regexp instead of a new object + + Per 15.10.3.1, our current behaviour is correct if called as a function, + but incorrect when called as a constructor. + + * runtime/RegExpConstructor.cpp: + (JSC::constructRegExp): + (JSC::constructWithRegExpConstructor): + * runtime/RegExpConstructor.h: + +2011-06-28 Luke Macpherson <macpherson@chromium.org> + + Reviewed by Darin Adler. + + Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits. + https://bugs.webkit.org/show_bug.cgi?id=63469 + + * wtf/MathExtras.h: + (defaultMinimumForClamp): + Version of std::numeric_limits::min() that returns the largest negative value for floating point types. + (defaultMaximumForClamp): + Symmetric alias for std::numeric_limits::max() + (clampTo): + New templated clamping function that supports arbitrary output types. + (clampToInteger): + Use new clampTo template. + (clampToFloat): + Use new clampTo template. + (clampToPositiveInteger): + Use new clampTo template. + +2011-06-28 Adam Roben <aroben@apple.com> + + Windows Debug build fix after r89885 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported + JSGlobalData::releaseExecutableMemory for jsc.exe's benefit. + +2011-06-28 Shinya Kawanaka <shinyak@google.com> + + Reviewed by Kent Tamura. + + Add const to show() method in WTFString and AtomicString. + https://bugs.webkit.org/show_bug.cgi?id=63515 + + The lack of const in show() method is painful when + doing something like printf-debug. + + * wtf/text/AtomicString.cpp: + (WTF::AtomicString::show): + * wtf/text/AtomicString.h: + * wtf/text/WTFString.cpp: + (String::show): + * wtf/text/WTFString.h: + +2011-06-27 Ryosuke Niwa <rniwa@webkit.org> + + Build fix attempt after r89885. + + * JavaScriptCore.exp: + * jsc.cpp: + +2011-06-27 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Support throwing away non-running code even while other code is running + https://bugs.webkit.org/show_bug.cgi?id=63485 + + Add a function to CodeBlock to support unlinking direct linked callsites, + and then with that in place add logic to discard code from any function + that is not currently on the stack. + + The unlinking completely reverts any optimized call sites, such that they + may be relinked again in future. + + * JavaScriptCore.exp: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::unlinkCalls): + (JSC::CodeBlock::clearEvalCache): + * bytecode/CodeBlock.h: + (JSC::CallLinkInfo::CallLinkInfo): + (JSC::CallLinkInfo::unlink): + * bytecode/EvalCodeCache.h: + (JSC::EvalCodeCache::clear): + * heap/Heap.cpp: + (JSC::Heap::getConservativeRegisterRoots): + * heap/Heap.h: + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JIT.h: + * jit/JITCall.cpp: + (JSC::JIT::compileOpCall): + * jit/JITWriteBarrier.h: + (JSC::JITWriteBarrierBase::clear): + * jsc.cpp: + (GlobalObject::GlobalObject): + (functionReleaseExecutableMemory): + * runtime/Executable.cpp: + (JSC::EvalExecutable::unlinkCalls): + (JSC::ProgramExecutable::unlinkCalls): + (JSC::FunctionExecutable::discardCode): + (JSC::FunctionExecutable::unlinkCalls): + * runtime/Executable.h: + * runtime/JSGlobalData.cpp: + (JSC::SafeRecompiler::returnValue): + (JSC::SafeRecompiler::operator()): + (JSC::JSGlobalData::releaseExecutableMemory): + +2011-06-27 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Darin Adler & Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=50554 + RegExp.prototype.toString does not escape slashes + + The problem here is that we don't escape forwards slashes when converting + a RegExp to a string. This means that RegExp("/").toString() is "///", + which is not a valid RegExp literal. Also, we return an invalid literal + for RegExp.prototype.toString() ("//", which is an empty single-line comment). + + From ES5: + "NOTE: The returned String has the form of a RegularExpressionLiteral that + evaluates to another RegExp object with the same behaviour as this object." + + * runtime/RegExpObject.cpp: + (JSC::regExpObjectSource): + - Escape forward slashes when getting the source of a RegExp. + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncToString): + - Remove unnecessary and erroneous hack to return "//" as the string + representation of RegExp.prototype. This is not a valid RegExp literal + (it is an empty single-line comment). + +2011-06-27 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=63497 + Add DEBUG_WITH_BREAKPOINT support to the DFG JIT. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-06-27 Juan C. Montemayor <jmont@apple.com> + + Reviewed by Mark Rowe. + + Indirectly including TextPosition.h and XPathGrammar.h causes compile errors + https://bugs.webkit.org/show_bug.cgi?id=63392 + + When both TextPosition.h and XPathGrammar.h are included a compile-error + is caused, since XPathGrammar.h defines a macro called NUMBER and + TextPosition has a typedef named NUMBER. + + * wtf/text/TextPosition.h: + (WTF::TextPosition::TextPosition): + (WTF::TextPosition::minimumPosition): + (WTF::TextPosition::belowRangePosition): + +2011-06-27 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + DFG JIT does not perform put_by_id caching. + https://bugs.webkit.org/show_bug.cgi?id=63409 + + * bytecode/StructureStubInfo.h: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::cachedPutById): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addPropertyAccess): + (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGRepatch.cpp: + (JSC::DFG::dfgRepatchByIdSelfAccess): + (JSC::DFG::tryCacheGetByID): + (JSC::DFG::appropriatePutByIdFunction): + (JSC::DFG::tryCachePutByID): + (JSC::DFG::dfgRepatchPutByID): + * dfg/DFGRepatch.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-06-27 Gustavo Noronha Silva <gns@gnome.org> + + Unreviewed build fix. One more filed missing during distcheck, for + the MIPS build. + + * GNUmakefile.list.am: + +2011-06-26 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations. + https://bugs.webkit.org/show_bug.cgi?id=63347 + + * dfg/DFGNonSpeculativeJIT.cpp: + - Changed arithmetic operations to speculate in favor of integers. + (JSC::DFG::NonSpeculativeJIT::valueToNumber): + (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): + (JSC::DFG::NonSpeculativeJIT::basicArithOp): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + * dfg/DFGOperations.cpp: + - Added slow-path routines for arithmetic that perform no speculation; the + non-speculative JIT will generate calls to these in cases where its + speculation fails. + * dfg/DFGOperations.h: + +2011-06-24 Nikolas Zimmermann <nzimmermann@rim.com> + + Reviewed by Rob Buis. + + Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts + https://bugs.webkit.org/show_bug.cgi?id=59085 + + * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS. + +2011-06-24 Michael Saboff <msaboff@apple.com> + + Reviewed by Gavin Barraclough. + + Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub + https://bugs.webkit.org/show_bug.cgi?id=63345 + + The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10 + return 9 and 10 bit quantities, therefore changed their return type from + uint8_t to uint16_t. Also casted the places where they are used as they + are currently shifted and used as 7 or 8 bit values. + + These methods are currently used for literals for stack offsets, + including creating and destroying stack frames. The prior truncation of + the upper bits caused stack frames to be too small, thus allowing a + JIT'ed function to access and overwrite stack space outside of the + incorrectly sized stack frame. + + * assembler/ARMv7Assembler.h: + (JSC::ARMThumbImmediate::getUInt9): + (JSC::ARMThumbImmediate::getUInt10): + (JSC::ARMv7Assembler::add): + (JSC::ARMv7Assembler::ldr): + (JSC::ARMv7Assembler::str): + (JSC::ARMv7Assembler::sub): + (JSC::ARMv7Assembler::sub_S): + +2011-06-24 Michael Saboff <msaboff@apple.com> + + Reviewed by Geoffrey Garen. + + releaseFastMallocFreeMemory doesn't adjust free counts for scavenger + https://bugs.webkit.org/show_bug.cgi?id=63015 + + Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and + min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList(). These + adjustments are a bug. These need to reflect the pages that are released + in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well. + Made ReleaseFreeList a member of TCMalloc_PageHeap in the process. Updated + Check() and helper method CheckList() to check the number of actual free pages + with free_committed_pages_. + + The symptom of the problem of the existing code is that the scavenger may + run unneccesarily without any real work to do, i.e. pages on the free lists. + The scanvenger would also end up freeing too many pages, that is going below + the current 528 target free pages. + + Note that the style of the changes was kept consistent with the + existing style. + + * wtf/FastMalloc.cpp: + (WTF::TCMalloc_PageHeap::Check): + (WTF::TCMalloc_PageHeap::CheckList): + (WTF::TCMalloc_PageHeap::ReleaseFreeList): + +2011-06-24 Abhishek Arya <inferno@chromium.org> + + Reviewed by Darin Adler. + + Match other clampTo* functions in style with clampToInteger(float) + function. + https://bugs.webkit.org/show_bug.cgi?id=53449 + + * wtf/MathExtras.h: + (clampToInteger): + (clampToFloat): + (clampToPositiveInteger): + +2011-06-24 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r89594. + http://trac.webkit.org/changeset/89594 + https://bugs.webkit.org/show_bug.cgi?id=63316 + + It broke 5 tests on the Qt bot (Requested by Ossy_DC on + #webkit). + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * icu/unicode/uscript.h: Removed. + * wtf/unicode/ScriptCodesFromICU.h: Removed. + * wtf/unicode/brew/UnicodeBrew.h: + * wtf/unicode/glib/UnicodeGLib.h: + * wtf/unicode/icu/UnicodeIcu.h: + * wtf/unicode/qt4/UnicodeQt4.h: + * wtf/unicode/wince/UnicodeWinCE.h: + +2011-06-23 Filip Pizlo <fpizlo@apple.com> + + Reviewed by Gavin Barraclough. + + DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal + https://bugs.webkit.org/show_bug.cgi?id=63173 + + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::cachedGetById): + * dfg/DFGJITCodeGenerator.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-06-23 Oliver Hunt <oliver@apple.com> + + Fix Qt again. + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::readPointer): + +2011-06-23 Oliver Hunt <oliver@apple.com> + + Fix Qt Build + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::readPointer): + +2011-06-23 Stephanie Lewis <slewis@apple.com> + + Reviewed by Darin Adler. + + https://bugs.webkit.org/show_bug.cgi?id=63298 + Replace Malloc with FastMalloc to match the rest of wtf. + + * wtf/BlockStack.h: + (WTF::::~BlockStack): + (WTF::::grow): + (WTF::::shrink): + +2011-06-23 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Add the ability to dynamically modify linked call sites + https://bugs.webkit.org/show_bug.cgi?id=63291 + + Add JITWriteBarrier as a writebarrier class that allows + reading and writing directly into the code stream. + + This required adding logic to all the assemblers to allow + us to read values back out of the instruction stream. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::readPointer): + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::readPointer): + (JSC::ARMv7Assembler::readInt32): + (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst): + (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond): + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::readPointer): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::readInt32): + (JSC::MIPSAssembler::readPointer): + * assembler/MacroAssemblerCodeRef.h: + (JSC::MacroAssemblerCodePtr::operator!): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::readPCrelativeAddress): + (JSC::SH4Assembler::readPointer): + (JSC::SH4Assembler::readInt32): + * assembler/X86Assembler.h: + (JSC::X86Assembler::readPointer): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeBlock.h: + (JSC::MethodCallLinkInfo::seenOnce): + (JSC::MethodCallLinkInfo::setSeen): + * heap/MarkStack.h: + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + (JSC::JIT::linkCall): + (JSC::JIT::linkConstruct): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::patchMethodCallProto): + * jit/JITPropertyAccess32_64.cpp: + * jit/JITWriteBarrier.h: Added. + (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*): + (JSC::JITWriteBarrierBase::operator!): + (JSC::JITWriteBarrierBase::setFlagOnBarrier): + (JSC::JITWriteBarrierBase::isFlagged): + (JSC::JITWriteBarrierBase::setLocation): + (JSC::JITWriteBarrierBase::location): + (JSC::JITWriteBarrierBase::JITWriteBarrierBase): + (JSC::JITWriteBarrierBase::set): + (JSC::JITWriteBarrierBase::get): + (JSC::JITWriteBarrier::JITWriteBarrier): + (JSC::JITWriteBarrier::set): + (JSC::JITWriteBarrier::get): + (JSC::MarkStack::append): + +2011-06-23 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=61585 + Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/ + + This is due to use of int instead of unsigned, bad math around + the 2^31 boundary. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::ByteCompiler::emitDisjunction): + - Change some uses of int to unsigned, refactor compare logic to + restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1). + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::generate): + (JSC::Yarr::YarrGenerator::backtrack): + - Ditto. + +2011-06-22 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=63218 + DFG JIT - remove machine type guarantees from graph + + The DFG JIT currently makes assumptions about the types of machine registers + that certain nodes will be loaded into. This will be broken as we generate + nodes to produce both integer and double code paths. Remove int<->double + conversions nodes. This design decision also gave rise to multiple types of + constant nodes, requiring separate handling for each type. Merge these back + into JSConstant. + + * dfg/DFGAliasTracker.h: + (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getToInt32): + (JSC::DFG::ByteCodeParser::getToNumber): + (JSC::DFG::ByteCodeParser::toInt32): + (JSC::DFG::ByteCodeParser::toNumber): + (JSC::DFG::ByteCodeParser::isInt32Constant): + (JSC::DFG::ByteCodeParser::isDoubleConstant): + (JSC::DFG::ByteCodeParser::valueOfInt32Constant): + (JSC::DFG::ByteCodeParser::valueOfDoubleConstant): + (JSC::DFG::ByteCodeParser::one): + (JSC::DFG::ByteCodeParser::predictInt32): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::silentFillFPR): + (JSC::DFG::JITCodeGenerator::isJSConstant): + (JSC::DFG::JITCodeGenerator::isDoubleConstant): + (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::JITCompiler::fillInt32ToInteger): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::isJSConstant): + (JSC::DFG::JITCompiler::isInt32Constant): + (JSC::DFG::JITCompiler::isDoubleConstant): + (JSC::DFG::JITCompiler::valueOfJSConstant): + (JSC::DFG::JITCompiler::valueOfInt32Constant): + (JSC::DFG::JITCompiler::valueOfDoubleConstant): + * dfg/DFGNode.h: + (JSC::DFG::Node::Node): + (JSC::DFG::Node::isConstant): + (JSC::DFG::Node::notTakenBytecodeOffset): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::isKnownInteger): + (JSC::DFG::NonSpeculativeJIT::isKnownNumeric): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + (JSC::DFG::SpeculativeJIT::compile): + +2011-06-23 Jungshik Shin <jshin@chromium.org> + + Reviewed by Alexey Proskuryakov. + + Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in + build files for ports not using ICU. + Add icu/unicode/uscript.h for ports using ICU. It's taken from + ICU 3.6 (the version used on Mac OS 10.5) + + http://bugs.webkit.org/show_bug.cgi?id=20797 + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * icu/unicode/uscript.h: Added for UScriptCode enum. + * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added. + * wtf/unicode/icu/UnicodeIcu.h: + * wtf/unicode/brew/UnicodeBrew.h: + * wtf/unicode/glib/UnicodeGLib.h: + * wtf/unicode/qt4/UnicodeQt4.h: + * wtf/unicode/wince/UnicodeWinCE.h: + +2011-06-23 Ryuan Choi <ryuan.choi@samsung.com> + + Reviewed by Andreas Kling. + + [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS. + https://bugs.webkit.org/show_bug.cgi?id=63228 + + * wtf/Platform.h: Add PLATFORM(EFL) guard. + +2011-06-23 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r89547. + http://trac.webkit.org/changeset/89547 + https://bugs.webkit.org/show_bug.cgi?id=63252 + + "Chrmium crash on start" (Requested by yurys on #webkit). + + * wtf/DynamicAnnotations.cpp: + (WTFAnnotateBenignRaceSized): + (WTFAnnotateHappensBefore): + (WTFAnnotateHappensAfter): + * wtf/DynamicAnnotations.h: + +2011-06-23 Timur Iskhodzhanov <timurrrr@google.com> + + Reviewed by David Levin. + + Make dynamic annotations weak symbols and prevent identical code folding by the linker + https://bugs.webkit.org/show_bug.cgi?id=62443 + + * wtf/DynamicAnnotations.cpp: + (WTFAnnotateBenignRaceSized): + (WTFAnnotateHappensBefore): + (WTFAnnotateHappensAfter): + * wtf/DynamicAnnotations.h: + +2011-06-22 Yael Aharon <yael.aharon@nokia.com> + + Reviewed by Andreas Kling. + + [Qt] Add a build flag for building with libxml2 and libxslt. + https://bugs.webkit.org/show_bug.cgi?id=63113 + + * wtf/Platform.h: + +2011-06-22 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r89489. + http://trac.webkit.org/changeset/89489 + https://bugs.webkit.org/show_bug.cgi?id=63203 + + Broke chromium mac build on build.webkit.org (Requested by + abarth on #webkit). + + * wtf/Platform.h: + +2011-06-22 Cary Clark <caryclark@google.com> + + Reviewed by Darin Fisher. + + Use Skia if Skia on Mac Chrome is enabled + https://bugs.webkit.org/show_bug.cgi?id=62999 + + * wtf/Platform.h: + Add switch to use Skia if, externally, + Skia has been enabled by a gyp define. + +2011-06-22 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>. + +2011-06-22 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed the conceit that global variables are local variables when running global code + https://bugs.webkit.org/show_bug.cgi?id=63106 + + This is required for write barrier correctness. + + SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js. + I was able to reduce the regression with a tiny peephole optimization in + the bytecompiler, but not eliminate it. I'm committing this assuming + that turning on generational GC will win back at least 0.5%. + + (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of + the global object's var storage. I considered doing the same kind of + optimization in the existing JIT, but it seemed like moving in the wrong + direction.) + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::addGlobalVar): + (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables + negative indices, since they're no longer negatively offset from the + current stack frame. + + Do give global variables monotonically increasing positive indices, since + that's much easier to work with. + + Don't limit the number of optimizable global variables, since it's no + longer limited by the register file, since they're no longer stored in + the register file. + + (JSC::BytecodeGenerator::registerFor): Global code never has any local + registers because a var in global code is actually a property of the + global object. + + (JSC::BytecodeGenerator::constRegisterFor): Ditto. + + (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant + propagation and dead code elimination to speed up our compiles and + reduce WTFs / minute. + + * bytecompiler/BytecodeGenerator.h: + (JSC::BytecodeGenerator::registerFor): Removed special handling of globals. + + (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in + global code, since there are none. + + (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals + in global code (i.e., global vars), since there are some. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + (JSC::Interpreter::Interpreter): + (JSC::Interpreter::dumpRegisters): + (JSC::Interpreter::execute): + * interpreter/Interpreter.h: Updated for deleted / renamed code. + + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::gatherConservativeRoots): + (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed + data members. + + * interpreter/RegisterFile.h: + (JSC::RegisterFile::begin): + (JSC::RegisterFile::size): + (JSC::RegisterFile::RegisterFile): + (JSC::RegisterFile::shrink): Removed all code and comments dealing with + global variables stored in the register file. + + (JSC::RegisterFile::grow): Updated for same. + + Also, a slight correctness fix: Test the VM commit end, and not just the + in-use end, when checking for stack overflow. In theory, it's invalid to + commit past the end of your allocation, even if you never touch that + memory. This makes the usable size of the stack slightly smaller. No test + because we don't know of any case in practice where this crashes. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): Updated for changes above. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::resizeRegisters): + (JSC::JSGlobalObject::addStaticGlobals): + * runtime/JSGlobalObject.h: Simplified globals to have monotonically + increasing indexes, always located in our external storage. + +2011-06-21 MORITA Hajime <morrita@google.com> + + Unreviewed, rolling out r89401 and r89403. + http://trac.webkit.org/changeset/89401 + http://trac.webkit.org/changeset/89403 + https://bugs.webkit.org/show_bug.cgi?id=62970 + + Breaks mac build and mistakenly enables the spellcheck API + + * Configurations/FeatureDefines.xcconfig: + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-06-21 Kent Tamura <tkent@chromium.org> + + [Mac] Sort Xcode project files. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-06-20 MORITA Hajime <morrita@google.com> + + Reviewed by Kent Tamura. + + Spellcheck API should be build-able. + https://bugs.webkit.org/show_bug.cgi?id=62970 + + No new tests, changing only build related files + + * Configurations/FeatureDefines.xcconfig: + +2011-06-21 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Moved 'const' off the global-variable-as-local-variable crack pipe + https://bugs.webkit.org/show_bug.cgi?id=63105 + + This is necessary for moving the rest of the code off of same. + + Many problems remain in our handling of const. I have fixed none of them. + + * bytecompiler/BytecodeGenerator.h: + (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable + const to directly implement its unique scoping rules. + + * bytecompiler/NodesCodegen.cpp: + (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is + for writing, so we don't overwrite const variables. + + (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const + variables are available as local variables, since this won't be the case + once global variables are not available as local variables. Instead, use + put_scoped_var in the case where there is no local variable. Like a local + variable, put_scoped_var succeeds even though const properties are + read-only, since put_scoped_var skips read-only checks. (Yay?) + +2011-06-21 Oliver Hunt <oliver@apple.com> + + Reviewed by Alexey Proskuryakov. + + REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit). + https://bugs.webkit.org/show_bug.cgi?id=63052 + + Release mode only failure, the stack overflow guards were getting there error + handling inlined, so that they were essentially causing their own demise. + + * parser/JSParser.cpp: + (JSC::JSParser::updateErrorMessage): + (JSC::JSParser::updateErrorWithNameAndMessage): + +2011-06-20 Kenneth Russell <kbr@google.com> + + Unreviewed. + + Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms + https://bugs.webkit.org/show_bug.cgi?id=63022 + + * wtf/Platform.h: + +2011-06-18 Anders Carlsson <andersca@apple.com> + + Reviewed by Darin Adler. + + Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr + https://bugs.webkit.org/show_bug.cgi?id=62940 + + Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT. + + * wtf/PassOwnArrayPtr.h: + (WTF::PassOwnArrayPtr::operator=): + * wtf/PassOwnPtr.h: + (WTF::PassOwnPtr::operator=): + * wtf/PassRefPtr.h: + (WTF::PassRefPtr::operator=): + (WTF::NonNullPassRefPtr::operator=): + +2011-06-20 Oliver Hunt <oliver@apple.com> + + Reviewed by Darin Adler. + + REGRESSION (r79060): Searching for a flight at united.com fails + https://bugs.webkit.org/show_bug.cgi?id=63003 + + This original change also broke Twitter, and we attempted to refine the fix to + address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United, + we need to revert the change until we understand the problem better. + + * wtf/DateMath.cpp: + (WTF::parseDateFromNullTerminatedCharacters): + +2011-06-20 Juan C. Montemayor <jmont@apple.com> + + Reviewed by Oliver Hunt. + + No context for javascript parse errors. + https://bugs.webkit.org/show_bug.cgi?id=62613 + + Parse errors now show more details like: + "Unexpected token: ]" + or + "Expected token: while" + + For reserved names, numbers, indentifiers, strings, lexer errors, + and EOFs, the following error messages are printed: + + "Use of reserved word: super" + "Unexpected number: 42" + "Unexpected identifier: " + "Unexpected string: "foobar"" + "Invalid token character sequence: \u4023" + "Unexpected EOF" + + * parser/JSParser.cpp: + (JSC::JSParser::consume): + (JSC::JSParser::getToken): + (JSC::JSParser::getTokenName): + (JSC::JSParser::updateErrorMessageSpecialCase): + (JSC::JSParser::updateErrorMessage): + (JSC::JSParser::updateErrorWithNameAndMessage): + (JSC::jsParse): + (JSC::JSParser::JSParser): + (JSC::JSParser::parseProgram): + (JSC::JSParser::parseVarDeclarationList): + (JSC::JSParser::parseForStatement): + (JSC::JSParser::parseBreakStatement): + (JSC::JSParser::parseContinueStatement): + (JSC::JSParser::parseWithStatement): + (JSC::JSParser::parseTryStatement): + (JSC::JSParser::parseStatement): + (JSC::JSParser::parseFormalParameters): + (JSC::JSParser::parseFunctionInfo): + (JSC::JSParser::parseAssignmentExpression): + (JSC::JSParser::parsePrimaryExpression): + (JSC::JSParser::parseMemberExpression): + (JSC::JSParser::parseUnaryExpression): + * parser/JSParser.h: + * parser/Lexer.cpp: + (JSC::Lexer::lex): + * parser/Parser.cpp: + (JSC::Parser::parse): + +2011-06-20 Nikolas Zimmermann <nzimmermann@rim.com> + + Reviewed by Rob Buis. + + Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts + https://bugs.webkit.org/show_bug.cgi?id=59085 + + * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS. + +2011-06-19 Oliver Hunt <oliver@apple.com> + + Reviewed by Sam Weinig. + + Correct logic for putting errors on the correct line when handling JSONP + https://bugs.webkit.org/show_bug.cgi?id=62962 + + Minor fix for the minor fix. *sigh* + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + +2011-06-19 Oliver Hunt <oliver@apple.com> + + Minor fix to correct layout test results. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + +2011-06-17 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + JSONP is unnecessarily slow + https://bugs.webkit.org/show_bug.cgi?id=62920 + + JSONP has unfortunately become a fairly common idiom online, yet + it triggers very poor performance in JSC as we end up doing codegen + for a large number of property accesses that will + * only be run once, so the vast amount of logic we dump to handle + caching of accesses is unnecessary. + * We are doing codegen that is directly proportional to just + creating the object in the first place. + + This patch extends the use of the literal parser to JSONP-like structures + in global code, handling a number of different forms I have seen online. + In an extreme case this improves performance of JSONP by more than 2x + due to removal of code generation and execution time, and a few optimisations + that I made to the parser itself. + + * API/JSValueRef.cpp: + (JSValueMakeFromJSONString): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + (JSC::Interpreter::execute): + * parser/Lexer.cpp: + (JSC::Lexer::isKeyword): + * parser/Lexer.h: + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncEval): + * runtime/JSONObject.cpp: + (JSC::JSONProtoFuncParse): + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::tryJSONPParse): + (JSC::LiteralParser::makeIdentifier): + (JSC::LiteralParser::Lexer::lex): + (JSC::LiteralParser::Lexer::next): + (JSC::isSafeStringCharacter): + (JSC::LiteralParser::Lexer::lexString): + (JSC::LiteralParser::Lexer::lexNumber): + (JSC::LiteralParser::parse): + * runtime/LiteralParser.h: + (JSC::LiteralParser::LiteralParser): + (JSC::LiteralParser::tryLiteralParse): + (JSC::LiteralParser::Lexer::Lexer): + +2011-06-18 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r89184. + http://trac.webkit.org/changeset/89184 + https://bugs.webkit.org/show_bug.cgi?id=62927 + + It broke 22 tests on all bot (Requested by Ossy_weekend on + #webkit). + + * API/JSValueRef.cpp: + (JSValueMakeFromJSONString): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + (JSC::Interpreter::execute): + * parser/Lexer.cpp: + * parser/Lexer.h: + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncEval): + * runtime/JSONObject.cpp: + (JSC::JSONProtoFuncParse): + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::Lexer::lex): + (JSC::isSafeStringCharacter): + (JSC::LiteralParser::Lexer::lexString): + (JSC::LiteralParser::Lexer::lexNumber): + (JSC::LiteralParser::parse): + * runtime/LiteralParser.h: + (JSC::LiteralParser::LiteralParser): + (JSC::LiteralParser::tryLiteralParse): + (JSC::LiteralParser::Lexer::Lexer): + (JSC::LiteralParser::Lexer::next): + +2011-06-17 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + JSONP is unnecessarily slow + https://bugs.webkit.org/show_bug.cgi?id=62920 + + JSONP has unfortunately become a fairly common idiom online, yet + it triggers very poor performance in JSC as we end up doing codegen + for a large number of property accesses that will + * only be run once, so the vast amount of logic we dump to handle + caching of accesses is unnecessary. + * We are doing codegen that is directly proportional to just + creating the object in the first place. + + This patch extends the use of the literal parser to JSONP-like structures + in global code, handling a number of different forms I have seen online. + In an extreme case this improves performance of JSONP by more than 2x + due to removal of code generation and execution time, and a few optimisations + that I made to the parser itself. + + * API/JSValueRef.cpp: + (JSValueMakeFromJSONString): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + (JSC::Interpreter::execute): + * parser/Lexer.cpp: + (JSC::Lexer::isKeyword): + * parser/Lexer.h: + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncEval): + * runtime/JSONObject.cpp: + (JSC::JSONProtoFuncParse): + * runtime/LiteralParser.cpp: + (JSC::LiteralParser::tryJSONPParse): + (JSC::LiteralParser::makeIdentifier): + (JSC::LiteralParser::Lexer::lex): + (JSC::LiteralParser::Lexer::next): + (JSC::isSafeStringCharacter): + (JSC::LiteralParser::Lexer::lexString): + (JSC::LiteralParser::Lexer::lexNumber): + (JSC::LiteralParser::parse): + * runtime/LiteralParser.h: + (JSC::LiteralParser::LiteralParser): + (JSC::LiteralParser::tryLiteralParse): + (JSC::LiteralParser::Lexer::Lexer): + +2011-06-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Moved some property access JIT code into property access JIT files + https://bugs.webkit.org/show_bug.cgi?id=62906 + + * jit/JITOpcodes.cpp: + * jit/JITOpcodes32_64.cpp: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emitSlow_op_put_by_val): + (JSC::JIT::emit_op_get_scoped_var): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_get_global_var): + (JSC::JIT::emit_op_put_global_var): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_get_scoped_var): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_get_global_var): + (JSC::JIT::emit_op_put_global_var): + +2011-06-17 Anders Carlsson <andersca@apple.com> + + Build fix. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-06-17 Geoffrey Garen <ggaren@apple.com> + + Try to fix the Leopard build? + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-06-16 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Added some write barrier action, compiled out by default + https://bugs.webkit.org/show_bug.cgi?id=62844 + + * JavaScriptCore.exp: Build! + + * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build + issue with Heap.cpp. + + * heap/Heap.cpp: + (JSC::Heap::writeBarrierSlowCase): + * heap/Heap.h: + (JSC::Heap::writeBarrier): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::isAtomAligned): + (JSC::MarkedBlock::blockFor): + (JSC::MarkedBlock::atomNumber): + (JSC::MarkedBlock::ownerSetNumber): + (JSC::MarkedBlock::addOldSpaceOwner): + (JSC::MarkedBlock::OwnerSet::OwnerSet): + (JSC::MarkedBlock::OwnerSet::add): + (JSC::MarkedBlock::OwnerSet::clear): + (JSC::MarkedBlock::OwnerSet::size): + (JSC::MarkedBlock::OwnerSet::didOverflow): + (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that + tracks owners for regions within blocks. Currently unused. + +2011-06-17 Raphael Kubo da Costa <kubo@profusion.mobi> + + Reviewed by Eric Seidel. + + [EFL] Add some OwnPtr specializations for EFL types. + For now there are specializations for Ecore_Evas and Evas_Object. + https://bugs.webkit.org/show_bug.cgi?id=62877 + + * wtf/CMakeListsEfl.txt: + * wtf/OwnPtrCommon.h: + * wtf/efl/OwnPtrEfl.cpp: Added. + (WTF::deleteOwnedPtr): + +2011-06-17 Joone Hur <joone.hur@collabora.co.uk> + + Reviewed by Martin Robinson. + + [GTK] Replace GdkRectangle by cairo_rectangle_int_t + https://bugs.webkit.org/show_bug.cgi?id=60687 + + Replace GdkRectangle by cairo_rectangle_int_t. + + * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t. + +2011-06-16 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=53014 + ES5 strict mode keyword restrictions aren't implemented + + The following are future restricted words is strict mode code: + implements, interface, let, package, private, protected, public, static, yield + + * parser/JSParser.h: + - Add RESERVED_IF_STRICT token. + * parser/Keywords.table: + - Add new future restricted words. + * parser/Lexer.cpp: + (JSC::Lexer::parseIdentifier): + - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT. + (JSC::Lexer::lex): + - Pass strictMode flag to parseIdentifier. + * parser/Lexer.h: + - parseIdentifier needs a strictMode flag. + * runtime/CommonIdentifiers.h: + - Add identifiers for new reserved words. + +2011-06-16 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=23611 + Multiline Javascript comments cause incorrect parsing of following script. + + From the spec: + "A MultiLineComment [is] simply discarded if it contains no line terminator, + but if a MultiLineComment contains one or more line terminators, then it is + replaced with a single line terminator, which becomes part of the stream of + inputs for the syntactic grammar." + + This may result in behavioural changes, due to automatic semicolon insertion. + + * parser/Lexer.cpp: + (JSC::Lexer::parseMultilineComment): + - Set m_terminator is we see a line terminator in a multiline comment. + +2011-06-16 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=62824 + DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT + + CompareEq of non-integer values is the most common cause of speculation failure. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): + - Support Equals. + (JSC::DFG::SpeculativeJIT::compilePeepHoleEq): + - new! - peephole optimized Eq of JSValues. + (JSC::DFG::SpeculativeJIT::compile): + - Add peephole optimization for CompareEq. + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): + - Add support for dead nodes between compare & branch. + (JSC::DFG::SpeculativeJIT::isInteger): + - Added to determine which form of peephole to do in CompareEq. + +2011-06-16 Geoffrey Garen <ggaren@apple.com> + + Try to fix the Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another + symbol. + + * bytecode/EvalCodeCache.h: + * heap/HandleHeap.h: + * heap/HeapRootVisitor.h: + * heap/NewSpace.h: + * runtime/ArgList.h: + * runtime/ScopeChain.h: + * runtime/SmallStrings.h: + * runtime/Structure.h: Stop forward-declaring things that don't really + exist anymore. + +2011-06-16 Geoffrey Garen <ggaren@apple.com> + + Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode + project while crossing my fingers and facing west. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-06-16 Geoffrey Garen <ggaren@apple.com> + + Build fix: Removed an incorrect symbol on Windows. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-06-16 Geoffrey Garen <ggaren@apple.com> + + Build fix: Removed an accidental commit from the future. + + * CMakeLists.txt: + +2011-06-16 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Introduced SlotVisitor into the project + https://bugs.webkit.org/show_bug.cgi?id=62820 + + This resolves a class vs typedef forward declaration issue, and gives all + exported symbols the correct names. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.xcodeproj/project.pbxproj: Build! + + * bytecode/EvalCodeCache.h: + * heap/HandleHeap.h: + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::markRoots): + * heap/Heap.h: + * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no + clients operate on a MarkStack. + + * heap/MarkStack.cpp: + (JSC::SlotVisitor::visitChildren): + (JSC::SlotVisitor::drain): + * heap/SlotVisitor.h: Added. + (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy + inheritance to give SlotVisitor all the attributes of MarkStack without + making this change giant. Over time, we will move more behavior into + SlotVisitor and its subclasses. + + * heap/MarkStack.h: + * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no + clients operate on a MarkStack. + + * runtime/ArgList.h: + * runtime/JSCell.h: + * runtime/JSObject.h: + * runtime/ScopeChain.h: + * runtime/SmallStrings.h: + * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no + clients operate on a MarkStack. + +2011-06-15 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Reduce memory usage of resolve_global + https://bugs.webkit.org/show_bug.cgi?id=62765 + + If we have a large number of resolve_globals in a single + block start planting plain resolve instructions instead + whenever we aren't in a loop. This allows us to reduce + the code size for extremely large functions without + losing the performance benefits of op_resolve_global. + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::globalResolveInfoCount): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::shouldAvoidResolveGlobal): + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveWithBase): + * bytecompiler/BytecodeGenerator.h: + +2011-06-16 Qi Zhang <qi.2.zhang@nokia.com> + + Reviewed by Laszlo Gombos. + + [Qt] Fix building with CONFIG(use_system_icu) + https://bugs.webkit.org/show_bug.cgi?id=62744 + + Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set. + + * wtf/Platform.h: + +2011-06-15 Darin Adler <darin@apple.com> + + Reviewed by Adam Barth. + + Remove obsolete LOOSE_OWN_PTR code + https://bugs.webkit.org/show_bug.cgi?id=59909 + + The internal Apple dependency on this is gone now. + + * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer, + set function that takes a raw pointer. + + * wtf/OwnPtr.h: Removed constructor that takes a raw pointer, + set functino that takes a raw pointer. + + * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr + and assignment operator that takes a nullptr unconditional. + Made constructor that takes a raw pointer private and explicit, + and removed assignment operator that takes a raw pointer. + + * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr + unconditional. Made constructor that takes a raw pointer private + and explicit, and removed assignment operator that takes a raw pointer. + +2011-06-15 Sam Weinig <sam@webkit.org> + + Reviewed by Geoffrey Garen and Gavin Barraclough. + + Make access-nseive ~9x faster on the non-speculative path by + adding special casing for doubles that can lossless-ly be converted + to a uint32_t in getByVal and putByVal. This avoids calls to stringification + and the hash lookup. Long term, we should try and get property of a getByVal + and putByVal to be an integer immediate even in the non-speculative path. + + * dfg/DFGOperations.cpp: + (JSC::DFG::putByVal): + (JSC::DFG::operationPutByValInternal): + +2011-06-15 Oliver Hunt <oliver@apple.com> + + Reviewed by Darin Adler. + + REGRESSION (r88719): 5by5.tv schedule is not visible + https://bugs.webkit.org/show_bug.cgi?id=62720 + + Problem here is that the lexer wasn't considering '$' to be + a valid character in an identifier. + + * parser/Lexer.h: + (JSC::Lexer::lexExpectIdentifier): + +2011-06-15 Oliver Hunt <oliver@apple.com> + + Reviewed by Sam Weinig. + + Reduce the size of global_resolve + https://bugs.webkit.org/show_bug.cgi?id=62738 + + Reduce the code size of global_resolve in the JIT by replacing + multiple pointer loads with a single pointer move + two offset + loads. + + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_resolve_global): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_resolve_global): + +2011-06-14 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Dan Bernstein. + + Fixed an inavlid ASSERT I found while investigating + <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92 + https://bugs.webkit.org/show_bug.cgi?id=62699 + + No test since we don't know of a way to get WebCore to deallocate the + next-to-finalize handle, which is also the last handle in the list, + while finalizing the second-to-last handle in the list. + + * heap/HandleHeap.h: + (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a + non-0 next() after updating it, since it is valid to update m_nextToFinalize + to point to the tail sentinel. + + Do ASSERT that m_nextToFinalize has a non-0 next() before updating it, + since it is not valid to update m_nextToFinalize to point past the tail + sentinel. + + Also, use m_nextToFinalize consistently for clarity. + +2011-06-14 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=43841 + SegmentedVector::operator== typo + + * wtf/SegmentedVector.h: + (WTF::SegmentedVectorIterator::operator==): + (WTF::SegmentedVectorIterator::operator!=): + +2011-06-14 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Constant array literals result in unnecessarily large amounts of code + https://bugs.webkit.org/show_bug.cgi?id=62658 + + Add a new version of op_new_array that simply copies values from a buffer + we hang off of the CodeBlock, rather than generating code to place each + entry into the registerfile, and then copying it from the registerfile into + the array. This is a slight improvement on some sunspider tests, but no + measurable overall change. That's okay though as our goal was to reduce + code size without hurting performance. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addImmediateBuffer): + (JSC::CodeBlock::immediateBuffer): + * bytecode/Opcode.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::addImmediateBuffer): + (JSC::BytecodeGenerator::emitNewArray): + * bytecompiler/BytecodeGenerator.h: + * bytecompiler/NodesCodegen.cpp: + (JSC::ArrayNode::emitBytecode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_array): + (JSC::JIT::emit_op_new_array_buffer): + * jit/JITOpcodes32_64.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + +2011-06-14 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r88841. + http://trac.webkit.org/changeset/88841 + https://bugs.webkit.org/show_bug.cgi?id=62672 + + Caused many tests to crash (Requested by rniwa on #webkit). + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/CodeBlock.h: + * bytecode/Opcode.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitNewArray): + * bytecompiler/BytecodeGenerator.h: + * bytecompiler/NodesCodegen.cpp: + (JSC::ArrayNode::emitBytecode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_array): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_new_array): + * jit/JITStubs.cpp: + * jit/JITStubs.h: + +2011-06-14 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Constant array literals result in unnecessarily large amounts of code + https://bugs.webkit.org/show_bug.cgi?id=62658 + + Add a new version of op_new_array that simply copies values from a buffer + we hang off of the CodeBlock, rather than generating code to place each + entry into the registerfile, and then copying it from the registerfile into + the array. This is a slight improvement on some sunspider tests, but no + measurable overall change. That's okay though as our goal was to reduce + code size without hurting performance. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addImmediateBuffer): + (JSC::CodeBlock::immediateBuffer): + * bytecode/Opcode.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::addImmediateBuffer): + (JSC::BytecodeGenerator::emitNewArray): + * bytecompiler/BytecodeGenerator.h: + * bytecompiler/NodesCodegen.cpp: + (JSC::ArrayNode::emitBytecode): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_array): + (JSC::JIT::emit_op_new_array_buffer): + * jit/JITOpcodes32_64.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + +2011-06-14 Stephanie Lewis <slewis@apple.com> + + Rubber stamped by Oliver Hunt. + + <rdar://problem/9511169> + Update order files. + + * JavaScriptCore.order: + +2011-06-14 Sam Weinig <sam@webkit.org> + + Reviewed by Geoffrey Garen. + + Fix dumping of constants to have the correct constant number. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + +2011-06-14 Benjamin Poulain <benjamin@webkit.org> + + Reviewed by Eric Seidel. + + KeywordLookupGenerator's Trie does not work with Python 3 + https://bugs.webkit.org/show_bug.cgi?id=62635 + + With Python 3, dict.items() return an iterator. Since the iterator + protocol changed between Python 2 and 3, the easiest way to get the + values is to have something that use the iterator implicitely, like a + for() loop. + + * KeywordLookupGenerator.py: + +2011-06-13 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Fix llocp and lvalp names in the lexer to something more meaningful + https://bugs.webkit.org/show_bug.cgi?id=62605 + + A simple rename + + * parser/Lexer.cpp: + (JSC::Lexer::parseIdentifier): + (JSC::Lexer::parseString): + (JSC::Lexer::lex): + * parser/Lexer.h: + (JSC::Lexer::lexExpectIdentifier): + +2011-06-13 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Make it possible to inline the common case of identifier lexing + https://bugs.webkit.org/show_bug.cgi?id=62600 + + Add a lexing function that expects to lex an "normal" alpha numeric + identifier (that ignores keywords) so it's possible to inline the + common parsing cases. This comes out as a reasonable parsing speed + boost. + + * parser/JSParser.cpp: + (JSC::JSParser::nextExpectIdentifier): + (JSC::JSParser::parseProperty): + (JSC::JSParser::parseMemberExpression): + * parser/Lexer.cpp: + * parser/Lexer.h: + (JSC::Lexer::makeIdentifier): + (JSC::Lexer::lexExpectIdentifier): + +2011-06-13 Xan Lopez <xlopez@igalia.com> + + Reviewed by Martin Robinson. + + Distcheck fixes. + + * GNUmakefile.am: + * GNUmakefile.list.am: + +2011-06-13 Oliver Hunt <oliver@apple.com> + + Reviewed by Simon Fraser. + + Make it possible to inline Identifier::equal + https://bugs.webkit.org/show_bug.cgi?id=62584 + + Move Identifier::equal to the Identifier header file. + + * runtime/Identifier.cpp: + * runtime/Identifier.h: + (JSC::Identifier::equal): + +2011-06-13 Tony Chang <tony@chromium.org> + + Reviewed by Dimitri Glazkov. + + rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX + https://bugs.webkit.org/show_bug.cgi?id=62578 + + * Configurations/FeatureDefines.xcconfig: + +2011-06-13 Tony Chang <tony@chromium.org> + + Reviewed by Adam Barth. + + rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX + https://bugs.webkit.org/show_bug.cgi?id=62545 + + * Configurations/FeatureDefines.xcconfig: + +2011-06-12 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for !ENABLE(JIT) after r88604. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + +2011-06-11 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Darin Adler. + + https://bugs.webkit.org/show_bug.cgi?id=16777 + + Remove #define NaN per Darin's comments. + + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::parseIntOverflow): + (JSC::parseInt): + (JSC::jsStrDecimalLiteral): + (JSC::jsToNumber): + (JSC::parseFloat): + * wtf/DateMath.cpp: + (WTF::equivalentYearForDST): + (WTF::parseES5DateFromNullTerminatedCharacters): + (WTF::parseDateFromNullTerminatedCharacters): + (WTF::timeClip): + (JSC::parseDateFromNullTerminatedCharacters): + +2011-06-11 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by Geoff Garen. + + https://bugs.webkit.org/show_bug.cgi?id=62503 + Remove JIT_OPTIMIZE_* switches + + The alternative code paths are untested, and not well maintained. + These were useful when there was more churn in the JIT, but now + are a maintenance overhead. Time to move on, removing. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * jit/JIT.cpp: + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + (JSC::JIT::linkConstruct): + * jit/JIT.h: + * jit/JITCall.cpp: + * jit/JITCall32_64.cpp: + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::softModulo): + * jit/JITPropertyAccess.cpp: + * jit/JITPropertyAccess32_64.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/Lookup.h: + * wtf/Platform.h: + +2011-06-10 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=16777 + Eliminate JSC::NaN and JSC::Inf + + There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants. + The ones in std::numeric_limits are perfectly good. + Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite. + + * API/JSCallbackObjectFunctions.h: + (JSC::::toNumber): + * API/JSValueRef.cpp: + (JSValueMakeNumber): + (JSValueToNumber): + * JavaScriptCore.exp: + * runtime/CachedTranscendentalFunction.h: + (JSC::CachedTranscendentalFunction::initialize): + * runtime/DateConstructor.cpp: + (JSC::constructDate): + * runtime/DateInstanceCache.h: + (JSC::DateInstanceData::DateInstanceData): + (JSC::DateInstanceCache::reset): + * runtime/JSCell.cpp: + * runtime/JSCell.h: + (JSC::JSCell::JSValue::getPrimitiveNumber): + (JSC::JSCell::JSValue::toNumber): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::resetDateCache): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncParseInt): + (JSC::globalFuncIsFinite): + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::toNumber): + * runtime/JSValue.cpp: + * runtime/JSValue.h: + * runtime/JSValueInlineMethods.h: + (JSC::jsNaN): + * runtime/MathObject.cpp: + (JSC::mathProtoFuncMax): + (JSC::mathProtoFuncMin): + * runtime/NumberConstructor.cpp: + (JSC::numberConstructorNegInfinity): + (JSC::numberConstructorPosInfinity): + * runtime/NumberPrototype.cpp: + (JSC::numberProtoFuncToExponential): + (JSC::numberProtoFuncToFixed): + (JSC::numberProtoFuncToPrecision): + (JSC::numberProtoFuncToString): + * runtime/UString.cpp: + * wtf/DecimalNumber.h: + (WTF::DecimalNumber::DecimalNumber): + * wtf/dtoa.cpp: + (WTF::dtoa): + +2011-06-10 Tony Chang <tony@chromium.org> + + Reviewed by Ojan Vafai. + + add a compile guard ENABLE(FLEXBOX) + https://bugs.webkit.org/show_bug.cgi?id=62049 + + * Configurations/FeatureDefines.xcconfig: + +2011-06-10 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=55347 + "name" and "message" enumerable on *Error.prototype + + This arises from chapter 15 of the spec: + "Every other property described in this clause has the attributes + { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true } + unless otherwise specified." + Standardized properties are not enumerable. + + * runtime/ErrorInstance.cpp: + (JSC::ErrorInstance::ErrorInstance): + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + +2011-06-09 Geoffrey Garen <ggaren@apple.com> + + Build fix: Corrected header spelling. + + * heap/OldSpace.h: + +2011-06-09 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Added OldSpace to the project + https://bugs.webkit.org/show_bug.cgi?id=62417 + + Currently unused. + + Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a + per-block flag for testing whether you're in NewSpace vs OldSpace. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: Build! + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::inNewSpace): + (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in + write barrier. + + * heap/NewSpace.cpp: + (JSC::NewSpace::addBlock): + (JSC::NewSpace::removeBlock): + * heap/NewSpace.h: + (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for + NewSpace-specific operations. + + * heap/OldSpace.cpp: Added. + (JSC::OldSpace::OldSpace): + (JSC::OldSpace::addBlock): + (JSC::OldSpace::removeBlock): + * heap/OldSpace.h: Added. + (JSC::OldSpace::forEachBlock): New class for holding promoted blocks. + Not in use yet. + +2011-06-09 Hyowon Kim <hw1008.kim@samsung.com> + + Reviewed by Antonio Gomes. + + [EFL] Make accelerated compositing build in Webkit-EFL + https://bugs.webkit.org/show_bug.cgi?id=62361 + + Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port. + + * wtf/Platform.h: + +2011-06-09 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + Bug 62405 - Fix integer overflow in Array.prototype.push + + Fix geoff's review comments re static_cast. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncPush): + +2011-06-09 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Factored MarkedBlock set management into a helper class with a fast case Bloom filter + https://bugs.webkit.org/show_bug.cgi?id=62413 + + SunSpider reports a small speedup. + + This is in preparation for having ConservativeSet operate on arbitrary + sets of MarkedBlocks, and in preparation for conservative scanning + becoming proportionally more important than other GC activities. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.xcodeproj/project.pbxproj: Build-o. + + * heap/ConservativeRoots.cpp: + (JSC::ConservativeRoots::add): + * heap/ConservativeRoots.h: + (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet + directly, instead of a Heap, so we can operate on subsets of the Heap + instead. + + Use a TinyBloomFilter for single-cycle exclusion of most pointers. This + is particularly important since we expect not to find our subject pointer + in the MarkedBlock hash, and hash misses are more expensive than typical + hash lookups because they have high collision rates. + + No need for single-pointer add() to be public anymore, since nobody uses it. + + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * heap/Heap.h: + (JSC::Heap::forEachCell): + (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what + ConservativeRoots relies on. + + Nixed contains(), since nobody uses it anymore. + + * heap/MarkedBlock.h: + (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of + the VM layout properties of MarkedBlocks. + + * heap/MarkedBlockSet.h: Added. + (JSC::MarkedBlockSet::add): + (JSC::MarkedBlockSet::remove): + (JSC::MarkedBlockSet::recomputeFilter): + (JSC::MarkedBlockSet::filter): + (JSC::MarkedBlockSet::set): + * heap/TinyBloomFilter.h: Added. + (JSC::TinyBloomFilter::TinyBloomFilter): + (JSC::TinyBloomFilter::add): + (JSC::TinyBloomFilter::ruleOut): New helper class, used above. + + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::gatherConservativeRoots): No need to specifically + exclude values by tag -- the tiny bloom filter is already a register-register + compare, so adding another "rule out" factor just slows things down. + +2011-06-09 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Bug 62405 - Fix integer overflow in Array.prototype.push + + There are three integer overflows here, leading to safe (not a security risk) + but incorrect (non-spec-compliant) behaviour. + + Two overflows occur when calculating the new length after pushing (one in the + fast version of push in JSArray, one in the generic version in ArrayPrototype). + The other occurs calculating indices to write to when multiple items are pushed. + + These errors result in three test-262 failures. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncPush): + * runtime/JSArray.cpp: + (JSC::JSArray::put): + (JSC::JSArray::push): + +2011-06-09 Dan Bernstein <mitz@apple.com> + + Reviewed by Anders Carlsson. + + Add Vector::reverse() + https://bugs.webkit.org/show_bug.cgi?id=62393 + + * wtf/Vector.h: + (WTF::Vector::reverse): Added + +2011-06-08 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Factored a bunch of Heap functionality into stand-alone functors + https://bugs.webkit.org/show_bug.cgi?id=62337 + + This is in preparation for making these functors operate on arbitrary + sets of MarkedBlocks. + + * JavaScriptCore.exp: This file is a small tragedy. + + * debugger/Debugger.cpp: + (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename. + + * heap/HandleHeap.h: + (JSC::HandleHeap::forEachStrongHandle): New function for iterating all + strong handles, so we can play along in the functor game. + + * heap/Heap.cpp: + (JSC::CountFunctor::CountFunctor::CountFunctor): + (JSC::CountFunctor::CountFunctor::count): + (JSC::CountFunctor::CountFunctor::returnValue): + (JSC::CountFunctor::ClearMarks::operator()): + (JSC::CountFunctor::ResetAllocator::operator()): + (JSC::CountFunctor::Sweep::operator()): + (JSC::CountFunctor::MarkCount::operator()): + (JSC::CountFunctor::Size::operator()): + (JSC::CountFunctor::Capacity::operator()): + (JSC::CountFunctor::Count::operator()): + (JSC::CountFunctor::CountIfGlobalObject::operator()): + (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty): + (JSC::CountFunctor::TakeIfEmpty::operator()): + (JSC::CountFunctor::TakeIfEmpty::returnValue): + (JSC::CountFunctor::RecordType::RecordType): + (JSC::CountFunctor::RecordType::typeName): + (JSC::CountFunctor::RecordType::operator()): + (JSC::CountFunctor::RecordType::returnValue): These functors factor out + behavior that used to be in the functions below. + + (JSC::Heap::clearMarks): + (JSC::Heap::sweep): + (JSC::Heap::objectCount): + (JSC::Heap::size): + (JSC::Heap::capacity): + (JSC::Heap::protectedGlobalObjectCount): + (JSC::Heap::protectedObjectCount): + (JSC::Heap::protectedObjectTypeCounts): + (JSC::Heap::objectTypeCounts): + (JSC::Heap::resetAllocator): + (JSC::Heap::freeBlocks): + (JSC::Heap::shrink): Factored out behavior into the functors above. + + * heap/Heap.h: + (JSC::Heap::forEachProtectedCell): + (JSC::Heap::forEachCell): + (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose + functor-based templates instead of plain iterators because they're simpler + to implement in this case and they require a lot less code at the call site. + + * heap/MarkedBlock.h: + (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for + trivial functors. + + (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because + we have a few different kind of "for each" now. + + * runtime/JSGlobalData.cpp: + (WTF::Recompile::operator()): + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename. + + * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused. + +2011-06-08 Mikołaj Małecki <m.malecki@samsung.com> + + Reviewed by Pavel Feldman. + + Web Inspector: Crash by buffer overrun crash when serializing inspector object tree. + https://bugs.webkit.org/show_bug.cgi?id=52791 + + No new tests. The problem can be reproduced by trying to create InspectorValue + from 1.0e-100 and call ->toJSONString() on this. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + export 2 functions DecimalNumber::bufferLengthForStringExponential and + DecimalNumber::toStringExponential. + +2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r88404. + http://trac.webkit.org/changeset/88404 + https://bugs.webkit.org/show_bug.cgi?id=62342 + + broke win and mac build (Requested by tony^work on #webkit). + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-06-08 Evan Martin <evan@chromium.org> + + Reviewed by Adam Barth. + + [chromium] use gyp 'settings' type for settings target + https://bugs.webkit.org/show_bug.cgi?id=62323 + + The 'settings' gyp target type is for targets that exist solely + for their settings (no build rules). The comment above this target + says it's for this, but it incorrectly uses 'none'. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-06-08 Sailesh Agrawal <sail@chromium.org> + + Reviewed by Mihai Parparita. + + Chromium Mac: Enable overlay scrollbars + https://bugs.webkit.org/show_bug.cgi?id=59756 + + Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X. + + * wtf/Platform.h: + +2011-06-08 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Add faster lookup cache for multi character identifiers + https://bugs.webkit.org/show_bug.cgi?id=62327 + + Add a non-hash lookup for mutiple character identifiers. This saves us from + adding repeated identifiers to the ParserArena's identifier list as people + tend to not start all their variables and properties with the same character + and happily identifier locality works in our favour. + + * parser/ParserArena.h: + (JSC::IdentifierArena::isEmpty): + (JSC::IdentifierArena::clear): + (JSC::IdentifierArena::makeIdentifier): + +2011-06-08 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Took some responsibilities away from NewSpace + https://bugs.webkit.org/show_bug.cgi?id=62325 + + NewSpace is basically just an allocator now. + + Heap acts as a controller, responsible for managing the set of all + MarkedBlocks. + + This is in preparation for moving parts of the controller logic into + separate helper classes that can act on arbitrary sets of MarkedBlocks + that may or may not be in NewSpace. + + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::destroy): + (JSC::Heap::allocate): + (JSC::Heap::markRoots): + (JSC::Heap::clearMarks): + (JSC::Heap::sweep): + (JSC::Heap::objectCount): + (JSC::Heap::size): + (JSC::Heap::capacity): + (JSC::Heap::collect): + (JSC::Heap::resetAllocator): + (JSC::Heap::allocateBlock): + (JSC::Heap::freeBlocks): + (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap, + along with all functions that operate on the set of MarkedBlocks. Also + moved responsibility for deciding whether to allocate a new MarkedBlock, + and for allocating it. + + * heap/Heap.h: + (JSC::Heap::contains): + (JSC::Heap::forEach): Ditto. + + * heap/NewSpace.cpp: + (JSC::NewSpace::addBlock): + (JSC::NewSpace::removeBlock): + (JSC::NewSpace::resetAllocator): + * heap/NewSpace.h: + (JSC::NewSpace::waterMark): + (JSC::NewSpace::allocate): Ditto. + +2011-06-08 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Some more MarkedSpace => NewSpace renaming + https://bugs.webkit.org/show_bug.cgi?id=62305 + + * JavaScriptCore.exp: + * JavaScriptCore.order: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::destroy): + (JSC::Heap::reportExtraMemoryCostSlowCase): + (JSC::Heap::allocate): + (JSC::Heap::markRoots): + (JSC::Heap::objectCount): + (JSC::Heap::size): + (JSC::Heap::capacity): + (JSC::Heap::collect): + (JSC::Heap::isValidAllocation): + * heap/Heap.h: + (JSC::Heap::markedSpace): + (JSC::Heap::contains): + (JSC::Heap::forEach): + (JSC::Heap::allocate): + * runtime/JSCell.h: + +2011-06-08 Kevin Ollivier <kevino@theolliviers.com> + + Reviewed by Eric Seidel. + + Add export macros to profiler headers. + https://bugs.webkit.org/show_bug.cgi?id=27551 + + * profiler/Profiler.h: + +2011-06-08 Kevin Ollivier <kevino@theolliviers.com> + + Reviewed by Eric Seidel. + + Add export symbols to parser headers. + https://bugs.webkit.org/show_bug.cgi?id=27551 + + * parser/SourceProviderCache.h: + +2011-06-08 Kevin Ollivier <kevino@theolliviers.com> + + Reviewed by Eric Seidel. + + Add export symbols to interpreter headers. + https://bugs.webkit.org/show_bug.cgi?id=27551 + + * interpreter/Interpreter.h: + +2011-06-08 Kevin Ollivier <kevino@theolliviers.com> + + Reviewed by Eric Seidel. + + Add export symbols to debugger headers. + https://bugs.webkit.org/show_bug.cgi?id=27551 + + * debugger/Debugger.h: + * debugger/DebuggerCallFrame.h: + +2011-06-08 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + Moved MarkedSpace.* to NewSpace.* in preparation for more renaming + https://bugs.webkit.org/show_bug.cgi?id=62268 + + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/Heap.h: + * heap/MarkedBlock.h: + * heap/MarkedSpace.cpp: Removed. + * heap/MarkedSpace.h: Removed. + * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp. + * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h. + +2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r88365. + http://trac.webkit.org/changeset/88365 + https://bugs.webkit.org/show_bug.cgi?id=62301 + + windows bots broken (Requested by loislo_ on #webkit). + + * JavaScriptCore.exp: + +2011-06-08 Ryan Sleevi <rsleevi@chromium.org> + + Reviewed by Tony Chang. + + Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6 + + Compiling Chromium port under GCC 4.6 produces warnings about nullptr + https://bugs.webkit.org/show_bug.cgi?id=62242 + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-06-08 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org> + + Reviewed by Andreas Kling. + + Webkit on SPARC Solaris has wrong endian + https://bugs.webkit.org/show_bug.cgi?id=29407 + + Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but + there are more ocurrences of the same code pattern in webkit. + + This patch includes the check on these other parts of the code. + + This is a speculative fix, I don't have a sparc machine to test and + don't know which kind of test would trigger a crash (but it's quite + obvious that it's the same code duplicated in different files). + + * runtime/UString.h: + (JSC::UStringHash::equal): + * wtf/text/StringHash.h: + (WTF::StringHash::equal): + +2011-06-08 Yael Aharon <yael.aharon@nokia.com> + + Reviewed by Andreas Kling. + + [Qt] Build fix for building QtWebKit inside of Qt. + https://bugs.webkit.org/show_bug.cgi?id=62280 + + Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore + into QtWebKit.prl. + + No new tests, as this is just a build fix. + + * JavaScriptCore.pri: + +2011-06-07 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Split 'reset' into 'collect' and 'resetAllocator' + https://bugs.webkit.org/show_bug.cgi?id=62267 + + * heap/Heap.cpp: + (JSC::Heap::allocate): + (JSC::Heap::collectAllGarbage): + (JSC::Heap::collect): + * heap/Heap.h: + * heap/MarkedBlock.h: + (JSC::MarkedBlock::resetAllocator): + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::resetAllocator): + * heap/MarkedSpace.h: + (JSC::MarkedSpace::SizeClass::resetAllocator): + +2011-06-07 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Renamed some more marks to visits + https://bugs.webkit.org/show_bug.cgi?id=62254 + + * heap/HandleHeap.cpp: + (JSC::HandleHeap::visitStrongHandles): + (JSC::HandleHeap::visitWeakHandles): + * heap/HandleHeap.h: + * heap/HandleStack.cpp: + (JSC::HandleStack::visit): + * heap/HandleStack.h: + * heap/Heap.cpp: + (JSC::Heap::markProtectedObjects): + (JSC::Heap::markTempSortVectors): + (JSC::Heap::markRoots): + * heap/HeapRootVisitor.h: + (JSC::HeapRootVisitor::visit): + * runtime/ArgList.cpp: + (JSC::MarkedArgumentBuffer::markLists): + +2011-06-07 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig + + https://bugs.webkit.org/show_bug.cgi?id=55537 + Functions claim to have 'callee' which they actually don't (and shouldn't) + + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertyNames): + +2011-06-07 Juan C. Montemayor <jmont@apple.com> + + Reviewed by Darin Adler. + + Make JSStaticFunction and JSStaticValue less "const" + https://bugs.webkit.org/show_bug.cgi?id=62222 + + * API/JSObjectRef.h: + * API/tests/testapi.c: + (checkConstnessInJSObjectNames): + (main): + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-06-07 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=62240 + DFG JIT - add support for for-loop array initialization. + + Support put by val beyond vector length. + Add a operationPutByValBeyondArrayBounds operation, make + PutValVal call this if the vector length check fails. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentSpillGPR): + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): + (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value): + (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value): + (JSC::DFG::JITCodeGenerator::isIntegerConstant): + (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant): + * dfg/DFGOperations.cpp: + (JSC::DFG::operationPutByValInternal): + * dfg/DFGOperations.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + +2011-06-06 James Simonsen <simonjam@chromium.org> + + Reviewed by James Robinson. + + Add monotonicallyIncreasingTime() to get monotonically increasing time + https://bugs.webkit.org/show_bug.cgi?id=37743 + + * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime(). + (WTF::monotonicallyIncreasingTime): + * wtf/CurrentTime.h: Add monotonicallyIncreasingTime(). + +2011-06-06 Alexandru Chiculita <achicu@adobe.com> + + Reviewed by Kent Tamura. + + Add ENABLE_CSS_EXCLUSIONS support for build-webkit script + https://bugs.webkit.org/show_bug.cgi?id=61628 + + * Configurations/FeatureDefines.xcconfig: + +2011-06-06 Mihnea Ovidenie <mihnea@adobe.com> + + Reviewed by Kent Tamura. + + Add ENABLE(CSS_REGIONS) guard for CSS Regions support + https://bugs.webkit.org/show_bug.cgi?id=61631 + + * Configurations/FeatureDefines.xcconfig: + +2011-06-06 Carlos Garcia Campos <cgarcia@igalia.com> + + Unreviewed. Fix the GTK+ build. + + * GNUmakefile.am: Add javascriptcore_cflags variable. + +2011-06-04 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures + to build on Mac. + + * wtf/Platform.h: + +2011-06-04 Gustavo Noronha Silva <gns@gnome.org> + + Unreviewed, MIPS build fix. + + WebKitGTK+ tarball fails to build on MIPS. + https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691 + + * GNUmakefile.list.am: Add missing MIPS-related file to the list + of files that are added to the tarball on make dist, and fix + sorting. + +2011-06-04 Sam Weinig <sam@webkit.org> + + Reviewed by Darin Adler. + + Fix formatting of the output generated by KeywordLookupGenerator.py + https://bugs.webkit.org/show_bug.cgi?id=62083 + + - Uses correct year for copyright. + - Puts ending brace on same line as "else if" + - Puts starting brace of function on its own line. + - Adds some tasteful whitespace. + - Adds comments to make clear that scopes are ending + - Make macros actually split on two lines. + + * KeywordLookupGenerator.py: + +2011-06-04 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + KeywordLookupGenerator.py spams stdout in Chromium Linux build + https://bugs.webkit.org/show_bug.cgi?id=62087 + + This action does not appear to be needed. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-06-03 Oliver Hunt <oliver@apple.com> + + Reviewed by Maciej Stachowiak. + + Lexer needs to provide Identifier for reserved words + https://bugs.webkit.org/show_bug.cgi?id=62086 + + Alas it is necessary to provide an Identifier reference for keywords + so that we can do the right thing when they're used in object literals. + We now keep Identifiers for all reserved words in the CommonIdentifiers + structure so that we can access them without a hash lookup. + + * KeywordLookupGenerator.py: + * parser/Lexer.cpp: + (JSC::Lexer::parseIdentifier): + * parser/Lexer.h: + * runtime/CommonIdentifiers.cpp: + (JSC::CommonIdentifiers::CommonIdentifiers): + * runtime/CommonIdentifiers.h: + +2011-06-03 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Add debug code to break on speculation failures. + + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGNode.h: + +2011-06-03 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=62082 + DFG JIT - bug passing arguments that need swap + + This is really just a typo. + When setting up the arguments for a call out to a C operation, we'll + fail to swap arguments where this is necessary. For example, in the + case of 2 arg calls, where the first argument is in %rdx & the second + is in %rsi we should swap (exec will be passed in %rdi), but we don't. + + This can also affect function calls passing three arguments. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::setupTwoStubArgs): + - Call swap with the correct arguments. + +2011-06-03 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Force inlining of some hot lexer functions + https://bugs.webkit.org/show_bug.cgi?id=62079 + + Fix more GCC stupidity + + * parser/Lexer.h: + (JSC::Lexer::isWhiteSpace): + (JSC::Lexer::isLineTerminator): + +2011-06-03 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + GCC not inlining some functions that it really should be + https://bugs.webkit.org/show_bug.cgi?id=62075 + + Add ALWAYS_INLINE to a number of parsing and lexing functions + that should always be inlined. This gets us ~1.4% on my ad hoc + parser test. + + * KeywordLookupGenerator.py: + * parser/JSParser.cpp: + (JSC::JSParser::next): + (JSC::JSParser::nextTokenIsColon): + (JSC::JSParser::consume): + (JSC::JSParser::match): + (JSC::JSParser::tokenStart): + (JSC::JSParser::tokenLine): + (JSC::JSParser::tokenEnd): + * parser/Lexer.cpp: + (JSC::isIdentPart): + +2011-06-03 Oliver Hunt <oliver@apple.com> + + Whoops, fix last minute bug. + + * parser/Lexer.cpp: + (JSC::Lexer::parseIdentifier): + +2011-06-03 Martin Robinson <mrobinson@igalia.com> + + Try to fix the GTK+ build. + + * GNUmakefile.am: Clean up some spaces that should be tabs. + * GNUmakefile.list.am: Add KeywordLookup.h to the source list + and clean up some spaces that should be tabs. + +2011-06-03 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Improve keyword lookup + https://bugs.webkit.org/show_bug.cgi?id=61913 + + Rather than doing multiple hash lookups as we currently + do when trying to identify keywords we now use an + automatically generated decision tree (essentially it's + a hard coded patricia trie). We still use the regular + lookup table for the last few characters of an input as + this allows us to completely skip all bounds checks. + + * CMakeLists.txt: + * DerivedSources.make: + * DerivedSources.pro: + * GNUmakefile.am: + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * KeywordLookupGenerator.py: Added. + * make-generated-sources.sh: + * parser/Lexer.cpp: + (JSC::Lexer::internalShift): + (JSC::Lexer::shift): + (JSC::Lexer::parseIdentifier): + * parser/Lexer.h: + +2011-06-03 Siddharth Mathur <siddharth.mathur@nokia.com> + + Reviewed by Benjamin Poulain. + + [Qt] Build flag for experimental ICU library support + https://bugs.webkit.org/show_bug.cgi?id=60786 + + Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental + ICU powered Unicode support. + + * JavaScriptCore.pri: Support for use_system_icu CONFIG flag. + * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). + +2011-06-03 Alexis Menard <alexis.menard@openbossa.org> + + Reviewed by Benjamin Poulain. + + [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6. + https://bugs.webkit.org/show_bug.cgi?id=61957 + + When building inside the Qt source tree, qmake always append the mkspecs + defines after ours. We have to workaround and make sure that we append + our flags after the qmake variable used inside Qt. This workaround was provided + by our qmake folks. We need to append in both case because qmake behave differently + when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port. + + * JavaScriptCore.pro: + +2011-06-02 Jay Civelli <jcivelli@chromium.org> + + Reviewed by Adam Barth. + + Added a method to generate RFC 2822 compliant date strings. + https://bugs.webkit.org/show_bug.cgi?id=7169 + + * wtf/DateMath.cpp: + (WTF::twoDigitStringFromNumber): + (WTF::makeRFC2822DateString): + * wtf/DateMath.h: + +2011-06-02 Alexis Menard <alexis.menard@openbossa.org> + + Reviewed by Andreas Kling. + + [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6. + https://bugs.webkit.org/show_bug.cgi?id=61957 + + When building inside the Qt source tree, qmake always append the mkspecs + defines after ours. We have to workaround and make sure that we append + our flags after the qmake variable used inside Qt. This workaround was provided + by our qmake folks. + + * JavaScriptCore.pro: + +2011-06-01 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Add single character lookup cache to IdentifierArena + https://bugs.webkit.org/show_bug.cgi?id=61879 + + Add a simple lookup cache for single ascii character + identifiers. Produces around a 2% improvement in parse + time for my adhoc parser test. + + * parser/ParserArena.h: + (JSC::IdentifierArena::IdentifierArena): + (JSC::IdentifierArena::clear): + (JSC::IdentifierArena::makeIdentifier): + +2011-05-31 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Freezing a function and its prototype causes browser to crash. + https://bugs.webkit.org/show_bug.cgi?id=61758 + + Make JSObject::preventExtensions virtual so that we can override it + and instantiate all lazy + + * JavaScriptCore.exp: + * runtime/JSFunction.cpp: + (JSC::createPrototypeProperty): + (JSC::JSFunction::preventExtensions): + (JSC::JSFunction::getOwnPropertySlot): + * runtime/JSFunction.h: + * runtime/JSObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::seal): + (JSC::JSObject::seal): + +2011-06-01 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r87788. + http://trac.webkit.org/changeset/87788 + https://bugs.webkit.org/show_bug.cgi?id=61856 + + breaks windows chromium canary (Requested by jknotten on + #webkit). + + * wtf/DateMath.cpp: + (WTF::timeClip): + * wtf/DateMath.h: + +2011-06-01 Jay Civelli <jcivelli@chromium.org> + + Reviewed by Adam Barth. + + Added a method to generate RFC 2822 compliant date strings. + https://bugs.webkit.org/show_bug.cgi?id=7169 + + * wtf/DateMath.cpp: + (WTF::twoDigitStringFromNumber): + (WTF::makeRFC2822DateString): + * wtf/DateMath.h: + +2011-05-31 Yong Li <yoli@rim.com> + + Reviewed by Eric Seidel. + + https://bugs.webkit.org/show_bug.cgi?id=54807 + We have been assuming plain bitfields (like "int a : 31") are always signed integers. + However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain + bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned. + http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html + Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers, + always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good + rule we should have in order to make our code independent from compilers and compiler flags. + + No new test added because this change is not known to fix any issue. + + * bytecode/StructureStubInfo.h: + +2011-05-30 Hojong Han <hojong.han@samsung.com> + + Reviewed by Geoffrey Garen. + + [JSC] malfunction during arithmetic condition check with negative number (-2147483648) + https://bugs.webkit.org/show_bug.cgi?id=61416 + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::branch32): + * tests/mozilla/ecma/Expressions/11.12-1.js: + (getTestCases): + +2011-05-29 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Some heap refactoring + https://bugs.webkit.org/show_bug.cgi?id=61704 + + SunSpider says no change. + + * JavaScriptCore.exp: Export! + + * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now. + + (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap. + + (JSC::Heap::allocate): Changed inline allocation code to only select the + size class, since this can be optimized out at compile time -- everything + else is now inlined into this out-of-line function. + + No need to duplicate ASSERTs made in our caller. + + * heap/Heap.h: + (JSC::Heap::heap): + (JSC::Heap::isMarked): + (JSC::Heap::testAndSetMarked): + (JSC::Heap::testAndClearMarked): + (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding + a layer of indirection through MarkedSpace. + + (JSC::Heap::allocate): See above. + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::create): + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap. + + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::allocateBlock): + * heap/MarkedSpace.h: + (JSC::MarkedSpace::allocate): Updated to match changes above. + +2011-05-28 David Kilzer <ddkilzer@apple.com> + + BUILD FIX when building only the interpreter + + Fixes the following compiler warning: + + JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3] + void releaseExecutableMemory(JSGlobalData& globalData) + ^ + + * jit/ExecutableAllocator.h: Moved declaration of + JSC::releaseExecutableMemory(). + +2011-05-28 David Kilzer <ddkilzer@apple.com> + + BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION) + + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::linkCode): Added missing argument. + +2011-05-27 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + JS API is too aggressive about throwing exceptions for NULL get or set operations + https://bugs.webkit.org/show_bug.cgi?id=61678 + + * API/JSCallbackObject.h: Changed our staticValueGetter to a regular + function that returns a JSValue, so it can fail and still forward to + normal property lookup. + + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertySlot): Don't throw an exception when failing to + access a static property -- just forward the access. This allows objects + to observe get/set operations but still let the JS object manage lifetime. + + (JSC::::put): Ditto. + + (JSC::::getStaticValue): Same as JSCallbackObject.h. + + * API/tests/testapi.c: + (MyObject_set_nullGetForwardSet): + * API/tests/testapi.js: Updated tests to reflect slightly less strict + behavior, which matches headerdoc claims. + +2011-05-27 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Property caching is too aggressive for API objects + https://bugs.webkit.org/show_bug.cgi?id=61677 + + * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our + callback APIs allow the client to change its mind about our propertis at + any time. + + * API/tests/testapi.c: + (PropertyCatchalls_getProperty): + (PropertyCatchalls_setProperty): + (PropertyCatchalls_getPropertyNames): + (PropertyCatchalls_class): + (main): + * API/tests/testapi.js: Some tests for dynamic API objects. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::tryCachePutByID): + (JSC::Interpreter::tryCacheGetByID): + * jit/JITStubs.cpp: + (JSC::JITThunks::tryCachePutByID): + (JSC::JITThunks::tryCacheGetByID): + (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client + requires it. + + * runtime/JSTypeInfo.h: + (JSC::TypeInfo::TypeInfo): + (JSC::TypeInfo::isFinal): + (JSC::TypeInfo::prohibitsPropertyCaching): + (JSC::TypeInfo::flags): Added a flag to track opting out of property + caching. Fixed an "&&" vs "&" typo that was previously harmless, but + is now harmful since m_flags2 can have more than one bit set. + +2011-05-27 Stephanie Lewis <slewis@apple.com> + + Unreviewed. + + Fix a typo in the order_file flag. + + * Configurations/Base.xcconfig: + +2011-05-27 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527. + + * runtime/JSGlobalData.cpp: + (JSGlobalData::JSGlobalData): + +2011-05-27 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Add a few validity assertions to JSCallbackObject + https://bugs.webkit.org/show_bug.cgi?id=61659 + + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::visitChildren): + +2011-05-27 Oliver Hunt <oliver@apple.com> + + Build fix + + * runtime/RegExpCache.cpp: + (JSC::RegExpCache::invalidateCode): + +2011-05-27 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Try to release unused executable memory when the FixedVMPool allocator is under pressure + https://bugs.webkit.org/show_bug.cgi?id=61651 + + Rather than crashing when full the FixedVMPool allocator now returns a null + allocation. We replace the code that used to CRASH() on null allocations + with logic that asks the provided globalData to release any executable memory + that it can. Currently this just means throwing away all regexp code, but + in future we'll try to be more aggressive. + + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::executableCopy): + * assembler/ARMAssembler.h: + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::executableCopy): + * assembler/AssemblerBufferWithConstantPool.h: + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::LinkBuffer): + (JSC::LinkBuffer::linkCode): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::executableCopy): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::executableCopy): + * assembler/X86Assembler.h: + (JSC::X86Assembler::executableCopy): + (JSC::X86Assembler::X86InstructionFormatter::executableCopy): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * jit/ExecutableAllocator.h: + (JSC::ExecutablePool::create): + (JSC::ExecutablePool::alloc): + (JSC::ExecutableAllocator::ExecutableAllocator): + (JSC::ExecutableAllocator::poolForSize): + (JSC::ExecutablePool::ExecutablePool): + (JSC::ExecutablePool::poolAllocate): + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::FixedVMPoolAllocator::alloc): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::finalize): + * jit/ThunkGenerators.cpp: + (JSC::charCodeAtThunkGenerator): + (JSC::charAtThunkGenerator): + (JSC::fromCharCodeThunkGenerator): + (JSC::sqrtThunkGenerator): + (JSC::powThunkGenerator): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::releaseExecutableMemory): + (JSC::releaseExecutableMemory): + * runtime/JSGlobalData.h: + * runtime/RegExpCache.cpp: + (JSC::RegExpCache::invalidateCode): + * runtime/RegExpCache.h: + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::compile): + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Optimized ConservativeSet to avoid double-visiting objects + https://bugs.webkit.org/show_bug.cgi?id=61592 + + SunSpider thinks this might be a 1% speedup + + * heap/ConservativeRoots.h: + (JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting + an object. + + * heap/Heap.h: + (JSC::Heap::isMarked): + (JSC::Heap::testAndSetMarked): + (JSC::Heap::testAndClearMarked): + (JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type + to void*, since clients want to ask questions about arbitrary pointers + into the heap, even when they aren't known to be JSCells. + + * heap/MarkedBlock.h: + (JSC::MarkedBlock::testAndClearMarked): + * heap/MarkedSpace.h: + (JSC::MarkedSpace::isMarked): + (JSC::MarkedSpace::testAndSetMarked): + (JSC::MarkedSpace::testAndClearMarked): + (JSC::MarkedSpace::setMarked): + (JSC::MarkedSpace::contains): Ditto. + + * wtf/Bitmap.h: + (WTF::::testAndClear): New function for ConservativeRoots's inverted + marking pass. + +2011-05-27 Stephanie Lewis <slewis@apple.com> + + Rubber Stamped by Adam Roben. + + Update Order Files. Use -order_file flag since it can order more of the binary. + + * Configurations/Base.xcconfig: + * JavaScriptCore.order: + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Renamed heapRootMarker to heapRootVisitor to match its class name + https://bugs.webkit.org/show_bug.cgi?id=61584 + + * heap/Heap.cpp: + (JSC::Heap::markProtectedObjects): + (JSC::Heap::markTempSortVectors): + (JSC::Heap::markRoots): + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed some interdependency between Heap and SmallStrings by simplifying + the SmallStrings lifetime model + https://bugs.webkit.org/show_bug.cgi?id=61579 + + SunSpider reports no change. + + Using Weak<T> could accomplish this too, but we're not sure it will give + us the performance we need. This is a first step, and it accomplishes + most of the value of using Weak<T>. + + * heap/Heap.cpp: + (JSC::Heap::destroy): + (JSC::Heap::markRoots): + (JSC::Heap::reset): Finalize small strings just like other weak handles. + + * runtime/SmallStrings.cpp: + (JSC::finalize): + (JSC::SmallStrings::finalizeSmallStrings): + * runtime/SmallStrings.h: Make all small strings trivially weak, instead + of having an "all for one, one for all" memory model. + +2011-05-26 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make RegExpCache a weak map + https://bugs.webkit.org/show_bug.cgi?id=61554 + + Switch to a weak map for the regexp cache, and hide that + behaviour behind RegExp::create. + + When a RegExp is compiled it attempts to add itself to + the "strong" cache. This cache is a simple round-robin + buffer as was the old strong cache. Happily this can + be smaller than the old strong cache as RegExps are only + added when they're compiled so it is under less pressure + to evict. + + * bytecompiler/NodesCodegen.cpp: + (JSC::RegExpNode::emitBytecode): + * runtime/RegExp.cpp: + (JSC::RegExp::RegExp): + (JSC::RegExp::create): + (JSC::RegExp::match): + * runtime/RegExp.h: + (JSC::RegExp::gcShouldInvalidateCode): + (JSC::RegExp::hasCode): + (JSC::RegExp::key): + * runtime/RegExpCache.cpp: + (JSC::RegExpCache::lookupOrCreate): + (JSC::RegExpCache::RegExpCache): + (JSC::RegExpCache::isReachableFromOpaqueRoots): + (JSC::RegExpCache::finalize): + * runtime/RegExpCache.h: + * runtime/RegExpConstructor.cpp: + (JSC::constructRegExp): + * runtime/RegExpPrototype.cpp: + (JSC::regExpProtoFuncCompile): + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Moved Heap-related functions out of JSCell.h and into respective header files + https://bugs.webkit.org/show_bug.cgi?id=61567 + + * heap/Heap.h: + (JSC::Heap::allocate): + (JSC::Heap::heap): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::allocate): + * heap/MarkedSpace.h: + (JSC::MarkedSpace::sizeClassFor): + (JSC::MarkedSpace::allocate): + * runtime/JSCell.h: + (JSC::JSCell::destructor): + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Try to fix Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-05-26 Ryosuke Niwa <rniwa@webkit.org> + + Reviewed by Eric Seidel. + + [debug feature] WTFString should have show() method + https://bugs.webkit.org/show_bug.cgi?id=61149 + + Added String::show and AtomicString::show in NDEBUG. + + * wtf/text/AtomicString.cpp: + (WTF::AtomicString::show): + * wtf/text/AtomicString.h: + * wtf/text/WTFString.cpp: + (String::show): + * wtf/text/WTFString.h: + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Geoffrey Garen. + + Factored out some Heap ASSERTs + https://bugs.webkit.org/show_bug.cgi?id=61565 + + * JavaScriptCore.exp: + * heap/Heap.cpp: + (JSC::isValidSharedInstanceThreadState): + (JSC::isValidThreadState): + (JSC::Heap::markRoots): + (JSC::Heap::isValidAllocation): + * heap/Heap.h: + * runtime/JSCell.h: + (JSC::JSCell::Heap::allocate): + +2011-05-26 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + https://bugs.webkit.org/show_bug.cgi?id=61508 + DFG JIT - Add support for get by id self caching. + + Change the call out to be an unexpected call (using silent spill/fill functions), + add a structure check & compact load to the JIT code, and add repatching mechanisms. + Since DFGOperations may want to be be implemented in asm, make these symbols be extern + "C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation, + so that it can look up its StructureStubInfo. + + * JavaScriptCore.xcodeproj/project.pbxproj: + - Added new files. + * bytecode/StructureStubInfo.h: + - Added 'unset' entries to union. + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck): + - Return the call, we need this to populate the StructureStubInfo. + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + - Populate the CodebBlock's StructureStubInfo Vector. + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::appendCallWithExceptionCheck): + - Return the call, we need this to populate the StructureStubInfo. + (JSC::DFG::JITCompiler::addPropertyAccess): + (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): + - Add structures to record property access info during compilation. + * dfg/DFGOperations.cpp: + - Made all external methods extern "C". + (JSC::DFG::operationPutByValInternal): + - Moved outside of the extern "C" block. + * dfg/DFGOperations.h: + - Made all external methods extern "C". + * dfg/DFGRepatch.cpp: Added. + (JSC::DFG::dfgRepatchCall): + - repatch a call to link to a new callee function. + (JSC::DFG::dfgRepatchGetByIdSelf): + - Modify the JIT code to optimize self accesses. + (JSC::DFG::tryCacheGetByID): + - Internal implementation of dfgRepatchGetByID (factor out failing cases). + (JSC::DFG::dfgRepatchGetByID): + - Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses! + * dfg/DFGRepatch.h: Added. + - Expose dfgRepatchGetByID. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - Changed implementation of GetById ops. + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed. + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedBlock.h: + * wtf/DoublyLinkedList.h: + (WTF::::DoublyLinkedListNode): + (WTF::::setPrev): + (WTF::::setNext): + (WTF::::prev): + (WTF::::next): + (WTF::::DoublyLinkedList): + (WTF::::isEmpty): + (WTF::::size): + (WTF::::clear): + (WTF::::head): + (WTF::::append): + (WTF::::remove): + (WTF::::removeHead): + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Rolled out http://trac.webkit.org/changeset/87408 because it broke the + Windows build. + + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedBlock.h: + (JSC::MarkedBlock::setPrev): + (JSC::MarkedBlock::setNext): + (JSC::MarkedBlock::prev): + (JSC::MarkedBlock::next): + * wtf/DoublyLinkedList.h: + (WTF::::DoublyLinkedList): + (WTF::::isEmpty): + (WTF::::head): + (WTF::::append): + (WTF::::remove): + +2011-05-26 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Provide a real owner when copying a property table, for the sake of + write barriers. + https://bugs.webkit.org/show_bug.cgi?id=61547 + + No test because we can't enable the writeBarrier() ASSERT just yet. + + * runtime/Structure.cpp: + (JSC::Structure::addPropertyTransition): + +2011-05-26 Adam Roben <aroben@apple.com> + + Windows build fix after r87346 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match + reality. + +2011-05-26 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Adam Barth. + + ASSERT(isMainThread()) when using single threaded jsc executable + https://bugs.webkit.org/show_bug.cgi?id=60846 + + Remove the ASSERT since we do not have the concept of MainThread in JSC. + + * wtf/CryptographicallyRandomNumber.cpp: + (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber): + (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues): + +2011-05-25 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=61506 + + Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator + so that they are available to the SpeculativeJIT. + + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::silentSpillGPR): + (JSC::DFG::JITCodeGenerator::silentSpillFPR): + (JSC::DFG::JITCodeGenerator::silentFillGPR): + (JSC::DFG::JITCodeGenerator::silentFillFPR): + (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): + (JSC::DFG::JITCodeGenerator::silentFillAllRegisters): + * dfg/DFGNonSpeculativeJIT.h: + +2011-05-25 Ryosuke Niwa <rniwa@webkit.org> + + An attempt to revive Windows bots. + + * runtime/RegExp.cpp: + * runtime/RegExp.h: + +2011-05-25 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT + + This data structure, used at runtime by the JIT, is currently unnecessarily populated + with default entries during byte compilation. + + Aside from meaning that there is JIT specific code in the bytecompiler, this also ties + us to one entry per corresponding bytecode op, which may be undesirable. Instead, + populate this array from the JIT. + + The type StructureStubInfo has two unused states, one for gets & one for puts. Unify + these, so that the class can have a default constructor (and to simply switch statements + in code walking over the table). + + This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure + to check for functions containing property access. Instead do so in the DFGByteCodeParser. + + * bytecode/CodeBlock.cpp: + (JSC::printStructureStubInfo): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::setNumberOfStructureStubInfos): + (JSC::CodeBlock::numberOfStructureStubInfos): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::deref): + (JSC::StructureStubInfo::visitAggregate): + * bytecode/StructureStubInfo.h: + (JSC::StructureStubInfo::StructureStubInfo): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitGetById): + (JSC::BytecodeGenerator::emitPutById): + (JSC::BytecodeGenerator::emitDirectPutById): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * jit/JIT.cpp: + (JSC::JIT::JIT): + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + (JSC::JIT::privateCompile): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_get_by_id): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::compileGetByIdSlowCase): + (JSC::JIT::emitSlow_op_put_by_id): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_get_by_id): + (JSC::JIT::emitSlow_op_get_by_id): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emitSlow_op_put_by_id): + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::compileGetByIdSlowCase): + * runtime/Executable.cpp: + (JSC::tryDFGCompile): + +2011-05-25 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::Call::Call): + (JSC::AbstractMacroAssembler::Call::fromTailJump): + (JSC::AbstractMacroAssembler::Jump::Jump): + (JSC::AbstractMacroAssembler::Jump::link): + (JSC::AbstractMacroAssembler::Jump::linkTo): + (JSC::AbstractMacroAssembler::Jump::isSet): + (JSC::AbstractMacroAssembler::differenceBetween): + (JSC::AbstractMacroAssembler::linkJump): + (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::link): + (JSC::LinkBuffer::locationOf): + (JSC::LinkBuffer::locationOfNearCall): + (JSC::LinkBuffer::returnAddressOffset): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::linkCall): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::linkCall): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::linkCall): + * assembler/MacroAssemblerSH4.cpp: + (JSC::MacroAssemblerSH4::linkCall): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::linkCall): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::linkCall): + +2011-05-25 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=61500 + Add JSObject::offsetOfPropertyStorage + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::compileGetDirectOffset): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::compilePutDirectOffset): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::compilePutDirectOffset): + (JSC::JIT::compileGetDirectOffset): + * runtime/JSObject.h: + (JSC::JSObject::offsetOfPropertyStorage): + +2011-05-25 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make RegExp GC allocated + https://bugs.webkit.org/show_bug.cgi?id=61490 + + Make RegExp GC allocated. Basically mechanical change to replace + most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp> + where actual ownership happens. + + Made the RegExpCache use Strong<> references currently to avoid any + changes in behaviour. + + * JavaScriptCore.exp: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addRegExp): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::addRegExp): + (JSC::BytecodeGenerator::emitNewRegExp): + * bytecompiler/BytecodeGenerator.h: + * runtime/JSCell.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::clearBuiltinStructures): + (JSC::JSGlobalData::addRegExpToTrace): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/RegExp.cpp: + (JSC::RegExp::RegExp): + (JSC::RegExp::create): + (JSC::RegExp::invalidateCode): + * runtime/RegExp.h: + (JSC::RegExp::createStructure): + * runtime/RegExpCache.cpp: + (JSC::RegExpCache::lookupOrCreate): + (JSC::RegExpCache::create): + * runtime/RegExpCache.h: + * runtime/RegExpConstructor.cpp: + (JSC::constructRegExp): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::RegExpObject): + (JSC::RegExpObject::visitChildren): + * runtime/RegExpObject.h: + (JSC::RegExpObject::setRegExp): + (JSC::RegExpObject::RegExpObjectData::RegExpObjectData): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + (JSC::regExpProtoFuncCompile): + * runtime/RegExpPrototype.h: + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + +2011-05-25 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Generate regexp code lazily + https://bugs.webkit.org/show_bug.cgi?id=61476 + + RegExp construction now simply validates the RegExp, it does + not perform actual codegen. + + * runtime/RegExp.cpp: + (JSC::RegExp::RegExp): + (JSC::RegExp::recompile): + (JSC::RegExp::compile): + (JSC::RegExp::match): + * runtime/RegExp.h: + (JSC::RegExp::recompileIfNecessary): + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::performMatch): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::match): + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncReplace): + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + (JSC::stringProtoFuncSplit): + +2011-05-24 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Geoffrey Garen. + + Removed MarkSetProperties because it was unused + https://bugs.webkit.org/show_bug.cgi?id=61418 + + * heap/MarkStack.h: + (JSC::MarkSet::MarkSet): + (JSC::MarkStack::append): + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildren): + * runtime/JSArray.h: + (JSC::JSArray::visitChildrenDirect): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::visitChildren): + * runtime/WriteBarrier.h: + (JSC::MarkStack::appendValues): + +2011-05-25 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make allocations with guard pages ensure that the allocation succeeded + https://bugs.webkit.org/show_bug.cgi?id=61453 + + Add null checks, and make PageBlock's operator bool() use + the realbase, rather than the start of usable memory. + + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): + * wtf/PageBlock.h: + (WTF::PageBlock::operator bool): + (WTF::PageBlock::PageBlock): + +2011-04-10 Kevin Ollivier <kevino@theolliviers.com> + + Reviewed by Eric Seidel. + + Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers. + + https://bugs.webkit.org/show_bug.cgi?id=27551 + + * bytecompiler/BytecodeGenerator.h: + +2011-05-24 Keishi Hattori <keishi@webkit.org> + + Reviewed by Kent Tamura. + + Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer. + https://bugs.webkit.org/show_bug.cgi?id=61273 + + * Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag. + +2011-05-24 Kevin Ollivier <kevino@theolliviers.com> + + Reviewed by Eric Seidel. + + Add export macros to WTFString.h. + + https://bugs.webkit.org/show_bug.cgi?id=27551 + + * wtf/text/WTFString.h: + (WTF::String::String): + (WTF::String::findIgnoringCase): + (WTF::String::isHashTableDeletedValue): + +2011-05-24 Geoffrey Garen <ggaren@apple.com> + + Maybe fix the Mac build now? + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-05-24 Geoffrey Garen <ggaren@apple.com> + + Maybe fix the Mac build? + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-05-24 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Split HeapRootVisitor into its own class + https://bugs.webkit.org/show_bug.cgi?id=61399 + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/HandleHeap.cpp: + * heap/HandleStack.cpp: + * heap/Heap.cpp: + * heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h. + * heap/MarkStack.h: + * runtime/ArgList.cpp: + * runtime/SmallStrings.cpp: + +2011-05-24 Jay Civelli <jcivelli@chromium.org> + + Rubberstamped by David Kilzer. + + Updated some files that I forgot in my previous MHTML CL. + + * Configurations/FeatureDefines.xcconfig: + +2011-05-24 Geoffrey Garen <ggaren@apple.com> + + Fix the Mac build: Yes, please do remove these files, svn. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-05-24 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Let's just have one way to get the system page size, bokay? + https://bugs.webkit.org/show_bug.cgi?id=61384 + + * CMakeListsEfl.txt: + * CMakeListsWinCE.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp + is gone completely now, since it only existed to provide a duplicate way + to access the system page size. + + * heap/MarkStack.cpp: + (JSC::MarkStack::reset): + * heap/MarkStack.h: + (JSC::::MarkStackArray): + (JSC::::shrinkAllocation): Use WTF::pageSize. + + * heap/MarkStackPosix.cpp: + * heap/MarkStackSymbian.cpp: + * heap/MarkStackWin.cpp: Removed now-empty files. + + * jit/ExecutableAllocator.cpp: + (JSC::ExecutableAllocator::reprotectRegion): + * jit/ExecutableAllocator.h: + (JSC::ExecutableAllocator::ExecutableAllocator): + (JSC::ExecutablePool::ExecutablePool): + (JSC::ExecutablePool::poolAllocate): + * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize. + + * wscript: Removed now-empty files. + + * wtf/PageBlock.cpp: + (WTF::systemPageSize): Integrated questionable Symbian page size rule + from ExecutableAllocator, because that seems like what the original + author should have done. + +2011-05-24 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Interpreter crashes with gc validation enabled due to failure to mark initial cache structure + https://bugs.webkit.org/show_bug.cgi?id=61385 + + The interpreter uses the structure slot of get_by_id and put_by_id to hold + the initial structure it encountered so that it can identify whether a + given access is stable. + + When marking though we only visit the slot when we've decided to cache, and + so this value could die. This was "safe" as the value was only used for a + pointer compare, but it was incorrect. We now just mark the slot like we + should have been doing already. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitStructures): + +2011-05-24 Adam Roben <aroben@apple.com> + + Windows build fix + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions. + +2011-05-24 Geoffrey Garen <ggaren@apple.com> + + Windows build fix: update the #if OS(WINDOWS) section to match my last patch. + + * heap/MarkStack.h: + (JSC::::shrinkAllocation): + +2011-05-24 Geoffrey Garen <ggaren@apple.com> + + Rubber-stamped by Oliver Hunt. + + Split out function definitions and class definitions from class + declarations in MarkStack.h, for readability. + + * heap/MarkStack.h: + (JSC::MarkStack::MarkStack): + (JSC::MarkStack::~MarkStack): + (JSC::MarkStack::addOpaqueRoot): + (JSC::MarkStack::containsOpaqueRoot): + (JSC::MarkStack::opaqueRootCount): + (JSC::MarkSet::MarkSet): + (JSC::MarkStack::allocateStack): + (JSC::MarkStack::releaseStack): + (JSC::MarkStack::pageSize): + (JSC::::MarkStackArray): + (JSC::::~MarkStackArray): + (JSC::::expand): + (JSC::::append): + (JSC::::removeLast): + (JSC::::last): + (JSC::::isEmpty): + (JSC::::size): + (JSC::::shrinkAllocation): + +2011-05-24 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Avoid creating unnecessary identifiers and strings in the syntax checker + https://bugs.webkit.org/show_bug.cgi?id=61378 + + Selectively tell the lexer that there are some places it does not need to + do the real work of creating Identifiers for IDENT and STRING tokens. + + Make parseString and parseIdentifier templatized on whether they should + do real work, or merely validate the tokens. + + SunSpider --parse-only reports ~5-8% win depending on hardware. + + * parser/ASTBuilder.h: + (JSC::ASTBuilder::createDotAccess): + * parser/JSParser.cpp: + (JSC::JSParser::next): + (JSC::JSParser::consume): + (JSC::JSParser::parseVarDeclarationList): + (JSC::JSParser::parseConstDeclarationList): + (JSC::JSParser::parseExpression): + (JSC::JSParser::parseAssignmentExpression): + (JSC::JSParser::parseConditionalExpression): + (JSC::JSParser::parseBinaryExpression): + (JSC::JSParser::parseProperty): + (JSC::JSParser::parseObjectLiteral): + (JSC::JSParser::parseArrayLiteral): + (JSC::JSParser::parseArguments): + (JSC::JSParser::parseMemberExpression): + * parser/Lexer.cpp: + (JSC::Lexer::parseIdentifier): + (JSC::Lexer::parseString): + (JSC::Lexer::lex): + * parser/Lexer.h: + * parser/SyntaxChecker.h: + (JSC::SyntaxChecker::createDotAccess): + (JSC::SyntaxChecker::createProperty): + +2011-05-23 Michael Saboff <msaboff@apple.com> + + Reviewed by Mark Rowe. + + Safari often freezes when clicking "Return free memory" in Caches dialog + https://bugs.webkit.org/show_bug.cgi?id=61325 + + There are two fixes and improvement in instrumentation code used to find + one of the problems. + Changed ReleaseFreeList() to set the "decommitted" bit when releasing + pages to the system and moving Spans from the normal list to the returned + list. + Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge + to eliminate an infinite loop if we can't meet the pagesToRelease target. + Added a check for the decommitted bit being set properly in + TCMalloc_PageHeap::CheckList. + + * wtf/FastMalloc.cpp: + (WTF::TCMalloc_PageHeap::scavenge): + (WTF::TCMalloc_PageHeap::Check): + (WTF::TCMalloc_PageHeap::CheckList): + (WTF::ReleaseFreeList): + +2011-05-23 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + https://bugs.webkit.org/show_bug.cgi?id=61306 + + The begin characters optimization currently has issues (#61129), + and does not appear to still be a performance win. The prudent + next step seems to be to disable while we ascertain whether this + is still a useful performance optimization. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::matchDisjunction): + (JSC::Yarr::Interpreter::interpret): + * yarr/YarrInterpreter.h: + (JSC::Yarr::BytecodePattern::BytecodePattern): + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor): + (JSC::Yarr::YarrPattern::compile): + (JSC::Yarr::YarrPattern::YarrPattern): + * yarr/YarrPattern.h: + (JSC::Yarr::YarrPattern::reset): + +2011-05-23 Matthew Delaney <mdelaney@apple.com> + + Reviewed by Simon Fraser. + + Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger() + https://bugs.webkit.org/show_bug.cgi?id=58216 + + * wtf/MathExtras.h: + (clampToInteger): + (clampToPositiveInteger): + +2011-05-23 Ruben <chromium@hybridsource.org> + + Reviewed by Tony Chang. + + Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix + https://bugs.webkit.org/show_bug.cgi?id=61219 + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-05-23 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Reviewed by Gavin Barraclough. + + [SH4] AssemblerLabel does not name a type + https://bugs.webkit.org/show_bug.cgi?id=59927 + + SH4Assembler.h file shoold be included before AbstractMacroAssembler.h. + + * assembler/MacroAssemblerSH4.h: + +2011-05-23 Ryuan Choi <ryuan.choi@samsung.com> + + Rubber stamped by Eric Seidel. + + [CMAKE] Refactoring wtf related code. + https://bugs.webkit.org/show_bug.cgi?id=60146 + + Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt. + + * CMakeLists.txt: + * CMakeListsEfl.txt: + * wtf/CMakeLists.txt: + * wtf/CMakeListsEfl.txt: + +2011-05-22 Adam Barth <abarth@webkit.org> + + Enable strict PassOwnPtr for everyone. I expect this patch will need + some followups to make the GTK and EFL bots green again. + + * wtf/PassOwnPtr.h: + +2011-05-20 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Reduce size of inline cache path of get_by_id on ARMv7 + https://bugs.webkit.org/show_bug.cgi?id=61221 + + This reduces the code size of get_by_id by 20 bytes + + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::ldrCompact): + (JSC::ARMv7Assembler::repatchCompact): + (JSC::ARMv7Assembler::setUInt7ForLoad): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch): + * jit/JIT.h: + +2011-05-20 Zoltan Herczeg <zherczeg@inf.u-szeged.hu> + + Reviewed by Oliver Hunt. + + Zombies should "live" forever + https://bugs.webkit.org/show_bug.cgi?id=61170 + + Reusing zombie cells could still hide garbage + collected cell related bugs. + + * JavaScriptCore.pro: + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::clearMarks): + * heap/MarkedBlock.h: + * heap/MarkedSpace.cpp: + (JSC::MarkedSpace::destroy): + * runtime/JSCell.h: + (JSC::JSCell::JSValue::isZombie): + * runtime/JSZombie.h: + (JSC::JSZombie::~JSZombie): + * runtime/WriteBarrier.h: + (JSC::WriteBarrierBase::setWithoutWriteBarrier): + +2011-05-20 Brady Eidson <beidson@apple.com> + + Reviewed by Sam Weinig. + + <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203 + Horrendous bug in callOnMainThreadAndWait + + * wtf/MainThread.cpp: + (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the + syncFlag condition, reacquire the mutex first. + +2011-05-20 Oliver Hunt <oliver@apple.com> + + Reviewed by Sam Weinig. + + Remove unnecessary double->int conversion at the end of op_div + https://bugs.webkit.org/show_bug.cgi?id=61198 + + We don't attempt this conversion on 64bit, removing it actually speeds + up sunspider and v8 slightly, and it reduces code size. + + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_div): + +2011-05-19 Evan Martin <evan@chromium.org> + + Reviewed by Tony Chang. + + [chromium] remove <(library) variable + https://bugs.webkit.org/show_bug.cgi?id=61158 + + This was for a build experiment; we can just use the correct value now. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-05-20 Oliver Hunt <oliver@apple.com> + + Reviewed by Sam Weinig. + + Interpreter uses wrong bytecode offset for determining exception handler + https://bugs.webkit.org/show_bug.cgi?id=61191 + + The bytecode offset given for the returnPC from the JIT is + actually the offset for the start of the instruction triggering + the call, whereas in the interpreter it is the actual return + VPC. This means if the next instruction following a call was + in an exception region we would incorrectly redirect to its + handler. Long term we want to completely redo how exceptions + are handled anyway so the simplest and lowest risk fix here is + to simply subtract one from the return vPC so that we have an + offset in the triggering instruction. + + It turns out this is caught by a couple of tests already. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::unwindCallFrame): + +2011-05-20 Xan Lopez <xlopez@igalia.com> + + Reviewed by Oliver Hunt. + + JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap? + https://bugs.webkit.org/show_bug.cgi?id=42756 + + Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel + check of the available memory. This should give us an + overcommit-like behavior in most systems, which is what we want. + + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap. + +2011-05-19 Gabor Loki <loki@webkit.org> + + Fix ARM build after r86919 + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::nop): + +2011-05-19 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Randomise code starting location a little + https://bugs.webkit.org/show_bug.cgi?id=61161 + + Add a nop() function to the Assemblers so that we + can randomise code offsets slightly at no real cost. + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::nop): + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::nop): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::nop): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::nop): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::nop): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::nop): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::nop): + * assembler/X86Assembler.h: + (JSC::X86Assembler::nop): + * jit/JIT.cpp: + (JSC::JIT::JIT): + (JSC::JIT::privateCompile): + * jit/JIT.h: + * runtime/WeakRandom.h: + (JSC::WeakRandom::getUint32): + +2011-05-19 Oliver Hunt <oliver@apple.com> + + Fix windows build. + + * wtf/OSAllocatorWin.cpp: + (WTF::OSAllocator::reserveUncommitted): + (WTF::OSAllocator::reserveAndCommit): + +2011-05-19 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Add guard pages to each end of the memory region used by the fixedvm allocator + https://bugs.webkit.org/show_bug.cgi?id=61150 + + Add mechanism to notify the OSAllocator that pages at either end of an + allocation should be considered guard pages. Update PageReservation, + PageAllocation, etc to handle this. + + * JavaScriptCore.exp: + * jit/ExecutableAllocatorFixedVMPool.cpp: + (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator): + * wtf/OSAllocator.h: + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveUncommitted): + (WTF::OSAllocator::reserveAndCommit): + * wtf/PageAllocation.h: + (WTF::PageAllocation::PageAllocation): + * wtf/PageAllocationAligned.h: + (WTF::PageAllocationAligned::PageAllocationAligned): + * wtf/PageBlock.h: + (WTF::PageBlock::PageBlock): + * wtf/PageReservation.h: + (WTF::PageReservation::reserve): + (WTF::PageReservation::reserveWithGuardPages): + Add a new function to make a reservation that will add guard + pages to the ends of an allocation. + (WTF::PageReservation::PageReservation): + +2011-05-19 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make Executables release their JIT code as soon as they become dead + https://bugs.webkit.org/show_bug.cgi?id=61134 + + Add an ability to clear an Executable's jit code without requiring + it to be destroyed, and then call that from a finalizer. + + * heap/Weak.h: + (JSC::Weak::Weak): + (JSC::Weak::leak): + * jit/JITCode.h: + (JSC::JITCode::clear): + * runtime/Executable.cpp: + (JSC::ExecutableFinalizer::finalize): + (JSC::ExecutableBase::executableFinalizer): + * runtime/Executable.h: + (JSC::ExecutableBase::ExecutableBase): + (JSC::ExecutableBase::clearExecutableCode): + +2011-05-19 Adam Roben <aroben@apple.com> + + Remove a redundant and broken data export + + Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The + JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading + to a linker warning about multiple definitions.) + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info. + +2011-05-18 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests) + https://bugs.webkit.org/show_bug.cgi?id=61064 + + Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<> + for its inline storage. This resolves the problem of GC occurring before + a subclass has initialised its anonymous storage. + + * runtime/JSObject.h: + +2011-05-18 Adam Barth <abarth@webkit.org> + + Reviewed by Sam Weinig. + + Delete WTFURL + https://bugs.webkit.org/show_bug.cgi?id=61084 + + It's been a year and we've failed to complete this project. It's time + to throw in the towel. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/url: Removed. + * wtf/url/api: Removed. + * wtf/url/api/ParsedURL.cpp: Removed. + * wtf/url/api/ParsedURL.h: Removed. + * wtf/url/api/URLString.h: Removed. + * wtf/url/src: Removed. + * wtf/url/src/RawURLBuffer.h: Removed. + * wtf/url/src/URLBuffer.h: Removed. + * wtf/url/src/URLCharacterTypes.cpp: Removed. + * wtf/url/src/URLCharacterTypes.h: Removed. + * wtf/url/src/URLComponent.h: Removed. + * wtf/url/src/URLEscape.cpp: Removed. + * wtf/url/src/URLEscape.h: Removed. + * wtf/url/src/URLParser.h: Removed. + * wtf/url/src/URLQueryCanonicalizer.h: Removed. + * wtf/url/src/URLSegments.cpp: Removed. + * wtf/url/src/URLSegments.h: Removed. + * wtf/url/wtfurl.gyp: Removed. + +2011-05-18 Oliver Hunt <oliver@apple.com> + + Reviewed by Sam Weinig. + + JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption + https://bugs.webkit.org/show_bug.cgi?id=61090 + + Remove the Structure-free JSGlobalObject constructor and instead always + pass the structure into the JSGlobalObject constructor. + Stop DebuggerActivation creating a new structure every time, and simply + use a single shared structure held by the GlobalData. + + * API/JSContextRef.cpp: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::DebuggerActivation): + * jsc.cpp: + (GlobalObject::GlobalObject): + (functionRun): + (jscmain): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::clearBuiltinStructures): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.h: + +2011-05-18 Oliver Hunt <oliver@apple.com> + + Reviewed by Adam Roben. + + Disable gc validation in release builds + https://bugs.webkit.org/show_bug.cgi?id=60680 + + Add back the NDEBUG check + + * wtf/Platform.h: + +2011-05-17 Geoffrey Garen <ggaren@apple.com> + + Rolled out attempts to fix EFL build because they're not enough -- the + build script needs to be fixed. + + * runtime/BooleanPrototype.cpp: + * runtime/DateConstructor.cpp: + * runtime/ErrorPrototype.cpp: + +2011-05-17 Geoffrey Garen <ggaren@apple.com> + + More attempts to work around the EFL build system being borken. + + * runtime/DateConstructor.cpp: + * runtime/ErrorPrototype.cpp: + +2011-05-17 Geoffrey Garen <ggaren@apple.com> + + Try to fix the EFL build. + + * runtime/BooleanPrototype.cpp: + +2011-05-16 Geoffrey Garen <ggaren@apple.com> + + Rolling back in r86653 with build fixed. + + Reviewed by Gavin Barraclough and Oliver Hunt. + + Global object initialization is expensive + https://bugs.webkit.org/show_bug.cgi?id=60933 + + Changed a bunch of globals to allocate their properties lazily, and changed + the global object to allocate a bunch of its globals lazily. + + This reduces the footprint of a global object from 287 objects with 58 + functions for 24K to 173 objects with 20 functions for 15K. + + Large patch, but it's all mechanical. + + * DerivedSources.make: + * JavaScriptCore.exp: Build! + + * create_hash_table: Added a special case for fromCharCode, since it uses + a custom "thunk generator". + + * heap/Heap.cpp: + (JSC::TypeCounter::operator()): Fixed a bug where the type counter would + overcount objects that were owned through more than one mechanism because + it was getting in the way of counting the results for this patch. + + * interpreter/CallFrame.h: + (JSC::ExecState::arrayConstructorTable): + (JSC::ExecState::arrayPrototypeTable): + (JSC::ExecState::booleanPrototypeTable): + (JSC::ExecState::dateConstructorTable): + (JSC::ExecState::errorPrototypeTable): + (JSC::ExecState::globalObjectTable): + (JSC::ExecState::numberConstructorTable): + (JSC::ExecState::numberPrototypeTable): + (JSC::ExecState::objectPrototypeTable): + (JSC::ExecState::regExpPrototypeTable): + (JSC::ExecState::stringConstructorTable): Added new tables. + + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::ArrayConstructor): + (JSC::ArrayConstructor::getOwnPropertySlot): + (JSC::ArrayConstructor::getOwnPropertyDescriptor): + * runtime/ArrayConstructor.h: + (JSC::ArrayConstructor::createStructure): + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::getOwnPropertySlot): + (JSC::ArrayPrototype::getOwnPropertyDescriptor): + * runtime/ArrayPrototype.h: + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + (JSC::BooleanPrototype::getOwnPropertySlot): + (JSC::BooleanPrototype::getOwnPropertyDescriptor): + * runtime/BooleanPrototype.h: + (JSC::BooleanPrototype::createStructure): + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::DateConstructor): + (JSC::DateConstructor::getOwnPropertySlot): + (JSC::DateConstructor::getOwnPropertyDescriptor): + * runtime/DateConstructor.h: + (JSC::DateConstructor::createStructure): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + (JSC::ErrorPrototype::getOwnPropertySlot): + (JSC::ErrorPrototype::getOwnPropertyDescriptor): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::createStructure): Standardized these objects + to use static tables for function properties. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + * runtime/JSGlobalData.h: Added new tables. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::addStaticGlobals): + (JSC::JSGlobalObject::getOwnPropertySlot): + (JSC::JSGlobalObject::getOwnPropertyDescriptor): + * runtime/JSGlobalObject.h: + * runtime/JSGlobalObjectFunctions.cpp: + * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a + static table for its global functions. This required uninlining some + things to avoid a circular header dependency. However, those things + probably shouldn't have been inlined in the first place. + + Even more global object properties can be made lazy, but that requires + more in-depth changes. + + * runtime/MathObject.cpp: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getOwnPropertySlot): + (JSC::NumberConstructor::getOwnPropertyDescriptor): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + (JSC::NumberPrototype::getOwnPropertySlot): + (JSC::NumberPrototype::getOwnPropertyDescriptor): + * runtime/NumberPrototype.h: + (JSC::NumberPrototype::createStructure): + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::ObjectPrototype): + (JSC::ObjectPrototype::put): + (JSC::ObjectPrototype::getOwnPropertySlot): + (JSC::ObjectPrototype::getOwnPropertyDescriptor): + * runtime/ObjectPrototype.h: + (JSC::ObjectPrototype::createStructure): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + (JSC::RegExpPrototype::getOwnPropertySlot): + (JSC::RegExpPrototype::getOwnPropertyDescriptor): + * runtime/RegExpPrototype.h: + (JSC::RegExpPrototype::createStructure): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::StringConstructor): + (JSC::StringConstructor::getOwnPropertySlot): + (JSC::StringConstructor::getOwnPropertyDescriptor): + * runtime/StringConstructor.h: + (JSC::StringConstructor::createStructure): Standardized these objects + to use static tables for function properties. + +2011-05-17 Sam Weinig <sam@webkit.org> + + Reviewed by Oliver Hunt. + + JSGlobalContextRelease should not trigger a synchronous garbage collection + https://bugs.webkit.org/show_bug.cgi?id=60990 + + * API/JSContextRef.cpp: + Change synchronous call to collectAllGarbage to a call to trigger the + activityCallback. + +2011-05-16 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Reduce code size for inline cache + https://bugs.webkit.org/show_bug.cgi?id=60942 + + This patch introduces the concept of a "compact" address that + allows individual architectures to control the maximum offset + used for the inline path of get_by_id. This reduces the code + size of get_by_id by 3 bytes on x86 and x86_64 and slightly + improves performance on v8 tests. + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::repatchCompact): + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::repatchCompact): + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact): + (JSC::AbstractMacroAssembler::differenceBetween): + (JSC::AbstractMacroAssembler::repatchCompact): + * assembler/CodeLocation.h: + (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact): + (JSC::CodeLocationCommon::dataLabelCompactAtOffset): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::locationOf): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::repatchCompact): + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch): + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::repatchCompact): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch): + * assembler/RepatchBuffer.h: + (JSC::RepatchBuffer::repatch): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::repatchCompact): + * assembler/X86Assembler.h: + (JSC::X86Assembler::movl_mr_disp8): + (JSC::X86Assembler::movq_mr_disp8): + (JSC::X86Assembler::repatchCompact): + (JSC::X86Assembler::setInt8): + (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8): + (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8): + (JSC::X86Assembler::X86InstructionFormatter::memoryModRM): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::patchGetByIdSelf): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::patchGetByIdSelf): + * jit/JITStubs.cpp: + (JSC::JITThunks::tryCacheGetByID): + +2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r86653. + http://trac.webkit.org/changeset/86653 + https://bugs.webkit.org/show_bug.cgi?id=60944 + + "Caused regressions on Windows, OSX and EFL" (Requested by + yutak on #webkit). + + * DerivedSources.make: + * DerivedSources.pro: + * GNUmakefile.am: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * create_hash_table: + * heap/Heap.cpp: + (JSC::TypeCounter::operator()): + * interpreter/CallFrame.h: + (JSC::ExecState::arrayTable): + (JSC::ExecState::numberTable): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::ArrayConstructor): + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::getOwnPropertySlot): + (JSC::ArrayPrototype::getOwnPropertyDescriptor): + * runtime/ArrayPrototype.h: + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::DateConstructor): + * runtime/DateConstructor.h: + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + * runtime/ErrorPrototype.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::addStaticGlobals): + (JSC::JSGlobalObject::getOwnPropertySlot): + (JSC::JSGlobalObject::getOwnPropertyDescriptor): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncJSCPrint): + * runtime/JSGlobalObjectFunctions.h: + * runtime/MathObject.cpp: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getOwnPropertySlot): + (JSC::NumberConstructor::getOwnPropertyDescriptor): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + * runtime/NumberPrototype.h: + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::ObjectPrototype): + (JSC::ObjectPrototype::put): + (JSC::ObjectPrototype::getOwnPropertySlot): + * runtime/ObjectPrototype.h: + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + * runtime/RegExpPrototype.h: + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::StringConstructor): + * runtime/StringConstructor.h: + +2011-05-16 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Geoffrey Garen. + + Global object initialization is expensive + https://bugs.webkit.org/show_bug.cgi?id=60933 + + Changed a bunch of globals to allocate their properties lazily, and changed + the global object to allocate a bunch of its globals lazily. + + This reduces the footprint of a global object from 287 objects with 58 + functions for 24K to 173 objects with 20 functions for 15K. + + Large patch, but it's all mechanical. + + * DerivedSources.make: + * JavaScriptCore.exp: Build! + + * create_hash_table: Added a special case for fromCharCode, since it uses + a custom "thunk generator". + + * heap/Heap.cpp: + (JSC::TypeCounter::operator()): Fixed a bug where the type counter would + overcount objects that were owned through more than one mechanism because + it was getting in the way of counting the results for this patch. + + * interpreter/CallFrame.h: + (JSC::ExecState::arrayConstructorTable): + (JSC::ExecState::arrayPrototypeTable): + (JSC::ExecState::booleanPrototypeTable): + (JSC::ExecState::dateConstructorTable): + (JSC::ExecState::errorPrototypeTable): + (JSC::ExecState::globalObjectTable): + (JSC::ExecState::numberConstructorTable): + (JSC::ExecState::numberPrototypeTable): + (JSC::ExecState::objectPrototypeTable): + (JSC::ExecState::regExpPrototypeTable): + (JSC::ExecState::stringConstructorTable): Added new tables. + + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::ArrayConstructor): + (JSC::ArrayConstructor::getOwnPropertySlot): + (JSC::ArrayConstructor::getOwnPropertyDescriptor): + * runtime/ArrayConstructor.h: + (JSC::ArrayConstructor::createStructure): + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::getOwnPropertySlot): + (JSC::ArrayPrototype::getOwnPropertyDescriptor): + * runtime/ArrayPrototype.h: + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + (JSC::BooleanPrototype::getOwnPropertySlot): + (JSC::BooleanPrototype::getOwnPropertyDescriptor): + * runtime/BooleanPrototype.h: + (JSC::BooleanPrototype::createStructure): + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::DateConstructor): + (JSC::DateConstructor::getOwnPropertySlot): + (JSC::DateConstructor::getOwnPropertyDescriptor): + * runtime/DateConstructor.h: + (JSC::DateConstructor::createStructure): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + (JSC::ErrorPrototype::getOwnPropertySlot): + (JSC::ErrorPrototype::getOwnPropertyDescriptor): + * runtime/ErrorPrototype.h: + (JSC::ErrorPrototype::createStructure): Standardized these objects + to use static tables for function properties. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + * runtime/JSGlobalData.h: Added new tables. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::addStaticGlobals): + (JSC::JSGlobalObject::getOwnPropertySlot): + (JSC::JSGlobalObject::getOwnPropertyDescriptor): + * runtime/JSGlobalObject.h: + * runtime/JSGlobalObjectFunctions.cpp: + * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a + static table for its global functions. This required uninlining some + things to avoid a circular header dependency. However, those things + probably shouldn't have been inlined in the first place. + + Even more global object properties can be made lazy, but that requires + more in-depth changes. + + * runtime/MathObject.cpp: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::getOwnPropertySlot): + (JSC::NumberConstructor::getOwnPropertyDescriptor): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + (JSC::NumberPrototype::getOwnPropertySlot): + (JSC::NumberPrototype::getOwnPropertyDescriptor): + * runtime/NumberPrototype.h: + (JSC::NumberPrototype::createStructure): + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::ObjectPrototype): + (JSC::ObjectPrototype::put): + (JSC::ObjectPrototype::getOwnPropertySlot): + (JSC::ObjectPrototype::getOwnPropertyDescriptor): + * runtime/ObjectPrototype.h: + (JSC::ObjectPrototype::createStructure): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + (JSC::RegExpPrototype::getOwnPropertySlot): + (JSC::RegExpPrototype::getOwnPropertyDescriptor): + * runtime/RegExpPrototype.h: + (JSC::RegExpPrototype::createStructure): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::StringConstructor): + (JSC::StringConstructor::getOwnPropertySlot): + (JSC::StringConstructor::getOwnPropertyDescriptor): + * runtime/StringConstructor.h: + (JSC::StringConstructor::createStructure): Standardized these objects + to use static tables for function properties. + +2011-05-16 David Kilzer <ddkilzer@apple.com> + + <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2 + <rdar://problem/9446430> + + Reviewed by Mark Rowe. + + * Configurations/Base.xcconfig: Fixed typo. + +2011-05-16 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + JSWeakObjectMap finalisation may occur while gc is in inconsistent state + https://bugs.webkit.org/show_bug.cgi?id=60908 + <rdar://problem/9409491> + + We need to ensure that we have called all the weak map finalizers while + the global object (and hence global context) is still in a consistent + state. The best way to achieve this is to simply use a weak handle and + finalizer on the global object. + + * JavaScriptCore.exp: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::WeakMapFinalizer::finalize): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::registerWeakMap): + +2011-05-16 Siddharth Mathur <siddharth.mathur@nokia.com> + + Reviewed by Laszlo Gombos. + + [Qt][WK2][Symbian] Shared memory implementation for Symbian + https://bugs.webkit.org/show_bug.cgi?id=55875 + + * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users + +2011-05-16 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by Geoff Garen. + + https://bugs.webkit.org/show_bug.cgi?id=60866 + Evaluation order broken for empty alternatives in subpatterns + + Reverting https://bugs.webkit.org/show_bug.cgi?id=51395 + + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd): + +2011-05-15 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen & Michael Saboff. + + https://bugs.webkit.org/show_bug.cgi?id=60860 + Simplify backtracking in YARR JIT + + YARR JIT currently performs a single pass of code generation over the pattern, + with special handling to allow the code generation for some backtracking code + out of line. We can simplify things by moving to a common mechanism whereby all + forwards matching code is generated in one pass, and all backtracking code is + generated in another. Backtracking code can be generated in reverse order, to + optimized the common fall-through case. + + To make it easier to walk over the pattern, we can first convert to a more + byte-code like format before JIT generating. In time we should unify this with + the YARR interpreter to more closely unify the two. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput): + (JSC::Yarr::YarrGenerator::YarrOp::YarrOp): + (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState): + (JSC::Yarr::YarrGenerator::BacktrackingState::append): + (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough): + (JSC::Yarr::YarrGenerator::BacktrackingState::link): + (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo): + (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList): + (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty): + (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels): + (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord): + (JSC::Yarr::YarrGenerator::generateAssertionBOL): + (JSC::Yarr::YarrGenerator::backtrackAssertionBOL): + (JSC::Yarr::YarrGenerator::generateAssertionEOL): + (JSC::Yarr::YarrGenerator::backtrackAssertionEOL): + (JSC::Yarr::YarrGenerator::matchAssertionWordchar): + (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary): + (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary): + (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce): + (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed): + (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): + (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy): + (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): + (JSC::Yarr::YarrGenerator::generateCharacterClassOnce): + (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce): + (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): + (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed): + (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy): + (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy): + (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy): + (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): + (JSC::Yarr::YarrGenerator::generateTerm): + (JSC::Yarr::YarrGenerator::backtrackTerm): + (JSC::Yarr::YarrGenerator::generate): + (JSC::Yarr::YarrGenerator::backtrack): + (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern): + (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion): + (JSC::Yarr::YarrGenerator::opCompileAlternative): + (JSC::Yarr::YarrGenerator::opCompileBody): + (JSC::Yarr::YarrGenerator::YarrGenerator): + (JSC::Yarr::YarrGenerator::compile): + +2011-05-15 Adam Barth <abarth@webkit.org> + + Enable strict PassOwnPtr on Qt. (Build fixes to follow.) + + * wtf/PassOwnPtr.h: + +2011-05-15 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Maciej Stachowiak. + + Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower + in browser than on command line + + This patch fixes a few issues in generated code that could unreasonably + prolong object lifetimes. + + * heap/Heap.cpp: + (JSC::Heap::collectAllGarbage): Throw away all function code before doing + a major collection. We want to clear polymorphic caches, since they can + keep alive large object graphs that have gone "stale". For the same reason, + but to a lesser extent, we also want to clear linked functions and other + one-off caches. + + This has the side-benefit of reducing memory footprint from run-once + functions, and of allowing predictions and caches that have failed to + re-specialize. + + Eventually, if compilation costs rise far enough, we may want a more + limited strategy for de-specializing code without throwing it away + completely, but this works for now, and it's the simplest solution. + + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): + * jit/JITStubs.h: + * runtime/JSFunction.cpp: Made the host function stub cache weak -- + otherwise it's effectively a memory leak that can seriously fragment the + GC and JIT heaps. + + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::visitChildren): Cleared up some comments that confused + me when working with this code. + +2011-05-13 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make GC validation more aggressive + https://bugs.webkit.org/show_bug.cgi?id=60802 + + This patch makes the checks performed under GC_VALIDATION + much more aggressive, and adds the checks to more places + in order to allow us to catch GC bugs much closer to the + point of failure. + + * JavaScriptCore.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::visitChildren): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedSpace.cpp: + * runtime/Arguments.cpp: + (JSC::Arguments::visitChildren): + * runtime/Executable.cpp: + (JSC::EvalExecutable::visitChildren): + (JSC::ProgramExecutable::visitChildren): + (JSC::FunctionExecutable::visitChildren): + * runtime/Executable.h: + * runtime/GetterSetter.cpp: + (JSC::GetterSetter::visitChildren): + * runtime/GetterSetter.h: + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + (JSC::JSAPIValueWrapper::JSAPIValueWrapper): + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildren): + * runtime/JSArray.cpp: + (JSC::JSArray::visitChildren): + * runtime/JSCell.cpp: + (JSC::slowValidateCell): + * runtime/JSCell.h: + (JSC::JSCell::JSCell::unvalidatedStructure): + (JSC::JSCell::JSCell::JSCell): + * runtime/JSFunction.cpp: + (JSC::JSFunction::visitChildren): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::visitChildren): + (JSC::slowValidateCell): + * runtime/JSONObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::visitChildren): + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::visitChildren): + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + * runtime/JSWrapperObject.cpp: + (JSC::JSWrapperObject::visitChildren): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::visitChildren): + * runtime/PropertyMapHashTable.h: + (JSC::PropertyMapEntry::PropertyMapEntry): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::visitChildren): + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::visitChildren): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::ScopeChainNode): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::visitChildren): + * runtime/Structure.h: + (JSC::JSCell::classInfo): + * runtime/StructureChain.cpp: + (JSC::StructureChain::visitChildren): + * runtime/StructureChain.h: + * runtime/WriteBarrier.h: + (JSC::validateCell): + (JSC::JSCell): + (JSC::JSGlobalObject): + (JSC::WriteBarrierBase::set): + (JSC::WriteBarrierBase::setMayBeNull): + (JSC::WriteBarrierBase::setEarlyValue): + (JSC::WriteBarrierBase::get): + (JSC::WriteBarrierBase::operator*): + (JSC::WriteBarrierBase::operator->): + (JSC::WriteBarrierBase::unvalidatedGet): + (JSC::WriteBarrier::WriteBarrier): + * wtf/Assertions.h: + +2011-05-13 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make GC validation more aggressive + https://bugs.webkit.org/show_bug.cgi?id=60802 + + This patch makes the checks performed under GC_VALIDATION + much more aggressive, and adds the checks to more places + in order to allow us to catch GC bugs much closer to the + point of failure. + + * JavaScriptCore.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::visitChildren): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedSpace.cpp: + * runtime/Arguments.cpp: + (JSC::Arguments::visitChildren): + * runtime/Executable.cpp: + (JSC::EvalExecutable::visitChildren): + (JSC::ProgramExecutable::visitChildren): + (JSC::FunctionExecutable::visitChildren): + * runtime/Executable.h: + * runtime/GetterSetter.cpp: + (JSC::GetterSetter::visitChildren): + * runtime/GetterSetter.h: + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + (JSC::JSAPIValueWrapper::JSAPIValueWrapper): + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildren): + * runtime/JSArray.cpp: + (JSC::JSArray::visitChildren): + * runtime/JSCell.cpp: + (JSC::slowValidateCell): + * runtime/JSCell.h: + (JSC::JSCell::JSCell::unvalidatedStructure): + (JSC::JSCell::JSCell::JSCell): + * runtime/JSFunction.cpp: + (JSC::JSFunction::visitChildren): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::visitChildren): + (JSC::slowValidateCell): + * runtime/JSONObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::visitChildren): + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::visitChildren): + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + * runtime/JSWrapperObject.cpp: + (JSC::JSWrapperObject::visitChildren): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::visitChildren): + * runtime/PropertyMapHashTable.h: + (JSC::PropertyMapEntry::PropertyMapEntry): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::visitChildren): + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::visitChildren): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::ScopeChainNode): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::visitChildren): + * runtime/Structure.h: + (JSC::JSCell::classInfo): + * runtime/StructureChain.cpp: + (JSC::StructureChain::visitChildren): + * runtime/StructureChain.h: + * runtime/WriteBarrier.h: + (JSC::validateCell): + (JSC::JSCell): + (JSC::JSGlobalObject): + (JSC::WriteBarrierBase::set): + (JSC::WriteBarrierBase::setMayBeNull): + (JSC::WriteBarrierBase::setEarlyValue): + (JSC::WriteBarrierBase::get): + (JSC::WriteBarrierBase::operator*): + (JSC::WriteBarrierBase::operator->): + (JSC::WriteBarrierBase::unvalidatedGet): + (JSC::WriteBarrier::WriteBarrier): + * wtf/Assertions.h: + +2011-05-14 Csaba Osztrogonác <ossy@webkit.org> + + Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt. + + Make GC validation more aggressive + https://bugs.webkit.org/show_bug.cgi?id=60802 + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.xcodeproj/project.pbxproj: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::visitChildren): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedSpace.cpp: + * runtime/Arguments.cpp: + (JSC::Arguments::visitChildren): + * runtime/Executable.cpp: + (JSC::EvalExecutable::visitChildren): + (JSC::ProgramExecutable::visitChildren): + (JSC::FunctionExecutable::visitChildren): + * runtime/Executable.h: + (JSC::ProgramExecutable::createStructure): + (JSC::FunctionExecutable::createStructure): + * runtime/GetterSetter.cpp: + (JSC::GetterSetter::visitChildren): + * runtime/GetterSetter.h: + (JSC::GetterSetter::createStructure): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildren): + * runtime/JSArray.cpp: + (JSC::JSArray::visitChildren): + * runtime/JSCell.cpp: + * runtime/JSCell.h: + (JSC::JSCell::JSCell::JSCell): + * runtime/JSFunction.cpp: + (JSC::JSFunction::visitChildren): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::visitChildren): + * runtime/JSONObject.h: + (JSC::JSONObject::createStructure): + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::visitChildren): + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::visitChildren): + * runtime/JSString.h: + (JSC::RopeBuilder::createStructure): + * runtime/JSWrapperObject.cpp: + (JSC::JSWrapperObject::visitChildren): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::visitChildren): + * runtime/PropertyMapHashTable.h: + (JSC::PropertyMapEntry::PropertyMapEntry): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::visitChildren): + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::visitChildren): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::ScopeChainNode): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::visitChildren): + * runtime/Structure.h: + (JSC::Structure::createStructure): + (JSC::JSCell::classInfo): + * runtime/StructureChain.cpp: + (JSC::StructureChain::visitChildren): + * runtime/StructureChain.h: + * runtime/WriteBarrier.h: + (JSC::WriteBarrierBase::set): + (JSC::WriteBarrierBase::get): + (JSC::WriteBarrierBase::operator*): + (JSC::WriteBarrierBase::operator->): + (JSC::WriteBarrier::WriteBarrier): + * wtf/Assertions.h: + +2011-05-13 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make GC validation more aggressive + https://bugs.webkit.org/show_bug.cgi?id=60802 + + This patch makes the checks performed under GC_VALIDATION + much more aggressive, and adds the checks to more places + in order to allow us to catch GC bugs much closer to the + point of failure. + + * JavaScriptCore.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::visitChildren): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedSpace.cpp: + * runtime/Arguments.cpp: + (JSC::Arguments::visitChildren): + * runtime/Executable.cpp: + (JSC::EvalExecutable::visitChildren): + (JSC::ProgramExecutable::visitChildren): + (JSC::FunctionExecutable::visitChildren): + * runtime/Executable.h: + * runtime/GetterSetter.cpp: + (JSC::GetterSetter::visitChildren): + * runtime/GetterSetter.h: + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + (JSC::JSAPIValueWrapper::JSAPIValueWrapper): + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildren): + * runtime/JSArray.cpp: + (JSC::JSArray::visitChildren): + * runtime/JSCell.cpp: + (JSC::slowValidateCell): + * runtime/JSCell.h: + (JSC::JSCell::JSCell::unvalidatedStructure): + (JSC::JSCell::JSCell::JSCell): + * runtime/JSFunction.cpp: + (JSC::JSFunction::visitChildren): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::visitChildren): + (JSC::slowValidateCell): + * runtime/JSONObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::visitChildren): + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::visitChildren): + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + * runtime/JSWrapperObject.cpp: + (JSC::JSWrapperObject::visitChildren): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::visitChildren): + * runtime/PropertyMapHashTable.h: + (JSC::PropertyMapEntry::PropertyMapEntry): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::visitChildren): + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::visitChildren): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::ScopeChainNode): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::visitChildren): + * runtime/Structure.h: + (JSC::JSCell::classInfo): + * runtime/StructureChain.cpp: + (JSC::StructureChain::visitChildren): + * runtime/StructureChain.h: + * runtime/WriteBarrier.h: + (JSC::validateCell): + (JSC::JSCell): + (JSC::JSGlobalObject): + (JSC::WriteBarrierBase::set): + (JSC::WriteBarrierBase::setMayBeNull): + (JSC::WriteBarrierBase::setEarlyValue): + (JSC::WriteBarrierBase::get): + (JSC::WriteBarrierBase::operator*): + (JSC::WriteBarrierBase::operator->): + (JSC::WriteBarrierBase::unvalidatedGet): + (JSC::WriteBarrier::WriteBarrier): + * wtf/Assertions.h: + +2011-05-01 Holger Hans Peter Freyther <holger@moiji-mobile.com> + + Reviewed by Steve Block. + + [android] OS(ANDROID) does not imply PLATFORM(ANDROID) + https://bugs.webkit.org/show_bug.cgi?id=59888 + + It is possible to build QtWebKit and others for OS(ANDROID). Let + the buildsystem decide which platform is to be build. + + * wtf/Platform.h: + +2011-05-12 Maciej Stachowiak <mjs@apple.com> + + Reviewed by Darin Adler. + + XMLDocumentParserLibxml2 should play nice with strict OwnPtrs + https://bugs.webkit.org/show_bug.cgi?id=59394 + + This portion of the change introduces a PassTraits template, which + is used to enable takeFirst() to work for a Deque holding OwnPtrs, + and optimize it for a Deque holding RefPtrs. In the future it can + be deployed elsewhere to make our data structures work better with + our smart pointers. + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + * wtf/Deque.h: + (WTF::::takeFirst): + * wtf/PassTraits.h: Added. + (WTF::PassTraits::transfer): + +2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> + + Not reviewed. + + Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> + + Not reviewed. + + String operator+ reallocates unnecessarily when concatting > 2 strings + https://bugs.webkit.org/show_bug.cgi?id=58420 + + Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> + + Reviewed by Darin Adler. + + String operator+ reallocates unnecessarily when concatting > 2 strings + https://bugs.webkit.org/show_bug.cgi?id=58420 + + Provide a faster String append operator. + Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary + object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting + N strings using operator+, this leads to N-1 reallocations. + + Replace this with a flexible operator+ implementation, that avoids these reallocations. + When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..) + a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays + creation of the final string, until operator String() is invoked. + + template<typename T> + StringAppend<String, T> operator+(const String& string1, T string2) + { + return StringAppend<String, T>(string1, string2); + } + + template<typename U, typename V, typename W> + StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2) + { + return StringAppend<U, StringAppend<V, W> >(string1, string2); + } + + When concatting three strings - "String a, b, c; String result = a + b + c;" following happens: + first a StringAppend<String, String> object is created by operator+(const String& string1, String string2). + Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns + a StringAppend<String, StringAppend<String, String> > object. + Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the + final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us + against too big string allocations, etc. + + Note that the second template, defines a recursive way to concat an arbitary number of strings + into a single String with just one allocation. + + * GNUmakefile.list.am: Add StringOperators.h to build. + * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols. + * JavaScriptCore.gypi: Add StringOperators.h to build. + * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto. + * JavaScriptCore.xcodeproj/project.pbxproj: Ditto. + * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file. + * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file. + * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file. + (WTF::StringAppend::StringAppend): + (WTF::StringAppend::operator String): + (WTF::StringAppend::operator AtomicString): + (WTF::StringAppend::writeTo): + (WTF::StringAppend::length): + (WTF::operator+): + * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append(). + (WTF::emptyString): Add new shared empty string free function. + * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file. + +2011-05-12 Philippe Normand <pnormand@igalia.com> + + Unreviewed, GTK build fix. + + * wtf/Platform.h: + +2011-05-12 Keith Kyzivat <keith.kyzivat@nokia.com> + + Reviewed by Csaba Osztrogonác. + + [Qt] Arm debug build failing on ARMAssembler::debugOffset() + https://bugs.webkit.org/show_bug.cgi?id=60688 + + Related to svn rev 85523 + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::debugOffset): + +2011-05-11 Igor Oliveira <igor.oliveira@openbossa.org> + + Reviewed by Eric Seidel. + + WebKit does not build with GCCE + https://bugs.webkit.org/show_bug.cgi?id=60667 + + Allow compile WebKit with GCCE + + * wtf/Alignment.h: + * wtf/Platform.h: + +2011-05-11 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Enable strict PassOwnPtr on Mac + https://bugs.webkit.org/show_bug.cgi?id=60684 + + This should build cleanly now. + + * wtf/PassOwnPtr.h: + +2011-05-11 Oliver Hunt <oliver@apple.com> + + Reviewed by Darin Adler. + + Protect JSC from WebCore executing JS during JS wrapper finalization + https://bugs.webkit.org/show_bug.cgi?id=60672 + <rdar://problem/9350997> + + Detect when we're trying to execute JS during GC and prevent the + execution from happening. We also assert that this isn't happening + as it implies incorrect behaviour of an object's destructor. + + * JavaScriptCore.exp: + * heap/Heap.cpp: + * heap/Heap.h: + (JSC::Heap::isBusy): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::isCollectorBusy): + +2011-05-11 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Enable gc mark validation in temporarily in release builds + https://bugs.webkit.org/show_bug.cgi?id=60678 + + Make it easier to turn the gc mark validation on and off, and + temporarily turn it on for all builds. + + * heap/MarkStack.cpp: + * heap/MarkStack.h: + (JSC::MarkStack::append): + (JSC::MarkStack::internalAppend): + * runtime/WriteBarrier.h: + (JSC::MarkStack::appendValues): + * wtf/Platform.h: + +2011-05-11 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com + + SunSpider reports no change. + + This bug was caused by changing Structure and Executable to being GC + objects, and by a long-standing bug that would thrash the global object + between dictionary and non-dictionary states. + + * runtime/BatchedTransitionOptimizer.h: + (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't + eagerly transition to dictionary -- this can cause pathological dictionary + churn, and it's not necessary, since objects know how to automatically + transition to dictionary when necessary. + + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report + extra cost from compilation, because it can be quite high. This is especially + important for program code, since DOM timers can repeatedly allocate + program code without allocating any other objects. + + * runtime/JSObject.cpp: + (JSC::JSObject::removeDirect): Don't transition to the uncacheable state + if the thing we're trying to remove doesn't exist. This can happen during + compilation, since the compiler needs to ensure that no pre-existing + conflicting definitions exist for certain declarations. + +2011-05-11 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Make mark stack validation functions do something useful in a release build + https://bugs.webkit.org/show_bug.cgi?id=60645 + + Turn ASSERTs into actual if(...) CRASH(); statements. + + * heap/MarkStack.cpp: + (JSC::MarkStack::validateValue): + +2011-05-11 Xan Lopez <xlopez@igalia.com> + + Reviewed by Martin Robinson. + + Fix copy&paste error in comment. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::stringGetByValStubGenerator): the value is stored in + regT2, not regT1. + +2011-05-11 Adam Roben <aroben@apple.com> + + WinCE build fixes for strict PassOwnPtr + + * wtf/unicode/CollatorDefault.cpp: + (WTF::Collator::userDefault): Use adoptPtr. + +2011-05-11 Holger Hans Peter Freyther <holger@moiji-mobile.com> + + Unreviewed build fix. + + [MIPS] Fix compilation of the MIPS JIT + + Include the MIPSAssembler.h first to indirectly include + AssemblerBuffer.h before the AbstractMacroAssembler.h. This + order is used for the ARM and X86 MacroAssembler*.h + + * assembler/MacroAssemblerMIPS.h: + +2011-05-11 Adam Roben <aroben@apple.com> + + Turn on strict PassOwnPtr on Windows + + Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled + + Reviewed by Adam Barth. + + * wtf/PassOwnPtr.h: + +2011-05-10 Stephanie Lewis <slewis@apple.com> + + Unreviewed. + + Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130 + + * Configurations/JavaScriptCore.xcconfig: + +2011-05-10 Adam Barth <abarth@webkit.org> + + Reviewed by David Levin. + + Enable strict PassOwnPtr on Chromium + https://bugs.webkit.org/show_bug.cgi?id=60502 + + Other platforms to follow. + + * wtf/PassOwnPtr.h: + +2011-05-10 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier + https://bugs.webkit.org/show_bug.cgi?id=60532 + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.xcodeproj/project.pbxproj: Build! + + * heap/Handle.h: Moved HandleTypes to its own header because that's the + WebKit style, and it was necessary to resolve a circular dependency + between Handle.h and WriteBarrier.h. + + * heap/Heap.h: + (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to + verify that all the code is in the right place. + + * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to + resolve a circular dependency. + + * runtime/ArgList.h: + * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for + free anymore. + + * runtime/PropertyMapHashTable.h: + (JSC::PropertyTable::PropertyTable): Call the real writeBarrier() + function, now that it exists. + + * runtime/SmallStrings.h: Removed a stray #include to resolve a circular + dependency. + + * runtime/WriteBarrier.h: + (JSC::WriteBarrierBase::set): + (JSC::MarkStack::append): + (JSC::MarkStack::appendValues): Updated to match the changes above. + +2011-05-10 Oliver Hunt <oliver@apple.com> + + Build fix. + + * heap/MarkStack.cpp: + (JSC::MarkStack::validateValue): + +2011-05-10 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Add some aggressive GC validation to debug builds. + https://bugs.webkit.org/show_bug.cgi?id=60601 + + When assertions are enabled we now do some validity checking + of objects being added to the mark stack. + + * bytecode/Instruction.h: + (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo): + (JSC::PolymorphicAccessStructureList::visitAggregate): + * heap/MarkStack.cpp: + (JSC::MarkStack::validateSet): + (JSC::MarkStack::validateValue): + * heap/MarkStack.h: + (JSC::MarkStack::appendValues): + (JSC::MarkStack::append): + (JSC::MarkStack::internalAppend): + +2011-05-09 Darin Adler <darin@apple.com> + + Reviewed by Oliver Hunt. + + http://bugs.webkit.org/show_bug.cgi?id=60509 + Wrong type used for return value from strlen + + * wtf/FastMalloc.cpp: + (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since + fastMalloc won't return if it fails. + +2011-05-09 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + CSP should block Function constructor + https://bugs.webkit.org/show_bug.cgi?id=60240 + + When eval is disabled, we need to block the use of the function + constructor. However, the WebCore JSC bindings call the function + constructor directly to create inline event listeners. To support that + use, this patch adds an entrypoint that bypasses the check for whether + eval is enabled. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/FunctionConstructor.cpp: + (JSC::constructFunction): + (JSC::constructFunctionSkippingEvalEnabledCheck): + * runtime/FunctionConstructor.h: + +2011-05-09 Adam Roben <aroben@apple.com> + + Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes + + Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other + WebKit1 IDL file changes to avoid build errors + + Reviewed by Tim Hatcher. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: + Updated for script rename. + + * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed. + * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed + from react-to-vsprops-changes.py. + (top level): Moved a constant here from main. + (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new + react_to_webkit1_interface_changes function. + (react_to_vsprops_changes): Moved code here from main. Updated to use the + TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa + and touch_if_older_than. + (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL + file has changed. + (mtime_of_newest_file_matching_glob): Added. Code came from main. + (touch_if_older_than): Added. Code came from main. + +2011-05-08 Jessie Berlin <jberlin@apple.com> + + Reviewed by Dan Bernstein. + + Make JSRetainPtr work with JSGlobalContextRefs. + https://bugs.webkit.org/show_bug.cgi?id=60452 + + Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs. + + * API/JSRetainPtr.h: + (JSRetain): + (JSRelease): + +2011-05-07 Dawit Alemayehu <adawit@kde.org> + + Reviewed by Daniel Bates. + + Fix compile with GCC 4.6.0 + https://bugs.webkit.org/show_bug.cgi?id=60380 + + Remove unused local variable from code. + + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncMatch): + +2011-05-06 Alexis Menard <alexis.menard@openbossa.org> + + Unreviewed build fix with gcc 4.6.0 on linux and c++0x support. + + std::tr1::has_trivial_constructor is in <tr1/memory>. + + * wtf/TypeTraits.h: + +2011-05-05 Jay Civelli <jcivelli@chromium.org> + + Reviewed by Adam Barth. + + Added convenience methods to convert from a byte to hex ASCII digit + characters and vice-versa. + https://bugs.webkit.org/show_bug.cgi?id=59834 + + * wtf/ASCIICType.h: + (WTF::toASCIIHexValue): + (WTF::lowerNibbleToASCIIHexDigit): + (WTF::upperNibbleToASCIIHexDigit): + +2011-05-05 Alexis Menard <alexis.menard@openbossa.org> + + Reviewed by Benjamin Poulain. + + [Qt] Make QtWebKit build when using gcc 4.6.0 + https://bugs.webkit.org/show_bug.cgi?id=60265 + + If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate + the c++0x support because it works. + + * JavaScriptCore.pro: + +2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch> + + Reviewed by Geoffrey Garen. + + Port MachineStackMarker.cpp to Windows x64 + https://bugs.webkit.org/show_bug.cgi?id=60216 + + * heap/MachineStackMarker.cpp: + (JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also + on 64-bit Windows. + (JSC::otherThreadStackPointer): return the Rsp register on Windows x64. + +2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch> + + Reviewed by Martin Robinson. + + Link libjavascriptcoregtk on Windows with winmm.dll + https://bugs.webkit.org/show_bug.cgi?id=60215 + + * GNUmakefile.am: + +2011-05-04 Tao Bai <michaelbai@chromium.org> + + Reviewed by David Kilzer. + + Populate touch-icon url to FrameLoaderClient + https://bugs.webkit.org/show_bug.cgi?id=59143 + + * Configurations/FeatureDefines.xcconfig: + +2011-05-03 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of + code that accidentally survived the conversion to a switch statement, + causing a lot of important code not to run most of the time. + + Since this is not a trivial finger-picking mistake, I will not call it a + typo. + +2011-05-04 Adam Roben <aroben@apple.com> + + Another attempted build fix + + * wtf/OwnPtr.h: + (WTF::OwnPtr::operator==): + (WTF::OwnPtr::operator!=): + * wtf/PassOwnPtr.h: + (WTF::PassOwnPtr::operator==): + (WTF::PassOwnPtr::operator!=): + Added a return statement. And made a tweak based on a suggestion from Anders Carlsson. + +2011-05-04 Adam Roben <aroben@apple.com> + + Try to fix Leopard, Qt, and probably others + + * wtf/OwnPtr.h: + (WTF::OwnPtr::operator==): + (WTF::OwnPtr::operator!=): + * wtf/PassOwnPtr.h: + (WTF::PassOwnPtr::operator==): + (WTF::PassOwnPtr::operator!=): + Try to get the compiler not to instantiate these function templates unnecessarily. + +2011-05-03 Adam Roben <aroben@apple.com> + + Disallow equality comparisons between [Pass]OwnPtrs + + If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something + really sneaky, in which case you should stop!) + + Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error + + Reviewed by Anders Carlsson and Antti Koivisto. + + * wtf/OwnPtr.h: + (WTF::OwnPtr::operator==): + (WTF::OwnPtr::operator!=): + * wtf/PassOwnPtr.h: + (WTF::PassOwnPtr::operator==): + (WTF::PassOwnPtr::operator!=): + Added private equality operators that fail to compile when used. (When not used, the + compiler will skip over them because they are function templates.) + +2011-05-04 Alexis Menard <alexis.menard@openbossa.org> + + Reviewed by Gavin Barraclough. + + JITArithmetic.cpp produces a warning on a unused variable. + https://bugs.webkit.org/show_bug.cgi?id=60060 + + Just properly use what we already have converted. + + * jit/JITArithmetic.cpp: + (JSC::JIT::emitSlow_op_add): + (JSC::JIT::emitSlow_op_mul): + +2011-05-04 Alexis Menard <alexis.menard@openbossa.org> + + Reviewed by Geoffrey Garen. + + JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0. + https://bugs.webkit.org/show_bug.cgi?id=60050 + + This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable + in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated + as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED + which copy the idea of ASSERT_UNUSED. + + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::emit_op_put_by_id): + * wtf/Assertions.h: + (assertWithMessageUnused): + +2011-04-29 Jer Noble <jer.noble@apple.com> + + Reviewed by Eric Seidel. + + Implement FULLSCREEN_API on Windows, Part 4: Enable it + https://bugs.webkit.org/show_bug.cgi?id=59798 + + * wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win. + +2011-05-03 Alexis Menard <alexis.menard@openbossa.org> + + Reviewed by Eric Seidel. + + Unused but set variable warning in MacroAssemberX86_64 + https://bugs.webkit.org/show_bug.cgi?id=59482 + + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::call): + (JSC::MacroAssemblerX86_64::tailRecursiveCall): + (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): + +2011-05-03 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make malloc validation useful + https://bugs.webkit.org/show_bug.cgi?id=57502 + + Reland this patch (rolled out in 82905) without + turning it on by default. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/FastMalloc.cpp: + (WTF::tryFastMalloc): + (WTF::fastMalloc): + (WTF::tryFastCalloc): + (WTF::fastCalloc): + (WTF::fastFree): + (WTF::tryFastRealloc): + (WTF::fastRealloc): + (WTF::fastMallocSize): + (WTF::TCMalloc_PageHeap::isScavengerSuspended): + (WTF::TCMalloc_PageHeap::scheduleScavenger): + (WTF::TCMalloc_PageHeap::suspendScavenger): + (WTF::TCMalloc_PageHeap::signalScavenger): + (WTF::TCMallocStats::malloc): + (WTF::TCMallocStats::free): + (WTF::TCMallocStats::fastCalloc): + (WTF::TCMallocStats::tryFastCalloc): + (WTF::TCMallocStats::calloc): + (WTF::TCMallocStats::fastRealloc): + (WTF::TCMallocStats::tryFastRealloc): + (WTF::TCMallocStats::realloc): + (WTF::TCMallocStats::fastMallocSize): + * wtf/FastMalloc.h: + (WTF::Internal::fastMallocValidationHeader): + (WTF::Internal::fastMallocValidationSuffix): + (WTF::Internal::fastMallocMatchValidationType): + (WTF::Internal::setFastMallocMatchValidationType): + (WTF::fastMallocMatchValidateFree): + (WTF::fastMallocValidate): + +2011-05-03 Xan Lopez <xlopez@igalia.com> + + Reviewed by Anders Carlsson. + + Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield + https://bugs.webkit.org/show_bug.cgi?id=59261 + + Use unary '+' to force proper type detection in template arguments + with GCC 4.6.0. See bug report for more details. + + * runtime/Structure.cpp: + (JSC::StructureTransitionTable::remove): Use '+' to force precise type detection. + (JSC::StructureTransitionTable::add): ditto. + * runtime/Structure.h: + (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto. + +2011-05-03 Jessie Berlin <jberlin@apple.com> + + Rubber-stamped by Adam Roben. + + Revert r85550 and r85575. + + Variables cannot be exported via the .def file. Instead, they should be annotated with + JS_EXPORTDATA. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/Structure.cpp: + (JSC::Structure::materializePropertyMap): + * runtime/Structure.h: + (JSC::Structure::typeInfo): + (JSC::Structure::previousID): + (JSC::Structure::propertyStorageCapacity): + (JSC::Structure::propertyStorageSize): + (JSC::Structure::get): + (JSC::Structure::materializePropertyMapIfNecessary): + +2011-05-02 Adam Roben <aroben@apple.com> + + Allow implicit conversion from nullptr_t to PassOwnPtr + + This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in + strict PassOwnPtr mode. + + Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr + doesn't work, but should + + Reviewed by Adam Barth. + + * wtf/PassOwnPtr.h: + (WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t. + + * wtf/MessageQueue.h: + (WTF::::waitForMessageFilteredWithTimeout): + (WTF::::tryGetMessage): + Use the new implicit conversion. + +2011-05-02 Jessie Berlin <jberlin@apple.com> + + Rubber-stamped by Oliver Hunt. + + Remove an assertion that Windows was hitting on launch. + + * runtime/Structure.cpp: + (JSC::Structure::materializePropertyMap): + * runtime/Structure.h: + (JSC::Structure::typeInfo): + (JSC::Structure::previousID): + (JSC::Structure::propertyStorageCapacity): + (JSC::Structure::propertyStorageSize): + (JSC::Structure::get): + (JSC::Structure::materializePropertyMapIfNecessary): + +2011-05-02 Mark Rowe <mrowe@apple.com> + + Reviewed by Geoff Garen. + + <rdar://problem/9371948> JavaScriptCore should build with GCC 4.2 + + * Configurations/CompilerVersion.xcconfig: + +2011-05-02 Gavin Barraclough <barraclough@apple.com> + + ARMv7 build fix. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::Jump::link): + (JSC::AbstractMacroAssembler::Jump::linkTo): + +2011-05-02 Oliver Hunt <oliver@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-05-02 Michael Saboff <msaboff@apple.com> + + Reviewed by Geoffrey Garen. + + crash in JSC::RegExp::match + https://bugs.webkit.org/show_bug.cgi?id=58922 + + Cleared chained backtrack data label when linking label even if that + label doesn't chain itself. This is needed so that subsequent + backtrack data labels point to the next outer paren and not within + the current paren. + + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists): + +2011-05-02 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Tiny bit of heap cleanup. + + * heap/MarkedBlock.h: + (JSC::MarkedBlock::contains): Tightened up an assertion and a comment. + + * heap/MarkedSpace.h: + (JSC::MarkedSpace::globalData): + (JSC::MarkedSpace::highWaterMark): + (JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class + definition, for better clarity. + +2011-05-02 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Correct marking of interpreter data in mixed mode builds + https://bugs.webkit.org/show_bug.cgi?id=59962 + + We had a few places in mixed mode builds where we would not + track data used by the interpreter for marking. This patch + corrects the problem and adds a number of assertions to catch + live Structures being collected. + + * JavaScriptCore.exp: + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset): + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addPropertyAccessInstruction): + (JSC::CodeBlock::addGlobalResolveInstruction): + (JSC::CodeBlock::addStructureStubInfo): + (JSC::CodeBlock::addGlobalResolveInfo): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitGetById): + (JSC::BytecodeGenerator::emitPutById): + (JSC::BytecodeGenerator::emitDirectPutById): + * runtime/Structure.cpp: + (JSC::Structure::materializePropertyMap): + * runtime/Structure.h: + (JSC::Structure::typeInfo): + (JSC::Structure::previousID): + (JSC::Structure::propertyStorageCapacity): + (JSC::Structure::propertyStorageSize): + (JSC::Structure::get): + (JSC::Structure::materializePropertyMapIfNecessary): + +2011-05-02 Xan Lopez <xlopez@igalia.com> + + Reviewed by Alexey Proskuryakov. + + Use native NullPtr when using GCC 4.6.0 and C++0x + https://bugs.webkit.org/show_bug.cgi?id=59252 + + GCC 4.6.0 has nullptr support, use it when possible. + + * wtf/NullPtr.cpp: include config.h to pull in Platform.h before + NullPtr.h, since we need the GCC_VERSION_AT_LEAST definition. + * wtf/NullPtr.h: check for GCC >= 4.6.0 and C++0x in order to + use native nullptr. + +2011-05-02 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=59950 + Clean up AssemblerBuffer to use a Vector internally. + + AssemblerBuffer handles reallocing a byte array itself - stop that. + + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::executableCopy): + * assembler/AssemblerBuffer.h: + (JSC::AssemblerLabel::AssemblerLabel): + (JSC::AssemblerLabel::labelAtOffset): + (JSC::AssemblerBuffer::AssemblerBuffer): + (JSC::AssemblerBuffer::~AssemblerBuffer): + (JSC::AssemblerBuffer::isAvailable): + (JSC::AssemblerBuffer::ensureSpace): + (JSC::AssemblerBuffer::isAligned): + (JSC::AssemblerBuffer::putIntegral): + (JSC::AssemblerBuffer::putIntegralUnchecked): + (JSC::AssemblerBuffer::putByteUnchecked): + (JSC::AssemblerBuffer::putByte): + (JSC::AssemblerBuffer::putShortUnchecked): + (JSC::AssemblerBuffer::putShort): + (JSC::AssemblerBuffer::putIntUnchecked): + (JSC::AssemblerBuffer::putInt): + (JSC::AssemblerBuffer::putInt64Unchecked): + (JSC::AssemblerBuffer::putInt64): + (JSC::AssemblerBuffer::codeSize): + (JSC::AssemblerBuffer::label): + (JSC::AssemblerBuffer::executableCopy): + (JSC::AssemblerBuffer::rewindToLabel): + (JSC::AssemblerBuffer::debugOffset): + (JSC::AssemblerBuffer::append): + (JSC::AssemblerBuffer::grow): + * assembler/AssemblerBufferWithConstantPool.h: + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::linkCall): + * assembler/X86Assembler.h: + (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel): + +2011-05-02 Jeff Miller <jeffm@apple.com> + + Reviewed by Alexy Proskuryakov. + + Avoid potential buffer overflow in WTFLog() and WTFLogVerbose() + https://bugs.webkit.org/show_bug.cgi?id=59949 + + * wtf/Assertions.cpp: Check for 0 or empty format string in WTFLog() and WTFLogVerbose(). + +2011-05-02 Adam Barth <abarth@webkit.org> + + Reviewed by Alexey Proskuryakov. + + StringImpl::endsWith has some insane code + https://bugs.webkit.org/show_bug.cgi?id=59900 + + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::endsWith): + - m_data shadows a member variable of the same name. + +2011-05-02 Gabor Loki <loki@webkit.org> + + Buildfix for ARM after r85448 + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::loadBranchTarget): + +2011-05-01 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Strict-mode only reserved words not reserved + https://bugs.webkit.org/show_bug.cgi?id=55342 + + Fix line number tracking when we rollback the lexer. + + * parser/JSParser.cpp: + (JSC::JSParser::parseSourceElements): + +2011-05-01 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + ES5 Strict mode does not allow getter and setter for same propId + https://bugs.webkit.org/show_bug.cgi?id=57295 + + Simplify and correct the logic for strict mode object literals. + + * parser/JSParser.cpp: + (JSC::JSParser::parseStrictObjectLiteral): + +2011-05-01 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Assigning to function identifier under strict should throw + https://bugs.webkit.org/show_bug.cgi?id=59289 + + Add logic to StaticScopeObject to ensure we don't silently consume + writes to constant properties. + + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::put): + +2011-05-01 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=59903 + Use AssemblerLabel throughout Assembler classes, AssemblerBuffer + + Creating a lable() into the AssemblerBuffer should return an AssemblerLabel, + not an unsigned int. + + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::executableCopy): + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::blx): + (JSC::ARMAssembler::label): + (JSC::ARMAssembler::loadBranchTarget): + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::b): + (JSC::ARMv7Assembler::blx): + (JSC::ARMv7Assembler::bx): + (JSC::ARMv7Assembler::label): + (JSC::ARMv7Assembler::ARMInstructionFormatter::label): + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::label): + * assembler/AssemblerBufferWithConstantPool.h: + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::label): + (JSC::MIPSAssembler::relocateJumps): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::loadConstant): + (JSC::SH4Assembler::loadConstantUnReusable): + (JSC::SH4Assembler::call): + (JSC::SH4Assembler::jmp): + (JSC::SH4Assembler::jne): + (JSC::SH4Assembler::je): + (JSC::SH4Assembler::label): + (JSC::SH4Assembler::oneShortOp): + * assembler/X86Assembler.h: + (JSC::X86Assembler::call): + (JSC::X86Assembler::jmp_r): + (JSC::X86Assembler::label): + (JSC::X86Assembler::X86InstructionFormatter::immediateRel32): + (JSC::X86Assembler::X86InstructionFormatter::label): + +2011-05-01 Adam Barth <abarth@webkit.org> + + Reviewed by David Levin. + + Enable strict mode for OwnPtr and PassOwnPtr + https://bugs.webkit.org/show_bug.cgi?id=59428 + + * wtf/OwnPtr.h: + +2011-05-01 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Adam Barth. + + Enable strict OwnPtr for PLATFORM(WIN) + https://bugs.webkit.org/show_bug.cgi?id=59881 + + * wtf/OwnPtr.h: + +2011-05-01 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + https://bugs.webkit.org/show_bug.cgi?id=59896 + Remove JmpSrc/JmpDst types. + + The JmpSrc/JmpDst classes predate the MacroAssembler interface. Having these + object be per-assembler in unhelpful, causes unnecessary code duplication, + and prevents the AssemblerBuffer from providing a richer type for labels. + The limited semantic meaning that they did convey is undermined by the manner + in which their meanings have been overloaded (use of JmpSrc for Call, JmpDst + for data labels). + + Jumps on ARMv7 have had additional information added to the object via the + ARMv7 JmpSrc. This data should probably be in the instruction stream. This + patch does not fix the problem, and moves the data (ifdefed) to + AbstractMacroAssembler::Jump (which is effectively where it was before!). + This at least closes the hole such that no further data may be added to JmpSrc, + but this is unfortunate, and should be cleaned up. + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::blx): + (JSC::ARMAssembler::label): + (JSC::ARMAssembler::align): + (JSC::ARMAssembler::loadBranchTarget): + (JSC::ARMAssembler::jmp): + (JSC::ARMAssembler::linkPointer): + (JSC::ARMAssembler::linkJump): + (JSC::ARMAssembler::linkCall): + (JSC::ARMAssembler::getRelocatedAddress): + (JSC::ARMAssembler::getDifferenceBetweenLabels): + (JSC::ARMAssembler::getCallReturnOffset): + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::b): + (JSC::ARMv7Assembler::blx): + (JSC::ARMv7Assembler::bx): + (JSC::ARMv7Assembler::label): + (JSC::ARMv7Assembler::align): + (JSC::ARMv7Assembler::getRelocatedAddress): + (JSC::ARMv7Assembler::getDifferenceBetweenLabels): + (JSC::ARMv7Assembler::getCallReturnOffset): + (JSC::ARMv7Assembler::linkJump): + (JSC::ARMv7Assembler::linkCall): + (JSC::ARMv7Assembler::linkPointer): + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::Label::isSet): + (JSC::AbstractMacroAssembler::Call::Call): + (JSC::AbstractMacroAssembler::Jump::Jump): + (JSC::AbstractMacroAssembler::Jump::link): + (JSC::AbstractMacroAssembler::Jump::linkTo): + (JSC::AbstractMacroAssembler::linkPointer): + (JSC::AbstractMacroAssembler::getLinkerAddress): + * assembler/AssemblerBuffer.h: + (JSC::AssemblerLabel::AssemblerLabel): + (JSC::AssemblerLabel::isSet): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::patch): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::label): + (JSC::MIPSAssembler::align): + (JSC::MIPSAssembler::getRelocatedAddress): + (JSC::MIPSAssembler::getDifferenceBetweenLabels): + (JSC::MIPSAssembler::getCallReturnOffset): + (JSC::MIPSAssembler::linkJump): + (JSC::MIPSAssembler::linkCall): + (JSC::MIPSAssembler::linkPointer): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::branchDouble): + (JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN): + (JSC::MacroAssemblerARMv7::jump): + (JSC::MacroAssemblerARMv7::nearCall): + (JSC::MacroAssemblerARMv7::call): + (JSC::MacroAssemblerARMv7::ret): + (JSC::MacroAssemblerARMv7::tailRecursiveCall): + (JSC::MacroAssemblerARMv7::makeBranch): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::nearCall): + (JSC::MacroAssemblerMIPS::call): + (JSC::MacroAssemblerMIPS::tailRecursiveCall): + (JSC::MacroAssemblerMIPS::branchTrue): + (JSC::MacroAssemblerMIPS::branchFalse): + (JSC::MacroAssemblerMIPS::branchEqual): + (JSC::MacroAssemblerMIPS::branchNotEqual): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::call): + (JSC::SH4Assembler::jmp): + (JSC::SH4Assembler::jne): + (JSC::SH4Assembler::je): + (JSC::SH4Assembler::label): + (JSC::SH4Assembler::align): + (JSC::SH4Assembler::linkJump): + (JSC::SH4Assembler::linkCall): + (JSC::SH4Assembler::linkPointer): + (JSC::SH4Assembler::getCallReturnOffset): + (JSC::SH4Assembler::getRelocatedAddress): + (JSC::SH4Assembler::getDifferenceBetweenLabels): + (JSC::SH4Assembler::patchPointer): + * assembler/X86Assembler.h: + (JSC::X86Assembler::call): + (JSC::X86Assembler::jmp): + (JSC::X86Assembler::jmp_r): + (JSC::X86Assembler::jne): + (JSC::X86Assembler::jnz): + (JSC::X86Assembler::je): + (JSC::X86Assembler::jz): + (JSC::X86Assembler::jl): + (JSC::X86Assembler::jb): + (JSC::X86Assembler::jle): + (JSC::X86Assembler::jbe): + (JSC::X86Assembler::jge): + (JSC::X86Assembler::jg): + (JSC::X86Assembler::ja): + (JSC::X86Assembler::jae): + (JSC::X86Assembler::jo): + (JSC::X86Assembler::jp): + (JSC::X86Assembler::js): + (JSC::X86Assembler::jCC): + (JSC::X86Assembler::label): + (JSC::X86Assembler::labelFor): + (JSC::X86Assembler::align): + (JSC::X86Assembler::linkJump): + (JSC::X86Assembler::linkCall): + (JSC::X86Assembler::linkPointer): + (JSC::X86Assembler::getCallReturnOffset): + (JSC::X86Assembler::getRelocatedAddress): + (JSC::X86Assembler::getDifferenceBetweenLabels): + (JSC::X86Assembler::rewindToLabel): + (JSC::X86Assembler::X86InstructionFormatter::immediateRel32): + (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::atJumpTarget): + (JSC::JIT::emitGetVirtualRegister): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_jmp): + (JSC::JIT::emit_op_jfalse): + (JSC::JIT::emit_op_jeq_null): + (JSC::JIT::emit_op_jneq_null): + (JSC::JIT::emit_op_jneq_ptr): + (JSC::JIT::emit_op_jsr): + (JSC::JIT::emit_op_jtrue): + (JSC::JIT::emit_op_jmp_scopes): + +2011-05-01 Chao-ying Fu <fu@mips.com> + + Reviewed by Eric Seidel. + + Fix MIPS build due to the split of "Condition" enum + https://bugs.webkit.org/show_bug.cgi?id=59407 + + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::debugOffset): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::branch32): + (JSC::MacroAssemblerMIPS::compare32): + +2011-04-30 Adam Barth <abarth@webkit.org> + + Reviewed by Adam Barth. + + Enable strict OwnPtr for GTK + https://bugs.webkit.org/show_bug.cgi?id=59861 + + * wtf/OwnPtr.h: + +2011-04-30 Gavin Barraclough <barraclough@apple.com> + + ARMv7 build fix. + + * assembler/AssemblerBufferWithConstantPool.h: + +2011-04-30 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Bug 59869 - AssemblerBuffer cleanup - disambiguate size() + + The method size() is called on the AssemblerBuffer both to acquire + the complete size of the code, and to get a position to use as a + label into the code. Instead, add an explicit 'label' method. + + * assembler/ARMAssembler.cpp: + (JSC::ARMAssembler::executableCopy): + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::blx): + (JSC::ARMAssembler::codeSize): + (JSC::ARMAssembler::label): + (JSC::ARMAssembler::loadBranchTarget): + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::b): + (JSC::ARMv7Assembler::blx): + (JSC::ARMv7Assembler::bx): + (JSC::ARMv7Assembler::label): + (JSC::ARMv7Assembler::codeSize): + (JSC::ARMv7Assembler::ARMInstructionFormatter::codeSize): + (JSC::ARMv7Assembler::ARMInstructionFormatter::data): + * assembler/AbstractMacroAssembler.h: + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::codeSize): + (JSC::AssemblerBuffer::label): + * assembler/AssemblerBufferWithConstantPool.h: + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::LinkBuffer): + (JSC::LinkBuffer::linkCode): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::newJmpSrc): + (JSC::MIPSAssembler::appendJump): + (JSC::MIPSAssembler::label): + (JSC::MIPSAssembler::codeSize): + (JSC::MIPSAssembler::relocateJumps): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::loadConstant): + (JSC::SH4Assembler::loadConstantUnReusable): + (JSC::SH4Assembler::call): + (JSC::SH4Assembler::jmp): + (JSC::SH4Assembler::jne): + (JSC::SH4Assembler::je): + (JSC::SH4Assembler::label): + (JSC::SH4Assembler::executableCopy): + (JSC::SH4Assembler::oneShortOp): + (JSC::SH4Assembler::codeSize): + * assembler/X86Assembler.h: + (JSC::X86Assembler::call): + (JSC::X86Assembler::jmp_r): + (JSC::X86Assembler::codeSize): + (JSC::X86Assembler::label): + (JSC::X86Assembler::executableCopy): + (JSC::X86Assembler::X86InstructionFormatter::immediateRel32): + (JSC::X86Assembler::X86InstructionFormatter::codeSize): + (JSC::X86Assembler::X86InstructionFormatter::label): + (JSC::X86Assembler::X86InstructionFormatter::executableCopy): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::compile): + +2011-04-29 Adam Barth <abarth@webkit.org> + + Attempt to fix the Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-04-29 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + CSP script-src should block eval + https://bugs.webkit.org/show_bug.cgi?id=59850 + + ggaren recommend a different approach to this patch, essentially + installing a new function for function-eval and changing the AST + representation of operator-eval to call function-eval. However, I'm + not sure that approach is workable because the ASTBuilder doesn't know + about global objects, and there is added complication due to the cache. + + This approach is more dynamic, adding a branch in EvalExecutable to + detect whether eval is current disabled in the lexical scope. The spec + is slightly unclear about whether we should return undefined or throw + an exception. I've asked Brandon to clarify the spec, but throwing an + exception seems natural. + + * JavaScriptCore.exp: + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::disableEval): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::JSGlobalObject): + (JSC::JSGlobalObject::isEvalEnabled): + +2011-04-29 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=59847 + Remove linkOffset from LinkBuffer + + This is redundant since removal of recompilation for exception info. + + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::LinkBuffer): + (JSC::LinkBuffer::linkCode): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * jit/JIT.cpp: + (JSC::JIT::JIT): + (JSC::JIT::privateCompile): + * jit/JIT.h: + (JSC::JIT::compile): + (JSC::JIT::compileCTIMachineTrampolines): + (JSC::JIT::compileCTINativeCall): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::finalize): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::compile): + +2011-04-29 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt & Geoff Garen. + + https://bugs.webkit.org/show_bug.cgi?id=59221 + [RegexFuzz] Regression blocking testing + + Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion + node, emitDisjunction recursively calls to itself to emit the nested disjunction + the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into + account the uncheck that has just taken place). + + Also, the special handling given to countToCheck in the case of parenthetical + assertions is nonsense, delete it, along with the isParentheticalAssertion argument. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::ByteCompiler::emitDisjunction): + +2011-04-29 Csaba Osztrogonác <ossy@webkit.org> + + Reviewed by Adam Barth. + + Enable strict OwnPtr for Qt + https://bugs.webkit.org/show_bug.cgi?id=59667 + + * wtf/OwnPtr.h: + +2011-04-29 Dean Jackson <dino@apple.com> + + Reviewed by Simon Fraser. + + Add ENABLE macro for WebKitAnimation + https://bugs.webkit.org/show_bug.cgi?id=59729 + + Add new feature to toggle WebKit Animation API. + + * Configurations/FeatureDefines.xcconfig: + +2011-04-28 Sam Weinig <sam@webkit.org> + + Reviewed by Mark Rowe. + + Install testapi.js along side testapi + https://bugs.webkit.org/show_bug.cgi?id=59773 + + * JavaScriptCore.xcodeproj/project.pbxproj: + Add new build phase to copy testapi.js to install path of testapi + on install. + +2011-04-28 David Levin <levin@chromium.org> + + Reviewed by Adam Barth. + + Remove IMAGE_RESIZER related code. + https://bugs.webkit.org/show_bug.cgi?id=59735 + + * Configurations/FeatureDefines.xcconfig: + +2011-04-28 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=59763 + DFG JIT - Unify FPRReg & FPRegisterID + + (Following on from GPRReg/RegisterID unification). + + * dfg/DFGFPRInfo.h: + (JSC::DFG::FPRInfo::toRegister): + (JSC::DFG::FPRInfo::debugName): + * dfg/DFGGPRInfo.h: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::checkConsistency): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::boxDouble): + (JSC::DFG::JITCodeGenerator::unboxDouble): + (JSC::DFG::JITCodeGenerator::flushRegisters): + (JSC::DFG::JITCodeGenerator::isFlushed): + (JSC::DFG::JITCodeGenerator::setupTwoStubArgs): + (JSC::DFG::JITCodeGenerator::setupStubArguments): + (JSC::DFG::JITCodeGenerator::callOperation): + (JSC::DFG::GPRResult::lockedResult): + (JSC::DFG::FPRResult::lockedResult): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::EntryLocation::EntryLocation): + (JSC::DFG::NonSpeculativeJIT::valueToNumber): + (JSC::DFG::NonSpeculativeJIT::valueToInt32): + (JSC::DFG::NonSpeculativeJIT::numberToInt32): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters): + (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters): + * dfg/DFGRegisterBank.h: + (JSC::DFG::RegisterBank::iterator::regID): + (JSC::DFG::RegisterBank::iterator::debugName): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculationCheck::SpeculationCheck): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + +2011-04-28 David Kilzer <ddkilzer@apple.com> + + Revert "<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called" + + This reverts commit r85195. It was crashing DumpRenderTree on Lion. + + * wtf/mac/MainThreadMac.mm: + (WTF::postTimer): + +2011-04-28 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Remove WML + https://bugs.webkit.org/show_bug.cgi?id=59678 + + Remove the WML configuration option from the Mac build system. + + * Configurations/FeatureDefines.xcconfig: + +2011-04-28 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r85233 and r85235. + http://trac.webkit.org/changeset/85233 + http://trac.webkit.org/changeset/85235 + https://bugs.webkit.org/show_bug.cgi?id=59754 + + Causes issues with jsc. (Requested by dave_levin on #webkit). + + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * jit/ExecutableAllocator.h: + (JSC::ExecutablePool::ExecutablePool): + * parser/SourceProvider.h: + (JSC::SourceProvider::SourceProvider): + * runtime/RegExp.cpp: + (JSC::RegExp::RegExp): + * wtf/CMakeLists.txt: + * wtf/RefCounted.h: + (WTF::RefCountedBase::ref): + (WTF::RefCountedBase::hasOneRef): + (WTF::RefCountedBase::refCount): + (WTF::RefCountedBase::derefBase): + * wtf/SizeLimits.cpp: + * wtf/ThreadRestrictionVerifier.h: Removed. + * wtf/text/CString.h: + (WTF::CStringBuffer::CStringBuffer): + +2011-04-28 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Bug 59740 - DFG JIT - Unify GPRReg & RegisterID + + Currently we use a mix of enum values throughout the DFG JIT to represent + gpr registers - the RegisterID provided by the MacroAssembler, and the + GPRReg enum giving the sequential register set over which the RegisterBank + allocates. Unify the two. + + Patch to unify FPRReg in a similar fashion will follow. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * dfg/DFGFPRInfo.h: Added. + (JSC::DFG::next): + (JSC::DFG::FPRBankInfo::toRegister): + (JSC::DFG::FPRBankInfo::toIndex): + * dfg/DFGGPRInfo.h: Added. + (JSC::DFG::GPRInfo::toRegister): + (JSC::DFG::GPRInfo::toIndex): + (JSC::DFG::GPRInfo::debugName): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::dump): + (JSC::DFG::JITCodeGenerator::checkConsistency): + (JSC::DFG::GPRTemporary::GPRTemporary): + (JSC::DFG::FPRTemporary::FPRTemporary): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::boxDouble): + (JSC::DFG::JITCodeGenerator::unboxDouble): + (JSC::DFG::JITCodeGenerator::spill): + (JSC::DFG::JITCodeGenerator::flushRegisters): + (JSC::DFG::JITCodeGenerator::isFlushed): + (JSC::DFG::JITCodeGenerator::bitOp): + (JSC::DFG::JITCodeGenerator::shiftOp): + (JSC::DFG::JITCodeGenerator::setupTwoStubArgs): + (JSC::DFG::JITCodeGenerator::setupStubArguments): + (JSC::DFG::JITCodeGenerator::callOperation): + (JSC::DFG::IntegerOperand::gpr): + (JSC::DFG::DoubleOperand::gpr): + (JSC::DFG::GPRTemporary::gpr): + (JSC::DFG::FPRTemporary::gpr): + (JSC::DFG::GPRResult::lockedResult): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::JITCompiler::fillInt32ToInteger): + (JSC::DFG::JITCompiler::fillToJS): + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + (JSC::DFG::JITCompiler::compileFunction): + (JSC::DFG::JITCompiler::jitAssertIsInt32): + (JSC::DFG::JITCompiler::jitAssertIsJSInt32): + (JSC::DFG::JITCompiler::jitAssertIsJSNumber): + (JSC::DFG::JITCompiler::jitAssertIsJSDouble): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::preserveReturnAddressAfterCall): + (JSC::DFG::JITCompiler::restoreReturnAddressBeforeReturn): + (JSC::DFG::JITCompiler::emitGetFromCallFrameHeaderPtr): + (JSC::DFG::JITCompiler::emitPutToCallFrameHeader): + (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader): + (JSC::DFG::JITCompiler::addressForGlobalVar): + (JSC::DFG::JITCompiler::addressFor): + (JSC::DFG::JITCompiler::tagFor): + (JSC::DFG::JITCompiler::payloadFor): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::EntryLocation::EntryLocation): + (JSC::DFG::NonSpeculativeJIT::valueToNumber): + (JSC::DFG::NonSpeculativeJIT::valueToInt32): + (JSC::DFG::NonSpeculativeJIT::numberToInt32): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + (JSC::DFG::NonSpeculativeJIT::silentSpillGPR): + (JSC::DFG::NonSpeculativeJIT::silentSpillFPR): + (JSC::DFG::NonSpeculativeJIT::silentFillGPR): + (JSC::DFG::NonSpeculativeJIT::silentFillFPR): + (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters): + (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters): + * dfg/DFGRegisterBank.h: + (JSC::DFG::RegisterBank::allocate): + (JSC::DFG::RegisterBank::retain): + (JSC::DFG::RegisterBank::release): + (JSC::DFG::RegisterBank::lock): + (JSC::DFG::RegisterBank::unlock): + (JSC::DFG::RegisterBank::isLocked): + (JSC::DFG::RegisterBank::name): + (JSC::DFG::RegisterBank::iterator::name): + (JSC::DFG::RegisterBank::iterator::isLocked): + (JSC::DFG::RegisterBank::iterator::release): + (JSC::DFG::RegisterBank::iterator::gpr): + (JSC::DFG::RegisterBank::iterator::debugName): + (JSC::DFG::RegisterBank::iterator::operator++): + (JSC::DFG::RegisterBank::iterator::operator!=): + (JSC::DFG::RegisterBank::iterator::index): + (JSC::DFG::RegisterBank::iterator::iterator): + (JSC::DFG::RegisterBank::begin): + (JSC::DFG::RegisterBank::end): + (JSC::DFG::RegisterBank::isLockedAtIndex): + (JSC::DFG::RegisterBank::nameAtIndex): + (JSC::DFG::RegisterBank::releaseAtIndex): + (JSC::DFG::RegisterBank::allocateInternal): + (JSC::DFG::RegisterBank::MapEntry::MapEntry): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::~ScoreBoard): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculationCheck::SpeculationCheck): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::initializeVariableTypes): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculateIntegerOperand::gpr): + +2011-04-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Remove evil addressOfStructure() function + https://bugs.webkit.org/show_bug.cgi?id=59739 + + Remove the addressOfStructure function from JSCell, and update + callsites to use the same logic as testPrototype() + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdProtoList): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdProtoList): + * runtime/JSCell.h: + +2011-04-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Clean up testPrototype() + https://bugs.webkit.org/show_bug.cgi?id=59734 + + Remove direct pointer to the inside of a GC object and just do + the indirect load manually. Doesn't effect sunspider but does + clean up the code quite a bit, and simplifies the handling of + GC values. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::testPrototype): + +2011-04-28 David Levin <levin@chromium.org> + + Build fix. + + * wtf/RefCounted.h: Fix inverted ifdef. + +2011-04-07 David Levin <levin@chromium.org> + + Reviewed by Darin Adler. + + Add asserts to RefCounted to make sure ref/deref happens on the right thread. + https://bugs.webkit.org/show_bug.cgi?id=31639 + + * GNUmakefile.list.am: Added new files to the build. + * JavaScriptCore.gypi: Ditto. + * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto. + * JavaScriptCore.xcodeproj/project.pbxproj: Ditto. + * jit/ExecutableAllocator.h: + (JSC::ExecutablePool::ExecutablePool): Turned off checks for this + due to not being able to figure out what was guarding it (bug 58091). + * parser/SourceProvider.h: + (JSC::SourceProvider::SourceProvider): Ditto. + * runtime/RegExp.cpp: + (JSC::RegExp::RegExp): Ditto. + * wtf/CMakeLists.txt: Added new files to the build. + * wtf/ThreadRestrictionVerifier.h: Added. + Everything is done in the header to avoid the issue with exports + that are only useful in debug but still needing to export them. + * wtf/RefCounted.h: + (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier. + and filed bug 58171 about making it stricter. + (WTF::RefCountedBase::hasOneRef): Ditto. + (WTF::RefCountedBase::refCount): Ditto. + (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based + on a mutex. This is in the header to avoid adding more exports from JavaScriptCore. + (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification. + Filed bug 58174 to remove this method. + (WTF::RefCountedBase::derefBase): + * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted. + * wtf/text/CString.h: + (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being + done in Chromium's test_shell (bug 58093). + +2011-04-28 Xan Lopez <xlopez@igalia.com> + + Unreviewed attempt to fix the build. + + * GNUmakefile.am: add -lpthread. + +2011-04-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Only need a single implementation of testPrototype + https://bugs.webkit.org/show_bug.cgi?id=59724 + + Remove excess copy of identical testPrototype() code + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::testPrototype): + * jit/JITPropertyAccess32_64.cpp: + +2011-04-28 Xan Lopez <xlopez@igalia.com> + + Reviewed by Martin Robinson. + + [Gtk] Split JSC and WebCore builds + https://bugs.webkit.org/show_bug.cgi?id=19428 + + Build JavaScriptCore as a libtool shared library instead of a + private convenience library. + + * GNUmakefile.am: define new jsc library and adapt to new name for + javascriptcore target. + * GNUmakefile.list.am: ditto. + +2011-04-28 David Kilzer <ddkilzer@apple.com> + + <http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called + + Reviewed by Simon Fraser. + + * wtf/mac/MainThreadMac.mm: + (WTF::postTimer): Use RetainPtr to plug the leak. + +2011-04-27 Sam Weinig <sam@webkit.org> + + Reviewed by David Kilzer. + + Add way to install testapi in production builds + https://bugs.webkit.org/show_bug.cgi?id=59674 + + * Configurations/TestAPI.xcconfig: Copied from Configurations/JavaScriptCore.xcconfig. + Add configuration file for TestAPI. In addition to name, we now specify an install path + and allow SKIP_INSTALL to be overridden by setting FORCE_TOOL_INSTALL. + + * JavaScriptCore.xcodeproj/project.pbxproj: + Remove in-project build settings and add missing configuration files. Added missing CompilerVersion.xcconfig + file. + +2011-04-27 Adam Barth <abarth@webkit.org> + + Reviewed by David Levin. + + Enable strict OwnPtrs for Chromium + https://bugs.webkit.org/show_bug.cgi?id=59666 + + * wtf/OwnPtr.h: + +2011-04-27 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Add ability to remove keys from weakmap API + https://bugs.webkit.org/show_bug.cgi?id=59645 + + Add JSWeakObjectMapRemove API + + * API/JSWeakObjectMapRefPrivate.cpp: + * API/JSWeakObjectMapRefPrivate.h: + * JavaScriptCore.exp: + +2011-04-27 Adam Barth <abarth@webkit.org> + + Reviewed by David Levin. + + Enable strict mode for OwnPtr + https://bugs.webkit.org/show_bug.cgi?id=59428 + + This patch enables strict mode for OwnPtr on PLATFORM(MAC) only. + + * wtf/OwnPtr.h: + +2011-04-27 Steve Block <steveblock@google.com> + + Reviewed by David Levin. + + Remove Android build system + https://bugs.webkit.org/show_bug.cgi?id=48111 + + This is to avoid the maintenance burden until the Android port is + fully upstreamed. + + * Android.mk: Removed. + * Android.v8.wtf.mk: Removed. + +2011-04-27 Mark Rowe <mrowe@apple.com> + + Fix 32-bit build after r85036. + + * wtf/Platform.h: USE(PLUGIN_HOST_PROCESS) is only true for 64-bit. + +2011-04-27 Csaba Osztrogonác <ossy@webkit.org> + + Unreviewed buildfix after r85036. + + Readd non-dead code. + + * wtf/OSAllocatorPosix.cpp: + (WTF::OSAllocator::reserveAndCommit): + +2011-04-27 Adam Barth <abarth@webkit.org> + + Reviewed by Kenneth Russell. + + OwnPtr assignment operator should be private + https://bugs.webkit.org/show_bug.cgi?id=59487 + + Unfortunately we can't remove the copy constructor because of some + detail about gcc. (The issue is documented in a comment already.) + + * wtf/OwnPtr.h: + +2011-04-26 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r84977. + http://trac.webkit.org/changeset/84977 + https://bugs.webkit.org/show_bug.cgi?id=59568 + + caused crashes on the SL WK2 bots (Requested by jessieberlin + on #webkit). + + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::call): + (JSC::MacroAssemblerX86_64::tailRecursiveCall): + (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): + +2011-04-26 Kevin Ollivier <kevino@theolliviers.com> + + Rubberstamped by Eric Seidel. + + Enable waf to be used to build other ports + https://bugs.webkit.org/show_bug.cgi?id=58213 + + * wscript: + +2011-04-26 Sam Weinig <sam@webkit.org> + + Reviewed by David Hyatt. + + Remove Datagrid from the tree + https://bugs.webkit.org/show_bug.cgi?id=59543 + + * Configurations/FeatureDefines.xcconfig: + Remove feature. + +2011-04-26 Adrienne Walker <enne@google.com> + + Reviewed by Geoffrey Garen. + + Fix incorrect use of OwnPtr<T*> in GCActivityCallback + https://bugs.webkit.org/show_bug.cgi?id=59559 + + * runtime/GCActivityCallback.h: + +2011-04-26 Xan Lopez <xlopez@igalia.com> + + Reviewed by Daniel Bates. + + Unused but set variable warning in MacroAssembelX86_64 + https://bugs.webkit.org/show_bug.cgi?id=59482 + + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::call): do not declare the label + variable if we are not going to use it. + (JSC::MacroAssemblerX86_64::tailRecursiveCall): ditto. + (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): ditto. + +2011-04-26 Dan Bernstein <mitz@apple.com> + + Reviewed by Mark Rowe. + + Choose the compiler based on the Xcode version for Snow Leopard debug builds. + + * Configurations/Base.xcconfig: + * Configurations/CompilerVersion.xcconfig: Added. + +2011-04-25 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Nixed special finalizer handling for WebCore strings + https://bugs.webkit.org/show_bug.cgi?id=59425 + + SunSpider reports no change. + + Not needed anymore, since weak handles have finalizers. + + * runtime/JSString.cpp: + (JSC::JSString::resolveRope): + (JSC::JSString::resolveRopeSlowCase): + (JSC::JSString::outOfMemory): + (JSC::JSString::substringFromRope): + (JSC::JSString::replaceCharacter): Updated for removal of union. + + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + (JSC::RopeBuilder::~JSString): + (JSC::RopeBuilder::appendStringInConstruct): + (JSC::RopeBuilder::appendValueInConstructAndIncrementLength): No need for + union or special constructor anymore. + +2011-04-26 Gabor Loki <loki@webkit.org> + + Reviewed by Csaba Osztrogonác. + + Speeding up SVG filters with multicore (SMP) support + https://bugs.webkit.org/show_bug.cgi?id=43903 + + Some SVG filters execute a huge number of pixel manipulations, which + cannot be sped up by graphics accelerators, since their algorithm is + too complex. Using the power of Symmetric Multi Processing (SMP) we + can split up a task to smaller (data independent) tasks, which can be + executed independently. + + The ParallelJobs framework provides a simple way for distributed + programming. The framework is based on WebKit's threading infrastructure, + Open Multi-Processing's (OpenMP) API, and libdispatch API. + + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + * wtf/ParallelJobs.h: Added. + (WTF::ParallelJobs::ParallelJobs): + (WTF::ParallelJobs::numberOfJobs): + (WTF::ParallelJobs::parameterForJob): + (WTF::ParallelJobs::executeJobs): + * wtf/ParallelJobsGeneric.cpp: Added. + (WTF::ParallelEnvironment::ThreadPrivate::tryLockFor): + (WTF::ParallelEnvironment::ThreadPrivate::executeJob): + (WTF::ParallelEnvironment::ThreadPrivate::waitForFinish): + (WTF::ParallelEnvironment::ThreadPrivate::workerThread): + * wtf/ParallelJobsGeneric.h: Added. + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::numberOfJobs): + (WTF::ParallelEnvironment::parameterForJob): + (WTF::ParallelEnvironment::executeJobs): + (WTF::ParallelEnvironment::ThreadPrivate::ThreadPrivate): + (WTF::ParallelEnvironment::ThreadPrivate::create): + * wtf/ParallelJobsLibdispatch.h: Added. + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::numberOfJobs): + (WTF::ParallelEnvironment::parameterForJob): + (WTF::ParallelEnvironment::executeJobs): + * wtf/ParallelJobsOpenMP.h: Added. + (WTF::ParallelEnvironment::ParallelEnvironment): + (WTF::ParallelEnvironment::numberOfJobs): + (WTF::ParallelEnvironment::parameterForJob): + (WTF::ParallelEnvironment::executeJobs): + * wtf/Platform.h: + * wtf/wtf.pri: + +2011-04-26 Mihai Parparita <mihaip@chromium.org> + + Reviewed by Adam Barth. + + Turn off make built-in implicit rules for derived sources makefile + https://bugs.webkit.org/show_bug.cgi?id=59418 + + We don't use any of make's built-in implicit rules, turning them off + speeds up parsing of the makefile. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * gyp/generate-derived-sources.sh: + +2011-04-25 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Custom prototypes on DOM objects don't persist after garbage collection + https://bugs.webkit.org/show_bug.cgi?id=59412 + + SunSpider reports no change. + + The hasCustomProperties() check didn't check for a custom prototype. + + * runtime/JSObject.h: + (JSC::JSObject::hasCustomProperties): Changed to delegate to Structure + because it is the "truth" about an object's pedigree. + + * runtime/Structure.cpp: + (JSC::Structure::Structure): + * runtime/Structure.h: + (JSC::Structure::didTransition): Track whether a Structure has ever + transitioned for any reason. If so, we have to assume that the object + holding it is custom in some way. + +2011-04-25 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + https://bugs.webkit.org/show_bug.cgi?id=59405 + DFG JIT - add type speculation for integer & array types, for vars & args. + + If a var or argument is used as the base for a GetByVal or PutByVal access + we are speculating that it is of type Array (we only generate code on the + speculative path to perform array accesses). By typing the var or args slot + as Array, and checking on entry to the function (in the case of args), and + each time the local is written to, we can avoid a type check at each point + the array is accessed. This will typically hoist type checks out of loops. + + Similarly, any local that is incremented or decremented, or is the input or + output or a bitwise operator, is likely to be an integer. By typing the + local as int32 we can avoid speculation checks on access, and tagging when + writing to the slot. All accesses can become 32bit instead of 64. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::predictArray): + (JSC::DFG::ByteCodeParser::predictInt32): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.h: + (JSC::DFG::PredictionSlot::PredictionSlot): + (JSC::DFG::Graph::Graph): + (JSC::DFG::Graph::predict): + (JSC::DFG::Graph::getPrediction): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::tagFor): + (JSC::DFG::JITCompiler::payloadFor): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::initializeVariableTypes): + * dfg/DFGSpeculativeJIT.h: + * runtime/Executable.cpp: + (JSC::tryDFGCompile): + +2011-04-25 David Levin <levin@chromium.org> + + Reviewed by James Robinson. + + Fix OwnPtr strict mode violation in MessageQueue.h + https://bugs.webkit.org/show_bug.cgi?id=59400 + + * wtf/MessageQueue.h: + (WTF::::waitForMessage): + (WTF::::waitForMessageFilteredWithTimeout): + (WTF::::tryGetMessage): + +2011-04-25 Adam Barth <abarth@webkit.org> + + Reviewed by Darin Adler. + + JavaScriptCore should play nice strict OwnPtrs + https://bugs.webkit.org/show_bug.cgi?id=59401 + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parse): + * heap/Heap.cpp: + (JSC::TypeCounter::TypeCounter): + * jit/JITStubs.cpp: + (JSC::JITThunks::JITThunks): + * parser/JSParser.cpp: + (JSC::JSParser::Scope::Scope): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail): + +2011-04-25 Mark Rowe <mrowe@apple.com> + + Build fix. + + * wtf/ListHashSet.h: + +2011-04-25 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Bug 59370 - DFG JIT - fix leak of BlocksBlocks + (put the blocks immediately into an OwnPtr). + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parse): + +2011-04-25 James Robinson <jamesr@chromium.org> + + Reviewed by David Levin. + + Fix strict OwnPtr violations in ListHashSet and RenderLayerCompositor + https://bugs.webkit.org/show_bug.cgi?id=59353 + + * wtf/ListHashSet.h: + (WTF::::ListHashSet): + +2011-04-25 David Levin <levin@chromium.org> + + Reviewed by Adam Barth. + + Fix PassOwnPtr issues in Structure and JSGlobalData.cpp + https://bugs.webkit.org/show_bug.cgi?id=59347 + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/Structure.cpp: + (JSC::Structure::copyPropertyTable): + (JSC::Structure::createPropertyMap): + * runtime/Structure.h: + +2011-04-25 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make ClassInfo required when creating a Structure + https://bugs.webkit.org/show_bug.cgi?id=59340 + + Add ClassInfo to all those types which currently don't + have it, and add an assertion to Structure::create to + ensure that the provided classInfo is not null. + + * runtime/Executable.h: + (JSC::EvalExecutable::createStructure): + (JSC::ProgramExecutable::createStructure): + (JSC::FunctionExecutable::createStructure): + * runtime/GetterSetter.cpp: + * runtime/GetterSetter.h: + (JSC::GetterSetter::createStructure): + * runtime/JSAPIValueWrapper.cpp: + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSString.cpp: + * runtime/JSString.h: + (JSC::RopeBuilder::createStructure): + * runtime/Structure.h: + (JSC::Structure::create): + (JSC::JSCell::createDummyStructure): + +2011-04-25 David Levin <levin@chromium.org> + + Reviewed by Adam Barth. + + PropertyMapHashTable.h should use adoptPtr instead of implicit conversions to PassRefPtr. + https://bugs.webkit.org/show_bug.cgi?id=59342 + + This patch is to prepare for the strict OwnPtr hack-a-thon. + + * runtime/PropertyMapHashTable.h: + (JSC::PropertyTable::copy): + +2011-04-25 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Reviewed by Gavin Barraclough. + + Rationalize MacroAssembler branch methods + https://bugs.webkit.org/show_bug.cgi?id=58950 + + split out the 'Condition' enum into 'RelationalCondition' and 'ResultCondition' + and apply related changes (only for SH4 platforms). + + * assembler/MacroAssemblerSH4.cpp: + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::compare32): + (JSC::MacroAssemblerSH4::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerSH4::branchDouble): + (JSC::MacroAssemblerSH4::branch32): + (JSC::MacroAssemblerSH4::branchTest8): + (JSC::MacroAssemblerSH4::branch8): + (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32): + (JSC::MacroAssemblerSH4::test8): + (JSC::MacroAssemblerSH4::branch16): + (JSC::MacroAssemblerSH4::branchTest32): + (JSC::MacroAssemblerSH4::branchAdd32): + (JSC::MacroAssemblerSH4::branchMul32): + (JSC::MacroAssemblerSH4::branchSub32): + (JSC::MacroAssemblerSH4::branchOr32): + (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32): + (JSC::MacroAssemblerSH4::branchPtrWithPatch): + (JSC::MacroAssemblerSH4::SH4Condition): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::cmpEqImmR0): + +2011-04-25 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + PropertyMapHashTable should work with strict OwnPtr + https://bugs.webkit.org/show_bug.cgi?id=59337 + + This patch is in preparation for the strict OwnPtr hack-a-thon. + + * runtime/PropertyMapHashTable.h: + (JSC::PropertyTable::PropertyTable): + (JSC::PropertyTable::addDeletedOffset): + +2011-04-25 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Nixed MarkStack::deprecatedAppend, since it has no clients left. + + * heap/MarkStack.h: + +2011-04-23 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Bug 59287 - DFG JIT - Handle temporaries as vars, allowing support for ?: + + SetLocals to temporaries will only be generated if they are used within other + blocks, due to the SSA based DCE. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::get): + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::getLocal): + (JSC::DFG::ByteCodeParser::setLocal): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processPhiStack): + (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.h: + (JSC::DFG::BasicBlock::BasicBlock): + +2011-04-22 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig & Geoff Garen. + + Bug 59266 - DFG JIT - Add SSA style DCE + + This works by making GetLocal nodes reference SetLocal nodes from prior blocks, + via intermediate Phi nodes. Whenever we add a GetLocal to the graph, also add a + matching child Phi, and add the Phi to a work queue to add references to prior + definitions once we have the full CFG & can determine predecessors. This process + is iterative, inserting new phis into predecessors as necessary. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getVariable): + (JSC::DFG::ByteCodeParser::setVariable): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::setArgument): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::processWorkQueue): + (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::refChildren): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::ref): + * dfg/DFGNode.h: + (JSC::DFG::Node::ref): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::~ScoreBoard): + (JSC::DFG::ScoreBoard::dump): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-04-22 Vitaly Repeshko <vitalyr@chromium.org> + + Reviewed by Adam Barth. + + Add missing default constructors for HashMap iterator specializations. + https://bugs.webkit.org/show_bug.cgi?id=59250 + + * wtf/HashIterators.h: + * wtf/HashTable.h: + (WTF::HashTableConstIterator::HashTableConstIterator): Added cast + to help compiler find the function template. + +2011-04-22 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 59262 - DFG JIT - reduce size of VariableRecord + + We never need both the get & set node, only the most recent + (which is always a set, if both exist). + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getVariable): + (JSC::DFG::ByteCodeParser::setVariable): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::setArgument): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.h: + (JSC::DFG::VariableRecord::VariableRecord): + +2011-04-22 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoffrey Garen. + + Bug 59254 - DFG JIT - retain VariableRecords for args/var in all basic blocks, + such that this information is available for DCE. Also, since this enlarges the + size of BasicBlock, make Graph hold a vector of pointers to basic blocks, not a + vector of blocks. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::get): + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::getVariable): + (JSC::DFG::ByteCodeParser::setVariable): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::setArgument): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::setupPredecessors): + (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::VariableRecord::VariableRecord): + (JSC::DFG::BasicBlock::BasicBlock): + (JSC::DFG::BasicBlock::getBytecodeBegin): + (JSC::DFG::Graph::blockIndexForBytecodeOffset): + (JSC::DFG::Graph::blockForBytecodeOffset): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): + +2011-04-22 Gavin Barraclough <barraclough@apple.com> + + Errk, build fix. + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-04-22 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Quick cleanup to SpeculativeJIT/NonSpeculativeJIT compile loop, + move out the call to checkConsistency(). + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + +2011-04-21 Vitaly Repeshko <vitalyr@chromium.org> + + Reviewed by Adam Barth. + + Provide default constructors for HashMap iterators. + https://bugs.webkit.org/show_bug.cgi?id=59151 + + These will be used to implement an iterator over EventTarget's + listeners. + + * wtf/HashTable.h: + (WTF::HashTableConstIteratorAdapter::HashTableConstIteratorAdapter): + (WTF::HashTableIteratorAdapter::HashTableIteratorAdapter): + +2011-04-22 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + Bug 59232 - DFG JIT - Add predecessor links to BasicBlocks + + These will be necessary for DCE support. + Also factor allocateVirtualRegisters out into its own method. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::setupPredecessors): + (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::blockForBytecodeOffset): + * dfg/DFGNode.h: + (JSC::DFG::Node::isTerminal): + +2011-04-22 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Object.create creates uncachable objects + https://bugs.webkit.org/show_bug.cgi?id=59164 + + Use the prototype object's inheritorID, as we + should always have done + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::nullPrototypeObjectStructure): + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorCreate): + +2011-04-22 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 59222 - DFG JIT - don't allocate virtual registers to nodes with no result + + We currently allocate virtual registers to nodes which have no result - these are + clearly unused, and may result in us allocating a larger than necessary stack frame. + + Encapsulate Node::virtualRegister such that we can ASSERT this is only called on + nodes that have results, and improve the quality of output from the consistency check. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::ref): + (JSC::DFG::Graph::deref): + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + (JSC::DFG::JITCodeGenerator::dump): + (JSC::DFG::JITCodeGenerator::checkConsistency): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::canReuse): + (JSC::DFG::JITCodeGenerator::isFilled): + (JSC::DFG::JITCodeGenerator::isFilledDouble): + (JSC::DFG::JITCodeGenerator::use): + (JSC::DFG::JITCodeGenerator::integerResult): + (JSC::DFG::JITCodeGenerator::noResult): + (JSC::DFG::JITCodeGenerator::cellResult): + (JSC::DFG::JITCodeGenerator::jsValueResult): + (JSC::DFG::JITCodeGenerator::doubleResult): + (JSC::DFG::JITCodeGenerator::initConstantInfo): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::JITCompiler::fillInt32ToInteger): + (JSC::DFG::JITCompiler::fillToJS): + (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): + * dfg/DFGNode.h: + (JSC::DFG::Node::Node): + (JSC::DFG::Node::hasResult): + (JSC::DFG::Node::virtualRegister): + (JSC::DFG::Node::setVirtualRegister): + (JSC::DFG::Node::refCount): + (JSC::DFG::Node::ref): + (JSC::DFG::Node::deref): + (JSC::DFG::Node::adjustedRefCount): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::isKnownInteger): + (JSC::DFG::NonSpeculativeJIT::isKnownNumeric): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::use): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::compile): + +2011-04-22 Sam Weinig <sam@webkit.org> + + Reviewed by Gavin Barraclough and Oliver Hunt. + + Arrays should participate in global object forwarding fun + https://bugs.webkit.org/show_bug.cgi?id=59215 + + * runtime/JSGlobalObject.h: + (JSC::constructEmptyArray): + (JSC::constructArray): + Add variants of constructArray that take a global object. + +2011-04-22 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r84650 and r84654. + http://trac.webkit.org/changeset/84650 + http://trac.webkit.org/changeset/84654 + https://bugs.webkit.org/show_bug.cgi?id=59218 + + Broke Windows build (Requested by bweinstein on #webkit). + + * API/JSCallbackObjectFunctions.h: + (JSC::::init): + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * heap/Handle.h: + (JSC::HandleBase::operator!): + (JSC::HandleBase::operator UnspecifiedBoolType*): + (JSC::HandleTypes::getFromSlot): + * heap/HandleHeap.cpp: + (JSC::HandleHeap::markStrongHandles): + (JSC::HandleHeap::markWeakHandles): + (JSC::HandleHeap::finalizeWeakHandles): + (JSC::HandleHeap::writeBarrier): + (JSC::HandleHeap::protectedGlobalObjectCount): + (JSC::HandleHeap::isValidWeakNode): + * heap/HandleHeap.h: + (JSC::HandleHeap::copyWeak): + (JSC::HandleHeap::makeWeak): + (JSC::HandleHeap::Node::slot): + * heap/HandleStack.cpp: + (JSC::HandleStack::mark): + (JSC::HandleStack::grow): + * heap/HandleStack.h: + (JSC::HandleStack::zapTo): + (JSC::HandleStack::push): + * heap/Heap.cpp: + (JSC::HandleHeap::protectedObjectTypeCounts): + * heap/Local.h: + (JSC::::set): + * heap/Strong.h: + (JSC::Strong::set): + * heap/Weak.h: + (JSC::Weak::set): + * runtime/StructureTransitionTable.h: + (JSC::StructureTransitionTable::singleTransition): + (JSC::StructureTransitionTable::setSingleTransition): + * runtime/WeakGCMap.h: + (JSC::WeakGCMap::add): + (JSC::WeakGCMap::set): + * runtime/WriteBarrier.h: + +2011-04-22 Brian Weinstein <bweinstein@apple.com> + + Part of Windows build fix from r84650. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-04-22 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make it harder to use HandleSlot incorrectly + https://bugs.webkit.org/show_bug.cgi?id=59205 + + Just add a little type fudging to make it harder to + incorrectly assign through a HandleSlot. + + * API/JSCallbackObjectFunctions.h: + (JSC::::init): + * JavaScriptCore.exp: + * heap/Handle.h: + (JSC::HandleBase::operator!): + (JSC::HandleBase::operator UnspecifiedBoolType*): + (JSC::HandleTypes::getFromSlot): + * heap/HandleHeap.cpp: + (JSC::HandleHeap::markStrongHandles): + (JSC::HandleHeap::markWeakHandles): + (JSC::HandleHeap::finalizeWeakHandles): + (JSC::HandleHeap::writeBarrier): + (JSC::HandleHeap::protectedGlobalObjectCount): + (JSC::HandleHeap::isValidWeakNode): + * heap/HandleHeap.h: + (JSC::HandleHeap::copyWeak): + (JSC::HandleHeap::makeWeak): + (JSC::HandleHeap::Node::slot): + * heap/HandleStack.cpp: + (JSC::HandleStack::mark): + (JSC::HandleStack::grow): + * heap/HandleStack.h: + (JSC::HandleStack::zapTo): + (JSC::HandleStack::push): + * heap/Heap.cpp: + (JSC::HandleHeap::protectedObjectTypeCounts): + * heap/Local.h: + (JSC::::set): + * heap/Strong.h: + (JSC::Strong::set): + * heap/Weak.h: + (JSC::Weak::set): + * runtime/StructureTransitionTable.h: + (JSC::StructureTransitionTable::singleTransition): + (JSC::StructureTransitionTable::setSingleTransition): + * runtime/WeakGCMap.h: + (JSC::WeakGCMap::add): + (JSC::WeakGCMap::set): + * runtime/WriteBarrier.h: + (JSC::OpaqueJSValue::toJSValue): + (JSC::OpaqueJSValue::toJSValueRef): + (JSC::OpaqueJSValue::fromJSValue): + +2011-04-22 Patrick Gansterer <paroga@webkit.org> + + Unreviewed. Build fix for ENABLE(INTERPRETER) after r84556. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitAggregate): + +2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r84583. + http://trac.webkit.org/changeset/84583 + https://bugs.webkit.org/show_bug.cgi?id=59173 + + "broke + http://trac.webkit.org/export/84593/trunk/LayoutTests/fast/js + /Object-create.html" (Requested by ggaren on #webkit). + + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorCreate): + +2011-04-21 Maciej Stachowiak <mjs@apple.com> + + Reviewed by Adam Roben. + + Add a feature define to allow <details> and <summary> to be disabled + https://bugs.webkit.org/show_bug.cgi?id=59118 + <rdar://problem/9257045> + + * Configurations/FeatureDefines.xcconfig: + +2011-04-21 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Object.create creates uncachable objects + https://bugs.webkit.org/show_bug.cgi?id=59164 + + Use the prototype object's inheritorID, as we + should always have done + + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorCreate): + +2011-04-21 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Start moving to a general visitor pattern for GC traversal + https://bugs.webkit.org/show_bug.cgi?id=59141 + + This is just a rename: + markChildren -> visitChildren + markAggregate -> visitAggregate + markStack -> visitor + MarkStack -> typedef'd to SlotVisitor + + * API/JSCallbackObject.h: + (JSC::JSCallbackObjectData::visitChildren): + (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren): + (JSC::JSCallbackObject::visitChildren): + * JavaScriptCore.exp: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::visitStructures): + (JSC::EvalCodeCache::visitAggregate): + (JSC::CodeBlock::visitAggregate): + * bytecode/CodeBlock.h: + * bytecode/EvalCodeCache.h: + * bytecode/Instruction.h: + (JSC::PolymorphicAccessStructureList::visitAggregate): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::visitAggregate): + * bytecode/StructureStubInfo.h: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::visitChildren): + * debugger/DebuggerActivation.h: + * heap/HandleHeap.cpp: + (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): + (JSC::HandleHeap::markStrongHandles): + (JSC::HandleHeap::markWeakHandles): + * heap/HandleHeap.h: + * heap/HandleStack.cpp: + (JSC::HandleStack::mark): + * heap/HandleStack.h: + * heap/Heap.cpp: + (JSC::Heap::markProtectedObjects): + (JSC::Heap::markTempSortVectors): + (JSC::Heap::markRoots): + * heap/Heap.h: + * heap/MarkStack.cpp: + (JSC::MarkStack::visitChildren): + (JSC::MarkStack::drain): + * heap/MarkStack.h: + (JSC::HeapRootVisitor::HeapRootVisitor): + (JSC::HeapRootVisitor::mark): + (JSC::HeapRootVisitor::visitor): + * heap/MarkedSpace.h: + * runtime/ArgList.cpp: + (JSC::MarkedArgumentBuffer::markLists): + * runtime/ArgList.h: + * runtime/Arguments.cpp: + (JSC::Arguments::visitChildren): + * runtime/Arguments.h: + * runtime/Executable.cpp: + (JSC::EvalExecutable::visitChildren): + (JSC::ProgramExecutable::visitChildren): + (JSC::FunctionExecutable::visitChildren): + * runtime/Executable.h: + * runtime/GetterSetter.cpp: + (JSC::GetterSetter::visitChildren): + * runtime/GetterSetter.h: + (JSC::GetterSetter::createStructure): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + * runtime/JSActivation.cpp: + (JSC::JSActivation::visitChildren): + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + (JSC::JSArray::visitChildren): + * runtime/JSArray.h: + (JSC::JSArray::visitDirect): + * runtime/JSCell.h: + (JSC::JSCell::JSCell::visitChildren): + * runtime/JSFunction.cpp: + (JSC::JSFunction::visitChildren): + * runtime/JSFunction.h: + * runtime/JSGlobalObject.cpp: + (JSC::visitIfNeeded): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + * runtime/JSONObject.cpp: + * runtime/JSObject.cpp: + (JSC::JSObject::visitChildren): + * runtime/JSObject.h: + (JSC::JSObject::visitDirect): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::visitChildren): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::createStructure): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::visitChildren): + * runtime/JSStaticScopeObject.h: + * runtime/JSTypeInfo.h: + (JSC::TypeInfo::TypeInfo): + (JSC::TypeInfo::overridesVisitChildren): + * runtime/JSWrapperObject.cpp: + (JSC::JSWrapperObject::visitChildren): + * runtime/JSWrapperObject.h: + * runtime/JSZombie.h: + (JSC::JSZombie::visitChildren): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::visitChildren): + * runtime/NativeErrorConstructor.h: + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::visitChildren): + * runtime/RegExpObject.h: + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::visitChildren): + * runtime/ScopeChain.h: + * runtime/SmallStrings.cpp: + (JSC::SmallStrings::visitChildren): + * runtime/SmallStrings.h: + * runtime/Structure.cpp: + (JSC::Structure::Structure): + (JSC::Structure::visitChildren): + * runtime/Structure.h: + * runtime/StructureChain.cpp: + (JSC::StructureChain::visitChildren): + * runtime/StructureChain.h: + (JSC::StructureChain::createStructure): + +2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r84548. + http://trac.webkit.org/changeset/84548 + https://bugs.webkit.org/show_bug.cgi?id=59144 + + Broke chromium-win build (Requested by aklein on #webkit). + + * wtf/Platform.h: + +2011-04-21 Adam Klein <adamk@chromium.org> + + Reviewed by David Levin. + + [fileapi] Worker File API calls that create Blobs fail in debug builds due to random number generator thread assertion + https://bugs.webkit.org/show_bug.cgi?id=55728 + + Enable WTF_MULTIPLE_THREADS for Chromium. + + * wtf/Platform.h: + +2011-04-20 Michael Saboff <msaboff@apple.com> + + Reviewed by Geoff Garen. + + JSString::resolveRope inefficient for common 2 fiber case + https://bugs.webkit.org/show_bug.cgi?id=58994 + + Split JSString::resolveRope into three routines. + resolveRope allocates the new buffer and handles the 1 or 2 + fiber case with single level fibers. + resolveRopeSlowCase handles the general case. + outOfMemory handles the rare out of memory exception case. + + * runtime/JSString.cpp: + (JSC::JSString::resolveRope): + (JSC::JSString::resolveRopeSlowCase): + (JSC::JSString::outOfMemory): + * runtime/JSString.h: + +2011-04-20 Adam Klein <adamk@chromium.org> + + Reviewed by David Levin. + + Rename all uses of JSC_MULTIPLE_THREADS under wtf/... to WTF_MULTIPLE_THREADS + https://bugs.webkit.org/show_bug.cgi?id=59040 + + This will be used to fix https://bugs.webkit.org/show_bug.cgi?id=55728 + by enabling WTF_MULTIPLE_THREADS for Chromium. + + * wtf/CryptographicallyRandomNumber.cpp: + (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber): + (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues): + * wtf/FastMalloc.cpp: + * wtf/Platform.h: + Enable WTF_MULTIPLE_THREADS whenever JSC_MULTIPLE_THREADS is enabled. + * wtf/RandomNumber.cpp: + (WTF::randomNumber): + * wtf/RefCountedLeakCounter.cpp: + (WTF::RefCountedLeakCounter::increment): + (WTF::RefCountedLeakCounter::decrement): + * wtf/dtoa.cpp: + (WTF::pow5mult): + +2011-04-20 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by Geoff Garen + + Bug 59069 - DFG JIT - register allocate r8, r9, r10 + + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::gprToRegisterID): + +2011-04-20 Gavin Barraclough <barraclough@apple.com> + + Build fix - revert accidental change. + + * wtf/Platform.h: + +2011-04-20 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Add SAMPLING_FLAGS tool to DFG JIT. + + * bytecode/SamplingTool.h: + (JSC::SamplingFlags::addressOfFlags): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::setSamplingFlag): + (JSC::DFG::JITCompiler::clearSamplingFlag): + * dfg/DFGJITCompiler.h: + * jit/JITInlineMethods.h: + (JSC::JIT::setSamplingFlag): + (JSC::JIT::clearSamplingFlag): + * wtf/Platform.h: + +2011-04-20 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Bug 59022 - DFG JIT - Optimize branch-on-relational-compare + + If a relational compare (< or <=) is immediately followed by a branch, + we can combine the two, avoiding generation of a boolean into a register. + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::branch32): + (JSC::MacroAssemblerX86Common::invert): + (JSC::MacroAssemblerX86Common::commute): + * dfg/DFGNode.h: + (JSC::DFG::Node::adjustedRefCount): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isJSConstantWithInt32Value): + (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): + +2011-04-20 Gavin Barraclough <barraclough@apple.com> + + ARMv7 build fix II. + + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::softModulo): + +2011-04-20 Gavin Barraclough <barraclough@apple.com> + + ARMv7 build fix. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::test8): + +2011-04-19 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Rationalize MacroAssembler branch methods + https://bugs.webkit.org/show_bug.cgi?id=58950 + + The MacroAssembler currently exposes x86's weird behaviour that the 'setcc' + instruction only sets the low 8 bits of a register. Stop that. + + Having done so, to clarify remove the 'set32' prefix from test & compare + instructions - these methods all now set a full 32/64 bit register (Ptr size). + The size in the function name should indicate the amount of data being compared. + + Also split out the 'Condition' enum into 'RelationalCondition' and + 'ResultCondition'. The former is used in binary comparison, the latter is a unary + condition check on the result of an operation. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::branchPtr): + (JSC::MacroAssembler::branch32): + (JSC::MacroAssembler::branch16): + (JSC::MacroAssembler::branchTestPtr): + (JSC::MacroAssembler::comparePtr): + (JSC::MacroAssembler::branchAddPtr): + (JSC::MacroAssembler::branchSubPtr): + (JSC::MacroAssembler::branchTest8): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::branch8): + (JSC::MacroAssemblerARM::branch32): + (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerARM::branch16): + (JSC::MacroAssemblerARM::branchTest8): + (JSC::MacroAssemblerARM::branchTest32): + (JSC::MacroAssemblerARM::branchAdd32): + (JSC::MacroAssemblerARM::branchMul32): + (JSC::MacroAssemblerARM::branchSub32): + (JSC::MacroAssemblerARM::branchNeg32): + (JSC::MacroAssemblerARM::branchOr32): + (JSC::MacroAssemblerARM::compare32): + (JSC::MacroAssemblerARM::test32): + (JSC::MacroAssemblerARM::test8): + (JSC::MacroAssemblerARM::branchPtrWithPatch): + (JSC::MacroAssemblerARM::ARMCondition): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::branch32): + (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerARMv7::branch16): + (JSC::MacroAssemblerARMv7::branch8): + (JSC::MacroAssemblerARMv7::branchTest32): + (JSC::MacroAssemblerARMv7::branchTest8): + (JSC::MacroAssemblerARMv7::branchAdd32): + (JSC::MacroAssemblerARMv7::branchMul32): + (JSC::MacroAssemblerARMv7::branchOr32): + (JSC::MacroAssemblerARMv7::branchSub32): + (JSC::MacroAssemblerARMv7::compare32): + (JSC::MacroAssemblerARMv7::test32): + (JSC::MacroAssemblerARMv7::test8): + (JSC::MacroAssemblerARMv7::branchPtrWithPatch): + (JSC::MacroAssemblerARMv7::makeBranch): + (JSC::MacroAssemblerARMv7::armV7Condition): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::branch8): + (JSC::MacroAssemblerMIPS::branch32): + (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerMIPS::branch16): + (JSC::MacroAssemblerMIPS::branchTest32): + (JSC::MacroAssemblerMIPS::branchTest8): + (JSC::MacroAssemblerMIPS::branchAdd32): + (JSC::MacroAssemblerMIPS::branchMul32): + (JSC::MacroAssemblerMIPS::branchSub32): + (JSC::MacroAssemblerMIPS::branchOr32): + (JSC::MacroAssemblerMIPS::compare32): + (JSC::MacroAssemblerMIPS::test8): + (JSC::MacroAssemblerMIPS::test32): + (JSC::MacroAssemblerMIPS::branchPtrWithPatch): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::branch32): + (JSC::MacroAssemblerX86::branchPtrWithPatch): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::branch8): + (JSC::MacroAssemblerX86Common::branch32): + (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerX86Common::branch16): + (JSC::MacroAssemblerX86Common::branchTest32): + (JSC::MacroAssemblerX86Common::branchTest8): + (JSC::MacroAssemblerX86Common::branchAdd32): + (JSC::MacroAssemblerX86Common::branchMul32): + (JSC::MacroAssemblerX86Common::branchSub32): + (JSC::MacroAssemblerX86Common::branchNeg32): + (JSC::MacroAssemblerX86Common::branchOr32): + (JSC::MacroAssemblerX86Common::compare32): + (JSC::MacroAssemblerX86Common::test8): + (JSC::MacroAssemblerX86Common::test32): + (JSC::MacroAssemblerX86Common::x86Condition): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::comparePtr): + (JSC::MacroAssemblerX86_64::branchPtr): + (JSC::MacroAssemblerX86_64::branchTestPtr): + (JSC::MacroAssemblerX86_64::branchAddPtr): + (JSC::MacroAssemblerX86_64::branchSubPtr): + (JSC::MacroAssemblerX86_64::branchPtrWithPatch): + (JSC::MacroAssemblerX86_64::branchTest8): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_eq): + (JSC::JIT::emit_op_neq): + (JSC::JIT::compileOpStrictEq): + (JSC::JIT::emit_op_eq_null): + (JSC::JIT::emit_op_neq_null): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_eq): + (JSC::JIT::emit_op_neq): + (JSC::JIT::compileOpStrictEq): + (JSC::JIT::emit_op_eq_null): + (JSC::JIT::emit_op_neq_null): + +2011-04-20 Balazs Kelemen <kbalazs@webkit.org> + + Reviewed by Csaba Osztrogonác. + + [Qt] Cleanup includepath adjustment for generated files + https://bugs.webkit.org/show_bug.cgi?id=58869 + + * JavaScriptCore.pri: Add the directory of generated files to the include + path with absolute path to make it valid in the final build step. + +2011-04-19 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Remove unneeded deprecated methods from MarkStack + https://bugs.webkit.org/show_bug.cgi?id=58853 + + Remove deprecated methods + + * heap/MarkStack.h: + +2011-04-19 Mark Rowe <mrowe@apple.com> + + Things work best when the Xcode project refers to the file at a path that exists. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-04-19 Renata Hodovan <reni@webkit.org> + + Reviewed by Eric Seidel. + + Move the alignment related macros in Vector.h to new Alignment.h. + https://bugs.webkit.org/show_bug.cgi?id=56000 + + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/Alignment.h: Added. + * wtf/CMakeLists.txt: + * wtf/Vector.h: + +2011-04-19 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Remove DeprecatedPtr + https://bugs.webkit.org/show_bug.cgi?id=58718 + + Remove the class an all functions that still exist to support it. + + * heap/MarkStack.h: + (JSC::MarkStack::append): + * runtime/JSValue.h: + * runtime/WriteBarrier.h: + +2011-04-19 Jungshik Shin <jshin@chromium.org> + + Reviewed by David Levin + + Add U+FEFF (Zero width no-break space) to CharacterNames.h. + It's added to the list of characters to treat as zero-width + in WebCore. + + https://bugs.webkit.org/show_bug.cgi?id=48860 + + * wtf/unicode/CharacterNames.h: + +2011-04-19 Csaba Osztrogonác <ossy@webkit.org> + + [Qt] REGRESSION(84176): http/tests/xmlhttprequest/event-listener-gc.html fails + https://bugs.webkit.org/show_bug.cgi?id=58871 + + Unreviewed, rolling out r84176, r84178, r84186, r84212 and r84231. + http://trac.webkit.org/changeset/84176 (original patch) + http://trac.webkit.org/changeset/84178 (original patch - part 2) + http://trac.webkit.org/changeset/84186 (build fix) + http://trac.webkit.org/changeset/84212 + http://trac.webkit.org/changeset/84231 (skip failing test) + + original bugs: + - https://bugs.webkit.org/show_bug.cgi?id=58718 + - https://bugs.webkit.org/show_bug.cgi?id=58853 + + * heap/MarkStack.h: + (JSC::MarkStack::deprecatedAppendValues): + (JSC::MarkStack::append): + (JSC::MarkStack::deprecatedAppend): + * runtime/JSValue.h: + * runtime/WriteBarrier.h: + (JSC::DeprecatedPtr::DeprecatedPtr): + (JSC::DeprecatedPtr::get): + (JSC::DeprecatedPtr::operator*): + (JSC::DeprecatedPtr::operator->): + (JSC::DeprecatedPtr::slot): + (JSC::DeprecatedPtr::operator UnspecifiedBoolType*): + (JSC::DeprecatedPtr::operator!): + (JSC::operator==): + +2011-04-18 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Remove unneeded deprecated methods from MarkStack + https://bugs.webkit.org/show_bug.cgi?id=58853 + + Remove deprecated methods + + * heap/MarkStack.h: + +2011-04-18 Oliver Hunt <oliver@apple.com> + + Reviewed by Adam Roben. + + Off by one initialising repeat callframe + https://bugs.webkit.org/show_bug.cgi?id=58838 + <rdar://problem/8756810> + + If the end of a callframe made for a repeat call landed on + a page boundary the following page may not have been committed + which means that the off by one could lead to a crash. However + it could only happen in this case and only on windows which is + why it was so hard to repro. Alas given the steps needed to + reproduce are such that it's not really possible to make a + testcase. + + This fix makes the code a little less squirrely by not trying + to avoid the unnecessary initialisation of |this|. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::prepareForRepeatCall): + +2011-04-18 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + Bug 58829 - DFG JIT - Optimize add/sub immediate, multiply. + + Add code generation for add/subtract instruction with immediate operands + (where a child is a constant), and don't bail to non-speculative if an + integer multiple results in a +0 result (only if it should be generating -0). + + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::isDoubleConstantWithInt32Value): + +2011-04-18 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + Bug 58817 - DFG JIT - if speculative compilation fails, throw away code. + + If we detect a logical conflict, throw away generated code, + and only compile through the NonSpeculativeJIT. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::rewindToLabel): + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::rewindToOffset): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::branchAdd32): + (JSC::MacroAssemblerX86Common::branchSub32): + * assembler/X86Assembler.h: + (JSC::X86Assembler::rewindToLabel): + (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::linkSpeculationChecks): + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator): + +2011-04-18 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Remove DeprecatedPtr + https://bugs.webkit.org/show_bug.cgi?id=58718 + + As simple as it sounds. + + * runtime/JSValue.h: + * runtime/WriteBarrier.h: + +2011-04-17 Cameron Zwarich <zwarich@apple.com> + + Reviewed by Dan Bernstein. + + JSC no longer builds with Clang due to -Woverloaded-virtual warning + https://bugs.webkit.org/show_bug.cgi?id=58760 + + Rename Structure's specificValue overload of put to putSpecificValue to avoid + Clang's warning for overloading a virtual function. + + * runtime/Structure.cpp: + (JSC::Structure::addPropertyTransition): + (JSC::Structure::addPropertyWithoutTransition): + (JSC::Structure::putSpecificValue): + * runtime/Structure.h: + +2011-04-17 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Adam Barth. + + Remove WTF_PLATFORM_SGL + https://bugs.webkit.org/show_bug.cgi?id=58743 + + WTF_PLATFORM_SGL and PLATFORM(SGL) are not used in the code anywhere. + + * wtf/Platform.h: + +2011-04-17 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Adam Barth. + + Rename PLATFORM(CA) to USE(CA) + https://bugs.webkit.org/show_bug.cgi?id=58742 + + * wtf/Platform.h: + +2011-04-17 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Adam Barth. + + Rename PLATFORM(CG) to USE(CG) + https://bugs.webkit.org/show_bug.cgi?id=58729 + + * wtf/Platform.h: + +2011-04-16 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Eric Seidel. + + Rename PLATFORM(CAIRO) to USE(CAIRO) + https://bugs.webkit.org/show_bug.cgi?id=55192 + + * wtf/Platform.h: + * wtf/gobject/GTypedefs.h: + +2011-04-15 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r84067. + http://trac.webkit.org/changeset/84067 + https://bugs.webkit.org/show_bug.cgi?id=58724 + + qt build are failing. (Requested by loislo2 on #webkit). + + * heap/MarkStack.h: + (JSC::MarkStack::append): + * runtime/JSValue.h: + * runtime/WriteBarrier.h: + (JSC::DeprecatedPtr::DeprecatedPtr): + (JSC::DeprecatedPtr::get): + (JSC::DeprecatedPtr::operator*): + (JSC::DeprecatedPtr::operator->): + (JSC::DeprecatedPtr::slot): + (JSC::DeprecatedPtr::operator UnspecifiedBoolType*): + (JSC::DeprecatedPtr::operator!): + (JSC::operator==): + +2011-04-15 Shishir Agrawal <shishir@chromium.org> + + Reviewed by James Robinson. + + Add a flag to guard Page Visibility API changes. + https://bugs.webkit.org/show_bug.cgi?id=58464 + + * Configurations/FeatureDefines.xcconfig: + +2011-04-15 Gavin Barraclough <barraclough@apple.com> + + Errrk! - build fix from !x86-64. + + * dfg/DFGNode.h: + +2011-04-15 David Levin <levin@chromium.org> + + Revert of r83974. + + JavaScriptCore shouldn't depend on ../ThirdParty/gtest/xcode/gtest.xcodeproj + https://bugs.webkit.org/show_bug.cgi?id=58716 + + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/tests/RunAllWtfTests.cpp: Removed. + * wtf/tests/StringTests.cpp: Removed. + +2011-04-15 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Remove DeprecatedPtr + https://bugs.webkit.org/show_bug.cgi?id=58718 + + As simple as it sounds. + + * heap/MarkStack.h: + (JSC::MarkStack::append): + * runtime/JSValue.h: + * runtime/WriteBarrier.h: + +2011-04-15 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Add a simple tool to gather statistics on whether functions + are completed through the new or old JIT. + + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + +2011-04-15 Oliver Hunt <oliver@apple.com> + + GC allocate Structure + https://bugs.webkit.org/show_bug.cgi?id=58483 + + Rolling r83894 r83827 r83810 r83809 r83808 back in with + a workaround for the gcc bug seen by the gtk bots + + * API/JSCallbackConstructor.cpp: + (JSC::JSCallbackConstructor::JSCallbackConstructor): + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::createStructure): + * API/JSCallbackFunction.h: + (JSC::JSCallbackFunction::createStructure): + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::createStructure): + * API/JSCallbackObjectFunctions.h: + (JSC::::JSCallbackObject): + * API/JSContextRef.cpp: + * JavaScriptCore.JSVALUE32_64only.exp: + * JavaScriptCore.JSVALUE64only.exp: + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::~CodeBlock): + (JSC::CodeBlock::markStructures): + (JSC::CodeBlock::markAggregate): + * bytecode/CodeBlock.h: + (JSC::MethodCallLinkInfo::setSeen): + (JSC::GlobalResolveInfo::GlobalResolveInfo): + * bytecode/Instruction.h: + (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): + (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): + (JSC::PolymorphicAccessStructureList::markAggregate): + (JSC::Instruction::Instruction): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::deref): + (JSC::StructureStubInfo::markAggregate): + * bytecode/StructureStubInfo.h: + (JSC::StructureStubInfo::initGetByIdSelf): + (JSC::StructureStubInfo::initGetByIdProto): + (JSC::StructureStubInfo::initGetByIdChain): + (JSC::StructureStubInfo::initPutByIdTransition): + (JSC::StructureStubInfo::initPutByIdReplace): + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::DebuggerActivation): + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::createStructure): + * heap/Handle.h: + * heap/MarkStack.cpp: + (JSC::MarkStack::markChildren): + (JSC::MarkStack::drain): + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + (JSC::MarkedBlock::sweep): + * heap/Strong.h: + (JSC::Strong::Strong): + (JSC::Strong::set): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::resolveGlobal): + (JSC::Interpreter::resolveGlobalDynamic): + (JSC::Interpreter::tryCachePutByID): + (JSC::Interpreter::uncachePutByID): + (JSC::Interpreter::tryCacheGetByID): + (JSC::Interpreter::uncacheGetByID): + (JSC::Interpreter::privateExecute): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::patchMethodCallProto): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::patchMethodCallProto): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITStubs.cpp: + (JSC::JITThunks::tryCachePutByID): + (JSC::JITThunks::tryCacheGetByID): + (JSC::DEFINE_STUB_FUNCTION): + (JSC::getPolymorphicAccessStructureListSlot): + * jit/JSInterfaceJIT.h: + (JSC::JSInterfaceJIT::storePtrWithWriteBarrier): + * jsc.cpp: + (cleanupGlobalData): + * runtime/Arguments.h: + (JSC::Arguments::createStructure): + (JSC::Arguments::Arguments): + (JSC::JSActivation::copyRegisters): + * runtime/ArrayConstructor.cpp: + (JSC::ArrayConstructor::ArrayConstructor): + (JSC::constructArrayWithSizeQuirk): + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + (JSC::ArrayPrototype::ArrayPrototype): + (JSC::arrayProtoFuncSplice): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::createStructure): + * runtime/BatchedTransitionOptimizer.h: + (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): + * runtime/BooleanConstructor.cpp: + (JSC::BooleanConstructor::BooleanConstructor): + * runtime/BooleanConstructor.h: + * runtime/BooleanObject.cpp: + (JSC::BooleanObject::BooleanObject): + * runtime/BooleanObject.h: + (JSC::BooleanObject::createStructure): + * runtime/BooleanPrototype.cpp: + (JSC::BooleanPrototype::BooleanPrototype): + * runtime/BooleanPrototype.h: + * runtime/DateConstructor.cpp: + (JSC::DateConstructor::DateConstructor): + * runtime/DateConstructor.h: + * runtime/DateInstance.cpp: + (JSC::DateInstance::DateInstance): + * runtime/DateInstance.h: + (JSC::DateInstance::createStructure): + * runtime/DatePrototype.cpp: + (JSC::DatePrototype::DatePrototype): + * runtime/DatePrototype.h: + (JSC::DatePrototype::createStructure): + * runtime/Error.cpp: + (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): + * runtime/ErrorConstructor.cpp: + (JSC::ErrorConstructor::ErrorConstructor): + * runtime/ErrorConstructor.h: + * runtime/ErrorInstance.cpp: + (JSC::ErrorInstance::ErrorInstance): + (JSC::ErrorInstance::create): + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::createStructure): + * runtime/ErrorPrototype.cpp: + (JSC::ErrorPrototype::ErrorPrototype): + * runtime/ErrorPrototype.h: + * runtime/ExceptionHelpers.cpp: + (JSC::InterruptedExecutionError::InterruptedExecutionError): + (JSC::TerminatedExecutionError::TerminatedExecutionError): + * runtime/Executable.cpp: + * runtime/Executable.h: + (JSC::ExecutableBase::ExecutableBase): + (JSC::ExecutableBase::createStructure): + (JSC::NativeExecutable::createStructure): + (JSC::NativeExecutable::NativeExecutable): + (JSC::ScriptExecutable::ScriptExecutable): + (JSC::EvalExecutable::createStructure): + (JSC::ProgramExecutable::createStructure): + (JSC::FunctionExecutable::createStructure): + * runtime/FunctionConstructor.cpp: + (JSC::FunctionConstructor::FunctionConstructor): + * runtime/FunctionConstructor.h: + * runtime/FunctionPrototype.cpp: + (JSC::FunctionPrototype::FunctionPrototype): + * runtime/FunctionPrototype.h: + (JSC::FunctionPrototype::createStructure): + * runtime/GetterSetter.h: + (JSC::GetterSetter::GetterSetter): + (JSC::GetterSetter::createStructure): + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::InternalFunction): + * runtime/InternalFunction.h: + (JSC::InternalFunction::createStructure): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + (JSC::JSAPIValueWrapper::JSAPIValueWrapper): + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): + * runtime/JSActivation.h: + (JSC::JSActivation::createStructure): + * runtime/JSArray.cpp: + (JSC::JSArray::JSArray): + * runtime/JSArray.h: + (JSC::JSArray::createStructure): + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::JSByteArray): + (JSC::JSByteArray::createStructure): + * runtime/JSByteArray.h: + (JSC::JSByteArray::JSByteArray): + * runtime/JSCell.cpp: + (JSC::isZombie): + * runtime/JSCell.h: + (JSC::JSCell::JSCell::JSCell): + (JSC::JSCell::JSCell::addressOfStructure): + (JSC::JSCell::JSCell::structure): + (JSC::JSCell::JSCell::markChildren): + (JSC::JSCell::JSValue::isZombie): + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + * runtime/JSFunction.h: + (JSC::JSFunction::createStructure): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::storeVPtrs): + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::clearBuiltinStructures): + (JSC::JSGlobalData::createLeaked): + * runtime/JSGlobalData.h: + (JSC::allocateGlobalHandle): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::markChildren): + (JSC::JSGlobalObject::copyGlobalsFrom): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::JSGlobalObject): + (JSC::JSGlobalObject::createStructure): + (JSC::Structure::prototypeChain): + (JSC::Structure::isValid): + (JSC::constructEmptyArray): + * runtime/JSNotAnObject.h: + (JSC::JSNotAnObject::JSNotAnObject): + (JSC::JSNotAnObject::createStructure): + * runtime/JSONObject.cpp: + (JSC::JSONObject::JSONObject): + * runtime/JSONObject.h: + (JSC::JSONObject::createStructure): + * runtime/JSObject.cpp: + (JSC::JSObject::defineGetter): + (JSC::JSObject::defineSetter): + (JSC::JSObject::seal): + (JSC::JSObject::freeze): + (JSC::JSObject::preventExtensions): + (JSC::JSObject::removeDirect): + (JSC::JSObject::createInheritorID): + * runtime/JSObject.h: + (JSC::JSObject::createStructure): + (JSC::JSObject::JSObject): + (JSC::JSNonFinalObject::createStructure): + (JSC::JSNonFinalObject::JSNonFinalObject): + (JSC::JSFinalObject::create): + (JSC::JSFinalObject::createStructure): + (JSC::JSFinalObject::JSFinalObject): + (JSC::constructEmptyObject): + (JSC::createEmptyObjectStructure): + (JSC::JSObject::~JSObject): + (JSC::JSObject::setPrototype): + (JSC::JSObject::setStructure): + (JSC::JSObject::inheritorID): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::transitionTo): + (JSC::JSObject::markChildrenDirect): + * runtime/JSObjectWithGlobalObject.cpp: + (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject): + * runtime/JSObjectWithGlobalObject.h: + (JSC::JSObjectWithGlobalObject::createStructure): + (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::JSPropertyNameIterator): + (JSC::JSPropertyNameIterator::create): + (JSC::JSPropertyNameIterator::get): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::createStructure): + (JSC::JSPropertyNameIterator::setCachedStructure): + (JSC::Structure::setEnumerationCache): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::JSStaticScopeObject): + (JSC::JSStaticScopeObject::createStructure): + * runtime/JSString.h: + (JSC::RopeBuilder::JSString): + (JSC::RopeBuilder::createStructure): + * runtime/JSType.h: + * runtime/JSTypeInfo.h: + (JSC::TypeInfo::TypeInfo): + * runtime/JSValue.h: + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::createStructure): + (JSC::JSVariableObject::JSVariableObject): + (JSC::JSVariableObject::copyRegisterArray): + * runtime/JSWrapperObject.h: + (JSC::JSWrapperObject::createStructure): + (JSC::JSWrapperObject::JSWrapperObject): + * runtime/JSZombie.cpp: + * runtime/JSZombie.h: + (JSC::JSZombie::JSZombie): + (JSC::JSZombie::createStructure): + * runtime/MathObject.cpp: + (JSC::MathObject::MathObject): + * runtime/MathObject.h: + (JSC::MathObject::createStructure): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + (JSC::NativeErrorConstructor::markChildren): + (JSC::constructWithNativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::createStructure): + * runtime/NativeErrorPrototype.cpp: + (JSC::NativeErrorPrototype::NativeErrorPrototype): + * runtime/NativeErrorPrototype.h: + * runtime/NumberConstructor.cpp: + (JSC::NumberConstructor::NumberConstructor): + * runtime/NumberConstructor.h: + (JSC::NumberConstructor::createStructure): + * runtime/NumberObject.cpp: + (JSC::NumberObject::NumberObject): + * runtime/NumberObject.h: + (JSC::NumberObject::createStructure): + * runtime/NumberPrototype.cpp: + (JSC::NumberPrototype::NumberPrototype): + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::ObjectConstructor): + * runtime/ObjectConstructor.h: + (JSC::ObjectConstructor::createStructure): + * runtime/ObjectPrototype.cpp: + (JSC::ObjectPrototype::ObjectPrototype): + * runtime/ObjectPrototype.h: + * runtime/PropertyMapHashTable.h: + (JSC::PropertyTable::PropertyTable): + * runtime/RegExpConstructor.cpp: + (JSC::RegExpConstructor::RegExpConstructor): + (JSC::RegExpMatchesArray::RegExpMatchesArray): + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::createStructure): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::RegExpObject): + * runtime/RegExpObject.h: + (JSC::RegExpObject::createStructure): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + * runtime/RegExpPrototype.h: + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::ScopeChainNode): + (JSC::ScopeChainNode::createStructure): + * runtime/StrictEvalActivation.cpp: + (JSC::StrictEvalActivation::StrictEvalActivation): + * runtime/StringConstructor.cpp: + (JSC::StringConstructor::StringConstructor): + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + (JSC::StringObject::StringObject): + * runtime/StringObject.h: + (JSC::StringObject::createStructure): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): + (JSC::StringObjectThatMasqueradesAsUndefined::createStructure): + * runtime/StringPrototype.cpp: + (JSC::StringPrototype::StringPrototype): + * runtime/StringPrototype.h: + (JSC::StringPrototype::createStructure): + * runtime/Structure.cpp: + (JSC::StructureTransitionTable::remove): + (JSC::StructureTransitionTable::add): + (JSC::Structure::Structure): + (JSC::Structure::~Structure): + (JSC::Structure::materializePropertyMap): + (JSC::Structure::addPropertyTransitionToExistingStructure): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::removePropertyTransition): + (JSC::Structure::changePrototypeTransition): + (JSC::Structure::despecifyFunctionTransition): + (JSC::Structure::getterSetterTransition): + (JSC::Structure::toDictionaryTransition): + (JSC::Structure::toCacheableDictionaryTransition): + (JSC::Structure::toUncacheableDictionaryTransition): + (JSC::Structure::sealTransition): + (JSC::Structure::freezeTransition): + (JSC::Structure::preventExtensionsTransition): + (JSC::Structure::flattenDictionaryStructure): + (JSC::Structure::copyPropertyTable): + (JSC::Structure::put): + (JSC::Structure::markChildren): + * runtime/Structure.h: + (JSC::Structure::create): + (JSC::Structure::setPrototypeWithoutTransition): + (JSC::Structure::createStructure): + (JSC::JSCell::createDummyStructure): + (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): + * runtime/StructureChain.cpp: + (JSC::StructureChain::StructureChain): + (JSC::StructureChain::markChildren): + * runtime/StructureChain.h: + (JSC::StructureChain::create): + (JSC::StructureChain::head): + (JSC::StructureChain::createStructure): + * runtime/StructureTransitionTable.h: + (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor): + (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer): + (JSC::StructureTransitionTable::~StructureTransitionTable): + (JSC::StructureTransitionTable::slot): + (JSC::StructureTransitionTable::setMap): + (JSC::StructureTransitionTable::singleTransition): + (JSC::StructureTransitionTable::clearSingleTransition): + (JSC::StructureTransitionTable::setSingleTransition): + * runtime/WeakGCMap.h: + (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor): + (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer): + (JSC::WeakGCMap::contains): + (JSC::WeakGCMap::find): + (JSC::WeakGCMap::remove): + (JSC::WeakGCMap::add): + (JSC::WeakGCMap::set): + (JSC::WeakGCMap::finalize): + * runtime/WriteBarrier.h: + (JSC::writeBarrier): + (JSC::WriteBarrierBase::set): + (JSC::WriteBarrierBase::operator*): + (JSC::WriteBarrierBase::operator->): + (JSC::WriteBarrierBase::setWithoutWriteBarrier): + +2011-04-15 Fridrich Strba <fridrich.strba@bluewin.ch> + + Reviewed by Gavin Barraclough. + + Correctly prefix symbols. Since gcc 4.5.0, Windows x64 symbols + are not prefixed by underscore anymore. This is consistent with + what MSVC does. + https://bugs.webkit.org/show_bug.cgi?id=58573 + + * jit/JITStubs.cpp: + +2011-04-15 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + Bug 58705 - DFG JIT Add support for flow control (branch, jump). + + Add support for control flow by breaking the CodeBlock up into multiple + basic blocks, generating code for each basic block in turn through the + speculative JIT & then the non-speculative JIT. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::setTemporary): + (JSC::DFG::ByteCodeParser::addToGraph): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + (JSC::DFG::BasicBlock::BasicBlock): + (JSC::DFG::BasicBlock::getBytecodeOffset): + (JSC::DFG::Graph::blockIndexForBytecodeOffset): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::JITCodeGenerator): + (JSC::DFG::JITCodeGenerator::addBranch): + (JSC::DFG::JITCodeGenerator::linkBranches): + (JSC::DFG::JITCodeGenerator::BranchRecord::BranchRecord): + * dfg/DFGNode.h: + (JSC::DFG::Node::Node): + (JSC::DFG::Node::isJump): + (JSC::DFG::Node::isBranch): + (JSC::DFG::Node::takenBytecodeOffset): + (JSC::DFG::Node::notTakenBytecodeOffset): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + +2011-04-15 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + + Bug 58701 - DFG JIT - add GetLocal/SetLocal nodes + + Use these for both access to arguments & local variables, adds ability + to set locals, such that values will persist between basic blocks. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::get): + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::getVariable): + (JSC::DFG::ByteCodeParser::setVariable): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::setArgument): + (JSC::DFG::ByteCodeParser::getThis): + (JSC::DFG::ByteCodeParser::setThis): + (JSC::DFG::ByteCodeParser::VariableRecord::VariableRecord): + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + (JSC::DFG::Graph::derefChildren): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::ref): + (JSC::DFG::Graph::deref): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasLocal): + (JSC::DFG::Node::local): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-04-15 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 58696 - DFG JIT split handling of vars/temporaries + + Presently all callee registers are treated as having single block scope, + since the DFG JIT can only compile single block functions. In order to + expand the JIT to support control flow we will need to change to retaining + locals (but not temporaries) across basic block boundaries. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::get): + (JSC::DFG::ByteCodeParser::set): + (JSC::DFG::ByteCodeParser::getVariable): + (JSC::DFG::ByteCodeParser::setVariable): + (JSC::DFG::ByteCodeParser::getTemporary): + (JSC::DFG::ByteCodeParser::setTemporary): + (JSC::DFG::ByteCodeParser::getArgument): + (JSC::DFG::ByteCodeParser::getInt32Constant): + (JSC::DFG::ByteCodeParser::getDoubleConstant): + (JSC::DFG::ByteCodeParser::getJSConstant): + (JSC::DFG::ByteCodeParser::constantUndefined): + (JSC::DFG::ByteCodeParser::constantNull): + (JSC::DFG::ByteCodeParser::one): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::parse): + (JSC::DFG::parse): + * dfg/DFGNode.h: + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::ScoreBoard): + (JSC::DFG::ScoreBoard::~ScoreBoard): + (JSC::DFG::ScoreBoard::allocate): + (JSC::DFG::ScoreBoard::use): + +2011-04-15 Michael Saboff <msaboff@apple.com> + + Reviewed by Oliver Hunt. + + globalObject moved to JSObjectWithGlobalObject.cpp inhibits inlining + https://bugs.webkit.org/show_bug.cgi?id=58677 + + Moved JSObjectWithGlobalObject::globalObject() to + runtime/JSObjectWithGlobalObject.h to allow the compiler to inline + it for a performance benefit. An equivalent instance had been in + a header file before r60057. + + * JavaScriptCore.exp: + * runtime/JSObjectWithGlobalObject.cpp: + * runtime/JSObjectWithGlobalObject.h: + (JSC::JSObjectWithGlobalObject::globalObject): + +2011-04-14 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make JSNodeFilterCondition handle its lifetime correctly + https://bugs.webkit.org/show_bug.cgi?id=58622 + + Add export + + * JavaScriptCore.exp: + +2011-04-14 Alexey Proskuryakov <ap@apple.com> + + Reviewed by Dan Bernstein. + + WebKit2: Password field input does not switch to ASCII-compatible source + https://bugs.webkit.org/show_bug.cgi?id=58583 + <rdar://problem/9059651> + + * wtf/Platform.h: Removed WTF_USE_CARBON_SECURE_INPUT_MODE. It's now only used by Chromium, + and shouldn't be enabled on any other platforms, so there is no reason to make it + configurable via Platform.h. + +2011-04-15 Dmitry Lomov <dslomov@google.com> + + Reviewed by David Levin. + + Add a sample test case for GTest framework + https://bugs.webkit.org/show_bug.cgi?id=58509 + + Add an example of GTest testcase, complete with a runner, to JavaScriptCore. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/tests/RunAllWtfTests.cpp: Added. + (main): + * wtf/tests/StringTests.cpp: Added. + +2011-04-15 Anna Cavender <annacc@chromium.org> + + Reviewed by Eric Carlson. + + Renaming TRACK feature define to VIDEO_TRACK + https://bugs.webkit.org/show_bug.cgi?id=53556 + + * Configurations/FeatureDefines.xcconfig: + +2011-04-14 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by Geoffrey Garen. + + Hide DFG_JIT_RESTRICTIONS behind ARITHMETIC_OP() macro, and rename + m_regressionGuard to m_parseFailed, such that it can be reused for + other failure cases. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::parse): + +2011-04-14 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoffrey Garen. + + Bug 58620 - DFG JIT - loading of arguments should not be lazy + + This optimization is overly simplistic. It only works because we never + write out definitions to arguments (since we currently only compile + single block functions). Revert this for now, we may want to reintroduce + something like this again in the future, but it will need to be aware + how to schedule definitions to arguments versus lazy loads that have not + yet been performed. + + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::needsSpill): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillInteger): + (JSC::DFG::JITCodeGenerator::fillDouble): + (JSC::DFG::JITCodeGenerator::fillJSValue): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::initConstantInfo): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::fillNumericToDouble): + (JSC::DFG::JITCompiler::fillInt32ToInteger): + (JSC::DFG::JITCompiler::fillToJS): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::isKnownInteger): + (JSC::DFG::NonSpeculativeJIT::isKnownNumeric): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::compile): + +2011-04-14 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoffrey Garen. + + Bug 58600 - DFG JIT bugs in ValueToInt, PutByVal + + The bug in PutByVal is that an operand is in JSValueOperand - when this + locks an integer into a register it will always retag the value without + checking if the register is already locked. This is a problem where the + value being stored by a PutByVal is the same as the subscript. + The subscript is locked into a register first, as a strict integer. + Locking the value results in the subscript being modified. + + The bug in ValueToInt related to the function of sillentFillAllRegisters. + The problem is that this method will restore all register values from + prior to the call, overwriting the result of the call out. Allow a + register to be passed to specifically be excluded from being preserved. + + * assembler/ARMAssembler.h: + (JSC::ARMAssembler::debugOffset): + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset): + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::debugOffset): + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::debugOffset): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::debugAddress): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::debugOffset): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::orPtr): + * assembler/X86Assembler.h: + (JSC::X86Assembler::debugOffset): + (JSC::X86Assembler::X86InstructionFormatter::debugOffset): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parse): + * dfg/DFGGenerationInfo.h: + * dfg/DFGJITCodeGenerator.cpp: + (JSC::DFG::JITCodeGenerator::fillJSValue): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::isConstant): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::isConstant): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::valueToNumber): + (JSC::DFG::NonSpeculativeJIT::valueToInt32): + (JSC::DFG::NonSpeculativeJIT::numberToInt32): + (JSC::DFG::NonSpeculativeJIT::isKnownInteger): + (JSC::DFG::NonSpeculativeJIT::isKnownNumeric): + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + (JSC::DFG::NonSpeculativeJIT::silentSpillGPR): + (JSC::DFG::NonSpeculativeJIT::silentSpillFPR): + (JSC::DFG::NonSpeculativeJIT::silentFillGPR): + (JSC::DFG::NonSpeculativeJIT::silentFillFPR): + (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters): + (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2011-04-14 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Drain the mark stack while marking weak handles, not after. + https://bugs.webkit.org/show_bug.cgi?id=58574 + + Otherwise, items that would have caused more weak handle marking are + processed after all weak handle marking has finished, and referenced + weak handles get recycled. + + * heap/HandleHeap.cpp: + (JSC::HandleHeap::markWeakHandles): Removed looping from here, since we + want Heap::markRoots to be responsible for draining the mark stack. + + * heap/Heap.cpp: + (JSC::Heap::markRoots): Moved looping to here, as explained above. + + For efficiency's sake, drain the mark stack before starting to mark weak + handles. Otherwise, items drained while marking weak handles may force + an extra trip through the weak handle list. + + For correctness's sake, drain the mark stack each time through the weak + handle list. Otherwise, opaque roots that would make weak handles reachable + are not discovered until after weak handle marking is over. + +2011-04-14 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make protected object list in caches window reflect reality + https://bugs.webkit.org/show_bug.cgi?id=58565 + + Make sure the heap includes objects protected by Strong handles + in its list of protected objects. + + * heap/HandleHeap.h: + * heap/Heap.cpp: + (JSC::HandleHeap::protectedObjectTypeCounts): + +2011-04-14 Satish Sampath <satish@chromium.org> + + Reviewed by Anders Carlsson. + + Don't emit RegExp tables for chromium where they are not used + https://bugs.webkit.org/show_bug.cgi?id=58544 + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * create_regex_tables: Added the "--notables" command line argument. + +2011-04-13 Geoffrey Garen <ggaren@apple.com> + + Try to fix ASSERTs seen on Windows bots. + + * wtf/HashTable.h: + (WTF::hashTableSwap): Force MSVC to use the right version of swap. + +2011-04-13 Ryuan Choi <ryuan.choi@samsung.com> + + Reviewed by Kenneth Rohde Christiansen. + + [CMAKE] Separate DerivedSources. + https://bugs.webkit.org/show_bug.cgi?id=58427 + + * CMakeLists.txt: Change DERIVED_SOURCES_DIR to DERIVED_SOURCES_JAVASCRIPTCORE_DIR. + +2011-04-13 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Switched DOM wrappers to use HashMap of Weak<T> instead of WeakGCMap<T> + https://bugs.webkit.org/show_bug.cgi?id=58482 + + This will allow wrappers to make individual decisions about their lifetimes. + + * heap/HandleHeap.h: + (JSC::HandleHeap::copyWeak): New function for copying a weak handle. + It's wasn't previously possible to perform this operation using HandleHeap + API because the HandleHeap doesn't expose its underlying Node structure. + + * heap/Local.h: + (JSC::::set): + * heap/Strong.h: + (JSC::Strong::set): Added ASSERTs to verify that dead objects are not + resurrected by placement into handles. + + (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table + is efficient. + + * heap/Weak.h: + (JSC::Weak::Weak): Fixed a bug where copying a weak pointer would not + copy its weak callback and context. + + (JSC::Weak::operator=): Added an assignment operator, since the default + C++ assignment operator did the wrong thing. + + (JSC::Weak::set): Added ASSERTs to verify that dead objects are not + resurrected by placement into handles. + + (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table + is efficient, and can be done without copying, which is illegal during + the handle finalization phase. + +2011-04-13 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Make PropertyMapEntry use a WriteBarrier for specificValue + https://bugs.webkit.org/show_bug.cgi?id=58407 + + Make PropertyMapEntry use a WriteBarrier for specificValue, and then + propagate the required JSGlobalData through all the methods it ends + up being needed. + + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): + * API/JSContextRef.cpp: + * API/JSObjectRef.cpp: + (JSObjectMake): + (JSObjectSetPrototype): + * JavaScriptCore.exp: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + * interpreter/Interpreter.cpp: + (JSC::appendSourceToError): + (JSC::Interpreter::tryCacheGetByID): + (JSC::Interpreter::privateExecute): + * jit/JITStubs.cpp: + (JSC::JITThunks::tryCacheGetByID): + (JSC::DEFINE_STUB_FUNCTION): + * runtime/BatchedTransitionOptimizer.h: + (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): + * runtime/InternalFunction.cpp: + (JSC::InternalFunction::name): + (JSC::InternalFunction::displayName): + * runtime/JSActivation.cpp: + (JSC::JSActivation::getOwnPropertySlot): + * runtime/JSFunction.cpp: + (JSC::JSFunction::name): + (JSC::JSFunction::displayName): + (JSC::JSFunction::getOwnPropertySlot): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::putWithAttributes): + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::resetPrototype): + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC::JSObject::deleteProperty): + (JSC::JSObject::defineGetter): + (JSC::JSObject::defineSetter): + (JSC::JSObject::lookupGetter): + (JSC::JSObject::lookupSetter): + (JSC::JSObject::getPropertySpecificValue): + (JSC::JSObject::getOwnPropertyNames): + (JSC::JSObject::seal): + (JSC::JSObject::freeze): + (JSC::JSObject::preventExtensions): + (JSC::JSObject::removeDirect): + (JSC::JSObject::getOwnPropertyDescriptor): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + (JSC::JSObject::getDirect): + (JSC::JSObject::getDirectLocation): + (JSC::JSObject::isSealed): + (JSC::JSObject::isFrozen): + (JSC::JSObject::setPrototypeWithCycleCheck): + (JSC::JSObject::setPrototype): + (JSC::JSObject::inlineGetOwnPropertySlot): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::putDirectWithoutTransition): + (JSC::JSObject::putDirectFunctionWithoutTransition): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorCreate): + (JSC::objectConstructorSeal): + (JSC::objectConstructorFreeze): + (JSC::objectConstructorPreventExtensions): + (JSC::objectConstructorIsSealed): + (JSC::objectConstructorIsFrozen): + * runtime/Operations.h: + (JSC::normalizePrototypeChain): + * runtime/PropertyMapHashTable.h: + (JSC::PropertyMapEntry::PropertyMapEntry): + (JSC::PropertyTable::PropertyTable): + (JSC::PropertyTable::copy): + * runtime/Structure.cpp: + (JSC::Structure::materializePropertyMap): + (JSC::Structure::despecifyDictionaryFunction): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::removePropertyTransition): + (JSC::Structure::changePrototypeTransition): + (JSC::Structure::despecifyFunctionTransition): + (JSC::Structure::getterSetterTransition): + (JSC::Structure::toDictionaryTransition): + (JSC::Structure::toCacheableDictionaryTransition): + (JSC::Structure::toUncacheableDictionaryTransition): + (JSC::Structure::sealTransition): + (JSC::Structure::freezeTransition): + (JSC::Structure::preventExtensionsTransition): + (JSC::Structure::isSealed): + (JSC::Structure::isFrozen): + (JSC::Structure::addPropertyWithoutTransition): + (JSC::Structure::removePropertyWithoutTransition): + (JSC::Structure::copyPropertyTable): + (JSC::Structure::get): + (JSC::Structure::despecifyFunction): + (JSC::Structure::despecifyAllFunctions): + (JSC::Structure::put): + (JSC::Structure::getPropertyNames): + * runtime/Structure.h: + (JSC::Structure::get): + (JSC::Structure::materializePropertyMapIfNecessary): + +2011-04-13 Paul Knight <pknight@apple.com> + + Reviewed by Gavin Barraclough. + + BACKTRACE() macro should check for Debug configuration in macro, not WTFReportBacktrace definition + https://bugs.webkit.org/show_bug.cgi?id=58405 + + The BACKTRACE() macro requires JavaScriptCore be built with a Debug + configuration in order for it to be enabled. Move the NDEBUG check to + the header so it will be enabled when the calling framework or + application is built with a Debug configuration, similar to how + ASSERT() and friends work. + + * wtf/Assertions.cpp: + * wtf/Assertions.h: + +2011-04-12 Ben Taylor <bentaylor.solx86@gmail.com> + + Reviewed by Alexey Proskuryakov. + + https://bugs.webkit.org/show_bug.cgi?id=58131 + + Provide a workaround for an obscure Studio 12 compiler bug, which + couldn't call src->~T() on a const T *src. + + * wtf/Vector.h: + +2011-04-12 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=58395 + Exceptions thrown from property getters called from Array prototype functions can be missed + + This is caught by an ASSERT in the top of Interpreter::executeCall. + Check for exceptions after accessing properties that could be getters. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + - Add exception checks. + +2011-04-12 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make API callback objects use weak handles to run their finalizers + https://bugs.webkit.org/show_bug.cgi?id=58389 + + Make the API object's private data struct act as a finalizer for + an api object if the callback object has a API defined finalizer. + + * API/JSCallbackObject.cpp: + (JSC::JSCallbackObjectData::finalize): + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + (JSC::::init): + * heap/Handle.h: + +2011-04-12 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Geoffrey Garen. + + Cleaned up hash traits, and added hash traits for handles + https://bugs.webkit.org/show_bug.cgi?id=58381 + + * heap/Handle.h: + (JSC::HandleBase::swap): + (JSC::Handle::Handle): + (JSC::Handle::swap): Implemented swap, so we can rehash efficiently, and + without creating new handles (which is not allowed during handle finalization). + + * heap/Strong.h: + (JSC::Strong::swap): Use new SimpleClassHashTraits to avoid duplication. + + * heap/Weak.h: + (JSC::Weak::isHashTableDeletedValue): + (JSC::Weak::Weak): + (JSC::Weak::swap): + (JSC::Weak::hashTableDeletedValue): Ditto. + + * wtf/HashTraits.h: + (WTF::SimpleClassHashTraits::constructDeletedValue): + (WTF::SimpleClassHashTraits::isDeletedValue): Added SimpleClassHashTraits, + which are analogous to SimpleClassVectorTraits, since they are used in a + bunch of places. + + * wtf/RetainPtr.h: Use new SimpleClassHashTraits to avoid duplication. + + * wtf/text/StringHash.h: Use new SimpleClassHashTraits to avoid duplication. + +2011-04-12 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Cleaned up some Vector traits, and added missing Vector traits for handles + https://bugs.webkit.org/show_bug.cgi?id=58372 + + * heap/Local.h: Inherit from SimpleClassVectorTraits to avoid duplication. + + * heap/Strong.h: Ditto. + + * heap/Weak.h: Ditto. + + * parser/JSParser.cpp: Fixed a traits error. No test case because this + particular trait is not currently exercised by the parser. + + * runtime/UString.h: No need to override canInitializeWithMemset, since + our base class sets it to true. + + * wtf/VectorTraits.h: Inherit from VectorTraitsBase to avoid duplication. + + * wtf/text/WTFString.h: No need to override canInitializeWithMemset, since + our base class sets it to true. + +2011-04-12 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Reviewed by Eric Seidel. + + [Qt] Enable JIT build for SH4 platforms. + https://bugs.webkit.org/show_bug.cgi?id=58317 + enable JIT build for QT backend for SH4 platforms. + + * JavaScriptCore.pro: + * wtf/Platform.h: + +2011-04-11 Ben Taylor <bentaylor.solx86@gmail.com> + + Reviewed by Alexey Proskuryakov. + + https://bugs.webkit.org/show_bug.cgi?id=58289 + + Fix compilation on Solaris/Studio 12 C++ in wtf/FastMalloc.cpp, + WTF::TCMalloc_PageHeap::runScavengerThread(void*) expected to return a value. + + * wtf/FastMalloc.cpp: + (WTF::TCMalloc_PageHeap::runScavengerThread): + +2011-04-11 Mark Rowe <mrowe@apple.com> + + Fix the build. + + * JavaScriptCore.xcodeproj/project.pbxproj: Headers used outside of JavaScriptCore need to be marked as private. + +2011-04-11 Anna Cavender <annacc@chromium.org> + + Reviewed by Eric Carlson. + + Setup ENABLE(TRACK) feature define + https://bugs.webkit.org/show_bug.cgi?id=53556 + + + * Configurations/FeatureDefines.xcconfig: + +2011-04-11 Geoffrey Garen <ggaren@apple.com> + + Try to fix a few builds. + + Updated a few more build configurations for file moves. + + * CMakeListsWinCE.txt: + +2011-04-11 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 58263 - Use EncodedValueDescriptor on both JSVALUE32_64, JSVALUE64 + + The JSJITInterface already uses EncodedValueDescriptor to access the tag/payload + separately on JSVALUE64, even though EncodedValueDescriptor is not used in + JSVALUE64's implementation of JSValue. Remove the separate definition for m_ptr + on X86_64. Using the union allows us to remove a layer of makeImmediate()/ + immedaiteValue() methods. + + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITInlineMethods.h: + (JSC::JIT::emitTagAsBoolImmediate): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_not): + (JSC::JIT::emit_op_jeq_null): + (JSC::JIT::emit_op_jneq_null): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_eq_null): + (JSC::JIT::emit_op_neq_null): + (JSC::JIT::emitSlow_op_not): + * runtime/JSCell.h: + * runtime/JSValue.h: + * runtime/JSValueInlineMethods.h: + (JSC::JSValue::encode): + (JSC::JSValue::decode): + (JSC::JSValue::operator==): + (JSC::JSValue::operator!=): + (JSC::JSValue::JSValue): + (JSC::JSValue::operator bool): + (JSC::JSValue::asInt32): + (JSC::JSValue::isUndefinedOrNull): + (JSC::JSValue::isBoolean): + (JSC::JSValue::isCell): + (JSC::JSValue::isInt32): + (JSC::JSValue::asDouble): + (JSC::JSValue::isNumber): + (JSC::JSValue::asCell): + +2011-04-11 Geoffrey Garen <ggaren@apple.com> + + Try to fix a few builds. + + Updated a few more build configurations for file moves. + + * CMakeListsEfl.txt: + * wscript: + +2011-04-11 Geoffrey Garen <ggaren@apple.com> + + Build fix: Updated a file name. + + * CMakeLists.txt: + +2011-04-11 Geoffrey Garen <ggaren@apple.com> + + Rubber-stamped by Sam Weinig. + + Moved remaining heap implementation files to the heap folder. + + * Android.mk: + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/ConservativeRoots.cpp: Copied from runtime/ConservativeSet.cpp. + * heap/ConservativeRoots.h: Copied from runtime/ConservativeSet.h. + * heap/Handle.h: + * heap/Heap.cpp: + * heap/MachineStackMarker.cpp: Copied from runtime/MachineStackMarker.cpp. + * heap/MachineStackMarker.h: Copied from runtime/MachineStackMarker.h. + * heap/MarkStack.cpp: Copied from runtime/MarkStack.cpp. + * heap/MarkStack.h: Copied from runtime/MarkStack.h. + * heap/MarkStackPosix.cpp: Copied from runtime/MarkStackPosix.cpp. + * heap/MarkStackSymbian.cpp: Copied from runtime/MarkStackSymbian.cpp. + * heap/MarkStackWin.cpp: Copied from runtime/MarkStackWin.cpp. + * heap/MarkedBlock.cpp: Copied from runtime/MarkedBlock.cpp. + * heap/MarkedBlock.h: Copied from runtime/MarkedBlock.h. + * heap/MarkedSpace.cpp: Copied from runtime/MarkedSpace.cpp. + * heap/MarkedSpace.h: Copied from runtime/MarkedSpace.h. + * interpreter/RegisterFile.cpp: + * runtime/ConservativeSet.cpp: Removed. + * runtime/ConservativeSet.h: Removed. + * runtime/MachineStackMarker.cpp: Removed. + * runtime/MachineStackMarker.h: Removed. + * runtime/MarkStack.cpp: Removed. + * runtime/MarkStack.h: Removed. + * runtime/MarkStackPosix.cpp: Removed. + * runtime/MarkStackSymbian.cpp: Removed. + * runtime/MarkStackWin.cpp: Removed. + * runtime/MarkedBlock.cpp: Removed. + * runtime/MarkedBlock.h: Removed. + * runtime/MarkedSpace.cpp: Removed. + * runtime/MarkedSpace.h: Removed. + +2011-04-11 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-04-09 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 58198 - Clean up JSValue implementation for JSVALUE64 + + Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64 + + JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64, + which should not have been here. JSImmediate mostly contained uncalled methods, + along with the internal implementation of the JSValue constructors split unnecessarily + across a number of layers of function calls. These could largely be merged back + together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified. + + The .cpp files were empty. + + Moving all these methods into JSValue.h seems to be a repro measurable regression, so + I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag + values as static const members of JSValue also measures as a repro regression, so I + have made these #defines. + + * Android.mk: + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + - Removed JSImmediate.h, JSNumberCell.h. + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitLoad): + - Removed class JSImmediate. + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + - Removed class JSImmediate. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - Removed class JSImmediate. + * jit/JITArithmetic.cpp: + (JSC::JIT::compileBinaryArithOpSlowCase): + - Removed class JSImmediate. + * jit/JITInlineMethods.h: + (JSC::JIT::emitJumpIfJSCell): + (JSC::JIT::emitJumpIfNotJSCell): + (JSC::JIT::emitJumpIfImmediateInteger): + (JSC::JIT::emitJumpIfNotImmediateInteger): + (JSC::JIT::emitFastArithDeTagImmediate): + (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero): + (JSC::JIT::emitFastArithReTagImmediate): + (JSC::JIT::emitTagAsBoolImmediate): + - Removed class JSImmediate. + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_not): + (JSC::JIT::emit_op_jeq_null): + (JSC::JIT::emit_op_jneq_null): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_eq_null): + (JSC::JIT::emit_op_neq_null): + (JSC::JIT::emitSlow_op_not): + - Removed class JSImmediate. + * jit/JSInterfaceJIT.h: + - Removed class JSImmediate. + * runtime/JSCell.h: + - Removed JSImmediate.h, JSNumberCell.h. + * runtime/JSImmediate.cpp: Removed. + * runtime/JSImmediate.h: Removed. + * runtime/JSNumberCell.cpp: Removed. + * runtime/JSNumberCell.h: Removed. + - Removed. + * runtime/JSObject.h: + - Removed JSImmediate.h, JSNumberCell.h. + * runtime/JSString.h: + - Removed JSImmediate.h, JSNumberCell.h. + * runtime/JSValue.h: + - Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64. + * runtime/JSValueInlineMethods.h: Added. + (JSC::JSValue::toInt32): + (JSC::JSValue::toUInt32): + (JSC::JSValue::isUInt32): + (JSC::JSValue::asUInt32): + (JSC::JSValue::uncheckedGetNumber): + (JSC::JSValue::toJSNumber): + (JSC::jsNaN): + (JSC::JSValue::getNumber): + (JSC::JSValue::getBoolean): + (JSC::JSValue::JSValue): + (JSC::JSValue::encode): + (JSC::JSValue::decode): + (JSC::JSValue::operator bool): + (JSC::JSValue::operator==): + (JSC::JSValue::operator!=): + (JSC::JSValue::isUndefined): + (JSC::JSValue::isNull): + (JSC::JSValue::isUndefinedOrNull): + (JSC::JSValue::isCell): + (JSC::JSValue::isInt32): + (JSC::JSValue::isDouble): + (JSC::JSValue::isTrue): + (JSC::JSValue::isFalse): + (JSC::JSValue::tag): + (JSC::JSValue::payload): + (JSC::JSValue::asInt32): + (JSC::JSValue::asDouble): + (JSC::JSValue::asCell): + (JSC::JSValue::isNumber): + (JSC::JSValue::isBoolean): + (JSC::JSValue::makeImmediate): + (JSC::JSValue::immediateValue): + (JSC::reinterpretDoubleToIntptr): + (JSC::reinterpretIntptrToDouble): + - Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h. + * runtime/Operations.h: + - Removed JSImmediate.h, JSNumberCell.h. + * wtf/StdLibExtras.h: + - Export bitwise_cast. + +2011-04-11 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Reviewed by Oliver Hunt. + + SH4 JIT SUPPORT. + https://bugs.webkit.org/show_bug.cgi?id=44329 + + Add JIT remaining part for SH4 platforms. + + * assembler/MacroAssemblerSH4.h: + * jit/JIT.h: + * jit/JITInlineMethods.h: + * jit/JITOpcodes32_64.cpp: + * jit/JITPropertyAccess32_64.cpp: + * jit/JITStubs.cpp: + * jit/JITStubs.h: + * jit/JSInterfaceJIT.h: + +2011-04-10 Geoffrey Garen <ggaren@apple.com> + + Rubber-stamped by Beth Dakin. + + Moved Heap.h and Heap.cpp to the heap folder, because anything less + would be uncivilized. + + * Android.mk: + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * heap/Heap.cpp: Copied from JavaScriptCore/runtime/Heap.cpp. + * heap/Heap.h: Copied from JavaScriptCore/runtime/Heap.h. + * runtime/Heap.cpp: Removed. + * runtime/Heap.h: Removed. + +2011-04-10 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Darin Adler. + + Remove duplicated code from AtomicString::fromUTF8() + https://bugs.webkit.org/show_bug.cgi?id=53711 + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/text/AtomicString.cpp: + (WTF::AtomicString::fromUTF8Internal): + * wtf/text/AtomicString.h: + (WTF::AtomicString::fromUTF8): + * wtf/unicode/UTF8.cpp: + (WTF::Unicode::calculateStringHashAndLengthFromUTF8): + * wtf/unicode/UTF8.h: + +2011-04-10 Maciej Stachowiak <mjs@apple.com> + + Not reviewed. + + Fix build (at least on Lion) by adding some newish header files to + PrivateHeaders. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-04-09 Geoffrey Garen <ggaren@apple.com> + + Not reviewed. + + Try recommitting some things svn left out of its last commit. + + * heap/Handle.h: + (JSC::HandleBase::operator!): + (JSC::HandleBase::HandleBase): + (JSC::HandleBase::slot): + (JSC::HandleBase::setSlot): + (JSC::Handle::Handle): + * heap/HandleHeap.cpp: + (JSC::HandleHeap::markWeakHandles): + (JSC::HandleHeap::finalizeWeakHandles): + (JSC::HandleHeap::isValidWeakNode): + * heap/HandleHeap.h: + (JSC::HandleHeap::globalData): + +2011-04-08 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + A few heap-related renames and file moves. + + WeakGCPtr<T> => Weak<T> + Global<T> => Strong<T> + collector/ => heap/ + collector/* => heap/* + runtime/WeakGCPtr.h => heap/Weak.h + + (Eventually, even more files should move into the heap directory. Like + Heap.h and Heap.cpp, for example.) + + * API/JSClassRef.h: + * CMakeLists.txt: + * GNUmakefile.am: + * GNUmakefile.list.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pri: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: + * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/SamplingTool.h: + * bytecompiler/BytecodeGenerator.h: + * collector: Removed. + * collector/handles: Removed. + * collector/handles/Global.h: Removed. + * collector/handles/Handle.h: Removed. + * collector/handles/HandleHeap.cpp: Removed. + * collector/handles/HandleHeap.h: Removed. + * collector/handles/HandleStack.cpp: Removed. + * collector/handles/HandleStack.h: Removed. + * collector/handles/Local.h: Removed. + * collector/handles/LocalScope.h: Removed. + * heap: Copied from collector. + * heap/Handle.h: Copied from collector/handles/Handle.h. + * heap/HandleHeap.cpp: Copied from collector/handles/HandleHeap.cpp. + * heap/HandleHeap.h: Copied from collector/handles/HandleHeap.h. + * heap/HandleStack.cpp: Copied from collector/handles/HandleStack.cpp. + * heap/HandleStack.h: Copied from collector/handles/HandleStack.h. + * heap/Local.h: Copied from collector/handles/Local.h. + * heap/LocalScope.h: Copied from collector/handles/LocalScope.h. + * heap/Strong.h: Copied from collector/handles/Global.h. + (JSC::Strong::Strong): + (JSC::Strong::~Strong): + (JSC::Strong::operator=): + * heap/Weak.h: Copied from runtime/WeakGCPtr.h. + (JSC::Weak::Weak): + (JSC::Weak::~Weak): + * heap/handles: Removed. + * interpreter/RegisterFile.h: + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): + * jit/JITStubs.h: + * runtime/Structure.h: + * runtime/WeakGCPtr.h: Removed. + +2011-04-08 Alpha Lam <hclam@chromium.org> + + Unreviewed, rolling out r83335. + http://trac.webkit.org/changeset/83335 + https://bugs.webkit.org/show_bug.cgi?id=53556 + + GTK and QT bots are broken + + * Configurations/FeatureDefines.xcconfig: + +2011-04-08 Gavin Barraclough <barraclough@apple.com> + + Ooops, typo, build fix. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parse): + +2011-04-08 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Bug 58154 - Add support for comparison operators to the DFG JIT. + + Add support for <, <=, ==, ===, and also !. Add support for all corresponding + bytecode ops, including the not- and -null forms. Initially add functionally + correct support, we'll revisit the performance. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::constantNull): + (JSC::DFG::ByteCodeParser::parse): + - Add support for parsing of bytecode opcodes, + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::callOperation): + - Add new operation call types, return bool values. + * dfg/DFGNode.h: + - Add new node types. + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + - Add code generation for new nodes. + * dfg/DFGOperations.cpp: + (JSC::DFG::operationCompareLess): + (JSC::DFG::operationCompareLessEq): + (JSC::DFG::operationCompareEq): + (JSC::DFG::operationCompareStrictEq): + (JSC::DFG::dfgConvertJSValueToBoolean): + * dfg/DFGOperations.h: + - Add operation callbacks to implement new ops. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + - Add code generation for new nodes. + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate. + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompilePatchGetArrayLength): + - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate. + * runtime/JSImmediate.h: + - Make tag values public, rather than relying on a friend - this matches JSVALUE32_64. + +2011-04-07 Anna Cavender <annacc@chromium.org> + + Reviewed by Eric Carlson. + + Setup ENABLE(TRACK) feature define + https://bugs.webkit.org/show_bug.cgi?id=53556 + + + * Configurations/FeatureDefines.xcconfig: + +2011-04-07 Balazs Kelemen <kbalazs@webkit.org> + + Reviewed by Kenneth Rohde Christiansen. + + [WK2][Qt][GTK] Introduce common use flag for the shared UNIX domain socket IPC implementation + https://bugs.webkit.org/show_bug.cgi?id=58030 + + * wtf/Platform.h: Introduce USE(UNIX_DOMAIN_SOCKETS) for WebKit2. + +2011-04-08 Adam Roben <aroben@apple.com> + + Clean build fix + + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Don't try to delete directories that + don't exist. Also switched from del /s to rmdir /s, which has the benefit of deleting the + directory itself in addition to the files it contains. + +2011-04-07 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Maciej Stachowiak. + + Some Handle<T> cleanup + https://bugs.webkit.org/show_bug.cgi?id=58109 + + * bytecode/SamplingTool.h: Sorted alphabetically because that's the + WebKit style. Added a Global.h #include that was previously missing + but harmless. + + * collector/handles/Global.h: + (JSC::Global::Global): Added a null constructor. No need for a special + tag, and the tag is incompatible with some data structures. + + (JSC::Global::isHashTableDeletedValue): + (JSC::Global::~Global): + (JSC::Global::set): + (JSC::Global::operator=): + (JSC::Global::clear): + (JSC::Global::hashTableDeletedValue): Reordered constructors to be near + each other. + + (JSC::Global::setWithWriteBarrier): Renamed internalSet to + setWithWriteBarrier for clarity, and funneled more code into using set + and setWithWriteBarrier to reduce duplication. + + * collector/handles/Handle.h: + (JSC::HandleBase::operator!): + (JSC::HandleBase::HandleBase): Removed isEmpty(), since we already have + boolean and ! operators. + + (JSC::HandleBase::slot): + (JSC::HandleBase::setSlot): + (JSC::Handle::Handle): Added general support for null Handles. This was + previously outlawed by ASSERTs, but our code has grown to support and + rely on null Handles. + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::markWeakHandles): + (JSC::HandleHeap::finalizeWeakHandles): + (JSC::HandleHeap::isValidWeakNode): Migrated from isValidWeakHandle, + and beefed this up a bit. + + * collector/handles/HandleHeap.h: + (JSC::HandleHeap::globalData): Added accessor, used by some new set functions. + + * collector/handles/Local.h: Moved hash traits to the bottom of the file, + since this file is about the Local class, not the traits. + + (JSC::::Local): Updated for removal of invalidate(). + + (JSC::::operator): Deployed "using" to avoid a lot of this-> + template funny business. + + (JSC::::setWithSlotCheck): Renamed from internalSet, more specific now. + + * interpreter/RegisterFile.h: + (JSC::RegisterFile::RegisterFile): Updated to use null constructor. + + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): + + * runtime/JSPropertyNameIterator.h: + (JSC::Structure::setEnumerationCache): + * runtime/Structure.h: Removed clearEnumerationCache + because it was an unused holdover from when the enumeration cache was + not a handle. + + * runtime/WeakGCMap.h: + (JSC::WeakGCMap::set): Finish initializing our handle before putting it + in the table. This seemed more logical, and at one point was required + to avoid triggering an ASSERT. + + * runtime/WeakGCPtr.h: Inherit from Handle instead of rolling our own + handle-like behavior, to avoid duplication. + + (JSC::WeakGCPtr::WeakGCPtr): + (JSC::WeakGCPtr::~WeakGCPtr): + (JSC::WeakGCPtr::get): + (JSC::WeakGCPtr::clear): + (JSC::WeakGCPtr::set): + (JSC::WeakGCPtr::setWithWriteBarrier): Removed duplicate code and + standardized on Handle idioms. + +2011-04-07 Adam Barth <abarth@webkit.org> + + Reviewed by Martin Robinson. + + Refactor Gtk build system to separate list of files + https://bugs.webkit.org/show_bug.cgi?id=58090 + + This is the first step towards generating part of the GTK build system + using GYP. In the first iteration, our plan is to just generate the + list of files. This patch is the first step, which is to separate out + the part of JavaScriptCore build system that we intend to generate from + the rest of the build system. + + * GNUmakefile.am: + * GNUmakefile.list.am: Added. + +2011-04-07 Zoltan Herczeg <zherczeg@webkit.org> + + Reviewed by Gavin Barraclough. + + Mapping booleans the same way as integers + https://bugs.webkit.org/show_bug.cgi?id=56913 + + Instead of having a seperate tag field for booleans, + the logical values are stored in the payload field + (for JSValue32_64 representation). + + 1.007x speedup on SunSpider. + + * jit/JIT.h: + * jit/JITInlineMethods.h: + (JSC::JIT::emitStoreBool): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_instanceof): + (JSC::JIT::emit_op_not): + (JSC::JIT::emit_op_jfalse): + (JSC::JIT::emitSlow_op_jfalse): + (JSC::JIT::emit_op_jtrue): + (JSC::JIT::emitSlow_op_jtrue): + (JSC::JIT::emit_op_jeq_null): + (JSC::JIT::emit_op_jneq_null): + (JSC::JIT::emit_op_eq): + (JSC::JIT::emitSlow_op_eq): + (JSC::JIT::emit_op_neq): + (JSC::JIT::emitSlow_op_neq): + (JSC::JIT::compileOpStrictEq): + (JSC::JIT::emit_op_eq_null): + (JSC::JIT::emit_op_neq_null): + * jit/JSInterfaceJIT.h: + * runtime/JSValue.h: + (JSC::JSValue::JSValue): + (JSC::JSValue::isTrue): + (JSC::JSValue::isFalse): + (JSC::JSValue::getBoolean): + +2011-04-07 Eric Seidel <eric@webkit.org> + + Reviewed by Adam Barth. + + Add stub support for generating Gtk build system from gyp + https://bugs.webkit.org/show_bug.cgi?id=58086 + + This does not produce a buildable JavaScriptCore, but it + does allow running gyp/configure --port=gtk and having + it generate a gtk.Makefile which we can use for testing + the rest of the plumbing. + + * gyp/gtk.gyp: Added. + +2011-04-07 Andrew Scherkus <scherkus@chromium.org> + + Revert ENABLE_TRACK patch due to compile failures. + + * Configurations/FeatureDefines.xcconfig: + +2011-04-07 Adam Barth <abarth@webkit.org> + + Fix whitespace in GNUmakefile.am. + + * GNUmakefile.am: + +2011-04-07 Gavin Barraclough <barraclough@apple.com> + + Fix a couple of typos in comments that Darin spotted. + + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_not): + * runtime/JSImmediate.h: + +2011-04-06 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoff Garen. + Bug 58057 - Store boolean payload in low bit of JSImmediate + + And remove some uncalled functions from JSImmediate.h + + * jit/JITInlineMethods.h: + (JSC::JIT::emitTagAsBoolImmediate): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_not): + * runtime/JSImmediate.h: + (JSC::JSImmediate::makeInt): + (JSC::JSImmediate::makeBool): + (JSC::JSImmediate::intValue): + (JSC::JSImmediate::boolValue): + (JSC::JSImmediate::asInt32): + (JSC::JSImmediate::toDouble): + (JSC::JSValue::asInt32): + (JSC::JSValue::isUInt32): + (JSC::JSValue::asUInt32): + +2011-04-07 Liang Qi <liang.qi@nokia.com> + + Reviewed by Laszlo Gombos. + + [Qt][Symbian] Enable webkit build with GCCE on Symbian. + https://bugs.webkit.org/show_bug.cgi?id=57841 + + * wtf/MathExtras.h: GCCE compiler doesn't support those std static functions. + +2011-04-06 Dai Mikurube <dmikurube@chromium.org> + + Reviewed by David Levin. + + Add QUOTA build flag for unified quota API + https://bugs.webkit.org/show_bug.cgi?id=57918 + + * Configurations/FeatureDefines.xcconfig: Added QUOTA build flag + +2011-04-06 Kevin Ollivier <kevino@theolliviers.com> + + Reviewed by Darin Adler. + + Make sure JS_EXPORT_PRIVATE is an empty define when we aren't using the export macros. + + https://bugs.webkit.org/show_bug.cgi?id=27551 + + * config.h: + +2011-04-06 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Stop JSObject::isUsingInlineStorage() from using the structure + https://bugs.webkit.org/show_bug.cgi?id=57986 + + Make the isUsingInlineStorage() implementation just look at + whether the property storage is inside the object. + + * runtime/JSObject.h: + (JSC::JSObject::isUsingInlineStorage): + (JSC::JSObject::JSObject): + +2011-04-06 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by Geoff Garen. + + Update comments documenting JSVALUE64/JSVALUE32_64 JSValue representations. + + * runtime/JSImmediate.h: + * runtime/JSValue.h: + +2011-04-06 Lucas De Marchi <lucas.demarchi@profusion.mobi> + + cmake: Fix build for ARMv7 + + * CMakeLists.txt: add missing file. + +2011-04-06 Liang Qi <liang.qi@nokia.com> + + Reviewed by Benjamin Poulain. + + Correct a include file name. + https://bugs.webkit.org/show_bug.cgi?id=57839 + + * wtf/PageAllocatorSymbian.h: It should be case sensitive. This fix + builds on Unix hosts. + +2011-04-06 Adam Roben <aroben@apple.com> + + Build fix after r83056 + + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Added property svn:executable. + +2011-04-06 Adam Roben <aroben@apple.com> + + Move JavaScriptCoreGenerated's file-copying logic out to a new script + + Hopefully this will make it easier to modify this logic in the future. I also made the + script much quieter than the old logic, since it didn't seem helpful to see long lists of + filenames during the copying phase. + + If we like this new style, we could copy it for our other projects. + + Fixes <http://webkit.org/b/57950> JavaScriptCoreGenerated's file-copying logic is hard to + modify and noisy + + Reviewed by Steve Falkenburg. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Moved logic to copy + files from here... + * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: ...to here. (Added.) + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added copy-files.cmd + for convenience. + +2011-04-05 Geoffrey Garen <ggaren@apple.com> + + Try to fix the Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Who likes export files? I do! + +2011-04-05 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Introduced the concept of opaque roots, in preparation for marking the DOM with them + https://bugs.webkit.org/show_bug.cgi?id=57903 + + * JavaScriptCore.exp: Who likes export files? I do! + + * collector/handles/HandleHeap.cpp: + (JSC::isValidWeakHandle): Factored out a helper function for ASSERTs. + + (JSC::WeakHandleOwner::~WeakHandleOwner): Moved from header to avoid + weak linkage problems. + + (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): New callback. + Currently unused. + + (JSC::WeakHandleOwner::finalize): Switched from pure virtual to a + default empty implementation, since not all clients necessarily want + or need non-trivial finalizers. + + (JSC::HandleHeap::markWeakHandles): Split updateWeakHandles into two + passes. The first pass marks all reachable weak handles. The second pass + finalizes all unreachable weak handles. This must be two passes because + we don't know the set of finalizable weak handles until we're done + marking all weak handles. + + (JSC::HandleHeap::finalizeWeakHandles): Use new helper function. + + * collector/handles/HandleHeap.h: Ditto. + + * runtime/Heap.cpp: + (JSC::Heap::destroy): + (JSC::Heap::markRoots): + (JSC::Heap::reset): Split out handle marking from handle finalization. + + * runtime/MarkStack.cpp: + (JSC::MarkStack::reset): + * runtime/MarkStack.h: + (JSC::MarkStack::addOpaqueRoot): + (JSC::MarkStack::containsOpaqueRoot): + (JSC::MarkStack::opaqueRootCount): + (JSC::HeapRootMarker::markStack): New helper functions for managing the + set of opaque roots. + + * runtime/WeakGCMap.h: + (JSC::WeakGCMap::finalize): Renamed to match parent class declaration. + +2011-04-05 Balazs Kelemen <kbalazs@webkit.org> + + Reviewed by Darin Adler. + + Build fix for YarrParser.h + https://bugs.webkit.org/show_bug.cgi?id=57822 + + * yarr/YarrParser.h: + (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate): + +2011-04-05 Steve Falkenburg <sfalken@apple.com> + + Follow-up Windows build fix. + Don't skip react-to-vsprops-changes.py for all production builds, + only those initiated via JavaScriptCore.make. + + * JavaScriptCore.vcproj/JavaScriptCore.make: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: + +2011-04-05 Oliver Hunt <oliver@apple.com> + + Reviewed by Darin Adler. + + REGRESSION (r82849): 85,000+ JSC-related leaks seen on SnowLeopard Intel Leaks + https://bugs.webkit.org/show_bug.cgi?id=57857 + + Whoops, accidentally removed a deref(). + + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::deref): + +2011-04-05 Steve Falkenburg <sfalken@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add per-configuration vsprops files. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed inheritance from common.vsprops. + Set production environment variable before calling make. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Added. + +2011-04-05 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Make caches window show more info about non-jsobject GC values + https://bugs.webkit.org/show_bug.cgi?id=57874 + + Add ClassInfo to the various internal JS types that currently + don't have any, and make the text for caches window show the + classname for non-JSObject instances. + + * runtime/Executable.cpp: + * runtime/Executable.h: + (JSC::ExecutableBase::createStructure): + (JSC::NativeExecutable::createStructure): + (JSC::NativeExecutable::NativeExecutable): + (JSC::EvalExecutable::createStructure): + (JSC::ProgramExecutable::createStructure): + (JSC::FunctionExecutable::createStructure): + * runtime/Heap.cpp: + (JSC::TypeCounter::typeName): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/ScopeChain.cpp: + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::createStructure): + * runtime/StructureChain.cpp: + * runtime/StructureChain.h: + (JSC::StructureChain::createStructure): + +2011-04-05 Nikolas Zimmermann <nzimmermann@rim.com> + + Reviewed by Andreas Kling. + + Cleanup StringConcatenate + https://bugs.webkit.org/show_bug.cgi?id=57836 + + Don't use PassRefPtr in local variables, properly store in RefPtrs and release on return. + Add a makeString() variant taking 9 arguments, needed by a follow-up patch. + + * wtf/text/StringConcatenate.h: + (WTF::tryMakeString): + (WTF::makeString): + +2011-04-04 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r82876. + http://trac.webkit.org/changeset/82876 + https://bugs.webkit.org/show_bug.cgi?id=57816 + + Caused a lot of test crashes (Requested by tkent on #webkit). + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * wtf/FastMalloc.cpp: + (WTF::tryFastMalloc): + (WTF::fastMalloc): + (WTF::tryFastCalloc): + (WTF::fastCalloc): + (WTF::fastFree): + (WTF::tryFastRealloc): + (WTF::fastRealloc): + (WTF::fastMallocSize): + (WTF::TCMalloc_PageHeap::isScavengerSuspended): + (WTF::TCMalloc_PageHeap::scheduleScavenger): + (WTF::TCMalloc_PageHeap::suspendScavenger): + (WTF::TCMalloc_PageHeap::signalScavenger): + (WTF::TCMallocStats::malloc): + (WTF::TCMallocStats::free): + (WTF::TCMallocStats::fastCalloc): + (WTF::TCMallocStats::tryFastCalloc): + (WTF::TCMallocStats::calloc): + (WTF::TCMallocStats::fastRealloc): + (WTF::TCMallocStats::tryFastRealloc): + (WTF::TCMallocStats::realloc): + (WTF::TCMallocStats::fastMallocSize): + * wtf/FastMalloc.h: + (WTF::Internal::fastMallocMatchValidationType): + (WTF::Internal::fastMallocMatchValidationValue): + (WTF::Internal::setFastMallocMatchValidationType): + (WTF::fastMallocMatchValidateFree): + * wtf/Platform.h: + +2011-04-04 Oliver Hunt <oliver@apple.com> + + Reviewed by Antti Koivisto. + + Stop JSCell.h from including Structure.h + https://bugs.webkit.org/show_bug.cgi?id=57809 + + * runtime/GetterSetter.h: + * runtime/JSAPIValueWrapper.h: + * runtime/JSCell.h: + (JSC::JSCell::JSValue::toThisObject): + * runtime/JSString.h: + * runtime/ScopeChain.h: + * runtime/Structure.h: + (JSC::JSCell::isObject): + (JSC::JSCell::isString): + (JSC::JSCell::classInfo): + (JSC::JSCell::createDummyStructure): + (JSC::JSValue::needsThisConversion): + (JSC::MarkStack::internalAppend): + * runtime/StructureChain.h: + +2011-04-04 Oliver Hunt <oliver@apple.com> + + Fix clang build. + + * wtf/FastMalloc.cpp: + (WTF::fastMalloc): + (WTF::fastCalloc): + (WTF::fastRealloc): + +2011-04-04 Oliver Hunt <oliver@apple.com> + + Remove accidental change to Platform.h + + * wtf/Platform.h: + +2011-04-04 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Fixed a weak-handle-related leak in RegisterFile + https://bugs.webkit.org/show_bug.cgi?id=57793 + + * interpreter/RegisterFile.cpp: Nixed leaky GlobalObjectNotifier. + * interpreter/RegisterFile.h: + (JSC::RegisterFile::GlobalObjectOwner::finalize): + (JSC::RegisterFile::RegisterFile): Replaced GlobalObjectNotifier with + a per-RegisterFile weak handle owner, which does not leak. + + * runtime/WeakGCPtr.h: + (JSC::WeakGCPtr::set): Allow set() to take a context argument, since + RegisterFile now needs this. (Seems like it was an accidental omission + all along.) + +2011-04-04 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make malloc validation useful + https://bugs.webkit.org/show_bug.cgi?id=57502 + + This patch changes FAST_MALLOC_MATCH_VALIDATION with a general + corruption check that tags the beginning and end of all allocations + to check for write overflows and overwrites the contents of + memory on free in order to (hopefully) show up use-after-free issues + sooner. + + We also turn it on by default for debug builds. + + * JavaScriptCore.exp: + * wtf/FastMalloc.cpp: + (WTF::tryFastMalloc): + (WTF::fastMalloc): + (WTF::tryFastCalloc): + (WTF::fastCalloc): + (WTF::fastFree): + (WTF::tryFastRealloc): + (WTF::fastRealloc): + (WTF::TCMalloc_PageHeap::isScavengerSuspended): + (WTF::TCMalloc_PageHeap::scheduleScavenger): + (WTF::TCMalloc_PageHeap::suspendScavenger): + (WTF::TCMalloc_PageHeap::signalScavenger): + (WTF::TCMallocStats::malloc): + (WTF::TCMallocStats::free): + (WTF::TCMallocStats::fastCalloc): + (WTF::TCMallocStats::tryFastCalloc): + (WTF::TCMallocStats::calloc): + (WTF::TCMallocStats::fastRealloc): + (WTF::TCMallocStats::tryFastRealloc): + (WTF::TCMallocStats::realloc): + * wtf/FastMalloc.h: + (WTF::Internal::fastMallocValidationHeader): + (WTF::Internal::fastMallocValidationSuffix): + (WTF::Internal::fastMallocMatchValidationType): + (WTF::Internal::setFastMallocMatchValidationType): + (WTF::fastMallocMatchValidateFree): + (WTF::fastMallocValidate): + * wtf/Platform.h: + +2011-04-04 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Renamed clearWeakPointers => updateWeakHandles and removed misleading comment + https://bugs.webkit.org/show_bug.cgi?id=57790 + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::updateWeakHandles): Updated for rename. + + * collector/handles/HandleHeap.h: Removed comment claiming that this + function should only be called during teardown, because it's actually + called after every GC pass. + + * runtime/Heap.cpp: + (JSC::Heap::destroy): + (JSC::Heap::markRoots): Updated for rename. + +2011-04-04 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Standardized handling of handles for immediate values + https://bugs.webkit.org/show_bug.cgi?id=57788 + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::clearWeakPointers): Don't check for null or non-cell + values here, because our write barrier guarantees that such values are + not in the weak list. + + (JSC::HandleHeap::writeBarrier): Standardized on checking for null before + checking for cell, and on using early return instead of if/else. + + * collector/handles/HandleHeap.h: + (JSC::HandleHeap::deallocate): + (JSC::HandleHeap::makeWeak): Ditto. + +2011-04-04 Geoffrey Garen <ggaren@apple.com> + + Not reviewed. + + Removed a redundant variable from HandleHeap + https://bugs.webkit.org/show_bug.cgi?id=57786 + + Forgot to commit the file that actually removes the data member! + + * collector/handles/HandleHeap.h: + +2011-04-04 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed a redundant variable from HandleHeap + https://bugs.webkit.org/show_bug.cgi?id=57786 + + We don't need a specific variable to indicate that we're in the middle + of the finalization phase, since m_nextToFinalize already does this. + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::HandleHeap): + (JSC::HandleHeap::clearWeakPointers): + (JSC::HandleHeap::writeBarrier): + +2011-04-04 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Renamed Finalizer => WeakHandleOwner (in preparation for adding a reachability callback) + https://bugs.webkit.org/show_bug.cgi?id=57775 + + Also renamed noFinalizer => emptyWeakOwner, since this is really an + optimization for a weak owner with empty callbacks. + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::clearWeakPointers): Updated for renames. Removed + redundant initialization of m_nextToFinalize. Moved deletion check inside + weak owner check, since the weak owner can't delete the node if there is + no weak owner! + + * collector/handles/HandleHeap.h: + (JSC::WeakHandleOwner::~WeakHandleOwner): + (JSC::HandleHeap::makeWeak): Updated for renames. + + (JSC::HandleHeap::hasWeakOwner): Changed getFinalizer to hasWeakOwner, + to clarify this function's role in assertions. + + (JSC::HandleHeap::Node::Node): + (JSC::HandleHeap::Node::makeWeak): + (JSC::HandleHeap::Node::isWeak): + (JSC::HandleHeap::Node::weakOwner): + (JSC::HandleHeap::Node::weakOwnerContext): + (JSC::HandleHeap::Node::emptyWeakOwner): + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::globalObjectCollectedNotifier): + * interpreter/RegisterFile.h: + * runtime/WeakGCMap.h: + * runtime/WeakGCPtr.h: + (JSC::WeakGCPtr::WeakGCPtr): + (JSC::WeakGCPtr::set): Updated for renames. + +2011-04-04 Oliver Hunt <oliver@apple.com> + + Fix WinCE build. + + * bytecode/Instruction.h: + * interpreter/Interpreter.cpp: + (JSC::Interpreter::tryCachePutByID): + (JSC::Interpreter::tryCacheGetByID): + +2011-04-04 Adam Roben <aroben@apple.com> + + Delete mt.dep files when doing a clean build due to .vsprops file changes + + Apparently this is yet another file that Visual Studio can't figure out it needs to rebuild. + + Fixes <http://webkit.org/b/57777> r82850 failed to build on Windows Debug (Build) + + Reviewed by Brian Weinstein. + + * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: + (main): Added dep to the list of extensions we look for when choosing files to delete. + +2011-04-01 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make StructureChain GC allocated + https://bugs.webkit.org/show_bug.cgi?id=56695 + + Make StructureChain GC allocated, and make the various owners + mark it correctly. + + * JavaScriptCore.exp: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + (JSC::CodeBlock::derefStructures): + (JSC::CodeBlock::refStructures): + (JSC::CodeBlock::markAggregate): + * bytecode/Instruction.h: + (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): + (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): + (JSC::PolymorphicAccessStructureList::derefStructures): + (JSC::PolymorphicAccessStructureList::markAggregate): + (JSC::Instruction::Instruction): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::deref): + (JSC::StructureStubInfo::markAggregate): + * bytecode/StructureStubInfo.h: + (JSC::StructureStubInfo::initGetByIdChain): + (JSC::StructureStubInfo::initPutByIdTransition): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): + (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): + * collector/handles/Handle.h: + (JSC::HandleConverter::operator->): + (JSC::HandleConverter::operator*): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_jneq_ptr): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_jneq_ptr): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompileGetByIdChainList): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompileGetByIdChainList): + * jit/JITStubs.cpp: + (JSC::JITThunks::tryCachePutByID): + (JSC::JITThunks::tryCacheGetByID): + (JSC::getPolymorphicAccessStructureListSlot): + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSCell.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::markIfNeeded): + * runtime/JSGlobalObject.h: + (JSC::Structure::prototypeChain): + * runtime/JSObject.h: + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::markChildrenDirect): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::create): + (JSC::JSPropertyNameIterator::get): + (JSC::JSPropertyNameIterator::markChildren): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::setCachedPrototypeChain): + * runtime/JSZombie.cpp: + (JSC::JSZombie::leakedZombieStructure): + * runtime/JSZombie.h: + * runtime/MarkStack.h: + (JSC::MarkStack::append): + * runtime/MarkedBlock.cpp: + (JSC::MarkedBlock::sweep): + * runtime/Structure.cpp: + (JSC::Structure::addPropertyTransition): + * runtime/Structure.h: + (JSC::Structure::markAggregate): + * runtime/StructureChain.cpp: + (JSC::StructureChain::StructureChain): + (JSC::StructureChain::~StructureChain): + (JSC::StructureChain::markChildren): + * runtime/StructureChain.h: + (JSC::StructureChain::create): + (JSC::StructureChain::createStructure): + * runtime/WriteBarrier.h: + (JSC::WriteBarrierBase::get): + (JSC::WriteBarrierBase::operator*): + (JSC::WriteBarrierBase::operator->): + +2011-04-01 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed some complexity from HandleHeap + https://bugs.webkit.org/show_bug.cgi?id=57650 + + Eliminated pointer-tagging flags. + + Tied being weak to having a finalizer (or at least a finalizer sentinel). + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::clearWeakPointers): Removed the special self-destroying + flag. It was unused. If we bring it back, we'll probably use a shared + autodeallocating finalizer instead. + + * collector/handles/HandleHeap.h: + (JSC::HandleHeap::makeWeak): makeWeak and adding a finalizer are now + a single, atomic operation -- this makes the relationship between + finalizers and weak pointers clearer, and impossible to get wrong. + + (JSC::HandleHeap::Node::Node): + (JSC::HandleHeap::Node::handleHeap): No more flags. + + (JSC::HandleHeap::Node::makeWeak): + (JSC::HandleHeap::Node::isWeak): Ditto above. We use a special sentienl + value in the finalizer slot to indicate that a handle is weak but doesn't + require an external function call for finalization. + +2011-04-01 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed WeakGCMap::deprecatedRemove because it was deprecated and unused + https://bugs.webkit.org/show_bug.cgi?id=57648 + + * runtime/WeakGCMap.h: + +2011-04-01 Adam Roben <aroben@apple.com> + + Maintain the invariant that Lexer::m_current is set to -1 when at the end of the code buffer + + Covered by existing tests. + + Fixes <http://webkit.org/b/56699>. + + Reviewed by Oliver Hunt. + + * parser/Lexer.h: + (JSC::Lexer::setOffset): Copied code from Lexer::shift to update m_current, because + supposedly the idiom that function uses is fast. + +2011-03-31 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Reviewed by Oliver Hunt. + + SH4 JIT SUPPORT. + https://bugs.webkit.org/show_bug.cgi?id=44329 + + Add YARR support for SH4 platforms (disabled by default). + + * GNUmakefile.am: + * assembler/MacroAssembler.h: + * assembler/MacroAssemblerSH4.cpp: Added. + * assembler/MacroAssemblerSH4.h: Added. + * assembler/SH4Assembler.h: Added. + * yarr/YarrJIT.cpp: + +2011-03-30 Adam Roben <aroben@apple.com> + + Clean build fix + + * JavaScriptCore.vcproj/JavaScriptCore.sln: Serialized project dependencies so projects + don't try to build in parallel (which doesn't mesh with our buildfailed mechanism). + +2011-03-30 Oliver Hunt <oliver@apple.com> + + Rollout r82500 + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + (JSC::CodeBlock::derefStructures): + (JSC::CodeBlock::refStructures): + (JSC::CodeBlock::markAggregate): + * bytecode/Instruction.h: + (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): + (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): + (JSC::PolymorphicAccessStructureList::derefStructures): + (JSC::Instruction::Instruction): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::deref): + * bytecode/StructureStubInfo.h: + (JSC::StructureStubInfo::initGetByIdChain): + (JSC::StructureStubInfo::initPutByIdTransition): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): + (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_jneq_ptr): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_jneq_ptr): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompileGetByIdChainList): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompileGetByIdChainList): + * jit/JITStubs.cpp: + (JSC::getPolymorphicAccessStructureListSlot): + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSCell.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::markIfNeeded): + * runtime/JSGlobalObject.h: + (JSC::Structure::prototypeChain): + * runtime/JSObject.h: + (JSC::JSObject::markChildrenDirect): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::create): + (JSC::JSPropertyNameIterator::get): + (JSC::JSPropertyNameIterator::markChildren): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::setCachedPrototypeChain): + * runtime/MarkStack.h: + (JSC::MarkStack::append): + * runtime/Structure.h: + * runtime/StructureChain.cpp: + (JSC::StructureChain::StructureChain): + * runtime/StructureChain.h: + (JSC::StructureChain::create): + +2011-03-29 Matthew Delaney <mdelaney@apple.com> + + Reviewed by Simon Fraser. + + Use the Accelerate vImage vectorized (un)premultiplyImageData functions for ImageBufferCG + + https://bugs.webkit.org/show_bug.cgi?id=53134 + + * wtf/Platform.h: Added in WTF flag for using the Accelerate framework + +2011-03-30 Steve Falkenburg <sfalken@apple.com> + + Reviewed by Adam Roben. + + Share most vsprops between Release and Production builds in releaseproduction.vsprops + https://bugs.webkit.org/show_bug.cgi?id=57508 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: + * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: + * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: + * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: + * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: + * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: + * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: + * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: + * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: + * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: + * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: + * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: + +2011-03-30 Mark Rowe <mrowe@apple.com> + + Reviewed by Adam Roben. + + Explicitly prevent testapi and minidom from being installed rather than relying + on Xcode's current behavior of not installing if INSTALL_PATH is not explicitly + set at the target level. + + <rdar://problem/9206357> + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-03-30 Timur Iskhodzhanov <timurrrr@google.com> + + Reviewed by Alexey Proskuryakov. + + Add some dynamic annotations to JavaScriptCore/wtf + https://bugs.webkit.org/show_bug.cgi?id=53747 + + By using these annotations we can improve the precision of finding + WebKit errors using dynamic analysis tools like ThreadSanitizer and Valgrind. + These annotations don't affect the compiled binaries unless USE(DYNAMIC_ANNOTATIONS) is "1". + + These files don't add new functionality, so don't need extra tests. + + * GNUmakefile.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + * wtf/DynamicAnnotations.cpp: Added. + (WTFAnnotateBenignRaceSized): + (WTFAnnotateHappensBefore): + (WTFAnnotateHappensAfter): + * wtf/DynamicAnnotations.h: Added. + * wtf/ThreadSafeRefCounted.h: + (WTF::ThreadSafeRefCountedBase::derefBase): + * wtf/text/StringStatics.cpp: + (WTF::StringImpl::empty): + +2011-03-30 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make StructureChain GC allocated + https://bugs.webkit.org/show_bug.cgi?id=56695 + + Make StructureChain GC allocated, and make the various owners + mark it correctly. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + (JSC::CodeBlock::derefStructures): + (JSC::CodeBlock::refStructures): + (JSC::CodeBlock::markAggregate): + * bytecode/Instruction.h: + (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): + (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): + (JSC::PolymorphicAccessStructureList::derefStructures): + (JSC::PolymorphicAccessStructureList::markAggregate): + (JSC::Instruction::Instruction): + * bytecode/StructureStubInfo.cpp: + (JSC::StructureStubInfo::deref): + (JSC::StructureStubInfo::markAggregate): + * bytecode/StructureStubInfo.h: + (JSC::StructureStubInfo::initGetByIdChain): + (JSC::StructureStubInfo::initPutByIdTransition): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): + (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_jneq_ptr): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_jneq_ptr): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompileGetByIdChainList): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::privateCompileGetByIdChainList): + * jit/JITStubs.cpp: + (JSC::getPolymorphicAccessStructureListSlot): + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSCell.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::markIfNeeded): + * runtime/JSGlobalObject.h: + (JSC::Structure::prototypeChain): + * runtime/JSObject.h: + (JSC::JSObject::markChildrenDirect): + * runtime/JSPropertyNameIterator.cpp: + (JSC::JSPropertyNameIterator::create): + (JSC::JSPropertyNameIterator::get): + (JSC::JSPropertyNameIterator::markChildren): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::setCachedPrototypeChain): + * runtime/MarkStack.h: + (JSC::MarkStack::append): + * runtime/Structure.h: + (JSC::Structure::cachedPrototypeChainSlot): + * runtime/StructureChain.cpp: + (JSC::StructureChain::StructureChain): + * runtime/StructureChain.h: + (JSC::StructureChain::create): + (JSC::StructureChain::createStructure): + +2011-03-30 Steve Falkenburg <sfalken@apple.com> + + Reviewed by Adam Roben. + + Update Windows production build logic for new production configurations + https://bugs.webkit.org/show_bug.cgi?id=57494 + + * JavaScriptCore.vcproj/JavaScriptCore.make: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: + * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: + * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: + * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: + * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: + * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: + +2011-03-30 Steve Falkenburg <sfalken@apple.com> + + Reviewed by Adam Roben. + + Rename Windows configuration Release_LTCG to Production for clarity + https://bugs.webkit.org/show_bug.cgi?id=57465 + + * JavaScriptCore.vcproj/JavaScriptCore.sln: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Removed. + * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops. + * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Removed. + * JavaScriptCore.vcproj/jsc/jsc.vcproj: + * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops. + * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Removed. + * JavaScriptCore.vcproj/testapi/testapi.vcproj: + * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops. + * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Removed. + +2011-03-30 Zoltan Herczeg <zherczeg@inf.u-szeged.hu> + + Reviewed by Maciej Stachowiak. + + Add the NEXT_OPCODE() macro to the DFG-JIT parser + https://bugs.webkit.org/show_bug.cgi?id=57322 + + In JavaScriptCore we use macros to jump to the next opcode + (both in interpreter and JIT). This macro is added to the + DFG-JIT parser as well. + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parse): + +2011-03-29 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + ~25% regression on v8-splay in the SunSpider harness + https://bugs.webkit.org/show_bug.cgi?id=56128 + + I'm not sure if this is the root cause of the regression Stephanie + measured, but it seems to get us back to previous v8-splay times. + + SunSpider reports no change. v8-splay says 41% faster. + + * runtime/Heap.cpp: + (JSC::Heap::reset): Make marking proportional to 1X the size of the heap, + not .5X the size of the heap. When the heap is large, this makes a big + difference. (Our old heap growth policy matched this. You can see by + looking at resizeBlocks in revisions prior to r77699.) + +2011-03-29 Steve Falkenburg <sfalken@apple.com> + + Reviewed by Darin Adler. + + Use per-configuration vsprops in JavaScriptCore to avoid WebKitVSPropsRedirectionDir removal by MSVC IDE + https://bugs.webkit.org/show_bug.cgi?id=57350 + + Visual Studio's IDE was removing instances of $(WebKitVSPropsRedirectionDir) from + InheritedPropertySheet rules in our vcproj files when the vcproj was edited from within + the IDE. To avoid this, add a separate vsprops file for each project configuration that + contains the required inherited property sheets. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Added. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Added. + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Added. + * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Added. + * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Added. + * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Added. + * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Added. + * JavaScriptCore.vcproj/jsc/jsc.vcproj: + * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Added. + * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Added. + * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Added. + * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Added. + * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Added. + * JavaScriptCore.vcproj/testapi/testapi.vcproj: + * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Added. + * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Added. + * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Added. + * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Added. + * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Added. + +2011-03-29 Oliver Hunt <oliver@apple.com> + + Reviewed by Eric Seidel. + + REGRESSION(r82173): Causes assertion and test failures in run-javascriptcore-tests on Windows (Requested by aroben on #webkit). + https://bugs.webkit.org/show_bug.cgi?id=57333 + + constructDate now takes the global object explicitly as it may be called + by functions other than the constructor itself. + + * API/JSObjectRef.cpp: + (JSObjectMakeDate): + * runtime/DateConstructor.cpp: + (JSC::constructDate): + (JSC::constructWithDateConstructor): + * runtime/DateConstructor.h: + +2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com> + + Reviewed by Benjamin Poulain. + + https://bugs.webkit.org/show_bug.cgi?id=41953 + + Fix compile error on Solaris 10/Sun Studio 12 CC emanating from MathExtras.h + + * wtf/MathExtras.h: + +2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com> + + Reviewed by Darin Adler. + + https://bugs.webkit.org/show_bug.cgi?id=57231 + Add conditional for SUNCC supporting alignment macros + + Compile fix for Solaris 10/Sun Studio 12 CC + + * wtf/Vector.h: + +2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com> + + Reviewed by Darin Adler. + + https://bugs.webkit.org/show_bug.cgi?id=57256 + + Fix crash on misaligned reads on Solaris 10/Sparc + + * wtf/text/AtomicString.cpp: + (WTF::equal): + +2011-03-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + instanceof Array test fails when using iframes + https://bugs.webkit.org/show_bug.cgi?id=17250 + + This is a problem with all built in constructors, the use of + lexicalGlobalObject rather than the constructors own + global object reference means that a builtin will always use + the prototype from the lexical global object rather than that + of the constructors origin. + + * API/JSObjectRef.cpp: + (JSObjectMakeFunction): + (JSObjectMakeRegExp): + * JavaScriptCore.exp: + * runtime/ArrayConstructor.cpp: + (JSC::constructArrayWithSizeQuirk): + * runtime/BooleanConstructor.cpp: + (JSC::constructBoolean): + (JSC::constructBooleanFromImmediateBoolean): + * runtime/BooleanConstructor.h: + * runtime/DateConstructor.cpp: + (JSC::constructDate): + * runtime/DateInstance.cpp: + * runtime/DateInstance.h: + * runtime/ErrorConstructor.cpp: + (JSC::constructWithErrorConstructor): + (JSC::callErrorConstructor): + * runtime/FunctionConstructor.cpp: + (JSC::constructWithFunctionConstructor): + (JSC::callFunctionConstructor): + (JSC::constructFunction): + * runtime/FunctionConstructor.h: + * runtime/JSCell.cpp: + (JSC::JSCell::getOwnPropertySlot): + (JSC::JSCell::put): + (JSC::JSCell::deleteProperty): + (JSC::JSCell::toThisObject): + (JSC::JSCell::toObject): + * runtime/JSCell.h: + (JSC::JSCell::JSValue::toObject): + * runtime/JSNotAnObject.cpp: + (JSC::JSNotAnObject::toObject): + * runtime/JSNotAnObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::toObject): + * runtime/JSObject.h: + * runtime/JSString.cpp: + (JSC::StringObject::create): + (JSC::JSString::toObject): + (JSC::JSString::toThisObject): + * runtime/JSString.h: + * runtime/JSValue.cpp: + (JSC::JSValue::toObjectSlowCase): + (JSC::JSValue::toThisObjectSlowCase): + (JSC::JSValue::synthesizeObject): + * runtime/JSValue.h: + * runtime/NumberConstructor.cpp: + (JSC::constructWithNumberConstructor): + * runtime/NumberObject.cpp: + (JSC::constructNumber): + * runtime/NumberObject.h: + * runtime/ObjectConstructor.cpp: + (JSC::constructObject): + (JSC::constructWithObjectConstructor): + (JSC::callObjectConstructor): + * runtime/RegExpConstructor.cpp: + (JSC::constructRegExp): + (JSC::constructWithRegExpConstructor): + (JSC::callRegExpConstructor): + * runtime/RegExpConstructor.h: + * runtime/StringConstructor.cpp: + (JSC::constructWithStringConstructor): + * runtime/StringObject.h: + +2011-03-28 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + REGRESSION [r78794-r79249] Allocation of memory is slow when number of active objects is large + https://bugs.webkit.org/show_bug.cgi?id=56823 + + Partial fix for most of the problem. (TOT still shows a regression, though.) + + * runtime/Heap.cpp: + (JSC::Heap::reportExtraMemoryCostSlowCase): Use highWaterMark(), instead of + capacity(), since capacity() is O(n) relative to the size of the heap. + + In limited circumstances, capacity() is also worse than highWaterMark() + for measuring extra cost relative to heap size, since capacity() only + measures the *current* capacity of the heap, but the heap will grow if + necessary to attain highWaterMark(). + +2011-03-28 Oliver Hunt <oliver@apple.com> + + REGRESSION(r82130): It made all tests crash (Requested by Ossy on #webkit). + https://bugs.webkit.org/show_bug.cgi?id=57251 + + Build fix, had remnant of another patch in r82130 + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompileGetByIdChainList): + +2011-03-27 Oliver Hunt <oliver@apple.com> + + Reviewed by Maciej Stachowiak. + + Add additional immediate types to allow us to distinguish the source of a JIT immediate + https://bugs.webkit.org/show_bug.cgi?id=57190 + + Allow us to distinguish whether a JIT immediate is a value that we + control (TrustedImm32 and TrustedImmPtr) vs. ones that can be controlled + or influenced by code we are compiling. Currently we do nothing with this + information -- this change is large and mechanical but would obscure any + logic changes that we would have made. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr): + (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr): + (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32): + (JSC::AbstractMacroAssembler::Imm32::Imm32): + * assembler/MacroAssembler.h: + (JSC::MacroAssembler::pop): + (JSC::MacroAssembler::poke): + (JSC::MacroAssembler::branchPtr): + (JSC::MacroAssembler::branch32): + (JSC::MacroAssembler::addPtr): + (JSC::MacroAssembler::andPtr): + (JSC::MacroAssembler::orPtr): + (JSC::MacroAssembler::subPtr): + (JSC::MacroAssembler::xorPtr): + (JSC::MacroAssembler::setPtr): + (JSC::MacroAssembler::storePtr): + (JSC::MacroAssembler::branchTestPtr): + (JSC::MacroAssembler::branchSubPtr): + (JSC::MacroAssembler::branchTest8): + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::add32): + (JSC::MacroAssemblerARM::and32): + (JSC::MacroAssemblerARM::lshift32): + (JSC::MacroAssemblerARM::mul32): + (JSC::MacroAssemblerARM::or32): + (JSC::MacroAssemblerARM::rshift32): + (JSC::MacroAssemblerARM::urshift32): + (JSC::MacroAssemblerARM::sub32): + (JSC::MacroAssemblerARM::xor32): + (JSC::MacroAssemblerARM::store32): + (JSC::MacroAssemblerARM::push): + (JSC::MacroAssemblerARM::move): + (JSC::MacroAssemblerARM::branch8): + (JSC::MacroAssemblerARM::branch32): + (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerARM::branch16): + (JSC::MacroAssemblerARM::branchTest8): + (JSC::MacroAssemblerARM::branchTest32): + (JSC::MacroAssemblerARM::branchAdd32): + (JSC::MacroAssemblerARM::branchMul32): + (JSC::MacroAssemblerARM::branchSub32): + (JSC::MacroAssemblerARM::set32Compare32): + (JSC::MacroAssemblerARM::set8Compare32): + (JSC::MacroAssemblerARM::set32Test32): + (JSC::MacroAssemblerARM::set32Test8): + (JSC::MacroAssemblerARM::moveWithPatch): + (JSC::MacroAssemblerARM::branchPtrWithPatch): + (JSC::MacroAssemblerARM::storePtrWithPatch): + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::add32): + (JSC::MacroAssemblerARMv7::and32): + (JSC::MacroAssemblerARMv7::lshift32): + (JSC::MacroAssemblerARMv7::mul32): + (JSC::MacroAssemblerARMv7::or32): + (JSC::MacroAssemblerARMv7::rshift32): + (JSC::MacroAssemblerARMv7::urshift32): + (JSC::MacroAssemblerARMv7::sub32): + (JSC::MacroAssemblerARMv7::xor32): + (JSC::MacroAssemblerARMv7::load32): + (JSC::MacroAssemblerARMv7::load32WithAddressOffsetPatch): + (JSC::MacroAssemblerARMv7::load16): + (JSC::MacroAssemblerARMv7::store32WithAddressOffsetPatch): + (JSC::MacroAssemblerARMv7::store32): + (JSC::MacroAssemblerARMv7::loadDouble): + (JSC::MacroAssemblerARMv7::storeDouble): + (JSC::MacroAssemblerARMv7::push): + (JSC::MacroAssemblerARMv7::move): + (JSC::MacroAssemblerARMv7::compare32): + (JSC::MacroAssemblerARMv7::test32): + (JSC::MacroAssemblerARMv7::branch32): + (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerARMv7::branch16): + (JSC::MacroAssemblerARMv7::branch8): + (JSC::MacroAssemblerARMv7::branchTest32): + (JSC::MacroAssemblerARMv7::branchTest8): + (JSC::MacroAssemblerARMv7::branchAdd32): + (JSC::MacroAssemblerARMv7::branchMul32): + (JSC::MacroAssemblerARMv7::branchSub32): + (JSC::MacroAssemblerARMv7::nearCall): + (JSC::MacroAssemblerARMv7::call): + (JSC::MacroAssemblerARMv7::set32Compare32): + (JSC::MacroAssemblerARMv7::set8Compare32): + (JSC::MacroAssemblerARMv7::set32Test32): + (JSC::MacroAssemblerARMv7::set32Test8): + (JSC::MacroAssemblerARMv7::moveWithPatch): + (JSC::MacroAssemblerARMv7::branchPtrWithPatch): + (JSC::MacroAssemblerARMv7::storePtrWithPatch): + (JSC::MacroAssemblerARMv7::tailRecursiveCall): + (JSC::MacroAssemblerARMv7::makeJump): + (JSC::MacroAssemblerARMv7::makeBranch): + (JSC::MacroAssemblerARMv7::setupArmAddress): + (JSC::MacroAssemblerARMv7::makeBaseIndexBase): + (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding): + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::add32): + (JSC::MacroAssemblerMIPS::and32): + (JSC::MacroAssemblerMIPS::lshift32): + (JSC::MacroAssemblerMIPS::mul32): + (JSC::MacroAssemblerMIPS::or32): + (JSC::MacroAssemblerMIPS::rshift32): + (JSC::MacroAssemblerMIPS::urshift32): + (JSC::MacroAssemblerMIPS::sub32): + (JSC::MacroAssemblerMIPS::xor32): + (JSC::MacroAssemblerMIPS::load32): + (JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch): + (JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch): + (JSC::MacroAssemblerMIPS::store32): + (JSC::MacroAssemblerMIPS::push): + (JSC::MacroAssemblerMIPS::move): + (JSC::MacroAssemblerMIPS::branch8): + (JSC::MacroAssemblerMIPS::branch32): + (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerMIPS::branch16): + (JSC::MacroAssemblerMIPS::branchTest32): + (JSC::MacroAssemblerMIPS::branchTest8): + (JSC::MacroAssemblerMIPS::branchAdd32): + (JSC::MacroAssemblerMIPS::branchMul32): + (JSC::MacroAssemblerMIPS::branchSub32): + (JSC::MacroAssemblerMIPS::set8Compare32): + (JSC::MacroAssemblerMIPS::set32Compare32): + (JSC::MacroAssemblerMIPS::set32Test8): + (JSC::MacroAssemblerMIPS::set32Test32): + (JSC::MacroAssemblerMIPS::moveWithPatch): + (JSC::MacroAssemblerMIPS::branchPtrWithPatch): + (JSC::MacroAssemblerMIPS::storePtrWithPatch): + (JSC::MacroAssemblerMIPS::tailRecursiveCall): + (JSC::MacroAssemblerMIPS::loadDouble): + (JSC::MacroAssemblerMIPS::storeDouble): + (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32): + * assembler/MacroAssemblerX86.h: + (JSC::MacroAssemblerX86::add32): + (JSC::MacroAssemblerX86::addWithCarry32): + (JSC::MacroAssemblerX86::and32): + (JSC::MacroAssemblerX86::or32): + (JSC::MacroAssemblerX86::sub32): + (JSC::MacroAssemblerX86::store32): + (JSC::MacroAssemblerX86::branch32): + (JSC::MacroAssemblerX86::moveWithPatch): + (JSC::MacroAssemblerX86::branchPtrWithPatch): + (JSC::MacroAssemblerX86::storePtrWithPatch): + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::add32): + (JSC::MacroAssemblerX86Common::and32): + (JSC::MacroAssemblerX86Common::lshift32): + (JSC::MacroAssemblerX86Common::mul32): + (JSC::MacroAssemblerX86Common::or32): + (JSC::MacroAssemblerX86Common::rshift32): + (JSC::MacroAssemblerX86Common::urshift32): + (JSC::MacroAssemblerX86Common::sub32): + (JSC::MacroAssemblerX86Common::xor32): + (JSC::MacroAssemblerX86Common::store32): + (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32): + (JSC::MacroAssemblerX86Common::push): + (JSC::MacroAssemblerX86Common::move): + (JSC::MacroAssemblerX86Common::branch8): + (JSC::MacroAssemblerX86Common::branch32): + (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords): + (JSC::MacroAssemblerX86Common::branch16): + (JSC::MacroAssemblerX86Common::branchTest32): + (JSC::MacroAssemblerX86Common::branchTest8): + (JSC::MacroAssemblerX86Common::branchAdd32): + (JSC::MacroAssemblerX86Common::branchMul32): + (JSC::MacroAssemblerX86Common::branchSub32): + (JSC::MacroAssemblerX86Common::set8Compare32): + (JSC::MacroAssemblerX86Common::set32Compare32): + (JSC::MacroAssemblerX86Common::set32Test8): + (JSC::MacroAssemblerX86Common::set32Test32): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::add32): + (JSC::MacroAssemblerX86_64::and32): + (JSC::MacroAssemblerX86_64::or32): + (JSC::MacroAssemblerX86_64::sub32): + (JSC::MacroAssemblerX86_64::loadDouble): + (JSC::MacroAssemblerX86_64::addDouble): + (JSC::MacroAssemblerX86_64::convertInt32ToDouble): + (JSC::MacroAssemblerX86_64::store32): + (JSC::MacroAssemblerX86_64::call): + (JSC::MacroAssemblerX86_64::tailRecursiveCall): + (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): + (JSC::MacroAssemblerX86_64::addPtr): + (JSC::MacroAssemblerX86_64::andPtr): + (JSC::MacroAssemblerX86_64::orPtr): + (JSC::MacroAssemblerX86_64::subPtr): + (JSC::MacroAssemblerX86_64::xorPtr): + (JSC::MacroAssemblerX86_64::storePtr): + (JSC::MacroAssemblerX86_64::setPtr): + (JSC::MacroAssemblerX86_64::branchPtr): + (JSC::MacroAssemblerX86_64::branchTestPtr): + (JSC::MacroAssemblerX86_64::branchSubPtr): + (JSC::MacroAssemblerX86_64::moveWithPatch): + (JSC::MacroAssemblerX86_64::branchPtrWithPatch): + (JSC::MacroAssemblerX86_64::storePtrWithPatch): + (JSC::MacroAssemblerX86_64::branchTest8): + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::callOperation): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::jitAssertIsInt32): + (JSC::DFG::JITCompiler::emitCount): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader): + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::compile): + * jit/JIT.cpp: + (JSC::JIT::emitTimeoutCheck): + (JSC::JIT::privateCompile): + * jit/JIT.h: + * jit/JITArithmetic.cpp: + (JSC::JIT::emit_op_urshift): + (JSC::JIT::emitSlow_op_urshift): + (JSC::JIT::emit_op_post_inc): + (JSC::JIT::emit_op_post_dec): + (JSC::JIT::emit_op_pre_inc): + (JSC::JIT::emit_op_pre_dec): + (JSC::JIT::emit_op_mod): + * jit/JITArithmetic32_64.cpp: + (JSC::JIT::emit_op_negate): + (JSC::JIT::emit_op_jnless): + (JSC::JIT::emit_op_jless): + (JSC::JIT::emit_op_jlesseq): + (JSC::JIT::emit_op_lshift): + (JSC::JIT::emitRightShift): + (JSC::JIT::emitRightShiftSlowCase): + (JSC::JIT::emit_op_bitand): + (JSC::JIT::emit_op_bitor): + (JSC::JIT::emit_op_bitxor): + (JSC::JIT::emit_op_bitnot): + (JSC::JIT::emit_op_post_inc): + (JSC::JIT::emit_op_post_dec): + (JSC::JIT::emitSlow_op_post_dec): + (JSC::JIT::emit_op_pre_inc): + (JSC::JIT::emit_op_pre_dec): + (JSC::JIT::emit_op_add): + (JSC::JIT::emitAdd32Constant): + (JSC::JIT::emit_op_sub): + (JSC::JIT::emitSub32Constant): + (JSC::JIT::emitBinaryDoubleOp): + (JSC::JIT::emit_op_mul): + (JSC::JIT::emitSlow_op_mul): + (JSC::JIT::emit_op_div): + (JSC::JIT::emit_op_mod): + * jit/JITCall.cpp: + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCall): + (JSC::JIT::compileOpCallSlowCase): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::emit_op_ret_object_or_this): + (JSC::JIT::compileOpCall): + (JSC::JIT::compileOpCallSlowCase): + * jit/JITInlineMethods.h: + (JSC::JIT::emitPutCellToCallFrameHeader): + (JSC::JIT::emitPutIntToCallFrameHeader): + (JSC::JIT::emitPutImmediateToCallFrameHeader): + (JSC::JIT::emitLoadCharacterString): + (JSC::JIT::restoreArgumentReferenceForTrampoline): + (JSC::JIT::checkStructure): + (JSC::JIT::setSamplingFlag): + (JSC::JIT::clearSamplingFlag): + (JSC::JIT::emitCount): + (JSC::JIT::sampleInstruction): + (JSC::JIT::sampleCodeBlock): + (JSC::JIT::emitStoreInt32): + (JSC::JIT::emitStoreCell): + (JSC::JIT::emitStoreBool): + (JSC::JIT::emitJumpSlowCaseIfNotJSCell): + (JSC::JIT::emitInitRegister): + (JSC::JIT::emitJumpIfJSCell): + (JSC::JIT::emitJumpIfNotJSCell): + (JSC::JIT::emitJumpIfImmediateInteger): + (JSC::JIT::emitJumpIfNotImmediateInteger): + (JSC::JIT::emitFastArithDeTagImmediate): + (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero): + (JSC::JIT::emitFastArithReTagImmediate): + (JSC::JIT::emitTagAsBoolImmediate): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_check_has_instance): + (JSC::JIT::emit_op_instanceof): + (JSC::JIT::emit_op_ret_object_or_this): + (JSC::JIT::emit_op_resolve): + (JSC::JIT::emit_op_to_primitive): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emit_op_ensure_property_exists): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emit_op_resolve_global): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_not): + (JSC::JIT::emit_op_jfalse): + (JSC::JIT::emit_op_jeq_null): + (JSC::JIT::emit_op_jneq_null): + (JSC::JIT::emit_op_jneq_ptr): + (JSC::JIT::emit_op_jsr): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_new_func_exp): + (JSC::JIT::emit_op_jtrue): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_next_pname): + (JSC::JIT::emit_op_to_jsnumber): + (JSC::JIT::emit_op_push_new_scope): + (JSC::JIT::emit_op_catch): + (JSC::JIT::emit_op_eq_null): + (JSC::JIT::emit_op_neq_null): + (JSC::JIT::emit_op_init_lazy_reg): + (JSC::JIT::emit_op_convert_this): + (JSC::JIT::emit_op_convert_this_strict): + (JSC::JIT::emitSlow_op_not): + (JSC::JIT::emitSlow_op_neq): + (JSC::JIT::emit_op_get_arguments_length): + (JSC::JIT::emitSlow_op_get_arguments_length): + (JSC::JIT::emit_op_get_argument_by_val): + (JSC::JIT::emitSlow_op_resolve_global_dynamic): + (JSC::JIT::emit_op_new_regexp): + (JSC::JIT::emit_op_load_varargs): + (JSC::JIT::emitSlow_op_load_varargs): + (JSC::JIT::emit_op_new_func): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTIMachineTrampolines): + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_loop_if_lesseq): + (JSC::JIT::emit_op_check_has_instance): + (JSC::JIT::emit_op_instanceof): + (JSC::JIT::emit_op_get_scoped_var): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_tear_off_activation): + (JSC::JIT::emit_op_tear_off_arguments): + (JSC::JIT::emit_op_resolve): + (JSC::JIT::emit_op_to_primitive): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emit_op_ensure_property_exists): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emit_op_resolve_global): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_not): + (JSC::JIT::emit_op_jfalse): + (JSC::JIT::emit_op_jtrue): + (JSC::JIT::emit_op_jeq_null): + (JSC::JIT::emit_op_jneq_null): + (JSC::JIT::emit_op_jneq_ptr): + (JSC::JIT::emit_op_jsr): + (JSC::JIT::emit_op_eq): + (JSC::JIT::emitSlow_op_eq): + (JSC::JIT::emit_op_neq): + (JSC::JIT::emitSlow_op_neq): + (JSC::JIT::compileOpStrictEq): + (JSC::JIT::emit_op_eq_null): + (JSC::JIT::emit_op_neq_null): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_new_func_exp): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_next_pname): + (JSC::JIT::emit_op_to_jsnumber): + (JSC::JIT::emit_op_push_new_scope): + (JSC::JIT::emit_op_catch): + (JSC::JIT::emit_op_create_activation): + (JSC::JIT::emit_op_create_arguments): + (JSC::JIT::emit_op_convert_this): + (JSC::JIT::emit_op_convert_this_strict): + (JSC::JIT::emit_op_get_arguments_length): + (JSC::JIT::emitSlow_op_get_arguments_length): + (JSC::JIT::emit_op_get_argument_by_val): + (JSC::JIT::softModulo): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::emit_op_get_by_val): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::emit_op_get_by_pname): + (JSC::JIT::emit_op_put_by_val): + (JSC::JIT::emit_op_put_by_index): + (JSC::JIT::emit_op_put_getter): + (JSC::JIT::emit_op_put_setter): + (JSC::JIT::emit_op_del_by_id): + (JSC::JIT::emit_op_get_by_id): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emit_op_method_check): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::compileGetByIdSlowCase): + (JSC::JIT::emitSlow_op_put_by_id): + (JSC::JIT::testPrototype): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_put_getter): + (JSC::JIT::emit_op_put_setter): + (JSC::JIT::emit_op_del_by_id): + (JSC::JIT::emit_op_get_by_id): + (JSC::JIT::emit_op_put_by_id): + (JSC::JIT::emit_op_method_check): + (JSC::JIT::stringGetByValStubGenerator): + (JSC::JIT::emit_op_get_by_val): + (JSC::JIT::emitSlow_op_get_by_val): + (JSC::JIT::emit_op_put_by_val): + (JSC::JIT::compileGetByIdHotPath): + (JSC::JIT::compileGetByIdSlowCase): + (JSC::JIT::emitSlow_op_put_by_id): + (JSC::JIT::testPrototype): + (JSC::JIT::privateCompilePutByIdTransition): + (JSC::JIT::privateCompilePatchGetArrayLength): + (JSC::JIT::privateCompileGetByIdProto): + (JSC::JIT::privateCompileGetByIdSelfList): + (JSC::JIT::privateCompileGetByIdProtoList): + (JSC::JIT::privateCompileGetByIdChainList): + (JSC::JIT::privateCompileGetByIdChain): + (JSC::JIT::emit_op_get_by_pname): + * jit/JITStubCall.h: + (JSC::JITStubCall::addArgument): + * jit/JITStubs.cpp: + (JSC::getPolymorphicAccessStructureListSlot): + (JSC::DEFINE_STUB_FUNCTION): + * jit/JSInterfaceJIT.h: + (JSC::JSInterfaceJIT::emitJumpIfNotJSCell): + (JSC::JSInterfaceJIT::emitLoadInt32): + (JSC::JSInterfaceJIT::emitLoadDouble): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::SpecializedThunkJIT): + (JSC::SpecializedThunkJIT::loadJSStringArgument): + (JSC::SpecializedThunkJIT::tagReturnAsInt32): + (JSC::SpecializedThunkJIT::tagReturnAsJSCell): + * jit/ThunkGenerators.cpp: + (JSC::charToString): + (JSC::powThunkGenerator): + * yarr/YarrJIT.cpp: + (JSC::Yarr::YarrGenerator::matchCharacterClass): + (JSC::Yarr::YarrGenerator::storeToFrame): + (JSC::Yarr::YarrGenerator::storeToFrameWithPatch): + (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode): + (JSC::Yarr::YarrGenerator::generatePatternCharacterSingle): + (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): + (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): + (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy): + (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): + (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy): + (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy): + (JSC::Yarr::YarrGenerator::generateParenthesesSingle): + (JSC::Yarr::YarrGenerator::generateDisjunction): + +2011-03-28 Andras Becsi <abecsi@webkit.org> + + Reviewed by Csaba Osztrogonác. + + [Qt] Fix the linking of jsc with MinGW after r81963. + + * jsc.pro: add -l and remove the lib suffix. + +2011-03-27 Ben Taylor <bentaylor.solx86@gmail.com> + + Reviewed by Alexey Proskuryakov. + + https://bugs.webkit.org/show_bug.cgi?id=57170 Fix last elements + in an enum to remove a trailing comma. Sun Studio 12 CC errors out. + + Compile fix only, no actual code change. + + * wtf/MessageQueue.h: + +2011-03-25 Oliver Hunt <oliver@apple.com> + + Reviewed by Darin Adler. + + Allow defineOwnProperty to work on DOMObjects + https://bugs.webkit.org/show_bug.cgi?id=57129 + + Fix a couple of places where we uses getter()/setter() rather + than [gs]etterPresent(). + + * runtime/JSObject.cpp: + (JSC::JSObject::defineOwnProperty): + +2011-03-25 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Crash when paused at a breakpoint caused by inaccurate Activation records. + https://bugs.webkit.org/show_bug.cgi?id=57120 + + * runtime/JSActivation.cpp: + (JSC::JSActivation::symbolTableGet): + (JSC::JSActivation::symbolTablePut): + (JSC::JSActivation::getOwnPropertyNames): + (JSC::JSActivation::symbolTablePutWithAttributes): + +2011-03-24 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Crash in debugger beneath MarkStack::drain @ me.com, ibm.com + https://bugs.webkit.org/show_bug.cgi?id=57080 + <rdar://problem/8525907> + + The crash was caused by changes in the executable after recompilation. + + The fix is for the activation to copy the data it needs instead of + relying on the data in the executable. + + SunSpider and v8 report no change. + + * runtime/Arguments.h: + (JSC::JSActivation::copyRegisters): Use our own data members instead of + reading data out of the executable. + + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): Initialize our data members. + + (JSC::JSActivation::markChildren): + (JSC::JSActivation::symbolTableGet): + (JSC::JSActivation::symbolTablePut): + (JSC::JSActivation::getOwnPropertyNames): + (JSC::JSActivation::symbolTablePutWithAttributes): + (JSC::JSActivation::isDynamicScope): + (JSC::JSActivation::argumentsGetter): Use our own data members instead of + reading data out of the executable. + + * runtime/JSActivation.h: Added new data members to track data previously + tracked by the executable. Since I've removed the executable pointer, + on a 64bit system, I've only made activations bigger by an int. + +2011-03-25 David Kilzer <ddkilzer@apple.com> + + Remove duplicate entry from JavaScriptCore.exp + + JSC::createStackOverflowError(JSC::ExecState*) was originally + exported in r60057, then duplicated in r60392. + + * JavaScriptCore.exp: Removed duplicate entry. + +2011-03-25 Jarred Nicholls <jarred@sencha.com> + + Reviewed by Ariya Hidayat. + + [Qt] MSVC Build Error - need to link advapi32.lib for jsc.exe + https://bugs.webkit.org/show_bug.cgi?id=56098 + + Need to link advapi32.lib for jsc.exe since wtf/OSRandomSource.cpp uses the Win32 Crypto API + + * jsc.pro: + +2011-03-24 Nikolas Zimmermann <nzimmermann@rim.com> + + Reviewed by Darin Adler. + + Introduce WTF HexNumber.h + https://bugs.webkit.org/show_bug.cgi?id=56099 + + Introduce a set of functions that ease converting from a bye or a number to a hex string, + replacing several of these conversions and String::format("%x") usages all over WebCore. + + * GNUmakefile.am: Add HexNumber.h to build. + * JavaScriptCore.exp: Export StringBuilder::reserveCapacity. + * JavaScriptCore.gypi: Add HexNumber.h to build. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export StringBuilder::reserveCapacity. + * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add HexNumber.h to build. + * JavaScriptCore.xcodeproj/project.pbxproj: Ditto. + * wtf/CMakeLists.txt: Ditto. + * wtf/HexNumber.h: Added. + (WTF::Internal::hexDigitsForMode): Internal helper. + (WTF::appendByteAsHex): Free function, that appends a byte as hex string into a destination. + (WTF::placeByteAsHex): Ditto, but places the result using *foo++ = '..' or foo[index++] = '..' + (WTF::appendUnsignedAsHex): Free function, that appends a number as hex string into a destination. + +2011-03-24 Geoffrey Garen <ggaren@apple.com> + + Windows build fix take 2: Add new symobl. + + (I should have used the EWS bots for this!) + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-03-24 Geoffrey Garen <ggaren@apple.com> + + Windows build fix take 1: Removed old symobl. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-03-24 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Ensure that all compilation takes place within a dynamic global object scope + https://bugs.webkit.org/show_bug.cgi?id=57054 + <rdar://problem/9083011> + + Otherwise, entry to the global object scope might throw away the code + we just compiled, causing a crash. + + * JavaScriptCore.exp: Updated for signature change. + + * debugger/Debugger.cpp: + (JSC::evaluateInGlobalCallFrame): + * debugger/DebuggerCallFrame.cpp: + (JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls + here because (a) they took place outside a dynamic global object scope + and (b) they were redundant. + + * interpreter/CachedCall.h: + (JSC::CachedCall::CachedCall): Updated for signature change. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): Declare our dynamic global object + scope earlier, to ensure that compilation takes place within it. + + * runtime/Completion.cpp: + (JSC::evaluate): Removed explicit compilation calls here because (a) + they took place outside a dynamic global object scope and (b) they were + redundant. + + * runtime/Executable.h: + (JSC::EvalExecutable::compile): + (JSC::ProgramExecutable::compile): + (JSC::FunctionExecutable::compileForCall): + (JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to + verify our new invariant that all compilation takes place within a + dynamic global object scope. + + * runtime/JSGlobalObject.cpp: + (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): + * runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope + to require a JSGlobalData instead of an ExecState* since it is often + easier to provide the former, and the latter was not necessary. + +2011-03-24 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear + https://bugs.webkit.org/show_bug.cgi?id=55671 + + This is no longer necessary, and it seems that with the new weakmap + model it's simply unsafe, so this reduces it to a no-op. + + * API/JSWeakObjectMapRefPrivate.cpp: + +2011-03-24 Ben Taylor <bentaylor.solx86@gmail.com> + + Reviewed by Darin Adler. + + https://bugs.webkit.org/show_bug.cgi?id=20302 + Correct implementation of signbit on Solaris + + * wtf/MathExtras.h: + (signbit): + +2011-03-23 Mark Rowe <mrowe@apple.com> + + Reviewed by Darin Adler. + + <rdar://problem/7959320> Threads that use APIs above the BSD layer must be registered with the Obj-C GC. + + * wtf/ThreadingPthreads.cpp: + (WTF::initializeCurrentThreadInternal): + +2011-03-23 Mark Rowe <mrowe@apple.com> + + Stop setting OTHER_OPTIONS in JavaScriptCore's Makefile. + + It's not necessary to pass "-target All" as xcodebuild always builds the + first target in the project unless otherwise specified. The presence of + that option also breaks "make clean" since that results in both the + -target and -alltargets options being passed to xcodebuild. + + * Makefile: + +2011-03-23 Pavel Feldman <pfeldman@chromium.org> + + Not reviewed: bring back Vector::contains that was removed as a part of roll back. + + * wtf/Vector.h: + (WTF::::contains): + +2011-03-23 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r81686. + http://trac.webkit.org/changeset/81686 + https://bugs.webkit.org/show_bug.cgi?id=56914 + + Breaks webkit_tests in Chromium again. (Requested by pfeldman + on #webkit). + + * wtf/Vector.h: + +2011-03-23 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + JavaScriptCore GYP build should work on a case-sensitive file system + https://bugs.webkit.org/show_bug.cgi?id=56911 + + The issue is that there are two UString.h headers, one named UString.h + and one named ustring.h. This patch excludes ustring.h from the header + map to avoid confusion. While I was editing this part of the GYP file, + I cleaned up the exclude rules to be more modern. + + * gyp/JavaScriptCore.gyp: + +2011-03-22 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Maciej Stachowiak. + + REGRESSION (r78382): No scripts appear in the Web Inspector's Scripts + panel on Windows, and many inspector regression tests are failing + https://bugs.webkit.org/show_bug.cgi?id=54490 + + The bug was caused by two different classes using the same name (Recompiler). + + * debugger/Debugger.cpp: + * runtime/JSGlobalData.cpp: + (WTF::Recompiler::operator()): Put Recompiler in an anonymous namespace, + so our two recompilers' inline functions don't stomp each other at + link time. + +2011-03-22 Sam Weinig <sam@webkit.org> + + Reviewed by Mark Rowe. + + Remove USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER. + <rdar://problem/8944718> + + * DerivedSources.make: + Remove generation of USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER. + +2011-03-22 Gabor Loki <loki@webkit.org> + + Reviewed by Csaba Osztrogonác. + + [Qt] Add DFG module to build system (disabled by default). + https://bugs.webkit.org/show_bug.cgi?id=56845 + + * JavaScriptCore.pri: + * JavaScriptCore.pro: + +2011-03-22 Eric Seidel <eric@webkit.org> + + Reviewed by Adam Barth. + + Add support to build-webkit for building with gyp-generated project files + https://bugs.webkit.org/show_bug.cgi?id=56877 + + Found a couple missing Private headers while trying to make WebCore build. + + * JavaScriptCore.gypi: + +2011-03-22 Eric Seidel <eric@webkit.org> + + Reviewed by Adam Barth. + + Make it possible to build JavaScriptCore and WebCore gyp builds outside of Source + https://bugs.webkit.org/show_bug.cgi?id=56867 + + This should make it possible to build the gyp-generated JavaScriptCore.xcodeproj + from a JavaScriptCore directory outside of Source. + + * gyp/JavaScriptCore.gyp: + * gyp/run-if-exists.sh: Added. + * gyp/update-info-plist.sh: Added. + +2011-03-22 Eric Seidel <eric@webkit.org> + + Reviewed by Adam Barth. + + Add Profiling Configuration to JavaScriptCore gyp build + https://bugs.webkit.org/show_bug.cgi?id=56862 + + It appears this is identical to Release, but I suspect + there is someone/thing who uses the Profiling target + so we're adding it for completeness. + + * gyp/JavaScriptCore.gyp: + +2011-03-22 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Remove os_win32_files variable from the GYP build + https://bugs.webkit.org/show_bug.cgi?id=56804 + + Now that our understanding of GYP is sufficiently advanced, we don't + need os_win32_files any more. (Turns out Eric was right, as he always + is.) + + * JavaScriptCore.gypi: + +2011-03-22 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + GYP build of JavaScriptCore should be able to link from an empty WebKitBuild directory + https://bugs.webkit.org/show_bug.cgi?id=56803 + + Previously, we thought we should generate the derived source files in + the shared intermediate build products directory, but there are + assumptions built into other parts of the Mac build system that the + derived source files will be generated in a particular subdirectory of + the build products directory. + + This patch is a partial revert of the change that moved the derived + source files to the shared intermediate directory. After this patch, + the GYP build can build JavaScriptCore without help from the main + normal build system. + + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + * gyp/generate-derived-sources.sh: + * gyp/generate-dtrace-header.sh: + +2011-03-22 Jay Civelli <jcivelli@chromium.org> + + Reviewed by David Levin. + + Adding a contains method to Vector. + https://bugs.webkit.org/show_bug.cgi?id=55859 + + * wtf/Vector.h: + (WTF::Vector::contains): + +2011-03-22 Gabor Loki <loki@webkit.org> + + Reviewed by Alexey Proskuryakov. + + Fix a bunch of typos in DFG. + https://bugs.webkit.org/show_bug.cgi?id=56813 + + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::parse): + * dfg/DFGGenerationInfo.h: + (JSC::DFG::GenerationInfo::setSpilled): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGGraph.h: + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::setupStubArguments): + * dfg/DFGJITCompiler.cpp: + (JSC::DFG::JITCompiler::compileFunction): + * dfg/DFGJITCompiler.h: + * dfg/DFGNode.h: + * dfg/DFGNonSpeculativeJIT.h: + * dfg/DFGOperations.h: + * dfg/DFGRegisterBank.h: + (JSC::DFG::RegisterBank::allocate): + * dfg/DFGScoreBoard.h: + (JSC::DFG::ScoreBoard::~ScoreBoard): + (JSC::DFG::ScoreBoard::allocate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + +2011-03-22 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Production configuration in GYP isn't set up correctly + https://bugs.webkit.org/show_bug.cgi?id=56786 + + Update JavaScriptCore.gyp with information mined from + JavaScriptCore.xcodeproj. + + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + +2011-03-22 Kent Tamura <tkent@chromium.org> + + Reviewed by Eric Seidel. + + REGRESSION(r80096): Number type input unexpectedly rounds fractional values + https://bugs.webkit.org/show_bug.cgi?id=56367 + + Introduce clampToInteger(unsigned). + + * wtf/MathExtras.h: + (clampToInteger): Added. + +2011-03-21 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + GYP build should not have include paths that point within the source tree + https://bugs.webkit.org/show_bug.cgi?id=56788 + + Turns out we don't need these include paths anymore now that we have + header maps working properly. + + * gyp/JavaScriptCore.gyp: + - Also, remove jsc.cpp from the excluded list because it's not part + of the jsc_files variable instead of the javascriptcore_files + variable. + +2011-03-21 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Solve the Assertions.cpp / -Wno-missing-format-attribute mystery + https://bugs.webkit.org/show_bug.cgi?id=56780 + + The reason we couldn't resolve this warning in the GYP build was that + the normal build disables this warning specifically for this file. + This patch takes the same approach as the previous patch to + WebCoreObjCExtras.mm in that it uses a pragma to suppress the warning + (rather than a build system configuration). + + * JavaScriptCore.xcodeproj/project.pbxproj: + - Remove the special-case for this file. + * gyp/JavaScriptCore.gyp: + - Remove the work-around for this issue. + * wtf/Assertions.cpp: + - Add a pragma disabling this warning for this file. + +2011-03-21 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + WebCore GYP build shouldn't crash on startup + https://bugs.webkit.org/show_bug.cgi?id=56776 + + Debug builds shouldn't define NDEBUG. This same logic exists in the + project.pbxproj file. + + * gyp/JavaScriptCore.gyp: + +2011-03-21 Robert Kroeger <rjkroege@chromium.org> + + Reviewed by Antonio Gomes. + + Flag to enable/disable a GestureReocognizer framework + + https://bugs.webkit.org/show_bug.cgi?id=49345 + + * wtf/Platform.h: + +2011-03-21 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Add new files to JavaScriptCore.gypi + https://bugs.webkit.org/show_bug.cgi?id=56766 + + * JavaScriptCore.gypi: + +2011-03-21 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r81377. + http://trac.webkit.org/changeset/81377 + https://bugs.webkit.org/show_bug.cgi?id=56765 + + WebPageSerializerTest.MultipleFrames is broken (Requested by + simonjam on #webkit). + + * wtf/Vector.h: + +2011-03-21 Gabor Loki <loki@webkit.org> + + Reviewed by Csaba Osztrogonác. + + Extend constant pool to be able to store 16 bit instructions with a constant + https://bugs.webkit.org/show_bug.cgi?id=46796 + + The putShortWithConstantInt function inserts a 16 bit instruction which + refers a 32 bits constant or literal. This is a vital function for those + target which loads a PC relative value with a 16 bit instruction (like + Thumb-2 instruction set and SH4 architecture). + + * assembler/AssemblerBuffer.h: + (JSC::AssemblerBuffer::putIntegral): + (JSC::AssemblerBuffer::putIntegralUnchecked): + * assembler/AssemblerBufferWithConstantPool.h: + +2011-03-21 Philippe Normand <pnormand@igalia.com> + + Unreviewed, GTK distcheck build fix. + + * GNUmakefile.am: + +2011-03-20 Bill Budge <bbudge@chromium.org> + + Reviewed by Adam Barth. + + Rename ThreadSafeShared to ThreadSafeRefCounted + https://bugs.webkit.org/show_bug.cgi?id=56714 + + No new tests. Exposes no new functionality. + + * API/JSClassRef.h: + * API/OpaqueJSString.h: + * GNUmakefile.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/Atomics.h: + * wtf/CMakeLists.txt: + * wtf/CrossThreadRefCounted.h: + (WTF::CrossThreadRefCounted::CrossThreadRefCounted): + (WTF::::crossThreadCopy): + * wtf/ThreadSafeRefCounted.h: Copied from wtf/ThreadSafeShared.h. + (WTF::ThreadSafeRefCountedBase::ThreadSafeRefCountedBase): + (WTF::ThreadSafeRefCountedBase::ref): + (WTF::ThreadSafeRefCountedBase::refCount): + (WTF::ThreadSafeRefCountedBase::derefBase): + (WTF::ThreadSafeRefCounted::ThreadSafeRefCounted): + * wtf/ThreadSafeShared.h: Removed. + * wtf/Threading.h: + +2011-03-19 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Darin Adler. + + Remove StringImpl::computeHash() + https://bugs.webkit.org/show_bug.cgi?id=49894 + + Replace remainig StringImpl::computeHash with StringImpl::computeHashStringHasher. + + * wtf/text/AtomicString.cpp: + (WTF::CStringTranslator::hash): + (WTF::UCharBufferTranslator::hash): + (WTF::HashAndCharactersTranslator::hash): + * wtf/text/StringImpl.h: + (WTF::StringImpl::setHash): + (WTF::StringImpl::hash): + +2011-03-19 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Darin Adler. + + Rename WTF::StringHasher methods + https://bugs.webkit.org/show_bug.cgi?id=53532 + + Rename createHash to computeHash and createBlobHash to hashMemory. + Also add a using WTF::StringHasher in the header file. + + * profiler/CallIdentifier.h: + (JSC::CallIdentifier::Hash::hash): + * runtime/Identifier.cpp: + (JSC::IdentifierCStringTranslator::hash): + (JSC::IdentifierUCharBufferTranslator::hash): + * wtf/StringHasher.h: + (WTF::StringHasher::computeHash): + (WTF::StringHasher::hashMemory): + * wtf/text/StringHash.h: + (WTF::CaseFoldingHash::hash): + * wtf/text/StringImpl.h: + (WTF::StringImpl::computeHash): + * wtf/unicode/UTF8.cpp: + (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal): + +2011-03-18 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + [GTK] JSC crashes in 32bit Release bots after r80743 + https://bugs.webkit.org/show_bug.cgi?id=56180 + + The crash was caused by referencing GC memory from a GC destructor. This + is not safe because destruction time / order is not guaranteed. + + * profiler/ProfileGenerator.cpp: + (JSC::ProfileGenerator::create): + (JSC::ProfileGenerator::ProfileGenerator): + (JSC::ProfileGenerator::willExecute): + (JSC::ProfileGenerator::didExecute): + * profiler/ProfileGenerator.h: + (JSC::ProfileGenerator::origin): Made ExecState* the first argument, + to match the rest of this class and JSC. + + Use a JSGlobalObject* instead of an ExecState* with an indirect reference + to a JSGlobalObject* to track our origin. This is simpler and more + efficient, and it removes the destruction order dependency that was causing + our crash. + + * profiler/Profiler.cpp: + (JSC::Profiler::startProfiling): Updated for change to JSGlobalObject*. + (JSC::Profiler::stopProfiling): New function for stopping all profiles + for a given global object. This is more straight-forward than multiplexing + through the old function. + + (JSC::dispatchFunctionToProfiles): Updated for change to JSGlobalObject*. + * profiler/Profiler.h: Ditto. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::~JSGlobalObject): Ditto. + +2011-03-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + 1 Structure leaked beneath JSGlobalData::storeVPtrs() + https://bugs.webkit.org/show_bug.cgi?id=56595 + + * runtime/Executable.cpp: + (JSC::EvalExecutable::EvalExecutable): + (JSC::ProgramExecutable::ProgramExecutable): + (JSC::FunctionExecutable::FunctionExecutable): + * runtime/Executable.h: + (JSC::ExecutableBase::ExecutableBase): + (JSC::NativeExecutable::NativeExecutable): + (JSC::VPtrHackExecutable::VPtrHackExecutable): + (JSC::ScriptExecutable::ScriptExecutable): Use a raw pointer instead of + PassRefPtr, like JSString does, since JSGlobalData owns the singleton + exectuable structure. + +2011-03-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Mark Rowe. + + Fixed some string leaks seen on the buildbot + https://bugs.webkit.org/show_bug.cgi?id=56619 + + * runtime/PropertyMapHashTable.h: + (JSC::PropertyTable::~PropertyTable): DEref! + +2011-03-17 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Crash in JSC::MarkStack::drain Under Stress + https://bugs.webkit.org/show_bug.cgi?id=56470 + + We perform a number of gc allocations while when + we are setting up new globals in a piece of global + code. We do this by adding new properties to the + symbol table, and then expanding the storage to fit + at the end. + + If a GC happens during this time we will report an + incorrect size for the global object's symbol table + storage. + + This patch corrects this by growing the storage size + before we starting adding entries to the symbol table. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::resizeRegisters): + +2011-03-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + 1 Structure leaked beneath JSGlobalData::storeVPtrs() + https://bugs.webkit.org/show_bug.cgi?id=56595 + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::storeVPtrs): Take local ownership of the Structure + we're using, since the Executable is not designed to own the Structure. + +2011-03-17 Gavin Barraclough <barraclough@apple.com> + + Rubber Stamped by Sam Weinig. + + Add missing register-register branchTest8 to MacroAssemblerX86Common/X86Assembler. + + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::branchTest8): + * assembler/X86Assembler.h: + (JSC::X86Assembler::testb_rr): + +2011-03-17 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 56603 - DFG JIT related cleanup + Move node generation out to separate function, move binarySearch algorithm out + to StdLibExtras, fix Graph::dump() to print comma between non-node children, + even if there are no node children. + + * bytecode/CodeBlock.h: + (JSC::getCallReturnOffset): + (JSC::CodeBlock::getStubInfo): + (JSC::CodeBlock::getCallLinkInfo): + (JSC::CodeBlock::getMethodCallLinkInfo): + (JSC::CodeBlock::bytecodeOffset): + - Move binaryChop to binarySearch in StdLibExtras + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::ByteCodeParser): + (JSC::DFG::ByteCodeParser::parse): + (JSC::DFG::parse): + - Make m_noArithmetic a member, initialize m_currentIndex in the constructor. + * dfg/DFGByteCodeParser.h: + - Change parse() to not take a start index (always 0). + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + - Fix Graph::dump() to print comma between non-node children, even if there are no node children. + * dfg/DFGJITCodeGenerator.h: + (JSC::DFG::JITCodeGenerator::JITCodeGenerator): + - Initialize m_compileIndex in constructor. + * dfg/DFGNonSpeculativeJIT.cpp: + (JSC::DFG::NonSpeculativeJIT::compile): + * dfg/DFGNonSpeculativeJIT.h: + - Spilt out compilation of individual node. + * dfg/DFGOperations.cpp: + (JSC::DFG::operationConvertThis): + * dfg/DFGOperations.h: + - Cleanup parameter name. + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT.h: + - Spilt out compilation of individual node. + * runtime/Executable.cpp: + (JSC::tryDFGCompile): + - Change parse() to not take a start index (always 0). + * wtf/StdLibExtras.h: + (WTF::binarySearch): + - Move binaryChop to binarySearch in StdLibExtras + +2011-03-17 Anders Carlsson <andersca@apple.com> + + Reviewed by Geoffrey Garen. + + Fix clang build. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::storeVPtrs): + +2011-03-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + 1 Structure leaked beneath JSGlobalData::storeVPtrs() + https://bugs.webkit.org/show_bug.cgi?id=56595 + + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::storeVPtrs): Now that we have an executable, we need + to explicitly run its destructor. + +2011-03-17 Jeff Miller <jeffm@apple.com> + + Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj directories, specifically: + + *.mode* + *.pbxuser + *.perspective* + project.xcworkspace + xcuserdata + + * JavaScriptCore.xcodeproj: Modified property svn:ignore. + +2011-03-17 Gavin Barraclough <barraclough@apple.com> + + Reverting r81197, breaks JIT + INTERPRETER build. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset): + (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addPropertyAccessInstruction): + (JSC::CodeBlock::addGlobalResolveInstruction): + (JSC::CodeBlock::addStructureStubInfo): + * bytecode/Opcode.h: + * bytecode/StructureStubInfo.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitGetById): + (JSC::BytecodeGenerator::emitPutById): + (JSC::BytecodeGenerator::emitDirectPutById): + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitConstruct): + (JSC::BytecodeGenerator::emitCatch): + +2011-03-17 Ben Taylor <bentaylor.solx86@gmail.com> + + Reviewed by Alexey Proskuryakov. + + Add a COMPILER(SUNCC) define for Sun Studio 12. + https://bugs.webkit.org/show_bug.cgi?56444 + derived from patch 1 of 16 originally from https://bugs.webkit.org/show_bug.cgi?id=24932 + + * wtf/Platform.h: + +2011-03-17 Jay Civelli <jcivelli@chromium.org> + + Reviewed by David Levin. + + Adding a contains method to Vector. + https://bugs.webkit.org/show_bug.cgi?id=55859 + + * wtf/Vector.h: + (WTF::::operator): + (WTF::::contains): + +2011-03-17 Patrick Gansterer <paroga@webkit.org> + + Fix the interpreter build. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): Added globalData to inheritorID(). + +2011-03-16 Sam Weinig <sam@webkit.org> + + Fix the interpreter build. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::resolve): + (JSC::Interpreter::resolveSkip): + (JSC::Interpreter::resolveGlobal): + (JSC::Interpreter::resolveGlobalDynamic): + (JSC::Interpreter::resolveBaseAndProperty): + (JSC::Interpreter::privateExecute): + Remove .get()s. + +2011-03-16 Adam Barth <abarth@webkit.org> + + Reviewed by James Robinson. + + Remove USE(BUILTIN_UTF8_CODEC) + https://bugs.webkit.org/show_bug.cgi?id=56508 + + We added this recently when we were unsure about the stability of the + built-in UTF-8 codec. However, the codec seems to be stable, so we + don't need the macro. + + * wtf/Platform.h: + +2011-03-16 Daniel Bates <dbates@rim.com> + + Reviewed by Darin Adler. + + Make JIT build for ARM Thumb-2 with RVCT + https://bugs.webkit.org/show_bug.cgi?id=56440 + + Derived from a patch by Dave Tapuska. + + Also, modify the RVCT stub template to indicate that it preserves 8 byte stack alignment. + + * jit/JITStubs.cpp: + +2011-03-16 Chao-ying Fu <fu@mips.com> + + Reviewed by Darin Adler. + + Fix MIPS build with const *void + https://bugs.webkit.org/show_bug.cgi?id=56513 + + * assembler/MacroAssemblerMIPS.h: + (JSC::MacroAssemblerMIPS::load32): + (JSC::MacroAssemblerMIPS::store32): + +2011-03-16 Oliver Hunt <oliver@apple.com> + + Reviewed by Darin Adler. + + Remove unnecessary caller tracking shenanigans from CodeBlock + https://bugs.webkit.org/show_bug.cgi?id=56483 + + This removes some leftover cruft from when we made CodeBlock + mark its callees. Removing it gives us a 0.7% progression, + reducing the overall regression to ~1.3%. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::shrinkToFit): + * bytecode/CodeBlock.h: + (JSC::CallLinkInfo::CallLinkInfo): + * jit/JIT.cpp: + (JSC::JIT::linkCall): + (JSC::JIT::linkConstruct): + +2011-03-15 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make Structure creation require a JSGlobalData + https://bugs.webkit.org/show_bug.cgi?id=56438 + + Mechanical change to make Structure::create require JSGlobalData&, and + require all users to provide the globalData. + + * API/JSCallbackConstructor.h: + (JSC::JSCallbackConstructor::createStructure): + * API/JSCallbackFunction.h: + (JSC::JSCallbackFunction::createStructure): + * API/JSCallbackObject.h: + (JSC::JSCallbackObject::createStructure): + * API/JSContextRef.cpp: + * JavaScriptCore.exp: + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::DebuggerActivation): + * debugger/DebuggerActivation.h: + (JSC::DebuggerActivation::createStructure): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jsc.cpp: + (GlobalObject::GlobalObject): + (functionRun): + (jscmain): + * runtime/Arguments.h: + (JSC::Arguments::createStructure): + * runtime/ArrayPrototype.h: + (JSC::ArrayPrototype::createStructure): + * runtime/BooleanObject.h: + (JSC::BooleanObject::createStructure): + * runtime/DateInstance.h: + (JSC::DateInstance::createStructure): + * runtime/DatePrototype.h: + (JSC::DatePrototype::createStructure): + * runtime/ErrorInstance.h: + (JSC::ErrorInstance::createStructure): + * runtime/Executable.h: + (JSC::ExecutableBase::createStructure): + (JSC::EvalExecutable::createStructure): + (JSC::ProgramExecutable::createStructure): + (JSC::FunctionExecutable::createStructure): + * runtime/FunctionPrototype.h: + (JSC::FunctionPrototype::createStructure): + * runtime/GetterSetter.h: + (JSC::GetterSetter::createStructure): + * runtime/InternalFunction.h: + (JSC::InternalFunction::createStructure): + * runtime/JSAPIValueWrapper.h: + (JSC::JSAPIValueWrapper::createStructure): + * runtime/JSActivation.h: + (JSC::JSActivation::createStructure): + * runtime/JSArray.cpp: + (JSC::JSArray::JSArray): + * runtime/JSArray.h: + (JSC::JSArray::createStructure): + * runtime/JSByteArray.cpp: + (JSC::JSByteArray::createStructure): + * runtime/JSByteArray.h: + (JSC::JSByteArray::JSByteArray): + * runtime/JSCell.h: + (JSC::JSCell::JSCell::createDummyStructure): + * runtime/JSFunction.h: + (JSC::JSFunction::createStructure): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::storeVPtrs): + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::JSGlobalObject): + (JSC::JSGlobalObject::createStructure): + * runtime/JSNotAnObject.h: + (JSC::JSNotAnObject::createStructure): + * runtime/JSONObject.h: + (JSC::JSONObject::createStructure): + * runtime/JSObject.cpp: + (JSC::JSObject::createInheritorID): + * runtime/JSObject.h: + (JSC::JSObject::createStructure): + (JSC::JSNonFinalObject::createStructure): + (JSC::JSFinalObject::createStructure): + (JSC::createEmptyObjectStructure): + (JSC::JSObject::inheritorID): + * runtime/JSObjectWithGlobalObject.h: + (JSC::JSObjectWithGlobalObject::createStructure): + * runtime/JSPropertyNameIterator.h: + (JSC::JSPropertyNameIterator::createStructure): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::createStructure): + * runtime/JSString.h: + (JSC::RopeBuilder::createStructure): + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::createStructure): + * runtime/JSWrapperObject.h: + (JSC::JSWrapperObject::createStructure): + * runtime/JSZombie.h: + (JSC::JSZombie::createStructure): + * runtime/MathObject.h: + (JSC::MathObject::createStructure): + * runtime/NativeErrorConstructor.cpp: + (JSC::NativeErrorConstructor::NativeErrorConstructor): + * runtime/NativeErrorConstructor.h: + (JSC::NativeErrorConstructor::createStructure): + * runtime/NumberConstructor.h: + (JSC::NumberConstructor::createStructure): + * runtime/NumberObject.h: + (JSC::NumberObject::createStructure): + * runtime/ObjectConstructor.h: + (JSC::ObjectConstructor::createStructure): + * runtime/RegExpConstructor.h: + (JSC::RegExpConstructor::createStructure): + * runtime/RegExpObject.h: + (JSC::RegExpObject::createStructure): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::createStructure): + * runtime/StringObject.h: + (JSC::StringObject::createStructure): + * runtime/StringObjectThatMasqueradesAsUndefined.h: + (JSC::StringObjectThatMasqueradesAsUndefined::createStructure): + * runtime/StringPrototype.h: + (JSC::StringPrototype::createStructure): + * runtime/Structure.h: + (JSC::Structure::create): + +2011-03-16 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Some conservative root gathering cleanup + https://bugs.webkit.org/show_bug.cgi?id=56447 + + SunSpider says 0.5% - 1.8% faster. + + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::gatherConservativeRoots): + * interpreter/RegisterFile.h: New helper function for doing the + conservative gathering of the register file. It's still conservative, + since the register file may contain uninitialized values, but it's + moving-safe, because it only visits values tagged as pointers, so there's + no risk of mistaking an integer for a pointer and accidentally changing it. + + * runtime/ConservativeSet.cpp: + (JSC::ConservativeRoots::add): + * runtime/ConservativeSet.h: Added a single-value add function, used above. + + * runtime/Heap.cpp: + (JSC::Heap::markRoots): Separated machine stack conservative roots from + register file conservative roots because machine stack roots must be + pinned, but register file roots need not be pinned. + + Adopted new interface for passing the current stack extent to the machine + stack root gathering routine. This allows us to exclude marking-related + data structures on the stack, and thus avoid double-marking the set of + machine roots. + + * runtime/MachineStackMarker.cpp: + (JSC::MachineThreads::gatherFromCurrentThread): + (JSC::MachineThreads::gatherConservativeRoots): + * runtime/MachineStackMarker.h: Added new interface, described above. + + * runtime/MarkedBlock.h: + (JSC::MarkedBlock::firstAtom): + * wtf/StdLibExtras.h: + (WTF::roundUpToMultipleOf): Moved roundUpToMultipleOf so it could be used + by MachineStacks. + +2011-03-16 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + A little bit of MarkStack cleanup + https://bugs.webkit.org/show_bug.cgi?id=56443 + + Moved MarkStack functions into MarkStack.h/.cpp. + + SunSpider reports no change. + + * runtime/JSArray.h: + * runtime/JSCell.h: Moved from here... + * runtime/MarkStack.cpp: + (JSC::MarkStack::markChildren): + (JSC::MarkStack::drain): ...to here. Also, no need to inline drain. It's + a huge function, and not called many times. + + * runtime/MarkStack.h: + (JSC::MarkStack::~MarkStack): Moved near constructor, per style guide. + (JSC::MarkStack::append): + (JSC::MarkStack::deprecatedAppend): + (JSC::MarkStack::internalAppend): Moved to here. + +2011-03-15 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed another deprecatedAppend + https://bugs.webkit.org/show_bug.cgi?id=56429 + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::markStrongHandles): + * collector/handles/HandleHeap.h: Use HeapRootMarker, since handles are + marked directly by the Heap. + + * runtime/Heap.cpp: + (JSC::Heap::markRoots): Ditto. + +2011-03-15 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed some more deprecated / unsafe append + https://bugs.webkit.org/show_bug.cgi?id=56428 + + * collector/handles/HandleStack.cpp: + (JSC::HandleStack::mark): + * collector/handles/HandleStack.h: Mark the handle stack using a HeapRoot + marker, since it's a heap root. + + * runtime/ArgList.cpp: + (JSC::MarkedArgumentBuffer::markLists): + (JSC::MarkedArgumentBuffer::slowAppend): + * runtime/ArgList.h: Ditto. + + * runtime/Heap.cpp: + (JSC::Heap::markRoots): Added a mark call for marking the handle stack. + It seems like Oliver forgot this in his last patch. (!) + + * runtime/MarkStack.h: Removed appendSlots, since it would allow an + object to embed JSValues directly instead of using WriteBarrier. + + (JSC::MarkStack::append): Added a private append for a list of values. + + (JSC::HeapRootMarker::mark): Access to the above. + +2011-03-15 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed a few more deprecatedAppends, and removed HeapRoot<T> + https://bugs.webkit.org/show_bug.cgi?id=56422 + + Added HeapRootMarker, a privileged class for marking direct heap roots + that are iterated during each garbage collection. This is easier to use + and more reliable than HeapRoot<T>, so I've removed HeapRoot<T>. + + * debugger/Debugger.cpp: + (JSC::evaluateInGlobalCallFrame): + * debugger/DebuggerCallFrame.cpp: + (JSC::DebuggerCallFrame::evaluate): + * interpreter/CallFrame.h: + (JSC::ExecState::exception): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/Completion.cpp: + (JSC::evaluate): exception is no longer a HeapRoot<T>, so no need to + call .get() on it. + + * runtime/Heap.cpp: + (JSC::Heap::markProtectedObjects): + (JSC::Heap::markTempSortVectors): + (JSC::Heap::markRoots): + * runtime/Heap.h: Updated to use HeapRootMarker. + + * runtime/JSCell.h: + (JSC::JSCell::MarkStack::append): Added private functions for + HeapRootMarker to use. + + * runtime/JSGlobalData.h: exception is no longer a HeapRoot<T>. + + * runtime/MarkStack.h: + (JSC::HeapRootMarker::HeapRootMarker): + (JSC::HeapRootMarker::mark): Added private functions for + HeapRootMarker to use. + + * runtime/SmallStrings.cpp: + (JSC::SmallStrings::markChildren): Updated to use HeapRootMarker. + + * runtime/SmallStrings.h: + (JSC::SmallStrings::emptyString): + (JSC::SmallStrings::singleCharacterString): + (JSC::SmallStrings::singleCharacterStrings): Updated to use HeapRootMarker. + + * runtime/WriteBarrier.h: Removed HeapRoot<T>. + +2011-03-14 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Made the global object moving-GC-safe + https://bugs.webkit.org/show_bug.cgi?id=56348 + + SunSpider reports no change. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::markChildren): Removed a dubious comment that + suggested we do not need to visit all our references during GC, since + that is not true in a moving GC. + + Re-sorted data members by type, removed one duplicate, and added back + the one missing mark I found. + + * runtime/JSGlobalObject.h: Re-sorted data members by type. + +2011-03-15 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Introduce Local<T> to allow us to start moving to precise marking of locals + https://bugs.webkit.org/show_bug.cgi?id=56394 + + Introduce a new handle type, Local<T> and a scoping mechanism + LocalScope to allow us to start moving towards precise marking + of temporaries and local variables. + + We also start to use the new Local<> type in the JSON stringifier + so that we can have some coverage of their behaviour in the initial + checkin. + + * GNUmakefile.am: + * JavaScriptCore.gypi: + * JavaScriptCore.pro: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * collector/handles/Handle.h: + (JSC::::asObject): + * collector/handles/HandleStack.cpp: Added. + (JSC::HandleStack::HandleStack): + (JSC::HandleStack::mark): + (JSC::HandleStack::grow): + * collector/handles/HandleStack.h: Added. + (JSC::HandleStack::enterScope): + (JSC::HandleStack::zapTo): + (JSC::HandleStack::leaveScope): + (JSC::HandleStack::push): + * collector/handles/Local.h: Added. + (JSC::Local::internalSet): + (JSC::::Local): + (JSC::::operator): + (JSC::LocalStack::LocalStack): + (JSC::LocalStack::peek): + (JSC::LocalStack::pop): + (JSC::LocalStack::push): + (JSC::LocalStack::isEmpty): + (JSC::LocalStack::size): + * collector/handles/LocalScope.h: Added. + (JSC::LocalScope::LocalScope): + (JSC::LocalScope::~LocalScope): + (JSC::LocalScope::release): + * runtime/Heap.cpp: + (JSC::Heap::markRoots): + * runtime/Heap.h: + (JSC::Heap::allocateLocalHandle): + (JSC::Heap::handleStack): + * runtime/JSCell.h: + (JSC::JSCell::::getString): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::allocateLocalHandle): + * runtime/JSONObject.cpp: + (JSC::Stringifier::Stringifier): + (JSC::Stringifier::stringify): + (JSC::Stringifier::appendStringifiedValue): + (JSC::Stringifier::Holder::Holder): + (JSC::Walker::Walker): + (JSC::Walker::walk): + (JSC::JSONProtoFuncParse): + (JSC::JSONProtoFuncStringify): + (JSC::JSONStringify): + * runtime/JSONObject.h: + * runtime/MarkStack.h: + (JSC::MarkStack::appendValues): + (JSC::MarkStack::appendSlots): + +2011-03-15 Gavin Barraclough <barraclough@apple.com> + + Rubber Stamped by Sam Weinig. + + Bug 56420 - Remove ENABLE(JIT) code from ByteCompiler + Some methods have unnecessary differences in name/arguments for interpreter/JIT. + + * bytecode/CodeBlock.cpp: + * bytecode/CodeBlock.h: + (JSC::HandlerInfo::HandlerInfo): + (JSC::CodeBlock::addPropertyAccessInfo): + (JSC::CodeBlock::addGlobalResolveInfo): + (JSC::CodeBlock::addCallLinkInfo): + (JSC::CodeBlock::globalResolveInfo): + * bytecode/Opcode.h: + * bytecode/StructureStubInfo.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitGetById): + (JSC::BytecodeGenerator::emitPutById): + (JSC::BytecodeGenerator::emitDirectPutById): + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitConstruct): + (JSC::BytecodeGenerator::emitCatch): + +2011-03-15 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Fix broken assert in new code. + + * dfg/DFGAliasTracker.h: + (JSC::DFG::AliasTracker::recordPutByVal): + - recordPutByVal is called for both PutByVal & PutByValAlias. + +2011-03-15 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by Sam Weinig. + + Removed redundant code from BytecodeGenerator. + + * bytecompiler/BytecodeGenerator.cpp: + * bytecompiler/BytecodeGenerator.h: + - delete uncalled code missed when reparsing was removed. + +2011-03-15 Kevin Ollivier <kevino@theolliviers.com> + + Reviewed by Darin Adler. + + Introduce WTF_USE_EXPORT_MACROS, which will allow us to put shared library import/export + info into the headers rather than in export symbol definition files, but disable it on + all platforms initially so we can deal with port build issues one port at a time. + + https://bugs.webkit.org/show_bug.cgi?id=27551 + + * API/JSBase.h: + * config.h: + * wtf/Assertions.h: + * wtf/ExportMacros.h: Added. + * wtf/Platform.h: + +2011-03-14 Laszlo Gombos <laszlo.1.gombos@nokia.com> + + Unreviewed build fix. + + Buildfix when JIT is not enabled after r81079 + https://bugs.webkit.org/show_bug.cgi?id=56361 + + * runtime/Executable.cpp: + +2011-03-14 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Made the global object moving-GC-safe + https://bugs.webkit.org/show_bug.cgi?id=56348 + + SunSpider reports no change. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::markChildren): Removed a dubious comment that + suggested we do not need to visit all our references during GC, since + that is not true in a moving GC. + + Re-sorted data members by type, removed one duplicate, and added back + the one missing mark I found. + + * runtime/JSGlobalObject.h: Re-sorted data members by type. + +2011-03-14 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Made JSWrapperObject and subclasses moving-GC-safe + https://bugs.webkit.org/show_bug.cgi?id=56346 + + SunSpider reports no change. + + * runtime/BooleanObject.cpp: + (JSC::BooleanObject::BooleanObject): + * runtime/DateInstance.cpp: + (JSC::DateInstance::DateInstance): No more need for JSGlobalData, since + we don't initialize the wrapped value in our constructor. + + * runtime/DateInstance.h: Don't set the OverridesMarkChildren flag because + we do not in fact override markChildren. + + * runtime/DatePrototype.h: Declare an anonymous slot, since wrapper object + no longer does so for us. Also added an ASSERT to catch a latent bug, + where DatePrototype stomped on its base class's anonymous slot. Hard-coded + anonymous slots are a plague on our code. This doesn't cause any problems + in our existing code since the base class never reads the anonymous slot + it declares, but it caused crashes when I tried to start using the slot + in an initial version of this patch. + + * runtime/JSWrapperObject.h: + (JSC::JSWrapperObject::JSWrapperObject): + (JSC::JSWrapperObject::internalValue): + (JSC::JSWrapperObject::setInternalValue): Resolved a problem where + our internal value was stored in two places: an anonymous slot, and a + data member which was not always visited during GC. Now, we only use the + data member, and we always visit it. (Instead of relying on certain + subclasses to set the OverridesMarkChildren bit, we set it ourselves.) + + * runtime/NumberObject.cpp: + (JSC::NumberObject::NumberObject): No more need for JSGlobalData, since + we don't initialize the wrapped value in our constructor. + + * runtime/NumberObject.h: Removed meaningless declaration. + + * runtime/StringObject.cpp: + (JSC::StringObject::StringObject): No more need for JSGlobalData, since + we don't initialize the wrapped value in our constructor. + + * runtime/StringObject.h: Don't set the OverridesMarkChildren flag because + we do not in fact override markChildren. + + * runtime/StringPrototype.h: Declare an anonymous slot, since wrapper object + no longer does so for us. Also added an ASSERT to catch a latent bug, + where DatePrototype stomped on its base class's anonymous slot. Hard-coded + anonymous slots are a plague on our code. + +2011-03-14 Michael Saboff <msaboff@apple.com> + + Reviewed by Gavin Barraclough. + + Look-ahead assertions with back references don’t work as expected + https://bugs.webkit.org/show_bug.cgi?id=56082 + + Changed parentheses assertion processing to temporarily back out the + number of known characters after the assertion while processing the + assertion. This was done so that assertions don't fail due to + checking the number of required characters as additional to the + rest of the express since assertions don't "consume" input. + Added a byte code to uncheck characters to support the change. + + * yarr/YarrInterpreter.cpp: + (JSC::Yarr::Interpreter::matchDisjunction): + (JSC::Yarr::ByteCompiler::uncheckInput): + (JSC::Yarr::ByteCompiler::emitDisjunction): + * yarr/YarrInterpreter.h: + (JSC::Yarr::ByteTerm::UncheckInput): + +2011-03-14 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com> + + Reviewed by Laszlo Gombos. + + [Qt] Warning that round/roundf functions are already defined when compiled with RVCT 4 on symbian. + https://bugs.webkit.org/show_bug.cgi?id=56133 + + Add condition to not compile webkit internal math round functions on RVCT compiler versions + from 3.0.0 because they are already defined in compiler math library. + + * wtf/MathExtras.h: + +2011-03-14 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Geoffrey Garen & Oliver Hunt. + + Bug 56284 - Add a dataflow intermediate representation for use in JIT generation. + + The JSC JIT presently generates code directly from the bytecode used by the interpreter. + This is not an optimal intermediate representation for JIT code generation, since it does + not capture liveness information of values, and provides little opportunity to perform + any static analysis for even primitive types. The JIT currently generates two code paths, + a fast path handling common cases, and a slower path handling less common operand types. + However the slow path jumps back into the fast path, meaning that information arising + from the earlier type checks cannot be propagated to later operations. + + This patch adds: + * a dataflow intermediate representation capable of describing a single basic block + of operations, + * a mechanism to convert a simple, single-block bytecode functions to the new IR, + * and a JIT code generator capable of generating code from this representation. + + The JIT generates two code paths, with the slower path not reentering the fast path + mid-block, allowing speculative optimizations to be made on the hot path, with type + information arising from these speculative decisions able to be propagated through the + dataflow. Code generation of both speculative and non-speculative paths exploits the type + and liveness information represented in the dataflow graph to attempt to avoid redundant + boxing and type-checking of values, and to remove unnecessary spills of temporary values + to the RegisterFile. + + The dataflow JIT currently can only support a subset of bytecode operations, limited to + arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the + dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be + expanded to include, control-flow, function calls, and then the long-tail of remaining + bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of + this only supports x86-64. + + The status of the dataflow JIT is currently work-in-progress. Limitations of the present + JIT code generation may cause performance regressions, particularly: + * the policy to only generate arithmetic code on the speculative path using integer + instructions, never using floating point. + * the policy to only generate arithmetic code on the non-speculative path using + floating point instructions, never using integer. + * always generating JSValue adds on the non-speculative path as a call out to a + C-function, never handling this in JIT code. + * always assuming by-Value property accesses on the speculative path to be array + accesses. + * generating all by-Value property accesses from the non-speculative path as a call + out to a C-function. + * generating all by-Indentifer property accesses as a call out to a C-function. + Due to these regressions, the code is landed in a state where it is disabled in most + cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are + addressed, the JIT will be allowed to trigger in more cases. + + * JavaScriptCore.xcodeproj/project.pbxproj: + - Added new files to Xcode project. + * dfg: Added. + - Added directory for new code. + * dfg/DFGByteCodeParser.cpp: Added. + * dfg/DFGByteCodeParser.h: Added. + - Contruct a DFG::Graph representation from a bytecode CodeBlock. + * dfg/DFGGenerationInfo.h: Added. + - Track type & register information for VirtualRegisters during JIT code generation. + * dfg/DFGGraph.cpp: Added. + * dfg/DFGGraph.h: Added. + - Dataflow graph intermediate representation for code generation. + * dfg/DFGJITCodeGenerator.cpp: Added. + * dfg/DFGJITCodeGenerator.h: Added. + - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality. + * dfg/DFGJITCompiler.cpp: Added. + * dfg/DFGJITCompiler.h: Added. + - Class responsible for driving code generation of speculativeJIT & non-speculative + code paths from the dataflow graph. + * dfg/DFGNonSpeculativeJIT.cpp: Added. + * dfg/DFGNonSpeculativeJIT.h: Added. + - Used to generate the non-speculative code path, this make no assumptions + about operand types. + * dfg/DFGOperations.cpp: Added. + * dfg/DFGOperations.h: Added. + - Helper functions called from the JIT generated code. + * dfg/DFGRegisterBank.h: Added. + - Used to track contents of physical registers during JIT code generation. + * dfg/DFGSpeculativeJIT.cpp: Added. + * dfg/DFGSpeculativeJIT.h: Added. + - Used to generate the speculative code path, this make assumptions about + operand types to enable optimization. + * runtime/Executable.cpp: + - Add code to attempt to use the DFG JIT to compile a function, with fallback + to the existing JIT. + * wtf/Platform.h: + - Added compile guards to enable the DFG JIT. + +2011-03-14 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed more cases of DeprecatedPtr (exception, SmallStrings) + https://bugs.webkit.org/show_bug.cgi?id=56332 + + * runtime/Identifier.cpp: + (JSC::Identifier::add): + (JSC::Identifier::addSlowCase): Use a variable instead of a hard-coded + constant, to make this code less brittle. + + * runtime/JSGlobalData.h: Use HeapRoot instead of DeprecatedPtr because + this reference is owned and managed directly by the heap. + + * runtime/JSString.cpp: + (JSC::JSString::substringFromRope): + * runtime/JSString.h: + (JSC::jsSingleCharacterString): + (JSC::jsSingleCharacterSubstring): + (JSC::jsString): + (JSC::jsStringWithFinalizer): + (JSC::jsSubstring): + (JSC::jsOwnedString): Use a variable instead of a hard-coded + constant, to make this code less brittle. + + * runtime/SmallStrings.cpp: + (JSC::SmallStringsStorage::rep): + (JSC::SmallStringsStorage::SmallStringsStorage): + (JSC::SmallStrings::SmallStrings): + (JSC::SmallStrings::markChildren): + (JSC::SmallStrings::clear): + (JSC::SmallStrings::count): Use a variable instead of a hard-coded + constant, to make this code less brittle. + + * runtime/SmallStrings.h: + (JSC::SmallStrings::singleCharacterString): Use HeapRoot instead of + DeprecatedPtr because these references are owned and managed directly by + the heap. + + Stop using FixedArray because we only want a very limited set + of classes to be able to use HeapRoot. (Replaced with manual ASSERTs.) + + * runtime/WriteBarrier.h: + (JSC::operator==): + (JSC::WriteBarrier::WriteBarrier): + (JSC::HeapRoot::HeapRoot): + (JSC::HeapRoot::operator=): Added HeapRoot, which is allowed to set + without write barrier because we assume all HeapRoots are scanned during + all GC passes. + +2011-03-14 Brian Weinstein <bweinstein@apple.com> + + Reviewed by Adam Roben and Gavin Barraclough. + + FileSystemWin.cpp needs listDirectory() implementation + https://bugs.webkit.org/show_bug.cgi?id=56331 + <rdar://problem/9126635> + + Give StringConcatenate the ability to deal with const UChar*'s as a String type to append. + + * wtf/text/StringConcatenate.h: + +2011-03-14 Mark Rowe <mrowe@apple.com> + + Reviewed by Oliver Hunt. + + <http://webkit.org/b/56304> REGRESSION(r80892): 100,000+ leaks seen on the build bot + + * API/JSClassRef.cpp: + (OpaqueJSClass::OpaqueJSClass): Don't leak any existing entry for the given name if + the class definition contains duplicates. This also removes what look to be leaks + of the StringImpl instances that are used as keys: the HashMap key type is a RefPtr + which retains / releases the instances at the appropriate time, so explicitly calling + ref is not necessary. + +2011-03-14 Oliver Hunt <oliver@apple.com> + + Fix windows build + + * jit/JSInterfaceJIT.h: + (JSC::JSInterfaceJIT::emitLoadInt32): + (JSC::JSInterfaceJIT::tagFor): + (JSC::JSInterfaceJIT::payloadFor): + (JSC::JSInterfaceJIT::intPayloadFor): + (JSC::JSInterfaceJIT::intTagFor): + (JSC::JSInterfaceJIT::addressFor): + +2011-03-11 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Ensure all values are correctly tagged in the registerfile + https://bugs.webkit.org/show_bug.cgi?id=56214 + + This patch makes sure that all JSCell pointers written to + the registerfile are correctly tagged as JSCells, and replaces + raw int usage with the immediate representation. + + For performance, register pressure, and general saneness reasons + I've added abstractions for reading and writing the tag + and payload of integer registers directly for the JSVALUE64 + encoding. + + * interpreter/Register.h: + (JSC::Register::withInt): + (JSC::Register::withCallee): + (JSC::Register::operator=): + (JSC::Register::i): + (JSC::Register::activation): + (JSC::Register::function): + (JSC::Register::propertyNameIterator): + (JSC::Register::scopeChain): + * jit/JIT.h: + * jit/JITCall.cpp: + (JSC::JIT::compileOpCallInitializeCallFrame): + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCallInitializeCallFrame): + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCall): + (JSC::JIT::compileOpCallSlowCase): + * jit/JITInlineMethods.h: + (JSC::JIT::emitPutToCallFrameHeader): + (JSC::JIT::emitPutCellToCallFrameHeader): + (JSC::JIT::emitPutIntToCallFrameHeader): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_next_pname): + (JSC::JIT::emit_op_load_varargs): + (JSC::JIT::emitSlow_op_load_varargs): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_next_pname): + * jit/JSInterfaceJIT.h: + (JSC::JSInterfaceJIT::intPayloadFor): + (JSC::JSInterfaceJIT::intTagFor): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::returnJSValue): + (JSC::SpecializedThunkJIT::returnDouble): + (JSC::SpecializedThunkJIT::returnInt32): + (JSC::SpecializedThunkJIT::returnJSCell): + +2011-03-13 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + A few Heap-related renames (sans file moves, which should come next) + https://bugs.webkit.org/show_bug.cgi?id=56283 + + ConservativeSet => ConservativeRoots. "Set" was misleading, since items + are not uniqued. Also, "Roots" is more specific about what's in the set. + + MachineStackMarker => MachineThreads. "Threads" is more descriptive of + the fact that this class maintains a set of all threads using JSC. + "Stack" was misleading, since this class traverses stacks and registers. + "Mark" was misleading, since this class doesn't mark anything anymore. + + registerThread => addCurrentThread. "Current" is more specific. + unregisterThread => removeCurrentThread. "Current" is more specific. + + "currentThreadRegistrar" => threadSpecific. The only point of this data + structure is to register a thread-specific destructor with a pointer to + this. + + "mark...Conservatively" => "gather". "Mark" is not true, since these + functions don't mark anything. "Conservatively" is redundant, since they + take "ConservativeRoots" as an argument. + + * API/APIShims.h: + (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): + * JavaScriptCore.exp: + * runtime/ConservativeSet.cpp: + (JSC::ConservativeRoots::grow): + (JSC::ConservativeRoots::add): + * runtime/ConservativeSet.h: + (JSC::ConservativeRoots::ConservativeRoots): + (JSC::ConservativeRoots::~ConservativeRoots): + (JSC::ConservativeRoots::size): + (JSC::ConservativeRoots::roots): + * runtime/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::markRoots): + * runtime/Heap.h: + (JSC::Heap::machineThreads): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::makeUsableFromMultipleThreads): + * runtime/MachineStackMarker.cpp: + (JSC::MachineThreads::MachineThreads): + (JSC::MachineThreads::~MachineThreads): + (JSC::MachineThreads::makeUsableFromMultipleThreads): + (JSC::MachineThreads::addCurrentThread): + (JSC::MachineThreads::removeThread): + (JSC::MachineThreads::removeCurrentThread): + (JSC::MachineThreads::gatherFromCurrentThreadInternal): + (JSC::MachineThreads::gatherFromCurrentThread): + (JSC::MachineThreads::gatherFromOtherThread): + (JSC::MachineThreads::gatherConservativeRoots): + * runtime/MachineStackMarker.h: + * runtime/MarkStack.h: + (JSC::MarkStack::append): + +2011-03-13 David Kilzer <ddkilzer@apple.com> + + BUILD FIX for armv7 after r80969 + + Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this. + <https://bugs.webkit.org/show_bug.cgi?id=56270> + + * assembler/MacroAssemblerARMv7.h: + (JSC::MacroAssemblerARMv7::load32): Made void* address argument + const. + (JSC::MacroAssemblerARMv7::store32): Ditto. + +2011-03-13 Geoffrey Garen <ggaren@apple.com> + + Not reviewed. + + Try to fix the Mac build. + + * JavaScriptCore.xcodeproj/project.pbxproj: Make sure to forward + ConervativeSet.h, since it's now visible when compiling other projects. + +2011-03-13 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed another case of DeprecatedPtr (ConservativeSet) + https://bugs.webkit.org/show_bug.cgi?id=56281 + + The ConservativeSet is an internal data structure used during marking, + so direct pointers are fine. + + * runtime/ConservativeSet.cpp: + (JSC::ConservativeSet::grow): + * runtime/ConservativeSet.h: Added some accessors, for use by MarkStack::append. + (JSC::ConservativeSet::~ConservativeSet): Fixed a typo where we calculated + the size of the set based on sizeof(DeprecatedPtr<T>*) instead of + sizeof(DeprecatedPtr<T>). I'm not sure if this had real-world implications or not. + (JSC::ConservativeSet::size): + (JSC::ConservativeSet::set): Use direct pointers, as stated above. + + * runtime/Heap.cpp: + (JSC::Heap::markRoots): + * runtime/MarkStack.h: + (JSC::MarkStack::append): Created a special case of append for + ConservativeSet. I didn't want to add back a generic "append JSCell*" + function, since other class might start using that wrong. (In the end, + this function might go away, since the Heap will want to do something + slightly more interesting with the conservative set, but this is OK for + now.) + +2011-03-13 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed another case of DeprecatedPtr (PutPropertySlot) + https://bugs.webkit.org/show_bug.cgi?id=56278 + + * runtime/PutPropertySlot.h: + (JSC::PutPropertySlot::setExistingProperty): + (JSC::PutPropertySlot::setNewProperty): + (JSC::PutPropertySlot::base): Direct pointer is fine for PutPropertySlot, + since it's a stack-allocated temporary. + +2011-03-13 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Removed one case of DeprecatedPtr (ScopeChainIterator) + https://bugs.webkit.org/show_bug.cgi?id=56277 + + * runtime/ScopeChain.h: Direct pointer is fine for ScopeChainIterator, + since it's a stack-allocated temporary. + +2011-03-13 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 56273 - Add three operand forms to MacroAssember operations. + + Adding for X86(_64) for now, should be rolled out to other backends as necessary. + These may allow more efficient code generation in some cases, avoiding the need + for unnecessary register-register move instructions. + + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::Jump::link): + (JSC::AbstractMacroAssembler::Jump::linkTo): + - marked these methods const. + (JSC::AbstractMacroAssembler::Jump::isSet): + - add a method to check whether a Jump object has been set to + reference an instruction, or is in a null, unset state. + * assembler/MacroAssemblerCodeRef.h: + (JSC::FunctionPtr::FunctionPtr): + - add non-explicit constructor, for FunctionPtr's to C/C++ functions. + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::and32): + (JSC::MacroAssemblerX86Common::lshift32): + (JSC::MacroAssemblerX86Common::or32): + (JSC::MacroAssemblerX86Common::rshift32): + (JSC::MacroAssemblerX86Common::urshift32): + (JSC::MacroAssemblerX86Common::xor32): + (JSC::MacroAssemblerX86Common::moveDouble): + (JSC::MacroAssemblerX86Common::addDouble): + (JSC::MacroAssemblerX86Common::divDouble): + (JSC::MacroAssemblerX86Common::subDouble): + (JSC::MacroAssemblerX86Common::mulDouble): + (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32): + (JSC::MacroAssemblerX86Common::branchTest32): + (JSC::MacroAssemblerX86Common::branchTest8): + (JSC::MacroAssemblerX86Common::branchAdd32): + (JSC::MacroAssemblerX86Common::branchMul32): + (JSC::MacroAssemblerX86Common::branchSub32): + - add three operand forms of these instructions. + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::addDouble): + (JSC::MacroAssemblerX86_64::convertInt32ToDouble): + (JSC::MacroAssemblerX86_64::loadPtr): + (JSC::MacroAssemblerX86_64::branchTestPtr): + * assembler/X86Assembler.h: + (JSC::X86Assembler::JmpSrc::isSet): + - add a method to check whether a JmpSrc object has been set to + reference an instruction, or is in a null, unset state. + (JSC::X86Assembler::movsd_rr): + - added FP register-register move. + (JSC::X86Assembler::linkJump): + - Add an assert to check jumps aren't linked more than once. + * jit/JITInlineMethods.h: + (JSC::JIT::emitLoadInt32ToDouble): + - load integers to the FPU via regsiters on x86-64. + +2011-03-13 Gavin Barraclough <barraclough@apple.com> + + ARM build fix. + + * assembler/MacroAssemblerARM.h: + (JSC::MacroAssemblerARM::load32): + +2011-03-13 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this. + + The JIT need to 'friend' other classes in order to be able to calculate offsets + of various properties, or the absolute addresses of members within specific objects, + in order to JIT generate code that will access members within the class when run. + + Instead of using friends in these cases, switch to providing specific accessor + methods to provide this information. In the case of offsets, these can be static + functions, and in the case of pointers to members within a specific object these can + be const methods returning pointers to const values, to prevent clients from + modifying values otherwise encapsulated within classes. + + * bytecode/SamplingTool.h: + * interpreter/Register.h: + * interpreter/RegisterFile.h: + * runtime/JSArray.h: + * runtime/JSCell.h: + * runtime/JSTypeInfo.h: + * runtime/JSVariableObject.h: + * runtime/Structure.h: + * wtf/RefCounted.h: + - Change these classes to no longer friend the JIT, add accessors for member offsets. + * jit/JIT.cpp: + * jit/JITCall32_64.cpp: + * jit/JITInlineMethods.h: + * jit/JITOpcodes.cpp: + * jit/JITOpcodes32_64.cpp: + * jit/JITPropertyAccess.cpp: + * jit/JITPropertyAccess32_64.cpp: + - Change the JIT to use class accessors, rather than taking object ofsets directly. + * assembler/AbstractMacroAssembler.h: + * assembler/MacroAssemblerX86_64.h: + * assembler/X86Assembler.h: + - Since the accessors for objects members return const pointers to retain encapsulation, + methods generating code with absolute addresses must be able to handle const pointers + (the JIT doesn't write to these values, do dies treat the pointer to value as const + from within the C++ code of the JIT, if not at runtime!). + +2011-03-12 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r80919. + http://trac.webkit.org/changeset/80919 + https://bugs.webkit.org/show_bug.cgi?id=56251 + + all windows bots failed to compile this change (Requested by + loislo on #webkit). + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/StructureStubInfo.cpp: + * interpreter/Register.h: + (JSC::Register::withInt): + (JSC::Register::withCallee): + (JSC::Register::operator=): + (JSC::Register::i): + (JSC::Register::activation): + (JSC::Register::function): + (JSC::Register::propertyNameIterator): + (JSC::Register::scopeChain): + * jit/JIT.h: + * jit/JITCall.cpp: + (JSC::JIT::compileOpCallInitializeCallFrame): + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCallInitializeCallFrame): + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCall): + (JSC::JIT::compileOpCallSlowCase): + * jit/JITInlineMethods.h: + (JSC::JIT::emitPutToCallFrameHeader): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_next_pname): + (JSC::JIT::emit_op_load_varargs): + (JSC::JIT::emitSlow_op_load_varargs): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_next_pname): + * jit/JSInterfaceJIT.h: + (JSC::JSInterfaceJIT::payloadFor): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::returnJSValue): + (JSC::SpecializedThunkJIT::returnDouble): + (JSC::SpecializedThunkJIT::returnInt32): + (JSC::SpecializedThunkJIT::returnJSCell): + * runtime/ArgList.cpp: + * runtime/DateConversion.cpp: + * runtime/GCActivityCallbackCF.cpp: + * runtime/Identifier.cpp: + * runtime/JSActivation.h: + (JSC::asActivation): + * runtime/JSLock.cpp: + * runtime/JSNumberCell.cpp: + * runtime/JSObject.h: + * runtime/JSPropertyNameIterator.h: + * runtime/JSValue.h: + * runtime/JSZombie.cpp: + * runtime/MarkedBlock.cpp: + * runtime/MarkedSpace.cpp: + * runtime/PropertyNameArray.cpp: + * runtime/ScopeChain.h: + (JSC::ExecState::globalThisValue): + * wtf/DateMath.cpp: + +2011-03-11 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Ensure all values are correctly tagged in the registerfile + https://bugs.webkit.org/show_bug.cgi?id=56214 + + This patch makes sure that all JSCell pointers written to + the registerfile are correctly tagged as JSCells, and replaces + raw int usage with the immediate representation. + + For performance, register pressure, and general saneness reasons + I've added abstractions for reading and writing the tag + and payload of integer registers directly for the JSVALUE64 + encoding. + + * interpreter/Register.h: + (JSC::Register::withInt): + (JSC::Register::withCallee): + (JSC::Register::operator=): + (JSC::Register::i): + (JSC::Register::activation): + (JSC::Register::function): + (JSC::Register::propertyNameIterator): + (JSC::Register::scopeChain): + * jit/JIT.h: + * jit/JITCall.cpp: + (JSC::JIT::compileOpCallInitializeCallFrame): + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCallInitializeCallFrame): + (JSC::JIT::compileOpCallVarargs): + (JSC::JIT::compileOpCall): + (JSC::JIT::compileOpCallSlowCase): + * jit/JITInlineMethods.h: + (JSC::JIT::emitPutToCallFrameHeader): + (JSC::JIT::emitPutCellToCallFrameHeader): + (JSC::JIT::emitPutIntToCallFrameHeader): + * jit/JITOpcodes.cpp: + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_next_pname): + (JSC::JIT::emit_op_load_varargs): + (JSC::JIT::emitSlow_op_load_varargs): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_get_pnames): + (JSC::JIT::emit_op_next_pname): + * jit/JSInterfaceJIT.h: + (JSC::JSInterfaceJIT::intPayloadFor): + (JSC::JSInterfaceJIT::intTagFor): + * jit/SpecializedThunkJIT.h: + (JSC::SpecializedThunkJIT::returnJSValue): + (JSC::SpecializedThunkJIT::returnDouble): + (JSC::SpecializedThunkJIT::returnInt32): + (JSC::SpecializedThunkJIT::returnJSCell): + +2011-03-11 Dimitri Glazkov <dglazkov@chromium.org> + + Reviewed by Eric Seidel. + + Introduce project_dir variable and make paths a whole lot saner. Ok, a little bit saner. + https://bugs.webkit.org/show_bug.cgi?id=56231 + + * JavaScriptCore.gypi: Added project_dir variable. + * gyp/JavaScriptCore.gyp: Changed to use project_dir, rather than DEPTH/JavaScriptCore. + * gyp/generate-dtrace-header.sh: Changed to use project_dir. + +2011-03-11 Dimitri Glazkov <dglazkov@chromium.org> + + Reviewed by Adam Barth. + + Start using derived sources correctly and link minidom with JavaScriptCore gyp project. + https://bugs.webkit.org/show_bug.cgi?id=56217 + + * gyp/JavaScriptCore.gyp: Added derived source files and passing of shared directory + to the scripts. + * gyp/generate-derived-sources.sh: Changed to use passed directory. + * gyp/generate-dtrace-header.sh: Ditto. + +2011-03-11 Eric Carlson <eric.carlson@apple.com> + + Reviewed by Sam Weinig. + + <rdar://problem/8955589> Adopt AVFoundation media back end on Lion. + + No new tests, existing media tests cover this. + + * JavaScriptCore.exp: Export cancelCallOnMainThread + * wtf/Platform.h: Define WTF_USE_AVFOUNDATION. + +2011-03-11 Dimitri Glazkov <dglazkov@chromium.org> + + Reviewed by Adam Barth. + + Tweak dylib paths and add dtrace header generation action to JavaScriptCore gyp project. + https://bugs.webkit.org/show_bug.cgi?id=56207 + + * JavaScriptCore.gypi: Added Tracing.d to the sources. + * gyp/generate-dtrace-header.sh: Added. + * gyp/JavaScriptCore.gyp: Updated dylib paths (now the project can see them), + and added DTrace header generating step. + +2011-03-10 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Fix allocation of native function with a cached thunk + https://bugs.webkit.org/show_bug.cgi?id=56127 + + Fix this race condition found while fixing zombies. + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::clearWeakPointers): + * runtime/Heap.cpp: + (JSC::Heap::reset): + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::markChildren): + * runtime/JSValue.h: + (JSC::JSValue::decode): + * runtime/JSZombie.cpp: + (JSC::JSZombie::leakedZombieStructure): + * runtime/JSZombie.h: + (JSC::JSZombie::createStructure): + * runtime/MarkedBlock.cpp: + +2011-03-10 Luiz Agostini <luiz.agostini@openbossa.org> + + Reviewed by Andreas Kling. + + [Qt] fast/workers/stress-js-execution.html is crashing on Qt bot (intermittently) + https://bugs.webkit.org/show_bug.cgi?id=33008 + + Defining WTF_USE_PTHREAD_BASED_QT=1 for platforms where QThread uses pthread internally. + Symbian is excluded because pthread_kill does not work on it. Mac is excluded because + it has its own ways to do JSC threading. + + Defining WTF_USE_PTHREADS inside MachineStackMarker.cpp if USE(PTHREAD_BASED_QT) is true. + + * runtime/MachineStackMarker.cpp: + * wtf/Platform.h: + +2011-03-10 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + Bug 56077 - ES5 conformance issues with RegExp.prototype + + There are three issues causing test failures in sputnik. + + (1) lastIndex should be converted at the point it is used, not the point it is set (this is visible if valueOf is overridden). + (2) The 'length' property of the test/exec functions should be 1. + (3) If no input is specified, the input to test()/exec() is "undefined" (i.e. ToString(undefined)) - not RegExp.input. + + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::markChildren): + - Added to mark lastIndex + (JSC::regExpObjectLastIndex): + (JSC::setRegExpObjectLastIndex): + - lastIndex is now stored as a JSValue. + (JSC::RegExpObject::match): + - Use accessor methods to get/set lastIndex, add fast case for isUInt32 (don't convert to double). + * runtime/RegExpObject.h: + (JSC::RegExpObject::setLastIndex): + (JSC::RegExpObject::setLastIndex): + - Set lastIndex, either from a size_t or a JSValue. + (JSC::RegExpObject::getLastIndex): + - Get lastIndex. + (JSC::RegExpObject::RegExpObjectData::RegExpObjectData): + - Initialize as a JSValue. + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + - Add test/exec properties with length 1. + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + - Do not read RegExp.input if none is provided. + * tests/mozilla/js1_2/regexp/RegExp_input.js: + * tests/mozilla/js1_2/regexp/RegExp_input_as_array.js: + - Update these tests (they relied on non-ES5 behaviour). + +2011-03-10 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Rolled back in 80277 and 80280 with event handler layout test failures fixed. + https://bugs.webkit.org/show_bug.cgi?id=55653 + + The failures were caused by a last minute typo: assigning to currentEvent + instead of m_currentEvent. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecompiler/BytecodeGenerator.cpp: + * jit/JITOpcodes.cpp: + * jit/JITOpcodes32_64.cpp: + * runtime/Arguments.h: + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSCell.h: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: + * runtime/JSVariableObject.h: + * runtime/MarkedSpace.cpp: + * runtime/MarkedSpace.h: + +2011-03-09 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + jquery/manipulation.html fails after r80598 + https://bugs.webkit.org/show_bug.cgi?id=56019 + + When linking a call, codeblock now takes ownership of the linked function + This removes the need for unlinking, and thus the incorrectness that was + showing up in these tests. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::~CodeBlock): + (JSC::CodeBlock::markAggregate): + * bytecode/CodeBlock.h: + (JSC::CallLinkInfo::CallLinkInfo): + (JSC::CallLinkInfo::setUnlinked): + (JSC::CodeBlock::addCaller): + * jit/JIT.cpp: + (JSC::JIT::privateCompile): + (JSC::JIT::linkCall): + (JSC::JIT::linkConstruct): + * jit/JIT.h: + * runtime/Executable.cpp: + * runtime/Executable.h: + +2011-03-09 Daniel Bates <dbates@rim.com> + + Attempt to fix the WinCE build after changeset 80684 <http://trac.webkit.org/changeset/80684> + (Bug #56041<https://bugs.webkit.org/show_bug.cgi?id=56041>). + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): Substitute variable callFrame for exec in call to createSyntaxError(). + +2011-03-09 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 56041 - RexExp constructor should only accept flags "gim" + Fix for issues introduced in r80667. + + Invalid flags to a RegExp literal are a late syntax error! + + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addRegExp): + - Pass a PassRefPtr<RegExp> + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::addRegExp): + (JSC::BytecodeGenerator::emitNewRegExp): + * bytecompiler/BytecodeGenerator.h: + - Pass a PassRefPtr<RegExp> + * bytecompiler/NodesCodegen.cpp: + (JSC::RegExpNode::emitBytecode): + - Should not be ASSERTing that the flags are valid - this is a late(er) error. + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + - Need to check for error from RegExp constructor. + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + - Need to check for error from RegExp constructor. + * runtime/RegExp.h: + (JSC::RegExp::isValid): + - Make isValid check that the regexp was created with valid flags. + * runtime/RegExpKey.h: + - Since we'll not create RegExp objects with invalid flags, separate out the deleted value. + +2011-03-09 Gavin Barraclough <barraclough@apple.com> + + Windows build fix part 2. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-03-09 Gavin Barraclough <barraclough@apple.com> + + Windows build fix part 1. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-03-09 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Darin Adler. + + Bug 56041 - RexExp constructor should only accept flags "gim" + We also should be passing the flags around as a bitfield rather than a string, + and should not have redundant, incompatible code for converting the string to a bitfield! + + * JavaScriptCore.exp: + * bytecompiler/NodesCodegen.cpp: + (JSC::RegExpNode::emitBytecode): + - Need to parse flags string to enum. + * runtime/RegExp.cpp: + (JSC::regExpFlags): + (JSC::RegExp::RegExp): + (JSC::RegExp::create): + - Add method to parse flags string to enum, change constructor/create args to take enum. + * runtime/RegExp.h: + (JSC::RegExp::global): + (JSC::RegExp::ignoreCase): + (JSC::RegExp::multiline): + - Change to use new enum values. + * runtime/RegExpCache.cpp: + (JSC::RegExpCache::lookupOrCreate): + (JSC::RegExpCache::create): + * runtime/RegExpCache.h: + - Changed to use regExpFlags enum instead of int/const UString&. + * runtime/RegExpConstructor.cpp: + (JSC::constructRegExp): + - Add use new enum parsing, check for error. + * runtime/RegExpKey.h: + (JSC::RegExpKey::RegExpKey): + * runtime/RegExpPrototype.cpp: + (JSC::RegExpPrototype::RegExpPrototype): + - Pass NoFlags value instead of empty string. + (JSC::regExpProtoFuncCompile): + - Add use new enum parsing, check for error. + * runtime/StringPrototype.cpp: + (JSC::stringProtoFuncMatch): + (JSC::stringProtoFuncSearch): + - Pass NoFlags value instead of empty string. + +2011-03-08 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig + + Bug 55994 - Functions on Array.prototype should check length first. + These methods are designed to work on generic objects too, and if 'length' + is a getter that throws an exception, ensure this is correctly thrown + (even if other exceptions would be thrown, too). + + Make the length check the first thing we do. + This change shows a progression on SunSpider on my machine, but this is likely bogus. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncToString): + (JSC::arrayProtoFuncToLocaleString): + (JSC::arrayProtoFuncJoin): + (JSC::arrayProtoFuncPop): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + (JSC::arrayProtoFuncIndexOf): + (JSC::arrayProtoFuncLastIndexOf): + +2011-03-07 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Make CodeBlock GC write barrier safe + https://bugs.webkit.org/show_bug.cgi?id=55910 + + In order to make CodeBlock WriteBarrier safe it was necessary + to make it have a single GC owner, and for that reason I have + made ExecutableBase a GC allocated object. This required + updating their creation routines as well as all sites that hold + a reference to them. GC objects that held Executable's have been + converted to WriteBarriers, and all other sites now use Global<>. + + As an added benefit this gets rid of JSGlobalData's list of + GlobalCodeBlocks. + + Perf testing shows a 0.5% progression on v8, vs. a 0.3% regression + on SunSpider. Given none of the tests that show regressions + demonstrate a regression on their own, and sampling shows up nothing. + I suspect we're just getting one or two additional gc passes at + the end of the run. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + (JSC::CodeBlock::CodeBlock): + (JSC::EvalCodeCache::markAggregate): + (JSC::CodeBlock::markAggregate): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::ownerExecutable): + (JSC::CodeBlock::addConstant): + (JSC::CodeBlock::constantRegister): + (JSC::CodeBlock::getConstant): + (JSC::CodeBlock::addFunctionDecl): + (JSC::CodeBlock::addFunctionExpr): + (JSC::GlobalCodeBlock::GlobalCodeBlock): + (JSC::ExecState::r): + * bytecode/EvalCodeCache.h: + (JSC::EvalCodeCache::get): + * bytecode/SamplingTool.h: + (JSC::ScriptSampleRecord::ScriptSampleRecord): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::addConstantValue): + (JSC::BytecodeGenerator::emitEqualityOp): + * bytecompiler/BytecodeGenerator.h: + (JSC::BytecodeGenerator::makeFunction): + * debugger/Debugger.cpp: + (JSC::evaluateInGlobalCallFrame): + * debugger/DebuggerCallFrame.cpp: + (JSC::DebuggerCallFrame::evaluate): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::callEval): + * jit/JITInlineMethods.h: + (JSC::JIT::emitLoadDouble): + (JSC::JIT::emitLoadInt32ToDouble): + * jit/JITStubs.cpp: + (JSC::JITThunks::JITThunks): + (JSC::JITThunks::hostFunctionStub): + (JSC::JITThunks::clearHostFunctionStubs): + * jit/JITStubs.h: + * runtime/Completion.cpp: + (JSC::checkSyntax): + (JSC::evaluate): + * runtime/Executable.cpp: + (JSC::EvalExecutable::EvalExecutable): + (JSC::ProgramExecutable::ProgramExecutable): + (JSC::FunctionExecutable::FunctionExecutable): + (JSC::FunctionExecutable::~FunctionExecutable): + (JSC::EvalExecutable::markChildren): + (JSC::ProgramExecutable::markChildren): + (JSC::FunctionExecutable::markChildren): + (JSC::FunctionExecutable::fromGlobalCode): + * runtime/Executable.h: + (JSC::ExecutableBase::ExecutableBase): + (JSC::ExecutableBase::createStructure): + (JSC::NativeExecutable::create): + (JSC::NativeExecutable::NativeExecutable): + (JSC::VPtrHackExecutable::VPtrHackExecutable): + (JSC::ScriptExecutable::ScriptExecutable): + (JSC::EvalExecutable::create): + (JSC::EvalExecutable::createStructure): + (JSC::ProgramExecutable::create): + (JSC::ProgramExecutable::createStructure): + (JSC::FunctionExecutable::create): + (JSC::FunctionExecutable::createStructure): + * runtime/FunctionConstructor.cpp: + (JSC::constructFunction): + * runtime/Heap.cpp: + (JSC::Heap::destroy): + (JSC::Heap::markRoots): + * runtime/Heap.h: + * runtime/JSActivation.cpp: + (JSC::JSActivation::JSActivation): + (JSC::JSActivation::markChildren): + * runtime/JSActivation.h: + (JSC::JSActivation::JSActivationData::JSActivationData): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::~JSFunction): + (JSC::JSFunction::markChildren): + * runtime/JSFunction.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::storeVPtrs): + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::getHostFunction): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncEval): + * runtime/JSObject.cpp: + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::markChildren): + * runtime/JSStaticScopeObject.h: + (JSC::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData): + (JSC::JSStaticScopeObject::JSStaticScopeObject): + * runtime/JSZombie.cpp: + (JSC::JSZombie::leakedZombieStructure): + * runtime/JSZombie.h: + (JSC::JSZombie::createStructure): + * runtime/MarkedSpace.h: + +2011-03-07 Andy Estes <aestes@apple.com> + + Reviewed by Dan Bernstein. + + REGRESSION (r79060): Timestamp is missing from tweets in twitter. + https://bugs.webkit.org/show_bug.cgi?id=55228 + + A change to the date parser to handle the case where the year is + specified before the time zone inadvertently started accepting strings + such as '+0000' as valid years. Those strings actually represent time + zones in an offset of hours and minutes from UTC, not years. + + * wtf/DateMath.cpp: + (WTF::parseDateFromNullTerminatedCharacters): If the current character + in dateString is '+' or '-', do not try to parse the next token as a + year. + +2011-03-06 Yuta Kitamura <yutak@chromium.org> + + Reviewed by Kent Tamura. + + Add SHA-1 for new WebSocket protocol + https://bugs.webkit.org/show_bug.cgi?id=55039 + + The code is based on Chromium's portable SHA-1 implementation + (src/base/sha1_portable.cc). Modifications were made in order + to make the code comply with WebKit coding style. + + * GNUmakefile.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * wtf/CMakeLists.txt: + * wtf/MD5.cpp: + (WTF::MD5::MD5): + * wtf/SHA1.cpp: Added. + (WTF::testSHA1): This function will be run the first time SHA1 + constructor is called. This function computes a few hash values + and checks the results in debug builds. However, constructor is + probably not a good place to run these tests, so we need to find + a good place for it (bug 55853). + (WTF::expectSHA1): + (WTF::f): + (WTF::k): + (WTF::rotateLeft): + (WTF::SHA1::SHA1): + (WTF::SHA1::addBytes): + (WTF::SHA1::computeHash): + (WTF::SHA1::finalize): + (WTF::SHA1::processBlock): + (WTF::SHA1::reset): + * wtf/SHA1.h: Added. + (WTF::SHA1::addBytes): + * wtf/wtf.pri: + +2011-03-05 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Add Derived Sources to WebCore GYP build + https://bugs.webkit.org/show_bug.cgi?id=55813 + + Rename the action to be friendlier. + + * gyp/JavaScriptCore.gyp: + +2011-03-04 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com> + + Reviewed by Laszlo Gombos. + + [Qt] Need symbian version of cryptographicallyRandomValuesFromOS + https://bugs.webkit.org/show_bug.cgi?id=55782 + + Implement Symbian version of cryptographicallyRandomValuesFromOS + + * wtf/OSRandomSource.cpp: + (WTF::cryptographicallyRandomValuesFromOS): + +2011-03-04 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Cameron Zwarich. + + Bug 55815 - Should throw an exception from JSObject::defineOwnProperty if !isExtensible(). + + * runtime/JSObject.cpp: + (JSC::JSObject::defineOwnProperty): + Add missing check. + +2011-03-04 Gavin Barraclough <barraclough@apple.com> + + Rubber stamped by olliej. + + Bug 54945 - The web page hangs towards the end of page load in Interpreter enabled javascript code in the latest webkit trunk. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::privateExecute): + (1) don't infinite loop. + (2) goto 1. + +2011-03-04 Gavin Barraclough <barraclough@apple.com> + + cmake build fix. + + * CMakeLists.txt: + +2011-03-04 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Add Copy Files step to JavaScriptCore GYP build for apitest and minidom + https://bugs.webkit.org/show_bug.cgi?id=55798 + + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + +2011-03-04 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Remove unneeded round-trips through ../Source in the Chromium GYP build + https://bugs.webkit.org/show_bug.cgi?id=55795 + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-03-04 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Use target_defaults to reduce boilerplate in GYP build system + https://bugs.webkit.org/show_bug.cgi?id=55790 + + Instead of setting up the configuration in each target, just defer to + target_defaults. Also, removed a define that was redundant with the + xcconfig. + + * gyp/JavaScriptCore.gyp: + +2011-03-03 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 55736 - Implement seal/freeze/preventExtensions for normal object types. + Provide basic functionallity from section 15.2.4 of ECMA-262. + This support will need expanding to cover arrays, too. + + Shows a 0.5% progression on SunSpidey, this seems to be due to changing + ObjectConstructor to use a static table. + + * DerivedSources.make: + * JavaScriptCore.exp: + * interpreter/CallFrame.h: + (JSC::ExecState::objectConstructorTable): + Add a static table for ObjectConstructor. + * runtime/CommonIdentifiers.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + (JSC::JSGlobalData::~JSGlobalData): + Add a static table for ObjectConstructor. + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + Add a static table for ObjectConstructor. + * runtime/JSObject.cpp: + (JSC::JSObject::seal): + (JSC::JSObject::freeze): + (JSC::JSObject::preventExtensions): + Transition the object's structure. + (JSC::JSObject::defineOwnProperty): + Check isExtensible. + * runtime/JSObject.h: + (JSC::JSObject::isSealed): + (JSC::JSObject::isFrozen): + (JSC::JSObject::isExtensible): + These wrap method on structure. + (JSC::JSObject::putDirectInternal): + Check isExtensible. + * runtime/ObjectConstructor.cpp: + (JSC::ObjectConstructor::ObjectConstructor): + (JSC::ObjectConstructor::getOwnPropertySlot): + (JSC::ObjectConstructor::getOwnPropertyDescriptor): + Change ObjectConstructor to use a static table. + (JSC::objectConstructorSeal): + (JSC::objectConstructorFreeze): + (JSC::objectConstructorPreventExtensions): + (JSC::objectConstructorIsSealed): + (JSC::objectConstructorIsFrozen): + (JSC::objectConstructorIsExtensible): + Add new methods on Object. + * runtime/ObjectConstructor.h: + (JSC::ObjectConstructor::createStructure): + * runtime/Structure.cpp: + (JSC::Structure::Structure): + init/propagate m_preventExtensions + (JSC::Structure::sealTransition): + (JSC::Structure::freezeTransition): + (JSC::Structure::preventExtensionsTransition): + transition the structure, materializing the property map, setting m_preventExtensions & changing attributes. + (JSC::Structure::isSealed): + (JSC::Structure::isFrozen): + check attributes to detect if object is sealed/frozen. + * runtime/Structure.h: + (JSC::Structure::isExtensible): + checks the m_preventExtensions flag. + +2011-03-04 Steve Falkenburg <sfalken@apple.com> + + Reviewed by Jon Honeycutt. + + Adopt VersionStamper tool for Windows WebKit DLLs + https://bugs.webkit.org/show_bug.cgi?id=55784 + <rdar://problem/9021273> + + We now use a tool to stamp the version number onto the Apple WebKit DLLs + during the post-build step. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Removed. + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: + +2011-03-04 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + JavaScriptCore GYP build should use a header map + https://bugs.webkit.org/show_bug.cgi?id=55712 + + This patch moves the os-win32 files into their own variable so that we + can use a header map in the Apple Mac Xcode build. The problem is that + the header map searches the whole project rather than just the files + included in a given target. Another solution to this problem is to + make GYP smarter about filtering out what files are added to the + project file. + + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + +2011-03-03 Ryosuke Niwa <rniwa@webkit.org> + + Reviewed by Darin Adler. + + Remove LOOSE_PASS_OWN_ARRAY_PTR from PassOwnArrayPtr.h + https://bugs.webkit.org/show_bug.cgi?id=55554 + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::copyGlobalsTo): Pass nullptr instead of 0. + (JSC::JSGlobalObject::resizeRegisters): Ditto; also use OwnArrayPtr instead of a raw pointer. + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::addStaticGlobals): Ditto. + * wtf/PassOwnArrayPtr.h: Removed #define LOOSE_PASS_OWN_ARRAY_PTR + (WTF::PassOwnArrayPtr::PassOwnArrayPtr): Added a constructor that takes nullptr_t. + +2011-03-03 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Add jsc to JavaScriptCore GYP build + https://bugs.webkit.org/show_bug.cgi?id=55711 + + * JavaScriptCore.gypi: + - Move jsc.cpp into jsc_files because it's really part of the jsc + target. + * JavaScriptCore.xcodeproj/project.pbxproj: + - Remove extraneous files from the normal jsc build. I probably + added these by mistake at some point. + * gyp/JavaScriptCore.gyp: + - Add the jsc target to the GYP file. + +2011-03-03 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Add testapi to JavaScriptCore GYP build + https://bugs.webkit.org/show_bug.cgi?id=55707 + + The new testapi target is slightly incomplete. There's a resource + copying step that we don't quite have yet. + + This patch also cleans up some of the configuration issues in + JavaScriptCore.xcodeproj. It seems kind of wordy to repeat these for + each target. I suspect there's a more compact way of defining the + configurations, but this removes the "Default" configuration, which is + progress. + + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + +2011-03-03 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Teach JavaScriptCore GYP build about private headers + https://bugs.webkit.org/show_bug.cgi?id=55532 + + This patch distinguishes between public and private framework headers + so that public headers are copied into the Headers directory and + private headers are copied into the PrivateHeaders directory. + + * gyp/JavaScriptCore.gyp: + +2011-03-03 Geoffrey Garen <ggaren@apple.com> + + Rolled out 80277 and 80280 because they caused event handler layout test + failures. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecompiler/BytecodeGenerator.cpp: + * jit/JITOpcodes.cpp: + * jit/JITOpcodes32_64.cpp: + * runtime/Arguments.h: + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSCell.h: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: + * runtime/JSVariableObject.h: + * runtime/MarkedSpace.cpp: + * runtime/MarkedSpace.h: + +2011-03-03 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Build fix. Alter order of headers included to make sure windows.h + is configured by wx, and skip Posix implementation file we don't use on Win. + + * wscript: + * wtf/wx/StringWx.cpp: + +2011-03-03 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + JSVariableObject needs to use WriteBarrier for symboltable property storage + https://bugs.webkit.org/show_bug.cgi?id=55698 + + Replace the direct usage of Register in JSVariableObject (and descendents) + with WriteBarrier. This requires updating the Arguments object to use + WriteBarrier as well. + + * interpreter/Interpreter.cpp: + (JSC::Interpreter::unwindCallFrame): + (JSC::Interpreter::privateExecute): + (JSC::Interpreter::retrieveArguments): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/ArgList.h: + (JSC::MarkedArgumentBuffer::initialize): + * runtime/Arguments.cpp: + (JSC::Arguments::markChildren): + (JSC::Arguments::copyToRegisters): + (JSC::Arguments::fillArgList): + (JSC::Arguments::getOwnPropertySlot): + (JSC::Arguments::getOwnPropertyDescriptor): + (JSC::Arguments::put): + * runtime/Arguments.h: + (JSC::Arguments::setActivation): + (JSC::Arguments::Arguments): + (JSC::Arguments::copyRegisters): + (JSC::JSActivation::copyRegisters): + * runtime/JSActivation.cpp: + (JSC::JSActivation::markChildren): + (JSC::JSActivation::symbolTableGet): + (JSC::JSActivation::symbolTablePut): + (JSC::JSActivation::symbolTablePutWithAttributes): + (JSC::JSActivation::put): + (JSC::JSActivation::putWithAttributes): + (JSC::JSActivation::argumentsGetter): + * runtime/JSActivation.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::put): + (JSC::JSGlobalObject::putWithAttributes): + (JSC::JSGlobalObject::markChildren): + (JSC::JSGlobalObject::copyGlobalsFrom): + (JSC::JSGlobalObject::copyGlobalsTo): + (JSC::JSGlobalObject::resizeRegisters): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::setRegisters): + (JSC::JSGlobalObject::addStaticGlobals): + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::put): + (JSC::JSStaticScopeObject::putWithAttributes): + * runtime/JSVariableObject.cpp: + (JSC::JSVariableObject::symbolTableGet): + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::registerAt): + (JSC::JSVariableObject::JSVariableObjectData::JSVariableObjectData): + (JSC::JSVariableObject::symbolTableGet): + (JSC::JSVariableObject::symbolTablePut): + (JSC::JSVariableObject::symbolTablePutWithAttributes): + (JSC::JSVariableObject::copyRegisterArray): + (JSC::JSVariableObject::setRegisters): + +2011-03-03 Geoffrey Garen <ggaren@apple.com> + + Try to fix Windows build. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed obsolete symbol. + + * runtime/JSStaticScopeObject.cpp: + (JSC::JSStaticScopeObject::getOwnPropertySlot): Don't mark this function + inline -- it's virtual. + +2011-03-02 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + Moved all variable object storage inline -- upping the object size limit to 1K + https://bugs.webkit.org/show_bug.cgi?id=55653 + + * JavaScriptCore.exp: + * bytecompiler/BytecodeGenerator.cpp: + * jit/JITOpcodes.cpp: + * runtime/Arguments.h: + * runtime/JSActivation.h: Removed out-of-line storage. Changed d-> to m_. + + * runtime/JSCell.h: + (JSC::JSCell::MarkedSpace::sizeClassFor): Added an imprecise size class + to accomodate objects up to 1K. + + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: Removed out-of-line storage. Changed d-> to m_. + + * runtime/JSObject.cpp: Don't ASSERT that JSFinalObject fills the maximum + object size, since it doesn't anymore. + + * runtime/JSStaticScopeObject.cpp: + * runtime/JSStaticScopeObject.h: + * runtime/JSVariableObject.h: Removed out-of-line storage. Changed d-> to m_. + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::reset): + * runtime/MarkedSpace.h: Added an imprecise size class to accomodate objects up to 1K. + +2011-03-03 Timothy Hatcher <timothy@apple.com> + + Make APIShims usable from WebCore. + + Reviewed by Oliver Hunt. + + * ForwardingHeaders/JavaScriptCore/APIShims.h: Added. + * GNUmakefile.am: + * JavaScriptCore.exp: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-03-03 Peter Varga <pvarga@webkit.org> + + Reviewed by Oliver Hunt. + + Begin Characters Optimization Causes YARR Interpreter Errors + https://bugs.webkit.org/show_bug.cgi?id=55479 + + The addBeginTerm function is removed because it doesn't correctly handle those + cases when an "invalid" term has been + collected (e.g. CharacterClass). Move the removed function to the + setupAlternativeBeginTerms method's switch-case + where the non-allowed cases are correctly handled. + + Reenable the Beginning Character Optimization in the YARR Interpreter again. + + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms): + (JSC::Yarr::YarrPattern::compile): + +2011-03-02 Jessie Berlin <jberlin@apple.com> + + Reviewed by Adam Roben. + + WebKit2: Use CFNetwork Sessions API. + https://bugs.webkit.org/show_bug.cgi?id=55435 + + Add the ability to create a Private Browsing storage session. + + * wtf/Platform.h: + Add a new #define for using CF Storage Sessions. + +2011-03-02 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Remove "register slot" concept from PropertySlot + https://bugs.webkit.org/show_bug.cgi?id=55621 + + PropertySlot had already stopped storing Register "slots" + so this patch is simply removing that api entirely. + This exposed a problem in the ProgramNode constructor for + BytecodeGenerator where it reads from the registerfile + before it has initialised it. + + This bug wasn't a problem before as we were merely testing + for property existence rather than the actual value, and + used to work because setRegisterSlot didn't check that the + provided slot contained an initialised value. + + To get around this issue we now use symbolTableHasProperty + to do the symbol table check without trying to read the + RegisterFile. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertySlot): + * runtime/JSActivation.cpp: + (JSC::JSActivation::symbolTableGet): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::symbolTableHasProperty): + * runtime/JSVariableObject.h: + (JSC::JSVariableObject::symbolTableGet): + * runtime/PropertySlot.h: + +2011-03-02 Daniel Cheng <dcheng@chromium.org> + + Reviewed by David Levin. + + Add feature define for data transfer items + https://bugs.webkit.org/show_bug.cgi?id=55510 + + * Configurations/FeatureDefines.xcconfig: + * wtf/Platform.h: + +2011-03-02 Adam Roben <aroben@apple.com> + + Delete old .res files whenever any .vsprops file changes + + Prospective fix for <http://webkit.org/b/55599> r80079 caused incremental Windows builds to + fail + + Reviewed by Tony Chang. + + * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: + (main): Restructured code to loop over a set of file extensions, deleting any old files that + have that extension. Now deletes .res files, too. (We previously deleted any file matching + *.manifest*, but that turned out to just be the union of *.manifest and *.res.) + +2011-03-02 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Teach JavaScriptCore GYP build how to build minidom + https://bugs.webkit.org/show_bug.cgi?id=55536 + + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + +2011-03-01 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + JavaScriptCore GYP build should copy some headers into the target framework + https://bugs.webkit.org/show_bug.cgi?id=55524 + + After this patch, all the framework headers are exported as public + headers. We need to teach GYP how to handle private headers. + + I struggled to determine how to store the information about whether a + header was public, private, or project (i.e., not exported). + Generally, the GYPI should just list the files, but it seemed siliy to + have an almost duplicated list of files in the GYP file itself. If + this design doesn't scale, we might have to revisit it in the future. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + * gyp/JavaScriptCore.gyp: + +2011-03-01 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r80079. + http://trac.webkit.org/changeset/80079 + https://bugs.webkit.org/show_bug.cgi?id=55547 + + "Broke the Win debug build?" (Requested by dcheng on #webkit). + + * wtf/Platform.h: + +2011-03-01 Daniel Cheng <dcheng@chromium.org> + + Reviewed by David Levin. + + Add feature define for data transfer items + https://bugs.webkit.org/show_bug.cgi?id=55510 + + * wtf/Platform.h: + +2011-03-01 Oliver Hunt <oliver@apple.com> + + Reviewed by Joseph Pecoraro. + + Misaligned memory access in CloneDeserializer on all ARM arch. + https://bugs.webkit.org/show_bug.cgi?id=48742 + + Add a CPU class for architectures that need aligned addresses + for memory access. + + * wtf/Platform.h: + +2011-03-01 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Add pre- and post-build actions for JavaScriptCore GYP build + https://bugs.webkit.org/show_bug.cgi?id=55507 + + After this patch, we have all the steps for building the main + JavaScriptCore framework except the "copy headers" step, which I'll do + next. + + * gyp/JavaScriptCore.gyp: + +2011-03-01 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Rolled back in r79627 now that the underlying cause for it crashing is fixed. + https://bugs.webkit.org/show_bug.cgi?id=55159 + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/Heap.cpp: + (JSC::Heap::allocateSlowCase): + * runtime/Heap.h: + * runtime/JSCell.h: + (JSC::JSCell::MarkedSpace::sizeClassFor): + (JSC::JSCell::Heap::allocate): + (JSC::JSCell::JSCell::operator new): + * runtime/MarkedBlock.h: + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::allocateBlock): + (JSC::MarkedSpace::reset): + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::SizeClass::SizeClass): + +2011-03-01 Mark Rowe <mrowe@apple.com> + + Reviewed by Sam Weinig. + + Replace two script phases that do nothing but copy files with copy files build phases. + + This speeds up the build by a few seconds on high-end Mac Pros. + + * JavaScriptCore.xcodeproj/project.pbxproj: + +2011-03-01 David Kilzer <ddkilzer@apple.com> + + Spring cleaning! + + Rubber-stamped by Mark Rowe. + + * JavaScriptCore.xcodeproj/project.pbxproj: + (Copy Into Framework): Remove "set -x" and its comment. + +2011-03-01 Michael Saboff <msaboff@apple.com> + + Reviewed by Darin Adler. + + TinyMCE not working in nightlies + https://bugs.webkit.org/show_bug.cgi?id=54978 + + Disabling setupBeginChars() to temporarily work arround the test + failure. Filed https://bugs.webkit.org/show_bug.cgi?id=55479 + to track fixing the issue. + + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPattern::compile): + +2011-02-23 Joseph Pecoraro <joepeck@webkit.org> + + Reviewed by Kenneth Rohde Christiansen. + + Viewport parsing no longer accepts "1.0;" value as valid. + https://bugs.webkit.org/show_bug.cgi?id=53705 + + Include a didReadNumber parameter to String -> float / double + conversion functions. This way, if the "ok" boolean out + parameter is false, you can check to see if there in fact + was a valid number parsed with garbage at the end. Examples + of that would be parsing "123x456" would have ok = false, + but didReadNumber = true. + + * JavaScriptCore.exp: + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::toDouble): + (WTF::StringImpl::toFloat): + * wtf/text/StringImpl.h: + * wtf/text/WTFString.cpp: + (WTF::String::toDouble): + (WTF::String::toFloat): + (WTF::charactersToDouble): + (WTF::charactersToFloat): + * wtf/text/WTFString.h: + +2011-02-28 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Gavin Barraclough. + + Past-the-end writes in VM exceptions (caused crashes in r79627) + https://bugs.webkit.org/show_bug.cgi?id=55448 + + Some exceptions had the wrong structures, so they misoverestimated their + inline storage sizes. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): Use the right structure. + + * runtime/JSObject.h: + (JSC::JSNonFinalObject::JSNonFinalObject): + (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity + is correct to verify this doesn't happen again. + +2011-03-01 Andras Becsi <abecsi@webkit.org> + + Reviewed by Csaba Osztrogonác. + + [Qt] Clean up the project files and move common options to WebKit.pri. + + * JavaScriptCore.pri: Move options also needed in WebCore into WebKit.pri. + * JavaScriptCore.pro: Deduplicate options. + * jsc.pro: Ditto. + +2011-03-01 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Teach JavaScriptCore GYP build about DEPTH + https://bugs.webkit.org/show_bug.cgi?id=55425 + + In addition to teaching the JavaScriptCore GYP build about DEPTH, this + change overrides the GCC warning configuration to disable a warning + that's causing probems in Assertions.cpp. With that warning disabled, + JavaScriptCore builds again. + + * gyp/JavaScriptCore.gyp: + +2011-02-28 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-02-28 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r79948. + http://trac.webkit.org/changeset/79948 + https://bugs.webkit.org/show_bug.cgi?id=55439 + + "caused crashes on the SL release bot" (Requested by ggaren on + #webkit). + + * runtime/JSGlobalData.h: + * runtime/WriteBarrier.h: + +2011-02-28 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-02-28 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig & Darin Adler. + + Bug 55423 - Clean up property tables in Structure + + Encapsulate, reduce duplication of table search code, + and reduce the size of the tables (remove the index, + just maintain the tables in the correct order). + + Shows a 0.5% - 1% progression on sunspider. + + * JavaScriptCore.exp: + * runtime/PropertyMapHashTable.h: + (JSC::isPowerOf2): + (JSC::nextPowerOf2): + bit ops used to calculate table size. + (JSC::PropertyMapEntry::PropertyMapEntry): + (JSC::PropertyTable::ordered_iterator::operator++): + (JSC::PropertyTable::ordered_iterator::operator==): + (JSC::PropertyTable::ordered_iterator::operator!=): + (JSC::PropertyTable::ordered_iterator::operator*): + (JSC::PropertyTable::ordered_iterator::operator->): + (JSC::PropertyTable::ordered_iterator::ordered_iterator): + implementation of the iterator types + (JSC::PropertyTable::PropertyTable): + (JSC::PropertyTable::~PropertyTable): + constructors take an initial capacity for the table, + a table to copy, or both. + (JSC::PropertyTable::begin): + (JSC::PropertyTable::end): + create in-order iterators. + (JSC::PropertyTable::find): + search the hash table + (JSC::PropertyTable::add): + add a value to the hash table + (JSC::PropertyTable::remove): + remove a value from the hash table + (JSC::PropertyTable::size): + (JSC::PropertyTable::isEmpty): + accessors. + (JSC::PropertyTable::propertyStorageSize): + (JSC::PropertyTable::clearDeletedOffsets): + (JSC::PropertyTable::hasDeletedOffset): + (JSC::PropertyTable::getDeletedOffset): + (JSC::PropertyTable::addDeletedOffset): + cache deleted (available) offsets in the property storage array. + (JSC::PropertyTable::copy): + take a copy of the PropertyTable, potentially expanding the capacity. + (JSC::PropertyTable::sizeInMemory): + used for DEBUG build statistics + (JSC::PropertyTable::reinsert): + (JSC::PropertyTable::rehash): + (JSC::PropertyTable::tableCapacity): + (JSC::PropertyTable::deletedEntryIndex): + (JSC::PropertyTable::skipDeletedEntries): + (JSC::PropertyTable::table): + (JSC::PropertyTable::usedCount): + (JSC::PropertyTable::dataSize): + (JSC::PropertyTable::sizeForCapacity): + (JSC::PropertyTable::canInsert): + these methods provide internal implementation. + * runtime/Structure.cpp: + (JSC::Structure::dumpStatistics): + (JSC::Structure::~Structure): + (JSC::Structure::materializePropertyMap): + (JSC::Structure::despecifyDictionaryFunction): + (JSC::Structure::addPropertyTransition): + (JSC::Structure::flattenDictionaryStructure): + (JSC::Structure::copyPropertyTable): + (JSC::Structure::get): + (JSC::Structure::despecifyFunction): + (JSC::Structure::despecifyAllFunctions): + (JSC::Structure::put): + (JSC::Structure::remove): + (JSC::Structure::createPropertyMap): + (JSC::Structure::getPropertyNames): + (JSC::PropertyTable::checkConsistency): + (JSC::Structure::checkConsistency): + factored out code to PropertyMapHashTable.h + * runtime/Structure.h: + (JSC::Structure::propertyStorageSize): + (JSC::Structure::isEmpty): + (JSC::Structure::get): + factored out code to PropertyMapHashTable.h + +2011-02-28 Xan Lopez <xlopez@igalia.com> + + Another fix build :( + + Fix typo. + + * runtime/MachineStackMarker.cpp: + (JSC::freePlatformThreadRegisters): + +2011-02-28 Xan Lopez <xlopez@igalia.com> + + Unreviewed build fix for Snow Leopard. + + * runtime/MachineStackMarker.cpp: + (JSC::freePlatformThreadRegisters): + +2011-02-28 Alejandro G. Castro <alex@igalia.com> + + Unreviewed, fix SnowLeopard compilation after r79952. + + * runtime/MachineStackMarker.cpp: + (JSC::freePlatformThreadRegisters): + +2011-02-28 Mark Rowe <mrowe@apple.com> + + Reviewed by Darin Adler. + + <http://webkit.org/b/55430> OwnArrayPtr.h's LOOSE_OWN_ARRAY_PTR results in link errors. + + * wtf/OwnArrayPtr.h: + (WTF::::set): Implement OwnArrayPtr::set. + +2011-02-28 Martin Zoubek <martin.zoubek@acision.com> and Alejandro G. Castro <alex@igalia.com> + + Reviewed by Martin Robinson. + + Multithread support for JSC on UNIX + https://bugs.webkit.org/show_bug.cgi?id=26838 + + Implement suspendThread() and resumeThread() for systems with + pthread.h using thread signal handler. + + * runtime/MachineStackMarker.cpp: + (JSC::pthreadSignalHandlerSuspendResume): + (JSC::MachineStackMarker::Thread::Thread): + (JSC::getCurrentPlatformThread): + (JSC::suspendThread): + (JSC::resumeThread): + (JSC::getPlatformThreadRegisters): + (JSC::otherThreadStackPointer): + (JSC::freePlatformThreadRegisters): + (JSC::MachineStackMarker::markOtherThreadConservatively): + * wtf/Platform.h: Added Gtk port to use + ENABLE_JSC_MULTIPLE_THREADS. + +2011-02-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Darin Adler. + + Stop using DeprecatedPtr for the global exception slot + https://bugs.webkit.org/show_bug.cgi?id=55424 + + Create GCRootPtr to signify that the exception slot is + a gcroot, and so is exempt from the usual writebarrier + restrictions. + + * runtime/JSGlobalData.h: + * runtime/WriteBarrier.h: + (JSC::GCRootPtr::GCRootPtr): + (JSC::GCRootPtr::operator=): + +2011-02-28 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + Use more xcconfig files in JavaScriptCore gyp build + https://bugs.webkit.org/show_bug.cgi?id=55391 + + The GYP experts tell me that we have have a total of two xcconfig + files: one for the xcodeproj as a whole and one for each target. This + patch uses that technique to re-use the existing xcconfig files and + eliminate the duplication. + + Technically, this patch introduces some build errors because the + xcconfig files assume that the xcodeproj file is one level higher in + the directory hierarchy. Specifically, the xcodeproj file can no + longer find the Info.plist or the prefix header. I plan to fix that in + a subsequent patch. + + Also, this patch introduces the Release and Production configurations, + which should work correctly now. + + * gyp/JavaScriptCore.gyp: + +2011-02-28 Jon Honeycutt <jhoneycutt@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Add symbol to export. + +2011-02-28 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Make ScopeChainNode GC allocated + https://bugs.webkit.org/show_bug.cgi?id=55283 + + Simplify lifetime and other issues with the scopechain + by making it gc allocated. This allows us to simplify + function exit and unwinding, as well as making the + current iterative refcounting go away. + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::createActivation): + * bytecode/StructureStubInfo.cpp: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::generate): + (JSC::BytecodeGenerator::BytecodeGenerator): + (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): + (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): + * bytecompiler/BytecodeGenerator.h: + * debugger/Debugger.cpp: + (JSC::Recompiler::operator()): + * debugger/DebuggerCallFrame.h: + (JSC::DebuggerCallFrame::scopeChain): + * interpreter/CachedCall.h: + (JSC::CachedCall::CachedCall): + * interpreter/CallFrame.h: + * interpreter/Interpreter.cpp: + (JSC::depth): + (JSC::Interpreter::unwindCallFrame): + (JSC::Interpreter::throwException): + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + (JSC::Interpreter::privateExecute): + * jit/JITCall.cpp: + (JSC::JIT::compileOpCallInitializeCallFrame): + (JSC::JIT::compileOpCall): + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCallInitializeCallFrame): + (JSC::JIT::emit_op_ret): + (JSC::JIT::emit_op_ret_object_or_this): + (JSC::JIT::compileOpCall): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_end): + (JSC::JIT::emit_op_ret): + (JSC::JIT::emit_op_ret_object_or_this): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_end): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * jit/JITStubs.h: + * runtime/ArgList.cpp: + * runtime/Completion.cpp: + (JSC::evaluate): + * runtime/Completion.h: + * runtime/DateConversion.cpp: + * runtime/Executable.cpp: + (JSC::EvalExecutable::compileInternal): + (JSC::ProgramExecutable::compileInternal): + (JSC::FunctionExecutable::compileForCallInternal): + (JSC::FunctionExecutable::compileForConstructInternal): + * runtime/FunctionConstructor.cpp: + (JSC::constructFunction): + * runtime/GCActivityCallbackCF.cpp: + * runtime/Identifier.cpp: + * runtime/JSCell.h: + * runtime/JSChunk.cpp: Added. + * runtime/JSChunk.h: Added. + * runtime/JSFunction.cpp: + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::markChildren): + (JSC::JSFunction::getCallData): + (JSC::JSFunction::getOwnPropertySlot): + (JSC::JSFunction::getConstructData): + * runtime/JSFunction.h: + (JSC::JSFunction::scope): + (JSC::JSFunction::setScope): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::init): + (JSC::JSGlobalObject::markChildren): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): + (JSC::JSGlobalObject::globalScopeChain): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::globalFuncEval): + * runtime/JSLock.cpp: + * runtime/JSNumberCell.cpp: + * runtime/JSZombie.cpp: + * runtime/MarkedBlock.cpp: + * runtime/MarkedSpace.cpp: + * runtime/PropertyNameArray.cpp: + * runtime/ScopeChain.cpp: + (JSC::ScopeChainNode::print): + (JSC::ScopeChainNode::localDepth): + (JSC::ScopeChainNode::markChildren): + * runtime/ScopeChain.h: + (JSC::ScopeChainNode::ScopeChainNode): + (JSC::ScopeChainNode::createStructure): + (JSC::ScopeChainNode::push): + (JSC::ScopeChainNode::pop): + (JSC::ScopeChainIterator::ScopeChainIterator): + (JSC::ScopeChainIterator::operator*): + (JSC::ScopeChainIterator::operator->): + (JSC::ScopeChainIterator::operator++): + (JSC::ScopeChainNode::begin): + (JSC::ScopeChainNode::end): + (JSC::ExecState::globalData): + (JSC::ExecState::lexicalGlobalObject): + (JSC::ExecState::globalThisValue): + * runtime/ScopeChainMark.h: + * wtf/DateMath.cpp: + +2011-02-27 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Implement WTF::randomNumber in terms of WTF::cryptographicallyRandomNumber when possible + https://bugs.webkit.org/show_bug.cgi?id=55326 + + Currently, randomNumber does a bunch of platform-specific work that to + get a cryptographic randomness when available. Instead, we should use + cryptographicallyRandomNumber, which abstracts this work. + Unfortunately, we can't remove all of the WTF::randomNumber + implementation because not every port has access to cryptographically + random numbers. + + * wtf/RandomNumber.cpp: + (WTF::randomNumber): + +2011-02-27 Benjamin Poulain <ikipou@gmail.com> + + Reviewed by Darin Adler. + + Eliminate DeprecatedPtrList from RenderBlock + https://bugs.webkit.org/show_bug.cgi?id=54972 + + Add methods find() and contains() using an adaptor to ListHashSet. + Those method are like the one of HashSet, they allow to find objects + based on a different key than the one used to define the set. + + Add convenience methods for direct access to the head and tail of the list. + Those methods are providing similar API/behavior as Vector. + + * wtf/ListHashSet.h: + (WTF::::first): + (WTF::::last): + (WTF::::removeLast): + (WTF::ListHashSetTranslatorAdapter::hash): + (WTF::ListHashSetTranslatorAdapter::equal): + (WTF::::find): + (WTF::::contains): + +2011-02-26 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Andreas Kling. + + Add support for DragonFly BSD + https://bugs.webkit.org/show_bug.cgi?id=54407 + + DragonFly BSD is based on FreeBSD, so handle it like FreeBSD. + + * wtf/Platform.h: + +2011-02-26 Adam Barth <abarth@webkit.org> + + Reviewed by Dimitri Glazkov. + + JavaScriptCore should use the xcconfig file instead of importing that information into GYP + https://bugs.webkit.org/show_bug.cgi?id=55282 + + Technically, this breaks the build because I had removed one of the + warnings in this config file, but this change seems like an + improvement. + + * gyp/JavaScriptCore.gyp: + +2011-02-26 Thouraya ANDOLSI <thouraya.andolsi@st.com> + + Reviewed by Nikolas Zimmermann. + + SH4 JIT SUPPORT + https://bugs.webkit.org/show_bug.cgi?id=44329 + + Provide an ExecutableAllocater::cacheFlush() implementation for + Linux/SH4. + + * jit/ExecutableAllocator.h: + (JSC::ExecutableAllocator::cacheFlush): + +2011-02-25 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r79627. + http://trac.webkit.org/changeset/79627 + https://bugs.webkit.org/show_bug.cgi?id=55274 + + broke worker tests (Requested by olliej on #webkit). + + * JavaScriptCore.exp: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * runtime/Heap.cpp: + (JSC::Heap::allocate): + * runtime/Heap.h: + * runtime/JSCell.h: + (JSC::JSCell::JSCell::operator new): + (JSC::JSCell::MarkedSpace::sizeClassFor): + (JSC::JSCell::MarkedSpace::allocate): + * runtime/MarkedBlock.h: + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::allocateBlock): + (JSC::MarkedSpace::reset): + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::SizeClass::SizeClass): + +2011-02-25 Michael Saboff <msaboff@apple.com> + + Reviewed by Darin Adler. + + Leak in JSParser::Scope of ScopeLabelInfo Vector + https://bugs.webkit.org/show_bug.cgi?id=55249 + + Changed m_labels to be an OwnPtr<>. Added VectorTraits + and Scope copy constructor to support this change. + + * parser/JSParser.cpp: + (JSC::JSParser::Scope::~Scope): + +2011-02-25 Fumitoshi Ukai <ukai@chromium.org> + + Reviewed by Adam Barth. + + WebSocket uses insecure random numbers + https://bugs.webkit.org/show_bug.cgi?id=54714 + + * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber() + +2011-02-25 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Adam Roben. + + Move timeBeginPeriod into OS(WINDOWS) section + https://bugs.webkit.org/show_bug.cgi?id=55247 + + * jsc.cpp: + (main): timeBeginPeriod is available on all Windows versions and not compiler specific. + +2011-02-25 Patrick Gansterer <paroga@webkit.org> + + Unreviewed WinCE build fix for r79695. + + * jsc.cpp: + (main): SetErrorMode isn't available on WinCE. + +2011-02-25 Adam Roben <aroben@apple.com> + + Work around Cygwin's crash-suppression behavior + + Cygwin calls ::SetErrorMode(SEM_FAILCRITICALERRORS), which any processes it launches will + inherit. This is bad for testing/debugging, as it causes the post-mortem debugger not to be + invoked. (Cygwin does this because it makes crashes more UNIX-y.) We reset the error mode + when our test apps launch to work around Cygwin's behavior. + + Fixes <http://webkit.org/b/55222> Test apps crash silently (without invoking post-mortem + debugger) when launched from Cygwin 1.7 + + Reviewed by Darin Adler. + + * API/tests/testapi.c: Added a now-needed #include. + (main): + * jsc.cpp: + (main): + Call ::SetErrorMode(0) to undo Cygwin's folly. + + * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Define NOMINMAX like many of our + other projects do so that windows.h won't define min/max macros that interfere with + std::numeric_limits<T>::min/max. + +2011-02-24 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Add GYP project for JavaScriptCore + https://bugs.webkit.org/show_bug.cgi?id=55027 + + Again, this GYP files is very rough, but it succeeds in building + JavaScriptCore. There's a lot more work to do here, especially in the + area of sharing with JavaScriptGlue.gyp. This patch is more of a + checkpoint so that other folks can help out if they wish. + + * gyp: Added. + * gyp/JavaScriptCore.gyp: Added. + * gyp/generate-derived-sources.sh: Added. + +2011-02-24 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Add missing files to JavaScriptCore.gypi + https://bugs.webkit.org/show_bug.cgi?id=55193 + + I forgot to add mm files in my previous patch. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + +2011-02-24 Adam Barth <abarth@webkit.org> + + Reviewed by Eric Seidel. + + Remove unused parameter name in GCActivityCallback.cpp + https://bugs.webkit.org/show_bug.cgi?id=55194 + + This change is not strictly required for the GYP-based build system, + but I noticed this error when working on the new build system. + + * runtime/GCActivityCallback.cpp: + (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): + +2011-02-24 James Robinson <jamesr@chromium.org> + + Reviewed by Darin Fisher. + + Add a USE() macro to control use of the built-in UTF8 codec + https://bugs.webkit.org/show_bug.cgi?id=55189 + + Defaults USE(BUILTIN_UTF8_CODEC) to true for all platforms except chromium, which controls the flag via features.gypi. + + * wtf/Platform.h: + +2011-02-24 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + Variable-sized allocation (but still capped at 64 bytes) + https://bugs.webkit.org/show_bug.cgi?id=55159 + + SunSpider reports no change. + + * JavaScriptCore.exp: Some day, I hope not to have to edit this file. + + * runtime/Heap.cpp: + (JSC::Heap::allocateSlowCase): Split allocation into a fast and slow + case, so the fast case can inline size class selection and turn it into + a compile-time constant. + + Changed the collect-on-every allocation debugging switch to collect only + on every slow allocation, so you can still flip the switch without + recompiling the world. This may also be preferable for debugging purposes, + since collecting after every single allocation can be unusably slow, + and can mask problems by running destructors early. + + * runtime/Heap.h: Ditto. + + * runtime/JSCell.h: + (JSC::JSCell::MarkedSpace::sizeClassFor): + (JSC::JSCell::Heap::allocate): + (JSC::JSCell::JSCell::operator new): The inlining mentioned above. + + * runtime/MarkedBlock.h: Dropped the block size from 256KB to 16KB. With + multiple size classes, allocating a full 256KB for the first allocation + in a given class can be pathologically wasteful. (8KB, or 4KB Mac and + 8KB Windows, would be even better, but that seems to be a peformance + regression for now.) + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::allocateBlock): + (JSC::MarkedSpace::reset): There's more than one size class now, and its + cell size is not constant. + + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::SizeClass::SizeClass): Ditto. + +2011-02-23 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Make WeakGCMap use new handle infrastructure + https://bugs.webkit.org/show_bug.cgi?id=55100 + + Remove old WeakGCMap implementation and move over to new handle + based logic. + + This has a number of benefits, most notably it makes a WeakGCMap + always reflect the true state of the world by as all entries are + removed at the first gc cycle that makes them dead. This allows + us to get rid of code in a wide variety of objects where the only + purpose was to remove themselves from maps. + + It also means that we no longer need to have special "unchecked" + versions of any functions on WeakGCMap. Alas in order to maintain + compatibility with the JSWeakObjectMapClear API it is still + necessary to have an api that resembles uncheckedRemove, this is + now deprecatedRemove and will be dealt with in a later patch. + + In order to get correct semantics in WeakGCMap we need more + contextual information in the finalizer, so we've added an + abstract class based finaliser and a context parameter to the + calls. + + The new an improved WeakGCMap also results in sigificantly more + churn in the weak handle lists so exposed some potential problems + during the post mark phase which have been rectified as well. + + * API/JSWeakObjectMapRefPrivate.cpp: + * API/JSWeakObjectMapRefPrivate.h: + * runtime/Heap.cpp: + (JSC::Heap::globalObjectCount): + (JSC::Heap::protectedGlobalObjectCount): + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::~JSGlobalObject): + (JSC::JSGlobalObject::init): + * runtime/WeakGCMap.h: + (JSC::WeakGCMap::iterator::iterator): + (JSC::WeakGCMap::iterator::get): + (JSC::WeakGCMap::iterator::getSlot): + (JSC::WeakGCMap::iterator::operator++): + (JSC::WeakGCMap::iterator::operator==): + (JSC::WeakGCMap::iterator::operator!=): + (JSC::WeakGCMap::WeakGCMap): + (JSC::WeakGCMap::isEmpty): + (JSC::WeakGCMap::clear): + (JSC::WeakGCMap::get): + (JSC::WeakGCMap::getSlot): + (JSC::WeakGCMap::set): + (JSC::WeakGCMap::take): + (JSC::WeakGCMap::size): + (JSC::WeakGCMap::deprecatedRemove): + (JSC::WeakGCMap::begin): + (JSC::WeakGCMap::end): + (JSC::WeakGCMap::~WeakGCMap): + (JSC::WeakGCMap::finalize): + * runtime/WeakGCPtr.h: + (JSC::WeakGCPtr::WeakGCPtr): + (JSC::WeakGCPtr::set): + +2011-02-24 Oliver Hunt <oliver@apple.com> + + Reviewed by Gavin Barraclough. + + Make weaklist processing deal with weak handles being removed during the iteration + https://bugs.webkit.org/show_bug.cgi?id=55105 + + It is possible for the handle heap to end up in a broken state if + a handle's finalizer removes either the current or next handle + to be visited during the post-gc cleanup. This patch removes that + problem by allowing the deallocate(Node*) routine to update the + iterator if it is called during finalization. + + * collector/handles/HandleHeap.cpp: + (JSC::HandleHeap::HandleHeap): + (JSC::HandleHeap::updateAfterMark): + (JSC::HandleHeap::clearWeakPointers): + (JSC::HandleHeap::writeBarrier): + (JSC::HandleHeap::protectedGlobalObjectCount): + * collector/handles/HandleHeap.h: + (JSC::Finalizer::~Finalizer): + (JSC::HandleHeap::getFinalizer): + (JSC::HandleHeap::deallocate): + (JSC::HandleHeap::makeWeak): + (JSC::HandleHeap::makeSelfDestroying): + (JSC::HandleHeap::Node::Node): + (JSC::HandleHeap::Node::setFinalizer): + (JSC::HandleHeap::Node::finalizer): + (JSC::HandleHeap::Node::finalizerContext): + * interpreter/RegisterFile.cpp: + (JSC::RegisterFile::setGlobalObject): + (JSC::GlobalObjectNotifier::finalize): + (JSC::RegisterFile::globalObjectCollectedNotifier): + * interpreter/RegisterFile.h: + (JSC::RegisterFile::RegisterFile): + * runtime/Heap.cpp: + (JSC::Heap::destroy): + * runtime/WeakGCPtr.h: + (JSC::WeakGCPtr::WeakGCPtr): + (JSC::WeakGCPtr::set): + +2011-02-24 Michael Saboff <msaboff@apple.com> + + Reviewed by Oliver Hunt. + + PatternAlternative leaked in YarrPatternConstructor::atomParenthesesEnd() + https://bugs.webkit.org/show_bug.cgi?id=55156 + + Added code to delete unneeded PatternAlternative after it is removed + from m_alternatives Vector. + + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd): + +2011-02-24 Eric Seidel <eric@webkit.org> + + Reviewed by Anders Carlsson. + + VectorBuffer should not call malloc(0) + https://bugs.webkit.org/show_bug.cgi?id=55091 + + Turns out the malloc() call which was so hot in: + https://bugs.webkit.org/show_bug.cgi?id=55005 + was actually just malloc(0). + + We shouldn't be calling malloc(0) anyway, since there is no need to + and it might actually do work on some systems. + I believe on Mac it ends up taking the standard spinlocks (expensive) + and the code on Brew actually does a malloc(1) instead. Neither is desirable. + + * wtf/Vector.h: + (WTF::VectorBufferBase::allocateBuffer): + (WTF::VectorBufferBase::tryAllocateBuffer): + +2011-02-24 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Darin Adler. + + Remove obsolete PLATFORM(CI) + https://bugs.webkit.org/show_bug.cgi?id=55082 + + * wtf/Platform.h: + +2011-02-24 Martin Robinson <mrobinson@igalia.com> + + Reviewed by Xan Lopez. + + [GTK] Remove the GFile GOwnPtr specialization + https://bugs.webkit.org/show_bug.cgi?id=55154 + + Remove the GFile specialization of GOwnPtr. It's sufficient to use GRefPtr + to track GFiles since they are just regular reference-counted GObjects. + + * wtf/gobject/GOwnPtr.cpp: Remove GFile specialization. + * wtf/gobject/GOwnPtr.h: Ditto. + +2011-02-24 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Eric Seidel. + + Rename PLATFORM(SKIA) to USE(SKIA) + https://bugs.webkit.org/show_bug.cgi?id=55090 + + * wtf/Platform.h: + +2011-02-24 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Alexey Proskuryakov. + + Remove pthreads dependecy for JSLock + https://bugs.webkit.org/show_bug.cgi?id=54832 + + JSLock is only needed to support an obsolete execution model where JavaScriptCore + automatically protected against concurrent access from multiple threads. + So it's safe to disable it on non-mac platforms where we don't have native pthreads. + + * runtime/JSLock.cpp: + +2011-02-24 Chao-ying Fu <fu@mips.com> + + Reviewed by Eric Seidel. + + Fix MIPS build with new patchOffsetPut/GetByIdPropertyMapOffset1/2 values + https://bugs.webkit.org/show_bug.cgi?id=54997 + + * jit/JIT.h: + * jit/JITStubs.cpp: + (JSC::JITThunks::JITThunks): + +2011-02-24 Andras Becsi <abecsi@webkit.org> + + Reviewed by Laszlo Gombos. + + [Qt] MinGW build fails to link + https://bugs.webkit.org/show_bug.cgi?id=55050 + + Prepend the libraries of subcomponents instead of appending them + to fix the library order according to the dependency of the libraries + + * JavaScriptCore.pri: rename addJavaScriptCore to prependJavaScriptCore + * jsc.pro: ditto + +2011-02-24 Eric Seidel <eric@webkit.org> + + Reviewed by Adam Barth. + + Deque<T> should support inline capacity + https://bugs.webkit.org/show_bug.cgi?id=55032 + + The title says it all. There are currently no places + which use this code yet, however it's been tested in conjunction + with code for bug 55005. + + This also adds an ASSERT that capacity is never 1. If you were able + to set the capacity equal to 1, the Deque would just get confused + and happily append your item but still think it had size 0. + + * wtf/Deque.h: + (WTF::DequeIterator::DequeIterator): + (WTF::DequeConstIterator::DequeConstIterator): + (WTF::DequeReverseIterator::DequeReverseIterator): + (WTF::DequeConstReverseIterator::DequeConstReverseIterator): + (WTF::::checkValidity): + (WTF::::checkIndexValidity): + (WTF::::invalidateIterators): + (WTF::::Deque): + (WTF::deleteAllValues): + (WTF::::operator): + (WTF::::destroyAll): + (WTF::::~Deque): + (WTF::::swap): + (WTF::::clear): + (WTF::::findIf): + (WTF::::expandCapacityIfNeeded): + (WTF::::expandCapacity): + (WTF::::takeFirst): + (WTF::::append): + (WTF::::prepend): + (WTF::::removeFirst): + (WTF::::remove): + (WTF::::addToIteratorsList): + (WTF::::removeFromIteratorsList): + (WTF::::DequeIteratorBase): + (WTF::::~DequeIteratorBase): + (WTF::::isEqual): + (WTF::::increment): + (WTF::::decrement): + (WTF::::after): + (WTF::::before): + * wtf/Vector.h: + +2011-02-22 Adam Barth <abarth@webkit.org> + + Reviewed by Ojan Vafai. + + Add missing files to JavaScriptCore.gypi + https://bugs.webkit.org/show_bug.cgi?id=55020 + + gypi files are supposed to list every file under the sun. This patch + adds some missing files and sorts the rest. + + * JavaScriptCore.gypi: + +2011-02-23 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + Refactored MarkedSpace to operate in terms of size classes + https://bugs.webkit.org/show_bug.cgi?id=55106 + + SunSpider reports no change. + + * runtime/JSCell.h: + (JSC::JSCell::MarkedSpace::sizeClassFor): + (JSC::JSCell::MarkedSpace::allocate): Delegate allocation based on size + class. Since these functions are inline, the compiler can constant fold + them. + + * runtime/MarkedBlock.h: + (JSC::MarkedBlock::cellSize): + (JSC::MarkedBlock::size): Factored out a cellSize() helper. + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::allocateBlock): + (JSC::MarkedSpace::allocateFromSizeClass): + (JSC::MarkedSpace::shrink): + (JSC::MarkedSpace::reset): + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::SizeClass::SizeClass): + (JSC::MarkedSpace::SizeClass::reset): Changed to operate in terms of + abstract SizeClass objects, which are independent linked lists of blocks + of a certain size class, instead of a single m_heap object. + +2011-02-23 Adam Barth <abarth@webkit.org> + + Reviewed by James Robinson. + + [Chromium] Use WebKitClient for OSRandomSource instead of trying to talk to the file system in the sandbox + https://bugs.webkit.org/show_bug.cgi?id=55093 + + Exclude OSRandomSource.cpp from the Chromium build. This function is + implemented in WebKit/chromium/src instead. + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + +2011-02-23 Oliver Hunt <oliver@apple.com> + + Roll out r64156 as it introduces incorrect behaviour. + + * runtime/JSByteArray.h: + (JSC::JSByteArray::setIndex): + +2011-02-23 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation + https://bugs.webkit.org/show_bug.cgi?id=55079 + + SunSpider reports no change. + + * runtime/Heap.cpp: + (JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace, + since we want Heap to logically control MarkedSpace. MarkedSpace should + never choose to sweep itself. + + * runtime/JSCell.h: + (JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a + member of MarkedBlock. No need to reset nextAtom to firstAtom() when + we reach the end of a block, since there's now an explicit reset pass + during GC. + + * runtime/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * runtime/MarkedBlock.h: + (JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered + some data members to improve cache locality. + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::allocate): + (JSC::MarkedSpace::reset): + * runtime/MarkedSpace.h: + (JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an + explicit reset pass. + +2011-02-23 James Robinson <jamesr@chromium.org> + + Unreviewed, rolling out r79428. + http://trac.webkit.org/changeset/79428 + https://bugs.webkit.org/show_bug.cgi?id=54714 + + Does not work in the Chromium sandbox + + * JavaScriptCore.exp: + +2011-02-23 Adam Roben <aroben@apple.com> + + Fix an off-by-one error in JSC::appendSourceToError + + Looks like this bug has been around since the code was first added in r35245. + + Fixes <http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError + when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled + + Reviewed by Darin Adler. + + * interpreter/Interpreter.cpp: + (JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the + character at stop-1 rather than at stop. At this point in the code, stop represents the + index just past the end of the characters we care about, and can even be just past the end + of the entire data buffer. + +2011-02-23 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Darin Adler. + + Rolled back in r79367 with SnowLeopard Release bot crash fixed. + https://bugs.webkit.org/show_bug.cgi?id=54999 + + The crash was caused by failure to update the "nextBlock" pointer when + removing a block from the list while shrinking. The fix is to update the + "nextBlock" pointer. + + This crash was very rare because it only happened in cases where the very + first block in the heap contained no marked cells. + +2011-02-23 Dan Bernstein <mitz@apple.com> + + Reviewed by Gavin Barraclough. + + Include frame numbers in backtraces. + https://bugs.webkit.org/show_bug.cgi?id=55060 + + * wtf/Assertions.cpp: + +2011-02-23 Xan Lopez <xlopez@igalia.com> + + Reviewed by Gavin Barraclough. + + latest jsc for armv7 crashes in sunspider tests + https://bugs.webkit.org/show_bug.cgi?id=54667 + + Update JIT offset values in ARMv7 after r78732. Fixes crashes in + SunSpider and JavaScript tests. + + * jit/JIT.h: update values. + +2011-02-23 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r79418. + http://trac.webkit.org/changeset/79418 + https://bugs.webkit.org/show_bug.cgi?id=55043 + + "breaks shlib linux build" (Requested by morrita on #webkit). + + * JavaScriptCore.gyp/JavaScriptCore.gyp: + * JavaScriptCore.gypi: + +2011-02-23 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Alexey Proskuryakov. + + Use DEFINE_STATIC_LOCAL for ignoreSetMutex in Structure.cpp + https://bugs.webkit.org/show_bug.cgi?id=54831 + + * runtime/InitializeThreading.cpp: + (JSC::initializeThreadingOnce): + * runtime/Structure.cpp: + (JSC::ignoreSetMutex): + (JSC::Structure::Structure): + (JSC::Structure::~Structure): + (JSC::Structure::initializeThreading): + * runtime/Structure.h: + +2011-02-23 Patrick Gansterer <paroga@webkit.org> + + Reviewed by Darin Adler. + + Rename PLATFORM(CF) to USE(CF) + https://bugs.webkit.org/show_bug.cgi?id=53540 + + * runtime/DatePrototype.cpp: + * runtime/GCActivityCallbackCF.cpp: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * wtf/CurrentTime.cpp: + * wtf/Platform.h: + * wtf/text/AtomicString.h: + * wtf/text/StringImpl.h: + (WTF::StringImpl::computeHash): + * wtf/text/WTFString.h: + * wtf/unicode/icu/CollatorICU.cpp: + (WTF::Collator::userDefault): + +2011-02-23 Fumitoshi Ukai <ukai@chromium.org> + + Unreviewed build fix for Windows. + + WebSocket uses insecure random numbers + https://bugs.webkit.org/show_bug.cgi?id=54714 + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export WTF::cryptographicallyRandomNumber() + +2011-02-23 Fumitoshi Ukai <ukai@chromium.org> + + Reviewed by Adam Barth. + + WebSocket uses insecure random numbers + https://bugs.webkit.org/show_bug.cgi?id=54714 + + * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber() + +2011-02-22 Adam Barth <abarth@webkit.org> + + Reviewed by Ojan Vafai. + + Add missing files to JavaScriptCore.gypi + https://bugs.webkit.org/show_bug.cgi?id=55020 + + gypi files are supposed to list every file under the sun. This patch + adds some missing files and sorts the rest. + + * JavaScriptCore.gypi: + +2011-02-22 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r79367. + http://trac.webkit.org/changeset/79367 + https://bugs.webkit.org/show_bug.cgi?id=55012 + + all layout tests are crashing on Snow Leopard (Requested by + rniwa on #webkit). + + * GNUmakefile.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * runtime/MarkedBlock.h: + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::destroy): + (JSC::MarkedSpace::allocateBlock): + (JSC::MarkedSpace::freeBlock): + (JSC::MarkedSpace::allocate): + (JSC::MarkedSpace::shrink): + (JSC::MarkedSpace::reset): + * runtime/MarkedSpace.h: + (JSC::CollectorHeap::collectorBlock): + * wtf/CMakeLists.txt: + * wtf/DoublyLinkedList.h: Removed. + +2011-02-22 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1) + https://bugs.webkit.org/show_bug.cgi?id=54999 + + SunSpider reports no change. + + * GNUmakefile.am: + * JavaScriptCore.gypi: + * JavaScriptCore.vcproj/WTF/WTF.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: So many build systems, so little time. + * wtf/CMakeLists.txt: + + * runtime/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * runtime/MarkedBlock.h: + (JSC::MarkedBlock::setPrev): + (JSC::MarkedBlock::setNext): + (JSC::MarkedBlock::prev): + (JSC::MarkedBlock::next): Added linked list data members and accessors. + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::destroy): + (JSC::MarkedSpace::allocateBlock): Stop using vector, since it doesn't exist anymore. + + (JSC::MarkedSpace::freeBlocks): New helper function for updating relevant + data structures when freeing blocks. + + (JSC::MarkedSpace::allocate): Updated for nextBlock being a pointer and + not a vector index. + + (JSC::MarkedSpace::shrink): Construct a temporary list of empties and + then free them, to avoid modifying our hash table while iterating it. + This wasn't a concern before because we were using indirect array + indexing, not direct pointer indexing. + + (JSC::MarkedSpace::reset): Updated for nextBlock being a pointer and + not a vector index. + + * runtime/MarkedSpace.h: + (JSC::CollectorHeap::CollectorHeap): Changed data type from vector to linked list. + + * wtf/DoublyLinkedList.h: Added. New linked list class. + (WTF::::DoublyLinkedList): + (WTF::::isEmpty): + (WTF::::head): + (WTF::::append): + (WTF::::remove): + +2011-02-22 Gavin Barraclough <barraclough@apple.com> + + Windows build fix. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-02-22 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 54988 - Re-create StructureTransitionTable class, encapsulate transition table + + The Structure class keeps a table of transitions to derived Structure types. Since + this table commonly contains a single entry we employ an optimization where instead + of holding a map, we may hold a pointer directly to a single instance of the mapped + type. We use an additional bit of data to flag whether the pointer is currently + pointing to a table of transitions, or a singleton transition. Previously we had + commonly used a pattern of storing data in the low bits of pointers, but had moved + away from this since it causes false leaks to be reported by the leaks tool. However + in this case, the entries in the map are weak links - this pointer will never be + responsible for keeping an object alive. As such we can use this approach provided + that the bit is set when a table is not in use (otherwise the table would appear to + be leaked). + + Additionally, the transition table currently allows two entries to exist for a given + key - one specialized to a particular value, and one not specialized. This is + unnecessary, wasteful, and a little inconsistent. (If you create an entry for a + specialized value, then a non-specialized entry, both will exist. If you create an + entry for a non-specialized value, then try to create a specialized entry, only a + non-specialized form will be allowed.) + + This shows a small progression on v8. + + * JavaScriptCore.exp: + * runtime/JSObject.h: + (JSC::JSObject::putDirectInternal): + * runtime/Structure.cpp: + (JSC::StructureTransitionTable::contains): + (JSC::StructureTransitionTable::get): + (JSC::StructureTransitionTable::remove): + (JSC::StructureTransitionTable::add): + (JSC::Structure::dumpStatistics): + (JSC::Structure::Structure): + (JSC::Structure::~Structure): + (JSC::Structure::addPropertyTransitionToExistingStructure): + (JSC::Structure::addPropertyTransition): + * runtime/Structure.h: + (JSC::Structure::get): + * runtime/StructureTransitionTable.h: + (JSC::StructureTransitionTable::Hash::hash): + (JSC::StructureTransitionTable::Hash::equal): + (JSC::StructureTransitionTable::HashTraits::emptyValue): + (JSC::StructureTransitionTable::HashTraits::constructDeletedValue): + (JSC::StructureTransitionTable::HashTraits::isDeletedValue): + (JSC::StructureTransitionTable::StructureTransitionTable): + (JSC::StructureTransitionTable::~StructureTransitionTable): + (JSC::StructureTransitionTable::isUsingSingleSlot): + (JSC::StructureTransitionTable::map): + (JSC::StructureTransitionTable::setMap): + (JSC::StructureTransitionTable::singleTransition): + (JSC::StructureTransitionTable::setSingleTransition): + +2011-02-22 Andras Becsi <abecsi@webkit.org> + + Reviewed by Laszlo Gombos. + + [Qt] Redesign the build system + https://bugs.webkit.org/show_bug.cgi?id=51339 + + Part 2. + + Build WebCore as a static library, compile the WebKit API and WebKit2 API + in a final step and link to WebKit2, WebCore and JSC libraries to fix + linking issues resulting from stripped away symbols. + + * JavaScriptCore.pri: Remove the workaround. + +2011-02-21 Adam Roben <aroben@apple.com> + + Fix linker warning on Windows + + r79135 tried to export JSObject::s_info by adding it to JavaScriptCore.def. This is the + obvious way (since it's how we export functions), but unfortunately it doesn't work correct. + r79222 made us export it the right way (using the JS_EXPORTDATA macro), but forgot to remove + it from JavaScriptCore.def. This caused us to get linker warnings about exporting the symbol + multiple times. + + Rubber-stamped by Anders Carlsson. + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSObject::s_info. + +2011-02-21 Brian Weinstein <bweinstein@apple.com> + + Reviewed by Adam Roben. + + WebResourceCacheManager should be responsible for managing the CFURLCache as well + as the WebCore memory cache. + https://bugs.webkit.org/show_bug.cgi?id=54886 + Part of <rdar://problem/8971738> + + Add a new use flag for using the CFURLCache. + + * wtf/Platform.h: + +2011-02-21 Xan Lopez <xlopez@igalia.com> + + Reviewed by Gavin Barraclough. + + Use ASSERT_JIT_OFFSET in JITPropertyAccess32_64.cpp + https://bugs.webkit.org/show_bug.cgi?id=54901 + + * jit/JIT.h: swap actual and expected values in message, they were + reversed. + * jit/JITCall32_64.cpp: + (JSC::JIT::compileOpCall): use ASSERT_JIT_OFFSET instead of + a simple ASSERT. + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_method_check): ditto. + (JSC::JIT::compileGetByIdHotPath): ditto. + (JSC::JIT::compileGetByIdSlowCase): ditto. + (JSC::JIT::emit_op_put_by_id): ditto. + +2011-02-21 Gavin Barraclough <barraclough@apple.com> + + Ruber stamped by Sam Weinig + + Bug 54899 - Math.LOG10E should be 0.4342944819032518 + This value is quoted in section 15.8.1.5 of the spec. + + * runtime/MathObject.cpp: + (JSC::MathObject::MathObject): + +2011-02-21 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 54894 - Make inheritance structure described by ClassInfo match C++ class hierarchy. + + The ClassInfo objects describe an inheritance hierarchy, with each ClassInfo instance + containing a pointer to its parent class. These links should reflect the inheritance + hierarchy of C++ classes below JSObject. For the large part it does, but in some cases + entries in the C++ hierarchy are skipped over. This presently likely doesn't matter, + since intervening C++ classes may not have ClassInfo - but would be a potential bug + were ClassInfo were to be added. + + * API/JSCallbackConstructor.cpp: + * API/JSCallbackFunction.cpp: + * API/JSCallbackObjectFunctions.h: + * runtime/Arguments.h: + * runtime/ArrayPrototype.cpp: + * runtime/BooleanObject.cpp: + * runtime/DateInstance.cpp: + * runtime/DatePrototype.cpp: + * runtime/ErrorInstance.cpp: + * runtime/InternalFunction.cpp: + * runtime/JSActivation.cpp: + * runtime/JSArray.cpp: + * runtime/JSFunction.cpp: + * runtime/JSONObject.cpp: + * runtime/JSObject.h: + * runtime/JSZombie.h: + * runtime/MathObject.cpp: + * runtime/NativeErrorConstructor.cpp: + * runtime/NumberConstructor.cpp: + * runtime/NumberObject.cpp: + * runtime/RegExpConstructor.cpp: + * runtime/RegExpObject.cpp: + * runtime/StringObject.cpp: + * runtime/StringPrototype.cpp: + +2011-02-21 Adam Roben <aroben@apple.com> + + Export JSObject::s_info from JavaScriptCore.dll + + This matches what we do for all other ClassInfo objects that WebCore needs access to. + + Fixes <http://webkit.org/b/54881> REGRESSION (r79132): Lots of tests crashing in + JSCell::inherits on Windows + + Reviewed by Sam Weinig. + + * runtime/JSObject.h: Added JS_EXPORTDATA to s_info. + +2011-02-21 Kristian Amlie <kristian.amlie@nokia.com> + + Reviewed by Andreas Kling. + + Switched to compiler based detection, where the error actually is. + + It is not the platform that needs the workaround, it is the compiler. + + QtWebKit fails to compile on Windows XP with msvc-2008 + https://bugs.webkit.org/show_bug.cgi?id=54746 + + * bytecode/CodeBlock.h: + * runtime/RegExpObject.h: + +2011-02-20 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=54839 + Remove PrototypeFunction, NativeFunctionWrapper, and GlobalEvalFunction. + + Historically, Native functions used to be represented by PrototypeFunctions, however + since introducing call optimizations to the JIT this has used JSFunctions for host + calls too. At the point this change was made, the interpreter continued to use + PrototypeFunctions, however since fallback from the JIT to interpreter was introduced + the interpreter has had to be able to run using host functions represented using + JSFunctions - leading to an unnecessary and redundant divergence in behaviour between + interpreter only builds, and situations where the JIT has fallen back to interpreting. + + NativeFunctionWrapper only existed to select between PrototypeFunction and JSFunction + for wrappers for host functions, and as such can also be removed. + + GlobalEvalFunction is a redundant wrapper that happens to be derived from + PrototypeFunction. It existed to hold a reference to the global object - but since all + functions how derive from JSObjectWithGlobalObject, this no longer requires an + additional class to provide this functionality. + + * JavaScriptCore.JSVALUE32_64only.exp: + * JavaScriptCore.JSVALUE64only.exp: + * JavaScriptCore.xcodeproj/project.pbxproj: + Removed symbols / references to files. + + * runtime/GlobalEvalFunction.cpp: Removed. + * runtime/GlobalEvalFunction.h: Removed. + * runtime/NativeFunctionWrapper.h: Removed. + * runtime/PrototypeFunction.cpp: Removed. + * runtime/PrototypeFunction.h: Removed. + Removed. + + * runtime/Executable.cpp: + (JSC::NativeExecutable::~NativeExecutable): + * runtime/Executable.h: + (JSC::NativeExecutable::create): + (JSC::NativeExecutable::NativeExecutable): + (JSC::JSFunction::nativeFunction): + * runtime/JSFunction.cpp: + (JSC::callHostFunctionAsConstructor): + (JSC::JSFunction::JSFunction): + (JSC::JSFunction::getCallData): + * runtime/JSFunction.h: + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::getHostFunction): + * runtime/JSGlobalData.h: + (JSC::JSGlobalData::getCTIStub): + Added interpreter-friendly constructors for NativeExecutables. + + * bytecompiler/BytecodeGenerator.cpp: + * interpreter/Interpreter.cpp: + * jit/JITStubs.cpp: + * jsc.cpp: + * runtime/ArrayConstructor.cpp: + * runtime/BooleanPrototype.cpp: + * runtime/BooleanPrototype.h: + * runtime/CallData.h: + * runtime/DateConstructor.cpp: + * runtime/DateConstructor.h: + * runtime/ErrorPrototype.cpp: + * runtime/ErrorPrototype.h: + * runtime/FunctionPrototype.cpp: + * runtime/FunctionPrototype.h: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSGlobalObjectFunctions.cpp: + * runtime/Lookup.cpp: + * runtime/NumberPrototype.cpp: + * runtime/NumberPrototype.h: + * runtime/ObjectConstructor.cpp: + * runtime/ObjectConstructor.h: + * runtime/ObjectPrototype.cpp: + * runtime/ObjectPrototype.h: + * runtime/RegExpPrototype.cpp: + * runtime/RegExpPrototype.h: + * runtime/SmallStrings.h: + * runtime/StringConstructor.cpp: + * runtime/StringConstructor.h: + Removed use of redundant classes. + +2011-02-19 Laszlo Gombos <laszlo.1.gombos@nokia.com> + + Unreviewed build fix for Symbian. + + [Symbian] Revert the removal of linking + against hal after r79126. + + Dependency on the hal library can not be removed + as it is still used (e.g. in MarkStackSymbian.cpp). + + * JavaScriptCore.pri: + +2011-02-19 Gavin Barraclough <barraclough@apple.com> + + Interpreter build fix. + + * runtime/ArrayConstructor.cpp: + * runtime/BooleanPrototype.cpp: + * runtime/DateConstructor.cpp: + * runtime/ErrorPrototype.cpp: + * runtime/FunctionPrototype.cpp: + * runtime/Lookup.cpp: + * runtime/NumberPrototype.cpp: + * runtime/ObjectConstructor.cpp: + * runtime/ObjectPrototype.cpp: + * runtime/RegExpPrototype.cpp: + * runtime/StringConstructor.cpp: + +2011-02-19 Gavin Barraclough <barraclough@apple.com> + + Build fix!! + + * JavaScriptCore.exp: + +2011-02-19 Gavin Barraclough <barraclough@apple.com> + + Windows build fix!! + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-02-19 Gavin Barraclough <barraclough@apple.com> + + Windows build fix! + + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + +2011-02-19 Gavin Barraclough <barraclough@apple.com> + + Build fix! + + * JavaScriptCore.exp: + +2011-02-18 Gavin Barraclough <barraclough@apple.com> + + Reviewed by Sam Weinig. + + Bug 54786 - Devirtualize JSCell::classInfo() + + Instead of making a virtual function call, add a pointer to the ClassInfo + onto Structure. + + This removes a virtual function call, and paves the way towards removing all + the createStructure methods, and StructureFlags/AnonymousSlotCount properties + (these should be able to move onto ClassInfo). + + Calls to Structure::create must now pass a pointer to the ClassInfo for the + structure. All objects now have a ClassInfo pointer, non-object cell types + still do not. + + Changes are most mechanical, involving three steps: + * Remove virtual classInfo() methods. + * Add &s_info parameter to calls to Structure::create. + * Rename ClassInfo static members on classes from 'info' to 's_info', + for consistency. + + * API/JSCallbackConstructor.cpp: + * API/JSCallbackConstructor.h: + * API/JSCallbackFunction.cpp: + * API/JSCallbackFunction.h: + * API/JSCallbackObject.cpp: + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + * API/JSObjectRef.cpp: + * API/JSValueRef.cpp: + * API/JSWeakObjectMapRefPrivate.cpp: + * JavaScriptCore.exp: + * debugger/Debugger.cpp: + * debugger/DebuggerActivation.h: + * debugger/DebuggerCallFrame.cpp: + * interpreter/Interpreter.cpp: + * jit/JITCall32_64.cpp: + * jit/JITOpcodes.cpp: + * jit/JITStubs.cpp: + * profiler/Profiler.cpp: + * runtime/Arguments.cpp: + * runtime/Arguments.h: + * runtime/ArrayConstructor.cpp: + * runtime/ArrayPrototype.cpp: + * runtime/ArrayPrototype.h: + * runtime/BooleanObject.cpp: + * runtime/BooleanObject.h: + * runtime/BooleanPrototype.cpp: + * runtime/DateConstructor.cpp: + * runtime/DateInstance.cpp: + * runtime/DateInstance.h: + * runtime/DatePrototype.cpp: + * runtime/DatePrototype.h: + * runtime/ErrorInstance.cpp: + * runtime/ErrorInstance.h: + * runtime/ErrorPrototype.cpp: + * runtime/FunctionPrototype.cpp: + * runtime/FunctionPrototype.h: + * runtime/GetterSetter.h: + * runtime/GlobalEvalFunction.h: + * runtime/InternalFunction.cpp: + * runtime/InternalFunction.h: + * runtime/JSAPIValueWrapper.h: + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + * runtime/JSArray.h: + * runtime/JSByteArray.cpp: + * runtime/JSByteArray.h: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + * runtime/JSGlobalData.cpp: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + * runtime/JSONObject.h: + * runtime/JSObject.cpp: + * runtime/JSObject.h: + * runtime/JSObjectWithGlobalObject.h: + * runtime/JSPropertyNameIterator.h: + * runtime/JSStaticScopeObject.h: + * runtime/JSString.h: + * runtime/JSVariableObject.h: + * runtime/JSWrapperObject.h: + * runtime/JSZombie.cpp: + * runtime/JSZombie.h: + * runtime/Lookup.cpp: + * runtime/MathObject.cpp: + * runtime/MathObject.h: + * runtime/NativeErrorConstructor.cpp: + * runtime/NativeErrorConstructor.h: + * runtime/NumberConstructor.cpp: + * runtime/NumberConstructor.h: + * runtime/NumberObject.cpp: + * runtime/NumberObject.h: + * runtime/NumberPrototype.cpp: + * runtime/ObjectConstructor.cpp: + * runtime/ObjectPrototype.cpp: + * runtime/RegExpConstructor.cpp: + * runtime/RegExpConstructor.h: + * runtime/RegExpObject.cpp: + * runtime/RegExpObject.h: + * runtime/RegExpPrototype.cpp: + * runtime/ScopeChain.cpp: + * runtime/StringConstructor.cpp: + * runtime/StringObject.cpp: + * runtime/StringObject.h: + * runtime/StringObjectThatMasqueradesAsUndefined.h: + * runtime/StringPrototype.cpp: + * runtime/StringPrototype.h: + * runtime/Structure.cpp: + * runtime/Structure.h: + +2011-02-19 David Kilzer <ddkilzer@apple.com> + + <http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc + + Reviewed by Dan Bernstein. + + * Configurations/Base.xcconfig: Added + JAVASCRIPTCORE_FRAMEWORKS_DIR variable. + * Configurations/JavaScriptCore.xcconfig: Used + JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH. + * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH + for Production configuration of jsc target. + (Copy Into Framework): Removed old build phase. + (Fix Framework Reference): Renamed build phase to "Copy Into + Framework". Added "set -x" call to make the script print the + commands it is running. Added code to exit early for Production + builds since this was never intended for them. Added code to + copy jsc into the JavaScriptCore.framework/Resources directory. + +2011-02-19 Siddharth Mathur <siddharth.mathur@nokia.com> + + Reviewed by Laszlo Gombos. + + [Symbian] OSAllocator implementation for Symbian OS. + Manages both data and code region requests. V8 and Sunspider tested + OK with interpreter. Not tested with JSC JIT yet as it has unrelated + failures. Also no thread safety yet. + https://bugs.webkit.org/show_bug.cgi?id=51128 + + * JavaScriptCore.pri: removed HAL linkage + * wtf/Bitmap.h: + (WTF::::findRunOfZeros): find run of zeros in a bitmap. quick n dirty + * wtf/OSAllocator.h: + (WTF::OSAllocator::decommitAndRelease): decommit explicitly + * wtf/OSAllocatorSymbian.cpp: Impl. of OSAllocator interface + (WTF::allocateCodeChunk): utility for code chunks + (WTF::deallocateCodeChunk): utility for code chunks + (WTF::dataAllocatorInstance): getter for data allocator instance + (WTF::OSAllocator::reserveUncommitted): + (WTF::OSAllocator::releaseDecommitted): + (WTF::OSAllocator::commit): + (WTF::OSAllocator::decommit): + (WTF::OSAllocator::reserveAndCommit): + (WTF::PageAllocatorSymbian::PageAllocatorSymbian): maps requests + to one underlying Symbian chunk + (WTF::PageAllocatorSymbian::~PageAllocatorSymbian): + (WTF::PageAllocatorSymbian::reserve): + (WTF::PageAllocatorSymbian::release): + (WTF::PageAllocatorSymbian::commit): + (WTF::PageAllocatorSymbian::decommit): + (WTF::PageAllocatorSymbian::contains): + * wtf/PageAllocatorSymbian.h: Added. + (WTF::SymbianChunk::SymbianChunk): wrapper around RChunk + (WTF::SymbianChunk::~SymbianChunk): + (WTF::SymbianChunk::contains): + +2011-02-19 Yong Li <yoli@rim.com> + + Reviewed by Eric Seidel. + + https://bugs.webkit.org/show_bug.cgi?id=54687 + When being built with armcc, "int" bit fields are treated as + unsigned integers, which will fail the comparisons like "m_offset == -1". + Using "signed" fixes the problem. + + * assembler/ARMAssembler.h: + * assembler/ARMv7Assembler.h: + +2011-02-18 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Made MarkedSpace block iteration size-class agnostic + https://bugs.webkit.org/show_bug.cgi?id=54792 + + SunSpider reports no change. + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::clearMarks): + (JSC::MarkedSpace::sweep): + (JSC::MarkedSpace::objectCount): + (JSC::MarkedSpace::size): + (JSC::MarkedSpace::capacity): + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::forEach): Iterate blocks in hashing order instead of + size class list order. This is a much simpler convention in a world + of many different size classes. + +2011-02-18 Kristian Amlie <kristian.amlie@nokia.com> + + Reviewed by Andreas Kling. + + Added friend exception to Qt platform, which also compiles Windows. + + QtWebKit fails to compile on Windows XP with msvc-2008 + https://bugs.webkit.org/show_bug.cgi?id=54746 + + * bytecode/CodeBlock.h: + * runtime/RegExpObject.h: + +2011-02-18 Geoffrey Garen <ggaren@apple.com> + + (Rolled back in r79022 with crash fixed.) + + Reviewed by Sam Weinig. + + Use hashing instead of linear search in the conservative pointer test + https://bugs.webkit.org/show_bug.cgi?id=54767 + + SunSpider reports no change. + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::destroy): No need to explicitly clear the blocks array, + since freeBlock removes items for us. + + (JSC::MarkedSpace::freeBlock): Fixed a typo that always removed the last + block from the block set instead of the block being freed. Changed to + remove a block from our data structures before deallocating it, since + this is slightly cleaner. + + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::contains): Variable-sized objects will use more, + smaller blocks, so it's important for the contains check not to be O(n) + in the number of blocks. + +2011-02-18 chris reiss <christopher.reiss@nokia.com> + + Reviewed by Andreas Kling. + + REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN + https://bugs.webkit.org/show_bug.cgi?id=49989 + + updated test fast/js/script-tests/date-parse-test.js + + * wtf/DateMath.cpp: + (WTF::parseDateFromNullTerminatedCharacters): + +2011-02-18 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r79022. + http://trac.webkit.org/changeset/79022 + https://bugs.webkit.org/show_bug.cgi?id=54775 + + It broke the whole world (Requested by Ossy on #webkit). + + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::contains): + +2011-02-18 Yael Aharon <yael.aharon@nokia.com> + + Reviewed by Dave Hyatt. + + Add support for dir=auto + https://bugs.webkit.org/show_bug.cgi?id=50916 + + Change defaultWritingDirection() to return if the writing direction + was determined from a letter with strong directionality or not. + + * JavaScriptCore.exp: + * JavaScriptCore.order: + * wtf/text/StringImpl.cpp: + (WTF::StringImpl::defaultWritingDirection): + * wtf/text/StringImpl.h: + * wtf/text/WTFString.h: + (WTF::String::defaultWritingDirection): + +2011-02-18 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Use hashing instead of linear search in the conservative pointer test + https://bugs.webkit.org/show_bug.cgi?id=54767 + + SunSpider reports no change. + + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::contains): Variable-sized objects will use more, + smaller blocks, so it's important for the contains check not to be O(n) + in the number of blocks. + +2011-02-18 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Tightened some usage accounting code in MarkedSpace + https://bugs.webkit.org/show_bug.cgi?id=54761 + + SunSpider reports no change. + + * runtime/Heap.cpp: + (JSC::Heap::Heap): Initialize the marked space high water mark on + construction, instead of relying on some implicit subtleties to make + not initializing it work out OK. + + * runtime/Heap.h: Fixed up includes. + + * runtime/MarkedBlock.h: Made firstAtom() static so clients can call it + even without having allocated a block. + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): Don't pre-allocate a block, since this + would be prohibitively expensive with multiple size classes. + + (JSC::MarkedSpace::allocateBlock): + (JSC::MarkedSpace::freeBlock): Track allocated blocks in a hash set, + since linear search in the contains check will be prohibitively + expensive once we're using lots of smaller blocks. + + (JSC::MarkedSpace::allocate): Don't assume that we always have a block + allocated, since we don't anymore. (See above.) + + (JSC::MarkedSpace::reset): + * runtime/MarkedSpace.h: Updated for changes mentioned above. + +2011-02-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Made object allocation secretly variable-sized (Shhhh!) + https://bugs.webkit.org/show_bug.cgi?id=54721 + + SunSpider reports no change. + + Internally, MarkedBlock now makes variable-sized allocations, even + though MarkedSpace doesn't take advantage of this yet. + + * runtime/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): No need to ASSERT that allocations are + fixed-sized. + + * runtime/MarkedBlock.h: Shrunk the atom size so we can allocate things + that are not multiples of 64 bytes. + +2011-02-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Fixed some math errors when when using variable-sized cells + https://bugs.webkit.org/show_bug.cgi?id=54717 + + SunSpider reports no change. + + Computer Science Barbie says, "Math is not so hard afterall!" + + * runtime/JSCell.h: + (JSC::JSCell::MarkedBlock::allocate): Round up when calculating the + minimum number of atoms required for a cell, since rounding down + will get you splinched. + + * runtime/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + (JSC::MarkedBlock::sweep): + * runtime/MarkedBlock.h: + (JSC::MarkedBlock::forEach): Changed a bunch of != tests to < tests + because m_endAtom is actually a fuzzy end -- iterating from firstAtom() + may not hit m_endAtom exactly. + +2011-02-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + A little more abstraction for MarkedSpace::contains + https://bugs.webkit.org/show_bug.cgi?id=54715 + + * runtime/MarkedBlock.h: + (JSC::MarkedBlock::contains): Added a contains function, so MarkedSpace + doesn't have to know how MarkedBlock tracks containment internally. + + * runtime/MarkedSpace.h: + (JSC::MarkedSpace::contains): Call through to MarkedBlock to figure out + if a cell that seems to be in a block is valid. + +2011-02-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Sam Weinig. + + Removed the invariant that the last cell in a block is always marked + https://bugs.webkit.org/show_bug.cgi?id=54713 + + SunSpider reports no change. + + This adds one branch to allocation, but simplifies the mark invariant, + especially in a world of variable-sized cells. Now, it really is true + that any cell whose mark bit is set is a valid, live cell whose + constructor has run and whose destructor has not run. + + * runtime/JSCell.h: + (JSC::JSCell::MarkedBlock::allocate): Changed this do-while into a while + since we can no longer rely on a set mark bit to break out of this loop + before it reaches the end of the block. + + * runtime/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + (JSC::MarkedBlock::sweep): + * runtime/MarkedBlock.h: + (JSC::MarkedBlock::isEmpty): + (JSC::MarkedBlock::clearMarks): + (JSC::MarkedBlock::markCount): + (JSC::MarkedBlock::forEach): No need to set a special last mark bit. + +2011-02-17 Sheriff Bot <webkit.review.bot@gmail.com> + + Unreviewed, rolling out r78856 and r78907. + http://trac.webkit.org/changeset/78856 + http://trac.webkit.org/changeset/78907 + https://bugs.webkit.org/show_bug.cgi?id=54705 + + These seem to break tests on 32-bit builds. (Requested by + aroben on #webkit). + + * JavaScriptCore.xcodeproj/project.pbxproj: + * collector/handles/Global.h: + (JSC::Global::internalSet): + * collector/handles/Handle.h: + (JSC::HandleTypes::getFromSlot): + (JSC::HandleTypes::toJSValue): + (JSC::HandleTypes::validateUpcast): + (JSC::HandleConverter::operator->): + (JSC::HandleConverter::operator*): + (JSC::Handle::Handle): + (JSC::Handle::get): + * runtime/JSArray.cpp: + (JSC::JSArray::sortNumeric): + * runtime/JSObject.h: + (JSC::JSObject::inlineGetOwnPropertySlot): + * runtime/SlotAccessor.h: Removed. + * runtime/WeakGCPtr.h: + (JSC::WeakGCPtr::get): + (JSC::WeakGCPtr::internalSet): + * runtime/WriteBarrier.h: + (JSC::DeprecatedPtr::DeprecatedPtr): + (JSC::DeprecatedPtr::get): + (JSC::DeprecatedPtr::operator*): + (JSC::DeprecatedPtr::operator->): + (JSC::DeprecatedPtr::slot): + (JSC::DeprecatedPtr::operator UnspecifiedBoolType*): + (JSC::DeprecatedPtr::operator!): + (JSC::WriteBarrierBase::set): + (JSC::WriteBarrierBase::get): + (JSC::WriteBarrierBase::operator*): + (JSC::WriteBarrierBase::operator->): + (JSC::WriteBarrierBase::clear): + (JSC::WriteBarrierBase::slot): + (JSC::WriteBarrierBase::operator UnspecifiedBoolType*): + (JSC::WriteBarrierBase::operator!): + (JSC::WriteBarrierBase::setWithoutWriteBarrier): + (JSC::WriteBarrier::WriteBarrier): + +2011-02-17 Csaba Osztrogonác <ossy@webkit.org> + + Unreviewed. + + [Qt] Buildfix. + + * wtf/RetainPtr.h: Add missing PLATFORM(CF) guard. + +2011-02-17 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Oliver Hunt. + + Made MarkedBlock variable-sized + https://bugs.webkit.org/show_bug.cgi?id=54692 + + SunSpider reports no change. + + Each MarkedBlock is now composed of a set of fixed-sized atoms, with one + mark bit per atom. A given cell may be composed of one or more atoms. + + * runtime/Heap.cpp: + (JSC::Heap::allocate): Made fixed-sizedness a property of MarkedSpace, + bubbling it up from MarkedBlock, since MarkedBlock now supports variable- + sizedness. + + * runtime/JSCell.h: + (JSC::JSCell::MarkedBlock::allocate): Removed use of CELLS_PER_BLOCK and + (implicit) one constants -- these quantities are not constant anymore. + Updated for switch from cell to atom. + + * runtime/MarkedBlock.cpp: + (JSC::MarkedBlock::create): + (JSC::MarkedBlock::destroy): + (JSC::MarkedBlock::MarkedBlock): + (JSC::MarkedBlock::sweep): + * runtime/MarkedBlock.h: + (JSC::MarkedBlock::firstAtom): + (JSC::MarkedBlock::atoms): + (JSC::MarkedBlock::isAtomAligned): + (JSC::MarkedBlock::blockFor): + (JSC::MarkedBlock::isEmpty): + (JSC::MarkedBlock::clearMarks): + (JSC::MarkedBlock::size): + (JSC::MarkedBlock::capacity): + (JSC::MarkedBlock::atomNumber): + (JSC::MarkedBlock::isMarked): + (JSC::MarkedBlock::testAndSetMarked): + (JSC::MarkedBlock::setMarked): + (JSC::MarkedBlock::forEach): Same as above. Also removed use of CELL_SIZE + and BLOCK_SIZE, and switched away from calling arbitrary pointers cells. + + * runtime/MarkedSpace.cpp: + (JSC::MarkedSpace::MarkedSpace): + (JSC::MarkedSpace::allocateBlock): + (JSC::MarkedSpace::allocate): + (JSC::MarkedSpace::reset): + * runtime/MarkedSpace.h: + (JSC::CollectorHeap::CollectorHeap): + (JSC::MarkedSpace::contains): Updated for renames. Made fixed-sizedness + a property of MarkedSpace. + +2011-02-17 Oliver Hunt <oliver@apple.com> + + Attempt to fix windows build + + * runtime/WriteBarrier.h: + +2011-02-17 Oliver Hunt <oliver@apple.com> + + Reviewed by Geoffrey Garen. + + Refactor WriteBarrier and DeprecatedPtr to have less code duplication. + https://bugs.webkit.org/show_bug.cgi?id=54608 + + Make use of the tricks used for Handle, et al to avoid duplicating all + of the logic for DeprecatedPtr and WriteBarrier simply to support known + vs. unknown types. + + * JavaScriptCore.xcodeproj/project.pbxproj: + * collector/handles/Global.h: + (JSC::Global::internalSet): + * collector/handles/Handle.h: + (JSC::Handle::Handle): + (JSC::Handle::get): + * runtime/JSArray.cpp: + (JSC::JSArray::sortNumeric): + * runtime/JSObject.h: + (JSC::JSObject::inlineGetOwnPropertySlot): + * runtime/SlotAccessor.h: Added. + (JSC::SlotTypes::getFromBaseType): + (JSC::SlotTypes::convertToBaseType): + (JSC::SlotTypes::getFromSlot): + (JSC::SlotTypes::toJSValue): + (JSC::SlotTypes::validateUpcast): + (JSC::SlotAccessor::operator->): + (JSC::SlotAccessor::operator*): + * runtime/WeakGCPtr.h: + (JSC::WeakGCPtr::get): + (JSC::WeakGCPtr::internalSet): + * runtime/WriteBarrier.h: + (JSC::DeprecatedPtr::DeprecatedPtr): + (JSC::DeprecatedPtr::get): + (JSC::DeprecatedPtr::slot): + (JSC::DeprecatedPtr::operator=): + (JSC::WriteBarrierTranslator::convertToStorage): + (JSC::WriteBarrierTranslator::convertFromStorage): + (JSC::WriteBarrierBase::set): + (JSC::WriteBarrierBase::get): + (JSC::WriteBarrierBase::clear): + (JSC::WriteBarrierBase::slot): + (JSC::WriteBarrierBase::operator UnspecifiedBoolType*): + (JSC::WriteBarrierBase::operator!): + (JSC::WriteBarrierBase::setWithoutWriteBarrier): + (JSC::WriteBarrier::WriteBarrier): + +2011-02-17 Kevin Ollivier <kevino@theolliviers.com> + + [wx] Revert incorrect blind fix and restore previous working code. + + * wtf/wx/StringWx.cpp: + (WTF::String::String): + +2011-02-16 Geoffrey Garen <ggaren@apple.com> + + Reviewed by Maciej Stachowiak. + + Intermittent crashes beneath MarkStack::drain + https://bugs.webkit.org/show_bug.cgi?id=54614 + <rdar://problem/8971070> + + The crashes were caused by a GC happening after the global object's + property table had grown (due to compilation), but before the properties + had been fully initialized by program execution. + + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::BytecodeGenerator): Explicitly resize the global + object's register storage immediately, without waiting for program + execution to do it for us. This ensures that the global object's count + of global variables is consistent with the size of its global variable + storage at all times, and it ensures that all global variables are + properly initialized from the get-go. + + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::resizeRegisters): + * runtime/JSGlobalObject.h: Added a helper function for growing the + global object's register storage, and initializing new registers. + +== Rolled over to ChangeLog-2011-02-16 == |