summaryrefslogtreecommitdiff
path: root/Source/JavaScriptCore
Commit message (Collapse)AuthorAgeFilesLines
* Implement JIT on Windows 64 bitsJocelyn Turcotte2013-03-297-5/+177
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=107965 Reviewed by Simon Hausmann. Source/JavaScriptCore: 1. MSVC doesn't support inline assembly for 64 bits, implements the trampoline in a separate ASM file. 2. Windows 64 bits has a different calling convention than other OSes following the AMD64 ABI. Differences that we have to handle here: - Registers passed parameters are RCX, RDX, R8 and R9 instead of RDI, RSI, RDX, RCX, R8 and R9 - RDI and RSI must be preserved by callee - Only return values <= 8 bytes can be returned by register (RDX can't be used to return a second word) - There is no red-zone after RIP on the stack, but instead 4 reserved words before it * Target.pri: * jit/JITStubs.cpp: * jit/JITStubs.h: (JSC): (JITStackFrame): (JSC::JITStackFrame::returnAddressSlot): * jit/JITStubsMSVC64.asm: Added. * jit/JSInterfaceJIT.h: (JSInterfaceJIT): * jit/ThunkGenerators.cpp: (JSC::nativeForGenerator): * yarr/YarrJIT.cpp: (YarrGenerator): (JSC::Yarr::YarrGenerator::generateEnter): (JSC::Yarr::YarrGenerator::generateReturn): Source/WTF: * wtf/Platform.h: Change-Id: Ie1910350e36defcd427a95ceb9aa280fa61083e7 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144043 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* DFG 32_64 backend doesn't check for hasArrayStorage() in NewArrayWithSizeFilip Pizlo2013-03-271-1/+1
| | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=107081 Reviewed by Michael Saboff. This bug led to the 32_64 backend emitting contiguous allocation code to allocate ArrayStorage arrays. This then led to all manner of heap corruption, since subsequent array accesses would be accessing the contiguous array "as if" it was an arraystorage array. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): Change-Id: Ide538ea42dc32f29daf7bfe4b035053f1e9471b1 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139949 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* DFG Phantom node should be honest about the fact that it can exitv5.1.0-alpha1Filip Pizlo2013-03-271-1/+1
| | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=111115 Reviewed by Mark Hahnenberg. The chances of this having cause serious issues are low, since most clients of the NodeDoesNotExit flag run after CFA and CFA updates this properly. But one possible case of badness is if the ByteCodeParser inserted a Phantom with a type check in between a LogicalNot and a Branch; then that peephole optimization in Fixup might go slightly wrong. * dfg/DFGNodeType.h: (DFG): Change-Id: I568e22c3577979de0eeea945de519a920ee212b6 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144373 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* DFG is too aggressive with eliding overflow checks in loopsFilip Pizlo2013-03-272-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=105226 Reviewed by Mark Hahnenberg and Oliver Hunt. Source/JavaScriptCore: If we see a variable's live range cross basic block boundaries, conservatively assume that it may be part of a data-flow back-edge, and as a result, we may have entirely integer operations that could lead to the creation of an integer that is out of range of 2^52 (the significand of a double float). This does not seem to regress any of the benchmarks we care about, and it fixes the bug. In future we may want to actually look at whether or not there was a data-flow back-edge instead of being super conservative about it. But we have no evidence, yet, that this would help us on real code. * dfg/DFGNodeFlags.h: (DFG): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-int-overflow-in-loop-expected.txt: Added. * fast/js/dfg-int-overflow-in-loop.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-int-overflow-in-loop.js: Added. (foo): Change-Id: I9df2d6d17ba404802456f4e2da313e47f0f4f62e git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137963 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* DFG is too aggressive eliding overflow checks for additions involving large ↵Filip Pizlo2013-03-262-11/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | constants https://bugs.webkit.org/show_bug.cgi?id=105239 Reviewed by Gavin Barraclough. Source/JavaScriptCore: If we elide overflow checks on an addition (or subtraction) involving a larger-than-2^32 immediate, then make sure that the non-constant child of the addition knows that he's got to do an overflow check, by flowing the UsedAsNumber property at him. * dfg/DFGGraph.h: (JSC::DFG::Graph::addSpeculationMode): (Graph): (JSC::DFG::Graph::addShouldSpeculateInteger): (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-int-overflow-large-constants-in-a-line-expected.txt: Added. * fast/js/dfg-int-overflow-large-constants-in-a-line.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-int-overflow-large-constants-in-a-line.js: Added. (foo): Change-Id: If9f7c71050b6f07fc024e6e9f42083d7d3ca71f6 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137980 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* javascript integer overflowFilip Pizlo2013-03-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104967 Reviewed by Mark Hahnenberg. Source/JavaScriptCore: Fix PutScopedVar backward flow. * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-put-scoped-var-backward-flow-expected.txt: Added. * fast/js/dfg-put-scoped-var-backward-flow.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-put-scoped-var-backward-flow.js: Added. (sum): Change-Id: I63c3091751555d3690f22e38a55408ced098adf8 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137951 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Don't assert that flags <= 0x3ff in JSTypeInfoFilip Pizlo2013-03-261-1/+0
| | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104988 Reviewed by Sam Weinig. This assertion doesn't accomplish anything other than crashes. * runtime/JSTypeInfo.h: (JSC::TypeInfo::TypeInfo): Change-Id: I16848f37dd75c3de061e737097f0a09a01e31626 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137705 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Named lookups on HTML documents produce inconsistent results in ↵Filip Pizlo2013-03-264-7/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JavaScriptCore bindings https://bugs.webkit.org/show_bug.cgi?id=104623 Reviewed by Geoffrey Garen. Source/JavaScriptCore: Add the notion of objects that HasImpureGetOwnPropertySlot, and use that to inhibit prototype chain caching in some cases. This appears to be perf-neutral on benchmarks that we track. * dfg/DFGRepatch.cpp: (JSC::DFG::tryCacheGetByID): (JSC::DFG::tryBuildGetByIDProtoList): * jit/JITStubs.cpp: (JSC::JITThunks::tryCacheGetByID): (JSC::DEFINE_STUB_FUNCTION): * runtime/JSTypeInfo.h: (JSC): (JSC::TypeInfo::hasImpureGetOwnPropertySlot): * runtime/Operations.h: (JSC::normalizePrototypeChainForChainAccess): Source/WebCore: All DOM objects that have named getters or directly override getOwnPropertySlot are now marked as HasImpureGetOwnPropertySlot. Tests: fast/js/prototype-chain-caching-with-impure-get-own-property-slot-traps fast/js/dfg-prototype-chain-caching-with-impure-get-own-property-slot-traps * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): LayoutTests: * fast/js/dfg-prototype-chain-caching-with-impure-get-own-property-slot-traps-expected.txt: Added. * fast/js/dfg-prototype-chain-caching-with-impure-get-own-property-slot-traps.html: Added. * fast/js/prototype-chain-caching-with-impure-get-own-property-slot-traps-expected.txt: Added. * fast/js/prototype-chain-caching-with-impure-get-own-property-slot-traps.html: Added. * fast/js/script-tests/dfg-prototype-chain-caching-with-impure-get-own-property-slot-traps.js: Added. (f): * fast/js/script-tests/prototype-chain-caching-with-impure-get-own-property-slot-traps.js: Added. (f): Change-Id: Ie17e39f2b8139778455e28aca9428698f4dd362f git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137700 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Strange results calculating a square root in a loopFilip Pizlo2013-03-262-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104247 <rdar://problem/12826880> Reviewed by Oliver Hunt. Source/JavaScriptCore: Fixed the CFG simplification phase to ignore dead GetLocals in the first of the blocks under the merge. This fixes the assertion, and is also cleaner: our general rule is to not "revive" things that we've already proved to be dead. Also fixed some rotted debug code. * dfg/DFGCFGSimplificationPhase.cpp: (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal): * dfg/DFGStructureCheckHoistingPhase.cpp: (JSC::DFG::StructureCheckHoistingPhase::run): LayoutTests: * fast/js/dfg-cfg-simplify-redundant-dead-get-local-expected.txt: Added. * fast/js/dfg-cfg-simplify-redundant-dead-get-local.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-cfg-simplify-redundant-dead-get-local.js: Added. (getDist): (calcError): Change-Id: I70b28d61e3fcbbb551d9e71d458efe654149c12c git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136989 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Incorrect inequality for checking whether a statement is within bounds of a ↵Filip Pizlo2013-03-266-14/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | handler https://bugs.webkit.org/show_bug.cgi?id=104313 <rdar://problem/12808934> Reviewed by Geoffrey Garen. Source/JavaScriptCore: The most relevant change is in handlerForBytecodeOffset(), which fixes the inequality used for checking whether a handler is pertinent to the current instruction. '<' is correct, but '<=' isn't, since the 'end' is not inclusive. Also found, and addressed, a benign goof in how the finally inliner works: sometimes we will have end > start. This falls out naturally from how the inliner works and how we pop scopes in the bytecompiler, but it's sufficiently surprising that, to avoid any future confusion, I added a comment and some code to prune those handlers out. Because of how the handler resolution works, these handlers would have been skipped anyway. Also made various fixes to debugging code, which was necessary for tracking this down. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::handlerForBytecodeOffset): * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::generate): * bytecompiler/Label.h: (JSC::Label::bind): * interpreter/Interpreter.cpp: (JSC::Interpreter::throwException): * llint/LLIntExceptions.cpp: (JSC::LLInt::interpreterThrowInCaller): (JSC::LLInt::returnToThrow): (JSC::LLInt::callToThrow): * llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): (JSC::LLInt::handleHostCall): LayoutTests: * fast/js/jsc-test-list: * fast/js/script-tests/try-catch-try-try-catch-try-finally-return-catch-finally.js: Added. (foo): * fast/js/try-catch-try-try-catch-try-finally-return-catch-finally-expected.txt: Added. * fast/js/try-catch-try-try-catch-try-finally-return-catch-finally.html: Added. Change-Id: Ic199b40daa2f8be3fb4dd01a762323d7309dfb47 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136927 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* jsc command line tool's support for typed arrays should be robust against ↵Filip Pizlo2013-03-261-1/+4
| | | | | | | | | | | | | | | | | | | array buffer allocation errors https://bugs.webkit.org/show_bug.cgi?id=104020 <rdar://problem/12802478> Reviewed by Mark Hahnenberg. Check for null buffers, since that's what typed array allocators are supposed to do. WebCore does it, and that is indeed the contract of ArrayBuffer and TypedArrayBase. * JSCTypedArrayStubs.h: (JSC): Change-Id: If57957cd1a5397aeae59a3b9347db9de2f8a56fc git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136536 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* replaceWithJump should not decrease the offset by 1 on ARM traditional.Zoltan Herczeg2013-03-251-1/+1
| | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=109689 Reviewed by Zoltan Herczeg. * assembler/ARMAssembler.h: (JSC::ARMAssembler::replaceWithJump): Change-Id: I069f53f06a50248be17fa6c6f94cf1aab9aa70bc git-svn-id: http://svn.webkit.org/repository/webkit/trunk@142751 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Andras Becsi <andras.becsi@digia.com>
* revertBranchPtrWithPatch is incorrect on ARM traditionalZoltan Herczeg2013-03-252-12/+17
| | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=110201 Reviewed by Oliver Hunt. Revert two instructions back to their original value. * assembler/ARMAssembler.h: (JSC::ARMAssembler::revertBranchPtrWithPatch): (ARMAssembler): * assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::branchPtrWithPatch): (JSC::MacroAssemblerARM::revertJumpReplacementToBranchPtrWithPatch): Change-Id: Ic453e2d43913e1139a0f119e5f6c3e4d4ce0d7e1 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143346 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Andras Becsi <andras.becsi@digia.com>
* Children method in LLINT AST Not class should return [@child]Peter Gal2013-03-251-1/+1
| | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=90740 Patch by Peter Gal <galpeter@inf.u-szeged.hu> on 2013-03-07 Reviewed by Filip Pizlo. * offlineasm/ast.rb: Fixed the return value of the children method in the Not AST class. Change-Id: Id9737890167006198c25a585e89fc41f8a9ae784 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145047 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Andras Becsi <andras.becsi@digia.com>
* LLInt CLoop backend misses Double2Ints() on 32bit architecturesGabor Rapcsanyi2013-03-252-1/+12
| | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=112141 Reviewed by Filip Pizlo. Implement Double2Ints() in CLoop backend of LLInt on 32bit architectures. * llint/LowLevelInterpreter.cpp: (LLInt): (JSC::LLInt::Double2Ints): * offlineasm/cloop.rb: Change-Id: I0617d06eda59afec2f0ddc7268ac1531f275f9ec git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145551 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Andras Becsi <andras.becsi@digia.com>
* Invalid code is generated for storing constants with baseindex addressing ↵Zoltan Herczeg2013-03-251-4/+20
| | | | | | | | | | | | | | | | | | modes on ARM traditional. https://bugs.webkit.org/show_bug.cgi?id=109050 Reviewed by Oliver Hunt. The S! scratch register is reused, but it should contain the constant value. * assembler/ARMAssembler.cpp: (JSC::ARMAssembler::baseIndexTransfer32): (JSC::ARMAssembler::baseIndexTransfer16): Change-Id: Ib2487e008104e79b4e38e3031bd60bc25ed7f8a2 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@142146 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Andras Becsi <andras.becsi@digia.com>
* [QNX][ARM] REGRESSION(r135330): Various failures in OctaneCosmin Truta2013-03-252-4/+4
| | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=112863 Reviewed by Yong Li. This was fixed in http://trac.webkit.org/changeset/146396 on Linux only. Enable this fix on QNX. * assembler/ARMv7Assembler.h: (ARMv7Assembler): (JSC::ARMv7Assembler::replaceWithJump): (JSC::ARMv7Assembler::maxJumpReplacementSize): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch): Change-Id: Ib9ced675a08b9351ddf36185140adeb1cfb24ee3 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146429 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com> Reviewed-by: Andras Becsi <andras.becsi@digia.com>
* ARMv7 replaceWithJump ASSERT failure after r135330.Zoltan Herczeg2013-03-252-4/+48
| | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=103146 Reviewed by Filip Pizlo. On Linux, the 24 bit distance range of jumps sometimes does not enough to cover all targets addresses. This patch supports jumps outside of this range using a mov/movt/bx 10 byte long sequence. * assembler/ARMv7Assembler.h: (ARMv7Assembler): (JSC::ARMv7Assembler::revertJumpTo_movT3movtcmpT2): (JSC::ARMv7Assembler::nopw): (JSC::ARMv7Assembler::label): (JSC::ARMv7Assembler::replaceWithJump): (JSC::ARMv7Assembler::maxJumpReplacementSize): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch): Change-Id: Ic90230b5f5d74023b5476897966a01ce7152071a git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146396 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com> Reviewed-by: Andras Becsi <andras.becsi@digia.com>
* [Qt] Fix the JSC build on MacJocelyn Turcotte2013-03-181-1/+1
| | | | | | | | | | | Unreviewed, build fix. * heap/HeapTimer.h: Qt on Mac has USE(CF) true, and should use the CF HeapTimer in that case. Change-Id: Ibf9d96a3492e47dc33e131322de16e52de00e5e5 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141097 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* [Qt] Implement GCActivityCallbackAllan Sandfeld Jensen2013-03-182-5/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=103998 Reviewed by Simon Hausmann. Source/JavaScriptCore: Implements the activity triggered garbage collector. * runtime/GCActivityCallback.cpp: (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): (JSC::DefaultGCActivityCallback::scheduleTimer): (JSC::DefaultGCActivityCallback::cancelTimer): * runtime/GCActivityCallback.h: (GCActivityCallback): (DefaultGCActivityCallback): Source/WebCore: Implements the activity triggered garbage collector, and disables the timer based fallback. * bindings/js/GCController.cpp: (WebCore::GCController::GCController): (WebCore::GCController::garbageCollectSoon): * bindings/js/GCController.h: (GCController): Change-Id: Idd8f714e71871b3cc991f8d1866cdd271a47eff4 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141114 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* [Qt] Implement IncrementalSweeper and HeapTimerAllan Sandfeld Jensen2013-03-184-5/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=103996 Reviewed by Simon Hausmann. Implements the incremental sweeping garbage collection for the Qt platform. * heap/HeapTimer.cpp: (JSC::HeapTimer::HeapTimer): (JSC::HeapTimer::~HeapTimer): (JSC::HeapTimer::timerEvent): (JSC::HeapTimer::synchronize): (JSC::HeapTimer::invalidate): (JSC::HeapTimer::didStartVMShutdown): * heap/HeapTimer.h: (HeapTimer): * heap/IncrementalSweeper.cpp: (JSC::IncrementalSweeper::IncrementalSweeper): (JSC::IncrementalSweeper::scheduleTimer): * heap/IncrementalSweeper.h: (IncrementalSweeper): Change-Id: I47b874c050e08519cf5e3ed5a98a98ac8785971f git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141089 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Fix massive parallel buildshausmann@webkit.org2013-03-012-2/+18
| | | | | | | | | | | | | | | Reviewed by Tor Arne Vestbø. There exists a race condition that LLIntDesiredOffsets.h is written to by two parllel instances of the ruby script. This patch ensures that similar to the output file, the generated file is also prefixed according to the build configuration. * LLIntOffsetsExtractor.pro: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144168 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: Ibf60cf455c342fce5a4244aba788a2ad8e18e136 Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
* Restrictions on oversize CopiedBlock allocations should be relaxedMark Hahnenberg2013-02-0610-27/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=105339 Reviewed by Filip Pizlo. Currently the DFG has a single branch in the inline allocation path for property/array storage where it checks to see if the number of bytes requested will fit in the current block. This does not match what the C++ allocation path does; it checks if the requested number of bytes is oversize, and then if it's not, it tries to fit it in the current block. The garbage collector assumes that ALL allocations that are greater than 16KB are in oversize blocks. Therefore, this mismatch can lead to crashes when the collector tries to perform some operation on a CopiedBlock. To avoid adding an extra branch to the inline allocation path in the JIT, we should make it so that oversize blocks are allocated on the same alignment boundaries so that there is a single mask to find the block header of any CopiedBlock (rather than two, one for normal and one for oversize blocks), and we should figure out if a block is oversize by some other method than just whatever the JSObject says it is. One way we could record this info Region of the block, since we allocate a one-off Region for oversize blocks. * heap/BlockAllocator.h: (JSC::Region::isCustomSize): (Region): (JSC::Region::createCustomSize): (JSC::Region::Region): (JSC::BlockAllocator::deallocateCustomSize): * heap/CopiedBlock.h: (CopiedBlock): (JSC::CopiedBlock::isOversize): (JSC): * heap/CopiedSpace.cpp: (JSC::CopiedSpace::tryAllocateOversize): (JSC::CopiedSpace::tryReallocate): (JSC::CopiedSpace::tryReallocateOversize): * heap/CopiedSpace.h: (CopiedSpace): * heap/CopiedSpaceInlines.h: (JSC::CopiedSpace::contains): (JSC::CopiedSpace::tryAllocate): (JSC): * heap/CopyVisitor.h: (CopyVisitor): * heap/CopyVisitorInlines.h: (JSC::CopyVisitor::checkIfShouldCopy): (JSC::CopyVisitor::didCopy): * heap/SlotVisitorInlines.h: (JSC::SlotVisitor::copyLater): * runtime/JSObject.cpp: (JSC::JSObject::copyButterfly): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138067 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: Icebcfe83d82ace7c3e1db6a979306f604459c5ae Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Butterfly::growArrayRight shouldn't be called on null Butterfly objectsMark Hahnenberg2013-02-064-3/+33
| | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=105221 Reviewed by Filip Pizlo. Currently we depend upon the fact that Butterfly::growArrayRight works with null Butterfly objects purely by coincidence. We should add a new static function that null checks the old Butterfly object and creates a new one if it's null, or calls growArrayRight if it isn't for use in the couple of places in JSObject that expect such behavior to work. * runtime/Butterfly.h: (Butterfly): * runtime/ButterflyInlines.h: (JSC::Butterfly::createOrGrowArrayRight): (JSC): * runtime/JSObject.cpp: (JSC::JSObject::createInitialIndexedStorage): (JSC::JSObject::createArrayStorage): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137961 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I643bc988f3e25b6f05be4e99f19fd2dc609152e4 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* [MinGW-w64] Centralize workaround for pow() implementationhausmann@webkit.org2013-01-102-16/+13
| | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=105925 Reviewed by Sam Weinig. As suggested by Sam, move the MinGW-w64 workaround into MathExtras.h away from the JSC usage. Source/JavaScriptCore: * runtime/MathObject.cpp: (JSC::mathPow): Source/WTF: * wtf/MathExtras.h: (wtf_pow): Change-Id: I49b2365baae6fdd9700667d1ef53c78bd70f6de3 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138705 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Fix undefined reference to JSC::JSCell::classInfo with MinGW-w64Jonathan Liu2012-12-172-37/+31
| | | | | | | | | | | | | | | | JSC::JSCell::classInfo is defined inline in JSDestructibleObject.h but not all the classes that that inherit directly from JSCell include JSDestructibleObject.h. Move JSC::JSCell::classInfo from JSDestructibleObject.h into JSObject.h to resolve the undefined reference errors when compiling with MinGW-w64. JSDestructibleObject.h is already removed upstream in SVN r128851 but the commit has a lot of other changes which don't apply cleanly. Task-number: QTBUG-27764 Change-Id: I75b13c93dd13a346e672ca76fd7b23a616653a79 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com> Reviewed-by: Alexey Pavlov <alexey.pawlow@gmail.com>
* Fix Math.pow implementation with MinGW-w64Jonathan Liu2012-12-172-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=105087 Patch by Jonathan Liu <net147@gmail.com> on 2012-12-17 Reviewed by Simon Hausmann. The MinGW-w64 runtime has different behaviour for pow() compared to other C runtimes. This results in the following test262 tests failing with the latest MinGW-w64 runtime: - S15.8.2.13_A14 - S15.8.2.13_A16 - S15.8.2.13_A20 - S15.8.2.13_A22 Handle the special cases that are different with MinGW-w64. * runtime/MathObject.cpp: (JSC::mathPow): Change-Id: Ifad1aa24ac36f2d452e9166a4298525793597da3 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137895 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* delete dead include pathsOswald Buddenhagen2012-12-111-1/+0
| | | | | | | followup to https://bugs.webkit.org/show_bug.cgi?id=93446 Change-Id: Iff703e528d3bafc3fcc1c1df323d3fd5d98f342a Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Add missing forward declaration for JSC::ArrayAllocationProfilecommit-queue2012-12-102-0/+15
| | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104425 Patch by Jonathan Liu <net147@gmail.com> on 2012-12-07 Reviewed by Kentaro Hara. The header for the JSC::ArrayConstructor class is missing a forward declaration for the JSC::ArrayAllocationProfile class which causes compilation to fail when compiling with MinGW-w64. * runtime/ArrayConstructor.h: (JSC): Change-Id: I33fc793e8af6be1445262fb2000157f8df1addf1 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137017 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Add missing const qualifier to JSC::CodeBlock::getJITType()commit-queue2012-12-102-1/+14
| | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104424 Patch by Jonathan Liu <net147@gmail.com> on 2012-12-07 Reviewed by Laszlo Gombos. JSC::CodeBlock::getJITType() has the const qualifier when JIT is enabled but is missing the const qualifier when JIT is disabled. * bytecode/CodeBlock.h: (JSC::CodeBlock::getJITType): Change-Id: I4ef9d10a536aa3094c9e814ee6bcbe1bf120829e git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137010 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Re-enable LLInt on mac with the proper fixPierre Rossi2012-12-015-32/+36
| | | | | | | | Also update the Changelog for the PluginProcess change to try and be in line with what happened in trunk. Change-Id: I50445af940080abcab523b158d90af4f012f812f Reviewed-by: Pierre Rossi <pierre.rossi@gmail.com>
* Disable LLInt on Mac as a temporary measure.Pierre Rossi2012-11-303-24/+32
| | | | | | | We can always enable it again a later point: it's just an implementation detail. Change-Id: If6035369a193f35efde77826acb658dc6409d157 Reviewed-by: Pierre Rossi <pierre.rossi@gmail.com>
* Crash in conversion of empty OpaqueJSString to IdentifierSimon Hausmann2012-11-302-2/+19
| | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=101867 Patch by Allan Sandfeld Jensen <allan.jensen@digia.com> on 2012-11-30 Reviewed by NOBODY (OOPS!). The constructor call used for both null and empty OpaqueJSStrings results in an assertion voilation and crash. This patch instead uses the Identifier constructors which are specifically for null and empty Identifier. * API/OpaqueJSString.cpp: (OpaqueJSString::identifier): Change-Id: Ia685336d1310be99425d1f80ec29ed0020084061 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit 6a4a1d32e1d779548c726c4826cba9d69eb87601 ↵Simon Hausmann2012-11-3040-203/+1028
| | | | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@136242) Final import for the Qt 5.x series that implements the QtWebKit / QtWebKitWidgets split Extra fixes will be cherry-picked. Change-Id: I844f1ebb99c6d6b75db31d6538c2acd628e79681 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit c60cfe0fc09efd257aa0111d7b133b02deb8a63e ↵Simon Hausmann2012-11-2958-1007/+1816
| | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@136119) New snapshot that includes the fix for installing the QtWebProcess into libexec Change-Id: I01344e079cbdac5678c4cba6ffcc05f4597cf0d7 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit 76dac539db7ece7079963adfcfe878d8e2f7d861 ↵Simon Hausmann2012-11-2616-50/+152
| | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@135696) New snapshot that fixes build after QMacStyle removal Change-Id: Idea95c96c73b49158d52861db2a4b8d2c51766b0 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit 8eb048315f36fa33731f28694630fe4a3c2cbc99 ↵Simon Hausmann2012-11-235-19/+323
| | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@135602) New snapshot that fixes various bugs Change-Id: Icb6ce541a26a9f500d087821ce4b83a8d8a5474a Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit e89504fa9195b2063b2530961d4b73dd08de3242 ↵Simon Hausmann2012-11-22220-2628/+9873
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@135485) Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* [Qt] Fix the LLINT build from ARMv7 platformCsaba Osztrogonác2012-11-093-3/+15
| | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=101712 Reviewed by Simon Hausmann. Enable generating of LLIntAssembly.h on ARM platforms. * DerivedSources.pri: * JavaScriptCore.pro: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@134025 268f45cc-cd09-0410-ab3c-d52691b4dbfc
* Imported WebKit commit e2c32e2f53e02d388e70b9db88b91d8d9d28fc84 ↵Simon Hausmann2012-11-09122-4927/+1173
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@133952) Revert back to an older snapshot that should build on ARM
* Imported WebKit commit 7bcdfab9a40db7d16b4b95bb77d78b8a59c9e701 ↵Simon Hausmann2012-11-09131-1332/+5175
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@134025) New snapshot with numerious build fixes, including MSVC 2012 and ARM Thumb-2.
* Imported WebKit commit 20271caf2e2c016d5cef40184cddeefeac4f1876 ↵Simon Hausmann2012-11-07147-4838/+7895
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@133733) New snapshot that contains all previous fixes as well as build fix for latest QtMultimedia API changes.
* [Qt] Fix build on Windows when Qt is configured with -releaseSimon Hausmann2012-11-022-1/+21
| | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=101041 Reviewed by Jocelyn Turcotte. When Qt is configured with -debug or -release, the release/debug build of for example QtCore is not available by default. For LLIntExtractor we always need to build debug _and_ release versions, but we do not actually need any Qt libraries nor qtmain(d).lib. Therefore we can disable all these features but need to keep $$QT.core.includes in the INCLUDEPATH for some defines from qglobal.h. * LLIntOffsetsExtractor.pro:
* [Qt] Fix the LLInt build on WindowsSimon Hausmann2012-10-255-10/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=97648 Reviewed by NOBODY (OOPS!). Source/JavaScriptCore: The main change for the port on Windows is changing the way offsets are extracted and the LLIntAssembly.h is generated to accomodate release and debug configurations. Firstly the LLIntOffsetsExtractor binary is now built as-is (no DESTDIR set) and placed into debug\LLIntOffsetsExtractor.exe and release\LLIntOffsetsExtractor.exe on Windows debug_and_release builds. On other patforms it remainds in the regular out directory. Secondly the LLIntAssembly.h files must be different for different build types, so the LLIntAssembly.h generator in DerivedSources.pri operates no on the extractor binary files as input. Using a simple exists() check we verify the presence of either a regular, a debug\LLIntOffsetsExtractor and a release\LLIntOffsetsExtractor binary and process all of them. The resulting assembly files consequently end up in generated\debug\LLIntAssembly.h and generated\release\LLIntAssembly.h. In Target.pri we have to also make sure that those directories are in the include path according to the release or debug configuration. Lastly a small tweak in the LLIntOffsetsExtractor build was needed to make sure that we include JavaScriptCore/config.h instead of WTF/config.h, required to fix the build issues originally pasted in bug #97648. * DerivedSources.pri: * JavaScriptCore.pro: * LLIntOffsetsExtractor.pro: * Target.pri: Tools: Added EXEEXT variable - similar to automake - that expands to .exe as suffix for executable programs on Windows. Empty otherwise. * qmake/mkspecs/features/default_pre.prf:
* [WIN] Make LLInt offsets extractor work on WindowsSimon Hausmann2012-10-252-1/+14
| | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=100369 Reviewed by NOBODY (OOPS!). Open the input file explicitly in binary mode to prevent ruby/Windows from thinking that it's a text mode file that needs even new line conversions. The binary mode parameter is ignored on other platforms. * offlineasm/offsets.rb:
* 2012-10-25 Simon Hausmann <simon.hausmann@digia.com>Simon Hausmann2012-10-251-2/+4
| | | | | | | | | | | | LLInt C_Loop build is broken https://bugs.webkit.org/show_bug.cgi?id=100364 Reviewed by NOBODY (OOPS!). Workaround for gotos that don't compile in the c-loop back-end as well as without computed gotos. * llint/LowLevelInterpreter.asm:
* Imported WebKit commit 20434eb8eb95065803473139d8794e98a7672f75 ↵Simon Hausmann2012-10-2330-365/+967
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@132191) New snapshot that should fix build with latest qtbase and the QPlastiqueStyle removal
* Imported WebKit commit 302e7806bff028bd1167a1ec7c86a1ee00ecfb49 ↵Simon Hausmann2012-10-2295-3251/+5198
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@132067) New snapshot that fixes build without QtWidgets
* Imported WebKit commit 795dcd25a9649fccaf1c9b685f6e2ffedaf7e620 ↵Simon Hausmann2012-10-1832-84/+1066
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@131718) New snapshot that includes the return of -fkeep-memory at link time to reduce memory pressure as well as modularized documentation
* Imported WebKit commit cf4f8fc6f19b0629f51860cb2d4b25e139d07e00 ↵Simon Hausmann2012-10-17257-23290/+32243
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@131592) New snapshot that includes the build fixes for Mac OS X 10.6 and earlier as well as the previously cherry-picked changes
View Lorry Controller Status