| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Fixes building qtwebkit with MSVC 2015
Change-Id: I94b085ab822b3cdfa911814467e051c11c93d79e
Task-number: QTBUG-46344
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@theqtcompany.com>
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugs.webkit.org/show_bug.cgi?id=119504
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg and Oliver Hunt.
Don't do the optimization for strict mode.
* dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
(JSC::DFG::ArgumentsSimplificationPhase::pruneObviousArgumentCreations):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154217 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Change-Id: I68037df21deaa964ff18c4f168f465c2600627f7
Reviewed-by: Julien Brianceau <jbriance@cisco.com>
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
|
| |
|
|
|
|
|
|
|
|
| |
While verifying predictions in prepareOSREntry, locals could lay
outside the stack in some cases. So we shouldn't retrieve jsValue
from locals when we don't have to.
Task-number: QTBUG-45299
Change-Id: I70003170348887128e11360fb501b69647194172
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugs.webkit.org/show_bug.cgi?id=119458
Reviewed by Mark Hahnenberg.
Make sure that we report the correct type possibilities for the output
from ToPrimitive
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153674 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Change-Id: I85d91598088ead350c89c4a9cc28a2bd866a2d22
Task-number: QTBUG-44912
Reviewed-by: Julien Brianceau <jbriance@cisco.com>
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A non-inline template needs to be explicitly instantiated if used
outside the object where it is declared.
Patch suggested by Khem Raj.
Task-number: QTBUG-44829
Change-Id: Ib0adbd9273bd1cef01e5863bc8aaa9c373022792
Reviewed-by: Andras Becsi <andras.becsi@theqtcompany.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When parsing JSON temporary JIT objects are created when resolving each
id. Each of these get a list of labels initialized to the size of the
codeblock being operated on, which can be very long in some cases.
This patch delays the initialization of the label vector, until it is
actually used which is easy to figure out since the vector is not
exported outside the class.
Task-number: QTBUG-44475
Change-Id: I4fdbb7de7e7d953fffed39e38feed066edb6742b
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
|
| |
|
|
|
|
| |
Task-number: QTBUG-33692
Change-Id: I9f0bd6411e42b7ca06710dd47e3bcae4d2605c81
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since the x86-64 assembler generator depends on jumps being expressable
as 32bit offsets we need to use the fixed size executable allocator and
not the on demand allocator. This patch removes its exclusion from being
used on Windows.
Task-number: QTBUG-42417
Change-Id: Ie6b127e9b4291869566fd99cc7efe05b566c8e66
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| |\
| |
| |
| | |
Change-Id: I11f35f205d2ded597d54650a948bec3e1e52b419
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The browser demo asserts on qt-project.org after the makerope security
fix.
Port of http://trac.webkit.org/changeset/169397
Change-Id: I19c98737735d9b17133742752928d4ce6349de13
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use the GCC feature defines to check for support for ARMv6 style
unaligned access support. This fixes configurations where it was
disabled and the ARMv6-M processors where it is not supported.
Change-Id: I00c9bb19ba582b64ecb9eaa6da9887ba0df8fd3c
Reviewed-by: Julien Brianceau <jbriance@cisco.com>
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We can get rid of an ifdef in LowLevelInterpreter by reusing logic
from InlineAsm.h. This also fixes ARM_TRADITIONAL when forced on when
thumb2 is available to the compiler.
Change-Id: Iac5ad22a4a41757fa03c3cbc2e8f68e44d085bae
Reviewed-by: Julien Brianceau <jbriance@cisco.com>
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Pretend VFP doesn't exist when the ABI forbids floating
point instructions.
Task-number: QTBUG-38371
Change-Id: Id0552201e6bf98812198c0028e2c85107e967a81
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| | |
| |
| |
| |
| |
| |
| | |
A recent patch fixing QNX on x86 forgot to also pop the pragma it set.
Change-Id: I9834c0b57a4409e8e80c29899e6f3989607fe22f
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Derived classes on Windows x64 are 64bit aligned placing the m_size
property of Vector slightly differently than on other platforms.
Change-Id: I186de5ea200abfbdd3bdf7502f3f427cb6890f3c
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| |\ \
| |/
| |
| | |
Change-Id: I509f0440296df39aece8133382aacc43a4e05f99
|
| | |
| |
| |
| |
| |
| |
| | |
sh4 implementation has been taken from WebKit r173222.
Change-Id: I1c188e88e9fd8772f97cac94d7ee31945b538b71
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::branchAdd32):
Change-Id: I919df8301e69cca630f475afcc0c4311d713f10e
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@167565 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::branchAdd32):
Change-Id: Ia16f8dce00ce660cf5f7b9eb1c3496e08cbdb603
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@167354 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=130684
<rdar://problem/16398388>
Reviewed by Oliver Hunt.
Add string length bounds checks in a bunch of places. We should never allow a string
to have a length greater than 2^31-1 because it's not clear that the language has
semantics for it and because there is code that assumes that this cannot happen.
Also add a bunch of tests to that effect to cover the various ways in which this was
previously allowed to happen.
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileMakeRope):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileMakeRope):
* runtime/JSString.cpp:
(JSC::JSRopeString::RopeBuilder::expand):
* runtime/JSString.h:
(JSC::JSString::create):
(JSC::JSRopeString::RopeBuilder::append):
(JSC::JSRopeString::RopeBuilder::release):
(JSC::JSRopeString::append):
* runtime/Operations.h:
(JSC::jsString):
(JSC::jsStringFromRegisterArray):
(JSC::jsStringFromArguments):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):
* tests/stress/make-large-string-jit-strcat.js: Added.
(foo):
* tests/stress/make-large-string-jit.js: Added.
(foo):
* tests/stress/make-large-string-strcat.js: Added.
* tests/stress/make-large-string.js: Added.
Change-Id: If01dd2a2d2daa3d209eddf0213d2b391e94f54a0
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@167336 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Callee and ScopeChain are JSObject pointers and saved in the 64bit
structure for JS registers. On a 32bit big-endian machine the actual
pointer is offset by the PayloadOffset of 4 bytes, but on little-endian
and 64bit architectures there is no offset.
This patch fixes four places the payloadOffset was not correctly added
on 32bit big-endian, and six places it was added on 64big big-endian
when it shouldn't.
Task-number: QTBUG-41896
Change-Id: I46b474bee9822b8040d1b7b2e8f31ce42e0adefe
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When an identifier is made from an empty string, the constructor still
tries accessing the first character to populate a cache. This leads to
access of uninitialized data, and wrong data in the cache. This causes
no wrong behavior though except unuseful data in the cache.
Change-Id: Ice9f10b08306799b160f8b95b76bd056f29d228d
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
A default cache-entry has a null String and an uninitialized key. We
should therefore only try to use the key if the String is not null.
Change-Id: Icd6819b96b9b650305cf0611b6b2978c07dc9196
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
if it sees a hole
https://bugs.webkit.org/show_bug.cgi?id=121717
Reviewed by Oliver Hunt.
Source/JavaScriptCore:
This bug caused the array to become corrupted. We now check for holes before we start moving things,
and start moving things only once we've determined that there are none.
* runtime/JSArray.cpp:
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithAnyIndexingType):
Change-Id: I9948bfa2c9b4a345076f7f2b4e50a566f521b6fe
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156214 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=120015
Reviewed by Sam Weinig.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateCell): Added checks for spillFormat being
DataFormatInteger or DataFormatDouble similar to what is in the 64 bit code and in
all versions of fillSpeculateBoolean().
Change-Id: I4de21707f00c1538b82b9bee6b2acc2903611983
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
corruption
Reviewed by Oliver Hunt.
When we flatten an object in dictionary mode, we compact its properties. If the object
had out-of-line storage in the form of a Butterfly prior to this compaction, and after
compaction its properties fit inline, the object's Structure "forgets" that the object
has a non-zero Butterfly pointer. During GC, we check the Butterfly and reportLiveBytes
with bytes = 0, which causes all sorts of badness in CopiedSpace.
Instead, after we flatten a dictionary, if properties fit inline we should clear the
Butterfly pointer so that the GC doesn't get confused later.
This patch does this clearing, and it also adds JSObject::checkStructure, which overrides
JSCell::checkStructure to add an ASSERT that makes sure that the Structure being assigned
agrees with the whether or not the object has a Butterfly. Also added an ASSERT to check
that the number of bytes reported to SlotVisitor::copyLater is non-zero.
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::copyLater):
* runtime/JSObject.cpp:
(JSC::JSObject::notifyPresenceOfIndexedAccessors):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToContiguous):
(JSC::JSObject::genericConvertDoubleToContiguous):
(JSC::JSObject::switchToSlowPutArrayStorage):
(JSC::JSObject::setPrototype):
(JSC::JSObject::putDirectAccessor):
(JSC::JSObject::seal):
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::reifyStaticFunctionsForDelete):
(JSC::JSObject::removeDirect):
* runtime/JSObject.h:
(JSC::JSObject::setButterfly):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::setStructure):
(JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
* runtime/Structure.cpp:
(JSC::Structure::flattenDictionaryStructure):
Change-Id: Idfd8c22555f4373c1104316ff1ee28f5f84ef083
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154366 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
"wrong!", shouldn't!
https://bugs.webkit.org/show_bug.cgi?id=123179
Reviewed by Mark Hahnenberg.
Source/JavaScriptCore:
* parser/NodeConstructors.h:
(JSC::LogicalOpNode::LogicalOpNode):
* parser/ResultType.h:
(JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
This is JavaScript (aka Sparta).
LayoutTests:
* js/dom/branch-fold-correctness.html: Added a test for this case.
Change-Id: I72f81f31d88dee306428dd5eab9d40fcec009042
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157830 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=119155
Reviewed by Andreas Kling.
Scope nodes are always objects, so we should be using SpecObjectOther
rather than SpecCellOther. Marking Scopes as CellOther leads to a
contradiction in the CFA, resulting in bogus codegen.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
Change-Id: Ic083c04b9351c904ea4b5ee41bcc98c7d66d757d
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153410 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=120033
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
If PutClosureVar is may-aliased to another PutClosureVar or GetClosureVar
then we should bail attempts to CSE.
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::scopedVarLoadElimination):
(JSC::DFG::CSEPhase::scopedVarStoreElimination):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154344 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Task-number: QTBUG-41500
Change-Id: Ia6bd7b09b20a99d5f4b5a14bf58737bc4b8c6a2b
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=121439
Patch by Balazs Kilvady <kilvadyb@homejinni.com> on 2013-09-16
Reviewed by Geoffrey Garen.
Missing implementations of setupArgumentsWithExecState added.
Change-Id: Ief1b1505d6c20b091ae0fcc24d7c21f50fcc712a
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155884 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=121287
Reviewed by Geoffrey Garen.
Change-Id: I03c086a652b501c5424a6de6763fed1c88466e3a
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155705 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=117281
Patch by Youngho Yoo <youngho33.yoo@lge.com> on 2013-09-13
Reviewed by Michael Saboff.
Fix the missing EABI_32BIT_DUMMY_ARG in FPRReg using callOperation function.
Change-Id: I77e7e7a37ada9d33574949220d109e8b5f2392b2
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155675 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix method now available in QNX 6.6, lack of std::move even
with C++11 enabled, binary structure of stack frames on
QNX x86 and the wrongly advertised existence of MADV_FREE and
MADV_REUSE.
Change-Id: I0dacbd19ed932ec6b3b2cc1d625a347e169615a5
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Address loads used with btbxx opcodes were wrongly converted to lw instruction
instead of lbu, leading to unaligned access on mips platforms.
Change-Id: I7b14aa40215affe582bcadade2f783769a97a7d3
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This patch improves YarrJIT efficiency on mips platforms.
SunSpider's regexp-dna test can be used to monitor performance impact.
Change-Id: I28d99fb01628bc72f29c120caf8bc53c5d06e3ff
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=136340
Reviewed by Mark Hahnenberg.
Change-Id: I20483be1225d674160bbdab183bc52121fe4411c
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@173062 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://bugs.webkit.org/show_bug.cgi?id=136287
Reviewed by Michael Saboff.
For specific architectures (arm and mips for instance), or32() calls
with 3 parameters are likely to produce a single instruction.
Change-Id: I1c56f5b8229dd2d82d96c56cb10b1ac8dc9ba0b0
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@173006 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Patch taken from https://bugs.webkit.org/show_bug.cgi?id=125920
Change-Id: I6583ea37e00f4dff80971bd44906936229540171
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |/
|
|
|
|
|
| |
Added MIPS integer divide path for ArithDiv and ArithMod where operands and results are integer.
Change-Id: I00d5b58e6e0be39f083676fb0c435b3545d3aca1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://webkit.org/b/119860
Reviewed by Filip Pizlo.
Add an "Unreachable" NodeType, and then rearrange op_throw and op_throw_reference_error
to plant Throw or ThrowReferenceError followed by a flush and then the Unreachable node.
We need this so that Throw and ThrowReferenceError no longer need to be treated as
terminals and the subsequent flush keeps the activation (and other registers) live.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::isTerminal):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
Change-Id: Idb894e780cd3ebe15515d1796c58a339ae54d55f
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154290 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| |
|
|
|
|
|
|
|
|
| |
Minimum API version is 9, which already defines this struct in elf.h
Also see qtscript/49ab1bd9838dc3c069be780ff6d69a2543c06ed6 which does
the same thing there.
Change-Id: Ia56f8399156a93edc569e7bb982bd7186a16a445
Reviewed-by: BogDan Vatra <bogdan@kde.org>
|
| |
|
|
|
|
|
|
|
|
| |
Original patch by Filip Pizlo <fpizlo@apple.com> on 2013-08-28
taken from WebKit r154804 (http://trac.webkit.org/changeset/154804).
Task-number: QTBUG-39768
Change-Id: I239f2ee2ec5d1c21f7e50709b8989e744fd87995
Reviewed-by: Zhang Zengbo <zengbo.zhang@gmail.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
| |
Change-Id: I8b03fb0380fa444a6da239d8ddb19bdbe6b3d061
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
|
|
|
| |
This fix is not relevant for x86 architectures.
Covered by integer-division-neg2tothe32-by-neg1 JavaScript test.
Change-Id: I8ffd1280063305bc98c564f5df57c76cc5b1d7a6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
|
|
| |
Test dfg-uint32array-overflow-values fails without this patch.
Change-Id: Ia186ab5c3fbc19fd7621f5cc60678b82a6424641
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugs.webkit.org/show_bug.cgi?id=118662.
Reviewed by Oliver Hunt.
Source/JavaScriptCore:
r152494 added the recording of lineStart values for divot positions.
This is needed for the computation of column numbers. Similarly, it also
added the recording of line numbers for the divot positions. One problem
with the approach taken was that the line and lineStart values were
recorded independently, and hence were not always guaranteed to be
sampled at the same place that the divot position is recorded. This
resulted in potential mismatches that cause some assertions to fail.
The solution is to introduce a JSTextPosition abstraction that records
the divot position, line, and lineStart as a single quantity. Wherever
we record the divot position as an unsigned int previously, we now record
its JSTextPosition which captures all 3 values in one go. This ensures
that the captured line and lineStart will always match the captured divot
position.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallEval):
(JSC::BytecodeGenerator::emitCallVarargs):
(JSC::BytecodeGenerator::emitConstruct):
(JSC::BytecodeGenerator::emitDebugHook):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitExpressionInfo):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* bytecompiler/NodesCodegen.cpp:
(JSC::ThrowableExpressionData::emitThrowReferenceError):
(JSC::ResolveNode::emitBytecode):
(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::NewExprNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::FunctionCallBracketNode::emitBytecode):
(JSC::FunctionCallDotNode::emitBytecode):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::PostfixNode::emitBracket):
(JSC::PostfixNode::emitDot):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::DeleteBracketNode::emitBytecode):
(JSC::DeleteDotNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::PrefixNode::emitBracket):
(JSC::PrefixNode::emitDot):
(JSC::UnaryOpNode::emitBytecode):
(JSC::BinaryOpNode::emitStrcat):
(JSC::BinaryOpNode::emitBytecode):
(JSC::ThrowableBinaryOpNode::emitBytecode):
(JSC::InstanceOfNode::emitBytecode):
(JSC::emitReadModifyAssignment):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::AssignDotNode::emitBytecode):
(JSC::ReadModifyDotNode::emitBytecode):
(JSC::AssignBracketNode::emitBytecode):
(JSC::ReadModifyBracketNode::emitBytecode):
(JSC::ForInNode::emitBytecode):
(JSC::WithNode::emitBytecode):
(JSC::ThrowNode::emitBytecode):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* parser/ASTBuilder.h:
- Replaced ASTBuilder::PositionInfo with JSTextPosition.
(JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo):
(JSC::ASTBuilder::AssignmentInfo::AssignmentInfo):
(JSC::ASTBuilder::createResolve):
(JSC::ASTBuilder::createBracketAccess):
(JSC::ASTBuilder::createDotAccess):
(JSC::ASTBuilder::createRegExp):
(JSC::ASTBuilder::createNewExpr):
(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createExprStatement):
(JSC::ASTBuilder::createForInLoop):
(JSC::ASTBuilder::createReturnStatement):
(JSC::ASTBuilder::createBreakStatement):
(JSC::ASTBuilder::createContinueStatement):
(JSC::ASTBuilder::createLabelStatement):
(JSC::ASTBuilder::createWithStatement):
(JSC::ASTBuilder::createThrowStatement):
(JSC::ASTBuilder::appendBinaryExpressionInfo):
(JSC::ASTBuilder::appendUnaryToken):
(JSC::ASTBuilder::unaryTokenStackLastStart):
(JSC::ASTBuilder::assignmentStackAppend):
(JSC::ASTBuilder::createAssignment):
(JSC::ASTBuilder::setExceptionLocation):
(JSC::ASTBuilder::makeDeleteNode):
(JSC::ASTBuilder::makeFunctionCallNode):
(JSC::ASTBuilder::makeBinaryNode):
(JSC::ASTBuilder::makeAssignNode):
(JSC::ASTBuilder::makePrefixNode):
(JSC::ASTBuilder::makePostfixNode):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* parser/Lexer.cpp:
(JSC::::lex):
- Added support for capturing the appropriate JSTextPositions instead
of just the character offset.
* parser/Lexer.h:
(JSC::Lexer::currentPosition):
(JSC::::lexExpectIdentifier):
- Added support for capturing the appropriate JSTextPositions instead
of just the character offset.
* parser/NodeConstructors.h:
(JSC::Node::Node):
(JSC::ResolveNode::ResolveNode):
(JSC::EvalFunctionCallNode::EvalFunctionCallNode):
(JSC::FunctionCallValueNode::FunctionCallValueNode):
(JSC::FunctionCallResolveNode::FunctionCallResolveNode):
(JSC::FunctionCallBracketNode::FunctionCallBracketNode):
(JSC::FunctionCallDotNode::FunctionCallDotNode):
(JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
(JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
(JSC::PostfixNode::PostfixNode):
(JSC::DeleteResolveNode::DeleteResolveNode):
(JSC::DeleteBracketNode::DeleteBracketNode):
(JSC::DeleteDotNode::DeleteDotNode):
(JSC::PrefixNode::PrefixNode):
(JSC::ReadModifyResolveNode::ReadModifyResolveNode):
(JSC::ReadModifyBracketNode::ReadModifyBracketNode):
(JSC::AssignBracketNode::AssignBracketNode):
(JSC::AssignDotNode::AssignDotNode):
(JSC::ReadModifyDotNode::ReadModifyDotNode):
(JSC::AssignErrorNode::AssignErrorNode):
(JSC::WithNode::WithNode):
(JSC::ForInNode::ForInNode):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* parser/Nodes.cpp:
(JSC::StatementNode::setLoc):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* parser/Nodes.h:
(JSC::Node::lineNo):
(JSC::Node::startOffset):
(JSC::Node::lineStartOffset):
(JSC::Node::position):
(JSC::ThrowableExpressionData::ThrowableExpressionData):
(JSC::ThrowableExpressionData::setExceptionSourceCode):
(JSC::ThrowableExpressionData::divot):
(JSC::ThrowableExpressionData::divotStart):
(JSC::ThrowableExpressionData::divotEnd):
(JSC::ThrowableSubExpressionData::ThrowableSubExpressionData):
(JSC::ThrowableSubExpressionData::setSubexpressionInfo):
(JSC::ThrowableSubExpressionData::subexpressionDivot):
(JSC::ThrowableSubExpressionData::subexpressionStart):
(JSC::ThrowableSubExpressionData::subexpressionEnd):
(JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData):
(JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo):
(JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot):
(JSC::ThrowablePrefixedSubExpressionData::subexpressionStart):
(JSC::ThrowablePrefixedSubExpressionData::subexpressionEnd):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* parser/Parser.cpp:
(JSC::::Parser):
(JSC::::parseInner):
- Use JSTextPosition instead of passing line and lineStart explicitly.
(JSC::::didFinishParsing):
- Remove setting of m_lastLine value. We always pass in the value from
m_lastLine anyway. So, this assignment is effectively a nop.
(JSC::::parseVarDeclaration):
(JSC::::parseVarDeclarationList):
(JSC::::parseForStatement):
(JSC::::parseBreakStatement):
(JSC::::parseContinueStatement):
(JSC::::parseReturnStatement):
(JSC::::parseThrowStatement):
(JSC::::parseWithStatement):
(JSC::::parseTryStatement):
(JSC::::parseBlockStatement):
(JSC::::parseFunctionDeclaration):
(JSC::LabelInfo::LabelInfo):
(JSC::::parseExpressionOrLabelStatement):
(JSC::::parseExpressionStatement):
(JSC::::parseAssignmentExpression):
(JSC::::parseBinaryExpression):
(JSC::::parseProperty):
(JSC::::parsePrimaryExpression):
(JSC::::parseMemberExpression):
(JSC::::parseUnaryExpression):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* parser/Parser.h:
(JSC::Parser::next):
(JSC::Parser::nextExpectIdentifier):
(JSC::Parser::getToken):
(JSC::Parser::tokenStartPosition):
(JSC::Parser::tokenEndPosition):
(JSC::Parser::lastTokenEndPosition):
(JSC::::parse):
- Use JSTextPosition instead of passing line and lineStart explicitly.
* parser/ParserTokens.h:
(JSC::JSTextPosition::JSTextPosition):
(JSC::JSTextPosition::operator+):
(JSC::JSTextPosition::operator-):
(JSC::JSTextPosition::operator int):
- Added JSTextPosition.
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::makeFunctionCallNode):
(JSC::SyntaxChecker::makeAssignNode):
(JSC::SyntaxChecker::makePrefixNode):
(JSC::SyntaxChecker::makePostfixNode):
(JSC::SyntaxChecker::makeDeleteNode):
(JSC::SyntaxChecker::createResolve):
(JSC::SyntaxChecker::createBracketAccess):
(JSC::SyntaxChecker::createDotAccess):
(JSC::SyntaxChecker::createRegExp):
(JSC::SyntaxChecker::createNewExpr):
(JSC::SyntaxChecker::createAssignResolve):
(JSC::SyntaxChecker::createForInLoop):
(JSC::SyntaxChecker::createReturnStatement):
(JSC::SyntaxChecker::createBreakStatement):
(JSC::SyntaxChecker::createContinueStatement):
(JSC::SyntaxChecker::createWithStatement):
(JSC::SyntaxChecker::createLabelStatement):
(JSC::SyntaxChecker::createThrowStatement):
(JSC::SyntaxChecker::appendBinaryExpressionInfo):
(JSC::SyntaxChecker::operatorStackPop):
- Use JSTextPosition instead of passing line and lineStart explicitly.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153477 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Task-number: QTBUG-38708
Change-Id: Ic6a65e8915c634dffe76b7181b38d6be0ab4a45d
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
| |
|
|
|
|
|
|
| |
This patch fixes JavaScript issues for the mips backend, especially
in the DFG stage when using (x|0) expressions.
Change-Id: I4c7c7280735481dc06ca24745d2e42b2d8e13ef5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
|
|
|
| |
Fix warnings about C++11 violating syntax, unused variables in leveldb
and non anynomous classes deriving from anonymous ones.
Change-Id: I39326eed03fabe2856f1ea7c93eff65f30ee78ee
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| |
|
|
|
|
|
|
|
| |
ruby /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/offlineasm/asm.rb /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm LLIntOffsetsExtractor generated/LLIntOffsetsExtractor/LLIntAssembly.h
offlineasm: Parsing /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm and LLIntOffsetsExtractor and creating assembly file generated/LLIntOffsetsExtractor/LLIntAssembly.h.
Change-Id: If12f1476de74c3feeb5c6d6e2e115829e1106581
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
|
|
|
|
|
| |
Qmake now has new config optimize_full that replaces -O2 with -O3. We
should use that in QtWebKit instead of trying to do the same ourselves.
This makes clang now use -O3 like gcc does.
Change-Id: I3db6167833c579bdea941d3ad1b3636cbad62475
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
|
