summaryrefslogtreecommitdiff
path: root/Source/JavaScriptCore/ChangeLog
diff options
context:
space:
mode:
authorSimon Hausmann <simon.hausmann@nokia.com>2012-01-06 14:44:00 +0100
committerSimon Hausmann <simon.hausmann@nokia.com>2012-01-06 14:44:00 +0100
commit40736c5763bf61337c8c14e16d8587db021a87d4 (patch)
treeb17a9c00042ad89cb1308e2484491799aa14e9f8 /Source/JavaScriptCore/ChangeLog
downloadqtwebkit-40736c5763bf61337c8c14e16d8587db021a87d4.tar.gz
Imported WebKit commit 2ea9d364d0f6efa8fa64acf19f451504c59be0e4 (http://svn.webkit.org/repository/webkit/trunk@104285)
Diffstat (limited to 'Source/JavaScriptCore/ChangeLog')
-rw-r--r--Source/JavaScriptCore/ChangeLog50321
1 files changed, 50321 insertions, 0 deletions
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
new file mode 100644
index 000000000..8408f380c
--- /dev/null
+++ b/Source/JavaScriptCore/ChangeLog
@@ -0,0 +1,50321 @@
+2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Move listing of include paths and libs to pri files in sources
+
+ Includepaths are sometimes modified by non-Qt contributors so keeping
+ them in files inside Sources makes it more likely that they are updated
+ along with project files for the other ports.
+
+ Using pri files instead of prf files for this also has the benefit that
+ the include() from the main target file can be parsed and followed by
+ Qt Creator -- something that does not work with load().
+
+ Dependency from a target to a library through the WEBKIT variable are
+ handled through forwarding-files in Tools/qmake/mkspecs/modules, which
+ set the source root of the module and include the right pri file.
+
+ Ideally we'd use the variant of include() that takes an optional
+ namespace to read the variables into, or the fromfile() function,
+ but both of these add an overhead of about 40% on the total qmake
+ runtime, due to making a deep copy of all the variables in the
+ project or re-reading all the prf files from scratch.
+
+ Reviewed by Simon Hausmann.
+ Reviewed by Ossy.
+
+ * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf.
+ * Target.pri:
+ * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf.
+ * wtf/wtf.pro:
+
+2012-01-06 Hajime Morrita <morrita@chromium.org>
+
+ WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE
+ https://bugs.webkit.org/show_bug.cgi?id=75612
+
+ Reviewed by Kevin Ollivier.
+
+ * wtf/text/WTFString.h:
+ (WTF::String::findIgnoringCase):
+ (WTF::String::append):
+ (WTF::String::fromUTF8):
+ (WTF::String::fromUTF8WithLatin1Fallback):
+ (WTF::String::isHashTableDeletedValue):
+
+2012-01-05 Dan Bernstein <mitz@apple.com>
+
+ <rdar://problem/10633760> Update copyright strings
+
+ Reviewed by Mark Rowe.
+
+ * Info.plist:
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ Date constructor handles infinite values incorrectly.
+ https://bugs.webkit.org/show_bug.cgi?id=70998
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ - should be checking !finite rather then isnan.
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ date.toISOString produces incorrect results for dates with ms prior to 1970
+ https://bugs.webkit.org/show_bug.cgi?id=75684
+
+ Reviewed by Sam Weinig.
+
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToISOString):
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ Array.prototype.lastIndexOf ignores undefined fromIndex.
+ https://bugs.webkit.org/show_bug.cgi?id=75678
+
+ Reviewed by Sam Weinig.
+
+ array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x)
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncLastIndexOf):
+ - should check argumnet count, rather than checking agument value for undefined.
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ Date parsing is too restrictive.
+ https://bugs.webkit.org/show_bug.cgi?id=75671
+
+ Reviewed by Oliver Hunt.
+
+ ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15).
+ The spec allow a date to be date only, or date + time.
+
+ The date portion on the should match: (pseudocode!:)
+ [(+|-)YY]YYYY[-MM[-DD]]
+ though we are slightly more liberal (permitted by the spec), allowing:
+ [+|-]Y+[-MM[-DD]]
+ The time portion should match:
+ THH:mm[:ss[.sss]][Z|(+|-)HH:mm]
+ again we're slightly more liberal, allowing:
+ THH:mm[:ss[.s+]][Z|(+|-)HH:mm]
+
+ * wtf/DateMath.cpp:
+ (WTF::parseES5DatePortion):
+ - Month/day fields are optional, default to 01.
+ (WTF::parseES5TimePortion):
+ - Hours/Minutes are requires, seconds/timezone are optional.
+ (WTF::parseES5DateFromNullTerminatedCharacters):
+ - Dates may be date only, or date + time.
+
+2012-01-05 Bruno Dilly <bdilly@profusion.mobi>
+
+ [EFL] Undefined references to ICU_I18N symbols on WTF
+ https://bugs.webkit.org/show_bug.cgi?id=75642
+
+ Unreviewed build fix.
+
+ Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake.
+ Some undefined references were ucol_setAttribute_44, ucol_close_44,
+ ucol_getAttribute_44...
+
+ * wtf/PlatformEfl.cmake:
+
+2012-01-05 Geoffrey Garen <ggaren@apple.com>
+
+ Refined the fast path for StringImpl::hash()
+ https://bugs.webkit.org/show_bug.cgi?id=75178
+
+ Reviewed by Darin Adler.
+
+ Moved the hash calculation code into an out-of-line function to clean up
+ the hot path.
+
+ No measurable benchmark change, but this knocks some samples off in
+ Instruments, and I think this is a step toward removing -fomit-frame-pointer.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::hashSlowCase):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::hash): The patch.
+
+ * wtf/text/StringStatics.cpp:
+ (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build
+ scheme, which requires all out-of-line StringImpl functions used by
+ WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.)
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ Literal tab in JSONString fails
+ https://bugs.webkit.org/show_bug.cgi?id=71772
+
+ Reviewed by Oliver Hunt.
+
+ rfc4627 does not allow literal tab characters in JSON source.
+
+ * runtime/LiteralParser.cpp:
+ (JSC::isSafeStringCharacter):
+ - do not allow literal tab in StrictJSON mode.
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ push/shift fifo may consume excessive memory
+ https://bugs.webkit.org/show_bug.cgi?id=75610
+
+ Reviewed by Sam Weinig.
+
+ Array object commonly store data in a vector, consisting of a portion that is
+ in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
+ m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and
+ the current algorithm for increaseVectorLength (used by push, or [[Put]]) will
+ never shrink the pre-capacity, so a push/shift fifo may consume an inordinate
+ amount of memory, whilst having a relatively small active length.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::increaseVectorLength):
+ - If m_indexBias is non-zero, decay it over time.
+
+2012-01-05 Csaba Osztrogonác <ossy@webkit.org>
+
+ unshift/pop fifo may consume excessive memory
+ https://bugs.webkit.org/show_bug.cgi?id=75588
+
+ Reviewed by Zoltan Herczeg.
+
+ Buildfix after r104120.
+
+ * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true
+ (JSC::JSArray::unshiftCount):
+
+2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
+
+ Unreviewed gardening after r104134.
+
+ * wtf/Assertions.cpp:
+
+2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
+
+ Unreviewed gardening after r75605.
+
+ Rubber stamped by NOBODY Csaba Osztrogonác.
+
+ * wtf/Assertions.cpp:
+
+2012-01-05 Benjamin Poulain <benjamin@webkit.org>
+
+ Improve charactersAreAllASCII() to compare multiple characters at a time
+ https://bugs.webkit.org/show_bug.cgi?id=74063
+
+ Reviewed by Darin Adler.
+
+ A new header ASCIIFastPath.h contains the functions related to
+ the detection of ASCII by using machine words. Part of it comes from
+ WebCore's TextCodecASCIIFastPath.h.
+
+ The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h
+ and is implemented with computer word comparison.
+ The gain over the previous implementation of charactersAreAllASCII() is of
+ the order of how many comparison are avoided (4x, 8x, 16x depending on the
+ format and the CPU type).
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/text/ASCIIFastPath.h: Added.
+ (WTF::isAlignedToMachineWord):
+ (WTF::alignToMachineWord):
+ (WTF::isAllASCII):
+ (WTF::charactersAreAllASCII):
+ * wtf/text/WTFString.h:
+ * wtf/wtf.pro:
+
+2012-01-05 Mark Rowe <mrowe@apple.com>
+
+ <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL
+
+ We should always log to both ASL and stderr on platforms where this won't result in launchd
+ duplicating the messages.
+
+ Reviewed by Dan Bernstein.
+
+ * wtf/Assertions.cpp:
+ (vprintf_stderr_common):
+
+2012-01-05 Mark Rowe <mrowe@apple.com>
+
+ <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line
+
+ Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a
+ single line of text. This results in strangely formatted output if vprintf_stderr_common is
+ retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented
+ like stderr.
+
+ Reviewed by Dan Bernstein.
+
+ * wtf/Assertions.cpp:
+ (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format
+ string before handing it off to vprintf_stderr_common. This requires disabling warnings about
+ calling a printf-like function with a non-literal format string for this piece of code. It's
+ safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix.
+ (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the
+ given format string if one does not already exist. It requires the same treatment with regards
+ to the non-literal format string warning.
+ (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix.
+ (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common.
+ (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix.
+ (WTFReportError): Ditto.
+ (WTFLog): Switch to using vprintf_stderr_with_trailing_newline.
+ (WTFLogVerbose): Ditto.
+
+2012-01-04 Gavin Barraclough <barraclough@apple.com>
+
+ unshift/pop fifo may consume excessive memory
+ https://bugs.webkit.org/show_bug.cgi?id=75588
+
+ Reviewed by Sam Weinig.
+
+ The Array object commonly store data in a vector, consisting of a portion that
+ is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
+ m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the
+ current algorithm for increasePrefixVectorLength (used by unshift) will never
+ stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount
+ of memory, whilst having a relatively small active length.
+
+ * runtime/JSArray.cpp:
+ (JSC::storageSize):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
+ (JSC::SparseArrayValueMap::put):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
+ (JSC::JSArray::increaseVectorLength):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
+ (JSC::JSArray::unshiftCountSlowCase):
+ - renamed from increaseVectorPrefixLength (this was a bad name, since it
+ also moved the ArrayStorage header), rewritten.
+ (JSC::JSArray::shiftCount):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned
+ (JSC::JSArray::unshiftCount):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned,
+ increaseVectorPrefixLength renamed to unshiftCountSlowCase
+ (JSC::JSArray::sortNumeric):
+ * runtime/JSArray.h:
+ - Updated function declarations, m_indexBias should be unsigned.
+
+2012-01-04 Mark Rowe <mrowe@apple.com>
+
+ <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments
+
+ Since JSC::Arguments has an OwnPtr for a member it needs to override destroy
+ to ensure that the correct destructor is invoked. This is necessary because
+ JSCell subclasses all intentionally have non-virtual destructors.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::destroy):
+ * runtime/Arguments.h:
+
+2012-01-04 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, accidentally turned off the JIT in previous commit. Turning
+ it back on.
+
+ * wtf/Platform.h:
+
+2012-01-04 Filip Pizlo <fpizlo@apple.com>
+
+ Changed "return" to "break" in some macrology I introduced in
+ http://trac.webkit.org/changeset/104086. This is a benign change, as
+ "return" was technically correct for all uses of the macro.
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGGraph.cpp:
+ * wtf/Platform.h:
+
+2012-01-04 Michael Saboff <msaboff@apple.com>
+
+ StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset
+ https://bugs.webkit.org/show_bug.cgi?id=75583
+
+ Reviewed by Filip Pizlo.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding
+ StructureStubInfo and reset the appropriate JIT and
+ the StructureStubInfo itself when reseting a MethodCallLinkInfo.
+
+2012-01-04 Michael Saboff <msaboff@apple.com>
+
+ Invalid ASSERT() in DFGRepatch.cpp near line 385
+ https://bugs.webkit.org/show_bug.cgi?id=75584
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==.
+
+2012-01-04 Filip Pizlo <fpizlo@apple.com>
+
+ Incorrect use of DFG node reference counts when mutating the graph
+ https://bugs.webkit.org/show_bug.cgi?id=75580
+ <rdar://problem/10644607>
+
+ Reviewed by Oliver Hunt.
+
+ Made deref(node) follow the pattern of ref(node), which it should have
+ to begin with.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::refChildren):
+ (JSC::DFG::Graph::derefChildren):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::deref):
+ (JSC::DFG::Graph::clearAndDerefChild1):
+ (JSC::DFG::Graph::clearAndDerefChild2):
+ (JSC::DFG::Graph::clearAndDerefChild3):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::deref):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixupNode):
+
+2012-01-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies
+
+ The custom qmake variable 'WEBKIT' is used for signaling that a
+ target depends in some way on other subproject of the WebKit
+ project. For now this is limited to the set of intermediate
+ libraries: wtf, javascriptcore, webcore, and webkit2.
+
+ This replaces the previous convension of using load(foo) for
+ just include paths, and CONFIG += foo to also link against foo.
+
+ Adding a dependency results in additional include paths being
+ available, and potentially linking to the library. This is
+ decided by the build system based on conditions such as what
+ kind of target is being built and the general build config.
+
+ An advantage to his approach is that it simplifies the individual
+ foo.prf files, for example by allowing us to use INCLUDEPATH +=
+ and LIBS += as normal instead of prepending.
+
+ Reviewed by Simon Hausmann.
+
+ * Target.pri:
+ * jsc.pro:
+ * wtf/wtf.pro:
+
+2012-01-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong
+ https://bugs.webkit.org/show_bug.cgi?id=75516
+ <rdar://problem/10640266>
+
+ Reviewed by Gavin Barraclough.
+
+ Removed the offending assertion, since it was wrong. Also hardened the code to make
+ this case less likely by first having the propagator fixpoint converge, and then doing
+ double voting combined with a second fixpoint. This is neutral on benchmarks and
+ fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double
+ until we've converged to the conclusion that it really is double).
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagatePredictions):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
+
+2012-01-03 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds
+ https://bugs.webkit.org/show_bug.cgi?id=75303
+ <rdar://problem/10633533>
+
+ Reviewed by Gavin Barraclough.
+
+ The this argument was not being kept alive in some cases during inlining and intrinsic
+ optimizations.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::emitFunctionCheck):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75140
+
+ Reviewed by Sam Weinig.
+
+ Rewrite JSArray::putSlowCase to be much cleaner & simpler.
+
+ This rewrite only significantly changes behaviour for sparse array, specifically
+ in how sparse arrays are reified back to vector form. This does not affect arrays
+ with less than 10000 entries (since these always use a vector). The more common
+ cases of sparse array behavior (though large sparse arrays are rare) - arrays that
+ always remain sparse, and arrays that are filled in reverse sequential order -
+ should be just as fast or faster (since reification is simpler & no longer
+ requires map lookups) after these changes.
+
+ Simplifying this code allows all cases of putByIndex that need to grow the vector
+ to do so via increaseVectorLength, which means that this method can encapsulate
+ the policy of determining how the vector should be grown.
+
+ No performance impact.
+
+ * runtime/JSArray.cpp:
+ (JSC::isDenseEnoughForVector):
+ - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector.
+ (JSC::JSArray::putByIndex):
+ - simplify & comment.
+ (JSC::JSArray::putByIndexBeyondVectorLength):
+ - Re-written to be much clearer & simpler.
+ (JSC::JSArray::increaseVectorLength):
+ (JSC::JSArray::increaseVectorPrefixLength):
+ - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so.
+ (JSC::JSArray::push):
+ - simplify & comment.
+ * runtime/JSArray.h:
+ - removed SparseArrayValueMap::take.
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75140
+
+ Reviewed by Sam Weinig.
+
+ Simplify JSArray creation - remove ArgsList/JSValue* create methods
+ (this functionality can be implemented in terms of tryCreateUninitialized).
+
+ * JavaScriptCore.exp:
+ * runtime/ArrayConstructor.cpp:
+ - use constructArray/constructEmptyArray instead of calling JSArray::create directly
+ (JSC::constructArrayWithSizeQuirk):
+ * runtime/JSArray.cpp:
+ * runtime/JSArray.h:
+ - removed ArgsList/JSValue* create methods
+ * runtime/JSGlobalObject.h:
+ (JSC::constructEmptyArray):
+ (JSC::constructArray):
+ - changed to be implemented in terms of JSArray::tryCreateUninitialized
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75429
+ ThrowTypeError should be a singleton object
+
+ Reviewed by Sam Weinig.
+
+ Per section 13.2.3 of the spec.
+ We could change setAccessorDescriptor to be able to share the global
+ GetterSetter object, rather than storing the accessor functions and
+ creating a new GetterSetter in defineProperty - but this won't be a
+ small change to PropertyDescriptors (and would probably mean making
+ GetterSetter objects immutable?) - so I'll leave that for another
+ patch.
+
+ * JavaScriptCore.exp:
+ - don't export setAccessorDescriptor
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::createStrictModeCallerIfNecessary):
+ (JSC::Arguments::createStrictModeCalleeIfNecessary):
+ - call throwTypeErrorGetterSetter instead of createTypeErrorFunction
+ * runtime/Error.cpp:
+ * runtime/Error.h:
+ - remove createTypeErrorFunction
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ - remove unused createDescriptorForThrowingProperty
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ - removed m_strictModeTypeErrorFunctionStructure.
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::internalFunctionStructure):
+ - removed m_strictModeTypeErrorFunctionStructure.
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::PropertyDescriptor::setAccessorDescriptor):
+ - changed to take a GetterSetter
+ * runtime/PropertyDescriptor.h:
+ - changed to take a GetterSetter
+
+2012-01-02 Gavin Barraclough <barraclough@apple.com>
+
+ Check in fixes for jsc tests following bug #75455.
+
+ * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js:
+ * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js:
+
+2012-01-02 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75452
+ If argument to Error is undefined, message is not set
+
+ Reviewed by Sam Weinig.
+
+ Per section 15.11.1.1 of the spec.
+
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::create):
+ (JSC::ErrorInstance::finishCreation):
+
+2012-01-02 Gavin Barraclough <barraclough@apple.com>
+
+ ES5 prohibits parseInt from supporting octal
+ https://bugs.webkit.org/show_bug.cgi?id=75455
+
+ Reviewed by Sam Weinig.
+
+ See sections 15.1.2.2 and annex E.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::parseInt):
+
+2012-01-02 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=55343
+ Global JSON should be configurable but isn't
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ - make JSON configurable
+
+2012-01-01 Filip Pizlo <fpizlo@apple.com>
+
+ Call instructions should leave room for linking information
+ https://bugs.webkit.org/show_bug.cgi?id=75422
+ <rdar://problem/10633985>
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+
+2011-12-31 Dan Bernstein <mitz@apple.com>
+
+ Continue trying to fix the Windows build after r103823.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-12-31 Dan Bernstein <mitz@apple.com>
+
+ Start trying to fix the Windows build after r103823.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-12-30 Anders Carlsson <andersca@apple.com>
+
+ Add a ParamStorageTraits specialization for RetainPtr
+ https://bugs.webkit.org/show_bug.cgi?id=75392
+
+ Reviewed by Daniel Bates.
+
+ * wtf/Functional.h:
+ Add a partial specialization of ParamStorageTraits for RetainPtr<T>.
+
+ * wtf/RetainPtr.h:
+ Bring in the retainPtr function template from WTF.
+
+2011-12-29 Sam Weinig <sam@webkit.org>
+
+ It should be easier to iterate a Vector backwards
+ https://bugs.webkit.org/show_bug.cgi?id=75359
+
+ Reviewed by Anders Carlsson.
+
+ Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(),
+ a new proxy driven way to access a vector backwards. One can use
+ reversed() in a range-based for loop like so:
+
+ for (auto val: myVector.reversed())
+ doSomething(val)
+
+ * wtf/Vector.h:
+ (WTF::Vector::~Vector):
+ Fix style.
+
+ (WTF::Vector::rbegin):
+ (WTF::Vector::rend):
+ Added using standard adaptor std::reverse_iterator.
+
+ (WTF::Vector::reversed):
+ (WTF::Vector::VectorReverseProxy::begin):
+ (WTF::Vector::VectorReverseProxy::end):
+ Add proxy similar to one used in HashMap for keys() and values()
+ which allows access to a Vector backwards for use in range-based
+ for loops.
+
+2011-12-29 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75140
+
+ Reviewed by Oliver Hunt.
+
+ Start cleaning up JSArray construction. JSArray has a set of create methods,
+ one of which (currently) takes a 'creation mode' enum parameter. Based on that
+ parameter, the constructor does one of two completely different things. If the
+ parameter is 'CreateInitialized' it creates an array, setting the length, but
+ does not eagerly allocate a storage vector of the specified length. A small
+ (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
+ access to the vector will read the hole value (return undefined). The alternate
+ usage of this method ('CreateCompact') does something very different. It tries
+ to create an array of the requested length, and also allocates a storage vector
+ large enough to hold all properties. It does not clear the storage vector,
+ leaving the memory uninitialized and requiring the user to call a method
+ 'uncheckedSetIndex' to initialize values in the vector.
+
+ This patch factors out these two behaviours, moving the 'CreateCompact' mode
+ into its own method, 'tryCreateUninitialized' (matching the naming for this
+ functionality in the string classes). 'tryCreateUninitialized' may return 0 if
+ memory allocation fails during construction of the object. The construction
+ pattern changes such that values added during initialization will be marked if
+ a GC is triggered during array allocation. 'CreateInitialized' no longer need
+ be passed to create a normal, fully constructed array with a length, and this
+ method is merged with the version of 'create' that does not take an initial
+ length (length parameter defaults to 0).
+
+ * JavaScriptCore.exp:
+ * runtime/ArrayConstructor.cpp:
+ (JSC::constructArrayWithSizeQuirk):
+ - removed 'CreateInitialized' argument
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSplice):
+ - changed to call 'tryCreateUninitialized'
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncBind):
+ - changed to call 'tryCreateUninitialized'
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ - initialize m_storage to null; if construction fails, make destruction safe
+ (JSC::JSArray::finishCreation):
+ - merge versions of this method, takes an initialLength parameter defaulting to zero
+ (JSC::JSArray::tryFinishCreationUninitialized):
+ - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0
+ (JSC::JSArray::~JSArray):
+ - check for null m_storage, in case array construction failed.
+ (JSC::JSArray::increaseVectorPrefixLength):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ - merge versions of this method, takes an initialLength parameter defaulting to zero
+ (JSC::JSArray::tryCreateUninitialized):
+ - version of 'create' that tries to eagerly allocate storage; may fail & return 0
+ (JSC::JSArray::initializeIndex):
+ (JSC::JSArray::completeInitialization):
+ - used in conjunction with 'tryCreateUninitialized' to initialize the array
+ * runtime/JSGlobalObject.h:
+ (JSC::constructEmptyArray):
+ - removed 'CreateInitialized' argument
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::finishCreation):
+ - removed 'CreateInitialized' argument
+
+2011-12-29 Anders Carlsson <andersca@apple.com>
+
+ Add a retainPtr function template
+ https://bugs.webkit.org/show_bug.cgi?id=75365
+
+ Reviewed by Dan Bernstein.
+
+ This makes it easier to make a RetainPtr using template argument deduction, which
+ is useful when passing RetainPtr objects as function arguments.
+
+ * wtf/RetainPtr.h:
+ (WTF::retainPtr):
+
+2011-12-28 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ spill unboxed values in DFG 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=75291
+
+ Reviewed by Filip Pizlo.
+
+ Currently all the values are spilled as boxed in DFG 32_64, which is
+ not necessary and introduces additional stores/loads. Instead we
+ can spill them as unboxed if feasible. It can be applied to the
+ Integers, Cells and Booleans in DFG 32_64. Doubles are left as is
+ because they don't need to be boxed at all. The modifications to the
+ spill/fill and the OSR exit are required, as well as a bug fix to the
+ "isUnknownJS" logic.
+
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::displacedInRegisterFile):
+ (JSC::ValueRecovery::virtualRegister):
+ (JSC::ValueRecovery::dump):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::isUnknownJS):
+ (JSC::DFG::GenerationInfo::spill):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::isKnownNotBoolean):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentFillGPR):
+ (JSC::DFG::SpeculativeJIT::spill):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillInteger):
+ (JSC::DFG::SpeculativeJIT::fillDouble):
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-28 Anders Carlsson <andersca@apple.com>
+
+ Add an implicit block conversion operator to WTF::Function
+ https://bugs.webkit.org/show_bug.cgi?id=75325
+
+ Reviewed by Dan Bernstein.
+
+ * wtf/Compiler.h:
+ Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation
+ is buggy, especially when it comes to C++.
+
+ * wtf/Functional.h:
+ Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed.
+
+2011-12-27 Anders Carlsson <andersca@apple.com>
+
+ Add a new WTF::bind overload that takes 6 parameters
+ https://bugs.webkit.org/show_bug.cgi?id=75287
+
+ Reviewed by Sam Weinig.
+
+ * wtf/Functional.h:
+
+2011-12-27 Sam Weinig <sam@webkit.org>
+
+ Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro
+ https://bugs.webkit.org/show_bug.cgi?id=75268
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/Compiler.h:
+ Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
+
+ * wtf/Noncopyable.h:
+ Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
+
+ * wtf/NullPtr.cpp:
+ * wtf/NullPtr.h:
+ Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR).
+
+ * wtf/RefPtr.h:
+ * wtf/RetainPtr.h:
+ Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR).
+
+2011-12-27 Anders Carlsson <andersca@apple.com>
+
+ Misc fixes and cleanups in Functional.h
+ https://bugs.webkit.org/show_bug.cgi?id=75281
+
+ Reviewed by Andreas Kling.
+
+ - Reformat template declarations so that the class begins on a new line.
+ - Change the parameter template parameters to start at P1 instead of P0.
+ - Add function wrappers and bind overloads for 4 and 5 parameter functions.
+ - Change the Function call operator to be const so const functions can be called.
+
+ * wtf/Functional.h:
+
+2011-12-27 Tony Chang <tony@chromium.org>
+
+ [chromium] Minor cleanup of gyp files.
+ https://bugs.webkit.org/show_bug.cgi?id=75269
+
+ Reviewed by Adam Barth.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed
+ and vim/emacs specific hooks should be added by the user.
+
+2011-12-27 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75260
+ Null name for host function can result in dereference of uninitialize memory
+
+ Reviewed by Filip Pizlo.
+
+ This is a recent regression in ToT, if the name passed to finishCreation of a host function is null,
+ we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the
+ aspect of the change that introduced the issue. It might be better if functions that don't have a
+ name don't have this property at all, but that's change should be separate from fixing the bug.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::finishCreation):
+ - Always initialize the name property.
+
+2011-12-27 Anders Carlsson <andersca@apple.com>
+
+ Function should handle wrapping/unwrapping RefPtr and PassRefPtr
+ https://bugs.webkit.org/show_bug.cgi?id=75266
+
+ Reviewed by Sam Weinig.
+
+ Add ParamStorageTraits that can be used for deciding how bound parameters should be stored
+ and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn.
+ For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking.
+
+ * wtf/Functional.h:
+ (WTF::ParamStorageTraits::wrap):
+ (WTF::ParamStorageTraits::unwrap):
+
+2011-12-27 Tony Chang <tony@chromium.org>
+
+ [chromium] really enable wpo for WebCore libs and for WTF
+ https://bugs.webkit.org/show_bug.cgi?id=75264
+
+ Reviewed by Adam Barth.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr.
+
+2011-12-26 Gavin Barraclough <barraclough@apple.com>
+
+ Errk! OS X build fix.
+
+ * JavaScriptCore.exp:
+
+2011-12-26 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSObject.h:
+
+2011-12-26 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75231
+ Fail to throw in strict mode on assign to read only static properties
+
+ Reviewed by Filip Pizlo.
+
+ There are three bugs here:
+ * symbolTablePut should throw for strict mode accesses.
+ * lookupPut should throw for strict mode accesses.
+ * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::put):
+ * runtime/JSActivation.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::symbolTablePut):
+ * runtime/Lookup.h:
+ (JSC::lookupPut):
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::put):
+ * runtime/NumberConstructor.h:
+
+2011-12-26 Gavin Barraclough <barraclough@apple.com>
+
+ Fix miss-commit of utf8 change.
+
+ Reviewed by Filip Pizlo
+
+ Eeep, patch as landed a while ago had no effect! - acidentally landed
+ modified version of patch used for performance testing.
+
+ (This isn't covered by layout tests because layour tests don't use jsc,
+ and the tests/mozilla tests use latin1, which was already supported!)
+
+ Landing changes as intended (and as originally reviewed).
+
+ * jsc.cpp:
+ (jscSource):
+
+2011-12-26 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for ARMv7.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load16Signed):
+ (JSC::MacroAssemblerARMv7::load8Signed):
+
+2011-12-26 Hajime Morrita <morrita@google.com>
+
+ Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE
+ https://bugs.webkit.org/show_bug.cgi?id=74990
+
+ Reviewed by Kevin Ollivier.
+
+ * runtime/JSExportMacros.h: Removed JS_INLINE
+ * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE
+
+2011-12-24 Filip Pizlo <fpizlo@apple.com>
+
+ The ArgumentCount field in the CallFrame should have its tag left blank for other uses
+ https://bugs.webkit.org/show_bug.cgi?id=75199
+ <rdar://problem/10625105>
+ <rdar://problem/10625106>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::argumentCountIncludingThis):
+ (JSC::ExecState::setArgumentCountIncludingThis):
+ * interpreter/Register.h:
+ (JSC::Register::unboxedInt32):
+ (JSC::Register::unboxedBoolean):
+ (JSC::Register::unboxedCell):
+ (JSC::Register::payload):
+ (JSC::Register::tag):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ (JSC::JIT::compileOpCall):
+
+2011-12-25 Andreas Kling <awesomekling@apple.com>
+
+ Yarr: Avoid copying vectors in CharacterClassConstructor.
+ <http://webkit.org/b/75206>
+
+ Reviewed by Darin Adler.
+
+ Yarr::CharacterClassConstructor::charClass() was hot when loading twitter
+ feeds (1.2%), replace the usage of Vector::append() by swap() since we're
+ always clearing the source vector afterwards anyway.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::CharacterClassConstructor::charClass):
+
+2011-12-24 Darin Adler <darin@apple.com>
+
+ Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn
+ https://bugs.webkit.org/show_bug.cgi?id=72476
+
+ Reviewed by Sam Weinig.
+
+ * wtf/HashTraits.h: Defined PassInType and store function in HashTraits<RefPtr>.
+
+2011-12-23 Geoffrey Garen <ggaren@apple.com>
+
+ Inlined Yarr::execute
+ https://bugs.webkit.org/show_bug.cgi?id=75180
+
+ Reviewed reluctantly by Beth Dakin.
+
+ Tiny speedup on SunSpider string tests. Removes some samples from
+ Instruments. A step toward removing -fomit-frame-pointer.
+
+ * yarr/YarrJIT.cpp:
+ * yarr/YarrJIT.h:
+ (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?!
+
+2011-12-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG loads from signed 8-bit and 16-bit typed arrays are broken
+ https://bugs.webkit.org/show_bug.cgi?id=75163
+
+ Reviewed by Geoffrey Garen.
+
+ Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm
+ currently disabling Int8Array and Int16Array optimizations on ARM.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load8Signed):
+ (JSC::MacroAssemblerX86Common::load16Signed):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movswl_mr):
+ (JSC::X86Assembler::movsbl_mr):
+ * bytecode/PredictedType.h:
+ (JSC::isActionableMutableArrayPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInt8Array):
+ (JSC::DFG::Node::shouldSpeculateInt16Array):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+
+2011-12-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does double-to-int conversion incorrectly when storing into int typed arrays
+ https://bugs.webkit.org/show_bug.cgi?id=75164
+ <rdar://problem/10557547>
+
+ Reviewed by Geoffrey Garen.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32):
+ (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+
+2011-12-23 Geoffrey Garen <ggaren@apple.com>
+
+ Refactored String.prototype.replace
+ https://bugs.webkit.org/show_bug.cgi?id=75114
+
+ Reviewed by Darin Adler.
+
+ No performance difference.
+
+ I think this is a step toward removing -fomit-frame-pointer.
+
+ * runtime/JSString.cpp:
+ * runtime/JSString.h: Removed the test and special case for a single-character
+ search string because the standard path does this test and special case
+ for us. (As an aside, if we do come up with a unique single-character
+ replace optimization in future, it probably belongs in the replace function,
+ and not in JSString.)
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace): Split this mega-sized function into:
+ (JSC::replaceUsingStringSearch): - This reasonably sized function, and
+ (JSC::replaceUsingRegExpSearch): - This still mega-sized function.
+
+2011-12-23 Pierre Rossi <pierre.rossi@gmail.com>
+
+ [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html
+ https://bugs.webkit.org/show_bug.cgi?id=75087
+
+ monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds.
+
+ Reviewed by Darin Adler.
+
+ * wtf/CurrentTime.cpp:
+ (WTF::monotonicallyIncreasingTime):
+
+2011-12-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not speculate array even when predictions say that the base is not an array
+ https://bugs.webkit.org/show_bug.cgi?id=75160
+ <rdar://problem/10622646>
+ <rdar://problem/10622649>
+
+ Reviewed by Oliver Hunt.
+
+ Added the ability to call slow path when the base is known to not be an array.
+ Also rationalized the logic for deciding when the index is not an int, and
+ cleaned up the logic for deciding when to speculate typed array.
+
+ Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can
+ likely be mitigated by having the notion of a polymorphic array access, where we
+ try, but don't speculate, to access the array one way before either trying some
+ other ways or calling slow path.
+
+ * bytecode/PredictedType.h:
+ (JSC::isActionableMutableArrayPrediction):
+ (JSC::isActionableArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInt8Array):
+ (JSC::DFG::Node::shouldSpeculateInt16Array):
+ (JSC::DFG::Node::shouldSpeculateInt32Array):
+ (JSC::DFG::Node::shouldSpeculateUint8Array):
+ (JSC::DFG::Node::shouldSpeculateUint16Array):
+ (JSC::DFG::Node::shouldSpeculateUint32Array):
+ (JSC::DFG::Node::shouldSpeculateFloat32Array):
+ (JSC::DFG::Node::shouldSpeculateFloat64Array):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::byValIsPure):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-22 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed - fix stylebot issues from last patch.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putSlowCase):
+
+2011-12-22 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75151
+ Add attributes field to JSArray's SparseMap
+
+ Reviewed by Sam Weinig.
+
+ This will be necessary to be able to support non- writable/configurable/enumerable
+ properties, and helpful for getters/setters.
+
+ Added a concept of being 'inSparseMode' - this indicates the array has a non-standard
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSort):
+ - JSArray::sort methods not allowed on arrays that are 'inSparseMode'.
+ (must fall back to generic sort alogrithm).
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation):
+ - moved reportedMapCapacity into the SparseArrayValueMap object.
+ (JSC::SparseArrayValueMap::find):
+ (JSC::SparseArrayValueMap::put):
+ (JSC::SparseArrayValueMap::visitChildren):
+ - Added.
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ (JSC::JSArray::putSlowCase):
+ (JSC::JSArray::deletePropertyByIndex):
+ (JSC::JSArray::getOwnPropertyNames):
+ (JSC::JSArray::setLength):
+ (JSC::JSArray::pop):
+ (JSC::JSArray::visitChildren):
+ - Updated for changes in SparseArrayValueMap.
+ (JSC::JSArray::sortNumeric):
+ (JSC::JSArray::sort):
+ (JSC::JSArray::compactForSorting):
+ - Disallow on 'SparseMode' arrays.
+ * runtime/JSArray.h:
+ (JSC::SparseArrayEntry::SparseArrayEntry):
+ - An entry in the sparse array - value (WriteBarrier) + attributes.
+ (JSC::SparseArrayValueMap::SparseArrayValueMap):
+ (JSC::SparseArrayValueMap::sparseMode):
+ (JSC::SparseArrayValueMap::setSparseMode):
+ - Flags to track whether an Array is forced into SparseMode.
+ (JSC::SparseArrayValueMap::remove):
+ (JSC::SparseArrayValueMap::notFound):
+ (JSC::SparseArrayValueMap::isEmpty):
+ (JSC::SparseArrayValueMap::contains):
+ (JSC::SparseArrayValueMap::size):
+ (JSC::SparseArrayValueMap::begin):
+ (JSC::SparseArrayValueMap::end):
+ - accessors to the map
+ (JSC::SparseArrayValueMap::take):
+ - only for use on non-SpareMode arrays.
+ (JSC::JSArray::inSparseMode):
+ - Added.
+
+2011-12-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array
+ https://bugs.webkit.org/show_bug.cgi?id=75150
+ <rdar://problem/10621900>
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+
+2011-12-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does exactly the wrong thing when doing strict equality on two known cells
+ https://bugs.webkit.org/show_bug.cgi?id=75138
+ <rdar://problem/10621526>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+
+2011-12-22 Balazs Kelemen <kbalazs@webkit.org>
+
+ Fix debug build with assertions disabled
+ https://bugs.webkit.org/show_bug.cgi?id=75075
+
+ Reviewed by Darin Adler.
+
+ Check whether assertions are disabled instead of NDEBUG
+ where appropriate to avoid "defined but not used" warnings.
+
+ * wtf/DateMath.cpp:
+ (WTF::initializeDates):
+
+2011-12-22 Mariusz Grzegorczyk <mariusz.g@samsung.com>
+
+ [EFL] Missing plugins support for efl port
+ https://bugs.webkit.org/show_bug.cgi?id=44505
+
+ Reviewed by Anders Carlsson.
+
+ Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port.
+
+ * wtf/Platform.h:
+
+2011-12-22 Wei Charles <charles.wei@torchmobile.com.cn>
+
+ Remove un-used data member of LiteralParser::Lex::m_string
+ https://bugs.webkit.org/show_bug.cgi?id=68216
+
+ Reviewed by George Staikos.
+
+ * runtime/LiteralParser.h:
+
+2011-12-21 Dan Bernstein <mitz@apple.com>
+
+ OS X build fix after r103488.
+
+ * JavaScriptCore.exp:
+
+2011-12-21 Konrad Piascik <kpiascik@rim.com>
+
+ Implement the JavaScriptCore bindings for eventListenerHandlerLocation
+ https://bugs.webkit.org/show_bug.cgi?id=74313
+
+ Reviewed by Eric Seidel.
+
+ Updated project files to get Windows and Mac builds working.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-12-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object
+ https://bugs.webkit.org/show_bug.cgi?id=75058
+ <rdar://problem/10616612>
+ <rdar://problem/10617500>
+
+ Reviewed by Oliver Hunt.
+
+ Added a call to toThisObject() in the DFG when planting a direct reference to the global this object.
+ Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed
+ a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState*
+ is optional.
+
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::globalThisObjectFor):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSObject.h:
+
+2011-12-21 Pierre Rossi <pierre.rossi@gmail.com>
+
+ Implement montonicallyIncreasingClock() on Qt
+ https://bugs.webkit.org/show_bug.cgi?id=62159
+
+ Reviewed by Darin Adler.
+
+ * wtf/CurrentTime.cpp:
+ (WTF::monotonicallyIncreasingTime):
+
+2011-12-20 Filip Pizlo <fpizlo@apple.com>
+
+ 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails
+ https://bugs.webkit.org/show_bug.cgi?id=74997
+ <rdar://problem/10612389>
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_div):
+
+2011-12-20 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore should be consistent about how it reads and writes ArgumentCount
+ https://bugs.webkit.org/show_bug.cgi?id=74989
+ <rdar://problem/10612006>
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_get_arguments_length):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
+
+2011-12-20 Filip Pizlo <fpizlo@apple.com>
+
+ Value Profiles for arguments should be more easily accessible to the interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=74984
+ <rdar://problem/10611364>
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setArgumentValueProfileSize):
+ (JSC::CodeBlock::numberOfArgumentValueProfiles):
+ (JSC::CodeBlock::valueProfileForArgument):
+ (JSC::CodeBlock::addValueProfile):
+ (JSC::CodeBlock::valueProfile):
+ (JSC::CodeBlock::valueProfileForBytecodeOffset):
+ (JSC::CodeBlock::totalNumberOfValueProfiles):
+ (JSC::CodeBlock::getFromAllValueProfiles):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::ValueProfile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+
+2011-12-20 Gavin Barraclough <barraclough@apple.com>
+
+ JSC shell should accept utf8 input.
+
+ Reviewed by Filip Pizlo.
+
+ * jsc.cpp:
+ (jscSource):
+ (functionRun):
+ (functionLoad):
+ (functionCheckSyntax):
+ (runWithScripts):
+ (runInteractive):
+
+2011-12-20 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber Stamped by Sam Weinig
+
+ * runtime/JSGlobalData.cpp:
+ - removed some dead code.
+
+2011-12-19 Geoffrey Garen <ggaren@apple.com>
+
+ Tightened up Vector<T>::append
+ https://bugs.webkit.org/show_bug.cgi?id=74906
+
+ Reviewed by Sam Weinig.
+
+ Not a measurable speedup, but code inspection shows better code generated,
+ and I believe this is a step toward turning off -fomit-frame-pointer.
+
+ * wtf/Vector.h:
+ (WTF::::append):
+ (WTF::::appendSlowCase): Split out the slow case into a separate function
+ to keep unnecessary instructions off the hot path. This means the hot
+ path can now be inlined more often.
+
+ Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a
+ compiler work-around from 2007.
+
+2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Temporary GPR should not be lazily allocated in DFG JIT on X86
+ https://bugs.webkit.org/show_bug.cgi?id=74908
+
+ Reviewed by Filip Pizlo.
+
+ On X86, we used to allocate a temporary GPR lazily when it's really
+ used rather than defined. This may cause potential issues of
+ allocating registers inside control flow and result in problems in
+ subsequent code generation, for example the DFG JIT may think an
+ operand already being spilled (to satisfy the allocation request) and
+ generate code to read the data from memory, but the allocation and
+ spilling are in a branch which is not taken at runtime, so the
+ generated code is incorrect.
+
+ Although current DFG JIT code doesn't have this problematic pattern,
+ it's better to cut-off the root to avoid any potential issues in the
+ future.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::GPRTemporary::gpr):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove unused code for non-speculative Arith operations from DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=74905
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ * dfg/DFGSpeculativeJIT64.cpp:
+
+2011-12-19 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=74903
+ Exceptions not thrown correctly from DFG JIT on 32bit
+
+ Reviewed by Oliver Hunt.
+
+ Arguments for lookupExceptionHandler are not setup correctly.
+ In the case of ARMv7 we rely on lr being preserved over a call,
+ this in invalid. On x86 we don't should be poking the arguments onto the stack!
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
+ * dfg/DFGGPRInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addExceptionCheck):
+ (JSC::DFG::JITCompiler::addFastExceptionCheck):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+
+2011-12-19 Filip Pizlo <fpizlo@apple.com>
+
+ If we detect that we can use the JIT, don't use computed opcode lookups
+ https://bugs.webkit.org/show_bug.cgi?id=74899
+ <rdar://problem/10604551>
+
+ Reviewed by Gavin Barraclough.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::Interpreter):
+ (JSC::Interpreter::initialize):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC::Interpreter::getOpcode):
+ (JSC::Interpreter::getOpcodeID):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+
+2011-12-19 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Qt build.
+
+ Unreviewed.
+
+ * wtf/ThreadSpecific.h: #include!
+
+2011-12-18 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to change the value of an Options variable without recompiling the world
+ https://bugs.webkit.org/show_bug.cgi?id=74807
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/Options.cpp:
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h:
+
+2011-12-19 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r103250.
+ http://trac.webkit.org/changeset/103250
+ https://bugs.webkit.org/show_bug.cgi?id=74877
+
+ it still breaks codegen (Requested by olliej on #webkit).
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::byValIsPure):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-16 Oliver Hunt <oliver@apple.com>
+
+ Rolling r103120 back in with merge errors corrected.
+
+ PutByVal[Alias] unnecessarily reloads the storage buffer
+ https://bugs.webkit.org/show_bug.cgi?id=74747
+
+ Reviewed by Gavin Barraclough.
+
+ Make PutByVal use GetIndexedStorage to load the storage buffer.
+ This required switching PutByVal to a vararg node (which is
+ responsible for most of the noise in this patch). This fixes the
+ remaining portion of the kraken regression caused by the GetByVal
+ storage load elimination, and a 1-5% win on some of the sub tests of
+ the typed array benchmark at:
+ http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::byValIndexIsPure):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-15 Geoffrey Garen <ggaren@apple.com>
+
+ Placement new does an unnecessary NULL check
+ https://bugs.webkit.org/show_bug.cgi?id=74676
+
+ Reviewed by Sam Weinig.
+
+ We can define our own version, which skips the NULL check.
+
+ Not a measurable speedup, but code inspection shows better code generated,
+ and I believe this is a step toward turning off -fomit-frame-pointer.
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::create): Use the NotNull version of placement
+ new to skip the NULL check.
+
+ * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new.
+
+ (JSC::JSCallbackObject::create):
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::grow):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::allocate):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::create):
+ (JSC::MarkedBlock::recycle):
+ * jit/JITCode.h:
+ (JSC::JITCode::clear):
+ * jsc.cpp:
+ (GlobalObject::create):
+ * profiler/CallIdentifier.h:
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::create):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.h:
+ (JSC::BooleanConstructor::create):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::create):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::create):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::create):
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::create):
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::create):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::create):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/ExceptionHelpers.h:
+ (JSC::InterruptedExecutionError::create):
+ (JSC::TerminatedExecutionError::create):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+ * runtime/FunctionConstructor.h:
+ (JSC::FunctionConstructor::create):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::create):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::create):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::create):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::create):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::create): Use the NotNull version of placement
+ new to skip the NULL check.
+
+ * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ * runtime/JSGlobalThis.h:
+ (JSC::JSGlobalThis::create):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::create):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSObject.h:
+ (JSC::JSFinalObject::create):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createNull):
+ (JSC::RopeBuilder::create):
+ (JSC::RopeBuilder::createHasOtherOwner):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::create):
+ * runtime/NativeErrorPrototype.h:
+ (JSC::NativeErrorPrototype::create):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::create):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::create):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::create):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::create):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::createWithoutCaching):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::create):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::create):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::create):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::create):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::create):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::createStructure):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ * testRegExp.cpp:
+ (GlobalObject::create):
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement
+ new to skip the NULL check.
+
+ * wtf/BumpPointerAllocator.h:
+ (WTF::BumpPointerPool::create): Standardized spacing to make grep easier.
+
+ * wtf/ByteArray.cpp:
+ (WTF::ByteArray::create):
+ * wtf/Deque.h:
+ (WTF::::append):
+ (WTF::::prepend): Use NotNull, as above.
+
+ * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise
+ hide the name of the global placement new.
+
+ (WTF::fastNew): Standardized spacing. Most of these functions don't need
+ NotNull, since they check for NULL, and the optimizer can see that.
+
+ * wtf/HashTable.h:
+ * wtf/HashTraits.h:
+ (WTF::SimpleClassHashTraits::constructDeletedValue):
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above.
+
+ * wtf/StdLibExtras.h:
+ (throw): This is our NotNull placement new. Declaring that we throw is
+ the C++ way to say that operator new will not return NULL.
+
+ * wtf/ThreadSpecific.h:
+ (WTF::T):
+ * wtf/Vector.h:
+ (WTF::::append):
+ (WTF::::tryAppend):
+ (WTF::::uncheckedAppend):
+ (WTF::::insert):
+ * wtf/text/AtomicStringHash.h:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::createUninitialized):
+ (WTF::StringImpl::reallocate):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::tryCreateUninitialized):
+ * wtf/text/StringStatics.cpp:
+ (WTF::AtomicString::init): Use NotNull, as above.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::allocDisjunctionContext):
+ (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
+ (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized
+ spacing for easy grep.
+
+2011-12-19 Eric Carlson <eric.carlson@apple.com>
+
+ Enable <track> for Mac build
+ https://bugs.webkit.org/show_bug.cgi?id=74838
+
+ Reviewed by Darin Adler.
+
+ * wtf/Platform.h:
+
+2011-12-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG is too sloppy with register allocation
+ https://bugs.webkit.org/show_bug.cgi?id=74835
+
+ Reviewed by Gavin Barraclough.
+
+ Added assertions that at the end of a successfully generated basic block,
+ all use counts should be zero. This revealed a number of bugs:
+
+ - Array length optimizations were turning a must-generate node into one
+ that is not must-generate, but failing to change the ref count
+ accordingly.
+
+ - Indexed property storage optimizations were failing to deref their
+ children, or to deref the indexed property storage node itself. Also,
+ they used the Phantom node as a replacement. But the Phantom node is
+ must-generate, which was causing bizarre issues. So this introduces a
+ Nop node, which should be used in cases where you want a node that is
+ skipped and has no children.
+
+ This does not have any significant performance effect, but it should
+ relieve some register pressure. The main thing this patch adds, though,
+ are the assertions, which should make it easier to do register allocation
+ related changes in the future.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::initConstant):
+ (JSC::DFG::GenerationInfo::initInteger):
+ (JSC::DFG::GenerationInfo::initJSValue):
+ (JSC::DFG::GenerationInfo::initCell):
+ (JSC::DFG::GenerationInfo::initBoolean):
+ (JSC::DFG::GenerationInfo::initDouble):
+ (JSC::DFG::GenerationInfo::initStorage):
+ (JSC::DFG::GenerationInfo::use):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::clearAndDerefChild1):
+ (JSC::DFG::Graph::clearAndDerefChild2):
+ (JSC::DFG::Graph::clearAndDerefChild3):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::deref):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-18 Benjamin Poulain <bpoulain@apple.com>
+
+ Remove the duplicated code from ASCIICType.h
+ https://bugs.webkit.org/show_bug.cgi?id=74771
+
+ Reviewed by Andreas Kling.
+
+ Use isASCIIDigit() and isASCIIAlpha() instead of copying the code.
+
+ * wtf/ASCIICType.h:
+ (WTF::isASCIIDigit):
+ (WTF::isASCIIAlphanumeric):
+ (WTF::isASCIIHexDigit):
+
+2011-12-18 Anders Carlsson <andersca@apple.com>
+
+ Set the main frame view scroll position asynchronously
+ https://bugs.webkit.org/show_bug.cgi?id=74823
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.exp:
+
+2011-12-10 Andreas Kling <kling@webkit.org>
+
+ OpaqueJSClass: Remove RVCT2 workarounds.
+ <http://webkit.org/b/74250>
+
+ Reviewed by Benjamin Poulain.
+
+ We no longer need workarounds for the RVCT2 compiler since it was
+ only used for the Symbian port of WebKit which is now defunct.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::OpaqueJSClass):
+ (OpaqueJSClassContextData::OpaqueJSClassContextData):
+
+2011-12-16 Benjamin Poulain <bpoulain@apple.com>
+
+ Remove the duplicated code from ASCIICType.h
+ https://bugs.webkit.org/show_bug.cgi?id=74771
+
+ Reviewed by Andreas Kling.
+
+ The functions were sharing similar code and were defined for the various input types.
+ Use templates instead to avoid code duplication.
+
+ * wtf/ASCIICType.h:
+ (WTF::isASCII):
+ (WTF::isASCIIAlpha):
+ (WTF::isASCIIAlphanumeric):
+ (WTF::isASCIIDigit):
+ (WTF::isASCIIHexDigit):
+ (WTF::isASCIILower):
+ (WTF::isASCIIOctalDigit):
+ (WTF::isASCIIPrintable):
+ (WTF::isASCIISpace):
+ (WTF::isASCIIUpper):
+ (WTF::toASCIILower):
+ (WTF::toASCIIUpper):
+ (WTF::toASCIIHexValue):
+ (WTF::lowerNibbleToASCIIHexDigit):
+ (WTF::upperNibbleToASCIIHexDigit):
+
+2011-12-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit may get confused about where in the scratch buffer it stored a value
+ https://bugs.webkit.org/show_bug.cgi?id=74695
+
+ Reviewed by Oliver Hunt.
+
+ The code that reads from the scratch buffer now explicitly knows which locations to
+ read from. No new tests, since this patch covers a case so uncommon that I don't know
+ how to make a test for it.
+
+ * dfg/DFGOSRExitCompiler.h:
+ (JSC::DFG::OSRExitCompiler::badIndex):
+ (JSC::DFG::OSRExitCompiler::initializePoisoned):
+ (JSC::DFG::OSRExitCompiler::poisonIndex):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+
+2011-12-16 Oliver Hunt <oliver@apple.com>
+
+ PutByVal[Alias] unnecessarily reloads the storage buffer
+ https://bugs.webkit.org/show_bug.cgi?id=74747
+
+ Reviewed by Gavin Barraclough.
+
+ Make PutByVal use GetIndexedStorage to load the storage buffer.
+ This required switching PutByVal to a vararg node (which is
+ responsible for most of the noise in this patch). This fixes the
+ remaining portion of the kraken regression caused by the GetByVal
+ storage load elimination, and a 1-5% win on some of the sub tests of
+ the typed array benchmark at:
+ http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::byValIndexIsPure):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-16 Daniel Bates <dbates@rim.com>
+
+ Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h
+
+ Rubber-stamped by Antonio Gomes.
+
+ BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't
+ declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h
+ instead of BlackBerryPlatformMisc.h.
+
+ * wtf/Assertions.cpp:
+
+2011-12-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize destructors
+ https://bugs.webkit.org/show_bug.cgi?id=74331
+
+ Reviewed by Geoffrey Garen.
+
+ This is a megapatch which frees us from the chains of virtual destructors.
+
+ In order to remove the virtual destructors, which are the last of the virtual
+ functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to
+ the cell rather than to the structure because in order to be able to lazily call
+ the static destroy() functions that will replace the virtual destructors, we
+ need to be able to access the ClassInfo without the danger of the object's
+ Structure being collected before the object itself.
+
+ After adding the ClassInfo to the cell, we can then begin to remove our use
+ of vptrs for optimizations within the JIT and the GC. When we have removed
+ all of the stored vptrs from JSGlobalData, we can then also remove all of
+ the related VPtrStealingHack code.
+
+ The replacement for virtual destructors will be to add a static destroy function
+ pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has
+ a non-trivial destructor will require its own static destroy function to static
+ call its corresponding destructor, which will now be non-virtual. In future
+ patches we will slowly move away from destructors altogether as we make more and
+ more objects backed by GC memory rather than malloc-ed memory. The GC will now
+ call the static destroy method rather than the virtual destructor.
+
+ As we go through the hierarchy and add static destroy functions to classes,
+ we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes
+ to which it applies. The future goal is to eventually have every class have that assert.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call
+ ~JSCallbackConstructor because it has some extra destruction logic.
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction.
+ * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject
+ because it has a member OwnPtr that needs destruction.
+ (JSC::::destroy):
+ * API/JSCallbackObject.h:
+ * JavaScriptCore.exp: Add/remove necessary symbols for JSC.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols.
+ * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't
+ have its own ClassInfo despite the fact that it overrides a number of MethodTable
+ methods. Added the ClassInfo, along with an assertion that its destructor is trivial.
+ * debugger/DebuggerActivation.h:
+ * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray,
+ isJSString, as it is no longer necessary.
+ (JSC::DFG::putByVal):
+ * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the
+ JSArray ClassInfo pointer.
+ (JSC::DFG::tryCacheGetByID):
+ * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo
+ comparisons since we don't have vptrs anymore.
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileStrictEq):
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT.h: Ditto.
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ * dfg/DFGSpeculativeJIT32_64.cpp: Ditto.
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp: Ditto.
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with
+ ClassInfo comparisons.
+ (JSC::Heap::Heap):
+ * heap/MarkStack.cpp: Ditto.
+ (JSC::MarkStackThreadSharedData::markingThreadMain):
+ (JSC::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * heap/MarkStack.h: Ditto.
+ (JSC::MarkStack::MarkStack):
+ * heap/MarkedBlock.cpp: Ditto.
+ (JSC::MarkedBlock::callDestructor):
+ (JSC::MarkedBlock::specializedSweep):
+ * heap/MarkedBlock.h: Ditto.
+ * heap/SlotVisitor.h: Ditto.
+ (JSC::SlotVisitor::SlotVisitor):
+ * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them.
+ We'll have to rename this class and make it use ClassInfo ptrs in a future patch.
+ (JSC::VTableSpectrum::count):
+ * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray,
+ etc. functions.
+ (JSC::loadVarargs):
+ (JSC::Interpreter::tryCacheGetByID):
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject
+ * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting,
+ remove all vtable related code.
+ (JSC::JIT::emitLoadCharacterString):
+ (JSC::JIT::emitAllocateBasicJSObject):
+ (JSC::JIT::emitAllocateJSFinalObject):
+ (JSC::JIT::emitAllocateJSFunction):
+ * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo.
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::emit_op_to_primitive):
+ (JSC::JIT::emit_op_convert_this):
+ * jit/JITOpcodes32_64.cpp: Ditto.
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::emit_op_to_primitive):
+ (JSC::JIT::emitSlow_op_eq):
+ (JSC::JIT::emitSlow_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_convert_this):
+ * jit/JITPropertyAccess.cpp: Ditto.
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ * jit/JITPropertyAccess32_64.cpp: Ditto.
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ * jit/JITStubs.cpp: Remove global data argument from isJSString, etc.
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff.
+ (JSC::SpecializedThunkJIT::loadJSStringArgument):
+ * runtime/ArrayConstructor.cpp: Add trivial destructor assert.
+ * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray.
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ * runtime/BooleanConstructor.cpp: Add trivial destructor assert.
+ * runtime/BooleanObject.cpp: Ditto.
+ * runtime/BooleanPrototype.cpp: Ditto.
+ * runtime/ClassInfo.h: Add destroy function pointer to MethodTable.
+ * runtime/DateConstructor.cpp: Add trivial destructor assert.
+ * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr
+ that needs destruction.
+ (JSC::DateInstance::destroy):
+ * runtime/DateInstance.h:
+ * runtime/Error.cpp: Ditto (because of UString member).
+ (JSC::StrictModeTypeErrorFunction::destroy):
+ * runtime/Error.h:
+ * runtime/ErrorConstructor.cpp: Add trivial destructor assert.
+ * runtime/ErrorInstance.cpp: Ditto.
+ * runtime/ExceptionHelpers.cpp: Ditto.
+ * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses.
+ (JSC::ExecutableBase::destroy):
+ (JSC::NativeExecutable::destroy):
+ (JSC::ScriptExecutable::destroy):
+ (JSC::EvalExecutable::destroy):
+ (JSC::ProgramExecutable::destroy):
+ (JSC::FunctionExecutable::destroy):
+ * runtime/Executable.h:
+ * runtime/FunctionConstructor.cpp: Add trivial destructor assert.
+ * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray.
+ (JSC::functionProtoFuncApply):
+ * runtime/GetterSetter.cpp: Ditto.
+ * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no
+ longer exists.
+ (JSC::initializeThreadingOnce):
+ * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert,
+ remove first arg from isJSString.
+ (JSC::InternalFunction::displayName):
+ * runtime/InternalFunction.h: Remove VPtrStealingHack.
+ * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert.
+ * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in
+ destructor with ClassInfo checks.
+ (JSC::JSArray::~JSArray):
+ (JSC::JSArray::destroy):
+ * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray
+ and change them to check the ClassInfo rather than the vptrs.
+ (JSC::isJSArray):
+ * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray.
+ (JSC::boundFunctionCall):
+ (JSC::boundFunctionConstruct):
+ * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks.
+ (JSC::JSByteArray::~JSByteArray):
+ (JSC::JSByteArray::destroy):
+ * runtime/JSByteArray.h: Remove VPtrStealingHack code.
+ (JSC::isJSByteArray):
+ * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function.
+ (JSC::JSCell::destroy):
+ * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset
+ of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to
+ the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions,
+ as they are no longer used. Add a validatedClassInfo function to JSCell for any clients
+ that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the
+ same one as that contained in the Structure. This isn't used too often, because most of
+ the places where we compare the ClassInfo to things can be called during destruction.
+ Since the Structure is unreliable during the phase when destructors are being called,
+ we can't call validatedClassInfo.
+ (JSC::JSCell::classInfoOffset):
+ (JSC::JSCell::structure):
+ (JSC::JSCell::classInfo):
+ * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor,
+ remove first arg from call to isJSString.
+ (JSC::JSFunction::destroy):
+ (JSC::JSFunction::displayName):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs,
+ as these vptrs are no longer needed in the codebase.
+ * runtime/JSGlobalData.h:
+ (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use
+ ClassInfo rather than the vptr.
+ * runtime/JSGlobalObject.cpp: Add static destroy function.
+ (JSC::JSGlobalObject::destroy):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalThis.cpp: Add trivial destructor assert.
+ * runtime/JSNotAnObject.cpp: Ditto.
+ * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls.
+ (JSC::Stringifier::Holder::appendNextProperty):
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSFinalObject::destroy):
+ (JSC::JSNonFinalObject::destroy):
+ (JSC::JSObject::destroy):
+ * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor
+ from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and
+ JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code.
+ (JSC::JSObject::finishCreation):
+ (JSC::JSNonFinalObject::finishCreation):
+ (JSC::JSFinalObject::finishCreation):
+ (JSC::isJSFinalObject):
+ * runtime/JSPropertyNameIterator.cpp: Add static destroy.
+ (JSC::JSPropertyNameIterator::destroy):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp: Ditto.
+ (JSC::JSStaticScopeObject::destroy):
+ * runtime/JSStaticScopeObject.h: Ditto.
+ * runtime/JSString.cpp:
+ (JSC::JSString::destroy):
+ * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code,
+ since we no longer need to fixup vptrs.
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsNontrivialString):
+ (JSC::jsString):
+ (JSC::jsSubstring8):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString):
+ (JSC::jsStringBuilder):
+ (JSC::isJSString):
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::destroy):
+ * runtime/JSVariableObject.h: Ditto.
+ * runtime/JSWrapperObject.cpp:
+ * runtime/JSWrapperObject.h: Add trivial destructor assert.
+ * runtime/MathObject.cpp: Ditto.
+ * runtime/NativeErrorConstructor.cpp: Ditto.
+ * runtime/NumberConstructor.cpp: Ditto.
+ * runtime/NumberObject.cpp: Ditto.
+ * runtime/NumberPrototype.cpp: Ditto.
+ * runtime/ObjectConstructor.cpp: Ditto.
+ * runtime/ObjectPrototype.cpp: Ditto.
+ * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString.
+ (JSC::jsString):
+ (JSC::jsLess):
+ (JSC::jsLessEq):
+ * runtime/RegExp.cpp: Add static destroy.
+ (JSC::RegExp::destroy):
+ * runtime/RegExp.h:
+ * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray.
+ (JSC::RegExpConstructor::destroy):
+ (JSC::RegExpMatchesArray::destroy):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ * runtime/RegExpObject.cpp: Add static destroy.
+ (JSC::RegExpObject::destroy):
+ * runtime/RegExpObject.h:
+ * runtime/ScopeChain.cpp: Add trivial destructor assert.
+ * runtime/ScopeChain.h:
+ * runtime/StrictEvalActivation.cpp: Ditto.
+ * runtime/StringConstructor.cpp:
+ * runtime/StringObject.cpp: Ditto. Remove vtableAnchor.
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp: Ditto.
+ * runtime/Structure.cpp: Add static destroy.
+ (JSC::Structure::destroy):
+ * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h
+ because they need to have the full Structure type to access the ClassInfo to store in the JSCell.
+ (JSC::JSCell::setStructure):
+ (JSC::JSCell::validatedClassInfo):
+ (JSC::JSCell::JSCell):
+ (JSC::JSCell::finishCreation):
+ * runtime/StructureChain.cpp: Add static destroy.
+ (JSC::StructureChain::destroy):
+ * runtime/StructureChain.h:
+ * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs
+ ability to tell us when a class has a trivial destructor. We will use this assert
+ more in future patches as we move toward having all JSC objects backed by GC memory,
+ which means moving away from using destructors/finalizers.
+
+2011-12-15 Martin Robinson <mrobinson@igalia.com>
+
+ Fix 'make dist' in preparation for the GTK+ release.
+
+ * GNUmakefile.list.am: Add missing header.
+
+2011-12-15 Sam Weinig <sam@webkit.org>
+
+ <rdar://problem/10552550> JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly
+
+ Reviewed by Gavin Barraclough.
+
+ Original patch by Jim Grosbach.
+
+ * jit/JITStubs.cpp:
+ (JSC::ctiTrampoline):
+ (JSC::ctiVMThrowTrampoline):
+ Replace uses of the 'cpy' mnemonic with 'mov'.
+
+2011-12-15 Filip Pizlo <fpizlo@apple.com>
+
+ Value profiling should distinguished between NaN and non-NaN doubles
+ https://bugs.webkit.org/show_bug.cgi?id=74682
+
+ Reviewed by Gavin Barraclough.
+
+ Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union
+ of the two.
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromValue):
+ * bytecode/PredictedType.h:
+ (JSC::isDoubleRealPrediction):
+ (JSC::isDoublePrediction):
+
+2011-12-15 Anders Carlsson <andersca@apple.com>
+
+ Regression (r102866): Navigating away from or closing a page with a plugin crashes
+ https://bugs.webkit.org/show_bug.cgi?id=74655
+ <rdar://problem/10590024>
+
+ Reviewed by Sam Weinig.
+
+ Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes,
+ using a modified version of the technique described here:
+ http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699
+
+ * wtf/Functional.h:
+
+2011-12-15 Andy Wingo <wingo@igalia.com>
+
+ Warnings fixes in Interpreter.cpp and PrivateExecute.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=74624
+
+ Reviewed by Darin Adler.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Fix variables unused in
+ release mode.
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment): Fix
+ signed/unsigned comparison warning, with a cast.
+
+2011-12-15 Andy Wingo <wingo@igalia.com>
+
+ Use more macrology in JSC::Options
+ https://bugs.webkit.org/show_bug.cgi?id=72938
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/Options.cpp:
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h: Use macros to ensure that all heuristics are
+ declared and have initializers.
+
+2011-12-15 Anders Carlsson <andersca@apple.com>
+
+ Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define
+ https://bugs.webkit.org/show_bug.cgi?id=74639
+
+ Reviewed by Andreas Kling.
+
+ Add ENABLE_THREADED_SCROLLING #define.
+
+ * wtf/Platform.h:
+
+2011-12-15 Anders Carlsson <andersca@apple.com>
+
+ EventDispatcher should handle wheel events on the connection queue
+ https://bugs.webkit.org/show_bug.cgi?id=74627
+
+ Reviewed by Andreas Kling.
+
+ Add a BoundFunctionImpl specialization that takes three parameters.
+
+ * wtf/Functional.h:
+ (WTF::C::):
+ (WTF::R):
+ (WTF::bind):
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ Add WTF::Function to wtf/Forward.h
+ https://bugs.webkit.org/show_bug.cgi?id=74576
+
+ Reviewed by Adam Roben.
+
+ * jsc.cpp:
+ Work around a name conflict in the readline library.
+
+ * wtf/Forward.h:
+ Add Function.
+
+2011-12-15 Igor Oliveira <igor.oliveira@openbossa.org>
+
+ [Qt] Support requestAnimationFrame API
+ https://bugs.webkit.org/show_bug.cgi?id=74528
+
+ Let Qt port use REQUEST_ANIMATION_FRAME_TIMER.
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ * wtf/Platform.h:
+
+2011-12-15 Andy Wingo <wingo@igalia.com>
+
+ Minor refactor to Parser::parseTryStatement
+ https://bugs.webkit.org/show_bug.cgi?id=74507
+
+ Reviewed by Geoffrey Garen.
+
+ * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the
+ Parser's declareVariable instead of going directly to the scope.
+ This will facilitate future checks related to harmony block
+ scoping.
+
+2011-12-15 Andy Wingo <wingo@igalia.com>
+
+ Rename JSC::Heuristics to JSC::Options
+ https://bugs.webkit.org/show_bug.cgi?id=72889
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp.
+ * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shouldOptimizeNow):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::likelyToTakeSlowCase):
+ (JSC::CodeBlock::couldTakeSlowCase):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::likelyToTakeAnySlowCase):
+ (JSC::CodeBlock::reoptimizationRetryCounter):
+ (JSC::CodeBlock::countReoptimization):
+ (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
+ (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
+ (JSC::CodeBlock::optimizeNextInvocation):
+ (JSC::CodeBlock::dontOptimizeAnytimeSoon):
+ (JSC::CodeBlock::optimizeSoon):
+ (JSC::CodeBlock::largeFailCountThreshold):
+ (JSC::CodeBlock::largeFailCountThresholdForLoop):
+ (JSC::CodeBlock::shouldReoptimizeNow):
+ (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightCompileEval):
+ (JSC::DFG::mightCompileProgram):
+ (JSC::DFG::mightCompileFunctionForCall):
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ (JSC::DFG::mightInlineFunctionForCall):
+ (JSC::DFG::mightInlineFunctionForConstruct):
+ * dfg/DFGOSRExit.cpp:
+ (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackSegmentAllocator::allocate):
+ (JSC::MarkStackSegmentAllocator::shrinkReserve):
+ (JSC::MarkStackArray::MarkStackArray):
+ (JSC::MarkStackArray::donateSomeCellsTo):
+ (JSC::MarkStackArray::stealSomeCellsFrom):
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::SlotVisitor::donateSlow):
+ (JSC::SlotVisitor::drain):
+ (JSC::SlotVisitor::drainFromShared):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
+ (JSC::MarkStack::addOpaqueRoot):
+ (JSC::MarkStackArray::canDonateSomeCells):
+ * heap/SlotVisitor.h:
+ (JSC::SlotVisitor::donate):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce): Adapt callers and build systems.
+
+ * testRegExp.cpp:
+ (CommandLine::CommandLine):
+ * jsc.cpp:
+ (CommandLine::CommandLine):
+ Rename from Options, to avoid name conflict.
+
+2011-12-14 Sam Weinig <sam@webkit.org>
+
+ Revert unintentional change to JavaScriptCore.def
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-12-14 Sam Weinig <weinig@apple.com>
+
+ Remove whitespace from InheritedPropertySheets attributes in
+ vsprops files to appease the Visual Studio project migrator.
+
+ Reviewed by Adam Roben.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscDebug.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ binding a member function should ref/deref the object pointer if needed
+ https://bugs.webkit.org/show_bug.cgi?id=74552
+
+ Reviewed by Sam Weinig.
+
+ Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref
+ member functions which the right type. Use this to determine if we should ref/deref the first parameter.
+
+ * wtf/Functional.h:
+ (WTF::R):
+ (WTF::C::):
+ (WTF::RefAndDeref::ref):
+ (WTF::RefAndDeref::deref):
+
+2011-12-14 Hajime Morrita <morrita@chromium.org>
+
+ JS_INLINE and WTF_INLINE should be visible from WebCore
+ https://bugs.webkit.org/show_bug.cgi?id=73191
+
+ - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
+ - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
+ - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
+
+ Reviewed by Kevin Ollivier.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * config.h:
+ * runtime/JSExportMacros.h: Added.
+ * wtf/ExportMacros.h:
+ * wtf/Platform.h:
+ * wtf/WTFThreadData.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/StringStatics.cpp:
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ Work around a bug in the MSVC2005 compiler
+ https://bugs.webkit.org/show_bug.cgi?id=74550
+
+ Reviewed by Sam Weinig.
+
+ Add template parameters for the return types of the partial specializations of BoundFunctionImpl.
+
+ * wtf/Functional.h:
+ (WTF::R):
+
+2011-12-13 Jon Lee <jonlee@apple.com>
+
+ Enable notifications on Mac.
+
+ Reviewed by Sam Weinig.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-12-14 David Kilzer <ddkilzer@apple.com>
+
+ Remove definition of old ENABLE(YARR) macro
+ <http://webkit.org/b/74532>
+
+ Reviewed by Darin Adler.
+
+ * wtf/Platform.h: Removed ENABLE_YARR macros.
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ bind should handle member functions
+ https://bugs.webkit.org/show_bug.cgi?id=74529
+
+ Reviewed by Sam Weinig.
+
+ Add FunctionWrapper partial specializations for member function pointers.
+
+ * wtf/Functional.h:
+ (WTF::C::):
+
+2011-12-14 Gavin Barraclough <barraclough@apple.com>
+
+ DFG relies on returning a struct in registers
+ https://bugs.webkit.org/show_bug.cgi?id=74527
+
+ Reviewed by Geoff Garen.
+
+ This will not work on all platforms. Returning a uint64_t will more reliably achieve
+ what we want, on 32-bit platforms (on 64-bit, stick with the struct return).
+
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ (JSC::DFG::DFGHandler::dfgHandlerEncoded):
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ Add unary and binary bind overloads
+ https://bugs.webkit.org/show_bug.cgi?id=74524
+
+ Reviewed by Sam Weinig.
+
+ * wtf/Functional.h:
+ (WTF::R):
+ (WTF::FunctionWrapper::ResultType):
+ (WTF::bind):
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ Add back the callOnMainThread overload that takes a WTF::Function
+ https://bugs.webkit.org/show_bug.cgi?id=74512
+
+ Reviewed by Darin Adler.
+
+ Add back the overload; the changes to WebCore should hopefully keep Windows building.
+
+ * wtf/MainThread.cpp:
+ (WTF::callFunctionObject):
+ (WTF::callOnMainThread):
+ * wtf/MainThread.h:
+
+2011-12-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should infer when local variables are doubles
+ https://bugs.webkit.org/show_bug.cgi?id=74480
+
+ Reviewed by Oliver Hunt.
+
+ Introduced the notion that a local variable (though not an argument, yet!) can
+ be stored as a double, and will be guaranteed to always contain a double. This
+ requires more magic in the OSR (conversion in both entry and exit). The inference
+ is quite unorthodox: all uses of a variable vote on whether they think it should
+ be a double or a JSValue, based on how they use it. If they use it in an integer
+ or boxed value context, they vote JSValue. If they use it in a double context,
+ they vote double. This voting is interleaved in the propagator's fixpoint, so
+ that variables voted double then have a double prediction propagated from them.
+ This interleaving is needed because a variable that actually always contains an
+ integer that always gets used in arithmetic that involves doubles may end up
+ being voted double, which then means that all uses of the variable will see a
+ double rather than an integer.
+
+ This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7%
+ to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to
+ Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial.
+ It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar
+ results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall
+ win on SunSpider.
+
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble):
+ (JSC::ValueRecovery::dump):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::boxDouble):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h:
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::vote):
+ (JSC::DFG::Propagator::doRoundOfDoubleVoting):
+ (JSC::DFG::Propagator::propagatePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::VariableAccessData):
+ (JSC::DFG::VariableAccessData::clearVotes):
+ (JSC::DFG::VariableAccessData::vote):
+ (JSC::DFG::VariableAccessData::doubleVoteRatio):
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
+ (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::tearOff):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-12-13 Anders Carlsson <andersca@apple.com>
+
+ Try to fix the Windows build.
+
+ Remove the callOnMainThread overload that takes a WTF::Function since it's not being used.
+
+ * wtf/MainThread.cpp:
+ * wtf/MainThread.h:
+
+2011-12-13 Anders Carlsson <andersca@apple.com>
+
+ Add a very bare-bones implementation of bind and Function to WTF
+ https://bugs.webkit.org/show_bug.cgi?id=74462
+
+ Reviewed by Sam Weinig.
+
+ In order to make it easier to package up function calls and send them across
+ threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new
+ wtf/Functional.h header.
+
+ Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied,
+ but I'll add more as the need arises.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/Functional.h: Added.
+ (WTF::R):
+ (WTF::FunctionImplBase::~FunctionImplBase):
+ (WTF::FunctionWrapper::ResultType):
+ (WTF::FunctionBase::isNull):
+ (WTF::FunctionBase::FunctionBase):
+ (WTF::FunctionBase::impl):
+ (WTF::bind):
+ * wtf/MainThread.cpp:
+ (WTF::callFunctionObject):
+ (WTF::callOnMainThread):
+ * wtf/MainThread.h:
+ * wtf/wtf.pro:
+
+2011-12-13 Geoffrey Garen <ggaren@apple.com>
+
+ <rdar://problem/10577239> GC Crash introduced in r102545
+
+ Reviewed by Gavin Barraclough.
+
+ MarkedArgumentBuffer was still marking items in forwards order, even though
+ the argument order has been reversed.
+
+ I fixed this bug, and replaced address calculation code with some helper
+ functions -- mallocBase() and slotFor() -- so it stays fixed everywhere.
+
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::markLists):
+ (JSC::MarkedArgumentBuffer::slowAppend):
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
+ (JSC::MarkedArgumentBuffer::at):
+ (JSC::MarkedArgumentBuffer::append):
+ (JSC::MarkedArgumentBuffer::last):
+ (JSC::MarkedArgumentBuffer::slotFor):
+ (JSC::MarkedArgumentBuffer::mallocBase):
+
+2011-12-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit for UInt32ToNumber should roll forward, not roll backward
+ https://bugs.webkit.org/show_bug.cgi?id=74463
+
+ Reviewed by Gavin Barraclough.
+
+ Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing
+ how to execute the slow path of UInt32ToNumber.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::lastOSRExit):
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::operator!=):
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::uint32InGPR):
+ (JSC::ValueRecovery::gpr):
+ (JSC::ValueRecovery::dump):
+ * dfg/DFGAssemblyHelpers.cpp:
+ * dfg/DFGAssemblyHelpers.h:
+ * dfg/DFGOSRExit.h:
+ (JSC::DFG::OSRExit::valueRecoveryForOperand):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-13 Oliver Hunt <oliver@apple.com>
+
+ Arguments object doesn't handle mutation of length property correctly
+ https://bugs.webkit.org/show_bug.cgi?id=74454
+
+ Reviewed by Gavin Barraclough.
+
+ Correct handling of arguments objects with overridden length property
+
+ * interpreter/Interpreter.cpp:
+ (JSC::loadVarargs):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::copyToArguments):
+ (JSC::Arguments::fillArgList):
+
+2011-12-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG GetByVal CSE rule should match PutByValAlias
+ https://bugs.webkit.org/show_bug.cgi?id=74390
+
+ Reviewed by Geoff Garen.
+
+ Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::getByValLoadElimination):
+
+2011-12-13 Andy Wingo <wingo@igalia.com>
+
+ Fix interpreter debug build.
+ https://bugs.webkit.org/show_bug.cgi?id=74439
+
+ Reviewed by Geoffrey Garen.
+
+ * bytecode/ValueRecovery.h: Include stdio.h on debug builds.
+
+2011-12-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should know exactly why recompilation was triggered
+ https://bugs.webkit.org/show_bug.cgi?id=74362
+
+ Reviewed by Oliver Hunt.
+
+ Each OSR exit is now individually counted, as well as counting the total number
+ of OSR exits that occurred in a code block. If recompilation is triggered, we
+ check to see if there are OSR exit sites that make up a sufficiently large
+ portion of the total OSR exits that occurred. For any such OSR exit sites, we
+ add a description of the site (bytecode index, kind) to a data structure in the
+ corresponding baseline CodeBlock. Then, when we recompile the code, we immediately
+ know which speculations would be unwise based on the fact that previous such
+ speculations proved to be fruitless.
+
+ This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue,
+ and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less
+ than 0.5%.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::tallyFrequentExitSites):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addFrequentExitSite):
+ (JSC::CodeBlock::exitProfile):
+ (JSC::CodeBlock::reoptimize):
+ (JSC::CodeBlock::tallyFrequentExitSites):
+ * bytecode/DFGExitProfile.cpp: Added.
+ (JSC::DFG::ExitProfile::ExitProfile):
+ (JSC::DFG::ExitProfile::~ExitProfile):
+ (JSC::DFG::ExitProfile::add):
+ (JSC::DFG::QueryableExitProfile::QueryableExitProfile):
+ (JSC::DFG::QueryableExitProfile::~QueryableExitProfile):
+ * bytecode/DFGExitProfile.h: Added.
+ (JSC::DFG::exitKindToString):
+ (JSC::DFG::exitKindIsCountable):
+ (JSC::DFG::FrequentExitSite::FrequentExitSite):
+ (JSC::DFG::FrequentExitSite::operator!):
+ (JSC::DFG::FrequentExitSite::operator==):
+ (JSC::DFG::FrequentExitSite::hash):
+ (JSC::DFG::FrequentExitSite::bytecodeOffset):
+ (JSC::DFG::FrequentExitSite::kind):
+ (JSC::DFG::FrequentExitSite::isHashTableDeletedValue):
+ (JSC::DFG::FrequentExitSiteHash::hash):
+ (JSC::DFG::FrequentExitSiteHash::equal):
+ (JSC::DFG::QueryableExitProfile::hasExitSite):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock):
+ (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * dfg/DFGOSRExit.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
+ * dfg/DFGOSRExit.h:
+ (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ (JSC::DFG::SpeculativeJIT::compileArithMul):
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-12-13 Michael Saboff <msaboff@apple.com>
+
+ Cleanup of StringImpl::equal in r102631 post commit
+ https://bugs.webkit.org/show_bug.cgi?id=74421
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/AtomicString.h:
+ (WTF::operator==): Removed cast no longer needed.
+ * wtf/text/StringImpl.h:
+ (WTF::equal): Changed template to several overloaded methods.
+
+2011-12-12 Michael Saboff <msaboff@apple.com>
+
+ Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h
+ https://bugs.webkit.org/show_bug.cgi?id=73622
+
+ Reviewed by Oliver Hunt.
+
+ Moved equal(charType1 *, charType2, unsigned) template methods
+ from static StringImpl.cpp to StringImpl.h and then replaced the
+ processor specific character comparison code in StringHash::equal
+ with calls to these methods.
+
+ This change is worth 3% on SunSpider string-unpack-code as reported
+ by the SunSpider command line harness. No other tests appear to
+ have measurable performance changes.
+
+ * wtf/text/AtomicString.h:
+ (WTF::operator==):
+ * wtf/text/StringHash.h:
+ (WTF::StringHash::equal):
+ * wtf/text/StringImpl.cpp:
+ * wtf/text/StringImpl.h:
+ (WTF::LChar):
+ (WTF::UChar):
+ (WTF::equal):
+
+2011-12-12 Filip Pizlo <fpizlo@apple.com>
+
+ ARMv7 version of DFG soft modulo does register allocation inside of control flow
+ https://bugs.webkit.org/show_bug.cgi?id=74354
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+
+2011-12-12 Andy Wingo <wingo@igalia.com>
+
+ Simplify autotools configure.ac
+ https://bugs.webkit.org/show_bug.cgi?id=74312
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags.
+
+2011-12-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber
+ https://bugs.webkit.org/show_bug.cgi?id=74329
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::getByValLoadElimination):
+
+2011-12-09 Alexander Pavlov <apavlov@chromium.org>
+
+ WebKit does not enumerate over CSS properties in HTMLElement.style
+ https://bugs.webkit.org/show_bug.cgi?id=23946
+
+ Reviewed by Darin Adler.
+
+ Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
+ introduce an std::sort() comparator function.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/WTFString.h:
+ (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
+
+2011-12-12 Alexander Pavlov <apavlov@chromium.org>
+
+ Unreviewed, build fix.
+
+ Revert r102570 which broke SnowLeopard builders.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/WTFString.h:
+
+2011-12-09 Alexander Pavlov <apavlov@chromium.org>
+
+ WebKit does not enumerate over CSS properties in HTMLElement.style
+ https://bugs.webkit.org/show_bug.cgi?id=23946
+
+ Reviewed by Darin Adler.
+
+ Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
+ introduce an std::sort() comparator function.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/WTFString.h:
+ (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
+
+2011-12-12 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck issues.
+
+ * GNUmakefile.list.am:
+
+2011-12-11 Sam Weinig <sam@webkit.org>
+
+ Fix another signed vs. unsigned warning
+
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
+
+2011-12-11 Sam Weinig <sam@webkit.org>
+
+ Fix a signed vs. unsigned warning.
+
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::slowAppend):
+ Cast inlineCapacity to an int to appease the warning. This is known OK
+ since inlineCapacity is defined to be 8.
+
+2011-12-11 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out *another* debugging change I committed accidentally.
+
+ Unreviewed.
+
+ * Configurations/Base.xcconfig:
+
+2011-12-11 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out a debug counter I committed accidentally.
+
+ Unreviewed.
+
+ * jit/JITStubs.cpp:
+ (JSC::arityCheckFor):
+
+2011-12-10 Geoffrey Garen <ggaren@apple.com>
+
+ v8 benchmark takes 12-13 million function call slow paths due to extra arguments
+ https://bugs.webkit.org/show_bug.cgi?id=74244
+
+ Reviewed by Filip Pizlo.
+
+ .arguments function of order the Reversed
+
+ 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken
+ and SunSpider.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface
+ to this function is an argument number.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame
+ helper functions for computing offsets for arguments, rather than doing
+ the math by hand.
+
+ Switched to iterating argument offsets backwards (--) instead of forwards (++).
+
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::CallArguments::thisRegister):
+ (JSC::CallArguments::argumentRegister):
+ (JSC::CallArguments::registerOffset): Updated for arguments being reversed.
+
+ * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::flush):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices
+ that just-in-time convert to bytecode operands (i.e., indexes in the register
+ file) through helper functions. This means only one piece of code needs
+ to know how arguments are laid out in the register file.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump): Ditto.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueProfileFor): Ditto.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch:
+ Treat too many arguments as an arity match.
+
+ * dfg/DFGOSRExit.h:
+ (JSC::DFG::OSRExit::variableForIndex):
+ (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above.
+
+ * dfg/DFGOperands.h:
+ (JSC::DFG::operandToArgument):
+ (JSC::DFG::argumentToOperand): These are now the only two lines of code in
+ the DFG compiler that know how arguments are laid out in memory.
+
+ (JSC::DFG::Operands::operand):
+ (JSC::DFG::Operands::setOperand): Use helper functions, as above.
+
+ * dfg/DFGOperations.cpp: The whole point of this patch:
+ Treat too many arguments as an arity match.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
+
+ Also, don't tag the caller frame slot as a cell, because it's not a cell.
+
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above.
+
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed
+ argument virtual register instead of recomputing by hand.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callFrameSlot):
+ (JSC::DFG::SpeculativeJIT::argumentSlot):
+ (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
+ (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
+ (JSC::DFG::SpeculativeJIT::argumentTagSlot):
+ (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper
+ functions for dealing with callee arguments specifically. These still
+ build on top of our other helper functions, and have no direct knowledge
+ of how arguments are laid out in the register file.
+
+ (JSC::DFG::SpeculativeJIT::resetCallArguments):
+ (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to
+ argumentOffset to match CallFrame naming.
+
+ (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper
+ functions, as above.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::argumentOffset):
+ (JSC::ExecState::argumentOffsetIncludingThis):
+ (JSC::ExecState::argument):
+ (JSC::ExecState::setArgument):
+ (JSC::ExecState::thisArgumentOffset):
+ (JSC::ExecState::thisValue):
+ (JSC::ExecState::setThisValue):
+ (JSC::ExecState::offsetFor):
+ (JSC::ExecState::hostThisRegister):
+ (JSC::ExecState::hostThisValue): Added a bunch of helper functions for
+ computing where an argument is in the register file. Anything in the
+ runtime that needs to access arguments should use these helpers.
+
+ * interpreter/CallFrameClosure.h:
+ (JSC::CallFrameClosure::setThis):
+ (JSC::CallFrameClosure::setArgument):
+ (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now
+ that too many arguments counts as an arity match and doesn't require
+ preserving two copies of our arguments.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something
+ special if the caller provided too few arguments.
+
+ Key simplification: We never need to maintain two copies of our arguments
+ anymore.
+
+ (JSC::eval):
+ (JSC::loadVarargs): Use helper functions.
+
+ (JSC::Interpreter::unwindCallFrame): Updated for new interface.
+
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper
+ functions.
+
+ (JSC::Interpreter::privateExecute): No need to check for stack overflow
+ when calling host functions because they have zero callee registers.
+
+ (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments
+ object, since there's no special constructor for this anymore.
+
+ * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some
+ workers tests were hitting stack overflow in some of my testing. We should
+ make this test more exact in future.
+
+ * interpreter/RegisterFile.h: Death to all runtime knowledge of argument
+ location that does not belong to the CallFrame class!
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile): I am a broken record and I use helper functions.
+
+ Also, the whole point of this patch: Treat too many arguments as an arity match.
+
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use
+ helper functions, for backwards-correctness. Removed the condition
+ pertaining to declared argument count because, now that arguments are
+ always in just one place, this optimization is valid for all functions.
+ Standardized the if predicate for each line of the optimization. This might
+ fix a bug, but I couldn't get the bug to crash in practice.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_create_arguments):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ (JSC::JIT::emitSlow_op_get_argument_by_val):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_create_arguments):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params
+ optimization because it's no longer an optimization, now that arguments
+ are always contiguous in a known location.
+
+ Updated argument access opcode math for backwards-correctness.
+
+ * jit/JITStubs.cpp:
+ (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This
+ function is slightly different because it copies the call frame in
+ addition to the arguments. (In the Interpreter, the call frame is not
+ set up by this point.)
+
+ (JSC::lazyLinkFor): The whole point of this patch: Treat too many
+ arguments as an arity match.
+
+ (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff().
+
+ * jit/JITStubs.h:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::loadDoubleArgument):
+ (JSC::SpecializedThunkJIT::loadCellArgument):
+ (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They
+ build strong bones and teeth!
+
+ * runtime/ArgList.cpp:
+ (JSC::ArgList::getSlice):
+ (JSC::MarkedArgumentBuffer::slowAppend):
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
+ (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
+ (JSC::MarkedArgumentBuffer::at):
+ (JSC::MarkedArgumentBuffer::clear):
+ (JSC::MarkedArgumentBuffer::append):
+ (JSC::MarkedArgumentBuffer::removeLast):
+ (JSC::MarkedArgumentBuffer::last):
+ (JSC::ArgList::ArgList):
+ (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't
+ play nice with backwards-ness, so I changed to using manual allocation.
+
+ Fixed a FIXME about not all values being marked in the case of out-of-line
+ arguments. I had to rewrite the loop anyway, and I didn't feel like
+ maintaining fidelity to its old bugs.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ (JSC::Arguments::copyToArguments):
+ (JSC::Arguments::fillArgList):
+ (JSC::Arguments::getOwnPropertySlotByIndex):
+ (JSC::Arguments::getOwnPropertySlot):
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ (JSC::Arguments::putByIndex):
+ (JSC::Arguments::put):
+ (JSC::Arguments::tearOff):
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ (JSC::Arguments::Arguments):
+ (JSC::Arguments::argument):
+ (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted
+ lots of tricky code designed to maintain two different copies of function
+ arguments. Now that arguments are always contiguous in one place in memory,
+ this complexity can go away.
+
+ Reduced down to one create function for the Arguments class, from three.
+
+ Moved tearOff() into an out-of-line function because it's huge.
+
+ Moved logic about whether to tear off eagerly into the Arguments class,
+ so we didn't have to duplicate it elsewhere.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to
+ m_numCapturedArgs because if the value really were m_numParametersMinusThis
+ we would be marking too much. (We shouldn't mark 'this' because it can't
+ be captured.) Also, use helper functions.
+
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::tearOff): Use helper functions.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::copyToArguments):
+ * runtime/JSArray.h: Use helper functions, as above.
+
+2011-12-10 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSC testapi is crashing on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=74233
+
+ Reviewed by Sam Weinig.
+
+ Same error we've encountered before where we are calling the wrong version of
+ visitChildren and objects that are still reachable aren't getting marked.
+ This problem will go away soon with the removal of vptrs for these sorts of
+ optimizations in favor of using the ClassInfo, but for now we can simply give
+ JSFinalObject a bogus virtual method that Visual Studio can't optimize away to
+ ensure that JSFinalObject will always have a unique vptr. We don't have to worry
+ about JSString or JSArray right now, which are the other two special cases for
+ visitChildren, since they already have their own virtual functions.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSObject.cpp:
+ (JSC::JSFinalObject::vtableAnchor):
+ * runtime/JSObject.h:
+
+2011-12-10 Alexis Menard <alexis.menard@openbossa.org>
+
+ Unused variable in YarrJIT.cpp.
+ https://bugs.webkit.org/show_bug.cgi?id=74237
+
+ Reviewed by Andreas Kling.
+
+ Variable is set but not used so we can remove it.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
+2011-12-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ArithMul power-of-two case does not check for overflow
+ https://bugs.webkit.org/show_bug.cgi?id=74230
+
+ Reviewed by Gavin Barraclough.
+
+ Disabled power-of-2 peephole optimization for multiplication, because it was wrong,
+ and any attempt to fix it would likely introduce code bloat and register pressure.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileArithMul):
+
+2011-12-09 David Levin <levin@chromium.org>
+
+ REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock
+ https://bugs.webkit.org/show_bug.cgi?id=73886
+
+ Reviewed by Darin Adler.
+
+ * runtime/SymbolTable.h:
+ (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for
+ another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads.
+ Bug 58091 is about changing these deprecated calls to something else but that something
+ else will still need to be in all of these places.
+
+2011-12-09 Konrad Piascik <kpiascik@rim.com>
+
+ Remove unnecessary file DissasemblerARM.cpp from build system
+ https://bugs.webkit.org/show_bug.cgi?id=74184
+
+ Reviewed by Daniel Bates.
+
+ * PlatformBlackBerry.cmake:
+
+2011-12-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG's interpretation of rare case profiles should be frequency-based not count-based
+ https://bugs.webkit.org/show_bug.cgi?id=74170
+
+ Reviewed by Geoff Garen.
+
+ DFG optimizes for rare cases only when the rare case counter is above some threshold
+ and it also constitutes a large enough fraction of total function executions. Also
+ added some minor debug logic.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::likelyToTakeSlowCase):
+ (JSC::CodeBlock::couldTakeSlowCase):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::likelyToTakeAnySlowCase):
+ (JSC::CodeBlock::executionEntryCount):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-12-09 Oliver Hunt <oliver@apple.com>
+
+ PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage
+ https://bugs.webkit.org/show_bug.cgi?id=74223
+
+ Reviewed by Geoffrey Garen.
+
+ Don't clobber GetIndexedPropertyStorage when we see PutByValAlias
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+
+2011-12-09 David Levin <levin@chromium.org>
+
+ Hash* iterators should allow comparison between const and const versions.
+ https://bugs.webkit.org/show_bug.cgi?id=73370
+
+ Reviewed by Darin Adler.
+
+ * wtf/HashTable.h: Add the operators needed to do this.
+ (WTF::HashTableConstIterator::operator==):
+ (WTF::HashTableConstIterator::operator!=):
+ (WTF::HashTableIterator::operator==):
+ (WTF::HashTableIterator::operator!=):
+ (WTF::operator==):
+ (WTF::operator!=):
+
+2011-12-09 Michael Saboff <msaboff@apple.com>
+
+ YARR: Multi-character read optimization for 8bit strings
+ https://bugs.webkit.org/show_bug.cgi?id=74191
+
+ Reviewed by Oliver Hunt.
+
+ Changed generatePatternCharacterOnce to generate
+ code for 1 to 4 characters in the 8 bit case.
+ This is worth 29% improvement on SunSpider regexp-dna test.
+ It provides no benefit to v8-regexp.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment.
+
+2011-12-09 David Levin <levin@chromium.org>
+
+ Regression(r53595): Sync xhr requests in workers aren't terminated on worker close.
+ https://bugs.webkit.org/show_bug.cgi?id=71695
+
+ Reviewed by Zoltan Herczeg.
+
+ * wtf/MessageQueue.h:
+ (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages
+ even after the queue has been killed. This is useful when one wants to
+ kill a queue but then go through it to run clean up tasks from it.
+
+2011-12-09 Adrienne Walker <enne@google.com>
+
+ Fix HashMap<..., OwnPtr<...> >::add compilation errors
+ https://bugs.webkit.org/show_bug.cgi?id=74159
+
+ Reviewed by Darin Adler.
+
+ Add a constructor to OwnPtr that takes the empty value (nullptr_t)
+ from HashTraits so that this function can compile.
+
+ * wtf/OwnPtr.h:
+ (WTF::OwnPtr::OwnPtr):
+
+2011-12-09 Oliver Hunt <oliver@apple.com>
+
+ Avoid reloading storage pointer for indexed properties unnecessarily
+ https://bugs.webkit.org/show_bug.cgi?id=74136
+
+ Reviewed by Filip Pizlo.
+
+ Add a node to represent loading property storage for indexed properties.
+ This allows us to reduce code generated for sequential access of arrays,
+ strings, etc. This results in up to 5% improvement in code that is
+ very heavy on indexed reads, such as matrix operations in typed arrays
+ and 20% faster on microbenchmarks.
+
+ Currently this is only supported by GetByVal and other similar indexed reads.
+
+ * bytecode/PredictedType.h:
+ (JSC::isFixedIndexedStorageObjectPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-08 Fady Samuel <fsamuel@chromium.org>
+
+ [Chromium] Enable viewport metatag
+ https://bugs.webkit.org/show_bug.cgi?id=73495
+
+ Reviewed by Darin Fisher.
+
+ * wtf/Platform.h: Added ENABLE(VIEWPORT) tag.
+
+2011-12-08 Adam Klein <adamk@chromium.org>
+
+ Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
+ https://bugs.webkit.org/show_bug.cgi?id=73964
+
+ Reviewed by Darin Adler.
+
+ * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs.
+
+2011-12-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=74005
+ fix unaligned access memory in generatePatternCharacterOnce function
+ for SH4 platforms.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load16Unaligned):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load16Unaligned):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load16Unaligned):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::lshift32):
+ (JSC::MacroAssemblerSH4::load8):
+ (JSC::MacroAssemblerSH4::load16):
+ (JSC::MacroAssemblerSH4::load16Unaligned):
+ (JSC::MacroAssemblerSH4::branch8):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load16Unaligned):
+ * jit/JIT.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
+2011-12-08 Michael Saboff <msaboff@apple.com>
+
+ Add 8 bit paths for StringTypeAdapter classes
+ https://bugs.webkit.org/show_bug.cgi?id=73882
+
+ Reviewed by Darin Adler.
+
+ Added is8Bit() method and writeTo(LChar*) methods
+ to StringTypeAdapter<> classes. The writeTo(LChar*)
+ method can be used if is8Bit() returns true. The
+ non-native 8 bit classes contain ASSERT(is8Bit())
+ in their writeTo(LChar*).
+
+ Updated all of the various versions of tryMakeString() to
+ use 8 bit processing in the updated StringTypeAdapter<>
+ classes.
+
+ This has slight if any performance improvement on kraken.
+
+ * runtime/UStringConcatenate.h:
+ * wtf/text/StringConcatenate.h:
+ (WTF::tryMakeString):
+ * wtf/text/StringOperators.h:
+ (WTF::StringAppend::is8Bit):
+ (WTF::StringAppend::writeTo):
+
+2011-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CSE should know that CheckFunction is pure
+ https://bugs.webkit.org/show_bug.cgi?id=74044
+
+ Reviewed by Oliver Hunt.
+
+ Possible slight win on V8, no regressions.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::checkFunctionElimination):
+
+2011-12-07 Michael Saboff <msaboff@apple.com>
+
+ StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing.
+ https://bugs.webkit.org/show_bug.cgi?id=73995
+
+ Reviewed by Geoffrey Garen.
+
+ Problem was that a call to characters on an StringImpl associated
+ with a StringBuilder that is being appended to gets stale.
+ Added a new m_valid16BitShadowlen that keeps the length of
+ the 16 bit shadow that has been upconverted or will be up converted
+ with the first getCharacters(). When StringBuilder::characters or
+ ::reifyString is called, further characters are upconverted if
+ we have a shadow16bit copy and the m_valid16BitShadowlen is updated.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::reifyString):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::StringBuilder):
+ (WTF::StringBuilder::characters):
+ (WTF::StringBuilder::clear): Cleaned up as part of the change.
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::getData16SlowCase):
+ (WTF::StringImpl::upconvertCharacters):
+ * wtf/text/StringImpl.h:
+
+2011-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ Compare and Swap should be enabled on ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=74023
+
+ Reviewed by Geoff Garen.
+
+ Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC.
+ It gives the expected speed-up on multi-core ARMv7 devices.
+
+ * wtf/Atomics.h:
+ (WTF::weakCompareAndSwap):
+ * wtf/Platform.h:
+
+2011-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CSE is overzealous with GetByVal
+ https://bugs.webkit.org/show_bug.cgi?id=74042
+
+ Reviewed by Oliver Hunt.
+
+ Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal
+ is tested in all places that matter.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::byValIsPure):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+
+2011-12-07 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r102267.
+ http://trac.webkit.org/changeset/102267
+ https://bugs.webkit.org/show_bug.cgi?id=74032
+
+ Breaks build on Chromium Mac Debug (Requested by aklein on
+ #webkit).
+
+ * wtf/HashTraits.h:
+
+2011-12-07 Adam Klein <adamk@chromium.org>
+
+ Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
+ https://bugs.webkit.org/show_bug.cgi?id=73964
+
+ Reviewed by Ryosuke Niwa.
+
+ * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null.
+
+2011-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ Non-Mac devices should benefit from a larger heap
+ https://bugs.webkit.org/show_bug.cgi?id=74015
+
+ Reviewed by Geoff Garen.
+
+ Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in
+ Heap.cpp, and got in the way of having more granular, per-platform control over
+ what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB).
+
+ * heap/Heap.cpp:
+ (JSC::GCTimer::heapSizeForHint):
+ * wtf/Platform.h:
+
+2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] V8 build fixes.
+
+ Reviewed by Tor Arne Vestbø.
+
+ * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in
+ VPATH. Prefix SOURCES correctly and make sure that runtime/ is
+ in the include search path when building with v8.
+
+2011-12-06 Filip Pizlo <fpizlo@apple.com>
+
+ Zapping a block that is Marked leads to dead objects being mistaken for live ones
+ https://bugs.webkit.org/show_bug.cgi?id=73982
+
+ Reviewed by Geoff Garen.
+
+ Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally,
+ the code asserts that:
+
+ - If we zap a Marked or Zapped block then the free list is empty, because this
+ can only happen if the block was never free-listed.
+
+ - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated
+ blocks are those that cannot be referred to by SizeClass::currentBlock (since
+ SizeClass::currentBlock only refers to blocks that are candidates for allocation,
+ and Allocated blocks are those who have been exhausted by allocation and will not
+ be allocated from again), and New blocks cannot be referred to by anything except
+ during a brief window inside the allocation slow-path.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::zapFreeList):
+
+2011-12-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG 32_64 call linking does not handle non-cell callees correctly
+ https://bugs.webkit.org/show_bug.cgi?id=73965
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+
+2011-12-06 Sam Weinig <sam@webkit.org>
+
+ Remove unintentional type name shadowing in the Interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=73963
+
+ Reviewed by Oliver Hunt.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable,
+ which shadows the FunctionExecutable type name, with functionExecutable.
+
+2011-12-06 Michael Saboff <msaboff@apple.com>
+
+ r102146 from 73875 broke fast/js/encode-URI-test.html
+ https://bugs.webkit.org/show_bug.cgi?id=73950
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncUnescape): Restructured to handle
+ the %uHHHH case to output the resulting character
+ and continue so that a failure in finding 4 hex
+ digits will fall through and output the '%'.
+ Due to style check, changed the temporary
+ character variable to a more descriptive name.
+
+2011-12-06 Filip Pizlo <fpizlo@apple.com>
+
+ GC zapping logic could benefit from some more assertions
+ https://bugs.webkit.org/show_bug.cgi?id=73947
+
+ Reviewed by Gavin Barraclough.
+
+ - If you're in a zapped block and you're zapped, then your mark bit should
+ never be set.
+
+ - If you're being marked, then you should never be zapped.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isLive):
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend):
+
+2011-12-06 Oliver Hunt <oliver@apple.com>
+
+ Don't allocate register in typedarray control flow
+ https://bugs.webkit.org/show_bug.cgi?id=73944
+
+ Reviewed by Gavin Barraclough.
+
+ Move a temporary allocation outside of control flow.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+
+2011-12-06 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=68328
+ The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant
+
+ Reviewed by Geoff Garen.
+
+ Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions
+ that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the
+ hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select
+ a thunk genertaor to use based on the Intrinsic.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGCapabilities.h:
+ * dfg/DFGIntrinsic.h: Removed.
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::intrinsic):
+ (JSC::NativeExecutable::intrinsic):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::intrinsicFor):
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h.
+ * runtime/JSGlobalData.cpp:
+ (JSC::thunkGeneratorForIntrinsic):
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ * runtime/Lookup.cpp:
+ (JSC::HashTable::createTable):
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::HashEntry::initialize):
+ (JSC::HashEntry::intrinsic):
+
+2011-12-06 Michael Saboff <msaboff@apple.com>
+
+ Add 8 bit paths to global object functions
+ https://bugs.webkit.org/show_bug.cgi?id=73875
+
+ Added 8 bit paths for converions methods.
+
+ This is worth 1.5% on kraken audio-oscillator,
+ 1.6% on stanford-crypto-ccm and 2.5% on
+ stanford-crypto-sha256-iterative. See bug for
+ a full report.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::decode): Split into a templated helper.
+ (JSC::parseInt): Split into a templated helper.
+ (JSC::parseFloat): Added an 8 bit path
+ (JSC::globalFuncEscape): Added 8 bit path
+ (JSC::globalFuncUnescape): Added 8 bit path
+ * runtime/JSStringBuilder.h:
+ (JSC::JSStringBuilder::append): New append for LChar
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::append): New append for LChar
+
+2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
+
+ Enable ParallelJobs by default
+ https://bugs.webkit.org/show_bug.cgi?id=70032
+
+ Reviewed by Zoltan Herczeg.
+
+ According to measurements on Mac and Linux it is a
+ considerable speedup for SVG on multicore.
+
+ Remove the ENABLE(PARALLEL_JOBS) guard.
+ Fix build on Windows and Chromium.
+
+ * JavaScriptCore.gypi: Add the files to the build. It was
+ missing for the gyp build system.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Export symbols.
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ Deinline these to avoid exporting a lot of symbols.
+ These are non-trivial and called only once on a given object
+ so it doesn't seems to be worthwile to inline them.
+ Additionally fix a signed-unsigned comparison in the constructor.
+ * wtf/ParallelJobsGeneric.h:
+ * wtf/Platform.h:
+
+2011-12-06 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] build-jsc script doesn't work
+ https://bugs.webkit.org/show_bug.cgi?id=73910
+
+ Reviewed by Tor Arne Vestbø.
+
+ * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC
+ (moved from top-level WebKit.pro). Also add v8 scopes to only build
+ WTF during v8 builds.
+
+2011-12-05 Anders Carlsson <andersca@apple.com>
+
+ Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11.
+
+ Reviewed by Darin Adler.
+
+ * wtf/HashMap.h:
+
+2011-12-05 Michael Saboff <msaboff@apple.com>
+
+ Create StringImpl::empty() as an 8 bit string
+ https://bugs.webkit.org/show_bug.cgi?id=73871
+
+ Reviewed by Oliver Hunt.
+
+ * wtf/text/StringStatics.cpp:
+ (WTF::StringImpl::empty): Changed to be an 8 bit string.
+
+2011-12-05 Darin Adler <darin@apple.com>
+
+ Convert JSClassRef to use HashMap<OwnPtr>
+ https://bugs.webkit.org/show_bug.cgi?id=73780
+
+ Reviewed by Andreas Kling.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map
+ entries because the hash map now has an OwnPtr instead of a raw pointer.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and
+ m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating.
+ Removed the code that gets and deletes existing entries, and just use set,
+ which now handles deletion automatically due to it being OwnPtr.
+ (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion
+ with assertion-only NDEBUG-only code.
+ (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when
+ allocating. Use OwnPtr when adding. Removed unneeded code to set
+ staticValues and staticFunctions to 0. Removed unneeded destructor.
+ (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local.
+ (OpaqueJSClass::staticFunctions): Ditto.
+ (OpaqueJSClass::prototype): Added use of adoptPtr.
+
+ * API/JSClassRef.h: Made the static values and static functions tables
+ use OwnPtr for the entries. Also used OwnPtr for the pointers to the
+ tables themselves. Also removed ~OpaqueJSClassContextData(), letting
+ the compiler generate it.
+
+2011-12-05 Oliver Hunt <oliver@apple.com>
+
+ Land uncommitted bit of float array support
+ https://bugs.webkit.org/show_bug.cgi?id=73873
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+
+2011-12-05 Benjamin Poulain <benjamin@webkit.org>
+
+ Update String::containsOnlyASCII() to handle 8 bits strings
+ https://bugs.webkit.org/show_bug.cgi?id=73799
+
+ Reviewed by Darin Adler.
+
+ Implement String::containsOnlyASCII() so that it does not
+ call String::characters().
+
+ * wtf/text/WTFString.h:
+ (WTF::String::containsOnlyASCII):
+
+2011-12-05 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for non-DFG platforms.
+
+ * dfg/DFGRepatch.h:
+
+2011-12-05 Filip Pizlo <fpizlo@apple.com>
+
+ Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they
+ were compact offsets
+ https://bugs.webkit.org/show_bug.cgi?id=73861
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::resetPatchPutById):
+
+2011-12-05 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, build fixes for ARM.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::unreachableForPlatform):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::loadDouble):
+ (JSC::MacroAssemblerARMv7::loadFloat):
+ (JSC::MacroAssemblerARMv7::storeFloat):
+ (JSC::MacroAssemblerARMv7::convertFloatToDouble):
+ (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
+
+2011-12-05 Benjamin Poulain <benjamin@webkit.org>
+
+ Update String::containsOnlyLatin1() to avoid converting to 16 bits
+ https://bugs.webkit.org/show_bug.cgi?id=73797
+
+ Reviewed by Andreas Kling.
+
+ When the String use 8bits StringImpl, there is no need to iterate
+ over the string.
+
+ The function charactersAreAllLatin1() is removed because it is not
+ used anywhere.
+
+ * wtf/text/WTFString.h:
+ (WTF::String::containsOnlyLatin1):
+
+2011-12-05 Michael Saboff <msaboff@apple.com>
+
+ 8 bit string work slows down Kraken json-stringify-tinderbox
+ https://bugs.webkit.org/show_bug.cgi?id=73457
+
+ Added 8 bit path to StringBuilder. StringBuilder starts
+ assuming 8 bit contents and gets converted to 16 bit upon
+ seeing the first 16 bit character or string. Split
+ appendUninitialiezed into an inlined fast and function call
+ slow case.
+
+ Factored out the processing of the UString argument from
+ Stringifier::appendQuotedString() to a static templated function
+ based on character size.
+
+ This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox.
+ This change introduces a 4.8% slowdown to json-parse-financial.
+ This slowdown will be addressed in a subsequent patch to StringImpl::equal.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSONObject.cpp:
+ (JSC::appendStringToUStringBuilder):
+ (JSC::Stringifier::appendQuotedString):
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::resize):
+ (WTF::StringBuilder::allocateBuffer):
+ (WTF::StringBuilder::allocateBufferUpConvert):
+ (WTF::LChar):
+ (WTF::UChar):
+ (WTF::StringBuilder::reserveCapacity):
+ (WTF::StringBuilder::appendUninitialized):
+ (WTF::StringBuilder::appendUninitializedSlow):
+ (WTF::StringBuilder::append):
+ (WTF::StringBuilder::shrinkToFit):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::StringBuilder):
+ (WTF::StringBuilder::append):
+ (WTF::StringBuilder::operator[]):
+ (WTF::StringBuilder::characters8):
+ (WTF::StringBuilder::characters16):
+ (WTF::StringBuilder::charactersBlah):
+ (WTF::LChar):
+ (WTF::UChar):
+
+2011-12-01 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=73624
+ JIT + INTERPRETER builds are broken
+
+ Reviewed by Geoff Garen, Sam Weinig.
+
+ These don't fallback to the interpreter correctly.
+ Thunk creation assumes that is the JIT is compiled in, then it is enabled.
+
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::getHostFunction):
+
+2011-12-05 Zoltan Herczeg <zherczeg@webkit.org>
+
+ MacroAssemblerSH4 does not implement readCallTarget
+ https://bugs.webkit.org/show_bug.cgi?id=73434
+
+ Reviewed by Csaba Osztrogonác.
+
+ * assembler/MacroAssemblerSH4.h: Support for SH4.
+ (JSC::MacroAssemblerSH4::readCallTarget):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::readCallTarget):
+
+2011-12-04 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should optimize strict equality
+ https://bugs.webkit.org/show_bug.cgi?id=73764
+
+ Reviewed by Oliver Hunt.
+
+ 1% speed-up on V8.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
+ (JSC::DFG::SpeculativeJIT::compileStrictEq):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
+ (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
+ (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-03 Darin Adler <darin@apple.com>
+
+ Use HashMap<OwnPtr> for ScriptSampleRecordMap
+ https://bugs.webkit.org/show_bug.cgi?id=73758
+
+ Reviewed by Andreas Kling.
+
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingTool::notifyOfScope): Added adoptPtr.
+ (JSC::SamplingTool::dump): Added get.
+ * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr.
+
+2011-12-03 Darin Adler <darin@apple.com>
+
+ Use HashMap<OwnPtr> for the opaqueJSClassData map
+ https://bugs.webkit.org/show_bug.cgi?id=73759
+
+ Reviewed by Andreas Kling.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::contextData): Update types.
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the
+ timing the same. If we didn't care about the order of operations, we could remove this, too.
+ * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the
+ opaqueJSClassData map.
+
+2011-12-03 Darin Adler <darin@apple.com>
+
+ Change HashMap implementation to use the pass type and peek type from traits for the mapped value
+ https://bugs.webkit.org/show_bug.cgi?id=72474
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType,
+ and PeekType from the traits of the mapped value instead of hard-coding them here.
+ Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself,
+ to accomodate a PassInType that can't be copied. Use the store, peek, and passOut
+ functions from the traits as well.
+
+ * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include
+ PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had
+ an earlier version that was just PassType, PeekType, pass, and peek. Also commented
+ the HashTraits for RefPtr to foreshadow some work we can do there.
+
+ * wtf/RefPtrHashMap.h: Same changes as HashMap.h.
+
+2011-12-02 David Levin <levin@chromium.org>
+
+ Rename WTF class from TemporarilyChange to TemporaryChange.
+ https://bugs.webkit.org/show_bug.cgi?id=73479
+
+ Reviewed by Eric Seidel.
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h.
+ (WTF::TemporaryChange::TemporaryChange):
+ (WTF::TemporaryChange::~TemporaryChange):
+
+2011-12-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ REGRESSION (r99754): All layout tests crash on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=72305
+
+ Reviewed by Geoffrey Garen.
+
+ Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in
+ JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of
+ a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an
+ incorrect version of visitChildren on the object, which left its children unmarked, causing them to be
+ collected when they were still reachable.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away.
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization
+ purposes are distinct from one another.
+
+2011-12-02 Oliver Hunt <oliver@apple.com>
+
+ Improve float array support in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=73722
+
+ Reviewed by Gavin Barraclough.
+
+ Add basic support for float typed arrays in JSC. This is currently
+ less optimal than it could be in the following ways:
+ * float32Array1[0] = float32Array2[0] (eg. an element by element copy)
+ promotes float to double and then back to float.
+ * float64Array[0] will always perform NaN tests in order to prevent
+ signalling NaNs from entering the engine.
+
+ We also don't support Float32Array on ARMv7
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::loadDouble):
+ (JSC::MacroAssemblerARMv7::loadFloat):
+ (JSC::MacroAssemblerARMv7::storeDouble):
+ (JSC::MacroAssemblerARMv7::storeFloat):
+ (JSC::MacroAssemblerARMv7::convertFloatToDouble):
+ (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::loadDouble):
+ (JSC::MacroAssemblerX86Common::loadFloat):
+ (JSC::MacroAssemblerX86Common::storeDouble):
+ (JSC::MacroAssemblerX86Common::storeFloat):
+ (JSC::MacroAssemblerX86Common::convertDoubleToFloat):
+ (JSC::MacroAssemblerX86Common::convertFloatToDouble):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::cvtsd2ss_rr):
+ (JSC::X86Assembler::cvtss2sd_rr):
+ (JSC::X86Assembler::movsd_rm):
+ (JSC::X86Assembler::movss_rm):
+ (JSC::X86Assembler::movsd_mr):
+ (JSC::X86Assembler::movss_mr):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateFloat32Array):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-02 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r101801.
+ http://trac.webkit.org/changeset/101801
+ https://bugs.webkit.org/show_bug.cgi?id=73667
+
+ Build is still broken (Requested by Ossy on #webkit).
+
+ * assembler/SH4Assembler.h:
+
+2011-12-01 Darin Adler <darin@apple.com>
+
+ Prepare to deploy pass and peek types in the HashMap class
+ https://bugs.webkit.org/show_bug.cgi?id=73477
+
+ Reviewed by Adam Roben.
+
+ This patch adds private typedefs inside the HashMap class,
+ and uses them as appropriate. A future patch will actually
+ tie those typedefs to hash traits, which will allow us to
+ make HashMap work with OwnPtr mapped values and to optimize
+ how HashMap works with RefPtr mapped values.
+
+ Also changed the hash translator and adapter struct templates
+ to use template functions to simplify them and make them more
+ flexible.
+
+ Also removed some unused template arguments.
+
+ This goes out of its way to not change behavior. Future patches
+ will change the peek type to be a reference type, which will
+ reduce reference count churn a bit for hash tables with RefPtr
+ mapped values, and then do further optimizations for RefPtr
+ and OwnPtr by getting types from the hash traits.
+
+ * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType,
+ and MappedPeekType typedefs, and used them for the arguments
+ and return types of the get, set, add, take, and inlineAdd
+ functions.
+ (WTF::HashMapTranslator): Changed this struct template to take
+ fewer arguments, and changed its member functions to be
+ function templates instead. This allows the compiler to
+ determine types more flexibly and also simplifies use of it.
+ (WTF::HashMapTranslatorAdapter): Ditto.
+ (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter.
+ Also reduced the arguments passed to the HashTable function template.
+ (WTF::HashMap::contains): Ditto.
+ (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
+ (WTF::HashMap::set): Ditto.
+ (WTF::HashMap::add): Ditto.
+ (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
+ (WTF::HashMap::get): Ditto.
+ (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
+ that type in the implementation.
+ (WTF::deleteAllValues): Removed unneeded template arguments from
+ call to deleteAllPairSeconds.
+ (WTF::deleteAllKeys): Removed unneeded template arguments from
+ call to deleteAllPairFirsts.
+
+ * wtf/HashSet.h:
+ (WTF::IdentityExtractor): Changed this to be a struct rather than
+ a struct template, and replaced the extract function with a function
+ template. This allows the compiler to deduce the type.
+ (WTF::HashSetTranslatorAdapter): Changed this struct template to take
+ fewer arguments, and changed its member functions to be
+ function templates instead. This allows the compiler to
+ determine types more flexibly and also simplifies use of it.
+ (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter.
+ Also reduced the arguments passed to the HashTable function template.
+ (WTF::HashSet::contains): Ditto.
+ (WTF::HashSet::add): Ditto.
+
+ * wtf/HashTable.h:
+ (WTF::IdentityHashTranslator): Changed this struct template to take
+ fewer arguments, and changed its member functions to be
+ function templates instead. This allows the compiler to
+ determine types more flexibly and also simplifies use of it.
+ (WTF::HashTable::add): Reduced arguments passed to the function template.
+ (WTF::HashTable::find): Ditto, also reversed the template arguments so the
+ translator comes first so the compiler can deduce the other type.
+ (WTF::HashTable::contains): Ditto.
+ (WTF::HashTable::lookup): Ditto.
+ (WTF::HashTable::lookupForWriting): Ditto.
+ (WTF::HashTable::checkKey): Ditto.
+ (WTF::HashTable::fullLookupForWriting): Ditto.
+ (WTF::HashTable::add): Ditto.
+ (WTF::HashTable::addPassingHashCode): Ditto.
+ (WTF::HashTable::find): Ditto.
+ (WTF::HashTable::contains): Ditto.
+
+ * wtf/ListHashSet.h:
+ (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take
+ fewer arguments, and changed its member functions to be function templates
+ instead. This allows the compiler to determine types more flexibly and
+ also simplifies use of it.
+ (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable
+ functon template.
+ (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the
+ same way we changed ListHashSetNodeHashFunctions above.
+ (WTF::ListHashSetTranslatorAdapter::equal):
+ (WTF::::contains):
+ (WTF::::add):
+ (WTF::::insertBefore):
+
+ * wtf/RefPtrHashMap.h: Updated comments. Removed the
+ RefPtrHashMapRawKeyTranslator struct template; we can use the
+ HashMapTranslator struct template from HashMap.h instead now that
+ it is more flexible. Added MappedPassInType, MappedPassOutType,
+ and MappedPeekType typedefs, and used them for the arguments
+ and return types of the get, inlineGet, set, add, take, and inlineAdd
+ functions. Changed the name of the RawKeyTranslator type to
+ Translator since it's now a class that can handle both raw keys
+ and conventional keys.
+ (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator.
+ Reduced the arguments passed to the HashTable function template.
+ (WTF::HashMap::contains): Ditto.
+ (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
+ (WTF::HashMap::set): Ditto.
+ (WTF::HashMap::add): Ditto.
+ (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
+ (WTF::HashMap::get): Ditto.
+ (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
+ that type in the implementation.
+ (WTF::deleteAllValues): Removed unneeded template arguments from
+ call to deleteAllPairSeconds.
+ (WTF::deleteAllKeys): Removed unneeded template arguments from
+ call to deleteAllPairFirsts.
+
+2011-12-02 Zoltan Herczeg <zherczeg@webkit.org>
+
+ MacroAssemblerSH4 does not implement readCallTarget
+ https://bugs.webkit.org/show_bug.cgi?id=73434
+
+ Reviewed by Csaba Osztrogonác.
+
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::readCallTarget): Support for SH4.
+
+2011-12-02 Hajime Morrita <morrita@chromium.org>
+
+ Unreviewed, rolling out r101751 and r101775.
+ http://trac.webkit.org/changeset/101751
+ http://trac.webkit.org/changeset/101775
+ https://bugs.webkit.org/show_bug.cgi?id=73191
+
+ breaks Windows build
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * config.h:
+ * runtime/JSExportMacros.h: Removed.
+ * wtf/ExportMacros.h:
+ * wtf/Platform.h:
+ * wtf/WTFThreadData.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/StringStatics.cpp:
+
+2011-12-01 Hajime Morrita <morrita@chromium.org>
+
+ JS_INLINE and WTF_INLINE should be visible from WebCore
+ https://bugs.webkit.org/show_bug.cgi?id=73191
+
+ - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
+ - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
+ - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
+
+ Reviewed by Kevin Ollivier.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * config.h:
+ * runtime/JSExportMacros.h: Added.
+ * wtf/ExportMacros.h:
+ * wtf/Platform.h:
+ * wtf/WTFThreadData.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/StringStatics.cpp:
+
+2011-12-01 Michael Saboff <msaboff@apple.com>
+
+ Changes proposed for 73457 slow down Kraken json-parse-financial
+ https://bugs.webkit.org/show_bug.cgi?id=73584
+
+ Restructured StringImpl::equal to take advantage of 8 or 4 bytes
+ at a time when possible.
+
+ This is worth ~3% on Kraken json-parse-financial. It provides
+ ~2% on SunSpider string-unpack-code.
+
+ Reviewed by Sam Weinig.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::equal):
+
+2011-12-01 Oliver Hunt <oliver@apple.com>
+
+ Support integer typed arrays in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=73608
+
+ Reviewed by Filip Pizlo.
+
+ Add support for all the integral typed arrays in the DFG JIT.
+ Currently this loads the contents of Uint32 arrays as doubles,
+ which is clearly not as efficient as it could be, but this is
+ still in the order of 10-20x faster than the existing behaviour.
+
+ This needed us to add support for writing 16bit values to the
+ macroassembler, and also to support double<->unsigned conversion.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::strh):
+ (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::store16):
+ (JSC::MacroAssemblerARMv7::truncateDoubleToUint32):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store16):
+ (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movw_rm):
+ (JSC::X86Assembler::cvttsd2siq_rr):
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC::isInt8ArrayPrediction):
+ (JSC::isInt16ArrayPrediction):
+ (JSC::isInt32ArrayPrediction):
+ (JSC::isUint8ArrayPrediction):
+ (JSC::isUint16ArrayPrediction):
+ (JSC::isUint32ArrayPrediction):
+ (JSC::isFloat32ArrayPrediction):
+ (JSC::isFloat64ArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInt8Array):
+ (JSC::DFG::Node::shouldSpeculateInt16Array):
+ (JSC::DFG::Node::shouldSpeculateInt32Array):
+ (JSC::DFG::Node::shouldSpeculateUint8Array):
+ (JSC::DFG::Node::shouldSpeculateUint16Array):
+ (JSC::DFG::Node::shouldSpeculateUint32Array):
+ (JSC::DFG::Node::shouldSpeculateFloat32Array):
+ (JSC::DFG::Node::shouldSpeculateFloat64Array):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSGlobalData.h:
+
+2011-12-01 Benjamin Poulain <benjamin@webkit.org>
+
+ URLs are encoded in UTF-8, then decoded as if they are Latin1
+ https://bugs.webkit.org/show_bug.cgi?id=71758
+
+ Reviewed by Darin Adler.
+
+ Add the operator == between a String and a Vector of char. The implementation
+ is the same as the comparison of String and char* but adds the length as a
+ parameter for comparing the strings.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.h:
+ (WTF::equal):
+ * wtf/text/WTFString.h:
+ (WTF::operator==):
+ (WTF::operator!=):
+
+2011-12-01 Martin Robinson <mrobinson@igalia.com>
+
+ [GTK] Read fonts from the jhbuild root
+ https://bugs.webkit.org/show_bug.cgi?id=73487
+
+ Reviewed by Gustavo Noronha Silva.
+
+ Read fonts from the jhbuild root instead of from the system. This will ensure
+ that all testers use the same fonts instead of leaving this up to luck.
+
+ * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner.
+
+2011-12-01 Martin Robinson <mrobinson@igalia.com>
+
+ [GTK] Add a helper function to find the current executable's path
+ https://bugs.webkit.org/show_bug.cgi?id=73473
+
+ Reviewed by Gustavo Noronha Silva.
+
+ Add a WTF helper which gets the binary path. This is currently only used
+ in WebKit2.
+
+ * GNUmakefile.list.am: Add the new file to the source list.
+ * wtf/gobject/GlibUtilities.cpp: Added.
+ (getCurrentExecutablePath):
+ * wtf/gobject/GlibUtilities.h: Added.
+
+2011-12-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r101691.
+ http://trac.webkit.org/changeset/101691
+ https://bugs.webkit.org/show_bug.cgi?id=73588
+
+ Tests fail on Chromium bots, early warning system warned
+ committer, please adjust test_expectations in patch (Requested
+ by scheib on #webkit).
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.h:
+
+2011-12-01 Filip Pizlo <fpizlo@apple.com>
+
+ ARMv7 only allows for one-shot patching of compact offsets, while the
+ JIT expects to be able to repatch
+ https://bugs.webkit.org/show_bug.cgi?id=73548
+
+ Reviewed by Oliver Hunt.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::setUInt7ForLoad):
+
+2011-11-30 Benjamin Poulain <benjamin@webkit.org>
+
+ URLs are encoded in UTF-8, then decoded as if they are Latin1
+ https://bugs.webkit.org/show_bug.cgi?id=71758
+
+ Reviewed by Darin Adler.
+
+ Add the operator == between a String and a Vector of char. The implementation
+ is the same as the comparison of String and char* but adds the length as a
+ parameter for comparing the strings.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.h:
+ (WTF::equal):
+ * wtf/text/WTFString.h:
+ (WTF::operator==):
+ (WTF::operator!=):
+
+2011-11-30 Dmitry Lomov <dslomov@google.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=73503
+ [Chromium][V8] Implement ArrayBuffer transfer in chromium.
+ Portions of this patch come from Luke Zarko.
+
+ Reviewed by David Levin.
+
+ * wtf/ArrayBuffer.cpp:
+ (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr.
+ * wtf/ArrayBuffer.h:
+ (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr.
+ (WTF::ArrayBuffer::isNeutered):
+ * wtf/TypedArrayBase.h:
+ (WTF::TypedArrayBase::neuter):
+
+2011-12-01 Chao-ying Fu <fu@mips.com>
+
+ MacroAssemblerMIPS does not implement readCallTarget
+ https://bugs.webkit.org/show_bug.cgi?id=73432
+
+ Reviewed by Zoltan Herczeg.
+
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::readCallTarget):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::readCallTarget):
+
+2011-12-01 Noel Gordon <noel.gordon@gmail.com>
+
+ [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects
+ https://bugs.webkit.org/show_bug.cgi?id=73527
+
+ Reviewed by Simon Hausmann.
+
+ wtf/qt/ThreadingQt.cpp was removed in r101477
+
+ * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp
+
+2011-12-01 Filip Pizlo <fpizlo@apple.com>
+
+ BitVector isInline check could fail
+ https://bugs.webkit.org/show_bug.cgi?id=70691
+
+ Reviewed by Gavin Barraclough.
+
+ Switch back to using the high bit as the inline marker, to make
+ all of the bit indexing operations simpler. Computing the size in
+ words and in bytes of a bitvector, using the number of bits as
+ input is error-prone enough; and with the current approach to
+ solving the X86 bug we end up getting it wrong. Making it right
+ seems hard.
+
+ So instead, to solve the original problem (the high bit may be
+ meaningful on 32-bit systems), the out-of-line storage pointer is
+ right-shifted by 1. Compared to the original BitVector code, this
+ is a much smaller change (just three lines).
+
+ This solves a bug where the DFG was corrupting its call frame
+ because BitVector lost track of some bits.
+
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::setSlow):
+ (WTF::BitVector::resizeOutOfLine):
+ * wtf/BitVector.h:
+ (WTF::BitVector::quickGet):
+ (WTF::BitVector::quickSet):
+ (WTF::BitVector::quickClear):
+ (WTF::BitVector::makeInlineBits):
+ (WTF::BitVector::isInline):
+ (WTF::BitVector::outOfLineBits):
+
+2011-11-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should make it easier to notice node boundaries in disassembly
+ https://bugs.webkit.org/show_bug.cgi?id=73509
+
+ Rubber-stamped by Gavin Barraclough
+
+ If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will
+ be emitted at node boundaries, where the immediate being xor'd is the
+ node index.
+
+ * dfg/DFGCommon.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-30 Geoffrey Garen <ggaren@apple.com>
+
+ Removed ArgList iterators.
+
+ Reviewed by Gavin Barraclough.
+
+ Another step toward reversing the argument order.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct): Switched from iterator to int.
+
+ * runtime/ArgList.h:
+ (JSC::ArgList::ArgList):
+ (JSC::ArgList::isEmpty): Removed iterators.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation): Switched from iterator to int.
+
+2011-11-30 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ 32 bit DFG should handle logicalNot slow case instead of simply bailing out
+ https://bugs.webkit.org/show_bug.cgi?id=73515
+
+ Reviewed by Filip Pizlo.
+
+ This improves Kraken performance by 14%, mainly due to ~3X improvement
+ on imaging-desaturate.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+
+2011-11-30 Max Vujovic <mvujovic@adobe.com>
+
+ Some date values not handled consistently with IE/Firefox
+ https://bugs.webkit.org/show_bug.cgi?id=14176
+
+ Reviewed by Gavin Barraclough.
+
+ Changed time zone offset parsing behavior to match IE/Firefox/Opera's in
+ implementation dependent cases like "GMT-4".
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters):
+
+2011-11-30 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback
+ https://bugs.webkit.org/show_bug.cgi?id=73368
+
+ Reviewed by Darin Adler.
+
+ We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever
+ happens to be in the first class of the chain, which potentially could be null.
+
+ <rdar://problem/10493218>
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::toStringCallback):
+ (JSC::JSCallbackFunction::valueOfCallback):
+
+2011-11-29 Sam Weinig <sam@webkit.org>
+
+ Add adoptCF and adoptNS convenience functions to RetainPtr.h
+ https://bugs.webkit.org/show_bug.cgi?id=73399
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/RetainPtr.h:
+ (WTF::adoptCF):
+ (WTF::adoptNS):
+ These adoption functions match the pattern we use in other
+ smart pointer classes.
+
+2011-11-30 Adam Roben <aroben@apple.com>
+
+ Fix RetainPtr's move assignment operators
+
+ Fixes <http://webkit.org/b/73449> RetainPtr's move assignment operators don't modify the
+ pointer being assigned to
+
+ I didn't write a test for this because we don't have a way of unit testing C++11 code (see
+ <http://webkit.org/b/73448>).
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/RetainPtr.h:
+ (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own
+ pointer.
+
+2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed rolling out incorrect r101481.
+
+ * assembler/MIPSAssembler.h:
+ * assembler/MacroAssemblerMIPS.h:
+
+2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Fix compilation with MingW.
+
+ Reviewed by Csaba Osztrogonác.
+
+ * wtf/ThreadingWin.cpp:
+ (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for
+ the time being make the thread name setting unimplemented for MingW.
+
+2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed propective build fix for Qt/Windows part 2 after r101477.
+
+ * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific<T>::Data
+
+2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed propective build fix for Qt/Windows after r101477.
+
+ * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's
+ only referenced from within another OS(WINDOWS) section.
+
+2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed speculative buildfix after r101457.
+
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::readCallTarget):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::readCallTarget):
+
+2011-11-30 Andrew Wason <rectalogic@rectalogic.com>
+
+ Replace Qt QThread threading back-end with pthread/Win32 threading back-ends
+ https://bugs.webkit.org/show_bug.cgi?id=72155
+
+ Reviewed by Simon Hausmann.
+
+ Use ThreadingPthreads and ThreadingWin instead of ThreadingQt.
+
+ * heap/MachineStackMarker.cpp:
+ * wtf/MainThread.cpp:
+ (WTF::initializeMainThread):
+ * wtf/Platform.h:
+ * wtf/ThreadSpecific.h: Drop QThreadStorage related code.
+ (WTF::::destroy):
+ * wtf/ThreadingPrimitives.h:
+ * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread().
+ (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread.
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+ * wtf/qt/ThreadingQt.cpp: Removed.
+ * wtf/wtf.pro:
+
+2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
+
+ MacroAssemblerARM does not implement readCallTarget
+ https://bugs.webkit.org/show_bug.cgi?id=73413
+
+ Based on Filip Pizlo's patch.
+
+ Buildfix. Rubber-stamped by Gabor Loki.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::readCallTarget):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::readCallTarget):
+
+2011-11-29 Filip Pizlo <fpizlo@apple.com>
+
+ Resetting a put_by_id inline cache should preserve the "isDirect" bit
+ https://bugs.webkit.org/show_bug.cgi?id=73375
+
+ Reviewed by Gavin Barraclough.
+
+ For the replace case, we can find out if it was direct by looking at the
+ slow call. For the transition case, we explicitly remember if it was
+ direct.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::printStructureStubInfo):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::visitWeakReferences):
+ * bytecode/StructureStubInfo.h:
+ (JSC::isPutByIdAccess):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::resetPatchPutById):
+ (JSC::JIT::isDirectPutById):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::resetPatchPutById):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+
+2011-11-29 Sam Weinig <sam@webkit.org>
+
+ Remove RetainPtr::releaseRef
+ https://bugs.webkit.org/show_bug.cgi?id=73396
+
+ Reviewed by Dan Bernstein.
+
+ * wtf/RetainPtr.h:
+ Be gone releaseRef! Long live leakRef!
+
+2011-11-29 Sam Weinig <sam@webkit.org>
+
+ Add move semantics to RetainPtr
+ https://bugs.webkit.org/show_bug.cgi?id=73393
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/RetainPtr.h:
+ (WTF::RetainPtr::RetainPtr):
+ Add a move constructor and move enabled assignment operators
+ to RetainPtr if the compiler being used supports rvalue
+ references. If the compiler does not support it, we fallback
+ to the copy semantics we have always had.
+
+2011-11-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG local CSE may cause incorrect reference counting for a node
+ https://bugs.webkit.org/show_bug.cgi?id=73390
+
+ Reviewed by Filip Pizlo.
+
+ When performing a node substitution, the ref count of the replaced
+ child will be increased, no matter whether the user node is skipped in
+ code generation or not. This will cause the reference count of the
+ replaced child never get the chance to become zero and so the
+ registers occupied by it cannot be reused simply without spilling, if
+ it's used by a "skipped" node.
+ This is a 1% gain on V8 benchmark, tested on IA32 Linux.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::performSubstitution):
+ (JSC::DFG::Propagator::performNodeCSE):
+
+2011-11-29 David Levin <levin@chromium.org>
+
+ Add a way to revert a variable to its previous value after leaving a scope.
+ https://bugs.webkit.org/show_bug.cgi?id=73371
+
+ Reviewed by Adam Barth.
+
+ In case anyone from Chromium sees this, it is nearly identical to AutoReset
+ but if the same name were used, it causes unnecessary ambiguity.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/TemporarilyChange.h: Added.
+ (WTF::TemporarilyChange::TemporarilyChange):
+ (WTF::TemporarilyChange::~TemporarilyChange):
+
+2011-11-29 Sam Weinig <sam@webkit.org>
+
+ Add COMPILER_SUPPORTS macro to allow for compiler feature testing
+ https://bugs.webkit.org/show_bug.cgi?id=73386
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/Compiler.h:
+ Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and
+ rvalue references for Clang.
+
+2011-11-29 Oliver Hunt <oliver@apple.com>
+
+ Allow WebCore to describe typed arrays to JSC
+ https://bugs.webkit.org/show_bug.cgi?id=73355
+
+ Reviewed by Gavin Barraclough.
+
+ Allow globaldata to track the structure of typed arrays.
+
+ * runtime/JSGlobalData.h:
+ (JSC::TypedArrayDescriptor::TypedArrayDescriptor):
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG debugCall() mechanism only works on X86 and X86-64
+ https://bugs.webkit.org/show_bug.cgi?id=73282
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::debugCall):
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-X86 ArithDiv does speculation failure after mutating state,
+ without a value recovery
+ https://bugs.webkit.org/show_bug.cgi?id=73286
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fixes for ARM.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::readCallTarget):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
+
+2011-11-20 Roland Steiner <rolandsteiner@chromium.org>
+
+ <style scoped>: add ENABLE(STYLE_SCOPED) flag to WebKit
+ https://bugs.webkit.org/show_bug.cgi?id=72848
+
+ Add ENABLE_STYLE_SCOPED flag.
+
+ Reviewed by Dimitri Glazkov.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-11-28 Jon Lee <jonlee@apple.com>
+
+ Create skeleton framework for notifications support in WK2
+ https://bugs.webkit.org/show_bug.cgi?id=73253
+ <rdar://problem/10356943>
+
+ * Configurations/FeatureDefines.xcconfig: Split out ENABLE_NOTIFICATIONS based on platform.
+
+2011-11-28 Oliver Hunt <oliver@apple.com>
+
+ Fix windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-28 Oliver Hunt <oliver@apple.com>
+
+ Fix gyp build
+
+ * JavaScriptCore.gypi:
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ GetById should not always speculate cell
+ https://bugs.webkit.org/show_bug.cgi?id=73181
+
+ Reviewed by Gavin Barraclough.
+
+ GetById will now speculate cell if the predictions of the base are cell.
+ Otherwise it will do like the old JIT (and like the old non-speculative
+ DFG JIT): if not cell, go straight to slow-path but otherwise don't OSR
+ out. This is a 1% speed-up on SunSpider.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-28 Oliver Hunt <oliver@apple.com>
+
+ Move typed array implementations into wtf
+ https://bugs.webkit.org/show_bug.cgi?id=73248
+
+ Reviewed by Sam Weinig.
+
+ Move typed array implementation files from WebCore to wtf. Inline the
+ .cpp files for each of the array views to cut down on unnecessary exports
+ and function call overhead for trivial operations.
+
+ Added files to all the project files.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/ArrayBuffer.cpp: Renamed from Source/WebCore/html/canvas/Float32Array.cpp.
+ (WTF::ArrayBuffer::transfer):
+ (WTF::ArrayBuffer::addView):
+ (WTF::ArrayBuffer::removeView):
+ * wtf/ArrayBuffer.h: Renamed from Source/WebCore/html/canvas/ArrayBuffer.cpp.
+ (WTF::ArrayBufferContents::ArrayBufferContents):
+ (WTF::ArrayBufferContents::data):
+ (WTF::ArrayBufferContents::sizeInBytes):
+ (WTF::ArrayBufferContents::transfer):
+ (WTF::ArrayBuffer::~ArrayBuffer):
+ (WTF::ArrayBuffer::clampValue):
+ (WTF::ArrayBuffer::create):
+ (WTF::ArrayBuffer::ArrayBuffer):
+ (WTF::ArrayBuffer::data):
+ (WTF::ArrayBuffer::byteLength):
+ (WTF::ArrayBuffer::slice):
+ (WTF::ArrayBuffer::sliceImpl):
+ (WTF::ArrayBuffer::clampIndex):
+ (WTF::ArrayBufferContents::tryAllocate):
+ (WTF::ArrayBufferContents::~ArrayBufferContents):
+ * wtf/ArrayBufferView.cpp: Copied from Source/WebCore/bindings/js/JSArrayBufferCustom.cpp.
+ (WTF::ArrayBufferView::ArrayBufferView):
+ (WTF::ArrayBufferView::~ArrayBufferView):
+ (WTF::ArrayBufferView::neuter):
+ * wtf/ArrayBufferView.h: Renamed from Source/WebCore/html/canvas/ArrayBufferView.h.
+ (WTF::ArrayBufferView::isByteArray):
+ (WTF::ArrayBufferView::isUnsignedByteArray):
+ (WTF::ArrayBufferView::isShortArray):
+ (WTF::ArrayBufferView::isUnsignedShortArray):
+ (WTF::ArrayBufferView::isIntArray):
+ (WTF::ArrayBufferView::isUnsignedIntArray):
+ (WTF::ArrayBufferView::isFloatArray):
+ (WTF::ArrayBufferView::isDoubleArray):
+ (WTF::ArrayBufferView::isDataView):
+ (WTF::ArrayBufferView::buffer):
+ (WTF::ArrayBufferView::baseAddress):
+ (WTF::ArrayBufferView::byteOffset):
+ (WTF::ArrayBufferView::verifySubRange):
+ (WTF::ArrayBufferView::clampOffsetAndNumElements):
+ (WTF::ArrayBufferView::setImpl):
+ (WTF::ArrayBufferView::setRangeImpl):
+ (WTF::ArrayBufferView::zeroRangeImpl):
+ (WTF::ArrayBufferView::calculateOffsetAndLength):
+ * wtf/CMakeLists.txt:
+ * wtf/Float32Array.h: Renamed from Source/WebCore/html/canvas/Float32Array.h.
+ (WTF::Float32Array::set):
+ (WTF::Float32Array::item):
+ (WTF::Float32Array::isFloatArray):
+ (WTF::Float32Array::create):
+ (WTF::Float32Array::Float32Array):
+ (WTF::Float32Array::subarray):
+ * wtf/Float64Array.h: Renamed from Source/WebCore/html/canvas/Float64Array.h.
+ (WTF::Float64Array::set):
+ (WTF::Float64Array::item):
+ (WTF::Float64Array::isDoubleArray):
+ (WTF::Float64Array::create):
+ (WTF::Float64Array::Float64Array):
+ (WTF::Float64Array::subarray):
+ * wtf/Int16Array.h: Renamed from Source/WebCore/html/canvas/Int16Array.cpp.
+ (WTF::Int16Array::set):
+ (WTF::Int16Array::isShortArray):
+ (WTF::Int16Array::create):
+ (WTF::Int16Array::Int16Array):
+ (WTF::Int16Array::subarray):
+ * wtf/Int32Array.h: Renamed from Source/WebCore/html/canvas/Int32Array.cpp.
+ (WTF::Int32Array::set):
+ (WTF::Int32Array::isIntArray):
+ (WTF::Int32Array::create):
+ (WTF::Int32Array::Int32Array):
+ (WTF::Int32Array::subarray):
+ * wtf/Int8Array.h: Renamed from Source/WebCore/html/canvas/Int8Array.cpp.
+ (WTF::Int8Array::set):
+ (WTF::Int8Array::isByteArray):
+ (WTF::Int8Array::create):
+ (WTF::Int8Array::Int8Array):
+ (WTF::Int8Array::subarray):
+ * wtf/IntegralTypedArrayBase.h: Renamed from Source/WebCore/html/canvas/IntegralTypedArrayBase.h.
+ (WTF::IntegralTypedArrayBase::set):
+ (WTF::IntegralTypedArrayBase::item):
+ (WTF::IntegralTypedArrayBase::IntegralTypedArrayBase):
+ * wtf/TypedArrayBase.h: Renamed from Source/WebCore/html/canvas/TypedArrayBase.h.
+ (WTF::TypedArrayBase::data):
+ (WTF::TypedArrayBase::set):
+ (WTF::TypedArrayBase::setRange):
+ (WTF::TypedArrayBase::zeroRange):
+ (WTF::TypedArrayBase::length):
+ (WTF::TypedArrayBase::byteLength):
+ (WTF::TypedArrayBase::TypedArrayBase):
+ (WTF::TypedArrayBase::create):
+ (WTF::TypedArrayBase::subarrayImpl):
+ * wtf/Uint16Array.h: Renamed from Source/WebCore/html/canvas/Uint16Array.cpp.
+ (WTF::Uint16Array::set):
+ (WTF::Uint16Array::isUnsignedShortArray):
+ (WTF::Uint16Array::create):
+ (WTF::Uint16Array::Uint16Array):
+ (WTF::Uint16Array::subarray):
+ * wtf/Uint32Array.h: Renamed from Source/WebCore/html/canvas/Uint32Array.cpp.
+ (WTF::Uint32Array::set):
+ (WTF::Uint32Array::isUnsignedIntArray):
+ (WTF::Uint32Array::create):
+ (WTF::Uint32Array::Uint32Array):
+ (WTF::Uint32Array::subarray):
+ * wtf/Uint8Array.h: Renamed from Source/WebCore/html/canvas/Uint8Array.h.
+ (WTF::Uint8Array::set):
+ (WTF::Uint8Array::isUnsignedByteArray):
+ (WTF::Uint8Array::create):
+ (WTF::Uint8Array::Uint8Array):
+ (WTF::Uint8Array::subarray):
+ * wtf/wtf.pro:
+
+2011-11-27 Filip Pizlo <fpizlo@apple.com>
+
+ Don't try to optimize huge code blocks
+ https://bugs.webkit.org/show_bug.cgi?id=73187
+
+ Reviewed by Oliver Hunt.
+
+ This unifies the heuristics used for deciding if a code block is too big
+ to optimize, and sets this heuristic to 1000, which is intuitively better
+ than numeric_limits<unsigned>::max(). It also results in what looks like
+ a speed-up on both SunSpider and V8 (in Tools/Scripts/bencher).
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightCompileEval):
+ (JSC::DFG::mightCompileProgram):
+ (JSC::DFG::mightCompileFunctionForCall):
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ Either remove the GetMethod node from the DFG backend, or find a use for it
+ https://bugs.webkit.org/show_bug.cgi?id=73178
+
+ Reviewed by Gavin Barraclough.
+
+ More testing seemed to imply that the GetMethod code was indeed not profitable
+ in any major test. So, it's probably best to just remove it.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::MethodCallLinkInfo::reset):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGRepatch.cpp:
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-28 Michael Saboff <msaboff@apple.com>
+
+ Change set 101187 from bug 73154 removed already lower case optimization
+ https://bugs.webkit.org/show_bug.cgi?id=73174
+
+ Added back the "string is already lower case" optimization.
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncToLowerCase):
+
+2011-11-28 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed prospective build fix. Touch the file to trigger correct
+ rebuild on the Qt mips/sh4/sl bot.
+
+ * wtf/unicode/qt4/UnicodeQt4.h:
+
+2011-11-28 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Remove cruft from project file
+
+ Reviewed by Simon Hausmann.
+
+ * Target.pri:
+
+2011-11-28 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] WTF should be built as separate static library
+ https://bugs.webkit.org/show_bug.cgi?id=73201
+
+ Reviewed by Tor Arne Vestbø.
+
+ * Target.pri: Don't claim to build WTF, as that would cause
+ the debug-with-shlibs build to not link in wtf.
+ * jsc.pro: Require wtf.
+ * wtf/wtf.pri: Removed.
+ * wtf/wtf.pro: Added. Pro file to build wtf statically.
+
+2011-11-28 Martin Robinson <mrobinson@igalia.com>
+
+ [GTK] JavaScriptCore generated sources should build in the DerivedSources directory
+ https://bugs.webkit.org/show_bug.cgi?id=73197
+
+ Reviewed by Philippe Normand.
+
+ Build all JavaScriptCore generated sources in DerivedSources.
+
+ * GNUmakefile.am: Update generation rules.
+ * GNUmakefile.list.am: Update source lists.
+
+2011-11-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not emit GetMethod node
+ https://bugs.webkit.org/show_bug.cgi?id=73175
+
+ Reviewed by Gavin Barraclough.
+
+ Replaces all instances of the GetMethod node with GetById. This appears to
+ be a slight win on V8. This patch leaves GetMethod support in the code-base,
+ making this decision easy to reverse, for now.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
+2011-11-26 Hajime Morrita <morrita@chromium.org>
+
+ Needs WTF_INLINE and JS_INLINE
+ https://bugs.webkit.org/show_bug.cgi?id=72853
+
+ Reviewed by Kevin Ollivier.
+
+ Added WTF_HIDDEN, WTF_INLINE and JS_INLINE which
+ indirect __attribute__((visibility("hidden"))
+
+ * config.h:
+ * wtf/ExportMacros.h:
+
+2011-11-25 Michael Saboff <msaboff@apple.com>
+
+ String.prototype.toLower should be optimized for 8 bit strings
+ https://bugs.webkit.org/show_bug.cgi?id=73154
+
+ Changed stringProtoFuncToLowerCase to use StringImpl::lower() which has
+ been optimized for 8 bit strings.
+
+ This is worth ~7% to sunspider string.tagcloud.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncToLowerCase):
+
+2011-11-25 Michael Saboff <msaboff@apple.com>
+
+ Array.toString always uses StringImpl::characters()
+ https://bugs.webkit.org/show_bug.cgi?id=72969
+
+ If all component strings are 8 bit, create an 8 bit result string for toString().
+
+ This appears to be performance neutral to sunspider and v8.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+
+2011-11-24 Michael Saboff <msaboff@apple.com>
+
+ UString methods are not character size aware
+ https://bugs.webkit.org/show_bug.cgi?id=72975
+
+ Changed the UString number constructors to build 8 bit strings.
+ Modified the other methods to check string bitness and process
+ with 8 bits wherre appropriate.
+
+ * runtime/UString.cpp:
+ (JSC::UString::number):
+ (JSC::operator==):
+ (JSC::operator<):
+ (JSC::UString::ascii):
+
+2011-11-24 Michael Saboff <msaboff@apple.com>
+
+ JavaScript string to number conversion functions use characters()
+ https://bugs.webkit.org/show_bug.cgi?id=72974
+
+ Change the various JS to number routines to process strings
+ using characters8() or characters16() as appropriate.
+ Implemented using static template methods.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::isInfinity):
+ (JSC::jsHexIntegerLiteral):
+ (JSC::jsStrDecimalLiteral):
+ (JSC::toDouble):
+ (JSC::jsToNumber):
+
+2011-11-24 Michael Saboff <msaboff@apple.com>
+
+ Empty JSStrings are created as 16 bit
+ https://bugs.webkit.org/show_bug.cgi?id=72968
+
+ Clear m_is8Bit flag for empty strings.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::finishCreation):
+
+2011-11-24 Michael Saboff <msaboff@apple.com>
+
+ Tune JSStringBuilder for 8 bit Strings
+ https://bugs.webkit.org/show_bug.cgi?id=72683
+
+ Changed JSStringBuilder to use 8 bit buffers until 16 bit data is added.
+ When 16 bit data is to be added, the 8 bit buffer is converted to 16 bit
+ and building continues with a 16 bit buffer.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/JSStringBuilder.h:
+ (JSC::JSStringBuilder::JSStringBuilder):
+ (JSC::JSStringBuilder::append):
+ (JSC::JSStringBuilder::upConvert):
+ (JSC::JSStringBuilder::build):
+ * runtime/UString.h:
+ (JSC::UString::adopt):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::adopt):
+
+2011-11-24 Zeno Albisser <zeno@webkit.org>
+
+ [Qt]WK2][Mac] Use Mac port's IPC implementation instead of Unix sockets
+ https://bugs.webkit.org/show_bug.cgi?id=72495
+
+ Update defines to not use Unix Domain Sockets for platform Qt on Mac.
+ This enables Qt to reuse existing code for mach ports and Grand
+ Central Dispatch based IPC.
+
+ Reviewed by Simon Hausmann.
+
+ * wtf/Platform.h:
+
+2011-11-24 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] REGRESSION(r101131): WTF::scheduleDispatchFunctionsOnMainThread() doesn't work reliably
+
+ Reviewed by Andreas Kling.
+
+ We must make sure that the MainThreadInvoker object lives in the gui thread. There are a few
+ ways of doing that and this fix seems like the least intrusive one by simply pushing the
+ invoker to the gui thread if it's not there already.
+
+ * wtf/qt/MainThreadQt.cpp:
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+
+2011-11-24 Patrick Gansterer <paroga@webkit.org>
+
+ [Qt] Use QEvent for dispatchFunctionsFromMainThread()
+ https://bugs.webkit.org/show_bug.cgi?id=72704
+
+ Reviewed by Simon Hausmann.
+
+ Replace QMetaObject::invokeMethod with QCoreApplication::postEvent.
+ This is the same as what invokeMethod does internally, but reduces
+ the dependency on some internal QThread stuff.
+
+ * wtf/qt/MainThreadQt.cpp:
+ (WTF::MainThreadInvoker::MainThreadInvoker):
+ (WTF::MainThreadInvoker::event):
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+
+2011-11-23 George Staikos <staikos@webkit.org>
+
+ Remove BlackBerry OS support from RandomNumberSeed, making QNX=UNIX.
+ https://bugs.webkit.org/show_bug.cgi?id=73028
+
+ Reviewed by Daniel Bates.
+
+ * wtf/RandomNumberSeed.h:
+ (WTF::initializeRandomNumberGenerator):
+
+2011-11-23 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Add flags/precision arguments to String::number(double) to allow fine-grained control over the result string
+ https://bugs.webkit.org/show_bug.cgi?id=72793
+
+ Reviewed by Zoltan Herczeg.
+
+ This new code will be used in follow-up patches to replace the String::format("%.2f") usage in
+ platform/text/TextStream.cpp, and String::format("%.6lg") usage in svg/SVGPathStringBuilder.cpp.
+
+ The String::number(double) currently calls String::format("%.6lg") in trunk. In order to replace
+ this by a variant that properly rounds to six significant figures, JSC code could be refactored.
+ JSCs Number.toPrecision/toFixed uses wtf/dtoa/double-conversion which provides all features we need,
+ except truncating trailing zeros, needed to mimic the "g" format, which is either f or e but with
+ trailing zeros removed, producing shorter results. Changed the default signature to:
+
+ "static String number(double, unsigned = ShouldRoundSignificantFigures | ShouldTruncateTrailingZeros, unsigned precision = 6);".
+
+ In WebCore we can now replace String::format() calls like this:
+ String::format("%.2f", f) -> String::number(f, ShouldRoundDecimalPlaces, 2)
+ String::format("%.6lg", f) -> String::number(f)
+
+ The default parameters for precison & flags exactly match the format of the string produced now, except that the result
+ is rounded according to the rounding mode / formatting mode and precision. This paves the way towards reliable results
+ in the d="" attribute dumps of SVG paths across platforms. The dtoa rounding code enforces a unique zero, resolving
+ all 0.0 vs. -0.0 issues currently seen on Windows, and some Gtk/Qt bots.
+
+ This patch needs a rebaseline of svg/dom/length-list-parser.html as we don't perfecly mimic the String::format() "lg" mode
+ result for exponentials, we used to return eg. "e-7" and now return "e-07" - the trailing zero truncation hasn't been
+ implemented for exponentials, as this really affects only this test and thus wasn't worth the trouble - in contrary the
+ trailing zero truncation is needed for thousands of other results in "f" notation, and thus needed to match the DRT results.
+
+ Here's a performance comparision using a JSC release build and some arbitary numbers:
+ Converting 123.456 using old approach took 95.527100ms. avg 0.000955ms/call.
+ Converting 123.456 using new approach took 28.126953ms. avg 0.000281ms/call.
+
+ Converting 123 using old approach took 85.411133ms. avg 0.000854ms/call.
+ Converting 123 using new approach took 24.190186ms. avg 0.000242ms/call.
+
+ Converting 0.1 using old approach took 92.622803ms. avg 0.000926ms/call.
+ Converting 0.1 using new approach took 23.317871ms. avg 0.000233ms/call.
+
+ Converting 1/i using old approach took 106.893066ms. avg 0.001069ms/call.
+ Converting 1/i using new approach took 27.164062ms. avg 0.000272ms/call.
+
+ For all numbers I've tested in RoundingSignificantFigures mode and 6 digit precision the speedup was at least 250%.
+
+ * JavaScriptCore.exp: Change String::number(double) signature.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Ditto.
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToFixed): Refactor this into numberToFixedPrecisionString(), move to wtf/dtoa.cpp.
+ (JSC::numberProtoFuncToPrecision): Ditto, refactor this into numberToFixedWidthString.
+ * wtf/dtoa.cpp: Moved fixedWidth/Precision helpers into dtoa, extend numberToFixedPrecisionString(). Add a mode which allows to truncate trailing zeros/decimal point.
+ to make it possible to use them to generate strings that match the output from String::format("%6.lg"), while using our dtoas rounding facilities.
+ * wtf/dtoa.h:
+ * wtf/dtoa/utils.h: Expose new helper method, which allows us to truncate the result, before generating the output const char*.
+ (WTF::double_conversion::StringBuilder::SetPosition):
+ * wtf/text/WTFString.cpp:
+ (WTF::String::number): Remove String::format("%6.lg") usage! Switch to rounding to six significant figures, while matching the output of String::format.
+ * wtf/text/WTFString.h:
+
+2011-11-23 Hajime Morrita <morrita@chromium.org>
+
+ WTF::String has extra WTF_EXPORT_PRIVATE
+ https://bugs.webkit.org/show_bug.cgi?id=72858
+
+ Reviewed by Kevin Ollivier.
+
+ * wtf/text/WTFString.h:
+ (WTF::String::String):
+
+2011-11-23 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [CMake] Move the top-level logic to the top-level directory.
+ https://bugs.webkit.org/show_bug.cgi?id=72685
+
+ Reviewed by Brent Fulgham.
+
+ * CMakeLists.txt: Point to the right Source/ directory.
+ * wtf/CMakeLists.txt: Ditto.
+
+2011-11-22 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Strength reduction for Mul and Mod operations for known constants in DFG
+ https://bugs.webkit.org/show_bug.cgi?id=72878
+
+ Reviewed by Filip Pizlo.
+
+ Also the code should be commonly shared by both 32_64 and 64.
+
+ * dfg/DFGNode.h:
+ (JSC::DFG::nodeMayOverflow):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::fmodAsDFGOperation):
+ (JSC::DFG::SpeculativeJIT::compileInstanceOf):
+ (JSC::DFG::isPowerOfTwo):
+ (JSC::DFG::logTwo):
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ (JSC::DFG::SpeculativeJIT::compileArithMul):
+ (JSC::DFG::SpeculativeJIT::compileArithMod):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-22 Daniel Bates <dbates@rim.com>
+
+ Add WTF infrastructure for the BlackBerry port
+ https://bugs.webkit.org/show_bug.cgi?id=72970
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/Assertions.cpp: Added BlackBerry-specific logging directive.
+ * wtf/MathExtras.h:
+ (abs): Added; stdlib doesn't contain abs() on QNX.
+ * wtf/Platform.h: Define WTF_PLATFORM_BLACKBERRY and enable some platform features.
+ * wtf/RandomNumberSeed.h:
+ (WTF::initializeRandomNumberGenerator): For the BlackBerry port, we initialize
+ the bad pseudo random number generator using time(3) before initializing the
+ Mersenne Twister random number generator.
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::createThreadInternal): Added.
+ * wtf/blackberry: Added.
+ * wtf/blackberry/MainThreadBlackBerry.cpp: Added.
+ (WTF::initializeMainThreadPlatform):
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+ * wtf/text/WTFString.h: Added constructor and conversion operator for
+ BlackBerry WebString string object.
+
+2011-11-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r100988.
+ http://trac.webkit.org/changeset/100988
+ https://bugs.webkit.org/show_bug.cgi?id=72941
+
+ "Broke pixel tests on Chromium-Linux" (Requested by kbalazs on
+ #webkit).
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ * wtf/ParallelJobsGeneric.h:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ * wtf/Platform.h:
+
+2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
+
+ Enable ParallelJobs by default
+ https://bugs.webkit.org/show_bug.cgi?id=70032
+
+ Reviewed by Zoltan Herczeg.
+
+ According to measurements on Mac and Linux it is a
+ considerable speedup for SVG on multicore.
+
+ Remove the ENABLE(PARALLEL_JOBS) guard.
+ Fix build on Windows and Chromium.
+
+ * JavaScriptCore.gypi: Add the files to the build. It was
+ missing for the gyp build system.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Export symbols.
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ Deinline these to avoid exporting a lot of symbols.
+ These are non-trivial and called only once on a given object
+ so it doesn't seems to be worthwile to inline them.
+ Additionally fix a signed-unsigned comparison in the constructor.
+ * wtf/ParallelJobsGeneric.h:
+ * wtf/Platform.h:
+
+2011-11-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should have richer debug output for CFA and phi processing
+ https://bugs.webkit.org/show_bug.cgi?id=72922
+
+ Reviewed by Gavin Barraclough.
+
+ In the default verbose mode, we now print information about variable
+ state at the bottom of basic blocks in addition to the top, and we
+ also print local variable linking. In the verbose propagation mode,
+ the state of phi processing is dumped more richly and CFA merging (the
+ most subtle part of CFA) is traced as well.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::StructureAbstractValue::dump):
+ (JSC::DFG::AbstractValue::dump):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCommon.h:
+ (JSC::DFG::NodeIndexTraits::dump):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::dumpChildren):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOperands.h:
+ (JSC::DFG::OperandValueTraits::dump):
+ (JSC::DFG::dumpOperands):
+
+2011-11-21 Filip Pizlo <fpizlo@apple.com>
+
+ Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
+ https://bugs.webkit.org/show_bug.cgi?id=71505
+
+ Reviewed by Gavin Barraclough.
+
+ It turns out that we were corrupting phi nodes in case of overflow. The bug is
+ really obvious, but producing a test case that causes the badness is hard. Even
+ when the phi nodes do get corrupt, there's more that has to happen before it
+ causes incorrect execution - and I wasn't able to reproduce in any kind of
+ sensible reduced case.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+
+2011-11-21 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Speed up debug builds.
+ https://bugs.webkit.org/show_bug.cgi?id=72882
+
+ Reviewed by Tor Arne Vestbø.
+
+ * Target.pri: Make BUILDING_JavaScriptCore available earlier, so it can be
+ used by the build system.
+
+2011-11-21 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r100913.
+ http://trac.webkit.org/changeset/100913
+ https://bugs.webkit.org/show_bug.cgi?id=72885
+
+ "Break Windows build" (Requested by kbalazs on #webkit).
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ * wtf/ParallelJobsGeneric.h:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ * wtf/Platform.h:
+
+2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
+
+ Enable ParallelJobs by default
+ https://bugs.webkit.org/show_bug.cgi?id=70032
+
+ Reviewed by Zoltan Herczeg.
+
+ According to measurements on Mac and Linux it is a
+ considerable speedup for SVG on multicore.
+
+ Remove the ENABLE(PARALLEL_JOBS) guard.
+ Fix build on Windows and Chromium.
+
+ * JavaScriptCore.gypi: Add the files to the build. It was
+ missing for the gyp build system.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Export symbols.
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ Deinline these to avoid exporting a lot of symbols.
+ These are non-trivial and called only once on a given object
+ so it doesn't seems to be worthwile to inline them.
+ Additionally fix a signed-unsigned comparison in the constructor.
+ * wtf/ParallelJobsGeneric.h:
+ * wtf/Platform.h:
+
+2011-11-21 Andy Wingo <wingo@igalia.com>
+
+ Add .dir-locals.el file for better Emacs defaults
+ https://bugs.webkit.org/show_bug.cgi?id=72483
+
+ Reviewed by Xan Lopez.
+
+ * .dir-locals.el: Set appropriate directory-local variables for Emacs.
+
+2011-11-21 Filip Pizlo <fpizlo@apple.com>
+
+ Another attempt at a build fix.
+
+ * dfg/DFGRepatch.h:
+ (JSC::DFG::dfgResetGetByID):
+ (JSC::DFG::dfgResetPutByID):
+
+2011-11-20 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed interpreter build fix.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::finalizeUnconditionally):
+ * dfg/DFGRepatch.h:
+
+2011-11-20 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Improve modulo operation on 32bit platforms
+ https://bugs.webkit.org/show_bug.cgi?id=72501
+
+ Reviewed by Filip Pizlo.
+
+ Extend softModulo to support X86 and MIPS in baseline JIT.
+ Apply the same optimization to 32bit DFG JIT.
+ 1% gain on Kraken, tested on Linux Core i7 Nehalem 32bit.
+
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_mod):
+ (JSC::JIT::emitSlow_op_mod):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::softModulo):
+ * wtf/Platform.h:
+
+2011-11-18 Filip Pizlo <fpizlo@apple.com>
+
+ Inline caches that refer to otherwise dead objects should be cleared
+ https://bugs.webkit.org/show_bug.cgi?id=72311
+
+ Reviewed by Geoff Garen.
+
+ DFG code blocks now participate in the weak reference harvester fixpoint
+ so that they only consider themselves to be live if either they are
+ currently executing, or their owner is live and all of their weak references
+ are live. If not, the relevant code blocks are jettisoned.
+
+ Inline caches in both the old JIT and the DFG are now cleared if any of
+ their references are not marked at the end of a GC.
+
+ This is performance-neutral on SunSpider, V8, and Kraken. With the clear-
+ all-code-on-GC policy that we currently have, it shows a slight reduction
+ in memory usage. If we turn that policy off, it's pretty easy to come up
+ with an example program that will cause ToT to experience linear heap
+ growth, while with this patch, the heap stays small and remains at a
+ constant size.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::readCallTarget):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::readCallTarget):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::readCallTarget):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::readCallTarget):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::performTracingFixpointIteration):
+ (JSC::CodeBlock::visitWeakReferences):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC::MethodCallLinkInfo::reset):
+ (JSC::ProgramCodeBlock::jettison):
+ (JSC::EvalCodeBlock::jettison):
+ (JSC::FunctionCodeBlock::jettison):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::reoptimize):
+ (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::visitWeak):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::visitWeakReferences):
+ * bytecode/StructureStubInfo.h:
+ (JSC::isGetByIdAccess):
+ (JSC::isPutByIdAccess):
+ (JSC::StructureStubInfo::reset):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchByIdSelfAccess):
+ (JSC::DFG::dfgResetGetByID):
+ (JSC::DFG::dfgResetPutByID):
+ * dfg/DFGRepatch.h:
+ (JSC::DFG::dfgResetGetByID):
+ (JSC::DFG::dfgResetPutByID):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::resetPatchGetById):
+ (JSC::JIT::resetPatchPutById):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::resetPatchGetById):
+ (JSC::JIT::resetPatchPutById):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITWriteBarrier.h:
+ (JSC::JITWriteBarrierBase::clearToMaxUnsigned):
+
+2011-11-20 Filip Pizlo <fpizlo@apple.com>
+
+ Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
+ https://bugs.webkit.org/show_bug.cgi?id=71505
+
+ Reviewed by Oliver Hunt.
+
+ The bytecode generator was assuming that call_varargs never reuses the base register
+ (i.e. the function being called) for the result. This is no longer true.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCallVarargs):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ApplyFunctionCallDotNode::emitBytecode):
+
+2011-11-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG 32_64 should directly store double virtual registers on SetLocal
+ https://bugs.webkit.org/show_bug.cgi?id=72845
+
+ Reviewed by Oliver Hunt.
+
+ 2% win on Kraken.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-20 Noel Gordon <noel.gordon@gmail.com>
+
+ [chromium] Remove DFG::JITCodeGenerator from the gyp projects
+ https://bugs.webkit.org/show_bug.cgi?id=72842
+
+ Reviewed by Filip Pizlo.
+
+ dfg/DFGJITCodeGenerator.{h,cpp} were removed in r100244
+
+ * JavaScriptCore.gypi: remove dfg/DFGJITCodeGenerator.{h,cpp}
+
+2011-11-18 Daniel Bates <dbates@rim.com>
+
+ Add CMake build infrastructure for the BlackBerry port
+ https://bugs.webkit.org/show_bug.cgi?id=72768
+
+ Reviewed by Antonio Gomes.
+
+ * PlatformBlackBerry.cmake: Added.
+ * shell/PlatformBlackBerry.cmake: Added.
+ * wtf/PlatformBlackBerry.cmake: Added.
+
+2011-11-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT fails speculation on InstanceOf if the base is not an object
+ https://bugs.webkit.org/show_bug.cgi?id=72709
+
+ Reviewed by Geoff Garen.
+
+ InstanceOf already leverages the fact that we only allow the default
+ hasInstance implementation. So, if the base is predicted to possibly
+ be not an object and the CFA has not yet proven otherwise, InstanceOf
+ will abstain from speculating cell and instead return false if the
+ base is not a cell.
+
+ This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so
+ speed-up in earley-boyer. Neutral according to bencher on SunSpider,
+ V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9%
+ win on V8 even on my harness, due to a 12.5% win on earley-boyer.
+
+ I also took this opportunity to make the code for InstanceOf common
+ between the two JITs. This was partially successful, in that the
+ "common code" has a bunch of #if's, but overall it seems like a code
+ size reduction.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
+ (JSC::DFG::SpeculativeJIT::compileInstanceOf):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Forgot to completely de-virtualize isDynamicScope
+ https://bugs.webkit.org/show_bug.cgi?id=72763
+
+ Reviewed by Darin Adler.
+
+ * runtime/JSActivation.h: Removed virtual keyword.
+
+2011-11-18 Filip Pizlo <fpizlo@apple.com>
+
+ Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
+ https://bugs.webkit.org/show_bug.cgi?id=72292
+
+ Reviewed by Darin Adler.
+
+ Fix this for 32_64.
+
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+
+2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize ExecutableBase::intrinsic
+ https://bugs.webkit.org/show_bug.cgi?id=72548
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value.
+ * runtime/Executable.h:
+ * runtime/JSCell.h:
+ (JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo
+ rather than requiring C++ RTTI.
+
+2011-11-18 Patrick Gansterer <paroga@webkit.org>
+
+ [CMake] Remove duplicate dtoa files from CMakeLists.txt
+ https://bugs.webkit.org/show_bug.cgi?id=72711
+
+ Reviewed by Brent Fulgham.
+
+ * wtf/CMakeLists.txt:
+
+2011-11-17 Michael Saboff <msaboff@apple.com>
+
+ [Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=72602
+
+ Fixed StringImpl::foldCase by adding return in the case we need to handle
+ folding of 8 bit strings with Latin-1 characters.
+
+ Fixed case where StringImpl::replace was using a char temp instead of an
+ LChar temp.
+
+ Because of the second change, I changed other uses of char or
+ unsigned char to LChar.
+
+ Reviewed by Zoltan Herczeg.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::upper):
+ (WTF::StringImpl::foldCase):
+ (WTF::equal):
+ (WTF::equalIgnoringCase):
+ (WTF::StringImpl::replace):
+
+2011-11-17 Patrick Gansterer <paroga@webkit.org>
+
+ [CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt
+ https://bugs.webkit.org/show_bug.cgi?id=72644
+
+ Reviewed by Brent Fulgham.
+
+ All ports need to do the same determination about fast malloc. Move the CMake code from
+ platform specific files into the generic one, so that additional ports can reuse it.
+
+ * wtf/CMakeLists.txt:
+ * wtf/PlatformEfl.cmake:
+ * wtf/PlatformWinCE.cmake:
+
+2011-11-17 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add finalizer to JSActivation
+ https://bugs.webkit.org/show_bug.cgi?id=72575
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::finishCreation): Attach finalize function to objects during creation.
+ (JSC::JSActivation::finalize):
+ * runtime/JSActivation.h: Replaced virtual destructor with static finalize function.
+
+2011-11-15 Filip Pizlo <fpizlo@apple.com>
+
+ Code block jettisoning should be part of the GC's transitive closure
+ https://bugs.webkit.org/show_bug.cgi?id=72467
+
+ Reviewed by Geoff Garen.
+
+ Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all
+ DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak
+ references) and helps track what state each of those code blocks is in during
+ GC. The state consists of two flags; mayBeExecuting, which tells if the code block
+ is live from call frames; and isJettisoned, which tells if the code block is
+ not owned by any executable and thus should be deleted as soon as it is not
+ mayBeExecuting.
+
+ - Not executing, Not jettisoned: The code block may or may not be reachable from
+ any executables, but it is owned by an executable, and hence should be
+ kept alive if its executable is live and if all of its weak references are
+ live. Otherwise it should be deleted during the current GC cycle, and its
+ outgoing references should not be scanned.
+
+ - Not executing but jettisoned: The code block should be deleted as soon as
+ possible and none of its outgoing references should be scanned.
+
+ - Executing but not jettisoned: The code block should be kept alive during this
+ GC cycle, and all of its outgoing references (including the weak ones)
+ should be scanned and marked strongly. The mayBeExecuting bit will be cleared at
+ the end of the GC cycle.
+
+ - Executing and jettisoned: The code block should be kept alive during this
+ GC cycle, and all of its outgoing references (including the weak ones)
+ should be scanned and marked strongly. However, on the next GC cycle, it
+ will have its mayBeExecuting bit cleared and hence it will become a candidate
+ for immediate deletion provided it is not executing again.
+
+ This is performance-neutral.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setJITCode):
+ (JSC::CodeBlock::DFGData::DFGData):
+ (JSC::DFGCodeBlocks::mark):
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::add):
+ * heap/ConservativeRoots.h:
+ * heap/DFGCodeBlocks.cpp: Added.
+ (JSC::DFGCodeBlocks::DFGCodeBlocks):
+ (JSC::DFGCodeBlocks::~DFGCodeBlocks):
+ (JSC::DFGCodeBlocks::jettison):
+ (JSC::DFGCodeBlocks::clearMarks):
+ (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
+ (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
+ * heap/DFGCodeBlocks.h: Added.
+ * heap/Heap.cpp:
+ (JSC::Heap::jettisonDFGCodeBlock):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/JettisonedCodeBlocks.cpp: Removed.
+ * heap/JettisonedCodeBlocks.h: Removed.
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots):
+ * interpreter/RegisterFile.h:
+ * runtime/Executable.cpp:
+ (JSC::jettisonCodeBlock):
+
+2011-11-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, build fix for 32-bit.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-16 Geoffrey Garen <ggaren@apple.com>
+
+ Some CachedCall cleanup, in preparation for reversing argument order.
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter,
+ so I can test it.
+
+ * interpreter/CachedCall.h:
+ (JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because
+ we are not that desperate for character saving.
+
+ (JSC::CachedCall::setThis):
+ (JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for
+ CallFrameClosure.
+
+ * interpreter/CallFrameClosure.h:
+ (JSC::CallFrameClosure::setThis):
+ (JSC::CallFrameClosure::setArgument):
+ (JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing,
+ with an explicit setter for 'this', since that's how most clients think.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::prepareForRepeatCall):
+ * interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis,
+ for clarity.
+
+2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize ScriptExecutable::unlinkCalls
+ https://bugs.webkit.org/show_bug.cgi?id=72546
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error
+ due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which
+ didn't have complete type information on the things that needed to be destructed in the implicit destructor.
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::createStructure): Used new type value from JSType
+ (JSC::ProgramExecutable::createStructure): Ditto
+ (JSC::FunctionExecutable::createStructure): Ditto
+ (JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation.
+ * runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable. Remove explicit numbers, since
+ that just adds noise to patches and they currently have no significance.
+
+2011-11-16 Filip Pizlo <fpizlo@apple.com>
+
+ JSC::CodeBlock should know which references generated by the DFG are weak
+ https://bugs.webkit.org/show_bug.cgi?id=72563
+
+ Reviewed by Geoff Garen.
+
+ CodeBlock::m_dfgData now tracks weak references and weak reference transitions
+ (like ephemerons) generated by the DFG. The DFG makes sure to notify the
+ CodeBlock of all uses of weak references and weak reference transitions.
+ CodeBlock currently marks them strongly, since the weak marking logic is not
+ in place, yet.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::stronglyVisitWeakReferences):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::appendWeakReference):
+ (JSC::CodeBlock::shrinkWeakReferencesToFit):
+ (JSC::CodeBlock::appendWeakReferenceTransition):
+ (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit):
+ (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::codeOriginOwner):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addWeakReference):
+ (JSC::DFG::JITCompiler::addWeakReferenceTransition):
+ (JSC::DFG::JITCompiler::branchWeakPtr):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-16 Michael Saboff <msaboff@apple.com>
+
+ LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185)
+ https://bugs.webkit.org/show_bug.cgi?id=72561
+
+ Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED().
+ Simplified the code in the process.
+
+ Reviewed by James Robinson.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::CharAccess::CharAccess):
+ (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
+
+2011-11-16 Geoffrey Garen <ggaren@apple.com>
+
+ Interpreter build fixes.
+
+ * bytecode/CodeBlock.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-11-16 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r100363.
+
+ * bytecode/CodeBlock.h:
+
+2011-11-16 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled back in r100375 and r100385 with 32-bit build fixed.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArgList.cpp:
+ (JSC::ArgList::getSlice):
+ * runtime/ArgList.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::constructArray):
+
+2011-11-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG global variable CSE mishandles the cross-global-object inlining corner case
+ https://bugs.webkit.org/show_bug.cgi?id=72542
+
+ Reviewed by Geoff Garen.
+
+ Moved code to get the global object for a code origin into CodeBlock, so it is
+ more broadly accessible. Fixed CSE to compare both the variable number, and the
+ global object, before deciding to perform elimination.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::globalObjectFor):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::globalObjectFor):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::globalVarLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+
+2011-11-16 Michael Saboff <msaboff@apple.com>
+
+ Enable 8 Bit Strings in JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=71337
+
+ This patch turns on 8 bit strings in StringImpl and enables
+ their use in JavaScriptCore. Some of the changes are to
+ turn on code that had been staged (Lexer.cpp, Identifier.cpp,
+ SmallStrings.cpp and some of StringImpl.{h,cpp}).
+ Other changes are minor fixes to make 8 bit strings work
+ (UString.h, StringImpl::getData16SlowCase()).
+ Changed StringBuffer to be a templated class based on character
+ type. This change rippled into WebCore code as well.
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.exp:
+ * parser/Lexer.cpp:
+ (JSC::::append8): Changed to use 8 bit buffers.
+ (JSC::::parseIdentifier): Changed to use 8 bit buffers.
+ (JSC::::parseString): Changed to use 8 bit buffers.
+ * runtime/Identifier.cpp:
+ (JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit
+ (JSC::Identifier::toUInt32FromCharacters): Templated helper.
+ (JSC::Identifier::toUInt32): Added 8 bit optimized path.
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings
+ * runtime/UString.h:
+ (JSC::UString::characters): Now calls StringImpl::characters()
+ * wtf/Forward.h:
+ * wtf/text/StringBuffer.h: Made StringBuffer a template base on character type.
+ (WTF::StringBuffer::StringBuffer):
+ (WTF::StringBuffer::characters):
+ (WTF::StringBuffer::release):
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::create):
+ (WTF::StringImpl::getData16SlowCase): Fixed null terminated case.
+ (WTF::StringImpl::removeCharacters): Added 8 bit path.
+ (WTF::StringImpl::simplifyMatchedCharactersToSpace):
+ (WTF::StringImpl::simplifyWhiteSpace):
+ (WTF::equal): Removed bug from code copied from null terminated version.
+ (WTF::StringImpl::adopt): Added 8 bit path.
+ (WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation.
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::StringImpl): Added new 8 bit constructor.
+ (WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED().
+ (WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings.
+ (WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings.
+ * wtf/text/WTFString.h:
+ (WTF::String::adopt): Changed to use StringBuffer template.
+
+2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize ExecutableBase::clearCodeVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=72337
+
+ Reviewed by Darin Adler.
+
+ Added static finalize functions to the subclasses of ExecutableBase that provide an implementation
+ of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method,
+ and had the finalize functions call the corresponding clearCode methods.
+
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::clearCode):
+ (JSC::NativeExecutable::finalize):
+ (JSC::EvalExecutable::finalize):
+ (JSC::EvalExecutable::clearCode):
+ (JSC::ProgramExecutable::finalize):
+ (JSC::ProgramExecutable::clearCode):
+ (JSC::FunctionExecutable::discardCode):
+ (JSC::FunctionExecutable::finalize):
+ (JSC::FunctionExecutable::clearCode):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::finishCreation):
+ (JSC::NativeExecutable::create):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+
+2011-11-16 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral
+ https://bugs.webkit.org/show_bug.cgi?id=71572
+
+ Reviewed by Gavin Barraclough and Darin Adler.
+
+ * runtime/RegExpObject.cpp:
+ (JSC::regExpObjectSource):
+
+2011-11-16 Darin Adler <darin@apple.com>
+
+ Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer
+ https://bugs.webkit.org/show_bug.cgi?id=72475
+
+ Reviewed by Adam Roben.
+
+ * wtf/HashTraits.h: Specialize HashTraits for OwnPtr.
+ Do overloads so we can pass a nullptr and also be sure to get the
+ raw pointer type from the OwnPtr template so we handle both forms
+ of OwnPtr: OwnPtr<T> and OwnPtr<T*>.
+
+2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
+
+ Reviewed by Tor Arne Vestbø.
+
+ * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
+
+2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed, rolling out r100266.
+ http://trac.webkit.org/changeset/100266
+
+ Broke WTR.
+
+ * Target.pri:
+
+2011-11-16 Darin Adler <darin@apple.com>
+
+ Add a "pass type" and "peek type" concept to HashTraits
+ https://bugs.webkit.org/show_bug.cgi?id=72473
+
+ Reviewed by Filip Pizlo.
+
+ * wtf/HashTraits.h: Added the pass type and peek type.
+ For OwnPtr, the pass type will be PassOwnPtr and the peek
+ type will be a raw pointer.
+
+2011-11-16 Darin Adler <darin@apple.com>
+
+ Fix some hash traits that don't derive from the base hash traits
+ https://bugs.webkit.org/show_bug.cgi?id=72470
+
+ Reviewed by Filip Pizlo.
+
+ Hash traits structures need to derive from the base hash traits in
+ HashTraits.h, but some were not. This is needed for compatibility with
+ some additional traits we will be adding to make OwnPtr work with HashMap.
+
+ * runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from
+ HashTraits<int>. This enabled removal of all the members except for the
+ ones that control the empty value, because this is otherwise the same
+ as the standard int hash.
+
+ * runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive
+ from HashTraits<SymbolTableEntry> and removed redundant members.
+
+2011-11-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r100375 and r100385.
+ http://trac.webkit.org/changeset/100375
+ http://trac.webkit.org/changeset/100385
+ https://bugs.webkit.org/show_bug.cgi?id=72465
+
+ They broke 32 bit builds on Qt (Requested by ossy on #webkit).
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArgList.cpp:
+ (JSC::ArgList::getSlice):
+ * runtime/ArgList.h:
+ (JSC::ArgList::ArgList):
+ * runtime/JSArray.cpp:
+ * runtime/JSArray.h:
+ * runtime/JSGlobalObject.h:
+
+2011-11-15 George Staikos <staikos@webkit.org>
+
+ Remove the guard page from the addressable stack region on QNX.
+ https://bugs.webkit.org/show_bug.cgi?id=72455
+
+ Reviewed by Daniel Bates.
+
+ * wtf/StackBounds.cpp:
+ (WTF::StackBounds::initialize):
+
+2011-11-15 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings
+ https://bugs.webkit.org/show_bug.cgi?id=72323
+
+ Added 8 bit optimized paths for String and UString ascii() and utf8() methods.
+
+ Added String::characters8(), characters16() and is8Bit() helper methods.
+
+ Added an new Unicode::convertLatin1ToUTF8() method that works on
+ LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8().
+
+ Reviewed by Geoff Garen.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/UString.cpp:
+ (JSC::UString::utf8):
+ * wtf/text/WTFString.cpp:
+ (WTF::String::ascii):
+ (WTF::String::utf8):
+ * wtf/text/WTFString.h:
+ (WTF::String::characters8):
+ (WTF::String::characters16):
+ (WTF::String::is8Bit):
+ (WTF::LChar):
+ (WTF::UChar):
+ * wtf/unicode/UTF8.cpp:
+ (WTF::Unicode::convertLatin1ToUTF8):
+ * wtf/unicode/UTF8.h:
+ * wtf/unicode/Unicode.h:
+
+2011-11-15 Darin Adler <darin@apple.com>
+
+ REGRESSION (r98887): ParserArena and Keywords leaking
+ https://bugs.webkit.org/show_bug.cgi?id=72428
+
+ Reviewed by Sam Weinig.
+
+ * parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr
+ need to be able to destroy it.
+
+ * parser/Parser.cpp:
+ (JSC::Parser::Parser): Use get now that parserArena is an OwnPtr.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members.
+
+ * runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr.
+
+2011-11-15 Geoffrey Garen <ggaren@apple.com>
+
+ Removed another use of ArgList that baked in the assumption that arguments
+ are forward in the regiter file.
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of
+ working through ArgList.
+
+ * runtime/ArgList.h: Removed!
+
+2011-11-15 Geoffrey Garen <ggaren@apple.com>
+
+ Removed a use of ArgList that baked in the assumption that arguments
+ are forward in the regiter file.
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION): Use new API.
+
+ * runtime/ArgList.cpp:
+ (JSC::ArgList::getSlice): No need to provide an arbitrary constructor --
+ getSlice can do the right thing by using its rights to private data.
+
+ * runtime/ArgList.h: Removed constructor that took a forward-contiguous
+ set of arguments.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::constructArray): Added explicit support for creating an array from
+ a pre-allocated set of values, so we could stop relying on the ArgList
+ API we want to remove.
+
+2011-11-15 Filip Pizlo <fpizlo@apple.com>
+
+ Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
+ https://bugs.webkit.org/show_bug.cgi?id=72292
+
+ Reviewed by Geoff Garen.
+
+ We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling
+ an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion()
+ instead of CodeBlock::alternative().
+
+ No performance effect.
+
+ No tests because all of our heuristics work very hard to make sure that this never happens in
+ the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation)
+ is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still
+ because the whole point of jettisoning is to bring the probability of future OSR exits to as
+ close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR
+ exit after a jettison to be the first of its kind; our whole design tries to ensure that
+ CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning
+ is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR
+ compilation. So this is a truly evil case, and any test for it would be quite fragile.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::specializationKind):
+ (JSC::CodeBlock::largeFailCountThreshold):
+ (JSC::CodeBlock::largeFailCountThresholdForLoop):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
+ (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
+ (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+
+2011-11-15 Geoffrey Garen <ggaren@apple.com>
+
+ Use MarkedArgumentBuffer to avoid making assumptions about argument order
+ https://bugs.webkit.org/show_bug.cgi?id=72418
+
+ Reviewed by Sam Weinig.
+
+ A step toward reversing the argument order.
+
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ (JSC::Walker::callReviver): Don't assume that ArgList wants to point
+ at arguments in forward order. Instead, use MarkedArgumentBuffer, which
+ will make the decision for us.
+
+2011-11-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should distinguish between constants in the constant pool and weak
+ constants added as artifacts of code generation
+ https://bugs.webkit.org/show_bug.cgi?id=72367
+
+ Reviewed by Geoff Garen.
+
+ Added the notion of a WeakJSConstant, which is like a JSConstant except that
+ it can only refer to JSCell*. Currently all WeakJSConstants are also backed
+ by constants in the constant pool, since weak references originated from
+ machine code are not yet properly handled.
+
+ Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant
+ and CheckStructure. This results in improved CSE, leading to a 1% win on V8.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::prepareToParseBlock):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::getJSConstantPrediction):
+ (JSC::DFG::Graph::valueOfJSConstant):
+ (JSC::DFG::Graph::valueOfInt32Constant):
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::isWeakConstant):
+ (JSC::DFG::Node::hasConstant):
+ (JSC::DFG::Node::weakConstant):
+ (JSC::DFG::Node::valueOfJSConstant):
+ (JSC::DFG::Node::isInt32Constant):
+ (JSC::DFG::Node::isDoubleConstant):
+ (JSC::DFG::Node::isNumberConstant):
+ (JSC::DFG::Node::isBooleanConstant):
+ (JSC::DFG::Node::hasIdentifier):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-15 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 bit Strings - Initial JS String Tuning
+ https://bugs.webkit.org/show_bug.cgi?id=72326
+
+ Added 8 bit optimized paths for the methods below.
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSString.h:
+ (JSC::jsSubstring8):
+ * runtime/StringPrototype.cpp:
+ (JSC::jsSpliceSubstrings):
+ (JSC::jsSpliceSubstringsWithSeparators):
+ (JSC::stringProtoFuncReplace):
+ (JSC::stringProtoFuncCharCodeAt):
+
+2011-11-15 Gavin Barraclough <barraclough@apple.com>
+
+ Result of Error.prototype.toString not ES5 conformant
+ https://bugs.webkit.org/show_bug.cgi?id=70889
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/ErrorPrototype.cpp:
+ (JSC::errorProtoFuncToString):
+
+2011-11-15 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
+
+ Reviewed by Tor Arne Vestbø.
+
+ * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
+
+2011-11-15 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove DFGJITCompilerInlineMethods
+ https://bugs.webkit.org/show_bug.cgi?id=72366
+
+ Reviewed by Filip Pizlo.
+
+ Those methods are actually seldom used. Modify the few such places and
+ remove DFGJITCompilerInlineMethods stuffs totally.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addressOfDoubleConstant):
+ * dfg/DFGJITCompilerInlineMethods.h: Removed.
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentFillFPR):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::cachedGetMethod):
+
+2011-11-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined
+ https://bugs.webkit.org/show_bug.cgi?id=72348
+
+ Reviewed by Gavin Barraclough.
+
+ Moved all of JITCodeGenerator into SpeculativeJIT.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGJITCodeGenerator.cpp: Removed.
+ * dfg/DFGJITCodeGenerator.h: Removed.
+ * dfg/DFGJITCodeGenerator32_64.cpp: Removed.
+ * dfg/DFGJITCodeGenerator64.cpp: Removed.
+ * dfg/DFGJITCompiler.cpp:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::clearGenerationInfo):
+ (JSC::DFG::SpeculativeJIT::fillStorage):
+ (JSC::DFG::SpeculativeJIT::useChildren):
+ (JSC::DFG::SpeculativeJIT::isStrictInt32):
+ (JSC::DFG::SpeculativeJIT::isKnownInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::SpeculativeJIT::isKnownCell):
+ (JSC::DFG::SpeculativeJIT::isKnownNotCell):
+ (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
+ (JSC::DFG::SpeculativeJIT::isKnownBoolean):
+ (JSC::DFG::SpeculativeJIT::writeBarrier):
+ (JSC::DFG::SpeculativeJIT::markCellCard):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
+ (JSC::DFG::dataFormatString):
+ (JSC::DFG::SpeculativeJIT::dump):
+ (JSC::DFG::SpeculativeJIT::checkConsistency):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ (JSC::DFG::GPRTemporary::adopt):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::at):
+ (JSC::DFG::SpeculativeJIT::lock):
+ (JSC::DFG::SpeculativeJIT::unlock):
+ (JSC::DFG::SpeculativeJIT::canReuse):
+ (JSC::DFG::SpeculativeJIT::reuse):
+ (JSC::DFG::SpeculativeJIT::allocate):
+ (JSC::DFG::SpeculativeJIT::tryAllocate):
+ (JSC::DFG::SpeculativeJIT::fprAllocate):
+ (JSC::DFG::SpeculativeJIT::isFilled):
+ (JSC::DFG::SpeculativeJIT::isFilledDouble):
+ (JSC::DFG::SpeculativeJIT::use):
+ (JSC::DFG::SpeculativeJIT::selectScratchGPR):
+ (JSC::DFG::SpeculativeJIT::silentSpillGPR):
+ (JSC::DFG::SpeculativeJIT::silentSpillFPR):
+ (JSC::DFG::SpeculativeJIT::silentFillGPR):
+ (JSC::DFG::SpeculativeJIT::silentFillFPR):
+ (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
+ (JSC::DFG::SpeculativeJIT::boxDouble):
+ (JSC::DFG::SpeculativeJIT::unboxDouble):
+ (JSC::DFG::SpeculativeJIT::spill):
+ (JSC::DFG::SpeculativeJIT::isConstant):
+ (JSC::DFG::SpeculativeJIT::isJSConstant):
+ (JSC::DFG::SpeculativeJIT::isInt32Constant):
+ (JSC::DFG::SpeculativeJIT::isDoubleConstant):
+ (JSC::DFG::SpeculativeJIT::isNumberConstant):
+ (JSC::DFG::SpeculativeJIT::isBooleanConstant):
+ (JSC::DFG::SpeculativeJIT::isFunctionConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
+ (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
+ (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
+ (JSC::DFG::SpeculativeJIT::isNullConstant):
+ (JSC::DFG::SpeculativeJIT::identifier):
+ (JSC::DFG::SpeculativeJIT::flushRegisters):
+ (JSC::DFG::SpeculativeJIT::isFlushed):
+ (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr):
+ (JSC::DFG::SpeculativeJIT::bitOp):
+ (JSC::DFG::SpeculativeJIT::shiftOp):
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::addressOfCallData):
+ (JSC::DFG::SpeculativeJIT::tagOfCallData):
+ (JSC::DFG::SpeculativeJIT::payloadOfCallData):
+ (JSC::DFG::SpeculativeJIT::integerResult):
+ (JSC::DFG::SpeculativeJIT::noResult):
+ (JSC::DFG::SpeculativeJIT::cellResult):
+ (JSC::DFG::SpeculativeJIT::booleanResult):
+ (JSC::DFG::SpeculativeJIT::jsValueResult):
+ (JSC::DFG::SpeculativeJIT::storageResult):
+ (JSC::DFG::SpeculativeJIT::doubleResult):
+ (JSC::DFG::SpeculativeJIT::initConstantInfo):
+ (JSC::DFG::SpeculativeJIT::resetCallArguments):
+ (JSC::DFG::SpeculativeJIT::addCallArgument):
+ (JSC::DFG::SpeculativeJIT::setupArguments):
+ (JSC::DFG::SpeculativeJIT::setupArgumentsExecState):
+ (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
+ (JSC::DFG::SpeculativeJIT::setupTwoStubArgs):
+ (JSC::DFG::SpeculativeJIT::setupStubArguments):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
+ (JSC::DFG::SpeculativeJIT::setupResults):
+ (JSC::DFG::SpeculativeJIT::appendCallSetResult):
+ (JSC::DFG::SpeculativeJIT::addBranch):
+ (JSC::DFG::SpeculativeJIT::linkBranches):
+ (JSC::DFG::SpeculativeJIT::block):
+ (JSC::DFG::SpeculativeJIT::checkConsistency):
+ (JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord):
+ (JSC::DFG::IntegerOperand::IntegerOperand):
+ (JSC::DFG::IntegerOperand::~IntegerOperand):
+ (JSC::DFG::IntegerOperand::index):
+ (JSC::DFG::IntegerOperand::format):
+ (JSC::DFG::IntegerOperand::gpr):
+ (JSC::DFG::IntegerOperand::use):
+ (JSC::DFG::DoubleOperand::DoubleOperand):
+ (JSC::DFG::DoubleOperand::~DoubleOperand):
+ (JSC::DFG::DoubleOperand::index):
+ (JSC::DFG::DoubleOperand::fpr):
+ (JSC::DFG::DoubleOperand::use):
+ (JSC::DFG::JSValueOperand::JSValueOperand):
+ (JSC::DFG::JSValueOperand::~JSValueOperand):
+ (JSC::DFG::JSValueOperand::index):
+ (JSC::DFG::JSValueOperand::gpr):
+ (JSC::DFG::JSValueOperand::jsValueRegs):
+ (JSC::DFG::JSValueOperand::isDouble):
+ (JSC::DFG::JSValueOperand::fill):
+ (JSC::DFG::JSValueOperand::tagGPR):
+ (JSC::DFG::JSValueOperand::payloadGPR):
+ (JSC::DFG::JSValueOperand::fpr):
+ (JSC::DFG::JSValueOperand::use):
+ (JSC::DFG::StorageOperand::StorageOperand):
+ (JSC::DFG::StorageOperand::~StorageOperand):
+ (JSC::DFG::StorageOperand::index):
+ (JSC::DFG::StorageOperand::gpr):
+ (JSC::DFG::StorageOperand::use):
+ (JSC::DFG::GPRTemporary::~GPRTemporary):
+ (JSC::DFG::GPRTemporary::gpr):
+ (JSC::DFG::FPRTemporary::~FPRTemporary):
+ (JSC::DFG::FPRTemporary::fpr):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ (JSC::DFG::GPRResult::GPRResult):
+ (JSC::DFG::GPRResult2::GPRResult2):
+ (JSC::DFG::FPRResult::FPRResult):
+ (JSC::DFG::FPRResult::lockedResult):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillInteger):
+ (JSC::DFG::SpeculativeJIT::fillDouble):
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::cachedGetMethod):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillInteger):
+ (JSC::DFG::SpeculativeJIT::fillDouble):
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::cachedGetMethod):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * runtime/JSFunction.h:
+
+2011-11-14 Filip Pizlo <fpizlo@apple.com>
+
+ Weak reference harvesters should run to fixpoint
+ https://bugs.webkit.org/show_bug.cgi?id=72346
+
+ Reviewed by Oliver Hunt.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * heap/ListableHandler.h:
+ (JSC::ListableHandler::next):
+ (JSC::ListableHandler::List::head):
+ (JSC::ListableHandler::List::removeNext):
+ (JSC::ListableHandler::List::removeAll):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::reset):
+ (JSC::SlotVisitor::harvestWeakReferences):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::isEmpty):
+
+2011-11-14 Oliver Hunt <oliver@apple.com>
+
+ Start migrating typed array impl types to WTF
+ https://bugs.webkit.org/show_bug.cgi?id=72336
+
+ Reviewed by Geoffrey Garen.
+
+ Add typed array impls to WTF forwarding header.
+
+ * wtf/Forward.h:
+
+2011-11-14 Julien Chaffraix <jchaffraix@webkit.org>
+
+ Add --css-grid-layout to build-webkit and the build systems
+ https://bugs.webkit.org/show_bug.cgi?id=72320
+
+ Reviewed by Ojan Vafai.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-11-14 Geoffrey Garen <ggaren@apple.com>
+
+ A little bit of arguments / activation cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=72339
+
+ Reviewed by Gavin Barraclough.
+
+ Renamed copyRegisters => tearOff to match bytecode and other terminology.
+
+ Renamed setActivation => didTearOffActivation to indicate that this is a
+ notification the object may choose to ignore. Moved "Should I ignore?"
+ code into the arguments object to avoid duplication elsewhere.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveArguments):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createAndTearOff):
+ (JSC::Arguments::didTearOffActivation):
+ (JSC::Arguments::finishCreationButDontTearOff):
+ (JSC::Arguments::finishCreation):
+ (JSC::Arguments::finishCreationAndTearOff):
+ (JSC::Arguments::tearOff):
+
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::tearOff): Moved Activation's code into its own header
+ because that's where it belongs.
+
+2011-11-14 Gavin Barraclough <barraclough@apple.com>
+
+ Should sign the jsc binary
+ https://bugs.webkit.org/show_bug.cgi?id=72332
+
+ Reviewed by David Kilzer.
+
+ * Configurations/JSC.xcconfig:
+ * entitlements.plist: Added.
+
+2011-11-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG's inline references to objects should be tracked
+ https://bugs.webkit.org/show_bug.cgi?id=72313
+
+ Reviewed by Gavin Barraclough.
+
+ Added a pinCell() method in the parser that currently creates a
+ dummy constant in CodeBlock. Added calls to pinCell() wherever the
+ DFG would inline a constant reference that the original code would
+ not have referred to.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getCellConstantIndex):
+ (JSC::DFG::ByteCodeParser::pinCell):
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
+2011-11-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG put_by_id transition optimizations test the wrong structures
+ https://bugs.webkit.org/show_bug.cgi?id=72324
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::structureChainIsStillValid):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Further changes and cleanup to JSString.h and cpp.
+
+ Reviewed by Darin Adler.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope): Change PassRefPtr to RefPtr. Eliminated exec in slow case calls.
+ (JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name.
+ (JSC::JSString::resolveRopeSlowCase): Removed exec parameter.
+ * runtime/JSString.h:
+
+2011-11-14 Adam Barth <abarth@webkit.org>
+
+ DateMath.cpp should not depend on JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=71747
+
+ Reviewed by Darin Adler.
+
+ This patch moves the JSC-specific parts of DateMath into JSDateMath in
+ JavaScriptCore. There shouldn't be any behavior change.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConversion.cpp:
+ * runtime/DateInstance.cpp:
+ * runtime/DateInstanceCache.h:
+ * runtime/DatePrototype.cpp:
+ * runtime/InitializeThreading.cpp:
+ * runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp.
+ (JSC::timeToMS):
+ (JSC::msToSeconds):
+ * runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h.
+ * wtf/DateMath.cpp:
+ (WTF::isLeapYear):
+ (WTF::msToDays):
+ (WTF::msToMinutes):
+ (WTF::msToHours):
+ (WTF::parseDateFromNullTerminatedCharacters):
+ (WTF::makeRFC2822DateString):
+ * wtf/DateMath.h:
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 bit strings - Add 8 bit handling to JSString Ropes
+ https://bugs.webkit.org/show_bug.cgi?id=72317
+
+ Added bit to track that a rope is made up of all 8 bit fibers.
+ Created an 8 bit path (fast and slow cases) to handle 8 bit
+ only ropes.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase8):
+ (JSC::JSString::resolveRopeSlowCase16):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::finishCreation):
+ (JSC::RopeBuilder::is8Bit):
+ (JSC::jsSubstring8):
+
+2011-11-14 Geoffrey Garen <ggaren@apple.com>
+
+ A little bit of function call cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=72314
+
+ Reviewed by Oliver Hunt.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset
+ because this value doesn't give you the offset of the callee's call frame.
+
+ (JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead
+ of greater-than. Removed comment since its reasoning was wrong.
+
+ (JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above.
+
+ (JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way
+ to ask this question, giving the bytecode generator more freedom to change
+ internal implementation details.
+
+ * bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because
+ 16 was overkill.
+ (JSC::CallArguments::registerOffset): Updated for rename mentioned above.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::CallArguments::CallArguments):
+ (JSC::CallArguments::newArgument): Factored out argument allocation into
+ a helper function, so I can change it later.
+
+ (JSC::CallFunctionCallDotNode::emitBytecode):
+ (JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above.
+
+2011-11-14 Tony Chang <tony@chromium.org>
+
+ Remove the CSS3_FLEXBOX compile time flag and enable on all ports
+ https://bugs.webkit.org/show_bug.cgi?id=72196
+
+ Reviewed by Ojan Vafai.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-11-14 Mark Rowe <mrowe@apple.com>
+
+ <rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore
+
+ testRegExp and testapi.js were being installed in the JavaScriptCore framework.
+ As test-only tools they shouldn't be installed there by default, only when
+ FORCE_TOOL_INSTALL is set to YES.
+
+ This patch incorprorates a few related changes:
+ 1) Make the jsc and testRegExp targets be configured via .xcconfig files.
+ 2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when
+ FORCE_TOOL_INSTALL is YES.
+ 3) Switches the testapi target to using a script build phase to install testapi.js
+ so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure
+ why this isn't the built-in behavior when a Copy Files build phase has "Copy only
+ when installing" checked, but it doesn't seem to be.
+ 4) Other random cleanup such as removing a bogus group that refers to files that do
+ not exist, moving testRegExp.cpp in to the tests group, etc.
+
+ Reviewed by Geoff Garen.
+
+ * Configurations/JSC.xcconfig: Added.
+ * Configurations/TestRegExp.xcconfig: Added.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 bit strings - Add 8 bit paths to StringImpl methods
+ https://bugs.webkit.org/show_bug.cgi?id=72290
+
+ Added 8 bit patchs to StringImpl to number and find methods.
+
+ Reviewed by Oliver Hunt.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::toIntStrict):
+ (WTF::StringImpl::toUIntStrict):
+ (WTF::StringImpl::toInt64Strict):
+ (WTF::StringImpl::toUInt64Strict):
+ (WTF::StringImpl::toIntPtrStrict):
+ (WTF::StringImpl::toInt):
+ (WTF::StringImpl::toUInt):
+ (WTF::StringImpl::toInt64):
+ (WTF::StringImpl::toUInt64):
+ (WTF::StringImpl::toIntPtr):
+ (WTF::StringImpl::toDouble):
+ (WTF::StringImpl::toFloat):
+ (WTF::StringImpl::find):
+ (WTF::StringImpl::reverseFind):
+ * wtf/text/WTFString.cpp:
+ (WTF::toIntegralType):
+ (WTF::lengthOfCharactersAsInteger):
+ (WTF::charactersToIntStrict):
+ (WTF::charactersToUIntStrict):
+ (WTF::charactersToInt64Strict):
+ (WTF::charactersToUInt64Strict):
+ (WTF::charactersToIntPtrStrict):
+ (WTF::charactersToInt):
+ (WTF::charactersToUInt):
+ (WTF::charactersToInt64):
+ (WTF::charactersToUInt64):
+ (WTF::charactersToIntPtr):
+ (WTF::toDoubleType):
+ (WTF::charactersToDouble):
+ (WTF::charactersToFloat):
+ * wtf/text/WTFString.h:
+ (WTF::find):
+ (WTF::reverseFind):
+
+2011-11-14 Vincent Scheib <scheib@chromium.org>
+
+ Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags
+ https://bugs.webkit.org/show_bug.cgi?id=72286
+
+ Reviewed by Adam Barth.
+
+ * wtf/Platform.h:
+
+2011-11-14 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=72280
+
+ Rubber stamped by Geoff Garen.
+
+ Fix 32-bit Lion.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+
+2011-11-14 Geoffrey Garen <ggaren@apple.com>
+
+ 32-bit Build fix: declare virtual register indices to be int rather than
+ unsigned, since they can be positive or negative.
+
+ For better clarity, explicitly use ReturnPC instead of -1 as the "invalid"
+ state, since we'll never load and operate on the ReturnPC as a JS value.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadTag):
+ (JSC::JIT::emitLoadPayload):
+ (JSC::JIT::emitLoad):
+ (JSC::JIT::emitLoad2):
+ (JSC::JIT::emitLoadDouble):
+ (JSC::JIT::emitLoadInt32ToDouble):
+ (JSC::JIT::emitStore):
+ (JSC::JIT::emitStoreInt32):
+ (JSC::JIT::emitStoreAndMapInt32):
+ (JSC::JIT::emitStoreCell):
+ (JSC::JIT::emitStoreBool):
+ (JSC::JIT::emitStoreDouble):
+ (JSC::JIT::map):
+ (JSC::JIT::unmap):
+ (JSC::JIT::isMapped):
+ (JSC::JIT::getMappedPayload):
+ (JSC::JIT::getMappedTag):
+ (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Remove unused m_data member from UStringSourceProvider
+ https://bugs.webkit.org/show_bug.cgi?id=72289
+
+ Removed unused m_data member from UStringSourceProvider.
+
+ Reviewed by Oliver Hunt.
+
+ * parser/SourceProvider.h:
+ (JSC::UStringSourceProvider::UStringSourceProvider):
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 Bit Strings: Templatize YARR Parser
+ https://bugs.webkit.org/show_bug.cgi?id=72288
+
+ Changed Yarr::Parser to be a template based on character type.
+
+ Reviewed by Oliver Hunt.
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::Parser):
+ (JSC::Yarr::parse):
+
+2011-11-14 Geoffrey Garen <ggaren@apple.com>
+
+ 32-bit build fix: Removed unused declaration.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-11-12 Geoffrey Garen <ggaren@apple.com>
+
+ Standardized the JS calling convention
+ https://bugs.webkit.org/show_bug.cgi?id=72221
+
+ Reviewed by Oliver Hunt.
+
+ This patch standardizes the calling convention so that the caller always
+ sets up the callee's CallFrame. Adjustments for call type, callee type,
+ argument count, etc. now always take place after that initial setup.
+
+ This is a step toward reversing the argument order, but also has these
+ immediate benefits (measured on x64):
+
+ (1) 1% benchmark speedup across the board.
+
+ (2) 50% code size reduction in baseline JIT function calls.
+
+ (3) 1.5x speedup for single-dispatch .apply forwarding.
+
+ (4) 1.1x speedup for multi-dispatch .apply forwarding.
+
+ This change affected the baseline JIT most, since the baseline JIT had
+ lots of ad hoc calling conventions for different caller / callee types.
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::branchPtr):
+ (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
+ a test, like other assemblers do. (I added some compares to 0, and didn't
+ want them to be slow.)
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
+ op_call_varargs could share code generation with other forms of op_call.
+ This is also a small optimization, since op_*varargs no longer have to
+ pass arguments to each other through the register file.
+
+ (JSC::CallLinkInfo::unlink):
+ * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
+ us to link functions called through .apply syntax. We need to distinguish
+ CallVarargs from Call because CallVarargs changes its argument count
+ on each inovcation, so we must always link to the argument count checking
+ version of the callee.
+
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCallVarargs):
+ * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
+ some of this bytecode generation to remove redundant copies.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
+ DFG doesn't support this type, but its code needs to change slightly
+ to accomodate a 3-state variable.
+
+ Stopped passing the argument count in regT1 because this is non-standard.
+ (The argument count goes in the CallFrame. This trades speed on the slow
+ path for speed and code size on the fast path, and simplicity on all paths.
+ A good trade, in my opinion.)
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
+ setup more obvious when single-stepping. Also, updated for argument count
+ not being in regT1.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addJSCall):
+ (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
+ type: CallVarargs.
+
+ * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
+ doing anything else. Don't check for stack overflow because we have no callee
+ registers, and our caller has already checked for its own registers.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
+ count doesn't match -- we just need to link to the argument count checking
+ version.
+
+ * interpreter/CallFrameClosure.h:
+ (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
+ arguments from C++, we need to supply a full copy of the arguments prior
+ to the subset copy that matches our callee's argument count. (That is what
+ the standard calling convention would have produced in JS.) I would have
+ split this into its own patch, but I couldn't find a way to get the JIT
+ to fail a regression test in this area without my patch applied.
+
+ * interpreter/Interpreter.cpp: Let the true code bomb begin!
+
+ (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
+ and not eval()'s caller frame. We no longer leave the CallFrame pointing
+ to eval()'s caller during a call to eval(), since that is not standard.
+
+ (JSC::loadVarargs): Factored out a shared helper function for use by JIT
+ and interpreter because half the code means one quarter the bugs -- in my
+ programming, at least.
+
+ (JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
+
+ (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
+ putDirect, because it got in the way of my testing. (When putting a
+ function, the cached base of a PutPropertySlot can be 0 to signify "do
+ not optimize".)
+
+ op_call_eval: Updated for new, standard eval calling convention.
+
+ op_load_varargs: Merged op_load_varargs into op_call_varargs.
+
+ op_call_varags: Updated for new, standard eval calling convention. Don't
+ check for stack overflow because the loadVarargs helper function already
+ checked.
+
+ * interpreter/Interpreter.h:
+ (JSC::Interpreter::execute): Headers are fun and educational!
+
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::growSlowCase):
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::grow): Factored out the slow case into a slow
+ case because it was cramping the style of my fast case.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile): Moved initialization of
+ RegisterFile::CodeBlock to make it more obvious when debugging. Removed
+ assumption that argument count is in regT1, as above. Removed call to
+ restoreArgumentReference() because the JITStubCall abstraction does this for us.
+
+ (JSC::JIT::linkFor): Link even if we miss on argument count, as above.
+
+ * jit/JIT.h:
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emitSlow_op_call):
+ (JSC::JIT::emitSlow_op_call_eval):
+ (JSC::JIT::emitSlow_op_call_varargs):
+ (JSC::JIT::emitSlow_op_construct):
+ (JSC::JIT::emit_op_call_eval):
+ (JSC::JIT::emit_op_call_varargs): Share all function call code generation.
+ Don't count call_eval when accounting for linkable function calls because
+ eval doesn't link. (Its fast path is to perform the eval.)
+
+ (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
+ to our new calling convention. The key to this optimization is the
+ observation that, in a function that declares no arguments, if any
+ arguments are passed, they all end up right behind 'this'.
+
+ (JSC::JIT::compileCallEval):
+ (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.
+
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
+ this is the whole point of my patch. The caller now unconditionally moves
+ the CallFrame forward and fills in the data it knows before taking any
+ branches to deal with weird caller/callee pairs.
+
+ This also means that there is almost no slow path for calls -- it all
+ gets folded into the shared virtual call stub. The only things remaining
+ in the slow path are the rare case counter and a call to the stub.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall): Updated for values being in
+ different registers or in memory, based on our new standard calling
+ convention.
+
+ Added a shared path for calling out to CTI helper functions for non-JS
+ calls.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check): method_check emits its own code and
+ the following get_by_id's code, so it needs to add both when informing
+ result chaining of its result. This is important because the standard
+ calling convention can now take advantage of this chaining.
+
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ (JSC::JIT::compileCallEval):
+ (JSC::JIT::compileCallEvalSlowCase):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::emit_op_call_eval):
+ (JSC::JIT::emit_op_call_varargs):
+ (JSC::JIT::emitSlow_op_call):
+ (JSC::JIT::emitSlow_op_call_eval):
+ (JSC::JIT::emitSlow_op_call_varargs):
+ (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
+ second time, now with 64 bits.
+
+ * jit/JITStubs.cpp:
+ (JSC::throwExceptionFromOpCall):
+ (JSC::jitCompileFor):
+ (JSC::arityCheckFor):
+ (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
+ Exceptions thrown in the middle of a function call now use a shared helper
+ function (throwExceptionFromOpCall). This function understands that the
+ CallFrame currently points to the callEE, and the exception must be
+ thrown by the callER. (The old calling convention would often still have
+ the CallFrame pointing at the callER at the point of an exception. That
+ is not the way of our new, standard calling convention.)
+
+ (JSC::op_call_eval): Finish standard CallFrame setup before calling
+ our eval helper function, which now depends on that setup.
+
+ * runtime/Arguments.h:
+ (JSC::Arguments::length): Renamed numProvidedArguments() to length()
+ because that's what other objects call it, and the difference made our
+ new loadVarargs helper function hard to read.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
+ fixes.
+
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
+ the .apply call_varargs optimization fails. (This bug appears on layout
+ tests when you disable the optimization.)
+
+2011-11-11 Jer Noble <jer.noble@apple.com>
+
+ Implement MediaController.
+ https://bugs.webkit.org/show_bug.cgi?id=71408
+
+ Reviewed by Eric Carlson.
+
+ Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as
+ CoreAudioClock.h is not available there.
+
+ * wtf/Platform.h:
+
+2011-11-14 Patrick Gansterer <paroga@webkit.org>
+
+ [WIN] Remove dependency on pthread from FastMalloc
+ https://bugs.webkit.org/show_bug.cgi?id=72098
+
+ Reviewed by Adam Roben.
+
+ All pthread calls are already ported to native Windows calls.
+ Use the native version for all OS(WINDOWS) to remove the
+ runtime dependency on the pthread dll.
+
+ * wtf/FastMalloc.cpp:
+
+2011-11-14 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Replace use of QApplication with QGuiApplication.
+
+ Reviewed by Tor Arne Vestbø.
+
+ * wtf/qt/compat/qguiapplication.h:
+ (QGuiApplication::styleHints): Introduce styleHints wrapper hack.
+
+2011-11-14 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck build.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2011-11-11 Yury Semikhatsky <yurys@chromium.org>
+
+ Web Inspector: function remote objetct should provide access to function position in the script
+ https://bugs.webkit.org/show_bug.cgi?id=71808
+
+ Exposed accessor for function source code.
+
+ Reviewed by Pavel Feldman.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::sourceCode):
+ * runtime/JSFunction.h:
+
+2011-11-13 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix silent spilling/filling GPRs in DFG 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=72201
+
+ Reviewed by Gavin Barraclough.
+
+ Current silentSpillGPR/silentFillGPR may not work as expected for some
+ cases in 32_64. If there's a JSValue which was retained by two GPRs,
+ we may end up failing to spill/fill some GPRs or redundantly
+ spilling/filling some GPRs. For example, if we tend to exclude "eax"
+ from spilling while a JSValue is retained by both "eax" and "edx",
+ then "edx" won't be spilled as well (wrong). And if another JSValue is
+ retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
+ twice. The similar problem applies to silentFillGPR.
+ The fix is to make silentSpillGPR/silentFillGPR more straightforward,
+ i.e., spilling/filling based on the GPR instead of the virtual
+ register. FPR spilling/filling is also modified accordingly to make it
+ consistent with GPR spilling/filling.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
+
+2011-11-12 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ [Qt][Symbian] Remove support for WINSCW compiler
+ https://bugs.webkit.org/show_bug.cgi?id=70178
+
+ Reviewed by Chang Shu.
+
+ * API/JSStringRef.h:
+ * create_hash_table: Revert r45553.
+ * runtime/JSGlobalData.cpp: Revert r45553.
+ * runtime/LiteralParser.cpp: Remove WINSCW comment.
+ (JSC::LiteralParser::Lexer::lexString):
+ * runtime/Lookup.h: Revert r45553.
+ * runtime/Structure.h: Revert r48461.
+ * wtf/Alignment.h:
+ * wtf/Assertions.h: Revert r52337.
+ * wtf/Compiler.h:
+ * wtf/ListRefPtr.h: Revert r48988.
+ (WTF::ListRefPtr::~ListRefPtr):
+ * wtf/OwnArrayPtr.h: Revert r45911.
+ (WTF::OwnArrayPtr::operator UnspecifiedBoolType):
+ * wtf/PassOwnArrayPtr.h:
+ (WTF::PassOwnArrayPtr::operator UnspecifiedBoolType):
+ * wtf/PassRefPtr.h:
+ * wtf/StaticConstructors.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+
+2011-11-12 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code.
+
+ * dfg/DFGCorrectableJumpPoint.cpp:
+ * dfg/DFGCorrectableJumpPoint.h:
+
+2011-11-12 Patrick Gansterer <paroga@webkit.org>
+
+ [CMake] Move list of DFG source files into correct file
+ https://bugs.webkit.org/show_bug.cgi?id=72212
+
+ Reviewed by Daniel Bates.
+
+ The DFG files are platform independent. So move them from
+ the EFL specific file into the general CMakeLists.txt.
+
+ * CMakeLists.txt:
+ * PlatformEfl.cmake:
+
+2011-11-12 Patrick Gansterer <paroga@webkit.org>
+
+ Fix "unused variable" warning in JSLock
+ https://bugs.webkit.org/show_bug.cgi?id=72213
+
+ Reviewed by Anders Carlsson.
+
+ Use ASSERT_UNUSED() instead of ASSERT() to make sure
+ that the variable is also used in the release build.
+
+ * runtime/JSLock.cpp:
+ (JSC::JSLock::lock):
+ (JSC::JSLock::unlock):
+
+2011-11-11 Gavin Barraclough <barraclough@apple.com>
+
+ Update iOS compiler version.
+
+ Reviewed by David Kilzer.
+
+ * Configurations/CompilerVersion.xcconfig:
+ - Update compiler version.
+
+2011-11-11 Gavin Barraclough <barraclough@apple.com>
+
+ Update iOS port's configuration setting, particularly in Platform.h
+ https://bugs.webkit.org/show_bug.cgi?id=72187
+
+ Reviewed by David Kilzer.
+
+ * interpreter/Interpreter.h:
+ - Lower the reentry depth.
+ * runtime/DatePrototype.cpp:
+ - iOS also uses CF.
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::IncrementalScavenge):
+ - Update fastmalloc configuration for iOS.
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+ - Added flag.
+ * wtf/Platform.h:
+ - Update platform configuration for iOS.
+
+2011-11-11 David Kilzer <ddkilzer@apple.com>
+
+ Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X
+ <http://webkit.org/b/72175>
+
+ Reviewed by Joseph Pecoraro.
+
+ * wtf/Platform.h: Move the definition of the BUILDING_ON_* and
+ TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined
+ so that they're only defined on Mac OS X builds. Also include
+ Availability.h, which is needed on iOS builds.
+
+2011-11-11 Darin Adler <darin@apple.com>
+
+ Remove all releaseRef implementations except for RetainPtr
+ https://bugs.webkit.org/show_bug.cgi?id=71423
+
+ Reviewed by Julien Chaffraix.
+
+ * API/JSRetainPtr.h: Removed releaseRef.
+ * wtf/PassRefPtr.h: Removed releaseRef.
+
+2011-11-11 Darin Adler <darin@apple.com>
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file.
+ If an older Xcode downgrades this file and we have a risk of some kind of
+ oscillating commit situation, please contact me so I know not to do this again.
+
+2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add jsCast to replace static_cast
+ https://bugs.webkit.org/show_bug.cgi?id=72071
+
+ Reviewed by Geoffrey Garen.
+
+ Added new jsCast and changed all of the static_cast sites in functions that
+ are in the MethodTable to use jsCast instead.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::toStringCallback):
+ (JSC::JSCallbackFunction::valueOfCallback):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::visitChildren):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::className):
+ (JSC::::getOwnPropertySlot):
+ (JSC::::getOwnPropertyDescriptor):
+ (JSC::::put):
+ (JSC::::deleteProperty):
+ (JSC::::deletePropertyByIndex):
+ (JSC::::getConstructData):
+ (JSC::::hasInstance):
+ (JSC::::getCallData):
+ (JSC::::getOwnPropertyNames):
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ (JSC::DebuggerActivation::className):
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ (JSC::DebuggerActivation::put):
+ (JSC::DebuggerActivation::putWithAttributes):
+ (JSC::DebuggerActivation::deleteProperty):
+ (JSC::DebuggerActivation::getOwnPropertyNames):
+ (JSC::DebuggerActivation::getOwnPropertyDescriptor):
+ (JSC::DebuggerActivation::defineGetter):
+ (JSC::DebuggerActivation::defineSetter):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ (JSC::Arguments::getOwnPropertySlotByIndex):
+ (JSC::Arguments::getOwnPropertySlot):
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ (JSC::Arguments::getOwnPropertyNames):
+ (JSC::Arguments::putByIndex):
+ (JSC::Arguments::put):
+ (JSC::Arguments::deletePropertyByIndex):
+ (JSC::Arguments::deleteProperty):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getOwnPropertySlot):
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertySlot):
+ (JSC::DatePrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::clearCode):
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ (JSC::JSActivation::getOwnPropertyNames):
+ (JSC::JSActivation::getOwnPropertySlot):
+ (JSC::JSActivation::put):
+ (JSC::JSActivation::putWithAttributes):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ (JSC::JSArray::getOwnPropertySlot):
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ (JSC::JSArray::put):
+ (JSC::JSArray::putByIndex):
+ (JSC::JSArray::deleteProperty):
+ (JSC::JSArray::deletePropertyByIndex):
+ (JSC::JSArray::getOwnPropertyNames):
+ (JSC::JSArray::visitChildren):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ (JSC::JSBoundFunction::visitChildren):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertySlot):
+ (JSC::JSByteArray::getOwnPropertyDescriptor):
+ (JSC::JSByteArray::getOwnPropertySlotByIndex):
+ (JSC::JSByteArray::put):
+ (JSC::JSByteArray::putByIndex):
+ (JSC::JSByteArray::getOwnPropertyNames):
+ * runtime/JSCell.h:
+ (JSC::JSCell::visitChildren):
+ (JSC::jsCast):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ (JSC::JSFunction::getCallData):
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::getOwnPropertyNames):
+ (JSC::JSFunction::put):
+ (JSC::JSFunction::deleteProperty):
+ (JSC::JSFunction::getConstructData):
+ * runtime/JSGlobalData.cpp:
+ (JSC::StackPreservingRecompiler::operator()):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ (JSC::JSGlobalObject::putWithAttributes):
+ (JSC::JSGlobalObject::defineGetter):
+ (JSC::JSGlobalObject::defineSetter):
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ (JSC::JSGlobalObject::clearRareData):
+ * runtime/JSGlobalThis.cpp:
+ (JSC::JSGlobalThis::visitChildren):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::getOwnPropertySlot):
+ (JSC::JSONObject::getOwnPropertyDescriptor):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::finalize):
+ (JSC::JSObject::visitChildren):
+ (JSC::JSObject::getOwnPropertySlotByIndex):
+ (JSC::JSObject::put):
+ (JSC::JSObject::putByIndex):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::deletePropertyByIndex):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getOwnPropertySlot):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ (JSC::JSStaticScopeObject::put):
+ (JSC::JSStaticScopeObject::putWithAttributes):
+ (JSC::JSStaticScopeObject::getOwnPropertySlot):
+ * runtime/JSString.cpp:
+ (JSC::JSString::visitChildren):
+ (JSC::JSString::toThisObject):
+ (JSC::JSString::getOwnPropertySlot):
+ (JSC::JSString::getOwnPropertySlotByIndex):
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::deleteProperty):
+ (JSC::JSVariableObject::getOwnPropertyNames):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertySlot):
+ (JSC::MathObject::getOwnPropertyDescriptor):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getOwnPropertySlot):
+ (JSC::ObjectConstructor::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getOwnPropertySlot):
+ (JSC::RegExpConstructor::getOwnPropertyDescriptor):
+ (JSC::RegExpConstructor::put):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlot):
+ (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
+ (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
+ (JSC::RegExpMatchesArray::put):
+ (JSC::RegExpMatchesArray::putByIndex):
+ (JSC::RegExpMatchesArray::deleteProperty):
+ (JSC::RegExpMatchesArray::deletePropertyByIndex):
+ (JSC::RegExpMatchesArray::getOwnPropertyNames):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ (JSC::RegExpObject::getOwnPropertySlot):
+ (JSC::RegExpObject::getOwnPropertyDescriptor):
+ (JSC::RegExpObject::put):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getOwnPropertySlot):
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlot):
+ (JSC::StringObject::getOwnPropertySlotByIndex):
+ (JSC::StringObject::getOwnPropertyDescriptor):
+ (JSC::StringObject::deleteProperty):
+ (JSC::StringObject::getOwnPropertyNames):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertySlot):
+ (JSC::StringPrototype::getOwnPropertyDescriptor):
+ * runtime/Structure.cpp:
+ (JSC::Structure::visitChildren):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+
+2011-11-11 Gavin Barraclough <barraclough@apple.com>
+
+ Enable DFG JIT for ARMv7/iOS.
+
+ Rubber stamped by Oliver Hunt.
+
+ * wtf/Platform.h:
+ - enable DFG JIT for ARMv7/iOS.
+
+2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject
+ https://bugs.webkit.org/show_bug.cgi?id=72035
+
+ Reviewed by Geoffrey Garen.
+
+ De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable.
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * interpreter/Interpreter.cpp: Ditto.
+ (JSC::Interpreter::execute):
+ * runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers.
+ * runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table.
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers.
+ (JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table.
+ (JSC::JSGlobalObject::supportsRichSourceInfo): Ditto.
+ (JSC::JSGlobalObject::shouldInterruptScript): Ditto.
+ * runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup.
+ (JSC::TimeoutChecker::didTimeOut):
+
+2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSGlobalObject::allowsAccessFrom
+ https://bugs.webkit.org/show_bug.cgi?id=71969
+
+ Reviewed by Darin Adler.
+
+ * runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to
+ JSDOMWindowBase and WebScriptObject.
+
+2011-11-11 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r99950.
+ http://trac.webkit.org/changeset/99950
+ https://bugs.webkit.org/show_bug.cgi?id=72117
+
+ "Landed wrong patch by mistake" (Requested by yurys on
+ #webkit).
+
+ * JavaScriptCore.exp:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+
+2011-11-11 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r99898.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+
+2011-11-10 Dan Bernstein <mitz@apple.com>
+
+ Disabling assertions breaks the debug build
+ https://bugs.webkit.org/show_bug.cgi?id=72091
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGNode.h: Made hasIdentifier() available when assertions are
+ disabled. It is used in Graph::dump().
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation
+ only if assertions are enabled.
+ * wtf/Deque.h:
+ (WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED.
+ * wtf/ThreadRestrictionVerifier.h:
+ (WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of
+ a local variable that is only used in an assertion.
+
+2011-11-10 Filip Pizlo <fpizlo@apple.com>
+
+ JSString forgets to clear m_fibers when resolving ropes
+ https://bugs.webkit.org/show_bug.cgi?id=72089
+
+ Reviewed by Geoff Garen.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRopeSlowCase):
+
+2011-11-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG byte array support sometimes clamps values incorrectly
+ https://bugs.webkit.org/show_bug.cgi?id=71975
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+
+2011-11-10 Filip Pizlo <fpizlo@apple.com>
+
+ ValueProfile/PredictedType contains dead code, and doesn't recognize functions
+ https://bugs.webkit.org/show_bug.cgi?id=72065
+
+ Reviewed by Gavin Barraclough and Geoff Garen.
+
+ Added PredictFunction support, and did some cleaning up along the way.
+ ValueProfile no longer has statistics machinery, because we never used
+ it. Rearranged some bits in PredictedType to more easily make room for
+ one more object type. Changed some debug code to use more consistent
+ conventions (ByteArray becomes Bytearray so that if we ever have a
+ "Byte" prediction we don't get confused between a prediction that is
+ the union of Byte and Array and a prediction that indicates precisely
+ a ByteArray).
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC::isFunctionPrediction):
+ * bytecode/ValueProfile.cpp:
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::dump):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-11-10 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR
+
+ Reviewed by Joseph Pecoraro.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
+ script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
+ for installation. Also removed "Versions/A/" from the path
+ since this is unneeded due the default symlinks present in the
+ framework.
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ Add ARMv7 support to the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=72061
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
+ (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
+ (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
+ (JSC::DFG::AssemblyHelpers::boxDouble):
+ (JSC::DFG::AssemblyHelpers::unboxDouble):
+ - Add CPU(ARM) copies of these functions.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::spill):
+ - Fix matching of '}' re #if blocks, makes some tools happy.
+ (JSC::DFG::JITCodeGenerator::setupArguments):
+ (JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState):
+ (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult):
+ (JSC::DFG::JITCodeGenerator::appendCallSetResult):
+ - Add CPU(ARM) / 4 argument register copies of these functions.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ - Should use callOperation to plant a call to a DFG_OPERATION.
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ - These methods need to plant a relinkable jump; we currently do so
+ using beginUninterruptedSequence() / endUninterruptedSequence().
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ - Should use callOperation to plant a call to a DFG_OPERATION.
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ - This method needs to plant a relinkable jump; we currently do so
+ using beginUninterruptedSequence() / endUninterruptedSequence().
+ (JSC::DFG::JITCompiler::compileBody):
+ - Add abstraction to retrieve the pc after a call.
+ * dfg/DFGOSRExitCompiler.cpp:
+ - Fix a bug - CodeLocationLabel needs a data address rather than an
+ executable one, but can just take a MacroAssemblerCodePtr instead!
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::compileClampDoubleToByte):
+ - Add FIXME comment to come back to! - bug#72054.
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ - Add missing method (ooops, required by bug#72047)
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ - Need to wrap fmod on ARMv7.
+
+
+2011-11-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not reparse code that was just parsed
+ https://bugs.webkit.org/show_bug.cgi?id=71977
+
+ Reviewed by Geoff Garen.
+
+ The instruction stream of a code block is now kept around until
+ the next GC. When doing either an optimizing compilation of an
+ executable, or inlining of an executable, we now try to find the
+ already preexisting bytecode. If we find it, we don't have to parse.
+ If we don't find it, we parse as before. Inlining takes the extra
+ step of caching code blocks, so if the same executable gets inlined
+ multiple times into the same caller, then we parse it at most once
+ even if prior to inlining that executable did not have any code
+ blocks with an instruction stream.
+
+ Also fixed a silly bug where the strict mode for various operations
+ was being determined by looking at the machine code block rather
+ than the inlinee.
+
+ To enable the delete-on-next-GC policy, I introduced the notion
+ of an ultra weak finalizer, which anyone can register during
+ tracing. This is thread-safe (for parallel GC) and
+ stop-the-world-safe (so calls to free() are postponed until the
+ world is resumed). This required reusing some facilities previously
+ created for WeakReferenceHarvester, so I created a common utility
+ class. I also retweaked the handling of WeakReferenceHarvesters,
+ since they should be executed during stop-the-world since in the
+ future we may want to allow them to call drain().
+
+ 2% win on SunSpider. 2% win on V8, when run in my harness. Neutral
+ elsewhere.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::copyPostParseDataFrom):
+ (JSC::CodeBlock::copyPostParseDataFromAlternative):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::canProduceCopyWithBytecode):
+ (JSC::CodeBlock::discardBytecodeLater):
+ (JSC::CodeBlock::handleBytecodeDiscardingOpportunity):
+ (JSC::GlobalCodeBlock::GlobalCodeBlock):
+ (JSC::ProgramCodeBlock::ProgramCodeBlock):
+ (JSC::EvalCodeBlock::EvalCodeBlock):
+ (JSC::FunctionCodeBlock::FunctionCodeBlock):
+ (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker):
+ (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::strictModeFor):
+ * dfg/DFGByteCodeCache.h: Added.
+ (JSC::DFG::CodeBlockKey::CodeBlockKey):
+ (JSC::DFG::CodeBlockKey::operator==):
+ (JSC::DFG::CodeBlockKey::hash):
+ (JSC::DFG::CodeBlockKey::executable):
+ (JSC::DFG::CodeBlockKey::kind):
+ (JSC::DFG::CodeBlockKey::isHashTableDeletedValue):
+ (JSC::DFG::CodeBlockKeyHash::hash):
+ (JSC::DFG::CodeBlockKeyHash::equal):
+ (JSC::DFG::ByteCodeCache::ByteCodeCache):
+ (JSC::DFG::ByteCodeCache::~ByteCodeCache):
+ (JSC::DFG::ByteCodeCache::get):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/Heap.cpp:
+ (JSC::Heap::finalizeUnconditionally):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/ListableHandler.h: Added.
+ (JSC::ListableHandler::ListableHandler):
+ (JSC::ListableHandler::~ListableHandler):
+ (JSC::ListableHandler::List::List):
+ (JSC::ListableHandler::List::addNotThreadSafe):
+ (JSC::ListableHandler::List::addThreadSafe):
+ (JSC::ListableHandler::List::hasNext):
+ (JSC::ListableHandler::List::removeNext):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::SlotVisitor::harvestWeakReferences):
+ (JSC::SlotVisitor::finalizeUnconditionally):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::addWeakReferenceHarvester):
+ (JSC::MarkStack::addUnconditionalFinalizer):
+ * heap/SlotVisitor.h:
+ * heap/UnconditionalFinalizer.h: Added.
+ (JSC::UnconditionalFinalizer::~UnconditionalFinalizer):
+ * heap/WeakReferenceHarvester.h:
+ (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
+ (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::baselineCodeBlockFor):
+ (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::profiledCodeBlockFor):
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ Add ARMv7 register info for the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=72050
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGFPRInfo.h:
+ (JSC::DFG::FPRInfo::toRegister):
+ (JSC::DFG::FPRInfo::toIndex):
+ (JSC::DFG::FPRInfo::debugName):
+ * dfg/DFGGPRInfo.h:
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ (JSC::DFG::GPRInfo::debugName):
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ #ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64
+ https://bugs.webkit.org/show_bug.cgi?id=72047
+
+ Reviewed by Geoff Garen.
+
+ We currently don't attempt to abstract divide through the macro assembler,
+ due to these instructions commonly having specific requirements. This means
+ there is architecture specific code in the JIT - #ifdef it, and provide a
+ common implementation.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::fmodAsDFGOperation):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ Add ENABLE_VALUE_PROFILER support for ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=72043
+
+ Reviewed by Geoff Garen.
+
+ This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitSlow_op_mod):
+ - cleanup location of UNUSED_PARAM
+ * jit/JITStubs.cpp:
+ (JSC::ctiTrampoline):
+ (JSC::ctiVMThrowTrampoline):
+ (JSC::ctiOpThrowNotCaught):
+ (JSC::JITThunks::JITThunks):
+ * jit/JITStubs.h:
+ - Update JITStackFrame structure & asm code to spill more registers.
+ * jit/JSInterfaceJIT.h:
+ - Assign a bucketCounterRegister.
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ Fix sampling counters on ARMv7, move add64 functionality to macro assembler
+ https://bugs.webkit.org/show_bug.cgi?id=72040
+
+ Reviewed by Geoff Garen.
+
+ The ability to add an integer to a uint64_t in memory is poorly copied in
+ multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly
+ designed interface since add32 is not required to set flags (we have no
+ concept of flags in the macro assembler interface).
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::add64):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::add64):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::add64):
+ * dfg/DFGAssemblyHelpers.cpp:
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::emitCount):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitCount):
+
+011-11-10 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake
+ https://bugs.webkit.org/show_bug.cgi?id=56705
+
+ Reviewed by Adam Roben.
+
+ * CMakeLists.txt:
+ * PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt.
+ * PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt.
+ * shell/CMakeLists.txt:
+ * shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt.
+ * shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt.
+ * wtf/CMakeLists.txt:
+ * wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt.
+ * wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt.
+
+2011-11-10 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck build.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2011-11-09 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type
+ https://bugs.webkit.org/show_bug.cgi?id=71862
+
+ Changed LiteralParser to be templatized of character type.
+
+ Moved five enums out of class definition to work around a clang compiler defect.
+
+ Added lexIdentifier templated method to break out character specific versions.
+ Added static setParserTokenString templated method to handle setting approriately
+ sized string pointer.
+
+ To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two
+ flavors of LiteralParser are explicitly instantiated at the end of
+ LiteralParser.cpp.
+
+ Reviewed by Oliver Hunt.
+
+ * API/JSValueRef.cpp:
+ (JSValueMakeFromJSONString):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::execute):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::isJSONWhiteSpace):
+ (JSC::::tryJSONPParse):
+ (JSC::::makeIdentifier):
+ (JSC::::Lexer::lex):
+ (JSC::::Lexer::lexIdentifier):
+ (JSC::::Lexer::next):
+ (JSC::LChar):
+ (JSC::UChar):
+ (JSC::isSafeStringCharacter):
+ (JSC::::Lexer::lexString):
+ (JSC::::Lexer::lexNumber):
+ (JSC::::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::LiteralParser):
+ (JSC::LiteralParser::getErrorMessage):
+ (JSC::LiteralParser::tryLiteralParse):
+ (JSC::LiteralParser::Lexer::Lexer):
+ (JSC::LiteralParser::Lexer::currentToken):
+ (JSC::LiteralParser::Lexer::getErrorMessage):
+ * runtime/UString.h:
+ (JSC::LChar):
+ (JSC::UChar):
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::append):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::append):
+
+2011-11-09 Filip Pizlo <fpizlo@apple.com>
+
+ Multiple CodeBlock should be able to share the same instruction
+ stream without copying
+ https://bugs.webkit.org/show_bug.cgi?id=71978
+
+ Reviewed by Oliver Hunt.
+
+ This refactors CodeBlock::m_instructions to be a Vector boxed in a
+ ref-counted object, but otherwise does not take advantage of this.
+
+ This is performance neutral.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::printStructure):
+ (JSC::CodeBlock::printStructures):
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::shrinkToFit):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::hasInstructions):
+ (JSC::CodeBlock::numberOfInstructions):
+ (JSC::CodeBlock::instructions):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+
+2011-11-09 Gavin Barraclough <barraclough@apple.com>
+
+ Renovate ARMv7 assembler/macro-assembler
+ https://bugs.webkit.org/show_bug.cgi?id=71982
+
+ Reviewed by Geoff Garen.
+
+ ARMv7Assembler:
+ * add support for strb (byte stores)
+ * rename the VMOV_CtoS opcodes (there are currently backwards!)
+ * add support for adc (add with carry)
+ * add support for vsqrt, vabs
+ * add support for vmov (between FPRs, and to/from GPR pairs).
+ * remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures).
+ * rename vcvt_F64_S32 to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32).
+ * rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates).
+
+ MacroAssemblerARMv7:
+ * add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32,
+ * add store8, and store32 imm to base-index.
+ * fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code).
+ * Update supportsFloating* flags (all features now supported).
+ * add moveDouble, storeDouble to absolute address, addDouble to absolute address
+ * add 3-operand double operations.
+ * implement sqrtDouble/absDouble
+ * add branchTruncateDoubleToInt32, implement truncateDoubleToInt32
+ * move should do nothing if src == dest
+ * branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed).
+ * add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address.
+
+2011-11-09 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=71873
+
+ Reviewed by Geoff Garen.
+
+ Incrementally re-landing these changes, trying to determine what went wrong.
+ (The whole patch failed tests on the build bot but worked locally.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+
+2011-11-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit code should be lazily generated
+ https://bugs.webkit.org/show_bug.cgi?id=71744
+
+ Reviewed by Gavin Barraclough.
+
+ The OSR exit code is now generated the first time it is executed,
+ rather than right after speculative compilation. Because most OSR
+ exits are never taken, this should greatly reduce both code size
+ and compilation time.
+
+ This is a 1% win on SunSpider, and a 1% win on V8 when running in
+ my harness. No change in V8 in V8's harness (due to the long runs,
+ so compile time is not an issue) and no change in Kraken (again,
+ long runs of small code so compile time has no measurable effect).
+
+ * CMakeListsEfl.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::jump):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::jump):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::jmp_m):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::createDFGDataIfNecessary):
+ (JSC::CodeBlock::appendDFGOSREntryData):
+ (JSC::CodeBlock::numberOfDFGOSREntries):
+ (JSC::CodeBlock::dfgOSREntryData):
+ (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
+ (JSC::CodeBlock::appendOSRExit):
+ (JSC::CodeBlock::appendSpeculationRecovery):
+ (JSC::CodeBlock::numberOfOSRExits):
+ (JSC::CodeBlock::numberOfSpeculationRecoveries):
+ (JSC::CodeBlock::osrExit):
+ (JSC::CodeBlock::speculationRecovery):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::debugCall):
+ * dfg/DFGCorrectableJumpPoint.cpp: Added.
+ (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
+ * dfg/DFGCorrectableJumpPoint.h: Added.
+ (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
+ (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
+ (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
+ (JSC::DFG::CorrectableJumpPoint::correctLateJump):
+ (JSC::DFG::CorrectableJumpPoint::initialJump):
+ (JSC::DFG::CorrectableJumpPoint::lateJump):
+ (JSC::DFG::CorrectableJumpPoint::correctJump):
+ (JSC::DFG::CorrectableJumpPoint::getJump):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGOSRExit.cpp: Added.
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::dump):
+ * dfg/DFGOSRExit.h:
+ * dfg/DFGOSRExitCompiler.cpp: Added.
+ * dfg/DFGOSRExitCompiler.h:
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ * dfg/DFGThunks.cpp: Added.
+ (JSC::DFG::osrExitGenerationThunkGenerator):
+ * dfg/DFGThunks.h: Added.
+ * jit/JITCode.h:
+ (JSC::JITCode::dataAddressAtOffset):
+ * runtime/JSGlobalData.h:
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing build breakage
+
+ Unreviewed build fix
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSVariableObject::isDynamicScope
+ https://bugs.webkit.org/show_bug.cgi?id=71933
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope
+ (JSC::JSActivation::isDynamicScope):
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope
+ (JSC::JSGlobalObject::isDynamicScope):
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope
+ (JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType
+ (JSC::JSStaticScopeObject::isDynamicScope):
+ * runtime/JSType.h: Added new type for JSStaticScopeObject
+ * runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the
+ object's type and calls the corresponding implementation.
+ (JSC::JSVariableObject::isDynamicScope):
+ * runtime/JSVariableObject.h:
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSGlobalObject::hasOwnPropertyForWrite
+ https://bugs.webkit.org/show_bug.cgi?id=71934
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it.
+
+2011-11-09 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=71873
+
+ Reviewed by Geoff Garen.
+
+ Incrementally re-landing these changes, trying to determine what went wrong.
+ (The whole patch failed tests on the build bot but worked locally.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::absDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::absDouble):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::absDouble):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::absDouble):
+ * assembler/MacroAssemblerX86Common.h:
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::absDouble):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/ThunkGenerators.cpp:
+ (JSC::absThunkGenerator):
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::getOwnPropertyDescriptor
+ https://bugs.webkit.org/show_bug.cgi?id=71523
+
+ Reviewed by Sam Weinig.
+
+ Added getOwnPropertyDescriptor to the MethodTable, changed all of the
+ virtual versions of getOwnPropertyDescriptor to static ones, and
+ changed all of the call sites to the corresponding lookup in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertyDescriptor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertyDescriptor):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.h:
+ * runtime/ClassInfo.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.h:
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertyDescriptor):
+ * runtime/DatePrototype.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertyDescriptor):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertyDescriptor):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertyDescriptor):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::getOwnPropertyDescriptor):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::vtableAnchor):
+ (JSC::JSObject::propertyIsEnumerable):
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ (JSC::JSObject::getPropertyDescriptor):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a
+ bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject. There were
+ no call sites for this version of getOwnPropertyDescriptor in the entire project.
+ * runtime/JSString.h:
+ * runtime/Lookup.h:
+ (JSC::getStaticPropertyDescriptor):
+ (JSC::getStaticFunctionDescriptor):
+ (JSC::getStaticValueDescriptor):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertyDescriptor):
+ * runtime/MathObject.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getOwnPropertyDescriptor):
+ (JSC::objectConstructorGetOwnPropertyDescriptor):
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getOwnPropertyDescriptor):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::getOwnPropertyDescriptor):
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
+ (JSC::StringObject::getOwnPropertyDescriptor):
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertyDescriptor):
+ * runtime/StringPrototype.h:
+
+2011-11-09 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=71873
+
+ Reviewed by Geoff Garen.
+
+ Incrementally re-landing these changes, trying to determine what went wrong.
+ (The whole patch failed tests on the build bot but worked locally.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsFloatingPoint):
+ (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsFloatingPoint):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
+ * jit/ThunkGenerators.cpp:
+ (JSC::absThunkGenerator):
+
+2011-11-08 Darin Adler <darin@apple.com>
+
+ Add code path in HashTable for emptyValueIsZero that does not require copying the empty value
+ https://bugs.webkit.org/show_bug.cgi?id=71875
+
+ Reviewed by Anders Carlsson.
+
+ This is a step along the path of making OwnPtr work as HashMap value types.
+
+ * wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here.
+ Also fixed include style. To include other WTF headers inside WTF, we use "" includes.
+ I did not change the code to fix style checker complaints.
+
+ * wtf/HashTable.h: Added includes as needed and fixed include style.
+ (WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which
+ gave it internal linkage for no good reason.
+ (WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid
+ construction/destruction problems instead of doing the trick where we construct and destroy
+ an empty value twice. It's cleaner and simpler and avoids copying the empty value.
+ (WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the
+ empty value is zero rather than copying an empty value.
+
+ * wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h.
+
+2011-11-09 Gabor Rapcsanyi <rgabor@webkit.org>
+
+ Buildfix for 32bit debug mode.
+
+ Reviewed by Csaba Osztrogonác.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::dump):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+
+2011-11-09 Andy Wingo <wingo@igalia.com>
+
+ Enable the DFG JIT on X86-64 Linux platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71373
+
+ Reviewed by Csaba Osztrogonác.
+
+ * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
+ x86-64 GNU/Linux platform.
+ * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
+
+2011-11-09 Csaba Osztrogonác <ossy@webkit.org>
+
+ Enable the DFG JIT on x86-64 Linux platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71373
+
+ Enable DFG JIT by default on X86 Linux and Mac platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71686
+
+ Buildfix for stricter compilers: -Werror=unused-but-set-variable
+
+ Reviewed by Zoltan Herczeg.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-09 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r99678.
+ http://trac.webkit.org/changeset/99678
+ https://bugs.webkit.org/show_bug.cgi?id=71882
+
+ broke the build with -Werror=unused-but-set-variable
+ (Requested by tronical_ on #webkit).
+
+ * CMakeListsEfl.txt:
+ * wtf/Platform.h:
+
+2011-11-09 Andy Wingo <wingo@igalia.com>
+
+ Enable the DFG JIT on X86-64 Linux platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71373
+
+ Reviewed by Filip Pizlo.
+
+ * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
+ x86-64 GNU/Linux platform.
+ * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::defineOwnProperty
+ https://bugs.webkit.org/show_bug.cgi?id=71429
+
+ Reviewed by Geoffrey Garen.
+
+ Added defineOwnProperty to the MethodTable, changed all the virtual
+ implementations of defineOwnProperty to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::createStrictModeCallerIfNecessary):
+ (JSC::Arguments::createStrictModeCalleeIfNecessary):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::defineOwnProperty):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorDefineProperty):
+ (JSC::defineProperties):
+
+2011-11-09 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Build system cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=71815
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ * wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf.
+
+2011-11-08 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Replace use of QApplication with QGuiApplication
+ https://bugs.webkit.org/show_bug.cgi?id=71794
+
+ Reviewed by Andreas Kling.
+
+ Add compat headers for use when building with Qt 4: QGuiApplication
+ is typedef'ed to QApplication.
+
+ * wtf/qt/compat/QGuiApplication: Added.
+ * wtf/qt/compat/qguiapplication.h: Added.
+
+2011-11-08 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r99647.
+ http://trac.webkit.org/changeset/99647
+ https://bugs.webkit.org/show_bug.cgi?id=71876
+
+ It broke jsc and layout tests on all bot (Requested by
+ Ossy_night on #webkit).
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsFloatingPoint):
+ (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARM::supportsDoubleBitops):
+ (JSC::MacroAssemblerARM::andnotDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::andnotDouble):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsFloatingPoint):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerSH4::supportsDoubleBitops):
+ (JSC::MacroAssemblerSH4::andnotDouble):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::MacroAssemblerX86):
+ (JSC::MacroAssemblerX86::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86::supportsDoubleBitops):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::andnotDouble):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
+ * assembler/X86Assembler.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/ThunkGenerators.cpp:
+ (JSC::absThunkGenerator):
+ * runtime/JSGlobalData.cpp:
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Better abstract 'abs' operation through the MacroAssembler.
+ https://bugs.webkit.org/show_bug.cgi?id=71873
+
+ Reviewed by Geoff Garen.
+
+ Currently the x86 specific instruction sequence to perform a double abs
+ is duplicated throughout the JITs / thunk generators.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsFloatingPoint):
+ (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
+ (JSC::MacroAssemblerARM::absDouble):
+ - Renamed supportsFloatingPointAbs, make these methods static so that
+ we can check the JIT's capabilites before we begin compilation.
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
+ - Renamed supportsFloatingPointAbs, make these methods static so that
+ we can check the JIT's capabilites before we begin compilation.
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::absDouble):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
+ - Renamed supportsFloatingPointAbs, make these methods static so that
+ we can check the JIT's capabilites before we begin compilation.
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsFloatingPoint):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
+ (JSC::MacroAssemblerSH4::absDouble):
+ - Renamed supportsFloatingPointAbs, make these methods static so that
+ we can check the JIT's capabilites before we begin compilation.
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::absDouble):
+ (JSC::MacroAssemblerX86::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
+ - Made supports* methods static so that we can check the JIT's
+ capabilites before we begin compilation. Added absDouble.
+ * assembler/MacroAssemblerX86Common.h:
+ - Removed andnotDouble, added s_maskSignBit.
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::absDouble):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
+ - Made supports* methods static so that we can check the JIT's
+ capabilites before we begin compilation. Added absDouble.
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::andpd_rr):
+ (JSC::X86Assembler::andpd_mr):
+ - Added support for andpd instruction.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Switched to use doubleAbs, we can now also reuse the operand register for the result.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Switched to use doubleAbs, we can now also reuse the operand register for the result.
+ * jit/ThunkGenerators.cpp:
+ - Switched to use doubleAbs.
+ (JSC::absThunkGenerator):
+ * runtime/JSGlobalData.cpp:
+ - Declared MacroAssemblerX86Common::s_maskSignBit here.
+ This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
+ to the compile for just one constant.
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Move duplicates of SYMBOL_STRING* macros to the single location
+ https://bugs.webkit.org/show_bug.cgi?id=71456
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ * wtf/InlineASM.h: Added.
+ - Moved asm related macros.
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Move code to handle 8bit regs from X86Assembler to MacroAssembler
+ https://bugs.webkit.org/show_bug.cgi?id=71867
+
+ Reviewed by Oliver Hunt.
+
+ This code is fine, but is in the wrong place really. X86 assembler should
+ basically just format up exactly the instruction you request - not expand
+ out to a set of instructions (that is what the macro assembler layer is
+ for!). For other 8-bit ops, on X86 we don't guard against clients accessing
+ the XH registers.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store8):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movb_rm):
+ - moved some code.
+
+2011-11-08 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for GTK.
+
+ * GNUmakefile.list.am:
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix.
+
+ * assembler/X86Assembler.h:
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Errrk, failed to commit this in last change.
+
+ * assembler/X86Assembler.h:
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Remove an unused method.
+
+ Rubber stamped by Geoff Garen.
+
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/AssemblerBuffer.h:
+ - removed rewindToLabel.
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
+ https://bugs.webkit.org/show_bug.cgi?id=71864
+
+ Reviewed by Filip Pizlo.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::offsetOf):
+ - We use this to return the offsets into the code of the entry points.
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ - Move the construction of the speculative JIT outside of
+ compileBody, such that it is still available to link the
+ OSR entry points at the point we are linking.
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ - Pass the label of the block & linkbuffer into noticeOSREntry.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::linkOSREntries):
+ - Moved call to noticeOSREntry until we we linking.
+ * dfg/DFGSpeculativeJIT.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ - Moved calculation of entries until we we linking.
+ * jit/JIT.h:
+ - Removed some members.
+
+2011-11-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit code should be generated by a separate compiler, not
+ related to DFG::JITCompiler
+ https://bugs.webkit.org/show_bug.cgi?id=71787
+
+ Reviewed by Gavin Barraclough.
+
+ Moves the exitSpeculativeWithOSR() method from JITCompiler to
+ OSRExitCompiler::compileExit().
+
+ * CMakeListsEfl.txt:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ * dfg/DFGJITCompiler32_64.cpp: Removed.
+ * dfg/DFGOSRExitCompiler.h: Added.
+ (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
+ * dfg/DFGOSRExitCompiler32_64.cpp: Added.
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp: Added.
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * runtime/JSValue.h:
+
+2011-11-08 Filip Pizlo <fpizlo@apple.com>
+
+ Basic DFG definitions should be moved out of DFGNode.h
+ https://bugs.webkit.org/show_bug.cgi?id=71861
+
+ Rubber-stamped by Gavin Barraclough.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGCommon.h: Added.
+ (JSC::DFG::NodeIndexTraits::defaultValue):
+ * dfg/DFGNode.h:
+ * dfg/DFGOSRExit.h:
+ * dfg/DFGRegisterBank.h:
+
+2011-11-08 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
+ https://bugs.webkit.org/show_bug.cgi?id=71761
+
+ Templatized Parser based on Lexer<T>. Moved two enums,
+ SourceElementsMode and FunctionRequirements out of Parser definition
+ to work around a clang compiler defect.
+
+ Cleaned up SourceCode data() to return StringImpl* and eliminated
+ the recently added stringData() virtual method.
+
+ To keep code in Parser.cpp and keep Parser.h small, the two flavors
+ of Parser are explicitly instantiated at the end of Parser.cpp.
+
+ Reviewed by Gavin Barraclough.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::appendSourceToError):
+ * parser/Lexer.cpp:
+ (JSC::::setCode):
+ (JSC::::sourceCode):
+ * parser/Parser.cpp:
+ (JSC::::Parser):
+ (JSC::::~Parser):
+ (JSC::::parseInner):
+ (JSC::::didFinishParsing):
+ (JSC::::allowAutomaticSemicolon):
+ (JSC::::parseSourceElements):
+ (JSC::::parseVarDeclaration):
+ (JSC::::parseConstDeclaration):
+ (JSC::::parseDoWhileStatement):
+ (JSC::::parseWhileStatement):
+ (JSC::::parseVarDeclarationList):
+ (JSC::::parseConstDeclarationList):
+ (JSC::::parseForStatement):
+ (JSC::::parseBreakStatement):
+ (JSC::::parseContinueStatement):
+ (JSC::::parseReturnStatement):
+ (JSC::::parseThrowStatement):
+ (JSC::::parseWithStatement):
+ (JSC::::parseSwitchStatement):
+ (JSC::::parseSwitchClauses):
+ (JSC::::parseSwitchDefaultClause):
+ (JSC::::parseTryStatement):
+ (JSC::::parseDebuggerStatement):
+ (JSC::::parseBlockStatement):
+ (JSC::::parseStatement):
+ (JSC::::parseFormalParameters):
+ (JSC::::parseFunctionBody):
+ (JSC::::parseFunctionInfo):
+ (JSC::::parseFunctionDeclaration):
+ (JSC::::parseExpressionOrLabelStatement):
+ (JSC::::parseExpressionStatement):
+ (JSC::::parseIfStatement):
+ (JSC::::parseExpression):
+ (JSC::::parseAssignmentExpression):
+ (JSC::::parseConditionalExpression):
+ (JSC::::isBinaryOperator):
+ (JSC::::parseBinaryExpression):
+ (JSC::::parseProperty):
+ (JSC::::parseObjectLiteral):
+ (JSC::::parseStrictObjectLiteral):
+ (JSC::::parseArrayLiteral):
+ (JSC::::parsePrimaryExpression):
+ (JSC::::parseArguments):
+ (JSC::::parseMemberExpression):
+ (JSC::::parseUnaryExpression):
+ * parser/Parser.h:
+ (JSC::::parse):
+ (JSC::parse):
+ * parser/SourceCode.h:
+ (JSC::SourceCode::data):
+ (JSC::SourceCode::subExpression):
+ * parser/SourceProvider.h:
+ (JSC::UStringSourceProvider::data):
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
+ https://bugs.webkit.org/show_bug.cgi?id=71855
+
+ Reviewed by Filip Pizlo.
+
+ The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
+ This won't work on ARMv7.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::locationOf):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT calculation of OSR entry points is not THUMB2 safe
+ https://bugs.webkit.org/show_bug.cgi?id=71852
+
+ Reviewed by Oliver Hunt.
+
+ Executable addresses are tagged with a low bit set to distinguish
+ between THUMB2 and traditional ARM.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * jit/JITCode.h:
+ (JSC::JITCode::executableAddressAtOffset):
+ (JSC::JITCode::start):
+ (JSC::JITCode::size):
+
+2011-11-08 Michael Saboff <msaboff@apple.com>
+
+ JSC::Parser::Parser leaks Lexer member
+ https://bugs.webkit.org/show_bug.cgi?id=71847
+
+ Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
+
+ Reviewed by Oliver Hunt.
+
+ * parser/Parser.cpp:
+ (JSC::Parser::Parser):
+ (JSC::Parser::parseFunctionBody):
+ * parser/Parser.h:
+
+2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Enable DFG JIT by default on X86 Linux and Mac platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71686
+
+ Reviewed by Filip Pizlo.
+
+ We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
+
+ * wtf/Platform.h:
+
+2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
+ https://bugs.webkit.org/show_bug.cgi?id=71768
+
+ Reviewed by Geoffrey Garen.
+
+ Also includes a fix to make the newly introduced AssemblyHelpers
+ friend of JSValue as we need the Tag definitions.
+
+ * CMakeListsEfl.txt:
+ * GNUmakefile.list.am:
+ * Target.pri:
+ * runtime/JSValue.h:
+
+2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix gcc 4.4 compilation warnings in DFG 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=71762
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::registersMatched):
+
+2011-11-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG code base should allow for classes not related to DFG::JITCompiler
+ to use DFG idioms
+ https://bugs.webkit.org/show_bug.cgi?id=71746
+
+ Reviewed by Gavin Barraclough.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGAssemblyHelpers.cpp: Added.
+ (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
+ (JSC::DFG::AssemblyHelpers::emitCount):
+ (JSC::DFG::AssemblyHelpers::setSamplingFlag):
+ (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
+ * dfg/DFGAssemblyHelpers.h: Added.
+ * dfg/DFGJITCompiler.cpp:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::JITCompiler):
+ (JSC::DFG::JITCompiler::graph):
+ * dfg/DFGJITCompiler32_64.cpp:
+ * dfg/DFGOSRExit.h: Added.
+ (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
+ (JSC::DFG::SpeculationRecovery::type):
+ (JSC::DFG::SpeculationRecovery::dest):
+ (JSC::DFG::SpeculationRecovery::src):
+ (JSC::DFG::OSRExit::numberOfRecoveries):
+ (JSC::DFG::OSRExit::valueRecovery):
+ (JSC::DFG::OSRExit::isArgument):
+ (JSC::DFG::OSRExit::isVariable):
+ (JSC::DFG::OSRExit::argumentForIndex):
+ (JSC::DFG::OSRExit::variableForIndex):
+ (JSC::DFG::OSRExit::operandForArgument):
+ (JSC::DFG::OSRExit::operandForIndex):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-11-07 Filip Pizlo <fpizlo@apple.com>
+
+ Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
+ but it appears to help on other benchmarks.
+
+ Rubber stamped by Oliver Hunt.
+
+ * bytecode/ValueProfile.h:
+
+2011-11-07 Ariya Hidayat <ariya@sencha.com>
+
+ "use strict" can not contain escape sequences or line continuation
+ https://bugs.webkit.org/show_bug.cgi?id=71532
+
+ Reviewed by Darin Adler.
+
+ Store the actual literal length (before the escapes and line
+ continuation are encoded) while parsing the directive and use it
+ for the directive comparison.
+
+ * parser/Parser.cpp:
+ (JSC::Parser::parseSourceElements):
+ (JSC::Parser::parseStatement):
+ * parser/Parser.h:
+
+2011-11-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG operationCreateThis slow path may get the wrong callee in case of inlining
+ https://bugs.webkit.org/show_bug.cgi?id=71647
+
+ Reviewed by Oliver Hunt.
+
+ No new tests because I only saw this manifest itself when I had other bugs
+ leading to spurious slow path executions.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::putWithAttributes
+ https://bugs.webkit.org/show_bug.cgi?id=71716
+
+ Reviewed by Darin Adler.
+
+ Added putWithAttributes to the MethodTable, changed all the virtual
+ implementations of putWithAttributes to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectSetProperty):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::putWithAttributes):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ * runtime/ClassInfo.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::putWithAttributes):
+ * runtime/JSActivation.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::putWithAttributes):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::putWithAttributes):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putWithAttributes):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::putWithAttributes):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::putWithAttributes):
+ * runtime/JSVariableObject.h:
+
+2011-11-07 Dmitry Lomov <dslomov@google.com>
+
+ Unreviewed. Release build fix.
+
+ * parser/Lexer.cpp:
+ (JSC::assertCharIsIn8BitRange):
+
+2011-11-07 Filip Pizlo <fpizlo@apple.com>
+
+ Switch the value profiler back to 8 buckets, because we suspect that while this
+ is more expensive it's also more stable.
+
+ Rubber stamped by Geoff Garen.
+
+ * bytecode/ValueProfile.h:
+
+2011-11-07 Andrew Wason <rectalogic@rectalogic.com>
+
+ Uninitialized Heap member var
+ https://bugs.webkit.org/show_bug.cgi?id=71722
+
+ Reviewed by Filip Pizlo.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
+
+2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
+ https://bugs.webkit.org/show_bug.cgi?id=71684
+
+ Reviewed by Filip Pizlo.
+
+ Currently in DFG JIT, we try to reuse the physical register of an
+ operand for temporary usage if the current use of the operand is the
+ last use. But sometimes this can be wrong, for example if there are
+ possible speculation failures and we need to fallback to baseline JIT,
+ the value of the operand which is supposed to be hold in the physical
+ register can be modified by register reusing. The fixes the last
+ inspector failures in layout test on Mac 32-bit if switching on DFG.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-07 Ryosuke Niwa <rniwa@webkit.org>
+
+ REGRESSION(r99436): Broke Snow Leopard debug build
+ https://bugs.webkit.org/show_bug.cgi?id=71713
+
+ Reviewed by Darin Adler.
+
+ Put the assertion in a template and use template specialization
+ to avoid warning when instantiated with UChar or LChar.
+
+ In the long term, we should have traits for unsigned integral types
+ and use that to specialize template instead of specializing it for UChar and LChar.
+
+ * parser/Lexer.cpp:
+ (JSC::assertCharIsIn8BitRange):
+ (JSC::::append8):
+
+2011-11-07 ChangSeok Oh <shivamidow@gmail.com>
+
+ [EFL] Support requestAnimationFrame API
+ https://bugs.webkit.org/show_bug.cgi?id=67112
+
+ Reviewed by Andreas Kling.
+
+ Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
+
+ * wtf/Platform.h:
+
+2011-11-07 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
+ https://bugs.webkit.org/show_bug.cgi?id=71331
+
+ Change the Lexer class to be a template class based on the character
+ type of the source. In the process updated the parseIdentifier()
+ and parseString() methods to create 8 bit strings where possible.
+ Also added some helper methods for accumulating temporary string
+ data in the 8 and 16 bit vectors.
+
+ Changed the SourceProvider::data() virtual method to return a
+ StringImpl* instead of a UChar*.
+
+ Updated the KeywordLookup generator to create code to match keywords
+ for both 8 and 16 bit source strings.
+
+ Due to a compiler bug (<rdar://problem/10194295>) moved enum
+ definition outside of Lexer class declaration. Remove second enum
+ no longer needed.
+
+ Reviewed by Darin Adler.
+
+ * KeywordLookupGenerator.py:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ * parser/Lexer.cpp:
+ (JSC::::Lexer):
+ (JSC::::~Lexer):
+ (JSC::::getInvalidCharMessage):
+ (JSC::::currentCharacter):
+ (JSC::::setCode):
+ (JSC::::internalShift):
+ (JSC::::shift):
+ (JSC::::peek):
+ (JSC::::getUnicodeCharacter):
+ (JSC::::shiftLineTerminator):
+ (JSC::::lastTokenWasRestrKeyword):
+ (JSC::::record8):
+ (JSC::::append8):
+ (JSC::::append16):
+ (JSC::::record16):
+ (JSC::::parseIdentifier):
+ (JSC::::parseIdentifierSlowCase):
+ (JSC::::parseString):
+ (JSC::::parseStringSlowCase):
+ (JSC::::parseHex):
+ (JSC::::parseOctal):
+ (JSC::::parseDecimal):
+ (JSC::::parseNumberAfterDecimalPoint):
+ (JSC::::parseNumberAfterExponentIndicator):
+ (JSC::::parseMultilineComment):
+ (JSC::::nextTokenIsColon):
+ (JSC::::lex):
+ (JSC::::scanRegExp):
+ (JSC::::skipRegExp):
+ (JSC::::clear):
+ (JSC::::sourceCode):
+ * parser/Lexer.h:
+ (JSC::Lexer::append16):
+ (JSC::Lexer::currentOffset):
+ (JSC::Lexer::setOffsetFromCharOffset):
+ (JSC::::isWhiteSpace):
+ (JSC::::isLineTerminator):
+ (JSC::::convertHex):
+ (JSC::::convertUnicode):
+ (JSC::::makeIdentifier):
+ (JSC::::setCodeStart):
+ (JSC::::makeIdentifierLCharFromUChar):
+ (JSC::::lexExpectIdentifier):
+ * parser/Parser.cpp:
+ (JSC::Parser::Parser):
+ (JSC::Parser::parseProperty):
+ (JSC::Parser::parseMemberExpression):
+ * parser/Parser.h:
+ (JSC::Parser::next):
+ (JSC::Parser::nextExpectIdentifier):
+ * parser/ParserArena.h:
+ (JSC::IdentifierArena::makeIdentifier):
+ (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
+ * parser/SourceCode.h:
+ (JSC::SourceCode::subExpression):
+ * parser/SourceProvider.h:
+ (JSC::UStringSourceProvider::stringData):
+ * parser/SourceProviderCache.h:
+ * parser/SyntaxChecker.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::insertSemicolonIfNeeded):
+ * runtime/Identifier.cpp:
+ (JSC::IdentifierTable::add):
+ (JSC::IdentifierLCharFromUCharTranslator::hash):
+ (JSC::IdentifierLCharFromUCharTranslator::equal):
+ (JSC::IdentifierLCharFromUCharTranslator::translate):
+ (JSC::Identifier::add8):
+ * runtime/Identifier.h:
+ (JSC::Identifier::Identifier):
+ (JSC::Identifier::createLCharFromUChar):
+ (JSC::Identifier::canUseSingleCharacterString):
+ (JSC::IdentifierCharBufferTranslator::hash):
+ (JSC::IdentifierCharBufferTranslator::equal):
+ (JSC::IdentifierCharBufferTranslator::translate):
+ (JSC::Identifier::add):
+ (JSC::Identifier::equal):
+ (JSC::IdentifierTable::add):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::decode):
+ (JSC::parseIntOverflow):
+ (JSC::globalFuncUnescape):
+ * runtime/JSGlobalObjectFunctions.h:
+ (JSC::parseIntOverflow):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+ (JSC::LiteralParser::Lexer::lexString):
+ * wtf/text/StringImpl.h:
+
+2011-11-07 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
+
+ Allows us to not package up the whole Source/JavaScriptCore directory for the
+ buildbots.
+
+ Reviewed-by Simon Hausmann.
+
+ * jsc.pro:
+
+2011-11-06 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
+ to initializeMainThread, and crashes
+ https://bugs.webkit.org/show_bug.cgi?id=71643
+
+ Reviewed by Sam Weinig.
+
+ * jsc.cpp:
+ (main):
+
+2011-11-06 Sam Weinig <sam@webkit.org>
+
+ Add space missing from some class declarations
+ https://bugs.webkit.org/show_bug.cgi?id=71632
+
+ Reviewed by Anders Carlsson.
+
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * bytecode/CodeBlock.h:
+ * dfg/DFGVariableAccessData.h:
+ * heap/VTableSpectrum.h:
+ * jit/ExecutableAllocator.cpp:
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ * wtf/MetaAllocatorHandle.h:
+ * wtf/UnionFind.h:
+
+2011-11-06 Sam Weinig <sam@webkit.org>
+
+ Allow use of FINAL in JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=71630
+
+ Reviewed by Anders Carlsson.
+
+ * Configurations/Base.xcconfig:
+ Don't warn about C++11 extensions used in C++98 mode.
+
+2011-11-05 Filip Pizlo <fpizlo@apple.com>
+
+ Value profiling should just use two buckets
+ https://bugs.webkit.org/show_bug.cgi?id=71619
+
+ Reviewed by Gavin Barraclough.
+
+ Added one more configuration options (like Heuristics::minimumOptimizationDelay),
+ improved debugging in JIT optimization support, changed the number of buckets
+ in the value profile from 9 to 2, and wrote a more optimal value profiling path
+ in the old JIT to take advantage of this. It's still possible to play around with
+ larger numbers of buckets, and we should probably keep this for a little while
+ until we convince ourselves that using just two buckets is the right call.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shouldOptimizeNow):
+ * bytecode/ValueProfile.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-11-03 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should be able to sample itself in a more flexible way than just sampling flags
+ https://bugs.webkit.org/show_bug.cgi?id=71522
+
+ Reviewed by Gavin Barraclough.
+
+ Added a construct that looks like SamplingRegion samplingRegion("name").
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingRegion::Locker::Locker):
+ (JSC::SamplingRegion::Locker::~Locker):
+ (JSC::SamplingRegion::sample):
+ (JSC::SamplingRegion::dump):
+ (JSC::SamplingRegion::dumpInternal):
+ (JSC::SamplingThread::threadStartFunc):
+ * bytecode/SamplingTool.h:
+ (JSC::SamplingRegion::SamplingRegion):
+ (JSC::SamplingRegion::~SamplingRegion):
+ (JSC::SamplingRegion::exchangeCurrent):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ * heap/VTableSpectrum.cpp:
+ (JSC::VTableSpectrum::countVPtr):
+ (JSC::VTableSpectrum::dump):
+ * heap/VTableSpectrum.h:
+ * jsc.cpp:
+ (main):
+ (runWithScripts):
+ * parser/Parser.h:
+ (JSC::parse):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * wtf/Atomics.h:
+ (WTF::weakCompareAndSwap):
+ * wtf/Platform.h:
+ * wtf/Spectrum.h: Added.
+ (WTF::Spectrum::Spectrum):
+ (WTF::Spectrum::add):
+ (WTF::Spectrum::get):
+ (WTF::Spectrum::begin):
+ (WTF::Spectrum::end):
+ (WTF::Spectrum::KeyAndCount::KeyAndCount):
+ (WTF::Spectrum::KeyAndCount::operator<):
+ (WTF::Spectrum::buildList):
+ * wtf/wtf.pri:
+
+2011-11-05 Sam Weinig <sam@webkit.org>
+
+ Fix windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-04 Sam Weinig <sam@webkit.org>
+
+ Reduce the number of putWithAttributes
+ https://bugs.webkit.org/show_bug.cgi?id=71597
+
+ Reviewed by Adam Roben.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Remove exports of removed functions.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::putWithAttributes):
+ Calling the overload without the extra parameters does the same thing.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putWithAttributes):
+ * runtime/JSObject.h:
+ Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
+ two overloads not virtual, since no one overrides it.
+
+2011-11-04 Pratik Solanki <psolanki@apple.com>
+
+ sqrtDouble and andnotDouble should be declared noreturn
+ https://bugs.webkit.org/show_bug.cgi?id=71592
+
+ Reviewed by Sam Weinig.
+
+ * assembler/MacroAssemblerARMv7.h:
+
+2011-11-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::hasInstance
+ https://bugs.webkit.org/show_bug.cgi?id=71430
+
+ Reviewed by Darin Adler.
+
+ Added hasInstance to the MethodTable, changed all the virtual
+ implementations of hasInstance to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::hasInstance):
+ * API/JSValueRef.cpp:
+ (JSValueIsInstanceOfConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::hasInstance):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasInstance):
+ * runtime/JSObject.h:
+
+2011-11-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Refactor and clean up the qmake build system
+
+ The qmake build system has accumulated a bit of cruft and redundancy
+ over time. There's also a fairly tight coupling between how to build
+ the various targets, and _what_ to build, making it harder to add new
+ rules or sources. This patch aims to elevate these issues somewhat.
+
+ This is a short-list of the changes:
+
+ * The rules for how to build targets are now mostly contained as
+ prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
+ allows us to do pre- and post-processing of each project file,
+ which helps to clean up the actual project files.
+
+ * Derived sources are no longer generated as a separate make-step
+ but is part of each target's project file as a subdir. Makefile
+ rules are used to ensure that we run make on the derived sources
+ before running qmake on the actual target makefile. This makes
+ it easier to keep a proper dependency between derived sources
+ and the target.
+
+ * We use GNU make and the compiler to generate dependencies on
+ UNIX-based systems running Qt 5. This allows us to lessen the
+ need to run qmake, which should reduce compile time.
+
+ * WebKit2 is now build by default if building with Qt 5. It can
+ be disabled by passing --no-webkit2 to build-webkit.
+
+ The result of these changes are hopefully a cleaner and easier
+ build system to modify, and faster build times due to no longer
+ running qmake on every single build. It's also a first step
+ towards possibly generating the list of sources using another
+ build system.
+
+ https://bugs.webkit.org/show_bug.cgi?id=71222
+
+ Reviewed by Simon Hausmann.
+
+ * DerivedSources.pri: Added.
+ * DerivedSources.pro: Removed.
+ * JavaScriptCore.pro:
+ * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
+ * headers.pri: Removed.
+ * jsc.pro:
+ * wtf/wtf.pri:
+ * yarr/yarr.pri:
+
+2011-11-04 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ More code clean-up in DFG 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=71540
+
+ Remove unnecessary code duplications, and fix compilation warnings.
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::emitCount):
+ (JSC::DFG::JITCompiler::setSamplingFlag):
+ (JSC::DFG::JITCompiler::clearSamplingFlag):
+ (JSC::DFG::JITCompiler::jitAssertIsCell):
+ * dfg/DFGJITCompiler32_64.cpp:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-04 Csaba Osztrogonác <ossy@webkit.org>
+
+ De-virtualize JSObject::hasInstance
+ https://bugs.webkit.org/show_bug.cgi?id=71430
+
+ Unreviewed rolling out r99238, because it made a test crash on all platform.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::hasInstance):
+ * API/JSValueRef.cpp:
+ (JSValueIsInstanceOfConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasInstance):
+ * runtime/JSObject.h:
+
+2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::getPropertyNames
+ https://bugs.webkit.org/show_bug.cgi?id=71306
+
+ Reviewed by Darin Adler.
+
+ Added getPropertyNames to the MethodTable, changed all the virtual
+ implementations of getPropertyNames to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectCopyPropertyNames):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertyNames):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getPropertyNames):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPropertyNames):
+ (JSC::JSObject::getOwnPropertyNames):
+ * runtime/JSObject.h:
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::print):
+ * runtime/Structure.cpp:
+ (JSC::Structure::getPropertyNamesFromStructure):
+ * runtime/Structure.h:
+
+2011-11-03 Darin Adler <darin@apple.com>
+
+ Change remaining callers of releaseRef to call leakRef
+ https://bugs.webkit.org/show_bug.cgi?id=71422
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
+
+2011-11-02 Darin Adler <darin@apple.com>
+
+ Change remaining callers of releaseRef to call leakRef
+ https://bugs.webkit.org/show_bug.cgi?id=71422
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
+
+2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::hasInstance
+ https://bugs.webkit.org/show_bug.cgi?id=71430
+
+ Reviewed by Darin Adler.
+
+ Added hasInstance to the MethodTable, changed all the virtual
+ implementations of hasInstance to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::hasInstance):
+ * API/JSValueRef.cpp:
+ (JSValueIsInstanceOfConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::hasInstance):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasInstance):
+ * runtime/JSObject.h:
+
+2011-11-03 Filip Pizlo <fpizlo@apple.com>
+
+ JIT-specific code should be able to refer to register types even on JIT-disabled builds
+ https://bugs.webkit.org/show_bug.cgi?id=71498
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssembler.h:
+ (MacroAssembler::MacroAssembler):
+
+2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::className
+ https://bugs.webkit.org/show_bug.cgi?id=71428
+
+ Reviewed by Sam Weinig.
+
+ Added className to the MethodTable, changed all the virtual
+ implementations of className to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::className):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::className):
+ * debugger/DebuggerActivation.h:
+ * jsc.cpp:
+ (GlobalObject::createStructure):
+ * profiler/Profiler.cpp:
+ (JSC::Profiler::createCallIdentifier):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::className):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::className):
+ * runtime/JSObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncToString):
+ * testRegExp.cpp:
+ (GlobalObject::createStructure):
+
+2011-11-02 Jer Noble <jer.noble@apple.com>
+
+ Add Clock class and platform-specific implementations.
+ https://bugs.webkit.org/show_bug.cgi?id=71341
+
+ Reviewed by Sam Weinig.
+
+ Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
+
+ * wtf/Platform.h:
+
+2011-11-03 Pavel Feldman <pfeldman@chromium.org>
+
+ Not reviewed: fixing win build. step2.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-03 Pavel Feldman <pfeldman@chromium.org>
+
+ Not reviewed: fix windows build, step1
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-03 Pavel Feldman <pfeldman@google.com>
+
+ Web Inspector: preserve script location for inline handlers.
+ https://bugs.webkit.org/show_bug.cgi?id=71367
+
+ Makes SourceCode factories receive TextPosition instead of the line number;
+ Stores consistent position values in SourceCode and SourceProvider;
+
+ Reviewed by Yury Semikhatsky.
+
+ * API/JSBase.cpp:
+ (JSEvaluateScript):
+ (JSCheckScriptSyntax):
+ * API/JSObjectRef.cpp:
+ (JSObjectMakeFunction):
+ * parser/SourceCode.h:
+ (JSC::makeSource):
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider):
+ (JSC::SourceProvider::startPosition):
+ (JSC::UStringSourceProvider::create):
+ (JSC::UStringSourceProvider::UStringSourceProvider):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunction):
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/FunctionConstructor.h:
+
+2011-11-03 Kentaro Hara <haraken@chromium.org>
+
+ Fixed wrong implementation of doubleValue % 2^{64}.
+ https://bugs.webkit.org/show_bug.cgi?id=67980
+
+ Reviewed by Hajime Morita.
+
+ fast/events/constructors/progress-event-constructor.html was failing
+ because of the wrong implementation of conversion from an ECMAScript value
+ to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
+ In particular, the calculation of doubleValue % 2^{64} was wrong.
+ This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
+
+ * wtf/MathExtras.h:
+ (doubleToInteger): Implemented the spec correctly.
+
+2011-11-03 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r99089.
+ http://trac.webkit.org/changeset/99089
+ https://bugs.webkit.org/show_bug.cgi?id=71448
+
+ @plt postfix for math functions cause crash on Linux 32 (the
+ symbol is defined but it points to NULL) (Requested by
+ zherczeg on #webkit).
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ * jit/ThunkGenerators.cpp:
+
+2011-11-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG inlining breaks function.arguments[something] if the argument being
+ retrieved was subjected to DFG's unboxing optimizations
+ https://bugs.webkit.org/show_bug.cgi?id=71436
+
+ Reviewed by Oliver Hunt.
+
+ This makes inlined arguments retrieval use some of the same machinery as
+ OSR to determine where from, and how, to retrieve a value that the DFG
+ might have somehow squirreled away while the old JIT would put it in its
+ obvious location, using an obvious format.
+
+ To that end, previously DFG-internal notions such as DataFormat,
+ VirtualRegister, and ValueRecovery are now in bytecode/ since they are
+ stored as part of InlineCallFrames.
+
+ * bytecode/CodeOrigin.h:
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::inlineCallFrame):
+ * interpreter/Register.h:
+ (JSC::Register::asInlineCallFrame):
+ (JSC::Register::unboxedInt32):
+ (JSC::Register::unboxedBoolean):
+ (JSC::Register::unboxedCell):
+ * runtime/Arguments.h:
+ (JSC::Arguments::finishCreationAndCopyRegisters):
+
+2011-11-02 Filip Pizlo <fpizlo@apple.com>
+
+ ValueRecovery should be moved out of the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=71439
+
+ Reviewed by Oliver Hunt.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/DataFormat.h: Added.
+ (JSC::dataFormatToString):
+ (JSC::needDataFormatConversion):
+ (JSC::isJSFormat):
+ (JSC::isJSInteger):
+ (JSC::isJSDouble):
+ (JSC::isJSCell):
+ (JSC::isJSBoolean):
+ * bytecode/ValueRecovery.h: Added.
+ (JSC::ValueRecovery::ValueRecovery):
+ (JSC::ValueRecovery::alreadyInRegisterFile):
+ (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
+ (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
+ (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
+ (JSC::ValueRecovery::inGPR):
+ (JSC::ValueRecovery::inPair):
+ (JSC::ValueRecovery::inFPR):
+ (JSC::ValueRecovery::displacedInRegisterFile):
+ (JSC::ValueRecovery::constant):
+ (JSC::ValueRecovery::technique):
+ (JSC::ValueRecovery::isInRegisters):
+ (JSC::ValueRecovery::gpr):
+ (JSC::ValueRecovery::tagGPR):
+ (JSC::ValueRecovery::payloadGPR):
+ (JSC::ValueRecovery::fpr):
+ (JSC::ValueRecovery::virtualRegister):
+ (JSC::ValueRecovery::dump):
+ * bytecode/VirtualRegister.h: Added.
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::isJSFormat):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGVariableAccessData.h:
+
+2011-11-02 Sam Weinig <sam@webkit.org>
+
+ Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
+ https://bugs.webkit.org/show_bug.cgi?id=71333
+
+ Reviewed by Gavin Barraclough.
+
+ Tested by fast/dom/getter-on-window-object2.html
+
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::PropertyDescriptor::setDescriptor):
+ The attributes returned from Structure::get do not include Getter or Setter, so
+ instead check if the value is a GetterSetter like we do elsewhere. If it is, update
+ the descriptor's attributes accordingly.
+
+2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ FunctionPtr should accept FASTCALL functions on X86
+ https://bugs.webkit.org/show_bug.cgi?id=71434
+
+ Reviewed by Filip Pizlo.
+
+ On X86 we sometimes use FASTCALL convention functions, for example the
+ cti functions, and we may need the pointers to such functions, e.g.,
+ in current DFG register file check and arity check, though long term
+ we may avoid such usage of cti calls in DFG.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+
+2011-11-02 Filip Pizlo <fpizlo@apple.com>
+
+ Inlined uses of the global object should use the right global object
+ https://bugs.webkit.org/show_bug.cgi?id=71427
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::globalObjectFor):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove some unnecessary loads/stores in DFG JIT 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=71090
+
+ Reviewed by Filip Pizlo.
+
+ In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
+ be eliminated.
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+
+2011-11-02 Adam Klein <adamk@chromium.org>
+
+ Replace usage of StringImpl with String where possible in CharacterData and Text
+ https://bugs.webkit.org/show_bug.cgi?id=71383
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/WTFString.h:
+ (WTF::String::containsOnlyWhitespace): Added new method.
+
+2011-11-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::getOwnPropertyNames
+ https://bugs.webkit.org/show_bug.cgi?id=71307
+
+ Reviewed by Darin Adler.
+
+ Added getOwnPropertyNames to the MethodTable, changed all the virtual
+ implementations of getOwnPropertyNames to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertyNames):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertyNames):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertyNames):
+ * runtime/Arguments.h:
+ * runtime/ClassInfo.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::getOwnPropertyNames):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertyNames):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertyNames):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertyNames):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertyNames):
+ * runtime/JSFunction.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertyNames):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Holder::appendNextProperty):
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPropertyNames):
+ (JSC::JSObject::getOwnPropertyNames):
+ * runtime/JSObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::~JSVariableObject):
+ (JSC::JSVariableObject::getOwnPropertyNames):
+ * runtime/JSVariableObject.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetOwnPropertyNames):
+ (JSC::objectConstructorKeys):
+ (JSC::defineProperties):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertyNames):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertyNames):
+ * runtime/StringObject.h:
+ * runtime/Structure.h:
+
+2011-11-02 Dean Jackson <dino@apple.com>
+
+ Add ENABLE_CSS_SHADERS flag
+ https://bugs.webkit.org/show_bug.cgi?id=71394
+
+ Reviewed by Sam Weinig.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-11-02 Alexey Shabalin <a.shabalin@gmail.com>
+
+ TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
+ https://bugs.webkit.org/show_bug.cgi?id=70610
+
+ Reviewed by Martin Robinson.
+
+ Properly annotate ASM on BSD and Linux x86 systems.
+
+ * dfg/DFGOperations.cpp: Add annotation for X86.
+ * jit/JITStubs.cpp: Ditto.
+ * jit/ThunkGenerators.cpp: Ditto.
+
+2011-11-02 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
+ https://bugs.webkit.org/show_bug.cgi?id=71347
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::reallocate):
+
+2011-11-01 Darin Adler <darin@apple.com>
+
+ Cut down on malloc/free a bit in the parser arena
+ https://bugs.webkit.org/show_bug.cgi?id=71343
+
+ Reviewed by Oliver Hunt.
+
+ * parser/ParserArena.cpp:
+ (JSC::ParserArena::deallocateObjects): Call the destructors of
+ the deletable objects before freeing the pools. Don't call
+ fastFree on the deletable objects any more.
+
+ * parser/ParserArena.h:
+ (JSC::ParserArena::allocateDeletable): Use allocateFreeable
+ instead of fastMalloc here.
+
+2011-11-01 Sam Weinig <sam@webkit.org>
+
+ Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
+ https://bugs.webkit.org/show_bug.cgi?id=71336
+
+ Reviewed by Darin Adler.
+
+ * debugger/DebuggerActivation.cpp:
+ * debugger/DebuggerActivation.h:
+ Remove overrides of lookupGetter/lookupSetter, which are no longer needed
+ due to implementing getPropertyDescriptor.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::lookupGetter):
+ (JSC::JSObject::lookupSetter):
+ * runtime/JSObject.h:
+ De-virtualize lookupGetter/lookupSetter, and implement them in terms of
+ getPropertyDescriptor.
+
+2011-11-01 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::defineSetter
+ https://bugs.webkit.org/show_bug.cgi?id=71303
+
+ Reviewed by Darin Adler.
+
+ Added defineSetter to the MethodTable, changed all the virtual
+ implementations of defineSetter to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::defineSetter):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::defineSetter):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::defineSetter):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineSetter):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncDefineSetter):
+
+2011-11-01 Filip Pizlo <fpizlo@apple.com>
+
+ DFG inlining breaks function.arguments
+ https://bugs.webkit.org/show_bug.cgi?id=71329
+
+ Reviewed by Oliver Hunt.
+
+ The DFG was forgetting to store code origin mappings for inlined
+ call sites. Some of the fast-path optimizations for
+ CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
+ was wrong.
+
+ I also took the opportunity to decrease code duplication between
+ DFG64 and DFG32_64, because I didn't feel like writing the same
+ code twice.
+
+ * bytecode/CodeBlock.h:
+ (JSC::ExecState::isInlineCallFrame):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler32_64.cpp:
+ * dfg/DFGNode.h:
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ * runtime/Arguments.h:
+ (JSC::Arguments::getArgumentsData):
+
+2011-11-01 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ StringImpl::reallocate() should have a 8-bit version
+ https://bugs.webkit.org/show_bug.cgi?id=71210
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::reallocate):
+ * wtf/text/StringImpl.h:
+
+2011-10-31 Filip Pizlo <fpizlo@apple.com>
+
+ The GC should be parallel
+ https://bugs.webkit.org/show_bug.cgi?id=70995
+
+ Reviewed by Geoff Garen.
+
+ Added parallel tracing to the GC. This works by having local mark
+ stacks per thread, and a global shared one. Threads sometimes
+ donate cells from the mark stack to the global one if the heuristics
+ tell them that it's affordable to do so. Threads that have depleted
+ their local mark stacks try to steal some from the shared one.
+
+ Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
+
+ This is a 23% speed-up on V8-splay when I use 4 marking threads,
+ leading to a 3.5% speed-up on V8.
+
+ It also appears that this reduces GC pause times on real websites by
+ more than half.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::~Heap):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
+ (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
+ (JSC::MarkStackSegmentAllocator::allocate):
+ (JSC::MarkStackSegmentAllocator::release):
+ (JSC::MarkStackSegmentAllocator::shrinkReserve):
+ (JSC::MarkStackArray::MarkStackArray):
+ (JSC::MarkStackArray::~MarkStackArray):
+ (JSC::MarkStackArray::expand):
+ (JSC::MarkStackArray::refill):
+ (JSC::MarkStackArray::donateSomeCellsTo):
+ (JSC::MarkStackArray::stealSomeCellsFrom):
+ (JSC::MarkStackThreadSharedData::markingThreadMain):
+ (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
+ (JSC::MarkStackThreadSharedData::reset):
+ (JSC::MarkStack::reset):
+ (JSC::SlotVisitor::donateSlow):
+ (JSC::SlotVisitor::drain):
+ (JSC::SlotVisitor::drainFromShared):
+ (JSC::MarkStack::mergeOpaqueRoots):
+ (JSC::SlotVisitor::harvestWeakReferences):
+ * heap/MarkStack.h:
+ (JSC::MarkStackSegment::data):
+ (JSC::MarkStackSegment::capacityFromSize):
+ (JSC::MarkStackSegment::sizeFromCapacity):
+ (JSC::MarkStackArray::postIncTop):
+ (JSC::MarkStackArray::preDecTop):
+ (JSC::MarkStackArray::setTopForFullSegment):
+ (JSC::MarkStackArray::setTopForEmptySegment):
+ (JSC::MarkStackArray::top):
+ (JSC::MarkStackArray::validatePrevious):
+ (JSC::MarkStack::addWeakReferenceHarvester):
+ (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
+ (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::addOpaqueRoot):
+ (JSC::MarkStack::containsOpaqueRoot):
+ (JSC::MarkStack::opaqueRootCount):
+ (JSC::MarkStackArray::append):
+ (JSC::MarkStackArray::canRemoveLast):
+ (JSC::MarkStackArray::removeLast):
+ (JSC::MarkStackArray::isEmpty):
+ (JSC::MarkStackArray::canDonateSomeCells):
+ (JSC::MarkStackArray::size):
+ (JSC::ParallelModeEnabler::ParallelModeEnabler):
+ (JSC::ParallelModeEnabler::~ParallelModeEnabler):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::testAndSetMarked):
+ * heap/SlotVisitor.h:
+ (JSC::SlotVisitor::donate):
+ (JSC::SlotVisitor::donateAndDrain):
+ (JSC::SlotVisitor::donateKnownParallel):
+ (JSC::SlotVisitor::SlotVisitor):
+ * heap/WeakReferenceHarvester.h:
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+ * wtf/Atomics.h:
+ (WTF::weakCompareAndSwap):
+ * wtf/Bitmap.h:
+ (WTF::::Bitmap):
+ (WTF::::get):
+ (WTF::::set):
+ (WTF::::testAndSet):
+ (WTF::::testAndClear):
+ (WTF::::concurrentTestAndSet):
+ (WTF::::concurrentTestAndClear):
+ (WTF::::clear):
+ (WTF::::clearAll):
+ (WTF::::nextPossiblyUnset):
+ (WTF::::findRunOfZeros):
+ (WTF::::count):
+ (WTF::::isEmpty):
+ (WTF::::isFull):
+ * wtf/MainThread.h:
+ (WTF::isMainThreadOrGCThread):
+ * wtf/Platform.h:
+ * wtf/ThreadSpecific.h:
+ (WTF::::isSet):
+ * wtf/mac/MainThreadMac.mm:
+ (WTF::initializeGCThreads):
+ (WTF::initializeMainThreadPlatform):
+ (WTF::initializeMainThreadToProcessMainThreadPlatform):
+ (WTF::registerGCThread):
+ (WTF::isMainThreadOrGCThread):
+
+2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::defaultValue
+ https://bugs.webkit.org/show_bug.cgi?id=71146
+
+ Reviewed by Sam Weinig.
+
+ Added defaultValue to the MethodTable. Replaced all virtual versions of
+ defaultValue with static versions. Replaced all call sites with lookups in the
+ MethodTable.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ClassInfo.h:
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::defaultValue):
+ (JSC::TerminatedExecutionError::defaultValue):
+ * runtime/ExceptionHelpers.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::defaultValue):
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::defaultValue):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPrimitiveNumber):
+ (JSC::JSObject::defaultValue):
+ * runtime/JSObject.h:
+ (JSC::JSObject::toPrimitive):
+
+2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Interpreter build fix
+
+ Unreviewed build fix
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2011-10-31 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exits should add to value profiles
+ https://bugs.webkit.org/show_bug.cgi?id=71202
+
+ Reviewed by Oliver Hunt.
+
+ Value profiles now have an extra special slot not used by the old JIT's
+ profiling, which is reserved for OSR exits.
+
+ The DFG's OSR exit code now knows which register, node index, and value
+ profiling site was responsible for the (possibly flawed) information that
+ led to the OSR failure. This is somewhat opportunistic and imperfect;
+ if there's a lot of control flow between the value profiling site and the
+ OSR failure point, then this mechanism simply gives up. It also gives up
+ if the OSR failure is caused by either known deficiencies in the DFG
+ (like that we always assume that the index in a strict charCodeAt access
+ is within bounds) or where the OSR failure would be catalogues and
+ profiled through other means (like slow case counters).
+
+ This patch also adds the notion of a JSValueRegs, which is either a
+ single register in JSVALUE64 or a pair in JSVALUE32_64. We should
+ probably move the 32_64 DFG towards using this, since it often makes it
+ easier to share code between 64 and 32_64.
+
+ Also fixed a number of pathologies that this uncovered. op_method_check
+ didn't have a value profiling site on the slow path. GetById should not
+ always force OSR exit if it never executed in the old JIT; we may be
+ able to infer its type if it's a array or string length get. Finally,
+ these changes benefit from a slight tweak to optimization delay
+ heuristics (profile fullness is now 0.35 instead of 0.25).
+
+ 3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
+ and imaging-darkroom.
+
+ * bytecode/ValueProfile.cpp:
+ (JSC::ValueProfile::computeStatistics):
+ (JSC::ValueProfile::computeUpdatedPrediction):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::ValueProfile::specFailBucket):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::isLive):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfCells):
+ (JSC::ValueProfile::numberOfObjects):
+ (JSC::ValueProfile::numberOfFinalObjects):
+ (JSC::ValueProfile::numberOfStrings):
+ (JSC::ValueProfile::numberOfArrays):
+ (JSC::ValueProfile::numberOfBooleans):
+ (JSC::ValueProfile::dump):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGPRInfo.h:
+ (JSC::DFG::JSValueRegs::JSValueRegs):
+ (JSC::DFG::JSValueRegs::operator!):
+ (JSC::DFG::JSValueRegs::gpr):
+ (JSC::DFG::JSValueSource::JSValueSource):
+ (JSC::DFG::JSValueSource::unboxedCell):
+ (JSC::DFG::JSValueSource::operator!):
+ (JSC::DFG::JSValueSource::isAddress):
+ (JSC::DFG::JSValueSource::offset):
+ (JSC::DFG::JSValueSource::base):
+ (JSC::DFG::JSValueSource::gpr):
+ (JSC::DFG::JSValueSource::asAddress):
+ (JSC::DFG::JSValueSource::notAddress):
+ (JSC::DFG::JSValueRegs::tagGPR):
+ (JSC::DFG::JSValueRegs::payloadGPR):
+ (JSC::DFG::JSValueSource::tagGPR):
+ (JSC::DFG::JSValueSource::payloadGPR):
+ (JSC::DFG::JSValueSource::hasKnownTag):
+ (JSC::DFG::JSValueSource::tag):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::jsValueRegs):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueProfileFor):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::JSValueOperand::jsValueRegs):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::valueProfileFor):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitSlow_op_method_check):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emitSlow_op_method_check):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/JSValue.h:
+
+2011-10-31 Sam Weinig <sam@webkit.org>
+
+ Remove need for virtual JSObject::unwrappedObject
+ https://bugs.webkit.org/show_bug.cgi?id=71034
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.exp:
+ Update exports.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Add JSGlobalThis.cpp.
+
+ * runtime/JSGlobalThis.cpp: Added.
+ (JSC::JSGlobalThis::visitChildren):
+ (JSC::JSGlobalThis::unwrappedObject):
+ * runtime/JSGlobalThis.h:
+ (JSC::JSGlobalThis::createStructure):
+ Move underlying object from JSDOMWindowShell down to JSGlobalThis
+ and corresponding visitChildren method.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::unwrappedObject):
+ Change unwrappedObject from virtual, to just needing an if check.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::isGlobalThis):
+ * runtime/JSType.h:
+ Add isGlobalThis predicate and type.
+
+2011-10-31 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ WTF::StringImpl::create(const char*, unsigned) calls itself
+ https://bugs.webkit.org/show_bug.cgi?id=71206
+
+ The original implementation just calls itself, causing infinite recursion.
+ Cast the first parameter to const LChar* to fix that.
+
+ Reviewed by Ryosuke Niwa.
+
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::create):
+
+2011-10-31 Andy Wingo <wingo@igalia.com>
+
+ Fix DFG JIT compilation on Linux targets.
+ https://bugs.webkit.org/show_bug.cgi?id=70904
+
+ Reviewed by Darin Adler.
+
+ * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
+ macro.
+
+ * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
+ simplified definition from jit/JITStubs.cpp.
+ (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
+ Use the macro to access trampoline targets through the PLT on PIC
+ systems, instead of introducing a text relocation. Otherwise, the
+ library fails to link.
+
+2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::defineGetter
+ https://bugs.webkit.org/show_bug.cgi?id=71134
+
+ Reviewed by Darin Adler.
+
+ Added defineGetter to the MethodTable. Replaced all virtual versions of defineGetter
+ with static versions. Replaced all call sites with lookups in the MethodTable.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::defineGetter):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::defineGetter):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::defineGetter):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncDefineGetter):
+
+2011-10-31 Michael Saboff <msaboff@apple.com>
+
+ Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
+ https://bugs.webkit.org/show_bug.cgi?id=71138
+
+ Restructure and movement of Lexer and Parser code.
+ Moved Lexer and Parser objects out of JSGlobalData.
+ Added a new ParserTokens class and instance to JSGlobalData that
+ have JavaScript token related definitions.
+ Replaced JSGlobalData arguments to Node classes with lineNumber,
+ as that was the only use of the JSGlobalData.
+ Combined JSParser and Parser classes into one class,
+ eliminating JSParser.h and .cpp.
+ Various supporting #include changes.
+
+ These mostly mechanical changes are done in preparation to
+ making the Lexer and Parser template classes.
+
+ Reviewed by Darin Adler.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ArrayNode::toArgumentList):
+ (JSC::ApplyFunctionCallDotNode::emitBytecode):
+ * parser/ASTBuilder.h:
+ (JSC::ASTBuilder::ASTBuilder):
+ (JSC::ASTBuilder::createSourceElements):
+ (JSC::ASTBuilder::createCommaExpr):
+ (JSC::ASTBuilder::createLogicalNot):
+ (JSC::ASTBuilder::createUnaryPlus):
+ (JSC::ASTBuilder::createVoid):
+ (JSC::ASTBuilder::thisExpr):
+ (JSC::ASTBuilder::createResolve):
+ (JSC::ASTBuilder::createObjectLiteral):
+ (JSC::ASTBuilder::createArray):
+ (JSC::ASTBuilder::createNumberExpr):
+ (JSC::ASTBuilder::createString):
+ (JSC::ASTBuilder::createBoolean):
+ (JSC::ASTBuilder::createNull):
+ (JSC::ASTBuilder::createBracketAccess):
+ (JSC::ASTBuilder::createDotAccess):
+ (JSC::ASTBuilder::createRegExp):
+ (JSC::ASTBuilder::createNewExpr):
+ (JSC::ASTBuilder::createConditionalExpr):
+ (JSC::ASTBuilder::createAssignResolve):
+ (JSC::ASTBuilder::createFunctionExpr):
+ (JSC::ASTBuilder::createFunctionBody):
+ (JSC::ASTBuilder::createGetterOrSetterProperty):
+ (JSC::ASTBuilder::createArguments):
+ (JSC::ASTBuilder::createArgumentsList):
+ (JSC::ASTBuilder::createPropertyList):
+ (JSC::ASTBuilder::createElementList):
+ (JSC::ASTBuilder::createFormalParameterList):
+ (JSC::ASTBuilder::createClause):
+ (JSC::ASTBuilder::createClauseList):
+ (JSC::ASTBuilder::createFuncDeclStatement):
+ (JSC::ASTBuilder::createBlockStatement):
+ (JSC::ASTBuilder::createExprStatement):
+ (JSC::ASTBuilder::createIfStatement):
+ (JSC::ASTBuilder::createForLoop):
+ (JSC::ASTBuilder::createForInLoop):
+ (JSC::ASTBuilder::createEmptyStatement):
+ (JSC::ASTBuilder::createVarStatement):
+ (JSC::ASTBuilder::createReturnStatement):
+ (JSC::ASTBuilder::createBreakStatement):
+ (JSC::ASTBuilder::createContinueStatement):
+ (JSC::ASTBuilder::createTryStatement):
+ (JSC::ASTBuilder::createSwitchStatement):
+ (JSC::ASTBuilder::createWhileStatement):
+ (JSC::ASTBuilder::createDoWhileStatement):
+ (JSC::ASTBuilder::createLabelStatement):
+ (JSC::ASTBuilder::createWithStatement):
+ (JSC::ASTBuilder::createThrowStatement):
+ (JSC::ASTBuilder::createDebugger):
+ (JSC::ASTBuilder::createConstStatement):
+ (JSC::ASTBuilder::appendConstDecl):
+ (JSC::ASTBuilder::combineCommaNodes):
+ (JSC::ASTBuilder::appendBinaryOperation):
+ (JSC::ASTBuilder::createAssignment):
+ (JSC::ASTBuilder::createNumber):
+ (JSC::ASTBuilder::makeTypeOfNode):
+ (JSC::ASTBuilder::makeDeleteNode):
+ (JSC::ASTBuilder::makeNegateNode):
+ (JSC::ASTBuilder::makeBitwiseNotNode):
+ (JSC::ASTBuilder::makeMultNode):
+ (JSC::ASTBuilder::makeDivNode):
+ (JSC::ASTBuilder::makeModNode):
+ (JSC::ASTBuilder::makeAddNode):
+ (JSC::ASTBuilder::makeSubNode):
+ (JSC::ASTBuilder::makeLeftShiftNode):
+ (JSC::ASTBuilder::makeRightShiftNode):
+ (JSC::ASTBuilder::makeURightShiftNode):
+ (JSC::ASTBuilder::makeBitOrNode):
+ (JSC::ASTBuilder::makeBitAndNode):
+ (JSC::ASTBuilder::makeBitXOrNode):
+ (JSC::ASTBuilder::makeFunctionCallNode):
+ (JSC::ASTBuilder::makeBinaryNode):
+ (JSC::ASTBuilder::makeAssignNode):
+ (JSC::ASTBuilder::makePrefixNode):
+ (JSC::ASTBuilder::makePostfixNode):
+ * parser/JSParser.cpp: Removed.
+ * parser/JSParser.h: Removed.
+ * parser/Lexer.cpp:
+ (JSC::Keywords::Keywords):
+ (JSC::Lexer::Lexer):
+ (JSC::Lexer::~Lexer):
+ (JSC::Lexer::setCode):
+ (JSC::Lexer::parseIdentifier):
+ * parser/Lexer.h:
+ (JSC::Keywords::isKeyword):
+ (JSC::Keywords::getKeyword):
+ (JSC::Keywords::~Keywords):
+ (JSC::Lexer::setIsReparsing):
+ (JSC::Lexer::isReparsing):
+ (JSC::Lexer::lineNumber):
+ (JSC::Lexer::setLastLineNumber):
+ (JSC::Lexer::lastLineNumber):
+ (JSC::Lexer::prevTerminator):
+ (JSC::Lexer::sawError):
+ (JSC::Lexer::getErrorMessage):
+ (JSC::Lexer::currentOffset):
+ (JSC::Lexer::setOffset):
+ (JSC::Lexer::setLineNumber):
+ (JSC::Lexer::sourceProvider):
+ (JSC::Lexer::isWhiteSpace):
+ (JSC::Lexer::isLineTerminator):
+ (JSC::Lexer::convertHex):
+ (JSC::Lexer::convertUnicode):
+ (JSC::Lexer::makeIdentifier):
+ (JSC::Lexer::lexExpectIdentifier):
+ * parser/NodeConstructors.h:
+ (JSC::ParserArenaFreeable::operator new):
+ (JSC::ParserArenaDeletable::operator new):
+ (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
+ (JSC::Node::Node):
+ (JSC::ExpressionNode::ExpressionNode):
+ (JSC::StatementNode::StatementNode):
+ (JSC::NullNode::NullNode):
+ (JSC::BooleanNode::BooleanNode):
+ (JSC::NumberNode::NumberNode):
+ (JSC::StringNode::StringNode):
+ (JSC::RegExpNode::RegExpNode):
+ (JSC::ThisNode::ThisNode):
+ (JSC::ResolveNode::ResolveNode):
+ (JSC::ElementNode::ElementNode):
+ (JSC::ArrayNode::ArrayNode):
+ (JSC::PropertyNode::PropertyNode):
+ (JSC::PropertyListNode::PropertyListNode):
+ (JSC::ObjectLiteralNode::ObjectLiteralNode):
+ (JSC::BracketAccessorNode::BracketAccessorNode):
+ (JSC::DotAccessorNode::DotAccessorNode):
+ (JSC::ArgumentListNode::ArgumentListNode):
+ (JSC::ArgumentsNode::ArgumentsNode):
+ (JSC::NewExprNode::NewExprNode):
+ (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
+ (JSC::FunctionCallValueNode::FunctionCallValueNode):
+ (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
+ (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
+ (JSC::FunctionCallDotNode::FunctionCallDotNode):
+ (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
+ (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
+ (JSC::PrePostResolveNode::PrePostResolveNode):
+ (JSC::PostfixResolveNode::PostfixResolveNode):
+ (JSC::PostfixBracketNode::PostfixBracketNode):
+ (JSC::PostfixDotNode::PostfixDotNode):
+ (JSC::PostfixErrorNode::PostfixErrorNode):
+ (JSC::DeleteResolveNode::DeleteResolveNode):
+ (JSC::DeleteBracketNode::DeleteBracketNode):
+ (JSC::DeleteDotNode::DeleteDotNode):
+ (JSC::DeleteValueNode::DeleteValueNode):
+ (JSC::VoidNode::VoidNode):
+ (JSC::TypeOfResolveNode::TypeOfResolveNode):
+ (JSC::TypeOfValueNode::TypeOfValueNode):
+ (JSC::PrefixResolveNode::PrefixResolveNode):
+ (JSC::PrefixBracketNode::PrefixBracketNode):
+ (JSC::PrefixDotNode::PrefixDotNode):
+ (JSC::PrefixErrorNode::PrefixErrorNode):
+ (JSC::UnaryOpNode::UnaryOpNode):
+ (JSC::UnaryPlusNode::UnaryPlusNode):
+ (JSC::NegateNode::NegateNode):
+ (JSC::BitwiseNotNode::BitwiseNotNode):
+ (JSC::LogicalNotNode::LogicalNotNode):
+ (JSC::BinaryOpNode::BinaryOpNode):
+ (JSC::MultNode::MultNode):
+ (JSC::DivNode::DivNode):
+ (JSC::ModNode::ModNode):
+ (JSC::AddNode::AddNode):
+ (JSC::SubNode::SubNode):
+ (JSC::LeftShiftNode::LeftShiftNode):
+ (JSC::RightShiftNode::RightShiftNode):
+ (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
+ (JSC::LessNode::LessNode):
+ (JSC::GreaterNode::GreaterNode):
+ (JSC::LessEqNode::LessEqNode):
+ (JSC::GreaterEqNode::GreaterEqNode):
+ (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
+ (JSC::InstanceOfNode::InstanceOfNode):
+ (JSC::InNode::InNode):
+ (JSC::EqualNode::EqualNode):
+ (JSC::NotEqualNode::NotEqualNode):
+ (JSC::StrictEqualNode::StrictEqualNode):
+ (JSC::NotStrictEqualNode::NotStrictEqualNode):
+ (JSC::BitAndNode::BitAndNode):
+ (JSC::BitOrNode::BitOrNode):
+ (JSC::BitXOrNode::BitXOrNode):
+ (JSC::LogicalOpNode::LogicalOpNode):
+ (JSC::ConditionalNode::ConditionalNode):
+ (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
+ (JSC::AssignResolveNode::AssignResolveNode):
+ (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
+ (JSC::AssignBracketNode::AssignBracketNode):
+ (JSC::AssignDotNode::AssignDotNode):
+ (JSC::ReadModifyDotNode::ReadModifyDotNode):
+ (JSC::AssignErrorNode::AssignErrorNode):
+ (JSC::CommaNode::CommaNode):
+ (JSC::ConstStatementNode::ConstStatementNode):
+ (JSC::SourceElements::SourceElements):
+ (JSC::EmptyStatementNode::EmptyStatementNode):
+ (JSC::DebuggerStatementNode::DebuggerStatementNode):
+ (JSC::ExprStatementNode::ExprStatementNode):
+ (JSC::VarStatementNode::VarStatementNode):
+ (JSC::IfNode::IfNode):
+ (JSC::IfElseNode::IfElseNode):
+ (JSC::DoWhileNode::DoWhileNode):
+ (JSC::WhileNode::WhileNode):
+ (JSC::ForNode::ForNode):
+ (JSC::ContinueNode::ContinueNode):
+ (JSC::BreakNode::BreakNode):
+ (JSC::ReturnNode::ReturnNode):
+ (JSC::WithNode::WithNode):
+ (JSC::LabelNode::LabelNode):
+ (JSC::ThrowNode::ThrowNode):
+ (JSC::TryNode::TryNode):
+ (JSC::ParameterNode::ParameterNode):
+ (JSC::FuncExprNode::FuncExprNode):
+ (JSC::FuncDeclNode::FuncDeclNode):
+ (JSC::CaseClauseNode::CaseClauseNode):
+ (JSC::ClauseListNode::ClauseListNode):
+ (JSC::CaseBlockNode::CaseBlockNode):
+ (JSC::SwitchNode::SwitchNode):
+ (JSC::ConstDeclNode::ConstDeclNode):
+ (JSC::BlockNode::BlockNode):
+ (JSC::ForInNode::ForInNode):
+ * parser/NodeInfo.h:
+ * parser/Nodes.cpp:
+ (JSC::StatementNode::setLoc):
+ (JSC::ScopeNode::ScopeNode):
+ (JSC::ProgramNode::ProgramNode):
+ (JSC::ProgramNode::create):
+ (JSC::EvalNode::EvalNode):
+ (JSC::EvalNode::create):
+ (JSC::FunctionBodyNode::FunctionBodyNode):
+ (JSC::FunctionBodyNode::create):
+ * parser/Nodes.h:
+ (JSC::Node::lineNo):
+ * parser/Parser.cpp:
+ (JSC::Parser::Parser):
+ (JSC::Parser::~Parser):
+ (JSC::Parser::parseInner):
+ (JSC::Parser::allowAutomaticSemicolon):
+ (JSC::Parser::parseSourceElements):
+ (JSC::Parser::parseVarDeclaration):
+ (JSC::Parser::parseConstDeclaration):
+ (JSC::Parser::parseDoWhileStatement):
+ (JSC::Parser::parseWhileStatement):
+ (JSC::Parser::parseVarDeclarationList):
+ (JSC::Parser::parseConstDeclarationList):
+ (JSC::Parser::parseForStatement):
+ (JSC::Parser::parseBreakStatement):
+ (JSC::Parser::parseContinueStatement):
+ (JSC::Parser::parseReturnStatement):
+ (JSC::Parser::parseThrowStatement):
+ (JSC::Parser::parseWithStatement):
+ (JSC::Parser::parseSwitchStatement):
+ (JSC::Parser::parseSwitchClauses):
+ (JSC::Parser::parseSwitchDefaultClause):
+ (JSC::Parser::parseTryStatement):
+ (JSC::Parser::parseDebuggerStatement):
+ (JSC::Parser::parseBlockStatement):
+ (JSC::Parser::parseStatement):
+ (JSC::Parser::parseFormalParameters):
+ (JSC::Parser::parseFunctionBody):
+ (JSC::Parser::parseFunctionInfo):
+ (JSC::Parser::parseFunctionDeclaration):
+ (JSC::LabelInfo::LabelInfo):
+ (JSC::Parser::parseExpressionOrLabelStatement):
+ (JSC::Parser::parseExpressionStatement):
+ (JSC::Parser::parseIfStatement):
+ (JSC::Parser::parseExpression):
+ (JSC::Parser::parseAssignmentExpression):
+ (JSC::Parser::parseConditionalExpression):
+ (JSC::isUnaryOp):
+ (JSC::Parser::isBinaryOperator):
+ (JSC::Parser::parseBinaryExpression):
+ (JSC::Parser::parseProperty):
+ (JSC::Parser::parseObjectLiteral):
+ (JSC::Parser::parseStrictObjectLiteral):
+ (JSC::Parser::parseArrayLiteral):
+ (JSC::Parser::parsePrimaryExpression):
+ (JSC::Parser::parseArguments):
+ (JSC::Parser::parseMemberExpression):
+ (JSC::Parser::parseUnaryExpression):
+ * parser/Parser.h:
+ (JSC::isEvalNode):
+ (JSC::EvalNode):
+ (JSC::DepthManager::DepthManager):
+ (JSC::DepthManager::~DepthManager):
+ (JSC::ScopeLabelInfo::ScopeLabelInfo):
+ (JSC::Scope::Scope):
+ (JSC::Scope::startSwitch):
+ (JSC::Scope::endSwitch):
+ (JSC::Scope::startLoop):
+ (JSC::Scope::endLoop):
+ (JSC::Scope::inLoop):
+ (JSC::Scope::breakIsValid):
+ (JSC::Scope::continueIsValid):
+ (JSC::Scope::pushLabel):
+ (JSC::Scope::popLabel):
+ (JSC::Scope::getLabel):
+ (JSC::Scope::setIsFunction):
+ (JSC::Scope::isFunction):
+ (JSC::Scope::isFunctionBoundary):
+ (JSC::Scope::declareVariable):
+ (JSC::Scope::declareWrite):
+ (JSC::Scope::preventNewDecls):
+ (JSC::Scope::allowsNewDecls):
+ (JSC::Scope::declareParameter):
+ (JSC::Scope::useVariable):
+ (JSC::Scope::setNeedsFullActivation):
+ (JSC::Scope::collectFreeVariables):
+ (JSC::Scope::getUncapturedWrittenVariables):
+ (JSC::Scope::getCapturedVariables):
+ (JSC::Scope::setStrictMode):
+ (JSC::Scope::strictMode):
+ (JSC::Scope::isValidStrictMode):
+ (JSC::Scope::shadowsArguments):
+ (JSC::Scope::copyCapturedVariablesToVector):
+ (JSC::Scope::saveFunctionInfo):
+ (JSC::Scope::restoreFunctionInfo):
+ (JSC::ScopeRef::ScopeRef):
+ (JSC::ScopeRef::operator->):
+ (JSC::ScopeRef::index):
+ (JSC::ScopeRef::hasContainingScope):
+ (JSC::ScopeRef::containingScope):
+ (JSC::Parser::AllowInOverride::AllowInOverride):
+ (JSC::Parser::AllowInOverride::~AllowInOverride):
+ (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
+ (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
+ (JSC::Parser::AutoPopScopeRef::setPopped):
+ (JSC::Parser::currentScope):
+ (JSC::Parser::pushScope):
+ (JSC::Parser::popScopeInternal):
+ (JSC::Parser::popScope):
+ (JSC::Parser::declareVariable):
+ (JSC::Parser::declareWrite):
+ (JSC::Parser::findCachedFunctionInfo):
+ (JSC::Parser::isFunctionBodyNode):
+ (JSC::Parser::next):
+ (JSC::Parser::nextExpectIdentifier):
+ (JSC::Parser::nextTokenIsColon):
+ (JSC::Parser::consume):
+ (JSC::Parser::getToken):
+ (JSC::Parser::match):
+ (JSC::Parser::tokenStart):
+ (JSC::Parser::tokenLine):
+ (JSC::Parser::tokenEnd):
+ (JSC::Parser::getTokenName):
+ (JSC::Parser::updateErrorMessageSpecialCase):
+ (JSC::Parser::updateErrorMessage):
+ (JSC::Parser::updateErrorWithNameAndMessage):
+ (JSC::Parser::startLoop):
+ (JSC::Parser::endLoop):
+ (JSC::Parser::startSwitch):
+ (JSC::Parser::endSwitch):
+ (JSC::Parser::setStrictMode):
+ (JSC::Parser::strictMode):
+ (JSC::Parser::isValidStrictMode):
+ (JSC::Parser::declareParameter):
+ (JSC::Parser::breakIsValid):
+ (JSC::Parser::continueIsValid):
+ (JSC::Parser::pushLabel):
+ (JSC::Parser::popLabel):
+ (JSC::Parser::getLabel):
+ (JSC::Parser::autoSemiColon):
+ (JSC::Parser::canRecurse):
+ (JSC::Parser::lastTokenEnd):
+ (JSC::Parser::DepthManager::DepthManager):
+ (JSC::Parser::DepthManager::~DepthManager):
+ (JSC::Parser::parse):
+ (JSC::parse):
+ * parser/ParserTokens.h: Added.
+ (JSC::JSTokenInfo::JSTokenInfo):
+ * parser/SourceCode.h:
+ (JSC::SourceCode::subExpression):
+ * parser/SourceProviderCacheItem.h:
+ * parser/SyntaxChecker.h:
+ (JSC::SyntaxChecker::SyntaxChecker):
+ (JSC::SyntaxChecker::makeFunctionCallNode):
+ (JSC::SyntaxChecker::createCommaExpr):
+ (JSC::SyntaxChecker::makeAssignNode):
+ (JSC::SyntaxChecker::makePrefixNode):
+ (JSC::SyntaxChecker::makePostfixNode):
+ (JSC::SyntaxChecker::makeTypeOfNode):
+ (JSC::SyntaxChecker::makeDeleteNode):
+ (JSC::SyntaxChecker::makeNegateNode):
+ (JSC::SyntaxChecker::makeBitwiseNotNode):
+ (JSC::SyntaxChecker::createLogicalNot):
+ (JSC::SyntaxChecker::createUnaryPlus):
+ (JSC::SyntaxChecker::createVoid):
+ (JSC::SyntaxChecker::thisExpr):
+ (JSC::SyntaxChecker::createResolve):
+ (JSC::SyntaxChecker::createObjectLiteral):
+ (JSC::SyntaxChecker::createArray):
+ (JSC::SyntaxChecker::createNumberExpr):
+ (JSC::SyntaxChecker::createString):
+ (JSC::SyntaxChecker::createBoolean):
+ (JSC::SyntaxChecker::createNull):
+ (JSC::SyntaxChecker::createBracketAccess):
+ (JSC::SyntaxChecker::createDotAccess):
+ (JSC::SyntaxChecker::createRegExp):
+ (JSC::SyntaxChecker::createNewExpr):
+ (JSC::SyntaxChecker::createConditionalExpr):
+ (JSC::SyntaxChecker::createAssignResolve):
+ (JSC::SyntaxChecker::createFunctionExpr):
+ (JSC::SyntaxChecker::createFunctionBody):
+ (JSC::SyntaxChecker::createArguments):
+ (JSC::SyntaxChecker::createArgumentsList):
+ (JSC::SyntaxChecker::createProperty):
+ (JSC::SyntaxChecker::createPropertyList):
+ (JSC::SyntaxChecker::createFuncDeclStatement):
+ (JSC::SyntaxChecker::createBlockStatement):
+ (JSC::SyntaxChecker::createExprStatement):
+ (JSC::SyntaxChecker::createIfStatement):
+ (JSC::SyntaxChecker::createForLoop):
+ (JSC::SyntaxChecker::createForInLoop):
+ (JSC::SyntaxChecker::createEmptyStatement):
+ (JSC::SyntaxChecker::createVarStatement):
+ (JSC::SyntaxChecker::createReturnStatement):
+ (JSC::SyntaxChecker::createBreakStatement):
+ (JSC::SyntaxChecker::createContinueStatement):
+ (JSC::SyntaxChecker::createTryStatement):
+ (JSC::SyntaxChecker::createSwitchStatement):
+ (JSC::SyntaxChecker::createWhileStatement):
+ (JSC::SyntaxChecker::createWithStatement):
+ (JSC::SyntaxChecker::createDoWhileStatement):
+ (JSC::SyntaxChecker::createLabelStatement):
+ (JSC::SyntaxChecker::createThrowStatement):
+ (JSC::SyntaxChecker::createDebugger):
+ (JSC::SyntaxChecker::createConstStatement):
+ (JSC::SyntaxChecker::appendConstDecl):
+ (JSC::SyntaxChecker::createGetterOrSetterProperty):
+ (JSC::SyntaxChecker::combineCommaNodes):
+ (JSC::SyntaxChecker::operatorStackPop):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::checkSyntax):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ (JSC::FunctionExecutable::fromGlobalCode):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+
+2011-10-31 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
+ https://bugs.webkit.org/show_bug.cgi?id=71227
+
+ Reviewed by Oliver Hunt.
+
+ No new tests, since while I can see exactly where the DFG went wrong on the
+ site in question from looking at the generated machine code, and while I can
+ certainly believe that such a scenario would happen, I cannot visualize how
+ to make it happen reproducibly. It requires an odd combination of double
+ values getting spilled and then refilled, but then reboxed at just the right
+ time so that the spilled value is an unboxed double while the in-register
+ value is a boxed double.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-30 Filip Pizlo <fpizlo@apple.com>
+
+ JSParser::parsePrimaryExpression should have an overflow check
+ https://bugs.webkit.org/show_bug.cgi?id=71197
+
+ Reviewed by Geoff Garen.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::parsePrimaryExpression):
+
+2011-10-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ValueAdd(string, int) should not fail speculation
+ https://bugs.webkit.org/show_bug.cgi?id=71195
+
+ Reviewed by Geoff Garen.
+
+ 1% speed-up on V8.
+
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldNotSpeculateInteger):
+ (JSC::DFG::Node::shouldSpeculateInteger):
+
+2011-10-30 Filip Pizlo <fpizlo@apple.com>
+
+ The DFG inliner should not flush the callee
+ https://bugs.webkit.org/show_bug.cgi?id=71191
+
+ Reviewed by Oliver Hunt.
+
+ 0.6% speed-up on V8.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeOrigin.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::flush):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrameSlow):
+
+2011-10-28 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
+ https://bugs.webkit.org/show_bug.cgi?id=70968
+
+ Reviewed by Geoffrey Garen.
+
+ * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
+ TypeInfo. Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that
+ needed it because Windows wouldn't build without it.
+ (JSC::::createStructure):
+ * API/JSCallbackObject.h:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure.
+ (JSC::ErrorInstance::createStructure):
+ * runtime/ErrorPrototype.h: Ditto
+ (JSC::ErrorPrototype::createStructure):
+ * runtime/JSActivation.h: Ditto
+ (JSC::JSActivation::createStructure):
+ * runtime/JSGlobalObject.h: Ditto
+ (JSC::JSGlobalObject::createStructure):
+ * runtime/JSObject.h: De-virtualized functions. They now check the JSType of the object for the corresponding type.
+ (JSC::JSObject::isGlobalObject):
+ (JSC::JSObject::isVariableObject):
+ (JSC::JSObject::isActivationObject):
+ (JSC::JSObject::isErrorInstance):
+ * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
+ * runtime/JSVariableObject.cpp: Removed virtual function.
+ * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
+ (JSC::JSVariableObject::createStructure):
+
+2011-10-28 Pavel Feldman <pfeldman@google.com>
+
+ Reset line numbers for scripts generated with document.write.
+ https://bugs.webkit.org/show_bug.cgi?id=71099
+
+ Reviewed by Yury Semikhatsky.
+
+ * wtf/text/TextPosition.h:
+ (WTF::OrdinalNumber::OrdinalNumber):
+
+2011-10-27 Daniel Bates <dbates@rim.com>
+
+ CMake: Add support to optionally install the built JavaScript shell
+ https://bugs.webkit.org/show_bug.cgi?id=71062
+
+ Reviewed by Antonio Gomes.
+
+ Generate an installation rule for installing the JavaScript shell in
+ /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
+ is defined.
+
+ * shell/CMakeLists.txt:
+
+2011-10-27 Kentaro Hara <haraken@chromium.org>
+
+ Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
+ https://bugs.webkit.org/show_bug.cgi?id=70215
+
+ Reviewed by Adam Barth.
+
+ Added a method that judges if a given JSValue is empty.
+
+ Tests: transforms/svg-vs-css.xhtml
+ transforms/cssmatrix-2d-interface.xhtml
+ transforms/cssmatrix-3d-interface.xhtml
+
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::isEmpty):
+
+2011-10-27 Michael Saboff <msaboff@apple.com>
+
+ ENH: Add 8 bit string support to JSC JIT
+ https://bugs.webkit.org/show_bug.cgi?id=71073
+
+ Changed the JIT String character access generation to create code
+ to check the character size and load8() or load16() as approriate.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load8):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movzbl_mr):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadCharacterString):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ * jit/JSInterfaceJIT.h:
+ (JSC::ThunkHelpers::stringImplFlagsOffset):
+ (JSC::ThunkHelpers::stringImpl8BitFlag):
+ * jit/ThunkGenerators.cpp:
+ (JSC::stringCharLoad):
+
+2011-10-27 Filip Pizlo <fpizlo@apple.com>
+
+ If the bytecode generator emits code after the return in the first basic block,
+ DFG's inliner crashes
+ https://bugs.webkit.org/show_bug.cgi?id=71071
+
+ Reviewed by Gavin Barraclough.
+
+ Removed some cruft dealing with parsing failures due to unsupported functionality
+ (that's never reached anymore due to it being caught in DFGCapabilities). This
+ allowed me to repurpose the bool return from parseBlock() to mean: true if we
+ should continue to parse, or false if we've already parsed all live code.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+
+2011-10-27 Joseph Pecoraro <pecoraro@apple.com>
+
+ Reviewed by David Kilzer.
+
+ Make FeatureDefines Identical Across OS X Projects
+ https://bugs.webkit.org/show_bug.cgi?id=71051
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-27 Filip Pizlo <fpizlo@apple.com>
+
+ Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
+ https://bugs.webkit.org/show_bug.cgi?id=71045
+
+ Reviewed by Geoff Garen.
+
+ Make sure that if a structure is pinned, it also has a property map.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::pin):
+ (JSC::Structure::copyPropertyTableForPinning):
+ * runtime/Structure.h:
+ (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
+
+2011-10-27 Michael Saboff <msaboff@apple.com>
+
+ 32bit build failure after r98624
+ https://bugs.webkit.org/show_bug.cgi?id=71064
+
+ Disambiguated operator overload with unsigned index (0u).
+
+ Reviewed by Sam Weinig.
+
+ * runtime/UString.h:
+ (JSC::operator==):
+
+2011-10-27 Gustavo Noronha Silva <gns@gnome.org>
+
+ Fix building on GNU/kFreeBSD
+ https://bugs.webkit.org/show_bug.cgi?id=71005
+
+ Reviewed by Darin Adler.
+
+ * config.h:
+ * wtf/Platform.h:
+
+2011-10-27 Michael Saboff <msaboff@apple.com>
+
+ Investigate storing strings in 8-bit buffers when possible
+ https://bugs.webkit.org/show_bug.cgi?id=66161
+
+ Investigate storing strings in 8-bit buffers when possible
+ https://bugs.webkit.org/show_bug.cgi?id=66161
+
+ Added support for 8 bit string data in StringImpl. Changed
+ (UChar*) m_data to m_data16. Added char* m_data8 as a union
+ with m_data16. Added UChar* m_copyData16 to the other union
+ to store a 16 bit copy of an 8 bit string when needed.
+ Added characters8() and characters16() accessor methods
+ that assume the caller has checked the underlying string type
+ via the new is8Bit() method. The characters() method will
+ return a UChar* of the string, materializing a 16 bit copy if the
+ string is an 8 bit string. Added two flags, one for 8 bit buffer
+ and a second for a 16 bit copy for an 8 bit string.
+
+ Fixed method name typo (StringHasher::defaultCoverter()).
+
+ Over time the goal is to eliminate calls to characters() and
+ us the character8() and characters16() accessors.
+
+ This patch does not include changes that actually create 8 bit
+ strings. This is the first of at least 8 patches. Subsequent
+ patches will be submitted for JIT changes, making the JSC lexer,
+ parser and literal parser, JavaScript string changes and
+ then changes in webcore to take advantage of the 8 bit strings.
+
+ This change is performance neutral for SunSpider and V8 when
+ run from the command line with "jsc".
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ * parser/SourceProvider.h:
+ (JSC::UStringSourceProvider::data):
+ (JSC::UStringSourceProvider::UStringSourceProvider):
+ * runtime/Identifier.cpp:
+ (JSC::IdentifierCStringTranslator::hash):
+ (JSC::IdentifierCStringTranslator::equal):
+ (JSC::IdentifierCStringTranslator::translate):
+ (JSC::Identifier::add):
+ (JSC::Identifier::toUInt32):
+ * runtime/Identifier.h:
+ (JSC::Identifier::equal):
+ (JSC::operator==):
+ (JSC::operator!=):
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::match):
+ * runtime/StringPrototype.cpp:
+ (JSC::jsSpliceSubstringsWithSeparators):
+ * runtime/UString.cpp:
+ (JSC::UString::UString):
+ (JSC::equalSlowCase):
+ (JSC::UString::utf8):
+ * runtime/UString.h:
+ (JSC::UString::characters):
+ (JSC::UString::characters8):
+ (JSC::UString::characters16):
+ (JSC::UString::is8Bit):
+ (JSC::UString::operator[]):
+ (JSC::UString::find):
+ (JSC::operator==):
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::computeHash):
+ (WTF::StringHasher::defaultConverter):
+ * wtf/text/AtomicString.cpp:
+ (WTF::CStringTranslator::hash):
+ (WTF::CStringTranslator::equal):
+ (WTF::CStringTranslator::translate):
+ (WTF::AtomicString::add):
+ * wtf/text/AtomicString.h:
+ (WTF::AtomicString::AtomicString):
+ (WTF::AtomicString::contains):
+ (WTF::AtomicString::find):
+ (WTF::AtomicString::add):
+ (WTF::operator==):
+ (WTF::operator!=):
+ (WTF::equalIgnoringCase):
+ * wtf/text/StringConcatenate.h:
+ * wtf/text/StringHash.h:
+ (WTF::StringHash::equal):
+ (WTF::CaseFoldingHash::hash):
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::~StringImpl):
+ (WTF::StringImpl::createUninitialized):
+ (WTF::StringImpl::create):
+ (WTF::StringImpl::getData16SlowCase):
+ (WTF::StringImpl::containsOnlyWhitespace):
+ (WTF::StringImpl::substring):
+ (WTF::StringImpl::characterStartingAt):
+ (WTF::StringImpl::lower):
+ (WTF::StringImpl::upper):
+ (WTF::StringImpl::fill):
+ (WTF::StringImpl::foldCase):
+ (WTF::StringImpl::stripMatchedCharacters):
+ (WTF::StringImpl::removeCharacters):
+ (WTF::StringImpl::simplifyMatchedCharactersToSpace):
+ (WTF::StringImpl::toIntStrict):
+ (WTF::StringImpl::toUIntStrict):
+ (WTF::StringImpl::toInt64Strict):
+ (WTF::StringImpl::toUInt64Strict):
+ (WTF::StringImpl::toIntPtrStrict):
+ (WTF::StringImpl::toInt):
+ (WTF::StringImpl::toUInt):
+ (WTF::StringImpl::toInt64):
+ (WTF::StringImpl::toUInt64):
+ (WTF::StringImpl::toIntPtr):
+ (WTF::StringImpl::toDouble):
+ (WTF::StringImpl::toFloat):
+ (WTF::equal):
+ (WTF::equalIgnoringCase):
+ (WTF::StringImpl::find):
+ (WTF::StringImpl::findIgnoringCase):
+ (WTF::StringImpl::reverseFind):
+ (WTF::StringImpl::replace):
+ (WTF::StringImpl::defaultWritingDirection):
+ (WTF::StringImpl::adopt):
+ (WTF::StringImpl::createWithTerminatingNullCharacter):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::StringImpl):
+ (WTF::StringImpl::create):
+ (WTF::StringImpl::create8):
+ (WTF::StringImpl::tryCreateUninitialized):
+ (WTF::StringImpl::flagsOffset):
+ (WTF::StringImpl::flagIs8Bit):
+ (WTF::StringImpl::dataOffset):
+ (WTF::StringImpl::is8Bit):
+ (WTF::StringImpl::characters8):
+ (WTF::StringImpl::characters16):
+ (WTF::StringImpl::characters):
+ (WTF::StringImpl::has16BitShadow):
+ (WTF::StringImpl::setHash):
+ (WTF::StringImpl::hash):
+ (WTF::StringImpl::copyChars):
+ (WTF::StringImpl::operator[]):
+ (WTF::StringImpl::find):
+ (WTF::StringImpl::findIgnoringCase):
+ (WTF::equal):
+ (WTF::equalIgnoringCase):
+ (WTF::StringImpl::isolatedCopy):
+ * wtf/text/WTFString.cpp:
+ (WTF::String::String):
+ (WTF::String::append):
+ (WTF::String::format):
+ (WTF::String::fromUTF8):
+ (WTF::String::fromUTF8WithLatin1Fallback):
+ * wtf/text/WTFString.h:
+ (WTF::String::find):
+ (WTF::String::findIgnoringCase):
+ (WTF::String::contains):
+ (WTF::String::append):
+ (WTF::String::fromUTF8):
+ (WTF::String::fromUTF8WithLatin1Fallback):
+ (WTF::operator==):
+ (WTF::operator!=):
+ (WTF::equalIgnoringCase):
+ * wtf/unicode/Unicode.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::execute):
+ * yarr/YarrJIT.h:
+ (JSC::Yarr::YarrCodeBlock::execute):
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::Parser):
+
+2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing windows build
+
+ Unreviewed build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add ability to check for presence of static members at compile time
+ https://bugs.webkit.org/show_bug.cgi?id=70986
+
+ Reviewed by Geoffrey Garen.
+
+ Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the
+ HAS_MEMBER_NAMED macro to use that template to check if the specified class
+ does indeed have a method with that name. This mechanism is not currently
+ used anywhere, but will be in the future when adding virtual methods from
+ JSObject to the MethodTable.
+
+ * runtime/ClassInfo.h:
+
+2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::toThisObject
+ https://bugs.webkit.org/show_bug.cgi?id=70958
+
+ Reviewed by Geoffrey Garen.
+
+ Converted all instances of toThisObject to static functions,
+ added toThisObject to the MethodTable, and replaced all call sites
+ with a corresponding lookup in the MethodTable.
+
+ * API/JSContextRef.cpp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ClassInfo.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::toThisObject):
+ * runtime/JSActivation.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toThisObject):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::toThisObject):
+ * runtime/JSObject.h:
+ (JSC::JSValue::toThisObject):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::toThisObject):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::toThisObject):
+ * runtime/JSString.h:
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::toThisObject):
+ * runtime/StrictEvalActivation.h:
+
+2011-10-27 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix a small bug in callOperation after r98431
+ https://bugs.webkit.org/show_bug.cgi?id=70984
+
+ Reviewed by Geoffrey Garen.
+
+ TrustedImmPtr is not expecting "int" type parameters.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+
+2011-10-26 Oliver Hunt <oliver@apple.com>
+
+ Restore structure-clearing behaviour of allocateCell<>
+ https://bugs.webkit.org/show_bug.cgi?id=70976
+
+ Reviewed by Geoffrey Garen.
+
+ This restores the logic that allows the markstack to filter
+ live objects that have not yet been initialised.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::clearStructure):
+ Validation-safe method to clear a cell's structure.
+ (JSC::allocateCell):
+ Call the above method.
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend):
+ Don't visit cells that haven't been initialised.
+
+2011-10-26 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r97030): Cannot log in to progressive.com
+ https://bugs.webkit.org/show_bug.cgi?id=70094
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+
+2011-10-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getOwnPropertySlotVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=70741
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all declarations and definitions of getOwnPropertySlotVirtual.
+ Also replaced all call sites to getOwnPropertyVirtualVirtual with a
+ corresponding lookup in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertyDescriptor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+ * runtime/DatePrototype.cpp:
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::create):
+ * runtime/ErrorPrototype.cpp:
+ * runtime/ErrorPrototype.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::getOwnPropertyNames):
+ (JSC::JSFunction::put):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Holder::appendNextProperty):
+ (JSC::Walker::walk):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertySlotByIndex):
+ (JSC::JSObject::hasOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSCell::fastGetOwnPropertySlot):
+ (JSC::JSObject::getPropertySlot):
+ (JSC::JSValue::get):
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlot):
+ * runtime/JSString.h:
+ * runtime/MathObject.cpp:
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::createStructure):
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ * runtime/StringPrototype.h:
+
+2011-10-26 Alejandro G. Castro <alex@igalia.com>
+
+ [GTK] [WK2] Add WebKit2 distcheck support
+ https://bugs.webkit.org/show_bug.cgi?id=70933
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
+
+2011-10-26 Michael Saboff <msaboff@apple.com>
+
+ Increase StringImpl Flag Bits for 8 bit Strings
+ https://bugs.webkit.org/show_bug.cgi?id=70937
+
+ Increased the number of bits used for flags in StringImpl
+ from 6 to 8 bits. This frees up 2 flag bits that will be
+ used for 8-bit string support. Updated hash methods accordingly.
+ Changed hash value masking from the low bits to the high
+ bits.
+
+ Reviewed by Darin Adler.
+
+ * create_hash_table:
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::hash):
+ * wtf/text/StringImpl.h:
+
+2011-10-26 Dan Bernstein <mitz@apple.com>
+
+ Build fix.
+
+ Reverted r98488, which caused the scripts’ status messages to be included in the generated
+ files.
+
+ * create_hash_table:
+ * create_jit_stubs:
+
+2011-10-26 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ Don't print regular output to STDERR when generating hashtables and JIT stubs
+
+ Reviewed by Simon Hausmann.
+
+ * create_hash_table:
+ * create_jit_stubs:
+
+2011-10-25 Gavin Barraclough <barraclough@apple.com>
+
+ Split DFGJITCodeGenerator::callOperation methods
+ https://bugs.webkit.org/show_bug.cgi?id=70870
+
+ Reviewed by Filip Pizlo.
+
+ The DFGJITCodeGenerator currently contains two sets of callOperation methods.
+ One set works with the JSVALUE64 value representation and passes arguments in
+ registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
+ value representation and passes arguments in memory (suitable for use on x86).
+ By refactoring out the representation and calling convention specific aspects
+ of the code we can also configure the DFG JIT to operator on platforms that use
+ the JSVALUE32_64 value representation but pass arguments in registers.
+
+ On platforms supported by the JIT, the payload precedes the tag of a value in
+ argument/result ordering, as such, in order to make the setupResults method
+ generally applicable to return the results of a function that are returned in
+ two registers, the ordering of arguments to this function has been reversed -
+ as is the ordering of augments passed to setupArguments methods, with respect
+ to the ordering with which they are passed in to callOperation.
+ This inconsistency will be resolved in a later change when we combine the pairs
+ of arguments passed into callOperation, such that the function signatures can
+ be made consistent across the two value representations (the callOperation
+ methods will be passed a reference to a struct representing the JSValue
+ temporary, this will consist of two gprs on 32_64 and one on 64).
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::resetCallArguments):
+ (JSC::DFG::addCallArgument):
+ - moved, removed tag,payload version of this method.
+ (JSC::DFG::setupArguments):
+ (JSC::DFG::setupArgumentsExecState):
+ (JSC::DFG::setupArgumentsWithExecState):
+ - Calling convention specific portion of callOperation refactored out into these methods.
+ (JSC::DFG::callOperation):
+ - updated these methods to use setupArguments* methods.
+ (JSC::DFG::setupResults):
+ - setupResults is now passed payload,tag.
+ (JSC::DFG::appendCallWithExceptionCheckSetResult):
+ - Added fpr versions of this function.
+ (JSC::DFG::appendCallSetResult):
+ - Added versions of this function without exception check.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ - setupResults is now passed payload,tag.
+
+2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove deletePropertyVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=70738
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all declarations and definitions of deletePropertyVirtual.
+ Also replaced all call sites to deletePropertyVirtual with a
+ corresponding lookup in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::deletePropertyByIndex):
+ * API/JSObjectRef.cpp:
+ (JSObjectDeleteProperty):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::deleteProperty):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::deleteProperty):
+ (JSC::JSArray::deletePropertyByIndex):
+ * runtime/JSArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::deleteProperty):
+ (JSC::JSCell::deletePropertyByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deletePropertyByIndex):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/JSVariableObject.cpp:
+ * runtime/JSVariableObject.h:
+ * runtime/RegExpMatchesArray.h:
+ * runtime/StrictEvalActivation.cpp:
+ * runtime/StrictEvalActivation.h:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+
+2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove putVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=70740
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all declarations and definitions of putVirtual.
+ Also replaced all call sites to putVirtual with a
+ corresponding lookup in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ (JSObjectSetProperty):
+ (JSObjectSetPropertyAtIndex):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::put):
+ * debugger/DebuggerActivation.h:
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::privateExecute):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::putProperty):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putSlowCase):
+ (JSC::JSArray::push):
+ (JSC::JSArray::shiftCount):
+ (JSC::JSArray::unshiftCount):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::put):
+ (JSC::JSCell::putByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putByIndex):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSValue::put):
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpObject.h:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSplit):
+
+2011-10-25 Gavin Barraclough <barraclough@apple.com>
+
+ Separate out function linking & exception check data structures.
+ https://bugs.webkit.org/show_bug.cgi?id=70858
+
+ Reviewed by Oliver Hunt.
+
+ This will make it easier to refactor the callOperation methods to spilt the value
+ representation specific handling from the cpu/calling-convention implementation.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::appendCallWithExceptionCheck):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::CallLinkRecord::CallLinkRecord):
+ (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
+ (JSC::DFG::JITCompiler::JITCompiler):
+ (JSC::DFG::JITCompiler::notifyCall):
+ (JSC::DFG::JITCompiler::appendCall):
+ (JSC::DFG::JITCompiler::addExceptionCheck):
+ (JSC::DFG::JITCompiler::addFastExceptionCheck):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+
+2011-10-25 Filip Pizlo <fpizlo@apple.com>
+
+ Tiered compilation may introduce dangling pointers in constant buffers
+ https://bugs.webkit.org/show_bug.cgi?id=70854
+
+ Reviewed by Oliver Hunt.
+
+ Tiered compilation now copies constant buffers, which fixes the regression in
+ https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
+ regression relies on a subtle interleaving of optimized compilation and garbage
+ collection, and cannot be reproduced in a simple test.
+
+ This also adds some new debug support, which was used to fix this bug and is
+ likely to be useful in the future.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::copyDataFrom):
+ (JSC::CodeBlock::usesOpcode):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+
+2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing Windows build after r98367
+
+ Unreviewed build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-25 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add missing DFG file entries to the make lists for GTK and Qt ports
+ https://bugs.webkit.org/show_bug.cgi?id=70806
+
+ Reviewed by Darin Adler.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+
+2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add getOwnPropertySlot to MethodTable
+ https://bugs.webkit.org/show_bug.cgi?id=69807
+
+ Reviewed by Oliver Hunt.
+
+ * JavaScriptCore.exp:
+ * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
+ * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can
+ reference it in their MethodTables.
+
+2011-10-25 Oliver Hunt <oliver@apple.com>
+
+ Need to support marking of multiple nested codeblocks when compiling
+ https://bugs.webkit.org/show_bug.cgi?id=70832
+
+ Reviewed by Gavin Barraclough.
+
+ When inlining a function we end up with multiple codeblocks being
+ compiled at the same time, so we need to support a list of live
+ codeblocks.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::startedCompiling):
+ (JSC::JSGlobalData::finishedCompiling):
+
+2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
+ https://bugs.webkit.org/show_bug.cgi?id=70798
+
+ Reviewed by Filip Pizlo.
+
+ When filling an integer for a known integer node (not speculated), it
+ should accept DataFormatJSInteger as well.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+
+2011-10-24 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: removed some cases of threadsafeCopy() that I missed in
+ my previous patch.
+
+ * JavaScriptCore.order:
+
+2011-10-24 Geoffrey Garen <ggaren@apple.com>
+
+ Removed SharedUChar and tightened language around its previous uses
+ https://bugs.webkit.org/show_bug.cgi?id=70698
+
+ Reviewed by David Levin.
+
+ - Removed SharedUChar because most of its functionality has moved into
+ other abstraction layers, and we want remaining clients to choose their
+ abstractions explicitly instead of relying on StringImpl to provide this
+ behavior implicitly, since we think they can sometimes make more efficient
+ choices.
+
+ - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
+ the former names could give the impression that the resulting object was
+ thread-safe, but actually it's just an isolated copy, which is not
+ thread-safe by itself, but can be used to implement a thread-safe
+ algorithm through isolation.
+
+ * wtf/CrossThreadRefCounted.h: Removed.
+
+ * JavaScriptCore.exp: Export!
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
+
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::length): Ditto.
+
+ (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
+
+ * wtf/text/WTFString.cpp:
+ (WTF::String::isolatedCopy):
+ * wtf/text/WTFString.h: Updated for StringImpl changes.
+
+ * API/OpaqueJSString.h:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.order:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/OwnFastMallocPtr.h:
+ * wtf/RefCounted.h:
+ * wtf/SizeLimits.cpp:
+ * wtf/ThreadSafeRefCounted.h:
+ * wtf/wtf.pri:
+ * yarr/YarrPattern.h: Updated these files to accomodate removal of
+ CrossThreadRefCounted.h.
+
+2011-10-24 Oliver Hunt <oliver@apple.com>
+
+ Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
+ https://bugs.webkit.org/show_bug.cgi?id=70689
+
+ Reviewed by Filip Pizlo.
+
+ While performing codegen we need to make the GlobalData explicitly
+ aware of the codeblock being compiled, as compilation may trigger GC
+ and CodeBlock holds GC values, but has not yet been assigned to its
+ owner executable.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::~BytecodeGenerator):
+ * bytecompiler/BytecodeGenerator.h:
+ * heap/AllocationSpace.cpp:
+ (JSC::AllocationSpace::allocateSlowCase):
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::startedCompiling):
+ (JSC::JSGlobalData::finishedCompiling):
+
+2011-10-24 Filip Pizlo <fpizlo@apple.com>
+
+ Object-or-other branch speculation may corrupt the state for OSR if the child of the
+ branch is an integer
+ https://bugs.webkit.org/show_bug.cgi?id=70777
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+
+2011-10-24 Filip Pizlo <fpizlo@apple.com>
+
+ op_new_array_buffer is not inlined correctly
+ https://bugs.webkit.org/show_bug.cgi?id=70770
+
+ Reviewed by Oliver Hunt.
+
+ Disabled inlining of op_new_array_buffer, for now.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canInlineOpcode):
+
+2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add boolean speculations to DFG JIT 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=70706
+
+ Reviewed by Filip Pizlo.
+
+ Different from the boolean speculations in DFG 64, the boolean
+ speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
+ boolean instead of a JSBoolean. This choice is not only for
+ performance, but also to save a register as we're short of registers on
+ X86.
+ To accomplish this we make use of DataFormatBoolean, allow a value to
+ be represented as a primitive boolean and converted from/to a
+ JSBoolean.
+ This patch also fixes SpillOrder in 32_64, which should be different
+ from 64, and fixes needDataFormatConversion logic in 32_64.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branchTest32):
+ We don't expect byte test actually as it doesn't work for registers
+ esp..edi on X86.
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::needDataFormatConversion):
+ (JSC::DFG::GenerationInfo::initBoolean):
+ (JSC::DFG::GenerationInfo::gpr):
+ (JSC::DFG::GenerationInfo::fillInteger):
+ (JSC::DFG::GenerationInfo::fillBoolean):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::spill):
+ (JSC::DFG::cellResult):
+ (JSC::DFG::booleanResult):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+ (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
+ (JSC::DFG::ValueRecovery::inGPR):
+ (JSC::DFG::ValueRecovery::gpr):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing Windows build
+
+ Unreviewed build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ BitVector isInline check could fail
+ https://bugs.webkit.org/show_bug.cgi?id=70691
+
+ Reviewed by Geoffrey Garen.
+
+ Current BitVector uses the highest bit of m_bitsOrPointer to indicate
+ whether it's an inlined bit set or a pointer to an outOfLine bit set.
+ This check may fail in case the pointer also has the highest bit set,
+ which is surely possible on IA32 (Linux).
+ In this case the check failure can result in unexpected behaviors,
+ for example if the BitVector is incorrectly determined as having an
+ inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
+ modify the memory adjacent to the BitVector object.
+ This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
+ or outofline, based on the assumption that the pointer to OutOfLineBits
+ should be 4 or 8 byte aligned.
+ We could mark the lowest bit (bit 0) with 1 for inlined bit set,
+ and bits 1~bitsInPointer are used for bit set/test.
+ In this case we need do one bit more shift for bit set/test.
+
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::resizeOutOfLine):
+ * wtf/BitVector.h:
+ (WTF::BitVector::quickGet):
+ (WTF::BitVector::quickSet):
+ (WTF::BitVector::quickClear):
+ (WTF::BitVector::makeInlineBits):
+ (WTF::BitVector::isInline):
+
+2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
+ https://bugs.webkit.org/show_bug.cgi?id=70271
+
+ Reviewed by Darin Adler.
+
+ Renaming versions of getOwnPropertySlot that use an unsigned as the property
+ name to "getOwnPropertySlotByIndex" in preparation for adding them to the
+ MethodTable, which requires unique names for each method.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlotVirtual):
+ (JSC::Arguments::getOwnPropertySlotByIndex):
+ * runtime/Arguments.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlotVirtual):
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ (JSC::JSArray::getOwnPropertySlot):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertySlotVirtual):
+ (JSC::JSByteArray::getOwnPropertySlotByIndex):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlotVirtual):
+ (JSC::JSCell::getOwnPropertySlotByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
+ (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertySlotVirtual):
+ (JSC::JSObject::getOwnPropertySlotByIndex):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlotVirtual):
+ (JSC::JSString::getOwnPropertySlotByIndex):
+ * runtime/JSString.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
+ (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
+ (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlotVirtual):
+ (JSC::StringObject::getOwnPropertySlotByIndex):
+ * runtime/StringObject.h:
+
+2011-10-24 Patrick Gansterer <paroga@webkit.org>
+
+ Interpreter build fix after r98179.
+
+ * bytecode/CodeBlock.h:
+ Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
+ since it is only used there.
+
+2011-10-23 Geoffrey Garen <ggaren@apple.com>
+
+ Fixed a typo Darin spotted.
+
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::hash): Expelliarmus!
+
+2011-10-23 Geoffrey Garen <ggaren@apple.com>
+
+ Removed StringImpl::createStrippingNullCharacters
+ https://bugs.webkit.org/show_bug.cgi?id=70700
+
+ Reviewed by David Levin.
+
+ It was unused.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.cpp:
+ * wtf/text/StringImpl.h:
+
+2011-10-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should inline constructors
+ https://bugs.webkit.org/show_bug.cgi?id=70675
+
+ Reviewed by Oliver Hunt.
+
+ Adds support for inlining constructors. Also fixes two pathologies
+ uncovered along the way: CheckMethod claimed that it never returned a
+ result (causing CheckMethod -> SetLocal -> GetLocal sequences to
+ result in the GetLocal doing OSR exit), and get_by_id parsing never
+ checked if it was hot in slow path. Also fiddled with inlining
+ heuristics; it appears that for now, the more inlining, the happier
+ V8 is. Finally, a bug was uncovered where a silent spill of a boxed
+ integer that had previously been spilled unboxed causes the silent
+ fill to forget to unbox.
+
+ This appears to be a 4% speed-up on V8 in their harness, or a 1%
+ speed-up in my harness. The difference is due to warm-up: in my
+ harness we see significant amounts of time spent in compilation, but
+ in V8's harness compilation gets amortizes. Profiling indicates that
+ we have the potential for a 5% win from basic optimizations like
+ generating OSR exits lazily and holding onto bytecode longer.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightInlineFunctionForConstruct):
+ (JSC::DFG::canInlineOpcode):
+ (JSC::DFG::mightInlineFunctionFor):
+ (JSC::DFG::canInlineFunctionFor):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ * runtime/Executable.h:
+ (JSC::isCall):
+ (JSC::ExecutableBase::intrinsicFor):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-10-23 Noel Gordon <noel.gordon@gmail.com>
+
+ [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
+ https://bugs.webkit.org/show_bug.cgi?id=70703
+
+ Reviewed by Kent Tamura.
+
+ runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
+ to these files from the gyp project files.
+
+ * JavaScriptCore.gypi:
+
+2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add deleteProperty to the MethodTable
+ https://bugs.webkit.org/show_bug.cgi?id=70162
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.exp:
+ * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
+ * runtime/JSFunction.h: Changed JSFunction::deleteProperty to
+ be protected rather than private for subclasses who don't provide their own
+ implementation.
+
+2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getConstructDataVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=70638
+
+ Reviewed by Darin Adler.
+
+ Removed all declarations and definitions of getConstructDataVirtual.
+ Also replaced all call sites to getConstructDataVirtual with a
+ corresponding lookup in the MethodTable.
+
+ * API/JSCallbackConstructor.cpp:
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ (JSObjectIsConstructor):
+ (JSObjectCallAsConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::getConstructData):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSObject.h:
+ (JSC::getConstructData):
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+
+2011-10-23 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the SL build.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
+ away int vs unisgned warning.
+
+2011-10-21 Geoffrey Garen <ggaren@apple.com>
+
+ Separated string lifetime bits from character buffer state bits
+ https://bugs.webkit.org/show_bug.cgi?id=70673
+
+ Reviewed by Anders Carlsson.
+
+ Moved the static/immortal bit into the bottom bit of the refcount, and
+ moved all other bits into the high bits of the hash code.
+
+ This is the first step toward a new Characters/PassString class, and it
+ makes ref/deref slightly more efficient.
+
+ * create_hash_table:
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::hash): Tweaked the string hashing function to leave
+ the top bits clear, so they can be used as flags.
+
+ Fixed some small differences between the PERL copy of this function and
+ the C++ copy of this function, which could have in theory caused subtle
+ crashes.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::sharedBuffer):
+ (WTF::StringImpl::createWithTerminatingNullCharacter):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::StringImpl):
+ (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
+ s_didReportExtraCost, since the original name was both self-contradictory
+ and used as a double-negative.
+
+ (WTF::StringImpl::isIdentifier):
+ (WTF::StringImpl::setIsIdentifier):
+ (WTF::StringImpl::hasTerminatingNullCharacter):
+ (WTF::StringImpl::isAtomic):
+ (WTF::StringImpl::setIsAtomic):
+ (WTF::StringImpl::setHash):
+ (WTF::StringImpl::rawHash):
+ (WTF::StringImpl::hasHash):
+ (WTF::StringImpl::existingHash):
+ (WTF::StringImpl::hash):
+ (WTF::StringImpl::hasOneRef):
+ (WTF::StringImpl::ref):
+ (WTF::StringImpl::deref):
+ (WTF::StringImpl::bufferOwnership):
+ (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
+ bit of the refcount. Now, all lifetime information lives in the refcount
+ field. Moved the other bits into the hash code field.
+
+2011-10-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG inlining sometimes fails to reset constant references
+ https://bugs.webkit.org/show_bug.cgi?id=70668
+
+ Reviewed by Anders Carlsson.
+
+ Reset constant references when we need to (new block created) and not
+ when we don't (change of inlining depth).
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::prepareToParseBlock):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+
+2011-10-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should have inlining
+ https://bugs.webkit.org/show_bug.cgi?id=69996
+
+ Reviewed by Oliver Hunt.
+
+ Implements inlining that's hooked into the bytecode parser. Only
+ works for calls, for now, though nothing fundamentally prevents us
+ from inlining constructor calls. 2% overall speed-up on all
+ benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
+ richards respectively), neutral on Kraken and SunSpider.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::baselineVersion):
+ (JSC::CodeBlock::setInstructionCount):
+ (JSC::CodeBlock::likelyToTakeSlowCase):
+ (JSC::CodeBlock::couldTakeSlowCase):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::likelyToTakeAnySlowCase):
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::inlineDepthForCallFrame):
+ (JSC::CodeOrigin::inlineDepth):
+ (JSC::CodeOrigin::operator==):
+ (JSC::CodeOrigin::inlineStack):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::beginBasicBlock):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ * dfg/DFGBasicBlock.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::BasicBlock::ensureLocals):
+ (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getDirect):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::setDirect):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::flush):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::linkBlock):
+ (JSC::DFG::ByteCodeParser::linkBlocks):
+ (JSC::DFG::ByteCodeParser::handleSuccessor):
+ (JSC::DFG::ByteCodeParser::determineReachability):
+ (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::canHandleOpcodes):
+ (JSC::DFG::canCompileOpcodes):
+ (JSC::DFG::canInlineOpcodes):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightCompileEval):
+ (JSC::DFG::mightCompileProgram):
+ (JSC::DFG::mightCompileFunctionForCall):
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ (JSC::DFG::mightInlineFunctionForCall):
+ (JSC::DFG::mightInlineFunctionForConstruct):
+ (JSC::DFG::canInlineOpcode):
+ (JSC::DFG::canInlineOpcodes):
+ (JSC::DFG::canInlineFunctionForCall):
+ (JSC::DFG::canInlineFunctionForConstruct):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::printWhiteSpace):
+ (JSC::DFG::Graph::dumpCodeOrigin):
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::GetBytecodeBeginForBlock::operator()):
+ (JSC::DFG::Graph::blockIndexForBytecodeOffset):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::decodedCodeMapFor):
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::debugCall):
+ (JSC::DFG::JITCompiler::baselineCodeBlockFor):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVariableAccessData):
+ (JSC::DFG::Node::shouldGenerate):
+ * dfg/DFGOperands.h:
+ (JSC::DFG::Operands::ensureLocals):
+ (JSC::DFG::Operands::setLocal):
+ (JSC::DFG::Operands::getLocal):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrameSlow):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::baselineCodeBlockFor):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::profiledCodeBlockFor):
+ (JSC::FunctionExecutable::parameterCount):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+ * runtime/JSFunction.h:
+
+2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add put to the MethodTable
+ https://bugs.webkit.org/show_bug.cgi?id=70439
+
+ Reviewed by Oliver Hunt.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
+ * runtime/JSFunction.h: Changed access modifier for put to protected since some
+ subclasses of JSFunction need to reference it in their MethodTables.
+
+2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add finalizer to JSObject
+ https://bugs.webkit.org/show_bug.cgi?id=70336
+
+ Reviewed by Darin Adler.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::callDestructor): Skip the call to the destructor
+ if we're a JSFinalObject, since the finalizer takes care of things.
+ * runtime/JSCell.h:
+ (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with
+ future changes and the fact that we no longer always call the destructor, making
+ the information provided less useful.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::finalize): Add finalizer for JSObject.
+ (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
+ property storage, we add a finalizer to ourself.
+ * runtime/JSObject.h:
+
+2011-10-21 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Remove QtScript source code from WebKit.
+ https://bugs.webkit.org/show_bug.cgi?id=64088
+
+ Reviewed by Tor Arne Vestbø.
+
+ Removed dead code that isn't developed anymore.
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pri:
+ * qt/api/QtScript.pro: Removed.
+ * qt/api/qscriptconverter_p.h: Removed.
+ * qt/api/qscriptengine.cpp: Removed.
+ * qt/api/qscriptengine.h: Removed.
+ * qt/api/qscriptengine_p.cpp: Removed.
+ * qt/api/qscriptengine_p.h: Removed.
+ * qt/api/qscriptfunction.cpp: Removed.
+ * qt/api/qscriptfunction_p.h: Removed.
+ * qt/api/qscriptoriginalglobalobject_p.h: Removed.
+ * qt/api/qscriptprogram.cpp: Removed.
+ * qt/api/qscriptprogram.h: Removed.
+ * qt/api/qscriptprogram_p.h: Removed.
+ * qt/api/qscriptstring.cpp: Removed.
+ * qt/api/qscriptstring.h: Removed.
+ * qt/api/qscriptstring_p.h: Removed.
+ * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
+ * qt/api/qscriptsyntaxcheckresult.h: Removed.
+ * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
+ * qt/api/qscriptvalue.cpp: Removed.
+ * qt/api/qscriptvalue.h: Removed.
+ * qt/api/qscriptvalue_p.h: Removed.
+ * qt/api/qscriptvalueiterator.cpp: Removed.
+ * qt/api/qscriptvalueiterator.h: Removed.
+ * qt/api/qscriptvalueiterator_p.h: Removed.
+ * qt/api/qtscriptglobal.h: Removed.
+ * qt/benchmarks/benchmarks.pri: Removed.
+ * qt/benchmarks/benchmarks.pro: Removed.
+ * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
+ * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
+ * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
+ * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
+ * qt/tests/qscriptengine/qscriptengine.pro: Removed.
+ * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
+ * qt/tests/qscriptstring/qscriptstring.pro: Removed.
+ * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
+ * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
+ * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
+ * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
+ * qt/tests/tests.pri: Removed.
+ * qt/tests/tests.pro: Removed.
+
+2011-10-21 Zheng Liu <zheng.z.liu@intel.com>
+
+ bytecompiler sometimes generates incorrect bytecode for put_by_id
+ https://bugs.webkit.org/show_bug.cgi?id=70403
+
+ Reviewed by Filip Pizlo.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::AssignDotNode::emitBytecode):
+ (JSC::AssignBracketNode::emitBytecode):
+
+2011-10-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not try to predict argument types by looking at the values of
+ argument registers at the time of compilation
+ https://bugs.webkit.org/show_bug.cgi?id=70578
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/CodeBlock.cpp:
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGDriver.h:
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileOptimizedForCall):
+ (JSC::FunctionExecutable::compileOptimizedForConstruct):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileForConstruct):
+ (JSC::FunctionExecutable::compileFor):
+ (JSC::FunctionExecutable::compileOptimizedFor):
+
+2011-10-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG call optimization handling will fail if the call had been unlinked due
+ to the callee being optimized
+ https://bugs.webkit.org/show_bug.cgi?id=70468
+
+ Reviewed by Geoff Garen.
+
+ If a call had ever been linked, we remember this fact as well as the function
+ to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
+ called.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * jit/JIT.cpp:
+ (JSC::JIT::linkFor):
+
+2011-10-20 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - Fix ByteArray speculation
+ https://bugs.webkit.org/show_bug.cgi?id=70571
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-20 Vincent Scheib <scheib@chromium.org>
+
+ MouseLock compile and run time flags.
+ https://bugs.webkit.org/show_bug.cgi?id=70530
+
+ Reviewed by Darin Fisher.
+
+ * wtf/Platform.h:
+
+2011-10-20 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename static deleteProperty to deletePropertyByIndex
+ https://bugs.webkit.org/show_bug.cgi?id=70257
+
+ Reviewed by Geoffrey Garen.
+
+ Renaming versions of deleteProperty that use an unsigned as the property
+ name to "deletePropertyByIndex" in preparation for adding them to the
+ MethodTable, which requires unique names for each method.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::deletePropertyVirtual):
+ (JSC::::deletePropertyByIndex):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::deletePropertyVirtual):
+ (JSC::Arguments::deletePropertyByIndex):
+ * runtime/Arguments.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::deletePropertyVirtual):
+ (JSC::JSArray::deletePropertyByIndex):
+ * runtime/JSArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::deletePropertyVirtual):
+ (JSC::JSCell::deletePropertyByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::deletePropertyVirtual):
+ (JSC::JSNotAnObject::deletePropertyByIndex):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deletePropertyVirtual):
+ (JSC::JSObject::deletePropertyByIndex):
+ * runtime/JSObject.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::deletePropertyVirtual):
+ (JSC::RegExpMatchesArray::deletePropertyByIndex):
+
+2011-10-20 Filip Pizlo <fpizlo@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=70482
+ DFG-related stubs in the old JIT should not be built if the DFG is disabled
+
+ Reviewed by Zoltan Herczeg.
+
+ Aiming for a slight code size/build time reduction if the DFG is not in
+ play. This should also make further DFG development slightly easier since
+ the bodies of these JIT stubs can now safely refer to things that are only
+ declared when the DFG is enabled.
+
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+
+2011-10-19 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ConvertThis emits slow code when the source node is known to be,
+ but not predicted to be, a final object
+ https://bugs.webkit.org/show_bug.cgi?id=70466
+
+ Reviewed by Oliver Hunt.
+
+ Added a new case in ConvertThis compilation.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-19 Filip Pizlo <fpizlo@apple.com>
+
+ Optimization triggers in the old JIT may sometimes fire repeatedly even
+ though there is no optimization to be done
+ https://bugs.webkit.org/show_bug.cgi?id=70467
+
+ Reviewed by Oliver Hunt.
+
+ If optimize_from_ret does nothing, it delays the next optimization trigger.
+ This is performance-neutral.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+
+2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
+ https://bugs.webkit.org/show_bug.cgi?id=70460
+
+ Reviewed by Filip Pizlo.
+
+ As pointed out by Gavin in bug #70418, when a value is already in memory
+ we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
+ This gives 9% improvement on Kraken if without the change in bug #70418,
+ and 1% if based on the code with bug #70418 change.
+ Performance is neutral in V8 and SunSpider.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-10-19 Gavin Barraclough <barraclough@apple.com>
+
+ Poisoning of strict caller,arguments inappropriately poisoning "in"
+ https://bugs.webkit.org/show_bug.cgi?id=63398
+
+ Reviewed by Oliver Hunt.
+
+ This fixes the problem by correctly implementing the spec -
+ the error should actually be being thrown from a standard JS getter/setter.
+ This implements spec correct behaviour for strict mode JS functions & bound
+ functions, I'll follow up with a patch to do the same for arguments.
+
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::finishCreation):
+ - Add the poisoned caller/arguments properties.
+ * runtime/JSBoundFunction.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::finishCreation):
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::put):
+ - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::createThrowTypeError):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
+ - Add a ThrowTypeError type, per ES5 13.2.3.
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncThrowTypeError):
+ * runtime/JSGlobalObjectFunctions.h:
+ - Implementation of ThrowTypeError.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::initializeGetterSetterProperty):
+ * runtime/JSObject.h:
+ - This function adds a new property (must not exist already) that is an initialized getter/setter.
+
+2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - improve double boxing/unboxing
+ https://bugs.webkit.org/show_bug.cgi?id=70418
+
+ Reviewed by Gavin Barraclough.
+
+ Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
+ which tries to exchange data through memory.
+ On X86 some SSE instructions can help us on such operations with better performance.
+ This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
+ and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::lshiftPacked):
+ (JSC::MacroAssemblerX86Common::rshiftPacked):
+ (JSC::MacroAssemblerX86Common::orPacked):
+ (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
+ (JSC::MacroAssemblerX86Common::movePackedToInt32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movd_rr):
+ (JSC::X86Assembler::psllq_i8r):
+ (JSC::X86Assembler::psrlq_i8r):
+ (JSC::X86Assembler::por_rr):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::boxDouble):
+ (JSC::DFG::JITCompiler::unboxDouble):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-19 Gyuyoung Kim <gyuyoung.kim@samsung.com>
+
+ [EFL] Fix DSO linkage of wtf_efl.
+
+ Unreviewed build fix.
+
+ Need to add -ldl to jsc_efl (requested by dladdr).
+
+ * wtf/CMakeListsEfl.txt:
+
+2011-10-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed StringImplBase, fusing it into StringImpl
+ https://bugs.webkit.org/show_bug.cgi?id=70443
+
+ Reviewed by Gavin Barraclough.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.order:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::StringImpl):
+ (WTF::StringImpl::ref):
+ (WTF::StringImpl::length):
+ * wtf/text/StringImplBase.h: Removed.
+ * wtf/wtf.pri: Removed!
+
+2011-10-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add getConstructData to the MethodTable
+ https://bugs.webkit.org/show_bug.cgi?id=70163
+
+ Reviewed by Geoffrey Garen.
+
+ Adding getConstructData to the MethodTable in order to be able to
+ remove all calls to getConstructDataVirtual soon. Part of the process
+ of de-virtualizing JSCell.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ClassInfo.h:
+
+2011-10-18 Oliver Hunt <oliver@apple.com>
+
+ Support CanvasPixelArray in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=70384
+
+ Reviewed by Filip Pizlo.
+
+ Add support for the old CanvasPixelArray optimisations to the
+ DFG. This removes the regression seen in the DFG when using
+ a CPA.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store8):
+ (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movb_rm):
+ (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC::isByteArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateByteArray):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::compileClampDoubleToByte):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::offsetOfStorage):
+ * wtf/ByteArray.cpp:
+ * wtf/ByteArray.h:
+ (WTF::ByteArray::offsetOfSize):
+ (WTF::ByteArray::offsetOfData):
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Some rope cleanup following r97827
+ https://bugs.webkit.org/show_bug.cgi?id=70398
+
+ Reviewed by Oliver Hunt.
+
+ 9% speedup on date-format-xparb, neutral overall.
+
+ - Removed RopeImpl*.
+ - Removed JSString::m_fiberCount, since this can be deduced from other data.
+ - Renamed a jsString() variant to jsStringFromArguments for clarity.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.order:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadCharacterString):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::loadJSStringArgument):
+ * jit/ThunkGenerators.cpp:
+ (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
+ of testing m_fiberCount, since m_fiberCount is gone now.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::RopeBuilder::expand):
+ (JSC::JSString::visitChildren):
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
+ in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::finishCreation):
+ (JSC::RopeBuilder::offsetOfLength):
+ (JSC::RopeBuilder::isRope):
+ (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
+ jsString => jsStringFromArguments for clarity.
+
+ * runtime/Operations.h:
+ (JSC::jsStringFromArguments): Renamed.
+
+ * runtime/RopeImpl.cpp: Removed.
+ * runtime/RopeImpl.h: Removed.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
+ which is slightly faster.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncConcat): Updated for rename.
+
+ * wtf/text/StringImplBase.h:
+ (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
+ StringImpl, since this was only used by RopeImpl, which is now gone.
+
+2011-10-19 Rafael Antognolli <antognolli@profusion.mobi>
+
+ [EFL] Fix DSO linkage of jsc_efl.
+ https://bugs.webkit.org/show_bug.cgi?id=70412
+
+ Unreviewed build fix.
+
+ Need to add -ldl to jsc_efl (requested by dladdr).
+
+ * shell/CMakeListsEfl.txt:
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out last Windows build fix because it was wrong.
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out last Windows build fix because it was wrong.
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix part of the Windows build.
+
+ Export!
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Switched ropes from malloc memory to GC memory
+ https://bugs.webkit.org/show_bug.cgi?id=70364
+
+ Reviewed by Gavin Barraclough.
+
+ ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
+ having C++ destructors.
+
+ * heap/MarkStack.cpp:
+ (JSC::visitChildren): Call the JSString visitChildren function now,
+ since it's no longer a no-op.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::~JSString): Moved this destructor out of line because
+ it's called virtually, so there's no value to inlining.
+
+ (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
+ initializing wrapper around JSString. JSString now represents ropes
+ directly, rather than relying on an underlying malloc object.
+
+ (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
+ objects now.
+
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
+ of malloc objects.
+
+ (JSC::JSString::replaceCharacter): Removed optimizations for substringing
+ ropes and replacing subsections of ropes. We want to reimplement versions
+ of these optimizations in the future, but this patch already has good
+ performance without them.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::finishCreation):
+ (JSC::RopeBuilder::createNull):
+ (JSC::RopeBuilder::create):
+ (JSC::RopeBuilder::createHasOtherOwner):
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsNontrivialString):
+ (JSC::jsString):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString): Lots of mechanical changes here. The two important
+ things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
+ malloc objects; (2) I simplified the JSString constructor interface to
+ only accept PassRefPtr<StringImpl>, instead of variations on that like
+ UString, reducing refcount churn.
+
+ * runtime/JSValue.h:
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toPrimitiveString): Updated this function to return a
+ JSString instead of a UString, since that's what clients want now.
+
+ * runtime/Operations.cpp:
+ (JSC::jsAddSlowCase):
+ * runtime/Operations.h:
+ (JSC::jsString):
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
+
+ * runtime/StringConstructor.cpp:
+ (JSC::constructWithStringConstructor):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create): Don't create a new JSString if we already
+ have a JSString.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncConcat): Updated for interface changes above.
+
+2011-10-18 Gavin Barraclough <barraclough@apple.com>
+
+ Errrk, fix partial commit of r97825!
+
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToISOString):
+
+2011-10-18 Gavin Barraclough <barraclough@apple.com>
+
+ Date.prototype.toISOString fails to throw exception
+ https://bugs.webkit.org/show_bug.cgi?id=70394
+
+ Reviewed by Sam Weinig.
+
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToISOString):
+ - Should throw a range error if the internal value is not finite.
+
+2011-10-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename static put to putByIndex
+ https://bugs.webkit.org/show_bug.cgi?id=70281
+
+ Reviewed by Geoffrey Garen.
+
+ Renaming versions of deleteProperty that use an unsigned as the property
+ name to "deletePropertyByIndex" in preparation for adding them to the
+ MethodTable, which requires unique names for each method.
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::putVirtual):
+ (JSC::Arguments::putByIndex):
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncMap):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::put):
+ (JSC::JSArray::putVirtual):
+ (JSC::JSArray::putByIndex):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::putVirtual):
+ (JSC::JSByteArray::putByIndex):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::putVirtual):
+ (JSC::JSCell::putByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::putVirtual):
+ (JSC::JSNotAnObject::putByIndex):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putVirtual):
+ (JSC::JSObject::putByIndex):
+ * runtime/JSObject.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::fillArrayInstance):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::putVirtual):
+ (JSC::RegExpMatchesArray::putByIndex):
+
+2011-10-18 Gavin Barraclough <barraclough@apple.com>
+
+ Array.prototype methods missing exception checks
+ https://bugs.webkit.org/show_bug.cgi?id=70360
+
+ Reviewed by Geoff Garen.
+
+ Missing exception checks after calls to the static getProperty helper,
+ these may result in the wrong exception being thrown (or an ASSERT being hit,
+ as is currently the case running test-262).
+
+ No performance impact.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+
+2011-10-18 Adam Barth <abarth@webkit.org>
+
+ Always enable ENABLE(XPATH)
+ https://bugs.webkit.org/show_bug.cgi?id=70217
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-18 Gavin Barraclough <barraclough@apple.com>
+
+ Indexed arguments on the Arguments object should be enumerable.
+ https://bugs.webkit.org/show_bug.cgi?id=70302
+
+ Reviewed by Sam Weinig.
+
+ See ECMA-262 5.1 chapter 10.6 step 11b.
+ This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ - The 'enumerable' property should be true for indexed arguments.
+ (JSC::Arguments::getOwnPropertyNames):
+ - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
+
+2011-10-18 Gustavo Noronha Silva <gns@gnome.org>
+
+ Fix distcheck.
+
+ * GNUmakefile.list.am: fix a typo and add a missing header to the
+ list.
+
+2011-10-18 Balazs Kelemen <kbalazs@webkit.org>
+
+ ParallelJobs: maximum number of threads should be determined dynamically
+ https://bugs.webkit.org/show_bug.cgi?id=68540
+
+ Reviewed by Zoltan Herczeg.
+
+ Add logic to determine the number of cores and use this as
+ the maximum number of threads. The implementation currently
+ covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
+ The patch was tested on Linux, Mac and Windows which was enough to
+ cover all code path. It should work on the rest accoring to the
+ documentation of those OS's. The hard coded constant is still used
+ on uncovered OS's which should be fixed in the future.
+
+ * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
+ argument because clients should always fill it and the 0 default value
+ was incorrect anyway.
+ (WTF::ParallelJobs::ParallelJobs):
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
+ * wtf/ParallelJobsGeneric.h:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ Reverted r997709, this caused test failures.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasProperty):
+ (JSC::JSObject::hasOwnProperty):
+
+2011-10-17 Ryosuke Niwa <rniwa@webkit.org>
+
+ Rename deregister* to unregister*
+ https://bugs.webkit.org/show_bug.cgi?id=70272
+
+ Reviewed by Darin Adler.
+
+ Renamed deregisterWeakMap to unregisterWeakMap.
+
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::unregisterWeakMap):
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ Poisoning of strict caller/arguments inappropriately poisoning "in"
+ https://bugs.webkit.org/show_bug.cgi?id=63398
+
+ Reviewed by Sam Weinig.
+
+ The problem here is that the has[Own]Property methods get the slot rather than
+ the descriptor, and getting the slot may cause the property to be eagerly accessed.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - We don't expect hasProperty to ever throw. If it does, it won't get caught
+ (since it is after the exception check), so ASSERT to guard against this.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasProperty):
+ (JSC::JSObject::hasOwnProperty):
+ - These methods should not check for the presence of the descriptor; never get the value.
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ Exception ordering in String.prototype.replace
+ https://bugs.webkit.org/show_bug.cgi?id=70290
+
+ If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace):
+
+2011-10-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG bytecode parser should understand inline stacks
+ https://bugs.webkit.org/show_bug.cgi?id=70278
+
+ Reviewed by Oliver Hunt.
+
+ The DFG bytecode parser is now capable of parsing multiple code blocks at
+ once. This remains turned off since not all inlining functionality is
+ implemented.
+
+ This required making a few changes elsewhere in the system. The bytecode
+ parser now may do some of the same things that the bytecode generator does,
+ like allocating constants and identifiers. Basic block linking relies on
+ bytecode indices, which are only meaningful within the context of one basic
+ block. This is fine, so long as linking is done eagerly whenever switching
+ from one code block to another.
+
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::CodeOrigin):
+ * bytecompiler/BytecodeGenerator.h:
+ * dfg/DFGBasicBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getThis):
+ (JSC::DFG::ByteCodeParser::setThis):
+ (JSC::DFG::ByteCodeParser::currentCodeOrigin):
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::linkBlock):
+ (JSC::DFG::ByteCodeParser::linkBlocks):
+ (JSC::DFG::ByteCodeParser::setupPredecessors):
+ (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
+ (JSC::DFG::GetBytecodeBeginForBlock::operator()):
+ (JSC::DFG::Graph::blockIndexForBytecodeOffset):
+ * dfg/DFGNode.h:
+ * runtime/Identifier.h:
+ (JSC::IdentifierMapIndexHashTraits::emptyValue):
+ * runtime/JSValue.h:
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearchWithFunctor):
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ Incorrect behavior from String match/search & undefined pattern
+ https://bugs.webkit.org/show_bug.cgi?id=70286
+
+ Reviewed by Sam weinig.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ - In case of undefined, pattern is "".
+ (JSC::stringProtoFuncSearch):
+ - In case of undefined, pattern is "".
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=70207
+ After deleting __defineSetter__, it is absent but appears in name list
+
+ Reviewed by Darin Adler.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertyNames):
+ - This should check whether static functions have been reified.
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Mac build fix.
+
+ * JavaScriptCore.exp: Export!
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix.
+
+ * heap/HandleStack.cpp: Added a missing #include.
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
+ longer existant symbol.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Simplified GC marking logic
+ https://bugs.webkit.org/show_bug.cgi?id=70258
+
+ Reviewed by Filip Pizlo.
+
+ No perf. change.
+
+ This is a first step toward GC allocating string backing stores, starting
+ with ropes. It also enables future simplifications and optimizations.
+
+ - Replaced some complex mark stack logic with a simple linear stack of
+ JSCell pointers.
+
+ - Replaced logic for short-circuiting marking based on JSType and/or
+ Structure flags with special cases for object, array, and string.
+
+ - Fiddled with inlining for better codegen.
+
+ * JavaScriptCore.exp:
+ * heap/HandleStack.cpp: Build!
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
+
+ * heap/HeapRootVisitor.h: Removed unused functions that no longer build.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackArray::MarkStackArray):
+ (JSC::MarkStackArray::~MarkStackArray):
+ (JSC::MarkStackArray::expand):
+ (JSC::MarkStackArray::shrinkAllocation):
+ (JSC::MarkStack::reset):
+ (JSC::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::~MarkStack):
+ (JSC::MarkStackArray::append):
+ (JSC::MarkStackArray::removeLast):
+ (JSC::MarkStackArray::isEmpty):
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::appendUnbarrieredPointer):
+ (JSC::MarkStack::internalAppend): Replaced complex mark set logic with
+ simple linear stack.
+
+ * heap/SlotVisitor.h:
+ (JSC::SlotVisitor::SlotVisitor): Updated for above changes.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSArray.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSObject.h: Don't inline visitChildren; it's too big.
+
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
+ because it prevented strings from owning GC pointers.
+
+ * runtime/WriteBarrier.h:
+ (JSC::MarkStack::appendValues): No need to validate; internalAppend will
+ do that for us.
+
+2011-10-17 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r97536, part 3
+
+ * runtime/JSAPIValueWrapper.h:
+ * runtime/JSObject.h:
+ Use JS_EXPORTDATA to export the s_info members.
+
+2011-10-17 Adam Roben <aroben@apple.com>
+
+ Interpreter build fix after r97564
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
+ there.
+
+2011-10-17 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r97536, part 2
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
+ JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
+ was at it.
+
+2011-10-17 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r97536
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
+ JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
+ s_info members, which need to be exported via JS_EXPORTDATA instead.
+
+2011-10-17 Patrick Gansterer <paroga@webkit.org>
+
+ Interpreter build fix after r97436, r97506, r97532 and r97537.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-10-16 Adam Barth <abarth@webkit.org>
+
+ Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
+ https://bugs.webkit.org/show_bug.cgi?id=70216
+
+ Reviewed by Eric Seidel.
+
+ * wtf/Platform.h:
+
+2011-10-16 Noel Gordon <noel.gordon@gmail.com>
+
+ [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
+ https://bugs.webkit.org/show_bug.cgi?id=70205
+
+ Reviewed by James Robinson.
+
+ wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
+ wtf/gtk/ThreadingGtk.cpp was removed in r97269.
+
+ * JavaScriptCore.gypi:
+
+2011-10-16 Adam Barth <abarth@webkit.org>
+
+ Always enable ENABLE(DOM_STORAGE)
+ https://bugs.webkit.org/show_bug.cgi?id=70189
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-15 Dan Horák <dan@danny.cz>
+
+ The s390 and s390x architectures both use 64-bit double type
+ that conforms to the IEEE-754 standard.
+
+ https://bugs.webkit.org/show_bug.cgi?id=69940
+
+ Reviewed by Gavin Barraclough.
+
+ * wtf/dtoa/utils.h:
+
+2011-10-14 Filip Pizlo <fpizlo@apple.com>
+
+ FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
+ https://bugs.webkit.org/show_bug.cgi?id=70157
+
+ Reviewed by Geoff Garen.
+
+ Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
+ and compileForConstructInternal() to use this method. This required more cleanly
+ exposing some of CodeBlock's tiering functionality and moving the CompilationKind
+ enum to Executable.h, as this was the easiest way to make it available to the
+ declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::copyDataFrom):
+ (JSC::CodeBlock::copyDataFromAlternative):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setAlternative):
+ * bytecompiler/BytecodeGenerator.h:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::codeBlockFor):
+
+2011-10-15 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
+ https://bugs.webkit.org/show_bug.cgi?id=69920
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ * JavaScriptCore.pri:
+ * JavaScriptCore.pro:
+ * heap/MarkStack.h:
+ (JSC::::shrinkAllocation):
+ * jit/ExecutableAllocator.cpp:
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+ * jit/JITStubs.cpp:
+ * jsc.pro:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ * runtime/DatePrototype.cpp:
+ (JSC::formatLocaleDate):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncLastIndexOf):
+ * runtime/TimeoutChecker.cpp:
+ (JSC::getCPUTime):
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+ * wtf/Atomics.h:
+ * wtf/MathExtras.h:
+ * wtf/OSAllocator.h:
+ (WTF::OSAllocator::decommitAndRelease):
+ * wtf/OSAllocatorSymbian.cpp: Removed.
+ * wtf/OSRandomSource.cpp:
+ (WTF::cryptographicallyRandomValuesFromOS):
+ * wtf/PageAllocation.h:
+ * wtf/PageAllocatorSymbian.h: Removed.
+ * wtf/PageBlock.cpp:
+ * wtf/Platform.h:
+ * wtf/StackBounds.cpp:
+ * wtf/wtf.pri:
+
+2011-10-15 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Trivial fix for a missing change in r97512
+ https://bugs.webkit.org/show_bug.cgi?id=70166
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::link):
+
+2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename getOwnPropertySlot to getOwnPropertySlotVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=69810
+
+ Reviewed by Geoffrey Garen.
+
+ Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual
+ in preparation for when we add the static getOwnPropertySlot to the MethodTable
+ in ClassInfo.
+
+ Also added a few static getOwnPropertySlot functions where they had been overlooked
+ before (especially in CodeGeneratorJS.pm).
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertySlotVirtual):
+ (JSC::::getOwnPropertySlot):
+ (JSC::::getOwnPropertyDescriptor):
+ (JSC::::staticFunctionGetter):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertySlotVirtual):
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlotVirtual):
+ (JSC::Arguments::getOwnPropertySlot):
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getOwnPropertySlotVirtual):
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlotVirtual):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertySlotVirtual):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getOwnPropertySlotVirtual):
+ * runtime/DateConstructor.h:
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertySlotVirtual):
+ * runtime/DatePrototype.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertySlotVirtual):
+ * runtime/ErrorPrototype.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::getOwnPropertySlotVirtual):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlotVirtual):
+ (JSC::JSArray::getOwnPropertySlot):
+ * runtime/JSArray.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::getOwnPropertySlotVirtual):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertySlotVirtual):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlotVirtual):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlotVirtual):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::getOwnPropertyNames):
+ (JSC::JSFunction::put):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::getOwnPropertySlotVirtual):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::hasOwnPropertyForWrite):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Holder::appendNextProperty):
+ (JSC::JSONObject::getOwnPropertySlotVirtual):
+ (JSC::Walker::walk):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertySlotVirtual):
+ (JSC::JSObject::getOwnPropertySlot):
+ (JSC::JSObject::hasOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getOwnPropertySlotVirtual):
+ (JSC::JSCell::fastGetOwnPropertySlot):
+ (JSC::JSObject::getPropertySlot):
+ (JSC::JSValue::get):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlotVirtual):
+ (JSC::JSString::getOwnPropertySlot):
+ * runtime/JSString.h:
+ * runtime/Lookup.h:
+ (JSC::getStaticPropertySlot):
+ (JSC::getStaticFunctionSlot):
+ (JSC::getStaticValueSlot):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertySlotVirtual):
+ * runtime/MathObject.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlotVirtual):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertySlotVirtual):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getOwnPropertySlotVirtual):
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getOwnPropertySlotVirtual):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::getOwnPropertySlotVirtual):
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertySlotVirtual):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getOwnPropertySlotVirtual):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlotVirtual):
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertySlotVirtual):
+ * runtime/StringPrototype.h:
+
+2011-10-14 Gavin Barraclough <baraclough@apple.com>
+
+ Most built-in properties are not deletable
+ https://bugs.webkit.org/show_bug.cgi?id=61014
+
+ Reviewed by Filip Pizlo.
+
+ Our static hash tables don't allow for deleting properties.
+ This is the cause of a bunch of expected failures in LayoutTests/sputnik.
+
+ This fixes the problem by reifying all static functions immediately prior
+ to the first deletion. Reification is tracked by a flag on the structure,
+ so properties will no longer 'bounce-back' on later access.
+
+ Theoretically there could probably also be an issue with custom accessor
+ properties, but we probably do not really require any of these to be
+ Configurable anyway. I'll follow up with a separate patch to address this.
+
+ * runtime/ClassInfo.h:
+ (JSC::ClassInfo::hasStaticProperties):
+ - detects static property tables.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deleteProperty):
+ - call reifyStaticFunctions before deletion.
+ (JSC::JSObject::reifyStaticFunctions):
+ - If the class has static functions, set them up now.
+ * runtime/JSObject.h:
+ (JSC::JSObject::staticFunctionsReified):
+ - returns true if static functions have been reified,
+ and as such should no longer be added.
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ - If static functions have been reified do not add.
+ * runtime/Lookup.h:
+ (JSC::HashTable::ConstIterator::ConstIterator):
+ (JSC::HashTable::ConstIterator::operator->):
+ (JSC::HashTable::ConstIterator::operator*):
+ (JSC::HashTable::ConstIterator::operator!=):
+ (JSC::HashTable::ConstIterator::operator++):
+ (JSC::HashTable::ConstIterator::skipInvalidKeys):
+ (JSC::HashTable::begin):
+ (JSC::HashTable::end):
+ (JSC::getStaticPropertySlot):
+ (JSC::getStaticPropertyDescriptor):
+ (JSC::getStaticFunctionSlot):
+ (JSC::getStaticFunctionDescriptor):
+ - setUpStaticFunctionSlot may not add, returns a bool.
+ (JSC::lookupPut):
+ - remove redundant branch.
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ - initialize new flag in constructors.
+ * runtime/Structure.h:
+ (JSC::Structure::staticFunctionsReified):
+ (JSC::Structure::setStaticFunctionsReified):
+ - added flag
+
+2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename virtual put to putVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=69851
+
+ Reviewed by Darin Adler.
+
+ Renamed virtual versions of put to putVirtual in prepration for
+ adding the static put to the MethodTable in ClassInfo since the
+ compiler gets mad if the virtual and static versions have the same
+ name.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::putVirtual):
+ * API/JSObjectRef.cpp:
+ (JSObjectSetProperty):
+ (JSObjectSetPropertyAtIndex):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::putVirtual):
+ (JSC::DebuggerActivation::put):
+ * debugger/DebuggerActivation.h:
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::putVirtual):
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::putProperty):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::putVirtual):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putVirtual):
+ (JSC::JSArray::putSlowCase):
+ (JSC::JSArray::push):
+ (JSC::JSArray::shiftCount):
+ (JSC::JSArray::unshiftCount):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::putVirtual):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::putVirtual):
+ (JSC::JSCell::put):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::putVirtual):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::putVirtual):
+ (JSC::JSGlobalObject::putWithAttributes):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::putVirtual):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putVirtual):
+ (JSC::JSObject::put):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSValue::put):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::putVirtual):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/Lookup.h:
+ (JSC::lookupPut):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::putVirtual):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::fillArrayInstance):
+ (JSC::RegExpConstructor::putVirtual):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::putVirtual):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::putVirtual):
+ * runtime/RegExpObject.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::putVirtual):
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSplit):
+
+2011-10-13 Filip Pizlo <fpizlo@apple.com>
+
+ Reflective Arguments retrieval should be hardened for the
+ possibility of inlining
+ https://bugs.webkit.org/show_bug.cgi?id=70068
+
+ Reviewed by Oliver Hunt.
+
+ CodeBlock can now track, as part of its RareData, the virtual inline
+ stack at callsites. CallFrame walking can now rematerialize "inline"
+ CallFrames by combining the meta-data in CodeBlock with the information
+ already in the JS stack. Arguments can now safely retrieve the
+ arguments from inline CallFrames.
+
+ The DFG already had the notion of a "CodeOrigin" in preparation for
+ inlining. This notion will now be saved into the CodeBlock, if the DFG
+ had done inlining. So, CodeOrigin has been moved to bytecode/ and has
+ been changed to behave more like a struct since that is how it's
+ meant to be used.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::inlineCallFrames):
+ (JSC::CodeBlock::codeOrigins):
+ (JSC::CodeBlock::hasCodeOrigins):
+ (JSC::CodeBlock::codeOriginForReturn):
+ * bytecode/CodeOrigin.h: Added.
+ (JSC::CodeOrigin::CodeOrigin):
+ (JSC::CodeOrigin::isSet):
+ (JSC::getCallReturnOffsetForCodeOrigin):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGNode.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::isInlineCallFrame):
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::inlineCallFrame):
+ (JSC::ExecState::setInlineCallFrame):
+ (JSC::ExecState::isInlineCallFrame):
+ (JSC::ExecState::trueCallerFrame):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::findFunctionCallFrame):
+ * interpreter/Register.h:
+ (JSC::Register::operator=):
+ (JSC::Register::inlineCallFrame):
+ * runtime/Arguments.h:
+ (JSC::Arguments::getArgumentsData):
+ (JSC::Arguments::finishCreationButDontCopyRegisters):
+ (JSC::Arguments::finishCreation):
+ (JSC::Arguments::finishCreationAndCopyRegisters):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::parameterCount):
+
+2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename virtual deleteProperty to deletePropertyVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=69884
+
+ Reviewed by Darin Adler.
+
+ Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for
+ adding the static deleteProperty to the MethodTable in ClassInfo since the
+ compiler gets mad if the virtual and static versions have the same name.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::deletePropertyVirtual):
+ (JSC::::deleteProperty):
+ * API/JSObjectRef.cpp:
+ (JSObjectDeleteProperty):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::deletePropertyVirtual):
+ (JSC::DebuggerActivation::deleteProperty):
+ * debugger/DebuggerActivation.h:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::deletePropertyVirtual):
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::deletePropertyVirtual):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::deletePropertyVirtual):
+ (JSC::JSArray::deleteProperty):
+ * runtime/JSArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::deletePropertyVirtual):
+ (JSC::JSCell::deleteProperty):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::deletePropertyVirtual):
+ * runtime/JSFunction.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::deletePropertyVirtual):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deletePropertyVirtual):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::deletePropertyVirtual):
+ * runtime/JSVariableObject.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::deletePropertyVirtual):
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::deletePropertyVirtual):
+ * runtime/StrictEvalActivation.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::deletePropertyVirtual):
+ * runtime/StringObject.h:
+
+2011-10-14 Peter Beverloo <peter@chromium.org>
+
+ [Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo
+ https://bugs.webkit.org/show_bug.cgi?id=70028
+
+ Reviewed by Adam Barth.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-10-14 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - Performance fix for ResolveGlobal
+ https://bugs.webkit.org/show_bug.cgi?id=70096
+
+ Reviewed by Gavin Barraclough.
+
+ Structure check of global object should be a pointer comparison
+ instead of a tag and payload pair comparison. This fix improves
+ SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X.
+ Also two trivial fixes for successful 32-bit build are included.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-13 Filip Pizlo <fpizlo@apple.com>
+
+ Speculation failures in ValueToInt32 are causing a 2x slow-down
+ in Kraken/stanford-crypto-pbkdf2
+ https://bugs.webkit.org/show_bug.cgi?id=70089
+
+ Reviewed by Gavin Barraclough.
+
+ If we can't truncate to Int32 using machine code, then don't fail
+ speculation. Just call JSC::toInt32.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename virtual getConstructData to getConstructDataVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=69872
+
+ Reviewed by Geoffrey Garen.
+
+ Renamed virtual getConstructData functions to getConstructDataVirtual to
+ avoid conflicts when we add static getConstructData to the MethodTable.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::getConstructDataVirtual):
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getConstructDataVirtual):
+ * API/JSObjectRef.cpp:
+ (JSObjectIsConstructor):
+ (JSObjectCallAsConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getConstructDataVirtual):
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::getConstructDataVirtual):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getConstructDataVirtual):
+ * runtime/DateConstructor.h:
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::getConstructDataVirtual):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::getConstructDataVirtual):
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::getConstructDataVirtual):
+ * runtime/FunctionConstructor.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getConstructDataVirtual):
+ * runtime/JSCell.h:
+ (JSC::getConstructData):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getConstructDataVirtual):
+ * runtime/JSFunction.h:
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::getConstructDataVirtual):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getConstructDataVirtual):
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getConstructDataVirtual):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getConstructDataVirtual):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getConstructDataVirtual):
+ * runtime/StringConstructor.h:
+
+2011-10-13 Filip Pizlo <fpizlo@apple.com>
+
+ Rubber stamped Stephanie Lewis.
+
+ DFG_ENABLE() macro was always returning false.
+
+ * dfg/DFGNode.h:
+
+2011-10-13 Gavin Barraclough <baraclough@apple.com>
+
+ Speculative build fix for !DFG builds.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-10-13 Oliver Hunt <oliver@apple.com>
+
+ Fix performance of ValueToInt32 node when predicting double
+ https://bugs.webkit.org/show_bug.cgi?id=70063
+
+ Reviewed by Filip Pizlo.
+
+ Currently we fail to inline double to int conversion when
+ performing a ValueToInt32 operation on a value we predict
+ to be a double.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ Apply correct filter for the double prediction path
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ Support double parameters even when value has been spilled.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ Moved old valueToInt32 code to this function, and added
+ path for double prediction
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ Made the two implementations of ValueToInt32 call a single
+ shared compileValueToInt32 function.
+
+2011-10-13 Chris Marrin <cmarrin@apple.com>
+
+ Sync requestAnimationFrame callback to CVDisplayLink on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=68911
+
+ Reviewed by Simon Fraser.
+
+ Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations
+ that use the DisplayRefreshMonitor logic.
+
+ * wtf/Platform.h:
+
+2011-10-13 Gavin Barraclough <baraclough@apple.com>
+
+ DFG JIT should not be using ENABLE macro to enable features
+ https://bugs.webkit.org/show_bug.cgi?id=70060
+
+ Reviewed by Oliver Hunt.
+
+ The ENABLE macro is only intended to be used to detect features that are configured
+ in Platform.h. Using its to detect settings defined in other headers is an error.
+
+ The problem is that the ENABLE macro checks if the value is defined, so will silently
+ return false if you fail to include the header defining the switch. This is not a problem
+ if (1) the settings are defined in the same header that defines the macro that tests them,
+ or (2) the header is included everywhere. In the case of ENABLE settings defined in
+ Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro.
+
+ * bytecode/CodeBlock.cpp:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGNode.h:
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::propagatePredictionsForward):
+ (JSC::DFG::Propagator::propagatePredictionsBackward):
+ (JSC::DFG::Propagator::propagatePredictions):
+ (JSC::DFG::Propagator::toDouble):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::fixup):
+ (JSC::DFG::Propagator::startIndexForChildren):
+ (JSC::DFG::Propagator::endIndexForPureCSE):
+ (JSC::DFG::Propagator::setReplacement):
+ (JSC::DFG::Propagator::eliminate):
+ (JSC::DFG::Propagator::performNodeCSE):
+ (JSC::DFG::Propagator::localCSE):
+ (JSC::DFG::Propagator::allocateVirtualRegisters):
+ (JSC::DFG::Propagator::performBlockCFA):
+ (JSC::DFG::Propagator::performForwardCFA):
+ (JSC::DFG::Propagator::globalCFA):
+ * dfg/DFGScoreBoard.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-10-13 Gavin Barraclough <baraclough@apple.com>
+
+ terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell
+
+ Rubber stamped by Filip Pizlo
+
+ This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualized JSCell::toNumber
+ https://bugs.webkit.org/show_bug.cgi?id=69858
+
+ Reviewed by Sam Weinig.
+
+
+ Removed JSCallbackObject::toNumber because its no longer necessary since
+ JSObject::toNumber now suffices since we implicitly add valueOf to an object's
+ prototype whenever a convertToType callback is provided.
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber.
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toNumber):
+ * runtime/JSCell.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+
+ Removed JSNotAnObject::toNumber because its result doesn't matter and it implements
+ defaultValue, therefore JSObject::toNumber can cover its case.
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+
+2011-10-13 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ Use realloc() to expand/shrink StringBuilder buffer
+ https://bugs.webkit.org/show_bug.cgi?id=69913
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::reserveCapacity):
+ (WTF::StringBuilder::reallocateBuffer):
+ (WTF::StringBuilder::appendUninitialized):
+ (WTF::StringBuilder::shrinkToFit):
+ * wtf/text/StringBuilder.h:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer.
+ * wtf/text/StringImpl.h:
+
+2011-10-12 Filip Pizlo <fpizlo@apple.com>
+
+ If an Arguments object is being used to copy the arguments, then
+ make this explicit
+ https://bugs.webkit.org/show_bug.cgi?id=69995
+
+ Reviewed by Sam Weinig.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::retrieveArguments):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createAndCopyRegisters):
+ (JSC::Arguments::finishCreationButDontCopyRegisters):
+ (JSC::Arguments::finishCreation):
+ (JSC::Arguments::finishCreationAndCopyRegisters):
+
+2011-10-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CFA does not filter structures aggressively enough.
+ https://bugs.webkit.org/show_bug.cgi?id=69989
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::AbstractValue::clear):
+ (JSC::DFG::AbstractValue::makeTop):
+ (JSC::DFG::AbstractValue::clobberStructures):
+ (JSC::DFG::AbstractValue::set):
+ (JSC::DFG::AbstractValue::merge):
+ (JSC::DFG::AbstractValue::filter):
+ (JSC::DFG::AbstractValue::checkConsistency):
+
+2011-10-12 Adam Barth <abarth@webkit.org>
+
+ Remove ENABLE(XHTMLMP) and associated code
+ https://bugs.webkit.org/show_bug.cgi?id=69729
+
+ Reviewed by David Levin.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-12 Gavin Barraclough <baraclough@apple.com>
+
+ MacroAssemblerX86 8-bit register ops unsafe on CPU(X86)
+ https://bugs.webkit.org/show_bug.cgi?id=69978
+
+ Reviewed by Filip Pizlo.
+
+ Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ).
+
+ compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding
+ a couple of xchg instructions.
+
+ branchTest8 with a register argument is also affected. In all cases this is currently used
+ this is testing a value that is correct to 32 or more bits, so we can simply switch these
+ to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the
+ 32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction).
+
+ This fixes the remaining fast/js failures with the DFG JIT 32_64.
+
+ * assembler/MacroAssemblerARMv7.h
+ - removed branchTest8.
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::compare32):
+ (JSC::MacroAssemblerX86Common::test8):
+ (JSC::MacroAssemblerX86Common::test32):
+ (JSC::MacroAssemblerX86Common::set32):
+ - added set32 helper that is 'h' register safe.
+ - removed branchTest8.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ - switch uses of branchTest8 to branchTest32.
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ - switch uses of branchTest8 to branchTest32.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ - switch uses of branchTest8 to branchTest32.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ - switch uses of branchTest8 to branchTest32.
+
+2011-10-12 Gavin Barraclough <baraclough@apple.com>
+
+ Errrk, revert accidental commit!
+
+ * wtf/Platform.h:
+
+2011-10-12 Gavin Barraclough <baraclough@apple.com>
+
+ Unreviewed, re-land changes from #69890, #69903.
+
+ These were reverted due to bug #69897, but #69903 fixed this problem.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-12 Filip Pizlo <fpizlo@apple.com>
+
+ ValueProfile::computeUpdatedPrediction doesn't merge statistics correctly
+ https://bugs.webkit.org/show_bug.cgi?id=69906
+
+ Reviewed by Gavin Barraclough.
+
+ It turns out that the simplest fix is to switch computeUpdatedPredictions()
+ to using predictionFromValue() combined with mergePrediction(). Doing so
+ allowed me to kill off weakBuckets and visitWeakReferences(). Hence this
+ not only fixes a performance bug but kills off a lot of code that I never
+ liked to begin with.
+
+ This appears to be a 1% win on V8.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionFromValue):
+ * bytecode/ValueProfile.cpp:
+ (JSC::ValueProfile::computeStatistics):
+ (JSC::ValueProfile::computeUpdatedPrediction):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::classInfo):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::isLive):
+ (JSC::ValueProfile::dump):
+
+2011-10-12 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::toString
+ https://bugs.webkit.org/show_bug.cgi?id=69677
+
+ Reviewed by Sam Weinig.
+
+ Removed toString from JSCallbackObject, since it is no
+ longer necessary since we now implicitly add toString and valueOf
+ functions to object prototypes when a convertToType callback
+ is provided, which is now the standard way to override toString
+ and valueOf in the JSC C API.
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ Removed toString from InterruptedExecutionError and
+ TerminatedExecutionError and replaced it with defaultValue,
+ which JSObject::toString calls. We'll probably have to de-virtualize
+ defaultValue eventually, but we'll cross that bridge when we
+ come to it.
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::defaultValue):
+ (JSC::TerminatedExecutionError::defaultValue):
+ * runtime/ExceptionHelpers.h:
+
+ Removed toString from JSNotAnObject, since its return value doesn't
+ actually matter and JSObject::toString can cover it.
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+
+ De-virtualized JSCell::toString, JSObject::toString and JSString::toString.
+ Added handling of all cases for JSCell to JSCell::toString.
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toString):
+ * runtime/JSCell.h:
+
+2011-10-12 Oliver Hunt <oliver@apple.com>
+
+ Global stringStructure caches its prototype chain, abandoning a web page
+ https://bugs.webkit.org/show_bug.cgi?id=69952
+
+ Reviewed by Filip Pizlo.
+
+ When visiting a structure, we don't keep the prototype chain
+ alive if we're not the structure for an object type.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::visitChildren):
+
+2011-10-12 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - Fix ArrayPop
+ https://bugs.webkit.org/show_bug.cgi?id=69918
+
+ Reviewed by Filip Pizlo.
+
+ The storageLengthGPR is polluted by EmptyValueTag and later used to
+ index the array, which results in abnormal behaviors in execution.
+ This fix makes 32_64 DFG pass v8-deltablue and kraken
+ crypto-sha256-iterative on Linux ia32.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movl_i32m):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-12 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk>
+
+ Fix build with GLib 2.31
+ https://bugs.webkit.org/show_bug.cgi?id=69840
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am: removed ThreadingGtk.cpp.
+ * wtf/ThreadingPrimitives.h: remove GTK+-specific definitions.
+ * wtf/gobject/GOwnPtr.cpp: remove GCond and GMutex specializations.
+ * wtf/gobject/GOwnPtr.h: ditto.
+ * wtf/gobject/GTypedefs.h: remove GCond and GMutex forward declarations.
+ * wtf/gtk/ThreadingGtk.cpp: Removed.
+
+2011-10-12 Filip Pizlo <fpizlo@apple.com>
+
+ Layout tests crashing in DFG JIT code
+ https://bugs.webkit.org/show_bug.cgi?id=69897
+
+ Reviewed by Gavin Barraclough.
+
+ Abstract value filtration didn't take into account cases where a structure
+ set filter, combined with predicted type knowledge, could lead to a stronger
+ filter for the structure abstract value.
+
+ This bug would have been benign in release builds; it would have just meant
+ that the analysis was less precise and some optimization opportunities would
+ be missed. I have an ASSERT that is meant to catch such cases, and it was
+ triggering sporadically in one of the LayoutTests.
+
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::AbstractValue::filter):
+
+2011-10-11 Gavin Barraclough <baraclough@apple.com>
+
+ Unreviewed, temporarily reverted r97216 due to bug #69897.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG 32_64 - fix silentFillGPR
+ https://bugs.webkit.org/show_bug.cgi?id=69903
+
+ Reviewed by Filip Pizlo.
+
+ Fix a small bug in silentFillGPR,
+ and add the newly introduced DFG file to CMakeListsEfl.
+
+ * CMakeListsEfl.txt:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does not have flow-sensitive intraprocedural control flow analysis
+ https://bugs.webkit.org/show_bug.cgi?id=69690
+
+ Reviewed by Gavin Barraclough.
+
+ Implemented a control flow analysis (CFA). It currently propagates type
+ proofs only. For example, if all predecessors to a basic block have
+ checks that variable X is a JSFinalObject with structure 0xabcdef, then
+ this basic block will now know this fact and will know that it does not
+ have to emit either JSFinalObject checks or any structure checks since
+ the structure is precisely known. The CFA takes heap side-effects into
+ account (though somewhat conservatively), so that if the object pointed
+ to by variable X could have possibly undergone a structure transition
+ then this is reflected: the analysis may simply say that X's structure
+ is unknown.
+
+ This also propagates a wealth of other type information which is
+ currently not being used. For example, we now know when a variable can
+ only hold doubles. Even if a variable may hold other types at different
+ points in its live range, we can still prove exactly when it will only
+ be double.
+
+ There's a bunch of stuff that the CFA could do that it still does not
+ do, like precise handling of PutStructure (i.e. structure transitions),
+ precise handling of CheckFunction and CheckMethod, etc. So this is
+ very much intended to be a starting point rather than an end unto
+ itself.
+
+ This is a 1% win on V8 (mostly due to a 3% win on richards and deltablue)
+ and a 1% win on Kraken (mostly due to a 6% win on imaging-desaturate).
+ Neutral on SunSpider.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/ActionablePrediction.h: Removed.
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ * dfg/DFGAbstractState.cpp: Added.
+ (JSC::DFG::AbstractState::AbstractState):
+ (JSC::DFG::AbstractState::~AbstractState):
+ (JSC::DFG::AbstractState::beginBasicBlock):
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::reset):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::clobberStructures):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ (JSC::DFG::AbstractState::merge):
+ (JSC::DFG::AbstractState::mergeToSuccessors):
+ (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
+ (JSC::DFG::AbstractState::dump):
+ * dfg/DFGAbstractState.h: Added.
+ (JSC::DFG::AbstractState::forNode):
+ (JSC::DFG::AbstractState::isValid):
+ * dfg/DFGAbstractValue.h: Added.
+ (JSC::DFG::StructureAbstractValue::StructureAbstractValue):
+ (JSC::DFG::StructureAbstractValue::clear):
+ (JSC::DFG::StructureAbstractValue::makeTop):
+ (JSC::DFG::StructureAbstractValue::top):
+ (JSC::DFG::StructureAbstractValue::add):
+ (JSC::DFG::StructureAbstractValue::addAll):
+ (JSC::DFG::StructureAbstractValue::contains):
+ (JSC::DFG::StructureAbstractValue::isSubsetOf):
+ (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan):
+ (JSC::DFG::StructureAbstractValue::isSupersetOf):
+ (JSC::DFG::StructureAbstractValue::filter):
+ (JSC::DFG::StructureAbstractValue::isClear):
+ (JSC::DFG::StructureAbstractValue::isTop):
+ (JSC::DFG::StructureAbstractValue::size):
+ (JSC::DFG::StructureAbstractValue::at):
+ (JSC::DFG::StructureAbstractValue::operator[]):
+ (JSC::DFG::StructureAbstractValue::last):
+ (JSC::DFG::StructureAbstractValue::predictionFromStructures):
+ (JSC::DFG::StructureAbstractValue::operator==):
+ (JSC::DFG::StructureAbstractValue::dump):
+ (JSC::DFG::AbstractValue::AbstractValue):
+ (JSC::DFG::AbstractValue::clear):
+ (JSC::DFG::AbstractValue::isClear):
+ (JSC::DFG::AbstractValue::makeTop):
+ (JSC::DFG::AbstractValue::clobberStructures):
+ (JSC::DFG::AbstractValue::isTop):
+ (JSC::DFG::AbstractValue::top):
+ (JSC::DFG::AbstractValue::set):
+ (JSC::DFG::AbstractValue::operator==):
+ (JSC::DFG::AbstractValue::merge):
+ (JSC::DFG::AbstractValue::filter):
+ (JSC::DFG::AbstractValue::validate):
+ (JSC::DFG::AbstractValue::dump):
+ * dfg/DFGBasicBlock.h: Added.
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::BasicBlock::getBytecodeBegin):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::setupPredecessors):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::block):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGNode.h:
+ (JSC::DFG::NodeIndexTraits::defaultValue):
+ (JSC::DFG::Node::variableAccessData):
+ (JSC::DFG::Node::takenBytecodeOffsetDuringParsing):
+ (JSC::DFG::Node::notTakenBytecodeOffsetDuringParsing):
+ (JSC::DFG::Node::setTakenBlockIndex):
+ (JSC::DFG::Node::setNotTakenBlockIndex):
+ (JSC::DFG::Node::takenBlockIndex):
+ (JSC::DFG::Node::notTakenBlockIndex):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h:
+ * dfg/DFGOperands.h: Added.
+ (JSC::DFG::operandIsArgument):
+ (JSC::DFG::OperandValueTraits::defaultValue):
+ (JSC::DFG::Operands::Operands):
+ (JSC::DFG::Operands::numberOfArguments):
+ (JSC::DFG::Operands::numberOfLocals):
+ (JSC::DFG::Operands::argument):
+ (JSC::DFG::Operands::local):
+ (JSC::DFG::Operands::setLocal):
+ (JSC::DFG::Operands::setArgumentFirstTime):
+ (JSC::DFG::Operands::setLocalFirstTime):
+ (JSC::DFG::Operands::operand):
+ (JSC::DFG::Operands::setOperand):
+ (JSC::DFG::Operands::clear):
+ (JSC::DFG::dumpOperands):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::propagatePredictions):
+ (JSC::DFG::Propagator::performBlockCFA):
+ (JSC::DFG::Propagator::performForwardCFA):
+ (JSC::DFG::Propagator::globalCFA):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStructureSet.h:
+ (JSC::DFG::StructureSet::clear):
+ (JSC::DFG::StructureSet::predictionFromStructures):
+ (JSC::DFG::StructureSet::operator==):
+ (JSC::DFG::StructureSet::dump):
+ * dfg/DFGVariableAccessData.h: Added.
+
+2011-10-11 Gavin Barraclough <baraclough@apple.com>
+
+ DFG JIT 32_64 - Fix silentFillGPR for non-integer constants.
+ https://bugs.webkit.org/show_bug.cgi?id=69890
+
+ Reviewed by Oliver Hunt.
+
+ Cell constants are currently hitting the valueOfInt32Constant case, there is no constant handling for JSValues.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-11 Ryosuke Niwa <rniwa@webkit.org>
+
+ GTK build fix attempt after r97197.
+
+ * wtf/BitVector.h:
+
+2011-10-11 Oliver Hunt <oliver@apple.com>
+
+ Remove unintentional logging.
+
+ * heap/Heap.cpp:
+
+2011-10-11 Oliver Hunt <oliver@apple.com>
+
+ Tidy up card walking logic
+ https://bugs.webkit.org/show_bug.cgi?id=69883
+
+ Reviewed by Gavin Barraclough.
+
+ Special case common cell sizes when walking a block's
+ cards.
+
+ * heap/CardSet.h:
+ (JSC::::testAndClear):
+ * heap/Heap.cpp:
+ (JSC::GCTimer::GCCounter::GCCounter):
+ (JSC::GCTimer::GCCounter::count):
+ (JSC::GCTimer::GCCounter::~GCCounter):
+ (JSC::Heap::markRoots):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::reset):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::visitCount):
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::append):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::gatherDirtyCellsWithSize):
+ (JSC::MarkedBlock::gatherDirtyCells):
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend):
+
+2011-10-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG virtual register allocator should be more aggressive in
+ reusing temporary slots
+ https://bugs.webkit.org/show_bug.cgi?id=69868
+
+ Reviewed by Oliver Hunt.
+
+ 1.2% win on V8, neutral elsewhere. The win is probably because it
+ increases precision of GC conservative scans.
+
+ This required making the DFG::ScoreBoard operate over a bitvector
+ of preserved variables, rather than just a preserved variable
+ threshold. To do this, I improved the WTF::BitVector class to make
+ it more user-friendly. It still retains all previous functionality.
+ Also made changes to PackedIntVector to accomodate those changes.
+ Finally, this adds more debugging to the virtual register allocator
+ and to the OSR exit code, as this was necessary to track down bugs
+ in an earlier version of this patch.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::allocateVirtualRegisters):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::ScoreBoard):
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::allocate):
+ (JSC::DFG::ScoreBoard::use):
+ (JSC::DFG::ScoreBoard::highWatermark):
+ (JSC::DFG::ScoreBoard::dump):
+ (JSC::DFG::ScoreBoard::max):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueRecovery::dump):
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::setSlow):
+ (WTF::BitVector::resizeOutOfLine):
+ (WTF::BitVector::dump):
+ * wtf/BitVector.h:
+ (WTF::BitVector::BitVector):
+ (WTF::BitVector::operator=):
+ (WTF::BitVector::quickGet):
+ (WTF::BitVector::quickSet):
+ (WTF::BitVector::quickClear):
+ (WTF::BitVector::get):
+ (WTF::BitVector::set):
+ (WTF::BitVector::clear):
+ * wtf/PackedIntVector.h:
+ (WTF::PackedIntVector::get):
+ (WTF::PackedIntVector::set):
+
+2011-10-11 Gavin Barraclough <baraclough@apple.com>
+
+ DFG JIT 32_64 - Switch to cdecl calling convention.
+ https://bugs.webkit.org/show_bug.cgi?id=69863
+
+ Reviewed by Oliver Hunt.
+
+ This makes it easier to keep the stack correctly aligned, which is required on OS X.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+ - Provide default FunctionPtr constructors for CDECL functions on STDCALL platforms.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ - Switch calls to poke arguments rather than pushing them.
+ (JSC::DFG::resetCallArguments):
+ (JSC::DFG::addCallArgument):
+ (JSC::DFG::addCallArgumentBoxed):
+ - Helper functions to stack up call arguments on X86.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ - Don't push, poke!
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::compileBody):
+ - Don't push, poke!
+ * dfg/DFGOperations.cpp:
+ - Switch ReturnAddress wrappers to push return address last, update asm trampolines.
+ * dfg/DFGOperations.h:
+ - switch DFG_OPERATION to assert CDECL on STDCALL platforms.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::fmodWithCDecl):
+ (JSC::DFG::SpeculativeJIT::compile):
+ - On STDCALL platforms wrap fmod, since DFG_OPERATION wrappers are CDECL.
+
+2011-10-11 Gavin Barraclough <baraclough@apple.com>
+
+ Switch RegisterSizedBoolean/dfgConvertJSValueToInt32 return type to size_t
+ https://bugs.webkit.org/show_bug.cgi?id=69821
+
+ Reviewed by Filip Pizlo.
+
+ Operations returning types Z (int32_t) and B (RegisterSizedBoolean - implemented as an
+ intptr_t) are indistinguishable on 32-bit Linux, preventing the DFG JIT from building.
+
+ dfgConvertJSValueToInt32 would be better returning a value known to be register sized, for
+ JSVALUE64 (we currently zero-extend in JIT code, potentially introducing an unnecessary
+ move), so by switching all associated operations to return a size_t we can fix the type
+ problem on Linux & make it a small tweak that removes an unnecessary instruction.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ - comparisons now return a size_t.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ - Removed Z_DFGOperation_EJ form.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ - comparisons now return a size_t.
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ - comparisons now return a size_t.
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - Change return types for comparison operations & dfgConvertJSValueToInt32 to size_t,
+ Both need to return values zero extended to fill a register.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ - comparisons now return a size_t.
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ - comparisons now return a size_t.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ - comparisons now return a size_t.
+
+2011-10-11 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Remove all references to QTDIR_build and standalone_package
+
+ Qt is now modularized, which means we no longer import WebKit into
+ the Qt source tree. Instead we use git submodules, and building
+ QtWebKit as "part of Qt" is really building QtWebKit as from trunk.
+
+ To decrease the number of buildsystem configurations we also remove
+ the standalone_package code-path used when we were providing tarballs
+ with the derived sources pre-generated.
+
+ Reviewed by Simon Hausmann.
+
+ * DerivedSources.pro:
+ * JavaScriptCore.pri:
+ * JavaScriptCore.pro:
+
+2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add missing copyright notice in DFG JIT files
+ https://bugs.webkit.org/show_bug.cgi?id=69809
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ * dfg/DFGJITCompiler32_64.cpp:
+ * dfg/DFGJITCompilerInlineMethods.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+
+2011-10-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JSVALUE64 spill/fill code should not box integers and doubles
+ https://bugs.webkit.org/show_bug.cgi?id=69782
+
+ Reviewed by Oliver Hunt.
+
+ Added the notion of DataFormatInteger and DataFormatDouble to the spillFormat.
+ This required changing all of the places that spill registers (both silently
+ and not) and filling registers (both silently and on demand). It also required
+ changing OSR exit to recognize that a spilled value (DisplacedInRegisterFile)
+ may have the wrong format for the old JIT (unboxed int or double).
+
+ This is a slight win on Kraken (0.25%) and neutral elsewhere.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::spill):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::spill):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueRecovery::displacedInRegisterFile):
+ (JSC::DFG::ValueRecovery::virtualRegister):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+
+2011-10-10 Gavin Barraclough <baraclough@apple.com>
+
+ DFG JIT switch dfgConvert methods to use callOperation
+ https://bugs.webkit.org/show_bug.cgi?id=69806
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ * dfg/DFGOperations.h:
+
+2011-10-10 Gavin Barraclough <baraclough@apple.com>
+
+ Remove some unused methods from the DFG JIT.
+
+ Rubber stamped by Oliver Hunt
+
+ Thee methods were only used by the non-speculative JIT, and can be removed.
+
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ * dfg/DFGJITCodeGenerator64.cpp:
+ - removed:
+ nonSpeculativeAdd
+ nonSpeculativeArithSub
+ nonSpeculativeArithMod
+ nonSpeculativeCheckHasInstance
+ nonSpeculativeInstanceOf
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - removed:
+ operationArithMod
+ operationInstanceOf
+ operationThrowHasInstanceError
+
+2011-10-10 Gavin Barraclough <baraclough@apple.com>
+
+ Switch most calls in DFGJITCodeGenerator to use callOperation.
+ https://bugs.webkit.org/show_bug.cgi?id=69802
+
+ Reviewed by Oliver Hunt.
+
+ Compares, add, mod are the easy cases.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+
+2011-10-10 Gavin Barraclough <baraclough@apple.com>
+
+ DFG: Switch GetById / PutById to use callOperation
+ https://bugs.webkit.org/show_bug.cgi?id=69795
+
+ Reviewed by Oliver Hunt.
+
+ Also make the take base as a cell, so 32_64 doesn't have to set up the cell tag.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::appropriatePutByIdFunction):
+
+2011-10-10 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs
+ https://bugs.webkit.org/show_bug.cgi?id=69412
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+
+2011-10-10 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getCallDataVirtual methods
+ https://bugs.webkit.org/show_bug.cgi?id=69186
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all getCallDataVirtual methods and replaced their call sites
+ with an explicit lookup in the MethodTable.
+
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ (JSObjectIsFunction):
+ (JSObjectCallAsFunction):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+
+ Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
+ the class definition in JSGlobalObject.cpp.
+ * runtime/Error.cpp:
+ (JSC::createTypeErrorFunction):
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ (JSC::StrictModeTypeErrorFunction::create):
+ (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getConstructData):
+ (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ (JSC::StrictModeTypeErrorFunction::createStructure):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+ To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
+ to declare their own ClassInfo if they don't override getCallData, provided
+ an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
+ functionality as of the pure virtual method InternalFunction used to have.
+ Also made this new implementation protected rather than private for the same reason.
+ Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
+ object is being created provides their own implementation of getCallData. This
+ just makes execution fail earlier in a place where the source of the error is
+ easy to trace. These ASSERTs are better than putting a null in the MethodTable because
+ they appear much more intentional to anybody who fails to provide their own
+ implementation or who tries to explicitly call InternalFunction::getCallData.
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::finishCreation):
+ (JSC::InternalFunction::getCallData):
+ * runtime/InternalFunction.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+
+ Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
+ it to be reused rather than creating a new Structure every time we instantiate it.
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/JSObject.h:
+ (JSC::getCallData):
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectType):
+ (JSC::jsIsFunctionType):
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+ * runtime/Structure.h:
+
+2011-10-10 Gavin Barraclough <barraclough@apple.com>
+
+ Switch last calls from DFGSpeculativeJIT to use callOperation.
+ https://bugs.webkit.org/show_bug.cgi?id=69780
+
+ Reviewed by Oliver Hunt.
+
+ Also, rename type in operations for booleans from Z to B, since Z is the mathematical symbol for integers.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * wtf/Platform.h:
+
+2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - bug fix for V8 benchmark cases "crypto" and "raytrace"
+ https://bugs.webkit.org/show_bug.cgi?id=69748
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetMethod):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+
+2011-10-10 Adam Roben <aroben@apple.com>
+
+ Build fix
+
+ * wtf/MainThread.h: Pull in Platform.h since this file uses PLATFORM() macros.
+
+2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - Bug fix for BranchNull
+ https://bugs.webkit.org/show_bug.cgi?id=69743
+
+ Reviewed by Darin Adler.
+
+ This fixes the error in access-binary-trees. All SunSpider cases passed.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+
+2011-10-07 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT: callOperation should return the Call.
+ https://bugs.webkit.org/show_bug.cgi?id=69682
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ (JSC::DFG::appendCallWithExceptionCheckSetResult):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::appendCall):
+ * wtf/Platform.h:
+
+2011-10-10 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r97045.
+ http://trac.webkit.org/changeset/97045
+ https://bugs.webkit.org/show_bug.cgi?id=69746
+
+ makes apple bots very crashy :( (Requested by kling on
+ #webkit).
+
+ * config.h:
+
+2011-10-10 Andreas Kling <kling@webkit.org>
+
+ Shrink BorderValue.
+ https://bugs.webkit.org/show_bug.cgi?id=69521
+
+ Reviewed by Antti Koivisto.
+
+ * config.h: Touch to force full rebuild.
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Improve Null or Undefined test in 32_64 DFG
+ https://bugs.webkit.org/show_bug.cgi?id=69734
+
+ Reviewed by Darin Adler.
+
+ Currently Null or Undefined value test in 32_64 DFG will check
+ Null and Undefined tag separately and introduce one more branch.
+ It can be improved in the way how the baseline JIT is doing - by
+ relying on the fact that "UndefinedTag + 1 == NullTag and NullTag & 1".
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - Bug fix for ConvertThis
+ https://bugs.webkit.org/show_bug.cgi?id=69721
+
+ Reviewed by Darin Adler.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove unused callOperation code of DFG JIT on X86
+ https://bugs.webkit.org/show_bug.cgi?id=69722
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - fillJSValue with a pair of GPRs should not set the registerFormat to be DataFormatJSDouble
+ https://bugs.webkit.org/show_bug.cgi?id=69720
+
+ Reviewed by Filip Pizlo.
+
+ In JSVALUE32_64 DFG, DataFormatJSDouble is assumed to be represented by
+ a FPR and will be used for further optimizations, though we currently
+ don't fully utilize it. For now when filling a JS value which was
+ spilled as a JSDouble with a pair of GPRs, we'll set the registerFormat
+ to DataFormatJS to avoid compilation errors.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+
+2011-10-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not always speculate that a ByVal access has an integer index
+ https://bugs.webkit.org/show_bug.cgi?id=69716
+
+ Reviewed by Oliver Hunt.
+
+ 1% win on SunSpider, neutral elsewhere.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGNode.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::byValHasIntBase):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix value profiling in 32_64 JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69717
+
+ Reviewed by Filip Pizlo.
+
+ Current value profiling for 32_64 JIT is broken and cannot record
+ correct predicated types, which results in many speculation failures
+ in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations
+ again and again.
+ With this fix 32_64 DFG JIT can demonstrate real performance gains.
+
+ * bytecode/ValueProfile.cpp:
+ (JSC::ValueProfile::computeStatistics):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::classInfo):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::isLive):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfBooleans):
+ (JSC::ValueProfile::dump):
+ Empty value check should be performed on decoded JSValue,
+ as for 32_64 empty value is not identical to encoded 0.
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::callWithValueProfiling):
+ Record the right profiling result for 32_64.
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove 32 bit restrictions in DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69711
+
+ Reviewed by Filip Pizlo.
+
+ op_call/op_construct support was disabled for 32 bit DFG JIT because
+ there was regression in javascriptcore tests. Now the bugs are fixed
+ and there should be no regression. This makes 32 bit DFG have the same
+ capability as 64 bit DFG, and improves the coverage.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+
+2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::getConstructData
+ https://bugs.webkit.org/show_bug.cgi?id=69673
+
+ Reviewed by Geoffrey Garen.
+
+ Added static version of getConstructData to all classes that
+ override it and changed the virtual versions to call the static
+ versions. This is the first step in de-virtualizing JSCell::getConstructData.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::getConstructData):
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getConstructData):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getConstructData):
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::getConstructData):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getConstructData):
+ * runtime/DateConstructor.h:
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::getConstructData):
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::getConstructData):
+ * runtime/FunctionConstructor.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getConstructData):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getConstructData):
+ * runtime/JSFunction.h:
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::getConstructData):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getConstructData):
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getConstructData):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getConstructData):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getConstructData):
+ * runtime/StringConstructor.h:
+
+2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::getOwnPropertySlot
+ https://bugs.webkit.org/show_bug.cgi?id=69593
+
+ Reviewed by Geoffrey Garen.
+
+ Added static version of getOwnPropertySlot to every class that overrides
+ JSCell::getOwnPropertySlot. The virtual versions now call the static versions.
+ This is the first step in de-virtualizing JSCell::getOwnPropertySlot.
+
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlot):
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getOwnPropertySlot):
+ * runtime/DateConstructor.h:
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertySlot):
+ * runtime/DatePrototype.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ * runtime/ErrorPrototype.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::getOwnPropertySlot):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlot):
+ * runtime/JSArray.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::getOwnPropertySlot):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertySlot):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlot):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertySlot):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::getOwnPropertySlot):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertySlot):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getOwnPropertySlot):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::getOwnPropertySlot):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlot):
+ * runtime/JSString.h:
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertySlot):
+ * runtime/MathObject.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getOwnPropertySlot):
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getOwnPropertySlot):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlot):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::getOwnPropertySlot):
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getOwnPropertySlot):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlot):
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertySlot):
+ * runtime/StringPrototype.h:
+
+2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - GetLocal should produce a cell result for Array predictions
+ https://bugs.webkit.org/show_bug.cgi?id=69699
+
+ Reviewed by Filip Pizlo.
+
+ It should match SetLocal where only payload is stored for array predictions.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot
+ https://bugs.webkit.org/show_bug.cgi?id=69702
+
+ Reviewed by Filip Pizlo.
+
+ There are some errors in generating code for Branch and LogicalNot,
+ when the operand is predicted as ObjectOrOther.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+
+2011-10-08 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96996.
+ http://trac.webkit.org/changeset/96996
+ https://bugs.webkit.org/show_bug.cgi?id=69697
+
+ It broke all tests on the Qt bot (Requested by Ossy_night on
+ #webkit).
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::getCallDataVirtual):
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getCallDataVirtual):
+ * API/JSObjectRef.cpp:
+ (JSObjectIsFunction):
+ (JSObjectCallAsFunction):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getCallDataVirtual):
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::getCallDataVirtual):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getCallDataVirtual):
+ * runtime/DateConstructor.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ (JSC::StrictModeTypeErrorFunction::create):
+ (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getConstructData):
+ (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ (JSC::StrictModeTypeErrorFunction::createStructure):
+ (JSC::createTypeErrorFunction):
+ * runtime/Error.h:
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::getCallDataVirtual):
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::getCallDataVirtual):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::getCallDataVirtual):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::finishCreation):
+ * runtime/InternalFunction.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getCallDataVirtual):
+ * runtime/JSCell.h:
+ (JSC::getCallData):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getCallDataVirtual):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/JSObject.h:
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::getCallDataVirtual):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getCallDataVirtual):
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getCallDataVirtual):
+ * runtime/ObjectConstructor.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectType):
+ (JSC::jsIsFunctionType):
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getCallDataVirtual):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getCallDataVirtual):
+ * runtime/StringConstructor.h:
+ * runtime/Structure.h:
+
+2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT - only Array predictions can result in unboxed cells in register file
+ https://bugs.webkit.org/show_bug.cgi?id=69695
+
+ Reviewed by Filip Pizlo.
+
+ In current DFG JIT, only array predictions can result in unboxed cells
+ in register file, not for the other cell predictions.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+
+2011-10-07 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ bug fixes for ArrayPush and ArrayPop in 32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69696
+
+ Reviewed by Filip Pizlo.
+
+ On 32-bit, we should use TimesEight (8) instead of ScalePtr (4)
+ to compute the address of a JS array element.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::deleteProperty
+ https://bugs.webkit.org/show_bug.cgi?id=69659
+
+ Reviewed by Geoffrey Garen.
+
+ Added static version of both versions of put to all classes that
+ override them and changed the virtual versions to call the static
+ versions. This is the first step in de-virtualizing JSCell::deleteProperty.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::deleteProperty):
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::deleteProperty):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::deleteProperty):
+ * runtime/Arguments.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::deleteProperty):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::deleteProperty):
+ * runtime/JSArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::deleteProperty):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::deleteProperty):
+ * runtime/JSFunction.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::deleteProperty):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deleteProperty):
+ * runtime/JSObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::deleteProperty):
+ * runtime/JSVariableObject.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::deleteProperty):
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::deleteProperty):
+ * runtime/StrictEvalActivation.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::deleteProperty):
+ * runtime/StringObject.h:
+
+2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getCallDataVirtual methods
+ https://bugs.webkit.org/show_bug.cgi?id=69186
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all getCallDataVirtual methods and replaced their call sites
+ with an explicit lookup in the MethodTable.
+
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ (JSObjectIsFunction):
+ (JSObjectCallAsFunction):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+ * runtime/Error.cpp:
+ (JSC::createTypeErrorFunction):
+
+ Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
+ the class definition in JSGlobalObject.cpp.
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ (JSC::StrictModeTypeErrorFunction::create):
+ (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getConstructData):
+ (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ (JSC::StrictModeTypeErrorFunction::createStructure):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+ To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
+ to declare their own ClassInfo if they don't override getCallData, provided
+ an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
+ functionality as of the pure virtual method InternalFunction used to have.
+ Also made this new implementation protected rather than private for the same reason.
+ Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
+ object is being created provides their own implementation of getCallData. This
+ just makes execution fail earlier in a place where the source of the error is
+ easy to trace. These ASSERTs are better than putting a null in the MethodTable because
+ they appear much more intentional to anybody who fails to provide their own
+ implementation or who tries to explicitly call InternalFunction::getCallData.
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::finishCreation):
+ (JSC::InternalFunction::getCallData):
+ * runtime/InternalFunction.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+
+ Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
+ it to be reused rather than creating a new Structure every time we instantiate it.
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/JSObject.h:
+ (JSC::getCallData):
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectType):
+ (JSC::jsIsFunctionType):
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+ * runtime/Structure.h:
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Add missing break statement.
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Support some string intrinsics in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69678
+
+ Reviewed by Gavin Barraclough.
+
+ Add support for charAt and charCodeAt intrinsics in the DFG.
+
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGIntrinsic.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::put
+ https://bugs.webkit.org/show_bug.cgi?id=69382
+
+ Reviewed by Geoffrey Garen.
+
+ Added static version of both versions of put to all classes that
+ override them and changed the virtual versions to call the static
+ versions.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::put):
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::put):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::put):
+ * runtime/Arguments.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::put):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::put):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::put):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::put):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::put):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::put):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/JSObject.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::put):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::put):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::put):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::put):
+ * runtime/RegExpObject.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::put):
+ * runtime/StringObject.h:
+
+2011-10-07 Gavin Barraclough <barraclough@apple.com>
+
+ Refactor DFG to make for use of callOperation
+ https://bugs.webkit.org/show_bug.cgi?id=69672
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ - Added new callOperation calls, don't ASSERT flushed (use helpers for unexpected calls, too).
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - Switch operationNewObject/operationCreateThis to return Cells,
+ - Added C_DFGOperation_E/C_DFGOperation_EC/J_DFGOperation_EA/J_DFGOperation_EJA call types.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Replace code plating calls to operations to with calls to callOperation.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Replace code plating calls to operations to with calls to callOperation.
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Support string indexing in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=69671
+
+ Reviewed by Gavin Barraclough.
+
+ Emit code to support inline indexing of strings
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ Shared code to perform string indexing.
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ Use compileGetByValOnString if we predict that the base object
+ is a string in GetByVal.
+ * runtime/JSString.h:
+ (JSC::JSString::offsetOfFiberCount):
+ (JSC::JSString::offsetOfValue):
+
+2011-10-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ConvertThis speculation logic is wrong
+ https://bugs.webkit.org/show_bug.cgi?id=69663
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Verify that our call speculation is valid.
+
+ Reviewed by Filip Pizlo.
+
+ Before specialising an intrinsic we need to verify that
+ we our speculation is correct.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
+2011-10-07 Brent Fulgham <bfulgham@webkit.org>
+
+ [WinCairo] Unreviewed build correction for the build bot.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln: Add the missing
+ Release_Cairo_CFLite and Debug_Cairo_CFLite targets so that
+ build-jsc can find the target it needs to run the JSC tests.
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Fix 32-bit build.
+
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Support direct calls to intrinsic functions
+ https://bugs.webkit.org/show_bug.cgi?id=69646
+
+ Reviewed by Gavin Barraclough.
+
+ Add support for optimising non-method_check calls
+ to intrinsic functions (eg. when Math.abs, etc are
+ cached in local variables).
+
+ * bytecode/CodeBlock.h:
+ (JSC::getCallLinkInfoBytecodeIndex):
+ Support searching CallLinkInfos by bytecode index
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ Add support for linked calls in addition to method_check
+ when searching for intrinsics
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasFunctionCheckData):
+ (JSC::DFG::Node::function):
+ Add ability to store a JSFunction* in a node - this is safe
+ as the function will be marked by the codeblock we're compiling
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::checkFunctionElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ Add support for new CheckFunction node, and implement CSE pass.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ Rather trivial implementation of CheckFunction
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+ Need to propagate bytecode index for calls now.
+
+2011-10-07 Dominic Cooney <dominicc@chromium.org>
+
+ [JSC] Disable ThreadRestrictionVerifier for JIT ExecutableMemoryHandles
+ https://bugs.webkit.org/show_bug.cgi?id=69599
+
+ Reviewed by Sam Weinig.
+
+ DFG JIT manipulates MetaAllocatorHandles across threads, eg in
+ allocating JITCode buffers on a background thread to execute a
+ proxy autoconfiguration PAC file but garbage collecting it in
+ response to allocation on the main thread. Disabling
+ ThreadRestrictionVerification until there is a verification scheme
+ that understands this handoff.
+
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocator::allocate):
+
+2011-10-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not always speculate that ConvertThis is operating on an object
+ https://bugs.webkit.org/show_bug.cgi?id=69570
+
+ Reviewed by Oliver Hunt.
+
+ Mostly neutral, but with a slight regression in Kraken since it increases
+ coverage in DFG and thus reveals some performance pathologies (which I
+ prefer to think of as performance opportunities, in a good way).
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ (JSC::isOtherPrediction):
+ (JSC::mergePredictions):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Windows build fix
+
+ Unreviewed build fix. Weird runtime failures on Windows due to
+ linking issues caused by the ClassInfo struct in JSByteArray not
+ being declared with JS_EXPORTDATA.
+
+ * runtime/JSByteArray.h:
+
+2011-10-06 Filip Pizlo <fpizlo@apple.com>
+
+ Structure does not reset m_previous when pinning the property map
+ https://bugs.webkit.org/show_bug.cgi?id=69583
+
+ Reviewed by Gavin Barraclough.
+
+ This is an 0.6% performance improvement in V8, and 0.2% overall.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::pin):
+ * runtime/Structure.h:
+
+2011-10-06 Anders Carlsson <andersca@apple.com>
+
+ When building with clang, enable -Wglobal-constructors and -Wexit-time-destructors
+ https://bugs.webkit.org/show_bug.cgi?id=69586
+
+ Reviewed by Darin Adler.
+
+ * Configurations/Base.xcconfig:
+ Add -Wglobal-constructors and -Wexit-time-destructors when building with clang.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ When building with clang, we don't need to run the check-for-global-initializers and
+ check-for-exit-time-destructors anymore.
+
+ * jsc.cpp:
+ (runInteractive):
+ Move interpreterName into runInteractive.
+
+ * wtf/StdLibExtras.h:
+ When building with clang, disable the -Wglobal-constructors and -Wexit-time-destructors
+ warnings around the variable declaration.
+
+2011-10-06 Anders Carlsson <andersca@apple.com>
+
+ Add DEFINE_DEBUG_ONLY_GLOBAL for globals that should be defined in debug builds
+ https://bugs.webkit.org/show_bug.cgi?id=69584
+
+ Reviewed by Darin Adler.
+
+ Add DEFINE_DEBUG_ONLY_GLOBAL macro.
+
+ * wtf/StdLibExtras.h:
+
+2011-10-06 Oliver Hunt <oliver@apple.com>
+
+ Write barrier shouldn't allocate temporaries inside control flow
+ https://bugs.webkit.org/show_bug.cgi?id=69582
+
+ Reviewed by Gavin Barraclough.
+
+ Reorder the code to avoid spill-related badness.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+
+2011-10-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::shouldSpeculate methods are too complicated
+ https://bugs.webkit.org/show_bug.cgi?id=69560
+
+ Reviewed by Geoffrey Garen.
+
+ Moved shouldSpeculate methods to DFG::Node, and cleaned them up to
+ just use node predictions.
+
+ By itself this would have meant that SpeculativeJIT code would have
+ had to say things like m_jit.graph()[nodeIndex].shouldSpeculateXYZ().
+ So this adds an at(NodeIndex) method to JITCodeGenerator. I replaced
+ all uses of the m_jit.graph()[nodeIndex] idiom with at(nodeIndex).
+
+ This is an 0.4% progression overall that shows up in all benchmarks,
+ for reasons unknown.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::at):
+ (JSC::DFG::JITCodeGenerator::canReuse):
+ (JSC::DFG::JITCodeGenerator::isFilled):
+ (JSC::DFG::JITCodeGenerator::isFilledDouble):
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::detectPeepHoleBranch):
+ (JSC::DFG::integerResult):
+ (JSC::DFG::noResult):
+ (JSC::DFG::cellResult):
+ (JSC::DFG::jsValueResult):
+ (JSC::DFG::storageResult):
+ (JSC::DFG::doubleResult):
+ (JSC::DFG::initConstantInfo):
+ (JSC::DFG::appendCallWithExceptionCheck):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInteger):
+ (JSC::DFG::Node::shouldSpeculateDouble):
+ (JSC::DFG::Node::shouldSpeculateNumber):
+ (JSC::DFG::Node::shouldNotSpeculateInteger):
+ (JSC::DFG::Node::shouldSpeculateFinalObject):
+ (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther):
+ (JSC::DFG::Node::shouldSpeculateArray):
+ (JSC::DFG::Node::shouldSpeculateArrayOrOther):
+ (JSC::DFG::Node::shouldSpeculateObject):
+ (JSC::DFG::Node::shouldSpeculateCell):
+ (JSC::DFG::Node::canSpeculateInteger):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownArray):
+ (JSC::DFG::SpeculativeJIT::isKnownString):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-06 Gavin Peters <gavinp@chromium.org>
+
+ REGRESSION (r96595): First frame in assertion backtraces is no longer labeled "1"
+ https://bugs.webkit.org/show_bug.cgi?id=69556
+
+ Reviewed by Adam Roben.
+
+ * wtf/Assertions.cpp:
+
+2011-10-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG implementation of UInt32ToNumber is missing a break statement
+ https://bugs.webkit.org/show_bug.cgi?id=69552
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-06 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed build fix for DFG JIT 32_64 release builds.
+
+ * dfg/DFGJITCompiler.cpp:
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGJITCompiler32_64.cpp:
+ - Remove three unused methods.
+
+2011-10-06 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT 32_64 should check type of values being filled by fillSpeculateInt
+ https://bugs.webkit.org/show_bug.cgi?id=69549
+
+ Reviewed by Oliver Hunt.
+
+ This breaks sunspider/3d-cube.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ - Speculation check on the tag.
+
+2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Snow Leopard build fix
+
+ Unreviewed build fix
+
+ * JavaScriptCore.exp:
+
+2011-10-05 Gavin Barraclough <barraclough@apple.com>
+
+ Add explicit JSGlobalThis type.
+ https://bugs.webkit.org/show_bug.cgi?id=69478
+
+ Reviewed by Darin Adler.
+
+ JSC supports a split global object, as used by WebCore for the Window. As a stage
+ of making this visible to JSC, make it so that if the global this value is not the
+ global object itself, it must be a subclass of JSGlobalThis.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::finishCreation):
+ - Don't pass the thisValue to JSGlobalObject::finishCreation.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Added JSGlobalThis.h
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ - Don't pass the thisValue to JSGlobalObject::finishCreation.
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ (JSC::JSGlobalObject::finishCreation):
+ - finishCreation takes a JSGlobalThis, or thisValue is implicit.
+ * runtime/JSGlobalThis.h: Added.
+ (JSC::JSGlobalThis::create):
+ (JSC::JSGlobalThis::JSGlobalThis):
+ (JSC::JSGlobalThis::finishCreation):
+ - Thin wrapper on JSNonFinalObject to allow type checking.
+ * testRegExp.cpp:
+ (GlobalObject::finishCreation):
+ - Don't pass the thisValue to JSGlobalObject::finishCreation.
+
+2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSC objects need to know their own cell size at runtime.
+ https://bugs.webkit.org/show_bug.cgi?id=69390
+
+ Reviewed by Geoffrey Garen.
+
+ Added the cellSize field to ClassInfo and the static calculation of
+ size of each class to the CREATE_METHOD_TABLE macro, which will be
+ renamed in a followup patch to make its name match its broader use.
+
+ Also added a few ClassInfo structs so that each object that is allocated has its
+ correct size.
+
+ * JavaScriptCore.exp:
+ * runtime/ClassInfo.h:
+
+ Changed JSByteArray s_defaultInfo to s_info so that the template will get the
+ correct ClassInfo struct from it when it's allocated.
+ * runtime/JSByteArray.cpp:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.h:
+ (JSC::allocateCell):
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSObject.h:
+ (JSC::JSCell::cellSize):
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/StrictEvalActivation.cpp:
+ * runtime/StrictEvalActivation.h:
+
+2011-10-06 Gavin Peters <gavinp@chromium.org>
+
+ export new stack dumping method
+ https://bugs.webkit.org/show_bug.cgi?id=69018
+
+ The original landing of bug 69018 didn't export WTFGetBacktrace, so that when bug 69453 landed, the first use
+ of this function, many builds broke. So here we add the exports, so that the function is usable.
+
+ Reviewed by Adam Roben.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-06 Csaba Osztrogonác <ossy@webkit.org>
+
+ REGRESSION(r96347): Build is broken with MSVC compiler if !PLATFORM(WINDOWS)
+ https://bugs.webkit.org/show_bug.cgi?id=69413
+
+ Reviewed by Darin Adler.
+
+ * assembler/MacroAssemblerCodeRef.h: Define STDCALL for MSVC in a proper way.
+
+2011-10-05 Filip Pizlo <fpizlo@apple.com>
+
+ SpeculativeJIT::isKnownString() is wrong
+ https://bugs.webkit.org/show_bug.cgi?id=69501
+
+ Reviewed by Oliver Hunt.
+
+ Removed the wrong case (GetLocal predicted String) and added a case that
+ works (StrCat).
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isKnownString):
+
+2011-10-05 Ryosuke Niwa <rniwa@webkit.org>
+
+ Windows build fix attempt after r96760.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-05 Chris Rogers <crogers@google.com>
+
+ Define a log2f() function for Windows in wtf/MathExtras.h
+ https://bugs.webkit.org/show_bug.cgi?id=69491
+
+ Reviewed by Darin Adler.
+
+ * wtf/MathExtras.h:
+ (log2f):
+
+2011-10-05 Jer Noble <jer.noble@apple.com>
+
+ Enable WEB_AUDIO by default in the WebKit/mac port.
+ https://bugs.webkit.org/show_bug.cgi?id=68587
+
+ Reviewed by Simon Fraser.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-10-05 Filip Pizlo <fpizlo@apple.com>
+
+ Assertion hit in JSC::DFG::SpeculativeJIT::compile on SL bots
+ https://bugs.webkit.org/show_bug.cgi?id=69346
+
+ Reviewed by Oliver Hunt.
+
+ Removed the assertion, since it was completely wrong for op_post_inc.
+ Short of having specialized PostInc nodes in the DFG, there is no
+ robust way of asserting what this assertion was trying to assert while
+ also supporting op_post_inc.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-05 Geoffrey Garen <ggaren@apple.com>
+
+ Added a simpler mechanism for registering one-off finalizers
+ https://bugs.webkit.org/show_bug.cgi?id=69466
+
+ Reviewed by Oliver Hunt.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::addFinalizer):
+ (JSC::Heap::FinalizerOwner::finalize):
+ * heap/Heap.h: New function for adding an arbitrary finalizer for an
+ arbitrary cell without declaring any special classes or Handles yourself.
+
+ * JavaScriptCore.exp: Fix build.
+
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::clearCode):
+ (JSC::ExecutableBase::clearCodeVirtual):
+ (JSC::EvalExecutable::clearCodeVirtual):
+ (JSC::ProgramExecutable::clearCodeVirtual):
+ (JSC::FunctionExecutable::discardCode):
+ (JSC::FunctionExecutable::clearCodeVirtual):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::finishCreation): Use the new mechanism for eager
+ finalization of executables.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::clearRareData):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::createRareDataIfNeeded):
+ (JSC::JSGlobalObject::registerWeakMap): Use the new mechanism for eager
+ finalization of weak maps.
+
+2011-10-05 Adam Roben <aroben@apple.com>
+
+ Ensure RetainPtr::hashTableDeletedValue returns a pointer, not a pointer to a pointer
+
+ RetainPtr's behavior of allowing the template parameter to be either a pointer type or a
+ pointed-to type confused us when we implemented hashTableDeletedValue.
+
+ Fixes <http://webkit.org/b/69414> <rdar://problem/10236833> Using RetainPtr as the key type
+ in HashMap/HashSet fails to compile
+
+ Reviewed by John Sullivan.
+
+ * wtf/RetainPtr.h:
+ (WTF::RetainPtr::hashTableDeletedValue): Changed to use the PtrType typedef rather than T*,
+ since T might itself be a pointer.
+
+ (WTF::PtrHash<RetainPtr<P> >): Updated this to use PtrType everywhere, even though T* didn't
+ seem to be causing a problem.
+
+2011-10-05 Oliver Hunt <oliver@apple.com>
+
+ Remove last vestiges of anonymous storage.
+
+ Reviewed by Gavin Barraclough.
+
+ One anonymous storage function escaped my prior purge of
+ this feature, this patch removes it.
+
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::finishCreation):
+ * runtime/JSObject.h:
+
+2011-10-04 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should be capable of a broader range of speculations on branch and not
+ https://bugs.webkit.org/show_bug.cgi?id=69322
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/PredictedType.h:
+ (JSC::isFinalObjectOrOtherPrediction):
+ (JSC::isArrayOrOtherPrediction):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObjectOrOther):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateArrayOrOther):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+
+2011-10-05 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96733.
+ http://trac.webkit.org/changeset/96733
+ https://bugs.webkit.org/show_bug.cgi?id=69454
+
+ Broke GCC for some reason (Requested by andersca on #webkit).
+
+ * wtf/ListHashSet.h:
+ (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
+ (WTF::ListHashSetReverseIterator::get):
+ (WTF::ListHashSetReverseIterator::operator*):
+ (WTF::ListHashSetReverseIterator::operator->):
+ (WTF::ListHashSetReverseIterator::operator++):
+ (WTF::ListHashSetReverseIterator::operator--):
+ (WTF::ListHashSetReverseIterator::operator==):
+ (WTF::ListHashSetReverseIterator::operator!=):
+ (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
+ (WTF::ListHashSetReverseIterator::node):
+ (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
+ (WTF::ListHashSetConstReverseIterator::get):
+ (WTF::ListHashSetConstReverseIterator::operator*):
+ (WTF::ListHashSetConstReverseIterator::operator->):
+ (WTF::ListHashSetConstReverseIterator::operator++):
+ (WTF::ListHashSetConstReverseIterator::operator--):
+ (WTF::ListHashSetConstReverseIterator::operator==):
+ (WTF::ListHashSetConstReverseIterator::operator!=):
+ (WTF::ListHashSetConstReverseIterator::node):
+ (WTF::::rbegin):
+ (WTF::::rend):
+ (WTF::::makeReverseIterator):
+ (WTF::::makeConstReverseIterator):
+
+2011-10-04 Oliver Hunt <oliver@apple.com>
+
+ Add rudimentary filtering to write barriers
+ https://bugs.webkit.org/show_bug.cgi?id=69392
+
+ Reviewed by Filip Pizlo.
+
+ Add approximate filtering for write barriers based on the
+ target's mark bit. Also add some macros to support dumping
+ GC phase timings.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::markCellCard):
+ * heap/Heap.cpp:
+ (JSC::GCTimer::GCTimerScope::GCTimerScope):
+ (JSC::GCTimer::GCTimerScope::~GCTimerScope):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ Add phase timing information.
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::offsetOfMarks):
+ (JSC::MarkedBlock::gatherDirtyCells):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitWriteBarrier):
+
+2011-10-05 Anders Carlsson <andersca@apple.com>
+
+ Use std::reverse_iterator for ListHashSet reverse iterators
+ https://bugs.webkit.org/show_bug.cgi?id=69446
+
+ Reviewed by Darin Adler.
+
+ * wtf/ListHashSet.h:
+ Use the std::reverse_iterator iterator adaptor for the ListHashSet reverse iterators
+ and get rid of the ListHashSetReverseIterator and ListHashSetConstReverseIterator classes.
+
+2011-10-04 Gavin Barraclough <barraclough@apple.com>
+
+ Make Object.prototype getter/setter methods match ES5 behaviour
+ https://bugs.webkit.org/show_bug.cgi?id=69393
+
+ Reviewed by Sam Weinig.
+
+ The rest of Object.prototype no longer substitute Null/Undefined with the global object,
+ this is old ES3 behaviour. Remove it here too.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncDefineGetter):
+ (JSC::objectProtoFuncDefineSetter):
+ (JSC::objectProtoFuncLookupGetter):
+ (JSC::objectProtoFuncLookupSetter):
+
+2011-10-05 Patrick Gansterer <paroga@webkit.org>
+
+ Get rid of posixThread in MachineStackMarker::Thread
+ https://bugs.webkit.org/show_bug.cgi?id=54836
+
+ Reviewed by Oliver Hunt.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::Thread::Thread):
+ (JSC::getCurrentPlatformThread):
+ (JSC::equalThread):
+ (JSC::MachineThreads::addCurrentThread):
+ (JSC::MachineThreads::removeCurrentThread):
+ (JSC::MachineThreads::gatherConservativeRoots):
+
+2011-10-04 Geoffrey Garen <ggaren@apple.com>
+
+ Removed JSValue::toJSNumber
+ https://bugs.webkit.org/show_bug.cgi?id=69399
+
+ No perf. change.
+
+ toJSNumber() used to provide an implicit fast path for immediate numbers,
+ but those fast paths are all explicit now, so it's just cruft.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+
+2011-10-05 Gavin Peters <gavinp@chromium.org>
+
+ REGRESSION (r96595): WTFReportBacktrace listed as the top frame in all assertion backtraces
+ https://bugs.webkit.org/show_bug.cgi?id=69424
+
+ Skip an extra frame in WTFReportBacktrace. As well, I now don't count skipped frames in maxFrames,
+ so I've updated maxFrames to 31, as with one skipped frame the previous value was effectively
+ 31 reported frames.
+
+ Reviewed by Adam Roben.
+
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+
+2011-10-05 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed WinCE build fix for r96595.
+
+ * wtf/Assertions.cpp:
+ RtlCaptureStackBackTrace() isn't available on WinCE.
+
+2011-10-04 Kent Tamura <tkent@chromium.org>
+
+ Introduce feature flags for incomplete input types
+ https://bugs.webkit.org/show_bug.cgi?id=68971
+
+ Reviewed by Hajime Morita.
+
+ * Configurations/FeatureDefines.xcconfig:
+ Add ENABLE_INPUT_TYPE_* flags. They are enabled only for iOS.
+
+2011-10-04 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION): Use an explicit cast when shortening.
+
+2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static ClassInfo structs to classes that override JSCell::getCallData
+ https://bugs.webkit.org/show_bug.cgi?id=69311
+
+ Reviewed by Darin Adler.
+
+ Added ClassInfo structs to each class that defined its own getCallData
+ function but did not already have its own ClassInfo struct. This is a
+ necessary addition for when we switch over to looking up getCallData from
+ the MethodTable in ClassInfo rather than doing the virtual call (which we
+ are removing). These new ClassInfo structs are public because we often
+ use these structs in other areas of the code to uniquely identify JSC classes and
+ to enforce runtime invariants based on those class identities using ASSERTs.
+ Also added new createStructure methods to those classes that didn't have
+ them so that the new ClassInfo structs would be used when creating the Structures
+ in these classes.
+
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ (JSC::BooleanConstructor::createStructure):
+
+ getCallData was not marked as static in StrictModeTypeErrorFunction.
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ (JSC::StrictModeTypeErrorFunction::createStructure):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::createStructure):
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ (JSC::FunctionConstructor::createStructure):
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+2011-10-03 Geoffrey Garen <ggaren@apple.com>
+
+ Some JSValue cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=69320
+
+ Reviewed by Darin Adler.
+
+ No measurable performance change.
+
+ Removed some JSValue::get* functions. get* used to be an optimization
+ when every value operation was a virtual function call: get* would combine
+ two virtual calls into one. Now, with non-virtual, inlined functions, get*
+ isn't faster, and may be slightly slower.
+
+ Merged getBoolean(bool&) and getBoolean() into asBoolean().
+
+ Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
+ asNumber().
+
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::asNumber):
+ (JSC::JSValue::asBoolean): As promised!
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::toThisNumber):
+ (JSC::numberProtoFuncToExponential):
+ (JSC::numberProtoFuncToFixed):
+ (JSC::numberProtoFuncToPrecision):
+ (JSC::numberProtoFuncToString):
+ (JSC::numberProtoFuncToLocaleString):
+ (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
+ by switching to toThisNumber().
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::toNumber):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::internalNumber):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncBind):
+ * runtime/JSArray.cpp:
+ (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
+ getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
+
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h: Nixed getJSNumber().
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncParseInt):
+ * runtime/JSONObject.cpp:
+ (JSC::gap):
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/NumberObject.cpp:
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/Operations.h:
+ (JSC::JSValue::equalSlowCaseInline):
+ (JSC::JSValue::strictEqual):
+ (JSC::jsLess):
+ (JSC::jsLessEq):
+ (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
+ getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
+
+2011-10-04 Scott Graham <scottmg@chromium.org>
+
+ Add GAMEPAD feature flag
+ https://bugs.webkit.org/show_bug.cgi?id=66859
+
+ Reviewed by Darin Fisher.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ JITCodeGenerator should no longer have code that tries too hard
+ to be both speculative and non-speculative
+ https://bugs.webkit.org/show_bug.cgi?id=69321
+
+ Reviewed by Gavin Barraclough.
+
+ Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
+ This required moving emitBranch() to SpeculativeJIT, since it was
+ the main user of that field and method. Other than trvial clean-ups
+ in emitBranch(), the code is unchanged (and still has some disparity
+ between 64 and 32_64, and still lacks some obvious optimizations).
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+
+2011-10-04 David Hyatt <hyatt@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=69372
+
+ [CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
+
+ Add support for reverse iteration to ListHashSet to support being able to walk them
+ backwards easily.
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/ListHashSet.h:
+ (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
+ (WTF::ListHashSetReverseIterator::get):
+ (WTF::ListHashSetReverseIterator::operator*):
+ (WTF::ListHashSetReverseIterator::operator->):
+ (WTF::ListHashSetReverseIterator::operator++):
+ (WTF::ListHashSetReverseIterator::operator--):
+ (WTF::ListHashSetReverseIterator::operator==):
+ (WTF::ListHashSetReverseIterator::operator!=):
+ (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
+ (WTF::ListHashSetReverseIterator::node):
+ (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
+ (WTF::ListHashSetConstReverseIterator::get):
+ (WTF::ListHashSetConstReverseIterator::operator*):
+ (WTF::ListHashSetConstReverseIterator::operator->):
+ (WTF::ListHashSetConstReverseIterator::operator++):
+ (WTF::ListHashSetConstReverseIterator::operator--):
+ (WTF::ListHashSetConstReverseIterator::operator==):
+ (WTF::ListHashSetConstReverseIterator::operator!=):
+ (WTF::ListHashSetConstReverseIterator::node):
+ (WTF::::rbegin):
+ (WTF::::rend):
+ (WTF::::makeReverseIterator):
+ (WTF::::makeConstReverseIterator):
+ (WTF::::makeConstIterator):
+
+2011-10-04 Gavin Peters <gavinp@chromium.org>
+
+ fix gtk breakage caused by changeset 96595
+ https://bugs.webkit.org/show_bug.cgi?id=69371
+
+ ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes
+ the pretty printer on gtk, which should fix the build on that platform.
+
+ Reviewed by NOBODY, this is a build fix.
+
+ * wtf/Assertions.cpp:
+
+2011-10-04 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96630.
+ http://trac.webkit.org/changeset/96630
+ https://bugs.webkit.org/show_bug.cgi?id=69368
+
+ Caused assertion failures in validateCell (Requested by
+ mhahnenberg on #webkit).
+
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static ClassInfo structs to classes that override JSCell::getCallData
+ https://bugs.webkit.org/show_bug.cgi?id=69311
+
+ Reviewed by Darin Adler.
+
+ Added ClassInfo structs to each class that defined its own getCallData
+ function but did not already have its own ClassInfo struct. This is a
+ necessary addition for when we switch over to looking up getCallData from
+ the MethodTable in ClassInfo rather than doing the virtual call (which we
+ are removing). These new ClassInfo structs are public because we often
+ use these structs in other areas of the code to uniquely identify JSC classes and
+ to enforce runtime invariants based on those class identities using ASSERTs.
+
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+
+ getCallData was not marked as static is StrictModeTypeErrorFunction.
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+2011-10-04 Ryosuke Niwa <rniwa@webkit.org>
+
+ Leopard build fix after r96613.
+
+ * wtf/Platform.h:
+
+2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Implicitly add toString and valueOf to prototype when convertToType callback is provided
+ https://bugs.webkit.org/show_bug.cgi?id=69156
+
+ Reviewed by Geoffrey Garen.
+
+ Added callbacks for toString and valueOf which are implicitly added to a client object's
+ prototype if they provide a convertToType callback when declaring their class through
+ the JSC API.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::toStringCallback):
+ (JSC::JSCallbackFunction::valueOfCallback):
+ * API/JSCallbackFunction.h:
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ * API/tests/testapi.js:
+
+2011-10-03 Jon Lee <jonlee@apple.com>
+
+ Extend DOM WheelEvent to differentiate between physical and logical scroll directions
+ https://bugs.webkit.org/show_bug.cgi?id=68959
+ <rdar://problem/10036688>
+
+ Reviewed by Sam Weinig.
+
+ * wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later.
+
+2011-10-04 Csaba Osztrogonác <ossy@webkit.org>
+
+ MinGW warning fix after r96286.
+
+ Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h:
+ #define __stdcall __attribute__((stdcall))
+ #define STDCALL __stdcall
+
+ Reviewed by Tor Arne Vestbø.
+
+ * assembler/MacroAssemblerCodeRef.h:
+
+2011-10-04 Gavin Peters <gavinp@chromium.org>
+
+ add more stack dumping methods
+ https://bugs.webkit.org/show_bug.cgi?id=69018
+
+ In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets
+ WebKit programmatically retrieve the current stack. This is useful if you need to add more
+ reporting to field crash report uploads, if you're tracking down an irreproducable bug,
+ for instance.
+
+ Reviewed by Darin Adler.
+
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should inline Array.push and Array.pop
+ https://bugs.webkit.org/show_bug.cgi?id=69314
+
+ Reviewed by Geoff Garen.
+
+ Fix 32-bit.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should inline Array.push and Array.pop
+ https://bugs.webkit.org/show_bug.cgi?id=69314
+
+ Reviewed by Oliver Hunt.
+
+ 1% speed-up in V8 due to 6% speed-up in V8-deltablue.
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::storePtr):
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGIntrinsic.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ JSC ASSERT Opening the Web Inspector
+ https://bugs.webkit.org/show_bug.cgi?id=69293
+
+ Reviewed by Oliver Hunt.
+
+ If a polymorphic access structure list has a duplicated structure, then
+ don't crash.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
+2011-10-03 Gavin Barraclough <barraclough@apple.com>
+
+ On X86, switch bucketCount into a register, timeoutCheck into memory
+ https://bugs.webkit.org/show_bug.cgi?id=69299
+
+ Reviewed by Geoff Garen.
+
+ We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
+ it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
+ but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
+ function too frequently (regressing performance). This patch has no perf impact on sunspider.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::branchAdd32):
+ (JSC::MacroAssemblerX86::branchSub32):
+ - Added branchSub32 with AbsoluteAddress.
+ * jit/JIT.cpp:
+ (JSC::JIT::emitTimeoutCheck):
+ - Keep timeout count in memory on X86.
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ - remove X86 specific code, switch bucket count back into a register.
+ * jit/JITStubs.cpp:
+ - Stop initializing esi (it is no longer the timeoutCheck!)
+ * jit/JSInterfaceJIT.h:
+ - change definition of esi to be the bucketCountRegister.
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ - Add timeoutCount as a property to global data (the counter should be per-thread).
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG backends don't have access to per-node predictions from the propagator
+ https://bugs.webkit.org/show_bug.cgi?id=69291
+
+ Reviewed by Oliver Hunt.
+
+ Nodes now have two notion of predictions: the heap prediction, which is
+ what came directly from value profiling, and the propagator's predictions,
+ which arise out of abstract interpretation. Every node has a propagator
+ prediction, but not every node has a heap prediction; and there is no
+ guarantee that a node that has both will keep them consistent as the
+ propagator may have additional information available to it.
+
+ This is performance neutral.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::getPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasHeapPrediction):
+ (JSC::DFG::Node::getHeapPrediction):
+ (JSC::DFG::Node::predictHeap):
+ (JSC::DFG::Node::prediction):
+ (JSC::DFG::Node::predict):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::setPrediction):
+ (JSC::DFG::Propagator::mergePrediction):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::isPredictedNumerical):
+ (JSC::DFG::Propagator::logicalNotIsPure):
+ (JSC::DFG::Propagator::setReplacement):
+
+2011-10-03 Jer Noble <jer.noble@apple.com>
+
+ Unreviewed, rolling out r96526.
+ http://trac.webkit.org/changeset/96526
+ https://bugs.webkit.org/show_bug.cgi?id=68587
+
+ WEB_AUDIO has numerous 64->32 bit casting warnings, causing
+ build breakages where -Wall is enabled.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-10-03 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed build fix for DFG JIT 32_64.
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should speculate more aggressively on obvious cases on
+ polymorphic get_by_id
+ https://bugs.webkit.org/show_bug.cgi?id=69235
+
+ Reviewed by Oliver Hunt.
+
+ This implements trivial polymorphic get_by_id. It also fixes
+ problems in the CSE for CheckStructure in the put_by_id
+ transition case.
+
+ Doing this required knowing whether a polymorphic get_by_id stub
+ was doing a direct access rather than a call of some kind.
+
+ Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
+ scaled mean of all benchmarks.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::addStructureSet):
+ (JSC::DFG::Graph::addStructureTransitionData):
+ * dfg/DFGNode.h:
+ (JSC::DFG::StructureTransitionData::StructureTransitionData):
+ (JSC::DFG::Node::hasStructureTransitionData):
+ (JSC::DFG::Node::structureTransitionData):
+ (JSC::DFG::Node::hasStructureSet):
+ (JSC::DFG::Node::structureSet):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::tryBuildGetByIDProtoList):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStructureSet.h: Added.
+ (JSC::DFG::StructureSet::StructureSet):
+ (JSC::DFG::StructureSet::add):
+ (JSC::DFG::StructureSet::addAll):
+ (JSC::DFG::StructureSet::remove):
+ (JSC::DFG::StructureSet::contains):
+ (JSC::DFG::StructureSet::isSubsetOf):
+ (JSC::DFG::StructureSet::isSupersetOf):
+ (JSC::DFG::StructureSet::size):
+ (JSC::DFG::StructureSet::at):
+ (JSC::DFG::StructureSet::operator[]):
+ (JSC::DFG::StructureSet::last):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::getPolymorphicAccessStructureListSlot):
+
+2011-10-03 Jer Noble <jer.noble@apple.com>
+
+ Enable WEB_AUDIO by default in the WebKit/mac port.
+ https://bugs.webkit.org/show_bug.cgi?id=68587
+
+ Reviewed by Simon Fraser.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-10-03 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Fix make distcheck build
+ https://bugs.webkit.org/show_bug.cgi?id=69243
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am:
+
+2011-10-03 Pierre Rossi <pierre.rossi@gmail.com>
+
+ [Qt] Build fix: Qt::escape is deprecated in Qt5
+ https://bugs.webkit.org/show_bug.cgi?id=69162
+
+ Use QString::toHtmlEscaped in the Qt5 case.
+
+ Reviewed by Andreas Kling.
+
+ * JavaScriptCore.pri:
+ * wtf/qt/UtilsQt.h: Added.
+ (escapeHtml):
+ * wtf/wtf.pri:
+
+2011-10-03 Balazs Kelemen <kbalazs@webkit.org>
+
+ libdispatch based ParallelJobs is not enough parallel
+ https://bugs.webkit.org/show_bug.cgi?id=66378
+
+ Reviewed by Zoltan Herczeg.
+
+ Use the appropriate libdispatch API for our use case.
+ Throw away the hard coded limit of parallel threads
+ and use dispatch_apply with the default priority normal
+ queue istead of using our own custom serial queue (which
+ was a misuse of the API). Enabling PARALLEL_JOBS is now
+ a 60% win (2.63x as fast) on the methanol benchmark
+ (https://gitorious.org/methanol) with an SVG centric test set
+ while the old implementation was almost identical (less than 5% win).
+
+ * wtf/ParallelJobsLibdispatch.h:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+
+2011-10-02 Zoltan Herczeg <zherczeg@webkit.org>
+
+ [Qt]REGRESSION(r95912): It made sputnik tests flakey
+ https://bugs.webkit.org/show_bug.cgi?id=68990
+
+ Reviewed by Geoffrey Garen.
+
+ Changing signed char to int in r96354 solved the
+ problem. However transitionCount still returns
+ with a signed char and should be changed to int.
+
+ * runtime/Structure.h:
+ (JSC::Structure::transitionCount):
+
+2011-10-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG misses some obvious opportunities for common subexpression elimination
+ https://bugs.webkit.org/show_bug.cgi?id=69233
+
+ Reviewed by Oliver Hunt.
+
+ 0.7% speed-up on SunSpider.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+
+2011-10-02 Gavin Barraclough <barraclough@apple.com>
+
+ Bug 67455 - Different regular expression result
+
+ Reviewed by Darin Adler.
+
+ Fix a regression introduced in r72140. A return was added to the backtracking loop for
+ backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration.
+ This is incorrect. The additional return should only trigger to force an early return if
+ an error has occured.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::matchParentheses):
+ - Simplify some nested if else logic.
+ (JSC::Yarr::Interpreter::backtrackParentheses):
+ - Simplify some nested if else logic.
+ - Only return early from backtrackParentheses on success/error, not on failure.
+
+2011-10-01 Geoffrey Garen <ggaren@apple.com>
+
+ Removed redundant helper functions for allocating Strong handles
+ https://bugs.webkit.org/show_bug.cgi?id=69218
+
+ Reviewed by Sam Weinig.
+
+ * heap/Heap.h:
+ (JSC::Heap::handleHeap):
+ * runtime/JSGlobalData.h: Removed these helper functions, since they
+ just created indirection.
+
+ * heap/StrongInlines.h: Added. Broke out a header for inline functions
+ to resolve circular dependencies created by inlining. I'm told this is
+ the future for JavaScriptCore.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init):
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::setSingleTransition):
+ * heap/Local.h:
+ (JSC::::Local):
+ * heap/Strong.h:
+ (JSC::::Strong):
+ (JSC::::set):
+ * heap/Weak.h:
+ (JSC::Weak::Weak):
+ (JSC::Weak::set): Allocate handles directly instead of going through a
+ chain of forwarding functions.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ * runtime/JSGlobalData.cpp:
+ * runtime/LiteralParser.cpp:
+ * runtime/RegExpCache.cpp: Updated for header changes.
+
+2011-09-30 Filip Pizlo <fpizlo@apple.com>
+
+ All of JSC's heuristics should be in one place for easier tuning
+ https://bugs.webkit.org/show_bug.cgi?id=69201
+
+ Reviewed by Oliver Hunt.
+
+ This makes it possible to change tiered compilation heuristics in
+ one place (Heuristics.cpp) without recompiling the whole project.
+
+ It also makes it possible to enable setting heuristics using
+ environment variables. This is off by default. When turned on, it
+ makes tuning the system much easier.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shouldOptimizeNow):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ * runtime/Heuristics.cpp: Added.
+ (JSC::Heuristics::parse):
+ (JSC::Heuristics::setHeuristic):
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h: Added.
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+
+2011-10-01 Oliver Hunt <oliver@apple.com>
+
+ Support string length in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=69215
+
+ Reviewed by Geoff Garen.
+
+ Adds a GetStringLength node to the DFG so that we can support
+ string.length inline.
+
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isKnownString):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSString.h:
+ (JSC::JSString::offsetOfLength):
+
+2011-10-01 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69205
+
+ Reviewed by Gavin Barraclough.
+
+ If there are unboxed integers and cells in register file (e.g. by SetLocal),
+ they must be reboxed before exiting from the speculative DFG JIT execution.
+ This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new
+ ValueRecoveryTechnique (AlreadyInRegisterFileAsCell).
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+ (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
+
+2011-10-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96421.
+ http://trac.webkit.org/changeset/96421
+ https://bugs.webkit.org/show_bug.cgi?id=69206
+
+ It broke Qt-WK2 build (Requested by ossy on #webkit).
+
+ * JavaScriptCore.pri:
+ * wtf/qt/UtilsQt.h: Removed.
+ * wtf/wtf.pri:
+
+2011-09-30 Daniel Bates <dbates@webkit.org>
+
+ Attempt to fix the Apple Windows and WinCairo Debug builds after
+ <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203).
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol
+ ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the
+ corresponding function, JSValue::toStrictThisObject(), was removed.
+
+2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG operation results are not set correctly in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69126
+
+ Reviewed by Gavin Barraclough.
+
+ The setupResults routine has the bug of reversing the source and destination.
+ Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::setupTwoStubArgs):
+ (JSC::DFG::setupResults):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+
+2011-09-30 Gavin Barraclough <barraclough@apple.com>
+
+ Remove toStrictThisObject, toThisString, toThisJSString
+ https://bugs.webkit.org/show_bug.cgi?id=69203
+
+ Rubber stamped by Sam Weinig
+
+ These are no longer used.
+
+ * JavaScriptCore.exp:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSObject.h:
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSValue.h:
+ * runtime/StrictEvalActivation.cpp:
+ * runtime/StrictEvalActivation.h:
+
+2011-09-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does not speculate aggressively enough on put_by_id
+ https://bugs.webkit.org/show_bug.cgi?id=69114
+
+ Reviewed by Oliver Hunt.
+
+ This adds new nodes along with optimizations for those nodes:
+
+ GetPropertyStorage: CheckStructure used to do both the structure
+ check and retrieve the storage pointer. Now CheckStructure just
+ checks the structure, and GetPropertyStorage retrieves the
+ storage pointer.
+
+ PutStructure: Changes the structure, and has the expected store
+ to load optimization with CheckStructure.
+
+ PutByOffset: Directly sets the value. Has store to load
+ optimization with GetByOffset.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasStructure):
+ (JSC::DFG::Node::hasStorageAccessData):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::impureCSE):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::eliminate):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-30 Gavin Barraclough <barraclough@apple.com>
+
+ StringRecursionChecker should not work in terms of EncodedJSValue
+ https://bugs.webkit.org/show_bug.cgi?id=69188
+
+ Reviewed by Oliver Hunt.
+
+ 0 is not the empty value on 32_64.
+ Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ (JSC::arrayProtoFuncJoin):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::errorProtoFuncToString):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncToString):
+ * runtime/StringRecursionChecker.cpp:
+ (JSC::StringRecursionChecker::throwStackOverflowError):
+ (JSC::StringRecursionChecker::emptyString):
+ * runtime/StringRecursionChecker.h:
+ (JSC::StringRecursionChecker::performCheck):
+ (JSC::StringRecursionChecker::earlyReturnValue):
+
+2011-09-30 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT, Branch on integer can always be a 32-bit compare.
+ https://bugs.webkit.org/show_bug.cgi?id=69174
+
+ Reviewed by Sam Weinig.
+
+ if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())),
+ the JSVALUE64 JIT will currently compare all 64bits in the register, but in
+ these cases the DataFormat is always a JS boxed integer. In these cases we
+ can just compare the low 32bits anyway - no need to check the tag.
+ This allows the code to be unified with the JSVALUE32_64 JIT.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-30 Oliver Hunt <oliver@apple.com>
+
+ Need a sensible GGC policy
+
+ Reviewed by Geoff Garen.
+
+ This replaces the existing random collection policy
+ with a deterministic policy based on nursery size.
+
+ * heap/AllocationSpace.cpp:
+ (JSC::AllocationSpace::allocateSlowCase):
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::resetAllocator):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::nurseryWaterMark):
+ (JSC::MarkedSpace::allocate):
+
+2011-09-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG 32-bit support for op_call and op_construct causes
+ run-javascriptcore-tests to fail
+ https://bugs.webkit.org/show_bug.cgi?id=69171
+
+ Reviewed by Gavin Barraclough.
+
+ This fixes one obvious bug that was causing test failures (no
+ support for dummy slow case for op_add in 32_64), and disables
+ op_call and op_construct by default.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_add):
+ (JSC::JIT::emitSlow_op_add):
+
+2011-09-30 Geoffrey Garen <ggaren@apple.com>
+
+ Crash due to out of bounds read/write in MarkedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=69148
+
+ This was a case of being surprised by a poorly aritulcated cell size limit,
+ plus an incorrect ASSERT guarding the cell size limit.
+
+ Reviewed by Oliver Hunt.
+
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::sizeClassFor): Changed heap size ranges to be inclusive,
+ since it makes the ranges easier to understand.
+
+ Bumped up the max cell size to support the use case in this bug. Since the
+ atomSize is much bigger than it used to be, there isn't much accounting
+ cost to handling more size classes.
+
+ Switched to FixedArray, to help catch SizeClass indexing bugs in the future.
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::resetAllocator):
+ (JSC::MarkedSpace::canonicalizeCellLivenessData): Updated for size ranges
+ being inclusive.
+
+2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
+
+ [Qt] Build fix: Qt::escape is deprecated in Qt5
+ https://bugs.webkit.org/show_bug.cgi?id=69162
+
+ Use QString::toHtmlEscaped in the Qt5 case.
+
+ Reviewed by Andreas Kling.
+
+ * JavaScriptCore.pri:
+ * wtf/qt/UtilsQt.h: Added.
+ (escapeHtml):
+ * wtf/wtf.pri:
+
+2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix bug in getHostCallReturnValue of DFG JIT on X86
+ https://bugs.webkit.org/show_bug.cgi?id=69133
+
+ Reviewed by Gavin Barraclough.
+
+ We need to insert the additional argument in the stack slot before
+ return address instead of simply pushing it afterwards.
+ Also getHostCallReturnValue* should be attributed as stdcall
+ to make the stack cleaned up by the callee.
+
+ * dfg/DFGOperations.cpp:
+
+2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
+
+ [Qt] wtf header files are unknown to Qt Creator
+ https://bugs.webkit.org/show_bug.cgi?id=69158
+
+ Adding the HEADERS variable in wtf.pri so that
+ the header files can be accessed easily.
+
+ Reviewed by Andreas Kling.
+
+ * wtf/wtf.pri:
+
+2011-09-30 Gavin Barraclough <barraclough@apple.com>
+
+ Merge some more of DFGSpeculativeJIT 32_64/64
+ https://bugs.webkit.org/show_bug.cgi?id=69164
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ * dfg/DFGJITCodeGenerator64.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileValueAdd):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileValueAdd):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-30 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add getCallData to MethodTable in ClassInfo
+ https://bugs.webkit.org/show_bug.cgi?id=69024
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ Added the getCallData to the MethodTable in the ClassInfo struct.
+ * runtime/ClassInfo.h:
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add op_call/op_constructor support to JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69120
+
+ Reviewed by Gavin Barraclough.
+
+ Improve the coverage of JSVALUE32_64 DFG JIT.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::tagOfCallData):
+ (JSC::DFG::payloadOfCallData):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT - register not unlocked after usage in ArithDiv
+ https://bugs.webkit.org/show_bug.cgi?id=69122
+
+ Reviewed by Geoffrey Garen.
+
+ Some allocated register is not unlocked after the usage in ArithDiv.
+ Also there's a typo in "ENBALE_DFG_CONSISTENTCY_CHECK".
+
+ * dfg/DFGNode.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::toObject
+ https://bugs.webkit.org/show_bug.cgi?id=68937
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ De-virtualized JSCell::toObject and changed its implementation to manually check the
+ cases for JSString and JSObject rather than leaving it up to the virtual method call.
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toObject):
+ * runtime/JSCell.h:
+
+ Removed JSNotAnObject::toObject because the case for JSObject works for it.
+ Also removed JSObject::toObject because it was essentially the identity function,
+ which is not necessary since toObject is no longer virtual.
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSObject.h:
+
+ De-virtualized JSObject::toObject and JSString::toObject.
+ * runtime/JSString.h:
+
+2011-09-29 Gavin Barraclough <barraclough@apple.com>
+
+ Start refactoring DFGSpeculativeJIT
+ https://bugs.webkit.org/show_bug.cgi?id=69112
+
+ Reviewed by Oliver Hunt.
+
+ Again, move JSVALUE64 code into a DFJSpeculativeJIT64.cpp
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::dump):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ * dfg/DFGSpeculativeJIT64.cpp: Copied from Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp.
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-29 Gavin Barraclough <barraclough@apple.com>
+
+ Refactor out trivially duplicated code in DFGJITCodeGenerator.
+ https://bugs.webkit.org/show_bug.cgi?id=69109
+
+ Reviewed by Oliver Hunt.
+
+ Some code is trivially redundant between DFGJITCodeGenerator.cpp & DFGJITCodeGenerator32_64.cpp
+
+ Basically move a JSVALUE64 specific code into a new DFGJITCodeGenerator64.cpp, leave common code
+ in DFGJITCodeGenerator.cpp, and remove copies from DFGJITCodeGenerator32_64.cpp.
+
+ For some function differences are trivial & make more sense to ifdef individually, and some
+ Operand methods make more sense left in DFGJITCodeGenerator.cpp alongside similar constructors.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+ (JSC::DFG::JITCodeGenerator::isKnownBoolean):
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::dump):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ * dfg/DFGJITCodeGenerator64.cpp: Copied from Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp.
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::branchIfNotCell):
+ * dfg/DFGJITCompilerInlineMethods.h:
+
+2011-09-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should infer which uses of a variable are not aliased
+ https://bugs.webkit.org/show_bug.cgi?id=68593
+
+ Reviewed by Oliver Hunt.
+
+ This separates how a variable is stored (i.e. its virtual register)
+ from how it's predicted. Each variable now takes a
+ VariableAccessData as its operand, instead of the virtual register.
+ The VariableAccessData stores the operand and the prediction. If
+ multiple uses of a variable are aliased, their VariableAccessDatas
+ are unified.
+
+ This also adds tracking of which argument values are used. It
+ correctly observes that an argument value is not used, if the
+ argument is assigned to inside the function before being used.
+
+ This also adds tracking of which variables are live at the head of
+ a basic block, and separates that from a variable being live at the
+ tail.
+
+ Finally, this communicates to both OSR entry and OSR exit code how
+ a variable is predicted at a particular point in the code, rather
+ than just communicating how it was predicted in the entire code
+ block (since with this patch there is no longer the notion of a
+ variable having just one prediction for a code block).
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/ActionablePrediction.h: Added.
+ (JSC::actionablePredictionFromPredictedType):
+ (JSC::valueObeysPrediction):
+ (JSC::actionablePredictionToString):
+ (JSC::ActionablePredictions::ActionablePredictions):
+ (JSC::ActionablePredictions::setArgument):
+ (JSC::ActionablePredictions::argument):
+ (JSC::ActionablePredictions::setVariable):
+ (JSC::ActionablePredictions::variable):
+ (JSC::ActionablePredictions::argumentUpperBound):
+ (JSC::ActionablePredictions::variableUpperBound):
+ (JSC::ActionablePredictions::pack):
+ (JSC::ActionablePredictions::packVector):
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictionTracker.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::newVariableAccessData):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::nameOfVariableAccessData):
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::operandIsArgument):
+ (JSC::DFG::VariableRecord::setFirstTime):
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVariableAccessData):
+ (JSC::DFG::Node::hasLocal):
+ (JSC::DFG::Node::variableAccessData):
+ (JSC::DFG::Node::local):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::ValueSource):
+ (JSC::DFG::ValueSource::forPrediction):
+ (JSC::DFG::ValueSource::isSet):
+ (JSC::DFG::ValueSource::kind):
+ (JSC::DFG::ValueSource::nodeIndex):
+ (JSC::DFG::ValueSource::nodeIndexFromKind):
+ (JSC::DFG::ValueSource::kindFromNodeIndex):
+ (JSC::DFG::SpeculativeJIT::isKnownArray):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * wtf/PackedIntVector.h: Added.
+ (WTF::PackedIntVector::PackedIntVector):
+ (WTF::PackedIntVector::operator=):
+ (WTF::PackedIntVector::size):
+ (WTF::PackedIntVector::ensureSize):
+ (WTF::PackedIntVector::resize):
+ (WTF::PackedIntVector::clearAll):
+ (WTF::PackedIntVector::get):
+ (WTF::PackedIntVector::set):
+ (WTF::PackedIntVector::mask):
+ * wtf/Platform.h:
+ * wtf/UnionFind.h: Added.
+ (WTF::UnionFind::UnionFind):
+ (WTF::UnionFind::find):
+ (WTF::UnionFind::unify):
+
+2011-09-29 Oliver Hunt <oliver@apple.com>
+
+ Build fix.
+
+ * heap/AllocationSpace.h:
+
+2011-09-29 Oliver Hunt <oliver@apple.com>
+
+ Add logic to collect dirty objects as roots
+ https://bugs.webkit.org/show_bug.cgi?id=69100
+
+ Reviewed by Geoff Garen.
+
+ This gives us the ability to walk all the MarkedBlocks in an
+ AllocationSpace and collect the dirty objects, and then use
+ them as GC roots.
+
+ I also rearranged the order of these instructions because it
+ makes them smaller on some platforms with some card sizes.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::markCellCard):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::markCellCard):
+ * heap/AllocationSpace.cpp:
+ Tidy up the write barrier logic a bit.
+ (JSC::MarkedBlock::gatherDirtyObjects):
+ (JSC::TakeIfDirty::returnValue):
+ (JSC::TakeIfDirty::TakeIfDirty):
+ (JSC::TakeIfDirty::operator()):
+ (JSC::AllocationSpace::gatherDirtyObjects):
+ * heap/AllocationSpace.h:
+ * heap/CardSet.h:
+ (JSC::::isCardMarked):
+ (JSC::::clearCard):
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrier):
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::setDirtyObject):
+ (JSC::MarkedBlock::addressOfCardFor):
+ * heap/SlotVisitor.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitWriteBarrier):
+ Tidy the write barrier a bit.
+
+2011-09-29 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed windows build fix.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ * dfg/DFGOperations.h:
+
+2011-09-29 Filip Pizlo <fpizlo@apple.com>
+
+ Structure transitions involving many (> 64) properties sometimes cause structure corruption
+ https://bugs.webkit.org/show_bug.cgi?id=69102
+
+ Reviewed by Darin Adler.
+
+ Made m_offset an int instead of a signed char. Changed the code to ensure that transitions
+ don't lead to the dictionary kind being forgotten.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG operation calls should be stdcall in Linux JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69058
+
+ Reviewed by Gavin Barraclough.
+
+ Also Fixed the stdcall FunctionPtr constructors to make them compiled correctly on Linux
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+
+2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods
+ https://bugs.webkit.org/show_bug.cgi?id=68839
+
+ Reviewed by Geoffrey Garen.
+
+ Removed the remaining visitChildrenVirtual methods. This patch completes the process of
+ de-virtualizing visitChildren.
+
+ * API/JSCallbackObject.h:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ * runtime/GetterSetter.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ * runtime/JSArray.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSPropertyNameIterator.cpp:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSValue.h:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpObject.h:
+ * runtime/Structure.cpp:
+ * runtime/Structure.h:
+ * runtime/StructureChain.cpp:
+ * runtime/StructureChain.h:
+
+ Inlined the method table access and call to the visitChildren function (the only call sites
+ to visitChildren are here).
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+
+ Changed the field name for the visitChildren function pointer to visitChildren (from
+ visitChildrenFunctionPtr) to make call sites less verbose.
+ * runtime/ClassInfo.h:
+
+ Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but
+ overrides visitChildren, so it needs to have its own ClassInfo.
+ * runtime/JSBoundFunction.cpp:
+ * runtime/JSBoundFunction.h:
+
+ Had to move className up to make sure that the virtual destructor in JSObject wasn't
+ the first non-inline virtual method in JSObject (as per the comment in the file).
+ Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able
+ to mitigate the cost of an extra method call.
+
+ Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make
+ call sites more concise. Implementation is inline in JSObject.h.
+ * runtime/JSObject.h:
+ (JSC::JSCell::methodTable):
+ * runtime/JSCell.h:
+
+ Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to
+ appease the vtable gods. It refused to compile if there were no virtual methods in
+ both of these classes due to the presence of a weak vtable pointer.
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::~JSWrapperObject):
+ * runtime/JSWrapperObject.h:
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::~ScopeChainNode):
+ * runtime/ScopeChain.h:
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69075
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor
+ https://bugs.webkit.org/show_bug.cgi?id=69054
+
+ Reviewed by Gavin Barraclough.
+
+ size_t is equal to uint32_t on most 32-bit platforms, except for Mac OS.
+
+ * dfg/DFGNode.h:
+
+2011-09-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG checkArgumentTypes fails to check boolean predictions
+ https://bugs.webkit.org/show_bug.cgi?id=69059
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix pt 2 for r96286.
+
+ * assembler/MacroAssemblerCodeRef.h:
+
+2011-09-28 Ryosuke Niwa <rniwa@webkit.org>
+
+ Build fix attempt for r96286.
+
+ * assembler/MacroAssemblerCodeRef.h:
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT Operations on 32_64 should use stdcall calling convention.
+ https://bugs.webkit.org/show_bug.cgi?id=69046
+
+ Reviewed by Sam Weinig.
+
+ All calls out are expecting stdcall conventions, but the default on OS X are cdecl.
+ Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link
+ directly to std library functions like fmod - leave these calls obeying the default
+ platform calling convention.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+ - Add implicit constructors for std calls.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ - Make this work non-Mac platforms.
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationPutByValInternal):
+ * dfg/DFGOperations.h:
+ - Mark all operations as stdcalls.
+
+2011-09-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT falls back on numerical comparisons when it does not
+ recognize a prediction
+ https://bugs.webkit.org/show_bug.cgi?id=68977
+
+ Reviewed by Geoffrey Garen.
+
+ This fixes both the way comparison implementations are selected. It
+ also fixes a bug where comparisons other than equality (like < or >)
+ on objects are compiled as if the comparison was equality.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ Implement callOperation(D_DFGOperation_DD) for DFG JIT 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=69026
+
+ Reviewed by Sam Weinig.
+
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::fstpl):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ Merge bug#68580, bug#68932 for DFG JIT with JSVALUE32_64
+ https://bugs.webkit.org/show_bug.cgi?id=69017
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64679
+ Fix bugs in Array.prototype this handling.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+ - These methods should throw if this value is undefined.
+
+2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Value profiling in baseline JIT for JSVALUE32_64
+ https://bugs.webkit.org/show_bug.cgi?id=68750
+
+ Reviewed by Geoff Garen.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_mul):
+ (JSC::JIT::emit_op_div):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emit_op_call_put_result):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_resolve_with_this):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emitSlow_op_get_by_id):
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_get_global_var):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::callWithValueProfiling):
+
+2011-09-28 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Wrong integer checks in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68985
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-09-28 Adam Barth <abarth@webkit.org>
+
+ Remove empty directories.
+
+ * wtf/brew: Removed.
+ * wtf/unicode/brew: Removed.
+
+2011-09-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT cannot compile op_new_object, op_new_array,
+ op_new_array_buffer, or op_new_regexp
+ https://bugs.webkit.org/show_bug.cgi?id=68580
+
+ Reviewed by Oliver Hunt.
+
+ This implements all four opcodes, but has op_new_regexp turns off
+ by default because it unveils some bad speculation logic when
+ compiling string-validate-input.
+
+ With op_new_regexp turned off, this is a 5% win on Kraken and a
+ 0.7% speed-up on V8. Neutral on SunSpider.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasConstantBuffer):
+ (JSC::DFG::Node::startConstant):
+ (JSC::DFG::Node::numConstants):
+ (JSC::DFG::Node::hasRegexpIndex):
+ (JSC::DFG::Node::regexpIndex):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isKnownArray):
+
+2011-09-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should speculate more aggressively on reads of array.length
+ https://bugs.webkit.org/show_bug.cgi?id=68932
+
+ Reviewed by Oliver Hunt.
+
+ This is a 2% speed-up on Kraken, neutral elsewhere.
+
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-27 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT - merge changes between 95905 - 96175
+ https://bugs.webkit.org/show_bug.cgi?id=68963
+
+ Reviewed by Sam Weinig.
+
+ Merge missing changes from bug#68677, bug#68784, bug#68785.
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-27 Gavin Barraclough <barraclough@apple.com>
+
+ Get JSVALUE32_64 DFG JIT building on OS X.
+ https://bugs.webkit.org/show_bug.cgi?id=68961
+
+ Reviewed by Geoff Garen.
+
+ * Merge bug #68763 (DFG JIT should not eagerly initialize integer tags in the register file).
+ * Forward-declare functions in DFGOperations.cpp
+ * UNUSED_PARAM for unused arguments
+ * NO_RETURN for unimplemented function that ASSERT_NOT_REACHED
+ * Fix argument types handled by OpInfo constructor.
+ * Use SYMBOL_STRING instead of STRINGIZE for asm symbols.
+ * Add files to Xcode project.
+
+2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Bug fixes for GetById, PutById, and GetByOffset in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68755
+
+ Reviewed by Gavin Barraclough.
+
+ We need to load/store and repatch both tag and payload of a property
+ for GetById/PutById. Also reorder the loads of tag and payload for
+ GetByOffset as the result tag GPR could reuse the storage GPR.
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchByIdSelfAccess):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-24 Gavin Barraclough <barraclough@apple.com>
+
+ Macro assembler branch8 & 16 methods vary in treatment of upper bits
+ https://bugs.webkit.org/show_bug.cgi?id=68301
+
+ Reviewed by Sam Weinig.
+
+ Fix for branch16 - remove it!
+ No performance impact.
+
+ * assembler/MacroAssembler.h:
+ * assembler/MacroAssemblerARM.h:
+ * assembler/MacroAssemblerARMv7.h:
+ * assembler/MacroAssemblerMIPS.h:
+ * assembler/MacroAssemblerSH4.h:
+ * assembler/MacroAssemblerX86Common.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+
+2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::getCallData
+ https://bugs.webkit.org/show_bug.cgi?id=68741
+
+ Reviewed by Darin Adler.
+
+ In this patch we just extract the bodies of the virtual getCallData methods
+ throughout the JSCell inheritance hierarchy out into static methods, which are
+ now called from the virtual methods. This is an intermediate step in trying to
+ move the virtual-ness of getCallData into our own method table stored in
+ ClassInfo. We need to convert the methods to static methods because static methods
+ can be represented as function pointers rather than pointers to member functions, and
+ function pointers are smaller and faster to call than pointers to member functions.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::getCallDataVirtual):
+ (JSC::JSCallbackFunction::getCallData):
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getCallDataVirtual):
+ (JSC::::getCallData):
+ * API/JSObjectRef.cpp:
+ (JSObjectIsFunction):
+ (JSObjectCallAsFunction):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getCallDataVirtual):
+ (JSC::ArrayConstructor::getCallData):
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::getCallDataVirtual):
+ (JSC::BooleanConstructor::getCallData):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getCallDataVirtual):
+ (JSC::DateConstructor::getCallData):
+ * runtime/DateConstructor.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::getCallDataVirtual):
+ (JSC::ErrorConstructor::getCallData):
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::getCallDataVirtual):
+ (JSC::FunctionConstructor::getCallData):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::getCallDataVirtual):
+ (JSC::FunctionPrototype::getCallData):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getCallDataVirtual):
+ (JSC::JSCell::getCallData):
+ * runtime/JSCell.h:
+ (JSC::getCallData):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getCallDataVirtual):
+ (JSC::JSFunction::getCallData):
+ * runtime/JSFunction.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::getCallDataVirtual):
+ (JSC::NativeErrorConstructor::getCallData):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getCallDataVirtual):
+ (JSC::NumberConstructor::getCallData):
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getCallDataVirtual):
+ (JSC::ObjectConstructor::getCallData):
+ * runtime/ObjectConstructor.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectType):
+ (JSC::jsIsFunctionType):
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getCallDataVirtual):
+ (JSC::RegExpConstructor::getCallData):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getCallDataVirtual):
+ (JSC::StringConstructor::getCallData):
+ * runtime/StringConstructor.h:
+
+2011-09-27 Tim Horton <timothy_horton@apple.com>
+
+ Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption
+ https://bugs.webkit.org/show_bug.cgi?id=68816
+ <rdar://problem/10186468>
+
+ Reviewed by Simon Fraser.
+
+ Add ByteArray::clear, which zeros the memory in the ByteArray.
+
+ * wtf/ByteArray.h:
+ (WTF::ByteArray::clear): Added.
+
+2011-09-27 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96131.
+ http://trac.webkit.org/changeset/96131
+ https://bugs.webkit.org/show_bug.cgi?id=68927
+
+ It made 18+ tests crash on all platform (Requested by
+ Ossy_night on #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * parser/Parser.h:
+ (JSC::Parser::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+
+2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::getPrimitiveNumber
+ https://bugs.webkit.org/show_bug.cgi?id=68851
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ Changed JSCell::getPrimitiveNumber to manually handle the dispatch for
+ JSCells (JSObject and JSString in this case).
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getPrimitiveNumber):
+ * runtime/JSCell.h:
+
+ Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't
+ matter and it already implements defaultValue, so JSObject::getPrimitiveNumber
+ can cover the case for JSNotAnObject.
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+
+ De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber
+ and changed them to be const. Also made JSString::getPrimitiveNumber public
+ because it needs to be called from JSCell::getPrimitiveNumber and also since it's
+ no longer virtual, we want people who have a more specific pointer (JSString*
+ instead of JSCell*) to not have to pay the cost of a virtual method call.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPrimitiveNumber):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getPrimitiveNumber):
+ * runtime/JSString.h:
+
+2011-09-27 Juan Carlos Montemayor Elosua <j.mont@me.com>
+
+ Implement Error.stack
+ https://bugs.webkit.org/show_bug.cgi?id=66994
+
+ Reviewed by Oliver Hunt.
+
+ This patch utilizes topCallFrame to create a stack trace when
+ an error is thrown. Users will also be able to use the stack()
+ command in jsc to get arrays with stack trace information.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::getCallerLine):
+ (JSC::getSourceURLFromCallFrame):
+ (JSC::getStackFrameCodeType):
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ (JSC::StackFrame::toString):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (functionJSCStack):
+ * parser/Parser.h:
+ (JSC::Parser::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+
+2011-09-27 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Reorganize header files
+ https://bugs.webkit.org/show_bug.cgi?id=65616
+
+ Reviewed by Martin Robinson.
+
+ Install header files under $libwebkitgtkincludedir/JavaScriptCore.
+
+ * GNUmakefile.am: Use $libwebkitgtkincludedir.
+ * javascriptcoregtk.pc.in: Use webkitgtk-<api-version> as include dir.
+
+2011-09-26 Geoffrey Garen <ggaren@apple.com>
+
+ REGRESSION (r95912): Conservative marking doesn't filter out pointers to
+ MarkedBlock metadata
+ https://bugs.webkit.org/show_bug.cgi?id=68860
+
+ Reviewed by Oliver Hunt.
+
+ Bencher says no performance change, maybe a 7% speedup on kraken-imaging-darkroom.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isAtomAligned): Renamed atomMask to atomAlignment mask
+ because the mask doesn't produce the actual atom number.
+
+ (JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good
+ enough; we also need to test that a pointer is beyond the metadata section
+ of a MarkedBlock, to avoid treating random metadata as a JSCell.
+
+2011-09-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Make JSCell::toBoolean non-virtual
+ https://bugs.webkit.org/show_bug.cgi?id=67727
+
+ Reviewed by Geoffrey Garen.
+
+ JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
+ before it was simply virtual and would crash if its implementation was called).
+ Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
+ explicitly covers all cases of toBoolean, so having a virtual implementation of
+ JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ (JSC::JSCell::toBoolean):
+ (JSC::JSValue::toBoolean):
+
+2011-09-26 Chris Marrin <cmarrin@apple.com>
+
+ Enable requestAnimationFrame on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=68397
+
+ Reviewed by Simon Fraser.
+
+ Enabled REQUEST_ANIMATION_FRAME_TIMER for Windows
+
+ * wtf/Platform.h:
+
+2011-09-26 Noel Gordon <noel.gordon@gmail.com>
+
+ [Chromium] Remove DFGAliasTracker.h references from gyp project files
+ https://bugs.webkit.org/show_bug.cgi?id=68787
+
+ Reviewed by Geoffrey Garen.
+
+ DFG/DFGAliasTracker.h was removed in r95389. Cleanup (remove) references
+ to that file from the gyp project files.
+
+ * JavaScriptCore.gypi:
+
+2011-09-26 Zoltan Herczeg <zherczeg@webkit.org>
+
+ [Qt]REGRESSION(r95865): It made 4 tests crash
+ https://bugs.webkit.org/show_bug.cgi?id=68780
+
+ Reviewed by Oliver Hunt.
+
+ emitJumpSlowCaseIfNotJSCell(...) cannot be moved
+ away since the next load depends on it.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+
+2011-09-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add custom vtable struct to ClassInfo struct
+ https://bugs.webkit.org/show_bug.cgi?id=68567
+
+ Reviewed by Oliver Hunt.
+
+ Declared/defined the MethodTable struct and added it to the ClassInfo struct.
+ Also defined the CREATE_METHOD_TABLE macro to generate these method tables
+ succinctly where they need to be defined.
+
+ Also added to it the first function to use this macro, visitChildren.
+
+ This is part of the process of getting rid of all C++ virtual methods in JSCell.
+ Eventually all virtual functions in JSCell that can't easily be converted to
+ non-virtual functions will be put into this custom vtable structure.
+ * runtime/ClassInfo.h:
+
+ Added the CREATE_METHOD_TABLE macro call as the last argument to each of the
+ ClassInfo structs declared in these classes. This saves us from having to visit
+ each s_info definition in the future when we add more methods to the MethodTable.
+ * API/JSCallbackConstructor.cpp:
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackObject.cpp:
+ * JavaScriptCore.exp:
+ * runtime/Arguments.cpp:
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayPrototype.cpp:
+ * runtime/BooleanObject.cpp:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateInstance.cpp:
+ * runtime/DatePrototype.cpp:
+ * runtime/ErrorInstance.cpp:
+ * runtime/ErrorPrototype.cpp:
+ * runtime/ExceptionHelpers.cpp:
+ * runtime/Executable.cpp:
+ * runtime/GetterSetter.cpp:
+ * runtime/InternalFunction.cpp:
+ * runtime/JSAPIValueWrapper.cpp:
+ * runtime/JSActivation.cpp:
+ * runtime/JSArray.cpp:
+ * runtime/JSByteArray.cpp:
+ * runtime/JSFunction.cpp:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSONObject.cpp:
+ * runtime/JSObject.cpp:
+ * runtime/JSPropertyNameIterator.cpp:
+ * runtime/JSString.cpp:
+ * runtime/MathObject.cpp:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberObject.cpp:
+ * runtime/NumberPrototype.cpp:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/RegExp.cpp:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/ScopeChain.cpp:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringObject.cpp:
+ * runtime/StringPrototype.cpp:
+ * runtime/Structure.cpp:
+ * runtime/StructureChain.cpp:
+
+ Had to make visitChildren and visitChildrenVirtual protected instead of private
+ because some of the subclasses of JSWrapperObject need access to JSWrapperObject's
+ visitChildren function pointer in their vtable since they don't provide their own
+ implementation. Same for RegExpObject.
+ * runtime/JSWrapperObject.h:
+ * runtime/RegExpObject.h:
+
+2011-09-25 Adam Barth <abarth@webkit.org>
+
+ Finish removing PLATFORM(BREWMP) by removing associated code
+ https://bugs.webkit.org/show_bug.cgi?id=68779
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+ * wscript:
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMallocSize):
+ * wtf/Vector.h:
+ * wtf/brew: Removed.
+ * wtf/brew/MainThreadBrew.cpp: Removed.
+ * wtf/brew/OwnPtrBrew.cpp: Removed.
+ * wtf/brew/RefPtrBrew.h: Removed.
+ * wtf/brew/ShellBrew.h: Removed.
+ * wtf/brew/StringBrew.cpp: Removed.
+ * wtf/brew/SystemMallocBrew.h: Removed.
+ * wtf/unicode/brew: Removed.
+ * wtf/unicode/brew/UnicodeBrew.cpp: Removed.
+ * wtf/unicode/brew/UnicodeBrew.h: Removed.
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not count speculation successes correctly
+ https://bugs.webkit.org/show_bug.cgi?id=68785
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGOperations.cpp:
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG support for op_resolve_global is not enabled
+ https://bugs.webkit.org/show_bug.cgi?id=68786
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG static prediction code is no longer needed and should be removed
+ https://bugs.webkit.org/show_bug.cgi?id=68784
+
+ Reviewed by Oliver Hunt.
+
+ This gets rid of static prediction code, and ensures that we do not
+ try to compile code where dynamic predictions are not available.
+ This is accomplished by immediately performing an OSR exit wherever
+ a value is retrieved for which no predictions exist.
+
+ This also adds value profiling for this on functions used for calls.
+
+ The heuristics for deciding when to optimize code are also tweaked,
+ since it is now profitable to optimize sooner. This may need to be
+ tweaked further, but this patch only makes minimal changes.
+
+ This results in a 16% speed-up on Kraken/ai-astar, leading to a 3%
+ overall win on Kraken. It's neutral elsewhere.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ (JSC::isCellPrediction):
+ (JSC::isObjectPrediction):
+ (JSC::isFinalObjectPrediction):
+ (JSC::isStringPrediction):
+ (JSC::isArrayPrediction):
+ (JSC::isInt32Prediction):
+ (JSC::isDoublePrediction):
+ (JSC::isNumberPrediction):
+ (JSC::isBooleanPrediction):
+ (JSC::mergePredictions):
+ * bytecode/PredictionTracker.h:
+ (JSC::PredictionTracker::predictArgument):
+ (JSC::PredictionTracker::predict):
+ (JSC::PredictionTracker::predictGlobalVar):
+ * bytecode/ValueProfile.cpp:
+ (JSC::ValueProfile::computeUpdatedPrediction):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::predictGlobalVar):
+ (JSC::DFG::Graph::getMethodCheckPrediction):
+ (JSC::DFG::Graph::getJSConstantPrediction):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::getPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::valueOfJSConstantNode):
+ (JSC::DFG::Node::isInt32Constant):
+ (JSC::DFG::Node::isDoubleConstant):
+ (JSC::DFG::Node::isNumberConstant):
+ (JSC::DFG::Node::isBooleanConstant):
+ (JSC::DFG::Node::predict):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::isPredictedNumerical):
+ (JSC::DFG::Propagator::logicalNotIsPure):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
+ (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT Construct opcode takes a this argument even though it's
+ not passed
+ https://bugs.webkit.org/show_bug.cgi?id=68782
+
+ Reviewed by Oliver Hunt.
+
+ This is performance-neutral, mostly. It's a slight speed-up on
+ v8-splay.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG tracking of the value in cachedResultRegister does not handle
+ op_mov correctly
+ https://bugs.webkit.org/show_bug.cgi?id=68781
+
+ Reviewed by Oliver Hunt.
+
+ This takes the simplest approach: it makes the old JIT dumber rather
+ than making the DFG JIT smarter. This is performance-neutral.
+
+ * jit/JIT.h:
+ (JSC::JIT::canBeOptimized):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_mov):
+
+2011-09-25 Adam Barth <abarth@webkit.org>
+
+ Remove PLATFORM(HAIKU) and associated code
+ https://bugs.webkit.org/show_bug.cgi?id=68774
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+ * heap/MachineStackMarker.cpp:
+ * wtf/PageAllocation.h:
+ * wtf/Platform.h:
+ * wtf/StackBounds.cpp:
+ * wtf/haiku: Removed.
+ * wtf/haiku/MainThreadHaiku.cpp: Removed.
+ * wtf/haiku/StringHaiku.cpp: Removed.
+ * wtf/text/WTFString.h:
+
+2011-09-24 Adam Barth <abarth@webkit.org>
+
+ Always enable ENABLE(OFFLINE_WEB_APPLICATIONS)
+ https://bugs.webkit.org/show_bug.cgi?id=68767
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-24 Filip Pizlo <fpizlo@apple.com>
+
+ JIT implementation of put_by_val increments m_length instead of setting
+ it to index+1
+ https://bugs.webkit.org/show_bug.cgi?id=68766
+
+ Reviewed by Geoffrey Garen.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+
+2011-09-24 Geoffrey Garen <ggaren@apple.com>
+
+ More build fixage.
+
+ * heap/ConservativeRoots.cpp: Our system of #includes, it is chaos.
+
+2011-09-24 Filip Pizlo <fpizlo@apple.com>
+
+ The DFG should not attempt to guess types in the absence of value
+ profiles
+ https://bugs.webkit.org/show_bug.cgi?id=68677
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ForceOSRExit node, which is ignored by the propagator
+ and virtual register allocator (and hence ensuring that liveness analysis
+ works correctly), but forces terminateSpeculativeExecution() in the
+ back-end. This appears to be a slight speed-up on benchmark averages,
+ with ~5% swings on individual benchmarks, in both directions. But it's
+ never a regression on any average, and appears to be a ~1% progression
+ in the SunSpider average.
+
+ This also adds a bit better debugging support in the old JIT and in DFG,
+ as this was necessary to debug the much more frequent OSR transitions
+ that occur with this change.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::getStrongPrediction):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+
+2011-09-24 Geoffrey Garen <ggaren@apple.com>
+
+ Some Windows build fixage.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::sweep):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isLive): Show the compiler that all control paths
+ return a value. There, there, compiler. Everything's going to be OK.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::setVPtr): Oops! Unrename this function.
+
+2011-09-24 Geoffrey Garen <ggaren@apple.com>
+
+ Allocate new objects unmarked
+ https://bugs.webkit.org/show_bug.cgi?id=68764
+
+ Reviewed by Oliver Hunt.
+
+ This is a pre-requisite to using the mark bit to determine object age.
+
+ ~2% v8 speedup, mostly due to a 12% v8-splay speedup.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isLive):
+ (JSC::MarkedBlock::isLiveCell): These two functions are the reason for
+ this patch. They can now determine object liveness without relying on
+ newly allocated objects having their mark bits set. Each MarkedBlock
+ now has a state variable that tells us how to determine whether its
+ cells are live. (This new state variable supercedes the old one about
+ destructor state. The rest of this patch is just refactoring to support
+ the invariants of this new state variable without introducing a
+ performance regression.)
+
+ (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal
+ state when a block becomes fully allocated.
+
+ (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into
+ this function because, logically, clearing all mark bits is the first
+ step in saying "mark bits now exactly reflect object liveness".
+
+ (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify
+ that this function only tells you about the mark bits, so it's only
+ meaningful if you've put the mark bits into a meaningful state before
+ calling it.
+
+ (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function
+ instead of testing mark bits, since mark bits are not always the right
+ way to find out if an object is live anymore. (New objects are live, but
+ not marked.)
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::recycle):
+ (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even
+ initialization when recycling an old block -- into the MarkedBlock
+ constructor, for simplicity.
+
+ (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for
+ a zapped cell before running a destructor, and always zap after
+ running a destructor. This does not seem to be expensive, and the
+ alternative just creates a too-confusing matrix of possible cell states
+ ((zombie undestructed cell + zombie destructed cell + zapped destructed
+ cell) * 5! permutations for progressing through block states = "Oh my!").
+
+ (JSC::MarkedBlock::specializedSweep):
+ (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing
+ optimization to use template specialization to constant fold lots of
+ branches and elide certain operations entirely during a sweep. Merged
+ four or five functions that were logically about sweeping into this one
+ function pair, so there's only one way to do things now, it's
+ automatically correct, and it's always fast.
+
+ (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit
+ about exactly what it does, and to honor the new block state system.
+
+ * heap/AllocationSpace.cpp:
+ (JSC::AllocationSpace::allocateBlock): Updated for rename.
+
+ (JSC::AllocationSpace::freeBlocks): Updated for changed interface.
+
+ (JSC::TakeIfUnmarked::TakeIfUnmarked):
+ (JSC::TakeIfUnmarked::operator()):
+ (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed
+ to clarify that this functor only tests the mark bits, so it's only
+ valid if you've put the mark bits into a meaningful state before
+ calling it.
+
+ (JSC::AllocationSpace::shrink): Updated for rename.
+
+ * heap/AllocationSpace.h:
+ (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a
+ little more specific about what we're making canonical.
+
+ (JSC::AllocationSpace::forEachCell): Updated for rename.
+
+ (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell
+ liveness data before iterating blocks -- clients that want iterated
+ blocks to have valid cell lieveness data should make this call for
+ themselves. (And not all clients want it.)
+
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed
+ obsolete comment.
+
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...()
+ because clearMarks() now does that implicitly.
+
+ (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since
+ tear-down tests cell liveness when running destructors.
+
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect): Moved weak reference harvesting out of markRoots()
+ and into collect, since it strictly depends on root marking, and does
+ not contribute to root marking.
+
+ (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more
+ specific about what we're making canonical.
+
+ * heap/Heap.h:
+ (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness
+ data before iterating protected cells, since we know they're all live,
+ and don't need to test for it.
+
+ * heap/Local.h:
+ (JSC::::set): Can't make the same ASSERT we used to because we just don't
+ have the mark bits for it anymore. Perhaps we can bring this ASSERT back
+ in a weaker form in the future.
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::addBlock):
+ (JSC::MarkedSpace::removeBlock): Updated for interface change.
+ (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more
+ specific about what we're making canonical.
+
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+ (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator
+ functionality a bit. We now track only one block -- "currentBlock" --
+ and rely on its internal state to know whether it has more cells to
+ allocate.
+
+ * heap/Weak.h:
+ (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't
+ have the mark bits for it anymore. Perhaps we can bring this ASSERT back
+ in a weaker form in the future.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::vptr):
+ (JSC::JSCell::zap):
+ (JSC::JSCell::isZapped):
+ (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction.
+ In the future, exactly how a JSCell zaps itself will change, as the
+ internal representation of JSCell changes.
+
+2011-09-24 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should not eagerly initialize integer tags in the register file
+ https://bugs.webkit.org/show_bug.cgi?id=68763
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
+ (JSC::DFG::OSRExit::operandForArgument):
+ (JSC::DFG::OSRExit::operandForIndex):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+
+2011-09-23 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add JSVALUE32_64 support to DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=67460
+
+ Reviewed by Gavin Barraclough.
+
+ This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
+ It's tested on IA32 Linux EFL port currently. It still cannot run
+ all the test cases and benchmarks so should be turned off now.
+
+ The major work includes:
+ 1) dealing with JSVALUE32_64 data format in DFG JIT;
+ 2) bindings between 64-bit JS Value and 32-bit registers;
+ 3) handling of function calls. Currently for DFG operation function
+ calls we follow the X86 cdecl calling convention on Linux, and the
+ implementation is in a naive way by pushing the arguments into stack
+ one by one.
+
+ The known issues include:
+ 1) some code duplicates unnecessarily, especially in Speculative JIT
+ code generation, where most of the operations on SpeculataInteger /
+ SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
+ is needed in the future;
+ 2) lack of op_call and op_construct support, comparing to current
+ JSVALUE64 DFG;
+ 3) currently integer speculations assume to be StrictInt32;
+ 4) lack of JSBoolean speculations;
+ 5) boxing and unboxing doubles could be improved;
+ 6) DFG X86 register description is different with the baseline JIT,
+ the timeoutCheckRegister is used for general purpose usage;
+ 7) calls to runtime functions with primitive double parameters (e.g.
+ fmod) don't work. Support needs to be added to the assembler to
+ implement the mechanism of passing double parameters for X86 cdecl
+ convention.
+
+ And there should be many other hidden bugs which should be exposed and
+ resolved in later debugging process.
+
+ * CMakeListsEfl.txt:
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::loadDouble):
+ (JSC::MacroAssemblerX86::storeDouble):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movsd_rm):
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGFPRInfo.h:
+ (JSC::DFG::FPRInfo::debugName):
+ * dfg/DFGGPRInfo.h:
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ (JSC::DFG::GPRInfo::debugName):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::needDataFormatConversion):
+ (JSC::DFG::GenerationInfo::initJSValue):
+ (JSC::DFG::GenerationInfo::initDouble):
+ (JSC::DFG::GenerationInfo::gpr):
+ (JSC::DFG::GenerationInfo::tagGPR):
+ (JSC::DFG::GenerationInfo::payloadGPR):
+ (JSC::DFG::GenerationInfo::fpr):
+ (JSC::DFG::GenerationInfo::fillJSValue):
+ (JSC::DFG::GenerationInfo::fillCell):
+ (JSC::DFG::GenerationInfo::fillDouble):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::allocate):
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::registersMatched):
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ (JSC::DFG::JITCodeGenerator::spill):
+ (JSC::DFG::addressOfDoubleConstant):
+ (JSC::DFG::integerResult):
+ (JSC::DFG::jsValueResult):
+ (JSC::DFG::setupResults):
+ (JSC::DFG::callOperation):
+ (JSC::JSValueOperand::JSValueOperand):
+ (JSC::JSValueOperand::~JSValueOperand):
+ (JSC::JSValueOperand::isDouble):
+ (JSC::JSValueOperand::fill):
+ (JSC::JSValueOperand::tagGPR):
+ (JSC::JSValueOperand::payloadGPR):
+ (JSC::JSValueOperand::fpr):
+ (JSC::GPRTemporary::~GPRTemporary):
+ (JSC::GPRTemporary::gpr):
+ (JSC::GPRResult2::GPRResult2):
+ * dfg/DFGJITCodeGenerator32_64.cpp: Added.
+ (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::fillStorage):
+ (JSC::DFG::JITCodeGenerator::useChildren):
+ (JSC::DFG::JITCodeGenerator::isStrictInt32):
+ (JSC::DFG::JITCodeGenerator::isKnownInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNumeric):
+ (JSC::DFG::JITCodeGenerator::isKnownCell):
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+ (JSC::DFG::JITCodeGenerator::isKnownBoolean):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ (JSC::DFG::JITCodeGenerator::cachedGetMethod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ (JSC::DFG::JITCodeGenerator::speculationCheck):
+ (JSC::DFG::dataFormatString):
+ (JSC::DFG::JITCodeGenerator::dump):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGJITCompiler.cpp:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::tagForGlobalVar):
+ (JSC::DFG::JITCompiler::payloadForGlobalVar):
+ (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
+ (JSC::DFG::JITCompiler::addressOfDoubleConstant):
+ (JSC::DFG::JITCompiler::boxDouble):
+ (JSC::DFG::JITCompiler::unboxDouble):
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ * dfg/DFGJITCompiler32_64.cpp: Added.
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ (JSC::DFG::JITCompiler::jitAssertIsInt32):
+ (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
+ (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
+ (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
+ (JSC::DFG::JITCompiler::jitAssertIsCell):
+ (JSC::DFG::JITCompiler::emitCount):
+ (JSC::DFG::JITCompiler::setSamplingFlag):
+ (JSC::DFG::JITCompiler::clearSamplingFlag):
+ * dfg/DFGJITCompilerInlineMethods.h: Added.
+ (JSC::DFG::JITCompiler::emitLoadTag):
+ (JSC::DFG::JITCompiler::emitLoadPayload):
+ (JSC::DFG::JITCompiler::emitLoad):
+ (JSC::DFG::JITCompiler::emitLoad2):
+ (JSC::DFG::JITCompiler::emitLoadDouble):
+ (JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
+ (JSC::DFG::JITCompiler::emitStore):
+ (JSC::DFG::JITCompiler::emitStoreInt32):
+ (JSC::DFG::JITCompiler::emitStoreCell):
+ (JSC::DFG::JITCompiler::emitStoreBool):
+ (JSC::DFG::JITCompiler::emitStoreDouble):
+ * dfg/DFGNode.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueRecovery::inGPR):
+ (JSC::DFG::ValueRecovery::inPair):
+ (JSC::DFG::ValueRecovery::tagGPR):
+ (JSC::DFG::ValueRecovery::payloadGPR):
+ * dfg/DFGSpeculativeJIT32_64.cpp: Added.
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::dump):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileMovHint):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * runtime/JSValue.h:
+
+2011-09-23 Filip Pizlo <fpizlo@apple.com>
+
+ wtf/BitVector.h has a variety of bugs which manifest when the
+ vector grows beyond 63 bits
+ https://bugs.webkit.org/show_bug.cgi?id=68746
+
+ Reviewed by Oliver Hunt.
+
+ Out-of-lined slow path code in BitVector so that not every user
+ of CodeBlock ends up having to compile it. Fixed a variety of
+ index computation and size computation bugs.
+
+ I have not seen these issues manifest themselves, but they are
+ blocking a patch that uses BitVector more aggressively.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/BitVector.cpp: Added.
+ (BitVector::BitVector):
+ (BitVector::operator=):
+ (BitVector::resize):
+ (BitVector::clearAll):
+ (BitVector::OutOfLineBits::create):
+ (BitVector::OutOfLineBits::destroy):
+ (BitVector::resizeOutOfLine):
+ * wtf/BitVector.h:
+ (WTF::BitVector::ensureSize):
+ (WTF::BitVector::get):
+ (WTF::BitVector::set):
+ (WTF::BitVector::clear):
+ (WTF::BitVector::byteCount):
+ (WTF::BitVector::OutOfLineBits::numWords):
+ (WTF::BitVector::OutOfLineBits::bits):
+ (WTF::BitVector::outOfLineBits):
+ * wtf/CMakeLists.txt:
+ * wtf/wtf.pri:
+
+2011-09-23 Adam Klein <adamk@chromium.org>
+
+ Add ENABLE_MUTATION_OBSERVERS feature flag
+ https://bugs.webkit.org/show_bug.cgi?id=68732
+
+ Reviewed by Ojan Vafai.
+
+ This flag will guard an implementation of the "Mutation Observers" proposed in
+ http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::getJSNumber
+ https://bugs.webkit.org/show_bug.cgi?id=68651
+
+ Reviewed by Oliver Hunt.
+
+ Added a new JSType to check whether or not something is a
+ NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not
+ currently a better way to determine whether something is indeed a NumberObject.
+ Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo
+ for whether the object is a NumberObject or not. This patch is part of
+ the larger process of de-virtualizing JSCell.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getJSNumber):
+ * runtime/JSCell.h:
+ (JSC::JSValue::getJSNumber):
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::isNumberObject):
+ * runtime/JSValue.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::getJSNumber):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+
+2011-09-23 Filip Pizlo <fpizlo@apple.com>
+
+ Resolve opcodes should have value profiling.
+ https://bugs.webkit.org/show_bug.cgi?id=68723
+
+ Reviewed by Oliver Hunt.
+
+ This adds value profiling to all forms of op_resolve in the
+ old JIT, and patches that information into the DFG along with
+ performing the appropriate type propagation.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::resolveGlobalDataIndex):
+ (JSC::DFG::Node::hasPrediction):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_resolve_with_this):
+ (JSC::JIT::emitSlow_op_resolve_global_dynamic):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::callWithValueProfiling):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Fix windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-23 Gavin Barraclough <barraclough@apple.com>
+
+ Strict mode does not work in non-trivial nested functions.
+ https://bugs.webkit.org/show_bug.cgi?id=68740
+
+ Reviewed by Oliver Hunt.
+
+ Function-info caching does not preserve all state that it should.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::Scope::saveFunctionInfo):
+ (JSC::JSParser::Scope::restoreFunctionInfo):
+ (JSC::JSParser::parseFunctionInfo):
+ * parser/SourceProviderCacheItem.h:
+
+2011-09-23 Filip Pizlo <fpizlo@apple.com>
+
+ ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED
+ https://bugs.webkit.org/show_bug.cgi?id=68724
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Build fix.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-09-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG implementation of PutScopedVar corrupts register allocation
+ https://bugs.webkit.org/show_bug.cgi?id=68735
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Make write barriers actually do something when enabled
+ https://bugs.webkit.org/show_bug.cgi?id=68717
+
+ Reviewed by Geoffrey Garen.
+
+ Add a basic card marking style write barrier to JSC (currently
+ turned off). This requires two scratch registers in the JIT
+ so there was some register re-arranging to satisfy that requirement.
+ Happily this produced a minor perf bump in sunspider (~0.5%).
+
+ Turning the barriers on causes an overall regression of around 1.5%
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store8):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movb_i8m):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotCell):
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::markCellCard):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/CardSet.h: Added.
+ (JSC::CardSet::CardSet):
+ (JSC::::cardForAtom):
+ (JSC::::cardMarkedForAtom):
+ (JSC::::markCardForAtom):
+ * heap/Heap.cpp:
+ * heap/Heap.h:
+ (JSC::Heap::addressOfCardFor):
+ (JSC::Heap::writeBarrierFastCase):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::setDirtyObject):
+ (JSC::MarkedBlock::addressOfCardFor):
+ (JSC::MarkedBlock::offsetOfCards):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var):
+ (JSC::JIT::emitWriteBarrier):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var):
+
+2011-09-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=68077
+ SH4 assemblers doesn't refer to executable memory handle.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::branch8):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::executableCopy):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ PutScopedVar nodes should report that it has a var number
+ https://bugs.webkit.org/show_bug.cgi?id=68721
+
+ Reviewed by Anders Carlsson.
+
+ Another assertion fix.
+
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVarNumber):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Add a bunch of unhandled node types to the propagator
+ https://bugs.webkit.org/show_bug.cgi?id=68716
+
+ Reviewed by Darin Adler.
+
+ Remove the ASSERT_NOT_REACHED() default for debug builds in the
+ prediction propagator, this way unhandled nodes will just cause
+ compile time failures rather than failing at some point in the
+ future.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::visitChildren
+ https://bugs.webkit.org/show_bug.cgi?id=68404
+
+ Reviewed by Darin Adler.
+
+ In this patch we just extract the bodies of the virtual visitChildren methods
+ throughout the JSCell inheritance hierarchy out into static methods, which are
+ now called from the virtual methods. This is an intermediate step in trying to
+ move the virtual-ness of visitChildren into our own custom vtable stored in
+ ClassInfo. We need to convert the methods to static methods in order to be
+ able to more easily store and refer to them in our custom vtable since normal
+ member methods store some implicit information in their types, making it
+ impossible to store them generically in ClassInfo.
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::visitChildrenVirtual):
+ (JSC::JSCallbackObject::visitChildren):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildrenVirtual):
+ (JSC::DebuggerActivation::visitChildren):
+ * debugger/DebuggerActivation.h:
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildrenVirtual):
+ (JSC::Arguments::visitChildren):
+ * runtime/Arguments.h:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildrenVirtual):
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildrenVirtual):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildrenVirtual):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildrenVirtual):
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildrenVirtual):
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildrenVirtual):
+ (JSC::JSArray::visitChildren):
+ * runtime/JSArray.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::visitChildrenVirtual):
+ (JSC::JSBoundFunction::visitChildren):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::visitChildrenVirtual):
+ (JSC::JSCell::visitChildren):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildrenVirtual):
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildrenVirtual):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildrenVirtual):
+ (JSC::JSObject::visitChildren):
+ * runtime/JSObject.h:
+ (JSC::JSObject::visitChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildrenVirtual):
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildrenVirtual):
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildrenVirtual):
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/JSWrapperObject.h:
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildrenVirtual):
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildrenVirtual):
+ (JSC::RegExpObject::visitChildren):
+ * runtime/RegExpObject.h:
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildrenVirtual):
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::visitChildrenVirtual):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildrenVirtual):
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Node propagation doesn't handle PutScopedVar
+ https://bugs.webkit.org/show_bug.cgi?id=68713
+
+ Reviewed by Sam Weinig.
+
+ This was causing assertion failures.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-09-23 Anders Carlsson <andersca@apple.com>
+
+ Make sure to define OVERRIDE and FINAL for older builds of clang.
+
+ * wtf/Compiler.h:
+
+2011-09-23 Gavin Barraclough <barraclough@apple.com>
+
+ Implement op_resolve_global in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68704
+
+ Reviewed by Oliver Hunt.
+
+ This is performance neutral, but increases coverage.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::resolveInfoIndex):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-23 Mark Rowe <mrowe@apple.com>
+
+ Define BUILDING_ON_LION / TARGETING_LION when appropriate in Platform.h.
+
+ * wtf/Platform.h:
+
+2011-09-22 Anders Carlsson <andersca@apple.com>
+
+ We should add support for OVERRIDE and FINAL annotations
+ https://bugs.webkit.org/show_bug.cgi?id=68654
+
+ Reviewed by David Hyatt.
+
+ Add OVERRIDE and FINAL macros for compilers that support them.
+
+ * wtf/Compiler.h:
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ GetScopedVar should have value profiling
+ https://bugs.webkit.org/show_bug.cgi?id=68676
+
+ Reviewed by Oliver Hunt.
+
+ Added GetScopedVar value profiling and predictin propagation.
+ Added GetScopeChain to CSE.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasPrediction):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::getScopeChainLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_scoped_var):
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ PPC build fix, part 3.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ Another PPC build fix.
+
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+
+2011-09-22 Dean Jackson <dino@apple.com>
+
+ Add ENABLE_CSS_FILTERS
+ https://bugs.webkit.org/show_bug.cgi?id=68652
+
+ Reviewed by Simon Fraser.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Incorrect this value passed to callbacks.
+ https://bugs.webkit.org/show_bug.cgi?id=68668
+
+ Reviewed by Oliver Hunt.
+
+ From Array/String prototype function. Should be undefined, but
+ global object is passed instead (this is visible for strict callbacks).
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ * runtime/JSArray.cpp:
+ (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
+ (JSC::JSArray::sort):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace):
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Function.prototype.bind.length shoudl be 1.
+
+ Rubber stamped by Olier Hunt.
+
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::addFunctionProperties):
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ PPC build fix.
+
+ * bytecode/CodeBlock.h:
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix pt. 2
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix pt. 1
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not support to_primitive or strcat
+ https://bugs.webkit.org/show_bug.cgi?id=68582
+
+ Reviewed by Darin Adler.
+
+ This adds functional support for to_primitive and strcat. It focuses
+ on minimizing the amount of code emitted on to_primitive (if we know
+ that it is a primitive or can speculate cheaply, then we omit the
+ slow path) and on keeping the implementation of strcat simple while
+ leveraging whatever optimizations we have already. In particular,
+ unlike the Call and Construct nodes which require extending the size
+ of the DFG's callee registers, StrCat takes advantage of the fact
+ that no JS code can run while StrCat is in progress and uses a
+ scratch buffer, rather than the register file, to store the list of
+ values to concatenate. This was done mainly to keep the code simple,
+ but there are probably other benefits to keeping call frame sizes
+ down. Essentially, this patch ensures that the presence of an
+ op_strcat does not mess up any other optimizations we might do while
+ ensuring that if you do execute it, it'll work about as well as you'd
+ expect.
+
+ When combined with the previous patch for integer division, this is a
+ 14% speed-up on Kraken. Without it, it would have been a 2% loss.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGNode.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::scratchBufferForSize):
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should support integer division
+ https://bugs.webkit.org/show_bug.cgi?id=68597
+
+ Reviewed by Darin Adler.
+
+ This adds support for ArithDiv speculating integer, and speculating
+ that the result is integer (i.e. remainder = 0).
+
+ This is a 4% win on Kraken and a 1% loss on V8.
+
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasArithNodeFlags):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_div):
+
+2011-09-22 Oliver Hunt <oliver@apple.com>
+
+ Implement put_scoped_var in the DFG jit
+ https://bugs.webkit.org/show_bug.cgi?id=68653
+
+ Reviewed by Gavin Barraclough.
+
+ Naive implementation of put_scoped_var. Same story as the
+ get_scoped_var implementation, although I've hoisted scope
+ object acquisition into a separate dfg node. Ideally in the
+ future we would reuse the resolved scope chain object, but
+ for now we don't.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasScopeChainDepth):
+ (JSC::DFG::Node::scopeChainDepth):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Implement Function.prototype.bind
+ https://bugs.webkit.org/show_bug.cgi?id=26382
+
+ Reviewed by Sam Weinig.
+
+ This patch provides a basic functional implementation
+ for Function.bind. It should (hopefully!) be fully
+ functionally correct, and the bound functions can be
+ called to quickly (since they are a subclass of
+ JSFunction, not InternalFunction), but we'll probably
+ want to follow up with some optimization work to keep
+ bound calls in JIT code.
+
+ * JavaScriptCore.JSVALUE32_64only.exp:
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * jsc.cpp:
+ (GlobalObject::addFunction):
+ * runtime/CommonIdentifiers.h:
+ * runtime/ConstructData.h:
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::NativeExecutable):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::addFunctionProperties):
+ (JSC::functionProtoFuncBind):
+ * runtime/FunctionPrototype.h:
+ * runtime/JSBoundFunction.cpp: Added.
+ (JSC::boundFunctionCall):
+ (JSC::boundFunctionConstruct):
+ (JSC::JSBoundFunction::create):
+ (JSC::JSBoundFunction::hasInstance):
+ (JSC::JSBoundFunction::getOwnPropertySlot):
+ (JSC::JSBoundFunction::getOwnPropertyDescriptor):
+ (JSC::JSBoundFunction::JSBoundFunction):
+ (JSC::JSBoundFunction::finishCreation):
+ * runtime/JSBoundFunction.h: Added.
+ (JSC::JSBoundFunction::targetFunction):
+ (JSC::JSBoundFunction::boundThis):
+ (JSC::JSBoundFunction::boundArgs):
+ (JSC::JSBoundFunction::createStructure):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+ (JSC::JSFunction::finishCreation):
+ (JSC::createDescriptorForThrowingProperty):
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::boundFunctionStructure):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+
+2011-09-22 Oliver Hunt <oliver@apple.com>
+
+ Implement get_scoped_var in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=68640
+
+ Reviewed by Gavin Barraclough.
+
+ Naive implementation of get_scoped_var in the DFG. Essentially this
+ is the bare minimum required to get correct behaviour, so there's no
+ load/store coalescing or type profiling involved, even though these
+ would be wins. No impact on SunSpider or V8.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVarNumber):
+ (JSC::DFG::Node::hasScopeChainDepth):
+ (JSC::DFG::Node::scopeChainDepth):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-22 Adam Roben <aroben@apple.com>
+
+ Remove FindSafari from all our .sln files
+
+ It isn't used anymore, so there's no point in building it.
+
+ Part of <http://webkit.org/b/68628> Remove FindSafari
+
+ Reviewed by Steve Falkenburg.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln:
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ 32-bit call code clobbers the function cell tag
+ https://bugs.webkit.org/show_bug.cgi?id=68606
+
+ Reviewed by Csaba Osztrogonác.
+
+ This is a minimalistic fix: it simply emits code to restore the
+ cell tag on the slow path, if we know that we failed due to
+ emitCallIfNotType.
+
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallVarargsSlowCase):
+ (JSC::JIT::compileOpCallSlowCase):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Add missing addPtr->add32 mapping for X86.
+
+ Rubber stamped by Sam Weinig.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::addPtr):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Add missing addDouble for AbsoluteAddress to X86
+
+ Rubber stamped by Geoff Garen.
+
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::addDouble):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::addsd_mr):
+ (JSC::X86Assembler::cvtsi2sd_rr):
+ (JSC::X86Assembler::cvtsi2sd_mr):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix following fix for bug #68586.
+
+ * jit/JIT.cpp:
+ * jit/JITInlineMethods.h:
+
+2011-09-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should be able to compile op_throw
+ https://bugs.webkit.org/show_bug.cgi?id=68571
+
+ Reviewed by Geoffrey Garen.
+
+ This compiles op_throw in the simplest way possible: it's an OSR
+ point back to the old JIT. This is a good step towards increasing
+ coverage, particularly on Kraken, but it's neutral because the
+ same functions that do throw also use some other unsupported
+ opcodes.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should support continuous optimization
+ https://bugs.webkit.org/show_bug.cgi?id=68329
+
+ Reviewed by Geoffrey Garen.
+
+ This adds the ability to reoptimize a code block if speculation
+ failures happen frequently. 6% speed-up on Kraken, 1% slow-down
+ on V8, neutral on SunSpider.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::ProgramCodeBlock::jettison):
+ (JSC::EvalCodeBlock::jettison):
+ (JSC::FunctionCodeBlock::jettison):
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getStrongPrediction):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h:
+ (JSC::DFG::getOSREntryDataBytecodeIndex):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::ConservativeRoots):
+ (JSC::ConservativeRoots::~ConservativeRoots):
+ (JSC::DummyMarkHook::mark):
+ (JSC::ConservativeRoots::genericAddPointer):
+ (JSC::ConservativeRoots::genericAddSpan):
+ (JSC::ConservativeRoots::add):
+ * heap/ConservativeRoots.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::addJettisonCodeBlock):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/JettisonedCodeBlocks.cpp: Added.
+ (JSC::JettisonedCodeBlocks::JettisonedCodeBlocks):
+ (JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks):
+ (JSC::JettisonedCodeBlocks::addCodeBlock):
+ (JSC::JettisonedCodeBlocks::clearMarks):
+ (JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks):
+ (JSC::JettisonedCodeBlocks::traceCodeBlocks):
+ * heap/JettisonedCodeBlocks.h: Added.
+ (JSC::JettisonedCodeBlocks::mark):
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots):
+ * interpreter/RegisterFile.h:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.cpp:
+ (JSC::jettisonCodeBlock):
+ (JSC::EvalExecutable::jettisonOptimizedCode):
+ (JSC::ProgramExecutable::jettisonOptimizedCode):
+ (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
+ (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
+ * wtf/BitVector.h: Added.
+ (WTF::BitVector::BitVector):
+ (WTF::BitVector::~BitVector):
+ (WTF::BitVector::operator=):
+ (WTF::BitVector::size):
+ (WTF::BitVector::ensureSize):
+ (WTF::BitVector::resize):
+ (WTF::BitVector::clearAll):
+ (WTF::BitVector::get):
+ (WTF::BitVector::set):
+ (WTF::BitVector::clear):
+ (WTF::BitVector::bitsInPointer):
+ (WTF::BitVector::maxInlineBits):
+ (WTF::BitVector::byteCount):
+ (WTF::BitVector::makeInlineBits):
+ (WTF::BitVector::OutOfLineBits::numBits):
+ (WTF::BitVector::OutOfLineBits::numWords):
+ (WTF::BitVector::OutOfLineBits::bits):
+ (WTF::BitVector::OutOfLineBits::create):
+ (WTF::BitVector::OutOfLineBits::destroy):
+ (WTF::BitVector::OutOfLineBits::OutOfLineBits):
+ (WTF::BitVector::isInline):
+ (WTF::BitVector::outOfLineBits):
+ (WTF::BitVector::resizeOutOfLine):
+ (WTF::BitVector::bits):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Add X86 GPRInfo for DFG JIT.
+ https://bugs.webkit.org/show_bug.cgi?id=68586
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGGPRInfo.h:
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ (JSC::DFG::GPRInfo::debugName):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Should support value profiling on CPU(X86)
+ https://bugs.webkit.org/show_bug.cgi?id=68575
+
+ Reviewed by Sam Weinig.
+
+ Fix verbose profiling in ToT (SlowCaseProfile had been
+ partially renamed to RareCaseProfile), add in-memory
+ bucket counter for CPU(X86), move JIT::m_canBeOptimized
+ out of the DFG_JIT ifdef.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::resetRareCaseProfiles):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+
+2011-09-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does not support compiling functions as constructors
+ https://bugs.webkit.org/show_bug.cgi?id=68500
+
+ Reviewed by Oliver Hunt.
+
+ This adds support for compiling constructors to the DFG. It's a
+ 1% speed-up on V8, mostly due to a 6% speed-up on early-boyer.
+ It's also a 13% win on access-binary-trees, but it's neutral in
+ the SunSpider and Kraken averages.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNode.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileOptimizedForConstruct):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::compileForConstruct):
+ (JSC::FunctionExecutable::compileFor):
+ (JSC::FunctionExecutable::compileOptimizedFor):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Replace jsFunctionVPtr compares with a type check on the Structure.
+ https://bugs.webkit.org/show_bug.cgi?id=68557
+
+ Reviewed by Oliver Hunt.
+
+ This will permit calls to still optimize to subclasses of JSFunction
+ that have the correct type (but a different C++ vptr).
+
+ This patch stops passing the globalData into numerous functions.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::isFunctionConstant):
+ (JSC::DFG::Graph::valueOfFunctionConstant):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isFunctionConstant):
+ (JSC::DFG::JITCompiler::valueOfFunctionConstant):
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitJumpIfNotType):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.h:
+ (JSC::isHostFunction):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::putWithAttributes):
+ * runtime/JSObject.h:
+ (JSC::getJSFunction):
+ (JSC::JSObject::putDirect):
+ (JSC::JSObject::putDirectWithoutTransition):
+ * runtime/JSType.h:
+
+2011-09-21 Geoffrey Garen <ggaren@apple.com>
+
+ Removed WTFTHREADDATA_MULTITHREADED, making it always true
+ https://bugs.webkit.org/show_bug.cgi?id=68549
+
+ Reviewed by Darin Adler.
+
+ Another part of making threads exist in WebKit.
+
+ * wtf/WTFThreadData.cpp:
+ * wtf/WTFThreadData.h:
+ (WTF::wtfThreadData):
+
+2011-09-21 Dan Bernstein <mitz@apple.com>
+
+ JavaScriptCore Part of: Prevent the WebKit frameworks from defining inappropriately-named Objective-C classes
+ https://bugs.webkit.org/show_bug.cgi?id=68451
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase that invokes
+ check-for-inappropriate-objc-class-names, allowing only class names prefixed with "JS".
+
+2011-09-20 Gavin Barraclough <barraclough@apple.com>
+
+ MacroAssembler fixes.
+ https://bugs.webkit.org/show_bug.cgi?id=68494
+
+ Reviewed by Sam Weinig.
+
+ Add X86-64's 3 operand or32 to other MacroAssembler, fix load32's [const] void* mismatch
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::orPtr):
+ (JSC::MacroAssembler::loadPtr):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::or32):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::or32):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::or32):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::or32):
+ (JSC::MacroAssemblerSH4::load32):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::load32):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::load32):
+
+2011-09-20 Geoffrey Garen <ggaren@apple.com>
+
+ Some Heap cleanup.
+
+ Reviewed by Beth Dakin.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::blessNewBlock): Removed blessNewBlockForSlowPath()
+ because it was unused; renamed blessNewBlockForFastPath() to blessNewBlock()
+ since there is only one now.
+
+ * heap/MarkedBlock.h: Removed ownerSet-related stuff since it was unused.
+ Updated mark bit overhead calculation. Deployed atomsPerBlock in one
+ place where we were recalculating it.
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::addBlock): Updated for rename.
+
+2011-09-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT always speculates integer on modulo
+ https://bugs.webkit.org/show_bug.cgi?id=68485
+
+ Reviewed by Oliver Hunt.
+
+ Added support for double modulo, which is a call to fmod().
+ Also added support for recording the old JIT's statistics
+ on op_mod and propagating them along the graph. Finally,
+ fixed a goof in the ArithNodeFlags propagation logic that
+ was made obvious when I started testing ArithMod.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasArithNodeFlags):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-20 ChangSeok Oh <shivamidow@gmail.com>
+
+ [GTK] requestAnimationFrame support for gtk port
+ https://bugs.webkit.org/show_bug.cgi?id=66280
+
+ Reviewed by Martin Robinson.
+
+ Let GTK port use REQUEST_ANIMATION_FRAME_TIMER.
+
+ * wtf/Platform.h:
+
+2011-09-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT performs too many negative zero checks, and too many
+ overflow checks
+ https://bugs.webkit.org/show_bug.cgi?id=68430
+
+ Reviewed by Oliver Hunt.
+
+ This adds comprehensive support for deciding how to perform an
+ arithmetic operations based on a combination of overflow profiling,
+ negative zero profiling, value profiling, and a static analysis of
+ how the results of these operations get used.
+
+ This is a 72% speed-up on stanford-crypto-sha256-iterative, and a
+ 2.5% speed-up on the Kraken average, a 1.4% speed-up on the V8
+ geomean, and neutral on SunSpider. It's also an 8.5% speed-up on
+ V8-crypto, because apparenty everything we do speeds up crypto.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::toNumber):
+ (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
+ (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
+ (JSC::DFG::ByteCodeParser::weaklyPredictInt32):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ * dfg/DFGNode.h:
+ (JSC::DFG::nodeUsedAsNumber):
+ (JSC::DFG::nodeCanTruncateInteger):
+ (JSC::DFG::nodeCanIgnoreNegativeZero):
+ (JSC::DFG::nodeCanSpeculateInteger):
+ (JSC::DFG::arithNodeFlagsAsString):
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasArithNodeFlags):
+ (JSC::DFG::Node::rawArithNodeFlags):
+ (JSC::DFG::Node::arithNodeFlags):
+ (JSC::DFG::Node::arithNodeFlagsForCompare):
+ (JSC::DFG::Node::setArithNodeFlag):
+ (JSC::DFG::Node::mergeArithNodeFlags):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::isNotNegZero):
+ (JSC::DFG::Propagator::isNotZero):
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::propagatePredictionsForward):
+ (JSC::DFG::Propagator::propagatePredictionsBackward):
+ (JSC::DFG::Propagator::toDouble):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::fixup):
+ (JSC::DFG::Propagator::startIndexForChildren):
+ (JSC::DFG::Propagator::endIndexForPureCSE):
+ (JSC::DFG::Propagator::pureCSE):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::setReplacement):
+ (JSC::DFG::Propagator::performNodeCSE):
+ (JSC::DFG::Propagator::localCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Refactor Heap allocation logic into separate AllocationSpace class
+ https://bugs.webkit.org/show_bug.cgi?id=68409
+
+ Reviewed by Gavin Barraclough.
+
+ This patch hoists direct manipulation of the MarkedSpace and related
+ data out of Heap and into a separate class. This will allow us to
+ have multiple allocation spaces in future, so easing the way towards
+ having GC'd backing stores for objects.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::recompileAllJSFunctions):
+ * heap/AllocationSpace.cpp: Added.
+ (JSC::AllocationSpace::tryAllocate):
+ (JSC::AllocationSpace::allocateSlowCase):
+ (JSC::AllocationSpace::allocateBlock):
+ (JSC::AllocationSpace::freeBlocks):
+ (JSC::TakeIfEmpty::TakeIfEmpty):
+ (JSC::TakeIfEmpty::operator()):
+ (JSC::TakeIfEmpty::returnValue):
+ (JSC::AllocationSpace::shrink):
+ * heap/AllocationSpace.h: Added.
+ (JSC::AllocationSpace::AllocationSpace):
+ (JSC::AllocationSpace::blocks):
+ (JSC::AllocationSpace::sizeClassFor):
+ (JSC::AllocationSpace::setHighWaterMark):
+ (JSC::AllocationSpace::highWaterMark):
+ (JSC::AllocationSpace::canonicalizeBlocks):
+ (JSC::AllocationSpace::resetAllocator):
+ (JSC::AllocationSpace::forEachCell):
+ (JSC::AllocationSpace::forEachBlock):
+ (JSC::AllocationSpace::allocate):
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::globalObjectCount):
+ (JSC::Heap::objectTypeCounts):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink):
+ * heap/Heap.h:
+ (JSC::Heap::objectSpace):
+ (JSC::Heap::sizeClassForObject):
+ (JSC::Heap::allocate):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed BREWMP* platform #ifdefs
+ https://bugs.webkit.org/show_bug.cgi?id=68425
+
+ BREWMP* has no maintainer, and this is dead code.
+
+ Reviewed by Darin Adler.
+
+ * heap/MarkStack.h:
+ (JSC::::shrinkAllocation):
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+ * runtime/TimeoutChecker.cpp:
+ (JSC::getCPUTime):
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+ * wtf/CurrentTime.cpp:
+ * wtf/DateMath.cpp:
+ (WTF::calculateUTCOffset):
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMalloc):
+ (WTF::fastCalloc):
+ (WTF::fastMallocSize):
+ * wtf/FastMalloc.h:
+ * wtf/MainThread.cpp:
+ * wtf/MathExtras.h:
+ * wtf/OwnPtrCommon.h:
+ * wtf/Platform.h:
+ * wtf/RandomNumber.cpp:
+ (WTF::randomNumber):
+ * wtf/RandomNumberSeed.h:
+ (WTF::initializeRandomNumberGenerator):
+ * wtf/text/WTFString.h:
+ * wtf/unicode/Unicode.h:
+
+2011-09-20 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r95523
+
+ * wtf/CheckedArithmetic.h: Added stdint.h so we can have int64_t defined.
+
+2011-09-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not speculate aggressively enough on GetById
+ https://bugs.webkit.org/show_bug.cgi?id=68320
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ability to access properties directly, by offset.
+ This optimization kicks in when at the time of DFG compilation,
+ it appears that the given get_by_id is self-cached by the old JIT.
+ Two new opcodes get introduced: CheckStructure and GetByOffset.
+ CheckStructure performs a speculation check on the object's
+ structure, and returns the storage pointer. GetByOffset performs
+ a direct read of the field from the storage pointer. Both
+ CheckStructure and GetByOffset can be CSE'd, so that we can
+ eliminate redundant structure checks, and redundant reads of the
+ same field.
+
+ This is a 4% speed-up on V8, a 2% slow-down on Kraken, and
+ neutral on SunSpider.
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionFromClassInfo):
+ (JSC::predictionFromStructure):
+ (JSC::predictionFromCell):
+ * bytecode/PredictedType.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::dataFormatToString):
+ (JSC::DFG::needDataFormatConversion):
+ (JSC::DFG::GenerationInfo::initStorage):
+ (JSC::DFG::GenerationInfo::spill):
+ (JSC::DFG::GenerationInfo::fillStorage):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::fillStorage):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::spill):
+ (JSC::DFG::JITCodeGenerator::storageResult):
+ (JSC::DFG::StorageOperand::StorageOperand):
+ (JSC::DFG::StorageOperand::~StorageOperand):
+ (JSC::DFG::StorageOperand::index):
+ (JSC::DFG::StorageOperand::gpr):
+ (JSC::DFG::StorageOperand::use):
+ * dfg/DFGNode.h:
+ (JSC::DFG::OpInfo::OpInfo):
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasPrediction):
+ (JSC::DFG::Node::hasStructure):
+ (JSC::DFG::Node::structure):
+ (JSC::DFG::Node::hasStorageAccessData):
+ (JSC::DFG::Node::storageAccessDataIndex):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::globalVarLoadElimination):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * wtf/StdLibExtras.h:
+ (WTF::safeCast):
+
+2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove toPrimitive from JSCell
+ https://bugs.webkit.org/show_bug.cgi?id=67875
+
+ Reviewed by Darin Adler.
+
+ Part of the refactoring process to un-virtualize JSCell. We move
+ all of the implicit functionality provided by the virtual toPrimitive method
+ in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
+ also de-virtualizing JSCell::toPrimitive.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toPrimitive):
+ * runtime/JSCell.h:
+
+ We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
+ JSObject. This pushes the virtual method further down, enabling us to get rid
+ of the virtual call in JSCell. Eventually we'll probably have to deal with this
+ again, but we'll cross that bridge when we come to it.
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::defaultValue):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed ENABLE_LAZY_BLOCK_FREEING and related #ifdefs
+ https://bugs.webkit.org/show_bug.cgi?id=68424
+
+ As discussed on webkit-dev. All ports build with threads enabled in JSC now.
+
+ This may break WinCE and other ports that have not built and tested with
+ this configuration. I've filed bugs for port maintainers. It's time for
+ WebKit to move forward.
+
+ Reviewed by Mark Rowe.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::~Heap):
+ (JSC::Heap::destroy):
+ (JSC::Heap::blockFreeingThreadMain):
+ (JSC::Heap::allocateBlock):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::releaseFreeBlocks):
+ * heap/Heap.h:
+ * wtf/Platform.h:
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed ENABLE_WTF_MULTIPLE_THREADS and related #ifdefs
+ https://bugs.webkit.org/show_bug.cgi?id=68423
+
+ As discussed on webkit-dev. All ports build with threads enabled in WTF now.
+
+ This may break WinCE and other ports that have not built and tested with
+ this configuration. I've filed bugs for port maintainers. It's time for
+ WebKit to move forward.
+
+ Reviewed by Mark Rowe.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
+ * wtf/FastMalloc.cpp:
+ * wtf/Platform.h:
+ * wtf/RandomNumber.cpp:
+ (WTF::randomNumber):
+ * wtf/RefCountedLeakCounter.cpp:
+ (WTF::RefCountedLeakCounter::increment):
+ (WTF::RefCountedLeakCounter::decrement):
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+ * wtf/ThreadingWin.cpp:
+ (WTF::initializeThreading):
+ * wtf/dtoa.cpp:
+ (WTF::pow5mult):
+ * wtf/gtk/ThreadingGtk.cpp:
+ (WTF::initializeThreading):
+ * wtf/qt/ThreadingQt.cpp:
+ (WTF::initializeThreading):
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs.
+ https://bugs.webkit.org/show_bug.cgi?id=68422
+
+ As discussed on webkit-dev. All ports build with threads enabled in JSC now.
+
+ This may break WinCE and other ports that have not built and tested with
+ this configuration. I've filed bugs for port maintainers. It's time for
+ WebKit to move forward.
+
+ Reviewed by Sam Weinig.
+
+ * API/APIShims.h:
+ (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
+ * API/JSContextRef.cpp:
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::MachineThreads):
+ (JSC::MachineThreads::~MachineThreads):
+ (JSC::MachineThreads::gatherConservativeRoots):
+ * heap/MachineStackMarker.h:
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ (JSC::initializeThreading):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::sharedInstance):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::makeUsableFromMultipleThreads):
+ * runtime/JSLock.cpp:
+ * runtime/Structure.cpp:
+ * wtf/Platform.h:
+
+2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95493 and r95496.
+ http://trac.webkit.org/changeset/95493
+ http://trac.webkit.org/changeset/95496
+ https://bugs.webkit.org/show_bug.cgi?id=68418
+
+ Broke Windows build (Requested by rniwa on #webkit).
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::recompileAllJSFunctions):
+ * heap/AllocationSpace.cpp: Removed.
+ * heap/AllocationSpace.h: Removed.
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
+ (JSC::CountFunctor::TakeIfEmpty::operator()):
+ (JSC::CountFunctor::TakeIfEmpty::returnValue):
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::tryAllocate):
+ (JSC::Heap::allocateSlowCase):
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::globalObjectCount):
+ (JSC::Heap::objectTypeCounts):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::allocateBlock):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink):
+ * heap/Heap.h:
+ (JSC::Heap::markedSpace):
+ (JSC::Heap::forEachCell):
+ (JSC::Heap::forEachBlock):
+ (JSC::Heap::sizeClassFor):
+ (JSC::Heap::allocate):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+
+2011-09-19 Gavin Barraclough <barraclough@apple.com>
+
+ Errrk, missed stylebot comments in last commit.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSplit):
+
+2011-09-19 Gavin Barraclough <barraclough@apple.com>
+
+ String#split is buggy
+ https://bugs.webkit.org/show_bug.cgi?id=68348
+
+ Reviewed by Sam Weinig.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::jsStringWithReuse):
+ - added helper function to reuse original JSString value.
+ (JSC::stringProtoFuncSplit):
+ - Rewritten from the spec.
+ * tests/mozilla/ecma/String/15.5.4.8-2.js:
+ (getTestCases):
+ - This test is not ES5 compliant.
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed lots of friend declarations from JSCell, so we can more
+ effectively make use of private and protected.
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSCell.h: Removed MSVCBugWorkaround because it was a lot of
+ confusion for not much safety.
+ (JSC::JSCell::operator new): Made this public because it is used by a
+ few clients, and not really dangerous.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ (JSC::JSObject::getPropertySpecificValue):
+ (JSC::JSObject::getOwnPropertyNames):
+ (JSC::JSObject::seal):
+ (JSC::JSObject::freeze):
+ (JSC::JSObject::preventExtensions):
+ (JSC::JSObject::removeDirect):
+ (JSC::JSObject::createInheritorID):
+ (JSC::JSObject::allocatePropertyStorage):
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getDirect):
+ (JSC::JSObject::getDirectLocation):
+ (JSC::JSObject::hasCustomProperties):
+ (JSC::JSObject::hasGetterSetterProperties):
+ (JSC::JSObject::isSealed):
+ (JSC::JSObject::isFrozen):
+ (JSC::JSObject::isExtensible):
+ (JSC::JSObject::flattenDictionaryObject):
+ (JSC::JSObject::finishCreation):
+ (JSC::JSObject::prototype):
+ (JSC::JSObject::setPrototype):
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ (JSC::JSCell::fastGetOwnProperty):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::visitChildrenDirect): Changed all use of m_structure to
+ structure() / setStructure(), so we don't have to be a friend of JSCell.
+
+ * runtime/Structure.h:
+ (JSC::JSCell::setStructure): Added, to avoid direct access by JSObject
+ to JSCell::m_structure.
+
+2011-09-19 Adam Barth <abarth@webkit.org>
+
+ Always enable ENABLE(EVENTSOURCE)
+ https://bugs.webkit.org/show_bug.cgi?id=68414
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-19 Eli Fidler <efidler@rim.com>
+
+ Enable JSC_MULTIPLE_THREADS for OS(QNX).
+ https://bugs.webkit.org/show_bug.cgi?id=68047
+
+ Reviewed by Daniel Bates.
+
+ SA_RESTART was required for SIGUSR2-based debugging, but is not
+ present on QNX. This debugging doesn't seem critical to
+ JSC_MULTIPLE_THREADS, so allow it to proceed.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::Thread::Thread):
+ (JSC::getPlatformThreadRegisters):
+ (JSC::otherThreadStackPointer):
+ (JSC::freePlatformThreadRegisters):
+ * wtf/Platform.h: enable PTHREADS for OS(QNX)
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Refactor Heap allocation logic into separate AllocationSpace class
+ https://bugs.webkit.org/show_bug.cgi?id=68409
+
+ Reviewed by Gavin Barraclough.
+
+ This patch hoists direct manipulation of the MarkedSpace and related
+ data out of Heap and into a separate class. This will allow us to
+ have multiple allocation spaces in future, so easing the way towards
+ having GC'd backing stores for objects.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::recompileAllJSFunctions):
+ * heap/AllocationSpace.cpp: Added.
+ (JSC::AllocationSpace::tryAllocate):
+ (JSC::AllocationSpace::allocateSlowCase):
+ (JSC::AllocationSpace::allocateBlock):
+ (JSC::AllocationSpace::freeBlocks):
+ (JSC::TakeIfEmpty::TakeIfEmpty):
+ (JSC::TakeIfEmpty::operator()):
+ (JSC::TakeIfEmpty::returnValue):
+ (JSC::AllocationSpace::shrink):
+ * heap/AllocationSpace.h: Added.
+ (JSC::AllocationSpace::AllocationSpace):
+ (JSC::AllocationSpace::blocks):
+ (JSC::AllocationSpace::sizeClassFor):
+ (JSC::AllocationSpace::setHighWaterMark):
+ (JSC::AllocationSpace::highWaterMark):
+ (JSC::AllocationSpace::canonicalizeBlocks):
+ (JSC::AllocationSpace::resetAllocator):
+ (JSC::AllocationSpace::forEachCell):
+ (JSC::AllocationSpace::forEachBlock):
+ (JSC::AllocationSpace::allocate):
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::globalObjectCount):
+ (JSC::Heap::objectTypeCounts):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink):
+ * heap/Heap.h:
+ (JSC::Heap::objectSpace):
+ (JSC::Heap::sizeClassForObject):
+ (JSC::Heap::allocate):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+
+2011-09-19 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r95310
+
+ * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added
+ include\private\JavaScriptCore to the include path so DFGIntrinsic.h can be found.
+
+2011-09-19 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculation failures should act as additional value profiles
+ https://bugs.webkit.org/show_bug.cgi?id=68335
+
+ Reviewed by Oliver Hunt.
+
+ This adds slow-case counters to the old JIT. It also ensures that
+ negative zero in multiply is handled carefully. The old JIT
+ previously took slow path if the result of a multiply was zero,
+ which, without any changes, would cause the DFG to think that
+ every such multiply produced a double result.
+
+ This also fixes a bug in the old JIT's handling of decrements. It
+ would take the slow path if the result was zero, but not if it
+ underflowed.
+
+ By itself, this would be a 1% slow-down on V8 and Kraken. But then
+ I wrote optimizations in the DFG that take advantage of this new
+ information. It's no longer the case that every multiply needs to
+ do a check for negative zero; it only happens if the negative
+ zero is ignored.
+
+ This results in a 12% speed-up on v8-crypto, for a 1.4% geomean
+ speed-up in V8. It's mostly neutral on Kraken. I can see an
+ 0.5% slow-down and it appears to be significant.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::resetRareCaseProfiles):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * bytecode/ValueProfile.h:
+ (JSC::RareCaseProfile::RareCaseProfile):
+ (JSC::getRareCaseProfileBytecodeOffset):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JSC::JIT::linkDummySlowCase):
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emit_op_pre_dec):
+ (JSC::JIT::compileBinaryArithOp):
+ (JSC::JIT::emit_op_add):
+ (JSC::JIT::emitSlow_op_add):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::addSlowCase):
+
+2011-09-19 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r94575
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln: Relinearized project dependencies. testRegExp
+ now builds just before FindSafari.
+
+2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95466.
+ http://trac.webkit.org/changeset/95466
+ https://bugs.webkit.org/show_bug.cgi?id=68389
+
+ Incorrect version of the patch. (Requested by mhahnenberg on
+ #webkit).
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toPrimitive):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toPrimitive):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::toPrimitive):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+
+2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove toPrimitive from JSCell
+ https://bugs.webkit.org/show_bug.cgi?id=67875
+
+ Reviewed by Geoffrey Garen.
+
+ Part of the refactoring process to un-virtualize JSCell. We move
+ all of the implicit functionality provided by the virtual toPrimitive method
+ in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
+ also de-virtualizing JSCell::toPrimitive.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toPrimitive):
+ * runtime/JSCell.h:
+
+ We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
+ JSObject. This pushes the virtual method further down, enabling us to get rid
+ of the virtual call in JSCell. Eventually we'll probably have to deal with this
+ again, but we'll cross that bridge when we come to it.
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::defaultValue):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ (JSC::JSValue::toPrimitive):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Build fix.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetDirectOffset):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Rename NewSpace.{h,cpp} to MarkedSpace.{h,cpp}
+ https://bugs.webkit.org/show_bug.cgi?id=68376
+
+ Reviewed by Gavin Barraclough.
+
+ Renamed the the MarkedSpace files to match new name, and
+ updated the relevant references.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.h:
+ * heap/MarkedSpace.cpp: Renamed from Source/JavaScriptCore/heap/NewSpace.cpp.
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::addBlock):
+ (JSC::MarkedSpace::removeBlock):
+ (JSC::MarkedSpace::resetAllocator):
+ (JSC::MarkedSpace::canonicalizeBlocks):
+ * heap/MarkedSpace.h: Renamed from Source/JavaScriptCore/heap/NewSpace.h.
+ (JSC::MarkedSpace::waterMark):
+ (JSC::MarkedSpace::highWaterMark):
+ (JSC::MarkedSpace::setHighWaterMark):
+ (JSC::MarkedSpace::sizeClassFor):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::forEachBlock):
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+ (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
+ * runtime/JSCell.h:
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Rename NewSpace to MarkedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=68375
+
+ Reviewed by Gavin Barraclough.
+
+ Rename NewSpace to a more accurate name, and update all uses.
+ This patch doesn't rename the files themselves as that will
+ just make the patch appear bigger than it is.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
+ (JSC::CountFunctor::TakeIfEmpty::operator()):
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::tryAllocate):
+ (JSC::Heap::allocateSlowCase):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::isValidAllocation):
+ (JSC::Heap::shrink):
+ * heap/Heap.h:
+ (JSC::Heap::markedSpace):
+ (JSC::Heap::sizeClassFor):
+ (JSC::Heap::allocate):
+ * heap/NewSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::addBlock):
+ (JSC::MarkedSpace::removeBlock):
+ (JSC::MarkedSpace::resetAllocator):
+ (JSC::MarkedSpace::canonicalizeBlocks):
+ * heap/NewSpace.h:
+ (JSC::MarkedSpace::waterMark):
+ (JSC::MarkedSpace::highWaterMark):
+ (JSC::MarkedSpace::setHighWaterMark):
+ (JSC::MarkedSpace::sizeClassFor):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::forEachBlock):
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+ (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+
+2011-09-19 Peter Rybin <peter.rybin@gmail.com>
+
+ TextPosition refactoring: Merge ZeroBasedNumber and OneBasedNumber classes
+ https://bugs.webkit.org/show_bug.cgi?id=63541
+
+ Reviewed by Adam Barth.
+
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::startPosition):
+ * wtf/text/TextPosition.h:
+ (WTF::OrdinalNumber::fromZeroBasedInt):
+ (WTF::OrdinalNumber::fromOneBasedInt):
+ (WTF::OrdinalNumber::OrdinalNumber):
+ (WTF::OrdinalNumber::zeroBasedInt):
+ (WTF::OrdinalNumber::oneBasedInt):
+ (WTF::OrdinalNumber::operator==):
+ (WTF::OrdinalNumber::operator!=):
+ (WTF::OrdinalNumber::first):
+ (WTF::OrdinalNumber::beforeFirst):
+ (WTF::TextPosition::TextPosition):
+ (WTF::TextPosition::minimumPosition):
+ (WTF::TextPosition::belowRangePosition):
+
+2011-09-19 Dan Bernstein <mitz@apple.com>
+
+ JavaScriptCore part of [mac] WebKit contains Objective-C classes that are not prefixed with its standard prefixes
+ https://bugs.webkit.org/show_bug.cgi?id=68323
+
+ Reviewed by Sam Weinig.
+
+ Renamed WTFMainThreadCaller to JSWTFMainThreadCaller.
+
+ * wtf/mac/MainThreadMac.mm:
+ (WTF::initializeMainThreadPlatform):
+ (WTF::initializeMainThreadToProcessMainThreadPlatform):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Remove direct property slot pointers from the instruction stream
+ https://bugs.webkit.org/show_bug.cgi?id=68373
+
+ Reviewed by Gavin Barraclough.
+
+ Use an indirect load to access prototype properties rather than directly
+ storing the property address in the instruction stream. This should allow
+ further optimisations in future, and also provides a 0.5% win to sunspider.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compileGetDirectOffset):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetDirectOffset):
+ * runtime/JSObject.h:
+ (JSC::JSObject::addressOfPropertyStorage):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Remove bump allocator
+ https://bugs.webkit.org/show_bug.cgi?id=68370
+
+ Reviewed by Sam Weinig.
+
+ Can't do anything with this allocator currently, and it's
+ increasing the complexity of the GC code. Slight progression
+ on SunSpider, slight regression (undoing the original progression)
+ in V8.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::NewSpace):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::allocate):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::visitChildrenDirect):
+ * runtime/StorageBarrier.h:
+ (JSC::StorageBarrier::set):
+
+2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Fix distcheck build
+ https://bugs.webkit.org/show_bug.cgi?id=68346
+
+ Reviewed by Philippe Normand.
+
+ * GNUmakefile.list.am:
+
+2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Fix distcheck build
+ https://bugs.webkit.org/show_bug.cgi?id=68241
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am:
+
+2011-09-18 Dan Bernstein <mitz@apple.com>
+
+ Removed ProfilerServer.
+
+ Reviewed by Mark Rowe.
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * profiler/ProfilerServer.h: Removed.
+ * profiler/ProfilerServer.mm: Removed.
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * wscript:
+
+2011-09-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should inline Math.min, Math.max, and Math.sqrt
+ https://bugs.webkit.org/show_bug.cgi?id=68318
+
+ Reviewed by Gavin Barraclough.
+
+ Adds Math.min, Math.max, and Math.sqrt intrinsics. Adds support for
+ a function to have an intrinsic but not a thunk generator. This is
+ a 7% speed-up on access-nbody, and neutral elsewhere, mainly because
+ we're still not DFG compiling the bulk of the hot code in Kraken audio
+ benchmarks.
+
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGIntrinsic.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+
+2011-09-18 Nico Weber <thakis@chromium.org>
+
+ Remove two files from JavaScriptCore.gypi that were removed in r95240
+ https://bugs.webkit.org/show_bug.cgi?id=68327
+
+ Unreviewed, build warning fix.
+
+ * JavaScriptCore.gypi:
+
+2011-09-17 Oliver Hunt <oliver@apple.com>
+
+ Remove special case handling of inline storage from the JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68319
+
+ Reviewed by Gavin Barraclough.
+
+ Simplify logic used for reading and writing to property storage
+ by removing the special cases for inline storage. This has no
+ perf impact.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryBuildGetByIDList):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compilePutDirectOffset):
+ (JSC::JIT::compileGetDirectOffset):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compilePutDirectOffset):
+ (JSC::JIT::compileGetDirectOffset):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+
+2011-09-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not have full block-local CSE
+ https://bugs.webkit.org/show_bug.cgi?id=68316
+
+ Reviewed by Oliver Hunt.
+
+ This adds block-local CSE to the DFG. CSE runs in the propagator just after
+ type propagation. It is part of the propagator itself because it needs to
+ use the propagator's internal data structures to determine which operations
+ may have side effects. Because it changes the live-ranges of nodes, the
+ virtual register allocator had to be moved into the propagator so that it
+ runs after CSE. To ensure that the back-end knows to keep the inputs to
+ any eliminated node alive for OSR, a new node type, Phantom, was introduced.
+ It is a no-op but prolonges the live-range of its inputs.
+
+ This is an 80% speed-up on imaging-gaussian-blur, and a 10% speed-up on
+ Kraken.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGAliasTracker.h: Removed.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::MethodCheckData::operator==):
+ (JSC::DFG::MethodCheckData::operator!=):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVirtualRegister):
+ (JSC::DFG::Node::setRefCount):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::canonicalize):
+ (JSC::DFG::Propagator::computeStartIndex):
+ (JSC::DFG::Propagator::startIndex):
+ (JSC::DFG::Propagator::pureCSE):
+ (JSC::DFG::Propagator::globalVarLoadElimination):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ (JSC::DFG::Propagator::performSubstitution):
+ (JSC::DFG::Propagator::setReplacement):
+ (JSC::DFG::Propagator::performNodeCSE):
+ (JSC::DFG::Propagator::performBlockCSE):
+ (JSC::DFG::Propagator::localCSE):
+ (JSC::DFG::Propagator::allocateVirtualRegisters):
+ (JSC::DFG::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ method_check should repatch itself if it finds that the new structure(s)
+ are the result of transitions from the old structure(s)
+ https://bugs.webkit.org/show_bug.cgi?id=68294
+
+ Reviewed by Gavin Barraclough.
+
+ Previously a patched method_check would slow-path to get_by_id. Now it
+ slow-paths to method_check_update, which attempts to correct the
+ method_check due to structure transitions before bailing to get_by_id.
+
+ This is a 1-2% speed-up on some benchmarks and is not a slow-down
+ anywhere, leading to a 0.6% speed-up on the Kraken geomean.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * runtime/Structure.h:
+ (JSC::Structure::transitivelyTransitionedFrom):
+
+2011-09-16 Ryosuke Niwa <rniwa@webkit.org>
+
+ Touch Platform.h in the hope to fix SnowLeopard Intel Release (WebKit2 Tests).
+
+ * wtf/Platform.h:
+
+2011-09-16 Sam Weinig <sam@webkit.org>
+
+ Rename APIValueWrapper type to APIValueWrapperType for consistency
+ https://bugs.webkit.org/show_bug.cgi?id=68306
+
+ Reviewed by Anders Carlsson.
+
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ Update name.
+
+ * runtime/JSType.h:
+ Update name and un-indent.
+
+ * runtime/Structure.h:
+ (JSC::JSCell::isAPIValueWrapper):
+ Update name.
+
+2011-09-16 Sam Weinig <sam@webkit.org>
+
+ Remove unused isStrictModeFunction function
+ https://bugs.webkit.org/show_bug.cgi?id=68305
+
+ Reviewed by Anders Carlsson.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::isStrictModeFunction):
+
+2011-09-16 Sam Weinig <sam@webkit.org>
+
+ Cleanup JSTypeInfo a bit
+ https://bugs.webkit.org/show_bug.cgi?id=68289
+
+ Reviewed by Anders Carlsson.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ Replace direct access to flags() with predicate.
+
+ * runtime/JSObject.h:
+ (JSC::JSFinalObject::createStructure):
+ Pass FinalObjectType instead of using special IsJSFinalObject.
+
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ Add additional assert that you should no object should OverridesHasInstance but not have ImplementsHasInstance set.
+
+ (JSC::TypeInfo::isFinalObject):
+ Added.
+
+ (JSC::TypeInfo::masqueradesAsUndefined):
+ (JSC::TypeInfo::implementsHasInstance):
+ (JSC::TypeInfo::isEnvironmentRecord):
+ (JSC::TypeInfo::overridesHasInstance):
+ (JSC::TypeInfo::implementsDefaultHasInstance):
+ (JSC::TypeInfo::overridesGetOwnPropertySlot):
+ (JSC::TypeInfo::overridesVisitChildren):
+ (JSC::TypeInfo::overridesGetPropertyNames):
+ (JSC::TypeInfo::prohibitsPropertyCaching):
+ (JSC::TypeInfo::isSetOnFlags1):
+ (JSC::TypeInfo::isSetOnFlags2):
+ Replace direct bit twiddling with helper functions.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ Use new isFinalObject() predicate.
+
+2011-09-16 Gavin Barraclough <barraclough@apple.com>
+
+ Unsigned bit shift fails under certain conditions in 32 bit builds
+ https://bugs.webkit.org/show_bug.cgi?id=68166
+
+ Reviewed by Geoff Garen.
+
+ The major bug here is that the slow case (which handles shifts of
+ doubles) doesn't check for negative results from an unsigned shift
+ (which should be unsigned, and as such can't be represented by a
+ signed integer immediate). The implementation is also flawed for
+ shifts by negative shift amounts (treats as shift by zero).
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emitRightShiftSlowCase):
+
+2011-09-16 Geoffrey Garen <ggaren@apple.com>
+
+ Removed undetectable style.filter.
+
+ Reviewed by Sam Weinig.
+
+ This feature was added in http://trac.webkit.org/changeset/15557 to
+ support housingmaps.com. But housingmaps.com no longer needs this hack,
+ we don't know of other websites that need it, and we don't know of
+ any other browsers that have implemented this feature.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/JSTypeInfo.h:
+ * runtime/StringObjectThatMasqueradesAsUndefined.h: Removed.
+
+2011-09-15 Sam Weinig <sam@webkit.org>
+
+ Prepare JSTypes for more Object subtypes
+ https://bugs.webkit.org/show_bug.cgi?id=68200
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::branchIfNotObject):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitJumpIfNotObject):
+ * runtime/JSGlobalObject.h:
+ (JSC::Structure::prototypeForLookup):
+ * runtime/JSObject.h:
+ (JSC::JSObject::finishCreation):
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::type):
+ (JSC::TypeInfo::isObject):
+ (JSC::TypeInfo::isFinal):
+ (JSC::TypeInfo::prohibitsPropertyCaching):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::finishCreation):
+ * runtime/Operations.cpp:
+ (JSC::jsIsObjectType):
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ * runtime/Structure.h:
+ (JSC::Structure::isObject):
+ (JSC::JSCell::isObject):
+
+2011-09-16 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled back in r95201 with test failure fixed.
+
+ I missed two cases of jumpSlowToHot in rshift -- these cases need to be
+ sure to initialize regT1 to the int tag, since it will otherwise hold
+ the top 32 bits of a double.
+
+ * jit/JIT.h:
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_lshift):
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emitRightShiftSlowCase):
+ (JSC::JIT::emit_op_bitand):
+ (JSC::JIT::emit_op_bitor):
+ (JSC::JIT::emit_op_bitxor):
+ (JSC::JIT::emit_op_bitnot):
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitStoreAndMapInt32):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed Windows build fix after 95318.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-16 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r95310
+
+ * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added include\private\JavaScriptCore to the
+ include path so DFGIntrinsic.h can be found.
+
+2011-09-16 Gavin Barraclough <barraclough@apple.com>
+
+ Rationalize JSObject::putDirect* methods
+ https://bugs.webkit.org/show_bug.cgi?id=68274
+
+ Reviewed by Sam Weinig.
+
+ Delete the *Function variants. These are overall inefficient,
+ in the way they get the name back from the function rather
+ than just passing it in.
+
+ * JavaScriptCore.exp:
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject::addFunction):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::addFunctionProperties):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::putWithAttributes):
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirect):
+ (JSC::JSObject::putDirectWithoutTransition):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::lookupPut):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for Windows.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for non-DFG builds.
+
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::finishCreation):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should inline Math.abs
+ https://bugs.webkit.org/show_bug.cgi?id=68227
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ability to track intrinsic functions throughout the
+ host function infrastructure, so that the DFG can easily query
+ whether or not a call's target is intrinsic, and if so, which
+ intrinsic it is.
+
+ On top of this, it adds Math.abs intrinsics to DFG. Call(Math.abs)
+ is transformed into ValueToNumber<-ArithAbs nodes. These nodes
+ then get optimized using the usual tricks.
+
+ Also had to make a completely unrelated change to
+ DateInstanceCache.h in order to fix a preexisting alphabetical
+ sorting problem in JSGlobalData.h
+
+ This results in a big win in imaging-gaussian-blur: 61% faster
+ than before. The net win on Kraken is around 13%.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::isFunctionConstant):
+ (JSC::DFG::Graph::valueOfFunctionConstant):
+ * dfg/DFGIntrinsic.h: Added.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::isFunctionConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfFunctionConstant):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isFunctionConstant):
+ (JSC::DFG::JITCompiler::valueOfFunctionConstant):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * runtime/DateInstanceCache.h:
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::intrinsic):
+ (JSC::NativeExecutable::intrinsic):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ * runtime/Lookup.cpp:
+ (JSC::HashTable::createTable):
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::HashEntry::initialize):
+ (JSC::HashEntry::intrinsic):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences
+ using Domino's online ordering
+ https://bugs.webkit.org/show_bug.cgi?id=68220
+
+ Reviewed by Oliver Hunt.
+
+ Weak handle processing can result in new objects being marked, which
+ results in new WeakReferencesHarvesters being added. But weak
+ reference harvesters are only processed before weak handle processing,
+ so there's the risk that a weak reference harvester will persist
+ until the next collection, by which time it may have been deleted.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+
+2011-09-16 Csaba Osztrogonác <ossy@webkit.org>
+
+ REGRESSION(r95201): It made two tests fail
+ https://bugs.webkit.org/show_bug.cgi?id=68230
+
+ Unreviewed rolling out r95201.
+
+ * jit/JIT.h:
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_lshift):
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emit_op_bitand):
+ (JSC::JIT::emit_op_bitor):
+ (JSC::JIT::emit_op_bitxor):
+ (JSC::JIT::emit_op_bitnot):
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec):
+ * jit/JITInlineMethods.h:
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize method_check
+ https://bugs.webkit.org/show_bug.cgi?id=68215
+
+ Reviewed by Oliver Hunt.
+
+ MethodCallLinkInfo and StructureStubInfo are now searchable by
+ bytecodeIndex, so that DFG::ByteCodeParser can use that information
+ to determine how to optimize GetMethod.
+
+ A new node op has been added to DFG: CheckMethod. This is a variant
+ of GetMethod that has been optimized for the case that GetMethod
+ always takes the fast path. CheckMethod results in only a very
+ small amount of code (two loads and two branches in the worst case,
+ one load and one branch in the best case). CheckMethod behaves as
+ if it were a constant.
+
+ Introduced the notion that a DFG node that is not JSConstant
+ behaves as a constant. CheckMethod uses this functionality.
+
+ This is a 3% speed-up on Kraken, and a small speed-up on V8.
+ Appears to be neutral on SunSpider.
+
+ * bytecode/CodeBlock.h:
+ (JSC::getStructureStubInfoBytecodeIndex):
+ (JSC::getMethodCallLinkInfoBytecodeIndex):
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionFromCell):
+ (JSC::predictionFromValue):
+ * bytecode/PredictedType.h:
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordGetMethod):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::getMethodCheckPrediction):
+ (JSC::DFG::Graph::getPrediction):
+ (JSC::DFG::Graph::isConstant):
+ (JSC::DFG::Graph::isJSConstant):
+ (JSC::DFG::Graph::valueOfJSConstant):
+ (JSC::DFG::Graph::valueOfInt32Constant):
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ (JSC::DFG::Graph::valueOfJSConstantNode):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasConstant):
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::hasMethodCheckData):
+ (JSC::DFG::Node::methodCheckDataIndex):
+ (JSC::DFG::Node::valueOfJSConstant):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
+ (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::structureAddress):
+
+2011-09-15 Adam Barth <abarth@webkit.org>
+
+ Rename ENABLE(DATABASE) to ENABLE(SQL_DATABASE)
+ https://bugs.webkit.org/show_bug.cgi?id=68205
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-09-15 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (7/7)
+ https://bugs.webkit.org/show_bug.cgi?id=68122
+
+ Reviewed by Geoffrey Garen.
+
+ Completed the seventh and final level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ JSCallbackObject was missed in previous patches due to the fact that
+ it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so
+ this is just a bit of retroactive cleanup.
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::create):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ The DFG non-speculative JIT is no longer used and should be removed.
+ https://bugs.webkit.org/show_bug.cgi?id=68177
+
+ Reviewed by Geoffrey Garen.
+
+ This removes the non-speculative JIT and everything that relied on it,
+ including the ability to turn on DFG but not tiered compilation the,
+ ability to perform speculation failure into non-speculative JIT code,
+ and the ability to statically terminate speculation.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitLoopHint):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getStrongPrediction):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGenerationInfo.h:
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp: Removed.
+ * dfg/DFGNonSpeculativeJIT.h: Removed.
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGPropagator.cpp:
+ * dfg/DFGPropagator.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::osrExits):
+ (JSC::DFG::SpeculativeJIT::speculationRecovery):
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITCode.h:
+ (JSC::JITCode::bottomTierJIT):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * wtf/Platform.h:
+
+2011-09-15 Eric Seidel <eric@webkit.org>
+
+ Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default
+ https://bugs.webkit.org/show_bug.cgi?id=68182
+
+ Reviewed by Adam Barth.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT sometimes asserts that a value is not a number
+ even when it doesn't know anything about the number
+ https://bugs.webkit.org/show_bug.cgi?id=68189
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::isUnknownJS):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ All of the functionality in the non-speculative JIT should be
+ available to the speculative JIT via helper methods
+ https://bugs.webkit.org/show_bug.cgi?id=68186
+
+ Reviewed by Oliver Hunt.
+
+ Stole all of the goodness from NonSpeculativeJIT and placed it
+ in JITCodeGenerator. Left all of the badness (i.e. subtle code
+ duplication with SpeculativeJIT, etc). This is in preparation
+ for removing the NonSpeculativeJIT entirely, but having its
+ goodness available for reuse in the SpeculativeJIT if necessary.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeAdd):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+
+2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95167.
+ http://trac.webkit.org/changeset/95167
+ https://bugs.webkit.org/show_bug.cgi?id=68191
+
+ Patch needs further work. (Requested by mhahnenberg on
+ #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toBoolean):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toBoolean):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::toBoolean):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::toBoolean):
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for platforms that expect a linkable symbol
+ for primitive static const's.
+
+ * bytecode/CodeBlock.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for assertion on existence of alternative
+ CodeBlock.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Value profiles collect no information for global variables
+ https://bugs.webkit.org/show_bug.cgi?id=68143
+
+ Reviewed by Geoffrey Garen.
+
+ 17% speed-up on string-fasta. Neutral elsewhere.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getStrongPrediction):
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_global_var):
+
+2011-09-15 Eric Seidel <eric@webkit.org>
+
+ Remove ENABLE_SVG_ANIMATION as all major ports have it on by default
+ https://bugs.webkit.org/show_bug.cgi?id=68022
+
+ Reviewed by Ryosuke Niwa.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-15 Gavin Barraclough <barraclough@apple.com>
+
+ Ooops, revert accidentally commited unreviewed changes.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jtrue):
+ * jit/JSInterfaceJIT.h:
+ * runtime/JSValue.h:
+
+2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95163.
+ http://trac.webkit.org/changeset/95163
+ https://bugs.webkit.org/show_bug.cgi?id=68180
+
+ [Qt] The QT_GCC_X variables were removed in Qt5 by accident.
+ (Requested by darktears on #webkit).
+
+ * JavaScriptCore.pro:
+
+2011-09-15 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix p1.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jtrue):
+ * jit/JSInterfaceJIT.h:
+ * runtime/JSValue.h:
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Tiered compilation should be enabled by default on platforms
+ that support the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68136
+
+ Reviewed by Sam Weinig.
+
+ Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on
+ Kraken. Large progressions on some benchmarks, including
+ 3x on imaging-desaturate.
+
+ * wtf/Platform.h:
+
+2011-09-15 Gavin Barraclough <barraclough@apple.com>
+
+ devirtualize preventExtensions
+ https://bugs.webkit.org/show_bug.cgi?id=68176
+
+ Reviewed by Oliver Hunt.
+
+ This is virtual due to problems in JSFunction putting the prototype
+ property, but we can fix this problem a different way, just setting
+ the checkReadOnly flag to false in the put.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSFunction.h:
+ * runtime/JSObject.h:
+
+2011-09-15 Geoffrey Garen <ggaren@apple.com>
+
+ Value chaining for JSValue32_64 bitops.
+
+ Reviewed by Sam Weinig.
+
+ SunSpider says 2.3% faster, v8 ~1% faster (mostly due to crypto).
+
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitStoreAndMapInt32): New int32 helper function for stores
+ that can chain their results, which is the common case.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_lshift):
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emit_op_bitand):
+ (JSC::JIT::emit_op_bitor):
+ (JSC::JIT::emit_op_bitxor):
+ (JSC::JIT::emit_op_bitnot):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec): Deployed new function.
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec): Had to reorder these functions so they
+ computed their result values last, to make them elligible for chaining.
+
+2011-09-15 Adam Roben <aroben@apple.com>
+
+ Clang build fix after r95172
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
+ Added parentheses to make precendence clear.
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does not speculate aggressively enough on comparisons
+ https://bugs.webkit.org/show_bug.cgi?id=68138
+
+ Reviewed by Oliver Hunt.
+
+ This is a 75% speed-up on Kraken/ai-astar. It's a 1% win on
+ V8 and an 8.5% win on Kraken. Neutral on SunSpider.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not leverage integer speculations on branches
+ https://bugs.webkit.org/show_bug.cgi?id=68140
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isStrictInt32):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-14 Gavin Barraclough <barraclough@apple.com>
+
+ [n]stricteq code is bogus in JSValue32_64 JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68141
+
+ Reviewed by Sam Weinig.
+
+ The code tries to check for both ints or cells, but this check also
+ catches cases where values that are undefined, null, etc (probably
+ was incorrectly assuming cell was the 2nd highest tag?).
+
+ Also, there is no need not to handle int on the fast path.
+ stricteq is just a case of comparing the payloads, if we:
+ * handle cases of differing tags on a slow path
+ * handle doubles a slow path
+ * handle both-are-string on a slow path
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emitSlow_op_stricteq):
+ (JSC::JIT::emitSlow_op_nstricteq):
+
+2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Make JSCell::toBoolean non-virtual
+ https://bugs.webkit.org/show_bug.cgi?id=67727
+
+ Reviewed by Sam Weinig.
+
+ JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
+ before it was simply virtual and would crash if its implementation was called).
+ Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
+ explicitly covers all cases of toBoolean, so having a virtual implementation of
+ JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ (JSC::JSCell::toBoolean):
+ (JSC::JSValue::toBoolean):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+
+2011-09-14 Alexis Menard <alexis.menard@openbossa.org>
+
+ [Qt] Replace QT_GCC_X as they don't exist in Qt5 anymore.
+ https://bugs.webkit.org/show_bug.cgi?id=68114
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ Use the new GCC_X variables defined in WebKit.pri to replace
+ the usage of QT_GCC_X.
+
+ * JavaScriptCore.pro:
+
+2011-09-14 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95145.
+ http://trac.webkit.org/changeset/95145
+ https://bugs.webkit.org/show_bug.cgi?id=68139
+
+ The GTK+ build is working now, so revert this trial build fix.
+ (Requested by mrobinson on #webkit).
+
+ * GNUmakefile.list.am:
+
+2011-09-14 Patrick Gansterer <paroga@webkit.org>
+
+ Port MachineStackMarker to Windows ARM and MIPS
+ https://bugs.webkit.org/show_bug.cgi?id=68068
+
+ Reviewed by Geoffrey Garen.
+
+ Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS).
+ Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for
+ CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for
+ CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS).
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::getPlatformThreadRegisters):
+ (JSC::otherThreadStackPointer):
+
+2011-09-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT always speculates that ValueAdd is a numeric addition
+ https://bugs.webkit.org/show_bug.cgi?id=67956
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Stop building BinarySemaphore to see if that's what's breaking the GTK+ build.
+
+ * GNUmakefile.list.am:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ This is getting old. Yet another build fix attempt.
+
+ * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Yet another build fix attempt.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ How I &quot;love&quot; Visual Studio...
+
+ Try to fix build again.
+
+ * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Try to fix Windows build.
+
+ * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Add BinarySemaphore class from WebKit2 to WTF
+ https://bugs.webkit.org/show_bug.cgi?id=68132
+
+ Reviewed by Sam Weinig.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ Update build systems.
+
+ * wtf/threads: Added.
+ * wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp.
+ * wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h.
+ * wtf/threads/win: Added.
+ * wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp.
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for Interpreter.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Add wtf/threads and wtf/threads/win, so we can be sure that the EWS
+ bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132
+
+ Rubber-stamped by Sam Weinig.
+
+ * wtf/threads: Added.
+ * wtf/threads/win: Added.
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should not speculate integer if the value is always going to be
+ used as a double anyway
+ https://bugs.webkit.org/show_bug.cgi?id=68127
+
+ Reviewed by Oliver Hunt.
+
+ Added a ValueToDouble node, which is a variant of ValueToNumber that
+ hints that it will only be used as a double and never as an integer.
+ Thus, it turns off integer speculation even if the value profiler
+ told us that the value source is an int. The logic for converting a
+ ValueToNumber into a ValueToDouble is found in Propagator.
+
+ This appears to be a 22% speed-up in imaging-darkroom.
+
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::toDouble):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::fixup):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Tiered compilation heuristics do not account for value profile fullness
+ https://bugs.webkit.org/show_bug.cgi?id=68116
+
+ Reviewed by Oliver Hunt.
+
+ Tiered compilation avoids invoking the DFG JIT if it finds that value
+ profiles contain insufficient information. Instead, it produces a
+ prediction from the current value profile, and then clears the value
+ profile. This allows the value profile to heat up from scratch for
+ some number of additional executions. The new profiles will then be
+ merged with the previous prediction. Once the amount of information
+ in predictions is enough according to heuristics in CodeBlock.cpp,
+ DFG optimization is allowed to proceed.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::visitWeakReferences):
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ * bytecode/ValueProfile.cpp: Added.
+ (JSC::ValueProfile::computeStatistics):
+ (JSC::ValueProfile::computeUpdatedPrediction):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::ValueProfile::classInfo):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::totalNumberOfSamples):
+ (JSC::ValueProfile::isLive):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfBooleans):
+ (JSC::ValueProfile::dump):
+ (JSC::getValueProfileBytecodeOffset):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not speculate that the child of LogicalNot is a boolean if
+ predictions tell us otherwise
+ https://bugs.webkit.org/show_bug.cgi?id=68118
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix. Turn off tiered compilation.
+
+ * wtf/Platform.h:
+
+2011-09-13 Filip Pizlo <fpizlo@apple.com>
+
+ Prediction tracking is not precise enough
+ https://bugs.webkit.org/show_bug.cgi?id=67993
+
+ Reviewed by Oliver Hunt.
+
+ Added a richer set of type predictions, including JSFinalObject, JSString,
+ object that is not a JSFinalObject or JSArray (ObjectOther), some object
+ but we don't or care know what kind (SomeObject), definitely an object,
+ cell that is not an object or JSString, an value that is none of the above
+ (so either Undefined or Null). Made the propagator and value profiler work
+ with the new types.
+
+ Performance is neutral, because the DFG JIT does not take advantage of this
+ new knowledge yet.
+
+ In the process of writing predictionToString() (which is now considerably
+ more complex) I decided to finally add a BoundsCheckedPointer, which
+ should come in handy in other places, like at least the OSR scratch buffer
+ and the CompactJITCodeMap. It's great for cases where you want to
+ do pointer arithmetic, you want to have assertions about the
+ pointer not going out of bounds, but you don't want to write those
+ assertions yourself.
+
+ This also required refactoring inherits(), since the ValueProfiler may
+ want to do the equivalent of inherits() but given two ClassInfo's.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/PredictedType.cpp: Added.
+ (JSC::predictionToString):
+ (JSC::makePrediction):
+ (JSC::predictionFromValue):
+ * bytecode/PredictedType.h:
+ (JSC::isCellPrediction):
+ (JSC::isObjectPrediction):
+ (JSC::isFinalObjectPrediction):
+ (JSC::isStringPrediction):
+ (JSC::mergePredictions):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::numberOfObjects):
+ (JSC::ValueProfile::numberOfFinalObjects):
+ (JSC::ValueProfile::numberOfStrings):
+ (JSC::ValueProfile::probabilityOfObject):
+ (JSC::ValueProfile::probabilityOfFinalObject):
+ (JSC::ValueProfile::probabilityOfString):
+ (JSC::ValueProfile::dump):
+ (JSC::ValueProfile::Statistics::Statistics):
+ (JSC::ValueProfile::computeStatistics):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::predict):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ * runtime/ClassInfo.h:
+ (JSC::ClassInfo::isSubClassOf):
+ * runtime/JSObject.h:
+ (JSC::JSCell::inherits):
+ * wtf/BoundsCheckedPointer.h: Added.
+ (WTF::BoundsCheckedPointer::BoundsCheckedPointer):
+ (WTF::BoundsCheckedPointer::operator=):
+ (WTF::BoundsCheckedPointer::operator+=):
+ (WTF::BoundsCheckedPointer::operator-=):
+ (WTF::BoundsCheckedPointer::operator+):
+ (WTF::BoundsCheckedPointer::operator-):
+ (WTF::BoundsCheckedPointer::operator++):
+ (WTF::BoundsCheckedPointer::operator--):
+ (WTF::BoundsCheckedPointer::operator<):
+ (WTF::BoundsCheckedPointer::operator<=):
+ (WTF::BoundsCheckedPointer::operator>):
+ (WTF::BoundsCheckedPointer::operator>=):
+ (WTF::BoundsCheckedPointer::operator==):
+ (WTF::BoundsCheckedPointer::operator!=):
+ (WTF::BoundsCheckedPointer::operator!):
+ (WTF::BoundsCheckedPointer::get):
+ (WTF::BoundsCheckedPointer::operator*):
+ (WTF::BoundsCheckedPointer::operator[]):
+ (WTF::BoundsCheckedPointer::strcat):
+ (WTF::BoundsCheckedPointer::validate):
+ * wtf/CMakeLists.txt:
+
+2011-09-14 Csaba Osztrogonác <ossy@webkit.org>
+
+ [Qt] Win32 builds with threads turned off
+ https://bugs.webkit.org/show_bug.cgi?id=67864
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.pri: Link pthread library on Windows platform.
+ * wtf/Platform.h: Enable multiple threads.
+
+2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (6/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67692
+
+ Reviewed by Geoffrey Garen.
+
+ Completed the sixth level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the fifth level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::JSCallbackFunction):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::create):
+ * jsc.cpp:
+ (GlobalObject::create):
+ (GlobalObject::GlobalObject):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ * runtime/BooleanConstructor.h:
+ (JSC::BooleanConstructor::create):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::create):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::create):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::create):
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ (JSC::StrictModeTypeErrorFunction::create):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::create):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ * runtime/FunctionConstructor.h:
+ (JSC::FunctionConstructor::create):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::create):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::finishCreation):
+ * runtime/NativeErrorPrototype.h:
+ (JSC::NativeErrorPrototype::create):
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::create):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::create):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::create):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::create):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+
+2011-09-13 Eric Seidel <eric@webkit.org>
+
+ Remove ENABLE_SVG_USE as <use> is required by HTML5
+ https://bugs.webkit.org/show_bug.cgi?id=68019
+
+ Reviewed by Ryosuke Niwa.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-14 Iain Merrick <husky@google.com>
+
+ HashTraits.h should include template specialization for WTF::String
+ https://bugs.webkit.org/show_bug.cgi?id=67851
+
+ Ensure that the template specialization for HashTraits<String> is always
+ picked up. (Previously it was possible to include HashSet and String but
+ not the correct HashTraits, so you would get an inefficient template
+ instantiation.)
+
+ Reviewed by Darin Adler.
+
+ * wtf/HashTraits.h:
+ * wtf/text/StringHash.h:
+
+2011-09-13 Filip Pizlo <fpizlo@apple.com>
+
+ SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should
+ return false if either node can be double
+ https://bugs.webkit.org/show_bug.cgi?id=67985
+
+ Reviewed by Geoffrey Garen.
+
+ This is a 17% speed-up on 3d-cube.
+
+ This required allowing us to check if a constant is double but not
+ integer, and making the shouldSpeculateInteger() check test for
+ any hints of doubly-ness in its operands. This also required
+ changing some terminology: previously "isDouble" often meant
+ "isDouble or isInt32". Now "isDouble" means exactly what the name
+ suggests, and "isNumber" means "isDouble or isInt32".
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toNumber):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::isJSFormat):
+ (JSC::DFG::isJSInteger):
+ (JSC::DFG::isJSDouble):
+ (JSC::DFG::isJSCell):
+ (JSC::DFG::isJSBoolean):
+ (JSC::DFG::GenerationInfo::isJSFormat):
+ (JSC::DFG::GenerationInfo::isJSInteger):
+ (JSC::DFG::GenerationInfo::isJSDouble):
+ (JSC::DFG::GenerationInfo::isJSCell):
+ (JSC::DFG::GenerationInfo::isJSBoolean):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::isNumberConstant):
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::isKnownInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNumeric):
+ (JSC::DFG::JITCodeGenerator::isKnownCell):
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownBoolean):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::isNumberConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfNumberConstant):
+ (JSC::DFG::JITCodeGenerator::initConstantInfo):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillToJS):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isNumberConstant):
+ (JSC::DFG::JITCompiler::valueOfNumberConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::isDoubleConstant):
+ (JSC::DFG::Node::isNumberConstant):
+ (JSC::DFG::Node::valueOfNumberConstant):
+ (JSC::DFG::Node::hasNumberResult):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+
+2011-09-13 Anders Carlsson <andersca@apple.com>
+
+ Disable C++ exceptions when building with clang
+ https://bugs.webkit.org/show_bug.cgi?id=68031
+ <rdar://problem/9556880>
+
+ Reviewed by Mark Rowe.
+
+ * Configurations/Base.xcconfig:
+
+2011-09-13 Eric Seidel <eric@webkit.org>
+
+ Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5
+ https://bugs.webkit.org/show_bug.cgi?id=68018
+
+ Reviewed by Ryosuke Niwa.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-13 Sam Weinig <sam@webkit.org>
+
+ Object.getPrototypeOf should use JSValue::get()
+ https://bugs.webkit.org/show_bug.cgi?id=67973
+
+ Reviewed by Darin Adler.
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetPrototypeOf):
+ Pipe through JSValue::get() to allow overrides.
+
+2011-09-12 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore does not have baseline->speculative OSR
+ https://bugs.webkit.org/show_bug.cgi?id=67920
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ability to on-stack-replace (OSR) from code that is
+ running hot in the old JIT to code compiled by the new JIT. This
+ ensures that long-running loops benefit from DFG optimization.
+ It also ensures that if code experiences a speculation failure
+ in DFG code, it has an opportunity to reenter the DFG once every
+ 1,000 loop iterations or so.
+
+ This results in a 2.88x speed-up on Kraken/imaging-desaturate,
+ and is a pure win on the main three benchmark suites (SunSpider,
+ V8, Kraken), when tiered compilation is enabled.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::ProgramCodeBlock::compileOptimized):
+ (JSC::EvalCodeBlock::compileOptimized):
+ (JSC::FunctionCodeBlock::compileOptimized):
+ * bytecode/CodeBlock.h:
+ * bytecode/Opcode.h:
+ * bytecode/PredictedType.h: Added.
+ (JSC::isCellPrediction):
+ (JSC::isArrayPrediction):
+ (JSC::isInt32Prediction):
+ (JSC::isDoublePrediction):
+ (JSC::isNumberPrediction):
+ (JSC::isBooleanPrediction):
+ (JSC::isStrongPrediction):
+ (JSC::predictionToString):
+ (JSC::mergePredictions):
+ (JSC::mergePrediction):
+ (JSC::makePrediction):
+ * bytecode/PredictionTracker.h: Added.
+ (JSC::operandIsArgument):
+ (JSC::PredictionSlot::PredictionSlot):
+ (JSC::PredictionTracker::PredictionTracker):
+ (JSC::PredictionTracker::initializeSimilarTo):
+ (JSC::PredictionTracker::copyLocalsFrom):
+ (JSC::PredictionTracker::numberOfArguments):
+ (JSC::PredictionTracker::numberOfVariables):
+ (JSC::PredictionTracker::argumentOffsetForOperand):
+ (JSC::PredictionTracker::predictArgument):
+ (JSC::PredictionTracker::predict):
+ (JSC::PredictionTracker::predictGlobalVar):
+ (JSC::PredictionTracker::getArgumentPrediction):
+ (JSC::PredictionTracker::getPrediction):
+ (JSC::PredictionTracker::getGlobalVarPrediction):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitLoopHint):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::DoWhileNode::emitBytecode):
+ (JSC::WhileNode::emitBytecode):
+ (JSC::ForNode::emitBytecode):
+ (JSC::ForInNode::emitBytecode):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGNode.h:
+ * dfg/DFGOSREntry.cpp: Added.
+ (JSC::DFG::predictionIsValid):
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h: Added.
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGPredictionTracker.h: Removed.
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::mergeUse):
+ (JSC::DFG::Propagator::mergePrediction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/CompactJITCodeMap.h:
+ (JSC::CompactJITCodeMap::numberOfEntries):
+ (JSC::CompactJITCodeMap::decode):
+ (JSC::CompactJITCodeMap::Decoder::Decoder):
+ (JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining):
+ (JSC::CompactJITCodeMap::Decoder::read):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ (JSC::JIT::emitTimeoutCheck):
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ (JSC::JIT::emit_op_loop_hint):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2011-09-12 Sam Weinig <sam@webkit.org>
+
+ Don't allow setting __proto__ to be a getter or setter
+ https://bugs.webkit.org/show_bug.cgi?id=67982
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ Disallow setting a getter or setter on __proto__.
+
+2011-09-12 James Robinson <jamesr@chromium.org>
+
+ Unreviewed build fix for chromium.
+
+ Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which
+ is currently only compiled in by ports that use JavaScriptCore. This code is currently unreachable in builds so
+ no change in functionality.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::CharAccess::CharAccess):
+
+2011-09-09 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore does not have speculative->baseline OSR
+ https://bugs.webkit.org/show_bug.cgi?id=67826
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ability to bail out of DFG speculative JIT execution by
+ performing an on-stack replacement (OSR) that results in the control
+ flow going to the equivalent code generated by the old JIT.
+
+ This required a number of new features, as well as taking advantage of
+ some features that happened to already be present:
+
+ We already had a policy of storing the bytecode index for which a DFG
+ node was generated inside the DFG::Node class. This was previously
+ called exceptionInfo. It's now renamed to codeOrigin to reflect that
+ it's used for more than just excpetions. OSR uses this to figure out
+ which bytecode index to use to look up the machine code location in
+ the code generated by the old JIT that we should be jumping to.
+
+ CodeBlock now stores a mapping between bytecode indices and machine
+ code offsets for code generated by the old JIT. This is implemented
+ by CompactJITCodeMap, which tries to compress this data a bit. The
+ OSR compiler decodes this and uses it to find the machine code
+ locations it should be jumping to.
+
+ We already had a mechanism that emitted SetLocal nodes in the DFG graph
+ that told us the time at which the old JIT would have stored something
+ into its register file, and the DFG::Node that corresponds to the value
+ that it would have stored. These SetLocal's were mostly dead-code-
+ eliminated, but our DCE leaves the nodes intact except for making them
+ have 0 as the ref count. This allows the OSR compiler to construct a
+ mapping between the state as it would have been seen by the old JIT
+ and the state as the DFG JIT sees it. The OSR compiler uses this to
+ generate code that reshapes the call frame so that it is like what the
+ old JIT would expect.
+
+ Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION)
+ we no longer emit the non-speculative path.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::currentCodeOrigin):
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ * dfg/DFGGPRInfo.h:
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::alive):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::CallRecord::CallRecord):
+ (JSC::DFG::JITCompiler::notifyCall):
+ (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
+ (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
+ (JSC::DFG::JITCompiler::addJSCall):
+ (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
+ * dfg/DFGNode.h:
+ (JSC::DFG::CodeOrigin::CodeOrigin):
+ (JSC::DFG::CodeOrigin::isSet):
+ (JSC::DFG::CodeOrigin::bytecodeIndex):
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::child1Unchecked):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileMovHint):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::ValueSource):
+ (JSC::DFG::ValueSource::isSet):
+ (JSC::DFG::ValueSource::nodeIndex):
+ (JSC::DFG::ValueRecovery::ValueRecovery):
+ (JSC::DFG::ValueRecovery::alreadyInRegisterFile):
+ (JSC::DFG::ValueRecovery::inGPR):
+ (JSC::DFG::ValueRecovery::inFPR):
+ (JSC::DFG::ValueRecovery::displacedInRegisterFile):
+ (JSC::DFG::ValueRecovery::constant):
+ (JSC::DFG::ValueRecovery::technique):
+ (JSC::DFG::ValueRecovery::gpr):
+ (JSC::DFG::ValueRecovery::fpr):
+ (JSC::DFG::ValueRecovery::virtualRegister):
+ (JSC::DFG::OSRExit::numberOfRecoveries):
+ (JSC::DFG::OSRExit::valueRecovery):
+ (JSC::DFG::OSRExit::isArgument):
+ (JSC::DFG::OSRExit::argumentForIndex):
+ (JSC::DFG::OSRExit::variableForIndex):
+ (JSC::DFG::OSRExit::operandForIndex):
+ (JSC::DFG::SpeculativeJIT::osrExits):
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
+ (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
+ (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * jit/CompactJITCodeMap.h: Added.
+ (JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset):
+ (JSC::BytecodeAndMachineOffset::getBytecodeIndex):
+ (JSC::BytecodeAndMachineOffset::getMachineCodeOffset):
+ (JSC::CompactJITCodeMap::~CompactJITCodeMap):
+ (JSC::CompactJITCodeMap::decode):
+ (JSC::CompactJITCodeMap::CompactJITCodeMap):
+ (JSC::CompactJITCodeMap::at):
+ (JSC::CompactJITCodeMap::decodeNumber):
+ (JSC::CompactJITCodeMap::Encoder::Encoder):
+ (JSC::CompactJITCodeMap::Encoder::~Encoder):
+ (JSC::CompactJITCodeMap::Encoder::append):
+ (JSC::CompactJITCodeMap::Encoder::finish):
+ (JSC::CompactJITCodeMap::Encoder::appendByte):
+ (JSC::CompactJITCodeMap::Encoder::encodeNumber):
+ (JSC::CompactJITCodeMap::Encoder::ensureCapacityFor):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::osrScratchBufferForSize):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::description):
+
+2011-09-12 Geoffrey Garen <ggaren@apple.com>
+
+ Re-enabled ENABLE(LAZY_BLOCK_FREEING).
+
+ Reviewed by Stephanie Lewis.
+
+ I accidentally disabled this in r94890, causing a big performance regression.
+
+ * wtf/Platform.h:
+
+2011-09-12 Michael Saboff <msaboff@apple.com>
+
+ Broken Build for ARM - lshift32() needs TrustedImm32 arg
+ https://bugs.webkit.org/show_bug.cgi?id=67965
+
+ Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1);
+
+ Reviewed by Anders Carlsson.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::branch16):
+
+2011-09-12 Michael Saboff <msaboff@apple.com>
+
+ Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h
+ https://bugs.webkit.org/show_bug.cgi?id=67961
+
+ Added missing semicolon.
+
+ Reviewed by Ryosuke Niwa.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::branch16):
+
+2011-09-12 Michael Saboff <msaboff@apple.com>
+
+ Update RegExp and related classes to use 8 bit strings when available
+ https://bugs.webkit.org/show_bug.cgi?id=67337
+
+ Modified both the Yarr interpreter and JIT to handle 8 bit subject strings.
+ The code paths are triggered by the UString::is8bit() method which currently
+ returns false. Implemented JIT changes for all current architectures.
+ Tested X86_64 and ARM v7.
+
+ This includes some code that will likely change as we complete the
+ 8 bit string changes. This includes the way the raw buffer pointers
+ are accessed as well as replacing the CharAccess class with a
+ string interator returned from UString.
+
+ Fixed build breakage in testRegExp.cpp due to globalObject construction
+ changes.
+
+ Reviewed by Gavin Barraclough.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * testRegExp.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject::GlobalObject):
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::baseIndexTransfer32):
+ * assembler/ARMAssembler.h:
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::ubfx):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load8):
+ (JSC::MacroAssemblerARM::branch8):
+ (JSC::MacroAssemblerARM::branch16):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load8):
+ (JSC::MacroAssemblerARMv7::branch16):
+ (JSC::MacroAssemblerARMv7::branch8):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load8):
+ (JSC::MacroAssemblerMIPS::branch8):
+ (JSC::MacroAssemblerMIPS::branch16):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::load8):
+ (JSC::MacroAssemblerSH4::branch8):
+ (JSC::MacroAssemblerSH4::branch16):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load8):
+ (JSC::MacroAssemblerX86Common::branch16):
+ (JSC::MacroAssemblerX86Common::branch8):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::extub):
+ (JSC::SH4Assembler::printInstr):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::cmpw_ir):
+ (JSC::X86Assembler::movzbl_mr):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::compile):
+ (JSC::RegExp::compileIfNecessary):
+ (JSC::RegExp::match):
+ (JSC::RegExp::matchCompareWithInterpreter):
+ * runtime/RegExp.h:
+ * runtime/UString.h:
+ (JSC::UString::is8Bit):
+ * yarr/Yarr.h:
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::CharAccess::CharAccess):
+ (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
+ (JSC::Yarr::Interpreter::CharAccess::operator[]):
+ (JSC::Yarr::Interpreter::InputStream::InputStream):
+ (JSC::Yarr::Interpreter::Interpreter):
+ (JSC::Yarr::interpret):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
+ (JSC::Yarr::YarrGenerator::readCharacter):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
+ (JSC::Yarr::YarrGenerator::YarrGenerator):
+ (JSC::Yarr::YarrGenerator::compile):
+ (JSC::Yarr::jitCompile):
+ (JSC::Yarr::execute):
+ * yarr/YarrJIT.h:
+ (JSC::Yarr::YarrCodeBlock::has8BitCode):
+ (JSC::Yarr::YarrCodeBlock::has16BitCode):
+ (JSC::Yarr::YarrCodeBlock::set8BitCode):
+ (JSC::Yarr::YarrCodeBlock::set16BitCode):
+ (JSC::Yarr::YarrCodeBlock::execute):
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::Parser):
+
+2011-09-12 Andras Becsi <andras.becsi@nokia.com>
+
+ [Qt] Build fails after r94920 with strict compiler
+ https://bugs.webkit.org/show_bug.cgi?id=67928
+
+ Reviewed by Csaba Osztrogonác.
+
+ * wtf/RedBlackTree.h:
+ (WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot.
+
+2011-09-12 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed build fix after r94871.
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * wtf/FastMalloc.cpp:
+ * wtf/RefCountedLeakCounter.h:
+
+2011-09-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFGNode.h has macros that indicate the enabling of a feature, but
+ they do not use the ENABLE() idiom.
+ https://bugs.webkit.org/show_bug.cgi?id=67907
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::propagateForward):
+ (JSC::DFG::Propagator::propagateBackward):
+ (JSC::DFG::propagate):
+ * dfg/DFGScoreBoard.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-09-11 Fumitoshi Ukai <ukai@chromium.org>
+
+ Unreviewed build fix for chromium/mac & clang.
+
+ Fix the macro redefinition error by r94927, because chromium set
+ ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and
+ it is not PLATFORM(QT).
+ ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror]
+ #define ENABLE_JSC_MULTIPLE_THREADS 1
+ <command line>:43:9: note: previous definition is here
+ #define ENABLE_JSC_MULTIPLE_THREADS 0
+ 1 error generated.
+
+ * wtf/Platform.h:
+
+2011-09-11 Sam Weinig <sam@webkit.org>
+
+ Remove JSCell::isPropertyNameIterator(), it is unused
+ https://bugs.webkit.org/show_bug.cgi?id=67911
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSCell.h:
+ * runtime/JSPropertyNameIterator.h:
+
+2011-09-11 Sam Weinig <sam@webkit.org>
+
+ De-virtualize JSCell::isAPIValueWrapper
+ https://bugs.webkit.org/show_bug.cgi?id=67909
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ Set the correct type on structure creation.
+
+ * runtime/JSCell.h:
+ Remove virtual keyword and default implementation.
+
+ * runtime/JSType.h:
+ Add type for APIValueWrapper. It must come after CompoundType since
+ the APIValueWrapper has children in need of marking.
+
+ * runtime/Structure.h:
+ (JSC::JSCell::isAPIValueWrapper):
+ Implement predicate using type info.
+
+2011-09-10 Sam Weinig <sam@webkit.org>
+
+ De-virtualize JSCell::isGetterSetter, type information is available for it
+ https://bugs.webkit.org/show_bug.cgi?id=67902
+
+ Reviewed by Dan Bernstein.
+
+ * runtime/GetterSetter.cpp:
+ * runtime/GetterSetter.h:
+ Remove override of isGetterSetter.
+
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ De-virtualize and remove silly base implementation.
+
+ * runtime/Structure.h:
+ (JSC::JSCell::isGetterSetter):
+ Use type info to determine getter-setter-hood.
+
+2011-09-09 Oliver Hunt <oliver@apple.com>
+
+ Remove support for anonymous storage from jsobjects
+ https://bugs.webkit.org/show_bug.cgi?id=67881
+
+ Reviewed by Sam Weinig.
+
+ Remove all use of anonymous slots, essentially a mechanical change
+ in JavaScriptCore
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::createStructure):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::createStructure):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::createStructure):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validateValue):
+ * heap/MarkStack.h:
+ * runtime/Arguments.h:
+ (JSC::Arguments::createStructure):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::createStructure):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::finishCreation):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::createStructure):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::createStructure):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::createStructure):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::createStructure):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::createStructure):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::createStructure):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::createStructure):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::finishCreation):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::createStructure):
+ * runtime/ExceptionHelpers.h:
+ (JSC::InterruptedExecutionError::createStructure):
+ (JSC::TerminatedExecutionError::createStructure):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::createStructure):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::createStructure):
+ * runtime/JSArray.h:
+ (JSC::JSArray::createStructure):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::createStructure):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::finishCreation):
+ (JSC::JSGlobalObject::createStructure):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::createStructure):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.h:
+ (JSC::JSObject::createStructure):
+ (JSC::JSNonFinalObject::createStructure):
+ (JSC::JSFinalObject::createStructure):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::createStructure):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::createStructure):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::createStructure):
+ * runtime/MathObject.h:
+ (JSC::MathObject::createStructure):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::createStructure):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::createStructure):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::finishCreation):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::createStructure):
+ * runtime/RegExp.h:
+ (JSC::RegExp::createStructure):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::createStructure):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::createStructure):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::createStructure):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::createStructure):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::createStructure):
+ * runtime/StringObject.h:
+ (JSC::StringObject::createStructure):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::createStructure):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::materializePropertyMap):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::removePropertyTransition):
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::flattenDictionaryStructure):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::get):
+ (JSC::Structure::putSpecificValue):
+ (JSC::Structure::remove):
+ (JSC::Structure::checkConsistency):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::get):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::createStructure):
+
+2011-09-11 Jarred Nicholls <jarred@sencha.com>
+
+ [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library
+ https://bugs.webkit.org/show_bug.cgi?id=67864
+
+ Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build.
+
+ Reviewed by Csaba Osztrogonác.
+
+ * wtf/Platform.h:
+
+2011-09-11 Filip Pizlo <fpizlo@apple.com>
+
+ ARM and MIPS assemblers still refer to executable pools.
+ https://bugs.webkit.org/show_bug.cgi?id=67903
+
+ Reviewed by Csaba Osztrogonác.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::executableCopy):
+
+2011-09-08 Filip Pizlo <fpizlo@apple.com>
+
+ The executable allocator makes it difficult to free individual
+ chunks of executable memory
+ https://bugs.webkit.org/show_bug.cgi?id=66363
+
+ Reviewed by Oliver Hunt.
+
+ Introduced a best-fit, balanced-tree based allocator. The allocator
+ required a balanced tree that does not allocate memory and that
+ permits the removal of individual nodes directly (as opposed to by
+ key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
+ Changed all references to executable code to use a reference counted
+ handle.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::executableCopy):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::finalizeCode):
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
+ (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
+ (JSC::MacroAssemblerCodeRef::executableMemory):
+ (JSC::MacroAssemblerCodeRef::code):
+ (JSC::MacroAssemblerCodeRef::size):
+ (JSC::MacroAssemblerCodeRef::operator!):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::executableCopy):
+ (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
+ * bytecode/CodeBlock.h:
+ * bytecode/Instruction.h:
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::tryBuildGetByIDProtoList):
+ (JSC::DFG::tryCachePutByID):
+ * jit/ExecutableAllocator.cpp:
+ (JSC::ExecutableAllocator::initializeAllocator):
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutableAllocator::allocate):
+ (JSC::ExecutableAllocator::committedByteCount):
+ (JSC::ExecutableAllocator::dumpProfile):
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::dumpProfile):
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::ExecutableAllocator::initializeAllocator):
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutableAllocator::isValid):
+ (JSC::ExecutableAllocator::underMemoryPressure):
+ (JSC::ExecutableAllocator::allocate):
+ (JSC::ExecutableAllocator::committedByteCount):
+ (JSC::ExecutableAllocator::dumpProfile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::compileCTIMachineTrampolines):
+ (JSC::JIT::compileCTINativeCall):
+ * jit/JITCode.h:
+ (JSC::JITCode::operator !):
+ (JSC::JITCode::addressForCall):
+ (JSC::JITCode::offsetOf):
+ (JSC::JITCode::execute):
+ (JSC::JITCode::start):
+ (JSC::JITCode::size):
+ (JSC::JITCode::getExecutableMemory):
+ (JSC::JITCode::HostFunction):
+ (JSC::JITCode::JITCode):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::JITThunks::ctiStub):
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
+ (JSC::SpecializedThunkJIT::finalize):
+ * jit/ThunkGenerators.cpp:
+ (JSC::charCodeAtThunkGenerator):
+ (JSC::charAtThunkGenerator):
+ (JSC::fromCharCodeThunkGenerator):
+ (JSC::sqrtThunkGenerator):
+ (JSC::floorThunkGenerator):
+ (JSC::ceilThunkGenerator):
+ (JSC::roundThunkGenerator):
+ (JSC::expThunkGenerator):
+ (JSC::logThunkGenerator):
+ (JSC::absThunkGenerator):
+ (JSC::powThunkGenerator):
+ * jit/ThunkGenerators.h:
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::dumpSampleData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::getCTIStub):
+ * wtf/CMakeLists.txt:
+ * wtf/MetaAllocator.cpp: Added.
+ (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
+ (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
+ (WTF::MetaAllocatorHandle::shrink):
+ (WTF::MetaAllocator::MetaAllocator):
+ (WTF::MetaAllocator::allocate):
+ (WTF::MetaAllocator::currentStatistics):
+ (WTF::MetaAllocator::findAndRemoveFreeSpace):
+ (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
+ (WTF::MetaAllocator::addFreshFreeSpace):
+ (WTF::MetaAllocator::debugFreeSpaceSize):
+ (WTF::MetaAllocator::addFreeSpace):
+ (WTF::MetaAllocator::incrementPageOccupancy):
+ (WTF::MetaAllocator::decrementPageOccupancy):
+ (WTF::MetaAllocator::roundUp):
+ (WTF::MetaAllocator::allocFreeSpaceNode):
+ (WTF::MetaAllocator::freeFreeSpaceNode):
+ (WTF::MetaAllocator::dumpProfile):
+ * wtf/MetaAllocator.h: Added.
+ (WTF::MetaAllocator::bytesAllocated):
+ (WTF::MetaAllocator::bytesReserved):
+ (WTF::MetaAllocator::bytesCommitted):
+ (WTF::MetaAllocator::dumpProfile):
+ (WTF::MetaAllocator::~MetaAllocator):
+ * wtf/MetaAllocatorHandle.h: Added.
+ * wtf/RedBlackTree.h: Added.
+ (WTF::RedBlackTree::Node::Node):
+ (WTF::RedBlackTree::Node::successor):
+ (WTF::RedBlackTree::Node::predecessor):
+ (WTF::RedBlackTree::Node::reset):
+ (WTF::RedBlackTree::Node::parent):
+ (WTF::RedBlackTree::Node::setParent):
+ (WTF::RedBlackTree::Node::left):
+ (WTF::RedBlackTree::Node::setLeft):
+ (WTF::RedBlackTree::Node::right):
+ (WTF::RedBlackTree::Node::setRight):
+ (WTF::RedBlackTree::Node::color):
+ (WTF::RedBlackTree::Node::setColor):
+ (WTF::RedBlackTree::RedBlackTree):
+ (WTF::RedBlackTree::insert):
+ (WTF::RedBlackTree::remove):
+ (WTF::RedBlackTree::findExact):
+ (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
+ (WTF::RedBlackTree::findGreatestLessThanOrEqual):
+ (WTF::RedBlackTree::first):
+ (WTF::RedBlackTree::last):
+ (WTF::RedBlackTree::size):
+ (WTF::RedBlackTree::isEmpty):
+ (WTF::RedBlackTree::treeMinimum):
+ (WTF::RedBlackTree::treeMaximum):
+ (WTF::RedBlackTree::treeInsert):
+ (WTF::RedBlackTree::leftRotate):
+ (WTF::RedBlackTree::rightRotate):
+ (WTF::RedBlackTree::removeFixup):
+ * wtf/wtf.pri:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+ * yarr/YarrJIT.h:
+ (JSC::Yarr::YarrCodeBlock::execute):
+ (JSC::Yarr::YarrCodeBlock::getAddr):
+
+2011-09-10 Sam Weinig <sam@webkit.org>
+
+ Remove JSC::isZombie() function, it did nothing and was called by no-one.
+ https://bugs.webkit.org/show_bug.cgi?id=67901
+
+ Reviewed by Andy Estes.
+
+ * JavaScriptCore.exp:
+ * runtime/JSCell.cpp:
+ * runtime/JSValue.h:
+
+2011-09-10 Sam Weinig <sam@webkit.org>
+
+ Add isInterruptedExecutionException and isTerminatedExecutionException predicates
+ https://bugs.webkit.org/show_bug.cgi?id=67892
+
+ Reviewed by Andy "First Time Reviewer" Estes.
+
+ * JavaScriptCore.exp:
+ Add symbols.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ Use new predicates.
+
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::createInterruptedExecutionException):
+ (JSC::isInterruptedExecutionException):
+ (JSC::createTerminatedExecutionException):
+ (JSC::isTerminatedExecutionException):
+ * runtime/ExceptionHelpers.h:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ Add predicates.
+
+2011-09-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT completely undoes speculative compilation even in the case of
+ a partial static speculation failure
+ https://bugs.webkit.org/show_bug.cgi?id=67798
+
+ Reviewed by Geoffrey Garen.
+
+ This is a regression with static speculation, so it is turned off by
+ default. But it is a necessary prerequisite for further work on
+ dynamic speculation.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+
+2011-09-09 Chris Marrin <cmarrin@apple.com>
+
+ requestAnimationFrame doesn't throttle on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=67171
+
+ Reviewed by Simon Fraser.
+
+ Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run
+ requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController.
+ Currently only enabled for PLATFORM(MAC)
+
+ * wtf/Platform.h:
+
+2011-09-09 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Removed ENABLE(SINGLE_THREADED) support, since it is always false
+ https://bugs.webkit.org/show_bug.cgi?id=67862
+
+ Next step toward making the baseline platform assumption that threads exist.
+
+ * wtf/wtf.pri:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to
+ ThreadingNone.cpp, which was only compiled in single-threaded mode.
+
+ * wtf/Platform.h:
+ * wtf/ThreadSpecific.h:
+ (WTF::::destroy):
+ * wtf/qt/ThreadingQt.cpp: Removed now-dead code.
+
+ * wtf/ThreadingNone.cpp: Removed.
+
+2011-09-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (5/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67420
+
+ Reviewed by Geoffrey Garen.
+
+ Completed the fifth level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the second level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::JSCallbackFunction):
+ (JSC::JSCallbackFunction::finishCreation):
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+ (JSC::::finishCreation):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject::GlobalObject):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::ArrayConstructor::finishCreation):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ (JSC::BooleanConstructor::finishCreation):
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ (JSC::BooleanPrototype::finishCreation):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ (JSC::DateConstructor::finishCreation):
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ (JSC::DatePrototype::finishCreation):
+ * runtime/DatePrototype.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ (JSC::ErrorConstructor::finishCreation):
+ * runtime/ErrorConstructor.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ (JSC::FunctionConstructor::finishCreation):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ (JSC::FunctionPrototype::finishCreation):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ (JSC::JSGlobalObject::JSGlobalObject):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::finishCreation):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::finishCreation):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ (JSC::NumberConstructor::finishCreation):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ (JSC::NumberPrototype::finishCreation):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ (JSC::ObjectConstructor::finishCreation):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpConstructor::finishCreation):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ (JSC::StringConstructor::finishCreation):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ (JSC::StringPrototype::finishCreation):
+ * runtime/StringPrototype.h:
+
+2011-09-09 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Guard against double-#define for something already #defined
+ by the build system.
+
+ * wtf/Platform.h:
+
+2011-09-09 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or
+ !ENABLE_WTF_MULTIPLE_THREADS
+ https://bugs.webkit.org/show_bug.cgi?id=67860
+
+ First step toward making the baseline platform assumption that threads
+ exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS,
+ or !ENABLE_WTF_MULTIPLE_THREADS.
+
+ * wtf/Platform.h:
+
+2011-09-09 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ [Qt] Remove common.pri
+ https://bugs.webkit.org/show_bug.cgi?id=67814
+
+ Reviewed by Andreas Kling.
+
+ * JavaScriptCore.pri:
+
+2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ REGRESSION(r94811): Assertion failure in 2 worker tests
+ https://bugs.webkit.org/show_bug.cgi?id=67829
+
+ Reviewed by Sam Weinig.
+
+ Fixing a couple tests that were broken due to the wrong values being
+ set in the parent class pointers in the ClassInfo structs for
+ TerminatedExecutionError and InterruptedExecutionError.
+
+ * runtime/ExceptionHelpers.cpp:
+
+2011-09-08 Oliver Hunt <oliver@apple.com>
+
+ Use bump allocator for initial property storage
+ https://bugs.webkit.org/show_bug.cgi?id=67494
+
+ Reviewed by Geoffrey Garen.
+
+ Use a bump allocator for initial allocation of property storage,
+ and promote to fastMalloc memory only if it survives a GC pass.
+
+ Comes out as a 1% win on v8, and is a useful step on the way to
+ GC allocation of all property storage.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (JSC::Heap::allocatePropertyStorage):
+ (JSC::Heap::inPropertyStorageNursery):
+ * heap/MarkedBlock.h:
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::NewSpace):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::resetPropertyStorageNursery):
+ (JSC::NewSpace::allocatePropertyStorage):
+ (JSC::NewSpace::inPropertyStorageNursery):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::isUsingInlineStorage):
+ (JSC::JSObject::JSObject):
+ (JSC::JSObject::propertyStorage):
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::putDirectFunctionWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::visitChildrenDirect):
+ * runtime/StorageBarrier.h: Added.
+ (JSC::StorageBarrier::StorageBarrier):
+ (JSC::StorageBarrier::set):
+ (JSC::StorageBarrier::operator->):
+ (JSC::StorageBarrier::operator*):
+ (JSC::StorageBarrier::operator[]):
+ (JSC::StorageBarrier::get):
+
+2011-09-08 Sam Weinig <sam@webkit.org>
+
+ Remove the Completion object from JSC, I have never liked it
+ https://bugs.webkit.org/show_bug.cgi?id=67755
+
+ Reviewed by Gavin Barraclough.
+
+ - Removes the Completion object and replaces its use with out parameter exceptions.
+ - Remove ComplType and virtual exceptionType() function on JSObject. Replace with
+ ClassInfo for InterruptedExecutionError and TerminatedExecutionError.
+
+ * API/JSBase.cpp:
+ (JSEvaluateScript):
+ (JSCheckScriptSyntax):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ * jsc.cpp:
+ (functionLoad):
+ (functionCheckSyntax):
+ (runWithScripts):
+ (runInteractive):
+ * runtime/Completion.cpp:
+ (JSC::checkSyntax):
+ (JSC::evaluate):
+ * runtime/Completion.h:
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::toString):
+ (JSC::TerminatedExecutionError::toString):
+ (JSC::createInterruptedExecutionException):
+ * runtime/ExceptionHelpers.h:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::InterruptedExecutionError::create):
+ (JSC::InterruptedExecutionError::createStructure):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ (JSC::TerminatedExecutionError::create):
+ (JSC::TerminatedExecutionError::createStructure):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSObject.h:
+
+2011-09-08 Ryosuke Niwa <rniwa@webkit.org>
+
+ Build fix.
+
+ * dfg/DFGCapabilities.cpp:
+
+2011-09-08 Filip Pizlo <fpizlo@apple.com>
+
+ Value profling and execution count profiling is performed even for
+ code that cannot be optimized
+ https://bugs.webkit.org/show_bug.cgi?id=67694
+
+ Reviewed by Gavin Barraclough.
+
+ This is a 2% speed-up on V8 when tiered compilation is enabled.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::ProgramCodeBlock::canCompileWithDFG):
+ (JSC::EvalCodeBlock::canCompileWithDFG):
+ (JSC::FunctionCodeBlock::canCompileWithDFG):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGCapabilities.cpp: Added.
+ (JSC::DFG::canCompileOpcodes):
+ * dfg/DFGCapabilities.h: Added.
+ (JSC::DFG::mightCompileEval):
+ (JSC::DFG::mightCompileProgram):
+ (JSC::DFG::mightCompileFunctionForCall):
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ (JSC::DFG::canCompileOpcode):
+ (JSC::DFG::canCompileEval):
+ (JSC::DFG::canCompileProgram):
+ (JSC::DFG::canCompileFunctionForCall):
+ (JSC::DFG::canCompileFunctionForConstruct):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::shouldEmitProfiling):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+
+2011-09-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries
+ https://bugs.webkit.org/show_bug.cgi?id=67840
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+
+2011-09-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=67771
+
+ Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace
+ and patchOffsetGetByIdSlowCaseCall
+ and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms.
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JIT.h:
+ * wtf/dtoa/utils.h:
+
+2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getUInt32 from JSCell
+ https://bugs.webkit.org/show_bug.cgi?id=67691
+
+ Reviewed by Oliver Hunt.
+
+ We don't use JSCell::getUInt32 anymore, so it has been removed.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+
+2011-09-07 Filip Pizlo <fpizlo@apple.com>
+
+ PPC build fix.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+
+2011-09-07 Oliver Hunt <oliver@apple.com>
+
+ Release mode build fix.
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::create):
+
+2011-09-06 Oliver Hunt <oliver@apple.com>
+
+ Remove JSObjectWithGlobalObject
+ https://bugs.webkit.org/show_bug.cgi?id=67689
+
+ Reviewed by Geoff Garen.
+
+ Remove JSObjectWithGlobalObject, and update code to stop using anonymous
+ storage to access the global object that a JSObject comes from. Largely
+ mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ (JSC::JSCallbackConstructor::finishCreation):
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.cpp:
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::create):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+ (JSC::::finishCreation):
+ (JSC::::staticFunctionGetter):
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ * API/JSObjectRef.cpp:
+ (JSObjectMake):
+ (JSObjectGetPrivate):
+ (JSObjectSetPrivate):
+ (JSObjectGetPrivateProperty):
+ (JSObjectSetPrivateProperty):
+ (JSObjectDeletePrivateProperty):
+ * API/JSValueRef.cpp:
+ (JSValueIsObjectOfClass):
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchGetMethodFast):
+ (JSC::DFG::tryCacheGetMethod):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateJSFunction):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/DatePrototype.cpp:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ (JSC::InternalFunction::finishCreation):
+ * runtime/InternalFunction.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::finishCreation):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::create):
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ (JSC::JSONObject::finishCreation):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.h:
+ (JSC::JSObject::globalObject):
+ * runtime/JSObjectWithGlobalObject.cpp: Removed.
+ * runtime/JSObjectWithGlobalObject.h: Removed.
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::isValidCallee):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ (JSC::MathObject::finishCreation):
+ * runtime/MathObject.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ (JSC::RegExpObject::finishCreation):
+ * runtime/RegExpObject.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::globalObject):
+
+2011-09-07 Gavin Barraclough <barraclough@apple.com>
+
+ Refactor JIT checks for ObjectType into helper functions.
+
+ Rubber stamped by Sam Weinig.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::branchIfNotObject):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.h:
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emit_op_ret_object_or_this):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitJumpIfNotObject):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_create_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_create_this):
+
+2011-09-07 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r94627 and r94632.
+ http://trac.webkit.org/changeset/94627
+ http://trac.webkit.org/changeset/94632
+ https://bugs.webkit.org/show_bug.cgi?id=67698
+
+ It broke tests on GTK and Qt (Requested by Ossy on #webkit).
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::JSCallbackFunction):
+ * API/JSCallbackFunction.h:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::create):
+ * debugger/DebuggerActivation.h:
+ * jsc.cpp:
+ (GlobalObject::constructorBody):
+ (GlobalObject::GlobalObject):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ * runtime/DatePrototype.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::create):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ (JSC::JSGlobalObject::JSGlobalObject):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::constructorBody):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::constructorBody):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+
+2011-09-06 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ Replace usages of Vector<UChar> with existing StringBuilder
+ https://bugs.webkit.org/show_bug.cgi?id=67079
+
+ Reviewed by Gavin Barraclough.
+
+ This is part of work to support 8-bit string buffers.
+ Adds StringBuilder::characters() because the original Vector<UChar>::data()
+ is widely used.
+ Sets the minimum size of buffer to 16 to prevent possible performance
+ regression. Further performance investigation should be done in
+ https://bugs.webkit.org/show_bug.cgi?id=67084.
+
+ * wtf/Forward.h:
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::operator[]):
+ (WTF::StringBuilder::characters): Added.
+
+2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fix broken snow leopard build
+ https://bugs.webkit.org/show_bug.cgi?id=67693
+
+ Reviewed by Daniel Bates.
+
+ Removed unnecessary symbol export.
+
+ * JavaScriptCore.exp:
+
+2011-09-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize booleans
+ https://bugs.webkit.org/show_bug.cgi?id=67670
+
+ Reviewed by Gavin Barraclough.
+
+ This adds boolean value profiling, boolean prediction in the DFG,
+ boolean forward flow propagation in the DFGPropagator, boolean
+ data format in DFG generation info, and comprehensive optimizations
+ based on both boolean prediction and boolean generation info.
+ This is brings the speed-up on v8-richards to 12%, and gives slight
+ speed-ups elsewhere as well.
+
+ Making this work right required navigating some subtleties in
+ value profiling. Some functions get compiled with insufficient
+ information because some important path of the function never
+ executed. In these cases, we wish to fall back on static
+ speculation. But to do so, we need to ensure that predictions that
+ are inherent in the code (like that GetById almost certainly takes
+ a cell operand) are reflected in predictions that we make in
+ DFGPropagator. Thus, DFGPropagator now does both backward and
+ forward flow, using a both forward and backward fixpoint.
+
+ The backward flow in DFGPropagator is a separate static analysis,
+ and needs to keep a set of backward flow abstract values for
+ variables, arguments, and globals. To make this easy, this patch
+ factors out DFGGraph's prediction tracking capability into
+ DFGPredictionTracker, which now gets used by both DFGGraph (for
+ forward flow predictions) and DFGPropagator (for backward flow
+ predictions). Backward flow predictions eventually get merged
+ into forward flow ones, but the two are not equivalent: a forward
+ flow prediction is a superset of the backward flow prediction.
+
+ Debugging these prediction issues required a better understanding
+ of where we fail speculation, and what our value predictions look
+ like. This patch also adds optional verbose speculation failure
+ (so an informative printf fires whenever speculation failure occurs)
+ and slight improvements to the verbosity in other places.
+
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::numberOfBooleans):
+ (JSC::ValueProfile::probabilityOfBoolean):
+ (JSC::ValueProfile::dump):
+ (JSC::ValueProfile::computeStatistics):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::dataFormatToString):
+ (JSC::DFG::needDataFormatConversion):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::Graph):
+ (JSC::DFG::Graph::predictions):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::predictGlobalVar):
+ (JSC::DFG::Graph::getPrediction):
+ (JSC::DFG::Graph::getGlobalVarPrediction):
+ (JSC::DFG::Graph::isBooleanConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownBoolean):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ (JSC::DFG::JITCodeGenerator::speculationCheck):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::isBooleanConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::debugCall):
+ (JSC::DFG::JITCompiler::isBooleanConstant):
+ (JSC::DFG::JITCompiler::valueOfBooleanConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::isBooleanPrediction):
+ (JSC::DFG::predictionToString):
+ (JSC::DFG::mergePredictions):
+ (JSC::DFG::makePrediction):
+ (JSC::DFG::Node::isBooleanConstant):
+ (JSC::DFG::Node::valueOfBooleanConstant):
+ (JSC::DFG::Node::hasBooleanResult):
+ (JSC::DFG::Node::hasNumericResult):
+ (JSC::DFG::Node::predict):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionTracker.h: Added.
+ (JSC::DFG::operandIsArgument):
+ (JSC::DFG::PredictionSlot::PredictionSlot):
+ (JSC::DFG::PredictionTracker::PredictionTracker):
+ (JSC::DFG::PredictionTracker::initializeSimilarTo):
+ (JSC::DFG::PredictionTracker::numberOfArguments):
+ (JSC::DFG::PredictionTracker::numberOfVariables):
+ (JSC::DFG::PredictionTracker::argumentOffsetForOperand):
+ (JSC::DFG::PredictionTracker::predictArgument):
+ (JSC::DFG::PredictionTracker::predict):
+ (JSC::DFG::PredictionTracker::predictGlobalVar):
+ (JSC::DFG::PredictionTracker::getArgumentPrediction):
+ (JSC::DFG::PredictionTracker::getPrediction):
+ (JSC::DFG::PredictionTracker::getGlobalVarPrediction):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::setPrediction):
+ (JSC::DFG::Propagator::mergeUse):
+ (JSC::DFG::Propagator::mergePrediction):
+ (JSC::DFG::Propagator::propagateNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
+ (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
+ (JSC::DFG::SpeculateBooleanOperand::index):
+ (JSC::DFG::SpeculateBooleanOperand::gpr):
+ (JSC::DFG::SpeculateBooleanOperand::use):
+ * runtime/JSGlobalData.h:
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::description):
+
+2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (5/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67420
+
+ Reviewed by Geoffrey Garen.
+
+ Completed the fifth level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the second level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::JSCallbackFunction):
+ (JSC::JSCallbackFunction::finishCreation):
+ * API/JSCallbackFunction.h:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject::GlobalObject):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::ArrayConstructor::finishCreation):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ (JSC::BooleanConstructor::finishCreation):
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ (JSC::BooleanPrototype::finishCreation):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ (JSC::DateConstructor::finishCreation):
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ (JSC::DatePrototype::finishCreation):
+ * runtime/DatePrototype.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ (JSC::ErrorConstructor::finishCreation):
+ * runtime/ErrorConstructor.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ (JSC::FunctionConstructor::finishCreation):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ (JSC::FunctionPrototype::finishCreation):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ (JSC::JSGlobalObject::JSGlobalObject):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::finishCreation):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::finishCreation):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ (JSC::NumberConstructor::finishCreation):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ (JSC::NumberPrototype::finishCreation):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ (JSC::ObjectConstructor::finishCreation):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpConstructor::finishCreation):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ (JSC::StringConstructor::finishCreation):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ (JSC::StringPrototype::finishCreation):
+ * runtime/StringPrototype.h:
+
+2011-09-06 Filip Pizlo <fpizlo@apple.com>
+
+ Accessibility tests crashing in BasicRawSentinelNode code
+ https://bugs.webkit.org/show_bug.cgi?id=67682
+
+ Reviewed by Geoffrey Garen.
+
+ A CodeBlock should ensure that no other CodeBlocks have references to it after
+ it is destroyed.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+
+2011-09-06 Yong Li <yoli@rim.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=67486
+ This reverts r65993 which gives wrong results for rshift
+ in some corner cases (see the test).
+
+ Reviewed by Gavin Barraclough.
+
+ New test: fast/js/floating-point-truncate-rshift.html
+
+ * assembler/ARMAssembler.h:
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
+
+2011-09-06 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for r94559.
+
+ Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
+ new out-of-line JIT-specific method definitions with !ENABLE(JIT).
+
+ * bytecode/CodeBlock.cpp:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+
+2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fix broken PPC build due to new dtoa library
+ https://bugs.webkit.org/show_bug.cgi?id=67654
+
+ Reviewed by Dan Bernstein.
+
+ Added condition for PPC in the new dtoa compatibility check so that
+ building won't fail.
+
+ * wtf/dtoa/utils.h:
+
+2011-09-05 Oliver Hunt <oliver@apple.com>
+
+ An object's structure should reference the global object responsible for its creation
+ https://bugs.webkit.org/show_bug.cgi?id=67624
+
+ Reviewed by Gavin Barraclough.
+
+ Add a reference to a GlobalObject to Structure, and update all calls to
+ Structure::create() to pass the global object that is the origin for that
+ structure. For objects where the appropriate global object isn't available
+ at construction time (global object prototypes, etc), or objects that
+ logically don't have a global object (strings, etc) we just pass null.
+
+ This change is largely mechanical (passing a new globalObject parameter
+ around).
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::createStructure):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::createStructure):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ * API/JSContextRef.cpp:
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::createStructure):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createStructure):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::createStructure):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::createStructure):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::createStructure):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::createStructure):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::createStructure):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::createStructure):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::createStructure):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::createStructure):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::createStructure):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::createStructure):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::createStructure):
+ * runtime/JSArray.h:
+ (JSC::JSArray::createStructure):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::createStructure):
+ * runtime/JSByteArray.h:
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::finishCreation):
+ (JSC::JSGlobalObject::createStructure):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::createStructure):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::createInheritorID):
+ * runtime/JSObject.h:
+ (JSC::JSObject::createStructure):
+ (JSC::JSNonFinalObject::createStructure):
+ (JSC::JSFinalObject::createStructure):
+ (JSC::createEmptyObjectStructure):
+ * runtime/JSObjectWithGlobalObject.h:
+ (JSC::JSObjectWithGlobalObject::createStructure):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::createStructure):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::createStructure):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::createStructure):
+ * runtime/MathObject.h:
+ (JSC::MathObject::createStructure):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::createStructure):
+ (JSC::NativeErrorConstructor::constructorBody):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::createStructure):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::createStructure):
+ * runtime/RegExp.h:
+ (JSC::RegExp::createStructure):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::createStructure):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::createStructure):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::createStructure):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::createStructure):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::createStructure):
+ * runtime/StringObject.h:
+ (JSC::StringObject::createStructure):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+ (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::createStructure):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::globalObject):
+ (JSC::Structure::setGlobalObject):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::createStructure):
+
+2011-09-06 Michael Saboff <msaboff@apple.com>
+
+ Add windows changes for JSC:RegExp functional tests
+ https://bugs.webkit.org/show_bug.cgi?id=67521
+
+ Windows build changes for regular expression functional test.
+
+ Rubber-stamped by Gavin Barraclough.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/testRegExp: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added.
+
+2011-09-06 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore does not have tiered compilation
+ https://bugs.webkit.org/show_bug.cgi?id=67176
+
+ Reviewed by Gavin Barraclough.
+
+ This adds the ability to have multiple CodeBlocks associated with
+ a particular role in an Executable. These are stored in
+ descending order of compiler tier. CodeBlocks are optimized when
+ a counter (m_executeCounter) that is incremented in loops and
+ epilogues becomes positive. Optimizing means that all calls to
+ the old CodeBlock are unlinked.
+
+ The DFG can now pull in predictions from ValueProfiles, and
+ propagate them along the graph. To support the new phase while
+ maintaing some level of abstraction, a DFGDriver was introduced
+ that encapsulates how to run the DFG compiler.
+
+ This is turned off by default because it's not yet a performance
+ win on all benchmarks. It speeds up crypto and richards by
+ 10% and 6% respectively, but still does not do as good of a job
+ as it could. Notably, the DFG backend has not changed, and
+ is largely oblivious to the new information being made available
+ to it.
+
+ When turned off (the default), this patch is performance neutral.
+
+ * CMakeLists.txt:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::branchAdd32):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::branchAdd32):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CallLinkInfo::unlink):
+ (JSC::CodeBlock::unlinkCalls):
+ (JSC::CodeBlock::unlinkIncomingCalls):
+ (JSC::CodeBlock::clearEvalCache):
+ (JSC::replaceExistingEntries):
+ (JSC::CodeBlock::copyDataFromAlternative):
+ (JSC::ProgramCodeBlock::replacement):
+ (JSC::EvalCodeBlock::replacement):
+ (JSC::FunctionCodeBlock::replacement):
+ (JSC::ProgramCodeBlock::compileOptimized):
+ (JSC::EvalCodeBlock::compileOptimized):
+ (JSC::FunctionCodeBlock::compileOptimized):
+ * bytecode/CodeBlock.h:
+ (JSC::GlobalCodeBlock::GlobalCodeBlock):
+ (JSC::ProgramCodeBlock::ProgramCodeBlock):
+ (JSC::EvalCodeBlock::EvalCodeBlock):
+ (JSC::FunctionCodeBlock::FunctionCodeBlock):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::dump):
+ (JSC::ValueProfile::computeStatistics):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * bytecompiler/BytecodeGenerator.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::dynamicallyPredict):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::parse):
+ * dfg/DFGDriver.cpp: Added.
+ (JSC::DFG::compile):
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGDriver.h: Added.
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::predictGlobalVar):
+ (JSC::DFG::Graph::isConstant):
+ (JSC::DFG::Graph::isJSConstant):
+ (JSC::DFG::Graph::isInt32Constant):
+ (JSC::DFG::Graph::isDoubleConstant):
+ (JSC::DFG::Graph::valueOfJSConstant):
+ (JSC::DFG::Graph::valueOfInt32Constant):
+ (JSC::DFG::Graph::valueOfDoubleConstant):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isConstant):
+ (JSC::DFG::JITCompiler::isJSConstant):
+ (JSC::DFG::JITCompiler::isInt32Constant):
+ (JSC::DFG::JITCompiler::isDoubleConstant):
+ (JSC::DFG::JITCompiler::valueOfJSConstant):
+ (JSC::DFG::JITCompiler::valueOfInt32Constant):
+ (JSC::DFG::JITCompiler::valueOfDoubleConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::isCellPrediction):
+ (JSC::DFG::isNumberPrediction):
+ (JSC::DFG::predictionToString):
+ (JSC::DFG::mergePrediction):
+ (JSC::DFG::makePrediction):
+ (JSC::DFG::Node::valueOfJSConstant):
+ (JSC::DFG::Node::isInt32Constant):
+ (JSC::DFG::Node::isDoubleConstant):
+ (JSC::DFG::Node::valueOfInt32Constant):
+ (JSC::DFG::Node::valueOfDoubleConstant):
+ (JSC::DFG::Node::predict):
+ * dfg/DFGPropagation.cpp: Added.
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::setPrediction):
+ (JSC::DFG::Propagator::mergePrediction):
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::propagateForward):
+ (JSC::DFG::Propagator::propagateBackward):
+ (JSC::DFG::propagate):
+ * dfg/DFGPropagation.h: Added.
+ (JSC::DFG::propagate):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::Node::Node):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ (JSC::JIT::emitTimeoutCheck):
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkFor):
+ * jit/JIT.h:
+ (JSC::JIT::emitOptimizationCheck):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emit_op_ret):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ * jit/JITCode.h:
+ (JSC::JITCode::JITCode):
+ (JSC::JITCode::bottomTierJIT):
+ (JSC::JITCode::topTierJIT):
+ (JSC::JITCode::nextTierJIT):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_ret):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileOptimized):
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileOptimized):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileOptimizedForCall):
+ (JSC::FunctionExecutable::compileOptimizedForConstruct):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::compile):
+ (JSC::ProgramExecutable::compile):
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileForConstruct):
+ (JSC::FunctionExecutable::compileOptimizedFor):
+ * wtf/Platform.h:
+ * wtf/SentinelLinkedList.h:
+ (WTF::BasicRawSentinelNode::BasicRawSentinelNode):
+ (WTF::BasicRawSentinelNode::setPrev):
+ (WTF::BasicRawSentinelNode::setNext):
+ (WTF::BasicRawSentinelNode::prev):
+ (WTF::BasicRawSentinelNode::next):
+ (WTF::BasicRawSentinelNode::isOnList):
+ (WTF::::remove):
+ (WTF::::SentinelLinkedList):
+ (WTF::::begin):
+ (WTF::::end):
+ (WTF::::push):
+
+2011-09-05 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r94445 and r94448.
+ http://trac.webkit.org/changeset/94445
+ http://trac.webkit.org/changeset/94448
+ https://bugs.webkit.org/show_bug.cgi?id=67595
+
+ It broke everything (Requested by ossy on #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::NewSpace):
+ * heap/NewSpace.h:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::putDirectFunctionWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::visitChildrenDirect):
+
+2011-09-05 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed build fix for r94452.
+
+ Add config.h as the first header to the cc files as required by the coding style.
+ Reuse macros from Assertions.h instead of adding addional #ifdefs.
+
+ * wtf/dtoa/bignum-dtoa.cc:
+ * wtf/dtoa/bignum.cc:
+ * wtf/dtoa/cached-powers.cc:
+ * wtf/dtoa/diy-fp.cc:
+ * wtf/dtoa/double-conversion.cc:
+ * wtf/dtoa/fast-dtoa.cc:
+ * wtf/dtoa/fixed-dtoa.cc:
+ * wtf/dtoa/strtod.cc:
+ * wtf/dtoa/utils.h:
+
+2011-09-05 Andras Becsi <andras.becsi@nokia.com>
+
+ [Qt][WK2] Fix the build
+
+ Rubber-stamped by Csaba Osztrogonác.
+
+ * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
+ The variable fractional_part is only set but never used.
+
+2011-09-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
+ https://bugs.webkit.org/show_bug.cgi?id=67562
+
+ Reviewed by Darin Adler.
+
+ Fixing the build (again which was broken by the dtoa patch. Needed
+ to make sure WTF::double_conversion::initialize() is called for Qt
+ as well as adding a check for WinCE in dtoa/utils.h
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * wtf/dtoa/cached-powers.cc:
+ * wtf/dtoa/utils.h:
+
+2011-09-03 Filip Pizlo <fpizlo@apple.com>
+
+ ThunkGenerators does not convert positive double zero into integer zero
+ https://bugs.webkit.org/show_bug.cgi?id=67553
+
+ Reviewed by Gavin Barraclough.
+
+ This is an 0.5% speed-up on V8 and neutral elsewhere.
+
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::returnDouble):
+
+2011-09-03 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
+
+ * wscript:
+
+2011-09-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG variable predictions only work for local variables, not temporaries
+ https://bugs.webkit.org/show_bug.cgi?id=67554
+
+ Reviewed by Gavin Barraclough.
+
+ This appears to be a slight speed-up in Kraken (0.3% but significant)
+ and neutral elsewhere.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+
+2011-09-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT speculation failure does recovery of additions in reverse and
+ doesn't rebox
+ https://bugs.webkit.org/show_bug.cgi?id=67551
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+
+2011-09-02 Filip Pizlo <fpizlo@apple.com>
+
+ ValueProfile does not make it safe to introspect cell values
+ after garbage collection
+ https://bugs.webkit.org/show_bug.cgi?id=67354
+
+ Reviewed by Gavin Barraclough.
+
+ ValueProfile buckets are now weak references, implemented using a
+ light-weight weak reference mechanism that this patch also adds (the
+ WeakReferenceHarvester). If a cell stored in a ValueProfile bucket
+ is not marked, then the bucket is transformed into a Structure
+ pointer. If the Structure is not marked either, then it is turned
+ into a ClassInfo pointer.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::visitWeakReferences):
+ * bytecode/CodeBlock.h:
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::ValueProfile::classInfo):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfCells):
+ (JSC::ValueProfile::numberOfArrays):
+ (JSC::ValueProfile::probabilityOfArray):
+ (JSC::ValueProfile::WeakBucket::WeakBucket):
+ (JSC::ValueProfile::WeakBucket::operator!):
+ (JSC::ValueProfile::WeakBucket::isEmpty):
+ (JSC::ValueProfile::WeakBucket::isClassInfo):
+ (JSC::ValueProfile::WeakBucket::isStructure):
+ (JSC::ValueProfile::WeakBucket::asStructure):
+ (JSC::ValueProfile::WeakBucket::asClassInfo):
+ (JSC::ValueProfile::WeakBucket::getClassInfo):
+ * heap/Heap.cpp:
+ (JSC::Heap::harvestWeakReferences):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::drain):
+ (JSC::SlotVisitor::harvestWeakReferences):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::addWeakReferenceHarvester):
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::appendUnbarrieredPointer):
+ * heap/SlotVisitor.h:
+ * heap/WeakReferenceHarvester.h: Added.
+ (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
+ (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
+
+2011-09-02 Michael Saboff <msaboff@apple.com>
+
+ Replace local implementation of string equals() methods with UString versions
+ https://bugs.webkit.org/show_bug.cgi?id=67342
+
+ In preparation to allowing StringImpl to be backed by 8 bit
+ characters when appropriate, we need to eliminate or change the
+ usage of StringImpl::characters(). Change the uses of characters()
+ that are used to implement redundant equals() methods.
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::equal):
+ * runtime/Identifier.h:
+ (JSC::Identifier::equal):
+ * wtf/text/AtomicString.cpp:
+ (WTF::CStringTranslator::equal): Moved an optimized method to here.
+ (WTF::operator==):
+ * wtf/text/StringImpl.cpp:
+ (WTF::equal):
+ * wtf/text/StringImpl.h:
+
+2011-09-02 Michael Saboff <msaboff@apple.com>
+
+ Add JSC:RegExp functional tests
+ https://bugs.webkit.org/show_bug.cgi?id=67339
+
+ Added new test driver program (testRegExp) and corresponding data file
+ along with build scripts changes.
+
+ Reviewed by Gavin Barraclough.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * testRegExp.cpp: Added.
+ (Options::Options):
+ (StopWatch::start):
+ (StopWatch::stop):
+ (StopWatch::getElapsedMS):
+ (RegExpTest::RegExpTest):
+ (GlobalObject::create):
+ (GlobalObject::className):
+ (GlobalObject::GlobalObject):
+ (main):
+ (cleanupGlobalData):
+ (testOneRegExp):
+ (scanString):
+ (parseRegExpLine):
+ (parseTestLine):
+ (runFromFiles):
+ (printUsageStatement):
+ (parseArguments):
+ (realMain):
+ * tests/regexp: Added.
+ * tests/regexp/RegExpTest.data: Added.
+
+2011-09-02 Michael Saboff <msaboff@apple.com>
+
+ Add JSC:RegExp functional test data generator
+ https://bugs.webkit.org/show_bug.cgi?id=67519
+
+ Add a data generator for regular expressions. To enable, change the
+ #undef REGEXP_FUNC_TEST_DATA_GEN to #define. Then compile and use
+ regular expressions. The resulting data will be in /tmp/RegExpTestsData.
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/RegExp.cpp:
+ (JSC::regExpFlags):
+ (JSC::RegExpFunctionalTestCollector::clearRegExp):
+ (JSC::RegExpFunctionalTestCollector::get):
+ (JSC::RegExpFunctionalTestCollector::outputOneTest):
+ (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
+ (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
+ (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
+ (JSC::RegExp::~RegExp):
+ (JSC::RegExp::compile):
+ (JSC::RegExp::match):
+ (JSC::RegExp::matchCompareWithInterpreter):
+
+2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fix the broken build due to dtoa patch
+ https://bugs.webkit.org/show_bug.cgi?id=67534
+
+ Reviewed by Oliver Hunt.
+
+ Fixing the build.
+
+ * GNUmakefile.list.am:
+ * wtf/dtoa/bignum.cc:
+ * wtf/dtoa/fast-dtoa.cc:
+ * wtf/dtoa/utils.h:
+
+2011-09-02 Oliver Hunt <oliver@apple.com>
+
+ Remove OldSpace classes
+ https://bugs.webkit.org/show_bug.cgi?id=67533
+
+ Reviewed by Gavin Barraclough.
+
+ Remove the unused OldSpace classes
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp:
+ (JSC::Heap::writeBarrierSlowCase):
+ * heap/MarkedBlock.h:
+ * heap/OldSpace.cpp: Removed.
+ * heap/OldSpace.h: Removed.
+
+2011-09-02 James Robinson <jamesr@chromium.org>
+
+ Compile fix for mac build.
+
+ * wtf/CheckedArithmetic.h:
+ (WTF::operator+):
+ (WTF::operator-):
+ (WTF::operator*):
+
+2011-08-30 Matthew Delaney <mdelaney@apple.com>
+
+ Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
+ https://bugs.webkit.org/show_bug.cgi?id=65352
+
+ Reviewed by Simon Fraser.
+
+ New test: fast/canvas/canvas-getImageData-large-crash.html
+
+ This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
+ calls that specify widths and heights that end up overflowing the ints that we store those values in
+ as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
+ arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
+ is just to add a new helper method described below.
+
+ * wtf/MathExtras.h:
+ (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
+
+2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Incorporate newer, faster dtoa library
+ https://bugs.webkit.org/show_bug.cgi?id=66346
+
+ Reviewed by Oliver Hunt.
+
+ Added new dtoa library at http://code.google.com/p/double-conversion/.
+ Replaced old call to dtoa. The new library is much faster than the old one.
+ We still use the old dtoa for some stuff in WebCore as well as the old strtod,
+ but we can phase these out eventually as well.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/InitializeThreading.cpp:
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToExponential):
+ (JSC::numberProtoFuncToFixed):
+ (JSC::numberProtoFuncToPrecision):
+ * runtime/UString.cpp:
+ (JSC::UString::number):
+ * wtf/CMakeLists.txt:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+ * wtf/ThreadingWin.cpp:
+ (WTF::initializeThreading):
+ * wtf/dtoa.cpp:
+ (WTF::dtoa):
+ * wtf/dtoa.h:
+ * wtf/dtoa/COPYING: Added.
+ * wtf/dtoa/LICENSE: Added.
+ * wtf/dtoa/README: Added.
+ * wtf/dtoa/bignum-dtoa.cc: Added.
+ * wtf/dtoa/bignum-dtoa.h: Added.
+ * wtf/dtoa/bignum.cc: Added.
+ * wtf/dtoa/bignum.h: Added.
+ (WTF::double_conversion::Bignum::Times10):
+ (WTF::double_conversion::Bignum::Equal):
+ (WTF::double_conversion::Bignum::LessEqual):
+ (WTF::double_conversion::Bignum::Less):
+ (WTF::double_conversion::Bignum::PlusEqual):
+ (WTF::double_conversion::Bignum::PlusLessEqual):
+ (WTF::double_conversion::Bignum::PlusLess):
+ (WTF::double_conversion::Bignum::EnsureCapacity):
+ (WTF::double_conversion::Bignum::BigitLength):
+ * wtf/dtoa/cached-powers.cc: Added.
+ * wtf/dtoa/cached-powers.h: Added.
+ * wtf/dtoa/diy-fp.cc: Added.
+ * wtf/dtoa/diy-fp.h: Added.
+ (WTF::double_conversion::DiyFp::DiyFp):
+ (WTF::double_conversion::DiyFp::Subtract):
+ (WTF::double_conversion::DiyFp::Minus):
+ (WTF::double_conversion::DiyFp::Times):
+ (WTF::double_conversion::DiyFp::Normalize):
+ (WTF::double_conversion::DiyFp::f):
+ (WTF::double_conversion::DiyFp::e):
+ (WTF::double_conversion::DiyFp::set_f):
+ (WTF::double_conversion::DiyFp::set_e):
+ * wtf/dtoa/double-conversion.cc: Added.
+ * wtf/dtoa/double-conversion.h: Added.
+ (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
+ (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
+ * wtf/dtoa/double.h: Added.
+ (WTF::double_conversion::double_to_uint64):
+ (WTF::double_conversion::uint64_to_double):
+ (WTF::double_conversion::Double::Double):
+ (WTF::double_conversion::Double::AsDiyFp):
+ (WTF::double_conversion::Double::AsNormalizedDiyFp):
+ (WTF::double_conversion::Double::AsUint64):
+ (WTF::double_conversion::Double::NextDouble):
+ (WTF::double_conversion::Double::Exponent):
+ (WTF::double_conversion::Double::Significand):
+ (WTF::double_conversion::Double::IsDenormal):
+ (WTF::double_conversion::Double::IsSpecial):
+ (WTF::double_conversion::Double::IsNan):
+ (WTF::double_conversion::Double::IsInfinite):
+ (WTF::double_conversion::Double::Sign):
+ (WTF::double_conversion::Double::UpperBoundary):
+ (WTF::double_conversion::Double::NormalizedBoundaries):
+ (WTF::double_conversion::Double::value):
+ (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
+ (WTF::double_conversion::Double::Infinity):
+ (WTF::double_conversion::Double::NaN):
+ (WTF::double_conversion::Double::DiyFpToUint64):
+ * wtf/dtoa/fast-dtoa.cc: Added.
+ * wtf/dtoa/fast-dtoa.h: Added.
+ * wtf/dtoa/fixed-dtoa.cc: Added.
+ * wtf/dtoa/fixed-dtoa.h: Added.
+ * wtf/dtoa/strtod.cc: Added.
+ * wtf/dtoa/strtod.h: Added.
+ * wtf/dtoa/utils.h: Added.
+ (WTF::double_conversion::Max):
+ (WTF::double_conversion::Min):
+ (WTF::double_conversion::StrLength):
+ (WTF::double_conversion::Vector::Vector):
+ (WTF::double_conversion::Vector::SubVector):
+ (WTF::double_conversion::Vector::length):
+ (WTF::double_conversion::Vector::is_empty):
+ (WTF::double_conversion::Vector::start):
+ (WTF::double_conversion::Vector::operator[]):
+ (WTF::double_conversion::Vector::first):
+ (WTF::double_conversion::Vector::last):
+ (WTF::double_conversion::StringBuilder::StringBuilder):
+ (WTF::double_conversion::StringBuilder::~StringBuilder):
+ (WTF::double_conversion::StringBuilder::size):
+ (WTF::double_conversion::StringBuilder::position):
+ (WTF::double_conversion::StringBuilder::Reset):
+ (WTF::double_conversion::StringBuilder::AddCharacter):
+ (WTF::double_conversion::StringBuilder::AddString):
+ (WTF::double_conversion::StringBuilder::AddSubstring):
+ (WTF::double_conversion::StringBuilder::AddPadding):
+ (WTF::double_conversion::StringBuilder::Finalize):
+ (WTF::double_conversion::StringBuilder::is_finalized):
+ (WTF::double_conversion::BitCast):
+ * wtf/wtf.pri:
+
+2011-09-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG graph has no way of distinguishing or reconciling between static
+ and dynamic predictions
+ https://bugs.webkit.org/show_bug.cgi?id=67343
+
+ Reviewed by Gavin Barraclough.
+
+ PredictedType now stores the source of the prediction. Merging predictions,
+ which was previously done with a bitwise or, is now done via the
+ mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
+ functions, which correctly handle combinations of static and dynamic.
+
+ This is performance-neutral, since all predictions are currently static and
+ so the code has no visible effects.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::staticallyPredictArray):
+ (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::predictGlobalVar):
+ * dfg/DFGNode.h:
+ (JSC::DFG::isArrayPrediction):
+ (JSC::DFG::isInt32Prediction):
+ (JSC::DFG::isDoublePrediction):
+ (JSC::DFG::isDynamicPrediction):
+ (JSC::DFG::mergePredictions):
+ (JSC::DFG::mergePrediction):
+ (JSC::DFG::makePrediction):
+ (JSC::DFG::Node::predict):
+
+2011-09-02 Oliver Hunt <oliver@apple.com>
+
+ Fix 32bit build.
+
+ * heap/NewSpace.h:
+ (JSC::NewSpace::allocatePropertyStorage):
+ (JSC::NewSpace::inPropertyStorageNursery):
+
+2011-09-02 Oliver Hunt <oliver@apple.com>
+
+ Use bump allocator for initial property storage
+ https://bugs.webkit.org/show_bug.cgi?id=67494
+
+ Reviewed by Gavin Barraclough.
+
+ Switch to a bump allocator for the initial out of line
+ property storage. This gives us slightly faster allocation
+ for short lived objects that need out of line storage at
+ the cost of an additional memcpy when the object survives
+ a GC pass.
+
+ No performance impact.
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (JSC::Heap::allocatePropertyStorage):
+ (JSC::Heap::inPropertyStorageNursary):
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::NewSpace):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::resetPropertyStorageNursary):
+ (JSC::NewSpace::allocatePropertyStorage):
+ (JSC::NewSpace::inPropertyStorageNursary):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::putDirectFunctionWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::visitChildrenDirect):
+
+2011-09-01 Mark Rowe <mrowe@apple.com>
+
+ Fix the build.
+
+ * JavaScriptCore.JSVALUE32_64only.exp:
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.exp:
+
+2011-09-01 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (4/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67174
+
+ Reviewed by Oliver Hunt.
+
+ Completed the fourth level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the second level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ (JSC::JSCallbackConstructor::finishCreation):
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::create):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+ (JSC::::finishCreation):
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ (JSC::DebuggerActivation::create):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ (JSC::Arguments::createNoParameters):
+ (JSC::Arguments::Arguments):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ (JSC::ArrayPrototype::finishCreation):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ (JSC::BooleanObject::finishCreation):
+ * runtime/BooleanObject.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ (JSC::DateInstance::finishCreation):
+ * runtime/DateInstance.h:
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::create):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ (JSC::ErrorPrototype::finishCreation):
+ * runtime/ErrorPrototype.h:
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::InterruptedExecutionError::create):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ (JSC::TerminatedExecutionError::create):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::EvalExecutable):
+ (JSC::ProgramExecutable::ProgramExecutable):
+ (JSC::FunctionExecutable::FunctionExecutable):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ (JSC::InternalFunction::finishCreation):
+ * runtime/InternalFunction.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ (JSC::JSActivation::finishCreation):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::create):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::finishCreation):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::finishCreation):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::JSNotAnObject):
+ (JSC::JSNotAnObject::create):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ (JSC::JSONObject::finishCreation):
+ * runtime/JSONObject.h:
+ * runtime/JSObjectWithGlobalObject.cpp:
+ (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+ * runtime/JSObjectWithGlobalObject.h:
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::finishCreation):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::JSVariableObject):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::JSWrapperObject):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ (JSC::MathObject::finishCreation):
+ * runtime/MathObject.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ (JSC::NumberObject::finishCreation):
+ * runtime/NumberObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::create):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ (JSC::RegExpMatchesArray::finishCreation):
+ * runtime/RegExpMatchesArray.h:
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ (JSC::RegExpObject::finishCreation):
+ * runtime/RegExpObject.h:
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::StrictEvalActivation):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::create):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ (JSC::StringObject::finishCreation):
+ * runtime/StringObject.h:
+
+2011-09-01 Daniel Bates <dbates@rim.com>
+
+ QNX GCC distribution doesn't support vasprintf()
+ https://bugs.webkit.org/show_bug.cgi?id=67423
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
+
+2011-09-01 Michael Saboff <msaboff@apple.com>
+
+ Remove simple usage of UString::characters() from JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=67340
+
+ In preparation to allowing StringImpl to be backed by 8 bit
+ characters when appropriate, we need to eliminate or change the
+ usage of StringImpl::characters(). Most of the changes below
+ change s->characters()[0] to s[0].
+
+ Reviewed by Geoffrey Garen.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::keyForCharacterSwitch):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::processClauseList):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::addSlowCase):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::jsToNumber):
+ (JSC::parseFloat):
+ * runtime/JSString.cpp:
+ (JSC::JSString::substringFromRope):
+ * runtime/JSString.h:
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsString):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString):
+ * runtime/RegExp.cpp:
+ (JSC::regExpFlags):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::operator[]):
+
+2011-09-01 Ada Chan <adachan@apple.com>
+
+ Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-01 Hao Zheng <zhenghao@chromium.org>
+
+ Define PTHREAD_KEYS_MAX to fix Android port build.
+ https://bugs.webkit.org/show_bug.cgi?id=67362
+
+ Reviewed by Adam Barth.
+
+ PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+
+2011-08-31 Oliver Hunt <oliver@apple.com>
+
+ Fix build.
+
+ * wtf/CheckedArithmetic.h:
+ (WTF::Checked::Checked):
+ (WTF::Checked::operator=):
+
+2011-08-31 Oliver Hunt <oliver@apple.com>
+
+ fast/regex/overflow.html asserts in debug builds
+ https://bugs.webkit.org/show_bug.cgi?id=67326
+
+ Reviewed by Gavin Barraclough.
+
+ The deliberate overflows in these expressions don't interact nicely
+ with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
+ intermediate calculations.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+
+2011-08-31 Jeff Miller <jeffm@apple.com>
+
+ REGRESSION(92210): AVFoundation media engine is disabled on OS X
+ https://bugs.webkit.org/show_bug.cgi?id=67316
+
+ Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
+ since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
+ changes that were made in r92210.
+
+ Reviewed by Darin Adler.
+
+ * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
+
+2011-08-31 Peter Beverloo <peter@chromium.org>
+
+ Add Android's platform specification and the right atomic functions.
+ https://bugs.webkit.org/show_bug.cgi?id=66687
+
+ Reviewed by Adam Barth.
+
+ * wtf/Atomics.h:
+ (WTF::atomicIncrement):
+ (WTF::atomicDecrement):
+ * wtf/Platform.h:
+
+2011-08-30 Oliver Hunt <oliver@apple.com>
+
+ Add support for checked arithmetic
+ https://bugs.webkit.org/show_bug.cgi?id=67095
+
+ Reviewed by Sam Weinig.
+
+ Add a checked arithmetic class Checked<T> that provides overflow-safe
+ arithmetic over all integral types. Checked<T> supports addition, subtraction
+ and multiplication, along with "bool" conversions and equality operators.
+
+ Checked<> can be used in either CRASH() on overflow or delayed failure modes,
+ although the default is to CRASH().
+
+ To ensure the code is actually in use (rather than checking in dead code) I've
+ made a couple of properties in YARR use Checked<int> and Checked<unsigned>
+ instead of raw value arithmetic. This has resulted in a moderate set of changes,
+ to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
+ to unsigned for some uses of sizeof, as Checked<> currently does not support
+ mixed signed-ness of types wider that 32 bits.
+
+ Happily the increased type safety of Checked<> means that it's not possible to
+ accidentally assign away precision, nor accidentally call integer overload of
+ a function instead of the bool version.
+
+ No measurable regression in performance, and SunSpider claims this patch to be
+ a progression of 0.3%.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CheckedArithmetic.h: Added.
+ (WTF::CrashOnOverflow::overflowed):
+ (WTF::CrashOnOverflow::clearOverflow):
+ (WTF::CrashOnOverflow::hasOverflowed):
+ (WTF::RecordOverflow::RecordOverflow):
+ (WTF::RecordOverflow::overflowed):
+ (WTF::RecordOverflow::clearOverflow):
+ (WTF::RecordOverflow::hasOverflowed):
+ (WTF::isInBounds):
+ (WTF::safeAdd):
+ (WTF::safeSub):
+ (WTF::safeMultiply):
+ (WTF::safeEquals):
+ (WTF::workAroundClangBug):
+ (WTF::Checked::Checked):
+ (WTF::Checked::operator=):
+ (WTF::Checked::operator++):
+ (WTF::Checked::operator--):
+ (WTF::Checked::operator!):
+ (WTF::Checked::operator UnspecifiedBoolType*):
+ (WTF::Checked::get):
+ (WTF::Checked::operator+=):
+ (WTF::Checked::operator-=):
+ (WTF::Checked::operator*=):
+ (WTF::Checked::operator==):
+ (WTF::Checked::operator!=):
+ (WTF::operator+):
+ (WTF::operator-):
+ (WTF::operator*):
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::atomPatternCharacter):
+ (JSC::Yarr::ByteCompiler::atomCharacterClass):
+ (JSC::Yarr::ByteCompiler::atomBackReference):
+ (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
+ (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
+ (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
+ (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
+ * yarr/YarrInterpreter.h:
+ (JSC::Yarr::ByteTerm::ByteTerm):
+ (JSC::Yarr::ByteTerm::CheckInput):
+ (JSC::Yarr::ByteTerm::UncheckInput):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generateAssertionEOL):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
+ * yarr/YarrPattern.h:
+
+2011-08-31 Andrei Popescu <andreip@google.com>
+
+ Investigate current uses of OS(ANDROID)
+ https://bugs.webkit.org/show_bug.cgi?id=66761
+
+ Unreviewed, build fix for ARM platforms.
+
+ * wtf/Platform.h:
+
+2011-08-31 Andrei Popescu <andreip@google.com>
+
+ Investigate current uses of OS(ANDROID)
+ https://bugs.webkit.org/show_bug.cgi?id=66761
+
+ Reviewed by Darin Adler.
+
+ Remove the last legacy Android code.
+
+ No new tests needed as the code wasn't tested in the first place.
+
+ * wtf/Atomics.h:
+ * wtf/Platform.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::createThreadInternal):
+
+2011-08-30 Aaron Colwell <acolwell@chromium.org>
+
+ Add MediaSource API to HTMLMediaElement
+ https://bugs.webkit.org/show_bug.cgi?id=64731
+
+ Reviewed by Eric Carlson.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-08-30 Oliver Hunt <oliver@apple.com>
+
+ TypedArrays don't ensure that denormalised values are normalised
+ https://bugs.webkit.org/show_bug.cgi?id=67178
+
+ Reviewed by Gavin Barraclough.
+
+ Add a couple of assertions to jsNumber() to ensure that
+ we block signaling NaNs
+
+ * runtime/JSValue.h:
+ (JSC::jsDoubleNumber):
+ (JSC::jsNumber):
+
+2011-08-30 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
+
+ [Qt] Do not unconditionally use pkg-config in .pro files
+ https://bugs.webkit.org/show_bug.cgi?id=67055
+
+ Reviewed by Andreas Kling.
+
+ Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
+
+ Using the first pkg-config in PATH is prone to errors when cross
+ compiling inside the Qt repository (using Qt's build-system).
+
+ This patch protect calls for pkg-config with
+ !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
+ QT_CONFIG by Qt's 'configure' when cross-compiling on systems
+ without pkg-config.
+
+ The respective change in Qt's configure has been submited already.
+
+ No new tests as this is just a build change.
+
+ * wtf/wtf.pri: protect pkg-config calls
+
+2011-08-29 Daniel Bates <dbates@webkit.org>
+
+ Add HAVE(VASPRINTF) macro to test for vasprintf() support
+ https://bugs.webkit.org/show_bug.cgi?id=67156
+
+ Reviewed by Darin Adler.
+
+ Encapsulate testing of vasprintf() support in a HAVE macro
+ instead of hardcoding the list of supported/unsupported
+ compilers at the call site.
+
+ * wtf/Platform.h:
+
+2011-08-29 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (3/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67064
+
+ Reviewed by Darin Adler.
+
+ Completed the third level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the second level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ (JSC::DebuggerActivation::finishCreation):
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ (JSC::Arguments::createNoParameters):
+ (JSC::Arguments::Arguments):
+ (JSC::Arguments::finishCreation):
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::finishCreation):
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::EvalExecutable):
+ (JSC::ProgramExecutable::ProgramExecutable):
+ (JSC::FunctionExecutable::FunctionExecutable):
+ Moved the assignment of m_firstLine and m_lastLine into the
+ FunctionExecutable::finishCreation() method in Executable.h
+ * runtime/Executable.h:
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+ (JSC::FunctionExecutable::finishCreation):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ (JSC::JSArray::finishCreation):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::finishCreation):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::JSNotAnObject):
+ * runtime/JSObject.h:
+ (JSC::JSNonFinalObject::JSNonFinalObject):
+ * runtime/JSObjectWithGlobalObject.cpp:
+ (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+ (JSC::JSObjectWithGlobalObject::finishCreation):
+ * runtime/JSObjectWithGlobalObject.h:
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::JSVariableObject):
+ (JSC::JSVariableObject::finishCreation):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::JSWrapperObject):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ (JSC::ObjectPrototype::finishCreation):
+ * runtime/ObjectPrototype.h:
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::StrictEvalActivation):
+
+2011-08-29 Andreas Kling <kling@webkit.org>
+
+ Unreviewed build fix after r93990.
+
+ * wtf/HashTable.h:
+
+2011-08-29 Andreas Kling <kling@webkit.org>
+
+ Viewing a post on reddit.com wastes a lot of memory on event listeners.
+ https://bugs.webkit.org/show_bug.cgi?id=67133
+
+ Reviewed by Darin Adler.
+
+ Add a minimum table size to the HashTraits, instead of having it hard coded.
+ The default value remains at 64, but can now be specialized.
+
+ * runtime/StructureTransitionTable.h:
+ * wtf/HashTable.h:
+ (WTF::HashTable::shouldShrink):
+ (WTF::::expand):
+ (WTF::::checkTableConsistencyExceptSize):
+ * wtf/HashTraits.h:
+
+2011-08-28 Jonathan Liu <net147@gmail.com>
+
+ Fix build error when compiling with MinGW-w64 by disabling JIT
+ on Windows 64-bit
+ https://bugs.webkit.org/show_bug.cgi?id=61235
+
+ Reviewed by Gavin Barraclough.
+
+ The fixed mmap executable allocator for JIT on x86_64 requires
+ sys/mman.h which is not available on Windows.
+
+ * wtf/Platform.h:
+
+2011-08-27 Filip Pizlo <fpizlo@apple.com>
+
+ JSC::Executable is inconsistent about using weak handle finalizers
+ and destructors for releasing memory
+ https://bugs.webkit.org/show_bug.cgi?id=67072
+
+ Reviewed by Darin Adler.
+
+ Moved more of the destruction of Executable state into the finalizer,
+ which also resulted in an opportunity to mostly combine this with
+ discardCode(). This also means that the finalizer is now enabled even
+ when the JIT is turned off. This is performance neutral on SunSpider,
+ V8, and Kraken.
+
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::clearCode):
+ (JSC::ExecutableFinalizer::finalize):
+ (JSC::EvalExecutable::clearCode):
+ (JSC::ProgramExecutable::clearCode):
+ (JSC::FunctionExecutable::discardCode):
+ (JSC::FunctionExecutable::clearCode):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::finishCreation):
+
+2011-08-26 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT - ArithMod may clobber operands.
+ https://bugs.webkit.org/show_bug.cgi?id=67085
+
+ Reviewed by Sam Weinig.
+
+ unboxDouble must be called on a temporary.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-08-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (2/7)
+ https://bugs.webkit.org/show_bug.cgi?id=66957
+
+ Reviewed by Darin Adler.
+
+ Completed the second level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::create):
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::ScriptExecutable::finishCreation):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::GetterSetter):
+ (JSC::GetterSetter::create):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::create):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSObject.h:
+ (JSC::JSNonFinalObject::JSNonFinalObject):
+ (JSC::JSNonFinalObject::finishCreation):
+ (JSC::JSFinalObject::create):
+ (JSC::JSFinalObject::finishCreation):
+ (JSC::JSFinalObject::JSFinalObject):
+ (JSC::JSObject::JSObject):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::createWithoutCaching):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ (JSC::ScopeChainNode::create):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::finishCreation):
+ (JSC::Structure::createStructure):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+
+2011-08-26 Filip Pizlo <fpizlo@apple.com>
+
+ The GC does not have a facility for profiling the kinds of objects
+ that occupy the heap
+ https://bugs.webkit.org/show_bug.cgi?id=66849
+
+ Reviewed by Geoffrey Garen.
+
+ Destructor calls and object scans are now optionally counted, per
+ vtable. When the heap is destroyed and profiling is enabled, the
+ counts are dumped, with care taken to print the names of classes
+ (modulo C++ mangling) sorted in descending commonality.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * heap/MarkStack.h:
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::callDestructor):
+ * heap/MarkedBlock.h:
+ * heap/VTableSpectrum.cpp: Added.
+ (JSC::VTableSpectrum::VTableSpectrum):
+ (JSC::VTableSpectrum::~VTableSpectrum):
+ (JSC::VTableSpectrum::countVPtr):
+ (JSC::VTableSpectrum::count):
+ (JSC::VTableAndCount::VTableAndCount):
+ (JSC::VTableAndCount::operator<):
+ (JSC::VTableSpectrum::dump):
+ * heap/VTableSpectrum.h: Added.
+ * wtf/Platform.h:
+
+2011-08-26 Juan C. Montemayor <jmont@apple.com>
+
+ Update topCallFrame when calling host functions in the JIT
+ https://bugs.webkit.org/show_bug.cgi?id=67010
+
+ Reviewed by Oliver Hunt.
+
+ The topCallFrame is not being updated when a host function is
+ called by the JIT. This causes problems when trying to create a
+ stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
+
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+
+2011-08-26 Alexey Proskuryakov <ap@apple.com>
+
+ Get rid of frame life support timer
+ https://bugs.webkit.org/show_bug.cgi?id=66874
+
+ Reviewed by Geoff Garen.
+
+ * runtime/JSGlobalObject.h:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
+
+2011-08-26 Chao-ying Fu <fu@mips.com>
+
+ Fix MIPS patchOffsetGetByIdSlowCaseCall
+ https://bugs.webkit.org/show_bug.cgi?id=67046
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JIT.h:
+
+2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing broken build due to unused variables in release mode
+ https://bugs.webkit.org/show_bug.cgi?id=67004
+
+ Unreviewed, release build fix.
+
+ Fixing broken build due to unused variables in ASSERTs in release build.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::finishCreation):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::finishCreation):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::finishCreation):
+
+2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (1/7)
+ https://bugs.webkit.org/show_bug.cgi?id=66827
+
+ Reviewed by Geoffrey Garen.
+
+ Added finishCreation() methods to all immediately subclasses of JSCell with
+ non-empty constructors. Part of a larger refactoring to "unzip" initialization
+ lists and constructor bodies. Also renamed JSCell's constructorBody() method
+ to finishCreation().
+
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::constructorBody):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::GetterSetter):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::constructorBody):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::JSCell):
+ (JSC::JSCell::JSCell::constructorBody):
+ * runtime/JSObject.h:
+ (JSC::JSObject::constructorBody):
+ (JSC::JSObject::JSObject):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::constructorBody):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::constructorBody):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::constructorBody):
+ * runtime/RegExp.h:
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ (JSC::ScopeChainNode::constructorBody):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ (JSC::StructureChain::constructorBody):
+
+2011-08-25 Gabor Loki <loki@webkit.org>
+
+ REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
+ https://bugs.webkit.org/show_bug.cgi?id=66956
+
+ Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
+
+ Reviewed by Oliver Hunt.
+
+ * jit/JIT.h:
+
+2011-08-24 Juan C. Montemayor <jmont@apple.com>
+
+ Keep track of topCallFrame for Stack traces
+ https://bugs.webkit.org/show_bug.cgi?id=66571
+
+ Reviewed by Geoffrey Garen.
+
+ This patch adds a TopCallFrame to JSC in order to have that information
+ when an error is thrown to create a stack trace. The TopCallFrame is
+ updated throughout select points in the Interpreter and the JSC.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::throwException):
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC::TopCallFrameSetter::TopCallFrameSetter):
+ (JSC::TopCallFrameSetter::~TopCallFrameSetter):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::updateTopCallFrame):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::call):
+ * jit/JITStubs.cpp:
+ (JSC::throwExceptionFromOpCall):
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::arityCheckFor):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+
+2011-08-24 Filip Pizlo <fpizlo@apple.com>
+
+ ErrorInstance::create sometimes has two heap object constructions
+ in flight at once
+ https://bugs.webkit.org/show_bug.cgi?id=66845
+
+ Reviewed by Darin Adler.
+
+ The fix is simple since there is already a second create() method
+ that takes a UString.
+
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::create):
+
+2011-08-24 Filip Pizlo <fpizlo@apple.com>
+
+ There is no facility for profiling how the write barrier is used
+ https://bugs.webkit.org/show_bug.cgi?id=66747
+
+ Reviewed by Geoffrey Garen.
+
+ Added facilities for the JIT to specify the kind of write barrier
+ being executed. Added code for profiling the number of each kind
+ of barrier encountered.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::emitCount):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::emitCount):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrier):
+ * heap/WriteBarrierSupport.cpp: Added.
+ (JSC::WriteBarrierCounters::initialize):
+ * heap/WriteBarrierSupport.h: Added.
+ (JSC::WriteBarrierCounters::WriteBarrierCounters):
+ (JSC::WriteBarrierCounters::jitCounterFor):
+ (JSC::WriteBarrierCounters::countWriteBarrier):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var):
+ (JSC::JIT::emitWriteBarrier):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var):
+ (JSC::JIT::emitWriteBarrier):
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
+2011-08-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add checks to ensure allocation does not take place during initialization of GC-managed objects
+ https://bugs.webkit.org/show_bug.cgi?id=65288
+
+ Reviewed by Darin Adler.
+
+ Adding the new validation functionality. In its current state, it will performs checks,
+ but they don't fail unless you do allocation in the arguments to the parent constructor in the
+ initialization list of a class. The allocateCell() method turns on the global flag disallowing any new
+ allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still
+ allowed in constructor bodies while other refactoring efforts continue.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::constructorBody):
+ (JSC::JSCell::JSCell::JSCell):
+ (JSC::JSCell::allocateCell):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::isInitializingObject):
+ (JSC::JSGlobalData::setInitializingObject):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+
+2011-08-23 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=55347
+ "name" and "message" enumerable on *Error.prototype
+
+ Reviewed by Sam Weinig.
+
+ The default value of a NativeErrorPrototype's message
+ property is "", not the name of the error.
+
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::create):
+ (JSC::NativeErrorConstructor::constructorBody):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::constructorBody):
+ * runtime/NativeErrorPrototype.h:
+ (JSC::NativeErrorPrototype::create):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+
+2011-08-23 Steve Block <steveblock@google.com>
+
+ Remove last occurrences of PLATFORM(ANDROID)
+ https://bugs.webkit.org/show_bug.cgi?id=66763
+
+ Reviewed by Tony Gentilcore.
+
+ * wtf/Platform.h:
+
+2011-08-23 Steve Block <steveblock@google.com>
+
+ Remove all mention of removed Android files from build scripts
+ https://bugs.webkit.org/show_bug.cgi?id=66755
+
+ Reviewed by Tony Gentilcore.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-08-23 Adam Barth <abarth@webkit.org>
+
+ Remove WebCore/editing/android and other Android-specific directories
+ https://bugs.webkit.org/show_bug.cgi?id=66739
+
+ Reviewed by Steve Block.
+
+ Now that Android shares more code with Chromium, we don't need these
+ Android-specific files.
+
+ * wtf/android: Removed.
+ * wtf/android/AndroidThreading.h: Removed.
+ * wtf/android/MainThreadAndroid.cpp: Removed.
+
+2011-08-23 Ilya Tikhonovsky <loislo@chromium.org>
+
+ Unreviewed build fix for compile error on Windows for r93560.
+
+ * runtime/SamplingCounter.h:
+
+2011-08-22 Filip Pizlo <fpizlo@apple.com>
+
+ Sampling counter support is in the bytecode directory
+ https://bugs.webkit.org/show_bug.cgi?id=66724
+
+ Reviewed by Darin Adler.
+
+ Moved SamplingCounter to a separate header in runtime/.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/SamplingTool.cpp:
+ * bytecode/SamplingTool.h:
+ * runtime/SamplingCounter.cpp: Added.
+ (JSC::AbstractSamplingCounter::dump):
+ * runtime/SamplingCounter.h: Added.
+ (JSC::AbstractSamplingCounter::count):
+ (JSC::AbstractSamplingCounter::addressOfCounter):
+ (JSC::AbstractSamplingCounter::init):
+ (JSC::SamplingCounter::SamplingCounter):
+ (JSC::GlobalSamplingCounter::name):
+ (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
+ (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
+
+2011-08-21 Martin Robinson <mrobinson@igalia.com>
+
+ Fix 'make dist' for WebKitGTK+.
+
+ * GNUmakefile.list.am: Add a missing header to the sources list.
+
+2011-08-20 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore bytecompiler does not compute scope depth correctly
+ in the case of constant declarations
+ https://bugs.webkit.org/show_bug.cgi?id=66572
+
+ Reviewed by Oliver Hunt.
+
+ Changed the handling of const to add the dynamic scope depth.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ConstDeclNode::emitCodeSingle):
+
+2011-08-19 Daniel Bates <dbates@webkit.org>
+
+ Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
+ https://bugs.webkit.org/show_bug.cgi?id=66617
+
+ Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
+ But we cause a compile error if the platform doesn't support SA_RESTART regardless of
+ whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
+ SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
+
+ Reviewed by Antonio Gomes.
+
+ * heap/MachineStackMarker.cpp:
+
+2011-08-19 Filip Pizlo <fpizlo@apple.com>
+
+ The JSC JIT currently has no facility to profile and report
+ the types of values
+ https://bugs.webkit.org/show_bug.cgi?id=65901
+
+ Reviewed by Gavin Barraclough.
+
+ Added the ability to profile the values seen at function calls (both
+ arguments and results) and heap loads. This is done with emphasis
+ on performance. A value profiling site consists of: add, and,
+ move, and store; no branching is necessary. Each value profiling
+ site (called a ValueProfile) has a ring buffer of 8 recently-seen
+ values. ValueProfiles are stored in the CodeBlock; there will be
+ one for each argument (excluding this) and each heap load or callsite.
+ Each time a value profiling site executes, it stores the value into
+ a pseudo-random element in the ValueProfile buffer. The point is
+ that for frequently executed code, we will have 8 somewhat recent
+ values in the buffer and will be able to not only figure out what
+ type it is, but also to be able to reason about the actual values
+ if we wish to do so.
+
+ This feature is currently disabled by default. When enabled, it
+ results in a 3.7% slow-down on SunSpider.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addValueProfile):
+ (JSC::CodeBlock::numberOfValueProfiles):
+ (JSC::CodeBlock::valueProfile):
+ (JSC::CodeBlock::valueProfileForBytecodeOffset):
+ * bytecode/ValueProfile.h: Added.
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::computeProbability):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfCells):
+ (JSC::ValueProfile::probabilityOfInt32):
+ (JSC::ValueProfile::probabilityOfDouble):
+ (JSC::ValueProfile::probabilityOfCell):
+ (JSC::getValueProfileBytecodeOffset):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITCall.cpp:
+ (JSC::JIT::emit_op_call_put_result):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emitSlow_op_get_by_id):
+ * jit/JSInterfaceJIT.h:
+ * wtf/Platform.h:
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+ (WTF::genericBinarySearch):
+
+2011-08-19 Daniel Bates <dbates@webkit.org>
+
+ Don't include DisallowCType.h when building on QNX
+ https://bugs.webkit.org/show_bug.cgi?id=66616
+
+ Reviewed by Antonio Gomes.
+
+ * config.h:
+
+2011-08-19 Daniel Bates <dbates@webkit.org>
+
+ Implement ExecutableAllocator::cacheFlush() for QNX
+ https://bugs.webkit.org/show_bug.cgi?id=66611
+
+ Reviewed by Antonio Gomes.
+
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+
+2011-08-19 Daniel Bates <dbates@webkit.org>
+
+ Implement WTF::atomic{Increment, Decrement}() for QNX
+ https://bugs.webkit.org/show_bug.cgi?id=66605
+
+ Reviewed by Darin Adler.
+
+ * wtf/Atomics.h:
+ (WTF::atomicIncrement):
+ (WTF::atomicDecrement):
+
+2011-08-19 Beth Dakin <bdakin@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=66590
+ Re-name scrollbar painter types
+
+ Reviewed by Sam Weinig.
+
+ WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer
+ applies.
+ * wtf/Platform.h:
+
+2011-08-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Move allocation in constructors into separate constructorBody() methods
+ https://bugs.webkit.org/show_bug.cgi?id=66265
+
+ Reviewed by Oliver Hunt.
+
+ Refactoring to put all allocations that need to be done after the object's
+ initialization list has executed but before the object is ready for use
+ into a separate constructorBody() method. This method is still called by the constructor,
+ so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * jsc.cpp:
+ (GlobalObject::constructorBody):
+ (GlobalObject::GlobalObject):
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::constructorBody):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ (JSC::ErrorPrototype::constructorBody):
+ * runtime/ErrorPrototype.h:
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::constructorBody):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::constructorBody):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::constructorBody):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::constructorBody):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::constructorBody):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::constructorBody):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::constructorBody):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::constructorBody):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::constructorBody):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+
+2011-08-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT does not inline the double case of ValueAdd
+ https://bugs.webkit.org/show_bug.cgi?id=66025
+
+ Reviewed by Gavin Barraclough.
+
+ This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
+ benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
+ stanford-crypto-sha256-iterative). It looks like it might have
+ a speed-up in SunSpider (though not statistically significant or
+ particularly reproducible) and a slight slow-down in V8 (0.14%,
+ not statistically significant). It does slow down v8-crypto by
+ 1.5%.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNumeric):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ * dfg/DFGOperations.cpp:
+
+2011-08-18 Filip Pizlo <fpizlo@apple.com>
+
+ [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
+ https://bugs.webkit.org/show_bug.cgi?id=66426
+
+ Reviewed by Oliver Hunt.
+
+ Changed the branchTestPtr to branchTest32.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-08-17 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=66379
+ implements load32WithCompactAddressOffsetPatch function
+ and fixes store32 and moveWithPatch functions for SH4 platforms.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::rshift32):
+ (JSC::MacroAssemblerSH4::store32):
+ (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
+ (JSC::MacroAssemblerSH4::moveWithPatch):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::movlMemRegCompact):
+ (JSC::SH4Assembler::readPointer):
+ (JSC::SH4Assembler::repatchCompact):
+ * jit/JIT.h:
+
+2011-08-17 Filip Pizlo <fpizlo@apple.com>
+
+ JSC verbose debugging output sometimes doesn't work as expected.
+ https://bugs.webkit.org/show_bug.cgi?id=66107
+
+ Reviewed by Gavin Barraclough.
+
+ Hardened the CodeBlock::dump() code so that it no longer crashes. Improved
+ the DFG verbose code so that it prints slightly more useful information.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::debugSize):
+ * bytecode/CodeBlock.cpp:
+ (JSC::valueToSourceString):
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::numberOfRegExps):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+
+2011-08-16 Michael Saboff <msaboff@apple.com>
+
+ Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
+ https://bugs.webkit.org/show_bug.cgi?id=66351
+
+ JIT::privateCompilePutByIdTransition expects that regT0 and regT1
+ have the basePayload and baseTag respectively. In some cases,
+ we may get to this generated code with one or both of these
+ registers trash. One know case is that regT0 on ARM may be
+ trashed as regT0 (r0) is also arg0 and can be overrun with sp due
+ to calls to JIT::restoreReturnAddress(). This patch uses the
+ values on the stack. A longer term solution is to work out all
+ cases so that the register entry assumptions can assured.
+
+ While fixing this, also determined that the additional stack offset
+ of sizeof(void*) is not needed for ARM.
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+
+2011-08-15 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=66263
+ DFG JIT does not always zero extend boolean result of DFG operations
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - Change bool return values to a 64-bit type.
+
+2011-08-15 Gavin Barraclough <barraclough@apple.com>
+
+ Crash accessing static property on sealed object
+ https://bugs.webkit.org/show_bug.cgi?id=66242
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirectInternal):
+ - should only check isExtensible if checkReadOnly.
+
+2011-08-15 Sam Weinig <sam@webkit.org>
+
+ Fix release build when building with Clang.
+
+ Reviewed by Anders Carlsson.
+
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::checkCurrentIdentifierTable):
+ Add NO_RETURN_DUE_TO_CRASH.
+
+2011-08-15 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
+
+ Reviewed by Nikolas Zimmermann.
+
+ Speed up SVGSMILElement::findInstanceTime.
+ https://bugs.webkit.org/show_bug.cgi?id=61025
+
+ Add a new parameter to StdlibExtras.h::binarySerarch function
+ to also handle cases when the array does not contain the key value.
+ This is needed for an svg function.
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-08-13 Sam Weinig <sam@webkit.org>
+
+ Add back 0xbbadbeef to CRASH to allow for old habits
+ https://bugs.webkit.org/show_bug.cgi?id=66190
+
+ Reviewed by David Kilzer.
+
+ * wtf/Assertions.h:
+ Add back the assignment to the memory address 0xbbadbeef in the CRASH
+ macro, as it does not cause issue in the clang static analyzer and many
+ people use its presence in crash reports to easily identify ASSERTs.
+
+2011-08-13 Sam Weinig <sam@webkit.org>
+
+ Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=66182
+
+ Reviewed by Dan Bernstein.
+
+ Fixes 10 warnings in JavaScriptCore and 2 in testapi.
+
+ * API/tests/testapi.c:
+ (main):
+ Remove dead variables.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ Initialize hasPrinted and silence an unused warning by casting to void (Ok here
+ since it is debug code and I want to keep it clear that if other cases are added,
+ the hasPrinted flag would be needed).
+
+ * wtf/dtoa.cpp:
+ (WTF::d2b):
+ The variable "de" in the else block is always zero, so there is no reason to
+ use it.
+
+2011-08-12 Sam Weinig <sam@webkit.org>
+
+ Use __builtin_trap() for CRASH when building with clang
+ https://bugs.webkit.org/show_bug.cgi?id=66152
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/Assertions.h:
+ Add Clang specific CRASH macro that calls __builtin_trap() instead
+ of silly techniques to crash. This allows the static analyzer to understand
+ that we are intentionally crashing. As a result, we need to mark some functions
+ as not returning.
+
+ Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
+
+ * wtf/Compiler.h:
+ Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::Internal::fastMallocMatchFailed):
+ Add NO_RETURN_DUE_TO_CRASH.
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
+ (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
+ Add NO_RETURN_DUE_TO_ASSERT.
+
+2011-08-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT has inconsistent use of boxDouble and unboxDouble,
+ inconsistent use of assertions regarding doubles, and those
+ assertions are not turned on in debug builds
+ https://bugs.webkit.org/show_bug.cgi?id=66160
+
+ Reviewed by Gavin Barraclough.
+
+ JIT assertions are now turned on in debug builds. JIT
+ assertions are now used for boxing and unboxing doubles, and boxing
+ and unboxing no longer involves code duplication.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::GeneralizedRegister::moveTo):
+ (JSC::DFG::GeneralizedRegister::swapWith):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::boxDouble):
+ (JSC::DFG::JITCompiler::unboxDouble):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+
+2011-08-12 Mark Rowe <mrowe@apple.com>
+
+ Be more forward-looking in the choice of compiler.
+
+ Rubber-stamped by Jon Honeycutt.
+
+ * Configurations/CompilerVersion.xcconfig:
+
+2011-08-12 Kalev Lember <kalevlember@gmail.com>
+
+ [GTK] Fix non-pthreads build after r91906.
+ https://bugs.webkit.org/show_bug.cgi?id=66151
+
+ Reviewed by David Levin.
+
+ r91906 broke the non-pthreads GTK+ build by including a header which
+ doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
+
+ * wtf/gtk/ThreadingGtk.cpp:
+
+2011-08-12 Mark Rowe <mrowe@apple.com>
+
+ Update some configuration settings that were missed back in r92432.
+
+ * Configurations/CompilerVersion.xcconfig:
+
+2011-08-12 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
+ Matrix3D.invert)
+ https://bugs.webkit.org/show_bug.cgi?id=66038
+
+ Reviewed by Gavin Barraclough.
+
+ Simplest and lowest-impact fix for the case where the spilled format
+ of a DFG node differs from the register format: if the format is
+ converted then indicate that the spilled value is no longer valid
+ ("kill the spill").
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::killSpilled):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-08-12 Sam Weinig <sam@webkit.org>
+
+ Move compiler specific macros to their own header
+ https://bugs.webkit.org/show_bug.cgi?id=66119
+
+ Reviewed by Anders Carlsson.
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ Add Compiler.h
+
+ * wtf/AlwaysInline.h:
+ Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
+ Compiler.h. We can remove this file in a later commit.
+
+ * wtf/Compiler.h: Added.
+ Put all compiler specific checks and features in this file.
+
+ * wtf/Platform.h:
+ Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
+ to Compiler.h. Include Compiler.h since it is necessary.
+
+2011-08-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT-specific structure stub info code offset fields are signed
+ 8-bit, but it is possible for the offsets to be greater than 127
+ https://bugs.webkit.org/show_bug.cgi?id=66122
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+
+2011-08-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT speculation failure code sometimes picks the wrong register
+ as a scratch register.
+ https://bugs.webkit.org/show_bug.cgi?id=66104
+
+ Reviewed by Gavin Barraclough.
+
+ Hardened the code with more assertions and fixed the bug. Now a
+ spilled register is only used for scratch if it also isn't being
+ used for shuffling.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+
+2011-08-11 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r92880.
+ http://trac.webkit.org/changeset/92880
+ https://bugs.webkit.org/show_bug.cgi?id=66123
+
+ Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
+
+ * wtf/PassRefPtr.h:
+
+2011-08-11 Mark Rowe <mrowe@apple.com>
+
+ Don't conditionalize the use of -fomit-frame-pointer on compiler version as
+ all of our supported compilers are now new enough to have the same, sane behavior.
+
+ Rubber-stamped by Sam Weinig.
+
+ * Configurations/JavaScriptCore.xcconfig:
+
+2011-08-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT verbose mode does not report the generated types of nodes
+ https://bugs.webkit.org/show_bug.cgi?id=65830
+
+ Reviewed by Sam Weinig.
+
+ Added code that prints the type selected for each node's result.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::dataFormatToString):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-08-11 James Robinson <jamesr@chromium.org>
+
+ nullptr can't be used for PassRefPtr
+ https://bugs.webkit.org/show_bug.cgi?id=66024
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/PassRefPtr.h:
+ (WTF::PassRefPtr::PassRefPtr):
+
+2011-08-11 Daniel Bates <dbates@rim.com>
+
+ Removed unused variable in StackBounds::initialize() to resolve
+ compiler warning when building on QNX.
+ https://bugs.webkit.org/show_bug.cgi?id=66072
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/StackBounds.cpp:
+ (WTF::StackBounds::initialize):
+
+2011-08-11 Devdatta Deshpande <pwjd73@motorola.com>
+
+ Implementation of monotonically increasing clock on GTK
+ https://bugs.webkit.org/show_bug.cgi?id=62175
+
+ Reviewed by Martin Robinson.
+
+ * wtf/CurrentTime.cpp:
+ (WTF::monotonicallyIncreasingTime):
+ The default implementation of monotonicallyIncreasingTime only
+ guarantees the result to be non-decreasing.
+ If the system time is changed to past then default implementation will
+ still fail and WebCore timers will not fire.
+
+2011-08-10 Geoffrey Garen <ggaren@apple.com>
+
+ Removed some incorrect code that was dead.
+
+ Reviewed by Oliver Hunt.
+
+ clearSingleTransition() wasn't resetting m_data. Luckily,
+ no one cares, because its caller was unused. Removed both.
+
+ * runtime/Structure.cpp:
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::~StructureTransitionTable):
+
+2011-08-10 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
+ https://bugs.webkit.org/show_bug.cgi?id=66010
+
+ Reviewed by Oliver Hunt.
+
+ Made sure that Construct calls use() on the this argument.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-08-10 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSC should always throw when function arg list is too long
+ https://bugs.webkit.org/show_bug.cgi?id=65869
+
+ Reviewed by Oliver Hunt.
+
+ Changed the behavior of the interpreter and JIT to throw an exception
+ when too many arguments are passed rather than truncating the list. Added
+ a new method to create a "Too many arguments." exception used by this
+ new functionality.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::createTooManyParamsError):
+ * runtime/ExceptionHelpers.h:
+
+2011-08-10 Oliver Hunt <oliver@apple.com>
+
+ Make GC checks more aggressive in release builds
+ https://bugs.webkit.org/show_bug.cgi?id=66001
+
+ Reviewed by Gavin Barraclough.
+
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::visitStrongHandles):
+ (JSC::HandleHeap::visitWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::isLiveNode):
+ (JSC::HandleHeap::isValidWeakNode):
+ Increase handle heap validation logic, and make some of
+ the crashes trigger in release builds as well as debug.
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::allocate):
+ (JSC::HandleHeap::makeWeak):
+ Ditto
+ * runtime/JSGlobalData.cpp:
+ (WTF::Recompiler::operator()):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ Fix GC bugs found while testing this patch
+
+2011-08-10 Oliver Hunt <oliver@apple.com>
+
+ JSEvaluteScript does not return the correct object when given JSONP data
+ https://bugs.webkit.org/show_bug.cgi?id=66003
+
+ Reviewed by Gavin Barraclough.
+
+ Make sure we propagate the result of the function call rather than the
+ argument.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+
+2011-08-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT heap prediction causes regressions when combined with
+ aggressive integer prediction
+ https://bugs.webkit.org/show_bug.cgi?id=65954
+
+ Reviewed by Gavin Barraclough.
+
+ Disabled heap prediction, but did not remove the capability.
+ This improves V8 crypto performance by 20%.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+
+2011-08-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not speculative integers as aggressively as it should
+ https://bugs.webkit.org/show_bug.cgi?id=65949
+
+ Reviewed by Gavin Barraclough.
+
+ Added a tree walk to propagate integer predictions through arithmetic
+ expressions.
+
+ This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
+ translates to a 19% speed-up on Kraken overall. It's neutral on
+ other benchmarks.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::predictInt32):
+
+2011-08-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT has no way of propagating predictions to loads and calls
+ https://bugs.webkit.org/show_bug.cgi?id=65883
+
+ Reviewed by Gavin Barraclough.
+
+ This introduces the capability to store predictions on graph
+ nodes. To save space while being somewhat consistent, the
+ prediction is always stored in the second OpInfo slot (since
+ a GetById will use the first one for the identifier). This
+ change is a natural extension of r92593 (global variable
+ prediction).
+
+ This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
+ win on V8 in the geometric mean. It is neutral on SunSpider
+ and Kraken. Interestingly, on V8 it regresses crypto by 3%
+ while progressing deltablue and richards by 2.6% and 4.3%,
+ respectively.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::isCellPrediction):
+ (JSC::DFG::isArrayPrediction):
+ (JSC::DFG::isInt32Prediction):
+ (JSC::DFG::isDoublePrediction):
+ (JSC::DFG::isNumberPrediction):
+ (JSC::DFG::predictionToString):
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasPrediction):
+ (JSC::DFG::Node::getPrediction):
+ (JSC::DFG::Node::predict):
+
+2011-08-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT passes the this argument to constructors even though
+ it's not necessary
+ https://bugs.webkit.org/show_bug.cgi?id=65943
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-08-09 Chao-ying Fu <fu@mips.com>
+
+ Fix one MIPS instruction to call JITStubThunked_##op
+ https://bugs.webkit.org/show_bug.cgi?id=65942
+
+ Reviewed by Gavin Barraclough.
+
+ Changed "bal" to "jalr" for a possible processor mode change from
+ MIPS32 to MIPS16.
+
+ * jit/JITStubs.cpp:
+
+2011-08-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT failure loading web site
+ https://bugs.webkit.org/show_bug.cgi?id=65930
+
+ Reviewed by Oliver Hunt.
+
+ Put the use() call after the fpr()/gpr() calls, since doing otherwise
+ breaks the register allocator.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+
+2011-08-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add ParentClass typedef in all JSC classes
+ https://bugs.webkit.org/show_bug.cgi?id=65731
+
+ Reviewed by Oliver Hunt.
+
+ Just added the Base typedefs in all the classes that are a subclass of JSCell
+ to point at their parent classes. This is a change to support future changes to the way
+ constructors and destructors are implemented in JS objects, among other things.
+
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ (JSC::JSCallbackObject::visitChildren):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::asCallbackObject):
+ (JSC::::JSCallbackObject):
+ (JSC::::init):
+ (JSC::::className):
+ (JSC::::getOwnPropertySlot):
+ (JSC::::getOwnPropertyDescriptor):
+ (JSC::::put):
+ (JSC::::deleteProperty):
+ (JSC::::getConstructData):
+ (JSC::::construct):
+ (JSC::::hasInstance):
+ (JSC::::getCallData):
+ (JSC::::call):
+ (JSC::::getOwnPropertyNames):
+ (JSC::::toNumber):
+ (JSC::::toString):
+ (JSC::::setPrivate):
+ (JSC::::getPrivate):
+ (JSC::::inherits):
+ (JSC::::getStaticValue):
+ (JSC::::staticFunctionGetter):
+ (JSC::::callbackGetter):
+ * debugger/DebuggerActivation.h:
+ * jsc.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.h:
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.h:
+ * runtime/DatePrototype.h:
+ * runtime/Error.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/ErrorInstance.h:
+ * runtime/ErrorPrototype.h:
+ * runtime/ExceptionHelpers.cpp:
+ * runtime/Executable.h:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.h:
+ * runtime/GetterSetter.h:
+ * runtime/InternalFunction.h:
+ * runtime/JSAPIValueWrapper.h:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.h:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.h:
+ * runtime/JSVariableObject.h:
+ * runtime/JSWrapperObject.h:
+ * runtime/MathObject.h:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.h:
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExp.h:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.h:
+ * runtime/ScopeChain.h:
+ * runtime/StrictEvalActivation.h:
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.h:
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ * runtime/StringPrototype.h:
+ * runtime/Structure.h:
+ * runtime/StructureChain.h:
+
+2011-08-08 Oliver Hunt <oliver@apple.com>
+
+ Using mprotect to create guard pages breaks our use of madvise to release executable memory
+ https://bugs.webkit.org/show_bug.cgi?id=65870
+
+ Reviewed by Gavin Barraclough.
+
+ Use mmap rather than mprotect to clear guard page permissions.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+
+2011-08-08 Oliver Hunt <oliver@apple.com>
+
+ Non-extensibility does not prevent mutating [[Prototype]]
+ https://bugs.webkit.org/show_bug.cgi?id=65832
+
+ Reviewed by Gavin Barraclough.
+
+ Disallow mutation of __proto__ on objects that are not extensible.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+
+2011-08-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not track speculation decisions for global variables
+ https://bugs.webkit.org/show_bug.cgi?id=65825
+
+ Reviewed by Gavin Barraclough.
+
+ Added the capability to track predictions for global variables, and
+ ensured that code can abstract over the source of prediction (local
+ versus global variable) wherever it is appropriate to do so. Also
+ cleaned up the code in SpeculativeJIT that decides how to speculate
+ based on recorded predictions (for example instead of using isInteger,
+ which makes sense for local predictions where the GetLocal would
+ return an integer value, we now tend to use shouldSpeculateInteger,
+ which checks if the value is either already an integer or should be
+ speculated to be an integer).
+
+ This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
+ win on controlflow-recursive. It's also a 4.8% win on v8-crypto.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::predictArray):
+ (JSC::DFG::ByteCodeParser::predictInt32):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predictGlobalVar):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getGlobalVarPrediction):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
+
+2011-08-07 Martin Robinson <mrobinson@igalia.com>
+
+ Distribution fix for GTK+.
+
+ * GNUmakefile.list.am: Strip removed files from the source list.
+
+2011-08-06 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65821
+ Don't form identifiers the first time a string is used as a property name.
+
+ Reviewed by Oliver Hunt.
+
+ This is a 1% win on SunSpider.
+
+ * dfg/DFGOperations.cpp:
+ - Use fastGetOwnProperty.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Use fastGetOwnProperty.
+ * runtime/JSCell.h:
+ * runtime/JSObject.h:
+ (JSC::JSCell::fastGetOwnProperty):
+ - Fast call to get a property without creating an identifier the first time.
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::find):
+ (JSC::PropertyTable::findWithString):
+ - Add interface to look up by either strinsg or identifiers.
+ * runtime/Structure.h:
+ (JSC::Structure::get):
+ - Add a get() call that takes a UString, not an Identifier.
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::hasHash):
+ - Add a call to check if the has has been set (to detect the first use as a property name).
+
+2011-08-06 Aron Rosenberg <arosenberg@logitech.com>
+
+ Reviewed by Benjamin Poulain.
+
+ [Qt] Fix build with Intel compiler on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=65088
+
+ Intel compiler needs .lib suffixes instead of .a
+ Intel compiler doesn't support nullptr
+ Intel compiler supports unsized arrays
+
+ * JavaScriptCore.pri:
+ * jsc.cpp:
+ * wtf/ByteArray.h:
+ * wtf/NullPtr.h:
+
+2011-08-05 Gavin Barraclough <barraclough@apple.com>
+
+ String replace with the empty string means string removal
+ https://bugs.webkit.org/show_bug.cgi?id=65799
+
+ Reviewed by Sam Weinig.
+
+ Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::jsSpliceSubstrings):
+ (JSC::stringProtoFuncReplace):
+
+2011-08-05 Noel Gordon <noel.gordon@gmail.com>
+
+ [Chromium] Remove JSZombie references from gyp project files.
+ https://bugs.webkit.org/show_bug.cgi?id=65798
+
+ JSC runtime/JSZombie.{cpp,h} were removed in r92046. Remove references to these
+ file names from the gyp projects.
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.gypi: zombies be gone.
+
+2011-08-05 Mark Rowe <mrowe@apple.com>
+
+ <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
+ is tied to a particular dispatch queue
+
+ A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
+ with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
+ to ensure that all operations are performed on the given dispatch queue.
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/RefCounted.h:
+ (WTF::RefCountedBase::setDispatchQueueForVerifier):
+ * wtf/ThreadRestrictionVerifier.h:
+ (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
+ (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
+ (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
+ (WTF::ThreadRestrictionVerifier::setShared):
+ (WTF::ThreadRestrictionVerifier::isSafeToUse):
+
+2011-08-05 Oliver Hunt <oliver@apple.com>
+
+ Inline allocation of function objects
+ https://bugs.webkit.org/show_bug.cgi?id=65779
+
+ Reviewed by Gavin Barraclough.
+
+ Inline allocation and initilisation of function objects
+ in generated code. This ended up being a 60-70% improvement
+ in function allocation performance. This improvement shows
+ up as a ~2% improvement in 32bit sunspider and V8, but is a
+ wash on 64-bit.
+
+ We currently don't inline the allocation of named function
+ expressions, as that requires being able to gc allocate a
+ variable object.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JSC::JIT::emitStoreCell):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+ (JSC::JIT::emitAllocateJSFinalObject):
+ (JSC::JIT::emitAllocateJSFunction):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_func):
+ (JSC::JIT::emitSlow_op_new_func):
+ (JSC::JIT::emit_op_new_func_exp):
+ (JSC::JIT::emitSlow_op_new_func_exp):
+ * jit/JITOpcodes32_64.cpp:
+ Removed duplicate implementation of op_new_func and op_new_func_exp
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::offsetOfScopeChain):
+ (JSC::JSFunction::offsetOfExecutable):
+
+2011-08-04 David Levin <levin@chromium.org>
+
+ CStringBuffer should have thread safety checks turned on.
+ https://bugs.webkit.org/show_bug.cgi?id=58093
+
+ Reviewed by Dmitry Titov.
+
+ * wtf/text/CString.h:
+ (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
+ turned this off for Chromium.
+
+2011-08-04 Mark Rowe <mrowe@apple.com>
+
+ Future-proof Xcode configuration settings.
+
+ * Configurations/Base.xcconfig:
+ * Configurations/DebugRelease.xcconfig:
+ * Configurations/JavaScriptCore.xcconfig:
+ * Configurations/Version.xcconfig:
+
+2011-08-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Interpreter can potentially GC in the middle of initializing a structure chain
+ https://bugs.webkit.org/show_bug.cgi?id=65638
+
+ Reviewed by Oliver Hunt.
+
+ Moved the allocation of a prototype StructureChain before the initialization of
+ the structure chain within the interpreter that was causing intermittent GC crashes.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::tryCachePutByID):
+ * wtf/Platform.h:
+
+2011-08-04 Filip Pizlo <fpizlo@apple.com>
+
+ Eval handling attempts literal parsing even when the eval
+ string is in the cache
+ https://bugs.webkit.org/show_bug.cgi?id=65675
+
+ Reviewed by Oliver Hunt.
+
+ This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
+ in SunSpider. It's neutral on V8.
+
+ * bytecode/EvalCodeCache.h:
+ (JSC::EvalCodeCache::tryGet):
+ (JSC::EvalCodeCache::getSlow):
+ (JSC::EvalCodeCache::get):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+
+2011-08-03 Mark Rowe <mrowe@apple.com>
+
+ Bring some order to FeatureDefines.xcconfig to make it easier to follow.
+
+ Reviewed by Sam Weinig.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-08-03 Mark Rowe <mrowe@apple.com>
+
+ Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
+
+ Reviewed by Dave Kilzer.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-08-03 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC heap size improvement breaks build on some platforms due to
+ unused parameter
+ https://bugs.webkit.org/show_bug.cgi?id=65641
+
+ Reviewed by Darin Adler.
+
+ Fix build on non-x86 platforms, by ensuring that the relevant
+ parameter always appears to be used even when it isn't.
+
+ * heap/Heap.cpp:
+
+2011-08-03 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Reorganize pkg-config files
+ https://bugs.webkit.org/show_bug.cgi?id=65548
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.am:
+ * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
+
+2011-08-01 David Levin <levin@chromium.org>
+
+ Add asserts to RefCounted to make sure ref/deref happens on the right thread.
+ https://bugs.webkit.org/show_bug.cgi?id=31639
+
+ Reviewed by Dmitry Titov.
+
+ * GNUmakefile.list.am: Added new files to the build.
+ * JavaScriptCore.gypi: Ditto.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
+ due to not being able to figure out what was guarding it (bug 58091).
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider): Ditto.
+ * wtf/CMakeLists.txt: Added new files to the build.
+ * wtf/ThreadRestrictionVerifier.h: Added.
+ Everything is done in the header to avoid the issue with exports
+ that are only useful in debug but still needing to export them.
+ * wtf/RefCounted.h:
+ (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
+ and filed bug 58171 about making it stricter.
+ (WTF::RefCountedBase::hasOneRef): Ditto.
+ (WTF::RefCountedBase::refCount): Ditto.
+ (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
+ on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
+ (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
+ Filed bug 58174 to remove this method.
+ (WTF::RefCountedBase::derefBase):
+ * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
+ * wtf/text/CString.h:
+ (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
+ done in Chromium (bug 58093).
+
+2011-08-02 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC may not be able to reuse partially-free blocks after a
+ full collection
+ https://bugs.webkit.org/show_bug.cgi?id=65585
+
+ Reviewed by Darin Adler.
+
+ This fixes the linked list management bug. This fix is performance
+ neutral on SunSpider.
+
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::removeBlock):
+
+2011-07-30 Oliver Hunt <oliver@apple.com>
+
+ Simplify JSFunction creation for functions written in JS
+ https://bugs.webkit.org/show_bug.cgi?id=65422
+
+ Reviewed by Gavin Barraclough.
+
+ Remove hash lookups used to write name property and transition
+ function structure by caching the resultant structure and property
+ offset in JSGlobalObject. This doesn't impact performance, but
+ we can use this change to make other improvements later.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+ * runtime/Executable.h:
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::FunctionExecutable::jsName):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::namedFunctionStructure):
+ (JSC::JSGlobalObject::functionNameOffset):
+
+2011-08-02 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC uses dummy cells to avoid having to remember which cells
+ it has already destroyed
+ https://bugs.webkit.org/show_bug.cgi?id=65556
+
+ Reviewed by Oliver Hunt.
+
+ This gets rid of dummy cells, and ensures that it's not necessary
+ to invoke a destructor on cells that have already been swept. In
+ the common case, a block knows that either all of its free cells
+ still need to have destructors called, or none of them do, which
+ minimizes the amount of branching that needs to happen per cell
+ when performing a sweep.
+
+ This is performance neutral on SunSpider and V8. It is meant as
+ a stepping stone to simplify the implementation of more
+ sophisticated sweeping algorithms.
+
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::ClearMarks::operator()):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::initForCellSize):
+ (JSC::MarkedBlock::callDestructor):
+ (JSC::MarkedBlock::specializedReset):
+ (JSC::MarkedBlock::reset):
+ (JSC::MarkedBlock::specializedSweep):
+ (JSC::MarkedBlock::sweep):
+ (JSC::MarkedBlock::produceFreeList):
+ (JSC::MarkedBlock::lazySweep):
+ (JSC::MarkedBlock::blessNewBlockForFastPath):
+ (JSC::MarkedBlock::blessNewBlockForSlowPath):
+ (JSC::MarkedBlock::canonicalizeBlock):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::FreeCell::setNoObject):
+ (JSC::MarkedBlock::setDestructorState):
+ (JSC::MarkedBlock::destructorState):
+ (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ * runtime/JSGlobalData.h:
+ * runtime/Structure.h:
+
+2011-08-01 Michael Saboff <msaboff@apple.com>
+
+ Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
+ https://bugs.webkit.org/show_bug.cgi?id=65502
+
+ Reviewed by Anders Carlsson.
+
+ With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
+ added an assert to the return code of madvise to catch any regressions.
+
+ * wtf/TCSystemAlloc.cpp:
+ (TCMalloc_SystemRelease):
+
+2011-08-02 Anders Carlsson <andersca@apple.com>
+
+ Fix Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-08-02 Anders Carlsson <andersca@apple.com>
+
+ Fix a Windows build error.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-08-02 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC is far too conservative about growing the heap size, particularly
+ on desktop platforms
+ https://bugs.webkit.org/show_bug.cgi?id=65438
+
+ Reviewed by Oliver Hunt.
+
+ The minimum heap size is now 16MB instead of 512KB, provided all of the
+ following are true:
+ a) ENABLE(LARGE_HEAP) is set, which currently only happens on
+ x86 targets, but could reasonably happen on any platform that is
+ known to have a decent amount of RAM.
+ b) JSGlobalData is initialized with HeapSize = LargeHeap, which
+ currently only happens when it's the JSDOMWindowBase in WebCore or
+ in the jsc command-line tool.
+
+ This is a 4.1% speed-up on SunSpider.
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * jsc.cpp:
+ (main):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::createContextGroup):
+ (JSC::JSGlobalData::create):
+ (JSC::JSGlobalData::createLeaked):
+ (JSC::JSGlobalData::sharedInstance):
+ * runtime/JSGlobalData.h:
+ * wtf/Platform.h:
+
+2011-08-02 Filip Pizlo <fpizlo@apple.com>
+
+ JSC does a GC even when the heap still has free pages
+ https://bugs.webkit.org/show_bug.cgi?id=65445
+
+ Reviewed by Oliver Hunt.
+
+ If the high watermark is not reached, then we allocate new blocks as
+ before. If the current watermark does reach (or exceed) the high
+ watermark, then we check if there is a block on the free block pool.
+ If there is, we simply allocation from it. If there isn't, we
+ invoke a collectin as before. This effectively couples the elastic
+ scavenging to the collector's decision function. That is, if an
+ application rapidly varies its heap usage (sometimes using more and
+ sometimes less) then the collector will not thrash as it used to.
+ But if heap usage drops and stays low then the scavenger thread and
+ the GC will eventually reach a kind of consensus: the GC will set
+ the watermark low because of low heap usage, and the scavenger thread
+ will steadily eliminate pages from the free page pool, until the size
+ of the free pool is below the high watermark.
+
+ On command-line, this is neutral on SunSpider and Kraken and a 3% win
+ on V8. In browser, this is a 1% win on V8 and neutral on the other
+ two.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::allocateSlowCase):
+ (JSC::Heap::allocateBlock):
+ * heap/Heap.h:
+
+2011-08-02 Jeff Miller <jeffm@apple.com>
+
+ Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
+ https://bugs.webkit.org/show_bug.cgi?id=65552
+
+ Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
+
+ Reviewed by Adam Roben.
+
+ * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
+
+2011-08-01 Jean-luc Brouillet <jeanluc@chromium.org>
+
+ Removing old source files in gyp files that slow build
+ https://bugs.webkit.org/show_bug.cgi?id=65503
+
+ Reviewed by Adam Barth.
+
+ A number of stale files are listed in the gyp files. These slow the
+ build on Visual Studio 2010. Removing them.
+
+ * JavaScriptCore.gypi:
+
+2011-07-14 David Levin <levin@chromium.org>
+
+ currentThread is too slow!
+ https://bugs.webkit.org/show_bug.cgi?id=64577
+
+ Reviewed by Darin Adler and Dmitry Titov.
+
+ The problem is that currentThread results in a pthread_once call which always takes a lock.
+ With this change, currentThread is 10% faster than isMainThread in release mode and only
+ 5% slower than isMainThread in debug.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
+ which is no longer needed because this is called from initializeThreading().
+ (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
+ intialization of the pthread key should already be done.
+ (WTF::ThreadIdentifierData::initialize): Ditto.
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading): Acquire the pthread key here.
+
+2011-08-01 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT sometimes creates speculation check data structures that have
+ invalid information about the format of a register
+ https://bugs.webkit.org/show_bug.cgi?id=65490
+
+ Reviewed by Gavin Barraclough.
+
+ The code now makes sure to (1) always have correct and up-to-date
+ information about register format at the time that a speculation
+ check is emitted, (2) assert that speculation data is correct
+ inside the speculation check implementation, and (3) avoid creating
+ speculation data altogether if compilation has already failed, since
+ at that point the format data is almost guaranteed to be bogus.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::EntryLocation::EntryLocation):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculationCheck::SpeculationCheck):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+
+2011-08-01 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION(r92092): Build fails on 64 bit
+ https://bugs.webkit.org/show_bug.cgi?id=65458
+
+ Reviewed by Oliver Hunt.
+
+ The build was broken because some compilers were smart enough to see
+ an array index out of bounds due to the decision fuction for when to
+ go from precise size classes to imprecise size classes being broken:
+ it would assume that sizes in the range 97..128 belonged to a precise
+ size class when in fact they belonged to an imprecise one.
+
+ In fact, the code would have run correctly, by way of a fluke, because
+ though the 4th precise size class (for 97..128) didn't exist, the next
+ array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
+ its first entry would have been a size class that is appropriate for
+ allocations in the range 97..128. However, this relies on specific
+ ordering of fields in NewSpace, so it's still a bug.
+
+ This fixes the bug by ensuring that allocations larger than 96 use
+ the imprecise size classes.
+
+ * heap/NewSpace.h:
+ (JSC::NewSpace::sizeClassFor):
+
+2011-07-31 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64679
+ Fix bugs in Array.prototype this handling.
+
+ Unreviewed - rolling out r91290.
+
+ Looks like the wild wild web isn't ready for this yet.
+
+ This change broke http://slides.html5rocks.com/#landing-slide.
+ Interestingly, this might only be due to our lack of bind support -
+ it looks like this site is calling Array.prototype.slice as a part
+ of its bind implementation.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+
+2011-07-31 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC lays out size classes under wrong assumptions about expected
+ object size.
+ https://bugs.webkit.org/show_bug.cgi?id=65437
+
+ Reviewed by Oliver Hunt.
+
+ Changed the atom size - which is both the smallest allocation size and
+ the smallest possible stepping unit for size class spacing - from
+ 8 bytes to 4 pointer-size words. This is a 1% win on SunSpider.
+
+ * heap/MarkedBlock.h:
+
+2011-07-31 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT does not optimize PutByVal
+ https://bugs.webkit.org/show_bug.cgi?id=65424
+
+ Reviewed by Gavin Barraclough.
+
+ Added code to emit PutByVal inline fast path.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+
+2011-07-31 Filip Pizlo <fpizlo@apple.com>
+
+ The JSC garbage collector returns memory to the operating system too
+ eagerly.
+ https://bugs.webkit.org/show_bug.cgi?id=65382
+
+ Reviewed by Oliver Hunt.
+
+ This introduces a memory reuse model similar to the one in FastMalloc.
+ A periodic scavenger thread runs in the background and returns half the
+ free memory to the OS on each timer fire. New block allocations first
+ attempt to get the memory from the collector's internal pool, reverting
+ to OS allocation only when this pool is empty.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::~Heap):
+ (JSC::Heap::destroy):
+ (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
+ (JSC::Heap::waitForRelativeTime):
+ (JSC::Heap::blockFreeingThreadStartFunc):
+ (JSC::Heap::blockFreeingThreadMain):
+ (JSC::Heap::allocateBlock):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::releaseFreeBlocks):
+ * heap/Heap.h:
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::destroy):
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::initForCellSize):
+ (JSC::MarkedBlock::reset):
+ * heap/MarkedBlock.h:
+ * wtf/Platform.h:
+
+2011-07-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT speculation failure pass sometimes forgets to emit code to
+ move certain registers.
+ https://bugs.webkit.org/show_bug.cgi?id=65421
+
+ Reviewed by Oliver Hunt.
+
+ Restructured the offending loops (for gprs and fprs). It's once again
+ possible to use spreadsheets on docs.google.com.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+
+2011-07-30 Patrick Gansterer <paroga@webkit.org>
+
+ Remove inclusion of MainThread.h from Threading.h
+ https://bugs.webkit.org/show_bug.cgi?id=65081
+
+ Reviewed by Darin Adler.
+
+ Add missing and remove unneeded include statements for MainThread.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ * wtf/Threading.h:
+ * wtf/ThreadingPthreads.cpp:
+ * wtf/text/StringStatics.cpp:
+
+2011-07-30 Oliver Hunt <oliver@apple.com>
+
+ Reduce the size of JSGlobalObject slightly
+ https://bugs.webkit.org/show_bug.cgi?id=65417
+
+ Reviewed by Dan Bernstein.
+
+ Push a few members that either aren't commonly used,
+ or aren't frequently accessed into a separate struct.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
+ (JSC::JSGlobalObject::createRareDataIfNeeded):
+ (JSC::JSGlobalObject::setProfileGroup):
+ (JSC::JSGlobalObject::profileGroup):
+ (JSC::JSGlobalObject::registerWeakMap):
+ (JSC::JSGlobalObject::deregisterWeakMap):
+
+2011-07-30 Balazs Kelemen <kbalazs@webkit.org>
+
+ MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
+ https://bugs.webkit.org/show_bug.cgi?id=65263
+
+ Reviewed by Dmitry Titov.
+
+ * wtf/Deque.h:
+ (WTF::::operator): Don't check the validity of an iterator
+ that will be reassigned right now.
+ * wtf/MessageQueue.h:
+ (WTF::::removeIf): Revert r51198 as I beleave this is the better
+ solution for the problem that was solved by that.
+
+2011-07-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC zombie support no longer works, and is likely no longer needed.
+ https://bugs.webkit.org/show_bug.cgi?id=65404
+
+ Reviewed by Darin Adler.
+
+ This removes zombies, because they no longer work, are not tested, are
+ probably not needed, and are getting in the way of GC optimization
+ work.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Handle.h:
+ (JSC::HandleConverter::operator->):
+ (JSC::HandleConverter::operator*):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::isValidWeakNode):
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::collect):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::sweep):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::clearMarks):
+ * interpreter/Register.h:
+ (JSC::Register::Register):
+ (JSC::Register::operator=):
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::append):
+ (JSC::ArgList::ArgList):
+ * runtime/JSCell.cpp:
+ (JSC::isZombie):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ * runtime/JSGlobalData.h:
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::JSValue):
+ * runtime/JSZombie.cpp: Removed.
+ * runtime/JSZombie.h: Removed.
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::setEarlyValue):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+ * wtf/Platform.h:
+
+2011-07-29 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT verbose mode provides no details about predictions
+ https://bugs.webkit.org/show_bug.cgi?id=65389
+
+ Reviewed by Darin Adler.
+
+ Added a print-out of the predictions to the IR dump, with names as follows:
+ "p-bottom" = the parser made no predictions
+ "p-int32" = the parser predicted int32
+ ... (same for array, cell, double, number)
+ "p-top" = the parser made conflicting predictions which will be ignored.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::predictionToString):
+
+2011-07-29 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not have any way of undoing double speculation.
+ https://bugs.webkit.org/show_bug.cgi?id=65334
+
+ Reviewed by Gavin Barraclough.
+
+ This adds code to do a branchConvertDoubleToInt on specualtion failure.
+ This is performance-neutral on most benchmarks but does result in
+ a slight improvement in Kraken.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::GeneralizedRegister::moveTo):
+ (JSC::DFG::GeneralizedRegister::swapWith):
+ (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
+ (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+
+2011-07-29 Filip Pizlo <fpizlo@apple.com>
+
+ Crash when opening docs.google.com
+ https://bugs.webkit.org/show_bug.cgi?id=65327
+
+ Reviewed by Gavin Barraclough.
+
+ The speculative JIT was only checking whether a value is an array when
+ we had already checked that it was, rather then when we hadn't.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-28 Oliver Hunt <oliver@apple.com>
+
+ *_list instructions are only used in one place, where the code is wrong.
+ https://bugs.webkit.org/show_bug.cgi?id=65348
+
+ Reviewed by Darin Adler.
+
+ Simply remove the instructions and all users. Speeds up the interpreter
+ slightly due to code motion, but otherwise has no effect (because none
+ of the _list instructions are ever used).
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::isPropertyAccess):
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::visitStructures):
+ * bytecode/Instruction.h:
+ * bytecode/Opcode.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+
+2011-07-28 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65325
+ Performance tweak to parseInt
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncParseInt):
+ - This change may an existing optimization redundant,
+ cleanup from Darin's comments, plus fix existing bugs.
+
+2011-07-28 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65325
+ Performance tweak to parseInt
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncParseInt):
+ - parseInt applied to small positive numbers = floor.
+
+2011-07-28 Dan Bernstein <mitz@apple.com>
+
+ Build fix.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+
+2011-07-28 Kent Tamura <tkent@chromium.org>
+
+ Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
+ https://bugs.webkit.org/show_bug.cgi?id=65300
+
+ Reviewed by Darin Adler.
+
+ r91837 had performance regression of StringImpl::stripWhiteSpace()
+ and simplifyWhiteSpace(). This changes the code so that compilers
+ generates code equivalent to r91836 or piror.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::stripMatchedCharacters):
+ A template member function for stripWhiteSpace(). This function takes a functor.
+ (WTF::UCharPredicate):
+ A functor for generic predicate for single UChar argument.
+ (WTF::SpaceOrNewlinePredicate):
+ A special functor for isSpaceOrNewline().
+ (WTF::StringImpl::stripWhiteSpace):
+ Use stripmatchedCharacters().
+ (WTF::StringImpl::simplifyMatchedCharactersToSpace):
+ A template member function for simplifyWhiteSpace().
+ (WTF::StringImpl::simplifyWhiteSpace):
+ Use simplifyMatchedCharactersToSpace().
+ * wtf/text/StringImpl.h:
+
+2011-07-27 Dmitry Lomov <dslomov@google.com>
+
+ [chromium] Turn on WTF_MULTIPLE_THREADS.
+ https://bugs.webkit.org/show_bug.cgi?id=61017
+ The patch turns on WTF_MULTIPLE_THREADS in chromium and
+ pushes some relevant initializations from JSC::initializeThreading
+ to WTF::initializeThreading.
+
+ Reviewed by David Levin.
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * wtf/FastMalloc.cpp:
+ (WTF::isForbidden):
+ (WTF::fastMallocForbid):
+ (WTF::fastMallocAllow):
+ * wtf/Platform.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+ * wtf/ThreadingWin.cpp:
+ (WTF::initializeThreading):
+ * wtf/gtk/ThreadingGtk.cpp:
+ (WTF::initializeThreading):
+ * wtf/qt/ThreadingQt.cpp:
+ (WTF::initializeThreading):
+
+2011-07-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove operator new from JSCell
+ https://bugs.webkit.org/show_bug.cgi?id=64999
+
+ Reviewed by Oliver Hunt.
+
+ Removed the implementation of operator new in JSCell, so any further uses
+ will not successfully link. Also removed any remaining uses of operator new.
+
+ * API/JSContextRef.cpp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::createExceptionScope):
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::create):
+
+2011-07-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG graph has no notion of double prediction.
+ https://bugs.webkit.org/show_bug.cgi?id=65234
+
+ Reviewed by Gavin Barraclough.
+
+ Added the notion of PredictDouble, and PredictNumber, which is the least
+ upper bound of PredictInt32 and PredictDouble. Least upper bound is
+ defined as the bitwise-or of two predictions. Bottom is defined as 0,
+ and Top is defined as all bits being set. Added the ability to explicitly
+ distinguish between a node having had a prediction associated with it,
+ and that prediction still being valid (i.e. no conflicting predictions
+ have also been added). Used this to guard the speculative JIT from
+ speculating Int32 in cases where the graph knows that the value is
+ double, which currently only happens for GetLocal nodes on arguments
+ which were double at compile-time.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::isCellPrediction):
+ (JSC::DFG::isArrayPrediction):
+ (JSC::DFG::isInt32Prediction):
+ (JSC::DFG::isDoublePrediction):
+ (JSC::DFG::isNumberPrediction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
+
+2011-07-27 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65294
+ DFG JIT - may speculate based on wrong arguments.
+
+ Reviewed by Oliver Hunt
+
+ In the case of a DFG compiled function calling to and compiling a second function that
+ also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
+ we call compileFor passing the caller functions exec state, rather than the callee's.
+ This may lead to mis-optimization, since the DFG compiler will example the exec state's
+ arguments on the assumption that these will be passed to the callee - it is wanting the
+ callee exec state, not the caller's exec state.
+
+ Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
+ function is compiled, & the structure of the calls in the Interpreter::execute methods.
+ Only fix for compilation from the JIT, in other calls don't speculate based on arguments
+ for now.
+
+ * dfg/DFGOperations.cpp:
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+ (JSC::tryDFGCompileFunction):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileFor):
+
+2011-07-27 Oliver Hunt <oliver@apple.com>
+
+ Handle callback oriented JSONP
+ https://bugs.webkit.org/show_bug.cgi?id=65271
+
+ Reviewed by Gavin Barraclough.
+
+ Handle the callback oriented versions of JSONP. The Literal parser
+ now handles <Identifier> (. <Identifier>)* (jsonData).
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+ (JSC::LiteralParser::Lexer::lex):
+ * runtime/LiteralParser.h:
+
+2011-07-27 Stephanie Lewis <slewis@apple.com>
+
+ Revert http://trac.webkit.org/changeset/90415.
+ Caused a 5% sunspider regression in-browser.
+
+ Unreviewed rollout.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::MarkStack):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::releaseExecutableMemory):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::compile):
+ (JSC::RegExp::invalidateCode):
+ * runtime/RegExp.h:
+
+2011-07-27 Shinya Kawanaka <shinyak@google.com>
+
+ Added an interface to take IsWhiteSpaceFunctionPtr.
+ https://bugs.webkit.org/show_bug.cgi?id=57746
+
+ Reviewed by Kent Tamura.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::stripWhiteSpace):
+ Added an interface to take IsWhiteSpaceFunctionPtr.
+ (WTF::StringImpl::simplifyWhiteSpace): ditto.
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.cpp:
+ (WTF::String::stripWhiteSpace): ditto.
+ (WTF::String::simplifyWhiteSpace): ditto.
+ * wtf/text/WTFString.h:
+
+2011-07-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT speculation failure code performs incorrect conversions in
+ the case where two registers need to be swapped.
+ https://bugs.webkit.org/show_bug.cgi?id=65233
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::GeneralizedRegister::swapWith):
+
+2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ reduce and reduceRight bind callback's this to null rather than undefined
+ https://bugs.webkit.org/show_bug.cgi?id=62264
+
+ Reviewed by Oliver Hunt.
+
+ Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
+ when calling the callback function without an argument for this, which means it should
+ be undefined according to ES 15.4.4.21 and 15.4.4.22.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+
+2011-07-26 Filip Pizlo <fpizlo@apple.com>
+
+ JSC command-line tool does not come with any facility for
+ measuring time precisely.
+ https://bugs.webkit.org/show_bug.cgi?id=65223
+
+ Reviewed by Gavin Barraclough.
+
+ Exposed WTF::currentTime() as currentTimePrecise().
+
+ * jsc.cpp:
+ (GlobalObject::GlobalObject):
+ (functionPreciseTime):
+
+2011-07-26 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT never emits inline double comparisons, even when it
+ would be obvious more efficient to do so.
+ https://bugs.webkit.org/show_bug.cgi?id=65212
+
+ Reviewed by Gavin Barraclough.
+
+ This handles the obvious case of inlining double comparisons: it only addresses
+ the speculative JIT, and only for fused compare/branch sequences. But it does
+ handle the case where both operands are double (and there is no slow path),
+ or where one operand is double and the other is unknown type (in which case it
+ attempts to unbox the double, otherwise taking slow path). This is an 0.8%
+ speed-up on SunSpider.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+
+2011-07-26 Filip Pizlo <fpizlo@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64969
+ DFG JIT generates inefficient code for speculation failures.
+
+ Reviewed by Gavin Barraclough.
+
+ This implements a speculation failure strategy where (1) values spilled on
+ non-speculative but not spilled on speculative are spilled, (2) values that
+ are in registers on both paths are rearranged without ever touching memory,
+ and (3) values spilled on speculative but not spilled on non-speculative are
+ filled.
+
+ The register shuffling is the most interesting part of this patch. It
+ constructs a permutation graph for registers. Each node represents a
+ register, and each directed edge corresponds to the register's value having
+ to be moved to a different register as part of the shuffling. This is a
+ directed graph where each node may only have 0 or 1 incoming edges, and
+ 0 or 1 outgoing edges. The algorithm then first finds maximal non-cyclic
+ subgraphs where all nodes in the subgraph are reachable from a start node.
+ Such subgraphs always resemble linked lists, and correspond to simply
+ moving the value in the second-to-last register into the last register, and
+ then moving the value in the third-to-last register into the second-to-last
+ register, and so on. Once these subgraphs are taken care of, the remaining
+ subgraphs are cycles, and are handled using either (a) conversion or no-op
+ if the cycle involves one node, (b) swap if it involves two nodes, or (c)
+ a cyclic shuffle involving a scratch register if there are three or more
+ nodes.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::needDataFormatConversion):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
+ (JSC::DFG::GeneralizedRegister::createGPR):
+ (JSC::DFG::GeneralizedRegister::createFPR):
+ (JSC::DFG::GeneralizedRegister::dump):
+ (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
+ (JSC::DFG::GeneralizedRegister::findInEntryLocation):
+ (JSC::DFG::GeneralizedRegister::previousDataFormat):
+ (JSC::DFG::GeneralizedRegister::nextDataFormat):
+ (JSC::DFG::GeneralizedRegister::convert):
+ (JSC::DFG::GeneralizedRegister::moveTo):
+ (JSC::DFG::GeneralizedRegister::swapWith):
+ (JSC::DFG::ShuffledRegister::ShuffledRegister):
+ (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
+ (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
+ (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
+ (JSC::DFG::ShuffledRegister::lookup):
+ (JSC::DFG::lookupForRegister):
+ (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
+ (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
+ (JSC::DFG::NodeToRegisterMap::set):
+ (JSC::DFG::NodeToRegisterMap::end):
+ (JSC::DFG::NodeToRegisterMap::find):
+ (JSC::DFG::NodeToRegisterMap::clear):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::linkSpeculationChecks):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::EntryLocation::EntryLocation):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculationCheck::SpeculationCheck):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-07-26 Oliver Hunt <oliver@apple.com>
+
+ Buffer overflow creating error messages for JSON.parse
+ https://bugs.webkit.org/show_bug.cgi?id=65211
+
+ Reviewed by Darin Adler.
+
+ Parse string length to the UString constructor.
+
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::parse):
+
+2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Refactor automatically generated JS DOM bindings to replace operator new with static create methods
+ https://bugs.webkit.org/show_bug.cgi?id=64732
+
+ Reviewed by Oliver Hunt.
+
+ Replacing the public constructors in the automatically generated JS DOM bindings with static
+ create methods. JSByteArray is used by several of these bindings in WebCore.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::create):
+ * runtime/JSByteArray.h:
+
+2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
+
+ Unreviewed build fix for Qt/Linux.
+
+ On platforms with no glib and gstreamer we should not build javascriptcore
+ with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
+
+ * wtf/wtf.pri:
+
+2011-07-26 Juan C. Montemayor <jmont@apple.com>
+
+ JSON errors should be informative
+ https://bugs.webkit.org/show_bug.cgi?id=63339
+
+ Added error messages to the JSON Parser.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::getErrorMessage):
+ (JSC::LiteralParser::Lexer::sawError):
+ (JSC::LiteralParser::Lexer::getErrorMessage):
+
+2011-07-26 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r91746.
+ http://trac.webkit.org/changeset/91746
+ https://bugs.webkit.org/show_bug.cgi?id=65180
+
+ It broke SL build (Requested by Ossy on #webkit).
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::stripWhiteSpace):
+ (WTF::StringImpl::simplifyWhiteSpace):
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.cpp:
+ * wtf/text/WTFString.h:
+
+2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
+ https://bugs.webkit.org/show_bug.cgi?id=63472
+
+ Enable the bits needed for GStreamer only when QtMultimedia is not used.
+
+ * wtf/wtf.pri:
+
+2011-07-26 Shinya Kawanaka <shinyak@google.com>
+
+ Added an interface to take IsWhiteSpaceFunctionPtr.
+ https://bugs.webkit.org/show_bug.cgi?id=57746
+
+ Reviewed by Kent Tamura.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::stripWhiteSpace):
+ Added an interface to take IsWhiteSpaceFunctionPtr.
+ (WTF::StringImpl::simplifyWhiteSpace): ditto.
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.cpp:
+ (WTF::String::stripWhiteSpace): ditto.
+ (WTF::String::simplifyWhiteSpace): ditto.
+ * wtf/text/WTFString.h:
+
+2011-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT emits inefficient code for arithmetic
+ involving two registers
+ https://bugs.webkit.org/show_bug.cgi?id=65160
+
+ Reviewed by Gavin Barraclough.
+
+ The non-speculative JIT now emits inline code for double arithmetic, but
+ still attempts integer arithmetic first. This is a speed-up on SunSpider
+ (albeit a small one), and a large speed-up on Kraken.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+
+2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [EFL] Build break with --debug after r89153.
+ https://bugs.webkit.org/show_bug.cgi?id=65150
+
+ Unreviewed build fix.
+
+ * wtf/CMakeListsEfl.txt: Add missing libraries.
+
+2011-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT emits obviously inefficient code for arithmetic
+ where one operand is a constant.
+ https://bugs.webkit.org/show_bug.cgi?id=65146
+
+ Reviewed by Gavin Barraclough.
+
+ Changed the code to emit double arithmetic inline.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+
+2011-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT bytecode parser misuses pointers into objects allocated as part of a
+ WTF::Vector.
+ https://bugs.webkit.org/show_bug.cgi?id=65128
+
+ Reviewed by Gavin Barraclough.
+
+ The bytecode parser code seems to be right to have a DFGNode& phiNode reference
+ into the graph, since this makes the code greatly more readable. This patch
+ thus makes the minimal change necessary to make the code right: it uses a
+ pointer (to disambiguate between reloading the pointer and performing a
+ copy from one location of the vector to another) and reloads it after the
+ calls to addToGraph().
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+
+2011-07-25 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r91686.
+ http://trac.webkit.org/changeset/91686
+ https://bugs.webkit.org/show_bug.cgi?id=65144
+
+ 1.5% regression in JSC (Requested by jmontemayor on #webkit).
+
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+
+2011-07-25 Jon Lee <jonlee@apple.com>
+
+ Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
+ https://bugs.webkit.org/show_bug.cgi?id=65132
+ <rdar://problem/9836297>
+
+ Reviewed by Oliver Hunt.
+
+ Make sure the JIT is available to use before running the following calls:
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
+
+2011-07-25 Juan C. Montemayor <jmont@apple.com>
+
+ JSON errors should be informative
+ https://bugs.webkit.org/show_bug.cgi?id=63339
+
+ Added error messages to the JSON Parser.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::getErrorMessage):
+ (JSC::LiteralParser::Lexer::sawError):
+ (JSC::LiteralParser::Lexer::getErrorMessage):
+
+2011-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ X86-64 assembler emits three instructions instead of two for certain
+ loads and stores.
+ https://bugs.webkit.org/show_bug.cgi?id=65095
+
+ Reviewed by Gavin Barraclough.
+
+ Simply made these four methods in the assembler use the scratch register,
+ which they were previously avoiding. It still optimizes for the case where
+ an absolute address memory accesses is using EAX. This results in a slight
+ performance improvement.
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::load32):
+ (JSC::MacroAssemblerX86_64::store32):
+ (JSC::MacroAssemblerX86_64::loadPtr):
+ (JSC::MacroAssemblerX86_64::storePtr):
+
+2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
+ https://bugs.webkit.org/show_bug.cgi?id=64354
+
+ Use ecore_time_unix_get which returns unix time as double type for currentTime
+ and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
+
+ Reviewed by Kent Tamura.
+
+ * wtf/CurrentTime.cpp:
+ (WTF::currentTime):
+ (WTF::monotonicallyIncreasingTime):
+
+2011-07-22 Sommer Panage <panage@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
+ https://bugs.webkit.org/show_bug.cgi?id=64981
+
+ UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
+ Currently, the C API does not provide the tools to do this. However, the private API
+ does expose the necessary functionality to get a backtrace
+ (via Interpreter::retrieveLastCaller). We recognize this information may result in
+ failure in the cases of programs run by 'eval', stack frames beneath host function
+ call frames, and in programs run from other programs. Thus, we propose exporting our
+ JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
+ we need while not advertising an API that isn't really ready for full use.
+
+ * API/JSContextRef.cpp:
+ * API/JSContextRefPrivate.h:
+ * JavaScriptCore.exp:
+
+
+2011-07-22 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65051
+ DFG JIT - Enable by default for mac platform on x86-64.
+
+ Rubber Stamped by Geoff Garen.
+
+ This is now a performance progression.
+
+ * wtf/Platform.h:
+ - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
+
+2011-07-22 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65047
+ DFG JIT - Add support for op_resolve/op_resolve_base
+
+ Reviewed by Sam Weinig.
+
+ These are necessary for any significant eval code coverage
+ (and as such increase LayoutTest coverage).
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordResolve):
+ - Conservatively blow aliasing optimizations for now.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ - Add support for op_resolve/op_resolve_base.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ - Add call with exec, identifer aguments.
+ * dfg/DFGNode.h:
+ - Add new node types.
+ (JSC::DFG::Node::hasIdentifier):
+ - Resolve nodes have identifiers, too!
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ - Add generation for new Nodes.
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - Added new operations.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Add generation for new Nodes.
+
+2011-07-22 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65036
+ Messing with the register allocation within flow control = badness.
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ - Fix register allocation.
+
+2011-07-22 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
+ https://bugs.webkit.org/show_bug.cgi?id=63986
+
+ Reviewed by Geoffrey Garen.
+
+ Changed the implementation of Date.prototype.toISOString() to use the extended year
+ format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
+
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToISOString):
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-07-21 Ryosuke Niwa <rniwa@webkit.org>
+
+ Build fix after r91555.
+
+ * JavaScriptCore.exp:
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=19271
+ eliminate PIC branches by changing NaN handling in JSValue::toNumber
+
+ Reviewed by Sam Weinig.
+
+ Moving the non-numeric cases out of line seems to be a consistent
+ win on SunSpider for me, to the order of about 0.5%.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toNumber):
+ - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toNumberSlowCase):
+ - Added toNumberSlowCase, handling non-numeric cases.
+ * runtime/JSValue.h:
+ - Add declaration of toNumberSlowCase.
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64875
+ Use of `yield` keyword is broken
+
+ Reviewed by Sam Weinig.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ - The bug here is that a successful match of a RESERVED_IF_STRICT token from
+ parseKeyword is being nullified back to IDENT. The problem is that in the
+ case of IDENT matches parseKeyword should not move the lexer's input
+ position, but in the case of RESERVED_IF_STRICT it has done so.
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64900
+ Function.prototype.apply should accept an array-like object as its second argument
+
+ Reviewed by Sam Weinig.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncApply):
+ - Remove the type error if object is not an array.
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64964
+ DFG JIT - Enable support for eval code
+
+ Reviewed by Sam Weinig.
+
+ This is basically the same as program code, to the JIT!
+
+ * bytecode/Opcode.cpp:
+ * bytecode/Opcode.h:
+ - Enable opcodeNames in !NDEBUG builds.
+ * dfg/DFGOperations.cpp:
+ - Fix a bug exposed by eval support, throw correct type error for new.
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ - Enable DFG JIT for eval code.
+
+2011-07-20 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r91380.
+ http://trac.webkit.org/changeset/91380
+ https://bugs.webkit.org/show_bug.cgi?id=64924
+
+ Caused assertion failures in Chromium's IndexedDB tests
+ (Requested by rniwa on #webkit).
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::identifier):
+ (WTF::ThreadIdentifierData::initialize):
+ (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
+ (WTF::ThreadIdentifierData::initializeKeyOnce):
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+
+2011-07-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT does not use() the aliased GetByVal,
+ resulting in bloated use counts.
+ https://bugs.webkit.org/show_bug.cgi?id=64911
+
+ Reviewed by Gavin Barraclough.
+
+ Inserted a call to use() for the aliased GetByVal.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+
+2011-07-20 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64909
+ DFG JIT - Missing ToInt32 conversions for double constants.
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toInt32):
+ - We cannot trivially omit ToInt32 conversions on double constants.
+
+2011-07-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT sometimes claims to use compare operands twice, leading to
+ use count corruption.
+ https://bugs.webkit.org/show_bug.cgi?id=64903
+
+ Reviewed by Gavin Barraclough.
+
+ Move the calls to use() in SpeculativeJIT::compare() so that they only happen
+ if the JITCodeGenerator's helper method (which also calls use()) is not called.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+
+2011-07-20 Oliver Hunt <oliver@apple.com>
+
+ Don't throw away code when JSGarbageCollect API is called
+ https://bugs.webkit.org/show_bug.cgi?id=64894
+
+ Reviewed by Sam Weinig.
+
+ Just call collectAllGarbage. That will clean up all unneeded
+ code without causing any pathological recompilation problems.
+
+ * API/JSBase.cpp:
+ (JSGarbageCollect):
+
+2011-07-20 Oliver Hunt <oliver@apple.com>
+
+ Codeblock doesn't visit cached structures in global resolve instructions
+ https://bugs.webkit.org/show_bug.cgi?id=64889
+
+ Reviewed by Sam Weinig.
+
+ Visit the global resolve instructions. This fixes a couple
+ of random crashes seen in the jquery tests when using the
+ interpreter.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+
+2011-07-20 James Robinson <jamesr@chromium.org>
+
+ Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
+ https://bugs.webkit.org/show_bug.cgi?id=64841
+
+ Reviewed by Mark Rowe.
+
+ http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
+ monotonic clock instead of WTF::currentTime(). This broke many plugin tests on WebKit2 for reasons that are
+ unclear. This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
+
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::ThreadCondition::timedWait):
+ * wtf/ThreadingWin.cpp:
+ (WTF::absoluteTimeToWaitTimeoutInterval):
+ * wtf/gtk/ThreadingGtk.cpp:
+ (WTF::ThreadCondition::timedWait):
+ * wtf/qt/ThreadingQt.cpp:
+ (WTF::ThreadCondition::timedWait):
+
+2011-07-14 David Levin <levin@chromium.org>
+
+ currentThread is too slow!
+ https://bugs.webkit.org/show_bug.cgi?id=64577
+
+ Reviewed by Darin Adler and Dmitry Titov.
+
+ The problem is that currentThread results in a pthread_once call which always takes a lock.
+ With this change, currentThread is 10% faster than isMainThread in release mode and only
+ 5% slower than isMainThread in debug.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
+ which is no longer needed because this is called from initializeThreading().
+ (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
+ intialization of the pthread key should already be done.
+ (WTF::ThreadIdentifierData::initialize): Ditto.
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading): Acquire the pthread key here.
+
+2011-07-20 Mark Rowe <mrowe@apple.com>
+
+ Fix the 32-bit build.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncToString):
+
+2011-07-19 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64678
+ Fix bugs in Object.prototype this handling.
+
+ Reviewed by Darin Adler.
+
+ Fix ES5.1 correctness issues identified by Mads Ager.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncToString):
+ - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
+
+2011-07-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
+ https://bugs.webkit.org/show_bug.cgi?id=63918
+
+ Reviewed by Darin Adler.
+
+ When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
+ method due to additional string copying within several of the constructors when dealing with
+ UStrings. This has been added to the UString version of the appendStringInConstruct method
+ within the JSString class.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::appendStringInConstruct):
+
+2011-07-19 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64679
+ Fix bugs in Array.prototype this handling.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+ - These methods should throw if this value is undefined.
+
+2011-07-19 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64677
+ Fix bugs in String.prototype this handling.
+
+ Reviewed by Oliver Hunt.
+
+ undefined/null this values should throw TypeErrors, not convert to
+ the global object, and primitive values should not be converted via
+ object types.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace):
+ (JSC::stringProtoFuncCharAt):
+ (JSC::stringProtoFuncCharCodeAt):
+ (JSC::stringProtoFuncIndexOf):
+ (JSC::stringProtoFuncLastIndexOf):
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ (JSC::stringProtoFuncSlice):
+ (JSC::stringProtoFuncSplit):
+ (JSC::stringProtoFuncSubstr):
+ (JSC::stringProtoFuncSubstring):
+ (JSC::stringProtoFuncToLowerCase):
+ (JSC::stringProtoFuncToUpperCase):
+ (JSC::stringProtoFuncLocaleCompare):
+ (JSC::stringProtoFuncBig):
+ (JSC::stringProtoFuncSmall):
+ (JSC::stringProtoFuncBlink):
+ (JSC::stringProtoFuncBold):
+ (JSC::stringProtoFuncFixed):
+ (JSC::stringProtoFuncItalics):
+ (JSC::stringProtoFuncStrike):
+ (JSC::stringProtoFuncSub):
+ (JSC::stringProtoFuncSup):
+ (JSC::stringProtoFuncFontcolor):
+ (JSC::stringProtoFuncFontsize):
+ (JSC::stringProtoFuncAnchor):
+ (JSC::stringProtoFuncLink):
+ (JSC::trimString):
+ - These methods should throw if this value is undefined,
+ convert ToString directly, not via ToObject.
+
+2011-07-19 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT sometimes emits spill code even when the respective values
+ are never needed.
+ https://bugs.webkit.org/show_bug.cgi?id=64774
+
+ Reviewed by Gavin Barraclough.
+
+ The main high-level change is that it is now easier to call use() on a
+ virtual register. JSValueOperand and its other-typed relatives now have
+ a handy use() method, and jsValueResult() and friends now make it easier to
+ pass UseChildrenCalledExplicitly.
+
+ The rest of this patch hoists the call to use() as high as possible for
+ all of those cases where either flushRegisters() or silentSpillAllRegisters()
+ may be called.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedGetMethod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::integerResult):
+ (JSC::DFG::JITCodeGenerator::jsValueResult):
+ (JSC::DFG::IntegerOperand::use):
+ (JSC::DFG::DoubleOperand::use):
+ (JSC::DFG::JSValueOperand::use):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculateStrictInt32Operand::use):
+ (JSC::DFG::SpeculateCellOperand::use):
+
+2011-07-19 Xan Lopez <xlopez@igalia.com>
+
+ ARMv7 backend broken, lacks 3 parameter rshift32 method
+ https://bugs.webkit.org/show_bug.cgi?id=64571
+
+ Reviewed by Zoltan Herczeg.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
+
+2011-07-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize strict equality as effectively as the old JIT does.
+ https://bugs.webkit.org/show_bug.cgi?id=64759
+
+ Reviewed by Gavin Barraclough.
+
+ This adds a more complete set of strict equality optimizations. If either
+ operand is known numeric, then the code reverts to the old style of optimizing
+ (first try integer comparison). Otherwise it uses the old JIT's trick of
+ first simultaneously checking if both operands are either numbers or cells;
+ if not then a fast path is taken.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-18 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64760
+ DFG JIT - Should be able to compile program code.
+
+ Reviewed by Geoff Garen.
+
+ Add support for op_end, hooks to compile program code in Executable.cpp.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ - Add support for op_end
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ - Added, separate out steps of compileFunction.
+ (JSC::DFG::JITCompiler::compile):
+ - Added, compile program code.
+ (JSC::DFG::JITCompiler::compileFunction):
+ - Sections separated out to helper functions.
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::JITCompiler):
+ - Added m_exceptionCheckCount.
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+ (JSC::tryDFGCompileFunction):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
+
+2011-07-18 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64678
+ Fix bugs in Object.prototype this handling.
+
+ Reviewed by Oliver Hunt.
+
+ undefined/null this values should throw TypeErrors, not convert to the global object,
+ also, to toLocaleString should be calling the ToObject & invoking the object's toString
+ function, even for values that are already strings.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncValueOf):
+ (JSC::objectProtoFuncHasOwnProperty):
+ (JSC::objectProtoFuncIsPrototypeOf):
+ (JSC::objectProtoFuncPropertyIsEnumerable):
+ (JSC::objectProtoFuncToLocaleString):
+ (JSC::objectProtoFuncToString):
+
+2011-07-18 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC lazy sweep does not inline the common cases of cell destruction.
+ https://bugs.webkit.org/show_bug.cgi?id=64745
+
+ Reviewed by Oliver Hunt.
+
+ This inlines the case of JSFinalObject destruction.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::lazySweep):
+
+2011-07-18 Oliver Hunt <oliver@apple.com>
+
+ Interpreter build-fix
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-07-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize equal-null comparisons and branches.
+ https://bugs.webkit.org/show_bug.cgi?id=64659
+
+ Reviewed by Gavin Barraclough.
+
+ Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
+ which is used by both the speculative and non-speculative JIT. Through
+ the use of the new isNullConstant helper, the two JITs invoke the
+ nonSpecualtiveCompareNull() helper instead of their regular comparison
+ helpers when compiling CompareEq. Through the use of the new isKnownCell
+ helper, the compare-null code will skip the is-a-cell check if the
+ speculative JIT had been speculating cell.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownCell):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::isNullConstant):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-18 James Robinson <jamesr@chromium.org>
+
+ Timer scheduling should be based off the monotonic clock
+ https://bugs.webkit.org/show_bug.cgi?id=64544
+
+ Reviewed by Darin Adler.
+
+ Switches ThreadCondition::timedWait and related utility functions from currentTime() to
+ monotonicallyIncreasingTime().
+
+ Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::ThreadCondition::timedWait):
+ * wtf/ThreadingWin.cpp:
+ (WTF::absoluteTimeToWaitTimeoutInterval):
+ * wtf/gtk/ThreadingGtk.cpp:
+ (WTF::ThreadCondition::timedWait):
+ * wtf/qt/ThreadingQt.cpp:
+ (WTF::ThreadCondition::timedWait):
+
+2011-07-18 Filip Pizlo <fpizlo@apple.com>
+
+ JSC JIT does not inline GC allocation fast paths
+ https://bugs.webkit.org/show_bug.cgi?id=64582
+
+ Reviewed by Oliver Hunt.
+
+ This addresses inlining allocation for the easiest-to-allocate cases:
+ op_new_object and op_create_this. Inlining GC allocation fast paths
+ required three changes. First, the JSGlobalData now saves the vtable
+ pointer of JSFinalObject, since that's what op_new_object and
+ op_create_this allocate. Second, the Heap exposes a reference to
+ the appropriate SizeClass, so that the JIT may inline accesses
+ directly to the SizeClass for JSFinalObject allocations. And third,
+ the JIT is extended with code to emit inline fast paths for GC
+ allocation. A stub call is emitted in the case where the inline fast
+ path fails.
+
+ * heap/Heap.h:
+ (JSC::Heap::sizeClassFor):
+ (JSC::Heap::allocate):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateJSFinalObject):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emitSlow_op_new_object):
+ (JSC::JIT::emit_op_create_this):
+ (JSC::JIT::emitSlow_op_create_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emitSlow_op_new_object):
+ (JSC::JIT::emit_op_create_this):
+ (JSC::JIT::emitSlow_op_create_this):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+ * runtime/JSGlobalData.h:
+ * runtime/JSObject.h:
+ (JSC::JSFinalObject::JSFinalObject):
+ (JSC::JSObject::offsetOfInheritorID):
+
+2011-07-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Refactor JSC to replace JSCell::operator new with static create method
+ https://bugs.webkit.org/show_bug.cgi?id=64466
+
+ Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
+
+ First step in a longer refactoring process to remove the use of
+ operator new overloading in order to allocate GC objects and to replace
+ this method with static create methods for each individual type of heap-allocated
+ JS object. This particular patch only deals with replacing uses of
+ operator new within JSC proper. Future patches will remove it from the
+ parts that interface with the DOM. Due to the DOM's continued dependence
+ on it, operator new has not actually been removed from JSCell.
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::create):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::operator new):
+ (JSC::JSCallbackObject::create):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::staticFunctionGetter):
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ * API/JSContextRef.cpp:
+ * API/JSObjectRef.cpp:
+ (JSObjectMake):
+ (JSObjectMakeFunctionWithCallback):
+ (JSObjectMakeConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::createActivation):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::makeFunction):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::RegExpNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveArguments):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (GlobalObject::create):
+ (GlobalObject::GlobalObject):
+ (functionRun):
+ (jscmain):
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ (JSC::Arguments::createNoParameters):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::constructArrayWithSizeQuirk):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::create):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSplice):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::constructBoolean):
+ (JSC::constructBooleanFromImmediateBoolean):
+ * runtime/BooleanConstructor.h:
+ (JSC::BooleanConstructor::create):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::create):
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::create):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::create):
+ * runtime/Error.cpp:
+ (JSC::createError):
+ (JSC::createEvalError):
+ (JSC::createRangeError):
+ (JSC::createReferenceError):
+ (JSC::createSyntaxError):
+ (JSC::createTypeError):
+ (JSC::createURIError):
+ (JSC::StrictModeTypeErrorFunction::create):
+ (JSC::createTypeErrorFunction):
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::create):
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ (JSC::ErrorInstance::create):
+ * runtime/ErrorInstance.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::InterruptedExecutionError::create):
+ (JSC::createInterruptedExecutionException):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ (JSC::TerminatedExecutionError::create):
+ (JSC::createTerminatedExecutionException):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+ (JSC::FunctionExecutable::fromGlobalCode):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::create):
+ (JSC::NativeExecutable::create):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+ (JSC::FunctionExecutable::make):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/FunctionConstructor.h:
+ (JSC::FunctionConstructor::create):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::addFunctionProperties):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::create):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::create):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::create):
+ (JSC::jsAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::argumentsGetter):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSCell.h:
+ (JSC::JSCell::allocateCell):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::create):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::constructEmptyArray):
+ (JSC::constructArray):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::create):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ (JSC::JSFinalObject::create):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSString.cpp:
+ (JSC::JSString::substringFromRope):
+ (JSC::JSString::replaceCharacter):
+ (JSC::StringObject::create):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::create):
+ (JSC::RopeBuilder::createHasOtherOwner):
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsNontrivialString):
+ (JSC::jsString):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toObjectSlowCase):
+ (JSC::JSValue::synthesizeObject):
+ (JSC::JSValue::synthesizePrototype):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::create):
+ * runtime/NativeErrorPrototype.h:
+ (JSC::NativeErrorPrototype::create):
+ * runtime/NumberConstructor.cpp:
+ (JSC::constructWithNumberConstructor):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::create):
+ * runtime/NumberObject.cpp:
+ (JSC::constructNumber):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::create):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::create):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::create):
+ * runtime/Operations.h:
+ (JSC::jsString):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::createWithoutCaching):
+ (JSC::RegExp::create):
+ * runtime/RegExp.h:
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::arrayOfMatches):
+ (JSC::constructRegExp):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::create):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncCompile):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::create):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::create):
+ (JSC::ScopeChainNode::push):
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::createEmptyString):
+ (JSC::SmallStrings::createSingleCharacterString):
+ * runtime/StringConstructor.cpp:
+ (JSC::constructWithStringConstructor):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::create):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::createStructure):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+
+2011-07-17 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
+ https://bugs.webkit.org/show_bug.cgi?id=64337
+
+ Replace ecore_timer_add to Ecore_Pipe.
+ This is needed because ecore_timer should not be called in a child thread,
+ but in the main thread.
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/efl/MainThreadEfl.cpp:
+ (WTF::pipeObject):
+ (WTF::monitorDispatchFunctions):
+ (WTF::initializeMainThreadPlatform):
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+
+2011-07-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
+ https://bugs.webkit.org/show_bug.cgi?id=64637
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGOperations.cpp:
+
+2011-07-16 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64657
+ Converted this value not preserved when accessed via direct eval.
+
+ Reviewed by Oliver Hunt.
+
+ Upon entry into a non-strict function, primitive this values should be boxed as Object types
+ (or substituted with the global object) - which is done by op_convert_this. However we only
+ do so where this is used lexically within the function (we omit the conversion op if not).
+ The problem comes if a direct eval (running within the function's scope) accesses the this
+ value.
+
+ We are safe in the case of a single eval, since the this object will be converted within
+ callEval, however the converted value is not preserved, and a new wrapper object is allocated
+ each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
+ object will be lost between eval statements.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ - If a function uses eval, we always need to convert this.
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ - Don't convert primitive values here - this is too late!
+ (JSC::Interpreter::privateExecute):
+ - Changed op_convert_this to call new isPrimitive method.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Changed op_convert_this to call new isPrimitive method.
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::isPrimitive):
+ - Added JSValue::isPrimitive.
+ * runtime/JSValue.h:
+ - Added JSValue::isPrimitive.
+
+2011-07-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT compare/branch code emits is-integer tests even when a value is
+ definitely not an integer.
+ https://bugs.webkit.org/show_bug.cgi?id=64654
+
+ Reviewed by Gavin Barraclough.
+
+ Added the isKnownNotInteger() method, which returns true if a node is
+ definitely not an integer and will always fail any is-integer test. Then
+ modified the compare and branch code to use this method; if it returns
+ true then is-int tests are omitted and the compiler always emits a slow
+ call.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+
+2011-07-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT has dead code for slow calls for branches.
+ https://bugs.webkit.org/show_bug.cgi?id=64653
+
+ Reviewed by Gavin Barraclough.
+
+ Removed SpeculativeJIT::compilePeepHoleCall.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-07-15 Mark Rowe <mrowe@apple.com>
+
+ Fix the build.
+
+ * dfg/DFGGraph.h:
+
+2011-07-15 Gavin Barraclough <barraclough@apple.com>
+
+ NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
+ https://bugs.webkit.org/show_bug.cgi?id=55346
+
+ Reviewed by Sam Weinig.
+
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ - Switch to putDirect since we're not the only ones tranitioning this Structure now.
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ * runtime/NativeErrorPrototype.h:
+ - Switch base class to ErrorPrototype.
+
+2011-07-15 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT - Where arguments passed are integers, speculate this.
+ https://bugs.webkit.org/show_bug.cgi?id=64630
+
+ Reviewed by Sam Weinig.
+
+ Presently the DFG JIT is overly aggressively predicting double.
+ Use a bit of dynamic information, and curtail this a little.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ - Check for integer arguments.
+ * dfg/DFGGraph.h:
+ - Function declaration.
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ - Add call to predictArgumentTypes.
+
+2011-07-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT is inconsistent about fusing branches and speculating
+ integer comparisons for branches.
+ https://bugs.webkit.org/show_bug.cgi?id=64573
+
+ Reviewed by Gavin Barraclough.
+
+ This patch moves some of NonSpeculativeJIT's functionality up into the
+ JITCodeGenerator superclass so that it can be used from both JITs. Now,
+ in cases where the speculative JIT doesn't want to speculate but still
+ wants to emit good code, it can reliably emit the same code sequence as
+ the non-speculative JIT. This patch also extends the non-speculative
+ JIT's compare optimizations to include compare/branch fusing, and
+ extends the speculative JIT's compare optimizations to cover StrictEqual.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNumeric):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ * wtf/Platform.h:
+
+2011-07-14 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64250
+ Global strict mode function leaking global object as "this".
+
+ Reviewed by Oliver Hunt.
+
+ The root problem here is that we pass the wrong values into
+ calls, and then try to fix them up in the callee. Correct
+ behaviour per the spec is to pass in the value undefined,
+ as this unless either (1) the function call is based on an
+ explicit property access or (2) the base of the call comes
+ directly from a 'with'.
+
+ This change does away with the need for this conversion of
+ objects (non strict code should only box primitives), and
+ does away with all this conversion for strict functions.
+
+ This patch may have web compatibility ramifications, and may
+ require some advocacy.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * bytecode/Opcode.h:
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::emitResolveWithThis):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * bytecompiler/BytecodeGenerator.h:
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::EvalFunctionCallNode::emitBytecode):
+ (JSC::FunctionCallResolveNode::emitBytecode):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Change NeedsThisConversion check to test for JSString's vptr
+ (objects no longer need conversion).
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::resolveThisAndProperty):
+ - Based on resolveBaseAndProperty, but produce correct this value.
+ (JSC::Interpreter::privateExecute):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * interpreter/Interpreter.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_resolve_with_this):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ (JSC::JIT::emit_op_convert_this):
+ (JSC::JIT::emitSlow_op_convert_this):
+ - Change NeedsThisConversion check to test for JSString's vptr
+ (objects no longer need conversion).
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve_with_this):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ (JSC::JIT::emit_op_convert_this):
+ (JSC::JIT::emitSlow_op_convert_this):
+ - Change NeedsThisConversion check to test for JSString's vptr
+ (objects no longer need conversion).
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * jit/JITStubs.h:
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * runtime/JSActivation.h:
+ - removed NeedsThisConversion flag, added IsEnvironmentRecord.
+ * runtime/JSStaticScopeObject.h:
+ - removed NeedsThisConversion flag, added IsEnvironmentRecord.
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ - removed NeedsThisConversion.
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::isEnvironmentRecord):
+ (JSC::TypeInfo::overridesHasInstance):
+ - removed NeedsThisConversion flag, added IsEnvironmentRecord.
+ * runtime/JSValue.h:
+ - removed NeedsThisConversion.
+ * runtime/JSVariableObject.h:
+ - Corrected StructureFlags inheritance.
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::createStructure):
+ - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
+ * runtime/Structure.h:
+ - removed NeedsThisConversion.
+ * tests/mozilla/ecma/String/15.5.4.6-2.js:
+ (getTestCases):
+ - Removed invalid test case.
+
+2011-07-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r91082, r91087, and r91089.
+ http://trac.webkit.org/changeset/91082
+ http://trac.webkit.org/changeset/91087
+ http://trac.webkit.org/changeset/91089
+ https://bugs.webkit.org/show_bug.cgi?id=64616
+
+ gtk tests are failing a lot after this change. (Requested by
+ dave_levin on #webkit).
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::identifier):
+ (WTF::ThreadIdentifierData::initialize):
+ (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
+ (WTF::ThreadIdentifierData::initializeKeyOnce):
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+
+2011-07-15 David Levin <levin@chromium.org>
+
+ Another attempted build fix.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
+ up the definition of PTHREAD_KEYS_MAX.
+
+2011-07-15 David Levin <levin@chromium.org>
+
+ Chromium build fix.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
+ up the definition of PTHREAD_KEYS_MAX.
+
+2011-07-14 David Levin <levin@chromium.org>
+
+ currentThread is too slow!
+ https://bugs.webkit.org/show_bug.cgi?id=64577
+
+ Reviewed by Darin Adler and Dmitry Titov.
+
+ The problem is that currentThread results in a pthread_once call which always takes a lock.
+ With this change, currentThread is 10% faster than isMainThread in release mode and only
+ 5% slower than isMainThread in debug.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
+ which is no longer needed because this is called from initializeThreading().
+ (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
+ intialization of the pthread key should already be done.
+ (WTF::ThreadIdentifierData::initialize): Ditto.
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading): Acquire the pthread key here.
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize Branch as well as it could.
+ https://bugs.webkit.org/show_bug.cgi?id=64574
+
+ Reviewed by Gavin Barraclough.
+
+ This creates a common code path for emitting unfused branches, which does
+ no speculation, and only performs a slow call if absolutely necessary.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ GC allocation fast path has too many operations.
+ https://bugs.webkit.org/show_bug.cgi?id=64493
+
+ Reviewed by Darin Adler.
+
+ Changed the timing of the lazy sweep so that it occurs when we land on
+ a previously-unsweeped block, rather than whenever we land on an unsweeped
+ cell. After the per-block lazy sweep occurs, the block is turned into a
+ singly linked list of free cells. The allocation fast path is now just a
+ load-branch-store to remove a cell from the head of the list.
+
+ Additionally, this changes the way new blocks are allocated. Previously,
+ they would be populated with dummy cells. With this patch, they are
+ turned into a free list, which means that there will never be destructor
+ calls for allocations in fresh blocks.
+
+ These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
+ SunSpider. There are no observed statistically significant slow-downs
+ on any individual benchmark.
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ (JSC::Heap::allocateSlowCase):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ * heap/Heap.h:
+ (JSC::Heap::forEachProtectedCell):
+ (JSC::Heap::forEachCell):
+ (JSC::Heap::forEachBlock):
+ (JSC::Heap::allocate):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::lazySweep):
+ (JSC::MarkedBlock::blessNewBlockForFastPath):
+ (JSC::MarkedBlock::blessNewBlockForSlowPath):
+ (JSC::MarkedBlock::canonicalizeBlock):
+ * heap/MarkedBlock.h:
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::addBlock):
+ (JSC::NewSpace::canonicalizeBlocks):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::allocate):
+ (JSC::NewSpace::SizeClass::SizeClass):
+ (JSC::NewSpace::SizeClass::canonicalizeBlock):
+ * heap/OldSpace.cpp:
+ (JSC::OldSpace::addBlock):
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT crashes on host constructor calls in debug mode.
+ https://bugs.webkit.org/show_bug.cgi?id=64562
+
+ Reviewed by Gavin Barraclough.
+
+ Fixed the relevant ASSERT.
+
+ * dfg/DFGOperations.cpp:
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT contains a FIXME for rewinding speculative code generation that
+ has already been fixed.
+ https://bugs.webkit.org/show_bug.cgi?id=64022
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+
+2011-07-14 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [EFL] Add OwnPtr specialization for Ecore_Pipe.
+ https://bugs.webkit.org/show_bug.cgi?id=64515
+
+ Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
+
+ Reviewed by Xan Lopez.
+
+ * wtf/OwnPtrCommon.h:
+ * wtf/efl/OwnPtrEfl.cpp:
+ (WTF::deleteOwnedPtr):
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT unnecessarily boxes and unboxes values during silent spilling.
+ https://bugs.webkit.org/show_bug.cgi?id=64068
+
+ Reviewed by Gavin Barraclough.
+
+ Silent spilling and filling of registers is done during slow-path C
+ function calls. The silent spill/fill logic does not affect register
+ allocation on paths that don't involve the C function call.
+
+ This changes the silent spilling code to spill in unboxed form. The
+ silent fill will refill in whatever form the register was spilled in.
+ For example, the silent spill code may choose not to spill the register
+ because it was already spilled previously, which would imply that it
+ was spilled in boxed form. The filling code detects this and either
+ unboxes, or not, depending on what is appropriate.
+
+ This change also results in a simplification of the silent spill/fill
+ API: silent spilling no longer needs to know about the set of registers
+ that cannot be trampled, since it never does boxing and hence does not
+ need a temporary register.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compare):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-13 Michael Saboff <msaboff@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64202
+ Enh: Improve handling of RegExp in the form of /.*blah.*/
+
+ Reviewed by Gavin Barraclough.
+
+ Added code to both the Yarr interpreter and JIT to handle
+ these expressions a little differently. First off, the terms
+ in between the leading and trailing .*'s cannot capture and
+ also this enhancement is limited to single alternative expressions.
+ If an expression is of the right form with the aforementioned
+ restrictions, we process the inner terms and then look for the
+ beginning of the string and end of the string. There is handling
+ for multiline expressions to allow the beginning and end to be
+ right after and right before newlines.
+
+ This enhancement speeds up expressions of this type 12x on
+ a MacBookPro.
+
+ Cleaned up 'case' statement indentation.
+
+ A new set of tests was added as LayoutTests/fast/regex/dotstar.html
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::InputStream::end):
+ (JSC::Yarr::Interpreter::matchDotStarEnclosure):
+ (JSC::Yarr::Interpreter::matchDisjunction):
+ (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+ * yarr/YarrInterpreter.h:
+ (JSC::Yarr::ByteTerm::DotStarEnclosure):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
+ (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
+ (JSC::Yarr::YarrGenerator::generateTerm):
+ (JSC::Yarr::YarrGenerator::backtrackTerm):
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
+ (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
+ (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
+ (JSC::Yarr::YarrPattern::compile):
+ * yarr/YarrPattern.h:
+ (JSC::Yarr::PatternTerm::PatternTerm):
+
+2011-07-13 Xan Lopez <xlopez@igalia.com>
+
+ [GTK] Fix distcheck
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am: add missing files.
+
+2011-07-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement prototype chain or list caching for get_by_id.
+ https://bugs.webkit.org/show_bug.cgi?id=64147
+
+ Reviewed by Gavin Barraclough.
+
+ This implements unified support for prototype caching, prototype chain
+ caching, and polymorphic (i.e. list) prototype and prototype chain
+ caching. This is done by creating common code for emitting prototype
+ or chain access stubs, and having it factored out into
+ generateProtoChainAccessStub(). This function is called by
+ tryCacheGetByID once the latter determines that some form of prototype
+ access caching is necessary (i.e. the slot being accessed is not on the
+ base value but on some other object).
+
+ Direct prototype list, and prototype chain list, caching is implemented by
+ linking the slow path to operationGetByIdProtoBuildList(), which uses the
+ same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
+
+ This change required ensuring that the value in the scratchGPR field in
+ StructureStubInfo is preserved even after the stub info is in the
+ chain, or proto_list, states. Hence scratchGPR was moved out of the union
+ and into the top-level of StructureStubInfo.
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::emitRestoreScratch):
+ (JSC::DFG::linkRestoreScratch):
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDProtoList):
+ (JSC::DFG::dfgBuildGetByIDProtoList):
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGRepatch.h:
+
+2011-07-12 Brent Fulgham <bfulgham@webkit.org>
+
+ Standardize WinCairo conditionalized code under PLATFORM macro.
+ https://bugs.webkit.org/show_bug.cgi?id=64377
+
+ Reviewed by Maciej Stachowiak.
+
+ * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
+
+2011-07-13 David Levin <levin@chromium.org>
+
+ Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
+ https://bugs.webkit.org/show_bug.cgi?id=64465
+
+ Reviewed by Dmitry Titov.
+
+ There isn't a good way to test this as it is very highly unlikely to occur.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
+ isn't thread-safe, change the initialization to be global.
+
+2011-07-12 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64424
+ Our direct eval behaviour deviates slightly from the spec.
+
+ Reviewed by Oliver Hunt.
+
+ The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
+ behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
+ or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
+ may be introduced into the caller's environment.
+
+ ES5 direct calls are any call where the callee function is provided by a reference, a base
+ of that Reference is an EnvironmentRecord (this corresponds to all productions
+ "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
+ of the reference is "eval". This means any expression of the form "eval(...)", and that
+ calls the standard built in eval method from on the Global Object, is considered to be
+ direct.
+
+ In JavaScriptCore we are currently overly restrictive. We also check that the
+ EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
+ at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
+ that hits a var eval in a nested scope is not considered to be direct. This behaviour does
+ not emanate from the spec, and is incorrect.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ - Fixed direct eval check in op_call_eval.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Fixed direct eval check in op_call_eval.
+ * runtime/Executable.h:
+ (JSC::isHostFunction):
+ - Added check for host function with specific NativeFunction.
+
+2011-07-13 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ Broken build on QNX
+ https://bugs.webkit.org/show_bug.cgi?id=63717
+
+ QNX doesn't support pthread's SA_RESTART (required by
+ JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
+ few minor compilation errors here and there.
+
+ Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
+ tested by him on QNX v6.5 (x86)
+
+ * wtf/DateMath.cpp: fix usage of abs/labs
+ * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
+ * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
+
+2011-07-12 Anders Carlsson <andersca@apple.com>
+
+ If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
+ https://bugs.webkit.org/show_bug.cgi?id=64429
+
+ Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
+
+ * wtf/NullPtr.h:
+
+2011-07-13 MORITA Hajime <morrita@google.com>
+
+ Refactoring: Ignored ExceptionCode value should be less annoying.
+ https://bugs.webkit.org/show_bug.cgi?id=63688
+
+ Added ASSERT_AT macro.
+
+ Reviewed by Darin Adler.
+
+ * wtf/Assertions.h:
+
+2011-07-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement op_construct.
+ https://bugs.webkit.org/show_bug.cgi?id=64066
+
+ Reviewed by Gavin Barraclough.
+
+ This is a fixed implementation of op_construct. Constructor calls are implemented
+ by reusing almost all of the code for Call, with care taken to make sure that
+ where the are differences (like selecting different code blocks), those differences
+ are respected. The two fixes over the last patch are: (1) make sure the
+ CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
+ make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
+ (either CodeForCall or CodeForConstruct) when invoking the compiler.
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordConstruct):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/CodeBlock.cpp:
+ (JSC::CodeBlock::unlinkCalls):
+
+2011-07-12 Oliver Hunt <oliver@apple.com>
+
+ Overzealous type validation in method_check
+ https://bugs.webkit.org/show_bug.cgi?id=64415
+
+ Reviewed by Gavin Barraclough.
+
+ method_check is essentially just a value look up
+ optimisation, but it internally stores the value
+ as a JSFunction, even though it never relies on
+ this fact. Under GC validation however we end up
+ trying to enforce that assumption. The fix is
+ simply to store the value as a correct supertype.
+
+ * bytecode/CodeBlock.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchGetMethodFast):
+ (JSC::DFG::tryCacheGetMethod):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2011-07-12 Filip Pizlo <fpizlo@apple.com>
+
+ COLLECT_ON_EVERY_ALLOCATION no longer works.
+ https://bugs.webkit.org/show_bug.cgi?id=64388
+
+ Reviewed by Oliver Hunt.
+
+ Added a flag to Heap that determines if it's safe to collect (which for now means that
+ JSGlobalObject has actually been initialized, but it should work for other things, too).
+ This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
+ GCing it just grows the heap, if necessary.
+
+ Then changed Heap::allocate() to not recurse ad infinitum when
+ COLLECT_ON_EVERY_ALLOCATION is set. This also makes the allocator generally more
+ resilient against bugs; this change allowed me to put in handy assertions, such as that
+ an allocation must succeed after either a collection or after a new block was added.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::tryAllocate):
+ (JSC::Heap::allocate):
+ (JSC::Heap::collectAllGarbage):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (JSC::Heap::notifyIsSafeToCollect):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+
+2011-07-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT put_by_id transition caching does not inform the GC about the structure and
+ prototype chain that it is referencing.
+ https://bugs.webkit.org/show_bug.cgi?id=64387
+
+ Reviewed by Gavin Barraclough.
+
+ Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID):
+
+2011-07-12 Adam Roben <aroben@apple.com>
+
+ Ensure no intermediate WTF::Strings are created when concatenating with string literals
+
+ Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
+ operator+ is suboptimal
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/StringConcatenate.h:
+ (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
+ many WTF::Strings get copied while evaluating an operator+ expression.
+
+ * wtf/text/StringOperators.h:
+ (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
+ side, since operator+ is left-associative. Having the StringAppend on the right-hand side
+ was causing us to make intermediate WTF::Strings when evaluating expressions that contained
+ multiple calls to operator+. Added some more overloads for that take a left-hand side of
+ const char* to resolve overload ambiguity for certain expressions. Added overloads that take
+ a left-hand side of const UChar* (matching the const char* overloads) so that wide string
+ literals don't first have to be converted to a WTF::String in operator+ expressions.
+
+2011-07-12 Adam Roben <aroben@apple.com>
+
+ Unreviewed, rolling out r90811.
+ http://trac.webkit.org/changeset/90811
+ https://bugs.webkit.org/show_bug.cgi?id=61025
+
+ Several svg tests failing assertions beneath
+ SVGSMILElement::findInstanceTime
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-07-12 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
+
+ Reviewed by Nikolas Zimmermann.
+
+ Speed up SVGSMILElement::findInstanceTime.
+ https://bugs.webkit.org/show_bug.cgi?id=61025
+
+ Add a new parameter to StdlibExtras.h::binarySerarch function
+ to also handle cases when the array does not contain the key value.
+ This is needed for an svg function.
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-07-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT does not guard itself against floating point speculation
+ failures on non-floating-point constants.
+ https://bugs.webkit.org/show_bug.cgi?id=64330
+
+ Reviewed by Gavin Barraclough.
+
+ Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
+ soon as it notices that it's speculating on something that is a non-numeric
+ JSConstant.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-07-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG Speculative JIT does not always insert speculation checks when speculating
+ arrays.
+ https://bugs.webkit.org/show_bug.cgi?id=64254
+
+ Reviewed by Gavin Barraclough.
+
+ Changed the SetLocal instruction to always validate that the value being stored
+ into the local variable is an array, if that variable was marked PredictArray.
+ This is necessary since uses of arrays assume that if a PredictArray value is
+ in a local variable then the speculation check validating that the value is an
+ array was already performed.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-11 Gabor Loki <loki@webkit.org>
+
+ Fix the condition of the optimized code in doubleTransfer
+ https://bugs.webkit.org/show_bug.cgi?id=64261
+
+ Reviewed by Zoltan Herczeg.
+
+ The condition of the optimized code in doubleTransfer is wrong. The
+ data transfer should be executed with four bytes aligned address.
+ VFP cannot perform unaligned memory access.
+
+ Reported by Jacob Bramley.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::doubleTransfer):
+
+2011-07-11 Gabor Loki <loki@webkit.org>
+
+ Signed arithmetic bug in dataTransfer32.
+ https://bugs.webkit.org/show_bug.cgi?id=64257
+
+ Reviewed by Zoltan Herczeg.
+
+ An arithmetic bug is fixed. If the offset of dataTransfer is half of the
+ addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
+ a load instruction is emitted with a wrong zero offset.
+
+ Inspired by Jacob Bramley's patch from JaegerMonkey.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::dataTransfer32):
+
+2011-07-09 Thouraya Andolsi <thouraya.andolsi@st.com>
+
+ Fix unaligned userspace access for SH4 platforms.
+ https://bugs.webkit.org/show_bug.cgi?id=62993
+
+ * wtf/Platform.h:
+
+2011-07-09 Chao-ying Fu <fu@mips.com>
+
+ Fix MIPS build due to readInt32 and readPointer
+ https://bugs.webkit.org/show_bug.cgi?id=63962
+
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::readInt32):
+ (JSC::MIPSAssembler::readPointer):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::rshift32):
+
+2011-07-08 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64181
+ REGRESSION (r90602): Gmail doesn't load
+
+ Rolling out r90601, r90602.
+
+ * dfg/DFGAliasTracker.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addVarArgChild):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::dfgLinkCall):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSObject.h:
+ (JSC::JSObject::isUsingInlineStorage):
+
+2011-07-08 Kalev Lember <kalev@smartlink.ee>
+
+ Reviewed by Adam Roben.
+
+ Add missing _WIN32_WINNT and WINVER definitions
+ https://bugs.webkit.org/show_bug.cgi?id=59702
+
+ Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
+ available for all source files.
+
+ In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
+ DeleteTimerQueueTimer which are both guarded by
+ #if (_WIN32_WINNT >= 0x0500)
+ in MinGW headers.
+
+ * config.h:
+ * wtf/Assertions.cpp:
+
+2011-07-08 Chang Shu <cshu@webkit.org>
+
+ Rename "makeSecure" to "fill" and remove the support for displaying last character
+ to avoid layering violatation.
+ https://bugs.webkit.org/show_bug.cgi?id=59114
+
+ Reviewed by Alexey Proskuryakov.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.order:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::fill):
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.h:
+ (WTF::String::fill):
+
+2011-07-08 Benjamin Poulain <benjamin@webkit.org>
+
+ [WK2] Do not forward touch events to the web process when it does not need them
+ https://bugs.webkit.org/show_bug.cgi?id=64164
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ Add a convenience function to obtain a reference to the last element of a Deque.
+
+ * wtf/Deque.h:
+ (WTF::Deque::last):
+
+2011-07-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement op_construct.
+ https://bugs.webkit.org/show_bug.cgi?id=64066
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordConstruct):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement get_by_id prototype caching.
+ https://bugs.webkit.org/show_bug.cgi?id=64077
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::emitRestoreScratch):
+ (JSC::DFG::linkRestoreScratch):
+ (JSC::DFG::tryCacheGetByID):
+ * runtime/JSObject.h:
+ (JSC::JSObject::addressOfPropertyAtOffset):
+
+2011-07-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT method_check implementation does not link to optimized get_by_id
+ slow path.
+ https://bugs.webkit.org/show_bug.cgi?id=64073
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchGetMethodFast):
+
+2011-07-07 Oliver Hunt <oliver@apple.com>
+
+ Encode jump and link sizes into the appropriate enums
+ https://bugs.webkit.org/show_bug.cgi?id=64123
+
+ Reviewed by Sam Weinig.
+
+ Finally kill off the out of line jump and link size arrays,
+ so we can avoid icky loads and constant fold the linking arithmetic.
+
+ * assembler/ARMv7Assembler.cpp:
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::jumpSizeDelta):
+ (JSC::ARMv7Assembler::computeJumpType):
+
+2011-07-06 Juan C. Montemayor <jmont@apple.com>
+
+ ASSERT_NOT_REACHED running test 262
+ https://bugs.webkit.org/show_bug.cgi?id=63951
+
+ Added a case to the switch statement where the code was failing. Fixed
+ some logic as well that gave faulty error messages.
+
+ Reviewed by Gavin Barraclough.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::getTokenName):
+ (JSC::JSParser::updateErrorMessageSpecialCase):
+ (JSC::JSParser::updateErrorMessage):
+
+2011-07-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT implementation of op_call results in regressions on sunspider
+ controlflow-recursive.
+ https://bugs.webkit.org/show_bug.cgi?id=64039
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isInteger):
+
+2011-07-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not support method_check
+ https://bugs.webkit.org/show_bug.cgi?id=63972
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/CodeLocation.h:
+ (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
+ (JSC::MethodCallLinkInfo::seenOnce):
+ (JSC::MethodCallLinkInfo::setSeen):
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordGetMethod):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedGetMethod):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addMethodGet):
+ (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchGetMethodFast):
+ (JSC::DFG::tryCacheGetMethod):
+ (JSC::DFG::dfgRepatchGetMethod):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITWriteBarrier.h:
+ (JSC::JITWriteBarrier::set):
+
+2011-07-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT op_call implementation will flush registers even when those registers are dead
+ https://bugs.webkit.org/show_bug.cgi?id=64023
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::integerResult):
+ (JSC::DFG::JITCodeGenerator::noResult):
+ (JSC::DFG::JITCodeGenerator::cellResult):
+ (JSC::DFG::JITCodeGenerator::jsValueResult):
+ (JSC::DFG::JITCodeGenerator::doubleResult):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT may crash when speculating int on a non-int JSConstant.
+ https://bugs.webkit.org/show_bug.cgi?id=64017
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-06 Dmitriy Vyukov <dvyukov@google.com>
+
+ Reviewed by David Levin.
+
+ Allow substitution of dynamic annotations and prevent identical code folding by the linker.
+ https://bugs.webkit.org/show_bug.cgi?id=62443
+
+ * wtf/DynamicAnnotations.cpp:
+ (WTFAnnotateBenignRaceSized):
+ (WTFAnnotateHappensBefore):
+ (WTFAnnotateHappensAfter):
+
+2011-07-06 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+
+ Calls on 32 bit machines are failed after r90423
+ https://bugs.webkit.org/show_bug.cgi?id=63980
+
+ Reviewed by Gavin Barraclough.
+
+ Copy the necessary lines from JITCall.cpp.
+
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+
+2011-07-05 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT virtual call implementation is inefficient.
+ https://bugs.webkit.org/show_bug.cgi?id=63974
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGOperations.cpp:
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
+ (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
+ (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
+ (JSC::ExecutableBase::hasJITCodeForCall):
+ (JSC::ExecutableBase::hasJITCodeForConstruct):
+ (JSC::ExecutableBase::hasJITCodeFor):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::scopeUnchecked):
+
+2011-07-05 Oliver Hunt <oliver@apple.com>
+
+ Force inlining of simple functions that show up as not being inlined
+ https://bugs.webkit.org/show_bug.cgi?id=63964
+
+ Reviewed by Gavin Barraclough.
+
+ Looking at profile data indicates the gcc is failing to inline a
+ number of trivial functions. This patch hits the ones that show
+ up in profiles with the ALWAYS_INLINE hammer.
+
+ We also replace the memcpy() call in linking with a manual loop.
+ Apparently memcpy() is almost never faster than an inlined loop.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::add):
+ (JSC::ARMv7Assembler::add_S):
+ (JSC::ARMv7Assembler::ARM_and):
+ (JSC::ARMv7Assembler::asr):
+ (JSC::ARMv7Assembler::b):
+ (JSC::ARMv7Assembler::blx):
+ (JSC::ARMv7Assembler::bx):
+ (JSC::ARMv7Assembler::clz):
+ (JSC::ARMv7Assembler::cmn):
+ (JSC::ARMv7Assembler::cmp):
+ (JSC::ARMv7Assembler::eor):
+ (JSC::ARMv7Assembler::it):
+ (JSC::ARMv7Assembler::ldr):
+ (JSC::ARMv7Assembler::ldrCompact):
+ (JSC::ARMv7Assembler::ldrh):
+ (JSC::ARMv7Assembler::ldrb):
+ (JSC::ARMv7Assembler::lsl):
+ (JSC::ARMv7Assembler::lsr):
+ (JSC::ARMv7Assembler::movT3):
+ (JSC::ARMv7Assembler::mov):
+ (JSC::ARMv7Assembler::movt):
+ (JSC::ARMv7Assembler::mvn):
+ (JSC::ARMv7Assembler::neg):
+ (JSC::ARMv7Assembler::orr):
+ (JSC::ARMv7Assembler::orr_S):
+ (JSC::ARMv7Assembler::ror):
+ (JSC::ARMv7Assembler::smull):
+ (JSC::ARMv7Assembler::str):
+ (JSC::ARMv7Assembler::sub):
+ (JSC::ARMv7Assembler::sub_S):
+ (JSC::ARMv7Assembler::tst):
+ (JSC::ARMv7Assembler::linkRecordSourceComparator):
+ (JSC::ARMv7Assembler::link):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::nearCall):
+ (JSC::MacroAssemblerARMv7::call):
+ (JSC::MacroAssemblerARMv7::ret):
+ (JSC::MacroAssemblerARMv7::moveWithPatch):
+ (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
+ (JSC::MacroAssemblerARMv7::storePtrWithPatch):
+ (JSC::MacroAssemblerARMv7::tailRecursiveCall):
+ (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
+ (JSC::MacroAssemblerARMv7::jump):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+
+2011-07-05 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+
+ Make "Add optimised paths for a few maths functions" work on Qt
+ https://bugs.webkit.org/show_bug.cgi?id=63893
+
+ Reviewed by Oliver Hunt.
+
+ Move the generated code to the .text section instead of .data section.
+ Fix alignment for the 32 bit thunk code.
+
+ * jit/ThunkGenerators.cpp:
+
+2011-07-05 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement op_call.
+ https://bugs.webkit.org/show_bug.cgi?id=63858
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::unlinkCalls):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setNumberOfCallLinkInfos):
+ (JSC::CodeBlock::numberOfCallLinkInfos):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::lookupGetByVal):
+ (JSC::DFG::AliasTracker::recordCall):
+ (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (JSC::DFG::ByteCodeParser::addVarArgChild):
+ (JSC::DFG::ByteCodeParser::predictInt32):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::opName):
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::refChildren):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::useChildren):
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::addressOfCallData):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::CallRecord::CallRecord):
+ (JSC::DFG::JITCompiler::notifyCall):
+ (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
+ (JSC::DFG::JITCompiler::addJSCall):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::child1):
+ (JSC::DFG::Node::child2):
+ (JSC::DFG::Node::child3):
+ (JSC::DFG::Node::firstChild):
+ (JSC::DFG::Node::numChildren):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compare):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkCall):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::calleeAsValue):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkCall):
+ (JSC::JIT::linkConstruct):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCode.h:
+ (JSC::JITCode::JITCode):
+ (JSC::JITCode::jitType):
+ (JSC::JITCode::HostFunction):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.h:
+
+2011-07-05 Oliver Hunt <oliver@apple.com>
+
+ Initialize new MarkStack member
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::MarkStack):
+
+2011-07-05 Oliver Hunt <oliver@apple.com>
+
+ Don't throw out compiled code repeatedly
+ https://bugs.webkit.org/show_bug.cgi?id=63960
+
+ Reviewed by Gavin Barraclough.
+
+ Stop throwing away all compiled code every time
+ we're told to do a full GC. Instead unlink all
+ callsites during such GC passes to maximise the
+ number of collectable functions, but otherwise
+ leave compiled functions alone.
+
+ * API/JSBase.cpp:
+ (JSGarbageCollect):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::shouldUnlinkCalls):
+ (JSC::MarkStack::setShouldUnlinkCalls):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::compile):
+ (JSC::RegExp::invalidateCode):
+ * runtime/RegExp.h:
+
+2011-07-05 Filip Pizlo <fpizlo@apple.com>
+
+ JSC JIT has code duplication for the handling of call and construct
+ https://bugs.webkit.org/show_bug.cgi?id=63957
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::linkFor):
+ * jit/JIT.h:
+ * jit/JITStubs.cpp:
+ (JSC::jitCompileFor):
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::arityCheckFor):
+ (JSC::lazyLinkFor):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::generatedJITCodeFor):
+ (JSC::FunctionExecutable::compileFor):
+ (JSC::FunctionExecutable::isGeneratedFor):
+ (JSC::FunctionExecutable::generatedBytecodeFor):
+ (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
+
+2011-07-05 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix following last patch.
+
+ * runtime/JSFunction.cpp:
+ (JSC::createPrototypeProperty):
+
+2011-07-05 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63947
+ ASSERT running Object.preventExtensions(Math.sin)
+
+ Reviewed by Oliver Hunt.
+
+ This is due to calling scope() on a hostFunction as a part of
+ calling createPrototypeProperty to reify the prototype property.
+ But host functions don't have a prototype property anyway!
+
+ Prevent callling createPrototypeProperty on a host function.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::createPrototypeProperty):
+ (JSC::JSFunction::preventExtensions):
+
+2011-07-04 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63880
+ Evaluation order of conversions of operands to >, >= incorrect.
+
+ Reviewed by Sam Weinig.
+
+ Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
+ spec. This allows these methods to be reused to perform >, >= relational compares
+ with correct ordering of type conversions.
+
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Operations.h:
+ (JSC::jsLess):
+ (JSC::jsLessEq):
+
+2011-07-04 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=16652
+ Firefox and JavaScriptCore differ in Number.toString(integer)
+
+ Our arbitrary radix (2..36) toString conversion is inaccurate.
+ This is partly because it uses doubles to perform math that requires
+ higher accuracy, and partly becasue it does not attempt to correctly
+ detect where to terminate, instead relying on a simple 'epsilon'.
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::decomposeDouble):
+ - helper function to extract sign, exponent, mantissa from IEEE doubles.
+ (JSC::Uint16WithFraction::Uint16WithFraction):
+ - helper class, u16int with infinite precision fraction, used to convert
+ the fractional part of the number to a string.
+ (JSC::Uint16WithFraction::operator*=):
+ - Multiply by a uint16.
+ (JSC::Uint16WithFraction::operator<):
+ - Compare two Uint16WithFractions.
+ (JSC::Uint16WithFraction::floorAndSubtract):
+ - Extract the integer portion of the number, and subtract it (clears the integer portion).
+ (JSC::Uint16WithFraction::comparePoint5):
+ - Compare to 0.5.
+ (JSC::Uint16WithFraction::sumGreaterThanOne):
+ - Passed a second Uint16WithFraction, returns true if the result of adding
+ the two values would be greater than one.
+ (JSC::Uint16WithFraction::isNormalized):
+ - Used by ASSERTs to consistency check internal representation.
+ (JSC::BigInteger::BigInteger):
+ - helper class, unbounded integer value, used to convert the integer part
+ of the number to a string.
+ (JSC::BigInteger::divide):
+ - Divide this value through by a uint32.
+ (JSC::BigInteger::operator!):
+ - test for zero.
+ (JSC::toStringWithRadix):
+ - Performs number to string conversion, with the given radix (2..36).
+ (JSC::numberProtoFuncToString):
+ - Changed to use toStringWithRadix.
+
+2011-07-04 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63881
+ Need separate bytecodes for handling >, >= comparisons.
+
+ Reviewed by Oliver Hunt.
+
+ This clears the way to fix Bug#63880. We currently handle greater-than comparisons
+ as being using the corresponding op_less, etc opcodes. This is incorrect with
+ respect to evaluation ordering of the implicit conversions performed on operands -
+ we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
+ but instead convert RHS then LHS.
+
+ This patch adds opcodes for greater-than comparisons mirroring existing ones used
+ for less-than.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitJumpIfTrue):
+ (JSC::BytecodeGenerator::emitJumpIfFalse):
+ * bytecompiler/NodesCodegen.cpp:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compare):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JSC::JIT::emit_op_loop_if_greater):
+ (JSC::JIT::emitSlow_op_loop_if_greater):
+ (JSC::JIT::emit_op_loop_if_greatereq):
+ (JSC::JIT::emitSlow_op_loop_if_greatereq):
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_jgreater):
+ (JSC::JIT::emit_op_jgreatereq):
+ (JSC::JIT::emit_op_jngreater):
+ (JSC::JIT::emit_op_jngreatereq):
+ (JSC::JIT::emitSlow_op_jgreater):
+ (JSC::JIT::emitSlow_op_jgreatereq):
+ (JSC::JIT::emitSlow_op_jngreater):
+ (JSC::JIT::emitSlow_op_jngreatereq):
+ (JSC::JIT::emit_compareAndJumpSlow):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitBinaryDoubleOp):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * parser/NodeConstructors.h:
+ (JSC::GreaterNode::GreaterNode):
+ (JSC::GreaterEqNode::GreaterEqNode):
+ * parser/Nodes.h:
+
+2011-07-03 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63879
+ Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
+
+ Reviewed by Sam Weinig.
+
+ There is a lot of copy & paste code here; we can reduce duplication by making
+ a shared implementation.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::branch32):
+ (JSC::MacroAssembler::commute):
+ - Make these function platform agnostic.
+ * assembler/MacroAssemblerX86Common.h:
+ - Moved branch32/commute up to MacroAssembler.
+ * jit/JIT.h:
+ (JSC::JIT::emit_op_loop_if_lesseq):
+ (JSC::JIT::emitSlow_op_loop_if_lesseq):
+ - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_jless):
+ (JSC::JIT::emit_op_jlesseq):
+ (JSC::JIT::emit_op_jnless):
+ (JSC::JIT::emit_op_jnlesseq):
+ (JSC::JIT::emitSlow_op_jless):
+ (JSC::JIT::emitSlow_op_jlesseq):
+ (JSC::JIT::emitSlow_op_jnless):
+ (JSC::JIT::emitSlow_op_jnlesseq):
+ - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
+ (JSC::JIT::emit_compareAndJump):
+ (JSC::JIT::emit_compareAndJumpSlow):
+ - Internal implmementation of jless etc for JSVALUE64.
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_compareAndJump):
+ (JSC::JIT::emit_compareAndJumpSlow):
+ - Internal implmementation of jless etc for JSVALUE32_64.
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+ - Remove old implementation of emit_op_loop_if_lesseq.
+
+2011-07-03 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r90347.
+ http://trac.webkit.org/changeset/90347
+ https://bugs.webkit.org/show_bug.cgi?id=63886
+
+ Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
+ (Requested by tkent on #webkit).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/BigInteger.h: Removed.
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToPrecision):
+ (JSC::numberProtoFuncToString):
+ * runtime/Uint16WithFraction.h: Removed.
+ * wtf/MathExtras.h:
+
+2011-06-30 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=16652
+ Firefox and JavaScriptCore differ in Number.toString(integer)
+
+ Our arbitrary radix (2..36) toString conversion is inaccurate.
+ This is partly because it uses doubles to perform math that requires
+ higher accuracy, and partly becasue it does not attempt to correctly
+ detect where to terminate, instead relying on a simple 'epsilon'.
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::decomposeDouble):
+ - helper function to extract sign, exponent, mantissa from IEEE doubles.
+ (JSC::Uint16WithFraction::Uint16WithFraction):
+ - helper class, u16int with infinite precision fraction, used to convert
+ the fractional part of the number to a string.
+ (JSC::Uint16WithFraction::operator*=):
+ - Multiply by a uint16.
+ (JSC::Uint16WithFraction::operator<):
+ - Compare two Uint16WithFractions.
+ (JSC::Uint16WithFraction::floorAndSubtract):
+ - Extract the integer portion of the number, and subtract it (clears the integer portion).
+ (JSC::Uint16WithFraction::comparePoint5):
+ - Compare to 0.5.
+ (JSC::Uint16WithFraction::sumGreaterThanOne):
+ - Passed a second Uint16WithFraction, returns true if the result of adding
+ the two values would be greater than one.
+ (JSC::Uint16WithFraction::isNormalized):
+ - Used by ASSERTs to consistency check internal representation.
+ (JSC::BigInteger::BigInteger):
+ - helper class, unbounded integer value, used to convert the integer part
+ of the number to a string.
+ (JSC::BigInteger::divide):
+ - Divide this value through by a uint32.
+ (JSC::BigInteger::operator!):
+ - test for zero.
+ (JSC::toStringWithRadix):
+ - Performs number to string conversion, with the given radix (2..36).
+ (JSC::numberProtoFuncToString):
+ - Changed to use toStringWithRadix.
+
+2011-07-02 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63866
+ DFG JIT - implement instanceof
+
+ Reviewed by Sam Weinig.
+
+ Add ops CheckHasInstance & InstanceOf to implement bytecodes
+ op_check_has_instance & op_instanceof. This is an initial
+ functional implementation, performance is a wash. We can
+ follow up with changes to fuse the InstanceOf node with
+ a subsequant branch, as we do with other comparisons.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jitAssertIsCell):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::jitAssertIsCell):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-01 Oliver Hunt <oliver@apple.com>
+
+ IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
+ https://bugs.webkit.org/show_bug.cgi?id=63732
+
+ Reviewed by Gavin Barraclough.
+
+ Initialise the memory at the head of the new storage so that
+ GC is safe if triggered by reportExtraMemoryCost.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::increaseVectorPrefixLength):
+
+2011-07-01 Oliver Hunt <oliver@apple.com>
+
+ GC sweep can occur before an object is completely initialised
+ https://bugs.webkit.org/show_bug.cgi?id=63836
+
+ Reviewed by Gavin Barraclough.
+
+ In rare cases it's possible for a GC sweep to occur while a
+ live, but not completely initialised object is on the stack.
+ In such a case we may incorrectly choose to mark it, even
+ though it has no children that need marking.
+
+ We resolve this by always zeroing out the structure of any
+ value returned from JSCell::operator new(), and making the
+ markstack tolerant of a null structure.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::~JSCell):
+ (JSC::JSCell::JSCell::operator new):
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend):
+
+2011-07-01 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG non-speculative JIT always performs slow C calls for div and mod.
+ https://bugs.webkit.org/show_bug.cgi?id=63684
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+
+2011-07-01 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Lexer error messages are currently appalling
+ https://bugs.webkit.org/show_bug.cgi?id=63340
+
+ Added error messages for the Lexer. These messages will be displayed
+ instead of the lexer error messages from the parser that are currently
+ shown.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::getInvalidCharMessage):
+ (JSC::Lexer::setCode):
+ (JSC::Lexer::parseString):
+ (JSC::Lexer::lex):
+ (JSC::Lexer::clear):
+ * parser/Lexer.h:
+ (JSC::Lexer::getErrorMessage):
+ (JSC::Lexer::setOffset):
+ * parser/Parser.cpp:
+ (JSC::Parser::parse):
+
+2011-07-01 Jungshik Shin <jshin@chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
+ build files for ports not using ICU.
+ Add icu/unicode/uscript.h for ports using ICU. It's taken from
+ ICU 3.6 (the version used on Mac OS 10.5)
+
+ http://bugs.webkit.org/show_bug.cgi?id=20797
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * icu/unicode/uscript.h: Added for UScriptCode enum.
+ * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
+ * wtf/unicode/icu/UnicodeIcu.h:
+ * wtf/unicode/brew/UnicodeBrew.h:
+ * wtf/unicode/glib/UnicodeGLib.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+ * wtf/unicode/wince/UnicodeWinCE.h:
+
+2011-07-01 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63819
+ Escaping of forwardslashes in strings incorrect if multiple exist.
+
+ The bug is in the parameters passed to a substring - should be
+ start & length, but we're passing start & end indices!
+
+ * runtime/RegExpObject.cpp:
+ (JSC::regExpObjectSource):
+
+2011-07-01 Adam Roben <aroben@apple.com>
+
+ Roll out r90194
+ http://trac.webkit.org/changeset/90194
+ https://bugs.webkit.org/show_bug.cgi?id=63778
+
+ Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
+ assertions in WriteBarrierBase<JSC::Structure>::get
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::~JSCell):
+
+2011-06-30 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add optimised paths for a few maths functions
+ https://bugs.webkit.org/show_bug.cgi?id=63757
+
+ Relanding as a Mac only patch.
+
+ This adds specialised thunks for Math.abs, Math.round, Math.ceil,
+ Math.floor, Math.log, and Math.exp as they are apparently more
+ important in real web content than we thought, which is somewhat
+ mind-boggling. On average doubles the performance of the common
+ cases (eg. actually passing numbers in). They're not as efficient
+ as they could be, but this way gives them the most portability.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsDoubleBitops):
+ (JSC::MacroAssemblerARM::andnotDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
+ (JSC::MacroAssemblerARMv7::andnotDouble):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::andnotDouble):
+ (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsDoubleBitops):
+ (JSC::MacroAssemblerSH4::andnotDouble):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::supportsDoubleBitops):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::andnotDouble):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::andnpd_rr):
+ * create_hash_table:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ (JSC::SpecializedThunkJIT::callDoubleToDouble):
+ * jit/ThunkGenerators.cpp:
+ (JSC::floorThunkGenerator):
+ (JSC::ceilThunkGenerator):
+ (JSC::roundThunkGenerator):
+ (JSC::expThunkGenerator):
+ (JSC::logThunkGenerator):
+ (JSC::absThunkGenerator):
+ * jit/ThunkGenerators.h:
+
+2011-07-01 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
+
+ Fixes the following build error in clang:
+
+ JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
+ map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
+ JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
+ map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
+ ^
+ ( )
+ fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
+ fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
+ JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
+ map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
+ ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ 1 error generated.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
+ tertiary expression evaluate first.
+
+2011-07-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r90177 and r90179.
+ http://trac.webkit.org/changeset/90177
+ http://trac.webkit.org/changeset/90179
+ https://bugs.webkit.org/show_bug.cgi?id=63790
+
+ It caused crashes on Qt in debug mode (Requested by Ossy on
+ #webkit).
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::rshift32):
+ (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARM::sqrtDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARMv7::sqrtDouble):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::sqrtDouble):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::sqrtDouble):
+ * assembler/MacroAssemblerX86.h:
+ * assembler/MacroAssemblerX86Common.h:
+ * assembler/MacroAssemblerX86_64.h:
+ * assembler/X86Assembler.h:
+ * create_hash_table:
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::emitLoadDouble):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ * jit/ThunkGenerators.cpp:
+ * jit/ThunkGenerators.h:
+
+2011-06-30 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Beth Dakin.
+
+ Make GC validation clear cell structure on destruction
+ https://bugs.webkit.org/show_bug.cgi?id=63778
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::~JSCell):
+
+2011-06-30 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Added write barrier that was missing from put_by_id_transition
+ https://bugs.webkit.org/show_bug.cgi?id=63775
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
+ MacroAssembler& argument so our patching functions could use it.
+
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID): Missing barrier!
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
+ because its meaning isn't clear -- maybe in the future we'll have a
+ clear way to pass all stores through a common function that guarantees
+ a write barrier, but that's not the case right now.
+
+2011-06-30 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG non-speculative JIT does not reuse registers when compiling comparisons.
+ https://bugs.webkit.org/show_bug.cgi?id=63565
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compare):
+
+2011-06-30 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Added empty write barrier stubs in all the right places in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=63764
+
+ SunSpider thinks this might be a 0.5% speedup. Meh.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
+
+ (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
+ for the case where base == scratch, since we now require base and scratch
+ to be not equal, for the sake of the write barrier.
+
+ * dfg/DFGJITCodeGenerator.h: Le stub.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
+ as the scratch register, since that's incompatible with the write barrier,
+ which needs a distinct base and scratch.
+
+ Do put the global object into a register before loading its var storage,
+ since it needs to be in a register for the write barrier to operate on it.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
+ places.
+
+ (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
+ is a little more than meaningless.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
+ places.
+
+ (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
+ is a little more than meaningless.
+
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
+ we put the global object in a register and only then load its var storage
+ by offset.
+
+ (JSC::JIT::emitWriteBarrier):
+
+2011-06-30 Oliver Hunt <oliver@apple.com>
+
+ Fix ARMv6 build
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::rshift32):
+
+2011-06-30 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add optimised paths for a few maths functions
+ https://bugs.webkit.org/show_bug.cgi?id=63757
+
+ This adds specialised thunks for Math.abs, Math.round, Math.ceil,
+ Math.floor, Math.log, and Math.exp as they are apparently more
+ important in real web content than we thought, which is somewhat
+ mind-boggling. On average doubles the performance of the common
+ cases (eg. actually passing numbers in). They're not as efficient
+ as they could be, but this way gives them the most portability.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsDoubleBitops):
+ (JSC::MacroAssemblerARM::andnotDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
+ (JSC::MacroAssemblerARMv7::andnotDouble):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::andnotDouble):
+ (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsDoubleBitops):
+ (JSC::MacroAssemblerSH4::andnotDouble):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::supportsDoubleBitops):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::andnotDouble):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::andnpd_rr):
+ * create_hash_table:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ (JSC::SpecializedThunkJIT::callDoubleToDouble):
+ * jit/ThunkGenerators.cpp:
+ (JSC::floorThunkGenerator):
+ (JSC::ceilThunkGenerator):
+ (JSC::roundThunkGenerator):
+ (JSC::expThunkGenerator):
+ (JSC::logThunkGenerator):
+ (JSC::absThunkGenerator):
+ * jit/ThunkGenerators.h:
+
+2011-06-30 Cary Clark <caryclark@google.com>
+
+ Reviewed by James Robinson.
+
+ Use Skia if Skia on Mac Chrome is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=62999
+
+ * wtf/Platform.h:
+ Add switch to use Skia if, externally,
+ Skia has been enabled by a gyp define.
+
+2011-06-30 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Web Inspector fails to display source for eval with syntax error
+ https://bugs.webkit.org/show_bug.cgi?id=63583
+
+ Web Inspector now displays a link to an eval statement that contains
+ a syntax error.
+
+ * parser/Parser.h:
+ (JSC::isEvalNode):
+ (JSC::EvalNode):
+ (JSC::Parser::parse):
+
+2011-06-30 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ X86Assembler does not encode byte registers in 64-bit mode correctly.
+ https://bugs.webkit.org/show_bug.cgi?id=63665
+
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::testb_rr):
+ (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
+
+2011-06-30 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r90102.
+ http://trac.webkit.org/changeset/90102
+ https://bugs.webkit.org/show_bug.cgi?id=63714
+
+ Lots of tests asserting beneath
+ SVGSMILElement::findInstanceTime (Requested by aroben on
+ #webkit).
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-06-30 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
+
+ Reviewed by Nikolas Zimmermann.
+
+ Speed up SVGSMILElement::findInstanceTime.
+ https://bugs.webkit.org/show_bug.cgi?id=61025
+
+ Add a new parameter to StdlibExtras.h::binarySerarch function
+ to also handle cases when the array does not contain the key value.
+ This is needed for an svg function.
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-06-29 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63669
+ DFG JIT - fix spectral-norm regression
+
+ The problem is a mis-speculation leading to us falling off the speculative path.
+ Make the speculation logic slightly smarter, don't predict int if one of the
+ operands is already loaded as a double (we use this logic already for compares).
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+
+2011-06-29 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG JIT does not do put_by_id transition caching.
+ https://bugs.webkit.org/show_bug.cgi?id=63662
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::testPrototype):
+ (JSC::DFG::tryCachePutByID):
+
+2011-06-29 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Added a dummy write barrier emitting function in all the right places in the old JIT
+ https://bugs.webkit.org/show_bug.cgi?id=63667
+
+ SunSpider reports no change.
+
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_put_scoped_var): Do it.
+
+ (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
+ for the sake of the write barrier.
+
+ (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_put_scoped_var): Do it.
+
+ (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
+ for the sake of the write barrier.
+
+ (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
+
+2011-06-29 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG JIT does not perform get_by_id self list caching.
+ https://bugs.webkit.org/show_bug.cgi?id=63605
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::dfgBuildGetByIDList):
+ * dfg/DFGRepatch.h:
+
+2011-06-28 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG JIT lacks array.length caching.
+ https://bugs.webkit.org/show_bug.cgi?id=63505
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::tryAllocate):
+ (JSC::DFG::JITCodeGenerator::selectScratchGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::tryAllocate):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCacheGetByID):
+
+2011-06-28 Pierre Rossi <pierre.rossi@gmail.com>
+
+ Reviewed by Eric Seidel.
+
+ Warnings in JSC's JIT on 32 bit
+ https://bugs.webkit.org/show_bug.cgi?id=63259
+
+ Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+
+2011-06-28 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89968.
+ http://trac.webkit.org/changeset/89968
+ https://bugs.webkit.org/show_bug.cgi?id=63581
+
+ Broke chromium windows compile (Requested by jamesr on
+ #webkit).
+
+ * wtf/Platform.h:
+
+2011-06-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Fix sampling build
+ https://bugs.webkit.org/show_bug.cgi?id=63579
+
+ Gets opcode sampling building again, doesn't seem to work alas
+
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingTool::notifyOfScope):
+ * bytecode/SamplingTool.h:
+ (JSC::SamplingTool::SamplingTool):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::enableSampler):
+ * runtime/Executable.h:
+ (JSC::ScriptExecutable::ScriptExecutable):
+
+2011-06-28 Cary Clark <caryclark@google.com>
+
+ Reviewed by James Robinson.
+
+ Use Skia if Skia on Mac Chrome is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=62999
+
+ * wtf/Platform.h:
+ Add switch to use Skia if, externally,
+ Skia has been enabled by a gyp define.
+
+2011-06-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ ASSERT when launching debug builds with interpreter and jit enabled
+ https://bugs.webkit.org/show_bug.cgi?id=63566
+
+ Add appropriate guards to the various Executable's memory reporting
+ logic.
+
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2011-06-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63563
+ DFG JIT - add support for double arith to speculative path
+
+ Add integer support for div & mod, add double support for div, mod,
+ add, sub & mul, dynamically selecting based on operand types.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::assembler):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
+ (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
+ (JSC::DFG::SpeculateDoubleOperand::index):
+ (JSC::DFG::SpeculateDoubleOperand::fpr):
+
+2011-06-28 Oliver Hunt <oliver@apple.com>
+
+ Fix interpreter build.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-06-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63561
+ DFG JIT - don't always assume integer in relational compare
+
+ If neither operand is known integer, or either is in double representation,
+ then at least use a function call (don't bail off the speculative path).
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
+ (JSC::DFG::SpeculativeJIT::compareIsInteger):
+
+2011-06-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make constant array optimisation less strict about what constitutes a constant
+ https://bugs.webkit.org/show_bug.cgi?id=63554
+
+ Now allow string constants in array literals to actually be considered constant,
+ and so avoid codegen in array literals with strings in them.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addConstantBuffer):
+ (JSC::CodeBlock::constantBuffer):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addConstantBuffer):
+ (JSC::BytecodeGenerator::addStringConstant):
+ (JSC::BytecodeGenerator::emitNewArray):
+ * bytecompiler/BytecodeGenerator.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2011-06-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63560
+ DFG_JIT allow allocation of specific machine registers
+
+ This allow us to allocate the registers necessary to perform x86
+ idiv instructions for div/mod, and may be useful for shifts, too.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::allocate):
+ (JSC::DFG::GPRResult::GPRResult):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::allocateSpecific):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isInteger):
+
+2011-06-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=55040
+ RegExp constructor returns the argument regexp instead of a new object
+
+ Per 15.10.3.1, our current behaviour is correct if called as a function,
+ but incorrect when called as a constructor.
+
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ (JSC::constructWithRegExpConstructor):
+ * runtime/RegExpConstructor.h:
+
+2011-06-28 Luke Macpherson <macpherson@chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
+ https://bugs.webkit.org/show_bug.cgi?id=63469
+
+ * wtf/MathExtras.h:
+ (defaultMinimumForClamp):
+ Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
+ (defaultMaximumForClamp):
+ Symmetric alias for std::numeric_limits::max()
+ (clampTo):
+ New templated clamping function that supports arbitrary output types.
+ (clampToInteger):
+ Use new clampTo template.
+ (clampToFloat):
+ Use new clampTo template.
+ (clampToPositiveInteger):
+ Use new clampTo template.
+
+2011-06-28 Adam Roben <aroben@apple.com>
+
+ Windows Debug build fix after r89885
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
+ JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
+
+2011-06-28 Shinya Kawanaka <shinyak@google.com>
+
+ Reviewed by Kent Tamura.
+
+ Add const to show() method in WTFString and AtomicString.
+ https://bugs.webkit.org/show_bug.cgi?id=63515
+
+ The lack of const in show() method is painful when
+ doing something like printf-debug.
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::AtomicString::show):
+ * wtf/text/AtomicString.h:
+ * wtf/text/WTFString.cpp:
+ (String::show):
+ * wtf/text/WTFString.h:
+
+2011-06-27 Ryosuke Niwa <rniwa@webkit.org>
+
+ Build fix attempt after r89885.
+
+ * JavaScriptCore.exp:
+ * jsc.cpp:
+
+2011-06-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Support throwing away non-running code even while other code is running
+ https://bugs.webkit.org/show_bug.cgi?id=63485
+
+ Add a function to CodeBlock to support unlinking direct linked callsites,
+ and then with that in place add logic to discard code from any function
+ that is not currently on the stack.
+
+ The unlinking completely reverts any optimized call sites, such that they
+ may be relinked again in future.
+
+ * JavaScriptCore.exp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::unlinkCalls):
+ (JSC::CodeBlock::clearEvalCache):
+ * bytecode/CodeBlock.h:
+ (JSC::CallLinkInfo::CallLinkInfo):
+ (JSC::CallLinkInfo::unlink):
+ * bytecode/EvalCodeCache.h:
+ (JSC::EvalCodeCache::clear):
+ * heap/Heap.cpp:
+ (JSC::Heap::getConservativeRegisterRoots):
+ * heap/Heap.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITWriteBarrier.h:
+ (JSC::JITWriteBarrierBase::clear):
+ * jsc.cpp:
+ (GlobalObject::GlobalObject):
+ (functionReleaseExecutableMemory):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::unlinkCalls):
+ (JSC::ProgramExecutable::unlinkCalls):
+ (JSC::FunctionExecutable::discardCode):
+ (JSC::FunctionExecutable::unlinkCalls):
+ * runtime/Executable.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::SafeRecompiler::returnValue):
+ (JSC::SafeRecompiler::operator()):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+
+2011-06-27 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Darin Adler & Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=50554
+ RegExp.prototype.toString does not escape slashes
+
+ The problem here is that we don't escape forwards slashes when converting
+ a RegExp to a string. This means that RegExp("/").toString() is "///",
+ which is not a valid RegExp literal. Also, we return an invalid literal
+ for RegExp.prototype.toString() ("//", which is an empty single-line comment).
+
+ From ES5:
+ "NOTE: The returned String has the form of a RegularExpressionLiteral that
+ evaluates to another RegExp object with the same behaviour as this object."
+
+ * runtime/RegExpObject.cpp:
+ (JSC::regExpObjectSource):
+ - Escape forward slashes when getting the source of a RegExp.
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncToString):
+ - Remove unnecessary and erroneous hack to return "//" as the string
+ representation of RegExp.prototype. This is not a valid RegExp literal
+ (it is an empty single-line comment).
+
+2011-06-27 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63497
+ Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-06-27 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
+ https://bugs.webkit.org/show_bug.cgi?id=63392
+
+ When both TextPosition.h and XPathGrammar.h are included a compile-error
+ is caused, since XPathGrammar.h defines a macro called NUMBER and
+ TextPosition has a typedef named NUMBER.
+
+ * wtf/text/TextPosition.h:
+ (WTF::TextPosition::TextPosition):
+ (WTF::TextPosition::minimumPosition):
+ (WTF::TextPosition::belowRangePosition):
+
+2011-06-27 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG JIT does not perform put_by_id caching.
+ https://bugs.webkit.org/show_bug.cgi?id=63409
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchByIdSelfAccess):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::appropriatePutByIdFunction):
+ (JSC::DFG::tryCachePutByID):
+ (JSC::DFG::dfgRepatchPutByID):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-06-27 Gustavo Noronha Silva <gns@gnome.org>
+
+ Unreviewed build fix. One more filed missing during distcheck, for
+ the MIPS build.
+
+ * GNUmakefile.list.am:
+
+2011-06-26 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
+ https://bugs.webkit.org/show_bug.cgi?id=63347
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ - Changed arithmetic operations to speculate in favor of integers.
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGOperations.cpp:
+ - Added slow-path routines for arithmetic that perform no speculation; the
+ non-speculative JIT will generate calls to these in cases where its
+ speculation fails.
+ * dfg/DFGOperations.h:
+
+2011-06-24 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Rob Buis.
+
+ Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
+ https://bugs.webkit.org/show_bug.cgi?id=59085
+
+ * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
+
+2011-06-24 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
+ https://bugs.webkit.org/show_bug.cgi?id=63345
+
+ The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
+ return 9 and 10 bit quantities, therefore changed their return type from
+ uint8_t to uint16_t. Also casted the places where they are used as they
+ are currently shifted and used as 7 or 8 bit values.
+
+ These methods are currently used for literals for stack offsets,
+ including creating and destroying stack frames. The prior truncation of
+ the upper bits caused stack frames to be too small, thus allowing a
+ JIT'ed function to access and overwrite stack space outside of the
+ incorrectly sized stack frame.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMThumbImmediate::getUInt9):
+ (JSC::ARMThumbImmediate::getUInt10):
+ (JSC::ARMv7Assembler::add):
+ (JSC::ARMv7Assembler::ldr):
+ (JSC::ARMv7Assembler::str):
+ (JSC::ARMv7Assembler::sub):
+ (JSC::ARMv7Assembler::sub_S):
+
+2011-06-24 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
+ https://bugs.webkit.org/show_bug.cgi?id=63015
+
+ Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
+ min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList(). These
+ adjustments are a bug. These need to reflect the pages that are released
+ in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
+ Made ReleaseFreeList a member of TCMalloc_PageHeap in the process. Updated
+ Check() and helper method CheckList() to check the number of actual free pages
+ with free_committed_pages_.
+
+ The symptom of the problem of the existing code is that the scavenger may
+ run unneccesarily without any real work to do, i.e. pages on the free lists.
+ The scanvenger would also end up freeing too many pages, that is going below
+ the current 528 target free pages.
+
+ Note that the style of the changes was kept consistent with the
+ existing style.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::Check):
+ (WTF::TCMalloc_PageHeap::CheckList):
+ (WTF::TCMalloc_PageHeap::ReleaseFreeList):
+
+2011-06-24 Abhishek Arya <inferno@chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Match other clampTo* functions in style with clampToInteger(float)
+ function.
+ https://bugs.webkit.org/show_bug.cgi?id=53449
+
+ * wtf/MathExtras.h:
+ (clampToInteger):
+ (clampToFloat):
+ (clampToPositiveInteger):
+
+2011-06-24 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89594.
+ http://trac.webkit.org/changeset/89594
+ https://bugs.webkit.org/show_bug.cgi?id=63316
+
+ It broke 5 tests on the Qt bot (Requested by Ossy_DC on
+ #webkit).
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * icu/unicode/uscript.h: Removed.
+ * wtf/unicode/ScriptCodesFromICU.h: Removed.
+ * wtf/unicode/brew/UnicodeBrew.h:
+ * wtf/unicode/glib/UnicodeGLib.h:
+ * wtf/unicode/icu/UnicodeIcu.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+ * wtf/unicode/wince/UnicodeWinCE.h:
+
+2011-06-23 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
+ https://bugs.webkit.org/show_bug.cgi?id=63173
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-06-23 Oliver Hunt <oliver@apple.com>
+
+ Fix Qt again.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::readPointer):
+
+2011-06-23 Oliver Hunt <oliver@apple.com>
+
+ Fix Qt Build
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::readPointer):
+
+2011-06-23 Stephanie Lewis <slewis@apple.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63298
+ Replace Malloc with FastMalloc to match the rest of wtf.
+
+ * wtf/BlockStack.h:
+ (WTF::::~BlockStack):
+ (WTF::::grow):
+ (WTF::::shrink):
+
+2011-06-23 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add the ability to dynamically modify linked call sites
+ https://bugs.webkit.org/show_bug.cgi?id=63291
+
+ Add JITWriteBarrier as a writebarrier class that allows
+ reading and writing directly into the code stream.
+
+ This required adding logic to all the assemblers to allow
+ us to read values back out of the instruction stream.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::readPointer):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::readPointer):
+ (JSC::ARMv7Assembler::readInt32):
+ (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
+ (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::readPointer):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::readInt32):
+ (JSC::MIPSAssembler::readPointer):
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::MacroAssemblerCodePtr::operator!):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::readPCrelativeAddress):
+ (JSC::SH4Assembler::readPointer):
+ (JSC::SH4Assembler::readInt32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::readPointer):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::MethodCallLinkInfo::seenOnce):
+ (JSC::MethodCallLinkInfo::setSeen):
+ * heap/MarkStack.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkCall):
+ (JSC::JIT::linkConstruct):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ * jit/JITPropertyAccess32_64.cpp:
+ * jit/JITWriteBarrier.h: Added.
+ (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
+ (JSC::JITWriteBarrierBase::operator!):
+ (JSC::JITWriteBarrierBase::setFlagOnBarrier):
+ (JSC::JITWriteBarrierBase::isFlagged):
+ (JSC::JITWriteBarrierBase::setLocation):
+ (JSC::JITWriteBarrierBase::location):
+ (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
+ (JSC::JITWriteBarrierBase::set):
+ (JSC::JITWriteBarrierBase::get):
+ (JSC::JITWriteBarrier::JITWriteBarrier):
+ (JSC::JITWriteBarrier::set):
+ (JSC::JITWriteBarrier::get):
+ (JSC::MarkStack::append):
+
+2011-06-23 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61585
+ Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
+
+ This is due to use of int instead of unsigned, bad math around
+ the 2^31 boundary.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+ - Change some uses of int to unsigned, refactor compare logic to
+ restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generate):
+ (JSC::Yarr::YarrGenerator::backtrack):
+ - Ditto.
+
+2011-06-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63218
+ DFG JIT - remove machine type guarantees from graph
+
+ The DFG JIT currently makes assumptions about the types of machine registers
+ that certain nodes will be loaded into. This will be broken as we generate
+ nodes to produce both integer and double code paths. Remove int<->double
+ conversions nodes. This design decision also gave rise to multiple types of
+ constant nodes, requiring separate handling for each type. Merge these back
+ into JSConstant.
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getToInt32):
+ (JSC::DFG::ByteCodeParser::getToNumber):
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::toNumber):
+ (JSC::DFG::ByteCodeParser::isInt32Constant):
+ (JSC::DFG::ByteCodeParser::isDoubleConstant):
+ (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
+ (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
+ (JSC::DFG::ByteCodeParser::one):
+ (JSC::DFG::ByteCodeParser::predictInt32):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::isJSConstant):
+ (JSC::DFG::JITCodeGenerator::isDoubleConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isJSConstant):
+ (JSC::DFG::JITCompiler::isInt32Constant):
+ (JSC::DFG::JITCompiler::isDoubleConstant):
+ (JSC::DFG::JITCompiler::valueOfJSConstant):
+ (JSC::DFG::JITCompiler::valueOfInt32Constant):
+ (JSC::DFG::JITCompiler::valueOfDoubleConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::isConstant):
+ (JSC::DFG::Node::notTakenBytecodeOffset):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
+ (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-06-23 Jungshik Shin <jshin@chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
+ build files for ports not using ICU.
+ Add icu/unicode/uscript.h for ports using ICU. It's taken from
+ ICU 3.6 (the version used on Mac OS 10.5)
+
+ http://bugs.webkit.org/show_bug.cgi?id=20797
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * icu/unicode/uscript.h: Added for UScriptCode enum.
+ * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
+ * wtf/unicode/icu/UnicodeIcu.h:
+ * wtf/unicode/brew/UnicodeBrew.h:
+ * wtf/unicode/glib/UnicodeGLib.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+ * wtf/unicode/wince/UnicodeWinCE.h:
+
+2011-06-23 Ryuan Choi <ryuan.choi@samsung.com>
+
+ Reviewed by Andreas Kling.
+
+ [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
+ https://bugs.webkit.org/show_bug.cgi?id=63228
+
+ * wtf/Platform.h: Add PLATFORM(EFL) guard.
+
+2011-06-23 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89547.
+ http://trac.webkit.org/changeset/89547
+ https://bugs.webkit.org/show_bug.cgi?id=63252
+
+ "Chrmium crash on start" (Requested by yurys on #webkit).
+
+ * wtf/DynamicAnnotations.cpp:
+ (WTFAnnotateBenignRaceSized):
+ (WTFAnnotateHappensBefore):
+ (WTFAnnotateHappensAfter):
+ * wtf/DynamicAnnotations.h:
+
+2011-06-23 Timur Iskhodzhanov <timurrrr@google.com>
+
+ Reviewed by David Levin.
+
+ Make dynamic annotations weak symbols and prevent identical code folding by the linker
+ https://bugs.webkit.org/show_bug.cgi?id=62443
+
+ * wtf/DynamicAnnotations.cpp:
+ (WTFAnnotateBenignRaceSized):
+ (WTFAnnotateHappensBefore):
+ (WTFAnnotateHappensAfter):
+ * wtf/DynamicAnnotations.h:
+
+2011-06-22 Yael Aharon <yael.aharon@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Add a build flag for building with libxml2 and libxslt.
+ https://bugs.webkit.org/show_bug.cgi?id=63113
+
+ * wtf/Platform.h:
+
+2011-06-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89489.
+ http://trac.webkit.org/changeset/89489
+ https://bugs.webkit.org/show_bug.cgi?id=63203
+
+ Broke chromium mac build on build.webkit.org (Requested by
+ abarth on #webkit).
+
+ * wtf/Platform.h:
+
+2011-06-22 Cary Clark <caryclark@google.com>
+
+ Reviewed by Darin Fisher.
+
+ Use Skia if Skia on Mac Chrome is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=62999
+
+ * wtf/Platform.h:
+ Add switch to use Skia if, externally,
+ Skia has been enabled by a gyp define.
+
+2011-06-22 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
+
+2011-06-22 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed the conceit that global variables are local variables when running global code
+ https://bugs.webkit.org/show_bug.cgi?id=63106
+
+ This is required for write barrier correctness.
+
+ SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
+ I was able to reduce the regression with a tiny peephole optimization in
+ the bytecompiler, but not eliminate it. I'm committing this assuming
+ that turning on generational GC will win back at least 0.5%.
+
+ (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
+ the global object's var storage. I considered doing the same kind of
+ optimization in the existing JIT, but it seemed like moving in the wrong
+ direction.)
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addGlobalVar):
+ (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
+ negative indices, since they're no longer negatively offset from the
+ current stack frame.
+
+ Do give global variables monotonically increasing positive indices, since
+ that's much easier to work with.
+
+ Don't limit the number of optimizable global variables, since it's no
+ longer limited by the register file, since they're no longer stored in
+ the register file.
+
+ (JSC::BytecodeGenerator::registerFor): Global code never has any local
+ registers because a var in global code is actually a property of the
+ global object.
+
+ (JSC::BytecodeGenerator::constRegisterFor): Ditto.
+
+ (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
+ propagation and dead code elimination to speed up our compiles and
+ reduce WTFs / minute.
+
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
+
+ (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
+ global code, since there are none.
+
+ (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
+ in global code (i.e., global vars), since there are some.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::Interpreter):
+ (JSC::Interpreter::dumpRegisters):
+ (JSC::Interpreter::execute):
+ * interpreter/Interpreter.h: Updated for deleted / renamed code.
+
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots):
+ (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
+ data members.
+
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::begin):
+ (JSC::RegisterFile::size):
+ (JSC::RegisterFile::RegisterFile):
+ (JSC::RegisterFile::shrink): Removed all code and comments dealing with
+ global variables stored in the register file.
+
+ (JSC::RegisterFile::grow): Updated for same.
+
+ Also, a slight correctness fix: Test the VM commit end, and not just the
+ in-use end, when checking for stack overflow. In theory, it's invalid to
+ commit past the end of your allocation, even if you never touch that
+ memory. This makes the usable size of the stack slightly smaller. No test
+ because we don't know of any case in practice where this crashes.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::resizeRegisters):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ * runtime/JSGlobalObject.h: Simplified globals to have monotonically
+ increasing indexes, always located in our external storage.
+
+2011-06-21 MORITA Hajime <morrita@google.com>
+
+ Unreviewed, rolling out r89401 and r89403.
+ http://trac.webkit.org/changeset/89401
+ http://trac.webkit.org/changeset/89403
+ https://bugs.webkit.org/show_bug.cgi?id=62970
+
+ Breaks mac build and mistakenly enables the spellcheck API
+
+ * Configurations/FeatureDefines.xcconfig:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-21 Kent Tamura <tkent@chromium.org>
+
+ [Mac] Sort Xcode project files.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-20 MORITA Hajime <morrita@google.com>
+
+ Reviewed by Kent Tamura.
+
+ Spellcheck API should be build-able.
+ https://bugs.webkit.org/show_bug.cgi?id=62970
+
+ No new tests, changing only build related files
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-21 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Moved 'const' off the global-variable-as-local-variable crack pipe
+ https://bugs.webkit.org/show_bug.cgi?id=63105
+
+ This is necessary for moving the rest of the code off of same.
+
+ Many problems remain in our handling of const. I have fixed none of them.
+
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
+ const to directly implement its unique scoping rules.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
+ for writing, so we don't overwrite const variables.
+
+ (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
+ variables are available as local variables, since this won't be the case
+ once global variables are not available as local variables. Instead, use
+ put_scoped_var in the case where there is no local variable. Like a local
+ variable, put_scoped_var succeeds even though const properties are
+ read-only, since put_scoped_var skips read-only checks. (Yay?)
+
+2011-06-21 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
+ https://bugs.webkit.org/show_bug.cgi?id=63052
+
+ Release mode only failure, the stack overflow guards were getting there error
+ handling inlined, so that they were essentially causing their own demise.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::updateErrorMessage):
+ (JSC::JSParser::updateErrorWithNameAndMessage):
+
+2011-06-20 Kenneth Russell <kbr@google.com>
+
+ Unreviewed.
+
+ Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
+ https://bugs.webkit.org/show_bug.cgi?id=63022
+
+ * wtf/Platform.h:
+
+2011-06-18 Anders Carlsson <andersca@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
+ https://bugs.webkit.org/show_bug.cgi?id=62940
+
+ Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
+
+ * wtf/PassOwnArrayPtr.h:
+ (WTF::PassOwnArrayPtr::operator=):
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::operator=):
+ * wtf/PassRefPtr.h:
+ (WTF::PassRefPtr::operator=):
+ (WTF::NonNullPassRefPtr::operator=):
+
+2011-06-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ REGRESSION (r79060): Searching for a flight at united.com fails
+ https://bugs.webkit.org/show_bug.cgi?id=63003
+
+ This original change also broke Twitter, and we attempted to refine the fix to
+ address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
+ we need to revert the change until we understand the problem better.
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters):
+
+2011-06-20 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ No context for javascript parse errors.
+ https://bugs.webkit.org/show_bug.cgi?id=62613
+
+ Parse errors now show more details like:
+ "Unexpected token: ]"
+ or
+ "Expected token: while"
+
+ For reserved names, numbers, indentifiers, strings, lexer errors,
+ and EOFs, the following error messages are printed:
+
+ "Use of reserved word: super"
+ "Unexpected number: 42"
+ "Unexpected identifier: "
+ "Unexpected string: "foobar""
+ "Invalid token character sequence: \u4023"
+ "Unexpected EOF"
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::consume):
+ (JSC::JSParser::getToken):
+ (JSC::JSParser::getTokenName):
+ (JSC::JSParser::updateErrorMessageSpecialCase):
+ (JSC::JSParser::updateErrorMessage):
+ (JSC::JSParser::updateErrorWithNameAndMessage):
+ (JSC::jsParse):
+ (JSC::JSParser::JSParser):
+ (JSC::JSParser::parseProgram):
+ (JSC::JSParser::parseVarDeclarationList):
+ (JSC::JSParser::parseForStatement):
+ (JSC::JSParser::parseBreakStatement):
+ (JSC::JSParser::parseContinueStatement):
+ (JSC::JSParser::parseWithStatement):
+ (JSC::JSParser::parseTryStatement):
+ (JSC::JSParser::parseStatement):
+ (JSC::JSParser::parseFormalParameters):
+ (JSC::JSParser::parseFunctionInfo):
+ (JSC::JSParser::parseAssignmentExpression):
+ (JSC::JSParser::parsePrimaryExpression):
+ (JSC::JSParser::parseMemberExpression):
+ (JSC::JSParser::parseUnaryExpression):
+ * parser/JSParser.h:
+ * parser/Lexer.cpp:
+ (JSC::Lexer::lex):
+ * parser/Parser.cpp:
+ (JSC::Parser::parse):
+
+2011-06-20 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Rob Buis.
+
+ Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
+ https://bugs.webkit.org/show_bug.cgi?id=59085
+
+ * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
+
+2011-06-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Correct logic for putting errors on the correct line when handling JSONP
+ https://bugs.webkit.org/show_bug.cgi?id=62962
+
+ Minor fix for the minor fix. *sigh*
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+
+2011-06-19 Oliver Hunt <oliver@apple.com>
+
+ Minor fix to correct layout test results.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+
+2011-06-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ JSONP is unnecessarily slow
+ https://bugs.webkit.org/show_bug.cgi?id=62920
+
+ JSONP has unfortunately become a fairly common idiom online, yet
+ it triggers very poor performance in JSC as we end up doing codegen
+ for a large number of property accesses that will
+ * only be run once, so the vast amount of logic we dump to handle
+ caching of accesses is unnecessary.
+ * We are doing codegen that is directly proportional to just
+ creating the object in the first place.
+
+ This patch extends the use of the literal parser to JSONP-like structures
+ in global code, handling a number of different forms I have seen online.
+ In an extreme case this improves performance of JSONP by more than 2x
+ due to removal of code generation and execution time, and a few optimisations
+ that I made to the parser itself.
+
+ * API/JSValueRef.cpp:
+ (JSValueMakeFromJSONString):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::execute):
+ * parser/Lexer.cpp:
+ (JSC::Lexer::isKeyword):
+ * parser/Lexer.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+ (JSC::LiteralParser::makeIdentifier):
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::next):
+ (JSC::isSafeStringCharacter):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::LiteralParser):
+ (JSC::LiteralParser::tryLiteralParse):
+ (JSC::LiteralParser::Lexer::Lexer):
+
+2011-06-18 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89184.
+ http://trac.webkit.org/changeset/89184
+ https://bugs.webkit.org/show_bug.cgi?id=62927
+
+ It broke 22 tests on all bot (Requested by Ossy_weekend on
+ #webkit).
+
+ * API/JSValueRef.cpp:
+ (JSValueMakeFromJSONString):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::execute):
+ * parser/Lexer.cpp:
+ * parser/Lexer.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::isSafeStringCharacter):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::LiteralParser):
+ (JSC::LiteralParser::tryLiteralParse):
+ (JSC::LiteralParser::Lexer::Lexer):
+ (JSC::LiteralParser::Lexer::next):
+
+2011-06-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ JSONP is unnecessarily slow
+ https://bugs.webkit.org/show_bug.cgi?id=62920
+
+ JSONP has unfortunately become a fairly common idiom online, yet
+ it triggers very poor performance in JSC as we end up doing codegen
+ for a large number of property accesses that will
+ * only be run once, so the vast amount of logic we dump to handle
+ caching of accesses is unnecessary.
+ * We are doing codegen that is directly proportional to just
+ creating the object in the first place.
+
+ This patch extends the use of the literal parser to JSONP-like structures
+ in global code, handling a number of different forms I have seen online.
+ In an extreme case this improves performance of JSONP by more than 2x
+ due to removal of code generation and execution time, and a few optimisations
+ that I made to the parser itself.
+
+ * API/JSValueRef.cpp:
+ (JSValueMakeFromJSONString):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::execute):
+ * parser/Lexer.cpp:
+ (JSC::Lexer::isKeyword):
+ * parser/Lexer.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+ (JSC::LiteralParser::makeIdentifier):
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::next):
+ (JSC::isSafeStringCharacter):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::LiteralParser):
+ (JSC::LiteralParser::tryLiteralParse):
+ (JSC::LiteralParser::Lexer::Lexer):
+
+2011-06-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Moved some property access JIT code into property access JIT files
+ https://bugs.webkit.org/show_bug.cgi?id=62906
+
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitSlow_op_put_by_val):
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_get_global_var):
+ (JSC::JIT::emit_op_put_global_var):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_get_global_var):
+ (JSC::JIT::emit_op_put_global_var):
+
+2011-06-17 Anders Carlsson <andersca@apple.com>
+
+ Build fix.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-17 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Leopard build?
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Added some write barrier action, compiled out by default
+ https://bugs.webkit.org/show_bug.cgi?id=62844
+
+ * JavaScriptCore.exp: Build!
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
+ issue with Heap.cpp.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::writeBarrierSlowCase):
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrier):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isAtomAligned):
+ (JSC::MarkedBlock::blockFor):
+ (JSC::MarkedBlock::atomNumber):
+ (JSC::MarkedBlock::ownerSetNumber):
+ (JSC::MarkedBlock::addOldSpaceOwner):
+ (JSC::MarkedBlock::OwnerSet::OwnerSet):
+ (JSC::MarkedBlock::OwnerSet::add):
+ (JSC::MarkedBlock::OwnerSet::clear):
+ (JSC::MarkedBlock::OwnerSet::size):
+ (JSC::MarkedBlock::OwnerSet::didOverflow):
+ (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
+ tracks owners for regions within blocks. Currently unused.
+
+2011-06-17 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ Reviewed by Eric Seidel.
+
+ [EFL] Add some OwnPtr specializations for EFL types.
+ For now there are specializations for Ecore_Evas and Evas_Object.
+ https://bugs.webkit.org/show_bug.cgi?id=62877
+
+ * wtf/CMakeListsEfl.txt:
+ * wtf/OwnPtrCommon.h:
+ * wtf/efl/OwnPtrEfl.cpp: Added.
+ (WTF::deleteOwnedPtr):
+
+2011-06-17 Joone Hur <joone.hur@collabora.co.uk>
+
+ Reviewed by Martin Robinson.
+
+ [GTK] Replace GdkRectangle by cairo_rectangle_int_t
+ https://bugs.webkit.org/show_bug.cgi?id=60687
+
+ Replace GdkRectangle by cairo_rectangle_int_t.
+
+ * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
+
+2011-06-16 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=53014
+ ES5 strict mode keyword restrictions aren't implemented
+
+ The following are future restricted words is strict mode code:
+ implements, interface, let, package, private, protected, public, static, yield
+
+ * parser/JSParser.h:
+ - Add RESERVED_IF_STRICT token.
+ * parser/Keywords.table:
+ - Add new future restricted words.
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
+ (JSC::Lexer::lex):
+ - Pass strictMode flag to parseIdentifier.
+ * parser/Lexer.h:
+ - parseIdentifier needs a strictMode flag.
+ * runtime/CommonIdentifiers.h:
+ - Add identifiers for new reserved words.
+
+2011-06-16 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=23611
+ Multiline Javascript comments cause incorrect parsing of following script.
+
+ From the spec:
+ "A MultiLineComment [is] simply discarded if it contains no line terminator,
+ but if a MultiLineComment contains one or more line terminators, then it is
+ replaced with a single line terminator, which becomes part of the stream of
+ inputs for the syntactic grammar."
+
+ This may result in behavioural changes, due to automatic semicolon insertion.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseMultilineComment):
+ - Set m_terminator is we see a line terminator in a multiline comment.
+
+2011-06-16 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=62824
+ DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
+
+ CompareEq of non-integer values is the most common cause of speculation failure.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ - Support Equals.
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
+ - new! - peephole optimized Eq of JSValues.
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Add peephole optimization for CompareEq.
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ - Add support for dead nodes between compare & branch.
+ (JSC::DFG::SpeculativeJIT::isInteger):
+ - Added to determine which form of peephole to do in CompareEq.
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
+ symbol.
+
+ * bytecode/EvalCodeCache.h:
+ * heap/HandleHeap.h:
+ * heap/HeapRootVisitor.h:
+ * heap/NewSpace.h:
+ * runtime/ArgList.h:
+ * runtime/ScopeChain.h:
+ * runtime/SmallStrings.h:
+ * runtime/Structure.h: Stop forward-declaring things that don't really
+ exist anymore.
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
+ project while crossing my fingers and facing west.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Removed an incorrect symbol on Windows.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Removed an accidental commit from the future.
+
+ * CMakeLists.txt:
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Introduced SlotVisitor into the project
+ https://bugs.webkit.org/show_bug.cgi?id=62820
+
+ This resolves a class vs typedef forward declaration issue, and gives all
+ exported symbols the correct names.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Build!
+
+ * bytecode/EvalCodeCache.h:
+ * heap/HandleHeap.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
+ clients operate on a MarkStack.
+
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * heap/SlotVisitor.h: Added.
+ (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
+ inheritance to give SlotVisitor all the attributes of MarkStack without
+ making this change giant. Over time, we will move more behavior into
+ SlotVisitor and its subclasses.
+
+ * heap/MarkStack.h:
+ * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
+ clients operate on a MarkStack.
+
+ * runtime/ArgList.h:
+ * runtime/JSCell.h:
+ * runtime/JSObject.h:
+ * runtime/ScopeChain.h:
+ * runtime/SmallStrings.h:
+ * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
+ clients operate on a MarkStack.
+
+2011-06-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Reduce memory usage of resolve_global
+ https://bugs.webkit.org/show_bug.cgi?id=62765
+
+ If we have a large number of resolve_globals in a single
+ block start planting plain resolve instructions instead
+ whenever we aren't in a loop. This allows us to reduce
+ the code size for extremely large functions without
+ losing the performance benefits of op_resolve_global.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::globalResolveInfoCount):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ * bytecompiler/BytecodeGenerator.h:
+
+2011-06-16 Qi Zhang <qi.2.zhang@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] Fix building with CONFIG(use_system_icu)
+ https://bugs.webkit.org/show_bug.cgi?id=62744
+
+ Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
+
+ * wtf/Platform.h:
+
+2011-06-15 Darin Adler <darin@apple.com>
+
+ Reviewed by Adam Barth.
+
+ Remove obsolete LOOSE_OWN_PTR code
+ https://bugs.webkit.org/show_bug.cgi?id=59909
+
+ The internal Apple dependency on this is gone now.
+
+ * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
+ set function that takes a raw pointer.
+
+ * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
+ set functino that takes a raw pointer.
+
+ * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
+ and assignment operator that takes a nullptr unconditional.
+ Made constructor that takes a raw pointer private and explicit,
+ and removed assignment operator that takes a raw pointer.
+
+ * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
+ unconditional. Made constructor that takes a raw pointer private
+ and explicit, and removed assignment operator that takes a raw pointer.
+
+2011-06-15 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Geoffrey Garen and Gavin Barraclough.
+
+ Make access-nseive ~9x faster on the non-speculative path by
+ adding special casing for doubles that can lossless-ly be converted
+ to a uint32_t in getByVal and putByVal. This avoids calls to stringification
+ and the hash lookup. Long term, we should try and get property of a getByVal
+ and putByVal to be an integer immediate even in the non-speculative path.
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ (JSC::DFG::operationPutByValInternal):
+
+2011-06-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ REGRESSION (r88719): 5by5.tv schedule is not visible
+ https://bugs.webkit.org/show_bug.cgi?id=62720
+
+ Problem here is that the lexer wasn't considering '$' to be
+ a valid character in an identifier.
+
+ * parser/Lexer.h:
+ (JSC::Lexer::lexExpectIdentifier):
+
+2011-06-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Reduce the size of global_resolve
+ https://bugs.webkit.org/show_bug.cgi?id=62738
+
+ Reduce the code size of global_resolve in the JIT by replacing
+ multiple pointer loads with a single pointer move + two offset
+ loads.
+
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_resolve_global):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve_global):
+
+2011-06-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Fixed an inavlid ASSERT I found while investigating
+ <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
+ https://bugs.webkit.org/show_bug.cgi?id=62699
+
+ No test since we don't know of a way to get WebCore to deallocate the
+ next-to-finalize handle, which is also the last handle in the list,
+ while finalizing the second-to-last handle in the list.
+
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
+ non-0 next() after updating it, since it is valid to update m_nextToFinalize
+ to point to the tail sentinel.
+
+ Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
+ since it is not valid to update m_nextToFinalize to point past the tail
+ sentinel.
+
+ Also, use m_nextToFinalize consistently for clarity.
+
+2011-06-14 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=43841
+ SegmentedVector::operator== typo
+
+ * wtf/SegmentedVector.h:
+ (WTF::SegmentedVectorIterator::operator==):
+ (WTF::SegmentedVectorIterator::operator!=):
+
+2011-06-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Constant array literals result in unnecessarily large amounts of code
+ https://bugs.webkit.org/show_bug.cgi?id=62658
+
+ Add a new version of op_new_array that simply copies values from a buffer
+ we hang off of the CodeBlock, rather than generating code to place each
+ entry into the registerfile, and then copying it from the registerfile into
+ the array. This is a slight improvement on some sunspider tests, but no
+ measurable overall change. That's okay though as our goal was to reduce
+ code size without hurting performance.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addImmediateBuffer):
+ (JSC::CodeBlock::immediateBuffer):
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addImmediateBuffer):
+ (JSC::BytecodeGenerator::emitNewArray):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ArrayNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array):
+ (JSC::JIT::emit_op_new_array_buffer):
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+
+2011-06-14 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r88841.
+ http://trac.webkit.org/changeset/88841
+ https://bugs.webkit.org/show_bug.cgi?id=62672
+
+ Caused many tests to crash (Requested by rniwa on #webkit).
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitNewArray):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ArrayNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_new_array):
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+
+2011-06-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Constant array literals result in unnecessarily large amounts of code
+ https://bugs.webkit.org/show_bug.cgi?id=62658
+
+ Add a new version of op_new_array that simply copies values from a buffer
+ we hang off of the CodeBlock, rather than generating code to place each
+ entry into the registerfile, and then copying it from the registerfile into
+ the array. This is a slight improvement on some sunspider tests, but no
+ measurable overall change. That's okay though as our goal was to reduce
+ code size without hurting performance.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addImmediateBuffer):
+ (JSC::CodeBlock::immediateBuffer):
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addImmediateBuffer):
+ (JSC::BytecodeGenerator::emitNewArray):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ArrayNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array):
+ (JSC::JIT::emit_op_new_array_buffer):
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+
+2011-06-14 Stephanie Lewis <slewis@apple.com>
+
+ Rubber stamped by Oliver Hunt.
+
+ <rdar://problem/9511169>
+ Update order files.
+
+ * JavaScriptCore.order:
+
+2011-06-14 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Geoffrey Garen.
+
+ Fix dumping of constants to have the correct constant number.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+
+2011-06-14 Benjamin Poulain <benjamin@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ KeywordLookupGenerator's Trie does not work with Python 3
+ https://bugs.webkit.org/show_bug.cgi?id=62635
+
+ With Python 3, dict.items() return an iterator. Since the iterator
+ protocol changed between Python 2 and 3, the easiest way to get the
+ values is to have something that use the iterator implicitely, like a
+ for() loop.
+
+ * KeywordLookupGenerator.py:
+
+2011-06-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Fix llocp and lvalp names in the lexer to something more meaningful
+ https://bugs.webkit.org/show_bug.cgi?id=62605
+
+ A simple rename
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ (JSC::Lexer::parseString):
+ (JSC::Lexer::lex):
+ * parser/Lexer.h:
+ (JSC::Lexer::lexExpectIdentifier):
+
+2011-06-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make it possible to inline the common case of identifier lexing
+ https://bugs.webkit.org/show_bug.cgi?id=62600
+
+ Add a lexing function that expects to lex an "normal" alpha numeric
+ identifier (that ignores keywords) so it's possible to inline the
+ common parsing cases. This comes out as a reasonable parsing speed
+ boost.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::nextExpectIdentifier):
+ (JSC::JSParser::parseProperty):
+ (JSC::JSParser::parseMemberExpression):
+ * parser/Lexer.cpp:
+ * parser/Lexer.h:
+ (JSC::Lexer::makeIdentifier):
+ (JSC::Lexer::lexExpectIdentifier):
+
+2011-06-13 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Martin Robinson.
+
+ Distcheck fixes.
+
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+
+2011-06-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Simon Fraser.
+
+ Make it possible to inline Identifier::equal
+ https://bugs.webkit.org/show_bug.cgi?id=62584
+
+ Move Identifier::equal to the Identifier header file.
+
+ * runtime/Identifier.cpp:
+ * runtime/Identifier.h:
+ (JSC::Identifier::equal):
+
+2011-06-13 Tony Chang <tony@chromium.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
+ https://bugs.webkit.org/show_bug.cgi?id=62578
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-13 Tony Chang <tony@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
+ https://bugs.webkit.org/show_bug.cgi?id=62545
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-12 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r88604.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+
+2011-06-11 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=16777
+
+ Remove #define NaN per Darin's comments.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::parseIntOverflow):
+ (JSC::parseInt):
+ (JSC::jsStrDecimalLiteral):
+ (JSC::jsToNumber):
+ (JSC::parseFloat):
+ * wtf/DateMath.cpp:
+ (WTF::equivalentYearForDST):
+ (WTF::parseES5DateFromNullTerminatedCharacters):
+ (WTF::parseDateFromNullTerminatedCharacters):
+ (WTF::timeClip):
+ (JSC::parseDateFromNullTerminatedCharacters):
+
+2011-06-11 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=62503
+ Remove JIT_OPTIMIZE_* switches
+
+ The alternative code paths are untested, and not well maintained.
+ These were useful when there was more churn in the JIT, but now
+ are a maintenance overhead. Time to move on, removing.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkConstruct):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ * jit/JITCall32_64.cpp:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::softModulo):
+ * jit/JITPropertyAccess.cpp:
+ * jit/JITPropertyAccess32_64.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ * wtf/Platform.h:
+
+2011-06-10 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=16777
+ Eliminate JSC::NaN and JSC::Inf
+
+ There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
+ The ones in std::numeric_limits are perfectly good.
+ Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::toNumber):
+ * API/JSValueRef.cpp:
+ (JSValueMakeNumber):
+ (JSValueToNumber):
+ * JavaScriptCore.exp:
+ * runtime/CachedTranscendentalFunction.h:
+ (JSC::CachedTranscendentalFunction::initialize):
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ * runtime/DateInstanceCache.h:
+ (JSC::DateInstanceData::DateInstanceData):
+ (JSC::DateInstanceCache::reset):
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::getPrimitiveNumber):
+ (JSC::JSCell::JSValue::toNumber):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::resetDateCache):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncParseInt):
+ (JSC::globalFuncIsFinite):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::toNumber):
+ * runtime/JSValue.cpp:
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::jsNaN):
+ * runtime/MathObject.cpp:
+ (JSC::mathProtoFuncMax):
+ (JSC::mathProtoFuncMin):
+ * runtime/NumberConstructor.cpp:
+ (JSC::numberConstructorNegInfinity):
+ (JSC::numberConstructorPosInfinity):
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToExponential):
+ (JSC::numberProtoFuncToFixed):
+ (JSC::numberProtoFuncToPrecision):
+ (JSC::numberProtoFuncToString):
+ * runtime/UString.cpp:
+ * wtf/DecimalNumber.h:
+ (WTF::DecimalNumber::DecimalNumber):
+ * wtf/dtoa.cpp:
+ (WTF::dtoa):
+
+2011-06-10 Tony Chang <tony@chromium.org>
+
+ Reviewed by Ojan Vafai.
+
+ add a compile guard ENABLE(FLEXBOX)
+ https://bugs.webkit.org/show_bug.cgi?id=62049
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-10 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=55347
+ "name" and "message" enumerable on *Error.prototype
+
+ This arises from chapter 15 of the spec:
+ "Every other property described in this clause has the attributes
+ { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
+ unless otherwise specified."
+ Standardized properties are not enumerable.
+
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+
+2011-06-09 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Corrected header spelling.
+
+ * heap/OldSpace.h:
+
+2011-06-09 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Added OldSpace to the project
+ https://bugs.webkit.org/show_bug.cgi?id=62417
+
+ Currently unused.
+
+ Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
+ per-block flag for testing whether you're in NewSpace vs OldSpace.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Build!
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::inNewSpace):
+ (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
+ write barrier.
+
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::addBlock):
+ (JSC::NewSpace::removeBlock):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
+ NewSpace-specific operations.
+
+ * heap/OldSpace.cpp: Added.
+ (JSC::OldSpace::OldSpace):
+ (JSC::OldSpace::addBlock):
+ (JSC::OldSpace::removeBlock):
+ * heap/OldSpace.h: Added.
+ (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
+ Not in use yet.
+
+2011-06-09 Hyowon Kim <hw1008.kim@samsung.com>
+
+ Reviewed by Antonio Gomes.
+
+ [EFL] Make accelerated compositing build in Webkit-EFL
+ https://bugs.webkit.org/show_bug.cgi?id=62361
+
+ Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
+
+ * wtf/Platform.h:
+
+2011-06-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 62405 - Fix integer overflow in Array.prototype.push
+
+ Fix geoff's review comments re static_cast.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPush):
+
+2011-06-09 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Factored MarkedBlock set management into a helper class with a fast case Bloom filter
+ https://bugs.webkit.org/show_bug.cgi?id=62413
+
+ SunSpider reports a small speedup.
+
+ This is in preparation for having ConservativeSet operate on arbitrary
+ sets of MarkedBlocks, and in preparation for conservative scanning
+ becoming proportionally more important than other GC activities.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
+
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::add):
+ * heap/ConservativeRoots.h:
+ (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
+ directly, instead of a Heap, so we can operate on subsets of the Heap
+ instead.
+
+ Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
+ is particularly important since we expect not to find our subject pointer
+ in the MarkedBlock hash, and hash misses are more expensive than typical
+ hash lookups because they have high collision rates.
+
+ No need for single-pointer add() to be public anymore, since nobody uses it.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ (JSC::Heap::forEachCell):
+ (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
+ ConservativeRoots relies on.
+
+ Nixed contains(), since nobody uses it anymore.
+
+ * heap/MarkedBlock.h:
+ (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
+ the VM layout properties of MarkedBlocks.
+
+ * heap/MarkedBlockSet.h: Added.
+ (JSC::MarkedBlockSet::add):
+ (JSC::MarkedBlockSet::remove):
+ (JSC::MarkedBlockSet::recomputeFilter):
+ (JSC::MarkedBlockSet::filter):
+ (JSC::MarkedBlockSet::set):
+ * heap/TinyBloomFilter.h: Added.
+ (JSC::TinyBloomFilter::TinyBloomFilter):
+ (JSC::TinyBloomFilter::add):
+ (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
+
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
+ exclude values by tag -- the tiny bloom filter is already a register-register
+ compare, so adding another "rule out" factor just slows things down.
+
+2011-06-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 62405 - Fix integer overflow in Array.prototype.push
+
+ There are three integer overflows here, leading to safe (not a security risk)
+ but incorrect (non-spec-compliant) behaviour.
+
+ Two overflows occur when calculating the new length after pushing (one in the
+ fast version of push in JSArray, one in the generic version in ArrayPrototype).
+ The other occurs calculating indices to write to when multiple items are pushed.
+
+ These errors result in three test-262 failures.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPush):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::put):
+ (JSC::JSArray::push):
+
+2011-06-09 Dan Bernstein <mitz@apple.com>
+
+ Reviewed by Anders Carlsson.
+
+ Add Vector::reverse()
+ https://bugs.webkit.org/show_bug.cgi?id=62393
+
+ * wtf/Vector.h:
+ (WTF::Vector::reverse): Added
+
+2011-06-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Factored a bunch of Heap functionality into stand-alone functors
+ https://bugs.webkit.org/show_bug.cgi?id=62337
+
+ This is in preparation for making these functors operate on arbitrary
+ sets of MarkedBlocks.
+
+ * JavaScriptCore.exp: This file is a small tragedy.
+
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
+
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
+ strong handles, so we can play along in the functor game.
+
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::CountFunctor::CountFunctor):
+ (JSC::CountFunctor::CountFunctor::count):
+ (JSC::CountFunctor::CountFunctor::returnValue):
+ (JSC::CountFunctor::ClearMarks::operator()):
+ (JSC::CountFunctor::ResetAllocator::operator()):
+ (JSC::CountFunctor::Sweep::operator()):
+ (JSC::CountFunctor::MarkCount::operator()):
+ (JSC::CountFunctor::Size::operator()):
+ (JSC::CountFunctor::Capacity::operator()):
+ (JSC::CountFunctor::Count::operator()):
+ (JSC::CountFunctor::CountIfGlobalObject::operator()):
+ (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
+ (JSC::CountFunctor::TakeIfEmpty::operator()):
+ (JSC::CountFunctor::TakeIfEmpty::returnValue):
+ (JSC::CountFunctor::RecordType::RecordType):
+ (JSC::CountFunctor::RecordType::typeName):
+ (JSC::CountFunctor::RecordType::operator()):
+ (JSC::CountFunctor::RecordType::returnValue): These functors factor out
+ behavior that used to be in the functions below.
+
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::protectedGlobalObjectCount):
+ (JSC::Heap::protectedObjectCount):
+ (JSC::Heap::protectedObjectTypeCounts):
+ (JSC::Heap::objectTypeCounts):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink): Factored out behavior into the functors above.
+
+ * heap/Heap.h:
+ (JSC::Heap::forEachProtectedCell):
+ (JSC::Heap::forEachCell):
+ (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
+ functor-based templates instead of plain iterators because they're simpler
+ to implement in this case and they require a lot less code at the call site.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
+ trivial functors.
+
+ (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
+ we have a few different kind of "for each" now.
+
+ * runtime/JSGlobalData.cpp:
+ (WTF::Recompile::operator()):
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
+
+ * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
+
+2011-06-08 Mikołaj Małecki <m.malecki@samsung.com>
+
+ Reviewed by Pavel Feldman.
+
+ Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
+ https://bugs.webkit.org/show_bug.cgi?id=52791
+
+ No new tests. The problem can be reproduced by trying to create InspectorValue
+ from 1.0e-100 and call ->toJSONString() on this.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ export 2 functions DecimalNumber::bufferLengthForStringExponential and
+ DecimalNumber::toStringExponential.
+
+2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r88404.
+ http://trac.webkit.org/changeset/88404
+ https://bugs.webkit.org/show_bug.cgi?id=62342
+
+ broke win and mac build (Requested by tony^work on #webkit).
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-06-08 Evan Martin <evan@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ [chromium] use gyp 'settings' type for settings target
+ https://bugs.webkit.org/show_bug.cgi?id=62323
+
+ The 'settings' gyp target type is for targets that exist solely
+ for their settings (no build rules). The comment above this target
+ says it's for this, but it incorrectly uses 'none'.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-06-08 Sailesh Agrawal <sail@chromium.org>
+
+ Reviewed by Mihai Parparita.
+
+ Chromium Mac: Enable overlay scrollbars
+ https://bugs.webkit.org/show_bug.cgi?id=59756
+
+ Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
+
+ * wtf/Platform.h:
+
+2011-06-08 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Add faster lookup cache for multi character identifiers
+ https://bugs.webkit.org/show_bug.cgi?id=62327
+
+ Add a non-hash lookup for mutiple character identifiers. This saves us from
+ adding repeated identifiers to the ParserArena's identifier list as people
+ tend to not start all their variables and properties with the same character
+ and happily identifier locality works in our favour.
+
+ * parser/ParserArena.h:
+ (JSC::IdentifierArena::isEmpty):
+ (JSC::IdentifierArena::clear):
+ (JSC::IdentifierArena::makeIdentifier):
+
+2011-06-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Took some responsibilities away from NewSpace
+ https://bugs.webkit.org/show_bug.cgi?id=62325
+
+ NewSpace is basically just an allocator now.
+
+ Heap acts as a controller, responsible for managing the set of all
+ MarkedBlocks.
+
+ This is in preparation for moving parts of the controller logic into
+ separate helper classes that can act on arbitrary sets of MarkedBlocks
+ that may or may not be in NewSpace.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::destroy):
+ (JSC::Heap::allocate):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::collect):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::allocateBlock):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
+ along with all functions that operate on the set of MarkedBlocks. Also
+ moved responsibility for deciding whether to allocate a new MarkedBlock,
+ and for allocating it.
+
+ * heap/Heap.h:
+ (JSC::Heap::contains):
+ (JSC::Heap::forEach): Ditto.
+
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::addBlock):
+ (JSC::NewSpace::removeBlock):
+ (JSC::NewSpace::resetAllocator):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::waterMark):
+ (JSC::NewSpace::allocate): Ditto.
+
+2011-06-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Some more MarkedSpace => NewSpace renaming
+ https://bugs.webkit.org/show_bug.cgi?id=62305
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.order:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::destroy):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::allocate):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::collect):
+ (JSC::Heap::isValidAllocation):
+ * heap/Heap.h:
+ (JSC::Heap::markedSpace):
+ (JSC::Heap::contains):
+ (JSC::Heap::forEach):
+ (JSC::Heap::allocate):
+ * runtime/JSCell.h:
+
+2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export macros to profiler headers.
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * profiler/Profiler.h:
+
+2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export symbols to parser headers.
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * parser/SourceProviderCache.h:
+
+2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export symbols to interpreter headers.
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * interpreter/Interpreter.h:
+
+2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export symbols to debugger headers.
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * debugger/Debugger.h:
+ * debugger/DebuggerCallFrame.h:
+
+2011-06-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
+ https://bugs.webkit.org/show_bug.cgi?id=62268
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.h:
+ * heap/MarkedBlock.h:
+ * heap/MarkedSpace.cpp: Removed.
+ * heap/MarkedSpace.h: Removed.
+ * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
+ * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
+
+2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r88365.
+ http://trac.webkit.org/changeset/88365
+ https://bugs.webkit.org/show_bug.cgi?id=62301
+
+ windows bots broken (Requested by loislo_ on #webkit).
+
+ * JavaScriptCore.exp:
+
+2011-06-08 Ryan Sleevi <rsleevi@chromium.org>
+
+ Reviewed by Tony Chang.
+
+ Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
+
+ Compiling Chromium port under GCC 4.6 produces warnings about nullptr
+ https://bugs.webkit.org/show_bug.cgi?id=62242
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-06-08 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ Webkit on SPARC Solaris has wrong endian
+ https://bugs.webkit.org/show_bug.cgi?id=29407
+
+ Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
+ there are more ocurrences of the same code pattern in webkit.
+
+ This patch includes the check on these other parts of the code.
+
+ This is a speculative fix, I don't have a sparc machine to test and
+ don't know which kind of test would trigger a crash (but it's quite
+ obvious that it's the same code duplicated in different files).
+
+ * runtime/UString.h:
+ (JSC::UStringHash::equal):
+ * wtf/text/StringHash.h:
+ (WTF::StringHash::equal):
+
+2011-06-08 Yael Aharon <yael.aharon@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Build fix for building QtWebKit inside of Qt.
+ https://bugs.webkit.org/show_bug.cgi?id=62280
+
+ Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
+ into QtWebKit.prl.
+
+ No new tests, as this is just a build fix.
+
+ * JavaScriptCore.pri:
+
+2011-06-07 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Split 'reset' into 'collect' and 'resetAllocator'
+ https://bugs.webkit.org/show_bug.cgi?id=62267
+
+ * heap/Heap.cpp:
+ (JSC::Heap::allocate):
+ (JSC::Heap::collectAllGarbage):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::resetAllocator):
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::resetAllocator):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+
+2011-06-07 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Renamed some more marks to visits
+ https://bugs.webkit.org/show_bug.cgi?id=62254
+
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::visitStrongHandles):
+ (JSC::HandleHeap::visitWeakHandles):
+ * heap/HandleHeap.h:
+ * heap/HandleStack.cpp:
+ (JSC::HandleStack::visit):
+ * heap/HandleStack.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::markProtectedObjects):
+ (JSC::Heap::markTempSortVectors):
+ (JSC::Heap::markRoots):
+ * heap/HeapRootVisitor.h:
+ (JSC::HeapRootVisitor::visit):
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::markLists):
+
+2011-06-07 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig
+
+ https://bugs.webkit.org/show_bug.cgi?id=55537
+ Functions claim to have 'callee' which they actually don't (and shouldn't)
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertyNames):
+
+2011-06-07 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Make JSStaticFunction and JSStaticValue less "const"
+ https://bugs.webkit.org/show_bug.cgi?id=62222
+
+ * API/JSObjectRef.h:
+ * API/tests/testapi.c:
+ (checkConstnessInJSObjectNames):
+ (main):
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-07 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=62240
+ DFG JIT - add support for for-loop array initialization.
+
+ Support put by val beyond vector length.
+ Add a operationPutByValBeyondArrayBounds operation, make
+ PutValVal call this if the vector length check fails.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
+ (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
+ (JSC::DFG::JITCodeGenerator::isIntegerConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationPutByValInternal):
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-06-06 James Simonsen <simonjam@chromium.org>
+
+ Reviewed by James Robinson.
+
+ Add monotonicallyIncreasingTime() to get monotonically increasing time
+ https://bugs.webkit.org/show_bug.cgi?id=37743
+
+ * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
+ (WTF::monotonicallyIncreasingTime):
+ * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
+
+2011-06-06 Alexandru Chiculita <achicu@adobe.com>
+
+ Reviewed by Kent Tamura.
+
+ Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
+ https://bugs.webkit.org/show_bug.cgi?id=61628
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-06 Mihnea Ovidenie <mihnea@adobe.com>
+
+ Reviewed by Kent Tamura.
+
+ Add ENABLE(CSS_REGIONS) guard for CSS Regions support
+ https://bugs.webkit.org/show_bug.cgi?id=61631
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-06 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix the GTK+ build.
+
+ * GNUmakefile.am: Add javascriptcore_cflags variable.
+
+2011-06-04 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
+ to build on Mac.
+
+ * wtf/Platform.h:
+
+2011-06-04 Gustavo Noronha Silva <gns@gnome.org>
+
+ Unreviewed, MIPS build fix.
+
+ WebKitGTK+ tarball fails to build on MIPS.
+ https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
+
+ * GNUmakefile.list.am: Add missing MIPS-related file to the list
+ of files that are added to the tarball on make dist, and fix
+ sorting.
+
+2011-06-04 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Fix formatting of the output generated by KeywordLookupGenerator.py
+ https://bugs.webkit.org/show_bug.cgi?id=62083
+
+ - Uses correct year for copyright.
+ - Puts ending brace on same line as "else if"
+ - Puts starting brace of function on its own line.
+ - Adds some tasteful whitespace.
+ - Adds comments to make clear that scopes are ending
+ - Make macros actually split on two lines.
+
+ * KeywordLookupGenerator.py:
+
+2011-06-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ KeywordLookupGenerator.py spams stdout in Chromium Linux build
+ https://bugs.webkit.org/show_bug.cgi?id=62087
+
+ This action does not appear to be needed.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Lexer needs to provide Identifier for reserved words
+ https://bugs.webkit.org/show_bug.cgi?id=62086
+
+ Alas it is necessary to provide an Identifier reference for keywords
+ so that we can do the right thing when they're used in object literals.
+ We now keep Identifiers for all reserved words in the CommonIdentifiers
+ structure so that we can access them without a hash lookup.
+
+ * KeywordLookupGenerator.py:
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ * parser/Lexer.h:
+ * runtime/CommonIdentifiers.cpp:
+ (JSC::CommonIdentifiers::CommonIdentifiers):
+ * runtime/CommonIdentifiers.h:
+
+2011-06-03 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Add debug code to break on speculation failures.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGNode.h:
+
+2011-06-03 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=62082
+ DFG JIT - bug passing arguments that need swap
+
+ This is really just a typo.
+ When setting up the arguments for a call out to a C operation, we'll
+ fail to swap arguments where this is necessary. For example, in the
+ case of 2 arg calls, where the first argument is in %rdx & the second
+ is in %rsi we should swap (exec will be passed in %rdi), but we don't.
+
+ This can also affect function calls passing three arguments.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
+ - Call swap with the correct arguments.
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Force inlining of some hot lexer functions
+ https://bugs.webkit.org/show_bug.cgi?id=62079
+
+ Fix more GCC stupidity
+
+ * parser/Lexer.h:
+ (JSC::Lexer::isWhiteSpace):
+ (JSC::Lexer::isLineTerminator):
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ GCC not inlining some functions that it really should be
+ https://bugs.webkit.org/show_bug.cgi?id=62075
+
+ Add ALWAYS_INLINE to a number of parsing and lexing functions
+ that should always be inlined. This gets us ~1.4% on my ad hoc
+ parser test.
+
+ * KeywordLookupGenerator.py:
+ * parser/JSParser.cpp:
+ (JSC::JSParser::next):
+ (JSC::JSParser::nextTokenIsColon):
+ (JSC::JSParser::consume):
+ (JSC::JSParser::match):
+ (JSC::JSParser::tokenStart):
+ (JSC::JSParser::tokenLine):
+ (JSC::JSParser::tokenEnd):
+ * parser/Lexer.cpp:
+ (JSC::isIdentPart):
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Whoops, fix last minute bug.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+
+2011-06-03 Martin Robinson <mrobinson@igalia.com>
+
+ Try to fix the GTK+ build.
+
+ * GNUmakefile.am: Clean up some spaces that should be tabs.
+ * GNUmakefile.list.am: Add KeywordLookup.h to the source list
+ and clean up some spaces that should be tabs.
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Improve keyword lookup
+ https://bugs.webkit.org/show_bug.cgi?id=61913
+
+ Rather than doing multiple hash lookups as we currently
+ do when trying to identify keywords we now use an
+ automatically generated decision tree (essentially it's
+ a hard coded patricia trie). We still use the regular
+ lookup table for the last few characters of an input as
+ this allows us to completely skip all bounds checks.
+
+ * CMakeLists.txt:
+ * DerivedSources.make:
+ * DerivedSources.pro:
+ * GNUmakefile.am:
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * KeywordLookupGenerator.py: Added.
+ * make-generated-sources.sh:
+ * parser/Lexer.cpp:
+ (JSC::Lexer::internalShift):
+ (JSC::Lexer::shift):
+ (JSC::Lexer::parseIdentifier):
+ * parser/Lexer.h:
+
+2011-06-03 Siddharth Mathur <siddharth.mathur@nokia.com>
+
+ Reviewed by Benjamin Poulain.
+
+ [Qt] Build flag for experimental ICU library support
+ https://bugs.webkit.org/show_bug.cgi?id=60786
+
+ Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental
+ ICU powered Unicode support.
+
+ * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
+ * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE).
+
+2011-06-03 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Benjamin Poulain.
+
+ [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
+ https://bugs.webkit.org/show_bug.cgi?id=61957
+
+ When building inside the Qt source tree, qmake always append the mkspecs
+ defines after ours. We have to workaround and make sure that we append
+ our flags after the qmake variable used inside Qt. This workaround was provided
+ by our qmake folks. We need to append in both case because qmake behave differently
+ when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
+
+ * JavaScriptCore.pro:
+
+2011-06-02 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Added a method to generate RFC 2822 compliant date strings.
+ https://bugs.webkit.org/show_bug.cgi?id=7169
+
+ * wtf/DateMath.cpp:
+ (WTF::twoDigitStringFromNumber):
+ (WTF::makeRFC2822DateString):
+ * wtf/DateMath.h:
+
+2011-06-02 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
+ https://bugs.webkit.org/show_bug.cgi?id=61957
+
+ When building inside the Qt source tree, qmake always append the mkspecs
+ defines after ours. We have to workaround and make sure that we append
+ our flags after the qmake variable used inside Qt. This workaround was provided
+ by our qmake folks.
+
+ * JavaScriptCore.pro:
+
+2011-06-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Add single character lookup cache to IdentifierArena
+ https://bugs.webkit.org/show_bug.cgi?id=61879
+
+ Add a simple lookup cache for single ascii character
+ identifiers. Produces around a 2% improvement in parse
+ time for my adhoc parser test.
+
+ * parser/ParserArena.h:
+ (JSC::IdentifierArena::IdentifierArena):
+ (JSC::IdentifierArena::clear):
+ (JSC::IdentifierArena::makeIdentifier):
+
+2011-05-31 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Freezing a function and its prototype causes browser to crash.
+ https://bugs.webkit.org/show_bug.cgi?id=61758
+
+ Make JSObject::preventExtensions virtual so that we can override it
+ and instantiate all lazy
+
+ * JavaScriptCore.exp:
+ * runtime/JSFunction.cpp:
+ (JSC::createPrototypeProperty):
+ (JSC::JSFunction::preventExtensions):
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSFunction.h:
+ * runtime/JSObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::seal):
+ (JSC::JSObject::seal):
+
+2011-06-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r87788.
+ http://trac.webkit.org/changeset/87788
+ https://bugs.webkit.org/show_bug.cgi?id=61856
+
+ breaks windows chromium canary (Requested by jknotten on
+ #webkit).
+
+ * wtf/DateMath.cpp:
+ (WTF::timeClip):
+ * wtf/DateMath.h:
+
+2011-06-01 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Added a method to generate RFC 2822 compliant date strings.
+ https://bugs.webkit.org/show_bug.cgi?id=7169
+
+ * wtf/DateMath.cpp:
+ (WTF::twoDigitStringFromNumber):
+ (WTF::makeRFC2822DateString):
+ * wtf/DateMath.h:
+
+2011-05-31 Yong Li <yoli@rim.com>
+
+ Reviewed by Eric Seidel.
+
+ https://bugs.webkit.org/show_bug.cgi?id=54807
+ We have been assuming plain bitfields (like "int a : 31") are always signed integers.
+ However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
+ bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
+ http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
+ Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
+ always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
+ rule we should have in order to make our code independent from compilers and compiler flags.
+
+ No new test added because this change is not known to fix any issue.
+
+ * bytecode/StructureStubInfo.h:
+
+2011-05-30 Hojong Han <hojong.han@samsung.com>
+
+ Reviewed by Geoffrey Garen.
+
+ [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
+ https://bugs.webkit.org/show_bug.cgi?id=61416
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::branch32):
+ * tests/mozilla/ecma/Expressions/11.12-1.js:
+ (getTestCases):
+
+2011-05-29 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Some heap refactoring
+ https://bugs.webkit.org/show_bug.cgi?id=61704
+
+ SunSpider says no change.
+
+ * JavaScriptCore.exp: Export!
+
+ * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
+
+ (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
+
+ (JSC::Heap::allocate): Changed inline allocation code to only select the
+ size class, since this can be optimized out at compile time -- everything
+ else is now inlined into this out-of-line function.
+
+ No need to duplicate ASSERTs made in our caller.
+
+ * heap/Heap.h:
+ (JSC::Heap::heap):
+ (JSC::Heap::isMarked):
+ (JSC::Heap::testAndSetMarked):
+ (JSC::Heap::testAndClearMarked):
+ (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
+ a layer of indirection through MarkedSpace.
+
+ (JSC::Heap::allocate): See above.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::create):
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::allocate): Updated to match changes above.
+
+2011-05-28 David Kilzer <ddkilzer@apple.com>
+
+ BUILD FIX when building only the interpreter
+
+ Fixes the following compiler warning:
+
+ JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3]
+ void releaseExecutableMemory(JSGlobalData& globalData)
+ ^
+
+ * jit/ExecutableAllocator.h: Moved declaration of
+ JSC::releaseExecutableMemory().
+
+2011-05-28 David Kilzer <ddkilzer@apple.com>
+
+ BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION)
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::linkCode): Added missing argument.
+
+2011-05-27 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ JS API is too aggressive about throwing exceptions for NULL get or set operations
+ https://bugs.webkit.org/show_bug.cgi?id=61678
+
+ * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
+ function that returns a JSValue, so it can fail and still forward to
+ normal property lookup.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
+ access a static property -- just forward the access. This allows objects
+ to observe get/set operations but still let the JS object manage lifetime.
+
+ (JSC::::put): Ditto.
+
+ (JSC::::getStaticValue): Same as JSCallbackObject.h.
+
+ * API/tests/testapi.c:
+ (MyObject_set_nullGetForwardSet):
+ * API/tests/testapi.js: Updated tests to reflect slightly less strict
+ behavior, which matches headerdoc claims.
+
+2011-05-27 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Property caching is too aggressive for API objects
+ https://bugs.webkit.org/show_bug.cgi?id=61677
+
+ * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
+ callback APIs allow the client to change its mind about our propertis at
+ any time.
+
+ * API/tests/testapi.c:
+ (PropertyCatchalls_getProperty):
+ (PropertyCatchalls_setProperty):
+ (PropertyCatchalls_getPropertyNames):
+ (PropertyCatchalls_class):
+ (main):
+ * API/tests/testapi.js: Some tests for dynamic API objects.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::tryCachePutByID):
+ (JSC::Interpreter::tryCacheGetByID):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
+ requires it.
+
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ (JSC::TypeInfo::isFinal):
+ (JSC::TypeInfo::prohibitsPropertyCaching):
+ (JSC::TypeInfo::flags): Added a flag to track opting out of property
+ caching. Fixed an "&&" vs "&" typo that was previously harmless, but
+ is now harmful since m_flags2 can have more than one bit set.
+
+2011-05-27 Stephanie Lewis <slewis@apple.com>
+
+ Unreviewed.
+
+ Fix a typo in the order_file flag.
+
+ * Configurations/Base.xcconfig:
+
+2011-05-27 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.
+
+ * runtime/JSGlobalData.cpp:
+ (JSGlobalData::JSGlobalData):
+
+2011-05-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Add a few validity assertions to JSCallbackObject
+ https://bugs.webkit.org/show_bug.cgi?id=61659
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::visitChildren):
+
+2011-05-27 Oliver Hunt <oliver@apple.com>
+
+ Build fix
+
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::invalidateCode):
+
+2011-05-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Try to release unused executable memory when the FixedVMPool allocator is under pressure
+ https://bugs.webkit.org/show_bug.cgi?id=61651
+
+ Rather than crashing when full the FixedVMPool allocator now returns a null
+ allocation. We replace the code that used to CRASH() on null allocations
+ with logic that asks the provided globalData to release any executable memory
+ that it can. Currently this just means throwing away all regexp code, but
+ in future we'll try to be more aggressive.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::executableCopy):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::executableCopy):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::executableCopy):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::executableCopy):
+ (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutablePool::create):
+ (JSC::ExecutablePool::alloc):
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutableAllocator::poolForSize):
+ (JSC::ExecutablePool::ExecutablePool):
+ (JSC::ExecutablePool::poolAllocate):
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolAllocator::alloc):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ * jit/ThunkGenerators.cpp:
+ (JSC::charCodeAtThunkGenerator):
+ (JSC::charAtThunkGenerator):
+ (JSC::fromCharCodeThunkGenerator):
+ (JSC::sqrtThunkGenerator):
+ (JSC::powThunkGenerator):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+ (JSC::releaseExecutableMemory):
+ * runtime/JSGlobalData.h:
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::invalidateCode):
+ * runtime/RegExpCache.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Optimized ConservativeSet to avoid double-visiting objects
+ https://bugs.webkit.org/show_bug.cgi?id=61592
+
+ SunSpider thinks this might be a 1% speedup
+
+ * heap/ConservativeRoots.h:
+ (JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting
+ an object.
+
+ * heap/Heap.h:
+ (JSC::Heap::isMarked):
+ (JSC::Heap::testAndSetMarked):
+ (JSC::Heap::testAndClearMarked):
+ (JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type
+ to void*, since clients want to ask questions about arbitrary pointers
+ into the heap, even when they aren't known to be JSCells.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::testAndClearMarked):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::isMarked):
+ (JSC::MarkedSpace::testAndSetMarked):
+ (JSC::MarkedSpace::testAndClearMarked):
+ (JSC::MarkedSpace::setMarked):
+ (JSC::MarkedSpace::contains): Ditto.
+
+ * wtf/Bitmap.h:
+ (WTF::::testAndClear): New function for ConservativeRoots's inverted
+ marking pass.
+
+2011-05-27 Stephanie Lewis <slewis@apple.com>
+
+ Rubber Stamped by Adam Roben.
+
+ Update Order Files. Use -order_file flag since it can order more of the binary.
+
+ * Configurations/Base.xcconfig:
+ * JavaScriptCore.order:
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Renamed heapRootMarker to heapRootVisitor to match its class name
+ https://bugs.webkit.org/show_bug.cgi?id=61584
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markProtectedObjects):
+ (JSC::Heap::markTempSortVectors):
+ (JSC::Heap::markRoots):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed some interdependency between Heap and SmallStrings by simplifying
+ the SmallStrings lifetime model
+ https://bugs.webkit.org/show_bug.cgi?id=61579
+
+ SunSpider reports no change.
+
+ Using Weak<T> could accomplish this too, but we're not sure it will give
+ us the performance we need. This is a first step, and it accomplishes
+ most of the value of using Weak<T>.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::reset): Finalize small strings just like other weak handles.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::finalize):
+ (JSC::SmallStrings::finalizeSmallStrings):
+ * runtime/SmallStrings.h: Make all small strings trivially weak, instead
+ of having an "all for one, one for all" memory model.
+
+2011-05-26 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make RegExpCache a weak map
+ https://bugs.webkit.org/show_bug.cgi?id=61554
+
+ Switch to a weak map for the regexp cache, and hide that
+ behaviour behind RegExp::create.
+
+ When a RegExp is compiled it attempts to add itself to
+ the "strong" cache. This cache is a simple round-robin
+ buffer as was the old strong cache. Happily this can
+ be smaller than the old strong cache as RegExps are only
+ added when they're compiled so it is under less pressure
+ to evict.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::RegExpNode::emitBytecode):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::create):
+ (JSC::RegExp::match):
+ * runtime/RegExp.h:
+ (JSC::RegExp::gcShouldInvalidateCode):
+ (JSC::RegExp::hasCode):
+ (JSC::RegExp::key):
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ (JSC::RegExpCache::RegExpCache):
+ (JSC::RegExpCache::isReachableFromOpaqueRoots):
+ (JSC::RegExpCache::finalize):
+ * runtime/RegExpCache.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncCompile):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Moved Heap-related functions out of JSCell.h and into respective header files
+ https://bugs.webkit.org/show_bug.cgi?id=61567
+
+ * heap/Heap.h:
+ (JSC::Heap::allocate):
+ (JSC::Heap::heap):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::allocate):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::sizeClassFor):
+ (JSC::MarkedSpace::allocate):
+ * runtime/JSCell.h:
+ (JSC::JSCell::destructor):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-05-26 Ryosuke Niwa <rniwa@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ [debug feature] WTFString should have show() method
+ https://bugs.webkit.org/show_bug.cgi?id=61149
+
+ Added String::show and AtomicString::show in NDEBUG.
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::AtomicString::show):
+ * wtf/text/AtomicString.h:
+ * wtf/text/WTFString.cpp:
+ (String::show):
+ * wtf/text/WTFString.h:
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Factored out some Heap ASSERTs
+ https://bugs.webkit.org/show_bug.cgi?id=61565
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ (JSC::isValidSharedInstanceThreadState):
+ (JSC::isValidThreadState):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::isValidAllocation):
+ * heap/Heap.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::Heap::allocate):
+
+2011-05-26 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61508
+ DFG JIT - Add support for get by id self caching.
+
+ Change the call out to be an unexpected call (using silent spill/fill functions),
+ add a structure check & compact load to the JIT code, and add repatching mechanisms.
+ Since DFGOperations may want to be be implemented in asm, make these symbols be extern
+ "C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation,
+ so that it can look up its StructureStubInfo.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Added new files.
+ * bytecode/StructureStubInfo.h:
+ - Added 'unset' entries to union.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
+ - Return the call, we need this to populate the StructureStubInfo.
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ - Populate the CodebBlock's StructureStubInfo Vector.
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
+ - Return the call, we need this to populate the StructureStubInfo.
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ - Add structures to record property access info during compilation.
+ * dfg/DFGOperations.cpp:
+ - Made all external methods extern "C".
+ (JSC::DFG::operationPutByValInternal):
+ - Moved outside of the extern "C" block.
+ * dfg/DFGOperations.h:
+ - Made all external methods extern "C".
+ * dfg/DFGRepatch.cpp: Added.
+ (JSC::DFG::dfgRepatchCall):
+ - repatch a call to link to a new callee function.
+ (JSC::DFG::dfgRepatchGetByIdSelf):
+ - Modify the JIT code to optimize self accesses.
+ (JSC::DFG::tryCacheGetByID):
+ - Internal implementation of dfgRepatchGetByID (factor out failing cases).
+ (JSC::DFG::dfgRepatchGetByID):
+ - Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses!
+ * dfg/DFGRepatch.h: Added.
+ - Expose dfgRepatchGetByID.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Changed implementation of GetById ops.
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h:
+ * wtf/DoublyLinkedList.h:
+ (WTF::::DoublyLinkedListNode):
+ (WTF::::setPrev):
+ (WTF::::setNext):
+ (WTF::::prev):
+ (WTF::::next):
+ (WTF::::DoublyLinkedList):
+ (WTF::::isEmpty):
+ (WTF::::size):
+ (WTF::::clear):
+ (WTF::::head):
+ (WTF::::append):
+ (WTF::::remove):
+ (WTF::::removeHead):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out http://trac.webkit.org/changeset/87408 because it broke the
+ Windows build.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::setPrev):
+ (JSC::MarkedBlock::setNext):
+ (JSC::MarkedBlock::prev):
+ (JSC::MarkedBlock::next):
+ * wtf/DoublyLinkedList.h:
+ (WTF::::DoublyLinkedList):
+ (WTF::::isEmpty):
+ (WTF::::head):
+ (WTF::::append):
+ (WTF::::remove):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Provide a real owner when copying a property table, for the sake of
+ write barriers.
+ https://bugs.webkit.org/show_bug.cgi?id=61547
+
+ No test because we can't enable the writeBarrier() ASSERT just yet.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransition):
+
+2011-05-26 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r87346
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match
+ reality.
+
+2011-05-26 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ ASSERT(isMainThread()) when using single threaded jsc executable
+ https://bugs.webkit.org/show_bug.cgi?id=60846
+
+ Remove the ASSERT since we do not have the concept of MainThread in JSC.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
+
+2011-05-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61506
+
+ Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator
+ so that they are available to the SpeculativeJIT.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
+ * dfg/DFGNonSpeculativeJIT.h:
+
+2011-05-25 Ryosuke Niwa <rniwa@webkit.org>
+
+ An attempt to revive Windows bots.
+
+ * runtime/RegExp.cpp:
+ * runtime/RegExp.h:
+
+2011-05-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT
+
+ This data structure, used at runtime by the JIT, is currently unnecessarily populated
+ with default entries during byte compilation.
+
+ Aside from meaning that there is JIT specific code in the bytecompiler, this also ties
+ us to one entry per corresponding bytecode op, which may be undesirable. Instead,
+ populate this array from the JIT.
+
+ The type StructureStubInfo has two unused states, one for gets & one for puts. Unify
+ these, so that the class can have a default constructor (and to simply switch statements
+ in code walking over the table).
+
+ This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure
+ to check for functions containing property access. Instead do so in the DFGByteCodeParser.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::printStructureStubInfo):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setNumberOfStructureStubInfos):
+ (JSC::CodeBlock::numberOfStructureStubInfos):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::visitAggregate):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::StructureStubInfo):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emitSlow_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+
+2011-05-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Call::Call):
+ (JSC::AbstractMacroAssembler::Call::fromTailJump):
+ (JSC::AbstractMacroAssembler::Jump::Jump):
+ (JSC::AbstractMacroAssembler::Jump::link):
+ (JSC::AbstractMacroAssembler::Jump::linkTo):
+ (JSC::AbstractMacroAssembler::Jump::isSet):
+ (JSC::AbstractMacroAssembler::differenceBetween):
+ (JSC::AbstractMacroAssembler::linkJump):
+ (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::link):
+ (JSC::LinkBuffer::locationOf):
+ (JSC::LinkBuffer::locationOfNearCall):
+ (JSC::LinkBuffer::returnAddressOffset):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::linkCall):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::linkCall):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::linkCall):
+ * assembler/MacroAssemblerSH4.cpp:
+ (JSC::MacroAssemblerSH4::linkCall):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::linkCall):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::linkCall):
+
+2011-05-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61500
+ Add JSObject::offsetOfPropertyStorage
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compileGetDirectOffset):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::compilePutDirectOffset):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::compilePutDirectOffset):
+ (JSC::JIT::compileGetDirectOffset):
+ * runtime/JSObject.h:
+ (JSC::JSObject::offsetOfPropertyStorage):
+
+2011-05-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make RegExp GC allocated
+ https://bugs.webkit.org/show_bug.cgi?id=61490
+
+ Make RegExp GC allocated. Basically mechanical change to replace
+ most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
+ where actual ownership happens.
+
+ Made the RegExpCache use Strong<> references currently to avoid any
+ changes in behaviour.
+
+ * JavaScriptCore.exp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addRegExp):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addRegExp):
+ (JSC::BytecodeGenerator::emitNewRegExp):
+ * bytecompiler/BytecodeGenerator.h:
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ (JSC::JSGlobalData::addRegExpToTrace):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::create):
+ (JSC::RegExp::invalidateCode):
+ * runtime/RegExp.h:
+ (JSC::RegExp::createStructure):
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ (JSC::RegExpCache::create):
+ * runtime/RegExpCache.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ (JSC::RegExpObject::visitChildren):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::setRegExp):
+ (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ (JSC::regExpProtoFuncCompile):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+
+2011-05-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Generate regexp code lazily
+ https://bugs.webkit.org/show_bug.cgi?id=61476
+
+ RegExp construction now simply validates the RegExp, it does
+ not perform actual codegen.
+
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::recompile):
+ (JSC::RegExp::compile):
+ (JSC::RegExp::match):
+ * runtime/RegExp.h:
+ (JSC::RegExp::recompileIfNecessary):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::performMatch):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::match):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace):
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ (JSC::stringProtoFuncSplit):
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Removed MarkSetProperties because it was unused
+ https://bugs.webkit.org/show_bug.cgi?id=61418
+
+ * heap/MarkStack.h:
+ (JSC::MarkSet::MarkSet):
+ (JSC::MarkStack::append):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.h:
+ (JSC::JSArray::visitChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/WriteBarrier.h:
+ (JSC::MarkStack::appendValues):
+
+2011-05-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make allocations with guard pages ensure that the allocation succeeded
+ https://bugs.webkit.org/show_bug.cgi?id=61453
+
+ Add null checks, and make PageBlock's operator bool() use
+ the realbase, rather than the start of usable memory.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+ * wtf/PageBlock.h:
+ (WTF::PageBlock::operator bool):
+ (WTF::PageBlock::PageBlock):
+
+2011-04-10 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * bytecompiler/BytecodeGenerator.h:
+
+2011-05-24 Keishi Hattori <keishi@webkit.org>
+
+ Reviewed by Kent Tamura.
+
+ Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer.
+ https://bugs.webkit.org/show_bug.cgi?id=61273
+
+ * Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag.
+
+2011-05-24 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export macros to WTFString.h.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * wtf/text/WTFString.h:
+ (WTF::String::String):
+ (WTF::String::findIgnoringCase):
+ (WTF::String::isHashTableDeletedValue):
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Maybe fix the Mac build now?
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Maybe fix the Mac build?
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Split HeapRootVisitor into its own class
+ https://bugs.webkit.org/show_bug.cgi?id=61399
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/HandleHeap.cpp:
+ * heap/HandleStack.cpp:
+ * heap/Heap.cpp:
+ * heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h.
+ * heap/MarkStack.h:
+ * runtime/ArgList.cpp:
+ * runtime/SmallStrings.cpp:
+
+2011-05-24 Jay Civelli <jcivelli@chromium.org>
+
+ Rubberstamped by David Kilzer.
+
+ Updated some files that I forgot in my previous MHTML CL.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Fix the Mac build: Yes, please do remove these files, svn.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Let's just have one way to get the system page size, bokay?
+ https://bugs.webkit.org/show_bug.cgi?id=61384
+
+ * CMakeListsEfl.txt:
+ * CMakeListsWinCE.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
+ is gone completely now, since it only existed to provide a duplicate way
+ to access the system page size.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::reset):
+ * heap/MarkStack.h:
+ (JSC::::MarkStackArray):
+ (JSC::::shrinkAllocation): Use WTF::pageSize.
+
+ * heap/MarkStackPosix.cpp:
+ * heap/MarkStackSymbian.cpp:
+ * heap/MarkStackWin.cpp: Removed now-empty files.
+
+ * jit/ExecutableAllocator.cpp:
+ (JSC::ExecutableAllocator::reprotectRegion):
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutablePool::ExecutablePool):
+ (JSC::ExecutablePool::poolAllocate):
+ * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
+
+ * wscript: Removed now-empty files.
+
+ * wtf/PageBlock.cpp:
+ (WTF::systemPageSize): Integrated questionable Symbian page size rule
+ from ExecutableAllocator, because that seems like what the original
+ author should have done.
+
+2011-05-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
+ https://bugs.webkit.org/show_bug.cgi?id=61385
+
+ The interpreter uses the structure slot of get_by_id and put_by_id to hold
+ the initial structure it encountered so that it can identify whether a
+ given access is stable.
+
+ When marking though we only visit the slot when we've decided to cache, and
+ so this value could die. This was "safe" as the value was only used for a
+ pointer compare, but it was incorrect. We now just mark the slot like we
+ should have been doing already.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitStructures):
+
+2011-05-24 Adam Roben <aroben@apple.com>
+
+ Windows build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions.
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix: update the #if OS(WINDOWS) section to match my last patch.
+
+ * heap/MarkStack.h:
+ (JSC::::shrinkAllocation):
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Rubber-stamped by Oliver Hunt.
+
+ Split out function definitions and class definitions from class
+ declarations in MarkStack.h, for readability.
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::~MarkStack):
+ (JSC::MarkStack::addOpaqueRoot):
+ (JSC::MarkStack::containsOpaqueRoot):
+ (JSC::MarkStack::opaqueRootCount):
+ (JSC::MarkSet::MarkSet):
+ (JSC::MarkStack::allocateStack):
+ (JSC::MarkStack::releaseStack):
+ (JSC::MarkStack::pageSize):
+ (JSC::::MarkStackArray):
+ (JSC::::~MarkStackArray):
+ (JSC::::expand):
+ (JSC::::append):
+ (JSC::::removeLast):
+ (JSC::::last):
+ (JSC::::isEmpty):
+ (JSC::::size):
+ (JSC::::shrinkAllocation):
+
+2011-05-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Avoid creating unnecessary identifiers and strings in the syntax checker
+ https://bugs.webkit.org/show_bug.cgi?id=61378
+
+ Selectively tell the lexer that there are some places it does not need to
+ do the real work of creating Identifiers for IDENT and STRING tokens.
+
+ Make parseString and parseIdentifier templatized on whether they should
+ do real work, or merely validate the tokens.
+
+ SunSpider --parse-only reports ~5-8% win depending on hardware.
+
+ * parser/ASTBuilder.h:
+ (JSC::ASTBuilder::createDotAccess):
+ * parser/JSParser.cpp:
+ (JSC::JSParser::next):
+ (JSC::JSParser::consume):
+ (JSC::JSParser::parseVarDeclarationList):
+ (JSC::JSParser::parseConstDeclarationList):
+ (JSC::JSParser::parseExpression):
+ (JSC::JSParser::parseAssignmentExpression):
+ (JSC::JSParser::parseConditionalExpression):
+ (JSC::JSParser::parseBinaryExpression):
+ (JSC::JSParser::parseProperty):
+ (JSC::JSParser::parseObjectLiteral):
+ (JSC::JSParser::parseArrayLiteral):
+ (JSC::JSParser::parseArguments):
+ (JSC::JSParser::parseMemberExpression):
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ (JSC::Lexer::parseString):
+ (JSC::Lexer::lex):
+ * parser/Lexer.h:
+ * parser/SyntaxChecker.h:
+ (JSC::SyntaxChecker::createDotAccess):
+ (JSC::SyntaxChecker::createProperty):
+
+2011-05-23 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Safari often freezes when clicking "Return free memory" in Caches dialog
+ https://bugs.webkit.org/show_bug.cgi?id=61325
+
+ There are two fixes and improvement in instrumentation code used to find
+ one of the problems.
+ Changed ReleaseFreeList() to set the "decommitted" bit when releasing
+ pages to the system and moving Spans from the normal list to the returned
+ list.
+ Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
+ to eliminate an infinite loop if we can't meet the pagesToRelease target.
+ Added a check for the decommitted bit being set properly in
+ TCMalloc_PageHeap::CheckList.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::scavenge):
+ (WTF::TCMalloc_PageHeap::Check):
+ (WTF::TCMalloc_PageHeap::CheckList):
+ (WTF::ReleaseFreeList):
+
+2011-05-23 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61306
+
+ The begin characters optimization currently has issues (#61129),
+ and does not appear to still be a performance win. The prudent
+ next step seems to be to disable while we ascertain whether this
+ is still a useful performance optimization.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::matchDisjunction):
+ (JSC::Yarr::Interpreter::interpret):
+ * yarr/YarrInterpreter.h:
+ (JSC::Yarr::BytecodePattern::BytecodePattern):
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
+ (JSC::Yarr::YarrPattern::compile):
+ (JSC::Yarr::YarrPattern::YarrPattern):
+ * yarr/YarrPattern.h:
+ (JSC::Yarr::YarrPattern::reset):
+
+2011-05-23 Matthew Delaney <mdelaney@apple.com>
+
+ Reviewed by Simon Fraser.
+
+ Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
+ https://bugs.webkit.org/show_bug.cgi?id=58216
+
+ * wtf/MathExtras.h:
+ (clampToInteger):
+ (clampToPositiveInteger):
+
+2011-05-23 Ruben <chromium@hybridsource.org>
+
+ Reviewed by Tony Chang.
+
+ Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix
+ https://bugs.webkit.org/show_bug.cgi?id=61219
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-05-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Gavin Barraclough.
+
+ [SH4] AssemblerLabel does not name a type
+ https://bugs.webkit.org/show_bug.cgi?id=59927
+
+ SH4Assembler.h file shoold be included before AbstractMacroAssembler.h.
+
+ * assembler/MacroAssemblerSH4.h:
+
+2011-05-23 Ryuan Choi <ryuan.choi@samsung.com>
+
+ Rubber stamped by Eric Seidel.
+
+ [CMAKE] Refactoring wtf related code.
+ https://bugs.webkit.org/show_bug.cgi?id=60146
+
+ Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt.
+
+ * CMakeLists.txt:
+ * CMakeListsEfl.txt:
+ * wtf/CMakeLists.txt:
+ * wtf/CMakeListsEfl.txt:
+
+2011-05-22 Adam Barth <abarth@webkit.org>
+
+ Enable strict PassOwnPtr for everyone. I expect this patch will need
+ some followups to make the GTK and EFL bots green again.
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Reduce size of inline cache path of get_by_id on ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=61221
+
+ This reduces the code size of get_by_id by 20 bytes
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::ldrCompact):
+ (JSC::ARMv7Assembler::repatchCompact):
+ (JSC::ARMv7Assembler::setUInt7ForLoad):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
+ * jit/JIT.h:
+
+2011-05-20 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+
+ Reviewed by Oliver Hunt.
+
+ Zombies should "live" forever
+ https://bugs.webkit.org/show_bug.cgi?id=61170
+
+ Reusing zombie cells could still hide garbage
+ collected cell related bugs.
+
+ * JavaScriptCore.pro:
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::clearMarks):
+ * heap/MarkedBlock.h:
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::isZombie):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::~JSZombie):
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
+2011-05-20 Brady Eidson <beidson@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
+ Horrendous bug in callOnMainThreadAndWait
+
+ * wtf/MainThread.cpp:
+ (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
+ syncFlag condition, reacquire the mutex first.
+
+2011-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Remove unnecessary double->int conversion at the end of op_div
+ https://bugs.webkit.org/show_bug.cgi?id=61198
+
+ We don't attempt this conversion on 64bit, removing it actually speeds
+ up sunspider and v8 slightly, and it reduces code size.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_div):
+
+2011-05-19 Evan Martin <evan@chromium.org>
+
+ Reviewed by Tony Chang.
+
+ [chromium] remove <(library) variable
+ https://bugs.webkit.org/show_bug.cgi?id=61158
+
+ This was for a build experiment; we can just use the correct value now.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Interpreter uses wrong bytecode offset for determining exception handler
+ https://bugs.webkit.org/show_bug.cgi?id=61191
+
+ The bytecode offset given for the returnPC from the JIT is
+ actually the offset for the start of the instruction triggering
+ the call, whereas in the interpreter it is the actual return
+ VPC. This means if the next instruction following a call was
+ in an exception region we would incorrectly redirect to its
+ handler. Long term we want to completely redo how exceptions
+ are handled anyway so the simplest and lowest risk fix here is
+ to simply subtract one from the return vPC so that we have an
+ offset in the triggering instruction.
+
+ It turns out this is caught by a couple of tests already.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::unwindCallFrame):
+
+2011-05-20 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Oliver Hunt.
+
+ JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
+ https://bugs.webkit.org/show_bug.cgi?id=42756
+
+ Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel
+ check of the available memory. This should give us an
+ overcommit-like behavior in most systems, which is what we want.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap.
+
+2011-05-19 Gabor Loki <loki@webkit.org>
+
+ Fix ARM build after r86919
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::nop):
+
+2011-05-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Randomise code starting location a little
+ https://bugs.webkit.org/show_bug.cgi?id=61161
+
+ Add a nop() function to the Assemblers so that we
+ can randomise code offsets slightly at no real cost.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::nop):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::nop):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::nop):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::nop):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::nop):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::nop):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::nop):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::nop):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * runtime/WeakRandom.h:
+ (JSC::WeakRandom::getUint32):
+
+2011-05-19 Oliver Hunt <oliver@apple.com>
+
+ Fix windows build.
+
+ * wtf/OSAllocatorWin.cpp:
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::reserveAndCommit):
+
+2011-05-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add guard pages to each end of the memory region used by the fixedvm allocator
+ https://bugs.webkit.org/show_bug.cgi?id=61150
+
+ Add mechanism to notify the OSAllocator that pages at either end of an
+ allocation should be considered guard pages. Update PageReservation,
+ PageAllocation, etc to handle this.
+
+ * JavaScriptCore.exp:
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+ * wtf/OSAllocator.h:
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::reserveAndCommit):
+ * wtf/PageAllocation.h:
+ (WTF::PageAllocation::PageAllocation):
+ * wtf/PageAllocationAligned.h:
+ (WTF::PageAllocationAligned::PageAllocationAligned):
+ * wtf/PageBlock.h:
+ (WTF::PageBlock::PageBlock):
+ * wtf/PageReservation.h:
+ (WTF::PageReservation::reserve):
+ (WTF::PageReservation::reserveWithGuardPages):
+ Add a new function to make a reservation that will add guard
+ pages to the ends of an allocation.
+ (WTF::PageReservation::PageReservation):
+
+2011-05-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make Executables release their JIT code as soon as they become dead
+ https://bugs.webkit.org/show_bug.cgi?id=61134
+
+ Add an ability to clear an Executable's jit code without requiring
+ it to be destroyed, and then call that from a finalizer.
+
+ * heap/Weak.h:
+ (JSC::Weak::Weak):
+ (JSC::Weak::leak):
+ * jit/JITCode.h:
+ (JSC::JITCode::clear):
+ * runtime/Executable.cpp:
+ (JSC::ExecutableFinalizer::finalize):
+ (JSC::ExecutableBase::executableFinalizer):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::clearExecutableCode):
+
+2011-05-19 Adam Roben <aroben@apple.com>
+
+ Remove a redundant and broken data export
+
+ Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
+ JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
+ to a linker warning about multiple definitions.)
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
+
+2011-05-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
+ https://bugs.webkit.org/show_bug.cgi?id=61064
+
+ Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
+ for its inline storage. This resolves the problem of GC occurring before
+ a subclass has initialised its anonymous storage.
+
+ * runtime/JSObject.h:
+
+2011-05-18 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Sam Weinig.
+
+ Delete WTFURL
+ https://bugs.webkit.org/show_bug.cgi?id=61084
+
+ It's been a year and we've failed to complete this project. It's time
+ to throw in the towel.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/url: Removed.
+ * wtf/url/api: Removed.
+ * wtf/url/api/ParsedURL.cpp: Removed.
+ * wtf/url/api/ParsedURL.h: Removed.
+ * wtf/url/api/URLString.h: Removed.
+ * wtf/url/src: Removed.
+ * wtf/url/src/RawURLBuffer.h: Removed.
+ * wtf/url/src/URLBuffer.h: Removed.
+ * wtf/url/src/URLCharacterTypes.cpp: Removed.
+ * wtf/url/src/URLCharacterTypes.h: Removed.
+ * wtf/url/src/URLComponent.h: Removed.
+ * wtf/url/src/URLEscape.cpp: Removed.
+ * wtf/url/src/URLEscape.h: Removed.
+ * wtf/url/src/URLParser.h: Removed.
+ * wtf/url/src/URLQueryCanonicalizer.h: Removed.
+ * wtf/url/src/URLSegments.cpp: Removed.
+ * wtf/url/src/URLSegments.h: Removed.
+ * wtf/url/wtfurl.gyp: Removed.
+
+2011-05-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
+ https://bugs.webkit.org/show_bug.cgi?id=61090
+
+ Remove the Structure-free JSGlobalObject constructor and instead always
+ pass the structure into the JSGlobalObject constructor.
+ Stop DebuggerActivation creating a new structure every time, and simply
+ use a single shared structure held by the GlobalData.
+
+ * API/JSContextRef.cpp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ * jsc.cpp:
+ (GlobalObject::GlobalObject):
+ (functionRun):
+ (jscmain):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.h:
+
+2011-05-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Disable gc validation in release builds
+ https://bugs.webkit.org/show_bug.cgi?id=60680
+
+ Add back the NDEBUG check
+
+ * wtf/Platform.h:
+
+2011-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out attempts to fix EFL build because they're not enough -- the
+ build script needs to be fixed.
+
+ * runtime/BooleanPrototype.cpp:
+ * runtime/DateConstructor.cpp:
+ * runtime/ErrorPrototype.cpp:
+
+2011-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ More attempts to work around the EFL build system being borken.
+
+ * runtime/DateConstructor.cpp:
+ * runtime/ErrorPrototype.cpp:
+
+2011-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the EFL build.
+
+ * runtime/BooleanPrototype.cpp:
+
+2011-05-16 Geoffrey Garen <ggaren@apple.com>
+
+ Rolling back in r86653 with build fixed.
+
+ Reviewed by Gavin Barraclough and Oliver Hunt.
+
+ Global object initialization is expensive
+ https://bugs.webkit.org/show_bug.cgi?id=60933
+
+ Changed a bunch of globals to allocate their properties lazily, and changed
+ the global object to allocate a bunch of its globals lazily.
+
+ This reduces the footprint of a global object from 287 objects with 58
+ functions for 24K to 173 objects with 20 functions for 15K.
+
+ Large patch, but it's all mechanical.
+
+ * DerivedSources.make:
+ * JavaScriptCore.exp: Build!
+
+ * create_hash_table: Added a special case for fromCharCode, since it uses
+ a custom "thunk generator".
+
+ * heap/Heap.cpp:
+ (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
+ overcount objects that were owned through more than one mechanism because
+ it was getting in the way of counting the results for this patch.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::arrayConstructorTable):
+ (JSC::ExecState::arrayPrototypeTable):
+ (JSC::ExecState::booleanPrototypeTable):
+ (JSC::ExecState::dateConstructorTable):
+ (JSC::ExecState::errorPrototypeTable):
+ (JSC::ExecState::globalObjectTable):
+ (JSC::ExecState::numberConstructorTable):
+ (JSC::ExecState::numberPrototypeTable):
+ (JSC::ExecState::objectPrototypeTable):
+ (JSC::ExecState::regExpPrototypeTable):
+ (JSC::ExecState::stringConstructorTable): Added new tables.
+
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::createStructure):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::createStructure):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ (JSC::DateConstructor::getOwnPropertySlot):
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::createStructure):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::createStructure): Standardized these objects
+ to use static tables for function properties.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h: Added new tables.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
+ static table for its global functions. This required uninlining some
+ things to avoid a circular header dependency. However, those things
+ probably shouldn't have been inlined in the first place.
+
+ Even more global object properties can be made lazy, but that requires
+ more in-depth changes.
+
+ * runtime/MathObject.cpp:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::createStructure):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::createStructure):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ (JSC::StringConstructor::getOwnPropertySlot):
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::createStructure): Standardized these objects
+ to use static tables for function properties.
+
+2011-05-17 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Oliver Hunt.
+
+ JSGlobalContextRelease should not trigger a synchronous garbage collection
+ https://bugs.webkit.org/show_bug.cgi?id=60990
+
+ * API/JSContextRef.cpp:
+ Change synchronous call to collectAllGarbage to a call to trigger the
+ activityCallback.
+
+2011-05-16 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Reduce code size for inline cache
+ https://bugs.webkit.org/show_bug.cgi?id=60942
+
+ This patch introduces the concept of a "compact" address that
+ allows individual architectures to control the maximum offset
+ used for the inline path of get_by_id. This reduces the code
+ size of get_by_id by 3 bytes on x86 and x86_64 and slightly
+ improves performance on v8 tests.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::repatchCompact):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::repatchCompact):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
+ (JSC::AbstractMacroAssembler::differenceBetween):
+ (JSC::AbstractMacroAssembler::repatchCompact):
+ * assembler/CodeLocation.h:
+ (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact):
+ (JSC::CodeLocationCommon::dataLabelCompactAtOffset):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::locationOf):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::repatchCompact):
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::repatchCompact):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
+ * assembler/RepatchBuffer.h:
+ (JSC::RepatchBuffer::repatch):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::repatchCompact):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movl_mr_disp8):
+ (JSC::X86Assembler::movq_mr_disp8):
+ (JSC::X86Assembler::repatchCompact):
+ (JSC::X86Assembler::setInt8):
+ (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8):
+ (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8):
+ (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::patchGetByIdSelf):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::patchGetByIdSelf):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCacheGetByID):
+
+2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r86653.
+ http://trac.webkit.org/changeset/86653
+ https://bugs.webkit.org/show_bug.cgi?id=60944
+
+ "Caused regressions on Windows, OSX and EFL" (Requested by
+ yutak on #webkit).
+
+ * DerivedSources.make:
+ * DerivedSources.pro:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * create_hash_table:
+ * heap/Heap.cpp:
+ (JSC::TypeCounter::operator()):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::arrayTable):
+ (JSC::ExecState::numberTable):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ * runtime/DateConstructor.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::addStaticGlobals):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncJSCPrint):
+ * runtime/JSGlobalObjectFunctions.h:
+ * runtime/MathObject.cpp:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ * runtime/StringConstructor.h:
+
+2011-05-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Global object initialization is expensive
+ https://bugs.webkit.org/show_bug.cgi?id=60933
+
+ Changed a bunch of globals to allocate their properties lazily, and changed
+ the global object to allocate a bunch of its globals lazily.
+
+ This reduces the footprint of a global object from 287 objects with 58
+ functions for 24K to 173 objects with 20 functions for 15K.
+
+ Large patch, but it's all mechanical.
+
+ * DerivedSources.make:
+ * JavaScriptCore.exp: Build!
+
+ * create_hash_table: Added a special case for fromCharCode, since it uses
+ a custom "thunk generator".
+
+ * heap/Heap.cpp:
+ (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
+ overcount objects that were owned through more than one mechanism because
+ it was getting in the way of counting the results for this patch.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::arrayConstructorTable):
+ (JSC::ExecState::arrayPrototypeTable):
+ (JSC::ExecState::booleanPrototypeTable):
+ (JSC::ExecState::dateConstructorTable):
+ (JSC::ExecState::errorPrototypeTable):
+ (JSC::ExecState::globalObjectTable):
+ (JSC::ExecState::numberConstructorTable):
+ (JSC::ExecState::numberPrototypeTable):
+ (JSC::ExecState::objectPrototypeTable):
+ (JSC::ExecState::regExpPrototypeTable):
+ (JSC::ExecState::stringConstructorTable): Added new tables.
+
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::createStructure):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::createStructure):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ (JSC::DateConstructor::getOwnPropertySlot):
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::createStructure):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::createStructure): Standardized these objects
+ to use static tables for function properties.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h: Added new tables.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
+ static table for its global functions. This required uninlining some
+ things to avoid a circular header dependency. However, those things
+ probably shouldn't have been inlined in the first place.
+
+ Even more global object properties can be made lazy, but that requires
+ more in-depth changes.
+
+ * runtime/MathObject.cpp:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::createStructure):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::createStructure):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ (JSC::StringConstructor::getOwnPropertySlot):
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::createStructure): Standardized these objects
+ to use static tables for function properties.
+
+2011-05-16 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
+ <rdar://problem/9446430>
+
+ Reviewed by Mark Rowe.
+
+ * Configurations/Base.xcconfig: Fixed typo.
+
+2011-05-16 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ JSWeakObjectMap finalisation may occur while gc is in inconsistent state
+ https://bugs.webkit.org/show_bug.cgi?id=60908
+ <rdar://problem/9409491>
+
+ We need to ensure that we have called all the weak map finalizers while
+ the global object (and hence global context) is still in a consistent
+ state. The best way to achieve this is to simply use a weak handle and
+ finalizer on the global object.
+
+ * JavaScriptCore.exp:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::registerWeakMap):
+
+2011-05-16 Siddharth Mathur <siddharth.mathur@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt][WK2][Symbian] Shared memory implementation for Symbian
+ https://bugs.webkit.org/show_bug.cgi?id=55875
+
+ * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users
+
+2011-05-16 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=60866
+ Evaluation order broken for empty alternatives in subpatterns
+
+ Reverting https://bugs.webkit.org/show_bug.cgi?id=51395
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
+
+2011-05-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen & Michael Saboff.
+
+ https://bugs.webkit.org/show_bug.cgi?id=60860
+ Simplify backtracking in YARR JIT
+
+ YARR JIT currently performs a single pass of code generation over the pattern,
+ with special handling to allow the code generation for some backtracking code
+ out of line. We can simplify things by moving to a common mechanism whereby all
+ forwards matching code is generated in one pass, and all backtracking code is
+ generated in another. Backtracking code can be generated in reverse order, to
+ optimized the common fall-through case.
+
+ To make it easier to walk over the pattern, we can first convert to a more
+ byte-code like format before JIT generating. In time we should unify this with
+ the YARR interpreter to more closely unify the two.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
+ (JSC::Yarr::YarrGenerator::YarrOp::YarrOp):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::append):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::link):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord):
+ (JSC::Yarr::YarrGenerator::generateAssertionBOL):
+ (JSC::Yarr::YarrGenerator::backtrackAssertionBOL):
+ (JSC::Yarr::YarrGenerator::generateAssertionEOL):
+ (JSC::Yarr::YarrGenerator::backtrackAssertionEOL):
+ (JSC::Yarr::YarrGenerator::matchAssertionWordchar):
+ (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
+ (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateTerm):
+ (JSC::Yarr::YarrGenerator::backtrackTerm):
+ (JSC::Yarr::YarrGenerator::generate):
+ (JSC::Yarr::YarrGenerator::backtrack):
+ (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
+ (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
+ (JSC::Yarr::YarrGenerator::opCompileAlternative):
+ (JSC::Yarr::YarrGenerator::opCompileBody):
+ (JSC::Yarr::YarrGenerator::YarrGenerator):
+ (JSC::Yarr::YarrGenerator::compile):
+
+2011-05-15 Adam Barth <abarth@webkit.org>
+
+ Enable strict PassOwnPtr on Qt. (Build fixes to follow.)
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-15 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
+ in browser than on command line
+
+ This patch fixes a few issues in generated code that could unreasonably
+ prolong object lifetimes.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage): Throw away all function code before doing
+ a major collection. We want to clear polymorphic caches, since they can
+ keep alive large object graphs that have gone "stale". For the same reason,
+ but to a lesser extent, we also want to clear linked functions and other
+ one-off caches.
+
+ This has the side-benefit of reducing memory footprint from run-once
+ functions, and of allowing predictions and caches that have failed to
+ re-specialize.
+
+ Eventually, if compilation costs rise far enough, we may want a more
+ limited strategy for de-specializing code without throwing it away
+ completely, but this works for now, and it's the simplest solution.
+
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * runtime/JSFunction.cpp: Made the host function stub cache weak --
+ otherwise it's effectively a memory leak that can seriously fragment the
+ GC and JIT heaps.
+
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::visitChildren): Cleared up some comments that confused
+ me when working with this code.
+
+2011-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make GC validation more aggressive
+ https://bugs.webkit.org/show_bug.cgi?id=60802
+
+ This patch makes the checks performed under GC_VALIDATION
+ much more aggressive, and adds the checks to more places
+ in order to allow us to catch GC bugs much closer to the
+ point of failure.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedSpace.cpp:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSCell.cpp:
+ (JSC::slowValidateCell):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::unvalidatedStructure):
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::slowValidateCell):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::JSCell::classInfo):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ * runtime/WriteBarrier.h:
+ (JSC::validateCell):
+ (JSC::JSCell):
+ (JSC::JSGlobalObject):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::setMayBeNull):
+ (JSC::WriteBarrierBase::setEarlyValue):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::unvalidatedGet):
+ (JSC::WriteBarrier::WriteBarrier):
+ * wtf/Assertions.h:
+
+2011-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make GC validation more aggressive
+ https://bugs.webkit.org/show_bug.cgi?id=60802
+
+ This patch makes the checks performed under GC_VALIDATION
+ much more aggressive, and adds the checks to more places
+ in order to allow us to catch GC bugs much closer to the
+ point of failure.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedSpace.cpp:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSCell.cpp:
+ (JSC::slowValidateCell):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::unvalidatedStructure):
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::slowValidateCell):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::JSCell::classInfo):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ * runtime/WriteBarrier.h:
+ (JSC::validateCell):
+ (JSC::JSCell):
+ (JSC::JSGlobalObject):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::setMayBeNull):
+ (JSC::WriteBarrierBase::setEarlyValue):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::unvalidatedGet):
+ (JSC::WriteBarrier::WriteBarrier):
+ * wtf/Assertions.h:
+
+2011-05-14 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.
+
+ Make GC validation more aggressive
+ https://bugs.webkit.org/show_bug.cgi?id=60802
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedSpace.cpp:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::Structure::createStructure):
+ (JSC::JSCell::classInfo):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrier::WriteBarrier):
+ * wtf/Assertions.h:
+
+2011-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make GC validation more aggressive
+ https://bugs.webkit.org/show_bug.cgi?id=60802
+
+ This patch makes the checks performed under GC_VALIDATION
+ much more aggressive, and adds the checks to more places
+ in order to allow us to catch GC bugs much closer to the
+ point of failure.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedSpace.cpp:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSCell.cpp:
+ (JSC::slowValidateCell):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::unvalidatedStructure):
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::slowValidateCell):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::JSCell::classInfo):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ * runtime/WriteBarrier.h:
+ (JSC::validateCell):
+ (JSC::JSCell):
+ (JSC::JSGlobalObject):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::setMayBeNull):
+ (JSC::WriteBarrierBase::setEarlyValue):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::unvalidatedGet):
+ (JSC::WriteBarrier::WriteBarrier):
+ * wtf/Assertions.h:
+
+2011-05-01 Holger Hans Peter Freyther <holger@moiji-mobile.com>
+
+ Reviewed by Steve Block.
+
+ [android] OS(ANDROID) does not imply PLATFORM(ANDROID)
+ https://bugs.webkit.org/show_bug.cgi?id=59888
+
+ It is possible to build QtWebKit and others for OS(ANDROID). Let
+ the buildsystem decide which platform is to be build.
+
+ * wtf/Platform.h:
+
+2011-05-12 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Darin Adler.
+
+ XMLDocumentParserLibxml2 should play nice with strict OwnPtrs
+ https://bugs.webkit.org/show_bug.cgi?id=59394
+
+ This portion of the change introduces a PassTraits template, which
+ is used to enable takeFirst() to work for a Deque holding OwnPtrs,
+ and optimize it for a Deque holding RefPtrs. In the future it can
+ be deployed elsewhere to make our data structures work better with
+ our smart pointers.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/Deque.h:
+ (WTF::::takeFirst):
+ * wtf/PassTraits.h: Added.
+ (WTF::PassTraits::transfer):
+
+2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Not reviewed.
+
+ Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Not reviewed.
+
+ String operator+ reallocates unnecessarily when concatting > 2 strings
+ https://bugs.webkit.org/show_bug.cgi?id=58420
+
+ Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Darin Adler.
+
+ String operator+ reallocates unnecessarily when concatting > 2 strings
+ https://bugs.webkit.org/show_bug.cgi?id=58420
+
+ Provide a faster String append operator.
+ Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
+ object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
+ N strings using operator+, this leads to N-1 reallocations.
+
+ Replace this with a flexible operator+ implementation, that avoids these reallocations.
+ When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
+ a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
+ creation of the final string, until operator String() is invoked.
+
+ template<typename T>
+ StringAppend<String, T> operator+(const String& string1, T string2)
+ {
+ return StringAppend<String, T>(string1, string2);
+ }
+
+ template<typename U, typename V, typename W>
+ StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
+ {
+ return StringAppend<U, StringAppend<V, W> >(string1, string2);
+ }
+
+ When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
+ first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
+ Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
+ a StringAppend<String, StringAppend<String, String> > object.
+ Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
+ final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
+ against too big string allocations, etc.
+
+ Note that the second template, defines a recursive way to concat an arbitary number of strings
+ into a single String with just one allocation.
+
+ * GNUmakefile.list.am: Add StringOperators.h to build.
+ * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
+ * JavaScriptCore.gypi: Add StringOperators.h to build.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+ * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
+ * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
+ * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
+ (WTF::StringAppend::StringAppend):
+ (WTF::StringAppend::operator String):
+ (WTF::StringAppend::operator AtomicString):
+ (WTF::StringAppend::writeTo):
+ (WTF::StringAppend::length):
+ (WTF::operator+):
+ * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append().
+ (WTF::emptyString): Add new shared empty string free function.
+ * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
+
+2011-05-12 Philippe Normand <pnormand@igalia.com>
+
+ Unreviewed, GTK build fix.
+
+ * wtf/Platform.h:
+
+2011-05-12 Keith Kyzivat <keith.kyzivat@nokia.com>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Arm debug build failing on ARMAssembler::debugOffset()
+ https://bugs.webkit.org/show_bug.cgi?id=60688
+
+ Related to svn rev 85523
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::debugOffset):
+
+2011-05-11 Igor Oliveira <igor.oliveira@openbossa.org>
+
+ Reviewed by Eric Seidel.
+
+ WebKit does not build with GCCE
+ https://bugs.webkit.org/show_bug.cgi?id=60667
+
+ Allow compile WebKit with GCCE
+
+ * wtf/Alignment.h:
+ * wtf/Platform.h:
+
+2011-05-11 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Enable strict PassOwnPtr on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=60684
+
+ This should build cleanly now.
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Protect JSC from WebCore executing JS during JS wrapper finalization
+ https://bugs.webkit.org/show_bug.cgi?id=60672
+ <rdar://problem/9350997>
+
+ Detect when we're trying to execute JS during GC and prevent the
+ execution from happening. We also assert that this isn't happening
+ as it implies incorrect behaviour of an object's destructor.
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ * heap/Heap.h:
+ (JSC::Heap::isBusy):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::isCollectorBusy):
+
+2011-05-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Enable gc mark validation in temporarily in release builds
+ https://bugs.webkit.org/show_bug.cgi?id=60678
+
+ Make it easier to turn the gc mark validation on and off, and
+ temporarily turn it on for all builds.
+
+ * heap/MarkStack.cpp:
+ * heap/MarkStack.h:
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::internalAppend):
+ * runtime/WriteBarrier.h:
+ (JSC::MarkStack::appendValues):
+ * wtf/Platform.h:
+
+2011-05-11 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com
+
+ SunSpider reports no change.
+
+ This bug was caused by changing Structure and Executable to being GC
+ objects, and by a long-standing bug that would thrash the global object
+ between dictionary and non-dictionary states.
+
+ * runtime/BatchedTransitionOptimizer.h:
+ (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't
+ eagerly transition to dictionary -- this can cause pathological dictionary
+ churn, and it's not necessary, since objects know how to automatically
+ transition to dictionary when necessary.
+
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report
+ extra cost from compilation, because it can be quite high. This is especially
+ important for program code, since DOM timers can repeatedly allocate
+ program code without allocating any other objects.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::removeDirect): Don't transition to the uncacheable state
+ if the thing we're trying to remove doesn't exist. This can happen during
+ compilation, since the compiler needs to ensure that no pre-existing
+ conflicting definitions exist for certain declarations.
+
+2011-05-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make mark stack validation functions do something useful in a release build
+ https://bugs.webkit.org/show_bug.cgi?id=60645
+
+ Turn ASSERTs into actual if(...) CRASH(); statements.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validateValue):
+
+2011-05-11 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Martin Robinson.
+
+ Fix copy&paste error in comment.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator): the value is stored in
+ regT2, not regT1.
+
+2011-05-11 Adam Roben <aroben@apple.com>
+
+ WinCE build fixes for strict PassOwnPtr
+
+ * wtf/unicode/CollatorDefault.cpp:
+ (WTF::Collator::userDefault): Use adoptPtr.
+
+2011-05-11 Holger Hans Peter Freyther <holger@moiji-mobile.com>
+
+ Unreviewed build fix.
+
+ [MIPS] Fix compilation of the MIPS JIT
+
+ Include the MIPSAssembler.h first to indirectly include
+ AssemblerBuffer.h before the AbstractMacroAssembler.h. This
+ order is used for the ARM and X86 MacroAssembler*.h
+
+ * assembler/MacroAssemblerMIPS.h:
+
+2011-05-11 Adam Roben <aroben@apple.com>
+
+ Turn on strict PassOwnPtr on Windows
+
+ Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled
+
+ Reviewed by Adam Barth.
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-10 Stephanie Lewis <slewis@apple.com>
+
+ Unreviewed.
+
+ Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130
+
+ * Configurations/JavaScriptCore.xcconfig:
+
+2011-05-10 Adam Barth <abarth@webkit.org>
+
+ Reviewed by David Levin.
+
+ Enable strict PassOwnPtr on Chromium
+ https://bugs.webkit.org/show_bug.cgi?id=60502
+
+ Other platforms to follow.
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-10 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier
+ https://bugs.webkit.org/show_bug.cgi?id=60532
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Build!
+
+ * heap/Handle.h: Moved HandleTypes to its own header because that's the
+ WebKit style, and it was necessary to resolve a circular dependency
+ between Handle.h and WriteBarrier.h.
+
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to
+ verify that all the code is in the right place.
+
+ * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to
+ resolve a circular dependency.
+
+ * runtime/ArgList.h:
+ * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for
+ free anymore.
+
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::PropertyTable): Call the real writeBarrier()
+ function, now that it exists.
+
+ * runtime/SmallStrings.h: Removed a stray #include to resolve a circular
+ dependency.
+
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::set):
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::appendValues): Updated to match the changes above.
+
+2011-05-10 Oliver Hunt <oliver@apple.com>
+
+ Build fix.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validateValue):
+
+2011-05-10 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add some aggressive GC validation to debug builds.
+ https://bugs.webkit.org/show_bug.cgi?id=60601
+
+ When assertions are enabled we now do some validity checking
+ of objects being added to the mark stack.
+
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
+ (JSC::PolymorphicAccessStructureList::visitAggregate):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validateSet):
+ (JSC::MarkStack::validateValue):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::appendValues):
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::internalAppend):
+
+2011-05-09 Darin Adler <darin@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ http://bugs.webkit.org/show_bug.cgi?id=60509
+ Wrong type used for return value from strlen
+
+ * wtf/FastMalloc.cpp:
+ (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since
+ fastMalloc won't return if it fails.
+
+2011-05-09 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ CSP should block Function constructor
+ https://bugs.webkit.org/show_bug.cgi?id=60240
+
+ When eval is disabled, we need to block the use of the function
+ constructor. However, the WebCore JSC bindings call the function
+ constructor directly to create inline event listeners. To support that
+ use, this patch adds an entrypoint that bypasses the check for whether
+ eval is enabled.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunction):
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/FunctionConstructor.h:
+
+2011-05-09 Adam Roben <aroben@apple.com>
+
+ Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes
+
+ Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other
+ WebKit1 IDL file changes to avoid build errors
+
+ Reviewed by Tim Hatcher.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+ Updated for script rename.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed.
+ * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed
+ from react-to-vsprops-changes.py.
+ (top level): Moved a constant here from main.
+ (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new
+ react_to_webkit1_interface_changes function.
+ (react_to_vsprops_changes): Moved code here from main. Updated to use the
+ TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa
+ and touch_if_older_than.
+ (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL
+ file has changed.
+ (mtime_of_newest_file_matching_glob): Added. Code came from main.
+ (touch_if_older_than): Added. Code came from main.
+
+2011-05-08 Jessie Berlin <jberlin@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Make JSRetainPtr work with JSGlobalContextRefs.
+ https://bugs.webkit.org/show_bug.cgi?id=60452
+
+ Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs.
+
+ * API/JSRetainPtr.h:
+ (JSRetain):
+ (JSRelease):
+
+2011-05-07 Dawit Alemayehu <adawit@kde.org>
+
+ Reviewed by Daniel Bates.
+
+ Fix compile with GCC 4.6.0
+ https://bugs.webkit.org/show_bug.cgi?id=60380
+
+ Remove unused local variable from code.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+
+2011-05-06 Alexis Menard <alexis.menard@openbossa.org>
+
+ Unreviewed build fix with gcc 4.6.0 on linux and c++0x support.
+
+ std::tr1::has_trivial_constructor is in <tr1/memory>.
+
+ * wtf/TypeTraits.h:
+
+2011-05-05 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Added convenience methods to convert from a byte to hex ASCII digit
+ characters and vice-versa.
+ https://bugs.webkit.org/show_bug.cgi?id=59834
+
+ * wtf/ASCIICType.h:
+ (WTF::toASCIIHexValue):
+ (WTF::lowerNibbleToASCIIHexDigit):
+ (WTF::upperNibbleToASCIIHexDigit):
+
+2011-05-05 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Benjamin Poulain.
+
+ [Qt] Make QtWebKit build when using gcc 4.6.0
+ https://bugs.webkit.org/show_bug.cgi?id=60265
+
+ If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate
+ the c++0x support because it works.
+
+ * JavaScriptCore.pro:
+
+2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch>
+
+ Reviewed by Geoffrey Garen.
+
+ Port MachineStackMarker.cpp to Windows x64
+ https://bugs.webkit.org/show_bug.cgi?id=60216
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also
+ on 64-bit Windows.
+ (JSC::otherThreadStackPointer): return the Rsp register on Windows x64.
+
+2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch>
+
+ Reviewed by Martin Robinson.
+
+ Link libjavascriptcoregtk on Windows with winmm.dll
+ https://bugs.webkit.org/show_bug.cgi?id=60215
+
+ * GNUmakefile.am:
+
+2011-05-04 Tao Bai <michaelbai@chromium.org>
+
+ Reviewed by David Kilzer.
+
+ Populate touch-icon url to FrameLoaderClient
+ https://bugs.webkit.org/show_bug.cgi?id=59143
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-05-03 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
+ code that accidentally survived the conversion to a switch statement,
+ causing a lot of important code not to run most of the time.
+
+ Since this is not a trivial finger-picking mistake, I will not call it a
+ typo.
+
+2011-05-04 Adam Roben <aroben@apple.com>
+
+ Another attempted build fix
+
+ * wtf/OwnPtr.h:
+ (WTF::OwnPtr::operator==):
+ (WTF::OwnPtr::operator!=):
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::operator==):
+ (WTF::PassOwnPtr::operator!=):
+ Added a return statement. And made a tweak based on a suggestion from Anders Carlsson.
+
+2011-05-04 Adam Roben <aroben@apple.com>
+
+ Try to fix Leopard, Qt, and probably others
+
+ * wtf/OwnPtr.h:
+ (WTF::OwnPtr::operator==):
+ (WTF::OwnPtr::operator!=):
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::operator==):
+ (WTF::PassOwnPtr::operator!=):
+ Try to get the compiler not to instantiate these function templates unnecessarily.
+
+2011-05-03 Adam Roben <aroben@apple.com>
+
+ Disallow equality comparisons between [Pass]OwnPtrs
+
+ If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something
+ really sneaky, in which case you should stop!)
+
+ Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error
+
+ Reviewed by Anders Carlsson and Antti Koivisto.
+
+ * wtf/OwnPtr.h:
+ (WTF::OwnPtr::operator==):
+ (WTF::OwnPtr::operator!=):
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::operator==):
+ (WTF::PassOwnPtr::operator!=):
+ Added private equality operators that fail to compile when used. (When not used, the
+ compiler will skip over them because they are function templates.)
+
+2011-05-04 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Gavin Barraclough.
+
+ JITArithmetic.cpp produces a warning on a unused variable.
+ https://bugs.webkit.org/show_bug.cgi?id=60060
+
+ Just properly use what we already have converted.
+
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emitSlow_op_add):
+ (JSC::JIT::emitSlow_op_mul):
+
+2011-05-04 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Geoffrey Garen.
+
+ JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0.
+ https://bugs.webkit.org/show_bug.cgi?id=60050
+
+ This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable
+ in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated
+ as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED
+ which copy the idea of ASSERT_UNUSED.
+
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ * wtf/Assertions.h:
+ (assertWithMessageUnused):
+
+2011-04-29 Jer Noble <jer.noble@apple.com>
+
+ Reviewed by Eric Seidel.
+
+ Implement FULLSCREEN_API on Windows, Part 4: Enable it
+ https://bugs.webkit.org/show_bug.cgi?id=59798
+
+ * wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win.
+
+2011-05-03 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Eric Seidel.
+
+ Unused but set variable warning in MacroAssemberX86_64
+ https://bugs.webkit.org/show_bug.cgi?id=59482
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::call):
+ (JSC::MacroAssemblerX86_64::tailRecursiveCall):
+ (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
+
+2011-05-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make malloc validation useful
+ https://bugs.webkit.org/show_bug.cgi?id=57502
+
+ Reland this patch (rolled out in 82905) without
+ turning it on by default.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/FastMalloc.cpp:
+ (WTF::tryFastMalloc):
+ (WTF::fastMalloc):
+ (WTF::tryFastCalloc):
+ (WTF::fastCalloc):
+ (WTF::fastFree):
+ (WTF::tryFastRealloc):
+ (WTF::fastRealloc):
+ (WTF::fastMallocSize):
+ (WTF::TCMalloc_PageHeap::isScavengerSuspended):
+ (WTF::TCMalloc_PageHeap::scheduleScavenger):
+ (WTF::TCMalloc_PageHeap::suspendScavenger):
+ (WTF::TCMalloc_PageHeap::signalScavenger):
+ (WTF::TCMallocStats::malloc):
+ (WTF::TCMallocStats::free):
+ (WTF::TCMallocStats::fastCalloc):
+ (WTF::TCMallocStats::tryFastCalloc):
+ (WTF::TCMallocStats::calloc):
+ (WTF::TCMallocStats::fastRealloc):
+ (WTF::TCMallocStats::tryFastRealloc):
+ (WTF::TCMallocStats::realloc):
+ (WTF::TCMallocStats::fastMallocSize):
+ * wtf/FastMalloc.h:
+ (WTF::Internal::fastMallocValidationHeader):
+ (WTF::Internal::fastMallocValidationSuffix):
+ (WTF::Internal::fastMallocMatchValidationType):
+ (WTF::Internal::setFastMallocMatchValidationType):
+ (WTF::fastMallocMatchValidateFree):
+ (WTF::fastMallocValidate):
+
+2011-05-03 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Anders Carlsson.
+
+ Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield
+ https://bugs.webkit.org/show_bug.cgi?id=59261
+
+ Use unary '+' to force proper type detection in template arguments
+ with GCC 4.6.0. See bug report for more details.
+
+ * runtime/Structure.cpp:
+ (JSC::StructureTransitionTable::remove): Use '+' to force precise type detection.
+ (JSC::StructureTransitionTable::add): ditto.
+ * runtime/Structure.h:
+ (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto.
+
+2011-05-03 Jessie Berlin <jberlin@apple.com>
+
+ Rubber-stamped by Adam Roben.
+
+ Revert r85550 and r85575.
+
+ Variables cannot be exported via the .def file. Instead, they should be annotated with
+ JS_EXPORTDATA.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Structure.cpp:
+ (JSC::Structure::materializePropertyMap):
+ * runtime/Structure.h:
+ (JSC::Structure::typeInfo):
+ (JSC::Structure::previousID):
+ (JSC::Structure::propertyStorageCapacity):
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::get):
+ (JSC::Structure::materializePropertyMapIfNecessary):
+
+2011-05-02 Adam Roben <aroben@apple.com>
+
+ Allow implicit conversion from nullptr_t to PassOwnPtr
+
+ This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in
+ strict PassOwnPtr mode.
+
+ Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr
+ doesn't work, but should
+
+ Reviewed by Adam Barth.
+
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t.
+
+ * wtf/MessageQueue.h:
+ (WTF::::waitForMessageFilteredWithTimeout):
+ (WTF::::tryGetMessage):
+ Use the new implicit conversion.
+
+2011-05-02 Jessie Berlin <jberlin@apple.com>
+
+ Rubber-stamped by Oliver Hunt.
+
+ Remove an assertion that Windows was hitting on launch.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::materializePropertyMap):
+ * runtime/Structure.h:
+ (JSC::Structure::typeInfo):
+ (JSC::Structure::previousID):
+ (JSC::Structure::propertyStorageCapacity):
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::get):
+ (JSC::Structure::materializePropertyMapIfNecessary):
+
+2011-05-02 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ <rdar://problem/9371948> JavaScriptCore should build with GCC 4.2
+
+ * Configurations/CompilerVersion.xcconfig:
+
+2011-05-02 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7 build fix.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Jump::link):
+ (JSC::AbstractMacroAssembler::Jump::linkTo):
+
+2011-05-02 Oliver Hunt <oliver@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-05-02 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ crash in JSC::RegExp::match
+ https://bugs.webkit.org/show_bug.cgi?id=58922
+
+ Cleared chained backtrack data label when linking label even if that
+ label doesn't chain itself. This is needed so that subsequent
+ backtrack data labels point to the next outer paren and not within
+ the current paren.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
+
+2011-05-02 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Tiny bit of heap cleanup.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::contains): Tightened up an assertion and a comment.
+
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::globalData):
+ (JSC::MarkedSpace::highWaterMark):
+ (JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class
+ definition, for better clarity.
+
+2011-05-02 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Correct marking of interpreter data in mixed mode builds
+ https://bugs.webkit.org/show_bug.cgi?id=59962
+
+ We had a few places in mixed mode builds where we would not
+ track data used by the interpreter for marking. This patch
+ corrects the problem and adds a number of assertions to catch
+ live Structures being collected.
+
+ * JavaScriptCore.exp:
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addPropertyAccessInstruction):
+ (JSC::CodeBlock::addGlobalResolveInstruction):
+ (JSC::CodeBlock::addStructureStubInfo):
+ (JSC::CodeBlock::addGlobalResolveInfo):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ * runtime/Structure.cpp:
+ (JSC::Structure::materializePropertyMap):
+ * runtime/Structure.h:
+ (JSC::Structure::typeInfo):
+ (JSC::Structure::previousID):
+ (JSC::Structure::propertyStorageCapacity):
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::get):
+ (JSC::Structure::materializePropertyMapIfNecessary):
+
+2011-05-02 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Use native NullPtr when using GCC 4.6.0 and C++0x
+ https://bugs.webkit.org/show_bug.cgi?id=59252
+
+ GCC 4.6.0 has nullptr support, use it when possible.
+
+ * wtf/NullPtr.cpp: include config.h to pull in Platform.h before
+ NullPtr.h, since we need the GCC_VERSION_AT_LEAST definition.
+ * wtf/NullPtr.h: check for GCC >= 4.6.0 and C++0x in order to
+ use native nullptr.
+
+2011-05-02 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59950
+ Clean up AssemblerBuffer to use a Vector internally.
+
+ AssemblerBuffer handles reallocing a byte array itself - stop that.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerLabel::AssemblerLabel):
+ (JSC::AssemblerLabel::labelAtOffset):
+ (JSC::AssemblerBuffer::AssemblerBuffer):
+ (JSC::AssemblerBuffer::~AssemblerBuffer):
+ (JSC::AssemblerBuffer::isAvailable):
+ (JSC::AssemblerBuffer::ensureSpace):
+ (JSC::AssemblerBuffer::isAligned):
+ (JSC::AssemblerBuffer::putIntegral):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ (JSC::AssemblerBuffer::putByteUnchecked):
+ (JSC::AssemblerBuffer::putByte):
+ (JSC::AssemblerBuffer::putShortUnchecked):
+ (JSC::AssemblerBuffer::putShort):
+ (JSC::AssemblerBuffer::putIntUnchecked):
+ (JSC::AssemblerBuffer::putInt):
+ (JSC::AssemblerBuffer::putInt64Unchecked):
+ (JSC::AssemblerBuffer::putInt64):
+ (JSC::AssemblerBuffer::codeSize):
+ (JSC::AssemblerBuffer::label):
+ (JSC::AssemblerBuffer::executableCopy):
+ (JSC::AssemblerBuffer::rewindToLabel):
+ (JSC::AssemblerBuffer::debugOffset):
+ (JSC::AssemblerBuffer::append):
+ (JSC::AssemblerBuffer::grow):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::linkCall):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
+
+2011-05-02 Jeff Miller <jeffm@apple.com>
+
+ Reviewed by Alexy Proskuryakov.
+
+ Avoid potential buffer overflow in WTFLog() and WTFLogVerbose()
+ https://bugs.webkit.org/show_bug.cgi?id=59949
+
+ * wtf/Assertions.cpp: Check for 0 or empty format string in WTFLog() and WTFLogVerbose().
+
+2011-05-02 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ StringImpl::endsWith has some insane code
+ https://bugs.webkit.org/show_bug.cgi?id=59900
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::endsWith):
+ - m_data shadows a member variable of the same name.
+
+2011-05-02 Gabor Loki <loki@webkit.org>
+
+ Buildfix for ARM after r85448
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::loadBranchTarget):
+
+2011-05-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Strict-mode only reserved words not reserved
+ https://bugs.webkit.org/show_bug.cgi?id=55342
+
+ Fix line number tracking when we rollback the lexer.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::parseSourceElements):
+
+2011-05-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ ES5 Strict mode does not allow getter and setter for same propId
+ https://bugs.webkit.org/show_bug.cgi?id=57295
+
+ Simplify and correct the logic for strict mode object literals.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::parseStrictObjectLiteral):
+
+2011-05-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Assigning to function identifier under strict should throw
+ https://bugs.webkit.org/show_bug.cgi?id=59289
+
+ Add logic to StaticScopeObject to ensure we don't silently consume
+ writes to constant properties.
+
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+
+2011-05-01 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59903
+ Use AssemblerLabel throughout Assembler classes, AssemblerBuffer
+
+ Creating a lable() into the AssemblerBuffer should return an AssemblerLabel,
+ not an unsigned int.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::blx):
+ (JSC::ARMAssembler::label):
+ (JSC::ARMAssembler::loadBranchTarget):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::b):
+ (JSC::ARMv7Assembler::blx):
+ (JSC::ARMv7Assembler::bx):
+ (JSC::ARMv7Assembler::label):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::label):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::label):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::label):
+ (JSC::MIPSAssembler::relocateJumps):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::loadConstant):
+ (JSC::SH4Assembler::loadConstantUnReusable):
+ (JSC::SH4Assembler::call):
+ (JSC::SH4Assembler::jmp):
+ (JSC::SH4Assembler::jne):
+ (JSC::SH4Assembler::je):
+ (JSC::SH4Assembler::label):
+ (JSC::SH4Assembler::oneShortOp):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::call):
+ (JSC::X86Assembler::jmp_r):
+ (JSC::X86Assembler::label):
+ (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
+ (JSC::X86Assembler::X86InstructionFormatter::label):
+
+2011-05-01 Adam Barth <abarth@webkit.org>
+
+ Reviewed by David Levin.
+
+ Enable strict mode for OwnPtr and PassOwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=59428
+
+ * wtf/OwnPtr.h:
+
+2011-05-01 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Enable strict OwnPtr for PLATFORM(WIN)
+ https://bugs.webkit.org/show_bug.cgi?id=59881
+
+ * wtf/OwnPtr.h:
+
+2011-05-01 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59896
+ Remove JmpSrc/JmpDst types.
+
+ The JmpSrc/JmpDst classes predate the MacroAssembler interface. Having these
+ object be per-assembler in unhelpful, causes unnecessary code duplication,
+ and prevents the AssemblerBuffer from providing a richer type for labels.
+ The limited semantic meaning that they did convey is undermined by the manner
+ in which their meanings have been overloaded (use of JmpSrc for Call, JmpDst
+ for data labels).
+
+ Jumps on ARMv7 have had additional information added to the object via the
+ ARMv7 JmpSrc. This data should probably be in the instruction stream. This
+ patch does not fix the problem, and moves the data (ifdefed) to
+ AbstractMacroAssembler::Jump (which is effectively where it was before!).
+ This at least closes the hole such that no further data may be added to JmpSrc,
+ but this is unfortunate, and should be cleaned up.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::blx):
+ (JSC::ARMAssembler::label):
+ (JSC::ARMAssembler::align):
+ (JSC::ARMAssembler::loadBranchTarget):
+ (JSC::ARMAssembler::jmp):
+ (JSC::ARMAssembler::linkPointer):
+ (JSC::ARMAssembler::linkJump):
+ (JSC::ARMAssembler::linkCall):
+ (JSC::ARMAssembler::getRelocatedAddress):
+ (JSC::ARMAssembler::getDifferenceBetweenLabels):
+ (JSC::ARMAssembler::getCallReturnOffset):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::b):
+ (JSC::ARMv7Assembler::blx):
+ (JSC::ARMv7Assembler::bx):
+ (JSC::ARMv7Assembler::label):
+ (JSC::ARMv7Assembler::align):
+ (JSC::ARMv7Assembler::getRelocatedAddress):
+ (JSC::ARMv7Assembler::getDifferenceBetweenLabels):
+ (JSC::ARMv7Assembler::getCallReturnOffset):
+ (JSC::ARMv7Assembler::linkJump):
+ (JSC::ARMv7Assembler::linkCall):
+ (JSC::ARMv7Assembler::linkPointer):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Label::isSet):
+ (JSC::AbstractMacroAssembler::Call::Call):
+ (JSC::AbstractMacroAssembler::Jump::Jump):
+ (JSC::AbstractMacroAssembler::Jump::link):
+ (JSC::AbstractMacroAssembler::Jump::linkTo):
+ (JSC::AbstractMacroAssembler::linkPointer):
+ (JSC::AbstractMacroAssembler::getLinkerAddress):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerLabel::AssemblerLabel):
+ (JSC::AssemblerLabel::isSet):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::patch):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::label):
+ (JSC::MIPSAssembler::align):
+ (JSC::MIPSAssembler::getRelocatedAddress):
+ (JSC::MIPSAssembler::getDifferenceBetweenLabels):
+ (JSC::MIPSAssembler::getCallReturnOffset):
+ (JSC::MIPSAssembler::linkJump):
+ (JSC::MIPSAssembler::linkCall):
+ (JSC::MIPSAssembler::linkPointer):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::branchDouble):
+ (JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN):
+ (JSC::MacroAssemblerARMv7::jump):
+ (JSC::MacroAssemblerARMv7::nearCall):
+ (JSC::MacroAssemblerARMv7::call):
+ (JSC::MacroAssemblerARMv7::ret):
+ (JSC::MacroAssemblerARMv7::tailRecursiveCall):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::nearCall):
+ (JSC::MacroAssemblerMIPS::call):
+ (JSC::MacroAssemblerMIPS::tailRecursiveCall):
+ (JSC::MacroAssemblerMIPS::branchTrue):
+ (JSC::MacroAssemblerMIPS::branchFalse):
+ (JSC::MacroAssemblerMIPS::branchEqual):
+ (JSC::MacroAssemblerMIPS::branchNotEqual):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::call):
+ (JSC::SH4Assembler::jmp):
+ (JSC::SH4Assembler::jne):
+ (JSC::SH4Assembler::je):
+ (JSC::SH4Assembler::label):
+ (JSC::SH4Assembler::align):
+ (JSC::SH4Assembler::linkJump):
+ (JSC::SH4Assembler::linkCall):
+ (JSC::SH4Assembler::linkPointer):
+ (JSC::SH4Assembler::getCallReturnOffset):
+ (JSC::SH4Assembler::getRelocatedAddress):
+ (JSC::SH4Assembler::getDifferenceBetweenLabels):
+ (JSC::SH4Assembler::patchPointer):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::call):
+ (JSC::X86Assembler::jmp):
+ (JSC::X86Assembler::jmp_r):
+ (JSC::X86Assembler::jne):
+ (JSC::X86Assembler::jnz):
+ (JSC::X86Assembler::je):
+ (JSC::X86Assembler::jz):
+ (JSC::X86Assembler::jl):
+ (JSC::X86Assembler::jb):
+ (JSC::X86Assembler::jle):
+ (JSC::X86Assembler::jbe):
+ (JSC::X86Assembler::jge):
+ (JSC::X86Assembler::jg):
+ (JSC::X86Assembler::ja):
+ (JSC::X86Assembler::jae):
+ (JSC::X86Assembler::jo):
+ (JSC::X86Assembler::jp):
+ (JSC::X86Assembler::js):
+ (JSC::X86Assembler::jCC):
+ (JSC::X86Assembler::label):
+ (JSC::X86Assembler::labelFor):
+ (JSC::X86Assembler::align):
+ (JSC::X86Assembler::linkJump):
+ (JSC::X86Assembler::linkCall):
+ (JSC::X86Assembler::linkPointer):
+ (JSC::X86Assembler::getCallReturnOffset):
+ (JSC::X86Assembler::getRelocatedAddress):
+ (JSC::X86Assembler::getDifferenceBetweenLabels):
+ (JSC::X86Assembler::rewindToLabel):
+ (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
+ (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::atJumpTarget):
+ (JSC::JIT::emitGetVirtualRegister):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_jmp):
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_jneq_ptr):
+ (JSC::JIT::emit_op_jsr):
+ (JSC::JIT::emit_op_jtrue):
+ (JSC::JIT::emit_op_jmp_scopes):
+
+2011-05-01 Chao-ying Fu <fu@mips.com>
+
+ Reviewed by Eric Seidel.
+
+ Fix MIPS build due to the split of "Condition" enum
+ https://bugs.webkit.org/show_bug.cgi?id=59407
+
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::debugOffset):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::branch32):
+ (JSC::MacroAssemblerMIPS::compare32):
+
+2011-04-30 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Enable strict OwnPtr for GTK
+ https://bugs.webkit.org/show_bug.cgi?id=59861
+
+ * wtf/OwnPtr.h:
+
+2011-04-30 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7 build fix.
+
+ * assembler/AssemblerBufferWithConstantPool.h:
+
+2011-04-30 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59869 - AssemblerBuffer cleanup - disambiguate size()
+
+ The method size() is called on the AssemblerBuffer both to acquire
+ the complete size of the code, and to get a position to use as a
+ label into the code. Instead, add an explicit 'label' method.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::blx):
+ (JSC::ARMAssembler::codeSize):
+ (JSC::ARMAssembler::label):
+ (JSC::ARMAssembler::loadBranchTarget):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::b):
+ (JSC::ARMv7Assembler::blx):
+ (JSC::ARMv7Assembler::bx):
+ (JSC::ARMv7Assembler::label):
+ (JSC::ARMv7Assembler::codeSize):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::codeSize):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::data):
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::codeSize):
+ (JSC::AssemblerBuffer::label):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::newJmpSrc):
+ (JSC::MIPSAssembler::appendJump):
+ (JSC::MIPSAssembler::label):
+ (JSC::MIPSAssembler::codeSize):
+ (JSC::MIPSAssembler::relocateJumps):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::loadConstant):
+ (JSC::SH4Assembler::loadConstantUnReusable):
+ (JSC::SH4Assembler::call):
+ (JSC::SH4Assembler::jmp):
+ (JSC::SH4Assembler::jne):
+ (JSC::SH4Assembler::je):
+ (JSC::SH4Assembler::label):
+ (JSC::SH4Assembler::executableCopy):
+ (JSC::SH4Assembler::oneShortOp):
+ (JSC::SH4Assembler::codeSize):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::call):
+ (JSC::X86Assembler::jmp_r):
+ (JSC::X86Assembler::codeSize):
+ (JSC::X86Assembler::label):
+ (JSC::X86Assembler::executableCopy):
+ (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
+ (JSC::X86Assembler::X86InstructionFormatter::codeSize):
+ (JSC::X86Assembler::X86InstructionFormatter::label):
+ (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+
+2011-04-29 Adam Barth <abarth@webkit.org>
+
+ Attempt to fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-04-29 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ CSP script-src should block eval
+ https://bugs.webkit.org/show_bug.cgi?id=59850
+
+ ggaren recommend a different approach to this patch, essentially
+ installing a new function for function-eval and changing the AST
+ representation of operator-eval to call function-eval. However, I'm
+ not sure that approach is workable because the ASTBuilder doesn't know
+ about global objects, and there is added complication due to the cache.
+
+ This approach is more dynamic, adding a branch in EvalExecutable to
+ detect whether eval is current disabled in the lexical scope. The spec
+ is slightly unclear about whether we should return undefined or throw
+ an exception. I've asked Brandon to clarify the spec, but throwing an
+ exception seems natural.
+
+ * JavaScriptCore.exp:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::disableEval):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::isEvalEnabled):
+
+2011-04-29 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59847
+ Remove linkOffset from LinkBuffer
+
+ This is redundant since removal of recompilation for exception info.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::linkCode):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::compile):
+ (JSC::JIT::compileCTIMachineTrampolines):
+ (JSC::JIT::compileCTINativeCall):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+
+2011-04-29 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt & Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59221
+ [RegexFuzz] Regression blocking testing
+
+ Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion
+ node, emitDisjunction recursively calls to itself to emit the nested disjunction
+ the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into
+ account the uncheck that has just taken place).
+
+ Also, the special handling given to countToCheck in the case of parenthetical
+ assertions is nonsense, delete it, along with the isParentheticalAssertion argument.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+
+2011-04-29 Csaba Osztrogonác <ossy@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Enable strict OwnPtr for Qt
+ https://bugs.webkit.org/show_bug.cgi?id=59667
+
+ * wtf/OwnPtr.h:
+
+2011-04-29 Dean Jackson <dino@apple.com>
+
+ Reviewed by Simon Fraser.
+
+ Add ENABLE macro for WebKitAnimation
+ https://bugs.webkit.org/show_bug.cgi?id=59729
+
+ Add new feature to toggle WebKit Animation API.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-28 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Mark Rowe.
+
+ Install testapi.js along side testapi
+ https://bugs.webkit.org/show_bug.cgi?id=59773
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Add new build phase to copy testapi.js to install path of testapi
+ on install.
+
+2011-04-28 David Levin <levin@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Remove IMAGE_RESIZER related code.
+ https://bugs.webkit.org/show_bug.cgi?id=59735
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59763
+ DFG JIT - Unify FPRReg & FPRegisterID
+
+ (Following on from GPRReg/RegisterID unification).
+
+ * dfg/DFGFPRInfo.h:
+ (JSC::DFG::FPRInfo::toRegister):
+ (JSC::DFG::FPRInfo::debugName):
+ * dfg/DFGGPRInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ (JSC::DFG::JITCodeGenerator::flushRegisters):
+ (JSC::DFG::JITCodeGenerator::isFlushed):
+ (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
+ (JSC::DFG::JITCodeGenerator::setupStubArguments):
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ (JSC::DFG::GPRResult::lockedResult):
+ (JSC::DFG::FPRResult::lockedResult):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::EntryLocation::EntryLocation):
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::numberToInt32):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::iterator::regID):
+ (JSC::DFG::RegisterBank::iterator::debugName):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculationCheck::SpeculationCheck):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-04-28 David Kilzer <ddkilzer@apple.com>
+
+ Revert "<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called"
+
+ This reverts commit r85195. It was crashing DumpRenderTree on Lion.
+
+ * wtf/mac/MainThreadMac.mm:
+ (WTF::postTimer):
+
+2011-04-28 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Remove WML
+ https://bugs.webkit.org/show_bug.cgi?id=59678
+
+ Remove the WML configuration option from the Mac build system.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-28 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r85233 and r85235.
+ http://trac.webkit.org/changeset/85233
+ http://trac.webkit.org/changeset/85235
+ https://bugs.webkit.org/show_bug.cgi?id=59754
+
+ Causes issues with jsc. (Requested by dave_levin on #webkit).
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutablePool::ExecutablePool):
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ * wtf/CMakeLists.txt:
+ * wtf/RefCounted.h:
+ (WTF::RefCountedBase::ref):
+ (WTF::RefCountedBase::hasOneRef):
+ (WTF::RefCountedBase::refCount):
+ (WTF::RefCountedBase::derefBase):
+ * wtf/SizeLimits.cpp:
+ * wtf/ThreadRestrictionVerifier.h: Removed.
+ * wtf/text/CString.h:
+ (WTF::CStringBuffer::CStringBuffer):
+
+2011-04-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59740 - DFG JIT - Unify GPRReg & RegisterID
+
+ Currently we use a mix of enum values throughout the DFG JIT to represent
+ gpr registers - the RegisterID provided by the MacroAssembler, and the
+ GPRReg enum giving the sequential register set over which the RegisterBank
+ allocates. Unify the two.
+
+ Patch to unify FPRReg in a similar fashion will follow.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGFPRInfo.h: Added.
+ (JSC::DFG::next):
+ (JSC::DFG::FPRBankInfo::toRegister):
+ (JSC::DFG::FPRBankInfo::toIndex):
+ * dfg/DFGGPRInfo.h: Added.
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ (JSC::DFG::GPRInfo::debugName):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::dump):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ (JSC::DFG::JITCodeGenerator::spill):
+ (JSC::DFG::JITCodeGenerator::flushRegisters):
+ (JSC::DFG::JITCodeGenerator::isFlushed):
+ (JSC::DFG::JITCodeGenerator::bitOp):
+ (JSC::DFG::JITCodeGenerator::shiftOp):
+ (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
+ (JSC::DFG::JITCodeGenerator::setupStubArguments):
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ (JSC::DFG::IntegerOperand::gpr):
+ (JSC::DFG::DoubleOperand::gpr):
+ (JSC::DFG::GPRTemporary::gpr):
+ (JSC::DFG::FPRTemporary::gpr):
+ (JSC::DFG::GPRResult::lockedResult):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::compileFunction):
+ (JSC::DFG::JITCompiler::jitAssertIsInt32):
+ (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
+ (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
+ (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::preserveReturnAddressAfterCall):
+ (JSC::DFG::JITCompiler::restoreReturnAddressBeforeReturn):
+ (JSC::DFG::JITCompiler::emitGetFromCallFrameHeaderPtr):
+ (JSC::DFG::JITCompiler::emitPutToCallFrameHeader):
+ (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
+ (JSC::DFG::JITCompiler::addressForGlobalVar):
+ (JSC::DFG::JITCompiler::addressFor):
+ (JSC::DFG::JITCompiler::tagFor):
+ (JSC::DFG::JITCompiler::payloadFor):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::EntryLocation::EntryLocation):
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::numberToInt32):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
+ (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
+ (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
+ (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
+ (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::allocate):
+ (JSC::DFG::RegisterBank::retain):
+ (JSC::DFG::RegisterBank::release):
+ (JSC::DFG::RegisterBank::lock):
+ (JSC::DFG::RegisterBank::unlock):
+ (JSC::DFG::RegisterBank::isLocked):
+ (JSC::DFG::RegisterBank::name):
+ (JSC::DFG::RegisterBank::iterator::name):
+ (JSC::DFG::RegisterBank::iterator::isLocked):
+ (JSC::DFG::RegisterBank::iterator::release):
+ (JSC::DFG::RegisterBank::iterator::gpr):
+ (JSC::DFG::RegisterBank::iterator::debugName):
+ (JSC::DFG::RegisterBank::iterator::operator++):
+ (JSC::DFG::RegisterBank::iterator::operator!=):
+ (JSC::DFG::RegisterBank::iterator::index):
+ (JSC::DFG::RegisterBank::iterator::iterator):
+ (JSC::DFG::RegisterBank::begin):
+ (JSC::DFG::RegisterBank::end):
+ (JSC::DFG::RegisterBank::isLockedAtIndex):
+ (JSC::DFG::RegisterBank::nameAtIndex):
+ (JSC::DFG::RegisterBank::releaseAtIndex):
+ (JSC::DFG::RegisterBank::allocateInternal):
+ (JSC::DFG::RegisterBank::MapEntry::MapEntry):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculationCheck::SpeculationCheck):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculateIntegerOperand::gpr):
+
+2011-04-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove evil addressOfStructure() function
+ https://bugs.webkit.org/show_bug.cgi?id=59739
+
+ Remove the addressOfStructure function from JSCell, and update
+ callsites to use the same logic as testPrototype()
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ * runtime/JSCell.h:
+
+2011-04-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Clean up testPrototype()
+ https://bugs.webkit.org/show_bug.cgi?id=59734
+
+ Remove direct pointer to the inside of a GC object and just do
+ the indirect load manually. Doesn't effect sunspider but does
+ clean up the code quite a bit, and simplifies the handling of
+ GC values.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::testPrototype):
+
+2011-04-28 David Levin <levin@chromium.org>
+
+ Build fix.
+
+ * wtf/RefCounted.h: Fix inverted ifdef.
+
+2011-04-07 David Levin <levin@chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Add asserts to RefCounted to make sure ref/deref happens on the right thread.
+ https://bugs.webkit.org/show_bug.cgi?id=31639
+
+ * GNUmakefile.list.am: Added new files to the build.
+ * JavaScriptCore.gypi: Ditto.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
+ due to not being able to figure out what was guarding it (bug 58091).
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider): Ditto.
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp): Ditto.
+ * wtf/CMakeLists.txt: Added new files to the build.
+ * wtf/ThreadRestrictionVerifier.h: Added.
+ Everything is done in the header to avoid the issue with exports
+ that are only useful in debug but still needing to export them.
+ * wtf/RefCounted.h:
+ (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
+ and filed bug 58171 about making it stricter.
+ (WTF::RefCountedBase::hasOneRef): Ditto.
+ (WTF::RefCountedBase::refCount): Ditto.
+ (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
+ on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
+ (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
+ Filed bug 58174 to remove this method.
+ (WTF::RefCountedBase::derefBase):
+ * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
+ * wtf/text/CString.h:
+ (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
+ done in Chromium's test_shell (bug 58093).
+
+2011-04-28 Xan Lopez <xlopez@igalia.com>
+
+ Unreviewed attempt to fix the build.
+
+ * GNUmakefile.am: add -lpthread.
+
+2011-04-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Only need a single implementation of testPrototype
+ https://bugs.webkit.org/show_bug.cgi?id=59724
+
+ Remove excess copy of identical testPrototype() code
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::testPrototype):
+ * jit/JITPropertyAccess32_64.cpp:
+
+2011-04-28 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Martin Robinson.
+
+ [Gtk] Split JSC and WebCore builds
+ https://bugs.webkit.org/show_bug.cgi?id=19428
+
+ Build JavaScriptCore as a libtool shared library instead of a
+ private convenience library.
+
+ * GNUmakefile.am: define new jsc library and adapt to new name for
+ javascriptcore target.
+ * GNUmakefile.list.am: ditto.
+
+2011-04-28 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called
+
+ Reviewed by Simon Fraser.
+
+ * wtf/mac/MainThreadMac.mm:
+ (WTF::postTimer): Use RetainPtr to plug the leak.
+
+2011-04-27 Sam Weinig <sam@webkit.org>
+
+ Reviewed by David Kilzer.
+
+ Add way to install testapi in production builds
+ https://bugs.webkit.org/show_bug.cgi?id=59674
+
+ * Configurations/TestAPI.xcconfig: Copied from Configurations/JavaScriptCore.xcconfig.
+ Add configuration file for TestAPI. In addition to name, we now specify an install path
+ and allow SKIP_INSTALL to be overridden by setting FORCE_TOOL_INSTALL.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Remove in-project build settings and add missing configuration files. Added missing CompilerVersion.xcconfig
+ file.
+
+2011-04-27 Adam Barth <abarth@webkit.org>
+
+ Reviewed by David Levin.
+
+ Enable strict OwnPtrs for Chromium
+ https://bugs.webkit.org/show_bug.cgi?id=59666
+
+ * wtf/OwnPtr.h:
+
+2011-04-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Add ability to remove keys from weakmap API
+ https://bugs.webkit.org/show_bug.cgi?id=59645
+
+ Add JSWeakObjectMapRemove API
+
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * API/JSWeakObjectMapRefPrivate.h:
+ * JavaScriptCore.exp:
+
+2011-04-27 Adam Barth <abarth@webkit.org>
+
+ Reviewed by David Levin.
+
+ Enable strict mode for OwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=59428
+
+ This patch enables strict mode for OwnPtr on PLATFORM(MAC) only.
+
+ * wtf/OwnPtr.h:
+
+2011-04-27 Steve Block <steveblock@google.com>
+
+ Reviewed by David Levin.
+
+ Remove Android build system
+ https://bugs.webkit.org/show_bug.cgi?id=48111
+
+ This is to avoid the maintenance burden until the Android port is
+ fully upstreamed.
+
+ * Android.mk: Removed.
+ * Android.v8.wtf.mk: Removed.
+
+2011-04-27 Mark Rowe <mrowe@apple.com>
+
+ Fix 32-bit build after r85036.
+
+ * wtf/Platform.h: USE(PLUGIN_HOST_PROCESS) is only true for 64-bit.
+
+2011-04-27 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed buildfix after r85036.
+
+ Readd non-dead code.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+
+2011-04-27 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Kenneth Russell.
+
+ OwnPtr assignment operator should be private
+ https://bugs.webkit.org/show_bug.cgi?id=59487
+
+ Unfortunately we can't remove the copy constructor because of some
+ detail about gcc. (The issue is documented in a comment already.)
+
+ * wtf/OwnPtr.h:
+
+2011-04-26 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84977.
+ http://trac.webkit.org/changeset/84977
+ https://bugs.webkit.org/show_bug.cgi?id=59568
+
+ caused crashes on the SL WK2 bots (Requested by jessieberlin
+ on #webkit).
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::call):
+ (JSC::MacroAssemblerX86_64::tailRecursiveCall):
+ (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
+
+2011-04-26 Kevin Ollivier <kevino@theolliviers.com>
+
+ Rubberstamped by Eric Seidel.
+
+ Enable waf to be used to build other ports
+ https://bugs.webkit.org/show_bug.cgi?id=58213
+
+ * wscript:
+
+2011-04-26 Sam Weinig <sam@webkit.org>
+
+ Reviewed by David Hyatt.
+
+ Remove Datagrid from the tree
+ https://bugs.webkit.org/show_bug.cgi?id=59543
+
+ * Configurations/FeatureDefines.xcconfig:
+ Remove feature.
+
+2011-04-26 Adrienne Walker <enne@google.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Fix incorrect use of OwnPtr<T*> in GCActivityCallback
+ https://bugs.webkit.org/show_bug.cgi?id=59559
+
+ * runtime/GCActivityCallback.h:
+
+2011-04-26 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Daniel Bates.
+
+ Unused but set variable warning in MacroAssembelX86_64
+ https://bugs.webkit.org/show_bug.cgi?id=59482
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::call): do not declare the label
+ variable if we are not going to use it.
+ (JSC::MacroAssemblerX86_64::tailRecursiveCall): ditto.
+ (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): ditto.
+
+2011-04-26 Dan Bernstein <mitz@apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Choose the compiler based on the Xcode version for Snow Leopard debug builds.
+
+ * Configurations/Base.xcconfig:
+ * Configurations/CompilerVersion.xcconfig: Added.
+
+2011-04-25 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Nixed special finalizer handling for WebCore strings
+ https://bugs.webkit.org/show_bug.cgi?id=59425
+
+ SunSpider reports no change.
+
+ Not needed anymore, since weak handles have finalizers.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ (JSC::JSString::outOfMemory):
+ (JSC::JSString::substringFromRope):
+ (JSC::JSString::replaceCharacter): Updated for removal of union.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::~JSString):
+ (JSC::RopeBuilder::appendStringInConstruct):
+ (JSC::RopeBuilder::appendValueInConstructAndIncrementLength): No need for
+ union or special constructor anymore.
+
+2011-04-26 Gabor Loki <loki@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ Speeding up SVG filters with multicore (SMP) support
+ https://bugs.webkit.org/show_bug.cgi?id=43903
+
+ Some SVG filters execute a huge number of pixel manipulations, which
+ cannot be sped up by graphics accelerators, since their algorithm is
+ too complex. Using the power of Symmetric Multi Processing (SMP) we
+ can split up a task to smaller (data independent) tasks, which can be
+ executed independently.
+
+ The ParallelJobs framework provides a simple way for distributed
+ programming. The framework is based on WebKit's threading infrastructure,
+ Open Multi-Processing's (OpenMP) API, and libdispatch API.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/ParallelJobs.h: Added.
+ (WTF::ParallelJobs::ParallelJobs):
+ (WTF::ParallelJobs::numberOfJobs):
+ (WTF::ParallelJobs::parameterForJob):
+ (WTF::ParallelJobs::executeJobs):
+ * wtf/ParallelJobsGeneric.cpp: Added.
+ (WTF::ParallelEnvironment::ThreadPrivate::tryLockFor):
+ (WTF::ParallelEnvironment::ThreadPrivate::executeJob):
+ (WTF::ParallelEnvironment::ThreadPrivate::waitForFinish):
+ (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
+ * wtf/ParallelJobsGeneric.h: Added.
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::numberOfJobs):
+ (WTF::ParallelEnvironment::parameterForJob):
+ (WTF::ParallelEnvironment::executeJobs):
+ (WTF::ParallelEnvironment::ThreadPrivate::ThreadPrivate):
+ (WTF::ParallelEnvironment::ThreadPrivate::create):
+ * wtf/ParallelJobsLibdispatch.h: Added.
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::numberOfJobs):
+ (WTF::ParallelEnvironment::parameterForJob):
+ (WTF::ParallelEnvironment::executeJobs):
+ * wtf/ParallelJobsOpenMP.h: Added.
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::numberOfJobs):
+ (WTF::ParallelEnvironment::parameterForJob):
+ (WTF::ParallelEnvironment::executeJobs):
+ * wtf/Platform.h:
+ * wtf/wtf.pri:
+
+2011-04-26 Mihai Parparita <mihaip@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Turn off make built-in implicit rules for derived sources makefile
+ https://bugs.webkit.org/show_bug.cgi?id=59418
+
+ We don't use any of make's built-in implicit rules, turning them off
+ speeds up parsing of the makefile.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * gyp/generate-derived-sources.sh:
+
+2011-04-25 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Custom prototypes on DOM objects don't persist after garbage collection
+ https://bugs.webkit.org/show_bug.cgi?id=59412
+
+ SunSpider reports no change.
+
+ The hasCustomProperties() check didn't check for a custom prototype.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::hasCustomProperties): Changed to delegate to Structure
+ because it is the "truth" about an object's pedigree.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+ (JSC::Structure::didTransition): Track whether a Structure has ever
+ transitioned for any reason. If so, we have to assume that the object
+ holding it is custom in some way.
+
+2011-04-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59405
+ DFG JIT - add type speculation for integer & array types, for vars & args.
+
+ If a var or argument is used as the base for a GetByVal or PutByVal access
+ we are speculating that it is of type Array (we only generate code on the
+ speculative path to perform array accesses). By typing the var or args slot
+ as Array, and checking on entry to the function (in the case of args), and
+ each time the local is written to, we can avoid a type check at each point
+ the array is accessed. This will typically hoist type checks out of loops.
+
+ Similarly, any local that is incremented or decremented, or is the input or
+ output or a bitwise operator, is likely to be an integer. By typing the
+ local as int32 we can avoid speculation checks on access, and tagging when
+ writing to the slot. All accesses can become 32bit instead of 64.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::predictArray):
+ (JSC::DFG::ByteCodeParser::predictInt32):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::PredictionSlot::PredictionSlot):
+ (JSC::DFG::Graph::Graph):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::tagFor):
+ (JSC::DFG::JITCompiler::payloadFor):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+
+2011-04-25 David Levin <levin@chromium.org>
+
+ Reviewed by James Robinson.
+
+ Fix OwnPtr strict mode violation in MessageQueue.h
+ https://bugs.webkit.org/show_bug.cgi?id=59400
+
+ * wtf/MessageQueue.h:
+ (WTF::::waitForMessage):
+ (WTF::::waitForMessageFilteredWithTimeout):
+ (WTF::::tryGetMessage):
+
+2011-04-25 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ JavaScriptCore should play nice strict OwnPtrs
+ https://bugs.webkit.org/show_bug.cgi?id=59401
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+ * heap/Heap.cpp:
+ (JSC::TypeCounter::TypeCounter):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+ * parser/JSParser.cpp:
+ (JSC::JSParser::Scope::Scope):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
+
+2011-04-25 Mark Rowe <mrowe@apple.com>
+
+ Build fix.
+
+ * wtf/ListHashSet.h:
+
+2011-04-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59370 - DFG JIT - fix leak of BlocksBlocks
+ (put the blocks immediately into an OwnPtr).
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+
+2011-04-25 James Robinson <jamesr@chromium.org>
+
+ Reviewed by David Levin.
+
+ Fix strict OwnPtr violations in ListHashSet and RenderLayerCompositor
+ https://bugs.webkit.org/show_bug.cgi?id=59353
+
+ * wtf/ListHashSet.h:
+ (WTF::::ListHashSet):
+
+2011-04-25 David Levin <levin@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Fix PassOwnPtr issues in Structure and JSGlobalData.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=59347
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/Structure.cpp:
+ (JSC::Structure::copyPropertyTable):
+ (JSC::Structure::createPropertyMap):
+ * runtime/Structure.h:
+
+2011-04-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make ClassInfo required when creating a Structure
+ https://bugs.webkit.org/show_bug.cgi?id=59340
+
+ Add ClassInfo to all those types which currently don't
+ have it, and add an assertion to Structure::create to
+ ensure that the provided classInfo is not null.
+
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/GetterSetter.cpp:
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/JSAPIValueWrapper.cpp:
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSString.cpp:
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::JSCell::createDummyStructure):
+
+2011-04-25 David Levin <levin@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ PropertyMapHashTable.h should use adoptPtr instead of implicit conversions to PassRefPtr.
+ https://bugs.webkit.org/show_bug.cgi?id=59342
+
+ This patch is to prepare for the strict OwnPtr hack-a-thon.
+
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::copy):
+
+2011-04-25 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Rationalize MacroAssembler branch methods
+ https://bugs.webkit.org/show_bug.cgi?id=58950
+
+ split out the 'Condition' enum into 'RelationalCondition' and 'ResultCondition'
+ and apply related changes (only for SH4 platforms).
+
+ * assembler/MacroAssemblerSH4.cpp:
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::compare32):
+ (JSC::MacroAssemblerSH4::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerSH4::branchDouble):
+ (JSC::MacroAssemblerSH4::branch32):
+ (JSC::MacroAssemblerSH4::branchTest8):
+ (JSC::MacroAssemblerSH4::branch8):
+ (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
+ (JSC::MacroAssemblerSH4::test8):
+ (JSC::MacroAssemblerSH4::branch16):
+ (JSC::MacroAssemblerSH4::branchTest32):
+ (JSC::MacroAssemblerSH4::branchAdd32):
+ (JSC::MacroAssemblerSH4::branchMul32):
+ (JSC::MacroAssemblerSH4::branchSub32):
+ (JSC::MacroAssemblerSH4::branchOr32):
+ (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
+ (JSC::MacroAssemblerSH4::branchPtrWithPatch):
+ (JSC::MacroAssemblerSH4::SH4Condition):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::cmpEqImmR0):
+
+2011-04-25 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ PropertyMapHashTable should work with strict OwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=59337
+
+ This patch is in preparation for the strict OwnPtr hack-a-thon.
+
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::PropertyTable):
+ (JSC::PropertyTable::addDeletedOffset):
+
+2011-04-25 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Nixed MarkStack::deprecatedAppend, since it has no clients left.
+
+ * heap/MarkStack.h:
+
+2011-04-23 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59287 - DFG JIT - Handle temporaries as vars, allowing support for ?:
+
+ SetLocals to temporaries will only be generated if they are used within other
+ blocks, due to the SSA based DCE.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig & Geoff Garen.
+
+ Bug 59266 - DFG JIT - Add SSA style DCE
+
+ This works by making GetLocal nodes reference SetLocal nodes from prior blocks,
+ via intermediate Phi nodes. Whenever we add a GetLocal to the graph, also add a
+ matching child Phi, and add the Phi to a work queue to add references to prior
+ definitions once we have the full CFG & can determine predecessors. This process
+ is iterative, inserting new phis into predecessors as necessary.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processWorkQueue):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::refChildren):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::ref):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::ref):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::dump):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-22 Vitaly Repeshko <vitalyr@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Add missing default constructors for HashMap iterator specializations.
+ https://bugs.webkit.org/show_bug.cgi?id=59250
+
+ * wtf/HashIterators.h:
+ * wtf/HashTable.h:
+ (WTF::HashTableConstIterator::HashTableConstIterator): Added cast
+ to help compiler find the function template.
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 59262 - DFG JIT - reduce size of VariableRecord
+
+ We never need both the get & set node, only the most recent
+ (which is always a set, if both exist).
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::VariableRecord::VariableRecord):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Bug 59254 - DFG JIT - retain VariableRecords for args/var in all basic blocks,
+ such that this information is available for DCE. Also, since this enlarges the
+ size of BasicBlock, make Graph hold a vector of pointers to basic blocks, not a
+ vector of blocks.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::setupPredecessors):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::VariableRecord::VariableRecord):
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::BasicBlock::getBytecodeBegin):
+ (JSC::DFG::Graph::blockIndexForBytecodeOffset):
+ (JSC::DFG::Graph::blockForBytecodeOffset):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Errk, build fix.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Quick cleanup to SpeculativeJIT/NonSpeculativeJIT compile loop,
+ move out the call to checkConsistency().
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+
+2011-04-21 Vitaly Repeshko <vitalyr@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Provide default constructors for HashMap iterators.
+ https://bugs.webkit.org/show_bug.cgi?id=59151
+
+ These will be used to implement an iterator over EventTarget's
+ listeners.
+
+ * wtf/HashTable.h:
+ (WTF::HashTableConstIteratorAdapter::HashTableConstIteratorAdapter):
+ (WTF::HashTableIteratorAdapter::HashTableIteratorAdapter):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 59232 - DFG JIT - Add predecessor links to BasicBlocks
+
+ These will be necessary for DCE support.
+ Also factor allocateVirtualRegisters out into its own method.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::setupPredecessors):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::blockForBytecodeOffset):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::isTerminal):
+
+2011-04-22 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Object.create creates uncachable objects
+ https://bugs.webkit.org/show_bug.cgi?id=59164
+
+ Use the prototype object's inheritorID, as we
+ should always have done
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::nullPrototypeObjectStructure):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorCreate):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 59222 - DFG JIT - don't allocate virtual registers to nodes with no result
+
+ We currently allocate virtual registers to nodes which have no result - these are
+ clearly unused, and may result in us allocating a larger than necessary stack frame.
+
+ Encapsulate Node::virtualRegister such that we can ASSERT this is only called on
+ nodes that have results, and improve the quality of output from the consistency check.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::ref):
+ (JSC::DFG::Graph::deref):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::dump):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::canReuse):
+ (JSC::DFG::JITCodeGenerator::isFilled):
+ (JSC::DFG::JITCodeGenerator::isFilledDouble):
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::integerResult):
+ (JSC::DFG::JITCodeGenerator::noResult):
+ (JSC::DFG::JITCodeGenerator::cellResult):
+ (JSC::DFG::JITCodeGenerator::jsValueResult):
+ (JSC::DFG::JITCodeGenerator::doubleResult):
+ (JSC::DFG::JITCodeGenerator::initConstantInfo):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasResult):
+ (JSC::DFG::Node::virtualRegister):
+ (JSC::DFG::Node::setVirtualRegister):
+ (JSC::DFG::Node::refCount):
+ (JSC::DFG::Node::ref):
+ (JSC::DFG::Node::deref):
+ (JSC::DFG::Node::adjustedRefCount):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
+ (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::use):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-22 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Gavin Barraclough and Oliver Hunt.
+
+ Arrays should participate in global object forwarding fun
+ https://bugs.webkit.org/show_bug.cgi?id=59215
+
+ * runtime/JSGlobalObject.h:
+ (JSC::constructEmptyArray):
+ (JSC::constructArray):
+ Add variants of constructArray that take a global object.
+
+2011-04-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84650 and r84654.
+ http://trac.webkit.org/changeset/84650
+ http://trac.webkit.org/changeset/84654
+ https://bugs.webkit.org/show_bug.cgi?id=59218
+
+ Broke Windows build (Requested by bweinstein on #webkit).
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Handle.h:
+ (JSC::HandleBase::operator!):
+ (JSC::HandleBase::operator UnspecifiedBoolType*):
+ (JSC::HandleTypes::getFromSlot):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::markStrongHandles):
+ (JSC::HandleHeap::markWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::protectedGlobalObjectCount):
+ (JSC::HandleHeap::isValidWeakNode):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::copyWeak):
+ (JSC::HandleHeap::makeWeak):
+ (JSC::HandleHeap::Node::slot):
+ * heap/HandleStack.cpp:
+ (JSC::HandleStack::mark):
+ (JSC::HandleStack::grow):
+ * heap/HandleStack.h:
+ (JSC::HandleStack::zapTo):
+ (JSC::HandleStack::push):
+ * heap/Heap.cpp:
+ (JSC::HandleHeap::protectedObjectTypeCounts):
+ * heap/Local.h:
+ (JSC::::set):
+ * heap/Strong.h:
+ (JSC::Strong::set):
+ * heap/Weak.h:
+ (JSC::Weak::set):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::singleTransition):
+ (JSC::StructureTransitionTable::setSingleTransition):
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ * runtime/WriteBarrier.h:
+
+2011-04-22 Brian Weinstein <bweinstein@apple.com>
+
+ Part of Windows build fix from r84650.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-04-22 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make it harder to use HandleSlot incorrectly
+ https://bugs.webkit.org/show_bug.cgi?id=59205
+
+ Just add a little type fudging to make it harder to
+ incorrectly assign through a HandleSlot.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init):
+ * JavaScriptCore.exp:
+ * heap/Handle.h:
+ (JSC::HandleBase::operator!):
+ (JSC::HandleBase::operator UnspecifiedBoolType*):
+ (JSC::HandleTypes::getFromSlot):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::markStrongHandles):
+ (JSC::HandleHeap::markWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::protectedGlobalObjectCount):
+ (JSC::HandleHeap::isValidWeakNode):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::copyWeak):
+ (JSC::HandleHeap::makeWeak):
+ (JSC::HandleHeap::Node::slot):
+ * heap/HandleStack.cpp:
+ (JSC::HandleStack::mark):
+ (JSC::HandleStack::grow):
+ * heap/HandleStack.h:
+ (JSC::HandleStack::zapTo):
+ (JSC::HandleStack::push):
+ * heap/Heap.cpp:
+ (JSC::HandleHeap::protectedObjectTypeCounts):
+ * heap/Local.h:
+ (JSC::::set):
+ * heap/Strong.h:
+ (JSC::Strong::set):
+ * heap/Weak.h:
+ (JSC::Weak::set):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::singleTransition):
+ (JSC::StructureTransitionTable::setSingleTransition):
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ * runtime/WriteBarrier.h:
+ (JSC::OpaqueJSValue::toJSValue):
+ (JSC::OpaqueJSValue::toJSValueRef):
+ (JSC::OpaqueJSValue::fromJSValue):
+
+2011-04-22 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for ENABLE(INTERPRETER) after r84556.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+
+2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84583.
+ http://trac.webkit.org/changeset/84583
+ https://bugs.webkit.org/show_bug.cgi?id=59173
+
+ "broke
+ http://trac.webkit.org/export/84593/trunk/LayoutTests/fast/js
+ /Object-create.html" (Requested by ggaren on #webkit).
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorCreate):
+
+2011-04-21 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Add a feature define to allow <details> and <summary> to be disabled
+ https://bugs.webkit.org/show_bug.cgi?id=59118
+ <rdar://problem/9257045>
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-21 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Object.create creates uncachable objects
+ https://bugs.webkit.org/show_bug.cgi?id=59164
+
+ Use the prototype object's inheritorID, as we
+ should always have done
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorCreate):
+
+2011-04-21 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Start moving to a general visitor pattern for GC traversal
+ https://bugs.webkit.org/show_bug.cgi?id=59141
+
+ This is just a rename:
+ markChildren -> visitChildren
+ markAggregate -> visitAggregate
+ markStack -> visitor
+ MarkStack -> typedef'd to SlotVisitor
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObjectData::visitChildren):
+ (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
+ (JSC::JSCallbackObject::visitChildren):
+ * JavaScriptCore.exp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitStructures):
+ (JSC::EvalCodeCache::visitAggregate):
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ * bytecode/EvalCodeCache.h:
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::visitAggregate):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::visitAggregate):
+ * bytecode/StructureStubInfo.h:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * debugger/DebuggerActivation.h:
+ * heap/HandleHeap.cpp:
+ (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
+ (JSC::HandleHeap::markStrongHandles):
+ (JSC::HandleHeap::markWeakHandles):
+ * heap/HandleHeap.h:
+ * heap/HandleStack.cpp:
+ (JSC::HandleStack::mark):
+ * heap/HandleStack.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::markProtectedObjects):
+ (JSC::Heap::markTempSortVectors):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::visitChildren):
+ (JSC::MarkStack::drain):
+ * heap/MarkStack.h:
+ (JSC::HeapRootVisitor::HeapRootVisitor):
+ (JSC::HeapRootVisitor::mark):
+ (JSC::HeapRootVisitor::visitor):
+ * heap/MarkedSpace.h:
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::markLists):
+ * runtime/ArgList.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Arguments.h:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSArray.h:
+ (JSC::JSArray::visitDirect):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::visitChildren):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::visitIfNeeded):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSONObject.cpp:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSObject.h:
+ (JSC::JSObject::visitDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ (JSC::TypeInfo::overridesVisitChildren):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/JSWrapperObject.h:
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/RegExpObject.h:
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::visitChildren):
+ * runtime/SmallStrings.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::createStructure):
+
+2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84548.
+ http://trac.webkit.org/changeset/84548
+ https://bugs.webkit.org/show_bug.cgi?id=59144
+
+ Broke chromium-win build (Requested by aklein on #webkit).
+
+ * wtf/Platform.h:
+
+2011-04-21 Adam Klein <adamk@chromium.org>
+
+ Reviewed by David Levin.
+
+ [fileapi] Worker File API calls that create Blobs fail in debug builds due to random number generator thread assertion
+ https://bugs.webkit.org/show_bug.cgi?id=55728
+
+ Enable WTF_MULTIPLE_THREADS for Chromium.
+
+ * wtf/Platform.h:
+
+2011-04-20 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ JSString::resolveRope inefficient for common 2 fiber case
+ https://bugs.webkit.org/show_bug.cgi?id=58994
+
+ Split JSString::resolveRope into three routines.
+ resolveRope allocates the new buffer and handles the 1 or 2
+ fiber case with single level fibers.
+ resolveRopeSlowCase handles the general case.
+ outOfMemory handles the rare out of memory exception case.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ (JSC::JSString::outOfMemory):
+ * runtime/JSString.h:
+
+2011-04-20 Adam Klein <adamk@chromium.org>
+
+ Reviewed by David Levin.
+
+ Rename all uses of JSC_MULTIPLE_THREADS under wtf/... to WTF_MULTIPLE_THREADS
+ https://bugs.webkit.org/show_bug.cgi?id=59040
+
+ This will be used to fix https://bugs.webkit.org/show_bug.cgi?id=55728
+ by enabling WTF_MULTIPLE_THREADS for Chromium.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
+ * wtf/FastMalloc.cpp:
+ * wtf/Platform.h:
+ Enable WTF_MULTIPLE_THREADS whenever JSC_MULTIPLE_THREADS is enabled.
+ * wtf/RandomNumber.cpp:
+ (WTF::randomNumber):
+ * wtf/RefCountedLeakCounter.cpp:
+ (WTF::RefCountedLeakCounter::increment):
+ (WTF::RefCountedLeakCounter::decrement):
+ * wtf/dtoa.cpp:
+ (WTF::pow5mult):
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoff Garen
+
+ Bug 59069 - DFG JIT - register allocate r8, r9, r10
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::gprToRegisterID):
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix - revert accidental change.
+
+ * wtf/Platform.h:
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Add SAMPLING_FLAGS tool to DFG JIT.
+
+ * bytecode/SamplingTool.h:
+ (JSC::SamplingFlags::addressOfFlags):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::setSamplingFlag):
+ (JSC::DFG::JITCompiler::clearSamplingFlag):
+ * dfg/DFGJITCompiler.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::setSamplingFlag):
+ (JSC::JIT::clearSamplingFlag):
+ * wtf/Platform.h:
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59022 - DFG JIT - Optimize branch-on-relational-compare
+
+ If a relational compare (< or <=) is immediately followed by a branch,
+ we can combine the two, avoiding generation of a boolean into a register.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branch32):
+ (JSC::MacroAssemblerX86Common::invert):
+ (JSC::MacroAssemblerX86Common::commute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::adjustedRefCount):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isJSConstantWithInt32Value):
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7 build fix II.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::softModulo):
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7 build fix.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::test8):
+
+2011-04-19 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Rationalize MacroAssembler branch methods
+ https://bugs.webkit.org/show_bug.cgi?id=58950
+
+ The MacroAssembler currently exposes x86's weird behaviour that the 'setcc'
+ instruction only sets the low 8 bits of a register. Stop that.
+
+ Having done so, to clarify remove the 'set32' prefix from test & compare
+ instructions - these methods all now set a full 32/64 bit register (Ptr size).
+ The size in the function name should indicate the amount of data being compared.
+
+ Also split out the 'Condition' enum into 'RelationalCondition' and
+ 'ResultCondition'. The former is used in binary comparison, the latter is a unary
+ condition check on the result of an operation.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::branchPtr):
+ (JSC::MacroAssembler::branch32):
+ (JSC::MacroAssembler::branch16):
+ (JSC::MacroAssembler::branchTestPtr):
+ (JSC::MacroAssembler::comparePtr):
+ (JSC::MacroAssembler::branchAddPtr):
+ (JSC::MacroAssembler::branchSubPtr):
+ (JSC::MacroAssembler::branchTest8):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::branch8):
+ (JSC::MacroAssemblerARM::branch32):
+ (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerARM::branch16):
+ (JSC::MacroAssemblerARM::branchTest8):
+ (JSC::MacroAssemblerARM::branchTest32):
+ (JSC::MacroAssemblerARM::branchAdd32):
+ (JSC::MacroAssemblerARM::branchMul32):
+ (JSC::MacroAssemblerARM::branchSub32):
+ (JSC::MacroAssemblerARM::branchNeg32):
+ (JSC::MacroAssemblerARM::branchOr32):
+ (JSC::MacroAssemblerARM::compare32):
+ (JSC::MacroAssemblerARM::test32):
+ (JSC::MacroAssemblerARM::test8):
+ (JSC::MacroAssemblerARM::branchPtrWithPatch):
+ (JSC::MacroAssemblerARM::ARMCondition):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::branch32):
+ (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerARMv7::branch16):
+ (JSC::MacroAssemblerARMv7::branch8):
+ (JSC::MacroAssemblerARMv7::branchTest32):
+ (JSC::MacroAssemblerARMv7::branchTest8):
+ (JSC::MacroAssemblerARMv7::branchAdd32):
+ (JSC::MacroAssemblerARMv7::branchMul32):
+ (JSC::MacroAssemblerARMv7::branchOr32):
+ (JSC::MacroAssemblerARMv7::branchSub32):
+ (JSC::MacroAssemblerARMv7::compare32):
+ (JSC::MacroAssemblerARMv7::test32):
+ (JSC::MacroAssemblerARMv7::test8):
+ (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+ (JSC::MacroAssemblerARMv7::armV7Condition):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::branch8):
+ (JSC::MacroAssemblerMIPS::branch32):
+ (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerMIPS::branch16):
+ (JSC::MacroAssemblerMIPS::branchTest32):
+ (JSC::MacroAssemblerMIPS::branchTest8):
+ (JSC::MacroAssemblerMIPS::branchAdd32):
+ (JSC::MacroAssemblerMIPS::branchMul32):
+ (JSC::MacroAssemblerMIPS::branchSub32):
+ (JSC::MacroAssemblerMIPS::branchOr32):
+ (JSC::MacroAssemblerMIPS::compare32):
+ (JSC::MacroAssemblerMIPS::test8):
+ (JSC::MacroAssemblerMIPS::test32):
+ (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::branch32):
+ (JSC::MacroAssemblerX86::branchPtrWithPatch):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branch8):
+ (JSC::MacroAssemblerX86Common::branch32):
+ (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerX86Common::branch16):
+ (JSC::MacroAssemblerX86Common::branchTest32):
+ (JSC::MacroAssemblerX86Common::branchTest8):
+ (JSC::MacroAssemblerX86Common::branchAdd32):
+ (JSC::MacroAssemblerX86Common::branchMul32):
+ (JSC::MacroAssemblerX86Common::branchSub32):
+ (JSC::MacroAssemblerX86Common::branchNeg32):
+ (JSC::MacroAssemblerX86Common::branchOr32):
+ (JSC::MacroAssemblerX86Common::compare32):
+ (JSC::MacroAssemblerX86Common::test8):
+ (JSC::MacroAssemblerX86Common::test32):
+ (JSC::MacroAssemblerX86Common::x86Condition):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::comparePtr):
+ (JSC::MacroAssemblerX86_64::branchPtr):
+ (JSC::MacroAssemblerX86_64::branchTestPtr):
+ (JSC::MacroAssemblerX86_64::branchAddPtr):
+ (JSC::MacroAssemblerX86_64::branchSubPtr):
+ (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
+ (JSC::MacroAssemblerX86_64::branchTest8):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_eq):
+ (JSC::JIT::emit_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_eq):
+ (JSC::JIT::emit_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+
+2011-04-20 Balazs Kelemen <kbalazs@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Cleanup includepath adjustment for generated files
+ https://bugs.webkit.org/show_bug.cgi?id=58869
+
+ * JavaScriptCore.pri: Add the directory of generated files to the include
+ path with absolute path to make it valid in the final build step.
+
+2011-04-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove unneeded deprecated methods from MarkStack
+ https://bugs.webkit.org/show_bug.cgi?id=58853
+
+ Remove deprecated methods
+
+ * heap/MarkStack.h:
+
+2011-04-19 Mark Rowe <mrowe@apple.com>
+
+ Things work best when the Xcode project refers to the file at a path that exists.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-04-19 Renata Hodovan <reni@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Move the alignment related macros in Vector.h to new Alignment.h.
+ https://bugs.webkit.org/show_bug.cgi?id=56000
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/Alignment.h: Added.
+ * wtf/CMakeLists.txt:
+ * wtf/Vector.h:
+
+2011-04-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove DeprecatedPtr
+ https://bugs.webkit.org/show_bug.cgi?id=58718
+
+ Remove the class an all functions that still exist to support it.
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+
+2011-04-19 Jungshik Shin <jshin@chromium.org>
+
+ Reviewed by David Levin
+
+ Add U+FEFF (Zero width no-break space) to CharacterNames.h.
+ It's added to the list of characters to treat as zero-width
+ in WebCore.
+
+ https://bugs.webkit.org/show_bug.cgi?id=48860
+
+ * wtf/unicode/CharacterNames.h:
+
+2011-04-19 Csaba Osztrogonác <ossy@webkit.org>
+
+ [Qt] REGRESSION(84176): http/tests/xmlhttprequest/event-listener-gc.html fails
+ https://bugs.webkit.org/show_bug.cgi?id=58871
+
+ Unreviewed, rolling out r84176, r84178, r84186, r84212 and r84231.
+ http://trac.webkit.org/changeset/84176 (original patch)
+ http://trac.webkit.org/changeset/84178 (original patch - part 2)
+ http://trac.webkit.org/changeset/84186 (build fix)
+ http://trac.webkit.org/changeset/84212
+ http://trac.webkit.org/changeset/84231 (skip failing test)
+
+ original bugs:
+ - https://bugs.webkit.org/show_bug.cgi?id=58718
+ - https://bugs.webkit.org/show_bug.cgi?id=58853
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::deprecatedAppendValues):
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::deprecatedAppend):
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+ (JSC::DeprecatedPtr::DeprecatedPtr):
+ (JSC::DeprecatedPtr::get):
+ (JSC::DeprecatedPtr::operator*):
+ (JSC::DeprecatedPtr::operator->):
+ (JSC::DeprecatedPtr::slot):
+ (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
+ (JSC::DeprecatedPtr::operator!):
+ (JSC::operator==):
+
+2011-04-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove unneeded deprecated methods from MarkStack
+ https://bugs.webkit.org/show_bug.cgi?id=58853
+
+ Remove deprecated methods
+
+ * heap/MarkStack.h:
+
+2011-04-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Off by one initialising repeat callframe
+ https://bugs.webkit.org/show_bug.cgi?id=58838
+ <rdar://problem/8756810>
+
+ If the end of a callframe made for a repeat call landed on
+ a page boundary the following page may not have been committed
+ which means that the off by one could lead to a crash. However
+ it could only happen in this case and only on windows which is
+ why it was so hard to repro. Alas given the steps needed to
+ reproduce are such that it's not really possible to make a
+ testcase.
+
+ This fix makes the code a little less squirrely by not trying
+ to avoid the unnecessary initialisation of |this|.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::prepareForRepeatCall):
+
+2011-04-18 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 58829 - DFG JIT - Optimize add/sub immediate, multiply.
+
+ Add code generation for add/subtract instruction with immediate operands
+ (where a child is a constant), and don't bail to non-speculative if an
+ integer multiple results in a +0 result (only if it should be generating -0).
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isDoubleConstantWithInt32Value):
+
+2011-04-18 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 58817 - DFG JIT - if speculative compilation fails, throw away code.
+
+ If we detect a logical conflict, throw away generated code,
+ and only compile through the NonSpeculativeJIT.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::rewindToLabel):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::rewindToOffset):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branchAdd32):
+ (JSC::MacroAssemblerX86Common::branchSub32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::rewindToLabel):
+ (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkSpeculationChecks):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
+
+2011-04-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove DeprecatedPtr
+ https://bugs.webkit.org/show_bug.cgi?id=58718
+
+ As simple as it sounds.
+
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+
+2011-04-17 Cameron Zwarich <zwarich@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ JSC no longer builds with Clang due to -Woverloaded-virtual warning
+ https://bugs.webkit.org/show_bug.cgi?id=58760
+
+ Rename Structure's specificValue overload of put to putSpecificValue to avoid
+ Clang's warning for overloading a virtual function.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::putSpecificValue):
+ * runtime/Structure.h:
+
+2011-04-17 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Remove WTF_PLATFORM_SGL
+ https://bugs.webkit.org/show_bug.cgi?id=58743
+
+ WTF_PLATFORM_SGL and PLATFORM(SGL) are not used in the code anywhere.
+
+ * wtf/Platform.h:
+
+2011-04-17 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Rename PLATFORM(CA) to USE(CA)
+ https://bugs.webkit.org/show_bug.cgi?id=58742
+
+ * wtf/Platform.h:
+
+2011-04-17 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Rename PLATFORM(CG) to USE(CG)
+ https://bugs.webkit.org/show_bug.cgi?id=58729
+
+ * wtf/Platform.h:
+
+2011-04-16 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Rename PLATFORM(CAIRO) to USE(CAIRO)
+ https://bugs.webkit.org/show_bug.cgi?id=55192
+
+ * wtf/Platform.h:
+ * wtf/gobject/GTypedefs.h:
+
+2011-04-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84067.
+ http://trac.webkit.org/changeset/84067
+ https://bugs.webkit.org/show_bug.cgi?id=58724
+
+ qt build are failing. (Requested by loislo2 on #webkit).
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+ (JSC::DeprecatedPtr::DeprecatedPtr):
+ (JSC::DeprecatedPtr::get):
+ (JSC::DeprecatedPtr::operator*):
+ (JSC::DeprecatedPtr::operator->):
+ (JSC::DeprecatedPtr::slot):
+ (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
+ (JSC::DeprecatedPtr::operator!):
+ (JSC::operator==):
+
+2011-04-15 Shishir Agrawal <shishir@chromium.org>
+
+ Reviewed by James Robinson.
+
+ Add a flag to guard Page Visibility API changes.
+ https://bugs.webkit.org/show_bug.cgi?id=58464
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Errrk! - build fix from !x86-64.
+
+ * dfg/DFGNode.h:
+
+2011-04-15 David Levin <levin@chromium.org>
+
+ Revert of r83974.
+
+ JavaScriptCore shouldn't depend on ../ThirdParty/gtest/xcode/gtest.xcodeproj
+ https://bugs.webkit.org/show_bug.cgi?id=58716
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/tests/RunAllWtfTests.cpp: Removed.
+ * wtf/tests/StringTests.cpp: Removed.
+
+2011-04-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove DeprecatedPtr
+ https://bugs.webkit.org/show_bug.cgi?id=58718
+
+ As simple as it sounds.
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Add a simple tool to gather statistics on whether functions
+ are completed through the new or old JIT.
+
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-04-15 Oliver Hunt <oliver@apple.com>
+
+ GC allocate Structure
+ https://bugs.webkit.org/show_bug.cgi?id=58483
+
+ Rolling r83894 r83827 r83810 r83809 r83808 back in with
+ a workaround for the gcc bug seen by the gtk bots
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::createStructure):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::createStructure):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+ * API/JSContextRef.cpp:
+ * JavaScriptCore.JSVALUE32_64only.exp:
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::markStructures):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::MethodCallLinkInfo::setSeen):
+ (JSC::GlobalResolveInfo::GlobalResolveInfo):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ (JSC::PolymorphicAccessStructureList::markAggregate):
+ (JSC::Instruction::Instruction):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::markAggregate):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdSelf):
+ (JSC::StructureStubInfo::initGetByIdProto):
+ (JSC::StructureStubInfo::initGetByIdChain):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ (JSC::StructureStubInfo::initPutByIdReplace):
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::createStructure):
+ * heap/Handle.h:
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::markChildren):
+ (JSC::MarkStack::drain):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::sweep):
+ * heap/Strong.h:
+ (JSC::Strong::Strong):
+ (JSC::Strong::set):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::resolveGlobal):
+ (JSC::Interpreter::resolveGlobalDynamic):
+ (JSC::Interpreter::tryCachePutByID):
+ (JSC::Interpreter::uncachePutByID):
+ (JSC::Interpreter::tryCacheGetByID):
+ (JSC::Interpreter::uncacheGetByID):
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::patchMethodCallProto):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::patchMethodCallProto):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::getPolymorphicAccessStructureListSlot):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
+ * jsc.cpp:
+ (cleanupGlobalData):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createStructure):
+ (JSC::Arguments::Arguments):
+ (JSC::JSActivation::copyRegisters):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::constructArrayWithSizeQuirk):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ (JSC::arrayProtoFuncSplice):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::createStructure):
+ * runtime/BatchedTransitionOptimizer.h:
+ (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::createStructure):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::createStructure):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::createStructure):
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ * runtime/ErrorConstructor.h:
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ (JSC::ErrorInstance::create):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::createStructure):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::createStructure):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::GetterSetter):
+ (JSC::GetterSetter::createStructure):
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::createStructure):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ * runtime/JSArray.h:
+ (JSC::JSArray::createStructure):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::JSByteArray):
+ (JSC::JSByteArray::createStructure):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSCell.cpp:
+ (JSC::isZombie):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::JSCell):
+ (JSC::JSCell::JSCell::addressOfStructure):
+ (JSC::JSCell::JSCell::structure):
+ (JSC::JSCell::JSCell::markChildren):
+ (JSC::JSCell::JSValue::isZombie):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ (JSC::JSGlobalData::createLeaked):
+ * runtime/JSGlobalData.h:
+ (JSC::allocateGlobalHandle):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::markChildren):
+ (JSC::JSGlobalObject::copyGlobalsFrom):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::createStructure):
+ (JSC::Structure::prototypeChain):
+ (JSC::Structure::isValid):
+ (JSC::constructEmptyArray):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::JSNotAnObject):
+ (JSC::JSNotAnObject::createStructure):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ (JSC::JSObject::seal):
+ (JSC::JSObject::freeze):
+ (JSC::JSObject::preventExtensions):
+ (JSC::JSObject::removeDirect):
+ (JSC::JSObject::createInheritorID):
+ * runtime/JSObject.h:
+ (JSC::JSObject::createStructure):
+ (JSC::JSObject::JSObject):
+ (JSC::JSNonFinalObject::createStructure):
+ (JSC::JSNonFinalObject::JSNonFinalObject):
+ (JSC::JSFinalObject::create):
+ (JSC::JSFinalObject::createStructure):
+ (JSC::JSFinalObject::JSFinalObject):
+ (JSC::constructEmptyObject):
+ (JSC::createEmptyObjectStructure):
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::setPrototype):
+ (JSC::JSObject::setStructure):
+ (JSC::JSObject::inheritorID):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::markChildrenDirect):
+ * runtime/JSObjectWithGlobalObject.cpp:
+ (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+ * runtime/JSObjectWithGlobalObject.h:
+ (JSC::JSObjectWithGlobalObject::createStructure):
+ (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+ (JSC::JSPropertyNameIterator::create):
+ (JSC::JSPropertyNameIterator::get):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ (JSC::JSPropertyNameIterator::setCachedStructure):
+ (JSC::Structure::setEnumerationCache):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ (JSC::JSStaticScopeObject::createStructure):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ * runtime/JSValue.h:
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::createStructure):
+ (JSC::JSVariableObject::JSVariableObject):
+ (JSC::JSVariableObject::copyRegisterArray):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::createStructure):
+ (JSC::JSWrapperObject::JSWrapperObject):
+ * runtime/JSZombie.cpp:
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::JSZombie):
+ (JSC::JSZombie::createStructure):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ * runtime/MathObject.h:
+ (JSC::MathObject::createStructure):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ (JSC::NativeErrorConstructor::markChildren):
+ (JSC::constructWithNativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::createStructure):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::createStructure):
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ * runtime/ObjectPrototype.h:
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::PropertyTable):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::createStructure):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::createStructure):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/RegExpPrototype.h:
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::StrictEvalActivation):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ * runtime/StringObject.h:
+ (JSC::StringObject::createStructure):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::createStructure):
+ * runtime/Structure.cpp:
+ (JSC::StructureTransitionTable::remove):
+ (JSC::StructureTransitionTable::add):
+ (JSC::Structure::Structure):
+ (JSC::Structure::~Structure):
+ (JSC::Structure::materializePropertyMap):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::removePropertyTransition):
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::toCacheableDictionaryTransition):
+ (JSC::Structure::toUncacheableDictionaryTransition):
+ (JSC::Structure::sealTransition):
+ (JSC::Structure::freezeTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::flattenDictionaryStructure):
+ (JSC::Structure::copyPropertyTable):
+ (JSC::Structure::put):
+ (JSC::Structure::markChildren):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::setPrototypeWithoutTransition):
+ (JSC::Structure::createStructure):
+ (JSC::JSCell::createDummyStructure):
+ (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ (JSC::StructureChain::markChildren):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ (JSC::StructureChain::head):
+ (JSC::StructureChain::createStructure):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
+ (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
+ (JSC::StructureTransitionTable::~StructureTransitionTable):
+ (JSC::StructureTransitionTable::slot):
+ (JSC::StructureTransitionTable::setMap):
+ (JSC::StructureTransitionTable::singleTransition):
+ (JSC::StructureTransitionTable::clearSingleTransition):
+ (JSC::StructureTransitionTable::setSingleTransition):
+ * runtime/WeakGCMap.h:
+ (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
+ (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
+ (JSC::WeakGCMap::contains):
+ (JSC::WeakGCMap::find):
+ (JSC::WeakGCMap::remove):
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ (JSC::WeakGCMap::finalize):
+ * runtime/WriteBarrier.h:
+ (JSC::writeBarrier):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
+2011-04-15 Fridrich Strba <fridrich.strba@bluewin.ch>
+
+ Reviewed by Gavin Barraclough.
+
+ Correctly prefix symbols. Since gcc 4.5.0, Windows x64 symbols
+ are not prefixed by underscore anymore. This is consistent with
+ what MSVC does.
+ https://bugs.webkit.org/show_bug.cgi?id=58573
+
+ * jit/JITStubs.cpp:
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 58705 - DFG JIT Add support for flow control (branch, jump).
+
+ Add support for control flow by breaking the CodeBlock up into multiple
+ basic blocks, generating code for each basic block in turn through the
+ speculative JIT & then the non-speculative JIT.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::setTemporary):
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::BasicBlock::getBytecodeOffset):
+ (JSC::DFG::Graph::blockIndexForBytecodeOffset):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+ (JSC::DFG::JITCodeGenerator::addBranch):
+ (JSC::DFG::JITCodeGenerator::linkBranches):
+ (JSC::DFG::JITCodeGenerator::BranchRecord::BranchRecord):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::isJump):
+ (JSC::DFG::Node::isBranch):
+ (JSC::DFG::Node::takenBytecodeOffset):
+ (JSC::DFG::Node::notTakenBytecodeOffset):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 58701 - DFG JIT - add GetLocal/SetLocal nodes
+
+ Use these for both access to arguments & local variables, adds ability
+ to set locals, such that values will persist between basic blocks.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::getThis):
+ (JSC::DFG::ByteCodeParser::setThis):
+ (JSC::DFG::ByteCodeParser::VariableRecord::VariableRecord):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::derefChildren):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::ref):
+ (JSC::DFG::Graph::deref):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasLocal):
+ (JSC::DFG::Node::local):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 58696 - DFG JIT split handling of vars/temporaries
+
+ Presently all callee registers are treated as having single block scope,
+ since the DFG JIT can only compile single block functions. In order to
+ expand the JIT to support control flow we will need to change to retaining
+ locals (but not temporaries) across basic block boundaries.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getTemporary):
+ (JSC::DFG::ByteCodeParser::setTemporary):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::getInt32Constant):
+ (JSC::DFG::ByteCodeParser::getDoubleConstant):
+ (JSC::DFG::ByteCodeParser::getJSConstant):
+ (JSC::DFG::ByteCodeParser::constantUndefined):
+ (JSC::DFG::ByteCodeParser::constantNull):
+ (JSC::DFG::ByteCodeParser::one):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ (JSC::DFG::parse):
+ * dfg/DFGNode.h:
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::ScoreBoard):
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::allocate):
+ (JSC::DFG::ScoreBoard::use):
+
+2011-04-15 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ globalObject moved to JSObjectWithGlobalObject.cpp inhibits inlining
+ https://bugs.webkit.org/show_bug.cgi?id=58677
+
+ Moved JSObjectWithGlobalObject::globalObject() to
+ runtime/JSObjectWithGlobalObject.h to allow the compiler to inline
+ it for a performance benefit. An equivalent instance had been in
+ a header file before r60057.
+
+ * JavaScriptCore.exp:
+ * runtime/JSObjectWithGlobalObject.cpp:
+ * runtime/JSObjectWithGlobalObject.h:
+ (JSC::JSObjectWithGlobalObject::globalObject):
+
+2011-04-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make JSNodeFilterCondition handle its lifetime correctly
+ https://bugs.webkit.org/show_bug.cgi?id=58622
+
+ Add export
+
+ * JavaScriptCore.exp:
+
+2011-04-14 Alexey Proskuryakov <ap@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ WebKit2: Password field input does not switch to ASCII-compatible source
+ https://bugs.webkit.org/show_bug.cgi?id=58583
+ <rdar://problem/9059651>
+
+ * wtf/Platform.h: Removed WTF_USE_CARBON_SECURE_INPUT_MODE. It's now only used by Chromium,
+ and shouldn't be enabled on any other platforms, so there is no reason to make it
+ configurable via Platform.h.
+
+2011-04-15 Dmitry Lomov <dslomov@google.com>
+
+ Reviewed by David Levin.
+
+ Add a sample test case for GTest framework
+ https://bugs.webkit.org/show_bug.cgi?id=58509
+
+ Add an example of GTest testcase, complete with a runner, to JavaScriptCore.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/tests/RunAllWtfTests.cpp: Added.
+ (main):
+ * wtf/tests/StringTests.cpp: Added.
+
+2011-04-15 Anna Cavender <annacc@chromium.org>
+
+ Reviewed by Eric Carlson.
+
+ Renaming TRACK feature define to VIDEO_TRACK
+ https://bugs.webkit.org/show_bug.cgi?id=53556
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-14 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoffrey Garen.
+
+ Hide DFG_JIT_RESTRICTIONS behind ARITHMETIC_OP() macro, and rename
+ m_regressionGuard to m_parseFailed, such that it can be reused for
+ other failure cases.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parse):
+
+2011-04-14 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Bug 58620 - DFG JIT - loading of arguments should not be lazy
+
+ This optimization is overly simplistic. It only works because we never
+ write out definitions to arguments (since we currently only compile
+ single block functions). Revert this for now, we may want to reintroduce
+ something like this again in the future, but it will need to be aware
+ how to schedule definitions to arguments versus lazy loads that have not
+ yet been performed.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::needsSpill):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::initConstantInfo):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
+ (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-14 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Bug 58600 - DFG JIT bugs in ValueToInt, PutByVal
+
+ The bug in PutByVal is that an operand is in JSValueOperand - when this
+ locks an integer into a register it will always retag the value without
+ checking if the register is already locked. This is a problem where the
+ value being stored by a PutByVal is the same as the subscript.
+ The subscript is locked into a register first, as a strict integer.
+ Locking the value results in the subscript being modified.
+
+ The bug in ValueToInt related to the function of sillentFillAllRegisters.
+ The problem is that this method will restore all register values from
+ prior to the call, overwriting the result of the call out. Allow a
+ register to be passed to specifically be excluded from being preserved.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::debugOffset):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::debugOffset):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::debugOffset):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::debugAddress):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::debugOffset):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::orPtr):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::debugOffset):
+ (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGenerationInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::isConstant):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isConstant):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::numberToInt32):
+ (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
+ (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
+ (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
+ (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
+ (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
+ (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Drain the mark stack while marking weak handles, not after.
+ https://bugs.webkit.org/show_bug.cgi?id=58574
+
+ Otherwise, items that would have caused more weak handle marking are
+ processed after all weak handle marking has finished, and referenced
+ weak handles get recycled.
+
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::markWeakHandles): Removed looping from here, since we
+ want Heap::markRoots to be responsible for draining the mark stack.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots): Moved looping to here, as explained above.
+
+ For efficiency's sake, drain the mark stack before starting to mark weak
+ handles. Otherwise, items drained while marking weak handles may force
+ an extra trip through the weak handle list.
+
+ For correctness's sake, drain the mark stack each time through the weak
+ handle list. Otherwise, opaque roots that would make weak handles reachable
+ are not discovered until after weak handle marking is over.
+
+2011-04-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make protected object list in caches window reflect reality
+ https://bugs.webkit.org/show_bug.cgi?id=58565
+
+ Make sure the heap includes objects protected by Strong handles
+ in its list of protected objects.
+
+ * heap/HandleHeap.h:
+ * heap/Heap.cpp:
+ (JSC::HandleHeap::protectedObjectTypeCounts):
+
+2011-04-14 Satish Sampath <satish@chromium.org>
+
+ Reviewed by Anders Carlsson.
+
+ Don't emit RegExp tables for chromium where they are not used
+ https://bugs.webkit.org/show_bug.cgi?id=58544
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * create_regex_tables: Added the "--notables" command line argument.
+
+2011-04-13 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix ASSERTs seen on Windows bots.
+
+ * wtf/HashTable.h:
+ (WTF::hashTableSwap): Force MSVC to use the right version of swap.
+
+2011-04-13 Ryuan Choi <ryuan.choi@samsung.com>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [CMAKE] Separate DerivedSources.
+ https://bugs.webkit.org/show_bug.cgi?id=58427
+
+ * CMakeLists.txt: Change DERIVED_SOURCES_DIR to DERIVED_SOURCES_JAVASCRIPTCORE_DIR.
+
+2011-04-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Switched DOM wrappers to use HashMap of Weak<T> instead of WeakGCMap<T>
+ https://bugs.webkit.org/show_bug.cgi?id=58482
+
+ This will allow wrappers to make individual decisions about their lifetimes.
+
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::copyWeak): New function for copying a weak handle.
+ It's wasn't previously possible to perform this operation using HandleHeap
+ API because the HandleHeap doesn't expose its underlying Node structure.
+
+ * heap/Local.h:
+ (JSC::::set):
+ * heap/Strong.h:
+ (JSC::Strong::set): Added ASSERTs to verify that dead objects are not
+ resurrected by placement into handles.
+
+ (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
+ is efficient.
+
+ * heap/Weak.h:
+ (JSC::Weak::Weak): Fixed a bug where copying a weak pointer would not
+ copy its weak callback and context.
+
+ (JSC::Weak::operator=): Added an assignment operator, since the default
+ C++ assignment operator did the wrong thing.
+
+ (JSC::Weak::set): Added ASSERTs to verify that dead objects are not
+ resurrected by placement into handles.
+
+ (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
+ is efficient, and can be done without copying, which is illegal during
+ the handle finalization phase.
+
+2011-04-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make PropertyMapEntry use a WriteBarrier for specificValue
+ https://bugs.webkit.org/show_bug.cgi?id=58407
+
+ Make PropertyMapEntry use a WriteBarrier for specificValue, and then
+ propagate the required JSGlobalData through all the methods it ends
+ up being needed.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ * API/JSContextRef.cpp:
+ * API/JSObjectRef.cpp:
+ (JSObjectMake):
+ (JSObjectSetPrototype):
+ * JavaScriptCore.exp:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * interpreter/Interpreter.cpp:
+ (JSC::appendSourceToError):
+ (JSC::Interpreter::tryCacheGetByID):
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/BatchedTransitionOptimizer.h:
+ (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::name):
+ (JSC::InternalFunction::displayName):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::getOwnPropertySlot):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::name):
+ (JSC::JSFunction::displayName):
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::putWithAttributes):
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::resetPrototype):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ (JSC::JSObject::lookupGetter):
+ (JSC::JSObject::lookupSetter):
+ (JSC::JSObject::getPropertySpecificValue):
+ (JSC::JSObject::getOwnPropertyNames):
+ (JSC::JSObject::seal):
+ (JSC::JSObject::freeze):
+ (JSC::JSObject::preventExtensions):
+ (JSC::JSObject::removeDirect):
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getDirect):
+ (JSC::JSObject::getDirectLocation):
+ (JSC::JSObject::isSealed):
+ (JSC::JSObject::isFrozen):
+ (JSC::JSObject::setPrototypeWithCycleCheck):
+ (JSC::JSObject::setPrototype):
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::putDirectFunctionWithoutTransition):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorCreate):
+ (JSC::objectConstructorSeal):
+ (JSC::objectConstructorFreeze):
+ (JSC::objectConstructorPreventExtensions):
+ (JSC::objectConstructorIsSealed):
+ (JSC::objectConstructorIsFrozen):
+ * runtime/Operations.h:
+ (JSC::normalizePrototypeChain):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ (JSC::PropertyTable::PropertyTable):
+ (JSC::PropertyTable::copy):
+ * runtime/Structure.cpp:
+ (JSC::Structure::materializePropertyMap):
+ (JSC::Structure::despecifyDictionaryFunction):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::removePropertyTransition):
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::toCacheableDictionaryTransition):
+ (JSC::Structure::toUncacheableDictionaryTransition):
+ (JSC::Structure::sealTransition):
+ (JSC::Structure::freezeTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::isSealed):
+ (JSC::Structure::isFrozen):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::copyPropertyTable):
+ (JSC::Structure::get):
+ (JSC::Structure::despecifyFunction):
+ (JSC::Structure::despecifyAllFunctions):
+ (JSC::Structure::put):
+ (JSC::Structure::getPropertyNames):
+ * runtime/Structure.h:
+ (JSC::Structure::get):
+ (JSC::Structure::materializePropertyMapIfNecessary):
+
+2011-04-13 Paul Knight <pknight@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ BACKTRACE() macro should check for Debug configuration in macro, not WTFReportBacktrace definition
+ https://bugs.webkit.org/show_bug.cgi?id=58405
+
+ The BACKTRACE() macro requires JavaScriptCore be built with a Debug
+ configuration in order for it to be enabled. Move the NDEBUG check to
+ the header so it will be enabled when the calling framework or
+ application is built with a Debug configuration, similar to how
+ ASSERT() and friends work.
+
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+
+2011-04-12 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ https://bugs.webkit.org/show_bug.cgi?id=58131
+
+ Provide a workaround for an obscure Studio 12 compiler bug, which
+ couldn't call src->~T() on a const T *src.
+
+ * wtf/Vector.h:
+
+2011-04-12 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=58395
+ Exceptions thrown from property getters called from Array prototype functions can be missed
+
+ This is caught by an ASSERT in the top of Interpreter::executeCall.
+ Check for exceptions after accessing properties that could be getters.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ - Add exception checks.
+
+2011-04-12 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make API callback objects use weak handles to run their finalizers
+ https://bugs.webkit.org/show_bug.cgi?id=58389
+
+ Make the API object's private data struct act as a finalizer for
+ an api object if the callback object has a API defined finalizer.
+
+ * API/JSCallbackObject.cpp:
+ (JSC::JSCallbackObjectData::finalize):
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init):
+ * heap/Handle.h:
+
+2011-04-12 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Cleaned up hash traits, and added hash traits for handles
+ https://bugs.webkit.org/show_bug.cgi?id=58381
+
+ * heap/Handle.h:
+ (JSC::HandleBase::swap):
+ (JSC::Handle::Handle):
+ (JSC::Handle::swap): Implemented swap, so we can rehash efficiently, and
+ without creating new handles (which is not allowed during handle finalization).
+
+ * heap/Strong.h:
+ (JSC::Strong::swap): Use new SimpleClassHashTraits to avoid duplication.
+
+ * heap/Weak.h:
+ (JSC::Weak::isHashTableDeletedValue):
+ (JSC::Weak::Weak):
+ (JSC::Weak::swap):
+ (JSC::Weak::hashTableDeletedValue): Ditto.
+
+ * wtf/HashTraits.h:
+ (WTF::SimpleClassHashTraits::constructDeletedValue):
+ (WTF::SimpleClassHashTraits::isDeletedValue): Added SimpleClassHashTraits,
+ which are analogous to SimpleClassVectorTraits, since they are used in a
+ bunch of places.
+
+ * wtf/RetainPtr.h: Use new SimpleClassHashTraits to avoid duplication.
+
+ * wtf/text/StringHash.h: Use new SimpleClassHashTraits to avoid duplication.
+
+2011-04-12 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Cleaned up some Vector traits, and added missing Vector traits for handles
+ https://bugs.webkit.org/show_bug.cgi?id=58372
+
+ * heap/Local.h: Inherit from SimpleClassVectorTraits to avoid duplication.
+
+ * heap/Strong.h: Ditto.
+
+ * heap/Weak.h: Ditto.
+
+ * parser/JSParser.cpp: Fixed a traits error. No test case because this
+ particular trait is not currently exercised by the parser.
+
+ * runtime/UString.h: No need to override canInitializeWithMemset, since
+ our base class sets it to true.
+
+ * wtf/VectorTraits.h: Inherit from VectorTraitsBase to avoid duplication.
+
+ * wtf/text/WTFString.h: No need to override canInitializeWithMemset, since
+ our base class sets it to true.
+
+2011-04-12 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Eric Seidel.
+
+ [Qt] Enable JIT build for SH4 platforms.
+ https://bugs.webkit.org/show_bug.cgi?id=58317
+ enable JIT build for QT backend for SH4 platforms.
+
+ * JavaScriptCore.pro:
+ * wtf/Platform.h:
+
+2011-04-11 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ https://bugs.webkit.org/show_bug.cgi?id=58289
+
+ Fix compilation on Solaris/Studio 12 C++ in wtf/FastMalloc.cpp,
+ WTF::TCMalloc_PageHeap::runScavengerThread(void*) expected to return a value.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::runScavengerThread):
+
+2011-04-11 Mark Rowe <mrowe@apple.com>
+
+ Fix the build.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Headers used outside of JavaScriptCore need to be marked as private.
+
+2011-04-11 Anna Cavender <annacc@chromium.org>
+
+ Reviewed by Eric Carlson.
+
+ Setup ENABLE(TRACK) feature define
+ https://bugs.webkit.org/show_bug.cgi?id=53556
+
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-11 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix a few builds.
+
+ Updated a few more build configurations for file moves.
+
+ * CMakeListsWinCE.txt:
+
+2011-04-11 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 58263 - Use EncodedValueDescriptor on both JSVALUE32_64, JSVALUE64
+
+ The JSJITInterface already uses EncodedValueDescriptor to access the tag/payload
+ separately on JSVALUE64, even though EncodedValueDescriptor is not used in
+ JSVALUE64's implementation of JSValue. Remove the separate definition for m_ptr
+ on X86_64. Using the union allows us to remove a layer of makeImmediate()/
+ immedaiteValue() methods.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitTagAsBoolImmediate):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ (JSC::JIT::emitSlow_op_not):
+ * runtime/JSCell.h:
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::encode):
+ (JSC::JSValue::decode):
+ (JSC::JSValue::operator==):
+ (JSC::JSValue::operator!=):
+ (JSC::JSValue::JSValue):
+ (JSC::JSValue::operator bool):
+ (JSC::JSValue::asInt32):
+ (JSC::JSValue::isUndefinedOrNull):
+ (JSC::JSValue::isBoolean):
+ (JSC::JSValue::isCell):
+ (JSC::JSValue::isInt32):
+ (JSC::JSValue::asDouble):
+ (JSC::JSValue::isNumber):
+ (JSC::JSValue::asCell):
+
+2011-04-11 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix a few builds.
+
+ Updated a few more build configurations for file moves.
+
+ * CMakeListsEfl.txt:
+ * wscript:
+
+2011-04-11 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Updated a file name.
+
+ * CMakeLists.txt:
+
+2011-04-11 Geoffrey Garen <ggaren@apple.com>
+
+ Rubber-stamped by Sam Weinig.
+
+ Moved remaining heap implementation files to the heap folder.
+
+ * Android.mk:
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/ConservativeRoots.cpp: Copied from runtime/ConservativeSet.cpp.
+ * heap/ConservativeRoots.h: Copied from runtime/ConservativeSet.h.
+ * heap/Handle.h:
+ * heap/Heap.cpp:
+ * heap/MachineStackMarker.cpp: Copied from runtime/MachineStackMarker.cpp.
+ * heap/MachineStackMarker.h: Copied from runtime/MachineStackMarker.h.
+ * heap/MarkStack.cpp: Copied from runtime/MarkStack.cpp.
+ * heap/MarkStack.h: Copied from runtime/MarkStack.h.
+ * heap/MarkStackPosix.cpp: Copied from runtime/MarkStackPosix.cpp.
+ * heap/MarkStackSymbian.cpp: Copied from runtime/MarkStackSymbian.cpp.
+ * heap/MarkStackWin.cpp: Copied from runtime/MarkStackWin.cpp.
+ * heap/MarkedBlock.cpp: Copied from runtime/MarkedBlock.cpp.
+ * heap/MarkedBlock.h: Copied from runtime/MarkedBlock.h.
+ * heap/MarkedSpace.cpp: Copied from runtime/MarkedSpace.cpp.
+ * heap/MarkedSpace.h: Copied from runtime/MarkedSpace.h.
+ * interpreter/RegisterFile.cpp:
+ * runtime/ConservativeSet.cpp: Removed.
+ * runtime/ConservativeSet.h: Removed.
+ * runtime/MachineStackMarker.cpp: Removed.
+ * runtime/MachineStackMarker.h: Removed.
+ * runtime/MarkStack.cpp: Removed.
+ * runtime/MarkStack.h: Removed.
+ * runtime/MarkStackPosix.cpp: Removed.
+ * runtime/MarkStackSymbian.cpp: Removed.
+ * runtime/MarkStackWin.cpp: Removed.
+ * runtime/MarkedBlock.cpp: Removed.
+ * runtime/MarkedBlock.h: Removed.
+ * runtime/MarkedSpace.cpp: Removed.
+ * runtime/MarkedSpace.h: Removed.
+
+2011-04-11 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-04-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 58198 - Clean up JSValue implementation for JSVALUE64
+
+ Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64
+
+ JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64,
+ which should not have been here. JSImmediate mostly contained uncalled methods,
+ along with the internal implementation of the JSValue constructors split unnecessarily
+ across a number of layers of function calls. These could largely be merged back
+ together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified.
+
+ The .cpp files were empty.
+
+ Moving all these methods into JSValue.h seems to be a repro measurable regression, so
+ I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag
+ values as static const members of JSValue also measures as a repro regression, so I
+ have made these #defines.
+
+ * Android.mk:
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitLoad):
+ - Removed class JSImmediate.
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ - Removed class JSImmediate.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Removed class JSImmediate.
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::compileBinaryArithOpSlowCase):
+ - Removed class JSImmediate.
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitJumpIfJSCell):
+ (JSC::JIT::emitJumpIfNotJSCell):
+ (JSC::JIT::emitJumpIfImmediateInteger):
+ (JSC::JIT::emitJumpIfNotImmediateInteger):
+ (JSC::JIT::emitFastArithDeTagImmediate):
+ (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+ (JSC::JIT::emitFastArithReTagImmediate):
+ (JSC::JIT::emitTagAsBoolImmediate):
+ - Removed class JSImmediate.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ (JSC::JIT::emitSlow_op_not):
+ - Removed class JSImmediate.
+ * jit/JSInterfaceJIT.h:
+ - Removed class JSImmediate.
+ * runtime/JSCell.h:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * runtime/JSImmediate.cpp: Removed.
+ * runtime/JSImmediate.h: Removed.
+ * runtime/JSNumberCell.cpp: Removed.
+ * runtime/JSNumberCell.h: Removed.
+ - Removed.
+ * runtime/JSObject.h:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * runtime/JSString.h:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * runtime/JSValue.h:
+ - Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64.
+ * runtime/JSValueInlineMethods.h: Added.
+ (JSC::JSValue::toInt32):
+ (JSC::JSValue::toUInt32):
+ (JSC::JSValue::isUInt32):
+ (JSC::JSValue::asUInt32):
+ (JSC::JSValue::uncheckedGetNumber):
+ (JSC::JSValue::toJSNumber):
+ (JSC::jsNaN):
+ (JSC::JSValue::getNumber):
+ (JSC::JSValue::getBoolean):
+ (JSC::JSValue::JSValue):
+ (JSC::JSValue::encode):
+ (JSC::JSValue::decode):
+ (JSC::JSValue::operator bool):
+ (JSC::JSValue::operator==):
+ (JSC::JSValue::operator!=):
+ (JSC::JSValue::isUndefined):
+ (JSC::JSValue::isNull):
+ (JSC::JSValue::isUndefinedOrNull):
+ (JSC::JSValue::isCell):
+ (JSC::JSValue::isInt32):
+ (JSC::JSValue::isDouble):
+ (JSC::JSValue::isTrue):
+ (JSC::JSValue::isFalse):
+ (JSC::JSValue::tag):
+ (JSC::JSValue::payload):
+ (JSC::JSValue::asInt32):
+ (JSC::JSValue::asDouble):
+ (JSC::JSValue::asCell):
+ (JSC::JSValue::isNumber):
+ (JSC::JSValue::isBoolean):
+ (JSC::JSValue::makeImmediate):
+ (JSC::JSValue::immediateValue):
+ (JSC::reinterpretDoubleToIntptr):
+ (JSC::reinterpretIntptrToDouble):
+ - Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h.
+ * runtime/Operations.h:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * wtf/StdLibExtras.h:
+ - Export bitwise_cast.
+
+2011-04-11 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Oliver Hunt.
+
+ SH4 JIT SUPPORT.
+ https://bugs.webkit.org/show_bug.cgi?id=44329
+
+ Add JIT remaining part for SH4 platforms.
+
+ * assembler/MacroAssemblerSH4.h:
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITPropertyAccess32_64.cpp:
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+ * jit/JSInterfaceJIT.h:
+
+2011-04-10 Geoffrey Garen <ggaren@apple.com>
+
+ Rubber-stamped by Beth Dakin.
+
+ Moved Heap.h and Heap.cpp to the heap folder, because anything less
+ would be uncivilized.
+
+ * Android.mk:
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp: Copied from JavaScriptCore/runtime/Heap.cpp.
+ * heap/Heap.h: Copied from JavaScriptCore/runtime/Heap.h.
+ * runtime/Heap.cpp: Removed.
+ * runtime/Heap.h: Removed.
+
+2011-04-10 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Remove duplicated code from AtomicString::fromUTF8()
+ https://bugs.webkit.org/show_bug.cgi?id=53711
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/AtomicString.cpp:
+ (WTF::AtomicString::fromUTF8Internal):
+ * wtf/text/AtomicString.h:
+ (WTF::AtomicString::fromUTF8):
+ * wtf/unicode/UTF8.cpp:
+ (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
+ * wtf/unicode/UTF8.h:
+
+2011-04-10 Maciej Stachowiak <mjs@apple.com>
+
+ Not reviewed.
+
+ Fix build (at least on Lion) by adding some newish header files to
+ PrivateHeaders.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-04-09 Geoffrey Garen <ggaren@apple.com>
+
+ Not reviewed.
+
+ Try recommitting some things svn left out of its last commit.
+
+ * heap/Handle.h:
+ (JSC::HandleBase::operator!):
+ (JSC::HandleBase::HandleBase):
+ (JSC::HandleBase::slot):
+ (JSC::HandleBase::setSlot):
+ (JSC::Handle::Handle):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::markWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::isValidWeakNode):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::globalData):
+
+2011-04-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A few heap-related renames and file moves.
+
+ WeakGCPtr<T> => Weak<T>
+ Global<T> => Strong<T>
+ collector/ => heap/
+ collector/* => heap/*
+ runtime/WeakGCPtr.h => heap/Weak.h
+
+ (Eventually, even more files should move into the heap directory. Like
+ Heap.h and Heap.cpp, for example.)
+
+ * API/JSClassRef.h:
+ * CMakeLists.txt:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pri:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/SamplingTool.h:
+ * bytecompiler/BytecodeGenerator.h:
+ * collector: Removed.
+ * collector/handles: Removed.
+ * collector/handles/Global.h: Removed.
+ * collector/handles/Handle.h: Removed.
+ * collector/handles/HandleHeap.cpp: Removed.
+ * collector/handles/HandleHeap.h: Removed.
+ * collector/handles/HandleStack.cpp: Removed.
+ * collector/handles/HandleStack.h: Removed.
+ * collector/handles/Local.h: Removed.
+ * collector/handles/LocalScope.h: Removed.
+ * heap: Copied from collector.
+ * heap/Handle.h: Copied from collector/handles/Handle.h.
+ * heap/HandleHeap.cpp: Copied from collector/handles/HandleHeap.cpp.
+ * heap/HandleHeap.h: Copied from collector/handles/HandleHeap.h.
+ * heap/HandleStack.cpp: Copied from collector/handles/HandleStack.cpp.
+ * heap/HandleStack.h: Copied from collector/handles/HandleStack.h.
+ * heap/Local.h: Copied from collector/handles/Local.h.
+ * heap/LocalScope.h: Copied from collector/handles/LocalScope.h.
+ * heap/Strong.h: Copied from collector/handles/Global.h.
+ (JSC::Strong::Strong):
+ (JSC::Strong::~Strong):
+ (JSC::Strong::operator=):
+ * heap/Weak.h: Copied from runtime/WeakGCPtr.h.
+ (JSC::Weak::Weak):
+ (JSC::Weak::~Weak):
+ * heap/handles: Removed.
+ * interpreter/RegisterFile.h:
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * runtime/Structure.h:
+ * runtime/WeakGCPtr.h: Removed.
+
+2011-04-08 Alpha Lam <hclam@chromium.org>
+
+ Unreviewed, rolling out r83335.
+ http://trac.webkit.org/changeset/83335
+ https://bugs.webkit.org/show_bug.cgi?id=53556
+
+ GTK and QT bots are broken
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-08 Gavin Barraclough <barraclough@apple.com>
+
+ Ooops, typo, build fix.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+
+2011-04-08 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 58154 - Add support for comparison operators to the DFG JIT.
+
+ Add support for <, <=, ==, ===, and also !. Add support for all corresponding
+ bytecode ops, including the not- and -null forms. Initially add functionally
+ correct support, we'll revisit the performance.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::constantNull):
+ (JSC::DFG::ByteCodeParser::parse):
+ - Add support for parsing of bytecode opcodes,
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ - Add new operation call types, return bool values.
+ * dfg/DFGNode.h:
+ - Add new node types.
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ - Add code generation for new nodes.
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationCompareLess):
+ (JSC::DFG::operationCompareLessEq):
+ (JSC::DFG::operationCompareEq):
+ (JSC::DFG::operationCompareStrictEq):
+ (JSC::DFG::dfgConvertJSValueToBoolean):
+ * dfg/DFGOperations.h:
+ - Add operation callbacks to implement new ops.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Add code generation for new nodes.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
+ * runtime/JSImmediate.h:
+ - Make tag values public, rather than relying on a friend - this matches JSVALUE32_64.
+
+2011-04-07 Anna Cavender <annacc@chromium.org>
+
+ Reviewed by Eric Carlson.
+
+ Setup ENABLE(TRACK) feature define
+ https://bugs.webkit.org/show_bug.cgi?id=53556
+
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-07 Balazs Kelemen <kbalazs@webkit.org>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [WK2][Qt][GTK] Introduce common use flag for the shared UNIX domain socket IPC implementation
+ https://bugs.webkit.org/show_bug.cgi?id=58030
+
+ * wtf/Platform.h: Introduce USE(UNIX_DOMAIN_SOCKETS) for WebKit2.
+
+2011-04-08 Adam Roben <aroben@apple.com>
+
+ Clean build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Don't try to delete directories that
+ don't exist. Also switched from del /s to rmdir /s, which has the benefit of deleting the
+ directory itself in addition to the files it contains.
+
+2011-04-07 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Some Handle<T> cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=58109
+
+ * bytecode/SamplingTool.h: Sorted alphabetically because that's the
+ WebKit style. Added a Global.h #include that was previously missing
+ but harmless.
+
+ * collector/handles/Global.h:
+ (JSC::Global::Global): Added a null constructor. No need for a special
+ tag, and the tag is incompatible with some data structures.
+
+ (JSC::Global::isHashTableDeletedValue):
+ (JSC::Global::~Global):
+ (JSC::Global::set):
+ (JSC::Global::operator=):
+ (JSC::Global::clear):
+ (JSC::Global::hashTableDeletedValue): Reordered constructors to be near
+ each other.
+
+ (JSC::Global::setWithWriteBarrier): Renamed internalSet to
+ setWithWriteBarrier for clarity, and funneled more code into using set
+ and setWithWriteBarrier to reduce duplication.
+
+ * collector/handles/Handle.h:
+ (JSC::HandleBase::operator!):
+ (JSC::HandleBase::HandleBase): Removed isEmpty(), since we already have
+ boolean and ! operators.
+
+ (JSC::HandleBase::slot):
+ (JSC::HandleBase::setSlot):
+ (JSC::Handle::Handle): Added general support for null Handles. This was
+ previously outlawed by ASSERTs, but our code has grown to support and
+ rely on null Handles.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::markWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::isValidWeakNode): Migrated from isValidWeakHandle,
+ and beefed this up a bit.
+
+ * collector/handles/HandleHeap.h:
+ (JSC::HandleHeap::globalData): Added accessor, used by some new set functions.
+
+ * collector/handles/Local.h: Moved hash traits to the bottom of the file,
+ since this file is about the Local class, not the traits.
+
+ (JSC::::Local): Updated for removal of invalidate().
+
+ (JSC::::operator): Deployed "using" to avoid a lot of this->
+ template funny business.
+
+ (JSC::::setWithSlotCheck): Renamed from internalSet, more specific now.
+
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::RegisterFile): Updated to use null constructor.
+
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::Structure::setEnumerationCache):
+ * runtime/Structure.h: Removed clearEnumerationCache
+ because it was an unused holdover from when the enumeration cache was
+ not a handle.
+
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::set): Finish initializing our handle before putting it
+ in the table. This seemed more logical, and at one point was required
+ to avoid triggering an ASSERT.
+
+ * runtime/WeakGCPtr.h: Inherit from Handle instead of rolling our own
+ handle-like behavior, to avoid duplication.
+
+ (JSC::WeakGCPtr::WeakGCPtr):
+ (JSC::WeakGCPtr::~WeakGCPtr):
+ (JSC::WeakGCPtr::get):
+ (JSC::WeakGCPtr::clear):
+ (JSC::WeakGCPtr::set):
+ (JSC::WeakGCPtr::setWithWriteBarrier): Removed duplicate code and
+ standardized on Handle idioms.
+
+2011-04-07 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Martin Robinson.
+
+ Refactor Gtk build system to separate list of files
+ https://bugs.webkit.org/show_bug.cgi?id=58090
+
+ This is the first step towards generating part of the GTK build system
+ using GYP. In the first iteration, our plan is to just generate the
+ list of files. This patch is the first step, which is to separate out
+ the part of JavaScriptCore build system that we intend to generate from
+ the rest of the build system.
+
+ * GNUmakefile.am:
+ * GNUmakefile.list.am: Added.
+
+2011-04-07 Zoltan Herczeg <zherczeg@webkit.org>
+
+ Reviewed by Gavin Barraclough.
+
+ Mapping booleans the same way as integers
+ https://bugs.webkit.org/show_bug.cgi?id=56913
+
+ Instead of having a seperate tag field for booleans,
+ the logical values are stored in the payload field
+ (for JSValue32_64 representation).
+
+ 1.007x speedup on SunSpider.
+
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitStoreBool):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emitSlow_op_jfalse):
+ (JSC::JIT::emit_op_jtrue):
+ (JSC::JIT::emitSlow_op_jtrue):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_eq):
+ (JSC::JIT::emitSlow_op_eq):
+ (JSC::JIT::emit_op_neq):
+ (JSC::JIT::emitSlow_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ * jit/JSInterfaceJIT.h:
+ * runtime/JSValue.h:
+ (JSC::JSValue::JSValue):
+ (JSC::JSValue::isTrue):
+ (JSC::JSValue::isFalse):
+ (JSC::JSValue::getBoolean):
+
+2011-04-07 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Add stub support for generating Gtk build system from gyp
+ https://bugs.webkit.org/show_bug.cgi?id=58086
+
+ This does not produce a buildable JavaScriptCore, but it
+ does allow running gyp/configure --port=gtk and having
+ it generate a gtk.Makefile which we can use for testing
+ the rest of the plumbing.
+
+ * gyp/gtk.gyp: Added.
+
+2011-04-07 Andrew Scherkus <scherkus@chromium.org>
+
+ Revert ENABLE_TRACK patch due to compile failures.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-07 Adam Barth <abarth@webkit.org>
+
+ Fix whitespace in GNUmakefile.am.
+
+ * GNUmakefile.am:
+
+2011-04-07 Gavin Barraclough <barraclough@apple.com>
+
+ Fix a couple of typos in comments that Darin spotted.
+
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_not):
+ * runtime/JSImmediate.h:
+
+2011-04-06 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+ Bug 58057 - Store boolean payload in low bit of JSImmediate
+
+ And remove some uncalled functions from JSImmediate.h
+
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitTagAsBoolImmediate):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_not):
+ * runtime/JSImmediate.h:
+ (JSC::JSImmediate::makeInt):
+ (JSC::JSImmediate::makeBool):
+ (JSC::JSImmediate::intValue):
+ (JSC::JSImmediate::boolValue):
+ (JSC::JSImmediate::asInt32):
+ (JSC::JSImmediate::toDouble):
+ (JSC::JSValue::asInt32):
+ (JSC::JSValue::isUInt32):
+ (JSC::JSValue::asUInt32):
+
+2011-04-07 Liang Qi <liang.qi@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt][Symbian] Enable webkit build with GCCE on Symbian.
+ https://bugs.webkit.org/show_bug.cgi?id=57841
+
+ * wtf/MathExtras.h: GCCE compiler doesn't support those std static functions.
+
+2011-04-06 Dai Mikurube <dmikurube@chromium.org>
+
+ Reviewed by David Levin.
+
+ Add QUOTA build flag for unified quota API
+ https://bugs.webkit.org/show_bug.cgi?id=57918
+
+ * Configurations/FeatureDefines.xcconfig: Added QUOTA build flag
+
+2011-04-06 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Darin Adler.
+
+ Make sure JS_EXPORT_PRIVATE is an empty define when we aren't using the export macros.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * config.h:
+
+2011-04-06 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Stop JSObject::isUsingInlineStorage() from using the structure
+ https://bugs.webkit.org/show_bug.cgi?id=57986
+
+ Make the isUsingInlineStorage() implementation just look at
+ whether the property storage is inside the object.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::isUsingInlineStorage):
+ (JSC::JSObject::JSObject):
+
+2011-04-06 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoff Garen.
+
+ Update comments documenting JSVALUE64/JSVALUE32_64 JSValue representations.
+
+ * runtime/JSImmediate.h:
+ * runtime/JSValue.h:
+
+2011-04-06 Lucas De Marchi <lucas.demarchi@profusion.mobi>
+
+ cmake: Fix build for ARMv7
+
+ * CMakeLists.txt: add missing file.
+
+2011-04-06 Liang Qi <liang.qi@nokia.com>
+
+ Reviewed by Benjamin Poulain.
+
+ Correct a include file name.
+ https://bugs.webkit.org/show_bug.cgi?id=57839
+
+ * wtf/PageAllocatorSymbian.h: It should be case sensitive. This fix
+ builds on Unix hosts.
+
+2011-04-06 Adam Roben <aroben@apple.com>
+
+ Build fix after r83056
+
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Added property svn:executable.
+
+2011-04-06 Adam Roben <aroben@apple.com>
+
+ Move JavaScriptCoreGenerated's file-copying logic out to a new script
+
+ Hopefully this will make it easier to modify this logic in the future. I also made the
+ script much quieter than the old logic, since it didn't seem helpful to see long lists of
+ filenames during the copying phase.
+
+ If we like this new style, we could copy it for our other projects.
+
+ Fixes <http://webkit.org/b/57950> JavaScriptCoreGenerated's file-copying logic is hard to
+ modify and noisy
+
+ Reviewed by Steve Falkenburg.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Moved logic to copy
+ files from here...
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: ...to here. (Added.)
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added copy-files.cmd
+ for convenience.
+
+2011-04-05 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Who likes export files? I do!
+
+2011-04-05 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Introduced the concept of opaque roots, in preparation for marking the DOM with them
+ https://bugs.webkit.org/show_bug.cgi?id=57903
+
+ * JavaScriptCore.exp: Who likes export files? I do!
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::isValidWeakHandle): Factored out a helper function for ASSERTs.
+
+ (JSC::WeakHandleOwner::~WeakHandleOwner): Moved from header to avoid
+ weak linkage problems.
+
+ (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): New callback.
+ Currently unused.
+
+ (JSC::WeakHandleOwner::finalize): Switched from pure virtual to a
+ default empty implementation, since not all clients necessarily want
+ or need non-trivial finalizers.
+
+ (JSC::HandleHeap::markWeakHandles): Split updateWeakHandles into two
+ passes. The first pass marks all reachable weak handles. The second pass
+ finalizes all unreachable weak handles. This must be two passes because
+ we don't know the set of finalizable weak handles until we're done
+ marking all weak handles.
+
+ (JSC::HandleHeap::finalizeWeakHandles): Use new helper function.
+
+ * collector/handles/HandleHeap.h: Ditto.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::reset): Split out handle marking from handle finalization.
+
+ * runtime/MarkStack.cpp:
+ (JSC::MarkStack::reset):
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::addOpaqueRoot):
+ (JSC::MarkStack::containsOpaqueRoot):
+ (JSC::MarkStack::opaqueRootCount):
+ (JSC::HeapRootMarker::markStack): New helper functions for managing the
+ set of opaque roots.
+
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::finalize): Renamed to match parent class declaration.
+
+2011-04-05 Balazs Kelemen <kbalazs@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Build fix for YarrParser.h
+ https://bugs.webkit.org/show_bug.cgi?id=57822
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
+
+2011-04-05 Steve Falkenburg <sfalken@apple.com>
+
+ Follow-up Windows build fix.
+ Don't skip react-to-vsprops-changes.py for all production builds,
+ only those initiated via JavaScriptCore.make.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.make:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+
+2011-04-05 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ REGRESSION (r82849): 85,000+ JSC-related leaks seen on SnowLeopard Intel Leaks
+ https://bugs.webkit.org/show_bug.cgi?id=57857
+
+ Whoops, accidentally removed a deref().
+
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+
+2011-04-05 Steve Falkenburg <sfalken@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add per-configuration vsprops files.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed inheritance from common.vsprops.
+ Set production environment variable before calling make.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Added.
+
+2011-04-05 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make caches window show more info about non-jsobject GC values
+ https://bugs.webkit.org/show_bug.cgi?id=57874
+
+ Add ClassInfo to the various internal JS types that currently
+ don't have any, and make the text for caches window show the
+ classname for non-JSObject instances.
+
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/Heap.cpp:
+ (JSC::TypeCounter::typeName):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/ScopeChain.cpp:
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StructureChain.cpp:
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::createStructure):
+
+2011-04-05 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Andreas Kling.
+
+ Cleanup StringConcatenate
+ https://bugs.webkit.org/show_bug.cgi?id=57836
+
+ Don't use PassRefPtr in local variables, properly store in RefPtrs and release on return.
+ Add a makeString() variant taking 9 arguments, needed by a follow-up patch.
+
+ * wtf/text/StringConcatenate.h:
+ (WTF::tryMakeString):
+ (WTF::makeString):
+
+2011-04-04 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r82876.
+ http://trac.webkit.org/changeset/82876
+ https://bugs.webkit.org/show_bug.cgi?id=57816
+
+ Caused a lot of test crashes (Requested by tkent on #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/FastMalloc.cpp:
+ (WTF::tryFastMalloc):
+ (WTF::fastMalloc):
+ (WTF::tryFastCalloc):
+ (WTF::fastCalloc):
+ (WTF::fastFree):
+ (WTF::tryFastRealloc):
+ (WTF::fastRealloc):
+ (WTF::fastMallocSize):
+ (WTF::TCMalloc_PageHeap::isScavengerSuspended):
+ (WTF::TCMalloc_PageHeap::scheduleScavenger):
+ (WTF::TCMalloc_PageHeap::suspendScavenger):
+ (WTF::TCMalloc_PageHeap::signalScavenger):
+ (WTF::TCMallocStats::malloc):
+ (WTF::TCMallocStats::free):
+ (WTF::TCMallocStats::fastCalloc):
+ (WTF::TCMallocStats::tryFastCalloc):
+ (WTF::TCMallocStats::calloc):
+ (WTF::TCMallocStats::fastRealloc):
+ (WTF::TCMallocStats::tryFastRealloc):
+ (WTF::TCMallocStats::realloc):
+ (WTF::TCMallocStats::fastMallocSize):
+ * wtf/FastMalloc.h:
+ (WTF::Internal::fastMallocMatchValidationType):
+ (WTF::Internal::fastMallocMatchValidationValue):
+ (WTF::Internal::setFastMallocMatchValidationType):
+ (WTF::fastMallocMatchValidateFree):
+ * wtf/Platform.h:
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Antti Koivisto.
+
+ Stop JSCell.h from including Structure.h
+ https://bugs.webkit.org/show_bug.cgi?id=57809
+
+ * runtime/GetterSetter.h:
+ * runtime/JSAPIValueWrapper.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toThisObject):
+ * runtime/JSString.h:
+ * runtime/ScopeChain.h:
+ * runtime/Structure.h:
+ (JSC::JSCell::isObject):
+ (JSC::JSCell::isString):
+ (JSC::JSCell::classInfo):
+ (JSC::JSCell::createDummyStructure):
+ (JSC::JSValue::needsThisConversion):
+ (JSC::MarkStack::internalAppend):
+ * runtime/StructureChain.h:
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Fix clang build.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMalloc):
+ (WTF::fastCalloc):
+ (WTF::fastRealloc):
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Remove accidental change to Platform.h
+
+ * wtf/Platform.h:
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Fixed a weak-handle-related leak in RegisterFile
+ https://bugs.webkit.org/show_bug.cgi?id=57793
+
+ * interpreter/RegisterFile.cpp: Nixed leaky GlobalObjectNotifier.
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::GlobalObjectOwner::finalize):
+ (JSC::RegisterFile::RegisterFile): Replaced GlobalObjectNotifier with
+ a per-RegisterFile weak handle owner, which does not leak.
+
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::set): Allow set() to take a context argument, since
+ RegisterFile now needs this. (Seems like it was an accidental omission
+ all along.)
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make malloc validation useful
+ https://bugs.webkit.org/show_bug.cgi?id=57502
+
+ This patch changes FAST_MALLOC_MATCH_VALIDATION with a general
+ corruption check that tags the beginning and end of all allocations
+ to check for write overflows and overwrites the contents of
+ memory on free in order to (hopefully) show up use-after-free issues
+ sooner.
+
+ We also turn it on by default for debug builds.
+
+ * JavaScriptCore.exp:
+ * wtf/FastMalloc.cpp:
+ (WTF::tryFastMalloc):
+ (WTF::fastMalloc):
+ (WTF::tryFastCalloc):
+ (WTF::fastCalloc):
+ (WTF::fastFree):
+ (WTF::tryFastRealloc):
+ (WTF::fastRealloc):
+ (WTF::TCMalloc_PageHeap::isScavengerSuspended):
+ (WTF::TCMalloc_PageHeap::scheduleScavenger):
+ (WTF::TCMalloc_PageHeap::suspendScavenger):
+ (WTF::TCMalloc_PageHeap::signalScavenger):
+ (WTF::TCMallocStats::malloc):
+ (WTF::TCMallocStats::free):
+ (WTF::TCMallocStats::fastCalloc):
+ (WTF::TCMallocStats::tryFastCalloc):
+ (WTF::TCMallocStats::calloc):
+ (WTF::TCMallocStats::fastRealloc):
+ (WTF::TCMallocStats::tryFastRealloc):
+ (WTF::TCMallocStats::realloc):
+ * wtf/FastMalloc.h:
+ (WTF::Internal::fastMallocValidationHeader):
+ (WTF::Internal::fastMallocValidationSuffix):
+ (WTF::Internal::fastMallocMatchValidationType):
+ (WTF::Internal::setFastMallocMatchValidationType):
+ (WTF::fastMallocMatchValidateFree):
+ (WTF::fastMallocValidate):
+ * wtf/Platform.h:
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Renamed clearWeakPointers => updateWeakHandles and removed misleading comment
+ https://bugs.webkit.org/show_bug.cgi?id=57790
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::updateWeakHandles): Updated for rename.
+
+ * collector/handles/HandleHeap.h: Removed comment claiming that this
+ function should only be called during teardown, because it's actually
+ called after every GC pass.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::markRoots): Updated for rename.
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Standardized handling of handles for immediate values
+ https://bugs.webkit.org/show_bug.cgi?id=57788
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::clearWeakPointers): Don't check for null or non-cell
+ values here, because our write barrier guarantees that such values are
+ not in the weak list.
+
+ (JSC::HandleHeap::writeBarrier): Standardized on checking for null before
+ checking for cell, and on using early return instead of if/else.
+
+ * collector/handles/HandleHeap.h:
+ (JSC::HandleHeap::deallocate):
+ (JSC::HandleHeap::makeWeak): Ditto.
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Not reviewed.
+
+ Removed a redundant variable from HandleHeap
+ https://bugs.webkit.org/show_bug.cgi?id=57786
+
+ Forgot to commit the file that actually removes the data member!
+
+ * collector/handles/HandleHeap.h:
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed a redundant variable from HandleHeap
+ https://bugs.webkit.org/show_bug.cgi?id=57786
+
+ We don't need a specific variable to indicate that we're in the middle
+ of the finalization phase, since m_nextToFinalize already does this.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::HandleHeap):
+ (JSC::HandleHeap::clearWeakPointers):
+ (JSC::HandleHeap::writeBarrier):
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Renamed Finalizer => WeakHandleOwner (in preparation for adding a reachability callback)
+ https://bugs.webkit.org/show_bug.cgi?id=57775
+
+ Also renamed noFinalizer => emptyWeakOwner, since this is really an
+ optimization for a weak owner with empty callbacks.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::clearWeakPointers): Updated for renames. Removed
+ redundant initialization of m_nextToFinalize. Moved deletion check inside
+ weak owner check, since the weak owner can't delete the node if there is
+ no weak owner!
+
+ * collector/handles/HandleHeap.h:
+ (JSC::WeakHandleOwner::~WeakHandleOwner):
+ (JSC::HandleHeap::makeWeak): Updated for renames.
+
+ (JSC::HandleHeap::hasWeakOwner): Changed getFinalizer to hasWeakOwner,
+ to clarify this function's role in assertions.
+
+ (JSC::HandleHeap::Node::Node):
+ (JSC::HandleHeap::Node::makeWeak):
+ (JSC::HandleHeap::Node::isWeak):
+ (JSC::HandleHeap::Node::weakOwner):
+ (JSC::HandleHeap::Node::weakOwnerContext):
+ (JSC::HandleHeap::Node::emptyWeakOwner):
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::globalObjectCollectedNotifier):
+ * interpreter/RegisterFile.h:
+ * runtime/WeakGCMap.h:
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::WeakGCPtr):
+ (JSC::WeakGCPtr::set): Updated for renames.
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Fix WinCE build.
+
+ * bytecode/Instruction.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::tryCachePutByID):
+ (JSC::Interpreter::tryCacheGetByID):
+
+2011-04-04 Adam Roben <aroben@apple.com>
+
+ Delete mt.dep files when doing a clean build due to .vsprops file changes
+
+ Apparently this is yet another file that Visual Studio can't figure out it needs to rebuild.
+
+ Fixes <http://webkit.org/b/57777> r82850 failed to build on Windows Debug (Build)
+
+ Reviewed by Brian Weinstein.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
+ (main): Added dep to the list of extensions we look for when choosing files to delete.
+
+2011-04-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make StructureChain GC allocated
+ https://bugs.webkit.org/show_bug.cgi?id=56695
+
+ Make StructureChain GC allocated, and make the various owners
+ mark it correctly.
+
+ * JavaScriptCore.exp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::derefStructures):
+ (JSC::CodeBlock::refStructures):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ (JSC::PolymorphicAccessStructureList::derefStructures):
+ (JSC::PolymorphicAccessStructureList::markAggregate):
+ (JSC::Instruction::Instruction):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::markAggregate):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdChain):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+ * collector/handles/Handle.h:
+ (JSC::HandleConverter::operator->):
+ (JSC::HandleConverter::operator*):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::markIfNeeded):
+ * runtime/JSGlobalObject.h:
+ (JSC::Structure::prototypeChain):
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::markChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ (JSC::JSPropertyNameIterator::get):
+ (JSC::JSPropertyNameIterator::markChildren):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
+ * runtime/JSZombie.cpp:
+ (JSC::JSZombie::leakedZombieStructure):
+ * runtime/JSZombie.h:
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::sweep):
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransition):
+ * runtime/Structure.h:
+ (JSC::Structure::markAggregate):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ (JSC::StructureChain::~StructureChain):
+ (JSC::StructureChain::markChildren):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ (JSC::StructureChain::createStructure):
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+
+2011-04-01 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed some complexity from HandleHeap
+ https://bugs.webkit.org/show_bug.cgi?id=57650
+
+ Eliminated pointer-tagging flags.
+
+ Tied being weak to having a finalizer (or at least a finalizer sentinel).
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::clearWeakPointers): Removed the special self-destroying
+ flag. It was unused. If we bring it back, we'll probably use a shared
+ autodeallocating finalizer instead.
+
+ * collector/handles/HandleHeap.h:
+ (JSC::HandleHeap::makeWeak): makeWeak and adding a finalizer are now
+ a single, atomic operation -- this makes the relationship between
+ finalizers and weak pointers clearer, and impossible to get wrong.
+
+ (JSC::HandleHeap::Node::Node):
+ (JSC::HandleHeap::Node::handleHeap): No more flags.
+
+ (JSC::HandleHeap::Node::makeWeak):
+ (JSC::HandleHeap::Node::isWeak): Ditto above. We use a special sentienl
+ value in the finalizer slot to indicate that a handle is weak but doesn't
+ require an external function call for finalization.
+
+2011-04-01 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed WeakGCMap::deprecatedRemove because it was deprecated and unused
+ https://bugs.webkit.org/show_bug.cgi?id=57648
+
+ * runtime/WeakGCMap.h:
+
+2011-04-01 Adam Roben <aroben@apple.com>
+
+ Maintain the invariant that Lexer::m_current is set to -1 when at the end of the code buffer
+
+ Covered by existing tests.
+
+ Fixes <http://webkit.org/b/56699>.
+
+ Reviewed by Oliver Hunt.
+
+ * parser/Lexer.h:
+ (JSC::Lexer::setOffset): Copied code from Lexer::shift to update m_current, because
+ supposedly the idiom that function uses is fast.
+
+2011-03-31 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Oliver Hunt.
+
+ SH4 JIT SUPPORT.
+ https://bugs.webkit.org/show_bug.cgi?id=44329
+
+ Add YARR support for SH4 platforms (disabled by default).
+
+ * GNUmakefile.am:
+ * assembler/MacroAssembler.h:
+ * assembler/MacroAssemblerSH4.cpp: Added.
+ * assembler/MacroAssemblerSH4.h: Added.
+ * assembler/SH4Assembler.h: Added.
+ * yarr/YarrJIT.cpp:
+
+2011-03-30 Adam Roben <aroben@apple.com>
+
+ Clean build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln: Serialized project dependencies so projects
+ don't try to build in parallel (which doesn't mesh with our buildfailed mechanism).
+
+2011-03-30 Oliver Hunt <oliver@apple.com>
+
+ Rollout r82500
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::derefStructures):
+ (JSC::CodeBlock::refStructures):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ (JSC::PolymorphicAccessStructureList::derefStructures):
+ (JSC::Instruction::Instruction):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdChain):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITStubs.cpp:
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::markIfNeeded):
+ * runtime/JSGlobalObject.h:
+ (JSC::Structure::prototypeChain):
+ * runtime/JSObject.h:
+ (JSC::JSObject::markChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ (JSC::JSPropertyNameIterator::get):
+ (JSC::JSPropertyNameIterator::markChildren):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/Structure.h:
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+
+2011-03-29 Matthew Delaney <mdelaney@apple.com>
+
+ Reviewed by Simon Fraser.
+
+ Use the Accelerate vImage vectorized (un)premultiplyImageData functions for ImageBufferCG
+
+ https://bugs.webkit.org/show_bug.cgi?id=53134
+
+ * wtf/Platform.h: Added in WTF flag for using the Accelerate framework
+
+2011-03-30 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Share most vsprops between Release and Production builds in releaseproduction.vsprops
+ https://bugs.webkit.org/show_bug.cgi?id=57508
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
+
+2011-03-30 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Explicitly prevent testapi and minidom from being installed rather than relying
+ on Xcode's current behavior of not installing if INSTALL_PATH is not explicitly
+ set at the target level.
+
+ <rdar://problem/9206357>
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-03-30 Timur Iskhodzhanov <timurrrr@google.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add some dynamic annotations to JavaScriptCore/wtf
+ https://bugs.webkit.org/show_bug.cgi?id=53747
+
+ By using these annotations we can improve the precision of finding
+ WebKit errors using dynamic analysis tools like ThreadSanitizer and Valgrind.
+ These annotations don't affect the compiled binaries unless USE(DYNAMIC_ANNOTATIONS) is "1".
+
+ These files don't add new functionality, so don't need extra tests.
+
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/DynamicAnnotations.cpp: Added.
+ (WTFAnnotateBenignRaceSized):
+ (WTFAnnotateHappensBefore):
+ (WTFAnnotateHappensAfter):
+ * wtf/DynamicAnnotations.h: Added.
+ * wtf/ThreadSafeRefCounted.h:
+ (WTF::ThreadSafeRefCountedBase::derefBase):
+ * wtf/text/StringStatics.cpp:
+ (WTF::StringImpl::empty):
+
+2011-03-30 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make StructureChain GC allocated
+ https://bugs.webkit.org/show_bug.cgi?id=56695
+
+ Make StructureChain GC allocated, and make the various owners
+ mark it correctly.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::derefStructures):
+ (JSC::CodeBlock::refStructures):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ (JSC::PolymorphicAccessStructureList::derefStructures):
+ (JSC::PolymorphicAccessStructureList::markAggregate):
+ (JSC::Instruction::Instruction):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::markAggregate):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdChain):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITStubs.cpp:
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::markIfNeeded):
+ * runtime/JSGlobalObject.h:
+ (JSC::Structure::prototypeChain):
+ * runtime/JSObject.h:
+ (JSC::JSObject::markChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ (JSC::JSPropertyNameIterator::get):
+ (JSC::JSPropertyNameIterator::markChildren):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/Structure.h:
+ (JSC::Structure::cachedPrototypeChainSlot):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ (JSC::StructureChain::createStructure):
+
+2011-03-30 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Update Windows production build logic for new production configurations
+ https://bugs.webkit.org/show_bug.cgi?id=57494
+
+ * JavaScriptCore.vcproj/JavaScriptCore.make:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
+
+2011-03-30 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Rename Windows configuration Release_LTCG to Production for clarity
+ https://bugs.webkit.org/show_bug.cgi?id=57465
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Removed.
+ * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Removed.
+ * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+ * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops.
+ * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Removed.
+ * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+ * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops.
+ * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Removed.
+
+2011-03-30 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+
+ Reviewed by Maciej Stachowiak.
+
+ Add the NEXT_OPCODE() macro to the DFG-JIT parser
+ https://bugs.webkit.org/show_bug.cgi?id=57322
+
+ In JavaScriptCore we use macros to jump to the next opcode
+ (both in interpreter and JIT). This macro is added to the
+ DFG-JIT parser as well.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+
+2011-03-29 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ ~25% regression on v8-splay in the SunSpider harness
+ https://bugs.webkit.org/show_bug.cgi?id=56128
+
+ I'm not sure if this is the root cause of the regression Stephanie
+ measured, but it seems to get us back to previous v8-splay times.
+
+ SunSpider reports no change. v8-splay says 41% faster.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::reset): Make marking proportional to 1X the size of the heap,
+ not .5X the size of the heap. When the heap is large, this makes a big
+ difference. (Our old heap growth policy matched this. You can see by
+ looking at resizeBlocks in revisions prior to r77699.)
+
+2011-03-29 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Use per-configuration vsprops in JavaScriptCore to avoid WebKitVSPropsRedirectionDir removal by MSVC IDE
+ https://bugs.webkit.org/show_bug.cgi?id=57350
+
+ Visual Studio's IDE was removing instances of $(WebKitVSPropsRedirectionDir) from
+ InheritedPropertySheet rules in our vcproj files when the vcproj was edited from within
+ the IDE. To avoid this, add a separate vsprops file for each project configuration that
+ contains the required inherited property sheets.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+ * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+ * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Added.
+
+2011-03-29 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Eric Seidel.
+
+ REGRESSION(r82173): Causes assertion and test failures in run-javascriptcore-tests on Windows (Requested by aroben on #webkit).
+ https://bugs.webkit.org/show_bug.cgi?id=57333
+
+ constructDate now takes the global object explicitly as it may be called
+ by functions other than the constructor itself.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectMakeDate):
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ (JSC::constructWithDateConstructor):
+ * runtime/DateConstructor.h:
+
+2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Benjamin Poulain.
+
+ https://bugs.webkit.org/show_bug.cgi?id=41953
+
+ Fix compile error on Solaris 10/Sun Studio 12 CC emanating from MathExtras.h
+
+ * wtf/MathExtras.h:
+
+2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=57231
+ Add conditional for SUNCC supporting alignment macros
+
+ Compile fix for Solaris 10/Sun Studio 12 CC
+
+ * wtf/Vector.h:
+
+2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=57256
+
+ Fix crash on misaligned reads on Solaris 10/Sparc
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::equal):
+
+2011-03-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ instanceof Array test fails when using iframes
+ https://bugs.webkit.org/show_bug.cgi?id=17250
+
+ This is a problem with all built in constructors, the use of
+ lexicalGlobalObject rather than the constructors own
+ global object reference means that a builtin will always use
+ the prototype from the lexical global object rather than that
+ of the constructors origin.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectMakeFunction):
+ (JSObjectMakeRegExp):
+ * JavaScriptCore.exp:
+ * runtime/ArrayConstructor.cpp:
+ (JSC::constructArrayWithSizeQuirk):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::constructBoolean):
+ (JSC::constructBooleanFromImmediateBoolean):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ * runtime/DateInstance.cpp:
+ * runtime/DateInstance.h:
+ * runtime/ErrorConstructor.cpp:
+ (JSC::constructWithErrorConstructor):
+ (JSC::callErrorConstructor):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructWithFunctionConstructor):
+ (JSC::callFunctionConstructor):
+ (JSC::constructFunction):
+ * runtime/FunctionConstructor.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlot):
+ (JSC::JSCell::put):
+ (JSC::JSCell::deleteProperty):
+ (JSC::JSCell::toThisObject):
+ (JSC::JSCell::toObject):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toObject):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::toObject):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::toObject):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ (JSC::JSString::toObject):
+ (JSC::JSString::toThisObject):
+ * runtime/JSString.h:
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toObjectSlowCase):
+ (JSC::JSValue::toThisObjectSlowCase):
+ (JSC::JSValue::synthesizeObject):
+ * runtime/JSValue.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::constructWithNumberConstructor):
+ * runtime/NumberObject.cpp:
+ (JSC::constructNumber):
+ * runtime/NumberObject.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::constructObject):
+ (JSC::constructWithObjectConstructor):
+ (JSC::callObjectConstructor):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ (JSC::constructWithRegExpConstructor):
+ (JSC::callRegExpConstructor):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::constructWithStringConstructor):
+ * runtime/StringObject.h:
+
+2011-03-28 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ REGRESSION [r78794-r79249] Allocation of memory is slow when number of active objects is large
+ https://bugs.webkit.org/show_bug.cgi?id=56823
+
+ Partial fix for most of the problem. (TOT still shows a regression, though.)
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::reportExtraMemoryCostSlowCase): Use highWaterMark(), instead of
+ capacity(), since capacity() is O(n) relative to the size of the heap.
+
+ In limited circumstances, capacity() is also worse than highWaterMark()
+ for measuring extra cost relative to heap size, since capacity() only
+ measures the *current* capacity of the heap, but the heap will grow if
+ necessary to attain highWaterMark().
+
+2011-03-28 Oliver Hunt <oliver@apple.com>
+
+ REGRESSION(r82130): It made all tests crash (Requested by Ossy on #webkit).
+ https://bugs.webkit.org/show_bug.cgi?id=57251
+
+ Build fix, had remnant of another patch in r82130
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+
+2011-03-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Add additional immediate types to allow us to distinguish the source of a JIT immediate
+ https://bugs.webkit.org/show_bug.cgi?id=57190
+
+ Allow us to distinguish whether a JIT immediate is a value that we
+ control (TrustedImm32 and TrustedImmPtr) vs. ones that can be controlled
+ or influenced by code we are compiling. Currently we do nothing with this
+ information -- this change is large and mechanical but would obscure any
+ logic changes that we would have made.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
+ (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
+ (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
+ (JSC::AbstractMacroAssembler::Imm32::Imm32):
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::pop):
+ (JSC::MacroAssembler::poke):
+ (JSC::MacroAssembler::branchPtr):
+ (JSC::MacroAssembler::branch32):
+ (JSC::MacroAssembler::addPtr):
+ (JSC::MacroAssembler::andPtr):
+ (JSC::MacroAssembler::orPtr):
+ (JSC::MacroAssembler::subPtr):
+ (JSC::MacroAssembler::xorPtr):
+ (JSC::MacroAssembler::setPtr):
+ (JSC::MacroAssembler::storePtr):
+ (JSC::MacroAssembler::branchTestPtr):
+ (JSC::MacroAssembler::branchSubPtr):
+ (JSC::MacroAssembler::branchTest8):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::add32):
+ (JSC::MacroAssemblerARM::and32):
+ (JSC::MacroAssemblerARM::lshift32):
+ (JSC::MacroAssemblerARM::mul32):
+ (JSC::MacroAssemblerARM::or32):
+ (JSC::MacroAssemblerARM::rshift32):
+ (JSC::MacroAssemblerARM::urshift32):
+ (JSC::MacroAssemblerARM::sub32):
+ (JSC::MacroAssemblerARM::xor32):
+ (JSC::MacroAssemblerARM::store32):
+ (JSC::MacroAssemblerARM::push):
+ (JSC::MacroAssemblerARM::move):
+ (JSC::MacroAssemblerARM::branch8):
+ (JSC::MacroAssemblerARM::branch32):
+ (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerARM::branch16):
+ (JSC::MacroAssemblerARM::branchTest8):
+ (JSC::MacroAssemblerARM::branchTest32):
+ (JSC::MacroAssemblerARM::branchAdd32):
+ (JSC::MacroAssemblerARM::branchMul32):
+ (JSC::MacroAssemblerARM::branchSub32):
+ (JSC::MacroAssemblerARM::set32Compare32):
+ (JSC::MacroAssemblerARM::set8Compare32):
+ (JSC::MacroAssemblerARM::set32Test32):
+ (JSC::MacroAssemblerARM::set32Test8):
+ (JSC::MacroAssemblerARM::moveWithPatch):
+ (JSC::MacroAssemblerARM::branchPtrWithPatch):
+ (JSC::MacroAssemblerARM::storePtrWithPatch):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::add32):
+ (JSC::MacroAssemblerARMv7::and32):
+ (JSC::MacroAssemblerARMv7::lshift32):
+ (JSC::MacroAssemblerARMv7::mul32):
+ (JSC::MacroAssemblerARMv7::or32):
+ (JSC::MacroAssemblerARMv7::rshift32):
+ (JSC::MacroAssemblerARMv7::urshift32):
+ (JSC::MacroAssemblerARMv7::sub32):
+ (JSC::MacroAssemblerARMv7::xor32):
+ (JSC::MacroAssemblerARMv7::load32):
+ (JSC::MacroAssemblerARMv7::load32WithAddressOffsetPatch):
+ (JSC::MacroAssemblerARMv7::load16):
+ (JSC::MacroAssemblerARMv7::store32WithAddressOffsetPatch):
+ (JSC::MacroAssemblerARMv7::store32):
+ (JSC::MacroAssemblerARMv7::loadDouble):
+ (JSC::MacroAssemblerARMv7::storeDouble):
+ (JSC::MacroAssemblerARMv7::push):
+ (JSC::MacroAssemblerARMv7::move):
+ (JSC::MacroAssemblerARMv7::compare32):
+ (JSC::MacroAssemblerARMv7::test32):
+ (JSC::MacroAssemblerARMv7::branch32):
+ (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerARMv7::branch16):
+ (JSC::MacroAssemblerARMv7::branch8):
+ (JSC::MacroAssemblerARMv7::branchTest32):
+ (JSC::MacroAssemblerARMv7::branchTest8):
+ (JSC::MacroAssemblerARMv7::branchAdd32):
+ (JSC::MacroAssemblerARMv7::branchMul32):
+ (JSC::MacroAssemblerARMv7::branchSub32):
+ (JSC::MacroAssemblerARMv7::nearCall):
+ (JSC::MacroAssemblerARMv7::call):
+ (JSC::MacroAssemblerARMv7::set32Compare32):
+ (JSC::MacroAssemblerARMv7::set8Compare32):
+ (JSC::MacroAssemblerARMv7::set32Test32):
+ (JSC::MacroAssemblerARMv7::set32Test8):
+ (JSC::MacroAssemblerARMv7::moveWithPatch):
+ (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
+ (JSC::MacroAssemblerARMv7::storePtrWithPatch):
+ (JSC::MacroAssemblerARMv7::tailRecursiveCall):
+ (JSC::MacroAssemblerARMv7::makeJump):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+ (JSC::MacroAssemblerARMv7::setupArmAddress):
+ (JSC::MacroAssemblerARMv7::makeBaseIndexBase):
+ (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::add32):
+ (JSC::MacroAssemblerMIPS::and32):
+ (JSC::MacroAssemblerMIPS::lshift32):
+ (JSC::MacroAssemblerMIPS::mul32):
+ (JSC::MacroAssemblerMIPS::or32):
+ (JSC::MacroAssemblerMIPS::rshift32):
+ (JSC::MacroAssemblerMIPS::urshift32):
+ (JSC::MacroAssemblerMIPS::sub32):
+ (JSC::MacroAssemblerMIPS::xor32):
+ (JSC::MacroAssemblerMIPS::load32):
+ (JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch):
+ (JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch):
+ (JSC::MacroAssemblerMIPS::store32):
+ (JSC::MacroAssemblerMIPS::push):
+ (JSC::MacroAssemblerMIPS::move):
+ (JSC::MacroAssemblerMIPS::branch8):
+ (JSC::MacroAssemblerMIPS::branch32):
+ (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerMIPS::branch16):
+ (JSC::MacroAssemblerMIPS::branchTest32):
+ (JSC::MacroAssemblerMIPS::branchTest8):
+ (JSC::MacroAssemblerMIPS::branchAdd32):
+ (JSC::MacroAssemblerMIPS::branchMul32):
+ (JSC::MacroAssemblerMIPS::branchSub32):
+ (JSC::MacroAssemblerMIPS::set8Compare32):
+ (JSC::MacroAssemblerMIPS::set32Compare32):
+ (JSC::MacroAssemblerMIPS::set32Test8):
+ (JSC::MacroAssemblerMIPS::set32Test32):
+ (JSC::MacroAssemblerMIPS::moveWithPatch):
+ (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
+ (JSC::MacroAssemblerMIPS::storePtrWithPatch):
+ (JSC::MacroAssemblerMIPS::tailRecursiveCall):
+ (JSC::MacroAssemblerMIPS::loadDouble):
+ (JSC::MacroAssemblerMIPS::storeDouble):
+ (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::add32):
+ (JSC::MacroAssemblerX86::addWithCarry32):
+ (JSC::MacroAssemblerX86::and32):
+ (JSC::MacroAssemblerX86::or32):
+ (JSC::MacroAssemblerX86::sub32):
+ (JSC::MacroAssemblerX86::store32):
+ (JSC::MacroAssemblerX86::branch32):
+ (JSC::MacroAssemblerX86::moveWithPatch):
+ (JSC::MacroAssemblerX86::branchPtrWithPatch):
+ (JSC::MacroAssemblerX86::storePtrWithPatch):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::add32):
+ (JSC::MacroAssemblerX86Common::and32):
+ (JSC::MacroAssemblerX86Common::lshift32):
+ (JSC::MacroAssemblerX86Common::mul32):
+ (JSC::MacroAssemblerX86Common::or32):
+ (JSC::MacroAssemblerX86Common::rshift32):
+ (JSC::MacroAssemblerX86Common::urshift32):
+ (JSC::MacroAssemblerX86Common::sub32):
+ (JSC::MacroAssemblerX86Common::xor32):
+ (JSC::MacroAssemblerX86Common::store32):
+ (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
+ (JSC::MacroAssemblerX86Common::push):
+ (JSC::MacroAssemblerX86Common::move):
+ (JSC::MacroAssemblerX86Common::branch8):
+ (JSC::MacroAssemblerX86Common::branch32):
+ (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerX86Common::branch16):
+ (JSC::MacroAssemblerX86Common::branchTest32):
+ (JSC::MacroAssemblerX86Common::branchTest8):
+ (JSC::MacroAssemblerX86Common::branchAdd32):
+ (JSC::MacroAssemblerX86Common::branchMul32):
+ (JSC::MacroAssemblerX86Common::branchSub32):
+ (JSC::MacroAssemblerX86Common::set8Compare32):
+ (JSC::MacroAssemblerX86Common::set32Compare32):
+ (JSC::MacroAssemblerX86Common::set32Test8):
+ (JSC::MacroAssemblerX86Common::set32Test32):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::add32):
+ (JSC::MacroAssemblerX86_64::and32):
+ (JSC::MacroAssemblerX86_64::or32):
+ (JSC::MacroAssemblerX86_64::sub32):
+ (JSC::MacroAssemblerX86_64::loadDouble):
+ (JSC::MacroAssemblerX86_64::addDouble):
+ (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
+ (JSC::MacroAssemblerX86_64::store32):
+ (JSC::MacroAssemblerX86_64::call):
+ (JSC::MacroAssemblerX86_64::tailRecursiveCall):
+ (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
+ (JSC::MacroAssemblerX86_64::addPtr):
+ (JSC::MacroAssemblerX86_64::andPtr):
+ (JSC::MacroAssemblerX86_64::orPtr):
+ (JSC::MacroAssemblerX86_64::subPtr):
+ (JSC::MacroAssemblerX86_64::xorPtr):
+ (JSC::MacroAssemblerX86_64::storePtr):
+ (JSC::MacroAssemblerX86_64::setPtr):
+ (JSC::MacroAssemblerX86_64::branchPtr):
+ (JSC::MacroAssemblerX86_64::branchTestPtr):
+ (JSC::MacroAssemblerX86_64::branchSubPtr):
+ (JSC::MacroAssemblerX86_64::moveWithPatch):
+ (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
+ (JSC::MacroAssemblerX86_64::storePtrWithPatch):
+ (JSC::MacroAssemblerX86_64::branchTest8):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jitAssertIsInt32):
+ (JSC::DFG::JITCompiler::emitCount):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitTimeoutCheck):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_urshift):
+ (JSC::JIT::emitSlow_op_urshift):
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec):
+ (JSC::JIT::emit_op_mod):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_negate):
+ (JSC::JIT::emit_op_jnless):
+ (JSC::JIT::emit_op_jless):
+ (JSC::JIT::emit_op_jlesseq):
+ (JSC::JIT::emit_op_lshift):
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emitRightShiftSlowCase):
+ (JSC::JIT::emit_op_bitand):
+ (JSC::JIT::emit_op_bitor):
+ (JSC::JIT::emit_op_bitxor):
+ (JSC::JIT::emit_op_bitnot):
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emitSlow_op_post_dec):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec):
+ (JSC::JIT::emit_op_add):
+ (JSC::JIT::emitAdd32Constant):
+ (JSC::JIT::emit_op_sub):
+ (JSC::JIT::emitSub32Constant):
+ (JSC::JIT::emitBinaryDoubleOp):
+ (JSC::JIT::emit_op_mul):
+ (JSC::JIT::emitSlow_op_mul):
+ (JSC::JIT::emit_op_div):
+ (JSC::JIT::emit_op_mod):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitPutCellToCallFrameHeader):
+ (JSC::JIT::emitPutIntToCallFrameHeader):
+ (JSC::JIT::emitPutImmediateToCallFrameHeader):
+ (JSC::JIT::emitLoadCharacterString):
+ (JSC::JIT::restoreArgumentReferenceForTrampoline):
+ (JSC::JIT::checkStructure):
+ (JSC::JIT::setSamplingFlag):
+ (JSC::JIT::clearSamplingFlag):
+ (JSC::JIT::emitCount):
+ (JSC::JIT::sampleInstruction):
+ (JSC::JIT::sampleCodeBlock):
+ (JSC::JIT::emitStoreInt32):
+ (JSC::JIT::emitStoreCell):
+ (JSC::JIT::emitStoreBool):
+ (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+ (JSC::JIT::emitInitRegister):
+ (JSC::JIT::emitJumpIfJSCell):
+ (JSC::JIT::emitJumpIfNotJSCell):
+ (JSC::JIT::emitJumpIfImmediateInteger):
+ (JSC::JIT::emitJumpIfNotImmediateInteger):
+ (JSC::JIT::emitFastArithDeTagImmediate):
+ (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+ (JSC::JIT::emitFastArithReTagImmediate):
+ (JSC::JIT::emitTagAsBoolImmediate):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_check_has_instance):
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_to_primitive):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_ensure_property_exists):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_jneq_ptr):
+ (JSC::JIT::emit_op_jsr):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_new_func_exp):
+ (JSC::JIT::emit_op_jtrue):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_to_jsnumber):
+ (JSC::JIT::emit_op_push_new_scope):
+ (JSC::JIT::emit_op_catch):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ (JSC::JIT::emit_op_init_lazy_reg):
+ (JSC::JIT::emit_op_convert_this):
+ (JSC::JIT::emit_op_convert_this_strict):
+ (JSC::JIT::emitSlow_op_not):
+ (JSC::JIT::emitSlow_op_neq):
+ (JSC::JIT::emit_op_get_arguments_length):
+ (JSC::JIT::emitSlow_op_get_arguments_length):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ (JSC::JIT::emitSlow_op_resolve_global_dynamic):
+ (JSC::JIT::emit_op_new_regexp):
+ (JSC::JIT::emit_op_load_varargs):
+ (JSC::JIT::emitSlow_op_load_varargs):
+ (JSC::JIT::emit_op_new_func):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_loop_if_lesseq):
+ (JSC::JIT::emit_op_check_has_instance):
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_tear_off_activation):
+ (JSC::JIT::emit_op_tear_off_arguments):
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_to_primitive):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_ensure_property_exists):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jtrue):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_jneq_ptr):
+ (JSC::JIT::emit_op_jsr):
+ (JSC::JIT::emit_op_eq):
+ (JSC::JIT::emitSlow_op_eq):
+ (JSC::JIT::emit_op_neq):
+ (JSC::JIT::emitSlow_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_new_func_exp):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_to_jsnumber):
+ (JSC::JIT::emit_op_push_new_scope):
+ (JSC::JIT::emit_op_catch):
+ (JSC::JIT::emit_op_create_activation):
+ (JSC::JIT::emit_op_create_arguments):
+ (JSC::JIT::emit_op_convert_this):
+ (JSC::JIT::emit_op_convert_this_strict):
+ (JSC::JIT::emit_op_get_arguments_length):
+ (JSC::JIT::emitSlow_op_get_arguments_length):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ (JSC::JIT::softModulo):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_get_by_pname):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_index):
+ (JSC::JIT::emit_op_put_getter):
+ (JSC::JIT::emit_op_put_setter):
+ (JSC::JIT::emit_op_del_by_id):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::testPrototype):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_getter):
+ (JSC::JIT::emit_op_put_setter):
+ (JSC::JIT::emit_op_del_by_id):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::testPrototype):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ (JSC::JIT::emit_op_get_by_pname):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::addArgument):
+ * jit/JITStubs.cpp:
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
+ (JSC::JSInterfaceJIT::emitLoadInt32):
+ (JSC::JSInterfaceJIT::emitLoadDouble):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
+ (JSC::SpecializedThunkJIT::loadJSStringArgument):
+ (JSC::SpecializedThunkJIT::tagReturnAsInt32):
+ (JSC::SpecializedThunkJIT::tagReturnAsJSCell):
+ * jit/ThunkGenerators.cpp:
+ (JSC::charToString):
+ (JSC::powThunkGenerator):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::matchCharacterClass):
+ (JSC::Yarr::YarrGenerator::storeToFrame):
+ (JSC::Yarr::YarrGenerator::storeToFrameWithPatch):
+ (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterSingle):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
+ (JSC::Yarr::YarrGenerator::generateDisjunction):
+
+2011-03-28 Andras Becsi <abecsi@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Fix the linking of jsc with MinGW after r81963.
+
+ * jsc.pro: add -l and remove the lib suffix.
+
+2011-03-27 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ https://bugs.webkit.org/show_bug.cgi?id=57170 Fix last elements
+ in an enum to remove a trailing comma. Sun Studio 12 CC errors out.
+
+ Compile fix only, no actual code change.
+
+ * wtf/MessageQueue.h:
+
+2011-03-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Allow defineOwnProperty to work on DOMObjects
+ https://bugs.webkit.org/show_bug.cgi?id=57129
+
+ Fix a couple of places where we uses getter()/setter() rather
+ than [gs]etterPresent().
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+
+2011-03-25 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Crash when paused at a breakpoint caused by inaccurate Activation records.
+ https://bugs.webkit.org/show_bug.cgi?id=57120
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::getOwnPropertyNames):
+ (JSC::JSActivation::symbolTablePutWithAttributes):
+
+2011-03-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Crash in debugger beneath MarkStack::drain @ me.com, ibm.com
+ https://bugs.webkit.org/show_bug.cgi?id=57080
+ <rdar://problem/8525907>
+
+ The crash was caused by changes in the executable after recompilation.
+
+ The fix is for the activation to copy the data it needs instead of
+ relying on the data in the executable.
+
+ SunSpider and v8 report no change.
+
+ * runtime/Arguments.h:
+ (JSC::JSActivation::copyRegisters): Use our own data members instead of
+ reading data out of the executable.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation): Initialize our data members.
+
+ (JSC::JSActivation::markChildren):
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::getOwnPropertyNames):
+ (JSC::JSActivation::symbolTablePutWithAttributes):
+ (JSC::JSActivation::isDynamicScope):
+ (JSC::JSActivation::argumentsGetter): Use our own data members instead of
+ reading data out of the executable.
+
+ * runtime/JSActivation.h: Added new data members to track data previously
+ tracked by the executable. Since I've removed the executable pointer,
+ on a 64bit system, I've only made activations bigger by an int.
+
+2011-03-25 David Kilzer <ddkilzer@apple.com>
+
+ Remove duplicate entry from JavaScriptCore.exp
+
+ JSC::createStackOverflowError(JSC::ExecState*) was originally
+ exported in r60057, then duplicated in r60392.
+
+ * JavaScriptCore.exp: Removed duplicate entry.
+
+2011-03-25 Jarred Nicholls <jarred@sencha.com>
+
+ Reviewed by Ariya Hidayat.
+
+ [Qt] MSVC Build Error - need to link advapi32.lib for jsc.exe
+ https://bugs.webkit.org/show_bug.cgi?id=56098
+
+ Need to link advapi32.lib for jsc.exe since wtf/OSRandomSource.cpp uses the Win32 Crypto API
+
+ * jsc.pro:
+
+2011-03-24 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Darin Adler.
+
+ Introduce WTF HexNumber.h
+ https://bugs.webkit.org/show_bug.cgi?id=56099
+
+ Introduce a set of functions that ease converting from a bye or a number to a hex string,
+ replacing several of these conversions and String::format("%x") usages all over WebCore.
+
+ * GNUmakefile.am: Add HexNumber.h to build.
+ * JavaScriptCore.exp: Export StringBuilder::reserveCapacity.
+ * JavaScriptCore.gypi: Add HexNumber.h to build.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export StringBuilder::reserveCapacity.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add HexNumber.h to build.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+ * wtf/CMakeLists.txt: Ditto.
+ * wtf/HexNumber.h: Added.
+ (WTF::Internal::hexDigitsForMode): Internal helper.
+ (WTF::appendByteAsHex): Free function, that appends a byte as hex string into a destination.
+ (WTF::placeByteAsHex): Ditto, but places the result using *foo++ = '..' or foo[index++] = '..'
+ (WTF::appendUnsignedAsHex): Free function, that appends a number as hex string into a destination.
+
+2011-03-24 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix take 2: Add new symobl.
+
+ (I should have used the EWS bots for this!)
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-03-24 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix take 1: Removed old symobl.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-03-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Ensure that all compilation takes place within a dynamic global object scope
+ https://bugs.webkit.org/show_bug.cgi?id=57054
+ <rdar://problem/9083011>
+
+ Otherwise, entry to the global object scope might throw away the code
+ we just compiled, causing a crash.
+
+ * JavaScriptCore.exp: Updated for signature change.
+
+ * debugger/Debugger.cpp:
+ (JSC::evaluateInGlobalCallFrame):
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls
+ here because (a) they took place outside a dynamic global object scope
+ and (b) they were redundant.
+
+ * interpreter/CachedCall.h:
+ (JSC::CachedCall::CachedCall): Updated for signature change.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct): Declare our dynamic global object
+ scope earlier, to ensure that compilation takes place within it.
+
+ * runtime/Completion.cpp:
+ (JSC::evaluate): Removed explicit compilation calls here because (a)
+ they took place outside a dynamic global object scope and (b) they were
+ redundant.
+
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::compile):
+ (JSC::ProgramExecutable::compile):
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to
+ verify our new invariant that all compilation takes place within a
+ dynamic global object scope.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
+ * runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope
+ to require a JSGlobalData instead of an ExecState* since it is often
+ easier to provide the former, and the latter was not necessary.
+
+2011-03-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear
+ https://bugs.webkit.org/show_bug.cgi?id=55671
+
+ This is no longer necessary, and it seems that with the new weakmap
+ model it's simply unsafe, so this reduces it to a no-op.
+
+ * API/JSWeakObjectMapRefPrivate.cpp:
+
+2011-03-24 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=20302
+ Correct implementation of signbit on Solaris
+
+ * wtf/MathExtras.h:
+ (signbit):
+
+2011-03-23 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Darin Adler.
+
+ <rdar://problem/7959320> Threads that use APIs above the BSD layer must be registered with the Obj-C GC.
+
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeCurrentThreadInternal):
+
+2011-03-23 Mark Rowe <mrowe@apple.com>
+
+ Stop setting OTHER_OPTIONS in JavaScriptCore's Makefile.
+
+ It's not necessary to pass "-target All" as xcodebuild always builds the
+ first target in the project unless otherwise specified. The presence of
+ that option also breaks "make clean" since that results in both the
+ -target and -alltargets options being passed to xcodebuild.
+
+ * Makefile:
+
+2011-03-23 Pavel Feldman <pfeldman@chromium.org>
+
+ Not reviewed: bring back Vector::contains that was removed as a part of roll back.
+
+ * wtf/Vector.h:
+ (WTF::::contains):
+
+2011-03-23 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r81686.
+ http://trac.webkit.org/changeset/81686
+ https://bugs.webkit.org/show_bug.cgi?id=56914
+
+ Breaks webkit_tests in Chromium again. (Requested by pfeldman
+ on #webkit).
+
+ * wtf/Vector.h:
+
+2011-03-23 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ JavaScriptCore GYP build should work on a case-sensitive file system
+ https://bugs.webkit.org/show_bug.cgi?id=56911
+
+ The issue is that there are two UString.h headers, one named UString.h
+ and one named ustring.h. This patch excludes ustring.h from the header
+ map to avoid confusion. While I was editing this part of the GYP file,
+ I cleaned up the exclude rules to be more modern.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-22 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ REGRESSION (r78382): No scripts appear in the Web Inspector's Scripts
+ panel on Windows, and many inspector regression tests are failing
+ https://bugs.webkit.org/show_bug.cgi?id=54490
+
+ The bug was caused by two different classes using the same name (Recompiler).
+
+ * debugger/Debugger.cpp:
+ * runtime/JSGlobalData.cpp:
+ (WTF::Recompiler::operator()): Put Recompiler in an anonymous namespace,
+ so our two recompilers' inline functions don't stomp each other at
+ link time.
+
+2011-03-22 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Mark Rowe.
+
+ Remove USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
+ <rdar://problem/8944718>
+
+ * DerivedSources.make:
+ Remove generation of USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
+
+2011-03-22 Gabor Loki <loki@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Add DFG module to build system (disabled by default).
+ https://bugs.webkit.org/show_bug.cgi?id=56845
+
+ * JavaScriptCore.pri:
+ * JavaScriptCore.pro:
+
+2011-03-22 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Add support to build-webkit for building with gyp-generated project files
+ https://bugs.webkit.org/show_bug.cgi?id=56877
+
+ Found a couple missing Private headers while trying to make WebCore build.
+
+ * JavaScriptCore.gypi:
+
+2011-03-22 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Make it possible to build JavaScriptCore and WebCore gyp builds outside of Source
+ https://bugs.webkit.org/show_bug.cgi?id=56867
+
+ This should make it possible to build the gyp-generated JavaScriptCore.xcodeproj
+ from a JavaScriptCore directory outside of Source.
+
+ * gyp/JavaScriptCore.gyp:
+ * gyp/run-if-exists.sh: Added.
+ * gyp/update-info-plist.sh: Added.
+
+2011-03-22 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Add Profiling Configuration to JavaScriptCore gyp build
+ https://bugs.webkit.org/show_bug.cgi?id=56862
+
+ It appears this is identical to Release, but I suspect
+ there is someone/thing who uses the Profiling target
+ so we're adding it for completeness.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Remove os_win32_files variable from the GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=56804
+
+ Now that our understanding of GYP is sufficiently advanced, we don't
+ need os_win32_files any more. (Turns out Eric was right, as he always
+ is.)
+
+ * JavaScriptCore.gypi:
+
+2011-03-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ GYP build of JavaScriptCore should be able to link from an empty WebKitBuild directory
+ https://bugs.webkit.org/show_bug.cgi?id=56803
+
+ Previously, we thought we should generate the derived source files in
+ the shared intermediate build products directory, but there are
+ assumptions built into other parts of the Mac build system that the
+ derived source files will be generated in a particular subdirectory of
+ the build products directory.
+
+ This patch is a partial revert of the change that moved the derived
+ source files to the shared intermediate directory. After this patch,
+ the GYP build can build JavaScriptCore without help from the main
+ normal build system.
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+ * gyp/generate-derived-sources.sh:
+ * gyp/generate-dtrace-header.sh:
+
+2011-03-22 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by David Levin.
+
+ Adding a contains method to Vector.
+ https://bugs.webkit.org/show_bug.cgi?id=55859
+
+ * wtf/Vector.h:
+ (WTF::Vector::contains):
+
+2011-03-22 Gabor Loki <loki@webkit.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Fix a bunch of typos in DFG.
+ https://bugs.webkit.org/show_bug.cgi?id=56813
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::parse):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::setSpilled):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::setupStubArguments):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::allocate):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::allocate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-03-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Production configuration in GYP isn&apos;t set up correctly
+ https://bugs.webkit.org/show_bug.cgi?id=56786
+
+ Update JavaScriptCore.gyp with information mined from
+ JavaScriptCore.xcodeproj.
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-22 Kent Tamura <tkent@chromium.org>
+
+ Reviewed by Eric Seidel.
+
+ REGRESSION(r80096): Number type input unexpectedly rounds fractional values
+ https://bugs.webkit.org/show_bug.cgi?id=56367
+
+ Introduce clampToInteger(unsigned).
+
+ * wtf/MathExtras.h:
+ (clampToInteger): Added.
+
+2011-03-21 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ GYP build should not have include paths that point within the source tree
+ https://bugs.webkit.org/show_bug.cgi?id=56788
+
+ Turns out we don't need these include paths anymore now that we have
+ header maps working properly.
+
+ * gyp/JavaScriptCore.gyp:
+ - Also, remove jsc.cpp from the excluded list because it's not part
+ of the jsc_files variable instead of the javascriptcore_files
+ variable.
+
+2011-03-21 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Solve the Assertions.cpp / -Wno-missing-format-attribute mystery
+ https://bugs.webkit.org/show_bug.cgi?id=56780
+
+ The reason we couldn't resolve this warning in the GYP build was that
+ the normal build disables this warning specifically for this file.
+ This patch takes the same approach as the previous patch to
+ WebCoreObjCExtras.mm in that it uses a pragma to suppress the warning
+ (rather than a build system configuration).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Remove the special-case for this file.
+ * gyp/JavaScriptCore.gyp:
+ - Remove the work-around for this issue.
+ * wtf/Assertions.cpp:
+ - Add a pragma disabling this warning for this file.
+
+2011-03-21 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ WebCore GYP build shouldn't crash on startup
+ https://bugs.webkit.org/show_bug.cgi?id=56776
+
+ Debug builds shouldn't define NDEBUG. This same logic exists in the
+ project.pbxproj file.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-21 Robert Kroeger <rjkroege@chromium.org>
+
+ Reviewed by Antonio Gomes.
+
+ Flag to enable/disable a GestureReocognizer framework
+
+ https://bugs.webkit.org/show_bug.cgi?id=49345
+
+ * wtf/Platform.h:
+
+2011-03-21 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add new files to JavaScriptCore.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=56766
+
+ * JavaScriptCore.gypi:
+
+2011-03-21 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r81377.
+ http://trac.webkit.org/changeset/81377
+ https://bugs.webkit.org/show_bug.cgi?id=56765
+
+ WebPageSerializerTest.MultipleFrames is broken (Requested by
+ simonjam on #webkit).
+
+ * wtf/Vector.h:
+
+2011-03-21 Gabor Loki <loki@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ Extend constant pool to be able to store 16 bit instructions with a constant
+ https://bugs.webkit.org/show_bug.cgi?id=46796
+
+ The putShortWithConstantInt function inserts a 16 bit instruction which
+ refers a 32 bits constant or literal. This is a vital function for those
+ target which loads a PC relative value with a 16 bit instruction (like
+ Thumb-2 instruction set and SH4 architecture).
+
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::putIntegral):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ * assembler/AssemblerBufferWithConstantPool.h:
+
+2011-03-21 Philippe Normand <pnormand@igalia.com>
+
+ Unreviewed, GTK distcheck build fix.
+
+ * GNUmakefile.am:
+
+2011-03-20 Bill Budge <bbudge@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Rename ThreadSafeShared to ThreadSafeRefCounted
+ https://bugs.webkit.org/show_bug.cgi?id=56714
+
+ No new tests. Exposes no new functionality.
+
+ * API/JSClassRef.h:
+ * API/OpaqueJSString.h:
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/Atomics.h:
+ * wtf/CMakeLists.txt:
+ * wtf/CrossThreadRefCounted.h:
+ (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
+ (WTF::::crossThreadCopy):
+ * wtf/ThreadSafeRefCounted.h: Copied from wtf/ThreadSafeShared.h.
+ (WTF::ThreadSafeRefCountedBase::ThreadSafeRefCountedBase):
+ (WTF::ThreadSafeRefCountedBase::ref):
+ (WTF::ThreadSafeRefCountedBase::refCount):
+ (WTF::ThreadSafeRefCountedBase::derefBase):
+ (WTF::ThreadSafeRefCounted::ThreadSafeRefCounted):
+ * wtf/ThreadSafeShared.h: Removed.
+ * wtf/Threading.h:
+
+2011-03-19 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Remove StringImpl::computeHash()
+ https://bugs.webkit.org/show_bug.cgi?id=49894
+
+ Replace remainig StringImpl::computeHash with StringImpl::computeHashStringHasher.
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::CStringTranslator::hash):
+ (WTF::UCharBufferTranslator::hash):
+ (WTF::HashAndCharactersTranslator::hash):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::setHash):
+ (WTF::StringImpl::hash):
+
+2011-03-19 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Rename WTF::StringHasher methods
+ https://bugs.webkit.org/show_bug.cgi?id=53532
+
+ Rename createHash to computeHash and createBlobHash to hashMemory.
+ Also add a using WTF::StringHasher in the header file.
+
+ * profiler/CallIdentifier.h:
+ (JSC::CallIdentifier::Hash::hash):
+ * runtime/Identifier.cpp:
+ (JSC::IdentifierCStringTranslator::hash):
+ (JSC::IdentifierUCharBufferTranslator::hash):
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::computeHash):
+ (WTF::StringHasher::hashMemory):
+ * wtf/text/StringHash.h:
+ (WTF::CaseFoldingHash::hash):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::computeHash):
+ * wtf/unicode/UTF8.cpp:
+ (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
+
+2011-03-18 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ [GTK] JSC crashes in 32bit Release bots after r80743
+ https://bugs.webkit.org/show_bug.cgi?id=56180
+
+ The crash was caused by referencing GC memory from a GC destructor. This
+ is not safe because destruction time / order is not guaranteed.
+
+ * profiler/ProfileGenerator.cpp:
+ (JSC::ProfileGenerator::create):
+ (JSC::ProfileGenerator::ProfileGenerator):
+ (JSC::ProfileGenerator::willExecute):
+ (JSC::ProfileGenerator::didExecute):
+ * profiler/ProfileGenerator.h:
+ (JSC::ProfileGenerator::origin): Made ExecState* the first argument,
+ to match the rest of this class and JSC.
+
+ Use a JSGlobalObject* instead of an ExecState* with an indirect reference
+ to a JSGlobalObject* to track our origin. This is simpler and more
+ efficient, and it removes the destruction order dependency that was causing
+ our crash.
+
+ * profiler/Profiler.cpp:
+ (JSC::Profiler::startProfiling): Updated for change to JSGlobalObject*.
+ (JSC::Profiler::stopProfiling): New function for stopping all profiles
+ for a given global object. This is more straight-forward than multiplexing
+ through the old function.
+
+ (JSC::dispatchFunctionToProfiles): Updated for change to JSGlobalObject*.
+ * profiler/Profiler.h: Ditto.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::~JSGlobalObject): Ditto.
+
+2011-03-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ 1 Structure leaked beneath JSGlobalData::storeVPtrs()
+ https://bugs.webkit.org/show_bug.cgi?id=56595
+
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::EvalExecutable):
+ (JSC::ProgramExecutable::ProgramExecutable):
+ (JSC::FunctionExecutable::FunctionExecutable):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::VPtrHackExecutable::VPtrHackExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable): Use a raw pointer instead of
+ PassRefPtr, like JSString does, since JSGlobalData owns the singleton
+ exectuable structure.
+
+2011-03-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Fixed some string leaks seen on the buildbot
+ https://bugs.webkit.org/show_bug.cgi?id=56619
+
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::~PropertyTable): DEref!
+
+2011-03-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Crash in JSC::MarkStack::drain Under Stress
+ https://bugs.webkit.org/show_bug.cgi?id=56470
+
+ We perform a number of gc allocations while when
+ we are setting up new globals in a piece of global
+ code. We do this by adding new properties to the
+ symbol table, and then expanding the storage to fit
+ at the end.
+
+ If a GC happens during this time we will report an
+ incorrect size for the global object's symbol table
+ storage.
+
+ This patch corrects this by growing the storage size
+ before we starting adding entries to the symbol table.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::resizeRegisters):
+
+2011-03-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ 1 Structure leaked beneath JSGlobalData::storeVPtrs()
+ https://bugs.webkit.org/show_bug.cgi?id=56595
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs): Take local ownership of the Structure
+ we're using, since the Executable is not designed to own the Structure.
+
+2011-03-17 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber Stamped by Sam Weinig.
+
+ Add missing register-register branchTest8 to MacroAssemblerX86Common/X86Assembler.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branchTest8):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::testb_rr):
+
+2011-03-17 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 56603 - DFG JIT related cleanup
+ Move node generation out to separate function, move binarySearch algorithm out
+ to StdLibExtras, fix Graph::dump() to print comma between non-node children,
+ even if there are no node children.
+
+ * bytecode/CodeBlock.h:
+ (JSC::getCallReturnOffset):
+ (JSC::CodeBlock::getStubInfo):
+ (JSC::CodeBlock::getCallLinkInfo):
+ (JSC::CodeBlock::getMethodCallLinkInfo):
+ (JSC::CodeBlock::bytecodeOffset):
+ - Move binaryChop to binarySearch in StdLibExtras
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parse):
+ (JSC::DFG::parse):
+ - Make m_noArithmetic a member, initialize m_currentIndex in the constructor.
+ * dfg/DFGByteCodeParser.h:
+ - Change parse() to not take a start index (always 0).
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ - Fix Graph::dump() to print comma between non-node children, even if there are no node children.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+ - Initialize m_compileIndex in constructor.
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ - Spilt out compilation of individual node.
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationConvertThis):
+ * dfg/DFGOperations.h:
+ - Cleanup parameter name.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ - Spilt out compilation of individual node.
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+ - Change parse() to not take a start index (always 0).
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+ - Move binaryChop to binarySearch in StdLibExtras
+
+2011-03-17 Anders Carlsson <andersca@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Fix clang build.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+
+2011-03-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ 1 Structure leaked beneath JSGlobalData::storeVPtrs()
+ https://bugs.webkit.org/show_bug.cgi?id=56595
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs): Now that we have an executable, we need
+ to explicitly run its destructor.
+
+2011-03-17 Jeff Miller <jeffm@apple.com>
+
+ Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj directories, specifically:
+
+ *.mode*
+ *.pbxuser
+ *.perspective*
+ project.xcworkspace
+ xcuserdata
+
+ * JavaScriptCore.xcodeproj: Modified property svn:ignore.
+
+2011-03-17 Gavin Barraclough <barraclough@apple.com>
+
+ Reverting r81197, breaks JIT + INTERPRETER build.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
+ (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addPropertyAccessInstruction):
+ (JSC::CodeBlock::addGlobalResolveInstruction):
+ (JSC::CodeBlock::addStructureStubInfo):
+ * bytecode/Opcode.h:
+ * bytecode/StructureStubInfo.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::emitCatch):
+
+2011-03-17 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add a COMPILER(SUNCC) define for Sun Studio 12.
+ https://bugs.webkit.org/show_bug.cgi?56444
+ derived from patch 1 of 16 originally from https://bugs.webkit.org/show_bug.cgi?id=24932
+
+ * wtf/Platform.h:
+
+2011-03-17 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by David Levin.
+
+ Adding a contains method to Vector.
+ https://bugs.webkit.org/show_bug.cgi?id=55859
+
+ * wtf/Vector.h:
+ (WTF::::operator):
+ (WTF::::contains):
+
+2011-03-17 Patrick Gansterer <paroga@webkit.org>
+
+ Fix the interpreter build.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Added globalData to inheritorID().
+
+2011-03-16 Sam Weinig <sam@webkit.org>
+
+ Fix the interpreter build.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::resolve):
+ (JSC::Interpreter::resolveSkip):
+ (JSC::Interpreter::resolveGlobal):
+ (JSC::Interpreter::resolveGlobalDynamic):
+ (JSC::Interpreter::resolveBaseAndProperty):
+ (JSC::Interpreter::privateExecute):
+ Remove .get()s.
+
+2011-03-16 Adam Barth <abarth@webkit.org>
+
+ Reviewed by James Robinson.
+
+ Remove USE(BUILTIN_UTF8_CODEC)
+ https://bugs.webkit.org/show_bug.cgi?id=56508
+
+ We added this recently when we were unsure about the stability of the
+ built-in UTF-8 codec. However, the codec seems to be stable, so we
+ don't need the macro.
+
+ * wtf/Platform.h:
+
+2011-03-16 Daniel Bates <dbates@rim.com>
+
+ Reviewed by Darin Adler.
+
+ Make JIT build for ARM Thumb-2 with RVCT
+ https://bugs.webkit.org/show_bug.cgi?id=56440
+
+ Derived from a patch by Dave Tapuska.
+
+ Also, modify the RVCT stub template to indicate that it preserves 8 byte stack alignment.
+
+ * jit/JITStubs.cpp:
+
+2011-03-16 Chao-ying Fu <fu@mips.com>
+
+ Reviewed by Darin Adler.
+
+ Fix MIPS build with const *void
+ https://bugs.webkit.org/show_bug.cgi?id=56513
+
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load32):
+ (JSC::MacroAssemblerMIPS::store32):
+
+2011-03-16 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Remove unnecessary caller tracking shenanigans from CodeBlock
+ https://bugs.webkit.org/show_bug.cgi?id=56483
+
+ This removes some leftover cruft from when we made CodeBlock
+ mark its callees. Removing it gives us a 0.7% progression,
+ reducing the overall regression to ~1.3%.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shrinkToFit):
+ * bytecode/CodeBlock.h:
+ (JSC::CallLinkInfo::CallLinkInfo):
+ * jit/JIT.cpp:
+ (JSC::JIT::linkCall):
+ (JSC::JIT::linkConstruct):
+
+2011-03-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make Structure creation require a JSGlobalData
+ https://bugs.webkit.org/show_bug.cgi?id=56438
+
+ Mechanical change to make Structure::create require JSGlobalData&, and
+ require all users to provide the globalData.
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::createStructure):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::createStructure):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ * API/JSContextRef.cpp:
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::createStructure):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (GlobalObject::GlobalObject):
+ (functionRun):
+ (jscmain):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createStructure):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::createStructure):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::createStructure):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::createStructure):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::createStructure):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::createStructure):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::createStructure):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::createStructure):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::createStructure):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ * runtime/JSArray.h:
+ (JSC::JSArray::createStructure):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::createStructure):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::createDummyStructure):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::createStructure):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::createStructure):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::createInheritorID):
+ * runtime/JSObject.h:
+ (JSC::JSObject::createStructure):
+ (JSC::JSNonFinalObject::createStructure):
+ (JSC::JSFinalObject::createStructure):
+ (JSC::createEmptyObjectStructure):
+ (JSC::JSObject::inheritorID):
+ * runtime/JSObjectWithGlobalObject.h:
+ (JSC::JSObjectWithGlobalObject::createStructure):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::createStructure):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::createStructure):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::createStructure):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::createStructure):
+ * runtime/MathObject.h:
+ (JSC::MathObject::createStructure):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::createStructure):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::createStructure):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::createStructure):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::createStructure):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StringObject.h:
+ (JSC::StringObject::createStructure):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::createStructure):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+
+2011-03-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Some conservative root gathering cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=56447
+
+ SunSpider says 0.5% - 1.8% faster.
+
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots):
+ * interpreter/RegisterFile.h: New helper function for doing the
+ conservative gathering of the register file. It's still conservative,
+ since the register file may contain uninitialized values, but it's
+ moving-safe, because it only visits values tagged as pointers, so there's
+ no risk of mistaking an integer for a pointer and accidentally changing it.
+
+ * runtime/ConservativeSet.cpp:
+ (JSC::ConservativeRoots::add):
+ * runtime/ConservativeSet.h: Added a single-value add function, used above.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots): Separated machine stack conservative roots from
+ register file conservative roots because machine stack roots must be
+ pinned, but register file roots need not be pinned.
+
+ Adopted new interface for passing the current stack extent to the machine
+ stack root gathering routine. This allows us to exclude marking-related
+ data structures on the stack, and thus avoid double-marking the set of
+ machine roots.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::MachineThreads::gatherFromCurrentThread):
+ (JSC::MachineThreads::gatherConservativeRoots):
+ * runtime/MachineStackMarker.h: Added new interface, described above.
+
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::firstAtom):
+ * wtf/StdLibExtras.h:
+ (WTF::roundUpToMultipleOf): Moved roundUpToMultipleOf so it could be used
+ by MachineStacks.
+
+2011-03-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A little bit of MarkStack cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=56443
+
+ Moved MarkStack functions into MarkStack.h/.cpp.
+
+ SunSpider reports no change.
+
+ * runtime/JSArray.h:
+ * runtime/JSCell.h: Moved from here...
+ * runtime/MarkStack.cpp:
+ (JSC::MarkStack::markChildren):
+ (JSC::MarkStack::drain): ...to here. Also, no need to inline drain. It's
+ a huge function, and not called many times.
+
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::~MarkStack): Moved near constructor, per style guide.
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::deprecatedAppend):
+ (JSC::MarkStack::internalAppend): Moved to here.
+
+2011-03-15 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed another deprecatedAppend
+ https://bugs.webkit.org/show_bug.cgi?id=56429
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::markStrongHandles):
+ * collector/handles/HandleHeap.h: Use HeapRootMarker, since handles are
+ marked directly by the Heap.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots): Ditto.
+
+2011-03-15 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed some more deprecated / unsafe append
+ https://bugs.webkit.org/show_bug.cgi?id=56428
+
+ * collector/handles/HandleStack.cpp:
+ (JSC::HandleStack::mark):
+ * collector/handles/HandleStack.h: Mark the handle stack using a HeapRoot
+ marker, since it's a heap root.
+
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::markLists):
+ (JSC::MarkedArgumentBuffer::slowAppend):
+ * runtime/ArgList.h: Ditto.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots): Added a mark call for marking the handle stack.
+ It seems like Oliver forgot this in his last patch. (!)
+
+ * runtime/MarkStack.h: Removed appendSlots, since it would allow an
+ object to embed JSValues directly instead of using WriteBarrier.
+
+ (JSC::MarkStack::append): Added a private append for a list of values.
+
+ (JSC::HeapRootMarker::mark): Access to the above.
+
+2011-03-15 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed a few more deprecatedAppends, and removed HeapRoot<T>
+ https://bugs.webkit.org/show_bug.cgi?id=56422
+
+ Added HeapRootMarker, a privileged class for marking direct heap roots
+ that are iterated during each garbage collection. This is easier to use
+ and more reliable than HeapRoot<T>, so I've removed HeapRoot<T>.
+
+ * debugger/Debugger.cpp:
+ (JSC::evaluateInGlobalCallFrame):
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::evaluate):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::exception):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Completion.cpp:
+ (JSC::evaluate): exception is no longer a HeapRoot<T>, so no need to
+ call .get() on it.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markProtectedObjects):
+ (JSC::Heap::markTempSortVectors):
+ (JSC::Heap::markRoots):
+ * runtime/Heap.h: Updated to use HeapRootMarker.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkStack::append): Added private functions for
+ HeapRootMarker to use.
+
+ * runtime/JSGlobalData.h: exception is no longer a HeapRoot<T>.
+
+ * runtime/MarkStack.h:
+ (JSC::HeapRootMarker::HeapRootMarker):
+ (JSC::HeapRootMarker::mark): Added private functions for
+ HeapRootMarker to use.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::markChildren): Updated to use HeapRootMarker.
+
+ * runtime/SmallStrings.h:
+ (JSC::SmallStrings::emptyString):
+ (JSC::SmallStrings::singleCharacterString):
+ (JSC::SmallStrings::singleCharacterStrings): Updated to use HeapRootMarker.
+
+ * runtime/WriteBarrier.h: Removed HeapRoot<T>.
+
+2011-03-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Made the global object moving-GC-safe
+ https://bugs.webkit.org/show_bug.cgi?id=56348
+
+ SunSpider reports no change.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
+ suggested we do not need to visit all our references during GC, since
+ that is not true in a moving GC.
+
+ Re-sorted data members by type, removed one duplicate, and added back
+ the one missing mark I found.
+
+ * runtime/JSGlobalObject.h: Re-sorted data members by type.
+
+2011-03-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Introduce Local<T> to allow us to start moving to precise marking of locals
+ https://bugs.webkit.org/show_bug.cgi?id=56394
+
+ Introduce a new handle type, Local<T> and a scoping mechanism
+ LocalScope to allow us to start moving towards precise marking
+ of temporaries and local variables.
+
+ We also start to use the new Local<> type in the JSON stringifier
+ so that we can have some coverage of their behaviour in the initial
+ checkin.
+
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * collector/handles/Handle.h:
+ (JSC::::asObject):
+ * collector/handles/HandleStack.cpp: Added.
+ (JSC::HandleStack::HandleStack):
+ (JSC::HandleStack::mark):
+ (JSC::HandleStack::grow):
+ * collector/handles/HandleStack.h: Added.
+ (JSC::HandleStack::enterScope):
+ (JSC::HandleStack::zapTo):
+ (JSC::HandleStack::leaveScope):
+ (JSC::HandleStack::push):
+ * collector/handles/Local.h: Added.
+ (JSC::Local::internalSet):
+ (JSC::::Local):
+ (JSC::::operator):
+ (JSC::LocalStack::LocalStack):
+ (JSC::LocalStack::peek):
+ (JSC::LocalStack::pop):
+ (JSC::LocalStack::push):
+ (JSC::LocalStack::isEmpty):
+ (JSC::LocalStack::size):
+ * collector/handles/LocalScope.h: Added.
+ (JSC::LocalScope::LocalScope):
+ (JSC::LocalScope::~LocalScope):
+ (JSC::LocalScope::release):
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/Heap.h:
+ (JSC::Heap::allocateLocalHandle):
+ (JSC::Heap::handleStack):
+ * runtime/JSCell.h:
+ (JSC::JSCell::::getString):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::allocateLocalHandle):
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::stringify):
+ (JSC::Stringifier::appendStringifiedValue):
+ (JSC::Stringifier::Holder::Holder):
+ (JSC::Walker::Walker):
+ (JSC::Walker::walk):
+ (JSC::JSONProtoFuncParse):
+ (JSC::JSONProtoFuncStringify):
+ (JSC::JSONStringify):
+ * runtime/JSONObject.h:
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::appendValues):
+ (JSC::MarkStack::appendSlots):
+
+2011-03-15 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber Stamped by Sam Weinig.
+
+ Bug 56420 - Remove ENABLE(JIT) code from ByteCompiler
+ Some methods have unnecessary differences in name/arguments for interpreter/JIT.
+
+ * bytecode/CodeBlock.cpp:
+ * bytecode/CodeBlock.h:
+ (JSC::HandlerInfo::HandlerInfo):
+ (JSC::CodeBlock::addPropertyAccessInfo):
+ (JSC::CodeBlock::addGlobalResolveInfo):
+ (JSC::CodeBlock::addCallLinkInfo):
+ (JSC::CodeBlock::globalResolveInfo):
+ * bytecode/Opcode.h:
+ * bytecode/StructureStubInfo.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::emitCatch):
+
+2011-03-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Fix broken assert in new code.
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordPutByVal):
+ - recordPutByVal is called for both PutByVal & PutByValAlias.
+
+2011-03-15 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Sam Weinig.
+
+ Removed redundant code from BytecodeGenerator.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ * bytecompiler/BytecodeGenerator.h:
+ - delete uncalled code missed when reparsing was removed.
+
+2011-03-15 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Darin Adler.
+
+ Introduce WTF_USE_EXPORT_MACROS, which will allow us to put shared library import/export
+ info into the headers rather than in export symbol definition files, but disable it on
+ all platforms initially so we can deal with port build issues one port at a time.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * API/JSBase.h:
+ * config.h:
+ * wtf/Assertions.h:
+ * wtf/ExportMacros.h: Added.
+ * wtf/Platform.h:
+
+2011-03-14 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ Unreviewed build fix.
+
+ Buildfix when JIT is not enabled after r81079
+ https://bugs.webkit.org/show_bug.cgi?id=56361
+
+ * runtime/Executable.cpp:
+
+2011-03-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Made the global object moving-GC-safe
+ https://bugs.webkit.org/show_bug.cgi?id=56348
+
+ SunSpider reports no change.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
+ suggested we do not need to visit all our references during GC, since
+ that is not true in a moving GC.
+
+ Re-sorted data members by type, removed one duplicate, and added back
+ the one missing mark I found.
+
+ * runtime/JSGlobalObject.h: Re-sorted data members by type.
+
+2011-03-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Made JSWrapperObject and subclasses moving-GC-safe
+ https://bugs.webkit.org/show_bug.cgi?id=56346
+
+ SunSpider reports no change.
+
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance): No more need for JSGlobalData, since
+ we don't initialize the wrapped value in our constructor.
+
+ * runtime/DateInstance.h: Don't set the OverridesMarkChildren flag because
+ we do not in fact override markChildren.
+
+ * runtime/DatePrototype.h: Declare an anonymous slot, since wrapper object
+ no longer does so for us. Also added an ASSERT to catch a latent bug,
+ where DatePrototype stomped on its base class's anonymous slot. Hard-coded
+ anonymous slots are a plague on our code. This doesn't cause any problems
+ in our existing code since the base class never reads the anonymous slot
+ it declares, but it caused crashes when I tried to start using the slot
+ in an initial version of this patch.
+
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::JSWrapperObject):
+ (JSC::JSWrapperObject::internalValue):
+ (JSC::JSWrapperObject::setInternalValue): Resolved a problem where
+ our internal value was stored in two places: an anonymous slot, and a
+ data member which was not always visited during GC. Now, we only use the
+ data member, and we always visit it. (Instead of relying on certain
+ subclasses to set the OverridesMarkChildren bit, we set it ourselves.)
+
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject): No more need for JSGlobalData, since
+ we don't initialize the wrapped value in our constructor.
+
+ * runtime/NumberObject.h: Removed meaningless declaration.
+
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject): No more need for JSGlobalData, since
+ we don't initialize the wrapped value in our constructor.
+
+ * runtime/StringObject.h: Don't set the OverridesMarkChildren flag because
+ we do not in fact override markChildren.
+
+ * runtime/StringPrototype.h: Declare an anonymous slot, since wrapper object
+ no longer does so for us. Also added an ASSERT to catch a latent bug,
+ where DatePrototype stomped on its base class's anonymous slot. Hard-coded
+ anonymous slots are a plague on our code.
+
+2011-03-14 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Look-ahead assertions with back references don’t work as expected
+ https://bugs.webkit.org/show_bug.cgi?id=56082
+
+ Changed parentheses assertion processing to temporarily back out the
+ number of known characters after the assertion while processing the
+ assertion. This was done so that assertions don't fail due to
+ checking the number of required characters as additional to the
+ rest of the express since assertions don't "consume" input.
+ Added a byte code to uncheck characters to support the change.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::matchDisjunction):
+ (JSC::Yarr::ByteCompiler::uncheckInput):
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+ * yarr/YarrInterpreter.h:
+ (JSC::Yarr::ByteTerm::UncheckInput):
+
+2011-03-14 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] Warning that round/roundf functions are already defined when compiled with RVCT 4 on symbian.
+ https://bugs.webkit.org/show_bug.cgi?id=56133
+
+ Add condition to not compile webkit internal math round functions on RVCT compiler versions
+ from 3.0.0 because they are already defined in compiler math library.
+
+ * wtf/MathExtras.h:
+
+2011-03-14 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoffrey Garen & Oliver Hunt.
+
+ Bug 56284 - Add a dataflow intermediate representation for use in JIT generation.
+
+ The JSC JIT presently generates code directly from the bytecode used by the interpreter.
+ This is not an optimal intermediate representation for JIT code generation, since it does
+ not capture liveness information of values, and provides little opportunity to perform
+ any static analysis for even primitive types. The JIT currently generates two code paths,
+ a fast path handling common cases, and a slower path handling less common operand types.
+ However the slow path jumps back into the fast path, meaning that information arising
+ from the earlier type checks cannot be propagated to later operations.
+
+ This patch adds:
+ * a dataflow intermediate representation capable of describing a single basic block
+ of operations,
+ * a mechanism to convert a simple, single-block bytecode functions to the new IR,
+ * and a JIT code generator capable of generating code from this representation.
+
+ The JIT generates two code paths, with the slower path not reentering the fast path
+ mid-block, allowing speculative optimizations to be made on the hot path, with type
+ information arising from these speculative decisions able to be propagated through the
+ dataflow. Code generation of both speculative and non-speculative paths exploits the type
+ and liveness information represented in the dataflow graph to attempt to avoid redundant
+ boxing and type-checking of values, and to remove unnecessary spills of temporary values
+ to the RegisterFile.
+
+ The dataflow JIT currently can only support a subset of bytecode operations, limited to
+ arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the
+ dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be
+ expanded to include, control-flow, function calls, and then the long-tail of remaining
+ bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of
+ this only supports x86-64.
+
+ The status of the dataflow JIT is currently work-in-progress. Limitations of the present
+ JIT code generation may cause performance regressions, particularly:
+ * the policy to only generate arithmetic code on the speculative path using integer
+ instructions, never using floating point.
+ * the policy to only generate arithmetic code on the non-speculative path using
+ floating point instructions, never using integer.
+ * always generating JSValue adds on the non-speculative path as a call out to a
+ C-function, never handling this in JIT code.
+ * always assuming by-Value property accesses on the speculative path to be array
+ accesses.
+ * generating all by-Value property accesses from the non-speculative path as a call
+ out to a C-function.
+ * generating all by-Indentifer property accesses as a call out to a C-function.
+ Due to these regressions, the code is landed in a state where it is disabled in most
+ cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are
+ addressed, the JIT will be allowed to trigger in more cases.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Added new files to Xcode project.
+ * dfg: Added.
+ - Added directory for new code.
+ * dfg/DFGByteCodeParser.cpp: Added.
+ * dfg/DFGByteCodeParser.h: Added.
+ - Contruct a DFG::Graph representation from a bytecode CodeBlock.
+ * dfg/DFGGenerationInfo.h: Added.
+ - Track type & register information for VirtualRegisters during JIT code generation.
+ * dfg/DFGGraph.cpp: Added.
+ * dfg/DFGGraph.h: Added.
+ - Dataflow graph intermediate representation for code generation.
+ * dfg/DFGJITCodeGenerator.cpp: Added.
+ * dfg/DFGJITCodeGenerator.h: Added.
+ - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality.
+ * dfg/DFGJITCompiler.cpp: Added.
+ * dfg/DFGJITCompiler.h: Added.
+ - Class responsible for driving code generation of speculativeJIT & non-speculative
+ code paths from the dataflow graph.
+ * dfg/DFGNonSpeculativeJIT.cpp: Added.
+ * dfg/DFGNonSpeculativeJIT.h: Added.
+ - Used to generate the non-speculative code path, this make no assumptions
+ about operand types.
+ * dfg/DFGOperations.cpp: Added.
+ * dfg/DFGOperations.h: Added.
+ - Helper functions called from the JIT generated code.
+ * dfg/DFGRegisterBank.h: Added.
+ - Used to track contents of physical registers during JIT code generation.
+ * dfg/DFGSpeculativeJIT.cpp: Added.
+ * dfg/DFGSpeculativeJIT.h: Added.
+ - Used to generate the speculative code path, this make assumptions about
+ operand types to enable optimization.
+ * runtime/Executable.cpp:
+ - Add code to attempt to use the DFG JIT to compile a function, with fallback
+ to the existing JIT.
+ * wtf/Platform.h:
+ - Added compile guards to enable the DFG JIT.
+
+2011-03-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed more cases of DeprecatedPtr (exception, SmallStrings)
+ https://bugs.webkit.org/show_bug.cgi?id=56332
+
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::add):
+ (JSC::Identifier::addSlowCase): Use a variable instead of a hard-coded
+ constant, to make this code less brittle.
+
+ * runtime/JSGlobalData.h: Use HeapRoot instead of DeprecatedPtr because
+ this reference is owned and managed directly by the heap.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::substringFromRope):
+ * runtime/JSString.h:
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsString):
+ (JSC::jsStringWithFinalizer):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString): Use a variable instead of a hard-coded
+ constant, to make this code less brittle.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStringsStorage::rep):
+ (JSC::SmallStringsStorage::SmallStringsStorage):
+ (JSC::SmallStrings::SmallStrings):
+ (JSC::SmallStrings::markChildren):
+ (JSC::SmallStrings::clear):
+ (JSC::SmallStrings::count): Use a variable instead of a hard-coded
+ constant, to make this code less brittle.
+
+ * runtime/SmallStrings.h:
+ (JSC::SmallStrings::singleCharacterString): Use HeapRoot instead of
+ DeprecatedPtr because these references are owned and managed directly by
+ the heap.
+
+ Stop using FixedArray because we only want a very limited set
+ of classes to be able to use HeapRoot. (Replaced with manual ASSERTs.)
+
+ * runtime/WriteBarrier.h:
+ (JSC::operator==):
+ (JSC::WriteBarrier::WriteBarrier):
+ (JSC::HeapRoot::HeapRoot):
+ (JSC::HeapRoot::operator=): Added HeapRoot, which is allowed to set
+ without write barrier because we assume all HeapRoots are scanned during
+ all GC passes.
+
+2011-03-14 Brian Weinstein <bweinstein@apple.com>
+
+ Reviewed by Adam Roben and Gavin Barraclough.
+
+ FileSystemWin.cpp needs listDirectory() implementation
+ https://bugs.webkit.org/show_bug.cgi?id=56331
+ <rdar://problem/9126635>
+
+ Give StringConcatenate the ability to deal with const UChar*'s as a String type to append.
+
+ * wtf/text/StringConcatenate.h:
+
+2011-03-14 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ <http://webkit.org/b/56304> REGRESSION(r80892): 100,000+ leaks seen on the build bot
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::OpaqueJSClass): Don't leak any existing entry for the given name if
+ the class definition contains duplicates. This also removes what look to be leaks
+ of the StringImpl instances that are used as keys: the HashMap key type is a RefPtr
+ which retains / releases the instances at the appropriate time, so explicitly calling
+ ref is not necessary.
+
+2011-03-14 Oliver Hunt <oliver@apple.com>
+
+ Fix windows build
+
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::emitLoadInt32):
+ (JSC::JSInterfaceJIT::tagFor):
+ (JSC::JSInterfaceJIT::payloadFor):
+ (JSC::JSInterfaceJIT::intPayloadFor):
+ (JSC::JSInterfaceJIT::intTagFor):
+ (JSC::JSInterfaceJIT::addressFor):
+
+2011-03-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Ensure all values are correctly tagged in the registerfile
+ https://bugs.webkit.org/show_bug.cgi?id=56214
+
+ This patch makes sure that all JSCell pointers written to
+ the registerfile are correctly tagged as JSCells, and replaces
+ raw int usage with the immediate representation.
+
+ For performance, register pressure, and general saneness reasons
+ I've added abstractions for reading and writing the tag
+ and payload of integer registers directly for the JSVALUE64
+ encoding.
+
+ * interpreter/Register.h:
+ (JSC::Register::withInt):
+ (JSC::Register::withCallee):
+ (JSC::Register::operator=):
+ (JSC::Register::i):
+ (JSC::Register::activation):
+ (JSC::Register::function):
+ (JSC::Register::propertyNameIterator):
+ (JSC::Register::scopeChain):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitPutToCallFrameHeader):
+ (JSC::JIT::emitPutCellToCallFrameHeader):
+ (JSC::JIT::emitPutIntToCallFrameHeader):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_load_varargs):
+ (JSC::JIT::emitSlow_op_load_varargs):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::intPayloadFor):
+ (JSC::JSInterfaceJIT::intTagFor):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::returnJSValue):
+ (JSC::SpecializedThunkJIT::returnDouble):
+ (JSC::SpecializedThunkJIT::returnInt32):
+ (JSC::SpecializedThunkJIT::returnJSCell):
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ A few Heap-related renames (sans file moves, which should come next)
+ https://bugs.webkit.org/show_bug.cgi?id=56283
+
+ ConservativeSet => ConservativeRoots. "Set" was misleading, since items
+ are not uniqued. Also, "Roots" is more specific about what's in the set.
+
+ MachineStackMarker => MachineThreads. "Threads" is more descriptive of
+ the fact that this class maintains a set of all threads using JSC.
+ "Stack" was misleading, since this class traverses stacks and registers.
+ "Mark" was misleading, since this class doesn't mark anything anymore.
+
+ registerThread => addCurrentThread. "Current" is more specific.
+ unregisterThread => removeCurrentThread. "Current" is more specific.
+
+ "currentThreadRegistrar" => threadSpecific. The only point of this data
+ structure is to register a thread-specific destructor with a pointer to
+ this.
+
+ "mark...Conservatively" => "gather". "Mark" is not true, since these
+ functions don't mark anything. "Conservatively" is redundant, since they
+ take "ConservativeRoots" as an argument.
+
+ * API/APIShims.h:
+ (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
+ * JavaScriptCore.exp:
+ * runtime/ConservativeSet.cpp:
+ (JSC::ConservativeRoots::grow):
+ (JSC::ConservativeRoots::add):
+ * runtime/ConservativeSet.h:
+ (JSC::ConservativeRoots::ConservativeRoots):
+ (JSC::ConservativeRoots::~ConservativeRoots):
+ (JSC::ConservativeRoots::size):
+ (JSC::ConservativeRoots::roots):
+ * runtime/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::markRoots):
+ * runtime/Heap.h:
+ (JSC::Heap::machineThreads):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::makeUsableFromMultipleThreads):
+ * runtime/MachineStackMarker.cpp:
+ (JSC::MachineThreads::MachineThreads):
+ (JSC::MachineThreads::~MachineThreads):
+ (JSC::MachineThreads::makeUsableFromMultipleThreads):
+ (JSC::MachineThreads::addCurrentThread):
+ (JSC::MachineThreads::removeThread):
+ (JSC::MachineThreads::removeCurrentThread):
+ (JSC::MachineThreads::gatherFromCurrentThreadInternal):
+ (JSC::MachineThreads::gatherFromCurrentThread):
+ (JSC::MachineThreads::gatherFromOtherThread):
+ (JSC::MachineThreads::gatherConservativeRoots):
+ * runtime/MachineStackMarker.h:
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append):
+
+2011-03-13 David Kilzer <ddkilzer@apple.com>
+
+ BUILD FIX for armv7 after r80969
+
+ Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
+ <https://bugs.webkit.org/show_bug.cgi?id=56270>
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load32): Made void* address argument
+ const.
+ (JSC::MacroAssemblerARMv7::store32): Ditto.
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Not reviewed.
+
+ Try to fix the Mac build.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Make sure to forward
+ ConervativeSet.h, since it's now visible when compiling other projects.
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed another case of DeprecatedPtr (ConservativeSet)
+ https://bugs.webkit.org/show_bug.cgi?id=56281
+
+ The ConservativeSet is an internal data structure used during marking,
+ so direct pointers are fine.
+
+ * runtime/ConservativeSet.cpp:
+ (JSC::ConservativeSet::grow):
+ * runtime/ConservativeSet.h: Added some accessors, for use by MarkStack::append.
+ (JSC::ConservativeSet::~ConservativeSet): Fixed a typo where we calculated
+ the size of the set based on sizeof(DeprecatedPtr<T>*) instead of
+ sizeof(DeprecatedPtr<T>). I'm not sure if this had real-world implications or not.
+ (JSC::ConservativeSet::size):
+ (JSC::ConservativeSet::set): Use direct pointers, as stated above.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append): Created a special case of append for
+ ConservativeSet. I didn't want to add back a generic "append JSCell*"
+ function, since other class might start using that wrong. (In the end,
+ this function might go away, since the Heap will want to do something
+ slightly more interesting with the conservative set, but this is OK for
+ now.)
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed another case of DeprecatedPtr (PutPropertySlot)
+ https://bugs.webkit.org/show_bug.cgi?id=56278
+
+ * runtime/PutPropertySlot.h:
+ (JSC::PutPropertySlot::setExistingProperty):
+ (JSC::PutPropertySlot::setNewProperty):
+ (JSC::PutPropertySlot::base): Direct pointer is fine for PutPropertySlot,
+ since it's a stack-allocated temporary.
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed one case of DeprecatedPtr (ScopeChainIterator)
+ https://bugs.webkit.org/show_bug.cgi?id=56277
+
+ * runtime/ScopeChain.h: Direct pointer is fine for ScopeChainIterator,
+ since it's a stack-allocated temporary.
+
+2011-03-13 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 56273 - Add three operand forms to MacroAssember operations.
+
+ Adding for X86(_64) for now, should be rolled out to other backends as necessary.
+ These may allow more efficient code generation in some cases, avoiding the need
+ for unnecessary register-register move instructions.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Jump::link):
+ (JSC::AbstractMacroAssembler::Jump::linkTo):
+ - marked these methods const.
+ (JSC::AbstractMacroAssembler::Jump::isSet):
+ - add a method to check whether a Jump object has been set to
+ reference an instruction, or is in a null, unset state.
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+ - add non-explicit constructor, for FunctionPtr's to C/C++ functions.
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::and32):
+ (JSC::MacroAssemblerX86Common::lshift32):
+ (JSC::MacroAssemblerX86Common::or32):
+ (JSC::MacroAssemblerX86Common::rshift32):
+ (JSC::MacroAssemblerX86Common::urshift32):
+ (JSC::MacroAssemblerX86Common::xor32):
+ (JSC::MacroAssemblerX86Common::moveDouble):
+ (JSC::MacroAssemblerX86Common::addDouble):
+ (JSC::MacroAssemblerX86Common::divDouble):
+ (JSC::MacroAssemblerX86Common::subDouble):
+ (JSC::MacroAssemblerX86Common::mulDouble):
+ (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
+ (JSC::MacroAssemblerX86Common::branchTest32):
+ (JSC::MacroAssemblerX86Common::branchTest8):
+ (JSC::MacroAssemblerX86Common::branchAdd32):
+ (JSC::MacroAssemblerX86Common::branchMul32):
+ (JSC::MacroAssemblerX86Common::branchSub32):
+ - add three operand forms of these instructions.
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::addDouble):
+ (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
+ (JSC::MacroAssemblerX86_64::loadPtr):
+ (JSC::MacroAssemblerX86_64::branchTestPtr):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::JmpSrc::isSet):
+ - add a method to check whether a JmpSrc object has been set to
+ reference an instruction, or is in a null, unset state.
+ (JSC::X86Assembler::movsd_rr):
+ - added FP register-register move.
+ (JSC::X86Assembler::linkJump):
+ - Add an assert to check jumps aren't linked more than once.
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadInt32ToDouble):
+ - load integers to the FPU via regsiters on x86-64.
+
+2011-03-13 Gavin Barraclough <barraclough@apple.com>
+
+ ARM build fix.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load32):
+
+2011-03-13 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
+
+ The JIT need to 'friend' other classes in order to be able to calculate offsets
+ of various properties, or the absolute addresses of members within specific objects,
+ in order to JIT generate code that will access members within the class when run.
+
+ Instead of using friends in these cases, switch to providing specific accessor
+ methods to provide this information. In the case of offsets, these can be static
+ functions, and in the case of pointers to members within a specific object these can
+ be const methods returning pointers to const values, to prevent clients from
+ modifying values otherwise encapsulated within classes.
+
+ * bytecode/SamplingTool.h:
+ * interpreter/Register.h:
+ * interpreter/RegisterFile.h:
+ * runtime/JSArray.h:
+ * runtime/JSCell.h:
+ * runtime/JSTypeInfo.h:
+ * runtime/JSVariableObject.h:
+ * runtime/Structure.h:
+ * wtf/RefCounted.h:
+ - Change these classes to no longer friend the JIT, add accessors for member offsets.
+ * jit/JIT.cpp:
+ * jit/JITCall32_64.cpp:
+ * jit/JITInlineMethods.h:
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITPropertyAccess.cpp:
+ * jit/JITPropertyAccess32_64.cpp:
+ - Change the JIT to use class accessors, rather than taking object ofsets directly.
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/MacroAssemblerX86_64.h:
+ * assembler/X86Assembler.h:
+ - Since the accessors for objects members return const pointers to retain encapsulation,
+ methods generating code with absolute addresses must be able to handle const pointers
+ (the JIT doesn't write to these values, do dies treat the pointer to value as const
+ from within the C++ code of the JIT, if not at runtime!).
+
+2011-03-12 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r80919.
+ http://trac.webkit.org/changeset/80919
+ https://bugs.webkit.org/show_bug.cgi?id=56251
+
+ all windows bots failed to compile this change (Requested by
+ loislo on #webkit).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/StructureStubInfo.cpp:
+ * interpreter/Register.h:
+ (JSC::Register::withInt):
+ (JSC::Register::withCallee):
+ (JSC::Register::operator=):
+ (JSC::Register::i):
+ (JSC::Register::activation):
+ (JSC::Register::function):
+ (JSC::Register::propertyNameIterator):
+ (JSC::Register::scopeChain):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitPutToCallFrameHeader):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_load_varargs):
+ (JSC::JIT::emitSlow_op_load_varargs):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::payloadFor):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::returnJSValue):
+ (JSC::SpecializedThunkJIT::returnDouble):
+ (JSC::SpecializedThunkJIT::returnInt32):
+ (JSC::SpecializedThunkJIT::returnJSCell):
+ * runtime/ArgList.cpp:
+ * runtime/DateConversion.cpp:
+ * runtime/GCActivityCallbackCF.cpp:
+ * runtime/Identifier.cpp:
+ * runtime/JSActivation.h:
+ (JSC::asActivation):
+ * runtime/JSLock.cpp:
+ * runtime/JSNumberCell.cpp:
+ * runtime/JSObject.h:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSValue.h:
+ * runtime/JSZombie.cpp:
+ * runtime/MarkedBlock.cpp:
+ * runtime/MarkedSpace.cpp:
+ * runtime/PropertyNameArray.cpp:
+ * runtime/ScopeChain.h:
+ (JSC::ExecState::globalThisValue):
+ * wtf/DateMath.cpp:
+
+2011-03-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Ensure all values are correctly tagged in the registerfile
+ https://bugs.webkit.org/show_bug.cgi?id=56214
+
+ This patch makes sure that all JSCell pointers written to
+ the registerfile are correctly tagged as JSCells, and replaces
+ raw int usage with the immediate representation.
+
+ For performance, register pressure, and general saneness reasons
+ I've added abstractions for reading and writing the tag
+ and payload of integer registers directly for the JSVALUE64
+ encoding.
+
+ * interpreter/Register.h:
+ (JSC::Register::withInt):
+ (JSC::Register::withCallee):
+ (JSC::Register::operator=):
+ (JSC::Register::i):
+ (JSC::Register::activation):
+ (JSC::Register::function):
+ (JSC::Register::propertyNameIterator):
+ (JSC::Register::scopeChain):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitPutToCallFrameHeader):
+ (JSC::JIT::emitPutCellToCallFrameHeader):
+ (JSC::JIT::emitPutIntToCallFrameHeader):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_load_varargs):
+ (JSC::JIT::emitSlow_op_load_varargs):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::intPayloadFor):
+ (JSC::JSInterfaceJIT::intTagFor):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::returnJSValue):
+ (JSC::SpecializedThunkJIT::returnDouble):
+ (JSC::SpecializedThunkJIT::returnInt32):
+ (JSC::SpecializedThunkJIT::returnJSCell):
+
+2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
+
+ Reviewed by Eric Seidel.
+
+ Introduce project_dir variable and make paths a whole lot saner. Ok, a little bit saner.
+ https://bugs.webkit.org/show_bug.cgi?id=56231
+
+ * JavaScriptCore.gypi: Added project_dir variable.
+ * gyp/JavaScriptCore.gyp: Changed to use project_dir, rather than DEPTH/JavaScriptCore.
+ * gyp/generate-dtrace-header.sh: Changed to use project_dir.
+
+2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Start using derived sources correctly and link minidom with JavaScriptCore gyp project.
+ https://bugs.webkit.org/show_bug.cgi?id=56217
+
+ * gyp/JavaScriptCore.gyp: Added derived source files and passing of shared directory
+ to the scripts.
+ * gyp/generate-derived-sources.sh: Changed to use passed directory.
+ * gyp/generate-dtrace-header.sh: Ditto.
+
+2011-03-11 Eric Carlson <eric.carlson@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ <rdar://problem/8955589> Adopt AVFoundation media back end on Lion.
+
+ No new tests, existing media tests cover this.
+
+ * JavaScriptCore.exp: Export cancelCallOnMainThread
+ * wtf/Platform.h: Define WTF_USE_AVFOUNDATION.
+
+2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Tweak dylib paths and add dtrace header generation action to JavaScriptCore gyp project.
+ https://bugs.webkit.org/show_bug.cgi?id=56207
+
+ * JavaScriptCore.gypi: Added Tracing.d to the sources.
+ * gyp/generate-dtrace-header.sh: Added.
+ * gyp/JavaScriptCore.gyp: Updated dylib paths (now the project can see them),
+ and added DTrace header generating step.
+
+2011-03-10 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Fix allocation of native function with a cached thunk
+ https://bugs.webkit.org/show_bug.cgi?id=56127
+
+ Fix this race condition found while fixing zombies.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::clearWeakPointers):
+ * runtime/Heap.cpp:
+ (JSC::Heap::reset):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::markChildren):
+ * runtime/JSValue.h:
+ (JSC::JSValue::decode):
+ * runtime/JSZombie.cpp:
+ (JSC::JSZombie::leakedZombieStructure):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::createStructure):
+ * runtime/MarkedBlock.cpp:
+
+2011-03-10 Luiz Agostini <luiz.agostini@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] fast/workers/stress-js-execution.html is crashing on Qt bot (intermittently)
+ https://bugs.webkit.org/show_bug.cgi?id=33008
+
+ Defining WTF_USE_PTHREAD_BASED_QT=1 for platforms where QThread uses pthread internally.
+ Symbian is excluded because pthread_kill does not work on it. Mac is excluded because
+ it has its own ways to do JSC threading.
+
+ Defining WTF_USE_PTHREADS inside MachineStackMarker.cpp if USE(PTHREAD_BASED_QT) is true.
+
+ * runtime/MachineStackMarker.cpp:
+ * wtf/Platform.h:
+
+2011-03-10 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 56077 - ES5 conformance issues with RegExp.prototype
+
+ There are three issues causing test failures in sputnik.
+
+ (1) lastIndex should be converted at the point it is used, not the point it is set (this is visible if valueOf is overridden).
+ (2) The 'length' property of the test/exec functions should be 1.
+ (3) If no input is specified, the input to test()/exec() is "undefined" (i.e. ToString(undefined)) - not RegExp.input.
+
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::markChildren):
+ - Added to mark lastIndex
+ (JSC::regExpObjectLastIndex):
+ (JSC::setRegExpObjectLastIndex):
+ - lastIndex is now stored as a JSValue.
+ (JSC::RegExpObject::match):
+ - Use accessor methods to get/set lastIndex, add fast case for isUInt32 (don't convert to double).
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::setLastIndex):
+ (JSC::RegExpObject::setLastIndex):
+ - Set lastIndex, either from a size_t or a JSValue.
+ (JSC::RegExpObject::getLastIndex):
+ - Get lastIndex.
+ (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
+ - Initialize as a JSValue.
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ - Add test/exec properties with length 1.
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ - Do not read RegExp.input if none is provided.
+ * tests/mozilla/js1_2/regexp/RegExp_input.js:
+ * tests/mozilla/js1_2/regexp/RegExp_input_as_array.js:
+ - Update these tests (they relied on non-ES5 behaviour).
+
+2011-03-10 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Rolled back in 80277 and 80280 with event handler layout test failures fixed.
+ https://bugs.webkit.org/show_bug.cgi?id=55653
+
+ The failures were caused by a last minute typo: assigning to currentEvent
+ instead of m_currentEvent.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecompiler/BytecodeGenerator.cpp:
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * runtime/Arguments.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.h:
+ * runtime/MarkedSpace.cpp:
+ * runtime/MarkedSpace.h:
+
+2011-03-09 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ jquery/manipulation.html fails after r80598
+ https://bugs.webkit.org/show_bug.cgi?id=56019
+
+ When linking a call, codeblock now takes ownership of the linked function
+ This removes the need for unlinking, and thus the incorrectness that was
+ showing up in these tests.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::CallLinkInfo::CallLinkInfo):
+ (JSC::CallLinkInfo::setUnlinked):
+ (JSC::CodeBlock::addCaller):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkCall):
+ (JSC::JIT::linkConstruct):
+ * jit/JIT.h:
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+
+2011-03-09 Daniel Bates <dbates@rim.com>
+
+ Attempt to fix the WinCE build after changeset 80684 <http://trac.webkit.org/changeset/80684>
+ (Bug #56041<https://bugs.webkit.org/show_bug.cgi?id=56041>).
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Substitute variable callFrame for exec in call to createSyntaxError().
+
+2011-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 56041 - RexExp constructor should only accept flags "gim"
+ Fix for issues introduced in r80667.
+
+ Invalid flags to a RegExp literal are a late syntax error!
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addRegExp):
+ - Pass a PassRefPtr<RegExp>
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addRegExp):
+ (JSC::BytecodeGenerator::emitNewRegExp):
+ * bytecompiler/BytecodeGenerator.h:
+ - Pass a PassRefPtr<RegExp>
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::RegExpNode::emitBytecode):
+ - Should not be ASSERTing that the flags are valid - this is a late(er) error.
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ - Need to check for error from RegExp constructor.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Need to check for error from RegExp constructor.
+ * runtime/RegExp.h:
+ (JSC::RegExp::isValid):
+ - Make isValid check that the regexp was created with valid flags.
+ * runtime/RegExpKey.h:
+ - Since we'll not create RegExp objects with invalid flags, separate out the deleted value.
+
+2011-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix part 2.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix part 1.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Bug 56041 - RexExp constructor should only accept flags "gim"
+ We also should be passing the flags around as a bitfield rather than a string,
+ and should not have redundant, incompatible code for converting the string to a bitfield!
+
+ * JavaScriptCore.exp:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::RegExpNode::emitBytecode):
+ - Need to parse flags string to enum.
+ * runtime/RegExp.cpp:
+ (JSC::regExpFlags):
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::create):
+ - Add method to parse flags string to enum, change constructor/create args to take enum.
+ * runtime/RegExp.h:
+ (JSC::RegExp::global):
+ (JSC::RegExp::ignoreCase):
+ (JSC::RegExp::multiline):
+ - Change to use new enum values.
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ (JSC::RegExpCache::create):
+ * runtime/RegExpCache.h:
+ - Changed to use regExpFlags enum instead of int/const UString&.
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ - Add use new enum parsing, check for error.
+ * runtime/RegExpKey.h:
+ (JSC::RegExpKey::RegExpKey):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ - Pass NoFlags value instead of empty string.
+ (JSC::regExpProtoFuncCompile):
+ - Add use new enum parsing, check for error.
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ - Pass NoFlags value instead of empty string.
+
+2011-03-08 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig
+
+ Bug 55994 - Functions on Array.prototype should check length first.
+ These methods are designed to work on generic objects too, and if 'length'
+ is a getter that throws an exception, ensure this is correctly thrown
+ (even if other exceptions would be thrown, too).
+
+ Make the length check the first thing we do.
+ This change shows a progression on SunSpider on my machine, but this is likely bogus.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+
+2011-03-07 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make CodeBlock GC write barrier safe
+ https://bugs.webkit.org/show_bug.cgi?id=55910
+
+ In order to make CodeBlock WriteBarrier safe it was necessary
+ to make it have a single GC owner, and for that reason I have
+ made ExecutableBase a GC allocated object. This required
+ updating their creation routines as well as all sites that hold
+ a reference to them. GC objects that held Executable's have been
+ converted to WriteBarriers, and all other sites now use Global<>.
+
+ As an added benefit this gets rid of JSGlobalData's list of
+ GlobalCodeBlocks.
+
+ Perf testing shows a 0.5% progression on v8, vs. a 0.3% regression
+ on SunSpider. Given none of the tests that show regressions
+ demonstrate a regression on their own, and sampling shows up nothing.
+ I suspect we're just getting one or two additional gc passes at
+ the end of the run.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::EvalCodeCache::markAggregate):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::ownerExecutable):
+ (JSC::CodeBlock::addConstant):
+ (JSC::CodeBlock::constantRegister):
+ (JSC::CodeBlock::getConstant):
+ (JSC::CodeBlock::addFunctionDecl):
+ (JSC::CodeBlock::addFunctionExpr):
+ (JSC::GlobalCodeBlock::GlobalCodeBlock):
+ (JSC::ExecState::r):
+ * bytecode/EvalCodeCache.h:
+ (JSC::EvalCodeCache::get):
+ * bytecode/SamplingTool.h:
+ (JSC::ScriptSampleRecord::ScriptSampleRecord):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addConstantValue):
+ (JSC::BytecodeGenerator::emitEqualityOp):
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::makeFunction):
+ * debugger/Debugger.cpp:
+ (JSC::evaluateInGlobalCallFrame):
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::evaluate):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadDouble):
+ (JSC::JIT::emitLoadInt32ToDouble):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+ (JSC::JITThunks::hostFunctionStub):
+ (JSC::JITThunks::clearHostFunctionStubs):
+ * jit/JITStubs.h:
+ * runtime/Completion.cpp:
+ (JSC::checkSyntax):
+ (JSC::evaluate):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::EvalExecutable):
+ (JSC::ProgramExecutable::ProgramExecutable):
+ (JSC::FunctionExecutable::FunctionExecutable):
+ (JSC::FunctionExecutable::~FunctionExecutable):
+ (JSC::EvalExecutable::markChildren):
+ (JSC::ProgramExecutable::markChildren):
+ (JSC::FunctionExecutable::markChildren):
+ (JSC::FunctionExecutable::fromGlobalCode):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::VPtrHackExecutable::VPtrHackExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::EvalExecutable::create):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::create):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::create):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunction):
+ * runtime/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::markRoots):
+ * runtime/Heap.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ (JSC::JSActivation::markChildren):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::JSActivationData::JSActivationData):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::~JSFunction):
+ (JSC::JSFunction::markChildren):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSObject.cpp:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::markChildren):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSZombie.cpp:
+ (JSC::JSZombie::leakedZombieStructure):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::createStructure):
+ * runtime/MarkedSpace.h:
+
+2011-03-07 Andy Estes <aestes@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ REGRESSION (r79060): Timestamp is missing from tweets in twitter.
+ https://bugs.webkit.org/show_bug.cgi?id=55228
+
+ A change to the date parser to handle the case where the year is
+ specified before the time zone inadvertently started accepting strings
+ such as '+0000' as valid years. Those strings actually represent time
+ zones in an offset of hours and minutes from UTC, not years.
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters): If the current character
+ in dateString is '+' or '-', do not try to parse the next token as a
+ year.
+
+2011-03-06 Yuta Kitamura <yutak@chromium.org>
+
+ Reviewed by Kent Tamura.
+
+ Add SHA-1 for new WebSocket protocol
+ https://bugs.webkit.org/show_bug.cgi?id=55039
+
+ The code is based on Chromium's portable SHA-1 implementation
+ (src/base/sha1_portable.cc). Modifications were made in order
+ to make the code comply with WebKit coding style.
+
+ * GNUmakefile.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/MD5.cpp:
+ (WTF::MD5::MD5):
+ * wtf/SHA1.cpp: Added.
+ (WTF::testSHA1): This function will be run the first time SHA1
+ constructor is called. This function computes a few hash values
+ and checks the results in debug builds. However, constructor is
+ probably not a good place to run these tests, so we need to find
+ a good place for it (bug 55853).
+ (WTF::expectSHA1):
+ (WTF::f):
+ (WTF::k):
+ (WTF::rotateLeft):
+ (WTF::SHA1::SHA1):
+ (WTF::SHA1::addBytes):
+ (WTF::SHA1::computeHash):
+ (WTF::SHA1::finalize):
+ (WTF::SHA1::processBlock):
+ (WTF::SHA1::reset):
+ * wtf/SHA1.h: Added.
+ (WTF::SHA1::addBytes):
+ * wtf/wtf.pri:
+
+2011-03-05 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add Derived Sources to WebCore GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55813
+
+ Rename the action to be friendlier.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-04 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] Need symbian version of cryptographicallyRandomValuesFromOS
+ https://bugs.webkit.org/show_bug.cgi?id=55782
+
+ Implement Symbian version of cryptographicallyRandomValuesFromOS
+
+ * wtf/OSRandomSource.cpp:
+ (WTF::cryptographicallyRandomValuesFromOS):
+
+2011-03-04 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Cameron Zwarich.
+
+ Bug 55815 - Should throw an exception from JSObject::defineOwnProperty if !isExtensible().
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+ Add missing check.
+
+2011-03-04 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by olliej.
+
+ Bug 54945 - The web page hangs towards the end of page load in Interpreter enabled javascript code in the latest webkit trunk.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ (1) don't infinite loop.
+ (2) goto 1.
+
+2011-03-04 Gavin Barraclough <barraclough@apple.com>
+
+ cmake build fix.
+
+ * CMakeLists.txt:
+
+2011-03-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add Copy Files step to JavaScriptCore GYP build for apitest and minidom
+ https://bugs.webkit.org/show_bug.cgi?id=55798
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Remove unneeded round-trips through ../Source in the Chromium GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55795
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-03-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Use target_defaults to reduce boilerplate in GYP build system
+ https://bugs.webkit.org/show_bug.cgi?id=55790
+
+ Instead of setting up the configuration in each target, just defer to
+ target_defaults. Also, removed a define that was redundant with the
+ xcconfig.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-03 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 55736 - Implement seal/freeze/preventExtensions for normal object types.
+ Provide basic functionallity from section 15.2.4 of ECMA-262.
+ This support will need expanding to cover arrays, too.
+
+ Shows a 0.5% progression on SunSpidey, this seems to be due to changing
+ ObjectConstructor to use a static table.
+
+ * DerivedSources.make:
+ * JavaScriptCore.exp:
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::objectConstructorTable):
+ Add a static table for ObjectConstructor.
+ * runtime/CommonIdentifiers.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ Add a static table for ObjectConstructor.
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ Add a static table for ObjectConstructor.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::seal):
+ (JSC::JSObject::freeze):
+ (JSC::JSObject::preventExtensions):
+ Transition the object's structure.
+ (JSC::JSObject::defineOwnProperty):
+ Check isExtensible.
+ * runtime/JSObject.h:
+ (JSC::JSObject::isSealed):
+ (JSC::JSObject::isFrozen):
+ (JSC::JSObject::isExtensible):
+ These wrap method on structure.
+ (JSC::JSObject::putDirectInternal):
+ Check isExtensible.
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ (JSC::ObjectConstructor::getOwnPropertySlot):
+ (JSC::ObjectConstructor::getOwnPropertyDescriptor):
+ Change ObjectConstructor to use a static table.
+ (JSC::objectConstructorSeal):
+ (JSC::objectConstructorFreeze):
+ (JSC::objectConstructorPreventExtensions):
+ (JSC::objectConstructorIsSealed):
+ (JSC::objectConstructorIsFrozen):
+ (JSC::objectConstructorIsExtensible):
+ Add new methods on Object.
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ init/propagate m_preventExtensions
+ (JSC::Structure::sealTransition):
+ (JSC::Structure::freezeTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ transition the structure, materializing the property map, setting m_preventExtensions & changing attributes.
+ (JSC::Structure::isSealed):
+ (JSC::Structure::isFrozen):
+ check attributes to detect if object is sealed/frozen.
+ * runtime/Structure.h:
+ (JSC::Structure::isExtensible):
+ checks the m_preventExtensions flag.
+
+2011-03-04 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Jon Honeycutt.
+
+ Adopt VersionStamper tool for Windows WebKit DLLs
+ https://bugs.webkit.org/show_bug.cgi?id=55784
+ <rdar://problem/9021273>
+
+ We now use a tool to stamp the version number onto the Apple WebKit DLLs
+ during the post-build step.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Removed.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd:
+
+2011-03-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ JavaScriptCore GYP build should use a header map
+ https://bugs.webkit.org/show_bug.cgi?id=55712
+
+ This patch moves the os-win32 files into their own variable so that we
+ can use a header map in the Apple Mac Xcode build. The problem is that
+ the header map searches the whole project rather than just the files
+ included in a given target. Another solution to this problem is to
+ make GYP smarter about filtering out what files are added to the
+ project file.
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-03 Ryosuke Niwa <rniwa@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Remove LOOSE_PASS_OWN_ARRAY_PTR from PassOwnArrayPtr.h
+ https://bugs.webkit.org/show_bug.cgi?id=55554
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::copyGlobalsTo): Pass nullptr instead of 0.
+ (JSC::JSGlobalObject::resizeRegisters): Ditto; also use OwnArrayPtr instead of a raw pointer.
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::addStaticGlobals): Ditto.
+ * wtf/PassOwnArrayPtr.h: Removed #define LOOSE_PASS_OWN_ARRAY_PTR
+ (WTF::PassOwnArrayPtr::PassOwnArrayPtr): Added a constructor that takes nullptr_t.
+
+2011-03-03 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add jsc to JavaScriptCore GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55711
+
+ * JavaScriptCore.gypi:
+ - Move jsc.cpp into jsc_files because it's really part of the jsc
+ target.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Remove extraneous files from the normal jsc build. I probably
+ added these by mistake at some point.
+ * gyp/JavaScriptCore.gyp:
+ - Add the jsc target to the GYP file.
+
+2011-03-03 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add testapi to JavaScriptCore GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55707
+
+ The new testapi target is slightly incomplete. There's a resource
+ copying step that we don't quite have yet.
+
+ This patch also cleans up some of the configuration issues in
+ JavaScriptCore.xcodeproj. It seems kind of wordy to repeat these for
+ each target. I suspect there's a more compact way of defining the
+ configurations, but this removes the "Default" configuration, which is
+ progress.
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-03 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Teach JavaScriptCore GYP build about private headers
+ https://bugs.webkit.org/show_bug.cgi?id=55532
+
+ This patch distinguishes between public and private framework headers
+ so that public headers are copied into the Headers directory and
+ private headers are copied into the PrivateHeaders directory.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-03 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out 80277 and 80280 because they caused event handler layout test
+ failures.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecompiler/BytecodeGenerator.cpp:
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * runtime/Arguments.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.h:
+ * runtime/MarkedSpace.cpp:
+ * runtime/MarkedSpace.h:
+
+2011-03-03 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Build fix. Alter order of headers included to make sure windows.h
+ is configured by wx, and skip Posix implementation file we don't use on Win.
+
+ * wscript:
+ * wtf/wx/StringWx.cpp:
+
+2011-03-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ JSVariableObject needs to use WriteBarrier for symboltable property storage
+ https://bugs.webkit.org/show_bug.cgi?id=55698
+
+ Replace the direct usage of Register in JSVariableObject (and descendents)
+ with WriteBarrier. This requires updating the Arguments object to use
+ WriteBarrier as well.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveArguments):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::initialize):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::markChildren):
+ (JSC::Arguments::copyToRegisters):
+ (JSC::Arguments::fillArgList):
+ (JSC::Arguments::getOwnPropertySlot):
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ (JSC::Arguments::put):
+ * runtime/Arguments.h:
+ (JSC::Arguments::setActivation):
+ (JSC::Arguments::Arguments):
+ (JSC::Arguments::copyRegisters):
+ (JSC::JSActivation::copyRegisters):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::markChildren):
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::symbolTablePutWithAttributes):
+ (JSC::JSActivation::put):
+ (JSC::JSActivation::putWithAttributes):
+ (JSC::JSActivation::argumentsGetter):
+ * runtime/JSActivation.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ (JSC::JSGlobalObject::putWithAttributes):
+ (JSC::JSGlobalObject::markChildren):
+ (JSC::JSGlobalObject::copyGlobalsFrom):
+ (JSC::JSGlobalObject::copyGlobalsTo):
+ (JSC::JSGlobalObject::resizeRegisters):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::setRegisters):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+ (JSC::JSStaticScopeObject::putWithAttributes):
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::symbolTableGet):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::registerAt):
+ (JSC::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
+ (JSC::JSVariableObject::symbolTableGet):
+ (JSC::JSVariableObject::symbolTablePut):
+ (JSC::JSVariableObject::symbolTablePutWithAttributes):
+ (JSC::JSVariableObject::copyRegisterArray):
+ (JSC::JSVariableObject::setRegisters):
+
+2011-03-03 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed obsolete symbol.
+
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::getOwnPropertySlot): Don't mark this function
+ inline -- it's virtual.
+
+2011-03-02 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Moved all variable object storage inline -- upping the object size limit to 1K
+ https://bugs.webkit.org/show_bug.cgi?id=55653
+
+ * JavaScriptCore.exp:
+ * bytecompiler/BytecodeGenerator.cpp:
+ * jit/JITOpcodes.cpp:
+ * runtime/Arguments.h:
+ * runtime/JSActivation.h: Removed out-of-line storage. Changed d-> to m_.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedSpace::sizeClassFor): Added an imprecise size class
+ to accomodate objects up to 1K.
+
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h: Removed out-of-line storage. Changed d-> to m_.
+
+ * runtime/JSObject.cpp: Don't ASSERT that JSFinalObject fills the maximum
+ object size, since it doesn't anymore.
+
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.h: Removed out-of-line storage. Changed d-> to m_.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h: Added an imprecise size class to accomodate objects up to 1K.
+
+2011-03-03 Timothy Hatcher <timothy@apple.com>
+
+ Make APIShims usable from WebCore.
+
+ Reviewed by Oliver Hunt.
+
+ * ForwardingHeaders/JavaScriptCore/APIShims.h: Added.
+ * GNUmakefile.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-03-03 Peter Varga <pvarga@webkit.org>
+
+ Reviewed by Oliver Hunt.
+
+ Begin Characters Optimization Causes YARR Interpreter Errors
+ https://bugs.webkit.org/show_bug.cgi?id=55479
+
+ The addBeginTerm function is removed because it doesn't correctly handle those
+ cases when an "invalid" term has been
+ collected (e.g. CharacterClass). Move the removed function to the
+ setupAlternativeBeginTerms method's switch-case
+ where the non-allowed cases are correctly handled.
+
+ Reenable the Beginning Character Optimization in the YARR Interpreter again.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms):
+ (JSC::Yarr::YarrPattern::compile):
+
+2011-03-02 Jessie Berlin <jberlin@apple.com>
+
+ Reviewed by Adam Roben.
+
+ WebKit2: Use CFNetwork Sessions API.
+ https://bugs.webkit.org/show_bug.cgi?id=55435
+
+ Add the ability to create a Private Browsing storage session.
+
+ * wtf/Platform.h:
+ Add a new #define for using CF Storage Sessions.
+
+2011-03-02 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove "register slot" concept from PropertySlot
+ https://bugs.webkit.org/show_bug.cgi?id=55621
+
+ PropertySlot had already stopped storing Register "slots"
+ so this patch is simply removing that api entirely.
+ This exposed a problem in the ProgramNode constructor for
+ BytecodeGenerator where it reads from the registerfile
+ before it has initialised it.
+
+ This bug wasn't a problem before as we were merely testing
+ for property existence rather than the actual value, and
+ used to work because setRegisterSlot didn't check that the
+ provided slot contained an initialised value.
+
+ To get around this issue we now use symbolTableHasProperty
+ to do the symbol table check without trying to read the
+ RegisterFile.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlot):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::symbolTableGet):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::symbolTableHasProperty):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::symbolTableGet):
+ * runtime/PropertySlot.h:
+
+2011-03-02 Daniel Cheng <dcheng@chromium.org>
+
+ Reviewed by David Levin.
+
+ Add feature define for data transfer items
+ https://bugs.webkit.org/show_bug.cgi?id=55510
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-03-02 Adam Roben <aroben@apple.com>
+
+ Delete old .res files whenever any .vsprops file changes
+
+ Prospective fix for <http://webkit.org/b/55599> r80079 caused incremental Windows builds to
+ fail
+
+ Reviewed by Tony Chang.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
+ (main): Restructured code to loop over a set of file extensions, deleting any old files that
+ have that extension. Now deletes .res files, too. (We previously deleted any file matching
+ *.manifest*, but that turned out to just be the union of *.manifest and *.res.)
+
+2011-03-02 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Teach JavaScriptCore GYP build how to build minidom
+ https://bugs.webkit.org/show_bug.cgi?id=55536
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-01 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ JavaScriptCore GYP build should copy some headers into the target framework
+ https://bugs.webkit.org/show_bug.cgi?id=55524
+
+ After this patch, all the framework headers are exported as public
+ headers. We need to teach GYP how to handle private headers.
+
+ I struggled to determine how to store the information about whether a
+ header was public, private, or project (i.e., not exported).
+ Generally, the GYPI should just list the files, but it seemed siliy to
+ have an almost duplicated list of files in the GYP file itself. If
+ this design doesn't scale, we might have to revisit it in the future.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r80079.
+ http://trac.webkit.org/changeset/80079
+ https://bugs.webkit.org/show_bug.cgi?id=55547
+
+ "Broke the Win debug build?" (Requested by dcheng on #webkit).
+
+ * wtf/Platform.h:
+
+2011-03-01 Daniel Cheng <dcheng@chromium.org>
+
+ Reviewed by David Levin.
+
+ Add feature define for data transfer items
+ https://bugs.webkit.org/show_bug.cgi?id=55510
+
+ * wtf/Platform.h:
+
+2011-03-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Joseph Pecoraro.
+
+ Misaligned memory access in CloneDeserializer on all ARM arch.
+ https://bugs.webkit.org/show_bug.cgi?id=48742
+
+ Add a CPU class for architectures that need aligned addresses
+ for memory access.
+
+ * wtf/Platform.h:
+
+2011-03-01 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add pre- and post-build actions for JavaScriptCore GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55507
+
+ After this patch, we have all the steps for building the main
+ JavaScriptCore framework except the "copy headers" step, which I'll do
+ next.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-01 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Rolled back in r79627 now that the underlying cause for it crashing is fixed.
+ https://bugs.webkit.org/show_bug.cgi?id=55159
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/Heap.cpp:
+ (JSC::Heap::allocateSlowCase):
+ * runtime/Heap.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedSpace::sizeClassFor):
+ (JSC::JSCell::Heap::allocate):
+ (JSC::JSCell::JSCell::operator new):
+ * runtime/MarkedBlock.h:
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+
+2011-03-01 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Replace two script phases that do nothing but copy files with copy files build phases.
+
+ This speeds up the build by a few seconds on high-end Mac Pros.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-03-01 David Kilzer <ddkilzer@apple.com>
+
+ Spring cleaning!
+
+ Rubber-stamped by Mark Rowe.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ (Copy Into Framework): Remove "set -x" and its comment.
+
+2011-03-01 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Darin Adler.
+
+ TinyMCE not working in nightlies
+ https://bugs.webkit.org/show_bug.cgi?id=54978
+
+ Disabling setupBeginChars() to temporarily work arround the test
+ failure. Filed https://bugs.webkit.org/show_bug.cgi?id=55479
+ to track fixing the issue.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPattern::compile):
+
+2011-02-23 Joseph Pecoraro <joepeck@webkit.org>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ Viewport parsing no longer accepts "1.0;" value as valid.
+ https://bugs.webkit.org/show_bug.cgi?id=53705
+
+ Include a didReadNumber parameter to String -> float / double
+ conversion functions. This way, if the "ok" boolean out
+ parameter is false, you can check to see if there in fact
+ was a valid number parsed with garbage at the end. Examples
+ of that would be parsing "123x456" would have ok = false,
+ but didReadNumber = true.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::toDouble):
+ (WTF::StringImpl::toFloat):
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.cpp:
+ (WTF::String::toDouble):
+ (WTF::String::toFloat):
+ (WTF::charactersToDouble):
+ (WTF::charactersToFloat):
+ * wtf/text/WTFString.h:
+
+2011-02-28 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Past-the-end writes in VM exceptions (caused crashes in r79627)
+ https://bugs.webkit.org/show_bug.cgi?id=55448
+
+ Some exceptions had the wrong structures, so they misoverestimated their
+ inline storage sizes.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData): Use the right structure.
+
+ * runtime/JSObject.h:
+ (JSC::JSNonFinalObject::JSNonFinalObject):
+ (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity
+ is correct to verify this doesn't happen again.
+
+2011-03-01 Andras Becsi <abecsi@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Clean up the project files and move common options to WebKit.pri.
+
+ * JavaScriptCore.pri: Move options also needed in WebCore into WebKit.pri.
+ * JavaScriptCore.pro: Deduplicate options.
+ * jsc.pro: Ditto.
+
+2011-03-01 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Teach JavaScriptCore GYP build about DEPTH
+ https://bugs.webkit.org/show_bug.cgi?id=55425
+
+ In addition to teaching the JavaScriptCore GYP build about DEPTH, this
+ change overrides the GCC warning configuration to disable a warning
+ that's causing probems in Assertions.cpp. With that warning disabled,
+ JavaScriptCore builds again.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-02-28 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-28 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79948.
+ http://trac.webkit.org/changeset/79948
+ https://bugs.webkit.org/show_bug.cgi?id=55439
+
+ "caused crashes on the SL release bot" (Requested by ggaren on
+ #webkit).
+
+ * runtime/JSGlobalData.h:
+ * runtime/WriteBarrier.h:
+
+2011-02-28 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig & Darin Adler.
+
+ Bug 55423 - Clean up property tables in Structure
+
+ Encapsulate, reduce duplication of table search code,
+ and reduce the size of the tables (remove the index,
+ just maintain the tables in the correct order).
+
+ Shows a 0.5% - 1% progression on sunspider.
+
+ * JavaScriptCore.exp:
+ * runtime/PropertyMapHashTable.h:
+ (JSC::isPowerOf2):
+ (JSC::nextPowerOf2):
+ bit ops used to calculate table size.
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ (JSC::PropertyTable::ordered_iterator::operator++):
+ (JSC::PropertyTable::ordered_iterator::operator==):
+ (JSC::PropertyTable::ordered_iterator::operator!=):
+ (JSC::PropertyTable::ordered_iterator::operator*):
+ (JSC::PropertyTable::ordered_iterator::operator->):
+ (JSC::PropertyTable::ordered_iterator::ordered_iterator):
+ implementation of the iterator types
+ (JSC::PropertyTable::PropertyTable):
+ (JSC::PropertyTable::~PropertyTable):
+ constructors take an initial capacity for the table,
+ a table to copy, or both.
+ (JSC::PropertyTable::begin):
+ (JSC::PropertyTable::end):
+ create in-order iterators.
+ (JSC::PropertyTable::find):
+ search the hash table
+ (JSC::PropertyTable::add):
+ add a value to the hash table
+ (JSC::PropertyTable::remove):
+ remove a value from the hash table
+ (JSC::PropertyTable::size):
+ (JSC::PropertyTable::isEmpty):
+ accessors.
+ (JSC::PropertyTable::propertyStorageSize):
+ (JSC::PropertyTable::clearDeletedOffsets):
+ (JSC::PropertyTable::hasDeletedOffset):
+ (JSC::PropertyTable::getDeletedOffset):
+ (JSC::PropertyTable::addDeletedOffset):
+ cache deleted (available) offsets in the property storage array.
+ (JSC::PropertyTable::copy):
+ take a copy of the PropertyTable, potentially expanding the capacity.
+ (JSC::PropertyTable::sizeInMemory):
+ used for DEBUG build statistics
+ (JSC::PropertyTable::reinsert):
+ (JSC::PropertyTable::rehash):
+ (JSC::PropertyTable::tableCapacity):
+ (JSC::PropertyTable::deletedEntryIndex):
+ (JSC::PropertyTable::skipDeletedEntries):
+ (JSC::PropertyTable::table):
+ (JSC::PropertyTable::usedCount):
+ (JSC::PropertyTable::dataSize):
+ (JSC::PropertyTable::sizeForCapacity):
+ (JSC::PropertyTable::canInsert):
+ these methods provide internal implementation.
+ * runtime/Structure.cpp:
+ (JSC::Structure::dumpStatistics):
+ (JSC::Structure::~Structure):
+ (JSC::Structure::materializePropertyMap):
+ (JSC::Structure::despecifyDictionaryFunction):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::flattenDictionaryStructure):
+ (JSC::Structure::copyPropertyTable):
+ (JSC::Structure::get):
+ (JSC::Structure::despecifyFunction):
+ (JSC::Structure::despecifyAllFunctions):
+ (JSC::Structure::put):
+ (JSC::Structure::remove):
+ (JSC::Structure::createPropertyMap):
+ (JSC::Structure::getPropertyNames):
+ (JSC::PropertyTable::checkConsistency):
+ (JSC::Structure::checkConsistency):
+ factored out code to PropertyMapHashTable.h
+ * runtime/Structure.h:
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::isEmpty):
+ (JSC::Structure::get):
+ factored out code to PropertyMapHashTable.h
+
+2011-02-28 Xan Lopez <xlopez@igalia.com>
+
+ Another fix build :(
+
+ Fix typo.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::freePlatformThreadRegisters):
+
+2011-02-28 Xan Lopez <xlopez@igalia.com>
+
+ Unreviewed build fix for Snow Leopard.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::freePlatformThreadRegisters):
+
+2011-02-28 Alejandro G. Castro <alex@igalia.com>
+
+ Unreviewed, fix SnowLeopard compilation after r79952.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::freePlatformThreadRegisters):
+
+2011-02-28 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Darin Adler.
+
+ <http://webkit.org/b/55430> OwnArrayPtr.h's LOOSE_OWN_ARRAY_PTR results in link errors.
+
+ * wtf/OwnArrayPtr.h:
+ (WTF::::set): Implement OwnArrayPtr::set.
+
+2011-02-28 Martin Zoubek <martin.zoubek@acision.com> and Alejandro G. Castro <alex@igalia.com>
+
+ Reviewed by Martin Robinson.
+
+ Multithread support for JSC on UNIX
+ https://bugs.webkit.org/show_bug.cgi?id=26838
+
+ Implement suspendThread() and resumeThread() for systems with
+ pthread.h using thread signal handler.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::pthreadSignalHandlerSuspendResume):
+ (JSC::MachineStackMarker::Thread::Thread):
+ (JSC::getCurrentPlatformThread):
+ (JSC::suspendThread):
+ (JSC::resumeThread):
+ (JSC::getPlatformThreadRegisters):
+ (JSC::otherThreadStackPointer):
+ (JSC::freePlatformThreadRegisters):
+ (JSC::MachineStackMarker::markOtherThreadConservatively):
+ * wtf/Platform.h: Added Gtk port to use
+ ENABLE_JSC_MULTIPLE_THREADS.
+
+2011-02-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Stop using DeprecatedPtr for the global exception slot
+ https://bugs.webkit.org/show_bug.cgi?id=55424
+
+ Create GCRootPtr to signify that the exception slot is
+ a gcroot, and so is exempt from the usual writebarrier
+ restrictions.
+
+ * runtime/JSGlobalData.h:
+ * runtime/WriteBarrier.h:
+ (JSC::GCRootPtr::GCRootPtr):
+ (JSC::GCRootPtr::operator=):
+
+2011-02-28 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Use more xcconfig files in JavaScriptCore gyp build
+ https://bugs.webkit.org/show_bug.cgi?id=55391
+
+ The GYP experts tell me that we have have a total of two xcconfig
+ files: one for the xcodeproj as a whole and one for each target. This
+ patch uses that technique to re-use the existing xcconfig files and
+ eliminate the duplication.
+
+ Technically, this patch introduces some build errors because the
+ xcconfig files assume that the xcodeproj file is one level higher in
+ the directory hierarchy. Specifically, the xcodeproj file can no
+ longer find the Info.plist or the prefix header. I plan to fix that in
+ a subsequent patch.
+
+ Also, this patch introduces the Release and Production configurations,
+ which should work correctly now.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-02-28 Jon Honeycutt <jhoneycutt@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Add symbol to export.
+
+2011-02-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make ScopeChainNode GC allocated
+ https://bugs.webkit.org/show_bug.cgi?id=55283
+
+ Simplify lifetime and other issues with the scopechain
+ by making it gc allocated. This allows us to simplify
+ function exit and unwinding, as well as making the
+ current iterative refcounting go away.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::createActivation):
+ * bytecode/StructureStubInfo.cpp:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+ * bytecompiler/BytecodeGenerator.h:
+ * debugger/Debugger.cpp:
+ (JSC::Recompiler::operator()):
+ * debugger/DebuggerCallFrame.h:
+ (JSC::DebuggerCallFrame::scopeChain):
+ * interpreter/CachedCall.h:
+ (JSC::CachedCall::CachedCall):
+ * interpreter/CallFrame.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::depth):
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::throwException):
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::privateExecute):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::emit_op_ret):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ (JSC::JIT::compileOpCall):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_end):
+ (JSC::JIT::emit_op_ret):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_end):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * runtime/ArgList.cpp:
+ * runtime/Completion.cpp:
+ (JSC::evaluate):
+ * runtime/Completion.h:
+ * runtime/DateConversion.cpp:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunction):
+ * runtime/GCActivityCallbackCF.cpp:
+ * runtime/Identifier.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSChunk.cpp: Added.
+ * runtime/JSChunk.h: Added.
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::markChildren):
+ (JSC::JSFunction::getCallData):
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getConstructData):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::scope):
+ (JSC::JSFunction::setScope):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::markChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+ (JSC::JSGlobalObject::globalScopeChain):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSLock.cpp:
+ * runtime/JSNumberCell.cpp:
+ * runtime/JSZombie.cpp:
+ * runtime/MarkedBlock.cpp:
+ * runtime/MarkedSpace.cpp:
+ * runtime/PropertyNameArray.cpp:
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::print):
+ (JSC::ScopeChainNode::localDepth):
+ (JSC::ScopeChainNode::markChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ (JSC::ScopeChainNode::createStructure):
+ (JSC::ScopeChainNode::push):
+ (JSC::ScopeChainNode::pop):
+ (JSC::ScopeChainIterator::ScopeChainIterator):
+ (JSC::ScopeChainIterator::operator*):
+ (JSC::ScopeChainIterator::operator->):
+ (JSC::ScopeChainIterator::operator++):
+ (JSC::ScopeChainNode::begin):
+ (JSC::ScopeChainNode::end):
+ (JSC::ExecState::globalData):
+ (JSC::ExecState::lexicalGlobalObject):
+ (JSC::ExecState::globalThisValue):
+ * runtime/ScopeChainMark.h:
+ * wtf/DateMath.cpp:
+
+2011-02-27 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Implement WTF::randomNumber in terms of WTF::cryptographicallyRandomNumber when possible
+ https://bugs.webkit.org/show_bug.cgi?id=55326
+
+ Currently, randomNumber does a bunch of platform-specific work that to
+ get a cryptographic randomness when available. Instead, we should use
+ cryptographicallyRandomNumber, which abstracts this work.
+ Unfortunately, we can't remove all of the WTF::randomNumber
+ implementation because not every port has access to cryptographically
+ random numbers.
+
+ * wtf/RandomNumber.cpp:
+ (WTF::randomNumber):
+
+2011-02-27 Benjamin Poulain <ikipou@gmail.com>
+
+ Reviewed by Darin Adler.
+
+ Eliminate DeprecatedPtrList from RenderBlock
+ https://bugs.webkit.org/show_bug.cgi?id=54972
+
+ Add methods find() and contains() using an adaptor to ListHashSet.
+ Those method are like the one of HashSet, they allow to find objects
+ based on a different key than the one used to define the set.
+
+ Add convenience methods for direct access to the head and tail of the list.
+ Those methods are providing similar API/behavior as Vector.
+
+ * wtf/ListHashSet.h:
+ (WTF::::first):
+ (WTF::::last):
+ (WTF::::removeLast):
+ (WTF::ListHashSetTranslatorAdapter::hash):
+ (WTF::ListHashSetTranslatorAdapter::equal):
+ (WTF::::find):
+ (WTF::::contains):
+
+2011-02-26 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Andreas Kling.
+
+ Add support for DragonFly BSD
+ https://bugs.webkit.org/show_bug.cgi?id=54407
+
+ DragonFly BSD is based on FreeBSD, so handle it like FreeBSD.
+
+ * wtf/Platform.h:
+
+2011-02-26 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ JavaScriptCore should use the xcconfig file instead of importing that information into GYP
+ https://bugs.webkit.org/show_bug.cgi?id=55282
+
+ Technically, this breaks the build because I had removed one of the
+ warnings in this config file, but this change seems like an
+ improvement.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-02-26 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Nikolas Zimmermann.
+
+ SH4 JIT SUPPORT
+ https://bugs.webkit.org/show_bug.cgi?id=44329
+
+ Provide an ExecutableAllocater::cacheFlush() implementation for
+ Linux/SH4.
+
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+
+2011-02-25 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79627.
+ http://trac.webkit.org/changeset/79627
+ https://bugs.webkit.org/show_bug.cgi?id=55274
+
+ broke worker tests (Requested by olliej on #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Heap.cpp:
+ (JSC::Heap::allocate):
+ * runtime/Heap.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::operator new):
+ (JSC::JSCell::MarkedSpace::sizeClassFor):
+ (JSC::JSCell::MarkedSpace::allocate):
+ * runtime/MarkedBlock.h:
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+
+2011-02-25 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Leak in JSParser::Scope of ScopeLabelInfo Vector
+ https://bugs.webkit.org/show_bug.cgi?id=55249
+
+ Changed m_labels to be an OwnPtr<>. Added VectorTraits
+ and Scope copy constructor to support this change.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::Scope::~Scope):
+
+2011-02-25 Fumitoshi Ukai <ukai@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ WebSocket uses insecure random numbers
+ https://bugs.webkit.org/show_bug.cgi?id=54714
+
+ * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
+
+2011-02-25 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Roben.
+
+ Move timeBeginPeriod into OS(WINDOWS) section
+ https://bugs.webkit.org/show_bug.cgi?id=55247
+
+ * jsc.cpp:
+ (main): timeBeginPeriod is available on all Windows versions and not compiler specific.
+
+2011-02-25 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed WinCE build fix for r79695.
+
+ * jsc.cpp:
+ (main): SetErrorMode isn't available on WinCE.
+
+2011-02-25 Adam Roben <aroben@apple.com>
+
+ Work around Cygwin's crash-suppression behavior
+
+ Cygwin calls ::SetErrorMode(SEM_FAILCRITICALERRORS), which any processes it launches will
+ inherit. This is bad for testing/debugging, as it causes the post-mortem debugger not to be
+ invoked. (Cygwin does this because it makes crashes more UNIX-y.) We reset the error mode
+ when our test apps launch to work around Cygwin's behavior.
+
+ Fixes <http://webkit.org/b/55222> Test apps crash silently (without invoking post-mortem
+ debugger) when launched from Cygwin 1.7
+
+ Reviewed by Darin Adler.
+
+ * API/tests/testapi.c: Added a now-needed #include.
+ (main):
+ * jsc.cpp:
+ (main):
+ Call ::SetErrorMode(0) to undo Cygwin's folly.
+
+ * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Define NOMINMAX like many of our
+ other projects do so that windows.h won't define min/max macros that interfere with
+ std::numeric_limits<T>::min/max.
+
+2011-02-24 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Add GYP project for JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=55027
+
+ Again, this GYP files is very rough, but it succeeds in building
+ JavaScriptCore. There's a lot more work to do here, especially in the
+ area of sharing with JavaScriptGlue.gyp. This patch is more of a
+ checkpoint so that other folks can help out if they wish.
+
+ * gyp: Added.
+ * gyp/JavaScriptCore.gyp: Added.
+ * gyp/generate-derived-sources.sh: Added.
+
+2011-02-24 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Add missing files to JavaScriptCore.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=55193
+
+ I forgot to add mm files in my previous patch.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+
+2011-02-24 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Remove unused parameter name in GCActivityCallback.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=55194
+
+ This change is not strictly required for the GYP-based build system,
+ but I noticed this error when working on the new build system.
+
+ * runtime/GCActivityCallback.cpp:
+ (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
+
+2011-02-24 James Robinson <jamesr@chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ Add a USE() macro to control use of the built-in UTF8 codec
+ https://bugs.webkit.org/show_bug.cgi?id=55189
+
+ Defaults USE(BUILTIN_UTF8_CODEC) to true for all platforms except chromium, which controls the flag via features.gypi.
+
+ * wtf/Platform.h:
+
+2011-02-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Variable-sized allocation (but still capped at 64 bytes)
+ https://bugs.webkit.org/show_bug.cgi?id=55159
+
+ SunSpider reports no change.
+
+ * JavaScriptCore.exp: Some day, I hope not to have to edit this file.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::allocateSlowCase): Split allocation into a fast and slow
+ case, so the fast case can inline size class selection and turn it into
+ a compile-time constant.
+
+ Changed the collect-on-every allocation debugging switch to collect only
+ on every slow allocation, so you can still flip the switch without
+ recompiling the world. This may also be preferable for debugging purposes,
+ since collecting after every single allocation can be unusably slow,
+ and can mask problems by running destructors early.
+
+ * runtime/Heap.h: Ditto.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedSpace::sizeClassFor):
+ (JSC::JSCell::Heap::allocate):
+ (JSC::JSCell::JSCell::operator new): The inlining mentioned above.
+
+ * runtime/MarkedBlock.h: Dropped the block size from 256KB to 16KB. With
+ multiple size classes, allocating a full 256KB for the first allocation
+ in a given class can be pathologically wasteful. (8KB, or 4KB Mac and
+ 8KB Windows, would be even better, but that seems to be a peformance
+ regression for now.)
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::reset): There's more than one size class now, and its
+ cell size is not constant.
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::SizeClass): Ditto.
+
+2011-02-23 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make WeakGCMap use new handle infrastructure
+ https://bugs.webkit.org/show_bug.cgi?id=55100
+
+ Remove old WeakGCMap implementation and move over to new handle
+ based logic.
+
+ This has a number of benefits, most notably it makes a WeakGCMap
+ always reflect the true state of the world by as all entries are
+ removed at the first gc cycle that makes them dead. This allows
+ us to get rid of code in a wide variety of objects where the only
+ purpose was to remove themselves from maps.
+
+ It also means that we no longer need to have special "unchecked"
+ versions of any functions on WeakGCMap. Alas in order to maintain
+ compatibility with the JSWeakObjectMapClear API it is still
+ necessary to have an api that resembles uncheckedRemove, this is
+ now deprecatedRemove and will be dealt with in a later patch.
+
+ In order to get correct semantics in WeakGCMap we need more
+ contextual information in the finalizer, so we've added an
+ abstract class based finaliser and a context parameter to the
+ calls.
+
+ The new an improved WeakGCMap also results in sigificantly more
+ churn in the weak handle lists so exposed some potential problems
+ during the post mark phase which have been rectified as well.
+
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * API/JSWeakObjectMapRefPrivate.h:
+ * runtime/Heap.cpp:
+ (JSC::Heap::globalObjectCount):
+ (JSC::Heap::protectedGlobalObjectCount):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::~JSGlobalObject):
+ (JSC::JSGlobalObject::init):
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::iterator::iterator):
+ (JSC::WeakGCMap::iterator::get):
+ (JSC::WeakGCMap::iterator::getSlot):
+ (JSC::WeakGCMap::iterator::operator++):
+ (JSC::WeakGCMap::iterator::operator==):
+ (JSC::WeakGCMap::iterator::operator!=):
+ (JSC::WeakGCMap::WeakGCMap):
+ (JSC::WeakGCMap::isEmpty):
+ (JSC::WeakGCMap::clear):
+ (JSC::WeakGCMap::get):
+ (JSC::WeakGCMap::getSlot):
+ (JSC::WeakGCMap::set):
+ (JSC::WeakGCMap::take):
+ (JSC::WeakGCMap::size):
+ (JSC::WeakGCMap::deprecatedRemove):
+ (JSC::WeakGCMap::begin):
+ (JSC::WeakGCMap::end):
+ (JSC::WeakGCMap::~WeakGCMap):
+ (JSC::WeakGCMap::finalize):
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::WeakGCPtr):
+ (JSC::WeakGCPtr::set):
+
+2011-02-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make weaklist processing deal with weak handles being removed during the iteration
+ https://bugs.webkit.org/show_bug.cgi?id=55105
+
+ It is possible for the handle heap to end up in a broken state if
+ a handle's finalizer removes either the current or next handle
+ to be visited during the post-gc cleanup. This patch removes that
+ problem by allowing the deallocate(Node*) routine to update the
+ iterator if it is called during finalization.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::HandleHeap):
+ (JSC::HandleHeap::updateAfterMark):
+ (JSC::HandleHeap::clearWeakPointers):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::protectedGlobalObjectCount):
+ * collector/handles/HandleHeap.h:
+ (JSC::Finalizer::~Finalizer):
+ (JSC::HandleHeap::getFinalizer):
+ (JSC::HandleHeap::deallocate):
+ (JSC::HandleHeap::makeWeak):
+ (JSC::HandleHeap::makeSelfDestroying):
+ (JSC::HandleHeap::Node::Node):
+ (JSC::HandleHeap::Node::setFinalizer):
+ (JSC::HandleHeap::Node::finalizer):
+ (JSC::HandleHeap::Node::finalizerContext):
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::setGlobalObject):
+ (JSC::GlobalObjectNotifier::finalize):
+ (JSC::RegisterFile::globalObjectCollectedNotifier):
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::RegisterFile):
+ * runtime/Heap.cpp:
+ (JSC::Heap::destroy):
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::WeakGCPtr):
+ (JSC::WeakGCPtr::set):
+
+2011-02-24 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ PatternAlternative leaked in YarrPatternConstructor::atomParenthesesEnd()
+ https://bugs.webkit.org/show_bug.cgi?id=55156
+
+ Added code to delete unneeded PatternAlternative after it is removed
+ from m_alternatives Vector.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
+
+2011-02-24 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Anders Carlsson.
+
+ VectorBuffer should not call malloc(0)
+ https://bugs.webkit.org/show_bug.cgi?id=55091
+
+ Turns out the malloc() call which was so hot in:
+ https://bugs.webkit.org/show_bug.cgi?id=55005
+ was actually just malloc(0).
+
+ We shouldn't be calling malloc(0) anyway, since there is no need to
+ and it might actually do work on some systems.
+ I believe on Mac it ends up taking the standard spinlocks (expensive)
+ and the code on Brew actually does a malloc(1) instead. Neither is desirable.
+
+ * wtf/Vector.h:
+ (WTF::VectorBufferBase::allocateBuffer):
+ (WTF::VectorBufferBase::tryAllocateBuffer):
+
+2011-02-24 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Remove obsolete PLATFORM(CI)
+ https://bugs.webkit.org/show_bug.cgi?id=55082
+
+ * wtf/Platform.h:
+
+2011-02-24 Martin Robinson <mrobinson@igalia.com>
+
+ Reviewed by Xan Lopez.
+
+ [GTK] Remove the GFile GOwnPtr specialization
+ https://bugs.webkit.org/show_bug.cgi?id=55154
+
+ Remove the GFile specialization of GOwnPtr. It's sufficient to use GRefPtr
+ to track GFiles since they are just regular reference-counted GObjects.
+
+ * wtf/gobject/GOwnPtr.cpp: Remove GFile specialization.
+ * wtf/gobject/GOwnPtr.h: Ditto.
+
+2011-02-24 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Rename PLATFORM(SKIA) to USE(SKIA)
+ https://bugs.webkit.org/show_bug.cgi?id=55090
+
+ * wtf/Platform.h:
+
+2011-02-24 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Remove pthreads dependecy for JSLock
+ https://bugs.webkit.org/show_bug.cgi?id=54832
+
+ JSLock is only needed to support an obsolete execution model where JavaScriptCore
+ automatically protected against concurrent access from multiple threads.
+ So it's safe to disable it on non-mac platforms where we don't have native pthreads.
+
+ * runtime/JSLock.cpp:
+
+2011-02-24 Chao-ying Fu <fu@mips.com>
+
+ Reviewed by Eric Seidel.
+
+ Fix MIPS build with new patchOffsetPut/GetByIdPropertyMapOffset1/2 values
+ https://bugs.webkit.org/show_bug.cgi?id=54997
+
+ * jit/JIT.h:
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+
+2011-02-24 Andras Becsi <abecsi@webkit.org>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] MinGW build fails to link
+ https://bugs.webkit.org/show_bug.cgi?id=55050
+
+ Prepend the libraries of subcomponents instead of appending them
+ to fix the library order according to the dependency of the libraries
+
+ * JavaScriptCore.pri: rename addJavaScriptCore to prependJavaScriptCore
+ * jsc.pro: ditto
+
+2011-02-24 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Deque<T> should support inline capacity
+ https://bugs.webkit.org/show_bug.cgi?id=55032
+
+ The title says it all. There are currently no places
+ which use this code yet, however it's been tested in conjunction
+ with code for bug 55005.
+
+ This also adds an ASSERT that capacity is never 1. If you were able
+ to set the capacity equal to 1, the Deque would just get confused
+ and happily append your item but still think it had size 0.
+
+ * wtf/Deque.h:
+ (WTF::DequeIterator::DequeIterator):
+ (WTF::DequeConstIterator::DequeConstIterator):
+ (WTF::DequeReverseIterator::DequeReverseIterator):
+ (WTF::DequeConstReverseIterator::DequeConstReverseIterator):
+ (WTF::::checkValidity):
+ (WTF::::checkIndexValidity):
+ (WTF::::invalidateIterators):
+ (WTF::::Deque):
+ (WTF::deleteAllValues):
+ (WTF::::operator):
+ (WTF::::destroyAll):
+ (WTF::::~Deque):
+ (WTF::::swap):
+ (WTF::::clear):
+ (WTF::::findIf):
+ (WTF::::expandCapacityIfNeeded):
+ (WTF::::expandCapacity):
+ (WTF::::takeFirst):
+ (WTF::::append):
+ (WTF::::prepend):
+ (WTF::::removeFirst):
+ (WTF::::remove):
+ (WTF::::addToIteratorsList):
+ (WTF::::removeFromIteratorsList):
+ (WTF::::DequeIteratorBase):
+ (WTF::::~DequeIteratorBase):
+ (WTF::::isEqual):
+ (WTF::::increment):
+ (WTF::::decrement):
+ (WTF::::after):
+ (WTF::::before):
+ * wtf/Vector.h:
+
+2011-02-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Ojan Vafai.
+
+ Add missing files to JavaScriptCore.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=55020
+
+ gypi files are supposed to list every file under the sun. This patch
+ adds some missing files and sorts the rest.
+
+ * JavaScriptCore.gypi:
+
+2011-02-23 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Refactored MarkedSpace to operate in terms of size classes
+ https://bugs.webkit.org/show_bug.cgi?id=55106
+
+ SunSpider reports no change.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedSpace::sizeClassFor):
+ (JSC::JSCell::MarkedSpace::allocate): Delegate allocation based on size
+ class. Since these functions are inline, the compiler can constant fold
+ them.
+
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::cellSize):
+ (JSC::MarkedBlock::size): Factored out a cellSize() helper.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::allocateFromSizeClass):
+ (JSC::MarkedSpace::shrink):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+ (JSC::MarkedSpace::SizeClass::reset): Changed to operate in terms of
+ abstract SizeClass objects, which are independent linked lists of blocks
+ of a certain size class, instead of a single m_heap object.
+
+2011-02-23 Adam Barth <abarth@webkit.org>
+
+ Reviewed by James Robinson.
+
+ [Chromium] Use WebKitClient for OSRandomSource instead of trying to talk to the file system in the sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=55093
+
+ Exclude OSRandomSource.cpp from the Chromium build. This function is
+ implemented in WebKit/chromium/src instead.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-02-23 Oliver Hunt <oliver@apple.com>
+
+ Roll out r64156 as it introduces incorrect behaviour.
+
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::setIndex):
+
+2011-02-23 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation
+ https://bugs.webkit.org/show_bug.cgi?id=55079
+
+ SunSpider reports no change.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace,
+ since we want Heap to logically control MarkedSpace. MarkedSpace should
+ never choose to sweep itself.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a
+ member of MarkedBlock. No need to reset nextAtom to firstAtom() when
+ we reach the end of a block, since there's now an explicit reset pass
+ during GC.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered
+ some data members to improve cache locality.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an
+ explicit reset pass.
+
+2011-02-23 James Robinson <jamesr@chromium.org>
+
+ Unreviewed, rolling out r79428.
+ http://trac.webkit.org/changeset/79428
+ https://bugs.webkit.org/show_bug.cgi?id=54714
+
+ Does not work in the Chromium sandbox
+
+ * JavaScriptCore.exp:
+
+2011-02-23 Adam Roben <aroben@apple.com>
+
+ Fix an off-by-one error in JSC::appendSourceToError
+
+ Looks like this bug has been around since the code was first added in r35245.
+
+ Fixes <http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError
+ when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled
+
+ Reviewed by Darin Adler.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the
+ character at stop-1 rather than at stop. At this point in the code, stop represents the
+ index just past the end of the characters we care about, and can even be just past the end
+ of the entire data buffer.
+
+2011-02-23 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Rolled back in r79367 with SnowLeopard Release bot crash fixed.
+ https://bugs.webkit.org/show_bug.cgi?id=54999
+
+ The crash was caused by failure to update the "nextBlock" pointer when
+ removing a block from the list while shrinking. The fix is to update the
+ "nextBlock" pointer.
+
+ This crash was very rare because it only happened in cases where the very
+ first block in the heap contained no marked cells.
+
+2011-02-23 Dan Bernstein <mitz@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Include frame numbers in backtraces.
+ https://bugs.webkit.org/show_bug.cgi?id=55060
+
+ * wtf/Assertions.cpp:
+
+2011-02-23 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Gavin Barraclough.
+
+ latest jsc for armv7 crashes in sunspider tests
+ https://bugs.webkit.org/show_bug.cgi?id=54667
+
+ Update JIT offset values in ARMv7 after r78732. Fixes crashes in
+ SunSpider and JavaScript tests.
+
+ * jit/JIT.h: update values.
+
+2011-02-23 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79418.
+ http://trac.webkit.org/changeset/79418
+ https://bugs.webkit.org/show_bug.cgi?id=55043
+
+ "breaks shlib linux build" (Requested by morrita on #webkit).
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+
+2011-02-23 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Use DEFINE_STATIC_LOCAL for ignoreSetMutex in Structure.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=54831
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * runtime/Structure.cpp:
+ (JSC::ignoreSetMutex):
+ (JSC::Structure::Structure):
+ (JSC::Structure::~Structure):
+ (JSC::Structure::initializeThreading):
+ * runtime/Structure.h:
+
+2011-02-23 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Rename PLATFORM(CF) to USE(CF)
+ https://bugs.webkit.org/show_bug.cgi?id=53540
+
+ * runtime/DatePrototype.cpp:
+ * runtime/GCActivityCallbackCF.cpp:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * wtf/CurrentTime.cpp:
+ * wtf/Platform.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::computeHash):
+ * wtf/text/WTFString.h:
+ * wtf/unicode/icu/CollatorICU.cpp:
+ (WTF::Collator::userDefault):
+
+2011-02-23 Fumitoshi Ukai <ukai@chromium.org>
+
+ Unreviewed build fix for Windows.
+
+ WebSocket uses insecure random numbers
+ https://bugs.webkit.org/show_bug.cgi?id=54714
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export WTF::cryptographicallyRandomNumber()
+
+2011-02-23 Fumitoshi Ukai <ukai@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ WebSocket uses insecure random numbers
+ https://bugs.webkit.org/show_bug.cgi?id=54714
+
+ * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
+
+2011-02-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Ojan Vafai.
+
+ Add missing files to JavaScriptCore.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=55020
+
+ gypi files are supposed to list every file under the sun. This patch
+ adds some missing files and sorts the rest.
+
+ * JavaScriptCore.gypi:
+
+2011-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79367.
+ http://trac.webkit.org/changeset/79367
+ https://bugs.webkit.org/show_bug.cgi?id=55012
+
+ all layout tests are crashing on Snow Leopard (Requested by
+ rniwa on #webkit).
+
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * runtime/MarkedBlock.h:
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::freeBlock):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::shrink):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::CollectorHeap::collectorBlock):
+ * wtf/CMakeLists.txt:
+ * wtf/DoublyLinkedList.h: Removed.
+
+2011-02-22 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1)
+ https://bugs.webkit.org/show_bug.cgi?id=54999
+
+ SunSpider reports no change.
+
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj: So many build systems, so little time.
+ * wtf/CMakeLists.txt:
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::setPrev):
+ (JSC::MarkedBlock::setNext):
+ (JSC::MarkedBlock::prev):
+ (JSC::MarkedBlock::next): Added linked list data members and accessors.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy):
+ (JSC::MarkedSpace::allocateBlock): Stop using vector, since it doesn't exist anymore.
+
+ (JSC::MarkedSpace::freeBlocks): New helper function for updating relevant
+ data structures when freeing blocks.
+
+ (JSC::MarkedSpace::allocate): Updated for nextBlock being a pointer and
+ not a vector index.
+
+ (JSC::MarkedSpace::shrink): Construct a temporary list of empties and
+ then free them, to avoid modifying our hash table while iterating it.
+ This wasn't a concern before because we were using indirect array
+ indexing, not direct pointer indexing.
+
+ (JSC::MarkedSpace::reset): Updated for nextBlock being a pointer and
+ not a vector index.
+
+ * runtime/MarkedSpace.h:
+ (JSC::CollectorHeap::CollectorHeap): Changed data type from vector to linked list.
+
+ * wtf/DoublyLinkedList.h: Added. New linked list class.
+ (WTF::::DoublyLinkedList):
+ (WTF::::isEmpty):
+ (WTF::::head):
+ (WTF::::append):
+ (WTF::::remove):
+
+2011-02-22 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 54988 - Re-create StructureTransitionTable class, encapsulate transition table
+
+ The Structure class keeps a table of transitions to derived Structure types. Since
+ this table commonly contains a single entry we employ an optimization where instead
+ of holding a map, we may hold a pointer directly to a single instance of the mapped
+ type. We use an additional bit of data to flag whether the pointer is currently
+ pointing to a table of transitions, or a singleton transition. Previously we had
+ commonly used a pattern of storing data in the low bits of pointers, but had moved
+ away from this since it causes false leaks to be reported by the leaks tool. However
+ in this case, the entries in the map are weak links - this pointer will never be
+ responsible for keeping an object alive. As such we can use this approach provided
+ that the bit is set when a table is not in use (otherwise the table would appear to
+ be leaked).
+
+ Additionally, the transition table currently allows two entries to exist for a given
+ key - one specialized to a particular value, and one not specialized. This is
+ unnecessary, wasteful, and a little inconsistent. (If you create an entry for a
+ specialized value, then a non-specialized entry, both will exist. If you create an
+ entry for a non-specialized value, then try to create a specialized entry, only a
+ non-specialized form will be allowed.)
+
+ This shows a small progression on v8.
+
+ * JavaScriptCore.exp:
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirectInternal):
+ * runtime/Structure.cpp:
+ (JSC::StructureTransitionTable::contains):
+ (JSC::StructureTransitionTable::get):
+ (JSC::StructureTransitionTable::remove):
+ (JSC::StructureTransitionTable::add):
+ (JSC::Structure::dumpStatistics):
+ (JSC::Structure::Structure):
+ (JSC::Structure::~Structure):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ * runtime/Structure.h:
+ (JSC::Structure::get):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::Hash::hash):
+ (JSC::StructureTransitionTable::Hash::equal):
+ (JSC::StructureTransitionTable::HashTraits::emptyValue):
+ (JSC::StructureTransitionTable::HashTraits::constructDeletedValue):
+ (JSC::StructureTransitionTable::HashTraits::isDeletedValue):
+ (JSC::StructureTransitionTable::StructureTransitionTable):
+ (JSC::StructureTransitionTable::~StructureTransitionTable):
+ (JSC::StructureTransitionTable::isUsingSingleSlot):
+ (JSC::StructureTransitionTable::map):
+ (JSC::StructureTransitionTable::setMap):
+ (JSC::StructureTransitionTable::singleTransition):
+ (JSC::StructureTransitionTable::setSingleTransition):
+
+2011-02-22 Andras Becsi <abecsi@webkit.org>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] Redesign the build system
+ https://bugs.webkit.org/show_bug.cgi?id=51339
+
+ Part 2.
+
+ Build WebCore as a static library, compile the WebKit API and WebKit2 API
+ in a final step and link to WebKit2, WebCore and JSC libraries to fix
+ linking issues resulting from stripped away symbols.
+
+ * JavaScriptCore.pri: Remove the workaround.
+
+2011-02-21 Adam Roben <aroben@apple.com>
+
+ Fix linker warning on Windows
+
+ r79135 tried to export JSObject::s_info by adding it to JavaScriptCore.def. This is the
+ obvious way (since it's how we export functions), but unfortunately it doesn't work correct.
+ r79222 made us export it the right way (using the JS_EXPORTDATA macro), but forgot to remove
+ it from JavaScriptCore.def. This caused us to get linker warnings about exporting the symbol
+ multiple times.
+
+ Rubber-stamped by Anders Carlsson.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSObject::s_info.
+
+2011-02-21 Brian Weinstein <bweinstein@apple.com>
+
+ Reviewed by Adam Roben.
+
+ WebResourceCacheManager should be responsible for managing the CFURLCache as well
+ as the WebCore memory cache.
+ https://bugs.webkit.org/show_bug.cgi?id=54886
+ Part of <rdar://problem/8971738>
+
+ Add a new use flag for using the CFURLCache.
+
+ * wtf/Platform.h:
+
+2011-02-21 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Use ASSERT_JIT_OFFSET in JITPropertyAccess32_64.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=54901
+
+ * jit/JIT.h: swap actual and expected values in message, they were
+ reversed.
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall): use ASSERT_JIT_OFFSET instead of
+ a simple ASSERT.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check): ditto.
+ (JSC::JIT::compileGetByIdHotPath): ditto.
+ (JSC::JIT::compileGetByIdSlowCase): ditto.
+ (JSC::JIT::emit_op_put_by_id): ditto.
+
+2011-02-21 Gavin Barraclough <barraclough@apple.com>
+
+ Ruber stamped by Sam Weinig
+
+ Bug 54899 - Math.LOG10E should be 0.4342944819032518
+ This value is quoted in section 15.8.1.5 of the spec.
+
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+
+2011-02-21 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 54894 - Make inheritance structure described by ClassInfo match C++ class hierarchy.
+
+ The ClassInfo objects describe an inheritance hierarchy, with each ClassInfo instance
+ containing a pointer to its parent class. These links should reflect the inheritance
+ hierarchy of C++ classes below JSObject. For the large part it does, but in some cases
+ entries in the C++ hierarchy are skipped over. This presently likely doesn't matter,
+ since intervening C++ classes may not have ClassInfo - but would be a potential bug
+ were ClassInfo were to be added.
+
+ * API/JSCallbackConstructor.cpp:
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackObjectFunctions.h:
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ * runtime/BooleanObject.cpp:
+ * runtime/DateInstance.cpp:
+ * runtime/DatePrototype.cpp:
+ * runtime/ErrorInstance.cpp:
+ * runtime/InternalFunction.cpp:
+ * runtime/JSActivation.cpp:
+ * runtime/JSArray.cpp:
+ * runtime/JSFunction.cpp:
+ * runtime/JSONObject.cpp:
+ * runtime/JSObject.h:
+ * runtime/JSZombie.h:
+ * runtime/MathObject.cpp:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberObject.cpp:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpObject.cpp:
+ * runtime/StringObject.cpp:
+ * runtime/StringPrototype.cpp:
+
+2011-02-21 Adam Roben <aroben@apple.com>
+
+ Export JSObject::s_info from JavaScriptCore.dll
+
+ This matches what we do for all other ClassInfo objects that WebCore needs access to.
+
+ Fixes <http://webkit.org/b/54881> REGRESSION (r79132): Lots of tests crashing in
+ JSCell::inherits on Windows
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSObject.h: Added JS_EXPORTDATA to s_info.
+
+2011-02-21 Kristian Amlie <kristian.amlie@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ Switched to compiler based detection, where the error actually is.
+
+ It is not the platform that needs the workaround, it is the compiler.
+
+ QtWebKit fails to compile on Windows XP with msvc-2008
+ https://bugs.webkit.org/show_bug.cgi?id=54746
+
+ * bytecode/CodeBlock.h:
+ * runtime/RegExpObject.h:
+
+2011-02-20 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=54839
+ Remove PrototypeFunction, NativeFunctionWrapper, and GlobalEvalFunction.
+
+ Historically, Native functions used to be represented by PrototypeFunctions, however
+ since introducing call optimizations to the JIT this has used JSFunctions for host
+ calls too. At the point this change was made, the interpreter continued to use
+ PrototypeFunctions, however since fallback from the JIT to interpreter was introduced
+ the interpreter has had to be able to run using host functions represented using
+ JSFunctions - leading to an unnecessary and redundant divergence in behaviour between
+ interpreter only builds, and situations where the JIT has fallen back to interpreting.
+
+ NativeFunctionWrapper only existed to select between PrototypeFunction and JSFunction
+ for wrappers for host functions, and as such can also be removed.
+
+ GlobalEvalFunction is a redundant wrapper that happens to be derived from
+ PrototypeFunction. It existed to hold a reference to the global object - but since all
+ functions how derive from JSObjectWithGlobalObject, this no longer requires an
+ additional class to provide this functionality.
+
+ * JavaScriptCore.JSVALUE32_64only.exp:
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Removed symbols / references to files.
+
+ * runtime/GlobalEvalFunction.cpp: Removed.
+ * runtime/GlobalEvalFunction.h: Removed.
+ * runtime/NativeFunctionWrapper.h: Removed.
+ * runtime/PrototypeFunction.cpp: Removed.
+ * runtime/PrototypeFunction.h: Removed.
+ Removed.
+
+ * runtime/Executable.cpp:
+ (JSC::NativeExecutable::~NativeExecutable):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::JSFunction::nativeFunction):
+ * runtime/JSFunction.cpp:
+ (JSC::callHostFunctionAsConstructor):
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::getCallData):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::getCTIStub):
+ Added interpreter-friendly constructors for NativeExecutables.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ * interpreter/Interpreter.cpp:
+ * jit/JITStubs.cpp:
+ * jsc.cpp:
+ * runtime/ArrayConstructor.cpp:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/BooleanPrototype.h:
+ * runtime/CallData.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+ * runtime/ErrorPrototype.cpp:
+ * runtime/ErrorPrototype.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/Lookup.cpp:
+ * runtime/NumberPrototype.cpp:
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/RegExpPrototype.h:
+ * runtime/SmallStrings.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+ Removed use of redundant classes.
+
+2011-02-19 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ Unreviewed build fix for Symbian.
+
+ [Symbian] Revert the removal of linking
+ against hal after r79126.
+
+ Dependency on the hal library can not be removed
+ as it is still used (e.g. in MarkStackSymbian.cpp).
+
+ * JavaScriptCore.pri:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Interpreter build fix.
+
+ * runtime/ArrayConstructor.cpp:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/DateConstructor.cpp:
+ * runtime/ErrorPrototype.cpp:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/Lookup.cpp:
+ * runtime/NumberPrototype.cpp:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/StringConstructor.cpp:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix!!
+
+ * JavaScriptCore.exp:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix!!
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix!
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix!
+
+ * JavaScriptCore.exp:
+
+2011-02-18 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 54786 - Devirtualize JSCell::classInfo()
+
+ Instead of making a virtual function call, add a pointer to the ClassInfo
+ onto Structure.
+
+ This removes a virtual function call, and paves the way towards removing all
+ the createStructure methods, and StructureFlags/AnonymousSlotCount properties
+ (these should be able to move onto ClassInfo).
+
+ Calls to Structure::create must now pass a pointer to the ClassInfo for the
+ structure. All objects now have a ClassInfo pointer, non-object cell types
+ still do not.
+
+ Changes are most mechanical, involving three steps:
+ * Remove virtual classInfo() methods.
+ * Add &s_info parameter to calls to Structure::create.
+ * Rename ClassInfo static members on classes from 'info' to 's_info',
+ for consistency.
+
+ * API/JSCallbackConstructor.cpp:
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.cpp:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ * API/JSValueRef.cpp:
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * JavaScriptCore.exp:
+ * debugger/Debugger.cpp:
+ * debugger/DebuggerActivation.h:
+ * debugger/DebuggerCallFrame.cpp:
+ * interpreter/Interpreter.cpp:
+ * jit/JITCall32_64.cpp:
+ * jit/JITOpcodes.cpp:
+ * jit/JITStubs.cpp:
+ * profiler/Profiler.cpp:
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayPrototype.cpp:
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanObject.cpp:
+ * runtime/BooleanObject.h:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateInstance.cpp:
+ * runtime/DateInstance.h:
+ * runtime/DatePrototype.cpp:
+ * runtime/DatePrototype.h:
+ * runtime/ErrorInstance.cpp:
+ * runtime/ErrorInstance.h:
+ * runtime/ErrorPrototype.cpp:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+ * runtime/GetterSetter.h:
+ * runtime/GlobalEvalFunction.h:
+ * runtime/InternalFunction.cpp:
+ * runtime/InternalFunction.h:
+ * runtime/JSAPIValueWrapper.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSObject.h:
+ * runtime/JSObjectWithGlobalObject.h:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.h:
+ * runtime/JSVariableObject.h:
+ * runtime/JSWrapperObject.h:
+ * runtime/JSZombie.cpp:
+ * runtime/JSZombie.h:
+ * runtime/Lookup.cpp:
+ * runtime/MathObject.cpp:
+ * runtime/MathObject.h:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.cpp:
+ * runtime/NumberObject.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/ScopeChain.cpp:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ * runtime/StringPrototype.cpp:
+ * runtime/StringPrototype.h:
+ * runtime/Structure.cpp:
+ * runtime/Structure.h:
+
+2011-02-19 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc
+
+ Reviewed by Dan Bernstein.
+
+ * Configurations/Base.xcconfig: Added
+ JAVASCRIPTCORE_FRAMEWORKS_DIR variable.
+ * Configurations/JavaScriptCore.xcconfig: Used
+ JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
+ for Production configuration of jsc target.
+ (Copy Into Framework): Removed old build phase.
+ (Fix Framework Reference): Renamed build phase to "Copy Into
+ Framework". Added "set -x" call to make the script print the
+ commands it is running. Added code to exit early for Production
+ builds since this was never intended for them. Added code to
+ copy jsc into the JavaScriptCore.framework/Resources directory.
+
+2011-02-19 Siddharth Mathur <siddharth.mathur@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Symbian] OSAllocator implementation for Symbian OS.
+ Manages both data and code region requests. V8 and Sunspider tested
+ OK with interpreter. Not tested with JSC JIT yet as it has unrelated
+ failures. Also no thread safety yet.
+ https://bugs.webkit.org/show_bug.cgi?id=51128
+
+ * JavaScriptCore.pri: removed HAL linkage
+ * wtf/Bitmap.h:
+ (WTF::::findRunOfZeros): find run of zeros in a bitmap. quick n dirty
+ * wtf/OSAllocator.h:
+ (WTF::OSAllocator::decommitAndRelease): decommit explicitly
+ * wtf/OSAllocatorSymbian.cpp: Impl. of OSAllocator interface
+ (WTF::allocateCodeChunk): utility for code chunks
+ (WTF::deallocateCodeChunk): utility for code chunks
+ (WTF::dataAllocatorInstance): getter for data allocator instance
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::releaseDecommitted):
+ (WTF::OSAllocator::commit):
+ (WTF::OSAllocator::decommit):
+ (WTF::OSAllocator::reserveAndCommit):
+ (WTF::PageAllocatorSymbian::PageAllocatorSymbian): maps requests
+ to one underlying Symbian chunk
+ (WTF::PageAllocatorSymbian::~PageAllocatorSymbian):
+ (WTF::PageAllocatorSymbian::reserve):
+ (WTF::PageAllocatorSymbian::release):
+ (WTF::PageAllocatorSymbian::commit):
+ (WTF::PageAllocatorSymbian::decommit):
+ (WTF::PageAllocatorSymbian::contains):
+ * wtf/PageAllocatorSymbian.h: Added.
+ (WTF::SymbianChunk::SymbianChunk): wrapper around RChunk
+ (WTF::SymbianChunk::~SymbianChunk):
+ (WTF::SymbianChunk::contains):
+
+2011-02-19 Yong Li <yoli@rim.com>
+
+ Reviewed by Eric Seidel.
+
+ https://bugs.webkit.org/show_bug.cgi?id=54687
+ When being built with armcc, "int" bit fields are treated as
+ unsigned integers, which will fail the comparisons like "m_offset == -1".
+ Using "signed" fixes the problem.
+
+ * assembler/ARMAssembler.h:
+ * assembler/ARMv7Assembler.h:
+
+2011-02-18 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Made MarkedSpace block iteration size-class agnostic
+ https://bugs.webkit.org/show_bug.cgi?id=54792
+
+ SunSpider reports no change.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::clearMarks):
+ (JSC::MarkedSpace::sweep):
+ (JSC::MarkedSpace::objectCount):
+ (JSC::MarkedSpace::size):
+ (JSC::MarkedSpace::capacity):
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::forEach): Iterate blocks in hashing order instead of
+ size class list order. This is a much simpler convention in a world
+ of many different size classes.
+
+2011-02-18 Kristian Amlie <kristian.amlie@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ Added friend exception to Qt platform, which also compiles Windows.
+
+ QtWebKit fails to compile on Windows XP with msvc-2008
+ https://bugs.webkit.org/show_bug.cgi?id=54746
+
+ * bytecode/CodeBlock.h:
+ * runtime/RegExpObject.h:
+
+2011-02-18 Geoffrey Garen <ggaren@apple.com>
+
+ (Rolled back in r79022 with crash fixed.)
+
+ Reviewed by Sam Weinig.
+
+ Use hashing instead of linear search in the conservative pointer test
+ https://bugs.webkit.org/show_bug.cgi?id=54767
+
+ SunSpider reports no change.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy): No need to explicitly clear the blocks array,
+ since freeBlock removes items for us.
+
+ (JSC::MarkedSpace::freeBlock): Fixed a typo that always removed the last
+ block from the block set instead of the block being freed. Changed to
+ remove a block from our data structures before deallocating it, since
+ this is slightly cleaner.
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::contains): Variable-sized objects will use more,
+ smaller blocks, so it's important for the contains check not to be O(n)
+ in the number of blocks.
+
+2011-02-18 chris reiss <christopher.reiss@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
+ https://bugs.webkit.org/show_bug.cgi?id=49989
+
+ updated test fast/js/script-tests/date-parse-test.js
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters):
+
+2011-02-18 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79022.
+ http://trac.webkit.org/changeset/79022
+ https://bugs.webkit.org/show_bug.cgi?id=54775
+
+ It broke the whole world (Requested by Ossy on #webkit).
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::contains):
+
+2011-02-18 Yael Aharon <yael.aharon@nokia.com>
+
+ Reviewed by Dave Hyatt.
+
+ Add support for dir=auto
+ https://bugs.webkit.org/show_bug.cgi?id=50916
+
+ Change defaultWritingDirection() to return if the writing direction
+ was determined from a letter with strong directionality or not.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.order:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::defaultWritingDirection):
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.h:
+ (WTF::String::defaultWritingDirection):
+
+2011-02-18 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Use hashing instead of linear search in the conservative pointer test
+ https://bugs.webkit.org/show_bug.cgi?id=54767
+
+ SunSpider reports no change.
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::contains): Variable-sized objects will use more,
+ smaller blocks, so it's important for the contains check not to be O(n)
+ in the number of blocks.
+
+2011-02-18 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Tightened some usage accounting code in MarkedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=54761
+
+ SunSpider reports no change.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::Heap): Initialize the marked space high water mark on
+ construction, instead of relying on some implicit subtleties to make
+ not initializing it work out OK.
+
+ * runtime/Heap.h: Fixed up includes.
+
+ * runtime/MarkedBlock.h: Made firstAtom() static so clients can call it
+ even without having allocated a block.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace): Don't pre-allocate a block, since this
+ would be prohibitively expensive with multiple size classes.
+
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::freeBlock): Track allocated blocks in a hash set,
+ since linear search in the contains check will be prohibitively
+ expensive once we're using lots of smaller blocks.
+
+ (JSC::MarkedSpace::allocate): Don't assume that we always have a block
+ allocated, since we don't anymore. (See above.)
+
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h: Updated for changes mentioned above.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Made object allocation secretly variable-sized (Shhhh!)
+ https://bugs.webkit.org/show_bug.cgi?id=54721
+
+ SunSpider reports no change.
+
+ Internally, MarkedBlock now makes variable-sized allocations, even
+ though MarkedSpace doesn't take advantage of this yet.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock): No need to ASSERT that allocations are
+ fixed-sized.
+
+ * runtime/MarkedBlock.h: Shrunk the atom size so we can allocate things
+ that are not multiples of 64 bytes.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Fixed some math errors when when using variable-sized cells
+ https://bugs.webkit.org/show_bug.cgi?id=54717
+
+ SunSpider reports no change.
+
+ Computer Science Barbie says, "Math is not so hard afterall!"
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedBlock::allocate): Round up when calculating the
+ minimum number of atoms required for a cell, since rounding down
+ will get you splinched.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::sweep):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::forEach): Changed a bunch of != tests to < tests
+ because m_endAtom is actually a fuzzy end -- iterating from firstAtom()
+ may not hit m_endAtom exactly.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ A little more abstraction for MarkedSpace::contains
+ https://bugs.webkit.org/show_bug.cgi?id=54715
+
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::contains): Added a contains function, so MarkedSpace
+ doesn't have to know how MarkedBlock tracks containment internally.
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::contains): Call through to MarkedBlock to figure out
+ if a cell that seems to be in a block is valid.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Removed the invariant that the last cell in a block is always marked
+ https://bugs.webkit.org/show_bug.cgi?id=54713
+
+ SunSpider reports no change.
+
+ This adds one branch to allocation, but simplifies the mark invariant,
+ especially in a world of variable-sized cells. Now, it really is true
+ that any cell whose mark bit is set is a valid, live cell whose
+ constructor has run and whose destructor has not run.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedBlock::allocate): Changed this do-while into a while
+ since we can no longer rely on a set mark bit to break out of this loop
+ before it reaches the end of the block.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::sweep):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::isEmpty):
+ (JSC::MarkedBlock::clearMarks):
+ (JSC::MarkedBlock::markCount):
+ (JSC::MarkedBlock::forEach): No need to set a special last mark bit.
+
+2011-02-17 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r78856 and r78907.
+ http://trac.webkit.org/changeset/78856
+ http://trac.webkit.org/changeset/78907
+ https://bugs.webkit.org/show_bug.cgi?id=54705
+
+ These seem to break tests on 32-bit builds. (Requested by
+ aroben on #webkit).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * collector/handles/Global.h:
+ (JSC::Global::internalSet):
+ * collector/handles/Handle.h:
+ (JSC::HandleTypes::getFromSlot):
+ (JSC::HandleTypes::toJSValue):
+ (JSC::HandleTypes::validateUpcast):
+ (JSC::HandleConverter::operator->):
+ (JSC::HandleConverter::operator*):
+ (JSC::Handle::Handle):
+ (JSC::Handle::get):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::sortNumeric):
+ * runtime/JSObject.h:
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ * runtime/SlotAccessor.h: Removed.
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::get):
+ (JSC::WeakGCPtr::internalSet):
+ * runtime/WriteBarrier.h:
+ (JSC::DeprecatedPtr::DeprecatedPtr):
+ (JSC::DeprecatedPtr::get):
+ (JSC::DeprecatedPtr::operator*):
+ (JSC::DeprecatedPtr::operator->):
+ (JSC::DeprecatedPtr::slot):
+ (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
+ (JSC::DeprecatedPtr::operator!):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::clear):
+ (JSC::WriteBarrierBase::slot):
+ (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
+ (JSC::WriteBarrierBase::operator!):
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+ (JSC::WriteBarrier::WriteBarrier):
+
+2011-02-17 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed.
+
+ [Qt] Buildfix.
+
+ * wtf/RetainPtr.h: Add missing PLATFORM(CF) guard.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Made MarkedBlock variable-sized
+ https://bugs.webkit.org/show_bug.cgi?id=54692
+
+ SunSpider reports no change.
+
+ Each MarkedBlock is now composed of a set of fixed-sized atoms, with one
+ mark bit per atom. A given cell may be composed of one or more atoms.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::allocate): Made fixed-sizedness a property of MarkedSpace,
+ bubbling it up from MarkedBlock, since MarkedBlock now supports variable-
+ sizedness.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedBlock::allocate): Removed use of CELLS_PER_BLOCK and
+ (implicit) one constants -- these quantities are not constant anymore.
+ Updated for switch from cell to atom.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::create):
+ (JSC::MarkedBlock::destroy):
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::sweep):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::firstAtom):
+ (JSC::MarkedBlock::atoms):
+ (JSC::MarkedBlock::isAtomAligned):
+ (JSC::MarkedBlock::blockFor):
+ (JSC::MarkedBlock::isEmpty):
+ (JSC::MarkedBlock::clearMarks):
+ (JSC::MarkedBlock::size):
+ (JSC::MarkedBlock::capacity):
+ (JSC::MarkedBlock::atomNumber):
+ (JSC::MarkedBlock::isMarked):
+ (JSC::MarkedBlock::testAndSetMarked):
+ (JSC::MarkedBlock::setMarked):
+ (JSC::MarkedBlock::forEach): Same as above. Also removed use of CELL_SIZE
+ and BLOCK_SIZE, and switched away from calling arbitrary pointers cells.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::CollectorHeap::CollectorHeap):
+ (JSC::MarkedSpace::contains): Updated for renames. Made fixed-sizedness
+ a property of MarkedSpace.
+
+2011-02-17 Oliver Hunt <oliver@apple.com>
+
+ Attempt to fix windows build
+
+ * runtime/WriteBarrier.h:
+
+2011-02-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Refactor WriteBarrier and DeprecatedPtr to have less code duplication.
+ https://bugs.webkit.org/show_bug.cgi?id=54608
+
+ Make use of the tricks used for Handle, et al to avoid duplicating all
+ of the logic for DeprecatedPtr and WriteBarrier simply to support known
+ vs. unknown types.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * collector/handles/Global.h:
+ (JSC::Global::internalSet):
+ * collector/handles/Handle.h:
+ (JSC::Handle::Handle):
+ (JSC::Handle::get):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::sortNumeric):
+ * runtime/JSObject.h:
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ * runtime/SlotAccessor.h: Added.
+ (JSC::SlotTypes::getFromBaseType):
+ (JSC::SlotTypes::convertToBaseType):
+ (JSC::SlotTypes::getFromSlot):
+ (JSC::SlotTypes::toJSValue):
+ (JSC::SlotTypes::validateUpcast):
+ (JSC::SlotAccessor::operator->):
+ (JSC::SlotAccessor::operator*):
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::get):
+ (JSC::WeakGCPtr::internalSet):
+ * runtime/WriteBarrier.h:
+ (JSC::DeprecatedPtr::DeprecatedPtr):
+ (JSC::DeprecatedPtr::get):
+ (JSC::DeprecatedPtr::slot):
+ (JSC::DeprecatedPtr::operator=):
+ (JSC::WriteBarrierTranslator::convertToStorage):
+ (JSC::WriteBarrierTranslator::convertFromStorage):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::clear):
+ (JSC::WriteBarrierBase::slot):
+ (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
+ (JSC::WriteBarrierBase::operator!):
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+ (JSC::WriteBarrier::WriteBarrier):
+
+2011-02-17 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Revert incorrect blind fix and restore previous working code.
+
+ * wtf/wx/StringWx.cpp:
+ (WTF::String::String):
+
+2011-02-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Intermittent crashes beneath MarkStack::drain
+ https://bugs.webkit.org/show_bug.cgi?id=54614
+ <rdar://problem/8971070>
+
+ The crashes were caused by a GC happening after the global object's
+ property table had grown (due to compilation), but before the properties
+ had been fully initialized by program execution.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator): Explicitly resize the global
+ object's register storage immediately, without waiting for program
+ execution to do it for us. This ensures that the global object's count
+ of global variables is consistent with the size of its global variable
+ storage at all times, and it ensures that all global variables are
+ properly initialized from the get-go.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::resizeRegisters):
+ * runtime/JSGlobalObject.h: Added a helper function for growing the
+ global object's register storage, and initializing new registers.
+
+== Rolled over to ChangeLog-2011-02-16 ==
View Lorry Controller Status