summaryrefslogtreecommitdiff
path: root/Source/JavaScriptCore/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'Source/JavaScriptCore/ChangeLog')
-rw-r--r--Source/JavaScriptCore/ChangeLog463
1 files changed, 450 insertions, 13 deletions
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index 79b7789b2..0d7945765 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,20 +1,457 @@
-2012-06-13 Patrick Gansterer <paroga@webkit.org>
+2012-07-17 Filip Pizlo <fpizlo@apple.com>
- [WIN] Remove dependency on pthread from MachineStackMarker
- https://bugs.webkit.org/show_bug.cgi?id=68429
+ DFG 32-bit PutById transition stub passes the payload/tag arguments to a DFG operation in the wrong order
+ https://bugs.webkit.org/show_bug.cgi?id=91576
- Reviewed by NOBODY (OOPS!).
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::emitPutTransitionStub):
- Implement pthread TLS functionality with native windows functions.
+2012-07-17 Filip Pizlo <fpizlo@apple.com>
- * heap/MachineStackMarker.cpp: Use the new functions instead of pthread directly.
- * heap/MachineStackMarker.h:
- * wtf/ThreadSpecific.h:
- (WTF::ThreadSpecificKeyCreate): Added wrapper around pthread_key_create.
- (WTF::ThreadSpecificKeyDelete): Added wrapper around pthread_key_delete.
- (WTF::ThreadSpecificSet): Added wrapper around pthread_setspecific.
- (WTF::ThreadSpecificGet): Added wrapper around pthread_getspecific.
- * wtf/ThreadSpecificWin.cpp:
+ [Qt] REGRESSION(r122768, r122771): They broke jquery/data.html and inspector/elements/edit-dom-actions.html
+ https://bugs.webkit.org/show_bug.cgi?id=91476
+
+ Reviewed by Mark Hahnenberg.
+
+ The 32-bit repatching code was not correctly adapted to the new world where there may not always
+ be an available scratch register. Fixed it by ensuring that the scratch register we select does
+ not overlap with the value tag.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::emitPutReplaceStub):
+
+2012-07-17 Gabor Rapcsanyi <rgabor@webkit.org>
+
+ Unreviewed buildfix from Zoltan Herczeg after 122768.
+
+ * dfg/DFGCCallHelpers.h:
+ (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
+ (CCallHelpers):
+
+2012-07-17 David Barr <davidbarr@chromium.org>
+
+ Introduce ENABLE_CSS_IMAGE_ORIENTATION compile flag
+ https://bugs.webkit.org/show_bug.cgi?id=89055
+
+ Reviewed by Kent Tamura.
+
+ The css3-images module is at candidate recommendation.
+ http://www.w3.org/TR/2012/CR-css3-images-20120417/#the-image-orientation
+
+ Add a configuration option for CSS image-orientation support, disabling it by default.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-07-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, roll out 122790 because it broke the Windows build. I'm not
+ sure what to do with exported symbols that are predicated on NDEBUG.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/CodeBlock.cpp:
+ (JSC):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * interpreter/Interpreter.cpp:
+ (JSC):
+ (JSC::Interpreter::dumpRegisters):
+ (JSC::getCallerInfo):
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::retrieveCallerFromVMCode):
+ * interpreter/Interpreter.h:
+ (Interpreter):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+
+2012-07-16 Oliver Hunt <oliver@apple.com>
+
+ dumpCallFrame is broken in ToT
+ https://bugs.webkit.org/show_bug.cgi?id=91444
+
+ Reviewed by Gavin Barraclough.
+
+ Various changes have been made to the SF calling convention, but
+ dumpCallFrame has not been updated to reflect these changes.
+ That resulted in both bogus information, as well as numerous
+ assertions of sadness.
+
+ This patch makes dumpCallFrame actually work again and adds the
+ wonderful feature of telling you the name of the variable that a
+ register reflects, or what value it contains.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::nameForRegister):
+ A really innefficient mechanism for finding the name of a local register.
+ This should only ever be used by debug code so this should be okay.
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ Debug builds no longer throw away a functions symbol table, this allows
+ us to actually perform a register# to name mapping
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ We weren't propogating the bytecode offset here leading to assertions
+ in debug builds when dumping bytecode of DFG compiled code.
+ * interpreter/Interpreter.cpp:
+ (JSC):
+ (JSC::Interpreter::dumpRegisters):
+ Rework to actually be correct.
+ (JSC::getCallerInfo):
+ Return the byteocde offset as well now, given we have to determine it
+ anyway.
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::retrieveCallerFromVMCode):
+ * interpreter/Interpreter.h:
+ (Interpreter):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (functionDumpCallFrame):
+ Give debug builds of JSC a method for calling dumpCallFrame so we can
+ inspect a callframe without requiring us to break in a debugger.
+
+2012-07-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, adding forgotten files.
+
+ * dfg/DFGRegisterSet.h: Added.
+ (DFG):
+ (RegisterSet):
+ (JSC::DFG::RegisterSet::RegisterSet):
+ (JSC::DFG::RegisterSet::asPOD):
+ (JSC::DFG::RegisterSet::copyInfo):
+ (JSC::DFG::RegisterSet::set):
+ (JSC::DFG::RegisterSet::setGPRByIndex):
+ (JSC::DFG::RegisterSet::clear):
+ (JSC::DFG::RegisterSet::get):
+ (JSC::DFG::RegisterSet::getGPRByIndex):
+ (JSC::DFG::RegisterSet::getFreeGPR):
+ (JSC::DFG::RegisterSet::setFPRByIndex):
+ (JSC::DFG::RegisterSet::getFPRByIndex):
+ (JSC::DFG::RegisterSet::setByIndex):
+ (JSC::DFG::RegisterSet::getByIndex):
+ (JSC::DFG::RegisterSet::numberOfSetGPRs):
+ (JSC::DFG::RegisterSet::numberOfSetFPRs):
+ (JSC::DFG::RegisterSet::numberOfSetRegisters):
+ (JSC::DFG::RegisterSet::setBit):
+ (JSC::DFG::RegisterSet::clearBit):
+ (JSC::DFG::RegisterSet::getBit):
+ * dfg/DFGScratchRegisterAllocator.h: Added.
+ (DFG):
+ (ScratchRegisterAllocator):
+ (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
+ (JSC::DFG::ScratchRegisterAllocator::lock):
+ (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
+ (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
+ (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
+ (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
+ (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
+ (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
+ (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
+ (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
+ (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
+
+2012-07-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG PutById transition should handle storage allocation, and inline it
+ https://bugs.webkit.org/show_bug.cgi?id=91337
+
+ Reviewed by Oliver Hunt.
+
+ This enables the patching of DFG PutById to handle the out-of-line storage
+ allocation case. Furthermore, it inlines out-of-line storage allocation (and
+ reallocation) into the generated stubs.
+
+ To do this, this patch adds the ability to store the relevant register
+ allocation state (i.e. the set of in-use registers) in the structure stub
+ info so that the stub generation code can more flexibly select scratch
+ registers: sometimes it needs none, sometimes one - or sometimes up to
+ three. Moreover, to make the stub generation register allocation simple and
+ maintainable, this patch introduces a reusable scratch register allocator
+ class. This register allocator understands that some registers are in use by
+ the main path code and so must be spilled as necessary, other registers are
+ locked for use in the stub itself and so cannot even be spilled, while still
+ others may be allocated for scratch purposes. A scratch register that is
+ used must be spilled. If a register is locked, it cannot be used as a
+ scratch register. If a register is used, it can be used as a scratch
+ register so long as it is spilled.
+
+ This is a sub-1% speed-up on V8 and neutral elsewhere.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerCodeRef.h:
+ (FunctionPtr):
+ (JSC::FunctionPtr::FunctionPtr):
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGCCallHelpers.h:
+ (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
+ (CCallHelpers):
+ * dfg/DFGGPRInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
+ (PropertyAccessRecord):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::isInUse):
+ (RegisterBank):
+ * dfg/DFGRegisterSet.h: Added.
+ (DFG):
+ (RegisterSet):
+ (JSC::DFG::RegisterSet::RegisterSet):
+ (JSC::DFG::RegisterSet::asPOD):
+ (JSC::DFG::RegisterSet::copyInfo):
+ (JSC::DFG::RegisterSet::set):
+ (JSC::DFG::RegisterSet::setGPRByIndex):
+ (JSC::DFG::RegisterSet::clear):
+ (JSC::DFG::RegisterSet::get):
+ (JSC::DFG::RegisterSet::getGPRByIndex):
+ (JSC::DFG::RegisterSet::getFreeGPR):
+ (JSC::DFG::RegisterSet::setFPRByIndex):
+ (JSC::DFG::RegisterSet::getFPRByIndex):
+ (JSC::DFG::RegisterSet::setByIndex):
+ (JSC::DFG::RegisterSet::getByIndex):
+ (JSC::DFG::RegisterSet::numberOfSetGPRs):
+ (JSC::DFG::RegisterSet::numberOfSetFPRs):
+ (JSC::DFG::RegisterSet::numberOfSetRegisters):
+ (JSC::DFG::RegisterSet::setBit):
+ (JSC::DFG::RegisterSet::clearBit):
+ (JSC::DFG::RegisterSet::getBit):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::emitPutReplaceStub):
+ (JSC::DFG::emitPutTransitionStub):
+ (JSC::DFG::tryCachePutByID):
+ (JSC::DFG::tryBuildPutByIdList):
+ * dfg/DFGScratchRegisterAllocator.h: Added.
+ (DFG):
+ (ScratchRegisterAllocator):
+ (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
+ (JSC::DFG::ScratchRegisterAllocator::lock):
+ (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
+ (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
+ (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
+ (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
+ (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
+ (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
+ (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
+ (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
+ (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::usedRegisters):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/CopiedAllocator.h:
+ (CopiedAllocator):
+ (JSC::CopiedAllocator::fastPathShouldSucceed):
+ (JSC):
+
+2012-07-16 Patrick Gansterer <paroga@webkit.org>
+
+ Add dfg switch to create_jit_stubs script
+ https://bugs.webkit.org/show_bug.cgi?id=91256
+
+ Reviewed by Geoffrey Garen.
+
+ * create_jit_stubs: Add a switch to enable or disable the generation of
+ stub functions in #if ENABLE(DFG_JIT) conditions.
+
+2012-07-16 Gabor Rapcsanyi <rgabor@webkit.org>
+
+ Unreviewed buildfix after r122729. Typo fix.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::add32):
+
+2012-07-16 Gabor Rapcsanyi <rgabor@webkit.org>
+
+ Unreviewed buildfix from Zoltan Herczeg after r122677.
+ Implement missing add32 function to MacroAssemblerARM.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::add32):
+ (MacroAssemblerARM):
+
+2012-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG PutByVal opcodes should accept more than 3 operands
+ https://bugs.webkit.org/show_bug.cgi?id=91332
+
+ Reviewed by Oliver Hunt.
+
+ Turned PutByVal/PutByValAlias into var-arg nodes, so that we can give them
+ 4 or more operands in the future.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::getByValLoadElimination):
+ (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ (JSC::DFG::FixupPhase::fixDoubleEdge):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::byValIsPure):
+ (JSC::DFG::Graph::varArgNumChildren):
+ (Graph):
+ (JSC::DFG::Graph::numChildren):
+ (JSC::DFG::Graph::varArgChild):
+ (JSC::DFG::Graph::child):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ Rationalize and optimize storage allocation
+ https://bugs.webkit.org/show_bug.cgi?id=91303
+
+ Reviewed by Oliver Hunt.
+
+ This implements a backwards bump allocator for copied space storage
+ allocation, shown in pseudo-code below:
+
+ pointer bump(size) {
+ pointer tmp = allocator->remaining;
+ tmp -= size;
+ if (tmp < 0)
+ fail;
+ allocator->remaining = tmp;
+ return allocator->payloadEnd - tmp - size;
+ }
+
+ The advantage of this allocator is that it:
+
+ - Only requires one comparison in the common case where size is known to
+ not be huge, and this comparison can be done by checking the sign bit
+ of the subtraction.
+
+ - Can be implemented even when only one register is available. This
+ register is reused for both temporary storage during allocation and
+ for the result.
+
+ - Preserves the behavior that memory in a block is filled in from lowest
+ address to highest address, which allows for a cheap reallocation fast
+ path.
+
+ - Is resilient against the block used for allocation being the last one
+ in virtual memory, thereby otherwise leading to the risk of overflow
+ in the bump pointer, despite only doing one branch.
+
+ In order to implement this allocator using the smallest possible chunk
+ of code, I refactored the copied space code so that all of the allocation
+ logic is in CopiedAllocator, and all of the state is in either
+ CopiedBlock or CopiedAllocator. This should make changing the allocation
+ fast path easier in the future.
+
+ In order to do this, I needed to add some new assembler support,
+ particularly for various forms of add(address, register) and negPtr().
+
+ This is performance neutral. The purpose of this change is to facilitate
+ further inlining of storage allocation without having to reserve
+ additional registers or emit too much code.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::addPtr):
+ (MacroAssembler):
+ (JSC::MacroAssembler::negPtr):
+ * assembler/MacroAssemblerARMv7.h:
+ (MacroAssemblerARMv7):
+ (JSC::MacroAssemblerARMv7::add32):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::add32):
+ (MacroAssemblerX86):
+ * assembler/MacroAssemblerX86_64.h:
+ (MacroAssemblerX86_64):
+ (JSC::MacroAssemblerX86_64::addPtr):
+ (JSC::MacroAssemblerX86_64::negPtr):
+ * assembler/X86Assembler.h:
+ (X86Assembler):
+ (JSC::X86Assembler::addl_mr):
+ (JSC::X86Assembler::addq_mr):
+ (JSC::X86Assembler::negq_r):
+ * heap/CopiedAllocator.h:
+ (CopiedAllocator):
+ (JSC::CopiedAllocator::isValid):
+ (JSC::CopiedAllocator::CopiedAllocator):
+ (JSC::CopiedAllocator::tryAllocate):
+ (JSC):
+ (JSC::CopiedAllocator::tryReallocate):
+ (JSC::CopiedAllocator::forceAllocate):
+ (JSC::CopiedAllocator::resetCurrentBlock):
+ (JSC::CopiedAllocator::setCurrentBlock):
+ (JSC::CopiedAllocator::currentCapacity):
+ * heap/CopiedBlock.h:
+ (CopiedBlock):
+ (JSC::CopiedBlock::create):
+ (JSC::CopiedBlock::zeroFillWilderness):
+ (JSC::CopiedBlock::CopiedBlock):
+ (JSC::CopiedBlock::payloadEnd):
+ (JSC):
+ (JSC::CopiedBlock::payloadCapacity):
+ (JSC::CopiedBlock::data):
+ (JSC::CopiedBlock::dataEnd):
+ (JSC::CopiedBlock::dataSize):
+ (JSC::CopiedBlock::wilderness):
+ (JSC::CopiedBlock::wildernessEnd):
+ (JSC::CopiedBlock::wildernessSize):
+ (JSC::CopiedBlock::size):
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::tryAllocateSlowCase):
+ (JSC::CopiedSpace::tryAllocateOversize):
+ (JSC::CopiedSpace::tryReallocate):
+ (JSC::CopiedSpace::doneFillingBlock):
+ (JSC::CopiedSpace::doneCopying):
+ * heap/CopiedSpace.h:
+ (CopiedSpace):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC::CopiedSpace::startedCopying):
+ (JSC::CopiedSpace::allocateBlockForCopyingPhase):
+ (JSC::CopiedSpace::allocateBlock):
+ (JSC::CopiedSpace::tryAllocate):
+ (JSC):
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::startCopying):
+ (JSC::SlotVisitor::allocateNewSpace):
+ (JSC::SlotVisitor::doneCopying):
+ * heap/SlotVisitor.h:
+ (JSC::SlotVisitor::SlotVisitor):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicStorage):
+ (JSC::JIT::emitAllocateJSArray):
2012-07-13 Mark Lam <mark.lam@apple.com>
View Lorry Controller Status