From a89b2ebb8e192c5e8cea21079bda2ee2c0c7dddd Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Fri, 25 May 2012 15:09:11 +0200 Subject: Imported WebKit commit eb5c1b8fe4d4b1b90b5137433fc58a91da0e6878 (http://svn.webkit.org/repository/webkit/trunk@118516) --- .../JavaScriptCore/API/JSCallbackObjectFunctions.h | 314 +- Source/JavaScriptCore/API/JSClassRef.cpp | 2 +- Source/JavaScriptCore/API/JSValueRef.cpp | 2 +- .../API/JSWeakObjectMapRefPrivate.cpp | 2 +- Source/JavaScriptCore/CMakeLists.txt | 12 + Source/JavaScriptCore/ChangeLog | 70569 +----------------- Source/JavaScriptCore/ChangeLog-2012-05-22 | 70902 +++++++++++++++++++ .../Configurations/FeatureDefines.xcconfig | 7 +- Source/JavaScriptCore/DerivedSources.make | 1 + Source/JavaScriptCore/DerivedSources.pri | 1 + Source/JavaScriptCore/GNUmakefile.list.am | 19 + Source/JavaScriptCore/JavaScriptCore.gypi | 7 + Source/JavaScriptCore/JavaScriptCore.pri | 2 +- .../JavaScriptCore/JavaScriptCore.def | 6 +- .../JavaScriptCore/JavaScriptCore.vcproj | 28 + .../JavaScriptCore.xcodeproj/project.pbxproj | 80 +- Source/JavaScriptCore/Target.pri | 10 +- Source/JavaScriptCore/assembler/ARMAssembler.cpp | 17 + Source/JavaScriptCore/assembler/ARMAssembler.h | 36 + Source/JavaScriptCore/assembler/ARMv7Assembler.h | 37 +- .../assembler/AbstractMacroAssembler.h | 8 + Source/JavaScriptCore/assembler/LinkBuffer.h | 2 +- Source/JavaScriptCore/assembler/MIPSAssembler.h | 32 +- Source/JavaScriptCore/assembler/SH4Assembler.h | 13 +- Source/JavaScriptCore/assembler/X86Assembler.h | 3 + Source/JavaScriptCore/bytecode/CodeBlock.cpp | 446 +- Source/JavaScriptCore/bytecode/CodeBlock.h | 106 +- Source/JavaScriptCore/bytecode/CodeOrigin.h | 2 + Source/JavaScriptCore/bytecode/DFGExitProfile.h | 15 + Source/JavaScriptCore/bytecode/Operands.h | 10 + Source/JavaScriptCore/bytecode/PredictedType.cpp | 20 +- Source/JavaScriptCore/bytecode/PredictedType.h | 44 +- Source/JavaScriptCore/bytecode/StructureStubInfo.h | 14 +- Source/JavaScriptCore/bytecode/ValueRecovery.h | 12 + .../JavaScriptCore/bytecompiler/NodesCodegen.cpp | 25 +- Source/JavaScriptCore/dfg/DFGAbstractState.cpp | 766 +- Source/JavaScriptCore/dfg/DFGAbstractState.h | 87 +- Source/JavaScriptCore/dfg/DFGAbstractValue.h | 112 +- Source/JavaScriptCore/dfg/DFGAdjacencyList.h | 31 +- .../dfg/DFGArgumentsSimplificationPhase.cpp | 750 + .../dfg/DFGArgumentsSimplificationPhase.h | 49 + Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp | 8 + Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h | 43 +- Source/JavaScriptCore/dfg/DFGBasicBlock.h | 33 + Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp | 329 +- Source/JavaScriptCore/dfg/DFGByteCodeParser.h | 2 +- Source/JavaScriptCore/dfg/DFGCCallHelpers.h | 43 + Source/JavaScriptCore/dfg/DFGCFAPhase.cpp | 10 +- Source/JavaScriptCore/dfg/DFGCFAPhase.h | 2 +- .../dfg/DFGCFGSimplificationPhase.cpp | 730 + .../JavaScriptCore/dfg/DFGCFGSimplificationPhase.h | 52 + Source/JavaScriptCore/dfg/DFGCSEPhase.cpp | 217 +- Source/JavaScriptCore/dfg/DFGCSEPhase.h | 4 +- Source/JavaScriptCore/dfg/DFGCapabilities.cpp | 55 +- Source/JavaScriptCore/dfg/DFGCapabilities.h | 64 +- Source/JavaScriptCore/dfg/DFGCommon.h | 23 +- .../JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp | 120 + .../JavaScriptCore/dfg/DFGConstantFoldingPhase.h | 48 + Source/JavaScriptCore/dfg/DFGDominators.cpp | 109 + Source/JavaScriptCore/dfg/DFGDominators.h | 77 + Source/JavaScriptCore/dfg/DFGDriver.cpp | 48 +- Source/JavaScriptCore/dfg/DFGDriver.h | 9 +- Source/JavaScriptCore/dfg/DFGEdge.h | 4 + Source/JavaScriptCore/dfg/DFGFixupPhase.cpp | 30 +- Source/JavaScriptCore/dfg/DFGFixupPhase.h | 2 +- Source/JavaScriptCore/dfg/DFGGPRInfo.h | 6 + Source/JavaScriptCore/dfg/DFGGraph.cpp | 151 +- Source/JavaScriptCore/dfg/DFGGraph.h | 210 +- Source/JavaScriptCore/dfg/DFGInsertionSet.h | 2 +- Source/JavaScriptCore/dfg/DFGJITCompiler.cpp | 34 +- Source/JavaScriptCore/dfg/DFGJITCompiler.h | 78 +- Source/JavaScriptCore/dfg/DFGNode.h | 89 +- Source/JavaScriptCore/dfg/DFGNodeFlags.cpp | 7 + Source/JavaScriptCore/dfg/DFGNodeFlags.h | 2 + Source/JavaScriptCore/dfg/DFGNodeType.h | 24 +- Source/JavaScriptCore/dfg/DFGOSREntry.cpp | 8 +- Source/JavaScriptCore/dfg/DFGOSRExit.cpp | 11 +- Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp | 4 +- Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h | 5 +- .../JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp | 125 +- Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp | 87 +- Source/JavaScriptCore/dfg/DFGOperations.cpp | 103 +- Source/JavaScriptCore/dfg/DFGOperations.h | 20 +- Source/JavaScriptCore/dfg/DFGPhase.cpp | 3 + Source/JavaScriptCore/dfg/DFGPhase.h | 11 +- .../dfg/DFGPredictionPropagationPhase.cpp | 79 +- .../dfg/DFGPredictionPropagationPhase.h | 2 +- .../dfg/DFGRedundantPhiEliminationPhase.cpp | 9 +- .../dfg/DFGRedundantPhiEliminationPhase.h | 2 +- Source/JavaScriptCore/dfg/DFGScoreBoard.h | 13 + .../JavaScriptCore/dfg/DFGSilentRegisterSavePlan.h | 123 + Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h | 496 + Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp | 260 +- Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h | 686 +- .../JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp | 723 +- Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp | 757 +- Source/JavaScriptCore/dfg/DFGThunks.cpp | 15 +- Source/JavaScriptCore/dfg/DFGValidate.cpp | 362 + Source/JavaScriptCore/dfg/DFGValidate.h | 51 + Source/JavaScriptCore/dfg/DFGVariableAccessData.h | 37 +- .../dfg/DFGVirtualRegisterAllocationPhase.cpp | 43 +- .../dfg/DFGVirtualRegisterAllocationPhase.h | 2 +- Source/JavaScriptCore/heap/BlockAllocator.cpp | 17 +- Source/JavaScriptCore/heap/BlockAllocator.h | 30 +- Source/JavaScriptCore/heap/CopiedBlock.h | 51 +- Source/JavaScriptCore/heap/CopiedSpace.cpp | 65 +- Source/JavaScriptCore/heap/CopiedSpace.h | 8 +- .../JavaScriptCore/heap/CopiedSpaceInlineMethods.h | 20 +- Source/JavaScriptCore/heap/Heap.cpp | 111 +- Source/JavaScriptCore/heap/Heap.h | 18 +- Source/JavaScriptCore/heap/HeapBlock.h | 4 +- Source/JavaScriptCore/heap/MachineStackMarker.cpp | 14 +- Source/JavaScriptCore/heap/MarkedAllocator.cpp | 10 +- Source/JavaScriptCore/heap/MarkedBlock.cpp | 20 +- Source/JavaScriptCore/heap/MarkedBlock.h | 70 +- Source/JavaScriptCore/heap/MarkedSpace.cpp | 130 +- Source/JavaScriptCore/heap/MarkedSpace.h | 7 +- Source/JavaScriptCore/heap/PassWeak.h | 4 - Source/JavaScriptCore/heap/Weak.h | 29 +- Source/JavaScriptCore/heap/WeakBlock.cpp | 25 +- Source/JavaScriptCore/heap/WeakBlock.h | 25 +- Source/JavaScriptCore/heap/WeakSet.cpp | 37 +- Source/JavaScriptCore/heap/WeakSet.h | 66 +- Source/JavaScriptCore/heap/WeakSetInlines.h | 2 +- Source/JavaScriptCore/interpreter/CallFrame.cpp | 10 + Source/JavaScriptCore/interpreter/CallFrame.h | 5 + Source/JavaScriptCore/interpreter/Interpreter.cpp | 24 +- Source/JavaScriptCore/jit/ExecutableAllocator.cpp | 17 - Source/JavaScriptCore/jit/ExecutableAllocator.h | 102 - Source/JavaScriptCore/jit/HostCallReturnValue.h | 4 +- Source/JavaScriptCore/jit/JIT.cpp | 27 +- Source/JavaScriptCore/jit/JIT.h | 3 +- Source/JavaScriptCore/jit/JITArithmetic.cpp | 2 +- Source/JavaScriptCore/jit/JITCode.h | 2 +- Source/JavaScriptCore/jit/JITDriver.h | 12 +- Source/JavaScriptCore/jit/JITOpcodes.cpp | 3 +- Source/JavaScriptCore/jit/JITOpcodes32_64.cpp | 1 + Source/JavaScriptCore/jit/JITPropertyAccess.cpp | 2 +- .../JavaScriptCore/jit/JITPropertyAccess32_64.cpp | 2 +- Source/JavaScriptCore/jit/JITStubs.cpp | 67 +- Source/JavaScriptCore/jit/JITStubs.h | 2 +- Source/JavaScriptCore/jit/ThunkGenerators.cpp | 2 +- Source/JavaScriptCore/jsc.cpp | 7 +- Source/JavaScriptCore/llint/LLIntSlowPaths.cpp | 21 +- .../llint/LowLevelInterpreter32_64.asm | 2 + .../JavaScriptCore/llint/LowLevelInterpreter64.asm | 2 + Source/JavaScriptCore/runtime/Arguments.cpp | 30 +- Source/JavaScriptCore/runtime/Arguments.h | 45 +- Source/JavaScriptCore/runtime/ArrayPrototype.cpp | 12 +- .../JavaScriptCore/runtime/BooleanConstructor.cpp | 4 +- Source/JavaScriptCore/runtime/CommonSlowPaths.h | 4 + Source/JavaScriptCore/runtime/Executable.cpp | 24 +- Source/JavaScriptCore/runtime/Executable.h | 14 +- Source/JavaScriptCore/runtime/ExecutionHarness.h | 12 +- Source/JavaScriptCore/runtime/JSActivation.cpp | 6 +- Source/JavaScriptCore/runtime/JSCell.h | 2 +- Source/JavaScriptCore/runtime/JSGlobalData.cpp | 37 +- Source/JavaScriptCore/runtime/JSGlobalData.h | 54 +- Source/JavaScriptCore/runtime/JSGlobalObject.cpp | 14 +- Source/JavaScriptCore/runtime/JSGlobalObject.h | 11 +- Source/JavaScriptCore/runtime/JSObject.cpp | 5 - Source/JavaScriptCore/runtime/JSObject.h | 1 - Source/JavaScriptCore/runtime/JSString.cpp | 2 +- Source/JavaScriptCore/runtime/JSString.h | 10 +- Source/JavaScriptCore/runtime/JSType.h | 1 + Source/JavaScriptCore/runtime/JSTypeInfo.h | 1 + Source/JavaScriptCore/runtime/JSValue.cpp | 2 +- Source/JavaScriptCore/runtime/JSValue.h | 4 +- Source/JavaScriptCore/runtime/JSVariableObject.cpp | 4 +- Source/JavaScriptCore/runtime/JSVariableObject.h | 8 +- Source/JavaScriptCore/runtime/Lookup.cpp | 5 +- Source/JavaScriptCore/runtime/Lookup.h | 10 +- Source/JavaScriptCore/runtime/NameConstructor.cpp | 69 + Source/JavaScriptCore/runtime/NameConstructor.h | 65 + Source/JavaScriptCore/runtime/NameInstance.cpp | 44 + Source/JavaScriptCore/runtime/NameInstance.h | 77 + Source/JavaScriptCore/runtime/NamePrototype.cpp | 89 + Source/JavaScriptCore/runtime/NamePrototype.h | 64 + .../JavaScriptCore/runtime/ObjectConstructor.cpp | 6 +- Source/JavaScriptCore/runtime/PrivateName.h | 48 + .../JavaScriptCore/runtime/PropertyMapHashTable.h | 5 +- Source/JavaScriptCore/runtime/PropertyName.h | 37 +- Source/JavaScriptCore/runtime/RegExpCache.cpp | 23 +- .../JavaScriptCore/runtime/RegExpConstructor.cpp | 4 +- Source/JavaScriptCore/runtime/RegExpKey.h | 1 + Source/JavaScriptCore/runtime/RegExpPrototype.cpp | 6 +- Source/JavaScriptCore/runtime/Structure.cpp | 30 +- Source/JavaScriptCore/runtime/Structure.h | 2 +- Source/JavaScriptCore/runtime/WeakGCMap.h | 70 +- Source/JavaScriptCore/tools/CodeProfile.cpp | 2 +- 190 files changed, 81549 insertions(+), 71800 deletions(-) create mode 100644 Source/JavaScriptCore/ChangeLog-2012-05-22 create mode 100644 Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp create mode 100644 Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h create mode 100644 Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp create mode 100644 Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.h create mode 100644 Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp create mode 100644 Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.h create mode 100644 Source/JavaScriptCore/dfg/DFGDominators.cpp create mode 100644 Source/JavaScriptCore/dfg/DFGDominators.h create mode 100644 Source/JavaScriptCore/dfg/DFGSilentRegisterSavePlan.h create mode 100644 Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h create mode 100644 Source/JavaScriptCore/dfg/DFGValidate.cpp create mode 100644 Source/JavaScriptCore/dfg/DFGValidate.h create mode 100644 Source/JavaScriptCore/runtime/NameConstructor.cpp create mode 100644 Source/JavaScriptCore/runtime/NameConstructor.h create mode 100644 Source/JavaScriptCore/runtime/NameInstance.cpp create mode 100644 Source/JavaScriptCore/runtime/NameInstance.h create mode 100644 Source/JavaScriptCore/runtime/NamePrototype.cpp create mode 100644 Source/JavaScriptCore/runtime/NamePrototype.h create mode 100644 Source/JavaScriptCore/runtime/PrivateName.h (limited to 'Source/JavaScriptCore') diff --git a/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h b/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h index fdc58fccf..160f48887 100644 --- a/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h +++ b/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h @@ -129,54 +129,56 @@ bool JSCallbackObject::getOwnPropertySlot(JSCell* cell, ExecState* exec, JSObjectRef thisRef = toRef(thisObject); RefPtr propertyNameRef; - for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { - // optional optimization to bypass getProperty in cases when we only need to know if the property exists - if (JSObjectHasPropertyCallback hasProperty = jsClass->hasProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - APICallbackShim callbackShim(exec); - if (hasProperty(ctx, thisRef, propertyNameRef.get())) { - slot.setCustom(thisObject, callbackGetter); - return true; - } - } else if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - JSValueRef value; - { + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { + // optional optimization to bypass getProperty in cases when we only need to know if the property exists + if (JSObjectHasPropertyCallback hasProperty = jsClass->hasProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); APICallbackShim callbackShim(exec); - value = getProperty(ctx, thisRef, propertyNameRef.get(), &exception); - } - if (exception) { - throwError(exec, toJS(exec, exception)); - slot.setValue(jsUndefined()); - return true; - } - if (value) { - slot.setValue(toJS(exec, value)); - return true; - } - } - - if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { - if (staticValues->contains(propertyName.impl())) { - JSValue value = thisObject->getStaticValue(exec, propertyName); + if (hasProperty(ctx, thisRef, propertyNameRef.get())) { + slot.setCustom(thisObject, callbackGetter); + return true; + } + } else if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + JSValueRef value; + { + APICallbackShim callbackShim(exec); + value = getProperty(ctx, thisRef, propertyNameRef.get(), &exception); + } + if (exception) { + throwError(exec, toJS(exec, exception)); + slot.setValue(jsUndefined()); + return true; + } if (value) { - slot.setValue(value); + slot.setValue(toJS(exec, value)); return true; } } - } - - if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { - if (staticFunctions->contains(propertyName.impl())) { - slot.setCustom(thisObject, staticFunctionGetter); - return true; + + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { + if (staticValues->contains(name)) { + JSValue value = thisObject->getStaticValue(exec, propertyName); + if (value) { + slot.setValue(value); + return true; + } + } + } + + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { + if (staticFunctions->contains(name)) { + slot.setCustom(thisObject, staticFunctionGetter); + return true; + } } } } - + return Parent::getOwnPropertySlot(thisObject, exec, propertyName, slot); } @@ -233,53 +235,55 @@ void JSCallbackObject::put(JSCell* cell, ExecState* exec, PropertyName p RefPtr propertyNameRef; JSValueRef valueRef = toRef(exec, value); - for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { - if (JSObjectSetPropertyCallback setProperty = jsClass->setProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - bool result; - { - APICallbackShim callbackShim(exec); - result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception); - } - if (exception) - throwError(exec, toJS(exec, exception)); - if (result || exception) - return; - } - - if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { - if (StaticValueEntry* entry = staticValues->get(propertyName.impl())) { - if (entry->attributes & kJSPropertyAttributeReadOnly) + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { + if (JSObjectSetPropertyCallback setProperty = jsClass->setProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + bool result; + { + APICallbackShim callbackShim(exec); + result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception); + } + if (exception) + throwError(exec, toJS(exec, exception)); + if (result || exception) return; - if (JSObjectSetPropertyCallback setProperty = entry->setProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - bool result; - { - APICallbackShim callbackShim(exec); - result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception); - } - if (exception) - throwError(exec, toJS(exec, exception)); - if (result || exception) + } + + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { + if (StaticValueEntry* entry = staticValues->get(name)) { + if (entry->attributes & kJSPropertyAttributeReadOnly) return; + if (JSObjectSetPropertyCallback setProperty = entry->setProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + bool result; + { + APICallbackShim callbackShim(exec); + result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception); + } + if (exception) + throwError(exec, toJS(exec, exception)); + if (result || exception) + return; + } } } - } - - if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { - if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) { - if (entry->attributes & kJSPropertyAttributeReadOnly) + + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { + if (StaticFunctionEntry* entry = staticFunctions->get(name)) { + if (entry->attributes & kJSPropertyAttributeReadOnly) + return; + thisObject->JSCallbackObject::putDirect(exec->globalData(), propertyName, value); // put as override property return; - thisObject->JSCallbackObject::putDirect(exec->globalData(), propertyName, value); // put as override property - return; + } } } } - + return Parent::put(thisObject, exec, propertyName, value, slot); } @@ -291,39 +295,41 @@ bool JSCallbackObject::deleteProperty(JSCell* cell, ExecState* exec, Pro JSObjectRef thisRef = toRef(thisObject); RefPtr propertyNameRef; - for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { - if (JSObjectDeletePropertyCallback deleteProperty = jsClass->deleteProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - bool result; - { - APICallbackShim callbackShim(exec); - result = deleteProperty(ctx, thisRef, propertyNameRef.get(), &exception); + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { + if (JSObjectDeletePropertyCallback deleteProperty = jsClass->deleteProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + bool result; + { + APICallbackShim callbackShim(exec); + result = deleteProperty(ctx, thisRef, propertyNameRef.get(), &exception); + } + if (exception) + throwError(exec, toJS(exec, exception)); + if (result || exception) + return true; } - if (exception) - throwError(exec, toJS(exec, exception)); - if (result || exception) - return true; - } - - if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { - if (StaticValueEntry* entry = staticValues->get(propertyName.impl())) { - if (entry->attributes & kJSPropertyAttributeDontDelete) - return false; - return true; + + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { + if (StaticValueEntry* entry = staticValues->get(name)) { + if (entry->attributes & kJSPropertyAttributeDontDelete) + return false; + return true; + } } - } - - if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { - if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) { - if (entry->attributes & kJSPropertyAttributeDontDelete) - return false; - return true; + + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { + if (StaticFunctionEntry* entry = staticFunctions->get(name)) { + if (entry->attributes & kJSPropertyAttributeDontDelete) + return false; + return true; + } } } } - + return Parent::deleteProperty(thisObject, exec, propertyName); } @@ -509,25 +515,30 @@ JSValue JSCallbackObject::getStaticValue(ExecState* exec, PropertyName p JSObjectRef thisRef = toRef(this); RefPtr propertyNameRef; - for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) - if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) - if (StaticValueEntry* entry = staticValues->get(propertyName.impl())) - if (JSObjectGetPropertyCallback getProperty = entry->getProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - JSValueRef value; - { - APICallbackShim callbackShim(exec); - value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception); - } - if (exception) { - throwError(exec, toJS(exec, exception)); - return jsUndefined(); + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) { + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { + if (StaticValueEntry* entry = staticValues->get(name)) { + if (JSObjectGetPropertyCallback getProperty = entry->getProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + JSValueRef value; + { + APICallbackShim callbackShim(exec); + value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception); + } + if (exception) { + throwError(exec, toJS(exec, exception)); + return jsUndefined(); + } + if (value) + return toJS(exec, value); } - if (value) - return toJS(exec, value); } + } + } + } return JSValue(); } @@ -542,19 +553,21 @@ JSValue JSCallbackObject::staticFunctionGetter(ExecState* exec, JSValue if (Parent::getOwnPropertySlot(thisObj, exec, propertyName, slot2)) return slot2.getValue(exec, propertyName); - for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) { - if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { - if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) { - if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) { - - JSObject* o = JSCallbackFunction::create(exec, thisObj->globalObject(), callAsFunction, propertyName.ustring()); - thisObj->putDirect(exec->globalData(), propertyName, o, entry->attributes); - return o; + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) { + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { + if (StaticFunctionEntry* entry = staticFunctions->get(name)) { + if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) { + + JSObject* o = JSCallbackFunction::create(exec, thisObj->globalObject(), callAsFunction, name); + thisObj->putDirect(exec->globalData(), propertyName, o, entry->attributes); + return o; + } } } } } - + return throwError(exec, createReferenceError(exec, "Static function property defined with NULL callAsFunction callback.")); } @@ -566,24 +579,27 @@ JSValue JSCallbackObject::callbackGetter(ExecState* exec, JSValue slotPa JSObjectRef thisRef = toRef(thisObj); RefPtr propertyNameRef; - for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) - if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - JSValueRef value; - { - APICallbackShim callbackShim(exec); - value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception); - } - if (exception) { - throwError(exec, toJS(exec, exception)); - return jsUndefined(); + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) { + if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + JSValueRef value; + { + APICallbackShim callbackShim(exec); + value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception); + } + if (exception) { + throwError(exec, toJS(exec, exception)); + return jsUndefined(); + } + if (value) + return toJS(exec, value); } - if (value) - return toJS(exec, value); } - + } + return throwError(exec, createReferenceError(exec, "hasProperty callback returned true for a property that doesn't exist.")); } diff --git a/Source/JavaScriptCore/API/JSClassRef.cpp b/Source/JavaScriptCore/API/JSClassRef.cpp index 5f67fc37e..134431654 100644 --- a/Source/JavaScriptCore/API/JSClassRef.cpp +++ b/Source/JavaScriptCore/API/JSClassRef.cpp @@ -219,6 +219,6 @@ JSObject* OpaqueJSClass::prototype(ExecState* exec) prototype->setPrototype(exec->globalData(), parentPrototype); } - jsClassData.cachedPrototype = PassWeak(prototype, 0); + jsClassData.cachedPrototype = PassWeak(prototype); return prototype; } diff --git a/Source/JavaScriptCore/API/JSValueRef.cpp b/Source/JavaScriptCore/API/JSValueRef.cpp index 9b7268a2d..04d7f661d 100644 --- a/Source/JavaScriptCore/API/JSValueRef.cpp +++ b/Source/JavaScriptCore/API/JSValueRef.cpp @@ -266,7 +266,7 @@ bool JSValueToBoolean(JSContextRef ctx, JSValueRef value) APIEntryShim entryShim(exec); JSValue jsValue = toJS(exec, value); - return jsValue.toBoolean(exec); + return jsValue.toBoolean(); } double JSValueToNumber(JSContextRef ctx, JSValueRef value, JSValueRef* exception) diff --git a/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp b/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp index bdd56f602..bfb006021 100644 --- a/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp +++ b/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp @@ -72,7 +72,7 @@ void JSWeakObjectMapRemove(JSContextRef ctx, JSWeakObjectMapRef map, void* key) { ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - map->map().take(key); + map->map().remove(key); } // We need to keep this function in the build to keep the nightlies running. diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt index bf48f970d..cb58b0007 100644 --- a/Source/JavaScriptCore/CMakeLists.txt +++ b/Source/JavaScriptCore/CMakeLists.txt @@ -58,12 +58,16 @@ SET(JavaScriptCore_SOURCES bytecompiler/NodesCodegen.cpp dfg/DFGAbstractState.cpp + dfg/DFGArgumentsSimplificationPhase.cpp dfg/DFGAssemblyHelpers.cpp dfg/DFGByteCodeParser.cpp dfg/DFGCapabilities.cpp dfg/DFGCFAPhase.cpp + dfg/DFGCFGSimplificationPhase.cpp + dfg/DFGConstantFoldingPhase.cpp dfg/DFGCorrectableJumpPoint.cpp dfg/DFGCSEPhase.cpp + dfg/DFGDominators.cpp dfg/DFGDriver.cpp dfg/DFGFixupPhase.cpp dfg/DFGGraph.cpp @@ -83,6 +87,7 @@ SET(JavaScriptCore_SOURCES dfg/DFGSpeculativeJIT32_64.cpp dfg/DFGSpeculativeJIT64.cpp dfg/DFGThunks.cpp + dfg/DFGValidate.cpp dfg/DFGVirtualRegisterAllocationPhase.cpp heap/BlockAllocator.cpp @@ -189,6 +194,12 @@ SET(JavaScriptCore_SOURCES runtime/LiteralParser.cpp runtime/Lookup.cpp runtime/MathObject.cpp + runtime/NameConstructor.cpp + runtime/NameConstructor.h + runtime/NameInstance.cpp + runtime/NameInstance.h + runtime/NamePrototype.cpp + runtime/NamePrototype.h runtime/NativeErrorConstructor.cpp runtime/NativeErrorPrototype.cpp runtime/NumberConstructor.cpp @@ -240,6 +251,7 @@ SET(JavaScriptCore_LUT_FILES runtime/JSGlobalObject.cpp runtime/JSONObject.cpp runtime/MathObject.cpp + runtime/NamePrototype.cpp runtime/NumberConstructor.cpp runtime/NumberPrototype.cpp runtime/ObjectConstructor.cpp diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog index e8aac4510..7bea6a152 100644 --- a/Source/JavaScriptCore/ChangeLog +++ b/Source/JavaScriptCore/ChangeLog @@ -1,69765 +1,1278 @@ -2012-05-17 Filip Pizlo - - Setting array index -1 and looping over array causes bad behavior - https://bugs.webkit.org/show_bug.cgi?id=86733 - - - Reviewed by Oliver Hunt. +2012-05-24 Tim Horton - * dfg/DFGOperations.cpp: + Add feature defines for web-facing parts of CSS Regions and Exclusions + https://bugs.webkit.org/show_bug.cgi?id=87442 + -2012-05-17 Geoffrey Garen + Reviewed by Dan Bernstein. - Not reviewed. + * Configurations/FeatureDefines.xcconfig: - Rolled out r117495 because it caused som out of memory crashes. +2012-05-24 Geoffrey Garen - * heap/Heap.cpp: - (JSC::Heap::collect): + WebKit should be lazy-finalization-safe (esp. the DOM) + https://bugs.webkit.org/show_bug.cgi?id=87456 -2012-05-17 Geoffrey Garen + Reviewed by Filip Pizlo. - Refactored the Heap to move more MarkedSpace logic into MarkedSpace - https://bugs.webkit.org/show_bug.cgi?id=86790 + Lazy finalization adds one twist to weak pointer use: - Reviewed by Gavin Barraclough. + A HashMap of weak pointers may contain logically null entries. + (Weak pointers behave as-if null once their payloads die.) + Insertion must not assume that a pre-existing entry is + necessarily valid, and iteration must not assume that all + entries can be dereferenced. - * heap/Heap.cpp: - (JSC::Heap::lastChanceToFinalize): - (JSC::Heap::markRoots): - (JSC): - (JSC::Heap::objectCount): - (JSC::Heap::size): - (JSC::Heap::capacity): - (JSC::Heap::collect): - * heap/Heap.h: - (Heap): Took all the functors from here... + (Previously, I thought that it also added a second twist: - * heap/MarkedBlock.h: - (CountFunctor): - (JSC::MarkedBlock::CountFunctor::CountFunctor): - (JSC::MarkedBlock::CountFunctor::count): - (JSC::MarkedBlock::CountFunctor::returnValue): - (MarkedBlock): - * heap/MarkedSpace.h: - (JSC::ClearMarks::operator()): - (JSC): - (JSC::Sweep::operator()): - (JSC::MarkCount::operator()): - (JSC::Size::operator()): - (JSC::Capacity::operator()): - (MarkedSpace): - (JSC::MarkedSpace::clearMarks): - (JSC::MarkedSpace::sweep): - (JSC::MarkedSpace::objectCount): - (JSC::MarkedSpace::size): - (JSC::MarkedSpace::capacity): and put them here. + A demand-allocated weak pointer may replace a dead payload + before the payload's finalizer runs. In that case, when the + payload's finalizer runs, the payload has already been + overwritten, and the finalizer should not clear the payload, + which now points to something new. -2012-05-17 Geoffrey Garen + But that's not the case here, since we cancel the old payload's + finalizer when we over-write it. I've added ASSERTs to verify this + assumption, in case it ever changes.) - Increase the GC allocation trigger - https://bugs.webkit.org/show_bug.cgi?id=86699 + * API/JSClassRef.cpp: + (OpaqueJSClass::prototype): No need to specify null; that's the default. - Reviewed by Sam Weinig. + * API/JSWeakObjectMapRefPrivate.cpp: Use remove, since take() is gone. - This helps a lot when the heap is growing, and helps to resolve - the regression caused by r116484. + * heap/PassWeak.h: + (WeakImplAccessor::was): This is no longer a debug-only function, since + it's required to reason about lazily finalized pointers. - * heap/Heap.cpp: - (JSC::Heap::collect): + * heap/Weak.h: + (JSC::weakAdd): + (JSC::weakRemove): + (JSC::weakClear): Added these helper functions for the common idioms of + what clients want to do in their weak pointer finalizers. -2012-05-16 Mark Hahnenberg + * jit/JITStubs.cpp: + (JSC::JITThunks::hostFunctionStub): Use the new idioms. Otherwise, we + would return NULL for a "zombie" executable weak pointer that was waiting + for finalization (item (2)), and finalizing a dead executable weak pointer + would potentially destroy a new, live one (item (1)). - GC in the middle of JSObject::allocatePropertyStorage can cause badness - https://bugs.webkit.org/show_bug.cgi?id=83839 + * runtime/RegExpCache.cpp: + (JSC::RegExpCache::lookupOrCreate): + (JSC::RegExpCache::finalize): Ditto. - Reviewed by Geoff Garen. + (JSC::RegExpCache::invalidateCode): Check for null while iterating. (See + item (2).) - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage. - (JSC::DEFINE_STUB_FUNCTION): - * runtime/JSObject.cpp: - (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're - growing our already-existing PropertyStorage. - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage - and the new structure so that we can be sure a GC never occurs when our Structure - info is out of sync with our PropertyStorage. - (JSC): - (JSC::JSObject::putDirectInternal): Moved the check to see if we should - allocate more backing store before the actual property insertion into - the structure. - (JSC::JSObject::putDirectWithoutTransition): Ditto. - (JSC::JSObject::transitionTo): Ditto. * runtime/Structure.cpp: - (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy - for property backing stores contained within the Structure class. - (JSC): - * runtime/Structure.h: - (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion - into the Structure would require resizing the property backing store so that they can - preallocate the required storage. - (Structure): - -2012-05-16 Geoffrey Garen - - GC is not thread-safe when moving values between C stacks - https://bugs.webkit.org/show_bug.cgi?id=86672 - - Reviewed by Phil Pizlo. - - GC pauses thread A while marking thread A, and then B while marking B, - which isn't safe against A and B moving values between each others' - stacks. - - This is a theoretical bug -- I haven't been able to reproduce it - in the wild. + (JSC::StructureTransitionTable::contains): + (JSC::StructureTransitionTable::add): Use get and set instead of add and + contains, since add and contains are not compatible with lazy finalization. - * heap/MachineStackMarker.cpp: - (JSC::MachineThreads::gatherFromOtherThread): - (JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the - duration of stack marking, to avoid missing values that might be moving - between C stacks. + * runtime/WeakGCMap.h: + (WeakGCMap): + (JSC::WeakGCMap::clear): + (JSC::WeakGCMap::remove): Removed a bunch of code that was incompatible with + lazy finalization because I didn't feel like making it compatible, and I had + no way to test it. -2012-05-15 Mark Hahnenberg +2012-05-24 Filip Pizlo - Block freeing thread should not free blocks when we are actively requesting them - https://bugs.webkit.org/show_bug.cgi?id=86519 + REGRESSION (r118013-r118031): Loops/Reloads under www.yahoo.com, quits after three tries with error + https://bugs.webkit.org/show_bug.cgi?id=87327 - Reviewed by Geoff Garen. + Reviewed by Geoffrey Garen. + + If you use AbstractValue::filter(StructureSet) to test subset relationships between TOP and a + set containing >=2 elements, you're going to have a bad time. + + That's because AbstractValue considers a set with >=2 elements to be equivalent to TOP, in order + to save space and speed up convergence. So filtering has no effect in this case, which made + the code think that the abstract value was proving that the structure check was unnecessary. + The correct thing to do is to use isSubsetOf() on the StructureAbstractValue, which does the + right thingies for TOP and >=2 elements. - * heap/BlockAllocator.h: - (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done - while we hold the lock to ensure proper locking. + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): -2012-05-15 Filip Pizlo +2012-05-24 Filip Pizlo - shrinkToFit() is often not called for Vectors in CodeBlock - https://bugs.webkit.org/show_bug.cgi?id=86436 + new test fast/js/dfg-arguments-mixed-alias.html fails on JSVALUE32_64 + https://bugs.webkit.org/show_bug.cgi?id=87378 - Reviewed by Oliver Hunt. + Reviewed by Gavin Barraclough. - The vectors in CodeBlock are often appended to during various stages of - compilation, but we neglect to shrink them after compilation finishes. This - patch takes the most brutal possible approach: shrink all the vectors after - the bytecompile phase, and then shrink them again after the appropriate - JITing phase. The two shrinks are necessary because the JIT may append more - stuff, but may also generate code that directly references things in other - vectors; hence some can only be shrunk before JIT and some after. Also, - we may allow a CodeBlock to sit around for a long time - possibly forever - - before invoking the JIT, hence it makes sense to have two shrinks. + - Captured variable tracking forgot did not consistently handle arguments, leading to OSR + badness. - This is performance neutral on the major benchmarks we track. + - Nodes capable of exiting were tracked in a non-monotonic way, leading to compiler errors. - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::shrinkToFit): - * bytecode/CodeBlock.h: - (CodeBlock): - (JSC::CodeBlock::appendWeakReferenceTransition): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::generate): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::CSEPhase): + (CSEPhase): + (JSC::DFG::performCSE): + * dfg/DFGCSEPhase.h: + (DFG): + * dfg/DFGCommon.h: * dfg/DFGDriver.cpp: (JSC::DFG::compile): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - -2012-05-15 Oliver Hunt - - Make error information available even if all we have is line number information. - https://bugs.webkit.org/show_bug.cgi?id=86547 - - Reviewed by Filip Pizlo. - - We don't need expression information to generate useful line, file, and stack information, - so only require that we have line number info available. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - * runtime/Executable.h: - (JSC): - -2012-05-15 Mark Hahnenberg - - Block freeing thread should not free blocks when we are actively requesting them - https://bugs.webkit.org/show_bug.cgi?id=86519 - - Reviewed by Geoffrey Garen. - - The block freeing thread shoots us in the foot if it decides to run while we're actively - requesting blocks and returning them. This situation can arise when there is a lot of copying - collection going on in steady state. We allocate a large swath of pages to copy into, then we - return all the newly free old pages to the BlockAllocator. In this state, if the block freeing - thread wakes up in between collections (which is more likely than it waking up during a - collection) and frees half of these pages, they will be needed almost immediately during the - next collection, causing a storm of VM allocations which we know are going to be very slow. - - What we'd like is for when things have quieted down the block freeing thread can then return - memory to the OS. Usually this will be when a page has fully loaded and has a low allocation - rate. In this situation, our opportunistic collections will only be running at least every few - seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say, - while a page is loading. - - * heap/BlockAllocator.cpp: - (JSC::BlockAllocator::BlockAllocator): Initialize our new field. - (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently. - If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out - on an update, we'll see it when we wake up again. - * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests. - (BlockAllocator): - (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks - that to true. We don't bother locking since we assume that writing to a bool is atomic. + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::resetExitStates): + (DFG): + * dfg/DFGGraph.h: + (Graph): + * dfg/DFGPhase.h: + (DFG): + (JSC::DFG::runPhase): -2012-05-14 Luke Macpherson +2012-05-24 Geoffrey Garen - Introduce ENABLE_CSS_VARIABLES compile flag. - https://bugs.webkit.org/show_bug.cgi?id=86338 + Made WeakSet per-block instead of per-heap + https://bugs.webkit.org/show_bug.cgi?id=87401 - Reviewed by Dimitri Glazkov. + Reviewed by Oliver Hunt. - Add a configuration option for CSS Variables support, disabling it by default. + This allows us fast access to the set of all weak pointers for a block, + which is a step toward lazy finalization. - * Configurations/FeatureDefines.xcconfig: + No performance change. -2012-05-14 Gavin Barraclough + * heap/Heap.cpp: + (JSC::Heap::Heap): + (JSC::Heap::lastChanceToFinalize): Removed the per-heap weak set, since + it's per-block now. - Cannot login to iCloud - https://bugs.webkit.org/show_bug.cgi?id=86321 + (JSC::Heap::markRoots): Delegate weak set visiting to the marked space, + since it knows how to iterate all blocks. - Reviewed by Filip Pizlo. + (JSC::Heap::collect): Moved the reaping outside of markRoots, since it + doesn't mark anything. - This is a bug introduced by bug#85853, we shouldn't allow assignment to - the prototype property of functions to be cached, since we need to clear - the cached inheritorID. + Make sure to reset allocators after shrinking, since shrinking may + deallocate the current allocator. - * runtime/JSFunction.cpp: - (JSC::JSFunction::put): + * heap/Heap.h: + (Heap): No more per-heap weak set, since it's per-block now. -2012-05-14 Michael Saboff + * heap/MarkedBlock.cpp: + (JSC::MarkedBlock::MarkedBlock): + * heap/MarkedBlock.h: + (MarkedBlock): + (JSC::MarkedBlock::lastChanceToFinalize): Migrated finalization logic + here from the heap, so the heap doesn't need to know about our internal + data structures like our weak set. - Enh: Add the Ability to Disable / Enable JavaScript GC Timer - https://bugs.webkit.org/show_bug.cgi?id=86382 + (JSC::MarkedBlock::heap): + (JSC::MarkedBlock::weakSet): + (JSC::MarkedBlock::shrink): + (JSC::MarkedBlock::resetAllocator): + (JSC::MarkedBlock::visitWeakSet): + (JSC::MarkedBlock::reapWeakSet): + (JSC::MarkedBlock::sweepWeakSet): + * heap/MarkedSpace.cpp: + (JSC::VisitWeakSet::VisitWeakSet): + (JSC::VisitWeakSet::operator()): + (VisitWeakSet): + (JSC): + (JSC::ReapWeakSet::operator()): + (JSC::SweepWeakSet::operator()): + (JSC::LastChanceToFinalize::operator()): + (JSC::MarkedSpace::lastChanceToFinalize): + (JSC::ResetAllocator::operator()): + (JSC::MarkedSpace::resetAllocators): + (JSC::MarkedSpace::visitWeakSets): + (JSC::MarkedSpace::reapWeakSets): + (JSC::MarkedSpace::sweepWeakSets): + (JSC::Shrink::operator()): + (JSC::MarkedSpace::shrink): + * heap/MarkedSpace.h: + (MarkedSpace): Make sure to account for our weak sets when sweeping, + shrinking, etc. - Reviewed by Darin Adler. + * heap/WeakSet.cpp: + (JSC): + * heap/WeakSet.h: + (WeakSet): + (JSC::WeakSet::heap): + (JSC): + (JSC::WeakSet::lastChanceToFinalize): + (JSC::WeakSet::visit): + (JSC::WeakSet::reap): + (JSC::WeakSet::shrink): + (JSC::WeakSet::resetAllocator): Inlined some things since they're called + once per block now instead of once per heap. - Add flag to GCActivityCallback to enable / disable activity timer. - Add api via Heap to set the flag's value. + * heap/WeakSetInlines.h: + (JSC::WeakSet::allocate): Use the per-block weak set since there is no + per-heap weak set anymore. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Windows export - * heap/Heap.cpp: - (JSC::Heap::setGarbageCollectionTimerEnabled): - * heap/Heap.h: - * runtime/GCActivityCallback.h: - (JSC::GCActivityCallback::isEnabled): - (JSC::GCActivityCallback::setEnabled): - (JSC::GCActivityCallback::GCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: - (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): +2012-05-24 Gavin Barraclough -2012-05-14 Michael Saboff + Fix arm build - Increase Debug Logging in MarkStack::validate() - https://bugs.webkit.org/show_bug.cgi?id=86408 + Rubber stamped by Geoff Garen - Rubber-stamped by Filip Pizlo. + * dfg/DFGGPRInfo.h: + (GPRInfo): - Added some descriptive debug messages for the conditions and - values when a cell validation fails. +2012-05-24 Gavin Barraclough - * heap/MarkStack.cpp: - (JSC::MarkStack::validate): + Move cacheFlush from ExecutableAllocator to Assembler classes + https://bugs.webkit.org/show_bug.cgi?id=87420 -2012-05-14 Carlos Garcia Campos + Reviewed by Oliver Hunt. - Unreviewed. Fix make distcheck. + Makes more sense there, & remove a pile of #ifdefs. - * GNUmakefile.list.am: Add missing header file. + * assembler/ARMAssembler.cpp: + (JSC): + (JSC::ARMAssembler::cacheFlush): + * assembler/ARMAssembler.h: + (ARMAssembler): + (JSC::ARMAssembler::cacheFlush): + * assembler/ARMv7Assembler.h: + (JSC::ARMv7Assembler::relinkJump): + (JSC::ARMv7Assembler::cacheFlush): + (ARMv7Assembler): + (JSC::ARMv7Assembler::setInt32): + (JSC::ARMv7Assembler::setUInt7ForLoad): + * assembler/AbstractMacroAssembler.h: + (JSC::AbstractMacroAssembler::cacheFlush): + * assembler/LinkBuffer.h: + (JSC::LinkBuffer::performFinalization): + * assembler/MIPSAssembler.h: + (JSC::MIPSAssembler::relinkJump): + (JSC::MIPSAssembler::relinkCall): + (JSC::MIPSAssembler::repatchInt32): + (JSC::MIPSAssembler::cacheFlush): + (MIPSAssembler): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::repatchCompact): + (JSC::SH4Assembler::cacheFlush): + (SH4Assembler): + * assembler/X86Assembler.h: + (X86Assembler): + (JSC::X86Assembler::cacheFlush): + * jit/ExecutableAllocator.cpp: + (JSC): + * jit/ExecutableAllocator.h: + (ExecutableAllocator): -2012-05-14 Yong Li +2012-05-24 John Mellor - DFG JIT didn't work with ARM EABI. - https://bugs.webkit.org/show_bug.cgi?id=84449 + Font Boosting: Add compile flag and runtime setting + https://bugs.webkit.org/show_bug.cgi?id=87394 - Reviewed by Filip Pizlo. + Reviewed by Adam Barth. - Add a 32-bit dummy argument for some callOperation() - methods to make it work for ARM EABI. + Add ENABLE_FONT_BOOSTING. - * dfg/DFGCCallHelpers.h: - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): - (CCallHelpers): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::callOperation): + * Configurations/FeatureDefines.xcconfig: -2012-05-13 Gavin Barraclough +2012-05-24 Allan Sandfeld Jensen - Introduce PropertyName class - https://bugs.webkit.org/show_bug.cgi?id=86241 + cti_vm_throw gets kicked out by gcc 4.6 -flto + https://bugs.webkit.org/show_bug.cgi?id=56088 Reviewed by Darin Adler. - This patch introduced a couple of small bugs. + Add REFERENCED_FROM_ASM to functions only referenced from assembler. - * runtime/PropertyName.h: - (JSC::toUInt32FromCharacters): - - Returning wrong value for "" - should not convert to 0. - (JSC::PropertyName::PropertyName): - - Remove the ASSERT, it was a little too aspirational. + * dfg/DFGOperations.cpp: + * jit/HostCallReturnValue.h: + * jit/JITStubs.h: + * jit/ThunkGenerators.cpp: -2012-05-13 Filip Pizlo +2012-05-24 Filip Pizlo - DFG performs incorrect constant folding on double-to-uint32 conversion in - Uint32Array PutByVal - https://bugs.webkit.org/show_bug.cgi?id=86330 + Incorrect merge of r117542 from dfg opt branch in r118323 is leading to fast/js/dfg-arguments-osr-exit.html failing + https://bugs.webkit.org/show_bug.cgi?id=87350 - Reviewed by Darin Adler. + Reviewed by Maciej Stachowiak. - static_cast(d) is wrong, since JS semantics require us to use toInt32(d). - In particular, C++ casts on typical hardware (like x86 and similar) will - return 0x80000000 for double values that are out of range of the int32 domain - (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call - for wrap-around; for example the double value 4294967297 ought to become the - int32 value 1, not 0x80000000. + The dfgopt branch introduced the notion of a local variable being killed because it was aliased + to the Arguments object as in cases like: + + var a = arguments; + return a.length; + + This required changes to OSR exit handling - if the variable is dead but aliased to arguments, then + OSR exit should reify the arguments. But meanwhile, in tip of tree we introduced special handling for + dead variables on OSR exit. When the two were merged in r118323, the structure of the if/else branches + ended up being such that we would treat dead arguments variables as totally dead as opposed to treating + them as variables that need arguments reification. + + This fixes the structure of the relevant if/else block so that variables that are dead-but-arguments + end up being treated as reified arguments objects, while variables that are dead but not aliased to + arguments are treated as tip of tree would have treated them (initialize to Undefined). * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - -2012-05-11 Gavin Barraclough - - Introduce PropertyName class - https://bugs.webkit.org/show_bug.cgi?id=86241 - - Reviewed by Geoff Garen. - - Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type. - This change paves the way to allow for properties keyed by values that are not Identifiers. - - This change is largely a mechanical find & replace. - It also changes JSFunction's constructor to take a UString& instead of an Identifier& - (since in some cases we can no longer guarantee that we'lll have an Identifier), and - unifies Identifier's methods to obtain array indices onto PropertyName. - - The new PropertyName class retains the ability to support .impl() and .ustring(), but - in a future patch we may need to rework this, since not all PropertyNames should be - equal based on their string representation. - - * API/JSCallbackFunction.cpp: - (JSC::JSCallbackFunction::finishCreation): - * API/JSCallbackFunction.h: - (JSCallbackFunction): - (JSC::JSCallbackFunction::create): - * API/JSCallbackObject.h: - (JSCallbackObject): - * API/JSCallbackObjectFunctions.h: - (JSC::::getOwnPropertySlot): - (JSC::::getOwnPropertyDescriptor): - (JSC::::put): - (JSC::::deleteProperty): - (JSC::::getStaticValue): - (JSC::::staticFunctionGetter): - (JSC::::callbackGetter): - * API/JSObjectRef.cpp: - (JSObjectMakeFunctionWithCallback): - * JSCTypedArrayStubs.h: - (JSC): - * JavaScriptCore.xcodeproj/project.pbxproj: - * debugger/DebuggerActivation.cpp: - (JSC::DebuggerActivation::getOwnPropertySlot): - (JSC::DebuggerActivation::put): - (JSC::DebuggerActivation::putDirectVirtual): - (JSC::DebuggerActivation::deleteProperty): - (JSC::DebuggerActivation::getOwnPropertyDescriptor): - (JSC::DebuggerActivation::defineOwnProperty): - * debugger/DebuggerActivation.h: - (DebuggerActivation): - * jsc.cpp: - (GlobalObject::addFunction): - (GlobalObject::addConstructableFunction): - * runtime/Arguments.cpp: - (JSC::Arguments::getOwnPropertySlot): - (JSC::Arguments::getOwnPropertyDescriptor): - (JSC::Arguments::put): - (JSC::Arguments::deleteProperty): - (JSC::Arguments::defineOwnProperty): - * runtime/Arguments.h: - (Arguments): - * runtime/ArrayConstructor.cpp: - (JSC::ArrayConstructor::finishCreation): - (JSC::ArrayConstructor::getOwnPropertySlot): - (JSC::ArrayConstructor::getOwnPropertyDescriptor): - * runtime/ArrayConstructor.h: - (ArrayConstructor): - * runtime/ArrayPrototype.cpp: - (JSC::ArrayPrototype::getOwnPropertySlot): - (JSC::ArrayPrototype::getOwnPropertyDescriptor): - (JSC::putProperty): - * runtime/ArrayPrototype.h: - (ArrayPrototype): - * runtime/BooleanConstructor.cpp: - (JSC::BooleanConstructor::finishCreation): - * runtime/BooleanPrototype.cpp: - (JSC::BooleanPrototype::getOwnPropertySlot): - (JSC::BooleanPrototype::getOwnPropertyDescriptor): - * runtime/BooleanPrototype.h: - (BooleanPrototype): - * runtime/ClassInfo.h: - (MethodTable): - * runtime/DateConstructor.cpp: - (JSC::DateConstructor::finishCreation): - (JSC::DateConstructor::getOwnPropertySlot): - (JSC::DateConstructor::getOwnPropertyDescriptor): - * runtime/DateConstructor.h: - (DateConstructor): - * runtime/DatePrototype.cpp: - (JSC::DatePrototype::getOwnPropertySlot): - (JSC::DatePrototype::getOwnPropertyDescriptor): - * runtime/DatePrototype.h: - (DatePrototype): - * runtime/Error.h: - (JSC::StrictModeTypeErrorFunction::create): - * runtime/ErrorConstructor.cpp: - (JSC::ErrorConstructor::finishCreation): - * runtime/ErrorPrototype.cpp: - (JSC::ErrorPrototype::getOwnPropertySlot): - (JSC::ErrorPrototype::getOwnPropertyDescriptor): - * runtime/ErrorPrototype.h: - (ErrorPrototype): - * runtime/FunctionConstructor.cpp: - (JSC::FunctionConstructor::finishCreation): - * runtime/FunctionPrototype.cpp: - (JSC::FunctionPrototype::finishCreation): - (JSC::FunctionPrototype::addFunctionProperties): - (JSC::functionProtoFuncBind): - * runtime/FunctionPrototype.h: - (JSC::FunctionPrototype::create): - (FunctionPrototype): - * runtime/Identifier.cpp: - (JSC): - * runtime/Identifier.h: - (Identifier): - * runtime/InternalFunction.cpp: - (JSC::InternalFunction::finishCreation): - * runtime/InternalFunction.h: - (InternalFunction): - * runtime/JSActivation.cpp: - (JSC::JSActivation::symbolTableGet): - (JSC::JSActivation::symbolTablePut): - (JSC::JSActivation::symbolTablePutWithAttributes): - (JSC::JSActivation::getOwnPropertySlot): - (JSC::JSActivation::put): - (JSC::JSActivation::putDirectVirtual): - (JSC::JSActivation::deleteProperty): - (JSC::JSActivation::argumentsGetter): - * runtime/JSActivation.h: - (JSActivation): - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnProperty): - (JSC::JSArray::getOwnPropertySlot): - (JSC::JSArray::getOwnPropertyDescriptor): - (JSC::JSArray::put): - (JSC::JSArray::deleteProperty): - * runtime/JSArray.h: - (JSArray): - (JSC): - * runtime/JSBoundFunction.cpp: - (JSC::JSBoundFunction::create): - (JSC::JSBoundFunction::finishCreation): - * runtime/JSBoundFunction.h: - (JSBoundFunction): - * runtime/JSCell.cpp: - (JSC::JSCell::getOwnPropertySlot): - (JSC::JSCell::put): - (JSC::JSCell::deleteProperty): - (JSC::JSCell::putDirectVirtual): - (JSC::JSCell::defineOwnProperty): - (JSC::JSCell::getOwnPropertyDescriptor): - * runtime/JSCell.h: - (JSCell): - * runtime/JSFunction.cpp: - (JSC::JSFunction::create): - (JSC::JSFunction::finishCreation): - (JSC::JSFunction::argumentsGetter): - (JSC::JSFunction::callerGetter): - (JSC::JSFunction::lengthGetter): - (JSC::JSFunction::getOwnPropertySlot): - (JSC::JSFunction::getOwnPropertyDescriptor): - (JSC::JSFunction::put): - (JSC::JSFunction::deleteProperty): - (JSC::JSFunction::defineOwnProperty): - (JSC::getCalculatedDisplayName): - * runtime/JSFunction.h: - (JSFunction): - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::put): - (JSC::JSGlobalObject::putDirectVirtual): - (JSC::JSGlobalObject::defineOwnProperty): - (JSC::JSGlobalObject::reset): - (JSC::JSGlobalObject::createThrowTypeError): - (JSC::JSGlobalObject::getOwnPropertySlot): - (JSC::JSGlobalObject::getOwnPropertyDescriptor): - * runtime/JSGlobalObject.h: - (JSGlobalObject): - (JSC::JSGlobalObject::hasOwnPropertyForWrite): - (JSC::JSGlobalObject::symbolTableHasProperty): - * runtime/JSNotAnObject.cpp: - (JSC::JSNotAnObject::getOwnPropertySlot): - (JSC::JSNotAnObject::getOwnPropertyDescriptor): - (JSC::JSNotAnObject::put): - (JSC::JSNotAnObject::deleteProperty): - * runtime/JSNotAnObject.h: - (JSNotAnObject): - * runtime/JSONObject.cpp: - (JSC::JSONObject::getOwnPropertySlot): - (JSC::JSONObject::getOwnPropertyDescriptor): - * runtime/JSONObject.h: - (JSONObject): - * runtime/JSObject.cpp: - (JSC::JSObject::put): - (JSC::JSObject::putDirectVirtual): - (JSC::JSObject::putDirectAccessor): - (JSC::JSObject::hasProperty): - (JSC::JSObject::deleteProperty): - (JSC::JSObject::hasOwnProperty): - (JSC::callDefaultValueFunction): - (JSC::JSObject::findPropertyHashEntry): - (JSC::JSObject::getPropertySpecificValue): - (JSC::JSObject::removeDirect): - (JSC::JSObject::getOwnPropertyDescriptor): - (JSC::JSObject::getPropertyDescriptor): - (JSC::putDescriptor): - (JSC::JSObject::defineOwnProperty): - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::getDirect): - (JSC::JSObject::getDirectLocation): - (JSC::JSObject::inlineGetOwnPropertySlot): - (JSC::JSObject::getOwnPropertySlot): - (JSC::JSCell::fastGetOwnPropertySlot): - (JSC::JSObject::getPropertySlot): - (JSC::JSObject::get): - (JSC::JSObject::putDirectInternal): - (JSC::JSObject::putOwnDataProperty): - (JSC::JSObject::putDirect): - (JSC::JSObject::putDirectWithoutTransition): - (JSC::JSValue::get): - (JSC::JSValue::put): - * runtime/JSStaticScopeObject.cpp: - (JSC::JSStaticScopeObject::put): - (JSC::JSStaticScopeObject::putDirectVirtual): - (JSC::JSStaticScopeObject::getOwnPropertySlot): - * runtime/JSStaticScopeObject.h: - (JSStaticScopeObject): - * runtime/JSString.cpp: - (JSC::JSString::getOwnPropertySlot): - (JSC::JSString::getStringPropertyDescriptor): - * runtime/JSString.h: - (JSString): - (JSC::JSString::getStringPropertySlot): - * runtime/JSValue.cpp: - (JSC::JSValue::putToPrimitive): - * runtime/JSValue.h: - (JSC): - (JSValue): - * runtime/JSVariableObject.cpp: - (JSC::JSVariableObject::deleteProperty): - (JSC::JSVariableObject::symbolTableGet): - (JSC::JSVariableObject::putDirectVirtual): - * runtime/JSVariableObject.h: - (JSVariableObject): - (JSC::JSVariableObject::symbolTableGet): - (JSC::JSVariableObject::symbolTablePut): - (JSC::JSVariableObject::symbolTablePutWithAttributes): - * runtime/Lookup.cpp: - (JSC::setUpStaticFunctionSlot): - * runtime/Lookup.h: - (JSC::HashTable::entry): - (JSC): - (JSC::getStaticPropertySlot): - (JSC::getStaticPropertyDescriptor): - (JSC::getStaticFunctionSlot): - (JSC::getStaticFunctionDescriptor): - (JSC::getStaticValueSlot): - (JSC::getStaticValueDescriptor): - (JSC::lookupPut): - * runtime/MathObject.cpp: - (JSC::MathObject::getOwnPropertySlot): - (JSC::MathObject::getOwnPropertyDescriptor): - * runtime/MathObject.h: - (MathObject): - * runtime/NativeErrorConstructor.h: - (JSC::NativeErrorConstructor::finishCreation): - * runtime/NumberConstructor.cpp: - (JSC): - (JSC::NumberConstructor::finishCreation): - (JSC::NumberConstructor::getOwnPropertySlot): - (JSC::NumberConstructor::getOwnPropertyDescriptor): - (JSC::NumberConstructor::put): - (JSC::numberConstructorNaNValue): - (JSC::numberConstructorNegInfinity): - (JSC::numberConstructorPosInfinity): - (JSC::numberConstructorMaxValue): - (JSC::numberConstructorMinValue): - * runtime/NumberConstructor.h: - (NumberConstructor): - * runtime/NumberPrototype.cpp: - (JSC::NumberPrototype::getOwnPropertySlot): - (JSC::NumberPrototype::getOwnPropertyDescriptor): - * runtime/NumberPrototype.h: - (NumberPrototype): - * runtime/ObjectConstructor.cpp: - (JSC::ObjectConstructor::finishCreation): - (JSC::ObjectConstructor::getOwnPropertySlot): - (JSC::ObjectConstructor::getOwnPropertyDescriptor): - * runtime/ObjectConstructor.h: - (ObjectConstructor): - * runtime/ObjectPrototype.cpp: - (JSC::ObjectPrototype::put): - (JSC::ObjectPrototype::defineOwnProperty): - (JSC::ObjectPrototype::getOwnPropertySlot): - (JSC::ObjectPrototype::getOwnPropertyDescriptor): - * runtime/ObjectPrototype.h: - (ObjectPrototype): - * runtime/PropertySlot.h: - (PropertySlot): - (JSC::PropertySlot::getValue): - * runtime/RegExpConstructor.cpp: - (JSC): - (JSC::RegExpConstructor::finishCreation): - (JSC::RegExpConstructor::getOwnPropertySlot): - (JSC::RegExpConstructor::getOwnPropertyDescriptor): - (JSC::regExpConstructorDollar1): - (JSC::regExpConstructorDollar2): - (JSC::regExpConstructorDollar3): - (JSC::regExpConstructorDollar4): - (JSC::regExpConstructorDollar5): - (JSC::regExpConstructorDollar6): - (JSC::regExpConstructorDollar7): - (JSC::regExpConstructorDollar8): - (JSC::regExpConstructorDollar9): - (JSC::regExpConstructorInput): - (JSC::regExpConstructorMultiline): - (JSC::regExpConstructorLastMatch): - (JSC::regExpConstructorLastParen): - (JSC::regExpConstructorLeftContext): - (JSC::regExpConstructorRightContext): - (JSC::RegExpConstructor::put): - * runtime/RegExpConstructor.h: - (RegExpConstructor): - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::getOwnPropertySlot): - (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): - (JSC::RegExpMatchesArray::put): - (JSC::RegExpMatchesArray::deleteProperty): - (JSC::RegExpMatchesArray::defineOwnProperty): - * runtime/RegExpObject.cpp: - (JSC): - (JSC::RegExpObject::getOwnPropertySlot): - (JSC::RegExpObject::getOwnPropertyDescriptor): - (JSC::RegExpObject::deleteProperty): - (JSC::RegExpObject::defineOwnProperty): - (JSC::regExpObjectGlobal): - (JSC::regExpObjectIgnoreCase): - (JSC::regExpObjectMultiline): - (JSC::regExpObjectSource): - (JSC::RegExpObject::put): - * runtime/RegExpObject.h: - (RegExpObject): - * runtime/RegExpPrototype.cpp: - (JSC::RegExpPrototype::getOwnPropertySlot): - (JSC::RegExpPrototype::getOwnPropertyDescriptor): - * runtime/RegExpPrototype.h: - (RegExpPrototype): - * runtime/StrictEvalActivation.cpp: - (JSC::StrictEvalActivation::deleteProperty): - * runtime/StrictEvalActivation.h: - (StrictEvalActivation): - * runtime/StringConstructor.cpp: - (JSC::StringConstructor::finishCreation): - (JSC::StringConstructor::getOwnPropertySlot): - (JSC::StringConstructor::getOwnPropertyDescriptor): - * runtime/StringConstructor.h: - (StringConstructor): - * runtime/StringObject.cpp: - (JSC::StringObject::getOwnPropertySlot): - (JSC::StringObject::getOwnPropertyDescriptor): - (JSC::StringObject::put): - (JSC::StringObject::defineOwnProperty): - (JSC::StringObject::deleteProperty): - * runtime/StringObject.h: - (StringObject): - * runtime/StringPrototype.cpp: - (JSC::StringPrototype::getOwnPropertySlot): - (JSC::StringPrototype::getOwnPropertyDescriptor): - * runtime/StringPrototype.h: - (StringPrototype): - * runtime/Structure.cpp: - (JSC::Structure::despecifyDictionaryFunction): - (JSC::Structure::addPropertyTransitionToExistingStructure): - (JSC::Structure::addPropertyTransition): - (JSC::Structure::removePropertyTransition): - (JSC::Structure::despecifyFunctionTransition): - (JSC::Structure::attributeChangeTransition): - (JSC::Structure::addPropertyWithoutTransition): - (JSC::Structure::removePropertyWithoutTransition): - (JSC::Structure::get): - (JSC::Structure::despecifyFunction): - (JSC::Structure::putSpecificValue): - (JSC::Structure::remove): - * runtime/Structure.h: - (Structure): - (JSC::Structure::get): - -2012-05-11 Michael Saboff - - Rolling out r116659. - - Causes ASSERT failures on bots. - - Rubber stamped by Geoff Garen. - - * heap/Heap.cpp: - (JSC::Heap::markRoots): - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::markingThreadMain): - (JSC::MarkStackThreadSharedData::markingThreadStartFunc): - (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): - (JSC::MarkStackThreadSharedData::reset): - (JSC::MarkStack::reset): - (JSC): - (JSC::SlotVisitor::copyAndAppend): - * heap/MarkStack.h: - (MarkStackThreadSharedData): - (MarkStack): - * runtime/JSString.h: - (JSString): - (JSC::JSString::finishCreation): - (JSC::JSString::is8Bit): - (JSC::JSRopeString::finishCreation): + (JSC::DFG::SpeculativeJIT::compile): -2012-05-11 Oliver Hunt +2012-05-24 Csaba Osztrogonác - Appease thread verifier when dealing with the JSC API's shared VM - https://bugs.webkit.org/show_bug.cgi?id=86268 + Unreviewed 32 bit buildfix after r118325. - Reviewed by Geoffrey Garen. + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): Use ASSERT_UNUSED instead ASSERT. - If we're the shared VM, just disable the verifier. This makes debug builds - livable against non-webkit clients. +2012-05-23 Filip Pizlo - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): + DFG operationTearOffActivation should return after handling the null activation case + https://bugs.webkit.org/show_bug.cgi?id=87348 + -2012-05-11 Filip Pizlo + Reviewed by Oliver Hunt. - JIT memory allocator is not returning memory to the OS on Darwin - https://bugs.webkit.org/show_bug.cgi?id=86047 + * dfg/DFGOperations.cpp: - Reviewed by Geoff Garen. +2012-05-23 Filip Pizlo - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree): + Unreviewed, merge the arguments fix in r118138 to get bots green. -2012-05-11 Geoffrey Garen + * dfg/DFGArgumentsSimplificationPhase.cpp: + (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse): - Clarified JSGlobalData (JavaScript VM) lifetime - https://bugs.webkit.org/show_bug.cgi?id=85142 +2012-05-20 Filip Pizlo - Reviewed by Alexey Proskuryakov. + DFG CFA should record if a node can OSR exit + https://bugs.webkit.org/show_bug.cgi?id=86905 - (Follow-up fix.) + Reviewed by Oliver Hunt. + + Merged r117931 from dfgopt. + + Adds a NodeFlag that denotes nodes that are known to not have OSR exits. + This ought to aid any backwards analyses that need to know when a + backward flow merge might happen due to a side exit. + + Also added assertions into speculationCheck() that ensure that we did not + mark a node as non-exiting and then promptly compile in an exit. This + helped catch some minor bugs where we were doing unnecessary speculation + checks. + + This is a perf-neutral change. The speculation checks that this removes + were not on hot paths of major benchmarks. - * API/JSContextRef.cpp: - (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef. - (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on - test, because apps might have been linked on older OS's.) + * bytecode/PredictedType.h: + (JSC): + (JSC::isAnyPrediction): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGAbstractState.h: + (JSC::DFG::AbstractState::speculateInt32Unary): + (AbstractState): + (JSC::DFG::AbstractState::speculateNumberUnary): + (JSC::DFG::AbstractState::speculateBooleanUnary): + (JSC::DFG::AbstractState::speculateInt32Binary): + (JSC::DFG::AbstractState::speculateNumberBinary): + * dfg/DFGNode.h: + (JSC::DFG::Node::mergeFlags): + (JSC::DFG::Node::filterFlags): + (Node): + (JSC::DFG::Node::setCanExit): + (JSC::DFG::Node::canExit): + * dfg/DFGNodeFlags.cpp: + (JSC::DFG::nodeFlagsAsString): + * dfg/DFGNodeFlags.h: + (DFG): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::checkArgumentTypes): + (JSC::DFG::SpeculativeJIT::compileValueToInt32): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::speculationCheck): + (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): + (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): + (SpeculativeJIT): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): + (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): + (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): + (JSC::DFG::SpeculativeJIT::compile): -2012-05-11 Sam Weinig +2012-05-20 Filip Pizlo - Fix crash seen when running with libgmalloc - - https://bugs.webkit.org/show_bug.cgi?id=86232 + DFG should not do unnecessary indirections when storing to objects + https://bugs.webkit.org/show_bug.cgi?id=86959 - Reviewed by Gavin Barraclough. + Reviewed by Oliver Hunt. + + Merged r117819 from dfgopt. - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::markingThreadMain): - Don't delete the SlotVisitor before the ParallelModeEnabler has had a chance to run its - destructor. + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::getByOffsetLoadElimination): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): -2012-05-10 Gavin Barraclough +2012-05-17 Filip Pizlo - Remove op_get_callee + DFG should optimize aliased uses of the Arguments object of the current call frame + https://bugs.webkit.org/show_bug.cgi?id=86552 - Rubber stamped by Geoff Garen. + Reviewed by Geoff Garen. + + Merged r117542 and r117543 from dfgopt. - This is now redundant. + Performs must-alias and escape analysis on uses of CreateArguments, and if + a variable is must-aliased to CreateArguments and does not escape, then we + turn all uses of that variable into direct arguments accesses. + + 36% speed-up on V8/earley leading to a 2.3% speed-up overall in V8. - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - * jit/JIT.h: - * jit/JITOpcodes.cpp: - (JSC): - * jit/JITOpcodes32_64.cpp: - (JSC): - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - -2012-05-10 Gavin Barraclough - - Cache inheritorID on JSFunction - https://bugs.webkit.org/show_bug.cgi?id=85853 - - Reviewed by Geoff Garen & Filip Pizlo. - - An object's prototype is indicated via its structure. To create an otherwise - empty object with object A as its prototype, we require a structure with its - prototype set to point to A. We wish to use this same structure for all empty - objects created with a prototype of A, so we presently store this structure as - a property of A, known as the inheritorID. - - When a function F is invoked as a constructor, where F has a property 'prototype' - set to point to A, in order to create the 'this' value for the constructor to - use the following steps are taken: - - the 'prototype' proptery of F is read, via a regular [[Get]] access. - - the inheritorID internal property of the prototype is read. - - a new, empty object is constructed with its structure set to point to inheritorID. - - There are two drawbacks to the current approach: - - it requires that every object has an inheritorID field. - - it requires a [[Get]] access on every constructor call to access the 'prototype' property. - - Instead, switch to caching a copy of the inheritorID on the function. Constructor - calls now only need read the internal property from the callee, saving a [[Get]]. - This also means that JSObject::m_inheritorID is no longer commonly read, and in a - future patch we can move to storing this in a more memory efficient fashion. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::uncheckedArgumentsRegister): + * bytecode/ValueRecovery.h: + (JSC::ValueRecovery::argumentsThatWereNotCreated): + (ValueRecovery): + (JSC::ValueRecovery::dump): * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): + * dfg/DFGAdjacencyList.h: + (AdjacencyList): + (JSC::DFG::AdjacencyList::removeEdgeFromBag): + * dfg/DFGArgumentsSimplificationPhase.cpp: + (JSC::DFG::ArgumentsSimplificationPhase::run): + (ArgumentsSimplificationPhase): + (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse): + (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses): + (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse): + (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize): + (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::argumentsRegisterFor): + (AssemblyHelpers): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCFGSimplificationPhase.cpp: + (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference): + * dfg/DFGGPRInfo.h: + (GPRInfo): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::collectGarbage): + (DFG): + * dfg/DFGGraph.h: + (Graph): + (JSC::DFG::Graph::executableFor): + (JSC::DFG::Graph::argumentsRegisterFor): + (JSC::DFG::Graph::uncheckedArgumentsRegisterFor): + (JSC::DFG::Graph::clobbersWorld): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasHeapPrediction): * dfg/DFGNodeType.h: (DFG): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOSRExitCompiler.h: + (JSC::DFG::OSRExitCompiler::OSRExitCompiler): + (OSRExitCompiler): + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::ValueSource::dump): + (JSC::DFG::SpeculativeJIT::compile): + (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateJSFunction): + * dfg/DFGVariableAccessData.h: + (JSC::DFG::VariableAccessData::VariableAccessData): + (JSC::DFG::VariableAccessData::mergeIsArgumentsAlias): + (VariableAccessData): + (JSC::DFG::VariableAccessData::isArgumentsAlias): * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_create_this): - (JSC::JIT::emitSlow_op_create_this): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_create_this): - (JSC::JIT::emitSlow_op_create_this): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - * runtime/JSFunction.cpp: - (JSC::JSFunction::JSFunction): - (JSC::JSFunction::cacheInheritorID): - (JSC): - (JSC::JSFunction::put): - (JSC::JSFunction::defineOwnProperty): - * runtime/JSFunction.h: - (JSC::JSFunction::cachedInheritorID): - (JSFunction): - (JSC::JSFunction::offsetOfCachedInheritorID): - -2012-05-10 Michael Saboff - - Enh: Hash Const JSString in Backing Stores to Save Memory - https://bugs.webkit.org/show_bug.cgi?id=86024 + (JSC::JIT::emitSlow_op_get_argument_by_val): - Reviewed by Filip Pizlo. +2012-05-23 Filip Pizlo - During garbage collection, each marking thread keeps a HashMap of - strings. While visiting via MarkStack::copyAndAppend(), we check to - see if the string we are visiting is already in the HashMap. If not - we add it. If so, we change the reference to the current string we're - visiting to the prior string. + DFGCapabilities should not try to get an arguments register from code blocks that don't have one + https://bugs.webkit.org/show_bug.cgi?id=87332 - To somewhat reduce the performance impact of this change, if a string - is unique at the end of a marking it will not be checked during further - GC phases. In some cases this won't catch all duplicates, but we are - trying to catch the growth of duplicate strings. + Reviewed by Andy Estes. - * heap/Heap.cpp: - (JSC::Heap::markRoots): - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::resetChildren): New method called by the - main thread to reset the slave threads. This is primarily done to - clear the m_uniqueStrings HashMap. - (JSC): - (JSC::MarkStackThreadSharedData::markingThreadMain): - (JSC::MarkStackThreadSharedData::markingThreadStartFunc): - (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): - (JSC::MarkStackThreadSharedData::reset): - (JSC::MarkStack::reset): Added call to clear m_uniqueStrings. - (JSC::MarkStack::internalAppend): New method that performs the hash consting. - (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash consting - internalAppend() - * heap/MarkStack.h: - (MarkStackThreadSharedData): - (MarkStack): - (JSC::MarkStack::sharedData): - * runtime/JSString.h: - (JSString): Added m_isHashConstSingleton flag, accessors for the flag and - code to initialize the flag. - (JSC::JSString::finishCreation): - (JSC::JSString::isHashConstSingleton): - (JSC::JSString::clearHashConstSingleton): - (JSC::JSString::setHashConstSingleton): - (JSC::JSRopeString::finishCreation): + * dfg/DFGCapabilities.h: + (JSC::DFG::canInlineOpcode): -2012-05-09 Filip Pizlo +2012-05-23 Filip Pizlo - JIT memory allocator is not returning memory to the OS on Darwin - https://bugs.webkit.org/show_bug.cgi?id=86047 - + DFG should have sparse conditional constant propagation + https://bugs.webkit.org/show_bug.cgi?id=86580 - Reviewed by Geoff Garen. + Reviewed by Oliver Hunt. - Work around the problem by using a different madvise() flag, but only for the JIT memory - allocator. Also put in ASSERTs that the call is actually working. - - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage): - (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree): - -2012-05-09 Filip Pizlo - - It should be possible to get useful debug logging from the JIT memory allocator - https://bugs.webkit.org/show_bug.cgi?id=86042 - - Reviewed by Geoff Garen. - - * jit/ExecutableAllocator.h: - -2012-05-09 Gavin Barraclough - - GC race condition in OpaqueJSClass::prototype - https://bugs.webkit.org/show_bug.cgi?id=86034 - - Build fix. - - * API/JSClassRef.cpp: - (OpaqueJSClass::prototype): - - Eeeep, landed bad version of patch! - -2012-05-09 Gavin Barraclough - - GC race condition in OpaqueJSClass::prototype - https://bugs.webkit.org/show_bug.cgi?id=86034 - - Reviewed by Filip Pizlo. - - The bug here is basically: - if (weakref) weakref->method() - where a GC may occur between the if & the method call. - - * API/JSClassRef.cpp: - (OpaqueJSClass::prototype): - -2012-05-09 Mark Hahnenberg - - CopiedSpace does not add pinned blocks back to the to-space filter - https://bugs.webkit.org/show_bug.cgi?id=86011 - - Reviewed by Geoffrey Garen. - - After a collection has finished, we go through the blocks in from-space - and move any of them that are pinned into to-space. At the beginning of - collection, we reset the to-space block filter that is used during - conservative scanning and add back the blocks that are filled during the - collection. However, we neglect to add back those blocks that are moved - from from-space to to-space, which can cause the conservative scan to - think that some pinned items are not actually in CopiedSpace. - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the - to-space filter. Also added a comment and assert for future readers that - indicates that it's okay that we don't also add the block to the - to-space block set since it was never removed. - - -2012-05-09 Carlos Garcia Campos - - [GTK] Use independent version numbers for public libraries - https://bugs.webkit.org/show_bug.cgi?id=85984 - - Reviewed by Gustavo Noronha Silva. - - * GNUmakefile.am: Use LIBJAVASCRIPTCOREGTK_VERSION for library - version. - -2012-05-09 Carlos Garcia Campos - - [GTK] Do not install JavaScriptCore platform-specific headers - https://bugs.webkit.org/show_bug.cgi?id=85983 - - Reviewed by Gustavo Noronha Silva. - - JavaScriptCore.h includes JSStringRefCF.h unconditionally. It was - renamed to JavaScript.h in r29234 and it still exists for - compatibility with mac and windows users. - - * GNUmakefile.list.am: Remove JavaScriptCore.h, JSStringRefCF.h - and JSStringRefBSTR.h from the sources and headers list. - -2012-05-08 Gavin Barraclough - - ROLLING OUT r114255 + Merged r117370 from dfgopt. - GC in the middle of JSObject::allocatePropertyStorage can cause badness - https://bugs.webkit.org/show_bug.cgi?id=83839 - - Reviewed by nobody. - - This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * runtime/JSObject.cpp: - (JSC::JSObject::allocatePropertyStorage): - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::isUsingInlineStorage): - (JSC): - (JSC::JSObject::putDirectInternal): - (JSC::JSObject::putDirectWithoutTransition): - (JSC::JSObject::transitionTo): - * runtime/Structure.cpp: - (JSC): - * runtime/Structure.h: - (JSC::Structure::didTransition): - -2012-05-08 Mark Hahnenberg - - Heap should not continually allocate new pages in steady state - https://bugs.webkit.org/show_bug.cgi?id=85936 - - Reviewed by Geoff Garen. - - Currently, in steady state (i.e. a constant amount of live GC - memory with a constant rate of allocation) assuming we've just - finished a collection with X live blocks in CopiedSpace, we - increase our working set by X blocks in CopiedSpace with each - collection we perform. This is due to the fact that we allocate - until we run out of free blocks to use in the Heap before we - consider whether we should run a collection. - - In the longer term, this issue will be mostly resolved by - implementing quick release for the CopiedSpace. In the shorter - term, we should change our policy to check whether we should - allocate before trying to use a free block from the Heap. We - can change our policy to something more appropriate once we - have implemented quick release. - - This change should also have the convenient side effect of - reducing the variance in GC-heavy tests (e.g. v8-splay) due - to fact that we are doing less VM allocation during copying - collection. Overall, this patch is performance neutral across - the benchmarks we track. - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator - around so that we only do it if the block request must succeed - i.e. after we've already checked whether we should do a collection. - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::allocateSlowCase): Ditto. - (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this - function because by the time we've called it, we've already checked whether we - should run a collection so there's no point in returning null. - * heap/MarkedAllocator.h: Removing old arguments from function declaration. - (MarkedAllocator): - -2012-05-08 Gavin Barraclough - - SIGFPE on divide in classic interpreter - https://bugs.webkit.org/show_bug.cgi?id=85917 - - Rubber stamped by Oliver Hunt. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - - check for divisor of -1. - -2012-05-07 Oliver Hunt - - Rolling out r110287 - - RS=Filip Pizlo - - r110287 was meant to be refactoring only, but changed behavior - enough to break some websites, including qq.com. - -2012-05-07 Andy Estes - - ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES. - - * Configurations/FeatureDefines.xcconfig: - -2012-05-07 Oliver Hunt - - Fix release build. - - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - -2012-05-07 Oliver Hunt - - LLInt doesn't check for Ropes when performing a character switch - https://bugs.webkit.org/show_bug.cgi?id=85837 - - Reviewed by Filip Pizlo. - - Make LLint check if the scrutinee of a char switch is a rope, and if - so fall back to a slow case. + This enhances CFA so that if it suspects at any point during the fixpoint that a + branch will only go one way, then it only propagates in that one way. + + This vastly increases the opportunities for CFG simplification. For example, it + enables us to evaporate this loop: + + for (var i = 0; i < 1; ++i) doThings(i); + + As a result, it uncovered loads of bugs in the CFG simplifier. In particular: + + - Phi fixup was assuming that all Phis worth fixing up are shouldGenerate(). + That's not true; we also fixup Phis that are dead. + + - GetLocal fixup was assuming that it's only necessary to rewire links to a + GetLocal, and that the GetLocal's own links don't need to be rewired. Untrue, + because the GetLocal may not be rewirable (first block has no GetLocal for r42 + but second block does have a GetLocal), in which case it will refer to a Phi + in the second block. We need it to refer to a Phi from the first block to + ensure that subsequent transformations work. + + - Tail operand fixup was ignoring the fact that Phis in successors may contain + references to the children of our tail variables. Hence, successor Phi child + substitution needs to use the original second block variable table as its + prior, rather than trying to reconstruct the prior later (since by that point + the children of the second block's tail variables will have been fixed up, so + we will not know what the prior would have been). - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (LLInt): - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::beginBasicBlock): + (JSC::DFG::AbstractState::endBasicBlock): + (JSC::DFG::AbstractState::reset): + (JSC::DFG::AbstractState::execute): + (JSC::DFG::AbstractState::mergeToSuccessors): + * dfg/DFGAbstractState.h: + (JSC::DFG::AbstractState::branchDirectionToString): + (AbstractState): + * dfg/DFGCFGSimplificationPhase.cpp: + (JSC::DFG::CFGSimplificationPhase::run): + (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference): + (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution): + (OperandSubstitution): + (JSC::DFG::CFGSimplificationPhase::skipGetLocal): + (JSC::DFG::CFGSimplificationPhase::recordPossibleIncomingReference): + (CFGSimplificationPhase): + (JSC::DFG::CFGSimplificationPhase::fixTailOperand): + (JSC::DFG::CFGSimplificationPhase::mergeBlocks): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::changeEdge): -2012-05-07 Eric Seidel +2012-05-23 Ojan Vafai - Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed - https://bugs.webkit.org/show_bug.cgi?id=85822 + add back the ability to disable flexbox + https://bugs.webkit.org/show_bug.cgi?id=87147 - Reviewed by Adam Barth. + Reviewed by Tony Chang. * Configurations/FeatureDefines.xcconfig: -2012-05-05 Gavin Barraclough - - Remove TrustedImm32::m_isPointer - https://bugs.webkit.org/show_bug.cgi?id=85726 - - Rubber stamped by Sam Weinig. - - We used to rely on being able to generate code with known, fixed offsets – to do so we - would inhibit more optimal code generation for pointers. This is no longer necessary. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32): - (TrustedImm32): - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::store32): - (JSC::MacroAssemblerARM::move): - (JSC::MacroAssemblerARM::branch32): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::move): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::add32): - (JSC::MacroAssemblerMIPS::and32): - (JSC::MacroAssemblerMIPS::mul32): - (JSC::MacroAssemblerMIPS::or32): - (JSC::MacroAssemblerMIPS::sub32): - (JSC::MacroAssemblerMIPS::store32): - (JSC::MacroAssemblerMIPS::move): - -2012-05-04 Filip Pizlo +2012-05-23 Filip Pizlo - DFG should not Flush GetLocal's - https://bugs.webkit.org/show_bug.cgi?id=85663 - + Unreviewed, fix Windows build. - Reviewed by Oliver Hunt. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::flushArgument): - (JSC::DFG::ByteCodeParser::handleCall): + * bytecode/CodeBlock.h: + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + (JSC::DFG::canCompileOpcodes): + * dfg/DFGCommon.h: + (DFG): -2012-05-04 Allan Sandfeld Jensen +2012-05-23 Filip Pizlo - Doesn't build with ENABLE_JIT=0 - https://bugs.webkit.org/show_bug.cgi?id=85042 + DFG should optimize inlined uses of arguments.length and arguments[i] + https://bugs.webkit.org/show_bug.cgi?id=86327 Reviewed by Gavin Barraclough. + + Merged r117017 from dfgopt. + + Turns inlined uses of arguments.length into a constant. + + Turns inlined uses of arguments[constant] into a direct reference to the + argument. + + Big win on micro-benchmarks. Not yet a win on V8 because the hot uses of + arguments.length and arguments[i] are aliased. I'll leave the aliasing + optimizations to a later patch. - * bytecode/Operands.h: - -2012-05-03 Oliver Hunt - - Regression(r114702): Clobbering the caller frame register before we've stored it. - https://bugs.webkit.org/show_bug.cgi?id=85564 - - Reviewed by Filip Pizlo. - - Don't use t0 as a temporary, when we're about to use the value in t0. - - * llint/LowLevelInterpreter32_64.asm: - -2012-05-03 Mark Hahnenberg - - Removing remainder of accidental printfs. - - * heap/Heap.cpp: - (JSC::Heap::collect): - -2012-05-03 Andy Estes - - If you add printf()s to your garbage collector, the layout tests are gonna have a bad time. - - * runtime/GCActivityCallbackCF.cpp: - (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): - -2012-05-03 Mark Hahnenberg - - Heap::reportAbandonedObjectGraph should not hasten an allocation-triggered collection - https://bugs.webkit.org/show_bug.cgi?id=85543 - - Reviewed by Filip Pizlo. - - Currently reportAbandonedObjectGraph causes the Heap to think it is closer to its - allocation limit for the current cycle, thus hastening an allocation-triggered collection. - In reality, it should just affect the opportunistic GC timer. We should track the bytes - we think have been abandoned and the bytes that have been allocated separately. - - * heap/Heap.cpp: Added a new field m_abandonedBytes to Heap to keep track of how much - we think we've abandoned. - (JSC::Heap::Heap): - (JSC::Heap::reportAbandonedObjectGraph): - (JSC): - (JSC::Heap::didAbandon): Added this function for reportAbandonedObjectGraph to call - rather than didAllocate. Works the same as didAllocate, but modifies bytes abandoned rather - than bytes allocated. Also notifies the timer, summing the two values together. - (JSC::Heap::collect): - (JSC::Heap::didAllocate): Now adds the bytes allocated and bytes abandoned when reporting - to GCActivityCallback. - * heap/Heap.h: - (Heap): - -2012-05-02 Eric Seidel - - Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate) - https://bugs.webkit.org/show_bug.cgi?id=85433 - - Reviewed by Adam Barth. - - I have a script which can autogenerate these xcconfig files as well as the - vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists - from a central feature list file. - In preparation for posting such a tool, I'm re-sorting these xcconfig files to be - alphabetically ordered (currently they're close, but not quite). - There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which - I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch. - - * Configurations/FeatureDefines.xcconfig: + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/DFGExitProfile.h: + (FrequentExitSite): + (JSC::DFG::FrequentExitSite::FrequentExitSite): + (JSC::DFG::QueryableExitProfile::hasExitSite): + (QueryableExitProfile): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGArgumentsSimplificationPhase.cpp: Added. + (DFG): + (ArgumentsSimplificationPhase): + (JSC::DFG::ArgumentsSimplificationPhase::ArgumentsSimplificationPhase): + (JSC::DFG::ArgumentsSimplificationPhase::run): + (JSC::DFG::performArgumentsSimplification): + * dfg/DFGArgumentsSimplificationPhase.h: Added. + (DFG): + * dfg/DFGAssemblyHelpers.cpp: + (JSC::DFG::AssemblyHelpers::executableFor): + (DFG): + * dfg/DFGAssemblyHelpers.h: + (AssemblyHelpers): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::getLocalLoadElimination): + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGDriver.cpp: + (JSC::DFG::compile): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::Graph): + (JSC::DFG::Graph::executableFor): + (Graph): + (JSC::DFG::Graph::clobbersWorld): + * dfg/DFGNode.h: + (JSC::DFG::Node::convertToConstant): + (JSC::DFG::Node::convertToGetLocalUnlinked): + (Node): + (JSC::DFG::Node::unlinkedLocal): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): -2012-05-02 Hojong Han +2012-05-13 Filip Pizlo - ARM_TRADITIONAL build fix - https://bugs.webkit.org/show_bug.cgi?id=85358 + DFG should be able to optimize foo.apply(bar, arguments) + https://bugs.webkit.org/show_bug.cgi?id=86306 Reviewed by Gavin Barraclough. + + Merge r116912 from dfgopt. + + Enables compilation of op_jneq_ptr and some forms of op_call_varargs. + + Also includes a bunch of bug fixes that were made necessary by the increased + pressure on the CFG simplifier. + + This is a 1-2% win on V8. - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::lshift32): - (MacroAssemblerARM): - (JSC::MacroAssemblerARM::or32): - (JSC::MacroAssemblerARM::urshift32): - (JSC::MacroAssemblerARM::xor32): - (JSC::MacroAssemblerARM::branchSub32): - -2012-05-02 Mark Hahnenberg - - Opportunistic GC should give up if the Heap is paged out - https://bugs.webkit.org/show_bug.cgi?id=85411 - - Reviewed by Filip Pizlo. - - Opportunistic GC is punishing us severely in limited memory situations because its - assumptions about how much time a collection will take are way out of whack when the Heap - has been paged out by the OS. We should add a simple detection function to the Heap that - detects if its is paged out. It will do this by iterating each block of both the MarkedSpace - and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms), - the function returns true. This function will only be run prior to an opportunistic - collection (i.e. it will not run during our normal allocation-triggered collections). - - In my tests, steady state was drastically improved in high memory pressure situations (i.e. - the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC - would be triggered due to pages doing things in the background, which would cause a - significant pause. As we close pages we now cause normal collections rather than full - collections, which prevents us from collecting all of the dead memory immediately. One - nice way to deal with this issue might be to do incremental sweeping. - - - * heap/CopiedSpace.cpp: - (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over - to-space, from-space, and the oversize blocks. - (JSC): - (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out - by iterating all of the blocks. - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/Heap.cpp: - (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the - MarkedSpace and CopiedSpace if they are paged out. - (JSC): - * heap/Heap.h: - (Heap): - (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off - each time it determines that the Heap is paged out. - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's - list of blocks are paged out. - (JSC): - * heap/MarkedAllocator.h: - (MarkedAllocator): - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out. - * heap/MarkedSpace.h: - (MarkedSpace): - * runtime/GCActivityCallback.cpp: - (JSC::DefaultGCActivityCallback::cancel): - (JSC): - * runtime/GCActivityCallback.h: - (JSC::GCActivityCallback::cancel): - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining - whether the Heap is paged out or not. - (JSC): - (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we - should attempt a collection based on whether or not we can iterate the blocks of the Heap in - 100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to - do a collection. This gives us a nice linear backoff so we're not constantly re-trying in - steady state paged-out-ness. - (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing - exactly the same thing as willCollect, is more obvious as to what it's doing when we call it - in timerDidFire. - -2012-05-02 Yong Li - - Fix GCC X86 build error - https://bugs.webkit.org/show_bug.cgi?id=85379 - - Reviewed by Rob Buis. - - Always explicitly claim ".text" to make sure - functions defined with inline assembly will be - created in the correct section. - - * dfg/DFGOperations.cpp: - (JSC): - -2012-05-02 Oliver Hunt - - Unreviewed, rolling out r115388. - http://trac.webkit.org/changeset/115388 - https://bugs.webkit.org/show_bug.cgi?id=85011 - - This caused many weird performance problems, and needs to be - landed in pieces. - - * dfg/DFGOperations.cpp: - * heap/Heap.cpp: - (JSC::Heap::getConservativeRegisterRoots): - (JSC::Heap::markRoots): - * interpreter/CallFrame.cpp: - (JSC::CallFrame::dumpCaller): - (JSC): - * interpreter/CallFrame.h: - (JSC::ExecState::init): - (ExecState): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): - (JSC::Interpreter::prepareForRepeatCall): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC::Interpreter::execute): - * interpreter/RegisterFile.cpp: - (JSC::RegisterFile::growSlowCase): - (JSC::RegisterFile::gatherConservativeRoots): - * interpreter/RegisterFile.h: - (JSC::RegisterFile::end): - (JSC::RegisterFile::size): - (JSC::RegisterFile::addressOfEnd): - (RegisterFile): - (JSC::RegisterFile::RegisterFile): - (JSC::RegisterFile::shrink): - (JSC::RegisterFile::grow): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC::jitCompileFor): - (JSC::lazyLinkFor): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::handleHostCall): - * llint/LowLevelInterpreter.asm: - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): - -2012-05-01 Oliver Hunt - - Physijs demo crashes due to DFG not updating topCallFrame correctly. - https://bugs.webkit.org/show_bug.cgi?id=85311 - - Reviewed by Filip Pizlo. - - A few of the dfg operations failed to correctly set the topCallFrame, - and so everything goes wrong. This patch corrects the effected operations, - and makes debug builds poison topCallFrame before calling a dfg operation. - - * dfg/DFGOperations.cpp: - (JSC::DFG::putByVal): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::prepareForExternalCall): - (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): - (JSC::DFG::SpeculativeJIT::appendCallSetResult): - -2012-04-30 Gavin Barraclough - - Should be able to use YARR JIT without the JS language JIT - https://bugs.webkit.org/show_bug.cgi?id=85252 - - Reviewed by Geoff Garen. - - Need to split canUseRegExpJIT out of canUseJIT. - - * runtime/JSGlobalData.cpp: - (JSC): - (JSC::useJIT): - (JSC::JSGlobalData::JSGlobalData): - - replace m_canUseJIT with m_canUseAssembler - * runtime/JSGlobalData.h: - (JSGlobalData): - (JSC::JSGlobalData::canUseRegExpJIT): - - Added canUseRegExpJIT, distinct from canUseJIT. - * runtime/RegExp.cpp: - (JSC::RegExp::compile): - (JSC::RegExp::compileMatchOnly): - - Call canUseRegExpJIT instead of canUseJIT. - -2012-04-30 Gavin Barraclough - - Should be able to build YARR JIT without the JS language JIT - https://bugs.webkit.org/show_bug.cgi?id=85242 - - Reviewed by Michael Saboff. - - Some build macros are wrong. - - * assembler/RepatchBuffer.h: - * jit/ExecutableAllocator.h: - (JSC): - * jit/JITExceptions.cpp: - * runtime/InitializeThreading.cpp: - (JSC::initializeThreadingOnce): - -2012-04-26 Gavin Barraclough - - Arguments object resets attributes on redefinition of a parameter - https://bugs.webkit.org/show_bug.cgi?id=84994 - - Rubber stamped by Oliver Hunt. - - There is a bug that we always re-add the original property before - redefinition, doing so in a way that will reset the attributes - without checking configurability. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - - Only instantiate the property once - do not re-add if - it has already been added, or if it has been deleted. - -2012-04-30 Ryosuke Niwa - - Remove an erroneous assertion after r115655. - - * runtime/NumberPrototype.cpp: - (JSC::toUStringWithRadix): - -2012-04-30 Myles Maxfield - - End of Interpreter::tryCacheGetByID can trigger the garbage collector - https://bugs.webkit.org/show_bug.cgi?id=84927 - - Reviewed by Oliver Hunt. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::tryCacheGetByID): - -2012-04-30 Benjamin Poulain - - jsSingleCharacterString and jsSingleCharacterSubstring are not inlined - https://bugs.webkit.org/show_bug.cgi?id=85147 - - Reviewed by Darin Adler. - - The functions jsSingleCharacterString() and jsSingleCharacterSubstring() were not inlined - by the compiler. This annihilate the gains of using SmallStrings. - - On stringProtoFuncCharAt(), this patch improves the performance by 11%. - - * runtime/JSString.h: - (JSC::jsSingleCharacterString): - (JSC::jsSingleCharacterSubstring): - -2012-04-30 Benjamin Poulain - - Add fast patch for radix == 10 on numberProtoFuncToString - https://bugs.webkit.org/show_bug.cgi?id=85120 - - Reviewed by Darin Adler. - - When radix, we use to turn the doubleValue into a JSValue just to convert - it to a String. The problem is that was using the slow path for conversion and - for the toString() operation. - - This patch shortcuts the creation of a JSValue and uses NumericStrings directly. - The conversion is split between Integer and Double to ensure the fastest conversion - for the common case of integer arguments. - - Converting number with radix 10 becomes 5% faster. - - Due to the simpler conversion of number to string for integer, converting - integers that do not fall in the two previous optimizations get 32% faster. - - * runtime/NumberPrototype.cpp: - (JSC::extractRadixFromArgs): - (JSC::integerValueToString): - (JSC::numberProtoFuncToString): - -2012-04-30 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing header. - -2012-04-28 Geoffrey Garen - - Factored threaded block allocation into a separate object - https://bugs.webkit.org/show_bug.cgi?id=85148 - - Reviewed by Sam Weinig. - - 99% of this patch just moves duplicated block allocation and - deallocation code into a new object named BlockAllocator, with these - exceptions: - - * heap/BlockAllocator.h: Added. - (BlockAllocator::BlockAllocator): The order of declarations here now - guards us against an unlikely race condition during startup. - - * heap/BlockAllocator.cpp: - JSC::BlockAllocator::blockFreeingThreadMain): Added a FIXME to - highlight a lack of clarity we have in our block deallocation routines. - -2012-04-28 Sam Weinig - - Try to fix the Qt build. - - * heap/Heap.cpp: - (JSC::Heap::lastChanceToFinalize): - -2012-04-28 Geoffrey Garen - - Try to fix the Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-04-28 Geoffrey Garen - - Clarified JSGlobalData (JavaScript VM) lifetime - https://bugs.webkit.org/show_bug.cgi?id=85142 - - Reviewed by Anders Carlsson. - - This was so confusing that I didn't feel like I could reason about - memory lifetime in the heap without fixing it. - - The rules are: - - (1) JSGlobalData owns the virtual machine and all memory in it. - - (2) Deleting a JSGlobalData frees the virtual machine and all memory - in it. - - (Caveat emptor: if you delete the virtual machine while you're running - JIT code or accessing GC objects, you're gonna have a bad time.) - - (I opted not to make arbitrary sub-objects keep the virtual machine - alive automatically because: - - (a) doing that right would be complex and slow; - - (b) in the case of an exiting thread or process, there's no - clear way to give the garbage collector a chance to try again - later; - - (c) continuing to run the garbage collector after we've been - asked to shut down the virtual machine seems rude; - - (d) we've never really supported that feature, anyway.) - - (3) Normal ref-counting will do. No need to call a battery of - specialty functions to tear down a JSGlobalData. Its foibles - notwithstanding, C++ does in fact know how to execute destructors in - order. - - * API/JSContextRef.cpp: - (JSGlobalContextCreate): Removed compatibility shim for older - operating systems because it's no longer used. - - (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do - the right thing", this code is much simpler. We still have one special - case to notify the garbage collector if we're removing the last - reference to the global object, since this can improve memory behavior. - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::freeAllBlocks): - * heap/CopiedSpace.h: - (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true - destruction-time behaviors should be limited to our C++ destructor. - - * heap/Heap.cpp: - (JSC::Heap::~Heap): - (JSC): - (JSC::Heap::lastChanceToFinalize): - * heap/Heap.h: - (Heap): - (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because - true destruction-time behaviors should be limited to our C++ - destructor. - - Reorganized the code, putting code that must run before any objects - get torn down into lastChanceToFinalize, and code that just tears down - objects into our destructor. - - * heap/Local.h: - (JSC::LocalStack::LocalStack): - (JSC::LocalStack::push): - (LocalStack): See rule (2). - - * jsc.cpp: - (functionQuit): - (main): - (printUsageStatement): - (parseArguments): - (jscmain): - * testRegExp.cpp: - (main): - (printUsageStatement): - (parseArguments): - (realMain): See rule (3). - - I removed the feature of ensuring orderly tear-down when calling quit() - or running in --help mode because it didn't seem very useful and - making it work with Windows structured exception handling and - NO_RETURN didn't seem like a fun way to spend a Saturday. - - * runtime/JSGlobalData.h: - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data - member in JSGlobalData to ensure that it's destructed last, so other - objects that reference it destruct without crashing. This allowed me - to remove clearBuiltinStructures() altogether, and helped guarantee - rule (3). - - (JSC::JSGlobalData::~JSGlobalData): Explicitly call - lastChanceToFinalize() at the head of our destructor to ensure that - all pending finalizers run while the virtual machine is still in a - valid state. Trying to resurrect (re-ref) the virtual machine at this - point is not valid, but all other operations are. - - Changed a null to a 0xbbadbeef to clarify just how bad this beef is. - - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::init): - * runtime/JSGlobalObject.h: - (JSGlobalObject): - (JSC::JSGlobalObject::globalData): See rule (3). - -2012-04-27 Geoffrey Garen - - Try to fix the Windows build. - - * heap/WeakBlock.h: - (WeakBlock): - -2012-04-27 Geoffrey Garen - - Made WeakSet::allocate() static and removed its JSGlobalData argument - https://bugs.webkit.org/show_bug.cgi?id=85128 - - Reviewed by Anders Carlsson. - - This is a step toward faster finalization. - - WeakSet::allocate() now deduces which WeakSet to allocate from based on - its JSCell* argument. (Currently, there's only one WeakSet, but soon - there will be many.) - - This was a global replace of "globalData.heap.weakSet()->allocate" with - "WeakSet::allocate", plus by-hand removal of the JSGlobalData argument. - - * heap/WeakSetInlines.h: Copied from Source/JavaScriptCore/heap/WeakSet.h. - - I had to split out WeakSet::allocate() in to a separate header to avoid - a cycle. - - (JSC::WeakSet::allocate): We can mask the pointer we're passed to - figure out where to allocate our WeakImpl. (Soon, we'll use this to - associate the WeakImpl with the GC block it references.) - -2012-04-27 Geoffrey Garen - - Stop using aligned allocation for WeakBlock - https://bugs.webkit.org/show_bug.cgi?id=85124 - - Reviewed by Anders Carlsson. - - We don't actually use the alignment for anything. - - * heap/WeakBlock.cpp: - (JSC::WeakBlock::create): - (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular - allocation. - - * heap/WeakBlock.h: - (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned - allocation. This change required me to add some declarations that we used - to inherit from HeapBlock. - - (WeakBlock::blockFor): Removed. This function relied on aligned allocation - but didn't do anything for us. - - (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation - logic, so it shouldn't own the function. - - * heap/WeakSet.cpp: - (JSC::WeakSet::~WeakSet): - (JSC::WeakSet::finalizeAll): - (JSC::WeakSet::visitLiveWeakImpls): - (JSC::WeakSet::visitDeadWeakImpls): - (JSC::WeakSet::sweep): - (JSC::WeakSet::shrink): - (JSC::WeakSet::resetAllocator): - (JSC::WeakSet::tryFindAllocator): - * heap/WeakSet.h: - (WeakSet): Updated declarations to reflect WeakBlock not inheriting from - HeapBlock. This allowed me to remove some casts, which was nice. - - (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of - asking WeakBlock to do it for us. We don't need to have a WeakBlock - pointer to set the flag, so stop asking for one. - -2012-04-27 Kentaro Hara - - [JSC] Implement a helper method createNotEnoughArgumentsError() - https://bugs.webkit.org/show_bug.cgi?id=85102 - - Reviewed by Geoffrey Garen. - - In bug 84787, kbr@ requested to avoid hard-coding - createTypeError(exec, "Not enough arguments") here and there. - This patch implements createNotEnoughArgumentsError(exec) - and uses it in JSC bindings. - - c.f. a corresponding bug for V8 bindings is bug 85097. - - * runtime/Error.cpp: - (JSC::createNotEnoughArgumentsError): - (JSC): - * runtime/Error.h: - (JSC): - -2012-04-27 Geoffrey Garen - - Only allow non-null pointers in the WeakSet - https://bugs.webkit.org/show_bug.cgi?id=85119 - - Reviewed by Darin Adler. - - This is a step toward more efficient finalization. - - No clients put non-pointers (JSValues) into Weak and PassWeak. - - Some clients put null pointers into Weak and PassWeak, but this is - more efficient and straight-forward to model with a null in the Weak - or PassWeak instead of allocating a WeakImpl just to hold null. - - * heap/PassWeak.h: - (JSC): Removed the Unknown (JSValue) type of weak pointer because it's - unused now. - - (PassWeak): Don't provide a default initializer for our JSCell* argument. - This feature was only used in one place, and it was a bug. - - (JSC::::get): Don't check for a null stored inside our WeakImpl: that's - not allowed anymore. - - (JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of - allocating a WeakImpl and storing null into it. - - * heap/Weak.h: - (Weak): - (JSC::::Weak): Same changes as in PassWeak. - - * heap/WeakBlock.cpp: - (JSC::WeakBlock::visitLiveWeakImpls): - (JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in - the WeakSet now, so no need to check for non-cells and null cell pointers. - - * heap/WeakImpl.h: - (JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet - now, so ASSERT that. - -2012-04-27 Gavin Barraclough - - Math in JavaScript is inaccurate on iOS - - By defalut IEEE754 denormal support is disabled on iOS; - turn it on. - - Reviewed by Filip Pizlo. - - * jsc.cpp: - (main): - - clear the appropriate bit in the fpscr. - -2012-04-27 Michael Saboff - - Memory wasted in JSString for non-rope strings - https://bugs.webkit.org/show_bug.cgi?id=84907 - - Reviewed by Geoffrey Garen. - - Split JSString into two classes, JSString as a base class that does not - include the fibers of a Rope, and a subclass JSRopeString that has the - rope functionality. Both classes "share" the same ClassInfo. Added - a bool to JSString to indicate that the string was allocated as a JSRopeString - to properly handle visiting the fiber children when the rope is resolved and - the JSRopeString appears as a JSString. Didn't change the interface of JSString - to require any JIT changes. - - As part of this change, removed "cellSize" from ClassInfo since both classes - share the same ClassInfo, but have different sizes. The only use I could find - for cellSize was an ASSERT in allocateCell(). - - This appears to be neutral on performance tests. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Changed JSString::resolveRope - to JSRopeString::resolveRope - * runtime/ClassInfo.h: - (JSC): - (ClassInfo): - * runtime/JSCell.h: - (JSC::allocateCell): - * runtime/JSString.cpp: - (JSC::JSRopeString::RopeBuilder::expand): - (JSC::JSString::visitChildren): - (JSC): - (JSC::JSRopeString::visitFibers): - (JSC::JSRopeString::resolveRope): - (JSC::JSRopeString::resolveRopeSlowCase8): - (JSC::JSRopeString::resolveRopeSlowCase): - (JSC::JSRopeString::outOfMemory): - (JSC::JSRopeString::getIndexSlowCase): - * runtime/JSString.h: - (JSC): - (JSString): - (JSC::JSString::finishCreation): - (JSC::JSString::create): - (JSC::JSString::isRope): - (JSC::JSString::is8Bit): - (JSRopeString): - (RopeBuilder): - (JSC::JSRopeString::RopeBuilder::RopeBuilder): - (JSC::JSRopeString::RopeBuilder::append): - (JSC::JSRopeString::RopeBuilder::release): - (JSC::JSRopeString::RopeBuilder::length): - (JSC::JSRopeString::JSRopeString): - (JSC::JSRopeString::finishCreation): - (JSC::JSRopeString::createNull): - (JSC::JSRopeString::create): - (JSC::JSString::value): - (JSC::JSString::tryGetValue): - (JSC::JSString::getIndex): - (JSC::jsStringBuilder): - * runtime/Operations.h: - (JSC::jsString): - (JSC::jsStringFromArguments): - -2012-04-27 Oliver Hunt - - Correct assertion. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - -2012-04-27 Oliver Hunt - - Lazy link phase of baseline jit fails to propagate exception - https://bugs.webkit.org/show_bug.cgi?id=85092 - - Reviewed by Filip Pizlo. - - Very simple patch, when linking produces an error we need to actually store - the exception prior to throwing it. I can't find any other examples of this, - but as we're already in the slow path when throwing an exception I've hardened - exception throwing against null exceptions. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - * jit/JITStubs.cpp: - (JSC::lazyLinkFor): - -2012-04-27 Benjamin Poulain - - Generalize the single character optimization of numberProtoFuncToString - https://bugs.webkit.org/show_bug.cgi?id=85027 - - Reviewed by Geoffrey Garen. - - The function numberProtoFuncToString() has an optimization to use SmallStrings::singleCharacterString() - when the radix is 36. - - This patch generalize the optimization for any radix. Any positive number smaller than its radix - can be represented by a single character of radixDigits. - - This makes numberProtoFuncToString() about twice as fast for this case of single digit conversion. - - * runtime/NumberPrototype.cpp: - (JSC::numberProtoFuncToString): - -2012-04-27 Gavin Peters - - Add new ENABLE_LINK_PRERENDER define to control the Prerendering API - https://bugs.webkit.org/show_bug.cgi?id=84871 - - Reviewed by Adam Barth. - - Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering - API separates it from prefetching. Having separate include guards lets ports enable prefetching, - a relatively easy change, without needing to build the infrastructure for prerendering, which - is considerably more complicated. - - * Configurations/FeatureDefines.xcconfig: - -2012-04-26 Oliver Hunt - - Allocating WeakImpl should not trigger GC, as that makes the world very tricksy. - https://bugs.webkit.org/show_bug.cgi?id=85020 - - Reviewed by Gavin Barraclough. - - Now in the event that we are unable to find an allocator for a new handle, just - add a new allocator rather than trying to recover "dead" handles through a GC. - - Find allocator is now much simpler, and addAllocator directly reports the - increased memory usage to the heap without causing any GC to happen immediately. - - * heap/WeakSet.cpp: - (JSC::WeakSet::findAllocator): - (JSC::WeakSet::addAllocator): - -2012-04-26 Oliver Hunt - - Remove RegisterFile::end()/m_end - https://bugs.webkit.org/show_bug.cgi?id=85011 - - Reviewed by Gavin Barraclough. - - Get rid of end() and m_end from RegisterFile. From now on - we only care about the end of the committed region when calling - code. When re-entering the VM we now plant the new CallFrame - immediately after whatever the current topCallFrame is. This - required adding a routine to CallFrame to determine exactly what - we should be doing (in the absence of an existing CallFrame, we - can't reason about the frameExtent() so we check for that). - - This also now means that the GC only marks the portion of the - RegisterFile that is actually in use, and that VM re-entry doesn't - exhaust the RegisterFile as rapidly. - - * dfg/DFGOperations.cpp: - * heap/Heap.cpp: - (JSC::Heap::getConservativeRegisterRoots): - (JSC::Heap::markRoots): - * interpreter/CallFrame.h: - (JSC::ExecState::init): - (JSC::ExecState::startOfReusableRegisterFile): - (ExecState): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): - (JSC::Interpreter::prepareForRepeatCall): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC::Interpreter::execute): - * interpreter/RegisterFile.cpp: - (JSC::RegisterFile::growSlowCase): - (JSC::RegisterFile::gatherConservativeRoots): - * interpreter/RegisterFile.h: - (JSC::RegisterFile::commitEnd): - (JSC::RegisterFile::addressOfEnd): - (RegisterFile): - (JSC::RegisterFile::RegisterFile): - (JSC::RegisterFile::shrink): - (JSC::RegisterFile::grow): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC::jitCompileFor): - (JSC::lazyLinkFor): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::handleHostCall): - * llint/LowLevelInterpreter.asm: - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): - -2012-04-26 Filip Pizlo - - DFG ARMv7 backend should optimize Float32 arrays - https://bugs.webkit.org/show_bug.cgi?id=85000 - - - Reviewed by Gavin Barraclough. - - * assembler/ARMv7Assembler.h: - (ARMv7Assembler): - (JSC::ARMv7Assembler::flds): - (JSC::ARMv7Assembler::fsts): - (JSC::ARMv7Assembler::vcvtds): - (JSC::ARMv7Assembler::vcvtsd): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::loadFloat): - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::storeFloat): - (JSC::MacroAssemblerARMv7::convertFloatToDouble): - (JSC::MacroAssemblerARMv7::convertDoubleToFloat): - * bytecode/PredictedType.h: - (JSC::isActionableFloatMutableArrayPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateFloat32Array): - -2012-04-25 Benjamin Poulain - - Add a version of StringImpl::find() without offset - https://bugs.webkit.org/show_bug.cgi?id=83968 - - Reviewed by Sam Weinig. - - Add support for the new StringImpl::find() to UString. - - Change stringProtoFuncIndexOf() to specifically take advatage of the feature. - This gives a 12% gains on a distribution of strings between 30 and 100 characters. - - * runtime/StringPrototype.cpp: - (JSC::substituteBackreferences): - (JSC::stringProtoFuncIndexOf): - * runtime/UString.h: - (UString): - (JSC::UString::find): - -2012-04-25 Mark Hahnenberg - - WebCore shouldn't call collectAllGarbage directly - https://bugs.webkit.org/show_bug.cgi?id=84897 - - Reviewed by Geoffrey Garen. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported symbol - for reportAbanondedObjectGraph so WebCore can use it. - * heap/Heap.h: Ditto. - -2012-04-25 Oliver Hunt - - Biolab disaster crashes on ToT - https://bugs.webkit.org/show_bug.cgi?id=84898 - - Reviewed by Filip Pizlo. - - Whoops, committed without saving reviewer requested change. - - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-04-25 Oliver Hunt - - Biolab disaster crashes on ToT - https://bugs.webkit.org/show_bug.cgi?id=84898 - - Reviewed by Filip Pizlo. - - I recently added an assertion to the Interpreter to catch incorrect - updates of topCallFrame. This caused a bunch of sites (including biolab - disaster) to crash as we were not correctly handling callee registers - of inlined functions, leading to a mismatch. - - I could not actually make this trigger directly, although it does trigger - already on some of the GTK and QT bots. - - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-04-25 Kenneth Russell - - Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced - https://bugs.webkit.org/show_bug.cgi?id=83655 - - Reviewed by Oliver Hunt. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.order: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionToAbbreviatedString): - (JSC::predictionFromClassInfo): - * bytecode/PredictedType.h: - (JSC): - (JSC::isActionableIntMutableArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::execute): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - * dfg/DFGNode.h: - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGOperations.cpp: - (JSC::DFG::putByVal): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::ValueSource::forPrediction): - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jit/JITStubs.h: - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::getByVal): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * runtime/JSByteArray.cpp: Removed. - * runtime/JSByteArray.h: Removed. - * runtime/JSGlobalData.cpp: - -2012-04-25 Filip Pizlo - - http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=84815 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): - -2012-04-25 Michael Saboff - - Closure in try {} with catch captures all locals from the enclosing function - https://bugs.webkit.org/show_bug.cgi?id=84804 - - Reviewed by Oliver Hunt. - - Changed the capturing of local variables from capturing when eval is used, - within a "with" or within a "catch" to be just when an eval is used. - Renamed the function returning that we should capture from - getCapturedVariables() to usesEval(), since that what it noew returns. - Needed to fix the "with" code to only range check when the activation - has actually been torn off. Added m_isTornOff to JSActivation to - track this. - - * parser/Parser.h: - (JSC::Scope::usesEval): - (JSC::Scope::getCapturedVariables): - * runtime/JSActivation.cpp: - (JSC::JSActivation::JSActivation): - (JSC::JSActivation::symbolTableGet): - (JSC::JSActivation::symbolTablePut): - * runtime/JSActivation.h: - (JSActivation): - (JSC::JSActivation::tearOff): - -2012-04-24 Mark Hahnenberg - - GC Activity Callback timer should be based on how much has been allocated since the last collection - https://bugs.webkit.org/show_bug.cgi?id=84763 - - Reviewed by Geoffrey Garen. - - The desired behavior for the GC timer is to collect at some point in the future, - regardless of how little we've allocated. A secondary goal, which is almost if not - as important, is for the timer to collect sooner if there is the potential to - collect a greater amount of memory. Conversely, as we allocate more memory we'd - like to reduce the delay to the next collection. If we're allocating quickly enough, - the timer should be preempted in favor of a normal allocation-triggered collection. - If allocation were to slow or stop, we'd like the timer to be able to opportunistically - run a collection without us having to allocate to the hard limit set by the Heap. - - This type of policy can be described in terms of the amount of CPU we are willing - to dedicate to reclaim a single MB of memory. For example, we might be willing to - dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of - the last collection, e.g. if our last collection took 1ms, we would want to wait about - 100ms before running another collection to reclaim 1 MB. These constants should be - tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB. - - * API/JSBase.cpp: Use the new reportAbandonedObjectGraph. - (JSGarbageCollect): - * API/JSContextRef.cpp: Ditto. - * heap/Heap.cpp: - (JSC::Heap::Heap): - (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call - this function to notify the Heap that some unknown number of JSC objects might have just - been abandoned and are now garbage. The Heap might schedule a new collection timer based - on this notification. - (JSC): - (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect. - * heap/Heap.h: - (Heap): - * heap/MarkedAllocator.h: - (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the - current allocator's FreeList once zapping was complete. - * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by - Heap::reportAbandonedObjectGraph. - (JSC): - * runtime/GCActivityCallback.h: - (JSC::GCActivityCallback::willCollect): - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the - timer based on how much we have allocated since the last collection up to a certain amount. - We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered - collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB. - (DefaultGCActivityCallbackPlatformData): - (JSC): - (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback): - (JSC::DefaultGCActivityCallback::commonConstructor): - (JSC::scheduleTimer): - (JSC::cancelTimer): - (JSC::DefaultGCActivityCallback::didAllocate): - -2012-04-24 Michael Saboff - - objectProtoFuncToString creates new string every invocation - https://bugs.webkit.org/show_bug.cgi?id=84781 - - Reviewed by Geoffrey Garen. - - Cache the results of object toString() in the attached Structure. - - * runtime/ObjectPrototype.cpp: - (JSC::objectProtoFuncToString): - * runtime/Structure.cpp: - (JSC::Structure::visitChildren): visit new m_hasObjectToStringValue. - * runtime/Structure.h: Added new member m_hasObjectToStringValue - (JSC): - (JSC::Structure::objectToStringValue): - (Structure): - (JSC::Structure::setObjectToStringValue): - -2012-04-24 Thouraya ANDOLSI - - Reviewed by Oliver Hunt. - - https://bugs.webkit.org/show_bug.cgi?id=84727. - Fix build when ENABLE_JIT_CONSTANT_BLINDING enabled. - - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::or32): - (JSC::MacroAssemblerSH4::and32): - (JSC::MacroAssemblerSH4::lshift32): - (JSC::MacroAssemblerSH4::xor32): - (JSC::MacroAssemblerSH4::branchSub32): - (JSC::MacroAssemblerSH4::urshift32): - -2012-04-24 Gavin Barraclough - - Add explicit patchableBranchPtrWithPatch/patchableJump methods - https://bugs.webkit.org/show_bug.cgi?id=84498 - - Reviewed by Filip Pizlo. - - Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump): - (PatchableJump): - (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&): - (AbstractMacroAssembler): - (JSC::AbstractMacroAssembler::AbstractMacroAssembler): - - Added PatchableJump type, removed inUninterruptedSequence. - * assembler/LinkBuffer.h: - (LinkBuffer): - (JSC::LinkBuffer::locationOf): - - Only allow the location to be taken of patchable branches - * assembler/MacroAssembler.h: - (MacroAssembler): - (JSC::MacroAssembler::patchableBranchPtrWithPatch): - (JSC::MacroAssembler::patchableJump): - (JSC::MacroAssembler::shouldBlind): - - Added default implementation of patchableBranchPtrWithPatch, patchableJump. - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7): - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch): - (JSC::MacroAssemblerARMv7::patchableJump): - (JSC::MacroAssemblerARMv7::jump): - (JSC::MacroAssemblerARMv7::makeBranch): - - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump. - * dfg/DFGCorrectableJumpPoint.h: - (DFG): - (JSC::DFG::CorrectableJumpPoint::switchToLateJump): - - Late jumps are PatchableJumps. - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::linkOSRExits): - - replace use of inUninterruptedSequence - * dfg/DFGJITCompiler.h: - (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): - (PropertyAccessRecord): - - replace use of inUninterruptedSequence - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::cachedGetById): - (JSC::DFG::SpeculativeJIT::cachedPutById): - - replace use of inUninterruptedSequence - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::cachedGetById): - (JSC::DFG::SpeculativeJIT::cachedPutById): - - replace use of inUninterruptedSequence - * jit/JIT.h: - (PropertyStubCompilationInfo): - - replace use of inUninterruptedSequence - * jit/JITInlineMethods.h: - (JSC::JIT::beginUninterruptedSequence): - (JSC::JIT::endUninterruptedSequence): - - replace use of inUninterruptedSequence - * jit/JITPropertyAccess.cpp: - (JSC::JIT::compileGetByIdHotPath): - - replace use of inUninterruptedSequence - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::compileGetByIdHotPath): - - replace use of inUninterruptedSequence - -2012-04-24 Benjamin Poulain - - Generalize the single character optimization of r114072 - https://bugs.webkit.org/show_bug.cgi?id=83961 - - Reviewed by Eric Seidel. - - Use the regular String::find(StringImpl*) in all cases now that it has been made faster. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingStringSearch): - -2012-04-24 Filip Pizlo - - Unreviewed, 32-bit build fix. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-04-24 Filip Pizlo - - DFG performs incorrect DCE on (some?) intrinsics - https://bugs.webkit.org/show_bug.cgi?id=84746 - - - Reviewed by Oliver Hunt. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::setIntrinsicResult): - (JSC::DFG::ByteCodeParser::handleMinMax): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-04-24 Mark Hahnenberg - - Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray - https://bugs.webkit.org/show_bug.cgi?id=84648 - - Reviewed by Geoffrey Garen. - - When emit_op_new_array successfully allocates a new JSArray but fails to allocate - the corresponding ArrayStorage for it, it falls back to the out-of-line stub call - to constructArray, which constructs and entirely new JSArray/ArrayStorage pair. - This leaves us with a JSArray hanging around on the stack or in a register that - did not go through its own constructor, thus giving it uninitialized memory in the - two fields that are checked in JSArray::visitChildren. - - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateJSArray): We try to allocate the ArrayStorage first, so that - if we fail we haven't generated the poisonous JSArray that can cause a GC crash. - * jit/JITOpcodes.cpp: - (JSC::JIT::emitSlow_op_new_array): - -2012-04-23 Filip Pizlo - - DFG on ARMv7 should not OSR exit on every integer division - https://bugs.webkit.org/show_bug.cgi?id=84661 - - Reviewed by Oliver Hunt. - - On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since - that was broken with the introduction of Int32ToDouble) nor does it have to know - whether or not to convert its result to integer. This is now taken care of for free - with the addition of the DoubleAsInt32 node, which represents a double-is-really-int - speculation. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::OSRExit): - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): - * dfg/DFGOSRExit.h: - (OSRExit): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32): - (DFG): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-04-24 Geoffrey Garen - - "GlobalHandle" HandleHeap (now WeakSet) allocations grow but do not shrink - https://bugs.webkit.org/show_bug.cgi?id=84740 - - - Reviewed by Gavin Barraclough. - - Shrink! - - * heap/Heap.cpp: - (JSC::Heap::destroy): Be more specific about what's shrinking, since we - can also shrink the WeakSet, but we don't do so here. - - (JSC::Heap::collect): If we're going to shrink the heap, shrink the - WeakSet too. Otherwise, its footprint is permanent. - - * heap/Heap.h: - (Heap): Removed shrink() as a public interface, since it's vague about - which parts of the heap it affects, and it's really an internal detail. - - * heap/WeakSet.cpp: - (JSC::WeakSet::shrink): Nix any free blocks. We assume that sweep() has - already taken place, since that's the convention for shrink() in the heap. - - * heap/WeakSet.h: - (WeakSet): New function! - -2012-04-24 Adam Klein - - Fix includes in StrongInlines.h and ScriptValue.h - https://bugs.webkit.org/show_bug.cgi?id=84659 - - Reviewed by Geoffrey Garen. - - * heap/StrongInlines.h: Include JSGlobalData.h, since JSGlobalData's - definiition is required here. - -2012-04-23 Filip Pizlo - - DFG OSR exit should ensure that all variables have been initialized - https://bugs.webkit.org/show_bug.cgi?id=84653 - - - Reviewed by Gavin Barraclough. - - Initialize all uncaptured dead variables to undefined on OSR exit. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::ValueSource::dump): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - * dfg/DFGSpeculativeJIT.h: - -2012-04-23 Oliver Hunt - - Call instruction for the baseline JIT stores origin info in wrong callframe - https://bugs.webkit.org/show_bug.cgi?id=84645 - - Reviewed by Gavin Barraclough. - - The baseline JIT was updating the wrong callframe when making a call. If the - call failed during dispatch (unable to perform codegen, calling a non-object) - we would attempt to use this information, but it would be completely wrong. - - * jit/JITCall.cpp: - (JSC::JIT::compileOpCall): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileOpCall): - -2012-04-23 Filip Pizlo - - DFG must keep alive values that it will perform speculations on - https://bugs.webkit.org/show_bug.cgi?id=84638 - - - Reviewed by Oliver Hunt. - - * dfg/DFGNodeType.h: - (DFG): - -2012-04-23 Oliver Hunt - - Fix non-LLInt builds by temporarily removing an over-enthusiastic assertion - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::executeCall): - -2012-04-22 Jon Lee - - Remove notifications support on Mac Lion. - https://bugs.webkit.org/show_bug.cgi?id=84554 - - - Reviewed by Sam Weinig. - - * Configurations/FeatureDefines.xcconfig: - -2012-04-21 Darin Adler - - Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints - https://bugs.webkit.org/show_bug.cgi?id=84523 - - Reviewed by Oliver Hunt. - - Profiles showed that checks against -1 were costly, and I saw they could be eliminated. - Streamlined this code to use standard character types and 0 rather than -1. One benefit - of this is that there's no widening and narrowing. Another is that there are many cases - where we already have the correct behavior for 0, so can eliminate a branch that was - used to test for -1 before. Also eliminates typecasts in the code. - - * parser/Lexer.cpp: - (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a - character type, not an int. - (JSC::Lexer::setCode): Use 0 rather than -1 when past the end. - (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit. - (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end - of the code. This can be used places we used to cheeck for -1. - (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment. - (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int. - (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that - had a data-member-style name. - (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart - function already returns false for the 0 character. Updated types in a couple other places. Used - the atEnd function where needed. - (JSC::Lexer::parseIdentifierSlowCase): More of the same. - (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString. - (JSC::Lexer::parseString): Ditto. - (JSC::Lexer::parseStringSlowCase): Ditto. - (JSC::Lexer::parseMultilineComment): Ditto. - (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in - the tokenInfo instead of putting it in a local variable first, saving some memory access. - (JSC::Lexer::scanRegExp): Ditto. - (JSC::Lexer::skipRegExp): Ditto. - - * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to - the character type. Added atEnd function. - (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize. - (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1. - -2012-04-21 Darin Adler - - Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints - https://bugs.webkit.org/show_bug.cgi?id=84523 - - Reviewed by Oliver Hunt. - - Separate preparation step of copyright dates, renaming, and other small tweaks. - - * parser/Lexer.cpp: - (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions. - (JSC::Lexer::peek): Removed meaningless comment. - (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about - what this function does. - (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name. - (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex. - (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage. - - * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class. - Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed - getUnicodeCharacter to parseFourDigitUnicodeHex. - -2012-04-20 Filip Pizlo - - DFG should optimize int8 and int16 arrays on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=84503 - - Reviewed by Oliver Hunt. - - * assembler/ARMv7Assembler.h: - (ARMv7Assembler): - (JSC::ARMv7Assembler::ldrsb): - (JSC::ARMv7Assembler::ldrsh): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::load16Signed): - (JSC::MacroAssemblerARMv7::load8Signed): - * bytecode/PredictedType.h: - (JSC::isActionableIntMutableArrayPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateInt8Array): - (JSC::DFG::Node::shouldSpeculateInt16Array): - -2012-04-20 Oliver Hunt - - Add an ability to find the extent of a callframe - https://bugs.webkit.org/show_bug.cgi?id=84513 - - Reviewed by Filip Pizlo. - - Add a function to get the extent of a callframe and - use that function for a new assertion to make sure the - RegisterFile makes sense using that information. - - * interpreter/CallFrame.cpp: - (JSC::CallFrame::frameExtentInternal): - (JSC): - * interpreter/CallFrame.h: - (JSC::ExecState::frameExtent): - (ExecState): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::executeCall): - -2012-04-20 Benjamin Poulain - - Inline the JSArray constructor - https://bugs.webkit.org/show_bug.cgi?id=84416 - - Reviewed by Geoffrey Garen. - - The constructor is trivial, no reason to jump for it. - - This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays). - - * runtime/JSArray.cpp: - (JSC): - * runtime/JSArray.h: - (JSC::JSArray::JSArray): - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-04-20 Mark Hahnenberg - - Heap should cancel GC timer at the start of the collection - https://bugs.webkit.org/show_bug.cgi?id=84477 - - Reviewed by Geoffrey Garen. - - Currently the Heap cancels the GC timer at the conclusion of a collection. - We should change this to be at the beginning because something (e.g. a finalizer) - could call didAbandonObjectGraph(), which will schedule the timer, but then - we'll immediately unschedule the timer at the conclusion of the collection, - thus potentially preventing large swaths of memory from being reclaimed in a timely manner. - - * API/JSBase.cpp: - (JSGarbageCollect): Remove outdated fix-me and remove check for whether the Heap is - busy or not, since we're just scheduling a timer to run a GC in the future. - * heap/Heap.cpp: - (JSC::Heap::collect): Rename didCollect to willCollect and move the call to the - top of Heap::collect. - * runtime/GCActivityCallback.cpp: Renamed didCollect to willCollect. - (JSC::DefaultGCActivityCallback::willCollect): - * runtime/GCActivityCallback.h: Ditto. - (JSC::GCActivityCallback::willCollect): - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: Ditto. - (JSC::DefaultGCActivityCallback::willCollect): - -2012-04-20 Mark Hahnenberg - - JSGarbageCollect should not call collectAllGarbage() - https://bugs.webkit.org/show_bug.cgi?id=84476 - - Reviewed by Geoffrey Garen. - - * API/JSBase.cpp: - (JSGarbageCollect): Notify the Heap's GCActivityCallback using didAbandonObjectGraph. - -2012-04-19 Oliver Hunt - - Exception stack traces aren't complete when the exception starts in native code - https://bugs.webkit.org/show_bug.cgi?id=84073 - - Reviewed by Filip Pizlo. - - Refactored building the stack trace to so that we can construct - it earlier, and don't rely on any prior work performed in the - exception handling machinery. Also updated LLInt and the DFG to - completely initialise the callframes of host function calls. - - Also fixed a few LLInt paths that failed to correctly update the - topCallFrame. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * dfg/DFGJITCompiler.h: - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * interpreter/Interpreter.cpp: - (JSC::eval): - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::addStackTraceIfNecessary): - (JSC): - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (Interpreter): - * jit/JITCall.cpp: - (JSC::JIT::compileOpCall): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileOpCall): - * jit/JITOpcodes.cpp: - (JSC::JIT::privateCompileCTINativeCall): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::privateCompileCTINativeCall): - * jsc.cpp: - (functionJSCStack): - * llint/LLIntExceptions.cpp: - (JSC::LLInt::interpreterThrowInCaller): - (JSC::LLInt::returnToThrow): - (JSC::LLInt::callToThrow): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::handleHostCall): - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - * parser/Parser.h: - (JSC::::parse): - * runtime/Error.cpp: - (JSC::addErrorInfo): - (JSC::throwError): - * runtime/Error.h: - (JSC): - -2012-04-19 Mark Hahnenberg - - We're collecting pathologically due to small allocations - https://bugs.webkit.org/show_bug.cgi?id=84404 - - Reviewed by Geoffrey Garen. - - No change in performance on run-jsc-benchmarks. - - * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList. - (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): - * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no - longer useful. - (JSC::CopiedSpace::CopiedSpace): - (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than - carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace. - (JSC::CopiedSpace::tryAllocateOversize): Call the new didAllocate to notify the Heap of - newly allocated stuff. - (JSC::CopiedSpace::tryReallocateOversize): - (JSC::CopiedSpace::doneFillingBlock): - (JSC::CopiedSpace::doneCopying): - (JSC::CopiedSpace::destroy): - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::startedCopying): - * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and - bytesAllocatedLimit to track how much memory has been allocated since the last collection. - (JSC::Heap::Heap): - (JSC::Heap::reportExtraMemoryCostSlowCase): - (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering - a collection to be the size of the Heap after the previous collection. Thus, we still have our - 2x allocation amount. - (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated - thus far and then adds the new number of bytes to the current total. - (JSC): - * heap/Heap.h: Removed water mark related stuff. - (JSC::Heap::notifyIsSafeToCollect): - (Heap): - (JSC::Heap::shouldCollect): - (JSC): - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct. - (JSC::MarkedAllocator::allocateSlowCase): - (JSC::MarkedAllocator::addBlock): - * heap/MarkedAllocator.h: - (MarkedAllocator): - (JSC::MarkedAllocator::MarkedAllocator): - (JSC::MarkedAllocator::allocate): - (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell. - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::specializedSweep): - (JSC::MarkedBlock::sweep): - (JSC::MarkedBlock::sweepHelper): - (JSC::MarkedBlock::zapFreeList): - * heap/MarkedBlock.h: - (FreeList): Added a new struct that keeps track of the current MarkedAllocator's - free list including the number of bytes of stuff in the free list so that when the free list is - exhausted, the correct amount can be reported to Heap. - (MarkedBlock): - (JSC::MarkedBlock::FreeList::FreeList): - (JSC): - * heap/MarkedSpace.cpp: Removing all water mark related stuff. - (JSC::MarkedSpace::MarkedSpace): - (JSC::MarkedSpace::resetAllocators): - * heap/MarkedSpace.h: - (MarkedSpace): - (JSC): - * heap/WeakSet.cpp: - (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This - function still needs work though now that the Heap knows how many bytes have been allocated - since the last collection. - * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct. - (JSC::JIT::emitAllocateBasicJSObject): Ditto. - * llint/LowLevelInterpreter.asm: Ditto. - * runtime/GCActivityCallback.cpp: - (JSC::DefaultGCActivityCallback::didAllocate): - * runtime/GCActivityCallback.h: - (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that - the allocation that is being reported has already taken place. - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: - (JSC): - (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of - allocation since the last collection is not above a threshold (initially arbitrarily chosen to - be 128KB). - -2012-04-19 Filip Pizlo - - MacroAssemblerARMv7::branchTruncateDoubleToUint32 should obey the overflow signal - https://bugs.webkit.org/show_bug.cgi?id=84401 - - Reviewed by Gavin Barraclough. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): - -2012-04-19 Don Olmstead - - KeywordLookupGenerator.py should take an output file as an argument - https://bugs.webkit.org/show_bug.cgi?id=84292 - - Reviewed by Eric Seidel. - - Extended KeywordLookupGenerator to accept an additional argument specifying an output file. If this argument is found stdout is redirected to a file for the duration of the script. - - * KeywordLookupGenerator.py: - -2012-04-19 Filip Pizlo - - It should be possible to perform debugCall on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=84381 - - Reviewed by Oliver Hunt. - - debugCall() was clobbering the argument to the call it was making, leading to a - corrupt ExecState*. This change fixes that issue by using a scratch register that - does not clobber arguments, and it also introduces more assertions that we have - a valid call frame. - - * dfg/DFGAssemblyHelpers.cpp: - (DFG): - (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::selectScratchGPR): - (AssemblyHelpers): - (JSC::DFG::AssemblyHelpers::debugCall): - (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::linkOSRExits): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::selectScratchGPR): - -2012-04-19 Filip Pizlo - - LLInt no-JIT fallback native call trampoline's exception handler incorrectly assumes that - the PB/PC has been preserved - https://bugs.webkit.org/show_bug.cgi?id=84367 - - Reviewed by Oliver Hunt. - - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - -2012-04-19 Filip Pizlo - - It should be possible to load from Float64 arrays on ARMv7 without crashing - https://bugs.webkit.org/show_bug.cgi?id=84361 - - Reviewed by Oliver Hunt. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::loadDouble): - (JSC::MacroAssemblerARMv7::storeDouble): - -2012-04-19 Dominik Röttsches - - [CMake] Build fix after r114575 - https://bugs.webkit.org/show_bug.cgi?id=84322 - - Reviewed by Simon Hausmann. - - Build fix, adding WTF when linking jsc shell. - - * shell/CMakeLists.txt: - -2012-04-18 Filip Pizlo - - JSC testing should have complete coverage over typed array types - https://bugs.webkit.org/show_bug.cgi?id=84302 - - Reviewed by Geoff Garen. - - Added Uint8ClampedArray to the set of typed arrays that are supported by jsc - command-line. - - * JSCTypedArrayStubs.h: - (JSC): - * jsc.cpp: - (GlobalObject::finishCreation): - -2012-04-18 Filip Pizlo - - jsc command line should support typed arrays by default - https://bugs.webkit.org/show_bug.cgi?id=84298 - - Rubber stamped by Gavin Barraclough. - - * JSCTypedArrayStubs.h: - (JSC): - * jsc.cpp: - (GlobalObject::finishCreation): - -2012-04-18 Filip Pizlo - - JSVALUE32_64 should be able to perform division on ARM without crashing, and variables - forced double should not be scrambled when performing OSR entry - https://bugs.webkit.org/show_bug.cgi?id=84272 - - Reviewed by Geoff Garen. - - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - * dfg/DFGOSREntry.cpp: - (JSC::DFG::prepareOSREntry): - -2012-04-18 Don Olmstead - - JavaScriptCore.gypi not current - https://bugs.webkit.org/show_bug.cgi?id=84224 - - Reviewed by Eric Seidel. - - Updated JavaScriptCore.gypi to contain the latest sources. Removed os-win32 as it wasn't used. Also removed references to ICU files in the gypi file as ICU is most likely specified by the port itself. - - Private and public header files were determined by looking at copy-files.cmd within Apple's Visual Studio directory. - - * JavaScriptCore.gypi: - -2012-04-18 Benjamin Poulain - - Remove m_subclassData from JSArray, move the attribute to subclass as needed - https://bugs.webkit.org/show_bug.cgi?id=84249 - - Reviewed by Geoffrey Garen. - - JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves - the attribute to RuntimeArray to avoid allocating memory for the pointer in the common - case. - - This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations - of CopiedSpace. - - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateJSArray): - * runtime/JSArray.cpp: - (JSC::JSArray::JSArray): - * runtime/JSArray.h: - -2012-04-18 Benjamin Poulain - - replaceUsingStringSearch: delay the creation of the replace string until needed - https://bugs.webkit.org/show_bug.cgi?id=83841 - - Reviewed by Geoffrey Garen. - - We do not need to obtain the replaceValue until we have a match. By moving the intialization - of replaceValue when needed, we save a few instructions when there is no match. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingRegExpSearch): - (JSC::replaceUsingStringSearch): - (JSC::stringProtoFuncReplace): - -2012-04-18 Mark Hahnenberg - - GC activity timer should be tied to allocation, not collection - https://bugs.webkit.org/show_bug.cgi?id=83919 - - Reviewed by Geoffrey Garen. - - * API/JSContextRef.cpp: Used the new didAbandonObjectGraph callback to indicate that now that we've - released a global object, we're abandoning a potentially large number of objects that JSC might want - to collect. - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::tryAllocateSlowCase): Added the call to timer's willAllocate function to indicate - that we've hit a slow path and are allocating now, so schedule the timer. - * heap/Heap.cpp: - (JSC::Heap::Heap): - (JSC::Heap::collectAllGarbage): Removed the call to discardAllCompiledCode because it was causing us to - throw away too much code during our benchmarks (especially vp8, which is very large and thus has large - amounts of compiled code). - (JSC::Heap::collect): Added the new call to didCollect at the conclusion of a collection so that we - can cancel the timer if we no longer need to run a collection. Also added a check at the beginning of a - collection to see if we should throw away our compiled code. Currently this is set to happen about once - every minute. - * heap/Heap.h: Added field to keep track of the last time we threw away our compiled code. - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::allocateSlowCase): Added call to willAllocate on the allocation slow path, just like - in CopiedSpace. - * runtime/GCActivityCallback.cpp: Added default stubs for non-CF platforms. - (JSC::DefaultGCActivityCallback::willAllocate): - (JSC): - (JSC::DefaultGCActivityCallback::didCollect): - (JSC::DefaultGCActivityCallback::didAbandonObjectGraph): - * runtime/GCActivityCallback.h: Added new functions to make JSC's GC timer less arcane. This includes replacing - the operator () with willAllocate() and adding an explicit didCollect() to cancel the timer after a collection - occurs rather than relying on the way the timer is invoked to cancel itself. Also added a callback for - when somebody else (e.g. WebCore or the JSC API) to notify JSC that they have just abandoned an entire graph of - objects and that JSC might want to clean them up. - (JSC::GCActivityCallback::~GCActivityCallback): - (JSC::GCActivityCallback::willAllocate): - (JSC::GCActivityCallback::didCollect): - (JSC::GCActivityCallback::didAbandonObjectGraph): - (JSC::GCActivityCallback::synchronize): - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: Re-wired all the run loop stuff to implement the aforementioned functions. - We added a flag to check whether the timer was active because the call to CFRunLoopTimerSetNextFireDate actually - turned out to be quite expensive (although Instruments couldn't tell us this). - (DefaultGCActivityCallbackPlatformData): - (JSC): - (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): - (JSC::DefaultGCActivityCallback::commonConstructor): - (JSC::scheduleTimer): - (JSC::cancelTimer): - (JSC::DefaultGCActivityCallback::willAllocate): - (JSC::DefaultGCActivityCallback::didCollect): - (JSC::DefaultGCActivityCallback::didAbandonObjectGraph): - -2012-04-17 Filip Pizlo - - DFG should not attempt to get rare case counts for op_mod on ARM - https://bugs.webkit.org/show_bug.cgi?id=84218 - - Reviewed by Geoff Garen. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - * dfg/DFGCommon.h: - (JSC::DFG::isX86): - (DFG): - -2012-04-17 Myles Maxfield - - BumpPointerAllocator assumes page size is less than MINIMUM_BUMP_POOL_SIZE - https://bugs.webkit.org/show_bug.cgi?id=80912 - - Reviewed by Hajime Morita. - - * wtf/BumpPointerAllocator.h: - (WTF::BumpPointerPool::create): - -2012-04-17 Filip Pizlo - - Attempt to fix Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-04-17 Filip Pizlo - - It should be possible to create an inheritorID for the global this object without crashing - https://bugs.webkit.org/show_bug.cgi?id=84200 - - - Reviewed by Oliver Hunt. - - * runtime/JSGlobalThis.cpp: - (JSC::JSGlobalThis::setUnwrappedObject): - * runtime/JSGlobalThis.h: - (JSC::JSGlobalThis::unwrappedObject): - (JSGlobalThis): - * runtime/JSObject.cpp: - (JSC::JSObject::createInheritorID): - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::resetInheritorID): - -2012-04-17 Filip Pizlo - - DFG and LLInt should not clobber the frame pointer on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=84185 - - - Reviewed by Gavin Barraclough. - - Changed LLInt to use a different register. Changed DFG to use one fewer - registers. We should revisit this and switch the DFG to use a different - register instead of r7, but we can do that in a subsequent step since - the performance effect is tiny. - - * dfg/DFGGPRInfo.h: - (GPRInfo): - (JSC::DFG::GPRInfo::toRegister): - (JSC::DFG::GPRInfo::toIndex): - * offlineasm/armv7.rb: - -2012-04-17 Filip Pizlo - - use after free in JSC::DFG::Node::op / JSC::DFG::ByteCodeParser::flushArgument - https://bugs.webkit.org/show_bug.cgi?id=83942 - - - Reviewed by Gavin Barraclough. - - Don't use references to the graph after resizing the graph. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::flushArgument): - -2012-04-16 Gavin Barraclough - - Array.prototype.toString should be generic - https://bugs.webkit.org/show_bug.cgi?id=81588 - - Reviewed by Sam Weinig. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - - check for join function, use fast case if base object is array & join is present & default. - * runtime/CommonIdentifiers.h: - - added 'join'. - -2012-04-16 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: Add missing files. - -2012-04-16 Sheriff Bot - - Unreviewed, rolling out r114309. - http://trac.webkit.org/changeset/114309 - https://bugs.webkit.org/show_bug.cgi?id=84097 - - it broke everything (Requested by olliej on #webkit). - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * bytecode/CodeBlock.h: - * dfg/DFGOperations.cpp: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (Interpreter): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jsc.cpp: - (functionJSCStack): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::handleHostCall): - * parser/Parser.h: - (JSC::::parse): - * runtime/Error.cpp: - (JSC::addErrorInfo): - (JSC::throwError): - * runtime/Error.h: - (JSC): - -2012-04-16 Oliver Hunt - - Exception stack traces aren't complete when the exception starts in native code - https://bugs.webkit.org/show_bug.cgi?id=84073 - - Reviewed by Gavin Barraclough. - - Refactored building the stack trace to so that we can construct - it earlier, and don't rely on any prior work performed in the - exception handling machinery. Also updated LLInt and the DFG to - completely initialise the callframes of host function calls. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::codeOriginIndexForReturn): - (CodeBlock): - * dfg/DFGOperations.cpp: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::addStackTraceIfNecessary): - (JSC): - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (Interpreter): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jsc.cpp: - (functionJSCStack): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::handleHostCall): - * parser/Parser.h: - (JSC::::parse): - * runtime/Error.cpp: - (JSC::addErrorInfo): - (JSC::throwError): - * runtime/Error.h: - (JSC): - -2012-04-16 Oliver Hunt - - Fix COMMANDLINE_TYPEDARRAYS build - https://bugs.webkit.org/show_bug.cgi?id=84051 - - Reviewed by Gavin Barraclough. - - Update for new putByIndex API and wtf changes. - - * JSCTypedArrayStubs.h: - (JSC): - -2012-04-16 Mark Hahnenberg - - GC in the middle of JSObject::allocatePropertyStorage can cause badness - https://bugs.webkit.org/show_bug.cgi?id=83839 - - Reviewed by Geoffrey Garen. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage. - (JSC::DEFINE_STUB_FUNCTION): - * runtime/JSObject.cpp: - (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're - growing our already-existing PropertyStorage. - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage - and the new structure so that we can be sure a GC never occurs when our Structure - info is out of sync with our PropertyStorage. - (JSC): - (JSC::JSObject::putDirectInternal): Moved the check to see if we should - allocate more backing store before the actual property insertion into - the structure. - (JSC::JSObject::putDirectWithoutTransition): Ditto. - (JSC::JSObject::transitionTo): Ditto. - * runtime/Structure.cpp: - (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy - for property backing stores contained within the Structure class. - (JSC): - * runtime/Structure.h: - (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion - into the Structure would require resizing the property backing store so that they can - preallocate the required storage. - (Structure): - -2012-04-13 Sheriff Bot - - Unreviewed, rolling out r114185. - http://trac.webkit.org/changeset/114185 - https://bugs.webkit.org/show_bug.cgi?id=83967 - - Broke a bunch of JavaScript related tests (Requested by - andersca on #webkit). - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncToLocaleString): - * runtime/CommonIdentifiers.h: - * tests/mozilla/ecma/Array/15.4.4.2.js: - (getTestCases): - -2012-04-13 Gavin Barraclough - - Don't rely on fixed offsets to patch calls - https://bugs.webkit.org/show_bug.cgi?id=83966 - - Rubber stamped by Oliver Hunt. - - These aren't being used anywhere! - - * jit/JIT.h: - * jit/JITCall.cpp: - (JSC::JIT::compileOpCall): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileOpCall): - -2012-04-13 Hojong Han - - Array.prototype.toString and Array.prototype.toLocaleString should be generic - https://bugs.webkit.org/show_bug.cgi?id=81588 - - Reviewed by Gavin Barraclough. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncToLocaleString): - * runtime/CommonIdentifiers.h: - * tests/mozilla/ecma/Array/15.4.4.2.js: - (getTestCases.array.item.new.TestCase): - (getTestCases): - -2012-04-13 Gavin Barraclough - - Don't rely on fixed offsets to patch method checks - https://bugs.webkit.org/show_bug.cgi?id=83958 - - Reviewed by Oliver Hunt. - - * bytecode/StructureStubInfo.h: - - Add fields for the method check info. - * jit/JIT.cpp: - (JSC::PropertyStubCompilationInfo::copyToStubInfo): - - Store the offsets on the stub info, instead of asserting. - * jit/JIT.h: - - Delete all the method check related offsets. - * jit/JITPropertyAccess.cpp: - (JSC::JIT::patchMethodCallProto): - - Use the offset from the stubInfo. - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - - Pass the stubInfo to patchMethodCallProto. - -2012-04-13 Gavin Barraclough - - Don't rely on fixed offsets to patch get_by_id/put_by_id - https://bugs.webkit.org/show_bug.cgi?id=83924 - - Reviewed by Oliver Hunt. - - Store offsets in the structure stub info, as we do for the DFG JIT. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::differenceBetween): - - this method can be static (now used from PropertyStubCompilationInfo::copyToStubInfo, will be removed soon!) - * bytecode/StructureStubInfo.h: - - added new fields for baseline JIT offsets. - * jit/JIT.cpp: - (JSC::PropertyStubCompilationInfo::copyToStubInfo): - - moved out from JIT::privateCompile. - (JSC::JIT::privateCompile): - - moved out code to PropertyStubCompilationInfo::copyToStubInfo. - * jit/JIT.h: - (PropertyStubCompilationInfo): - - added helper functions to initializae PropertyStubCompilationInfo, state to store more offset info. - - removed many offsets. - * jit/JITPropertyAccess.cpp: - (JSC::JIT::emit_op_method_check): - (JSC::JIT::compileGetByIdHotPath): - (JSC::JIT::compileGetByIdSlowCase): - (JSC::JIT::emit_op_put_by_id): - (JSC::JIT::emitSlow_op_put_by_id): - (JSC::JIT::patchGetByIdSelf): - (JSC::JIT::patchPutByIdReplace): - (JSC::JIT::privateCompilePatchGetArrayLength): - (JSC::JIT::privateCompileGetByIdProto): - (JSC::JIT::privateCompileGetByIdSelfList): - (JSC::JIT::privateCompileGetByIdProtoList): - (JSC::JIT::privateCompileGetByIdChainList): - (JSC::JIT::privateCompileGetByIdChain): - (JSC::JIT::resetPatchGetById): - (JSC::JIT::resetPatchPutById): - - changed code generation to use new interface to store info on PropertyStubCompilationInfo. - - changed repatch functions to read offsets from the structure stub info. - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::emit_op_method_check): - (JSC::JIT::compileGetByIdHotPath): - (JSC::JIT::compileGetByIdSlowCase): - (JSC::JIT::emit_op_put_by_id): - (JSC::JIT::emitSlow_op_put_by_id): - (JSC::JIT::patchGetByIdSelf): - (JSC::JIT::patchPutByIdReplace): - (JSC::JIT::privateCompilePatchGetArrayLength): - (JSC::JIT::privateCompileGetByIdProto): - (JSC::JIT::privateCompileGetByIdSelfList): - (JSC::JIT::privateCompileGetByIdProtoList): - (JSC::JIT::privateCompileGetByIdChainList): - (JSC::JIT::privateCompileGetByIdChain): - (JSC::JIT::resetPatchGetById): - (JSC::JIT::resetPatchPutById): - - changed code generation to use new interface to store info on PropertyStubCompilationInfo. - - changed repatch functions to read offsets from the structure stub info. - -2012-04-13 Rob Buis - - Fix some compiler warnings (miscellaneous) - https://bugs.webkit.org/show_bug.cgi?id=80790 - - Reviewed by Antonio Gomes. - - Fix signed/unsigned comparison warning. - - * parser/Lexer.cpp: - (JSC::::record16): - -2012-04-12 Benjamin Poulain - - Improve replaceUsingStringSearch() for case of a single character searchValue - https://bugs.webkit.org/show_bug.cgi?id=83738 - - Reviewed by Geoffrey Garen. - - This patch improves replaceUsingStringSearch() with the following: - -Add a special case for single character search, taking advantage of the faster WTF::find(). - -Inline replaceUsingStringSearch(). - -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds - by definition. - - This gives less than 1% improvement for the multicharacter replace. - The single character search show about 9% improvement. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingStringSearch): - -2012-04-12 Michael Saboff - - StructureStubInfo::reset() causes leaks of PolymorphicAccessStructureList and ExecutableMemoryHandle objects - https://bugs.webkit.org/show_bug.cgi?id=83823 - - Reviewed by Gavin Barraclough. - - Put the clearing of the accessType to after the call to deref() so that - deref() can use the accessType to delete referenced objects as needed. - - * bytecode/StructureStubInfo.h: - (JSC::StructureStubInfo::reset): - -2012-04-12 Balazs Kelemen - - [Qt] Fix WebKit1 build with V8 - https://bugs.webkit.org/show_bug.cgi?id=83322 - - Reviewed by Adam Barth. - - * yarr/yarr.pri: - -2012-04-12 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=83821 - Move dfg repatching properties of structure stub info into a union - - Reviewed by Oliver Hunt. - - We want to be able to have similar properties for the baseline JIT, some restructuring to prepare for this. - - * bytecode/StructureStubInfo.h: - (StructureStubInfo): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGRepatch.cpp: - (JSC::DFG::dfgRepatchByIdSelfAccess): - (JSC::DFG::linkRestoreScratch): - (JSC::DFG::generateProtoChainAccessStub): - (JSC::DFG::tryCacheGetByID): - (JSC::DFG::tryBuildGetByIDList): - (JSC::DFG::tryBuildGetByIDProtoList): - (JSC::DFG::emitPutReplaceStub): - (JSC::DFG::emitPutTransitionStub): - (JSC::DFG::tryCachePutByID): - (JSC::DFG::tryBuildPutByIdList): - (JSC::DFG::dfgResetGetByID): - (JSC::DFG::dfgResetPutByID): - -2012-04-12 Gavin Barraclough - - Delete a bunch of unused, copy & pasted values in JIT.h - https://bugs.webkit.org/show_bug.cgi?id=83822 - - Reviewed by Oliver Hunt. - - The only architecture we support the JSVALUE64 JIT on is x86-64, all the patch offsets for other architectures are just nonsense. - - * jit/JIT.h: - (JIT): - -2012-04-12 Csaba Osztrogonác - - [Qt][ARM] Buildfix after r113934. - - Reviewed by Zoltan Herczeg. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::compare8): - (MacroAssemblerARM): - -2012-04-11 Filip Pizlo - - It is incorrect to short-circuit Branch(LogicalNot(@a)) if boolean speculations on @a may fail - https://bugs.webkit.org/show_bug.cgi?id=83744 - - - Reviewed by Andy Estes. - - This does the conservative thing: it only short-circuits Branch(LogicalNot(@a)) if @a is a node - that is statically known to return boolean results. - - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - -2012-04-11 Michael Saboff - - Invalid Union Reference in StructureStubInfo.{cpp.h} - https://bugs.webkit.org/show_bug.cgi?id=83735 - - Reviewed by Filip Pizlo. - - Changed the references to u.getByIdProtoList and u.getByIdSelfList - to be consistent. - - * bytecode/StructureStubInfo.cpp: - (JSC::StructureStubInfo::visitWeakReferences): - * bytecode/StructureStubInfo.h: - (JSC::StructureStubInfo::initGetByIdSelfList): - -2012-04-11 Filip Pizlo - - Unreviewed attempting to make Qt's eccentric hardware work. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::compare8): - (MacroAssemblerARM): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::compare8): - (MacroAssemblerMIPS): - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::compare8): - (MacroAssemblerSH4): - -2012-04-11 Filip Pizlo - - op_is_foo should be optimized - https://bugs.webkit.org/show_bug.cgi?id=83666 - - Reviewed by Gavin Barraclough. - - This implements inlining of op_is_undefined, op_is_string, op_is_number, - and op_is_boolean in LLInt and the baseline JIT. op_is_object and - op_is_function are not inlined because they are quite a bit more complex. - - This also implements all of the op_is_foo opcodes in the DFG, but it does - not do any type profiling based optimizations, yet. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::compare8): - (MacroAssemblerARMv7): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::compare8): - (MacroAssemblerX86Common): - * assembler/MacroAssemblerX86_64.h: - (MacroAssemblerX86_64): - (JSC::MacroAssemblerX86_64::testPtr): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCCallHelpers.h: - (JSC::DFG::CCallHelpers::setupArguments): - (CCallHelpers): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - (JSC::DFG::SpeculativeJIT::appendCallSetResult): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - * jit/JIT.h: - (JIT): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_is_undefined): - (JSC): - (JSC::JIT::emit_op_is_boolean): - (JSC::JIT::emit_op_is_number): - (JSC::JIT::emit_op_is_string): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_is_undefined): - (JSC): - (JSC::JIT::emit_op_is_boolean): - (JSC::JIT::emit_op_is_number): - (JSC::JIT::emit_op_is_string): - * jit/JITStubs.cpp: - (JSC): - * llint/LLIntSlowPaths.cpp: - (LLInt): - * llint/LLIntSlowPaths.h: - (LLInt): - * llint/LowLevelInterpreter.asm: - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - * offlineasm/armv7.rb: - * offlineasm/instructions.rb: - * offlineasm/x86.rb: - -2012-04-11 Filip Pizlo - - If you use an IntegerOperand and want to return it with integerResult, you need to - zero extend to get rid of the box - https://bugs.webkit.org/show_bug.cgi?id=83734 - - - Reviewed by Oliver Hunt. - - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillInteger): - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): - -2012-04-11 Filip Pizlo - - SpeculativeJIT::fillStorage() should work with all the states that a cell may be in - https://bugs.webkit.org/show_bug.cgi?id=83722 - - Reviewed by Gavin Barraclough. - - It's now possible to do StorageOperand on a cell, in the case that the storage is - inline. But this means that fillStorage() must be able to handle all of the states - that a cell might be in. Previously it didn't. - - With this change, it now does handle all of the states, and moreover, it does so - by preserving the DataFormat of cells and performing all of the cell speculations - that should be performed if you're using a cell as storage. But if you use this on - something that is known to be storage already then it behaves as it did before. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::fillStorage): - -2012-04-11 Filip Pizlo - - Global variable predictions should not be coalesced unnecessarily - https://bugs.webkit.org/show_bug.cgi?id=83678 - - Reviewed by Geoff Garen. - - Removed the PredictionTracker and everyone who used it. Converted GetGlobalVar - to have a heapPrediction like a civilized DFG opcode ought to. - - No performance effect. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/CodeBlock.h: - * bytecode/PredictionTracker.h: Removed. - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGGenerationInfo.h: - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGGraph.h: - (Graph): - * dfg/DFGNode.h: - (JSC::DFG::Node::hasHeapPrediction): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - -2012-04-11 Benjamin Poulain - - Optimize String.split() for 1 character separator - https://bugs.webkit.org/show_bug.cgi?id=83546 - - Reviewed by Gavin Barraclough. - - This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case - where the separator is a single character. - - The two main gains are: - -Use of the find() function with a single character instead of doing a full string matching. - -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline - function. - - The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits. - - This makes String.split() faster by about 13% in that particular case. - - * runtime/StringPrototype.cpp: - (JSC): - (JSC::splitStringByOneCharacterImpl): - (JSC::stringProtoFuncSplit): - -2012-04-10 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: Ad missing files. - -2012-04-10 Mark Rowe - - Attempt to fix the Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-04-10 Patrick Gansterer - - Cleanup wtf/Platform.h and config.h files - https://bugs.webkit.org/show_bug.cgi?id=83431 - - Reviewed by Eric Seidel. - - The ENABLE() and USE() macros take care about the case when the flag - isn't defined. So there is no need to define anything with 0. - - Also move duplicated code from the config.h files to Platform.h and - merge a few preprocessor commands to make the file more readable. - - * config.h: - -2012-04-10 Filip Pizlo - - DFG should flush SetLocals to arguments - https://bugs.webkit.org/show_bug.cgi?id=83554 - - Reviewed by Gavin Barraclough. - - This is necessary to match baseline JIT argument capture behavior. - - But to make this work right we need to have a story for arguments into - which we store values of different formats. This patch introduces the - notion of an ArgumentPosition - i.e. an argument in a particular inline - call frame - and forces unification of all data pertinent to selecting - the argument's data format. - - Also fixed an amusing bug in the handling of OSR on SetLocals if there - was any insertion/deletion of nodes in the basic block. This is benign - for now but won't be eventually since the DFG is getting smarter. So - better fix it now. - - Also fixed an amusing bug in the handling of OSR on SetLocals if they - are immediately followed by a Flush. I think this bug might have always - been there but now it'll happen more commonly, and it's covered by the - run-javascriptcore-tests. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGArgumentPosition.h: Added. - (DFG): - (ArgumentPosition): - (JSC::DFG::ArgumentPosition::ArgumentPosition): - (JSC::DFG::ArgumentPosition::addVariable): - (JSC::DFG::ArgumentPosition::mergeArgumentAwareness): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::setLocal): - (JSC::DFG::ByteCodeParser::setArgument): - (InlineStackEntry): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - * dfg/DFGDoubleFormatState.h: Added. - (DFG): - (JSC::DFG::mergeDoubleFormatStates): - (JSC::DFG::mergeDoubleFormatState): - (JSC::DFG::doubleFormatStateToString): - * dfg/DFGGraph.h: - (Graph): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::VariableAccessData): - (JSC::DFG::VariableAccessData::predict): - (JSC::DFG::VariableAccessData::argumentAwarePrediction): - (VariableAccessData): - (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction): - (JSC::DFG::VariableAccessData::doubleFormatState): - (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): - (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): - (JSC::DFG::VariableAccessData::mergeDoubleFormatState): - (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat): - -2012-04-10 Adam Klein - - Remove unused NonNullPassRefPtr from WTF - https://bugs.webkit.org/show_bug.cgi?id=82389 - - Reviewed by Kentaro Hara. - - * JavaScriptCore.order: Remove nonexistent symbols referencing NonNullPassRefPtr. - -2012-04-10 Darin Adler - - Remove unused data member from Lexer class - https://bugs.webkit.org/show_bug.cgi?id=83429 - - Reviewed by Kentaro Hara. - - I noticed that m_delimited was "write-only", so I deleted it. - - * parser/Lexer.cpp: - (JSC::Lexer::setCode): Removed code to set m_delimited. - (JSC::Lexer::parseIdentifier): Ditto. - (JSC::Lexer::parseIdentifierSlowCase): Ditto. - (JSC::Lexer::lex): Ditto. - * parser/Lexer.h: Deleted m_delimited. - -2012-04-10 Patrick Gansterer - - [CMake] Enable USE_FOLDERS property - https://bugs.webkit.org/show_bug.cgi?id=83571 - - Reviewed by Daniel Bates. - - Setting the FOLDER property on targets gives more structure - to the generated Visual Studio solutions. - This does not affect other CMake generators. - - * CMakeLists.txt: - * shell/CMakeLists.txt: - -2012-04-10 Filip Pizlo - - It should be possible to see why a code block was not compiled by the DFG - https://bugs.webkit.org/show_bug.cgi?id=83553 - - Reviewed by Geoff Garen. - - If DFG_ENABLE(DEBUG_VERBOSE) and a code block is rejected, then print the - opcode that caused the rejection. - - * dfg/DFGCapabilities.cpp: - (JSC::DFG::debugFail): - (DFG): - (JSC::DFG::canHandleOpcodes): - -2012-04-09 Gavin Barraclough - - If a callback constructor returns a C++ null, throw a type error. - https://bugs.webkit.org/show_bug.cgi?id=83537 - - Rubber Stamped by Geoff Garen. - - * API/JSCallbackConstructor.cpp: - (JSC::constructJSCallback): - - If a callback constructor returns a C++ null, throw a type error. - * API/tests/testapi.c: - (Base_returnHardNull): - * API/tests/testapi.js: - - Add a test case for callback constructors that return a C++ null. - -2012-04-09 Gavin Barraclough - - If a callback function returns a C++ null, convert to undefined. - https://bugs.webkit.org/show_bug.cgi?id=83534 - - Reviewed by Geoff Garen. - - * API/JSCallbackFunction.cpp: - - If a callback function returns a C++ null, convert to undefined. - (JSC::JSCallbackFunction::call): - * API/tests/testapi.c: - (Base_returnHardNull): - * API/tests/testapi.js: - - Add a test case for callback functions that return a C++ null. - -2012-04-09 Filip Pizlo - - Classic interpreter's GC hooks shouldn't attempt to scan instructions for code blocks that - are currently being generated - https://bugs.webkit.org/show_bug.cgi?id=83531 - - - Reviewed by Gavin Barraclough. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::stronglyVisitStrongReferences): - -2012-04-09 Filip Pizlo - - Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks. - - * dfg/DFGOperations.cpp: - (JSC): - * offlineasm/armv7.rb: - -2012-04-09 Patrick Gansterer - - Remove HAVE_STDINT_H - https://bugs.webkit.org/show_bug.cgi?id=83434 - - Reviewed by Kentaro Hara. - - HAVE_STDINT_H is defined with 1 all the time and we us stdint.h without HAVE(STDINT_H) already. - - * config.h: - -2012-04-08 Filip Pizlo - - DFG should not load the property storage if it is inline. - https://bugs.webkit.org/show_bug.cgi?id=83455 - - Reviewed by Gavin Barraclough. - - We had previously decided to have all property storage accesses go through - the property storage pointer even if they don't "really" have to, because - we were thinking this would help GC barriers somehow. Well, we never ended - up doing anything with that. Hence, doing these wasted loads of the - property storage pointer when the storage is inline is just a waste of CPU - cycles. - - This change makes the DFG's inline property accesses (GetByOffset and - PutByOffset) go directly to the inline property storage if the structure(s) - tell us that it's OK. - - This looks like an across-the-board 1% win. - - * bytecode/StructureSet.h: - (JSC): - (JSC::StructureSet::allAreUsingInlinePropertyStorage): - (StructureSet): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::fillStorage): - -2012-04-08 Filip Pizlo - - Command-line jsc's exception handling should be rationalized - https://bugs.webkit.org/show_bug.cgi?id=83437 - - Reviewed by Dan Bernstein. - - - If an exception is thrown during run() execution, it is now propagated, - so that it will terminate program execution unless it is caught. - - - If program execution terminates with an exception, the exception is now - always printed. - - - When printing the exception, the backtrace is now also printed if one is - available. It will only not be available if you use something akin to my - favorite line of code, 'throw "error"', since primitives don't have - properties and hence we cannot attach a "stack" property to them. - - * jsc.cpp: - (functionRun): - (runWithScripts): - -2012-04-04 Filip Pizlo - - Forced OSR exits should lead to recompilation based on count, not rate - https://bugs.webkit.org/show_bug.cgi?id=83247 - - - Reviewed by Geoff Garen. - - Track which OSR exits happen because of inadequate coverage. Count them - separately. If the count reaches a threshold, immediately trigger - reoptimization. - - This is in contrast to the recompilation trigger for all other OSR exits. - Normally recomp is triggered when the exit rate exceeds a certain ratio. - - Looks like a slight V8 speedup (sub 1%). - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::CodeBlock): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::forcedOSRExitCounter): - (JSC::CodeBlock::addressOfForcedOSRExitCounter): - (JSC::CodeBlock::offsetOfForcedOSRExitCounter): - (JSC::CodeBlock::shouldReoptimizeNow): - (JSC::CodeBlock::shouldReoptimizeFromLoopNow): - (CodeBlock): - * bytecode/DFGExitProfile.h: - (JSC::DFG::exitKindToString): - * dfg/DFGOSRExitCompiler.cpp: - (JSC::DFG::OSRExitCompiler::handleExitCounts): - (DFG): - * dfg/DFGOSRExitCompiler.h: - (OSRExitCompiler): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/Options.cpp: - (Options): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - -2012-04-06 Benjamin Poulain - - Do not abuse ArrayStorage's m_length for testing array consistency - https://bugs.webkit.org/show_bug.cgi?id=83403 - - Reviewed by Geoffrey Garen. - - Array creation from a list of values is a 3 steps process: - -JSArray::tryCreateUninitialized() - -JSArray::initializeIndex() for each values - -JSArray::completeInitialization() - - Previously, the attribute m_length was not set to the final size - JSArray::tryCreateUninitialized() because it was used to test the array - consistency JSArray::initializeIndex(). - - This caused the initialization loop using JSArray::initializeIndex() maintain - two counters: - -index of the loop - -storage->m_length++ - - This patch fixes this by using the index of the initialization loop for the indinces of - JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex - is introduced if CHECK_ARRAY_CONSISTENCY is defined. - - The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined. - - This improves the performance of JSArray creation from literals by 8%. - - * runtime/JSArray.cpp: - (JSC::JSArray::tryFinishCreationUninitialized): - (JSC::JSArray::checkConsistency): - * runtime/JSArray.h: - (ArrayStorage): - (JSC::JSArray::initializeIndex): - (JSC::JSArray::completeInitialization): - -2012-04-06 Jon Lee - - Build fix for Windows bots. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: export missing symbol. - -2012-04-06 Geoffrey Garen - - Renamed - - WeakHeap => WeakSet - HandleHeap => HandleSet - - Reviewed by Sam Weinig. - - These sets do have internal allocators, but it's confusing to call them - heaps because they're sub-objects of an object called "heap". - - * heap/HandleHeap.cpp: Removed. - * heap/HandleHeap.h: Removed. - * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp. - * heap/WeakHeap.cpp: Removed. - * heap/WeakHeap.h: Removed. - * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp. - * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h. - - Plus global rename using grep. - -2012-04-06 Dan Bernstein - - HiDPI: Have canvas use a hidpi backing store, but downsample upon access - - Reviewed by Sam Weinig. - - * Configurations/FeatureDefines.xcconfig: Added ENABLE_HIGH_DPI_CANVAS. - -2012-04-06 Rob Buis - - Fix cast-align warnings in JSC - https://bugs.webkit.org/show_bug.cgi?id=80790 - - Reviewed by George Staikos. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::computeJumpType): - (JSC::ARMv7Assembler::link): - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::linkCode): - * heap/MarkStack.cpp: - (JSC::SlotVisitor::copyAndAppend): - * runtime/JSArray.cpp: - (JSC::JSArray::visitChildren): - * wtf/RefCountedArray.h: - (WTF::RefCountedArray::Header::payload): - -2012-04-06 Darin Adler - - Streamline strtod and fix some related problems - https://bugs.webkit.org/show_bug.cgi?id=82857 - - Reviewed by Geoffrey Garen. - - * parser/Lexer.cpp: - (JSC::Lexer<>::lex): Use parseDouble. Since we have already scanned the number - and we know it has only correct characters, leading spaces, trailing junk, and - trailing spaces are not a possibility. No need to add a trailing null character. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::parseInt): Changed overflow based 10 case to use parseDouble. No need - to allow trailing junk since the code above already allows only numeric digits - in the string. This code path is used only in unusual cases, so it's not - optimized for 8-bit strings, but easily could be. - (JSC::jsStrDecimalLiteral): Removed the allow trailing junk argument to this - function template because all the callers are OK with trailing junk. Use the - parseDouble function. No need to copy the data into a byte buffer, because - parseDouble handles that. - (JSC::toDouble): Got rid of the DisallowTrailingJunk argument to the - jsStrDecimalLiteral function template. That's OK because this function - already checks for trailing junk and handles it appropriately. The old code - path was doing it twice. - (JSC::parseFloat): Got rid of the AllowTrailingJunk argument to the - jsStrDecimalLiteral function template; the template allows junk unconditionally. - - * runtime/LiteralParser.cpp: - (JSC::::Lexer::lexNumber): Use parseDouble. Since we have already scanned the number - and we know it has only correct characters, leading spaces, trailing junk, and - trailing spaces are not a possibility. No need to add a trailing null character. - No need to copy the data into a byte buffer, because parseDouble handles that. - We could optimize the UChar case even more because we know all the characters - are ASCII, but not doing that at this time. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated. - -2012-04-06 Patrick Gansterer - - Remove JSC dependency from GregorianDateTime - https://bugs.webkit.org/show_bug.cgi?id=83290 - - Reviewed by Geoffrey Garen. - - This allows us to move it to WTF later. - - * runtime/DateConstructor.cpp: - (JSC::callDate): - * runtime/JSDateMath.h: - -2012-04-05 Michael Saboff - - Call Heap::discardAllCompiledCode() in low memory situations - https://bugs.webkit.org/show_bug.cgi?id=83335 - - Reviewed by Geoffrey Garen. - - Restructured Heap::discardAllCompiledCode() to do the "Is JavaScriptRunning?" - check inline so that it can be called directly without this check. - - * heap/Heap.cpp: - (JSC::Heap::discardAllCompiledCode): - (JSC::Heap::collectAllGarbage): - * heap/Heap.h: Added JS_EXPORT_PRIVATE to discardAllCompiledCode() so it can be - called from WebCore. - (Heap): - * runtime/JSGlobalData.h: Removed unused " void discardAllCompiledCode()" declaration. - (JSGlobalData): - -2012-04-05 Benjamin Poulain - - Speed up the conversion from JSValue to String for bulk operations - https://bugs.webkit.org/show_bug.cgi?id=83243 - - Reviewed by Geoffrey Garen. - - When making operations on primitive types, we loose some time converting - values to JSString in order to extract the string. - - This patch speeds up some basic Array operations by avoiding the creation - of intermediary JSString when possible. - - For the cases where we need to convert a lot of JSValue in a tight loop, - an inline conversion is used. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncToLocaleString): - (JSC::arrayProtoFuncJoin): - (JSC::arrayProtoFuncPush): - (JSC::arrayProtoFuncSort): - * runtime/CommonIdentifiers.h: - * runtime/JSArray.cpp: - (JSC::JSArray::sort): - * runtime/JSString.h: - (JSC::JSValue::toUString): - (JSC): - (JSC::inlineJSValueNotStringtoUString): - (JSC::JSValue::toUStringInline): - * runtime/JSValue.cpp: - (JSC::JSValue::toUStringSlowCase): - (JSC): - * runtime/JSValue.h: - (JSValue): - -2012-04-05 Benjamin Poulain - - Use QuickSort when sorting primitive values by string representation - https://bugs.webkit.org/show_bug.cgi?id=83312 - - Reviewed by Gavin Barraclough. - - When the value we are sorting are all primitive values, we do not need to - ensure a stable sort as two values with equal string representation are - indistinguishable from JavaScript. - - This gives about 16% performance increase when sorting primitive values. - - * runtime/JSArray.cpp: - (JSC::JSArray::sort): - -2012-04-05 Oliver Hunt - - SIGILL in JavaScriptCore on a Geode processor - https://bugs.webkit.org/show_bug.cgi?id=82496 - - Reviewed by Gavin Barraclough. - - Don't attempt to use the DFG when SSE2 is not available. - - * dfg/DFGCapabilities.cpp: - (JSC::DFG::canCompileOpcodes): - -2012-04-05 Oliver Hunt - - Fix 32-bit build. - - * API/APICast.h: - (toJS): - -2012-04-05 Oliver Hunt - - Replace static_cast with jsCast when casting JSCell subclasses in JSC - https://bugs.webkit.org/show_bug.cgi?id=83307 - - Reviewed by Gavin Barraclough. - - Replace all usage of static_cast with jsCast<> in JavaScriptCore. - This results in assertions when unsafe casts are performed, but simply leaves - a static_cast<> in release builds. - - * API/APICast.h: - (toJS): - * API/JSCallbackConstructor.cpp: - (JSC::constructJSCallback): - * API/JSCallbackFunction.cpp: - (JSC::JSCallbackFunction::call): - * API/JSCallbackObjectFunctions.h: - (JSC::::asCallbackObject): - (JSC::::finishCreation): - (JSC::::construct): - (JSC::::call): - * API/JSObjectRef.cpp: - (JSObjectGetPrivate): - (JSObjectSetPrivate): - (JSObjectGetPrivateProperty): - (JSObjectSetPrivateProperty): - (JSObjectDeletePrivateProperty): - * API/JSValueRef.cpp: - (JSValueIsObjectOfClass): - * API/JSWeakObjectMapRefPrivate.cpp: - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::resolve): - (JSC::BytecodeGenerator::resolveConstDecl): - * debugger/DebuggerActivation.cpp: - (JSC::DebuggerActivation::finishCreation): - * dfg/DFGOperations.cpp: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * runtime/Executable.h: - (JSC::isHostFunction): - * runtime/JSActivation.h: - (JSC::asActivation): - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnProperty): - * runtime/JSArray.h: - (JSC::asArray): - * runtime/JSBoundFunction.cpp: - (JSC::boundFunctionCall): - (JSC::boundFunctionConstruct): - * runtime/JSByteArray.h: - (JSC::asByteArray): - * runtime/JSCell.cpp: - (JSC::JSCell::toObject): - * runtime/JSCell.h: - (JSC::jsCast): - * runtime/JSGlobalObject.h: - (JSC::asGlobalObject): - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::globalFuncEval): - * runtime/JSObject.cpp: - (JSC::JSObject::setPrototypeWithCycleCheck): - (JSC::JSObject::allowsAccessFrom): - (JSC::JSObject::toThisObject): - (JSC::JSObject::unwrappedObject): - * runtime/JSObject.h: - (JSC::asObject): - * runtime/JSPropertyNameIterator.h: - (JSC::Register::propertyNameIterator): - * runtime/JSString.h: - (JSC::asString): - (JSC::JSValue::toString): - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncSubstr): - -2012-04-05 Benjamin Poulain - - Make something faster than JSStringBuilder for joining an array of JSValue - https://bugs.webkit.org/show_bug.cgi?id=83180 - - Reviewed by Geoffrey Garen. - - This patch add the class JSStringJoiner optimized for join() operations. - - This class makes stricter constraints than JSStringBuilder in order avoid - memory allocations. - - In the best case, the class allocate memory only twice: - -Allocate an array to keep a list of UString to join. - -Allocate the final string. - - We also avoid the conversion from 8bits strings to 16bits strings since - they are costly and unlikly to help for subsequent calls. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToLocaleString): - (JSC::arrayProtoFuncJoin): - * runtime/JSStringJoiner.cpp: Added. - (JSC): - (JSC::appendStringToData): - (JSC::joinStrings): - (JSC::JSStringJoiner::build): - * runtime/JSStringJoiner.h: Added. - (JSC): - (JSStringJoiner): - (JSC::JSStringJoiner::JSStringJoiner): - (JSC::JSStringJoiner::append): - -2012-04-05 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=77293 - [Un]Reserve 'let' - - Rubber stamped by Oliver Hunt. - - Revert r106198. - This does break the web - e.g. https://bvi.bnc.ca/index/bnc/indexen.html - If we're going to reserve let, we're going to have to do so in a more - circumspect fashion. - - * parser/Keywords.table: - -2012-04-05 Michael Saboff - - Rolling out http://trac.webkit.org/changeset/113262. - Original code was fine. - - Rubber-stamped by Oliver Hunt. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::additionBlindedConstant): - -2012-04-05 Patrick Gansterer - - [WinCE] Remove unnecessary function decleration - https://bugs.webkit.org/show_bug.cgi?id=83155 - - Reviewed by Kentaro Hara. - - * runtime/JSDateMath.cpp: - -2012-04-04 Patrick Gansterer - - Add WTF::getCurrentLocalTime() - https://bugs.webkit.org/show_bug.cgi?id=83164 - - Reviewed by Alexey Proskuryakov. - - Replace the calls to WTF::getLocalTime() with time(0) with the new function. - This allows us to use Win32 API on windows to get the same result in a next step. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/DateConstructor.cpp: - (JSC::callDate): - -2012-04-04 Oliver Hunt - - Parser fails to revert some state after parsing expression and object literals. - https://bugs.webkit.org/show_bug.cgi?id=83236 - - Reviewed by Gavin Barraclough. - - Reset left hand side counter after parsing the literals. - - * parser/Parser.cpp: - (JSC::::parseObjectLiteral): - (JSC::::parseStrictObjectLiteral): - (JSC::::parseArrayLiteral): - -2012-04-04 Filip Pizlo - - DFG InstanceOf should not uselessly speculate cell - https://bugs.webkit.org/show_bug.cgi?id=83234 - - Reviewed by Oliver Hunt. - - If InstanceOf is the only user of its child then don't speculate cell, since - the not-cell case is super easy to handle. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileInstanceOf): - -2012-04-04 Michael Saboff - - Fixed minor error: "& 3" should be "& 2". - - Rubber-stamped by Oliver Hunt. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::additionBlindedConstant): - -2012-04-04 Michael Saboff - - Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP - https://bugs.webkit.org/show_bug.cgi?id=83191 - - Reviewed by Oliver Hunt. - - Make are that blinded constant pairs are similarly aligned to the - original immediate values so that instructions that expect that - alignment work correctly. One example is ARMv7 add/sub imm to SP. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned. - (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned. - (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned. - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::additionBlindedConstant): - -2012-04-04 Filip Pizlo - - DFG should short-circuit Branch(LogicalNot(...)) - https://bugs.webkit.org/show_bug.cgi?id=83181 - - Reviewed by Geoff Garen. - - Slight (sub 1%) speed-up on V8. - - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - -2012-04-04 Geoffrey Garen - - [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode - https://bugs.webkit.org/show_bug.cgi?id=83139 - - Reviewed by Sam Weinig. - - * heap/PassWeak.h: - (JSC::::get): 32-bit JSValue treats JSValue(nullptr).asCell() as an error, - so work around that here. (Long-term, we should make 32-bit and 64-bit - agree on the right behavior.) - -2012-04-03 Geoffrey Garen - - Updated JSC expected test results to reflect recent bug fixes . - - Reviewed by Sam Weinig. - - * tests/mozilla/expected.html: - -2012-03-29 Geoffrey Garen - - First step toward incremental Weak finalization - https://bugs.webkit.org/show_bug.cgi?id=82670 - - Reviewed by Filip Pizlo. - - This patch implements a Weak heap that is compatible with incremental - finalization, while making as few behavior changes as possible. The behavior - changes it makes are: - - (*) Weak's raw JSValue no longer reverts to JSValue() automatically -- - instead, a separate flag indicates that the JSValue is no longer valid. - (This is required so that the JSValue can be preserved for later finalization.) - Objects dealing with WeakImpls directly must change to check the flag. - - (*) Weak is no longer a subclass of Handle. - - (*) DOM GC performance is different -- 9% faster in the geometric mean, - but 15% slower in one specific case: - gc-dom1.html: 6% faster - gc-dom2.html: 23% faster - gc-dom3.html: 17% faster - gc-dom4.html: 15% *slower* - - The key features of this new heap are: - - (*) Each block knows its own state, independent of any other blocks. - - (*) Each block caches its own sweep result. - - (*) The heap visits dead Weaks at the end of GC. (It doesn't - mark them yet, since that would be a behavior change.) - - * API/JSCallbackObject.cpp: - (JSC::JSCallbackObjectData::finalize): - * API/JSCallbackObjectFunctions.h: - (JSC::::init): Updated to use the new WeakHeap API. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: Paid the build system tax since I added some new files. - - * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public, - so we can keep passing a Handle to finalizers, to avoid more surface - area change in this patch. A follow-up patch should change the type we - pass to finalizers. - - * heap/HandleHeap.cpp: - (JSC): - (JSC::HandleHeap::writeBarrier): - (JSC::HandleHeap::isLiveNode): - * heap/HandleHeap.h: - (JSC): - (HandleHeap): - (Node): - (JSC::HandleHeap::Node::Node): Removed all code related to Weak, since - we have a separate WeakHeap now. - - * heap/Heap.cpp: - (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted - for through our watermark now. Removed m_waterMark because it was unused. - - (JSC::Heap::destroy): Updated for addition of WeakHeap. - - (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own - variable to participating in the watermark strategy. I wanted to standardize - WeakHeap and all other Heap clients on this strategy, to make sure it's - accurate. - - (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap - dead visit pass, as explained above. - - (JSC::Heap::collect): - (JSC::Heap::resetAllocators): Updated for addition of WeakHeap. - - (JSC::Heap::addFinalizer): - (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak API. - - * heap/Heap.h: - (JSC::Heap::weakHeap): - (Heap): - (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking - strategy, since this is the best way for WeakHeap to report its memory - cost. (I plan to update this in a follow-up patch to make it more accurate, - but for now it is not less accurate than it used to be.) - - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::MarkedSpace): - (JSC::MarkedSpace::resetAllocators): - * heap/MarkedSpace.h: - (MarkedSpace): - (JSC::MarkedSpace::addToWaterMark): - (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because - it was unused, and I didn't want to update WeakHeap to keep an usused - variable working. Added API for above. - - * heap/PassWeak.h: - (JSC): - (WeakImplAccessor): - (PassWeak): - (JSC::::operator): - (JSC::::get): - (JSC::::was): - (JSC::::PassWeak): - (JSC::::~PassWeak): - (JSC::UnspecifiedBoolType): - (JSC::::leakImpl): - (JSC::adoptWeak): - * heap/Strong.h: - (JSC::Strong::operator!): - (Strong): - (JSC::Strong::operator UnspecifiedBoolType*): - (JSC::Strong::get): - * heap/Weak.h: - (Weak): - (JSC::::Weak): - (JSC): - (JSC::::isHashTableDeletedValue): - (JSC::::~Weak): - (JSC::::swap): - (JSC::=): - (JSC::::operator): - (JSC::UnspecifiedBoolType): - (JSC::::release): - (JSC::::clear): - (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil - down to two things: - - (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap. - - (*) Explicitly check WeakImpl::state() for non-liveness before returning - a value (explained above). - - These files implement the new Weak heap behavior described above: - - * heap/WeakBlock.cpp: Added. - * heap/WeakBlock.h: Added. - * heap/WeakHandleOwner.cpp: Added. - * heap/WeakHandleOwner.h: Added. - * heap/WeakHeap.cpp: Added. - * heap/WeakHeap.h: Added. - * heap/WeakImpl.h: Added. - - One interesting difference from the old heap is that we don't allow - clients to overwrite a WeakImpl after allocating it, and we don't recycle - WeakImpls prior to garbage collection. This is required for lazy finalization, - but it will also help us esablish a useful invariant in the future: allocating - a WeakImpl will be a binding contract to run a finalizer at some point in the - future, even if the WeakImpl is later deallocated. - - * jit/JITStubs.cpp: - (JSC::JITThunks::hostFunctionStub): Check the Weak for ! instead of - its JSValue, since that's our API contract now, and the JSValue might - be stale. - - * runtime/JSCell.h: - (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless. - - * runtime/Structure.cpp: - (JSC::StructureTransitionTable::add): I can't remember why I did this. - - * runtime/StructureTransitionTable.h: - * runtime/WeakGCMap.h: I had to update these classes because they allocate - and deallocate weak pointers manually. They should probably stop doing that. - -2012-04-03 Keishi Hattori - - Disable ENABLE_DATALIST for now - https://bugs.webkit.org/show_bug.cgi?id=82871 - - Reviewed by Kent Tamura. - - * Configurations/FeatureDefines.xcconfig: Disabled ENABLE_DATALIST. - -2012-04-02 Filip Pizlo - - jsr/sret should be removed - https://bugs.webkit.org/show_bug.cgi?id=82986 - - - Reviewed by Sam Weinig and Geoff Garen. - - Replaces jsr/sret with finally block inlining. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::pushFinallyContext): - (JSC::BytecodeGenerator::emitComplexJumpScopes): - (JSC): - * bytecompiler/BytecodeGenerator.h: - (FinallyContext): - (BytecodeGenerator): - * bytecompiler/NodesCodegen.cpp: - (JSC::TryNode::emitBytecode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompile): - * jit/JIT.h: - (JIT): - * jit/JITOpcodes.cpp: - (JSC): - * jit/JITOpcodes32_64.cpp: - (JSC): - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - -2012-04-03 Mark Rowe - - Make it possible to install the JavaScriptCore test tools. - - Part of . - - Reviewed by Filip Pizlo. - - * JavaScriptCore.xcodeproj/project.pbxproj: Introduce an aggregate target named - Test Tools that builds testapi, minidom and testRegExp. Switch All from depending on - those targets individually to depending on the new aggregate target. - -2012-04-03 Filip Pizlo - - Offlineasm ARM backend has a very convoluted way of saying it wants to emit a - three-operand multiply instruction - https://bugs.webkit.org/show_bug.cgi?id=83100 - - Reviewed by Darin Adler. - - Changed the "muli"/"mulp" case to call emitArmV7() since that helper method was - already smart enough to do the Right Thing for multiply. - - * offlineasm/armv7.rb: - -2012-04-03 Filip Pizlo - - Offlineasm ARM backend uses the wrong mnemonic for multiply - https://bugs.webkit.org/show_bug.cgi?id=83098 - - - Reviewed by Gavin Barraclough. - - Use "mul" instead of "muls" since we're passing three operands, not two. - - * offlineasm/armv7.rb: - -2012-04-03 Gavin Barraclough - - Linux crashes during boot - https://bugs.webkit.org/show_bug.cgi?id=83096 - - Reviewed by Filip Pizlo. - - The bug here is that we add empty JSValues to the sparse map, and then set them - - but a GC may occur before doing so (due to a call to reportExtraMemory cost). - We may want to consider making it safe to mark empty JSValues, but the simple & - contained fix to this specific bug is to just initialize these values to - something other than JSValue(). - - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::add): - - Initialize sparse map entries. - -2012-04-02 Oliver Hunt - - Incorrect liveness information when inlining - https://bugs.webkit.org/show_bug.cgi?id=82985 - - Reviewed by Filip Pizlo. - - Don't remap register numbers that have already been remapped. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleInlining): - -2012-04-02 Filip Pizlo - - Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we - try to create an arguments object from the activation - https://bugs.webkit.org/show_bug.cgi?id=82947 - - - Reviewed by Gavin Barraclough. - - We now copy the entire call frame header just to be sure. This is mostly perf-netural, - except for a 3.7% slow-down in V8/earley. - - * runtime/JSActivation.cpp: - (JSC::JSActivation::visitChildren): - * runtime/JSActivation.h: - (JSC::JSActivation::tearOff): - -2012-04-02 Daniel Bates - - Remove Source/JavaScriptCore/wtf and its empty subdirectories - - Rubber-stamped by Eric Seidel. - - Following the move of WTF from Source/JavaScriptCore/wtf to Source/WTF - (https://bugs.webkit.org/show_bug.cgi?id=75673), remove directory - Source/JavaScriptCore/wtf and its empty subdirectories. - - * wtf: Removed. - * wtf/android: Removed. - * wtf/blackberry: Removed. - * wtf/chromium: Removed. - * wtf/dtoa: Removed. - * wtf/efl: Removed. - * wtf/gobject: Removed. - * wtf/gtk: Removed. - * wtf/mac: Removed. - * wtf/qt: Removed. - * wtf/qt/compat: Removed. - * wtf/tests: Removed. - * wtf/text: Removed. - * wtf/threads: Removed. - * wtf/threads/win: Removed. - * wtf/unicode: Removed. - * wtf/unicode/glib: Removed. - * wtf/unicode/icu: Removed. - * wtf/unicode/qt4: Removed. - * wtf/unicode/wince: Removed. - * wtf/url: Removed. - * wtf/url/api: Removed. - * wtf/url/src: Removed. - * wtf/win: Removed. - * wtf/wince: Removed. - * wtf/wx: Removed. - -2012-04-02 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: Add missing file. - -2012-04-01 Darin Adler - - Fix incorrect path for libWTF.a in Mac project file. - - * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that - would cause other configurations to try to link with the "Release" version of - libWTF.a instead of the correct version. - -2012-03-29 Filip Pizlo - - DFG should optimize a==b for a being an object and b being either an object or - null/undefined, and vice versa - https://bugs.webkit.org/show_bug.cgi?id=82656 - - Reviewed by Oliver Hunt. - - Implements additional object equality optimizations for the case that one - operand is predicted to be an easily speculated object (like FinalObject or - Array) and the other is either an easily speculated object or Other, i.e. - Null or Undefined. - - 2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8. - - I also took the opportunity to clean up the control flow for the speculation - decisions in the various Compare opcodes. And to fix a build bug in SamplingTool. - And to remove debug cruft I stupidly committed in my last patch. - - * bytecode/SamplingTool.h: - (SamplingRegion): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): - (JSC::DFG::SpeculativeJIT::compare): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): - (DFG): - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): - (DFG): - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): - -2012-03-30 David Barr - - Split up top-level .gitignore and .gitattributes - https://bugs.webkit.org/show_bug.cgi?id=82687 - - Reviewed by Tor Arne Vestbø. - - * JavaScriptCore.gyp/.gitignore: Added. - -2012-03-30 Steve Falkenburg - - Windows (make based) build fix. - - * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them. - -2012-03-30 Keishi Hattori - - Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium - https://bugs.webkit.org/show_bug.cgi?id=80972 - - Reviewed by Kent Tamura. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-29 Mark Hahnenberg - - Refactor recompileAllJSFunctions() to be less expensive - https://bugs.webkit.org/show_bug.cgi?id=80330 - - Reviewed by Filip Pizlo. - - This change is performance neutral on the JS benchmarks we track. It's mostly to improve page - load performance, which currently does at least a couple full GCs per navigation. - - * heap/Heap.cpp: - (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode - because the function doesn't actually recompile anything (and never did); it simply throws code - away for it to be recompiled later if we determine we should do so. - (JSC): - (JSC::Heap::collectAllGarbage): - (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list. - (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list. - * heap/Heap.h: - (JSC): - (Heap): - * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can - be used in DoublyLinkedLists. - (JSC::FunctionExecutable::FunctionExecutable): - (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list. - * runtime/Executable.h: - (FunctionExecutable): - (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list. - * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage - the list of FunctionExecutables. - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/JSGlobalObject.cpp: - (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode. - -2012-03-29 Filip Pizlo - - Unreviewed build fix for non-x86 platforms. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emitSlow_op_mod): - -2012-03-29 Gavin Barraclough - - Windows build fix p2. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-29 Gavin Barraclough - - Windows build fix p1. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-29 Gavin Barraclough - - Template the Yarr::Interpreter on the character type - https://bugs.webkit.org/show_bug.cgi?id=82637 - - Reviewed by Sam Weinig. - - We should be able to call to the interpreter after having already checked the character type, - without having to re-package the character pointer back up into a string! - - * runtime/RegExp.cpp: - (JSC::RegExp::match): - (JSC::RegExp::matchCompareWithInterpreter): - - Don't pass length. - * yarr/Yarr.h: - - moved function declarations to YarrInterpreter.h. - * yarr/YarrInterpreter.cpp: - (Yarr): - (Interpreter): - (JSC::Yarr::Interpreter::InputStream::InputStream): - (InputStream): - (JSC::Yarr::Interpreter::Interpreter): - (JSC::Yarr::interpret): - - templated Interpreter class on CharType. - * yarr/YarrInterpreter.h: - (Yarr): - - added function declarations. - -2012-03-29 David Kilzer - - Don't use a flattened framework path when building on OS X - - Reviewed by Mark Rowe. - - * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME - to select different INSTALL_PATH values. - -2012-03-29 Kevin Ollivier - - [wx] Unreviewed build fix, add Win-specific sources - the wx port needs after WTF move. - - * wscript: - -2012-03-29 Andy Estes - - Remove an unused variable that breaks the build with newer versions of clang. - - Rubber stamped by Gavin Barraclough. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): - -2012-03-29 Caio Marcelo de Oliveira Filho - - HashMap<>::add should return a more descriptive object - https://bugs.webkit.org/show_bug.cgi?id=71063 - - Reviewed by Ryosuke Niwa. - - Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps - the iterator type, there's a need for its own AddResult type -- instantiated from - HashTableAddResult template class. - - * API/JSCallbackObject.h: - (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty): - * API/JSClassRef.cpp: - (OpaqueJSClass::contextData): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::addVar): - (JSC::BytecodeGenerator::addGlobalVar): - (JSC::BytecodeGenerator::addConstant): - (JSC::BytecodeGenerator::addConstantValue): - (JSC::BytecodeGenerator::emitLoad): - (JSC::BytecodeGenerator::addStringConstant): - (JSC::BytecodeGenerator::emitLazyNewFunction): - * bytecompiler/NodesCodegen.cpp: - (JSC::PropertyListNode::emitBytecode): - * debugger/Debugger.cpp: - * dfg/DFGAssemblyHelpers.cpp: - (JSC::DFG::AssemblyHelpers::decodedCodeMapFor): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::cellConstant): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - * jit/JITStubs.cpp: - (JSC::JITThunks::ctiStub): - (JSC::JITThunks::hostFunctionStub): - * parser/Parser.cpp: - (JSC::::parseStrictObjectLiteral): - * parser/Parser.h: - (JSC::Scope::declareParameter): - * runtime/Identifier.cpp: - (JSC::Identifier::add): - (JSC::Identifier::add8): - (JSC::Identifier::addSlowCase): - * runtime/Identifier.h: - (JSC::Identifier::add): - (JSC::IdentifierTable::add): - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::add): - (JSC::SparseArrayValueMap::put): - (JSC::SparseArrayValueMap::putDirect): - (JSC::JSArray::enterDictionaryMode): - (JSC::JSArray::defineOwnNumericProperty): - * runtime/JSArray.h: - (SparseArrayValueMap): - * runtime/PropertyNameArray.cpp: - (JSC::PropertyNameArray::add): - * runtime/StringRecursionChecker.h: - (JSC::StringRecursionChecker::performCheck): - * runtime/Structure.cpp: - (JSC::StructureTransitionTable::add): - * runtime/WeakGCMap.h: - (WeakGCMap): - (JSC::WeakGCMap::add): - (JSC::WeakGCMap::set): - * tools/ProfileTreeNode.h: - (JSC::ProfileTreeNode::sampleChild): - -2012-03-29 Patrick Gansterer - - Build fix for !ENABLE(YARR_JIT) after r112454. - - * runtime/RegExp.cpp: - (JSC::RegExp::invalidateCode): - -2012-03-28 Filip Pizlo - - DFG object equality speculations should be simplified - https://bugs.webkit.org/show_bug.cgi?id=82557 - - Reviewed by Gavin Barraclough. - - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateFinalObject): - (JSC::DFG::Node::shouldSpeculateArray): - -2012-03-28 David Kilzer - - minidom configurations should be based on ToolExecutable.xcconfig - - - Reviewed by Mark Rowe. - - Note that this patch changes minidom from being installed in - /usr/local/bin to JavaScriptCore.framework/Resources. - - * Configurations/ToolExecutable.xcconfig: Add semi-colon. - * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom - configurations on ToolExecutable.xcconfig. Remove redundant - PRODUCT_NAME and SKIP_INSTALL variables. - -2012-03-28 Gavin Barraclough - - Build fix - some compiles generating NORETURN related warnings. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::setSubpatternStart): - (JSC::Yarr::YarrGenerator::setSubpatternEnd): - (JSC::Yarr::YarrGenerator::clearSubpatternStart): - -2012-03-28 Kevin Ollivier - - [wx] Unreviewed. Build fix, move WTF back into JSCore target - until issues with JSCore not linking in all WTF symbols are resolved. - - * wscript: - -2012-03-28 Gavin Barraclough - - Yarr: if we're not using the output array, don't populate it! - https://bugs.webkit.org/show_bug.cgi?id=82519 - - Reviewed by Sam Weinig. - - * runtime/RegExp.cpp: - (JSC): - - Missed review comment! - didn't fully remove RegExpRepresentation. - -2012-03-28 Gavin Barraclough - - Yarr: if we're not using the output array, don't populate it! - https://bugs.webkit.org/show_bug.cgi?id=82519 - - Reviewed by Sam Weinig. - - Add a new variant of the match method to RegExp that returns a MatchResult, - and modify YarrJIT to be able to compile code that doesn't use an output vector. - - This is a 3% progression on v8-regexp. - - * JavaScriptCore.xcodeproj/project.pbxproj: - - Moved MatchResult into its own header. - * assembler/AbstractMacroAssembler.h: - - Added missing include. - * runtime/MatchResult.h: Added. - (MatchResult::MatchResult): - (MatchResult): - (MatchResult::failed): - (MatchResult::operator bool): - (MatchResult::empty): - - Moved MatchResult into its own header. - * runtime/RegExp.cpp: - (JSC::RegExp::compile): - (JSC::RegExp::compileIfNecessary): - (JSC::RegExp::match): - - Changed due to execute & representation changes. - (JSC::RegExp::compileMatchOnly): - (JSC::RegExp::compileIfNecessaryMatchOnly): - - Added helper to compile MatchOnly code. - (JSC::RegExp::invalidateCode): - (JSC::RegExp::matchCompareWithInterpreter): - (JSC::RegExp::printTraceData): - - Changed due representation changes. - * runtime/RegExp.h: - (RegExp): - (JSC::RegExp::hasCode): - - Made YarrCodeBlock a member. - * runtime/RegExpConstructor.h: - (RegExpConstructor): - (JSC::RegExpConstructor::performMatch): - - Added no-ovector form. - * runtime/RegExpMatchesArray.cpp: - (JSC::RegExpMatchesArray::reifyAllProperties): - - Match now takes a reference to ovector, not a pointer. - * runtime/RegExpObject.h: - (JSC): - - Moved MatchResult into its own header. - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncSplit): - - Match now takes a reference to ovector, not a pointer. - * testRegExp.cpp: - (testOneRegExp): - - Match now takes a reference to ovector, not a pointer. - * yarr/YarrJIT.cpp: - (Yarr): - (YarrGenerator): - (JSC::Yarr::YarrGenerator::initCallFrame): - (JSC::Yarr::YarrGenerator::removeCallFrame): - (JSC::Yarr::YarrGenerator::setSubpatternStart): - (JSC::Yarr::YarrGenerator::setSubpatternEnd): - (JSC::Yarr::YarrGenerator::clearSubpatternStart): - (JSC::Yarr::YarrGenerator::setMatchStart): - (JSC::Yarr::YarrGenerator::getMatchStart): - - Added helper functions to intermediate access to output. - (JSC::Yarr::YarrGenerator::generateDotStarEnclosure): - (JSC::Yarr::YarrGenerator::generate): - (JSC::Yarr::YarrGenerator::backtrack): - (JSC::Yarr::YarrGenerator::generateEnter): - (JSC::Yarr::YarrGenerator::compile): - - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns. - (JSC::Yarr::jitCompile): - - Needs to template of MatchOnly or IncludeSubpatterns. - * yarr/YarrJIT.h: - (YarrCodeBlock): - (JSC::Yarr::YarrCodeBlock::set8BitCode): - (JSC::Yarr::YarrCodeBlock::set16BitCode): - (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly): - (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly): - (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly): - (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly): - (JSC::Yarr::YarrCodeBlock::execute): - (JSC::Yarr::YarrCodeBlock::clear): - - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching. - -2012-03-27 Filip Pizlo - - DFG OSR exit should not generate an exit for variables of inlinees if the - inlinees are not in scope - https://bugs.webkit.org/show_bug.cgi?id=82312 - - Reviewed by Oliver Hunt. - - * bytecode/CodeBlock.h: - (JSC::baselineCodeBlockForInlineCallFrame): - (JSC): - (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::computeNumVariablesForCodeOrigin): - (DFG): - (JSC::DFG::OSRExit::OSRExit): - -2012-03-27 Matt Lilek - - Stop compiling Interpreter.cpp with -fno-var-tracking - https://bugs.webkit.org/show_bug.cgi?id=82299 - - Reviewed by Anders Carlsson. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-03-27 Pratik Solanki - - Compiler warning when JIT is not enabled - https://bugs.webkit.org/show_bug.cgi?id=82352 - - Reviewed by Filip Pizlo. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::create): - -2012-03-26 Thouraya ANDOLSI - - Unaligned userspace access for SH4 platforms - https://bugs.webkit.org/show_bug.cgi?id=79104 - - Reviewed by Gavin Barraclough. - - * assembler/AbstractMacroAssembler.h: - (Jump): - (JSC::AbstractMacroAssembler::Jump::Jump): - (JSC::AbstractMacroAssembler::Jump::link): - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::load16Unaligned): - (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords): - (JSC::MacroAssemblerSH4::branchDouble): - (JSC::MacroAssemblerSH4::branchTrue): - (JSC::MacroAssemblerSH4::branchFalse): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::extraInstrForBranch): - (SH4Assembler): - (JSC::SH4Assembler::bra): - (JSC::SH4Assembler::linkJump): - * jit/JIT.h: - (JIT): - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - -2012-03-26 Ryosuke Niwa - - cssText should use shorthand notations - https://bugs.webkit.org/show_bug.cgi?id=81737 - - Reviewed by Enrica Casucci. - - Export symbols of BitVector on Windows. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-26 Filip Pizlo - - DFG should assert that argument value recoveries can only be - AlreadyInRegisterFile or Constant - https://bugs.webkit.org/show_bug.cgi?id=82249 - - Reviewed by Michael Saboff. - - Made the assertions that the DFG makes for argument value recoveries match - what Arguments expects. - - * bytecode/ValueRecovery.h: - (JSC::ValueRecovery::isConstant): - (ValueRecovery): - (JSC::ValueRecovery::isAlreadyInRegisterFile): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-26 Dan Bernstein - - Tried to fix the Windows build. - - * yarr/YarrPattern.cpp: - (JSC::Yarr::CharacterClassConstructor::putRange): - -2012-03-26 Gavin Barraclough - - Unreviewed - speculative Windows build fix. - - * yarr/YarrCanonicalizeUCS2.h: - (JSC::Yarr::getCanonicalPair): - -2012-03-26 Dan Bernstein - - Fixed builds with assertions disabled. - - * yarr/YarrCanonicalizeUCS2.h: - (JSC::Yarr::areCanonicallyEquivalent): - -2012-03-26 Gavin Barraclough - - Unreviewed - errk! - accidentally the whole pbxproj. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-03-25 Gavin Barraclough - - Greek sigma is handled wrong in case independent regexp. - https://bugs.webkit.org/show_bug.cgi?id=82063 - - Reviewed by Oliver Hunt. - - The bug here is that we assume that any given codepoint has at most one additional value it - should match under a case insensitive match, and that the pair of codepoints that match (if - a codepoint does not only match itself) can be determined by calling toUpper/toLower on the - given codepoint). Life is not that simple. - - Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters - it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular - we can pack this table quite nicely, and get it down to 364 entries. This means we can use a - simple binary search to find an entry in typically eight compares. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * yarr/yarr.pri: - - Added new files to build systems. - * yarr/YarrCanonicalizeUCS2.cpp: Added. - - New - autogenerated, UCS2 canonicalized comparison tables. - * yarr/YarrCanonicalizeUCS2.h: Added. - (JSC::Yarr::rangeInfoFor): - - Look up the canonicalization info for a UCS2 character. - (JSC::Yarr::getCanonicalPair): - - For a UCS2 character with a single equivalent value, look it up. - (JSC::Yarr::isCanonicallyUnique): - - Returns true if no other UCS2 code points are canonically equal. - (JSC::Yarr::areCanonicallyEquivalent): - - Compare two values, under canonicalization rules. - * yarr/YarrCanonicalizeUCS2.js: Added. - - script used to generate YarrCanonicalizeUCS2.cpp. - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::Interpreter::tryConsumeBackReference): - - Use isCanonicallyUnique, rather than Unicode toUpper/toLower. - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals): - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): - - Use isCanonicallyUnique, rather than Unicode toUpper/toLower. - * yarr/YarrPattern.cpp: - (JSC::Yarr::CharacterClassConstructor::putChar): - - Updated to determine canonical equivalents correctly. - (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase): - - Added, used to put a non-ascii, non-unique character in a case-insensitive match. - (JSC::Yarr::CharacterClassConstructor::putRange): - - Updated to determine canonical equivalents correctly. - (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter): - - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo. - -2012-03-26 Kevin Ollivier - - [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs, - so we make sure it finds the API headers on all platforms. - - * wscript: - -2012-03-26 Patrick Gansterer - - Build fix for WinCE after r112039. - - * interpreter/Register.h: - (Register): Removed inline keyword from decleration since - there is an ALWAYS_INLINE at the definition anyway. - -2012-03-26 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing files. - -2012-03-25 Kevin Ollivier - - [wx] Unreviewed build fix. Move WTF to its own static lib build. - - * wscript: - -2012-03-25 Filip Pizlo - - DFG int-to-double conversion should be revealed to CSE - https://bugs.webkit.org/show_bug.cgi?id=82135 - - Reviewed by Oliver Hunt. - - This introduces the notion of an Int32ToDouble node, which is injected - into the graph anytime we know that we have a double use of a node that - was predicted integer. The Int32ToDouble simplifies double speculation - on integers by skipping the path that would unbox doubles, if we know - that the value is already proven to be an integer. It allows integer to - double conversions to be subjected to common subexpression elimination - (CSE) by allowing the CSE phase to see where these conversions are - occurring. Finally, it allows us to see when a constant is being used - as both a double and an integer. This is a bit odd, since it means that - sometimes a double use of a constant will not refer directly to the - constant. This should not cause problems, for now, but it may require - some canonizalization in the future if we want to support strength - reductions of double operations based on constants. - - To allow injection of nodes into the graph, this change introduces the - DFG::InsertionSet, which is a way of lazily inserting elements into a - list. This allows the FixupPhase to remain O(N) despite performing - multiple injections in a single basic block. Without the InsertionSet, - each injection would require performing an insertion into a vector, - which is O(N), leading to O(N^2) performance overall. With the - InsertionSet, each injection simply records what insertion would have - been performed, and all insertions are performed at once (via - InsertionSet::execute) after processing of a basic block is completed. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/PredictedType.h: - (JSC::isActionableIntMutableArrayPrediction): - (JSC): - (JSC::isActionableFloatMutableArrayPrediction): - (JSC::isActionableTypedMutableArrayPrediction): - (JSC::isActionableMutableArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGCommon.h: - (JSC::DFG::useKindToString): - (DFG): - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::run): - (JSC::DFG::FixupPhase::fixupBlock): - (FixupPhase): - (JSC::DFG::FixupPhase::fixupNode): - (JSC::DFG::FixupPhase::fixDoubleEdge): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGInsertionSet.h: Added. - (DFG): - (Insertion): - (JSC::DFG::Insertion::Insertion): - (JSC::DFG::Insertion::index): - (JSC::DFG::Insertion::element): - (InsertionSet): - (JSC::DFG::InsertionSet::InsertionSet): - (JSC::DFG::InsertionSet::append): - (JSC::DFG::InsertionSet::execute): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compileValueToInt32): - (JSC::DFG::SpeculativeJIT::compileInt32ToDouble): - (DFG): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::IntegerOperand::IntegerOperand): - (JSC::DFG::DoubleOperand::DoubleOperand): - (JSC::DFG::JSValueOperand::JSValueOperand): - (JSC::DFG::StorageOperand::StorageOperand): - (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): - (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): - (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): - (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): - (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-25 Filip Pizlo - - DFGOperands should be moved out of the DFG and into bytecode - https://bugs.webkit.org/show_bug.cgi?id=82151 - - Reviewed by Dan Bernstein. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h. - * dfg/DFGBasicBlock.h: - * dfg/DFGNode.h: - * dfg/DFGOSREntry.h: - * dfg/DFGOSRExit.h: - * dfg/DFGOperands.h: Removed. - * dfg/DFGVariableAccessData.h: - -2012-03-24 Filip Pizlo - - DFG 64-bit Branch implementation should not be creating a JSValueOperand that - it isn't going to use - https://bugs.webkit.org/show_bug.cgi?id=82136 - - Reviewed by Geoff Garen. - - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitBranch): - -2012-03-24 Kevin Ollivier - - [wx] Unreviewed. Fix the build after WTF move. - - * wscript: - -2012-03-23 Filip Pizlo - - DFG double voting may be overzealous in the case of variables that end up - being used as integers - https://bugs.webkit.org/show_bug.cgi?id=82008 - - Reviewed by Oliver Hunt. - - Cleaned up propagation, making the intent more explicit in most places. - Back-propagate NodeUsedAsInt for cases where a node was used in a context - that is known to strongly prefer integers. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dumpCodeOrigin): - (JSC::DFG::Graph::dump): - * dfg/DFGGraph.h: - (Graph): - * dfg/DFGNodeFlags.cpp: - (JSC::DFG::nodeFlagsAsString): - * dfg/DFGNodeFlags.h: - (DFG): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::run): - (JSC::DFG::PredictionPropagationPhase::propagate): - (PredictionPropagationPhase): - (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags): - (JSC::DFG::PredictionPropagationPhase::vote): - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): - (JSC::DFG::PredictionPropagationPhase::fixupNode): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): - -2012-03-24 Filip Pizlo - - DFG::Node::shouldNotSpeculateInteger() should be eliminated - https://bugs.webkit.org/show_bug.cgi?id=82123 - - Reviewed by Geoff Garen. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (Node): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - -2012-03-24 Yong Li - - Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL) - https://bugs.webkit.org/show_bug.cgi?id=81521 - - Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace - for CPU(ARM_TRADITIONAL) to fit actual need. - - Reviewed by Oliver Hunt. - - * jit/JIT.h: - (JIT): - -2012-03-23 Filip Pizlo - - DFG Fixup should be able to short-circuit trivial ValueToInt32's - https://bugs.webkit.org/show_bug.cgi?id=82030 - - Reviewed by Michael Saboff. - - Takes the fixup() method of the prediction propagation phase and makes it - into its own phase. Adds the ability to short-circuit trivial ValueToInt32 - nodes, and mark pure ValueToInt32's as such. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCommon.h: - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGFixupPhase.cpp: Added. - (DFG): - (FixupPhase): - (JSC::DFG::FixupPhase::FixupPhase): - (JSC::DFG::FixupPhase::run): - (JSC::DFG::FixupPhase::fixupNode): - (JSC::DFG::FixupPhase::fixIntEdge): - (JSC::DFG::performFixup): - * dfg/DFGFixupPhase.h: Added. - (DFG): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::run): - (PredictionPropagationPhase): - -2012-03-23 Mark Hahnenberg - - tryReallocate could break the zero-ed memory invariant of CopiedBlocks - https://bugs.webkit.org/show_bug.cgi?id=82087 - - Reviewed by Filip Pizlo. - - Removing this optimization turned out to be ~1% regression on kraken, so I simply - undid the modification to the current block if we fail. - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail - to reallocate from the current block. - -2012-03-23 Alexey Proskuryakov - - [Mac] No need for platform-specific ENABLE_BLOB values - https://bugs.webkit.org/show_bug.cgi?id=82102 - - Reviewed by David Kilzer. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-23 Michael Saboff - - DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR - https://bugs.webkit.org/show_bug.cgi?id=81805 - - Reviewed by Filip Pizlo. - - Added SpeculativeJIT::checkGeneratedType() to determine the current format - of an operand. Used that information in SpeculativeJIT::compileValueToInt32 - to generate code that will use integer and JSValue types in integer - format directly without a conversion to double. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkGeneratedType): - (DFG): - (JSC::DFG::SpeculativeJIT::compileValueToInt32): - * dfg/DFGSpeculativeJIT.h: - (DFG): - (SpeculativeJIT): - -2012-03-23 Steve Falkenburg - - Update Apple Windows build files for WTF move - https://bugs.webkit.org/show_bug.cgi?id=82069 - - Reviewed by Jessie Berlin. - - * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated. - -2012-03-23 Dean Jackson - - Disable CSS_SHADERS in Apple builds - https://bugs.webkit.org/show_bug.cgi?id=81996 - - Reviewed by Simon Fraser. - - Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-23 Gavin Barraclough - - RexExp constructor last match properties should not rely on previous ovector - https://bugs.webkit.org/show_bug.cgi?id=82077 - - Reviewed by Oliver Hunt. - - This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future. - - This patch changes the scheme used to lazily generate the last match properties of the RegExp object. - Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using - a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match - location (the MatchResult). When the match is accessed or the input is set, we reify results. We use - a special value of setting the saved result to MatchResult::failed() to indicated that we're in a - reified state. This means that next time a match is performed, the store of the result will - automatically blow away the reified value. - - * JavaScriptCore.xcodeproj/project.pbxproj: - - Added new files. - * runtime/RegExp.cpp: - (JSC::RegExpFunctionalTestCollector::outputOneTest): - - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common). - * runtime/RegExpCachedResult.cpp: Added. - (JSC::RegExpCachedResult::visitChildren): - (JSC::RegExpCachedResult::lastResult): - (JSC::RegExpCachedResult::setInput): - - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt). - * runtime/RegExpCachedResult.h: Added. - (RegExpCachedResult): - - Added new class. - (JSC::RegExpCachedResult::RegExpCachedResult): - (JSC::RegExpCachedResult::record): - (JSC::RegExpCachedResult::input): - - Initialize the object, record the result of a RegExp match, access the stored input property. - * runtime/RegExpConstructor.cpp: - (JSC::RegExpConstructor::RegExpConstructor): - - Initialize m_result/m_multiline properties. - (JSC::RegExpConstructor::visitChildren): - - Make sure the cached results (or lazy source for them) are marked. - (JSC::RegExpConstructor::getBackref): - (JSC::RegExpConstructor::getLastParen): - (JSC::RegExpConstructor::getLeftContext): - (JSC::RegExpConstructor::getRightContext): - - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme. - (JSC::regExpConstructorInput): - (JSC::setRegExpConstructorInput): - - Changed to use RegExpCachedResult. - * runtime/RegExpConstructor.h: - (JSC::RegExpConstructor::create): - (RegExpConstructor): - (JSC::RegExpConstructor::setMultiline): - (JSC::RegExpConstructor::multiline): - - Move multiline property onto the constructor object; it is not affected by the last match. - (JSC::RegExpConstructor::setInput): - (JSC::RegExpConstructor::input): - - These defer to RegExpCachedResult. - (JSC::RegExpConstructor::performMatch): - * runtime/RegExpMatchesArray.cpp: Added. - (JSC::RegExpMatchesArray::visitChildren): - - Eeeep! added missing visitChildren! - (JSC::RegExpMatchesArray::finishCreation): - (JSC::RegExpMatchesArray::reifyAllProperties): - (JSC::RegExpMatchesArray::reifyMatchProperty): - - Moved from RegExpConstructor.cpp. - (JSC::RegExpMatchesArray::leftContext): - (JSC::RegExpMatchesArray::rightContext): - - Since the match start/ - * runtime/RegExpMatchesArray.h: - (RegExpMatchesArray): - - Declare new methods & structure flags. - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::match): - - performMatch now requires the JSString input, to cache. - * runtime/StringPrototype.cpp: - (JSC::removeUsingRegExpSearch): - (JSC::replaceUsingRegExpSearch): - (JSC::stringProtoFuncMatch): - (JSC::stringProtoFuncSearch): - - performMatch now requires the JSString input, to cache. - -2012-03-23 Tony Chang - - [chromium] rename newwtf target back to wtf - https://bugs.webkit.org/show_bug.cgi?id=82064 - - Reviewed by Adam Barth. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - -2012-03-23 Mark Hahnenberg - - Simplify memory usage tracking in CopiedSpace - https://bugs.webkit.org/show_bug.cgi?id=80705 - - Reviewed by Filip Pizlo. - - * heap/CopiedAllocator.h: - (CopiedAllocator): Rename currentUtilization to currentSize. - (JSC::CopiedAllocator::currentCapacity): - * heap/CopiedBlock.h: - (CopiedBlock): - (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class - declaration. - (JSC): - (JSC::CopiedBlock::size): Add new function to calculate the block's size. - (JSC::CopiedBlock::capacity): Ditto for capacity. - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new - field for the water mark. - (JSC::CopiedSpace::init): - (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current - block, we need to update our current water mark with the size of the block. - (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we - need to update our current water mark with the size of the used portion of the block. - (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when - reallocating because it will either get accounted for when we fill up the block later - in the case of being able to reallocate in the current block or it will get picked up - immediately because we'll have to get a new block. - (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when - realloc-ing an oversize block because we deallocate the old block and allocate a brand - new one. - (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to - the CopiedSpace by the SlotVisitors. - (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark. - (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or - not we should collect now instead of doing the calculation ourself. - (JSC::CopiedSpace::destroy): - (JSC): - (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how - MarkedSpace does. - (JSC::CopiedSpace::capacity): Ditto for capacity. - * heap/CopiedSpace.h: - (JSC::CopiedSpace::waterMark): - (CopiedSpace): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a - collection. - (JSC::CopiedSpace::allocateNewBlock): - (JSC::CopiedSpace::fitsInBlock): - (JSC::CopiedSpace::allocateFromBlock): - * heap/Heap.cpp: - (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap. - (JSC::Heap::capacity): Ditto for capacity. - (JSC::Heap::collect): - * heap/Heap.h: - (Heap): - (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to - determine whether they should initiate a collection or continue to allocate new blocks. - (JSC): - (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the - Heap (MarkedSpace and CopiedSpace). - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function. - -2012-03-23 Ryosuke Niwa - - BitVector::resizeOutOfLine doesn't memset when converting an inline buffer - https://bugs.webkit.org/show_bug.cgi?id=82012 - - Reviewed by Filip Pizlo. - - Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore. - - * wtf/BitVector.cpp: - (WTF::BitVector::resizeOutOfLine): - * wtf/BitVector.h: - (BitVector): - (OutOfLineBits): - -2012-03-22 Michael Saboff - - ExecutableAllocator::memoryPressureMultiplier() might can return NaN - https://bugs.webkit.org/show_bug.cgi?id=82002 - - Reviewed by Filip Pizlo. - - Guard against divide by zero and then make sure the return - value is >= 1.0. - - * jit/ExecutableAllocator.cpp: - (JSC::ExecutableAllocator::memoryPressureMultiplier): - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::memoryPressureMultiplier): - -2012-03-22 Jessie Berlin - - Windows build fix after r111778. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - Don't include and try to build files owned by WTF. - Also, let VS have its way with the vcproj in terms of file ordering. - -2012-03-22 Raphael Kubo da Costa - - [CMake] Unreviewed build fix after r111778. - - * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in - the include paths so that the right config.h is used. - -2012-03-22 Tony Chang - - Unreviewed, fix chromium build after wtf move. - - Remove old wtf_config and wtf targets. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - -2012-03-22 Martin Robinson - - Fixed the GTK+ WTF/JavaScriptCore build after r111778. - - * GNUmakefile.list.am: Removed an extra trailing backslash. - -2012-03-22 Mark Rowe - - Fix the build. - - * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries - rather than only those that contain symbols that JavaScriptCore itself uses. - * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project. - -2012-03-22 Filip Pizlo - - DFG NodeFlags has some duplicate code and naming issues - https://bugs.webkit.org/show_bug.cgi?id=81975 - - Reviewed by Gavin Barraclough. - - Removed most references to "ArithNodeFlags" since those are now just part - of the node flags. Fixed some renaming goofs (EdgedAsNum is once again - NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags() - because the former was never called and the latter did the same things as - mergeFlags(). - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGNode.h: - (JSC::DFG::Node::arithNodeFlags): - (Node): - * dfg/DFGNodeFlags.cpp: - (JSC::DFG::nodeFlagsAsString): - * dfg/DFGNodeFlags.h: - (DFG): - (JSC::DFG::nodeUsedAsNumber): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): - -2012-03-22 Eric Seidel - - Actually move WTF files to their new home - https://bugs.webkit.org/show_bug.cgi?id=81844 - - Unreviewed. The details of the port-specific changes - have been seen by contributors from those ports, but - the whole 5MB change isn't very reviewable as-is. - - * GNUmakefile.am: - * GNUmakefile.list.am: - * JSCTypedArrayStubs.h: - * JavaScriptCore.gypi: - * JavaScriptCore.xcodeproj/project.pbxproj: - * jsc.cpp: - -2012-03-22 Kevin Ollivier - - [wx] Unreviewed. Adding Source/WTF to the build. - - * wscript: - -2012-03-22 Gavin Barraclough - - Add JSValue::isFunction - https://bugs.webkit.org/show_bug.cgi?id=81935 - - Reviewed by Geoff Garen. - - This would be useful in the WebCore bindings code. - Also, remove asFunction, replace with jsCast. - - * API/JSContextRef.cpp: - * debugger/Debugger.cpp: - * debugger/DebuggerCallFrame.cpp: - (JSC::DebuggerCallFrame::functionName): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::valueOfFunctionConstant): - * dfg/DFGOperations.cpp: - * interpreter/CallFrame.cpp: - (JSC::CallFrame::isInlineCallFrameSlow): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC::jitCompileFor): - (JSC::lazyLinkFor): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::traceFunctionPrologue): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::setUpCall): - * runtime/Arguments.h: - (JSC::Arguments::finishCreation): - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncFilter): - (JSC::arrayProtoFuncMap): - (JSC::arrayProtoFuncEvery): - (JSC::arrayProtoFuncForEach): - (JSC::arrayProtoFuncSome): - (JSC::arrayProtoFuncReduce): - (JSC::arrayProtoFuncReduceRight): - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): - * runtime/Executable.h: - (JSC::FunctionExecutable::compileFor): - (JSC::FunctionExecutable::compileOptimizedFor): - * runtime/FunctionPrototype.cpp: - (JSC::functionProtoFuncToString): - * runtime/JSArray.cpp: - (JSC::JSArray::sort): - * runtime/JSFunction.cpp: - (JSC::JSFunction::argumentsGetter): - (JSC::JSFunction::callerGetter): - (JSC::JSFunction::lengthGetter): - * runtime/JSFunction.h: - (JSC): - (JSC::asJSFunction): - (JSC::JSValue::isFunction): - * runtime/JSGlobalData.cpp: - (WTF::Recompiler::operator()): - (JSC::JSGlobalData::releaseExecutableMemory): - * runtime/JSValue.h: - * runtime/StringPrototype.cpp: - (JSC::replaceUsingRegExpSearch): - -2012-03-21 Filip Pizlo - - DFG speculation on booleans should be rationalized - https://bugs.webkit.org/show_bug.cgi?id=81840 - - Reviewed by Gavin Barraclough. - - This removes isKnownBoolean() and replaces it with AbstractState-based - optimization, and cleans up the control flow in code gen methods for - Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber, - and removes isKnownNotBoolean() since that method appeared to be a - helper used solely by 32_64's speculateBooleanOperation(). - - This is performance-neutral. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateNumber): - * dfg/DFGSpeculativeJIT.cpp: - (DFG): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-21 Mark Rowe - - Fix the build. - - * wtf/MetaAllocator.h: - (MetaAllocator): Export the destructor. - -2012-03-21 Eric Seidel - - Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore - https://bugs.webkit.org/show_bug.cgi?id=81834 - - Reviewed by Adam Barth. - - * jsc.cpp: - * os-win32/WinMain.cpp: - * runtime/JSDateMath.cpp: - * runtime/TimeoutChecker.cpp: - * testRegExp.cpp: - * tools/CodeProfiling.cpp: - -2012-03-21 Eric Seidel - - WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library) - https://bugs.webkit.org/show_bug.cgi?id=81838 - - Reviewed by Geoffrey Garen. - - My understanding is that weak vtables happen when the compiler/linker cannot - determine which compilation unit should constain the vtable. In this case - because there were only pure virtual functions as well as an "inline" - virtual destructor (thus the virtual destructor was defined in many compilation - units). Since you can't actually "inline" a virtual function (it still has to - bounce through the vtable), the "inline" on this virutal destructor doesn't - actually help performance, and is only serving to confuse the compiler here. - I've moved the destructor implementation to the .cpp file, thus making - it clear to the compiler where the vtable should be stored, and solving the error. - - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocator::~MetaAllocator): - (WTF): - * wtf/MetaAllocator.h: - -2012-03-20 Gavin Barraclough - - RegExpMatchesArray should not copy the ovector - https://bugs.webkit.org/show_bug.cgi?id=81742 - - Reviewed by Michael Saboff. - - Currently, all RegExpMatchesArray object contain Vector, used to hold any sub-pattern results. - This makes allocation/construction/destruction of these objects more expensive. Instead, just store the - main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping, - and the results never accessed). - If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone. - - * dfg/DFGOperations.cpp: - - RegExpObject match renamed back to test (test returns a bool). - * runtime/RegExpConstructor.cpp: - (JSC): - - Removed RegExpResult, RegExpMatchesArray constructor, destroy method. - (JSC::RegExpMatchesArray::finishCreation): - - Removed RegExpConstructorPrivate parameter. - (JSC::RegExpMatchesArray::reifyAllProperties): - - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray. - If there are sub-pattern properties, the RegExp is re-run to generate their values. - (JSC::RegExpMatchesArray::reifyMatchProperty): - - Reify just the match (index 0) property of the RegExpMatchesArray. - * runtime/RegExpConstructor.h: - (RegExpConstructor): - (JSC::RegExpConstructor::performMatch): - - performMatch now returns a MatchResult, rather than using out-parameters. - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::RegExpMatchesArray): - - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties. - (RegExpMatchesArray): - (JSC::RegExpMatchesArray::create): - - Now passed the input string matched against, the RegExp, and the MatchResult. - (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary): - (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary): - - Helpers to conditionally reify properties. - (JSC::RegExpMatchesArray::getOwnPropertySlot): - (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): - (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): - (JSC::RegExpMatchesArray::put): - (JSC::RegExpMatchesArray::putByIndex): - (JSC::RegExpMatchesArray::deleteProperty): - (JSC::RegExpMatchesArray::deletePropertyByIndex): - (JSC::RegExpMatchesArray::getOwnPropertyNames): - (JSC::RegExpMatchesArray::defineOwnProperty): - - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary - (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0). - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::exec): - (JSC::RegExpObject::match): - - match now returns a MatchResult. - * runtime/RegExpObject.h: - (JSC::MatchResult::MatchResult): - - Added the result of a match is a start & end tuple. - (JSC::MatchResult::failed): - - A failure is indicated by (notFound, 0). - (JSC::MatchResult::operator bool): - - Evaluates to false if the match failed. - (JSC::MatchResult::empty): - - Evaluates to true if the match succeeded with length 0. - (JSC::RegExpObject::test): - - Now returns a bool. - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncTest): - - RegExpObject match renamed back to test (test returns a bool). - * runtime/StringPrototype.cpp: - (JSC::removeUsingRegExpSearch): - (JSC::replaceUsingRegExpSearch): - (JSC::stringProtoFuncMatch): - (JSC::stringProtoFuncSearch): - - performMatch now returns a MatchResult, rather than using out-parameters. - -2012-03-21 Hojong Han - - Fix out of memory by allowing overcommit - https://bugs.webkit.org/show_bug.cgi?id=81743 - - Reviewed by Geoffrey Garen. - - Garbage collection is not triggered and new blocks are added - because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough. - - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveAndCommit): - -2012-03-21 Jessie Berlin - - More Windows build fixing. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - Fix the order of the include directories to look in include/private first before looking - in include/private/JavaScriptCore. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: - Look in the Production output directory (where the wtf headers will be). This is the same - thing that is done for jsc and testRegExp in ReleasePGO. - -2012-03-21 Jessie Berlin - - WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not - $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf. - https://bugs.webkit.org/show_bug.cgi?id=81739 - - Reviewed by Dan Bernstein. - - * JavaScriptCore.vcproj/jsc/jsc.vcproj: - Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf - subdirectory of the build output, not the JavaScriptCore/wtf subdirectory. - * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: - Ditto. - - * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: - Get the headers for those 4 files from the wtf subdirectory of the build output, not the - JavaScriptCore/wtf subdirectory. - * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: - Ditto. - -2012-03-20 Eric Seidel - - Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf - https://bugs.webkit.org/show_bug.cgi?id=80911 - - Reviewed by Adam Barth. - - Update the various build systems to depend on Source/WTF headers - as well as remove references to Platform.h (since it's now moved). - - * CMakeLists.txt: - * JavaScriptCore.pri: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/CMakeLists.txt: - -2012-03-20 Filip Pizlo - - op_mod fails on many interesting corner cases - https://bugs.webkit.org/show_bug.cgi?id=81648 - - Reviewed by Oliver Hunt. - - Removed most strength reduction for op_mod, and fixed the integer handling - to do the right thing for corner cases. Oddly, this revealed bugs in OSR, - which this patch also fixes. - - This patch is performance neutral on all of the major benchmarks we track. - - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGSpeculativeJIT.cpp: - (DFG): - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - (JSC::DFG::SpeculativeJIT::compileArithMod): - * jit/JIT.h: - (JIT): - * jit/JITArithmetic.cpp: - (JSC): - (JSC::JIT::emit_op_mod): - (JSC::JIT::emitSlow_op_mod): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emit_op_mod): - (JSC::JIT::emitSlow_op_mod): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::privateCompileCTIMachineTrampolines): - (JSC): - * jit/JITStubs.h: - (TrampolineStructure): - (JSC::JITThunks::ctiNativeConstruct): - * llint/LowLevelInterpreter64.asm: - * wtf/Platform.h: - * wtf/SimpleStats.h: - (WTF::SimpleStats::variance): - -2012-03-20 Steve Falkenburg - - Windows (make based) build fix. - - - * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead. - -2012-03-20 Steve Falkenburg - - Move WTF-related Windows project files out of JavaScriptCore - https://bugs.webkit.org/show_bug.cgi?id=80680 - - This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF. - It does not move any source code. This is in preparation for the WTF source move out of - JavaScriptCore. - - Reviewed by Jessie Berlin. - - * JavaScriptCore.vcproj/JavaScriptCore.sln: - * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: - * JavaScriptCore.vcproj/WTF: Removed. - * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed. - * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed. - * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed. - * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed. - * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed. - * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed. - * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed. - -2012-03-20 Benjamin Poulain - - Cache the type string of JavaScript object - https://bugs.webkit.org/show_bug.cgi?id=81446 - - Reviewed by Geoffrey Garen. - - Instead of creating the JSString every time, we create - lazily the strings in JSGlobalData. - - This avoid the construction of the StringImpl and of the JSString, - which gives some performance improvements. - - * runtime/CommonIdentifiers.h: - * runtime/JSValue.cpp: - (JSC::JSValue::toStringSlowCase): - * runtime/Operations.cpp: - (JSC::jsTypeStringForValue): - * runtime/SmallStrings.cpp: - (JSC::SmallStrings::SmallStrings): - (JSC::SmallStrings::finalizeSmallStrings): - (JSC::SmallStrings::initialize): - (JSC): - * runtime/SmallStrings.h: - (SmallStrings): - -2012-03-20 Oliver Hunt - - Allow LLINT to work even when executable allocation fails. - https://bugs.webkit.org/show_bug.cgi?id=81693 - - Reviewed by Gavin Barraclough. - - Don't crash if executable allocation fails if we can fall back on LLINT - - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveAndCommit): - -2012-03-20 Csaba Osztrogonác - - Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1 - https://bugs.webkit.org/show_bug.cgi?id=81428 - - 32 bit buildfix after r111355. - - 2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int. - The smallest int is -2147483648 (-2^31) == -2147483647 - 1 == -INT32_MAX-1 == INT32_MIN (stdint.h). - - Reviewed by Zoltan Herczeg. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): - -2012-03-19 Jochen Eisinger - - Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace - https://bugs.webkit.org/show_bug.cgi?id=80983 - - Reviewed by Darin Adler. - - This allows printing a backtrace acquired by an earlier WTFGetBacktrace - call which is useful for local debugging. - - * wtf/Assertions.cpp: - * wtf/Assertions.h: - -2012-03-19 Benjamin Poulain - - Do not copy the script source in the SourceProvider, just reference the existing string - https://bugs.webkit.org/show_bug.cgi?id=81466 - - Reviewed by Geoffrey Garen. - - * parser/SourceCode.h: Remove the unused, and incorrect, function data(). - * parser/SourceProvider.h: Add OVERRIDE for clarity. - -2012-03-19 Filip Pizlo - - Division optimizations fail to infer cases of truncated division and - mishandle -2147483648/-1 - https://bugs.webkit.org/show_bug.cgi?id=81428 - - - Reviewed by Oliver Hunt. - - If you're a division over integers and you're only used as an integer, then you're - an integer division and remainder checks become unnecessary. If you're dividing - -2147483648 by -1, don't crash. - - * assembler/MacroAssemblerX86Common.h: - (MacroAssemblerX86Common): - (JSC::MacroAssemblerX86Common::add32): - * dfg/DFGSpeculativeJIT.cpp: - (DFG): - (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * llint/LowLevelInterpreter64.asm: - -2012-03-19 Benjamin Poulain - - Simplify SmallStrings - https://bugs.webkit.org/show_bug.cgi?id=81445 - - Reviewed by Gavin Barraclough. - - SmallStrings had two methods that should not be public: count() and clear(). - - The method clear() is effectively replaced by finalizeSmallStrings(). The body - of the method was moved to the constructor since the code is obvious. - - The method count() is unused. - - * runtime/SmallStrings.cpp: - (JSC::SmallStrings::SmallStrings): - * runtime/SmallStrings.h: - (SmallStrings): - -2012-03-19 Filip Pizlo - - DFG can no longer compile V8-v4/regexp in debug mode - https://bugs.webkit.org/show_bug.cgi?id=81592 - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-19 Filip Pizlo - - Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not - change throughout the fixpoint - https://bugs.webkit.org/show_bug.cgi?id=81583 - - Reviewed by Michael Saboff. - - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - -2012-03-19 Filip Pizlo - - GC should not attempt to clear LLInt instruction inline caches for code blocks that are in - the process of being generated - https://bugs.webkit.org/show_bug.cgi?id=81565 - - Reviewed by Oliver Hunt. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::finalizeUnconditionally): - -2012-03-19 Eric Seidel - - Fix WTF header include discipline in Chromium WebKit - https://bugs.webkit.org/show_bug.cgi?id=81281 - - Reviewed by James Robinson. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - * wtf/unicode/icu/CollatorICU.cpp: - -2012-03-19 Filip Pizlo - - DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList - https://bugs.webkit.org/show_bug.cgi?id=81556 - - Rubber stamped by Gavin Barraclough. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGAbstractState.h: - (JSC::DFG::AbstractState::forNode): - * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h. - (JSC::DFG::AdjacencyList::AdjacencyList): - (JSC::DFG::AdjacencyList::child): - (JSC::DFG::AdjacencyList::setChild): - (JSC::DFG::AdjacencyList::child1): - (JSC::DFG::AdjacencyList::child2): - (JSC::DFG::AdjacencyList::child3): - (JSC::DFG::AdjacencyList::setChild1): - (JSC::DFG::AdjacencyList::setChild2): - (JSC::DFG::AdjacencyList::setChild3): - (JSC::DFG::AdjacencyList::child1Unchecked): - (JSC::DFG::AdjacencyList::initialize): - (AdjacencyList): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::addVarArgChild): - (JSC::DFG::ByteCodeParser::processPhiStack): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::canonicalize): - (JSC::DFG::CSEPhase::performSubstitution): - * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h. - (DFG): - (JSC::DFG::Edge::Edge): - (JSC::DFG::Edge::operator==): - (JSC::DFG::Edge::operator!=): - (Edge): - (JSC::DFG::operator==): - (JSC::DFG::operator!=): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::operator[]): - (JSC::DFG::Graph::at): - (JSC::DFG::Graph::ref): - (JSC::DFG::Graph::deref): - (JSC::DFG::Graph::clearAndDerefChild1): - (JSC::DFG::Graph::clearAndDerefChild2): - (JSC::DFG::Graph::clearAndDerefChild3): - (Graph): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::getPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::Node): - (JSC::DFG::Node::child1): - (JSC::DFG::Node::child1Unchecked): - (JSC::DFG::Node::child2): - (JSC::DFG::Node::child3): - (Node): - * dfg/DFGNodeFlags.cpp: - (JSC::DFG::arithNodeFlagsAsString): - * dfg/DFGNodeFlags.h: - (DFG): - (JSC::DFG::nodeUsedAsNumber): - * dfg/DFGNodeReferenceBlob.h: Removed. - * dfg/DFGNodeUse.h: Removed. - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): - (JSC::DFG::PredictionPropagationPhase::vote): - (JSC::DFG::PredictionPropagationPhase::fixupNode): - * dfg/DFGScoreBoard.h: - (JSC::DFG::ScoreBoard::use): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::useChildren): - (JSC::DFG::SpeculativeJIT::writeBarrier): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::at): - (JSC::DFG::SpeculativeJIT::canReuse): - (JSC::DFG::SpeculativeJIT::use): - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): - (JSC::DFG::IntegerOperand::IntegerOperand): - (JSC::DFG::DoubleOperand::DoubleOperand): - (JSC::DFG::JSValueOperand::JSValueOperand): - (JSC::DFG::StorageOperand::StorageOperand): - (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): - (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): - (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): - (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): - (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::cachedPutById): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::cachedPutById): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - -2012-03-19 Gavin Barraclough - - Object.freeze broken on latest Nightly - https://bugs.webkit.org/show_bug.cgi?id=80577 - - Reviewed by Oliver Hunt. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't - been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty. - * runtime/JSFunction.cpp: - (JSC::JSFunction::defineOwnProperty): - - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that - the object must be extensible; this is incorrect since these properties should already exist - on the object. In addition, it was asserting that the arguments/caller values must match the - corresponding magic data properties, but for strict mode function this is incorrect. Instead, - just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty. - -2012-03-19 Filip Pizlo - - LLInt get_by_pname slow path incorrectly assumes that the operands are not constants - https://bugs.webkit.org/show_bug.cgi?id=81559 - - Reviewed by Michael Saboff. - - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - -2012-03-19 Yong Li - - [BlackBerry] Implement OSAllocator::commit/decommit in the correct way - https://bugs.webkit.org/show_bug.cgi?id=77013 - - We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to - implement memory decommitting for QNX. - - Reviewed by Rob Buis. - - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveUncommitted): - (WTF::OSAllocator::commit): - (WTF::OSAllocator::decommit): - -2012-03-19 Gavin Barraclough - - Unreviewed - revent a couple of files accidentally committed. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - * runtime/JSFunction.cpp: - (JSC::JSFunction::defineOwnProperty): - -2012-03-19 Jessie Berlin - - Another Windows build fix after r111129. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-19 Raphael Kubo da Costa - - Cross-platform processor core counter: fix build on FreeBSD. - https://bugs.webkit.org/show_bug.cgi?id=81482 - - Reviewed by Zoltan Herczeg. - - The documentation of sysctl(3) shows that should be - included before (sys/types.h tends to be the first - included header in general). - - This should fix the build on FreeBSD and other systems where - sysctl.h really depends on types defined in types.h. - - * wtf/NumberOfCores.cpp: - -2012-03-19 Jessie Berlin - - Windows build fix after r111129. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-19 Gavin Barraclough - - JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType - https://bugs.webkit.org/show_bug.cgi?id=81468 - - Reviewed by Oliver Hunt. - - The API specifies that convertToType may opt not to handle a conversion: - "@result The objects's converted value, or NULL if the object was not converted." - In which case, it would propagate first up the JSClass hierarchy, calling its superclass's - conversion functions, and failing that call the JSObject::defaultValue function. - - Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on - the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in - bug#73368, these will return the result from the first convertToType they find, regardless - of whether this result is null, and if no convertToType method is found in the api class - hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype - chain), they will also return a null pointer. This is unsafe. - - It would be easy to make the approach based around toStringCallback/valueOfCallback continue - to walk the api class hierarchy, but making the fallback to defaultValue would be problematic - (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse). - Making the fallback work with toString/valueOf methods attached to api objects is probably - not the right thing to do – instead, we should just implement the defaultValue trap for api - objects. - - In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard - null to be returned from C to JavaScript - this is not okay. Handle with an exception. - - * API/JSCallbackFunction.cpp: - (JSC::JSCallbackFunction::call): - - Should be null checking the return value. - (JSC): - - Remove toStringCallback/valueOfCallback. - * API/JSCallbackFunction.h: - (JSCallbackFunction): - - Remove toStringCallback/valueOfCallback. - * API/JSCallbackObject.h: - (JSCallbackObject): - - Add defaultValue mthods to JSCallbackObject. - * API/JSCallbackObjectFunctions.h: - (JSC::::defaultValue): - - Add defaultValue mthods to JSCallbackObject. - * API/JSClassRef.cpp: - (OpaqueJSClass::prototype): - - Remove toStringCallback/valueOfCallback. - * API/tests/testapi.js: - - Revert this test, now we no longer artificially introduce a toString method onto the api object. - -2012-03-18 Raphael Kubo da Costa - - [EFL] Include ICU_INCLUDE_DIRS when building. - https://bugs.webkit.org/show_bug.cgi?id=81483 - - Reviewed by Daniel Bates. - - So far, only the ICU libraries were being included when building - JavaScriptCore, however the include path is also needed, otherwise the - build will fail when ICU is installed into a non-standard location. - - * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}. - -2012-03-17 Gavin Barraclough - - Strength reduction, RegExp.exec -> RegExp.test - https://bugs.webkit.org/show_bug.cgi?id=81459 - - Reviewed by Sam Weinig. - - RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular - expression for a match against a string - however exec is more expensive, since - it allocates a matches array object. In cases where the result is consumed in a - boolean context the allocation of the matches array can be trivially elided. - - For example: - function f() - { - for (i =0; i < 10000000; ++i) - if(!/a/.exec("a")) - err = true; - } - - This is a 2.5x speedup on this example microbenchmark loop. - - In a more advanced form of this optimization, we may be able to avoid allocating - the array where access to the array can be observed. - - * create_hash_table: - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleIntrinsic): - * dfg/DFGNode.h: - (JSC::DFG::Node::hasHeapPrediction): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileRegExpExec): - (DFG): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * jsc.cpp: - (GlobalObject::addConstructableFunction): - * runtime/Intrinsic.h: - * runtime/JSFunction.cpp: - (JSC::JSFunction::create): - (JSC): - * runtime/JSFunction.h: - (JSFunction): - * runtime/Lookup.cpp: - (JSC::setUpStaticFunctionSlot): - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::exec): - (JSC::RegExpObject::match): - * runtime/RegExpObject.h: - (RegExpObject): - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncTest): - (JSC::regExpProtoFuncExec): - -2012-03-16 Michael Saboff - - Improve diagnostic benefit of JSGlobalData::m_isInitializingObject - https://bugs.webkit.org/show_bug.cgi?id=81244 - - Rubber stamped by Filip Pizlo. - - Changed type and name of JSGlobalData::m_isInitializingObject to - ClassInfo* and m_initializingObjectClass. - Changed JSGlobalData::setInitializingObject to - JSGlobalData::setInitializingObjectClass. This pointer can be used within - the debugger to determine what type of object is being initialized. - - * runtime/JSCell.h: - (JSC::JSCell::finishCreation): - (JSC::allocateCell): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSGlobalData): - (JSC::JSGlobalData::isInitializingObject): - (JSC::JSGlobalData::setInitializingObjectClass): - * runtime/Structure.h: - (JSC::JSCell::finishCreation): - -2012-03-16 Mark Rowe - - Build fix. Do not preserve owner and group information when installing the WTF headers. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-03-15 David Dorwin - - Make the array pointer parameters in the Typed Array create() methods const. - https://bugs.webkit.org/show_bug.cgi?id=81147 - - Reviewed by Kenneth Russell. - - This allows const arrays to be passed to these methods. - They use PassRefPtr create(), which already has a const parameter. - - * wtf/Int16Array.h: - (Int16Array): - (WTF::Int16Array::create): - * wtf/Int32Array.h: - (Int32Array): - (WTF::Int32Array::create): - * wtf/Int8Array.h: - (Int8Array): - (WTF::Int8Array::create): - * wtf/Uint16Array.h: - (Uint16Array): - (WTF::Uint16Array::create): - * wtf/Uint32Array.h: - (Uint32Array): - (WTF::Uint32Array::create): - * wtf/Uint8Array.h: - (Uint8Array): - (WTF::Uint8Array::create): - * wtf/Uint8ClampedArray.h: - (Uint8ClampedArray): - (WTF::Uint8ClampedArray::create): - -2012-03-15 Myles Maxfield - - CopiedSpace::tryAllocateOversize assumes system page size - https://bugs.webkit.org/show_bug.cgi?id=80615 - - Reviewed by Geoffrey Garen. - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::tryAllocateOversize): - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::oversizeBlockFor): - * wtf/BumpPointerAllocator.h: - (WTF::BumpPointerPool::create): - * wtf/StdLibExtras.h: - (WTF::roundUpToMultipleOf): - -2012-03-15 Mark Hahnenberg - - Fixing Windows build breakage - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-15 Patrick Gansterer - - [EFL] Make zlib a general build requirement - https://bugs.webkit.org/show_bug.cgi?id=80153 - - Reviewed by Hajime Morita. - - After r109538 WebSocket module needs zlib to support deflate-frame extension. - - * wtf/Platform.h: - -2012-03-15 Benjamin Poulain - - NumericStrings should be inlined - https://bugs.webkit.org/show_bug.cgi?id=81183 - - Reviewed by Gavin Barraclough. - - NumericStrings is not always inlined. When it is not, the class is not faster - than using UString::number() directly. - - * runtime/NumericStrings.h: - (JSC::NumericStrings::add): - (JSC::NumericStrings::lookupSmallString): - -2012-03-15 Andras Becsi - - Fix ARM build after r110792. - - Unreviewed build fix. - - * jit/ExecutableAllocator.h: - (JSC::ExecutableAllocator::cacheFlush): - Remove superfluous curly brackets. - -2012-03-15 Gavin Barraclough - - ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single) - https://bugs.webkit.org/show_bug.cgi?id=81256 - - Reviewed by Oliver Hunt. - - This is a 0.5% sunspider progression. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::convertInt32ToDouble): - - switch which form of vmov we use. - -2012-03-15 YoungTaeck Song - - [EFL] Add OwnPtr specialization for Ecore_Timer. - https://bugs.webkit.org/show_bug.cgi?id=80119 - - Reviewed by Hajime Morita. - - Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port. - - * wtf/OwnPtrCommon.h: - (WTF): - * wtf/efl/OwnPtrEfl.cpp: - (WTF::deleteOwnedPtr): - (WTF): - -2012-03-15 Hojong Han - - Linux has madvise enough to support OSAllocator::commit/decommit - https://bugs.webkit.org/show_bug.cgi?id=80505 - - Reviewed by Geoffrey Garen. - - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveUncommitted): - (WTF::OSAllocator::commit): - (WTF::OSAllocator::decommit): - -2012-03-15 Steve Falkenburg - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: - * JavaScriptCore.vcproj/WTF/copy-files.cmd: - * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: - -2012-03-15 Steve Falkenburg - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: - -2012-03-15 Kevin Ollivier - - Move wx port to using export macros - https://bugs.webkit.org/show_bug.cgi?id=77279 - - Reviewed by Hajime Morita. - - * wscript: - * wtf/Platform.h: - -2012-03-14 Benjamin Poulain - - Avoid StringImpl::getData16SlowCase() when sorting array - https://bugs.webkit.org/show_bug.cgi?id=81070 - - Reviewed by Geoffrey Garen. - - The function codePointCompare() is used intensively when sorting strings. - This patch improves its performance by: - -Avoiding character conversion. - -Inlining the function. - - This makes Peacekeeper's arrayCombined test 30% faster. - - * wtf/text/StringImpl.cpp: - * wtf/text/StringImpl.h: - (WTF): - (WTF::codePointCompare): - (WTF::codePointCompare8): - (WTF::codePointCompare16): - (WTF::codePointCompare8To16): - -2012-03-14 Hojong Han - - Fix memory allocation failed by fastmalloc - https://bugs.webkit.org/show_bug.cgi?id=79614 - - Reviewed by Geoffrey Garen. - - Memory allocation failed even if the heap grows successfully. - It is wrong to get the span only from the large list after the heap grows, - because new span could be added in the normal list. - - * wtf/FastMalloc.cpp: - (WTF::TCMalloc_PageHeap::New): - -2012-03-14 Hojong Han - - Run cacheFlush page by page to assure of flushing all the requested ranges - https://bugs.webkit.org/show_bug.cgi?id=77712 - - Reviewed by Geoffrey Garen. - - Current MetaAllocator concept, always coalesces adjacent free spaces, - doesn't meet memory management of Linux kernel. - In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two. - Therefore cacheFlush page by page guarantees a flush-requested range. - - * jit/ExecutableAllocator.h: - (JSC::ExecutableAllocator::cacheFlush): - -2012-03-14 Oliver Hunt - - Make ARMv7 work again - https://bugs.webkit.org/show_bug.cgi?id=81157 - - Reviewed by Geoffrey Garen. - - We were trying to use the ARMv7 dataRegister as a scratch register in a scenario - where we the ARMv7MacroAssembler would also try to use dataRegister for its own - nefarious purposes. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::store32): - * assembler/MacroAssemblerARMv7.h: - (MacroAssemblerARMv7): - -2012-03-14 Mark Hahnenberg - - Heap::destroy leaks CopiedSpace - https://bugs.webkit.org/show_bug.cgi?id=81055 - - Reviewed by Geoffrey Garen. - - Added a destroy() function to CopiedSpace that moves all normal size - CopiedBlocks from the CopiedSpace to the Heap's list of free blocks - as well as deallocates all of the oversize blocks in the CopiedSpace. - This function is now called in Heap::destroy(). - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::destroy): - (JSC): - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/Heap.cpp: - (JSC::Heap::destroy): - -2012-03-14 Andrew Lo - - [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController - https://bugs.webkit.org/show_bug.cgi?id=81000 - - Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry. - - Reviewed by Antonio Gomes. - - * wtf/Platform.h: - -2012-03-13 Filip Pizlo - - ValueToInt32 speculation will cause OSR exits even when it does not have to - https://bugs.webkit.org/show_bug.cgi?id=81068 - - - Reviewed by Anders Carlsson. - - Two related changes: - 1) ValueToInt32 will now always just defer to the non-speculative path, instead - of exiting, if it doesn't know what speculations to perform. - 2) ValueToInt32 will speculate boolean if it sees this to be profitable. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateBoolean): - (Node): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileValueToInt32): - -2012-03-13 Mark Hahnenberg - - More Windows build fixing - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-13 Mark Hahnenberg - - Windows build fix - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-13 Mark Hahnenberg - - Type conversion of exponential part failed - https://bugs.webkit.org/show_bug.cgi?id=80673 - - Reviewed by Geoffrey Garen. - - * parser/Lexer.cpp: - (JSC::::lex): - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::parseInt): - (JSC): - (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not - we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template - parameter for strtod to allow trailing spaces. - (JSC::toDouble): - (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3). - * runtime/LiteralParser.cpp: - (JSC::::Lexer::lexNumber): - * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that - we will run ecma/TypeConversion/9.3.1-3.js as a regression test now. - * wtf/dtoa.cpp: - (WTF): - (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were - broken by changing the default allowance of trailing junk in jsStrDecimalLiteral. - * wtf/dtoa.h: - * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the - Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace. - A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those - here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed). - * wtf/text/WTFString.cpp: - (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff. - -2012-03-13 Filip Pizlo - - Unreviewed, build fix since is_pod<> includes some header that I didn't know about. - Removing the assert for now. - - * dfg/DFGOperations.h: - * llint/LLIntSlowPaths.h: - -2012-03-13 Filip Pizlo - - Functions with C linkage should return POD types - https://bugs.webkit.org/show_bug.cgi?id=81061 - - Reviewed by Mark Rowe. - - * dfg/DFGOperations.h: - * llint/LLIntSlowPaths.h: - (LLInt): - (SlowPathReturnType): - (JSC::LLInt::encodeResult): - -2012-03-13 Filip Pizlo - - Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary - https://bugs.webkit.org/show_bug.cgi?id=80979 - - - Reviewed by Oliver Hunt. - - Also improved DFG IR dumping to include type information in a somewhat more - intuitive way. - - * bytecode/PredictedType.cpp: - (JSC::predictionToAbbreviatedString): - (JSC): - * bytecode/PredictedType.h: - (JSC): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): - -2012-03-13 George Staikos - - The callback is only used if SA_RESTART is defined. Compile it out - otherwise to avoid a warning. - https://bugs.webkit.org/show_bug.cgi?id=80926 - - Reviewed by Alexey Proskuryakov. - - * heap/MachineStackMarker.cpp: - (JSC): - -2012-03-13 Hojong Han - - Dump the generated code for ARM_TRADITIONAL - https://bugs.webkit.org/show_bug.cgi?id=80975 - - Reviewed by Gavin Barraclough. - - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::dumpCode): - -2012-03-13 Adam Barth && Benjamin Poulain - - Always enable ENABLE(CLIENT_BASED_GEOLOCATION) - https://bugs.webkit.org/show_bug.cgi?id=78853 - - Reviewed by Adam Barth. - - * Configurations/FeatureDefines.xcconfig: - * wtf/Platform.h: - -2012-03-13 Kwonjin Jeong - - Remove SlotVisitor::copy() method. - https://bugs.webkit.org/show_bug.cgi?id=80973 - - Reviewed by Geoffrey Garen. - - SlotVisitor::copy() method isn't called anywhere. - - * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method. - * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method. - -2012-03-12 Hojong Han - - Fix test cases for RegExp multiline - https://bugs.webkit.org/show_bug.cgi?id=80822 - - Reviewed by Gavin Barraclough. - - * tests/mozilla/js1_2/regexp/RegExp_multiline.js: - * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js: - * tests/mozilla/js1_2/regexp/beginLine.js: - * tests/mozilla/js1_2/regexp/endLine.js: - -2012-03-12 Filip Pizlo - - Arithmetic use inference should be procedure-global and should run in tandem - with type propagation - https://bugs.webkit.org/show_bug.cgi?id=80819 - - - Reviewed by Gavin Barraclough. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed. - * dfg/DFGArithNodeFlagsInferencePhase.h: Removed. - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::isNotNegZero): - (PredictionPropagationPhase): - (JSC::DFG::PredictionPropagationPhase::isNotZero): - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::VariableAccessData): - (JSC::DFG::VariableAccessData::flags): - (VariableAccessData): - (JSC::DFG::VariableAccessData::mergeFlags): - -2012-03-12 Filip Pizlo - - Node::op and Node::flags should be private - https://bugs.webkit.org/show_bug.cgi?id=80824 - - - Reviewed by Gavin Barraclough. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::execute): - (JSC::DFG::AbstractState::mergeStateAtTail): - (JSC::DFG::AbstractState::mergeToSuccessors): - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction): - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::flushArgument): - (JSC::DFG::ByteCodeParser::toInt32): - (JSC::DFG::ByteCodeParser::isJSConstant): - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::processPhiStack): - (JSC::DFG::ByteCodeParser::linkBlock): - * dfg/DFGCFAPhase.cpp: - (JSC::DFG::CFAPhase::performBlockCFA): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::canonicalize): - (JSC::DFG::CSEPhase::endIndexForPureCSE): - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::byValIsPure): - (JSC::DFG::CSEPhase::clobbersWorld): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::globalVarLoadElimination): - (JSC::DFG::CSEPhase::getByValLoadElimination): - (JSC::DFG::CSEPhase::checkFunctionElimination): - (JSC::DFG::CSEPhase::checkStructureLoadElimination): - (JSC::DFG::CSEPhase::getByOffsetLoadElimination): - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getScopeChainLoadElimination): - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - (DFG): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::addShouldSpeculateInteger): - (JSC::DFG::Graph::negateShouldSpeculateInteger): - (JSC::DFG::Graph::methodOfGettingAValueProfileFor): - * dfg/DFGNode.cpp: Removed. - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::Node::Node): - (Node): - (JSC::DFG::Node::op): - (JSC::DFG::Node::flags): - (JSC::DFG::Node::setOp): - (JSC::DFG::Node::setFlags): - (JSC::DFG::Node::mergeFlags): - (JSC::DFG::Node::filterFlags): - (JSC::DFG::Node::clearFlags): - (JSC::DFG::Node::setOpAndDefaultFlags): - (JSC::DFG::Node::mustGenerate): - (JSC::DFG::Node::isConstant): - (JSC::DFG::Node::isWeakConstant): - (JSC::DFG::Node::valueOfJSConstant): - (JSC::DFG::Node::hasVariableAccessData): - (JSC::DFG::Node::hasIdentifier): - (JSC::DFG::Node::resolveGlobalDataIndex): - (JSC::DFG::Node::hasArithNodeFlags): - (JSC::DFG::Node::arithNodeFlags): - (JSC::DFG::Node::setArithNodeFlag): - (JSC::DFG::Node::mergeArithNodeFlags): - (JSC::DFG::Node::hasConstantBuffer): - (JSC::DFG::Node::hasRegexpIndex): - (JSC::DFG::Node::hasVarNumber): - (JSC::DFG::Node::hasScopeChainDepth): - (JSC::DFG::Node::hasResult): - (JSC::DFG::Node::hasInt32Result): - (JSC::DFG::Node::hasNumberResult): - (JSC::DFG::Node::hasJSResult): - (JSC::DFG::Node::hasBooleanResult): - (JSC::DFG::Node::isJump): - (JSC::DFG::Node::isBranch): - (JSC::DFG::Node::isTerminal): - (JSC::DFG::Node::hasHeapPrediction): - (JSC::DFG::Node::hasFunctionCheckData): - (JSC::DFG::Node::hasStructureTransitionData): - (JSC::DFG::Node::hasStructureSet): - (JSC::DFG::Node::hasStorageAccessData): - (JSC::DFG::Node::hasFunctionDeclIndex): - (JSC::DFG::Node::hasFunctionExprIndex): - (JSC::DFG::Node::child1): - (JSC::DFG::Node::child2): - (JSC::DFG::Node::child3): - (JSC::DFG::Node::firstChild): - (JSC::DFG::Node::numChildren): - * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp. - * dfg/DFGNodeFlags.h: Added. - (DFG): - (JSC::DFG::nodeUsedAsNumber): - (JSC::DFG::nodeCanTruncateInteger): - (JSC::DFG::nodeCanIgnoreNegativeZero): - (JSC::DFG::nodeMayOverflow): - (JSC::DFG::nodeCanSpeculateInteger): - * dfg/DFGNodeType.h: Added. - (DFG): - (JSC::DFG::defaultFlags): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::vote): - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): - (JSC::DFG::PredictionPropagationPhase::fixupNode): - * dfg/DFGRedundantPhiEliminationPhase.cpp: - (JSC::DFG::RedundantPhiEliminationPhase::run): - (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild): - (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::useChildren): - (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): - (JSC::DFG::SpeculativeJIT::compileMovHint): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compileAdd): - (JSC::DFG::SpeculativeJIT::compare): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-03-12 Laszlo Gombos - - Minor DataLog fixes - https://bugs.webkit.org/show_bug.cgi?id=80826 - - Reviewed by Andreas Kling. - - * bytecode/ExecutionCounter.cpp: - Do not include DataLog.h, it is not used. - - * jit/ExecutableAllocator.cpp: - Ditto. - - * wtf/DataLog.cpp: - (WTF::initializeLogFileOnce): - Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined. - - * wtf/HashTable.cpp: - Include DataLog as it is used. - -2012-03-12 SangGyu Lee - - Integer overflow check code in arithmetic operation in classic interpreter - https://bugs.webkit.org/show_bug.cgi?id=80465 - - Reviewed by Gavin Barraclough. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - -2012-03-12 Zeno Albisser - - [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863) - https://bugs.webkit.org/show_bug.cgi?id=80827 - - Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT. - - Reviewed by Simon Hausmann. - - * wtf/Platform.h: - -2012-03-12 Simon Hausmann - - Unreviewed prospective Qt/Mac build fix - - * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine - whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData - constructor. - -2012-03-12 Filip Pizlo - - All DFG nodes should have a mutable set of flags - https://bugs.webkit.org/show_bug.cgi?id=80779 - - - Reviewed by Gavin Barraclough. - - Got rid of NodeId, and placed all of the flags that distinguished NodeId - from NodeType into a separate Node::flags field. Combined what was previously - ArithNodeFlags into Node::flags. - - In the process of debugging, I found that the debug support in the virtual - register allocator was lacking, so I improved it. I also realized that the - virtual register allocator was assuming that the nodes in a basic block were - contiguous, which is no longer the case. So I fixed that. The fix also made - it natural to have more extreme assertions, so I added them. I suspect this - will make it easier to catch virtual register allocation bugs in the future. - - This is mostly performance neutral; if anything it looks like a slight - speed-up. - - This patch does leave some work for future refactorings; for example, Node::op - is unencapsulated. This was already the case, though now it feels even more - like it should be. I avoided doing that because this patch has already grown - way bigger than I wanted. - - Finally, this patch creates a DFGNode.cpp file and makes a slight effort to - move some unnecessarily inline stuff out of DFGNode.h. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::addToGraph): - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleMinMax): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCFAPhase.cpp: - (JSC::DFG::CFAPhase::performBlockCFA): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::endIndexForPureCSE): - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::clobbersWorld): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::setReplacement): - (JSC::DFG::CSEPhase::eliminate): - (JSC::DFG::CSEPhase::performNodeCSE): - (JSC::DFG::CSEPhase::performBlockCSE): - (CSEPhase): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::opName): - (JSC::DFG::Graph::dump): - (DFG): - * dfg/DFGNode.cpp: Added. - (DFG): - (JSC::DFG::arithNodeFlagsAsString): - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::nodeUsedAsNumber): - (JSC::DFG::nodeCanTruncateInteger): - (JSC::DFG::nodeCanIgnoreNegativeZero): - (JSC::DFG::nodeMayOverflow): - (JSC::DFG::nodeCanSpeculateInteger): - (JSC::DFG::defaultFlags): - (JSC::DFG::Node::Node): - (Node): - (JSC::DFG::Node::setOpAndDefaultFlags): - (JSC::DFG::Node::mustGenerate): - (JSC::DFG::Node::arithNodeFlags): - (JSC::DFG::Node::setArithNodeFlag): - (JSC::DFG::Node::mergeArithNodeFlags): - (JSC::DFG::Node::hasResult): - (JSC::DFG::Node::hasInt32Result): - (JSC::DFG::Node::hasNumberResult): - (JSC::DFG::Node::hasJSResult): - (JSC::DFG::Node::hasBooleanResult): - (JSC::DFG::Node::isJump): - (JSC::DFG::Node::isBranch): - (JSC::DFG::Node::isTerminal): - (JSC::DFG::Node::child1): - (JSC::DFG::Node::child2): - (JSC::DFG::Node::child3): - (JSC::DFG::Node::firstChild): - (JSC::DFG::Node::numChildren): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::vote): - (JSC::DFG::PredictionPropagationPhase::fixupNode): - * dfg/DFGScoreBoard.h: - (ScoreBoard): - (JSC::DFG::ScoreBoard::~ScoreBoard): - (JSC::DFG::ScoreBoard::assertClear): - (JSC::DFG::ScoreBoard::use): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::useChildren): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-03-10 Filip Pizlo - - LLInt should support JSVALUE64 - https://bugs.webkit.org/show_bug.cgi?id=79609 - - - Reviewed by Gavin Barraclough and Oliver Hunt. - - Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This - patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common - file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be - specialized for value representation. - - Also made some minor changes to offlineasm and the slow-paths. - - * llint/LLIntData.cpp: - (JSC::LLInt::Data::performAssertions): - * llint/LLIntEntrypoints.cpp: - * llint/LLIntSlowPaths.cpp: - (LLInt): - (JSC::LLInt::llint_trace_value): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::jitCompileAndSetHeuristics): - * llint/LLIntSlowPaths.h: - (LLInt): - (SlowPathReturnType): - (JSC::LLInt::SlowPathReturnType::SlowPathReturnType): - (JSC::LLInt::encodeResult): - * llint/LLIntThunks.cpp: - * llint/LowLevelInterpreter.asm: - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - * offlineasm/armv7.rb: - * offlineasm/asm.rb: - * offlineasm/ast.rb: - * offlineasm/backends.rb: - * offlineasm/instructions.rb: - * offlineasm/parser.rb: - * offlineasm/registers.rb: - * offlineasm/transform.rb: - * offlineasm/x86.rb: - * wtf/Platform.h: - -2012-03-10 Yong Li - - Web Worker crashes with WX_EXCLUSIVE - https://bugs.webkit.org/show_bug.cgi?id=80532 - - Let each JS global object own a meta allocator - for WX_EXCLUSIVE to avoid conflicts from Web Worker. - Also fix a mutex leak in MetaAllocator's dtor. - - Reviewed by Filip Pizlo. - - * jit/ExecutableAllocator.cpp: - (JSC::DemandExecutableAllocator::DemandExecutableAllocator): - (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): - (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): - (DemandExecutableAllocator): - (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): - (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): - (JSC::DemandExecutableAllocator::allocateNewSpace): - (JSC::DemandExecutableAllocator::allocators): - (JSC::DemandExecutableAllocator::allocatorsMutex): - (JSC): - (JSC::ExecutableAllocator::initializeAllocator): - (JSC::ExecutableAllocator::ExecutableAllocator): - (JSC::ExecutableAllocator::underMemoryPressure): - (JSC::ExecutableAllocator::memoryPressureMultiplier): - (JSC::ExecutableAllocator::allocate): - (JSC::ExecutableAllocator::committedByteCount): - (JSC::ExecutableAllocator::dumpProfile): - * jit/ExecutableAllocator.h: - (JSC): - (ExecutableAllocator): - (JSC::ExecutableAllocator::allocator): - * wtf/MetaAllocator.h: - (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock. - * wtf/TCSpinLock.h: - (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations. - -2012-03-09 Gavin Barraclough - - Object.freeze broken on latest Nightly - https://bugs.webkit.org/show_bug.cgi?id=80577 - - Reviewed by Oliver Hunt. - - The problem here is that deleteProperty rejects deletion of prototype. - This is correct in most cases, however defineOwnPropery is presently - implemented internally to ensure the attributes change by deleting the - old property, and creating a new one. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::deleteProperty): - - If deletePropery is called via defineOwnPropery, allow old prototype to be removed. - -2012-03-09 Gavin Barraclough - - Array.prototype.toLocaleString visits elements in wrong order under certain conditions - https://bugs.webkit.org/show_bug.cgi?id=80663 - - Reviewed by Michael Saboff. - - The bug here is actually that we're continuing to process the array after an exception - has been thrown, and that the second value throw is overriding the first. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToLocaleString): - -2012-03-09 Ryosuke Niwa - - WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html - https://bugs.webkit.org/show_bug.cgi?id=80080 - - Reviewed by Filip Pizlo. - - * bytecode/SamplingTool.cpp: - (JSC::SamplingRegion::Locker::Locker): - (JSC::SamplingRegion::Locker::~Locker): - * bytecode/SamplingTool.h: - (JSC::SamplingRegion::exchangeCurrent): - * wtf/Atomics.h: - (WTF): - (WTF::weakCompareAndSwap): - (WTF::weakCompareAndSwapUIntPtr): - -2012-03-09 Gavin Barraclough - - REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN - https://bugs.webkit.org/show_bug.cgi?id=49989 - - Reviewed by Oliver Hunt. - - Patch originally by chris reiss , - allow the year to appear before the timezone in date strings. - - * wtf/DateMath.cpp: - (WTF::parseDateFromNullTerminatedCharacters): - -2012-03-09 Mark Rowe - - Ensure that the WTF headers are copied at installhdrs time. - - Reviewed by Dan Bernstein and Jessie Berlin. - - * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES - so that our script phases are invoked at installhdrs time. The only one that - does any useful work at that time is the one that installs WTF headers. - -2012-03-09 Jon Lee - - Add support for ENABLE(LEGACY_NOTIFICATIONS) - https://bugs.webkit.org/show_bug.cgi?id=80497 - - Reviewed by Adam Barth. - - Prep for b80472: Update API for Web Notifications - * Configurations/FeatureDefines.xcconfig: - -2012-03-09 Ashod Nakashian - - Bash scripts should support LF endings only - https://bugs.webkit.org/show_bug.cgi?id=79509 - - Reviewed by David Kilzer. - - * gyp/generate-derived-sources.sh: Added property svn:eol-style. - * gyp/run-if-exists.sh: Added property svn:eol-style. - * gyp/update-info-plist.sh: Added property svn:eol-style. - -2012-03-09 Jessie Berlin - - Windows debug build fix. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::shouldBlind): - Fix unreachable code warnings (which we treat as errors). - -2012-03-09 Thouraya ANDOLSI - - Reviewed by Zoltan Herczeg. - - [Qt] Fix the SH4 build after r109834 - https://bugs.webkit.org/show_bug.cgi?id=80492 - - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::branchAdd32): - (JSC::MacroAssemblerSH4::branchSub32): - -2012-03-09 Andy Wingo - - Refactor code feature analysis in the parser - https://bugs.webkit.org/show_bug.cgi?id=79112 - - Reviewed by Geoffrey Garen. - - This commit refactors the parser to more uniformly propagate flag - bits down and up the parse process, as the parser descends and - returns into nested blocks. Some flags get passed town to - subscopes, some apply to specific scopes only, and some get - unioned up after parsing subscopes. - - The goal is to eventually be very precise with scoping - information, once we have block scopes: one block scope might use - `eval', which would require the emission of a symbol table within - that block and containing blocks, whereas another block in the - same function might not, allowing us to not emit a symbol table. - - * parser/Nodes.h: - (JSC::ScopeFlags): Rename from CodeFeatures. - (JSC::ScopeNode::addScopeFlags): - (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags. - (JSC::ScopeNode::isStrictMode): - (JSC::ScopeNode::usesEval): - (JSC::ScopeNode::usesArguments): - (JSC::ScopeNode::setUsesArguments): - (JSC::ScopeNode::usesThis): - (JSC::ScopeNode::needsActivationForMoreThanVariables): - (JSC::ScopeNode::needsActivation): Refactor these accessors to - operate on the m_scopeFlags member. - (JSC::ScopeNode::source): - (JSC::ScopeNode::sourceURL): - (JSC::ScopeNode::sourceID): Shuffle these definitions around; no - semantic change. - (JSC::ScopeNode::ScopeNode) - (JSC::ProgramNode::ProgramNode) - (JSC::EvalNode::EvalNode) - (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors - take a ScopeFlags as an argument, instead of a bool inStrictContext. - - * parser/Nodes.cpp: - (JSC::ScopeNode::ScopeNode): - (JSC::ProgramNode::ProgramNode): - (JSC::ProgramNode::create): - (JSC::EvalNode::EvalNode): - (JSC::EvalNode::create): - (JSC::FunctionBodyNode::FunctionBodyNode): - (JSC::FunctionBodyNode::create): Adapt constructors to change. - - * parser/ASTBuilder.h: - (JSC::ASTBuilder::ASTBuilder): - (JSC::ASTBuilder::thisExpr): - (JSC::ASTBuilder::createResolve): - (JSC::ASTBuilder::createFunctionBody): - (JSC::ASTBuilder::createFuncDeclStatement): - (JSC::ASTBuilder::createTryStatement): - (JSC::ASTBuilder::createWithStatement): - (JSC::ASTBuilder::addVar): - (JSC::ASTBuilder::Scope::Scope): - (Scope): - (ASTBuilder): - (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope - features here. Instead rely on the base Parser mechanism to track - features. - - * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags". - - * parser/Parser.h: - (JSC::Scope::Scope): Manage scope through flags, not - bit-booleans. This lets us uniformly propagate them up and down. - (JSC::Scope::declareWrite): - (JSC::Scope::declareParameter): - (JSC::Scope::useVariable): - (JSC::Scope::collectFreeVariables): - (JSC::Scope::getCapturedVariables): - (JSC::Scope::saveFunctionInfo): - (JSC::Scope::restoreFunctionInfo): - (JSC::Parser::pushScope): Adapt to use scope flags and their - accessors instead of bit-booleans. - * parser/Parser.cpp: - (JSC::::Parser): - (JSC::::parseInner): - (JSC::::didFinishParsing): - (JSC::::parseSourceElements): - (JSC::::parseVarDeclarationList): - (JSC::::parseConstDeclarationList): - (JSC::::parseWithStatement): - (JSC::::parseTryStatement): - (JSC::::parseFunctionBody): - (JSC::::parseFunctionInfo): - (JSC::::parseFunctionDeclaration): - (JSC::::parsePrimaryExpression): Hoist some of the flag handling - out of the "context" (ASTBuilder or SyntaxChecker) and to here. - Does not seem to have a performance impact. - - * parser/SourceProviderCacheItem.h (SourceProviderCacheItem): - Cache the scopeflags. - * parser/SyntaxChecker.h: Remove evalCount() decl. - - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::produceCodeBlockFor): - * runtime/Executable.h: - (JSC::ScriptExecutable::ScriptExecutable): - (JSC::ScriptExecutable::usesEval): - (JSC::ScriptExecutable::usesArguments): - (JSC::ScriptExecutable::needsActivation): - (JSC::ScriptExecutable::isStrictMode): - (JSC::ScriptExecutable::recordParse): - (ScriptExecutable): ScopeFlags, not features. - -2012-03-08 Benjamin Poulain - - Build fix for MSVC after r110266 - - Unreviewed. A #ifdef for MSVC was left over in r110266. - - * runtime/RegExpObject.h: - (RegExpObject): - -2012-03-08 Benjamin Poulain - - Allocate the RegExpObject's data with the Cell - https://bugs.webkit.org/show_bug.cgi?id=80654 - - Reviewed by Gavin Barraclough. - - This patch removes the creation of RegExpObject's data to avoid the overhead - create by the allocation and destruction. - - We RegExp are created repeatedly, this provides some performance improvment. - The PeaceKeeper test stringDetectBrowser improves by 10%. - - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::RegExpObject): - (JSC::RegExpObject::visitChildren): - (JSC::RegExpObject::getOwnPropertyDescriptor): - (JSC::RegExpObject::defineOwnProperty): - (JSC::RegExpObject::match): - * runtime/RegExpObject.h: - (JSC::RegExpObject::setRegExp): - (JSC::RegExpObject::regExp): - (JSC::RegExpObject::setLastIndex): - (JSC::RegExpObject::getLastIndex): - (RegExpObject): - -2012-03-08 Steve Falkenburg - - Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build - https://bugs.webkit.org/show_bug.cgi?id=80657 - - Preparation for WTF separation from JavaScriptCore. - The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct - dependencies for generated files. - - This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization - versions of the WTF code independent of the JavaScriptCore code. - - Reviewed by Jessie Berlin. - - * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts. - * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts. - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts. - * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed. - * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects. - * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF. - * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make. - * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj. - * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops. - * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh. - * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd. - * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py. - -2012-03-08 Benjamin Poulain - - Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf - https://bugs.webkit.org/show_bug.cgi?id=80652 - - Reviewed by Eric Seidel. - - Fix the header, URLSegments.h is not part of the API. - - * wtf/url/api/ParsedURL.h: - -2012-03-08 Ryosuke Niwa - - Mac build fix for micro data API. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-08 Gavin Barraclough - - String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10 - https://bugs.webkit.org/show_bug.cgi?id=26890 - - Reviewed by Oliver Hunt. - - Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingRegExpSearch): - (JSC::stringProtoFuncMatch): - - added calls to setLastIndex. - -2012-03-08 Matt Lilek - - Don't enable VIDEO_TRACK on all OS X platforms - https://bugs.webkit.org/show_bug.cgi?id=80635 - - Reviewed by Eric Carlson. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-08 Oliver Hunt - - Build fix. That day is not today. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::shouldBlind): - * assembler/MacroAssemblerX86Common.h: - (MacroAssemblerX86Common): - (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): - -2012-03-08 Oliver Hunt - - Build fix. One of these days I'll manage to commit something that works everywhere. - - * assembler/AbstractMacroAssembler.h: - (AbstractMacroAssembler): - * assembler/MacroAssemblerARMv7.h: - (MacroAssemblerARMv7): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): - (MacroAssemblerX86Common): - -2012-03-08 Chao-ying Fu - - Update MIPS patchOffsetGetByIdSlowCaseCall - https://bugs.webkit.org/show_bug.cgi?id=80302 - - Reviewed by Oliver Hunt. - - * jit/JIT.h: - (JIT): - -2012-03-08 Oliver Hunt - - Missing some places where we should be blinding 64bit values (and blinding something we shouldn't) - https://bugs.webkit.org/show_bug.cgi?id=80633 - - Reviewed by Gavin Barraclough. - - Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind - if there isn't a machine specific implementation (otherwise the 64bit value - got truncated and 32bit checks were used -- leaving 32bits untested). - Also add a bit of logic to ensure that we don't try to blind a few common - constants that go through the ImmPtr paths -- encoded numeric JSValues and - unencoded doubles with common "safe" values. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch): - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::shouldBlindDouble): - (MacroAssembler): - (JSC::MacroAssembler::shouldBlind): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): - -2012-03-08 Mark Rowe - - Ensure that the staged frameworks path is in the search path for JavaScriptCore - - Reviewed by Dan Bernstein. - - * Configurations/Base.xcconfig: - -2012-03-08 Steve Falkenburg - - Fix line endings for copy-files.cmd. - - If a cmd file doesn't have Windows line endings, it doesn't work properly. - In this case, the label :clean wasn't found, breaking the clean build. - - Reviewed by Jessie Berlin. - - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - -2012-03-07 Filip Pizlo - - DFG CFA incorrectly handles ValueToInt32 - https://bugs.webkit.org/show_bug.cgi?id=80568 - - Reviewed by Gavin Barraclough. - - Changed it match exactly the decision pattern used in - DFG::SpeculativeJIT::compileValueToInt32 - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - -2012-03-08 Viatcheslav Ostapenko - - [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared - https://bugs.webkit.org/show_bug.cgi?id=80524 - - Reviewed by Simon Hausmann. - - Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking - of WTF library. - - * runtime/Identifier.cpp: - * wtf/WTFThreadData.cpp: - (JSC): - (JSC::IdentifierTable::~IdentifierTable): - (JSC::IdentifierTable::add): - -2012-03-08 Filip Pizlo - - DFG instruction count threshold should be lifted to 10000 - https://bugs.webkit.org/show_bug.cgi?id=80579 - - Reviewed by Gavin Barraclough. - - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - -2012-03-07 Filip Pizlo - - Incorrect tracking of abstract values of variables forced double - https://bugs.webkit.org/show_bug.cgi?id=80566 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::mergeStateAtTail): - -2012-03-07 Chao-yng Fu - - [Qt] Fix the MIPS/SH4 build after r109834 - https://bugs.webkit.org/show_bug.cgi?id=80492 - - Reviewed by Oliver Hunt. - - Implement three-argument branch(Add,Sub)32. - - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::add32): - (MacroAssemblerMIPS): - (JSC::MacroAssemblerMIPS::sub32): - (JSC::MacroAssemblerMIPS::branchAdd32): - (JSC::MacroAssemblerMIPS::branchSub32): - -2012-03-07 Sheriff Bot - - Unreviewed, rolling out r110127. - http://trac.webkit.org/changeset/110127 - https://bugs.webkit.org/show_bug.cgi?id=80562 - - compile failed on AppleWin (Requested by ukai on #webkit). - - * heap/Heap.cpp: - (JSC::Heap::collectAllGarbage): - * heap/Heap.h: - (JSC): - (Heap): - * runtime/Executable.cpp: - (JSC::FunctionExecutable::FunctionExecutable): - (JSC::FunctionExecutable::finalize): - * runtime/Executable.h: - (FunctionExecutable): - (JSC::FunctionExecutable::create): - * runtime/JSGlobalData.cpp: - (WTF): - (Recompiler): - (WTF::Recompiler::operator()): - (JSC::JSGlobalData::recompileAllJSFunctions): - (JSC): - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/JSGlobalObject.cpp: - (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): - -2012-03-07 Hojong Han - - The end atom of the marked block considered to filter invalid cells - https://bugs.webkit.org/show_bug.cgi?id=79191 - - Reviewed by Geoffrey Garen. - - Register file could have stale pointers beyond the end atom of marked block. - Those pointers can weasel out of filtering in-middle-of-cell pointer. - - * heap/MarkedBlock.h: - (JSC::MarkedBlock::isLiveCell): - -2012-03-07 Jessie Berlin - - Clean Windows build fails after r110033 - https://bugs.webkit.org/show_bug.cgi?id=80553 - - Rubber-stamped by Jon Honeycutt and Eric Seidel. - - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - Place the implementation files next to their header files in the wtf/text subdirectory. - Use echo -F to tell xcopy that these are files (since there is apparently no flag). - * JavaScriptCore.vcproj/jsc/jsc.vcproj: - Update the path to those implementation files. - * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: - Ditto. - -2012-03-07 Yuqiang Xian - - Eliminate redundant Phis in DFG - https://bugs.webkit.org/show_bug.cgi?id=80415 - - Reviewed by Filip Pizlo. - - Although this may not have any advantage at current stage, this is towards - minimal SSA to make more high level optimizations (like bug 76770) easier. - We have the choices either to build minimal SSA from scratch or to - keep current simple Phi insertion mechanism and remove the redundancy - in another phase. Currently we choose the latter because the change - could be smaller. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGRedundantPhiEliminationPhase.cpp: Added. - (DFG): - (RedundantPhiEliminationPhase): - (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase): - (JSC::DFG::RedundantPhiEliminationPhase::run): - (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement): - (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild): - (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis): - (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation): - (JSC::DFG::performRedundantPhiElimination): - * dfg/DFGRedundantPhiEliminationPhase.h: Added. - (DFG): - -2012-03-07 Mark Hahnenberg - - Refactor recompileAllJSFunctions() to be less expensive - https://bugs.webkit.org/show_bug.cgi?id=80330 - - Reviewed by Geoffrey Garen. - - This change is performance neutral on the JS benchmarks we track. It's mostly to improve page - load performance, which currently does at least a couple full GCs per navigation. - - * heap/Heap.cpp: - (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode - because the function doesn't actually recompile anything (and never did); it simply throws code - away for it to be recompiled later if we determine we should do so. - (JSC): - (JSC::Heap::collectAllGarbage): - (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list. - (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list. - * heap/Heap.h: - (JSC): - (Heap): - * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can - be used in DoublyLinkedLists. - (JSC::FunctionExecutable::FunctionExecutable): - (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list. - * runtime/Executable.h: - (FunctionExecutable): - (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list. - * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage - the list of FunctionExecutables. - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/JSGlobalObject.cpp: - (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode. - -2012-03-06 Oliver Hunt - - Further harden 64-bit JIT - https://bugs.webkit.org/show_bug.cgi?id=80457 - - Reviewed by Filip Pizlo. - - This patch implements blinding for ImmPtr. Rather than xor based blinding - we perform randomised pointer rotations in order to avoid the significant - cost in executable memory that would otherwise be necessary (and to avoid - the need for an additional scratch register in some cases). - - As with the prior blinding patch there's a moderate amount of noise as we - correct the use of ImmPtr vs. TrustedImmPtr. - - * assembler/AbstractMacroAssembler.h: - (ImmPtr): - (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr): - * assembler/MacroAssembler.h: - (MacroAssembler): - (JSC::MacroAssembler::storePtr): - (JSC::MacroAssembler::branchPtr): - (JSC::MacroAssembler::shouldBlind): - (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr): - (RotatedImmPtr): - (JSC::MacroAssembler::rotationBlindConstant): - (JSC::MacroAssembler::loadRotationBlindedConstant): - (JSC::MacroAssembler::convertInt32ToDouble): - (JSC::MacroAssembler::move): - (JSC::MacroAssembler::poke): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::storeDouble): - (JSC::MacroAssemblerARMv7::branchAdd32): - * assembler/MacroAssemblerX86_64.h: - (MacroAssemblerX86_64): - (JSC::MacroAssemblerX86_64::rotateRightPtr): - (JSC::MacroAssemblerX86_64::xorPtr): - * assembler/X86Assembler.h: - (X86Assembler): - (JSC::X86Assembler::xorq_rm): - (JSC::X86Assembler::rorq_i8r): - * dfg/DFGCCallHelpers.h: - (CCallHelpers): - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::createOSREntries): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::silentFillGPR): - (JSC::DFG::SpeculativeJIT::callOperation): - (JSC::DFG::SpeculativeJIT::emitEdgeCode): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillInteger): - (JSC::DFG::SpeculativeJIT::fillDouble): - (JSC::DFG::SpeculativeJIT::fillJSValue): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitBranch): - * jit/JIT.cpp: - (JSC::JIT::emitOptimizationCheck): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emitSlow_op_post_inc): - * jit/JITInlineMethods.h: - (JSC::JIT::emitValueProfilingSite): - (JSC::JIT::emitGetVirtualRegister): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_mov): - (JSC::JIT::emit_op_new_object): - (JSC::JIT::emit_op_strcat): - (JSC::JIT::emit_op_ensure_property_exists): - (JSC::JIT::emit_op_resolve_skip): - (JSC::JIT::emitSlow_op_resolve_global): - (JSC::JIT::emit_op_resolve_with_base): - (JSC::JIT::emit_op_resolve_with_this): - (JSC::JIT::emit_op_jmp_scopes): - (JSC::JIT::emit_op_switch_imm): - (JSC::JIT::emit_op_switch_char): - (JSC::JIT::emit_op_switch_string): - (JSC::JIT::emit_op_throw_reference_error): - (JSC::JIT::emit_op_debug): - (JSC::JIT::emitSlow_op_resolve_global_dynamic): - (JSC::JIT::emit_op_new_array): - (JSC::JIT::emitSlow_op_new_array): - (JSC::JIT::emit_op_new_array_buffer): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_new_object): - (JSC::JIT::emit_op_strcat): - (JSC::JIT::emit_op_ensure_property_exists): - (JSC::JIT::emit_op_resolve_skip): - (JSC::JIT::emitSlow_op_resolve_global): - (JSC::JIT::emit_op_resolve_with_base): - (JSC::JIT::emit_op_resolve_with_this): - (JSC::JIT::emit_op_jmp_scopes): - (JSC::JIT::emit_op_switch_imm): - (JSC::JIT::emit_op_switch_char): - (JSC::JIT::emit_op_switch_string): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::emit_op_put_by_index): - * jit/JITStubCall.h: - (JITStubCall): - (JSC::JITStubCall::addArgument): - -2012-03-07 Simon Hausmann - - ARM build fix. - - Reviewed by Zoltan Herczeg. - - Implement three-argument branch(Add,Sub)32. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::add32): - (MacroAssemblerARM): - (JSC::MacroAssemblerARM::sub32): - (JSC::MacroAssemblerARM::branchAdd32): - (JSC::MacroAssemblerARM::branchSub32): - -2012-03-07 Andy Wingo - - Parser: Inline ScopeNodeData into ScopeNode - https://bugs.webkit.org/show_bug.cgi?id=79776 - - Reviewed by Geoffrey Garen. - - It used to be that some ScopeNode members were kept in a separate - structure because sometimes they wouldn't be needed, and - allocating a ParserArena was expensive. This patch makes - ParserArena lazily allocate its IdentifierArena, allowing the - members to be included directly, which is simpler and easier to - reason about. - - * parser/ParserArena.cpp: - (JSC::ParserArena::ParserArena): - (JSC::ParserArena::reset): - (JSC::ParserArena::isEmpty): - * parser/ParserArena.h: - (JSC::ParserArena::identifierArena): Lazily allocate the - IdentifierArena. - - * parser/Nodes.cpp: - (JSC::ScopeNode::ScopeNode): - (JSC::ScopeNode::singleStatement): - (JSC::ProgramNode::create): - (JSC::EvalNode::create): - (JSC::FunctionBodyNode::create): - * parser/Nodes.h: - (JSC::ScopeNode::destroyData): - (JSC::ScopeNode::needsActivationForMoreThanVariables): - (JSC::ScopeNode::needsActivation): - (JSC::ScopeNode::hasCapturedVariables): - (JSC::ScopeNode::capturedVariableCount): - (JSC::ScopeNode::captures): - (JSC::ScopeNode::varStack): - (JSC::ScopeNode::functionStack): - (JSC::ScopeNode::neededConstants): - (ScopeNode): - * bytecompiler/NodesCodegen.cpp: - (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData - into ScopeNode. Adapt accessors. - -2012-03-06 Eric Seidel - - Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf - https://bugs.webkit.org/show_bug.cgi?id=80363 - - Reviewed by Mark Rowe. - - Historically WTF has been part of JavaScriptCore, and on Mac and Windows - its headers have appeared as part of the "private" headers exported by - JavaScriptCore. All of the WTF headers there are "flattened" into a single - private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders" - to re-map fully-qualified includes to simple includes. - - However, very soon, we are moving the WTF source code out of JavaScriptCore into its - own directory and project. As part of such, the WTF headers will no longer be part of - the JavaScriptCore private interfaces. - In preparation for that, this change makes both the Mac and Win builds export - WTF headers in a non-flattened manner. On Mac, that means into usr/local/include/wtf - (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories). - - There are 5 parts to this change. - 1. Updates the JavaScriptCore XCode and VCProj files to actually install these headers - (and header directories) into the appropriate places in the build directory. - 2. Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location - (WebCore, WebKit, etc. had already been taught to look in previous patches). - 3. Fixes all JavaScriptCore source files, and WTF headers to include WTF headers - using fully qualified paths. - 4. Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location. - 5. Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist. - - Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant. - It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF - headers, those will have to be updated to use after this change. - I've discussed this proposed change at length with Mark Rowe, and my understanding is they - are ready for (and interested in) this change happening. - - * API/tests/JSNode.c: - * API/tests/JSNodeList.c: - * Configurations/Base.xcconfig: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * assembler/MacroAssemblerCodeRef.h: - * bytecompiler/BytecodeGenerator.h: - * dfg/DFGOperations.cpp: - * heap/GCAssertions.h: - * heap/HandleHeap.h: - * heap/HandleStack.h: - * heap/MarkedSpace.h: - * heap/PassWeak.h: - * heap/Strong.h: - * heap/Weak.h: - * jit/HostCallReturnValue.cpp: - * jit/JIT.cpp: - * jit/JITStubs.cpp: - * jit/ThunkGenerators.cpp: - * parser/Lexer.cpp: - * runtime/Completion.cpp: - * runtime/Executable.cpp: - * runtime/Identifier.h: - * runtime/InitializeThreading.cpp: - * runtime/JSDateMath.cpp: - * runtime/JSGlobalObjectFunctions.cpp: - * runtime/JSStringBuilder.h: - * runtime/JSVariableObject.h: - * runtime/NumberPrototype.cpp: - * runtime/WriteBarrier.h: - * tools/CodeProfile.cpp: - * tools/TieredMMapArray.h: - * wtf/AVLTree.h: - * wtf/Alignment.h: - * wtf/AlwaysInline.h: - * wtf/ArrayBufferView.h: - * wtf/Assertions.h: - * wtf/Atomics.h: - * wtf/Bitmap.h: - * wtf/BoundsCheckedPointer.h: - * wtf/CheckedArithmetic.h: - * wtf/Deque.h: - * wtf/ExportMacros.h: - * wtf/FastAllocBase.h: - * wtf/FastMalloc.h: - * wtf/Float32Array.h: - * wtf/Float64Array.h: - * wtf/Functional.h: - * wtf/HashCountedSet.h: - * wtf/HashFunctions.h: - * wtf/HashMap.h: - * wtf/HashSet.h: - * wtf/HashTable.h: - * wtf/HashTraits.h: - * wtf/Int16Array.h: - * wtf/Int32Array.h: - * wtf/Int8Array.h: - * wtf/IntegralTypedArrayBase.h: - * wtf/ListHashSet.h: - * wtf/MainThread.h: - * wtf/MetaAllocator.h: - * wtf/Noncopyable.h: - * wtf/OwnArrayPtr.h: - * wtf/OwnPtr.h: - * wtf/PackedIntVector.h: - * wtf/ParallelJobs.h: - * wtf/PassOwnArrayPtr.h: - * wtf/PassOwnPtr.h: - * wtf/PassRefPtr.h: - * wtf/PassTraits.h: - * wtf/Platform.h: - * wtf/PossiblyNull.h: - * wtf/RefCounted.h: - * wtf/RefCountedLeakCounter.h: - * wtf/RefPtr.h: - * wtf/RetainPtr.h: - * wtf/SimpleStats.h: - * wtf/Spectrum.h: - * wtf/StdLibExtras.h: - * wtf/TCPageMap.h: - * wtf/TemporaryChange.h: - * wtf/ThreadSafeRefCounted.h: - * wtf/Threading.h: - * wtf/ThreadingPrimitives.h: - * wtf/TypeTraits.h: - * wtf/TypedArrayBase.h: - * wtf/Uint16Array.h: - * wtf/Uint32Array.h: - * wtf/Uint8Array.h: - * wtf/Uint8ClampedArray.h: - * wtf/UnusedParam.h: - * wtf/Vector.h: - * wtf/VectorTraits.h: - * wtf/dtoa/double-conversion.h: - * wtf/dtoa/utils.h: - * wtf/gobject/GRefPtr.h: - * wtf/gobject/GlibUtilities.h: - * wtf/text/AtomicString.h: - * wtf/text/AtomicStringImpl.h: - * wtf/text/CString.h: - * wtf/text/StringConcatenate.h: - * wtf/text/StringHash.h: - * wtf/text/WTFString.h: - * wtf/unicode/CharacterNames.h: - * wtf/unicode/UTF8.h: - * wtf/unicode/glib/UnicodeGLib.h: - * wtf/unicode/qt4/UnicodeQt4.h: - * wtf/unicode/wince/UnicodeWinCE.h: - * wtf/url/api/ParsedURL.h: - * wtf/url/api/URLString.h: - * wtf/wince/FastMallocWinCE.h: - * yarr/YarrJIT.cpp: - -2012-03-06 Gavin Barraclough - - Array.prototype functions should throw if delete fails - https://bugs.webkit.org/show_bug.cgi?id=80467 - - Reviewed by Oliver Hunt. - - All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw. - In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations - in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines, - one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift - routines, for handling arrays with holes. These three copies should be unified. - - * runtime/ArrayPrototype.cpp: - (JSC::shift): - (JSC::unshift): - - Added - shared copies of the shift/unshift functionality. - (JSC::arrayProtoFuncPop): - - should throw if the delete fails. - (JSC::arrayProtoFuncReverse): - - should throw if the delete fails. - (JSC::arrayProtoFuncShift): - (JSC::arrayProtoFuncSplice): - (JSC::arrayProtoFuncUnShift): - - use shift/unshift. - * runtime/JSArray.cpp: - (JSC::JSArray::shiftCount): - (JSC::JSArray::unshiftCount): - - Don't try to handle arrays with holes; return a value indicating - the generic routine should be used instead. - * runtime/JSArray.h: - - declaration for shiftCount/unshiftCount changed. - * tests/mozilla/js1_6/Array/regress-304828.js: - - this was asserting incorrect behaviour. - -2012-03-06 Raphael Kubo da Costa - - [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7. - https://bugs.webkit.org/show_bug.cgi?id=80469 - - Reviewed by Antonio Gomes. - - * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target - property on the library being created. - -2012-03-06 Yuqiang Xian - - DFG BasicBlock should group the Phi nodes together and separate them - from the other nodes - https://bugs.webkit.org/show_bug.cgi?id=80361 - - Reviewed by Filip Pizlo. - - This would make it more efficient to remove the redundant Phi nodes or - insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure. - This is performance neutral on SunSpider, V8 and Kraken. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::clobberStructures): - (JSC::DFG::AbstractState::dump): - * dfg/DFGBasicBlock.h: - (JSC::DFG::BasicBlock::BasicBlock): - (BasicBlock): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::addToGraph): - (JSC::DFG::ByteCodeParser::insertPhiNode): - * dfg/DFGCFAPhase.cpp: - (JSC::DFG::CFAPhase::performBlockCFA): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::globalVarLoadElimination): - (JSC::DFG::CSEPhase::getByValLoadElimination): - (JSC::DFG::CSEPhase::checkFunctionElimination): - (JSC::DFG::CSEPhase::checkStructureLoadElimination): - (JSC::DFG::CSEPhase::getByOffsetLoadElimination): - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getScopeChainLoadElimination): - (JSC::DFG::CSEPhase::performBlockCSE): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-06 Mark Hahnenberg - - GCActivityCallback timer should vary with the length of the previous GC - https://bugs.webkit.org/show_bug.cgi?id=80344 - - Reviewed by Geoffrey Garen. - - * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last - GC length so that the GC Activity Callback can use it. - (JSC::Heap::Heap): - (JSC::Heap::collect): - * heap/Heap.h: - (JSC::Heap::lastGCLength): - (Heap): - * runtime/GCActivityCallbackCF.cpp: - (JSC): - (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last - GC to determine the length of our timer trigger (currently set at 100x the duration - of the last GC). - -2012-03-06 Rob Buis - - BlackBerry] Fix cast-align gcc warnings when compiling JSC - https://bugs.webkit.org/show_bug.cgi?id=80420 - - Reviewed by Gavin Barraclough. - - Fix warnings given in Blackberry build. - - * heap/CopiedBlock.h: - (JSC::CopiedBlock::CopiedBlock): - * wtf/RefCountedArray.h: - (WTF::RefCountedArray::Header::fromPayload): - -2012-03-06 Gavin Barraclough - - writable/configurable not respected for some properties of Function/String/Arguments - https://bugs.webkit.org/show_bug.cgi?id=80436 - - Reviewed by Oliver Hunt. - - Special properties should behave like regular properties. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - - Mis-nested logic for making read-only properties non-live. - * runtime/JSFunction.cpp: - (JSC::JSFunction::put): - - arguments/length/caller are non-writable, non-configurable - reject appropriately. - (JSC::JSFunction::deleteProperty): - - Attempting to delete prototype/caller should fail. - (JSC::JSFunction::defineOwnProperty): - - Ensure prototype is reified on attempt to reify it. - - arguments/length/caller are non-writable, non-configurable - reject appropriately. - * runtime/JSFunction.h: - - added declaration for defineOwnProperty. - (JSFunction): - * runtime/StringObject.cpp: - (JSC::StringObject::put): - - length is non-writable, non-configurable - reject appropriately. - -2012-03-06 Ulan Degenbaev - - TypedArray subarray call for subarray does not clamp the end index parameter properly - https://bugs.webkit.org/show_bug.cgi?id=80285 - - Reviewed by Kenneth Russell. - - * wtf/ArrayBufferView.h: - (WTF::ArrayBufferView::calculateOffsetAndLength): - -2012-03-06 Sheriff Bot - - Unreviewed, rolling out r109837. - http://trac.webkit.org/changeset/109837 - https://bugs.webkit.org/show_bug.cgi?id=80399 - - breaks Mac Productions builds, too late to try and fix it - tonight (Requested by eseidel on #webkit). - - * API/tests/JSNode.c: - * API/tests/JSNodeList.c: - * Configurations/Base.xcconfig: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * assembler/MacroAssemblerCodeRef.h: - * bytecompiler/BytecodeGenerator.h: - * dfg/DFGOperations.cpp: - * heap/GCAssertions.h: - * heap/HandleHeap.h: - * heap/HandleStack.h: - * heap/MarkedSpace.h: - * heap/PassWeak.h: - * heap/Strong.h: - * heap/Weak.h: - * jit/HostCallReturnValue.cpp: - * jit/JIT.cpp: - * jit/JITStubs.cpp: - * jit/ThunkGenerators.cpp: - * parser/Lexer.cpp: - * runtime/Completion.cpp: - * runtime/Executable.cpp: - * runtime/Identifier.h: - * runtime/InitializeThreading.cpp: - * runtime/JSDateMath.cpp: - * runtime/JSGlobalObjectFunctions.cpp: - * runtime/JSStringBuilder.h: - * runtime/JSVariableObject.h: - * runtime/NumberPrototype.cpp: - * runtime/WriteBarrier.h: - * tools/CodeProfile.cpp: - * tools/TieredMMapArray.h: - * yarr/YarrJIT.cpp: - -2012-03-06 Zoltan Herczeg - - [Qt][ARM] Speculative buildfix after r109834. - - Reviewed by Csaba Osztrogonác. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::and32): - (MacroAssemblerARM): - -2012-03-05 Gavin Barraclough - - Unreviewed windows build fix pt 2. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-05 Gavin Barraclough - - Unreviewed windows build fix pt 1. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-05 Gavin Barraclough - - putByIndex should throw in strict mode - https://bugs.webkit.org/show_bug.cgi?id=80335 - - Reviewed by Filip Pizlo. - - Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter. - - This is a largely mechanical change, simply adding an extra parameter to a number - of functions. Some call sites need perform additional exception checks, and - operationPutByValBeyondArrayBounds needs to know whether it is strict or not. - - This patch doesn't fix a missing throw from some cases of shift/unshift (this is - an existing bug), I'll follow up with a third patch to handle that. - - * API/JSObjectRef.cpp: - (JSObjectSetPropertyAtIndex): - * JSCTypedArrayStubs.h: - (JSC): - * dfg/DFGOperations.cpp: - (JSC::DFG::putByVal): - * dfg/DFGOperations.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jsc.cpp: - (GlobalObject::finishCreation): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * runtime/Arguments.cpp: - (JSC::Arguments::putByIndex): - * runtime/Arguments.h: - (Arguments): - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncPush): - (JSC::arrayProtoFuncReverse): - (JSC::arrayProtoFuncShift): - (JSC::arrayProtoFuncSort): - (JSC::arrayProtoFuncSplice): - (JSC::arrayProtoFuncUnShift): - * runtime/ClassInfo.h: - (MethodTable): - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::put): - (JSC::JSArray::put): - (JSC::JSArray::putByIndex): - (JSC::JSArray::putByIndexBeyondVectorLength): - (JSC::JSArray::push): - (JSC::JSArray::shiftCount): - (JSC::JSArray::unshiftCount): - * runtime/JSArray.h: - (SparseArrayValueMap): - (JSArray): - * runtime/JSByteArray.cpp: - (JSC::JSByteArray::putByIndex): - * runtime/JSByteArray.h: - (JSByteArray): - * runtime/JSCell.cpp: - (JSC::JSCell::putByIndex): - * runtime/JSCell.h: - (JSCell): - * runtime/JSNotAnObject.cpp: - (JSC::JSNotAnObject::putByIndex): - * runtime/JSNotAnObject.h: - (JSNotAnObject): - * runtime/JSONObject.cpp: - (JSC::Walker::walk): - * runtime/JSObject.cpp: - (JSC::JSObject::putByIndex): - * runtime/JSObject.h: - (JSC::JSValue::putByIndex): - * runtime/RegExpConstructor.cpp: - (JSC::RegExpMatchesArray::fillArrayInstance): - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::putByIndex): - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncSplit): - -2012-03-05 Yuqiang Xian - - PredictNone is incorrectly treated as isDoublePrediction - https://bugs.webkit.org/show_bug.cgi?id=80365 - - Reviewed by Filip Pizlo. - - Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction. - - * bytecode/PredictedType.h: - (JSC::isFixedIndexedStorageObjectPrediction): - (JSC::isDoublePrediction): - -2012-03-05 Filip Pizlo - - The LLInt should work even when the JIT is disabled - https://bugs.webkit.org/show_bug.cgi?id=80340 - - - Reviewed by Gavin Barraclough. - - * assembler/MacroAssemblerCodeRef.h: - (JSC::MacroAssemblerCodePtr::createLLIntCodePtr): - (MacroAssemblerCodeRef): - (JSC::MacroAssemblerCodeRef::createLLIntCodeRef): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::initialize): - (JSC::Interpreter::execute): - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): - * jit/JIT.h: - (JSC::JIT::compileCTINativeCall): - * jit/JITStubs.h: - (JSC::JITThunks::ctiNativeCall): - (JSC::JITThunks::ctiNativeConstruct): - * llint/LLIntEntrypoints.cpp: - (JSC::LLInt::getFunctionEntrypoint): - (JSC::LLInt::getEvalEntrypoint): - (JSC::LLInt::getProgramEntrypoint): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (LLInt): - * llint/LLIntSlowPaths.h: - (LLInt): - * llint/LowLevelInterpreter.h: - * llint/LowLevelInterpreter32_64.asm: - * runtime/Executable.h: - (NativeExecutable): - (JSC::NativeExecutable::create): - (JSC::NativeExecutable::finishCreation): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/Options.cpp: - (Options): - (JSC::Options::parse): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - * wtf/Platform.h: - -2012-03-05 Yuqiang Xian - - Checks for dead variables are not sufficient when fixing the expected - values in DFG OSR entry - https://bugs.webkit.org/show_bug.cgi?id=80371 - - Reviewed by Filip Pizlo. - - A dead variable should be identified when there's no node referencing it. - But we currently failed to catch the case where there are some nodes - referencing a variable but those nodes are actually not referenced by - others so will be ignored in code generation. In such case we should - also consider that variable to be a dead variable in the block and fix - the expected values. - This is performance neutral on SunSpider, V8 and Kraken. - - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::noticeOSREntry): - -2012-03-05 Oliver Hunt - - Fix Qt build. - - * assembler/AbstractMacroAssembler.h: - * assembler/MacroAssembler.h: - (MacroAssembler): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileArithSub): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emitSub32Constant): - -2012-03-05 Eric Seidel - - Update JavaScriptCore files to use fully-qualified WTF include paths - https://bugs.webkit.org/show_bug.cgi?id=79960 - - Reviewed by Adam Barth. - - This change does 5 small/related things: - 1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include - (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj - was not installing headers there.) - 2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their - header search path, as that's where the WTF headers will be installed. - 3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/* - in addition to the current behavior of flattening all headers to PrivateHeaders/*.h. - 4. Updates a bunch of JSC files to use #include instead of #include "Foo.h" - since soon the WTF headers will not be part of the JavaScriptCore Xcode project. - 5. Makes build-webkit build the WTF XCode project by default. - - * API/tests/JSNode.c: - * API/tests/JSNodeList.c: - * Configurations/Base.xcconfig: - * assembler/MacroAssemblerCodeRef.h: - * bytecompiler/BytecodeGenerator.h: - * dfg/DFGOperations.cpp: - * heap/GCAssertions.h: - * heap/HandleHeap.h: - * heap/HandleStack.h: - * heap/MarkedSpace.h: - * heap/PassWeak.h: - * heap/Strong.h: - * heap/Weak.h: - * jit/HostCallReturnValue.cpp: - * jit/JIT.cpp: - * jit/JITStubs.cpp: - * jit/ThunkGenerators.cpp: - * parser/Lexer.cpp: - * runtime/Completion.cpp: - * runtime/Executable.cpp: - * runtime/Identifier.h: - * runtime/InitializeThreading.cpp: - * runtime/JSDateMath.cpp: - * runtime/JSGlobalObjectFunctions.cpp: - * runtime/JSStringBuilder.h: - * runtime/JSVariableObject.h: - * runtime/NumberPrototype.cpp: - * runtime/WriteBarrier.h: - * tools/CodeProfile.cpp: - * tools/TieredMMapArray.h: - * yarr/YarrJIT.cpp: - -2012-03-05 Oliver Hunt - - Add basic support for constant blinding to the JIT - https://bugs.webkit.org/show_bug.cgi?id=80354 - - Reviewed by Filip Pizlo. - - This patch adds basic constant blinding support to the JIT, at the - MacroAssembler level. This means all JITs in JSC (Yarr, baseline, and DFG) - get constant blinding. Woo! - - This patch only introduces blinding for Imm32, a later patch will do similar - for ImmPtr. In order to make misuse of Imm32 as a trusted type essentially - impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit - accessor that's needed to access the actual value. This also means you cannot - accidentally pass an untrusted value to a function that does not perform - blinding. - - To make everything work sensibly, this patch also corrects some code that was using - Imm32 when TrustedImm32 could be used, and refactors a few callers that use - untrusted immediates, so that they call slightly different varaints of the functions - that they used previously. This is largely necessary to deal with x86-32 not having - sufficient registers to handle the additional work required when we choose to blind - a constant. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32): - (Imm32): - (JSC::AbstractMacroAssembler::beginUninterruptedSequence): - (JSC::AbstractMacroAssembler::endUninterruptedSequence): - (JSC::AbstractMacroAssembler::AbstractMacroAssembler): - (AbstractMacroAssembler): - (JSC::AbstractMacroAssembler::inUninterruptedSequence): - (JSC::AbstractMacroAssembler::random): - (JSC::AbstractMacroAssembler::scratchRegisterForBlinding): - (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch): - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::addressForPoke): - (MacroAssembler): - (JSC::MacroAssembler::poke): - (JSC::MacroAssembler::branchPtr): - (JSC::MacroAssembler::branch32): - (JSC::MacroAssembler::convertInt32ToDouble): - (JSC::MacroAssembler::shouldBlind): - (JSC::MacroAssembler::BlindedImm32::BlindedImm32): - (BlindedImm32): - (JSC::MacroAssembler::keyForConstant): - (JSC::MacroAssembler::xorBlindConstant): - (JSC::MacroAssembler::additionBlindedConstant): - (JSC::MacroAssembler::andBlindedConstant): - (JSC::MacroAssembler::orBlindedConstant): - (JSC::MacroAssembler::loadXorBlindedConstant): - (JSC::MacroAssembler::add32): - (JSC::MacroAssembler::addPtr): - (JSC::MacroAssembler::and32): - (JSC::MacroAssembler::andPtr): - (JSC::MacroAssembler::move): - (JSC::MacroAssembler::or32): - (JSC::MacroAssembler::store32): - (JSC::MacroAssembler::sub32): - (JSC::MacroAssembler::subPtr): - (JSC::MacroAssembler::xor32): - (JSC::MacroAssembler::branchAdd32): - (JSC::MacroAssembler::branchMul32): - (JSC::MacroAssembler::branchSub32): - (JSC::MacroAssembler::trustedImm32ForShift): - (JSC::MacroAssembler::lshift32): - (JSC::MacroAssembler::rshift32): - (JSC::MacroAssembler::urshift32): - * assembler/MacroAssemblerARMv7.h: - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding): - (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch): - * assembler/MacroAssemblerX86_64.h: - (JSC::MacroAssemblerX86_64::branchSubPtr): - (MacroAssemblerX86_64): - (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::linkOSRExits): - (JSC::DFG::JITCompiler::compileBody): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::compileArithSub): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileDoubleCompare): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileDoubleCompare): - (JSC::DFG::SpeculativeJIT::compile): - * jit/JIT.cpp: - (JSC::JIT::privateCompileSlowCases): - (JSC::JIT::privateCompile): - * jit/JITArithmetic.cpp: - (JSC::JIT::compileBinaryArithOp): - (JSC::JIT::emit_op_add): - (JSC::JIT::emit_op_mul): - (JSC::JIT::emit_op_div): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emitAdd32Constant): - (JSC::JIT::emitSub32Constant): - (JSC::JIT::emitBinaryDoubleOp): - (JSC::JIT::emitSlow_op_mul): - (JSC::JIT::emit_op_div): - * jit/JITCall.cpp: - (JSC::JIT::compileLoadVarargs): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileLoadVarargs): - * jit/JITInlineMethods.h: - (JSC::JIT::updateTopCallFrame): - (JSC::JIT::emitValueProfilingSite): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emitSlow_op_jfalse): - (JSC::JIT::emitSlow_op_jtrue): - * jit/JITStubCall.h: - (JITStubCall): - (JSC::JITStubCall::addArgument): - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::backtrack): - -2012-03-05 Gavin Barraclough - - putByIndex should throw in strict mode - https://bugs.webkit.org/show_bug.cgi?id=80335 - - Reviewed by Filip Pizlo. - - We'll need to pass an additional parameter. - - Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex() - to match the method in the MethodTable, make this take a parameter indicating - whether the put should throw. This fixes the cases where the base of the put - is a primitive. - - * dfg/DFGOperations.cpp: - (DFG): - (JSC::DFG::putByVal): - (JSC::DFG::operationPutByValInternal): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * runtime/JSObject.h: - (JSC::JSValue::putByIndex): - * runtime/JSValue.cpp: - (JSC): - * runtime/JSValue.h: - (JSValue): - -2012-03-05 Sam Weinig - - Add support for hosting layers in the window server in WebKit2 - - https://bugs.webkit.org/show_bug.cgi?id=80310 - - Reviewed by Anders Carlsson. - - * wtf/Platform.h: - Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER. - -2012-03-05 Filip Pizlo - - Unreviewed, attempted build fix for !ENABLE(JIT) after r109705. - - * bytecode/ExecutionCounter.cpp: - (JSC::ExecutionCounter::applyMemoryUsageHeuristics): - * bytecode/ExecutionCounter.h: - -2012-03-05 Patrick Gansterer - - Unreviewed. Build fix for !ENABLE(JIT) after r109705. - - * bytecode/ExecutionCounter.cpp: - * bytecode/ExecutionCounter.h: - -2012-03-05 Andy Wingo - - Lexer: Specialize character predicates for LChar, UChar - https://bugs.webkit.org/show_bug.cgi?id=79677 - - Reviewed by Oliver Hunt. - - This patch specializes isIdentStart, isIdentPart, isWhiteSpace, - and isLineTerminator to perform a more limited number of checks if - the lexer is being instantiated to work on LChar sequences. This - is about a 1.5% win on the --parse-only suite, here. - - * parser/Lexer.cpp: - (JSC::isLatin1): New static helper, specialized for LChar and - UChar. - (JSC::typesOfLatin1Characters): Rename from - typesOfASCIICharacters, and expand to the range of the LChar - type. All uses of isASCII are changed to use isLatin1. Generated - using libunistring. - (JSC::isNonLatin1IdentStart): - (JSC::isIdentStart): - (JSC::isNonLatin1IdentPart): - (JSC::isIdentPart): - (JSC::Lexer::shiftLineTerminator): - (JSC::Lexer::parseIdentifier): - (JSC::Lexer::parseIdentifierSlowCase): - (JSC::Lexer::parseStringSlowCase): - (JSC::Lexer::parseMultilineComment): - (JSC::Lexer::lex): - (JSC::Lexer::scanRegExp): - (JSC::Lexer::skipRegExp): Sprinkle static_cast(_) around. - * parser/Lexer.h: - (JSC::Lexer::isWhiteSpace): - (JSC::Lexer::isLineTerminator): - * KeywordLookupGenerator.py: - (Trie.printAsC): Declare specialized isIdentPart static functions. - -2012-03-05 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing header file. - -2012-03-05 Andy Wingo - - WTF: Micro-optimize cleanup of empty vectors and hash tables - https://bugs.webkit.org/show_bug.cgi?id=79903 - - Reviewed by Michael Saboff and Geoffrey Garen. - - This patch speeds up cleanup of vectors and hash tables whose - backing store was never allocated. This is the case by default - for most vectors / hash tables that never had any entries added. - - The result for me is that calling checkSyntax 1000 times on - concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a - 2.4% speedup. - - * wtf/HashTable.h: - (WTF::HashTable::~HashTable): - (WTF::::clear): Don't deallocate the storage or frob member - variables if there is no backing storage. - * wtf/Vector.h: - (WTF::VectorBufferBase::deallocateBuffer): Likewise. - -2012-03-04 Filip Pizlo - - JIT heuristics should be hyperbolic - https://bugs.webkit.org/show_bug.cgi?id=80055 - - - Reviewed by Oliver Hunt. - - Added tracking of the amount of executable memory typically used for a bytecode - instruction. Modified the execution counter scheme to use this, and the amount - of free memory, to determine how long to wait before invoking the JIT. - - The result is that even if we bomb the VM with more code than can fit in our - executable memory pool, we still keep running and almost never run out of - executable memory - which ensures that if we have to JIT something critical, then - we'll likely have enough memory to do so. This also does not regress performance - on the three main benchmarks. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::predictedMachineCodeSize): - (JSC): - (JSC::CodeBlock::usesOpcode): - * bytecode/CodeBlock.h: - (CodeBlock): - (JSC::CodeBlock::checkIfJITThresholdReached): - (JSC::CodeBlock::dontJITAnytimeSoon): - (JSC::CodeBlock::jitAfterWarmUp): - (JSC::CodeBlock::jitSoon): - (JSC::CodeBlock::llintExecuteCounter): - (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): - (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): - (JSC::CodeBlock::addressOfJITExecuteCounter): - (JSC::CodeBlock::offsetOfJITExecuteCounter): - (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold): - (JSC::CodeBlock::offsetOfJITExecutionTotalCount): - (JSC::CodeBlock::jitExecuteCounter): - (JSC::CodeBlock::checkIfOptimizationThresholdReached): - (JSC::CodeBlock::optimizeNextInvocation): - (JSC::CodeBlock::dontOptimizeAnytimeSoon): - (JSC::CodeBlock::optimizeAfterWarmUp): - (JSC::CodeBlock::optimizeAfterLongWarmUp): - (JSC::CodeBlock::optimizeSoon): - * bytecode/ExecutionCounter.cpp: Added. - (JSC): - (JSC::ExecutionCounter::ExecutionCounter): - (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet): - (JSC::ExecutionCounter::setNewThreshold): - (JSC::ExecutionCounter::deferIndefinitely): - (JSC::ExecutionCounter::applyMemoryUsageHeuristics): - (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt): - (JSC::ExecutionCounter::hasCrossedThreshold): - (JSC::ExecutionCounter::setThreshold): - (JSC::ExecutionCounter::reset): - * bytecode/ExecutionCounter.h: Added. - (JSC): - (ExecutionCounter): - (JSC::ExecutionCounter::formattedTotalCount): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * jit/ExecutableAllocator.cpp: - (JSC::DemandExecutableAllocator::allocateNewSpace): - (JSC::ExecutableAllocator::underMemoryPressure): - (JSC): - (JSC::ExecutableAllocator::memoryPressureMultiplier): - * jit/ExecutableAllocator.h: - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::memoryPressureMultiplier): - (JSC): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::jitCompileAndSetHeuristics): - * llint/LowLevelInterpreter32_64.asm: - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/Options.cpp: - (Options): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - * wtf/SimpleStats.h: Added. - (WTF): - (SimpleStats): - (WTF::SimpleStats::SimpleStats): - (WTF::SimpleStats::add): - (WTF::SimpleStats::operator!): - (WTF::SimpleStats::count): - (WTF::SimpleStats::sum): - (WTF::SimpleStats::sumOfSquares): - (WTF::SimpleStats::mean): - (WTF::SimpleStats::variance): - (WTF::SimpleStats::standardDeviation): - -2012-03-04 Raphael Kubo da Costa - - [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64 - https://bugs.webkit.org/show_bug.cgi?id=71507 - - Reviewed by Antonio Gomes. - - * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib". - -2012-03-04 David Kilzer - - Fix build when the classic interpreter is enabled - - Reviewed by Gavin Barraclough. - - Fixes the following build error when running the "Generate - Derived Sources" build phase script: - - offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h. - ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception - from JavaScriptCore/offlineasm/asm.rb:131 - Command /bin/sh failed with exit code 1 - - Gavin's fix in r109674 avoided the #error statement in - JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it - caused the "Generate Derived Sources" build phase script to fail - when JavaScriptCore/offlineasm/asm.rb was run. The solution is - to detect when the classic interpreter is being built and simply - exit early from asm.rb in that case. - - * llint/LLIntOffsetsExtractor.cpp: - (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the - JIT is disabled. Note that offsets.rb doesn't care about the - return value here, but instead it cares about finding the magic - values in the binary. The magic values are no longer present - when the JIT is disabled. - * offlineasm/asm.rb: Catch MissingMagicValuesException and exit - early with a status message. - * offlineasm/offsets.rb: - (MissingMagicValuesException): Add new exception class. - (offsetsAndConfigurationIndex): Throw - MissingMagicValuesException when no magic values are found. - -2012-03-04 Jurij Smakov - - SPARC also needs aligned accesses. - - Rubber-stamped by Gustavo Noronha Silva. - - * wtf/Platform.h: - -2012-03-04 Gavin Barraclough - - Unreviewed build fix. - - * jit/JITStubs.h: - - Move ENABLE(JIT) to head of file. - -2012-03-03 Gavin Barraclough - - Split JSArray's [[Put]] & [[DefineOwnProperty]] traps. - https://bugs.webkit.org/show_bug.cgi?id=80217 - - Reviewed by Filip Pizlo. - - putByIndex() provides similar behavior to put(), but for indexed property names. - Many places in ArrayPrototype call putByIndex() where they really mean to call - [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be - calling numeric accessors (& respecting numeric read only properties) on the - prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's - putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncConcat): - (JSC::arrayProtoFuncSlice): - (JSC::arrayProtoFuncFilter): - (JSC::arrayProtoFuncMap): - * runtime/JSArray.cpp: - (JSC): - (JSC::reject): - (JSC::SparseArrayValueMap::putDirect): - (JSC::JSArray::defineOwnNumericProperty): - (JSC::JSArray::putByIndexBeyondVectorLength): - (JSC::JSArray::putDirectIndexBeyondVectorLength): - * runtime/JSArray.h: - (SparseArrayValueMap): - (JSArray): - (JSC::JSArray::putDirectIndex): - -2012-03-03 Benjamin Poulain - - Implement the basis of KURLWTFURL - https://bugs.webkit.org/show_bug.cgi?id=79600 - - Reviewed by Adam Barth. - - Add an API to know if a ParsedURL is valid. - - * wtf/url/api/ParsedURL.cpp: - (WTF::ParsedURL::ParsedURL): - (WTF): - (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread - and by KURL's detach() on write. - (WTF::ParsedURL::baseAsString): - (WTF::ParsedURL::segment): - Add a stronger constraint on accessors: the client of this API should never ask for the segments - on an invalid URL. - * wtf/url/api/ParsedURL.h: - (WTF): - (WTF::ParsedURL::ParsedURL): - (ParsedURL): - (WTF::ParsedURL::isValid): - -2012-03-03 Hans Wennborg - - Implement Speech JavaScript API - https://bugs.webkit.org/show_bug.cgi?id=80019 - - Reviewed by Adam Barth. - - Add ENABLE_SCRIPTED_SPEECH. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-02 Filip Pizlo - - When getting the line number of a call into a call frame with no code block, it's - incorrect to rely on the returnPC - https://bugs.webkit.org/show_bug.cgi?id=80195 - - Reviewed by Oliver Hunt. - - * interpreter/Interpreter.cpp: - (JSC::getCallerInfo): - * jit/JITCall.cpp: - (JSC::JIT::compileLoadVarargs): - -2012-03-02 Han Hojong - - Expected results updated for checking type conversion - https://bugs.webkit.org/show_bug.cgi?id=80138 - - Reviewed by Gavin Barraclough. - - * tests/mozilla/ecma/TypeConversion/9.3.1-3.js: - -2012-03-02 Kenichi Ishibashi - - Adding WebSocket per-frame DEFLATE extension - https://bugs.webkit.org/show_bug.cgi?id=77522 - - Added USE(ZLIB) flag. - - Reviewed by Kent Tamura. - - * wtf/Platform.h: - -2012-03-02 Filip Pizlo - - Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::visitAggregate): - -2012-03-01 Filip Pizlo - - DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by - virtue of being in the transitive closure - https://bugs.webkit.org/show_bug.cgi?id=80098 - - Reviewed by Anders Carlsson. - - If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable, - then you might have the visitAggregate() method called concurrently by multiple threads. - This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be - racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash - due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction(). - - It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are - not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace - any CodeBlock that it knows to be live by virtue of it being reachable from the stack. - Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate() - don't lead to two threads racing over each other as they clobber state. This patch - achieves this with a simple CAS loop: whichever thread wins the CAS race (which is - trivially linearizable) will get to trace the CodeBlock; all other threads give up and - go home. - - Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10 - times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it - even when it's gotten sufficient counts. But that takes a while - sometimes up to a - minute to get a crash. I have no other reliable repro case. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::visitAggregate): - * bytecode/CodeBlock.h: - (DFGData): - * heap/DFGCodeBlocks.cpp: - (JSC::DFGCodeBlocks::clearMarks): - -2012-03-01 Filip Pizlo - - The JIT should not crash the entire process just because there is not enough executable - memory, if the LLInt is enabled - https://bugs.webkit.org/show_bug.cgi?id=79962 - - Reviewed by Csaba Osztrogonác. - - Fix for ARM, SH4. - - * assembler/AssemblerBufferWithConstantPool.h: - (JSC::AssemblerBufferWithConstantPool::executableCopy): - -2012-03-01 Ryosuke Niwa - - Revert my change. Broke builds. - Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)' - Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i - - * wtf/Atomics.h: - (WTF): - (WTF::weakCompareAndSwap): - -2012-03-01 Ryosuke Niwa - - Gcc build fix. - - Rubber-stamped by Filip Pizlo. - - * wtf/Atomics.h: - (WTF): - (WTF::weakCompareAndSwap): - -2012-03-01 Gavin Barraclough - - ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller - https://bugs.webkit.org/show_bug.cgi?id=80011 - - Reviewed by Oliver Hunt. - - Also, fix getting the caller from within a bound function, for within a getter, - or setter (make our implementation match other browsers). - - * interpreter/Interpreter.cpp: - (JSC::getCallerInfo): - - Allow this to get the caller of host functions. - (JSC::Interpreter::retrieveCallerFromVMCode): - - This should use getCallerInfo, and should skip over function bindings. - * runtime/JSFunction.cpp: - (JSC::JSFunction::callerGetter): - - This should never return a strict-mode function. - -2012-03-01 Yuqiang Xian - - DFG local CSE for a node can be terminated earlier - https://bugs.webkit.org/show_bug.cgi?id=80014 - - Reviewed by Filip Pizlo. - - When one of the node's childredn is met in the process of back traversing - the nodes, we don't need to traverse the remaining nodes. - This is performance neutral on SunSpider, V8 and Kraken. - - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::getByValLoadElimination): - (JSC::DFG::CSEPhase::checkFunctionElimination): - (JSC::DFG::CSEPhase::checkStructureLoadElimination): - (JSC::DFG::CSEPhase::getByOffsetLoadElimination): - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): - -2012-02-29 Yuqiang Xian - - DFG BasicBlocks should not require that their nodes have continuous indices in the graph - https://bugs.webkit.org/show_bug.cgi?id=79899 - - Reviewed by Filip Pizlo. - - This will make it more convenient to insert nodes into the DFG. - With this capability we now place the Phi nodes in the corresponding - blocks. - Local CSE is modified to not to rely on the assumption of continuous - node indices in a block. - This is performance neutral on SunSpider, V8 and Kraken. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::AbstractState): - (JSC::DFG::AbstractState::beginBasicBlock): - (JSC::DFG::AbstractState::execute): - (JSC::DFG::AbstractState::clobberStructures): - (JSC::DFG::AbstractState::mergeToSuccessors): - (JSC::DFG::AbstractState::dump): - * dfg/DFGAbstractState.h: - (JSC::DFG::AbstractState::forNode): - (AbstractState): - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - (ArithNodeFlagsInferencePhase): - * dfg/DFGBasicBlock.h: - (JSC::DFG::BasicBlock::BasicBlock): - (BasicBlock): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::addToGraph): - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::insertPhiNode): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::processPhiStack): - (JSC::DFG::ByteCodeParser::linkBlock): - (JSC::DFG::ByteCodeParser::determineReachability): - (JSC::DFG::ByteCodeParser::parseCodeBlock): - * dfg/DFGCFAPhase.cpp: - (JSC::DFG::CFAPhase::performBlockCFA): - (CFAPhase): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::CSEPhase): - (JSC::DFG::CSEPhase::endIndexForPureCSE): - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::globalVarLoadElimination): - (JSC::DFG::CSEPhase::getByValLoadElimination): - (JSC::DFG::CSEPhase::checkFunctionElimination): - (JSC::DFG::CSEPhase::checkStructureLoadElimination): - (JSC::DFG::CSEPhase::getByOffsetLoadElimination): - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getScopeChainLoadElimination): - (JSC::DFG::CSEPhase::performNodeCSE): - (JSC::DFG::CSEPhase::performBlockCSE): - (CSEPhase): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGPhase.cpp: - (JSC::DFG::Phase::beginPhase): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare): - (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): - (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - (JSC::DFG::SpeculativeJIT::compileStrictEq): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): - (JSC::DFG::SpeculativeJIT::SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-02-29 Filip Pizlo - - The JIT should not crash the entire process just because there is not - enough executable memory, if the LLInt is enabled - https://bugs.webkit.org/show_bug.cgi?id=79962 - - - Unreviewed, adding forgotten file. - - * jit/JITCompilationEffort.h: Added. - (JSC): - -2012-02-29 Filip Pizlo - - The JIT should not crash the entire process just because there is not - enough executable memory, if the LLInt is enabled - https://bugs.webkit.org/show_bug.cgi?id=79962 - - - Reviewed by Gavin Barraclough. - - Added the notion of JITCompilationEffort. If we're JIT'ing as a result of - a tier-up, then we set it to JITCompilationCanFail. Otherwise it's - JITCompilationMustSucceed. This preserves the old behavior of LLInt is - disabled or if we're compiling something that can't be interpreted (like - an OSR exit stub). - - * JavaScriptCore.xcodeproj/project.pbxproj: - * assembler/ARMAssembler.cpp: - (JSC::ARMAssembler::executableCopy): - * assembler/ARMAssembler.h: - (ARMAssembler): - * assembler/AssemblerBuffer.h: - (JSC::AssemblerBuffer::executableCopy): - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::LinkBuffer): - (JSC::LinkBuffer::~LinkBuffer): - (LinkBuffer): - (JSC::LinkBuffer::didFailToAllocate): - (JSC::LinkBuffer::isValid): - (JSC::LinkBuffer::linkCode): - (JSC::LinkBuffer::performFinalization): - * assembler/MIPSAssembler.h: - (JSC::MIPSAssembler::executableCopy): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::executableCopy): - * assembler/X86Assembler.h: - (JSC::X86Assembler::executableCopy): - (JSC::X86Assembler::X86InstructionFormatter::executableCopy): - * bytecode/CodeBlock.cpp: - (JSC::ProgramCodeBlock::jitCompileImpl): - (JSC::EvalCodeBlock::jitCompileImpl): - (JSC::FunctionCodeBlock::jitCompileImpl): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::jitCompile): - (CodeBlock): - (ProgramCodeBlock): - (EvalCodeBlock): - (FunctionCodeBlock): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compile): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGJITCompiler.h: - (JITCompiler): - * jit/ExecutableAllocator.cpp: - (JSC::DemandExecutableAllocator::allocateNewSpace): - (JSC::ExecutableAllocator::allocate): - * jit/ExecutableAllocator.h: - (ExecutableAllocator): - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::allocate): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JIT.h: - (JSC::JIT::compile): - (JIT): - * jit/JITCompilationEffort.h: Added. - (JSC): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * llint/LLIntSlowPaths.cpp: - (LLInt): - (JSC::LLInt::jitCompileAndSetHeuristics): - (JSC::LLInt::entryOSR): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * runtime/Executable.cpp: - (JSC::EvalExecutable::jitCompile): - (JSC::ProgramExecutable::jitCompile): - (JSC::FunctionExecutable::jitCompileForCall): - (JSC::FunctionExecutable::jitCompileForConstruct): - * runtime/Executable.h: - (EvalExecutable): - (ProgramExecutable): - (FunctionExecutable): - (JSC::FunctionExecutable::jitCompileFor): - * runtime/ExecutionHarness.h: - (JSC::prepareForExecution): - (JSC::prepareFunctionForExecution): - -2012-02-29 No'am Rosenthal - - [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy] - https://bugs.webkit.org/show_bug.cgi?id=79501 - - Enable WTF_USE_UI_SIDE_COMPOSITING for Qt. - - Reviewed by Kenneth Rohde Christiansen. - - * wtf/Platform.h: - -2012-02-29 Gavin Barraclough - - Rubber stamped by Oliver Hunt. - - * tests/mozilla/ecma_2/RegExp/constructor-001.js: - * tests/mozilla/ecma_2/RegExp/function-001.js: - * tests/mozilla/ecma_2/RegExp/properties-001.js: - - Check in new test cases results. - -2012-02-29 Mark Rowe - - Stop installing JSCLLIntOffsetsExtractor. - - Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file - that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor. - This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor. - - While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value - for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is - to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That - allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too! - - Reviewed by Filip Pizlo. - - * Configurations/TestRegExp.xcconfig: Removed. - * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig. - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-02-28 Filip Pizlo - - RefCounted::deprecatedTurnOffVerifier() should not be deprecated - https://bugs.webkit.org/show_bug.cgi?id=79864 - - Reviewed by Oliver Hunt. - - Removed the word "deprecated" from the name of this method, since this method - should not be deprecated. It works just fine as it is, and there is simply no - alternative to calling this method for many interesting JSC classes. - - * parser/SourceProvider.h: - (JSC::SourceProvider::SourceProvider): - * runtime/SymbolTable.h: - (JSC::SharedSymbolTable::SharedSymbolTable): - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocatorHandle::MetaAllocatorHandle): - (WTF::MetaAllocator::allocate): - * wtf/RefCounted.h: - (RefCountedBase): - (WTF::RefCountedBase::turnOffVerifier): - -2012-02-29 Gavin Barraclough - - 'source' property of RegExp instance cannot be "" - https://bugs.webkit.org/show_bug.cgi?id=79938 - - Reviewed by Oliver Hunt. - - 15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/', - and also states that the result must be a valid RegularExpressionLiteral. '//' is - not a valid RegularExpressionLiteral (since it is a single line comment), and hence - source cannot ever validly be "". If the source is empty, return a different Pattern - that would match the same thing. - - * runtime/RegExpObject.cpp: - (JSC::regExpObjectSource): - - Do not return "" if the source is empty, this would lead to invalid behaviour in toString. - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncToString): - - No need to special case the empty string - this should be being done by 'source'. - -2012-02-29 Gavin Barraclough - - Writable attribute not set correctly when redefining an accessor to a data descriptor - https://bugs.webkit.org/show_bug.cgi?id=79931 - - Reviewed by Oliver Hunt. - - * runtime/JSObject.cpp: - (JSC::JSObject::defineOwnProperty): - - use attributesOverridingCurrent instead of attributesWithOverride. - * runtime/PropertyDescriptor.cpp: - * runtime/PropertyDescriptor.h: - - remove attributesWithOverride - attributesOverridingCurrent does the same thing. - -2012-02-29 Kevin Ollivier - - Add JSCore symbol exports needed by wx port - https://bugs.webkit.org/show_bug.cgi?id=77280 - - Reviewed by Hajime Morita. - - * wtf/ArrayBufferView.h: - * wtf/ExportMacros.h: - -2012-02-28 Raphael Kubo da Costa - - [CMake] Always build wtf as a static library. - https://bugs.webkit.org/show_bug.cgi?id=79857 - - Reviewed by Eric Seidel. - - To help the efforts in bug 75673 to move WTF out of - JavaScriptCore, act more like the other ports and remove the - possibility of building WTF as a shared library. - - It does not make much sense to, for example, ship WTF as a - separate .so with webkit-efl packages, and it should be small - enough not to cause problems during linking. - - * wtf/CMakeLists.txt: - -2012-02-28 Dmitry Lomov - - [JSC] Implement ArrayBuffer transfer - https://bugs.webkit.org/show_bug.cgi?id=73493. - Implement ArrayBuffer transfer, per Khronos spec: http://www.khronos.org/registry/typedarray/specs/latest/#9. - This brings parity with V8 implementation of transferable typed arrays. - - Reviewed by Oliver Hunt. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export. - * wtf/ArrayBuffer.h: - (ArrayBuffer): Added extra export. - -2012-02-28 Kevin Ollivier - - [wx] Unreviewed. Build fix after recent LLInt additions. - - * wscript: - -2012-02-28 Mark Hahnenberg - - Refactor SpeculativeJIT::emitAllocateJSFinalObject - https://bugs.webkit.org/show_bug.cgi?id=79801 - - Reviewed by Filip Pizlo. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this - function, which is more generic in that it can allocate a variety of classes. - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function. - -2012-02-28 Gavin Barraclough - - [[Get]]/[[Put]] for primitives should not wrap on strict accessor call - https://bugs.webkit.org/show_bug.cgi?id=79588 - - Reviewed by Oliver Hunt. - - In the case of [[Get]], this is a pretty trivial bug - just don't wrap - primitives at the point you call a getter. - - For setters, this is a little more involved, since we have already wrapped - the value up in a synthesized object. Stop doing so. There is also a further - subtely, that in strict mode all attempts to create a new data property on - the object should throw. - - * runtime/JSCell.cpp: - (JSC::JSCell::put): - - [[Put]] to a string primitive should use JSValue::putToPrimitive. - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Remove static function called in one place. - * runtime/JSObject.h: - (JSC::JSValue::put): - - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive. - * runtime/JSValue.cpp: - (JSC::JSValue::synthesizePrototype): - - Add support for synthesizing the prototype of strings. - (JSC::JSValue::putToPrimitive): - - Added, implements [[Put]] for primitive bases, per 8.7.2. - * runtime/JSValue.h: - (JSValue): - - Add declaration for JSValue::putToPrimitive. - * runtime/PropertySlot.cpp: - (JSC::PropertySlot::functionGetter): - - Don't call ToObject on primitive this values. - -2012-02-28 Mark Hahnenberg - - Re-enable parallel GC on Mac - https://bugs.webkit.org/show_bug.cgi?id=79837 - - Rubber stamped by Filip Pizlo. - - * runtime/Options.cpp: - (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line, - so we removed it and things should go back to normal. - -2012-02-28 Filip Pizlo - - Some run-javascriptcore-tests broken for 32-bit debug - https://bugs.webkit.org/show_bug.cgi?id=79844 - - Rubber stamped by Oliver Hunt. - - These assertions are just plain wrong for 32-bit. We could either have a massive - assertion that depends on value representation, that has to be changed every - time we change the JITs, resulting in a bug tail of debug-mode crashes, or we - could get rid of the assertions. I pick the latter. - - * dfg/DFGOperations.cpp: - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - -2012-02-28 Mark Hahnenberg - - Get rid of padding cruft in CopiedBlock - https://bugs.webkit.org/show_bug.cgi?id=79686 - - Reviewed by Filip Pizlo. - - * heap/CopiedBlock.h: - (CopiedBlock): Removed the extra padding that was used for alignment purposes until - the calculation of the payload offset into CopiedBlocks was redone recently. - -2012-02-28 Anders Carlsson - - Fix build with newer versions of clang. - - Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments, - but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common) - takes a string literal. - - * wtf/Assertions.cpp: - -2012-02-28 Mario Sanchez Prada - - [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr - https://bugs.webkit.org/show_bug.cgi?id=79496 - - Reviewed by Martin Robinson. - - Handle GMainLoop and GMainContext in GRefPtr, by calling - g_main_loop_(un)ref and g_main_context_(un)ref in the - implementation of the refGPtr and derefGPtr template functions. - - * wtf/gobject/GRefPtr.cpp: - (WTF::refGPtr): - (WTF): - (WTF::derefGPtr): - * wtf/gobject/GRefPtr.h: - (WTF): - * wtf/gobject/GTypedefs.h: - -2012-02-28 Yong Li - - JSString::resolveRope() should report extra memory cost to the heap. - https://bugs.webkit.org/show_bug.cgi?id=79555 - - Reviewed by Michael Saboff. - - At the time a JSString is constructed with fibers, it doesn't report - extra memory cost, which is reasonable because it hasn't allocate - new memory. However when the rope is resolved, it should report meory - cost for the new buffer. - - * runtime/JSString.cpp: - (JSC::JSString::resolveRope): - -2012-02-27 Oliver Hunt - - sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter - https://bugs.webkit.org/show_bug.cgi?id=79728 - - Reviewed by Gavin Barraclough. - - When initialising a chained get instruction we may end up in a state where - the instruction stream says we have a scopechain, but it has not yet been set - (eg. if allocating the StructureChain itself is what leads to the GC). We could - re-order the allocation, but it occurs in a couple of places, so it seems less - fragile simply to null check the scopechain slot before we actually visit the slot. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::visitStructures): - -2012-02-27 Filip Pizlo - - Old JIT's style of JSVALUE64 strict equality is subtly wrong - https://bugs.webkit.org/show_bug.cgi?id=79700 - - Reviewed by Oliver Hunt. - - * assembler/MacroAssemblerX86_64.h: - (JSC::MacroAssemblerX86_64::comparePtr): - (MacroAssemblerX86_64): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): - * jit/JITOpcodes.cpp: - (JSC::JIT::compileOpStrictEq): - (JSC::JIT::emitSlow_op_stricteq): - (JSC::JIT::emitSlow_op_nstricteq): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - -2012-02-27 Gavin Barraclough - - Implement support for op_negate and op_bitnot in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=79617 - - Reviewed by Filip Pizlo. - - Add an ArithNegate op to the DFG JIT, to implement op_negate. - - This patch also adds support for op_negate to the JSVALUE64 baseline JIT - (JSVALUE32_64 already had this), so that we can profile the slowpath usage. - - This is a 2.5%-3% Sunspider progression and a 1% win on Kraken. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::sub_S): - - Added sub_S from immediate. - (ARMv7Assembler): - (JSC::ARMv7Assembler::vneg): - - Added double negate. - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::negateDouble): - - Added double negate. - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::branchNeg32): - - Added. - * assembler/MacroAssemblerX86.h: - (MacroAssemblerX86): - - moved loadDouble, absDouble to common. - * assembler/MacroAssemblerX86Common.h: - (MacroAssemblerX86Common): - (JSC::MacroAssemblerX86Common::absDouble): - - implementation can be shared. - (JSC::MacroAssemblerX86Common::negateDouble): - - Added. - (JSC::MacroAssemblerX86Common::loadDouble): - - allow absDouble to have a common implementation. - * assembler/MacroAssemblerX86_64.h: - (MacroAssemblerX86_64): - - moved loadDouble, absDouble to common. - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - - support ArithNegate. - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): - - support ArithNegate. - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - - support ArithNegate. - (JSC::DFG::ByteCodeParser::parseBlock): - - support op_negate. - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - - support ArithNegate. - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - - support op_negate. - * dfg/DFGGraph.h: - (JSC::DFG::Graph::negateShouldSpeculateInteger): - - support ArithNegate. - * dfg/DFGNode.h: - (JSC::DFG::Node::hasArithNodeFlags): - - support ArithNegate. - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - - support ArithNegate. - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileArithNegate): - - support ArithNegate. - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - - support ArithNegate. - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - - support ArithNegate. - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - - support ArithNegate. - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - - Add support for op_negate in JSVALUE64. - * jit/JITArithmetic.cpp: - (JSC::JIT::emit_op_negate): - (JSC::JIT::emitSlow_op_negate): - - Add support for op_negate in JSVALUE64. - -2012-02-27 Mahesh Kulkarni - - Unreviewed. Build fix for linux-bot (qt) after r109021. - - * runtime/Error.cpp: - -2012-02-27 Oliver Hunt - - REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize - https://bugs.webkit.org/show_bug.cgi?id=79693 - - Reviewed by Filip Pizlo. - - Alas we can't provide the stack trace as an array, as despite everyone wanting - an array, everyone arbitrarily creates the array by calling split on the stack - trace. To create the array we would have provided them in the first place. - - This changes the exception's stack property to a \n separated string. To get the - old array just do .stack.split("\n"). - - * runtime/Error.cpp: - (JSC::addErrorInfo): - -2012-02-27 Gavin Barraclough - - RegExp lastIndex should behave as a regular property - https://bugs.webkit.org/show_bug.cgi?id=79446 - - Reviewed by Sam Weinig. - - lastIndex should be a regular data descriptor, with the attributes configurable:false, - enumerable:false, writable:true. As such, it should be possible to reconfigure writable - as false. If the lastIndex property is reconfigured to be read-only, we should respect - this correctly. - - * runtime/CommonIdentifiers.h: - - Removed some unused identifiers, added lastIndex. - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::getOwnPropertySlot): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::getOwnPropertyDescriptor): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::deleteProperty): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::getOwnPropertyNames): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::getPropertyNames): - - lastIndex is no longer a static value, provided specific handling. - (JSC::reject): - - helper function for defineOwnProperty. - (JSC::RegExpObject::defineOwnProperty): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::put): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::match): - - Pass setLastIndex an ExecState, so it can throw if read-only. - * runtime/RegExpObject.h: - (JSC::RegExpObject::setLastIndex): - - Pass setLastIndex an ExecState, so it can throw if read-only. - (RegExpObjectData): - - Added lastIndexIsWritable. - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncCompile): - - Pass setLastIndex an ExecState, so it can throw if read-only. - -2012-02-27 Gavin Barraclough - - Implement support for op_negate and op_bitnot in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=79617 - - Reviewed by Sam Weinig. - - Remove op_bitnop - this is redundant, ~x === x^-1. - This is a fractional (<1%) progression. - - Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X). - Remove CanReuse from the result type - this was unused. - Remove op_bitnot. - - * assembler/MacroAssemblerARM.h: - (MacroAssemblerARM): - (JSC::MacroAssemblerARM::xor32): - * assembler/MacroAssemblerARMv7.h: - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::xor32): - * assembler/MacroAssemblerMIPS.h: - (MacroAssemblerMIPS): - (JSC::MacroAssemblerMIPS::xor32): - * assembler/MacroAssemblerSH4.h: - (MacroAssemblerSH4): - (JSC::MacroAssemblerSH4::xor32): - * assembler/MacroAssemblerX86Common.h: - (MacroAssemblerX86Common): - (JSC::MacroAssemblerX86Common::xor32): - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecompiler/NodesCodegen.cpp: - (JSC): - (JSC::BitwiseNotNode::emitBytecode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - * jit/JIT.h: - (JIT): - * jit/JITArithmetic32_64.cpp: - (JSC): - * jit/JITOpcodes.cpp: - (JSC): - * jit/JITStubs.cpp: - (JSC): - * jit/JITStubs.h: - * llint/LLIntSlowPaths.cpp: - (LLInt): - * llint/LLIntSlowPaths.h: - (LLInt): - * llint/LowLevelInterpreter32_64.asm: - * parser/NodeConstructors.h: - (JSC::NegateNode::NegateNode): - (JSC::BitwiseNotNode::BitwiseNotNode): - (JSC::MultNode::MultNode): - (JSC::DivNode::DivNode): - (JSC::ModNode::ModNode): - (JSC::SubNode::SubNode): - (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode): - * parser/Nodes.h: - (BitwiseNotNode): - (JSC::BitwiseNotNode::expr): - (JSC): - * parser/ResultType.h: - (ResultType): - (JSC::ResultType::numberTypeIsInt32): - (JSC::ResultType::stringOrNumberType): - (JSC::ResultType::forAdd): - (JSC::ResultType::forBitOp): - -2012-02-27 Michael Saboff - - Error check regexp min quantifier - https://bugs.webkit.org/show_bug.cgi?id=70648 - - Reviewed by Gavin Barraclough. - - Added checking for min or only quantifier being UINT_MAX. - When encountered this becomes a SyntaxError during parsing. - - * yarr/YarrParser.h: - (JSC::Yarr::Parser::parseQuantifier): - (JSC::Yarr::Parser::parse): - (Parser): - -2012-02-27 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing files. - -2012-02-26 Hajime Morrita - - Move ChromeClient::showContextMenu() to ContextMenuClient - https://bugs.webkit.org/show_bug.cgi?id=79427 - - Reviewed by Adam Barth. - - Added ACCESSIBILITY_CONTEXT_MENUS. - - * wtf/Platform.h: - -2012-02-26 Filip Pizlo - - LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG - https://bugs.webkit.org/show_bug.cgi?id=79616 - - Reviewed by Oliver Hunt. - - Guard against the fact that in JSVALUE64, JSValue().isCell() == true. - - * dfg/DFGAbstractValue.h: - (JSC::DFG::AbstractValue::validate): - -2012-02-26 Filip Pizlo - - DFG should support activations and nested functions - https://bugs.webkit.org/show_bug.cgi?id=79554 - - Reviewed by Sam Weinig. - - Fix 32-bit. The 32-bit function+activation code had some really weird - register reuse bugs. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-26 Filip Pizlo - - Getting the instruction stream for a code block should not require two loads - https://bugs.webkit.org/show_bug.cgi?id=79608 - - Reviewed by Sam Weinig. - - Introduced the RefCountedArray class, which contains a single inline pointer - to a ref-counted non-resizeable vector backing store. This satisfies the - requirements of CodeBlock, which desires the ability to share instruction - streams with other CodeBlocks. It also reduces the number of loads required - for getting the instruction stream by one. - - This patch also gets rid of the bytecode discarding logic, since we don't - use it anymore and it's unlikely to ever work right with DFG or LLInt. And - I didn't feel like porting dead code to use RefCountedArray. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/CodeBlock.cpp: - (JSC::instructionOffsetForNth): - (JSC::CodeBlock::dump): - (JSC::CodeBlock::CodeBlock): - (JSC::CodeBlock::finalizeUnconditionally): - (JSC::CodeBlock::handlerForBytecodeOffset): - (JSC::CodeBlock::lineNumberForBytecodeOffset): - (JSC::CodeBlock::expressionRangeForBytecodeOffset): - (JSC::CodeBlock::shrinkToFit): - * bytecode/CodeBlock.h: - (CodeBlock): - (JSC::CodeBlock::numberOfInstructions): - (JSC::CodeBlock::instructions): - (JSC::CodeBlock::instructionCount): - (JSC::CodeBlock::valueProfileForBytecodeOffset): - (JSC): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::Label::setLocation): - (JSC): - (JSC::BytecodeGenerator::generate): - (JSC::BytecodeGenerator::newLabel): - * bytecompiler/BytecodeGenerator.h: - (JSC): - (BytecodeGenerator): - (JSC::BytecodeGenerator::instructions): - * bytecompiler/Label.h: - (JSC::Label::Label): - (Label): - * dfg/DFGByteCodeCache.h: - (JSC::DFG::ByteCodeCache::~ByteCodeCache): - (JSC::DFG::ByteCodeCache::get): - * jit/JITExceptions.cpp: - (JSC::genericThrow): - * llint/LowLevelInterpreter32_64.asm: - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::codeBlockWithBytecodeFor): - (JSC::FunctionExecutable::produceCodeBlockFor): - * wtf/RefCountedArray.h: Added. - (WTF): - (RefCountedArray): - (WTF::RefCountedArray::RefCountedArray): - (WTF::RefCountedArray::operator=): - (WTF::RefCountedArray::~RefCountedArray): - (WTF::RefCountedArray::size): - (WTF::RefCountedArray::data): - (WTF::RefCountedArray::begin): - (WTF::RefCountedArray::end): - (WTF::RefCountedArray::at): - (WTF::RefCountedArray::operator[]): - (Header): - (WTF::RefCountedArray::Header::size): - (WTF::RefCountedArray::Header::payload): - (WTF::RefCountedArray::Header::fromPayload): - * wtf/Platform.h: - -2012-02-26 Yusuke Suzuki - - StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name - https://bugs.webkit.org/show_bug.cgi?id=79571 - - Reviewed by Gavin Barraclough. - - * parser/ASTBuilder.h: - (JSC::ASTBuilder::createGetterOrSetterProperty): - * parser/Parser.cpp: - (JSC::::parseProperty): - * parser/SyntaxChecker.h: - (JSC::SyntaxChecker::createGetterOrSetterProperty): - -2012-02-26 Mark Hahnenberg - - Implement fast path for op_new_array in the baseline JIT - https://bugs.webkit.org/show_bug.cgi?id=78612 - - Reviewed by Filip Pizlo. - - heap/CopiedAllocator.h: - (CopiedAllocator): Friended the JIT to allow access to m_currentOffset. - * heap/CopiedSpace.h: - (CopiedSpace): Friended the JIT to allow access to isOversize. - (JSC::CopiedSpace::allocator): - * heap/Heap.h: - (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT - can use it for simple allocation i.e. when we can just bump the offset without having to - do anything else. - * jit/JIT.cpp: - (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when - we have to bail out because the fast allocation path fails for whatever reason. - * jit/JIT.h: - (JIT): - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to - allocate generic backing stores. This function is used by emitAllocateJSArray. - (JSC): - (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to - more easily allocate JSArrays. This function is used by emit_op_new_array and I expect - it will also be used for emit_op_new_array_buffer. - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does - a stub call for oversize arrays. - (JSC): - (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we - fail in any way on the fast path. - * runtime/JSArray.cpp: - (JSC): - * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to - initialize in the JIT. - (ArrayStorage): - (JSC::ArrayStorage::lengthOffset): - (JSC::ArrayStorage::numValuesInVectorOffset): - (JSC::ArrayStorage::allocBaseOffset): - (JSC::ArrayStorage::vectorOffset): - (JSArray): - (JSC::JSArray::sparseValueMapOffset): - (JSC::JSArray::subclassDataOffset): - (JSC::JSArray::indexBiasOffset): - (JSC): - (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file - to being a static function in the JSArray class. This move allows the JIT to call it to - see what size it should allocate. - -2012-02-26 Patrick Gansterer - - Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681. - - * interpreter/Interpreter.cpp: - (JSC::getLineNumberForCallFrame): - (JSC::Interpreter::getStackTrace): - -2012-02-26 Patrick Gansterer - - Unreviewed. Build fix for !ENABLE(JIT) after r108681. - - * interpreter/Interpreter.cpp: - (JSC::getLineNumberForCallFrame): - -2012-02-25 Filip Pizlo - - LLInt assembly file should be split into 32-bit and 64-bit parts - https://bugs.webkit.org/show_bug.cgi?id=79584 - - Reviewed by Sam Weinig. - - Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm - the ability to include files, and correctly track dependencies: it restricts - the include mechanism to using the same directory as the source file, and uses - the SHA1 hash of all .asm files in that directory as an input hash. - - * llint/LLIntOfflineAsmConfig.h: - * llint/LowLevelInterpreter.asm: - * llint/LowLevelInterpreter32_64.asm: Added. - - This is just the entire contents of what was previously LowLevelInterpreter.asm - * llint/LowLevelInterpreter64.asm: Added. - * offlineasm/asm.rb: - * offlineasm/ast.rb: - * offlineasm/generate_offset_extractor.rb: - * offlineasm/parser.rb: - * offlineasm/self_hash.rb: - -2012-02-25 Filip Pizlo - - Offlineasm should support X86_64 - https://bugs.webkit.org/show_bug.cgi?id=79581 - - Reviewed by Oliver Hunt. - - * llint/LLIntOfflineAsmConfig.h: - * offlineasm/backends.rb: - * offlineasm/instructions.rb: - * offlineasm/settings.rb: - * offlineasm/x86.rb: - -2012-02-25 Filip Pizlo - - DFG should support activations and nested functions - https://bugs.webkit.org/show_bug.cgi?id=79554 - - Reviewed by Oliver Hunt. - - Wrote the simplest possible implementation of activations. Big speed-up on - code that uses activations, no speed-up on major benchmarks (SunSpider, V8, - Kraken) because they do not appear to have sufficient coverage over code - that uses activations. - - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionFromValue): - * bytecode/PredictedType.h: - (JSC): - (JSC::isEmptyPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::ByteCodeParser): - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - (JSC::DFG::canInlineOpcode): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::needsActivation): - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::Node::storageAccessDataIndex): - (Node): - (JSC::DFG::Node::hasFunctionDeclIndex): - (JSC::DFG::Node::functionDeclIndex): - (JSC::DFG::Node::hasFunctionExprIndex): - (JSC::DFG::Node::functionExprIndex): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): - (DFG): - (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-25 Benjamin Poulain - - Add an empty skeleton of KURL for WTFURL - https://bugs.webkit.org/show_bug.cgi?id=78990 - - Reviewed by Adam Barth. - - * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL - so that can use them in WebCore. - -2012-02-25 Filip Pizlo - - Unreviewed, fix build for DFG disabled and LLInt enabled. - - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * llint/LLIntSlowPaths.cpp: - (LLInt): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - -2012-02-25 Mark Hahnenberg - - Fix the CopiedBlock offset alignment in a cross platform fashion - https://bugs.webkit.org/show_bug.cgi?id=79556 - - Reviewed by Filip Pizlo. - - Replaced m_payload with a payload() method that calculates the offset - of the payload with the proper alignment. This change allows us to - avoid alignment-related issues in a cross-platform manner. - - * heap/CopiedAllocator.h: - (JSC::CopiedAllocator::currentUtilization): - * heap/CopiedBlock.h: - (JSC::CopiedBlock::CopiedBlock): - (JSC::CopiedBlock::payload): - (CopiedBlock): - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::doneFillingBlock): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::borrowBlock): - (JSC::CopiedSpace::allocateFromBlock): - -2012-02-24 Michael Saboff - - Unreviewed, Windows build fix. Changed signature in export to match - change made in r108858. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-24 Filip Pizlo - - DFG support for op_new_regexp should be enabled - https://bugs.webkit.org/show_bug.cgi?id=79538 - - Reviewed by Oliver Hunt. - - No performance change. - - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * dfg/DFGCommon.h: - -2012-02-24 Michael Saboff - - ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked - https://bugs.webkit.org/show_bug.cgi?id=73728 - - Reviewed by Gavin Barraclough. - - Fixed the mixing of signed and unsigned character indeces in YARR - interpreter. - - * runtime/RegExp.cpp: - (JSC::RegExp::match): Added code to check for match longer than 2^31 and - return no match after resetting the offsets. - * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index - handling except when matching back references. - (JSC::Yarr::Interpreter::InputStream::readChecked): - (JSC::Yarr::Interpreter::InputStream::checkInput): - (JSC::Yarr::Interpreter::InputStream::uncheckInput): - (JSC::Yarr::Interpreter::InputStream::atStart): - (JSC::Yarr::Interpreter::InputStream::atEnd): - (JSC::Yarr::Interpreter::InputStream::isAvailableInput): - (JSC::Yarr::Interpreter::checkCharacter): - (JSC::Yarr::Interpreter::checkCasedCharacter): - (JSC::Yarr::Interpreter::checkCharacterClass): - (JSC::Yarr::Interpreter::tryConsumeBackReference): - (JSC::Yarr::Interpreter::matchAssertionBOL): - (JSC::Yarr::Interpreter::matchAssertionWordBoundary): - (JSC::Yarr::Interpreter::backtrackPatternCharacter): - (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter): - (JSC::Yarr::Interpreter::matchCharacterClass): - (JSC::Yarr::Interpreter::backtrackCharacterClass): - (JSC::Yarr::Interpreter::matchParenthesesOnceBegin): - (JSC::Yarr::Interpreter::matchDisjunction): - (JSC::Yarr::Interpreter::interpret): - (JSC::Yarr::ByteCompiler::assertionBOL): - (JSC::Yarr::ByteCompiler::assertionEOL): - (JSC::Yarr::ByteCompiler::assertionWordBoundary): - (JSC::Yarr::ByteCompiler::atomPatternCharacter): - (JSC::Yarr::ByteCompiler::atomCharacterClass): - (JSC::Yarr::ByteCompiler::atomBackReference): - (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin): - (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin): - (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin): - (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd): - (JSC::Yarr::ByteCompiler::emitDisjunction): - * yarr/YarrInterpreter.h: - -2012-02-24 Filip Pizlo - - Unreviewed, build fix for builds where the DFG is disabled but the LLInt is - enabled. - - * llint/LLIntOfflineAsmConfig.h: - * llint/LowLevelInterpreter.asm: - -2012-02-24 Filip Pizlo - - DFG should be able to handle variables getting captured - https://bugs.webkit.org/show_bug.cgi?id=79469 - - Reviewed by Oliver Hunt. - - Made captured variables work by placing a Flush on the SetLocal and - forcing the emission of the GetLocal even if copy propagation tells us - who has the value. - - Changed the CFA and various prediction codes to understand that we can't - really prove anything about captured variables. Well, we could in the - future by just looking at what side effects are happening, but in this - first cut we just assume that we can't reason about captured variables. - - Also added a mode where the DFG pretends that all variables and arguments - got captured. Used this mode to harden the code. - - This is performance neutral. Capturing all variables is a slow down, but - not too big of one. This seems to predict that when we add activation - support, the amount of speed benefit we'll get from increased coverage - will far outweigh the pessimism that we'll have to endure for captured - variables. - - * bytecode/CodeType.h: - (JSC::codeTypeToString): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::endBasicBlock): - (JSC::DFG::AbstractState::execute): - (JSC::DFG::AbstractState::merge): - * dfg/DFGAbstractState.h: - (AbstractState): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::setLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::setArgument): - (JSC::DFG::ByteCodeParser::flushArgument): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::processPhiStack): - (JSC::DFG::ByteCodeParser::parseCodeBlock): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGCapabilities.h: - (JSC::DFG::mightInlineFunctionForCall): - (JSC::DFG::mightInlineFunctionForConstruct): - * dfg/DFGCommon.h: - * dfg/DFGGraph.h: - (JSC::DFG::Graph::needsActivation): - (Graph): - (JSC::DFG::Graph::argumentIsCaptured): - (JSC::DFG::Graph::localIsCaptured): - (JSC::DFG::Graph::isCaptured): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldGenerate): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): - * dfg/DFGSpeculativeJIT.cpp: - (DFG): - (JSC::DFG::ValueSource::dump): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT.h: - (ValueSource): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-02-24 Gavin Barraclough - - Should not allow malformed \x escapes - https://bugs.webkit.org/show_bug.cgi?id=79462 - - Reviewed by Oliver Hunt. - - * parser/Lexer.cpp: - (JSC::::parseString): - (JSC::::parseStringSlowCase): - - Prohibit malformed '\x' escapes - * tests/mozilla/ecma/Array/15.4.5.1-1.js: - * tests/mozilla/ecma/LexicalConventions/7.7.4.js: - * tests/mozilla/ecma_2/RegExp/hex-001.js: - * tests/mozilla/js1_2/regexp/hexadecimal.js: - - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik). - -2012-02-24 Daniel Bates - - Fix change log entry for changeset r108819; add bug URL - https://bugs.webkit.org/show_bug.cgi?id=79504 - - Changeset r108819 is associated with bug #79504. - - * ChangeLog - -2012-02-24 Daniel Bates - - Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp - https://bugs.webkit.org/show_bug.cgi?id=79504 - - Reviewed by Oliver Hunt. - - There are a few places in Interpreter.cpp that need to be updated to use - ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to - ENABLE_CLASSIC_INTERPRETER in changeset - (https://bugs.webkit.org/show_bug.cgi?id=78791). - - * interpreter/Interpreter.cpp: - (JSC::getLineNumberForCallFrame): - (JSC::getCallerInfo): - (JSC::getSourceURLFromCallFrame): - -2012-02-24 Adam Roben - - Undo the BUILDING_WTF part of r108808 - - This broke the build, which is obviously worse than the linker warning it was trying to - solve. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - -2012-02-24 Adam Roben - - Fix linker warnings on Windows - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already - exported via JS_EXPORTDATA. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We - aren't actually building WTF, but we are statically linking it, so we need to define this - symbol so that we export WTF's exports. - -2012-02-24 Philippe Normand - - Fix GTK WebAudio build for WebKitGTK 1.7.90. - - Patch by Priit Laes on 2012-02-24 - Rubber-stamped by Philippe Normand. - - * GNUmakefile.list.am: Add Complex.h to the list of files so it - gets disted in the tarballs. - -2012-02-24 Zoltan Herczeg - - [Qt] Buildfix for "Zero out CopiedBlocks on initialization". - https://bugs.webkit.org/show_bug.cgi?id=79199 - - Ruber stamped by Csaba Osztrogonác. - - Temporary fix since the new member wastes a little space on - 64 bit systems. Although it is harmless, it is only needed - for 32 bit systems. - - * heap/CopiedBlock.h: - (CopiedBlock): - -2012-02-24 Han Hojong - - Remove useless jump instructions for short circuit - https://bugs.webkit.org/show_bug.cgi?id=75602 - - Reviewed by Michael Saboff. - - Jump instruction is inserted to make short circuit, - however it does nothing but moving to the next instruction. - Therefore useless jump instructions are removed, - and jump list is moved into the case not for a short circuit, - so that only necessary instructions are added to JIT code - unless it has a 16 bit pattern character and an 8 bit string. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): - (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): - -2012-02-24 Sheriff Bot - - Unreviewed, rolling out r108731. - http://trac.webkit.org/changeset/108731 - https://bugs.webkit.org/show_bug.cgi?id=79464 - - Broke Chromium Win tests (Requested by bashi on #webkit). - - * wtf/Platform.h: - -2012-02-24 Andrew Lo - - [BlackBerry] Enable requestAnimationFrame - https://bugs.webkit.org/show_bug.cgi?id=79408 - - Use timer implementation of requestAnimationFrame on BlackBerry. - - Reviewed by Rob Buis. - - * wtf/Platform.h: - -2012-02-24 Mathias Bynens - - `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5 - https://bugs.webkit.org/show_bug.cgi?id=78908 - - Add additional checks for zero-width non-joiner (0x200C) and - zero-width joiner (0x200D) characters. - - Reviewed by Michael Saboff. - - * parser/Lexer.cpp: - (JSC::isNonASCIIIdentPart) - * runtime/LiteralParser.cpp: - (JSC::::Lexer::lexIdentifier) - -2012-02-23 Kenichi Ishibashi - - Adding WebSocket per-frame DEFLATE extension - https://bugs.webkit.org/show_bug.cgi?id=77522 - - Added USE(ZLIB) flag. - - Reviewed by Kent Tamura. - - * wtf/Platform.h: - -2012-02-23 Mark Hahnenberg - - Zero out CopiedBlocks on initialization - https://bugs.webkit.org/show_bug.cgi?id=79199 - - Reviewed by Filip Pizlo. - - Made CopyBlocks zero their payloads during construction. This allows - JSArray to avoid having to manually clear its backing store upon allocation - and also alleviates any future pain with regard to the garbage collector trying - to mark what it thinks are values in what is actually uninitialized memory. - - * heap/CopiedBlock.h: - (JSC::CopiedBlock::CopiedBlock): - * runtime/JSArray.cpp: - (JSC::JSArray::finishCreation): - (JSC::JSArray::tryFinishCreationUninitialized): - (JSC::JSArray::increaseVectorLength): - (JSC::JSArray::unshiftCountSlowCase): - -2012-02-23 Oliver Hunt - - Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided - https://bugs.webkit.org/show_bug.cgi?id=79407 - - Reviewed by Gavin Barraclough. - - Outside of exception handling, we don't know what our source line number is. This - change allows us to pass -1 is as the initial line number, and get the correct line - number in the resultant stack trace. We can't completely elide the initial line - number (yet) due to some idiosyncrasies of the exception handling machinery. - - * interpreter/Interpreter.cpp: - (JSC::getLineNumberForCallFrame): - (JSC): - (JSC::Interpreter::getStackTrace): - -2012-02-22 Filip Pizlo - - DFG OSR exit value profiling should have graceful handling of local variables and arguments - https://bugs.webkit.org/show_bug.cgi?id=79310 - - Reviewed by Gavin Barraclough. - - Previously, if we OSR exited because a prediction in a local was wrong, we'd - only realize what the true type of the local was if the regular value profiling - kicked in and told us. Unless the local was block-locally copy propagated, in - which case we'd know from an OSR exit profile. - - This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR - exit because of a mispredicted local or argument type, we'll know what the type of - the local or argument should be immediately upon exiting. - - The way that local variable OSR exit profiling works is that we now have a lazily - added set of OSR-exit-only value profiles for exit sites that are BadType and that - cited a GetLocal as their value source. The value profiles are only added if the - OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and - operand. The look-up is performed by querying the - CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains - the bytecode index and the operand. Because the value profiles are added at random - times, they are not sorted; instead they are just stored in an arbitrarily-ordered - SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser - creates a LazyOperandValueProfileParser, which turns the - CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration - of DFG parsing. - - Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket - into which values observed during OSR exit would be placed. Now it uses a lazy - thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may - either contain a ValueProfile inside it (which works for previous uses of OSR exit - profiling) or it may just have knowledge of how to go about creating the - LazyOperandValueProfile in the case that the OSR exit is actually taken. This - ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks - value profiling buckets unless we actually did OSR exit on every single operand, - in every single instruction, in each code block (that's probably unlikely). - - This appears to be neutral on the major benchmarks, but is a double-digit speed-up - on code deliberately written to have data flow that spans basic blocks and where - the code exhibits post-optimization polymorphism in a local variable. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::stronglyVisitStrongReferences): - * bytecode/CodeBlock.h: - (CodeBlock): - (JSC::CodeBlock::lazyOperandValueProfiles): - * bytecode/LazyOperandValueProfile.cpp: Added. - (JSC): - (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder): - (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder): - (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions): - (JSC::CompressedLazyOperandValueProfileHolder::add): - (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser): - (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser): - (JSC::LazyOperandValueProfileParser::getIfPresent): - (JSC::LazyOperandValueProfileParser::prediction): - * bytecode/LazyOperandValueProfile.h: Added. - (JSC): - (LazyOperandValueProfileKey): - (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey): - (JSC::LazyOperandValueProfileKey::operator!): - (JSC::LazyOperandValueProfileKey::operator==): - (JSC::LazyOperandValueProfileKey::hash): - (JSC::LazyOperandValueProfileKey::bytecodeOffset): - (JSC::LazyOperandValueProfileKey::operand): - (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue): - (JSC::LazyOperandValueProfileKeyHash::hash): - (JSC::LazyOperandValueProfileKeyHash::equal): - (LazyOperandValueProfileKeyHash): - (WTF): - (JSC::LazyOperandValueProfile::LazyOperandValueProfile): - (LazyOperandValueProfile): - (JSC::LazyOperandValueProfile::key): - (CompressedLazyOperandValueProfileHolder): - (LazyOperandValueProfileParser): - * bytecode/MethodOfGettingAValueProfile.cpp: Added. - (JSC): - (JSC::MethodOfGettingAValueProfile::fromLazyOperand): - (JSC::MethodOfGettingAValueProfile::getSpecFailBucket): - * bytecode/MethodOfGettingAValueProfile.h: Added. - (JSC): - (MethodOfGettingAValueProfile): - (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile): - (JSC::MethodOfGettingAValueProfile::operator!): - * bytecode/ValueProfile.cpp: Removed. - * bytecode/ValueProfile.h: - (JSC): - (ValueProfileBase): - (JSC::ValueProfileBase::ValueProfileBase): - (JSC::ValueProfileBase::dump): - (JSC::ValueProfileBase::computeUpdatedPrediction): - (JSC::MinimalValueProfile::MinimalValueProfile): - (ValueProfileWithLogNumberOfBuckets): - (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets): - (JSC::ValueProfile::ValueProfile): - (JSC::getValueProfileBytecodeOffset): - (JSC::getRareCaseProfileBytecodeOffset): - * dfg/DFGByteCodeParser.cpp: - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction): - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (InlineStackEntry): - (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions): - (DFG): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::valueProfileFor): - (JSC::DFG::Graph::methodOfGettingAValueProfileFor): - (Graph): - * dfg/DFGNode.h: - (Node): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::OSRExit): - * dfg/DFGOSRExit.h: - (OSRExit): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGPhase.cpp: - (JSC::DFG::Phase::beginPhase): - (JSC::DFG::Phase::endPhase): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::speculationCheck): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::nonUnifiedPrediction): - (VariableAccessData): - -2012-02-23 Filip Pizlo - - Build fix. - - * llint/LLIntOffsetsExtractor.cpp: - -2012-02-23 Kevin Ollivier - - [wx] Build fix, disable LLINT for now and fix ENABLE defines for it. - - * llint/LLIntOffsetsExtractor.cpp: - * wtf/Platform.h: - -2012-02-23 Kevin Ollivier - - [wx] Build fix for non-Mac wx builds. - - * runtime/DatePrototype.cpp: - -2012-02-22 Filip Pizlo - - DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment - https://bugs.webkit.org/show_bug.cgi?id=79334 - - Reviewed by Oliver Hunt. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::flush): - -2012-02-23 Gavin Barraclough - - Object.isSealed / Object.isFrozen don't work for native objects - https://bugs.webkit.org/show_bug.cgi?id=79331 - - Reviewed by Sam Weinig. - - Need to inspect all properties, including static ones. - This exposes a couple of bugs in Array & Arguments: - - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length. - - Arguments object's defineOwnProperty does not handle callee/caller/length correctly. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - - Add handling for callee/caller/length. - * runtime/JSArray.cpp: - (JSC::JSArray::getOwnPropertyDescriptor): - - report length's writability correctly. - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorSeal): - (JSC::objectConstructorFreeze): - (JSC::objectConstructorIsSealed): - (JSC::objectConstructorIsFrozen): - - Add spec-based implementation for non-final objects. - -2012-02-23 Gavin Barraclough - - pop of array hole should get from the prototype chain - https://bugs.webkit.org/show_bug.cgi?id=79338 - - Reviewed by Sam Weinig. - - * runtime/JSArray.cpp: - (JSC::JSArray::pop): - - If the fast fast vector case fails, more closely follow the spec. - -2012-02-23 Yong Li - - JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope() - https://bugs.webkit.org/show_bug.cgi?id=79268 - - Reviewed by Michael Saboff. - - resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory() - after it fails to allocate a buffer for m_value. So outOfMemory() should assert - isRope() rather than !isRope(). - - * runtime/JSString.cpp: - (JSC::JSString::outOfMemory): - -2012-02-23 Patrick Gansterer - - [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro - https://bugs.webkit.org/show_bug.cgi?id=79371 - - Reviewed by Daniel Bates. - - * CMakeLists.txt: - * shell/CMakeLists.txt: - * wtf/CMakeLists.txt: - -2012-02-23 Aron Rosenberg - - Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer. - https://bugs.webkit.org/show_bug.cgi?id=76210 - - Add compile time check for Visual Studio 2005 or newer. - - Reviewed by Simon Hausmann. - - * os-win32/inttypes.h: - -2012-02-22 Gavin Barraclough - - Implement [[DefineOwnProperty]] for the arguments object - https://bugs.webkit.org/show_bug.cgi?id=79309 - - Reviewed by Sam Weinig. - - * runtime/Arguments.cpp: - (JSC::Arguments::deletePropertyByIndex): - (JSC::Arguments::deleteProperty): - - Deleting an argument should also delete the copy on the object, if any. - (JSC::Arguments::defineOwnProperty): - - Defining a property may override the live mapping. - * runtime/Arguments.h: - (Arguments): - -2012-02-22 Gavin Barraclough - - Fix Object.freeze for non-final objects. - https://bugs.webkit.org/show_bug.cgi?id=79286 - - Reviewed by Oliver Hunt. - - For vanilla objects we implement this with a single transition, for objects - with special properties we should just follow the spec defined algorithm. - - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::put): - - this does need to handle inextensible objects. - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorSeal): - (JSC::objectConstructorFreeze): - - Implement spec defined algorithm for non-final objects. - * runtime/Structure.cpp: - (JSC::Structure::Structure): - (JSC::Structure::freezeTransition): - - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto. - * runtime/Structure.h: - (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): - (JSC::Structure::setHasGetterSetterProperties): - (JSC::Structure::setContainsReadOnlyProperties): - (Structure): - - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto. - -2012-02-22 Mark Hahnenberg - - Allocations from CopiedBlocks should always be 8-byte aligned - https://bugs.webkit.org/show_bug.cgi?id=79271 - - Reviewed by Geoffrey Garen. - - * heap/CopiedAllocator.h: - (JSC::CopiedAllocator::allocate): - * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always - guaranteed to be 8 byte aligned on both 64- and 32-bit platforms. - (CopiedBlock): - * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned. - (JSC::CopiedSpace::tryAllocateOversize): - (JSC::CopiedSpace::getFreshBlock): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::allocateFromBlock): - * runtime/JSArray.h: - (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte - aligned on both 64- and 32-bit platforms. - * wtf/StdLibExtras.h: - (WTF::is8ByteAligned): Added new utility function that functions similarly to the - way isPointerAligned does, but it just always checks for 8 byte alignment. - (WTF): - -2012-02-22 Sheriff Bot - - Unreviewed, rolling out r108456. - http://trac.webkit.org/changeset/108456 - https://bugs.webkit.org/show_bug.cgi?id=79223 - - Broke fast/regex/pcre-test-4.html and cannot find anyone on - IRC (Requested by zherczeg on #webkit). - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): - -2012-02-22 Sheriff Bot - - Unreviewed, rolling out r108468. - http://trac.webkit.org/changeset/108468 - https://bugs.webkit.org/show_bug.cgi?id=79219 - - Broke Chromium Win release build (Requested by bashi on - #webkit). - - * wtf/Platform.h: - -2012-02-22 Kenichi Ishibashi - - Adding WebSocket per-frame DEFLATE extension - https://bugs.webkit.org/show_bug.cgi?id=77522 - - Added USE(ZLIB) flag. - - Reviewed by Kent Tamura. - - * wtf/Platform.h: - -2012-02-22 Hojong Han - - Short circuit fixed for a 16 bt pattern character and an 8 bit string. - https://bugs.webkit.org/show_bug.cgi?id=75602 - - Reviewed by Gavin Barraclough. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): - -2012-02-21 Filip Pizlo - - Build fix for systems with case sensitive disks. - - * llint/LLIntOfflineAsmConfig.h: - -2012-02-21 Filip Pizlo - - JSC should be a triple-tier VM - https://bugs.webkit.org/show_bug.cgi?id=75812 - - - Reviewed by Gavin Barraclough. - - Implemented an interpreter that uses the JIT's calling convention. This - interpreter is called LLInt, or the Low Level Interpreter. JSC will now - will start by executing code in LLInt and will only tier up to the old - JIT after the code is proven hot. - - LLInt is written in a modified form of our macro assembly. This new macro - assembly is compiled by an offline assembler (see offlineasm), which - implements many modern conveniences such as a Turing-complete CPS-based - macro language and direct access to relevant C++ type information - (basically offsets of fields and sizes of structs/classes). - - Code executing in LLInt appears to the rest of the JSC world "as if" it - were executing in the old JIT. Hence, things like exception handling and - cross-execution-engine calls just work and require pretty much no - additional overhead. - - This interpreter is 2-2.5x faster than our old interpreter on SunSpider, - V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider, - V8, and Kraken, but appear to get a double-digit improvement on real-world - websites due to a huge reduction in the amount of JIT'ing. - - * CMakeLists.txt: - * GNUmakefile.am: - * GNUmakefile.list.am: - * JavaScriptCore.pri: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * assembler/LinkBuffer.h: - * assembler/MacroAssemblerCodeRef.h: - (MacroAssemblerCodePtr): - (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): - * bytecode/BytecodeConventions.h: Added. - * bytecode/CallLinkStatus.cpp: - (JSC::CallLinkStatus::computeFromLLInt): - (JSC): - (JSC::CallLinkStatus::computeFor): - * bytecode/CallLinkStatus.h: - (JSC::CallLinkStatus::isSet): - (JSC::CallLinkStatus::operator!): - (CallLinkStatus): - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - (JSC::CodeBlock::CodeBlock): - (JSC::CodeBlock::~CodeBlock): - (JSC::CodeBlock::finalizeUnconditionally): - (JSC::CodeBlock::stronglyVisitStrongReferences): - (JSC): - (JSC::CodeBlock::unlinkCalls): - (JSC::CodeBlock::unlinkIncomingCalls): - (JSC::CodeBlock::bytecodeOffset): - (JSC::ProgramCodeBlock::jettison): - (JSC::EvalCodeBlock::jettison): - (JSC::FunctionCodeBlock::jettison): - (JSC::ProgramCodeBlock::jitCompileImpl): - (JSC::EvalCodeBlock::jitCompileImpl): - (JSC::FunctionCodeBlock::jitCompileImpl): - * bytecode/CodeBlock.h: - (JSC): - (CodeBlock): - (JSC::CodeBlock::baselineVersion): - (JSC::CodeBlock::linkIncomingCall): - (JSC::CodeBlock::bytecodeOffset): - (JSC::CodeBlock::jitCompile): - (JSC::CodeBlock::hasOptimizedReplacement): - (JSC::CodeBlock::addPropertyAccessInstruction): - (JSC::CodeBlock::addGlobalResolveInstruction): - (JSC::CodeBlock::addLLIntCallLinkInfo): - (JSC::CodeBlock::addGlobalResolveInfo): - (JSC::CodeBlock::numberOfMethodCallLinkInfos): - (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): - (JSC::CodeBlock::likelyToTakeSlowCase): - (JSC::CodeBlock::couldTakeSlowCase): - (JSC::CodeBlock::likelyToTakeSpecialFastCase): - (JSC::CodeBlock::likelyToTakeDeepestSlowCase): - (JSC::CodeBlock::likelyToTakeAnySlowCase): - (JSC::CodeBlock::addFrequentExitSite): - (JSC::CodeBlock::dontJITAnytimeSoon): - (JSC::CodeBlock::jitAfterWarmUp): - (JSC::CodeBlock::jitSoon): - (JSC::CodeBlock::llintExecuteCounter): - (ProgramCodeBlock): - (EvalCodeBlock): - (FunctionCodeBlock): - * bytecode/GetByIdStatus.cpp: - (JSC::GetByIdStatus::computeFromLLInt): - (JSC): - (JSC::GetByIdStatus::computeFor): - * bytecode/GetByIdStatus.h: - (JSC::GetByIdStatus::GetByIdStatus): - (JSC::GetByIdStatus::wasSeenInJIT): - (GetByIdStatus): - * bytecode/Instruction.h: - (JSC): - (JSC::Instruction::Instruction): - (Instruction): - * bytecode/LLIntCallLinkInfo.h: Added. - (JSC): - (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo): - (LLIntCallLinkInfo): - (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo): - (JSC::LLIntCallLinkInfo::isLinked): - (JSC::LLIntCallLinkInfo::unlink): - * bytecode/MethodCallLinkStatus.cpp: - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/Opcode.cpp: - (JSC): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecode/PutByIdStatus.cpp: - (JSC::PutByIdStatus::computeFromLLInt): - (JSC): - (JSC::PutByIdStatus::computeFor): - * bytecode/PutByIdStatus.h: - (PutByIdStatus): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitGetById): - (JSC::BytecodeGenerator::emitPutById): - (JSC::BytecodeGenerator::emitDirectPutById): - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitConstruct): - (JSC::BytecodeGenerator::emitCatch): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOperations.cpp: - * heap/Heap.h: - (JSC): - (JSC::Heap::firstAllocatorWithoutDestructors): - (Heap): - * heap/MarkStack.cpp: - (JSC::visitChildren): - * heap/MarkedAllocator.h: - (JSC): - (MarkedAllocator): - * heap/MarkedSpace.h: - (JSC): - (MarkedSpace): - (JSC::MarkedSpace::firstAllocator): - * interpreter/CallFrame.cpp: - (JSC): - (JSC::CallFrame::bytecodeOffsetForNonDFGCode): - (JSC::CallFrame::setBytecodeOffsetForNonDFGCode): - (JSC::CallFrame::currentVPC): - (JSC::CallFrame::setCurrentVPC): - (JSC::CallFrame::trueCallerFrame): - * interpreter/CallFrame.h: - (JSC::ExecState::hasReturnPC): - (JSC::ExecState::clearReturnPC): - (ExecState): - (JSC::ExecState::bytecodeOffsetForNonDFGCode): - (JSC::ExecState::currentVPC): - (JSC::ExecState::setCurrentVPC): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::Interpreter): - (JSC::Interpreter::~Interpreter): - (JSC): - (JSC::Interpreter::initialize): - (JSC::Interpreter::isOpcode): - (JSC::Interpreter::unwindCallFrame): - (JSC::getCallerInfo): - (JSC::Interpreter::privateExecute): - (JSC::Interpreter::retrieveLastCaller): - * interpreter/Interpreter.h: - (JSC): - (Interpreter): - (JSC::Interpreter::getOpcode): - (JSC::Interpreter::getOpcodeID): - (JSC::Interpreter::classicEnabled): - * interpreter/RegisterFile.h: - (JSC): - (RegisterFile): - * jit/ExecutableAllocator.h: - (JSC): - * jit/HostCallReturnValue.cpp: Added. - (JSC): - (JSC::getHostCallReturnValueWithExecState): - * jit/HostCallReturnValue.h: Added. - (JSC): - (JSC::initializeHostCallReturnValue): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - (JSC::JIT::privateCompile): - * jit/JITCode.h: - (JSC::JITCode::isOptimizingJIT): - (JITCode): - (JSC::JITCode::isBaselineCode): - (JSC::JITCode::JITCode): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * jit/JITExceptions.cpp: - (JSC::jitThrow): - * jit/JITInlineMethods.h: - (JSC::JIT::updateTopCallFrame): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC): - * jit/JITStubs.h: - (JSC): - * jit/JSInterfaceJIT.h: - * llint: Added. - * llint/LLIntCommon.h: Added. - * llint/LLIntData.cpp: Added. - (LLInt): - (JSC::LLInt::Data::Data): - (JSC::LLInt::Data::performAssertions): - (JSC::LLInt::Data::~Data): - * llint/LLIntData.h: Added. - (JSC): - (LLInt): - (Data): - (JSC::LLInt::Data::exceptionInstructions): - (JSC::LLInt::Data::opcodeMap): - (JSC::LLInt::Data::performAssertions): - * llint/LLIntEntrypoints.cpp: Added. - (LLInt): - (JSC::LLInt::getFunctionEntrypoint): - (JSC::LLInt::getEvalEntrypoint): - (JSC::LLInt::getProgramEntrypoint): - * llint/LLIntEntrypoints.h: Added. - (JSC): - (LLInt): - (JSC::LLInt::getEntrypoint): - * llint/LLIntExceptions.cpp: Added. - (LLInt): - (JSC::LLInt::interpreterThrowInCaller): - (JSC::LLInt::returnToThrowForThrownException): - (JSC::LLInt::returnToThrow): - (JSC::LLInt::callToThrow): - * llint/LLIntExceptions.h: Added. - (JSC): - (LLInt): - * llint/LLIntOfflineAsmConfig.h: Added. - * llint/LLIntOffsetsExtractor.cpp: Added. - (JSC): - (LLIntOffsetsExtractor): - (JSC::LLIntOffsetsExtractor::dummy): - (main): - * llint/LLIntSlowPaths.cpp: Added. - (LLInt): - (JSC::LLInt::llint_trace_operand): - (JSC::LLInt::llint_trace_value): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::traceFunctionPrologue): - (JSC::LLInt::shouldJIT): - (JSC::LLInt::entryOSR): - (JSC::LLInt::resolveGlobal): - (JSC::LLInt::getByVal): - (JSC::LLInt::handleHostCall): - (JSC::LLInt::setUpCall): - (JSC::LLInt::genericCall): - * llint/LLIntSlowPaths.h: Added. - (JSC): - (LLInt): - * llint/LLIntThunks.cpp: Added. - (LLInt): - (JSC::LLInt::generateThunkWithJumpTo): - (JSC::LLInt::functionForCallEntryThunkGenerator): - (JSC::LLInt::functionForConstructEntryThunkGenerator): - (JSC::LLInt::functionForCallArityCheckThunkGenerator): - (JSC::LLInt::functionForConstructArityCheckThunkGenerator): - (JSC::LLInt::evalEntryThunkGenerator): - (JSC::LLInt::programEntryThunkGenerator): - * llint/LLIntThunks.h: Added. - (JSC): - (LLInt): - * llint/LowLevelInterpreter.asm: Added. - * llint/LowLevelInterpreter.cpp: Added. - * llint/LowLevelInterpreter.h: Added. - * offlineasm: Added. - * offlineasm/armv7.rb: Added. - * offlineasm/asm.rb: Added. - * offlineasm/ast.rb: Added. - * offlineasm/backends.rb: Added. - * offlineasm/generate_offset_extractor.rb: Added. - * offlineasm/instructions.rb: Added. - * offlineasm/offset_extractor_constants.rb: Added. - * offlineasm/offsets.rb: Added. - * offlineasm/opt.rb: Added. - * offlineasm/parser.rb: Added. - * offlineasm/registers.rb: Added. - * offlineasm/self_hash.rb: Added. - * offlineasm/settings.rb: Added. - * offlineasm/transform.rb: Added. - * offlineasm/x86.rb: Added. - * runtime/CodeSpecializationKind.h: Added. - (JSC): - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): - (CommonSlowPaths): - * runtime/Executable.cpp: - (JSC::jettisonCodeBlock): - (JSC): - (JSC::EvalExecutable::jitCompile): - (JSC::samplingDescription): - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::jitCompile): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::baselineCodeBlockFor): - (JSC::FunctionExecutable::jitCompileForCall): - (JSC::FunctionExecutable::jitCompileForConstruct): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - * runtime/Executable.h: - (JSC): - (EvalExecutable): - (ProgramExecutable): - (FunctionExecutable): - (JSC::FunctionExecutable::jitCompileFor): - * runtime/ExecutionHarness.h: Added. - (JSC): - (JSC::prepareForExecution): - (JSC::prepareFunctionForExecution): - * runtime/JSArray.h: - (JSC): - (JSArray): - * runtime/JSCell.h: - (JSC): - (JSCell): - * runtime/JSFunction.h: - (JSC): - (JSFunction): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSC): - (JSGlobalData): - * runtime/JSGlobalObject.h: - (JSC): - (JSGlobalObject): - * runtime/JSObject.h: - (JSC): - (JSObject): - (JSFinalObject): - * runtime/JSPropertyNameIterator.h: - (JSC): - (JSPropertyNameIterator): - * runtime/JSString.h: - (JSC): - (JSString): - * runtime/JSTypeInfo.h: - (JSC): - (TypeInfo): - * runtime/JSValue.cpp: - (JSC::JSValue::description): - * runtime/JSValue.h: - (LLInt): - (JSValue): - * runtime/JSVariableObject.h: - (JSC): - (JSVariableObject): - * runtime/Options.cpp: - (Options): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - * runtime/ScopeChain.h: - (JSC): - (ScopeChainNode): - * runtime/Structure.cpp: - (JSC::Structure::addPropertyTransition): - * runtime/Structure.h: - (JSC): - (Structure): - * runtime/StructureChain.h: - (JSC): - (StructureChain): - * wtf/InlineASM.h: - * wtf/Platform.h: - * wtf/SentinelLinkedList.h: - (SentinelLinkedList): - (WTF::SentinelLinkedList::isEmpty): - * wtf/text/StringImpl.h: - (JSC): - (StringImpl): - -2012-02-21 Oliver Hunt - - Unbreak double-typed arrays on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=79177 - - Reviewed by Gavin Barraclough. - - The existing code had completely broken address arithmetic. - - * JSCTypedArrayStubs.h: - (JSC): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::storeDouble): - (JSC::MacroAssemblerARMv7::storeFloat): - -2012-02-21 Gavin Barraclough - - Should be able to reconfigure a non-configurable property as read-only - https://bugs.webkit.org/show_bug.cgi?id=79170 - - Reviewed by Sam Weinig. - - See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable, - but does not inhibit making a writable property read-only. - - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSC::JSGlobalData::setInDefineOwnProperty): - (JSGlobalData): - (JSC::JSGlobalData::isInDefineOwnProperty): - - Added flag, tracking whether we are in JSObject::defineOwnProperty. - * runtime/JSObject.cpp: - (JSC::JSObject::deleteProperty): - (DefineOwnPropertyScope): - - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing! - (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope): - (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope): - - Added RAII helper. - (JSC::JSObject::defineOwnProperty): - - Track on the globalData when we are in this method. - -2012-02-21 Oliver Hunt - - Make TypedArrays be available in commandline jsc - https://bugs.webkit.org/show_bug.cgi?id=79163 - - Reviewed by Gavin Barraclough. - - Adds a compile time option to have jsc support a basic implementation - of the TypedArrays available in WebCore. This lets us test the typed - array logic in the JIT witout having to build webcore. - - * JSCTypedArrayStubs.h: Added. - (JSC): - * JavaScriptCore.xcodeproj/project.pbxproj: - * jsc.cpp: - (GlobalObject::finishCreation): - (GlobalObject): - (GlobalObject::addConstructableFunction): - * runtime/JSGlobalData.h: - (JSGlobalData): - -2012-02-21 Tom Sepez - - equalIgnoringNullity() only comparing half the bytes for equality - https://bugs.webkit.org/show_bug.cgi?id=79135 - - Reviewed by Adam Barth. - - * wtf/text/StringImpl.h: - (WTF::equalIgnoringNullity): - -2012-02-21 Roland Takacs - - Unnecessary preprocessor macros in MainThread.h/cpp - https://bugs.webkit.org/show_bug.cgi?id=79083 - - Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro. - - * wtf/MainThread.cpp: - (WTF): - * wtf/MainThread.h: - (WTF): - -2012-02-21 Sam Weinig - - Attempt to fix the Snow Leopard build. - - * Configurations/Base.xcconfig: - -2012-02-21 Sam Weinig - - Use libc++ when building with Clang on Mac - https://bugs.webkit.org/show_bug.cgi?id=78981 - - Reviewed by Dan Bernstein. - - * Configurations/Base.xcconfig: - -2012-02-21 Adam Roben - - Roll out r108309, r108323, and r108326 - - They broke the 32-bit Lion build. - - Original bugs is . - - * CMakeLists.txt: - * GNUmakefile.am: - * GNUmakefile.list.am: - * JavaScriptCore.pri: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * assembler/LinkBuffer.h: - * assembler/MacroAssemblerCodeRef.h: - * bytecode/BytecodeConventions.h: Removed. - * bytecode/CallLinkStatus.cpp: - * bytecode/CallLinkStatus.h: - * bytecode/CodeBlock.cpp: - * bytecode/CodeBlock.h: - * bytecode/GetByIdStatus.cpp: - * bytecode/GetByIdStatus.h: - * bytecode/Instruction.h: - * bytecode/LLIntCallLinkInfo.h: Removed. - * bytecode/MethodCallLinkStatus.cpp: - * bytecode/Opcode.cpp: - * bytecode/Opcode.h: - * bytecode/PutByIdStatus.cpp: - * bytecode/PutByIdStatus.h: - * bytecompiler/BytecodeGenerator.cpp: - * dfg/DFGByteCodeParser.cpp: - * dfg/DFGCapabilities.h: - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOperations.cpp: - * heap/Heap.h: - * heap/MarkStack.cpp: - * heap/MarkedAllocator.h: - * heap/MarkedSpace.h: - * interpreter/CallFrame.cpp: - * interpreter/CallFrame.h: - * interpreter/Interpreter.cpp: - * interpreter/Interpreter.h: - * interpreter/RegisterFile.h: - * jit/ExecutableAllocator.h: - * jit/HostCallReturnValue.cpp: Removed. - * jit/HostCallReturnValue.h: Removed. - * jit/JIT.cpp: - * jit/JITCode.h: - * jit/JITDriver.h: - * jit/JITExceptions.cpp: - * jit/JITInlineMethods.h: - * jit/JITStubs.cpp: - * jit/JITStubs.h: - * jit/JSInterfaceJIT.h: - * llint/LLIntCommon.h: Removed. - * llint/LLIntData.cpp: Removed. - * llint/LLIntData.h: Removed. - * llint/LLIntEntrypoints.cpp: Removed. - * llint/LLIntEntrypoints.h: Removed. - * llint/LLIntExceptions.cpp: Removed. - * llint/LLIntExceptions.h: Removed. - * llint/LLIntOfflineAsmConfig.h: Removed. - * llint/LLIntOffsetsExtractor.cpp: Removed. - * llint/LLIntSlowPaths.cpp: Removed. - * llint/LLIntSlowPaths.h: Removed. - * llint/LLIntThunks.cpp: Removed. - * llint/LLIntThunks.h: Removed. - * llint/LowLevelInterpreter.asm: Removed. - * llint/LowLevelInterpreter.cpp: Removed. - * llint/LowLevelInterpreter.h: Removed. - * offlineasm/armv7.rb: Removed. - * offlineasm/asm.rb: Removed. - * offlineasm/ast.rb: Removed. - * offlineasm/backends.rb: Removed. - * offlineasm/generate_offset_extractor.rb: Removed. - * offlineasm/instructions.rb: Removed. - * offlineasm/offset_extractor_constants.rb: Removed. - * offlineasm/offsets.rb: Removed. - * offlineasm/opt.rb: Removed. - * offlineasm/parser.rb: Removed. - * offlineasm/registers.rb: Removed. - * offlineasm/self_hash.rb: Removed. - * offlineasm/settings.rb: Removed. - * offlineasm/transform.rb: Removed. - * offlineasm/x86.rb: Removed. - * runtime/CodeSpecializationKind.h: Removed. - * runtime/CommonSlowPaths.h: - * runtime/Executable.cpp: - * runtime/Executable.h: - * runtime/ExecutionHarness.h: Removed. - * runtime/JSArray.h: - * runtime/JSCell.h: - * runtime/JSFunction.h: - * runtime/JSGlobalData.cpp: - * runtime/JSGlobalData.h: - * runtime/JSGlobalObject.h: - * runtime/JSObject.h: - * runtime/JSPropertyNameIterator.h: - * runtime/JSString.h: - * runtime/JSTypeInfo.h: - * runtime/JSValue.cpp: - * runtime/JSValue.h: - * runtime/JSVariableObject.h: - * runtime/Options.cpp: - * runtime/Options.h: - * runtime/ScopeChain.h: - * runtime/Structure.cpp: - * runtime/Structure.h: - * runtime/StructureChain.h: - * wtf/InlineASM.h: - * wtf/Platform.h: - * wtf/SentinelLinkedList.h: - * wtf/text/StringImpl.h: - -2012-02-21 Gustavo Noronha Silva and Bob Tracy - - Does not build on IA64, SPARC and Alpha - https://bugs.webkit.org/show_bug.cgi?id=79047 - - Rubber-stamped by Kent Tamura. - - * wtf/dtoa/utils.h: these architectures also have correct double - operations, so add them to the appropriate side of the check. - -2012-02-21 Filip Pizlo - - Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build. - https://bugs.webkit.org/show_bug.cgi?id=75812 - - Reviewed by Csaba Osztrogonác. - - * dfg/DFGOperations.cpp: - (JSC): - * jit/HostCallReturnValue.h: - (JSC::initializeHostCallReturnValue): - -2012-02-21 Filip Pizlo - - Attempted build fix for ELF platforms. - - * dfg/DFGOperations.cpp: - (JSC): - (JSC::getHostCallReturnValueWithExecState): - * jit/HostCallReturnValue.cpp: - (JSC): - * jit/HostCallReturnValue.h: - (JSC::initializeHostCallReturnValue): - -2012-02-20 Filip Pizlo - - JSC should be a triple-tier VM - https://bugs.webkit.org/show_bug.cgi?id=75812 - - - Reviewed by Gavin Barraclough. - - Implemented an interpreter that uses the JIT's calling convention. This - interpreter is called LLInt, or the Low Level Interpreter. JSC will now - will start by executing code in LLInt and will only tier up to the old - JIT after the code is proven hot. - - LLInt is written in a modified form of our macro assembly. This new macro - assembly is compiled by an offline assembler (see offlineasm), which - implements many modern conveniences such as a Turing-complete CPS-based - macro language and direct access to relevant C++ type information - (basically offsets of fields and sizes of structs/classes). - - Code executing in LLInt appears to the rest of the JSC world "as if" it - were executing in the old JIT. Hence, things like exception handling and - cross-execution-engine calls just work and require pretty much no - additional overhead. - - This interpreter is 2-2.5x faster than our old interpreter on SunSpider, - V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider, - V8, and Kraken, but appear to get a double-digit improvement on real-world - websites due to a huge reduction in the amount of JIT'ing. - - * CMakeLists.txt: - * GNUmakefile.am: - * GNUmakefile.list.am: - * JavaScriptCore.pri: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * assembler/LinkBuffer.h: - * assembler/MacroAssemblerCodeRef.h: - (MacroAssemblerCodePtr): - (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): - * bytecode/BytecodeConventions.h: Added. - * bytecode/CallLinkStatus.cpp: - (JSC::CallLinkStatus::computeFromLLInt): - (JSC): - (JSC::CallLinkStatus::computeFor): - * bytecode/CallLinkStatus.h: - (JSC::CallLinkStatus::isSet): - (JSC::CallLinkStatus::operator!): - (CallLinkStatus): - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - (JSC::CodeBlock::CodeBlock): - (JSC::CodeBlock::~CodeBlock): - (JSC::CodeBlock::finalizeUnconditionally): - (JSC::CodeBlock::stronglyVisitStrongReferences): - (JSC): - (JSC::CodeBlock::unlinkCalls): - (JSC::CodeBlock::unlinkIncomingCalls): - (JSC::CodeBlock::bytecodeOffset): - (JSC::ProgramCodeBlock::jettison): - (JSC::EvalCodeBlock::jettison): - (JSC::FunctionCodeBlock::jettison): - (JSC::ProgramCodeBlock::jitCompileImpl): - (JSC::EvalCodeBlock::jitCompileImpl): - (JSC::FunctionCodeBlock::jitCompileImpl): - * bytecode/CodeBlock.h: - (JSC): - (CodeBlock): - (JSC::CodeBlock::baselineVersion): - (JSC::CodeBlock::linkIncomingCall): - (JSC::CodeBlock::bytecodeOffset): - (JSC::CodeBlock::jitCompile): - (JSC::CodeBlock::hasOptimizedReplacement): - (JSC::CodeBlock::addPropertyAccessInstruction): - (JSC::CodeBlock::addGlobalResolveInstruction): - (JSC::CodeBlock::addLLIntCallLinkInfo): - (JSC::CodeBlock::addGlobalResolveInfo): - (JSC::CodeBlock::numberOfMethodCallLinkInfos): - (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): - (JSC::CodeBlock::likelyToTakeSlowCase): - (JSC::CodeBlock::couldTakeSlowCase): - (JSC::CodeBlock::likelyToTakeSpecialFastCase): - (JSC::CodeBlock::likelyToTakeDeepestSlowCase): - (JSC::CodeBlock::likelyToTakeAnySlowCase): - (JSC::CodeBlock::addFrequentExitSite): - (JSC::CodeBlock::dontJITAnytimeSoon): - (JSC::CodeBlock::jitAfterWarmUp): - (JSC::CodeBlock::jitSoon): - (JSC::CodeBlock::llintExecuteCounter): - (ProgramCodeBlock): - (EvalCodeBlock): - (FunctionCodeBlock): - * bytecode/GetByIdStatus.cpp: - (JSC::GetByIdStatus::computeFromLLInt): - (JSC): - (JSC::GetByIdStatus::computeFor): - * bytecode/GetByIdStatus.h: - (JSC::GetByIdStatus::GetByIdStatus): - (JSC::GetByIdStatus::wasSeenInJIT): - (GetByIdStatus): - * bytecode/Instruction.h: - (JSC): - (JSC::Instruction::Instruction): - (Instruction): - * bytecode/LLIntCallLinkInfo.h: Added. - (JSC): - (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo): - (LLIntCallLinkInfo): - (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo): - (JSC::LLIntCallLinkInfo::isLinked): - (JSC::LLIntCallLinkInfo::unlink): - * bytecode/MethodCallLinkStatus.cpp: - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/Opcode.cpp: - (JSC): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecode/PutByIdStatus.cpp: - (JSC::PutByIdStatus::computeFromLLInt): - (JSC): - (JSC::PutByIdStatus::computeFor): - * bytecode/PutByIdStatus.h: - (PutByIdStatus): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitGetById): - (JSC::BytecodeGenerator::emitPutById): - (JSC::BytecodeGenerator::emitDirectPutById): - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitConstruct): - (JSC::BytecodeGenerator::emitCatch): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOperations.cpp: - * heap/Heap.h: - (JSC): - (JSC::Heap::firstAllocatorWithoutDestructors): - (Heap): - * heap/MarkStack.cpp: - (JSC::visitChildren): - * heap/MarkedAllocator.h: - (JSC): - (MarkedAllocator): - * heap/MarkedSpace.h: - (JSC): - (MarkedSpace): - (JSC::MarkedSpace::firstAllocator): - * interpreter/CallFrame.cpp: - (JSC): - (JSC::CallFrame::bytecodeOffsetForNonDFGCode): - (JSC::CallFrame::setBytecodeOffsetForNonDFGCode): - (JSC::CallFrame::currentVPC): - (JSC::CallFrame::setCurrentVPC): - (JSC::CallFrame::trueCallerFrame): - * interpreter/CallFrame.h: - (JSC::ExecState::hasReturnPC): - (JSC::ExecState::clearReturnPC): - (ExecState): - (JSC::ExecState::bytecodeOffsetForNonDFGCode): - (JSC::ExecState::currentVPC): - (JSC::ExecState::setCurrentVPC): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::Interpreter): - (JSC::Interpreter::~Interpreter): - (JSC): - (JSC::Interpreter::initialize): - (JSC::Interpreter::isOpcode): - (JSC::Interpreter::unwindCallFrame): - (JSC::getCallerInfo): - (JSC::Interpreter::privateExecute): - (JSC::Interpreter::retrieveLastCaller): - * interpreter/Interpreter.h: - (JSC): - (Interpreter): - (JSC::Interpreter::getOpcode): - (JSC::Interpreter::getOpcodeID): - (JSC::Interpreter::classicEnabled): - * interpreter/RegisterFile.h: - (JSC): - (RegisterFile): - * jit/ExecutableAllocator.h: - (JSC): - * jit/HostCallReturnValue.cpp: Added. - (JSC): - (JSC::getHostCallReturnValueWithExecState): - * jit/HostCallReturnValue.h: Added. - (JSC): - (JSC::initializeHostCallReturnValue): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - (JSC::JIT::privateCompile): - * jit/JITCode.h: - (JSC::JITCode::isOptimizingJIT): - (JITCode): - (JSC::JITCode::isBaselineCode): - (JSC::JITCode::JITCode): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * jit/JITExceptions.cpp: - (JSC::jitThrow): - * jit/JITInlineMethods.h: - (JSC::JIT::updateTopCallFrame): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC): - * jit/JITStubs.h: - (JSC): - * jit/JSInterfaceJIT.h: - * llint: Added. - * llint/LLIntCommon.h: Added. - * llint/LLIntData.cpp: Added. - (LLInt): - (JSC::LLInt::Data::Data): - (JSC::LLInt::Data::performAssertions): - (JSC::LLInt::Data::~Data): - * llint/LLIntData.h: Added. - (JSC): - (LLInt): - (Data): - (JSC::LLInt::Data::exceptionInstructions): - (JSC::LLInt::Data::opcodeMap): - (JSC::LLInt::Data::performAssertions): - * llint/LLIntEntrypoints.cpp: Added. - (LLInt): - (JSC::LLInt::getFunctionEntrypoint): - (JSC::LLInt::getEvalEntrypoint): - (JSC::LLInt::getProgramEntrypoint): - * llint/LLIntEntrypoints.h: Added. - (JSC): - (LLInt): - (JSC::LLInt::getEntrypoint): - * llint/LLIntExceptions.cpp: Added. - (LLInt): - (JSC::LLInt::interpreterThrowInCaller): - (JSC::LLInt::returnToThrowForThrownException): - (JSC::LLInt::returnToThrow): - (JSC::LLInt::callToThrow): - * llint/LLIntExceptions.h: Added. - (JSC): - (LLInt): - * llint/LLIntOfflineAsmConfig.h: Added. - * llint/LLIntOffsetsExtractor.cpp: Added. - (JSC): - (LLIntOffsetsExtractor): - (JSC::LLIntOffsetsExtractor::dummy): - (main): - * llint/LLIntSlowPaths.cpp: Added. - (LLInt): - (JSC::LLInt::llint_trace_operand): - (JSC::LLInt::llint_trace_value): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::traceFunctionPrologue): - (JSC::LLInt::shouldJIT): - (JSC::LLInt::entryOSR): - (JSC::LLInt::resolveGlobal): - (JSC::LLInt::getByVal): - (JSC::LLInt::handleHostCall): - (JSC::LLInt::setUpCall): - (JSC::LLInt::genericCall): - * llint/LLIntSlowPaths.h: Added. - (JSC): - (LLInt): - * llint/LLIntThunks.cpp: Added. - (LLInt): - (JSC::LLInt::generateThunkWithJumpTo): - (JSC::LLInt::functionForCallEntryThunkGenerator): - (JSC::LLInt::functionForConstructEntryThunkGenerator): - (JSC::LLInt::functionForCallArityCheckThunkGenerator): - (JSC::LLInt::functionForConstructArityCheckThunkGenerator): - (JSC::LLInt::evalEntryThunkGenerator): - (JSC::LLInt::programEntryThunkGenerator): - * llint/LLIntThunks.h: Added. - (JSC): - (LLInt): - * llint/LowLevelInterpreter.asm: Added. - * llint/LowLevelInterpreter.cpp: Added. - * llint/LowLevelInterpreter.h: Added. - * offlineasm: Added. - * offlineasm/armv7.rb: Added. - * offlineasm/asm.rb: Added. - * offlineasm/ast.rb: Added. - * offlineasm/backends.rb: Added. - * offlineasm/generate_offset_extractor.rb: Added. - * offlineasm/instructions.rb: Added. - * offlineasm/offset_extractor_constants.rb: Added. - * offlineasm/offsets.rb: Added. - * offlineasm/opt.rb: Added. - * offlineasm/parser.rb: Added. - * offlineasm/registers.rb: Added. - * offlineasm/self_hash.rb: Added. - * offlineasm/settings.rb: Added. - * offlineasm/transform.rb: Added. - * offlineasm/x86.rb: Added. - * runtime/CodeSpecializationKind.h: Added. - (JSC): - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): - (CommonSlowPaths): - * runtime/Executable.cpp: - (JSC::jettisonCodeBlock): - (JSC): - (JSC::EvalExecutable::jitCompile): - (JSC::samplingDescription): - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::jitCompile): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::baselineCodeBlockFor): - (JSC::FunctionExecutable::jitCompileForCall): - (JSC::FunctionExecutable::jitCompileForConstruct): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - * runtime/Executable.h: - (JSC): - (EvalExecutable): - (ProgramExecutable): - (FunctionExecutable): - (JSC::FunctionExecutable::jitCompileFor): - * runtime/ExecutionHarness.h: Added. - (JSC): - (JSC::prepareForExecution): - (JSC::prepareFunctionForExecution): - * runtime/JSArray.h: - (JSC): - (JSArray): - * runtime/JSCell.h: - (JSC): - (JSCell): - * runtime/JSFunction.h: - (JSC): - (JSFunction): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSC): - (JSGlobalData): - * runtime/JSGlobalObject.h: - (JSC): - (JSGlobalObject): - * runtime/JSObject.h: - (JSC): - (JSObject): - (JSFinalObject): - * runtime/JSPropertyNameIterator.h: - (JSC): - (JSPropertyNameIterator): - * runtime/JSString.h: - (JSC): - (JSString): - * runtime/JSTypeInfo.h: - (JSC): - (TypeInfo): - * runtime/JSValue.cpp: - (JSC::JSValue::description): - * runtime/JSValue.h: - (LLInt): - (JSValue): - * runtime/JSVariableObject.h: - (JSC): - (JSVariableObject): - * runtime/Options.cpp: - (Options): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - * runtime/ScopeChain.h: - (JSC): - (ScopeChainNode): - * runtime/Structure.cpp: - (JSC::Structure::addPropertyTransition): - * runtime/Structure.h: - (JSC): - (Structure): - * runtime/StructureChain.h: - (JSC): - (StructureChain): - * wtf/InlineASM.h: - * wtf/Platform.h: - * wtf/SentinelLinkedList.h: - (SentinelLinkedList): - (WTF::SentinelLinkedList::isEmpty): - * wtf/text/StringImpl.h: - (JSC): - (StringImpl): - -2012-02-20 Filip Pizlo - - Unreviewed, rolling out http://trac.webkit.org/changeset/108291 - It completely broke the 32-bit JIT. - - * heap/CopiedAllocator.h: - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/Heap.h: - (JSC::Heap::allocatorForObjectWithDestructor): - * jit/JIT.cpp: - (JSC::JIT::privateCompileSlowCases): - * jit/JIT.h: - (JIT): - * jit/JITInlineMethods.h: - (JSC): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_new_array): - * runtime/JSArray.cpp: - (JSC::storageSize): - (JSC): - * runtime/JSArray.h: - (ArrayStorage): - (JSArray): - -2012-02-20 Gavin Barraclough - - [[Put]] should throw if prototype chain contains a readonly property. - https://bugs.webkit.org/show_bug.cgi?id=79069 - - Reviewed by Oliver Hunt. - - Currently we only check the base of the put, not the prototype chain. - Fold this check in with the test for accessors. - - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Updated to test all objects in the propotype chain for readonly properties. - (JSC::JSObject::putDirectAccessor): - (JSC::putDescriptor): - - Record the presence of readonly properties on the structure. - * runtime/Structure.cpp: - (JSC::Structure::Structure): - - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto. - * runtime/Structure.h: - (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): - (JSC::Structure::setHasGetterSetterProperties): - - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto. - (JSC::Structure::setContainsReadOnlyProperties): - - Added. - -2012-02-20 Mark Hahnenberg - - Implement fast path for op_new_array in the baseline JIT - https://bugs.webkit.org/show_bug.cgi?id=78612 - - Reviewed by Filip Pizlo. - - * heap/CopiedAllocator.h: - (CopiedAllocator): Friended the JIT to allow access to m_currentOffset. - * heap/CopiedSpace.h: - (CopiedSpace): Friended the JIT to allow access to - (JSC::CopiedSpace::allocator): - * heap/Heap.h: - (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT - can use it for simple allocation i.e. when we can just bump the offset without having to - do anything else. - * jit/JIT.cpp: - (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when - we have to bail out because the fast allocation path fails for whatever reason. - * jit/JIT.h: - (JIT): - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to - allocate generic backing stores. This function is used by emitAllocateJSArray. - (JSC): - (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to - more easily allocate JSArrays. This function is used by emit_op_new_array and I expect - it will also be used for emit_op_new_array_buffer. - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does - a stub call for oversize arrays. - (JSC): - (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on - the fast path. - * runtime/JSArray.cpp: - (JSC): - * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to - initialize in the JIT. - (ArrayStorage): - (JSC::ArrayStorage::lengthOffset): - (JSC::ArrayStorage::numValuesInVectorOffset): - (JSC::ArrayStorage::allocBaseOffset): - (JSC::ArrayStorage::vectorOffset): - (JSArray): - (JSC::JSArray::sparseValueMapOffset): - (JSC::JSArray::subclassDataOffset): - (JSC::JSArray::indexBiasOffset): - (JSC): - (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file - to being a static function in the JSArray class. This move allows the JIT to call it to - see what size it should allocate. - -2012-02-20 Gavin Barraclough - - DefineOwnProperty fails with numeric properties & Object.prototype - https://bugs.webkit.org/show_bug.cgi?id=79059 - - Reviewed by Oliver Hunt. - - ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names), - calls to defineOwnProperty need to update this cache. - - * runtime/ObjectPrototype.cpp: - (JSC::ObjectPrototype::put): - (JSC::ObjectPrototype::defineOwnProperty): - (JSC): - (JSC::ObjectPrototype::getOwnPropertySlotByIndex): - * runtime/ObjectPrototype.h: - (ObjectPrototype): - -2012-02-20 Pino Toscano - - Does not build on GNU Hurd - https://bugs.webkit.org/show_bug.cgi?id=79045 - - Reviewed by Gustavo Noronha Silva. - - * wtf/Platform.h: define WTF_OS_HURD. - * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix - for the lack of PTHREAD_KEYS_MAX definition, with a value which - should not cause issues. - -2012-02-20 Gavin Barraclough - - Unreviewed windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-20 Mark Hahnenberg - - Undoing accidental changes - - * heap/Heap.cpp: - (JSC::Heap::collectAllGarbage): - -2012-02-20 Mark Hahnenberg - - Factor out allocation in CopySpace into a separate CopyAllocator - https://bugs.webkit.org/show_bug.cgi?id=78610 - - Reviewed by Oliver Hunt. - - Added a new CopyAllocator class, which allows us to do allocations without - having to load the current offset and store the current offset in the current - block. This change will allow us to easily do inline assembly in the JIT for - array allocations. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * heap/CopiedAllocator.h: Added. - (JSC): - (CopiedAllocator): - (JSC::CopiedAllocator::currentBlock): - (JSC::CopiedAllocator::CopiedAllocator): - (JSC::CopiedAllocator::allocate): - (JSC::CopiedAllocator::fitsInCurrentBlock): - (JSC::CopiedAllocator::wasLastAllocation): - (JSC::CopiedAllocator::startedCopying): - (JSC::CopiedAllocator::resetCurrentBlock): - (JSC::CopiedAllocator::currentUtilization): - (JSC::CopiedAllocator::resetLastAllocation): - * heap/CopiedBlock.h: - (CopiedBlock): - * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we - weren't really getting any benefits from having such big functions in a header file. - (JSC::CopiedSpace::CopiedSpace): - (JSC): - (JSC::CopiedSpace::init): - (JSC::CopiedSpace::tryAllocateSlowCase): - (JSC::CopiedSpace::tryAllocateOversize): - (JSC::CopiedSpace::tryReallocate): - (JSC::CopiedSpace::tryReallocateOversize): - (JSC::CopiedSpace::doneFillingBlock): - (JSC::CopiedSpace::doneCopying): - (JSC::CopiedSpace::getFreshBlock): - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/CopiedSpaceInlineMethods.h: - (JSC): - (JSC::CopiedSpace::startedCopying): - (JSC::CopiedSpace::addNewBlock): - (JSC::CopiedSpace::allocateNewBlock): - (JSC::CopiedSpace::fitsInBlock): - (JSC::CopiedSpace::tryAllocate): - (JSC::CopiedSpace::allocateFromBlock): - * heap/Heap.cpp: - (JSC::Heap::collectAllGarbage): - * heap/HeapBlock.h: - (HeapBlock): - -2012-02-20 Patrick Gansterer - - Fix Visual Studio 2010 build. - - * bytecompiler/NodesCodegen.cpp: - (JSC::PropertyListNode::emitBytecode): - -2012-02-16 Gavin Barraclough - - Move special __proto__ property to Object.prototype - https://bugs.webkit.org/show_bug.cgi?id=78409 - - Reviewed by Oliver Hunt. - - Re-implement this as a regular accessor property. This has three key benefits: - 1) It makes it possible for objects to be given properties named __proto__. - 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. - 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. - - * parser/Parser.cpp: - (JSC::::parseFunctionInfo): - - No need to prohibit functions named __proto__. - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - - Add __proto__ accessor to Object.prototype. - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::globalFuncProtoGetter): - (JSC::globalFuncProtoSetter): - - Definition of the __proto__ accessor functions. - * runtime/JSGlobalObjectFunctions.h: - - Declaration of the __proto__ accessor functions. - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. - (JSC::JSObject::putDirectAccessor): - - Track on the structure whether an object contains accessors other than one for __proto__. - (JSC::JSObject::defineOwnProperty): - - No need to prohibit definition of own properties named __proto__. - * runtime/JSObject.h: - (JSC::JSObject::inlineGetOwnPropertySlot): - - Remove the special handling for __proto__. - (JSC::JSValue::get): - - Remove the special handling for __proto__. - * runtime/JSString.cpp: - (JSC::JSString::getOwnPropertySlot): - - Remove the special handling for __proto__. - * runtime/JSValue.h: - (JSValue): - - Made synthesizePrototype public (this may be needed by the __proto__ getter). - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetPrototypeOf): - - Perform the security check & call prototype() directly. - * runtime/Structure.cpp: - (JSC::Structure::Structure): - - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. - * runtime/Structure.h: - (JSC::Structure::hasGetterSetterPropertiesExcludingProto): - (JSC::Structure::setHasGetterSetterProperties): - (Structure): - - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. - -2012-02-20 Michael Saboff - - Update toLower and toUpper tests for Unicode 6.1 changes - https://bugs.webkit.org/show_bug.cgi?id=78923 - - Reviewed by Oliver Hunt. - - * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test - to handle a third set of results for updated Unicode 6.1 - changes. - (getTestCases): - (TestCaseMultiExpected): - (writeTestCaseResultMultiExpected): - (getTestCaseResultMultiExpected): - (test): - (GetUnicodeValues): - (DecimalToHexString): - -2012-02-20 Andy Wingo - - Remove unused features from CodeFeatures - https://bugs.webkit.org/show_bug.cgi?id=78804 - - Reviewed by Gavin Barraclough. - - * parser/Nodes.h: - * parser/ASTBuilder.h: - (JSC::ClosureFeature): - (JSC::ASTBuilder::createFunctionBody): - (JSC::ASTBuilder::usesClosures): - Remove "ClosureFeature". Since we track captured variables more - precisely, this bit doesn't do us any good. - - (JSC::AssignFeature): - (JSC::ASTBuilder::makeAssignNode): - (JSC::ASTBuilder::makePrefixNode): - (JSC::ASTBuilder::makePostfixNode): - (JSC::ASTBuilder::usesAssignment): - Similarly, remove AssignFeature. It is unused. - -2012-02-19 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: Add missing files. - -2012-02-18 Sam Weinig - - Fix style issues in DFG Phase classes - https://bugs.webkit.org/show_bug.cgi?id=78983 - - Reviewed by Ryosuke Niwa. - - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - * dfg/DFGCFAPhase.cpp: - * dfg/DFGCSEPhase.cpp: - * dfg/DFGPredictionPropagationPhase.cpp: - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - Add a space before the colon in class declarations. - -2012-02-18 Filip Pizlo - - Attempt to fix Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-18 Sam Weinig - - Fix the libc++ build. - - Reviewed by Anders Carlsson. - - * heap/Weak.h: - Libc++'s nullptr emulation does not allow default construction - of the nullptr_t type. Work around this with the arguably clearer - just returning nullptr. - -2012-02-18 Filip Pizlo - - DFGPropagator.cpp has too many things - https://bugs.webkit.org/show_bug.cgi?id=78956 - - Reviewed by Oliver Hunt. - - Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its - various things and put them into separate files. These new phases follow - the naming convention "DFGPhase" where is a noun. They are - called via functions of the form "perform". - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added. - (DFG): - (JSC::DFG::performArithNodeFlagsInference): - * dfg/DFGArithNodeFlagsInferencePhase.h: Added. - (DFG): - * dfg/DFGCFAPhase.cpp: Added. - (DFG): - (JSC::DFG::performCFA): - * dfg/DFGCFAPhase.h: Added. - (DFG): - * dfg/DFGCSEPhase.cpp: Added. - (DFG): - (JSC::DFG::performCSE): - * dfg/DFGCSEPhase.h: Added. - (DFG): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGPhase.cpp: Added. - (DFG): - (JSC::DFG::Phase::beginPhase): - (JSC::DFG::Phase::endPhase): - * dfg/DFGPhase.h: Added. - (DFG): - (Phase): - (JSC::DFG::Phase::Phase): - (JSC::DFG::Phase::~Phase): - (JSC::DFG::Phase::globalData): - (JSC::DFG::Phase::codeBlock): - (JSC::DFG::Phase::profiledBlock): - (JSC::DFG::Phase::beginPhase): - (JSC::DFG::Phase::endPhase): - (JSC::DFG::runPhase): - * dfg/DFGPredictionPropagationPhase.cpp: Added. - (DFG): - (JSC::DFG::performPredictionPropagation): - * dfg/DFGPredictionPropagationPhase.h: Added. - (DFG): - * dfg/DFGPropagator.cpp: Removed. - * dfg/DFGPropagator.h: Removed. - * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added. - (DFG): - (JSC::DFG::performVirtualRegisterAllocation): - * dfg/DFGVirtualRegisterAllocationPhase.h: Added. - (DFG): - -2012-02-17 Filip Pizlo - - DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and - the CodeBlock that was used for profiling - https://bugs.webkit.org/show_bug.cgi?id=78954 - - Reviewed by Gavin Barraclough. - - * bytecode/CodeBlock.h: - (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): - (JSC): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::AbstractState): - (JSC::DFG::AbstractState::execute): - * dfg/DFGAbstractState.h: - * dfg/DFGAssemblyHelpers.h: - (AssemblyHelpers): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::ByteCodeParser): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::parse): - * dfg/DFGByteCodeParser.h: - (DFG): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - (JSC::DFG::Graph::predictArgumentTypes): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::Graph): - (Graph): - (JSC::DFG::Graph::getJSConstantPrediction): - (JSC::DFG::Graph::addShouldSpeculateInteger): - (JSC::DFG::Graph::isInt32Constant): - (JSC::DFG::Graph::isDoubleConstant): - (JSC::DFG::Graph::isNumberConstant): - (JSC::DFG::Graph::isBooleanConstant): - (JSC::DFG::Graph::isFunctionConstant): - (JSC::DFG::Graph::valueOfJSConstant): - (JSC::DFG::Graph::valueOfInt32Constant): - (JSC::DFG::Graph::valueOfNumberConstant): - (JSC::DFG::Graph::valueOfBooleanConstant): - (JSC::DFG::Graph::valueOfFunctionConstant): - (JSC::DFG::Graph::baselineCodeBlockFor): - (JSC::DFG::Graph::valueProfileFor): - (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::JITCompiler): - (JITCompiler): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::Propagator): - (JSC::DFG::Propagator::isNotNegZero): - (JSC::DFG::Propagator::isNotZero): - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (JSC::DFG::Propagator::globalCFA): - (JSC::DFG::propagate): - * dfg/DFGPropagator.h: - (DFG): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compileAdd): - (JSC::DFG::SpeculativeJIT::compileArithSub): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::isConstant): - (JSC::DFG::SpeculativeJIT::isJSConstant): - (JSC::DFG::SpeculativeJIT::isInt32Constant): - (JSC::DFG::SpeculativeJIT::isDoubleConstant): - (JSC::DFG::SpeculativeJIT::isNumberConstant): - (JSC::DFG::SpeculativeJIT::isBooleanConstant): - (JSC::DFG::SpeculativeJIT::isFunctionConstant): - (JSC::DFG::SpeculativeJIT::valueOfInt32Constant): - (JSC::DFG::SpeculativeJIT::valueOfNumberConstant): - (JSC::DFG::SpeculativeJIT::valueOfJSConstant): - (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant): - (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant): - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::SpeculativeJIT): - -2012-02-17 Ahmad Sharif - - There is a warning in memset in glibc that gets triggered through a - warndecl when the fill-value of memset is a non-zero constant and the - size is zero. This warning is enabled when building with - -D_FORTIFY_SOURCE=2. This patch fixes the warning. - - https://bugs.webkit.org/show_bug.cgi?id=78513 - - Reviewed by Alexey Proskuryakov - - * wtf/Vector.h: - -2012-02-17 Kalev Lember - - Remove unused parameters from WTF threading API - https://bugs.webkit.org/show_bug.cgi?id=78389 - - Reviewed by Adam Roben. - - waitForThreadCompletion() had an out param 'void **result' to get the - 'void *' returned by ThreadFunction. However, the implementation in - ThreadingWin.cpp ignored the out param, not filling it in. This had - led to a situation where none of the client code made use of the param - and just ignored it. - - To clean this up, the patch changes the signature of ThreadFunction to - return void instead of void* and drops the the unused 'void **result' - parameter from waitForThreadCompletion. Also, all client code is - updated for the API change. - - As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even - though the change only affects internal API, Safari is using it - directly and we'll need to keep the old versions around for ABI - compatibility. For this, the patch adds compatibility wrappers with - the old ABI. - - * JavaScriptCore.order: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * bytecode/SamplingTool.cpp: - (JSC::SamplingThread::threadStartFunc): - (JSC::SamplingThread::stop): - * bytecode/SamplingTool.h: - (SamplingThread): - * heap/Heap.cpp: - (JSC::Heap::~Heap): - (JSC::Heap::blockFreeingThreadStartFunc): - * heap/Heap.h: - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::markingThreadStartFunc): - (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData): - * heap/MarkStack.h: - (MarkStackThreadSharedData): - * wtf/ParallelJobsGeneric.cpp: - (WTF::ParallelEnvironment::ThreadPrivate::workerThread): - * wtf/ParallelJobsGeneric.h: - (ThreadPrivate): - * wtf/ThreadFunctionInvocation.h: Update the signature of - ThreadFunction. - (WTF): - * wtf/Threading.cpp: - (WTF::threadEntryPoint): Update for ThreadFunction signature change. - (WTF): - (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation): - ABI compatibility function for Safari. - (ThreadFunctionWithReturnValueInvocation): Ditto. - (WTF::compatEntryPoint): Ditto. - (WTF::createThread): Ditto. - (WTF::waitForThreadCompletion): Ditto. - * wtf/Threading.h: Update the signature of ThreadFunction and - waitForThreadCompletion. - (WTF): - * wtf/ThreadingPthreads.cpp: Implement the new API. - (WTF::wtfThreadEntryPoint): - (WTF): - (WTF::createThreadInternal): - (WTF::waitForThreadCompletion): - * wtf/ThreadingWin.cpp: Implement the new API. - (WTF::wtfThreadEntryPoint): - (WTF::waitForThreadCompletion): - -2012-02-16 Oliver Hunt - - Implement Error.stack - https://bugs.webkit.org/show_bug.cgi?id=66994 - - Reviewed by Gavin Barraclough. - - Implement support for stack traces on exception objects. This is a rewrite - of the core portion of the last stack walking logic, but the mechanical work - of adding the information to an exception comes from the original work by - Juan Carlos Montemayor Elosua. - - * interpreter/Interpreter.cpp: - (JSC::getCallerInfo): - (JSC): - (JSC::getSourceURLFromCallFrame): - (JSC::getStackFrameCodeType): - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::throwException): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC): - (StackFrame): - (JSC::StackFrame::toString): - (Interpreter): - * jsc.cpp: - (GlobalObject::finishCreation): - (functionJSCStack): - * parser/Nodes.h: - (JSC::FunctionBodyNode::setInferredName): - * parser/Parser.h: - (JSC::::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - (JSC): - -2012-02-17 Mark Hahnenberg - - Rename Bump* to Copy* - https://bugs.webkit.org/show_bug.cgi?id=78573 - - Reviewed by Geoffrey Garen. - - Renamed anything with "Bump" in the name to have "Copied" instead. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * heap/BumpBlock.h: Removed. - * heap/BumpSpace.cpp: Removed. - * heap/BumpSpace.h: Removed. - * heap/BumpSpaceInlineMethods.h: Removed. - * heap/ConservativeRoots.cpp: - (JSC::ConservativeRoots::ConservativeRoots): - (JSC::ConservativeRoots::genericAddPointer): - * heap/ConservativeRoots.h: - (ConservativeRoots): - * heap/CopiedBlock.h: Added. - (JSC): - (CopiedBlock): - (JSC::CopiedBlock::CopiedBlock): - * heap/CopiedSpace.cpp: Added. - (JSC): - (JSC::CopiedSpace::tryAllocateSlowCase): - * heap/CopiedSpace.h: Added. - (JSC): - (CopiedSpace): - (JSC::CopiedSpace::isInCopyPhase): - (JSC::CopiedSpace::totalMemoryAllocated): - (JSC::CopiedSpace::totalMemoryUtilized): - * heap/CopiedSpaceInlineMethods.h: Added. - (JSC): - (JSC::CopiedSpace::CopiedSpace): - (JSC::CopiedSpace::init): - (JSC::CopiedSpace::contains): - (JSC::CopiedSpace::pin): - (JSC::CopiedSpace::startedCopying): - (JSC::CopiedSpace::doneCopying): - (JSC::CopiedSpace::doneFillingBlock): - (JSC::CopiedSpace::recycleBlock): - (JSC::CopiedSpace::getFreshBlock): - (JSC::CopiedSpace::borrowBlock): - (JSC::CopiedSpace::addNewBlock): - (JSC::CopiedSpace::allocateNewBlock): - (JSC::CopiedSpace::fitsInBlock): - (JSC::CopiedSpace::fitsInCurrentBlock): - (JSC::CopiedSpace::tryAllocate): - (JSC::CopiedSpace::tryAllocateOversize): - (JSC::CopiedSpace::allocateFromBlock): - (JSC::CopiedSpace::tryReallocate): - (JSC::CopiedSpace::tryReallocateOversize): - (JSC::CopiedSpace::isOversize): - (JSC::CopiedSpace::isPinned): - (JSC::CopiedSpace::oversizeBlockFor): - (JSC::CopiedSpace::blockFor): - * heap/Heap.cpp: - * heap/Heap.h: - (JSC): - (Heap): - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): - (JSC::SlotVisitor::drainFromShared): - (JSC::SlotVisitor::startCopying): - (JSC::SlotVisitor::allocateNewSpace): - (JSC::SlotVisitor::doneCopying): - * heap/MarkStack.h: - (MarkStackThreadSharedData): - * heap/SlotVisitor.h: - (SlotVisitor): - * runtime/JSArray.cpp: - * runtime/JSObject.cpp: - -2012-02-16 Yuqiang Xian - - Add JSC code profiling support on Linux x86 - https://bugs.webkit.org/show_bug.cgi?id=78871 - - Reviewed by Gavin Barraclough. - - We don't unwind the stack for now as we cannot guarantee all the - libraries are compiled without -fomit-frame-pointer. - - * tools/CodeProfile.cpp: - (JSC::CodeProfile::sample): - * tools/CodeProfiling.cpp: - (JSC): - (JSC::profilingTimer): - (JSC::CodeProfiling::begin): - (JSC::CodeProfiling::end): - -2012-02-16 Csaba Osztrogonác - - Unreviewed. Rolling out r107980, because it broke 32 bit platforms. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC): - (Interpreter): - * jsc.cpp: - (GlobalObject::finishCreation): - * parser/Nodes.h: - (JSC::FunctionBodyNode::setInferredName): - * parser/Parser.h: - (JSC::::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - (JSC): - -2012-02-16 Filip Pizlo - - ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER - https://bugs.webkit.org/show_bug.cgi?id=78791 - - Rubber stamped by Oliver Hunt. - - Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to - COMPUTED_GOTO_CLASSIC_INTERPRETER. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - (JSC::CodeBlock::stronglyVisitStrongReferences): - (JSC): - (JSC::CodeBlock::shrinkToFit): - * bytecode/CodeBlock.h: - (CodeBlock): - * bytecode/Instruction.h: - (JSC::Instruction::Instruction): - * bytecode/Opcode.h: - (JSC::padOpcodeName): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitGetById): - (JSC::BytecodeGenerator::emitPutById): - (JSC::BytecodeGenerator::emitDirectPutById): - * interpreter/AbstractPC.cpp: - (JSC::AbstractPC::AbstractPC): - * interpreter/AbstractPC.h: - (AbstractPC): - * interpreter/CallFrame.h: - (ExecState): - * interpreter/Interpreter.cpp: - (JSC): - (JSC::Interpreter::initialize): - (JSC::Interpreter::isOpcode): - (JSC::Interpreter::unwindCallFrame): - (JSC::Interpreter::execute): - (JSC::Interpreter::privateExecute): - (JSC::Interpreter::retrieveLastCaller): - * interpreter/Interpreter.h: - (JSC::Interpreter::getOpcode): - (JSC::Interpreter::getOpcodeID): - (Interpreter): - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - * runtime/Executable.h: - (NativeExecutable): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - (JSC::JSGlobalData::getHostFunction): - * runtime/JSGlobalData.h: - (JSGlobalData): - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveAndCommit): - * wtf/Platform.h: - -2012-02-15 Geoffrey Garen - - Made Weak single-owner, adding PassWeak - https://bugs.webkit.org/show_bug.cgi?id=78740 - - Reviewed by Sam Weinig. - - This works basically the same way as OwnPtr and PassOwnPtr. - - This clarifies the semantics of finalizers: It's ambiguous and probably - a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor - twice), so I've made Weak non-copyable. Anywhere we used to copy a - Weak, we now use PassWeak. - - This also makes Weak HashMaps more efficient. - - * API/JSClassRef.cpp: - (OpaqueJSClass::prototype): Use PassWeak instead of set(), since - set() is gone now. - - * JavaScriptCore.xcodeproj/project.pbxproj: Export! - - * heap/PassWeak.h: Added. - (JSC): - (PassWeak): - (JSC::PassWeak::PassWeak): - (JSC::PassWeak::~PassWeak): - (JSC::PassWeak::get): - (JSC::::leakHandle): - (JSC::adoptWeak): - (JSC::operator==): - (JSC::operator!=): This is the Weak version of PassOwnPtr. - - * heap/Weak.h: - (Weak): - (JSC::Weak::Weak): - (JSC::Weak::release): - (JSC::Weak::hashTableDeletedValue): - (JSC::=): - (JSC): Changed to be non-copyable, removing a lot of copying-related - APIs. Added hash traits so hash maps still work. - - * jit/JITStubs.cpp: - (JSC::JITThunks::hostFunctionStub): - * runtime/RegExpCache.cpp: - (JSC::RegExpCache::lookupOrCreate): Use PassWeak, as required by - our new hash map API. - -2012-02-16 Mark Hahnenberg - - Fix the broken viewport tests - https://bugs.webkit.org/show_bug.cgi?id=78774 - - Reviewed by Kenneth Rohde Christiansen. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/WTFString.cpp: - (WTF): - (WTF::toDoubleType): Template-ized to allow other functions to specify whether they - want to allow trailing junk or not when calling strtod. - (WTF::charactersToDouble): - (WTF::charactersToFloat): - (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows - trailing junk. - * wtf/text/WTFString.h: - (WTF): - -2012-02-16 Oliver Hunt - - Implement Error.stack - https://bugs.webkit.org/show_bug.cgi?id=66994 - - Reviewed by Gavin Barraclough. - - Implement support for stack traces on exception objects. This is a rewrite - of the core portion of the last stack walking logic, but the mechanical work - of adding the information to an exception comes from the original work by - Juan Carlos Montemayor Elosua. - - * interpreter/Interpreter.cpp: - (JSC::getCallerInfo): - (JSC): - (JSC::getSourceURLFromCallFrame): - (JSC::getStackFrameCodeType): - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::throwException): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC): - (StackFrame): - (JSC::StackFrame::toString): - (Interpreter): - * jsc.cpp: - (GlobalObject::finishCreation): - (functionJSCStack): - * parser/Nodes.h: - (JSC::FunctionBodyNode::setInferredName): - * parser/Parser.h: - (JSC::::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - (JSC): - -2012-02-15 Gavin Barraclough - - Numerous trivial bugs in Object.defineProperty - https://bugs.webkit.org/show_bug.cgi?id=78777 - - Reviewed by Sam Weinig. - - There are a handful of really trivial bugs, related to Object.defineProperty: - * Redefining an accessor with different attributes changes the attributes, but not the get/set functions! - * Calling an undefined setter should only throw in strict mode. - * When redefining an accessor to a data decriptor, if writable is not specified we should default to false. - * Any attempt to redefine a non-configurable property of an array as configurable should be rejected. - * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object. - * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail. - * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). - * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes. - * Should be able to define an non-configurable accessor. - These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute. - - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::put): - - Added ASSERT. - - Calling an undefined setter should only throw in strict mode. - (JSC::JSArray::putDescriptor): - - Should be able to define an non-configurable accessor. - (JSC::JSArray::defineOwnNumericProperty): - - Any attempt to redefine a non-configurable property of an array as configurable should be rejected. - (JSC::JSArray::putByIndexBeyondVectorLength): - - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail. - * runtime/JSArray.h: - (JSArray): - - made enterDictionaryMode public, called from JSObject. - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Calling an undefined setter should only throw in strict mode. - (JSC::JSObject::preventExtensions): - - Put array objects into dictionary mode to handle this! - (JSC::JSObject::defineOwnProperty): - - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes. - - Redefining an accessor with different attributes changes the attributes, but not the get/set functions! - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorDefineProperties): - - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object. - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::attributesWithOverride): - - When redefining an accessor to a data decriptor, if writable is not specified we should default to false. - (JSC::PropertyDescriptor::attributesOverridingCurrent): - - When redefining an accessor to a data decriptor, if writable is not specified we should default to false. - * runtime/Structure.cpp: - (JSC::Structure::freezeTransition): - - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). - (JSC::Structure::isFrozen): - - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). - -2012-02-13 Filip Pizlo - - DFG should not check the types of arguments that are dead - https://bugs.webkit.org/show_bug.cgi?id=78518 - - Reviewed by Geoff Garen. - - The argument checks are now elided if the corresponding SetArgument is dead, - and the abstract value of the argument is set to bottom (None, []). This is - performance neutral on the benchmarks we currently track. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - -2012-02-15 Oliver Hunt - - Ensure that the DFG JIT always plants a CodeOrigin when making calls - https://bugs.webkit.org/show_bug.cgi?id=78763 - - Reviewed by Gavin Barraclough. - - Make all calls plant a CodeOrigin prior to the actual - call. Also clobbers the Interpreter with logic to ensure - that the interpreter always plants a bytecode offset. - - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGJITCompiler.h: - (CallBeginToken): - (JSC::DFG::JITCompiler::beginJSCall): - (JSC::DFG::JITCompiler::beginCall): - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryBuildGetByIDList): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * interpreter/AbstractPC.cpp: - (JSC::AbstractPC::AbstractPC): - * interpreter/CallFrame.cpp: - (JSC::CallFrame::trueCallFrame): - * interpreter/CallFrame.h: - (JSC::ExecState::bytecodeOffsetForNonDFGCode): - (ExecState): - (JSC::ExecState::setBytecodeOffsetForNonDFGCode): - (JSC::ExecState::codeOriginIndexForDFG): - -2012-02-14 Oliver Hunt - - Fix Interpreter. - - * runtime/Executable.cpp: - (JSC): - * runtime/Executable.h: - (ExecutableBase): - -2012-02-14 Matt Lilek - - Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms - https://bugs.webkit.org/show_bug.cgi?id=78629 - - Reviewed by David Kilzer. - - * Configurations/FeatureDefines.xcconfig: - -2012-02-14 Filip Pizlo - - Unreviewed, build fix for non-DFG platforms. - - * assembler/MacroAssembler.h: - (MacroAssembler): - -2012-02-14 Filip Pizlo - - Unreviewed, fix build and configuration goof. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::invert): - * dfg/DFGCommon.h: - -2012-02-13 Filip Pizlo - - DFG should be able to emit code on control flow edges - https://bugs.webkit.org/show_bug.cgi?id=78515 - - Reviewed by Gavin Barraclough. - - This gets us a few steps closer to being able to perform global register allocation, - by allowing us to have landing pads on control flow edges. This will let us reshuffle - registers if it happens to be necessary due to different reg alloc decisions in - differen blocks. - - This also introduces the notion of a landing pad for OSR entry, which will allow us - to emit code that places data into registers when we're entering into the DFG from - the old JIT. - - Finally, this patch introduces a verification mode that checks that the landing pads - are actually emitted and do actually work as advertised. When verification is disabled, - this has no effect on behavior. - - * assembler/MacroAssembler.h: - (MacroAssembler): - (JSC::MacroAssembler::invert): - (JSC::MacroAssembler::isInvertible): - * dfg/DFGCommon.h: - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compile): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): - (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::createOSREntries): - (DFG): - (JSC::DFG::SpeculativeJIT::linkOSREntries): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::branchDouble): - (JSC::DFG::SpeculativeJIT::branchDoubleNonZero): - (JSC::DFG::SpeculativeJIT::branch32): - (JSC::DFG::SpeculativeJIT::branchTest32): - (JSC::DFG::SpeculativeJIT::branchPtr): - (JSC::DFG::SpeculativeJIT::branchTestPtr): - (JSC::DFG::SpeculativeJIT::branchTest8): - (JSC::DFG::SpeculativeJIT::jump): - (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit): - (JSC::DFG::SpeculativeJIT::emitEdgeCode): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-14 Filip Pizlo - - Assertion failure under JSC::DFG::AbstractState::execute loading economist.com - https://bugs.webkit.org/show_bug.cgi?id=78153 - - - Reviewed by Oliver Hunt. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileAdd): - -2012-02-14 Eric Seidel - - Upstream Android's additions to Platform.h - https://bugs.webkit.org/show_bug.cgi?id=78536 - - Reviewed by Adam Barth. - - * wtf/Platform.h: - -2012-02-12 Mark Hahnenberg - - Replace old strtod with new strtod - https://bugs.webkit.org/show_bug.cgi?id=68044 - - Reviewed by Geoffrey Garen. - - * parser/Lexer.cpp: Added template argument. This version allows junk after numbers. - (JSC::::lex): - * runtime/JSGlobalObjectFunctions.cpp: Ditto. - (JSC::parseInt): - (JSC::jsStrDecimalLiteral): - * runtime/LiteralParser.cpp: Ditto. - (JSC::::Lexer::lexNumber): - * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter. - It takes a template argument to allow clients to determine statically whether it should allow - junk after the numbers or not. - (WTF): - (WTF::strtod): - * wtf/dtoa.h: - (WTF): - * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers. - (WTF::toDoubleType): - -2012-02-13 Mark Hahnenberg - - More windows build fixing - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-13 Oliver Hunt - - Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match - https://bugs.webkit.org/show_bug.cgi?id=76315 - - Reviewed by Gavin Barraclough. - - Perform a 3 byte compare using two comparisons, rather than trying to perform the - operation with a four byte load. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - -2012-02-13 Mark Hahnenberg - - Windows build fix - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-12 Mark Hahnenberg - - Replace old strtod with new strtod - https://bugs.webkit.org/show_bug.cgi?id=68044 - - Reviewed by Geoffrey Garen. - - * parser/Lexer.cpp: Added template argument. This version allows junk after numbers. - (JSC::::lex): - * runtime/JSGlobalObjectFunctions.cpp: Ditto. - (JSC::parseInt): - (JSC::jsStrDecimalLiteral): - * runtime/LiteralParser.cpp: Ditto. - (JSC::::Lexer::lexNumber): - * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter. - It takes a template argument to allow clients to determine statically whether it should allow - junk after the numbers or not. - (WTF): - (WTF::strtod): - * wtf/dtoa.h: - (WTF): - * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers. - (WTF::toDoubleType): - -2012-02-13 Sam Weinig - - Move JSC related assertions out of Assertions.h and into their own header - https://bugs.webkit.org/show_bug.cgi?id=78508 - - Reviewed by Gavin Barraclough. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - Add GCAssertions.h - - * heap/GCAssertions.h: Added. - Move assertions here. - - * runtime/WriteBarrier.h: - Add #include of GCAssertions.h - - * wtf/Assertions.h: - Remove JSC related assertions. - - * wtf/Compiler.h: - Add compiler check for __has_trivial_destructor. - -2012-02-13 Chao-ying Fu - - Update MIPS patchOffsetGetByIdSlowCaseCall - https://bugs.webkit.org/show_bug.cgi?id=78392 - - Reviewed by Gavin Barraclough. - - * jit/JIT.h: - (JIT): - -2012-02-13 Patrick Gansterer - - Remove obsolete #if from ThreadSpecific.h - https://bugs.webkit.org/show_bug.cgi?id=78485 - - Reviewed by Adam Roben. - - Since alle platform use either pthread or Win32 for threading, - we can remove all PLATFORM() preprocessor statements. - - * wtf/ThreadSpecific.h: - (ThreadSpecific): - -2012-02-13 Jessie Berlin - - Fix the Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-13 Sam Weinig - - Use C11's _Static_assert for COMPILE_ASSERT if it is available - https://bugs.webkit.org/show_bug.cgi?id=78506 - - Rubber-stamped by Antti Koivisto. - - Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly - better error messages. - - * wtf/Assertions.h: - Use _Static_assert if it is available. - - * wtf/Compiler.h: - Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler. - -2012-02-13 Mario Sanchez Prada - - [GTK] Add GSList to the list of GObject types in GOwnPtr - https://bugs.webkit.org/show_bug.cgi?id=78487 - - Reviewed by Philippe Normand. - - Handle the GSList type in GOwnPtr, by calling g_slist_free in the - implementation of the freeOwnedGPtr template function. - - * wtf/gobject/GOwnPtr.cpp: - (WTF::GSList): - (WTF): - * wtf/gobject/GOwnPtr.h: - (WTF): - * wtf/gobject/GTypedefs.h: - -2012-02-06 Raphael Kubo da Costa - - [EFL] Drop support for the Curl network backend. - https://bugs.webkit.org/show_bug.cgi?id=77874 - - Reviewed by Eric Seidel. - - Nobody seems to be maintaining the Curl backend in WebCore, the - EFL port developers all seem to be using the Soup backend and the - port itself has many features which are only implemented for the - latter. - - * wtf/PlatformEfl.cmake: Always build the gobject-dependent source - files. - -2012-02-13 Patrick Gansterer - - Unreviewed. Build fix for !ENABLE(JIT) after r107485. - - * bytecode/PolymorphicPutByIdList.cpp: - -2012-02-13 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=78434 - Unreviewed - temporarily reverting r107498 will I fix a couple of testcases. - - * parser/Parser.cpp: - (JSC::::parseFunctionInfo): - * runtime/ClassInfo.h: - (MethodTable): - (JSC): - * runtime/JSCell.cpp: - (JSC): - * runtime/JSCell.h: - (JSCell): - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - * runtime/JSGlobalObjectFunctions.cpp: - (JSC): - * runtime/JSGlobalObjectFunctions.h: - (JSC): - * runtime/JSObject.cpp: - (JSC::JSObject::put): - (JSC): - (JSC::JSObject::putDirectAccessor): - (JSC::JSObject::defineOwnProperty): - * runtime/JSObject.h: - (JSC::JSObject::inlineGetOwnPropertySlot): - (JSC::JSValue::get): - * runtime/JSString.cpp: - (JSC::JSString::getOwnPropertySlot): - * runtime/JSValue.h: - (JSValue): - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetPrototypeOf): - * runtime/Structure.cpp: - (JSC::Structure::Structure): - * runtime/Structure.h: - (JSC::Structure::setHasGetterSetterProperties): - (Structure): - -2012-02-12 Ashod Nakashian - - KeywordLookupGenerator.py script fails in some cases - https://bugs.webkit.org/show_bug.cgi?id=77886 - - Reviewed by Benjamin Poulain. - - * parser/Keywords.table: Converted to LF-only. - -2012-02-12 Shinya Kawanaka - - Introduce ShadowRootList. - https://bugs.webkit.org/show_bug.cgi?id=78069 - - Reviewed by Hajime Morita. - - DoublyLinkedList should have tail() method to take the last element. - - * wtf/DoublyLinkedList.h: - (DoublyLinkedList): - (WTF::::tail): - (WTF): - -2012-02-12 Raphael Kubo da Costa - - [CMake] Move source files in WTF_HEADERS to WTF_SOURCES. - https://bugs.webkit.org/show_bug.cgi?id=78436 - - Reviewed by Daniel Bates. - - * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES, - and correctly sort the files which start with 'M'. - -2012-02-12 Sam Weinig - - Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj. - - Rubber-stamped by Anders Carlsson. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-02-12 Raphael Kubo da Costa - - [CMake] Remove unused or empty variable definitions. - https://bugs.webkit.org/show_bug.cgi?id=78437 - - Reviewed by Daniel Bates. - - * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition. - * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition. - * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will - be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES). - -2012-02-12 Filip Pizlo - - DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution() - https://bugs.webkit.org/show_bug.cgi?id=78431 - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): - -2012-02-11 Benjamin Poulain - - Add back WTFURL to WebKit - https://bugs.webkit.org/show_bug.cgi?id=77291 - - Reviewed by Adam Barth. - - WTFURL was removed from WebKit in r86787. - - This patch adds the code back to WTF with the following changes: - -Guard the feature with USE(WTFURL). - -Change the typename CHAR to CharacterType to follow recent WebKit conventions. - -Fix some coding style to make check-webkit-style happy. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/Platform.h: - * wtf/url/api/ParsedURL.cpp: Added. - (WTF): - (WTF::ParsedURL::ParsedURL): - (WTF::ParsedURL::scheme): - (WTF::ParsedURL::username): - (WTF::ParsedURL::password): - (WTF::ParsedURL::host): - (WTF::ParsedURL::port): - (WTF::ParsedURL::path): - (WTF::ParsedURL::query): - (WTF::ParsedURL::fragment): - (WTF::ParsedURL::segment): - * wtf/url/api/ParsedURL.h: Added. - (WTF): - (ParsedURL): - (WTF::ParsedURL::spec): - * wtf/url/api/URLString.h: Added. - (WTF): - (URLString): - (WTF::URLString::URLString): - (WTF::URLString::string): - * wtf/url/src/RawURLBuffer.h: Added. - (WTF): - (RawURLBuffer): - (WTF::RawURLBuffer::RawURLBuffer): - (WTF::RawURLBuffer::~RawURLBuffer): - (WTF::RawURLBuffer::resize): - * wtf/url/src/URLBuffer.h: Added. - (WTF): - (URLBuffer): - (WTF::URLBuffer::URLBuffer): - (WTF::URLBuffer::~URLBuffer): - (WTF::URLBuffer::at): - (WTF::URLBuffer::set): - (WTF::URLBuffer::capacity): - (WTF::URLBuffer::length): - (WTF::URLBuffer::data): - (WTF::URLBuffer::setLength): - (WTF::URLBuffer::append): - (WTF::URLBuffer::grow): - * wtf/url/src/URLCharacterTypes.cpp: Added. - (WTF): - (): - * wtf/url/src/URLCharacterTypes.h: Added. - (WTF): - (URLCharacterTypes): - (WTF::URLCharacterTypes::isQueryChar): - (WTF::URLCharacterTypes::isIPv4Char): - (WTF::URLCharacterTypes::isHexChar): - (): - (WTF::URLCharacterTypes::isCharOfType): - * wtf/url/src/URLComponent.h: Added. - (WTF): - (URLComponent): - (WTF::URLComponent::URLComponent): - (WTF::URLComponent::fromRange): - (WTF::URLComponent::isValid): - (WTF::URLComponent::isNonEmpty): - (WTF::URLComponent::isEmptyOrInvalid): - (WTF::URLComponent::reset): - (WTF::URLComponent::operator==): - (WTF::URLComponent::begin): - (WTF::URLComponent::setBegin): - (WTF::URLComponent::length): - (WTF::URLComponent::setLength): - (WTF::URLComponent::end): - * wtf/url/src/URLEscape.cpp: Added. - (WTF): - (): - * wtf/url/src/URLEscape.h: Added. - (WTF): - (WTF::appendURLEscapedCharacter): - * wtf/url/src/URLParser.h: Added. - (WTF): - (URLParser): - (): - (WTF::URLParser::isPossibleAuthorityTerminator): - (WTF::URLParser::parseAuthority): - (WTF::URLParser::extractScheme): - (WTF::URLParser::parseAfterScheme): - (WTF::URLParser::parseStandardURL): - (WTF::URLParser::parsePath): - (WTF::URLParser::parsePathURL): - (WTF::URLParser::parseMailtoURL): - (WTF::URLParser::parsePort): - (WTF::URLParser::extractFileName): - (WTF::URLParser::extractQueryKeyValue): - (WTF::URLParser::isURLSlash): - (WTF::URLParser::shouldTrimFromURL): - (WTF::URLParser::trimURL): - (WTF::URLParser::consecutiveSlashes): - (WTF::URLParser::isPortDigit): - (WTF::URLParser::nextAuthorityTerminator): - (WTF::URLParser::parseUserInfo): - (WTF::URLParser::parseServerInfo): - * wtf/url/src/URLQueryCanonicalizer.h: Added. - (WTF): - (URLQueryCanonicalizer): - (WTF::URLQueryCanonicalizer::canonicalize): - (WTF::URLQueryCanonicalizer::isAllASCII): - (WTF::URLQueryCanonicalizer::isRaw8Bit): - (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString): - (WTF::URLQueryCanonicalizer::convertToQueryEncoding): - * wtf/url/src/URLSegments.cpp: Added. - (WTF): - (WTF::URLSegments::length): - (WTF::URLSegments::charactersBefore): - * wtf/url/src/URLSegments.h: Added. - (WTF): - (URLSegments): - (): - (WTF::URLSegments::URLSegments): - -2012-02-11 Filip Pizlo - - Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path - https://bugs.webkit.org/show_bug.cgi?id=78430 - - - Reviewed by Gavin Barraclough. - - The old JIT's put_by_id transition caching involves repatching the slow call to - a generated stub. That means that the call is counted as "slow case". So, this - patch inserts code to decrement the slow case count if the stub succeeds. - - Looks like a ~1% speed-up on V8. - - * jit/JITPropertyAccess.cpp: - (JSC::JIT::privateCompilePutByIdTransition): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::privateCompilePutByIdTransition): - -2012-02-11 Filip Pizlo - - Build fix for Qt. - - * wtf/DataLog.h: - -2012-02-11 Filip Pizlo - - It should be possible to send all JSC debug logging to a file - https://bugs.webkit.org/show_bug.cgi?id=78418 - - Reviewed by Sam Weinig. - - Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog, - and WTF::dataLogV. Changed all debugging- and profiling-related printfs - to use WTF::dataLog() or one of its friends. By default, debug logging - goes to stderr, unless you change the setting in wtf/DataLog.cpp. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::dumpLinkStatistics): - (JSC::LinkBuffer::dumpCode): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::vprintfStdoutInstr): - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::printUnaryOp): - (JSC::CodeBlock::printBinaryOp): - (JSC::CodeBlock::printConditionalJump): - (JSC::CodeBlock::printGetByIdOp): - (JSC::CodeBlock::printCallOp): - (JSC::CodeBlock::printPutByIdOp): - (JSC::printGlobalResolveInfo): - (JSC::printStructureStubInfo): - (JSC::CodeBlock::printStructure): - (JSC::CodeBlock::printStructures): - (JSC::CodeBlock::dump): - (JSC::CodeBlock::dumpStatistics): - (JSC::CodeBlock::finalizeUnconditionally): - (JSC::CodeBlock::shouldOptimizeNow): - (JSC::CodeBlock::tallyFrequentExitSites): - (JSC::CodeBlock::dumpValueProfiles): - * bytecode/Opcode.cpp: - (JSC::OpcodeStats::~OpcodeStats): - * bytecode/SamplingTool.cpp: - (JSC::SamplingFlags::stop): - (JSC::SamplingRegion::dumpInternal): - (JSC::SamplingTool::dump): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::endBasicBlock): - (JSC::DFG::AbstractState::mergeStateAtTail): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::processPhiStack): - (JSC::DFG::ByteCodeParser::linkBlock): - (JSC::DFG::ByteCodeParser::parseCodeBlock): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGCommon.h: - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGGraph.cpp: - (JSC::DFG::printWhiteSpace): - (JSC::DFG::Graph::dumpCodeOrigin): - (JSC::DFG::Graph::dump): - (JSC::DFG::Graph::predictArgumentTypes): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGOSREntry.cpp: - (JSC::DFG::prepareOSREntry): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOperations.cpp: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::fixpoint): - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::propagateArithNodeFlagsForward): - (JSC::DFG::Propagator::propagateArithNodeFlagsBackward): - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::propagatePredictionsForward): - (JSC::DFG::Propagator::propagatePredictionsBackward): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::fixup): - (JSC::DFG::Propagator::startIndexForChildren): - (JSC::DFG::Propagator::endIndexForPureCSE): - (JSC::DFG::Propagator::setReplacement): - (JSC::DFG::Propagator::eliminate): - (JSC::DFG::Propagator::performNodeCSE): - (JSC::DFG::Propagator::localCSE): - (JSC::DFG::Propagator::allocateVirtualRegisters): - (JSC::DFG::Propagator::performBlockCFA): - (JSC::DFG::Propagator::performForwardCFA): - * dfg/DFGRegisterBank.h: - (JSC::DFG::RegisterBank::dump): - * dfg/DFGScoreBoard.h: - (JSC::DFG::ScoreBoard::dump): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::dump): - (JSC::DFG::SpeculativeJIT::checkConsistency): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - * heap/Heap.cpp: - (JSC::Heap::destroy): - * heap/MarkedBlock.h: - * interpreter/CallFrame.cpp: - (JSC::CallFrame::dumpCaller): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::dumpRegisters): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - (JSC::JIT::privateCompile): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * profiler/Profile.cpp: - (JSC::Profile::debugPrintData): - (JSC::Profile::debugPrintDataSampleStyle): - * profiler/ProfileNode.cpp: - (JSC::ProfileNode::debugPrintData): - (JSC::ProfileNode::debugPrintDataSampleStyle): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::dumpRegExpTrace): - * runtime/RegExp.cpp: - (JSC::RegExp::matchCompareWithInterpreter): - * runtime/SamplingCounter.cpp: - (JSC::AbstractSamplingCounter::dump): - * runtime/SamplingCounter.h: - (JSC::DeletableSamplingCounter::~DeletableSamplingCounter): - * runtime/ScopeChain.cpp: - (JSC::ScopeChainNode::print): - * runtime/Structure.cpp: - (JSC::Structure::dumpStatistics): - (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger): - * tools/CodeProfile.cpp: - (JSC::CodeProfile::report): - * tools/ProfileTreeNode.h: - (JSC::ProfileTreeNode::dumpInternal): - * wtf/CMakeLists.txt: - * wtf/DataLog.cpp: Added. - (WTF): - (WTF::initializeLogFileOnce): - (WTF::initializeLogFile): - (WTF::dataFile): - (WTF::dataLogV): - (WTF::dataLog): - * wtf/DataLog.h: Added. - (WTF): - * wtf/HashTable.cpp: - (WTF::HashTableStats::~HashTableStats): - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocator::dumpProfile): - * wtf/text/WTFString.cpp: - (String::show): - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::ByteCompiler::dumpDisjunction): - -2012-02-11 Gavin Barraclough - - Move special __proto__ property to Object.prototype - https://bugs.webkit.org/show_bug.cgi?id=78409 - - Reviewed by Oliver Hunt. - - Re-implement this as a regular accessor property. This has three key benefits: - 1) It makes it possible for objects to be given properties named __proto__. - 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. - 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. - - * parser/Parser.cpp: - (JSC::::parseFunctionInfo): - - No need to prohibit functions named __proto__. - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - - Add __proto__ accessor to Object.prototype. - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::globalFuncProtoGetter): - (JSC::globalFuncProtoSetter): - - Definition of the __proto__ accessor functions. - * runtime/JSGlobalObjectFunctions.h: - - Declaration of the __proto__ accessor functions. - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. - (JSC::JSObject::putDirectAccessor): - - Track on the structure whether an object contains accessors other than one for __proto__. - (JSC::JSObject::defineOwnProperty): - - No need to prohibit definition of own properties named __proto__. - * runtime/JSObject.h: - (JSC::JSObject::inlineGetOwnPropertySlot): - - Remove the special handling for __proto__. - (JSC::JSValue::get): - - Remove the special handling for __proto__. - * runtime/JSString.cpp: - (JSC::JSString::getOwnPropertySlot): - - Remove the special handling for __proto__. - * runtime/JSValue.h: - (JSValue): - - Made synthesizePrototype public (this may be needed by the __proto__ getter). - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetPrototypeOf): - - Perform the security check & call prototype() directly. - * runtime/Structure.cpp: - (JSC::Structure::Structure): - - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. - * runtime/Structure.h: - (JSC::Structure::hasGetterSetterPropertiesExcludingProto): - (JSC::Structure::setHasGetterSetterProperties): - (Structure): - - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. - -2012-02-11 Filip Pizlo - - DFG CFA assumes that a WeakJSConstant's structure is known - https://bugs.webkit.org/show_bug.cgi?id=78428 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - -2012-02-11 Mark Hahnenberg - - Qt debug build fix - - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate - JSFinalObjects in the destuctor subspace, so we should remove this assert so it - doesn't cause crashes. - -2012-02-11 Filip Pizlo - - Old 32_64 JIT should assert that its use of map() is consistent with the DFG - OSR exit's expectations - https://bugs.webkit.org/show_bug.cgi?id=78419 - - - Reviewed by Oliver Hunt. - - * jit/JITInlineMethods.h: - (JSC::JIT::map): - -2012-02-11 Mark Hahnenberg - - Reduce the reentrancy limit of the interpreter for the iOS simulator - https://bugs.webkit.org/show_bug.cgi?id=78400 - - Reviewed by Gavin Barraclough. - - * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks. - (JSC): - -2012-02-11 Filip Pizlo - - [DFG] Misuse of WeakJSConstants in silentFillGPR code. - https://bugs.webkit.org/show_bug.cgi?id=78423 - - - Reviewed by Sam Weinig. - - The code was using Node::isConstant(), when it was supposed to use Node::hasConstant(). - This patch is a surgical fix; the bigger problem is: why do we have isConstant() and - hasConstant() when hasConstant() is correct and isConstant() is almost always wrong? - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::silentFillGPR): - -2012-02-11 Sam Weinig - - Prepare JavaScriptCore to build with libc++ - - https://bugs.webkit.org/show_bug.cgi?id=78424 - - Reviewed by Anders Carlsson. - - * wtf/NullPtr.cpp: - * wtf/NullPtr.h: - libc++ provides std::nullptr emulation, so we don't have to. - -2012-02-07 Filip Pizlo - - DFG should have polymorphic put_by_id caching - https://bugs.webkit.org/show_bug.cgi?id=78062 - - - Reviewed by Oliver Hunt. - - Implemented polymorphic put_by_id caching in the DFG, and added much of the - machinery that would be needed to implement it in the old JIT as well. - - I decided against using the old PolymorphicAccessStructureList mechanism as - this didn't quite fit with put_by_id. In particular, I wanted the ability to - have one list that captured all relevant cases (including proto put_by_id - if we ever decided to do it). And I wanted the code to have better - encapsulation. And I didn't want to get confused by the fact that the - original (non-list) put_by_id cache may itself consist of a stub routine. - - This code is still sub-optimal (for example adding a replace to a list whose - previous elements are all transitions should just repatch the original code, - but here it will generate a stub) but it already generates a >20% speed-up - on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/PolymorphicPutByIdList.cpp: Added. - (JSC): - (JSC::PutByIdAccess::fromStructureStubInfo): - (JSC::PutByIdAccess::visitWeak): - (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList): - (JSC::PolymorphicPutByIdList::from): - (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList): - (JSC::PolymorphicPutByIdList::isFull): - (JSC::PolymorphicPutByIdList::isAlmostFull): - (JSC::PolymorphicPutByIdList::addAccess): - (JSC::PolymorphicPutByIdList::visitWeak): - * bytecode/PolymorphicPutByIdList.h: Added. - (JSC): - (PutByIdAccess): - (JSC::PutByIdAccess::PutByIdAccess): - (JSC::PutByIdAccess::transition): - (JSC::PutByIdAccess::replace): - (JSC::PutByIdAccess::isSet): - (JSC::PutByIdAccess::operator!): - (JSC::PutByIdAccess::type): - (JSC::PutByIdAccess::isTransition): - (JSC::PutByIdAccess::isReplace): - (JSC::PutByIdAccess::oldStructure): - (JSC::PutByIdAccess::structure): - (JSC::PutByIdAccess::newStructure): - (JSC::PutByIdAccess::chain): - (JSC::PutByIdAccess::stubRoutine): - (PolymorphicPutByIdList): - (JSC::PolymorphicPutByIdList::currentSlowPathTarget): - (JSC::PolymorphicPutByIdList::isEmpty): - (JSC::PolymorphicPutByIdList::size): - (JSC::PolymorphicPutByIdList::at): - (JSC::PolymorphicPutByIdList::operator[]): - (JSC::PolymorphicPutByIdList::kind): - * bytecode/PutKind.h: Added. - (JSC): - * bytecode/StructureStubInfo.cpp: - (JSC::StructureStubInfo::deref): - (JSC::StructureStubInfo::visitWeakReferences): - * bytecode/StructureStubInfo.h: - (JSC): - (JSC::isPutByIdAccess): - (JSC::StructureStubInfo::initPutByIdList): - (StructureStubInfo): - (JSC::StructureStubInfo::reset): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - (DFG): - * dfg/DFGRepatch.cpp: - (JSC::DFG::appropriateGenericPutByIdFunction): - (JSC::DFG::appropriateListBuildingPutByIdFunction): - (DFG): - (JSC::DFG::emitPutReplaceStub): - (JSC::DFG::emitPutTransitionStub): - (JSC::DFG::tryCachePutByID): - (JSC::DFG::dfgRepatchPutByID): - (JSC::DFG::tryBuildPutByIdList): - (JSC::DFG::dfgBuildPutByIdList): - (JSC::DFG::dfgResetPutByID): - * dfg/DFGRepatch.h: - (DFG): - * runtime/WriteBarrier.h: - (WriteBarrierBase): - (JSC::WriteBarrierBase::copyFrom): - -2012-02-10 Vineet Chaudhary - - https://bugs.webkit.org/show_bug.cgi?id=72756 - DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it - - Reviewed by Timothy Hatcher. - - * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and - AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions. - -2012-02-10 Mark Hahnenberg - - Fixing windows build - - Unreviewed build fix - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-10 Adam Klein - - Enable MUTATION_OBSERVERS by default on all platforms - https://bugs.webkit.org/show_bug.cgi?id=78196 - - Reviewed by Ojan Vafai. - - * Configurations/FeatureDefines.xcconfig: - -2012-02-10 Yong Li - - ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable. - https://bugs.webkit.org/show_bug.cgi?id=76724 - - Reviewed by Rob Buis. - - This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on. - The size used to call makeExecutable can be smaller than the one that was used for makeWritable. - So it can leave pages behind that are not set back to default flags. When an assembly on one of those - pages is executed or JIT returns to those pages in the case it was already executing from there, the - software will crash. - - * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization(). - (JSC::LinkBuffer::LinkBuffer): - (JSC::LinkBuffer::linkCode): - (JSC::LinkBuffer::performFinalization): - (LinkBuffer): - -2012-02-10 Mark Hahnenberg - - Split MarkedSpace into destructor and destructor-free subspaces - https://bugs.webkit.org/show_bug.cgi?id=77761 - - Reviewed by Geoffrey Garen. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space. - * heap/Heap.h: - (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to - pick which subspace they want to allocate out of. - (JSC::Heap::allocatorForObjectWithDestructor): Ditto. - (Heap): - (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use. - (JSC): - (JSC::Heap::allocateWithoutDestructor): Ditto. - * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate - their MarkedBlocks correctly. - (JSC::MarkedAllocator::allocateBlock): - * heap/MarkedAllocator.h: - (JSC::MarkedAllocator::cellsNeedDestruction): - (MarkedAllocator): - (JSC::MarkedAllocator::MarkedAllocator): - (JSC): - (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with - an init function that does all of that stuff in fewer lines. - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::create): - (JSC::MarkedBlock::recycle): - (JSC::MarkedBlock::MarkedBlock): - (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make - checking the m_cellsNeedDestructor flag faster and cleaner looking. - (JSC): - (JSC::MarkedBlock::specializedSweep): - (JSC::MarkedBlock::sweep): - (JSC::MarkedBlock::sweepHelper): - * heap/MarkedBlock.h: - (MarkedBlock): - (JSC::MarkedBlock::cellsNeedDestruction): - (JSC): - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::MarkedSpace): - (JSC::MarkedSpace::resetAllocators): - (JSC::MarkedSpace::canonicalizeCellLivenessData): - (JSC::TakeIfUnmarked::operator()): - * heap/MarkedSpace.h: - (MarkedSpace): - (Subspace): - (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of - allocators. - (JSC): - (JSC::MarkedSpace::destructorAllocatorFor): Ditto. - (JSC::MarkedSpace::allocateWithoutDestructor): Ditto. - (JSC::MarkedSpace::allocateWithDestructor): Ditto. - (JSC::MarkedSpace::forEachBlock): - * jit/JIT.h: - * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others. - (JSC::JIT::emitAllocateBasicJSObject): - (JSC::JIT::emitAllocateJSFinalObject): - (JSC::JIT::emitAllocateJSFunction): - * runtime/JSArray.cpp: - (JSC): - * runtime/JSArray.h: - (JSArray): - (JSC::JSArray::create): - (JSC): - (JSC::JSArray::tryCreateUninitialized): - * runtime/JSCell.h: - (JSCell): - (JSC): - (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires - destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this - constant to decide whether to allocate in the destructor or destructor-free parts of the heap. - (JSC::allocateCell): - * runtime/JSFunction.cpp: - (JSC): - * runtime/JSFunction.h: - (JSFunction): - * runtime/JSObject.cpp: - (JSC): - * runtime/JSObject.h: - (JSNonFinalObject): - (JSC): - (JSFinalObject): - (JSC::JSFinalObject::create): - -2012-02-10 Adrienne Walker - - Remove implicit copy constructor usage in HashMaps with OwnPtr - https://bugs.webkit.org/show_bug.cgi?id=78071 - - Reviewed by Darin Adler. - - Change the return type of emptyValue() in PairHashTraits to be the - actual type returned rather than the trait type to avoid an implicit - generation of the OwnPtr copy constructor. This happens for hash - traits involving OwnPtr where the empty value is not zero and each - hash bucket needs to be initialized with emptyValue(). - - Also, update StructureTransitionTable to use default hash traits - rather than rolling its own, in order to update it to handle - EmptyValueType. - - Test: patch from bug 74154 compiles on Clang with this patch - - * runtime/StructureTransitionTable.h: - (StructureTransitionTable): - * wtf/HashTraits.h: - (GenericHashTraits): - (PairHashTraits): - (WTF::PairHashTraits::emptyValue): - -2012-02-10 Aron Rosenberg - - [Qt] Fix compiler warning in Visual Studio 2010 about TR1 - https://bugs.webkit.org/show_bug.cgi?id=63642 - - Reviewed by Simon Hausmann. - - * JavaScriptCore.pri: - -2012-02-10 Michael Saboff - - Yarr assert with regexp where alternative in *-quantified group matches empty - https://bugs.webkit.org/show_bug.cgi?id=67752 - - Reviewed by Gavin Barraclough. - - Added backtracking for the prior alternative if it matched - but didn't consume any input characters. - - * yarr/YarrJIT.cpp: - (YarrOp): New jump. - (JSC::Yarr::YarrGenerator::generate): Emit conditional jump - when an alternative matches and no input was consumed. Moved the - zero length match check for a set of alternatives to the alternative - code from the parentheses cases to the alternative end cases. - Converted the existing zero length checks in the parentheses cases - to runtime assertion checks. - (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack - to prior term. - -2012-02-10 Roland Takacs - - [Qt] GC should be parallel on Qt platform - https://bugs.webkit.org/show_bug.cgi?id=73309 - - Reviewed by Zoltan Herczeg. - - These changes made the parallel gc feature available for Qt port. - The implementation of "registerGCThread" and "isMainThreadOrGCThread", - and a local static function [initializeGCThreads] is moved from - MainThreadMac.mm to the common MainThread.cpp to make them available - for other platforms. - - Measurement results: - V8 speed-up: 1.025x as fast [From: 663.4ms To: 647.0ms ] - V8 Splay speed-up: 1.185x as fast [From: 138.4ms To: 116.8ms ] - - Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. - - * JavaScriptCore.order: - * wtf/MainThread.cpp: - (WTF::initializeMainThread): - (WTF): - (WTF::initializeGCThreads): - (WTF::registerGCThread): - (WTF::isMainThreadOrGCThread): - * wtf/MainThread.h: - (WTF): - * wtf/Platform.h: - * wtf/mac/MainThreadMac.mm: - (WTF): - -2012-02-09 Andy Wingo - - Eliminate dead code in BytecodeGenerator::resolve() - https://bugs.webkit.org/show_bug.cgi?id=78242 - - Reviewed by Gavin Barraclough. - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::resolve): - BytecodeGenerator::shouldOptimizeLocals() is only true for - FunctionCode, and thus cannot be true for GlobalCode. - -2012-02-09 Andy Wingo - - Remove BytecodeGenerator::isLocal - https://bugs.webkit.org/show_bug.cgi?id=78241 - - Minor refactor to BytecodeGenerator. - - Reviewed by Gavin Barraclough. - - * bytecompiler/BytecodeGenerator.h: - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::isLocal): - (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused - methods. - * bytecompiler/NodesCodegen.cpp: - (JSC::ResolveNode::isPure): Use the ResolveResult mechanism - instead of isLocal. This will recognize more resolve nodes as - being pure. - (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the - location instead of isLocalConstant. - -2012-02-09 Oliver Hunt - - The JS Parser scope object needs a VectorTrait specialization - https://bugs.webkit.org/show_bug.cgi?id=78308 - - Reviewed by Gavin Barraclough. - - This showed up as a periodic crash in various bits of generated code - originally, but I've added an assertion in the bytecode generator - that makes the effected code much more crash-happy should it go - wrong again. - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): - (JSC::BytecodeGenerator::resolve): - * parser/Parser.cpp: - * parser/Parser.h: - (JSC): - * runtime/JSActivation.h: - (JSC::JSActivation::isValidScopedLookup): - (JSActivation): - -2012-02-08 Oliver Hunt - - Whoops, fix the build. - - * runtime/Executable.cpp: - (JSC::FunctionExecutable::FunctionExecutable): - -2012-02-08 Oliver Hunt - - Fix issue encountered while debugging stacktraces - https://bugs.webkit.org/show_bug.cgi?id=78147 - - Reviewed by Gavin Barraclough. - - Debugging is easier if we always ensure that we have a non-null - inferred name. - - * runtime/Executable.cpp: - (JSC::FunctionExecutable::FunctionExecutable): - -2012-02-08 Oliver Hunt - - updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs - https://bugs.webkit.org/show_bug.cgi?id=78145 - - Reviewed by Gavin Barraclough. - - Fix the updateTopCallFrame helper to store additional information - that becomes necessary when we are trying to provide more stack - frame information. - - * interpreter/CallFrame.h: - (JSC::ExecState::bytecodeOffsetForBaselineJIT): - (ExecState): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JIT.h: - (JSC::JIT::compileGetByIdProto): - (JSC::JIT::compileGetByIdSelfList): - (JSC::JIT::compileGetByIdProtoList): - (JSC::JIT::compileGetByIdChainList): - (JSC::JIT::compileGetByIdChain): - (JSC::JIT::compilePutByIdTransition): - (JIT): - * jit/JITInlineMethods.h: - (JSC::JIT::updateTopCallFrame): - -2012-02-07 Robert Kroeger - - [chromium] Remove the enable marcro for the no longer necessary Chromium - gesture recognizer. - https://bugs.webkit.org/show_bug.cgi?id=77492 - - Reviewed by Adam Barth. - - * wtf/Platform.h: - -2012-02-07 Tony Chang - - merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in - https://bugs.webkit.org/show_bug.cgi?id=78036 - - Reviewed by Darin Adler. - - * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES. - -2012-02-07 Gyuyoung Kim - - [CMAKE] Use *bin* and *lib* directories for executable and libraries. - https://bugs.webkit.org/show_bug.cgi?id=77928 - - Reviewed by Daniel Bates. - - CMake has used *Programs* directory for executable. In addition, shared libraries are being - built in source directory. It is better to set common places in order to maintain executable - and libraries. *bin* is for executable and *lib* is for library. - - * shell/CMakeLists.txt: Change *Programs* with *bin*. - -2012-02-07 Gavin Barraclough - - Crash on http://www.rickshawbags.com/ - https://bugs.webkit.org/show_bug.cgi?id=78045 - - Reviewed by Darin Adler. - - Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag() - - This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933, - isVariableObject() checks were excluding StaticScopeObjects, this patch - inadvertently changed them to be included. - - * runtime/JSType.h: - - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType, - and thus is excluded from isVariableObject() checks. - -2012-02-06 Jer Noble - - Use CMClock as a timing source for PlatformClock where available. - https://bugs.webkit.org/show_bug.cgi?id=77885 - - Reviewed by Eric Carlson. - - * wtf/Platform.h: Added WTF_USE_COREMEDIA. - -2012-02-06 Filip Pizlo - - ValueToNumber and ValueToDouble nodes don't do anything and should be removed - https://bugs.webkit.org/show_bug.cgi?id=77855 - - - Reviewed by Gavin Barraclough. - - Removed ValueToNumber and ValueToDouble, because the only thing they were doing - was wasting registers. - - This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken, - mostly due to a >10% win on gaussian-blur. No win anywhere else. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getToInt32): - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::handleMinMax): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::Node::hasArithNodeFlags): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::vote): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (Propagator): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::canonicalize): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-06 Patrick Gansterer - - Unreviewed WinCE build fix after r106197. - - * tools/CodeProfiling.cpp: - (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it. - -2012-02-05 Gavin Barraclough - - Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter - https://bugs.webkit.org/show_bug.cgi?id=77451 - - Reviewed by Sam Weinig. - - These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor. - Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor. - - * JavaScriptCore.exp: - * debugger/DebuggerActivation.cpp: - (JSC::DebuggerActivation::defineOwnProperty): - * debugger/DebuggerActivation.h: - (DebuggerActivation): - * runtime/ClassInfo.h: - (MethodTable): - (JSC): - * runtime/JSBoundFunction.cpp: - (JSC::JSBoundFunction::finishCreation): - * runtime/JSCell.cpp: - (JSC): - * runtime/JSCell.h: - (JSCell): - * runtime/JSFunction.cpp: - (JSC::JSFunction::getOwnPropertySlot): - (JSC::JSFunction::getOwnPropertyDescriptor): - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::defineOwnProperty): - (JSC): - * runtime/JSGlobalObject.h: - (JSGlobalObject): - * runtime/JSObject.cpp: - (JSC): - * runtime/JSObject.h: - (JSObject): - * runtime/ObjectPrototype.cpp: - (JSC::objectProtoFuncDefineGetter): - (JSC::objectProtoFuncDefineSetter): - (JSC::objectProtoFuncLookupGetter): - (JSC::objectProtoFuncLookupSetter): - -2012-02-06 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing files. - -2012-02-05 Filip Pizlo - - DFG's child references from one node to another should have room for type information - https://bugs.webkit.org/show_bug.cgi?id=77797 - - Reviewed by Oliver Hunt. - - The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned) - and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated - together as a DFG::NodeUse, which can in most cases still be used as an index (for - example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places - where they really want a NodeIndex). - - The NodeUse stores both the index and the UseKind without bloating the memory usage of - DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is - roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile - something - likely a sensible assumption! - then we will only be able to have room for - about 24 million nodes, which means we only need about 24.5 bits for the node index). - Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index, - but stores the index as a signed number to make NoNode work naturally. Hence we really - just have 27 bits for the index. - - This is performance-neutral on all benchmarks we track. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGAbstractState.h: - (JSC::DFG::AbstractState::forNode): - (AbstractState): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::toInt32): - (JSC::DFG::ByteCodeParser::addVarArgChild): - (JSC::DFG::ByteCodeParser::processPhiStack): - * dfg/DFGCommon.h: - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - (DFG): - * dfg/DFGGraph.h: - (Graph): - (JSC::DFG::Graph::operator[]): - (JSC::DFG::Graph::at): - (JSC::DFG::Graph::ref): - (JSC::DFG::Graph::deref): - (JSC::DFG::Graph::clearAndDerefChild1): - (JSC::DFG::Graph::clearAndDerefChild2): - (JSC::DFG::Graph::clearAndDerefChild3): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::getPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::Node): - (JSC::DFG::Node::child1): - (JSC::DFG::Node::child1Unchecked): - (JSC::DFG::Node::child2): - (JSC::DFG::Node::child3): - (JSC::DFG::Node::firstChild): - (JSC::DFG::Node::numChildren): - (JSC::DFG::Node::dumpChildren): - (Node): - * dfg/DFGNodeReferenceBlob.h: Added. - (DFG): - (NodeReferenceBlob): - (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob): - (JSC::DFG::NodeReferenceBlob::child): - (JSC::DFG::NodeReferenceBlob::child1): - (JSC::DFG::NodeReferenceBlob::child2): - (JSC::DFG::NodeReferenceBlob::child3): - (JSC::DFG::NodeReferenceBlob::child1Unchecked): - (JSC::DFG::NodeReferenceBlob::initialize): - (JSC::DFG::NodeReferenceBlob::firstChild): - (JSC::DFG::NodeReferenceBlob::setFirstChild): - (JSC::DFG::NodeReferenceBlob::numChildren): - (JSC::DFG::NodeReferenceBlob::setNumChildren): - * dfg/DFGNodeUse.h: Added. - (DFG): - (NodeUse): - (JSC::DFG::NodeUse::NodeUse): - (JSC::DFG::NodeUse::indexUnchecked): - (JSC::DFG::NodeUse::index): - (JSC::DFG::NodeUse::setIndex): - (JSC::DFG::NodeUse::useKind): - (JSC::DFG::NodeUse::setUseKind): - (JSC::DFG::NodeUse::isSet): - (JSC::DFG::NodeUse::operator!): - (JSC::DFG::NodeUse::operator==): - (JSC::DFG::NodeUse::operator!=): - (JSC::DFG::NodeUse::shift): - (JSC::DFG::NodeUse::makeWord): - (JSC::DFG::operator==): - (JSC::DFG::operator!=): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::vote): - (JSC::DFG::Propagator::toDouble): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::canonicalize): - (JSC::DFG::Propagator::startIndex): - (JSC::DFG::Propagator::globalVarLoadElimination): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::performSubstitution): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGScoreBoard.h: - (JSC::DFG::ScoreBoard::use): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::useChildren): - (JSC::DFG::SpeculativeJIT::writeBarrier): - (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): - (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): - (JSC::DFG::SpeculativeJIT::compileMovHint): - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - (JSC::DFG::SpeculativeJIT::compileAdd): - (JSC::DFG::SpeculativeJIT::compileArithSub): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - (JSC::DFG::SpeculativeJIT::compileStrictEq): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::at): - (JSC::DFG::SpeculativeJIT::canReuse): - (JSC::DFG::SpeculativeJIT::use): - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): - (JSC::DFG::IntegerOperand::IntegerOperand): - (JSC::DFG::DoubleOperand::DoubleOperand): - (JSC::DFG::JSValueOperand::JSValueOperand): - (JSC::DFG::StorageOperand::StorageOperand): - (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): - (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): - (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): - (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): - (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): - (JSC::DFG::SpeculativeJIT::cachedPutById): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileValueAdd): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): - (JSC::DFG::SpeculativeJIT::cachedPutById): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileValueAdd): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-05 Gyuyoung Kim - - [CMAKE] Support javascriptcore test for EFL port. - https://bugs.webkit.org/show_bug.cgi?id=77425 - - Reviewed by Daniel Bates. - - Efl and WinCE as well as Blackberry port are now using Cmake as its build system - and they are share the make file to create jsc excutable. In order to run - "run-javascriptcore-tests", EFL port needs to change jsc installation configuration - with executable output directory(e.g. Programs). So, this patch change jsc installation - configuration only for EFL port. - - * shell/CMakeLists.txt: - -2012-02-04 Gavin Barraclough - - Rubber stamped by Sam Weinig. - - * yarr/YarrPattern.cpp: - (JSC::Yarr::YarrPatternConstructor::quantifyAtom): - - Fix comment. - -2012-02-04 Kalev Lember - - [GTK] CurrentTime: Reorder headers for win32 - https://bugs.webkit.org/show_bug.cgi?id=77808 - - Reviewed by Martin Robinson. - - In GTK+ win32 port, monotonicallyIncreasingTime() implementation is - based on g_get_monotonic_time(). Reorder headers to make sure glib.h - gets included even when the platform is win32. - - CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()': - CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope - CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type] - - * wtf/CurrentTime.cpp: - -2012-02-03 Anders Carlsson - - Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores - https://bugs.webkit.org/show_bug.cgi?id=77788 - - Reviewed by Andreas Kling. - - The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to - code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening. - - * wtf/FastAllocBase.h: - -2012-02-03 Rob Buis - - Fix alignment warnings in ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=55368 - - Reviewed by Filip Pizlo. - - Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code. - - * heap/HandleTypes.h: - (JSC::HandleTypes::getFromSlot): - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::specializedSweep): - * heap/MarkedBlock.h: - (JSC::MarkedBlock::forEachCell): - * runtime/WriteBarrier.h: - (JSC::WriteBarrierBase::get): - (JSC::WriteBarrierBase::unvalidatedGet): - -2012-02-03 Mark Hahnenberg - - Build fix - - Unreviewed build fix - - Forgot to add a couple files. - - * heap/MarkedAllocator.cpp: Added. - (JSC): - (JSC::MarkedAllocator::tryAllocateHelper): - (JSC::MarkedAllocator::tryAllocate): - (JSC::MarkedAllocator::allocateSlowCase): - (JSC::MarkedAllocator::allocateBlock): - (JSC::MarkedAllocator::addBlock): - (JSC::MarkedAllocator::removeBlock): - * heap/MarkedAllocator.h: Added. - (JSC): - (DFG): - (MarkedAllocator): - (JSC::MarkedAllocator::cellSize): - (JSC::MarkedAllocator::heap): - (JSC::MarkedAllocator::setHeap): - (JSC::MarkedAllocator::setCellSize): - (JSC::MarkedAllocator::setMarkedSpace): - (JSC::MarkedAllocator::MarkedAllocator): - (JSC::MarkedAllocator::allocate): - (JSC::MarkedAllocator::reset): - (JSC::MarkedAllocator::zapFreeList): - (JSC::MarkedAllocator::forEachBlock): - -2012-02-03 Mark Hahnenberg - - Refactor MarkedBlock::SizeClass into a separate class - https://bugs.webkit.org/show_bug.cgi?id=77600 - - Reviewed by Geoffrey Garen. - - We pulled SizeClass out into its own class, named MarkedAllocator, and gave it - the responsibility of allocating objects from the collection of MarkedBlocks - that it manages. Also limited the amount of coupling to internal data fields - from other places, although it's mostly unavoidable in the JIT code. - - Eventually MarkedAllocator will implement various policies to do with object - management, e.g. whether or not to run destructors on objects that it manages. - MarkedSpace will manage a collection of MarkedAllocators with varying policies, - as it does now but to a larger extent. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): - * heap/Heap.cpp: - (JSC::Heap::collect): - (JSC::Heap::resetAllocators): - * heap/Heap.h: - (JSC::Heap::allocatorForObject): - (Heap): - * heap/MarkedAllocator.cpp: Added. - (JSC): - (JSC::MarkedAllocator::tryAllocateHelper): - (JSC::MarkedAllocator::tryAllocate): - (JSC::MarkedAllocator::allocateSlowCase): - (JSC::MarkedAllocator::allocateBlock): - (JSC::MarkedAllocator::addBlock): - (JSC::MarkedAllocator::removeBlock): - * heap/MarkedAllocator.h: Added. - (JSC): - (DFG): - (MarkedAllocator): - (JSC::MarkedAllocator::cellSize): - (JSC::MarkedAllocator::heap): - (JSC::MarkedAllocator::setHeap): - (JSC::MarkedAllocator::setCellSize): - (JSC::MarkedAllocator::setMarkedSpace): - (JSC::MarkedAllocator::MarkedAllocator): - (JSC::MarkedAllocator::allocate): - (JSC::MarkedAllocator::reset): - (JSC::MarkedAllocator::zapFreeList): - (JSC::MarkedAllocator::forEachBlock): - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::MarkedSpace): - (JSC::MarkedSpace::resetAllocators): - (JSC::MarkedSpace::canonicalizeCellLivenessData): - (JSC::TakeIfUnmarked::operator()): - * heap/MarkedSpace.h: - (MarkedSpace): - (JSC::MarkedSpace::allocatorFor): - (JSC::MarkedSpace::allocate): - (JSC::MarkedSpace::forEachBlock): - (JSC::MarkedSpace::didAddBlock): - (JSC::MarkedSpace::didConsumeFreeList): - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateBasicJSObject): - -2012-02-03 Simon Hausmann - - [Qt] Replace GNU linker script for exports with export macros in WTF/JSC - https://bugs.webkit.org/show_bug.cgi?id=77723 - - Reviewed by Tor Arne Vestbø. - - * wtf/Platform.h: Enable use of export macros. - -2012-02-02 Hajime Morrita - - Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation. - - * interpreter/Interpreter.h: - (Interpreter): - -2012-01-31 Hajime Morrita - - [Mac] eliminate JavaScriptCore.exp - https://bugs.webkit.org/show_bug.cgi?id=72854 - - Reviewed by Darin Adler. - - - Removed exp files and corresponding makefile entries. - - Changed the build configuration no to use exp file. - - * Configurations/JavaScriptCore.xcconfig: - * DerivedSources.make: - * JavaScriptCore.JSVALUE32_64only.exp: Removed. - * JavaScriptCore.JSVALUE64only.exp: Removed. - * JavaScriptCore.exp: Removed. - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/Platform.h: - -2012-02-02 Benjamin Poulain - - Running a Web Worker on about:blank crashes the interpreter - https://bugs.webkit.org/show_bug.cgi?id=77593 - - Reviewed by Michael Saboff. - - The method Interpreter::execute() was crashing on empty programs because - the assumption is made the source is not null. - - This patch shortcut the execution when the String is null to avoid invalid - memory access. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - -2012-02-02 Kalev Lember - - [GTK] Use win32 native threading - https://bugs.webkit.org/show_bug.cgi?id=77676 - - Reviewed by Martin Robinson. - - r97269 switched from glib threading to pthreads, breaking win32 GTK+. - This is a follow up, removing some leftovers in ThreadSpecific.h and - switching win32 to use the native threading in ThreadingWin.cpp. - - * GNUmakefile.list.am: Compile in win32 native threading support - * wtf/ThreadSpecific.h: Remove GTK+-specific definitions - (ThreadSpecific): - (WTF::::destroy): - -2012-02-02 Filip Pizlo - - retrieveCallerFromVMCode should call trueCallerFrame - https://bugs.webkit.org/show_bug.cgi?id=77684 - - Reviewed by Oliver Hunt. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::retrieveCallerFromVMCode): - -2012-02-02 Kalev Lember - - [GTK] Implement current executable path finding for win32 - https://bugs.webkit.org/show_bug.cgi?id=77677 - - Reviewed by Martin Robinson. - - The WTF helper for getting the binary path that was added in r101710 - left out the win32 implementation. Fix this. - - * wtf/gobject/GlibUtilities.cpp: - (getCurrentExecutablePath): - -2012-02-02 Filip Pizlo - - Throwing away bytecode and then reparsing during DFG optimization is just - plain wrong and makes things crash - https://bugs.webkit.org/show_bug.cgi?id=77680 - - - Reviewed by Oliver Hunt. - - This is the minimal surgical fix: it removes the code that triggered bytecode - throw-away. Once we're confident that this is a good idea, we can kill all of - the code that implements the feature. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::discardBytecodeLater): - (JSC::CodeBlock::addValueProfile): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - -2012-02-02 Filip Pizlo - - Release build debugging should be easier - https://bugs.webkit.org/show_bug.cgi?id=77669 - - Reviewed by Gavin Barraclough. - - * assembler/ARMAssembler.h: - (ARMAssembler): - (JSC::ARMAssembler::debugOffset): - * assembler/ARMv7Assembler.h: - (ARMv7Assembler): - (JSC::ARMv7Assembler::debugOffset): - (ARMInstructionFormatter): - (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset): - * assembler/AbstractMacroAssembler.h: - (AbstractMacroAssembler): - (JSC::AbstractMacroAssembler::debugOffset): - * assembler/AssemblerBuffer.h: - (AssemblerBuffer): - (JSC::AssemblerBuffer::debugOffset): - * assembler/LinkBuffer.h: - (LinkBuffer): - (JSC::LinkBuffer::debugSize): - * assembler/MIPSAssembler.h: - (MIPSAssembler): - (JSC::MIPSAssembler::debugOffset): - * assembler/X86Assembler.h: - (X86Assembler): - (JSC::X86Assembler::debugOffset): - (X86InstructionFormatter): - (JSC::X86Assembler::X86InstructionFormatter::debugOffset): - * bytecode/CodeBlock.cpp: - (JSC): - * bytecode/CodeBlock.h: - (CodeBlock): - * bytecode/CodeOrigin.h: - (CodeOrigin): - (JSC): - (JSC::CodeOrigin::inlineStack): - * bytecode/DFGExitProfile.h: - (JSC::DFG::exitKindToString): - * bytecode/DataFormat.h: - (JSC::dataFormatToString): - * bytecode/PredictedType.cpp: - (JSC): - (JSC::predictionToString): - * bytecode/PredictedType.h: - (JSC): - * bytecode/ValueRecovery.h: - (ValueRecovery): - (JSC::ValueRecovery::dump): - * bytecompiler/BytecodeGenerator.cpp: - (JSC): - (JSC::BytecodeGenerator::setDumpsGeneratedCode): - (JSC::BytecodeGenerator::dumpsGeneratedCode): - (JSC::BytecodeGenerator::generate): - * dfg/DFGAbstractValue.h: - (StructureAbstractValue): - (JSC::DFG::StructureAbstractValue::dump): - (AbstractValue): - (JSC::DFG::AbstractValue::dump): - * dfg/DFGAssemblyHelpers.h: - (DFG): - (AssemblyHelpers): - (JSC::DFG::AssemblyHelpers::debugCall): - * dfg/DFGFPRInfo.h: - (FPRInfo): - (JSC::DFG::FPRInfo::debugName): - * dfg/DFGGPRInfo.h: - (GPRInfo): - (JSC::DFG::GPRInfo::debugName): - * dfg/DFGGraph.cpp: - (DFG): - * dfg/DFGGraph.h: - (Graph): - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::arithNodeFlagsAsString): - (Node): - (JSC::DFG::Node::hasIdentifier): - (JSC::DFG::Node::dumpChildren): - * dfg/DFGOSRExit.cpp: - (DFG): - (JSC::DFG::OSRExit::dump): - * dfg/DFGOSRExit.h: - (OSRExit): - * runtime/JSValue.cpp: - (JSC): - (JSC::JSValue::description): - * runtime/JSValue.h: - (JSValue): - * wtf/BitVector.cpp: - (WTF): - (WTF::BitVector::dump): - * wtf/BitVector.h: - (BitVector): - -2012-02-02 Oliver Hunt - - Getters and setters cause line numbers in errors/console.log to be offset for the whole file - https://bugs.webkit.org/show_bug.cgi?id=77675 - - Reviewed by Timothy Hatcher. - - Our default literal parsing logic doesn't handle the extra work required for - getters and setters. When it encounters one, it rolls back the lexer and - then switches to a more complete parsing function. Unfortunately it was only - winding back the character position, and was ignoring the line number and - other lexer data. This led to every getter and setter causing the line number - to be incorrectly incremented leading to increasingly incorrect numbers for - the rest of the file. - - * parser/Parser.cpp: - (JSC::::parseObjectLiteral): - -2012-02-02 Andy Wingo - - Fix type punning warning in HashTable.h debug builds - https://bugs.webkit.org/show_bug.cgi?id=77422 - - Reviewed by Gavin Barraclough. - - * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning - warning appearing in debug builds with gcc-4.6.2 on GNU/Linux. - -2012-02-01 Michael Saboff - - Yarr crash with regexp replace - https://bugs.webkit.org/show_bug.cgi?id=67454 - - Reviewed by Gavin Barraclough. - - Properly handle the case of a back reference to an unmatched - subpattern by always matching without consuming any characters. - - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::Interpreter::matchBackReference): - (JSC::Yarr::Interpreter::backtrackBackReference): - -2012-02-01 Gavin Barraclough - - calling function on catch block scope containing an eval result in wrong this value being passed - https://bugs.webkit.org/show_bug.cgi?id=77581 - - Reviewed by Oliver Hunt. - - javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); } - - * bytecompiler/NodesCodegen.cpp: - (JSC::TryNode::emitBytecode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - * parser/ASTBuilder.h: - (JSC::ASTBuilder::createTryStatement): - * parser/NodeConstructors.h: - (JSC::TryNode::TryNode): - * parser/Nodes.h: - (TryNode): - * parser/Parser.cpp: - (JSC::::parseTryStatement): - * parser/SyntaxChecker.h: - (JSC::SyntaxChecker::createTryStatement): - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::isStaticScopeObject): - (JSC): - -2012-02-01 Oliver Hunt - - Add support for inferred function names - https://bugs.webkit.org/show_bug.cgi?id=77579 - - Reviewed by Gavin Barraclough. - - Add new "inferred" names to function expressions, getters, and setters. - This property is not exposed to JS, so is only visible in the debugger - and profiler. - - * JavaScriptCore.exp: - * bytecompiler/BytecodeGenerator.h: - (JSC::BytecodeGenerator::makeFunction): - * debugger/DebuggerCallFrame.cpp: - (JSC::DebuggerCallFrame::calculatedFunctionName): - * parser/ASTBuilder.h: - (JSC::ASTBuilder::createAssignResolve): - (JSC::ASTBuilder::createGetterOrSetterProperty): - (JSC::ASTBuilder::createProperty): - (JSC::ASTBuilder::makeAssignNode): - * parser/Nodes.h: - (JSC::FunctionBodyNode::setInferredName): - (JSC::FunctionBodyNode::inferredName): - (FunctionBodyNode): - * profiler/Profiler.cpp: - (JSC): - (JSC::Profiler::createCallIdentifier): - (JSC::createCallIdentifierFromFunctionImp): - * runtime/Executable.cpp: - (JSC::FunctionExecutable::FunctionExecutable): - (JSC::FunctionExecutable::fromGlobalCode): - * runtime/Executable.h: - (JSC::FunctionExecutable::create): - (JSC::FunctionExecutable::inferredName): - (FunctionExecutable): - * runtime/JSFunction.cpp: - (JSC::JSFunction::calculatedDisplayName): - (JSC): - (JSC::getCalculatedDisplayName): - * runtime/JSFunction.h: - (JSC): - -2012-02-01 Filip Pizlo - - DFG should fold double-to-int conversions - https://bugs.webkit.org/show_bug.cgi?id=77532 - - Reviewed by Oliver Hunt. - - Performance neutral on major benchmarks. But it makes calling V8's - Math.random() 4x faster. - - * bytecode/CodeBlock.cpp: - (JSC): - (JSC::CodeBlock::addOrFindConstant): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::addConstant): - (CodeBlock): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::toInt32): - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::getJSConstantForValue): - (JSC::DFG::ByteCodeParser::isInt32Constant): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::addShouldSpeculateInteger): - (Graph): - (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (JSC::DFG::Propagator::fixupNode): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileAdd): - (DFG): - (JSC::DFG::SpeculativeJIT::compileArithSub): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32): - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSValueInlineMethods.h: - (JSC::JSValue::asDouble): - -2012-02-01 Filip Pizlo - - DFG graph dump for GetScopedVar should show the correct prediction - https://bugs.webkit.org/show_bug.cgi?id=77530 - - Reviewed by Geoff Garen. - - GetScopedVar has a heap prediction, not a variable prediction. But it does - have a variable. Hence we need to check for heap predictions before checking - for variable predictions. - - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - -2012-02-01 Mark Hahnenberg - - Replace JSArray destructor with finalizer - https://bugs.webkit.org/show_bug.cgi?id=77488 - - Reviewed by Geoffrey Garen. - - * JavaScriptCore.exp: - * runtime/JSArray.cpp: - (JSC::JSArray::finalize): Added finalizer. - (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps. - (JSC): - (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps. - (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode - because the old name was confusing because we could have a sparse array that never - called enterSparseMode. - (JSC::JSArray::defineOwnNumericProperty): - (JSC::JSArray::setLengthWritable): - (JSC::JSArray::putByIndexBeyondVectorLength): - (JSC::JSArray::setLength): - (JSC::JSArray::pop): - (JSC::JSArray::sort): - (JSC::JSArray::compactForSorting): - * runtime/JSArray.h: - (JSArray): - -2012-02-01 Andy Wingo - - Refactor identifier resolution in BytecodeGenerator - https://bugs.webkit.org/show_bug.cgi?id=76285 - - Reviewed by Geoffrey Garen. - - * bytecompiler/BytecodeGenerator.h: - (JSC::ResolveResult): New class, to describe the storage - location corresponding to an identifier in a program. - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::resolve): New function, replacing - findScopedProperty. - (JSC::BytecodeGenerator::resolveConstDecl): New function, - encapsulating what ConstDeclNode::emitBytecode used to do. - (JSC::BytecodeGenerator::emitGetStaticVar): - (JSC::BytecodeGenerator::emitPutStaticVar): New functions, - corresponding to the old emitGetScopedVar and emitPutScopedVar. - (JSC::BytecodeGenerator::registerFor): Remove version that took an - Identifier&; replaced by ResolveResult::local(). - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitResolveBase): - (JSC::BytecodeGenerator::emitResolveBaseForPut): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a - "resolveResult" argument. This is more clear, and reduces the - amount of double analysis happening at compile-time. - * bytecompiler/NodesCodegen.cpp: - (JSC::ResolveNode::emitBytecode): - (JSC::EvalFunctionCallNode::emitBytecode): - (JSC::FunctionCallResolveNode::emitBytecode): - (JSC::PostfixResolveNode::emitBytecode): - (JSC::DeleteResolveNode::emitBytecode): - (JSC::TypeOfResolveNode::emitBytecode): - (JSC::PrefixResolveNode::emitBytecode): - (JSC::ReadModifyResolveNode::emitBytecode): - (JSC::AssignResolveNode::emitBytecode): - (JSC::ConstDeclNode::emitCodeSingle): - (JSC::ForInNode::emitBytecode): Refactor to use the new - ResolveResult structure. - -2012-02-01 Csaba Osztrogonác - - Implement Error.stack - https://bugs.webkit.org/show_bug.cgi?id=66994 - - Unreviewed, rolling out r106407. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * interpreter/AbstractPC.cpp: - (JSC::AbstractPC::AbstractPC): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (JSC): - (Interpreter): - * jsc.cpp: - (GlobalObject::finishCreation): - * parser/Parser.h: - (JSC::::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - (JSC): - -2012-01-31 Hajime Morrita - - Add missing JS_PRIVATE_EXPORTs - https://bugs.webkit.org/show_bug.cgi?id=77507 - - Reviewed by Kevin Ollivier. - - * heap/MarkedSpace.h: - (MarkedSpace): - * interpreter/Interpreter.h: - (Interpreter): - * runtime/JSValue.h: - (JSValue): - * wtf/text/AtomicString.h: - (WTF::AtomicString::add): - * wtf/text/WTFString.h: - (WTF): - -2012-01-31 Geoffrey Garen - - Stop using -fomit-frame-pointer - https://bugs.webkit.org/show_bug.cgi?id=77403 - - Reviewed by Filip Pizlo. - - JavaScriptCore is too fast. I'm just the man to fix it. - - * Configurations/JavaScriptCore.xcconfig: - -2012-01-31 Michael Saboff - - StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase - https://bugs.webkit.org/show_bug.cgi?id=76647 - - Reviewed by Darin Adler. - - Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar - to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle to special - cases. One case is s-sharp (0xdf) which converts to "SS". The other case is - for characters which become 16 bit values when converted to upper case. For - those, we up convert the the source string and use the 16 bit path. - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncToUpperCase): - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::upper): - * wtf/unicode/CharacterNames.h: - (smallLetterSharpS): New constant - -2012-01-31 Oliver Hunt - - Remove unneeded sourceId property - https://bugs.webkit.org/show_bug.cgi?id=77495 - - Reviewed by Filip Pizlo. - - sourceId isn't used anymore, so we'll just remove it. - - * runtime/Error.cpp: - (JSC): - (JSC::addErrorInfo): - (JSC::hasErrorInfo): - -2012-01-31 Oliver Hunt - - Implement Error.stack - https://bugs.webkit.org/show_bug.cgi?id=66994 - - Reviewed by Gavin Barraclough. - - Original patch by Juan Carlos Montemayor Elosua: - This patch utilizes topCallFrame to create a stack trace when - an error is thrown. Users will also be able to use the stack() - command in jsc to get arrays with stack trace information. - - Modified to be correct on ToT, with a variety of correctness, - performance, and security improvements. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * interpreter/Interpreter.cpp: - (JSC::getCallerLine): - (JSC::getSourceURLFromCallFrame): - (JSC::getStackFrameCodeType): - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (JSC::StackFrame::toString): - * jsc.cpp: - (GlobalObject::finishCreation): - (functionJSCStack): - * parser/Parser.h: - (JSC::Parser::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - -2012-01-31 Scott Graham - - [Chromium] Remove references to gyp cygwin build target - https://bugs.webkit.org/show_bug.cgi?id=77253 - - Reviewed by Julien Chaffraix. - - Target dependency is no longer required, it's done earlier in the - build process. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - -2012-01-31 Michael Saboff - - ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor - https://bugs.webkit.org/show_bug.cgi?id=77443 - - Reviewed by Gavin Barraclough. - - Removed failing ASSERT() and thus destructor. The ASSERT isn't needed. - We are hitting it in the YARR JIT case where we bail out and go to the - interpreter with a partially JIT'ed function. Since we haven't linked - the JIT'ed code, there is likely to be some unresolved jumps in the vector - when the ARMv7Assembler destructor is called. For the case where we - complete the JIT process, we clear the vector at the end of - LinkBuffer::linkCode (LinkBuffer.h:292). - - * assembler/ARMv7Assembler.h: - (ARMv7Assembler): - -2012-01-31 Anders Carlsson - - Vector::operator== shouldn't require T to have operator!= - https://bugs.webkit.org/show_bug.cgi?id=77448 - - Reviewed by Andreas Kling. - - Change VectorComparer::compare to use !(a == b) instead of a != b since - it makes more sense for Vector::operator== to use the element's operator==. - - * wtf/Vector.h: - -2012-01-30 Oliver Hunt - - get_by_val_arguments is broken in the interpreter - https://bugs.webkit.org/show_bug.cgi?id=77389 - - Reviewed by Gavin Barraclough. - - When get_by_val had wad a value profile added, the same slot was not added to - get_by_val_arguments. This broke the interpreter as the interpreter falls - back on its regular get_by_val implementation. - - No tests are added as the interpreter is fairly broken in its - current state (multiple tests fail due to this bug). - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitGetArgumentByVal): - -2012-01-30 Oliver Hunt - - Unexpected syntax error - https://bugs.webkit.org/show_bug.cgi?id=77340 - - Reviewed by Gavin Barraclough. - - Function calls and new expressions have the same semantics for - assignment, so should simply share their lhs handling. - - * parser/Parser.cpp: - (JSC::::parseMemberExpression): - -2012-01-30 Gavin Barraclough - - Unreviewed ARMv7 build fix. - - * tools/CodeProfiling.cpp: - (JSC): - (JSC::setProfileTimer): - (JSC::CodeProfiling::begin): - (JSC::CodeProfiling::end): - -2012-01-30 David Levin - - Using OS(WIN) or OS(MAC) should cause a build error. - https://bugs.webkit.org/show_bug.cgi?id=77162 - - Reviewed by Darin Adler. - - * wtf/Platform.h: Expand them into something that will - cause a compile error. - -2012-01-30 Yong Li - - [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM - https://bugs.webkit.org/show_bug.cgi?id=77360 - - Reviewed by Rob Buis. - - Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM) - for OS(QNX). - - * wtf/Platform.h: - -2012-01-30 Gavin Barraclough - - Speculative Windows build fix. - - * assembler/MacroAssemblerCodeRef.h: - (FunctionPtr): - -2012-01-30 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=77163 - MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS) - - Rubber stamped by Geoff Garen - - * assembler/MacroAssemblerCodeRef.h: - -2012-01-30 Gavin Barraclough - - Unreviewed build fix for interpreter builds. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::CodeBlock): - * bytecode/CodeBlock.h: - (CodeBlock): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * tools/CodeProfile.cpp: - (JSC::CodeProfile::sample): - -2012-01-30 Gavin Barraclough - - Unreviewed build fix following bug#76855 - - * JavaScriptCore.exp: - -2012-01-30 Michael Saboff - - CaseFoldingHash::hash() doesn't handle 8 bit strings directly - https://bugs.webkit.org/show_bug.cgi?id=76652 - - Reviewed by Andreas Kling. - - * wtf/text/StringHash.h: - (WTF::CaseFoldingHash::hash): Added 8 bit string code path. - -2012-01-30 Michael Saboff - - stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement - https://bugs.webkit.org/show_bug.cgi?id=76651 - - Reviewed by Geoffrey Garen. - - Made local function substituteBackreferencesSlow a template function - based on character width. Cleaned up getCharacters() in both UString - and StringImpl. Changed getCharacters to up convert an 8 bit - string to 16 bits if necessary. - - * runtime/StringPrototype.cpp: - (JSC::substituteBackreferencesSlow): - (JSC::substituteBackreferences): - * runtime/UString.h: - (JSC::LChar): - (JSC::UChar): - * wtf/text/StringImpl.h: - (WTF::UChar): - -2012-01-30 Gavin Barraclough - - Clean up putDirect - https://bugs.webkit.org/show_bug.cgi?id=76232 - - Reviewed by Sam Weinig. - - Part 3 - merge op_put_getter & op_put_setter. - - Putting these separately is inefficient (and makes future optimiation, - e.g. making GetterSetter immutable) harder. Change to emit a single - op_put_getter_setter bytecode op. Ultimately we should probably be - able to merge this with put direct, to create a common op to initialize - object literal properties. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitPutGetterSetter): - * bytecompiler/BytecodeGenerator.h: - (BytecodeGenerator): - * bytecompiler/NodesCodegen.cpp: - (JSC::PropertyListNode::emitBytecode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - * jit/JIT.h: - (JIT): - * jit/JITPropertyAccess.cpp: - (JSC::JIT::emit_op_put_getter_setter): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::emit_op_put_getter_setter): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jit/JITStubs.h: - (): - * runtime/JSObject.cpp: - (JSC::JSObject::putDirectVirtual): - (JSC::JSObject::putDirectAccessor): - (JSC): - (JSC::putDescriptor): - (JSC::JSObject::defineOwnProperty): - * runtime/JSObject.h: - (): - (JSC::JSObject::putDirectInternal): - (JSC::JSObject::putDirect): - (JSC::JSObject::putDirectWithoutTransition): - -2012-01-30 Michael Saboff - - Dromaeo tests call parseSimpleLengthValue() on 8 bit strings - https://bugs.webkit.org/show_bug.cgi?id=76649 - - Reviewed by Geoffrey Garen. - - * JavaScriptCore.exp: Added export for charactersToDouble. - -2012-01-30 Michael Saboff - - WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding. - https://bugs.webkit.org/show_bug.cgi?id=76648 - - Reviewed by Geoffrey Garen. - - Added a new overloaded append member that takes a String& argument, an offest - and a length to do direct sub string appending to a StringBuilder. - - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::append): - -2012-01-29 Zoltan Herczeg - - Custom written CSS lexer - https://bugs.webkit.org/show_bug.cgi?id=70107 - - Reviewed by Antti Koivisto and Oliver Hunt. - - Add new helper functions for the custom written CSS lexer. - - * wtf/ASCIICType.h: - (WTF::toASCIILowerUnchecked): - (WTF): - (WTF::isASCIIAlphaCaselessEqual): - -2012-01-29 Filip Pizlo - - REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const - https://bugs.webkit.org/show_bug.cgi?id=77146 - - - Reviewed by Oliver Hunt. - - The old JIT expects that the result of the last operation is in the lastResultRegister. The DFG JIT is - designed to correctly track the lastResultRegister by looking at SetLocal nodes. However, when the DFG - JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the - lastResultRegister. Hence if we OSR exit on the first node following the end of an inlined code block - that had a return value, and that first node uses the return value, the old JIT will get massively - confused. This patch takes a surgical approach: instead of making the DFG smarter, it makes the old - JIT slightly dumber. - - * jit/JITCall.cpp: - (JSC::JIT::emit_op_call_put_result): - -2012-01-29 Filip Pizlo - - Build fix for Mac non-x64 platforms. - - * tools/CodeProfiling.cpp: - (JSC): - -2012-01-28 Gavin Barraclough - - Reserve 'let' - https://bugs.webkit.org/show_bug.cgi?id=77293 - - Rubber stamped by Oliver Hunt. - - 'let' may become a keyword in ES6. We're going to try experimentally reserving it, - to see if this breaks the web. - - * parser/Keywords.table: - -2012-01-27 Gavin Barraclough - - Implement a JIT-code aware sampling profiler for JSC - https://bugs.webkit.org/show_bug.cgi?id=76855 - - Reviewed by Oliver Hunt. - - To enable the profiler, set the JSC_CODE_PROFILING environment variable to - 1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively - trace all samples). - - The profiler requires -fomit-frame-pointer to be removed from the build flags. - - * JavaScriptCore.exp: - - Removed an export. - * JavaScriptCore.xcodeproj/project.pbxproj: - - Added new files - * bytecode/CodeBlock.cpp: - - For baseline codeblocks, cache the result of canCompileWithDFG. - * bytecode/CodeBlock.h: - - For baseline codeblocks, cache the result of canCompileWithDFG. - * jit/ExecutableAllocator.cpp: - (JSC::ExecutableAllocator::initializeAllocator): - - Notify the profiler when the allocator is created. - (JSC::ExecutableAllocator::allocate): - - Inform the allocated of the ownerUID. - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::initializeAllocator): - - Notify the profiler when the allocator is created. - (JSC::ExecutableAllocator::allocate): - - Inform the allocated of the ownerUID. - * jit/JITStubs.cpp: - - If profiling, don't mask the return address in JIT code. - (We do so to provide nicer backtraces in debug builds). - * runtime/Completion.cpp: - (JSC::evaluate): - - Notify the profiler of script evaluations. - * tools: Added. - * tools/CodeProfile.cpp: Added. - (JSC::symbolName): - - Helper function to get the name of a symbol in the framework. - (JSC::truncateTrace): - - Helper to truncate traces into methods know to have uninformatively deep stacks. - (JSC::CodeProfile::sample): - - Record a stack trace classifying samples. - (JSC::CodeProfile::report): - - {Print profiler output. - * tools/CodeProfile.h: Added. - - new class, captures a set of samples associated with an evaluated script, - and nested to record samples from subscripts. - * tools/CodeProfiling.cpp: Added. - (JSC::CodeProfiling::profilingTimer): - - callback fired then a timer event occurs. - (JSC::CodeProfiling::notifyAllocator): - - called when the executable allocator is constructed. - (JSC::CodeProfiling::getOwnerUIDForPC): - - helper to lookup the codeblock from an address in JIT code - (JSC::CodeProfiling::begin): - - enter a profiling scope. - (JSC::CodeProfiling::end): - - exit a profiling scope. - * tools/CodeProfiling.h: Added. - - new class, instantialed from Completion to define a profiling scope. - * tools/ProfileTreeNode.h: Added. - - new class, used to construct a tree of samples. - * tools/TieredMMapArray.h: Added. - - new class, a malloc-free vector (can be used while the main thread is suspended, - possibly holding the malloc heap lock). - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocatorHandle::MetaAllocatorHandle): - (WTF::MetaAllocator::allocate): - - Allow allocation handles to track information about their owner. - * wtf/MetaAllocator.h: - (MetaAllocator): - - Allow allocation handles to track information about their owner. - * wtf/MetaAllocatorHandle.h: - (MetaAllocatorHandle): - (WTF::MetaAllocatorHandle::ownerUID): - - Allow allocation handles to track information about their owner. - * wtf/OSAllocator.h: - (WTF::OSAllocator::reallocateCommitted): - - reallocate an existing, committed memory allocation. - -2012-01-28 Sheriff Bot - - Unreviewed, rolling out r106187. - http://trac.webkit.org/changeset/106187 - https://bugs.webkit.org/show_bug.cgi?id=77276 - - The last rollout was a false charge. (Requested by morrita on - #webkit). - - * runtime/ExceptionHelpers.h: - (InterruptedExecutionError): - * runtime/JSBoundFunction.h: - (JSBoundFunction): - * runtime/RegExp.h: - (RegExp): - * runtime/RegExpMatchesArray.h: - (RegExpMatchesArray): - -2012-01-28 Sheriff Bot - - Unreviewed, rolling out r106151. - http://trac.webkit.org/changeset/106151 - https://bugs.webkit.org/show_bug.cgi?id=77275 - - may break windows build (Requested by morrita on #webkit). - - * runtime/ExceptionHelpers.h: - (InterruptedExecutionError): - * runtime/JSBoundFunction.h: - (JSBoundFunction): - * runtime/RegExp.h: - (RegExp): - * runtime/RegExpMatchesArray.h: - (RegExpMatchesArray): - -2012-01-28 Filip Pizlo - - GC invoked while doing an old JIT property storage reallocation may lead - to an object that refers to a dead structure - https://bugs.webkit.org/show_bug.cgi?id=77273 - - - Reviewed by Gavin Barraclough. - - The put_by_id transition was already saving the old structure by virtue of - having the object on the stack, so that wasn't going to get deleted. But the - new structure was unprotected in the transition. I've now changed the - transition code to save the new structure, ensuring that the GC will know it - to be marked if invoked from within put_by_id_transition_realloc. - - * jit/JITPropertyAccess.cpp: - (JSC::JIT::privateCompilePutByIdTransition): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::privateCompilePutByIdTransition): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jit/JITStubs.h: - (JSC): - (): - -2012-01-27 Sheriff Bot - - Unreviewed, rolling out r106167. - http://trac.webkit.org/changeset/106167 - https://bugs.webkit.org/show_bug.cgi?id=77264 - - broke LayoutTests/fast/js/string-capitalization.html - (Requested by msaboff on #webkit). - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncToLowerCase): - (JSC::stringProtoFuncToUpperCase): - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::upper): - -2012-01-27 Filip Pizlo - - Build fix for interpreter platforms. - - * interpreter/AbstractPC.cpp: - (JSC::AbstractPC::AbstractPC): - -2012-01-27 Michael Saboff - - StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase - https://bugs.webkit.org/show_bug.cgi?id=76647 - - Reviewed by Geoffrey Garen. - - Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar - to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle the two - 8 bit characters that when converted to upper case become 16 bit characters. - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace. - (JSC::stringProtoFuncToUpperCase): - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::upper): - -2012-01-27 Hajime Morita - - [JSC] ThunkGenerators.cpp should hide its asm-defined symbols - https://bugs.webkit.org/show_bug.cgi?id=77244 - - Reviewed by Filip Pizlo. - - * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS() - * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp - -2012-01-27 Simon Hausmann - - [JSC] Asm-originated symbols should be marked as hidden - https://bugs.webkit.org/show_bug.cgi?id=77150 - - Reviewed by Filip Pizlo. - - * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches, - but they were missing in the CPU(X86) and the CPU(X86_64) cases. - -2012-01-27 MORITA Hajime - - [JSC] Some JS_EXPORTDATA may not be necessary. - https://bugs.webkit.org/show_bug.cgi?id=77145 - - Reviewed by Darin Adler. - - Removed JS_EXPORTDATA attributes whose attributing symbols are - not exported on Mac port. - - * runtime/ExceptionHelpers.h: - (InterruptedExecutionError): - * runtime/JSBoundFunction.h: - (JSBoundFunction): - * runtime/RegExp.h: - (RegExp): - * runtime/RegExpMatchesArray.h: - (RegExpMatchesArray): - -2012-01-27 MORITA Hajime - - [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs - https://bugs.webkit.org/show_bug.cgi?id=77113 - - Reviewed by Darin Adler. - - * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export. - -2012-01-27 Zeno Albisser - - [Qt][Mac] Build fails after adding ICU support (r105997). - https://bugs.webkit.org/show_bug.cgi?id=77118 - - Use Apple code path for unicode date formats on mac. - - Reviewed by Tor Arne Vestbø. - - * runtime/DatePrototype.cpp: - (): - -2012-01-27 Carlos Garcia Campos - - [GTK] Add a GKeyFile especialization to GOwnPtr - https://bugs.webkit.org/show_bug.cgi?id=77191 - - Reviewed by Martin Robinson. - - * wtf/gobject/GOwnPtr.cpp: - (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile. - * wtf/gobject/GOwnPtr.h: Add GKeyFile template. - * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile. - -2012-01-25 Yury Semikhatsky - - Web Inspector: should be possible to open function declaration from script popover - https://bugs.webkit.org/show_bug.cgi?id=76913 - - Added display function name and source location to the popover in scripts panel. - Now when a function is hovered user can navigate to its definition. - - Reviewed by Pavel Feldman. - - * JavaScriptCore/JavaScriptCore.exp - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/JSFunction.h: - (JSFunction): - -2012-01-26 Kevin Ollivier - - [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior. - - * runtime/DatePrototype.cpp: - (): - -2012-01-26 Mark Hahnenberg - - Merge AllocationSpace into MarkedSpace - https://bugs.webkit.org/show_bug.cgi?id=77116 - - Reviewed by Geoffrey Garen. - - Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to - MarkedSpace allocation. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.exp: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * heap/AllocationSpace.cpp: Removed. - * heap/AllocationSpace.h: Removed. - * heap/BumpSpace.h: - (BumpSpace): - * heap/Heap.h: - (JSC::Heap::objectSpace): - (Heap): - (): - * heap/HeapBlock.h: - (): - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::tryAllocateHelper): - (JSC): - (JSC::MarkedSpace::tryAllocate): - (JSC::MarkedSpace::allocateSlowCase): - (JSC::MarkedSpace::allocateBlock): - (JSC::MarkedSpace::freeBlocks): - (TakeIfUnmarked): - (JSC::TakeIfUnmarked::TakeIfUnmarked): - (JSC::TakeIfUnmarked::operator()): - (JSC::TakeIfUnmarked::returnValue): - (JSC::MarkedSpace::shrink): - (GatherDirtyCells): - (JSC::GatherDirtyCells::returnValue): - (JSC::GatherDirtyCells::GatherDirtyCells): - (JSC::GatherDirtyCells::operator()): - (JSC::MarkedSpace::gatherDirtyCells): - * heap/MarkedSpace.h: - (MarkedSpace): - (JSC::MarkedSpace::blocks): - (JSC::MarkedSpace::forEachCell): - (JSC): - (JSC::MarkedSpace::allocate): - -2012-01-26 Oliver Hunt - - MSVC bug fix. - MSVC generates bad code for enum compare. - - RS=Geoff - - Make bitfield large enough to work around MSVC's desire to make enums - signed types. - - * bytecode/CallLinkInfo.h: - (CallLinkInfo): - -2012-01-26 Filip Pizlo - - All DFG helpers that may call out to arbitrary JS code must know where they - were called from due to inlining and call stack walking - https://bugs.webkit.org/show_bug.cgi?id=77070 - - - Reviewed by Geoff Garen. - - Changed the DFG to always record a code origin index in the tag of the argument - count (which we previously left blank for the benefit of LLInt, but is still - otherwise unused by the DFG), so that if we ever need to walk the stack accurately - we know where to start. In particular, if the current ExecState* points several - semantic call frames away from the true semantic call frame because we had - performed inlining, having the code origin index recorded means that we can reify - those call frames as necessary to give runtime/library code an accurate view of - the current JS state. - - This required several large but mechanical changes: - - - Calling a function from the DFG now plants a store32 instruction to store the - code origin index. But the indices of code origins were previously picked by - the DFG::JITCompiler after code generation completed. I changed this somewhat; - even though the code origins are put into the CodeBlock after code gen, the - code gen now knows a priori what their indices will be. Extensive assertions - are in place to ensure that the two don't get out of sync, in the form of the - DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls; - those don't need the code origin index set in the call frame because we can get - it by doing a binary search on the return PC. - - - Stack walking now always calls trueCallFrame() first before beginning the walk, - since even the top call frame may be wrong. It still calls trueCallerFrame() as - before to get to the next frame, though trueCallerFrame() is now mostly a - wrapper around callerFrame()->trueCallFrame(). - - - Because the mechanism for getting the code origin of a call frame is bimodal - (either the call frame knows its code origin because the code origin index was - set, or it's necessary to use the callee frame's return PC), I put in extra - mechanisms to determine whether your caller, or your callee, corresponds to - a call out of C++ code. Previously we just had the host call flag, but this is - insufficient as it does not cover the case of someone calling JSC::call(). But - luckily we can determine this just by looking at the return PC: if the return - PC is in range of the ctiTrampiline, then two things are true: this call - frame's PC will tell you nothing about where you came from in your caller, and - the caller already knows where it's at because it must have set the code origin - index (unless it's not DFG code, in which case we don't care because there is - no inlining to worry about). - - - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's - inlining code, so I fixed it. - - - Finally because I was tired of doing random #if's for checking if I should be - passing around an Instruction* or a ReturnAddressPtr, I created a class called - AbstractPC that holds whatever notion of a PC is appropriate for the current - execution environment. It's designed to work gracefully even if both the - interpreter and the JIT are compiled in, and should integrate nicely with the - LLInt. - - This is neutral on all benchmarks and fixes some nasty corner-case regressions of - evil code that uses combinations of getters/setters and function.arguments. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.h: - (JSC::CodeBlock::codeOrigin): - (CodeBlock): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleInlining): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGJITCompiler.h: - (CallBeginToken): - (JSC::DFG::CallBeginToken::CallBeginToken): - (JSC::DFG::CallBeginToken::assertCodeOriginIndex): - (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex): - (DFG): - (JSC::DFG::CallExceptionRecord::CallExceptionRecord): - (CallExceptionRecord): - (JSC::DFG::JITCompiler::JITCompiler): - (JITCompiler): - (JSC::DFG::JITCompiler::nextCallBeginToken): - (JSC::DFG::JITCompiler::beginCall): - (JSC::DFG::JITCompiler::notifyCall): - (JSC::DFG::JITCompiler::addExceptionCheck): - (JSC::DFG::JITCompiler::addFastExceptionCheck): - * dfg/DFGOperations.cpp: - (): - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryBuildGetByIDList): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * interpreter/AbstractPC.cpp: Added. - (JSC): - (JSC::AbstractPC::AbstractPC): - * interpreter/AbstractPC.h: Added. - (JSC): - (AbstractPC): - (JSC::AbstractPC::AbstractPC): - (JSC::AbstractPC::hasJITReturnAddress): - (JSC::AbstractPC::jitReturnAddress): - (JSC::AbstractPC::hasInterpreterReturnAddress): - (JSC::AbstractPC::interpreterReturnAddress): - (JSC::AbstractPC::isSet): - (JSC::AbstractPC::operator!): - (): - * interpreter/CallFrame.cpp: - (JSC): - (JSC::CallFrame::trueCallFrame): - (JSC::CallFrame::trueCallerFrame): - * interpreter/CallFrame.h: - (JSC::ExecState::abstractReturnPC): - (JSC::ExecState::codeOriginIndexForDFGWithInlining): - (ExecState): - (JSC::ExecState::trueCallFrame): - (JSC::ExecState::trueCallFrameFromVMCode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::retrieveArgumentsFromVMCode): - (JSC::Interpreter::retrieveCallerFromVMCode): - (JSC::Interpreter::findFunctionCallFrameFromVMCode): - * interpreter/Interpreter.h: - (Interpreter): - (): - * jit/JITStubs.cpp: - (JSC): - (): - * jit/JITStubs.h: - (JSC): - (JSC::returnAddressIsInCtiTrampoline): - * runtime/JSFunction.cpp: - (JSC::JSFunction::argumentsGetter): - (JSC::JSFunction::callerGetter): - (JSC::JSFunction::getOwnPropertyDescriptor): - -2012-01-26 Peter Varga - - Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG - https://bugs.webkit.org/show_bug.cgi?id=77104 - - Reviewed by Filip Pizlo. - - * dfg/DFGOperations.cpp: - (): - -2012-01-26 Michael Saboff - - String::latin1() should take advantage of 8 bit strings - https://bugs.webkit.org/show_bug.cgi?id=76646 - - Reviewed by Geoffrey Garen. - - * wtf/text/WTFString.cpp: - (WTF::String::latin1): For 8 bit strings, use existing buffer - without conversion. - -2012-01-26 Michael Saboff - - Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions - https://bugs.webkit.org/show_bug.cgi?id=76645 - - Reviewed by Geoffrey Garen. - - * wtf/text/StringImpl.cpp: - (WTF::equalIgnoringCase): New LChar version. - (WTF::findInner): New helper function. - (WTF::StringImpl::find): Added 8 bit path. - (WTF::reverseFindInner): New helper funciton. - (WTF::StringImpl::reverseFind): Added 8 bit path. - (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path. - * wtf/text/StringImpl.h: - (WTF): - -2012-01-26 Csaba Osztrogonác - - [Qt][Win] One more speculative buildfix after r105970. - - * JavaScriptCore.pri: - -2012-01-26 Csaba Osztrogonác - - [Qt][Win] Speculative buildfix after r105970. - - * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC(). - -2012-01-26 Sheriff Bot - - Unreviewed, rolling out r105982. - http://trac.webkit.org/changeset/105982 - https://bugs.webkit.org/show_bug.cgi?id=77090 - - breaks the world (Requested by WildFox on #webkit). - - * wtf/MainThread.cpp: - (WTF): - * wtf/Platform.h: - * wtf/mac/MainThreadMac.mm: - (WTF): - (WTF::registerGCThread): - (WTF::isMainThreadOrGCThread): - -2012-01-26 Roland Takacs - - [Qt] GC should be parallel on Qt platform - https://bugs.webkit.org/show_bug.cgi?id=73309 - - Reviewed by Zoltan Herczeg. - - These changes made the parallel gc feature available for Qt port. - The implementation of "registerGCThread" and "isMainThreadOrGCThread" - is moved from MainThreadMac.mm to the common MainThread.cpp to make - them available for other platforms. - - Measurement results: - V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ] - WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms] - V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ] - - Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. - - * wtf/MainThread.cpp: - (WTF): - (WTF::registerGCThread): - (WTF::isMainThreadOrGCThread): - * wtf/Platform.h: - * wtf/mac/MainThreadMac.mm: - -2012-01-26 Andy Estes - - REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types - https://bugs.webkit.org/show_bug.cgi?id=77073 - - Reviewed by Ryosuke Niwa. - - r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined. - This should have been changed to OS(WINDOWS). This causes the - preprocessor to strip out Win32 data type overrides for deleteOwnedPtr, - causing allocations made by Win32 to be deleted by fastmalloc. - - * wtf/OwnPtrCommon.h: - (WTF): Use OS(WINDOWS) instead of OS(WIN). - -2012-01-25 Mark Rowe - - Attempted Mac build fix after r105939. - - * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS. - It isn't used on these platforms and isn't available in the ICU headers - for Mac. - -2012-01-25 Mark Rowe - - Build in to an alternate location when USE_STAGING_INSTALL_PATH is set. - - Adopt USE_STAGING_INSTALL_PATH - - Reviewed by David Kilzer. - - * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains - the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR - to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. - * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on - the normal framework location. This prevents an incorrect install name from being used when - installing in to the staged frameworks directory. - -2012-01-25 Eli Fidler - - Implement Date.toLocaleString() using ICU - https://bugs.webkit.org/show_bug.cgi?id=76714 - - Reviewed by Darin Adler. - - * runtime/DatePrototype.cpp: - (JSC::formatLocaleDate): - -2012-01-25 Hajime Morita - - ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom - https://bugs.webkit.org/show_bug.cgi?id=76863 - - Reviewed by Dimitri Glazkov. - - Added a feature flag. - - * Configurations/FeatureDefines.xcconfig: - -2012-01-25 Yong Li - - [BlackBerry] Implement OSAllocator::commit/decommit. - BlackBerry port should support virtual memory decommiting. - https://bugs.webkit.org/show_bug.cgi?id=77013 - - Reviewed by Rob Buis. - - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveUncommitted): - (WTF::OSAllocator::commit): - (WTF::OSAllocator::decommit): - * wtf/Platform.h: - -2012-01-24 Oliver Hunt - - Make DFG update topCallFrame - https://bugs.webkit.org/show_bug.cgi?id=76969 - - Reviewed by Filip Pizlo. - - Add NativeCallFrameTracer to manage topCallFrame assignment - in the DFG operations, and make use of it. - - * dfg/DFGOperations.cpp: - (JSC::DFG::operationPutByValInternal): - (): - * interpreter/Interpreter.h: - (JSC): - (NativeCallFrameTracer): - (JSC::NativeCallFrameTracer::NativeCallFrameTracer): - -2012-01-24 Filip Pizlo - - Inlining breaks call frame walking when the walking is done from outside the inlinee, - but inside a code block that had inlining - https://bugs.webkit.org/show_bug.cgi?id=76978 - - - Reviewed by Oliver Hunt. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::codeOriginForReturn): - * interpreter/CallFrame.cpp: - (JSC::CallFrame::trueCallerFrame): - -2012-01-24 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=76855 - Implement a JIT-code aware sampling profiler for JSC - - Reviewed by Oliver Hunt. - - Add support to MetaAllocator.cpp to track all live handles in a map, - allowing lookup based on any address within the allocation. - - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocatorTracker::notify): - (WTF::MetaAllocatorTracker::release): - - Track live handle objects in a map. - (WTF::MetaAllocator::release): - - Removed support for handles with null m_allocator (no longer used). - - Notify the tracker of handles being released. - (WTF::MetaAllocatorHandle::~MetaAllocatorHandle): - - Moved functionality out into MetaAllocator::release. - (WTF::MetaAllocatorHandle::shrink): - - Removed support for handles with null m_allocator (no longer used). - (WTF::MetaAllocator::MetaAllocator): - - Initialize m_tracker. - (WTF::MetaAllocator::allocate): - - Notify the tracker of new allocations. - * wtf/MetaAllocator.h: - (WTF::MetaAllocatorTracker::find): - - Lookup a MetaAllocatorHandle based on an address inside the allocation. - (WTF::MetaAllocator::trackAllocations): - - Register a callback object to track allocation state. - * wtf/MetaAllocatorHandle.h: - - Remove unused createSelfManagedHandle/constructor. - (WTF::MetaAllocatorHandle::key): - - Added, for use in RedBlackTree. - -2012-01-24 Mark Hahnenberg - - Use copying collector for out-of-line JSObject property storage - https://bugs.webkit.org/show_bug.cgi?id=76665 - - Reviewed by Geoffrey Garen. - - * runtime/JSObject.cpp: - (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. - Also added a temporary variable to avoid warnings from GCC. - (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to - operator new. Also added a temporary variable to avoid warnings from GCC. - * runtime/JSObject.h: - -2012-01-24 Geoffrey Garen - - JSValue::toString() should return a JSString* instead of a UString - https://bugs.webkit.org/show_bug.cgi?id=76861 - - Fixed two failing layout tests after my last patch. - - Reviewed by Gavin Barraclough. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncSort): Call value() after calling toString(), as - in all other cases. - - I missed this case because the JSString* type has a valid operator<, - so the compiler didn't complain. - -2012-01-24 Kenichi Ishibashi - - [V8] Add Uint8ClampedArray support - https://bugs.webkit.org/show_bug.cgi?id=76803 - - Reviewed by Kenneth Russell. - - * wtf/ArrayBufferView.h: - (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added. - * wtf/Uint8ClampedArray.h: - (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true. - -2012-01-23 Carlos Garcia Campos - - [GTK] Add WebKitDownload to WebKit2 GTK+ API - https://bugs.webkit.org/show_bug.cgi?id=72949 - - Reviewed by Martin Robinson. - - * wtf/gobject/GOwnPtr.cpp: - (WTF::GTimer): Use g_timer_destroy() to free a GTimer. - * wtf/gobject/GOwnPtr.h: Add GTimer template. - * wtf/gobject/GTypedefs.h: Add GTimer forward declaration. - -2012-01-24 Ilya Tikhonovsky - - Unreviewed build fix for Qt LinuxSH4 build after r105698. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - -2012-01-23 Geoffrey Garen - - JSValue::toString() should return a JSString* instead of a UString - https://bugs.webkit.org/show_bug.cgi?id=76861 - - Reviewed by Gavin Barraclough. - - This makes the common case -- toString() on a string -- faster and - inline-able. (Not a measureable speedup, but we can now remove a bunch - of duplicate hand-rolled code for this optimization.) - - This also clarifies the boundary between "C++ strings" and "JS strings". - - In all cases other than true, false, null, undefined, and multi-digit - numbers, the JS runtime was just retrieving a UString from a JSString, - so returning a JSString* is strictly better. In the other cases, we can - optimize to avoid creating a new JSString if we care to, but it doesn't - seem to be a big deal. - - * JavaScriptCore.exp: Export! - - * jsc.cpp: - (functionPrint): - (functionDebug): - (functionRun): - (functionLoad): - (functionCheckSyntax): - (runWithScripts): - (runInteractive): - * API/JSValueRef.cpp: - (JSValueToStringCopy): - * bytecode/CodeBlock.cpp: - (JSC::valueToSourceString): Call value() after calling toString(), to - convert from "JS string" (JSString*) to "C++ string" (UString), since - toString() no longer returns a "C++ string". - - * dfg/DFGOperations.cpp: - (JSC::DFG::operationValueAddNotNumber): - * jit/JITStubs.cpp: - (op_add): Updated for removal of toPrimitiveString(): - all '+' operands can use toString(), except for object operands, which - need to take a slow path to call toPrimitive(). - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncToLocaleString): - (JSC::arrayProtoFuncJoin): - (JSC::arrayProtoFuncPush): - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::opIn): - * runtime/DateConstructor.cpp: - (JSC::dateParse): - * runtime/DatePrototype.cpp: - (JSC::formatLocaleDate): Call value() after calling toString(), as above. - - * runtime/ErrorInstance.h: - (JSC::ErrorInstance::create): Simplified down to one canonical create() - function, to make string handling easier. - - * runtime/ErrorPrototype.cpp: - (JSC::errorProtoFuncToString): - * runtime/ExceptionHelpers.cpp: - (JSC::createInvalidParamError): - (JSC::createNotAConstructorError): - (JSC::createNotAFunctionError): - (JSC::createNotAnObjectError): - * runtime/FunctionConstructor.cpp: - (JSC::constructFunctionSkippingEvalEnabledCheck): - * runtime/FunctionPrototype.cpp: - (JSC::functionProtoFuncBind): - * runtime/JSArray.cpp: - (JSC::JSArray::sort): Call value() after calling toString(), as above. - - * runtime/JSCell.cpp: - * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this - job now. Doing it in JSCell is slower (requires extra type checking), and - creates the misimpression that language-defined toString() behavior is - an implementation detail of JSCell. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::encode): - (JSC::decode): - (JSC::globalFuncEval): - (JSC::globalFuncParseInt): - (JSC::globalFuncParseFloat): - (JSC::globalFuncEscape): - (JSC::globalFuncUnescape): Call value() after calling toString(), as above. - - * runtime/JSONObject.cpp: - (JSC::unwrapBoxedPrimitive): - (JSC::Stringifier::Stringifier): - (JSC::JSONProtoFuncParse): Removed some manual optimization that toString() - takes care of. - - * runtime/JSObject.cpp: - (JSC::JSObject::toString): - * runtime/JSObject.h: Updated to return JSString*. - - * runtime/JSString.cpp: - * runtime/JSString.h: - (JSC::JSValue::toString): Removed, since I removed JSCell::toString(). - - * runtime/JSValue.cpp: - (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re- - spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString() - basically did what we want all the time. (Note that the toPrimitive() - preference changes from NoPreference to PreferString, because that's - how ToString is defined in the language. op_add does not want this behavior.) - - * runtime/NumberPrototype.cpp: - (JSC::numberProtoFuncToString): - (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString() - returns a JSString*. - - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetOwnPropertyDescriptor): - (JSC::objectConstructorDefineProperty): - * runtime/ObjectPrototype.cpp: - (JSC::objectProtoFuncHasOwnProperty): - (JSC::objectProtoFuncDefineGetter): - (JSC::objectProtoFuncDefineSetter): - (JSC::objectProtoFuncLookupGetter): - (JSC::objectProtoFuncLookupSetter): - (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above. - - * runtime/Operations.cpp: - (JSC::jsAddSlowCase): Need to check for object before taking the toString() - fast path becuase adding an object to a string requires calling toPrimitive() - on the object, not toString(). (They differ in their preferred conversion - type.) - - * runtime/Operations.h: - (JSC::jsString): - (JSC::jsStringFromArguments): This code gets simpler, now that toString() - does the right thing. - - (JSC::jsAdd): Now checks for object, just like jsAddSlowCase(). - - * runtime/RegExpConstructor.cpp: - (JSC::setRegExpConstructorInput): - (JSC::constructRegExp): - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::match): - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncCompile): - (JSC::regExpProtoFuncToString): More calls to value(), as above. - - * runtime/StringConstructor.cpp: - (JSC::constructWithStringConstructor): - (JSC::callStringConstructor): This code gets simpler, now that toString() - does the right thing. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingRegExpSearch): - (JSC::replaceUsingStringSearch): - (JSC::stringProtoFuncReplace): - (JSC::stringProtoFuncCharAt): - (JSC::stringProtoFuncCharCodeAt): - (JSC::stringProtoFuncConcat): - (JSC::stringProtoFuncIndexOf): - (JSC::stringProtoFuncLastIndexOf): - (JSC::stringProtoFuncMatch): - (JSC::stringProtoFuncSearch): - (JSC::stringProtoFuncSlice): - (JSC::stringProtoFuncSplit): - (JSC::stringProtoFuncSubstr): - (JSC::stringProtoFuncSubstring): - (JSC::stringProtoFuncToLowerCase): - (JSC::stringProtoFuncToUpperCase): - (JSC::stringProtoFuncLocaleCompare): - (JSC::stringProtoFuncBig): - (JSC::stringProtoFuncSmall): - (JSC::stringProtoFuncBlink): - (JSC::stringProtoFuncBold): - (JSC::stringProtoFuncFixed): - (JSC::stringProtoFuncItalics): - (JSC::stringProtoFuncStrike): - (JSC::stringProtoFuncSub): - (JSC::stringProtoFuncSup): - (JSC::stringProtoFuncFontcolor): - (JSC::stringProtoFuncFontsize): - (JSC::stringProtoFuncAnchor): - (JSC::stringProtoFuncLink): - (JSC::trimString): Some of this code gets simpler, now that toString() - does the right thing. More calls to value(), as above. - -2012-01-23 Luke Macpherson - - Unreviewed, rolling out r105676. - http://trac.webkit.org/changeset/105676 - https://bugs.webkit.org/show_bug.cgi?id=76665 - - Breaks build on max due to compile warnings. - - * runtime/JSObject.cpp: - (JSC::JSObject::finalize): - (JSC::JSObject::visitChildren): - (JSC::JSObject::allocatePropertyStorage): - * runtime/JSObject.h: - -2012-01-23 Mark Hahnenberg - - Use copying collector for out-of-line JSObject property storage - https://bugs.webkit.org/show_bug.cgi?id=76665 - - Reviewed by Geoffrey Garen. - - * runtime/JSObject.cpp: - (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. - (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to - operator new. - * runtime/JSObject.h: - -2012-01-23 Brian Weinstein - - More build fixing after r105646. - - * JavaScriptCore.exp: - -2012-01-23 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=76855 - Implement a JIT-code aware sampling profiler for JSC - - Reviewed by Geoff Garen. - - Step 2: generalize RedBlackTree. The profiler is going to want tio use - a RedBlackTree, allow this class to work with subclasses of - RedBlackTree::Node, Node should not need to know the names of the m_key - and m_value fields (the subclass can provide a key() accessor), and - RedBlackTree does not need to know anything about ValueType. - - * JavaScriptCore.exp: - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocator::findAndRemoveFreeSpace): - (WTF::MetaAllocator::debugFreeSpaceSize): - (WTF::MetaAllocator::addFreeSpace): - * wtf/MetaAllocator.h: - (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode): - (WTF::MetaAllocator::FreeSpaceNode::key): - * wtf/MetaAllocatorHandle.h: - (WTF::MetaAllocatorHandle::key): - * wtf/RedBlackTree.h: - (WTF::RedBlackTree::Node::successor): - (WTF::RedBlackTree::Node::predecessor): - (WTF::RedBlackTree::Node::parent): - (WTF::RedBlackTree::Node::setParent): - (WTF::RedBlackTree::Node::left): - (WTF::RedBlackTree::Node::setLeft): - (WTF::RedBlackTree::Node::right): - (WTF::RedBlackTree::Node::setRight): - (WTF::RedBlackTree::insert): - (WTF::RedBlackTree::remove): - (WTF::RedBlackTree::findExact): - (WTF::RedBlackTree::findLeastGreaterThanOrEqual): - (WTF::RedBlackTree::findGreatestLessThanOrEqual): - (WTF::RedBlackTree::first): - (WTF::RedBlackTree::last): - (WTF::RedBlackTree::size): - (WTF::RedBlackTree::treeMinimum): - (WTF::RedBlackTree::treeMaximum): - (WTF::RedBlackTree::treeInsert): - (WTF::RedBlackTree::leftRotate): - (WTF::RedBlackTree::rightRotate): - (WTF::RedBlackTree::removeFixup): - -2012-01-23 Andy Estes - - Fix the build after r105635. - - * JavaScriptCore.exp: - -2012-01-23 Mark Hahnenberg - - Remove StackBounds from JSGlobalData - https://bugs.webkit.org/show_bug.cgi?id=76310 - - Reviewed by Sam Weinig. - - Removed StackBounds and the stack() function from JSGlobalData since it no - longer accessed any members of JSGlobalData. - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): - * heap/MachineStackMarker.cpp: - (JSC::MachineThreads::addCurrentThread): - (JSC::MachineThreads::gatherFromCurrentThread): - * parser/Parser.cpp: - (JSC::::Parser): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - -2012-01-23 Gavin Barraclough - - Implement a JIT-code aware sampling profiler for JSC - https://bugs.webkit.org/show_bug.cgi?id=76855 - - Rubber stanmped by Geoff Garen. - - Mechanical change - pass CodeBlock through to the executable allocator, - such that we will be able to map ranges of JIT code back to their owner. - - * assembler/ARMAssembler.cpp: - (JSC::ARMAssembler::executableCopy): - * assembler/ARMAssembler.h: - * assembler/AssemblerBuffer.h: - (JSC::AssemblerBuffer::executableCopy): - * assembler/AssemblerBufferWithConstantPool.h: - (JSC::AssemblerBufferWithConstantPool::executableCopy): - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::LinkBuffer): - (JSC::LinkBuffer::linkCode): - * assembler/MIPSAssembler.h: - (JSC::MIPSAssembler::executableCopy): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::executableCopy): - * assembler/X86Assembler.h: - (JSC::X86Assembler::executableCopy): - (JSC::X86Assembler::X86InstructionFormatter::executableCopy): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compile): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGRepatch.cpp: - (JSC::DFG::generateProtoChainAccessStub): - (JSC::DFG::tryCacheGetByID): - (JSC::DFG::tryBuildGetByIDList): - (JSC::DFG::tryCachePutByID): - * dfg/DFGThunks.cpp: - (JSC::DFG::osrExitGenerationThunkGenerator): - * jit/ExecutableAllocator.cpp: - (JSC::ExecutableAllocator::allocate): - * jit/ExecutableAllocator.h: - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::allocate): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JITOpcodes.cpp: - (JSC::JIT::privateCompileCTIMachineTrampolines): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::privateCompileCTIMachineTrampolines): - (JSC::JIT::privateCompileCTINativeCall): - * jit/JITPropertyAccess.cpp: - (JSC::JIT::stringGetByValStubGenerator): - (JSC::JIT::privateCompilePutByIdTransition): - (JSC::JIT::privateCompilePatchGetArrayLength): - (JSC::JIT::privateCompileGetByIdProto): - (JSC::JIT::privateCompileGetByIdSelfList): - (JSC::JIT::privateCompileGetByIdProtoList): - (JSC::JIT::privateCompileGetByIdChainList): - (JSC::JIT::privateCompileGetByIdChain): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::stringGetByValStubGenerator): - (JSC::JIT::privateCompilePutByIdTransition): - (JSC::JIT::privateCompilePatchGetArrayLength): - (JSC::JIT::privateCompileGetByIdProto): - (JSC::JIT::privateCompileGetByIdSelfList): - (JSC::JIT::privateCompileGetByIdProtoList): - (JSC::JIT::privateCompileGetByIdChainList): - (JSC::JIT::privateCompileGetByIdChain): - * jit/JITStubs.cpp: - * jit/SpecializedThunkJIT.h: - (JSC::SpecializedThunkJIT::finalize): - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::compile): - -2012-01-23 Xianzhu Wang - - Basic enhancements to StringBuilder - https://bugs.webkit.org/show_bug.cgi?id=67081 - - This change contains the following enhancements to StringBuilder, - for convenience, performance, testability, etc.: - - Change toStringPreserveCapacity() to const - - new public methods: capacity(), swap(), toAtomicString(), canShrink() - and append(const StringBuilder&) - - == and != opearators to compare StringBuilders and a StringBuilder/String - - Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp - - Reviewed by Darin Adler. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/AtomicString.cpp: - (WTF::SubstringTranslator::hash): - (WTF::SubstringTranslator::equal): - (WTF::SubstringTranslator::translate): - (WTF::AtomicString::add): - (WTF::AtomicString::addSlowCase): - * wtf/text/AtomicString.h: - (WTF::AtomicString::AtomicString): - (WTF::AtomicString::add): - * wtf/text/StringBuilder.cpp: - (WTF::StringBuilder::reifyString): - (WTF::StringBuilder::resize): - (WTF::StringBuilder::canShrink): - (WTF::StringBuilder::shrinkToFit): - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::append): - (WTF::StringBuilder::toString): - (WTF::StringBuilder::toStringPreserveCapacity): - (WTF::StringBuilder::toAtomicString): - (WTF::StringBuilder::isEmpty): - (WTF::StringBuilder::capacity): - (WTF::StringBuilder::is8Bit): - (WTF::StringBuilder::swap): - (WTF::equal): - (WTF::operator==): - (WTF::operator!=): - * wtf/text/StringImpl.h: - -2012-01-23 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing files, remove deleted files and - fix indentation. - -2012-01-22 Filip Pizlo - - Build fix for non-DFG platforms that error out on warn-unused-parameter. - - * bytecode/CallLinkStatus.cpp: - (JSC::CallLinkStatus::computeFor): - * bytecode/GetByIdStatus.cpp: - (JSC::GetByIdStatus::computeFor): - * bytecode/MethodCallLinkStatus.cpp: - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/PutByIdStatus.cpp: - (JSC::PutByIdStatus::computeFor): - -2012-01-22 Filip Pizlo - - Build fix for non-DFG platforms. - - * bytecode/CallLinkStatus.cpp: - (JSC::CallLinkStatus::computeFor): - * bytecode/GetByIdStatus.cpp: - (JSC::GetByIdStatus::computeFor): - * bytecode/MethodCallLinkStatus.cpp: - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/PutByIdStatus.cpp: - (JSC::PutByIdStatus::computeFor): - -2012-01-20 Filip Pizlo - - DFG should not have code that directly decodes the states of old JIT inline - cache data structures - https://bugs.webkit.org/show_bug.cgi?id=76768 - - Reviewed by Sam Weinig. - - Introduced new classes (like GetByIdStatus) that encapsulate the set of things - that the DFG would like to know about property accesses and calls. Whereas it - previously got this information by directly decoding the data structures used - by the old JIT for inline caching, it now uses these classes, which do the work - for it. This should make it somewhat more straight forward to introduce new - ways of profiling the same information. - - Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by - code in bytecode/. - - Making this work right involved carefully ensuring that the heuristics for - choosing how to handle property accesses was at least as good as what we had - before, since I completely restructured that code. Currently the performance - looks neutral. Since I rewrote the code I did change some things that I never - liked before, like previously if a put_bu_id had executed exactly once then - we'd compile it as if it had taken slow-path. Executing once is special because - then the inline cache is not baked in, so there is no information about how the - DFG should optimize the code. Now this is rationalized: if the put_by_id does - not offer enough information to be optimized (i.e. had executed 0 or 1 times) - then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id - still has the old behavior; I left it that way because I didn't want to make - too many changes at once. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CallLinkStatus.cpp: Added. - (JSC::CallLinkStatus::computeFor): - * bytecode/CallLinkStatus.h: Added. - (JSC::CallLinkStatus::CallLinkStatus): - (JSC::CallLinkStatus::isSet): - (JSC::CallLinkStatus::operator!): - (JSC::CallLinkStatus::couldTakeSlowPath): - (JSC::CallLinkStatus::callTarget): - * bytecode/GetByIdStatus.cpp: Added. - (JSC::GetByIdStatus::computeFor): - * bytecode/GetByIdStatus.h: Added. - (JSC::GetByIdStatus::GetByIdStatus): - (JSC::GetByIdStatus::state): - (JSC::GetByIdStatus::isSet): - (JSC::GetByIdStatus::operator!): - (JSC::GetByIdStatus::isSimpleDirect): - (JSC::GetByIdStatus::takesSlowPath): - (JSC::GetByIdStatus::makesCalls): - (JSC::GetByIdStatus::structureSet): - (JSC::GetByIdStatus::offset): - * bytecode/MethodCallLinkStatus.cpp: Added. - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/MethodCallLinkStatus.h: Added. - (JSC::MethodCallLinkStatus::MethodCallLinkStatus): - (JSC::MethodCallLinkStatus::isSet): - (JSC::MethodCallLinkStatus::operator!): - (JSC::MethodCallLinkStatus::needsPrototypeCheck): - (JSC::MethodCallLinkStatus::structure): - (JSC::MethodCallLinkStatus::prototypeStructure): - (JSC::MethodCallLinkStatus::function): - (JSC::MethodCallLinkStatus::prototype): - * bytecode/PutByIdStatus.cpp: Added. - (JSC::PutByIdStatus::computeFor): - * bytecode/PutByIdStatus.h: Added. - (JSC::PutByIdStatus::PutByIdStatus): - (JSC::PutByIdStatus::state): - (JSC::PutByIdStatus::isSet): - (JSC::PutByIdStatus::operator!): - (JSC::PutByIdStatus::isSimpleReplace): - (JSC::PutByIdStatus::isSimpleTransition): - (JSC::PutByIdStatus::takesSlowPath): - (JSC::PutByIdStatus::oldStructure): - (JSC::PutByIdStatus::newStructure): - (JSC::PutByIdStatus::structureChain): - (JSC::PutByIdStatus::offset): - * bytecode/StructureSet.h: Added. - (JSC::StructureSet::StructureSet): - (JSC::StructureSet::clear): - (JSC::StructureSet::add): - (JSC::StructureSet::addAll): - (JSC::StructureSet::remove): - (JSC::StructureSet::contains): - (JSC::StructureSet::isSubsetOf): - (JSC::StructureSet::isSupersetOf): - (JSC::StructureSet::size): - (JSC::StructureSet::at): - (JSC::StructureSet::operator[]): - (JSC::StructureSet::last): - (JSC::StructureSet::predictionFromStructures): - (JSC::StructureSet::operator==): - (JSC::StructureSet::dump): - * dfg/DFGAbstractValue.h: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGStructureSet.h: Removed. - -2012-01-20 Filip Pizlo - - JIT compilation should not require ExecState - https://bugs.webkit.org/show_bug.cgi?id=76729 - - - Reviewed by Gavin Barraclough. - - Changed the relevant JIT driver functions to take JSGlobalData& instead of - ExecState*, since really they just needed the global data. - - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - (JSC::DFG::tryCompile): - (JSC::DFG::tryCompileFunction): - * dfg/DFGDriver.h: - (JSC::DFG::tryCompile): - (JSC::DFG::tryCompileFunction): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - -2012-01-20 David Levin - - Make OwnPtr work for the Chromium Windows port. - https://bugs.webkit.org/show_bug.cgi?id=76738 - - Reviewed by Jian Li. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the - Chromium Windows build. - * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for - OwnPtr and similar constructs. - -2012-01-19 Geoffrey Garen - - Removed some regexp entry boilerplate code - https://bugs.webkit.org/show_bug.cgi?id=76687 - - Reviewed by Darin Adler. - - 1% - 2% speedup on regexp tests, no change overall. - - * runtime/RegExp.cpp: - (JSC::RegExp::match): - - ASSERT that our startIndex is non-negative, because anything less - would be uncivilized. - - - ASSERT that our input is not the null string for the same reason. - - - No need to test for startOffset being past the end of the string, - since the regular expression engine will do this test for us. - - - No need to initialize the output vector, since the regular expression - engine will fill it in for us. - - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::Interpreter::interpret): - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::compile): - - RegExp used to do these jobs for us, but now we do them for ourselves - because it's a better separation of concerns, and the JIT can do them - more efficiently than C++ code: - - - Test for "past the end" before doing any matching -- otherwise - a* will match with zero length past the end of the string, which is wrong. - - - Initialize the output vector before doing any matching. - -2012-01-20 Filip Pizlo - - Build fix for no-DFG configuration. - Needed for . - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitProfiledOpcode): - * jit/JIT.h: - (JSC::JIT::emitValueProfilingSite): - -2012-01-19 Filip Pizlo - - Bytecode instructions that may have value profiling should have a direct inline - link to the ValueProfile instance - https://bugs.webkit.org/show_bug.cgi?id=76682 - - - Reviewed by Sam Weinig. - - Each opcode that gets value profiled now has a link to its ValueProfile. This - required rationalizing the emission of value profiles for opcode combos, like - op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes - sense for one of them to have a value profile link, and it makes most sense - for it to be the one that actually sets the result. The previous behavior was - to have op_method_check profile for op_get_by_id when they were used together, - but otherwise for op_get_by_id to have its own profiles. op_call already did - the right thing; all profiling was done by op_call_put_result. - - But rationalizing this code required breaking some of the natural boundaries - that the code had; for instance the code in DFG that emits a GetById in place - of both op_method_check and op_get_by_id must now know that it's the latter of - those that has the value profile, while the first of those constitutes the OSR - target. Hence each CodeOrigin must now have two bytecode indices - one for - OSR exit and one for profiling. - - Finally this change required some refiddling of our optimization heuristics, - because now all code blocks have "more instructions" due to the value profile - slots. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::printGetByIdOp): - (JSC::CodeBlock::dump): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::valueProfileForBytecodeOffset): - * bytecode/CodeOrigin.h: - (JSC::CodeOrigin::CodeOrigin): - (JSC::CodeOrigin::bytecodeIndexForValueProfile): - * bytecode/Instruction.h: - (JSC::Instruction::Instruction): - * bytecode/Opcode.h: - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitProfiledOpcode): - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitGetScopedVar): - (JSC::BytecodeGenerator::emitResolveBase): - (JSC::BytecodeGenerator::emitResolveBaseForPut): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitResolveWithThis): - (JSC::BytecodeGenerator::emitGetById): - (JSC::BytecodeGenerator::emitGetByVal): - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitCallVarargs): - (JSC::BytecodeGenerator::emitConstruct): - * bytecompiler/BytecodeGenerator.h: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::ByteCodeParser): - (JSC::DFG::ByteCodeParser::currentCodeOrigin): - (JSC::DFG::ByteCodeParser::addCall): - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): - (JSC::DFG::ByteCodeParser::getPrediction): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::valueProfileFor): - * jit/JIT.h: - (JSC::JIT::emitValueProfilingSite): - * jit/JITCall.cpp: - (JSC::JIT::emit_op_call_put_result): - * jit/JITCall32_64.cpp: - (JSC::JIT::emit_op_call_put_result): - * jit/JITInlineMethods.h: - (JSC::JIT::emitValueProfilingSite): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_resolve): - (JSC::JIT::emit_op_resolve_base): - (JSC::JIT::emit_op_resolve_skip): - (JSC::JIT::emit_op_resolve_global): - (JSC::JIT::emitSlow_op_resolve_global): - (JSC::JIT::emit_op_resolve_with_base): - (JSC::JIT::emit_op_resolve_with_this): - (JSC::JIT::emitSlow_op_resolve_global_dynamic): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_resolve): - (JSC::JIT::emit_op_resolve_base): - (JSC::JIT::emit_op_resolve_skip): - (JSC::JIT::emit_op_resolve_global): - (JSC::JIT::emitSlow_op_resolve_global): - (JSC::JIT::emit_op_resolve_with_base): - (JSC::JIT::emit_op_resolve_with_this): - * jit/JITPropertyAccess.cpp: - (JSC::JIT::emit_op_get_by_val): - (JSC::JIT::emitSlow_op_get_by_val): - (JSC::JIT::emit_op_method_check): - (JSC::JIT::emitSlow_op_method_check): - (JSC::JIT::emit_op_get_by_id): - (JSC::JIT::emitSlow_op_get_by_id): - (JSC::JIT::emit_op_get_scoped_var): - (JSC::JIT::emit_op_get_global_var): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::emit_op_method_check): - (JSC::JIT::emitSlow_op_method_check): - (JSC::JIT::emit_op_get_by_val): - (JSC::JIT::emitSlow_op_get_by_val): - (JSC::JIT::emit_op_get_by_id): - (JSC::JIT::emitSlow_op_get_by_id): - (JSC::JIT::emit_op_get_scoped_var): - (JSC::JIT::emit_op_get_global_var): - * jit/JITStubCall.h: - (JSC::JITStubCall::callWithValueProfiling): - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - -2012-01-20 ChangSeok Oh - - undefined reference to symbol eina_module_free - https://bugs.webkit.org/show_bug.cgi?id=76681 - - Reviewed by Martin Robinson. - - eina_module_free has been used without including eina libraries after r104936. - - * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES. - -2012-01-19 Tony Chang - - [chromium] Remove an obsolete comment about features.gypi - https://bugs.webkit.org/show_bug.cgi?id=76643 - - There can be only one features.gypi. - - Reviewed by James Robinson. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - -2012-01-19 Geoffrey Garen - - Implicit creation of a regular expression should eagerly check for syntax errors - https://bugs.webkit.org/show_bug.cgi?id=76642 - - Reviewed by Oliver Hunt. - - This is a correctness fix and a slight optimization. - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncMatch): - (JSC::stringProtoFuncSearch): Check for syntax errors because that's the - correct behavior. - - * runtime/RegExp.cpp: - (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line - of code change, many lines of indentation change.) - - Since we have no clients that try to match a RegExp that is a syntax error, - let's optimize out the check. - -2012-01-19 Mark Hahnenberg - - Implement a new allocator for backing stores - https://bugs.webkit.org/show_bug.cgi?id=75181 - - Reviewed by Filip Pizlo. - - We want to move away from using fastMalloc for the backing stores for - some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing - stores have a nice property in that they only have a single owner (i.e. a - single pointer to them at any one time). One way that we can take advantage - of this property is to implement a simple bump allocator/copying collector, - which will run alongside our normal mark/sweep collector, that only needs to - update the single owner pointer rather than having to redirect an arbitrary - number of pointers in from-space to to-space. - - This plan can give us a number of benefits. We can beat fastMalloc in terms - of both performance and memory usage, we can track how much memory we're using - far more accurately than our rough estimation now through the use of - reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed - to being limited to size classes like we have been historically). This is also - another step toward moving away from lazy destruction, which will improve our memory footprint. - - We start by creating said allocator and moving the ArrayStorage for JSArray - to use it rather than fastMalloc. - - The design of the collector is as follows: - Allocation: - -The collector allocates 64KB chunks from the OS to use for object allocation. - -Each chunk contains an offset, a flag indicating if the block has been pinned, - and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists. - -Any allocation greater than 64KB gets its own separate oversize block, which - is managed separately from the rest. - -If the allocator receives a request for more than the remaining amount in the - current block, it grabs a fresh block. - -Grabbing a fresh block means grabbing one off of the global free list (which is now - shared between the mark/sweep allocator and the bump allocator) if there is one. - If there isn't a new one we do one of two things: allocate a new block from the OS - if we're not ready for a GC yet, or run a GC and then try again. If we still don't - have enough space after the GC, we allocate a new block from the OS. - - Garbage collection: - -At the start of garbage collection during conservative stack scanning, if we encounter - what appears to be a pointer to a bump-allocated block of memory, we pin that block so - that it will not be copied for this round of collection. - -We also pin any oversize blocks that we encounter, which effectively doubles as a - "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying - are given back to the OS. - -Marking threads are now also responsible for copying bump-allocated objects to newSpace - -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters. - -When that block fills up, the marking thread gives it back to the allocator and requests a new one. - -When all marking has concluded, each thread gives back its copy block, even if it isn't full. - -At the conclusion of copying (which is done by the end of the marking phase), we un-pin - any pinned blocks and give any blocks left in from-space to the global free list. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * heap/AllocationSpace.cpp: - (JSC::AllocationSpace::allocateSlowCase): - (JSC::AllocationSpace::allocateBlock): - (JSC::AllocationSpace::freeBlocks): - * heap/AllocationSpace.h: - (JSC::AllocationSpace::waterMark): - * heap/BumpBlock.h: Added. - (JSC::BumpBlock::BumpBlock): - * heap/BumpSpace.cpp: Added. - (JSC::BumpSpace::tryAllocateSlowCase): - * heap/BumpSpace.h: Added. - (JSC::BumpSpace::isInCopyPhase): - (JSC::BumpSpace::totalMemoryAllocated): - (JSC::BumpSpace::totalMemoryUtilized): - * heap/BumpSpaceInlineMethods.h: Added. - (JSC::BumpSpace::BumpSpace): - (JSC::BumpSpace::init): - (JSC::BumpSpace::contains): - (JSC::BumpSpace::pin): - (JSC::BumpSpace::startedCopying): - (JSC::BumpSpace::doneCopying): - (JSC::BumpSpace::doneFillingBlock): - (JSC::BumpSpace::recycleBlock): - (JSC::BumpSpace::getFreshBlock): - (JSC::BumpSpace::borrowBlock): - (JSC::BumpSpace::addNewBlock): - (JSC::BumpSpace::allocateNewBlock): - (JSC::BumpSpace::fitsInBlock): - (JSC::BumpSpace::fitsInCurrentBlock): - (JSC::BumpSpace::tryAllocate): - (JSC::BumpSpace::tryAllocateOversize): - (JSC::BumpSpace::allocateFromBlock): - (JSC::BumpSpace::tryReallocate): - (JSC::BumpSpace::tryReallocateOversize): - (JSC::BumpSpace::isOversize): - (JSC::BumpSpace::isPinned): - (JSC::BumpSpace::oversizeBlockFor): - (JSC::BumpSpace::blockFor): - * heap/ConservativeRoots.cpp: - (JSC::ConservativeRoots::ConservativeRoots): - (JSC::ConservativeRoots::genericAddPointer): - (JSC::ConservativeRoots::add): - * heap/ConservativeRoots.h: - * heap/Heap.cpp: - (JSC::Heap::Heap): - (JSC::Heap::blockFreeingThreadMain): - (JSC::Heap::reportExtraMemoryCostSlowCase): - (JSC::Heap::getConservativeRegisterRoots): - (JSC::Heap::markRoots): - (JSC::Heap::collect): - (JSC::Heap::releaseFreeBlocks): - * heap/Heap.h: - (JSC::Heap::waterMark): - (JSC::Heap::highWaterMark): - (JSC::Heap::setHighWaterMark): - (JSC::Heap::tryAllocateStorage): - (JSC::Heap::tryReallocateStorage): - * heap/HeapBlock.h: Added. - (JSC::HeapBlock::HeapBlock): - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): - (JSC::SlotVisitor::drain): - (JSC::SlotVisitor::drainFromShared): - (JSC::SlotVisitor::startCopying): - (JSC::SlotVisitor::allocateNewSpace): - (JSC::SlotVisitor::copy): - (JSC::SlotVisitor::copyAndAppend): - (JSC::SlotVisitor::doneCopying): - * heap/MarkStack.h: - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::recycle): - (JSC::MarkedBlock::MarkedBlock): - * heap/MarkedBlock.h: - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::MarkedSpace): - * heap/MarkedSpace.h: - (JSC::MarkedSpace::allocate): - (JSC::MarkedSpace::forEachBlock): - (JSC::MarkedSpace::SizeClass::resetAllocator): - * heap/SlotVisitor.h: - (JSC::SlotVisitor::SlotVisitor): - * heap/TinyBloomFilter.h: - (JSC::TinyBloomFilter::reset): - * runtime/JSArray.cpp: - (JSC::JSArray::JSArray): - (JSC::JSArray::finishCreation): - (JSC::JSArray::tryFinishCreationUninitialized): - (JSC::JSArray::~JSArray): - (JSC::JSArray::enterSparseMode): - (JSC::JSArray::defineOwnNumericProperty): - (JSC::JSArray::setLengthWritable): - (JSC::JSArray::getOwnPropertySlotByIndex): - (JSC::JSArray::getOwnPropertyDescriptor): - (JSC::JSArray::putByIndexBeyondVectorLength): - (JSC::JSArray::deletePropertyByIndex): - (JSC::JSArray::getOwnPropertyNames): - (JSC::JSArray::increaseVectorLength): - (JSC::JSArray::unshiftCountSlowCase): - (JSC::JSArray::setLength): - (JSC::JSArray::pop): - (JSC::JSArray::unshiftCount): - (JSC::JSArray::visitChildren): - (JSC::JSArray::sortNumeric): - (JSC::JSArray::sort): - (JSC::JSArray::compactForSorting): - (JSC::JSArray::subclassData): - (JSC::JSArray::setSubclassData): - (JSC::JSArray::checkConsistency): - * runtime/JSArray.h: - (JSC::JSArray::inSparseMode): - (JSC::JSArray::isLengthWritable): - * wtf/CheckedBoolean.h: Added. - (CheckedBoolean::CheckedBoolean): - (CheckedBoolean::~CheckedBoolean): - (CheckedBoolean::operator bool): - * wtf/DoublyLinkedList.h: - (WTF::::push): - * wtf/StdLibExtras.h: - (WTF::isPointerAligned): - -2012-01-19 Joi Sigurdsson - - Enable use of precompiled headers in Chromium port on Windows. - - Bug 76381 - Use precompiled headers in Chromium port on Windows - https://bugs.webkit.org/show_bug.cgi?id=76381 - - Reviewed by Tony Chang. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi. - -2012-01-18 Roland Takacs - - Cross-platform processor core counter fix - https://bugs.webkit.org/show_bug.cgi?id=76540 - - Reviewed by Zoltan Herczeg. - - I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)" - and I removed the OS checking macros from ParallelJobsGeneric.cpp because - the NumberOfCores.cpp contains them for counting CPU cores. - The processor core counter patch located at - https://bugs.webkit.org/show_bug.cgi?id=76530 - - * wtf/NumberOfCores.cpp: - * wtf/ParallelJobsGeneric.cpp: - -2012-01-18 Csaba Osztrogonác - - Cross-platform processor core counter - https://bugs.webkit.org/show_bug.cgi?id=76530 - - Unreviewed cross-MinGW buildfix after r105270. - - * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h. - -2012-01-18 Roland Takacs - - Cross-platform processor core counter - https://bugs.webkit.org/show_bug.cgi?id=76530 - - Reviewed by Zoltan Herczeg. - - Two files have been created that include the processor core counter function. - It used to be in ParallelJobsGeneric.h/cpp before. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - * wtf/CMakeLists.txt: - * wtf/NumberOfCores.cpp: Added. - (WTF::numberOfProcessorCores): - * wtf/NumberOfCores.h: Added. - * wtf/ParallelJobsGeneric.cpp: - (WTF::ParallelEnvironment::ParallelEnvironment): - * wtf/ParallelJobsGeneric.h: - -2012-01-18 Balazs Kelemen - - [Qt] Consolidate layout test crash logging - https://bugs.webkit.org/show_bug.cgi?id=75088 - - Reviewed by Simon Hausmann. - - Move backtrace generating logic into WTFReportBacktrace - and add a way to deinstall signal handlers if we know - that we have already printed the backtrace. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/Assertions.cpp: - (WTFLogLocker::WTFReportBacktrace): - (WTFLogLocker::WTFSetCrashHook): - (WTFLogLocker::WTFInvokeCrashHook): - * wtf/Assertions.h: - -2012-01-17 Geoffrey Garen - - Factored out some code into a helper function. - - I think this might help getting rid of omit-frame-pointer. - - Reviewed by Sam Weinig. - - No benchmark change. - - * runtime/StringPrototype.cpp: - (JSC::removeUsingRegExpSearch): Moved to here... - (JSC::replaceUsingRegExpSearch): ...from here. - -2012-01-17 Caio Marcelo de Oliveira Filho - - Uint8ClampedArray support - https://bugs.webkit.org/show_bug.cgi?id=74455 - - Reviewed by Filip Pizlo. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionFromClassInfo): - * bytecode/PredictedType.h: - (JSC::isUint8ClampedArrayPrediction): - (JSC::isActionableMutableArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateUint8ClampedArray): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::clampDoubleToByte): - (JSC::DFG::compileClampIntegerToByte): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSCell.h: - * runtime/JSGlobalData.h: - * wtf/Forward.h: - * wtf/Uint8Array.h: - * wtf/Uint8ClampedArray.h: Added. - (WTF::Uint8ClampedArray::set): - (WTF::Uint8ClampedArray::create): - (WTF::Uint8ClampedArray::Uint8ClampedArray): - (WTF::Uint8ClampedArray::subarray): - -2012-01-17 Sam Weinig - - Add helper macro for forward declaring objective-c classes - https://bugs.webkit.org/show_bug.cgi?id=76485 - - Reviewed by Anders Carlsson. - - * wtf/Compiler.h: - Add OBJC_CLASS macro which helps reduce code when forward declaring an - objective-c class in a header which can be included from both Objective-C - and non-Objective-C files. - -2012-01-17 Filip Pizlo - - DFG should be able to do JS and custom getter caching - https://bugs.webkit.org/show_bug.cgi?id=76361 - - Reviewed by Csaba Osztrogonác. - - Fix for 32-bit. - - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryBuildGetByIDList): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-01-15 Filip Pizlo - - DFG should be able to do JS and custom getter caching - https://bugs.webkit.org/show_bug.cgi?id=76361 - - - Reviewed by Geoff Garen. - - Added the ability to cache JS getter calls and custom getter calls in the DFG. - Most of this is pretty mundane, since the old JIT supported this functionality - as well. But a couple interesting things had to happen: - - - There are now two variants of GetById: GetById, which works as before, and - GetByIdFlush, which flushes registers prior to doing the GetById. Only - GetByIdFlush can be used for caching getters. We detect which GetById style - to use by looking at the inline caches of the old JIT. - - - Exception handling for getter calls planted in stubs uses a separate lookup - handler routine, which uses the CodeOrigin stored in the StructureStubInfo. - - This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of - the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and - Kraken. - - * bytecode/StructureStubInfo.h: - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::emitExceptionCheck): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::willNeedFlush): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCCallHelpers.h: - (JSC::DFG::CCallHelpers::setupResults): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGJITCompiler.h: - (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): - (JSC::DFG::JITCompiler::addExceptionCheck): - * dfg/DFGNode.h: - (JSC::DFG::Node::hasIdentifier): - (JSC::DFG::Node::hasHeapPrediction): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryCacheGetByID): - (JSC::DFG::tryBuildGetByIDList): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::cachedGetById): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::cachedGetById): - (JSC::DFG::SpeculativeJIT::compile): - -2012-01-16 Jon Lee - - Build fix for r105086. - - * Configurations/FeatureDefines.xcconfig: - * wtf/Platform.h: - -2012-01-16 Jon Lee - - Remove HTML notifications support on Mac - https://bugs.webkit.org/show_bug.cgi?id=76401 - - - Reviewed by Sam Weinig. - - * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro. - -2012-01-16 Zeno Albisser - - [Qt] Fix QT_VERSION related warnings when building on Mac OS X - https://bugs.webkit.org/show_bug.cgi?id=76340 - - This bug was caused by r104826. - As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239 - we should not use "using namespace WebCore" in header files, - because it might cause ambiguous references. - This patch reverts the changes from r104826 and r104981 - and removes the "using namespace WebCore" statement from - two header files. - - Reviewed by Tor Arne Vestbø. - - * wtf/Platform.h: - -2012-01-16 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Fix typo. - -2012-01-16 Pavel Heimlich - - Solaris Studio supports alignment macros too - https://bugs.webkit.org/show_bug.cgi?id=75453 - - Reviewed by Hajime Morita. - - * wtf/Alignment.h: - -2012-01-16 Yuqiang Xian - - Build fix on 32bit if verbose debug is enabled in DFG - https://bugs.webkit.org/show_bug.cgi?id=76351 - - Reviewed by Hajime Morita. - - Mostly change "%lu" to "%zu" to print a "size_t" variable. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::endBasicBlock): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::parseCodeBlock): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::predictArgumentTypes): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGOSREntry.cpp: - (JSC::DFG::prepareOSREntry): - -2012-01-15 Filip Pizlo - - The C calling convention logic in DFG::SpeculativeJIT should be available even - when not generating code for the DFG speculative path - https://bugs.webkit.org/show_bug.cgi?id=76355 - - Reviewed by Dan Bernstein. - - Moved all of the logic for placing C call arguments into the right place (stack - or registers) into a new class, DFG::CCallHelpers. This class inherits from - AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved - this code into AssemblyHelpers, but decided against it, because I wanted to - limit the number of methods each class in the JIT has. Hence now we have a - slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction - emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers - (understands calls to C functions) <= JITCompiler (can compile a graph to machine - code). Each of these except for JITCompiler can be reused for stub compilation. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGCCallHelpers.h: Added. - (JSC::DFG::CCallHelpers::CCallHelpers): - (JSC::DFG::CCallHelpers::resetCallArguments): - (JSC::DFG::CCallHelpers::addCallArgument): - (JSC::DFG::CCallHelpers::setupArguments): - (JSC::DFG::CCallHelpers::setupArgumentsExecState): - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): - (JSC::DFG::CCallHelpers::setupTwoStubArgs): - (JSC::DFG::CCallHelpers::setupStubArguments): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::JITCompiler): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - -2012-01-15 Pablo Flouret - - Fix compilation errors on build-webkit --debug --no-video on mac. - https://bugs.webkit.org/show_bug.cgi?id=75867 - - Reviewed by Philippe Normand. - - Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature - doesn't build without video. - - * wtf/Platform.h: - -2012-01-14 David Levin - - HWndDC should be in platform/win instead of wtf. - https://bugs.webkit.org/show_bug.cgi?id=76314 - - Reviewed by Sam Weinig. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - * JavaScriptCore.gypi: - -2012-01-13 David Levin - - check-webkit-style: should encourage the use of Own* classes for Windows DC. - https://bugs.webkit.org/show_bug.cgi?id=76227 - - Reviewed by Dirk Pranke. - - * wtf/win/HWndDCWin.h: - (WTF::HwndDC::HwndDC): Add a way to do GetDCEx. - There are no users, but I want to catch this in check-webkit-style - and tell any users to use HwndDC to avoid leaks. - -2012-01-13 David Levin - - Header file is missing header guard. - - Reviewed by Dirk Pranke. - - * wtf/win/HWndDCWin.h: Added the guards. - -2012-01-13 Andy Wingo - - Eval in strict mode does not need dynamic checks - https://bugs.webkit.org/show_bug.cgi?id=76286 - - Reviewed by Oliver Hunt. - - * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation): - Eval in strict mode cannot introduce variables, so it not impose - the need for dynamic checks. - -2012-01-13 David Levin - - HWndDC is a better name than HwndDC. - https://bugs.webkit.org/show_bug.cgi?id=76281 - - Reviewed by Darin Adler. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - * JavaScriptCore.gypi: - * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h. - (WTF::HWndDC::HWndDC): - (WTF::HWndDC::~HWndDC): - (WTF::HWndDC::operator HDC): - -2012-01-13 YoungTaeck Song - - [EFL] Add OwnPtr specialization for Eina_Module. - https://bugs.webkit.org/show_bug.cgi?id=76255 - - Reviewed by Andreas Kling. - - Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port. - - * wtf/OwnPtrCommon.h: - * wtf/efl/OwnPtrEfl.cpp: - (WTF::deleteOwnedPtr): - -2012-01-13 Yuqiang Xian - - Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined - - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - -2012-01-12 Hajime Morrita - - JavaScriptCore: Mark all exported symbols in the header file automatically. - https://bugs.webkit.org/show_bug.cgi?id=72855 - - Reviewed by Darin Adler. - - Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files. - The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables) - - * API/OpaqueJSString.h: - * bytecode/CodeBlock.h: - * bytecode/SamplingTool.h: - * debugger/Debugger.h: - * debugger/DebuggerActivation.h: - * debugger/DebuggerCallFrame.h: - * heap/AllocationSpace.h: - * heap/HandleHeap.h: - * heap/Heap.h: - * heap/MachineStackMarker.h: - * heap/MarkStack.h: - * heap/VTableSpectrum.h: - * heap/WriteBarrierSupport.h: - * parser/Nodes.h: - * parser/ParserArena.h: - * profiler/Profile.h: - * runtime/ArgList.h: - * runtime/CallData.h: - * runtime/Completion.h: - * runtime/ConstructData.h: - * runtime/DateInstance.h: - * runtime/Error.h: - * runtime/ExceptionHelpers.h: - * runtime/FunctionConstructor.h: - * runtime/Identifier.h: - * runtime/InitializeThreading.h: - * runtime/InternalFunction.h: - * runtime/JSArray.h: - * runtime/JSByteArray.h: - * runtime/JSCell.h: - * runtime/JSFunction.h: - * runtime/JSGlobalData.cpp: - * runtime/JSGlobalData.h: - * runtime/JSGlobalObject.h: - * runtime/JSGlobalThis.h: - * runtime/JSLock.h: - * runtime/JSObject.h: - * runtime/JSString.h: - * runtime/JSValue.h: - * runtime/JSVariableObject.h: - * runtime/Lookup.h: - * runtime/MemoryStatistics.h: - * runtime/ObjectPrototype.h: - * runtime/Options.h: - * runtime/PropertyDescriptor.h: - * runtime/PropertyNameArray.h: - * runtime/PropertySlot.h: - * runtime/RegExp.h: - * runtime/RegExpObject.h: - * runtime/SamplingCounter.h: - * runtime/SmallStrings.h: - * runtime/StringObject.h: - * runtime/Structure.h: - * runtime/TimeoutChecker.h: - * runtime/UString.h: - * runtime/WriteBarrier.h: - * wtf/ArrayBufferView.h: - * wtf/ByteArray.h: - * wtf/CryptographicallyRandomNumber.h: - * wtf/CurrentTime.h: - * wtf/DateMath.h: - * wtf/DecimalNumber.h: - * wtf/FastMalloc.cpp: - * wtf/FastMalloc.h: - * wtf/MD5.h: - * wtf/MainThread.h: - * wtf/MetaAllocator.h: - * wtf/MetaAllocatorHandle.h: - * wtf/OSAllocator.h: - * wtf/PageBlock.h: - * wtf/RandomNumber.h: - * wtf/RefCountedLeakCounter.h: - * wtf/SHA1.h: - * wtf/Threading.cpp: - * wtf/Threading.h: - * wtf/ThreadingPrimitives.h: - * wtf/WTFThreadData.h: - * wtf/dtoa.h: - * wtf/text/AtomicString.h: - * wtf/text/CString.h: - * wtf/text/StringBuilder.h: - * wtf/text/StringImpl.h: - * wtf/text/WTFString.h: - * wtf/unicode/Collator.h: - * wtf/unicode/UTF8.h: - * yarr/Yarr.h: - * yarr/YarrPattern.h: - -2012-01-12 MORITA Hajime - - [Chromium] JSExportMacros.h should be visible. - https://bugs.webkit.org/show_bug.cgi?id=76147 - - Reviewed by Tony Chang. - - * config.h: - -2012-01-12 David Levin - - HwndDC is a better name than OwnGetDC. - https://bugs.webkit.org/show_bug.cgi?id=76235 - - Reviewed by Dmitry Titov. - - This is a better name for two reasons: - 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC). - 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr) - classes always take something to hold on to. In this case, the object (the DC) - is created by the class once it is given a Window to ensure that the HDC - was actually created using GetDC. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - * JavaScriptCore.gypi: - * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h. - (WTF::HwndDC::HwndDC): - (WTF::HwndDC::~HwndDC): - (WTF::HwndDC::operator HDC): - -2012-01-12 Gavin Barraclough - - Clean up putDirect (part 2) - https://bugs.webkit.org/show_bug.cgi?id=76232 - - Reviewed by Sam Weinig. - - Rename putWithAttributes to putDirectVirtual, to identify that this - has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal - to be templated on an enum indicating which behaviour it is supposed to be - implementing, and change clients that are defining properties to call - putDirectInternal correctly. - - * API/JSObjectRef.cpp: - (JSObjectSetProperty): - * JavaScriptCore.exp: - * debugger/DebuggerActivation.cpp: - (JSC::DebuggerActivation::putDirectVirtual): - * debugger/DebuggerActivation.h: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - * runtime/ClassInfo.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/JSActivation.cpp: - (JSC::JSActivation::putDirectVirtual): - * runtime/JSActivation.h: - * runtime/JSCell.cpp: - (JSC::JSCell::putDirectVirtual): - * runtime/JSCell.h: - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::putDirectVirtual): - * runtime/JSGlobalObject.h: - * runtime/JSObject.cpp: - (JSC::JSObject::put): - (JSC::JSObject::putDirectVirtual): - (JSC::JSObject::defineGetter): - (JSC::JSObject::initializeGetterSetterProperty): - (JSC::JSObject::defineSetter): - (JSC::putDescriptor): - * runtime/JSObject.h: - (JSC::JSObject::putDirectInternal): - (JSC::JSObject::putOwnDataProperty): - (JSC::JSObject::putDirect): - * runtime/JSStaticScopeObject.cpp: - (JSC::JSStaticScopeObject::putDirectVirtual): - * runtime/JSStaticScopeObject.h: - * runtime/JSVariableObject.cpp: - (JSC::JSVariableObject::putDirectVirtual): - * runtime/JSVariableObject.h: - -2012-01-12 Gavin Barraclough - - Clean up putDirect (part 1) - https://bugs.webkit.org/show_bug.cgi?id=76232 - - Reviewed by Sam Weinig. - - putDirect has ambiguous semantics, clean these up a bit. - - putDirect generally behaves a bit like a fast defineOwnProperty, but one that - always creates the property, with no checking to validate the put it permitted. - - It also encompasses two slightly different behaviors. - (1) a fast form of put for JSActivation, which doesn't have to handle searching - the prototype chain, getter/setter properties, or the magic __proto__ value. - Break this out as a new method, 'putOwnDataProperty'. - (2) the version of putDirect on JSValue will also check for overwriting ReadOnly - values, in strict mode. This is, however, not so smart on a few level, since - it is only called from op_put_by_id with direct set, which is only used with - an object as the base, and is only used to put new properties onto objects. - - * dfg/DFGOperations.cpp: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * runtime/JSActivation.cpp: - (JSC::JSActivation::put): - * runtime/JSFunction.cpp: - (JSC::JSFunction::getOwnPropertySlot): - * runtime/JSObject.h: - (JSC::JSObject::putOwnDataProperty): - * runtime/JSValue.h: - -2012-01-12 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=76141 - defineSetter/defineGetter may fail to update Accessor attribute - - Reviewed by Oliver Hunt. - - * runtime/JSObject.cpp: - (JSC::JSObject::defineGetter): - (JSC::JSObject::initializeGetterSetterProperty): - (JSC::JSObject::defineSetter): - * runtime/Structure.cpp: - (JSC::Structure::attributeChangeTransition): - * runtime/Structure.h: - -2012-01-12 David Levin - - [chromium] Fix DC leak in WebScreenInfoFactory. - https://bugs.webkit.org/show_bug.cgi?id=76203 - - Reviewed by Dmitry Titov. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h - * JavaScriptCore.gypi: Added OwnGetDCWin.h - * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC. - -2012-01-11 Gavin Barraclough - - Allow accessor get/set property to be set to undefined - https://bugs.webkit.org/show_bug.cgi?id=76148 - - Reviewed by Oliver Hunt. - - AccessorDescriptor properties may have their get & set properties defined to reference a function - (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor - (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of - three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object). - - On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and - any JSObject* (with a constraint that this must be callable). - - Logically the get/set property of an accessor descriptor on an object might be in any of the three - states above, but in practice there is no way to distinguish between the first two states. As such - we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or - undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value. - - * runtime/GetterSetter.h: - (JSC::GetterSetter::setGetter): - (JSC::GetterSetter::setSetter): - - Allow the getter/setter to be cleared. - * runtime/JSArray.cpp: - (JSC::JSArray::putDescriptor): - - Changed to call getterObject/setterObject. - (JSC::JSArray::defineOwnNumericProperty): - - Added ASSERT. - * runtime/JSObject.cpp: - (JSC::putDescriptor): - (JSC::JSObject::defineOwnProperty): - - Changed to call getterObject/setterObject. - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetOwnPropertyDescriptor): - - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'. - (JSC::toPropertyDescriptor): - - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined. - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::getterObject): - (JSC::PropertyDescriptor::setterObject): - - Accessors to convert the get/set property to an object pointer, converting undefined to 0. - (JSC::PropertyDescriptor::setDescriptor): - (JSC::PropertyDescriptor::setAccessorDescriptor): - - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present. - * runtime/PropertyDescriptor.h: - - Declare getterObject/setterObject. - -2012-01-12 Zeno Albisser - - [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560. - https://bugs.webkit.org/show_bug.cgi?id=76175 - - Defining ENABLE_CSS_FILTERS leads to ambiguous references - due to MacTypes.h being included. - Defining CF_OPEN_SOURCE works around this problem. - - Reviewed by Simon Hausmann. - - * wtf/Platform.h: - -2012-01-12 Simon Hausmann - - Make the new WTF module build on Qt - https://bugs.webkit.org/show_bug.cgi?id=76163 - - Reviewed by Tor Arne Vestbø. - - * JavaScriptCore.pro: Removed wtf from the subdirs to build. - -2012-01-11 Filip Pizlo - - CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter - https://bugs.webkit.org/show_bug.cgi?id=76144 - - - Rubber stamped by Gavin Barraclough. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::addressOfJITExecuteCounter): - (JSC::CodeBlock::offsetOfJITExecuteCounter): - (JSC::CodeBlock::jitExecuteCounter): - (JSC::CodeBlock::optimizeNextInvocation): - (JSC::CodeBlock::dontOptimizeAnytimeSoon): - (JSC::CodeBlock::optimizeAfterWarmUp): - (JSC::CodeBlock::optimizeAfterLongWarmUp): - (JSC::CodeBlock::optimizeSoon): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * jit/JIT.cpp: - (JSC::JIT::emitOptimizationCheck): - -2012-01-11 Gavin Barraclough - - Merge 'Getter'/'Setter' attributes into 'Accessor' - https://bugs.webkit.org/show_bug.cgi?id=76141 - - Reviewed by Filip Pizlo. - - These are currently ambiguous (and used inconsistently). It would logically appear - that either being bit set implies that the corresponding type of accessor is present - but (a) we don't correctly enforce this, and (b) this means the attributes would not - be able to distinguish between a data descriptor and an accessor descriptor with - neither a getter nor setter defined (which is a descriptor permissible under the spec). - This ambiguity would lead to unsafe property caching behavior (though this does not - represent an actual current bug, since we are currently unable to create descriptors - that have neither a getter nor setter, it just prevents us from doing so). - - * runtime/Arguments.cpp: - (JSC::Arguments::createStrictModeCallerIfNecessary): - (JSC::Arguments::createStrictModeCalleeIfNecessary): - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::put): - (JSC::JSArray::putDescriptor): - * runtime/JSBoundFunction.cpp: - (JSC::JSBoundFunction::finishCreation): - * runtime/JSFunction.cpp: - (JSC::JSFunction::getOwnPropertySlot): - (JSC::JSFunction::getOwnPropertyDescriptor): - * runtime/JSObject.cpp: - (JSC::JSObject::defineGetter): - (JSC::JSObject::initializeGetterSetterProperty): - (JSC::JSObject::defineSetter): - (JSC::putDescriptor): - (JSC::JSObject::defineOwnProperty): - * runtime/JSObject.h: - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorDefineProperty): - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::setDescriptor): - (JSC::PropertyDescriptor::setAccessorDescriptor): - (JSC::PropertyDescriptor::setSetter): - (JSC::PropertyDescriptor::setGetter): - (JSC::PropertyDescriptor::attributesOverridingCurrent): - -2012-01-11 Gavin Barraclough - - Object.defineProperty([], 'length', {}) should not make length read-only - https://bugs.webkit.org/show_bug.cgi?id=76097 - - Reviewed by Oliver Hunt. - - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnProperty): - - We should be checking writablePresent(). - -2012-01-11 Filip Pizlo - - Code duplication for invoking the JIT and DFG should be reduced - https://bugs.webkit.org/show_bug.cgi?id=76117 - - - Rubber stamped by Geoff Garen. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * jit/JITDriver.h: Added. - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - -2012-01-11 Geoffrey Garen - - Bytecode dumping is broken for call opcodes (due to two new operands) - https://bugs.webkit.org/show_bug.cgi?id=75886 - - Reviewed by Oliver Hunt. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have - to fix this more than once. The helper function skips the extra two operands - at the end of the opcode, used for optimization. - - (JSC::CodeBlock::dump): Used the helper function. - - * bytecode/CodeBlock.h: Declared the helper function. - -2012-01-09 Geoffrey Garen - - REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken) - https://bugs.webkit.org/show_bug.cgi?id=75911 - - * bytecompiler/BytecodeGenerator.h: - (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to - explicitly cast to our return type in C++. - - * bytecompiler/NodesCodegen.cpp: - (JSC::FunctionCallResolveNode::emitBytecode): - (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function - into a temporary register before evaluating our arguments, since argument - evaluation might include function calls or assignments that overwrite our callee by name. - -2012-01-11 Michael Saboff - - v8-regexp spends 35% of its time allocating and copying internal regexp results data - https://bugs.webkit.org/show_bug.cgi?id=76079 - - Reviewed by Geoffrey Garen. - - Added a new RegExpResults struct that has the input string, the number of - subexpressions and the output vector. Changed RegExpConstructor to - include a RegExpConstructorPrivate instead of having a reference to one. - Changed RegExpMatchesArray to include a RegExpResults instead of a - reference to a RegExpConstructorPrivate. Created an overloaded assignment - operator to assign a RegExpConstructorPrivate to a RegExpResults. - Collectively this change is worth 24% performance improvement to v8-regexp. - - * runtime/RegExpConstructor.cpp: - (JSC::RegExpResult::operator=): - (JSC::RegExpConstructor::RegExpConstructor): - (JSC::RegExpMatchesArray::RegExpMatchesArray): - (JSC::RegExpMatchesArray::finishCreation): - (JSC::RegExpMatchesArray::~RegExpMatchesArray): - (JSC::RegExpMatchesArray::fillArrayInstance): - (JSC::RegExpConstructor::arrayOfMatches): - (JSC::RegExpConstructor::getBackref): - (JSC::RegExpConstructor::getLastParen): - (JSC::RegExpConstructor::getLeftContext): - (JSC::RegExpConstructor::getRightContext): - (JSC::RegExpConstructor::setInput): - (JSC::RegExpConstructor::input): - (JSC::RegExpConstructor::setMultiline): - (JSC::RegExpConstructor::multiline): - * runtime/RegExpConstructor.h: - (JSC::RegExpResult::RegExpResult): - (JSC::RegExpConstructor::performMatch): - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::create): - (JSC::RegExpMatchesArray::getOwnPropertySlot): - (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): - (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): - (JSC::RegExpMatchesArray::put): - (JSC::RegExpMatchesArray::putByIndex): - (JSC::RegExpMatchesArray::deleteProperty): - (JSC::RegExpMatchesArray::deletePropertyByIndex): - (JSC::RegExpMatchesArray::getOwnPropertyNames): - -2012-01-11 Eugene Girard - - Typo in error message: Unexpected token 'defualt' - https://bugs.webkit.org/show_bug.cgi?id=75105 - - Reviewed by Simon Fraser. - - * parser/Parser.h: - (JSC::Parser::getTokenName): - -2012-01-11 Anders Carlsson - - Assertion failure in JSC::allocateCell trying to allocate a JSString - https://bugs.webkit.org/show_bug.cgi?id=76101 - - Reviewed by Adam Roben. - - Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and - export them explicitly using the JS_EXPORTDATA macro. - - member variables explicitly using - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/Executable.h: - * runtime/JSString.h: - -2012-01-10 Mark Rowe - - jsc should install directly in to versioned Resources subfolder - - This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT - as JavaScriptCore.framework or in to a different one. - - Rubber-stamped by Dan Bernstein. - - * Configurations/JSC.xcconfig: Update INSTALL_PATH. - -2012-01-10 Filip Pizlo - - DFG inlining block linking compares BlockIndex against bytecode index - https://bugs.webkit.org/show_bug.cgi?id=76018 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseCodeBlock): - -2012-01-10 Filip Pizlo - - CodeBlock.h declares too many things - https://bugs.webkit.org/show_bug.cgi?id=76001 - - Rubber stamped by Gavin Barraclough. - - Removed all non-CodeBlock type declarations from CodeBlock.h, and put them - into separate header files. Also removed all non-CodeBlock method implementations - from CodeBlock.cpp and put them into corresponding cpp files. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * assembler/RepatchBuffer.h: - * bytecode/CallLinkInfo.cpp: Added. - (JSC::CallLinkInfo::unlink): - * bytecode/CallLinkInfo.h: Added. - (JSC::CallLinkInfo::callTypeFor): - (JSC::CallLinkInfo::CallLinkInfo): - (JSC::CallLinkInfo::~CallLinkInfo): - (JSC::CallLinkInfo::isLinked): - (JSC::CallLinkInfo::seenOnce): - (JSC::CallLinkInfo::setSeen): - (JSC::getCallLinkInfoReturnLocation): - (JSC::getCallLinkInfoBytecodeIndex): - * bytecode/CallReturnOffsetToBytecodeOffset.h: Added. - (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset): - (JSC::getCallReturnOffset): - * bytecode/CodeBlock.cpp: - * bytecode/CodeBlock.h: - * bytecode/CodeType.h: Added. - * bytecode/ExpressionRangeInfo.h: Added. - * bytecode/GlobalResolveInfo.h: Added. - (JSC::GlobalResolveInfo::GlobalResolveInfo): - * bytecode/HandlerInfo.h: Added. - * bytecode/LineInfo.h: Added. - * bytecode/MethodCallLinkInfo.cpp: Added. - (JSC::MethodCallLinkInfo::reset): - * bytecode/MethodCallLinkInfo.h: Added. - (JSC::MethodCallLinkInfo::MethodCallLinkInfo): - (JSC::MethodCallLinkInfo::seenOnce): - (JSC::MethodCallLinkInfo::setSeen): - (JSC::getMethodCallLinkInfoReturnLocation): - (JSC::getMethodCallLinkInfoBytecodeIndex): - * bytecode/StructureStubInfo.h: - (JSC::getStructureStubInfoReturnLocation): - (JSC::getStructureStubInfoBytecodeIndex): - -2012-01-10 Anders Carlsson - - Hang opening movie that requires authentication - https://bugs.webkit.org/show_bug.cgi?id=75989 - - - Reviewed by Sam Weinig. - - * wtf/Functional.h: - Add function wrapper for a function that takes three parameters. - -2012-01-10 Filip Pizlo - - CodeBlock::m_numParameters should be encapsulated - https://bugs.webkit.org/show_bug.cgi?id=75985 - - - Reviewed by Oliver Hunt. - - Encapsulated CodeBlock::m_numParameters and hooked argument profile creation - into it. This appears to be performance neutral. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::CodeBlock): - (JSC::CodeBlock::setNumParameters): - (JSC::CodeBlock::addParameter): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::numParameters): - (JSC::CodeBlock::addressOfNumParameters): - (JSC::CodeBlock::offsetOfNumParameters): - (JSC::CodeBlock::numberOfArgumentValueProfiles): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): - (JSC::BytecodeGenerator::addParameter): - (JSC::BytecodeGenerator::emitReturn): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::AbstractState): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::ByteCodeParser): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::predictArgumentTypes): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::SpeculativeJIT): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::slideRegisterWindowForCall): - (JSC::Interpreter::dumpRegisters): - (JSC::Interpreter::execute): - (JSC::Interpreter::prepareForRepeatCall): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JITStubs.cpp: - (JSC::arityCheckFor): - (JSC::lazyLinkFor): - * runtime/Executable.cpp: - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - -2012-01-10 Gavin Barraclough - - Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935 - - Fix 32-bit builds. - - * runtime/JSArray.cpp: - (JSC::JSArray::getOwnPropertyNames): - (JSC::JSArray::setLength): - -2012-01-10 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-01-10 Gavin Barraclough - - Do not allow Array length to be set if it is non-configurable - https://bugs.webkit.org/show_bug.cgi?id=75935 - - Reviewed by Sam Weinig. - - Do not allow Array length to be set if it is non-configurable, and if the new - length is less than the old length then intervening properties should removed - in reverse order. Removal of properties should cease if an intervening indexed - property being removed is non-configurable. - - * JavaScriptCore.exp: - - Removed export for setLength. - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncConcat): - - JSArray::setLength now takes an ExecState* - (JSC::arrayProtoFuncSlice): - - JSArray::setLength now takes an ExecState* - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnProperty): - - JSArray::setLength now takes an ExecState* - (JSC::JSArray::put): - - JSArray::setLength now takes an ExecState* - (JSC::compareKeysForQSort): - - Keys extracted from the map can be stored as unsigneds. - (JSC::JSArray::getOwnPropertyNames): - - Keys extracted from the map can be stored as unsigneds. - (JSC::JSArray::setLength): - - Check lengthIsReadOnly(), rather than copying the entire map to iterate - over to determine which keys to remove, instead just copy the keys from - the map to a Vector. When inSparseMode sort the keys in the Vector so - that we can remove properties in reverse order. - * runtime/JSArray.h: - - JSArray::setLength now takes an ExecState* - -2012-01-10 Gavin Barraclough - - Use SameValue to compare property descriptor values - https://bugs.webkit.org/show_bug.cgi?id=75975 - - Reviewed by Sam Weinig. - - Rather than strictEqual. - - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnNumericProperty): - - Missing configurablePresent() check. - * runtime/JSObject.cpp: - (JSC::JSObject::defineOwnProperty): - - call sameValue. - * runtime/PropertyDescriptor.cpp: - (JSC::sameValue): - - Moved from JSArray.cpp, fix NaN comparison. - (JSC::PropertyDescriptor::equalTo): - - call sameValue. - * runtime/PropertyDescriptor.h: - - Added declaration for sameValue. -2012-01-09 Gavin Barraclough - - Error handling : in ISO8601 timezone - https://bugs.webkit.org/show_bug.cgi?id=75919 - - Reviewed by Sam Weinig. - - * wtf/DateMath.cpp: - (WTF::parseDateFromNullTerminatedCharacters): - - need to increment the string position. - -2012-01-09 Mark Rowe - - JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target - / - - We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit - dependencies prevent this. - - Reviewed by Dan Bernstein. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-01-09 Adam Treat - - Log is a little to verbose for blackberry port - https://bugs.webkit.org/show_bug.cgi?id=75728 - - The BlackBerry::Platform::Log* functions take care of the call to vfprintf - which is resulting in unintentional noise in our logs. Add a conditional - directive to fix. - - Change to using BlackBerry::Platform::logStreamV which does not insert - threading info and newlines unlike BlackBerry::Platform::log. - - Finally, add log locking and unlocking which the BlackBerry platform - uses to ensure that N threads do not trample on each other's logs. - - Reviewed by Rob Buis. - - * wtf/Assertions.cpp: - (WTFLogLocker::WTFReportAssertionFailure): - (WTFLogLocker::WTFReportAssertionFailureWithMessage): - (WTFLogLocker::WTFReportArgumentAssertionFailure): - (WTFLogLocker::WTFReportFatalError): - (WTFLogLocker::WTFReportError): - (WTFLogLocker::WTFLog): - (WTFLogLocker::WTFLogVerbose): - -2012-01-09 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75789 - defineOwnProperty not implemented for Array objects - - Reviewed by Sam Weinig. - - Implements support for getter/setter & non-default attribute properties on arrays, - by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262 - test failures. - - * JavaScriptCore.exp: - - Updated exports. - * dfg/DFGOperations.cpp: - - JSArray::pop now requires an exec state. - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncPop): - - JSArray::pop now requires an exec state. - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::add): - - Add a potentially empty entry into the map. - (JSC::SparseArrayValueMap::put): - - Changed to call setter. - (JSC::SparseArrayEntry::get): - - calls getters. - (JSC::SparseArrayEntry::getNonSparseMode): - - does not call getters. - (JSC::JSArray::enterSparseMode): - - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated. - (JSC::JSArray::putDescriptor): - - Create a numeric property based on a descriptor. - (JSC::sameValue): - - See ES5.1 9.12. - (JSC::reject): - - Helper for the [[DefineOwnProperty]] algorithm. - (JSC::JSArray::defineOwnNumericProperty): - - Define an indexed property on an array object. - (JSC::JSArray::setLengthWritable): - - Marks the length read-only, enters SparseMode as necessary. - (JSC::JSArray::defineOwnProperty): - - Defines either an indexed property or 'length' on an array object. - (JSC::JSArray::getOwnPropertySlotByIndex): - - Updated to correctly handle accessor descriptors & attributes. - (JSC::JSArray::getOwnPropertyDescriptor): - - Updated to correctly handle accessor descriptors & attributes. - (JSC::JSArray::put): - - Pass strict mode flag to setLength. - (JSC::JSArray::putByIndex): - - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. - (JSC::JSArray::putByIndexBeyondVectorLength): - - Pass exec to SparseArrayValueMap::put. - (JSC::JSArray::deletePropertyByIndex): - - Do not allow deletion of non-configurable properties. - (JSC::compareKeysForQSort): - - used in implementation of getOwnPropertyNames. - (JSC::JSArray::getOwnPropertyNames): - - Properties in the sparse map should be iterated in order. - (JSC::JSArray::setLength): - - Updated to take a 'shouldThrow' flag, return a result indicating error. - (JSC::JSArray::pop): - - pop should throw an error if length is not writable, even if the array is empty. - (JSC::JSArray::push): - - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. - (JSC::JSArray::sort): - - Changed 'get' to 'getNonSparseMode' (can't be getters to call). - (JSC::JSArray::compactForSorting): - - Changed 'get' to 'getNonSparseMode' (can't be getters to call). - * runtime/JSArray.h: - (JSC::SparseArrayValueMap::lengthIsReadOnly): - - Check if the length is read only. - (JSC::SparseArrayValueMap::setLengthIsReadOnly): - - Mark the length as read only. - (JSC::SparseArrayValueMap::find): - - Moved into header. - (JSC::JSArray::isLengthWritable): - - Wraps SparseArrayValueMap::lengthIsReadOnly. - * runtime/JSObject.cpp: - (JSC::JSObject::defineOwnProperty): - - Should be returning the result of putDescriptor. - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::attributesOverridingCurrent): - - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride. - * runtime/PropertyDescriptor.h: - - Added attributesOverridingCurrent. - -2012-01-09 Pavel Heimlich - - There is no support for fastcall in Solaris Studio. - Fixes build on Solaris. - https://bugs.webkit.org/show_bug.cgi?id=75736 - - Reviewed by Gavin Barraclough. - - * jit/JITStubs.h: - -2012-01-09 Pavel Heimlich - - Fix build failure on Solaris - https://bugs.webkit.org/show_bug.cgi?id=75733 - - Reviewed by Gavin Barraclough. - - * wtf/ByteArray.h: - -2012-01-01 Raphael Kubo da Costa - - [CMake] Clean up some cruft from WTF's CMakeLists.txt - https://bugs.webkit.org/show_bug.cgi?id=75420 - - Reviewed by Daniel Bates. - - * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add - all needed paths to WTF_INCLUDE_DIRECTORIES in a single place. - -2012-01-08 Xianzhu Wang - - Fix compilation error about ListHashSetReverseIterator - https://bugs.webkit.org/show_bug.cgi?id=75372 - - Reviewed by Darin Adler. - - There is a typo in class ListHashSetReverseIterator: - typedef ListHashSetConstIterator const_reverse_iterator; - Should be - typedef ListHashSetConstReverseIterator const_reverse_iterator; - - * wtf/ListHashSet.h: - -2012-01-08 Ryosuke Niwa - - WinCE build fix after r104415. - - * jit/JITExceptions.cpp: - * jit/JITExceptions.h: - -2012-01-08 Filip Pizlo - - The JIT's protocol for exception handling should be available to other parts of the system - https://bugs.webkit.org/show_bug.cgi?id=75808 - - - Reviewed by Oliver Hunt. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * jit/JITExceptions.cpp: Added. - (JSC::genericThrow): - (JSC::jitThrow): - * jit/JITExceptions.h: Added. - * jit/JITStubs.cpp: - * runtime/JSGlobalData.h: - -2012-01-06 Hajime Morrita - - https://bugs.webkit.org/show_bug.cgi?id=75296 - JSString should not have JS_EXPORTCLASS annotation - - Reviewed by Kevin Ollivier. - - * runtime/JSString.h: Removed JS_EXPORTCLASS annotation. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - Added missing symbols which were hidden by JS_EXPORTCLASS. - -2012-01-06 Michael Saboff - - JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound() - https://bugs.webkit.org/show_bug.cgi?id=75757 - - Reviewed by Gavin Barraclough. - - * runtime/JSArray.cpp: - (JSC::JSArray::pop): Changed map->end() to map->notFound(). - -2012-01-06 Filip Pizlo - - JIT stub slow paths that would be identical to that of an interpreter should be factored out - https://bugs.webkit.org/show_bug.cgi?id=75743 - - - Reviewed by Geoff Garen. - - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * runtime/CommonSlowPaths.h: Added. - (JSC::CommonSlowPaths::opInstanceOfSlow): - (JSC::CommonSlowPaths::opIn): - (JSC::CommonSlowPaths::opResolve): - (JSC::CommonSlowPaths::opResolveSkip): - (JSC::CommonSlowPaths::opResolveWithBase): - (JSC::CommonSlowPaths::opResolveWithThis): - -2012-01-06 Sam Weinig - - Fix windows build. - - * wtf/TypeTraits.cpp: - -2012-01-05 Michael Saboff - - Default HashTraits for Opcode don't work for Opcode = 0 - https://bugs.webkit.org/show_bug.cgi?id=75595 - - Reviewed by Oliver Hunt. - - Removed the populating of the m_opcodeIDTable table in the - case where the OpcodeID and Opcode are the same (m_enabled is false). - Instead we just cast the one type to the other. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::initialize): - (JSC::Interpreter::isOpcode): - * interpreter/Interpreter.h: - (JSC::Interpreter::getOpcodeID): - -2012-01-06 Sam Weinig - - Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr - https://bugs.webkit.org/show_bug.cgi?id=75737 - - Reviewed by Anders Carlsson. - - * wtf/TypeTraits.cpp: - * wtf/TypeTraits.h: - Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray - is composed of some helpers which are also exposed, Conditional<>, which - can provide one type or another based on a boolean predicate, IsArray<> - which can deduce array types, and RemoveExtent<>, which removes the extent - from an array type. - -2012-01-06 Oliver Hunt - - GetByteArrayLength is incorrect - https://bugs.webkit.org/show_bug.cgi?id=75735 - - Reviewed by Filip Pizlo. - - Load the byte array length from the correct location. - This stops an existing test from hanging. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-01-06 Filip Pizlo - - Fix build. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-01-06 Oliver Hunt - - DFG no longer optimises CanvasPixelArray - https://bugs.webkit.org/show_bug.cgi?id=75729 - - Reviewed by Gavin Barraclough. - - Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match - the future name when we switch over to the new typed-array based - ImageData specification. - - * runtime/JSByteArray.cpp: - -2012-01-06 Caio Marcelo de Oliveira Filho - - Use HashMap for SourceProviderCache items - https://bugs.webkit.org/show_bug.cgi?id=75346 - - Reviewed by Daniel Bates. - - * parser/Parser.cpp: - * parser/SourceProviderCache.cpp: - (JSC::SourceProviderCache::clear): - (JSC::SourceProviderCache::add): - * parser/SourceProviderCache.h: - -2012-01-06 Sam Weinig - - Remove unused OwnFastMallocPtr class. - https://bugs.webkit.org/show_bug.cgi?id=75722 - - Reviewed by Geoffrey Garen. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/CMakeLists.txt: - * wtf/OwnFastMallocPtr.h: Removed. - * wtf/text/StringImpl.h: - * wtf/wtf.pro: - -2012-01-06 Benjamin Poulain - - [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates - https://bugs.webkit.org/show_bug.cgi?id=75631 - - Reviewed by Andreas Kling. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-01-06 Eric Seidel and Gustavo Noronha Silva - - Make the new WTF module build on Gtk - https://bugs.webkit.org/show_bug.cgi?id=75669 - - * GNUmakefile.am: - -2012-01-06 Tor Arne Vestbø - - [Qt] Remove un-needed VPATHs from project includes - - Reviewed by Simon Hausmann. - - * JavaScriptCore.pri: - * wtf/wtf.pri: - -2012-01-06 Tor Arne Vestbø - - [Qt] Move listing of include paths and libs to pri files in sources - - Includepaths are sometimes modified by non-Qt contributors so keeping - them in files inside Sources makes it more likely that they are updated - along with project files for the other ports. - - Using pri files instead of prf files for this also has the benefit that - the include() from the main target file can be parsed and followed by - Qt Creator -- something that does not work with load(). - - Dependency from a target to a library through the WEBKIT variable are - handled through forwarding-files in Tools/qmake/mkspecs/modules, which - set the source root of the module and include the right pri file. - - Ideally we'd use the variant of include() that takes an optional - namespace to read the variables into, or the fromfile() function, - but both of these add an overhead of about 40% on the total qmake - runtime, due to making a deep copy of all the variables in the - project or re-reading all the prf files from scratch. - - Reviewed by Simon Hausmann. - Reviewed by Ossy. - - * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf. - * Target.pri: - * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf. - * wtf/wtf.pro: - -2012-01-06 Hajime Morrita - - WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE - https://bugs.webkit.org/show_bug.cgi?id=75612 - - Reviewed by Kevin Ollivier. - - * wtf/text/WTFString.h: - (WTF::String::findIgnoringCase): - (WTF::String::append): - (WTF::String::fromUTF8): - (WTF::String::fromUTF8WithLatin1Fallback): - (WTF::String::isHashTableDeletedValue): - -2012-01-05 Dan Bernstein - - Update copyright strings - - Reviewed by Mark Rowe. - - * Info.plist: - -2012-01-05 Gavin Barraclough - - Date constructor handles infinite values incorrectly. - https://bugs.webkit.org/show_bug.cgi?id=70998 - - Reviewed by Filip Pizlo. - - * runtime/DateConstructor.cpp: - (JSC::constructDate): - - should be checking !finite rather then isnan. - -2012-01-05 Gavin Barraclough - - date.toISOString produces incorrect results for dates with ms prior to 1970 - https://bugs.webkit.org/show_bug.cgi?id=75684 - - Reviewed by Sam Weinig. - - * runtime/DatePrototype.cpp: - (JSC::dateProtoFuncToISOString): - -2012-01-05 Gavin Barraclough - - Array.prototype.lastIndexOf ignores undefined fromIndex. - https://bugs.webkit.org/show_bug.cgi?id=75678 - - Reviewed by Sam Weinig. - - array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x) - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncLastIndexOf): - - should check argumnet count, rather than checking agument value for undefined. - -2012-01-05 Gavin Barraclough - - Date parsing is too restrictive. - https://bugs.webkit.org/show_bug.cgi?id=75671 - - Reviewed by Oliver Hunt. - - ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15). - The spec allow a date to be date only, or date + time. - - The date portion on the should match: (pseudocode!:) - [(+|-)YY]YYYY[-MM[-DD]] - though we are slightly more liberal (permitted by the spec), allowing: - [+|-]Y+[-MM[-DD]] - The time portion should match: - THH:mm[:ss[.sss]][Z|(+|-)HH:mm] - again we're slightly more liberal, allowing: - THH:mm[:ss[.s+]][Z|(+|-)HH:mm] - - * wtf/DateMath.cpp: - (WTF::parseES5DatePortion): - - Month/day fields are optional, default to 01. - (WTF::parseES5TimePortion): - - Hours/Minutes are requires, seconds/timezone are optional. - (WTF::parseES5DateFromNullTerminatedCharacters): - - Dates may be date only, or date + time. - -2012-01-05 Bruno Dilly - - [EFL] Undefined references to ICU_I18N symbols on WTF - https://bugs.webkit.org/show_bug.cgi?id=75642 - - Unreviewed build fix. - - Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake. - Some undefined references were ucol_setAttribute_44, ucol_close_44, - ucol_getAttribute_44... - - * wtf/PlatformEfl.cmake: - -2012-01-05 Geoffrey Garen - - Refined the fast path for StringImpl::hash() - https://bugs.webkit.org/show_bug.cgi?id=75178 - - Reviewed by Darin Adler. - - Moved the hash calculation code into an out-of-line function to clean up - the hot path. - - No measurable benchmark change, but this knocks some samples off in - Instruments, and I think this is a step toward removing -fomit-frame-pointer. - - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::hashSlowCase): - * wtf/text/StringImpl.h: - (WTF::StringImpl::hash): The patch. - - * wtf/text/StringStatics.cpp: - (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build - scheme, which requires all out-of-line StringImpl functions used by - WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.) - -2012-01-05 Gavin Barraclough - - Literal tab in JSONString fails - https://bugs.webkit.org/show_bug.cgi?id=71772 - - Reviewed by Oliver Hunt. - - rfc4627 does not allow literal tab characters in JSON source. - - * runtime/LiteralParser.cpp: - (JSC::isSafeStringCharacter): - - do not allow literal tab in StrictJSON mode. - -2012-01-05 Gavin Barraclough - - push/shift fifo may consume excessive memory - https://bugs.webkit.org/show_bug.cgi?id=75610 - - Reviewed by Sam Weinig. - - Array object commonly store data in a vector, consisting of a portion that is - in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between - m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and - the current algorithm for increaseVectorLength (used by push, or [[Put]]) will - never shrink the pre-capacity, so a push/shift fifo may consume an inordinate - amount of memory, whilst having a relatively small active length. - - * runtime/JSArray.cpp: - (JSC::JSArray::increaseVectorLength): - - If m_indexBias is non-zero, decay it over time. - -2012-01-05 Csaba Osztrogonác - - unshift/pop fifo may consume excessive memory - https://bugs.webkit.org/show_bug.cgi?id=75588 - - Reviewed by Zoltan Herczeg. - - Buildfix after r104120. - - * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true - (JSC::JSArray::unshiftCount): - -2012-01-05 Zoltan Herczeg - - Unreviewed gardening after r104134. - - * wtf/Assertions.cpp: - -2012-01-05 Zoltan Herczeg - - Unreviewed gardening after r75605. - - Rubber stamped by NOBODY Csaba Osztrogonác. - - * wtf/Assertions.cpp: - -2012-01-05 Benjamin Poulain - - Improve charactersAreAllASCII() to compare multiple characters at a time - https://bugs.webkit.org/show_bug.cgi?id=74063 - - Reviewed by Darin Adler. - - A new header ASCIIFastPath.h contains the functions related to - the detection of ASCII by using machine words. Part of it comes from - WebCore's TextCodecASCIIFastPath.h. - - The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h - and is implemented with computer word comparison. - The gain over the previous implementation of charactersAreAllASCII() is of - the order of how many comparison are avoided (4x, 8x, 16x depending on the - format and the CPU type). - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/text/ASCIIFastPath.h: Added. - (WTF::isAlignedToMachineWord): - (WTF::alignToMachineWord): - (WTF::isAllASCII): - (WTF::charactersAreAllASCII): - * wtf/text/WTFString.h: - * wtf/wtf.pro: - -2012-01-05 Mark Rowe - - [Mac] WTF logging functions should output to both stderr and ASL - - We should always log to both ASL and stderr on platforms where this won't result in launchd - duplicating the messages. - - Reviewed by Dan Bernstein. - - * wtf/Assertions.cpp: - (vprintf_stderr_common): - -2012-01-05 Mark Rowe - - WTF logging functions should call vprintf_stderr_common only once per line - - Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a - single line of text. This results in strangely formatted output if vprintf_stderr_common is - retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented - like stderr. - - Reviewed by Dan Bernstein. - - * wtf/Assertions.cpp: - (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format - string before handing it off to vprintf_stderr_common. This requires disabling warnings about - calling a printf-like function with a non-literal format string for this piece of code. It's - safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix. - (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the - given format string if one does not already exist. It requires the same treatment with regards - to the non-literal format string warning. - (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix. - (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common. - (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix. - (WTFReportError): Ditto. - (WTFLog): Switch to using vprintf_stderr_with_trailing_newline. - (WTFLogVerbose): Ditto. - -2012-01-04 Gavin Barraclough - - unshift/pop fifo may consume excessive memory - https://bugs.webkit.org/show_bug.cgi?id=75588 - - Reviewed by Sam Weinig. - - The Array object commonly store data in a vector, consisting of a portion that - is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between - m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the - current algorithm for increasePrefixVectorLength (used by unshift) will never - stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount - of memory, whilst having a relatively small active length. - - * runtime/JSArray.cpp: - (JSC::storageSize): - - sizeof(JSValue) should be sizeof(WriteBarrier) - (JSC::SparseArrayValueMap::put): - - sizeof(JSValue) should be sizeof(WriteBarrier) - (JSC::JSArray::increaseVectorLength): - - sizeof(JSValue) should be sizeof(WriteBarrier) - (JSC::JSArray::unshiftCountSlowCase): - - renamed from increaseVectorPrefixLength (this was a bad name, since it - also moved the ArrayStorage header), rewritten. - (JSC::JSArray::shiftCount): - - sizeof(JSValue) should be sizeof(WriteBarrier), count should be unsigned - (JSC::JSArray::unshiftCount): - - sizeof(JSValue) should be sizeof(WriteBarrier), count should be unsigned, - increaseVectorPrefixLength renamed to unshiftCountSlowCase - (JSC::JSArray::sortNumeric): - * runtime/JSArray.h: - - Updated function declarations, m_indexBias should be unsigned. - -2012-01-04 Mark Rowe - - All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments - - Since JSC::Arguments has an OwnPtr for a member it needs to override destroy - to ensure that the correct destructor is invoked. This is necessary because - JSCell subclasses all intentionally have non-virtual destructors. - - Reviewed by Filip Pizlo. - - * runtime/Arguments.cpp: - (JSC::Arguments::destroy): - * runtime/Arguments.h: - -2012-01-04 Filip Pizlo - - Unreviewed, accidentally turned off the JIT in previous commit. Turning - it back on. - - * wtf/Platform.h: - -2012-01-04 Filip Pizlo - - Changed "return" to "break" in some macrology I introduced in - http://trac.webkit.org/changeset/104086. This is a benign change, as - "return" was technically correct for all uses of the macro. - - Reviewed by Oliver Hunt. - - * dfg/DFGGraph.cpp: - * wtf/Platform.h: - -2012-01-04 Michael Saboff - - StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset - https://bugs.webkit.org/show_bug.cgi?id=75583 - - Reviewed by Filip Pizlo. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding - StructureStubInfo and reset the appropriate JIT and - the StructureStubInfo itself when reseting a MethodCallLinkInfo. - -2012-01-04 Michael Saboff - - Invalid ASSERT() in DFGRepatch.cpp near line 385 - https://bugs.webkit.org/show_bug.cgi?id=75584 - - Reviewed by Filip Pizlo. - - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==. - -2012-01-04 Filip Pizlo - - Incorrect use of DFG node reference counts when mutating the graph - https://bugs.webkit.org/show_bug.cgi?id=75580 - - - Reviewed by Oliver Hunt. - - Made deref(node) follow the pattern of ref(node), which it should have - to begin with. - - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::refChildren): - (JSC::DFG::Graph::derefChildren): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::deref): - (JSC::DFG::Graph::clearAndDerefChild1): - (JSC::DFG::Graph::clearAndDerefChild2): - (JSC::DFG::Graph::clearAndDerefChild3): - * dfg/DFGNode.h: - (JSC::DFG::Node::deref): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::fixupNode): - -2012-01-04 Tor Arne Vestbø - - [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies - - The custom qmake variable 'WEBKIT' is used for signaling that a - target depends in some way on other subproject of the WebKit - project. For now this is limited to the set of intermediate - libraries: wtf, javascriptcore, webcore, and webkit2. - - This replaces the previous convension of using load(foo) for - just include paths, and CONFIG += foo to also link against foo. - - Adding a dependency results in additional include paths being - available, and potentially linking to the library. This is - decided by the build system based on conditions such as what - kind of target is being built and the general build config. - - An advantage to his approach is that it simplifies the individual - foo.prf files, for example by allowing us to use INCLUDEPATH += - and LIBS += as normal instead of prepending. - - Reviewed by Simon Hausmann. - - * Target.pri: - * jsc.pro: - * wtf/wtf.pro: - -2012-01-03 Filip Pizlo - - DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong - https://bugs.webkit.org/show_bug.cgi?id=75516 - - - Reviewed by Gavin Barraclough. - - Removed the offending assertion, since it was wrong. Also hardened the code to make - this case less likely by first having the propagator fixpoint converge, and then doing - double voting combined with a second fixpoint. This is neutral on benchmarks and - fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double - until we've converged to the conclusion that it really is double). - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagatePredictions): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): - -2012-01-03 Filip Pizlo - - REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds - https://bugs.webkit.org/show_bug.cgi?id=75303 - - - Reviewed by Gavin Barraclough. - - The this argument was not being kept alive in some cases during inlining and intrinsic - optimizations. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::emitFunctionCheck): - (JSC::DFG::ByteCodeParser::handleInlining): - -2012-01-03 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-01-03 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-01-03 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75140 - - Reviewed by Sam Weinig. - - Rewrite JSArray::putSlowCase to be much cleaner & simpler. - - This rewrite only significantly changes behaviour for sparse array, specifically - in how sparse arrays are reified back to vector form. This does not affect arrays - with less than 10000 entries (since these always use a vector). The more common - cases of sparse array behavior (though large sparse arrays are rare) - arrays that - always remain sparse, and arrays that are filled in reverse sequential order - - should be just as fast or faster (since reification is simpler & no longer - requires map lookups) after these changes. - - Simplifying this code allows all cases of putByIndex that need to grow the vector - to do so via increaseVectorLength, which means that this method can encapsulate - the policy of determining how the vector should be grown. - - No performance impact. - - * runtime/JSArray.cpp: - (JSC::isDenseEnoughForVector): - - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector. - (JSC::JSArray::putByIndex): - - simplify & comment. - (JSC::JSArray::putByIndexBeyondVectorLength): - - Re-written to be much clearer & simpler. - (JSC::JSArray::increaseVectorLength): - (JSC::JSArray::increaseVectorPrefixLength): - - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so. - (JSC::JSArray::push): - - simplify & comment. - * runtime/JSArray.h: - - removed SparseArrayValueMap::take. - -2012-01-03 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-01-03 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75140 - - Reviewed by Sam Weinig. - - Simplify JSArray creation - remove ArgsList/JSValue* create methods - (this functionality can be implemented in terms of tryCreateUninitialized). - - * JavaScriptCore.exp: - * runtime/ArrayConstructor.cpp: - - use constructArray/constructEmptyArray instead of calling JSArray::create directly - (JSC::constructArrayWithSizeQuirk): - * runtime/JSArray.cpp: - * runtime/JSArray.h: - - removed ArgsList/JSValue* create methods - * runtime/JSGlobalObject.h: - (JSC::constructEmptyArray): - (JSC::constructArray): - - changed to be implemented in terms of JSArray::tryCreateUninitialized - -2012-01-03 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75429 - ThrowTypeError should be a singleton object - - Reviewed by Sam Weinig. - - Per section 13.2.3 of the spec. - We could change setAccessorDescriptor to be able to share the global - GetterSetter object, rather than storing the accessor functions and - creating a new GetterSetter in defineProperty - but this won't be a - small change to PropertyDescriptors (and would probably mean making - GetterSetter objects immutable?) - so I'll leave that for another - patch. - - * JavaScriptCore.exp: - - don't export setAccessorDescriptor - * runtime/Arguments.cpp: - (JSC::Arguments::createStrictModeCallerIfNecessary): - (JSC::Arguments::createStrictModeCalleeIfNecessary): - - call throwTypeErrorGetterSetter instead of createTypeErrorFunction - * runtime/Error.cpp: - * runtime/Error.h: - - remove createTypeErrorFunction - * runtime/JSFunction.cpp: - * runtime/JSFunction.h: - - remove unused createDescriptorForThrowingProperty - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - (JSC::JSGlobalObject::visitChildren): - - removed m_strictModeTypeErrorFunctionStructure. - * runtime/JSGlobalObject.h: - (JSC::JSGlobalObject::internalFunctionStructure): - - removed m_strictModeTypeErrorFunctionStructure. - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::setAccessorDescriptor): - - changed to take a GetterSetter - * runtime/PropertyDescriptor.h: - - changed to take a GetterSetter - -2012-01-02 Gavin Barraclough - - Check in fixes for jsc tests following bug #75455. - - * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js: - * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js: - -2012-01-02 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75452 - If argument to Error is undefined, message is not set - - Reviewed by Sam Weinig. - - Per section 15.11.1.1 of the spec. - - * runtime/ErrorInstance.h: - (JSC::ErrorInstance::create): - (JSC::ErrorInstance::finishCreation): - -2012-01-02 Gavin Barraclough - - ES5 prohibits parseInt from supporting octal - https://bugs.webkit.org/show_bug.cgi?id=75455 - - Reviewed by Sam Weinig. - - See sections 15.1.2.2 and annex E. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::parseInt): - -2012-01-02 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=55343 - Global JSON should be configurable but isn't - - Reviewed by Sam Weinig. - - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - - make JSON configurable - -2012-01-01 Filip Pizlo - - Call instructions should leave room for linking information - https://bugs.webkit.org/show_bug.cgi?id=75422 - - - Reviewed by Oliver Hunt. - - * bytecode/Opcode.h: - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitConstruct): - -2011-12-31 Dan Bernstein - - Continue trying to fix the Windows build after r103823. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2011-12-31 Dan Bernstein - - Start trying to fix the Windows build after r103823. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2011-12-30 Anders Carlsson - - Add a ParamStorageTraits specialization for RetainPtr - https://bugs.webkit.org/show_bug.cgi?id=75392 - - Reviewed by Daniel Bates. - - * wtf/Functional.h: - Add a partial specialization of ParamStorageTraits for RetainPtr. - - * wtf/RetainPtr.h: - Bring in the retainPtr function template from WTF. - -2011-12-29 Sam Weinig - - It should be easier to iterate a Vector backwards - https://bugs.webkit.org/show_bug.cgi?id=75359 - - Reviewed by Anders Carlsson. - - Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(), - a new proxy driven way to access a vector backwards. One can use - reversed() in a range-based for loop like so: - - for (auto val: myVector.reversed()) - doSomething(val) - - * wtf/Vector.h: - (WTF::Vector::~Vector): - Fix style. - - (WTF::Vector::rbegin): - (WTF::Vector::rend): - Added using standard adaptor std::reverse_iterator. - - (WTF::Vector::reversed): - (WTF::Vector::VectorReverseProxy::begin): - (WTF::Vector::VectorReverseProxy::end): - Add proxy similar to one used in HashMap for keys() and values() - which allows access to a Vector backwards for use in range-based - for loops. - -2011-12-29 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75140 - - Reviewed by Oliver Hunt. - - Start cleaning up JSArray construction. JSArray has a set of create methods, - one of which (currently) takes a 'creation mode' enum parameter. Based on that - parameter, the constructor does one of two completely different things. If the - parameter is 'CreateInitialized' it creates an array, setting the length, but - does not eagerly allocate a storage vector of the specified length. A small - (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property - access to the vector will read the hole value (return undefined). The alternate - usage of this method ('CreateCompact') does something very different. It tries - to create an array of the requested length, and also allocates a storage vector - large enough to hold all properties. It does not clear the storage vector, - leaving the memory uninitialized and requiring the user to call a method - 'uncheckedSetIndex' to initialize values in the vector. - - This patch factors out these two behaviours, moving the 'CreateCompact' mode - into its own method, 'tryCreateUninitialized' (matching the naming for this - functionality in the string classes). 'tryCreateUninitialized' may return 0 if - memory allocation fails during construction of the object. The construction - pattern changes such that values added during initialization will be marked if - a GC is triggered during array allocation. 'CreateInitialized' no longer need - be passed to create a normal, fully constructed array with a length, and this - method is merged with the version of 'create' that does not take an initial - length (length parameter defaults to 0). - - * JavaScriptCore.exp: - * runtime/ArrayConstructor.cpp: - (JSC::constructArrayWithSizeQuirk): - - removed 'CreateInitialized' argument - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncSplice): - - changed to call 'tryCreateUninitialized' - * runtime/FunctionPrototype.cpp: - (JSC::functionProtoFuncBind): - - changed to call 'tryCreateUninitialized' - * runtime/JSArray.cpp: - (JSC::JSArray::JSArray): - - initialize m_storage to null; if construction fails, make destruction safe - (JSC::JSArray::finishCreation): - - merge versions of this method, takes an initialLength parameter defaulting to zero - (JSC::JSArray::tryFinishCreationUninitialized): - - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0 - (JSC::JSArray::~JSArray): - - check for null m_storage, in case array construction failed. - (JSC::JSArray::increaseVectorPrefixLength): - * runtime/JSArray.h: - (JSC::JSArray::create): - - merge versions of this method, takes an initialLength parameter defaulting to zero - (JSC::JSArray::tryCreateUninitialized): - - version of 'create' that tries to eagerly allocate storage; may fail & return 0 - (JSC::JSArray::initializeIndex): - (JSC::JSArray::completeInitialization): - - used in conjunction with 'tryCreateUninitialized' to initialize the array - * runtime/JSGlobalObject.h: - (JSC::constructEmptyArray): - - removed 'CreateInitialized' argument - * runtime/RegExpConstructor.cpp: - (JSC::RegExpMatchesArray::finishCreation): - - removed 'CreateInitialized' argument - -2011-12-29 Anders Carlsson - - Add a retainPtr function template - https://bugs.webkit.org/show_bug.cgi?id=75365 - - Reviewed by Dan Bernstein. - - This makes it easier to make a RetainPtr using template argument deduction, which - is useful when passing RetainPtr objects as function arguments. - - * wtf/RetainPtr.h: - (WTF::retainPtr): - -2011-12-28 Yuqiang Xian - - spill unboxed values in DFG 32_64 - https://bugs.webkit.org/show_bug.cgi?id=75291 - - Reviewed by Filip Pizlo. - - Currently all the values are spilled as boxed in DFG 32_64, which is - not necessary and introduces additional stores/loads. Instead we - can spill them as unboxed if feasible. It can be applied to the - Integers, Cells and Booleans in DFG 32_64. Doubles are left as is - because they don't need to be boxed at all. The modifications to the - spill/fill and the OSR exit are required, as well as a bug fix to the - "isUnknownJS" logic. - - * bytecode/ValueRecovery.h: - (JSC::ValueRecovery::displacedInRegisterFile): - (JSC::ValueRecovery::virtualRegister): - (JSC::ValueRecovery::dump): - * dfg/DFGGenerationInfo.h: - (JSC::DFG::GenerationInfo::isUnknownJS): - (JSC::DFG::GenerationInfo::spill): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::isKnownNotBoolean): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::silentFillGPR): - (JSC::DFG::SpeculativeJIT::spill): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::fillInteger): - (JSC::DFG::SpeculativeJIT::fillDouble): - (JSC::DFG::SpeculativeJIT::fillJSValue): - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-28 Anders Carlsson - - Add an implicit block conversion operator to WTF::Function - https://bugs.webkit.org/show_bug.cgi?id=75325 - - Reviewed by Dan Bernstein. - - * wtf/Compiler.h: - Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation - is buggy, especially when it comes to C++. - - * wtf/Functional.h: - Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed. - -2011-12-27 Anders Carlsson - - Add a new WTF::bind overload that takes 6 parameters - https://bugs.webkit.org/show_bug.cgi?id=75287 - - Reviewed by Sam Weinig. - - * wtf/Functional.h: - -2011-12-27 Sam Weinig - - Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro - https://bugs.webkit.org/show_bug.cgi?id=75268 - - Reviewed by Anders Carlsson. - - * wtf/Compiler.h: - Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). - - * wtf/Noncopyable.h: - Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). - - * wtf/NullPtr.cpp: - * wtf/NullPtr.h: - Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR). - - * wtf/RefPtr.h: - * wtf/RetainPtr.h: - Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR). - -2011-12-27 Anders Carlsson - - Misc fixes and cleanups in Functional.h - https://bugs.webkit.org/show_bug.cgi?id=75281 - - Reviewed by Andreas Kling. - - - Reformat template declarations so that the class begins on a new line. - - Change the parameter template parameters to start at P1 instead of P0. - - Add function wrappers and bind overloads for 4 and 5 parameter functions. - - Change the Function call operator to be const so const functions can be called. - - * wtf/Functional.h: - -2011-12-27 Tony Chang - - [chromium] Minor cleanup of gyp files. - https://bugs.webkit.org/show_bug.cgi?id=75269 - - Reviewed by Adam Barth. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed - and vim/emacs specific hooks should be added by the user. - -2011-12-27 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75260 - Null name for host function can result in dereference of uninitialize memory - - Reviewed by Filip Pizlo. - - This is a recent regression in ToT, if the name passed to finishCreation of a host function is null, - we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the - aspect of the change that introduced the issue. It might be better if functions that don't have a - name don't have this property at all, but that's change should be separate from fixing the bug. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::finishCreation): - - Always initialize the name property. - -2011-12-27 Anders Carlsson - - Function should handle wrapping/unwrapping RefPtr and PassRefPtr - https://bugs.webkit.org/show_bug.cgi?id=75266 - - Reviewed by Sam Weinig. - - Add ParamStorageTraits that can be used for deciding how bound parameters should be stored - and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn. - For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking. - - * wtf/Functional.h: - (WTF::ParamStorageTraits::wrap): - (WTF::ParamStorageTraits::unwrap): - -2011-12-27 Tony Chang - - [chromium] really enable wpo for WebCore libs and for WTF - https://bugs.webkit.org/show_bug.cgi?id=75264 - - Reviewed by Adam Barth. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr. - -2011-12-26 Gavin Barraclough - - Errk! OS X build fix. - - * JavaScriptCore.exp: - -2011-12-26 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/JSObject.h: - -2011-12-26 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75231 - Fail to throw in strict mode on assign to read only static properties - - Reviewed by Filip Pizlo. - - There are three bugs here: - * symbolTablePut should throw for strict mode accesses. - * lookupPut should throw for strict mode accesses. - * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties. - - * runtime/JSActivation.cpp: - (JSC::JSActivation::symbolTablePut): - (JSC::JSActivation::put): - * runtime/JSActivation.h: - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::put): - * runtime/JSStaticScopeObject.cpp: - (JSC::JSStaticScopeObject::put): - * runtime/JSVariableObject.h: - (JSC::JSVariableObject::symbolTablePut): - * runtime/Lookup.h: - (JSC::lookupPut): - * runtime/NumberConstructor.cpp: - (JSC::NumberConstructor::put): - * runtime/NumberConstructor.h: - -2011-12-26 Gavin Barraclough - - Fix miss-commit of utf8 change. - - Reviewed by Filip Pizlo - - Eeep, patch as landed a while ago had no effect! - acidentally landed - modified version of patch used for performance testing. - - (This isn't covered by layout tests because layour tests don't use jsc, - and the tests/mozilla tests use latin1, which was already supported!) - - Landing changes as intended (and as originally reviewed). - - * jsc.cpp: - (jscSource): - -2011-12-26 Filip Pizlo - - Unreviewed build fix for ARMv7. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::load16Signed): - (JSC::MacroAssemblerARMv7::load8Signed): - -2011-12-26 Hajime Morrita - - Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE - https://bugs.webkit.org/show_bug.cgi?id=74990 - - Reviewed by Kevin Ollivier. - - * runtime/JSExportMacros.h: Removed JS_INLINE - * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE - -2011-12-24 Filip Pizlo - - The ArgumentCount field in the CallFrame should have its tag left blank for other uses - https://bugs.webkit.org/show_bug.cgi?id=75199 - - - - Reviewed by Oliver Hunt. - - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * interpreter/CallFrame.h: - (JSC::ExecState::argumentCountIncludingThis): - (JSC::ExecState::setArgumentCountIncludingThis): - * interpreter/Register.h: - (JSC::Register::unboxedInt32): - (JSC::Register::unboxedBoolean): - (JSC::Register::unboxedCell): - (JSC::Register::payload): - (JSC::Register::tag): - * jit/JITCall.cpp: - (JSC::JIT::compileOpCall): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileLoadVarargs): - (JSC::JIT::compileOpCall): - -2011-12-25 Andreas Kling - - Yarr: Avoid copying vectors in CharacterClassConstructor. - - - Reviewed by Darin Adler. - - Yarr::CharacterClassConstructor::charClass() was hot when loading twitter - feeds (1.2%), replace the usage of Vector::append() by swap() since we're - always clearing the source vector afterwards anyway. - - * yarr/YarrPattern.cpp: - (JSC::Yarr::CharacterClassConstructor::charClass): - -2011-12-24 Darin Adler - - Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn - https://bugs.webkit.org/show_bug.cgi?id=72476 - - Reviewed by Sam Weinig. - - * wtf/HashTraits.h: Defined PassInType and store function in HashTraits. - -2011-12-23 Geoffrey Garen - - Inlined Yarr::execute - https://bugs.webkit.org/show_bug.cgi?id=75180 - - Reviewed reluctantly by Beth Dakin. - - Tiny speedup on SunSpider string tests. Removes some samples from - Instruments. A step toward removing -fomit-frame-pointer. - - * yarr/YarrJIT.cpp: - * yarr/YarrJIT.h: - (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?! - -2011-12-23 Filip Pizlo - - DFG loads from signed 8-bit and 16-bit typed arrays are broken - https://bugs.webkit.org/show_bug.cgi?id=75163 - - Reviewed by Geoffrey Garen. - - Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm - currently disabling Int8Array and Int16Array optimizations on ARM. - - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::load8Signed): - (JSC::MacroAssemblerX86Common::load16Signed): - * assembler/X86Assembler.h: - (JSC::X86Assembler::movswl_mr): - (JSC::X86Assembler::movsbl_mr): - * bytecode/PredictedType.h: - (JSC::isActionableMutableArrayPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateInt8Array): - (JSC::DFG::Node::shouldSpeculateInt16Array): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - -2011-12-23 Filip Pizlo - - DFG does double-to-int conversion incorrectly when storing into int typed arrays - https://bugs.webkit.org/show_bug.cgi?id=75164 - - - Reviewed by Geoffrey Garen. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32): - (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - -2011-12-23 Geoffrey Garen - - Refactored String.prototype.replace - https://bugs.webkit.org/show_bug.cgi?id=75114 - - Reviewed by Darin Adler. - - No performance difference. - - I think this is a step toward removing -fomit-frame-pointer. - - * runtime/JSString.cpp: - * runtime/JSString.h: Removed the test and special case for a single-character - search string because the standard path does this test and special case - for us. (As an aside, if we do come up with a unique single-character - replace optimization in future, it probably belongs in the replace function, - and not in JSString.) - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncReplace): Split this mega-sized function into: - (JSC::replaceUsingStringSearch): - This reasonably sized function, and - (JSC::replaceUsingRegExpSearch): - This still mega-sized function. - -2011-12-23 Pierre Rossi - - [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html - https://bugs.webkit.org/show_bug.cgi?id=75087 - - monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds. - - Reviewed by Darin Adler. - - * wtf/CurrentTime.cpp: - (WTF::monotonicallyIncreasingTime): - -2011-12-22 Filip Pizlo - - DFG should not speculate array even when predictions say that the base is not an array - https://bugs.webkit.org/show_bug.cgi?id=75160 - - - - Reviewed by Oliver Hunt. - - Added the ability to call slow path when the base is known to not be an array. - Also rationalized the logic for deciding when the index is not an int, and - cleaned up the logic for deciding when to speculate typed array. - - Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can - likely be mitigated by having the notion of a polymorphic array access, where we - try, but don't speculate, to access the array one way before either trying some - other ways or calling slow path. - - * bytecode/PredictedType.h: - (JSC::isActionableMutableArrayPrediction): - (JSC::isActionableArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateInt8Array): - (JSC::DFG::Node::shouldSpeculateInt16Array): - (JSC::DFG::Node::shouldSpeculateInt32Array): - (JSC::DFG::Node::shouldSpeculateUint8Array): - (JSC::DFG::Node::shouldSpeculateUint16Array): - (JSC::DFG::Node::shouldSpeculateUint32Array): - (JSC::DFG::Node::shouldSpeculateFloat32Array): - (JSC::DFG::Node::shouldSpeculateFloat64Array): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::byValIsPure): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-22 Gavin Barraclough - - Unreviewed - fix stylebot issues from last patch. - - * runtime/JSArray.cpp: - (JSC::JSArray::putSlowCase): - -2011-12-22 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75151 - Add attributes field to JSArray's SparseMap - - Reviewed by Sam Weinig. - - This will be necessary to be able to support non- writable/configurable/enumerable - properties, and helpful for getters/setters. - - Added a concept of being 'inSparseMode' - this indicates the array has a non-standard - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncSort): - - JSArray::sort methods not allowed on arrays that are 'inSparseMode'. - (must fall back to generic sort alogrithm). - * runtime/JSArray.cpp: - (JSC::JSArray::finishCreation): - - moved reportedMapCapacity into the SparseArrayValueMap object. - (JSC::SparseArrayValueMap::find): - (JSC::SparseArrayValueMap::put): - (JSC::SparseArrayValueMap::visitChildren): - - Added. - (JSC::JSArray::getOwnPropertySlotByIndex): - (JSC::JSArray::getOwnPropertyDescriptor): - (JSC::JSArray::putSlowCase): - (JSC::JSArray::deletePropertyByIndex): - (JSC::JSArray::getOwnPropertyNames): - (JSC::JSArray::setLength): - (JSC::JSArray::pop): - (JSC::JSArray::visitChildren): - - Updated for changes in SparseArrayValueMap. - (JSC::JSArray::sortNumeric): - (JSC::JSArray::sort): - (JSC::JSArray::compactForSorting): - - Disallow on 'SparseMode' arrays. - * runtime/JSArray.h: - (JSC::SparseArrayEntry::SparseArrayEntry): - - An entry in the sparse array - value (WriteBarrier) + attributes. - (JSC::SparseArrayValueMap::SparseArrayValueMap): - (JSC::SparseArrayValueMap::sparseMode): - (JSC::SparseArrayValueMap::setSparseMode): - - Flags to track whether an Array is forced into SparseMode. - (JSC::SparseArrayValueMap::remove): - (JSC::SparseArrayValueMap::notFound): - (JSC::SparseArrayValueMap::isEmpty): - (JSC::SparseArrayValueMap::contains): - (JSC::SparseArrayValueMap::size): - (JSC::SparseArrayValueMap::begin): - (JSC::SparseArrayValueMap::end): - - accessors to the map - (JSC::SparseArrayValueMap::take): - - only for use on non-SpareMode arrays. - (JSC::JSArray::inSparseMode): - - Added. - -2011-12-22 Filip Pizlo - - DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array - https://bugs.webkit.org/show_bug.cgi?id=75150 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - -2011-12-22 Filip Pizlo - - DFG JIT does exactly the wrong thing when doing strict equality on two known cells - https://bugs.webkit.org/show_bug.cgi?id=75138 - - - Reviewed by Oliver Hunt. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - -2011-12-22 Balazs Kelemen - - Fix debug build with assertions disabled - https://bugs.webkit.org/show_bug.cgi?id=75075 - - Reviewed by Darin Adler. - - Check whether assertions are disabled instead of NDEBUG - where appropriate to avoid "defined but not used" warnings. - - * wtf/DateMath.cpp: - (WTF::initializeDates): - -2011-12-22 Mariusz Grzegorczyk - - [EFL] Missing plugins support for efl port - https://bugs.webkit.org/show_bug.cgi?id=44505 - - Reviewed by Anders Carlsson. - - Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port. - - * wtf/Platform.h: - -2011-12-22 Wei Charles - - Remove un-used data member of LiteralParser::Lex::m_string - https://bugs.webkit.org/show_bug.cgi?id=68216 - - Reviewed by George Staikos. - - * runtime/LiteralParser.h: - -2011-12-21 Dan Bernstein - - OS X build fix after r103488. - - * JavaScriptCore.exp: - -2011-12-21 Konrad Piascik - - Implement the JavaScriptCore bindings for eventListenerHandlerLocation - https://bugs.webkit.org/show_bug.cgi?id=74313 - - Reviewed by Eric Seidel. - - Updated project files to get Windows and Mac builds working. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.xcodeproj/project.pbxproj: - -2011-12-21 Filip Pizlo - - DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object - https://bugs.webkit.org/show_bug.cgi?id=75058 - - - - Reviewed by Oliver Hunt. - - Added a call to toThisObject() in the DFG when planting a direct reference to the global this object. - Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed - a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState* - is optional. - - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::globalThisObjectFor): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSObject.h: - -2011-12-21 Pierre Rossi - - Implement montonicallyIncreasingClock() on Qt - https://bugs.webkit.org/show_bug.cgi?id=62159 - - Reviewed by Darin Adler. - - * wtf/CurrentTime.cpp: - (WTF::monotonicallyIncreasingTime): - -2011-12-20 Filip Pizlo - - 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails - https://bugs.webkit.org/show_bug.cgi?id=74997 - - - Reviewed by Gavin Barraclough. - - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emit_op_div): - -2011-12-20 Filip Pizlo - - JavaScriptCore should be consistent about how it reads and writes ArgumentCount - https://bugs.webkit.org/show_bug.cgi?id=74989 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compileFunction): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileLoadVarargs): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_get_arguments_length): - (JSC::JIT::emit_op_get_argument_by_val): - * jit/SpecializedThunkJIT.h: - (JSC::SpecializedThunkJIT::SpecializedThunkJIT): - -2011-12-20 Filip Pizlo - - Value Profiles for arguments should be more easily accessible to the interpreter - https://bugs.webkit.org/show_bug.cgi?id=74984 - - - Reviewed by Gavin Barraclough. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::stronglyVisitStrongReferences): - (JSC::CodeBlock::shouldOptimizeNow): - (JSC::CodeBlock::dumpValueProfiles): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::setArgumentValueProfileSize): - (JSC::CodeBlock::numberOfArgumentValueProfiles): - (JSC::CodeBlock::valueProfileForArgument): - (JSC::CodeBlock::addValueProfile): - (JSC::CodeBlock::valueProfile): - (JSC::CodeBlock::valueProfileForBytecodeOffset): - (JSC::CodeBlock::totalNumberOfValueProfiles): - (JSC::CodeBlock::getFromAllValueProfiles): - * bytecode/ValueProfile.h: - (JSC::ValueProfile::ValueProfile): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JIT.h: - * jit/JITInlineMethods.h: - (JSC::JIT::emitValueProfilingSite): - -2011-12-20 Gavin Barraclough - - JSC shell should accept utf8 input. - - Reviewed by Filip Pizlo. - - * jsc.cpp: - (jscSource): - (functionRun): - (functionLoad): - (functionCheckSyntax): - (runWithScripts): - (runInteractive): - -2011-12-20 Gavin Barraclough - - Rubber Stamped by Sam Weinig - - * runtime/JSGlobalData.cpp: - - removed some dead code. - -2011-12-19 Geoffrey Garen - - Tightened up Vector::append - https://bugs.webkit.org/show_bug.cgi?id=74906 - - Reviewed by Sam Weinig. - - Not a measurable speedup, but code inspection shows better code generated, - and I believe this is a step toward turning off -fomit-frame-pointer. - - * wtf/Vector.h: - (WTF::::append): - (WTF::::appendSlowCase): Split out the slow case into a separate function - to keep unnecessary instructions off the hot path. This means the hot - path can now be inlined more often. - - Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a - compiler work-around from 2007. - -2011-12-19 Yuqiang Xian - - Temporary GPR should not be lazily allocated in DFG JIT on X86 - https://bugs.webkit.org/show_bug.cgi?id=74908 - - Reviewed by Filip Pizlo. - - On X86, we used to allocate a temporary GPR lazily when it's really - used rather than defined. This may cause potential issues of - allocating registers inside control flow and result in problems in - subsequent code generation, for example the DFG JIT may think an - operand already being spilled (to satisfy the allocation request) and - generate code to read the data from memory, but the allocation and - spilling are in a branch which is not taken at runtime, so the - generated code is incorrect. - - Although current DFG JIT code doesn't have this problematic pattern, - it's better to cut-off the root to avoid any potential issues in the - future. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::GPRTemporary::GPRTemporary): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::GPRTemporary::gpr): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-19 Yuqiang Xian - - Remove unused code for non-speculative Arith operations from DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=74905 - - Reviewed by Filip Pizlo. - - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - * dfg/DFGSpeculativeJIT64.cpp: - -2011-12-19 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=74903 - Exceptions not thrown correctly from DFG JIT on 32bit - - Reviewed by Oliver Hunt. - - Arguments for lookupExceptionHandler are not setup correctly. - In the case of ARMv7 we rely on lr being preserved over a call, - this in invalid. On x86 we don't should be poking the arguments onto the stack! - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::bytecodeOffsetForCallAtIndex): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): - * dfg/DFGGPRInfo.h: - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compileBody): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::addExceptionCheck): - (JSC::DFG::JITCompiler::addFastExceptionCheck): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - -2011-12-19 Filip Pizlo - - If we detect that we can use the JIT, don't use computed opcode lookups - https://bugs.webkit.org/show_bug.cgi?id=74899 - - - Reviewed by Gavin Barraclough. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::Interpreter): - (JSC::Interpreter::initialize): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC::Interpreter::getOpcode): - (JSC::Interpreter::getOpcodeID): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - -2011-12-19 Geoffrey Garen - - Try to fix the Qt build. - - Unreviewed. - - * wtf/ThreadSpecific.h: #include! - -2011-12-18 Filip Pizlo - - It should be possible to change the value of an Options variable without recompiling the world - https://bugs.webkit.org/show_bug.cgi?id=74807 - - Reviewed by Gavin Barraclough. - - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - * runtime/Options.h: - -2011-12-19 Sheriff Bot - - Unreviewed, rolling out r103250. - http://trac.webkit.org/changeset/103250 - https://bugs.webkit.org/show_bug.cgi?id=74877 - - it still breaks codegen (Requested by olliej on #webkit). - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::byValIsPure): - (JSC::DFG::Propagator::clobbersWorld): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::checkStructureLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::getPropertyStorageLoadElimination): - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-16 Oliver Hunt - - Rolling r103120 back in with merge errors corrected. - - PutByVal[Alias] unnecessarily reloads the storage buffer - https://bugs.webkit.org/show_bug.cgi?id=74747 - - Reviewed by Gavin Barraclough. - - Make PutByVal use GetIndexedStorage to load the storage buffer. - This required switching PutByVal to a vararg node (which is - responsible for most of the noise in this patch). This fixes the - remaining portion of the kraken regression caused by the GetByVal - storage load elimination, and a 1-5% win on some of the sub tests of - the typed array benchmark at: - http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::byValIndexIsPure): - (JSC::DFG::Propagator::clobbersWorld): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::checkStructureLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::getPropertyStorageLoadElimination): - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-15 Geoffrey Garen - - Placement new does an unnecessary NULL check - https://bugs.webkit.org/show_bug.cgi?id=74676 - - Reviewed by Sam Weinig. - - We can define our own version, which skips the NULL check. - - Not a measurable speedup, but code inspection shows better code generated, - and I believe this is a step toward turning off -fomit-frame-pointer. - - * API/JSCallbackConstructor.h: - (JSC::JSCallbackConstructor::create): - * API/JSCallbackFunction.h: - (JSC::JSCallbackFunction::create): Use the NotNull version of placement - new to skip the NULL check. - - * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new. - - (JSC::JSCallbackObject::create): - * debugger/DebuggerActivation.h: - (JSC::DebuggerActivation::create): - * heap/HandleHeap.cpp: - (JSC::HandleHeap::grow): - * heap/HandleHeap.h: - (JSC::HandleHeap::allocate): - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::create): - (JSC::MarkedBlock::recycle): - * jit/JITCode.h: - (JSC::JITCode::clear): - * jsc.cpp: - (GlobalObject::create): - * profiler/CallIdentifier.h: - * runtime/Arguments.h: - (JSC::Arguments::create): - * runtime/ArrayConstructor.h: - (JSC::ArrayConstructor::create): - * runtime/ArrayPrototype.h: - (JSC::ArrayPrototype::create): - * runtime/BooleanConstructor.h: - (JSC::BooleanConstructor::create): - * runtime/BooleanObject.h: - (JSC::BooleanObject::create): - * runtime/BooleanPrototype.h: - (JSC::BooleanPrototype::create): - * runtime/DateConstructor.h: - (JSC::DateConstructor::create): - * runtime/DateInstance.h: - (JSC::DateInstance::create): - * runtime/DatePrototype.h: - (JSC::DatePrototype::create): - * runtime/Error.h: - (JSC::StrictModeTypeErrorFunction::create): - * runtime/ErrorConstructor.h: - (JSC::ErrorConstructor::create): - * runtime/ErrorInstance.h: - (JSC::ErrorInstance::create): - * runtime/ErrorPrototype.h: - (JSC::ErrorPrototype::create): - * runtime/ExceptionHelpers.h: - (JSC::InterruptedExecutionError::create): - (JSC::TerminatedExecutionError::create): - * runtime/Executable.h: - (JSC::NativeExecutable::create): - (JSC::EvalExecutable::create): - (JSC::ProgramExecutable::create): - (JSC::FunctionExecutable::create): - * runtime/FunctionConstructor.h: - (JSC::FunctionConstructor::create): - * runtime/FunctionPrototype.h: - (JSC::FunctionPrototype::create): - * runtime/GetterSetter.h: - (JSC::GetterSetter::create): - * runtime/JSAPIValueWrapper.h: - (JSC::JSAPIValueWrapper::create): - * runtime/JSActivation.h: - (JSC::JSActivation::create): - * runtime/JSArray.h: - (JSC::JSArray::create): - * runtime/JSBoundFunction.cpp: - (JSC::JSBoundFunction::create): - * runtime/JSByteArray.h: - (JSC::JSByteArray::create): Use the NotNull version of placement - new to skip the NULL check. - - * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::create): - * runtime/JSFunction.h: - (JSC::JSFunction::create): - * runtime/JSGlobalObject.h: - (JSC::JSGlobalObject::create): - * runtime/JSGlobalThis.h: - (JSC::JSGlobalThis::create): - * runtime/JSNotAnObject.h: - (JSC::JSNotAnObject::create): - * runtime/JSONObject.h: - (JSC::JSONObject::create): - * runtime/JSObject.h: - (JSC::JSFinalObject::create): - * runtime/JSPropertyNameIterator.cpp: - (JSC::JSPropertyNameIterator::create): - * runtime/JSPropertyNameIterator.h: - (JSC::JSPropertyNameIterator::create): - * runtime/JSStaticScopeObject.h: - (JSC::JSStaticScopeObject::create): - * runtime/JSString.cpp: - (JSC::StringObject::create): - * runtime/JSString.h: - (JSC::RopeBuilder::createNull): - (JSC::RopeBuilder::create): - (JSC::RopeBuilder::createHasOtherOwner): - * runtime/MathObject.h: - (JSC::MathObject::create): - * runtime/NativeErrorConstructor.h: - (JSC::NativeErrorConstructor::create): - * runtime/NativeErrorPrototype.h: - (JSC::NativeErrorPrototype::create): - * runtime/NumberConstructor.h: - (JSC::NumberConstructor::create): - * runtime/NumberObject.h: - (JSC::NumberObject::create): - * runtime/NumberPrototype.h: - (JSC::NumberPrototype::create): - * runtime/ObjectConstructor.h: - (JSC::ObjectConstructor::create): - * runtime/ObjectPrototype.h: - (JSC::ObjectPrototype::create): - * runtime/RegExp.cpp: - (JSC::RegExp::createWithoutCaching): - * runtime/RegExpConstructor.h: - (JSC::RegExpConstructor::create): - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::create): - * runtime/RegExpObject.h: - (JSC::RegExpObject::create): - * runtime/RegExpPrototype.h: - (JSC::RegExpPrototype::create): - * runtime/ScopeChain.h: - (JSC::ScopeChainNode::create): - * runtime/StrictEvalActivation.h: - (JSC::StrictEvalActivation::create): - * runtime/StringConstructor.h: - (JSC::StringConstructor::create): - * runtime/StringObject.h: - (JSC::StringObject::create): - * runtime/StringPrototype.h: - (JSC::StringPrototype::create): - * runtime/Structure.h: - (JSC::Structure::create): - (JSC::Structure::createStructure): - * runtime/StructureChain.h: - (JSC::StructureChain::create): - * testRegExp.cpp: - (GlobalObject::create): - * wtf/BitVector.cpp: - (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement - new to skip the NULL check. - - * wtf/BumpPointerAllocator.h: - (WTF::BumpPointerPool::create): Standardized spacing to make grep easier. - - * wtf/ByteArray.cpp: - (WTF::ByteArray::create): - * wtf/Deque.h: - (WTF::::append): - (WTF::::prepend): Use NotNull, as above. - - * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise - hide the name of the global placement new. - - (WTF::fastNew): Standardized spacing. Most of these functions don't need - NotNull, since they check for NULL, and the optimizer can see that. - - * wtf/HashTable.h: - * wtf/HashTraits.h: - (WTF::SimpleClassHashTraits::constructDeletedValue): - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above. - - * wtf/StdLibExtras.h: - (throw): This is our NotNull placement new. Declaring that we throw is - the C++ way to say that operator new will not return NULL. - - * wtf/ThreadSpecific.h: - (WTF::T): - * wtf/Vector.h: - (WTF::::append): - (WTF::::tryAppend): - (WTF::::uncheckedAppend): - (WTF::::insert): - * wtf/text/AtomicStringHash.h: - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::createUninitialized): - (WTF::StringImpl::reallocate): - * wtf/text/StringImpl.h: - (WTF::StringImpl::tryCreateUninitialized): - * wtf/text/StringStatics.cpp: - (WTF::AtomicString::init): Use NotNull, as above. - - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::Interpreter::allocDisjunctionContext): - (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext): - (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized - spacing for easy grep. - -2011-12-19 Eric Carlson - - Enable for Mac build - https://bugs.webkit.org/show_bug.cgi?id=74838 - - Reviewed by Darin Adler. - - * wtf/Platform.h: - -2011-12-18 Filip Pizlo - - DFG is too sloppy with register allocation - https://bugs.webkit.org/show_bug.cgi?id=74835 - - Reviewed by Gavin Barraclough. - - Added assertions that at the end of a successfully generated basic block, - all use counts should be zero. This revealed a number of bugs: - - - Array length optimizations were turning a must-generate node into one - that is not must-generate, but failing to change the ref count - accordingly. - - - Indexed property storage optimizations were failing to deref their - children, or to deref the indexed property storage node itself. Also, - they used the Phantom node as a replacement. But the Phantom node is - must-generate, which was causing bizarre issues. So this introduces a - Nop node, which should be used in cases where you want a node that is - skipped and has no children. - - This does not have any significant performance effect, but it should - relieve some register pressure. The main thing this patch adds, though, - are the assertions, which should make it easier to do register allocation - related changes in the future. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGGenerationInfo.h: - (JSC::DFG::GenerationInfo::initConstant): - (JSC::DFG::GenerationInfo::initInteger): - (JSC::DFG::GenerationInfo::initJSValue): - (JSC::DFG::GenerationInfo::initCell): - (JSC::DFG::GenerationInfo::initBoolean): - (JSC::DFG::GenerationInfo::initDouble): - (JSC::DFG::GenerationInfo::initStorage): - (JSC::DFG::GenerationInfo::use): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::clearAndDerefChild1): - (JSC::DFG::Graph::clearAndDerefChild2): - (JSC::DFG::Graph::clearAndDerefChild3): - * dfg/DFGNode.h: - (JSC::DFG::Node::deref): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::fixupNode): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-18 Benjamin Poulain - - Remove the duplicated code from ASCIICType.h - https://bugs.webkit.org/show_bug.cgi?id=74771 - - Reviewed by Andreas Kling. - - Use isASCIIDigit() and isASCIIAlpha() instead of copying the code. - - * wtf/ASCIICType.h: - (WTF::isASCIIDigit): - (WTF::isASCIIAlphanumeric): - (WTF::isASCIIHexDigit): - -2011-12-18 Anders Carlsson - - Set the main frame view scroll position asynchronously - https://bugs.webkit.org/show_bug.cgi?id=74823 - - Reviewed by Sam Weinig. - - * JavaScriptCore.exp: - -2011-12-10 Andreas Kling - - OpaqueJSClass: Remove RVCT2 workarounds. - - - Reviewed by Benjamin Poulain. - - We no longer need workarounds for the RVCT2 compiler since it was - only used for the Symbian port of WebKit which is now defunct. - - * API/JSClassRef.cpp: - (OpaqueJSClass::OpaqueJSClass): - (OpaqueJSClassContextData::OpaqueJSClassContextData): - -2011-12-16 Benjamin Poulain - - Remove the duplicated code from ASCIICType.h - https://bugs.webkit.org/show_bug.cgi?id=74771 - - Reviewed by Andreas Kling. - - The functions were sharing similar code and were defined for the various input types. - Use templates instead to avoid code duplication. - - * wtf/ASCIICType.h: - (WTF::isASCII): - (WTF::isASCIIAlpha): - (WTF::isASCIIAlphanumeric): - (WTF::isASCIIDigit): - (WTF::isASCIIHexDigit): - (WTF::isASCIILower): - (WTF::isASCIIOctalDigit): - (WTF::isASCIIPrintable): - (WTF::isASCIISpace): - (WTF::isASCIIUpper): - (WTF::toASCIILower): - (WTF::toASCIIUpper): - (WTF::toASCIIHexValue): - (WTF::lowerNibbleToASCIIHexDigit): - (WTF::upperNibbleToASCIIHexDigit): - -2011-12-16 Filip Pizlo - - DFG OSR exit may get confused about where in the scratch buffer it stored a value - https://bugs.webkit.org/show_bug.cgi?id=74695 - - Reviewed by Oliver Hunt. - - The code that reads from the scratch buffer now explicitly knows which locations to - read from. No new tests, since this patch covers a case so uncommon that I don't know - how to make a test for it. - - * dfg/DFGOSRExitCompiler.h: - (JSC::DFG::OSRExitCompiler::badIndex): - (JSC::DFG::OSRExitCompiler::initializePoisoned): - (JSC::DFG::OSRExitCompiler::poisonIndex): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - -2011-12-16 Oliver Hunt - - PutByVal[Alias] unnecessarily reloads the storage buffer - https://bugs.webkit.org/show_bug.cgi?id=74747 - - Reviewed by Gavin Barraclough. - - Make PutByVal use GetIndexedStorage to load the storage buffer. - This required switching PutByVal to a vararg node (which is - responsible for most of the noise in this patch). This fixes the - remaining portion of the kraken regression caused by the GetByVal - storage load elimination, and a 1-5% win on some of the sub tests of - the typed array benchmark at: - http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::byValIndexIsPure): - (JSC::DFG::Propagator::clobbersWorld): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::checkStructureLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::getPropertyStorageLoadElimination): - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-16 Daniel Bates - - Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h - - Rubber-stamped by Antonio Gomes. - - BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't - declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h - instead of BlackBerryPlatformMisc.h. - - * wtf/Assertions.cpp: - -2011-12-16 Mark Hahnenberg - - De-virtualize destructors - https://bugs.webkit.org/show_bug.cgi?id=74331 - - Reviewed by Geoffrey Garen. - - This is a megapatch which frees us from the chains of virtual destructors. - - In order to remove the virtual destructors, which are the last of the virtual - functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to - the cell rather than to the structure because in order to be able to lazily call - the static destroy() functions that will replace the virtual destructors, we - need to be able to access the ClassInfo without the danger of the object's - Structure being collected before the object itself. - - After adding the ClassInfo to the cell, we can then begin to remove our use - of vptrs for optimizations within the JIT and the GC. When we have removed - all of the stored vptrs from JSGlobalData, we can then also remove all of - the related VPtrStealingHack code. - - The replacement for virtual destructors will be to add a static destroy function - pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has - a non-trivial destructor will require its own static destroy function to static - call its corresponding destructor, which will now be non-virtual. In future - patches we will slowly move away from destructors altogether as we make more and - more objects backed by GC memory rather than malloc-ed memory. The GC will now - call the static destroy method rather than the virtual destructor. - - As we go through the hierarchy and add static destroy functions to classes, - we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes - to which it applies. The future goal is to eventually have every class have that assert. - - * API/JSCallbackConstructor.cpp: - (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call - ~JSCallbackConstructor because it has some extra destruction logic. - * API/JSCallbackConstructor.h: - * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction. - * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject - because it has a member OwnPtr that needs destruction. - (JSC::::destroy): - * API/JSCallbackObject.h: - * JavaScriptCore.exp: Add/remove necessary symbols for JSC. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols. - * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't - have its own ClassInfo despite the fact that it overrides a number of MethodTable - methods. Added the ClassInfo, along with an assertion that its destructor is trivial. - * debugger/DebuggerActivation.h: - * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray, - isJSString, as it is no longer necessary. - (JSC::DFG::putByVal): - * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the - JSArray ClassInfo pointer. - (JSC::DFG::tryCacheGetByID): - * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo - comparisons since we don't have vptrs anymore. - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): - (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compare): - (JSC::DFG::SpeculativeJIT::compileStrictEq): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: Ditto. - (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): - * dfg/DFGSpeculativeJIT32_64.cpp: Ditto. - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: Ditto. - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with - ClassInfo comparisons. - (JSC::Heap::Heap): - * heap/MarkStack.cpp: Ditto. - (JSC::MarkStackThreadSharedData::markingThreadMain): - (JSC::visitChildren): - (JSC::SlotVisitor::drain): - * heap/MarkStack.h: Ditto. - (JSC::MarkStack::MarkStack): - * heap/MarkedBlock.cpp: Ditto. - (JSC::MarkedBlock::callDestructor): - (JSC::MarkedBlock::specializedSweep): - * heap/MarkedBlock.h: Ditto. - * heap/SlotVisitor.h: Ditto. - (JSC::SlotVisitor::SlotVisitor): - * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them. - We'll have to rename this class and make it use ClassInfo ptrs in a future patch. - (JSC::VTableSpectrum::count): - * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray, - etc. functions. - (JSC::loadVarargs): - (JSC::Interpreter::tryCacheGetByID): - (JSC::Interpreter::privateExecute): - * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject - * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting, - remove all vtable related code. - (JSC::JIT::emitLoadCharacterString): - (JSC::JIT::emitAllocateBasicJSObject): - (JSC::JIT::emitAllocateJSFinalObject): - (JSC::JIT::emitAllocateJSFunction): - * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo. - (JSC::JIT::privateCompileCTIMachineTrampolines): - (JSC::JIT::emit_op_to_primitive): - (JSC::JIT::emit_op_convert_this): - * jit/JITOpcodes32_64.cpp: Ditto. - (JSC::JIT::privateCompileCTIMachineTrampolines): - (JSC::JIT::emit_op_to_primitive): - (JSC::JIT::emitSlow_op_eq): - (JSC::JIT::emitSlow_op_neq): - (JSC::JIT::compileOpStrictEq): - (JSC::JIT::emit_op_convert_this): - * jit/JITPropertyAccess.cpp: Ditto. - (JSC::JIT::stringGetByValStubGenerator): - (JSC::JIT::emit_op_get_by_val): - (JSC::JIT::emitSlow_op_get_by_val): - (JSC::JIT::emit_op_put_by_val): - (JSC::JIT::privateCompilePutByIdTransition): - (JSC::JIT::privateCompilePatchGetArrayLength): - * jit/JITPropertyAccess32_64.cpp: Ditto. - (JSC::JIT::stringGetByValStubGenerator): - (JSC::JIT::emit_op_get_by_val): - (JSC::JIT::emitSlow_op_get_by_val): - (JSC::JIT::emit_op_put_by_val): - (JSC::JIT::privateCompilePatchGetArrayLength): - * jit/JITStubs.cpp: Remove global data argument from isJSString, etc. - (JSC::JITThunks::tryCacheGetByID): - (JSC::DEFINE_STUB_FUNCTION): - * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff. - (JSC::SpecializedThunkJIT::loadJSStringArgument): - * runtime/ArrayConstructor.cpp: Add trivial destructor assert. - * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray. - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncJoin): - (JSC::arrayProtoFuncPop): - (JSC::arrayProtoFuncPush): - (JSC::arrayProtoFuncShift): - (JSC::arrayProtoFuncSplice): - (JSC::arrayProtoFuncUnShift): - (JSC::arrayProtoFuncFilter): - (JSC::arrayProtoFuncMap): - (JSC::arrayProtoFuncEvery): - (JSC::arrayProtoFuncForEach): - (JSC::arrayProtoFuncSome): - (JSC::arrayProtoFuncReduce): - (JSC::arrayProtoFuncReduceRight): - * runtime/BooleanConstructor.cpp: Add trivial destructor assert. - * runtime/BooleanObject.cpp: Ditto. - * runtime/BooleanPrototype.cpp: Ditto. - * runtime/ClassInfo.h: Add destroy function pointer to MethodTable. - * runtime/DateConstructor.cpp: Add trivial destructor assert. - * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr - that needs destruction. - (JSC::DateInstance::destroy): - * runtime/DateInstance.h: - * runtime/Error.cpp: Ditto (because of UString member). - (JSC::StrictModeTypeErrorFunction::destroy): - * runtime/Error.h: - * runtime/ErrorConstructor.cpp: Add trivial destructor assert. - * runtime/ErrorInstance.cpp: Ditto. - * runtime/ExceptionHelpers.cpp: Ditto. - * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses. - (JSC::ExecutableBase::destroy): - (JSC::NativeExecutable::destroy): - (JSC::ScriptExecutable::destroy): - (JSC::EvalExecutable::destroy): - (JSC::ProgramExecutable::destroy): - (JSC::FunctionExecutable::destroy): - * runtime/Executable.h: - * runtime/FunctionConstructor.cpp: Add trivial destructor assert. - * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray. - (JSC::functionProtoFuncApply): - * runtime/GetterSetter.cpp: Ditto. - * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no - longer exists. - (JSC::initializeThreadingOnce): - * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert, - remove first arg from isJSString. - (JSC::InternalFunction::displayName): - * runtime/InternalFunction.h: Remove VPtrStealingHack. - * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert. - * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in - destructor with ClassInfo checks. - (JSC::JSArray::~JSArray): - (JSC::JSArray::destroy): - * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray - and change them to check the ClassInfo rather than the vptrs. - (JSC::isJSArray): - * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray. - (JSC::boundFunctionCall): - (JSC::boundFunctionConstruct): - * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks. - (JSC::JSByteArray::~JSByteArray): - (JSC::JSByteArray::destroy): - * runtime/JSByteArray.h: Remove VPtrStealingHack code. - (JSC::isJSByteArray): - * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function. - (JSC::JSCell::destroy): - * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset - of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to - the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions, - as they are no longer used. Add a validatedClassInfo function to JSCell for any clients - that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the - same one as that contained in the Structure. This isn't used too often, because most of - the places where we compare the ClassInfo to things can be called during destruction. - Since the Structure is unreliable during the phase when destructors are being called, - we can't call validatedClassInfo. - (JSC::JSCell::classInfoOffset): - (JSC::JSCell::structure): - (JSC::JSCell::classInfo): - * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor, - remove first arg from call to isJSString. - (JSC::JSFunction::destroy): - (JSC::JSFunction::displayName): - * runtime/JSFunction.h: - * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs, - as these vptrs are no longer needed in the codebase. - * runtime/JSGlobalData.h: - (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use - ClassInfo rather than the vptr. - * runtime/JSGlobalObject.cpp: Add static destroy function. - (JSC::JSGlobalObject::destroy): - * runtime/JSGlobalObject.h: - * runtime/JSGlobalThis.cpp: Add trivial destructor assert. - * runtime/JSNotAnObject.cpp: Ditto. - * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls. - (JSC::Stringifier::Holder::appendNextProperty): - (JSC::Walker::walk): - * runtime/JSObject.cpp: - (JSC::JSFinalObject::destroy): - (JSC::JSNonFinalObject::destroy): - (JSC::JSObject::destroy): - * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor - from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and - JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code. - (JSC::JSObject::finishCreation): - (JSC::JSNonFinalObject::finishCreation): - (JSC::JSFinalObject::finishCreation): - (JSC::isJSFinalObject): - * runtime/JSPropertyNameIterator.cpp: Add static destroy. - (JSC::JSPropertyNameIterator::destroy): - * runtime/JSPropertyNameIterator.h: - * runtime/JSStaticScopeObject.cpp: Ditto. - (JSC::JSStaticScopeObject::destroy): - * runtime/JSStaticScopeObject.h: Ditto. - * runtime/JSString.cpp: - (JSC::JSString::destroy): - * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code, - since we no longer need to fixup vptrs. - (JSC::jsSingleCharacterString): - (JSC::jsSingleCharacterSubstring): - (JSC::jsNontrivialString): - (JSC::jsString): - (JSC::jsSubstring8): - (JSC::jsSubstring): - (JSC::jsOwnedString): - (JSC::jsStringBuilder): - (JSC::isJSString): - * runtime/JSVariableObject.cpp: - (JSC::JSVariableObject::destroy): - * runtime/JSVariableObject.h: Ditto. - * runtime/JSWrapperObject.cpp: - * runtime/JSWrapperObject.h: Add trivial destructor assert. - * runtime/MathObject.cpp: Ditto. - * runtime/NativeErrorConstructor.cpp: Ditto. - * runtime/NumberConstructor.cpp: Ditto. - * runtime/NumberObject.cpp: Ditto. - * runtime/NumberPrototype.cpp: Ditto. - * runtime/ObjectConstructor.cpp: Ditto. - * runtime/ObjectPrototype.cpp: Ditto. - * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString. - (JSC::jsString): - (JSC::jsLess): - (JSC::jsLessEq): - * runtime/RegExp.cpp: Add static destroy. - (JSC::RegExp::destroy): - * runtime/RegExp.h: - * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray. - (JSC::RegExpConstructor::destroy): - (JSC::RegExpMatchesArray::destroy): - * runtime/RegExpConstructor.h: - * runtime/RegExpMatchesArray.h: - * runtime/RegExpObject.cpp: Add static destroy. - (JSC::RegExpObject::destroy): - * runtime/RegExpObject.h: - * runtime/ScopeChain.cpp: Add trivial destructor assert. - * runtime/ScopeChain.h: - * runtime/StrictEvalActivation.cpp: Ditto. - * runtime/StringConstructor.cpp: - * runtime/StringObject.cpp: Ditto. Remove vtableAnchor. - * runtime/StringObject.h: - * runtime/StringPrototype.cpp: Ditto. - * runtime/Structure.cpp: Add static destroy. - (JSC::Structure::destroy): - * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h - because they need to have the full Structure type to access the ClassInfo to store in the JSCell. - (JSC::JSCell::setStructure): - (JSC::JSCell::validatedClassInfo): - (JSC::JSCell::JSCell): - (JSC::JSCell::finishCreation): - * runtime/StructureChain.cpp: Add static destroy. - (JSC::StructureChain::destroy): - * runtime/StructureChain.h: - * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs - ability to tell us when a class has a trivial destructor. We will use this assert - more in future patches as we move toward having all JSC objects backed by GC memory, - which means moving away from using destructors/finalizers. - -2011-12-15 Martin Robinson - - Fix 'make dist' in preparation for the GTK+ release. - - * GNUmakefile.list.am: Add missing header. - -2011-12-15 Sam Weinig - - JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly - - Reviewed by Gavin Barraclough. - - Original patch by Jim Grosbach. - - * jit/JITStubs.cpp: - (JSC::ctiTrampoline): - (JSC::ctiVMThrowTrampoline): - Replace uses of the 'cpy' mnemonic with 'mov'. - -2011-12-15 Filip Pizlo - - Value profiling should distinguished between NaN and non-NaN doubles - https://bugs.webkit.org/show_bug.cgi?id=74682 - - Reviewed by Gavin Barraclough. - - Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union - of the two. - - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionFromValue): - * bytecode/PredictedType.h: - (JSC::isDoubleRealPrediction): - (JSC::isDoublePrediction): - -2011-12-15 Anders Carlsson - - Regression (r102866): Navigating away from or closing a page with a plugin crashes - https://bugs.webkit.org/show_bug.cgi?id=74655 - - - Reviewed by Sam Weinig. - - Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes, - using a modified version of the technique described here: - http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699 - - * wtf/Functional.h: - -2011-12-15 Andy Wingo - - Warnings fixes in Interpreter.cpp and PrivateExecute.cpp - https://bugs.webkit.org/show_bug.cgi?id=74624 - - Reviewed by Darin Adler. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): Fix variables unused in - release mode. - * wtf/ParallelJobsGeneric.cpp: - (WTF::ParallelEnvironment::ParallelEnvironment): Fix - signed/unsigned comparison warning, with a cast. - -2011-12-15 Andy Wingo - - Use more macrology in JSC::Options - https://bugs.webkit.org/show_bug.cgi?id=72938 - - Reviewed by Filip Pizlo. - - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - * runtime/Options.h: Use macros to ensure that all heuristics are - declared and have initializers. - -2011-12-15 Anders Carlsson - - Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define - https://bugs.webkit.org/show_bug.cgi?id=74639 - - Reviewed by Andreas Kling. - - Add ENABLE_THREADED_SCROLLING #define. - - * wtf/Platform.h: - -2011-12-15 Anders Carlsson - - EventDispatcher should handle wheel events on the connection queue - https://bugs.webkit.org/show_bug.cgi?id=74627 - - Reviewed by Andreas Kling. - - Add a BoundFunctionImpl specialization that takes three parameters. - - * wtf/Functional.h: - (WTF::C::): - (WTF::R): - (WTF::bind): - -2011-12-14 Anders Carlsson - - Add WTF::Function to wtf/Forward.h - https://bugs.webkit.org/show_bug.cgi?id=74576 - - Reviewed by Adam Roben. - - * jsc.cpp: - Work around a name conflict in the readline library. - - * wtf/Forward.h: - Add Function. - -2011-12-15 Igor Oliveira - - [Qt] Support requestAnimationFrame API - https://bugs.webkit.org/show_bug.cgi?id=74528 - - Let Qt port use REQUEST_ANIMATION_FRAME_TIMER. - - Reviewed by Kenneth Rohde Christiansen. - - * wtf/Platform.h: - -2011-12-15 Andy Wingo - - Minor refactor to Parser::parseTryStatement - https://bugs.webkit.org/show_bug.cgi?id=74507 - - Reviewed by Geoffrey Garen. - - * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the - Parser's declareVariable instead of going directly to the scope. - This will facilitate future checks related to harmony block - scoping. - -2011-12-15 Andy Wingo - - Rename JSC::Heuristics to JSC::Options - https://bugs.webkit.org/show_bug.cgi?id=72889 - - Reviewed by Filip Pizlo. - - * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp. - * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::shouldOptimizeNow): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::likelyToTakeSlowCase): - (JSC::CodeBlock::couldTakeSlowCase): - (JSC::CodeBlock::likelyToTakeSpecialFastCase): - (JSC::CodeBlock::likelyToTakeDeepestSlowCase): - (JSC::CodeBlock::likelyToTakeAnySlowCase): - (JSC::CodeBlock::reoptimizationRetryCounter): - (JSC::CodeBlock::countReoptimization): - (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): - (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): - (JSC::CodeBlock::optimizeNextInvocation): - (JSC::CodeBlock::dontOptimizeAnytimeSoon): - (JSC::CodeBlock::optimizeSoon): - (JSC::CodeBlock::largeFailCountThreshold): - (JSC::CodeBlock::largeFailCountThresholdForLoop): - (JSC::CodeBlock::shouldReoptimizeNow): - (JSC::CodeBlock::shouldReoptimizeFromLoopNow): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleInlining): - * dfg/DFGCapabilities.h: - (JSC::DFG::mightCompileEval): - (JSC::DFG::mightCompileProgram): - (JSC::DFG::mightCompileFunctionForCall): - (JSC::DFG::mightCompileFunctionForConstruct): - (JSC::DFG::mightInlineFunctionForCall): - (JSC::DFG::mightInlineFunctionForConstruct): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): - * heap/MarkStack.cpp: - (JSC::MarkStackSegmentAllocator::allocate): - (JSC::MarkStackSegmentAllocator::shrinkReserve): - (JSC::MarkStackArray::MarkStackArray): - (JSC::MarkStackArray::donateSomeCellsTo): - (JSC::MarkStackArray::stealSomeCellsFrom): - (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): - (JSC::SlotVisitor::donateSlow): - (JSC::SlotVisitor::drain): - (JSC::SlotVisitor::drainFromShared): - * heap/MarkStack.h: - (JSC::MarkStack::mergeOpaqueRootsIfProfitable): - (JSC::MarkStack::addOpaqueRoot): - (JSC::MarkStackArray::canDonateSomeCells): - * heap/SlotVisitor.h: - (JSC::SlotVisitor::donate): - * jit/JIT.cpp: - (JSC::JIT::emitOptimizationCheck): - * runtime/InitializeThreading.cpp: - (JSC::initializeThreadingOnce): Adapt callers and build systems. - - * testRegExp.cpp: - (CommandLine::CommandLine): - * jsc.cpp: - (CommandLine::CommandLine): - Rename from Options, to avoid name conflict. - -2011-12-14 Sam Weinig - - Revert unintentional change to JavaScriptCore.def - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2011-12-14 Sam Weinig - - Remove whitespace from InheritedPropertySheets attributes in - vsprops files to appease the Visual Studio project migrator. - - Reviewed by Adam Roben. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: - * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: - * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: - * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: - * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: - * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: - * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: - * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: - * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: - * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: - * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: - * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: - * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: - * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: - * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: - * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: - -2011-12-14 Anders Carlsson - - binding a member function should ref/deref the object pointer if needed - https://bugs.webkit.org/show_bug.cgi?id=74552 - - Reviewed by Sam Weinig. - - Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref - member functions which the right type. Use this to determine if we should ref/deref the first parameter. - - * wtf/Functional.h: - (WTF::R): - (WTF::C::): - (WTF::RefAndDeref::ref): - (WTF::RefAndDeref::deref): - -2011-12-14 Hajime Morrita - - JS_INLINE and WTF_INLINE should be visible from WebCore - https://bugs.webkit.org/show_bug.cgi?id=73191 - - - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. - - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. - - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. - - Reviewed by Kevin Ollivier. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * config.h: - * runtime/JSExportMacros.h: Added. - * wtf/ExportMacros.h: - * wtf/Platform.h: - * wtf/WTFThreadData.h: - * wtf/text/AtomicString.h: - * wtf/text/StringStatics.cpp: - -2011-12-14 Anders Carlsson - - Work around a bug in the MSVC2005 compiler - https://bugs.webkit.org/show_bug.cgi?id=74550 - - Reviewed by Sam Weinig. - - Add template parameters for the return types of the partial specializations of BoundFunctionImpl. - - * wtf/Functional.h: - (WTF::R): - -2011-12-13 Jon Lee - - Enable notifications on Mac. - - Reviewed by Sam Weinig. - - * Configurations/FeatureDefines.xcconfig: - -2011-12-14 David Kilzer - - Remove definition of old ENABLE(YARR) macro - - - Reviewed by Darin Adler. - - * wtf/Platform.h: Removed ENABLE_YARR macros. - -2011-12-14 Anders Carlsson - - bind should handle member functions - https://bugs.webkit.org/show_bug.cgi?id=74529 - - Reviewed by Sam Weinig. - - Add FunctionWrapper partial specializations for member function pointers. - - * wtf/Functional.h: - (WTF::C::): - -2011-12-14 Gavin Barraclough - - DFG relies on returning a struct in registers - https://bugs.webkit.org/show_bug.cgi?id=74527 - - Reviewed by Geoff Garen. - - This will not work on all platforms. Returning a uint64_t will more reliably achieve - what we want, on 32-bit platforms (on 64-bit, stick with the struct return). - - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - (JSC::DFG::DFGHandler::dfgHandlerEncoded): - -2011-12-14 Anders Carlsson - - Add unary and binary bind overloads - https://bugs.webkit.org/show_bug.cgi?id=74524 - - Reviewed by Sam Weinig. - - * wtf/Functional.h: - (WTF::R): - (WTF::FunctionWrapper::ResultType): - (WTF::bind): - -2011-12-14 Anders Carlsson - - Add back the callOnMainThread overload that takes a WTF::Function - https://bugs.webkit.org/show_bug.cgi?id=74512 - - Reviewed by Darin Adler. - - Add back the overload; the changes to WebCore should hopefully keep Windows building. - - * wtf/MainThread.cpp: - (WTF::callFunctionObject): - (WTF::callOnMainThread): - * wtf/MainThread.h: - -2011-12-13 Filip Pizlo - - DFG should infer when local variables are doubles - https://bugs.webkit.org/show_bug.cgi?id=74480 - - Reviewed by Oliver Hunt. - - Introduced the notion that a local variable (though not an argument, yet!) can - be stored as a double, and will be guaranteed to always contain a double. This - requires more magic in the OSR (conversion in both entry and exit). The inference - is quite unorthodox: all uses of a variable vote on whether they think it should - be a double or a JSValue, based on how they use it. If they use it in an integer - or boxed value context, they vote JSValue. If they use it in a double context, - they vote double. This voting is interleaved in the propagator's fixpoint, so - that variables voted double then have a double prediction propagated from them. - This interleaving is needed because a variable that actually always contains an - integer that always gets used in arithmetic that involves doubles may end up - being voted double, which then means that all uses of the variable will see a - double rather than an integer. - - This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7% - to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to - Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial. - It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar - results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall - win on SunSpider. - - * bytecode/ValueRecovery.h: - (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble): - (JSC::ValueRecovery::dump): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::boxDouble): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::noticeOSREntry): - * dfg/DFGOSREntry.cpp: - (JSC::DFG::prepareOSREntry): - * dfg/DFGOSREntry.h: - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::vote): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (JSC::DFG::Propagator::propagatePredictions): - (JSC::DFG::Propagator::fixupNode): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::ValueSource::dump): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::VariableAccessData): - (JSC::DFG::VariableAccessData::clearVotes): - (JSC::DFG::VariableAccessData::vote): - (JSC::DFG::VariableAccessData::doubleVoteRatio): - (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): - (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): - (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): - * runtime/Arguments.cpp: - (JSC::Arguments::tearOff): - * runtime/Heuristics.cpp: - (JSC::Heuristics::initializeHeuristics): - * runtime/Heuristics.h: - -2011-12-13 Anders Carlsson - - Try to fix the Windows build. - - Remove the callOnMainThread overload that takes a WTF::Function since it's not being used. - - * wtf/MainThread.cpp: - * wtf/MainThread.h: - -2011-12-13 Anders Carlsson - - Add a very bare-bones implementation of bind and Function to WTF - https://bugs.webkit.org/show_bug.cgi?id=74462 - - Reviewed by Sam Weinig. - - In order to make it easier to package up function calls and send them across - threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new - wtf/Functional.h header. - - Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied, - but I'll add more as the need arises. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/Functional.h: Added. - (WTF::R): - (WTF::FunctionImplBase::~FunctionImplBase): - (WTF::FunctionWrapper::ResultType): - (WTF::FunctionBase::isNull): - (WTF::FunctionBase::FunctionBase): - (WTF::FunctionBase::impl): - (WTF::bind): - * wtf/MainThread.cpp: - (WTF::callFunctionObject): - (WTF::callOnMainThread): - * wtf/MainThread.h: - * wtf/wtf.pro: - -2011-12-13 Geoffrey Garen - - GC Crash introduced in r102545 - - Reviewed by Gavin Barraclough. - - MarkedArgumentBuffer was still marking items in forwards order, even though - the argument order has been reversed. - - I fixed this bug, and replaced address calculation code with some helper - functions -- mallocBase() and slotFor() -- so it stays fixed everywhere. - - * runtime/ArgList.cpp: - (JSC::MarkedArgumentBuffer::markLists): - (JSC::MarkedArgumentBuffer::slowAppend): - * runtime/ArgList.h: - (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): - (JSC::MarkedArgumentBuffer::at): - (JSC::MarkedArgumentBuffer::append): - (JSC::MarkedArgumentBuffer::last): - (JSC::MarkedArgumentBuffer::slotFor): - (JSC::MarkedArgumentBuffer::mallocBase): - -2011-12-13 Filip Pizlo - - DFG OSR exit for UInt32ToNumber should roll forward, not roll backward - https://bugs.webkit.org/show_bug.cgi?id=74463 - - Reviewed by Gavin Barraclough. - - Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing - how to execute the slow path of UInt32ToNumber. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::lastOSRExit): - * bytecode/CodeOrigin.h: - (JSC::CodeOrigin::operator!=): - * bytecode/ValueRecovery.h: - (JSC::ValueRecovery::uint32InGPR): - (JSC::ValueRecovery::gpr): - (JSC::ValueRecovery::dump): - * dfg/DFGAssemblyHelpers.cpp: - * dfg/DFGAssemblyHelpers.h: - * dfg/DFGOSRExit.h: - (JSC::DFG::OSRExit::valueRecoveryForOperand): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-13 Oliver Hunt - - Arguments object doesn't handle mutation of length property correctly - https://bugs.webkit.org/show_bug.cgi?id=74454 - - Reviewed by Gavin Barraclough. - - Correct handling of arguments objects with overridden length property - - * interpreter/Interpreter.cpp: - (JSC::loadVarargs): - * runtime/Arguments.cpp: - (JSC::Arguments::copyToArguments): - (JSC::Arguments::fillArgList): - -2011-12-13 Filip Pizlo - - DFG GetByVal CSE rule should match PutByValAlias - https://bugs.webkit.org/show_bug.cgi?id=74390 - - Reviewed by Geoff Garen. - - Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::getByValLoadElimination): - -2011-12-13 Andy Wingo - - Fix interpreter debug build. - https://bugs.webkit.org/show_bug.cgi?id=74439 - - Reviewed by Geoffrey Garen. - - * bytecode/ValueRecovery.h: Include stdio.h on debug builds. - -2011-12-13 Filip Pizlo - - DFG should know exactly why recompilation was triggered - https://bugs.webkit.org/show_bug.cgi?id=74362 - - Reviewed by Oliver Hunt. - - Each OSR exit is now individually counted, as well as counting the total number - of OSR exits that occurred in a code block. If recompilation is triggered, we - check to see if there are OSR exit sites that make up a sufficiently large - portion of the total OSR exits that occurred. For any such OSR exit sites, we - add a description of the site (bytecode index, kind) to a data structure in the - corresponding baseline CodeBlock. Then, when we recompile the code, we immediately - know which speculations would be unwise based on the fact that previous such - speculations proved to be fruitless. - - This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue, - and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less - than 0.5%. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::tallyFrequentExitSites): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::addFrequentExitSite): - (JSC::CodeBlock::exitProfile): - (JSC::CodeBlock::reoptimize): - (JSC::CodeBlock::tallyFrequentExitSites): - * bytecode/DFGExitProfile.cpp: Added. - (JSC::DFG::ExitProfile::ExitProfile): - (JSC::DFG::ExitProfile::~ExitProfile): - (JSC::DFG::ExitProfile::add): - (JSC::DFG::QueryableExitProfile::QueryableExitProfile): - (JSC::DFG::QueryableExitProfile::~QueryableExitProfile): - * bytecode/DFGExitProfile.h: Added. - (JSC::DFG::exitKindToString): - (JSC::DFG::exitKindIsCountable): - (JSC::DFG::FrequentExitSite::FrequentExitSite): - (JSC::DFG::FrequentExitSite::operator!): - (JSC::DFG::FrequentExitSite::operator==): - (JSC::DFG::FrequentExitSite::hash): - (JSC::DFG::FrequentExitSite::bytecodeOffset): - (JSC::DFG::FrequentExitSite::kind): - (JSC::DFG::FrequentExitSite::isHashTableDeletedValue): - (JSC::DFG::FrequentExitSiteHash::hash): - (JSC::DFG::FrequentExitSiteHash::equal): - (JSC::DFG::QueryableExitProfile::hasExitSite): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock): - (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::OSRExit): - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): - * dfg/DFGOSRExit.h: - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): - (JSC::DFG::SpeculativeJIT::compileGetByValOnString): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): - (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject): - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - (JSC::DFG::SpeculativeJIT::compileArithMul): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * runtime/Heuristics.cpp: - (JSC::Heuristics::initializeHeuristics): - * runtime/Heuristics.h: - -2011-12-13 Michael Saboff - - Cleanup of StringImpl::equal in r102631 post commit - https://bugs.webkit.org/show_bug.cgi?id=74421 - - Reviewed by Darin Adler. - - * wtf/text/AtomicString.h: - (WTF::operator==): Removed cast no longer needed. - * wtf/text/StringImpl.h: - (WTF::equal): Changed template to several overloaded methods. - -2011-12-12 Michael Saboff - - Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h - https://bugs.webkit.org/show_bug.cgi?id=73622 - - Reviewed by Oliver Hunt. - - Moved equal(charType1 *, charType2, unsigned) template methods - from static StringImpl.cpp to StringImpl.h and then replaced the - processor specific character comparison code in StringHash::equal - with calls to these methods. - - This change is worth 3% on SunSpider string-unpack-code as reported - by the SunSpider command line harness. No other tests appear to - have measurable performance changes. - - * wtf/text/AtomicString.h: - (WTF::operator==): - * wtf/text/StringHash.h: - (WTF::StringHash::equal): - * wtf/text/StringImpl.cpp: - * wtf/text/StringImpl.h: - (WTF::LChar): - (WTF::UChar): - (WTF::equal): - -2011-12-12 Filip Pizlo - - ARMv7 version of DFG soft modulo does register allocation inside of control flow - https://bugs.webkit.org/show_bug.cgi?id=74354 - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - -2011-12-12 Andy Wingo - - Simplify autotools configure.ac - https://bugs.webkit.org/show_bug.cgi?id=74312 - - Reviewed by Martin Robinson. - - * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags. - -2011-12-12 Filip Pizlo - - DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber - https://bugs.webkit.org/show_bug.cgi?id=74329 - - Reviewed by Gavin Barraclough. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::getByValLoadElimination): - -2011-12-09 Alexander Pavlov - - WebKit does not enumerate over CSS properties in HTMLElement.style - https://bugs.webkit.org/show_bug.cgi?id=23946 - - Reviewed by Darin Adler. - - Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, - introduce an std::sort() comparator function. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/WTFString.h: - (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. - -2011-12-12 Alexander Pavlov - - Unreviewed, build fix. - - Revert r102570 which broke SnowLeopard builders. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/WTFString.h: - -2011-12-09 Alexander Pavlov - - WebKit does not enumerate over CSS properties in HTMLElement.style - https://bugs.webkit.org/show_bug.cgi?id=23946 - - Reviewed by Darin Adler. - - Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, - introduce an std::sort() comparator function. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/WTFString.h: - (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. - -2011-12-12 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: - -2011-12-11 Sam Weinig - - Fix another signed vs. unsigned warning - - * runtime/ArgList.h: - (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): - -2011-12-11 Sam Weinig - - Fix a signed vs. unsigned warning. - - * runtime/ArgList.cpp: - (JSC::MarkedArgumentBuffer::slowAppend): - Cast inlineCapacity to an int to appease the warning. This is known OK - since inlineCapacity is defined to be 8. - -2011-12-11 Geoffrey Garen - - Rolled out *another* debugging change I committed accidentally. - - Unreviewed. - - * Configurations/Base.xcconfig: - -2011-12-11 Geoffrey Garen - - Rolled out a debug counter I committed accidentally. - - Unreviewed. - - * jit/JITStubs.cpp: - (JSC::arityCheckFor): - -2011-12-10 Geoffrey Garen - - v8 benchmark takes 12-13 million function call slow paths due to extra arguments - https://bugs.webkit.org/show_bug.cgi?id=74244 - - Reviewed by Filip Pizlo. - - .arguments function of order the Reversed - - 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken - and SunSpider. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface - to this function is an argument number. - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitConstruct): - (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame - helper functions for computing offsets for arguments, rather than doing - the math by hand. - - Switched to iterating argument offsets backwards (--) instead of forwards (++). - - * bytecompiler/BytecodeGenerator.h: - (JSC::CallArguments::thisRegister): - (JSC::CallArguments::argumentRegister): - (JSC::CallArguments::registerOffset): Updated for arguments being reversed. - - * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::setArgument): - (JSC::DFG::ByteCodeParser::flush): - (JSC::DFG::ByteCodeParser::addCall): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::handleMinMax): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices - that just-in-time convert to bytecode operands (i.e., indexes in the register - file) through helper functions. This means only one piece of code needs - to know how arguments are laid out in the register file. - - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): Ditto. - - * dfg/DFGGraph.h: - (JSC::DFG::Graph::valueProfileFor): Ditto. - - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch: - Treat too many arguments as an arity match. - - * dfg/DFGOSRExit.h: - (JSC::DFG::OSRExit::variableForIndex): - (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above. - - * dfg/DFGOperands.h: - (JSC::DFG::operandToArgument): - (JSC::DFG::argumentToOperand): These are now the only two lines of code in - the DFG compiler that know how arguments are laid out in memory. - - (JSC::DFG::Operands::operand): - (JSC::DFG::Operands::setOperand): Use helper functions, as above. - - * dfg/DFGOperations.cpp: The whole point of this patch: - Treat too many arguments as an arity match. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. - - Also, don't tag the caller frame slot as a cell, because it's not a cell. - - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above. - - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed - argument virtual register instead of recomputing by hand. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callFrameSlot): - (JSC::DFG::SpeculativeJIT::argumentSlot): - (JSC::DFG::SpeculativeJIT::callFrameTagSlot): - (JSC::DFG::SpeculativeJIT::callFramePayloadSlot): - (JSC::DFG::SpeculativeJIT::argumentTagSlot): - (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper - functions for dealing with callee arguments specifically. These still - build on top of our other helper functions, and have no direct knowledge - of how arguments are laid out in the register file. - - (JSC::DFG::SpeculativeJIT::resetCallArguments): - (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to - argumentOffset to match CallFrame naming. - - (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper - functions, as above. - - * interpreter/CallFrame.h: - (JSC::ExecState::argumentOffset): - (JSC::ExecState::argumentOffsetIncludingThis): - (JSC::ExecState::argument): - (JSC::ExecState::setArgument): - (JSC::ExecState::thisArgumentOffset): - (JSC::ExecState::thisValue): - (JSC::ExecState::setThisValue): - (JSC::ExecState::offsetFor): - (JSC::ExecState::hostThisRegister): - (JSC::ExecState::hostThisValue): Added a bunch of helper functions for - computing where an argument is in the register file. Anything in the - runtime that needs to access arguments should use these helpers. - - * interpreter/CallFrameClosure.h: - (JSC::CallFrameClosure::setThis): - (JSC::CallFrameClosure::setArgument): - (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now - that too many arguments counts as an arity match and doesn't require - preserving two copies of our arguments. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something - special if the caller provided too few arguments. - - Key simplification: We never need to maintain two copies of our arguments - anymore. - - (JSC::eval): - (JSC::loadVarargs): Use helper functions. - - (JSC::Interpreter::unwindCallFrame): Updated for new interface. - - (JSC::Interpreter::execute): - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): - (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper - functions. - - (JSC::Interpreter::privateExecute): No need to check for stack overflow - when calling host functions because they have zero callee registers. - - (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments - object, since there's no special constructor for this anymore. - - * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some - workers tests were hitting stack overflow in some of my testing. We should - make this test more exact in future. - - * interpreter/RegisterFile.h: Death to all runtime knowledge of argument - location that does not belong to the CallFrame class! - - * jit/JIT.cpp: - (JSC::JIT::privateCompile): I am a broken record and I use helper functions. - - Also, the whole point of this patch: Treat too many arguments as an arity match. - - * jit/JITCall32_64.cpp: - (JSC::JIT::compileLoadVarargs): - * jit/JITCall.cpp: - (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use - helper functions, for backwards-correctness. Removed the condition - pertaining to declared argument count because, now that arguments are - always in just one place, this optimization is valid for all functions. - Standardized the if predicate for each line of the optimization. This might - fix a bug, but I couldn't get the bug to crash in practice. - - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_create_arguments): - (JSC::JIT::emit_op_get_argument_by_val): - (JSC::JIT::emitSlow_op_get_argument_by_val): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_create_arguments): - (JSC::JIT::emit_op_get_argument_by_val): - (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params - optimization because it's no longer an optimization, now that arguments - are always contiguous in a known location. - - Updated argument access opcode math for backwards-correctness. - - * jit/JITStubs.cpp: - (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This - function is slightly different because it copies the call frame in - addition to the arguments. (In the Interpreter, the call frame is not - set up by this point.) - - (JSC::lazyLinkFor): The whole point of this patch: Treat too many - arguments as an arity match. - - (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff(). - - * jit/JITStubs.h: - * jit/SpecializedThunkJIT.h: - (JSC::SpecializedThunkJIT::loadDoubleArgument): - (JSC::SpecializedThunkJIT::loadCellArgument): - (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They - build strong bones and teeth! - - * runtime/ArgList.cpp: - (JSC::ArgList::getSlice): - (JSC::MarkedArgumentBuffer::slowAppend): - * runtime/ArgList.h: - (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer): - (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): - (JSC::MarkedArgumentBuffer::at): - (JSC::MarkedArgumentBuffer::clear): - (JSC::MarkedArgumentBuffer::append): - (JSC::MarkedArgumentBuffer::removeLast): - (JSC::MarkedArgumentBuffer::last): - (JSC::ArgList::ArgList): - (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't - play nice with backwards-ness, so I changed to using manual allocation. - - Fixed a FIXME about not all values being marked in the case of out-of-line - arguments. I had to rewrite the loop anyway, and I didn't feel like - maintaining fidelity to its old bugs. - - * runtime/Arguments.cpp: - (JSC::Arguments::visitChildren): - (JSC::Arguments::copyToArguments): - (JSC::Arguments::fillArgList): - (JSC::Arguments::getOwnPropertySlotByIndex): - (JSC::Arguments::getOwnPropertySlot): - (JSC::Arguments::getOwnPropertyDescriptor): - (JSC::Arguments::putByIndex): - (JSC::Arguments::put): - (JSC::Arguments::tearOff): - * runtime/Arguments.h: - (JSC::Arguments::create): - (JSC::Arguments::Arguments): - (JSC::Arguments::argument): - (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted - lots of tricky code designed to maintain two different copies of function - arguments. Now that arguments are always contiguous in one place in memory, - this complexity can go away. - - Reduced down to one create function for the Arguments class, from three. - - Moved tearOff() into an out-of-line function because it's huge. - - Moved logic about whether to tear off eagerly into the Arguments class, - so we didn't have to duplicate it elsewhere. - - * runtime/JSActivation.cpp: - (JSC::JSActivation::JSActivation): - (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to - m_numCapturedArgs because if the value really were m_numParametersMinusThis - we would be marking too much. (We shouldn't mark 'this' because it can't - be captured.) Also, use helper functions. - - * runtime/JSActivation.h: - (JSC::JSActivation::tearOff): Use helper functions. - - * runtime/JSArray.cpp: - (JSC::JSArray::copyToArguments): - * runtime/JSArray.h: Use helper functions, as above. - -2011-12-10 Mark Hahnenberg - - JSC testapi is crashing on Windows - https://bugs.webkit.org/show_bug.cgi?id=74233 - - Reviewed by Sam Weinig. - - Same error we've encountered before where we are calling the wrong version of - visitChildren and objects that are still reachable aren't getting marked. - This problem will go away soon with the removal of vptrs for these sorts of - optimizations in favor of using the ClassInfo, but for now we can simply give - JSFinalObject a bogus virtual method that Visual Studio can't optimize away to - ensure that JSFinalObject will always have a unique vptr. We don't have to worry - about JSString or JSArray right now, which are the other two special cases for - visitChildren, since they already have their own virtual functions. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/JSObject.cpp: - (JSC::JSFinalObject::vtableAnchor): - * runtime/JSObject.h: - -2011-12-10 Alexis Menard - - Unused variable in YarrJIT.cpp. - https://bugs.webkit.org/show_bug.cgi?id=74237 - - Reviewed by Andreas Kling. - - Variable is set but not used so we can remove it. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - -2011-12-09 Filip Pizlo - - DFG ArithMul power-of-two case does not check for overflow - https://bugs.webkit.org/show_bug.cgi?id=74230 - - Reviewed by Gavin Barraclough. - - Disabled power-of-2 peephole optimization for multiplication, because it was wrong, - and any attempt to fix it would likely introduce code bloat and register pressure. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileArithMul): - -2011-12-09 David Levin - - REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock - https://bugs.webkit.org/show_bug.cgi?id=73886 - - Reviewed by Darin Adler. - - * runtime/SymbolTable.h: - (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for - another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads. - Bug 58091 is about changing these deprecated calls to something else but that something - else will still need to be in all of these places. - -2011-12-09 Konrad Piascik - - Remove unnecessary file DissasemblerARM.cpp from build system - https://bugs.webkit.org/show_bug.cgi?id=74184 - - Reviewed by Daniel Bates. - - * PlatformBlackBerry.cmake: - -2011-12-09 Filip Pizlo - - DFG's interpretation of rare case profiles should be frequency-based not count-based - https://bugs.webkit.org/show_bug.cgi?id=74170 - - Reviewed by Geoff Garen. - - DFG optimizes for rare cases only when the rare case counter is above some threshold - and it also constitutes a large enough fraction of total function executions. Also - added some minor debug logic. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::CodeBlock): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::likelyToTakeSlowCase): - (JSC::CodeBlock::couldTakeSlowCase): - (JSC::CodeBlock::likelyToTakeSpecialFastCase): - (JSC::CodeBlock::likelyToTakeDeepestSlowCase): - (JSC::CodeBlock::likelyToTakeAnySlowCase): - (JSC::CodeBlock::executionEntryCount): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * runtime/Heuristics.cpp: - (JSC::Heuristics::initializeHeuristics): - * runtime/Heuristics.h: - -2011-12-09 Oliver Hunt - - PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage - https://bugs.webkit.org/show_bug.cgi?id=74223 - - Reviewed by Geoffrey Garen. - - Don't clobber GetIndexedPropertyStorage when we see PutByValAlias - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - -2011-12-09 David Levin - - Hash* iterators should allow comparison between const and const versions. - https://bugs.webkit.org/show_bug.cgi?id=73370 - - Reviewed by Darin Adler. - - * wtf/HashTable.h: Add the operators needed to do this. - (WTF::HashTableConstIterator::operator==): - (WTF::HashTableConstIterator::operator!=): - (WTF::HashTableIterator::operator==): - (WTF::HashTableIterator::operator!=): - (WTF::operator==): - (WTF::operator!=): - -2011-12-09 Michael Saboff - - YARR: Multi-character read optimization for 8bit strings - https://bugs.webkit.org/show_bug.cgi?id=74191 - - Reviewed by Oliver Hunt. - - Changed generatePatternCharacterOnce to generate - code for 1 to 4 characters in the 8 bit case. - This is worth 29% improvement on SunSpider regexp-dna test. - It provides no benefit to v8-regexp. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment. - -2011-12-09 David Levin - - Regression(r53595): Sync xhr requests in workers aren't terminated on worker close. - https://bugs.webkit.org/show_bug.cgi?id=71695 - - Reviewed by Zoltan Herczeg. - - * wtf/MessageQueue.h: - (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages - even after the queue has been killed. This is useful when one wants to - kill a queue but then go through it to run clean up tasks from it. - -2011-12-09 Adrienne Walker - - Fix HashMap<..., OwnPtr<...> >::add compilation errors - https://bugs.webkit.org/show_bug.cgi?id=74159 - - Reviewed by Darin Adler. - - Add a constructor to OwnPtr that takes the empty value (nullptr_t) - from HashTraits so that this function can compile. - - * wtf/OwnPtr.h: - (WTF::OwnPtr::OwnPtr): - -2011-12-09 Oliver Hunt - - Avoid reloading storage pointer for indexed properties unnecessarily - https://bugs.webkit.org/show_bug.cgi?id=74136 - - Reviewed by Filip Pizlo. - - Add a node to represent loading property storage for indexed properties. - This allows us to reduce code generated for sequential access of arrays, - strings, etc. This results in up to 5% improvement in code that is - very heavy on indexed reads, such as matrix operations in typed arrays - and 20% faster on microbenchmarks. - - Currently this is only supported by GetByVal and other similar indexed reads. - - * bytecode/PredictedType.h: - (JSC::isFixedIndexedStorageObjectPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): - (JSC::DFG::SpeculativeJIT::compileGetByValOnString): - (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-08 Fady Samuel - - [Chromium] Enable viewport metatag - https://bugs.webkit.org/show_bug.cgi?id=73495 - - Reviewed by Darin Fisher. - - * wtf/Platform.h: Added ENABLE(VIEWPORT) tag. - -2011-12-08 Adam Klein - - Use HashMap> in ChildListMutationScope - https://bugs.webkit.org/show_bug.cgi?id=73964 - - Reviewed by Darin Adler. - - * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs. - -2011-12-08 Thouraya ANDOLSI - - https://bugs.webkit.org/show_bug.cgi?id=74005 - fix unaligned access memory in generatePatternCharacterOnce function - for SH4 platforms. - - Reviewed by Gavin Barraclough. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::load16Unaligned): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::load16Unaligned): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::load16Unaligned): - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::lshift32): - (JSC::MacroAssemblerSH4::load8): - (JSC::MacroAssemblerSH4::load16): - (JSC::MacroAssemblerSH4::load16Unaligned): - (JSC::MacroAssemblerSH4::branch8): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::load16Unaligned): - * jit/JIT.h: - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - -2011-12-08 Michael Saboff - - Add 8 bit paths for StringTypeAdapter classes - https://bugs.webkit.org/show_bug.cgi?id=73882 - - Reviewed by Darin Adler. - - Added is8Bit() method and writeTo(LChar*) methods - to StringTypeAdapter<> classes. The writeTo(LChar*) - method can be used if is8Bit() returns true. The - non-native 8 bit classes contain ASSERT(is8Bit()) - in their writeTo(LChar*). - - Updated all of the various versions of tryMakeString() to - use 8 bit processing in the updated StringTypeAdapter<> - classes. - - This has slight if any performance improvement on kraken. - - * runtime/UStringConcatenate.h: - * wtf/text/StringConcatenate.h: - (WTF::tryMakeString): - * wtf/text/StringOperators.h: - (WTF::StringAppend::is8Bit): - (WTF::StringAppend::writeTo): - -2011-12-07 Filip Pizlo - - DFG CSE should know that CheckFunction is pure - https://bugs.webkit.org/show_bug.cgi?id=74044 - - Reviewed by Oliver Hunt. - - Possible slight win on V8, no regressions. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::checkFunctionElimination): - -2011-12-07 Michael Saboff - - StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing. - https://bugs.webkit.org/show_bug.cgi?id=73995 - - Reviewed by Geoffrey Garen. - - Problem was that a call to characters on an StringImpl associated - with a StringBuilder that is being appended to gets stale. - Added a new m_valid16BitShadowlen that keeps the length of - the 16 bit shadow that has been upconverted or will be up converted - with the first getCharacters(). When StringBuilder::characters or - ::reifyString is called, further characters are upconverted if - we have a shadow16bit copy and the m_valid16BitShadowlen is updated. - - * JavaScriptCore.exp: - * wtf/text/StringBuilder.cpp: - (WTF::StringBuilder::reifyString): - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::StringBuilder): - (WTF::StringBuilder::characters): - (WTF::StringBuilder::clear): Cleaned up as part of the change. - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::getData16SlowCase): - (WTF::StringImpl::upconvertCharacters): - * wtf/text/StringImpl.h: - -2011-12-07 Filip Pizlo - - Compare and Swap should be enabled on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=74023 - - Reviewed by Geoff Garen. - - Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC. - It gives the expected speed-up on multi-core ARMv7 devices. - - * wtf/Atomics.h: - (WTF::weakCompareAndSwap): - * wtf/Platform.h: - -2011-12-07 Filip Pizlo - - DFG CSE is overzealous with GetByVal - https://bugs.webkit.org/show_bug.cgi?id=74042 - - Reviewed by Oliver Hunt. - - Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal - is tested in all places that matter. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::byValIsPure): - (JSC::DFG::Propagator::clobbersWorld): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::checkStructureLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::getPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - -2011-12-07 Sheriff Bot - - Unreviewed, rolling out r102267. - http://trac.webkit.org/changeset/102267 - https://bugs.webkit.org/show_bug.cgi?id=74032 - - Breaks build on Chromium Mac Debug (Requested by aklein on - #webkit). - - * wtf/HashTraits.h: - -2011-12-07 Adam Klein - - Use HashMap> in ChildListMutationScope - https://bugs.webkit.org/show_bug.cgi?id=73964 - - Reviewed by Ryosuke Niwa. - - * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null. - -2011-12-07 Filip Pizlo - - Non-Mac devices should benefit from a larger heap - https://bugs.webkit.org/show_bug.cgi?id=74015 - - Reviewed by Geoff Garen. - - Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in - Heap.cpp, and got in the way of having more granular, per-platform control over - what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB). - - * heap/Heap.cpp: - (JSC::GCTimer::heapSizeForHint): - * wtf/Platform.h: - -2011-11-30 Simon Hausmann - - [Qt] V8 build fixes. - - Reviewed by Tor Arne Vestbø. - - * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in - VPATH. Prefix SOURCES correctly and make sure that runtime/ is - in the include search path when building with v8. - -2011-12-06 Filip Pizlo - - Zapping a block that is Marked leads to dead objects being mistaken for live ones - https://bugs.webkit.org/show_bug.cgi?id=73982 - - Reviewed by Geoff Garen. - - Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally, - the code asserts that: - - - If we zap a Marked or Zapped block then the free list is empty, because this - can only happen if the block was never free-listed. - - - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated - blocks are those that cannot be referred to by SizeClass::currentBlock (since - SizeClass::currentBlock only refers to blocks that are candidates for allocation, - and Allocated blocks are those who have been exhausted by allocation and will not - be allocated from again), and New blocks cannot be referred to by anything except - during a brief window inside the allocation slow-path. - - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::zapFreeList): - -2011-12-06 Filip Pizlo - - DFG 32_64 call linking does not handle non-cell callees correctly - https://bugs.webkit.org/show_bug.cgi?id=73965 - - Reviewed by Sam Weinig. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - -2011-12-06 Sam Weinig - - Remove unintentional type name shadowing in the Interpreter - https://bugs.webkit.org/show_bug.cgi?id=73963 - - Reviewed by Oliver Hunt. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable, - which shadows the FunctionExecutable type name, with functionExecutable. - -2011-12-06 Michael Saboff - - r102146 from 73875 broke fast/js/encode-URI-test.html - https://bugs.webkit.org/show_bug.cgi?id=73950 - - Reviewed by Gavin Barraclough. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::globalFuncUnescape): Restructured to handle - the %uHHHH case to output the resulting character - and continue so that a failure in finding 4 hex - digits will fall through and output the '%'. - Due to style check, changed the temporary - character variable to a more descriptive name. - -2011-12-06 Filip Pizlo - - GC zapping logic could benefit from some more assertions - https://bugs.webkit.org/show_bug.cgi?id=73947 - - Reviewed by Gavin Barraclough. - - - If you're in a zapped block and you're zapped, then your mark bit should - never be set. - - - If you're being marked, then you should never be zapped. - - * heap/MarkedBlock.h: - (JSC::MarkedBlock::isLive): - * runtime/Structure.h: - (JSC::MarkStack::internalAppend): - -2011-12-06 Oliver Hunt - - Don't allocate register in typedarray control flow - https://bugs.webkit.org/show_bug.cgi?id=73944 - - Reviewed by Gavin Barraclough. - - Move a temporary allocation outside of control flow. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - -2011-12-06 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=68328 - The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant - - Reviewed by Geoff Garen. - - Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions - that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the - hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select - a thunk genertaor to use based on the Intrinsic. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * create_hash_table: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - * dfg/DFGCapabilities.h: - * dfg/DFGIntrinsic.h: Removed. - * jit/JITStubs.cpp: - (JSC::JITThunks::hostFunctionStub): - * jit/JITStubs.h: - * runtime/Executable.cpp: - (JSC::ExecutableBase::intrinsic): - (JSC::NativeExecutable::intrinsic): - * runtime/Executable.h: - (JSC::ExecutableBase::intrinsicFor): - (JSC::NativeExecutable::create): - (JSC::NativeExecutable::finishCreation): - * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h. - * runtime/JSGlobalData.cpp: - (JSC::thunkGeneratorForIntrinsic): - (JSC::JSGlobalData::getHostFunction): - * runtime/JSGlobalData.h: - * runtime/Lookup.cpp: - (JSC::HashTable::createTable): - (JSC::setUpStaticFunctionSlot): - * runtime/Lookup.h: - (JSC::HashEntry::initialize): - (JSC::HashEntry::intrinsic): - -2011-12-06 Michael Saboff - - Add 8 bit paths to global object functions - https://bugs.webkit.org/show_bug.cgi?id=73875 - - Added 8 bit paths for converions methods. - - This is worth 1.5% on kraken audio-oscillator, - 1.6% on stanford-crypto-ccm and 2.5% on - stanford-crypto-sha256-iterative. See bug for - a full report. - - Reviewed by Oliver Hunt. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::decode): Split into a templated helper. - (JSC::parseInt): Split into a templated helper. - (JSC::parseFloat): Added an 8 bit path - (JSC::globalFuncEscape): Added 8 bit path - (JSC::globalFuncUnescape): Added 8 bit path - * runtime/JSStringBuilder.h: - (JSC::JSStringBuilder::append): New append for LChar - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::append): New append for LChar - -2011-11-21 Balazs Kelemen - - Enable ParallelJobs by default - https://bugs.webkit.org/show_bug.cgi?id=70032 - - Reviewed by Zoltan Herczeg. - - According to measurements on Mac and Linux it is a - considerable speedup for SVG on multicore. - - Remove the ENABLE(PARALLEL_JOBS) guard. - Fix build on Windows and Chromium. - - * JavaScriptCore.gypi: Add the files to the build. It was - missing for the gyp build system. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - Export symbols. - * wtf/ParallelJobs.h: - * wtf/ParallelJobsGeneric.cpp: - (WTF::ParallelEnvironment::ParallelEnvironment): - (WTF::ParallelEnvironment::execute): - Deinline these to avoid exporting a lot of symbols. - These are non-trivial and called only once on a given object - so it doesn't seems to be worthwile to inline them. - Additionally fix a signed-unsigned comparison in the constructor. - * wtf/ParallelJobsGeneric.h: - * wtf/Platform.h: - -2011-12-06 Simon Hausmann - - [Qt] build-jsc script doesn't work - https://bugs.webkit.org/show_bug.cgi?id=73910 - - Reviewed by Tor Arne Vestbø. - - * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC - (moved from top-level WebKit.pro). Also add v8 scopes to only build - WTF during v8 builds. - -2011-12-05 Anders Carlsson - - Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11. - - Reviewed by Darin Adler. - - * wtf/HashMap.h: - -2011-12-05 Michael Saboff - - Create StringImpl::empty() as an 8 bit string - https://bugs.webkit.org/show_bug.cgi?id=73871 - - Reviewed by Oliver Hunt. - - * wtf/text/StringStatics.cpp: - (WTF::StringImpl::empty): Changed to be an 8 bit string. - -2011-12-05 Darin Adler - - Convert JSClassRef to use HashMap - https://bugs.webkit.org/show_bug.cgi?id=73780 - - Reviewed by Andreas Kling. - - * API/JSCallbackObjectFunctions.h: - (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map - entries because the hash map now has an OwnPtr instead of a raw pointer. - - * API/JSClassRef.cpp: - (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and - m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating. - Removed the code that gets and deletes existing entries, and just use set, - which now handles deletion automatically due to it being OwnPtr. - (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion - with assertion-only NDEBUG-only code. - (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when - allocating. Use OwnPtr when adding. Removed unneeded code to set - staticValues and staticFunctions to 0. Removed unneeded destructor. - (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local. - (OpaqueJSClass::staticFunctions): Ditto. - (OpaqueJSClass::prototype): Added use of adoptPtr. - - * API/JSClassRef.h: Made the static values and static functions tables - use OwnPtr for the entries. Also used OwnPtr for the pointers to the - tables themselves. Also removed ~OpaqueJSClassContextData(), letting - the compiler generate it. - -2011-12-05 Oliver Hunt - - Land uncommitted bit of float array support - https://bugs.webkit.org/show_bug.cgi?id=73873 - - Reviewed by Filip Pizlo. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - -2011-12-05 Benjamin Poulain - - Update String::containsOnlyASCII() to handle 8 bits strings - https://bugs.webkit.org/show_bug.cgi?id=73799 - - Reviewed by Darin Adler. - - Implement String::containsOnlyASCII() so that it does not - call String::characters(). - - * wtf/text/WTFString.h: - (WTF::String::containsOnlyASCII): - -2011-12-05 Filip Pizlo - - Unreviewed build fix for non-DFG platforms. - - * dfg/DFGRepatch.h: - -2011-12-05 Filip Pizlo - - Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they - were compact offsets - https://bugs.webkit.org/show_bug.cgi?id=73861 - - Reviewed by Gavin Barraclough. - - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::resetPatchPutById): - -2011-12-05 Filip Pizlo - - Unreviewed, build fixes for ARM. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::unreachableForPlatform): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::loadDouble): - (JSC::MacroAssemblerARMv7::loadFloat): - (JSC::MacroAssemblerARMv7::storeFloat): - (JSC::MacroAssemblerARMv7::convertFloatToDouble): - (JSC::MacroAssemblerARMv7::convertDoubleToFloat): - -2011-12-05 Benjamin Poulain - - Update String::containsOnlyLatin1() to avoid converting to 16 bits - https://bugs.webkit.org/show_bug.cgi?id=73797 - - Reviewed by Andreas Kling. - - When the String use 8bits StringImpl, there is no need to iterate - over the string. - - The function charactersAreAllLatin1() is removed because it is not - used anywhere. - - * wtf/text/WTFString.h: - (WTF::String::containsOnlyLatin1): - -2011-12-05 Michael Saboff - - 8 bit string work slows down Kraken json-stringify-tinderbox - https://bugs.webkit.org/show_bug.cgi?id=73457 - - Added 8 bit path to StringBuilder. StringBuilder starts - assuming 8 bit contents and gets converted to 16 bit upon - seeing the first 16 bit character or string. Split - appendUninitialiezed into an inlined fast and function call - slow case. - - Factored out the processing of the UString argument from - Stringifier::appendQuotedString() to a static templated function - based on character size. - - This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox. - This change introduces a 4.8% slowdown to json-parse-financial. - This slowdown will be addressed in a subsequent patch to StringImpl::equal. - - Reviewed by Oliver Hunt. - - * runtime/JSONObject.cpp: - (JSC::appendStringToUStringBuilder): - (JSC::Stringifier::appendQuotedString): - * wtf/text/StringBuilder.cpp: - (WTF::StringBuilder::resize): - (WTF::StringBuilder::allocateBuffer): - (WTF::StringBuilder::allocateBufferUpConvert): - (WTF::LChar): - (WTF::UChar): - (WTF::StringBuilder::reserveCapacity): - (WTF::StringBuilder::appendUninitialized): - (WTF::StringBuilder::appendUninitializedSlow): - (WTF::StringBuilder::append): - (WTF::StringBuilder::shrinkToFit): - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::StringBuilder): - (WTF::StringBuilder::append): - (WTF::StringBuilder::operator[]): - (WTF::StringBuilder::characters8): - (WTF::StringBuilder::characters16): - (WTF::StringBuilder::charactersBlah): - (WTF::LChar): - (WTF::UChar): - -2011-12-01 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=73624 - JIT + INTERPRETER builds are broken - - Reviewed by Geoff Garen, Sam Weinig. - - These don't fallback to the interpreter correctly. - Thunk creation assumes that is the JIT is compiled in, then it is enabled. - - * jit/JITStubs.cpp: - (JSC::JITThunks::JITThunks): - * runtime/Executable.h: - (JSC::NativeExecutable::create): - (JSC::NativeExecutable::finishCreation): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::getHostFunction): - -2011-12-05 Zoltan Herczeg - - MacroAssemblerSH4 does not implement readCallTarget - https://bugs.webkit.org/show_bug.cgi?id=73434 - - Reviewed by Csaba Osztrogonác. - - * assembler/MacroAssemblerSH4.h: Support for SH4. - (JSC::MacroAssemblerSH4::readCallTarget): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::readCallTarget): - -2011-12-04 Filip Pizlo - - DFG should optimize strict equality - https://bugs.webkit.org/show_bug.cgi?id=73764 - - Reviewed by Oliver Hunt. - - 1% speed-up on V8. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compare): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - (JSC::DFG::SpeculativeJIT::compileStrictEq): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compileIntegerCompare): - (JSC::DFG::SpeculativeJIT::compileDoubleCompare): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compileIntegerCompare): - (JSC::DFG::SpeculativeJIT::compileDoubleCompare): - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-03 Darin Adler - - Use HashMap for ScriptSampleRecordMap - https://bugs.webkit.org/show_bug.cgi?id=73758 - - Reviewed by Andreas Kling. - - * bytecode/SamplingTool.cpp: - (JSC::SamplingTool::notifyOfScope): Added adoptPtr. - (JSC::SamplingTool::dump): Added get. - * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr. - -2011-12-03 Darin Adler - - Use HashMap for the opaqueJSClassData map - https://bugs.webkit.org/show_bug.cgi?id=73759 - - Reviewed by Andreas Kling. - - * API/JSClassRef.cpp: - (OpaqueJSClass::contextData): Update types. - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the - timing the same. If we didn't care about the order of operations, we could remove this, too. - * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the - opaqueJSClassData map. - -2011-12-03 Darin Adler - - Change HashMap implementation to use the pass type and peek type from traits for the mapped value - https://bugs.webkit.org/show_bug.cgi?id=72474 - - Reviewed by Anders Carlsson. - - * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType, - and PeekType from the traits of the mapped value instead of hard-coding them here. - Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself, - to accomodate a PassInType that can't be copied. Use the store, peek, and passOut - functions from the traits as well. - - * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include - PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had - an earlier version that was just PassType, PeekType, pass, and peek. Also commented - the HashTraits for RefPtr to foreshadow some work we can do there. - - * wtf/RefPtrHashMap.h: Same changes as HashMap.h. - -2011-12-02 David Levin - - Rename WTF class from TemporarilyChange to TemporaryChange. - https://bugs.webkit.org/show_bug.cgi?id=73479 - - Reviewed by Eric Seidel. - - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h. - (WTF::TemporaryChange::TemporaryChange): - (WTF::TemporaryChange::~TemporaryChange): - -2011-12-02 Mark Hahnenberg - - REGRESSION (r99754): All layout tests crash on Windows - https://bugs.webkit.org/show_bug.cgi?id=72305 - - Reviewed by Geoffrey Garen. - - Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in - JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of - a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an - incorrect version of visitChildren on the object, which left its children unmarked, causing them to be - collected when they were still reachable. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away. - * runtime/JSFunction.h: - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization - purposes are distinct from one another. - -2011-12-02 Oliver Hunt - - Improve float array support in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=73722 - - Reviewed by Gavin Barraclough. - - Add basic support for float typed arrays in JSC. This is currently - less optimal than it could be in the following ways: - * float32Array1[0] = float32Array2[0] (eg. an element by element copy) - promotes float to double and then back to float. - * float64Array[0] will always perform NaN tests in order to prevent - signalling NaNs from entering the engine. - - We also don't support Float32Array on ARMv7 - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::loadDouble): - (JSC::MacroAssemblerARMv7::loadFloat): - (JSC::MacroAssemblerARMv7::storeDouble): - (JSC::MacroAssemblerARMv7::storeFloat): - (JSC::MacroAssemblerARMv7::convertFloatToDouble): - (JSC::MacroAssemblerARMv7::convertDoubleToFloat): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::loadDouble): - (JSC::MacroAssemblerX86Common::loadFloat): - (JSC::MacroAssemblerX86Common::storeDouble): - (JSC::MacroAssemblerX86Common::storeFloat): - (JSC::MacroAssemblerX86Common::convertDoubleToFloat): - (JSC::MacroAssemblerX86Common::convertFloatToDouble): - * assembler/X86Assembler.h: - (JSC::X86Assembler::cvtsd2ss_rr): - (JSC::X86Assembler::cvtss2sd_rr): - (JSC::X86Assembler::movsd_rm): - (JSC::X86Assembler::movss_rm): - (JSC::X86Assembler::movsd_mr): - (JSC::X86Assembler::movss_mr): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateFloat32Array): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-02 Sheriff Bot - - Unreviewed, rolling out r101801. - http://trac.webkit.org/changeset/101801 - https://bugs.webkit.org/show_bug.cgi?id=73667 - - Build is still broken (Requested by Ossy on #webkit). - - * assembler/SH4Assembler.h: - -2011-12-01 Darin Adler - - Prepare to deploy pass and peek types in the HashMap class - https://bugs.webkit.org/show_bug.cgi?id=73477 - - Reviewed by Adam Roben. - - This patch adds private typedefs inside the HashMap class, - and uses them as appropriate. A future patch will actually - tie those typedefs to hash traits, which will allow us to - make HashMap work with OwnPtr mapped values and to optimize - how HashMap works with RefPtr mapped values. - - Also changed the hash translator and adapter struct templates - to use template functions to simplify them and make them more - flexible. - - Also removed some unused template arguments. - - This goes out of its way to not change behavior. Future patches - will change the peek type to be a reference type, which will - reduce reference count churn a bit for hash tables with RefPtr - mapped values, and then do further optimizations for RefPtr - and OwnPtr by getting types from the hash traits. - - * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType, - and MappedPeekType typedefs, and used them for the arguments - and return types of the get, set, add, take, and inlineAdd - functions. - (WTF::HashMapTranslator): Changed this struct template to take - fewer arguments, and changed its member functions to be - function templates instead. This allows the compiler to - determine types more flexibly and also simplifies use of it. - (WTF::HashMapTranslatorAdapter): Ditto. - (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter. - Also reduced the arguments passed to the HashTable function template. - (WTF::HashMap::contains): Ditto. - (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. - (WTF::HashMap::set): Ditto. - (WTF::HashMap::add): Ditto. - (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. - (WTF::HashMap::get): Ditto. - (WTF::HashMap::take): Ditto, but return MappedPassOutType and use - that type in the implementation. - (WTF::deleteAllValues): Removed unneeded template arguments from - call to deleteAllPairSeconds. - (WTF::deleteAllKeys): Removed unneeded template arguments from - call to deleteAllPairFirsts. - - * wtf/HashSet.h: - (WTF::IdentityExtractor): Changed this to be a struct rather than - a struct template, and replaced the extract function with a function - template. This allows the compiler to deduce the type. - (WTF::HashSetTranslatorAdapter): Changed this struct template to take - fewer arguments, and changed its member functions to be - function templates instead. This allows the compiler to - determine types more flexibly and also simplifies use of it. - (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter. - Also reduced the arguments passed to the HashTable function template. - (WTF::HashSet::contains): Ditto. - (WTF::HashSet::add): Ditto. - - * wtf/HashTable.h: - (WTF::IdentityHashTranslator): Changed this struct template to take - fewer arguments, and changed its member functions to be - function templates instead. This allows the compiler to - determine types more flexibly and also simplifies use of it. - (WTF::HashTable::add): Reduced arguments passed to the function template. - (WTF::HashTable::find): Ditto, also reversed the template arguments so the - translator comes first so the compiler can deduce the other type. - (WTF::HashTable::contains): Ditto. - (WTF::HashTable::lookup): Ditto. - (WTF::HashTable::lookupForWriting): Ditto. - (WTF::HashTable::checkKey): Ditto. - (WTF::HashTable::fullLookupForWriting): Ditto. - (WTF::HashTable::add): Ditto. - (WTF::HashTable::addPassingHashCode): Ditto. - (WTF::HashTable::find): Ditto. - (WTF::HashTable::contains): Ditto. - - * wtf/ListHashSet.h: - (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take - fewer arguments, and changed its member functions to be function templates - instead. This allows the compiler to determine types more flexibly and - also simplifies use of it. - (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable - functon template. - (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the - same way we changed ListHashSetNodeHashFunctions above. - (WTF::ListHashSetTranslatorAdapter::equal): - (WTF::::contains): - (WTF::::add): - (WTF::::insertBefore): - - * wtf/RefPtrHashMap.h: Updated comments. Removed the - RefPtrHashMapRawKeyTranslator struct template; we can use the - HashMapTranslator struct template from HashMap.h instead now that - it is more flexible. Added MappedPassInType, MappedPassOutType, - and MappedPeekType typedefs, and used them for the arguments - and return types of the get, inlineGet, set, add, take, and inlineAdd - functions. Changed the name of the RawKeyTranslator type to - Translator since it's now a class that can handle both raw keys - and conventional keys. - (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator. - Reduced the arguments passed to the HashTable function template. - (WTF::HashMap::contains): Ditto. - (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. - (WTF::HashMap::set): Ditto. - (WTF::HashMap::add): Ditto. - (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. - (WTF::HashMap::get): Ditto. - (WTF::HashMap::take): Ditto, but return MappedPassOutType and use - that type in the implementation. - (WTF::deleteAllValues): Removed unneeded template arguments from - call to deleteAllPairSeconds. - (WTF::deleteAllKeys): Removed unneeded template arguments from - call to deleteAllPairFirsts. - -2011-12-02 Zoltan Herczeg - - MacroAssemblerSH4 does not implement readCallTarget - https://bugs.webkit.org/show_bug.cgi?id=73434 - - Reviewed by Csaba Osztrogonác. - - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::readCallTarget): Support for SH4. - -2011-12-02 Hajime Morrita - - Unreviewed, rolling out r101751 and r101775. - http://trac.webkit.org/changeset/101751 - http://trac.webkit.org/changeset/101775 - https://bugs.webkit.org/show_bug.cgi?id=73191 - - breaks Windows build - - * JavaScriptCore.xcodeproj/project.pbxproj: - * config.h: - * runtime/JSExportMacros.h: Removed. - * wtf/ExportMacros.h: - * wtf/Platform.h: - * wtf/WTFThreadData.h: - * wtf/text/AtomicString.h: - * wtf/text/StringStatics.cpp: - -2011-12-01 Hajime Morrita - - JS_INLINE and WTF_INLINE should be visible from WebCore - https://bugs.webkit.org/show_bug.cgi?id=73191 - - - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. - - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. - - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. - - Reviewed by Kevin Ollivier. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * config.h: - * runtime/JSExportMacros.h: Added. - * wtf/ExportMacros.h: - * wtf/Platform.h: - * wtf/WTFThreadData.h: - * wtf/text/AtomicString.h: - * wtf/text/StringStatics.cpp: - -2011-12-01 Michael Saboff - - Changes proposed for 73457 slow down Kraken json-parse-financial - https://bugs.webkit.org/show_bug.cgi?id=73584 - - Restructured StringImpl::equal to take advantage of 8 or 4 bytes - at a time when possible. - - This is worth ~3% on Kraken json-parse-financial. It provides - ~2% on SunSpider string-unpack-code. - - Reviewed by Sam Weinig. - - * wtf/text/StringImpl.cpp: - (WTF::equal): - -2011-12-01 Oliver Hunt - - Support integer typed arrays in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=73608 - - Reviewed by Filip Pizlo. - - Add support for all the integral typed arrays in the DFG JIT. - Currently this loads the contents of Uint32 arrays as doubles, - which is clearly not as efficient as it could be, but this is - still in the order of 10-20x faster than the existing behaviour. - - This needed us to add support for writing 16bit values to the - macroassembler, and also to support double<->unsigned conversion. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::strh): - (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::store16): - (JSC::MacroAssemblerARMv7::truncateDoubleToUint32): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::store16): - (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): - * assembler/X86Assembler.h: - (JSC::X86Assembler::movw_rm): - (JSC::X86Assembler::cvttsd2siq_rr): - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionFromClassInfo): - * bytecode/PredictedType.h: - (JSC::isInt8ArrayPrediction): - (JSC::isInt16ArrayPrediction): - (JSC::isInt32ArrayPrediction): - (JSC::isUint8ArrayPrediction): - (JSC::isUint16ArrayPrediction): - (JSC::isUint32ArrayPrediction): - (JSC::isFloat32ArrayPrediction): - (JSC::isFloat64ArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateInt8Array): - (JSC::DFG::Node::shouldSpeculateInt16Array): - (JSC::DFG::Node::shouldSpeculateInt32Array): - (JSC::DFG::Node::shouldSpeculateUint8Array): - (JSC::DFG::Node::shouldSpeculateUint16Array): - (JSC::DFG::Node::shouldSpeculateUint32Array): - (JSC::DFG::Node::shouldSpeculateFloat32Array): - (JSC::DFG::Node::shouldSpeculateFloat64Array): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSGlobalData.h: - -2011-12-01 Benjamin Poulain - - URLs are encoded in UTF-8, then decoded as if they are Latin1 - https://bugs.webkit.org/show_bug.cgi?id=71758 - - Reviewed by Darin Adler. - - Add the operator == between a String and a Vector of char. The implementation - is the same as the comparison of String and char* but adds the length as a - parameter for comparing the strings. - - * JavaScriptCore.exp: - * wtf/text/StringImpl.h: - (WTF::equal): - * wtf/text/WTFString.h: - (WTF::operator==): - (WTF::operator!=): - -2011-12-01 Martin Robinson - - [GTK] Read fonts from the jhbuild root - https://bugs.webkit.org/show_bug.cgi?id=73487 - - Reviewed by Gustavo Noronha Silva. - - Read fonts from the jhbuild root instead of from the system. This will ensure - that all testers use the same fonts instead of leaving this up to luck. - - * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner. - -2011-12-01 Martin Robinson - - [GTK] Add a helper function to find the current executable's path - https://bugs.webkit.org/show_bug.cgi?id=73473 - - Reviewed by Gustavo Noronha Silva. - - Add a WTF helper which gets the binary path. This is currently only used - in WebKit2. - - * GNUmakefile.list.am: Add the new file to the source list. - * wtf/gobject/GlibUtilities.cpp: Added. - (getCurrentExecutablePath): - * wtf/gobject/GlibUtilities.h: Added. - -2011-12-01 Sheriff Bot - - Unreviewed, rolling out r101691. - http://trac.webkit.org/changeset/101691 - https://bugs.webkit.org/show_bug.cgi?id=73588 - - Tests fail on Chromium bots, early warning system warned - committer, please adjust test_expectations in patch (Requested - by scheib on #webkit). - - * JavaScriptCore.exp: - * wtf/text/StringImpl.h: - * wtf/text/WTFString.h: - -2011-12-01 Filip Pizlo - - ARMv7 only allows for one-shot patching of compact offsets, while the - JIT expects to be able to repatch - https://bugs.webkit.org/show_bug.cgi?id=73548 - - Reviewed by Oliver Hunt. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::setUInt7ForLoad): - -2011-11-30 Benjamin Poulain - - URLs are encoded in UTF-8, then decoded as if they are Latin1 - https://bugs.webkit.org/show_bug.cgi?id=71758 - - Reviewed by Darin Adler. - - Add the operator == between a String and a Vector of char. The implementation - is the same as the comparison of String and char* but adds the length as a - parameter for comparing the strings. - - * JavaScriptCore.exp: - * wtf/text/StringImpl.h: - (WTF::equal): - * wtf/text/WTFString.h: - (WTF::operator==): - (WTF::operator!=): - -2011-11-30 Dmitry Lomov - - https://bugs.webkit.org/show_bug.cgi?id=73503 - [Chromium][V8] Implement ArrayBuffer transfer in chromium. - Portions of this patch come from Luke Zarko. - - Reviewed by David Levin. - - * wtf/ArrayBuffer.cpp: - (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr. - * wtf/ArrayBuffer.h: - (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr. - (WTF::ArrayBuffer::isNeutered): - * wtf/TypedArrayBase.h: - (WTF::TypedArrayBase::neuter): - -2011-12-01 Chao-ying Fu - - MacroAssemblerMIPS does not implement readCallTarget - https://bugs.webkit.org/show_bug.cgi?id=73432 - - Reviewed by Zoltan Herczeg. - - * assembler/MIPSAssembler.h: - (JSC::MIPSAssembler::readCallTarget): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::readCallTarget): - -2011-12-01 Noel Gordon - - [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects - https://bugs.webkit.org/show_bug.cgi?id=73527 - - Reviewed by Simon Hausmann. - - wtf/qt/ThreadingQt.cpp was removed in r101477 - - * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp - -2011-12-01 Filip Pizlo - - BitVector isInline check could fail - https://bugs.webkit.org/show_bug.cgi?id=70691 - - Reviewed by Gavin Barraclough. - - Switch back to using the high bit as the inline marker, to make - all of the bit indexing operations simpler. Computing the size in - words and in bytes of a bitvector, using the number of bits as - input is error-prone enough; and with the current approach to - solving the X86 bug we end up getting it wrong. Making it right - seems hard. - - So instead, to solve the original problem (the high bit may be - meaningful on 32-bit systems), the out-of-line storage pointer is - right-shifted by 1. Compared to the original BitVector code, this - is a much smaller change (just three lines). - - This solves a bug where the DFG was corrupting its call frame - because BitVector lost track of some bits. - - * wtf/BitVector.cpp: - (WTF::BitVector::setSlow): - (WTF::BitVector::resizeOutOfLine): - * wtf/BitVector.h: - (WTF::BitVector::quickGet): - (WTF::BitVector::quickSet): - (WTF::BitVector::quickClear): - (WTF::BitVector::makeInlineBits): - (WTF::BitVector::isInline): - (WTF::BitVector::outOfLineBits): - -2011-11-30 Filip Pizlo - - DFG should make it easier to notice node boundaries in disassembly - https://bugs.webkit.org/show_bug.cgi?id=73509 - - Rubber-stamped by Gavin Barraclough - - If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will - be emitted at node boundaries, where the immediate being xor'd is the - node index. - - * dfg/DFGCommon.h: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-11-30 Geoffrey Garen - - Removed ArgList iterators. - - Reviewed by Gavin Barraclough. - - Another step toward reversing the argument order. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): Switched from iterator to int. - - * runtime/ArgList.h: - (JSC::ArgList::ArgList): - (JSC::ArgList::isEmpty): Removed iterators. - - * runtime/JSArray.cpp: - (JSC::JSArray::finishCreation): Switched from iterator to int. - -2011-11-30 Yuqiang Xian - - 32 bit DFG should handle logicalNot slow case instead of simply bailing out - https://bugs.webkit.org/show_bug.cgi?id=73515 - - Reviewed by Filip Pizlo. - - This improves Kraken performance by 14%, mainly due to ~3X improvement - on imaging-desaturate. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - -2011-11-30 Max Vujovic - - Some date values not handled consistently with IE/Firefox - https://bugs.webkit.org/show_bug.cgi?id=14176 - - Reviewed by Gavin Barraclough. - - Changed time zone offset parsing behavior to match IE/Firefox/Opera's in - implementation dependent cases like "GMT-4". - - * wtf/DateMath.cpp: - (WTF::parseDateFromNullTerminatedCharacters): - -2011-11-30 Mark Hahnenberg - - toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback - https://bugs.webkit.org/show_bug.cgi?id=73368 - - Reviewed by Darin Adler. - - We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever - happens to be in the first class of the chain, which potentially could be null. - - - - * API/JSCallbackFunction.cpp: - (JSC::JSCallbackFunction::toStringCallback): - (JSC::JSCallbackFunction::valueOfCallback): - -2011-11-29 Sam Weinig - - Add adoptCF and adoptNS convenience functions to RetainPtr.h - https://bugs.webkit.org/show_bug.cgi?id=73399 - - Reviewed by Anders Carlsson. - - * wtf/RetainPtr.h: - (WTF::adoptCF): - (WTF::adoptNS): - These adoption functions match the pattern we use in other - smart pointer classes. - -2011-11-30 Adam Roben - - Fix RetainPtr's move assignment operators - - Fixes RetainPtr's move assignment operators don't modify the - pointer being assigned to - - I didn't write a test for this because we don't have a way of unit testing C++11 code (see - ). - - Reviewed by Anders Carlsson. - - * wtf/RetainPtr.h: - (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own - pointer. - -2011-11-30 Csaba Osztrogonác - - Unreviewed rolling out incorrect r101481. - - * assembler/MIPSAssembler.h: - * assembler/MacroAssemblerMIPS.h: - -2011-11-30 Simon Hausmann - - Fix compilation with MingW. - - Reviewed by Csaba Osztrogonác. - - * wtf/ThreadingWin.cpp: - (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for - the time being make the thread name setting unimplemented for MingW. - -2011-11-30 Simon Hausmann - - Unreviewed propective build fix for Qt/Windows part 2 after r101477. - - * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific::Data - -2011-11-30 Simon Hausmann - - Unreviewed propective build fix for Qt/Windows after r101477. - - * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's - only referenced from within another OS(WINDOWS) section. - -2011-11-30 Csaba Osztrogonác - - Unreviewed speculative buildfix after r101457. - - * assembler/MIPSAssembler.h: - (JSC::MIPSAssembler::readCallTarget): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::readCallTarget): - -2011-11-30 Andrew Wason - - Replace Qt QThread threading back-end with pthread/Win32 threading back-ends - https://bugs.webkit.org/show_bug.cgi?id=72155 - - Reviewed by Simon Hausmann. - - Use ThreadingPthreads and ThreadingWin instead of ThreadingQt. - - * heap/MachineStackMarker.cpp: - * wtf/MainThread.cpp: - (WTF::initializeMainThread): - * wtf/Platform.h: - * wtf/ThreadSpecific.h: Drop QThreadStorage related code. - (WTF::::destroy): - * wtf/ThreadingPrimitives.h: - * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread(). - (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread. - (WTF::scheduleDispatchFunctionsOnMainThread): - * wtf/qt/ThreadingQt.cpp: Removed. - * wtf/wtf.pro: - -2011-11-30 Csaba Osztrogonác - - MacroAssemblerARM does not implement readCallTarget - https://bugs.webkit.org/show_bug.cgi?id=73413 - - Based on Filip Pizlo's patch. - - Buildfix. Rubber-stamped by Gabor Loki. - - * assembler/ARMAssembler.h: - (JSC::ARMAssembler::readCallTarget): - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::readCallTarget): - -2011-11-29 Filip Pizlo - - Resetting a put_by_id inline cache should preserve the "isDirect" bit - https://bugs.webkit.org/show_bug.cgi?id=73375 - - Reviewed by Gavin Barraclough. - - For the replace case, we can find out if it was direct by looking at the - slow call. For the transition case, we explicitly remember if it was - direct. - - * bytecode/CodeBlock.cpp: - (JSC::printStructureStubInfo): - * bytecode/StructureStubInfo.cpp: - (JSC::StructureStubInfo::deref): - (JSC::StructureStubInfo::visitWeakReferences): - * bytecode/StructureStubInfo.h: - (JSC::isPutByIdAccess): - (JSC::StructureStubInfo::initPutByIdTransition): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryCachePutByID): - * jit/JIT.h: - * jit/JITPropertyAccess.cpp: - (JSC::JIT::resetPatchPutById): - (JSC::JIT::isDirectPutById): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::resetPatchPutById): - * jit/JITStubs.cpp: - (JSC::JITThunks::tryCachePutByID): - -2011-11-29 Sam Weinig - - Remove RetainPtr::releaseRef - https://bugs.webkit.org/show_bug.cgi?id=73396 - - Reviewed by Dan Bernstein. - - * wtf/RetainPtr.h: - Be gone releaseRef! Long live leakRef! - -2011-11-29 Sam Weinig - - Add move semantics to RetainPtr - https://bugs.webkit.org/show_bug.cgi?id=73393 - - Reviewed by Anders Carlsson. - - * wtf/RetainPtr.h: - (WTF::RetainPtr::RetainPtr): - Add a move constructor and move enabled assignment operators - to RetainPtr if the compiler being used supports rvalue - references. If the compiler does not support it, we fallback - to the copy semantics we have always had. - -2011-11-29 Yuqiang Xian - - DFG local CSE may cause incorrect reference counting for a node - https://bugs.webkit.org/show_bug.cgi?id=73390 - - Reviewed by Filip Pizlo. - - When performing a node substitution, the ref count of the replaced - child will be increased, no matter whether the user node is skipped in - code generation or not. This will cause the reference count of the - replaced child never get the chance to become zero and so the - registers occupied by it cannot be reused simply without spilling, if - it's used by a "skipped" node. - This is a 1% gain on V8 benchmark, tested on IA32 Linux. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::performSubstitution): - (JSC::DFG::Propagator::performNodeCSE): - -2011-11-29 David Levin - - Add a way to revert a variable to its previous value after leaving a scope. - https://bugs.webkit.org/show_bug.cgi?id=73371 - - Reviewed by Adam Barth. - - In case anyone from Chromium sees this, it is nearly identical to AutoReset - but if the same name were used, it causes unnecessary ambiguity. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/TemporarilyChange.h: Added. - (WTF::TemporarilyChange::TemporarilyChange): - (WTF::TemporarilyChange::~TemporarilyChange): - -2011-11-29 Sam Weinig - - Add COMPILER_SUPPORTS macro to allow for compiler feature testing - https://bugs.webkit.org/show_bug.cgi?id=73386 - - Reviewed by Anders Carlsson. - - * wtf/Compiler.h: - Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and - rvalue references for Clang. - -2011-11-29 Oliver Hunt - - Allow WebCore to describe typed arrays to JSC - https://bugs.webkit.org/show_bug.cgi?id=73355 - - Reviewed by Gavin Barraclough. - - Allow globaldata to track the structure of typed arrays. - - * runtime/JSGlobalData.h: - (JSC::TypedArrayDescriptor::TypedArrayDescriptor): - -2011-11-28 Filip Pizlo - - DFG debugCall() mechanism only works on X86 and X86-64 - https://bugs.webkit.org/show_bug.cgi?id=73282 - - Reviewed by Oliver Hunt. - - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::debugCall): - -2011-11-28 Filip Pizlo - - DFG non-X86 ArithDiv does speculation failure after mutating state, - without a value recovery - https://bugs.webkit.org/show_bug.cgi?id=73286 - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-11-28 Filip Pizlo - - Unreviewed build fixes for ARM. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::readCallTarget): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): - -2011-11-20 Roland Steiner - -