12012-05-22 Yong Li <yoli@rim.com> 2 3 [BlackBerry] getPlatformThreadRegisters() should fetch target thread's registers 4 https://bugs.webkit.org/show_bug.cgi?id=87148 5 6 Reviewed by George Staikos. 7 8 Our previous implementation of getPlatformThreadRegisters() read registers in current 9 thread's context but it is supposed to read the target thread's registers. 10 11 * heap/MachineStackMarker.cpp: 12 (JSC::getPlatformThreadRegisters): 13 142012-05-05 Filip Pizlo <fpizlo@apple.com> 15 16 DFG should support reflective arguments access 17 https://bugs.webkit.org/show_bug.cgi?id=85721 18 19 Reviewed by Oliver Hunt. 20 21 Merged r116345 from dfgopt. 22 23 This adds support for op_create_arguments to the DFG. No other arguments-related 24 opcodes are added by this change, though it does add a lot of the scaffolding 25 necessary for the other ops. 26 27 This also adds GetByVal/PutByVal optimizations for Arguments. 28 29 Finally, this rationalizes slowPathCall with no return. Previously, that would 30 work via callOperation() overloads that took InvalidGPRReg as the return GPR. 31 But that creates awful ambiguity, since we had template functions that were 32 polymorphic over all parameters except the second, which was a GPRReg, and a 33 bunch of non-template overloads that also potentially had GPRReg as the second 34 argument. I finally started to hit this ambiguity and was getting absolutely 35 bizarre compiler errors, that made me feel like I was programming in SML. So, 36 I changed the no-argument overloads to take NoResultTag instead, which made 37 everything sensible again by eliminating the overload ambiguity. 38 39 This is a ~7% speed-up on V8/earley and neutral elsewhere. 40 41 * bytecode/PredictedType.h: 42 (JSC::isArgumentsPrediction): 43 (JSC): 44 (JSC::isActionableMutableArrayPrediction): 45 * dfg/DFGAbstractState.cpp: 46 (JSC::DFG::AbstractState::execute): 47 * dfg/DFGByteCodeParser.cpp: 48 (JSC::DFG::ByteCodeParser::parseBlock): 49 * dfg/DFGCCallHelpers.h: 50 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): 51 (CCallHelpers): 52 * dfg/DFGCSEPhase.cpp: 53 (JSC::DFG::CSEPhase::performNodeCSE): 54 * dfg/DFGCapabilities.h: 55 (JSC::DFG::canCompileOpcode): 56 (JSC::DFG::canInlineOpcode): 57 * dfg/DFGCommon.h: 58 * dfg/DFGFixupPhase.cpp: 59 (JSC::DFG::FixupPhase::fixupNode): 60 * dfg/DFGNode.h: 61 (JSC::DFG::Node::unmodifiedArgumentsRegister): 62 (Node): 63 (JSC::DFG::Node::shouldSpeculateArguments): 64 * dfg/DFGNodeType.h: 65 (DFG): 66 * dfg/DFGOperations.cpp: 67 * dfg/DFGOperations.h: 68 * dfg/DFGPredictionPropagationPhase.cpp: 69 (JSC::DFG::PredictionPropagationPhase::propagate): 70 * dfg/DFGSpeculativeJIT.cpp: 71 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): 72 (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): 73 (DFG): 74 (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength): 75 * dfg/DFGSpeculativeJIT.h: 76 (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl): 77 (SpeculativeJIT): 78 (JSC::DFG::SpeculativeJIT::pickCanTrample): 79 (JSC::DFG::SpeculativeJIT::callOperation): 80 * dfg/DFGSpeculativeJIT32_64.cpp: 81 (JSC::DFG::SpeculativeJIT::cachedPutById): 82 (JSC::DFG::SpeculativeJIT::compile): 83 * dfg/DFGSpeculativeJIT64.cpp: 84 (JSC::DFG::SpeculativeJIT::cachedPutById): 85 (JSC::DFG::SpeculativeJIT::compile): 86 * runtime/Arguments.h: 87 (ArgumentsData): 88 (Arguments): 89 (JSC::Arguments::offsetOfData): 90 912011-05-21 Geoffrey Garen <ggaren@apple.com> 92 93 GC allocation trigger should be tuned to system RAM 94 https://bugs.webkit.org/show_bug.cgi?id=87039 95 96 Reviewed by Darin Adler. 97 98 This helps avoid OOM crashes on small platforms, and helps avoid "too much GC" 99 performance issues on big platforms. 100 101 * heap/Heap.cpp: 102 (JSC::Heap::Heap): 103 (JSC::Heap::collect): 104 * heap/Heap.h: 105 (Heap): GC balances between a fixed minimum and a proportional multiplier, 106 which are limited based on system RAM. 107 108 * runtime/JSGlobalData.cpp: 109 (JSC::JSGlobalData::JSGlobalData): 110 (JSC::JSGlobalData::createContextGroup): 111 (JSC::JSGlobalData::create): 112 (JSC::JSGlobalData::createLeaked): 113 * runtime/JSGlobalData.h: 114 (JSGlobalData): Renamed HeapSize to HeapType because the exact size is 115 influenced by the heap type, but not determined by it. 116 1172012-05-21 Gavin Barraclough <barraclough@apple.com> 118 119 Disable private names by default in WebCore 120 https://bugs.webkit.org/show_bug.cgi?id=87088 121 122 Reviewed by Geoff Garen. 123 124 r117859 introduced a preliminary implementation of ES6-like private name objects to JSC. 125 These are probably not yet ready to be web-facing, so disabling by default in WebCore. 126 Opting-in for JSC & DumpRenderTree so that we can still run the fast/js/names.html test. 127 128 * jsc.cpp: 129 (GlobalObject): 130 (GlobalObject::javaScriptExperimentsEnabled): 131 - Implemented new trap to opt-in to private names support. 132 * runtime/JSGlobalObject.cpp: 133 (JSC): 134 (JSC::JSGlobalObject::reset): 135 - Only add the Name property to the global object if experiments are enabled. 136 * runtime/JSGlobalObject.h: 137 (GlobalObjectMethodTable): 138 - Added new trap to enabled experiments. 139 (JSGlobalObject): 140 (JSC::JSGlobalObject::finishCreation): 141 - Set the global object's m_experimentsEnabled state on construction. 142 (JSC::JSGlobalObject::javaScriptExperimentsEnabled): 143 - Defaults to off. 144 1452012-05-06 Filip Pizlo <fpizlo@apple.com> 146 147 Truncating multiplication on integers should not OSR exit every time 148 https://bugs.webkit.org/show_bug.cgi?id=85752 149 150 Reviewed by Gavin Barraclough. 151 152 Merge r116264 from dfgopt. 153 154 * dfg/DFGAbstractState.cpp: 155 (JSC::DFG::AbstractState::execute): 156 * dfg/DFGFixupPhase.cpp: 157 (JSC::DFG::FixupPhase::fixupNode): 158 * dfg/DFGGraph.h: 159 (JSC::DFG::Graph::mulShouldSpeculateInteger): 160 (Graph): 161 (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger): 162 * dfg/DFGPredictionPropagationPhase.cpp: 163 (JSC::DFG::PredictionPropagationPhase::propagate): 164 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): 165 * dfg/DFGSpeculativeJIT.cpp: 166 (JSC::DFG::SpeculativeJIT::compileArithMul): 167 1682012-05-21 Csaba Osztrogonác <ossy@webkit.org> 169 170 DFG should be able to compute dominators 171 https://bugs.webkit.org/show_bug.cgi?id=85269 172 173 Unreviewed trivial 32 bit buildfix after r117861. 174 175 * dfg/DFGGraph.cpp: 176 (JSC::DFG::Graph::dump): 177 1782012-05-21 Filip Pizlo <fpizlo@apple.com> 179 180 DFG should be able to compute dominators 181 https://bugs.webkit.org/show_bug.cgi?id=85269 182 183 Reviewed by Oliver Hunt. 184 185 Merged r115754 from dfgopt. 186 187 Implements a naive dominator calculator, which is currently just used to 188 print information in graph dumps. I've enabled it by default mainly to 189 be able to track its performance impact. So far it appears that there is 190 none, which is unsurprising given that the number of basic blocks in most 191 procedures is small. 192 193 Also tweaked bytecode dumping to reveal more useful information about the 194 nature of the code block. 195 196 * CMakeLists.txt: 197 * GNUmakefile.list.am: 198 * JavaScriptCore.xcodeproj/project.pbxproj: 199 * Target.pri: 200 * bytecode/CodeBlock.cpp: 201 (JSC::CodeBlock::dump): 202 * dfg/DFGDominators.cpp: Added. 203 (DFG): 204 (JSC::DFG::Dominators::Dominators): 205 (JSC::DFG::Dominators::~Dominators): 206 (JSC::DFG::Dominators::compute): 207 (JSC::DFG::Dominators::iterateForBlock): 208 * dfg/DFGDominators.h: Added. 209 (DFG): 210 (Dominators): 211 (JSC::DFG::Dominators::invalidate): 212 (JSC::DFG::Dominators::computeIfNecessary): 213 (JSC::DFG::Dominators::isValid): 214 (JSC::DFG::Dominators::dominates): 215 * dfg/DFGDriver.cpp: 216 (JSC::DFG::compile): 217 * dfg/DFGGraph.cpp: 218 (JSC::DFG::Graph::dump): 219 * dfg/DFGGraph.h: 220 (Graph): 221 2222012-05-21 Michael Saboff <msaboff@apple.com> 223 224 Cleanup of Calls to operationStrCat and operationNewArray and Use Constructor after r117729 225 https://bugs.webkit.org/show_bug.cgi?id=87027 226 227 Reviewed by Oliver Hunt. 228 229 Change calls to operationStrCat and operationNewArray to provide the 230 pointer to the EncodedJSValue* data buffer instead of the ScratchBuffer 231 that contains it. Added a ScratchBuffer::create() function. 232 This is a clean-up to r117729. 233 234 * dfg/DFGOperations.cpp: 235 * dfg/DFGSpeculativeJIT32_64.cpp: 236 (JSC::DFG::SpeculativeJIT::compile): 237 * dfg/DFGSpeculativeJIT64.cpp: 238 (JSC::DFG::SpeculativeJIT::compile): 239 * runtime/JSGlobalData.h: 240 (JSC::ScratchBuffer::create): 241 (JSC::ScratchBuffer::dataBuffer): 242 (JSC::JSGlobalData::scratchBufferForSize): 243 2442012-05-15 Gavin Barraclough <barraclough@apple.com> 245 246 Add support for private names 247 https://bugs.webkit.org/show_bug.cgi?id=86509 248 249 Reviewed by Oliver Hunt. 250 251 The spec isn't final, but we can start adding support to allow property maps 252 to contain keys that aren't identifiers. 253 254 * API/JSCallbackObjectFunctions.h: 255 (JSC::::getOwnPropertySlot): 256 (JSC::::put): 257 (JSC::::deleteProperty): 258 (JSC::::getStaticValue): 259 (JSC::::staticFunctionGetter): 260 (JSC::::callbackGetter): 261 - Only expose public named properties over the JSC API. 262 * CMakeLists.txt: 263 * DerivedSources.make: 264 * DerivedSources.pri: 265 * GNUmakefile.list.am: 266 * JavaScriptCore.gypi: 267 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 268 * JavaScriptCore.xcodeproj/project.pbxproj: 269 * Target.pri: 270 - Added new files to build system. 271 * dfg/DFGOperations.cpp: 272 (JSC::DFG::operationPutByValInternal): 273 - Added support for property access with name objects. 274 * interpreter/CallFrame.h: 275 (JSC::ExecState::privateNamePrototypeTable): 276 - Added hash table for NamePrototype 277 * interpreter/Interpreter.cpp: 278 (JSC::Interpreter::privateExecute): 279 - Added support for property access with name objects. 280 * jit/JITStubs.cpp: 281 (JSC::DEFINE_STUB_FUNCTION): 282 - Added support for property access with name objects. 283 * llint/LLIntSlowPaths.cpp: 284 (JSC::LLInt::getByVal): 285 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 286 * runtime/CommonSlowPaths.h: 287 (JSC::CommonSlowPaths::opIn): 288 * runtime/JSActivation.cpp: 289 (JSC::JSActivation::symbolTableGet): 290 (JSC::JSActivation::symbolTablePut): 291 (JSC::JSActivation::symbolTablePutWithAttributes): 292 - Added support for property access with name objects. 293 * runtime/JSGlobalData.cpp: 294 (JSC): 295 (JSC::JSGlobalData::JSGlobalData): 296 (JSC::JSGlobalData::~JSGlobalData): 297 * runtime/JSGlobalData.h: 298 (JSGlobalData): 299 - Added hash table for NamePrototype 300 * runtime/JSGlobalObject.cpp: 301 (JSC::JSGlobalObject::reset): 302 * runtime/JSGlobalObject.h: 303 (JSGlobalObject): 304 (JSC::JSGlobalObject::privateNameStructure): 305 (JSC::JSGlobalObject::symbolTableHasProperty): 306 - Added new global properties. 307 * runtime/JSType.h: 308 * runtime/JSTypeInfo.h: 309 (JSC::TypeInfo::isName): 310 - Added type for NameInstances, for fast isName check. 311 * runtime/JSVariableObject.cpp: 312 (JSC::JSVariableObject::deleteProperty): 313 (JSC::JSVariableObject::symbolTableGet): 314 * runtime/JSVariableObject.h: 315 (JSC::JSVariableObject::symbolTableGet): 316 (JSC::JSVariableObject::symbolTablePut): 317 (JSC::JSVariableObject::symbolTablePutWithAttributes): 318 - symbol table lookup should take a PropertyName. 319 * runtime/Lookup.cpp: 320 (JSC::setUpStaticFunctionSlot): 321 * runtime/Lookup.h: 322 (JSC::HashTable::entry): 323 - entry lookup should take a PropertyName. 324 * runtime/NameConstructor.cpp: Added. 325 (JSC): 326 (JSC::NameConstructor::NameConstructor): 327 (JSC::NameConstructor::finishCreation): 328 (JSC::constructPrivateName): 329 (JSC::NameConstructor::getConstructData): 330 (JSC::NameConstructor::getCallData): 331 * runtime/NameConstructor.h: Added. 332 (JSC): 333 (NameConstructor): 334 (JSC::NameConstructor::create): 335 (JSC::NameConstructor::createStructure): 336 - Added constructor. 337 * runtime/NameInstance.cpp: Added. 338 (JSC): 339 (JSC::NameInstance::NameInstance): 340 (JSC::NameInstance::destroy): 341 * runtime/NameInstance.h: Added. 342 (JSC): 343 (NameInstance): 344 (JSC::NameInstance::createStructure): 345 (JSC::NameInstance::create): 346 (JSC::NameInstance::privateName): 347 (JSC::NameInstance::nameString): 348 (JSC::NameInstance::finishCreation): 349 (JSC::isName): 350 - Added instance. 351 * runtime/NamePrototype.cpp: Added. 352 (JSC): 353 (JSC::NamePrototype::NamePrototype): 354 (JSC::NamePrototype::finishCreation): 355 (JSC::NamePrototype::getOwnPropertySlot): 356 (JSC::NamePrototype::getOwnPropertyDescriptor): 357 (JSC::privateNameProtoFuncToString): 358 * runtime/NamePrototype.h: Added. 359 (JSC): 360 (NamePrototype): 361 (JSC::NamePrototype::create): 362 (JSC::NamePrototype::createStructure): 363 - Added prototype. 364 * runtime/PrivateName.h: Added. 365 (JSC): 366 (PrivateName): 367 (JSC::PrivateName::PrivateName): 368 (JSC::PrivateName::uid): 369 - A private name object holds a StringImpl that can be used as a unique key in a property map. 370 * runtime/PropertyMapHashTable.h: 371 (JSC::PropertyTable::find): 372 (JSC::PropertyTable::findWithString): 373 - Strings should only match keys in the table that are identifiers. 374 * runtime/PropertyName.h: 375 (JSC::PropertyName::PropertyName): 376 (PropertyName): 377 (JSC::PropertyName::uid): 378 (JSC::PropertyName::publicName): 379 (JSC::PropertyName::asIndex): 380 (JSC::operator==): 381 (JSC::operator!=): 382 - replaced impl() & ustring() with uid() [to get the raw impl] and publicName() [impl or null, if not an identifier]. 383 * runtime/Structure.cpp: 384 (JSC::Structure::despecifyDictionaryFunction): 385 (JSC::Structure::addPropertyTransitionToExistingStructure): 386 (JSC::Structure::addPropertyTransition): 387 (JSC::Structure::attributeChangeTransition): 388 (JSC::Structure::get): 389 (JSC::Structure::despecifyFunction): 390 (JSC::Structure::putSpecificValue): 391 (JSC::Structure::remove): 392 (JSC::Structure::getPropertyNamesFromStructure): 393 * runtime/Structure.h: 394 (JSC::Structure::get): 395 - call uid() to get a PropertyName raw impl, for use as a key. 396 3972012-04-30 Filip Pizlo <fpizlo@apple.com> 398 399 Bytecode dumps should contain data about the state of get_by_id caches 400 https://bugs.webkit.org/show_bug.cgi?id=85246 401 402 Reviewed by Gavin Barraclough. 403 404 Merge r115694 from dfgopt. 405 406 Changed the DFG bytecode parser (and the code that calls it) to be able 407 to call codeBlock->dump() on the code blocks being parsed. 408 409 Changed bytecode dumping to be able to print the state of get_by_id 410 caches inline with the bytecode. 411 412 Removed the old StructureStubInfo dumping code, which no longer worked 413 right, and was incapable of telling us information about chain and list 414 accesses. 415 416 This change does not add dumping for put_by_id caches. We can add that 417 at a later time. 418 419 * bytecode/CodeBlock.cpp: 420 (JSC::CodeBlock::printUnaryOp): 421 (JSC::CodeBlock::printBinaryOp): 422 (JSC::CodeBlock::printConditionalJump): 423 (JSC::CodeBlock::printGetByIdOp): 424 (JSC::dumpStructure): 425 (JSC): 426 (JSC::dumpChain): 427 (JSC::CodeBlock::printGetByIdCacheStatus): 428 (JSC::CodeBlock::printCallOp): 429 (JSC::CodeBlock::printPutByIdOp): 430 (JSC::printGlobalResolveInfo): 431 (JSC::CodeBlock::printStructure): 432 (JSC::CodeBlock::printStructures): 433 (JSC::CodeBlock::dump): 434 (JSC::CodeBlock::visitStructures): 435 (JSC::ProgramCodeBlock::jitCompileImpl): 436 (JSC::EvalCodeBlock::jitCompileImpl): 437 (JSC::FunctionCodeBlock::jitCompileImpl): 438 * bytecode/CodeBlock.h: 439 (CodeBlock): 440 (JSC::CodeBlock::jitCompile): 441 (ProgramCodeBlock): 442 (EvalCodeBlock): 443 (FunctionCodeBlock): 444 * dfg/DFGByteCodeParser.cpp: 445 (JSC::DFG::ByteCodeParser::ByteCodeParser): 446 (ByteCodeParser): 447 (JSC::DFG::ByteCodeParser::parseCodeBlock): 448 (JSC::DFG::parse): 449 * dfg/DFGByteCodeParser.h: 450 (DFG): 451 * dfg/DFGDriver.cpp: 452 (JSC::DFG::compile): 453 (JSC::DFG::tryCompile): 454 (JSC::DFG::tryCompileFunction): 455 * dfg/DFGDriver.h: 456 (DFG): 457 (JSC::DFG::tryCompile): 458 (JSC::DFG::tryCompileFunction): 459 * dfg/DFGOSRExitCompiler.cpp: 460 * jit/JITDriver.h: 461 (JSC::jitCompileIfAppropriate): 462 (JSC::jitCompileFunctionIfAppropriate): 463 * llint/LLIntSlowPaths.cpp: 464 (JSC::LLInt::jitCompileAndSetHeuristics): 465 * runtime/Executable.cpp: 466 (JSC::EvalExecutable::jitCompile): 467 (JSC::EvalExecutable::compileInternal): 468 (JSC::ProgramExecutable::jitCompile): 469 (JSC::ProgramExecutable::compileInternal): 470 (JSC::FunctionExecutable::jitCompileForCall): 471 (JSC::FunctionExecutable::jitCompileForConstruct): 472 (JSC::FunctionExecutable::compileForCallInternal): 473 (JSC::FunctionExecutable::compileForConstructInternal): 474 * runtime/Executable.h: 475 (EvalExecutable): 476 (ProgramExecutable): 477 (FunctionExecutable): 478 (JSC::FunctionExecutable::jitCompileFor): 479 * runtime/ExecutionHarness.h: 480 (JSC::prepareForExecution): 481 (JSC::prepareFunctionForExecution): 482 4832012-05-21 Carlos Garcia Campos <cgarcia@igalia.com> 484 485 Unreviewed. Fix make distcheck. 486 487 * GNUmakefile.list.am: Add missing header files. 488 4892012-05-21 Allan Sandfeld Jensen <allan.jensen@nokia.com> 490 491 GCC 4.7 and C++11 492 https://bugs.webkit.org/show_bug.cgi?id=86465 493 494 Reviewed by Darin Adler. 495 496 Set emptyValueIsZero flag so RegExpKey can be used with the non-copyable RegExp values. 497 498 * runtime/RegExpKey.h: 499 5002012-05-20 Michael Saboff <msaboff@apple.com> 501 502 JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection 503 https://bugs.webkit.org/show_bug.cgi?id=86553 504 505 Reviewed by Gavin Barraclough. 506 507 Scratch buffers can contain the only reference to live objects. 508 Therefore visit scratch buffer contents as conservative roots. 509 Changed the scratch buffers to be a struct with an "active" 510 length and the actual buffer. The users of the scratch 511 buffer emit code where needed to set and clear the active 512 length as appropriate. During marking, the active count is 513 used for conservative marking. 514 515 * dfg/DFGAssemblyHelpers.h: 516 (JSC::DFG::AssemblyHelpers::debugCall): 517 * dfg/DFGOSRExitCompiler32_64.cpp: 518 (JSC::DFG::OSRExitCompiler::compileExit): 519 * dfg/DFGOSRExitCompiler64.cpp: 520 (JSC::DFG::OSRExitCompiler::compileExit): 521 * dfg/DFGOperations.cpp: 522 * dfg/DFGOperations.h: 523 * dfg/DFGSpeculativeJIT32_64.cpp: 524 (JSC::DFG::SpeculativeJIT::compile): 525 * dfg/DFGSpeculativeJIT64.cpp: 526 (JSC::DFG::SpeculativeJIT::compile): 527 * dfg/DFGThunks.cpp: 528 (JSC::DFG::osrExitGenerationThunkGenerator): 529 * heap/Heap.cpp: 530 (JSC::Heap::markRoots): 531 * runtime/JSGlobalData.cpp: 532 (JSC::JSGlobalData::gatherConservativeRoots): 533 * runtime/JSGlobalData.h: 534 (JSC::ScratchBuffer::ScratchBuffer): 535 (ScratchBuffer): 536 (JSC::ScratchBuffer::allocationSize): 537 (JSC::ScratchBuffer::setActiveLength): 538 (JSC::ScratchBuffer::activeLength): 539 (JSC::ScratchBuffer::activeLengthPtr): 540 (JSC::ScratchBuffer::dataBuffer): 541 (JSGlobalData): 542 (JSC::JSGlobalData::scratchBufferForSize): 543 5442012-05-20 Filip Pizlo <fpizlo@apple.com> 545 546 Predicted types should know about arguments 547 https://bugs.webkit.org/show_bug.cgi?id=85165 548 549 Reviewed by Oliver Hunt. 550 551 Merge r115604 from dfgopt. 552 553 * bytecode/PredictedType.cpp: 554 (JSC::predictionToString): 555 (JSC::predictionToAbbreviatedString): 556 (JSC::predictionFromClassInfo): 557 * bytecode/PredictedType.h: 558 (JSC): 559 (JSC::isMyArgumentsPrediction): 560 (JSC::isArgumentsPrediction): 561 5622012-05-20 Filip Pizlo <fpizlo@apple.com> 563 564 Bytecompiler should emit trivially fewer jumps in loops 565 https://bugs.webkit.org/show_bug.cgi?id=85144 566 567 Reviewed by Oliver Hunt. 568 569 Merged r115587 from dfgopt. 570 571 1-2% across the board win. 572 573 * bytecompiler/NodesCodegen.cpp: 574 (JSC::WhileNode::emitBytecode): 575 (JSC::ForNode::emitBytecode): 576 5772012-05-19 Vivek Galatage <vivekgalatage@gmail.com> 578 579 Windows build broken due to changes in the http://trac.webkit.org/changeset/117646 580 https://bugs.webkit.org/show_bug.cgi?id=86939 581 582 The changeset 117646 changed the JSString::toBoolean signature. This 583 change is for fixing the windows build break. 584 585 Reviewed by Ryosuke Niwa. 586 587 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 588 5892012-05-18 Filip Pizlo <fpizlo@apple.com> 590 591 REGRESSION(117646): fast/canvas/webgl/glsl-conformance.html is crashing in the DFG 592 https://bugs.webkit.org/show_bug.cgi?id=86929 593 594 Reviewed by Oliver Hunt. 595 596 The problem was that if CFG simplification saw a Branch with identical successors, 597 it would always perform a basic block merge. But that's wrong if the successor has 598 other predecessors. 599 600 * dfg/DFGCFGSimplificationPhase.cpp: 601 (JSC::DFG::CFGSimplificationPhase::run): 602 6032012-05-18 Filip Pizlo <fpizlo@apple.com> 604 605 DFG CFG simplification crashes if it's trying to remove an unreachable block 606 that has an already-killed-off unreachable successor 607 https://bugs.webkit.org/show_bug.cgi?id=86918 608 609 Reviewed by Oliver Hunt. 610 611 This fixes crashes in: 612 inspector/styles/styles-computed-trace.html 613 inspector/console/console-big-array.html 614 615 * dfg/DFGCFGSimplificationPhase.cpp: 616 (JSC::DFG::CFGSimplificationPhase::fixPhis): 617 6182012-05-18 Filip Pizlo <fpizlo@apple.com> 619 620 DFG should have control flow graph simplification 621 https://bugs.webkit.org/show_bug.cgi?id=84553 622 623 Reviewed by Oliver Hunt. 624 625 Merged r115512 from dfgopt. 626 627 This change gives the DFG the ability to simplify the control flow graph 628 as part of an optimization fixpoint that includes CSE, CFA, and constant 629 folding. This required a number of interesting changes including: 630 631 - Solidifying the set of invariants that the DFG obeys. For example, the 632 head and tail of each basic block must advertise the set of live locals 633 and the set of available locals, respectively. It must do so by 634 referring to the first access to the local in the block (for head) and 635 the last one (for tail). This patch introduces the start of a 636 validation step that may be turned on even with asserts disabled. To 637 ensure that these invariants are preserved, I had to remove the 638 redundant phi elimination phase. For now I just remove the call, but in 639 the future we will probably remove it entirely unless we find a use for 640 it. 641 642 - Making it easier to get the boolean version of a JSValue. This is a 643 pure operation, but we previously did not treat it as such. 644 645 - Fixing the merging and filtering of AbstractValues that correspond to 646 concrete JSValues. This was previously broken and was limiting the 647 effect of running constant folding. Fixing this meant that I had to 648 change how constant folding eliminates GetLocal nodes, so as to ensure 649 that the resulting graph still obeys DFG rules. 650 651 - Introducing simplified getters for some of the things that DFG phases 652 want to know about, like the Nth child of a node (now just 653 graph.child(...) if you don't care about performance too much) or 654 getting successors of a basic block. 655 656 The current CFG simplifier can handle almost all of the cases that it 657 ought to handle; the noteworthy one that is not yet handled is removing 658 basic blocks that just have jumps. To do this right we need to be able 659 to remove jump-only blocks that also perform keep-alive on some values. 660 To make this work, we need to be able to hoist the keep-alive into (or 661 just above) a Branch. This is not fundamentally difficult but I opted to 662 let this patch omit this optimization. We can handle this later. 663 664 This is a big win on programs that include inline functions that are 665 often called with constant arguments. Of course, SunSpider, V8, and 666 Kraken don't count. Those benchmarks are completely neutral with this 667 change. 668 669 * API/JSValueRef.cpp: 670 (JSValueToBoolean): 671 * CMakeLists.txt: 672 * GNUmakefile.list.am: 673 * JavaScriptCore.xcodeproj/project.pbxproj: 674 * Target.pri: 675 * bytecode/CodeBlock.h: 676 (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex): 677 * bytecode/Operands.h: 678 (JSC::Operands::setOperandFirstTime): 679 (Operands): 680 * dfg/DFGAbstractState.cpp: 681 (JSC::DFG::AbstractState::initialize): 682 (JSC::DFG::AbstractState::execute): 683 (JSC::DFG::AbstractState::mergeStateAtTail): 684 (JSC::DFG::AbstractState::mergeToSuccessors): 685 * dfg/DFGAbstractValue.h: 686 (JSC::DFG::AbstractValue::isClear): 687 (JSC::DFG::AbstractValue::operator!=): 688 (JSC::DFG::AbstractValue::merge): 689 (JSC::DFG::AbstractValue::filter): 690 (JSC::DFG::AbstractValue::validateIgnoringValue): 691 (AbstractValue): 692 * dfg/DFGAdjacencyList.h: 693 (JSC::DFG::AdjacencyList::child): 694 (JSC::DFG::AdjacencyList::setChild): 695 (AdjacencyList): 696 * dfg/DFGBasicBlock.h: 697 (JSC::DFG::BasicBlock::~BasicBlock): 698 (BasicBlock): 699 (JSC::DFG::BasicBlock::numNodes): 700 (JSC::DFG::BasicBlock::nodeIndex): 701 (JSC::DFG::BasicBlock::isPhiIndex): 702 (JSC::DFG::BasicBlock::isInPhis): 703 (JSC::DFG::BasicBlock::isInBlock): 704 * dfg/DFGByteCodeParser.cpp: 705 (ByteCodeParser): 706 (DFG): 707 (JSC::DFG::ByteCodeParser::parse): 708 * dfg/DFGCFAPhase.cpp: 709 (JSC::DFG::CFAPhase::run): 710 (JSC::DFG::CFAPhase::performBlockCFA): 711 (JSC::DFG::performCFA): 712 * dfg/DFGCFAPhase.h: 713 (DFG): 714 * dfg/DFGCFGSimplificationPhase.cpp: Added. 715 (DFG): 716 (CFGSimplificationPhase): 717 (JSC::DFG::CFGSimplificationPhase::CFGSimplificationPhase): 718 (JSC::DFG::CFGSimplificationPhase::run): 719 (JSC::DFG::CFGSimplificationPhase::killUnreachable): 720 (JSC::DFG::CFGSimplificationPhase::findOperandSource): 721 (JSC::DFG::CFGSimplificationPhase::keepOperandAlive): 722 (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal): 723 (JSC::DFG::CFGSimplificationPhase::jettisonBlock): 724 (JSC::DFG::CFGSimplificationPhase::fixPhis): 725 (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors): 726 (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference): 727 (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution): 728 (OperandSubstitution): 729 (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump): 730 (JSC::DFG::CFGSimplificationPhase::skipGetLocal): 731 (JSC::DFG::CFGSimplificationPhase::fixTailOperand): 732 (JSC::DFG::CFGSimplificationPhase::mergeBlocks): 733 (JSC::DFG::performCFGSimplification): 734 * dfg/DFGCFGSimplificationPhase.h: Added. 735 (DFG): 736 * dfg/DFGCSEPhase.cpp: 737 (JSC::DFG::CSEPhase::run): 738 (CSEPhase): 739 (JSC::DFG::CSEPhase::impureCSE): 740 (JSC::DFG::CSEPhase::globalVarLoadElimination): 741 (JSC::DFG::CSEPhase::getByValLoadElimination): 742 (JSC::DFG::CSEPhase::checkStructureLoadElimination): 743 (JSC::DFG::CSEPhase::getByOffsetLoadElimination): 744 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): 745 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): 746 (JSC::DFG::CSEPhase::performNodeCSE): 747 (JSC::DFG::CSEPhase::performBlockCSE): 748 (JSC::DFG::performCSE): 749 * dfg/DFGCSEPhase.h: 750 (DFG): 751 * dfg/DFGCommon.h: 752 * dfg/DFGConstantFoldingPhase.cpp: 753 (JSC::DFG::ConstantFoldingPhase::run): 754 (JSC::DFG::performConstantFolding): 755 * dfg/DFGConstantFoldingPhase.h: 756 (DFG): 757 * dfg/DFGDriver.cpp: 758 (JSC::DFG::compile): 759 * dfg/DFGEdge.h: 760 (Edge): 761 (JSC::DFG::Edge::operator UnspecifiedBoolType*): 762 * dfg/DFGFixupPhase.cpp: 763 (JSC::DFG::FixupPhase::run): 764 (JSC::DFG::FixupPhase::fixupBlock): 765 (JSC::DFG::performFixup): 766 * dfg/DFGFixupPhase.h: 767 (DFG): 768 * dfg/DFGGraph.cpp: 769 (JSC::DFG::Graph::dump): 770 (JSC::DFG::Graph::handleSuccessor): 771 (DFG): 772 (JSC::DFG::Graph::determineReachability): 773 (JSC::DFG::Graph::resetReachability): 774 * dfg/DFGGraph.h: 775 (JSC::DFG::Graph::deref): 776 (JSC::DFG::Graph::changeIndex): 777 (Graph): 778 (JSC::DFG::Graph::changeEdge): 779 (JSC::DFG::Graph::numSuccessors): 780 (JSC::DFG::Graph::successor): 781 (JSC::DFG::Graph::successorForCondition): 782 (JSC::DFG::Graph::isPredictedNumerical): 783 (JSC::DFG::Graph::byValIsPure): 784 (JSC::DFG::Graph::clobbersWorld): 785 (JSC::DFG::Graph::numChildren): 786 (JSC::DFG::Graph::child): 787 * dfg/DFGNode.h: 788 (JSC::DFG::Node::convertToConstant): 789 (JSC::DFG::Node::numSuccessors): 790 (Node): 791 (JSC::DFG::Node::successor): 792 (JSC::DFG::Node::successorForCondition): 793 * dfg/DFGNodeType.h: 794 (DFG): 795 * dfg/DFGOSREntry.cpp: 796 (JSC::DFG::prepareOSREntry): 797 * dfg/DFGOperations.cpp: 798 * dfg/DFGPhase.cpp: 799 (JSC::DFG::Phase::endPhase): 800 * dfg/DFGPhase.h: 801 (JSC::DFG::runPhase): 802 * dfg/DFGPredictionPropagationPhase.cpp: 803 (JSC::DFG::PredictionPropagationPhase::run): 804 (JSC::DFG::performPredictionPropagation): 805 * dfg/DFGPredictionPropagationPhase.h: 806 (DFG): 807 * dfg/DFGRedundantPhiEliminationPhase.cpp: 808 (JSC::DFG::RedundantPhiEliminationPhase::run): 809 (JSC::DFG::performRedundantPhiElimination): 810 * dfg/DFGRedundantPhiEliminationPhase.h: 811 (DFG): 812 * dfg/DFGScoreBoard.h: 813 (JSC::DFG::ScoreBoard::use): 814 (ScoreBoard): 815 (JSC::DFG::ScoreBoard::useIfHasResult): 816 * dfg/DFGSpeculativeJIT.cpp: 817 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 818 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 819 (JSC::DFG::SpeculativeJIT::compile): 820 (JSC::DFG::SpeculativeJIT::createOSREntries): 821 (JSC::DFG::SpeculativeJIT::linkOSREntries): 822 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): 823 (JSC::DFG::SpeculativeJIT::compileRegExpExec): 824 * dfg/DFGSpeculativeJIT.h: 825 (JSC::DFG::SpeculativeJIT::nextBlock): 826 (SpeculativeJIT): 827 (JSC::DFG::SpeculativeJIT::use): 828 (JSC::DFG::SpeculativeJIT::jump): 829 * dfg/DFGSpeculativeJIT32_64.cpp: 830 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 831 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 832 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 833 (JSC::DFG::SpeculativeJIT::emitBranch): 834 (JSC::DFG::SpeculativeJIT::compile): 835 * dfg/DFGSpeculativeJIT64.cpp: 836 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 837 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 838 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 839 (JSC::DFG::SpeculativeJIT::emitBranch): 840 (JSC::DFG::SpeculativeJIT::compile): 841 * dfg/DFGValidate.cpp: Added. 842 (DFG): 843 (Validate): 844 (JSC::DFG::Validate::Validate): 845 (JSC::DFG::Validate::validate): 846 (JSC::DFG::Validate::reportValidationContext): 847 (JSC::DFG::Validate::dumpData): 848 (JSC::DFG::Validate::dumpGraphIfAppropriate): 849 (JSC::DFG::validate): 850 * dfg/DFGValidate.h: Added. 851 (DFG): 852 (JSC::DFG::validate): 853 * dfg/DFGVirtualRegisterAllocationPhase.cpp: 854 (JSC::DFG::VirtualRegisterAllocationPhase::run): 855 (JSC::DFG::performVirtualRegisterAllocation): 856 * dfg/DFGVirtualRegisterAllocationPhase.h: 857 (DFG): 858 * interpreter/Interpreter.cpp: 859 (JSC::Interpreter::privateExecute): 860 * jit/JITStubs.cpp: 861 (JSC::DEFINE_STUB_FUNCTION): 862 * llint/LLIntSlowPaths.cpp: 863 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 864 * runtime/ArrayPrototype.cpp: 865 (JSC::arrayProtoFuncFilter): 866 (JSC::arrayProtoFuncEvery): 867 (JSC::arrayProtoFuncSome): 868 * runtime/BooleanConstructor.cpp: 869 (JSC::constructBoolean): 870 (JSC::callBooleanConstructor): 871 * runtime/JSCell.h: 872 (JSCell): 873 * runtime/JSObject.cpp: 874 (JSC): 875 * runtime/JSObject.h: 876 * runtime/JSString.cpp: 877 (JSC::JSString::toBoolean): 878 * runtime/JSString.h: 879 (JSString): 880 (JSC::JSCell::toBoolean): 881 (JSC::JSValue::toBoolean): 882 * runtime/JSValue.h: 883 * runtime/ObjectConstructor.cpp: 884 (JSC::toPropertyDescriptor): 885 * runtime/RegExpConstructor.cpp: 886 (JSC::setRegExpConstructorMultiline): 887 * runtime/RegExpPrototype.cpp: 888 (JSC::regExpProtoFuncToString): 889 8902012-05-18 Filip Pizlo <fpizlo@apple.com> 891 892 Unreviewed, build fix. 893 894 * dfg/DFGSpeculativeJIT.h: 895 (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR): 896 8972012-04-17 Filip Pizlo <fpizlo@apple.com> 898 899 DFG should have constant propagation 900 https://bugs.webkit.org/show_bug.cgi?id=84004 901 902 Reviewed by Gavin Barraclough. 903 904 Merge r114554 from dfgopt. 905 906 Changes AbstractValue to be able to hold a "set" of constants, where 907 the maximum set size is 1 - so merging a value containing constant A 908 with another value containing constant B where A != B will result in 909 the AbstractValue claiming that it does not know any constants (i.e. 910 it'll just have a predicted type and possible a structure). 911 912 Added a constant folding phase that uses this new information to 913 replace pure operations known to have constant results with 914 JSConstants. This is OSR-exit-aware, in that it will prepend a Phantom 915 that refers to all of the kids of the node we replaced. 916 917 * CMakeLists.txt: 918 * GNUmakefile.list.am: 919 * JavaScriptCore.xcodeproj/project.pbxproj: 920 * Target.pri: 921 * dfg/DFGAbstractState.cpp: 922 (JSC::DFG::AbstractState::beginBasicBlock): 923 (JSC::DFG::AbstractState::endBasicBlock): 924 (JSC::DFG::AbstractState::execute): 925 * dfg/DFGAbstractState.h: 926 (AbstractState): 927 * dfg/DFGAbstractValue.h: 928 (JSC::DFG::AbstractValue::clear): 929 (JSC::DFG::AbstractValue::isClear): 930 (JSC::DFG::AbstractValue::makeTop): 931 (JSC::DFG::AbstractValue::clobberValue): 932 (AbstractValue): 933 (JSC::DFG::AbstractValue::valueIsTop): 934 (JSC::DFG::AbstractValue::value): 935 (JSC::DFG::AbstractValue::set): 936 (JSC::DFG::AbstractValue::operator==): 937 (JSC::DFG::AbstractValue::merge): 938 (JSC::DFG::AbstractValue::filter): 939 (JSC::DFG::AbstractValue::validate): 940 (JSC::DFG::AbstractValue::checkConsistency): 941 (JSC::DFG::AbstractValue::dump): 942 * dfg/DFGAdjacencyList.h: 943 (JSC::DFG::AdjacencyList::initialize): 944 (AdjacencyList): 945 (JSC::DFG::AdjacencyList::reset): 946 * dfg/DFGBasicBlock.h: 947 (JSC::DFG::BasicBlock::BasicBlock): 948 (BasicBlock): 949 * dfg/DFGCSEPhase.cpp: 950 (JSC::DFG::CSEPhase::constantCSE): 951 (CSEPhase): 952 (JSC::DFG::CSEPhase::performNodeCSE): 953 * dfg/DFGConstantFoldingPhase.cpp: Added. 954 (DFG): 955 (ConstantFoldingPhase): 956 (JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase): 957 (JSC::DFG::ConstantFoldingPhase::run): 958 (JSC::DFG::performConstantFolding): 959 * dfg/DFGConstantFoldingPhase.h: Added. 960 (DFG): 961 * dfg/DFGDriver.cpp: 962 (JSC::DFG::compile): 963 * dfg/DFGGraph.h: 964 (Graph): 965 (JSC::DFG::Graph::convertToConstant): 966 * dfg/DFGInsertionSet.h: 967 (JSC::DFG::InsertionSet::execute): 968 * dfg/DFGNode.h: 969 (JSC::DFG::Node::convertToConstant): 970 (Node): 971 * runtime/JSValue.cpp: 972 (JSC::JSValue::description): 973 * runtime/JSValue.h: 974 (JSValue): 975 9762012-05-18 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> 977 978 Fix build for Qt by using ASSERT_UNUSED in DFGSpeculativeJIT 979 https://bugs.webkit.org/show_bug.cgi?id=86902 980 981 Reviewed by Andreas Kling. 982 983 * dfg/DFGSpeculativeJIT.h: 984 (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR): 985 9862012-04-16 Filip Pizlo <fpizlo@apple.com> 987 988 DFG should have out-of-line slow paths 989 https://bugs.webkit.org/show_bug.cgi?id=83992 990 991 Reviewed by Oliver Hunt. 992 993 Merge of r114472 and r114553 from dfgopt. 994 995 Introduces the notion of slow path code generation closures in the DFG. 996 These are defined in DFGSlowPathGenerator.h, though they are fairly 997 extensible so DFGSpeculativeJIT64.cpp and DFGSpeculativeJIT32_64.cpp 998 define a couple special-purpose ones. A slow path generation closure 999 (DFG::SlowPathGenerator) is executed after the main speculative path is 1000 generated. This makes them great for scheduling slow path code out of 1001 the way of the hot paths. 1002 1003 This patch also converts most - but not all - of the DFG to use slow 1004 path generators instead of inline slow paths. 1005 1006 The result is a sub-1% improvement on SunSpider and V8, and a miniscule 1007 regression on Kraken. 1008 1009 * JavaScriptCore.xcodeproj/project.pbxproj: 1010 * assembler/AbstractMacroAssembler.h: 1011 (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr): 1012 (TrustedImmPtr): 1013 (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32): 1014 (TrustedImm32): 1015 * bytecode/StructureStubInfo.h: 1016 * dfg/DFGCommon.h: 1017 * dfg/DFGJITCompiler.cpp: 1018 (JSC::DFG::JITCompiler::link): 1019 (JSC::DFG::JITCompiler::compile): 1020 (JSC::DFG::JITCompiler::compileFunction): 1021 * dfg/DFGJITCompiler.h: 1022 (DFG): 1023 (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): 1024 (PropertyAccessRecord): 1025 (JITCompiler): 1026 * dfg/DFGSilentRegisterSavePlan.h: Added. 1027 (DFG): 1028 (SilentRegisterSavePlan): 1029 (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan): 1030 (JSC::DFG::SilentRegisterSavePlan::spillAction): 1031 (JSC::DFG::SilentRegisterSavePlan::fillAction): 1032 (JSC::DFG::SilentRegisterSavePlan::nodeIndex): 1033 (JSC::DFG::SilentRegisterSavePlan::gpr): 1034 (JSC::DFG::SilentRegisterSavePlan::fpr): 1035 * dfg/DFGSlowPathGenerator.h: Added. 1036 (DFG): 1037 (SlowPathGenerator): 1038 (JSC::DFG::SlowPathGenerator::SlowPathGenerator): 1039 (JSC::DFG::SlowPathGenerator::~SlowPathGenerator): 1040 (JSC::DFG::SlowPathGenerator::generate): 1041 (JSC::DFG::SlowPathGenerator::label): 1042 (JSC::DFG::SlowPathGenerator::call): 1043 (JumpingSlowPathGenerator): 1044 (JSC::DFG::JumpingSlowPathGenerator::JumpingSlowPathGenerator): 1045 (JSC::DFG::JumpingSlowPathGenerator::linkFrom): 1046 (JSC::DFG::JumpingSlowPathGenerator::jumpTo): 1047 (CallSlowPathGenerator): 1048 (JSC::DFG::CallSlowPathGenerator::CallSlowPathGenerator): 1049 (JSC::DFG::CallSlowPathGenerator::call): 1050 (JSC::DFG::CallSlowPathGenerator::setUp): 1051 (JSC::DFG::CallSlowPathGenerator::recordCall): 1052 (JSC::DFG::CallSlowPathGenerator::tearDown): 1053 (CallResultAndNoArgumentsSlowPathGenerator): 1054 (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::CallResultAndNoArgumentsSlowPathGenerator): 1055 (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::generateInternal): 1056 (CallResultAndOneArgumentSlowPathGenerator): 1057 (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::CallResultAndOneArgumentSlowPathGenerator): 1058 (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::generateInternal): 1059 (CallResultAndTwoArgumentsSlowPathGenerator): 1060 (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::CallResultAndTwoArgumentsSlowPathGenerator): 1061 (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::generateInternal): 1062 (CallResultAndThreeArgumentsSlowPathGenerator): 1063 (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::CallResultAndThreeArgumentsSlowPathGenerator): 1064 (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::generateInternal): 1065 (CallResultAndFourArgumentsSlowPathGenerator): 1066 (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::CallResultAndFourArgumentsSlowPathGenerator): 1067 (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::generateInternal): 1068 (CallResultAndFiveArgumentsSlowPathGenerator): 1069 (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::CallResultAndFiveArgumentsSlowPathGenerator): 1070 (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::generateInternal): 1071 (JSC::DFG::slowPathCall): 1072 (AssigningSlowPathGenerator): 1073 (JSC::DFG::AssigningSlowPathGenerator::AssigningSlowPathGenerator): 1074 (JSC::DFG::AssigningSlowPathGenerator::generateInternal): 1075 (JSC::DFG::slowPathMove): 1076 * dfg/DFGSpeculativeJIT.cpp: 1077 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 1078 (DFG): 1079 (JSC::DFG::SpeculativeJIT::~SpeculativeJIT): 1080 (JSC::DFG::SpeculativeJIT::addSlowPathGenerator): 1081 (JSC::DFG::SpeculativeJIT::runSlowPathGenerators): 1082 (JSC::DFG::SpeculativeJIT::compileValueToInt32): 1083 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 1084 * dfg/DFGSpeculativeJIT.h: 1085 (DFG): 1086 (SpeculativeJIT): 1087 (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR): 1088 (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR): 1089 (JSC::DFG::SpeculativeJIT::silentSpill): 1090 (JSC::DFG::SpeculativeJIT::silentFill): 1091 (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl): 1092 (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters): 1093 (JSC::DFG::SpeculativeJIT::pickCanTrample): 1094 (JSC::DFG::SpeculativeJIT::silentFillAllRegisters): 1095 (JSC::DFG::SpeculativeJIT::callOperation): 1096 * dfg/DFGSpeculativeJIT32_64.cpp: 1097 (ValueToNumberSlowPathGenerator): 1098 (JSC::DFG::ValueToNumberSlowPathGenerator::ValueToNumberSlowPathGenerator): 1099 (JSC::DFG::ValueToNumberSlowPathGenerator::generateInternal): 1100 (DFG): 1101 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): 1102 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): 1103 (JSC::DFG::SpeculativeJIT::cachedGetById): 1104 (JSC::DFG::SpeculativeJIT::cachedPutById): 1105 (CompareAndBoxBooleanSlowPathGenerator): 1106 (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator): 1107 (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::generateInternal): 1108 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): 1109 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): 1110 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 1111 (JSC::DFG::SpeculativeJIT::compile): 1112 * dfg/DFGSpeculativeJIT64.cpp: 1113 (ValueToNumberSlowPathGenerator): 1114 (JSC::DFG::ValueToNumberSlowPathGenerator::ValueToNumberSlowPathGenerator): 1115 (JSC::DFG::ValueToNumberSlowPathGenerator::generateInternal): 1116 (DFG): 1117 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): 1118 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): 1119 (JSC::DFG::SpeculativeJIT::cachedGetById): 1120 (JSC::DFG::SpeculativeJIT::cachedPutById): 1121 (CompareAndBoxBooleanSlowPathGenerator): 1122 (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator): 1123 (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::generateInternal): 1124 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): 1125 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): 1126 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 1127 (JSC::DFG::SpeculativeJIT::compile): 1128 11292012-05-18 Tony Chang <tony@chromium.org> 1130 1131 remove the CSS_GRID_LAYOUT compiler define, but default grid layout to off 1132 https://bugs.webkit.org/show_bug.cgi?id=86767 1133 1134 Reviewed by Ojan Vafai. 1135 1136 * Configurations/FeatureDefines.xcconfig: Remove ENABLE_CSS_GRID_LAYOUT. 1137 11382012-05-17 Filip Pizlo <fpizlo@apple.com> 1139 1140 Setting array index -1 and looping over array causes bad behavior 1141 https://bugs.webkit.org/show_bug.cgi?id=86733 1142 <rdar://problem/11477670> 1143 1144 Reviewed by Oliver Hunt. 1145 1146 * dfg/DFGOperations.cpp: 1147 11482012-05-17 Geoffrey Garen <ggaren@apple.com> 1149 1150 Not reviewed. 1151 1152 Rolled out r117495 because it caused som out of memory crashes. 1153 1154 * heap/Heap.cpp: 1155 (JSC::Heap::collect): 1156 11572012-05-17 Geoffrey Garen <ggaren@apple.com> 1158 1159 Refactored the Heap to move more MarkedSpace logic into MarkedSpace 1160 https://bugs.webkit.org/show_bug.cgi?id=86790 1161 1162 Reviewed by Gavin Barraclough. 1163 1164 * heap/Heap.cpp: 1165 (JSC::Heap::lastChanceToFinalize): 1166 (JSC::Heap::markRoots): 1167 (JSC): 1168 (JSC::Heap::objectCount): 1169 (JSC::Heap::size): 1170 (JSC::Heap::capacity): 1171 (JSC::Heap::collect): 1172 * heap/Heap.h: 1173 (Heap): Took all the functors from here... 1174 1175 * heap/MarkedBlock.h: 1176 (CountFunctor): 1177 (JSC::MarkedBlock::CountFunctor::CountFunctor): 1178 (JSC::MarkedBlock::CountFunctor::count): 1179 (JSC::MarkedBlock::CountFunctor::returnValue): 1180 (MarkedBlock): 1181 * heap/MarkedSpace.h: 1182 (JSC::ClearMarks::operator()): 1183 (JSC): 1184 (JSC::Sweep::operator()): 1185 (JSC::MarkCount::operator()): 1186 (JSC::Size::operator()): 1187 (JSC::Capacity::operator()): 1188 (MarkedSpace): 1189 (JSC::MarkedSpace::clearMarks): 1190 (JSC::MarkedSpace::sweep): 1191 (JSC::MarkedSpace::objectCount): 1192 (JSC::MarkedSpace::size): 1193 (JSC::MarkedSpace::capacity): and put them here. 1194 11952012-05-17 Geoffrey Garen <ggaren@apple.com> 1196 1197 Increase the GC allocation trigger 1198 https://bugs.webkit.org/show_bug.cgi?id=86699 1199 1200 Reviewed by Sam Weinig. 1201 1202 This helps a lot when the heap is growing, and helps to resolve 1203 the regression caused by r116484. 1204 1205 * heap/Heap.cpp: 1206 (JSC::Heap::collect): 1207 12082012-05-16 Mark Hahnenberg <mhahnenberg@apple.com> 1209 1210 GC in the middle of JSObject::allocatePropertyStorage can cause badness 1211 https://bugs.webkit.org/show_bug.cgi?id=83839 1212 1213 Reviewed by Geoff Garen. 1214 1215 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 1216 * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage. 1217 (JSC::DEFINE_STUB_FUNCTION): 1218 * runtime/JSObject.cpp: 1219 (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're 1220 growing our already-existing PropertyStorage. 1221 * runtime/JSObject.h: 1222 (JSObject): 1223 (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage 1224 and the new structure so that we can be sure a GC never occurs when our Structure 1225 info is out of sync with our PropertyStorage. 1226 (JSC): 1227 (JSC::JSObject::putDirectInternal): Moved the check to see if we should 1228 allocate more backing store before the actual property insertion into 1229 the structure. 1230 (JSC::JSObject::putDirectWithoutTransition): Ditto. 1231 (JSC::JSObject::transitionTo): Ditto. 1232 * runtime/Structure.cpp: 1233 (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy 1234 for property backing stores contained within the Structure class. 1235 (JSC): 1236 * runtime/Structure.h: 1237 (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion 1238 into the Structure would require resizing the property backing store so that they can 1239 preallocate the required storage. 1240 (Structure): 1241 12422012-05-16 Geoffrey Garen <ggaren@apple.com> 1243 1244 GC is not thread-safe when moving values between C stacks 1245 https://bugs.webkit.org/show_bug.cgi?id=86672 1246 1247 Reviewed by Phil Pizlo. 1248 1249 GC pauses thread A while marking thread A, and then B while marking B, 1250 which isn't safe against A and B moving values between each others' 1251 stacks. 1252 1253 This is a theoretical bug -- I haven't been able to reproduce it 1254 in the wild. 1255 1256 * heap/MachineStackMarker.cpp: 1257 (JSC::MachineThreads::gatherFromOtherThread): 1258 (JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the 1259 duration of stack marking, to avoid missing values that might be moving 1260 between C stacks. 1261 12622012-05-15 Mark Hahnenberg <mhahnenberg@apple.com> 1263 1264 Block freeing thread should not free blocks when we are actively requesting them 1265 https://bugs.webkit.org/show_bug.cgi?id=86519 1266 1267 Reviewed by Geoff Garen. 1268 1269 * heap/BlockAllocator.h: 1270 (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done 1271 while we hold the lock to ensure proper locking. 1272 12732012-05-15 Filip Pizlo <fpizlo@apple.com> 1274 1275 shrinkToFit() is often not called for Vectors in CodeBlock 1276 https://bugs.webkit.org/show_bug.cgi?id=86436 1277 1278 Reviewed by Oliver Hunt. 1279 1280 The vectors in CodeBlock are often appended to during various stages of 1281 compilation, but we neglect to shrink them after compilation finishes. This 1282 patch takes the most brutal possible approach: shrink all the vectors after 1283 the bytecompile phase, and then shrink them again after the appropriate 1284 JITing phase. The two shrinks are necessary because the JIT may append more 1285 stuff, but may also generate code that directly references things in other 1286 vectors; hence some can only be shrunk before JIT and some after. Also, 1287 we may allow a CodeBlock to sit around for a long time - possibly forever - 1288 before invoking the JIT, hence it makes sense to have two shrinks. 1289 1290 This is performance neutral on the major benchmarks we track. 1291 1292 * bytecode/CodeBlock.cpp: 1293 (JSC::CodeBlock::shrinkToFit): 1294 * bytecode/CodeBlock.h: 1295 (CodeBlock): 1296 (JSC::CodeBlock::appendWeakReferenceTransition): 1297 * bytecompiler/BytecodeGenerator.cpp: 1298 (JSC::BytecodeGenerator::generate): 1299 * dfg/DFGDriver.cpp: 1300 (JSC::DFG::compile): 1301 * dfg/DFGJITCompiler.cpp: 1302 (JSC::DFG::JITCompiler::link): 1303 * jit/JIT.cpp: 1304 (JSC::JIT::privateCompile): 1305 13062012-05-15 Oliver Hunt <oliver@apple.com> 1307 1308 Make error information available even if all we have is line number information. 1309 https://bugs.webkit.org/show_bug.cgi?id=86547 1310 1311 Reviewed by Filip Pizlo. 1312 1313 We don't need expression information to generate useful line, file, and stack information, 1314 so only require that we have line number info available. 1315 1316 * interpreter/Interpreter.cpp: 1317 (JSC::Interpreter::throwException): 1318 * runtime/Executable.h: 1319 (JSC): 1320 13212012-05-15 Mark Hahnenberg <mhahnenberg@apple.com> 1322 1323 Block freeing thread should not free blocks when we are actively requesting them 1324 https://bugs.webkit.org/show_bug.cgi?id=86519 1325 1326 Reviewed by Geoffrey Garen. 1327 1328 The block freeing thread shoots us in the foot if it decides to run while we're actively 1329 requesting blocks and returning them. This situation can arise when there is a lot of copying 1330 collection going on in steady state. We allocate a large swath of pages to copy into, then we 1331 return all the newly free old pages to the BlockAllocator. In this state, if the block freeing 1332 thread wakes up in between collections (which is more likely than it waking up during a 1333 collection) and frees half of these pages, they will be needed almost immediately during the 1334 next collection, causing a storm of VM allocations which we know are going to be very slow. 1335 1336 What we'd like is for when things have quieted down the block freeing thread can then return 1337 memory to the OS. Usually this will be when a page has fully loaded and has a low allocation 1338 rate. In this situation, our opportunistic collections will only be running at least every few 1339 seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say, 1340 while a page is loading. 1341 1342 * heap/BlockAllocator.cpp: 1343 (JSC::BlockAllocator::BlockAllocator): Initialize our new field. 1344 (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently. 1345 If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out 1346 on an update, we'll see it when we wake up again. 1347 * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests. 1348 (BlockAllocator): 1349 (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks 1350 that to true. We don't bother locking since we assume that writing to a bool is atomic. 1351 13522012-05-14 Luke Macpherson <macpherson@chromium.org> 1353 1354 Introduce ENABLE_CSS_VARIABLES compile flag. 1355 https://bugs.webkit.org/show_bug.cgi?id=86338 1356 1357 Reviewed by Dimitri Glazkov. 1358 1359 Add a configuration option for CSS Variables support, disabling it by default. 1360 1361 * Configurations/FeatureDefines.xcconfig: 1362 13632012-05-14 Gavin Barraclough <barraclough@apple.com> 1364 1365 Cannot login to iCloud 1366 https://bugs.webkit.org/show_bug.cgi?id=86321 1367 1368 Reviewed by Filip Pizlo. 1369 1370 This is a bug introduced by bug#85853, we shouldn't allow assignment to 1371 the prototype property of functions to be cached, since we need to clear 1372 the cached inheritorID. 1373 1374 * runtime/JSFunction.cpp: 1375 (JSC::JSFunction::put): 1376 13772012-05-14 Michael Saboff <msaboff@apple.com> 1378 1379 Enh: Add the Ability to Disable / Enable JavaScript GC Timer 1380 https://bugs.webkit.org/show_bug.cgi?id=86382 1381 1382 Reviewed by Darin Adler. 1383 1384 Add flag to GCActivityCallback to enable / disable activity timer. 1385 Add api via Heap to set the flag's value. 1386 1387 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Windows export 1388 * heap/Heap.cpp: 1389 (JSC::Heap::setGarbageCollectionTimerEnabled): 1390 * heap/Heap.h: 1391 * runtime/GCActivityCallback.h: 1392 (JSC::GCActivityCallback::isEnabled): 1393 (JSC::GCActivityCallback::setEnabled): 1394 (JSC::GCActivityCallback::GCActivityCallback): 1395 * runtime/GCActivityCallbackCF.cpp: 1396 (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): 1397 13982012-05-14 Michael Saboff <msaboff@apple.com> 1399 1400 Increase Debug Logging in MarkStack::validate() 1401 https://bugs.webkit.org/show_bug.cgi?id=86408 1402 1403 Rubber-stamped by Filip Pizlo. 1404 1405 Added some descriptive debug messages for the conditions and 1406 values when a cell validation fails. 1407 1408 * heap/MarkStack.cpp: 1409 (JSC::MarkStack::validate): 1410 14112012-05-14 Carlos Garcia Campos <cgarcia@igalia.com> 1412 1413 Unreviewed. Fix make distcheck. 1414 1415 * GNUmakefile.list.am: Add missing header file. 1416 14172012-05-14 Yong Li <yoli@rim.com> 1418 1419 DFG JIT didn't work with ARM EABI. 1420 https://bugs.webkit.org/show_bug.cgi?id=84449 1421 1422 Reviewed by Filip Pizlo. 1423 1424 Add a 32-bit dummy argument for some callOperation() 1425 methods to make it work for ARM EABI. 1426 1427 * dfg/DFGCCallHelpers.h: 1428 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): 1429 (CCallHelpers): 1430 * dfg/DFGOperations.cpp: 1431 * dfg/DFGSpeculativeJIT.h: 1432 (SpeculativeJIT): 1433 (JSC::DFG::SpeculativeJIT::callOperation): 1434 14352012-05-13 Gavin Barraclough <barraclough@apple.com> 1436 1437 Introduce PropertyName class 1438 https://bugs.webkit.org/show_bug.cgi?id=86241 1439 1440 Reviewed by Darin Adler. 1441 1442 This patch introduced a couple of small bugs. 1443 1444 * runtime/PropertyName.h: 1445 (JSC::toUInt32FromCharacters): 1446 - Returning wrong value for "" - should not convert to 0. 1447 (JSC::PropertyName::PropertyName): 1448 - Remove the ASSERT, it was a little too aspirational. 1449 14502012-05-13 Filip Pizlo <fpizlo@apple.com> 1451 1452 DFG performs incorrect constant folding on double-to-uint32 conversion in 1453 Uint32Array PutByVal 1454 https://bugs.webkit.org/show_bug.cgi?id=86330 1455 1456 Reviewed by Darin Adler. 1457 1458 static_cast<int>(d) is wrong, since JS semantics require us to use toInt32(d). 1459 In particular, C++ casts on typical hardware (like x86 and similar) will 1460 return 0x80000000 for double values that are out of range of the int32 domain 1461 (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call 1462 for wrap-around; for example the double value 4294967297 ought to become the 1463 int32 value 1, not 0x80000000. 1464 1465 * dfg/DFGSpeculativeJIT.cpp: 1466 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 1467 14682012-05-11 Gavin Barraclough <barraclough@apple.com> 1469 1470 Introduce PropertyName class 1471 https://bugs.webkit.org/show_bug.cgi?id=86241 1472 1473 Reviewed by Geoff Garen. 1474 1475 Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type. 1476 This change paves the way to allow for properties keyed by values that are not Identifiers. 1477 1478 This change is largely a mechanical find & replace. 1479 It also changes JSFunction's constructor to take a UString& instead of an Identifier& 1480 (since in some cases we can no longer guarantee that we'lll have an Identifier), and 1481 unifies Identifier's methods to obtain array indices onto PropertyName. 1482 1483 The new PropertyName class retains the ability to support .impl() and .ustring(), but 1484 in a future patch we may need to rework this, since not all PropertyNames should be 1485 equal based on their string representation. 1486 1487 * API/JSCallbackFunction.cpp: 1488 (JSC::JSCallbackFunction::finishCreation): 1489 * API/JSCallbackFunction.h: 1490 (JSCallbackFunction): 1491 (JSC::JSCallbackFunction::create): 1492 * API/JSCallbackObject.h: 1493 (JSCallbackObject): 1494 * API/JSCallbackObjectFunctions.h: 1495 (JSC::::getOwnPropertySlot): 1496 (JSC::::getOwnPropertyDescriptor): 1497 (JSC::::put): 1498 (JSC::::deleteProperty): 1499 (JSC::::getStaticValue): 1500 (JSC::::staticFunctionGetter): 1501 (JSC::::callbackGetter): 1502 * API/JSObjectRef.cpp: 1503 (JSObjectMakeFunctionWithCallback): 1504 * JSCTypedArrayStubs.h: 1505 (JSC): 1506 * JavaScriptCore.xcodeproj/project.pbxproj: 1507 * debugger/DebuggerActivation.cpp: 1508 (JSC::DebuggerActivation::getOwnPropertySlot): 1509 (JSC::DebuggerActivation::put): 1510 (JSC::DebuggerActivation::putDirectVirtual): 1511 (JSC::DebuggerActivation::deleteProperty): 1512 (JSC::DebuggerActivation::getOwnPropertyDescriptor): 1513 (JSC::DebuggerActivation::defineOwnProperty): 1514 * debugger/DebuggerActivation.h: 1515 (DebuggerActivation): 1516 * jsc.cpp: 1517 (GlobalObject::addFunction): 1518 (GlobalObject::addConstructableFunction): 1519 * runtime/Arguments.cpp: 1520 (JSC::Arguments::getOwnPropertySlot): 1521 (JSC::Arguments::getOwnPropertyDescriptor): 1522 (JSC::Arguments::put): 1523 (JSC::Arguments::deleteProperty): 1524 (JSC::Arguments::defineOwnProperty): 1525 * runtime/Arguments.h: 1526 (Arguments): 1527 * runtime/ArrayConstructor.cpp: 1528 (JSC::ArrayConstructor::finishCreation): 1529 (JSC::ArrayConstructor::getOwnPropertySlot): 1530 (JSC::ArrayConstructor::getOwnPropertyDescriptor): 1531 * runtime/ArrayConstructor.h: 1532 (ArrayConstructor): 1533 * runtime/ArrayPrototype.cpp: 1534 (JSC::ArrayPrototype::getOwnPropertySlot): 1535 (JSC::ArrayPrototype::getOwnPropertyDescriptor): 1536 (JSC::putProperty): 1537 * runtime/ArrayPrototype.h: 1538 (ArrayPrototype): 1539 * runtime/BooleanConstructor.cpp: 1540 (JSC::BooleanConstructor::finishCreation): 1541 * runtime/BooleanPrototype.cpp: 1542 (JSC::BooleanPrototype::getOwnPropertySlot): 1543 (JSC::BooleanPrototype::getOwnPropertyDescriptor): 1544 * runtime/BooleanPrototype.h: 1545 (BooleanPrototype): 1546 * runtime/ClassInfo.h: 1547 (MethodTable): 1548 * runtime/DateConstructor.cpp: 1549 (JSC::DateConstructor::finishCreation): 1550 (JSC::DateConstructor::getOwnPropertySlot): 1551 (JSC::DateConstructor::getOwnPropertyDescriptor): 1552 * runtime/DateConstructor.h: 1553 (DateConstructor): 1554 * runtime/DatePrototype.cpp: 1555 (JSC::DatePrototype::getOwnPropertySlot): 1556 (JSC::DatePrototype::getOwnPropertyDescriptor): 1557 * runtime/DatePrototype.h: 1558 (DatePrototype): 1559 * runtime/Error.h: 1560 (JSC::StrictModeTypeErrorFunction::create): 1561 * runtime/ErrorConstructor.cpp: 1562 (JSC::ErrorConstructor::finishCreation): 1563 * runtime/ErrorPrototype.cpp: 1564 (JSC::ErrorPrototype::getOwnPropertySlot): 1565 (JSC::ErrorPrototype::getOwnPropertyDescriptor): 1566 * runtime/ErrorPrototype.h: 1567 (ErrorPrototype): 1568 * runtime/FunctionConstructor.cpp: 1569 (JSC::FunctionConstructor::finishCreation): 1570 * runtime/FunctionPrototype.cpp: 1571 (JSC::FunctionPrototype::finishCreation): 1572 (JSC::FunctionPrototype::addFunctionProperties): 1573 (JSC::functionProtoFuncBind): 1574 * runtime/FunctionPrototype.h: 1575 (JSC::FunctionPrototype::create): 1576 (FunctionPrototype): 1577 * runtime/Identifier.cpp: 1578 (JSC): 1579 * runtime/Identifier.h: 1580 (Identifier): 1581 * runtime/InternalFunction.cpp: 1582 (JSC::InternalFunction::finishCreation): 1583 * runtime/InternalFunction.h: 1584 (InternalFunction): 1585 * runtime/JSActivation.cpp: 1586 (JSC::JSActivation::symbolTableGet): 1587 (JSC::JSActivation::symbolTablePut): 1588 (JSC::JSActivation::symbolTablePutWithAttributes): 1589 (JSC::JSActivation::getOwnPropertySlot): 1590 (JSC::JSActivation::put): 1591 (JSC::JSActivation::putDirectVirtual): 1592 (JSC::JSActivation::deleteProperty): 1593 (JSC::JSActivation::argumentsGetter): 1594 * runtime/JSActivation.h: 1595 (JSActivation): 1596 * runtime/JSArray.cpp: 1597 (JSC::JSArray::defineOwnProperty): 1598 (JSC::JSArray::getOwnPropertySlot): 1599 (JSC::JSArray::getOwnPropertyDescriptor): 1600 (JSC::JSArray::put): 1601 (JSC::JSArray::deleteProperty): 1602 * runtime/JSArray.h: 1603 (JSArray): 1604 (JSC): 1605 * runtime/JSBoundFunction.cpp: 1606 (JSC::JSBoundFunction::create): 1607 (JSC::JSBoundFunction::finishCreation): 1608 * runtime/JSBoundFunction.h: 1609 (JSBoundFunction): 1610 * runtime/JSCell.cpp: 1611 (JSC::JSCell::getOwnPropertySlot): 1612 (JSC::JSCell::put): 1613 (JSC::JSCell::deleteProperty): 1614 (JSC::JSCell::putDirectVirtual): 1615 (JSC::JSCell::defineOwnProperty): 1616 (JSC::JSCell::getOwnPropertyDescriptor): 1617 * runtime/JSCell.h: 1618 (JSCell): 1619 * runtime/JSFunction.cpp: 1620 (JSC::JSFunction::create): 1621 (JSC::JSFunction::finishCreation): 1622 (JSC::JSFunction::argumentsGetter): 1623 (JSC::JSFunction::callerGetter): 1624 (JSC::JSFunction::lengthGetter): 1625 (JSC::JSFunction::getOwnPropertySlot): 1626 (JSC::JSFunction::getOwnPropertyDescriptor): 1627 (JSC::JSFunction::put): 1628 (JSC::JSFunction::deleteProperty): 1629 (JSC::JSFunction::defineOwnProperty): 1630 (JSC::getCalculatedDisplayName): 1631 * runtime/JSFunction.h: 1632 (JSFunction): 1633 * runtime/JSGlobalObject.cpp: 1634 (JSC::JSGlobalObject::put): 1635 (JSC::JSGlobalObject::putDirectVirtual): 1636 (JSC::JSGlobalObject::defineOwnProperty): 1637 (JSC::JSGlobalObject::reset): 1638 (JSC::JSGlobalObject::createThrowTypeError): 1639 (JSC::JSGlobalObject::getOwnPropertySlot): 1640 (JSC::JSGlobalObject::getOwnPropertyDescriptor): 1641 * runtime/JSGlobalObject.h: 1642 (JSGlobalObject): 1643 (JSC::JSGlobalObject::hasOwnPropertyForWrite): 1644 (JSC::JSGlobalObject::symbolTableHasProperty): 1645 * runtime/JSNotAnObject.cpp: 1646 (JSC::JSNotAnObject::getOwnPropertySlot): 1647 (JSC::JSNotAnObject::getOwnPropertyDescriptor): 1648 (JSC::JSNotAnObject::put): 1649 (JSC::JSNotAnObject::deleteProperty): 1650 * runtime/JSNotAnObject.h: 1651 (JSNotAnObject): 1652 * runtime/JSONObject.cpp: 1653 (JSC::JSONObject::getOwnPropertySlot): 1654 (JSC::JSONObject::getOwnPropertyDescriptor): 1655 * runtime/JSONObject.h: 1656 (JSONObject): 1657 * runtime/JSObject.cpp: 1658 (JSC::JSObject::put): 1659 (JSC::JSObject::putDirectVirtual): 1660 (JSC::JSObject::putDirectAccessor): 1661 (JSC::JSObject::hasProperty): 1662 (JSC::JSObject::deleteProperty): 1663 (JSC::JSObject::hasOwnProperty): 1664 (JSC::callDefaultValueFunction): 1665 (JSC::JSObject::findPropertyHashEntry): 1666 (JSC::JSObject::getPropertySpecificValue): 1667 (JSC::JSObject::removeDirect): 1668 (JSC::JSObject::getOwnPropertyDescriptor): 1669 (JSC::JSObject::getPropertyDescriptor): 1670 (JSC::putDescriptor): 1671 (JSC::JSObject::defineOwnProperty): 1672 * runtime/JSObject.h: 1673 (JSObject): 1674 (JSC::JSObject::getDirect): 1675 (JSC::JSObject::getDirectLocation): 1676 (JSC::JSObject::inlineGetOwnPropertySlot): 1677 (JSC::JSObject::getOwnPropertySlot): 1678 (JSC::JSCell::fastGetOwnPropertySlot): 1679 (JSC::JSObject::getPropertySlot): 1680 (JSC::JSObject::get): 1681 (JSC::JSObject::putDirectInternal): 1682 (JSC::JSObject::putOwnDataProperty): 1683 (JSC::JSObject::putDirect): 1684 (JSC::JSObject::putDirectWithoutTransition): 1685 (JSC::JSValue::get): 1686 (JSC::JSValue::put): 1687 * runtime/JSStaticScopeObject.cpp: 1688 (JSC::JSStaticScopeObject::put): 1689 (JSC::JSStaticScopeObject::putDirectVirtual): 1690 (JSC::JSStaticScopeObject::getOwnPropertySlot): 1691 * runtime/JSStaticScopeObject.h: 1692 (JSStaticScopeObject): 1693 * runtime/JSString.cpp: 1694 (JSC::JSString::getOwnPropertySlot): 1695 (JSC::JSString::getStringPropertyDescriptor): 1696 * runtime/JSString.h: 1697 (JSString): 1698 (JSC::JSString::getStringPropertySlot): 1699 * runtime/JSValue.cpp: 1700 (JSC::JSValue::putToPrimitive): 1701 * runtime/JSValue.h: 1702 (JSC): 1703 (JSValue): 1704 * runtime/JSVariableObject.cpp: 1705 (JSC::JSVariableObject::deleteProperty): 1706 (JSC::JSVariableObject::symbolTableGet): 1707 (JSC::JSVariableObject::putDirectVirtual): 1708 * runtime/JSVariableObject.h: 1709 (JSVariableObject): 1710 (JSC::JSVariableObject::symbolTableGet): 1711 (JSC::JSVariableObject::symbolTablePut): 1712 (JSC::JSVariableObject::symbolTablePutWithAttributes): 1713 * runtime/Lookup.cpp: 1714 (JSC::setUpStaticFunctionSlot): 1715 * runtime/Lookup.h: 1716 (JSC::HashTable::entry): 1717 (JSC): 1718 (JSC::getStaticPropertySlot): 1719 (JSC::getStaticPropertyDescriptor): 1720 (JSC::getStaticFunctionSlot): 1721 (JSC::getStaticFunctionDescriptor): 1722 (JSC::getStaticValueSlot): 1723 (JSC::getStaticValueDescriptor): 1724 (JSC::lookupPut): 1725 * runtime/MathObject.cpp: 1726 (JSC::MathObject::getOwnPropertySlot): 1727 (JSC::MathObject::getOwnPropertyDescriptor): 1728 * runtime/MathObject.h: 1729 (MathObject): 1730 * runtime/NativeErrorConstructor.h: 1731 (JSC::NativeErrorConstructor::finishCreation): 1732 * runtime/NumberConstructor.cpp: 1733 (JSC): 1734 (JSC::NumberConstructor::finishCreation): 1735 (JSC::NumberConstructor::getOwnPropertySlot): 1736 (JSC::NumberConstructor::getOwnPropertyDescriptor): 1737 (JSC::NumberConstructor::put): 1738 (JSC::numberConstructorNaNValue): 1739 (JSC::numberConstructorNegInfinity): 1740 (JSC::numberConstructorPosInfinity): 1741 (JSC::numberConstructorMaxValue): 1742 (JSC::numberConstructorMinValue): 1743 * runtime/NumberConstructor.h: 1744 (NumberConstructor): 1745 * runtime/NumberPrototype.cpp: 1746 (JSC::NumberPrototype::getOwnPropertySlot): 1747 (JSC::NumberPrototype::getOwnPropertyDescriptor): 1748 * runtime/NumberPrototype.h: 1749 (NumberPrototype): 1750 * runtime/ObjectConstructor.cpp: 1751 (JSC::ObjectConstructor::finishCreation): 1752 (JSC::ObjectConstructor::getOwnPropertySlot): 1753 (JSC::ObjectConstructor::getOwnPropertyDescriptor): 1754 * runtime/ObjectConstructor.h: 1755 (ObjectConstructor): 1756 * runtime/ObjectPrototype.cpp: 1757 (JSC::ObjectPrototype::put): 1758 (JSC::ObjectPrototype::defineOwnProperty): 1759 (JSC::ObjectPrototype::getOwnPropertySlot): 1760 (JSC::ObjectPrototype::getOwnPropertyDescriptor): 1761 * runtime/ObjectPrototype.h: 1762 (ObjectPrototype): 1763 * runtime/PropertySlot.h: 1764 (PropertySlot): 1765 (JSC::PropertySlot::getValue): 1766 * runtime/RegExpConstructor.cpp: 1767 (JSC): 1768 (JSC::RegExpConstructor::finishCreation): 1769 (JSC::RegExpConstructor::getOwnPropertySlot): 1770 (JSC::RegExpConstructor::getOwnPropertyDescriptor): 1771 (JSC::regExpConstructorDollar1): 1772 (JSC::regExpConstructorDollar2): 1773 (JSC::regExpConstructorDollar3): 1774 (JSC::regExpConstructorDollar4): 1775 (JSC::regExpConstructorDollar5): 1776 (JSC::regExpConstructorDollar6): 1777 (JSC::regExpConstructorDollar7): 1778 (JSC::regExpConstructorDollar8): 1779 (JSC::regExpConstructorDollar9): 1780 (JSC::regExpConstructorInput): 1781 (JSC::regExpConstructorMultiline): 1782 (JSC::regExpConstructorLastMatch): 1783 (JSC::regExpConstructorLastParen): 1784 (JSC::regExpConstructorLeftContext): 1785 (JSC::regExpConstructorRightContext): 1786 (JSC::RegExpConstructor::put): 1787 * runtime/RegExpConstructor.h: 1788 (RegExpConstructor): 1789 * runtime/RegExpMatchesArray.h: 1790 (JSC::RegExpMatchesArray::getOwnPropertySlot): 1791 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): 1792 (JSC::RegExpMatchesArray::put): 1793 (JSC::RegExpMatchesArray::deleteProperty): 1794 (JSC::RegExpMatchesArray::defineOwnProperty): 1795 * runtime/RegExpObject.cpp: 1796 (JSC): 1797 (JSC::RegExpObject::getOwnPropertySlot): 1798 (JSC::RegExpObject::getOwnPropertyDescriptor): 1799 (JSC::RegExpObject::deleteProperty): 1800 (JSC::RegExpObject::defineOwnProperty): 1801 (JSC::regExpObjectGlobal): 1802 (JSC::regExpObjectIgnoreCase): 1803 (JSC::regExpObjectMultiline): 1804 (JSC::regExpObjectSource): 1805 (JSC::RegExpObject::put): 1806 * runtime/RegExpObject.h: 1807 (RegExpObject): 1808 * runtime/RegExpPrototype.cpp: 1809 (JSC::RegExpPrototype::getOwnPropertySlot): 1810 (JSC::RegExpPrototype::getOwnPropertyDescriptor): 1811 * runtime/RegExpPrototype.h: 1812 (RegExpPrototype): 1813 * runtime/StrictEvalActivation.cpp: 1814 (JSC::StrictEvalActivation::deleteProperty): 1815 * runtime/StrictEvalActivation.h: 1816 (StrictEvalActivation): 1817 * runtime/StringConstructor.cpp: 1818 (JSC::StringConstructor::finishCreation): 1819 (JSC::StringConstructor::getOwnPropertySlot): 1820 (JSC::StringConstructor::getOwnPropertyDescriptor): 1821 * runtime/StringConstructor.h: 1822 (StringConstructor): 1823 * runtime/StringObject.cpp: 1824 (JSC::StringObject::getOwnPropertySlot): 1825 (JSC::StringObject::getOwnPropertyDescriptor): 1826 (JSC::StringObject::put): 1827 (JSC::StringObject::defineOwnProperty): 1828 (JSC::StringObject::deleteProperty): 1829 * runtime/StringObject.h: 1830 (StringObject): 1831 * runtime/StringPrototype.cpp: 1832 (JSC::StringPrototype::getOwnPropertySlot): 1833 (JSC::StringPrototype::getOwnPropertyDescriptor): 1834 * runtime/StringPrototype.h: 1835 (StringPrototype): 1836 * runtime/Structure.cpp: 1837 (JSC::Structure::despecifyDictionaryFunction): 1838 (JSC::Structure::addPropertyTransitionToExistingStructure): 1839 (JSC::Structure::addPropertyTransition): 1840 (JSC::Structure::removePropertyTransition): 1841 (JSC::Structure::despecifyFunctionTransition): 1842 (JSC::Structure::attributeChangeTransition): 1843 (JSC::Structure::addPropertyWithoutTransition): 1844 (JSC::Structure::removePropertyWithoutTransition): 1845 (JSC::Structure::get): 1846 (JSC::Structure::despecifyFunction): 1847 (JSC::Structure::putSpecificValue): 1848 (JSC::Structure::remove): 1849 * runtime/Structure.h: 1850 (Structure): 1851 (JSC::Structure::get): 1852 18532012-05-11 Michael Saboff <msaboff@apple.com> 1854 1855 Rolling out r116659. 1856 1857 Causes ASSERT failures on bots. 1858 1859 Rubber stamped by Geoff Garen. 1860 1861 * heap/Heap.cpp: 1862 (JSC::Heap::markRoots): 1863 * heap/MarkStack.cpp: 1864 (JSC::MarkStackThreadSharedData::markingThreadMain): 1865 (JSC::MarkStackThreadSharedData::markingThreadStartFunc): 1866 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): 1867 (JSC::MarkStackThreadSharedData::reset): 1868 (JSC::MarkStack::reset): 1869 (JSC): 1870 (JSC::SlotVisitor::copyAndAppend): 1871 * heap/MarkStack.h: 1872 (MarkStackThreadSharedData): 1873 (MarkStack): 1874 * runtime/JSString.h: 1875 (JSString): 1876 (JSC::JSString::finishCreation): 1877 (JSC::JSString::is8Bit): 1878 (JSC::JSRopeString::finishCreation): 1879 18802012-05-11 Oliver Hunt <oliver@apple.com> 1881 1882 Appease thread verifier when dealing with the JSC API's shared VM 1883 https://bugs.webkit.org/show_bug.cgi?id=86268 1884 1885 Reviewed by Geoffrey Garen. 1886 1887 If we're the shared VM, just disable the verifier. This makes debug builds 1888 livable against non-webkit clients. 1889 1890 * runtime/JSGlobalData.cpp: 1891 (JSC::JSGlobalData::JSGlobalData): 1892 18932012-05-11 Filip Pizlo <fpizlo@apple.com> 1894 1895 JIT memory allocator is not returning memory to the OS on Darwin 1896 https://bugs.webkit.org/show_bug.cgi?id=86047 1897 1898 Reviewed by Geoff Garen. 1899 1900 * jit/ExecutableAllocatorFixedVMPool.cpp: 1901 (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree): 1902 19032012-05-11 Geoffrey Garen <ggaren@apple.com> 1904 1905 Clarified JSGlobalData (JavaScript VM) lifetime 1906 https://bugs.webkit.org/show_bug.cgi?id=85142 1907 1908 Reviewed by Alexey Proskuryakov. 1909 1910 (Follow-up fix.) 1911 1912 * API/JSContextRef.cpp: 1913 (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef. 1914 (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on 1915 test, because apps might have been linked on older OS's.) 1916 19172012-05-11 Sam Weinig <sam@webkit.org> 1918 1919 Fix crash seen when running with libgmalloc 1920 <rdar://problem/11435411> 1921 https://bugs.webkit.org/show_bug.cgi?id=86232 1922 1923 Reviewed by Gavin Barraclough. 1924 1925 * heap/MarkStack.cpp: 1926 (JSC::MarkStackThreadSharedData::markingThreadMain): 1927 Don't delete the SlotVisitor before the ParallelModeEnabler has had a chance to run its 1928 destructor. 1929 19302012-05-10 Gavin Barraclough <barraclough@apple.com> 1931 1932 Remove op_get_callee 1933 1934 Rubber stamped by Geoff Garen. 1935 1936 This is now redundant. 1937 1938 * bytecode/CodeBlock.cpp: 1939 (JSC::CodeBlock::dump): 1940 * bytecode/Opcode.h: 1941 (JSC): 1942 (JSC::padOpcodeName): 1943 * dfg/DFGByteCodeParser.cpp: 1944 (JSC::DFG::ByteCodeParser::parseBlock): 1945 * dfg/DFGCapabilities.h: 1946 (JSC::DFG::canCompileOpcode): 1947 * interpreter/Interpreter.cpp: 1948 (JSC::Interpreter::privateExecute): 1949 * jit/JIT.cpp: 1950 (JSC::JIT::privateCompileMainPass): 1951 * jit/JIT.h: 1952 * jit/JITOpcodes.cpp: 1953 (JSC): 1954 * jit/JITOpcodes32_64.cpp: 1955 (JSC): 1956 * llint/LowLevelInterpreter32_64.asm: 1957 * llint/LowLevelInterpreter64.asm: 1958 19592012-05-10 Gavin Barraclough <barraclough@apple.com> 1960 1961 Cache inheritorID on JSFunction 1962 https://bugs.webkit.org/show_bug.cgi?id=85853 1963 1964 Reviewed by Geoff Garen & Filip Pizlo. 1965 1966 An object's prototype is indicated via its structure. To create an otherwise 1967 empty object with object A as its prototype, we require a structure with its 1968 prototype set to point to A. We wish to use this same structure for all empty 1969 objects created with a prototype of A, so we presently store this structure as 1970 a property of A, known as the inheritorID. 1971 1972 When a function F is invoked as a constructor, where F has a property 'prototype' 1973 set to point to A, in order to create the 'this' value for the constructor to 1974 use the following steps are taken: 1975 - the 'prototype' proptery of F is read, via a regular [[Get]] access. 1976 - the inheritorID internal property of the prototype is read. 1977 - a new, empty object is constructed with its structure set to point to inheritorID. 1978 1979 There are two drawbacks to the current approach: 1980 - it requires that every object has an inheritorID field. 1981 - it requires a [[Get]] access on every constructor call to access the 'prototype' property. 1982 1983 Instead, switch to caching a copy of the inheritorID on the function. Constructor 1984 calls now only need read the internal property from the callee, saving a [[Get]]. 1985 This also means that JSObject::m_inheritorID is no longer commonly read, and in a 1986 future patch we can move to storing this in a more memory efficient fashion. 1987 1988 * JavaScriptCore.xcodeproj/project.pbxproj: 1989 * bytecode/CodeBlock.cpp: 1990 (JSC::CodeBlock::dump): 1991 * bytecode/Opcode.h: 1992 (JSC): 1993 (JSC::padOpcodeName): 1994 * bytecompiler/BytecodeGenerator.cpp: 1995 (JSC::BytecodeGenerator::BytecodeGenerator): 1996 * dfg/DFGAbstractState.cpp: 1997 (JSC::DFG::AbstractState::execute): 1998 * dfg/DFGByteCodeParser.cpp: 1999 (JSC::DFG::ByteCodeParser::parseBlock): 2000 * dfg/DFGNodeType.h: 2001 (DFG): 2002 * dfg/DFGOperations.cpp: 2003 * dfg/DFGOperations.h: 2004 * dfg/DFGPredictionPropagationPhase.cpp: 2005 (JSC::DFG::PredictionPropagationPhase::propagate): 2006 * dfg/DFGSpeculativeJIT32_64.cpp: 2007 (JSC::DFG::SpeculativeJIT::compile): 2008 * dfg/DFGSpeculativeJIT64.cpp: 2009 (JSC::DFG::SpeculativeJIT::compile): 2010 * interpreter/Interpreter.cpp: 2011 (JSC::Interpreter::privateExecute): 2012 * jit/JITInlineMethods.h: 2013 (JSC::JIT::emitAllocateJSFunction): 2014 * jit/JITOpcodes.cpp: 2015 (JSC::JIT::emit_op_create_this): 2016 (JSC::JIT::emitSlow_op_create_this): 2017 * jit/JITOpcodes32_64.cpp: 2018 (JSC::JIT::emit_op_create_this): 2019 (JSC::JIT::emitSlow_op_create_this): 2020 * jit/JITStubs.cpp: 2021 (JSC::DEFINE_STUB_FUNCTION): 2022 * llint/LLIntSlowPaths.cpp: 2023 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 2024 * llint/LowLevelInterpreter32_64.asm: 2025 * llint/LowLevelInterpreter64.asm: 2026 * runtime/JSFunction.cpp: 2027 (JSC::JSFunction::JSFunction): 2028 (JSC::JSFunction::cacheInheritorID): 2029 (JSC): 2030 (JSC::JSFunction::put): 2031 (JSC::JSFunction::defineOwnProperty): 2032 * runtime/JSFunction.h: 2033 (JSC::JSFunction::cachedInheritorID): 2034 (JSFunction): 2035 (JSC::JSFunction::offsetOfCachedInheritorID): 2036 20372012-05-10 Michael Saboff <msaboff@apple.com> 2038 2039 Enh: Hash Const JSString in Backing Stores to Save Memory 2040 https://bugs.webkit.org/show_bug.cgi?id=86024 2041 2042 Reviewed by Filip Pizlo. 2043 2044 During garbage collection, each marking thread keeps a HashMap of 2045 strings. While visiting via MarkStack::copyAndAppend(), we check to 2046 see if the string we are visiting is already in the HashMap. If not 2047 we add it. If so, we change the reference to the current string we're 2048 visiting to the prior string. 2049 2050 To somewhat reduce the performance impact of this change, if a string 2051 is unique at the end of a marking it will not be checked during further 2052 GC phases. In some cases this won't catch all duplicates, but we are 2053 trying to catch the growth of duplicate strings. 2054 2055 * heap/Heap.cpp: 2056 (JSC::Heap::markRoots): 2057 * heap/MarkStack.cpp: 2058 (JSC::MarkStackThreadSharedData::resetChildren): New method called by the 2059 main thread to reset the slave threads. This is primarily done to 2060 clear the m_uniqueStrings HashMap. 2061 (JSC): 2062 (JSC::MarkStackThreadSharedData::markingThreadMain): 2063 (JSC::MarkStackThreadSharedData::markingThreadStartFunc): 2064 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): 2065 (JSC::MarkStackThreadSharedData::reset): 2066 (JSC::MarkStack::reset): Added call to clear m_uniqueStrings. 2067 (JSC::MarkStack::internalAppend): New method that performs the hash consting. 2068 (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash consting 2069 internalAppend() 2070 * heap/MarkStack.h: 2071 (MarkStackThreadSharedData): 2072 (MarkStack): 2073 (JSC::MarkStack::sharedData): 2074 * runtime/JSString.h: 2075 (JSString): Added m_isHashConstSingleton flag, accessors for the flag and 2076 code to initialize the flag. 2077 (JSC::JSString::finishCreation): 2078 (JSC::JSString::isHashConstSingleton): 2079 (JSC::JSString::clearHashConstSingleton): 2080 (JSC::JSString::setHashConstSingleton): 2081 (JSC::JSRopeString::finishCreation): 2082 20832012-05-09 Filip Pizlo <fpizlo@apple.com> 2084 2085 JIT memory allocator is not returning memory to the OS on Darwin 2086 https://bugs.webkit.org/show_bug.cgi?id=86047 2087 <rdar://problem/11414948> 2088 2089 Reviewed by Geoff Garen. 2090 2091 Work around the problem by using a different madvise() flag, but only for the JIT memory 2092 allocator. Also put in ASSERTs that the call is actually working. 2093 2094 * jit/ExecutableAllocatorFixedVMPool.cpp: 2095 (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage): 2096 (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree): 2097 20982012-05-09 Filip Pizlo <fpizlo@apple.com> 2099 2100 It should be possible to get useful debug logging from the JIT memory allocator 2101 https://bugs.webkit.org/show_bug.cgi?id=86042 2102 2103 Reviewed by Geoff Garen. 2104 2105 * jit/ExecutableAllocator.h: 2106 21072012-05-09 Gavin Barraclough <barraclough@apple.com> 2108 2109 GC race condition in OpaqueJSClass::prototype 2110 https://bugs.webkit.org/show_bug.cgi?id=86034 2111 2112 Build fix. 2113 2114 * API/JSClassRef.cpp: 2115 (OpaqueJSClass::prototype): 2116 - Eeeep, landed bad version of patch! 2117 21182012-05-09 Gavin Barraclough <barraclough@apple.com> 2119 2120 GC race condition in OpaqueJSClass::prototype 2121 https://bugs.webkit.org/show_bug.cgi?id=86034 2122 2123 Reviewed by Filip Pizlo. 2124 2125 The bug here is basically: 2126 if (weakref) weakref->method() 2127 where a GC may occur between the if & the method call. 2128 2129 * API/JSClassRef.cpp: 2130 (OpaqueJSClass::prototype): 2131 21322012-05-09 Mark Hahnenberg <mhahnenberg@apple.com> 2133 2134 CopiedSpace does not add pinned blocks back to the to-space filter 2135 https://bugs.webkit.org/show_bug.cgi?id=86011 2136 2137 Reviewed by Geoffrey Garen. 2138 2139 After a collection has finished, we go through the blocks in from-space 2140 and move any of them that are pinned into to-space. At the beginning of 2141 collection, we reset the to-space block filter that is used during 2142 conservative scanning and add back the blocks that are filled during the 2143 collection. However, we neglect to add back those blocks that are moved 2144 from from-space to to-space, which can cause the conservative scan to 2145 think that some pinned items are not actually in CopiedSpace. 2146 2147 * heap/CopiedSpace.cpp: 2148 (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the 2149 to-space filter. Also added a comment and assert for future readers that 2150 indicates that it's okay that we don't also add the block to the 2151 to-space block set since it was never removed. 2152 2153 21542012-05-09 Carlos Garcia Campos <cgarcia@igalia.com> 2155 2156 [GTK] Use independent version numbers for public libraries 2157 https://bugs.webkit.org/show_bug.cgi?id=85984 2158 2159 Reviewed by Gustavo Noronha Silva. 2160 2161 * GNUmakefile.am: Use LIBJAVASCRIPTCOREGTK_VERSION for library 2162 version. 2163 21642012-05-09 Carlos Garcia Campos <cgarcia@igalia.com> 2165 2166 [GTK] Do not install JavaScriptCore platform-specific headers 2167 https://bugs.webkit.org/show_bug.cgi?id=85983 2168 2169 Reviewed by Gustavo Noronha Silva. 2170 2171 JavaScriptCore.h includes JSStringRefCF.h unconditionally. It was 2172 renamed to JavaScript.h in r29234 and it still exists for 2173 compatibility with mac and windows users. 2174 2175 * GNUmakefile.list.am: Remove JavaScriptCore.h, JSStringRefCF.h 2176 and JSStringRefBSTR.h from the sources and headers list. 2177 21782012-05-08 Gavin Barraclough <barraclough@apple.com> 2179 2180 ROLLING OUT r114255 2181 2182 GC in the middle of JSObject::allocatePropertyStorage can cause badness 2183 https://bugs.webkit.org/show_bug.cgi?id=83839 2184 2185 Reviewed by nobody. 2186 2187 This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled. 2188 2189 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2190 * jit/JITStubs.cpp: 2191 (JSC::DEFINE_STUB_FUNCTION): 2192 * runtime/JSObject.cpp: 2193 (JSC::JSObject::allocatePropertyStorage): 2194 * runtime/JSObject.h: 2195 (JSObject): 2196 (JSC::JSObject::isUsingInlineStorage): 2197 (JSC): 2198 (JSC::JSObject::putDirectInternal): 2199 (JSC::JSObject::putDirectWithoutTransition): 2200 (JSC::JSObject::transitionTo): 2201 * runtime/Structure.cpp: 2202 (JSC): 2203 * runtime/Structure.h: 2204 (JSC::Structure::didTransition): 2205 22062012-05-08 Mark Hahnenberg <mhahnenberg@apple.com> 2207 2208 Heap should not continually allocate new pages in steady state 2209 https://bugs.webkit.org/show_bug.cgi?id=85936 2210 2211 Reviewed by Geoff Garen. 2212 2213 Currently, in steady state (i.e. a constant amount of live GC 2214 memory with a constant rate of allocation) assuming we've just 2215 finished a collection with X live blocks in CopiedSpace, we 2216 increase our working set by X blocks in CopiedSpace with each 2217 collection we perform. This is due to the fact that we allocate 2218 until we run out of free blocks to use in the Heap before we 2219 consider whether we should run a collection. 2220 2221 In the longer term, this issue will be mostly resolved by 2222 implementing quick release for the CopiedSpace. In the shorter 2223 term, we should change our policy to check whether we should 2224 allocate before trying to use a free block from the Heap. We 2225 can change our policy to something more appropriate once we 2226 have implemented quick release. 2227 2228 This change should also have the convenient side effect of 2229 reducing the variance in GC-heavy tests (e.g. v8-splay) due 2230 to fact that we are doing less VM allocation during copying 2231 collection. Overall, this patch is performance neutral across 2232 the benchmarks we track. 2233 2234 * heap/CopiedSpace.cpp: 2235 (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator 2236 around so that we only do it if the block request must succeed 2237 i.e. after we've already checked whether we should do a collection. 2238 * heap/MarkedAllocator.cpp: 2239 (JSC::MarkedAllocator::allocateSlowCase): Ditto. 2240 (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this 2241 function because by the time we've called it, we've already checked whether we 2242 should run a collection so there's no point in returning null. 2243 * heap/MarkedAllocator.h: Removing old arguments from function declaration. 2244 (MarkedAllocator): 2245 22462012-05-08 Gavin Barraclough <barraclough@apple.com> 2247 2248 SIGFPE on divide in classic interpreter 2249 https://bugs.webkit.org/show_bug.cgi?id=85917 2250 2251 Rubber stamped by Oliver Hunt. 2252 2253 * interpreter/Interpreter.cpp: 2254 (JSC::Interpreter::privateExecute): 2255 - check for divisor of -1. 2256 22572012-05-07 Oliver Hunt <oliver@apple.com> 2258 2259 Rolling out r110287 2260 2261 RS=Filip Pizlo 2262 2263 r110287 was meant to be refactoring only, but changed behavior 2264 enough to break some websites, including qq.com. 2265 22662012-05-07 Andy Estes <aestes@apple.com> 2267 2268 ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES. 2269 2270 * Configurations/FeatureDefines.xcconfig: 2271 22722012-05-07 Oliver Hunt <oliver@apple.com> 2273 2274 Fix release build. 2275 2276 * llint/LLIntSlowPaths.cpp: 2277 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 2278 22792012-05-07 Oliver Hunt <oliver@apple.com> 2280 2281 LLInt doesn't check for Ropes when performing a character switch 2282 https://bugs.webkit.org/show_bug.cgi?id=85837 2283 2284 Reviewed by Filip Pizlo. 2285 2286 Make LLint check if the scrutinee of a char switch is a rope, and if 2287 so fall back to a slow case. 2288 2289 * llint/LLIntSlowPaths.cpp: 2290 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 2291 (LLInt): 2292 * llint/LowLevelInterpreter32_64.asm: 2293 * llint/LowLevelInterpreter64.asm: 2294 22952012-05-07 Eric Seidel <eric@webkit.org> 2296 2297 Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed 2298 https://bugs.webkit.org/show_bug.cgi?id=85822 2299 2300 Reviewed by Adam Barth. 2301 2302 * Configurations/FeatureDefines.xcconfig: 2303 23042012-05-05 Gavin Barraclough <barraclough@apple.com> 2305 2306 Remove TrustedImm32::m_isPointer 2307 https://bugs.webkit.org/show_bug.cgi?id=85726 2308 2309 Rubber stamped by Sam Weinig. 2310 2311 We used to rely on being able to generate code with known, fixed offsets – to do so we 2312 would inhibit more optimal code generation for pointers. This is no longer necessary. 2313 2314 * assembler/AbstractMacroAssembler.h: 2315 (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32): 2316 (TrustedImm32): 2317 * assembler/MacroAssemblerARM.h: 2318 (JSC::MacroAssemblerARM::store32): 2319 (JSC::MacroAssemblerARM::move): 2320 (JSC::MacroAssemblerARM::branch32): 2321 * assembler/MacroAssemblerARMv7.h: 2322 (JSC::MacroAssemblerARMv7::move): 2323 * assembler/MacroAssemblerMIPS.h: 2324 (JSC::MacroAssemblerMIPS::add32): 2325 (JSC::MacroAssemblerMIPS::and32): 2326 (JSC::MacroAssemblerMIPS::mul32): 2327 (JSC::MacroAssemblerMIPS::or32): 2328 (JSC::MacroAssemblerMIPS::sub32): 2329 (JSC::MacroAssemblerMIPS::store32): 2330 (JSC::MacroAssemblerMIPS::move): 2331 23322012-05-04 Filip Pizlo <fpizlo@apple.com> 2333 2334 DFG should not Flush GetLocal's 2335 https://bugs.webkit.org/show_bug.cgi?id=85663 2336 <rdar://problem/11373600> 2337 2338 Reviewed by Oliver Hunt. 2339 2340 * dfg/DFGByteCodeParser.cpp: 2341 (JSC::DFG::ByteCodeParser::flushArgument): 2342 (JSC::DFG::ByteCodeParser::handleCall): 2343 23442012-05-04 Allan Sandfeld Jensen <allan.jensen@nokia.com> 2345 2346 Doesn't build with ENABLE_JIT=0 2347 https://bugs.webkit.org/show_bug.cgi?id=85042 2348 2349 Reviewed by Gavin Barraclough. 2350 2351 * bytecode/Operands.h: 2352 23532012-05-03 Oliver Hunt <oliver@apple.com> 2354 2355 Regression(r114702): Clobbering the caller frame register before we've stored it. 2356 https://bugs.webkit.org/show_bug.cgi?id=85564 2357 2358 Reviewed by Filip Pizlo. 2359 2360 Don't use t0 as a temporary, when we're about to use the value in t0. 2361 2362 * llint/LowLevelInterpreter32_64.asm: 2363 23642012-05-03 Mark Hahnenberg <mhahnenberg@apple.com> 2365 2366 Removing remainder of accidental printfs. 2367 2368 * heap/Heap.cpp: 2369 (JSC::Heap::collect): 2370 23712012-05-03 Andy Estes <aestes@apple.com> 2372 2373 If you add printf()s to your garbage collector, the layout tests are gonna have a bad time. 2374 2375 * runtime/GCActivityCallbackCF.cpp: 2376 (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): 2377 23782012-05-03 Mark Hahnenberg <mhahnenberg@apple.com> 2379 2380 Heap::reportAbandonedObjectGraph should not hasten an allocation-triggered collection 2381 https://bugs.webkit.org/show_bug.cgi?id=85543 2382 2383 Reviewed by Filip Pizlo. 2384 2385 Currently reportAbandonedObjectGraph causes the Heap to think it is closer to its 2386 allocation limit for the current cycle, thus hastening an allocation-triggered collection. 2387 In reality, it should just affect the opportunistic GC timer. We should track the bytes 2388 we think have been abandoned and the bytes that have been allocated separately. 2389 2390 * heap/Heap.cpp: Added a new field m_abandonedBytes to Heap to keep track of how much 2391 we think we've abandoned. 2392 (JSC::Heap::Heap): 2393 (JSC::Heap::reportAbandonedObjectGraph): 2394 (JSC): 2395 (JSC::Heap::didAbandon): Added this function for reportAbandonedObjectGraph to call 2396 rather than didAllocate. Works the same as didAllocate, but modifies bytes abandoned rather 2397 than bytes allocated. Also notifies the timer, summing the two values together. 2398 (JSC::Heap::collect): 2399 (JSC::Heap::didAllocate): Now adds the bytes allocated and bytes abandoned when reporting 2400 to GCActivityCallback. 2401 * heap/Heap.h: 2402 (Heap): 2403 24042012-05-02 Eric Seidel <eric@webkit.org> 2405 2406 Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate) 2407 https://bugs.webkit.org/show_bug.cgi?id=85433 2408 2409 Reviewed by Adam Barth. 2410 2411 I have a script which can autogenerate these xcconfig files as well as the 2412 vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists 2413 from a central feature list file. 2414 In preparation for posting such a tool, I'm re-sorting these xcconfig files to be 2415 alphabetically ordered (currently they're close, but not quite). 2416 There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which 2417 I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch. 2418 2419 * Configurations/FeatureDefines.xcconfig: 2420 24212012-05-02 Hojong Han <hojong.han@samsung.com> 2422 2423 ARM_TRADITIONAL build fix 2424 https://bugs.webkit.org/show_bug.cgi?id=85358 2425 2426 Reviewed by Gavin Barraclough. 2427 2428 * assembler/MacroAssemblerARM.h: 2429 (JSC::MacroAssemblerARM::lshift32): 2430 (MacroAssemblerARM): 2431 (JSC::MacroAssemblerARM::or32): 2432 (JSC::MacroAssemblerARM::urshift32): 2433 (JSC::MacroAssemblerARM::xor32): 2434 (JSC::MacroAssemblerARM::branchSub32): 2435 24362012-05-02 Mark Hahnenberg <mhahnenberg@apple.com> 2437 2438 Opportunistic GC should give up if the Heap is paged out 2439 https://bugs.webkit.org/show_bug.cgi?id=85411 2440 2441 Reviewed by Filip Pizlo. 2442 2443 Opportunistic GC is punishing us severely in limited memory situations because its 2444 assumptions about how much time a collection will take are way out of whack when the Heap 2445 has been paged out by the OS. We should add a simple detection function to the Heap that 2446 detects if its is paged out. It will do this by iterating each block of both the MarkedSpace 2447 and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms), 2448 the function returns true. This function will only be run prior to an opportunistic 2449 collection (i.e. it will not run during our normal allocation-triggered collections). 2450 2451 In my tests, steady state was drastically improved in high memory pressure situations (i.e. 2452 the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC 2453 would be triggered due to pages doing things in the background, which would cause a 2454 significant pause. As we close pages we now cause normal collections rather than full 2455 collections, which prevents us from collecting all of the dead memory immediately. One 2456 nice way to deal with this issue might be to do incremental sweeping. 2457 2458 2459 * heap/CopiedSpace.cpp: 2460 (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over 2461 to-space, from-space, and the oversize blocks. 2462 (JSC): 2463 (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out 2464 by iterating all of the blocks. 2465 * heap/CopiedSpace.h: 2466 (CopiedSpace): 2467 * heap/Heap.cpp: 2468 (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the 2469 MarkedSpace and CopiedSpace if they are paged out. 2470 (JSC): 2471 * heap/Heap.h: 2472 (Heap): 2473 (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off 2474 each time it determines that the Heap is paged out. 2475 * heap/MarkedAllocator.cpp: 2476 (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's 2477 list of blocks are paged out. 2478 (JSC): 2479 * heap/MarkedAllocator.h: 2480 (MarkedAllocator): 2481 * heap/MarkedSpace.cpp: 2482 (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out. 2483 * heap/MarkedSpace.h: 2484 (MarkedSpace): 2485 * runtime/GCActivityCallback.cpp: 2486 (JSC::DefaultGCActivityCallback::cancel): 2487 (JSC): 2488 * runtime/GCActivityCallback.h: 2489 (JSC::GCActivityCallback::cancel): 2490 (DefaultGCActivityCallback): 2491 * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining 2492 whether the Heap is paged out or not. 2493 (JSC): 2494 (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we 2495 should attempt a collection based on whether or not we can iterate the blocks of the Heap in 2496 100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to 2497 do a collection. This gives us a nice linear backoff so we're not constantly re-trying in 2498 steady state paged-out-ness. 2499 (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing 2500 exactly the same thing as willCollect, is more obvious as to what it's doing when we call it 2501 in timerDidFire. 2502 25032012-05-02 Yong Li <yoli@rim.com> 2504 2505 Fix GCC X86 build error 2506 https://bugs.webkit.org/show_bug.cgi?id=85379 2507 2508 Reviewed by Rob Buis. 2509 2510 Always explicitly claim ".text" to make sure 2511 functions defined with inline assembly will be 2512 created in the correct section. 2513 2514 * dfg/DFGOperations.cpp: 2515 (JSC): 2516 25172012-05-02 Oliver Hunt <oliver@apple.com> 2518 2519 Unreviewed, rolling out r115388. 2520 http://trac.webkit.org/changeset/115388 2521 https://bugs.webkit.org/show_bug.cgi?id=85011 2522 2523 This caused many weird performance problems, and needs to be 2524 landed in pieces. 2525 2526 * dfg/DFGOperations.cpp: 2527 * heap/Heap.cpp: 2528 (JSC::Heap::getConservativeRegisterRoots): 2529 (JSC::Heap::markRoots): 2530 * interpreter/CallFrame.cpp: 2531 (JSC::CallFrame::dumpCaller): 2532 (JSC): 2533 * interpreter/CallFrame.h: 2534 (JSC::ExecState::init): 2535 (ExecState): 2536 * interpreter/Interpreter.cpp: 2537 (JSC::Interpreter::execute): 2538 (JSC::Interpreter::executeCall): 2539 (JSC::Interpreter::executeConstruct): 2540 (JSC::Interpreter::prepareForRepeatCall): 2541 (JSC::Interpreter::privateExecute): 2542 * interpreter/Interpreter.h: 2543 (JSC::Interpreter::execute): 2544 * interpreter/RegisterFile.cpp: 2545 (JSC::RegisterFile::growSlowCase): 2546 (JSC::RegisterFile::gatherConservativeRoots): 2547 * interpreter/RegisterFile.h: 2548 (JSC::RegisterFile::end): 2549 (JSC::RegisterFile::size): 2550 (JSC::RegisterFile::addressOfEnd): 2551 (RegisterFile): 2552 (JSC::RegisterFile::RegisterFile): 2553 (JSC::RegisterFile::shrink): 2554 (JSC::RegisterFile::grow): 2555 * jit/JITStubs.cpp: 2556 (JSC::DEFINE_STUB_FUNCTION): 2557 (JSC::jitCompileFor): 2558 (JSC::lazyLinkFor): 2559 * llint/LLIntSlowPaths.cpp: 2560 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 2561 (JSC::LLInt::handleHostCall): 2562 * llint/LowLevelInterpreter.asm: 2563 * runtime/CommonSlowPaths.h: 2564 (JSC::CommonSlowPaths::arityCheckFor): 2565 25662012-05-01 Oliver Hunt <oliver@apple.com> 2567 2568 Physijs demo crashes due to DFG not updating topCallFrame correctly. 2569 https://bugs.webkit.org/show_bug.cgi?id=85311 2570 2571 Reviewed by Filip Pizlo. 2572 2573 A few of the dfg operations failed to correctly set the topCallFrame, 2574 and so everything goes wrong. This patch corrects the effected operations, 2575 and makes debug builds poison topCallFrame before calling a dfg operation. 2576 2577 * dfg/DFGOperations.cpp: 2578 (JSC::DFG::putByVal): 2579 * dfg/DFGSpeculativeJIT.h: 2580 (JSC::DFG::SpeculativeJIT::callOperation): 2581 (SpeculativeJIT): 2582 (JSC::DFG::SpeculativeJIT::prepareForExternalCall): 2583 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): 2584 (JSC::DFG::SpeculativeJIT::appendCallSetResult): 2585 25862012-04-30 Gavin Barraclough <barraclough@apple.com> 2587 2588 Should be able to use YARR JIT without the JS language JIT 2589 https://bugs.webkit.org/show_bug.cgi?id=85252 2590 2591 Reviewed by Geoff Garen. 2592 2593 Need to split canUseRegExpJIT out of canUseJIT. 2594 2595 * runtime/JSGlobalData.cpp: 2596 (JSC): 2597 (JSC::useJIT): 2598 (JSC::JSGlobalData::JSGlobalData): 2599 - replace m_canUseJIT with m_canUseAssembler 2600 * runtime/JSGlobalData.h: 2601 (JSGlobalData): 2602 (JSC::JSGlobalData::canUseRegExpJIT): 2603 - Added canUseRegExpJIT, distinct from canUseJIT. 2604 * runtime/RegExp.cpp: 2605 (JSC::RegExp::compile): 2606 (JSC::RegExp::compileMatchOnly): 2607 - Call canUseRegExpJIT instead of canUseJIT. 2608 26092012-04-30 Gavin Barraclough <barraclough@apple.com> 2610 2611 Should be able to build YARR JIT without the JS language JIT 2612 https://bugs.webkit.org/show_bug.cgi?id=85242 2613 2614 Reviewed by Michael Saboff. 2615 2616 Some build macros are wrong. 2617 2618 * assembler/RepatchBuffer.h: 2619 * jit/ExecutableAllocator.h: 2620 (JSC): 2621 * jit/JITExceptions.cpp: 2622 * runtime/InitializeThreading.cpp: 2623 (JSC::initializeThreadingOnce): 2624 26252012-04-26 Gavin Barraclough <barraclough@apple.com> 2626 2627 Arguments object resets attributes on redefinition of a parameter 2628 https://bugs.webkit.org/show_bug.cgi?id=84994 2629 2630 Rubber stamped by Oliver Hunt. 2631 2632 There is a bug that we always re-add the original property before 2633 redefinition, doing so in a way that will reset the attributes 2634 without checking configurability. 2635 2636 * runtime/Arguments.cpp: 2637 (JSC::Arguments::defineOwnProperty): 2638 - Only instantiate the property once - do not re-add if 2639 it has already been added, or if it has been deleted. 2640 26412012-04-30 Ryosuke Niwa <rniwa@webkit.org> 2642 2643 Remove an erroneous assertion after r115655. 2644 2645 * runtime/NumberPrototype.cpp: 2646 (JSC::toUStringWithRadix): 2647 26482012-04-30 Myles Maxfield <mmaxfield@google.com> 2649 2650 End of Interpreter::tryCacheGetByID can trigger the garbage collector 2651 https://bugs.webkit.org/show_bug.cgi?id=84927 2652 2653 Reviewed by Oliver Hunt. 2654 2655 * interpreter/Interpreter.cpp: 2656 (JSC::Interpreter::tryCacheGetByID): 2657 26582012-04-30 Benjamin Poulain <benjamin@webkit.org> 2659 2660 jsSingleCharacterString and jsSingleCharacterSubstring are not inlined 2661 https://bugs.webkit.org/show_bug.cgi?id=85147 2662 2663 Reviewed by Darin Adler. 2664 2665 The functions jsSingleCharacterString() and jsSingleCharacterSubstring() were not inlined 2666 by the compiler. This annihilate the gains of using SmallStrings. 2667 2668 On stringProtoFuncCharAt(), this patch improves the performance by 11%. 2669 2670 * runtime/JSString.h: 2671 (JSC::jsSingleCharacterString): 2672 (JSC::jsSingleCharacterSubstring): 2673 26742012-04-30 Benjamin Poulain <bpoulain@apple.com> 2675 2676 Add fast patch for radix == 10 on numberProtoFuncToString 2677 https://bugs.webkit.org/show_bug.cgi?id=85120 2678 2679 Reviewed by Darin Adler. 2680 2681 When radix, we use to turn the doubleValue into a JSValue just to convert 2682 it to a String. The problem is that was using the slow path for conversion and 2683 for the toString() operation. 2684 2685 This patch shortcuts the creation of a JSValue and uses NumericStrings directly. 2686 The conversion is split between Integer and Double to ensure the fastest conversion 2687 for the common case of integer arguments. 2688 2689 Converting number with radix 10 becomes 5% faster. 2690 2691 Due to the simpler conversion of number to string for integer, converting 2692 integers that do not fall in the two previous optimizations get 32% faster. 2693 2694 * runtime/NumberPrototype.cpp: 2695 (JSC::extractRadixFromArgs): 2696 (JSC::integerValueToString): 2697 (JSC::numberProtoFuncToString): 2698 26992012-04-30 Carlos Garcia Campos <cgarcia@igalia.com> 2700 2701 Unreviewed. Fix make distcheck. 2702 2703 * GNUmakefile.list.am: Add missing header. 2704 27052012-04-28 Geoffrey Garen <ggaren@apple.com> 2706 2707 Factored threaded block allocation into a separate object 2708 https://bugs.webkit.org/show_bug.cgi?id=85148 2709 2710 Reviewed by Sam Weinig. 2711 2712 99% of this patch just moves duplicated block allocation and 2713 deallocation code into a new object named BlockAllocator, with these 2714 exceptions: 2715 2716 * heap/BlockAllocator.h: Added. 2717 (BlockAllocator::BlockAllocator): The order of declarations here now 2718 guards us against an unlikely race condition during startup. 2719 2720 * heap/BlockAllocator.cpp: 2721 JSC::BlockAllocator::blockFreeingThreadMain): Added a FIXME to 2722 highlight a lack of clarity we have in our block deallocation routines. 2723 27242012-04-28 Sam Weinig <sam@webkit.org> 2725 2726 Try to fix the Qt build. 2727 2728 * heap/Heap.cpp: 2729 (JSC::Heap::lastChanceToFinalize): 2730 27312012-04-28 Geoffrey Garen <ggaren@apple.com> 2732 2733 Try to fix the Windows build. 2734 2735 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2736 27372012-04-28 Geoffrey Garen <ggaren@apple.com> 2738 2739 Clarified JSGlobalData (JavaScript VM) lifetime 2740 https://bugs.webkit.org/show_bug.cgi?id=85142 2741 2742 Reviewed by Anders Carlsson. 2743 2744 This was so confusing that I didn't feel like I could reason about 2745 memory lifetime in the heap without fixing it. 2746 2747 The rules are: 2748 2749 (1) JSGlobalData owns the virtual machine and all memory in it. 2750 2751 (2) Deleting a JSGlobalData frees the virtual machine and all memory 2752 in it. 2753 2754 (Caveat emptor: if you delete the virtual machine while you're running 2755 JIT code or accessing GC objects, you're gonna have a bad time.) 2756 2757 (I opted not to make arbitrary sub-objects keep the virtual machine 2758 alive automatically because: 2759 2760 (a) doing that right would be complex and slow; 2761 2762 (b) in the case of an exiting thread or process, there's no 2763 clear way to give the garbage collector a chance to try again 2764 later; 2765 2766 (c) continuing to run the garbage collector after we've been 2767 asked to shut down the virtual machine seems rude; 2768 2769 (d) we've never really supported that feature, anyway.) 2770 2771 (3) Normal ref-counting will do. No need to call a battery of 2772 specialty functions to tear down a JSGlobalData. Its foibles 2773 notwithstanding, C++ does in fact know how to execute destructors in 2774 order. 2775 2776 * API/JSContextRef.cpp: 2777 (JSGlobalContextCreate): Removed compatibility shim for older 2778 operating systems because it's no longer used. 2779 2780 (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do 2781 the right thing", this code is much simpler. We still have one special 2782 case to notify the garbage collector if we're removing the last 2783 reference to the global object, since this can improve memory behavior. 2784 2785 * heap/CopiedSpace.cpp: 2786 (JSC::CopiedSpace::freeAllBlocks): 2787 * heap/CopiedSpace.h: 2788 (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true 2789 destruction-time behaviors should be limited to our C++ destructor. 2790 2791 * heap/Heap.cpp: 2792 (JSC::Heap::~Heap): 2793 (JSC): 2794 (JSC::Heap::lastChanceToFinalize): 2795 * heap/Heap.h: 2796 (Heap): 2797 (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because 2798 true destruction-time behaviors should be limited to our C++ 2799 destructor. 2800 2801 Reorganized the code, putting code that must run before any objects 2802 get torn down into lastChanceToFinalize, and code that just tears down 2803 objects into our destructor. 2804 2805 * heap/Local.h: 2806 (JSC::LocalStack::LocalStack): 2807 (JSC::LocalStack::push): 2808 (LocalStack): See rule (2). 2809 2810 * jsc.cpp: 2811 (functionQuit): 2812 (main): 2813 (printUsageStatement): 2814 (parseArguments): 2815 (jscmain): 2816 * testRegExp.cpp: 2817 (main): 2818 (printUsageStatement): 2819 (parseArguments): 2820 (realMain): See rule (3). 2821 2822 I removed the feature of ensuring orderly tear-down when calling quit() 2823 or running in --help mode because it didn't seem very useful and 2824 making it work with Windows structured exception handling and 2825 NO_RETURN didn't seem like a fun way to spend a Saturday. 2826 2827 * runtime/JSGlobalData.h: 2828 * runtime/JSGlobalData.cpp: 2829 (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data 2830 member in JSGlobalData to ensure that it's destructed last, so other 2831 objects that reference it destruct without crashing. This allowed me 2832 to remove clearBuiltinStructures() altogether, and helped guarantee 2833 rule (3). 2834 2835 (JSC::JSGlobalData::~JSGlobalData): Explicitly call 2836 lastChanceToFinalize() at the head of our destructor to ensure that 2837 all pending finalizers run while the virtual machine is still in a 2838 valid state. Trying to resurrect (re-ref) the virtual machine at this 2839 point is not valid, but all other operations are. 2840 2841 Changed a null to a 0xbbadbeef to clarify just how bad this beef is. 2842 2843 * runtime/JSGlobalObject.cpp: 2844 (JSC::JSGlobalObject::init): 2845 * runtime/JSGlobalObject.h: 2846 (JSGlobalObject): 2847 (JSC::JSGlobalObject::globalData): See rule (3). 2848 28492012-04-27 Geoffrey Garen <ggaren@apple.com> 2850 2851 Try to fix the Windows build. 2852 2853 * heap/WeakBlock.h: 2854 (WeakBlock): 2855 28562012-04-27 Geoffrey Garen <ggaren@apple.com> 2857 2858 Made WeakSet::allocate() static and removed its JSGlobalData argument 2859 https://bugs.webkit.org/show_bug.cgi?id=85128 2860 2861 Reviewed by Anders Carlsson. 2862 2863 This is a step toward faster finalization. 2864 2865 WeakSet::allocate() now deduces which WeakSet to allocate from based on 2866 its JSCell* argument. (Currently, there's only one WeakSet, but soon 2867 there will be many.) 2868 2869 This was a global replace of "globalData.heap.weakSet()->allocate" with 2870 "WeakSet::allocate", plus by-hand removal of the JSGlobalData argument. 2871 2872 * heap/WeakSetInlines.h: Copied from Source/JavaScriptCore/heap/WeakSet.h. 2873 2874 I had to split out WeakSet::allocate() in to a separate header to avoid 2875 a cycle. 2876 2877 (JSC::WeakSet::allocate): We can mask the pointer we're passed to 2878 figure out where to allocate our WeakImpl. (Soon, we'll use this to 2879 associate the WeakImpl with the GC block it references.) 2880 28812012-04-27 Geoffrey Garen <ggaren@apple.com> 2882 2883 Stop using aligned allocation for WeakBlock 2884 https://bugs.webkit.org/show_bug.cgi?id=85124 2885 2886 Reviewed by Anders Carlsson. 2887 2888 We don't actually use the alignment for anything. 2889 2890 * heap/WeakBlock.cpp: 2891 (JSC::WeakBlock::create): 2892 (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular 2893 allocation. 2894 2895 * heap/WeakBlock.h: 2896 (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned 2897 allocation. This change required me to add some declarations that we used 2898 to inherit from HeapBlock. 2899 2900 (WeakBlock::blockFor): Removed. This function relied on aligned allocation 2901 but didn't do anything for us. 2902 2903 (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation 2904 logic, so it shouldn't own the function. 2905 2906 * heap/WeakSet.cpp: 2907 (JSC::WeakSet::~WeakSet): 2908 (JSC::WeakSet::finalizeAll): 2909 (JSC::WeakSet::visitLiveWeakImpls): 2910 (JSC::WeakSet::visitDeadWeakImpls): 2911 (JSC::WeakSet::sweep): 2912 (JSC::WeakSet::shrink): 2913 (JSC::WeakSet::resetAllocator): 2914 (JSC::WeakSet::tryFindAllocator): 2915 * heap/WeakSet.h: 2916 (WeakSet): Updated declarations to reflect WeakBlock not inheriting from 2917 HeapBlock. This allowed me to remove some casts, which was nice. 2918 2919 (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of 2920 asking WeakBlock to do it for us. We don't need to have a WeakBlock 2921 pointer to set the flag, so stop asking for one. 2922 29232012-04-27 Kentaro Hara <haraken@chromium.org> 2924 2925 [JSC] Implement a helper method createNotEnoughArgumentsError() 2926 https://bugs.webkit.org/show_bug.cgi?id=85102 2927 2928 Reviewed by Geoffrey Garen. 2929 2930 In bug 84787, kbr@ requested to avoid hard-coding 2931 createTypeError(exec, "Not enough arguments") here and there. 2932 This patch implements createNotEnoughArgumentsError(exec) 2933 and uses it in JSC bindings. 2934 2935 c.f. a corresponding bug for V8 bindings is bug 85097. 2936 2937 * runtime/Error.cpp: 2938 (JSC::createNotEnoughArgumentsError): 2939 (JSC): 2940 * runtime/Error.h: 2941 (JSC): 2942 29432012-04-27 Geoffrey Garen <ggaren@apple.com> 2944 2945 Only allow non-null pointers in the WeakSet 2946 https://bugs.webkit.org/show_bug.cgi?id=85119 2947 2948 Reviewed by Darin Adler. 2949 2950 This is a step toward more efficient finalization. 2951 2952 No clients put non-pointers (JSValues) into Weak<T> and PassWeak<T>. 2953 2954 Some clients put null pointers into Weak<T> and PassWeak<T>, but this is 2955 more efficient and straight-forward to model with a null in the Weak<T> 2956 or PassWeak<T> instead of allocating a WeakImpl just to hold null. 2957 2958 * heap/PassWeak.h: 2959 (JSC): Removed the Unknown (JSValue) type of weak pointer because it's 2960 unused now. 2961 2962 (PassWeak): Don't provide a default initializer for our JSCell* argument. 2963 This feature was only used in one place, and it was a bug. 2964 2965 (JSC::::get): Don't check for a null stored inside our WeakImpl: that's 2966 not allowed anymore. 2967 2968 (JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of 2969 allocating a WeakImpl and storing null into it. 2970 2971 * heap/Weak.h: 2972 (Weak): 2973 (JSC::::Weak): Same changes as in PassWeak<T>. 2974 2975 * heap/WeakBlock.cpp: 2976 (JSC::WeakBlock::visitLiveWeakImpls): 2977 (JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in 2978 the WeakSet now, so no need to check for non-cells and null cell pointers. 2979 2980 * heap/WeakImpl.h: 2981 (JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet 2982 now, so ASSERT that. 2983 29842012-04-27 Gavin Barraclough <barraclough@apple.com> 2985 2986 <rdar://problem/7909395> Math in JavaScript is inaccurate on iOS 2987 2988 By defalut IEEE754 denormal support is disabled on iOS; 2989 turn it on. 2990 2991 Reviewed by Filip Pizlo. 2992 2993 * jsc.cpp: 2994 (main): 2995 - clear the appropriate bit in the fpscr. 2996 29972012-04-27 Michael Saboff <msaboff@apple.com> 2998 2999 Memory wasted in JSString for non-rope strings 3000 https://bugs.webkit.org/show_bug.cgi?id=84907 3001 3002 Reviewed by Geoffrey Garen. 3003 3004 Split JSString into two classes, JSString as a base class that does not 3005 include the fibers of a Rope, and a subclass JSRopeString that has the 3006 rope functionality. Both classes "share" the same ClassInfo. Added 3007 a bool to JSString to indicate that the string was allocated as a JSRopeString 3008 to properly handle visiting the fiber children when the rope is resolved and 3009 the JSRopeString appears as a JSString. Didn't change the interface of JSString 3010 to require any JIT changes. 3011 3012 As part of this change, removed "cellSize" from ClassInfo since both classes 3013 share the same ClassInfo, but have different sizes. The only use I could find 3014 for cellSize was an ASSERT in allocateCell(). 3015 3016 This appears to be neutral on performance tests. 3017 3018 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Changed JSString::resolveRope 3019 to JSRopeString::resolveRope 3020 * runtime/ClassInfo.h: 3021 (JSC): 3022 (ClassInfo): 3023 * runtime/JSCell.h: 3024 (JSC::allocateCell): 3025 * runtime/JSString.cpp: 3026 (JSC::JSRopeString::RopeBuilder::expand): 3027 (JSC::JSString::visitChildren): 3028 (JSC): 3029 (JSC::JSRopeString::visitFibers): 3030 (JSC::JSRopeString::resolveRope): 3031 (JSC::JSRopeString::resolveRopeSlowCase8): 3032 (JSC::JSRopeString::resolveRopeSlowCase): 3033 (JSC::JSRopeString::outOfMemory): 3034 (JSC::JSRopeString::getIndexSlowCase): 3035 * runtime/JSString.h: 3036 (JSC): 3037 (JSString): 3038 (JSC::JSString::finishCreation): 3039 (JSC::JSString::create): 3040 (JSC::JSString::isRope): 3041 (JSC::JSString::is8Bit): 3042 (JSRopeString): 3043 (RopeBuilder): 3044 (JSC::JSRopeString::RopeBuilder::RopeBuilder): 3045 (JSC::JSRopeString::RopeBuilder::append): 3046 (JSC::JSRopeString::RopeBuilder::release): 3047 (JSC::JSRopeString::RopeBuilder::length): 3048 (JSC::JSRopeString::JSRopeString): 3049 (JSC::JSRopeString::finishCreation): 3050 (JSC::JSRopeString::createNull): 3051 (JSC::JSRopeString::create): 3052 (JSC::JSString::value): 3053 (JSC::JSString::tryGetValue): 3054 (JSC::JSString::getIndex): 3055 (JSC::jsStringBuilder): 3056 * runtime/Operations.h: 3057 (JSC::jsString): 3058 (JSC::jsStringFromArguments): 3059 30602012-04-27 Oliver Hunt <oliver@apple.com> 3061 3062 Correct assertion. 3063 3064 * interpreter/Interpreter.cpp: 3065 (JSC::Interpreter::throwException): 3066 30672012-04-27 Oliver Hunt <oliver@apple.com> 3068 3069 Lazy link phase of baseline jit fails to propagate exception 3070 https://bugs.webkit.org/show_bug.cgi?id=85092 3071 3072 Reviewed by Filip Pizlo. 3073 3074 Very simple patch, when linking produces an error we need to actually store 3075 the exception prior to throwing it. I can't find any other examples of this, 3076 but as we're already in the slow path when throwing an exception I've hardened 3077 exception throwing against null exceptions. 3078 3079 * interpreter/Interpreter.cpp: 3080 (JSC::Interpreter::throwException): 3081 * jit/JITStubs.cpp: 3082 (JSC::lazyLinkFor): 3083 30842012-04-27 Benjamin Poulain <benjamin@webkit.org> 3085 3086 Generalize the single character optimization of numberProtoFuncToString 3087 https://bugs.webkit.org/show_bug.cgi?id=85027 3088 3089 Reviewed by Geoffrey Garen. 3090 3091 The function numberProtoFuncToString() has an optimization to use SmallStrings::singleCharacterString() 3092 when the radix is 36. 3093 3094 This patch generalize the optimization for any radix. Any positive number smaller than its radix 3095 can be represented by a single character of radixDigits. 3096 3097 This makes numberProtoFuncToString() about twice as fast for this case of single digit conversion. 3098 3099 * runtime/NumberPrototype.cpp: 3100 (JSC::numberProtoFuncToString): 3101 31022012-04-27 Gavin Peters <gavinp@chromium.org> 3103 3104 Add new ENABLE_LINK_PRERENDER define to control the Prerendering API 3105 https://bugs.webkit.org/show_bug.cgi?id=84871 3106 3107 Reviewed by Adam Barth. 3108 3109 Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering 3110 API separates it from prefetching. Having separate include guards lets ports enable prefetching, 3111 a relatively easy change, without needing to build the infrastructure for prerendering, which 3112 is considerably more complicated. 3113 3114 * Configurations/FeatureDefines.xcconfig: 3115 31162012-04-26 Oliver Hunt <oliver@apple.com> 3117 3118 Allocating WeakImpl should not trigger GC, as that makes the world very tricksy. 3119 https://bugs.webkit.org/show_bug.cgi?id=85020 3120 3121 Reviewed by Gavin Barraclough. 3122 3123 Now in the event that we are unable to find an allocator for a new handle, just 3124 add a new allocator rather than trying to recover "dead" handles through a GC. 3125 3126 Find allocator is now much simpler, and addAllocator directly reports the 3127 increased memory usage to the heap without causing any GC to happen immediately. 3128 3129 * heap/WeakSet.cpp: 3130 (JSC::WeakSet::findAllocator): 3131 (JSC::WeakSet::addAllocator): 3132 31332012-04-26 Oliver Hunt <oliver@apple.com> 3134 3135 Remove RegisterFile::end()/m_end 3136 https://bugs.webkit.org/show_bug.cgi?id=85011 3137 3138 Reviewed by Gavin Barraclough. 3139 3140 Get rid of end() and m_end from RegisterFile. From now on 3141 we only care about the end of the committed region when calling 3142 code. When re-entering the VM we now plant the new CallFrame 3143 immediately after whatever the current topCallFrame is. This 3144 required adding a routine to CallFrame to determine exactly what 3145 we should be doing (in the absence of an existing CallFrame, we 3146 can't reason about the frameExtent() so we check for that). 3147 3148 This also now means that the GC only marks the portion of the 3149 RegisterFile that is actually in use, and that VM re-entry doesn't 3150 exhaust the RegisterFile as rapidly. 3151 3152 * dfg/DFGOperations.cpp: 3153 * heap/Heap.cpp: 3154 (JSC::Heap::getConservativeRegisterRoots): 3155 (JSC::Heap::markRoots): 3156 * interpreter/CallFrame.h: 3157 (JSC::ExecState::init): 3158 (JSC::ExecState::startOfReusableRegisterFile): 3159 (ExecState): 3160 * interpreter/Interpreter.cpp: 3161 (JSC::Interpreter::execute): 3162 (JSC::Interpreter::executeCall): 3163 (JSC::Interpreter::executeConstruct): 3164 (JSC::Interpreter::prepareForRepeatCall): 3165 (JSC::Interpreter::privateExecute): 3166 * interpreter/Interpreter.h: 3167 (JSC::Interpreter::execute): 3168 * interpreter/RegisterFile.cpp: 3169 (JSC::RegisterFile::growSlowCase): 3170 (JSC::RegisterFile::gatherConservativeRoots): 3171 * interpreter/RegisterFile.h: 3172 (JSC::RegisterFile::commitEnd): 3173 (JSC::RegisterFile::addressOfEnd): 3174 (RegisterFile): 3175 (JSC::RegisterFile::RegisterFile): 3176 (JSC::RegisterFile::shrink): 3177 (JSC::RegisterFile::grow): 3178 * jit/JITStubs.cpp: 3179 (JSC::DEFINE_STUB_FUNCTION): 3180 (JSC::jitCompileFor): 3181 (JSC::lazyLinkFor): 3182 * llint/LLIntSlowPaths.cpp: 3183 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 3184 (JSC::LLInt::handleHostCall): 3185 * llint/LowLevelInterpreter.asm: 3186 * runtime/CommonSlowPaths.h: 3187 (JSC::CommonSlowPaths::arityCheckFor): 3188 31892012-04-26 Filip Pizlo <fpizlo@apple.com> 3190 3191 DFG ARMv7 backend should optimize Float32 arrays 3192 https://bugs.webkit.org/show_bug.cgi?id=85000 3193 <rdar://problem/10652827> 3194 3195 Reviewed by Gavin Barraclough. 3196 3197 * assembler/ARMv7Assembler.h: 3198 (ARMv7Assembler): 3199 (JSC::ARMv7Assembler::flds): 3200 (JSC::ARMv7Assembler::fsts): 3201 (JSC::ARMv7Assembler::vcvtds): 3202 (JSC::ARMv7Assembler::vcvtsd): 3203 * assembler/MacroAssemblerARMv7.h: 3204 (JSC::MacroAssemblerARMv7::loadFloat): 3205 (MacroAssemblerARMv7): 3206 (JSC::MacroAssemblerARMv7::storeFloat): 3207 (JSC::MacroAssemblerARMv7::convertFloatToDouble): 3208 (JSC::MacroAssemblerARMv7::convertDoubleToFloat): 3209 * bytecode/PredictedType.h: 3210 (JSC::isActionableFloatMutableArrayPrediction): 3211 * dfg/DFGNode.h: 3212 (JSC::DFG::Node::shouldSpeculateFloat32Array): 3213 32142012-04-25 Benjamin Poulain <benjamin@webkit.org> 3215 3216 Add a version of StringImpl::find() without offset 3217 https://bugs.webkit.org/show_bug.cgi?id=83968 3218 3219 Reviewed by Sam Weinig. 3220 3221 Add support for the new StringImpl::find() to UString. 3222 3223 Change stringProtoFuncIndexOf() to specifically take advatage of the feature. 3224 This gives a 12% gains on a distribution of strings between 30 and 100 characters. 3225 3226 * runtime/StringPrototype.cpp: 3227 (JSC::substituteBackreferences): 3228 (JSC::stringProtoFuncIndexOf): 3229 * runtime/UString.h: 3230 (UString): 3231 (JSC::UString::find): 3232 32332012-04-25 Mark Hahnenberg <mhahnenberg@apple.com> 3234 3235 WebCore shouldn't call collectAllGarbage directly 3236 https://bugs.webkit.org/show_bug.cgi?id=84897 3237 3238 Reviewed by Geoffrey Garen. 3239 3240 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported symbol 3241 for reportAbanondedObjectGraph so WebCore can use it. 3242 * heap/Heap.h: Ditto. 3243 32442012-04-25 Oliver Hunt <oliver@apple.com> 3245 3246 Biolab disaster crashes on ToT 3247 https://bugs.webkit.org/show_bug.cgi?id=84898 3248 3249 Reviewed by Filip Pizlo. 3250 3251 Whoops, committed without saving reviewer requested change. 3252 3253 * dfg/DFGVirtualRegisterAllocationPhase.cpp: 3254 (JSC::DFG::VirtualRegisterAllocationPhase::run): 3255 32562012-04-25 Oliver Hunt <oliver@apple.com> 3257 3258 Biolab disaster crashes on ToT 3259 https://bugs.webkit.org/show_bug.cgi?id=84898 3260 3261 Reviewed by Filip Pizlo. 3262 3263 I recently added an assertion to the Interpreter to catch incorrect 3264 updates of topCallFrame. This caused a bunch of sites (including biolab 3265 disaster) to crash as we were not correctly handling callee registers 3266 of inlined functions, leading to a mismatch. 3267 3268 I could not actually make this trigger directly, although it does trigger 3269 already on some of the GTK and QT bots. 3270 3271 * dfg/DFGVirtualRegisterAllocationPhase.cpp: 3272 (JSC::DFG::VirtualRegisterAllocationPhase::run): 3273 32742012-04-25 Kenneth Russell <kbr@google.com> 3275 3276 Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced 3277 https://bugs.webkit.org/show_bug.cgi?id=83655 3278 3279 Reviewed by Oliver Hunt. 3280 3281 * CMakeLists.txt: 3282 * GNUmakefile.list.am: 3283 * JavaScriptCore.gypi: 3284 * JavaScriptCore.order: 3285 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 3286 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 3287 * JavaScriptCore.xcodeproj/project.pbxproj: 3288 * Target.pri: 3289 * bytecode/PredictedType.cpp: 3290 (JSC::predictionToString): 3291 (JSC::predictionToAbbreviatedString): 3292 (JSC::predictionFromClassInfo): 3293 * bytecode/PredictedType.h: 3294 (JSC): 3295 (JSC::isActionableIntMutableArrayPrediction): 3296 * dfg/DFGAbstractState.cpp: 3297 (JSC::DFG::AbstractState::initialize): 3298 (JSC::DFG::AbstractState::execute): 3299 * dfg/DFGCSEPhase.cpp: 3300 (JSC::DFG::CSEPhase::performNodeCSE): 3301 * dfg/DFGFixupPhase.cpp: 3302 (JSC::DFG::FixupPhase::fixupNode): 3303 * dfg/DFGNode.h: 3304 * dfg/DFGNodeType.h: 3305 (DFG): 3306 * dfg/DFGOperations.cpp: 3307 (JSC::DFG::putByVal): 3308 * dfg/DFGPredictionPropagationPhase.cpp: 3309 (JSC::DFG::PredictionPropagationPhase::propagate): 3310 * dfg/DFGSpeculativeJIT.cpp: 3311 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 3312 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): 3313 * dfg/DFGSpeculativeJIT.h: 3314 (JSC::DFG::ValueSource::forPrediction): 3315 (SpeculativeJIT): 3316 * dfg/DFGSpeculativeJIT32_64.cpp: 3317 (JSC::DFG::SpeculativeJIT::compile): 3318 * dfg/DFGSpeculativeJIT64.cpp: 3319 (JSC::DFG::SpeculativeJIT::compile): 3320 * interpreter/Interpreter.cpp: 3321 (JSC::Interpreter::privateExecute): 3322 * jit/JITStubs.cpp: 3323 (JSC::DEFINE_STUB_FUNCTION): 3324 * jit/JITStubs.h: 3325 * llint/LLIntSlowPaths.cpp: 3326 (JSC::LLInt::getByVal): 3327 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 3328 * runtime/JSByteArray.cpp: Removed. 3329 * runtime/JSByteArray.h: Removed. 3330 * runtime/JSGlobalData.cpp: 3331 33322012-04-25 Filip Pizlo <fpizlo@apple.com> 3333 3334 http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT 3335 https://bugs.webkit.org/show_bug.cgi?id=84815 3336 <rdar://problem/11319514> 3337 3338 Reviewed by Gavin Barraclough. 3339 3340 * dfg/DFGSpeculativeJIT.h: 3341 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): 3342 33432012-04-25 Michael Saboff <msaboff@apple.com> 3344 3345 Closure in try {} with catch captures all locals from the enclosing function 3346 https://bugs.webkit.org/show_bug.cgi?id=84804 3347 3348 Reviewed by Oliver Hunt. 3349 3350 Changed the capturing of local variables from capturing when eval is used, 3351 within a "with" or within a "catch" to be just when an eval is used. 3352 Renamed the function returning that we should capture from 3353 getCapturedVariables() to usesEval(), since that what it noew returns. 3354 Needed to fix the "with" code to only range check when the activation 3355 has actually been torn off. Added m_isTornOff to JSActivation to 3356 track this. 3357 3358 * parser/Parser.h: 3359 (JSC::Scope::usesEval): 3360 (JSC::Scope::getCapturedVariables): 3361 * runtime/JSActivation.cpp: 3362 (JSC::JSActivation::JSActivation): 3363 (JSC::JSActivation::symbolTableGet): 3364 (JSC::JSActivation::symbolTablePut): 3365 * runtime/JSActivation.h: 3366 (JSActivation): 3367 (JSC::JSActivation::tearOff): 3368 33692012-04-24 Mark Hahnenberg <mhahnenberg@apple.com> 3370 3371 GC Activity Callback timer should be based on how much has been allocated since the last collection 3372 https://bugs.webkit.org/show_bug.cgi?id=84763 3373 3374 Reviewed by Geoffrey Garen. 3375 3376 The desired behavior for the GC timer is to collect at some point in the future, 3377 regardless of how little we've allocated. A secondary goal, which is almost if not 3378 as important, is for the timer to collect sooner if there is the potential to 3379 collect a greater amount of memory. Conversely, as we allocate more memory we'd 3380 like to reduce the delay to the next collection. If we're allocating quickly enough, 3381 the timer should be preempted in favor of a normal allocation-triggered collection. 3382 If allocation were to slow or stop, we'd like the timer to be able to opportunistically 3383 run a collection without us having to allocate to the hard limit set by the Heap. 3384 3385 This type of policy can be described in terms of the amount of CPU we are willing 3386 to dedicate to reclaim a single MB of memory. For example, we might be willing to 3387 dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of 3388 the last collection, e.g. if our last collection took 1ms, we would want to wait about 3389 100ms before running another collection to reclaim 1 MB. These constants should be 3390 tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB. 3391 3392 * API/JSBase.cpp: Use the new reportAbandonedObjectGraph. 3393 (JSGarbageCollect): 3394 * API/JSContextRef.cpp: Ditto. 3395 * heap/Heap.cpp: 3396 (JSC::Heap::Heap): 3397 (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call 3398 this function to notify the Heap that some unknown number of JSC objects might have just 3399 been abandoned and are now garbage. The Heap might schedule a new collection timer based 3400 on this notification. 3401 (JSC): 3402 (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect. 3403 * heap/Heap.h: 3404 (Heap): 3405 * heap/MarkedAllocator.h: 3406 (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the 3407 current allocator's FreeList once zapping was complete. 3408 * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by 3409 Heap::reportAbandonedObjectGraph. 3410 (JSC): 3411 * runtime/GCActivityCallback.h: 3412 (JSC::GCActivityCallback::willCollect): 3413 (DefaultGCActivityCallback): 3414 * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the 3415 timer based on how much we have allocated since the last collection up to a certain amount. 3416 We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered 3417 collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB. 3418 (DefaultGCActivityCallbackPlatformData): 3419 (JSC): 3420 (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback): 3421 (JSC::DefaultGCActivityCallback::commonConstructor): 3422 (JSC::scheduleTimer): 3423 (JSC::cancelTimer): 3424 (JSC::DefaultGCActivityCallback::didAllocate): 3425 34262012-04-24 Michael Saboff <msaboff@apple.com> 3427 3428 objectProtoFuncToString creates new string every invocation 3429 https://bugs.webkit.org/show_bug.cgi?id=84781 3430 3431 Reviewed by Geoffrey Garen. 3432 3433 Cache the results of object toString() in the attached Structure. 3434 3435 * runtime/ObjectPrototype.cpp: 3436 (JSC::objectProtoFuncToString): 3437 * runtime/Structure.cpp: 3438 (JSC::Structure::visitChildren): visit new m_hasObjectToStringValue. 3439 * runtime/Structure.h: Added new member m_hasObjectToStringValue 3440 (JSC): 3441 (JSC::Structure::objectToStringValue): 3442 (Structure): 3443 (JSC::Structure::setObjectToStringValue): 3444 34452012-04-24 Thouraya ANDOLSI <thouraya.andolsi@st.com> 3446 3447 Reviewed by Oliver Hunt. 3448 3449 https://bugs.webkit.org/show_bug.cgi?id=84727. 3450 Fix build when ENABLE_JIT_CONSTANT_BLINDING enabled. 3451 3452 * assembler/MacroAssemblerSH4.h: 3453 (JSC::MacroAssemblerSH4::or32): 3454 (JSC::MacroAssemblerSH4::and32): 3455 (JSC::MacroAssemblerSH4::lshift32): 3456 (JSC::MacroAssemblerSH4::xor32): 3457 (JSC::MacroAssemblerSH4::branchSub32): 3458 (JSC::MacroAssemblerSH4::urshift32): 3459 34602012-04-24 Gavin Barraclough <barraclough@apple.com> 3461 3462 Add explicit patchableBranchPtrWithPatch/patchableJump methods 3463 https://bugs.webkit.org/show_bug.cgi?id=84498 3464 3465 Reviewed by Filip Pizlo. 3466 3467 Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch. 3468 3469 * assembler/AbstractMacroAssembler.h: 3470 (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump): 3471 (PatchableJump): 3472 (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&): 3473 (AbstractMacroAssembler): 3474 (JSC::AbstractMacroAssembler::AbstractMacroAssembler): 3475 - Added PatchableJump type, removed inUninterruptedSequence. 3476 * assembler/LinkBuffer.h: 3477 (LinkBuffer): 3478 (JSC::LinkBuffer::locationOf): 3479 - Only allow the location to be taken of patchable branches 3480 * assembler/MacroAssembler.h: 3481 (MacroAssembler): 3482 (JSC::MacroAssembler::patchableBranchPtrWithPatch): 3483 (JSC::MacroAssembler::patchableJump): 3484 (JSC::MacroAssembler::shouldBlind): 3485 - Added default implementation of patchableBranchPtrWithPatch, patchableJump. 3486 * assembler/MacroAssemblerARMv7.h: 3487 (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7): 3488 (MacroAssemblerARMv7): 3489 (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch): 3490 (JSC::MacroAssemblerARMv7::patchableJump): 3491 (JSC::MacroAssemblerARMv7::jump): 3492 (JSC::MacroAssemblerARMv7::makeBranch): 3493 - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump. 3494 * dfg/DFGCorrectableJumpPoint.h: 3495 (DFG): 3496 (JSC::DFG::CorrectableJumpPoint::switchToLateJump): 3497 - Late jumps are PatchableJumps. 3498 * dfg/DFGJITCompiler.cpp: 3499 (JSC::DFG::JITCompiler::linkOSRExits): 3500 - replace use of inUninterruptedSequence 3501 * dfg/DFGJITCompiler.h: 3502 (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): 3503 (PropertyAccessRecord): 3504 - replace use of inUninterruptedSequence 3505 * dfg/DFGSpeculativeJIT32_64.cpp: 3506 (JSC::DFG::SpeculativeJIT::cachedGetById): 3507 (JSC::DFG::SpeculativeJIT::cachedPutById): 3508 - replace use of inUninterruptedSequence 3509 * dfg/DFGSpeculativeJIT64.cpp: 3510 (JSC::DFG::SpeculativeJIT::cachedGetById): 3511 (JSC::DFG::SpeculativeJIT::cachedPutById): 3512 - replace use of inUninterruptedSequence 3513 * jit/JIT.h: 3514 (PropertyStubCompilationInfo): 3515 - replace use of inUninterruptedSequence 3516 * jit/JITInlineMethods.h: 3517 (JSC::JIT::beginUninterruptedSequence): 3518 (JSC::JIT::endUninterruptedSequence): 3519 - replace use of inUninterruptedSequence 3520 * jit/JITPropertyAccess.cpp: 3521 (JSC::JIT::compileGetByIdHotPath): 3522 - replace use of inUninterruptedSequence 3523 * jit/JITPropertyAccess32_64.cpp: 3524 (JSC::JIT::compileGetByIdHotPath): 3525 - replace use of inUninterruptedSequence 3526 35272012-04-24 Benjamin Poulain <bpoulain@apple.com> 3528 3529 Generalize the single character optimization of r114072 3530 https://bugs.webkit.org/show_bug.cgi?id=83961 3531 3532 Reviewed by Eric Seidel. 3533 3534 Use the regular String::find(StringImpl*) in all cases now that it has been made faster. 3535 3536 * runtime/StringPrototype.cpp: 3537 (JSC::replaceUsingStringSearch): 3538 35392012-04-24 Filip Pizlo <fpizlo@apple.com> 3540 3541 Unreviewed, 32-bit build fix. 3542 3543 * dfg/DFGSpeculativeJIT32_64.cpp: 3544 (JSC::DFG::SpeculativeJIT::compile): 3545 35462012-04-24 Filip Pizlo <fpizlo@apple.com> 3547 3548 DFG performs incorrect DCE on (some?) intrinsics 3549 https://bugs.webkit.org/show_bug.cgi?id=84746 3550 <rdar://problem/11310772> 3551 3552 Reviewed by Oliver Hunt. 3553 3554 * dfg/DFGAbstractState.cpp: 3555 (JSC::DFG::AbstractState::execute): 3556 * dfg/DFGByteCodeParser.cpp: 3557 (ByteCodeParser): 3558 (JSC::DFG::ByteCodeParser::setIntrinsicResult): 3559 (JSC::DFG::ByteCodeParser::handleMinMax): 3560 (JSC::DFG::ByteCodeParser::handleIntrinsic): 3561 * dfg/DFGNodeType.h: 3562 (DFG): 3563 * dfg/DFGPredictionPropagationPhase.cpp: 3564 (JSC::DFG::PredictionPropagationPhase::propagate): 3565 * dfg/DFGSpeculativeJIT32_64.cpp: 3566 (JSC::DFG::SpeculativeJIT::compile): 3567 * dfg/DFGSpeculativeJIT64.cpp: 3568 (JSC::DFG::SpeculativeJIT::compile): 3569 35702012-04-24 Mark Hahnenberg <mhahnenberg@apple.com> 3571 3572 Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray 3573 https://bugs.webkit.org/show_bug.cgi?id=84648 3574 3575 Reviewed by Geoffrey Garen. 3576 3577 When emit_op_new_array successfully allocates a new JSArray but fails to allocate 3578 the corresponding ArrayStorage for it, it falls back to the out-of-line stub call 3579 to constructArray, which constructs and entirely new JSArray/ArrayStorage pair. 3580 This leaves us with a JSArray hanging around on the stack or in a register that 3581 did not go through its own constructor, thus giving it uninitialized memory in the 3582 two fields that are checked in JSArray::visitChildren. 3583 3584 * jit/JITInlineMethods.h: 3585 (JSC::JIT::emitAllocateJSArray): We try to allocate the ArrayStorage first, so that 3586 if we fail we haven't generated the poisonous JSArray that can cause a GC crash. 3587 * jit/JITOpcodes.cpp: 3588 (JSC::JIT::emitSlow_op_new_array): 3589 35902012-04-23 Filip Pizlo <fpizlo@apple.com> 3591 3592 DFG on ARMv7 should not OSR exit on every integer division 3593 https://bugs.webkit.org/show_bug.cgi?id=84661 3594 3595 Reviewed by Oliver Hunt. 3596 3597 On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since 3598 that was broken with the introduction of Int32ToDouble) nor does it have to know 3599 whether or not to convert its result to integer. This is now taken care of for free 3600 with the addition of the DoubleAsInt32 node, which represents a double-is-really-int 3601 speculation. 3602 3603 * dfg/DFGAbstractState.cpp: 3604 (JSC::DFG::AbstractState::execute): 3605 * dfg/DFGCSEPhase.cpp: 3606 (JSC::DFG::CSEPhase::performNodeCSE): 3607 * dfg/DFGFixupPhase.cpp: 3608 (JSC::DFG::FixupPhase::fixupNode): 3609 * dfg/DFGNodeType.h: 3610 (DFG): 3611 * dfg/DFGOSRExit.cpp: 3612 (JSC::DFG::OSRExit::OSRExit): 3613 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): 3614 * dfg/DFGOSRExit.h: 3615 (OSRExit): 3616 * dfg/DFGPredictionPropagationPhase.cpp: 3617 (JSC::DFG::PredictionPropagationPhase::propagate): 3618 * dfg/DFGSpeculativeJIT.cpp: 3619 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 3620 (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32): 3621 (DFG): 3622 * dfg/DFGSpeculativeJIT.h: 3623 (SpeculativeJIT): 3624 (JSC::DFG::SpeculativeJIT::speculationCheck): 3625 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): 3626 * dfg/DFGSpeculativeJIT32_64.cpp: 3627 (JSC::DFG::SpeculativeJIT::compile): 3628 * dfg/DFGSpeculativeJIT64.cpp: 3629 (JSC::DFG::SpeculativeJIT::compile): 3630 36312012-04-24 Geoffrey Garen <ggaren@apple.com> 3632 3633 "GlobalHandle" HandleHeap (now WeakSet) allocations grow but do not shrink 3634 https://bugs.webkit.org/show_bug.cgi?id=84740 3635 <rdar://problem/9917638> 3636 3637 Reviewed by Gavin Barraclough. 3638 3639 Shrink! 3640 3641 * heap/Heap.cpp: 3642 (JSC::Heap::destroy): Be more specific about what's shrinking, since we 3643 can also shrink the WeakSet, but we don't do so here. 3644 3645 (JSC::Heap::collect): If we're going to shrink the heap, shrink the 3646 WeakSet too. Otherwise, its footprint is permanent. 3647 3648 * heap/Heap.h: 3649 (Heap): Removed shrink() as a public interface, since it's vague about 3650 which parts of the heap it affects, and it's really an internal detail. 3651 3652 * heap/WeakSet.cpp: 3653 (JSC::WeakSet::shrink): Nix any free blocks. We assume that sweep() has 3654 already taken place, since that's the convention for shrink() in the heap. 3655 3656 * heap/WeakSet.h: 3657 (WeakSet): New function! 3658 36592012-04-24 Adam Klein <adamk@chromium.org> 3660 3661 Fix includes in StrongInlines.h and ScriptValue.h 3662 https://bugs.webkit.org/show_bug.cgi?id=84659 3663 3664 Reviewed by Geoffrey Garen. 3665 3666 * heap/StrongInlines.h: Include JSGlobalData.h, since JSGlobalData's 3667 definiition is required here. 3668 36692012-04-23 Filip Pizlo <fpizlo@apple.com> 3670 3671 DFG OSR exit should ensure that all variables have been initialized 3672 https://bugs.webkit.org/show_bug.cgi?id=84653 3673 <rdar://problem/11258183> 3674 3675 Reviewed by Gavin Barraclough. 3676 3677 Initialize all uncaptured dead variables to undefined on OSR exit. 3678 3679 * dfg/DFGSpeculativeJIT.cpp: 3680 (JSC::DFG::ValueSource::dump): 3681 (JSC::DFG::SpeculativeJIT::compile): 3682 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 3683 * dfg/DFGSpeculativeJIT.h: 3684 36852012-04-23 Oliver Hunt <oliver@apple.com> 3686 3687 Call instruction for the baseline JIT stores origin info in wrong callframe 3688 https://bugs.webkit.org/show_bug.cgi?id=84645 3689 3690 Reviewed by Gavin Barraclough. 3691 3692 The baseline JIT was updating the wrong callframe when making a call. If the 3693 call failed during dispatch (unable to perform codegen, calling a non-object) 3694 we would attempt to use this information, but it would be completely wrong. 3695 3696 * jit/JITCall.cpp: 3697 (JSC::JIT::compileOpCall): 3698 * jit/JITCall32_64.cpp: 3699 (JSC::JIT::compileOpCall): 3700 37012012-04-23 Filip Pizlo <fpizlo@apple.com> 3702 3703 DFG must keep alive values that it will perform speculations on 3704 https://bugs.webkit.org/show_bug.cgi?id=84638 3705 <rdar://problem/11258183> 3706 3707 Reviewed by Oliver Hunt. 3708 3709 * dfg/DFGNodeType.h: 3710 (DFG): 3711 37122012-04-23 Oliver Hunt <oliver@apple.com> 3713 3714 Fix non-LLInt builds by temporarily removing an over-enthusiastic assertion 3715 3716 * interpreter/Interpreter.cpp: 3717 (JSC::Interpreter::executeCall): 3718 37192012-04-22 Jon Lee <jonlee@apple.com> 3720 3721 Remove notifications support on Mac Lion. 3722 https://bugs.webkit.org/show_bug.cgi?id=84554 3723 <rdar://problem/11297128> 3724 3725 Reviewed by Sam Weinig. 3726 3727 * Configurations/FeatureDefines.xcconfig: 3728 37292012-04-21 Darin Adler <darin@apple.com> 3730 3731 Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints 3732 https://bugs.webkit.org/show_bug.cgi?id=84523 3733 3734 Reviewed by Oliver Hunt. 3735 3736 Profiles showed that checks against -1 were costly, and I saw they could be eliminated. 3737 Streamlined this code to use standard character types and 0 rather than -1. One benefit 3738 of this is that there's no widening and narrowing. Another is that there are many cases 3739 where we already have the correct behavior for 0, so can eliminate a branch that was 3740 used to test for -1 before. Also eliminates typecasts in the code. 3741 3742 * parser/Lexer.cpp: 3743 (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a 3744 character type, not an int. 3745 (JSC::Lexer::setCode): Use 0 rather than -1 when past the end. 3746 (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit. 3747 (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end 3748 of the code. This can be used places we used to cheeck for -1. 3749 (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment. 3750 (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int. 3751 (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that 3752 had a data-member-style name. 3753 (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart 3754 function already returns false for the 0 character. Updated types in a couple other places. Used 3755 the atEnd function where needed. 3756 (JSC::Lexer::parseIdentifierSlowCase): More of the same. 3757 (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString. 3758 (JSC::Lexer::parseString): Ditto. 3759 (JSC::Lexer::parseStringSlowCase): Ditto. 3760 (JSC::Lexer::parseMultilineComment): Ditto. 3761 (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in 3762 the tokenInfo instead of putting it in a local variable first, saving some memory access. 3763 (JSC::Lexer::scanRegExp): Ditto. 3764 (JSC::Lexer::skipRegExp): Ditto. 3765 3766 * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to 3767 the character type. Added atEnd function. 3768 (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize. 3769 (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1. 3770 37712012-04-21 Darin Adler <darin@apple.com> 3772 3773 Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints 3774 https://bugs.webkit.org/show_bug.cgi?id=84523 3775 3776 Reviewed by Oliver Hunt. 3777 3778 Separate preparation step of copyright dates, renaming, and other small tweaks. 3779 3780 * parser/Lexer.cpp: 3781 (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions. 3782 (JSC::Lexer::peek): Removed meaningless comment. 3783 (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about 3784 what this function does. 3785 (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name. 3786 (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex. 3787 (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage. 3788 3789 * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class. 3790 Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed 3791 getUnicodeCharacter to parseFourDigitUnicodeHex. 3792 37932012-04-20 Filip Pizlo <fpizlo@apple.com> 3794 3795 DFG should optimize int8 and int16 arrays on ARMv7 3796 https://bugs.webkit.org/show_bug.cgi?id=84503 3797 3798 Reviewed by Oliver Hunt. 3799 3800 * assembler/ARMv7Assembler.h: 3801 (ARMv7Assembler): 3802 (JSC::ARMv7Assembler::ldrsb): 3803 (JSC::ARMv7Assembler::ldrsh): 3804 * assembler/MacroAssemblerARMv7.h: 3805 (JSC::MacroAssemblerARMv7::load16Signed): 3806 (JSC::MacroAssemblerARMv7::load8Signed): 3807 * bytecode/PredictedType.h: 3808 (JSC::isActionableIntMutableArrayPrediction): 3809 * dfg/DFGNode.h: 3810 (JSC::DFG::Node::shouldSpeculateInt8Array): 3811 (JSC::DFG::Node::shouldSpeculateInt16Array): 3812 38132012-04-20 Oliver Hunt <oliver@apple.com> 3814 3815 Add an ability to find the extent of a callframe 3816 https://bugs.webkit.org/show_bug.cgi?id=84513 3817 3818 Reviewed by Filip Pizlo. 3819 3820 Add a function to get the extent of a callframe and 3821 use that function for a new assertion to make sure the 3822 RegisterFile makes sense using that information. 3823 3824 * interpreter/CallFrame.cpp: 3825 (JSC::CallFrame::frameExtentInternal): 3826 (JSC): 3827 * interpreter/CallFrame.h: 3828 (JSC::ExecState::frameExtent): 3829 (ExecState): 3830 * interpreter/Interpreter.cpp: 3831 (JSC::Interpreter::executeCall): 3832 38332012-04-20 Benjamin Poulain <bpoulain@apple.com> 3834 3835 Inline the JSArray constructor 3836 https://bugs.webkit.org/show_bug.cgi?id=84416 3837 3838 Reviewed by Geoffrey Garen. 3839 3840 The constructor is trivial, no reason to jump for it. 3841 3842 This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays). 3843 3844 * runtime/JSArray.cpp: 3845 (JSC): 3846 * runtime/JSArray.h: 3847 (JSC::JSArray::JSArray): 3848 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 3849 38502012-04-20 Mark Hahnenberg <mhahnenberg@apple.com> 3851 3852 Heap should cancel GC timer at the start of the collection 3853 https://bugs.webkit.org/show_bug.cgi?id=84477 3854 3855 Reviewed by Geoffrey Garen. 3856 3857 Currently the Heap cancels the GC timer at the conclusion of a collection. 3858 We should change this to be at the beginning because something (e.g. a finalizer) 3859 could call didAbandonObjectGraph(), which will schedule the timer, but then 3860 we'll immediately unschedule the timer at the conclusion of the collection, 3861 thus potentially preventing large swaths of memory from being reclaimed in a timely manner. 3862 3863 * API/JSBase.cpp: 3864 (JSGarbageCollect): Remove outdated fix-me and remove check for whether the Heap is 3865 busy or not, since we're just scheduling a timer to run a GC in the future. 3866 * heap/Heap.cpp: 3867 (JSC::Heap::collect): Rename didCollect to willCollect and move the call to the 3868 top of Heap::collect. 3869 * runtime/GCActivityCallback.cpp: Renamed didCollect to willCollect. 3870 (JSC::DefaultGCActivityCallback::willCollect): 3871 * runtime/GCActivityCallback.h: Ditto. 3872 (JSC::GCActivityCallback::willCollect): 3873 (DefaultGCActivityCallback): 3874 * runtime/GCActivityCallbackCF.cpp: Ditto. 3875 (JSC::DefaultGCActivityCallback::willCollect): 3876 38772012-04-20 Mark Hahnenberg <mhahnenberg@apple.com> 3878 3879 JSGarbageCollect should not call collectAllGarbage() 3880 https://bugs.webkit.org/show_bug.cgi?id=84476 3881 3882 Reviewed by Geoffrey Garen. 3883 3884 * API/JSBase.cpp: 3885 (JSGarbageCollect): Notify the Heap's GCActivityCallback using didAbandonObjectGraph. 3886 38872012-04-19 Oliver Hunt <oliver@apple.com> 3888 3889 Exception stack traces aren't complete when the exception starts in native code 3890 https://bugs.webkit.org/show_bug.cgi?id=84073 3891 3892 Reviewed by Filip Pizlo. 3893 3894 Refactored building the stack trace to so that we can construct 3895 it earlier, and don't rely on any prior work performed in the 3896 exception handling machinery. Also updated LLInt and the DFG to 3897 completely initialise the callframes of host function calls. 3898 3899 Also fixed a few LLInt paths that failed to correctly update the 3900 topCallFrame. 3901 3902 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 3903 * dfg/DFGJITCompiler.h: 3904 * dfg/DFGOperations.cpp: 3905 * dfg/DFGSpeculativeJIT32_64.cpp: 3906 (JSC::DFG::SpeculativeJIT::emitCall): 3907 * dfg/DFGSpeculativeJIT64.cpp: 3908 (JSC::DFG::SpeculativeJIT::emitCall): 3909 * interpreter/Interpreter.cpp: 3910 (JSC::eval): 3911 (JSC::Interpreter::getStackTrace): 3912 (JSC::Interpreter::addStackTraceIfNecessary): 3913 (JSC): 3914 (JSC::Interpreter::throwException): 3915 * interpreter/Interpreter.h: 3916 (Interpreter): 3917 * jit/JITCall.cpp: 3918 (JSC::JIT::compileOpCall): 3919 * jit/JITCall32_64.cpp: 3920 (JSC::JIT::compileOpCall): 3921 * jit/JITOpcodes.cpp: 3922 (JSC::JIT::privateCompileCTINativeCall): 3923 * jit/JITOpcodes32_64.cpp: 3924 (JSC::JIT::privateCompileCTINativeCall): 3925 * jsc.cpp: 3926 (functionJSCStack): 3927 * llint/LLIntExceptions.cpp: 3928 (JSC::LLInt::interpreterThrowInCaller): 3929 (JSC::LLInt::returnToThrow): 3930 (JSC::LLInt::callToThrow): 3931 * llint/LLIntSlowPaths.cpp: 3932 (JSC::LLInt::handleHostCall): 3933 * llint/LowLevelInterpreter32_64.asm: 3934 * llint/LowLevelInterpreter64.asm: 3935 * parser/Parser.h: 3936 (JSC::::parse): 3937 * runtime/Error.cpp: 3938 (JSC::addErrorInfo): 3939 (JSC::throwError): 3940 * runtime/Error.h: 3941 (JSC): 3942 39432012-04-19 Mark Hahnenberg <mhahnenberg@apple.com> 3944 3945 We're collecting pathologically due to small allocations 3946 https://bugs.webkit.org/show_bug.cgi?id=84404 3947 3948 Reviewed by Geoffrey Garen. 3949 3950 No change in performance on run-jsc-benchmarks. 3951 3952 * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList. 3953 (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): 3954 * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no 3955 longer useful. 3956 (JSC::CopiedSpace::CopiedSpace): 3957 (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than 3958 carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace. 3959 (JSC::CopiedSpace::tryAllocateOversize): Call the new didAllocate to notify the Heap of 3960 newly allocated stuff. 3961 (JSC::CopiedSpace::tryReallocateOversize): 3962 (JSC::CopiedSpace::doneFillingBlock): 3963 (JSC::CopiedSpace::doneCopying): 3964 (JSC::CopiedSpace::destroy): 3965 * heap/CopiedSpace.h: 3966 (CopiedSpace): 3967 * heap/CopiedSpaceInlineMethods.h: 3968 (JSC::CopiedSpace::startedCopying): 3969 * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and 3970 bytesAllocatedLimit to track how much memory has been allocated since the last collection. 3971 (JSC::Heap::Heap): 3972 (JSC::Heap::reportExtraMemoryCostSlowCase): 3973 (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering 3974 a collection to be the size of the Heap after the previous collection. Thus, we still have our 3975 2x allocation amount. 3976 (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated 3977 thus far and then adds the new number of bytes to the current total. 3978 (JSC): 3979 * heap/Heap.h: Removed water mark related stuff. 3980 (JSC::Heap::notifyIsSafeToCollect): 3981 (Heap): 3982 (JSC::Heap::shouldCollect): 3983 (JSC): 3984 * heap/MarkedAllocator.cpp: 3985 (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct. 3986 (JSC::MarkedAllocator::allocateSlowCase): 3987 (JSC::MarkedAllocator::addBlock): 3988 * heap/MarkedAllocator.h: 3989 (MarkedAllocator): 3990 (JSC::MarkedAllocator::MarkedAllocator): 3991 (JSC::MarkedAllocator::allocate): 3992 (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell. 3993 * heap/MarkedBlock.cpp: 3994 (JSC::MarkedBlock::specializedSweep): 3995 (JSC::MarkedBlock::sweep): 3996 (JSC::MarkedBlock::sweepHelper): 3997 (JSC::MarkedBlock::zapFreeList): 3998 * heap/MarkedBlock.h: 3999 (FreeList): Added a new struct that keeps track of the current MarkedAllocator's 4000 free list including the number of bytes of stuff in the free list so that when the free list is 4001 exhausted, the correct amount can be reported to Heap. 4002 (MarkedBlock): 4003 (JSC::MarkedBlock::FreeList::FreeList): 4004 (JSC): 4005 * heap/MarkedSpace.cpp: Removing all water mark related stuff. 4006 (JSC::MarkedSpace::MarkedSpace): 4007 (JSC::MarkedSpace::resetAllocators): 4008 * heap/MarkedSpace.h: 4009 (MarkedSpace): 4010 (JSC): 4011 * heap/WeakSet.cpp: 4012 (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This 4013 function still needs work though now that the Heap knows how many bytes have been allocated 4014 since the last collection. 4015 * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct. 4016 (JSC::JIT::emitAllocateBasicJSObject): Ditto. 4017 * llint/LowLevelInterpreter.asm: Ditto. 4018 * runtime/GCActivityCallback.cpp: 4019 (JSC::DefaultGCActivityCallback::didAllocate): 4020 * runtime/GCActivityCallback.h: 4021 (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that 4022 the allocation that is being reported has already taken place. 4023 (DefaultGCActivityCallback): 4024 * runtime/GCActivityCallbackCF.cpp: 4025 (JSC): 4026 (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of 4027 allocation since the last collection is not above a threshold (initially arbitrarily chosen to 4028 be 128KB). 4029 40302012-04-19 Filip Pizlo <fpizlo@apple.com> 4031 4032 MacroAssemblerARMv7::branchTruncateDoubleToUint32 should obey the overflow signal 4033 https://bugs.webkit.org/show_bug.cgi?id=84401 4034 4035 Reviewed by Gavin Barraclough. 4036 4037 * assembler/MacroAssemblerARMv7.h: 4038 (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): 4039 40402012-04-19 Don Olmstead <don.olmstead@am.sony.com> 4041 4042 KeywordLookupGenerator.py should take an output file as an argument 4043 https://bugs.webkit.org/show_bug.cgi?id=84292 4044 4045 Reviewed by Eric Seidel. 4046 4047 Extended KeywordLookupGenerator to accept an additional argument specifying an output file. If this argument is found stdout is redirected to a file for the duration of the script. 4048 4049 * KeywordLookupGenerator.py: 4050 40512012-04-19 Filip Pizlo <fpizlo@apple.com> 4052 4053 It should be possible to perform debugCall on ARMv7 4054 https://bugs.webkit.org/show_bug.cgi?id=84381 4055 4056 Reviewed by Oliver Hunt. 4057 4058 debugCall() was clobbering the argument to the call it was making, leading to a 4059 corrupt ExecState*. This change fixes that issue by using a scratch register that 4060 does not clobber arguments, and it also introduces more assertions that we have 4061 a valid call frame. 4062 4063 * dfg/DFGAssemblyHelpers.cpp: 4064 (DFG): 4065 (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame): 4066 * dfg/DFGAssemblyHelpers.h: 4067 (JSC::DFG::AssemblyHelpers::selectScratchGPR): 4068 (AssemblyHelpers): 4069 (JSC::DFG::AssemblyHelpers::debugCall): 4070 (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame): 4071 * dfg/DFGJITCompiler.cpp: 4072 (JSC::DFG::JITCompiler::linkOSRExits): 4073 * dfg/DFGOSRExitCompiler.cpp: 4074 * dfg/DFGSpeculativeJIT.cpp: 4075 (JSC::DFG::SpeculativeJIT::compile): 4076 * dfg/DFGSpeculativeJIT.h: 4077 (JSC::DFG::SpeculativeJIT::selectScratchGPR): 4078 40792012-04-19 Filip Pizlo <fpizlo@apple.com> 4080 4081 LLInt no-JIT fallback native call trampoline's exception handler incorrectly assumes that 4082 the PB/PC has been preserved 4083 https://bugs.webkit.org/show_bug.cgi?id=84367 4084 4085 Reviewed by Oliver Hunt. 4086 4087 * llint/LowLevelInterpreter32_64.asm: 4088 * llint/LowLevelInterpreter64.asm: 4089 40902012-04-19 Filip Pizlo <fpizlo@apple.com> 4091 4092 It should be possible to load from Float64 arrays on ARMv7 without crashing 4093 https://bugs.webkit.org/show_bug.cgi?id=84361 4094 4095 Reviewed by Oliver Hunt. 4096 4097 * assembler/MacroAssemblerARMv7.h: 4098 (JSC::MacroAssemblerARMv7::loadDouble): 4099 (JSC::MacroAssemblerARMv7::storeDouble): 4100 41012012-04-19 Dominik Röttsches <dominik.rottsches@linux.intel.com> 4102 4103 [CMake] Build fix after r114575 4104 https://bugs.webkit.org/show_bug.cgi?id=84322 4105 4106 Reviewed by Simon Hausmann. 4107 4108 Build fix, adding WTF when linking jsc shell. 4109 4110 * shell/CMakeLists.txt: 4111 41122012-04-18 Filip Pizlo <fpizlo@apple.com> 4113 4114 JSC testing should have complete coverage over typed array types 4115 https://bugs.webkit.org/show_bug.cgi?id=84302 4116 4117 Reviewed by Geoff Garen. 4118 4119 Added Uint8ClampedArray to the set of typed arrays that are supported by jsc 4120 command-line. 4121 4122 * JSCTypedArrayStubs.h: 4123 (JSC): 4124 * jsc.cpp: 4125 (GlobalObject::finishCreation): 4126 41272012-04-18 Filip Pizlo <fpizlo@apple.com> 4128 4129 jsc command line should support typed arrays by default 4130 https://bugs.webkit.org/show_bug.cgi?id=84298 4131 4132 Rubber stamped by Gavin Barraclough. 4133 4134 * JSCTypedArrayStubs.h: 4135 (JSC): 4136 * jsc.cpp: 4137 (GlobalObject::finishCreation): 4138 41392012-04-18 Filip Pizlo <fpizlo@apple.com> 4140 4141 JSVALUE32_64 should be able to perform division on ARM without crashing, and variables 4142 forced double should not be scrambled when performing OSR entry 4143 https://bugs.webkit.org/show_bug.cgi?id=84272 4144 4145 Reviewed by Geoff Garen. 4146 4147 * dfg/DFGFixupPhase.cpp: 4148 (JSC::DFG::FixupPhase::fixupNode): 4149 * dfg/DFGOSREntry.cpp: 4150 (JSC::DFG::prepareOSREntry): 4151 41522012-04-18 Don Olmstead <don.olmstead@am.sony.com> 4153 4154 JavaScriptCore.gypi not current 4155 https://bugs.webkit.org/show_bug.cgi?id=84224 4156 4157 Reviewed by Eric Seidel. 4158 4159 Updated JavaScriptCore.gypi to contain the latest sources. Removed os-win32 as it wasn't used. Also removed references to ICU files in the gypi file as ICU is most likely specified by the port itself. 4160 4161 Private and public header files were determined by looking at copy-files.cmd within Apple's Visual Studio directory. 4162 4163 * JavaScriptCore.gypi: 4164 41652012-04-18 Benjamin Poulain <bpoulain@apple.com> 4166 4167 Remove m_subclassData from JSArray, move the attribute to subclass as needed 4168 https://bugs.webkit.org/show_bug.cgi?id=84249 4169 4170 Reviewed by Geoffrey Garen. 4171 4172 JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves 4173 the attribute to RuntimeArray to avoid allocating memory for the pointer in the common 4174 case. 4175 4176 This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations 4177 of CopiedSpace. 4178 4179 * jit/JITInlineMethods.h: 4180 (JSC::JIT::emitAllocateJSArray): 4181 * runtime/JSArray.cpp: 4182 (JSC::JSArray::JSArray): 4183 * runtime/JSArray.h: 4184 41852012-04-18 Benjamin Poulain <bpoulain@apple.com> 4186 4187 replaceUsingStringSearch: delay the creation of the replace string until needed 4188 https://bugs.webkit.org/show_bug.cgi?id=83841 4189 4190 Reviewed by Geoffrey Garen. 4191 4192 We do not need to obtain the replaceValue until we have a match. By moving the intialization 4193 of replaceValue when needed, we save a few instructions when there is no match. 4194 4195 * runtime/StringPrototype.cpp: 4196 (JSC::replaceUsingRegExpSearch): 4197 (JSC::replaceUsingStringSearch): 4198 (JSC::stringProtoFuncReplace): 4199 42002012-04-18 Mark Hahnenberg <mhahnenberg@apple.com> 4201 4202 GC activity timer should be tied to allocation, not collection 4203 https://bugs.webkit.org/show_bug.cgi?id=83919 4204 4205 Reviewed by Geoffrey Garen. 4206 4207 * API/JSContextRef.cpp: Used the new didAbandonObjectGraph callback to indicate that now that we've 4208 released a global object, we're abandoning a potentially large number of objects that JSC might want 4209 to collect. 4210 * heap/CopiedSpace.cpp: 4211 (JSC::CopiedSpace::tryAllocateSlowCase): Added the call to timer's willAllocate function to indicate 4212 that we've hit a slow path and are allocating now, so schedule the timer. 4213 * heap/Heap.cpp: 4214 (JSC::Heap::Heap): 4215 (JSC::Heap::collectAllGarbage): Removed the call to discardAllCompiledCode because it was causing us to 4216 throw away too much code during our benchmarks (especially vp8, which is very large and thus has large 4217 amounts of compiled code). 4218 (JSC::Heap::collect): Added the new call to didCollect at the conclusion of a collection so that we 4219 can cancel the timer if we no longer need to run a collection. Also added a check at the beginning of a 4220 collection to see if we should throw away our compiled code. Currently this is set to happen about once 4221 every minute. 4222 * heap/Heap.h: Added field to keep track of the last time we threw away our compiled code. 4223 * heap/MarkedAllocator.cpp: 4224 (JSC::MarkedAllocator::allocateSlowCase): Added call to willAllocate on the allocation slow path, just like 4225 in CopiedSpace. 4226 * runtime/GCActivityCallback.cpp: Added default stubs for non-CF platforms. 4227 (JSC::DefaultGCActivityCallback::willAllocate): 4228 (JSC): 4229 (JSC::DefaultGCActivityCallback::didCollect): 4230 (JSC::DefaultGCActivityCallback::didAbandonObjectGraph): 4231 * runtime/GCActivityCallback.h: Added new functions to make JSC's GC timer less arcane. This includes replacing 4232 the operator () with willAllocate() and adding an explicit didCollect() to cancel the timer after a collection 4233 occurs rather than relying on the way the timer is invoked to cancel itself. Also added a callback for 4234 when somebody else (e.g. WebCore or the JSC API) to notify JSC that they have just abandoned an entire graph of 4235 objects and that JSC might want to clean them up. 4236 (JSC::GCActivityCallback::~GCActivityCallback): 4237 (JSC::GCActivityCallback::willAllocate): 4238 (JSC::GCActivityCallback::didCollect): 4239 (JSC::GCActivityCallback::didAbandonObjectGraph): 4240 (JSC::GCActivityCallback::synchronize): 4241 (DefaultGCActivityCallback): 4242 * runtime/GCActivityCallbackCF.cpp: Re-wired all the run loop stuff to implement the aforementioned functions. 4243 We added a flag to check whether the timer was active because the call to CFRunLoopTimerSetNextFireDate actually 4244 turned out to be quite expensive (although Instruments couldn't tell us this). 4245 (DefaultGCActivityCallbackPlatformData): 4246 (JSC): 4247 (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): 4248 (JSC::DefaultGCActivityCallback::commonConstructor): 4249 (JSC::scheduleTimer): 4250 (JSC::cancelTimer): 4251 (JSC::DefaultGCActivityCallback::willAllocate): 4252 (JSC::DefaultGCActivityCallback::didCollect): 4253 (JSC::DefaultGCActivityCallback::didAbandonObjectGraph): 4254 42552012-04-17 Filip Pizlo <fpizlo@apple.com> 4256 4257 DFG should not attempt to get rare case counts for op_mod on ARM 4258 https://bugs.webkit.org/show_bug.cgi?id=84218 4259 4260 Reviewed by Geoff Garen. 4261 4262 * dfg/DFGByteCodeParser.cpp: 4263 (JSC::DFG::ByteCodeParser::makeSafe): 4264 * dfg/DFGCommon.h: 4265 (JSC::DFG::isX86): 4266 (DFG): 4267 42682012-04-17 Myles Maxfield <mmaxfield@google.com> 4269 4270 BumpPointerAllocator assumes page size is less than MINIMUM_BUMP_POOL_SIZE 4271 https://bugs.webkit.org/show_bug.cgi?id=80912 4272 4273 Reviewed by Hajime Morita. 4274 4275 * wtf/BumpPointerAllocator.h: 4276 (WTF::BumpPointerPool::create): 4277 42782012-04-17 Filip Pizlo <fpizlo@apple.com> 4279 4280 Attempt to fix Windows build. 4281 4282 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 4283 42842012-04-17 Filip Pizlo <fpizlo@apple.com> 4285 4286 It should be possible to create an inheritorID for the global this object without crashing 4287 https://bugs.webkit.org/show_bug.cgi?id=84200 4288 <rdar://problem/11251082> 4289 4290 Reviewed by Oliver Hunt. 4291 4292 * runtime/JSGlobalThis.cpp: 4293 (JSC::JSGlobalThis::setUnwrappedObject): 4294 * runtime/JSGlobalThis.h: 4295 (JSC::JSGlobalThis::unwrappedObject): 4296 (JSGlobalThis): 4297 * runtime/JSObject.cpp: 4298 (JSC::JSObject::createInheritorID): 4299 * runtime/JSObject.h: 4300 (JSObject): 4301 (JSC::JSObject::resetInheritorID): 4302 43032012-04-17 Filip Pizlo <fpizlo@apple.com> 4304 4305 DFG and LLInt should not clobber the frame pointer on ARMv7 4306 https://bugs.webkit.org/show_bug.cgi?id=84185 4307 <rdar://problem/10767252> 4308 4309 Reviewed by Gavin Barraclough. 4310 4311 Changed LLInt to use a different register. Changed DFG to use one fewer 4312 registers. We should revisit this and switch the DFG to use a different 4313 register instead of r7, but we can do that in a subsequent step since 4314 the performance effect is tiny. 4315 4316 * dfg/DFGGPRInfo.h: 4317 (GPRInfo): 4318 (JSC::DFG::GPRInfo::toRegister): 4319 (JSC::DFG::GPRInfo::toIndex): 4320 * offlineasm/armv7.rb: 4321 43222012-04-17 Filip Pizlo <fpizlo@apple.com> 4323 4324 use after free in JSC::DFG::Node::op / JSC::DFG::ByteCodeParser::flushArgument 4325 https://bugs.webkit.org/show_bug.cgi?id=83942 4326 <rdar://problem/11247370> 4327 4328 Reviewed by Gavin Barraclough. 4329 4330 Don't use references to the graph after resizing the graph. 4331 4332 * dfg/DFGByteCodeParser.cpp: 4333 (JSC::DFG::ByteCodeParser::flushArgument): 4334 43352012-04-16 Gavin Barraclough <barraclough@apple.com> 4336 4337 Array.prototype.toString should be generic 4338 https://bugs.webkit.org/show_bug.cgi?id=81588 4339 4340 Reviewed by Sam Weinig. 4341 4342 * runtime/ArrayPrototype.cpp: 4343 (JSC::arrayProtoFuncToString): 4344 - check for join function, use fast case if base object is array & join is present & default. 4345 * runtime/CommonIdentifiers.h: 4346 - added 'join'. 4347 43482012-04-16 Carlos Garcia Campos <cgarcia@igalia.com> 4349 4350 Unreviewed. Fix make distcheck issues. 4351 4352 * GNUmakefile.list.am: Add missing files. 4353 43542012-04-16 Sheriff Bot <webkit.review.bot@gmail.com> 4355 4356 Unreviewed, rolling out r114309. 4357 http://trac.webkit.org/changeset/114309 4358 https://bugs.webkit.org/show_bug.cgi?id=84097 4359 4360 it broke everything (Requested by olliej on #webkit). 4361 4362 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 4363 * bytecode/CodeBlock.h: 4364 * dfg/DFGOperations.cpp: 4365 * interpreter/Interpreter.cpp: 4366 (JSC::Interpreter::getStackTrace): 4367 (JSC::Interpreter::throwException): 4368 * interpreter/Interpreter.h: 4369 (Interpreter): 4370 * jit/JITStubs.cpp: 4371 (JSC::DEFINE_STUB_FUNCTION): 4372 * jsc.cpp: 4373 (functionJSCStack): 4374 * llint/LLIntSlowPaths.cpp: 4375 (JSC::LLInt::handleHostCall): 4376 * parser/Parser.h: 4377 (JSC::::parse): 4378 * runtime/Error.cpp: 4379 (JSC::addErrorInfo): 4380 (JSC::throwError): 4381 * runtime/Error.h: 4382 (JSC): 4383 43842012-04-16 Oliver Hunt <oliver@apple.com> 4385 4386 Exception stack traces aren't complete when the exception starts in native code 4387 https://bugs.webkit.org/show_bug.cgi?id=84073 4388 4389 Reviewed by Gavin Barraclough. 4390 4391 Refactored building the stack trace to so that we can construct 4392 it earlier, and don't rely on any prior work performed in the 4393 exception handling machinery. Also updated LLInt and the DFG to 4394 completely initialise the callframes of host function calls. 4395 4396 * bytecode/CodeBlock.h: 4397 (JSC::CodeBlock::codeOriginIndexForReturn): 4398 (CodeBlock): 4399 * dfg/DFGOperations.cpp: 4400 * interpreter/Interpreter.cpp: 4401 (JSC::Interpreter::getStackTrace): 4402 (JSC::Interpreter::addStackTraceIfNecessary): 4403 (JSC): 4404 (JSC::Interpreter::throwException): 4405 * interpreter/Interpreter.h: 4406 (Interpreter): 4407 * jit/JITStubs.cpp: 4408 (JSC::DEFINE_STUB_FUNCTION): 4409 * jsc.cpp: 4410 (functionJSCStack): 4411 * llint/LLIntSlowPaths.cpp: 4412 (JSC::LLInt::handleHostCall): 4413 * parser/Parser.h: 4414 (JSC::::parse): 4415 * runtime/Error.cpp: 4416 (JSC::addErrorInfo): 4417 (JSC::throwError): 4418 * runtime/Error.h: 4419 (JSC): 4420 44212012-04-16 Oliver Hunt <oliver@apple.com> 4422 4423 Fix COMMANDLINE_TYPEDARRAYS build 4424 https://bugs.webkit.org/show_bug.cgi?id=84051 4425 4426 Reviewed by Gavin Barraclough. 4427 4428 Update for new putByIndex API and wtf changes. 4429 4430 * JSCTypedArrayStubs.h: 4431 (JSC): 4432 44332012-04-16 Mark Hahnenberg <mhahnenberg@apple.com> 4434 4435 GC in the middle of JSObject::allocatePropertyStorage can cause badness 4436 https://bugs.webkit.org/show_bug.cgi?id=83839 4437 4438 Reviewed by Geoffrey Garen. 4439 4440 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 4441 * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage. 4442 (JSC::DEFINE_STUB_FUNCTION): 4443 * runtime/JSObject.cpp: 4444 (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're 4445 growing our already-existing PropertyStorage. 4446 * runtime/JSObject.h: 4447 (JSObject): 4448 (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage 4449 and the new structure so that we can be sure a GC never occurs when our Structure 4450 info is out of sync with our PropertyStorage. 4451 (JSC): 4452 (JSC::JSObject::putDirectInternal): Moved the check to see if we should 4453 allocate more backing store before the actual property insertion into 4454 the structure. 4455 (JSC::JSObject::putDirectWithoutTransition): Ditto. 4456 (JSC::JSObject::transitionTo): Ditto. 4457 * runtime/Structure.cpp: 4458 (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy 4459 for property backing stores contained within the Structure class. 4460 (JSC): 4461 * runtime/Structure.h: 4462 (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion 4463 into the Structure would require resizing the property backing store so that they can 4464 preallocate the required storage. 4465 (Structure): 4466 44672012-04-13 Sheriff Bot <webkit.review.bot@gmail.com> 4468 4469 Unreviewed, rolling out r114185. 4470 http://trac.webkit.org/changeset/114185 4471 https://bugs.webkit.org/show_bug.cgi?id=83967 4472 4473 Broke a bunch of JavaScript related tests (Requested by 4474 andersca on #webkit). 4475 4476 * runtime/ArrayPrototype.cpp: 4477 (JSC::arrayProtoFuncToString): 4478 (JSC::arrayProtoFuncToLocaleString): 4479 * runtime/CommonIdentifiers.h: 4480 * tests/mozilla/ecma/Array/15.4.4.2.js: 4481 (getTestCases): 4482 44832012-04-13 Gavin Barraclough <barraclough@apple.com> 4484 4485 Don't rely on fixed offsets to patch calls 4486 https://bugs.webkit.org/show_bug.cgi?id=83966 4487 4488 Rubber stamped by Oliver Hunt. 4489 4490 These aren't being used anywhere! 4491 4492 * jit/JIT.h: 4493 * jit/JITCall.cpp: 4494 (JSC::JIT::compileOpCall): 4495 * jit/JITCall32_64.cpp: 4496 (JSC::JIT::compileOpCall): 4497 44982012-04-13 Hojong Han <hojong.han@samsung.com> 4499 4500 Array.prototype.toString and Array.prototype.toLocaleString should be generic 4501 https://bugs.webkit.org/show_bug.cgi?id=81588 4502 4503 Reviewed by Gavin Barraclough. 4504 4505 * runtime/ArrayPrototype.cpp: 4506 (JSC::arrayProtoFuncToString): 4507 (JSC::arrayProtoFuncToLocaleString): 4508 * runtime/CommonIdentifiers.h: 4509 * tests/mozilla/ecma/Array/15.4.4.2.js: 4510 (getTestCases.array.item.new.TestCase): 4511 (getTestCases): 4512 45132012-04-13 Gavin Barraclough <barraclough@apple.com> 4514 4515 Don't rely on fixed offsets to patch method checks 4516 https://bugs.webkit.org/show_bug.cgi?id=83958 4517 4518 Reviewed by Oliver Hunt. 4519 4520 * bytecode/StructureStubInfo.h: 4521 - Add fields for the method check info. 4522 * jit/JIT.cpp: 4523 (JSC::PropertyStubCompilationInfo::copyToStubInfo): 4524 - Store the offsets on the stub info, instead of asserting. 4525 * jit/JIT.h: 4526 - Delete all the method check related offsets. 4527 * jit/JITPropertyAccess.cpp: 4528 (JSC::JIT::patchMethodCallProto): 4529 - Use the offset from the stubInfo. 4530 * jit/JITStubs.cpp: 4531 (JSC::DEFINE_STUB_FUNCTION): 4532 - Pass the stubInfo to patchMethodCallProto. 4533 45342012-04-13 Gavin Barraclough <barraclough@apple.com> 4535 4536 Don't rely on fixed offsets to patch get_by_id/put_by_id 4537 https://bugs.webkit.org/show_bug.cgi?id=83924 4538 4539 Reviewed by Oliver Hunt. 4540 4541 Store offsets in the structure stub info, as we do for the DFG JIT. 4542 4543 * assembler/AbstractMacroAssembler.h: 4544 (JSC::AbstractMacroAssembler::differenceBetween): 4545 - this method can be static (now used from PropertyStubCompilationInfo::copyToStubInfo, will be removed soon!) 4546 * bytecode/StructureStubInfo.h: 4547 - added new fields for baseline JIT offsets. 4548 * jit/JIT.cpp: 4549 (JSC::PropertyStubCompilationInfo::copyToStubInfo): 4550 - moved out from JIT::privateCompile. 4551 (JSC::JIT::privateCompile): 4552 - moved out code to PropertyStubCompilationInfo::copyToStubInfo. 4553 * jit/JIT.h: 4554 (PropertyStubCompilationInfo): 4555 - added helper functions to initializae PropertyStubCompilationInfo, state to store more offset info. 4556 - removed many offsets. 4557 * jit/JITPropertyAccess.cpp: 4558 (JSC::JIT::emit_op_method_check): 4559 (JSC::JIT::compileGetByIdHotPath): 4560 (JSC::JIT::compileGetByIdSlowCase): 4561 (JSC::JIT::emit_op_put_by_id): 4562 (JSC::JIT::emitSlow_op_put_by_id): 4563 (JSC::JIT::patchGetByIdSelf): 4564 (JSC::JIT::patchPutByIdReplace): 4565 (JSC::JIT::privateCompilePatchGetArrayLength): 4566 (JSC::JIT::privateCompileGetByIdProto): 4567 (JSC::JIT::privateCompileGetByIdSelfList): 4568 (JSC::JIT::privateCompileGetByIdProtoList): 4569 (JSC::JIT::privateCompileGetByIdChainList): 4570 (JSC::JIT::privateCompileGetByIdChain): 4571 (JSC::JIT::resetPatchGetById): 4572 (JSC::JIT::resetPatchPutById): 4573 - changed code generation to use new interface to store info on PropertyStubCompilationInfo. 4574 - changed repatch functions to read offsets from the structure stub info. 4575 * jit/JITPropertyAccess32_64.cpp: 4576 (JSC::JIT::emit_op_method_check): 4577 (JSC::JIT::compileGetByIdHotPath): 4578 (JSC::JIT::compileGetByIdSlowCase): 4579 (JSC::JIT::emit_op_put_by_id): 4580 (JSC::JIT::emitSlow_op_put_by_id): 4581 (JSC::JIT::patchGetByIdSelf): 4582 (JSC::JIT::patchPutByIdReplace): 4583 (JSC::JIT::privateCompilePatchGetArrayLength): 4584 (JSC::JIT::privateCompileGetByIdProto): 4585 (JSC::JIT::privateCompileGetByIdSelfList): 4586 (JSC::JIT::privateCompileGetByIdProtoList): 4587 (JSC::JIT::privateCompileGetByIdChainList): 4588 (JSC::JIT::privateCompileGetByIdChain): 4589 (JSC::JIT::resetPatchGetById): 4590 (JSC::JIT::resetPatchPutById): 4591 - changed code generation to use new interface to store info on PropertyStubCompilationInfo. 4592 - changed repatch functions to read offsets from the structure stub info. 4593 45942012-04-13 Rob Buis <rbuis@rim.com> 4595 4596 Fix some compiler warnings (miscellaneous) 4597 https://bugs.webkit.org/show_bug.cgi?id=80790 4598 4599 Reviewed by Antonio Gomes. 4600 4601 Fix signed/unsigned comparison warning. 4602 4603 * parser/Lexer.cpp: 4604 (JSC::::record16): 4605 46062012-04-12 Benjamin Poulain <bpoulain@apple.com> 4607 4608 Improve replaceUsingStringSearch() for case of a single character searchValue 4609 https://bugs.webkit.org/show_bug.cgi?id=83738 4610 4611 Reviewed by Geoffrey Garen. 4612 4613 This patch improves replaceUsingStringSearch() with the following: 4614 -Add a special case for single character search, taking advantage of the faster WTF::find(). 4615 -Inline replaceUsingStringSearch(). 4616 -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds 4617 by definition. 4618 4619 This gives less than 1% improvement for the multicharacter replace. 4620 The single character search show about 9% improvement. 4621 4622 * runtime/StringPrototype.cpp: 4623 (JSC::replaceUsingStringSearch): 4624 46252012-04-12 Michael Saboff <msaboff@apple.com> 4626 4627 StructureStubInfo::reset() causes leaks of PolymorphicAccessStructureList and ExecutableMemoryHandle objects 4628 https://bugs.webkit.org/show_bug.cgi?id=83823 4629 4630 Reviewed by Gavin Barraclough. 4631 4632 Put the clearing of the accessType to after the call to deref() so that 4633 deref() can use the accessType to delete referenced objects as needed. 4634 4635 * bytecode/StructureStubInfo.h: 4636 (JSC::StructureStubInfo::reset): 4637 46382012-04-12 Balazs Kelemen <kbalazs@webkit.org> 4639 4640 [Qt] Fix WebKit1 build with V8 4641 https://bugs.webkit.org/show_bug.cgi?id=83322 4642 4643 Reviewed by Adam Barth. 4644 4645 * yarr/yarr.pri: 4646 46472012-04-12 Gavin Barraclough <barraclough@apple.com> 4648 4649 https://bugs.webkit.org/show_bug.cgi?id=83821 4650 Move dfg repatching properties of structure stub info into a union 4651 4652 Reviewed by Oliver Hunt. 4653 4654 We want to be able to have similar properties for the baseline JIT, some restructuring to prepare for this. 4655 4656 * bytecode/StructureStubInfo.h: 4657 (StructureStubInfo): 4658 * dfg/DFGJITCompiler.cpp: 4659 (JSC::DFG::JITCompiler::link): 4660 * dfg/DFGRepatch.cpp: 4661 (JSC::DFG::dfgRepatchByIdSelfAccess): 4662 (JSC::DFG::linkRestoreScratch): 4663 (JSC::DFG::generateProtoChainAccessStub): 4664 (JSC::DFG::tryCacheGetByID): 4665 (JSC::DFG::tryBuildGetByIDList): 4666 (JSC::DFG::tryBuildGetByIDProtoList): 4667 (JSC::DFG::emitPutReplaceStub): 4668 (JSC::DFG::emitPutTransitionStub): 4669 (JSC::DFG::tryCachePutByID): 4670 (JSC::DFG::tryBuildPutByIdList): 4671 (JSC::DFG::dfgResetGetByID): 4672 (JSC::DFG::dfgResetPutByID): 4673 46742012-04-12 Gavin Barraclough <barraclough@apple.com> 4675 4676 Delete a bunch of unused, copy & pasted values in JIT.h 4677 https://bugs.webkit.org/show_bug.cgi?id=83822 4678 4679 Reviewed by Oliver Hunt. 4680 4681 The only architecture we support the JSVALUE64 JIT on is x86-64, all the patch offsets for other architectures are just nonsense. 4682 4683 * jit/JIT.h: 4684 (JIT): 4685 46862012-04-12 Csaba Osztrogonác <ossy@webkit.org> 4687 4688 [Qt][ARM] Buildfix after r113934. 4689 4690 Reviewed by Zoltan Herczeg. 4691 4692 * assembler/MacroAssemblerARM.h: 4693 (JSC::MacroAssemblerARM::compare8): 4694 (MacroAssemblerARM): 4695 46962012-04-11 Filip Pizlo <fpizlo@apple.com> 4697 4698 It is incorrect to short-circuit Branch(LogicalNot(@a)) if boolean speculations on @a may fail 4699 https://bugs.webkit.org/show_bug.cgi?id=83744 4700 <rdar://problem/11206946> 4701 4702 Reviewed by Andy Estes. 4703 4704 This does the conservative thing: it only short-circuits Branch(LogicalNot(@a)) if @a is a node 4705 that is statically known to return boolean results. 4706 4707 * dfg/DFGFixupPhase.cpp: 4708 (JSC::DFG::FixupPhase::fixupNode): 4709 47102012-04-11 Michael Saboff <msaboff@apple.com> 4711 4712 Invalid Union Reference in StructureStubInfo.{cpp.h} 4713 https://bugs.webkit.org/show_bug.cgi?id=83735 4714 4715 Reviewed by Filip Pizlo. 4716 4717 Changed the references to u.getByIdProtoList and u.getByIdSelfList 4718 to be consistent. 4719 4720 * bytecode/StructureStubInfo.cpp: 4721 (JSC::StructureStubInfo::visitWeakReferences): 4722 * bytecode/StructureStubInfo.h: 4723 (JSC::StructureStubInfo::initGetByIdSelfList): 4724 47252012-04-11 Filip Pizlo <fpizlo@apple.com> 4726 4727 Unreviewed attempting to make Qt's eccentric hardware work. 4728 4729 * assembler/MacroAssemblerARM.h: 4730 (JSC::MacroAssemblerARM::compare8): 4731 (MacroAssemblerARM): 4732 * assembler/MacroAssemblerMIPS.h: 4733 (JSC::MacroAssemblerMIPS::compare8): 4734 (MacroAssemblerMIPS): 4735 * assembler/MacroAssemblerSH4.h: 4736 (JSC::MacroAssemblerSH4::compare8): 4737 (MacroAssemblerSH4): 4738 47392012-04-11 Filip Pizlo <fpizlo@apple.com> 4740 4741 op_is_foo should be optimized 4742 https://bugs.webkit.org/show_bug.cgi?id=83666 4743 4744 Reviewed by Gavin Barraclough. 4745 4746 This implements inlining of op_is_undefined, op_is_string, op_is_number, 4747 and op_is_boolean in LLInt and the baseline JIT. op_is_object and 4748 op_is_function are not inlined because they are quite a bit more complex. 4749 4750 This also implements all of the op_is_foo opcodes in the DFG, but it does 4751 not do any type profiling based optimizations, yet. 4752 4753 * assembler/MacroAssemblerARMv7.h: 4754 (JSC::MacroAssemblerARMv7::compare8): 4755 (MacroAssemblerARMv7): 4756 * assembler/MacroAssemblerX86Common.h: 4757 (JSC::MacroAssemblerX86Common::compare8): 4758 (MacroAssemblerX86Common): 4759 * assembler/MacroAssemblerX86_64.h: 4760 (MacroAssemblerX86_64): 4761 (JSC::MacroAssemblerX86_64::testPtr): 4762 * dfg/DFGAbstractState.cpp: 4763 (JSC::DFG::AbstractState::execute): 4764 * dfg/DFGByteCodeParser.cpp: 4765 (JSC::DFG::ByteCodeParser::parseBlock): 4766 * dfg/DFGCCallHelpers.h: 4767 (JSC::DFG::CCallHelpers::setupArguments): 4768 (CCallHelpers): 4769 * dfg/DFGCSEPhase.cpp: 4770 (JSC::DFG::CSEPhase::performNodeCSE): 4771 * dfg/DFGCapabilities.h: 4772 (JSC::DFG::canCompileOpcode): 4773 * dfg/DFGNodeType.h: 4774 (DFG): 4775 * dfg/DFGOperations.cpp: 4776 * dfg/DFGOperations.h: 4777 * dfg/DFGPredictionPropagationPhase.cpp: 4778 (JSC::DFG::PredictionPropagationPhase::propagate): 4779 * dfg/DFGSpeculativeJIT.h: 4780 (JSC::DFG::SpeculativeJIT::callOperation): 4781 (JSC::DFG::SpeculativeJIT::appendCallSetResult): 4782 * dfg/DFGSpeculativeJIT32_64.cpp: 4783 (JSC::DFG::SpeculativeJIT::compile): 4784 * dfg/DFGSpeculativeJIT64.cpp: 4785 (JSC::DFG::SpeculativeJIT::compile): 4786 * jit/JIT.cpp: 4787 (JSC::JIT::privateCompileMainPass): 4788 * jit/JIT.h: 4789 (JIT): 4790 * jit/JITOpcodes.cpp: 4791 (JSC::JIT::emit_op_is_undefined): 4792 (JSC): 4793 (JSC::JIT::emit_op_is_boolean): 4794 (JSC::JIT::emit_op_is_number): 4795 (JSC::JIT::emit_op_is_string): 4796 * jit/JITOpcodes32_64.cpp: 4797 (JSC::JIT::emit_op_is_undefined): 4798 (JSC): 4799 (JSC::JIT::emit_op_is_boolean): 4800 (JSC::JIT::emit_op_is_number): 4801 (JSC::JIT::emit_op_is_string): 4802 * jit/JITStubs.cpp: 4803 (JSC): 4804 * llint/LLIntSlowPaths.cpp: 4805 (LLInt): 4806 * llint/LLIntSlowPaths.h: 4807 (LLInt): 4808 * llint/LowLevelInterpreter.asm: 4809 * llint/LowLevelInterpreter32_64.asm: 4810 * llint/LowLevelInterpreter64.asm: 4811 * offlineasm/armv7.rb: 4812 * offlineasm/instructions.rb: 4813 * offlineasm/x86.rb: 4814 48152012-04-11 Filip Pizlo <fpizlo@apple.com> 4816 4817 If you use an IntegerOperand and want to return it with integerResult, you need to 4818 zero extend to get rid of the box 4819 https://bugs.webkit.org/show_bug.cgi?id=83734 4820 <rdar://problem/11232296> 4821 4822 Reviewed by Oliver Hunt. 4823 4824 * dfg/DFGSpeculativeJIT64.cpp: 4825 (JSC::DFG::SpeculativeJIT::fillInteger): 4826 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): 4827 48282012-04-11 Filip Pizlo <fpizlo@apple.com> 4829 4830 SpeculativeJIT::fillStorage() should work with all the states that a cell may be in 4831 https://bugs.webkit.org/show_bug.cgi?id=83722 4832 4833 Reviewed by Gavin Barraclough. 4834 4835 It's now possible to do StorageOperand on a cell, in the case that the storage is 4836 inline. But this means that fillStorage() must be able to handle all of the states 4837 that a cell might be in. Previously it didn't. 4838 4839 With this change, it now does handle all of the states, and moreover, it does so 4840 by preserving the DataFormat of cells and performing all of the cell speculations 4841 that should be performed if you're using a cell as storage. But if you use this on 4842 something that is known to be storage already then it behaves as it did before. 4843 4844 * dfg/DFGSpeculativeJIT.cpp: 4845 (JSC::DFG::SpeculativeJIT::fillStorage): 4846 48472012-04-11 Filip Pizlo <fpizlo@apple.com> 4848 4849 Global variable predictions should not be coalesced unnecessarily 4850 https://bugs.webkit.org/show_bug.cgi?id=83678 4851 4852 Reviewed by Geoff Garen. 4853 4854 Removed the PredictionTracker and everyone who used it. Converted GetGlobalVar 4855 to have a heapPrediction like a civilized DFG opcode ought to. 4856 4857 No performance effect. 4858 4859 * GNUmakefile.list.am: 4860 * JavaScriptCore.xcodeproj/project.pbxproj: 4861 * bytecode/CodeBlock.h: 4862 * bytecode/PredictionTracker.h: Removed. 4863 * dfg/DFGByteCodeParser.cpp: 4864 (JSC::DFG::ByteCodeParser::parseBlock): 4865 * dfg/DFGGenerationInfo.h: 4866 * dfg/DFGGraph.cpp: 4867 (JSC::DFG::Graph::dump): 4868 * dfg/DFGGraph.h: 4869 (Graph): 4870 * dfg/DFGNode.h: 4871 (JSC::DFG::Node::hasHeapPrediction): 4872 * dfg/DFGPredictionPropagationPhase.cpp: 4873 (JSC::DFG::PredictionPropagationPhase::propagate): 4874 48752012-04-11 Benjamin Poulain <bpoulain@apple.com> 4876 4877 Optimize String.split() for 1 character separator 4878 https://bugs.webkit.org/show_bug.cgi?id=83546 4879 4880 Reviewed by Gavin Barraclough. 4881 4882 This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case 4883 where the separator is a single character. 4884 4885 The two main gains are: 4886 -Use of the find() function with a single character instead of doing a full string matching. 4887 -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline 4888 function. 4889 4890 The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits. 4891 4892 This makes String.split() faster by about 13% in that particular case. 4893 4894 * runtime/StringPrototype.cpp: 4895 (JSC): 4896 (JSC::splitStringByOneCharacterImpl): 4897 (JSC::stringProtoFuncSplit): 4898 48992012-04-10 Carlos Garcia Campos <cgarcia@igalia.com> 4900 4901 Unreviewed. Fix make distcheck issues. 4902 4903 * GNUmakefile.list.am: Ad missing files. 4904 49052012-04-10 Mark Rowe <mrowe@apple.com> 4906 4907 Attempt to fix the Windows build. 4908 4909 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 4910 49112012-04-10 Patrick Gansterer <paroga@webkit.org> 4912 4913 Cleanup wtf/Platform.h and config.h files 4914 https://bugs.webkit.org/show_bug.cgi?id=83431 4915 4916 Reviewed by Eric Seidel. 4917 4918 The ENABLE() and USE() macros take care about the case when the flag 4919 isn't defined. So there is no need to define anything with 0. 4920 4921 Also move duplicated code from the config.h files to Platform.h and 4922 merge a few preprocessor commands to make the file more readable. 4923 4924 * config.h: 4925 49262012-04-10 Filip Pizlo <fpizlo@apple.com> 4927 4928 DFG should flush SetLocals to arguments 4929 https://bugs.webkit.org/show_bug.cgi?id=83554 4930 4931 Reviewed by Gavin Barraclough. 4932 4933 This is necessary to match baseline JIT argument capture behavior. 4934 4935 But to make this work right we need to have a story for arguments into 4936 which we store values of different formats. This patch introduces the 4937 notion of an ArgumentPosition - i.e. an argument in a particular inline 4938 call frame - and forces unification of all data pertinent to selecting 4939 the argument's data format. 4940 4941 Also fixed an amusing bug in the handling of OSR on SetLocals if there 4942 was any insertion/deletion of nodes in the basic block. This is benign 4943 for now but won't be eventually since the DFG is getting smarter. So 4944 better fix it now. 4945 4946 Also fixed an amusing bug in the handling of OSR on SetLocals if they 4947 are immediately followed by a Flush. I think this bug might have always 4948 been there but now it'll happen more commonly, and it's covered by the 4949 run-javascriptcore-tests. 4950 4951 * JavaScriptCore.xcodeproj/project.pbxproj: 4952 * dfg/DFGAbstractState.cpp: 4953 (JSC::DFG::AbstractState::execute): 4954 * dfg/DFGArgumentPosition.h: Added. 4955 (DFG): 4956 (ArgumentPosition): 4957 (JSC::DFG::ArgumentPosition::ArgumentPosition): 4958 (JSC::DFG::ArgumentPosition::addVariable): 4959 (JSC::DFG::ArgumentPosition::mergeArgumentAwareness): 4960 * dfg/DFGByteCodeParser.cpp: 4961 (JSC::DFG::ByteCodeParser::setLocal): 4962 (JSC::DFG::ByteCodeParser::setArgument): 4963 (InlineStackEntry): 4964 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 4965 * dfg/DFGDoubleFormatState.h: Added. 4966 (DFG): 4967 (JSC::DFG::mergeDoubleFormatStates): 4968 (JSC::DFG::mergeDoubleFormatState): 4969 (JSC::DFG::doubleFormatStateToString): 4970 * dfg/DFGGraph.h: 4971 (Graph): 4972 * dfg/DFGPredictionPropagationPhase.cpp: 4973 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): 4974 * dfg/DFGSpeculativeJIT32_64.cpp: 4975 (JSC::DFG::SpeculativeJIT::compile): 4976 * dfg/DFGSpeculativeJIT64.cpp: 4977 (JSC::DFG::SpeculativeJIT::compile): 4978 * dfg/DFGVariableAccessData.h: 4979 (JSC::DFG::VariableAccessData::VariableAccessData): 4980 (JSC::DFG::VariableAccessData::predict): 4981 (JSC::DFG::VariableAccessData::argumentAwarePrediction): 4982 (VariableAccessData): 4983 (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction): 4984 (JSC::DFG::VariableAccessData::doubleFormatState): 4985 (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): 4986 (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): 4987 (JSC::DFG::VariableAccessData::mergeDoubleFormatState): 4988 (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat): 4989 49902012-04-10 Adam Klein <adamk@chromium.org> 4991 4992 Remove unused NonNullPassRefPtr from WTF 4993 https://bugs.webkit.org/show_bug.cgi?id=82389 4994 4995 Reviewed by Kentaro Hara. 4996 4997 * JavaScriptCore.order: Remove nonexistent symbols referencing NonNullPassRefPtr. 4998 49992012-04-10 Darin Adler <darin@apple.com> 5000 5001 Remove unused data member from Lexer class 5002 https://bugs.webkit.org/show_bug.cgi?id=83429 5003 5004 Reviewed by Kentaro Hara. 5005 5006 I noticed that m_delimited was "write-only", so I deleted it. 5007 5008 * parser/Lexer.cpp: 5009 (JSC::Lexer::setCode): Removed code to set m_delimited. 5010 (JSC::Lexer::parseIdentifier): Ditto. 5011 (JSC::Lexer::parseIdentifierSlowCase): Ditto. 5012 (JSC::Lexer::lex): Ditto. 5013 * parser/Lexer.h: Deleted m_delimited. 5014 50152012-04-10 Patrick Gansterer <paroga@webkit.org> 5016 5017 [CMake] Enable USE_FOLDERS property 5018 https://bugs.webkit.org/show_bug.cgi?id=83571 5019 5020 Reviewed by Daniel Bates. 5021 5022 Setting the FOLDER property on targets gives more structure 5023 to the generated Visual Studio solutions. 5024 This does not affect other CMake generators. 5025 5026 * CMakeLists.txt: 5027 * shell/CMakeLists.txt: 5028 50292012-04-10 Filip Pizlo <fpizlo@apple.com> 5030 5031 It should be possible to see why a code block was not compiled by the DFG 5032 https://bugs.webkit.org/show_bug.cgi?id=83553 5033 5034 Reviewed by Geoff Garen. 5035 5036 If DFG_ENABLE(DEBUG_VERBOSE) and a code block is rejected, then print the 5037 opcode that caused the rejection. 5038 5039 * dfg/DFGCapabilities.cpp: 5040 (JSC::DFG::debugFail): 5041 (DFG): 5042 (JSC::DFG::canHandleOpcodes): 5043 50442012-04-09 Gavin Barraclough <barraclough@apple.com> 5045 5046 If a callback constructor returns a C++ null, throw a type error. 5047 https://bugs.webkit.org/show_bug.cgi?id=83537 5048 5049 Rubber Stamped by Geoff Garen. 5050 5051 * API/JSCallbackConstructor.cpp: 5052 (JSC::constructJSCallback): 5053 - If a callback constructor returns a C++ null, throw a type error. 5054 * API/tests/testapi.c: 5055 (Base_returnHardNull): 5056 * API/tests/testapi.js: 5057 - Add a test case for callback constructors that return a C++ null. 5058 50592012-04-09 Gavin Barraclough <barraclough@apple.com> 5060 5061 If a callback function returns a C++ null, convert to undefined. 5062 https://bugs.webkit.org/show_bug.cgi?id=83534 5063 5064 Reviewed by Geoff Garen. 5065 5066 * API/JSCallbackFunction.cpp: 5067 - If a callback function returns a C++ null, convert to undefined. 5068 (JSC::JSCallbackFunction::call): 5069 * API/tests/testapi.c: 5070 (Base_returnHardNull): 5071 * API/tests/testapi.js: 5072 - Add a test case for callback functions that return a C++ null. 5073 50742012-04-09 Filip Pizlo <fpizlo@apple.com> 5075 5076 Classic interpreter's GC hooks shouldn't attempt to scan instructions for code blocks that 5077 are currently being generated 5078 https://bugs.webkit.org/show_bug.cgi?id=83531 5079 <rdar://problem/11215200> 5080 5081 Reviewed by Gavin Barraclough. 5082 5083 * bytecode/CodeBlock.cpp: 5084 (JSC::CodeBlock::stronglyVisitStrongReferences): 5085 50862012-04-09 Filip Pizlo <fpizlo@apple.com> 5087 5088 Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks. 5089 5090 * dfg/DFGOperations.cpp: 5091 (JSC): 5092 * offlineasm/armv7.rb: 5093 50942012-04-09 Patrick Gansterer <paroga@webkit.org> 5095 5096 Remove HAVE_STDINT_H 5097 https://bugs.webkit.org/show_bug.cgi?id=83434 5098 5099 Reviewed by Kentaro Hara. 5100 5101 HAVE_STDINT_H is defined with 1 all the time and we us stdint.h without HAVE(STDINT_H) already. 5102 5103 * config.h: 5104 51052012-04-08 Filip Pizlo <fpizlo@apple.com> 5106 5107 DFG should not load the property storage if it is inline. 5108 https://bugs.webkit.org/show_bug.cgi?id=83455 5109 5110 Reviewed by Gavin Barraclough. 5111 5112 We had previously decided to have all property storage accesses go through 5113 the property storage pointer even if they don't "really" have to, because 5114 we were thinking this would help GC barriers somehow. Well, we never ended 5115 up doing anything with that. Hence, doing these wasted loads of the 5116 property storage pointer when the storage is inline is just a waste of CPU 5117 cycles. 5118 5119 This change makes the DFG's inline property accesses (GetByOffset and 5120 PutByOffset) go directly to the inline property storage if the structure(s) 5121 tell us that it's OK. 5122 5123 This looks like an across-the-board 1% win. 5124 5125 * bytecode/StructureSet.h: 5126 (JSC): 5127 (JSC::StructureSet::allAreUsingInlinePropertyStorage): 5128 (StructureSet): 5129 * dfg/DFGByteCodeParser.cpp: 5130 (JSC::DFG::ByteCodeParser::parseBlock): 5131 * dfg/DFGSpeculativeJIT.cpp: 5132 (JSC::DFG::SpeculativeJIT::fillStorage): 5133 51342012-04-08 Filip Pizlo <fpizlo@apple.com> 5135 5136 Command-line jsc's exception handling should be rationalized 5137 https://bugs.webkit.org/show_bug.cgi?id=83437 5138 5139 Reviewed by Dan Bernstein. 5140 5141 - If an exception is thrown during run() execution, it is now propagated, 5142 so that it will terminate program execution unless it is caught. 5143 5144 - If program execution terminates with an exception, the exception is now 5145 always printed. 5146 5147 - When printing the exception, the backtrace is now also printed if one is 5148 available. It will only not be available if you use something akin to my 5149 favorite line of code, 'throw "error"', since primitives don't have 5150 properties and hence we cannot attach a "stack" property to them. 5151 5152 * jsc.cpp: 5153 (functionRun): 5154 (runWithScripts): 5155 51562012-04-04 Filip Pizlo <fpizlo@apple.com> 5157 5158 Forced OSR exits should lead to recompilation based on count, not rate 5159 https://bugs.webkit.org/show_bug.cgi?id=83247 5160 <rdar://problem/10720925> 5161 5162 Reviewed by Geoff Garen. 5163 5164 Track which OSR exits happen because of inadequate coverage. Count them 5165 separately. If the count reaches a threshold, immediately trigger 5166 reoptimization. 5167 5168 This is in contrast to the recompilation trigger for all other OSR exits. 5169 Normally recomp is triggered when the exit rate exceeds a certain ratio. 5170 5171 Looks like a slight V8 speedup (sub 1%). 5172 5173 * bytecode/CodeBlock.cpp: 5174 (JSC::CodeBlock::CodeBlock): 5175 * bytecode/CodeBlock.h: 5176 (JSC::CodeBlock::forcedOSRExitCounter): 5177 (JSC::CodeBlock::addressOfForcedOSRExitCounter): 5178 (JSC::CodeBlock::offsetOfForcedOSRExitCounter): 5179 (JSC::CodeBlock::shouldReoptimizeNow): 5180 (JSC::CodeBlock::shouldReoptimizeFromLoopNow): 5181 (CodeBlock): 5182 * bytecode/DFGExitProfile.h: 5183 (JSC::DFG::exitKindToString): 5184 * dfg/DFGOSRExitCompiler.cpp: 5185 (JSC::DFG::OSRExitCompiler::handleExitCounts): 5186 (DFG): 5187 * dfg/DFGOSRExitCompiler.h: 5188 (OSRExitCompiler): 5189 * dfg/DFGOSRExitCompiler32_64.cpp: 5190 (JSC::DFG::OSRExitCompiler::compileExit): 5191 * dfg/DFGOSRExitCompiler64.cpp: 5192 (JSC::DFG::OSRExitCompiler::compileExit): 5193 * dfg/DFGOperations.cpp: 5194 * dfg/DFGSpeculativeJIT.cpp: 5195 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): 5196 * dfg/DFGSpeculativeJIT32_64.cpp: 5197 (JSC::DFG::SpeculativeJIT::compile): 5198 * dfg/DFGSpeculativeJIT64.cpp: 5199 (JSC::DFG::SpeculativeJIT::compile): 5200 * runtime/Options.cpp: 5201 (Options): 5202 (JSC::Options::initializeOptions): 5203 * runtime/Options.h: 5204 (Options): 5205 52062012-04-06 Benjamin Poulain <bpoulain@apple.com> 5207 5208 Do not abuse ArrayStorage's m_length for testing array consistency 5209 https://bugs.webkit.org/show_bug.cgi?id=83403 5210 5211 Reviewed by Geoffrey Garen. 5212 5213 Array creation from a list of values is a 3 steps process: 5214 -JSArray::tryCreateUninitialized() 5215 -JSArray::initializeIndex() for each values 5216 -JSArray::completeInitialization() 5217 5218 Previously, the attribute m_length was not set to the final size 5219 JSArray::tryCreateUninitialized() because it was used to test the array 5220 consistency JSArray::initializeIndex(). 5221 5222 This caused the initialization loop using JSArray::initializeIndex() maintain 5223 two counters: 5224 -index of the loop 5225 -storage->m_length++ 5226 5227 This patch fixes this by using the index of the initialization loop for the indinces of 5228 JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex 5229 is introduced if CHECK_ARRAY_CONSISTENCY is defined. 5230 5231 The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined. 5232 5233 This improves the performance of JSArray creation from literals by 8%. 5234 5235 * runtime/JSArray.cpp: 5236 (JSC::JSArray::tryFinishCreationUninitialized): 5237 (JSC::JSArray::checkConsistency): 5238 * runtime/JSArray.h: 5239 (ArrayStorage): 5240 (JSC::JSArray::initializeIndex): 5241 (JSC::JSArray::completeInitialization): 5242 52432012-04-06 Jon Lee <jonlee@apple.com> 5244 5245 Build fix for Windows bots. 5246 5247 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: export missing symbol. 5248 52492012-04-06 Geoffrey Garen <ggaren@apple.com> 5250 5251 Renamed 5252 5253 WeakHeap => WeakSet 5254 HandleHeap => HandleSet 5255 5256 Reviewed by Sam Weinig. 5257 5258 These sets do have internal allocators, but it's confusing to call them 5259 heaps because they're sub-objects of an object called "heap". 5260 5261 * heap/HandleHeap.cpp: Removed. 5262 * heap/HandleHeap.h: Removed. 5263 * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp. 5264 * heap/WeakHeap.cpp: Removed. 5265 * heap/WeakHeap.h: Removed. 5266 * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp. 5267 * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h. 5268 5269 Plus global rename using grep. 5270 52712012-04-06 Dan Bernstein <mitz@apple.com> 5272 5273 <rdar://problem/10912476> HiDPI: Have canvas use a hidpi backing store, but downsample upon access 5274 5275 Reviewed by Sam Weinig. 5276 5277 * Configurations/FeatureDefines.xcconfig: Added ENABLE_HIGH_DPI_CANVAS. 5278 52792012-04-06 Rob Buis <rbuis@rim.com> 5280 5281 Fix cast-align warnings in JSC 5282 https://bugs.webkit.org/show_bug.cgi?id=80790 5283 5284 Reviewed by George Staikos. 5285 5286 * assembler/ARMv7Assembler.h: 5287 (JSC::ARMv7Assembler::computeJumpType): 5288 (JSC::ARMv7Assembler::link): 5289 * assembler/LinkBuffer.h: 5290 (JSC::LinkBuffer::linkCode): 5291 * heap/MarkStack.cpp: 5292 (JSC::SlotVisitor::copyAndAppend): 5293 * runtime/JSArray.cpp: 5294 (JSC::JSArray::visitChildren): 5295 * wtf/RefCountedArray.h: 5296 (WTF::RefCountedArray::Header::payload): 5297 52982012-04-06 Darin Adler <darin@apple.com> 5299 5300 Streamline strtod and fix some related problems 5301 https://bugs.webkit.org/show_bug.cgi?id=82857 5302 5303 Reviewed by Geoffrey Garen. 5304 5305 * parser/Lexer.cpp: 5306 (JSC::Lexer<>::lex): Use parseDouble. Since we have already scanned the number 5307 and we know it has only correct characters, leading spaces, trailing junk, and 5308 trailing spaces are not a possibility. No need to add a trailing null character. 5309 5310 * runtime/JSGlobalObjectFunctions.cpp: 5311 (JSC::parseInt): Changed overflow based 10 case to use parseDouble. No need 5312 to allow trailing junk since the code above already allows only numeric digits 5313 in the string. This code path is used only in unusual cases, so it's not 5314 optimized for 8-bit strings, but easily could be. 5315 (JSC::jsStrDecimalLiteral): Removed the allow trailing junk argument to this 5316 function template because all the callers are OK with trailing junk. Use the 5317 parseDouble function. No need to copy the data into a byte buffer, because 5318 parseDouble handles that. 5319 (JSC::toDouble): Got rid of the DisallowTrailingJunk argument to the 5320 jsStrDecimalLiteral function template. That's OK because this function 5321 already checks for trailing junk and handles it appropriately. The old code 5322 path was doing it twice. 5323 (JSC::parseFloat): Got rid of the AllowTrailingJunk argument to the 5324 jsStrDecimalLiteral function template; the template allows junk unconditionally. 5325 5326 * runtime/LiteralParser.cpp: 5327 (JSC::::Lexer::lexNumber): Use parseDouble. Since we have already scanned the number 5328 and we know it has only correct characters, leading spaces, trailing junk, and 5329 trailing spaces are not a possibility. No need to add a trailing null character. 5330 No need to copy the data into a byte buffer, because parseDouble handles that. 5331 We could optimize the UChar case even more because we know all the characters 5332 are ASCII, but not doing that at this time. 5333 5334 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated. 5335 53362012-04-06 Patrick Gansterer <paroga@webkit.org> 5337 5338 Remove JSC dependency from GregorianDateTime 5339 https://bugs.webkit.org/show_bug.cgi?id=83290 5340 5341 Reviewed by Geoffrey Garen. 5342 5343 This allows us to move it to WTF later. 5344 5345 * runtime/DateConstructor.cpp: 5346 (JSC::callDate): 5347 * runtime/JSDateMath.h: 5348 53492012-04-05 Michael Saboff <msaboff@apple.com> 5350 5351 Call Heap::discardAllCompiledCode() in low memory situations 5352 https://bugs.webkit.org/show_bug.cgi?id=83335 5353 5354 Reviewed by Geoffrey Garen. 5355 5356 Restructured Heap::discardAllCompiledCode() to do the "Is JavaScriptRunning?" 5357 check inline so that it can be called directly without this check. 5358 5359 * heap/Heap.cpp: 5360 (JSC::Heap::discardAllCompiledCode): 5361 (JSC::Heap::collectAllGarbage): 5362 * heap/Heap.h: Added JS_EXPORT_PRIVATE to discardAllCompiledCode() so it can be 5363 called from WebCore. 5364 (Heap): 5365 * runtime/JSGlobalData.h: Removed unused " void discardAllCompiledCode()" declaration. 5366 (JSGlobalData): 5367 53682012-04-05 Benjamin Poulain <bpoulain@apple.com> 5369 5370 Speed up the conversion from JSValue to String for bulk operations 5371 https://bugs.webkit.org/show_bug.cgi?id=83243 5372 5373 Reviewed by Geoffrey Garen. 5374 5375 When making operations on primitive types, we loose some time converting 5376 values to JSString in order to extract the string. 5377 5378 This patch speeds up some basic Array operations by avoiding the creation 5379 of intermediary JSString when possible. 5380 5381 For the cases where we need to convert a lot of JSValue in a tight loop, 5382 an inline conversion is used. 5383 5384 * runtime/ArrayPrototype.cpp: 5385 (JSC::arrayProtoFuncToString): 5386 (JSC::arrayProtoFuncToLocaleString): 5387 (JSC::arrayProtoFuncJoin): 5388 (JSC::arrayProtoFuncPush): 5389 (JSC::arrayProtoFuncSort): 5390 * runtime/CommonIdentifiers.h: 5391 * runtime/JSArray.cpp: 5392 (JSC::JSArray::sort): 5393 * runtime/JSString.h: 5394 (JSC::JSValue::toUString): 5395 (JSC): 5396 (JSC::inlineJSValueNotStringtoUString): 5397 (JSC::JSValue::toUStringInline): 5398 * runtime/JSValue.cpp: 5399 (JSC::JSValue::toUStringSlowCase): 5400 (JSC): 5401 * runtime/JSValue.h: 5402 (JSValue): 5403 54042012-04-05 Benjamin Poulain <bpoulain@apple.com> 5405 5406 Use QuickSort when sorting primitive values by string representation 5407 https://bugs.webkit.org/show_bug.cgi?id=83312 5408 5409 Reviewed by Gavin Barraclough. 5410 5411 When the value we are sorting are all primitive values, we do not need to 5412 ensure a stable sort as two values with equal string representation are 5413 indistinguishable from JavaScript. 5414 5415 This gives about 16% performance increase when sorting primitive values. 5416 5417 * runtime/JSArray.cpp: 5418 (JSC::JSArray::sort): 5419 54202012-04-05 Oliver Hunt <oliver@apple.com> 5421 5422 SIGILL in JavaScriptCore on a Geode processor 5423 https://bugs.webkit.org/show_bug.cgi?id=82496 5424 5425 Reviewed by Gavin Barraclough. 5426 5427 Don't attempt to use the DFG when SSE2 is not available. 5428 5429 * dfg/DFGCapabilities.cpp: 5430 (JSC::DFG::canCompileOpcodes): 5431 54322012-04-05 Oliver Hunt <oliver@apple.com> 5433 5434 Fix 32-bit build. 5435 5436 * API/APICast.h: 5437 (toJS): 5438 54392012-04-05 Oliver Hunt <oliver@apple.com> 5440 5441 Replace static_cast with jsCast when casting JSCell subclasses in JSC 5442 https://bugs.webkit.org/show_bug.cgi?id=83307 5443 5444 Reviewed by Gavin Barraclough. 5445 5446 Replace all usage of static_cast<JSCell subtype*> with jsCast<> in JavaScriptCore. 5447 This results in assertions when unsafe casts are performed, but simply leaves 5448 a static_cast<> in release builds. 5449 5450 * API/APICast.h: 5451 (toJS): 5452 * API/JSCallbackConstructor.cpp: 5453 (JSC::constructJSCallback): 5454 * API/JSCallbackFunction.cpp: 5455 (JSC::JSCallbackFunction::call): 5456 * API/JSCallbackObjectFunctions.h: 5457 (JSC::::asCallbackObject): 5458 (JSC::::finishCreation): 5459 (JSC::::construct): 5460 (JSC::::call): 5461 * API/JSObjectRef.cpp: 5462 (JSObjectGetPrivate): 5463 (JSObjectSetPrivate): 5464 (JSObjectGetPrivateProperty): 5465 (JSObjectSetPrivateProperty): 5466 (JSObjectDeletePrivateProperty): 5467 * API/JSValueRef.cpp: 5468 (JSValueIsObjectOfClass): 5469 * API/JSWeakObjectMapRefPrivate.cpp: 5470 * bytecompiler/BytecodeGenerator.cpp: 5471 (JSC::BytecodeGenerator::resolve): 5472 (JSC::BytecodeGenerator::resolveConstDecl): 5473 * debugger/DebuggerActivation.cpp: 5474 (JSC::DebuggerActivation::finishCreation): 5475 * dfg/DFGOperations.cpp: 5476 * interpreter/Interpreter.cpp: 5477 (JSC::Interpreter::execute): 5478 (JSC::Interpreter::privateExecute): 5479 * jit/JITStubs.cpp: 5480 (JSC::DEFINE_STUB_FUNCTION): 5481 * runtime/Executable.h: 5482 (JSC::isHostFunction): 5483 * runtime/JSActivation.h: 5484 (JSC::asActivation): 5485 * runtime/JSArray.cpp: 5486 (JSC::JSArray::defineOwnProperty): 5487 * runtime/JSArray.h: 5488 (JSC::asArray): 5489 * runtime/JSBoundFunction.cpp: 5490 (JSC::boundFunctionCall): 5491 (JSC::boundFunctionConstruct): 5492 * runtime/JSByteArray.h: 5493 (JSC::asByteArray): 5494 * runtime/JSCell.cpp: 5495 (JSC::JSCell::toObject): 5496 * runtime/JSCell.h: 5497 (JSC::jsCast): 5498 * runtime/JSGlobalObject.h: 5499 (JSC::asGlobalObject): 5500 * runtime/JSGlobalObjectFunctions.cpp: 5501 (JSC::globalFuncEval): 5502 * runtime/JSObject.cpp: 5503 (JSC::JSObject::setPrototypeWithCycleCheck): 5504 (JSC::JSObject::allowsAccessFrom): 5505 (JSC::JSObject::toThisObject): 5506 (JSC::JSObject::unwrappedObject): 5507 * runtime/JSObject.h: 5508 (JSC::asObject): 5509 * runtime/JSPropertyNameIterator.h: 5510 (JSC::Register::propertyNameIterator): 5511 * runtime/JSString.h: 5512 (JSC::asString): 5513 (JSC::JSValue::toString): 5514 * runtime/StringPrototype.cpp: 5515 (JSC::stringProtoFuncSubstr): 5516 55172012-04-05 Benjamin Poulain <bpoulain@apple.com> 5518 5519 Make something faster than JSStringBuilder for joining an array of JSValue 5520 https://bugs.webkit.org/show_bug.cgi?id=83180 5521 5522 Reviewed by Geoffrey Garen. 5523 5524 This patch add the class JSStringJoiner optimized for join() operations. 5525 5526 This class makes stricter constraints than JSStringBuilder in order avoid 5527 memory allocations. 5528 5529 In the best case, the class allocate memory only twice: 5530 -Allocate an array to keep a list of UString to join. 5531 -Allocate the final string. 5532 5533 We also avoid the conversion from 8bits strings to 16bits strings since 5534 they are costly and unlikly to help for subsequent calls. 5535 5536 * CMakeLists.txt: 5537 * GNUmakefile.list.am: 5538 * JavaScriptCore.gypi: 5539 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 5540 * JavaScriptCore.xcodeproj/project.pbxproj: 5541 * Target.pri: 5542 * runtime/ArrayPrototype.cpp: 5543 (JSC::arrayProtoFuncToLocaleString): 5544 (JSC::arrayProtoFuncJoin): 5545 * runtime/JSStringJoiner.cpp: Added. 5546 (JSC): 5547 (JSC::appendStringToData): 5548 (JSC::joinStrings): 5549 (JSC::JSStringJoiner::build): 5550 * runtime/JSStringJoiner.h: Added. 5551 (JSC): 5552 (JSStringJoiner): 5553 (JSC::JSStringJoiner::JSStringJoiner): 5554 (JSC::JSStringJoiner::append): 5555 55562012-04-05 Gavin Barraclough <barraclough@apple.com> 5557 5558 https://bugs.webkit.org/show_bug.cgi?id=77293 5559 [Un]Reserve 'let' 5560 5561 Rubber stamped by Oliver Hunt. 5562 5563 Revert r106198. 5564 This does break the web - e.g. https://bvi.bnc.ca/index/bnc/indexen.html 5565 If we're going to reserve let, we're going to have to do so in a more 5566 circumspect fashion. 5567 5568 * parser/Keywords.table: 5569 55702012-04-05 Michael Saboff <msaboff@apple.com> 5571 5572 Rolling out http://trac.webkit.org/changeset/113262. 5573 Original code was fine. 5574 5575 Rubber-stamped by Oliver Hunt. 5576 5577 * assembler/MacroAssembler.h: 5578 (JSC::MacroAssembler::additionBlindedConstant): 5579 55802012-04-05 Patrick Gansterer <paroga@webkit.org> 5581 5582 [WinCE] Remove unnecessary function decleration 5583 https://bugs.webkit.org/show_bug.cgi?id=83155 5584 5585 Reviewed by Kentaro Hara. 5586 5587 * runtime/JSDateMath.cpp: 5588 55892012-04-04 Patrick Gansterer <paroga@webkit.org> 5590 5591 Add WTF::getCurrentLocalTime() 5592 https://bugs.webkit.org/show_bug.cgi?id=83164 5593 5594 Reviewed by Alexey Proskuryakov. 5595 5596 Replace the calls to WTF::getLocalTime() with time(0) with the new function. 5597 This allows us to use Win32 API on windows to get the same result in a next step. 5598 5599 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 5600 * runtime/DateConstructor.cpp: 5601 (JSC::callDate): 5602 56032012-04-04 Oliver Hunt <oliver@apple.com> 5604 5605 Parser fails to revert some state after parsing expression and object literals. 5606 https://bugs.webkit.org/show_bug.cgi?id=83236 5607 5608 Reviewed by Gavin Barraclough. 5609 5610 Reset left hand side counter after parsing the literals. 5611 5612 * parser/Parser.cpp: 5613 (JSC::::parseObjectLiteral): 5614 (JSC::::parseStrictObjectLiteral): 5615 (JSC::::parseArrayLiteral): 5616 56172012-04-04 Filip Pizlo <fpizlo@apple.com> 5618 5619 DFG InstanceOf should not uselessly speculate cell 5620 https://bugs.webkit.org/show_bug.cgi?id=83234 5621 5622 Reviewed by Oliver Hunt. 5623 5624 If InstanceOf is the only user of its child then don't speculate cell, since 5625 the not-cell case is super easy to handle. 5626 5627 * dfg/DFGSpeculativeJIT.cpp: 5628 (JSC::DFG::SpeculativeJIT::compileInstanceOf): 5629 56302012-04-04 Michael Saboff <msaboff@apple.com> 5631 5632 Fixed minor error: "& 3" should be "& 2". 5633 5634 Rubber-stamped by Oliver Hunt. 5635 5636 * assembler/MacroAssembler.h: 5637 (JSC::MacroAssembler::additionBlindedConstant): 5638 56392012-04-04 Michael Saboff <msaboff@apple.com> 5640 5641 Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP 5642 https://bugs.webkit.org/show_bug.cgi?id=83191 5643 5644 Reviewed by Oliver Hunt. 5645 5646 Make are that blinded constant pairs are similarly aligned to the 5647 original immediate values so that instructions that expect that 5648 alignment work correctly. One example is ARMv7 add/sub imm to SP. 5649 5650 * assembler/ARMv7Assembler.h: 5651 (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned. 5652 (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned. 5653 (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned. 5654 * assembler/MacroAssembler.h: 5655 (JSC::MacroAssembler::additionBlindedConstant): 5656 56572012-04-04 Filip Pizlo <fpizlo@apple.com> 5658 5659 DFG should short-circuit Branch(LogicalNot(...)) 5660 https://bugs.webkit.org/show_bug.cgi?id=83181 5661 5662 Reviewed by Geoff Garen. 5663 5664 Slight (sub 1%) speed-up on V8. 5665 5666 * dfg/DFGFixupPhase.cpp: 5667 (JSC::DFG::FixupPhase::fixupNode): 5668 56692012-04-04 Geoffrey Garen <ggaren@apple.com> 5670 5671 [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode 5672 https://bugs.webkit.org/show_bug.cgi?id=83139 5673 5674 Reviewed by Sam Weinig. 5675 5676 * heap/PassWeak.h: 5677 (JSC::::get): 32-bit JSValue treats JSValue(nullptr).asCell() as an error, 5678 so work around that here. (Long-term, we should make 32-bit and 64-bit 5679 agree on the right behavior.) 5680 56812012-04-03 Geoffrey Garen <ggaren@apple.com> 5682 5683 Updated JSC expected test results to reflect recent bug fixes <disapproving look>. 5684 5685 Reviewed by Sam Weinig. 5686 5687 * tests/mozilla/expected.html: 5688 56892012-03-29 Geoffrey Garen <ggaren@apple.com> 5690 5691 First step toward incremental Weak<T> finalization 5692 https://bugs.webkit.org/show_bug.cgi?id=82670 5693 5694 Reviewed by Filip Pizlo. 5695 5696 This patch implements a Weak<T> heap that is compatible with incremental 5697 finalization, while making as few behavior changes as possible. The behavior 5698 changes it makes are: 5699 5700 (*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically -- 5701 instead, a separate flag indicates that the JSValue is no longer valid. 5702 (This is required so that the JSValue can be preserved for later finalization.) 5703 Objects dealing with WeakImpls directly must change to check the flag. 5704 5705 (*) Weak<T> is no longer a subclass of Handle<T>. 5706 5707 (*) DOM GC performance is different -- 9% faster in the geometric mean, 5708 but 15% slower in one specific case: 5709 gc-dom1.html: 6% faster 5710 gc-dom2.html: 23% faster 5711 gc-dom3.html: 17% faster 5712 gc-dom4.html: 15% *slower* 5713 5714 The key features of this new heap are: 5715 5716 (*) Each block knows its own state, independent of any other blocks. 5717 5718 (*) Each block caches its own sweep result. 5719 5720 (*) The heap visits dead Weak<T>s at the end of GC. (It doesn't 5721 mark them yet, since that would be a behavior change.) 5722 5723 * API/JSCallbackObject.cpp: 5724 (JSC::JSCallbackObjectData::finalize): 5725 * API/JSCallbackObjectFunctions.h: 5726 (JSC::::init): Updated to use the new WeakHeap API. 5727 5728 * CMakeLists.txt: 5729 * GNUmakefile.list.am: 5730 * JavaScriptCore.gypi: 5731 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 5732 * JavaScriptCore.xcodeproj/project.pbxproj: 5733 * Target.pri: Paid the build system tax since I added some new files. 5734 5735 * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public, 5736 so we can keep passing a Handle<T> to finalizers, to avoid more surface 5737 area change in this patch. A follow-up patch should change the type we 5738 pass to finalizers. 5739 5740 * heap/HandleHeap.cpp: 5741 (JSC): 5742 (JSC::HandleHeap::writeBarrier): 5743 (JSC::HandleHeap::isLiveNode): 5744 * heap/HandleHeap.h: 5745 (JSC): 5746 (HandleHeap): 5747 (Node): 5748 (JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since 5749 we have a separate WeakHeap now. 5750 5751 * heap/Heap.cpp: 5752 (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted 5753 for through our watermark now. Removed m_waterMark because it was unused. 5754 5755 (JSC::Heap::destroy): Updated for addition of WeakHeap. 5756 5757 (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own 5758 variable to participating in the watermark strategy. I wanted to standardize 5759 WeakHeap and all other Heap clients on this strategy, to make sure it's 5760 accurate. 5761 5762 (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap 5763 dead visit pass, as explained above. 5764 5765 (JSC::Heap::collect): 5766 (JSC::Heap::resetAllocators): Updated for addition of WeakHeap. 5767 5768 (JSC::Heap::addFinalizer): 5769 (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API. 5770 5771 * heap/Heap.h: 5772 (JSC::Heap::weakHeap): 5773 (Heap): 5774 (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking 5775 strategy, since this is the best way for WeakHeap to report its memory 5776 cost. (I plan to update this in a follow-up patch to make it more accurate, 5777 but for now it is not less accurate than it used to be.) 5778 5779 * heap/MarkedSpace.cpp: 5780 (JSC::MarkedSpace::MarkedSpace): 5781 (JSC::MarkedSpace::resetAllocators): 5782 * heap/MarkedSpace.h: 5783 (MarkedSpace): 5784 (JSC::MarkedSpace::addToWaterMark): 5785 (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because 5786 it was unused, and I didn't want to update WeakHeap to keep an usused 5787 variable working. Added API for above. 5788 5789 * heap/PassWeak.h: 5790 (JSC): 5791 (WeakImplAccessor): 5792 (PassWeak): 5793 (JSC::::operator): 5794 (JSC::::get): 5795 (JSC::::was): 5796 (JSC::::PassWeak): 5797 (JSC::::~PassWeak): 5798 (JSC::UnspecifiedBoolType): 5799 (JSC::::leakImpl): 5800 (JSC::adoptWeak): 5801 * heap/Strong.h: 5802 (JSC::Strong::operator!): 5803 (Strong): 5804 (JSC::Strong::operator UnspecifiedBoolType*): 5805 (JSC::Strong::get): 5806 * heap/Weak.h: 5807 (Weak): 5808 (JSC::::Weak): 5809 (JSC): 5810 (JSC::::isHashTableDeletedValue): 5811 (JSC::::~Weak): 5812 (JSC::::swap): 5813 (JSC::=): 5814 (JSC::::operator): 5815 (JSC::UnspecifiedBoolType): 5816 (JSC::::release): 5817 (JSC::::clear): 5818 (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil 5819 down to two things: 5820 5821 (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap. 5822 5823 (*) Explicitly check WeakImpl::state() for non-liveness before returning 5824 a value (explained above). 5825 5826 These files implement the new Weak<T> heap behavior described above: 5827 5828 * heap/WeakBlock.cpp: Added. 5829 * heap/WeakBlock.h: Added. 5830 * heap/WeakHandleOwner.cpp: Added. 5831 * heap/WeakHandleOwner.h: Added. 5832 * heap/WeakHeap.cpp: Added. 5833 * heap/WeakHeap.h: Added. 5834 * heap/WeakImpl.h: Added. 5835 5836 One interesting difference from the old heap is that we don't allow 5837 clients to overwrite a WeakImpl after allocating it, and we don't recycle 5838 WeakImpls prior to garbage collection. This is required for lazy finalization, 5839 but it will also help us esablish a useful invariant in the future: allocating 5840 a WeakImpl will be a binding contract to run a finalizer at some point in the 5841 future, even if the WeakImpl is later deallocated. 5842 5843 * jit/JITStubs.cpp: 5844 (JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of 5845 its JSValue, since that's our API contract now, and the JSValue might 5846 be stale. 5847 5848 * runtime/JSCell.h: 5849 (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless. 5850 5851 * runtime/Structure.cpp: 5852 (JSC::StructureTransitionTable::add): I can't remember why I did this. 5853 5854 * runtime/StructureTransitionTable.h: 5855 * runtime/WeakGCMap.h: I had to update these classes because they allocate 5856 and deallocate weak pointers manually. They should probably stop doing that. 5857 58582012-04-03 Keishi Hattori <keishi@webkit.org> 5859 5860 Disable ENABLE_DATALIST for now 5861 https://bugs.webkit.org/show_bug.cgi?id=82871 5862 5863 Reviewed by Kent Tamura. 5864 5865 * Configurations/FeatureDefines.xcconfig: Disabled ENABLE_DATALIST. 5866 58672012-04-02 Filip Pizlo <fpizlo@apple.com> 5868 5869 jsr/sret should be removed 5870 https://bugs.webkit.org/show_bug.cgi?id=82986 5871 <rdar://problem/11017015> 5872 5873 Reviewed by Sam Weinig and Geoff Garen. 5874 5875 Replaces jsr/sret with finally block inlining. 5876 5877 * bytecode/CodeBlock.cpp: 5878 (JSC::CodeBlock::dump): 5879 * bytecode/Opcode.h: 5880 (JSC): 5881 (JSC::padOpcodeName): 5882 * bytecompiler/BytecodeGenerator.cpp: 5883 (JSC::BytecodeGenerator::pushFinallyContext): 5884 (JSC::BytecodeGenerator::emitComplexJumpScopes): 5885 (JSC): 5886 * bytecompiler/BytecodeGenerator.h: 5887 (FinallyContext): 5888 (BytecodeGenerator): 5889 * bytecompiler/NodesCodegen.cpp: 5890 (JSC::TryNode::emitBytecode): 5891 * interpreter/Interpreter.cpp: 5892 (JSC::Interpreter::privateExecute): 5893 * jit/JIT.cpp: 5894 (JSC::JIT::privateCompileMainPass): 5895 (JSC::JIT::privateCompile): 5896 * jit/JIT.h: 5897 (JIT): 5898 * jit/JITOpcodes.cpp: 5899 (JSC): 5900 * jit/JITOpcodes32_64.cpp: 5901 (JSC): 5902 * llint/LowLevelInterpreter32_64.asm: 5903 * llint/LowLevelInterpreter64.asm: 5904 59052012-04-03 Mark Rowe <mrowe@apple.com> 5906 5907 Make it possible to install the JavaScriptCore test tools. 5908 5909 Part of <rdar://problem/11158607>. 5910 5911 Reviewed by Filip Pizlo. 5912 5913 * JavaScriptCore.xcodeproj/project.pbxproj: Introduce an aggregate target named 5914 Test Tools that builds testapi, minidom and testRegExp. Switch All from depending on 5915 those targets individually to depending on the new aggregate target. 5916 59172012-04-03 Filip Pizlo <fpizlo@apple.com> 5918 5919 Offlineasm ARM backend has a very convoluted way of saying it wants to emit a 5920 three-operand multiply instruction 5921 https://bugs.webkit.org/show_bug.cgi?id=83100 5922 5923 Reviewed by Darin Adler. 5924 5925 Changed the "muli"/"mulp" case to call emitArmV7() since that helper method was 5926 already smart enough to do the Right Thing for multiply. 5927 5928 * offlineasm/armv7.rb: 5929 59302012-04-03 Filip Pizlo <fpizlo@apple.com> 5931 5932 Offlineasm ARM backend uses the wrong mnemonic for multiply 5933 https://bugs.webkit.org/show_bug.cgi?id=83098 5934 <rdar://problem/11168744> 5935 5936 Reviewed by Gavin Barraclough. 5937 5938 Use "mul" instead of "muls" since we're passing three operands, not two. 5939 5940 * offlineasm/armv7.rb: 5941 59422012-04-03 Gavin Barraclough <barraclough@apple.com> 5943 5944 Linux crashes during boot 5945 https://bugs.webkit.org/show_bug.cgi?id=83096 5946 5947 Reviewed by Filip Pizlo. 5948 5949 The bug here is that we add empty JSValues to the sparse map, and then set them 5950 - but a GC may occur before doing so (due to a call to reportExtraMemory cost). 5951 We may want to consider making it safe to mark empty JSValues, but the simple & 5952 contained fix to this specific bug is to just initialize these values to 5953 something other than JSValue(). 5954 5955 * runtime/JSArray.cpp: 5956 (JSC::SparseArrayValueMap::add): 5957 - Initialize sparse map entries. 5958 59592012-04-02 Oliver Hunt <oliver@apple.com> 5960 5961 Incorrect liveness information when inlining 5962 https://bugs.webkit.org/show_bug.cgi?id=82985 5963 5964 Reviewed by Filip Pizlo. 5965 5966 Don't remap register numbers that have already been remapped. 5967 5968 * dfg/DFGByteCodeParser.cpp: 5969 (JSC::DFG::ByteCodeParser::handleInlining): 5970 59712012-04-02 Filip Pizlo <fpizlo@apple.com> 5972 5973 Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we 5974 try to create an arguments object from the activation 5975 https://bugs.webkit.org/show_bug.cgi?id=82947 5976 <rdar://problem/11058598> 5977 5978 Reviewed by Gavin Barraclough. 5979 5980 We now copy the entire call frame header just to be sure. This is mostly perf-netural, 5981 except for a 3.7% slow-down in V8/earley. 5982 5983 * runtime/JSActivation.cpp: 5984 (JSC::JSActivation::visitChildren): 5985 * runtime/JSActivation.h: 5986 (JSC::JSActivation::tearOff): 5987 59882012-04-02 Daniel Bates <dbates@webkit.org> 5989 5990 Remove Source/JavaScriptCore/wtf and its empty subdirectories 5991 5992 Rubber-stamped by Eric Seidel. 5993 5994 Following the move of WTF from Source/JavaScriptCore/wtf to Source/WTF 5995 (https://bugs.webkit.org/show_bug.cgi?id=75673), remove directory 5996 Source/JavaScriptCore/wtf and its empty subdirectories. 5997 5998 * wtf: Removed. 5999 * wtf/android: Removed. 6000 * wtf/blackberry: Removed. 6001 * wtf/chromium: Removed. 6002 * wtf/dtoa: Removed. 6003 * wtf/efl: Removed. 6004 * wtf/gobject: Removed. 6005 * wtf/gtk: Removed. 6006 * wtf/mac: Removed. 6007 * wtf/qt: Removed. 6008 * wtf/qt/compat: Removed. 6009 * wtf/tests: Removed. 6010 * wtf/text: Removed. 6011 * wtf/threads: Removed. 6012 * wtf/threads/win: Removed. 6013 * wtf/unicode: Removed. 6014 * wtf/unicode/glib: Removed. 6015 * wtf/unicode/icu: Removed. 6016 * wtf/unicode/qt4: Removed. 6017 * wtf/unicode/wince: Removed. 6018 * wtf/url: Removed. 6019 * wtf/url/api: Removed. 6020 * wtf/url/src: Removed. 6021 * wtf/win: Removed. 6022 * wtf/wince: Removed. 6023 * wtf/wx: Removed. 6024 60252012-04-02 Carlos Garcia Campos <cgarcia@igalia.com> 6026 6027 Unreviewed. Fix make distcheck issues. 6028 6029 * GNUmakefile.list.am: Add missing file. 6030 60312012-04-01 Darin Adler <darin@apple.com> 6032 6033 Fix incorrect path for libWTF.a in Mac project file. 6034 6035 * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that 6036 would cause other configurations to try to link with the "Release" version of 6037 libWTF.a instead of the correct version. 6038 60392012-03-29 Filip Pizlo <fpizlo@apple.com> 6040 6041 DFG should optimize a==b for a being an object and b being either an object or 6042 null/undefined, and vice versa 6043 https://bugs.webkit.org/show_bug.cgi?id=82656 6044 6045 Reviewed by Oliver Hunt. 6046 6047 Implements additional object equality optimizations for the case that one 6048 operand is predicted to be an easily speculated object (like FinalObject or 6049 Array) and the other is either an easily speculated object or Other, i.e. 6050 Null or Undefined. 6051 6052 2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8. 6053 6054 I also took the opportunity to clean up the control flow for the speculation 6055 decisions in the various Compare opcodes. And to fix a build bug in SamplingTool. 6056 And to remove debug cruft I stupidly committed in my last patch. 6057 6058 * bytecode/SamplingTool.h: 6059 (SamplingRegion): 6060 * dfg/DFGAbstractState.cpp: 6061 (JSC::DFG::AbstractState::execute): 6062 * dfg/DFGOperations.cpp: 6063 * dfg/DFGSpeculativeJIT.cpp: 6064 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 6065 (JSC::DFG::SpeculativeJIT::compare): 6066 * dfg/DFGSpeculativeJIT.h: 6067 (SpeculativeJIT): 6068 * dfg/DFGSpeculativeJIT32_64.cpp: 6069 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 6070 (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): 6071 (DFG): 6072 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): 6073 * dfg/DFGSpeculativeJIT64.cpp: 6074 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 6075 (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): 6076 (DFG): 6077 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): 6078 60792012-03-30 David Barr <davidbarr@chromium.org> 6080 6081 Split up top-level .gitignore and .gitattributes 6082 https://bugs.webkit.org/show_bug.cgi?id=82687 6083 6084 Reviewed by Tor Arne Vestbø. 6085 6086 * JavaScriptCore.gyp/.gitignore: Added. 6087 60882012-03-30 Steve Falkenburg <sfalken@apple.com> 6089 6090 Windows (make based) build fix. 6091 6092 * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them. 6093 60942012-03-30 Keishi Hattori <keishi@webkit.org> 6095 6096 Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium 6097 https://bugs.webkit.org/show_bug.cgi?id=80972 6098 6099 Reviewed by Kent Tamura. 6100 6101 * Configurations/FeatureDefines.xcconfig: 6102 61032012-03-29 Mark Hahnenberg <mhahnenberg@apple.com> 6104 6105 Refactor recompileAllJSFunctions() to be less expensive 6106 https://bugs.webkit.org/show_bug.cgi?id=80330 6107 6108 Reviewed by Filip Pizlo. 6109 6110 This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 6111 load performance, which currently does at least a couple full GCs per navigation. 6112 6113 * heap/Heap.cpp: 6114 (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 6115 because the function doesn't actually recompile anything (and never did); it simply throws code 6116 away for it to be recompiled later if we determine we should do so. 6117 (JSC): 6118 (JSC::Heap::collectAllGarbage): 6119 (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list. 6120 (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list. 6121 * heap/Heap.h: 6122 (JSC): 6123 (Heap): 6124 * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 6125 be used in DoublyLinkedLists. 6126 (JSC::FunctionExecutable::FunctionExecutable): 6127 (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list. 6128 * runtime/Executable.h: 6129 (FunctionExecutable): 6130 (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list. 6131 * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 6132 the list of FunctionExecutables. 6133 * runtime/JSGlobalData.h: 6134 (JSGlobalData): 6135 * runtime/JSGlobalObject.cpp: 6136 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode. 6137 61382012-03-29 Filip Pizlo <fpizlo@apple.com> 6139 6140 Unreviewed build fix for non-x86 platforms. 6141 6142 * dfg/DFGSpeculativeJIT.cpp: 6143 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 6144 * dfg/DFGSpeculativeJIT.h: 6145 (JSC::DFG::SpeculativeJIT::callOperation): 6146 * jit/JITArithmetic32_64.cpp: 6147 (JSC::JIT::emitSlow_op_mod): 6148 61492012-03-29 Gavin Barraclough <barraclough@apple.com> 6150 6151 Windows build fix p2. 6152 6153 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 6154 61552012-03-29 Gavin Barraclough <barraclough@apple.com> 6156 6157 Windows build fix p1. 6158 6159 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 6160 61612012-03-29 Gavin Barraclough <barraclough@apple.com> 6162 6163 Template the Yarr::Interpreter on the character type 6164 https://bugs.webkit.org/show_bug.cgi?id=82637 6165 6166 Reviewed by Sam Weinig. 6167 6168 We should be able to call to the interpreter after having already checked the character type, 6169 without having to re-package the character pointer back up into a string! 6170 6171 * runtime/RegExp.cpp: 6172 (JSC::RegExp::match): 6173 (JSC::RegExp::matchCompareWithInterpreter): 6174 - Don't pass length. 6175 * yarr/Yarr.h: 6176 - moved function declarations to YarrInterpreter.h. 6177 * yarr/YarrInterpreter.cpp: 6178 (Yarr): 6179 (Interpreter): 6180 (JSC::Yarr::Interpreter::InputStream::InputStream): 6181 (InputStream): 6182 (JSC::Yarr::Interpreter::Interpreter): 6183 (JSC::Yarr::interpret): 6184 - templated Interpreter class on CharType. 6185 * yarr/YarrInterpreter.h: 6186 (Yarr): 6187 - added function declarations. 6188 61892012-03-29 David Kilzer <ddkilzer@apple.com> 6190 6191 Don't use a flattened framework path when building on OS X 6192 6193 Reviewed by Mark Rowe. 6194 6195 * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME 6196 to select different INSTALL_PATH values. 6197 61982012-03-29 Kevin Ollivier <kevino@theolliviers.com> 6199 6200 [wx] Unreviewed build fix, add Win-specific sources 6201 the wx port needs after WTF move. 6202 6203 * wscript: 6204 62052012-03-29 Andy Estes <aestes@apple.com> 6206 6207 Remove an unused variable that breaks the build with newer versions of clang. 6208 6209 Rubber stamped by Gavin Barraclough. 6210 6211 * yarr/YarrJIT.cpp: 6212 (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): 6213 62142012-03-29 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> 6215 6216 HashMap<>::add should return a more descriptive object 6217 https://bugs.webkit.org/show_bug.cgi?id=71063 6218 6219 Reviewed by Ryosuke Niwa. 6220 6221 Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps 6222 the iterator type, there's a need for its own AddResult type -- instantiated from 6223 HashTableAddResult template class. 6224 6225 * API/JSCallbackObject.h: 6226 (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty): 6227 * API/JSClassRef.cpp: 6228 (OpaqueJSClass::contextData): 6229 * bytecompiler/BytecodeGenerator.cpp: 6230 (JSC::BytecodeGenerator::addVar): 6231 (JSC::BytecodeGenerator::addGlobalVar): 6232 (JSC::BytecodeGenerator::addConstant): 6233 (JSC::BytecodeGenerator::addConstantValue): 6234 (JSC::BytecodeGenerator::emitLoad): 6235 (JSC::BytecodeGenerator::addStringConstant): 6236 (JSC::BytecodeGenerator::emitLazyNewFunction): 6237 * bytecompiler/NodesCodegen.cpp: 6238 (JSC::PropertyListNode::emitBytecode): 6239 * debugger/Debugger.cpp: 6240 * dfg/DFGAssemblyHelpers.cpp: 6241 (JSC::DFG::AssemblyHelpers::decodedCodeMapFor): 6242 * dfg/DFGByteCodeParser.cpp: 6243 (JSC::DFG::ByteCodeParser::cellConstant): 6244 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 6245 * jit/JITStubs.cpp: 6246 (JSC::JITThunks::ctiStub): 6247 (JSC::JITThunks::hostFunctionStub): 6248 * parser/Parser.cpp: 6249 (JSC::::parseStrictObjectLiteral): 6250 * parser/Parser.h: 6251 (JSC::Scope::declareParameter): 6252 * runtime/Identifier.cpp: 6253 (JSC::Identifier::add): 6254 (JSC::Identifier::add8): 6255 (JSC::Identifier::addSlowCase): 6256 * runtime/Identifier.h: 6257 (JSC::Identifier::add): 6258 (JSC::IdentifierTable::add): 6259 * runtime/JSArray.cpp: 6260 (JSC::SparseArrayValueMap::add): 6261 (JSC::SparseArrayValueMap::put): 6262 (JSC::SparseArrayValueMap::putDirect): 6263 (JSC::JSArray::enterDictionaryMode): 6264 (JSC::JSArray::defineOwnNumericProperty): 6265 * runtime/JSArray.h: 6266 (SparseArrayValueMap): 6267 * runtime/PropertyNameArray.cpp: 6268 (JSC::PropertyNameArray::add): 6269 * runtime/StringRecursionChecker.h: 6270 (JSC::StringRecursionChecker::performCheck): 6271 * runtime/Structure.cpp: 6272 (JSC::StructureTransitionTable::add): 6273 * runtime/WeakGCMap.h: 6274 (WeakGCMap): 6275 (JSC::WeakGCMap::add): 6276 (JSC::WeakGCMap::set): 6277 * tools/ProfileTreeNode.h: 6278 (JSC::ProfileTreeNode::sampleChild): 6279 62802012-03-29 Patrick Gansterer <paroga@webkit.org> 6281 6282 Build fix for !ENABLE(YARR_JIT) after r112454. 6283 6284 * runtime/RegExp.cpp: 6285 (JSC::RegExp::invalidateCode): 6286 62872012-03-28 Filip Pizlo <fpizlo@apple.com> 6288 6289 DFG object equality speculations should be simplified 6290 https://bugs.webkit.org/show_bug.cgi?id=82557 6291 6292 Reviewed by Gavin Barraclough. 6293 6294 * dfg/DFGNode.h: 6295 (JSC::DFG::Node::shouldSpeculateFinalObject): 6296 (JSC::DFG::Node::shouldSpeculateArray): 6297 62982012-03-28 David Kilzer <ddkilzer@apple.com> 6299 6300 minidom configurations should be based on ToolExecutable.xcconfig 6301 <http://webkit.org/b/82513> 6302 6303 Reviewed by Mark Rowe. 6304 6305 Note that this patch changes minidom from being installed in 6306 /usr/local/bin to JavaScriptCore.framework/Resources. 6307 6308 * Configurations/ToolExecutable.xcconfig: Add semi-colon. 6309 * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom 6310 configurations on ToolExecutable.xcconfig. Remove redundant 6311 PRODUCT_NAME and SKIP_INSTALL variables. 6312 63132012-03-28 Gavin Barraclough <barraclough@apple.com> 6314 6315 Build fix - some compiles generating NORETURN related warnings. 6316 6317 * yarr/YarrJIT.cpp: 6318 (JSC::Yarr::YarrGenerator::setSubpatternStart): 6319 (JSC::Yarr::YarrGenerator::setSubpatternEnd): 6320 (JSC::Yarr::YarrGenerator::clearSubpatternStart): 6321 63222012-03-28 Kevin Ollivier <kevino@theolliviers.com> 6323 6324 [wx] Unreviewed. Build fix, move WTF back into JSCore target 6325 until issues with JSCore not linking in all WTF symbols are resolved. 6326 6327 * wscript: 6328 63292012-03-28 Gavin Barraclough <barraclough@apple.com> 6330 6331 Yarr: if we're not using the output array, don't populate it! 6332 https://bugs.webkit.org/show_bug.cgi?id=82519 6333 6334 Reviewed by Sam Weinig. 6335 6336 * runtime/RegExp.cpp: 6337 (JSC): 6338 - Missed review comment! - didn't fully remove RegExpRepresentation. 6339 63402012-03-28 Gavin Barraclough <barraclough@apple.com> 6341 6342 Yarr: if we're not using the output array, don't populate it! 6343 https://bugs.webkit.org/show_bug.cgi?id=82519 6344 6345 Reviewed by Sam Weinig. 6346 6347 Add a new variant of the match method to RegExp that returns a MatchResult, 6348 and modify YarrJIT to be able to compile code that doesn't use an output vector. 6349 6350 This is a 3% progression on v8-regexp. 6351 6352 * JavaScriptCore.xcodeproj/project.pbxproj: 6353 - Moved MatchResult into its own header. 6354 * assembler/AbstractMacroAssembler.h: 6355 - Added missing include. 6356 * runtime/MatchResult.h: Added. 6357 (MatchResult::MatchResult): 6358 (MatchResult): 6359 (MatchResult::failed): 6360 (MatchResult::operator bool): 6361 (MatchResult::empty): 6362 - Moved MatchResult into its own header. 6363 * runtime/RegExp.cpp: 6364 (JSC::RegExp::compile): 6365 (JSC::RegExp::compileIfNecessary): 6366 (JSC::RegExp::match): 6367 - Changed due to execute & representation changes. 6368 (JSC::RegExp::compileMatchOnly): 6369 (JSC::RegExp::compileIfNecessaryMatchOnly): 6370 - Added helper to compile MatchOnly code. 6371 (JSC::RegExp::invalidateCode): 6372 (JSC::RegExp::matchCompareWithInterpreter): 6373 (JSC::RegExp::printTraceData): 6374 - Changed due representation changes. 6375 * runtime/RegExp.h: 6376 (RegExp): 6377 (JSC::RegExp::hasCode): 6378 - Made YarrCodeBlock a member. 6379 * runtime/RegExpConstructor.h: 6380 (RegExpConstructor): 6381 (JSC::RegExpConstructor::performMatch): 6382 - Added no-ovector form. 6383 * runtime/RegExpMatchesArray.cpp: 6384 (JSC::RegExpMatchesArray::reifyAllProperties): 6385 - Match now takes a reference to ovector, not a pointer. 6386 * runtime/RegExpObject.h: 6387 (JSC): 6388 - Moved MatchResult into its own header. 6389 * runtime/StringPrototype.cpp: 6390 (JSC::stringProtoFuncSplit): 6391 - Match now takes a reference to ovector, not a pointer. 6392 * testRegExp.cpp: 6393 (testOneRegExp): 6394 - Match now takes a reference to ovector, not a pointer. 6395 * yarr/YarrJIT.cpp: 6396 (Yarr): 6397 (YarrGenerator): 6398 (JSC::Yarr::YarrGenerator::initCallFrame): 6399 (JSC::Yarr::YarrGenerator::removeCallFrame): 6400 (JSC::Yarr::YarrGenerator::setSubpatternStart): 6401 (JSC::Yarr::YarrGenerator::setSubpatternEnd): 6402 (JSC::Yarr::YarrGenerator::clearSubpatternStart): 6403 (JSC::Yarr::YarrGenerator::setMatchStart): 6404 (JSC::Yarr::YarrGenerator::getMatchStart): 6405 - Added helper functions to intermediate access to output. 6406 (JSC::Yarr::YarrGenerator::generateDotStarEnclosure): 6407 (JSC::Yarr::YarrGenerator::generate): 6408 (JSC::Yarr::YarrGenerator::backtrack): 6409 (JSC::Yarr::YarrGenerator::generateEnter): 6410 (JSC::Yarr::YarrGenerator::compile): 6411 - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns. 6412 (JSC::Yarr::jitCompile): 6413 - Needs to template of MatchOnly or IncludeSubpatterns. 6414 * yarr/YarrJIT.h: 6415 (YarrCodeBlock): 6416 (JSC::Yarr::YarrCodeBlock::set8BitCode): 6417 (JSC::Yarr::YarrCodeBlock::set16BitCode): 6418 (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly): 6419 (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly): 6420 (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly): 6421 (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly): 6422 (JSC::Yarr::YarrCodeBlock::execute): 6423 (JSC::Yarr::YarrCodeBlock::clear): 6424 - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching. 6425 64262012-03-27 Filip Pizlo <fpizlo@apple.com> 6427 6428 DFG OSR exit should not generate an exit for variables of inlinees if the 6429 inlinees are not in scope 6430 https://bugs.webkit.org/show_bug.cgi?id=82312 6431 6432 Reviewed by Oliver Hunt. 6433 6434 * bytecode/CodeBlock.h: 6435 (JSC::baselineCodeBlockForInlineCallFrame): 6436 (JSC): 6437 (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): 6438 * dfg/DFGOSRExit.cpp: 6439 (JSC::DFG::computeNumVariablesForCodeOrigin): 6440 (DFG): 6441 (JSC::DFG::OSRExit::OSRExit): 6442 64432012-03-27 Matt Lilek <mrl@apple.com> 6444 6445 Stop compiling Interpreter.cpp with -fno-var-tracking 6446 https://bugs.webkit.org/show_bug.cgi?id=82299 6447 6448 Reviewed by Anders Carlsson. 6449 6450 * JavaScriptCore.xcodeproj/project.pbxproj: 6451 64522012-03-27 Pratik Solanki <psolanki@apple.com> 6453 6454 Compiler warning when JIT is not enabled 6455 https://bugs.webkit.org/show_bug.cgi?id=82352 6456 6457 Reviewed by Filip Pizlo. 6458 6459 * runtime/JSFunction.cpp: 6460 (JSC::JSFunction::create): 6461 64622012-03-26 Thouraya ANDOLSI <thouraya.andolsi@st.com> 6463 6464 Unaligned userspace access for SH4 platforms 6465 https://bugs.webkit.org/show_bug.cgi?id=79104 6466 6467 Reviewed by Gavin Barraclough. 6468 6469 * assembler/AbstractMacroAssembler.h: 6470 (Jump): 6471 (JSC::AbstractMacroAssembler::Jump::Jump): 6472 (JSC::AbstractMacroAssembler::Jump::link): 6473 * assembler/MacroAssemblerSH4.h: 6474 (JSC::MacroAssemblerSH4::load16Unaligned): 6475 (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords): 6476 (JSC::MacroAssemblerSH4::branchDouble): 6477 (JSC::MacroAssemblerSH4::branchTrue): 6478 (JSC::MacroAssemblerSH4::branchFalse): 6479 * assembler/SH4Assembler.h: 6480 (JSC::SH4Assembler::extraInstrForBranch): 6481 (SH4Assembler): 6482 (JSC::SH4Assembler::bra): 6483 (JSC::SH4Assembler::linkJump): 6484 * jit/JIT.h: 6485 (JIT): 6486 * yarr/YarrJIT.cpp: 6487 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 6488 64892012-03-26 Ryosuke Niwa <rniwa@webkit.org> 6490 6491 cssText should use shorthand notations 6492 https://bugs.webkit.org/show_bug.cgi?id=81737 6493 6494 Reviewed by Enrica Casucci. 6495 6496 Export symbols of BitVector on Windows. 6497 6498 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 6499 65002012-03-26 Filip Pizlo <fpizlo@apple.com> 6501 6502 DFG should assert that argument value recoveries can only be 6503 AlreadyInRegisterFile or Constant 6504 https://bugs.webkit.org/show_bug.cgi?id=82249 6505 6506 Reviewed by Michael Saboff. 6507 6508 Made the assertions that the DFG makes for argument value recoveries match 6509 what Arguments expects. 6510 6511 * bytecode/ValueRecovery.h: 6512 (JSC::ValueRecovery::isConstant): 6513 (ValueRecovery): 6514 (JSC::ValueRecovery::isAlreadyInRegisterFile): 6515 * dfg/DFGSpeculativeJIT.cpp: 6516 (JSC::DFG::SpeculativeJIT::compile): 6517 65182012-03-26 Dan Bernstein <mitz@apple.com> 6519 6520 Tried to fix the Windows build. 6521 6522 * yarr/YarrPattern.cpp: 6523 (JSC::Yarr::CharacterClassConstructor::putRange): 6524 65252012-03-26 Gavin Barraclough <barraclough@apple.com> 6526 6527 Unreviewed - speculative Windows build fix. 6528 6529 * yarr/YarrCanonicalizeUCS2.h: 6530 (JSC::Yarr::getCanonicalPair): 6531 65322012-03-26 Dan Bernstein <mitz@apple.com> 6533 6534 Fixed builds with assertions disabled. 6535 6536 * yarr/YarrCanonicalizeUCS2.h: 6537 (JSC::Yarr::areCanonicallyEquivalent): 6538 65392012-03-26 Gavin Barraclough <barraclough@apple.com> 6540 6541 Unreviewed - errk! - accidentally the whole pbxproj. 6542 6543 * JavaScriptCore.xcodeproj/project.pbxproj: 6544 65452012-03-25 Gavin Barraclough <barraclough@apple.com> 6546 6547 Greek sigma is handled wrong in case independent regexp. 6548 https://bugs.webkit.org/show_bug.cgi?id=82063 6549 6550 Reviewed by Oliver Hunt. 6551 6552 The bug here is that we assume that any given codepoint has at most one additional value it 6553 should match under a case insensitive match, and that the pair of codepoints that match (if 6554 a codepoint does not only match itself) can be determined by calling toUpper/toLower on the 6555 given codepoint). Life is not that simple. 6556 6557 Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters 6558 it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular 6559 we can pack this table quite nicely, and get it down to 364 entries. This means we can use a 6560 simple binary search to find an entry in typically eight compares. 6561 6562 * CMakeLists.txt: 6563 * GNUmakefile.list.am: 6564 * JavaScriptCore.gypi: 6565 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 6566 * JavaScriptCore.xcodeproj/project.pbxproj: 6567 * yarr/yarr.pri: 6568 - Added new files to build systems. 6569 * yarr/YarrCanonicalizeUCS2.cpp: Added. 6570 - New - autogenerated, UCS2 canonicalized comparison tables. 6571 * yarr/YarrCanonicalizeUCS2.h: Added. 6572 (JSC::Yarr::rangeInfoFor): 6573 - Look up the canonicalization info for a UCS2 character. 6574 (JSC::Yarr::getCanonicalPair): 6575 - For a UCS2 character with a single equivalent value, look it up. 6576 (JSC::Yarr::isCanonicallyUnique): 6577 - Returns true if no other UCS2 code points are canonically equal. 6578 (JSC::Yarr::areCanonicallyEquivalent): 6579 - Compare two values, under canonicalization rules. 6580 * yarr/YarrCanonicalizeUCS2.js: Added. 6581 - script used to generate YarrCanonicalizeUCS2.cpp. 6582 * yarr/YarrInterpreter.cpp: 6583 (JSC::Yarr::Interpreter::tryConsumeBackReference): 6584 - Use isCanonicallyUnique, rather than Unicode toUpper/toLower. 6585 * yarr/YarrJIT.cpp: 6586 (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals): 6587 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 6588 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): 6589 - Use isCanonicallyUnique, rather than Unicode toUpper/toLower. 6590 * yarr/YarrPattern.cpp: 6591 (JSC::Yarr::CharacterClassConstructor::putChar): 6592 - Updated to determine canonical equivalents correctly. 6593 (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase): 6594 - Added, used to put a non-ascii, non-unique character in a case-insensitive match. 6595 (JSC::Yarr::CharacterClassConstructor::putRange): 6596 - Updated to determine canonical equivalents correctly. 6597 (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter): 6598 - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo. 6599 66002012-03-26 Kevin Ollivier <kevino@theolliviers.com> 6601 6602 [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs, 6603 so we make sure it finds the API headers on all platforms. 6604 6605 * wscript: 6606 66072012-03-26 Patrick Gansterer <paroga@webkit.org> 6608 6609 Build fix for WinCE after r112039. 6610 6611 * interpreter/Register.h: 6612 (Register): Removed inline keyword from decleration since 6613 there is an ALWAYS_INLINE at the definition anyway. 6614 66152012-03-26 Carlos Garcia Campos <cgarcia@igalia.com> 6616 6617 Unreviewed. Fix make distcheck. 6618 6619 * GNUmakefile.list.am: Add missing files. 6620 66212012-03-25 Kevin Ollivier <kevino@theolliviers.com> 6622 6623 [wx] Unreviewed build fix. Move WTF to its own static lib build. 6624 6625 * wscript: 6626 66272012-03-25 Filip Pizlo <fpizlo@apple.com> 6628 6629 DFG int-to-double conversion should be revealed to CSE 6630 https://bugs.webkit.org/show_bug.cgi?id=82135 6631 6632 Reviewed by Oliver Hunt. 6633 6634 This introduces the notion of an Int32ToDouble node, which is injected 6635 into the graph anytime we know that we have a double use of a node that 6636 was predicted integer. The Int32ToDouble simplifies double speculation 6637 on integers by skipping the path that would unbox doubles, if we know 6638 that the value is already proven to be an integer. It allows integer to 6639 double conversions to be subjected to common subexpression elimination 6640 (CSE) by allowing the CSE phase to see where these conversions are 6641 occurring. Finally, it allows us to see when a constant is being used 6642 as both a double and an integer. This is a bit odd, since it means that 6643 sometimes a double use of a constant will not refer directly to the 6644 constant. This should not cause problems, for now, but it may require 6645 some canonizalization in the future if we want to support strength 6646 reductions of double operations based on constants. 6647 6648 To allow injection of nodes into the graph, this change introduces the 6649 DFG::InsertionSet, which is a way of lazily inserting elements into a 6650 list. This allows the FixupPhase to remain O(N) despite performing 6651 multiple injections in a single basic block. Without the InsertionSet, 6652 each injection would require performing an insertion into a vector, 6653 which is O(N), leading to O(N^2) performance overall. With the 6654 InsertionSet, each injection simply records what insertion would have 6655 been performed, and all insertions are performed at once (via 6656 InsertionSet::execute) after processing of a basic block is completed. 6657 6658 * JavaScriptCore.xcodeproj/project.pbxproj: 6659 * bytecode/PredictedType.h: 6660 (JSC::isActionableIntMutableArrayPrediction): 6661 (JSC): 6662 (JSC::isActionableFloatMutableArrayPrediction): 6663 (JSC::isActionableTypedMutableArrayPrediction): 6664 (JSC::isActionableMutableArrayPrediction): 6665 * dfg/DFGAbstractState.cpp: 6666 (JSC::DFG::AbstractState::execute): 6667 * dfg/DFGCSEPhase.cpp: 6668 (JSC::DFG::CSEPhase::performNodeCSE): 6669 * dfg/DFGCommon.h: 6670 (JSC::DFG::useKindToString): 6671 (DFG): 6672 * dfg/DFGFixupPhase.cpp: 6673 (JSC::DFG::FixupPhase::run): 6674 (JSC::DFG::FixupPhase::fixupBlock): 6675 (FixupPhase): 6676 (JSC::DFG::FixupPhase::fixupNode): 6677 (JSC::DFG::FixupPhase::fixDoubleEdge): 6678 * dfg/DFGGraph.cpp: 6679 (JSC::DFG::Graph::dump): 6680 * dfg/DFGInsertionSet.h: Added. 6681 (DFG): 6682 (Insertion): 6683 (JSC::DFG::Insertion::Insertion): 6684 (JSC::DFG::Insertion::index): 6685 (JSC::DFG::Insertion::element): 6686 (InsertionSet): 6687 (JSC::DFG::InsertionSet::InsertionSet): 6688 (JSC::DFG::InsertionSet::append): 6689 (JSC::DFG::InsertionSet::execute): 6690 * dfg/DFGNodeType.h: 6691 (DFG): 6692 * dfg/DFGPredictionPropagationPhase.cpp: 6693 (JSC::DFG::PredictionPropagationPhase::propagate): 6694 * dfg/DFGSpeculativeJIT.cpp: 6695 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 6696 (JSC::DFG::SpeculativeJIT::compileValueToInt32): 6697 (JSC::DFG::SpeculativeJIT::compileInt32ToDouble): 6698 (DFG): 6699 * dfg/DFGSpeculativeJIT.h: 6700 (SpeculativeJIT): 6701 (JSC::DFG::IntegerOperand::IntegerOperand): 6702 (JSC::DFG::DoubleOperand::DoubleOperand): 6703 (JSC::DFG::JSValueOperand::JSValueOperand): 6704 (JSC::DFG::StorageOperand::StorageOperand): 6705 (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): 6706 (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): 6707 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): 6708 (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): 6709 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): 6710 * dfg/DFGSpeculativeJIT32_64.cpp: 6711 (JSC::DFG::SpeculativeJIT::compile): 6712 * dfg/DFGSpeculativeJIT64.cpp: 6713 (JSC::DFG::SpeculativeJIT::compile): 6714 67152012-03-25 Filip Pizlo <fpizlo@apple.com> 6716 6717 DFGOperands should be moved out of the DFG and into bytecode 6718 https://bugs.webkit.org/show_bug.cgi?id=82151 6719 6720 Reviewed by Dan Bernstein. 6721 6722 * GNUmakefile.list.am: 6723 * JavaScriptCore.xcodeproj/project.pbxproj: 6724 * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h. 6725 * dfg/DFGBasicBlock.h: 6726 * dfg/DFGNode.h: 6727 * dfg/DFGOSREntry.h: 6728 * dfg/DFGOSRExit.h: 6729 * dfg/DFGOperands.h: Removed. 6730 * dfg/DFGVariableAccessData.h: 6731 67322012-03-24 Filip Pizlo <fpizlo@apple.com> 6733 6734 DFG 64-bit Branch implementation should not be creating a JSValueOperand that 6735 it isn't going to use 6736 https://bugs.webkit.org/show_bug.cgi?id=82136 6737 6738 Reviewed by Geoff Garen. 6739 6740 * dfg/DFGSpeculativeJIT64.cpp: 6741 (JSC::DFG::SpeculativeJIT::emitBranch): 6742 67432012-03-24 Kevin Ollivier <kevino@theolliviers.com> 6744 6745 [wx] Unreviewed. Fix the build after WTF move. 6746 6747 * wscript: 6748 67492012-03-23 Filip Pizlo <fpizlo@apple.com> 6750 6751 DFG double voting may be overzealous in the case of variables that end up 6752 being used as integers 6753 https://bugs.webkit.org/show_bug.cgi?id=82008 6754 6755 Reviewed by Oliver Hunt. 6756 6757 Cleaned up propagation, making the intent more explicit in most places. 6758 Back-propagate NodeUsedAsInt for cases where a node was used in a context 6759 that is known to strongly prefer integers. 6760 6761 * dfg/DFGByteCodeParser.cpp: 6762 (JSC::DFG::ByteCodeParser::handleCall): 6763 (JSC::DFG::ByteCodeParser::parseBlock): 6764 * dfg/DFGGraph.cpp: 6765 (JSC::DFG::Graph::dumpCodeOrigin): 6766 (JSC::DFG::Graph::dump): 6767 * dfg/DFGGraph.h: 6768 (Graph): 6769 * dfg/DFGNodeFlags.cpp: 6770 (JSC::DFG::nodeFlagsAsString): 6771 * dfg/DFGNodeFlags.h: 6772 (DFG): 6773 * dfg/DFGPredictionPropagationPhase.cpp: 6774 (JSC::DFG::PredictionPropagationPhase::run): 6775 (JSC::DFG::PredictionPropagationPhase::propagate): 6776 (PredictionPropagationPhase): 6777 (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags): 6778 (JSC::DFG::PredictionPropagationPhase::vote): 6779 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): 6780 (JSC::DFG::PredictionPropagationPhase::fixupNode): 6781 * dfg/DFGVariableAccessData.h: 6782 (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): 6783 67842012-03-24 Filip Pizlo <fpizlo@apple.com> 6785 6786 DFG::Node::shouldNotSpeculateInteger() should be eliminated 6787 https://bugs.webkit.org/show_bug.cgi?id=82123 6788 6789 Reviewed by Geoff Garen. 6790 6791 * dfg/DFGAbstractState.cpp: 6792 (JSC::DFG::AbstractState::execute): 6793 * dfg/DFGNode.h: 6794 (Node): 6795 * dfg/DFGSpeculativeJIT.cpp: 6796 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 6797 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 6798 67992012-03-24 Yong Li <yoli@rim.com> 6800 6801 Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL) 6802 https://bugs.webkit.org/show_bug.cgi?id=81521 6803 6804 Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace 6805 for CPU(ARM_TRADITIONAL) to fit actual need. 6806 6807 Reviewed by Oliver Hunt. 6808 6809 * jit/JIT.h: 6810 (JIT): 6811 68122012-03-23 Filip Pizlo <fpizlo@apple.com> 6813 6814 DFG Fixup should be able to short-circuit trivial ValueToInt32's 6815 https://bugs.webkit.org/show_bug.cgi?id=82030 6816 6817 Reviewed by Michael Saboff. 6818 6819 Takes the fixup() method of the prediction propagation phase and makes it 6820 into its own phase. Adds the ability to short-circuit trivial ValueToInt32 6821 nodes, and mark pure ValueToInt32's as such. 6822 6823 * CMakeLists.txt: 6824 * GNUmakefile.list.am: 6825 * JavaScriptCore.xcodeproj/project.pbxproj: 6826 * Target.pri: 6827 * dfg/DFGByteCodeParser.cpp: 6828 (JSC::DFG::ByteCodeParser::makeSafe): 6829 (JSC::DFG::ByteCodeParser::handleCall): 6830 (JSC::DFG::ByteCodeParser::parseBlock): 6831 * dfg/DFGCommon.h: 6832 * dfg/DFGDriver.cpp: 6833 (JSC::DFG::compile): 6834 * dfg/DFGFixupPhase.cpp: Added. 6835 (DFG): 6836 (FixupPhase): 6837 (JSC::DFG::FixupPhase::FixupPhase): 6838 (JSC::DFG::FixupPhase::run): 6839 (JSC::DFG::FixupPhase::fixupNode): 6840 (JSC::DFG::FixupPhase::fixIntEdge): 6841 (JSC::DFG::performFixup): 6842 * dfg/DFGFixupPhase.h: Added. 6843 (DFG): 6844 * dfg/DFGPredictionPropagationPhase.cpp: 6845 (JSC::DFG::PredictionPropagationPhase::run): 6846 (PredictionPropagationPhase): 6847 68482012-03-23 Mark Hahnenberg <mhahnenberg@apple.com> 6849 6850 tryReallocate could break the zero-ed memory invariant of CopiedBlocks 6851 https://bugs.webkit.org/show_bug.cgi?id=82087 6852 6853 Reviewed by Filip Pizlo. 6854 6855 Removing this optimization turned out to be ~1% regression on kraken, so I simply 6856 undid the modification to the current block if we fail. 6857 6858 * heap/CopiedSpace.cpp: 6859 (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 6860 to reallocate from the current block. 6861 68622012-03-23 Alexey Proskuryakov <ap@apple.com> 6863 6864 [Mac] No need for platform-specific ENABLE_BLOB values 6865 https://bugs.webkit.org/show_bug.cgi?id=82102 6866 6867 Reviewed by David Kilzer. 6868 6869 * Configurations/FeatureDefines.xcconfig: 6870 68712012-03-23 Michael Saboff <msaboff@apple.com> 6872 6873 DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR 6874 https://bugs.webkit.org/show_bug.cgi?id=81805 6875 6876 Reviewed by Filip Pizlo. 6877 6878 Added SpeculativeJIT::checkGeneratedType() to determine the current format 6879 of an operand. Used that information in SpeculativeJIT::compileValueToInt32 6880 to generate code that will use integer and JSValue types in integer 6881 format directly without a conversion to double. 6882 6883 * JavaScriptCore.xcodeproj/project.pbxproj: 6884 * dfg/DFGSpeculativeJIT.cpp: 6885 (JSC::DFG::SpeculativeJIT::checkGeneratedType): 6886 (DFG): 6887 (JSC::DFG::SpeculativeJIT::compileValueToInt32): 6888 * dfg/DFGSpeculativeJIT.h: 6889 (DFG): 6890 (SpeculativeJIT): 6891 68922012-03-23 Steve Falkenburg <sfalken@apple.com> 6893 6894 Update Apple Windows build files for WTF move 6895 https://bugs.webkit.org/show_bug.cgi?id=82069 6896 6897 Reviewed by Jessie Berlin. 6898 6899 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated. 6900 69012012-03-23 Dean Jackson <dino@apple.com> 6902 6903 Disable CSS_SHADERS in Apple builds 6904 https://bugs.webkit.org/show_bug.cgi?id=81996 6905 6906 Reviewed by Simon Fraser. 6907 6908 Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h. 6909 6910 * Configurations/FeatureDefines.xcconfig: 6911 69122012-03-23 Gavin Barraclough <barraclough@apple.com> 6913 6914 RexExp constructor last match properties should not rely on previous ovector 6915 https://bugs.webkit.org/show_bug.cgi?id=82077 6916 6917 Reviewed by Oliver Hunt. 6918 6919 This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future. 6920 6921 This patch changes the scheme used to lazily generate the last match properties of the RegExp object. 6922 Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using 6923 a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match 6924 location (the MatchResult). When the match is accessed or the input is set, we reify results. We use 6925 a special value of setting the saved result to MatchResult::failed() to indicated that we're in a 6926 reified state. This means that next time a match is performed, the store of the result will 6927 automatically blow away the reified value. 6928 6929 * JavaScriptCore.xcodeproj/project.pbxproj: 6930 - Added new files. 6931 * runtime/RegExp.cpp: 6932 (JSC::RegExpFunctionalTestCollector::outputOneTest): 6933 - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common). 6934 * runtime/RegExpCachedResult.cpp: Added. 6935 (JSC::RegExpCachedResult::visitChildren): 6936 (JSC::RegExpCachedResult::lastResult): 6937 (JSC::RegExpCachedResult::setInput): 6938 - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt). 6939 * runtime/RegExpCachedResult.h: Added. 6940 (RegExpCachedResult): 6941 - Added new class. 6942 (JSC::RegExpCachedResult::RegExpCachedResult): 6943 (JSC::RegExpCachedResult::record): 6944 (JSC::RegExpCachedResult::input): 6945 - Initialize the object, record the result of a RegExp match, access the stored input property. 6946 * runtime/RegExpConstructor.cpp: 6947 (JSC::RegExpConstructor::RegExpConstructor): 6948 - Initialize m_result/m_multiline properties. 6949 (JSC::RegExpConstructor::visitChildren): 6950 - Make sure the cached results (or lazy source for them) are marked. 6951 (JSC::RegExpConstructor::getBackref): 6952 (JSC::RegExpConstructor::getLastParen): 6953 (JSC::RegExpConstructor::getLeftContext): 6954 (JSC::RegExpConstructor::getRightContext): 6955 - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme. 6956 (JSC::regExpConstructorInput): 6957 (JSC::setRegExpConstructorInput): 6958 - Changed to use RegExpCachedResult. 6959 * runtime/RegExpConstructor.h: 6960 (JSC::RegExpConstructor::create): 6961 (RegExpConstructor): 6962 (JSC::RegExpConstructor::setMultiline): 6963 (JSC::RegExpConstructor::multiline): 6964 - Move multiline property onto the constructor object; it is not affected by the last match. 6965 (JSC::RegExpConstructor::setInput): 6966 (JSC::RegExpConstructor::input): 6967 - These defer to RegExpCachedResult. 6968 (JSC::RegExpConstructor::performMatch): 6969 * runtime/RegExpMatchesArray.cpp: Added. 6970 (JSC::RegExpMatchesArray::visitChildren): 6971 - Eeeep! added missing visitChildren! 6972 (JSC::RegExpMatchesArray::finishCreation): 6973 (JSC::RegExpMatchesArray::reifyAllProperties): 6974 (JSC::RegExpMatchesArray::reifyMatchProperty): 6975 - Moved from RegExpConstructor.cpp. 6976 (JSC::RegExpMatchesArray::leftContext): 6977 (JSC::RegExpMatchesArray::rightContext): 6978 - Since the match start/ 6979 * runtime/RegExpMatchesArray.h: 6980 (RegExpMatchesArray): 6981 - Declare new methods & structure flags. 6982 * runtime/RegExpObject.cpp: 6983 (JSC::RegExpObject::match): 6984 - performMatch now requires the JSString input, to cache. 6985 * runtime/StringPrototype.cpp: 6986 (JSC::removeUsingRegExpSearch): 6987 (JSC::replaceUsingRegExpSearch): 6988 (JSC::stringProtoFuncMatch): 6989 (JSC::stringProtoFuncSearch): 6990 - performMatch now requires the JSString input, to cache. 6991 69922012-03-23 Tony Chang <tony@chromium.org> 6993 6994 [chromium] rename newwtf target back to wtf 6995 https://bugs.webkit.org/show_bug.cgi?id=82064 6996 6997 Reviewed by Adam Barth. 6998 6999 * JavaScriptCore.gyp/JavaScriptCore.gyp: 7000 70012012-03-23 Mark Hahnenberg <mhahnenberg@apple.com> 7002 7003 Simplify memory usage tracking in CopiedSpace 7004 https://bugs.webkit.org/show_bug.cgi?id=80705 7005 7006 Reviewed by Filip Pizlo. 7007 7008 * heap/CopiedAllocator.h: 7009 (CopiedAllocator): Rename currentUtilization to currentSize. 7010 (JSC::CopiedAllocator::currentCapacity): 7011 * heap/CopiedBlock.h: 7012 (CopiedBlock): 7013 (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class 7014 declaration. 7015 (JSC): 7016 (JSC::CopiedBlock::size): Add new function to calculate the block's size. 7017 (JSC::CopiedBlock::capacity): Ditto for capacity. 7018 * heap/CopiedSpace.cpp: 7019 (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new 7020 field for the water mark. 7021 (JSC::CopiedSpace::init): 7022 (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 7023 block, we need to update our current water mark with the size of the block. 7024 (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 7025 need to update our current water mark with the size of the used portion of the block. 7026 (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 7027 reallocating because it will either get accounted for when we fill up the block later 7028 in the case of being able to reallocate in the current block or it will get picked up 7029 immediately because we'll have to get a new block. 7030 (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 7031 realloc-ing an oversize block because we deallocate the old block and allocate a brand 7032 new one. 7033 (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 7034 the CopiedSpace by the SlotVisitors. 7035 (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark. 7036 (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 7037 not we should collect now instead of doing the calculation ourself. 7038 (JSC::CopiedSpace::destroy): 7039 (JSC): 7040 (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 7041 MarkedSpace does. 7042 (JSC::CopiedSpace::capacity): Ditto for capacity. 7043 * heap/CopiedSpace.h: 7044 (JSC::CopiedSpace::waterMark): 7045 (CopiedSpace): 7046 * heap/CopiedSpaceInlineMethods.h: 7047 (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 7048 collection. 7049 (JSC::CopiedSpace::allocateNewBlock): 7050 (JSC::CopiedSpace::fitsInBlock): 7051 (JSC::CopiedSpace::allocateFromBlock): 7052 * heap/Heap.cpp: 7053 (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap. 7054 (JSC::Heap::capacity): Ditto for capacity. 7055 (JSC::Heap::collect): 7056 * heap/Heap.h: 7057 (Heap): 7058 (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 7059 determine whether they should initiate a collection or continue to allocate new blocks. 7060 (JSC): 7061 (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the 7062 Heap (MarkedSpace and CopiedSpace). 7063 * heap/MarkedAllocator.cpp: 7064 (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function. 7065 70662012-03-23 Ryosuke Niwa <rniwa@webkit.org> 7067 7068 BitVector::resizeOutOfLine doesn't memset when converting an inline buffer 7069 https://bugs.webkit.org/show_bug.cgi?id=82012 7070 7071 Reviewed by Filip Pizlo. 7072 7073 Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore. 7074 7075 * wtf/BitVector.cpp: 7076 (WTF::BitVector::resizeOutOfLine): 7077 * wtf/BitVector.h: 7078 (BitVector): 7079 (OutOfLineBits): 7080 70812012-03-22 Michael Saboff <msaboff@apple.com> 7082 7083 ExecutableAllocator::memoryPressureMultiplier() might can return NaN 7084 https://bugs.webkit.org/show_bug.cgi?id=82002 7085 7086 Reviewed by Filip Pizlo. 7087 7088 Guard against divide by zero and then make sure the return 7089 value is >= 1.0. 7090 7091 * jit/ExecutableAllocator.cpp: 7092 (JSC::ExecutableAllocator::memoryPressureMultiplier): 7093 * jit/ExecutableAllocatorFixedVMPool.cpp: 7094 (JSC::ExecutableAllocator::memoryPressureMultiplier): 7095 70962012-03-22 Jessie Berlin <jberlin@apple.com> 7097 7098 Windows build fix after r111778. 7099 7100 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 7101 Don't include and try to build files owned by WTF. 7102 Also, let VS have its way with the vcproj in terms of file ordering. 7103 71042012-03-22 Raphael Kubo da Costa <rakuco@FreeBSD.org> 7105 7106 [CMake] Unreviewed build fix after r111778. 7107 7108 * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in 7109 the include paths so that the right config.h is used. 7110 71112012-03-22 Tony Chang <tony@chromium.org> 7112 7113 Unreviewed, fix chromium build after wtf move. 7114 7115 Remove old wtf_config and wtf targets. 7116 7117 * JavaScriptCore.gyp/JavaScriptCore.gyp: 7118 71192012-03-22 Martin Robinson <mrobinson@igalia.com> 7120 7121 Fixed the GTK+ WTF/JavaScriptCore build after r111778. 7122 7123 * GNUmakefile.list.am: Removed an extra trailing backslash. 7124 71252012-03-22 Mark Rowe <mrowe@apple.com> 7126 7127 Fix the build. 7128 7129 * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries 7130 rather than only those that contain symbols that JavaScriptCore itself uses. 7131 * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project. 7132 71332012-03-22 Filip Pizlo <fpizlo@apple.com> 7134 7135 DFG NodeFlags has some duplicate code and naming issues 7136 https://bugs.webkit.org/show_bug.cgi?id=81975 7137 7138 Reviewed by Gavin Barraclough. 7139 7140 Removed most references to "ArithNodeFlags" since those are now just part 7141 of the node flags. Fixed some renaming goofs (EdgedAsNum is once again 7142 NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags() 7143 because the former was never called and the latter did the same things as 7144 mergeFlags(). 7145 7146 * dfg/DFGByteCodeParser.cpp: 7147 (JSC::DFG::ByteCodeParser::makeSafe): 7148 (JSC::DFG::ByteCodeParser::makeDivSafe): 7149 (JSC::DFG::ByteCodeParser::handleIntrinsic): 7150 * dfg/DFGGraph.cpp: 7151 (JSC::DFG::Graph::dump): 7152 * dfg/DFGNode.h: 7153 (JSC::DFG::Node::arithNodeFlags): 7154 (Node): 7155 * dfg/DFGNodeFlags.cpp: 7156 (JSC::DFG::nodeFlagsAsString): 7157 * dfg/DFGNodeFlags.h: 7158 (DFG): 7159 (JSC::DFG::nodeUsedAsNumber): 7160 * dfg/DFGPredictionPropagationPhase.cpp: 7161 (JSC::DFG::PredictionPropagationPhase::propagate): 7162 (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): 7163 71642012-03-22 Eric Seidel <eric@webkit.org> 7165 7166 Actually move WTF files to their new home 7167 https://bugs.webkit.org/show_bug.cgi?id=81844 7168 7169 Unreviewed. The details of the port-specific changes 7170 have been seen by contributors from those ports, but 7171 the whole 5MB change isn't very reviewable as-is. 7172 7173 * GNUmakefile.am: 7174 * GNUmakefile.list.am: 7175 * JSCTypedArrayStubs.h: 7176 * JavaScriptCore.gypi: 7177 * JavaScriptCore.xcodeproj/project.pbxproj: 7178 * jsc.cpp: 7179 71802012-03-22 Kevin Ollivier <kevino@theolliviers.com> 7181 7182 [wx] Unreviewed. Adding Source/WTF to the build. 7183 7184 * wscript: 7185 71862012-03-22 Gavin Barraclough <barraclough@apple.com> 7187 7188 Add JSValue::isFunction 7189 https://bugs.webkit.org/show_bug.cgi?id=81935 7190 7191 Reviewed by Geoff Garen. 7192 7193 This would be useful in the WebCore bindings code. 7194 Also, remove asFunction, replace with jsCast<JSFunction*>. 7195 7196 * API/JSContextRef.cpp: 7197 * debugger/Debugger.cpp: 7198 * debugger/DebuggerCallFrame.cpp: 7199 (JSC::DebuggerCallFrame::functionName): 7200 * dfg/DFGGraph.h: 7201 (JSC::DFG::Graph::valueOfFunctionConstant): 7202 * dfg/DFGOperations.cpp: 7203 * interpreter/CallFrame.cpp: 7204 (JSC::CallFrame::isInlineCallFrameSlow): 7205 * interpreter/Interpreter.cpp: 7206 (JSC::Interpreter::privateExecute): 7207 * jit/JITStubs.cpp: 7208 (JSC::DEFINE_STUB_FUNCTION): 7209 (JSC::jitCompileFor): 7210 (JSC::lazyLinkFor): 7211 * llint/LLIntSlowPaths.cpp: 7212 (JSC::LLInt::traceFunctionPrologue): 7213 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 7214 (JSC::LLInt::setUpCall): 7215 * runtime/Arguments.h: 7216 (JSC::Arguments::finishCreation): 7217 * runtime/ArrayPrototype.cpp: 7218 (JSC::arrayProtoFuncFilter): 7219 (JSC::arrayProtoFuncMap): 7220 (JSC::arrayProtoFuncEvery): 7221 (JSC::arrayProtoFuncForEach): 7222 (JSC::arrayProtoFuncSome): 7223 (JSC::arrayProtoFuncReduce): 7224 (JSC::arrayProtoFuncReduceRight): 7225 * runtime/CommonSlowPaths.h: 7226 (JSC::CommonSlowPaths::arityCheckFor): 7227 * runtime/Executable.h: 7228 (JSC::FunctionExecutable::compileFor): 7229 (JSC::FunctionExecutable::compileOptimizedFor): 7230 * runtime/FunctionPrototype.cpp: 7231 (JSC::functionProtoFuncToString): 7232 * runtime/JSArray.cpp: 7233 (JSC::JSArray::sort): 7234 * runtime/JSFunction.cpp: 7235 (JSC::JSFunction::argumentsGetter): 7236 (JSC::JSFunction::callerGetter): 7237 (JSC::JSFunction::lengthGetter): 7238 * runtime/JSFunction.h: 7239 (JSC): 7240 (JSC::asJSFunction): 7241 (JSC::JSValue::isFunction): 7242 * runtime/JSGlobalData.cpp: 7243 (WTF::Recompiler::operator()): 7244 (JSC::JSGlobalData::releaseExecutableMemory): 7245 * runtime/JSValue.h: 7246 * runtime/StringPrototype.cpp: 7247 (JSC::replaceUsingRegExpSearch): 7248 72492012-03-21 Filip Pizlo <fpizlo@apple.com> 7250 7251 DFG speculation on booleans should be rationalized 7252 https://bugs.webkit.org/show_bug.cgi?id=81840 7253 7254 Reviewed by Gavin Barraclough. 7255 7256 This removes isKnownBoolean() and replaces it with AbstractState-based 7257 optimization, and cleans up the control flow in code gen methods for 7258 Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber, 7259 and removes isKnownNotBoolean() since that method appeared to be a 7260 helper used solely by 32_64's speculateBooleanOperation(). 7261 7262 This is performance-neutral. 7263 7264 * dfg/DFGAbstractState.cpp: 7265 (JSC::DFG::AbstractState::execute): 7266 * dfg/DFGNode.h: 7267 (JSC::DFG::Node::shouldSpeculateNumber): 7268 * dfg/DFGSpeculativeJIT.cpp: 7269 (DFG): 7270 * dfg/DFGSpeculativeJIT.h: 7271 (SpeculativeJIT): 7272 * dfg/DFGSpeculativeJIT32_64.cpp: 7273 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 7274 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 7275 (JSC::DFG::SpeculativeJIT::emitBranch): 7276 (JSC::DFG::SpeculativeJIT::compile): 7277 * dfg/DFGSpeculativeJIT64.cpp: 7278 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 7279 (JSC::DFG::SpeculativeJIT::emitBranch): 7280 (JSC::DFG::SpeculativeJIT::compile): 7281 72822012-03-21 Mark Rowe <mrowe@apple.com> 7283 7284 Fix the build. 7285 7286 * wtf/MetaAllocator.h: 7287 (MetaAllocator): Export the destructor. 7288 72892012-03-21 Eric Seidel <eric@webkit.org> 7290 7291 Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore 7292 https://bugs.webkit.org/show_bug.cgi?id=81834 7293 7294 Reviewed by Adam Barth. 7295 7296 * jsc.cpp: 7297 * os-win32/WinMain.cpp: 7298 * runtime/JSDateMath.cpp: 7299 * runtime/TimeoutChecker.cpp: 7300 * testRegExp.cpp: 7301 * tools/CodeProfiling.cpp: 7302 73032012-03-21 Eric Seidel <eric@webkit.org> 7304 7305 WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library) 7306 https://bugs.webkit.org/show_bug.cgi?id=81838 7307 7308 Reviewed by Geoffrey Garen. 7309 7310 My understanding is that weak vtables happen when the compiler/linker cannot 7311 determine which compilation unit should constain the vtable. In this case 7312 because there were only pure virtual functions as well as an "inline" 7313 virtual destructor (thus the virtual destructor was defined in many compilation 7314 units). Since you can't actually "inline" a virtual function (it still has to 7315 bounce through the vtable), the "inline" on this virutal destructor doesn't 7316 actually help performance, and is only serving to confuse the compiler here. 7317 I've moved the destructor implementation to the .cpp file, thus making 7318 it clear to the compiler where the vtable should be stored, and solving the error. 7319 7320 * wtf/MetaAllocator.cpp: 7321 (WTF::MetaAllocator::~MetaAllocator): 7322 (WTF): 7323 * wtf/MetaAllocator.h: 7324 73252012-03-20 Gavin Barraclough <barraclough@apple.com> 7326 7327 RegExpMatchesArray should not copy the ovector 7328 https://bugs.webkit.org/show_bug.cgi?id=81742 7329 7330 Reviewed by Michael Saboff. 7331 7332 Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results. 7333 This makes allocation/construction/destruction of these objects more expensive. Instead, just store the 7334 main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping, 7335 and the results never accessed). 7336 If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone. 7337 7338 * dfg/DFGOperations.cpp: 7339 - RegExpObject match renamed back to test (test returns a bool). 7340 * runtime/RegExpConstructor.cpp: 7341 (JSC): 7342 - Removed RegExpResult, RegExpMatchesArray constructor, destroy method. 7343 (JSC::RegExpMatchesArray::finishCreation): 7344 - Removed RegExpConstructorPrivate parameter. 7345 (JSC::RegExpMatchesArray::reifyAllProperties): 7346 - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray. 7347 If there are sub-pattern properties, the RegExp is re-run to generate their values. 7348 (JSC::RegExpMatchesArray::reifyMatchProperty): 7349 - Reify just the match (index 0) property of the RegExpMatchesArray. 7350 * runtime/RegExpConstructor.h: 7351 (RegExpConstructor): 7352 (JSC::RegExpConstructor::performMatch): 7353 - performMatch now returns a MatchResult, rather than using out-parameters. 7354 * runtime/RegExpMatchesArray.h: 7355 (JSC::RegExpMatchesArray::RegExpMatchesArray): 7356 - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties. 7357 (RegExpMatchesArray): 7358 (JSC::RegExpMatchesArray::create): 7359 - Now passed the input string matched against, the RegExp, and the MatchResult. 7360 (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary): 7361 (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary): 7362 - Helpers to conditionally reify properties. 7363 (JSC::RegExpMatchesArray::getOwnPropertySlot): 7364 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): 7365 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): 7366 (JSC::RegExpMatchesArray::put): 7367 (JSC::RegExpMatchesArray::putByIndex): 7368 (JSC::RegExpMatchesArray::deleteProperty): 7369 (JSC::RegExpMatchesArray::deletePropertyByIndex): 7370 (JSC::RegExpMatchesArray::getOwnPropertyNames): 7371 (JSC::RegExpMatchesArray::defineOwnProperty): 7372 - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary 7373 (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0). 7374 * runtime/RegExpObject.cpp: 7375 (JSC::RegExpObject::exec): 7376 (JSC::RegExpObject::match): 7377 - match now returns a MatchResult. 7378 * runtime/RegExpObject.h: 7379 (JSC::MatchResult::MatchResult): 7380 - Added the result of a match is a start & end tuple. 7381 (JSC::MatchResult::failed): 7382 - A failure is indicated by (notFound, 0). 7383 (JSC::MatchResult::operator bool): 7384 - Evaluates to false if the match failed. 7385 (JSC::MatchResult::empty): 7386 - Evaluates to true if the match succeeded with length 0. 7387 (JSC::RegExpObject::test): 7388 - Now returns a bool. 7389 * runtime/RegExpPrototype.cpp: 7390 (JSC::regExpProtoFuncTest): 7391 - RegExpObject match renamed back to test (test returns a bool). 7392 * runtime/StringPrototype.cpp: 7393 (JSC::removeUsingRegExpSearch): 7394 (JSC::replaceUsingRegExpSearch): 7395 (JSC::stringProtoFuncMatch): 7396 (JSC::stringProtoFuncSearch): 7397 - performMatch now returns a MatchResult, rather than using out-parameters. 7398 73992012-03-21 Hojong Han <hojong.han@samsung.com> 7400 7401 Fix out of memory by allowing overcommit 7402 https://bugs.webkit.org/show_bug.cgi?id=81743 7403 7404 Reviewed by Geoffrey Garen. 7405 7406 Garbage collection is not triggered and new blocks are added 7407 because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough. 7408 7409 * wtf/OSAllocatorPosix.cpp: 7410 (WTF::OSAllocator::reserveAndCommit): 7411 74122012-03-21 Jessie Berlin <jberlin@apple.com> 7413 7414 More Windows build fixing. 7415 7416 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 7417 Fix the order of the include directories to look in include/private first before looking 7418 in include/private/JavaScriptCore. 7419 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: 7420 Look in the Production output directory (where the wtf headers will be). This is the same 7421 thing that is done for jsc and testRegExp in ReleasePGO. 7422 74232012-03-21 Jessie Berlin <jberlin@apple.com> 7424 7425 WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not 7426 $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf. 7427 https://bugs.webkit.org/show_bug.cgi?id=81739 7428 7429 Reviewed by Dan Bernstein. 7430 7431 * JavaScriptCore.vcproj/jsc/jsc.vcproj: 7432 Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf 7433 subdirectory of the build output, not the JavaScriptCore/wtf subdirectory. 7434 * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: 7435 Ditto. 7436 7437 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: 7438 Get the headers for those 4 files from the wtf subdirectory of the build output, not the 7439 JavaScriptCore/wtf subdirectory. 7440 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: 7441 Ditto. 7442 74432012-03-20 Eric Seidel <eric@webkit.org> 7444 7445 Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf 7446 https://bugs.webkit.org/show_bug.cgi?id=80911 7447 7448 Reviewed by Adam Barth. 7449 7450 Update the various build systems to depend on Source/WTF headers 7451 as well as remove references to Platform.h (since it's now moved). 7452 7453 * CMakeLists.txt: 7454 * JavaScriptCore.pri: 7455 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 7456 * JavaScriptCore.xcodeproj/project.pbxproj: 7457 * wtf/CMakeLists.txt: 7458 74592012-03-20 Filip Pizlo <fpizlo@apple.com> 7460 7461 op_mod fails on many interesting corner cases 7462 https://bugs.webkit.org/show_bug.cgi?id=81648 7463 7464 Reviewed by Oliver Hunt. 7465 7466 Removed most strength reduction for op_mod, and fixed the integer handling 7467 to do the right thing for corner cases. Oddly, this revealed bugs in OSR, 7468 which this patch also fixes. 7469 7470 This patch is performance neutral on all of the major benchmarks we track. 7471 7472 * dfg/DFGOperations.cpp: 7473 * dfg/DFGOperations.h: 7474 * dfg/DFGSpeculativeJIT.cpp: 7475 (DFG): 7476 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 7477 (JSC::DFG::SpeculativeJIT::compileArithMod): 7478 * jit/JIT.h: 7479 (JIT): 7480 * jit/JITArithmetic.cpp: 7481 (JSC): 7482 (JSC::JIT::emit_op_mod): 7483 (JSC::JIT::emitSlow_op_mod): 7484 * jit/JITArithmetic32_64.cpp: 7485 (JSC::JIT::emit_op_mod): 7486 (JSC::JIT::emitSlow_op_mod): 7487 * jit/JITOpcodes32_64.cpp: 7488 (JSC::JIT::privateCompileCTIMachineTrampolines): 7489 (JSC): 7490 * jit/JITStubs.h: 7491 (TrampolineStructure): 7492 (JSC::JITThunks::ctiNativeConstruct): 7493 * llint/LowLevelInterpreter64.asm: 7494 * wtf/Platform.h: 7495 * wtf/SimpleStats.h: 7496 (WTF::SimpleStats::variance): 7497 74982012-03-20 Steve Falkenburg <sfalken@apple.com> 7499 7500 Windows (make based) build fix. 7501 <rdar://problem/11069015> 7502 7503 * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead. 7504 75052012-03-20 Steve Falkenburg <sfalken@apple.com> 7506 7507 Move WTF-related Windows project files out of JavaScriptCore 7508 https://bugs.webkit.org/show_bug.cgi?id=80680 7509 7510 This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF. 7511 It does not move any source code. This is in preparation for the WTF source move out of 7512 JavaScriptCore. 7513 7514 Reviewed by Jessie Berlin. 7515 7516 * JavaScriptCore.vcproj/JavaScriptCore.sln: 7517 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: 7518 * JavaScriptCore.vcproj/WTF: Removed. 7519 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed. 7520 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed. 7521 * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed. 7522 * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed. 7523 * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed. 7524 * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed. 7525 * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed. 7526 * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed. 7527 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed. 7528 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed. 7529 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed. 7530 * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed. 7531 * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed. 7532 * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed. 7533 * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed. 7534 * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed. 7535 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed. 7536 * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed. 7537 * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed. 7538 * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed. 7539 * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed. 7540 * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed. 7541 75422012-03-20 Benjamin Poulain <bpoulain@apple.com> 7543 7544 Cache the type string of JavaScript object 7545 https://bugs.webkit.org/show_bug.cgi?id=81446 7546 7547 Reviewed by Geoffrey Garen. 7548 7549 Instead of creating the JSString every time, we create 7550 lazily the strings in JSGlobalData. 7551 7552 This avoid the construction of the StringImpl and of the JSString, 7553 which gives some performance improvements. 7554 7555 * runtime/CommonIdentifiers.h: 7556 * runtime/JSValue.cpp: 7557 (JSC::JSValue::toStringSlowCase): 7558 * runtime/Operations.cpp: 7559 (JSC::jsTypeStringForValue): 7560 * runtime/SmallStrings.cpp: 7561 (JSC::SmallStrings::SmallStrings): 7562 (JSC::SmallStrings::finalizeSmallStrings): 7563 (JSC::SmallStrings::initialize): 7564 (JSC): 7565 * runtime/SmallStrings.h: 7566 (SmallStrings): 7567 75682012-03-20 Oliver Hunt <oliver@apple.com> 7569 7570 Allow LLINT to work even when executable allocation fails. 7571 https://bugs.webkit.org/show_bug.cgi?id=81693 7572 7573 Reviewed by Gavin Barraclough. 7574 7575 Don't crash if executable allocation fails if we can fall back on LLINT 7576 7577 * jit/ExecutableAllocatorFixedVMPool.cpp: 7578 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): 7579 * wtf/OSAllocatorPosix.cpp: 7580 (WTF::OSAllocator::reserveAndCommit): 7581 75822012-03-20 Csaba Osztrogonác <ossy@webkit.org> 7583 7584 Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1 7585 https://bugs.webkit.org/show_bug.cgi?id=81428 7586 7587 32 bit buildfix after r111355. 7588 7589 2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int. 7590 The smallest int is -2147483648 (-2^31) == -2147483647 - 1 == -INT32_MAX-1 == INT32_MIN (stdint.h). 7591 7592 Reviewed by Zoltan Herczeg. 7593 7594 * dfg/DFGSpeculativeJIT.cpp: 7595 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): 7596 75972012-03-19 Jochen Eisinger <jochen@chromium.org> 7598 7599 Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace 7600 https://bugs.webkit.org/show_bug.cgi?id=80983 7601 7602 Reviewed by Darin Adler. 7603 7604 This allows printing a backtrace acquired by an earlier WTFGetBacktrace 7605 call which is useful for local debugging. 7606 7607 * wtf/Assertions.cpp: 7608 * wtf/Assertions.h: 7609 76102012-03-19 Benjamin Poulain <benjamin@webkit.org> 7611 7612 Do not copy the script source in the SourceProvider, just reference the existing string 7613 https://bugs.webkit.org/show_bug.cgi?id=81466 7614 7615 Reviewed by Geoffrey Garen. 7616 7617 * parser/SourceCode.h: Remove the unused, and incorrect, function data(). 7618 * parser/SourceProvider.h: Add OVERRIDE for clarity. 7619 76202012-03-19 Filip Pizlo <fpizlo@apple.com> 7621 7622 Division optimizations fail to infer cases of truncated division and 7623 mishandle -2147483648/-1 7624 https://bugs.webkit.org/show_bug.cgi?id=81428 7625 <rdar://problem/11067382> 7626 7627 Reviewed by Oliver Hunt. 7628 7629 If you're a division over integers and you're only used as an integer, then you're 7630 an integer division and remainder checks become unnecessary. If you're dividing 7631 -2147483648 by -1, don't crash. 7632 7633 * assembler/MacroAssemblerX86Common.h: 7634 (MacroAssemblerX86Common): 7635 (JSC::MacroAssemblerX86Common::add32): 7636 * dfg/DFGSpeculativeJIT.cpp: 7637 (DFG): 7638 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): 7639 * dfg/DFGSpeculativeJIT.h: 7640 (SpeculativeJIT): 7641 * dfg/DFGSpeculativeJIT32_64.cpp: 7642 (JSC::DFG::SpeculativeJIT::compile): 7643 * dfg/DFGSpeculativeJIT64.cpp: 7644 (JSC::DFG::SpeculativeJIT::compile): 7645 * llint/LowLevelInterpreter64.asm: 7646 76472012-03-19 Benjamin Poulain <bpoulain@apple.com> 7648 7649 Simplify SmallStrings 7650 https://bugs.webkit.org/show_bug.cgi?id=81445 7651 7652 Reviewed by Gavin Barraclough. 7653 7654 SmallStrings had two methods that should not be public: count() and clear(). 7655 7656 The method clear() is effectively replaced by finalizeSmallStrings(). The body 7657 of the method was moved to the constructor since the code is obvious. 7658 7659 The method count() is unused. 7660 7661 * runtime/SmallStrings.cpp: 7662 (JSC::SmallStrings::SmallStrings): 7663 * runtime/SmallStrings.h: 7664 (SmallStrings): 7665 76662012-03-19 Filip Pizlo <fpizlo@apple.com> 7667 7668 DFG can no longer compile V8-v4/regexp in debug mode 7669 https://bugs.webkit.org/show_bug.cgi?id=81592 7670 7671 Reviewed by Gavin Barraclough. 7672 7673 * dfg/DFGSpeculativeJIT32_64.cpp: 7674 (JSC::DFG::SpeculativeJIT::compile): 7675 * dfg/DFGSpeculativeJIT64.cpp: 7676 (JSC::DFG::SpeculativeJIT::compile): 7677 76782012-03-19 Filip Pizlo <fpizlo@apple.com> 7679 7680 Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not 7681 change throughout the fixpoint 7682 https://bugs.webkit.org/show_bug.cgi?id=81583 7683 7684 Reviewed by Michael Saboff. 7685 7686 * dfg/DFGPredictionPropagationPhase.cpp: 7687 (JSC::DFG::PredictionPropagationPhase::propagate): 7688 76892012-03-19 Filip Pizlo <fpizlo@apple.com> 7690 7691 GC should not attempt to clear LLInt instruction inline caches for code blocks that are in 7692 the process of being generated 7693 https://bugs.webkit.org/show_bug.cgi?id=81565 7694 7695 Reviewed by Oliver Hunt. 7696 7697 * bytecode/CodeBlock.cpp: 7698 (JSC::CodeBlock::finalizeUnconditionally): 7699 77002012-03-19 Eric Seidel <eric@webkit.org> 7701 7702 Fix WTF header include discipline in Chromium WebKit 7703 https://bugs.webkit.org/show_bug.cgi?id=81281 7704 7705 Reviewed by James Robinson. 7706 7707 * JavaScriptCore.gyp/JavaScriptCore.gyp: 7708 * wtf/unicode/icu/CollatorICU.cpp: 7709 77102012-03-19 Filip Pizlo <fpizlo@apple.com> 7711 7712 DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList 7713 https://bugs.webkit.org/show_bug.cgi?id=81556 7714 7715 Rubber stamped by Gavin Barraclough. 7716 7717 * GNUmakefile.list.am: 7718 * JavaScriptCore.xcodeproj/project.pbxproj: 7719 * dfg/DFGAbstractState.h: 7720 (JSC::DFG::AbstractState::forNode): 7721 * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h. 7722 (JSC::DFG::AdjacencyList::AdjacencyList): 7723 (JSC::DFG::AdjacencyList::child): 7724 (JSC::DFG::AdjacencyList::setChild): 7725 (JSC::DFG::AdjacencyList::child1): 7726 (JSC::DFG::AdjacencyList::child2): 7727 (JSC::DFG::AdjacencyList::child3): 7728 (JSC::DFG::AdjacencyList::setChild1): 7729 (JSC::DFG::AdjacencyList::setChild2): 7730 (JSC::DFG::AdjacencyList::setChild3): 7731 (JSC::DFG::AdjacencyList::child1Unchecked): 7732 (JSC::DFG::AdjacencyList::initialize): 7733 (AdjacencyList): 7734 * dfg/DFGByteCodeParser.cpp: 7735 (JSC::DFG::ByteCodeParser::addVarArgChild): 7736 (JSC::DFG::ByteCodeParser::processPhiStack): 7737 * dfg/DFGCSEPhase.cpp: 7738 (JSC::DFG::CSEPhase::canonicalize): 7739 (JSC::DFG::CSEPhase::performSubstitution): 7740 * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h. 7741 (DFG): 7742 (JSC::DFG::Edge::Edge): 7743 (JSC::DFG::Edge::operator==): 7744 (JSC::DFG::Edge::operator!=): 7745 (Edge): 7746 (JSC::DFG::operator==): 7747 (JSC::DFG::operator!=): 7748 * dfg/DFGGraph.h: 7749 (JSC::DFG::Graph::operator[]): 7750 (JSC::DFG::Graph::at): 7751 (JSC::DFG::Graph::ref): 7752 (JSC::DFG::Graph::deref): 7753 (JSC::DFG::Graph::clearAndDerefChild1): 7754 (JSC::DFG::Graph::clearAndDerefChild2): 7755 (JSC::DFG::Graph::clearAndDerefChild3): 7756 (Graph): 7757 * dfg/DFGJITCompiler.h: 7758 (JSC::DFG::JITCompiler::getPrediction): 7759 * dfg/DFGNode.h: 7760 (JSC::DFG::Node::Node): 7761 (JSC::DFG::Node::child1): 7762 (JSC::DFG::Node::child1Unchecked): 7763 (JSC::DFG::Node::child2): 7764 (JSC::DFG::Node::child3): 7765 (Node): 7766 * dfg/DFGNodeFlags.cpp: 7767 (JSC::DFG::arithNodeFlagsAsString): 7768 * dfg/DFGNodeFlags.h: 7769 (DFG): 7770 (JSC::DFG::nodeUsedAsNumber): 7771 * dfg/DFGNodeReferenceBlob.h: Removed. 7772 * dfg/DFGNodeUse.h: Removed. 7773 * dfg/DFGPredictionPropagationPhase.cpp: 7774 (JSC::DFG::PredictionPropagationPhase::propagate): 7775 (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): 7776 (JSC::DFG::PredictionPropagationPhase::vote): 7777 (JSC::DFG::PredictionPropagationPhase::fixupNode): 7778 * dfg/DFGScoreBoard.h: 7779 (JSC::DFG::ScoreBoard::use): 7780 * dfg/DFGSpeculativeJIT.cpp: 7781 (JSC::DFG::SpeculativeJIT::useChildren): 7782 (JSC::DFG::SpeculativeJIT::writeBarrier): 7783 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 7784 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 7785 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): 7786 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): 7787 * dfg/DFGSpeculativeJIT.h: 7788 (JSC::DFG::SpeculativeJIT::at): 7789 (JSC::DFG::SpeculativeJIT::canReuse): 7790 (JSC::DFG::SpeculativeJIT::use): 7791 (SpeculativeJIT): 7792 (JSC::DFG::SpeculativeJIT::speculationCheck): 7793 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 7794 (JSC::DFG::IntegerOperand::IntegerOperand): 7795 (JSC::DFG::DoubleOperand::DoubleOperand): 7796 (JSC::DFG::JSValueOperand::JSValueOperand): 7797 (JSC::DFG::StorageOperand::StorageOperand): 7798 (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): 7799 (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): 7800 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): 7801 (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): 7802 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): 7803 * dfg/DFGSpeculativeJIT32_64.cpp: 7804 (JSC::DFG::SpeculativeJIT::cachedPutById): 7805 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): 7806 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 7807 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): 7808 (JSC::DFG::SpeculativeJIT::emitCall): 7809 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 7810 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 7811 * dfg/DFGSpeculativeJIT64.cpp: 7812 (JSC::DFG::SpeculativeJIT::cachedPutById): 7813 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): 7814 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 7815 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): 7816 (JSC::DFG::SpeculativeJIT::emitCall): 7817 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 7818 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 7819 78202012-03-19 Gavin Barraclough <barraclough@apple.com> 7821 7822 Object.freeze broken on latest Nightly 7823 https://bugs.webkit.org/show_bug.cgi?id=80577 7824 7825 Reviewed by Oliver Hunt. 7826 7827 * runtime/Arguments.cpp: 7828 (JSC::Arguments::defineOwnProperty): 7829 - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't 7830 been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty. 7831 * runtime/JSFunction.cpp: 7832 (JSC::JSFunction::defineOwnProperty): 7833 - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that 7834 the object must be extensible; this is incorrect since these properties should already exist 7835 on the object. In addition, it was asserting that the arguments/caller values must match the 7836 corresponding magic data properties, but for strict mode function this is incorrect. Instead, 7837 just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty. 7838 78392012-03-19 Filip Pizlo <fpizlo@apple.com> 7840 7841 LLInt get_by_pname slow path incorrectly assumes that the operands are not constants 7842 https://bugs.webkit.org/show_bug.cgi?id=81559 7843 7844 Reviewed by Michael Saboff. 7845 7846 * llint/LLIntSlowPaths.cpp: 7847 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 7848 78492012-03-19 Yong Li <yoli@rim.com> 7850 7851 [BlackBerry] Implement OSAllocator::commit/decommit in the correct way 7852 https://bugs.webkit.org/show_bug.cgi?id=77013 7853 7854 We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to 7855 implement memory decommitting for QNX. 7856 7857 Reviewed by Rob Buis. 7858 7859 * wtf/OSAllocatorPosix.cpp: 7860 (WTF::OSAllocator::reserveUncommitted): 7861 (WTF::OSAllocator::commit): 7862 (WTF::OSAllocator::decommit): 7863 78642012-03-19 Gavin Barraclough <barraclough@apple.com> 7865 7866 Unreviewed - revent a couple of files accidentally committed. 7867 7868 * runtime/Arguments.cpp: 7869 (JSC::Arguments::defineOwnProperty): 7870 * runtime/JSFunction.cpp: 7871 (JSC::JSFunction::defineOwnProperty): 7872 78732012-03-19 Jessie Berlin <jberlin@apple.com> 7874 7875 Another Windows build fix after r111129. 7876 7877 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 7878 78792012-03-19 Raphael Kubo da Costa <rakuco@FreeBSD.org> 7880 7881 Cross-platform processor core counter: fix build on FreeBSD. 7882 https://bugs.webkit.org/show_bug.cgi?id=81482 7883 7884 Reviewed by Zoltan Herczeg. 7885 7886 The documentation of sysctl(3) shows that <sys/types.h> should be 7887 included before <sys/sysctl.h> (sys/types.h tends to be the first 7888 included header in general). 7889 7890 This should fix the build on FreeBSD and other systems where 7891 sysctl.h really depends on types defined in types.h. 7892 7893 * wtf/NumberOfCores.cpp: 7894 78952012-03-19 Jessie Berlin <jberlin@apple.com> 7896 7897 Windows build fix after r111129. 7898 7899 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 7900 79012012-03-19 Gavin Barraclough <barraclough@apple.com> 7902 7903 JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType 7904 https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745> 7905 7906 Reviewed by Oliver Hunt. 7907 7908 The API specifies that convertToType may opt not to handle a conversion: 7909 "@result The objects's converted value, or NULL if the object was not converted." 7910 In which case, it would propagate first up the JSClass hierarchy, calling its superclass's 7911 conversion functions, and failing that call the JSObject::defaultValue function. 7912 7913 Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on 7914 the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in 7915 bug#73368, these will return the result from the first convertToType they find, regardless 7916 of whether this result is null, and if no convertToType method is found in the api class 7917 hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype 7918 chain), they will also return a null pointer. This is unsafe. 7919 7920 It would be easy to make the approach based around toStringCallback/valueOfCallback continue 7921 to walk the api class hierarchy, but making the fallback to defaultValue would be problematic 7922 (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse). 7923 Making the fallback work with toString/valueOf methods attached to api objects is probably 7924 not the right thing to do – instead, we should just implement the defaultValue trap for api 7925 objects. 7926 7927 In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard 7928 null to be returned from C to JavaScript - this is not okay. Handle with an exception. 7929 7930 * API/JSCallbackFunction.cpp: 7931 (JSC::JSCallbackFunction::call): 7932 - Should be null checking the return value. 7933 (JSC): 7934 - Remove toStringCallback/valueOfCallback. 7935 * API/JSCallbackFunction.h: 7936 (JSCallbackFunction): 7937 - Remove toStringCallback/valueOfCallback. 7938 * API/JSCallbackObject.h: 7939 (JSCallbackObject): 7940 - Add defaultValue mthods to JSCallbackObject. 7941 * API/JSCallbackObjectFunctions.h: 7942 (JSC::::defaultValue): 7943 - Add defaultValue mthods to JSCallbackObject. 7944 * API/JSClassRef.cpp: 7945 (OpaqueJSClass::prototype): 7946 - Remove toStringCallback/valueOfCallback. 7947 * API/tests/testapi.js: 7948 - Revert this test, now we no longer artificially introduce a toString method onto the api object. 7949 79502012-03-18 Raphael Kubo da Costa <rakuco@FreeBSD.org> 7951 7952 [EFL] Include ICU_INCLUDE_DIRS when building. 7953 https://bugs.webkit.org/show_bug.cgi?id=81483 7954 7955 Reviewed by Daniel Bates. 7956 7957 So far, only the ICU libraries were being included when building 7958 JavaScriptCore, however the include path is also needed, otherwise the 7959 build will fail when ICU is installed into a non-standard location. 7960 7961 * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}. 7962 79632012-03-17 Gavin Barraclough <barraclough@apple.com> 7964 7965 Strength reduction, RegExp.exec -> RegExp.test 7966 https://bugs.webkit.org/show_bug.cgi?id=81459 7967 7968 Reviewed by Sam Weinig. 7969 7970 RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular 7971 expression for a match against a string - however exec is more expensive, since 7972 it allocates a matches array object. In cases where the result is consumed in a 7973 boolean context the allocation of the matches array can be trivially elided. 7974 7975 For example: 7976 function f() 7977 { 7978 for (i =0; i < 10000000; ++i) 7979 if(!/a/.exec("a")) 7980 err = true; 7981 } 7982 7983 This is a 2.5x speedup on this example microbenchmark loop. 7984 7985 In a more advanced form of this optimization, we may be able to avoid allocating 7986 the array where access to the array can be observed. 7987 7988 * create_hash_table: 7989 * dfg/DFGAbstractState.cpp: 7990 (JSC::DFG::AbstractState::execute): 7991 * dfg/DFGByteCodeParser.cpp: 7992 (JSC::DFG::ByteCodeParser::handleIntrinsic): 7993 * dfg/DFGNode.h: 7994 (JSC::DFG::Node::hasHeapPrediction): 7995 * dfg/DFGNodeType.h: 7996 (DFG): 7997 * dfg/DFGOperations.cpp: 7998 * dfg/DFGOperations.h: 7999 * dfg/DFGPredictionPropagationPhase.cpp: 8000 (JSC::DFG::PredictionPropagationPhase::propagate): 8001 * dfg/DFGSpeculativeJIT.cpp: 8002 (JSC::DFG::SpeculativeJIT::compileRegExpExec): 8003 (DFG): 8004 * dfg/DFGSpeculativeJIT.h: 8005 (JSC::DFG::SpeculativeJIT::callOperation): 8006 * dfg/DFGSpeculativeJIT32_64.cpp: 8007 (JSC::DFG::SpeculativeJIT::compile): 8008 * dfg/DFGSpeculativeJIT64.cpp: 8009 (JSC::DFG::SpeculativeJIT::compile): 8010 * jsc.cpp: 8011 (GlobalObject::addConstructableFunction): 8012 * runtime/Intrinsic.h: 8013 * runtime/JSFunction.cpp: 8014 (JSC::JSFunction::create): 8015 (JSC): 8016 * runtime/JSFunction.h: 8017 (JSFunction): 8018 * runtime/Lookup.cpp: 8019 (JSC::setUpStaticFunctionSlot): 8020 * runtime/RegExpObject.cpp: 8021 (JSC::RegExpObject::exec): 8022 (JSC::RegExpObject::match): 8023 * runtime/RegExpObject.h: 8024 (RegExpObject): 8025 * runtime/RegExpPrototype.cpp: 8026 (JSC::regExpProtoFuncTest): 8027 (JSC::regExpProtoFuncExec): 8028 80292012-03-16 Michael Saboff <msaboff@apple.com> 8030 8031 Improve diagnostic benefit of JSGlobalData::m_isInitializingObject 8032 https://bugs.webkit.org/show_bug.cgi?id=81244 8033 8034 Rubber stamped by Filip Pizlo. 8035 8036 Changed type and name of JSGlobalData::m_isInitializingObject to 8037 ClassInfo* and m_initializingObjectClass. 8038 Changed JSGlobalData::setInitializingObject to 8039 JSGlobalData::setInitializingObjectClass. This pointer can be used within 8040 the debugger to determine what type of object is being initialized. 8041 8042 * runtime/JSCell.h: 8043 (JSC::JSCell::finishCreation): 8044 (JSC::allocateCell): 8045 * runtime/JSGlobalData.cpp: 8046 (JSC::JSGlobalData::JSGlobalData): 8047 * runtime/JSGlobalData.h: 8048 (JSGlobalData): 8049 (JSC::JSGlobalData::isInitializingObject): 8050 (JSC::JSGlobalData::setInitializingObjectClass): 8051 * runtime/Structure.h: 8052 (JSC::JSCell::finishCreation): 8053 80542012-03-16 Mark Rowe <mrowe@apple.com> 8055 8056 Build fix. Do not preserve owner and group information when installing the WTF headers. 8057 8058 * JavaScriptCore.xcodeproj/project.pbxproj: 8059 80602012-03-15 David Dorwin <ddorwin@chromium.org> 8061 8062 Make the array pointer parameters in the Typed Array create() methods const. 8063 https://bugs.webkit.org/show_bug.cgi?id=81147 8064 8065 Reviewed by Kenneth Russell. 8066 8067 This allows const arrays to be passed to these methods. 8068 They use PassRefPtr<Subclass> create(), which already has a const parameter. 8069 8070 * wtf/Int16Array.h: 8071 (Int16Array): 8072 (WTF::Int16Array::create): 8073 * wtf/Int32Array.h: 8074 (Int32Array): 8075 (WTF::Int32Array::create): 8076 * wtf/Int8Array.h: 8077 (Int8Array): 8078 (WTF::Int8Array::create): 8079 * wtf/Uint16Array.h: 8080 (Uint16Array): 8081 (WTF::Uint16Array::create): 8082 * wtf/Uint32Array.h: 8083 (Uint32Array): 8084 (WTF::Uint32Array::create): 8085 * wtf/Uint8Array.h: 8086 (Uint8Array): 8087 (WTF::Uint8Array::create): 8088 * wtf/Uint8ClampedArray.h: 8089 (Uint8ClampedArray): 8090 (WTF::Uint8ClampedArray::create): 8091 80922012-03-15 Myles Maxfield <mmaxfield@google.com> 8093 8094 CopiedSpace::tryAllocateOversize assumes system page size 8095 https://bugs.webkit.org/show_bug.cgi?id=80615 8096 8097 Reviewed by Geoffrey Garen. 8098 8099 * heap/CopiedSpace.cpp: 8100 (JSC::CopiedSpace::tryAllocateOversize): 8101 * heap/CopiedSpace.h: 8102 (CopiedSpace): 8103 * heap/CopiedSpaceInlineMethods.h: 8104 (JSC::CopiedSpace::oversizeBlockFor): 8105 * wtf/BumpPointerAllocator.h: 8106 (WTF::BumpPointerPool::create): 8107 * wtf/StdLibExtras.h: 8108 (WTF::roundUpToMultipleOf): 8109 81102012-03-15 Mark Hahnenberg <mhahnenberg@apple.com> 8111 8112 Fixing Windows build breakage 8113 8114 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 8115 81162012-03-15 Patrick Gansterer <paroga@webkit.org> 8117 8118 [EFL] Make zlib a general build requirement 8119 https://bugs.webkit.org/show_bug.cgi?id=80153 8120 8121 Reviewed by Hajime Morita. 8122 8123 After r109538 WebSocket module needs zlib to support deflate-frame extension. 8124 8125 * wtf/Platform.h: 8126 81272012-03-15 Benjamin Poulain <bpoulain@apple.com> 8128 8129 NumericStrings should be inlined 8130 https://bugs.webkit.org/show_bug.cgi?id=81183 8131 8132 Reviewed by Gavin Barraclough. 8133 8134 NumericStrings is not always inlined. When it is not, the class is not faster 8135 than using UString::number() directly. 8136 8137 * runtime/NumericStrings.h: 8138 (JSC::NumericStrings::add): 8139 (JSC::NumericStrings::lookupSmallString): 8140 81412012-03-15 Andras Becsi <andras.becsi@nokia.com> 8142 8143 Fix ARM build after r110792. 8144 8145 Unreviewed build fix. 8146 8147 * jit/ExecutableAllocator.h: 8148 (JSC::ExecutableAllocator::cacheFlush): 8149 Remove superfluous curly brackets. 8150 81512012-03-15 Gavin Barraclough <barraclough@apple.com> 8152 8153 ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single) 8154 https://bugs.webkit.org/show_bug.cgi?id=81256 8155 8156 Reviewed by Oliver Hunt. 8157 8158 This is a 0.5% sunspider progression. 8159 8160 * assembler/MacroAssemblerARMv7.h: 8161 (JSC::MacroAssemblerARMv7::convertInt32ToDouble): 8162 - switch which form of vmov we use. 8163 81642012-03-15 YoungTaeck Song <youngtaeck.song@samsung.com> 8165 8166 [EFL] Add OwnPtr specialization for Ecore_Timer. 8167 https://bugs.webkit.org/show_bug.cgi?id=80119 8168 8169 Reviewed by Hajime Morita. 8170 8171 Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port. 8172 8173 * wtf/OwnPtrCommon.h: 8174 (WTF): 8175 * wtf/efl/OwnPtrEfl.cpp: 8176 (WTF::deleteOwnedPtr): 8177 (WTF): 8178 81792012-03-15 Hojong Han <hojong.han@samsung.com> 8180 8181 Linux has madvise enough to support OSAllocator::commit/decommit 8182 https://bugs.webkit.org/show_bug.cgi?id=80505 8183 8184 Reviewed by Geoffrey Garen. 8185 8186 * wtf/OSAllocatorPosix.cpp: 8187 (WTF::OSAllocator::reserveUncommitted): 8188 (WTF::OSAllocator::commit): 8189 (WTF::OSAllocator::decommit): 8190 81912012-03-15 Steve Falkenburg <sfalken@apple.com> 8192 8193 Windows build fix. 8194 8195 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: 8196 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: 8197 * JavaScriptCore.vcproj/WTF/copy-files.cmd: 8198 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: 8199 82002012-03-15 Steve Falkenburg <sfalken@apple.com> 8201 8202 Windows build fix. 8203 8204 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: 8205 82062012-03-15 Kevin Ollivier <kevino@theolliviers.com> 8207 8208 Move wx port to using export macros 8209 https://bugs.webkit.org/show_bug.cgi?id=77279 8210 8211 Reviewed by Hajime Morita. 8212 8213 * wscript: 8214 * wtf/Platform.h: 8215 82162012-03-14 Benjamin Poulain <bpoulain@apple.com> 8217 8218 Avoid StringImpl::getData16SlowCase() when sorting array 8219 https://bugs.webkit.org/show_bug.cgi?id=81070 8220 8221 Reviewed by Geoffrey Garen. 8222 8223 The function codePointCompare() is used intensively when sorting strings. 8224 This patch improves its performance by: 8225 -Avoiding character conversion. 8226 -Inlining the function. 8227 8228 This makes Peacekeeper's arrayCombined test 30% faster. 8229 8230 * wtf/text/StringImpl.cpp: 8231 * wtf/text/StringImpl.h: 8232 (WTF): 8233 (WTF::codePointCompare): 8234 (WTF::codePointCompare8): 8235 (WTF::codePointCompare16): 8236 (WTF::codePointCompare8To16): 8237 82382012-03-14 Hojong Han <hojong.han@samsung.com> 8239 8240 Fix memory allocation failed by fastmalloc 8241 https://bugs.webkit.org/show_bug.cgi?id=79614 8242 8243 Reviewed by Geoffrey Garen. 8244 8245 Memory allocation failed even if the heap grows successfully. 8246 It is wrong to get the span only from the large list after the heap grows, 8247 because new span could be added in the normal list. 8248 8249 * wtf/FastMalloc.cpp: 8250 (WTF::TCMalloc_PageHeap::New): 8251 82522012-03-14 Hojong Han <hojong.han@samsung.com> 8253 8254 Run cacheFlush page by page to assure of flushing all the requested ranges 8255 https://bugs.webkit.org/show_bug.cgi?id=77712 8256 8257 Reviewed by Geoffrey Garen. 8258 8259 Current MetaAllocator concept, always coalesces adjacent free spaces, 8260 doesn't meet memory management of Linux kernel. 8261 In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two. 8262 Therefore cacheFlush page by page guarantees a flush-requested range. 8263 8264 * jit/ExecutableAllocator.h: 8265 (JSC::ExecutableAllocator::cacheFlush): 8266 82672012-03-14 Oliver Hunt <oliver@apple.com> 8268 8269 Make ARMv7 work again 8270 https://bugs.webkit.org/show_bug.cgi?id=81157 8271 8272 Reviewed by Geoffrey Garen. 8273 8274 We were trying to use the ARMv7 dataRegister as a scratch register in a scenario 8275 where we the ARMv7MacroAssembler would also try to use dataRegister for its own 8276 nefarious purposes. 8277 8278 * assembler/MacroAssembler.h: 8279 (JSC::MacroAssembler::store32): 8280 * assembler/MacroAssemblerARMv7.h: 8281 (MacroAssemblerARMv7): 8282 82832012-03-14 Mark Hahnenberg <mhahnenberg@apple.com> 8284 8285 Heap::destroy leaks CopiedSpace 8286 https://bugs.webkit.org/show_bug.cgi?id=81055 8287 8288 Reviewed by Geoffrey Garen. 8289 8290 Added a destroy() function to CopiedSpace that moves all normal size 8291 CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 8292 as well as deallocates all of the oversize blocks in the CopiedSpace. 8293 This function is now called in Heap::destroy(). 8294 8295 * heap/CopiedSpace.cpp: 8296 (JSC::CopiedSpace::destroy): 8297 (JSC): 8298 * heap/CopiedSpace.h: 8299 (CopiedSpace): 8300 * heap/Heap.cpp: 8301 (JSC::Heap::destroy): 8302 83032012-03-14 Andrew Lo <anlo@rim.com> 8304 8305 [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController 8306 https://bugs.webkit.org/show_bug.cgi?id=81000 8307 8308 Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry. 8309 8310 Reviewed by Antonio Gomes. 8311 8312 * wtf/Platform.h: 8313 83142012-03-13 Filip Pizlo <fpizlo@apple.com> 8315 8316 ValueToInt32 speculation will cause OSR exits even when it does not have to 8317 https://bugs.webkit.org/show_bug.cgi?id=81068 8318 <rdar://problem/11043926> 8319 8320 Reviewed by Anders Carlsson. 8321 8322 Two related changes: 8323 1) ValueToInt32 will now always just defer to the non-speculative path, instead 8324 of exiting, if it doesn't know what speculations to perform. 8325 2) ValueToInt32 will speculate boolean if it sees this to be profitable. 8326 8327 * dfg/DFGAbstractState.cpp: 8328 (JSC::DFG::AbstractState::execute): 8329 * dfg/DFGNode.h: 8330 (JSC::DFG::Node::shouldSpeculateBoolean): 8331 (Node): 8332 * dfg/DFGSpeculativeJIT.cpp: 8333 (JSC::DFG::SpeculativeJIT::compileValueToInt32): 8334 83352012-03-13 Mark Hahnenberg <mhahnenberg@apple.com> 8336 8337 More Windows build fixing 8338 8339 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 8340 83412012-03-13 Mark Hahnenberg <mhahnenberg@apple.com> 8342 8343 Windows build fix 8344 8345 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 8346 83472012-03-13 Mark Hahnenberg <mhahnenberg@apple.com> 8348 8349 Type conversion of exponential part failed 8350 https://bugs.webkit.org/show_bug.cgi?id=80673 8351 8352 Reviewed by Geoffrey Garen. 8353 8354 * parser/Lexer.cpp: 8355 (JSC::::lex): 8356 * runtime/JSGlobalObjectFunctions.cpp: 8357 (JSC::parseInt): 8358 (JSC): 8359 (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not 8360 we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 8361 parameter for strtod to allow trailing spaces. 8362 (JSC::toDouble): 8363 (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3). 8364 * runtime/LiteralParser.cpp: 8365 (JSC::::Lexer::lexNumber): 8366 * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 8367 we will run ecma/TypeConversion/9.3.1-3.js as a regression test now. 8368 * wtf/dtoa.cpp: 8369 (WTF): 8370 (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 8371 broken by changing the default allowance of trailing junk in jsStrDecimalLiteral. 8372 * wtf/dtoa.h: 8373 * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 8374 Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace. 8375 A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 8376 here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed). 8377 * wtf/text/WTFString.cpp: 8378 (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff. 8379 83802012-03-13 Filip Pizlo <fpizlo@apple.com> 8381 8382 Unreviewed, build fix since is_pod<> includes some header that I didn't know about. 8383 Removing the assert for now. 8384 8385 * dfg/DFGOperations.h: 8386 * llint/LLIntSlowPaths.h: 8387 83882012-03-13 Filip Pizlo <fpizlo@apple.com> 8389 8390 Functions with C linkage should return POD types 8391 https://bugs.webkit.org/show_bug.cgi?id=81061 8392 8393 Reviewed by Mark Rowe. 8394 8395 * dfg/DFGOperations.h: 8396 * llint/LLIntSlowPaths.h: 8397 (LLInt): 8398 (SlowPathReturnType): 8399 (JSC::LLInt::encodeResult): 8400 84012012-03-13 Filip Pizlo <fpizlo@apple.com> 8402 8403 Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary 8404 https://bugs.webkit.org/show_bug.cgi?id=80979 8405 <rdar://problem/11036848> 8406 8407 Reviewed by Oliver Hunt. 8408 8409 Also improved DFG IR dumping to include type information in a somewhat more 8410 intuitive way. 8411 8412 * bytecode/PredictedType.cpp: 8413 (JSC::predictionToAbbreviatedString): 8414 (JSC): 8415 * bytecode/PredictedType.h: 8416 (JSC): 8417 * dfg/DFGAbstractState.cpp: 8418 (JSC::DFG::AbstractState::execute): 8419 * dfg/DFGGraph.cpp: 8420 (JSC::DFG::Graph::dump): 8421 * dfg/DFGPredictionPropagationPhase.cpp: 8422 (JSC::DFG::PredictionPropagationPhase::propagate): 8423 * dfg/DFGSpeculativeJIT.cpp: 8424 (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): 8425 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): 8426 * dfg/DFGSpeculativeJIT.h: 8427 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): 8428 84292012-03-13 George Staikos <staikos@webkit.org> 8430 8431 The callback is only used if SA_RESTART is defined. Compile it out 8432 otherwise to avoid a warning. 8433 https://bugs.webkit.org/show_bug.cgi?id=80926 8434 8435 Reviewed by Alexey Proskuryakov. 8436 8437 * heap/MachineStackMarker.cpp: 8438 (JSC): 8439 84402012-03-13 Hojong Han <hojong.han@samsung.com> 8441 8442 Dump the generated code for ARM_TRADITIONAL 8443 https://bugs.webkit.org/show_bug.cgi?id=80975 8444 8445 Reviewed by Gavin Barraclough. 8446 8447 * assembler/LinkBuffer.h: 8448 (JSC::LinkBuffer::dumpCode): 8449 84502012-03-13 Adam Barth <abarth@webkit.org> && Benjamin Poulain <bpoulain@apple.com> 8451 8452 Always enable ENABLE(CLIENT_BASED_GEOLOCATION) 8453 https://bugs.webkit.org/show_bug.cgi?id=78853 8454 8455 Reviewed by Adam Barth. 8456 8457 * Configurations/FeatureDefines.xcconfig: 8458 * wtf/Platform.h: 8459 84602012-03-13 Kwonjin Jeong <gram@company100.net> 8461 8462 Remove SlotVisitor::copy() method. 8463 https://bugs.webkit.org/show_bug.cgi?id=80973 8464 8465 Reviewed by Geoffrey Garen. 8466 8467 SlotVisitor::copy() method isn't called anywhere. 8468 8469 * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method. 8470 * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method. 8471 84722012-03-12 Hojong Han <hojong.han@samsung.com> 8473 8474 Fix test cases for RegExp multiline 8475 https://bugs.webkit.org/show_bug.cgi?id=80822 8476 8477 Reviewed by Gavin Barraclough. 8478 8479 * tests/mozilla/js1_2/regexp/RegExp_multiline.js: 8480 * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js: 8481 * tests/mozilla/js1_2/regexp/beginLine.js: 8482 * tests/mozilla/js1_2/regexp/endLine.js: 8483 84842012-03-12 Filip Pizlo <fpizlo@apple.com> 8485 8486 Arithmetic use inference should be procedure-global and should run in tandem 8487 with type propagation 8488 https://bugs.webkit.org/show_bug.cgi?id=80819 8489 <rdar://problem/11034006> 8490 8491 Reviewed by Gavin Barraclough. 8492 8493 * CMakeLists.txt: 8494 * GNUmakefile.list.am: 8495 * JavaScriptCore.xcodeproj/project.pbxproj: 8496 * Target.pri: 8497 * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed. 8498 * dfg/DFGArithNodeFlagsInferencePhase.h: Removed. 8499 * dfg/DFGDriver.cpp: 8500 (JSC::DFG::compile): 8501 * dfg/DFGPredictionPropagationPhase.cpp: 8502 (JSC::DFG::PredictionPropagationPhase::isNotNegZero): 8503 (PredictionPropagationPhase): 8504 (JSC::DFG::PredictionPropagationPhase::isNotZero): 8505 (JSC::DFG::PredictionPropagationPhase::propagate): 8506 (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): 8507 * dfg/DFGVariableAccessData.h: 8508 (JSC::DFG::VariableAccessData::VariableAccessData): 8509 (JSC::DFG::VariableAccessData::flags): 8510 (VariableAccessData): 8511 (JSC::DFG::VariableAccessData::mergeFlags): 8512 85132012-03-12 Filip Pizlo <fpizlo@apple.com> 8514 8515 Node::op and Node::flags should be private 8516 https://bugs.webkit.org/show_bug.cgi?id=80824 8517 <rdar://problem/11033435> 8518 8519 Reviewed by Gavin Barraclough. 8520 8521 * CMakeLists.txt: 8522 * GNUmakefile.list.am: 8523 * JavaScriptCore.xcodeproj/project.pbxproj: 8524 * Target.pri: 8525 * dfg/DFGAbstractState.cpp: 8526 (JSC::DFG::AbstractState::initialize): 8527 (JSC::DFG::AbstractState::execute): 8528 (JSC::DFG::AbstractState::mergeStateAtTail): 8529 (JSC::DFG::AbstractState::mergeToSuccessors): 8530 * dfg/DFGArithNodeFlagsInferencePhase.cpp: 8531 (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): 8532 * dfg/DFGByteCodeParser.cpp: 8533 (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction): 8534 (JSC::DFG::ByteCodeParser::getLocal): 8535 (JSC::DFG::ByteCodeParser::getArgument): 8536 (JSC::DFG::ByteCodeParser::flushArgument): 8537 (JSC::DFG::ByteCodeParser::toInt32): 8538 (JSC::DFG::ByteCodeParser::isJSConstant): 8539 (JSC::DFG::ByteCodeParser::makeSafe): 8540 (JSC::DFG::ByteCodeParser::makeDivSafe): 8541 (JSC::DFG::ByteCodeParser::handleInlining): 8542 (JSC::DFG::ByteCodeParser::parseBlock): 8543 (JSC::DFG::ByteCodeParser::processPhiStack): 8544 (JSC::DFG::ByteCodeParser::linkBlock): 8545 * dfg/DFGCFAPhase.cpp: 8546 (JSC::DFG::CFAPhase::performBlockCFA): 8547 * dfg/DFGCSEPhase.cpp: 8548 (JSC::DFG::CSEPhase::canonicalize): 8549 (JSC::DFG::CSEPhase::endIndexForPureCSE): 8550 (JSC::DFG::CSEPhase::pureCSE): 8551 (JSC::DFG::CSEPhase::byValIsPure): 8552 (JSC::DFG::CSEPhase::clobbersWorld): 8553 (JSC::DFG::CSEPhase::impureCSE): 8554 (JSC::DFG::CSEPhase::globalVarLoadElimination): 8555 (JSC::DFG::CSEPhase::getByValLoadElimination): 8556 (JSC::DFG::CSEPhase::checkFunctionElimination): 8557 (JSC::DFG::CSEPhase::checkStructureLoadElimination): 8558 (JSC::DFG::CSEPhase::getByOffsetLoadElimination): 8559 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): 8560 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): 8561 (JSC::DFG::CSEPhase::getScopeChainLoadElimination): 8562 (JSC::DFG::CSEPhase::performNodeCSE): 8563 * dfg/DFGGraph.cpp: 8564 (JSC::DFG::Graph::dump): 8565 (DFG): 8566 * dfg/DFGGraph.h: 8567 (JSC::DFG::Graph::addShouldSpeculateInteger): 8568 (JSC::DFG::Graph::negateShouldSpeculateInteger): 8569 (JSC::DFG::Graph::methodOfGettingAValueProfileFor): 8570 * dfg/DFGNode.cpp: Removed. 8571 * dfg/DFGNode.h: 8572 (DFG): 8573 (JSC::DFG::Node::Node): 8574 (Node): 8575 (JSC::DFG::Node::op): 8576 (JSC::DFG::Node::flags): 8577 (JSC::DFG::Node::setOp): 8578 (JSC::DFG::Node::setFlags): 8579 (JSC::DFG::Node::mergeFlags): 8580 (JSC::DFG::Node::filterFlags): 8581 (JSC::DFG::Node::clearFlags): 8582 (JSC::DFG::Node::setOpAndDefaultFlags): 8583 (JSC::DFG::Node::mustGenerate): 8584 (JSC::DFG::Node::isConstant): 8585 (JSC::DFG::Node::isWeakConstant): 8586 (JSC::DFG::Node::valueOfJSConstant): 8587 (JSC::DFG::Node::hasVariableAccessData): 8588 (JSC::DFG::Node::hasIdentifier): 8589 (JSC::DFG::Node::resolveGlobalDataIndex): 8590 (JSC::DFG::Node::hasArithNodeFlags): 8591 (JSC::DFG::Node::arithNodeFlags): 8592 (JSC::DFG::Node::setArithNodeFlag): 8593 (JSC::DFG::Node::mergeArithNodeFlags): 8594 (JSC::DFG::Node::hasConstantBuffer): 8595 (JSC::DFG::Node::hasRegexpIndex): 8596 (JSC::DFG::Node::hasVarNumber): 8597 (JSC::DFG::Node::hasScopeChainDepth): 8598 (JSC::DFG::Node::hasResult): 8599 (JSC::DFG::Node::hasInt32Result): 8600 (JSC::DFG::Node::hasNumberResult): 8601 (JSC::DFG::Node::hasJSResult): 8602 (JSC::DFG::Node::hasBooleanResult): 8603 (JSC::DFG::Node::isJump): 8604 (JSC::DFG::Node::isBranch): 8605 (JSC::DFG::Node::isTerminal): 8606 (JSC::DFG::Node::hasHeapPrediction): 8607 (JSC::DFG::Node::hasFunctionCheckData): 8608 (JSC::DFG::Node::hasStructureTransitionData): 8609 (JSC::DFG::Node::hasStructureSet): 8610 (JSC::DFG::Node::hasStorageAccessData): 8611 (JSC::DFG::Node::hasFunctionDeclIndex): 8612 (JSC::DFG::Node::hasFunctionExprIndex): 8613 (JSC::DFG::Node::child1): 8614 (JSC::DFG::Node::child2): 8615 (JSC::DFG::Node::child3): 8616 (JSC::DFG::Node::firstChild): 8617 (JSC::DFG::Node::numChildren): 8618 * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp. 8619 * dfg/DFGNodeFlags.h: Added. 8620 (DFG): 8621 (JSC::DFG::nodeUsedAsNumber): 8622 (JSC::DFG::nodeCanTruncateInteger): 8623 (JSC::DFG::nodeCanIgnoreNegativeZero): 8624 (JSC::DFG::nodeMayOverflow): 8625 (JSC::DFG::nodeCanSpeculateInteger): 8626 * dfg/DFGNodeType.h: Added. 8627 (DFG): 8628 (JSC::DFG::defaultFlags): 8629 * dfg/DFGPredictionPropagationPhase.cpp: 8630 (JSC::DFG::PredictionPropagationPhase::propagate): 8631 (JSC::DFG::PredictionPropagationPhase::vote): 8632 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): 8633 (JSC::DFG::PredictionPropagationPhase::fixupNode): 8634 * dfg/DFGRedundantPhiEliminationPhase.cpp: 8635 (JSC::DFG::RedundantPhiEliminationPhase::run): 8636 (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild): 8637 (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation): 8638 * dfg/DFGSpeculativeJIT.cpp: 8639 (JSC::DFG::SpeculativeJIT::useChildren): 8640 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 8641 (JSC::DFG::SpeculativeJIT::compileMovHint): 8642 (JSC::DFG::SpeculativeJIT::compile): 8643 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 8644 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 8645 (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): 8646 (JSC::DFG::SpeculativeJIT::compileAdd): 8647 (JSC::DFG::SpeculativeJIT::compare): 8648 * dfg/DFGSpeculativeJIT.h: 8649 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): 8650 * dfg/DFGSpeculativeJIT32_64.cpp: 8651 (JSC::DFG::SpeculativeJIT::emitCall): 8652 (JSC::DFG::SpeculativeJIT::compile): 8653 * dfg/DFGSpeculativeJIT64.cpp: 8654 (JSC::DFG::SpeculativeJIT::emitCall): 8655 (JSC::DFG::SpeculativeJIT::compile): 8656 * dfg/DFGVirtualRegisterAllocationPhase.cpp: 8657 (JSC::DFG::VirtualRegisterAllocationPhase::run): 8658 86592012-03-12 Laszlo Gombos <laszlo.1.gombos@nokia.com> 8660 8661 Minor DataLog fixes 8662 https://bugs.webkit.org/show_bug.cgi?id=80826 8663 8664 Reviewed by Andreas Kling. 8665 8666 * bytecode/ExecutionCounter.cpp: 8667 Do not include DataLog.h, it is not used. 8668 8669 * jit/ExecutableAllocator.cpp: 8670 Ditto. 8671 8672 * wtf/DataLog.cpp: 8673 (WTF::initializeLogFileOnce): 8674 Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined. 8675 8676 * wtf/HashTable.cpp: 8677 Include DataLog as it is used. 8678 86792012-03-12 SangGyu Lee <sg5.lee@samsung.com> 8680 8681 Integer overflow check code in arithmetic operation in classic interpreter 8682 https://bugs.webkit.org/show_bug.cgi?id=80465 8683 8684 Reviewed by Gavin Barraclough. 8685 8686 * interpreter/Interpreter.cpp: 8687 (JSC::Interpreter::privateExecute): 8688 86892012-03-12 Zeno Albisser <zeno@webkit.org> 8690 8691 [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863) 8692 https://bugs.webkit.org/show_bug.cgi?id=80827 8693 8694 Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT. 8695 8696 Reviewed by Simon Hausmann. 8697 8698 * wtf/Platform.h: 8699 87002012-03-12 Simon Hausmann <simon.hausmann@nokia.com> 8701 8702 Unreviewed prospective Qt/Mac build fix 8703 8704 * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine 8705 whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData 8706 constructor. 8707 87082012-03-12 Filip Pizlo <fpizlo@apple.com> 8709 8710 All DFG nodes should have a mutable set of flags 8711 https://bugs.webkit.org/show_bug.cgi?id=80779 8712 <rdar://problem/11026218> 8713 8714 Reviewed by Gavin Barraclough. 8715 8716 Got rid of NodeId, and placed all of the flags that distinguished NodeId 8717 from NodeType into a separate Node::flags field. Combined what was previously 8718 ArithNodeFlags into Node::flags. 8719 8720 In the process of debugging, I found that the debug support in the virtual 8721 register allocator was lacking, so I improved it. I also realized that the 8722 virtual register allocator was assuming that the nodes in a basic block were 8723 contiguous, which is no longer the case. So I fixed that. The fix also made 8724 it natural to have more extreme assertions, so I added them. I suspect this 8725 will make it easier to catch virtual register allocation bugs in the future. 8726 8727 This is mostly performance neutral; if anything it looks like a slight 8728 speed-up. 8729 8730 This patch does leave some work for future refactorings; for example, Node::op 8731 is unencapsulated. This was already the case, though now it feels even more 8732 like it should be. I avoided doing that because this patch has already grown 8733 way bigger than I wanted. 8734 8735 Finally, this patch creates a DFGNode.cpp file and makes a slight effort to 8736 move some unnecessarily inline stuff out of DFGNode.h. 8737 8738 * CMakeLists.txt: 8739 * GNUmakefile.list.am: 8740 * JavaScriptCore.xcodeproj/project.pbxproj: 8741 * Target.pri: 8742 * dfg/DFGArithNodeFlagsInferencePhase.cpp: 8743 (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): 8744 * dfg/DFGByteCodeParser.cpp: 8745 (JSC::DFG::ByteCodeParser::addToGraph): 8746 (JSC::DFG::ByteCodeParser::makeSafe): 8747 (JSC::DFG::ByteCodeParser::makeDivSafe): 8748 (JSC::DFG::ByteCodeParser::handleMinMax): 8749 (JSC::DFG::ByteCodeParser::handleIntrinsic): 8750 (JSC::DFG::ByteCodeParser::parseBlock): 8751 * dfg/DFGCFAPhase.cpp: 8752 (JSC::DFG::CFAPhase::performBlockCFA): 8753 * dfg/DFGCSEPhase.cpp: 8754 (JSC::DFG::CSEPhase::endIndexForPureCSE): 8755 (JSC::DFG::CSEPhase::pureCSE): 8756 (JSC::DFG::CSEPhase::clobbersWorld): 8757 (JSC::DFG::CSEPhase::impureCSE): 8758 (JSC::DFG::CSEPhase::setReplacement): 8759 (JSC::DFG::CSEPhase::eliminate): 8760 (JSC::DFG::CSEPhase::performNodeCSE): 8761 (JSC::DFG::CSEPhase::performBlockCSE): 8762 (CSEPhase): 8763 * dfg/DFGGraph.cpp: 8764 (JSC::DFG::Graph::opName): 8765 (JSC::DFG::Graph::dump): 8766 (DFG): 8767 * dfg/DFGNode.cpp: Added. 8768 (DFG): 8769 (JSC::DFG::arithNodeFlagsAsString): 8770 * dfg/DFGNode.h: 8771 (DFG): 8772 (JSC::DFG::nodeUsedAsNumber): 8773 (JSC::DFG::nodeCanTruncateInteger): 8774 (JSC::DFG::nodeCanIgnoreNegativeZero): 8775 (JSC::DFG::nodeMayOverflow): 8776 (JSC::DFG::nodeCanSpeculateInteger): 8777 (JSC::DFG::defaultFlags): 8778 (JSC::DFG::Node::Node): 8779 (Node): 8780 (JSC::DFG::Node::setOpAndDefaultFlags): 8781 (JSC::DFG::Node::mustGenerate): 8782 (JSC::DFG::Node::arithNodeFlags): 8783 (JSC::DFG::Node::setArithNodeFlag): 8784 (JSC::DFG::Node::mergeArithNodeFlags): 8785 (JSC::DFG::Node::hasResult): 8786 (JSC::DFG::Node::hasInt32Result): 8787 (JSC::DFG::Node::hasNumberResult): 8788 (JSC::DFG::Node::hasJSResult): 8789 (JSC::DFG::Node::hasBooleanResult): 8790 (JSC::DFG::Node::isJump): 8791 (JSC::DFG::Node::isBranch): 8792 (JSC::DFG::Node::isTerminal): 8793 (JSC::DFG::Node::child1): 8794 (JSC::DFG::Node::child2): 8795 (JSC::DFG::Node::child3): 8796 (JSC::DFG::Node::firstChild): 8797 (JSC::DFG::Node::numChildren): 8798 * dfg/DFGPredictionPropagationPhase.cpp: 8799 (JSC::DFG::PredictionPropagationPhase::propagate): 8800 (JSC::DFG::PredictionPropagationPhase::vote): 8801 (JSC::DFG::PredictionPropagationPhase::fixupNode): 8802 * dfg/DFGScoreBoard.h: 8803 (ScoreBoard): 8804 (JSC::DFG::ScoreBoard::~ScoreBoard): 8805 (JSC::DFG::ScoreBoard::assertClear): 8806 (JSC::DFG::ScoreBoard::use): 8807 * dfg/DFGSpeculativeJIT.cpp: 8808 (JSC::DFG::SpeculativeJIT::useChildren): 8809 * dfg/DFGSpeculativeJIT32_64.cpp: 8810 (JSC::DFG::SpeculativeJIT::compile): 8811 * dfg/DFGSpeculativeJIT64.cpp: 8812 (JSC::DFG::SpeculativeJIT::compile): 8813 * dfg/DFGVirtualRegisterAllocationPhase.cpp: 8814 (JSC::DFG::VirtualRegisterAllocationPhase::run): 8815 88162012-03-10 Filip Pizlo <fpizlo@apple.com> 8817 8818 LLInt should support JSVALUE64 8819 https://bugs.webkit.org/show_bug.cgi?id=79609 8820 <rdar://problem/10063437> 8821 8822 Reviewed by Gavin Barraclough and Oliver Hunt. 8823 8824 Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This 8825 patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common 8826 file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be 8827 specialized for value representation. 8828 8829 Also made some minor changes to offlineasm and the slow-paths. 8830 8831 * llint/LLIntData.cpp: 8832 (JSC::LLInt::Data::performAssertions): 8833 * llint/LLIntEntrypoints.cpp: 8834 * llint/LLIntSlowPaths.cpp: 8835 (LLInt): 8836 (JSC::LLInt::llint_trace_value): 8837 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 8838 (JSC::LLInt::jitCompileAndSetHeuristics): 8839 * llint/LLIntSlowPaths.h: 8840 (LLInt): 8841 (SlowPathReturnType): 8842 (JSC::LLInt::SlowPathReturnType::SlowPathReturnType): 8843 (JSC::LLInt::encodeResult): 8844 * llint/LLIntThunks.cpp: 8845 * llint/LowLevelInterpreter.asm: 8846 * llint/LowLevelInterpreter32_64.asm: 8847 * llint/LowLevelInterpreter64.asm: 8848 * offlineasm/armv7.rb: 8849 * offlineasm/asm.rb: 8850 * offlineasm/ast.rb: 8851 * offlineasm/backends.rb: 8852 * offlineasm/instructions.rb: 8853 * offlineasm/parser.rb: 8854 * offlineasm/registers.rb: 8855 * offlineasm/transform.rb: 8856 * offlineasm/x86.rb: 8857 * wtf/Platform.h: 8858 88592012-03-10 Yong Li <yoli@rim.com> 8860 8861 Web Worker crashes with WX_EXCLUSIVE 8862 https://bugs.webkit.org/show_bug.cgi?id=80532 8863 8864 Let each JS global object own a meta allocator 8865 for WX_EXCLUSIVE to avoid conflicts from Web Worker. 8866 Also fix a mutex leak in MetaAllocator's dtor. 8867 8868 Reviewed by Filip Pizlo. 8869 8870 * jit/ExecutableAllocator.cpp: 8871 (JSC::DemandExecutableAllocator::DemandExecutableAllocator): 8872 (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): 8873 (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): 8874 (DemandExecutableAllocator): 8875 (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): 8876 (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): 8877 (JSC::DemandExecutableAllocator::allocateNewSpace): 8878 (JSC::DemandExecutableAllocator::allocators): 8879 (JSC::DemandExecutableAllocator::allocatorsMutex): 8880 (JSC): 8881 (JSC::ExecutableAllocator::initializeAllocator): 8882 (JSC::ExecutableAllocator::ExecutableAllocator): 8883 (JSC::ExecutableAllocator::underMemoryPressure): 8884 (JSC::ExecutableAllocator::memoryPressureMultiplier): 8885 (JSC::ExecutableAllocator::allocate): 8886 (JSC::ExecutableAllocator::committedByteCount): 8887 (JSC::ExecutableAllocator::dumpProfile): 8888 * jit/ExecutableAllocator.h: 8889 (JSC): 8890 (ExecutableAllocator): 8891 (JSC::ExecutableAllocator::allocator): 8892 * wtf/MetaAllocator.h: 8893 (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock. 8894 * wtf/TCSpinLock.h: 8895 (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations. 8896 88972012-03-09 Gavin Barraclough <barraclough@apple.com> 8898 8899 Object.freeze broken on latest Nightly 8900 https://bugs.webkit.org/show_bug.cgi?id=80577 8901 8902 Reviewed by Oliver Hunt. 8903 8904 The problem here is that deleteProperty rejects deletion of prototype. 8905 This is correct in most cases, however defineOwnPropery is presently 8906 implemented internally to ensure the attributes change by deleting the 8907 old property, and creating a new one. 8908 8909 * runtime/JSFunction.cpp: 8910 (JSC::JSFunction::deleteProperty): 8911 - If deletePropery is called via defineOwnPropery, allow old prototype to be removed. 8912 89132012-03-09 Gavin Barraclough <barraclough@apple.com> 8914 8915 Array.prototype.toLocaleString visits elements in wrong order under certain conditions 8916 https://bugs.webkit.org/show_bug.cgi?id=80663 8917 8918 Reviewed by Michael Saboff. 8919 8920 The bug here is actually that we're continuing to process the array after an exception 8921 has been thrown, and that the second value throw is overriding the first. 8922 8923 * runtime/ArrayPrototype.cpp: 8924 (JSC::arrayProtoFuncToLocaleString): 8925 89262012-03-09 Ryosuke Niwa <rniwa@webkit.org> 8927 8928 WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html 8929 https://bugs.webkit.org/show_bug.cgi?id=80080 8930 8931 Reviewed by Filip Pizlo. 8932 8933 * bytecode/SamplingTool.cpp: 8934 (JSC::SamplingRegion::Locker::Locker): 8935 (JSC::SamplingRegion::Locker::~Locker): 8936 * bytecode/SamplingTool.h: 8937 (JSC::SamplingRegion::exchangeCurrent): 8938 * wtf/Atomics.h: 8939 (WTF): 8940 (WTF::weakCompareAndSwap): 8941 (WTF::weakCompareAndSwapUIntPtr): 8942 89432012-03-09 Gavin Barraclough <barraclough@apple.com> 8944 8945 REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN 8946 https://bugs.webkit.org/show_bug.cgi?id=49989 8947 8948 Reviewed by Oliver Hunt. 8949 8950 Patch originally by chris reiss <christopher.reiss@nokia.com>, 8951 allow the year to appear before the timezone in date strings. 8952 8953 * wtf/DateMath.cpp: 8954 (WTF::parseDateFromNullTerminatedCharacters): 8955 89562012-03-09 Mark Rowe <mrowe@apple.com> 8957 8958 Ensure that the WTF headers are copied at installhdrs time. 8959 8960 Reviewed by Dan Bernstein and Jessie Berlin. 8961 8962 * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES 8963 so that our script phases are invoked at installhdrs time. The only one that 8964 does any useful work at that time is the one that installs WTF headers. 8965 89662012-03-09 Jon Lee <jonlee@apple.com> 8967 8968 Add support for ENABLE(LEGACY_NOTIFICATIONS) 8969 https://bugs.webkit.org/show_bug.cgi?id=80497 8970 8971 Reviewed by Adam Barth. 8972 8973 Prep for b80472: Update API for Web Notifications 8974 * Configurations/FeatureDefines.xcconfig: 8975 89762012-03-09 Ashod Nakashian <ashodnakashian@yahoo.com> 8977 8978 Bash scripts should support LF endings only 8979 https://bugs.webkit.org/show_bug.cgi?id=79509 8980 8981 Reviewed by David Kilzer. 8982 8983 * gyp/generate-derived-sources.sh: Added property svn:eol-style. 8984 * gyp/run-if-exists.sh: Added property svn:eol-style. 8985 * gyp/update-info-plist.sh: Added property svn:eol-style. 8986 89872012-03-09 Jessie Berlin <jberlin@apple.com> 8988 8989 Windows debug build fix. 8990 8991 * assembler/MacroAssembler.h: 8992 (JSC::MacroAssembler::shouldBlind): 8993 Fix unreachable code warnings (which we treat as errors). 8994 89952012-03-09 Thouraya ANDOLSI <thouraya.andolsi@st.com> 8996 8997 Reviewed by Zoltan Herczeg. 8998 8999 [Qt] Fix the SH4 build after r109834 9000 https://bugs.webkit.org/show_bug.cgi?id=80492 9001 9002 * assembler/MacroAssemblerSH4.h: 9003 (JSC::MacroAssemblerSH4::branchAdd32): 9004 (JSC::MacroAssemblerSH4::branchSub32): 9005 90062012-03-09 Andy Wingo <wingo@igalia.com> 9007 9008 Refactor code feature analysis in the parser 9009 https://bugs.webkit.org/show_bug.cgi?id=79112 9010 9011 Reviewed by Geoffrey Garen. 9012 9013 This commit refactors the parser to more uniformly propagate flag 9014 bits down and up the parse process, as the parser descends and 9015 returns into nested blocks. Some flags get passed town to 9016 subscopes, some apply to specific scopes only, and some get 9017 unioned up after parsing subscopes. 9018 9019 The goal is to eventually be very precise with scoping 9020 information, once we have block scopes: one block scope might use 9021 `eval', which would require the emission of a symbol table within 9022 that block and containing blocks, whereas another block in the 9023 same function might not, allowing us to not emit a symbol table. 9024 9025 * parser/Nodes.h: 9026 (JSC::ScopeFlags): Rename from CodeFeatures. 9027 (JSC::ScopeNode::addScopeFlags): 9028 (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags. 9029 (JSC::ScopeNode::isStrictMode): 9030 (JSC::ScopeNode::usesEval): 9031 (JSC::ScopeNode::usesArguments): 9032 (JSC::ScopeNode::setUsesArguments): 9033 (JSC::ScopeNode::usesThis): 9034 (JSC::ScopeNode::needsActivationForMoreThanVariables): 9035 (JSC::ScopeNode::needsActivation): Refactor these accessors to 9036 operate on the m_scopeFlags member. 9037 (JSC::ScopeNode::source): 9038 (JSC::ScopeNode::sourceURL): 9039 (JSC::ScopeNode::sourceID): Shuffle these definitions around; no 9040 semantic change. 9041 (JSC::ScopeNode::ScopeNode) 9042 (JSC::ProgramNode::ProgramNode) 9043 (JSC::EvalNode::EvalNode) 9044 (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors 9045 take a ScopeFlags as an argument, instead of a bool inStrictContext. 9046 9047 * parser/Nodes.cpp: 9048 (JSC::ScopeNode::ScopeNode): 9049 (JSC::ProgramNode::ProgramNode): 9050 (JSC::ProgramNode::create): 9051 (JSC::EvalNode::EvalNode): 9052 (JSC::EvalNode::create): 9053 (JSC::FunctionBodyNode::FunctionBodyNode): 9054 (JSC::FunctionBodyNode::create): Adapt constructors to change. 9055 9056 * parser/ASTBuilder.h: 9057 (JSC::ASTBuilder::ASTBuilder): 9058 (JSC::ASTBuilder::thisExpr): 9059 (JSC::ASTBuilder::createResolve): 9060 (JSC::ASTBuilder::createFunctionBody): 9061 (JSC::ASTBuilder::createFuncDeclStatement): 9062 (JSC::ASTBuilder::createTryStatement): 9063 (JSC::ASTBuilder::createWithStatement): 9064 (JSC::ASTBuilder::addVar): 9065 (JSC::ASTBuilder::Scope::Scope): 9066 (Scope): 9067 (ASTBuilder): 9068 (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope 9069 features here. Instead rely on the base Parser mechanism to track 9070 features. 9071 9072 * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags". 9073 9074 * parser/Parser.h: 9075 (JSC::Scope::Scope): Manage scope through flags, not 9076 bit-booleans. This lets us uniformly propagate them up and down. 9077 (JSC::Scope::declareWrite): 9078 (JSC::Scope::declareParameter): 9079 (JSC::Scope::useVariable): 9080 (JSC::Scope::collectFreeVariables): 9081 (JSC::Scope::getCapturedVariables): 9082 (JSC::Scope::saveFunctionInfo): 9083 (JSC::Scope::restoreFunctionInfo): 9084 (JSC::Parser::pushScope): Adapt to use scope flags and their 9085 accessors instead of bit-booleans. 9086 * parser/Parser.cpp: 9087 (JSC::::Parser): 9088 (JSC::::parseInner): 9089 (JSC::::didFinishParsing): 9090 (JSC::::parseSourceElements): 9091 (JSC::::parseVarDeclarationList): 9092 (JSC::::parseConstDeclarationList): 9093 (JSC::::parseWithStatement): 9094 (JSC::::parseTryStatement): 9095 (JSC::::parseFunctionBody): 9096 (JSC::::parseFunctionInfo): 9097 (JSC::::parseFunctionDeclaration): 9098 (JSC::::parsePrimaryExpression): Hoist some of the flag handling 9099 out of the "context" (ASTBuilder or SyntaxChecker) and to here. 9100 Does not seem to have a performance impact. 9101 9102 * parser/SourceProviderCacheItem.h (SourceProviderCacheItem): 9103 Cache the scopeflags. 9104 * parser/SyntaxChecker.h: Remove evalCount() decl. 9105 9106 * runtime/Executable.cpp: 9107 (JSC::EvalExecutable::compileInternal): 9108 (JSC::ProgramExecutable::compileInternal): 9109 (JSC::FunctionExecutable::produceCodeBlockFor): 9110 * runtime/Executable.h: 9111 (JSC::ScriptExecutable::ScriptExecutable): 9112 (JSC::ScriptExecutable::usesEval): 9113 (JSC::ScriptExecutable::usesArguments): 9114 (JSC::ScriptExecutable::needsActivation): 9115 (JSC::ScriptExecutable::isStrictMode): 9116 (JSC::ScriptExecutable::recordParse): 9117 (ScriptExecutable): ScopeFlags, not features. 9118 91192012-03-08 Benjamin Poulain <bpoulain@apple.com> 9120 9121 Build fix for MSVC after r110266 9122 9123 Unreviewed. A #ifdef for MSVC was left over in r110266. 9124 9125 * runtime/RegExpObject.h: 9126 (RegExpObject): 9127 91282012-03-08 Benjamin Poulain <bpoulain@apple.com> 9129 9130 Allocate the RegExpObject's data with the Cell 9131 https://bugs.webkit.org/show_bug.cgi?id=80654 9132 9133 Reviewed by Gavin Barraclough. 9134 9135 This patch removes the creation of RegExpObject's data to avoid the overhead 9136 create by the allocation and destruction. 9137 9138 We RegExp are created repeatedly, this provides some performance improvment. 9139 The PeaceKeeper test stringDetectBrowser improves by 10%. 9140 9141 * runtime/RegExpObject.cpp: 9142 (JSC::RegExpObject::RegExpObject): 9143 (JSC::RegExpObject::visitChildren): 9144 (JSC::RegExpObject::getOwnPropertyDescriptor): 9145 (JSC::RegExpObject::defineOwnProperty): 9146 (JSC::RegExpObject::match): 9147 * runtime/RegExpObject.h: 9148 (JSC::RegExpObject::setRegExp): 9149 (JSC::RegExpObject::regExp): 9150 (JSC::RegExpObject::setLastIndex): 9151 (JSC::RegExpObject::getLastIndex): 9152 (RegExpObject): 9153 91542012-03-08 Steve Falkenburg <sfalken@apple.com> 9155 9156 Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build 9157 https://bugs.webkit.org/show_bug.cgi?id=80657 9158 9159 Preparation for WTF separation from JavaScriptCore. 9160 The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct 9161 dependencies for generated files. 9162 9163 This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization 9164 versions of the WTF code independent of the JavaScriptCore code. 9165 9166 Reviewed by Jessie Berlin. 9167 9168 * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects. 9169 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts. 9170 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts. 9171 * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts. 9172 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts. 9173 * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed. 9174 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects. 9175 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF. 9176 * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make. 9177 * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj. 9178 * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops. 9179 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops. 9180 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops. 9181 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops. 9182 * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops. 9183 * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops. 9184 * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops. 9185 * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed. 9186 * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh. 9187 * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd. 9188 * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py. 9189 91902012-03-08 Benjamin Poulain <benjamin@webkit.org> 9191 9192 Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf 9193 https://bugs.webkit.org/show_bug.cgi?id=80652 9194 9195 Reviewed by Eric Seidel. 9196 9197 Fix the header, URLSegments.h is not part of the API. 9198 9199 * wtf/url/api/ParsedURL.h: 9200 92012012-03-08 Ryosuke Niwa <rniwa@webkit.org> 9202 9203 Mac build fix for micro data API. 9204 9205 * Configurations/FeatureDefines.xcconfig: 9206 92072012-03-08 Gavin Barraclough <barraclough@apple.com> 9208 9209 String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10 9210 https://bugs.webkit.org/show_bug.cgi?id=26890 9211 9212 Reviewed by Oliver Hunt. 9213 9214 Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i. 9215 9216 * runtime/StringPrototype.cpp: 9217 (JSC::replaceUsingRegExpSearch): 9218 (JSC::stringProtoFuncMatch): 9219 - added calls to setLastIndex. 9220 92212012-03-08 Matt Lilek <mrl@apple.com> 9222 9223 Don't enable VIDEO_TRACK on all OS X platforms 9224 https://bugs.webkit.org/show_bug.cgi?id=80635 9225 9226 Reviewed by Eric Carlson. 9227 9228 * Configurations/FeatureDefines.xcconfig: 9229 92302012-03-08 Oliver Hunt <oliver@apple.com> 9231 9232 Build fix. That day is not today. 9233 9234 * assembler/MacroAssembler.h: 9235 (JSC::MacroAssembler::shouldBlind): 9236 * assembler/MacroAssemblerX86Common.h: 9237 (MacroAssemblerX86Common): 9238 (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): 9239 92402012-03-08 Oliver Hunt <oliver@apple.com> 9241 9242 Build fix. One of these days I'll manage to commit something that works everywhere. 9243 9244 * assembler/AbstractMacroAssembler.h: 9245 (AbstractMacroAssembler): 9246 * assembler/MacroAssemblerARMv7.h: 9247 (MacroAssemblerARMv7): 9248 * assembler/MacroAssemblerX86Common.h: 9249 (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): 9250 (MacroAssemblerX86Common): 9251 92522012-03-08 Chao-ying Fu <fu@mips.com> 9253 9254 Update MIPS patchOffsetGetByIdSlowCaseCall 9255 https://bugs.webkit.org/show_bug.cgi?id=80302 9256 9257 Reviewed by Oliver Hunt. 9258 9259 * jit/JIT.h: 9260 (JIT): 9261 92622012-03-08 Oliver Hunt <oliver@apple.com> 9263 9264 Missing some places where we should be blinding 64bit values (and blinding something we shouldn't) 9265 https://bugs.webkit.org/show_bug.cgi?id=80633 9266 9267 Reviewed by Gavin Barraclough. 9268 9269 Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind 9270 if there isn't a machine specific implementation (otherwise the 64bit value 9271 got truncated and 32bit checks were used -- leaving 32bits untested). 9272 Also add a bit of logic to ensure that we don't try to blind a few common 9273 constants that go through the ImmPtr paths -- encoded numeric JSValues and 9274 unencoded doubles with common "safe" values. 9275 9276 * assembler/AbstractMacroAssembler.h: 9277 (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch): 9278 * assembler/MacroAssembler.h: 9279 (JSC::MacroAssembler::shouldBlindDouble): 9280 (MacroAssembler): 9281 (JSC::MacroAssembler::shouldBlind): 9282 * assembler/MacroAssemblerX86Common.h: 9283 (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): 9284 92852012-03-08 Mark Rowe <mrowe@apple.com> 9286 9287 <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore 9288 9289 Reviewed by Dan Bernstein. 9290 9291 * Configurations/Base.xcconfig: 9292 92932012-03-08 Steve Falkenburg <sfalken@apple.com> 9294 9295 Fix line endings for copy-files.cmd. 9296 9297 If a cmd file doesn't have Windows line endings, it doesn't work properly. 9298 In this case, the label :clean wasn't found, breaking the clean build. 9299 9300 Reviewed by Jessie Berlin. 9301 9302 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 9303 93042012-03-07 Filip Pizlo <fpizlo@apple.com> 9305 9306 DFG CFA incorrectly handles ValueToInt32 9307 https://bugs.webkit.org/show_bug.cgi?id=80568 9308 9309 Reviewed by Gavin Barraclough. 9310 9311 Changed it match exactly the decision pattern used in 9312 DFG::SpeculativeJIT::compileValueToInt32 9313 9314 * dfg/DFGAbstractState.cpp: 9315 (JSC::DFG::AbstractState::execute): 9316 93172012-03-08 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com> 9318 9319 [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared 9320 https://bugs.webkit.org/show_bug.cgi?id=80524 9321 9322 Reviewed by Simon Hausmann. 9323 9324 Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 9325 of WTF library. 9326 9327 * runtime/Identifier.cpp: 9328 * wtf/WTFThreadData.cpp: 9329 (JSC): 9330 (JSC::IdentifierTable::~IdentifierTable): 9331 (JSC::IdentifierTable::add): 9332 93332012-03-08 Filip Pizlo <fpizlo@apple.com> 9334 9335 DFG instruction count threshold should be lifted to 10000 9336 https://bugs.webkit.org/show_bug.cgi?id=80579 9337 9338 Reviewed by Gavin Barraclough. 9339 9340 * runtime/Options.cpp: 9341 (JSC::Options::initializeOptions): 9342 93432012-03-07 Filip Pizlo <fpizlo@apple.com> 9344 9345 Incorrect tracking of abstract values of variables forced double 9346 https://bugs.webkit.org/show_bug.cgi?id=80566 9347 <rdar://problem/11001442> 9348 9349 Reviewed by Gavin Barraclough. 9350 9351 * dfg/DFGAbstractState.cpp: 9352 (JSC::DFG::AbstractState::mergeStateAtTail): 9353 93542012-03-07 Chao-yng Fu <fu@mips.com> 9355 9356 [Qt] Fix the MIPS/SH4 build after r109834 9357 https://bugs.webkit.org/show_bug.cgi?id=80492 9358 9359 Reviewed by Oliver Hunt. 9360 9361 Implement three-argument branch(Add,Sub)32. 9362 9363 * assembler/MacroAssemblerMIPS.h: 9364 (JSC::MacroAssemblerMIPS::add32): 9365 (MacroAssemblerMIPS): 9366 (JSC::MacroAssemblerMIPS::sub32): 9367 (JSC::MacroAssemblerMIPS::branchAdd32): 9368 (JSC::MacroAssemblerMIPS::branchSub32): 9369 93702012-03-07 Sheriff Bot <webkit.review.bot@gmail.com> 9371 9372 Unreviewed, rolling out r110127. 9373 http://trac.webkit.org/changeset/110127 9374 https://bugs.webkit.org/show_bug.cgi?id=80562 9375 9376 compile failed on AppleWin (Requested by ukai on #webkit). 9377 9378 * heap/Heap.cpp: 9379 (JSC::Heap::collectAllGarbage): 9380 * heap/Heap.h: 9381 (JSC): 9382 (Heap): 9383 * runtime/Executable.cpp: 9384 (JSC::FunctionExecutable::FunctionExecutable): 9385 (JSC::FunctionExecutable::finalize): 9386 * runtime/Executable.h: 9387 (FunctionExecutable): 9388 (JSC::FunctionExecutable::create): 9389 * runtime/JSGlobalData.cpp: 9390 (WTF): 9391 (Recompiler): 9392 (WTF::Recompiler::operator()): 9393 (JSC::JSGlobalData::recompileAllJSFunctions): 9394 (JSC): 9395 * runtime/JSGlobalData.h: 9396 (JSGlobalData): 9397 * runtime/JSGlobalObject.cpp: 9398 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): 9399 94002012-03-07 Hojong Han <hojong.han@samsung.com> 9401 9402 The end atom of the marked block considered to filter invalid cells 9403 https://bugs.webkit.org/show_bug.cgi?id=79191 9404 9405 Reviewed by Geoffrey Garen. 9406 9407 Register file could have stale pointers beyond the end atom of marked block. 9408 Those pointers can weasel out of filtering in-middle-of-cell pointer. 9409 9410 * heap/MarkedBlock.h: 9411 (JSC::MarkedBlock::isLiveCell): 9412 94132012-03-07 Jessie Berlin <jberlin@apple.com> 9414 9415 Clean Windows build fails after r110033 9416 https://bugs.webkit.org/show_bug.cgi?id=80553 9417 9418 Rubber-stamped by Jon Honeycutt and Eric Seidel. 9419 9420 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 9421 Place the implementation files next to their header files in the wtf/text subdirectory. 9422 Use echo -F to tell xcopy that these are files (since there is apparently no flag). 9423 * JavaScriptCore.vcproj/jsc/jsc.vcproj: 9424 Update the path to those implementation files. 9425 * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: 9426 Ditto. 9427 94282012-03-07 Yuqiang Xian <yuqiang.xian@intel.com> 9429 9430 Eliminate redundant Phis in DFG 9431 https://bugs.webkit.org/show_bug.cgi?id=80415 9432 9433 Reviewed by Filip Pizlo. 9434 9435 Although this may not have any advantage at current stage, this is towards 9436 minimal SSA to make more high level optimizations (like bug 76770) easier. 9437 We have the choices either to build minimal SSA from scratch or to 9438 keep current simple Phi insertion mechanism and remove the redundancy 9439 in another phase. Currently we choose the latter because the change 9440 could be smaller. 9441 9442 * CMakeLists.txt: 9443 * GNUmakefile.list.am: 9444 * JavaScriptCore.xcodeproj/project.pbxproj: 9445 * Target.pri: 9446 * dfg/DFGDriver.cpp: 9447 (JSC::DFG::compile): 9448 * dfg/DFGGraph.cpp: 9449 (JSC::DFG::Graph::dump): 9450 * dfg/DFGRedundantPhiEliminationPhase.cpp: Added. 9451 (DFG): 9452 (RedundantPhiEliminationPhase): 9453 (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase): 9454 (JSC::DFG::RedundantPhiEliminationPhase::run): 9455 (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement): 9456 (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild): 9457 (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis): 9458 (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation): 9459 (JSC::DFG::performRedundantPhiElimination): 9460 * dfg/DFGRedundantPhiEliminationPhase.h: Added. 9461 (DFG): 9462 94632012-03-07 Mark Hahnenberg <mhahnenberg@apple.com> 9464 9465 Refactor recompileAllJSFunctions() to be less expensive 9466 https://bugs.webkit.org/show_bug.cgi?id=80330 9467 9468 Reviewed by Geoffrey Garen. 9469 9470 This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 9471 load performance, which currently does at least a couple full GCs per navigation. 9472 9473 * heap/Heap.cpp: 9474 (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 9475 because the function doesn't actually recompile anything (and never did); it simply throws code 9476 away for it to be recompiled later if we determine we should do so. 9477 (JSC): 9478 (JSC::Heap::collectAllGarbage): 9479 (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list. 9480 (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list. 9481 * heap/Heap.h: 9482 (JSC): 9483 (Heap): 9484 * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 9485 be used in DoublyLinkedLists. 9486 (JSC::FunctionExecutable::FunctionExecutable): 9487 (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list. 9488 * runtime/Executable.h: 9489 (FunctionExecutable): 9490 (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list. 9491 * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 9492 the list of FunctionExecutables. 9493 * runtime/JSGlobalData.h: 9494 (JSGlobalData): 9495 * runtime/JSGlobalObject.cpp: 9496 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode. 9497 94982012-03-06 Oliver Hunt <oliver@apple.com> 9499 9500 Further harden 64-bit JIT 9501 https://bugs.webkit.org/show_bug.cgi?id=80457 9502 9503 Reviewed by Filip Pizlo. 9504 9505 This patch implements blinding for ImmPtr. Rather than xor based blinding 9506 we perform randomised pointer rotations in order to avoid the significant 9507 cost in executable memory that would otherwise be necessary (and to avoid 9508 the need for an additional scratch register in some cases). 9509 9510 As with the prior blinding patch there's a moderate amount of noise as we 9511 correct the use of ImmPtr vs. TrustedImmPtr. 9512 9513 * assembler/AbstractMacroAssembler.h: 9514 (ImmPtr): 9515 (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr): 9516 * assembler/MacroAssembler.h: 9517 (MacroAssembler): 9518 (JSC::MacroAssembler::storePtr): 9519 (JSC::MacroAssembler::branchPtr): 9520 (JSC::MacroAssembler::shouldBlind): 9521 (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr): 9522 (RotatedImmPtr): 9523 (JSC::MacroAssembler::rotationBlindConstant): 9524 (JSC::MacroAssembler::loadRotationBlindedConstant): 9525 (JSC::MacroAssembler::convertInt32ToDouble): 9526 (JSC::MacroAssembler::move): 9527 (JSC::MacroAssembler::poke): 9528 * assembler/MacroAssemblerARMv7.h: 9529 (JSC::MacroAssemblerARMv7::storeDouble): 9530 (JSC::MacroAssemblerARMv7::branchAdd32): 9531 * assembler/MacroAssemblerX86_64.h: 9532 (MacroAssemblerX86_64): 9533 (JSC::MacroAssemblerX86_64::rotateRightPtr): 9534 (JSC::MacroAssemblerX86_64::xorPtr): 9535 * assembler/X86Assembler.h: 9536 (X86Assembler): 9537 (JSC::X86Assembler::xorq_rm): 9538 (JSC::X86Assembler::rorq_i8r): 9539 * dfg/DFGCCallHelpers.h: 9540 (CCallHelpers): 9541 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): 9542 * dfg/DFGOSRExitCompiler32_64.cpp: 9543 (JSC::DFG::OSRExitCompiler::compileExit): 9544 * dfg/DFGOSRExitCompiler64.cpp: 9545 (JSC::DFG::OSRExitCompiler::compileExit): 9546 * dfg/DFGSpeculativeJIT.cpp: 9547 (JSC::DFG::SpeculativeJIT::createOSREntries): 9548 * dfg/DFGSpeculativeJIT.h: 9549 (JSC::DFG::SpeculativeJIT::silentFillGPR): 9550 (JSC::DFG::SpeculativeJIT::callOperation): 9551 (JSC::DFG::SpeculativeJIT::emitEdgeCode): 9552 * dfg/DFGSpeculativeJIT32_64.cpp: 9553 (JSC::DFG::SpeculativeJIT::compile): 9554 * dfg/DFGSpeculativeJIT64.cpp: 9555 (JSC::DFG::SpeculativeJIT::fillInteger): 9556 (JSC::DFG::SpeculativeJIT::fillDouble): 9557 (JSC::DFG::SpeculativeJIT::fillJSValue): 9558 (JSC::DFG::SpeculativeJIT::emitCall): 9559 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 9560 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 9561 (JSC::DFG::SpeculativeJIT::emitBranch): 9562 * jit/JIT.cpp: 9563 (JSC::JIT::emitOptimizationCheck): 9564 * jit/JITArithmetic32_64.cpp: 9565 (JSC::JIT::emitSlow_op_post_inc): 9566 * jit/JITInlineMethods.h: 9567 (JSC::JIT::emitValueProfilingSite): 9568 (JSC::JIT::emitGetVirtualRegister): 9569 * jit/JITOpcodes.cpp: 9570 (JSC::JIT::emit_op_mov): 9571 (JSC::JIT::emit_op_new_object): 9572 (JSC::JIT::emit_op_strcat): 9573 (JSC::JIT::emit_op_ensure_property_exists): 9574 (JSC::JIT::emit_op_resolve_skip): 9575 (JSC::JIT::emitSlow_op_resolve_global): 9576 (JSC::JIT::emit_op_resolve_with_base): 9577 (JSC::JIT::emit_op_resolve_with_this): 9578 (JSC::JIT::emit_op_jmp_scopes): 9579 (JSC::JIT::emit_op_switch_imm): 9580 (JSC::JIT::emit_op_switch_char): 9581 (JSC::JIT::emit_op_switch_string): 9582 (JSC::JIT::emit_op_throw_reference_error): 9583 (JSC::JIT::emit_op_debug): 9584 (JSC::JIT::emitSlow_op_resolve_global_dynamic): 9585 (JSC::JIT::emit_op_new_array): 9586 (JSC::JIT::emitSlow_op_new_array): 9587 (JSC::JIT::emit_op_new_array_buffer): 9588 * jit/JITOpcodes32_64.cpp: 9589 (JSC::JIT::emit_op_new_object): 9590 (JSC::JIT::emit_op_strcat): 9591 (JSC::JIT::emit_op_ensure_property_exists): 9592 (JSC::JIT::emit_op_resolve_skip): 9593 (JSC::JIT::emitSlow_op_resolve_global): 9594 (JSC::JIT::emit_op_resolve_with_base): 9595 (JSC::JIT::emit_op_resolve_with_this): 9596 (JSC::JIT::emit_op_jmp_scopes): 9597 (JSC::JIT::emit_op_switch_imm): 9598 (JSC::JIT::emit_op_switch_char): 9599 (JSC::JIT::emit_op_switch_string): 9600 * jit/JITPropertyAccess32_64.cpp: 9601 (JSC::JIT::emit_op_put_by_index): 9602 * jit/JITStubCall.h: 9603 (JITStubCall): 9604 (JSC::JITStubCall::addArgument): 9605 96062012-03-07 Simon Hausmann <simon.hausmann@nokia.com> 9607 9608 ARM build fix. 9609 9610 Reviewed by Zoltan Herczeg. 9611 9612 Implement three-argument branch(Add,Sub)32. 9613 9614 * assembler/MacroAssemblerARM.h: 9615 (JSC::MacroAssemblerARM::add32): 9616 (MacroAssemblerARM): 9617 (JSC::MacroAssemblerARM::sub32): 9618 (JSC::MacroAssemblerARM::branchAdd32): 9619 (JSC::MacroAssemblerARM::branchSub32): 9620 96212012-03-07 Andy Wingo <wingo@igalia.com> 9622 9623 Parser: Inline ScopeNodeData into ScopeNode 9624 https://bugs.webkit.org/show_bug.cgi?id=79776 9625 9626 Reviewed by Geoffrey Garen. 9627 9628 It used to be that some ScopeNode members were kept in a separate 9629 structure because sometimes they wouldn't be needed, and 9630 allocating a ParserArena was expensive. This patch makes 9631 ParserArena lazily allocate its IdentifierArena, allowing the 9632 members to be included directly, which is simpler and easier to 9633 reason about. 9634 9635 * parser/ParserArena.cpp: 9636 (JSC::ParserArena::ParserArena): 9637 (JSC::ParserArena::reset): 9638 (JSC::ParserArena::isEmpty): 9639 * parser/ParserArena.h: 9640 (JSC::ParserArena::identifierArena): Lazily allocate the 9641 IdentifierArena. 9642 9643 * parser/Nodes.cpp: 9644 (JSC::ScopeNode::ScopeNode): 9645 (JSC::ScopeNode::singleStatement): 9646 (JSC::ProgramNode::create): 9647 (JSC::EvalNode::create): 9648 (JSC::FunctionBodyNode::create): 9649 * parser/Nodes.h: 9650 (JSC::ScopeNode::destroyData): 9651 (JSC::ScopeNode::needsActivationForMoreThanVariables): 9652 (JSC::ScopeNode::needsActivation): 9653 (JSC::ScopeNode::hasCapturedVariables): 9654 (JSC::ScopeNode::capturedVariableCount): 9655 (JSC::ScopeNode::captures): 9656 (JSC::ScopeNode::varStack): 9657 (JSC::ScopeNode::functionStack): 9658 (JSC::ScopeNode::neededConstants): 9659 (ScopeNode): 9660 * bytecompiler/NodesCodegen.cpp: 9661 (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData 9662 into ScopeNode. Adapt accessors. 9663 96642012-03-06 Eric Seidel <eric@webkit.org> 9665 9666 Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf 9667 https://bugs.webkit.org/show_bug.cgi?id=80363 9668 9669 Reviewed by Mark Rowe. 9670 9671 Historically WTF has been part of JavaScriptCore, and on Mac and Windows 9672 its headers have appeared as part of the "private" headers exported by 9673 JavaScriptCore. All of the WTF headers there are "flattened" into a single 9674 private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders" 9675 to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes. 9676 9677 However, very soon, we are moving the WTF source code out of JavaScriptCore into its 9678 own directory and project. As part of such, the WTF headers will no longer be part of 9679 the JavaScriptCore private interfaces. 9680 In preparation for that, this change makes both the Mac and Win builds export 9681 WTF headers in a non-flattened manner. On Mac, that means into usr/local/include/wtf 9682 (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories). 9683 9684 There are 5 parts to this change. 9685 1. Updates the JavaScriptCore XCode and VCProj files to actually install these headers 9686 (and header directories) into the appropriate places in the build directory. 9687 2. Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location 9688 (WebCore, WebKit, etc. had already been taught to look in previous patches). 9689 3. Fixes all JavaScriptCore source files, and WTF headers to include WTF headers 9690 using fully qualified paths. 9691 4. Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location. 9692 5. Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist. 9693 9694 Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant. 9695 It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF 9696 headers, those will have to be updated to use <wtf/Foo.h> after this change. 9697 I've discussed this proposed change at length with Mark Rowe, and my understanding is they 9698 are ready for (and interested in) this change happening. 9699 9700 * API/tests/JSNode.c: 9701 * API/tests/JSNodeList.c: 9702 * Configurations/Base.xcconfig: 9703 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 9704 * JavaScriptCore.xcodeproj/project.pbxproj: 9705 * assembler/MacroAssemblerCodeRef.h: 9706 * bytecompiler/BytecodeGenerator.h: 9707 * dfg/DFGOperations.cpp: 9708 * heap/GCAssertions.h: 9709 * heap/HandleHeap.h: 9710 * heap/HandleStack.h: 9711 * heap/MarkedSpace.h: 9712 * heap/PassWeak.h: 9713 * heap/Strong.h: 9714 * heap/Weak.h: 9715 * jit/HostCallReturnValue.cpp: 9716 * jit/JIT.cpp: 9717 * jit/JITStubs.cpp: 9718 * jit/ThunkGenerators.cpp: 9719 * parser/Lexer.cpp: 9720 * runtime/Completion.cpp: 9721 * runtime/Executable.cpp: 9722 * runtime/Identifier.h: 9723 * runtime/InitializeThreading.cpp: 9724 * runtime/JSDateMath.cpp: 9725 * runtime/JSGlobalObjectFunctions.cpp: 9726 * runtime/JSStringBuilder.h: 9727 * runtime/JSVariableObject.h: 9728 * runtime/NumberPrototype.cpp: 9729 * runtime/WriteBarrier.h: 9730 * tools/CodeProfile.cpp: 9731 * tools/TieredMMapArray.h: 9732 * wtf/AVLTree.h: 9733 * wtf/Alignment.h: 9734 * wtf/AlwaysInline.h: 9735 * wtf/ArrayBufferView.h: 9736 * wtf/Assertions.h: 9737 * wtf/Atomics.h: 9738 * wtf/Bitmap.h: 9739 * wtf/BoundsCheckedPointer.h: 9740 * wtf/CheckedArithmetic.h: 9741 * wtf/Deque.h: 9742 * wtf/ExportMacros.h: 9743 * wtf/FastAllocBase.h: 9744 * wtf/FastMalloc.h: 9745 * wtf/Float32Array.h: 9746 * wtf/Float64Array.h: 9747 * wtf/Functional.h: 9748 * wtf/HashCountedSet.h: 9749 * wtf/HashFunctions.h: 9750 * wtf/HashMap.h: 9751 * wtf/HashSet.h: 9752 * wtf/HashTable.h: 9753 * wtf/HashTraits.h: 9754 * wtf/Int16Array.h: 9755 * wtf/Int32Array.h: 9756 * wtf/Int8Array.h: 9757 * wtf/IntegralTypedArrayBase.h: 9758 * wtf/ListHashSet.h: 9759 * wtf/MainThread.h: 9760 * wtf/MetaAllocator.h: 9761 * wtf/Noncopyable.h: 9762 * wtf/OwnArrayPtr.h: 9763 * wtf/OwnPtr.h: 9764 * wtf/PackedIntVector.h: 9765 * wtf/ParallelJobs.h: 9766 * wtf/PassOwnArrayPtr.h: 9767 * wtf/PassOwnPtr.h: 9768 * wtf/PassRefPtr.h: 9769 * wtf/PassTraits.h: 9770 * wtf/Platform.h: 9771 * wtf/PossiblyNull.h: 9772 * wtf/RefCounted.h: 9773 * wtf/RefCountedLeakCounter.h: 9774 * wtf/RefPtr.h: 9775 * wtf/RetainPtr.h: 9776 * wtf/SimpleStats.h: 9777 * wtf/Spectrum.h: 9778 * wtf/StdLibExtras.h: 9779 * wtf/TCPageMap.h: 9780 * wtf/TemporaryChange.h: 9781 * wtf/ThreadSafeRefCounted.h: 9782 * wtf/Threading.h: 9783 * wtf/ThreadingPrimitives.h: 9784 * wtf/TypeTraits.h: 9785 * wtf/TypedArrayBase.h: 9786 * wtf/Uint16Array.h: 9787 * wtf/Uint32Array.h: 9788 * wtf/Uint8Array.h: 9789 * wtf/Uint8ClampedArray.h: 9790 * wtf/UnusedParam.h: 9791 * wtf/Vector.h: 9792 * wtf/VectorTraits.h: 9793 * wtf/dtoa/double-conversion.h: 9794 * wtf/dtoa/utils.h: 9795 * wtf/gobject/GRefPtr.h: 9796 * wtf/gobject/GlibUtilities.h: 9797 * wtf/text/AtomicString.h: 9798 * wtf/text/AtomicStringImpl.h: 9799 * wtf/text/CString.h: 9800 * wtf/text/StringConcatenate.h: 9801 * wtf/text/StringHash.h: 9802 * wtf/text/WTFString.h: 9803 * wtf/unicode/CharacterNames.h: 9804 * wtf/unicode/UTF8.h: 9805 * wtf/unicode/glib/UnicodeGLib.h: 9806 * wtf/unicode/qt4/UnicodeQt4.h: 9807 * wtf/unicode/wince/UnicodeWinCE.h: 9808 * wtf/url/api/ParsedURL.h: 9809 * wtf/url/api/URLString.h: 9810 * wtf/wince/FastMallocWinCE.h: 9811 * yarr/YarrJIT.cpp: 9812 98132012-03-06 Gavin Barraclough <barraclough@apple.com> 9814 9815 Array.prototype functions should throw if delete fails 9816 https://bugs.webkit.org/show_bug.cgi?id=80467 9817 9818 Reviewed by Oliver Hunt. 9819 9820 All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw. 9821 In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations 9822 in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines, 9823 one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift 9824 routines, for handling arrays with holes. These three copies should be unified. 9825 9826 * runtime/ArrayPrototype.cpp: 9827 (JSC::shift): 9828 (JSC::unshift): 9829 - Added - shared copies of the shift/unshift functionality. 9830 (JSC::arrayProtoFuncPop): 9831 - should throw if the delete fails. 9832 (JSC::arrayProtoFuncReverse): 9833 - should throw if the delete fails. 9834 (JSC::arrayProtoFuncShift): 9835 (JSC::arrayProtoFuncSplice): 9836 (JSC::arrayProtoFuncUnShift): 9837 - use shift/unshift. 9838 * runtime/JSArray.cpp: 9839 (JSC::JSArray::shiftCount): 9840 (JSC::JSArray::unshiftCount): 9841 - Don't try to handle arrays with holes; return a value indicating 9842 the generic routine should be used instead. 9843 * runtime/JSArray.h: 9844 - declaration for shiftCount/unshiftCount changed. 9845 * tests/mozilla/js1_6/Array/regress-304828.js: 9846 - this was asserting incorrect behaviour. 9847 98482012-03-06 Raphael Kubo da Costa <kubo@profusion.mobi> 9849 9850 [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7. 9851 https://bugs.webkit.org/show_bug.cgi?id=80469 9852 9853 Reviewed by Antonio Gomes. 9854 9855 * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target 9856 property on the library being created. 9857 98582012-03-06 Yuqiang Xian <yuqiang.xian@intel.com> 9859 9860 DFG BasicBlock should group the Phi nodes together and separate them 9861 from the other nodes 9862 https://bugs.webkit.org/show_bug.cgi?id=80361 9863 9864 Reviewed by Filip Pizlo. 9865 9866 This would make it more efficient to remove the redundant Phi nodes or 9867 insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure. 9868 This is performance neutral on SunSpider, V8 and Kraken. 9869 9870 * dfg/DFGAbstractState.cpp: 9871 (JSC::DFG::AbstractState::clobberStructures): 9872 (JSC::DFG::AbstractState::dump): 9873 * dfg/DFGBasicBlock.h: 9874 (JSC::DFG::BasicBlock::BasicBlock): 9875 (BasicBlock): 9876 * dfg/DFGByteCodeParser.cpp: 9877 (JSC::DFG::ByteCodeParser::addToGraph): 9878 (JSC::DFG::ByteCodeParser::insertPhiNode): 9879 * dfg/DFGCFAPhase.cpp: 9880 (JSC::DFG::CFAPhase::performBlockCFA): 9881 * dfg/DFGCSEPhase.cpp: 9882 (JSC::DFG::CSEPhase::pureCSE): 9883 (JSC::DFG::CSEPhase::impureCSE): 9884 (JSC::DFG::CSEPhase::globalVarLoadElimination): 9885 (JSC::DFG::CSEPhase::getByValLoadElimination): 9886 (JSC::DFG::CSEPhase::checkFunctionElimination): 9887 (JSC::DFG::CSEPhase::checkStructureLoadElimination): 9888 (JSC::DFG::CSEPhase::getByOffsetLoadElimination): 9889 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): 9890 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): 9891 (JSC::DFG::CSEPhase::getScopeChainLoadElimination): 9892 (JSC::DFG::CSEPhase::performBlockCSE): 9893 * dfg/DFGGraph.cpp: 9894 (JSC::DFG::Graph::dump): 9895 * dfg/DFGSpeculativeJIT.cpp: 9896 (JSC::DFG::SpeculativeJIT::compile): 9897 98982012-03-06 Mark Hahnenberg <mhahnenberg@apple.com> 9899 9900 GCActivityCallback timer should vary with the length of the previous GC 9901 https://bugs.webkit.org/show_bug.cgi?id=80344 9902 9903 Reviewed by Geoffrey Garen. 9904 9905 * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 9906 GC length so that the GC Activity Callback can use it. 9907 (JSC::Heap::Heap): 9908 (JSC::Heap::collect): 9909 * heap/Heap.h: 9910 (JSC::Heap::lastGCLength): 9911 (Heap): 9912 * runtime/GCActivityCallbackCF.cpp: 9913 (JSC): 9914 (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 9915 GC to determine the length of our timer trigger (currently set at 100x the duration 9916 of the last GC). 9917 99182012-03-06 Rob Buis <rbuis@rim.com> 9919 9920 BlackBerry] Fix cast-align gcc warnings when compiling JSC 9921 https://bugs.webkit.org/show_bug.cgi?id=80420 9922 9923 Reviewed by Gavin Barraclough. 9924 9925 Fix warnings given in Blackberry build. 9926 9927 * heap/CopiedBlock.h: 9928 (JSC::CopiedBlock::CopiedBlock): 9929 * wtf/RefCountedArray.h: 9930 (WTF::RefCountedArray::Header::fromPayload): 9931 99322012-03-06 Gavin Barraclough <barraclough@apple.com> 9933 9934 writable/configurable not respected for some properties of Function/String/Arguments 9935 https://bugs.webkit.org/show_bug.cgi?id=80436 9936 9937 Reviewed by Oliver Hunt. 9938 9939 Special properties should behave like regular properties. 9940 9941 * runtime/Arguments.cpp: 9942 (JSC::Arguments::defineOwnProperty): 9943 - Mis-nested logic for making read-only properties non-live. 9944 * runtime/JSFunction.cpp: 9945 (JSC::JSFunction::put): 9946 - arguments/length/caller are non-writable, non-configurable - reject appropriately. 9947 (JSC::JSFunction::deleteProperty): 9948 - Attempting to delete prototype/caller should fail. 9949 (JSC::JSFunction::defineOwnProperty): 9950 - Ensure prototype is reified on attempt to reify it. 9951 - arguments/length/caller are non-writable, non-configurable - reject appropriately. 9952 * runtime/JSFunction.h: 9953 - added declaration for defineOwnProperty. 9954 (JSFunction): 9955 * runtime/StringObject.cpp: 9956 (JSC::StringObject::put): 9957 - length is non-writable, non-configurable - reject appropriately. 9958 99592012-03-06 Ulan Degenbaev <ulan@chromium.org> 9960 9961 TypedArray subarray call for subarray does not clamp the end index parameter properly 9962 https://bugs.webkit.org/show_bug.cgi?id=80285 9963 9964 Reviewed by Kenneth Russell. 9965 9966 * wtf/ArrayBufferView.h: 9967 (WTF::ArrayBufferView::calculateOffsetAndLength): 9968 99692012-03-06 Sheriff Bot <webkit.review.bot@gmail.com> 9970 9971 Unreviewed, rolling out r109837. 9972 http://trac.webkit.org/changeset/109837 9973 https://bugs.webkit.org/show_bug.cgi?id=80399 9974 9975 breaks Mac Productions builds, too late to try and fix it 9976 tonight (Requested by eseidel on #webkit). 9977 9978 * API/tests/JSNode.c: 9979 * API/tests/JSNodeList.c: 9980 * Configurations/Base.xcconfig: 9981 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 9982 * JavaScriptCore.xcodeproj/project.pbxproj: 9983 * assembler/MacroAssemblerCodeRef.h: 9984 * bytecompiler/BytecodeGenerator.h: 9985 * dfg/DFGOperations.cpp: 9986 * heap/GCAssertions.h: 9987 * heap/HandleHeap.h: 9988 * heap/HandleStack.h: 9989 * heap/MarkedSpace.h: 9990 * heap/PassWeak.h: 9991 * heap/Strong.h: 9992 * heap/Weak.h: 9993 * jit/HostCallReturnValue.cpp: 9994 * jit/JIT.cpp: 9995 * jit/JITStubs.cpp: 9996 * jit/ThunkGenerators.cpp: 9997 * parser/Lexer.cpp: 9998 * runtime/Completion.cpp: 9999 * runtime/Executable.cpp: 10000 * runtime/Identifier.h: 10001 * runtime/InitializeThreading.cpp: 10002 * runtime/JSDateMath.cpp: 10003 * runtime/JSGlobalObjectFunctions.cpp: 10004 * runtime/JSStringBuilder.h: 10005 * runtime/JSVariableObject.h: 10006 * runtime/NumberPrototype.cpp: 10007 * runtime/WriteBarrier.h: 10008 * tools/CodeProfile.cpp: 10009 * tools/TieredMMapArray.h: 10010 * yarr/YarrJIT.cpp: 10011 100122012-03-06 Zoltan Herczeg <zherczeg@webkit.org> 10013 10014 [Qt][ARM] Speculative buildfix after r109834. 10015 10016 Reviewed by Csaba Osztrogonác. 10017 10018 * assembler/MacroAssemblerARM.h: 10019 (JSC::MacroAssemblerARM::and32): 10020 (MacroAssemblerARM): 10021 100222012-03-05 Gavin Barraclough <barraclough@apple.com> 10023 10024 Unreviewed windows build fix pt 2. 10025 10026 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 10027 100282012-03-05 Gavin Barraclough <barraclough@apple.com> 10029 10030 Unreviewed windows build fix pt 1. 10031 10032 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 10033 100342012-03-05 Gavin Barraclough <barraclough@apple.com> 10035 10036 putByIndex should throw in strict mode 10037 https://bugs.webkit.org/show_bug.cgi?id=80335 10038 10039 Reviewed by Filip Pizlo. 10040 10041 Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter. 10042 10043 This is a largely mechanical change, simply adding an extra parameter to a number 10044 of functions. Some call sites need perform additional exception checks, and 10045 operationPutByValBeyondArrayBounds needs to know whether it is strict or not. 10046 10047 This patch doesn't fix a missing throw from some cases of shift/unshift (this is 10048 an existing bug), I'll follow up with a third patch to handle that. 10049 10050 * API/JSObjectRef.cpp: 10051 (JSObjectSetPropertyAtIndex): 10052 * JSCTypedArrayStubs.h: 10053 (JSC): 10054 * dfg/DFGOperations.cpp: 10055 (JSC::DFG::putByVal): 10056 * dfg/DFGOperations.h: 10057 * dfg/DFGSpeculativeJIT32_64.cpp: 10058 (JSC::DFG::SpeculativeJIT::compile): 10059 * dfg/DFGSpeculativeJIT64.cpp: 10060 (JSC::DFG::SpeculativeJIT::compile): 10061 * interpreter/Interpreter.cpp: 10062 (JSC::Interpreter::privateExecute): 10063 * jit/JITStubs.cpp: 10064 (JSC::DEFINE_STUB_FUNCTION): 10065 * jsc.cpp: 10066 (GlobalObject::finishCreation): 10067 * llint/LLIntSlowPaths.cpp: 10068 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 10069 * runtime/Arguments.cpp: 10070 (JSC::Arguments::putByIndex): 10071 * runtime/Arguments.h: 10072 (Arguments): 10073 * runtime/ArrayPrototype.cpp: 10074 (JSC::arrayProtoFuncPush): 10075 (JSC::arrayProtoFuncReverse): 10076 (JSC::arrayProtoFuncShift): 10077 (JSC::arrayProtoFuncSort): 10078 (JSC::arrayProtoFuncSplice): 10079 (JSC::arrayProtoFuncUnShift): 10080 * runtime/ClassInfo.h: 10081 (MethodTable): 10082 * runtime/JSArray.cpp: 10083 (JSC::SparseArrayValueMap::put): 10084 (JSC::JSArray::put): 10085 (JSC::JSArray::putByIndex): 10086 (JSC::JSArray::putByIndexBeyondVectorLength): 10087 (JSC::JSArray::push): 10088 (JSC::JSArray::shiftCount): 10089 (JSC::JSArray::unshiftCount): 10090 * runtime/JSArray.h: 10091 (SparseArrayValueMap): 10092 (JSArray): 10093 * runtime/JSByteArray.cpp: 10094 (JSC::JSByteArray::putByIndex): 10095 * runtime/JSByteArray.h: 10096 (JSByteArray): 10097 * runtime/JSCell.cpp: 10098 (JSC::JSCell::putByIndex): 10099 * runtime/JSCell.h: 10100 (JSCell): 10101 * runtime/JSNotAnObject.cpp: 10102 (JSC::JSNotAnObject::putByIndex): 10103 * runtime/JSNotAnObject.h: 10104 (JSNotAnObject): 10105 * runtime/JSONObject.cpp: 10106 (JSC::Walker::walk): 10107 * runtime/JSObject.cpp: 10108 (JSC::JSObject::putByIndex): 10109 * runtime/JSObject.h: 10110 (JSC::JSValue::putByIndex): 10111 * runtime/RegExpConstructor.cpp: 10112 (JSC::RegExpMatchesArray::fillArrayInstance): 10113 * runtime/RegExpMatchesArray.h: 10114 (JSC::RegExpMatchesArray::putByIndex): 10115 * runtime/StringPrototype.cpp: 10116 (JSC::stringProtoFuncSplit): 10117 101182012-03-05 Yuqiang Xian <yuqiang.xian@intel.com> 10119 10120 PredictNone is incorrectly treated as isDoublePrediction 10121 https://bugs.webkit.org/show_bug.cgi?id=80365 10122 10123 Reviewed by Filip Pizlo. 10124 10125 Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction. 10126 10127 * bytecode/PredictedType.h: 10128 (JSC::isFixedIndexedStorageObjectPrediction): 10129 (JSC::isDoublePrediction): 10130 101312012-03-05 Filip Pizlo <fpizlo@apple.com> 10132 10133 The LLInt should work even when the JIT is disabled 10134 https://bugs.webkit.org/show_bug.cgi?id=80340 10135 <rdar://problem/10922235> 10136 10137 Reviewed by Gavin Barraclough. 10138 10139 * assembler/MacroAssemblerCodeRef.h: 10140 (JSC::MacroAssemblerCodePtr::createLLIntCodePtr): 10141 (MacroAssemblerCodeRef): 10142 (JSC::MacroAssemblerCodeRef::createLLIntCodeRef): 10143 * interpreter/Interpreter.cpp: 10144 (JSC::Interpreter::initialize): 10145 (JSC::Interpreter::execute): 10146 (JSC::Interpreter::executeCall): 10147 (JSC::Interpreter::executeConstruct): 10148 * jit/JIT.h: 10149 (JSC::JIT::compileCTINativeCall): 10150 * jit/JITStubs.h: 10151 (JSC::JITThunks::ctiNativeCall): 10152 (JSC::JITThunks::ctiNativeConstruct): 10153 * llint/LLIntEntrypoints.cpp: 10154 (JSC::LLInt::getFunctionEntrypoint): 10155 (JSC::LLInt::getEvalEntrypoint): 10156 (JSC::LLInt::getProgramEntrypoint): 10157 * llint/LLIntSlowPaths.cpp: 10158 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 10159 (LLInt): 10160 * llint/LLIntSlowPaths.h: 10161 (LLInt): 10162 * llint/LowLevelInterpreter.h: 10163 * llint/LowLevelInterpreter32_64.asm: 10164 * runtime/Executable.h: 10165 (NativeExecutable): 10166 (JSC::NativeExecutable::create): 10167 (JSC::NativeExecutable::finishCreation): 10168 * runtime/JSGlobalData.cpp: 10169 (JSC::JSGlobalData::JSGlobalData): 10170 * runtime/JSGlobalData.h: 10171 (JSGlobalData): 10172 * runtime/Options.cpp: 10173 (Options): 10174 (JSC::Options::parse): 10175 (JSC::Options::initializeOptions): 10176 * runtime/Options.h: 10177 (Options): 10178 * wtf/Platform.h: 10179 101802012-03-05 Yuqiang Xian <yuqiang.xian@intel.com> 10181 10182 Checks for dead variables are not sufficient when fixing the expected 10183 values in DFG OSR entry 10184 https://bugs.webkit.org/show_bug.cgi?id=80371 10185 10186 Reviewed by Filip Pizlo. 10187 10188 A dead variable should be identified when there's no node referencing it. 10189 But we currently failed to catch the case where there are some nodes 10190 referencing a variable but those nodes are actually not referenced by 10191 others so will be ignored in code generation. In such case we should 10192 also consider that variable to be a dead variable in the block and fix 10193 the expected values. 10194 This is performance neutral on SunSpider, V8 and Kraken. 10195 10196 * dfg/DFGJITCompiler.h: 10197 (JSC::DFG::JITCompiler::noticeOSREntry): 10198 101992012-03-05 Oliver Hunt <oliver@apple.com> 10200 10201 Fix Qt build. 10202 10203 * assembler/AbstractMacroAssembler.h: 10204 * assembler/MacroAssembler.h: 10205 (MacroAssembler): 10206 * dfg/DFGSpeculativeJIT.cpp: 10207 (JSC::DFG::SpeculativeJIT::compileArithSub): 10208 * jit/JITArithmetic32_64.cpp: 10209 (JSC::JIT::emitSub32Constant): 10210 102112012-03-05 Eric Seidel <eric@webkit.org> 10212 10213 Update JavaScriptCore files to use fully-qualified WTF include paths 10214 https://bugs.webkit.org/show_bug.cgi?id=79960 10215 10216 Reviewed by Adam Barth. 10217 10218 This change does 5 small/related things: 10219 1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include 10220 (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj 10221 was not installing headers there.) 10222 2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their 10223 header search path, as that's where the WTF headers will be installed. 10224 3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/* 10225 in addition to the current behavior of flattening all headers to PrivateHeaders/*.h. 10226 4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h" 10227 since soon the WTF headers will not be part of the JavaScriptCore Xcode project. 10228 5. Makes build-webkit build the WTF XCode project by default. 10229 10230 * API/tests/JSNode.c: 10231 * API/tests/JSNodeList.c: 10232 * Configurations/Base.xcconfig: 10233 * assembler/MacroAssemblerCodeRef.h: 10234 * bytecompiler/BytecodeGenerator.h: 10235 * dfg/DFGOperations.cpp: 10236 * heap/GCAssertions.h: 10237 * heap/HandleHeap.h: 10238 * heap/HandleStack.h: 10239 * heap/MarkedSpace.h: 10240 * heap/PassWeak.h: 10241 * heap/Strong.h: 10242 * heap/Weak.h: 10243 * jit/HostCallReturnValue.cpp: 10244 * jit/JIT.cpp: 10245 * jit/JITStubs.cpp: 10246 * jit/ThunkGenerators.cpp: 10247 * parser/Lexer.cpp: 10248 * runtime/Completion.cpp: 10249 * runtime/Executable.cpp: 10250 * runtime/Identifier.h: 10251 * runtime/InitializeThreading.cpp: 10252 * runtime/JSDateMath.cpp: 10253 * runtime/JSGlobalObjectFunctions.cpp: 10254 * runtime/JSStringBuilder.h: 10255 * runtime/JSVariableObject.h: 10256 * runtime/NumberPrototype.cpp: 10257 * runtime/WriteBarrier.h: 10258 * tools/CodeProfile.cpp: 10259 * tools/TieredMMapArray.h: 10260 * yarr/YarrJIT.cpp: 10261 102622012-03-05 Oliver Hunt <oliver@apple.com> 10263 10264 Add basic support for constant blinding to the JIT 10265 https://bugs.webkit.org/show_bug.cgi?id=80354 10266 10267 Reviewed by Filip Pizlo. 10268 10269 This patch adds basic constant blinding support to the JIT, at the 10270 MacroAssembler level. This means all JITs in JSC (Yarr, baseline, and DFG) 10271 get constant blinding. Woo! 10272 10273 This patch only introduces blinding for Imm32, a later patch will do similar 10274 for ImmPtr. In order to make misuse of Imm32 as a trusted type essentially 10275 impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit 10276 accessor that's needed to access the actual value. This also means you cannot 10277 accidentally pass an untrusted value to a function that does not perform 10278 blinding. 10279 10280 To make everything work sensibly, this patch also corrects some code that was using 10281 Imm32 when TrustedImm32 could be used, and refactors a few callers that use 10282 untrusted immediates, so that they call slightly different varaints of the functions 10283 that they used previously. This is largely necessary to deal with x86-32 not having 10284 sufficient registers to handle the additional work required when we choose to blind 10285 a constant. 10286 10287 * assembler/AbstractMacroAssembler.h: 10288 (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32): 10289 (Imm32): 10290 (JSC::AbstractMacroAssembler::beginUninterruptedSequence): 10291 (JSC::AbstractMacroAssembler::endUninterruptedSequence): 10292 (JSC::AbstractMacroAssembler::AbstractMacroAssembler): 10293 (AbstractMacroAssembler): 10294 (JSC::AbstractMacroAssembler::inUninterruptedSequence): 10295 (JSC::AbstractMacroAssembler::random): 10296 (JSC::AbstractMacroAssembler::scratchRegisterForBlinding): 10297 (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch): 10298 * assembler/MacroAssembler.h: 10299 (JSC::MacroAssembler::addressForPoke): 10300 (MacroAssembler): 10301 (JSC::MacroAssembler::poke): 10302 (JSC::MacroAssembler::branchPtr): 10303 (JSC::MacroAssembler::branch32): 10304 (JSC::MacroAssembler::convertInt32ToDouble): 10305 (JSC::MacroAssembler::shouldBlind): 10306 (JSC::MacroAssembler::BlindedImm32::BlindedImm32): 10307 (BlindedImm32): 10308 (JSC::MacroAssembler::keyForConstant): 10309 (JSC::MacroAssembler::xorBlindConstant): 10310 (JSC::MacroAssembler::additionBlindedConstant): 10311 (JSC::MacroAssembler::andBlindedConstant): 10312 (JSC::MacroAssembler::orBlindedConstant): 10313 (JSC::MacroAssembler::loadXorBlindedConstant): 10314 (JSC::MacroAssembler::add32): 10315 (JSC::MacroAssembler::addPtr): 10316 (JSC::MacroAssembler::and32): 10317 (JSC::MacroAssembler::andPtr): 10318 (JSC::MacroAssembler::move): 10319 (JSC::MacroAssembler::or32): 10320 (JSC::MacroAssembler::store32): 10321 (JSC::MacroAssembler::sub32): 10322 (JSC::MacroAssembler::subPtr): 10323 (JSC::MacroAssembler::xor32): 10324 (JSC::MacroAssembler::branchAdd32): 10325 (JSC::MacroAssembler::branchMul32): 10326 (JSC::MacroAssembler::branchSub32): 10327 (JSC::MacroAssembler::trustedImm32ForShift): 10328 (JSC::MacroAssembler::lshift32): 10329 (JSC::MacroAssembler::rshift32): 10330 (JSC::MacroAssembler::urshift32): 10331 * assembler/MacroAssemblerARMv7.h: 10332 (MacroAssemblerARMv7): 10333 (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding): 10334 (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch): 10335 * assembler/MacroAssemblerX86_64.h: 10336 (JSC::MacroAssemblerX86_64::branchSubPtr): 10337 (MacroAssemblerX86_64): 10338 (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding): 10339 * dfg/DFGJITCompiler.cpp: 10340 (JSC::DFG::JITCompiler::linkOSRExits): 10341 (JSC::DFG::JITCompiler::compileBody): 10342 (JSC::DFG::JITCompiler::compileFunction): 10343 * dfg/DFGOSRExitCompiler32_64.cpp: 10344 (JSC::DFG::OSRExitCompiler::compileExit): 10345 * dfg/DFGOSRExitCompiler64.cpp: 10346 (JSC::DFG::OSRExitCompiler::compileExit): 10347 * dfg/DFGSpeculativeJIT.cpp: 10348 (JSC::DFG::SpeculativeJIT::compile): 10349 (JSC::DFG::SpeculativeJIT::compileArithSub): 10350 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): 10351 * dfg/DFGSpeculativeJIT.h: 10352 (JSC::DFG::SpeculativeJIT::callOperation): 10353 * dfg/DFGSpeculativeJIT32_64.cpp: 10354 (JSC::DFG::SpeculativeJIT::emitCall): 10355 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 10356 (JSC::DFG::SpeculativeJIT::compileDoubleCompare): 10357 (JSC::DFG::SpeculativeJIT::compile): 10358 * dfg/DFGSpeculativeJIT64.cpp: 10359 (JSC::DFG::SpeculativeJIT::emitCall): 10360 (JSC::DFG::SpeculativeJIT::compileDoubleCompare): 10361 (JSC::DFG::SpeculativeJIT::compile): 10362 * jit/JIT.cpp: 10363 (JSC::JIT::privateCompileSlowCases): 10364 (JSC::JIT::privateCompile): 10365 * jit/JITArithmetic.cpp: 10366 (JSC::JIT::compileBinaryArithOp): 10367 (JSC::JIT::emit_op_add): 10368 (JSC::JIT::emit_op_mul): 10369 (JSC::JIT::emit_op_div): 10370 * jit/JITArithmetic32_64.cpp: 10371 (JSC::JIT::emitAdd32Constant): 10372 (JSC::JIT::emitSub32Constant): 10373 (JSC::JIT::emitBinaryDoubleOp): 10374 (JSC::JIT::emitSlow_op_mul): 10375 (JSC::JIT::emit_op_div): 10376 * jit/JITCall.cpp: 10377 (JSC::JIT::compileLoadVarargs): 10378 * jit/JITCall32_64.cpp: 10379 (JSC::JIT::compileLoadVarargs): 10380 * jit/JITInlineMethods.h: 10381 (JSC::JIT::updateTopCallFrame): 10382 (JSC::JIT::emitValueProfilingSite): 10383 * jit/JITOpcodes32_64.cpp: 10384 (JSC::JIT::emitSlow_op_jfalse): 10385 (JSC::JIT::emitSlow_op_jtrue): 10386 * jit/JITStubCall.h: 10387 (JITStubCall): 10388 (JSC::JITStubCall::addArgument): 10389 * yarr/YarrJIT.cpp: 10390 (JSC::Yarr::YarrGenerator::backtrack): 10391 103922012-03-05 Gavin Barraclough <barraclough@apple.com> 10393 10394 putByIndex should throw in strict mode 10395 https://bugs.webkit.org/show_bug.cgi?id=80335 10396 10397 Reviewed by Filip Pizlo. 10398 10399 We'll need to pass an additional parameter. 10400 10401 Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex() 10402 to match the method in the MethodTable, make this take a parameter indicating 10403 whether the put should throw. This fixes the cases where the base of the put 10404 is a primitive. 10405 10406 * dfg/DFGOperations.cpp: 10407 (DFG): 10408 (JSC::DFG::putByVal): 10409 (JSC::DFG::operationPutByValInternal): 10410 * interpreter/Interpreter.cpp: 10411 (JSC::Interpreter::execute): 10412 (JSC::Interpreter::privateExecute): 10413 * jit/JITStubs.cpp: 10414 (JSC::DEFINE_STUB_FUNCTION): 10415 * llint/LLIntSlowPaths.cpp: 10416 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 10417 * runtime/JSObject.h: 10418 (JSC::JSValue::putByIndex): 10419 * runtime/JSValue.cpp: 10420 (JSC): 10421 * runtime/JSValue.h: 10422 (JSValue): 10423 104242012-03-05 Sam Weinig <sam@webkit.org> 10425 10426 Add support for hosting layers in the window server in WebKit2 10427 <rdar://problem/10400246> 10428 https://bugs.webkit.org/show_bug.cgi?id=80310 10429 10430 Reviewed by Anders Carlsson. 10431 10432 * wtf/Platform.h: 10433 Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER. 10434 104352012-03-05 Filip Pizlo <fpizlo@apple.com> 10436 10437 Unreviewed, attempted build fix for !ENABLE(JIT) after r109705. 10438 10439 * bytecode/ExecutionCounter.cpp: 10440 (JSC::ExecutionCounter::applyMemoryUsageHeuristics): 10441 * bytecode/ExecutionCounter.h: 10442 104432012-03-05 Patrick Gansterer <paroga@webkit.org> 10444 10445 Unreviewed. Build fix for !ENABLE(JIT) after r109705. 10446 10447 * bytecode/ExecutionCounter.cpp: 10448 * bytecode/ExecutionCounter.h: 10449 104502012-03-05 Andy Wingo <wingo@igalia.com> 10451 10452 Lexer: Specialize character predicates for LChar, UChar 10453 https://bugs.webkit.org/show_bug.cgi?id=79677 10454 10455 Reviewed by Oliver Hunt. 10456 10457 This patch specializes isIdentStart, isIdentPart, isWhiteSpace, 10458 and isLineTerminator to perform a more limited number of checks if 10459 the lexer is being instantiated to work on LChar sequences. This 10460 is about a 1.5% win on the --parse-only suite, here. 10461 10462 * parser/Lexer.cpp: 10463 (JSC::isLatin1): New static helper, specialized for LChar and 10464 UChar. 10465 (JSC::typesOfLatin1Characters): Rename from 10466 typesOfASCIICharacters, and expand to the range of the LChar 10467 type. All uses of isASCII are changed to use isLatin1. Generated 10468 using libunistring. 10469 (JSC::isNonLatin1IdentStart): 10470 (JSC::isIdentStart): 10471 (JSC::isNonLatin1IdentPart): 10472 (JSC::isIdentPart): 10473 (JSC::Lexer::shiftLineTerminator): 10474 (JSC::Lexer::parseIdentifier): 10475 (JSC::Lexer::parseIdentifierSlowCase): 10476 (JSC::Lexer::parseStringSlowCase): 10477 (JSC::Lexer::parseMultilineComment): 10478 (JSC::Lexer::lex): 10479 (JSC::Lexer::scanRegExp): 10480 (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around. 10481 * parser/Lexer.h: 10482 (JSC::Lexer::isWhiteSpace): 10483 (JSC::Lexer::isLineTerminator): 10484 * KeywordLookupGenerator.py: 10485 (Trie.printAsC): Declare specialized isIdentPart static functions. 10486 104872012-03-05 Carlos Garcia Campos <cgarcia@igalia.com> 10488 10489 Unreviewed. Fix make distcheck. 10490 10491 * GNUmakefile.list.am: Add missing header file. 10492 104932012-03-05 Andy Wingo <wingo@igalia.com> 10494 10495 WTF: Micro-optimize cleanup of empty vectors and hash tables 10496 https://bugs.webkit.org/show_bug.cgi?id=79903 10497 10498 Reviewed by Michael Saboff and Geoffrey Garen. 10499 10500 This patch speeds up cleanup of vectors and hash tables whose 10501 backing store was never allocated. This is the case by default 10502 for most vectors / hash tables that never had any entries added. 10503 10504 The result for me is that calling checkSyntax 1000 times on 10505 concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a 10506 2.4% speedup. 10507 10508 * wtf/HashTable.h: 10509 (WTF::HashTable::~HashTable): 10510 (WTF::::clear): Don't deallocate the storage or frob member 10511 variables if there is no backing storage. 10512 * wtf/Vector.h: 10513 (WTF::VectorBufferBase::deallocateBuffer): Likewise. 10514 105152012-03-04 Filip Pizlo <fpizlo@apple.com> 10516 10517 JIT heuristics should be hyperbolic 10518 https://bugs.webkit.org/show_bug.cgi?id=80055 10519 <rdar://problem/10922260> 10520 10521 Reviewed by Oliver Hunt. 10522 10523 Added tracking of the amount of executable memory typically used for a bytecode 10524 instruction. Modified the execution counter scheme to use this, and the amount 10525 of free memory, to determine how long to wait before invoking the JIT. 10526 10527 The result is that even if we bomb the VM with more code than can fit in our 10528 executable memory pool, we still keep running and almost never run out of 10529 executable memory - which ensures that if we have to JIT something critical, then 10530 we'll likely have enough memory to do so. This also does not regress performance 10531 on the three main benchmarks. 10532 10533 * CMakeLists.txt: 10534 * GNUmakefile.list.am: 10535 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 10536 * JavaScriptCore.xcodeproj/project.pbxproj: 10537 * Target.pri: 10538 * bytecode/CodeBlock.cpp: 10539 (JSC::CodeBlock::predictedMachineCodeSize): 10540 (JSC): 10541 (JSC::CodeBlock::usesOpcode): 10542 * bytecode/CodeBlock.h: 10543 (CodeBlock): 10544 (JSC::CodeBlock::checkIfJITThresholdReached): 10545 (JSC::CodeBlock::dontJITAnytimeSoon): 10546 (JSC::CodeBlock::jitAfterWarmUp): 10547 (JSC::CodeBlock::jitSoon): 10548 (JSC::CodeBlock::llintExecuteCounter): 10549 (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): 10550 (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): 10551 (JSC::CodeBlock::addressOfJITExecuteCounter): 10552 (JSC::CodeBlock::offsetOfJITExecuteCounter): 10553 (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold): 10554 (JSC::CodeBlock::offsetOfJITExecutionTotalCount): 10555 (JSC::CodeBlock::jitExecuteCounter): 10556 (JSC::CodeBlock::checkIfOptimizationThresholdReached): 10557 (JSC::CodeBlock::optimizeNextInvocation): 10558 (JSC::CodeBlock::dontOptimizeAnytimeSoon): 10559 (JSC::CodeBlock::optimizeAfterWarmUp): 10560 (JSC::CodeBlock::optimizeAfterLongWarmUp): 10561 (JSC::CodeBlock::optimizeSoon): 10562 * bytecode/ExecutionCounter.cpp: Added. 10563 (JSC): 10564 (JSC::ExecutionCounter::ExecutionCounter): 10565 (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet): 10566 (JSC::ExecutionCounter::setNewThreshold): 10567 (JSC::ExecutionCounter::deferIndefinitely): 10568 (JSC::ExecutionCounter::applyMemoryUsageHeuristics): 10569 (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt): 10570 (JSC::ExecutionCounter::hasCrossedThreshold): 10571 (JSC::ExecutionCounter::setThreshold): 10572 (JSC::ExecutionCounter::reset): 10573 * bytecode/ExecutionCounter.h: Added. 10574 (JSC): 10575 (ExecutionCounter): 10576 (JSC::ExecutionCounter::formattedTotalCount): 10577 * dfg/DFGOSRExitCompiler32_64.cpp: 10578 (JSC::DFG::OSRExitCompiler::compileExit): 10579 * dfg/DFGOSRExitCompiler64.cpp: 10580 (JSC::DFG::OSRExitCompiler::compileExit): 10581 * jit/ExecutableAllocator.cpp: 10582 (JSC::DemandExecutableAllocator::allocateNewSpace): 10583 (JSC::ExecutableAllocator::underMemoryPressure): 10584 (JSC): 10585 (JSC::ExecutableAllocator::memoryPressureMultiplier): 10586 * jit/ExecutableAllocator.h: 10587 * jit/ExecutableAllocatorFixedVMPool.cpp: 10588 (JSC::ExecutableAllocator::memoryPressureMultiplier): 10589 (JSC): 10590 * jit/JIT.cpp: 10591 (JSC::JIT::privateCompile): 10592 * jit/JITStubs.cpp: 10593 (JSC::DEFINE_STUB_FUNCTION): 10594 * llint/LLIntSlowPaths.cpp: 10595 (JSC::LLInt::jitCompileAndSetHeuristics): 10596 * llint/LowLevelInterpreter32_64.asm: 10597 * runtime/JSGlobalData.h: 10598 (JSGlobalData): 10599 * runtime/Options.cpp: 10600 (Options): 10601 (JSC::Options::initializeOptions): 10602 * runtime/Options.h: 10603 (Options): 10604 * wtf/SimpleStats.h: Added. 10605 (WTF): 10606 (SimpleStats): 10607 (WTF::SimpleStats::SimpleStats): 10608 (WTF::SimpleStats::add): 10609 (WTF::SimpleStats::operator!): 10610 (WTF::SimpleStats::count): 10611 (WTF::SimpleStats::sum): 10612 (WTF::SimpleStats::sumOfSquares): 10613 (WTF::SimpleStats::mean): 10614 (WTF::SimpleStats::variance): 10615 (WTF::SimpleStats::standardDeviation): 10616 106172012-03-04 Raphael Kubo da Costa <kubo@profusion.mobi> 10618 10619 [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64 10620 https://bugs.webkit.org/show_bug.cgi?id=71507 10621 10622 Reviewed by Antonio Gomes. 10623 10624 * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib". 10625 106262012-03-04 David Kilzer <ddkilzer@apple.com> 10627 10628 Fix build when the classic interpreter is enabled 10629 10630 Reviewed by Gavin Barraclough. 10631 10632 Fixes the following build error when running the "Generate 10633 Derived Sources" build phase script: 10634 10635 offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h. 10636 ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception 10637 from JavaScriptCore/offlineasm/asm.rb:131 10638 Command /bin/sh failed with exit code 1 10639 10640 Gavin's fix in r109674 avoided the #error statement in 10641 JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it 10642 caused the "Generate Derived Sources" build phase script to fail 10643 when JavaScriptCore/offlineasm/asm.rb was run. The solution is 10644 to detect when the classic interpreter is being built and simply 10645 exit early from asm.rb in that case. 10646 10647 * llint/LLIntOffsetsExtractor.cpp: 10648 (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the 10649 JIT is disabled. Note that offsets.rb doesn't care about the 10650 return value here, but instead it cares about finding the magic 10651 values in the binary. The magic values are no longer present 10652 when the JIT is disabled. 10653 * offlineasm/asm.rb: Catch MissingMagicValuesException and exit 10654 early with a status message. 10655 * offlineasm/offsets.rb: 10656 (MissingMagicValuesException): Add new exception class. 10657 (offsetsAndConfigurationIndex): Throw 10658 MissingMagicValuesException when no magic values are found. 10659 106602012-03-04 Jurij Smakov <jurij@wooyd.org> 10661 10662 SPARC also needs aligned accesses. 10663 10664 Rubber-stamped by Gustavo Noronha Silva. 10665 10666 * wtf/Platform.h: 10667 106682012-03-04 Gavin Barraclough <barraclough@apple.com> 10669 10670 Unreviewed build fix. 10671 10672 * jit/JITStubs.h: 10673 - Move ENABLE(JIT) to head of file. 10674 106752012-03-03 Gavin Barraclough <barraclough@apple.com> 10676 10677 Split JSArray's [[Put]] & [[DefineOwnProperty]] traps. 10678 https://bugs.webkit.org/show_bug.cgi?id=80217 10679 10680 Reviewed by Filip Pizlo. 10681 10682 putByIndex() provides similar behavior to put(), but for indexed property names. 10683 Many places in ArrayPrototype call putByIndex() where they really mean to call 10684 [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be 10685 calling numeric accessors (& respecting numeric read only properties) on the 10686 prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's 10687 putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface. 10688 10689 * runtime/ArrayPrototype.cpp: 10690 (JSC::arrayProtoFuncConcat): 10691 (JSC::arrayProtoFuncSlice): 10692 (JSC::arrayProtoFuncFilter): 10693 (JSC::arrayProtoFuncMap): 10694 * runtime/JSArray.cpp: 10695 (JSC): 10696 (JSC::reject): 10697 (JSC::SparseArrayValueMap::putDirect): 10698 (JSC::JSArray::defineOwnNumericProperty): 10699 (JSC::JSArray::putByIndexBeyondVectorLength): 10700 (JSC::JSArray::putDirectIndexBeyondVectorLength): 10701 * runtime/JSArray.h: 10702 (SparseArrayValueMap): 10703 (JSArray): 10704 (JSC::JSArray::putDirectIndex): 10705 107062012-03-03 Benjamin Poulain <benjamin@webkit.org> 10707 10708 Implement the basis of KURLWTFURL 10709 https://bugs.webkit.org/show_bug.cgi?id=79600 10710 10711 Reviewed by Adam Barth. 10712 10713 Add an API to know if a ParsedURL is valid. 10714 10715 * wtf/url/api/ParsedURL.cpp: 10716 (WTF::ParsedURL::ParsedURL): 10717 (WTF): 10718 (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread 10719 and by KURL's detach() on write. 10720 (WTF::ParsedURL::baseAsString): 10721 (WTF::ParsedURL::segment): 10722 Add a stronger constraint on accessors: the client of this API should never ask for the segments 10723 on an invalid URL. 10724 * wtf/url/api/ParsedURL.h: 10725 (WTF): 10726 (WTF::ParsedURL::ParsedURL): 10727 (ParsedURL): 10728 (WTF::ParsedURL::isValid): 10729 107302012-03-03 Hans Wennborg <hans@chromium.org> 10731 10732 Implement Speech JavaScript API 10733 https://bugs.webkit.org/show_bug.cgi?id=80019 10734 10735 Reviewed by Adam Barth. 10736 10737 Add ENABLE_SCRIPTED_SPEECH. 10738 10739 * Configurations/FeatureDefines.xcconfig: 10740 107412012-03-02 Filip Pizlo <fpizlo@apple.com> 10742 10743 When getting the line number of a call into a call frame with no code block, it's 10744 incorrect to rely on the returnPC 10745 https://bugs.webkit.org/show_bug.cgi?id=80195 10746 10747 Reviewed by Oliver Hunt. 10748 10749 * interpreter/Interpreter.cpp: 10750 (JSC::getCallerInfo): 10751 * jit/JITCall.cpp: 10752 (JSC::JIT::compileLoadVarargs): 10753 107542012-03-02 Han Hojong <hojong.han@samsung.com> 10755 10756 Expected results updated for checking type conversion 10757 https://bugs.webkit.org/show_bug.cgi?id=80138 10758 10759 Reviewed by Gavin Barraclough. 10760 10761 * tests/mozilla/ecma/TypeConversion/9.3.1-3.js: 10762 107632012-03-02 Kenichi Ishibashi <bashi@chromium.org> 10764 10765 Adding WebSocket per-frame DEFLATE extension 10766 https://bugs.webkit.org/show_bug.cgi?id=77522 10767 10768 Added USE(ZLIB) flag. 10769 10770 Reviewed by Kent Tamura. 10771 10772 * wtf/Platform.h: 10773 107742012-03-02 Filip Pizlo <fpizlo@apple.com> 10775 10776 Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled. 10777 10778 * bytecode/CodeBlock.cpp: 10779 (JSC::CodeBlock::visitAggregate): 10780 107812012-03-01 Filip Pizlo <fpizlo@apple.com> 10782 10783 DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by 10784 virtue of being in the transitive closure 10785 https://bugs.webkit.org/show_bug.cgi?id=80098 10786 10787 Reviewed by Anders Carlsson. 10788 10789 If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable, 10790 then you might have the visitAggregate() method called concurrently by multiple threads. 10791 This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be 10792 racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash 10793 due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction(). 10794 10795 It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are 10796 not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace 10797 any CodeBlock that it knows to be live by virtue of it being reachable from the stack. 10798 Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate() 10799 don't lead to two threads racing over each other as they clobber state. This patch 10800 achieves this with a simple CAS loop: whichever thread wins the CAS race (which is 10801 trivially linearizable) will get to trace the CodeBlock; all other threads give up and 10802 go home. 10803 10804 Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10 10805 times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it 10806 even when it's gotten sufficient counts. But that takes a while - sometimes up to a 10807 minute to get a crash. I have no other reliable repro case. 10808 10809 * bytecode/CodeBlock.cpp: 10810 (JSC::CodeBlock::visitAggregate): 10811 * bytecode/CodeBlock.h: 10812 (DFGData): 10813 * heap/DFGCodeBlocks.cpp: 10814 (JSC::DFGCodeBlocks::clearMarks): 10815 108162012-03-01 Filip Pizlo <fpizlo@apple.com> 10817 10818 The JIT should not crash the entire process just because there is not enough executable 10819 memory, if the LLInt is enabled 10820 https://bugs.webkit.org/show_bug.cgi?id=79962 10821 10822 Reviewed by Csaba Osztrogonác. 10823 10824 Fix for ARM, SH4. 10825 10826 * assembler/AssemblerBufferWithConstantPool.h: 10827 (JSC::AssemblerBufferWithConstantPool::executableCopy): 10828 108292012-03-01 Ryosuke Niwa <rniwa@webkit.org> 10830 10831 Revert my change. Broke builds. 10832 Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)' 10833 Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i 10834 10835 * wtf/Atomics.h: 10836 (WTF): 10837 (WTF::weakCompareAndSwap): 10838 108392012-03-01 Ryosuke Niwa <rniwa@webkit.org> 10840 10841 Gcc build fix. 10842 10843 Rubber-stamped by Filip Pizlo. 10844 10845 * wtf/Atomics.h: 10846 (WTF): 10847 (WTF::weakCompareAndSwap): 10848 108492012-03-01 Gavin Barraclough <barraclough@apple.com> 10850 10851 ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller 10852 https://bugs.webkit.org/show_bug.cgi?id=80011 10853 10854 Reviewed by Oliver Hunt. 10855 10856 Also, fix getting the caller from within a bound function, for within a getter, 10857 or setter (make our implementation match other browsers). 10858 10859 * interpreter/Interpreter.cpp: 10860 (JSC::getCallerInfo): 10861 - Allow this to get the caller of host functions. 10862 (JSC::Interpreter::retrieveCallerFromVMCode): 10863 - This should use getCallerInfo, and should skip over function bindings. 10864 * runtime/JSFunction.cpp: 10865 (JSC::JSFunction::callerGetter): 10866 - This should never return a strict-mode function. 10867 108682012-03-01 Yuqiang Xian <yuqiang.xian@intel.com> 10869 10870 DFG local CSE for a node can be terminated earlier 10871 https://bugs.webkit.org/show_bug.cgi?id=80014 10872 10873 Reviewed by Filip Pizlo. 10874 10875 When one of the node's childredn is met in the process of back traversing 10876 the nodes, we don't need to traverse the remaining nodes. 10877 This is performance neutral on SunSpider, V8 and Kraken. 10878 10879 * dfg/DFGCSEPhase.cpp: 10880 (JSC::DFG::CSEPhase::pureCSE): 10881 (JSC::DFG::CSEPhase::impureCSE): 10882 (JSC::DFG::CSEPhase::getByValLoadElimination): 10883 (JSC::DFG::CSEPhase::checkFunctionElimination): 10884 (JSC::DFG::CSEPhase::checkStructureLoadElimination): 10885 (JSC::DFG::CSEPhase::getByOffsetLoadElimination): 10886 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): 10887 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): 10888 108892012-02-29 Yuqiang Xian <yuqiang.xian@intel.com> 10890 10891 DFG BasicBlocks should not require that their nodes have continuous indices in the graph 10892 https://bugs.webkit.org/show_bug.cgi?id=79899 10893 10894 Reviewed by Filip Pizlo. 10895 10896 This will make it more convenient to insert nodes into the DFG. 10897 With this capability we now place the Phi nodes in the corresponding 10898 blocks. 10899 Local CSE is modified to not to rely on the assumption of continuous 10900 node indices in a block. 10901 This is performance neutral on SunSpider, V8 and Kraken. 10902 10903 * dfg/DFGAbstractState.cpp: 10904 (JSC::DFG::AbstractState::AbstractState): 10905 (JSC::DFG::AbstractState::beginBasicBlock): 10906 (JSC::DFG::AbstractState::execute): 10907 (JSC::DFG::AbstractState::clobberStructures): 10908 (JSC::DFG::AbstractState::mergeToSuccessors): 10909 (JSC::DFG::AbstractState::dump): 10910 * dfg/DFGAbstractState.h: 10911 (JSC::DFG::AbstractState::forNode): 10912 (AbstractState): 10913 * dfg/DFGArithNodeFlagsInferencePhase.cpp: 10914 (ArithNodeFlagsInferencePhase): 10915 * dfg/DFGBasicBlock.h: 10916 (JSC::DFG::BasicBlock::BasicBlock): 10917 (BasicBlock): 10918 * dfg/DFGByteCodeParser.cpp: 10919 (JSC::DFG::ByteCodeParser::addToGraph): 10920 (ByteCodeParser): 10921 (JSC::DFG::ByteCodeParser::insertPhiNode): 10922 (JSC::DFG::ByteCodeParser::handleInlining): 10923 (JSC::DFG::ByteCodeParser::parseBlock): 10924 (JSC::DFG::ByteCodeParser::processPhiStack): 10925 (JSC::DFG::ByteCodeParser::linkBlock): 10926 (JSC::DFG::ByteCodeParser::determineReachability): 10927 (JSC::DFG::ByteCodeParser::parseCodeBlock): 10928 * dfg/DFGCFAPhase.cpp: 10929 (JSC::DFG::CFAPhase::performBlockCFA): 10930 (CFAPhase): 10931 * dfg/DFGCSEPhase.cpp: 10932 (JSC::DFG::CSEPhase::CSEPhase): 10933 (JSC::DFG::CSEPhase::endIndexForPureCSE): 10934 (JSC::DFG::CSEPhase::pureCSE): 10935 (JSC::DFG::CSEPhase::impureCSE): 10936 (JSC::DFG::CSEPhase::globalVarLoadElimination): 10937 (JSC::DFG::CSEPhase::getByValLoadElimination): 10938 (JSC::DFG::CSEPhase::checkFunctionElimination): 10939 (JSC::DFG::CSEPhase::checkStructureLoadElimination): 10940 (JSC::DFG::CSEPhase::getByOffsetLoadElimination): 10941 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): 10942 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): 10943 (JSC::DFG::CSEPhase::getScopeChainLoadElimination): 10944 (JSC::DFG::CSEPhase::performNodeCSE): 10945 (JSC::DFG::CSEPhase::performBlockCSE): 10946 (CSEPhase): 10947 * dfg/DFGGraph.cpp: 10948 (JSC::DFG::Graph::dump): 10949 * dfg/DFGPhase.cpp: 10950 (JSC::DFG::Phase::beginPhase): 10951 * dfg/DFGSpeculativeJIT.cpp: 10952 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare): 10953 (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): 10954 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 10955 (JSC::DFG::SpeculativeJIT::compile): 10956 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): 10957 (JSC::DFG::SpeculativeJIT::compileStrictEq): 10958 * dfg/DFGSpeculativeJIT.h: 10959 (SpeculativeJIT): 10960 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): 10961 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 10962 * dfg/DFGSpeculativeJIT32_64.cpp: 10963 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): 10964 * dfg/DFGSpeculativeJIT64.cpp: 10965 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): 10966 * dfg/DFGVirtualRegisterAllocationPhase.cpp: 10967 (JSC::DFG::VirtualRegisterAllocationPhase::run): 10968 109692012-02-29 Filip Pizlo <fpizlo@apple.com> 10970 10971 The JIT should not crash the entire process just because there is not 10972 enough executable memory, if the LLInt is enabled 10973 https://bugs.webkit.org/show_bug.cgi?id=79962 10974 <rdar://problem/10922215> 10975 10976 Unreviewed, adding forgotten file. 10977 10978 * jit/JITCompilationEffort.h: Added. 10979 (JSC): 10980 109812012-02-29 Filip Pizlo <fpizlo@apple.com> 10982 10983 The JIT should not crash the entire process just because there is not 10984 enough executable memory, if the LLInt is enabled 10985 https://bugs.webkit.org/show_bug.cgi?id=79962 10986 <rdar://problem/10922215> 10987 10988 Reviewed by Gavin Barraclough. 10989 10990 Added the notion of JITCompilationEffort. If we're JIT'ing as a result of 10991 a tier-up, then we set it to JITCompilationCanFail. Otherwise it's 10992 JITCompilationMustSucceed. This preserves the old behavior of LLInt is 10993 disabled or if we're compiling something that can't be interpreted (like 10994 an OSR exit stub). 10995 10996 * JavaScriptCore.xcodeproj/project.pbxproj: 10997 * assembler/ARMAssembler.cpp: 10998 (JSC::ARMAssembler::executableCopy): 10999 * assembler/ARMAssembler.h: 11000 (ARMAssembler): 11001 * assembler/AssemblerBuffer.h: 11002 (JSC::AssemblerBuffer::executableCopy): 11003 * assembler/LinkBuffer.h: 11004 (JSC::LinkBuffer::LinkBuffer): 11005 (JSC::LinkBuffer::~LinkBuffer): 11006 (LinkBuffer): 11007 (JSC::LinkBuffer::didFailToAllocate): 11008 (JSC::LinkBuffer::isValid): 11009 (JSC::LinkBuffer::linkCode): 11010 (JSC::LinkBuffer::performFinalization): 11011 * assembler/MIPSAssembler.h: 11012 (JSC::MIPSAssembler::executableCopy): 11013 * assembler/SH4Assembler.h: 11014 (JSC::SH4Assembler::executableCopy): 11015 * assembler/X86Assembler.h: 11016 (JSC::X86Assembler::executableCopy): 11017 (JSC::X86Assembler::X86InstructionFormatter::executableCopy): 11018 * bytecode/CodeBlock.cpp: 11019 (JSC::ProgramCodeBlock::jitCompileImpl): 11020 (JSC::EvalCodeBlock::jitCompileImpl): 11021 (JSC::FunctionCodeBlock::jitCompileImpl): 11022 * bytecode/CodeBlock.h: 11023 (JSC::CodeBlock::jitCompile): 11024 (CodeBlock): 11025 (ProgramCodeBlock): 11026 (EvalCodeBlock): 11027 (FunctionCodeBlock): 11028 * dfg/DFGDriver.cpp: 11029 (JSC::DFG::compile): 11030 * dfg/DFGJITCompiler.cpp: 11031 (JSC::DFG::JITCompiler::compile): 11032 (JSC::DFG::JITCompiler::compileFunction): 11033 * dfg/DFGJITCompiler.h: 11034 (JITCompiler): 11035 * jit/ExecutableAllocator.cpp: 11036 (JSC::DemandExecutableAllocator::allocateNewSpace): 11037 (JSC::ExecutableAllocator::allocate): 11038 * jit/ExecutableAllocator.h: 11039 (ExecutableAllocator): 11040 * jit/ExecutableAllocatorFixedVMPool.cpp: 11041 (JSC::ExecutableAllocator::allocate): 11042 * jit/JIT.cpp: 11043 (JSC::JIT::privateCompile): 11044 * jit/JIT.h: 11045 (JSC::JIT::compile): 11046 (JIT): 11047 * jit/JITCompilationEffort.h: Added. 11048 (JSC): 11049 * jit/JITDriver.h: 11050 (JSC::jitCompileIfAppropriate): 11051 (JSC::jitCompileFunctionIfAppropriate): 11052 * llint/LLIntSlowPaths.cpp: 11053 (LLInt): 11054 (JSC::LLInt::jitCompileAndSetHeuristics): 11055 (JSC::LLInt::entryOSR): 11056 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 11057 * runtime/Executable.cpp: 11058 (JSC::EvalExecutable::jitCompile): 11059 (JSC::ProgramExecutable::jitCompile): 11060 (JSC::FunctionExecutable::jitCompileForCall): 11061 (JSC::FunctionExecutable::jitCompileForConstruct): 11062 * runtime/Executable.h: 11063 (EvalExecutable): 11064 (ProgramExecutable): 11065 (FunctionExecutable): 11066 (JSC::FunctionExecutable::jitCompileFor): 11067 * runtime/ExecutionHarness.h: 11068 (JSC::prepareForExecution): 11069 (JSC::prepareFunctionForExecution): 11070 110712012-02-29 No'am Rosenthal <noam.rosenthal@nokia.com> 11072 11073 [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy] 11074 https://bugs.webkit.org/show_bug.cgi?id=79501 11075 11076 Enable WTF_USE_UI_SIDE_COMPOSITING for Qt. 11077 11078 Reviewed by Kenneth Rohde Christiansen. 11079 11080 * wtf/Platform.h: 11081 110822012-02-29 Gavin Barraclough <barraclough@apple.com> 11083 11084 Rubber stamped by Oliver Hunt. 11085 11086 * tests/mozilla/ecma_2/RegExp/constructor-001.js: 11087 * tests/mozilla/ecma_2/RegExp/function-001.js: 11088 * tests/mozilla/ecma_2/RegExp/properties-001.js: 11089 - Check in new test cases results. 11090 110912012-02-29 Mark Rowe <mrowe@apple.com> 11092 11093 Stop installing JSCLLIntOffsetsExtractor. 11094 11095 Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file 11096 that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor. 11097 This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor. 11098 11099 While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value 11100 for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is 11101 to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That 11102 allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too! 11103 11104 Reviewed by Filip Pizlo. 11105 11106 * Configurations/TestRegExp.xcconfig: Removed. 11107 * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig. 11108 * JavaScriptCore.xcodeproj/project.pbxproj: 11109 111102012-02-28 Filip Pizlo <fpizlo@apple.com> 11111 11112 RefCounted::deprecatedTurnOffVerifier() should not be deprecated 11113 https://bugs.webkit.org/show_bug.cgi?id=79864 11114 11115 Reviewed by Oliver Hunt. 11116 11117 Removed the word "deprecated" from the name of this method, since this method 11118 should not be deprecated. It works just fine as it is, and there is simply no 11119 alternative to calling this method for many interesting JSC classes. 11120 11121 * parser/SourceProvider.h: 11122 (JSC::SourceProvider::SourceProvider): 11123 * runtime/SymbolTable.h: 11124 (JSC::SharedSymbolTable::SharedSymbolTable): 11125 * wtf/MetaAllocator.cpp: 11126 (WTF::MetaAllocatorHandle::MetaAllocatorHandle): 11127 (WTF::MetaAllocator::allocate): 11128 * wtf/RefCounted.h: 11129 (RefCountedBase): 11130 (WTF::RefCountedBase::turnOffVerifier): 11131 111322012-02-29 Gavin Barraclough <barraclough@apple.com> 11133 11134 'source' property of RegExp instance cannot be "" 11135 https://bugs.webkit.org/show_bug.cgi?id=79938 11136 11137 Reviewed by Oliver Hunt. 11138 11139 15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/', 11140 and also states that the result must be a valid RegularExpressionLiteral. '//' is 11141 not a valid RegularExpressionLiteral (since it is a single line comment), and hence 11142 source cannot ever validly be "". If the source is empty, return a different Pattern 11143 that would match the same thing. 11144 11145 * runtime/RegExpObject.cpp: 11146 (JSC::regExpObjectSource): 11147 - Do not return "" if the source is empty, this would lead to invalid behaviour in toString. 11148 * runtime/RegExpPrototype.cpp: 11149 (JSC::regExpProtoFuncToString): 11150 - No need to special case the empty string - this should be being done by 'source'. 11151 111522012-02-29 Gavin Barraclough <barraclough@apple.com> 11153 11154 Writable attribute not set correctly when redefining an accessor to a data descriptor 11155 https://bugs.webkit.org/show_bug.cgi?id=79931 11156 11157 Reviewed by Oliver Hunt. 11158 11159 * runtime/JSObject.cpp: 11160 (JSC::JSObject::defineOwnProperty): 11161 - use attributesOverridingCurrent instead of attributesWithOverride. 11162 * runtime/PropertyDescriptor.cpp: 11163 * runtime/PropertyDescriptor.h: 11164 - remove attributesWithOverride - attributesOverridingCurrent does the same thing. 11165 111662012-02-29 Kevin Ollivier <kevino@theolliviers.com> 11167 11168 Add JSCore symbol exports needed by wx port 11169 https://bugs.webkit.org/show_bug.cgi?id=77280 11170 11171 Reviewed by Hajime Morita. 11172 11173 * wtf/ArrayBufferView.h: 11174 * wtf/ExportMacros.h: 11175 111762012-02-28 Raphael Kubo da Costa <kubo@profusion.mobi> 11177 11178 [CMake] Always build wtf as a static library. 11179 https://bugs.webkit.org/show_bug.cgi?id=79857 11180 11181 Reviewed by Eric Seidel. 11182 11183 To help the efforts in bug 75673 to move WTF out of 11184 JavaScriptCore, act more like the other ports and remove the 11185 possibility of building WTF as a shared library. 11186 11187 It does not make much sense to, for example, ship WTF as a 11188 separate .so with webkit-efl packages, and it should be small 11189 enough not to cause problems during linking. 11190 11191 * wtf/CMakeLists.txt: 11192 111932012-02-28 Dmitry Lomov <dslomov@google.com> 11194 11195 [JSC] Implement ArrayBuffer transfer 11196 https://bugs.webkit.org/show_bug.cgi?id=73493. 11197 Implement ArrayBuffer transfer, per Khronos spec: http://www.khronos.org/registry/typedarray/specs/latest/#9. 11198 This brings parity with V8 implementation of transferable typed arrays. 11199 11200 Reviewed by Oliver Hunt. 11201 11202 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export. 11203 * wtf/ArrayBuffer.h: 11204 (ArrayBuffer): Added extra export. 11205 112062012-02-28 Kevin Ollivier <kevino@theolliviers.com> 11207 11208 [wx] Unreviewed. Build fix after recent LLInt additions. 11209 11210 * wscript: 11211 112122012-02-28 Mark Hahnenberg <mhahnenberg@apple.com> 11213 11214 Refactor SpeculativeJIT::emitAllocateJSFinalObject 11215 https://bugs.webkit.org/show_bug.cgi?id=79801 11216 11217 Reviewed by Filip Pizlo. 11218 11219 * dfg/DFGSpeculativeJIT.h: 11220 (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this 11221 function, which is more generic in that it can allocate a variety of classes. 11222 (SpeculativeJIT): 11223 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function. 11224 112252012-02-28 Gavin Barraclough <barraclough@apple.com> 11226 11227 [[Get]]/[[Put]] for primitives should not wrap on strict accessor call 11228 https://bugs.webkit.org/show_bug.cgi?id=79588 11229 11230 Reviewed by Oliver Hunt. 11231 11232 In the case of [[Get]], this is a pretty trivial bug - just don't wrap 11233 primitives at the point you call a getter. 11234 11235 For setters, this is a little more involved, since we have already wrapped 11236 the value up in a synthesized object. Stop doing so. There is also a further 11237 subtely, that in strict mode all attempts to create a new data property on 11238 the object should throw. 11239 11240 * runtime/JSCell.cpp: 11241 (JSC::JSCell::put): 11242 - [[Put]] to a string primitive should use JSValue::putToPrimitive. 11243 * runtime/JSObject.cpp: 11244 (JSC::JSObject::put): 11245 - Remove static function called in one place. 11246 * runtime/JSObject.h: 11247 (JSC::JSValue::put): 11248 - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive. 11249 * runtime/JSValue.cpp: 11250 (JSC::JSValue::synthesizePrototype): 11251 - Add support for synthesizing the prototype of strings. 11252 (JSC::JSValue::putToPrimitive): 11253 - Added, implements [[Put]] for primitive bases, per 8.7.2. 11254 * runtime/JSValue.h: 11255 (JSValue): 11256 - Add declaration for JSValue::putToPrimitive. 11257 * runtime/PropertySlot.cpp: 11258 (JSC::PropertySlot::functionGetter): 11259 - Don't call ToObject on primitive this values. 11260 112612012-02-28 Mark Hahnenberg <mhahnenberg@apple.com> 11262 11263 Re-enable parallel GC on Mac 11264 https://bugs.webkit.org/show_bug.cgi?id=79837 11265 11266 Rubber stamped by Filip Pizlo. 11267 11268 * runtime/Options.cpp: 11269 (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line, 11270 so we removed it and things should go back to normal. 11271 112722012-02-28 Filip Pizlo <fpizlo@apple.com> 11273 11274 Some run-javascriptcore-tests broken for 32-bit debug 11275 https://bugs.webkit.org/show_bug.cgi?id=79844 11276 11277 Rubber stamped by Oliver Hunt. 11278 11279 These assertions are just plain wrong for 32-bit. We could either have a massive 11280 assertion that depends on value representation, that has to be changed every 11281 time we change the JITs, resulting in a bug tail of debug-mode crashes, or we 11282 could get rid of the assertions. I pick the latter. 11283 11284 * dfg/DFGOperations.cpp: 11285 * jit/JITStubs.cpp: 11286 (JSC::DEFINE_STUB_FUNCTION): 11287 112882012-02-28 Mark Hahnenberg <mhahnenberg@apple.com> 11289 11290 Get rid of padding cruft in CopiedBlock 11291 https://bugs.webkit.org/show_bug.cgi?id=79686 11292 11293 Reviewed by Filip Pizlo. 11294 11295 * heap/CopiedBlock.h: 11296 (CopiedBlock): Removed the extra padding that was used for alignment purposes until 11297 the calculation of the payload offset into CopiedBlocks was redone recently. 11298 112992012-02-28 Anders Carlsson <andersca@apple.com> 11300 11301 Fix build with newer versions of clang. 11302 11303 Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments, 11304 but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common) 11305 takes a string literal. 11306 11307 * wtf/Assertions.cpp: 11308 113092012-02-28 Mario Sanchez Prada <msanchez@igalia.com> 11310 11311 [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr 11312 https://bugs.webkit.org/show_bug.cgi?id=79496 11313 11314 Reviewed by Martin Robinson. 11315 11316 Handle GMainLoop and GMainContext in GRefPtr, by calling 11317 g_main_loop_(un)ref and g_main_context_(un)ref in the 11318 implementation of the refGPtr and derefGPtr template functions. 11319 11320 * wtf/gobject/GRefPtr.cpp: 11321 (WTF::refGPtr): 11322 (WTF): 11323 (WTF::derefGPtr): 11324 * wtf/gobject/GRefPtr.h: 11325 (WTF): 11326 * wtf/gobject/GTypedefs.h: 11327 113282012-02-28 Yong Li <yoli@rim.com> 11329 11330 JSString::resolveRope() should report extra memory cost to the heap. 11331 https://bugs.webkit.org/show_bug.cgi?id=79555 11332 11333 Reviewed by Michael Saboff. 11334 11335 At the time a JSString is constructed with fibers, it doesn't report 11336 extra memory cost, which is reasonable because it hasn't allocate 11337 new memory. However when the rope is resolved, it should report meory 11338 cost for the new buffer. 11339 11340 * runtime/JSString.cpp: 11341 (JSC::JSString::resolveRope): 11342 113432012-02-27 Oliver Hunt <oliver@apple.com> 11344 11345 sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter 11346 https://bugs.webkit.org/show_bug.cgi?id=79728 11347 11348 Reviewed by Gavin Barraclough. 11349 11350 When initialising a chained get instruction we may end up in a state where 11351 the instruction stream says we have a scopechain, but it has not yet been set 11352 (eg. if allocating the StructureChain itself is what leads to the GC). We could 11353 re-order the allocation, but it occurs in a couple of places, so it seems less 11354 fragile simply to null check the scopechain slot before we actually visit the slot. 11355 11356 * bytecode/CodeBlock.cpp: 11357 (JSC::CodeBlock::visitStructures): 11358 113592012-02-27 Filip Pizlo <fpizlo@apple.com> 11360 11361 Old JIT's style of JSVALUE64 strict equality is subtly wrong 11362 https://bugs.webkit.org/show_bug.cgi?id=79700 11363 11364 Reviewed by Oliver Hunt. 11365 11366 * assembler/MacroAssemblerX86_64.h: 11367 (JSC::MacroAssemblerX86_64::comparePtr): 11368 (MacroAssemblerX86_64): 11369 * dfg/DFGOperations.cpp: 11370 * dfg/DFGSpeculativeJIT.cpp: 11371 (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): 11372 * dfg/DFGSpeculativeJIT64.cpp: 11373 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 11374 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): 11375 * jit/JITOpcodes.cpp: 11376 (JSC::JIT::compileOpStrictEq): 11377 (JSC::JIT::emitSlow_op_stricteq): 11378 (JSC::JIT::emitSlow_op_nstricteq): 11379 * jit/JITStubs.cpp: 11380 (JSC::DEFINE_STUB_FUNCTION): 11381 113822012-02-27 Gavin Barraclough <barraclough@apple.com> 11383 11384 Implement support for op_negate and op_bitnot in the DFG JIT 11385 https://bugs.webkit.org/show_bug.cgi?id=79617 11386 11387 Reviewed by Filip Pizlo. 11388 11389 Add an ArithNegate op to the DFG JIT, to implement op_negate. 11390 11391 This patch also adds support for op_negate to the JSVALUE64 baseline JIT 11392 (JSVALUE32_64 already had this), so that we can profile the slowpath usage. 11393 11394 This is a 2.5%-3% Sunspider progression and a 1% win on Kraken. 11395 11396 * assembler/ARMv7Assembler.h: 11397 (JSC::ARMv7Assembler::sub_S): 11398 - Added sub_S from immediate. 11399 (ARMv7Assembler): 11400 (JSC::ARMv7Assembler::vneg): 11401 - Added double negate. 11402 * assembler/MacroAssemblerARMv7.h: 11403 (JSC::MacroAssemblerARMv7::negateDouble): 11404 - Added double negate. 11405 (MacroAssemblerARMv7): 11406 (JSC::MacroAssemblerARMv7::branchNeg32): 11407 - Added. 11408 * assembler/MacroAssemblerX86.h: 11409 (MacroAssemblerX86): 11410 - moved loadDouble, absDouble to common. 11411 * assembler/MacroAssemblerX86Common.h: 11412 (MacroAssemblerX86Common): 11413 (JSC::MacroAssemblerX86Common::absDouble): 11414 - implementation can be shared. 11415 (JSC::MacroAssemblerX86Common::negateDouble): 11416 - Added. 11417 (JSC::MacroAssemblerX86Common::loadDouble): 11418 - allow absDouble to have a common implementation. 11419 * assembler/MacroAssemblerX86_64.h: 11420 (MacroAssemblerX86_64): 11421 - moved loadDouble, absDouble to common. 11422 * dfg/DFGAbstractState.cpp: 11423 (JSC::DFG::AbstractState::execute): 11424 - support ArithNegate. 11425 * dfg/DFGArithNodeFlagsInferencePhase.cpp: 11426 (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): 11427 - support ArithNegate. 11428 * dfg/DFGByteCodeParser.cpp: 11429 (JSC::DFG::ByteCodeParser::makeSafe): 11430 - support ArithNegate. 11431 (JSC::DFG::ByteCodeParser::parseBlock): 11432 - support op_negate. 11433 * dfg/DFGCSEPhase.cpp: 11434 (JSC::DFG::CSEPhase::performNodeCSE): 11435 - support ArithNegate. 11436 * dfg/DFGCapabilities.h: 11437 (JSC::DFG::canCompileOpcode): 11438 - support op_negate. 11439 * dfg/DFGGraph.h: 11440 (JSC::DFG::Graph::negateShouldSpeculateInteger): 11441 - support ArithNegate. 11442 * dfg/DFGNode.h: 11443 (JSC::DFG::Node::hasArithNodeFlags): 11444 - support ArithNegate. 11445 * dfg/DFGPredictionPropagationPhase.cpp: 11446 (JSC::DFG::PredictionPropagationPhase::propagate): 11447 - support ArithNegate. 11448 * dfg/DFGSpeculativeJIT.cpp: 11449 (JSC::DFG::SpeculativeJIT::compileArithNegate): 11450 - support ArithNegate. 11451 * dfg/DFGSpeculativeJIT.h: 11452 (SpeculativeJIT): 11453 - support ArithNegate. 11454 * dfg/DFGSpeculativeJIT32_64.cpp: 11455 (JSC::DFG::SpeculativeJIT::compile): 11456 - support ArithNegate. 11457 * dfg/DFGSpeculativeJIT64.cpp: 11458 (JSC::DFG::SpeculativeJIT::compile): 11459 - support ArithNegate. 11460 * jit/JIT.cpp: 11461 (JSC::JIT::privateCompileMainPass): 11462 (JSC::JIT::privateCompileSlowCases): 11463 - Add support for op_negate in JSVALUE64. 11464 * jit/JITArithmetic.cpp: 11465 (JSC::JIT::emit_op_negate): 11466 (JSC::JIT::emitSlow_op_negate): 11467 - Add support for op_negate in JSVALUE64. 11468 114692012-02-27 Mahesh Kulkarni <mahesh.kulkarni@nokia.com> 11470 11471 Unreviewed. Build fix for linux-bot (qt) after r109021. 11472 11473 * runtime/Error.cpp: 11474 114752012-02-27 Oliver Hunt <oliver@apple.com> 11476 11477 REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize 11478 https://bugs.webkit.org/show_bug.cgi?id=79693 11479 11480 Reviewed by Filip Pizlo. 11481 11482 Alas we can't provide the stack trace as an array, as despite everyone wanting 11483 an array, everyone arbitrarily creates the array by calling split on the stack 11484 trace. To create the array we would have provided them in the first place. 11485 11486 This changes the exception's stack property to a \n separated string. To get the 11487 old array just do <exception>.stack.split("\n"). 11488 11489 * runtime/Error.cpp: 11490 (JSC::addErrorInfo): 11491 114922012-02-27 Gavin Barraclough <barraclough@apple.com> 11493 11494 RegExp lastIndex should behave as a regular property 11495 https://bugs.webkit.org/show_bug.cgi?id=79446 11496 11497 Reviewed by Sam Weinig. 11498 11499 lastIndex should be a regular data descriptor, with the attributes configurable:false, 11500 enumerable:false, writable:true. As such, it should be possible to reconfigure writable 11501 as false. If the lastIndex property is reconfigured to be read-only, we should respect 11502 this correctly. 11503 11504 * runtime/CommonIdentifiers.h: 11505 - Removed some unused identifiers, added lastIndex. 11506 * runtime/RegExpObject.cpp: 11507 (JSC::RegExpObject::getOwnPropertySlot): 11508 - lastIndex is no longer a static value, provided specific handling. 11509 (JSC::RegExpObject::getOwnPropertyDescriptor): 11510 - lastIndex is no longer a static value, provided specific handling. 11511 (JSC::RegExpObject::deleteProperty): 11512 - lastIndex is no longer a static value, provided specific handling. 11513 (JSC::RegExpObject::getOwnPropertyNames): 11514 - lastIndex is no longer a static value, provided specific handling. 11515 (JSC::RegExpObject::getPropertyNames): 11516 - lastIndex is no longer a static value, provided specific handling. 11517 (JSC::reject): 11518 - helper function for defineOwnProperty. 11519 (JSC::RegExpObject::defineOwnProperty): 11520 - lastIndex is no longer a static value, provided specific handling. 11521 (JSC::RegExpObject::put): 11522 - lastIndex is no longer a static value, provided specific handling. 11523 (JSC::RegExpObject::match): 11524 - Pass setLastIndex an ExecState, so it can throw if read-only. 11525 * runtime/RegExpObject.h: 11526 (JSC::RegExpObject::setLastIndex): 11527 - Pass setLastIndex an ExecState, so it can throw if read-only. 11528 (RegExpObjectData): 11529 - Added lastIndexIsWritable. 11530 * runtime/RegExpPrototype.cpp: 11531 (JSC::regExpProtoFuncCompile): 11532 - Pass setLastIndex an ExecState, so it can throw if read-only. 11533 115342012-02-27 Gavin Barraclough <barraclough@apple.com> 11535 11536 Implement support for op_negate and op_bitnot in the DFG JIT 11537 https://bugs.webkit.org/show_bug.cgi?id=79617 11538 11539 Reviewed by Sam Weinig. 11540 11541 Remove op_bitnop - this is redundant, ~x === x^-1. 11542 This is a fractional (<1%) progression. 11543 11544 Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X). 11545 Remove CanReuse from the result type - this was unused. 11546 Remove op_bitnot. 11547 11548 * assembler/MacroAssemblerARM.h: 11549 (MacroAssemblerARM): 11550 (JSC::MacroAssemblerARM::xor32): 11551 * assembler/MacroAssemblerARMv7.h: 11552 (MacroAssemblerARMv7): 11553 (JSC::MacroAssemblerARMv7::xor32): 11554 * assembler/MacroAssemblerMIPS.h: 11555 (MacroAssemblerMIPS): 11556 (JSC::MacroAssemblerMIPS::xor32): 11557 * assembler/MacroAssemblerSH4.h: 11558 (MacroAssemblerSH4): 11559 (JSC::MacroAssemblerSH4::xor32): 11560 * assembler/MacroAssemblerX86Common.h: 11561 (MacroAssemblerX86Common): 11562 (JSC::MacroAssemblerX86Common::xor32): 11563 * bytecode/CodeBlock.cpp: 11564 (JSC::CodeBlock::dump): 11565 * bytecode/Opcode.h: 11566 (JSC): 11567 (JSC::padOpcodeName): 11568 * bytecompiler/NodesCodegen.cpp: 11569 (JSC): 11570 (JSC::BitwiseNotNode::emitBytecode): 11571 * interpreter/Interpreter.cpp: 11572 (JSC::Interpreter::privateExecute): 11573 * jit/JIT.cpp: 11574 (JSC::JIT::privateCompileMainPass): 11575 (JSC::JIT::privateCompileSlowCases): 11576 * jit/JIT.h: 11577 (JIT): 11578 * jit/JITArithmetic32_64.cpp: 11579 (JSC): 11580 * jit/JITOpcodes.cpp: 11581 (JSC): 11582 * jit/JITStubs.cpp: 11583 (JSC): 11584 * jit/JITStubs.h: 11585 * llint/LLIntSlowPaths.cpp: 11586 (LLInt): 11587 * llint/LLIntSlowPaths.h: 11588 (LLInt): 11589 * llint/LowLevelInterpreter32_64.asm: 11590 * parser/NodeConstructors.h: 11591 (JSC::NegateNode::NegateNode): 11592 (JSC::BitwiseNotNode::BitwiseNotNode): 11593 (JSC::MultNode::MultNode): 11594 (JSC::DivNode::DivNode): 11595 (JSC::ModNode::ModNode): 11596 (JSC::SubNode::SubNode): 11597 (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode): 11598 * parser/Nodes.h: 11599 (BitwiseNotNode): 11600 (JSC::BitwiseNotNode::expr): 11601 (JSC): 11602 * parser/ResultType.h: 11603 (ResultType): 11604 (JSC::ResultType::numberTypeIsInt32): 11605 (JSC::ResultType::stringOrNumberType): 11606 (JSC::ResultType::forAdd): 11607 (JSC::ResultType::forBitOp): 11608 116092012-02-27 Michael Saboff <msaboff@apple.com> 11610 11611 Error check regexp min quantifier 11612 https://bugs.webkit.org/show_bug.cgi?id=70648 11613 11614 Reviewed by Gavin Barraclough. 11615 11616 Added checking for min or only quantifier being UINT_MAX. 11617 When encountered this becomes a SyntaxError during parsing. 11618 11619 * yarr/YarrParser.h: 11620 (JSC::Yarr::Parser::parseQuantifier): 11621 (JSC::Yarr::Parser::parse): 11622 (Parser): 11623 116242012-02-27 Carlos Garcia Campos <cgarcia@igalia.com> 11625 11626 Unreviewed. Fix make distcheck. 11627 11628 * GNUmakefile.list.am: Add missing files. 11629 116302012-02-26 Hajime Morrita <morrita@chromium.org> 11631 11632 Move ChromeClient::showContextMenu() to ContextMenuClient 11633 https://bugs.webkit.org/show_bug.cgi?id=79427 11634 11635 Reviewed by Adam Barth. 11636 11637 Added ACCESSIBILITY_CONTEXT_MENUS. 11638 11639 * wtf/Platform.h: 11640 116412012-02-26 Filip Pizlo <fpizlo@apple.com> 11642 11643 LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG 11644 https://bugs.webkit.org/show_bug.cgi?id=79616 11645 11646 Reviewed by Oliver Hunt. 11647 11648 Guard against the fact that in JSVALUE64, JSValue().isCell() == true. 11649 11650 * dfg/DFGAbstractValue.h: 11651 (JSC::DFG::AbstractValue::validate): 11652 116532012-02-26 Filip Pizlo <fpizlo@apple.com> 11654 11655 DFG should support activations and nested functions 11656 https://bugs.webkit.org/show_bug.cgi?id=79554 11657 11658 Reviewed by Sam Weinig. 11659 11660 Fix 32-bit. The 32-bit function+activation code had some really weird 11661 register reuse bugs. 11662 11663 * dfg/DFGSpeculativeJIT32_64.cpp: 11664 (JSC::DFG::SpeculativeJIT::compile): 11665 116662012-02-26 Filip Pizlo <fpizlo@apple.com> 11667 11668 Getting the instruction stream for a code block should not require two loads 11669 https://bugs.webkit.org/show_bug.cgi?id=79608 11670 11671 Reviewed by Sam Weinig. 11672 11673 Introduced the RefCountedArray class, which contains a single inline pointer 11674 to a ref-counted non-resizeable vector backing store. This satisfies the 11675 requirements of CodeBlock, which desires the ability to share instruction 11676 streams with other CodeBlocks. It also reduces the number of loads required 11677 for getting the instruction stream by one. 11678 11679 This patch also gets rid of the bytecode discarding logic, since we don't 11680 use it anymore and it's unlikely to ever work right with DFG or LLInt. And 11681 I didn't feel like porting dead code to use RefCountedArray. 11682 11683 * GNUmakefile.list.am: 11684 * JavaScriptCore.xcodeproj/project.pbxproj: 11685 * bytecode/CodeBlock.cpp: 11686 (JSC::instructionOffsetForNth): 11687 (JSC::CodeBlock::dump): 11688 (JSC::CodeBlock::CodeBlock): 11689 (JSC::CodeBlock::finalizeUnconditionally): 11690 (JSC::CodeBlock::handlerForBytecodeOffset): 11691 (JSC::CodeBlock::lineNumberForBytecodeOffset): 11692 (JSC::CodeBlock::expressionRangeForBytecodeOffset): 11693 (JSC::CodeBlock::shrinkToFit): 11694 * bytecode/CodeBlock.h: 11695 (CodeBlock): 11696 (JSC::CodeBlock::numberOfInstructions): 11697 (JSC::CodeBlock::instructions): 11698 (JSC::CodeBlock::instructionCount): 11699 (JSC::CodeBlock::valueProfileForBytecodeOffset): 11700 (JSC): 11701 * bytecompiler/BytecodeGenerator.cpp: 11702 (JSC::Label::setLocation): 11703 (JSC): 11704 (JSC::BytecodeGenerator::generate): 11705 (JSC::BytecodeGenerator::newLabel): 11706 * bytecompiler/BytecodeGenerator.h: 11707 (JSC): 11708 (BytecodeGenerator): 11709 (JSC::BytecodeGenerator::instructions): 11710 * bytecompiler/Label.h: 11711 (JSC::Label::Label): 11712 (Label): 11713 * dfg/DFGByteCodeCache.h: 11714 (JSC::DFG::ByteCodeCache::~ByteCodeCache): 11715 (JSC::DFG::ByteCodeCache::get): 11716 * jit/JITExceptions.cpp: 11717 (JSC::genericThrow): 11718 * llint/LowLevelInterpreter32_64.asm: 11719 * runtime/Executable.cpp: 11720 (JSC::EvalExecutable::compileInternal): 11721 (JSC::ProgramExecutable::compileInternal): 11722 (JSC::FunctionExecutable::codeBlockWithBytecodeFor): 11723 (JSC::FunctionExecutable::produceCodeBlockFor): 11724 * wtf/RefCountedArray.h: Added. 11725 (WTF): 11726 (RefCountedArray): 11727 (WTF::RefCountedArray::RefCountedArray): 11728 (WTF::RefCountedArray::operator=): 11729 (WTF::RefCountedArray::~RefCountedArray): 11730 (WTF::RefCountedArray::size): 11731 (WTF::RefCountedArray::data): 11732 (WTF::RefCountedArray::begin): 11733 (WTF::RefCountedArray::end): 11734 (WTF::RefCountedArray::at): 11735 (WTF::RefCountedArray::operator[]): 11736 (Header): 11737 (WTF::RefCountedArray::Header::size): 11738 (WTF::RefCountedArray::Header::payload): 11739 (WTF::RefCountedArray::Header::fromPayload): 11740 * wtf/Platform.h: 11741 117422012-02-26 Yusuke Suzuki <utatane.tea@gmail.com> 11743 11744 StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name 11745 https://bugs.webkit.org/show_bug.cgi?id=79571 11746 11747 Reviewed by Gavin Barraclough. 11748 11749 * parser/ASTBuilder.h: 11750 (JSC::ASTBuilder::createGetterOrSetterProperty): 11751 * parser/Parser.cpp: 11752 (JSC::::parseProperty): 11753 * parser/SyntaxChecker.h: 11754 (JSC::SyntaxChecker::createGetterOrSetterProperty): 11755 117562012-02-26 Mark Hahnenberg <mhahnenberg@apple.com> 11757 11758 Implement fast path for op_new_array in the baseline JIT 11759 https://bugs.webkit.org/show_bug.cgi?id=78612 11760 11761 Reviewed by Filip Pizlo. 11762 11763 heap/CopiedAllocator.h: 11764 (CopiedAllocator): Friended the JIT to allow access to m_currentOffset. 11765 * heap/CopiedSpace.h: 11766 (CopiedSpace): Friended the JIT to allow access to isOversize. 11767 (JSC::CopiedSpace::allocator): 11768 * heap/Heap.h: 11769 (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT 11770 can use it for simple allocation i.e. when we can just bump the offset without having to 11771 do anything else. 11772 * jit/JIT.cpp: 11773 (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when 11774 we have to bail out because the fast allocation path fails for whatever reason. 11775 * jit/JIT.h: 11776 (JIT): 11777 * jit/JITInlineMethods.h: 11778 (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 11779 allocate generic backing stores. This function is used by emitAllocateJSArray. 11780 (JSC): 11781 (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 11782 more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 11783 it will also be used for emit_op_new_array_buffer. 11784 * jit/JITOpcodes.cpp: 11785 (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 11786 a stub call for oversize arrays. 11787 (JSC): 11788 (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we 11789 fail in any way on the fast path. 11790 * runtime/JSArray.cpp: 11791 (JSC): 11792 * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 11793 initialize in the JIT. 11794 (ArrayStorage): 11795 (JSC::ArrayStorage::lengthOffset): 11796 (JSC::ArrayStorage::numValuesInVectorOffset): 11797 (JSC::ArrayStorage::allocBaseOffset): 11798 (JSC::ArrayStorage::vectorOffset): 11799 (JSArray): 11800 (JSC::JSArray::sparseValueMapOffset): 11801 (JSC::JSArray::subclassDataOffset): 11802 (JSC::JSArray::indexBiasOffset): 11803 (JSC): 11804 (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file 11805 to being a static function in the JSArray class. This move allows the JIT to call it to 11806 see what size it should allocate. 11807 118082012-02-26 Patrick Gansterer <paroga@webkit.org> 11809 11810 Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681. 11811 11812 * interpreter/Interpreter.cpp: 11813 (JSC::getLineNumberForCallFrame): 11814 (JSC::Interpreter::getStackTrace): 11815 118162012-02-26 Patrick Gansterer <paroga@webkit.org> 11817 11818 Unreviewed. Build fix for !ENABLE(JIT) after r108681. 11819 11820 * interpreter/Interpreter.cpp: 11821 (JSC::getLineNumberForCallFrame): 11822 118232012-02-25 Filip Pizlo <fpizlo@apple.com> 11824 11825 LLInt assembly file should be split into 32-bit and 64-bit parts 11826 https://bugs.webkit.org/show_bug.cgi?id=79584 11827 11828 Reviewed by Sam Weinig. 11829 11830 Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm 11831 the ability to include files, and correctly track dependencies: it restricts 11832 the include mechanism to using the same directory as the source file, and uses 11833 the SHA1 hash of all .asm files in that directory as an input hash. 11834 11835 * llint/LLIntOfflineAsmConfig.h: 11836 * llint/LowLevelInterpreter.asm: 11837 * llint/LowLevelInterpreter32_64.asm: Added. 11838 - This is just the entire contents of what was previously LowLevelInterpreter.asm 11839 * llint/LowLevelInterpreter64.asm: Added. 11840 * offlineasm/asm.rb: 11841 * offlineasm/ast.rb: 11842 * offlineasm/generate_offset_extractor.rb: 11843 * offlineasm/parser.rb: 11844 * offlineasm/self_hash.rb: 11845 118462012-02-25 Filip Pizlo <fpizlo@apple.com> 11847 11848 Offlineasm should support X86_64 11849 https://bugs.webkit.org/show_bug.cgi?id=79581 11850 11851 Reviewed by Oliver Hunt. 11852 11853 * llint/LLIntOfflineAsmConfig.h: 11854 * offlineasm/backends.rb: 11855 * offlineasm/instructions.rb: 11856 * offlineasm/settings.rb: 11857 * offlineasm/x86.rb: 11858 118592012-02-25 Filip Pizlo <fpizlo@apple.com> 11860 11861 DFG should support activations and nested functions 11862 https://bugs.webkit.org/show_bug.cgi?id=79554 11863 11864 Reviewed by Oliver Hunt. 11865 11866 Wrote the simplest possible implementation of activations. Big speed-up on 11867 code that uses activations, no speed-up on major benchmarks (SunSpider, V8, 11868 Kraken) because they do not appear to have sufficient coverage over code 11869 that uses activations. 11870 11871 * bytecode/PredictedType.cpp: 11872 (JSC::predictionToString): 11873 (JSC::predictionFromValue): 11874 * bytecode/PredictedType.h: 11875 (JSC): 11876 (JSC::isEmptyPrediction): 11877 * dfg/DFGAbstractState.cpp: 11878 (JSC::DFG::AbstractState::execute): 11879 * dfg/DFGByteCodeParser.cpp: 11880 (JSC::DFG::ByteCodeParser::ByteCodeParser): 11881 (ByteCodeParser): 11882 (JSC::DFG::ByteCodeParser::parseBlock): 11883 (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): 11884 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 11885 (JSC::DFG::ByteCodeParser::parse): 11886 * dfg/DFGCapabilities.h: 11887 (JSC::DFG::canCompileOpcode): 11888 (JSC::DFG::canInlineOpcode): 11889 * dfg/DFGGraph.h: 11890 (JSC::DFG::Graph::needsActivation): 11891 * dfg/DFGNode.h: 11892 (DFG): 11893 (JSC::DFG::Node::storageAccessDataIndex): 11894 (Node): 11895 (JSC::DFG::Node::hasFunctionDeclIndex): 11896 (JSC::DFG::Node::functionDeclIndex): 11897 (JSC::DFG::Node::hasFunctionExprIndex): 11898 (JSC::DFG::Node::functionExprIndex): 11899 * dfg/DFGOperations.cpp: 11900 * dfg/DFGOperations.h: 11901 * dfg/DFGPredictionPropagationPhase.cpp: 11902 (JSC::DFG::PredictionPropagationPhase::propagate): 11903 * dfg/DFGSpeculativeJIT.cpp: 11904 (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): 11905 (DFG): 11906 (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression): 11907 * dfg/DFGSpeculativeJIT.h: 11908 (JSC::DFG::SpeculativeJIT::callOperation): 11909 * dfg/DFGSpeculativeJIT32_64.cpp: 11910 (JSC::DFG::SpeculativeJIT::compile): 11911 * dfg/DFGSpeculativeJIT64.cpp: 11912 (JSC::DFG::SpeculativeJIT::compile): 11913 119142012-02-25 Benjamin Poulain <benjamin@webkit.org> 11915 11916 Add an empty skeleton of KURL for WTFURL 11917 https://bugs.webkit.org/show_bug.cgi?id=78990 11918 11919 Reviewed by Adam Barth. 11920 11921 * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL 11922 so that can use them in WebCore. 11923 119242012-02-25 Filip Pizlo <fpizlo@apple.com> 11925 11926 Unreviewed, fix build for DFG disabled and LLInt enabled. 11927 11928 * jit/JIT.cpp: 11929 (JSC::JIT::privateCompile): 11930 * llint/LLIntSlowPaths.cpp: 11931 (LLInt): 11932 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 11933 119342012-02-25 Mark Hahnenberg <mhahnenberg@apple.com> 11935 11936 Fix the CopiedBlock offset alignment in a cross platform fashion 11937 https://bugs.webkit.org/show_bug.cgi?id=79556 11938 11939 Reviewed by Filip Pizlo. 11940 11941 Replaced m_payload with a payload() method that calculates the offset 11942 of the payload with the proper alignment. This change allows us to 11943 avoid alignment-related issues in a cross-platform manner. 11944 11945 * heap/CopiedAllocator.h: 11946 (JSC::CopiedAllocator::currentUtilization): 11947 * heap/CopiedBlock.h: 11948 (JSC::CopiedBlock::CopiedBlock): 11949 (JSC::CopiedBlock::payload): 11950 (CopiedBlock): 11951 * heap/CopiedSpace.cpp: 11952 (JSC::CopiedSpace::doneFillingBlock): 11953 * heap/CopiedSpaceInlineMethods.h: 11954 (JSC::CopiedSpace::borrowBlock): 11955 (JSC::CopiedSpace::allocateFromBlock): 11956 119572012-02-24 Michael Saboff <msaboff@apple.com> 11958 11959 Unreviewed, Windows build fix. Changed signature in export to match 11960 change made in r108858. 11961 11962 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 11963 119642012-02-24 Filip Pizlo <fpizlo@apple.com> 11965 11966 DFG support for op_new_regexp should be enabled 11967 https://bugs.webkit.org/show_bug.cgi?id=79538 11968 11969 Reviewed by Oliver Hunt. 11970 11971 No performance change. 11972 11973 * dfg/DFGCapabilities.h: 11974 (JSC::DFG::canCompileOpcode): 11975 * dfg/DFGCommon.h: 11976 119772012-02-24 Michael Saboff <msaboff@apple.com> 11978 11979 ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked 11980 https://bugs.webkit.org/show_bug.cgi?id=73728 11981 11982 Reviewed by Gavin Barraclough. 11983 11984 Fixed the mixing of signed and unsigned character indeces in YARR 11985 interpreter. 11986 11987 * runtime/RegExp.cpp: 11988 (JSC::RegExp::match): Added code to check for match longer than 2^31 and 11989 return no match after resetting the offsets. 11990 * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index 11991 handling except when matching back references. 11992 (JSC::Yarr::Interpreter::InputStream::readChecked): 11993 (JSC::Yarr::Interpreter::InputStream::checkInput): 11994 (JSC::Yarr::Interpreter::InputStream::uncheckInput): 11995 (JSC::Yarr::Interpreter::InputStream::atStart): 11996 (JSC::Yarr::Interpreter::InputStream::atEnd): 11997 (JSC::Yarr::Interpreter::InputStream::isAvailableInput): 11998 (JSC::Yarr::Interpreter::checkCharacter): 11999 (JSC::Yarr::Interpreter::checkCasedCharacter): 12000 (JSC::Yarr::Interpreter::checkCharacterClass): 12001 (JSC::Yarr::Interpreter::tryConsumeBackReference): 12002 (JSC::Yarr::Interpreter::matchAssertionBOL): 12003 (JSC::Yarr::Interpreter::matchAssertionWordBoundary): 12004 (JSC::Yarr::Interpreter::backtrackPatternCharacter): 12005 (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter): 12006 (JSC::Yarr::Interpreter::matchCharacterClass): 12007 (JSC::Yarr::Interpreter::backtrackCharacterClass): 12008 (JSC::Yarr::Interpreter::matchParenthesesOnceBegin): 12009 (JSC::Yarr::Interpreter::matchDisjunction): 12010 (JSC::Yarr::Interpreter::interpret): 12011 (JSC::Yarr::ByteCompiler::assertionBOL): 12012 (JSC::Yarr::ByteCompiler::assertionEOL): 12013 (JSC::Yarr::ByteCompiler::assertionWordBoundary): 12014 (JSC::Yarr::ByteCompiler::atomPatternCharacter): 12015 (JSC::Yarr::ByteCompiler::atomCharacterClass): 12016 (JSC::Yarr::ByteCompiler::atomBackReference): 12017 (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin): 12018 (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin): 12019 (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin): 12020 (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd): 12021 (JSC::Yarr::ByteCompiler::emitDisjunction): 12022 * yarr/YarrInterpreter.h: 12023 120242012-02-24 Filip Pizlo <fpizlo@apple.com> 12025 12026 Unreviewed, build fix for builds where the DFG is disabled but the LLInt is 12027 enabled. 12028 12029 * llint/LLIntOfflineAsmConfig.h: 12030 * llint/LowLevelInterpreter.asm: 12031 120322012-02-24 Filip Pizlo <fpizlo@apple.com> 12033 12034 DFG should be able to handle variables getting captured 12035 https://bugs.webkit.org/show_bug.cgi?id=79469 12036 12037 Reviewed by Oliver Hunt. 12038 12039 Made captured variables work by placing a Flush on the SetLocal and 12040 forcing the emission of the GetLocal even if copy propagation tells us 12041 who has the value. 12042 12043 Changed the CFA and various prediction codes to understand that we can't 12044 really prove anything about captured variables. Well, we could in the 12045 future by just looking at what side effects are happening, but in this 12046 first cut we just assume that we can't reason about captured variables. 12047 12048 Also added a mode where the DFG pretends that all variables and arguments 12049 got captured. Used this mode to harden the code. 12050 12051 This is performance neutral. Capturing all variables is a slow down, but 12052 not too big of one. This seems to predict that when we add activation 12053 support, the amount of speed benefit we'll get from increased coverage 12054 will far outweigh the pessimism that we'll have to endure for captured 12055 variables. 12056 12057 * bytecode/CodeType.h: 12058 (JSC::codeTypeToString): 12059 * dfg/DFGAbstractState.cpp: 12060 (JSC::DFG::AbstractState::initialize): 12061 (JSC::DFG::AbstractState::endBasicBlock): 12062 (JSC::DFG::AbstractState::execute): 12063 (JSC::DFG::AbstractState::merge): 12064 * dfg/DFGAbstractState.h: 12065 (AbstractState): 12066 * dfg/DFGByteCodeParser.cpp: 12067 (JSC::DFG::ByteCodeParser::getLocal): 12068 (JSC::DFG::ByteCodeParser::setLocal): 12069 (JSC::DFG::ByteCodeParser::getArgument): 12070 (JSC::DFG::ByteCodeParser::setArgument): 12071 (JSC::DFG::ByteCodeParser::flushArgument): 12072 (JSC::DFG::ByteCodeParser::handleInlining): 12073 (JSC::DFG::ByteCodeParser::processPhiStack): 12074 (JSC::DFG::ByteCodeParser::parseCodeBlock): 12075 (JSC::DFG::ByteCodeParser::parse): 12076 * dfg/DFGCapabilities.h: 12077 (JSC::DFG::mightInlineFunctionForCall): 12078 (JSC::DFG::mightInlineFunctionForConstruct): 12079 * dfg/DFGCommon.h: 12080 * dfg/DFGGraph.h: 12081 (JSC::DFG::Graph::needsActivation): 12082 (Graph): 12083 (JSC::DFG::Graph::argumentIsCaptured): 12084 (JSC::DFG::Graph::localIsCaptured): 12085 (JSC::DFG::Graph::isCaptured): 12086 * dfg/DFGNode.h: 12087 (JSC::DFG::Node::shouldGenerate): 12088 * dfg/DFGPredictionPropagationPhase.cpp: 12089 (JSC::DFG::PredictionPropagationPhase::propagate): 12090 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): 12091 * dfg/DFGSpeculativeJIT.cpp: 12092 (DFG): 12093 (JSC::DFG::ValueSource::dump): 12094 (JSC::DFG::SpeculativeJIT::compile): 12095 * dfg/DFGSpeculativeJIT.h: 12096 (ValueSource): 12097 * dfg/DFGSpeculativeJIT32_64.cpp: 12098 (JSC::DFG::SpeculativeJIT::compile): 12099 * dfg/DFGSpeculativeJIT64.cpp: 12100 (JSC::DFG::SpeculativeJIT::compile): 12101 * dfg/DFGVirtualRegisterAllocationPhase.cpp: 12102 (JSC::DFG::VirtualRegisterAllocationPhase::run): 12103 121042012-02-24 Gavin Barraclough <barraclough@apple.com> 12105 12106 Should not allow malformed \x escapes 12107 https://bugs.webkit.org/show_bug.cgi?id=79462 12108 12109 Reviewed by Oliver Hunt. 12110 12111 * parser/Lexer.cpp: 12112 (JSC::::parseString): 12113 (JSC::::parseStringSlowCase): 12114 - Prohibit malformed '\x' escapes 12115 * tests/mozilla/ecma/Array/15.4.5.1-1.js: 12116 * tests/mozilla/ecma/LexicalConventions/7.7.4.js: 12117 * tests/mozilla/ecma_2/RegExp/hex-001.js: 12118 * tests/mozilla/js1_2/regexp/hexadecimal.js: 12119 - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik). 12120 121212012-02-24 Daniel Bates <dbates@webkit.org> 12122 12123 Fix change log entry for changeset r108819; add bug URL 12124 https://bugs.webkit.org/show_bug.cgi?id=79504 12125 12126 Changeset r108819 is associated with bug #79504. 12127 12128 * ChangeLog 12129 121302012-02-24 Daniel Bates <dbates@webkit.org> 12131 12132 Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp 12133 https://bugs.webkit.org/show_bug.cgi?id=79504 12134 12135 Reviewed by Oliver Hunt. 12136 12137 There are a few places in Interpreter.cpp that need to be updated to use 12138 ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to 12139 ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020> 12140 (https://bugs.webkit.org/show_bug.cgi?id=78791). 12141 12142 * interpreter/Interpreter.cpp: 12143 (JSC::getLineNumberForCallFrame): 12144 (JSC::getCallerInfo): 12145 (JSC::getSourceURLFromCallFrame): 12146 121472012-02-24 Adam Roben <aroben@apple.com> 12148 12149 Undo the BUILDING_WTF part of r108808 12150 12151 This broke the build, which is obviously worse than the linker warning it was trying to 12152 solve. 12153 12154 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 12155 121562012-02-24 Adam Roben <aroben@apple.com> 12157 12158 Fix linker warnings on Windows 12159 12160 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already 12161 exported via JS_EXPORTDATA. 12162 12163 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We 12164 aren't actually building WTF, but we are statically linking it, so we need to define this 12165 symbol so that we export WTF's exports. 12166 121672012-02-24 Philippe Normand <pnormand@igalia.com> 12168 12169 Fix GTK WebAudio build for WebKitGTK 1.7.90. 12170 12171 Patch by Priit Laes <plaes@plaes.org> on 2012-02-24 12172 Rubber-stamped by Philippe Normand. 12173 12174 * GNUmakefile.list.am: Add Complex.h to the list of files so it 12175 gets disted in the tarballs. 12176 121772012-02-24 Zoltan Herczeg <zherczeg@webkit.org> 12178 12179 [Qt] Buildfix for "Zero out CopiedBlocks on initialization". 12180 https://bugs.webkit.org/show_bug.cgi?id=79199 12181 12182 Ruber stamped by Csaba Osztrogonác. 12183 12184 Temporary fix since the new member wastes a little space on 12185 64 bit systems. Although it is harmless, it is only needed 12186 for 32 bit systems. 12187 12188 * heap/CopiedBlock.h: 12189 (CopiedBlock): 12190 121912012-02-24 Han Hojong <hojong.han@samsung.com> 12192 12193 Remove useless jump instructions for short circuit 12194 https://bugs.webkit.org/show_bug.cgi?id=75602 12195 12196 Reviewed by Michael Saboff. 12197 12198 Jump instruction is inserted to make short circuit, 12199 however it does nothing but moving to the next instruction. 12200 Therefore useless jump instructions are removed, 12201 and jump list is moved into the case not for a short circuit, 12202 so that only necessary instructions are added to JIT code 12203 unless it has a 16 bit pattern character and an 8 bit string. 12204 12205 * yarr/YarrJIT.cpp: 12206 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): 12207 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): 12208 122092012-02-24 Sheriff Bot <webkit.review.bot@gmail.com> 12210 12211 Unreviewed, rolling out r108731. 12212 http://trac.webkit.org/changeset/108731 12213 https://bugs.webkit.org/show_bug.cgi?id=79464 12214 12215 Broke Chromium Win tests (Requested by bashi on #webkit). 12216 12217 * wtf/Platform.h: 12218 122192012-02-24 Andrew Lo <anlo@rim.com> 12220 12221 [BlackBerry] Enable requestAnimationFrame 12222 https://bugs.webkit.org/show_bug.cgi?id=79408 12223 12224 Use timer implementation of requestAnimationFrame on BlackBerry. 12225 12226 Reviewed by Rob Buis. 12227 12228 * wtf/Platform.h: 12229 122302012-02-24 Mathias Bynens <mathias@qiwi.be> 12231 12232 `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5 12233 https://bugs.webkit.org/show_bug.cgi?id=78908 12234 12235 Add additional checks for zero-width non-joiner (0x200C) and 12236 zero-width joiner (0x200D) characters. 12237 12238 Reviewed by Michael Saboff. 12239 12240 * parser/Lexer.cpp: 12241 (JSC::isNonASCIIIdentPart) 12242 * runtime/LiteralParser.cpp: 12243 (JSC::::Lexer::lexIdentifier) 12244 122452012-02-23 Kenichi Ishibashi <bashi@chromium.org> 12246 12247 Adding WebSocket per-frame DEFLATE extension 12248 https://bugs.webkit.org/show_bug.cgi?id=77522 12249 12250 Added USE(ZLIB) flag. 12251 12252 Reviewed by Kent Tamura. 12253 12254 * wtf/Platform.h: 12255 122562012-02-23 Mark Hahnenberg <mhahnenberg@apple.com> 12257 12258 Zero out CopiedBlocks on initialization 12259 https://bugs.webkit.org/show_bug.cgi?id=79199 12260 12261 Reviewed by Filip Pizlo. 12262 12263 Made CopyBlocks zero their payloads during construction. This allows 12264 JSArray to avoid having to manually clear its backing store upon allocation 12265 and also alleviates any future pain with regard to the garbage collector trying 12266 to mark what it thinks are values in what is actually uninitialized memory. 12267 12268 * heap/CopiedBlock.h: 12269 (JSC::CopiedBlock::CopiedBlock): 12270 * runtime/JSArray.cpp: 12271 (JSC::JSArray::finishCreation): 12272 (JSC::JSArray::tryFinishCreationUninitialized): 12273 (JSC::JSArray::increaseVectorLength): 12274 (JSC::JSArray::unshiftCountSlowCase): 12275 122762012-02-23 Oliver Hunt <oliver@apple.com> 12277 12278 Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided 12279 https://bugs.webkit.org/show_bug.cgi?id=79407 12280 12281 Reviewed by Gavin Barraclough. 12282 12283 Outside of exception handling, we don't know what our source line number is. This 12284 change allows us to pass -1 is as the initial line number, and get the correct line 12285 number in the resultant stack trace. We can't completely elide the initial line 12286 number (yet) due to some idiosyncrasies of the exception handling machinery. 12287 12288 * interpreter/Interpreter.cpp: 12289 (JSC::getLineNumberForCallFrame): 12290 (JSC): 12291 (JSC::Interpreter::getStackTrace): 12292 122932012-02-22 Filip Pizlo <fpizlo@apple.com> 12294 12295 DFG OSR exit value profiling should have graceful handling of local variables and arguments 12296 https://bugs.webkit.org/show_bug.cgi?id=79310 12297 12298 Reviewed by Gavin Barraclough. 12299 12300 Previously, if we OSR exited because a prediction in a local was wrong, we'd 12301 only realize what the true type of the local was if the regular value profiling 12302 kicked in and told us. Unless the local was block-locally copy propagated, in 12303 which case we'd know from an OSR exit profile. 12304 12305 This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR 12306 exit because of a mispredicted local or argument type, we'll know what the type of 12307 the local or argument should be immediately upon exiting. 12308 12309 The way that local variable OSR exit profiling works is that we now have a lazily 12310 added set of OSR-exit-only value profiles for exit sites that are BadType and that 12311 cited a GetLocal as their value source. The value profiles are only added if the 12312 OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and 12313 operand. The look-up is performed by querying the 12314 CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains 12315 the bytecode index and the operand. Because the value profiles are added at random 12316 times, they are not sorted; instead they are just stored in an arbitrarily-ordered 12317 SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser 12318 creates a LazyOperandValueProfileParser, which turns the 12319 CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration 12320 of DFG parsing. 12321 12322 Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket 12323 into which values observed during OSR exit would be placed. Now it uses a lazy 12324 thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may 12325 either contain a ValueProfile inside it (which works for previous uses of OSR exit 12326 profiling) or it may just have knowledge of how to go about creating the 12327 LazyOperandValueProfile in the case that the OSR exit is actually taken. This 12328 ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks 12329 value profiling buckets unless we actually did OSR exit on every single operand, 12330 in every single instruction, in each code block (that's probably unlikely). 12331 12332 This appears to be neutral on the major benchmarks, but is a double-digit speed-up 12333 on code deliberately written to have data flow that spans basic blocks and where 12334 the code exhibits post-optimization polymorphism in a local variable. 12335 12336 * CMakeLists.txt: 12337 * GNUmakefile.list.am: 12338 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 12339 * JavaScriptCore.xcodeproj/project.pbxproj: 12340 * Target.pri: 12341 * bytecode/CodeBlock.cpp: 12342 (JSC::CodeBlock::stronglyVisitStrongReferences): 12343 * bytecode/CodeBlock.h: 12344 (CodeBlock): 12345 (JSC::CodeBlock::lazyOperandValueProfiles): 12346 * bytecode/LazyOperandValueProfile.cpp: Added. 12347 (JSC): 12348 (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder): 12349 (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder): 12350 (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions): 12351 (JSC::CompressedLazyOperandValueProfileHolder::add): 12352 (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser): 12353 (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser): 12354 (JSC::LazyOperandValueProfileParser::getIfPresent): 12355 (JSC::LazyOperandValueProfileParser::prediction): 12356 * bytecode/LazyOperandValueProfile.h: Added. 12357 (JSC): 12358 (LazyOperandValueProfileKey): 12359 (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey): 12360 (JSC::LazyOperandValueProfileKey::operator!): 12361 (JSC::LazyOperandValueProfileKey::operator==): 12362 (JSC::LazyOperandValueProfileKey::hash): 12363 (JSC::LazyOperandValueProfileKey::bytecodeOffset): 12364 (JSC::LazyOperandValueProfileKey::operand): 12365 (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue): 12366 (JSC::LazyOperandValueProfileKeyHash::hash): 12367 (JSC::LazyOperandValueProfileKeyHash::equal): 12368 (LazyOperandValueProfileKeyHash): 12369 (WTF): 12370 (JSC::LazyOperandValueProfile::LazyOperandValueProfile): 12371 (LazyOperandValueProfile): 12372 (JSC::LazyOperandValueProfile::key): 12373 (CompressedLazyOperandValueProfileHolder): 12374 (LazyOperandValueProfileParser): 12375 * bytecode/MethodOfGettingAValueProfile.cpp: Added. 12376 (JSC): 12377 (JSC::MethodOfGettingAValueProfile::fromLazyOperand): 12378 (JSC::MethodOfGettingAValueProfile::getSpecFailBucket): 12379 * bytecode/MethodOfGettingAValueProfile.h: Added. 12380 (JSC): 12381 (MethodOfGettingAValueProfile): 12382 (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile): 12383 (JSC::MethodOfGettingAValueProfile::operator!): 12384 * bytecode/ValueProfile.cpp: Removed. 12385 * bytecode/ValueProfile.h: 12386 (JSC): 12387 (ValueProfileBase): 12388 (JSC::ValueProfileBase::ValueProfileBase): 12389 (JSC::ValueProfileBase::dump): 12390 (JSC::ValueProfileBase::computeUpdatedPrediction): 12391 (JSC::MinimalValueProfile::MinimalValueProfile): 12392 (ValueProfileWithLogNumberOfBuckets): 12393 (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets): 12394 (JSC::ValueProfile::ValueProfile): 12395 (JSC::getValueProfileBytecodeOffset): 12396 (JSC::getRareCaseProfileBytecodeOffset): 12397 * dfg/DFGByteCodeParser.cpp: 12398 (ByteCodeParser): 12399 (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction): 12400 (JSC::DFG::ByteCodeParser::getLocal): 12401 (JSC::DFG::ByteCodeParser::getArgument): 12402 (InlineStackEntry): 12403 (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions): 12404 (DFG): 12405 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 12406 (JSC::DFG::ByteCodeParser::parse): 12407 * dfg/DFGDriver.cpp: 12408 (JSC::DFG::compile): 12409 * dfg/DFGGraph.h: 12410 (JSC::DFG::Graph::valueProfileFor): 12411 (JSC::DFG::Graph::methodOfGettingAValueProfileFor): 12412 (Graph): 12413 * dfg/DFGNode.h: 12414 (Node): 12415 * dfg/DFGOSRExit.cpp: 12416 (JSC::DFG::OSRExit::OSRExit): 12417 * dfg/DFGOSRExit.h: 12418 (OSRExit): 12419 * dfg/DFGOSRExitCompiler32_64.cpp: 12420 (JSC::DFG::OSRExitCompiler::compileExit): 12421 * dfg/DFGOSRExitCompiler64.cpp: 12422 (JSC::DFG::OSRExitCompiler::compileExit): 12423 * dfg/DFGPhase.cpp: 12424 (JSC::DFG::Phase::beginPhase): 12425 (JSC::DFG::Phase::endPhase): 12426 * dfg/DFGSpeculativeJIT.cpp: 12427 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 12428 * dfg/DFGSpeculativeJIT.h: 12429 (JSC::DFG::SpeculativeJIT::speculationCheck): 12430 * dfg/DFGVariableAccessData.h: 12431 (JSC::DFG::VariableAccessData::nonUnifiedPrediction): 12432 (VariableAccessData): 12433 124342012-02-23 Filip Pizlo <fpizlo@apple.com> 12435 12436 Build fix. 12437 12438 * llint/LLIntOffsetsExtractor.cpp: 12439 124402012-02-23 Kevin Ollivier <kevino@theolliviers.com> 12441 12442 [wx] Build fix, disable LLINT for now and fix ENABLE defines for it. 12443 12444 * llint/LLIntOffsetsExtractor.cpp: 12445 * wtf/Platform.h: 12446 124472012-02-23 Kevin Ollivier <kevino@theolliviers.com> 12448 12449 [wx] Build fix for non-Mac wx builds. 12450 12451 * runtime/DatePrototype.cpp: 12452 124532012-02-22 Filip Pizlo <fpizlo@apple.com> 12454 12455 DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment 12456 https://bugs.webkit.org/show_bug.cgi?id=79334 12457 12458 Reviewed by Oliver Hunt. 12459 12460 * dfg/DFGByteCodeParser.cpp: 12461 (JSC::DFG::ByteCodeParser::getLocal): 12462 (JSC::DFG::ByteCodeParser::getArgument): 12463 (JSC::DFG::ByteCodeParser::flush): 12464 124652012-02-23 Gavin Barraclough <barraclough@apple.com> 12466 12467 Object.isSealed / Object.isFrozen don't work for native objects 12468 https://bugs.webkit.org/show_bug.cgi?id=79331 12469 12470 Reviewed by Sam Weinig. 12471 12472 Need to inspect all properties, including static ones. 12473 This exposes a couple of bugs in Array & Arguments: 12474 - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length. 12475 - Arguments object's defineOwnProperty does not handle callee/caller/length correctly. 12476 12477 * runtime/Arguments.cpp: 12478 (JSC::Arguments::defineOwnProperty): 12479 - Add handling for callee/caller/length. 12480 * runtime/JSArray.cpp: 12481 (JSC::JSArray::getOwnPropertyDescriptor): 12482 - report length's writability correctly. 12483 * runtime/ObjectConstructor.cpp: 12484 (JSC::objectConstructorSeal): 12485 (JSC::objectConstructorFreeze): 12486 (JSC::objectConstructorIsSealed): 12487 (JSC::objectConstructorIsFrozen): 12488 - Add spec-based implementation for non-final objects. 12489 124902012-02-23 Gavin Barraclough <barraclough@apple.com> 12491 12492 pop of array hole should get from the prototype chain 12493 https://bugs.webkit.org/show_bug.cgi?id=79338 12494 12495 Reviewed by Sam Weinig. 12496 12497 * runtime/JSArray.cpp: 12498 (JSC::JSArray::pop): 12499 - If the fast fast vector case fails, more closely follow the spec. 12500 125012012-02-23 Yong Li <yoli@rim.com> 12502 12503 JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope() 12504 https://bugs.webkit.org/show_bug.cgi?id=79268 12505 12506 Reviewed by Michael Saboff. 12507 12508 resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory() 12509 after it fails to allocate a buffer for m_value. So outOfMemory() should assert 12510 isRope() rather than !isRope(). 12511 12512 * runtime/JSString.cpp: 12513 (JSC::JSString::outOfMemory): 12514 125152012-02-23 Patrick Gansterer <paroga@webkit.org> 12516 12517 [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro 12518 https://bugs.webkit.org/show_bug.cgi?id=79371 12519 12520 Reviewed by Daniel Bates. 12521 12522 * CMakeLists.txt: 12523 * shell/CMakeLists.txt: 12524 * wtf/CMakeLists.txt: 12525 125262012-02-23 Aron Rosenberg <arosenberg@logitech.com> 12527 12528 Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer. 12529 https://bugs.webkit.org/show_bug.cgi?id=76210 12530 12531 Add compile time check for Visual Studio 2005 or newer. 12532 12533 Reviewed by Simon Hausmann. 12534 12535 * os-win32/inttypes.h: 12536 125372012-02-22 Gavin Barraclough <barraclough@apple.com> 12538 12539 Implement [[DefineOwnProperty]] for the arguments object 12540 https://bugs.webkit.org/show_bug.cgi?id=79309 12541 12542 Reviewed by Sam Weinig. 12543 12544 * runtime/Arguments.cpp: 12545 (JSC::Arguments::deletePropertyByIndex): 12546 (JSC::Arguments::deleteProperty): 12547 - Deleting an argument should also delete the copy on the object, if any. 12548 (JSC::Arguments::defineOwnProperty): 12549 - Defining a property may override the live mapping. 12550 * runtime/Arguments.h: 12551 (Arguments): 12552 125532012-02-22 Gavin Barraclough <barraclough@apple.com> 12554 12555 Fix Object.freeze for non-final objects. 12556 https://bugs.webkit.org/show_bug.cgi?id=79286 12557 12558 Reviewed by Oliver Hunt. 12559 12560 For vanilla objects we implement this with a single transition, for objects 12561 with special properties we should just follow the spec defined algorithm. 12562 12563 * runtime/JSArray.cpp: 12564 (JSC::SparseArrayValueMap::put): 12565 - this does need to handle inextensible objects. 12566 * runtime/ObjectConstructor.cpp: 12567 (JSC::objectConstructorSeal): 12568 (JSC::objectConstructorFreeze): 12569 - Implement spec defined algorithm for non-final objects. 12570 * runtime/Structure.cpp: 12571 (JSC::Structure::Structure): 12572 (JSC::Structure::freezeTransition): 12573 - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto. 12574 * runtime/Structure.h: 12575 (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): 12576 (JSC::Structure::setHasGetterSetterProperties): 12577 (JSC::Structure::setContainsReadOnlyProperties): 12578 (Structure): 12579 - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto. 12580 125812012-02-22 Mark Hahnenberg <mhahnenberg@apple.com> 12582 12583 Allocations from CopiedBlocks should always be 8-byte aligned 12584 https://bugs.webkit.org/show_bug.cgi?id=79271 12585 12586 Reviewed by Geoffrey Garen. 12587 12588 * heap/CopiedAllocator.h: 12589 (JSC::CopiedAllocator::allocate): 12590 * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always 12591 guaranteed to be 8 byte aligned on both 64- and 32-bit platforms. 12592 (CopiedBlock): 12593 * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned. 12594 (JSC::CopiedSpace::tryAllocateOversize): 12595 (JSC::CopiedSpace::getFreshBlock): 12596 * heap/CopiedSpaceInlineMethods.h: 12597 (JSC::CopiedSpace::allocateFromBlock): 12598 * runtime/JSArray.h: 12599 (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte 12600 aligned on both 64- and 32-bit platforms. 12601 * wtf/StdLibExtras.h: 12602 (WTF::is8ByteAligned): Added new utility function that functions similarly to the 12603 way isPointerAligned does, but it just always checks for 8 byte alignment. 12604 (WTF): 12605 126062012-02-22 Sheriff Bot <webkit.review.bot@gmail.com> 12607 12608 Unreviewed, rolling out r108456. 12609 http://trac.webkit.org/changeset/108456 12610 https://bugs.webkit.org/show_bug.cgi?id=79223 12611 12612 Broke fast/regex/pcre-test-4.html and cannot find anyone on 12613 IRC (Requested by zherczeg on #webkit). 12614 12615 * yarr/YarrJIT.cpp: 12616 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): 12617 126182012-02-22 Sheriff Bot <webkit.review.bot@gmail.com> 12619 12620 Unreviewed, rolling out r108468. 12621 http://trac.webkit.org/changeset/108468 12622 https://bugs.webkit.org/show_bug.cgi?id=79219 12623 12624 Broke Chromium Win release build (Requested by bashi on 12625 #webkit). 12626 12627 * wtf/Platform.h: 12628 126292012-02-22 Kenichi Ishibashi <bashi@chromium.org> 12630 12631 Adding WebSocket per-frame DEFLATE extension 12632 https://bugs.webkit.org/show_bug.cgi?id=77522 12633 12634 Added USE(ZLIB) flag. 12635 12636 Reviewed by Kent Tamura. 12637 12638 * wtf/Platform.h: 12639 126402012-02-22 Hojong Han <hojong.han@samsung.com> 12641 12642 Short circuit fixed for a 16 bt pattern character and an 8 bit string. 12643 https://bugs.webkit.org/show_bug.cgi?id=75602 12644 12645 Reviewed by Gavin Barraclough. 12646 12647 * yarr/YarrJIT.cpp: 12648 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): 12649 126502012-02-21 Filip Pizlo <fpizlo@apple.com> 12651 12652 Build fix for systems with case sensitive disks. 12653 12654 * llint/LLIntOfflineAsmConfig.h: 12655 126562012-02-21 Filip Pizlo <fpizlo@apple.com> 12657 12658 JSC should be a triple-tier VM 12659 https://bugs.webkit.org/show_bug.cgi?id=75812 12660 <rdar://problem/10079694> 12661 12662 Reviewed by Gavin Barraclough. 12663 12664 Implemented an interpreter that uses the JIT's calling convention. This 12665 interpreter is called LLInt, or the Low Level Interpreter. JSC will now 12666 will start by executing code in LLInt and will only tier up to the old 12667 JIT after the code is proven hot. 12668 12669 LLInt is written in a modified form of our macro assembly. This new macro 12670 assembly is compiled by an offline assembler (see offlineasm), which 12671 implements many modern conveniences such as a Turing-complete CPS-based 12672 macro language and direct access to relevant C++ type information 12673 (basically offsets of fields and sizes of structs/classes). 12674 12675 Code executing in LLInt appears to the rest of the JSC world "as if" it 12676 were executing in the old JIT. Hence, things like exception handling and 12677 cross-execution-engine calls just work and require pretty much no 12678 additional overhead. 12679 12680 This interpreter is 2-2.5x faster than our old interpreter on SunSpider, 12681 V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider, 12682 V8, and Kraken, but appear to get a double-digit improvement on real-world 12683 websites due to a huge reduction in the amount of JIT'ing. 12684 12685 * CMakeLists.txt: 12686 * GNUmakefile.am: 12687 * GNUmakefile.list.am: 12688 * JavaScriptCore.pri: 12689 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 12690 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 12691 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 12692 * JavaScriptCore.xcodeproj/project.pbxproj: 12693 * Target.pri: 12694 * assembler/LinkBuffer.h: 12695 * assembler/MacroAssemblerCodeRef.h: 12696 (MacroAssemblerCodePtr): 12697 (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): 12698 * bytecode/BytecodeConventions.h: Added. 12699 * bytecode/CallLinkStatus.cpp: 12700 (JSC::CallLinkStatus::computeFromLLInt): 12701 (JSC): 12702 (JSC::CallLinkStatus::computeFor): 12703 * bytecode/CallLinkStatus.h: 12704 (JSC::CallLinkStatus::isSet): 12705 (JSC::CallLinkStatus::operator!): 12706 (CallLinkStatus): 12707 * bytecode/CodeBlock.cpp: 12708 (JSC::CodeBlock::dump): 12709 (JSC::CodeBlock::CodeBlock): 12710 (JSC::CodeBlock::~CodeBlock): 12711 (JSC::CodeBlock::finalizeUnconditionally): 12712 (JSC::CodeBlock::stronglyVisitStrongReferences): 12713 (JSC): 12714 (JSC::CodeBlock::unlinkCalls): 12715 (JSC::CodeBlock::unlinkIncomingCalls): 12716 (JSC::CodeBlock::bytecodeOffset): 12717 (JSC::ProgramCodeBlock::jettison): 12718 (JSC::EvalCodeBlock::jettison): 12719 (JSC::FunctionCodeBlock::jettison): 12720 (JSC::ProgramCodeBlock::jitCompileImpl): 12721 (JSC::EvalCodeBlock::jitCompileImpl): 12722 (JSC::FunctionCodeBlock::jitCompileImpl): 12723 * bytecode/CodeBlock.h: 12724 (JSC): 12725 (CodeBlock): 12726 (JSC::CodeBlock::baselineVersion): 12727 (JSC::CodeBlock::linkIncomingCall): 12728 (JSC::CodeBlock::bytecodeOffset): 12729 (JSC::CodeBlock::jitCompile): 12730 (JSC::CodeBlock::hasOptimizedReplacement): 12731 (JSC::CodeBlock::addPropertyAccessInstruction): 12732 (JSC::CodeBlock::addGlobalResolveInstruction): 12733 (JSC::CodeBlock::addLLIntCallLinkInfo): 12734 (JSC::CodeBlock::addGlobalResolveInfo): 12735 (JSC::CodeBlock::numberOfMethodCallLinkInfos): 12736 (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): 12737 (JSC::CodeBlock::likelyToTakeSlowCase): 12738 (JSC::CodeBlock::couldTakeSlowCase): 12739 (JSC::CodeBlock::likelyToTakeSpecialFastCase): 12740 (JSC::CodeBlock::likelyToTakeDeepestSlowCase): 12741 (JSC::CodeBlock::likelyToTakeAnySlowCase): 12742 (JSC::CodeBlock::addFrequentExitSite): 12743 (JSC::CodeBlock::dontJITAnytimeSoon): 12744 (JSC::CodeBlock::jitAfterWarmUp): 12745 (JSC::CodeBlock::jitSoon): 12746 (JSC::CodeBlock::llintExecuteCounter): 12747 (ProgramCodeBlock): 12748 (EvalCodeBlock): 12749 (FunctionCodeBlock): 12750 * bytecode/GetByIdStatus.cpp: 12751 (JSC::GetByIdStatus::computeFromLLInt): 12752 (JSC): 12753 (JSC::GetByIdStatus::computeFor): 12754 * bytecode/GetByIdStatus.h: 12755 (JSC::GetByIdStatus::GetByIdStatus): 12756 (JSC::GetByIdStatus::wasSeenInJIT): 12757 (GetByIdStatus): 12758 * bytecode/Instruction.h: 12759 (JSC): 12760 (JSC::Instruction::Instruction): 12761 (Instruction): 12762 * bytecode/LLIntCallLinkInfo.h: Added. 12763 (JSC): 12764 (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo): 12765 (LLIntCallLinkInfo): 12766 (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo): 12767 (JSC::LLIntCallLinkInfo::isLinked): 12768 (JSC::LLIntCallLinkInfo::unlink): 12769 * bytecode/MethodCallLinkStatus.cpp: 12770 (JSC::MethodCallLinkStatus::computeFor): 12771 * bytecode/Opcode.cpp: 12772 (JSC): 12773 * bytecode/Opcode.h: 12774 (JSC): 12775 (JSC::padOpcodeName): 12776 * bytecode/PutByIdStatus.cpp: 12777 (JSC::PutByIdStatus::computeFromLLInt): 12778 (JSC): 12779 (JSC::PutByIdStatus::computeFor): 12780 * bytecode/PutByIdStatus.h: 12781 (PutByIdStatus): 12782 * bytecompiler/BytecodeGenerator.cpp: 12783 (JSC::BytecodeGenerator::emitResolve): 12784 (JSC::BytecodeGenerator::emitResolveWithBase): 12785 (JSC::BytecodeGenerator::emitGetById): 12786 (JSC::BytecodeGenerator::emitPutById): 12787 (JSC::BytecodeGenerator::emitDirectPutById): 12788 (JSC::BytecodeGenerator::emitCall): 12789 (JSC::BytecodeGenerator::emitConstruct): 12790 (JSC::BytecodeGenerator::emitCatch): 12791 * dfg/DFGByteCodeParser.cpp: 12792 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): 12793 (JSC::DFG::ByteCodeParser::handleInlining): 12794 (JSC::DFG::ByteCodeParser::parseBlock): 12795 * dfg/DFGCapabilities.h: 12796 (JSC::DFG::canCompileOpcode): 12797 * dfg/DFGOSRExitCompiler.cpp: 12798 * dfg/DFGOperations.cpp: 12799 * heap/Heap.h: 12800 (JSC): 12801 (JSC::Heap::firstAllocatorWithoutDestructors): 12802 (Heap): 12803 * heap/MarkStack.cpp: 12804 (JSC::visitChildren): 12805 * heap/MarkedAllocator.h: 12806 (JSC): 12807 (MarkedAllocator): 12808 * heap/MarkedSpace.h: 12809 (JSC): 12810 (MarkedSpace): 12811 (JSC::MarkedSpace::firstAllocator): 12812 * interpreter/CallFrame.cpp: 12813 (JSC): 12814 (JSC::CallFrame::bytecodeOffsetForNonDFGCode): 12815 (JSC::CallFrame::setBytecodeOffsetForNonDFGCode): 12816 (JSC::CallFrame::currentVPC): 12817 (JSC::CallFrame::setCurrentVPC): 12818 (JSC::CallFrame::trueCallerFrame): 12819 * interpreter/CallFrame.h: 12820 (JSC::ExecState::hasReturnPC): 12821 (JSC::ExecState::clearReturnPC): 12822 (ExecState): 12823 (JSC::ExecState::bytecodeOffsetForNonDFGCode): 12824 (JSC::ExecState::currentVPC): 12825 (JSC::ExecState::setCurrentVPC): 12826 * interpreter/Interpreter.cpp: 12827 (JSC::Interpreter::Interpreter): 12828 (JSC::Interpreter::~Interpreter): 12829 (JSC): 12830 (JSC::Interpreter::initialize): 12831 (JSC::Interpreter::isOpcode): 12832 (JSC::Interpreter::unwindCallFrame): 12833 (JSC::getCallerInfo): 12834 (JSC::Interpreter::privateExecute): 12835 (JSC::Interpreter::retrieveLastCaller): 12836 * interpreter/Interpreter.h: 12837 (JSC): 12838 (Interpreter): 12839 (JSC::Interpreter::getOpcode): 12840 (JSC::Interpreter::getOpcodeID): 12841 (JSC::Interpreter::classicEnabled): 12842 * interpreter/RegisterFile.h: 12843 (JSC): 12844 (RegisterFile): 12845 * jit/ExecutableAllocator.h: 12846 (JSC): 12847 * jit/HostCallReturnValue.cpp: Added. 12848 (JSC): 12849 (JSC::getHostCallReturnValueWithExecState): 12850 * jit/HostCallReturnValue.h: Added. 12851 (JSC): 12852 (JSC::initializeHostCallReturnValue): 12853 * jit/JIT.cpp: 12854 (JSC::JIT::privateCompileMainPass): 12855 (JSC::JIT::privateCompileSlowCases): 12856 (JSC::JIT::privateCompile): 12857 * jit/JITCode.h: 12858 (JSC::JITCode::isOptimizingJIT): 12859 (JITCode): 12860 (JSC::JITCode::isBaselineCode): 12861 (JSC::JITCode::JITCode): 12862 * jit/JITDriver.h: 12863 (JSC::jitCompileIfAppropriate): 12864 (JSC::jitCompileFunctionIfAppropriate): 12865 * jit/JITExceptions.cpp: 12866 (JSC::jitThrow): 12867 * jit/JITInlineMethods.h: 12868 (JSC::JIT::updateTopCallFrame): 12869 * jit/JITStubs.cpp: 12870 (JSC::DEFINE_STUB_FUNCTION): 12871 (JSC): 12872 * jit/JITStubs.h: 12873 (JSC): 12874 * jit/JSInterfaceJIT.h: 12875 * llint: Added. 12876 * llint/LLIntCommon.h: Added. 12877 * llint/LLIntData.cpp: Added. 12878 (LLInt): 12879 (JSC::LLInt::Data::Data): 12880 (JSC::LLInt::Data::performAssertions): 12881 (JSC::LLInt::Data::~Data): 12882 * llint/LLIntData.h: Added. 12883 (JSC): 12884 (LLInt): 12885 (Data): 12886 (JSC::LLInt::Data::exceptionInstructions): 12887 (JSC::LLInt::Data::opcodeMap): 12888 (JSC::LLInt::Data::performAssertions): 12889 * llint/LLIntEntrypoints.cpp: Added. 12890 (LLInt): 12891 (JSC::LLInt::getFunctionEntrypoint): 12892 (JSC::LLInt::getEvalEntrypoint): 12893 (JSC::LLInt::getProgramEntrypoint): 12894 * llint/LLIntEntrypoints.h: Added. 12895 (JSC): 12896 (LLInt): 12897 (JSC::LLInt::getEntrypoint): 12898 * llint/LLIntExceptions.cpp: Added. 12899 (LLInt): 12900 (JSC::LLInt::interpreterThrowInCaller): 12901 (JSC::LLInt::returnToThrowForThrownException): 12902 (JSC::LLInt::returnToThrow): 12903 (JSC::LLInt::callToThrow): 12904 * llint/LLIntExceptions.h: Added. 12905 (JSC): 12906 (LLInt): 12907 * llint/LLIntOfflineAsmConfig.h: Added. 12908 * llint/LLIntOffsetsExtractor.cpp: Added. 12909 (JSC): 12910 (LLIntOffsetsExtractor): 12911 (JSC::LLIntOffsetsExtractor::dummy): 12912 (main): 12913 * llint/LLIntSlowPaths.cpp: Added. 12914 (LLInt): 12915 (JSC::LLInt::llint_trace_operand): 12916 (JSC::LLInt::llint_trace_value): 12917 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 12918 (JSC::LLInt::traceFunctionPrologue): 12919 (JSC::LLInt::shouldJIT): 12920 (JSC::LLInt::entryOSR): 12921 (JSC::LLInt::resolveGlobal): 12922 (JSC::LLInt::getByVal): 12923 (JSC::LLInt::handleHostCall): 12924 (JSC::LLInt::setUpCall): 12925 (JSC::LLInt::genericCall): 12926 * llint/LLIntSlowPaths.h: Added. 12927 (JSC): 12928 (LLInt): 12929 * llint/LLIntThunks.cpp: Added. 12930 (LLInt): 12931 (JSC::LLInt::generateThunkWithJumpTo): 12932 (JSC::LLInt::functionForCallEntryThunkGenerator): 12933 (JSC::LLInt::functionForConstructEntryThunkGenerator): 12934 (JSC::LLInt::functionForCallArityCheckThunkGenerator): 12935 (JSC::LLInt::functionForConstructArityCheckThunkGenerator): 12936 (JSC::LLInt::evalEntryThunkGenerator): 12937 (JSC::LLInt::programEntryThunkGenerator): 12938 * llint/LLIntThunks.h: Added. 12939 (JSC): 12940 (LLInt): 12941 * llint/LowLevelInterpreter.asm: Added. 12942 * llint/LowLevelInterpreter.cpp: Added. 12943 * llint/LowLevelInterpreter.h: Added. 12944 * offlineasm: Added. 12945 * offlineasm/armv7.rb: Added. 12946 * offlineasm/asm.rb: Added. 12947 * offlineasm/ast.rb: Added. 12948 * offlineasm/backends.rb: Added. 12949 * offlineasm/generate_offset_extractor.rb: Added. 12950 * offlineasm/instructions.rb: Added. 12951 * offlineasm/offset_extractor_constants.rb: Added. 12952 * offlineasm/offsets.rb: Added. 12953 * offlineasm/opt.rb: Added. 12954 * offlineasm/parser.rb: Added. 12955 * offlineasm/registers.rb: Added. 12956 * offlineasm/self_hash.rb: Added. 12957 * offlineasm/settings.rb: Added. 12958 * offlineasm/transform.rb: Added. 12959 * offlineasm/x86.rb: Added. 12960 * runtime/CodeSpecializationKind.h: Added. 12961 (JSC): 12962 * runtime/CommonSlowPaths.h: 12963 (JSC::CommonSlowPaths::arityCheckFor): 12964 (CommonSlowPaths): 12965 * runtime/Executable.cpp: 12966 (JSC::jettisonCodeBlock): 12967 (JSC): 12968 (JSC::EvalExecutable::jitCompile): 12969 (JSC::samplingDescription): 12970 (JSC::EvalExecutable::compileInternal): 12971 (JSC::ProgramExecutable::jitCompile): 12972 (JSC::ProgramExecutable::compileInternal): 12973 (JSC::FunctionExecutable::baselineCodeBlockFor): 12974 (JSC::FunctionExecutable::jitCompileForCall): 12975 (JSC::FunctionExecutable::jitCompileForConstruct): 12976 (JSC::FunctionExecutable::compileForCallInternal): 12977 (JSC::FunctionExecutable::compileForConstructInternal): 12978 * runtime/Executable.h: 12979 (JSC): 12980 (EvalExecutable): 12981 (ProgramExecutable): 12982 (FunctionExecutable): 12983 (JSC::FunctionExecutable::jitCompileFor): 12984 * runtime/ExecutionHarness.h: Added. 12985 (JSC): 12986 (JSC::prepareForExecution): 12987 (JSC::prepareFunctionForExecution): 12988 * runtime/JSArray.h: 12989 (JSC): 12990 (JSArray): 12991 * runtime/JSCell.h: 12992 (JSC): 12993 (JSCell): 12994 * runtime/JSFunction.h: 12995 (JSC): 12996 (JSFunction): 12997 * runtime/JSGlobalData.cpp: 12998 (JSC::JSGlobalData::JSGlobalData): 12999 * runtime/JSGlobalData.h: 13000 (JSC): 13001 (JSGlobalData): 13002 * runtime/JSGlobalObject.h: 13003 (JSC): 13004 (JSGlobalObject): 13005 * runtime/JSObject.h: 13006 (JSC): 13007 (JSObject): 13008 (JSFinalObject): 13009 * runtime/JSPropertyNameIterator.h: 13010 (JSC): 13011 (JSPropertyNameIterator): 13012 * runtime/JSString.h: 13013 (JSC): 13014 (JSString): 13015 * runtime/JSTypeInfo.h: 13016 (JSC): 13017 (TypeInfo): 13018 * runtime/JSValue.cpp: 13019 (JSC::JSValue::description): 13020 * runtime/JSValue.h: 13021 (LLInt): 13022 (JSValue): 13023 * runtime/JSVariableObject.h: 13024 (JSC): 13025 (JSVariableObject): 13026 * runtime/Options.cpp: 13027 (Options): 13028 (JSC::Options::initializeOptions): 13029 * runtime/Options.h: 13030 (Options): 13031 * runtime/ScopeChain.h: 13032 (JSC): 13033 (ScopeChainNode): 13034 * runtime/Structure.cpp: 13035 (JSC::Structure::addPropertyTransition): 13036 * runtime/Structure.h: 13037 (JSC): 13038 (Structure): 13039 * runtime/StructureChain.h: 13040 (JSC): 13041 (StructureChain): 13042 * wtf/InlineASM.h: 13043 * wtf/Platform.h: 13044 * wtf/SentinelLinkedList.h: 13045 (SentinelLinkedList): 13046 (WTF::SentinelLinkedList::isEmpty): 13047 * wtf/text/StringImpl.h: 13048 (JSC): 13049 (StringImpl): 13050 130512012-02-21 Oliver Hunt <oliver@apple.com> 13052 13053 Unbreak double-typed arrays on ARMv7 13054 https://bugs.webkit.org/show_bug.cgi?id=79177 13055 13056 Reviewed by Gavin Barraclough. 13057 13058 The existing code had completely broken address arithmetic. 13059 13060 * JSCTypedArrayStubs.h: 13061 (JSC): 13062 * assembler/MacroAssemblerARMv7.h: 13063 (JSC::MacroAssemblerARMv7::storeDouble): 13064 (JSC::MacroAssemblerARMv7::storeFloat): 13065 130662012-02-21 Gavin Barraclough <barraclough@apple.com> 13067 13068 Should be able to reconfigure a non-configurable property as read-only 13069 https://bugs.webkit.org/show_bug.cgi?id=79170 13070 13071 Reviewed by Sam Weinig. 13072 13073 See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable, 13074 but does not inhibit making a writable property read-only. 13075 13076 * runtime/JSGlobalData.cpp: 13077 (JSC::JSGlobalData::JSGlobalData): 13078 * runtime/JSGlobalData.h: 13079 (JSC::JSGlobalData::setInDefineOwnProperty): 13080 (JSGlobalData): 13081 (JSC::JSGlobalData::isInDefineOwnProperty): 13082 - Added flag, tracking whether we are in JSObject::defineOwnProperty. 13083 * runtime/JSObject.cpp: 13084 (JSC::JSObject::deleteProperty): 13085 (DefineOwnPropertyScope): 13086 - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing! 13087 (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope): 13088 (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope): 13089 - Added RAII helper. 13090 (JSC::JSObject::defineOwnProperty): 13091 - Track on the globalData when we are in this method. 13092 130932012-02-21 Oliver Hunt <oliver@apple.com> 13094 13095 Make TypedArrays be available in commandline jsc 13096 https://bugs.webkit.org/show_bug.cgi?id=79163 13097 13098 Reviewed by Gavin Barraclough. 13099 13100 Adds a compile time option to have jsc support a basic implementation 13101 of the TypedArrays available in WebCore. This lets us test the typed 13102 array logic in the JIT witout having to build webcore. 13103 13104 * JSCTypedArrayStubs.h: Added. 13105 (JSC): 13106 * JavaScriptCore.xcodeproj/project.pbxproj: 13107 * jsc.cpp: 13108 (GlobalObject::finishCreation): 13109 (GlobalObject): 13110 (GlobalObject::addConstructableFunction): 13111 * runtime/JSGlobalData.h: 13112 (JSGlobalData): 13113 131142012-02-21 Tom Sepez <tsepez@chromium.org> 13115 13116 equalIgnoringNullity() only comparing half the bytes for equality 13117 https://bugs.webkit.org/show_bug.cgi?id=79135 13118 13119 Reviewed by Adam Barth. 13120 13121 * wtf/text/StringImpl.h: 13122 (WTF::equalIgnoringNullity): 13123 131242012-02-21 Roland Takacs <takacs.roland@stud.u-szeged.hu> 13125 13126 Unnecessary preprocessor macros in MainThread.h/cpp 13127 https://bugs.webkit.org/show_bug.cgi?id=79083 13128 13129 Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro. 13130 13131 * wtf/MainThread.cpp: 13132 (WTF): 13133 * wtf/MainThread.h: 13134 (WTF): 13135 131362012-02-21 Sam Weinig <sam@webkit.org> 13137 13138 Attempt to fix the Snow Leopard build. 13139 13140 * Configurations/Base.xcconfig: 13141 131422012-02-21 Sam Weinig <sam@webkit.org> 13143 13144 Use libc++ when building with Clang on Mac 13145 https://bugs.webkit.org/show_bug.cgi?id=78981 13146 13147 Reviewed by Dan Bernstein. 13148 13149 * Configurations/Base.xcconfig: 13150 131512012-02-21 Adam Roben <aroben@apple.com> 13152 13153 Roll out r108309, r108323, and r108326 13154 13155 They broke the 32-bit Lion build. 13156 13157 Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>. 13158 13159 * CMakeLists.txt: 13160 * GNUmakefile.am: 13161 * GNUmakefile.list.am: 13162 * JavaScriptCore.pri: 13163 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 13164 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 13165 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 13166 * JavaScriptCore.xcodeproj/project.pbxproj: 13167 * Target.pri: 13168 * assembler/LinkBuffer.h: 13169 * assembler/MacroAssemblerCodeRef.h: 13170 * bytecode/BytecodeConventions.h: Removed. 13171 * bytecode/CallLinkStatus.cpp: 13172 * bytecode/CallLinkStatus.h: 13173 * bytecode/CodeBlock.cpp: 13174 * bytecode/CodeBlock.h: 13175 * bytecode/GetByIdStatus.cpp: 13176 * bytecode/GetByIdStatus.h: 13177 * bytecode/Instruction.h: 13178 * bytecode/LLIntCallLinkInfo.h: Removed. 13179 * bytecode/MethodCallLinkStatus.cpp: 13180 * bytecode/Opcode.cpp: 13181 * bytecode/Opcode.h: 13182 * bytecode/PutByIdStatus.cpp: 13183 * bytecode/PutByIdStatus.h: 13184 * bytecompiler/BytecodeGenerator.cpp: 13185 * dfg/DFGByteCodeParser.cpp: 13186 * dfg/DFGCapabilities.h: 13187 * dfg/DFGOSRExitCompiler.cpp: 13188 * dfg/DFGOperations.cpp: 13189 * heap/Heap.h: 13190 * heap/MarkStack.cpp: 13191 * heap/MarkedAllocator.h: 13192 * heap/MarkedSpace.h: 13193 * interpreter/CallFrame.cpp: 13194 * interpreter/CallFrame.h: 13195 * interpreter/Interpreter.cpp: 13196 * interpreter/Interpreter.h: 13197 * interpreter/RegisterFile.h: 13198 * jit/ExecutableAllocator.h: 13199 * jit/HostCallReturnValue.cpp: Removed. 13200 * jit/HostCallReturnValue.h: Removed. 13201 * jit/JIT.cpp: 13202 * jit/JITCode.h: 13203 * jit/JITDriver.h: 13204 * jit/JITExceptions.cpp: 13205 * jit/JITInlineMethods.h: 13206 * jit/JITStubs.cpp: 13207 * jit/JITStubs.h: 13208 * jit/JSInterfaceJIT.h: 13209 * llint/LLIntCommon.h: Removed. 13210 * llint/LLIntData.cpp: Removed. 13211 * llint/LLIntData.h: Removed. 13212 * llint/LLIntEntrypoints.cpp: Removed. 13213 * llint/LLIntEntrypoints.h: Removed. 13214 * llint/LLIntExceptions.cpp: Removed. 13215 * llint/LLIntExceptions.h: Removed. 13216 * llint/LLIntOfflineAsmConfig.h: Removed. 13217 * llint/LLIntOffsetsExtractor.cpp: Removed. 13218 * llint/LLIntSlowPaths.cpp: Removed. 13219 * llint/LLIntSlowPaths.h: Removed. 13220 * llint/LLIntThunks.cpp: Removed. 13221 * llint/LLIntThunks.h: Removed. 13222 * llint/LowLevelInterpreter.asm: Removed. 13223 * llint/LowLevelInterpreter.cpp: Removed. 13224 * llint/LowLevelInterpreter.h: Removed. 13225 * offlineasm/armv7.rb: Removed. 13226 * offlineasm/asm.rb: Removed. 13227 * offlineasm/ast.rb: Removed. 13228 * offlineasm/backends.rb: Removed. 13229 * offlineasm/generate_offset_extractor.rb: Removed. 13230 * offlineasm/instructions.rb: Removed. 13231 * offlineasm/offset_extractor_constants.rb: Removed. 13232 * offlineasm/offsets.rb: Removed. 13233 * offlineasm/opt.rb: Removed. 13234 * offlineasm/parser.rb: Removed. 13235 * offlineasm/registers.rb: Removed. 13236 * offlineasm/self_hash.rb: Removed. 13237 * offlineasm/settings.rb: Removed. 13238 * offlineasm/transform.rb: Removed. 13239 * offlineasm/x86.rb: Removed. 13240 * runtime/CodeSpecializationKind.h: Removed. 13241 * runtime/CommonSlowPaths.h: 13242 * runtime/Executable.cpp: 13243 * runtime/Executable.h: 13244 * runtime/ExecutionHarness.h: Removed. 13245 * runtime/JSArray.h: 13246 * runtime/JSCell.h: 13247 * runtime/JSFunction.h: 13248 * runtime/JSGlobalData.cpp: 13249 * runtime/JSGlobalData.h: 13250 * runtime/JSGlobalObject.h: 13251 * runtime/JSObject.h: 13252 * runtime/JSPropertyNameIterator.h: 13253 * runtime/JSString.h: 13254 * runtime/JSTypeInfo.h: 13255 * runtime/JSValue.cpp: 13256 * runtime/JSValue.h: 13257 * runtime/JSVariableObject.h: 13258 * runtime/Options.cpp: 13259 * runtime/Options.h: 13260 * runtime/ScopeChain.h: 13261 * runtime/Structure.cpp: 13262 * runtime/Structure.h: 13263 * runtime/StructureChain.h: 13264 * wtf/InlineASM.h: 13265 * wtf/Platform.h: 13266 * wtf/SentinelLinkedList.h: 13267 * wtf/text/StringImpl.h: 13268 132692012-02-21 Gustavo Noronha Silva <kov@debian.org> and Bob Tracy <rct@frus.com> 13270 13271 Does not build on IA64, SPARC and Alpha 13272 https://bugs.webkit.org/show_bug.cgi?id=79047 13273 13274 Rubber-stamped by Kent Tamura. 13275 13276 * wtf/dtoa/utils.h: these architectures also have correct double 13277 operations, so add them to the appropriate side of the check. 13278 132792012-02-21 Filip Pizlo <fpizlo@apple.com> 13280 13281 Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build. 13282 https://bugs.webkit.org/show_bug.cgi?id=75812 13283 13284 Reviewed by Csaba Osztrogonác. 13285 13286 * dfg/DFGOperations.cpp: 13287 (JSC): 13288 * jit/HostCallReturnValue.h: 13289 (JSC::initializeHostCallReturnValue): 13290 132912012-02-21 Filip Pizlo <fpizlo@apple.com> 13292 13293 Attempted build fix for ELF platforms. 13294 13295 * dfg/DFGOperations.cpp: 13296 (JSC): 13297 (JSC::getHostCallReturnValueWithExecState): 13298 * jit/HostCallReturnValue.cpp: 13299 (JSC): 13300 * jit/HostCallReturnValue.h: 13301 (JSC::initializeHostCallReturnValue): 13302 133032012-02-20 Filip Pizlo <fpizlo@apple.com> 13304 13305 JSC should be a triple-tier VM 13306 https://bugs.webkit.org/show_bug.cgi?id=75812 13307 <rdar://problem/10079694> 13308 13309 Reviewed by Gavin Barraclough. 13310 13311 Implemented an interpreter that uses the JIT's calling convention. This 13312 interpreter is called LLInt, or the Low Level Interpreter. JSC will now 13313 will start by executing code in LLInt and will only tier up to the old 13314 JIT after the code is proven hot. 13315 13316 LLInt is written in a modified form of our macro assembly. This new macro 13317 assembly is compiled by an offline assembler (see offlineasm), which 13318 implements many modern conveniences such as a Turing-complete CPS-based 13319 macro language and direct access to relevant C++ type information 13320 (basically offsets of fields and sizes of structs/classes). 13321 13322 Code executing in LLInt appears to the rest of the JSC world "as if" it 13323 were executing in the old JIT. Hence, things like exception handling and 13324 cross-execution-engine calls just work and require pretty much no 13325 additional overhead. 13326 13327 This interpreter is 2-2.5x faster than our old interpreter on SunSpider, 13328 V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider, 13329 V8, and Kraken, but appear to get a double-digit improvement on real-world 13330 websites due to a huge reduction in the amount of JIT'ing. 13331 13332 * CMakeLists.txt: 13333 * GNUmakefile.am: 13334 * GNUmakefile.list.am: 13335 * JavaScriptCore.pri: 13336 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 13337 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 13338 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 13339 * JavaScriptCore.xcodeproj/project.pbxproj: 13340 * Target.pri: 13341 * assembler/LinkBuffer.h: 13342 * assembler/MacroAssemblerCodeRef.h: 13343 (MacroAssemblerCodePtr): 13344 (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): 13345 * bytecode/BytecodeConventions.h: Added. 13346 * bytecode/CallLinkStatus.cpp: 13347 (JSC::CallLinkStatus::computeFromLLInt): 13348 (JSC): 13349 (JSC::CallLinkStatus::computeFor): 13350 * bytecode/CallLinkStatus.h: 13351 (JSC::CallLinkStatus::isSet): 13352 (JSC::CallLinkStatus::operator!): 13353 (CallLinkStatus): 13354 * bytecode/CodeBlock.cpp: 13355 (JSC::CodeBlock::dump): 13356 (JSC::CodeBlock::CodeBlock): 13357 (JSC::CodeBlock::~CodeBlock): 13358 (JSC::CodeBlock::finalizeUnconditionally): 13359 (JSC::CodeBlock::stronglyVisitStrongReferences): 13360 (JSC): 13361 (JSC::CodeBlock::unlinkCalls): 13362 (JSC::CodeBlock::unlinkIncomingCalls): 13363 (JSC::CodeBlock::bytecodeOffset): 13364 (JSC::ProgramCodeBlock::jettison): 13365 (JSC::EvalCodeBlock::jettison): 13366 (JSC::FunctionCodeBlock::jettison): 13367 (JSC::ProgramCodeBlock::jitCompileImpl): 13368 (JSC::EvalCodeBlock::jitCompileImpl): 13369 (JSC::FunctionCodeBlock::jitCompileImpl): 13370 * bytecode/CodeBlock.h: 13371 (JSC): 13372 (CodeBlock): 13373 (JSC::CodeBlock::baselineVersion): 13374 (JSC::CodeBlock::linkIncomingCall): 13375 (JSC::CodeBlock::bytecodeOffset): 13376 (JSC::CodeBlock::jitCompile): 13377 (JSC::CodeBlock::hasOptimizedReplacement): 13378 (JSC::CodeBlock::addPropertyAccessInstruction): 13379 (JSC::CodeBlock::addGlobalResolveInstruction): 13380 (JSC::CodeBlock::addLLIntCallLinkInfo): 13381 (JSC::CodeBlock::addGlobalResolveInfo): 13382 (JSC::CodeBlock::numberOfMethodCallLinkInfos): 13383 (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): 13384 (JSC::CodeBlock::likelyToTakeSlowCase): 13385 (JSC::CodeBlock::couldTakeSlowCase): 13386 (JSC::CodeBlock::likelyToTakeSpecialFastCase): 13387 (JSC::CodeBlock::likelyToTakeDeepestSlowCase): 13388 (JSC::CodeBlock::likelyToTakeAnySlowCase): 13389 (JSC::CodeBlock::addFrequentExitSite): 13390 (JSC::CodeBlock::dontJITAnytimeSoon): 13391 (JSC::CodeBlock::jitAfterWarmUp): 13392 (JSC::CodeBlock::jitSoon): 13393 (JSC::CodeBlock::llintExecuteCounter): 13394 (ProgramCodeBlock): 13395 (EvalCodeBlock): 13396 (FunctionCodeBlock): 13397 * bytecode/GetByIdStatus.cpp: 13398 (JSC::GetByIdStatus::computeFromLLInt): 13399 (JSC): 13400 (JSC::GetByIdStatus::computeFor): 13401 * bytecode/GetByIdStatus.h: 13402 (JSC::GetByIdStatus::GetByIdStatus): 13403 (JSC::GetByIdStatus::wasSeenInJIT): 13404 (GetByIdStatus): 13405 * bytecode/Instruction.h: 13406 (JSC): 13407 (JSC::Instruction::Instruction): 13408 (Instruction): 13409 * bytecode/LLIntCallLinkInfo.h: Added. 13410 (JSC): 13411 (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo): 13412 (LLIntCallLinkInfo): 13413 (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo): 13414 (JSC::LLIntCallLinkInfo::isLinked): 13415 (JSC::LLIntCallLinkInfo::unlink): 13416 * bytecode/MethodCallLinkStatus.cpp: 13417 (JSC::MethodCallLinkStatus::computeFor): 13418 * bytecode/Opcode.cpp: 13419 (JSC): 13420 * bytecode/Opcode.h: 13421 (JSC): 13422 (JSC::padOpcodeName): 13423 * bytecode/PutByIdStatus.cpp: 13424 (JSC::PutByIdStatus::computeFromLLInt): 13425 (JSC): 13426 (JSC::PutByIdStatus::computeFor): 13427 * bytecode/PutByIdStatus.h: 13428 (PutByIdStatus): 13429 * bytecompiler/BytecodeGenerator.cpp: 13430 (JSC::BytecodeGenerator::emitResolve): 13431 (JSC::BytecodeGenerator::emitResolveWithBase): 13432 (JSC::BytecodeGenerator::emitGetById): 13433 (JSC::BytecodeGenerator::emitPutById): 13434 (JSC::BytecodeGenerator::emitDirectPutById): 13435 (JSC::BytecodeGenerator::emitCall): 13436 (JSC::BytecodeGenerator::emitConstruct): 13437 (JSC::BytecodeGenerator::emitCatch): 13438 * dfg/DFGByteCodeParser.cpp: 13439 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): 13440 (JSC::DFG::ByteCodeParser::handleInlining): 13441 (JSC::DFG::ByteCodeParser::parseBlock): 13442 * dfg/DFGCapabilities.h: 13443 (JSC::DFG::canCompileOpcode): 13444 * dfg/DFGOSRExitCompiler.cpp: 13445 * dfg/DFGOperations.cpp: 13446 * heap/Heap.h: 13447 (JSC): 13448 (JSC::Heap::firstAllocatorWithoutDestructors): 13449 (Heap): 13450 * heap/MarkStack.cpp: 13451 (JSC::visitChildren): 13452 * heap/MarkedAllocator.h: 13453 (JSC): 13454 (MarkedAllocator): 13455 * heap/MarkedSpace.h: 13456 (JSC): 13457 (MarkedSpace): 13458 (JSC::MarkedSpace::firstAllocator): 13459 * interpreter/CallFrame.cpp: 13460 (JSC): 13461 (JSC::CallFrame::bytecodeOffsetForNonDFGCode): 13462 (JSC::CallFrame::setBytecodeOffsetForNonDFGCode): 13463 (JSC::CallFrame::currentVPC): 13464 (JSC::CallFrame::setCurrentVPC): 13465 (JSC::CallFrame::trueCallerFrame): 13466 * interpreter/CallFrame.h: 13467 (JSC::ExecState::hasReturnPC): 13468 (JSC::ExecState::clearReturnPC): 13469 (ExecState): 13470 (JSC::ExecState::bytecodeOffsetForNonDFGCode): 13471 (JSC::ExecState::currentVPC): 13472 (JSC::ExecState::setCurrentVPC): 13473 * interpreter/Interpreter.cpp: 13474 (JSC::Interpreter::Interpreter): 13475 (JSC::Interpreter::~Interpreter): 13476 (JSC): 13477 (JSC::Interpreter::initialize): 13478 (JSC::Interpreter::isOpcode): 13479 (JSC::Interpreter::unwindCallFrame): 13480 (JSC::getCallerInfo): 13481 (JSC::Interpreter::privateExecute): 13482 (JSC::Interpreter::retrieveLastCaller): 13483 * interpreter/Interpreter.h: 13484 (JSC): 13485 (Interpreter): 13486 (JSC::Interpreter::getOpcode): 13487 (JSC::Interpreter::getOpcodeID): 13488 (JSC::Interpreter::classicEnabled): 13489 * interpreter/RegisterFile.h: 13490 (JSC): 13491 (RegisterFile): 13492 * jit/ExecutableAllocator.h: 13493 (JSC): 13494 * jit/HostCallReturnValue.cpp: Added. 13495 (JSC): 13496 (JSC::getHostCallReturnValueWithExecState): 13497 * jit/HostCallReturnValue.h: Added. 13498 (JSC): 13499 (JSC::initializeHostCallReturnValue): 13500 * jit/JIT.cpp: 13501 (JSC::JIT::privateCompileMainPass): 13502 (JSC::JIT::privateCompileSlowCases): 13503 (JSC::JIT::privateCompile): 13504 * jit/JITCode.h: 13505 (JSC::JITCode::isOptimizingJIT): 13506 (JITCode): 13507 (JSC::JITCode::isBaselineCode): 13508 (JSC::JITCode::JITCode): 13509 * jit/JITDriver.h: 13510 (JSC::jitCompileIfAppropriate): 13511 (JSC::jitCompileFunctionIfAppropriate): 13512 * jit/JITExceptions.cpp: 13513 (JSC::jitThrow): 13514 * jit/JITInlineMethods.h: 13515 (JSC::JIT::updateTopCallFrame): 13516 * jit/JITStubs.cpp: 13517 (JSC::DEFINE_STUB_FUNCTION): 13518 (JSC): 13519 * jit/JITStubs.h: 13520 (JSC): 13521 * jit/JSInterfaceJIT.h: 13522 * llint: Added. 13523 * llint/LLIntCommon.h: Added. 13524 * llint/LLIntData.cpp: Added. 13525 (LLInt): 13526 (JSC::LLInt::Data::Data): 13527 (JSC::LLInt::Data::performAssertions): 13528 (JSC::LLInt::Data::~Data): 13529 * llint/LLIntData.h: Added. 13530 (JSC): 13531 (LLInt): 13532 (Data): 13533 (JSC::LLInt::Data::exceptionInstructions): 13534 (JSC::LLInt::Data::opcodeMap): 13535 (JSC::LLInt::Data::performAssertions): 13536 * llint/LLIntEntrypoints.cpp: Added. 13537 (LLInt): 13538 (JSC::LLInt::getFunctionEntrypoint): 13539 (JSC::LLInt::getEvalEntrypoint): 13540 (JSC::LLInt::getProgramEntrypoint): 13541 * llint/LLIntEntrypoints.h: Added. 13542 (JSC): 13543 (LLInt): 13544 (JSC::LLInt::getEntrypoint): 13545 * llint/LLIntExceptions.cpp: Added. 13546 (LLInt): 13547 (JSC::LLInt::interpreterThrowInCaller): 13548 (JSC::LLInt::returnToThrowForThrownException): 13549 (JSC::LLInt::returnToThrow): 13550 (JSC::LLInt::callToThrow): 13551 * llint/LLIntExceptions.h: Added. 13552 (JSC): 13553 (LLInt): 13554 * llint/LLIntOfflineAsmConfig.h: Added. 13555 * llint/LLIntOffsetsExtractor.cpp: Added. 13556 (JSC): 13557 (LLIntOffsetsExtractor): 13558 (JSC::LLIntOffsetsExtractor::dummy): 13559 (main): 13560 * llint/LLIntSlowPaths.cpp: Added. 13561 (LLInt): 13562 (JSC::LLInt::llint_trace_operand): 13563 (JSC::LLInt::llint_trace_value): 13564 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 13565 (JSC::LLInt::traceFunctionPrologue): 13566 (JSC::LLInt::shouldJIT): 13567 (JSC::LLInt::entryOSR): 13568 (JSC::LLInt::resolveGlobal): 13569 (JSC::LLInt::getByVal): 13570 (JSC::LLInt::handleHostCall): 13571 (JSC::LLInt::setUpCall): 13572 (JSC::LLInt::genericCall): 13573 * llint/LLIntSlowPaths.h: Added. 13574 (JSC): 13575 (LLInt): 13576 * llint/LLIntThunks.cpp: Added. 13577 (LLInt): 13578 (JSC::LLInt::generateThunkWithJumpTo): 13579 (JSC::LLInt::functionForCallEntryThunkGenerator): 13580 (JSC::LLInt::functionForConstructEntryThunkGenerator): 13581 (JSC::LLInt::functionForCallArityCheckThunkGenerator): 13582 (JSC::LLInt::functionForConstructArityCheckThunkGenerator): 13583 (JSC::LLInt::evalEntryThunkGenerator): 13584 (JSC::LLInt::programEntryThunkGenerator): 13585 * llint/LLIntThunks.h: Added. 13586 (JSC): 13587 (LLInt): 13588 * llint/LowLevelInterpreter.asm: Added. 13589 * llint/LowLevelInterpreter.cpp: Added. 13590 * llint/LowLevelInterpreter.h: Added. 13591 * offlineasm: Added. 13592 * offlineasm/armv7.rb: Added. 13593 * offlineasm/asm.rb: Added. 13594 * offlineasm/ast.rb: Added. 13595 * offlineasm/backends.rb: Added. 13596 * offlineasm/generate_offset_extractor.rb: Added. 13597 * offlineasm/instructions.rb: Added. 13598 * offlineasm/offset_extractor_constants.rb: Added. 13599 * offlineasm/offsets.rb: Added. 13600 * offlineasm/opt.rb: Added. 13601 * offlineasm/parser.rb: Added. 13602 * offlineasm/registers.rb: Added. 13603 * offlineasm/self_hash.rb: Added. 13604 * offlineasm/settings.rb: Added. 13605 * offlineasm/transform.rb: Added. 13606 * offlineasm/x86.rb: Added. 13607 * runtime/CodeSpecializationKind.h: Added. 13608 (JSC): 13609 * runtime/CommonSlowPaths.h: 13610 (JSC::CommonSlowPaths::arityCheckFor): 13611 (CommonSlowPaths): 13612 * runtime/Executable.cpp: 13613 (JSC::jettisonCodeBlock): 13614 (JSC): 13615 (JSC::EvalExecutable::jitCompile): 13616 (JSC::samplingDescription): 13617 (JSC::EvalExecutable::compileInternal): 13618 (JSC::ProgramExecutable::jitCompile): 13619 (JSC::ProgramExecutable::compileInternal): 13620 (JSC::FunctionExecutable::baselineCodeBlockFor): 13621 (JSC::FunctionExecutable::jitCompileForCall): 13622 (JSC::FunctionExecutable::jitCompileForConstruct): 13623 (JSC::FunctionExecutable::compileForCallInternal): 13624 (JSC::FunctionExecutable::compileForConstructInternal): 13625 * runtime/Executable.h: 13626 (JSC): 13627 (EvalExecutable): 13628 (ProgramExecutable): 13629 (FunctionExecutable): 13630 (JSC::FunctionExecutable::jitCompileFor): 13631 * runtime/ExecutionHarness.h: Added. 13632 (JSC): 13633 (JSC::prepareForExecution): 13634 (JSC::prepareFunctionForExecution): 13635 * runtime/JSArray.h: 13636 (JSC): 13637 (JSArray): 13638 * runtime/JSCell.h: 13639 (JSC): 13640 (JSCell): 13641 * runtime/JSFunction.h: 13642 (JSC): 13643 (JSFunction): 13644 * runtime/JSGlobalData.cpp: 13645 (JSC::JSGlobalData::JSGlobalData): 13646 * runtime/JSGlobalData.h: 13647 (JSC): 13648 (JSGlobalData): 13649 * runtime/JSGlobalObject.h: 13650 (JSC): 13651 (JSGlobalObject): 13652 * runtime/JSObject.h: 13653 (JSC): 13654 (JSObject): 13655 (JSFinalObject): 13656 * runtime/JSPropertyNameIterator.h: 13657 (JSC): 13658 (JSPropertyNameIterator): 13659 * runtime/JSString.h: 13660 (JSC): 13661 (JSString): 13662 * runtime/JSTypeInfo.h: 13663 (JSC): 13664 (TypeInfo): 13665 * runtime/JSValue.cpp: 13666 (JSC::JSValue::description): 13667 * runtime/JSValue.h: 13668 (LLInt): 13669 (JSValue): 13670 * runtime/JSVariableObject.h: 13671 (JSC): 13672 (JSVariableObject): 13673 * runtime/Options.cpp: 13674 (Options): 13675 (JSC::Options::initializeOptions): 13676 * runtime/Options.h: 13677 (Options): 13678 * runtime/ScopeChain.h: 13679 (JSC): 13680 (ScopeChainNode): 13681 * runtime/Structure.cpp: 13682 (JSC::Structure::addPropertyTransition): 13683 * runtime/Structure.h: 13684 (JSC): 13685 (Structure): 13686 * runtime/StructureChain.h: 13687 (JSC): 13688 (StructureChain): 13689 * wtf/InlineASM.h: 13690 * wtf/Platform.h: 13691 * wtf/SentinelLinkedList.h: 13692 (SentinelLinkedList): 13693 (WTF::SentinelLinkedList::isEmpty): 13694 * wtf/text/StringImpl.h: 13695 (JSC): 13696 (StringImpl): 13697 136982012-02-20 Filip Pizlo <fpizlo@apple.com> 13699 13700 Unreviewed, rolling out http://trac.webkit.org/changeset/108291 13701 It completely broke the 32-bit JIT. 13702 13703 * heap/CopiedAllocator.h: 13704 * heap/CopiedSpace.h: 13705 (CopiedSpace): 13706 * heap/Heap.h: 13707 (JSC::Heap::allocatorForObjectWithDestructor): 13708 * jit/JIT.cpp: 13709 (JSC::JIT::privateCompileSlowCases): 13710 * jit/JIT.h: 13711 (JIT): 13712 * jit/JITInlineMethods.h: 13713 (JSC): 13714 * jit/JITOpcodes.cpp: 13715 (JSC::JIT::emit_op_new_array): 13716 * runtime/JSArray.cpp: 13717 (JSC::storageSize): 13718 (JSC): 13719 * runtime/JSArray.h: 13720 (ArrayStorage): 13721 (JSArray): 13722 137232012-02-20 Gavin Barraclough <barraclough@apple.com> 13724 13725 [[Put]] should throw if prototype chain contains a readonly property. 13726 https://bugs.webkit.org/show_bug.cgi?id=79069 13727 13728 Reviewed by Oliver Hunt. 13729 13730 Currently we only check the base of the put, not the prototype chain. 13731 Fold this check in with the test for accessors. 13732 13733 * runtime/JSObject.cpp: 13734 (JSC::JSObject::put): 13735 - Updated to test all objects in the propotype chain for readonly properties. 13736 (JSC::JSObject::putDirectAccessor): 13737 (JSC::putDescriptor): 13738 - Record the presence of readonly properties on the structure. 13739 * runtime/Structure.cpp: 13740 (JSC::Structure::Structure): 13741 - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto. 13742 * runtime/Structure.h: 13743 (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): 13744 (JSC::Structure::setHasGetterSetterProperties): 13745 - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto. 13746 (JSC::Structure::setContainsReadOnlyProperties): 13747 - Added. 13748 137492012-02-20 Mark Hahnenberg <mhahnenberg@apple.com> 13750 13751 Implement fast path for op_new_array in the baseline JIT 13752 https://bugs.webkit.org/show_bug.cgi?id=78612 13753 13754 Reviewed by Filip Pizlo. 13755 13756 * heap/CopiedAllocator.h: 13757 (CopiedAllocator): Friended the JIT to allow access to m_currentOffset. 13758 * heap/CopiedSpace.h: 13759 (CopiedSpace): Friended the JIT to allow access to 13760 (JSC::CopiedSpace::allocator): 13761 * heap/Heap.h: 13762 (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT 13763 can use it for simple allocation i.e. when we can just bump the offset without having to 13764 do anything else. 13765 * jit/JIT.cpp: 13766 (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when 13767 we have to bail out because the fast allocation path fails for whatever reason. 13768 * jit/JIT.h: 13769 (JIT): 13770 * jit/JITInlineMethods.h: 13771 (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 13772 allocate generic backing stores. This function is used by emitAllocateJSArray. 13773 (JSC): 13774 (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 13775 more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 13776 it will also be used for emit_op_new_array_buffer. 13777 * jit/JITOpcodes.cpp: 13778 (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 13779 a stub call for oversize arrays. 13780 (JSC): 13781 (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on 13782 the fast path. 13783 * runtime/JSArray.cpp: 13784 (JSC): 13785 * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 13786 initialize in the JIT. 13787 (ArrayStorage): 13788 (JSC::ArrayStorage::lengthOffset): 13789 (JSC::ArrayStorage::numValuesInVectorOffset): 13790 (JSC::ArrayStorage::allocBaseOffset): 13791 (JSC::ArrayStorage::vectorOffset): 13792 (JSArray): 13793 (JSC::JSArray::sparseValueMapOffset): 13794 (JSC::JSArray::subclassDataOffset): 13795 (JSC::JSArray::indexBiasOffset): 13796 (JSC): 13797 (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file 13798 to being a static function in the JSArray class. This move allows the JIT to call it to 13799 see what size it should allocate. 13800 138012012-02-20 Gavin Barraclough <barraclough@apple.com> 13802 13803 DefineOwnProperty fails with numeric properties & Object.prototype 13804 https://bugs.webkit.org/show_bug.cgi?id=79059 13805 13806 Reviewed by Oliver Hunt. 13807 13808 ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names), 13809 calls to defineOwnProperty need to update this cache. 13810 13811 * runtime/ObjectPrototype.cpp: 13812 (JSC::ObjectPrototype::put): 13813 (JSC::ObjectPrototype::defineOwnProperty): 13814 (JSC): 13815 (JSC::ObjectPrototype::getOwnPropertySlotByIndex): 13816 * runtime/ObjectPrototype.h: 13817 (ObjectPrototype): 13818 138192012-02-20 Pino Toscano <pino@debian.org> 13820 13821 Does not build on GNU Hurd 13822 https://bugs.webkit.org/show_bug.cgi?id=79045 13823 13824 Reviewed by Gustavo Noronha Silva. 13825 13826 * wtf/Platform.h: define WTF_OS_HURD. 13827 * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix 13828 for the lack of PTHREAD_KEYS_MAX definition, with a value which 13829 should not cause issues. 13830 138312012-02-20 Gavin Barraclough <barraclough@apple.com> 13832 13833 Unreviewed windows build fix. 13834 13835 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 13836 138372012-02-20 Mark Hahnenberg <mhahnenberg@apple.com> 13838 13839 Undoing accidental changes 13840 13841 * heap/Heap.cpp: 13842 (JSC::Heap::collectAllGarbage): 13843 138442012-02-20 Mark Hahnenberg <mhahnenberg@apple.com> 13845 13846 Factor out allocation in CopySpace into a separate CopyAllocator 13847 https://bugs.webkit.org/show_bug.cgi?id=78610 13848 13849 Reviewed by Oliver Hunt. 13850 13851 Added a new CopyAllocator class, which allows us to do allocations without 13852 having to load the current offset and store the current offset in the current 13853 block. This change will allow us to easily do inline assembly in the JIT for 13854 array allocations. 13855 13856 * GNUmakefile.list.am: 13857 * JavaScriptCore.gypi: 13858 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 13859 * JavaScriptCore.xcodeproj/project.pbxproj: 13860 * heap/CopiedAllocator.h: Added. 13861 (JSC): 13862 (CopiedAllocator): 13863 (JSC::CopiedAllocator::currentBlock): 13864 (JSC::CopiedAllocator::CopiedAllocator): 13865 (JSC::CopiedAllocator::allocate): 13866 (JSC::CopiedAllocator::fitsInCurrentBlock): 13867 (JSC::CopiedAllocator::wasLastAllocation): 13868 (JSC::CopiedAllocator::startedCopying): 13869 (JSC::CopiedAllocator::resetCurrentBlock): 13870 (JSC::CopiedAllocator::currentUtilization): 13871 (JSC::CopiedAllocator::resetLastAllocation): 13872 * heap/CopiedBlock.h: 13873 (CopiedBlock): 13874 * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we 13875 weren't really getting any benefits from having such big functions in a header file. 13876 (JSC::CopiedSpace::CopiedSpace): 13877 (JSC): 13878 (JSC::CopiedSpace::init): 13879 (JSC::CopiedSpace::tryAllocateSlowCase): 13880 (JSC::CopiedSpace::tryAllocateOversize): 13881 (JSC::CopiedSpace::tryReallocate): 13882 (JSC::CopiedSpace::tryReallocateOversize): 13883 (JSC::CopiedSpace::doneFillingBlock): 13884 (JSC::CopiedSpace::doneCopying): 13885 (JSC::CopiedSpace::getFreshBlock): 13886 * heap/CopiedSpace.h: 13887 (CopiedSpace): 13888 * heap/CopiedSpaceInlineMethods.h: 13889 (JSC): 13890 (JSC::CopiedSpace::startedCopying): 13891 (JSC::CopiedSpace::addNewBlock): 13892 (JSC::CopiedSpace::allocateNewBlock): 13893 (JSC::CopiedSpace::fitsInBlock): 13894 (JSC::CopiedSpace::tryAllocate): 13895 (JSC::CopiedSpace::allocateFromBlock): 13896 * heap/Heap.cpp: 13897 (JSC::Heap::collectAllGarbage): 13898 * heap/HeapBlock.h: 13899 (HeapBlock): 13900 139012012-02-20 Patrick Gansterer <paroga@webkit.org> 13902 13903 Fix Visual Studio 2010 build. 13904 13905 * bytecompiler/NodesCodegen.cpp: 13906 (JSC::PropertyListNode::emitBytecode): 13907 139082012-02-16 Gavin Barraclough <barraclough@apple.com> 13909 13910 Move special __proto__ property to Object.prototype 13911 https://bugs.webkit.org/show_bug.cgi?id=78409 13912 13913 Reviewed by Oliver Hunt. 13914 13915 Re-implement this as a regular accessor property. This has three key benefits: 13916 1) It makes it possible for objects to be given properties named __proto__. 13917 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. 13918 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. 13919 13920 * parser/Parser.cpp: 13921 (JSC::::parseFunctionInfo): 13922 - No need to prohibit functions named __proto__. 13923 * runtime/JSGlobalObject.cpp: 13924 (JSC::JSGlobalObject::reset): 13925 - Add __proto__ accessor to Object.prototype. 13926 * runtime/JSGlobalObjectFunctions.cpp: 13927 (JSC::globalFuncProtoGetter): 13928 (JSC::globalFuncProtoSetter): 13929 - Definition of the __proto__ accessor functions. 13930 * runtime/JSGlobalObjectFunctions.h: 13931 - Declaration of the __proto__ accessor functions. 13932 * runtime/JSObject.cpp: 13933 (JSC::JSObject::put): 13934 - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. 13935 (JSC::JSObject::putDirectAccessor): 13936 - Track on the structure whether an object contains accessors other than one for __proto__. 13937 (JSC::JSObject::defineOwnProperty): 13938 - No need to prohibit definition of own properties named __proto__. 13939 * runtime/JSObject.h: 13940 (JSC::JSObject::inlineGetOwnPropertySlot): 13941 - Remove the special handling for __proto__. 13942 (JSC::JSValue::get): 13943 - Remove the special handling for __proto__. 13944 * runtime/JSString.cpp: 13945 (JSC::JSString::getOwnPropertySlot): 13946 - Remove the special handling for __proto__. 13947 * runtime/JSValue.h: 13948 (JSValue): 13949 - Made synthesizePrototype public (this may be needed by the __proto__ getter). 13950 * runtime/ObjectConstructor.cpp: 13951 (JSC::objectConstructorGetPrototypeOf): 13952 - Perform the security check & call prototype() directly. 13953 * runtime/Structure.cpp: 13954 (JSC::Structure::Structure): 13955 - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. 13956 * runtime/Structure.h: 13957 (JSC::Structure::hasGetterSetterPropertiesExcludingProto): 13958 (JSC::Structure::setHasGetterSetterProperties): 13959 (Structure): 13960 - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. 13961 139622012-02-20 Michael Saboff <msaboff@apple.com> 13963 13964 Update toLower and toUpper tests for Unicode 6.1 changes 13965 https://bugs.webkit.org/show_bug.cgi?id=78923 13966 13967 Reviewed by Oliver Hunt. 13968 13969 * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test 13970 to handle a third set of results for updated Unicode 6.1 13971 changes. 13972 (getTestCases): 13973 (TestCaseMultiExpected): 13974 (writeTestCaseResultMultiExpected): 13975 (getTestCaseResultMultiExpected): 13976 (test): 13977 (GetUnicodeValues): 13978 (DecimalToHexString): 13979 139802012-02-20 Andy Wingo <wingo@igalia.com> 13981 13982 Remove unused features from CodeFeatures 13983 https://bugs.webkit.org/show_bug.cgi?id=78804 13984 13985 Reviewed by Gavin Barraclough. 13986 13987 * parser/Nodes.h: 13988 * parser/ASTBuilder.h: 13989 (JSC::ClosureFeature): 13990 (JSC::ASTBuilder::createFunctionBody): 13991 (JSC::ASTBuilder::usesClosures): 13992 Remove "ClosureFeature". Since we track captured variables more 13993 precisely, this bit doesn't do us any good. 13994 13995 (JSC::AssignFeature): 13996 (JSC::ASTBuilder::makeAssignNode): 13997 (JSC::ASTBuilder::makePrefixNode): 13998 (JSC::ASTBuilder::makePostfixNode): 13999 (JSC::ASTBuilder::usesAssignment): 14000 Similarly, remove AssignFeature. It is unused. 14001 140022012-02-19 Carlos Garcia Campos <cgarcia@igalia.com> 14003 14004 Unreviewed. Fix make distcheck issues. 14005 14006 * GNUmakefile.list.am: Add missing files. 14007 140082012-02-18 Sam Weinig <sam@webkit.org> 14009 14010 Fix style issues in DFG Phase classes 14011 https://bugs.webkit.org/show_bug.cgi?id=78983 14012 14013 Reviewed by Ryosuke Niwa. 14014 14015 * dfg/DFGArithNodeFlagsInferencePhase.cpp: 14016 * dfg/DFGCFAPhase.cpp: 14017 * dfg/DFGCSEPhase.cpp: 14018 * dfg/DFGPredictionPropagationPhase.cpp: 14019 * dfg/DFGVirtualRegisterAllocationPhase.cpp: 14020 Add a space before the colon in class declarations. 14021 140222012-02-18 Filip Pizlo <fpizlo@apple.com> 14023 14024 Attempt to fix Windows build. 14025 14026 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 14027 140282012-02-18 Sam Weinig <sam@webkit.org> 14029 14030 Fix the libc++ build. 14031 14032 Reviewed by Anders Carlsson. 14033 14034 * heap/Weak.h: 14035 Libc++'s nullptr emulation does not allow default construction 14036 of the nullptr_t type. Work around this with the arguably clearer 14037 just returning nullptr. 14038 140392012-02-18 Filip Pizlo <fpizlo@apple.com> 14040 14041 DFGPropagator.cpp has too many things 14042 https://bugs.webkit.org/show_bug.cgi?id=78956 14043 14044 Reviewed by Oliver Hunt. 14045 14046 Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its 14047 various things and put them into separate files. These new phases follow 14048 the naming convention "DFG<name>Phase" where <name> is a noun. They are 14049 called via functions of the form "perform<name>". 14050 14051 * CMakeLists.txt: 14052 * GNUmakefile.list.am: 14053 * JavaScriptCore.xcodeproj/project.pbxproj: 14054 * Target.pri: 14055 * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added. 14056 (DFG): 14057 (JSC::DFG::performArithNodeFlagsInference): 14058 * dfg/DFGArithNodeFlagsInferencePhase.h: Added. 14059 (DFG): 14060 * dfg/DFGCFAPhase.cpp: Added. 14061 (DFG): 14062 (JSC::DFG::performCFA): 14063 * dfg/DFGCFAPhase.h: Added. 14064 (DFG): 14065 * dfg/DFGCSEPhase.cpp: Added. 14066 (DFG): 14067 (JSC::DFG::performCSE): 14068 * dfg/DFGCSEPhase.h: Added. 14069 (DFG): 14070 * dfg/DFGDriver.cpp: 14071 (JSC::DFG::compile): 14072 * dfg/DFGPhase.cpp: Added. 14073 (DFG): 14074 (JSC::DFG::Phase::beginPhase): 14075 (JSC::DFG::Phase::endPhase): 14076 * dfg/DFGPhase.h: Added. 14077 (DFG): 14078 (Phase): 14079 (JSC::DFG::Phase::Phase): 14080 (JSC::DFG::Phase::~Phase): 14081 (JSC::DFG::Phase::globalData): 14082 (JSC::DFG::Phase::codeBlock): 14083 (JSC::DFG::Phase::profiledBlock): 14084 (JSC::DFG::Phase::beginPhase): 14085 (JSC::DFG::Phase::endPhase): 14086 (JSC::DFG::runPhase): 14087 * dfg/DFGPredictionPropagationPhase.cpp: Added. 14088 (DFG): 14089 (JSC::DFG::performPredictionPropagation): 14090 * dfg/DFGPredictionPropagationPhase.h: Added. 14091 (DFG): 14092 * dfg/DFGPropagator.cpp: Removed. 14093 * dfg/DFGPropagator.h: Removed. 14094 * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added. 14095 (DFG): 14096 (JSC::DFG::performVirtualRegisterAllocation): 14097 * dfg/DFGVirtualRegisterAllocationPhase.h: Added. 14098 (DFG): 14099 141002012-02-17 Filip Pizlo <fpizlo@apple.com> 14101 14102 DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and 14103 the CodeBlock that was used for profiling 14104 https://bugs.webkit.org/show_bug.cgi?id=78954 14105 14106 Reviewed by Gavin Barraclough. 14107 14108 * bytecode/CodeBlock.h: 14109 (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): 14110 (JSC): 14111 * dfg/DFGAbstractState.cpp: 14112 (JSC::DFG::AbstractState::AbstractState): 14113 (JSC::DFG::AbstractState::execute): 14114 * dfg/DFGAbstractState.h: 14115 * dfg/DFGAssemblyHelpers.h: 14116 (AssemblyHelpers): 14117 * dfg/DFGByteCodeParser.cpp: 14118 (JSC::DFG::ByteCodeParser::ByteCodeParser): 14119 (JSC::DFG::ByteCodeParser::handleCall): 14120 (JSC::DFG::parse): 14121 * dfg/DFGByteCodeParser.h: 14122 (DFG): 14123 * dfg/DFGDriver.cpp: 14124 (JSC::DFG::compile): 14125 * dfg/DFGGraph.cpp: 14126 (JSC::DFG::Graph::dump): 14127 (JSC::DFG::Graph::predictArgumentTypes): 14128 * dfg/DFGGraph.h: 14129 (JSC::DFG::Graph::Graph): 14130 (Graph): 14131 (JSC::DFG::Graph::getJSConstantPrediction): 14132 (JSC::DFG::Graph::addShouldSpeculateInteger): 14133 (JSC::DFG::Graph::isInt32Constant): 14134 (JSC::DFG::Graph::isDoubleConstant): 14135 (JSC::DFG::Graph::isNumberConstant): 14136 (JSC::DFG::Graph::isBooleanConstant): 14137 (JSC::DFG::Graph::isFunctionConstant): 14138 (JSC::DFG::Graph::valueOfJSConstant): 14139 (JSC::DFG::Graph::valueOfInt32Constant): 14140 (JSC::DFG::Graph::valueOfNumberConstant): 14141 (JSC::DFG::Graph::valueOfBooleanConstant): 14142 (JSC::DFG::Graph::valueOfFunctionConstant): 14143 (JSC::DFG::Graph::baselineCodeBlockFor): 14144 (JSC::DFG::Graph::valueProfileFor): 14145 (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): 14146 * dfg/DFGJITCompiler.h: 14147 (JSC::DFG::JITCompiler::JITCompiler): 14148 (JITCompiler): 14149 * dfg/DFGOSRExit.cpp: 14150 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): 14151 * dfg/DFGPropagator.cpp: 14152 (JSC::DFG::Propagator::Propagator): 14153 (JSC::DFG::Propagator::isNotNegZero): 14154 (JSC::DFG::Propagator::isNotZero): 14155 (JSC::DFG::Propagator::propagateNodePredictions): 14156 (JSC::DFG::Propagator::doRoundOfDoubleVoting): 14157 (JSC::DFG::Propagator::globalCFA): 14158 (JSC::DFG::propagate): 14159 * dfg/DFGPropagator.h: 14160 (DFG): 14161 * dfg/DFGSpeculativeJIT.cpp: 14162 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 14163 (JSC::DFG::SpeculativeJIT::compileAdd): 14164 (JSC::DFG::SpeculativeJIT::compileArithSub): 14165 * dfg/DFGSpeculativeJIT.h: 14166 (JSC::DFG::SpeculativeJIT::isConstant): 14167 (JSC::DFG::SpeculativeJIT::isJSConstant): 14168 (JSC::DFG::SpeculativeJIT::isInt32Constant): 14169 (JSC::DFG::SpeculativeJIT::isDoubleConstant): 14170 (JSC::DFG::SpeculativeJIT::isNumberConstant): 14171 (JSC::DFG::SpeculativeJIT::isBooleanConstant): 14172 (JSC::DFG::SpeculativeJIT::isFunctionConstant): 14173 (JSC::DFG::SpeculativeJIT::valueOfInt32Constant): 14174 (JSC::DFG::SpeculativeJIT::valueOfNumberConstant): 14175 (JSC::DFG::SpeculativeJIT::valueOfJSConstant): 14176 (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant): 14177 (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant): 14178 (JSC::DFG::SpeculativeJIT::speculationCheck): 14179 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 14180 141812012-02-17 Ahmad Sharif <asharif.tools@gmail.com> 14182 14183 There is a warning in memset in glibc that gets triggered through a 14184 warndecl when the fill-value of memset is a non-zero constant and the 14185 size is zero. This warning is enabled when building with 14186 -D_FORTIFY_SOURCE=2. This patch fixes the warning. 14187 14188 https://bugs.webkit.org/show_bug.cgi?id=78513 14189 14190 Reviewed by Alexey Proskuryakov 14191 14192 * wtf/Vector.h: 14193 141942012-02-17 Kalev Lember <kalevlember@gmail.com> 14195 14196 Remove unused parameters from WTF threading API 14197 https://bugs.webkit.org/show_bug.cgi?id=78389 14198 14199 Reviewed by Adam Roben. 14200 14201 waitForThreadCompletion() had an out param 'void **result' to get the 14202 'void *' returned by ThreadFunction. However, the implementation in 14203 ThreadingWin.cpp ignored the out param, not filling it in. This had 14204 led to a situation where none of the client code made use of the param 14205 and just ignored it. 14206 14207 To clean this up, the patch changes the signature of ThreadFunction to 14208 return void instead of void* and drops the the unused 'void **result' 14209 parameter from waitForThreadCompletion. Also, all client code is 14210 updated for the API change. 14211 14212 As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even 14213 though the change only affects internal API, Safari is using it 14214 directly and we'll need to keep the old versions around for ABI 14215 compatibility. For this, the patch adds compatibility wrappers with 14216 the old ABI. 14217 14218 * JavaScriptCore.order: 14219 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 14220 * bytecode/SamplingTool.cpp: 14221 (JSC::SamplingThread::threadStartFunc): 14222 (JSC::SamplingThread::stop): 14223 * bytecode/SamplingTool.h: 14224 (SamplingThread): 14225 * heap/Heap.cpp: 14226 (JSC::Heap::~Heap): 14227 (JSC::Heap::blockFreeingThreadStartFunc): 14228 * heap/Heap.h: 14229 * heap/MarkStack.cpp: 14230 (JSC::MarkStackThreadSharedData::markingThreadStartFunc): 14231 (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData): 14232 * heap/MarkStack.h: 14233 (MarkStackThreadSharedData): 14234 * wtf/ParallelJobsGeneric.cpp: 14235 (WTF::ParallelEnvironment::ThreadPrivate::workerThread): 14236 * wtf/ParallelJobsGeneric.h: 14237 (ThreadPrivate): 14238 * wtf/ThreadFunctionInvocation.h: Update the signature of 14239 ThreadFunction. 14240 (WTF): 14241 * wtf/Threading.cpp: 14242 (WTF::threadEntryPoint): Update for ThreadFunction signature change. 14243 (WTF): 14244 (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation): 14245 ABI compatibility function for Safari. 14246 (ThreadFunctionWithReturnValueInvocation): Ditto. 14247 (WTF::compatEntryPoint): Ditto. 14248 (WTF::createThread): Ditto. 14249 (WTF::waitForThreadCompletion): Ditto. 14250 * wtf/Threading.h: Update the signature of ThreadFunction and 14251 waitForThreadCompletion. 14252 (WTF): 14253 * wtf/ThreadingPthreads.cpp: Implement the new API. 14254 (WTF::wtfThreadEntryPoint): 14255 (WTF): 14256 (WTF::createThreadInternal): 14257 (WTF::waitForThreadCompletion): 14258 * wtf/ThreadingWin.cpp: Implement the new API. 14259 (WTF::wtfThreadEntryPoint): 14260 (WTF::waitForThreadCompletion): 14261 142622012-02-16 Oliver Hunt <oliver@apple.com> 14263 14264 Implement Error.stack 14265 https://bugs.webkit.org/show_bug.cgi?id=66994 14266 14267 Reviewed by Gavin Barraclough. 14268 14269 Implement support for stack traces on exception objects. This is a rewrite 14270 of the core portion of the last stack walking logic, but the mechanical work 14271 of adding the information to an exception comes from the original work by 14272 Juan Carlos Montemayor Elosua. 14273 14274 * interpreter/Interpreter.cpp: 14275 (JSC::getCallerInfo): 14276 (JSC): 14277 (JSC::getSourceURLFromCallFrame): 14278 (JSC::getStackFrameCodeType): 14279 (JSC::Interpreter::getStackTrace): 14280 (JSC::Interpreter::throwException): 14281 (JSC::Interpreter::privateExecute): 14282 * interpreter/Interpreter.h: 14283 (JSC): 14284 (StackFrame): 14285 (JSC::StackFrame::toString): 14286 (Interpreter): 14287 * jsc.cpp: 14288 (GlobalObject::finishCreation): 14289 (functionJSCStack): 14290 * parser/Nodes.h: 14291 (JSC::FunctionBodyNode::setInferredName): 14292 * parser/Parser.h: 14293 (JSC::::parse): 14294 * runtime/CommonIdentifiers.h: 14295 * runtime/Error.cpp: 14296 (JSC::addErrorInfo): 14297 * runtime/Error.h: 14298 (JSC): 14299 143002012-02-17 Mark Hahnenberg <mhahnenberg@apple.com> 14301 14302 Rename Bump* to Copy* 14303 https://bugs.webkit.org/show_bug.cgi?id=78573 14304 14305 Reviewed by Geoffrey Garen. 14306 14307 Renamed anything with "Bump" in the name to have "Copied" instead. 14308 14309 * CMakeLists.txt: 14310 * GNUmakefile.list.am: 14311 * JavaScriptCore.gypi: 14312 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 14313 * JavaScriptCore.xcodeproj/project.pbxproj: 14314 * Target.pri: 14315 * heap/BumpBlock.h: Removed. 14316 * heap/BumpSpace.cpp: Removed. 14317 * heap/BumpSpace.h: Removed. 14318 * heap/BumpSpaceInlineMethods.h: Removed. 14319 * heap/ConservativeRoots.cpp: 14320 (JSC::ConservativeRoots::ConservativeRoots): 14321 (JSC::ConservativeRoots::genericAddPointer): 14322 * heap/ConservativeRoots.h: 14323 (ConservativeRoots): 14324 * heap/CopiedBlock.h: Added. 14325 (JSC): 14326 (CopiedBlock): 14327 (JSC::CopiedBlock::CopiedBlock): 14328 * heap/CopiedSpace.cpp: Added. 14329 (JSC): 14330 (JSC::CopiedSpace::tryAllocateSlowCase): 14331 * heap/CopiedSpace.h: Added. 14332 (JSC): 14333 (CopiedSpace): 14334 (JSC::CopiedSpace::isInCopyPhase): 14335 (JSC::CopiedSpace::totalMemoryAllocated): 14336 (JSC::CopiedSpace::totalMemoryUtilized): 14337 * heap/CopiedSpaceInlineMethods.h: Added. 14338 (JSC): 14339 (JSC::CopiedSpace::CopiedSpace): 14340 (JSC::CopiedSpace::init): 14341 (JSC::CopiedSpace::contains): 14342 (JSC::CopiedSpace::pin): 14343 (JSC::CopiedSpace::startedCopying): 14344 (JSC::CopiedSpace::doneCopying): 14345 (JSC::CopiedSpace::doneFillingBlock): 14346 (JSC::CopiedSpace::recycleBlock): 14347 (JSC::CopiedSpace::getFreshBlock): 14348 (JSC::CopiedSpace::borrowBlock): 14349 (JSC::CopiedSpace::addNewBlock): 14350 (JSC::CopiedSpace::allocateNewBlock): 14351 (JSC::CopiedSpace::fitsInBlock): 14352 (JSC::CopiedSpace::fitsInCurrentBlock): 14353 (JSC::CopiedSpace::tryAllocate): 14354 (JSC::CopiedSpace::tryAllocateOversize): 14355 (JSC::CopiedSpace::allocateFromBlock): 14356 (JSC::CopiedSpace::tryReallocate): 14357 (JSC::CopiedSpace::tryReallocateOversize): 14358 (JSC::CopiedSpace::isOversize): 14359 (JSC::CopiedSpace::isPinned): 14360 (JSC::CopiedSpace::oversizeBlockFor): 14361 (JSC::CopiedSpace::blockFor): 14362 * heap/Heap.cpp: 14363 * heap/Heap.h: 14364 (JSC): 14365 (Heap): 14366 * heap/MarkStack.cpp: 14367 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): 14368 (JSC::SlotVisitor::drainFromShared): 14369 (JSC::SlotVisitor::startCopying): 14370 (JSC::SlotVisitor::allocateNewSpace): 14371 (JSC::SlotVisitor::doneCopying): 14372 * heap/MarkStack.h: 14373 (MarkStackThreadSharedData): 14374 * heap/SlotVisitor.h: 14375 (SlotVisitor): 14376 * runtime/JSArray.cpp: 14377 * runtime/JSObject.cpp: 14378 143792012-02-16 Yuqiang Xian <yuqiang.xian@intel.com> 14380 14381 Add JSC code profiling support on Linux x86 14382 https://bugs.webkit.org/show_bug.cgi?id=78871 14383 14384 Reviewed by Gavin Barraclough. 14385 14386 We don't unwind the stack for now as we cannot guarantee all the 14387 libraries are compiled without -fomit-frame-pointer. 14388 14389 * tools/CodeProfile.cpp: 14390 (JSC::CodeProfile::sample): 14391 * tools/CodeProfiling.cpp: 14392 (JSC): 14393 (JSC::profilingTimer): 14394 (JSC::CodeProfiling::begin): 14395 (JSC::CodeProfiling::end): 14396 143972012-02-16 Csaba Osztrogonác <ossy@webkit.org> 14398 14399 Unreviewed. Rolling out r107980, because it broke 32 bit platforms. 14400 14401 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 14402 * interpreter/Interpreter.cpp: 14403 (JSC::Interpreter::throwException): 14404 (JSC::Interpreter::privateExecute): 14405 * interpreter/Interpreter.h: 14406 (JSC): 14407 (Interpreter): 14408 * jsc.cpp: 14409 (GlobalObject::finishCreation): 14410 * parser/Nodes.h: 14411 (JSC::FunctionBodyNode::setInferredName): 14412 * parser/Parser.h: 14413 (JSC::::parse): 14414 * runtime/CommonIdentifiers.h: 14415 * runtime/Error.cpp: 14416 (JSC::addErrorInfo): 14417 * runtime/Error.h: 14418 (JSC): 14419 144202012-02-16 Filip Pizlo <fpizlo@apple.com> 14421 14422 ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER 14423 https://bugs.webkit.org/show_bug.cgi?id=78791 14424 14425 Rubber stamped by Oliver Hunt. 14426 14427 Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to 14428 COMPUTED_GOTO_CLASSIC_INTERPRETER. 14429 14430 * bytecode/CodeBlock.cpp: 14431 (JSC::CodeBlock::dump): 14432 (JSC::CodeBlock::stronglyVisitStrongReferences): 14433 (JSC): 14434 (JSC::CodeBlock::shrinkToFit): 14435 * bytecode/CodeBlock.h: 14436 (CodeBlock): 14437 * bytecode/Instruction.h: 14438 (JSC::Instruction::Instruction): 14439 * bytecode/Opcode.h: 14440 (JSC::padOpcodeName): 14441 * bytecompiler/BytecodeGenerator.cpp: 14442 (JSC::BytecodeGenerator::emitResolve): 14443 (JSC::BytecodeGenerator::emitResolveWithBase): 14444 (JSC::BytecodeGenerator::emitGetById): 14445 (JSC::BytecodeGenerator::emitPutById): 14446 (JSC::BytecodeGenerator::emitDirectPutById): 14447 * interpreter/AbstractPC.cpp: 14448 (JSC::AbstractPC::AbstractPC): 14449 * interpreter/AbstractPC.h: 14450 (AbstractPC): 14451 * interpreter/CallFrame.h: 14452 (ExecState): 14453 * interpreter/Interpreter.cpp: 14454 (JSC): 14455 (JSC::Interpreter::initialize): 14456 (JSC::Interpreter::isOpcode): 14457 (JSC::Interpreter::unwindCallFrame): 14458 (JSC::Interpreter::execute): 14459 (JSC::Interpreter::privateExecute): 14460 (JSC::Interpreter::retrieveLastCaller): 14461 * interpreter/Interpreter.h: 14462 (JSC::Interpreter::getOpcode): 14463 (JSC::Interpreter::getOpcodeID): 14464 (Interpreter): 14465 * jit/ExecutableAllocatorFixedVMPool.cpp: 14466 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): 14467 * runtime/Executable.cpp: 14468 (JSC::EvalExecutable::compileInternal): 14469 (JSC::ProgramExecutable::compileInternal): 14470 (JSC::FunctionExecutable::compileForCallInternal): 14471 (JSC::FunctionExecutable::compileForConstructInternal): 14472 * runtime/Executable.h: 14473 (NativeExecutable): 14474 * runtime/JSGlobalData.cpp: 14475 (JSC::JSGlobalData::JSGlobalData): 14476 (JSC::JSGlobalData::getHostFunction): 14477 * runtime/JSGlobalData.h: 14478 (JSGlobalData): 14479 * wtf/OSAllocatorPosix.cpp: 14480 (WTF::OSAllocator::reserveAndCommit): 14481 * wtf/Platform.h: 14482 144832012-02-15 Geoffrey Garen <ggaren@apple.com> 14484 14485 Made Weak<T> single-owner, adding PassWeak<T> 14486 https://bugs.webkit.org/show_bug.cgi?id=78740 14487 14488 Reviewed by Sam Weinig. 14489 14490 This works basically the same way as OwnPtr<T> and PassOwnPtr<T>. 14491 14492 This clarifies the semantics of finalizers: It's ambiguous and probably 14493 a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor 14494 twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a 14495 Weak<T>, we now use PassWeak<T>. 14496 14497 This also makes Weak<T> HashMaps more efficient. 14498 14499 * API/JSClassRef.cpp: 14500 (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since 14501 set() is gone now. 14502 14503 * JavaScriptCore.xcodeproj/project.pbxproj: Export! 14504 14505 * heap/PassWeak.h: Added. 14506 (JSC): 14507 (PassWeak): 14508 (JSC::PassWeak::PassWeak): 14509 (JSC::PassWeak::~PassWeak): 14510 (JSC::PassWeak::get): 14511 (JSC::::leakHandle): 14512 (JSC::adoptWeak): 14513 (JSC::operator==): 14514 (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>. 14515 14516 * heap/Weak.h: 14517 (Weak): 14518 (JSC::Weak::Weak): 14519 (JSC::Weak::release): 14520 (JSC::Weak::hashTableDeletedValue): 14521 (JSC::=): 14522 (JSC): Changed to be non-copyable, removing a lot of copying-related 14523 APIs. Added hash traits so hash maps still work. 14524 14525 * jit/JITStubs.cpp: 14526 (JSC::JITThunks::hostFunctionStub): 14527 * runtime/RegExpCache.cpp: 14528 (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by 14529 our new hash map API. 14530 145312012-02-16 Mark Hahnenberg <mhahnenberg@apple.com> 14532 14533 Fix the broken viewport tests 14534 https://bugs.webkit.org/show_bug.cgi?id=78774 14535 14536 Reviewed by Kenneth Rohde Christiansen. 14537 14538 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 14539 * wtf/text/WTFString.cpp: 14540 (WTF): 14541 (WTF::toDoubleType): Template-ized to allow other functions to specify whether they 14542 want to allow trailing junk or not when calling strtod. 14543 (WTF::charactersToDouble): 14544 (WTF::charactersToFloat): 14545 (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows 14546 trailing junk. 14547 * wtf/text/WTFString.h: 14548 (WTF): 14549 145502012-02-16 Oliver Hunt <oliver@apple.com> 14551 14552 Implement Error.stack 14553 https://bugs.webkit.org/show_bug.cgi?id=66994 14554 14555 Reviewed by Gavin Barraclough. 14556 14557 Implement support for stack traces on exception objects. This is a rewrite 14558 of the core portion of the last stack walking logic, but the mechanical work 14559 of adding the information to an exception comes from the original work by 14560 Juan Carlos Montemayor Elosua. 14561 14562 * interpreter/Interpreter.cpp: 14563 (JSC::getCallerInfo): 14564 (JSC): 14565 (JSC::getSourceURLFromCallFrame): 14566 (JSC::getStackFrameCodeType): 14567 (JSC::Interpreter::getStackTrace): 14568 (JSC::Interpreter::throwException): 14569 (JSC::Interpreter::privateExecute): 14570 * interpreter/Interpreter.h: 14571 (JSC): 14572 (StackFrame): 14573 (JSC::StackFrame::toString): 14574 (Interpreter): 14575 * jsc.cpp: 14576 (GlobalObject::finishCreation): 14577 (functionJSCStack): 14578 * parser/Nodes.h: 14579 (JSC::FunctionBodyNode::setInferredName): 14580 * parser/Parser.h: 14581 (JSC::::parse): 14582 * runtime/CommonIdentifiers.h: 14583 * runtime/Error.cpp: 14584 (JSC::addErrorInfo): 14585 * runtime/Error.h: 14586 (JSC): 14587 145882012-02-15 Gavin Barraclough <barraclough@apple.com> 14589 14590 Numerous trivial bugs in Object.defineProperty 14591 https://bugs.webkit.org/show_bug.cgi?id=78777 14592 14593 Reviewed by Sam Weinig. 14594 14595 There are a handful of really trivial bugs, related to Object.defineProperty: 14596 * Redefining an accessor with different attributes changes the attributes, but not the get/set functions! 14597 * Calling an undefined setter should only throw in strict mode. 14598 * When redefining an accessor to a data decriptor, if writable is not specified we should default to false. 14599 * Any attempt to redefine a non-configurable property of an array as configurable should be rejected. 14600 * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object. 14601 * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail. 14602 * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). 14603 * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes. 14604 * Should be able to define an non-configurable accessor. 14605 These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute. 14606 14607 * runtime/JSArray.cpp: 14608 (JSC::SparseArrayValueMap::put): 14609 - Added ASSERT. 14610 - Calling an undefined setter should only throw in strict mode. 14611 (JSC::JSArray::putDescriptor): 14612 - Should be able to define an non-configurable accessor. 14613 (JSC::JSArray::defineOwnNumericProperty): 14614 - Any attempt to redefine a non-configurable property of an array as configurable should be rejected. 14615 (JSC::JSArray::putByIndexBeyondVectorLength): 14616 - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail. 14617 * runtime/JSArray.h: 14618 (JSArray): 14619 - made enterDictionaryMode public, called from JSObject. 14620 * runtime/JSObject.cpp: 14621 (JSC::JSObject::put): 14622 - Calling an undefined setter should only throw in strict mode. 14623 (JSC::JSObject::preventExtensions): 14624 - Put array objects into dictionary mode to handle this! 14625 (JSC::JSObject::defineOwnProperty): 14626 - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes. 14627 - Redefining an accessor with different attributes changes the attributes, but not the get/set functions! 14628 * runtime/ObjectConstructor.cpp: 14629 (JSC::objectConstructorDefineProperties): 14630 - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object. 14631 * runtime/PropertyDescriptor.cpp: 14632 (JSC::PropertyDescriptor::attributesWithOverride): 14633 - When redefining an accessor to a data decriptor, if writable is not specified we should default to false. 14634 (JSC::PropertyDescriptor::attributesOverridingCurrent): 14635 - When redefining an accessor to a data decriptor, if writable is not specified we should default to false. 14636 * runtime/Structure.cpp: 14637 (JSC::Structure::freezeTransition): 14638 - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). 14639 (JSC::Structure::isFrozen): 14640 - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). 14641 146422012-02-13 Filip Pizlo <fpizlo@apple.com> 14643 14644 DFG should not check the types of arguments that are dead 14645 https://bugs.webkit.org/show_bug.cgi?id=78518 14646 14647 Reviewed by Geoff Garen. 14648 14649 The argument checks are now elided if the corresponding SetArgument is dead, 14650 and the abstract value of the argument is set to bottom (None, []). This is 14651 performance neutral on the benchmarks we currently track. 14652 14653 * dfg/DFGAbstractState.cpp: 14654 (JSC::DFG::AbstractState::initialize): 14655 * dfg/DFGSpeculativeJIT.cpp: 14656 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 14657 146582012-02-15 Oliver Hunt <oliver@apple.com> 14659 14660 Ensure that the DFG JIT always plants a CodeOrigin when making calls 14661 https://bugs.webkit.org/show_bug.cgi?id=78763 14662 14663 Reviewed by Gavin Barraclough. 14664 14665 Make all calls plant a CodeOrigin prior to the actual 14666 call. Also clobbers the Interpreter with logic to ensure 14667 that the interpreter always plants a bytecode offset. 14668 14669 * dfg/DFGJITCompiler.cpp: 14670 (JSC::DFG::JITCompiler::link): 14671 (JSC::DFG::JITCompiler::compileFunction): 14672 * dfg/DFGJITCompiler.h: 14673 (CallBeginToken): 14674 (JSC::DFG::JITCompiler::beginJSCall): 14675 (JSC::DFG::JITCompiler::beginCall): 14676 * dfg/DFGRepatch.cpp: 14677 (JSC::DFG::tryBuildGetByIDList): 14678 * dfg/DFGSpeculativeJIT.h: 14679 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): 14680 * dfg/DFGSpeculativeJIT32_64.cpp: 14681 (JSC::DFG::SpeculativeJIT::emitCall): 14682 * dfg/DFGSpeculativeJIT64.cpp: 14683 (JSC::DFG::SpeculativeJIT::emitCall): 14684 * interpreter/AbstractPC.cpp: 14685 (JSC::AbstractPC::AbstractPC): 14686 * interpreter/CallFrame.cpp: 14687 (JSC::CallFrame::trueCallFrame): 14688 * interpreter/CallFrame.h: 14689 (JSC::ExecState::bytecodeOffsetForNonDFGCode): 14690 (ExecState): 14691 (JSC::ExecState::setBytecodeOffsetForNonDFGCode): 14692 (JSC::ExecState::codeOriginIndexForDFG): 14693 146942012-02-14 Oliver Hunt <oliver@apple.com> 14695 14696 Fix Interpreter. 14697 14698 * runtime/Executable.cpp: 14699 (JSC): 14700 * runtime/Executable.h: 14701 (ExecutableBase): 14702 147032012-02-14 Matt Lilek <mrl@apple.com> 14704 14705 Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms 14706 https://bugs.webkit.org/show_bug.cgi?id=78629 14707 14708 Reviewed by David Kilzer. 14709 14710 * Configurations/FeatureDefines.xcconfig: 14711 147122012-02-14 Filip Pizlo <fpizlo@apple.com> 14713 14714 Unreviewed, build fix for non-DFG platforms. 14715 14716 * assembler/MacroAssembler.h: 14717 (MacroAssembler): 14718 147192012-02-14 Filip Pizlo <fpizlo@apple.com> 14720 14721 Unreviewed, fix build and configuration goof. 14722 14723 * assembler/MacroAssembler.h: 14724 (JSC::MacroAssembler::invert): 14725 * dfg/DFGCommon.h: 14726 147272012-02-13 Filip Pizlo <fpizlo@apple.com> 14728 14729 DFG should be able to emit code on control flow edges 14730 https://bugs.webkit.org/show_bug.cgi?id=78515 14731 14732 Reviewed by Gavin Barraclough. 14733 14734 This gets us a few steps closer to being able to perform global register allocation, 14735 by allowing us to have landing pads on control flow edges. This will let us reshuffle 14736 registers if it happens to be necessary due to different reg alloc decisions in 14737 differen blocks. 14738 14739 This also introduces the notion of a landing pad for OSR entry, which will allow us 14740 to emit code that places data into registers when we're entering into the DFG from 14741 the old JIT. 14742 14743 Finally, this patch introduces a verification mode that checks that the landing pads 14744 are actually emitted and do actually work as advertised. When verification is disabled, 14745 this has no effect on behavior. 14746 14747 * assembler/MacroAssembler.h: 14748 (MacroAssembler): 14749 (JSC::MacroAssembler::invert): 14750 (JSC::MacroAssembler::isInvertible): 14751 * dfg/DFGCommon.h: 14752 * dfg/DFGJITCompiler.cpp: 14753 (JSC::DFG::JITCompiler::compile): 14754 (JSC::DFG::JITCompiler::compileFunction): 14755 * dfg/DFGSpeculativeJIT.cpp: 14756 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): 14757 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 14758 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 14759 (JSC::DFG::SpeculativeJIT::compile): 14760 (JSC::DFG::SpeculativeJIT::createOSREntries): 14761 (DFG): 14762 (JSC::DFG::SpeculativeJIT::linkOSREntries): 14763 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): 14764 * dfg/DFGSpeculativeJIT.h: 14765 (SpeculativeJIT): 14766 (JSC::DFG::SpeculativeJIT::branchDouble): 14767 (JSC::DFG::SpeculativeJIT::branchDoubleNonZero): 14768 (JSC::DFG::SpeculativeJIT::branch32): 14769 (JSC::DFG::SpeculativeJIT::branchTest32): 14770 (JSC::DFG::SpeculativeJIT::branchPtr): 14771 (JSC::DFG::SpeculativeJIT::branchTestPtr): 14772 (JSC::DFG::SpeculativeJIT::branchTest8): 14773 (JSC::DFG::SpeculativeJIT::jump): 14774 (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit): 14775 (JSC::DFG::SpeculativeJIT::emitEdgeCode): 14776 * dfg/DFGSpeculativeJIT32_64.cpp: 14777 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 14778 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 14779 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 14780 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 14781 (JSC::DFG::SpeculativeJIT::emitBranch): 14782 (JSC::DFG::SpeculativeJIT::compile): 14783 * dfg/DFGSpeculativeJIT64.cpp: 14784 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 14785 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 14786 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 14787 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 14788 (JSC::DFG::SpeculativeJIT::emitBranch): 14789 (JSC::DFG::SpeculativeJIT::compile): 14790 147912012-02-14 Filip Pizlo <fpizlo@apple.com> 14792 14793 Assertion failure under JSC::DFG::AbstractState::execute loading economist.com 14794 https://bugs.webkit.org/show_bug.cgi?id=78153 14795 <rdar://problem/10861712> <rdar://problem/10861947> 14796 14797 Reviewed by Oliver Hunt. 14798 14799 * dfg/DFGAbstractState.cpp: 14800 (JSC::DFG::AbstractState::execute): 14801 * dfg/DFGSpeculativeJIT.cpp: 14802 (JSC::DFG::SpeculativeJIT::compileAdd): 14803 148042012-02-14 Eric Seidel <eric@webkit.org> 14805 14806 Upstream Android's additions to Platform.h 14807 https://bugs.webkit.org/show_bug.cgi?id=78536 14808 14809 Reviewed by Adam Barth. 14810 14811 * wtf/Platform.h: 14812 148132012-02-12 Mark Hahnenberg <mhahnenberg@apple.com> 14814 14815 Replace old strtod with new strtod 14816 https://bugs.webkit.org/show_bug.cgi?id=68044 14817 14818 Reviewed by Geoffrey Garen. 14819 14820 * parser/Lexer.cpp: Added template argument. This version allows junk after numbers. 14821 (JSC::::lex): 14822 * runtime/JSGlobalObjectFunctions.cpp: Ditto. 14823 (JSC::parseInt): 14824 (JSC::jsStrDecimalLiteral): 14825 * runtime/LiteralParser.cpp: Ditto. 14826 (JSC::::Lexer::lexNumber): 14827 * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter. 14828 It takes a template argument to allow clients to determine statically whether it should allow 14829 junk after the numbers or not. 14830 (WTF): 14831 (WTF::strtod): 14832 * wtf/dtoa.h: 14833 (WTF): 14834 * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers. 14835 (WTF::toDoubleType): 14836 148372012-02-13 Mark Hahnenberg <mhahnenberg@apple.com> 14838 14839 More windows build fixing 14840 14841 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 14842 148432012-02-13 Oliver Hunt <oliver@apple.com> 14844 14845 Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match 14846 https://bugs.webkit.org/show_bug.cgi?id=76315 14847 14848 Reviewed by Gavin Barraclough. 14849 14850 Perform a 3 byte compare using two comparisons, rather than trying to perform the 14851 operation with a four byte load. 14852 14853 * yarr/YarrJIT.cpp: 14854 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 14855 148562012-02-13 Mark Hahnenberg <mhahnenberg@apple.com> 14857 14858 Windows build fix 14859 14860 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 14861 148622012-02-12 Mark Hahnenberg <mhahnenberg@apple.com> 14863 14864 Replace old strtod with new strtod 14865 https://bugs.webkit.org/show_bug.cgi?id=68044 14866 14867 Reviewed by Geoffrey Garen. 14868 14869 * parser/Lexer.cpp: Added template argument. This version allows junk after numbers. 14870 (JSC::::lex): 14871 * runtime/JSGlobalObjectFunctions.cpp: Ditto. 14872 (JSC::parseInt): 14873 (JSC::jsStrDecimalLiteral): 14874 * runtime/LiteralParser.cpp: Ditto. 14875 (JSC::::Lexer::lexNumber): 14876 * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter. 14877 It takes a template argument to allow clients to determine statically whether it should allow 14878 junk after the numbers or not. 14879 (WTF): 14880 (WTF::strtod): 14881 * wtf/dtoa.h: 14882 (WTF): 14883 * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers. 14884 (WTF::toDoubleType): 14885 148862012-02-13 Sam Weinig <sam@webkit.org> 14887 14888 Move JSC related assertions out of Assertions.h and into their own header 14889 https://bugs.webkit.org/show_bug.cgi?id=78508 14890 14891 Reviewed by Gavin Barraclough. 14892 14893 * GNUmakefile.list.am: 14894 * JavaScriptCore.gypi: 14895 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 14896 * JavaScriptCore.xcodeproj/project.pbxproj: 14897 Add GCAssertions.h 14898 14899 * heap/GCAssertions.h: Added. 14900 Move assertions here. 14901 14902 * runtime/WriteBarrier.h: 14903 Add #include of GCAssertions.h 14904 14905 * wtf/Assertions.h: 14906 Remove JSC related assertions. 14907 14908 * wtf/Compiler.h: 14909 Add compiler check for __has_trivial_destructor. 14910 149112012-02-13 Chao-ying Fu <fu@mips.com> 14912 14913 Update MIPS patchOffsetGetByIdSlowCaseCall 14914 https://bugs.webkit.org/show_bug.cgi?id=78392 14915 14916 Reviewed by Gavin Barraclough. 14917 14918 * jit/JIT.h: 14919 (JIT): 14920 149212012-02-13 Patrick Gansterer <paroga@webkit.org> 14922 14923 Remove obsolete #if from ThreadSpecific.h 14924 https://bugs.webkit.org/show_bug.cgi?id=78485 14925 14926 Reviewed by Adam Roben. 14927 14928 Since alle platform use either pthread or Win32 for threading, 14929 we can remove all PLATFORM() preprocessor statements. 14930 14931 * wtf/ThreadSpecific.h: 14932 (ThreadSpecific): 14933 149342012-02-13 Jessie Berlin <jberlin@apple.com> 14935 14936 Fix the Windows build. 14937 14938 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 14939 149402012-02-13 Sam Weinig <sam@webkit.org> 14941 14942 Use C11's _Static_assert for COMPILE_ASSERT if it is available 14943 https://bugs.webkit.org/show_bug.cgi?id=78506 14944 14945 Rubber-stamped by Antti Koivisto. 14946 14947 Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly 14948 better error messages. 14949 14950 * wtf/Assertions.h: 14951 Use _Static_assert if it is available. 14952 14953 * wtf/Compiler.h: 14954 Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler. 14955 149562012-02-13 Mario Sanchez Prada <msanchez@igalia.com> 14957 14958 [GTK] Add GSList to the list of GObject types in GOwnPtr 14959 https://bugs.webkit.org/show_bug.cgi?id=78487 14960 14961 Reviewed by Philippe Normand. 14962 14963 Handle the GSList type in GOwnPtr, by calling g_slist_free in the 14964 implementation of the freeOwnedGPtr template function. 14965 14966 * wtf/gobject/GOwnPtr.cpp: 14967 (WTF::GSList): 14968 (WTF): 14969 * wtf/gobject/GOwnPtr.h: 14970 (WTF): 14971 * wtf/gobject/GTypedefs.h: 14972 149732012-02-06 Raphael Kubo da Costa <kubo@profusion.mobi> 14974 14975 [EFL] Drop support for the Curl network backend. 14976 https://bugs.webkit.org/show_bug.cgi?id=77874 14977 14978 Reviewed by Eric Seidel. 14979 14980 Nobody seems to be maintaining the Curl backend in WebCore, the 14981 EFL port developers all seem to be using the Soup backend and the 14982 port itself has many features which are only implemented for the 14983 latter. 14984 14985 * wtf/PlatformEfl.cmake: Always build the gobject-dependent source 14986 files. 14987 149882012-02-13 Patrick Gansterer <paroga@webkit.org> 14989 14990 Unreviewed. Build fix for !ENABLE(JIT) after r107485. 14991 14992 * bytecode/PolymorphicPutByIdList.cpp: 14993 149942012-02-13 Gavin Barraclough <barraclough@apple.com> 14995 14996 https://bugs.webkit.org/show_bug.cgi?id=78434 14997 Unreviewed - temporarily reverting r107498 will I fix a couple of testcases. 14998 14999 * parser/Parser.cpp: 15000 (JSC::::parseFunctionInfo): 15001 * runtime/ClassInfo.h: 15002 (MethodTable): 15003 (JSC): 15004 * runtime/JSCell.cpp: 15005 (JSC): 15006 * runtime/JSCell.h: 15007 (JSCell): 15008 * runtime/JSGlobalObject.cpp: 15009 (JSC::JSGlobalObject::reset): 15010 * runtime/JSGlobalObjectFunctions.cpp: 15011 (JSC): 15012 * runtime/JSGlobalObjectFunctions.h: 15013 (JSC): 15014 * runtime/JSObject.cpp: 15015 (JSC::JSObject::put): 15016 (JSC): 15017 (JSC::JSObject::putDirectAccessor): 15018 (JSC::JSObject::defineOwnProperty): 15019 * runtime/JSObject.h: 15020 (JSC::JSObject::inlineGetOwnPropertySlot): 15021 (JSC::JSValue::get): 15022 * runtime/JSString.cpp: 15023 (JSC::JSString::getOwnPropertySlot): 15024 * runtime/JSValue.h: 15025 (JSValue): 15026 * runtime/ObjectConstructor.cpp: 15027 (JSC::objectConstructorGetPrototypeOf): 15028 * runtime/Structure.cpp: 15029 (JSC::Structure::Structure): 15030 * runtime/Structure.h: 15031 (JSC::Structure::setHasGetterSetterProperties): 15032 (Structure): 15033 150342012-02-12 Ashod Nakashian <ashodnakashian@yahoo.com> 15035 15036 KeywordLookupGenerator.py script fails in some cases 15037 https://bugs.webkit.org/show_bug.cgi?id=77886 15038 15039 Reviewed by Benjamin Poulain. 15040 15041 * parser/Keywords.table: Converted to LF-only. 15042 150432012-02-12 Shinya Kawanaka <shinyak@google.com> 15044 15045 Introduce ShadowRootList. 15046 https://bugs.webkit.org/show_bug.cgi?id=78069 15047 15048 Reviewed by Hajime Morita. 15049 15050 DoublyLinkedList should have tail() method to take the last element. 15051 15052 * wtf/DoublyLinkedList.h: 15053 (DoublyLinkedList): 15054 (WTF::::tail): 15055 (WTF): 15056 150572012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi> 15058 15059 [CMake] Move source files in WTF_HEADERS to WTF_SOURCES. 15060 https://bugs.webkit.org/show_bug.cgi?id=78436 15061 15062 Reviewed by Daniel Bates. 15063 15064 * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES, 15065 and correctly sort the files which start with 'M'. 15066 150672012-02-12 Sam Weinig <sam@webkit.org> 15068 15069 Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj. 15070 15071 Rubber-stamped by Anders Carlsson. 15072 15073 * JavaScriptCore.xcodeproj/project.pbxproj: 15074 150752012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi> 15076 15077 [CMake] Remove unused or empty variable definitions. 15078 https://bugs.webkit.org/show_bug.cgi?id=78437 15079 15080 Reviewed by Daniel Bates. 15081 15082 * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition. 15083 * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition. 15084 * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will 15085 be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES). 15086 150872012-02-12 Filip Pizlo <fpizlo@apple.com> 15088 15089 DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution() 15090 https://bugs.webkit.org/show_bug.cgi?id=78431 15091 15092 Reviewed by Gavin Barraclough. 15093 15094 * dfg/DFGSpeculativeJIT.h: 15095 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 15096 150972012-02-11 Benjamin Poulain <benjamin@webkit.org> 15098 15099 Add back WTFURL to WebKit 15100 https://bugs.webkit.org/show_bug.cgi?id=77291 15101 15102 Reviewed by Adam Barth. 15103 15104 WTFURL was removed from WebKit in r86787. 15105 15106 This patch adds the code back to WTF with the following changes: 15107 -Guard the feature with USE(WTFURL). 15108 -Change the typename CHAR to CharacterType to follow recent WebKit conventions. 15109 -Fix some coding style to make check-webkit-style happy. 15110 15111 * JavaScriptCore.xcodeproj/project.pbxproj: 15112 * wtf/Platform.h: 15113 * wtf/url/api/ParsedURL.cpp: Added. 15114 (WTF): 15115 (WTF::ParsedURL::ParsedURL): 15116 (WTF::ParsedURL::scheme): 15117 (WTF::ParsedURL::username): 15118 (WTF::ParsedURL::password): 15119 (WTF::ParsedURL::host): 15120 (WTF::ParsedURL::port): 15121 (WTF::ParsedURL::path): 15122 (WTF::ParsedURL::query): 15123 (WTF::ParsedURL::fragment): 15124 (WTF::ParsedURL::segment): 15125 * wtf/url/api/ParsedURL.h: Added. 15126 (WTF): 15127 (ParsedURL): 15128 (WTF::ParsedURL::spec): 15129 * wtf/url/api/URLString.h: Added. 15130 (WTF): 15131 (URLString): 15132 (WTF::URLString::URLString): 15133 (WTF::URLString::string): 15134 * wtf/url/src/RawURLBuffer.h: Added. 15135 (WTF): 15136 (RawURLBuffer): 15137 (WTF::RawURLBuffer::RawURLBuffer): 15138 (WTF::RawURLBuffer::~RawURLBuffer): 15139 (WTF::RawURLBuffer::resize): 15140 * wtf/url/src/URLBuffer.h: Added. 15141 (WTF): 15142 (URLBuffer): 15143 (WTF::URLBuffer::URLBuffer): 15144 (WTF::URLBuffer::~URLBuffer): 15145 (WTF::URLBuffer::at): 15146 (WTF::URLBuffer::set): 15147 (WTF::URLBuffer::capacity): 15148 (WTF::URLBuffer::length): 15149 (WTF::URLBuffer::data): 15150 (WTF::URLBuffer::setLength): 15151 (WTF::URLBuffer::append): 15152 (WTF::URLBuffer::grow): 15153 * wtf/url/src/URLCharacterTypes.cpp: Added. 15154 (WTF): 15155 (): 15156 * wtf/url/src/URLCharacterTypes.h: Added. 15157 (WTF): 15158 (URLCharacterTypes): 15159 (WTF::URLCharacterTypes::isQueryChar): 15160 (WTF::URLCharacterTypes::isIPv4Char): 15161 (WTF::URLCharacterTypes::isHexChar): 15162 (): 15163 (WTF::URLCharacterTypes::isCharOfType): 15164 * wtf/url/src/URLComponent.h: Added. 15165 (WTF): 15166 (URLComponent): 15167 (WTF::URLComponent::URLComponent): 15168 (WTF::URLComponent::fromRange): 15169 (WTF::URLComponent::isValid): 15170 (WTF::URLComponent::isNonEmpty): 15171 (WTF::URLComponent::isEmptyOrInvalid): 15172 (WTF::URLComponent::reset): 15173 (WTF::URLComponent::operator==): 15174 (WTF::URLComponent::begin): 15175 (WTF::URLComponent::setBegin): 15176 (WTF::URLComponent::length): 15177 (WTF::URLComponent::setLength): 15178 (WTF::URLComponent::end): 15179 * wtf/url/src/URLEscape.cpp: Added. 15180 (WTF): 15181 (): 15182 * wtf/url/src/URLEscape.h: Added. 15183 (WTF): 15184 (WTF::appendURLEscapedCharacter): 15185 * wtf/url/src/URLParser.h: Added. 15186 (WTF): 15187 (URLParser): 15188 (): 15189 (WTF::URLParser::isPossibleAuthorityTerminator): 15190 (WTF::URLParser::parseAuthority): 15191 (WTF::URLParser::extractScheme): 15192 (WTF::URLParser::parseAfterScheme): 15193 (WTF::URLParser::parseStandardURL): 15194 (WTF::URLParser::parsePath): 15195 (WTF::URLParser::parsePathURL): 15196 (WTF::URLParser::parseMailtoURL): 15197 (WTF::URLParser::parsePort): 15198 (WTF::URLParser::extractFileName): 15199 (WTF::URLParser::extractQueryKeyValue): 15200 (WTF::URLParser::isURLSlash): 15201 (WTF::URLParser::shouldTrimFromURL): 15202 (WTF::URLParser::trimURL): 15203 (WTF::URLParser::consecutiveSlashes): 15204 (WTF::URLParser::isPortDigit): 15205 (WTF::URLParser::nextAuthorityTerminator): 15206 (WTF::URLParser::parseUserInfo): 15207 (WTF::URLParser::parseServerInfo): 15208 * wtf/url/src/URLQueryCanonicalizer.h: Added. 15209 (WTF): 15210 (URLQueryCanonicalizer): 15211 (WTF::URLQueryCanonicalizer::canonicalize): 15212 (WTF::URLQueryCanonicalizer::isAllASCII): 15213 (WTF::URLQueryCanonicalizer::isRaw8Bit): 15214 (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString): 15215 (WTF::URLQueryCanonicalizer::convertToQueryEncoding): 15216 * wtf/url/src/URLSegments.cpp: Added. 15217 (WTF): 15218 (WTF::URLSegments::length): 15219 (WTF::URLSegments::charactersBefore): 15220 * wtf/url/src/URLSegments.h: Added. 15221 (WTF): 15222 (URLSegments): 15223 (): 15224 (WTF::URLSegments::URLSegments): 15225 152262012-02-11 Filip Pizlo <fpizlo@apple.com> 15227 15228 Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path 15229 https://bugs.webkit.org/show_bug.cgi?id=78430 15230 <rdar://problem/10849469> <rdar://problem/10849684> 15231 15232 Reviewed by Gavin Barraclough. 15233 15234 The old JIT's put_by_id transition caching involves repatching the slow call to 15235 a generated stub. That means that the call is counted as "slow case". So, this 15236 patch inserts code to decrement the slow case count if the stub succeeds. 15237 15238 Looks like a ~1% speed-up on V8. 15239 15240 * jit/JITPropertyAccess.cpp: 15241 (JSC::JIT::privateCompilePutByIdTransition): 15242 * jit/JITPropertyAccess32_64.cpp: 15243 (JSC::JIT::privateCompilePutByIdTransition): 15244 152452012-02-11 Filip Pizlo <fpizlo@apple.com> 15246 15247 Build fix for Qt. 15248 15249 * wtf/DataLog.h: 15250 152512012-02-11 Filip Pizlo <fpizlo@apple.com> 15252 15253 It should be possible to send all JSC debug logging to a file 15254 https://bugs.webkit.org/show_bug.cgi?id=78418 15255 15256 Reviewed by Sam Weinig. 15257 15258 Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog, 15259 and WTF::dataLogV. Changed all debugging- and profiling-related printfs 15260 to use WTF::dataLog() or one of its friends. By default, debug logging 15261 goes to stderr, unless you change the setting in wtf/DataLog.cpp. 15262 15263 * GNUmakefile.list.am: 15264 * JavaScriptCore.gypi: 15265 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 15266 * JavaScriptCore.xcodeproj/project.pbxproj: 15267 * assembler/LinkBuffer.h: 15268 (JSC::LinkBuffer::dumpLinkStatistics): 15269 (JSC::LinkBuffer::dumpCode): 15270 * assembler/SH4Assembler.h: 15271 (JSC::SH4Assembler::vprintfStdoutInstr): 15272 * bytecode/CodeBlock.cpp: 15273 (JSC::CodeBlock::printUnaryOp): 15274 (JSC::CodeBlock::printBinaryOp): 15275 (JSC::CodeBlock::printConditionalJump): 15276 (JSC::CodeBlock::printGetByIdOp): 15277 (JSC::CodeBlock::printCallOp): 15278 (JSC::CodeBlock::printPutByIdOp): 15279 (JSC::printGlobalResolveInfo): 15280 (JSC::printStructureStubInfo): 15281 (JSC::CodeBlock::printStructure): 15282 (JSC::CodeBlock::printStructures): 15283 (JSC::CodeBlock::dump): 15284 (JSC::CodeBlock::dumpStatistics): 15285 (JSC::CodeBlock::finalizeUnconditionally): 15286 (JSC::CodeBlock::shouldOptimizeNow): 15287 (JSC::CodeBlock::tallyFrequentExitSites): 15288 (JSC::CodeBlock::dumpValueProfiles): 15289 * bytecode/Opcode.cpp: 15290 (JSC::OpcodeStats::~OpcodeStats): 15291 * bytecode/SamplingTool.cpp: 15292 (JSC::SamplingFlags::stop): 15293 (JSC::SamplingRegion::dumpInternal): 15294 (JSC::SamplingTool::dump): 15295 * dfg/DFGAbstractState.cpp: 15296 (JSC::DFG::AbstractState::endBasicBlock): 15297 (JSC::DFG::AbstractState::mergeStateAtTail): 15298 * dfg/DFGByteCodeParser.cpp: 15299 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): 15300 (JSC::DFG::ByteCodeParser::makeSafe): 15301 (JSC::DFG::ByteCodeParser::makeDivSafe): 15302 (JSC::DFG::ByteCodeParser::handleCall): 15303 (JSC::DFG::ByteCodeParser::handleInlining): 15304 (JSC::DFG::ByteCodeParser::parseBlock): 15305 (JSC::DFG::ByteCodeParser::processPhiStack): 15306 (JSC::DFG::ByteCodeParser::linkBlock): 15307 (JSC::DFG::ByteCodeParser::parseCodeBlock): 15308 (JSC::DFG::ByteCodeParser::parse): 15309 * dfg/DFGCommon.h: 15310 * dfg/DFGDriver.cpp: 15311 (JSC::DFG::compile): 15312 * dfg/DFGGraph.cpp: 15313 (JSC::DFG::printWhiteSpace): 15314 (JSC::DFG::Graph::dumpCodeOrigin): 15315 (JSC::DFG::Graph::dump): 15316 (JSC::DFG::Graph::predictArgumentTypes): 15317 * dfg/DFGJITCompiler.cpp: 15318 (JSC::DFG::JITCompiler::link): 15319 * dfg/DFGOSREntry.cpp: 15320 (JSC::DFG::prepareOSREntry): 15321 * dfg/DFGOSRExitCompiler.cpp: 15322 * dfg/DFGOSRExitCompiler32_64.cpp: 15323 (JSC::DFG::OSRExitCompiler::compileExit): 15324 * dfg/DFGOSRExitCompiler64.cpp: 15325 (JSC::DFG::OSRExitCompiler::compileExit): 15326 * dfg/DFGOperations.cpp: 15327 * dfg/DFGPropagator.cpp: 15328 (JSC::DFG::Propagator::fixpoint): 15329 (JSC::DFG::Propagator::propagateArithNodeFlags): 15330 (JSC::DFG::Propagator::propagateArithNodeFlagsForward): 15331 (JSC::DFG::Propagator::propagateArithNodeFlagsBackward): 15332 (JSC::DFG::Propagator::propagateNodePredictions): 15333 (JSC::DFG::Propagator::propagatePredictionsForward): 15334 (JSC::DFG::Propagator::propagatePredictionsBackward): 15335 (JSC::DFG::Propagator::doRoundOfDoubleVoting): 15336 (JSC::DFG::Propagator::fixupNode): 15337 (JSC::DFG::Propagator::fixup): 15338 (JSC::DFG::Propagator::startIndexForChildren): 15339 (JSC::DFG::Propagator::endIndexForPureCSE): 15340 (JSC::DFG::Propagator::setReplacement): 15341 (JSC::DFG::Propagator::eliminate): 15342 (JSC::DFG::Propagator::performNodeCSE): 15343 (JSC::DFG::Propagator::localCSE): 15344 (JSC::DFG::Propagator::allocateVirtualRegisters): 15345 (JSC::DFG::Propagator::performBlockCFA): 15346 (JSC::DFG::Propagator::performForwardCFA): 15347 * dfg/DFGRegisterBank.h: 15348 (JSC::DFG::RegisterBank::dump): 15349 * dfg/DFGScoreBoard.h: 15350 (JSC::DFG::ScoreBoard::dump): 15351 * dfg/DFGSpeculativeJIT.cpp: 15352 (JSC::DFG::SpeculativeJIT::dump): 15353 (JSC::DFG::SpeculativeJIT::checkConsistency): 15354 (JSC::DFG::SpeculativeJIT::compile): 15355 * dfg/DFGSpeculativeJIT32_64.cpp: 15356 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 15357 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 15358 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 15359 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 15360 * dfg/DFGSpeculativeJIT64.cpp: 15361 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 15362 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 15363 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 15364 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 15365 * heap/Heap.cpp: 15366 (JSC::Heap::destroy): 15367 * heap/MarkedBlock.h: 15368 * interpreter/CallFrame.cpp: 15369 (JSC::CallFrame::dumpCaller): 15370 * interpreter/Interpreter.cpp: 15371 (JSC::Interpreter::dumpRegisters): 15372 * jit/JIT.cpp: 15373 (JSC::JIT::privateCompileMainPass): 15374 (JSC::JIT::privateCompileSlowCases): 15375 (JSC::JIT::privateCompile): 15376 * jit/JITStubs.cpp: 15377 (JSC::DEFINE_STUB_FUNCTION): 15378 * profiler/Profile.cpp: 15379 (JSC::Profile::debugPrintData): 15380 (JSC::Profile::debugPrintDataSampleStyle): 15381 * profiler/ProfileNode.cpp: 15382 (JSC::ProfileNode::debugPrintData): 15383 (JSC::ProfileNode::debugPrintDataSampleStyle): 15384 * runtime/JSGlobalData.cpp: 15385 (JSC::JSGlobalData::dumpRegExpTrace): 15386 * runtime/RegExp.cpp: 15387 (JSC::RegExp::matchCompareWithInterpreter): 15388 * runtime/SamplingCounter.cpp: 15389 (JSC::AbstractSamplingCounter::dump): 15390 * runtime/SamplingCounter.h: 15391 (JSC::DeletableSamplingCounter::~DeletableSamplingCounter): 15392 * runtime/ScopeChain.cpp: 15393 (JSC::ScopeChainNode::print): 15394 * runtime/Structure.cpp: 15395 (JSC::Structure::dumpStatistics): 15396 (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger): 15397 * tools/CodeProfile.cpp: 15398 (JSC::CodeProfile::report): 15399 * tools/ProfileTreeNode.h: 15400 (JSC::ProfileTreeNode::dumpInternal): 15401 * wtf/CMakeLists.txt: 15402 * wtf/DataLog.cpp: Added. 15403 (WTF): 15404 (WTF::initializeLogFileOnce): 15405 (WTF::initializeLogFile): 15406 (WTF::dataFile): 15407 (WTF::dataLogV): 15408 (WTF::dataLog): 15409 * wtf/DataLog.h: Added. 15410 (WTF): 15411 * wtf/HashTable.cpp: 15412 (WTF::HashTableStats::~HashTableStats): 15413 * wtf/MetaAllocator.cpp: 15414 (WTF::MetaAllocator::dumpProfile): 15415 * wtf/text/WTFString.cpp: 15416 (String::show): 15417 * yarr/YarrInterpreter.cpp: 15418 (JSC::Yarr::ByteCompiler::dumpDisjunction): 15419 154202012-02-11 Gavin Barraclough <barraclough@apple.com> 15421 15422 Move special __proto__ property to Object.prototype 15423 https://bugs.webkit.org/show_bug.cgi?id=78409 15424 15425 Reviewed by Oliver Hunt. 15426 15427 Re-implement this as a regular accessor property. This has three key benefits: 15428 1) It makes it possible for objects to be given properties named __proto__. 15429 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. 15430 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. 15431 15432 * parser/Parser.cpp: 15433 (JSC::::parseFunctionInfo): 15434 - No need to prohibit functions named __proto__. 15435 * runtime/JSGlobalObject.cpp: 15436 (JSC::JSGlobalObject::reset): 15437 - Add __proto__ accessor to Object.prototype. 15438 * runtime/JSGlobalObjectFunctions.cpp: 15439 (JSC::globalFuncProtoGetter): 15440 (JSC::globalFuncProtoSetter): 15441 - Definition of the __proto__ accessor functions. 15442 * runtime/JSGlobalObjectFunctions.h: 15443 - Declaration of the __proto__ accessor functions. 15444 * runtime/JSObject.cpp: 15445 (JSC::JSObject::put): 15446 - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. 15447 (JSC::JSObject::putDirectAccessor): 15448 - Track on the structure whether an object contains accessors other than one for __proto__. 15449 (JSC::JSObject::defineOwnProperty): 15450 - No need to prohibit definition of own properties named __proto__. 15451 * runtime/JSObject.h: 15452 (JSC::JSObject::inlineGetOwnPropertySlot): 15453 - Remove the special handling for __proto__. 15454 (JSC::JSValue::get): 15455 - Remove the special handling for __proto__. 15456 * runtime/JSString.cpp: 15457 (JSC::JSString::getOwnPropertySlot): 15458 - Remove the special handling for __proto__. 15459 * runtime/JSValue.h: 15460 (JSValue): 15461 - Made synthesizePrototype public (this may be needed by the __proto__ getter). 15462 * runtime/ObjectConstructor.cpp: 15463 (JSC::objectConstructorGetPrototypeOf): 15464 - Perform the security check & call prototype() directly. 15465 * runtime/Structure.cpp: 15466 (JSC::Structure::Structure): 15467 - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. 15468 * runtime/Structure.h: 15469 (JSC::Structure::hasGetterSetterPropertiesExcludingProto): 15470 (JSC::Structure::setHasGetterSetterProperties): 15471 (Structure): 15472 - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. 15473 154742012-02-11 Filip Pizlo <fpizlo@apple.com> 15475 15476 DFG CFA assumes that a WeakJSConstant's structure is known 15477 https://bugs.webkit.org/show_bug.cgi?id=78428 15478 <rdar://problem/10849492> <rdar://problem/10849621> 15479 15480 Reviewed by Gavin Barraclough. 15481 15482 * dfg/DFGAbstractState.cpp: 15483 (JSC::DFG::AbstractState::execute): 15484 154852012-02-11 Mark Hahnenberg <mhahnenberg@apple.com> 15486 15487 Qt debug build fix 15488 15489 * heap/MarkedBlock.cpp: 15490 (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate 15491 JSFinalObjects in the destuctor subspace, so we should remove this assert so it 15492 doesn't cause crashes. 15493 154942012-02-11 Filip Pizlo <fpizlo@apple.com> 15495 15496 Old 32_64 JIT should assert that its use of map() is consistent with the DFG 15497 OSR exit's expectations 15498 https://bugs.webkit.org/show_bug.cgi?id=78419 15499 <rdar://problem/10817121> 15500 15501 Reviewed by Oliver Hunt. 15502 15503 * jit/JITInlineMethods.h: 15504 (JSC::JIT::map): 15505 155062012-02-11 Mark Hahnenberg <mhahnenberg@apple.com> 15507 15508 Reduce the reentrancy limit of the interpreter for the iOS simulator 15509 https://bugs.webkit.org/show_bug.cgi?id=78400 15510 15511 Reviewed by Gavin Barraclough. 15512 15513 * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks. 15514 (JSC): 15515 155162012-02-11 Filip Pizlo <fpizlo@apple.com> 15517 15518 [DFG] Misuse of WeakJSConstants in silentFillGPR code. 15519 https://bugs.webkit.org/show_bug.cgi?id=78423 15520 <rdar://problem/10849353> <rdar://problem/10804043> 15521 15522 Reviewed by Sam Weinig. 15523 15524 The code was using Node::isConstant(), when it was supposed to use Node::hasConstant(). 15525 This patch is a surgical fix; the bigger problem is: why do we have isConstant() and 15526 hasConstant() when hasConstant() is correct and isConstant() is almost always wrong? 15527 15528 * dfg/DFGSpeculativeJIT.h: 15529 (JSC::DFG::SpeculativeJIT::silentFillGPR): 15530 155312012-02-11 Sam Weinig <sam@webkit.org> 15532 15533 Prepare JavaScriptCore to build with libc++ 15534 <rdar://problem/10426673> 15535 https://bugs.webkit.org/show_bug.cgi?id=78424 15536 15537 Reviewed by Anders Carlsson. 15538 15539 * wtf/NullPtr.cpp: 15540 * wtf/NullPtr.h: 15541 libc++ provides std::nullptr emulation, so we don't have to. 15542 155432012-02-07 Filip Pizlo <fpizlo@apple.com> 15544 15545 DFG should have polymorphic put_by_id caching 15546 https://bugs.webkit.org/show_bug.cgi?id=78062 15547 <rdar://problem/10326439> <rdar://problem/10824839> 15548 15549 Reviewed by Oliver Hunt. 15550 15551 Implemented polymorphic put_by_id caching in the DFG, and added much of the 15552 machinery that would be needed to implement it in the old JIT as well. 15553 15554 I decided against using the old PolymorphicAccessStructureList mechanism as 15555 this didn't quite fit with put_by_id. In particular, I wanted the ability to 15556 have one list that captured all relevant cases (including proto put_by_id 15557 if we ever decided to do it). And I wanted the code to have better 15558 encapsulation. And I didn't want to get confused by the fact that the 15559 original (non-list) put_by_id cache may itself consist of a stub routine. 15560 15561 This code is still sub-optimal (for example adding a replace to a list whose 15562 previous elements are all transitions should just repatch the original code, 15563 but here it will generate a stub) but it already generates a >20% speed-up 15564 on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere. 15565 15566 * CMakeLists.txt: 15567 * GNUmakefile.list.am: 15568 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 15569 * JavaScriptCore.xcodeproj/project.pbxproj: 15570 * Target.pri: 15571 * bytecode/PolymorphicPutByIdList.cpp: Added. 15572 (JSC): 15573 (JSC::PutByIdAccess::fromStructureStubInfo): 15574 (JSC::PutByIdAccess::visitWeak): 15575 (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList): 15576 (JSC::PolymorphicPutByIdList::from): 15577 (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList): 15578 (JSC::PolymorphicPutByIdList::isFull): 15579 (JSC::PolymorphicPutByIdList::isAlmostFull): 15580 (JSC::PolymorphicPutByIdList::addAccess): 15581 (JSC::PolymorphicPutByIdList::visitWeak): 15582 * bytecode/PolymorphicPutByIdList.h: Added. 15583 (JSC): 15584 (PutByIdAccess): 15585 (JSC::PutByIdAccess::PutByIdAccess): 15586 (JSC::PutByIdAccess::transition): 15587 (JSC::PutByIdAccess::replace): 15588 (JSC::PutByIdAccess::isSet): 15589 (JSC::PutByIdAccess::operator!): 15590 (JSC::PutByIdAccess::type): 15591 (JSC::PutByIdAccess::isTransition): 15592 (JSC::PutByIdAccess::isReplace): 15593 (JSC::PutByIdAccess::oldStructure): 15594 (JSC::PutByIdAccess::structure): 15595 (JSC::PutByIdAccess::newStructure): 15596 (JSC::PutByIdAccess::chain): 15597 (JSC::PutByIdAccess::stubRoutine): 15598 (PolymorphicPutByIdList): 15599 (JSC::PolymorphicPutByIdList::currentSlowPathTarget): 15600 (JSC::PolymorphicPutByIdList::isEmpty): 15601 (JSC::PolymorphicPutByIdList::size): 15602 (JSC::PolymorphicPutByIdList::at): 15603 (JSC::PolymorphicPutByIdList::operator[]): 15604 (JSC::PolymorphicPutByIdList::kind): 15605 * bytecode/PutKind.h: Added. 15606 (JSC): 15607 * bytecode/StructureStubInfo.cpp: 15608 (JSC::StructureStubInfo::deref): 15609 (JSC::StructureStubInfo::visitWeakReferences): 15610 * bytecode/StructureStubInfo.h: 15611 (JSC): 15612 (JSC::isPutByIdAccess): 15613 (JSC::StructureStubInfo::initPutByIdList): 15614 (StructureStubInfo): 15615 (JSC::StructureStubInfo::reset): 15616 * dfg/DFGOperations.cpp: 15617 * dfg/DFGOperations.h: 15618 (DFG): 15619 * dfg/DFGRepatch.cpp: 15620 (JSC::DFG::appropriateGenericPutByIdFunction): 15621 (JSC::DFG::appropriateListBuildingPutByIdFunction): 15622 (DFG): 15623 (JSC::DFG::emitPutReplaceStub): 15624 (JSC::DFG::emitPutTransitionStub): 15625 (JSC::DFG::tryCachePutByID): 15626 (JSC::DFG::dfgRepatchPutByID): 15627 (JSC::DFG::tryBuildPutByIdList): 15628 (JSC::DFG::dfgBuildPutByIdList): 15629 (JSC::DFG::dfgResetPutByID): 15630 * dfg/DFGRepatch.h: 15631 (DFG): 15632 * runtime/WriteBarrier.h: 15633 (WriteBarrierBase): 15634 (JSC::WriteBarrierBase::copyFrom): 15635 156362012-02-10 Vineet Chaudhary <rgf748@motorola.com> 15637 15638 https://bugs.webkit.org/show_bug.cgi?id=72756 15639 DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it 15640 15641 Reviewed by Timothy Hatcher. 15642 15643 * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and 15644 AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions. 15645 156462012-02-10 Mark Hahnenberg <mhahnenberg@apple.com> 15647 15648 Fixing windows build 15649 15650 Unreviewed build fix 15651 15652 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 15653 156542012-02-10 Adam Klein <adamk@chromium.org> 15655 15656 Enable MUTATION_OBSERVERS by default on all platforms 15657 https://bugs.webkit.org/show_bug.cgi?id=78196 15658 15659 Reviewed by Ojan Vafai. 15660 15661 * Configurations/FeatureDefines.xcconfig: 15662 156632012-02-10 Yong Li <yoli@rim.com> 15664 15665 ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable. 15666 https://bugs.webkit.org/show_bug.cgi?id=76724 15667 15668 Reviewed by Rob Buis. 15669 15670 This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on. 15671 The size used to call makeExecutable can be smaller than the one that was used for makeWritable. 15672 So it can leave pages behind that are not set back to default flags. When an assembly on one of those 15673 pages is executed or JIT returns to those pages in the case it was already executing from there, the 15674 software will crash. 15675 15676 * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization(). 15677 (JSC::LinkBuffer::LinkBuffer): 15678 (JSC::LinkBuffer::linkCode): 15679 (JSC::LinkBuffer::performFinalization): 15680 (LinkBuffer): 15681 156822012-02-10 Mark Hahnenberg <mhahnenberg@apple.com> 15683 15684 Split MarkedSpace into destructor and destructor-free subspaces 15685 https://bugs.webkit.org/show_bug.cgi?id=77761 15686 15687 Reviewed by Geoffrey Garen. 15688 15689 * dfg/DFGSpeculativeJIT.h: 15690 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space. 15691 * heap/Heap.h: 15692 (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to 15693 pick which subspace they want to allocate out of. 15694 (JSC::Heap::allocatorForObjectWithDestructor): Ditto. 15695 (Heap): 15696 (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use. 15697 (JSC): 15698 (JSC::Heap::allocateWithoutDestructor): Ditto. 15699 * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate 15700 their MarkedBlocks correctly. 15701 (JSC::MarkedAllocator::allocateBlock): 15702 * heap/MarkedAllocator.h: 15703 (JSC::MarkedAllocator::cellsNeedDestruction): 15704 (MarkedAllocator): 15705 (JSC::MarkedAllocator::MarkedAllocator): 15706 (JSC): 15707 (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with 15708 an init function that does all of that stuff in fewer lines. 15709 * heap/MarkedBlock.cpp: 15710 (JSC::MarkedBlock::create): 15711 (JSC::MarkedBlock::recycle): 15712 (JSC::MarkedBlock::MarkedBlock): 15713 (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make 15714 checking the m_cellsNeedDestructor flag faster and cleaner looking. 15715 (JSC): 15716 (JSC::MarkedBlock::specializedSweep): 15717 (JSC::MarkedBlock::sweep): 15718 (JSC::MarkedBlock::sweepHelper): 15719 * heap/MarkedBlock.h: 15720 (MarkedBlock): 15721 (JSC::MarkedBlock::cellsNeedDestruction): 15722 (JSC): 15723 * heap/MarkedSpace.cpp: 15724 (JSC::MarkedSpace::MarkedSpace): 15725 (JSC::MarkedSpace::resetAllocators): 15726 (JSC::MarkedSpace::canonicalizeCellLivenessData): 15727 (JSC::TakeIfUnmarked::operator()): 15728 * heap/MarkedSpace.h: 15729 (MarkedSpace): 15730 (Subspace): 15731 (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of 15732 allocators. 15733 (JSC): 15734 (JSC::MarkedSpace::destructorAllocatorFor): Ditto. 15735 (JSC::MarkedSpace::allocateWithoutDestructor): Ditto. 15736 (JSC::MarkedSpace::allocateWithDestructor): Ditto. 15737 (JSC::MarkedSpace::forEachBlock): 15738 * jit/JIT.h: 15739 * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others. 15740 (JSC::JIT::emitAllocateBasicJSObject): 15741 (JSC::JIT::emitAllocateJSFinalObject): 15742 (JSC::JIT::emitAllocateJSFunction): 15743 * runtime/JSArray.cpp: 15744 (JSC): 15745 * runtime/JSArray.h: 15746 (JSArray): 15747 (JSC::JSArray::create): 15748 (JSC): 15749 (JSC::JSArray::tryCreateUninitialized): 15750 * runtime/JSCell.h: 15751 (JSCell): 15752 (JSC): 15753 (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires 15754 destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this 15755 constant to decide whether to allocate in the destructor or destructor-free parts of the heap. 15756 (JSC::allocateCell): 15757 * runtime/JSFunction.cpp: 15758 (JSC): 15759 * runtime/JSFunction.h: 15760 (JSFunction): 15761 * runtime/JSObject.cpp: 15762 (JSC): 15763 * runtime/JSObject.h: 15764 (JSNonFinalObject): 15765 (JSC): 15766 (JSFinalObject): 15767 (JSC::JSFinalObject::create): 15768 157692012-02-10 Adrienne Walker <enne@google.com> 15770 15771 Remove implicit copy constructor usage in HashMaps with OwnPtr 15772 https://bugs.webkit.org/show_bug.cgi?id=78071 15773 15774 Reviewed by Darin Adler. 15775 15776 Change the return type of emptyValue() in PairHashTraits to be the 15777 actual type returned rather than the trait type to avoid an implicit 15778 generation of the OwnPtr copy constructor. This happens for hash 15779 traits involving OwnPtr where the empty value is not zero and each 15780 hash bucket needs to be initialized with emptyValue(). 15781 15782 Also, update StructureTransitionTable to use default hash traits 15783 rather than rolling its own, in order to update it to handle 15784 EmptyValueType. 15785 15786 Test: patch from bug 74154 compiles on Clang with this patch 15787 15788 * runtime/StructureTransitionTable.h: 15789 (StructureTransitionTable): 15790 * wtf/HashTraits.h: 15791 (GenericHashTraits): 15792 (PairHashTraits): 15793 (WTF::PairHashTraits::emptyValue): 15794 157952012-02-10 Aron Rosenberg <arosenberg@logitech.com> 15796 15797 [Qt] Fix compiler warning in Visual Studio 2010 about TR1 15798 https://bugs.webkit.org/show_bug.cgi?id=63642 15799 15800 Reviewed by Simon Hausmann. 15801 15802 * JavaScriptCore.pri: 15803 158042012-02-10 Michael Saboff <msaboff@apple.com> 15805 15806 Yarr assert with regexp where alternative in *-quantified group matches empty 15807 https://bugs.webkit.org/show_bug.cgi?id=67752 15808 15809 Reviewed by Gavin Barraclough. 15810 15811 Added backtracking for the prior alternative if it matched 15812 but didn't consume any input characters. 15813 15814 * yarr/YarrJIT.cpp: 15815 (YarrOp): New jump. 15816 (JSC::Yarr::YarrGenerator::generate): Emit conditional jump 15817 when an alternative matches and no input was consumed. Moved the 15818 zero length match check for a set of alternatives to the alternative 15819 code from the parentheses cases to the alternative end cases. 15820 Converted the existing zero length checks in the parentheses cases 15821 to runtime assertion checks. 15822 (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack 15823 to prior term. 15824 158252012-02-10 Roland Takacs <takacs.roland@stud.u-szeged.hu> 15826 15827 [Qt] GC should be parallel on Qt platform 15828 https://bugs.webkit.org/show_bug.cgi?id=73309 15829 15830 Reviewed by Zoltan Herczeg. 15831 15832 These changes made the parallel gc feature available for Qt port. 15833 The implementation of "registerGCThread" and "isMainThreadOrGCThread", 15834 and a local static function [initializeGCThreads] is moved from 15835 MainThreadMac.mm to the common MainThread.cpp to make them available 15836 for other platforms. 15837 15838 Measurement results: 15839 V8 speed-up: 1.025x as fast [From: 663.4ms To: 647.0ms ] 15840 V8 Splay speed-up: 1.185x as fast [From: 138.4ms To: 116.8ms ] 15841 15842 Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. 15843 15844 * JavaScriptCore.order: 15845 * wtf/MainThread.cpp: 15846 (WTF::initializeMainThread): 15847 (WTF): 15848 (WTF::initializeGCThreads): 15849 (WTF::registerGCThread): 15850 (WTF::isMainThreadOrGCThread): 15851 * wtf/MainThread.h: 15852 (WTF): 15853 * wtf/Platform.h: 15854 * wtf/mac/MainThreadMac.mm: 15855 (WTF): 15856 158572012-02-09 Andy Wingo <wingo@igalia.com> 15858 15859 Eliminate dead code in BytecodeGenerator::resolve() 15860 https://bugs.webkit.org/show_bug.cgi?id=78242 15861 15862 Reviewed by Gavin Barraclough. 15863 15864 * bytecompiler/BytecodeGenerator.cpp: 15865 (JSC::BytecodeGenerator::resolve): 15866 BytecodeGenerator::shouldOptimizeLocals() is only true for 15867 FunctionCode, and thus cannot be true for GlobalCode. 15868 158692012-02-09 Andy Wingo <wingo@igalia.com> 15870 15871 Remove BytecodeGenerator::isLocal 15872 https://bugs.webkit.org/show_bug.cgi?id=78241 15873 15874 Minor refactor to BytecodeGenerator. 15875 15876 Reviewed by Gavin Barraclough. 15877 15878 * bytecompiler/BytecodeGenerator.h: 15879 * bytecompiler/BytecodeGenerator.cpp: 15880 (JSC::BytecodeGenerator::isLocal): 15881 (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused 15882 methods. 15883 * bytecompiler/NodesCodegen.cpp: 15884 (JSC::ResolveNode::isPure): Use the ResolveResult mechanism 15885 instead of isLocal. This will recognize more resolve nodes as 15886 being pure. 15887 (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the 15888 location instead of isLocalConstant. 15889 158902012-02-09 Oliver Hunt <oliver@apple.com> 15891 15892 The JS Parser scope object needs a VectorTrait specialization 15893 https://bugs.webkit.org/show_bug.cgi?id=78308 15894 15895 Reviewed by Gavin Barraclough. 15896 15897 This showed up as a periodic crash in various bits of generated code 15898 originally, but I've added an assertion in the bytecode generator 15899 that makes the effected code much more crash-happy should it go 15900 wrong again. 15901 15902 * bytecompiler/BytecodeGenerator.cpp: 15903 (JSC::BytecodeGenerator::BytecodeGenerator): 15904 (JSC::BytecodeGenerator::resolve): 15905 * parser/Parser.cpp: 15906 * parser/Parser.h: 15907 (JSC): 15908 * runtime/JSActivation.h: 15909 (JSC::JSActivation::isValidScopedLookup): 15910 (JSActivation): 15911 159122012-02-08 Oliver Hunt <oliver@apple.com> 15913 15914 Whoops, fix the build. 15915 15916 * runtime/Executable.cpp: 15917 (JSC::FunctionExecutable::FunctionExecutable): 15918 159192012-02-08 Oliver Hunt <oliver@apple.com> 15920 15921 Fix issue encountered while debugging stacktraces 15922 https://bugs.webkit.org/show_bug.cgi?id=78147 15923 15924 Reviewed by Gavin Barraclough. 15925 15926 Debugging is easier if we always ensure that we have a non-null 15927 inferred name. 15928 15929 * runtime/Executable.cpp: 15930 (JSC::FunctionExecutable::FunctionExecutable): 15931 159322012-02-08 Oliver Hunt <oliver@apple.com> 15933 15934 updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs 15935 https://bugs.webkit.org/show_bug.cgi?id=78145 15936 15937 Reviewed by Gavin Barraclough. 15938 15939 Fix the updateTopCallFrame helper to store additional information 15940 that becomes necessary when we are trying to provide more stack 15941 frame information. 15942 15943 * interpreter/CallFrame.h: 15944 (JSC::ExecState::bytecodeOffsetForBaselineJIT): 15945 (ExecState): 15946 * jit/JIT.cpp: 15947 (JSC::JIT::privateCompile): 15948 * jit/JIT.h: 15949 (JSC::JIT::compileGetByIdProto): 15950 (JSC::JIT::compileGetByIdSelfList): 15951 (JSC::JIT::compileGetByIdProtoList): 15952 (JSC::JIT::compileGetByIdChainList): 15953 (JSC::JIT::compileGetByIdChain): 15954 (JSC::JIT::compilePutByIdTransition): 15955 (JIT): 15956 * jit/JITInlineMethods.h: 15957 (JSC::JIT::updateTopCallFrame): 15958 159592012-02-07 Robert Kroeger <rjkroege@chromium.org> 15960 15961 [chromium] Remove the enable marcro for the no longer necessary Chromium 15962 gesture recognizer. 15963 https://bugs.webkit.org/show_bug.cgi?id=77492 15964 15965 Reviewed by Adam Barth. 15966 15967 * wtf/Platform.h: 15968 159692012-02-07 Tony Chang <tony@chromium.org> 15970 15971 merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in 15972 https://bugs.webkit.org/show_bug.cgi?id=78036 15973 15974 Reviewed by Darin Adler. 15975 15976 * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES. 15977 159782012-02-07 Gyuyoung Kim <gyuyoung.kim@samsung.com> 15979 15980 [CMAKE] Use *bin* and *lib* directories for executable and libraries. 15981 https://bugs.webkit.org/show_bug.cgi?id=77928 15982 15983 Reviewed by Daniel Bates. 15984 15985 CMake has used *Programs* directory for executable. In addition, shared libraries are being 15986 built in source directory. It is better to set common places in order to maintain executable 15987 and libraries. *bin* is for executable and *lib* is for library. 15988 15989 * shell/CMakeLists.txt: Change *Programs* with *bin*. 15990 159912012-02-07 Gavin Barraclough <barraclough@apple.com> 15992 15993 Crash on http://www.rickshawbags.com/ 15994 https://bugs.webkit.org/show_bug.cgi?id=78045 15995 15996 Reviewed by Darin Adler. 15997 15998 Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag() 15999 16000 This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933, 16001 isVariableObject() checks were excluding StaticScopeObjects, this patch 16002 inadvertently changed them to be included. 16003 16004 * runtime/JSType.h: 16005 - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType, 16006 and thus is excluded from isVariableObject() checks. 16007 160082012-02-06 Jer Noble <jer.noble@apple.com> 16009 16010 Use CMClock as a timing source for PlatformClock where available. 16011 https://bugs.webkit.org/show_bug.cgi?id=77885 16012 16013 Reviewed by Eric Carlson. 16014 16015 * wtf/Platform.h: Added WTF_USE_COREMEDIA. 16016 160172012-02-06 Filip Pizlo <fpizlo@apple.com> 16018 16019 ValueToNumber and ValueToDouble nodes don't do anything and should be removed 16020 https://bugs.webkit.org/show_bug.cgi?id=77855 16021 <rdar://problem/10811325> 16022 16023 Reviewed by Gavin Barraclough. 16024 16025 Removed ValueToNumber and ValueToDouble, because the only thing they were doing 16026 was wasting registers. 16027 16028 This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken, 16029 mostly due to a >10% win on gaussian-blur. No win anywhere else. 16030 16031 * dfg/DFGAbstractState.cpp: 16032 (JSC::DFG::AbstractState::execute): 16033 * dfg/DFGByteCodeParser.cpp: 16034 (JSC::DFG::ByteCodeParser::getToInt32): 16035 (ByteCodeParser): 16036 (JSC::DFG::ByteCodeParser::handleMinMax): 16037 (JSC::DFG::ByteCodeParser::handleIntrinsic): 16038 (JSC::DFG::ByteCodeParser::parseBlock): 16039 * dfg/DFGNode.h: 16040 (DFG): 16041 (JSC::DFG::Node::hasArithNodeFlags): 16042 * dfg/DFGPropagator.cpp: 16043 (JSC::DFG::Propagator::propagateArithNodeFlags): 16044 (JSC::DFG::Propagator::propagateNodePredictions): 16045 (JSC::DFG::Propagator::vote): 16046 (JSC::DFG::Propagator::doRoundOfDoubleVoting): 16047 (Propagator): 16048 (JSC::DFG::Propagator::fixupNode): 16049 (JSC::DFG::Propagator::canonicalize): 16050 * dfg/DFGSpeculativeJIT.cpp: 16051 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 16052 * dfg/DFGSpeculativeJIT32_64.cpp: 16053 (JSC::DFG::SpeculativeJIT::compile): 16054 * dfg/DFGSpeculativeJIT64.cpp: 16055 (JSC::DFG::SpeculativeJIT::compile): 16056 160572012-02-06 Patrick Gansterer <paroga@webkit.org> 16058 16059 Unreviewed WinCE build fix after r106197. 16060 16061 * tools/CodeProfiling.cpp: 16062 (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it. 16063 160642012-02-05 Gavin Barraclough <barraclough@apple.com> 16065 16066 Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter 16067 https://bugs.webkit.org/show_bug.cgi?id=77451 16068 16069 Reviewed by Sam Weinig. 16070 16071 These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor. 16072 Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor. 16073 16074 * JavaScriptCore.exp: 16075 * debugger/DebuggerActivation.cpp: 16076 (JSC::DebuggerActivation::defineOwnProperty): 16077 * debugger/DebuggerActivation.h: 16078 (DebuggerActivation): 16079 * runtime/ClassInfo.h: 16080 (MethodTable): 16081 (JSC): 16082 * runtime/JSBoundFunction.cpp: 16083 (JSC::JSBoundFunction::finishCreation): 16084 * runtime/JSCell.cpp: 16085 (JSC): 16086 * runtime/JSCell.h: 16087 (JSCell): 16088 * runtime/JSFunction.cpp: 16089 (JSC::JSFunction::getOwnPropertySlot): 16090 (JSC::JSFunction::getOwnPropertyDescriptor): 16091 * runtime/JSGlobalObject.cpp: 16092 (JSC::JSGlobalObject::defineOwnProperty): 16093 (JSC): 16094 * runtime/JSGlobalObject.h: 16095 (JSGlobalObject): 16096 * runtime/JSObject.cpp: 16097 (JSC): 16098 * runtime/JSObject.h: 16099 (JSObject): 16100 * runtime/ObjectPrototype.cpp: 16101 (JSC::objectProtoFuncDefineGetter): 16102 (JSC::objectProtoFuncDefineSetter): 16103 (JSC::objectProtoFuncLookupGetter): 16104 (JSC::objectProtoFuncLookupSetter): 16105 161062012-02-06 Carlos Garcia Campos <cgarcia@igalia.com> 16107 16108 Unreviewed. Fix make distcheck. 16109 16110 * GNUmakefile.list.am: Add missing files. 16111 161122012-02-05 Filip Pizlo <fpizlo@apple.com> 16113 16114 DFG's child references from one node to another should have room for type information 16115 https://bugs.webkit.org/show_bug.cgi?id=77797 16116 16117 Reviewed by Oliver Hunt. 16118 16119 The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned) 16120 and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated 16121 together as a DFG::NodeUse, which can in most cases still be used as an index (for 16122 example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places 16123 where they really want a NodeIndex). 16124 16125 The NodeUse stores both the index and the UseKind without bloating the memory usage of 16126 DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is 16127 roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile 16128 something - likely a sensible assumption! - then we will only be able to have room for 16129 about 24 million nodes, which means we only need about 24.5 bits for the node index). 16130 Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index, 16131 but stores the index as a signed number to make NoNode work naturally. Hence we really 16132 just have 27 bits for the index. 16133 16134 This is performance-neutral on all benchmarks we track. 16135 16136 * JavaScriptCore.xcodeproj/project.pbxproj: 16137 * dfg/DFGAbstractState.h: 16138 (JSC::DFG::AbstractState::forNode): 16139 (AbstractState): 16140 * dfg/DFGByteCodeParser.cpp: 16141 (JSC::DFG::ByteCodeParser::getLocal): 16142 (JSC::DFG::ByteCodeParser::getArgument): 16143 (JSC::DFG::ByteCodeParser::toInt32): 16144 (JSC::DFG::ByteCodeParser::addVarArgChild): 16145 (JSC::DFG::ByteCodeParser::processPhiStack): 16146 * dfg/DFGCommon.h: 16147 * dfg/DFGGraph.cpp: 16148 (JSC::DFG::Graph::dump): 16149 (DFG): 16150 * dfg/DFGGraph.h: 16151 (Graph): 16152 (JSC::DFG::Graph::operator[]): 16153 (JSC::DFG::Graph::at): 16154 (JSC::DFG::Graph::ref): 16155 (JSC::DFG::Graph::deref): 16156 (JSC::DFG::Graph::clearAndDerefChild1): 16157 (JSC::DFG::Graph::clearAndDerefChild2): 16158 (JSC::DFG::Graph::clearAndDerefChild3): 16159 * dfg/DFGJITCompiler.h: 16160 (JSC::DFG::JITCompiler::getPrediction): 16161 * dfg/DFGNode.h: 16162 (JSC::DFG::Node::Node): 16163 (JSC::DFG::Node::child1): 16164 (JSC::DFG::Node::child1Unchecked): 16165 (JSC::DFG::Node::child2): 16166 (JSC::DFG::Node::child3): 16167 (JSC::DFG::Node::firstChild): 16168 (JSC::DFG::Node::numChildren): 16169 (JSC::DFG::Node::dumpChildren): 16170 (Node): 16171 * dfg/DFGNodeReferenceBlob.h: Added. 16172 (DFG): 16173 (NodeReferenceBlob): 16174 (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob): 16175 (JSC::DFG::NodeReferenceBlob::child): 16176 (JSC::DFG::NodeReferenceBlob::child1): 16177 (JSC::DFG::NodeReferenceBlob::child2): 16178 (JSC::DFG::NodeReferenceBlob::child3): 16179 (JSC::DFG::NodeReferenceBlob::child1Unchecked): 16180 (JSC::DFG::NodeReferenceBlob::initialize): 16181 (JSC::DFG::NodeReferenceBlob::firstChild): 16182 (JSC::DFG::NodeReferenceBlob::setFirstChild): 16183 (JSC::DFG::NodeReferenceBlob::numChildren): 16184 (JSC::DFG::NodeReferenceBlob::setNumChildren): 16185 * dfg/DFGNodeUse.h: Added. 16186 (DFG): 16187 (NodeUse): 16188 (JSC::DFG::NodeUse::NodeUse): 16189 (JSC::DFG::NodeUse::indexUnchecked): 16190 (JSC::DFG::NodeUse::index): 16191 (JSC::DFG::NodeUse::setIndex): 16192 (JSC::DFG::NodeUse::useKind): 16193 (JSC::DFG::NodeUse::setUseKind): 16194 (JSC::DFG::NodeUse::isSet): 16195 (JSC::DFG::NodeUse::operator!): 16196 (JSC::DFG::NodeUse::operator==): 16197 (JSC::DFG::NodeUse::operator!=): 16198 (JSC::DFG::NodeUse::shift): 16199 (JSC::DFG::NodeUse::makeWord): 16200 (JSC::DFG::operator==): 16201 (JSC::DFG::operator!=): 16202 * dfg/DFGPropagator.cpp: 16203 (JSC::DFG::Propagator::propagateArithNodeFlags): 16204 (JSC::DFG::Propagator::vote): 16205 (JSC::DFG::Propagator::toDouble): 16206 (JSC::DFG::Propagator::fixupNode): 16207 (JSC::DFG::Propagator::canonicalize): 16208 (JSC::DFG::Propagator::startIndex): 16209 (JSC::DFG::Propagator::globalVarLoadElimination): 16210 (JSC::DFG::Propagator::getByValLoadElimination): 16211 (JSC::DFG::Propagator::getByOffsetLoadElimination): 16212 (JSC::DFG::Propagator::performSubstitution): 16213 (JSC::DFG::Propagator::performNodeCSE): 16214 * dfg/DFGScoreBoard.h: 16215 (JSC::DFG::ScoreBoard::use): 16216 * dfg/DFGSpeculativeJIT.cpp: 16217 (JSC::DFG::SpeculativeJIT::useChildren): 16218 (JSC::DFG::SpeculativeJIT::writeBarrier): 16219 (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): 16220 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 16221 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 16222 (JSC::DFG::SpeculativeJIT::compileMovHint): 16223 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 16224 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 16225 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 16226 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): 16227 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 16228 (JSC::DFG::SpeculativeJIT::compileAdd): 16229 (JSC::DFG::SpeculativeJIT::compileArithSub): 16230 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): 16231 (JSC::DFG::SpeculativeJIT::compileStrictEq): 16232 * dfg/DFGSpeculativeJIT.h: 16233 (JSC::DFG::SpeculativeJIT::at): 16234 (JSC::DFG::SpeculativeJIT::canReuse): 16235 (JSC::DFG::SpeculativeJIT::use): 16236 (SpeculativeJIT): 16237 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): 16238 (JSC::DFG::SpeculativeJIT::speculationCheck): 16239 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 16240 (JSC::DFG::IntegerOperand::IntegerOperand): 16241 (JSC::DFG::DoubleOperand::DoubleOperand): 16242 (JSC::DFG::JSValueOperand::JSValueOperand): 16243 (JSC::DFG::StorageOperand::StorageOperand): 16244 (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): 16245 (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): 16246 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): 16247 (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): 16248 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): 16249 * dfg/DFGSpeculativeJIT32_64.cpp: 16250 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): 16251 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): 16252 (JSC::DFG::SpeculativeJIT::cachedPutById): 16253 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): 16254 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 16255 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): 16256 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 16257 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): 16258 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 16259 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): 16260 (JSC::DFG::SpeculativeJIT::emitCall): 16261 (JSC::DFG::SpeculativeJIT::compileValueAdd): 16262 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 16263 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 16264 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 16265 (JSC::DFG::SpeculativeJIT::emitBranch): 16266 (JSC::DFG::SpeculativeJIT::compile): 16267 * dfg/DFGSpeculativeJIT64.cpp: 16268 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): 16269 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): 16270 (JSC::DFG::SpeculativeJIT::cachedPutById): 16271 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): 16272 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 16273 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): 16274 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 16275 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): 16276 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 16277 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): 16278 (JSC::DFG::SpeculativeJIT::emitCall): 16279 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 16280 (JSC::DFG::SpeculativeJIT::compileValueAdd): 16281 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 16282 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 16283 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 16284 (JSC::DFG::SpeculativeJIT::emitBranch): 16285 (JSC::DFG::SpeculativeJIT::compile): 16286 162872012-02-05 Gyuyoung Kim <gyuyoung.kim@samsung.com> 16288 16289 [CMAKE] Support javascriptcore test for EFL port. 16290 https://bugs.webkit.org/show_bug.cgi?id=77425 16291 16292 Reviewed by Daniel Bates. 16293 16294 Efl and WinCE as well as Blackberry port are now using Cmake as its build system 16295 and they are share the make file to create jsc excutable. In order to run 16296 "run-javascriptcore-tests", EFL port needs to change jsc installation configuration 16297 with executable output directory(e.g. Programs). So, this patch change jsc installation 16298 configuration only for EFL port. 16299 16300 * shell/CMakeLists.txt: 16301 163022012-02-04 Gavin Barraclough <barraclough@apple.com> 16303 16304 Rubber stamped by Sam Weinig. 16305 16306 * yarr/YarrPattern.cpp: 16307 (JSC::Yarr::YarrPatternConstructor::quantifyAtom): 16308 - Fix comment. 16309 163102012-02-04 Kalev Lember <kalevlember@gmail.com> 16311 16312 [GTK] CurrentTime: Reorder headers for win32 16313 https://bugs.webkit.org/show_bug.cgi?id=77808 16314 16315 Reviewed by Martin Robinson. 16316 16317 In GTK+ win32 port, monotonicallyIncreasingTime() implementation is 16318 based on g_get_monotonic_time(). Reorder headers to make sure glib.h 16319 gets included even when the platform is win32. 16320 16321 CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()': 16322 CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope 16323 CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type] 16324 16325 * wtf/CurrentTime.cpp: 16326 163272012-02-03 Anders Carlsson <andersca@apple.com> 16328 16329 Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores 16330 https://bugs.webkit.org/show_bug.cgi?id=77788 16331 16332 Reviewed by Andreas Kling. 16333 16334 The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to 16335 code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening. 16336 16337 * wtf/FastAllocBase.h: 16338 163392012-02-03 Rob Buis <rbuis@rim.com> 16340 16341 Fix alignment warnings in ARMv7 16342 https://bugs.webkit.org/show_bug.cgi?id=55368 16343 16344 Reviewed by Filip Pizlo. 16345 16346 Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code. 16347 16348 * heap/HandleTypes.h: 16349 (JSC::HandleTypes::getFromSlot): 16350 * heap/MarkedBlock.cpp: 16351 (JSC::MarkedBlock::specializedSweep): 16352 * heap/MarkedBlock.h: 16353 (JSC::MarkedBlock::forEachCell): 16354 * runtime/WriteBarrier.h: 16355 (JSC::WriteBarrierBase::get): 16356 (JSC::WriteBarrierBase::unvalidatedGet): 16357 163582012-02-03 Mark Hahnenberg <mhahnenberg@apple.com> 16359 16360 Build fix 16361 16362 Unreviewed build fix 16363 16364 Forgot to add a couple files. 16365 16366 * heap/MarkedAllocator.cpp: Added. 16367 (JSC): 16368 (JSC::MarkedAllocator::tryAllocateHelper): 16369 (JSC::MarkedAllocator::tryAllocate): 16370 (JSC::MarkedAllocator::allocateSlowCase): 16371 (JSC::MarkedAllocator::allocateBlock): 16372 (JSC::MarkedAllocator::addBlock): 16373 (JSC::MarkedAllocator::removeBlock): 16374 * heap/MarkedAllocator.h: Added. 16375 (JSC): 16376 (DFG): 16377 (MarkedAllocator): 16378 (JSC::MarkedAllocator::cellSize): 16379 (JSC::MarkedAllocator::heap): 16380 (JSC::MarkedAllocator::setHeap): 16381 (JSC::MarkedAllocator::setCellSize): 16382 (JSC::MarkedAllocator::setMarkedSpace): 16383 (JSC::MarkedAllocator::MarkedAllocator): 16384 (JSC::MarkedAllocator::allocate): 16385 (JSC::MarkedAllocator::reset): 16386 (JSC::MarkedAllocator::zapFreeList): 16387 (JSC::MarkedAllocator::forEachBlock): 16388 163892012-02-03 Mark Hahnenberg <mhahnenberg@apple.com> 16390 16391 Refactor MarkedBlock::SizeClass into a separate class 16392 https://bugs.webkit.org/show_bug.cgi?id=77600 16393 16394 Reviewed by Geoffrey Garen. 16395 16396 We pulled SizeClass out into its own class, named MarkedAllocator, and gave it 16397 the responsibility of allocating objects from the collection of MarkedBlocks 16398 that it manages. Also limited the amount of coupling to internal data fields 16399 from other places, although it's mostly unavoidable in the JIT code. 16400 16401 Eventually MarkedAllocator will implement various policies to do with object 16402 management, e.g. whether or not to run destructors on objects that it manages. 16403 MarkedSpace will manage a collection of MarkedAllocators with varying policies, 16404 as it does now but to a larger extent. 16405 16406 * CMakeLists.txt: 16407 * GNUmakefile.list.am: 16408 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 16409 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 16410 * JavaScriptCore.xcodeproj/project.pbxproj: 16411 * Target.pri: 16412 * dfg/DFGSpeculativeJIT.h: 16413 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): 16414 * heap/Heap.cpp: 16415 (JSC::Heap::collect): 16416 (JSC::Heap::resetAllocators): 16417 * heap/Heap.h: 16418 (JSC::Heap::allocatorForObject): 16419 (Heap): 16420 * heap/MarkedAllocator.cpp: Added. 16421 (JSC): 16422 (JSC::MarkedAllocator::tryAllocateHelper): 16423 (JSC::MarkedAllocator::tryAllocate): 16424 (JSC::MarkedAllocator::allocateSlowCase): 16425 (JSC::MarkedAllocator::allocateBlock): 16426 (JSC::MarkedAllocator::addBlock): 16427 (JSC::MarkedAllocator::removeBlock): 16428 * heap/MarkedAllocator.h: Added. 16429 (JSC): 16430 (DFG): 16431 (MarkedAllocator): 16432 (JSC::MarkedAllocator::cellSize): 16433 (JSC::MarkedAllocator::heap): 16434 (JSC::MarkedAllocator::setHeap): 16435 (JSC::MarkedAllocator::setCellSize): 16436 (JSC::MarkedAllocator::setMarkedSpace): 16437 (JSC::MarkedAllocator::MarkedAllocator): 16438 (JSC::MarkedAllocator::allocate): 16439 (JSC::MarkedAllocator::reset): 16440 (JSC::MarkedAllocator::zapFreeList): 16441 (JSC::MarkedAllocator::forEachBlock): 16442 * heap/MarkedSpace.cpp: 16443 (JSC::MarkedSpace::MarkedSpace): 16444 (JSC::MarkedSpace::resetAllocators): 16445 (JSC::MarkedSpace::canonicalizeCellLivenessData): 16446 (JSC::TakeIfUnmarked::operator()): 16447 * heap/MarkedSpace.h: 16448 (MarkedSpace): 16449 (JSC::MarkedSpace::allocatorFor): 16450 (JSC::MarkedSpace::allocate): 16451 (JSC::MarkedSpace::forEachBlock): 16452 (JSC::MarkedSpace::didAddBlock): 16453 (JSC::MarkedSpace::didConsumeFreeList): 16454 * jit/JITInlineMethods.h: 16455 (JSC::JIT::emitAllocateBasicJSObject): 16456 164572012-02-03 Simon Hausmann <simon.hausmann@nokia.com> 16458 16459 [Qt] Replace GNU linker script for exports with export macros in WTF/JSC 16460 https://bugs.webkit.org/show_bug.cgi?id=77723 16461 16462 Reviewed by Tor Arne Vestbø. 16463 16464 * wtf/Platform.h: Enable use of export macros. 16465 164662012-02-02 Hajime Morrita <morrita@chromium.org> 16467 16468 Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation. 16469 16470 * interpreter/Interpreter.h: 16471 (Interpreter): 16472 164732012-01-31 Hajime Morrita <morrita@chromium.org> 16474 16475 [Mac] eliminate JavaScriptCore.exp 16476 https://bugs.webkit.org/show_bug.cgi?id=72854 16477 16478 Reviewed by Darin Adler. 16479 16480 - Removed exp files and corresponding makefile entries. 16481 - Changed the build configuration no to use exp file. 16482 16483 * Configurations/JavaScriptCore.xcconfig: 16484 * DerivedSources.make: 16485 * JavaScriptCore.JSVALUE32_64only.exp: Removed. 16486 * JavaScriptCore.JSVALUE64only.exp: Removed. 16487 * JavaScriptCore.exp: Removed. 16488 * JavaScriptCore.xcodeproj/project.pbxproj: 16489 * wtf/Platform.h: 16490 164912012-02-02 Benjamin Poulain <bpoulain@apple.com> 16492 16493 Running a Web Worker on about:blank crashes the interpreter 16494 https://bugs.webkit.org/show_bug.cgi?id=77593 16495 16496 Reviewed by Michael Saboff. 16497 16498 The method Interpreter::execute() was crashing on empty programs because 16499 the assumption is made the source is not null. 16500 16501 This patch shortcut the execution when the String is null to avoid invalid 16502 memory access. 16503 16504 * interpreter/Interpreter.cpp: 16505 (JSC::Interpreter::execute): 16506 165072012-02-02 Kalev Lember <kalevlember@gmail.com> 16508 16509 [GTK] Use win32 native threading 16510 https://bugs.webkit.org/show_bug.cgi?id=77676 16511 16512 Reviewed by Martin Robinson. 16513 16514 r97269 switched from glib threading to pthreads, breaking win32 GTK+. 16515 This is a follow up, removing some leftovers in ThreadSpecific.h and 16516 switching win32 to use the native threading in ThreadingWin.cpp. 16517 16518 * GNUmakefile.list.am: Compile in win32 native threading support 16519 * wtf/ThreadSpecific.h: Remove GTK+-specific definitions 16520 (ThreadSpecific): 16521 (WTF::::destroy): 16522 165232012-02-02 Filip Pizlo <fpizlo@apple.com> 16524 16525 retrieveCallerFromVMCode should call trueCallerFrame 16526 https://bugs.webkit.org/show_bug.cgi?id=77684 16527 16528 Reviewed by Oliver Hunt. 16529 16530 * interpreter/Interpreter.cpp: 16531 (JSC::Interpreter::retrieveCallerFromVMCode): 16532 165332012-02-02 Kalev Lember <kalevlember@gmail.com> 16534 16535 [GTK] Implement current executable path finding for win32 16536 https://bugs.webkit.org/show_bug.cgi?id=77677 16537 16538 Reviewed by Martin Robinson. 16539 16540 The WTF helper for getting the binary path that was added in r101710 16541 left out the win32 implementation. Fix this. 16542 16543 * wtf/gobject/GlibUtilities.cpp: 16544 (getCurrentExecutablePath): 16545 165462012-02-02 Filip Pizlo <fpizlo@apple.com> 16547 16548 Throwing away bytecode and then reparsing during DFG optimization is just 16549 plain wrong and makes things crash 16550 https://bugs.webkit.org/show_bug.cgi?id=77680 16551 <rdar://problem/10798490> 16552 16553 Reviewed by Oliver Hunt. 16554 16555 This is the minimal surgical fix: it removes the code that triggered bytecode 16556 throw-away. Once we're confident that this is a good idea, we can kill all of 16557 the code that implements the feature. 16558 16559 * bytecode/CodeBlock.h: 16560 (JSC::CodeBlock::discardBytecodeLater): 16561 (JSC::CodeBlock::addValueProfile): 16562 * jit/JITDriver.h: 16563 (JSC::jitCompileIfAppropriate): 16564 (JSC::jitCompileFunctionIfAppropriate): 16565 165662012-02-02 Filip Pizlo <fpizlo@apple.com> 16567 16568 Release build debugging should be easier 16569 https://bugs.webkit.org/show_bug.cgi?id=77669 16570 16571 Reviewed by Gavin Barraclough. 16572 16573 * assembler/ARMAssembler.h: 16574 (ARMAssembler): 16575 (JSC::ARMAssembler::debugOffset): 16576 * assembler/ARMv7Assembler.h: 16577 (ARMv7Assembler): 16578 (JSC::ARMv7Assembler::debugOffset): 16579 (ARMInstructionFormatter): 16580 (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset): 16581 * assembler/AbstractMacroAssembler.h: 16582 (AbstractMacroAssembler): 16583 (JSC::AbstractMacroAssembler::debugOffset): 16584 * assembler/AssemblerBuffer.h: 16585 (AssemblerBuffer): 16586 (JSC::AssemblerBuffer::debugOffset): 16587 * assembler/LinkBuffer.h: 16588 (LinkBuffer): 16589 (JSC::LinkBuffer::debugSize): 16590 * assembler/MIPSAssembler.h: 16591 (MIPSAssembler): 16592 (JSC::MIPSAssembler::debugOffset): 16593 * assembler/X86Assembler.h: 16594 (X86Assembler): 16595 (JSC::X86Assembler::debugOffset): 16596 (X86InstructionFormatter): 16597 (JSC::X86Assembler::X86InstructionFormatter::debugOffset): 16598 * bytecode/CodeBlock.cpp: 16599 (JSC): 16600 * bytecode/CodeBlock.h: 16601 (CodeBlock): 16602 * bytecode/CodeOrigin.h: 16603 (CodeOrigin): 16604 (JSC): 16605 (JSC::CodeOrigin::inlineStack): 16606 * bytecode/DFGExitProfile.h: 16607 (JSC::DFG::exitKindToString): 16608 * bytecode/DataFormat.h: 16609 (JSC::dataFormatToString): 16610 * bytecode/PredictedType.cpp: 16611 (JSC): 16612 (JSC::predictionToString): 16613 * bytecode/PredictedType.h: 16614 (JSC): 16615 * bytecode/ValueRecovery.h: 16616 (ValueRecovery): 16617 (JSC::ValueRecovery::dump): 16618 * bytecompiler/BytecodeGenerator.cpp: 16619 (JSC): 16620 (JSC::BytecodeGenerator::setDumpsGeneratedCode): 16621 (JSC::BytecodeGenerator::dumpsGeneratedCode): 16622 (JSC::BytecodeGenerator::generate): 16623 * dfg/DFGAbstractValue.h: 16624 (StructureAbstractValue): 16625 (JSC::DFG::StructureAbstractValue::dump): 16626 (AbstractValue): 16627 (JSC::DFG::AbstractValue::dump): 16628 * dfg/DFGAssemblyHelpers.h: 16629 (DFG): 16630 (AssemblyHelpers): 16631 (JSC::DFG::AssemblyHelpers::debugCall): 16632 * dfg/DFGFPRInfo.h: 16633 (FPRInfo): 16634 (JSC::DFG::FPRInfo::debugName): 16635 * dfg/DFGGPRInfo.h: 16636 (GPRInfo): 16637 (JSC::DFG::GPRInfo::debugName): 16638 * dfg/DFGGraph.cpp: 16639 (DFG): 16640 * dfg/DFGGraph.h: 16641 (Graph): 16642 * dfg/DFGNode.h: 16643 (DFG): 16644 (JSC::DFG::arithNodeFlagsAsString): 16645 (Node): 16646 (JSC::DFG::Node::hasIdentifier): 16647 (JSC::DFG::Node::dumpChildren): 16648 * dfg/DFGOSRExit.cpp: 16649 (DFG): 16650 (JSC::DFG::OSRExit::dump): 16651 * dfg/DFGOSRExit.h: 16652 (OSRExit): 16653 * runtime/JSValue.cpp: 16654 (JSC): 16655 (JSC::JSValue::description): 16656 * runtime/JSValue.h: 16657 (JSValue): 16658 * wtf/BitVector.cpp: 16659 (WTF): 16660 (WTF::BitVector::dump): 16661 * wtf/BitVector.h: 16662 (BitVector): 16663 166642012-02-02 Oliver Hunt <oliver@apple.com> 16665 16666 Getters and setters cause line numbers in errors/console.log to be offset for the whole file 16667 https://bugs.webkit.org/show_bug.cgi?id=77675 16668 16669 Reviewed by Timothy Hatcher. 16670 16671 Our default literal parsing logic doesn't handle the extra work required for 16672 getters and setters. When it encounters one, it rolls back the lexer and 16673 then switches to a more complete parsing function. Unfortunately it was only 16674 winding back the character position, and was ignoring the line number and 16675 other lexer data. This led to every getter and setter causing the line number 16676 to be incorrectly incremented leading to increasingly incorrect numbers for 16677 the rest of the file. 16678 16679 * parser/Parser.cpp: 16680 (JSC::::parseObjectLiteral): 16681 166822012-02-02 Andy Wingo <wingo@igalia.com> 16683 16684 Fix type punning warning in HashTable.h debug builds 16685 https://bugs.webkit.org/show_bug.cgi?id=77422 16686 16687 Reviewed by Gavin Barraclough. 16688 16689 * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning 16690 warning appearing in debug builds with gcc-4.6.2 on GNU/Linux. 16691 166922012-02-01 Michael Saboff <msaboff@apple.com> 16693 16694 Yarr crash with regexp replace 16695 https://bugs.webkit.org/show_bug.cgi?id=67454 16696 16697 Reviewed by Gavin Barraclough. 16698 16699 Properly handle the case of a back reference to an unmatched 16700 subpattern by always matching without consuming any characters. 16701 16702 * yarr/YarrInterpreter.cpp: 16703 (JSC::Yarr::Interpreter::matchBackReference): 16704 (JSC::Yarr::Interpreter::backtrackBackReference): 16705 167062012-02-01 Gavin Barraclough <barraclough@apple.com> 16707 16708 calling function on catch block scope containing an eval result in wrong this value being passed 16709 https://bugs.webkit.org/show_bug.cgi?id=77581 16710 16711 Reviewed by Oliver Hunt. 16712 16713 javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); } 16714 16715 * bytecompiler/NodesCodegen.cpp: 16716 (JSC::TryNode::emitBytecode): 16717 * interpreter/Interpreter.cpp: 16718 (JSC::Interpreter::execute): 16719 * parser/ASTBuilder.h: 16720 (JSC::ASTBuilder::createTryStatement): 16721 * parser/NodeConstructors.h: 16722 (JSC::TryNode::TryNode): 16723 * parser/Nodes.h: 16724 (TryNode): 16725 * parser/Parser.cpp: 16726 (JSC::::parseTryStatement): 16727 * parser/SyntaxChecker.h: 16728 (JSC::SyntaxChecker::createTryStatement): 16729 * runtime/JSObject.h: 16730 (JSObject): 16731 (JSC::JSObject::isStaticScopeObject): 16732 (JSC): 16733 167342012-02-01 Oliver Hunt <oliver@apple.com> 16735 16736 Add support for inferred function names 16737 https://bugs.webkit.org/show_bug.cgi?id=77579 16738 16739 Reviewed by Gavin Barraclough. 16740 16741 Add new "inferred" names to function expressions, getters, and setters. 16742 This property is not exposed to JS, so is only visible in the debugger 16743 and profiler. 16744 16745 * JavaScriptCore.exp: 16746 * bytecompiler/BytecodeGenerator.h: 16747 (JSC::BytecodeGenerator::makeFunction): 16748 * debugger/DebuggerCallFrame.cpp: 16749 (JSC::DebuggerCallFrame::calculatedFunctionName): 16750 * parser/ASTBuilder.h: 16751 (JSC::ASTBuilder::createAssignResolve): 16752 (JSC::ASTBuilder::createGetterOrSetterProperty): 16753 (JSC::ASTBuilder::createProperty): 16754 (JSC::ASTBuilder::makeAssignNode): 16755 * parser/Nodes.h: 16756 (JSC::FunctionBodyNode::setInferredName): 16757 (JSC::FunctionBodyNode::inferredName): 16758 (FunctionBodyNode): 16759 * profiler/Profiler.cpp: 16760 (JSC): 16761 (JSC::Profiler::createCallIdentifier): 16762 (JSC::createCallIdentifierFromFunctionImp): 16763 * runtime/Executable.cpp: 16764 (JSC::FunctionExecutable::FunctionExecutable): 16765 (JSC::FunctionExecutable::fromGlobalCode): 16766 * runtime/Executable.h: 16767 (JSC::FunctionExecutable::create): 16768 (JSC::FunctionExecutable::inferredName): 16769 (FunctionExecutable): 16770 * runtime/JSFunction.cpp: 16771 (JSC::JSFunction::calculatedDisplayName): 16772 (JSC): 16773 (JSC::getCalculatedDisplayName): 16774 * runtime/JSFunction.h: 16775 (JSC): 16776 167772012-02-01 Filip Pizlo <fpizlo@apple.com> 16778 16779 DFG should fold double-to-int conversions 16780 https://bugs.webkit.org/show_bug.cgi?id=77532 16781 16782 Reviewed by Oliver Hunt. 16783 16784 Performance neutral on major benchmarks. But it makes calling V8's 16785 Math.random() 4x faster. 16786 16787 * bytecode/CodeBlock.cpp: 16788 (JSC): 16789 (JSC::CodeBlock::addOrFindConstant): 16790 * bytecode/CodeBlock.h: 16791 (JSC::CodeBlock::addConstant): 16792 (CodeBlock): 16793 * dfg/DFGAbstractState.cpp: 16794 (JSC::DFG::AbstractState::execute): 16795 * dfg/DFGByteCodeParser.cpp: 16796 (JSC::DFG::ByteCodeParser::toInt32): 16797 (ByteCodeParser): 16798 (JSC::DFG::ByteCodeParser::getJSConstantForValue): 16799 (JSC::DFG::ByteCodeParser::isInt32Constant): 16800 * dfg/DFGGraph.h: 16801 (JSC::DFG::Graph::addShouldSpeculateInteger): 16802 (Graph): 16803 (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): 16804 * dfg/DFGPropagator.cpp: 16805 (JSC::DFG::Propagator::propagateNodePredictions): 16806 (JSC::DFG::Propagator::doRoundOfDoubleVoting): 16807 (JSC::DFG::Propagator::fixupNode): 16808 * dfg/DFGSpeculativeJIT.cpp: 16809 (JSC::DFG::SpeculativeJIT::compileAdd): 16810 (DFG): 16811 (JSC::DFG::SpeculativeJIT::compileArithSub): 16812 * dfg/DFGSpeculativeJIT.h: 16813 (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32): 16814 (SpeculativeJIT): 16815 * dfg/DFGSpeculativeJIT32_64.cpp: 16816 (JSC::DFG::SpeculativeJIT::compile): 16817 * dfg/DFGSpeculativeJIT64.cpp: 16818 (JSC::DFG::SpeculativeJIT::compile): 16819 * runtime/JSValueInlineMethods.h: 16820 (JSC::JSValue::asDouble): 16821 168222012-02-01 Filip Pizlo <fpizlo@apple.com> 16823 16824 DFG graph dump for GetScopedVar should show the correct prediction 16825 https://bugs.webkit.org/show_bug.cgi?id=77530 16826 16827 Reviewed by Geoff Garen. 16828 16829 GetScopedVar has a heap prediction, not a variable prediction. But it does 16830 have a variable. Hence we need to check for heap predictions before checking 16831 for variable predictions. 16832 16833 * dfg/DFGGraph.cpp: 16834 (JSC::DFG::Graph::dump): 16835 168362012-02-01 Mark Hahnenberg <mhahnenberg@apple.com> 16837 16838 Replace JSArray destructor with finalizer 16839 https://bugs.webkit.org/show_bug.cgi?id=77488 16840 16841 Reviewed by Geoffrey Garen. 16842 16843 * JavaScriptCore.exp: 16844 * runtime/JSArray.cpp: 16845 (JSC::JSArray::finalize): Added finalizer. 16846 (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps. 16847 (JSC): 16848 (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps. 16849 (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode 16850 because the old name was confusing because we could have a sparse array that never 16851 called enterSparseMode. 16852 (JSC::JSArray::defineOwnNumericProperty): 16853 (JSC::JSArray::setLengthWritable): 16854 (JSC::JSArray::putByIndexBeyondVectorLength): 16855 (JSC::JSArray::setLength): 16856 (JSC::JSArray::pop): 16857 (JSC::JSArray::sort): 16858 (JSC::JSArray::compactForSorting): 16859 * runtime/JSArray.h: 16860 (JSArray): 16861 168622012-02-01 Andy Wingo <wingo@igalia.com> 16863 16864 Refactor identifier resolution in BytecodeGenerator 16865 https://bugs.webkit.org/show_bug.cgi?id=76285 16866 16867 Reviewed by Geoffrey Garen. 16868 16869 * bytecompiler/BytecodeGenerator.h: 16870 (JSC::ResolveResult): New class, to describe the storage 16871 location corresponding to an identifier in a program. 16872 * bytecompiler/BytecodeGenerator.cpp: 16873 (JSC::BytecodeGenerator::resolve): New function, replacing 16874 findScopedProperty. 16875 (JSC::BytecodeGenerator::resolveConstDecl): New function, 16876 encapsulating what ConstDeclNode::emitBytecode used to do. 16877 (JSC::BytecodeGenerator::emitGetStaticVar): 16878 (JSC::BytecodeGenerator::emitPutStaticVar): New functions, 16879 corresponding to the old emitGetScopedVar and emitPutScopedVar. 16880 (JSC::BytecodeGenerator::registerFor): Remove version that took an 16881 Identifier&; replaced by ResolveResult::local(). 16882 (JSC::BytecodeGenerator::emitResolve): 16883 (JSC::BytecodeGenerator::emitResolveBase): 16884 (JSC::BytecodeGenerator::emitResolveBaseForPut): 16885 (JSC::BytecodeGenerator::emitResolveWithBase): 16886 (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a 16887 "resolveResult" argument. This is more clear, and reduces the 16888 amount of double analysis happening at compile-time. 16889 * bytecompiler/NodesCodegen.cpp: 16890 (JSC::ResolveNode::emitBytecode): 16891 (JSC::EvalFunctionCallNode::emitBytecode): 16892 (JSC::FunctionCallResolveNode::emitBytecode): 16893 (JSC::PostfixResolveNode::emitBytecode): 16894 (JSC::DeleteResolveNode::emitBytecode): 16895 (JSC::TypeOfResolveNode::emitBytecode): 16896 (JSC::PrefixResolveNode::emitBytecode): 16897 (JSC::ReadModifyResolveNode::emitBytecode): 16898 (JSC::AssignResolveNode::emitBytecode): 16899 (JSC::ConstDeclNode::emitCodeSingle): 16900 (JSC::ForInNode::emitBytecode): Refactor to use the new 16901 ResolveResult structure. 16902 169032012-02-01 Csaba Osztrogonác <ossy@webkit.org> 16904 16905 Implement Error.stack 16906 https://bugs.webkit.org/show_bug.cgi?id=66994 16907 16908 Unreviewed, rolling out r106407. 16909 16910 * JavaScriptCore.exp: 16911 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 16912 * interpreter/AbstractPC.cpp: 16913 (JSC::AbstractPC::AbstractPC): 16914 * interpreter/Interpreter.cpp: 16915 (JSC::Interpreter::throwException): 16916 * interpreter/Interpreter.h: 16917 (JSC): 16918 (Interpreter): 16919 * jsc.cpp: 16920 (GlobalObject::finishCreation): 16921 * parser/Parser.h: 16922 (JSC::::parse): 16923 * runtime/CommonIdentifiers.h: 16924 * runtime/Error.cpp: 16925 (JSC::addErrorInfo): 16926 * runtime/Error.h: 16927 (JSC): 16928 169292012-01-31 Hajime Morrita <morrita@chromium.org> 16930 16931 Add missing JS_PRIVATE_EXPORTs 16932 https://bugs.webkit.org/show_bug.cgi?id=77507 16933 16934 Reviewed by Kevin Ollivier. 16935 16936 * heap/MarkedSpace.h: 16937 (MarkedSpace): 16938 * interpreter/Interpreter.h: 16939 (Interpreter): 16940 * runtime/JSValue.h: 16941 (JSValue): 16942 * wtf/text/AtomicString.h: 16943 (WTF::AtomicString::add): 16944 * wtf/text/WTFString.h: 16945 (WTF): 16946 169472012-01-31 Geoffrey Garen <ggaren@apple.com> 16948 16949 Stop using -fomit-frame-pointer 16950 https://bugs.webkit.org/show_bug.cgi?id=77403 16951 16952 Reviewed by Filip Pizlo. 16953 16954 JavaScriptCore is too fast. I'm just the man to fix it. 16955 16956 * Configurations/JavaScriptCore.xcconfig: 16957 169582012-01-31 Michael Saboff <msaboff@apple.com> 16959 16960 StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase 16961 https://bugs.webkit.org/show_bug.cgi?id=76647 16962 16963 Reviewed by Darin Adler. 16964 16965 Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar 16966 to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle to special 16967 cases. One case is s-sharp (0xdf) which converts to "SS". The other case is 16968 for characters which become 16 bit values when converted to upper case. For 16969 those, we up convert the the source string and use the 16 bit path. 16970 16971 * runtime/StringPrototype.cpp: 16972 (JSC::stringProtoFuncToUpperCase): 16973 * wtf/text/StringImpl.cpp: 16974 (WTF::StringImpl::upper): 16975 * wtf/unicode/CharacterNames.h: 16976 (smallLetterSharpS): New constant 16977 169782012-01-31 Oliver Hunt <oliver@apple.com> 16979 16980 Remove unneeded sourceId property 16981 https://bugs.webkit.org/show_bug.cgi?id=77495 16982 16983 Reviewed by Filip Pizlo. 16984 16985 sourceId isn't used anymore, so we'll just remove it. 16986 16987 * runtime/Error.cpp: 16988 (JSC): 16989 (JSC::addErrorInfo): 16990 (JSC::hasErrorInfo): 16991 169922012-01-31 Oliver Hunt <oliver@apple.com> 16993 16994 Implement Error.stack 16995 https://bugs.webkit.org/show_bug.cgi?id=66994 16996 16997 Reviewed by Gavin Barraclough. 16998 16999 Original patch by Juan Carlos Montemayor Elosua: 17000 This patch utilizes topCallFrame to create a stack trace when 17001 an error is thrown. Users will also be able to use the stack() 17002 command in jsc to get arrays with stack trace information. 17003 17004 Modified to be correct on ToT, with a variety of correctness, 17005 performance, and security improvements. 17006 17007 * JavaScriptCore.exp: 17008 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 17009 * interpreter/Interpreter.cpp: 17010 (JSC::getCallerLine): 17011 (JSC::getSourceURLFromCallFrame): 17012 (JSC::getStackFrameCodeType): 17013 (JSC::Interpreter::getStackTrace): 17014 (JSC::Interpreter::throwException): 17015 * interpreter/Interpreter.h: 17016 (JSC::StackFrame::toString): 17017 * jsc.cpp: 17018 (GlobalObject::finishCreation): 17019 (functionJSCStack): 17020 * parser/Parser.h: 17021 (JSC::Parser::parse): 17022 * runtime/CommonIdentifiers.h: 17023 * runtime/Error.cpp: 17024 (JSC::addErrorInfo): 17025 * runtime/Error.h: 17026 170272012-01-31 Scott Graham <scottmg@chromium.org> 17028 17029 [Chromium] Remove references to gyp cygwin build target 17030 https://bugs.webkit.org/show_bug.cgi?id=77253 17031 17032 Reviewed by Julien Chaffraix. 17033 17034 Target dependency is no longer required, it's done earlier in the 17035 build process. 17036 17037 * JavaScriptCore.gyp/JavaScriptCore.gyp: 17038 170392012-01-31 Michael Saboff <msaboff@apple.com> 17040 17041 ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor 17042 https://bugs.webkit.org/show_bug.cgi?id=77443 17043 17044 Reviewed by Gavin Barraclough. 17045 17046 Removed failing ASSERT() and thus destructor. The ASSERT isn't needed. 17047 We are hitting it in the YARR JIT case where we bail out and go to the 17048 interpreter with a partially JIT'ed function. Since we haven't linked 17049 the JIT'ed code, there is likely to be some unresolved jumps in the vector 17050 when the ARMv7Assembler destructor is called. For the case where we 17051 complete the JIT process, we clear the vector at the end of 17052 LinkBuffer::linkCode (LinkBuffer.h:292). 17053 17054 * assembler/ARMv7Assembler.h: 17055 (ARMv7Assembler): 17056 170572012-01-31 Anders Carlsson <andersca@apple.com> 17058 17059 Vector<T>::operator== shouldn't require T to have operator!= 17060 https://bugs.webkit.org/show_bug.cgi?id=77448 17061 17062 Reviewed by Andreas Kling. 17063 17064 Change VectorComparer::compare to use !(a == b) instead of a != b since 17065 it makes more sense for Vector::operator== to use the element's operator==. 17066 17067 * wtf/Vector.h: 17068 170692012-01-30 Oliver Hunt <oliver@apple.com> 17070 17071 get_by_val_arguments is broken in the interpreter 17072 https://bugs.webkit.org/show_bug.cgi?id=77389 17073 17074 Reviewed by Gavin Barraclough. 17075 17076 When get_by_val had wad a value profile added, the same slot was not added to 17077 get_by_val_arguments. This broke the interpreter as the interpreter falls 17078 back on its regular get_by_val implementation. 17079 17080 No tests are added as the interpreter is fairly broken in its 17081 current state (multiple tests fail due to this bug). 17082 17083 * bytecode/CodeBlock.cpp: 17084 (JSC::CodeBlock::dump): 17085 * bytecode/Opcode.h: 17086 (JSC): 17087 (): 17088 * bytecompiler/BytecodeGenerator.cpp: 17089 (JSC::BytecodeGenerator::emitGetArgumentByVal): 17090 170912012-01-30 Oliver Hunt <oliver@apple.com> 17092 17093 Unexpected syntax error 17094 https://bugs.webkit.org/show_bug.cgi?id=77340 17095 17096 Reviewed by Gavin Barraclough. 17097 17098 Function calls and new expressions have the same semantics for 17099 assignment, so should simply share their lhs handling. 17100 17101 * parser/Parser.cpp: 17102 (JSC::::parseMemberExpression): 17103 171042012-01-30 Gavin Barraclough <barraclough@apple.com> 17105 17106 Unreviewed ARMv7 build fix. 17107 17108 * tools/CodeProfiling.cpp: 17109 (JSC): 17110 (JSC::setProfileTimer): 17111 (JSC::CodeProfiling::begin): 17112 (JSC::CodeProfiling::end): 17113 171142012-01-30 David Levin <levin@chromium.org> 17115 17116 Using OS(WIN) or OS(MAC) should cause a build error. 17117 https://bugs.webkit.org/show_bug.cgi?id=77162 17118 17119 Reviewed by Darin Adler. 17120 17121 * wtf/Platform.h: Expand them into something that will 17122 cause a compile error. 17123 171242012-01-30 Yong Li <yoli@rim.com> 17125 17126 [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM 17127 https://bugs.webkit.org/show_bug.cgi?id=77360 17128 17129 Reviewed by Rob Buis. 17130 17131 Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM) 17132 for OS(QNX). 17133 17134 * wtf/Platform.h: 17135 171362012-01-30 Gavin Barraclough <barraclough@apple.com> 17137 17138 Speculative Windows build fix. 17139 17140 * assembler/MacroAssemblerCodeRef.h: 17141 (FunctionPtr): 17142 171432012-01-30 Gavin Barraclough <barraclough@apple.com> 17144 17145 https://bugs.webkit.org/show_bug.cgi?id=77163 17146 MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS) 17147 17148 Rubber stamped by Geoff Garen 17149 17150 * assembler/MacroAssemblerCodeRef.h: 17151 171522012-01-30 Gavin Barraclough <barraclough@apple.com> 17153 17154 Unreviewed build fix for interpreter builds. 17155 17156 * bytecode/CodeBlock.cpp: 17157 (JSC::CodeBlock::CodeBlock): 17158 * bytecode/CodeBlock.h: 17159 (CodeBlock): 17160 * interpreter/Interpreter.cpp: 17161 (JSC::Interpreter::privateExecute): 17162 * tools/CodeProfile.cpp: 17163 (JSC::CodeProfile::sample): 17164 171652012-01-30 Gavin Barraclough <barraclough@apple.com> 17166 17167 Unreviewed build fix following bug#76855 17168 17169 * JavaScriptCore.exp: 17170 171712012-01-30 Michael Saboff <msaboff@apple.com> 17172 17173 CaseFoldingHash::hash() doesn't handle 8 bit strings directly 17174 https://bugs.webkit.org/show_bug.cgi?id=76652 17175 17176 Reviewed by Andreas Kling. 17177 17178 * wtf/text/StringHash.h: 17179 (WTF::CaseFoldingHash::hash): Added 8 bit string code path. 17180 171812012-01-30 Michael Saboff <msaboff@apple.com> 17182 17183 stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement 17184 https://bugs.webkit.org/show_bug.cgi?id=76651 17185 17186 Reviewed by Geoffrey Garen. 17187 17188 Made local function substituteBackreferencesSlow a template function 17189 based on character width. Cleaned up getCharacters() in both UString 17190 and StringImpl. Changed getCharacters<UChar> to up convert an 8 bit 17191 string to 16 bits if necessary. 17192 17193 * runtime/StringPrototype.cpp: 17194 (JSC::substituteBackreferencesSlow): 17195 (JSC::substituteBackreferences): 17196 * runtime/UString.h: 17197 (JSC::LChar): 17198 (JSC::UChar): 17199 * wtf/text/StringImpl.h: 17200 (WTF::UChar): 17201 172022012-01-30 Gavin Barraclough <barraclough@apple.com> 17203 17204 Clean up putDirect 17205 https://bugs.webkit.org/show_bug.cgi?id=76232 17206 17207 Reviewed by Sam Weinig. 17208 17209 Part 3 - merge op_put_getter & op_put_setter. 17210 17211 Putting these separately is inefficient (and makes future optimiation, 17212 e.g. making GetterSetter immutable) harder. Change to emit a single 17213 op_put_getter_setter bytecode op. Ultimately we should probably be 17214 able to merge this with put direct, to create a common op to initialize 17215 object literal properties. 17216 17217 * bytecode/CodeBlock.cpp: 17218 (JSC::CodeBlock::dump): 17219 * bytecode/Opcode.h: 17220 (JSC): 17221 (): 17222 * bytecompiler/BytecodeGenerator.cpp: 17223 (JSC::BytecodeGenerator::emitPutGetterSetter): 17224 * bytecompiler/BytecodeGenerator.h: 17225 (BytecodeGenerator): 17226 * bytecompiler/NodesCodegen.cpp: 17227 (JSC::PropertyListNode::emitBytecode): 17228 * interpreter/Interpreter.cpp: 17229 (JSC::Interpreter::privateExecute): 17230 * jit/JIT.cpp: 17231 (JSC::JIT::privateCompileMainPass): 17232 * jit/JIT.h: 17233 (JIT): 17234 * jit/JITPropertyAccess.cpp: 17235 (JSC::JIT::emit_op_put_getter_setter): 17236 * jit/JITPropertyAccess32_64.cpp: 17237 (JSC::JIT::emit_op_put_getter_setter): 17238 * jit/JITStubs.cpp: 17239 (JSC::DEFINE_STUB_FUNCTION): 17240 * jit/JITStubs.h: 17241 (): 17242 * runtime/JSObject.cpp: 17243 (JSC::JSObject::putDirectVirtual): 17244 (JSC::JSObject::putDirectAccessor): 17245 (JSC): 17246 (JSC::putDescriptor): 17247 (JSC::JSObject::defineOwnProperty): 17248 * runtime/JSObject.h: 17249 (): 17250 (JSC::JSObject::putDirectInternal): 17251 (JSC::JSObject::putDirect): 17252 (JSC::JSObject::putDirectWithoutTransition): 17253 172542012-01-30 Michael Saboff <msaboff@apple.com> 17255 17256 Dromaeo tests call parseSimpleLengthValue() on 8 bit strings 17257 https://bugs.webkit.org/show_bug.cgi?id=76649 17258 17259 Reviewed by Geoffrey Garen. 17260 17261 * JavaScriptCore.exp: Added export for charactersToDouble. 17262 172632012-01-30 Michael Saboff <msaboff@apple.com> 17264 17265 WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding. 17266 https://bugs.webkit.org/show_bug.cgi?id=76648 17267 17268 Reviewed by Geoffrey Garen. 17269 17270 Added a new overloaded append member that takes a String& argument, an offest 17271 and a length to do direct sub string appending to a StringBuilder. 17272 17273 * wtf/text/StringBuilder.h: 17274 (WTF::StringBuilder::append): 17275 172762012-01-29 Zoltan Herczeg <zherczeg@webkit.org> 17277 17278 Custom written CSS lexer 17279 https://bugs.webkit.org/show_bug.cgi?id=70107 17280 17281 Reviewed by Antti Koivisto and Oliver Hunt. 17282 17283 Add new helper functions for the custom written CSS lexer. 17284 17285 * wtf/ASCIICType.h: 17286 (WTF::toASCIILowerUnchecked): 17287 (WTF): 17288 (WTF::isASCIIAlphaCaselessEqual): 17289 172902012-01-29 Filip Pizlo <fpizlo@apple.com> 17291 17292 REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const 17293 https://bugs.webkit.org/show_bug.cgi?id=77146 17294 <rdar://problem/10770586> 17295 17296 Reviewed by Oliver Hunt. 17297 17298 The old JIT expects that the result of the last operation is in the lastResultRegister. The DFG JIT is 17299 designed to correctly track the lastResultRegister by looking at SetLocal nodes. However, when the DFG 17300 JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the 17301 lastResultRegister. Hence if we OSR exit on the first node following the end of an inlined code block 17302 that had a return value, and that first node uses the return value, the old JIT will get massively 17303 confused. This patch takes a surgical approach: instead of making the DFG smarter, it makes the old 17304 JIT slightly dumber. 17305 17306 * jit/JITCall.cpp: 17307 (JSC::JIT::emit_op_call_put_result): 17308 173092012-01-29 Filip Pizlo <fpizlo@apple.com> 17310 17311 Build fix for Mac non-x64 platforms. 17312 17313 * tools/CodeProfiling.cpp: 17314 (JSC): 17315 173162012-01-28 Gavin Barraclough <barraclough@apple.com> 17317 17318 Reserve 'let' 17319 https://bugs.webkit.org/show_bug.cgi?id=77293 17320 17321 Rubber stamped by Oliver Hunt. 17322 17323 'let' may become a keyword in ES6. We're going to try experimentally reserving it, 17324 to see if this breaks the web. 17325 17326 * parser/Keywords.table: 17327 173282012-01-27 Gavin Barraclough <barraclough@apple.com> 17329 17330 Implement a JIT-code aware sampling profiler for JSC 17331 https://bugs.webkit.org/show_bug.cgi?id=76855 17332 17333 Reviewed by Oliver Hunt. 17334 17335 To enable the profiler, set the JSC_CODE_PROFILING environment variable to 17336 1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively 17337 trace all samples). 17338 17339 The profiler requires -fomit-frame-pointer to be removed from the build flags. 17340 17341 * JavaScriptCore.exp: 17342 - Removed an export. 17343 * JavaScriptCore.xcodeproj/project.pbxproj: 17344 - Added new files 17345 * bytecode/CodeBlock.cpp: 17346 - For baseline codeblocks, cache the result of canCompileWithDFG. 17347 * bytecode/CodeBlock.h: 17348 - For baseline codeblocks, cache the result of canCompileWithDFG. 17349 * jit/ExecutableAllocator.cpp: 17350 (JSC::ExecutableAllocator::initializeAllocator): 17351 - Notify the profiler when the allocator is created. 17352 (JSC::ExecutableAllocator::allocate): 17353 - Inform the allocated of the ownerUID. 17354 * jit/ExecutableAllocatorFixedVMPool.cpp: 17355 (JSC::ExecutableAllocator::initializeAllocator): 17356 - Notify the profiler when the allocator is created. 17357 (JSC::ExecutableAllocator::allocate): 17358 - Inform the allocated of the ownerUID. 17359 * jit/JITStubs.cpp: 17360 - If profiling, don't mask the return address in JIT code. 17361 (We do so to provide nicer backtraces in debug builds). 17362 * runtime/Completion.cpp: 17363 (JSC::evaluate): 17364 - Notify the profiler of script evaluations. 17365 * tools: Added. 17366 * tools/CodeProfile.cpp: Added. 17367 (JSC::symbolName): 17368 - Helper function to get the name of a symbol in the framework. 17369 (JSC::truncateTrace): 17370 - Helper to truncate traces into methods know to have uninformatively deep stacks. 17371 (JSC::CodeProfile::sample): 17372 - Record a stack trace classifying samples. 17373 (JSC::CodeProfile::report): 17374 - {Print profiler output. 17375 * tools/CodeProfile.h: Added. 17376 - new class, captures a set of samples associated with an evaluated script, 17377 and nested to record samples from subscripts. 17378 * tools/CodeProfiling.cpp: Added. 17379 (JSC::CodeProfiling::profilingTimer): 17380 - callback fired then a timer event occurs. 17381 (JSC::CodeProfiling::notifyAllocator): 17382 - called when the executable allocator is constructed. 17383 (JSC::CodeProfiling::getOwnerUIDForPC): 17384 - helper to lookup the codeblock from an address in JIT code 17385 (JSC::CodeProfiling::begin): 17386 - enter a profiling scope. 17387 (JSC::CodeProfiling::end): 17388 - exit a profiling scope. 17389 * tools/CodeProfiling.h: Added. 17390 - new class, instantialed from Completion to define a profiling scope. 17391 * tools/ProfileTreeNode.h: Added. 17392 - new class, used to construct a tree of samples. 17393 * tools/TieredMMapArray.h: Added. 17394 - new class, a malloc-free vector (can be used while the main thread is suspended, 17395 possibly holding the malloc heap lock). 17396 * wtf/MetaAllocator.cpp: 17397 (WTF::MetaAllocatorHandle::MetaAllocatorHandle): 17398 (WTF::MetaAllocator::allocate): 17399 - Allow allocation handles to track information about their owner. 17400 * wtf/MetaAllocator.h: 17401 (MetaAllocator): 17402 - Allow allocation handles to track information about their owner. 17403 * wtf/MetaAllocatorHandle.h: 17404 (MetaAllocatorHandle): 17405 (WTF::MetaAllocatorHandle::ownerUID): 17406 - Allow allocation handles to track information about their owner. 17407 * wtf/OSAllocator.h: 17408 (WTF::OSAllocator::reallocateCommitted): 17409 - reallocate an existing, committed memory allocation. 17410 174112012-01-28 Sheriff Bot <webkit.review.bot@gmail.com> 17412 17413 Unreviewed, rolling out r106187. 17414 http://trac.webkit.org/changeset/106187 17415 https://bugs.webkit.org/show_bug.cgi?id=77276 17416 17417 The last rollout was a false charge. (Requested by morrita on 17418 #webkit). 17419 17420 * runtime/ExceptionHelpers.h: 17421 (InterruptedExecutionError): 17422 * runtime/JSBoundFunction.h: 17423 (JSBoundFunction): 17424 * runtime/RegExp.h: 17425 (RegExp): 17426 * runtime/RegExpMatchesArray.h: 17427 (RegExpMatchesArray): 17428 174292012-01-28 Sheriff Bot <webkit.review.bot@gmail.com> 17430 17431 Unreviewed, rolling out r106151. 17432 http://trac.webkit.org/changeset/106151 17433 https://bugs.webkit.org/show_bug.cgi?id=77275 17434 17435 may break windows build (Requested by morrita on #webkit). 17436 17437 * runtime/ExceptionHelpers.h: 17438 (InterruptedExecutionError): 17439 * runtime/JSBoundFunction.h: 17440 (JSBoundFunction): 17441 * runtime/RegExp.h: 17442 (RegExp): 17443 * runtime/RegExpMatchesArray.h: 17444 (RegExpMatchesArray): 17445 174462012-01-28 Filip Pizlo <fpizlo@apple.com> 17447 17448 GC invoked while doing an old JIT property storage reallocation may lead 17449 to an object that refers to a dead structure 17450 https://bugs.webkit.org/show_bug.cgi?id=77273 17451 <rdar://problem/10770565> 17452 17453 Reviewed by Gavin Barraclough. 17454 17455 The put_by_id transition was already saving the old structure by virtue of 17456 having the object on the stack, so that wasn't going to get deleted. But the 17457 new structure was unprotected in the transition. I've now changed the 17458 transition code to save the new structure, ensuring that the GC will know it 17459 to be marked if invoked from within put_by_id_transition_realloc. 17460 17461 * jit/JITPropertyAccess.cpp: 17462 (JSC::JIT::privateCompilePutByIdTransition): 17463 * jit/JITPropertyAccess32_64.cpp: 17464 (JSC::JIT::privateCompilePutByIdTransition): 17465 * jit/JITStubs.cpp: 17466 (JSC::DEFINE_STUB_FUNCTION): 17467 * jit/JITStubs.h: 17468 (JSC): 17469 (): 17470 174712012-01-27 Sheriff Bot <webkit.review.bot@gmail.com> 17472 17473 Unreviewed, rolling out r106167. 17474 http://trac.webkit.org/changeset/106167 17475 https://bugs.webkit.org/show_bug.cgi?id=77264 17476 17477 broke LayoutTests/fast/js/string-capitalization.html 17478 (Requested by msaboff on #webkit). 17479 17480 * runtime/StringPrototype.cpp: 17481 (JSC::stringProtoFuncToLowerCase): 17482 (JSC::stringProtoFuncToUpperCase): 17483 * wtf/text/StringImpl.cpp: 17484 (WTF::StringImpl::upper): 17485 174862012-01-27 Filip Pizlo <fpizlo@apple.com> 17487 17488 Build fix for interpreter platforms. 17489 17490 * interpreter/AbstractPC.cpp: 17491 (JSC::AbstractPC::AbstractPC): 17492 174932012-01-27 Michael Saboff <msaboff@apple.com> 17494 17495 StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase 17496 https://bugs.webkit.org/show_bug.cgi?id=76647 17497 17498 Reviewed by Geoffrey Garen. 17499 17500 Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar 17501 to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle the two 17502 8 bit characters that when converted to upper case become 16 bit characters. 17503 17504 * runtime/StringPrototype.cpp: 17505 (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace. 17506 (JSC::stringProtoFuncToUpperCase): 17507 * wtf/text/StringImpl.cpp: 17508 (WTF::StringImpl::upper): 17509 175102012-01-27 Hajime Morita <morrita@google.com> 17511 17512 [JSC] ThunkGenerators.cpp should hide its asm-defined symbols 17513 https://bugs.webkit.org/show_bug.cgi?id=77244 17514 17515 Reviewed by Filip Pizlo. 17516 17517 * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS() 17518 * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp 17519 175202012-01-27 Simon Hausmann <simon.hausmann@nokia.com> 17521 17522 [JSC] Asm-originated symbols should be marked as hidden 17523 https://bugs.webkit.org/show_bug.cgi?id=77150 17524 17525 Reviewed by Filip Pizlo. 17526 17527 * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches, 17528 but they were missing in the CPU(X86) and the CPU(X86_64) cases. 17529 175302012-01-27 MORITA Hajime <morrita@google.com> 17531 17532 [JSC] Some JS_EXPORTDATA may not be necessary. 17533 https://bugs.webkit.org/show_bug.cgi?id=77145 17534 17535 Reviewed by Darin Adler. 17536 17537 Removed JS_EXPORTDATA attributes whose attributing symbols are 17538 not exported on Mac port. 17539 17540 * runtime/ExceptionHelpers.h: 17541 (InterruptedExecutionError): 17542 * runtime/JSBoundFunction.h: 17543 (JSBoundFunction): 17544 * runtime/RegExp.h: 17545 (RegExp): 17546 * runtime/RegExpMatchesArray.h: 17547 (RegExpMatchesArray): 17548 175492012-01-27 MORITA Hajime <morrita@google.com> 17550 17551 [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs 17552 https://bugs.webkit.org/show_bug.cgi?id=77113 17553 17554 Reviewed by Darin Adler. 17555 17556 * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export. 17557 175582012-01-27 Zeno Albisser <zeno@webkit.org> 17559 17560 [Qt][Mac] Build fails after adding ICU support (r105997). 17561 https://bugs.webkit.org/show_bug.cgi?id=77118 17562 17563 Use Apple code path for unicode date formats on mac. 17564 17565 Reviewed by Tor Arne Vestbø. 17566 17567 * runtime/DatePrototype.cpp: 17568 (): 17569 175702012-01-27 Carlos Garcia Campos <cgarcia@igalia.com> 17571 17572 [GTK] Add a GKeyFile especialization to GOwnPtr 17573 https://bugs.webkit.org/show_bug.cgi?id=77191 17574 17575 Reviewed by Martin Robinson. 17576 17577 * wtf/gobject/GOwnPtr.cpp: 17578 (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile. 17579 * wtf/gobject/GOwnPtr.h: Add GKeyFile template. 17580 * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile. 17581 175822012-01-25 Yury Semikhatsky <yurys@chromium.org> 17583 17584 Web Inspector: should be possible to open function declaration from script popover 17585 https://bugs.webkit.org/show_bug.cgi?id=76913 17586 17587 Added display function name and source location to the popover in scripts panel. 17588 Now when a function is hovered user can navigate to its definition. 17589 17590 Reviewed by Pavel Feldman. 17591 17592 * JavaScriptCore/JavaScriptCore.exp 17593 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 17594 * runtime/JSFunction.h: 17595 (JSFunction): 17596 175972012-01-26 Kevin Ollivier <kevino@theolliviers.com> 17598 17599 [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior. 17600 17601 * runtime/DatePrototype.cpp: 17602 (): 17603 176042012-01-26 Mark Hahnenberg <mhahnenberg@apple.com> 17605 17606 Merge AllocationSpace into MarkedSpace 17607 https://bugs.webkit.org/show_bug.cgi?id=77116 17608 17609 Reviewed by Geoffrey Garen. 17610 17611 Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to 17612 MarkedSpace allocation. 17613 17614 * CMakeLists.txt: 17615 * GNUmakefile.list.am: 17616 * JavaScriptCore.exp: 17617 * JavaScriptCore.gypi: 17618 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 17619 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 17620 * JavaScriptCore.xcodeproj/project.pbxproj: 17621 * Target.pri: 17622 * heap/AllocationSpace.cpp: Removed. 17623 * heap/AllocationSpace.h: Removed. 17624 * heap/BumpSpace.h: 17625 (BumpSpace): 17626 * heap/Heap.h: 17627 (JSC::Heap::objectSpace): 17628 (Heap): 17629 (): 17630 * heap/HeapBlock.h: 17631 (): 17632 * heap/MarkedSpace.cpp: 17633 (JSC::MarkedSpace::tryAllocateHelper): 17634 (JSC): 17635 (JSC::MarkedSpace::tryAllocate): 17636 (JSC::MarkedSpace::allocateSlowCase): 17637 (JSC::MarkedSpace::allocateBlock): 17638 (JSC::MarkedSpace::freeBlocks): 17639 (TakeIfUnmarked): 17640 (JSC::TakeIfUnmarked::TakeIfUnmarked): 17641 (JSC::TakeIfUnmarked::operator()): 17642 (JSC::TakeIfUnmarked::returnValue): 17643 (JSC::MarkedSpace::shrink): 17644 (GatherDirtyCells): 17645 (JSC::GatherDirtyCells::returnValue): 17646 (JSC::GatherDirtyCells::GatherDirtyCells): 17647 (JSC::GatherDirtyCells::operator()): 17648 (JSC::MarkedSpace::gatherDirtyCells): 17649 * heap/MarkedSpace.h: 17650 (MarkedSpace): 17651 (JSC::MarkedSpace::blocks): 17652 (JSC::MarkedSpace::forEachCell): 17653 (JSC): 17654 (JSC::MarkedSpace::allocate): 17655 176562012-01-26 Oliver Hunt <oliver@apple.com> 17657 17658 MSVC bug fix. 17659 <rdar://problem/10703671> MSVC generates bad code for enum compare. 17660 17661 RS=Geoff 17662 17663 Make bitfield large enough to work around MSVC's desire to make enums 17664 signed types. 17665 17666 * bytecode/CallLinkInfo.h: 17667 (CallLinkInfo): 17668 176692012-01-26 Filip Pizlo <fpizlo@apple.com> 17670 17671 All DFG helpers that may call out to arbitrary JS code must know where they 17672 were called from due to inlining and call stack walking 17673 https://bugs.webkit.org/show_bug.cgi?id=77070 17674 <rdar://problem/10750834> 17675 17676 Reviewed by Geoff Garen. 17677 17678 Changed the DFG to always record a code origin index in the tag of the argument 17679 count (which we previously left blank for the benefit of LLInt, but is still 17680 otherwise unused by the DFG), so that if we ever need to walk the stack accurately 17681 we know where to start. In particular, if the current ExecState* points several 17682 semantic call frames away from the true semantic call frame because we had 17683 performed inlining, having the code origin index recorded means that we can reify 17684 those call frames as necessary to give runtime/library code an accurate view of 17685 the current JS state. 17686 17687 This required several large but mechanical changes: 17688 17689 - Calling a function from the DFG now plants a store32 instruction to store the 17690 code origin index. But the indices of code origins were previously picked by 17691 the DFG::JITCompiler after code generation completed. I changed this somewhat; 17692 even though the code origins are put into the CodeBlock after code gen, the 17693 code gen now knows a priori what their indices will be. Extensive assertions 17694 are in place to ensure that the two don't get out of sync, in the form of the 17695 DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls; 17696 those don't need the code origin index set in the call frame because we can get 17697 it by doing a binary search on the return PC. 17698 17699 - Stack walking now always calls trueCallFrame() first before beginning the walk, 17700 since even the top call frame may be wrong. It still calls trueCallerFrame() as 17701 before to get to the next frame, though trueCallerFrame() is now mostly a 17702 wrapper around callerFrame()->trueCallFrame(). 17703 17704 - Because the mechanism for getting the code origin of a call frame is bimodal 17705 (either the call frame knows its code origin because the code origin index was 17706 set, or it's necessary to use the callee frame's return PC), I put in extra 17707 mechanisms to determine whether your caller, or your callee, corresponds to 17708 a call out of C++ code. Previously we just had the host call flag, but this is 17709 insufficient as it does not cover the case of someone calling JSC::call(). But 17710 luckily we can determine this just by looking at the return PC: if the return 17711 PC is in range of the ctiTrampiline, then two things are true: this call 17712 frame's PC will tell you nothing about where you came from in your caller, and 17713 the caller already knows where it's at because it must have set the code origin 17714 index (unless it's not DFG code, in which case we don't care because there is 17715 no inlining to worry about). 17716 17717 - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's 17718 inlining code, so I fixed it. 17719 17720 - Finally because I was tired of doing random #if's for checking if I should be 17721 passing around an Instruction* or a ReturnAddressPtr, I created a class called 17722 AbstractPC that holds whatever notion of a PC is appropriate for the current 17723 execution environment. It's designed to work gracefully even if both the 17724 interpreter and the JIT are compiled in, and should integrate nicely with the 17725 LLInt. 17726 17727 This is neutral on all benchmarks and fixes some nasty corner-case regressions of 17728 evil code that uses combinations of getters/setters and function.arguments. 17729 17730 * CMakeLists.txt: 17731 * GNUmakefile.list.am: 17732 * JavaScriptCore.exp: 17733 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 17734 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 17735 * JavaScriptCore.xcodeproj/project.pbxproj: 17736 * Target.pri: 17737 * bytecode/CodeBlock.h: 17738 (JSC::CodeBlock::codeOrigin): 17739 (CodeBlock): 17740 * dfg/DFGByteCodeParser.cpp: 17741 (JSC::DFG::ByteCodeParser::handleInlining): 17742 * dfg/DFGJITCompiler.cpp: 17743 (JSC::DFG::JITCompiler::link): 17744 * dfg/DFGJITCompiler.h: 17745 (CallBeginToken): 17746 (JSC::DFG::CallBeginToken::CallBeginToken): 17747 (JSC::DFG::CallBeginToken::assertCodeOriginIndex): 17748 (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex): 17749 (DFG): 17750 (JSC::DFG::CallExceptionRecord::CallExceptionRecord): 17751 (CallExceptionRecord): 17752 (JSC::DFG::JITCompiler::JITCompiler): 17753 (JITCompiler): 17754 (JSC::DFG::JITCompiler::nextCallBeginToken): 17755 (JSC::DFG::JITCompiler::beginCall): 17756 (JSC::DFG::JITCompiler::notifyCall): 17757 (JSC::DFG::JITCompiler::addExceptionCheck): 17758 (JSC::DFG::JITCompiler::addFastExceptionCheck): 17759 * dfg/DFGOperations.cpp: 17760 (): 17761 * dfg/DFGRepatch.cpp: 17762 (JSC::DFG::tryBuildGetByIDList): 17763 * dfg/DFGSpeculativeJIT.h: 17764 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): 17765 * dfg/DFGSpeculativeJIT32_64.cpp: 17766 (JSC::DFG::SpeculativeJIT::emitCall): 17767 * dfg/DFGSpeculativeJIT64.cpp: 17768 (JSC::DFG::SpeculativeJIT::emitCall): 17769 * interpreter/AbstractPC.cpp: Added. 17770 (JSC): 17771 (JSC::AbstractPC::AbstractPC): 17772 * interpreter/AbstractPC.h: Added. 17773 (JSC): 17774 (AbstractPC): 17775 (JSC::AbstractPC::AbstractPC): 17776 (JSC::AbstractPC::hasJITReturnAddress): 17777 (JSC::AbstractPC::jitReturnAddress): 17778 (JSC::AbstractPC::hasInterpreterReturnAddress): 17779 (JSC::AbstractPC::interpreterReturnAddress): 17780 (JSC::AbstractPC::isSet): 17781 (JSC::AbstractPC::operator!): 17782 (): 17783 * interpreter/CallFrame.cpp: 17784 (JSC): 17785 (JSC::CallFrame::trueCallFrame): 17786 (JSC::CallFrame::trueCallerFrame): 17787 * interpreter/CallFrame.h: 17788 (JSC::ExecState::abstractReturnPC): 17789 (JSC::ExecState::codeOriginIndexForDFGWithInlining): 17790 (ExecState): 17791 (JSC::ExecState::trueCallFrame): 17792 (JSC::ExecState::trueCallFrameFromVMCode): 17793 * interpreter/Interpreter.cpp: 17794 (JSC::Interpreter::retrieveArgumentsFromVMCode): 17795 (JSC::Interpreter::retrieveCallerFromVMCode): 17796 (JSC::Interpreter::findFunctionCallFrameFromVMCode): 17797 * interpreter/Interpreter.h: 17798 (Interpreter): 17799 (): 17800 * jit/JITStubs.cpp: 17801 (JSC): 17802 (): 17803 * jit/JITStubs.h: 17804 (JSC): 17805 (JSC::returnAddressIsInCtiTrampoline): 17806 * runtime/JSFunction.cpp: 17807 (JSC::JSFunction::argumentsGetter): 17808 (JSC::JSFunction::callerGetter): 17809 (JSC::JSFunction::getOwnPropertyDescriptor): 17810 178112012-01-26 Peter Varga <pvarga@webkit.org> 17812 17813 Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG 17814 https://bugs.webkit.org/show_bug.cgi?id=77104 17815 17816 Reviewed by Filip Pizlo. 17817 17818 * dfg/DFGOperations.cpp: 17819 (): 17820 178212012-01-26 Michael Saboff <msaboff@apple.com> 17822 17823 String::latin1() should take advantage of 8 bit strings 17824 https://bugs.webkit.org/show_bug.cgi?id=76646 17825 17826 Reviewed by Geoffrey Garen. 17827 17828 * wtf/text/WTFString.cpp: 17829 (WTF::String::latin1): For 8 bit strings, use existing buffer 17830 without conversion. 17831 178322012-01-26 Michael Saboff <msaboff@apple.com> 17833 17834 Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions 17835 https://bugs.webkit.org/show_bug.cgi?id=76645 17836 17837 Reviewed by Geoffrey Garen. 17838 17839 * wtf/text/StringImpl.cpp: 17840 (WTF::equalIgnoringCase): New LChar version. 17841 (WTF::findInner): New helper function. 17842 (WTF::StringImpl::find): Added 8 bit path. 17843 (WTF::reverseFindInner): New helper funciton. 17844 (WTF::StringImpl::reverseFind): Added 8 bit path. 17845 (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path. 17846 * wtf/text/StringImpl.h: 17847 (WTF): 17848 178492012-01-26 Csaba Osztrogonác <ossy@webkit.org> 17850 17851 [Qt][Win] One more speculative buildfix after r105970. 17852 17853 * JavaScriptCore.pri: 17854 178552012-01-26 Csaba Osztrogonác <ossy@webkit.org> 17856 17857 [Qt][Win] Speculative buildfix after r105970. 17858 17859 * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC(). 17860 178612012-01-26 Sheriff Bot <webkit.review.bot@gmail.com> 17862 17863 Unreviewed, rolling out r105982. 17864 http://trac.webkit.org/changeset/105982 17865 https://bugs.webkit.org/show_bug.cgi?id=77090 17866 17867 breaks the world (Requested by WildFox on #webkit). 17868 17869 * wtf/MainThread.cpp: 17870 (WTF): 17871 * wtf/Platform.h: 17872 * wtf/mac/MainThreadMac.mm: 17873 (WTF): 17874 (WTF::registerGCThread): 17875 (WTF::isMainThreadOrGCThread): 17876 178772012-01-26 Roland Takacs <takacs.roland@stud.u-szeged.hu> 17878 17879 [Qt] GC should be parallel on Qt platform 17880 https://bugs.webkit.org/show_bug.cgi?id=73309 17881 17882 Reviewed by Zoltan Herczeg. 17883 17884 These changes made the parallel gc feature available for Qt port. 17885 The implementation of "registerGCThread" and "isMainThreadOrGCThread" 17886 is moved from MainThreadMac.mm to the common MainThread.cpp to make 17887 them available for other platforms. 17888 17889 Measurement results: 17890 V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ] 17891 WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms] 17892 V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ] 17893 17894 Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. 17895 17896 * wtf/MainThread.cpp: 17897 (WTF): 17898 (WTF::registerGCThread): 17899 (WTF::isMainThreadOrGCThread): 17900 * wtf/Platform.h: 17901 * wtf/mac/MainThreadMac.mm: 17902 179032012-01-26 Andy Estes <aestes@apple.com> 17904 17905 REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types 17906 https://bugs.webkit.org/show_bug.cgi?id=77073 17907 17908 Reviewed by Ryosuke Niwa. 17909 17910 r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined. 17911 This should have been changed to OS(WINDOWS). This causes the 17912 preprocessor to strip out Win32 data type overrides for deleteOwnedPtr, 17913 causing allocations made by Win32 to be deleted by fastmalloc. 17914 17915 * wtf/OwnPtrCommon.h: 17916 (WTF): Use OS(WINDOWS) instead of OS(WIN). 17917 179182012-01-25 Mark Rowe <mrowe@apple.com> 17919 17920 Attempted Mac build fix after r105939. 17921 17922 * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS. 17923 It isn't used on these platforms and isn't available in the ICU headers 17924 for Mac. 17925 179262012-01-25 Mark Rowe <mrowe@apple.com> 17927 17928 Build in to an alternate location when USE_STAGING_INSTALL_PATH is set. 17929 17930 <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH 17931 17932 Reviewed by David Kilzer. 17933 17934 * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains 17935 the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR 17936 to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. 17937 * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on 17938 the normal framework location. This prevents an incorrect install name from being used when 17939 installing in to the staged frameworks directory. 17940 179412012-01-25 Eli Fidler <efidler@rim.com> 17942 17943 Implement Date.toLocaleString() using ICU 17944 https://bugs.webkit.org/show_bug.cgi?id=76714 17945 17946 Reviewed by Darin Adler. 17947 17948 * runtime/DatePrototype.cpp: 17949 (JSC::formatLocaleDate): 17950 179512012-01-25 Hajime Morita <morrita@google.com> 17952 17953 ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom 17954 https://bugs.webkit.org/show_bug.cgi?id=76863 17955 17956 Reviewed by Dimitri Glazkov. 17957 17958 Added a feature flag. 17959 17960 * Configurations/FeatureDefines.xcconfig: 17961 179622012-01-25 Yong Li <yoli@rim.com> 17963 17964 [BlackBerry] Implement OSAllocator::commit/decommit. 17965 BlackBerry port should support virtual memory decommiting. 17966 https://bugs.webkit.org/show_bug.cgi?id=77013 17967 17968 Reviewed by Rob Buis. 17969 17970 * wtf/OSAllocatorPosix.cpp: 17971 (WTF::OSAllocator::reserveUncommitted): 17972 (WTF::OSAllocator::commit): 17973 (WTF::OSAllocator::decommit): 17974 * wtf/Platform.h: 17975 179762012-01-24 Oliver Hunt <oliver@apple.com> 17977 17978 Make DFG update topCallFrame 17979 https://bugs.webkit.org/show_bug.cgi?id=76969 17980 17981 Reviewed by Filip Pizlo. 17982 17983 Add NativeCallFrameTracer to manage topCallFrame assignment 17984 in the DFG operations, and make use of it. 17985 17986 * dfg/DFGOperations.cpp: 17987 (JSC::DFG::operationPutByValInternal): 17988 (): 17989 * interpreter/Interpreter.h: 17990 (JSC): 17991 (NativeCallFrameTracer): 17992 (JSC::NativeCallFrameTracer::NativeCallFrameTracer): 17993 179942012-01-24 Filip Pizlo <fpizlo@apple.com> 17995 17996 Inlining breaks call frame walking when the walking is done from outside the inlinee, 17997 but inside a code block that had inlining 17998 https://bugs.webkit.org/show_bug.cgi?id=76978 17999 <rdar://problem/10720904> 18000 18001 Reviewed by Oliver Hunt. 18002 18003 * bytecode/CodeBlock.h: 18004 (JSC::CodeBlock::codeOriginForReturn): 18005 * interpreter/CallFrame.cpp: 18006 (JSC::CallFrame::trueCallerFrame): 18007 180082012-01-24 Gavin Barraclough <barraclough@apple.com> 18009 18010 https://bugs.webkit.org/show_bug.cgi?id=76855 18011 Implement a JIT-code aware sampling profiler for JSC 18012 18013 Reviewed by Oliver Hunt. 18014 18015 Add support to MetaAllocator.cpp to track all live handles in a map, 18016 allowing lookup based on any address within the allocation. 18017 18018 * wtf/MetaAllocator.cpp: 18019 (WTF::MetaAllocatorTracker::notify): 18020 (WTF::MetaAllocatorTracker::release): 18021 - Track live handle objects in a map. 18022 (WTF::MetaAllocator::release): 18023 - Removed support for handles with null m_allocator (no longer used). 18024 - Notify the tracker of handles being released. 18025 (WTF::MetaAllocatorHandle::~MetaAllocatorHandle): 18026 - Moved functionality out into MetaAllocator::release. 18027 (WTF::MetaAllocatorHandle::shrink): 18028 - Removed support for handles with null m_allocator (no longer used). 18029 (WTF::MetaAllocator::MetaAllocator): 18030 - Initialize m_tracker. 18031 (WTF::MetaAllocator::allocate): 18032 - Notify the tracker of new allocations. 18033 * wtf/MetaAllocator.h: 18034 (WTF::MetaAllocatorTracker::find): 18035 - Lookup a MetaAllocatorHandle based on an address inside the allocation. 18036 (WTF::MetaAllocator::trackAllocations): 18037 - Register a callback object to track allocation state. 18038 * wtf/MetaAllocatorHandle.h: 18039 - Remove unused createSelfManagedHandle/constructor. 18040 (WTF::MetaAllocatorHandle::key): 18041 - Added, for use in RedBlackTree. 18042 180432012-01-24 Mark Hahnenberg <mhahnenberg@apple.com> 18044 18045 Use copying collector for out-of-line JSObject property storage 18046 https://bugs.webkit.org/show_bug.cgi?id=76665 18047 18048 Reviewed by Geoffrey Garen. 18049 18050 * runtime/JSObject.cpp: 18051 (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. 18052 Also added a temporary variable to avoid warnings from GCC. 18053 (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 18054 operator new. Also added a temporary variable to avoid warnings from GCC. 18055 * runtime/JSObject.h: 18056 180572012-01-24 Geoffrey Garen <ggaren@apple.com> 18058 18059 JSValue::toString() should return a JSString* instead of a UString 18060 https://bugs.webkit.org/show_bug.cgi?id=76861 18061 18062 Fixed two failing layout tests after my last patch. 18063 18064 Reviewed by Gavin Barraclough. 18065 18066 * runtime/ArrayPrototype.cpp: 18067 (JSC::arrayProtoFuncSort): Call value() after calling toString(), as 18068 in all other cases. 18069 18070 I missed this case because the JSString* type has a valid operator<, 18071 so the compiler didn't complain. 18072 180732012-01-24 Kenichi Ishibashi <bashi@chromium.org> 18074 18075 [V8] Add Uint8ClampedArray support 18076 https://bugs.webkit.org/show_bug.cgi?id=76803 18077 18078 Reviewed by Kenneth Russell. 18079 18080 * wtf/ArrayBufferView.h: 18081 (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added. 18082 * wtf/Uint8ClampedArray.h: 18083 (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true. 18084 180852012-01-23 Carlos Garcia Campos <cgarcia@igalia.com> 18086 18087 [GTK] Add WebKitDownload to WebKit2 GTK+ API 18088 https://bugs.webkit.org/show_bug.cgi?id=72949 18089 18090 Reviewed by Martin Robinson. 18091 18092 * wtf/gobject/GOwnPtr.cpp: 18093 (WTF::GTimer): Use g_timer_destroy() to free a GTimer. 18094 * wtf/gobject/GOwnPtr.h: Add GTimer template. 18095 * wtf/gobject/GTypedefs.h: Add GTimer forward declaration. 18096 180972012-01-24 Ilya Tikhonovsky <loislo@chromium.org> 18098 18099 Unreviewed build fix for Qt LinuxSH4 build after r105698. 18100 18101 * interpreter/Interpreter.cpp: 18102 (JSC::Interpreter::privateExecute): 18103 181042012-01-23 Geoffrey Garen <ggaren@apple.com> 18105 18106 JSValue::toString() should return a JSString* instead of a UString 18107 https://bugs.webkit.org/show_bug.cgi?id=76861 18108 18109 Reviewed by Gavin Barraclough. 18110 18111 This makes the common case -- toString() on a string -- faster and 18112 inline-able. (Not a measureable speedup, but we can now remove a bunch 18113 of duplicate hand-rolled code for this optimization.) 18114 18115 This also clarifies the boundary between "C++ strings" and "JS strings". 18116 18117 In all cases other than true, false, null, undefined, and multi-digit 18118 numbers, the JS runtime was just retrieving a UString from a JSString, 18119 so returning a JSString* is strictly better. In the other cases, we can 18120 optimize to avoid creating a new JSString if we care to, but it doesn't 18121 seem to be a big deal. 18122 18123 * JavaScriptCore.exp: Export! 18124 18125 * jsc.cpp: 18126 (functionPrint): 18127 (functionDebug): 18128 (functionRun): 18129 (functionLoad): 18130 (functionCheckSyntax): 18131 (runWithScripts): 18132 (runInteractive): 18133 * API/JSValueRef.cpp: 18134 (JSValueToStringCopy): 18135 * bytecode/CodeBlock.cpp: 18136 (JSC::valueToSourceString): Call value() after calling toString(), to 18137 convert from "JS string" (JSString*) to "C++ string" (UString), since 18138 toString() no longer returns a "C++ string". 18139 18140 * dfg/DFGOperations.cpp: 18141 (JSC::DFG::operationValueAddNotNumber): 18142 * jit/JITStubs.cpp: 18143 (op_add): Updated for removal of toPrimitiveString(): 18144 all '+' operands can use toString(), except for object operands, which 18145 need to take a slow path to call toPrimitive(). 18146 18147 * runtime/ArrayPrototype.cpp: 18148 (JSC::arrayProtoFuncToString): 18149 (JSC::arrayProtoFuncToLocaleString): 18150 (JSC::arrayProtoFuncJoin): 18151 (JSC::arrayProtoFuncPush): 18152 * runtime/CommonSlowPaths.h: 18153 (JSC::CommonSlowPaths::opIn): 18154 * runtime/DateConstructor.cpp: 18155 (JSC::dateParse): 18156 * runtime/DatePrototype.cpp: 18157 (JSC::formatLocaleDate): Call value() after calling toString(), as above. 18158 18159 * runtime/ErrorInstance.h: 18160 (JSC::ErrorInstance::create): Simplified down to one canonical create() 18161 function, to make string handling easier. 18162 18163 * runtime/ErrorPrototype.cpp: 18164 (JSC::errorProtoFuncToString): 18165 * runtime/ExceptionHelpers.cpp: 18166 (JSC::createInvalidParamError): 18167 (JSC::createNotAConstructorError): 18168 (JSC::createNotAFunctionError): 18169 (JSC::createNotAnObjectError): 18170 * runtime/FunctionConstructor.cpp: 18171 (JSC::constructFunctionSkippingEvalEnabledCheck): 18172 * runtime/FunctionPrototype.cpp: 18173 (JSC::functionProtoFuncBind): 18174 * runtime/JSArray.cpp: 18175 (JSC::JSArray::sort): Call value() after calling toString(), as above. 18176 18177 * runtime/JSCell.cpp: 18178 * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this 18179 job now. Doing it in JSCell is slower (requires extra type checking), and 18180 creates the misimpression that language-defined toString() behavior is 18181 an implementation detail of JSCell. 18182 18183 * runtime/JSGlobalObjectFunctions.cpp: 18184 (JSC::encode): 18185 (JSC::decode): 18186 (JSC::globalFuncEval): 18187 (JSC::globalFuncParseInt): 18188 (JSC::globalFuncParseFloat): 18189 (JSC::globalFuncEscape): 18190 (JSC::globalFuncUnescape): Call value() after calling toString(), as above. 18191 18192 * runtime/JSONObject.cpp: 18193 (JSC::unwrapBoxedPrimitive): 18194 (JSC::Stringifier::Stringifier): 18195 (JSC::JSONProtoFuncParse): Removed some manual optimization that toString() 18196 takes care of. 18197 18198 * runtime/JSObject.cpp: 18199 (JSC::JSObject::toString): 18200 * runtime/JSObject.h: Updated to return JSString*. 18201 18202 * runtime/JSString.cpp: 18203 * runtime/JSString.h: 18204 (JSC::JSValue::toString): Removed, since I removed JSCell::toString(). 18205 18206 * runtime/JSValue.cpp: 18207 (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re- 18208 spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString() 18209 basically did what we want all the time. (Note that the toPrimitive() 18210 preference changes from NoPreference to PreferString, because that's 18211 how ToString is defined in the language. op_add does not want this behavior.) 18212 18213 * runtime/NumberPrototype.cpp: 18214 (JSC::numberProtoFuncToString): 18215 (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString() 18216 returns a JSString*. 18217 18218 * runtime/ObjectConstructor.cpp: 18219 (JSC::objectConstructorGetOwnPropertyDescriptor): 18220 (JSC::objectConstructorDefineProperty): 18221 * runtime/ObjectPrototype.cpp: 18222 (JSC::objectProtoFuncHasOwnProperty): 18223 (JSC::objectProtoFuncDefineGetter): 18224 (JSC::objectProtoFuncDefineSetter): 18225 (JSC::objectProtoFuncLookupGetter): 18226 (JSC::objectProtoFuncLookupSetter): 18227 (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above. 18228 18229 * runtime/Operations.cpp: 18230 (JSC::jsAddSlowCase): Need to check for object before taking the toString() 18231 fast path becuase adding an object to a string requires calling toPrimitive() 18232 on the object, not toString(). (They differ in their preferred conversion 18233 type.) 18234 18235 * runtime/Operations.h: 18236 (JSC::jsString): 18237 (JSC::jsStringFromArguments): This code gets simpler, now that toString() 18238 does the right thing. 18239 18240 (JSC::jsAdd): Now checks for object, just like jsAddSlowCase(). 18241 18242 * runtime/RegExpConstructor.cpp: 18243 (JSC::setRegExpConstructorInput): 18244 (JSC::constructRegExp): 18245 * runtime/RegExpObject.cpp: 18246 (JSC::RegExpObject::match): 18247 * runtime/RegExpPrototype.cpp: 18248 (JSC::regExpProtoFuncCompile): 18249 (JSC::regExpProtoFuncToString): More calls to value(), as above. 18250 18251 * runtime/StringConstructor.cpp: 18252 (JSC::constructWithStringConstructor): 18253 (JSC::callStringConstructor): This code gets simpler, now that toString() 18254 does the right thing. 18255 18256 * runtime/StringPrototype.cpp: 18257 (JSC::replaceUsingRegExpSearch): 18258 (JSC::replaceUsingStringSearch): 18259 (JSC::stringProtoFuncReplace): 18260 (JSC::stringProtoFuncCharAt): 18261 (JSC::stringProtoFuncCharCodeAt): 18262 (JSC::stringProtoFuncConcat): 18263 (JSC::stringProtoFuncIndexOf): 18264 (JSC::stringProtoFuncLastIndexOf): 18265 (JSC::stringProtoFuncMatch): 18266 (JSC::stringProtoFuncSearch): 18267 (JSC::stringProtoFuncSlice): 18268 (JSC::stringProtoFuncSplit): 18269 (JSC::stringProtoFuncSubstr): 18270 (JSC::stringProtoFuncSubstring): 18271 (JSC::stringProtoFuncToLowerCase): 18272 (JSC::stringProtoFuncToUpperCase): 18273 (JSC::stringProtoFuncLocaleCompare): 18274 (JSC::stringProtoFuncBig): 18275 (JSC::stringProtoFuncSmall): 18276 (JSC::stringProtoFuncBlink): 18277 (JSC::stringProtoFuncBold): 18278 (JSC::stringProtoFuncFixed): 18279 (JSC::stringProtoFuncItalics): 18280 (JSC::stringProtoFuncStrike): 18281 (JSC::stringProtoFuncSub): 18282 (JSC::stringProtoFuncSup): 18283 (JSC::stringProtoFuncFontcolor): 18284 (JSC::stringProtoFuncFontsize): 18285 (JSC::stringProtoFuncAnchor): 18286 (JSC::stringProtoFuncLink): 18287 (JSC::trimString): Some of this code gets simpler, now that toString() 18288 does the right thing. More calls to value(), as above. 18289 182902012-01-23 Luke Macpherson <macpherson@chromium.org> 18291 18292 Unreviewed, rolling out r105676. 18293 http://trac.webkit.org/changeset/105676 18294 https://bugs.webkit.org/show_bug.cgi?id=76665 18295 18296 Breaks build on max due to compile warnings. 18297 18298 * runtime/JSObject.cpp: 18299 (JSC::JSObject::finalize): 18300 (JSC::JSObject::visitChildren): 18301 (JSC::JSObject::allocatePropertyStorage): 18302 * runtime/JSObject.h: 18303 183042012-01-23 Mark Hahnenberg <mhahnenberg@apple.com> 18305 18306 Use copying collector for out-of-line JSObject property storage 18307 https://bugs.webkit.org/show_bug.cgi?id=76665 18308 18309 Reviewed by Geoffrey Garen. 18310 18311 * runtime/JSObject.cpp: 18312 (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. 18313 (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 18314 operator new. 18315 * runtime/JSObject.h: 18316 183172012-01-23 Brian Weinstein <bweinstein@apple.com> 18318 18319 More build fixing after r105646. 18320 18321 * JavaScriptCore.exp: 18322 183232012-01-23 Gavin Barraclough <barraclough@apple.com> 18324 18325 https://bugs.webkit.org/show_bug.cgi?id=76855 18326 Implement a JIT-code aware sampling profiler for JSC 18327 18328 Reviewed by Geoff Garen. 18329 18330 Step 2: generalize RedBlackTree. The profiler is going to want tio use 18331 a RedBlackTree, allow this class to work with subclasses of 18332 RedBlackTree::Node, Node should not need to know the names of the m_key 18333 and m_value fields (the subclass can provide a key() accessor), and 18334 RedBlackTree does not need to know anything about ValueType. 18335 18336 * JavaScriptCore.exp: 18337 * wtf/MetaAllocator.cpp: 18338 (WTF::MetaAllocator::findAndRemoveFreeSpace): 18339 (WTF::MetaAllocator::debugFreeSpaceSize): 18340 (WTF::MetaAllocator::addFreeSpace): 18341 * wtf/MetaAllocator.h: 18342 (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode): 18343 (WTF::MetaAllocator::FreeSpaceNode::key): 18344 * wtf/MetaAllocatorHandle.h: 18345 (WTF::MetaAllocatorHandle::key): 18346 * wtf/RedBlackTree.h: 18347 (WTF::RedBlackTree::Node::successor): 18348 (WTF::RedBlackTree::Node::predecessor): 18349 (WTF::RedBlackTree::Node::parent): 18350 (WTF::RedBlackTree::Node::setParent): 18351 (WTF::RedBlackTree::Node::left): 18352 (WTF::RedBlackTree::Node::setLeft): 18353 (WTF::RedBlackTree::Node::right): 18354 (WTF::RedBlackTree::Node::setRight): 18355 (WTF::RedBlackTree::insert): 18356 (WTF::RedBlackTree::remove): 18357 (WTF::RedBlackTree::findExact): 18358 (WTF::RedBlackTree::findLeastGreaterThanOrEqual): 18359 (WTF::RedBlackTree::findGreatestLessThanOrEqual): 18360 (WTF::RedBlackTree::first): 18361 (WTF::RedBlackTree::last): 18362 (WTF::RedBlackTree::size): 18363 (WTF::RedBlackTree::treeMinimum): 18364 (WTF::RedBlackTree::treeMaximum): 18365 (WTF::RedBlackTree::treeInsert): 18366 (WTF::RedBlackTree::leftRotate): 18367 (WTF::RedBlackTree::rightRotate): 18368 (WTF::RedBlackTree::removeFixup): 18369 183702012-01-23 Andy Estes <aestes@apple.com> 18371 18372 Fix the build after r105635. 18373 18374 * JavaScriptCore.exp: 18375 183762012-01-23 Mark Hahnenberg <mhahnenberg@apple.com> 18377 18378 Remove StackBounds from JSGlobalData 18379 https://bugs.webkit.org/show_bug.cgi?id=76310 18380 18381 Reviewed by Sam Weinig. 18382 18383 Removed StackBounds and the stack() function from JSGlobalData since it no 18384 longer accessed any members of JSGlobalData. 18385 18386 * bytecompiler/BytecodeGenerator.cpp: 18387 (JSC::BytecodeGenerator::BytecodeGenerator): 18388 * heap/MachineStackMarker.cpp: 18389 (JSC::MachineThreads::addCurrentThread): 18390 (JSC::MachineThreads::gatherFromCurrentThread): 18391 * parser/Parser.cpp: 18392 (JSC::::Parser): 18393 * runtime/JSGlobalData.cpp: 18394 (JSC::JSGlobalData::JSGlobalData): 18395 * runtime/JSGlobalData.h: 18396 183972012-01-23 Gavin Barraclough <barraclough@apple.com> 18398 18399 Implement a JIT-code aware sampling profiler for JSC 18400 https://bugs.webkit.org/show_bug.cgi?id=76855 18401 18402 Rubber stanmped by Geoff Garen. 18403 18404 Mechanical change - pass CodeBlock through to the executable allocator, 18405 such that we will be able to map ranges of JIT code back to their owner. 18406 18407 * assembler/ARMAssembler.cpp: 18408 (JSC::ARMAssembler::executableCopy): 18409 * assembler/ARMAssembler.h: 18410 * assembler/AssemblerBuffer.h: 18411 (JSC::AssemblerBuffer::executableCopy): 18412 * assembler/AssemblerBufferWithConstantPool.h: 18413 (JSC::AssemblerBufferWithConstantPool::executableCopy): 18414 * assembler/LinkBuffer.h: 18415 (JSC::LinkBuffer::LinkBuffer): 18416 (JSC::LinkBuffer::linkCode): 18417 * assembler/MIPSAssembler.h: 18418 (JSC::MIPSAssembler::executableCopy): 18419 * assembler/SH4Assembler.h: 18420 (JSC::SH4Assembler::executableCopy): 18421 * assembler/X86Assembler.h: 18422 (JSC::X86Assembler::executableCopy): 18423 (JSC::X86Assembler::X86InstructionFormatter::executableCopy): 18424 * dfg/DFGJITCompiler.cpp: 18425 (JSC::DFG::JITCompiler::compile): 18426 (JSC::DFG::JITCompiler::compileFunction): 18427 * dfg/DFGOSRExitCompiler.cpp: 18428 * dfg/DFGRepatch.cpp: 18429 (JSC::DFG::generateProtoChainAccessStub): 18430 (JSC::DFG::tryCacheGetByID): 18431 (JSC::DFG::tryBuildGetByIDList): 18432 (JSC::DFG::tryCachePutByID): 18433 * dfg/DFGThunks.cpp: 18434 (JSC::DFG::osrExitGenerationThunkGenerator): 18435 * jit/ExecutableAllocator.cpp: 18436 (JSC::ExecutableAllocator::allocate): 18437 * jit/ExecutableAllocator.h: 18438 * jit/ExecutableAllocatorFixedVMPool.cpp: 18439 (JSC::ExecutableAllocator::allocate): 18440 * jit/JIT.cpp: 18441 (JSC::JIT::privateCompile): 18442 * jit/JITOpcodes.cpp: 18443 (JSC::JIT::privateCompileCTIMachineTrampolines): 18444 * jit/JITOpcodes32_64.cpp: 18445 (JSC::JIT::privateCompileCTIMachineTrampolines): 18446 (JSC::JIT::privateCompileCTINativeCall): 18447 * jit/JITPropertyAccess.cpp: 18448 (JSC::JIT::stringGetByValStubGenerator): 18449 (JSC::JIT::privateCompilePutByIdTransition): 18450 (JSC::JIT::privateCompilePatchGetArrayLength): 18451 (JSC::JIT::privateCompileGetByIdProto): 18452 (JSC::JIT::privateCompileGetByIdSelfList): 18453 (JSC::JIT::privateCompileGetByIdProtoList): 18454 (JSC::JIT::privateCompileGetByIdChainList): 18455 (JSC::JIT::privateCompileGetByIdChain): 18456 * jit/JITPropertyAccess32_64.cpp: 18457 (JSC::JIT::stringGetByValStubGenerator): 18458 (JSC::JIT::privateCompilePutByIdTransition): 18459 (JSC::JIT::privateCompilePatchGetArrayLength): 18460 (JSC::JIT::privateCompileGetByIdProto): 18461 (JSC::JIT::privateCompileGetByIdSelfList): 18462 (JSC::JIT::privateCompileGetByIdProtoList): 18463 (JSC::JIT::privateCompileGetByIdChainList): 18464 (JSC::JIT::privateCompileGetByIdChain): 18465 * jit/JITStubs.cpp: 18466 * jit/SpecializedThunkJIT.h: 18467 (JSC::SpecializedThunkJIT::finalize): 18468 * yarr/YarrJIT.cpp: 18469 (JSC::Yarr::YarrGenerator::compile): 18470 184712012-01-23 Xianzhu Wang <wangxianzhu@chromium.org> 18472 18473 Basic enhancements to StringBuilder 18474 https://bugs.webkit.org/show_bug.cgi?id=67081 18475 18476 This change contains the following enhancements to StringBuilder, 18477 for convenience, performance, testability, etc.: 18478 - Change toStringPreserveCapacity() to const 18479 - new public methods: capacity(), swap(), toAtomicString(), canShrink() 18480 and append(const StringBuilder&) 18481 - == and != opearators to compare StringBuilders and a StringBuilder/String 18482 18483 Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp 18484 18485 Reviewed by Darin Adler. 18486 18487 * JavaScriptCore.exp: 18488 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 18489 * wtf/text/AtomicString.cpp: 18490 (WTF::SubstringTranslator::hash): 18491 (WTF::SubstringTranslator::equal): 18492 (WTF::SubstringTranslator::translate): 18493 (WTF::AtomicString::add): 18494 (WTF::AtomicString::addSlowCase): 18495 * wtf/text/AtomicString.h: 18496 (WTF::AtomicString::AtomicString): 18497 (WTF::AtomicString::add): 18498 * wtf/text/StringBuilder.cpp: 18499 (WTF::StringBuilder::reifyString): 18500 (WTF::StringBuilder::resize): 18501 (WTF::StringBuilder::canShrink): 18502 (WTF::StringBuilder::shrinkToFit): 18503 * wtf/text/StringBuilder.h: 18504 (WTF::StringBuilder::append): 18505 (WTF::StringBuilder::toString): 18506 (WTF::StringBuilder::toStringPreserveCapacity): 18507 (WTF::StringBuilder::toAtomicString): 18508 (WTF::StringBuilder::isEmpty): 18509 (WTF::StringBuilder::capacity): 18510 (WTF::StringBuilder::is8Bit): 18511 (WTF::StringBuilder::swap): 18512 (WTF::equal): 18513 (WTF::operator==): 18514 (WTF::operator!=): 18515 * wtf/text/StringImpl.h: 18516 185172012-01-23 Carlos Garcia Campos <cgarcia@igalia.com> 18518 18519 Unreviewed. Fix make distcheck. 18520 18521 * GNUmakefile.list.am: Add missing files, remove deleted files and 18522 fix indentation. 18523 185242012-01-22 Filip Pizlo <fpizlo@apple.com> 18525 18526 Build fix for non-DFG platforms that error out on warn-unused-parameter. 18527 18528 * bytecode/CallLinkStatus.cpp: 18529 (JSC::CallLinkStatus::computeFor): 18530 * bytecode/GetByIdStatus.cpp: 18531 (JSC::GetByIdStatus::computeFor): 18532 * bytecode/MethodCallLinkStatus.cpp: 18533 (JSC::MethodCallLinkStatus::computeFor): 18534 * bytecode/PutByIdStatus.cpp: 18535 (JSC::PutByIdStatus::computeFor): 18536 185372012-01-22 Filip Pizlo <fpizlo@apple.com> 18538 18539 Build fix for non-DFG platforms. 18540 18541 * bytecode/CallLinkStatus.cpp: 18542 (JSC::CallLinkStatus::computeFor): 18543 * bytecode/GetByIdStatus.cpp: 18544 (JSC::GetByIdStatus::computeFor): 18545 * bytecode/MethodCallLinkStatus.cpp: 18546 (JSC::MethodCallLinkStatus::computeFor): 18547 * bytecode/PutByIdStatus.cpp: 18548 (JSC::PutByIdStatus::computeFor): 18549 185502012-01-20 Filip Pizlo <fpizlo@apple.com> 18551 18552 DFG should not have code that directly decodes the states of old JIT inline 18553 cache data structures 18554 https://bugs.webkit.org/show_bug.cgi?id=76768 18555 18556 Reviewed by Sam Weinig. 18557 18558 Introduced new classes (like GetByIdStatus) that encapsulate the set of things 18559 that the DFG would like to know about property accesses and calls. Whereas it 18560 previously got this information by directly decoding the data structures used 18561 by the old JIT for inline caching, it now uses these classes, which do the work 18562 for it. This should make it somewhat more straight forward to introduce new 18563 ways of profiling the same information. 18564 18565 Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by 18566 code in bytecode/. 18567 18568 Making this work right involved carefully ensuring that the heuristics for 18569 choosing how to handle property accesses was at least as good as what we had 18570 before, since I completely restructured that code. Currently the performance 18571 looks neutral. Since I rewrote the code I did change some things that I never 18572 liked before, like previously if a put_bu_id had executed exactly once then 18573 we'd compile it as if it had taken slow-path. Executing once is special because 18574 then the inline cache is not baked in, so there is no information about how the 18575 DFG should optimize the code. Now this is rationalized: if the put_by_id does 18576 not offer enough information to be optimized (i.e. had executed 0 or 1 times) 18577 then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id 18578 still has the old behavior; I left it that way because I didn't want to make 18579 too many changes at once. 18580 18581 * CMakeLists.txt: 18582 * GNUmakefile.list.am: 18583 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 18584 * JavaScriptCore.xcodeproj/project.pbxproj: 18585 * Target.pri: 18586 * bytecode/CallLinkStatus.cpp: Added. 18587 (JSC::CallLinkStatus::computeFor): 18588 * bytecode/CallLinkStatus.h: Added. 18589 (JSC::CallLinkStatus::CallLinkStatus): 18590 (JSC::CallLinkStatus::isSet): 18591 (JSC::CallLinkStatus::operator!): 18592 (JSC::CallLinkStatus::couldTakeSlowPath): 18593 (JSC::CallLinkStatus::callTarget): 18594 * bytecode/GetByIdStatus.cpp: Added. 18595 (JSC::GetByIdStatus::computeFor): 18596 * bytecode/GetByIdStatus.h: Added. 18597 (JSC::GetByIdStatus::GetByIdStatus): 18598 (JSC::GetByIdStatus::state): 18599 (JSC::GetByIdStatus::isSet): 18600 (JSC::GetByIdStatus::operator!): 18601 (JSC::GetByIdStatus::isSimpleDirect): 18602 (JSC::GetByIdStatus::takesSlowPath): 18603 (JSC::GetByIdStatus::makesCalls): 18604 (JSC::GetByIdStatus::structureSet): 18605 (JSC::GetByIdStatus::offset): 18606 * bytecode/MethodCallLinkStatus.cpp: Added. 18607 (JSC::MethodCallLinkStatus::computeFor): 18608 * bytecode/MethodCallLinkStatus.h: Added. 18609 (JSC::MethodCallLinkStatus::MethodCallLinkStatus): 18610 (JSC::MethodCallLinkStatus::isSet): 18611 (JSC::MethodCallLinkStatus::operator!): 18612 (JSC::MethodCallLinkStatus::needsPrototypeCheck): 18613 (JSC::MethodCallLinkStatus::structure): 18614 (JSC::MethodCallLinkStatus::prototypeStructure): 18615 (JSC::MethodCallLinkStatus::function): 18616 (JSC::MethodCallLinkStatus::prototype): 18617 * bytecode/PutByIdStatus.cpp: Added. 18618 (JSC::PutByIdStatus::computeFor): 18619 * bytecode/PutByIdStatus.h: Added. 18620 (JSC::PutByIdStatus::PutByIdStatus): 18621 (JSC::PutByIdStatus::state): 18622 (JSC::PutByIdStatus::isSet): 18623 (JSC::PutByIdStatus::operator!): 18624 (JSC::PutByIdStatus::isSimpleReplace): 18625 (JSC::PutByIdStatus::isSimpleTransition): 18626 (JSC::PutByIdStatus::takesSlowPath): 18627 (JSC::PutByIdStatus::oldStructure): 18628 (JSC::PutByIdStatus::newStructure): 18629 (JSC::PutByIdStatus::structureChain): 18630 (JSC::PutByIdStatus::offset): 18631 * bytecode/StructureSet.h: Added. 18632 (JSC::StructureSet::StructureSet): 18633 (JSC::StructureSet::clear): 18634 (JSC::StructureSet::add): 18635 (JSC::StructureSet::addAll): 18636 (JSC::StructureSet::remove): 18637 (JSC::StructureSet::contains): 18638 (JSC::StructureSet::isSubsetOf): 18639 (JSC::StructureSet::isSupersetOf): 18640 (JSC::StructureSet::size): 18641 (JSC::StructureSet::at): 18642 (JSC::StructureSet::operator[]): 18643 (JSC::StructureSet::last): 18644 (JSC::StructureSet::predictionFromStructures): 18645 (JSC::StructureSet::operator==): 18646 (JSC::StructureSet::dump): 18647 * dfg/DFGAbstractValue.h: 18648 * dfg/DFGByteCodeParser.cpp: 18649 (JSC::DFG::ByteCodeParser::handleCall): 18650 (JSC::DFG::ByteCodeParser::parseBlock): 18651 * dfg/DFGStructureSet.h: Removed. 18652 186532012-01-20 Filip Pizlo <fpizlo@apple.com> 18654 18655 JIT compilation should not require ExecState 18656 https://bugs.webkit.org/show_bug.cgi?id=76729 18657 <rdar://problem/10731545> 18658 18659 Reviewed by Gavin Barraclough. 18660 18661 Changed the relevant JIT driver functions to take JSGlobalData& instead of 18662 ExecState*, since really they just needed the global data. 18663 18664 * dfg/DFGDriver.cpp: 18665 (JSC::DFG::compile): 18666 (JSC::DFG::tryCompile): 18667 (JSC::DFG::tryCompileFunction): 18668 * dfg/DFGDriver.h: 18669 (JSC::DFG::tryCompile): 18670 (JSC::DFG::tryCompileFunction): 18671 * jit/JITDriver.h: 18672 (JSC::jitCompileIfAppropriate): 18673 (JSC::jitCompileFunctionIfAppropriate): 18674 * runtime/Executable.cpp: 18675 (JSC::EvalExecutable::compileInternal): 18676 (JSC::ProgramExecutable::compileInternal): 18677 (JSC::FunctionExecutable::compileForCallInternal): 18678 (JSC::FunctionExecutable::compileForConstructInternal): 18679 186802012-01-20 David Levin <levin@chromium.org> 18681 18682 Make OwnPtr<HDC> work for the Chromium Windows port. 18683 https://bugs.webkit.org/show_bug.cgi?id=76738 18684 18685 Reviewed by Jian Li. 18686 18687 * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the 18688 Chromium Windows build. 18689 * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for 18690 OwnPtr<HDC> and similar constructs. 18691 186922012-01-19 Geoffrey Garen <ggaren@apple.com> 18693 18694 Removed some regexp entry boilerplate code 18695 https://bugs.webkit.org/show_bug.cgi?id=76687 18696 18697 Reviewed by Darin Adler. 18698 18699 1% - 2% speedup on regexp tests, no change overall. 18700 18701 * runtime/RegExp.cpp: 18702 (JSC::RegExp::match): 18703 - ASSERT that our startIndex is non-negative, because anything less 18704 would be uncivilized. 18705 18706 - ASSERT that our input is not the null string for the same reason. 18707 18708 - No need to test for startOffset being past the end of the string, 18709 since the regular expression engine will do this test for us. 18710 18711 - No need to initialize the output vector, since the regular expression 18712 engine will fill it in for us. 18713 18714 * yarr/YarrInterpreter.cpp: 18715 (JSC::Yarr::Interpreter::interpret): 18716 * yarr/YarrJIT.cpp: 18717 (JSC::Yarr::YarrGenerator::compile): 18718 18719 RegExp used to do these jobs for us, but now we do them for ourselves 18720 because it's a better separation of concerns, and the JIT can do them 18721 more efficiently than C++ code: 18722 18723 - Test for "past the end" before doing any matching -- otherwise 18724 a* will match with zero length past the end of the string, which is wrong. 18725 18726 - Initialize the output vector before doing any matching. 18727 187282012-01-20 Filip Pizlo <fpizlo@apple.com> 18729 18730 Build fix for no-DFG configuration. 18731 Needed for <rdar://problem/10727689>. 18732 18733 * bytecompiler/BytecodeGenerator.cpp: 18734 (JSC::BytecodeGenerator::emitProfiledOpcode): 18735 * jit/JIT.h: 18736 (JSC::JIT::emitValueProfilingSite): 18737 187382012-01-19 Filip Pizlo <fpizlo@apple.com> 18739 18740 Bytecode instructions that may have value profiling should have a direct inline 18741 link to the ValueProfile instance 18742 https://bugs.webkit.org/show_bug.cgi?id=76682 18743 <rdar://problem/10727689> 18744 18745 Reviewed by Sam Weinig. 18746 18747 Each opcode that gets value profiled now has a link to its ValueProfile. This 18748 required rationalizing the emission of value profiles for opcode combos, like 18749 op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes 18750 sense for one of them to have a value profile link, and it makes most sense 18751 for it to be the one that actually sets the result. The previous behavior was 18752 to have op_method_check profile for op_get_by_id when they were used together, 18753 but otherwise for op_get_by_id to have its own profiles. op_call already did 18754 the right thing; all profiling was done by op_call_put_result. 18755 18756 But rationalizing this code required breaking some of the natural boundaries 18757 that the code had; for instance the code in DFG that emits a GetById in place 18758 of both op_method_check and op_get_by_id must now know that it's the latter of 18759 those that has the value profile, while the first of those constitutes the OSR 18760 target. Hence each CodeOrigin must now have two bytecode indices - one for 18761 OSR exit and one for profiling. 18762 18763 Finally this change required some refiddling of our optimization heuristics, 18764 because now all code blocks have "more instructions" due to the value profile 18765 slots. 18766 18767 * bytecode/CodeBlock.cpp: 18768 (JSC::CodeBlock::printGetByIdOp): 18769 (JSC::CodeBlock::dump): 18770 * bytecode/CodeBlock.h: 18771 (JSC::CodeBlock::valueProfileForBytecodeOffset): 18772 * bytecode/CodeOrigin.h: 18773 (JSC::CodeOrigin::CodeOrigin): 18774 (JSC::CodeOrigin::bytecodeIndexForValueProfile): 18775 * bytecode/Instruction.h: 18776 (JSC::Instruction::Instruction): 18777 * bytecode/Opcode.h: 18778 * bytecompiler/BytecodeGenerator.cpp: 18779 (JSC::BytecodeGenerator::emitProfiledOpcode): 18780 (JSC::BytecodeGenerator::emitResolve): 18781 (JSC::BytecodeGenerator::emitGetScopedVar): 18782 (JSC::BytecodeGenerator::emitResolveBase): 18783 (JSC::BytecodeGenerator::emitResolveBaseForPut): 18784 (JSC::BytecodeGenerator::emitResolveWithBase): 18785 (JSC::BytecodeGenerator::emitResolveWithThis): 18786 (JSC::BytecodeGenerator::emitGetById): 18787 (JSC::BytecodeGenerator::emitGetByVal): 18788 (JSC::BytecodeGenerator::emitCall): 18789 (JSC::BytecodeGenerator::emitCallVarargs): 18790 (JSC::BytecodeGenerator::emitConstruct): 18791 * bytecompiler/BytecodeGenerator.h: 18792 * dfg/DFGByteCodeParser.cpp: 18793 (JSC::DFG::ByteCodeParser::ByteCodeParser): 18794 (JSC::DFG::ByteCodeParser::currentCodeOrigin): 18795 (JSC::DFG::ByteCodeParser::addCall): 18796 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): 18797 (JSC::DFG::ByteCodeParser::getPrediction): 18798 (JSC::DFG::ByteCodeParser::handleCall): 18799 (JSC::DFG::ByteCodeParser::handleInlining): 18800 (JSC::DFG::ByteCodeParser::parseBlock): 18801 (JSC::DFG::ByteCodeParser::parse): 18802 * dfg/DFGGraph.h: 18803 (JSC::DFG::Graph::valueProfileFor): 18804 * jit/JIT.h: 18805 (JSC::JIT::emitValueProfilingSite): 18806 * jit/JITCall.cpp: 18807 (JSC::JIT::emit_op_call_put_result): 18808 * jit/JITCall32_64.cpp: 18809 (JSC::JIT::emit_op_call_put_result): 18810 * jit/JITInlineMethods.h: 18811 (JSC::JIT::emitValueProfilingSite): 18812 * jit/JITOpcodes.cpp: 18813 (JSC::JIT::emit_op_resolve): 18814 (JSC::JIT::emit_op_resolve_base): 18815 (JSC::JIT::emit_op_resolve_skip): 18816 (JSC::JIT::emit_op_resolve_global): 18817 (JSC::JIT::emitSlow_op_resolve_global): 18818 (JSC::JIT::emit_op_resolve_with_base): 18819 (JSC::JIT::emit_op_resolve_with_this): 18820 (JSC::JIT::emitSlow_op_resolve_global_dynamic): 18821 * jit/JITOpcodes32_64.cpp: 18822 (JSC::JIT::emit_op_resolve): 18823 (JSC::JIT::emit_op_resolve_base): 18824 (JSC::JIT::emit_op_resolve_skip): 18825 (JSC::JIT::emit_op_resolve_global): 18826 (JSC::JIT::emitSlow_op_resolve_global): 18827 (JSC::JIT::emit_op_resolve_with_base): 18828 (JSC::JIT::emit_op_resolve_with_this): 18829 * jit/JITPropertyAccess.cpp: 18830 (JSC::JIT::emit_op_get_by_val): 18831 (JSC::JIT::emitSlow_op_get_by_val): 18832 (JSC::JIT::emit_op_method_check): 18833 (JSC::JIT::emitSlow_op_method_check): 18834 (JSC::JIT::emit_op_get_by_id): 18835 (JSC::JIT::emitSlow_op_get_by_id): 18836 (JSC::JIT::emit_op_get_scoped_var): 18837 (JSC::JIT::emit_op_get_global_var): 18838 * jit/JITPropertyAccess32_64.cpp: 18839 (JSC::JIT::emit_op_method_check): 18840 (JSC::JIT::emitSlow_op_method_check): 18841 (JSC::JIT::emit_op_get_by_val): 18842 (JSC::JIT::emitSlow_op_get_by_val): 18843 (JSC::JIT::emit_op_get_by_id): 18844 (JSC::JIT::emitSlow_op_get_by_id): 18845 (JSC::JIT::emit_op_get_scoped_var): 18846 (JSC::JIT::emit_op_get_global_var): 18847 * jit/JITStubCall.h: 18848 (JSC::JITStubCall::callWithValueProfiling): 18849 * runtime/Options.cpp: 18850 (JSC::Options::initializeOptions): 18851 188522012-01-20 ChangSeok Oh <shivamidow@gmail.com> 18853 18854 undefined reference to symbol eina_module_free 18855 https://bugs.webkit.org/show_bug.cgi?id=76681 18856 18857 Reviewed by Martin Robinson. 18858 18859 eina_module_free has been used without including eina libraries after r104936. 18860 18861 * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES. 18862 188632012-01-19 Tony Chang <tony@chromium.org> 18864 18865 [chromium] Remove an obsolete comment about features.gypi 18866 https://bugs.webkit.org/show_bug.cgi?id=76643 18867 18868 There can be only one features.gypi. 18869 18870 Reviewed by James Robinson. 18871 18872 * JavaScriptCore.gyp/JavaScriptCore.gyp: 18873 188742012-01-19 Geoffrey Garen <ggaren@apple.com> 18875 18876 Implicit creation of a regular expression should eagerly check for syntax errors 18877 https://bugs.webkit.org/show_bug.cgi?id=76642 18878 18879 Reviewed by Oliver Hunt. 18880 18881 This is a correctness fix and a slight optimization. 18882 18883 * runtime/StringPrototype.cpp: 18884 (JSC::stringProtoFuncMatch): 18885 (JSC::stringProtoFuncSearch): Check for syntax errors because that's the 18886 correct behavior. 18887 18888 * runtime/RegExp.cpp: 18889 (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line 18890 of code change, many lines of indentation change.) 18891 18892 Since we have no clients that try to match a RegExp that is a syntax error, 18893 let's optimize out the check. 18894 188952012-01-19 Mark Hahnenberg <mhahnenberg@apple.com> 18896 18897 Implement a new allocator for backing stores 18898 https://bugs.webkit.org/show_bug.cgi?id=75181 18899 18900 Reviewed by Filip Pizlo. 18901 18902 We want to move away from using fastMalloc for the backing stores for 18903 some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing 18904 stores have a nice property in that they only have a single owner (i.e. a 18905 single pointer to them at any one time). One way that we can take advantage 18906 of this property is to implement a simple bump allocator/copying collector, 18907 which will run alongside our normal mark/sweep collector, that only needs to 18908 update the single owner pointer rather than having to redirect an arbitrary 18909 number of pointers in from-space to to-space. 18910 18911 This plan can give us a number of benefits. We can beat fastMalloc in terms 18912 of both performance and memory usage, we can track how much memory we're using 18913 far more accurately than our rough estimation now through the use of 18914 reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed 18915 to being limited to size classes like we have been historically). This is also 18916 another step toward moving away from lazy destruction, which will improve our memory footprint. 18917 18918 We start by creating said allocator and moving the ArrayStorage for JSArray 18919 to use it rather than fastMalloc. 18920 18921 The design of the collector is as follows: 18922 Allocation: 18923 -The collector allocates 64KB chunks from the OS to use for object allocation. 18924 -Each chunk contains an offset, a flag indicating if the block has been pinned, 18925 and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists. 18926 -Any allocation greater than 64KB gets its own separate oversize block, which 18927 is managed separately from the rest. 18928 -If the allocator receives a request for more than the remaining amount in the 18929 current block, it grabs a fresh block. 18930 -Grabbing a fresh block means grabbing one off of the global free list (which is now 18931 shared between the mark/sweep allocator and the bump allocator) if there is one. 18932 If there isn't a new one we do one of two things: allocate a new block from the OS 18933 if we're not ready for a GC yet, or run a GC and then try again. If we still don't 18934 have enough space after the GC, we allocate a new block from the OS. 18935 18936 Garbage collection: 18937 -At the start of garbage collection during conservative stack scanning, if we encounter 18938 what appears to be a pointer to a bump-allocated block of memory, we pin that block so 18939 that it will not be copied for this round of collection. 18940 -We also pin any oversize blocks that we encounter, which effectively doubles as a 18941 "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying 18942 are given back to the OS. 18943 -Marking threads are now also responsible for copying bump-allocated objects to newSpace 18944 -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters. 18945 -When that block fills up, the marking thread gives it back to the allocator and requests a new one. 18946 -When all marking has concluded, each thread gives back its copy block, even if it isn't full. 18947 -At the conclusion of copying (which is done by the end of the marking phase), we un-pin 18948 any pinned blocks and give any blocks left in from-space to the global free list. 18949 18950 * CMakeLists.txt: 18951 * GNUmakefile.list.am: 18952 * JavaScriptCore.gypi: 18953 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 18954 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 18955 * JavaScriptCore.xcodeproj/project.pbxproj: 18956 * Target.pri: 18957 * heap/AllocationSpace.cpp: 18958 (JSC::AllocationSpace::allocateSlowCase): 18959 (JSC::AllocationSpace::allocateBlock): 18960 (JSC::AllocationSpace::freeBlocks): 18961 * heap/AllocationSpace.h: 18962 (JSC::AllocationSpace::waterMark): 18963 * heap/BumpBlock.h: Added. 18964 (JSC::BumpBlock::BumpBlock): 18965 * heap/BumpSpace.cpp: Added. 18966 (JSC::BumpSpace::tryAllocateSlowCase): 18967 * heap/BumpSpace.h: Added. 18968 (JSC::BumpSpace::isInCopyPhase): 18969 (JSC::BumpSpace::totalMemoryAllocated): 18970 (JSC::BumpSpace::totalMemoryUtilized): 18971 * heap/BumpSpaceInlineMethods.h: Added. 18972 (JSC::BumpSpace::BumpSpace): 18973 (JSC::BumpSpace::init): 18974 (JSC::BumpSpace::contains): 18975 (JSC::BumpSpace::pin): 18976 (JSC::BumpSpace::startedCopying): 18977 (JSC::BumpSpace::doneCopying): 18978 (JSC::BumpSpace::doneFillingBlock): 18979 (JSC::BumpSpace::recycleBlock): 18980 (JSC::BumpSpace::getFreshBlock): 18981 (JSC::BumpSpace::borrowBlock): 18982 (JSC::BumpSpace::addNewBlock): 18983 (JSC::BumpSpace::allocateNewBlock): 18984 (JSC::BumpSpace::fitsInBlock): 18985 (JSC::BumpSpace::fitsInCurrentBlock): 18986 (JSC::BumpSpace::tryAllocate): 18987 (JSC::BumpSpace::tryAllocateOversize): 18988 (JSC::BumpSpace::allocateFromBlock): 18989 (JSC::BumpSpace::tryReallocate): 18990 (JSC::BumpSpace::tryReallocateOversize): 18991 (JSC::BumpSpace::isOversize): 18992 (JSC::BumpSpace::isPinned): 18993 (JSC::BumpSpace::oversizeBlockFor): 18994 (JSC::BumpSpace::blockFor): 18995 * heap/ConservativeRoots.cpp: 18996 (JSC::ConservativeRoots::ConservativeRoots): 18997 (JSC::ConservativeRoots::genericAddPointer): 18998 (JSC::ConservativeRoots::add): 18999 * heap/ConservativeRoots.h: 19000 * heap/Heap.cpp: 19001 (JSC::Heap::Heap): 19002 (JSC::Heap::blockFreeingThreadMain): 19003 (JSC::Heap::reportExtraMemoryCostSlowCase): 19004 (JSC::Heap::getConservativeRegisterRoots): 19005 (JSC::Heap::markRoots): 19006 (JSC::Heap::collect): 19007 (JSC::Heap::releaseFreeBlocks): 19008 * heap/Heap.h: 19009 (JSC::Heap::waterMark): 19010 (JSC::Heap::highWaterMark): 19011 (JSC::Heap::setHighWaterMark): 19012 (JSC::Heap::tryAllocateStorage): 19013 (JSC::Heap::tryReallocateStorage): 19014 * heap/HeapBlock.h: Added. 19015 (JSC::HeapBlock::HeapBlock): 19016 * heap/MarkStack.cpp: 19017 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): 19018 (JSC::SlotVisitor::drain): 19019 (JSC::SlotVisitor::drainFromShared): 19020 (JSC::SlotVisitor::startCopying): 19021 (JSC::SlotVisitor::allocateNewSpace): 19022 (JSC::SlotVisitor::copy): 19023 (JSC::SlotVisitor::copyAndAppend): 19024 (JSC::SlotVisitor::doneCopying): 19025 * heap/MarkStack.h: 19026 * heap/MarkedBlock.cpp: 19027 (JSC::MarkedBlock::recycle): 19028 (JSC::MarkedBlock::MarkedBlock): 19029 * heap/MarkedBlock.h: 19030 * heap/MarkedSpace.cpp: 19031 (JSC::MarkedSpace::MarkedSpace): 19032 * heap/MarkedSpace.h: 19033 (JSC::MarkedSpace::allocate): 19034 (JSC::MarkedSpace::forEachBlock): 19035 (JSC::MarkedSpace::SizeClass::resetAllocator): 19036 * heap/SlotVisitor.h: 19037 (JSC::SlotVisitor::SlotVisitor): 19038 * heap/TinyBloomFilter.h: 19039 (JSC::TinyBloomFilter::reset): 19040 * runtime/JSArray.cpp: 19041 (JSC::JSArray::JSArray): 19042 (JSC::JSArray::finishCreation): 19043 (JSC::JSArray::tryFinishCreationUninitialized): 19044 (JSC::JSArray::~JSArray): 19045 (JSC::JSArray::enterSparseMode): 19046 (JSC::JSArray::defineOwnNumericProperty): 19047 (JSC::JSArray::setLengthWritable): 19048 (JSC::JSArray::getOwnPropertySlotByIndex): 19049 (JSC::JSArray::getOwnPropertyDescriptor): 19050 (JSC::JSArray::putByIndexBeyondVectorLength): 19051 (JSC::JSArray::deletePropertyByIndex): 19052 (JSC::JSArray::getOwnPropertyNames): 19053 (JSC::JSArray::increaseVectorLength): 19054 (JSC::JSArray::unshiftCountSlowCase): 19055 (JSC::JSArray::setLength): 19056 (JSC::JSArray::pop): 19057 (JSC::JSArray::unshiftCount): 19058 (JSC::JSArray::visitChildren): 19059 (JSC::JSArray::sortNumeric): 19060 (JSC::JSArray::sort): 19061 (JSC::JSArray::compactForSorting): 19062 (JSC::JSArray::subclassData): 19063 (JSC::JSArray::setSubclassData): 19064 (JSC::JSArray::checkConsistency): 19065 * runtime/JSArray.h: 19066 (JSC::JSArray::inSparseMode): 19067 (JSC::JSArray::isLengthWritable): 19068 * wtf/CheckedBoolean.h: Added. 19069 (CheckedBoolean::CheckedBoolean): 19070 (CheckedBoolean::~CheckedBoolean): 19071 (CheckedBoolean::operator bool): 19072 * wtf/DoublyLinkedList.h: 19073 (WTF::::push): 19074 * wtf/StdLibExtras.h: 19075 (WTF::isPointerAligned): 19076 190772012-01-19 Joi Sigurdsson <joi@chromium.org> 19078 19079 Enable use of precompiled headers in Chromium port on Windows. 19080 19081 Bug 76381 - Use precompiled headers in Chromium port on Windows 19082 https://bugs.webkit.org/show_bug.cgi?id=76381 19083 19084 Reviewed by Tony Chang. 19085 19086 * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi. 19087 190882012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu> 19089 19090 Cross-platform processor core counter fix 19091 https://bugs.webkit.org/show_bug.cgi?id=76540 19092 19093 Reviewed by Zoltan Herczeg. 19094 19095 I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)" 19096 and I removed the OS checking macros from ParallelJobsGeneric.cpp because 19097 the NumberOfCores.cpp contains them for counting CPU cores. 19098 The processor core counter patch located at 19099 https://bugs.webkit.org/show_bug.cgi?id=76530 19100 19101 * wtf/NumberOfCores.cpp: 19102 * wtf/ParallelJobsGeneric.cpp: 19103 191042012-01-18 Csaba Osztrogonác <ossy@webkit.org> 19105 19106 Cross-platform processor core counter 19107 https://bugs.webkit.org/show_bug.cgi?id=76530 19108 19109 Unreviewed cross-MinGW buildfix after r105270. 19110 19111 * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h. 19112 191132012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu> 19114 19115 Cross-platform processor core counter 19116 https://bugs.webkit.org/show_bug.cgi?id=76530 19117 19118 Reviewed by Zoltan Herczeg. 19119 19120 Two files have been created that include the processor core counter function. 19121 It used to be in ParallelJobsGeneric.h/cpp before. 19122 19123 * GNUmakefile.list.am: 19124 * JavaScriptCore.gypi: 19125 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 19126 * JavaScriptCore.xcodeproj/project.pbxproj: 19127 * runtime/Options.cpp: 19128 (JSC::Options::initializeOptions): 19129 * wtf/CMakeLists.txt: 19130 * wtf/NumberOfCores.cpp: Added. 19131 (WTF::numberOfProcessorCores): 19132 * wtf/NumberOfCores.h: Added. 19133 * wtf/ParallelJobsGeneric.cpp: 19134 (WTF::ParallelEnvironment::ParallelEnvironment): 19135 * wtf/ParallelJobsGeneric.h: 19136 191372012-01-18 Balazs Kelemen <kbalazs@webkit.org> 19138 19139 [Qt] Consolidate layout test crash logging 19140 https://bugs.webkit.org/show_bug.cgi?id=75088 19141 19142 Reviewed by Simon Hausmann. 19143 19144 Move backtrace generating logic into WTFReportBacktrace 19145 and add a way to deinstall signal handlers if we know 19146 that we have already printed the backtrace. 19147 19148 * JavaScriptCore.exp: 19149 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 19150 * wtf/Assertions.cpp: 19151 (WTFLogLocker::WTFReportBacktrace): 19152 (WTFLogLocker::WTFSetCrashHook): 19153 (WTFLogLocker::WTFInvokeCrashHook): 19154 * wtf/Assertions.h: 19155 191562012-01-17 Geoffrey Garen <ggaren@apple.com> 19157 19158 Factored out some code into a helper function. 19159 19160 I think this might help getting rid of omit-frame-pointer. 19161 19162 Reviewed by Sam Weinig. 19163 19164 No benchmark change. 19165 19166 * runtime/StringPrototype.cpp: 19167 (JSC::removeUsingRegExpSearch): Moved to here... 19168 (JSC::replaceUsingRegExpSearch): ...from here. 19169 191702012-01-17 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> 19171 19172 Uint8ClampedArray support 19173 https://bugs.webkit.org/show_bug.cgi?id=74455 19174 19175 Reviewed by Filip Pizlo. 19176 19177 * GNUmakefile.list.am: 19178 * JavaScriptCore.xcodeproj/project.pbxproj: 19179 * bytecode/PredictedType.cpp: 19180 (JSC::predictionToString): 19181 (JSC::predictionFromClassInfo): 19182 * bytecode/PredictedType.h: 19183 (JSC::isUint8ClampedArrayPrediction): 19184 (JSC::isActionableMutableArrayPrediction): 19185 * dfg/DFGAbstractState.cpp: 19186 (JSC::DFG::AbstractState::initialize): 19187 (JSC::DFG::AbstractState::execute): 19188 * dfg/DFGNode.h: 19189 (JSC::DFG::Node::shouldSpeculateUint8ClampedArray): 19190 * dfg/DFGPropagator.cpp: 19191 (JSC::DFG::Propagator::propagateNodePredictions): 19192 (JSC::DFG::Propagator::fixupNode): 19193 (JSC::DFG::Propagator::performNodeCSE): 19194 * dfg/DFGSpeculativeJIT.cpp: 19195 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 19196 (JSC::DFG::clampDoubleToByte): 19197 (JSC::DFG::compileClampIntegerToByte): 19198 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 19199 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 19200 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): 19201 * dfg/DFGSpeculativeJIT.h: 19202 * dfg/DFGSpeculativeJIT32_64.cpp: 19203 (JSC::DFG::SpeculativeJIT::compile): 19204 * dfg/DFGSpeculativeJIT64.cpp: 19205 (JSC::DFG::SpeculativeJIT::compile): 19206 * runtime/JSCell.h: 19207 * runtime/JSGlobalData.h: 19208 * wtf/Forward.h: 19209 * wtf/Uint8Array.h: 19210 * wtf/Uint8ClampedArray.h: Added. 19211 (WTF::Uint8ClampedArray::set): 19212 (WTF::Uint8ClampedArray::create): 19213 (WTF::Uint8ClampedArray::Uint8ClampedArray): 19214 (WTF::Uint8ClampedArray::subarray): 19215 192162012-01-17 Sam Weinig <sam@webkit.org> 19217 19218 Add helper macro for forward declaring objective-c classes 19219 https://bugs.webkit.org/show_bug.cgi?id=76485 19220 19221 Reviewed by Anders Carlsson. 19222 19223 * wtf/Compiler.h: 19224 Add OBJC_CLASS macro which helps reduce code when forward declaring an 19225 objective-c class in a header which can be included from both Objective-C 19226 and non-Objective-C files. 19227 192282012-01-17 Filip Pizlo <fpizlo@apple.com> 19229 19230 DFG should be able to do JS and custom getter caching 19231 https://bugs.webkit.org/show_bug.cgi?id=76361 19232 19233 Reviewed by Csaba Osztrogonác. 19234 19235 Fix for 32-bit. 19236 19237 * dfg/DFGRepatch.cpp: 19238 (JSC::DFG::tryBuildGetByIDList): 19239 * dfg/DFGSpeculativeJIT32_64.cpp: 19240 (JSC::DFG::SpeculativeJIT::compile): 19241 192422012-01-15 Filip Pizlo <fpizlo@apple.com> 19243 19244 DFG should be able to do JS and custom getter caching 19245 https://bugs.webkit.org/show_bug.cgi?id=76361 19246 <rdar://problem/10698060> 19247 19248 Reviewed by Geoff Garen. 19249 19250 Added the ability to cache JS getter calls and custom getter calls in the DFG. 19251 Most of this is pretty mundane, since the old JIT supported this functionality 19252 as well. But a couple interesting things had to happen: 19253 19254 - There are now two variants of GetById: GetById, which works as before, and 19255 GetByIdFlush, which flushes registers prior to doing the GetById. Only 19256 GetByIdFlush can be used for caching getters. We detect which GetById style 19257 to use by looking at the inline caches of the old JIT. 19258 19259 - Exception handling for getter calls planted in stubs uses a separate lookup 19260 handler routine, which uses the CodeOrigin stored in the StructureStubInfo. 19261 19262 This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of 19263 the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and 19264 Kraken. 19265 19266 * bytecode/StructureStubInfo.h: 19267 * dfg/DFGAbstractState.cpp: 19268 (JSC::DFG::AbstractState::execute): 19269 * dfg/DFGAssemblyHelpers.h: 19270 (JSC::DFG::AssemblyHelpers::emitExceptionCheck): 19271 * dfg/DFGByteCodeParser.cpp: 19272 (JSC::DFG::ByteCodeParser::willNeedFlush): 19273 (JSC::DFG::ByteCodeParser::parseBlock): 19274 * dfg/DFGCCallHelpers.h: 19275 (JSC::DFG::CCallHelpers::setupResults): 19276 * dfg/DFGJITCompiler.cpp: 19277 (JSC::DFG::JITCompiler::link): 19278 * dfg/DFGJITCompiler.h: 19279 (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): 19280 (JSC::DFG::JITCompiler::addExceptionCheck): 19281 * dfg/DFGNode.h: 19282 (JSC::DFG::Node::hasIdentifier): 19283 (JSC::DFG::Node::hasHeapPrediction): 19284 * dfg/DFGOperations.cpp: 19285 * dfg/DFGOperations.h: 19286 * dfg/DFGPropagator.cpp: 19287 (JSC::DFG::Propagator::propagateNodePredictions): 19288 * dfg/DFGRepatch.cpp: 19289 (JSC::DFG::tryCacheGetByID): 19290 (JSC::DFG::tryBuildGetByIDList): 19291 * dfg/DFGSpeculativeJIT.h: 19292 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): 19293 * dfg/DFGSpeculativeJIT32_64.cpp: 19294 (JSC::DFG::SpeculativeJIT::cachedGetById): 19295 (JSC::DFG::SpeculativeJIT::compile): 19296 * dfg/DFGSpeculativeJIT64.cpp: 19297 (JSC::DFG::SpeculativeJIT::cachedGetById): 19298 (JSC::DFG::SpeculativeJIT::compile): 19299 193002012-01-16 Jon Lee <jonlee@apple.com> 19301 19302 Build fix for r105086. 19303 19304 * Configurations/FeatureDefines.xcconfig: 19305 * wtf/Platform.h: 19306 193072012-01-16 Jon Lee <jonlee@apple.com> 19308 19309 Remove HTML notifications support on Mac 19310 https://bugs.webkit.org/show_bug.cgi?id=76401 19311 <rdar://problem/10589881> 19312 19313 Reviewed by Sam Weinig. 19314 19315 * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro. 19316 193172012-01-16 Zeno Albisser <zeno@webkit.org> 19318 19319 [Qt] Fix QT_VERSION related warnings when building on Mac OS X 19320 https://bugs.webkit.org/show_bug.cgi?id=76340 19321 19322 This bug was caused by r104826. 19323 As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239 19324 we should not use "using namespace WebCore" in header files, 19325 because it might cause ambiguous references. 19326 This patch reverts the changes from r104826 and r104981 19327 and removes the "using namespace WebCore" statement from 19328 two header files. 19329 19330 Reviewed by Tor Arne Vestbø. 19331 19332 * wtf/Platform.h: 19333 193342012-01-16 Carlos Garcia Campos <cgarcia@igalia.com> 19335 19336 Unreviewed. Fix make distcheck. 19337 19338 * GNUmakefile.list.am: Fix typo. 19339 193402012-01-16 Pavel Heimlich <tropikhajma@gmail.com> 19341 19342 Solaris Studio supports alignment macros too 19343 https://bugs.webkit.org/show_bug.cgi?id=75453 19344 19345 Reviewed by Hajime Morita. 19346 19347 * wtf/Alignment.h: 19348 193492012-01-16 Yuqiang Xian <yuqiang.xian@intel.com> 19350 19351 Build fix on 32bit if verbose debug is enabled in DFG 19352 https://bugs.webkit.org/show_bug.cgi?id=76351 19353 19354 Reviewed by Hajime Morita. 19355 19356 Mostly change "%lu" to "%zu" to print a "size_t" variable. 19357 19358 * dfg/DFGAbstractState.cpp: 19359 (JSC::DFG::AbstractState::endBasicBlock): 19360 * dfg/DFGByteCodeParser.cpp: 19361 (JSC::DFG::ByteCodeParser::handleCall): 19362 (JSC::DFG::ByteCodeParser::handleInlining): 19363 (JSC::DFG::ByteCodeParser::parseBlock): 19364 (JSC::DFG::ByteCodeParser::parseCodeBlock): 19365 * dfg/DFGGraph.cpp: 19366 (JSC::DFG::Graph::predictArgumentTypes): 19367 * dfg/DFGJITCompiler.cpp: 19368 (JSC::DFG::JITCompiler::link): 19369 * dfg/DFGOSREntry.cpp: 19370 (JSC::DFG::prepareOSREntry): 19371 193722012-01-15 Filip Pizlo <fpizlo@apple.com> 19373 19374 The C calling convention logic in DFG::SpeculativeJIT should be available even 19375 when not generating code for the DFG speculative path 19376 https://bugs.webkit.org/show_bug.cgi?id=76355 19377 19378 Reviewed by Dan Bernstein. 19379 19380 Moved all of the logic for placing C call arguments into the right place (stack 19381 or registers) into a new class, DFG::CCallHelpers. This class inherits from 19382 AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved 19383 this code into AssemblyHelpers, but decided against it, because I wanted to 19384 limit the number of methods each class in the JIT has. Hence now we have a 19385 slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction 19386 emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers 19387 (understands calls to C functions) <= JITCompiler (can compile a graph to machine 19388 code). Each of these except for JITCompiler can be reused for stub compilation. 19389 19390 * GNUmakefile.list.am: 19391 * JavaScriptCore.xcodeproj/project.pbxproj: 19392 * dfg/DFGCCallHelpers.h: Added. 19393 (JSC::DFG::CCallHelpers::CCallHelpers): 19394 (JSC::DFG::CCallHelpers::resetCallArguments): 19395 (JSC::DFG::CCallHelpers::addCallArgument): 19396 (JSC::DFG::CCallHelpers::setupArguments): 19397 (JSC::DFG::CCallHelpers::setupArgumentsExecState): 19398 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): 19399 (JSC::DFG::CCallHelpers::setupTwoStubArgs): 19400 (JSC::DFG::CCallHelpers::setupStubArguments): 19401 * dfg/DFGJITCompiler.h: 19402 (JSC::DFG::JITCompiler::JITCompiler): 19403 * dfg/DFGSpeculativeJIT.h: 19404 (JSC::DFG::SpeculativeJIT::callOperation): 19405 194062012-01-15 Pablo Flouret <pablof@motorola.com> 19407 19408 Fix compilation errors on build-webkit --debug --no-video on mac. 19409 https://bugs.webkit.org/show_bug.cgi?id=75867 19410 19411 Reviewed by Philippe Normand. 19412 19413 Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature 19414 doesn't build without video. 19415 19416 * wtf/Platform.h: 19417 194182012-01-14 David Levin <levin@chromium.org> 19419 19420 HWndDC should be in platform/win instead of wtf. 19421 https://bugs.webkit.org/show_bug.cgi?id=76314 19422 19423 Reviewed by Sam Weinig. 19424 19425 * JavaScriptCore.gyp/JavaScriptCore.gyp: 19426 * JavaScriptCore.gypi: 19427 194282012-01-13 David Levin <levin@chromium.org> 19429 19430 check-webkit-style: should encourage the use of Own* classes for Windows DC. 19431 https://bugs.webkit.org/show_bug.cgi?id=76227 19432 19433 Reviewed by Dirk Pranke. 19434 19435 * wtf/win/HWndDCWin.h: 19436 (WTF::HwndDC::HwndDC): Add a way to do GetDCEx. 19437 There are no users, but I want to catch this in check-webkit-style 19438 and tell any users to use HwndDC to avoid leaks. 19439 194402012-01-13 David Levin <levin@chromium.org> 19441 19442 Header file is missing header guard. 19443 19444 Reviewed by Dirk Pranke. 19445 19446 * wtf/win/HWndDCWin.h: Added the guards. 19447 194482012-01-13 Andy Wingo <wingo@igalia.com> 19449 19450 Eval in strict mode does not need dynamic checks 19451 https://bugs.webkit.org/show_bug.cgi?id=76286 19452 19453 Reviewed by Oliver Hunt. 19454 19455 * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation): 19456 Eval in strict mode cannot introduce variables, so it not impose 19457 the need for dynamic checks. 19458 194592012-01-13 David Levin <levin@chromium.org> 19460 19461 HWndDC is a better name than HwndDC. 19462 https://bugs.webkit.org/show_bug.cgi?id=76281 19463 19464 Reviewed by Darin Adler. 19465 19466 * JavaScriptCore.gyp/JavaScriptCore.gyp: 19467 * JavaScriptCore.gypi: 19468 * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h. 19469 (WTF::HWndDC::HWndDC): 19470 (WTF::HWndDC::~HWndDC): 19471 (WTF::HWndDC::operator HDC): 19472 194732012-01-13 YoungTaeck Song <youngtaeck.song@samsung.com> 19474 19475 [EFL] Add OwnPtr specialization for Eina_Module. 19476 https://bugs.webkit.org/show_bug.cgi?id=76255 19477 19478 Reviewed by Andreas Kling. 19479 19480 Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port. 19481 19482 * wtf/OwnPtrCommon.h: 19483 * wtf/efl/OwnPtrEfl.cpp: 19484 (WTF::deleteOwnedPtr): 19485 194862012-01-13 Yuqiang Xian <yuqiang.xian@intel.com> 19487 19488 Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined 19489 19490 * jit/JITStubs.cpp: 19491 (JSC::DEFINE_STUB_FUNCTION): 19492 194932012-01-12 Hajime Morrita <morrita@chromium.org> 19494 19495 JavaScriptCore: Mark all exported symbols in the header file automatically. 19496 https://bugs.webkit.org/show_bug.cgi?id=72855 19497 19498 Reviewed by Darin Adler. 19499 19500 Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files. 19501 The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables) 19502 19503 * API/OpaqueJSString.h: 19504 * bytecode/CodeBlock.h: 19505 * bytecode/SamplingTool.h: 19506 * debugger/Debugger.h: 19507 * debugger/DebuggerActivation.h: 19508 * debugger/DebuggerCallFrame.h: 19509 * heap/AllocationSpace.h: 19510 * heap/HandleHeap.h: 19511 * heap/Heap.h: 19512 * heap/MachineStackMarker.h: 19513 * heap/MarkStack.h: 19514 * heap/VTableSpectrum.h: 19515 * heap/WriteBarrierSupport.h: 19516 * parser/Nodes.h: 19517 * parser/ParserArena.h: 19518 * profiler/Profile.h: 19519 * runtime/ArgList.h: 19520 * runtime/CallData.h: 19521 * runtime/Completion.h: 19522 * runtime/ConstructData.h: 19523 * runtime/DateInstance.h: 19524 * runtime/Error.h: 19525 * runtime/ExceptionHelpers.h: 19526 * runtime/FunctionConstructor.h: 19527 * runtime/Identifier.h: 19528 * runtime/InitializeThreading.h: 19529 * runtime/InternalFunction.h: 19530 * runtime/JSArray.h: 19531 * runtime/JSByteArray.h: 19532 * runtime/JSCell.h: 19533 * runtime/JSFunction.h: 19534 * runtime/JSGlobalData.cpp: 19535 * runtime/JSGlobalData.h: 19536 * runtime/JSGlobalObject.h: 19537 * runtime/JSGlobalThis.h: 19538 * runtime/JSLock.h: 19539 * runtime/JSObject.h: 19540 * runtime/JSString.h: 19541 * runtime/JSValue.h: 19542 * runtime/JSVariableObject.h: 19543 * runtime/Lookup.h: 19544 * runtime/MemoryStatistics.h: 19545 * runtime/ObjectPrototype.h: 19546 * runtime/Options.h: 19547 * runtime/PropertyDescriptor.h: 19548 * runtime/PropertyNameArray.h: 19549 * runtime/PropertySlot.h: 19550 * runtime/RegExp.h: 19551 * runtime/RegExpObject.h: 19552 * runtime/SamplingCounter.h: 19553 * runtime/SmallStrings.h: 19554 * runtime/StringObject.h: 19555 * runtime/Structure.h: 19556 * runtime/TimeoutChecker.h: 19557 * runtime/UString.h: 19558 * runtime/WriteBarrier.h: 19559 * wtf/ArrayBufferView.h: 19560 * wtf/ByteArray.h: 19561 * wtf/CryptographicallyRandomNumber.h: 19562 * wtf/CurrentTime.h: 19563 * wtf/DateMath.h: 19564 * wtf/DecimalNumber.h: 19565 * wtf/FastMalloc.cpp: 19566 * wtf/FastMalloc.h: 19567 * wtf/MD5.h: 19568 * wtf/MainThread.h: 19569 * wtf/MetaAllocator.h: 19570 * wtf/MetaAllocatorHandle.h: 19571 * wtf/OSAllocator.h: 19572 * wtf/PageBlock.h: 19573 * wtf/RandomNumber.h: 19574 * wtf/RefCountedLeakCounter.h: 19575 * wtf/SHA1.h: 19576 * wtf/Threading.cpp: 19577 * wtf/Threading.h: 19578 * wtf/ThreadingPrimitives.h: 19579 * wtf/WTFThreadData.h: 19580 * wtf/dtoa.h: 19581 * wtf/text/AtomicString.h: 19582 * wtf/text/CString.h: 19583 * wtf/text/StringBuilder.h: 19584 * wtf/text/StringImpl.h: 19585 * wtf/text/WTFString.h: 19586 * wtf/unicode/Collator.h: 19587 * wtf/unicode/UTF8.h: 19588 * yarr/Yarr.h: 19589 * yarr/YarrPattern.h: 19590 195912012-01-12 MORITA Hajime <morrita@google.com> 19592 19593 [Chromium] JSExportMacros.h should be visible. 19594 https://bugs.webkit.org/show_bug.cgi?id=76147 19595 19596 Reviewed by Tony Chang. 19597 19598 * config.h: 19599 196002012-01-12 David Levin <levin@chromium.org> 19601 19602 HwndDC is a better name than OwnGetDC. 19603 https://bugs.webkit.org/show_bug.cgi?id=76235 19604 19605 Reviewed by Dmitry Titov. 19606 19607 This is a better name for two reasons: 19608 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC). 19609 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr) 19610 classes always take something to hold on to. In this case, the object (the DC) 19611 is created by the class once it is given a Window to ensure that the HDC 19612 was actually created using GetDC. 19613 19614 * JavaScriptCore.gyp/JavaScriptCore.gyp: 19615 * JavaScriptCore.gypi: 19616 * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h. 19617 (WTF::HwndDC::HwndDC): 19618 (WTF::HwndDC::~HwndDC): 19619 (WTF::HwndDC::operator HDC): 19620 196212012-01-12 Gavin Barraclough <barraclough@apple.com> 19622 19623 Clean up putDirect (part 2) 19624 https://bugs.webkit.org/show_bug.cgi?id=76232 19625 19626 Reviewed by Sam Weinig. 19627 19628 Rename putWithAttributes to putDirectVirtual, to identify that this 19629 has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal 19630 to be templated on an enum indicating which behaviour it is supposed to be 19631 implementing, and change clients that are defining properties to call 19632 putDirectInternal correctly. 19633 19634 * API/JSObjectRef.cpp: 19635 (JSObjectSetProperty): 19636 * JavaScriptCore.exp: 19637 * debugger/DebuggerActivation.cpp: 19638 (JSC::DebuggerActivation::putDirectVirtual): 19639 * debugger/DebuggerActivation.h: 19640 * interpreter/Interpreter.cpp: 19641 (JSC::Interpreter::execute): 19642 * runtime/ClassInfo.h: 19643 * runtime/Error.cpp: 19644 (JSC::addErrorInfo): 19645 * runtime/JSActivation.cpp: 19646 (JSC::JSActivation::putDirectVirtual): 19647 * runtime/JSActivation.h: 19648 * runtime/JSCell.cpp: 19649 (JSC::JSCell::putDirectVirtual): 19650 * runtime/JSCell.h: 19651 * runtime/JSGlobalObject.cpp: 19652 (JSC::JSGlobalObject::putDirectVirtual): 19653 * runtime/JSGlobalObject.h: 19654 * runtime/JSObject.cpp: 19655 (JSC::JSObject::put): 19656 (JSC::JSObject::putDirectVirtual): 19657 (JSC::JSObject::defineGetter): 19658 (JSC::JSObject::initializeGetterSetterProperty): 19659 (JSC::JSObject::defineSetter): 19660 (JSC::putDescriptor): 19661 * runtime/JSObject.h: 19662 (JSC::JSObject::putDirectInternal): 19663 (JSC::JSObject::putOwnDataProperty): 19664 (JSC::JSObject::putDirect): 19665 * runtime/JSStaticScopeObject.cpp: 19666 (JSC::JSStaticScopeObject::putDirectVirtual): 19667 * runtime/JSStaticScopeObject.h: 19668 * runtime/JSVariableObject.cpp: 19669 (JSC::JSVariableObject::putDirectVirtual): 19670 * runtime/JSVariableObject.h: 19671 196722012-01-12 Gavin Barraclough <barraclough@apple.com> 19673 19674 Clean up putDirect (part 1) 19675 https://bugs.webkit.org/show_bug.cgi?id=76232 19676 19677 Reviewed by Sam Weinig. 19678 19679 putDirect has ambiguous semantics, clean these up a bit. 19680 19681 putDirect generally behaves a bit like a fast defineOwnProperty, but one that 19682 always creates the property, with no checking to validate the put it permitted. 19683 19684 It also encompasses two slightly different behaviors. 19685 (1) a fast form of put for JSActivation, which doesn't have to handle searching 19686 the prototype chain, getter/setter properties, or the magic __proto__ value. 19687 Break this out as a new method, 'putOwnDataProperty'. 19688 (2) the version of putDirect on JSValue will also check for overwriting ReadOnly 19689 values, in strict mode. This is, however, not so smart on a few level, since 19690 it is only called from op_put_by_id with direct set, which is only used with 19691 an object as the base, and is only used to put new properties onto objects. 19692 19693 * dfg/DFGOperations.cpp: 19694 * interpreter/Interpreter.cpp: 19695 (JSC::Interpreter::privateExecute): 19696 * jit/JITStubs.cpp: 19697 (JSC::DEFINE_STUB_FUNCTION): 19698 * runtime/JSActivation.cpp: 19699 (JSC::JSActivation::put): 19700 * runtime/JSFunction.cpp: 19701 (JSC::JSFunction::getOwnPropertySlot): 19702 * runtime/JSObject.h: 19703 (JSC::JSObject::putOwnDataProperty): 19704 * runtime/JSValue.h: 19705 197062012-01-12 Gavin Barraclough <barraclough@apple.com> 19707 19708 https://bugs.webkit.org/show_bug.cgi?id=76141 19709 defineSetter/defineGetter may fail to update Accessor attribute 19710 19711 Reviewed by Oliver Hunt. 19712 19713 * runtime/JSObject.cpp: 19714 (JSC::JSObject::defineGetter): 19715 (JSC::JSObject::initializeGetterSetterProperty): 19716 (JSC::JSObject::defineSetter): 19717 * runtime/Structure.cpp: 19718 (JSC::Structure::attributeChangeTransition): 19719 * runtime/Structure.h: 19720 197212012-01-12 David Levin <levin@chromium.org> 19722 19723 [chromium] Fix DC leak in WebScreenInfoFactory. 19724 https://bugs.webkit.org/show_bug.cgi?id=76203 19725 19726 Reviewed by Dmitry Titov. 19727 19728 * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h 19729 * JavaScriptCore.gypi: Added OwnGetDCWin.h 19730 * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC. 19731 197322012-01-11 Gavin Barraclough <barraclough@apple.com> 19733 19734 Allow accessor get/set property to be set to undefined 19735 https://bugs.webkit.org/show_bug.cgi?id=76148 19736 19737 Reviewed by Oliver Hunt. 19738 19739 AccessorDescriptor properties may have their get & set properties defined to reference a function 19740 (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor 19741 (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of 19742 three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object). 19743 19744 On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and 19745 any JSObject* (with a constraint that this must be callable). 19746 19747 Logically the get/set property of an accessor descriptor on an object might be in any of the three 19748 states above, but in practice there is no way to distinguish between the first two states. As such 19749 we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or 19750 undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value. 19751 19752 * runtime/GetterSetter.h: 19753 (JSC::GetterSetter::setGetter): 19754 (JSC::GetterSetter::setSetter): 19755 - Allow the getter/setter to be cleared. 19756 * runtime/JSArray.cpp: 19757 (JSC::JSArray::putDescriptor): 19758 - Changed to call getterObject/setterObject. 19759 (JSC::JSArray::defineOwnNumericProperty): 19760 - Added ASSERT. 19761 * runtime/JSObject.cpp: 19762 (JSC::putDescriptor): 19763 (JSC::JSObject::defineOwnProperty): 19764 - Changed to call getterObject/setterObject. 19765 * runtime/ObjectConstructor.cpp: 19766 (JSC::objectConstructorGetOwnPropertyDescriptor): 19767 - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'. 19768 (JSC::toPropertyDescriptor): 19769 - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined. 19770 * runtime/PropertyDescriptor.cpp: 19771 (JSC::PropertyDescriptor::getterObject): 19772 (JSC::PropertyDescriptor::setterObject): 19773 - Accessors to convert the get/set property to an object pointer, converting undefined to 0. 19774 (JSC::PropertyDescriptor::setDescriptor): 19775 (JSC::PropertyDescriptor::setAccessorDescriptor): 19776 - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present. 19777 * runtime/PropertyDescriptor.h: 19778 - Declare getterObject/setterObject. 19779 197802012-01-12 Zeno Albisser <zeno@webkit.org> 19781 19782 [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560. 19783 https://bugs.webkit.org/show_bug.cgi?id=76175 19784 19785 Defining ENABLE_CSS_FILTERS leads to ambiguous references 19786 due to MacTypes.h being included. 19787 Defining CF_OPEN_SOURCE works around this problem. 19788 19789 Reviewed by Simon Hausmann. 19790 19791 * wtf/Platform.h: 19792 197932012-01-12 Simon Hausmann <simon.hausmann@nokia.com> 19794 19795 Make the new WTF module build on Qt 19796 https://bugs.webkit.org/show_bug.cgi?id=76163 19797 19798 Reviewed by Tor Arne Vestbø. 19799 19800 * JavaScriptCore.pro: Removed wtf from the subdirs to build. 19801 198022012-01-11 Filip Pizlo <fpizlo@apple.com> 19803 19804 CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter 19805 https://bugs.webkit.org/show_bug.cgi?id=76144 19806 <rdar://problem/10681711> 19807 19808 Rubber stamped by Gavin Barraclough. 19809 19810 * bytecode/CodeBlock.h: 19811 (JSC::CodeBlock::addressOfJITExecuteCounter): 19812 (JSC::CodeBlock::offsetOfJITExecuteCounter): 19813 (JSC::CodeBlock::jitExecuteCounter): 19814 (JSC::CodeBlock::optimizeNextInvocation): 19815 (JSC::CodeBlock::dontOptimizeAnytimeSoon): 19816 (JSC::CodeBlock::optimizeAfterWarmUp): 19817 (JSC::CodeBlock::optimizeAfterLongWarmUp): 19818 (JSC::CodeBlock::optimizeSoon): 19819 * dfg/DFGOSRExitCompiler32_64.cpp: 19820 (JSC::DFG::OSRExitCompiler::compileExit): 19821 * dfg/DFGOSRExitCompiler64.cpp: 19822 (JSC::DFG::OSRExitCompiler::compileExit): 19823 * jit/JIT.cpp: 19824 (JSC::JIT::emitOptimizationCheck): 19825 198262012-01-11 Gavin Barraclough <barraclough@apple.com> 19827 19828 Merge 'Getter'/'Setter' attributes into 'Accessor' 19829 https://bugs.webkit.org/show_bug.cgi?id=76141 19830 19831 Reviewed by Filip Pizlo. 19832 19833 These are currently ambiguous (and used inconsistently). It would logically appear 19834 that either being bit set implies that the corresponding type of accessor is present 19835 but (a) we don't correctly enforce this, and (b) this means the attributes would not 19836 be able to distinguish between a data descriptor and an accessor descriptor with 19837 neither a getter nor setter defined (which is a descriptor permissible under the spec). 19838 This ambiguity would lead to unsafe property caching behavior (though this does not 19839 represent an actual current bug, since we are currently unable to create descriptors 19840 that have neither a getter nor setter, it just prevents us from doing so). 19841 19842 * runtime/Arguments.cpp: 19843 (JSC::Arguments::createStrictModeCallerIfNecessary): 19844 (JSC::Arguments::createStrictModeCalleeIfNecessary): 19845 * runtime/JSArray.cpp: 19846 (JSC::SparseArrayValueMap::put): 19847 (JSC::JSArray::putDescriptor): 19848 * runtime/JSBoundFunction.cpp: 19849 (JSC::JSBoundFunction::finishCreation): 19850 * runtime/JSFunction.cpp: 19851 (JSC::JSFunction::getOwnPropertySlot): 19852 (JSC::JSFunction::getOwnPropertyDescriptor): 19853 * runtime/JSObject.cpp: 19854 (JSC::JSObject::defineGetter): 19855 (JSC::JSObject::initializeGetterSetterProperty): 19856 (JSC::JSObject::defineSetter): 19857 (JSC::putDescriptor): 19858 (JSC::JSObject::defineOwnProperty): 19859 * runtime/JSObject.h: 19860 * runtime/ObjectConstructor.cpp: 19861 (JSC::objectConstructorDefineProperty): 19862 * runtime/PropertyDescriptor.cpp: 19863 (JSC::PropertyDescriptor::setDescriptor): 19864 (JSC::PropertyDescriptor::setAccessorDescriptor): 19865 (JSC::PropertyDescriptor::setSetter): 19866 (JSC::PropertyDescriptor::setGetter): 19867 (JSC::PropertyDescriptor::attributesOverridingCurrent): 19868 198692012-01-11 Gavin Barraclough <barraclough@apple.com> 19870 19871 Object.defineProperty([], 'length', {}) should not make length read-only 19872 https://bugs.webkit.org/show_bug.cgi?id=76097 19873 19874 Reviewed by Oliver Hunt. 19875 19876 * runtime/JSArray.cpp: 19877 (JSC::JSArray::defineOwnProperty): 19878 - We should be checking writablePresent(). 19879 198802012-01-11 Filip Pizlo <fpizlo@apple.com> 19881 19882 Code duplication for invoking the JIT and DFG should be reduced 19883 https://bugs.webkit.org/show_bug.cgi?id=76117 19884 <rdar://problem/10680189> 19885 19886 Rubber stamped by Geoff Garen. 19887 19888 * GNUmakefile.list.am: 19889 * JavaScriptCore.xcodeproj/project.pbxproj: 19890 * jit/JITDriver.h: Added. 19891 (JSC::jitCompileIfAppropriate): 19892 (JSC::jitCompileFunctionIfAppropriate): 19893 * runtime/Executable.cpp: 19894 (JSC::EvalExecutable::compileInternal): 19895 (JSC::ProgramExecutable::compileInternal): 19896 (JSC::FunctionExecutable::compileForCallInternal): 19897 (JSC::FunctionExecutable::compileForConstructInternal): 19898 198992012-01-11 Geoffrey Garen <ggaren@apple.com> 19900 19901 Bytecode dumping is broken for call opcodes (due to two new operands) 19902 https://bugs.webkit.org/show_bug.cgi?id=75886 19903 19904 Reviewed by Oliver Hunt. 19905 19906 * bytecode/CodeBlock.cpp: 19907 (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have 19908 to fix this more than once. The helper function skips the extra two operands 19909 at the end of the opcode, used for optimization. 19910 19911 (JSC::CodeBlock::dump): Used the helper function. 19912 19913 * bytecode/CodeBlock.h: Declared the helper function. 19914 199152012-01-09 Geoffrey Garen <ggaren@apple.com> 19916 19917 REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken) 19918 https://bugs.webkit.org/show_bug.cgi?id=75911 19919 19920 * bytecompiler/BytecodeGenerator.h: 19921 (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to 19922 explicitly cast to our return type in C++. 19923 19924 * bytecompiler/NodesCodegen.cpp: 19925 (JSC::FunctionCallResolveNode::emitBytecode): 19926 (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function 19927 into a temporary register before evaluating our arguments, since argument 19928 evaluation might include function calls or assignments that overwrite our callee by name. 19929 199302012-01-11 Michael Saboff <msaboff@apple.com> 19931 19932 v8-regexp spends 35% of its time allocating and copying internal regexp results data 19933 https://bugs.webkit.org/show_bug.cgi?id=76079 19934 19935 Reviewed by Geoffrey Garen. 19936 19937 Added a new RegExpResults struct that has the input string, the number of 19938 subexpressions and the output vector. Changed RegExpConstructor to 19939 include a RegExpConstructorPrivate instead of having a reference to one. 19940 Changed RegExpMatchesArray to include a RegExpResults instead of a 19941 reference to a RegExpConstructorPrivate. Created an overloaded assignment 19942 operator to assign a RegExpConstructorPrivate to a RegExpResults. 19943 Collectively this change is worth 24% performance improvement to v8-regexp. 19944 19945 * runtime/RegExpConstructor.cpp: 19946 (JSC::RegExpResult::operator=): 19947 (JSC::RegExpConstructor::RegExpConstructor): 19948 (JSC::RegExpMatchesArray::RegExpMatchesArray): 19949 (JSC::RegExpMatchesArray::finishCreation): 19950 (JSC::RegExpMatchesArray::~RegExpMatchesArray): 19951 (JSC::RegExpMatchesArray::fillArrayInstance): 19952 (JSC::RegExpConstructor::arrayOfMatches): 19953 (JSC::RegExpConstructor::getBackref): 19954 (JSC::RegExpConstructor::getLastParen): 19955 (JSC::RegExpConstructor::getLeftContext): 19956 (JSC::RegExpConstructor::getRightContext): 19957 (JSC::RegExpConstructor::setInput): 19958 (JSC::RegExpConstructor::input): 19959 (JSC::RegExpConstructor::setMultiline): 19960 (JSC::RegExpConstructor::multiline): 19961 * runtime/RegExpConstructor.h: 19962 (JSC::RegExpResult::RegExpResult): 19963 (JSC::RegExpConstructor::performMatch): 19964 * runtime/RegExpMatchesArray.h: 19965 (JSC::RegExpMatchesArray::create): 19966 (JSC::RegExpMatchesArray::getOwnPropertySlot): 19967 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): 19968 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): 19969 (JSC::RegExpMatchesArray::put): 19970 (JSC::RegExpMatchesArray::putByIndex): 19971 (JSC::RegExpMatchesArray::deleteProperty): 19972 (JSC::RegExpMatchesArray::deletePropertyByIndex): 19973 (JSC::RegExpMatchesArray::getOwnPropertyNames): 19974 199752012-01-11 Eugene Girard <girard@google.com> 19976 19977 Typo in error message: Unexpected token 'defualt' 19978 https://bugs.webkit.org/show_bug.cgi?id=75105 19979 19980 Reviewed by Simon Fraser. 19981 19982 * parser/Parser.h: 19983 (JSC::Parser::getTokenName): 19984 199852012-01-11 Anders Carlsson <andersca@apple.com> 19986 19987 Assertion failure in JSC::allocateCell trying to allocate a JSString 19988 https://bugs.webkit.org/show_bug.cgi?id=76101 19989 19990 Reviewed by Adam Roben. 19991 19992 Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and 19993 export them explicitly using the JS_EXPORTDATA macro. 19994 19995 member variables explicitly using 19996 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 19997 * runtime/Executable.h: 19998 * runtime/JSString.h: 19999 200002012-01-10 Mark Rowe <mrowe@apple.com> 20001 20002 <rdar://problem/10673792> jsc should install directly in to versioned Resources subfolder 20003 20004 This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT 20005 as JavaScriptCore.framework or in to a different one. 20006 20007 Rubber-stamped by Dan Bernstein. 20008 20009 * Configurations/JSC.xcconfig: Update INSTALL_PATH. 20010 200112012-01-10 Filip Pizlo <fpizlo@apple.com> 20012 20013 DFG inlining block linking compares BlockIndex against bytecode index 20014 https://bugs.webkit.org/show_bug.cgi?id=76018 20015 <rdar://problem/10671979> 20016 20017 Reviewed by Gavin Barraclough. 20018 20019 * dfg/DFGByteCodeParser.cpp: 20020 (JSC::DFG::ByteCodeParser::parseCodeBlock): 20021 200222012-01-10 Filip Pizlo <fpizlo@apple.com> 20023 20024 CodeBlock.h declares too many things 20025 https://bugs.webkit.org/show_bug.cgi?id=76001 20026 20027 Rubber stamped by Gavin Barraclough. 20028 20029 Removed all non-CodeBlock type declarations from CodeBlock.h, and put them 20030 into separate header files. Also removed all non-CodeBlock method implementations 20031 from CodeBlock.cpp and put them into corresponding cpp files. 20032 20033 * CMakeLists.txt: 20034 * GNUmakefile.list.am: 20035 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 20036 * JavaScriptCore.xcodeproj/project.pbxproj: 20037 * Target.pri: 20038 * assembler/RepatchBuffer.h: 20039 * bytecode/CallLinkInfo.cpp: Added. 20040 (JSC::CallLinkInfo::unlink): 20041 * bytecode/CallLinkInfo.h: Added. 20042 (JSC::CallLinkInfo::callTypeFor): 20043 (JSC::CallLinkInfo::CallLinkInfo): 20044 (JSC::CallLinkInfo::~CallLinkInfo): 20045 (JSC::CallLinkInfo::isLinked): 20046 (JSC::CallLinkInfo::seenOnce): 20047 (JSC::CallLinkInfo::setSeen): 20048 (JSC::getCallLinkInfoReturnLocation): 20049 (JSC::getCallLinkInfoBytecodeIndex): 20050 * bytecode/CallReturnOffsetToBytecodeOffset.h: Added. 20051 (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset): 20052 (JSC::getCallReturnOffset): 20053 * bytecode/CodeBlock.cpp: 20054 * bytecode/CodeBlock.h: 20055 * bytecode/CodeType.h: Added. 20056 * bytecode/ExpressionRangeInfo.h: Added. 20057 * bytecode/GlobalResolveInfo.h: Added. 20058 (JSC::GlobalResolveInfo::GlobalResolveInfo): 20059 * bytecode/HandlerInfo.h: Added. 20060 * bytecode/LineInfo.h: Added. 20061 * bytecode/MethodCallLinkInfo.cpp: Added. 20062 (JSC::MethodCallLinkInfo::reset): 20063 * bytecode/MethodCallLinkInfo.h: Added. 20064 (JSC::MethodCallLinkInfo::MethodCallLinkInfo): 20065 (JSC::MethodCallLinkInfo::seenOnce): 20066 (JSC::MethodCallLinkInfo::setSeen): 20067 (JSC::getMethodCallLinkInfoReturnLocation): 20068 (JSC::getMethodCallLinkInfoBytecodeIndex): 20069 * bytecode/StructureStubInfo.h: 20070 (JSC::getStructureStubInfoReturnLocation): 20071 (JSC::getStructureStubInfoBytecodeIndex): 20072 200732012-01-10 Anders Carlsson <andersca@apple.com> 20074 20075 Hang opening movie that requires authentication 20076 https://bugs.webkit.org/show_bug.cgi?id=75989 20077 <rdar://problem/9601915> 20078 20079 Reviewed by Sam Weinig. 20080 20081 * wtf/Functional.h: 20082 Add function wrapper for a function that takes three parameters. 20083 200842012-01-10 Filip Pizlo <fpizlo@apple.com> 20085 20086 CodeBlock::m_numParameters should be encapsulated 20087 https://bugs.webkit.org/show_bug.cgi?id=75985 20088 <rdar://problem/10671020> 20089 20090 Reviewed by Oliver Hunt. 20091 20092 Encapsulated CodeBlock::m_numParameters and hooked argument profile creation 20093 into it. This appears to be performance neutral. 20094 20095 * bytecode/CodeBlock.cpp: 20096 (JSC::CodeBlock::CodeBlock): 20097 (JSC::CodeBlock::setNumParameters): 20098 (JSC::CodeBlock::addParameter): 20099 * bytecode/CodeBlock.h: 20100 (JSC::CodeBlock::numParameters): 20101 (JSC::CodeBlock::addressOfNumParameters): 20102 (JSC::CodeBlock::offsetOfNumParameters): 20103 (JSC::CodeBlock::numberOfArgumentValueProfiles): 20104 * bytecompiler/BytecodeGenerator.cpp: 20105 (JSC::BytecodeGenerator::BytecodeGenerator): 20106 (JSC::BytecodeGenerator::addParameter): 20107 (JSC::BytecodeGenerator::emitReturn): 20108 * dfg/DFGAbstractState.cpp: 20109 (JSC::DFG::AbstractState::AbstractState): 20110 * dfg/DFGByteCodeParser.cpp: 20111 (JSC::DFG::ByteCodeParser::ByteCodeParser): 20112 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 20113 * dfg/DFGGraph.cpp: 20114 (JSC::DFG::Graph::predictArgumentTypes): 20115 * dfg/DFGJITCompiler.cpp: 20116 (JSC::DFG::JITCompiler::compileFunction): 20117 * dfg/DFGOperations.cpp: 20118 * dfg/DFGSpeculativeJIT.cpp: 20119 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 20120 * dfg/DFGSpeculativeJIT.h: 20121 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 20122 * interpreter/Interpreter.cpp: 20123 (JSC::Interpreter::slideRegisterWindowForCall): 20124 (JSC::Interpreter::dumpRegisters): 20125 (JSC::Interpreter::execute): 20126 (JSC::Interpreter::prepareForRepeatCall): 20127 * jit/JIT.cpp: 20128 (JSC::JIT::privateCompile): 20129 * jit/JITStubs.cpp: 20130 (JSC::arityCheckFor): 20131 (JSC::lazyLinkFor): 20132 * runtime/Executable.cpp: 20133 (JSC::FunctionExecutable::compileForCallInternal): 20134 (JSC::FunctionExecutable::compileForConstructInternal): 20135 201362012-01-10 Gavin Barraclough <barraclough@apple.com> 20137 20138 Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935 20139 20140 Fix 32-bit builds. 20141 20142 * runtime/JSArray.cpp: 20143 (JSC::JSArray::getOwnPropertyNames): 20144 (JSC::JSArray::setLength): 20145 201462012-01-10 Gavin Barraclough <barraclough@apple.com> 20147 20148 Windows build fix. 20149 20150 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 20151 201522012-01-10 Gavin Barraclough <barraclough@apple.com> 20153 20154 Do not allow Array length to be set if it is non-configurable 20155 https://bugs.webkit.org/show_bug.cgi?id=75935 20156 20157 Reviewed by Sam Weinig. 20158 20159 Do not allow Array length to be set if it is non-configurable, and if the new 20160 length is less than the old length then intervening properties should removed 20161 in reverse order. Removal of properties should cease if an intervening indexed 20162 property being removed is non-configurable. 20163 20164 * JavaScriptCore.exp: 20165 - Removed export for setLength. 20166 * runtime/ArrayPrototype.cpp: 20167 (JSC::arrayProtoFuncConcat): 20168 - JSArray::setLength now takes an ExecState* 20169 (JSC::arrayProtoFuncSlice): 20170 - JSArray::setLength now takes an ExecState* 20171 * runtime/JSArray.cpp: 20172 (JSC::JSArray::defineOwnProperty): 20173 - JSArray::setLength now takes an ExecState* 20174 (JSC::JSArray::put): 20175 - JSArray::setLength now takes an ExecState* 20176 (JSC::compareKeysForQSort): 20177 - Keys extracted from the map can be stored as unsigneds. 20178 (JSC::JSArray::getOwnPropertyNames): 20179 - Keys extracted from the map can be stored as unsigneds. 20180 (JSC::JSArray::setLength): 20181 - Check lengthIsReadOnly(), rather than copying the entire map to iterate 20182 over to determine which keys to remove, instead just copy the keys from 20183 the map to a Vector. When inSparseMode sort the keys in the Vector so 20184 that we can remove properties in reverse order. 20185 * runtime/JSArray.h: 20186 - JSArray::setLength now takes an ExecState* 20187 201882012-01-10 Gavin Barraclough <barraclough@apple.com> 20189 20190 Use SameValue to compare property descriptor values 20191 https://bugs.webkit.org/show_bug.cgi?id=75975 20192 20193 Reviewed by Sam Weinig. 20194 20195 Rather than strictEqual. 20196 20197 * runtime/JSArray.cpp: 20198 (JSC::JSArray::defineOwnNumericProperty): 20199 - Missing configurablePresent() check. 20200 * runtime/JSObject.cpp: 20201 (JSC::JSObject::defineOwnProperty): 20202 - call sameValue. 20203 * runtime/PropertyDescriptor.cpp: 20204 (JSC::sameValue): 20205 - Moved from JSArray.cpp, fix NaN comparison. 20206 (JSC::PropertyDescriptor::equalTo): 20207 - call sameValue. 20208 * runtime/PropertyDescriptor.h: 20209 - Added declaration for sameValue. 202102012-01-09 Gavin Barraclough <barraclough@apple.com> 20211 20212 Error handling : in ISO8601 timezone 20213 https://bugs.webkit.org/show_bug.cgi?id=75919 20214 20215 Reviewed by Sam Weinig. 20216 20217 * wtf/DateMath.cpp: 20218 (WTF::parseDateFromNullTerminatedCharacters): 20219 - need to increment the string position. 20220 202212012-01-09 Mark Rowe <mrowe@apple.com> 20222 20223 JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target 20224 <http://webkit.org/b/75907> / <rdar://problem/10659862> 20225 20226 We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit 20227 dependencies prevent this. 20228 20229 Reviewed by Dan Bernstein. 20230 20231 * JavaScriptCore.xcodeproj/project.pbxproj: 20232 202332012-01-09 Adam Treat <atreat@rim.com> 20234 20235 Log is a little to verbose for blackberry port 20236 https://bugs.webkit.org/show_bug.cgi?id=75728 20237 20238 The BlackBerry::Platform::Log* functions take care of the call to vfprintf 20239 which is resulting in unintentional noise in our logs. Add a conditional 20240 directive to fix. 20241 20242 Change to using BlackBerry::Platform::logStreamV which does not insert 20243 threading info and newlines unlike BlackBerry::Platform::log. 20244 20245 Finally, add log locking and unlocking which the BlackBerry platform 20246 uses to ensure that N threads do not trample on each other's logs. 20247 20248 Reviewed by Rob Buis. 20249 20250 * wtf/Assertions.cpp: 20251 (WTFLogLocker::WTFReportAssertionFailure): 20252 (WTFLogLocker::WTFReportAssertionFailureWithMessage): 20253 (WTFLogLocker::WTFReportArgumentAssertionFailure): 20254 (WTFLogLocker::WTFReportFatalError): 20255 (WTFLogLocker::WTFReportError): 20256 (WTFLogLocker::WTFLog): 20257 (WTFLogLocker::WTFLogVerbose): 20258 202592012-01-09 Gavin Barraclough <barraclough@apple.com> 20260 20261 https://bugs.webkit.org/show_bug.cgi?id=75789 20262 defineOwnProperty not implemented for Array objects 20263 20264 Reviewed by Sam Weinig. 20265 20266 Implements support for getter/setter & non-default attribute properties on arrays, 20267 by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262 20268 test failures. 20269 20270 * JavaScriptCore.exp: 20271 - Updated exports. 20272 * dfg/DFGOperations.cpp: 20273 - JSArray::pop now requires an exec state. 20274 * runtime/ArrayPrototype.cpp: 20275 (JSC::arrayProtoFuncPop): 20276 - JSArray::pop now requires an exec state. 20277 * runtime/JSArray.cpp: 20278 (JSC::SparseArrayValueMap::add): 20279 - Add a potentially empty entry into the map. 20280 (JSC::SparseArrayValueMap::put): 20281 - Changed to call setter. 20282 (JSC::SparseArrayEntry::get): 20283 - calls getters. 20284 (JSC::SparseArrayEntry::getNonSparseMode): 20285 - does not call getters. 20286 (JSC::JSArray::enterSparseMode): 20287 - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated. 20288 (JSC::JSArray::putDescriptor): 20289 - Create a numeric property based on a descriptor. 20290 (JSC::sameValue): 20291 - See ES5.1 9.12. 20292 (JSC::reject): 20293 - Helper for the [[DefineOwnProperty]] algorithm. 20294 (JSC::JSArray::defineOwnNumericProperty): 20295 - Define an indexed property on an array object. 20296 (JSC::JSArray::setLengthWritable): 20297 - Marks the length read-only, enters SparseMode as necessary. 20298 (JSC::JSArray::defineOwnProperty): 20299 - Defines either an indexed property or 'length' on an array object. 20300 (JSC::JSArray::getOwnPropertySlotByIndex): 20301 - Updated to correctly handle accessor descriptors & attributes. 20302 (JSC::JSArray::getOwnPropertyDescriptor): 20303 - Updated to correctly handle accessor descriptors & attributes. 20304 (JSC::JSArray::put): 20305 - Pass strict mode flag to setLength. 20306 (JSC::JSArray::putByIndex): 20307 - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. 20308 (JSC::JSArray::putByIndexBeyondVectorLength): 20309 - Pass exec to SparseArrayValueMap::put. 20310 (JSC::JSArray::deletePropertyByIndex): 20311 - Do not allow deletion of non-configurable properties. 20312 (JSC::compareKeysForQSort): 20313 - used in implementation of getOwnPropertyNames. 20314 (JSC::JSArray::getOwnPropertyNames): 20315 - Properties in the sparse map should be iterated in order. 20316 (JSC::JSArray::setLength): 20317 - Updated to take a 'shouldThrow' flag, return a result indicating error. 20318 (JSC::JSArray::pop): 20319 - pop should throw an error if length is not writable, even if the array is empty. 20320 (JSC::JSArray::push): 20321 - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. 20322 (JSC::JSArray::sort): 20323 - Changed 'get' to 'getNonSparseMode' (can't be getters to call). 20324 (JSC::JSArray::compactForSorting): 20325 - Changed 'get' to 'getNonSparseMode' (can't be getters to call). 20326 * runtime/JSArray.h: 20327 (JSC::SparseArrayValueMap::lengthIsReadOnly): 20328 - Check if the length is read only. 20329 (JSC::SparseArrayValueMap::setLengthIsReadOnly): 20330 - Mark the length as read only. 20331 (JSC::SparseArrayValueMap::find): 20332 - Moved into header. 20333 (JSC::JSArray::isLengthWritable): 20334 - Wraps SparseArrayValueMap::lengthIsReadOnly. 20335 * runtime/JSObject.cpp: 20336 (JSC::JSObject::defineOwnProperty): 20337 - Should be returning the result of putDescriptor. 20338 * runtime/PropertyDescriptor.cpp: 20339 (JSC::PropertyDescriptor::attributesOverridingCurrent): 20340 - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride. 20341 * runtime/PropertyDescriptor.h: 20342 - Added attributesOverridingCurrent. 20343 203442012-01-09 Pavel Heimlich <tropikhajma@gmail.com> 20345 20346 There is no support for fastcall in Solaris Studio. 20347 Fixes build on Solaris. 20348 https://bugs.webkit.org/show_bug.cgi?id=75736 20349 20350 Reviewed by Gavin Barraclough. 20351 20352 * jit/JITStubs.h: 20353 203542012-01-09 Pavel Heimlich <tropikhajma@gmail.com> 20355 20356 Fix build failure on Solaris 20357 https://bugs.webkit.org/show_bug.cgi?id=75733 20358 20359 Reviewed by Gavin Barraclough. 20360 20361 * wtf/ByteArray.h: 20362 203632012-01-01 Raphael Kubo da Costa <kubo@profusion.mobi> 20364 20365 [CMake] Clean up some cruft from WTF's CMakeLists.txt 20366 https://bugs.webkit.org/show_bug.cgi?id=75420 20367 20368 Reviewed by Daniel Bates. 20369 20370 * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add 20371 all needed paths to WTF_INCLUDE_DIRECTORIES in a single place. 20372 203732012-01-08 Xianzhu Wang <wangxianzhu@chromium.org> 20374 20375 Fix compilation error about ListHashSetReverseIterator 20376 https://bugs.webkit.org/show_bug.cgi?id=75372 20377 20378 Reviewed by Darin Adler. 20379 20380 There is a typo in class ListHashSetReverseIterator: 20381 typedef ListHashSetConstIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator; 20382 Should be 20383 typedef ListHashSetConstReverseIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator; 20384 20385 * wtf/ListHashSet.h: 20386 203872012-01-08 Ryosuke Niwa <rniwa@webkit.org> 20388 20389 WinCE build fix after r104415. 20390 20391 * jit/JITExceptions.cpp: 20392 * jit/JITExceptions.h: 20393 203942012-01-08 Filip Pizlo <fpizlo@apple.com> 20395 20396 The JIT's protocol for exception handling should be available to other parts of the system 20397 https://bugs.webkit.org/show_bug.cgi?id=75808 20398 <rdar://problem/10661025> 20399 20400 Reviewed by Oliver Hunt. 20401 20402 * CMakeLists.txt: 20403 * GNUmakefile.list.am: 20404 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 20405 * JavaScriptCore.xcodeproj/project.pbxproj: 20406 * Target.pri: 20407 * jit/JITExceptions.cpp: Added. 20408 (JSC::genericThrow): 20409 (JSC::jitThrow): 20410 * jit/JITExceptions.h: Added. 20411 * jit/JITStubs.cpp: 20412 * runtime/JSGlobalData.h: 20413 204142012-01-06 Hajime Morrita <morrita@chromium.org> 20415 20416 https://bugs.webkit.org/show_bug.cgi?id=75296 20417 JSString should not have JS_EXPORTCLASS annotation 20418 20419 Reviewed by Kevin Ollivier. 20420 20421 * runtime/JSString.h: Removed JS_EXPORTCLASS annotation. 20422 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 20423 Added missing symbols which were hidden by JS_EXPORTCLASS. 20424 204252012-01-06 Michael Saboff <msaboff@apple.com> 20426 20427 JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound() 20428 https://bugs.webkit.org/show_bug.cgi?id=75757 20429 20430 Reviewed by Gavin Barraclough. 20431 20432 * runtime/JSArray.cpp: 20433 (JSC::JSArray::pop): Changed map->end() to map->notFound(). 20434 204352012-01-06 Filip Pizlo <fpizlo@apple.com> 20436 20437 JIT stub slow paths that would be identical to that of an interpreter should be factored out 20438 https://bugs.webkit.org/show_bug.cgi?id=75743 20439 <rdar://problem/10657024> 20440 20441 Reviewed by Geoff Garen. 20442 20443 * GNUmakefile.list.am: 20444 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 20445 * JavaScriptCore.xcodeproj/project.pbxproj: 20446 * jit/JITStubs.cpp: 20447 (JSC::DEFINE_STUB_FUNCTION): 20448 * runtime/CommonSlowPaths.h: Added. 20449 (JSC::CommonSlowPaths::opInstanceOfSlow): 20450 (JSC::CommonSlowPaths::opIn): 20451 (JSC::CommonSlowPaths::opResolve): 20452 (JSC::CommonSlowPaths::opResolveSkip): 20453 (JSC::CommonSlowPaths::opResolveWithBase): 20454 (JSC::CommonSlowPaths::opResolveWithThis): 20455 204562012-01-06 Sam Weinig <sam@webkit.org> 20457 20458 Fix windows build. 20459 20460 * wtf/TypeTraits.cpp: 20461 204622012-01-05 Michael Saboff <msaboff@apple.com> 20463 20464 Default HashTraits for Opcode don't work for Opcode = 0 20465 https://bugs.webkit.org/show_bug.cgi?id=75595 20466 20467 Reviewed by Oliver Hunt. 20468 20469 Removed the populating of the m_opcodeIDTable table in the 20470 case where the OpcodeID and Opcode are the same (m_enabled is false). 20471 Instead we just cast the one type to the other. 20472 20473 * interpreter/Interpreter.cpp: 20474 (JSC::Interpreter::initialize): 20475 (JSC::Interpreter::isOpcode): 20476 * interpreter/Interpreter.h: 20477 (JSC::Interpreter::getOpcodeID): 20478 204792012-01-06 Sam Weinig <sam@webkit.org> 20480 20481 Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr 20482 https://bugs.webkit.org/show_bug.cgi?id=75737 20483 20484 Reviewed by Anders Carlsson. 20485 20486 * wtf/TypeTraits.cpp: 20487 * wtf/TypeTraits.h: 20488 Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray 20489 is composed of some helpers which are also exposed, Conditional<>, which 20490 can provide one type or another based on a boolean predicate, IsArray<> 20491 which can deduce array types, and RemoveExtent<>, which removes the extent 20492 from an array type. 20493 204942012-01-06 Oliver Hunt <oliver@apple.com> 20495 20496 GetByteArrayLength is incorrect 20497 https://bugs.webkit.org/show_bug.cgi?id=75735 20498 20499 Reviewed by Filip Pizlo. 20500 20501 Load the byte array length from the correct location. 20502 This stops an existing test from hanging. 20503 20504 * dfg/DFGSpeculativeJIT32_64.cpp: 20505 (JSC::DFG::SpeculativeJIT::compile): 20506 * dfg/DFGSpeculativeJIT64.cpp: 20507 (JSC::DFG::SpeculativeJIT::compile): 20508 205092012-01-06 Filip Pizlo <fpizlo@apple.com> 20510 20511 Fix build. 20512 20513 * JavaScriptCore.xcodeproj/project.pbxproj: 20514 205152012-01-06 Oliver Hunt <oliver@apple.com> 20516 20517 DFG no longer optimises CanvasPixelArray 20518 https://bugs.webkit.org/show_bug.cgi?id=75729 20519 20520 Reviewed by Gavin Barraclough. 20521 20522 Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match 20523 the future name when we switch over to the new typed-array based 20524 ImageData specification. 20525 20526 * runtime/JSByteArray.cpp: 20527 205282012-01-06 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> 20529 20530 Use HashMap<OwnPtr> for SourceProviderCache items 20531 https://bugs.webkit.org/show_bug.cgi?id=75346 20532 20533 Reviewed by Daniel Bates. 20534 20535 * parser/Parser.cpp: 20536 * parser/SourceProviderCache.cpp: 20537 (JSC::SourceProviderCache::clear): 20538 (JSC::SourceProviderCache::add): 20539 * parser/SourceProviderCache.h: 20540 205412012-01-06 Sam Weinig <sam@webkit.org> 20542 20543 Remove unused OwnFastMallocPtr class. 20544 https://bugs.webkit.org/show_bug.cgi?id=75722 20545 20546 Reviewed by Geoffrey Garen. 20547 20548 * GNUmakefile.list.am: 20549 * JavaScriptCore.gypi: 20550 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 20551 * JavaScriptCore.xcodeproj/project.pbxproj: 20552 * wtf/CMakeLists.txt: 20553 * wtf/OwnFastMallocPtr.h: Removed. 20554 * wtf/text/StringImpl.h: 20555 * wtf/wtf.pro: 20556 205572012-01-06 Benjamin Poulain <bpoulain@webkit.org> 20558 20559 [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates 20560 https://bugs.webkit.org/show_bug.cgi?id=75631 20561 20562 Reviewed by Andreas Kling. 20563 20564 * JavaScriptCore.xcodeproj/project.pbxproj: 20565 205662012-01-06 Eric Seidel <eric@webkit.org> and Gustavo Noronha Silva <gustavo.noronha@collabora.com> 20567 20568 Make the new WTF module build on Gtk 20569 https://bugs.webkit.org/show_bug.cgi?id=75669 20570 20571 * GNUmakefile.am: 20572 205732012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> 20574 20575 [Qt] Remove un-needed VPATHs from project includes 20576 20577 Reviewed by Simon Hausmann. 20578 20579 * JavaScriptCore.pri: 20580 * wtf/wtf.pri: 20581 205822012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> 20583 20584 [Qt] Move listing of include paths and libs to pri files in sources 20585 20586 Includepaths are sometimes modified by non-Qt contributors so keeping 20587 them in files inside Sources makes it more likely that they are updated 20588 along with project files for the other ports. 20589 20590 Using pri files instead of prf files for this also has the benefit that 20591 the include() from the main target file can be parsed and followed by 20592 Qt Creator -- something that does not work with load(). 20593 20594 Dependency from a target to a library through the WEBKIT variable are 20595 handled through forwarding-files in Tools/qmake/mkspecs/modules, which 20596 set the source root of the module and include the right pri file. 20597 20598 Ideally we'd use the variant of include() that takes an optional 20599 namespace to read the variables into, or the fromfile() function, 20600 but both of these add an overhead of about 40% on the total qmake 20601 runtime, due to making a deep copy of all the variables in the 20602 project or re-reading all the prf files from scratch. 20603 20604 Reviewed by Simon Hausmann. 20605 Reviewed by Ossy. 20606 20607 * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf. 20608 * Target.pri: 20609 * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf. 20610 * wtf/wtf.pro: 20611 206122012-01-06 Hajime Morrita <morrita@chromium.org> 20613 20614 WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE 20615 https://bugs.webkit.org/show_bug.cgi?id=75612 20616 20617 Reviewed by Kevin Ollivier. 20618 20619 * wtf/text/WTFString.h: 20620 (WTF::String::findIgnoringCase): 20621 (WTF::String::append): 20622 (WTF::String::fromUTF8): 20623 (WTF::String::fromUTF8WithLatin1Fallback): 20624 (WTF::String::isHashTableDeletedValue): 20625 206262012-01-05 Dan Bernstein <mitz@apple.com> 20627 20628 <rdar://problem/10633760> Update copyright strings 20629 20630 Reviewed by Mark Rowe. 20631 20632 * Info.plist: 20633 206342012-01-05 Gavin Barraclough <barraclough@apple.com> 20635 20636 Date constructor handles infinite values incorrectly. 20637 https://bugs.webkit.org/show_bug.cgi?id=70998 20638 20639 Reviewed by Filip Pizlo. 20640 20641 * runtime/DateConstructor.cpp: 20642 (JSC::constructDate): 20643 - should be checking !finite rather then isnan. 20644 206452012-01-05 Gavin Barraclough <barraclough@apple.com> 20646 20647 date.toISOString produces incorrect results for dates with ms prior to 1970 20648 https://bugs.webkit.org/show_bug.cgi?id=75684 20649 20650 Reviewed by Sam Weinig. 20651 20652 * runtime/DatePrototype.cpp: 20653 (JSC::dateProtoFuncToISOString): 20654 206552012-01-05 Gavin Barraclough <barraclough@apple.com> 20656 20657 Array.prototype.lastIndexOf ignores undefined fromIndex. 20658 https://bugs.webkit.org/show_bug.cgi?id=75678 20659 20660 Reviewed by Sam Weinig. 20661 20662 array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x) 20663 20664 * runtime/ArrayPrototype.cpp: 20665 (JSC::arrayProtoFuncLastIndexOf): 20666 - should check argumnet count, rather than checking agument value for undefined. 20667 206682012-01-05 Gavin Barraclough <barraclough@apple.com> 20669 20670 Date parsing is too restrictive. 20671 https://bugs.webkit.org/show_bug.cgi?id=75671 20672 20673 Reviewed by Oliver Hunt. 20674 20675 ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15). 20676 The spec allow a date to be date only, or date + time. 20677 20678 The date portion on the should match: (pseudocode!:) 20679 [(+|-)YY]YYYY[-MM[-DD]] 20680 though we are slightly more liberal (permitted by the spec), allowing: 20681 [+|-]Y+[-MM[-DD]] 20682 The time portion should match: 20683 THH:mm[:ss[.sss]][Z|(+|-)HH:mm] 20684 again we're slightly more liberal, allowing: 20685 THH:mm[:ss[.s+]][Z|(+|-)HH:mm] 20686 20687 * wtf/DateMath.cpp: 20688 (WTF::parseES5DatePortion): 20689 - Month/day fields are optional, default to 01. 20690 (WTF::parseES5TimePortion): 20691 - Hours/Minutes are requires, seconds/timezone are optional. 20692 (WTF::parseES5DateFromNullTerminatedCharacters): 20693 - Dates may be date only, or date + time. 20694 206952012-01-05 Bruno Dilly <bdilly@profusion.mobi> 20696 20697 [EFL] Undefined references to ICU_I18N symbols on WTF 20698 https://bugs.webkit.org/show_bug.cgi?id=75642 20699 20700 Unreviewed build fix. 20701 20702 Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake. 20703 Some undefined references were ucol_setAttribute_44, ucol_close_44, 20704 ucol_getAttribute_44... 20705 20706 * wtf/PlatformEfl.cmake: 20707 207082012-01-05 Geoffrey Garen <ggaren@apple.com> 20709 20710 Refined the fast path for StringImpl::hash() 20711 https://bugs.webkit.org/show_bug.cgi?id=75178 20712 20713 Reviewed by Darin Adler. 20714 20715 Moved the hash calculation code into an out-of-line function to clean up 20716 the hot path. 20717 20718 No measurable benchmark change, but this knocks some samples off in 20719 Instruments, and I think this is a step toward removing -fomit-frame-pointer. 20720 20721 * wtf/text/StringImpl.cpp: 20722 (WTF::StringImpl::hashSlowCase): 20723 * wtf/text/StringImpl.h: 20724 (WTF::StringImpl::hash): The patch. 20725 20726 * wtf/text/StringStatics.cpp: 20727 (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build 20728 scheme, which requires all out-of-line StringImpl functions used by 20729 WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.) 20730 207312012-01-05 Gavin Barraclough <barraclough@apple.com> 20732 20733 Literal tab in JSONString fails 20734 https://bugs.webkit.org/show_bug.cgi?id=71772 20735 20736 Reviewed by Oliver Hunt. 20737 20738 rfc4627 does not allow literal tab characters in JSON source. 20739 20740 * runtime/LiteralParser.cpp: 20741 (JSC::isSafeStringCharacter): 20742 - do not allow literal tab in StrictJSON mode. 20743 207442012-01-05 Gavin Barraclough <barraclough@apple.com> 20745 20746 push/shift fifo may consume excessive memory 20747 https://bugs.webkit.org/show_bug.cgi?id=75610 20748 20749 Reviewed by Sam Weinig. 20750 20751 Array object commonly store data in a vector, consisting of a portion that is 20752 in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between 20753 m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and 20754 the current algorithm for increaseVectorLength (used by push, or [[Put]]) will 20755 never shrink the pre-capacity, so a push/shift fifo may consume an inordinate 20756 amount of memory, whilst having a relatively small active length. 20757 20758 * runtime/JSArray.cpp: 20759 (JSC::JSArray::increaseVectorLength): 20760 - If m_indexBias is non-zero, decay it over time. 20761 207622012-01-05 Csaba Osztrogonác <ossy@webkit.org> 20763 20764 unshift/pop fifo may consume excessive memory 20765 https://bugs.webkit.org/show_bug.cgi?id=75588 20766 20767 Reviewed by Zoltan Herczeg. 20768 20769 Buildfix after r104120. 20770 20771 * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true 20772 (JSC::JSArray::unshiftCount): 20773 207742012-01-05 Zoltan Herczeg <zherczeg@webkit.org> 20775 20776 Unreviewed gardening after r104134. 20777 20778 * wtf/Assertions.cpp: 20779 207802012-01-05 Zoltan Herczeg <zherczeg@webkit.org> 20781 20782 Unreviewed gardening after r75605. 20783 20784 Rubber stamped by NOBODY Csaba Osztrogonác. 20785 20786 * wtf/Assertions.cpp: 20787 207882012-01-05 Benjamin Poulain <benjamin@webkit.org> 20789 20790 Improve charactersAreAllASCII() to compare multiple characters at a time 20791 https://bugs.webkit.org/show_bug.cgi?id=74063 20792 20793 Reviewed by Darin Adler. 20794 20795 A new header ASCIIFastPath.h contains the functions related to 20796 the detection of ASCII by using machine words. Part of it comes from 20797 WebCore's TextCodecASCIIFastPath.h. 20798 20799 The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h 20800 and is implemented with computer word comparison. 20801 The gain over the previous implementation of charactersAreAllASCII() is of 20802 the order of how many comparison are avoided (4x, 8x, 16x depending on the 20803 format and the CPU type). 20804 20805 * GNUmakefile.list.am: 20806 * JavaScriptCore.gypi: 20807 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 20808 * JavaScriptCore.xcodeproj/project.pbxproj: 20809 * wtf/text/ASCIIFastPath.h: Added. 20810 (WTF::isAlignedToMachineWord): 20811 (WTF::alignToMachineWord): 20812 (WTF::isAllASCII): 20813 (WTF::charactersAreAllASCII): 20814 * wtf/text/WTFString.h: 20815 * wtf/wtf.pro: 20816 208172012-01-05 Mark Rowe <mrowe@apple.com> 20818 20819 <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL 20820 20821 We should always log to both ASL and stderr on platforms where this won't result in launchd 20822 duplicating the messages. 20823 20824 Reviewed by Dan Bernstein. 20825 20826 * wtf/Assertions.cpp: 20827 (vprintf_stderr_common): 20828 208292012-01-05 Mark Rowe <mrowe@apple.com> 20830 20831 <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line 20832 20833 Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a 20834 single line of text. This results in strangely formatted output if vprintf_stderr_common is 20835 retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented 20836 like stderr. 20837 20838 Reviewed by Dan Bernstein. 20839 20840 * wtf/Assertions.cpp: 20841 (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format 20842 string before handing it off to vprintf_stderr_common. This requires disabling warnings about 20843 calling a printf-like function with a non-literal format string for this piece of code. It's 20844 safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix. 20845 (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the 20846 given format string if one does not already exist. It requires the same treatment with regards 20847 to the non-literal format string warning. 20848 (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix. 20849 (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common. 20850 (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix. 20851 (WTFReportError): Ditto. 20852 (WTFLog): Switch to using vprintf_stderr_with_trailing_newline. 20853 (WTFLogVerbose): Ditto. 20854 208552012-01-04 Gavin Barraclough <barraclough@apple.com> 20856 20857 unshift/pop fifo may consume excessive memory 20858 https://bugs.webkit.org/show_bug.cgi?id=75588 20859 20860 Reviewed by Sam Weinig. 20861 20862 The Array object commonly store data in a vector, consisting of a portion that 20863 is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between 20864 m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the 20865 current algorithm for increasePrefixVectorLength (used by unshift) will never 20866 stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount 20867 of memory, whilst having a relatively small active length. 20868 20869 * runtime/JSArray.cpp: 20870 (JSC::storageSize): 20871 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>) 20872 (JSC::SparseArrayValueMap::put): 20873 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>) 20874 (JSC::JSArray::increaseVectorLength): 20875 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>) 20876 (JSC::JSArray::unshiftCountSlowCase): 20877 - renamed from increaseVectorPrefixLength (this was a bad name, since it 20878 also moved the ArrayStorage header), rewritten. 20879 (JSC::JSArray::shiftCount): 20880 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned 20881 (JSC::JSArray::unshiftCount): 20882 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned, 20883 increaseVectorPrefixLength renamed to unshiftCountSlowCase 20884 (JSC::JSArray::sortNumeric): 20885 * runtime/JSArray.h: 20886 - Updated function declarations, m_indexBias should be unsigned. 20887 208882012-01-04 Mark Rowe <mrowe@apple.com> 20889 20890 <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments 20891 20892 Since JSC::Arguments has an OwnPtr for a member it needs to override destroy 20893 to ensure that the correct destructor is invoked. This is necessary because 20894 JSCell subclasses all intentionally have non-virtual destructors. 20895 20896 Reviewed by Filip Pizlo. 20897 20898 * runtime/Arguments.cpp: 20899 (JSC::Arguments::destroy): 20900 * runtime/Arguments.h: 20901 209022012-01-04 Filip Pizlo <fpizlo@apple.com> 20903 20904 Unreviewed, accidentally turned off the JIT in previous commit. Turning 20905 it back on. 20906 20907 * wtf/Platform.h: 20908 209092012-01-04 Filip Pizlo <fpizlo@apple.com> 20910 20911 Changed "return" to "break" in some macrology I introduced in 20912 http://trac.webkit.org/changeset/104086. This is a benign change, as 20913 "return" was technically correct for all uses of the macro. 20914 20915 Reviewed by Oliver Hunt. 20916 20917 * dfg/DFGGraph.cpp: 20918 * wtf/Platform.h: 20919 209202012-01-04 Michael Saboff <msaboff@apple.com> 20921 20922 StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset 20923 https://bugs.webkit.org/show_bug.cgi?id=75583 20924 20925 Reviewed by Filip Pizlo. 20926 20927 * bytecode/CodeBlock.cpp: 20928 (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding 20929 StructureStubInfo and reset the appropriate JIT and 20930 the StructureStubInfo itself when reseting a MethodCallLinkInfo. 20931 209322012-01-04 Michael Saboff <msaboff@apple.com> 20933 20934 Invalid ASSERT() in DFGRepatch.cpp near line 385 20935 https://bugs.webkit.org/show_bug.cgi?id=75584 20936 20937 Reviewed by Filip Pizlo. 20938 20939 * dfg/DFGRepatch.cpp: 20940 (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==. 20941 209422012-01-04 Filip Pizlo <fpizlo@apple.com> 20943 20944 Incorrect use of DFG node reference counts when mutating the graph 20945 https://bugs.webkit.org/show_bug.cgi?id=75580 20946 <rdar://problem/10644607> 20947 20948 Reviewed by Oliver Hunt. 20949 20950 Made deref(node) follow the pattern of ref(node), which it should have 20951 to begin with. 20952 20953 * dfg/DFGGraph.cpp: 20954 (JSC::DFG::Graph::refChildren): 20955 (JSC::DFG::Graph::derefChildren): 20956 * dfg/DFGGraph.h: 20957 (JSC::DFG::Graph::deref): 20958 (JSC::DFG::Graph::clearAndDerefChild1): 20959 (JSC::DFG::Graph::clearAndDerefChild2): 20960 (JSC::DFG::Graph::clearAndDerefChild3): 20961 * dfg/DFGNode.h: 20962 (JSC::DFG::Node::deref): 20963 * dfg/DFGPropagator.cpp: 20964 (JSC::DFG::Propagator::fixupNode): 20965 209662012-01-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> 20967 20968 [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies 20969 20970 The custom qmake variable 'WEBKIT' is used for signaling that a 20971 target depends in some way on other subproject of the WebKit 20972 project. For now this is limited to the set of intermediate 20973 libraries: wtf, javascriptcore, webcore, and webkit2. 20974 20975 This replaces the previous convension of using load(foo) for 20976 just include paths, and CONFIG += foo to also link against foo. 20977 20978 Adding a dependency results in additional include paths being 20979 available, and potentially linking to the library. This is 20980 decided by the build system based on conditions such as what 20981 kind of target is being built and the general build config. 20982 20983 An advantage to his approach is that it simplifies the individual 20984 foo.prf files, for example by allowing us to use INCLUDEPATH += 20985 and LIBS += as normal instead of prepending. 20986 20987 Reviewed by Simon Hausmann. 20988 20989 * Target.pri: 20990 * jsc.pro: 20991 * wtf/wtf.pro: 20992 209932012-01-03 Filip Pizlo <fpizlo@apple.com> 20994 20995 DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong 20996 https://bugs.webkit.org/show_bug.cgi?id=75516 20997 <rdar://problem/10640266> 20998 20999 Reviewed by Gavin Barraclough. 21000 21001 Removed the offending assertion, since it was wrong. Also hardened the code to make 21002 this case less likely by first having the propagator fixpoint converge, and then doing 21003 double voting combined with a second fixpoint. This is neutral on benchmarks and 21004 fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double 21005 until we've converged to the conclusion that it really is double). 21006 21007 * dfg/DFGPropagator.cpp: 21008 (JSC::DFG::Propagator::propagatePredictions): 21009 * dfg/DFGVariableAccessData.h: 21010 (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): 21011 210122012-01-03 Filip Pizlo <fpizlo@apple.com> 21013 21014 REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds 21015 https://bugs.webkit.org/show_bug.cgi?id=75303 21016 <rdar://problem/10633533> 21017 21018 Reviewed by Gavin Barraclough. 21019 21020 The this argument was not being kept alive in some cases during inlining and intrinsic 21021 optimizations. 21022 21023 * dfg/DFGByteCodeParser.cpp: 21024 (JSC::DFG::ByteCodeParser::handleCall): 21025 (JSC::DFG::ByteCodeParser::emitFunctionCheck): 21026 (JSC::DFG::ByteCodeParser::handleInlining): 21027 210282012-01-03 Gavin Barraclough <barraclough@apple.com> 21029 21030 Windows build fix. 21031 21032 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 21033 210342012-01-03 Gavin Barraclough <barraclough@apple.com> 21035 21036 Windows build fix. 21037 21038 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 21039 210402012-01-03 Gavin Barraclough <barraclough@apple.com> 21041 21042 https://bugs.webkit.org/show_bug.cgi?id=75140 21043 21044 Reviewed by Sam Weinig. 21045 21046 Rewrite JSArray::putSlowCase to be much cleaner & simpler. 21047 21048 This rewrite only significantly changes behaviour for sparse array, specifically 21049 in how sparse arrays are reified back to vector form. This does not affect arrays 21050 with less than 10000 entries (since these always use a vector). The more common 21051 cases of sparse array behavior (though large sparse arrays are rare) - arrays that 21052 always remain sparse, and arrays that are filled in reverse sequential order - 21053 should be just as fast or faster (since reification is simpler & no longer 21054 requires map lookups) after these changes. 21055 21056 Simplifying this code allows all cases of putByIndex that need to grow the vector 21057 to do so via increaseVectorLength, which means that this method can encapsulate 21058 the policy of determining how the vector should be grown. 21059 21060 No performance impact. 21061 21062 * runtime/JSArray.cpp: 21063 (JSC::isDenseEnoughForVector): 21064 - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector. 21065 (JSC::JSArray::putByIndex): 21066 - simplify & comment. 21067 (JSC::JSArray::putByIndexBeyondVectorLength): 21068 - Re-written to be much clearer & simpler. 21069 (JSC::JSArray::increaseVectorLength): 21070 (JSC::JSArray::increaseVectorPrefixLength): 21071 - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so. 21072 (JSC::JSArray::push): 21073 - simplify & comment. 21074 * runtime/JSArray.h: 21075 - removed SparseArrayValueMap::take. 21076 210772012-01-03 Gavin Barraclough <barraclough@apple.com> 21078 21079 Windows build fix. 21080 21081 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 21082 210832012-01-03 Gavin Barraclough <barraclough@apple.com> 21084 21085 https://bugs.webkit.org/show_bug.cgi?id=75140 21086 21087 Reviewed by Sam Weinig. 21088 21089 Simplify JSArray creation - remove ArgsList/JSValue* create methods 21090 (this functionality can be implemented in terms of tryCreateUninitialized). 21091 21092 * JavaScriptCore.exp: 21093 * runtime/ArrayConstructor.cpp: 21094 - use constructArray/constructEmptyArray instead of calling JSArray::create directly 21095 (JSC::constructArrayWithSizeQuirk): 21096 * runtime/JSArray.cpp: 21097 * runtime/JSArray.h: 21098 - removed ArgsList/JSValue* create methods 21099 * runtime/JSGlobalObject.h: 21100 (JSC::constructEmptyArray): 21101 (JSC::constructArray): 21102 - changed to be implemented in terms of JSArray::tryCreateUninitialized 21103 211042012-01-03 Gavin Barraclough <barraclough@apple.com> 21105 21106 https://bugs.webkit.org/show_bug.cgi?id=75429 21107 ThrowTypeError should be a singleton object 21108 21109 Reviewed by Sam Weinig. 21110 21111 Per section 13.2.3 of the spec. 21112 We could change setAccessorDescriptor to be able to share the global 21113 GetterSetter object, rather than storing the accessor functions and 21114 creating a new GetterSetter in defineProperty - but this won't be a 21115 small change to PropertyDescriptors (and would probably mean making 21116 GetterSetter objects immutable?) - so I'll leave that for another 21117 patch. 21118 21119 * JavaScriptCore.exp: 21120 - don't export setAccessorDescriptor 21121 * runtime/Arguments.cpp: 21122 (JSC::Arguments::createStrictModeCallerIfNecessary): 21123 (JSC::Arguments::createStrictModeCalleeIfNecessary): 21124 - call throwTypeErrorGetterSetter instead of createTypeErrorFunction 21125 * runtime/Error.cpp: 21126 * runtime/Error.h: 21127 - remove createTypeErrorFunction 21128 * runtime/JSFunction.cpp: 21129 * runtime/JSFunction.h: 21130 - remove unused createDescriptorForThrowingProperty 21131 * runtime/JSGlobalObject.cpp: 21132 (JSC::JSGlobalObject::reset): 21133 (JSC::JSGlobalObject::visitChildren): 21134 - removed m_strictModeTypeErrorFunctionStructure. 21135 * runtime/JSGlobalObject.h: 21136 (JSC::JSGlobalObject::internalFunctionStructure): 21137 - removed m_strictModeTypeErrorFunctionStructure. 21138 * runtime/PropertyDescriptor.cpp: 21139 (JSC::PropertyDescriptor::setAccessorDescriptor): 21140 - changed to take a GetterSetter 21141 * runtime/PropertyDescriptor.h: 21142 - changed to take a GetterSetter 21143 211442012-01-02 Gavin Barraclough <barraclough@apple.com> 21145 21146 Check in fixes for jsc tests following bug #75455. 21147 21148 * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js: 21149 * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js: 21150 211512012-01-02 Gavin Barraclough <barraclough@apple.com> 21152 21153 https://bugs.webkit.org/show_bug.cgi?id=75452 21154 If argument to Error is undefined, message is not set 21155 21156 Reviewed by Sam Weinig. 21157 21158 Per section 15.11.1.1 of the spec. 21159 21160 * runtime/ErrorInstance.h: 21161 (JSC::ErrorInstance::create): 21162 (JSC::ErrorInstance::finishCreation): 21163 211642012-01-02 Gavin Barraclough <barraclough@apple.com> 21165 21166 ES5 prohibits parseInt from supporting octal 21167 https://bugs.webkit.org/show_bug.cgi?id=75455 21168 21169 Reviewed by Sam Weinig. 21170 21171 See sections 15.1.2.2 and annex E. 21172 21173 * runtime/JSGlobalObjectFunctions.cpp: 21174 (JSC::parseInt): 21175 211762012-01-02 Gavin Barraclough <barraclough@apple.com> 21177 21178 https://bugs.webkit.org/show_bug.cgi?id=55343 21179 Global JSON should be configurable but isn't 21180 21181 Reviewed by Sam Weinig. 21182 21183 * runtime/JSGlobalObject.cpp: 21184 (JSC::JSGlobalObject::reset): 21185 - make JSON configurable 21186 211872012-01-01 Filip Pizlo <fpizlo@apple.com> 21188 21189 Call instructions should leave room for linking information 21190 https://bugs.webkit.org/show_bug.cgi?id=75422 21191 <rdar://problem/10633985> 21192 21193 Reviewed by Oliver Hunt. 21194 21195 * bytecode/Opcode.h: 21196 * bytecompiler/BytecodeGenerator.cpp: 21197 (JSC::BytecodeGenerator::emitCall): 21198 (JSC::BytecodeGenerator::emitConstruct): 21199 212002011-12-31 Dan Bernstein <mitz@apple.com> 21201 21202 Continue trying to fix the Windows build after r103823. 21203 21204 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 21205 212062011-12-31 Dan Bernstein <mitz@apple.com> 21207 21208 Start trying to fix the Windows build after r103823. 21209 21210 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 21211 212122011-12-30 Anders Carlsson <andersca@apple.com> 21213 21214 Add a ParamStorageTraits specialization for RetainPtr 21215 https://bugs.webkit.org/show_bug.cgi?id=75392 21216 21217 Reviewed by Daniel Bates. 21218 21219 * wtf/Functional.h: 21220 Add a partial specialization of ParamStorageTraits for RetainPtr<T>. 21221 21222 * wtf/RetainPtr.h: 21223 Bring in the retainPtr function template from WTF. 21224 212252011-12-29 Sam Weinig <sam@webkit.org> 21226 21227 It should be easier to iterate a Vector backwards 21228 https://bugs.webkit.org/show_bug.cgi?id=75359 21229 21230 Reviewed by Anders Carlsson. 21231 21232 Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(), 21233 a new proxy driven way to access a vector backwards. One can use 21234 reversed() in a range-based for loop like so: 21235 21236 for (auto val: myVector.reversed()) 21237 doSomething(val) 21238 21239 * wtf/Vector.h: 21240 (WTF::Vector::~Vector): 21241 Fix style. 21242 21243 (WTF::Vector::rbegin): 21244 (WTF::Vector::rend): 21245 Added using standard adaptor std::reverse_iterator. 21246 21247 (WTF::Vector::reversed): 21248 (WTF::Vector::VectorReverseProxy::begin): 21249 (WTF::Vector::VectorReverseProxy::end): 21250 Add proxy similar to one used in HashMap for keys() and values() 21251 which allows access to a Vector backwards for use in range-based 21252 for loops. 21253 212542011-12-29 Gavin Barraclough <barraclough@apple.com> 21255 21256 https://bugs.webkit.org/show_bug.cgi?id=75140 21257 21258 Reviewed by Oliver Hunt. 21259 21260 Start cleaning up JSArray construction. JSArray has a set of create methods, 21261 one of which (currently) takes a 'creation mode' enum parameter. Based on that 21262 parameter, the constructor does one of two completely different things. If the 21263 parameter is 'CreateInitialized' it creates an array, setting the length, but 21264 does not eagerly allocate a storage vector of the specified length. A small 21265 (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property 21266 access to the vector will read the hole value (return undefined). The alternate 21267 usage of this method ('CreateCompact') does something very different. It tries 21268 to create an array of the requested length, and also allocates a storage vector 21269 large enough to hold all properties. It does not clear the storage vector, 21270 leaving the memory uninitialized and requiring the user to call a method 21271 'uncheckedSetIndex' to initialize values in the vector. 21272 21273 This patch factors out these two behaviours, moving the 'CreateCompact' mode 21274 into its own method, 'tryCreateUninitialized' (matching the naming for this 21275 functionality in the string classes). 'tryCreateUninitialized' may return 0 if 21276 memory allocation fails during construction of the object. The construction 21277 pattern changes such that values added during initialization will be marked if 21278 a GC is triggered during array allocation. 'CreateInitialized' no longer need 21279 be passed to create a normal, fully constructed array with a length, and this 21280 method is merged with the version of 'create' that does not take an initial 21281 length (length parameter defaults to 0). 21282 21283 * JavaScriptCore.exp: 21284 * runtime/ArrayConstructor.cpp: 21285 (JSC::constructArrayWithSizeQuirk): 21286 - removed 'CreateInitialized' argument 21287 * runtime/ArrayPrototype.cpp: 21288 (JSC::arrayProtoFuncSplice): 21289 - changed to call 'tryCreateUninitialized' 21290 * runtime/FunctionPrototype.cpp: 21291 (JSC::functionProtoFuncBind): 21292 - changed to call 'tryCreateUninitialized' 21293 * runtime/JSArray.cpp: 21294 (JSC::JSArray::JSArray): 21295 - initialize m_storage to null; if construction fails, make destruction safe 21296 (JSC::JSArray::finishCreation): 21297 - merge versions of this method, takes an initialLength parameter defaulting to zero 21298 (JSC::JSArray::tryFinishCreationUninitialized): 21299 - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0 21300 (JSC::JSArray::~JSArray): 21301 - check for null m_storage, in case array construction failed. 21302 (JSC::JSArray::increaseVectorPrefixLength): 21303 * runtime/JSArray.h: 21304 (JSC::JSArray::create): 21305 - merge versions of this method, takes an initialLength parameter defaulting to zero 21306 (JSC::JSArray::tryCreateUninitialized): 21307 - version of 'create' that tries to eagerly allocate storage; may fail & return 0 21308 (JSC::JSArray::initializeIndex): 21309 (JSC::JSArray::completeInitialization): 21310 - used in conjunction with 'tryCreateUninitialized' to initialize the array 21311 * runtime/JSGlobalObject.h: 21312 (JSC::constructEmptyArray): 21313 - removed 'CreateInitialized' argument 21314 * runtime/RegExpConstructor.cpp: 21315 (JSC::RegExpMatchesArray::finishCreation): 21316 - removed 'CreateInitialized' argument 21317 213182011-12-29 Anders Carlsson <andersca@apple.com> 21319 21320 Add a retainPtr function template 21321 https://bugs.webkit.org/show_bug.cgi?id=75365 21322 21323 Reviewed by Dan Bernstein. 21324 21325 This makes it easier to make a RetainPtr using template argument deduction, which 21326 is useful when passing RetainPtr objects as function arguments. 21327 21328 * wtf/RetainPtr.h: 21329 (WTF::retainPtr): 21330 213312011-12-28 Yuqiang Xian <yuqiang.xian@intel.com> 21332 21333 spill unboxed values in DFG 32_64 21334 https://bugs.webkit.org/show_bug.cgi?id=75291 21335 21336 Reviewed by Filip Pizlo. 21337 21338 Currently all the values are spilled as boxed in DFG 32_64, which is 21339 not necessary and introduces additional stores/loads. Instead we 21340 can spill them as unboxed if feasible. It can be applied to the 21341 Integers, Cells and Booleans in DFG 32_64. Doubles are left as is 21342 because they don't need to be boxed at all. The modifications to the 21343 spill/fill and the OSR exit are required, as well as a bug fix to the 21344 "isUnknownJS" logic. 21345 21346 * bytecode/ValueRecovery.h: 21347 (JSC::ValueRecovery::displacedInRegisterFile): 21348 (JSC::ValueRecovery::virtualRegister): 21349 (JSC::ValueRecovery::dump): 21350 * dfg/DFGGenerationInfo.h: 21351 (JSC::DFG::GenerationInfo::isUnknownJS): 21352 (JSC::DFG::GenerationInfo::spill): 21353 * dfg/DFGOSRExitCompiler32_64.cpp: 21354 (JSC::DFG::OSRExitCompiler::compileExit): 21355 * dfg/DFGSpeculativeJIT.cpp: 21356 (JSC::DFG::SpeculativeJIT::isKnownNotBoolean): 21357 * dfg/DFGSpeculativeJIT.h: 21358 (JSC::DFG::SpeculativeJIT::silentFillGPR): 21359 (JSC::DFG::SpeculativeJIT::spill): 21360 * dfg/DFGSpeculativeJIT32_64.cpp: 21361 (JSC::DFG::SpeculativeJIT::fillInteger): 21362 (JSC::DFG::SpeculativeJIT::fillDouble): 21363 (JSC::DFG::SpeculativeJIT::fillJSValue): 21364 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 21365 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 21366 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 21367 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 21368 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 21369 (JSC::DFG::SpeculativeJIT::compile): 21370 213712011-12-28 Anders Carlsson <andersca@apple.com> 21372 21373 Add an implicit block conversion operator to WTF::Function 21374 https://bugs.webkit.org/show_bug.cgi?id=75325 21375 21376 Reviewed by Dan Bernstein. 21377 21378 * wtf/Compiler.h: 21379 Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation 21380 is buggy, especially when it comes to C++. 21381 21382 * wtf/Functional.h: 21383 Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed. 21384 213852011-12-27 Anders Carlsson <andersca@apple.com> 21386 21387 Add a new WTF::bind overload that takes 6 parameters 21388 https://bugs.webkit.org/show_bug.cgi?id=75287 21389 21390 Reviewed by Sam Weinig. 21391 21392 * wtf/Functional.h: 21393 213942011-12-27 Sam Weinig <sam@webkit.org> 21395 21396 Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro 21397 https://bugs.webkit.org/show_bug.cgi?id=75268 21398 21399 Reviewed by Anders Carlsson. 21400 21401 * wtf/Compiler.h: 21402 Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). 21403 21404 * wtf/Noncopyable.h: 21405 Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). 21406 21407 * wtf/NullPtr.cpp: 21408 * wtf/NullPtr.h: 21409 Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR). 21410 21411 * wtf/RefPtr.h: 21412 * wtf/RetainPtr.h: 21413 Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR). 21414 214152011-12-27 Anders Carlsson <andersca@apple.com> 21416 21417 Misc fixes and cleanups in Functional.h 21418 https://bugs.webkit.org/show_bug.cgi?id=75281 21419 21420 Reviewed by Andreas Kling. 21421 21422 - Reformat template declarations so that the class begins on a new line. 21423 - Change the parameter template parameters to start at P1 instead of P0. 21424 - Add function wrappers and bind overloads for 4 and 5 parameter functions. 21425 - Change the Function call operator to be const so const functions can be called. 21426 21427 * wtf/Functional.h: 21428 214292011-12-27 Tony Chang <tony@chromium.org> 21430 21431 [chromium] Minor cleanup of gyp files. 21432 https://bugs.webkit.org/show_bug.cgi?id=75269 21433 21434 Reviewed by Adam Barth. 21435 21436 * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed 21437 and vim/emacs specific hooks should be added by the user. 21438 214392011-12-27 Gavin Barraclough <barraclough@apple.com> 21440 21441 https://bugs.webkit.org/show_bug.cgi?id=75260 21442 Null name for host function can result in dereference of uninitialize memory 21443 21444 Reviewed by Filip Pizlo. 21445 21446 This is a recent regression in ToT, if the name passed to finishCreation of a host function is null, 21447 we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the 21448 aspect of the change that introduced the issue. It might be better if functions that don't have a 21449 name don't have this property at all, but that's change should be separate from fixing the bug. 21450 21451 * runtime/JSFunction.cpp: 21452 (JSC::JSFunction::finishCreation): 21453 - Always initialize the name property. 21454 214552011-12-27 Anders Carlsson <andersca@apple.com> 21456 21457 Function should handle wrapping/unwrapping RefPtr and PassRefPtr 21458 https://bugs.webkit.org/show_bug.cgi?id=75266 21459 21460 Reviewed by Sam Weinig. 21461 21462 Add ParamStorageTraits that can be used for deciding how bound parameters should be stored 21463 and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn. 21464 For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking. 21465 21466 * wtf/Functional.h: 21467 (WTF::ParamStorageTraits::wrap): 21468 (WTF::ParamStorageTraits::unwrap): 21469 214702011-12-27 Tony Chang <tony@chromium.org> 21471 21472 [chromium] really enable wpo for WebCore libs and for WTF 21473 https://bugs.webkit.org/show_bug.cgi?id=75264 21474 21475 Reviewed by Adam Barth. 21476 21477 * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr. 21478 214792011-12-26 Gavin Barraclough <barraclough@apple.com> 21480 21481 Errk! OS X build fix. 21482 21483 * JavaScriptCore.exp: 21484 214852011-12-26 Gavin Barraclough <barraclough@apple.com> 21486 21487 Windows build fix. 21488 21489 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 21490 * runtime/JSObject.h: 21491 214922011-12-26 Gavin Barraclough <barraclough@apple.com> 21493 21494 https://bugs.webkit.org/show_bug.cgi?id=75231 21495 Fail to throw in strict mode on assign to read only static properties 21496 21497 Reviewed by Filip Pizlo. 21498 21499 There are three bugs here: 21500 * symbolTablePut should throw for strict mode accesses. 21501 * lookupPut should throw for strict mode accesses. 21502 * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties. 21503 21504 * runtime/JSActivation.cpp: 21505 (JSC::JSActivation::symbolTablePut): 21506 (JSC::JSActivation::put): 21507 * runtime/JSActivation.h: 21508 * runtime/JSGlobalObject.cpp: 21509 (JSC::JSGlobalObject::put): 21510 * runtime/JSStaticScopeObject.cpp: 21511 (JSC::JSStaticScopeObject::put): 21512 * runtime/JSVariableObject.h: 21513 (JSC::JSVariableObject::symbolTablePut): 21514 * runtime/Lookup.h: 21515 (JSC::lookupPut): 21516 * runtime/NumberConstructor.cpp: 21517 (JSC::NumberConstructor::put): 21518 * runtime/NumberConstructor.h: 21519 215202011-12-26 Gavin Barraclough <barraclough@apple.com> 21521 21522 Fix miss-commit of utf8 change. 21523 21524 Reviewed by Filip Pizlo 21525 21526 Eeep, patch as landed a while ago had no effect! - acidentally landed 21527 modified version of patch used for performance testing. 21528 21529 (This isn't covered by layout tests because layour tests don't use jsc, 21530 and the tests/mozilla tests use latin1, which was already supported!) 21531 21532 Landing changes as intended (and as originally reviewed). 21533 21534 * jsc.cpp: 21535 (jscSource): 21536 215372011-12-26 Filip Pizlo <fpizlo@apple.com> 21538 21539 Unreviewed build fix for ARMv7. 21540 21541 * assembler/MacroAssemblerARMv7.h: 21542 (JSC::MacroAssemblerARMv7::load16Signed): 21543 (JSC::MacroAssemblerARMv7::load8Signed): 21544 215452011-12-26 Hajime Morrita <morrita@google.com> 21546 21547 Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE 21548 https://bugs.webkit.org/show_bug.cgi?id=74990 21549 21550 Reviewed by Kevin Ollivier. 21551 21552 * runtime/JSExportMacros.h: Removed JS_INLINE 21553 * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE 21554 215552011-12-24 Filip Pizlo <fpizlo@apple.com> 21556 21557 The ArgumentCount field in the CallFrame should have its tag left blank for other uses 21558 https://bugs.webkit.org/show_bug.cgi?id=75199 21559 <rdar://problem/10625105> 21560 <rdar://problem/10625106> 21561 21562 Reviewed by Oliver Hunt. 21563 21564 * dfg/DFGOSRExitCompiler32_64.cpp: 21565 (JSC::DFG::OSRExitCompiler::compileExit): 21566 * dfg/DFGOSRExitCompiler64.cpp: 21567 (JSC::DFG::OSRExitCompiler::compileExit): 21568 * dfg/DFGSpeculativeJIT.h: 21569 (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): 21570 * dfg/DFGSpeculativeJIT32_64.cpp: 21571 (JSC::DFG::SpeculativeJIT::emitCall): 21572 * dfg/DFGSpeculativeJIT64.cpp: 21573 (JSC::DFG::SpeculativeJIT::emitCall): 21574 * interpreter/CallFrame.h: 21575 (JSC::ExecState::argumentCountIncludingThis): 21576 (JSC::ExecState::setArgumentCountIncludingThis): 21577 * interpreter/Register.h: 21578 (JSC::Register::unboxedInt32): 21579 (JSC::Register::unboxedBoolean): 21580 (JSC::Register::unboxedCell): 21581 (JSC::Register::payload): 21582 (JSC::Register::tag): 21583 * jit/JITCall.cpp: 21584 (JSC::JIT::compileOpCall): 21585 * jit/JITCall32_64.cpp: 21586 (JSC::JIT::compileLoadVarargs): 21587 (JSC::JIT::compileOpCall): 21588 215892011-12-25 Andreas Kling <awesomekling@apple.com> 21590 21591 Yarr: Avoid copying vectors in CharacterClassConstructor. 21592 <http://webkit.org/b/75206> 21593 21594 Reviewed by Darin Adler. 21595 21596 Yarr::CharacterClassConstructor::charClass() was hot when loading twitter 21597 feeds (1.2%), replace the usage of Vector::append() by swap() since we're 21598 always clearing the source vector afterwards anyway. 21599 21600 * yarr/YarrPattern.cpp: 21601 (JSC::Yarr::CharacterClassConstructor::charClass): 21602 216032011-12-24 Darin Adler <darin@apple.com> 21604 21605 Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn 21606 https://bugs.webkit.org/show_bug.cgi?id=72476 21607 21608 Reviewed by Sam Weinig. 21609 21610 * wtf/HashTraits.h: Defined PassInType and store function in HashTraits<RefPtr>. 21611 216122011-12-23 Geoffrey Garen <ggaren@apple.com> 21613 21614 Inlined Yarr::execute 21615 https://bugs.webkit.org/show_bug.cgi?id=75180 21616 21617 Reviewed reluctantly by Beth Dakin. 21618 21619 Tiny speedup on SunSpider string tests. Removes some samples from 21620 Instruments. A step toward removing -fomit-frame-pointer. 21621 21622 * yarr/YarrJIT.cpp: 21623 * yarr/YarrJIT.h: 21624 (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?! 21625 216262011-12-23 Filip Pizlo <fpizlo@apple.com> 21627 21628 DFG loads from signed 8-bit and 16-bit typed arrays are broken 21629 https://bugs.webkit.org/show_bug.cgi?id=75163 21630 21631 Reviewed by Geoffrey Garen. 21632 21633 Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm 21634 currently disabling Int8Array and Int16Array optimizations on ARM. 21635 21636 * assembler/MacroAssemblerX86Common.h: 21637 (JSC::MacroAssemblerX86Common::load8Signed): 21638 (JSC::MacroAssemblerX86Common::load16Signed): 21639 * assembler/X86Assembler.h: 21640 (JSC::X86Assembler::movswl_mr): 21641 (JSC::X86Assembler::movsbl_mr): 21642 * bytecode/PredictedType.h: 21643 (JSC::isActionableMutableArrayPrediction): 21644 * dfg/DFGNode.h: 21645 (JSC::DFG::Node::shouldSpeculateInt8Array): 21646 (JSC::DFG::Node::shouldSpeculateInt16Array): 21647 * dfg/DFGSpeculativeJIT.cpp: 21648 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): 21649 216502011-12-23 Filip Pizlo <fpizlo@apple.com> 21651 21652 DFG does double-to-int conversion incorrectly when storing into int typed arrays 21653 https://bugs.webkit.org/show_bug.cgi?id=75164 21654 <rdar://problem/10557547> 21655 21656 Reviewed by Geoffrey Garen. 21657 21658 * assembler/MacroAssemblerARMv7.h: 21659 (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): 21660 * assembler/MacroAssemblerX86Common.h: 21661 (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32): 21662 (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): 21663 * dfg/DFGSpeculativeJIT.cpp: 21664 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 21665 216662011-12-23 Geoffrey Garen <ggaren@apple.com> 21667 21668 Refactored String.prototype.replace 21669 https://bugs.webkit.org/show_bug.cgi?id=75114 21670 21671 Reviewed by Darin Adler. 21672 21673 No performance difference. 21674 21675 I think this is a step toward removing -fomit-frame-pointer. 21676 21677 * runtime/JSString.cpp: 21678 * runtime/JSString.h: Removed the test and special case for a single-character 21679 search string because the standard path does this test and special case 21680 for us. (As an aside, if we do come up with a unique single-character 21681 replace optimization in future, it probably belongs in the replace function, 21682 and not in JSString.) 21683 21684 * runtime/StringPrototype.cpp: 21685 (JSC::stringProtoFuncReplace): Split this mega-sized function into: 21686 (JSC::replaceUsingStringSearch): - This reasonably sized function, and 21687 (JSC::replaceUsingRegExpSearch): - This still mega-sized function. 21688 216892011-12-23 Pierre Rossi <pierre.rossi@gmail.com> 21690 21691 [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html 21692 https://bugs.webkit.org/show_bug.cgi?id=75087 21693 21694 monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds. 21695 21696 Reviewed by Darin Adler. 21697 21698 * wtf/CurrentTime.cpp: 21699 (WTF::monotonicallyIncreasingTime): 21700 217012011-12-22 Filip Pizlo <fpizlo@apple.com> 21702 21703 DFG should not speculate array even when predictions say that the base is not an array 21704 https://bugs.webkit.org/show_bug.cgi?id=75160 21705 <rdar://problem/10622646> 21706 <rdar://problem/10622649> 21707 21708 Reviewed by Oliver Hunt. 21709 21710 Added the ability to call slow path when the base is known to not be an array. 21711 Also rationalized the logic for deciding when the index is not an int, and 21712 cleaned up the logic for deciding when to speculate typed array. 21713 21714 Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can 21715 likely be mitigated by having the notion of a polymorphic array access, where we 21716 try, but don't speculate, to access the array one way before either trying some 21717 other ways or calling slow path. 21718 21719 * bytecode/PredictedType.h: 21720 (JSC::isActionableMutableArrayPrediction): 21721 (JSC::isActionableArrayPrediction): 21722 * dfg/DFGAbstractState.cpp: 21723 (JSC::DFG::AbstractState::execute): 21724 * dfg/DFGNode.h: 21725 (JSC::DFG::Node::shouldSpeculateInt8Array): 21726 (JSC::DFG::Node::shouldSpeculateInt16Array): 21727 (JSC::DFG::Node::shouldSpeculateInt32Array): 21728 (JSC::DFG::Node::shouldSpeculateUint8Array): 21729 (JSC::DFG::Node::shouldSpeculateUint16Array): 21730 (JSC::DFG::Node::shouldSpeculateUint32Array): 21731 (JSC::DFG::Node::shouldSpeculateFloat32Array): 21732 (JSC::DFG::Node::shouldSpeculateFloat64Array): 21733 * dfg/DFGPropagator.cpp: 21734 (JSC::DFG::Propagator::byValIsPure): 21735 * dfg/DFGSpeculativeJIT.cpp: 21736 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): 21737 * dfg/DFGSpeculativeJIT32_64.cpp: 21738 (JSC::DFG::SpeculativeJIT::compile): 21739 * dfg/DFGSpeculativeJIT64.cpp: 21740 (JSC::DFG::SpeculativeJIT::compile): 21741 217422011-12-22 Gavin Barraclough <barraclough@apple.com> 21743 21744 Unreviewed - fix stylebot issues from last patch. 21745 21746 * runtime/JSArray.cpp: 21747 (JSC::JSArray::putSlowCase): 21748 217492011-12-22 Gavin Barraclough <barraclough@apple.com> 21750 21751 https://bugs.webkit.org/show_bug.cgi?id=75151 21752 Add attributes field to JSArray's SparseMap 21753 21754 Reviewed by Sam Weinig. 21755 21756 This will be necessary to be able to support non- writable/configurable/enumerable 21757 properties, and helpful for getters/setters. 21758 21759 Added a concept of being 'inSparseMode' - this indicates the array has a non-standard 21760 21761 * runtime/ArrayPrototype.cpp: 21762 (JSC::arrayProtoFuncSort): 21763 - JSArray::sort methods not allowed on arrays that are 'inSparseMode'. 21764 (must fall back to generic sort alogrithm). 21765 * runtime/JSArray.cpp: 21766 (JSC::JSArray::finishCreation): 21767 - moved reportedMapCapacity into the SparseArrayValueMap object. 21768 (JSC::SparseArrayValueMap::find): 21769 (JSC::SparseArrayValueMap::put): 21770 (JSC::SparseArrayValueMap::visitChildren): 21771 - Added. 21772 (JSC::JSArray::getOwnPropertySlotByIndex): 21773 (JSC::JSArray::getOwnPropertyDescriptor): 21774 (JSC::JSArray::putSlowCase): 21775 (JSC::JSArray::deletePropertyByIndex): 21776 (JSC::JSArray::getOwnPropertyNames): 21777 (JSC::JSArray::setLength): 21778 (JSC::JSArray::pop): 21779 (JSC::JSArray::visitChildren): 21780 - Updated for changes in SparseArrayValueMap. 21781 (JSC::JSArray::sortNumeric): 21782 (JSC::JSArray::sort): 21783 (JSC::JSArray::compactForSorting): 21784 - Disallow on 'SparseMode' arrays. 21785 * runtime/JSArray.h: 21786 (JSC::SparseArrayEntry::SparseArrayEntry): 21787 - An entry in the sparse array - value (WriteBarrier) + attributes. 21788 (JSC::SparseArrayValueMap::SparseArrayValueMap): 21789 (JSC::SparseArrayValueMap::sparseMode): 21790 (JSC::SparseArrayValueMap::setSparseMode): 21791 - Flags to track whether an Array is forced into SparseMode. 21792 (JSC::SparseArrayValueMap::remove): 21793 (JSC::SparseArrayValueMap::notFound): 21794 (JSC::SparseArrayValueMap::isEmpty): 21795 (JSC::SparseArrayValueMap::contains): 21796 (JSC::SparseArrayValueMap::size): 21797 (JSC::SparseArrayValueMap::begin): 21798 (JSC::SparseArrayValueMap::end): 21799 - accessors to the map 21800 (JSC::SparseArrayValueMap::take): 21801 - only for use on non-SpareMode arrays. 21802 (JSC::JSArray::inSparseMode): 21803 - Added. 21804 218052011-12-22 Filip Pizlo <fpizlo@apple.com> 21806 21807 DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array 21808 https://bugs.webkit.org/show_bug.cgi?id=75150 21809 <rdar://problem/10621900> 21810 21811 Reviewed by Gavin Barraclough. 21812 21813 * dfg/DFGAbstractState.cpp: 21814 (JSC::DFG::AbstractState::execute): 21815 218162011-12-22 Filip Pizlo <fpizlo@apple.com> 21817 21818 DFG JIT does exactly the wrong thing when doing strict equality on two known cells 21819 https://bugs.webkit.org/show_bug.cgi?id=75138 21820 <rdar://problem/10621526> 21821 21822 Reviewed by Oliver Hunt. 21823 21824 * dfg/DFGSpeculativeJIT32_64.cpp: 21825 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 21826 * dfg/DFGSpeculativeJIT64.cpp: 21827 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 21828 218292011-12-22 Balazs Kelemen <kbalazs@webkit.org> 21830 21831 Fix debug build with assertions disabled 21832 https://bugs.webkit.org/show_bug.cgi?id=75075 21833 21834 Reviewed by Darin Adler. 21835 21836 Check whether assertions are disabled instead of NDEBUG 21837 where appropriate to avoid "defined but not used" warnings. 21838 21839 * wtf/DateMath.cpp: 21840 (WTF::initializeDates): 21841 218422011-12-22 Mariusz Grzegorczyk <mariusz.g@samsung.com> 21843 21844 [EFL] Missing plugins support for efl port 21845 https://bugs.webkit.org/show_bug.cgi?id=44505 21846 21847 Reviewed by Anders Carlsson. 21848 21849 Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port. 21850 21851 * wtf/Platform.h: 21852 218532011-12-22 Wei Charles <charles.wei@torchmobile.com.cn> 21854 21855 Remove un-used data member of LiteralParser::Lex::m_string 21856 https://bugs.webkit.org/show_bug.cgi?id=68216 21857 21858 Reviewed by George Staikos. 21859 21860 * runtime/LiteralParser.h: 21861 218622011-12-21 Dan Bernstein <mitz@apple.com> 21863 21864 OS X build fix after r103488. 21865 21866 * JavaScriptCore.exp: 21867 218682011-12-21 Konrad Piascik <kpiascik@rim.com> 21869 21870 Implement the JavaScriptCore bindings for eventListenerHandlerLocation 21871 https://bugs.webkit.org/show_bug.cgi?id=74313 21872 21873 Reviewed by Eric Seidel. 21874 21875 Updated project files to get Windows and Mac builds working. 21876 21877 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 21878 * JavaScriptCore.xcodeproj/project.pbxproj: 21879 218802011-12-21 Filip Pizlo <fpizlo@apple.com> 21881 21882 DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object 21883 https://bugs.webkit.org/show_bug.cgi?id=75058 21884 <rdar://problem/10616612> 21885 <rdar://problem/10617500> 21886 21887 Reviewed by Oliver Hunt. 21888 21889 Added a call to toThisObject() in the DFG when planting a direct reference to the global this object. 21890 Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed 21891 a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState* 21892 is optional. 21893 21894 * dfg/DFGAssemblyHelpers.h: 21895 (JSC::DFG::AssemblyHelpers::globalThisObjectFor): 21896 * dfg/DFGSpeculativeJIT32_64.cpp: 21897 (JSC::DFG::SpeculativeJIT::compile): 21898 * dfg/DFGSpeculativeJIT64.cpp: 21899 (JSC::DFG::SpeculativeJIT::compile): 21900 * runtime/JSObject.h: 21901 219022011-12-21 Pierre Rossi <pierre.rossi@gmail.com> 21903 21904 Implement montonicallyIncreasingClock() on Qt 21905 https://bugs.webkit.org/show_bug.cgi?id=62159 21906 21907 Reviewed by Darin Adler. 21908 21909 * wtf/CurrentTime.cpp: 21910 (WTF::monotonicallyIncreasingTime): 21911 219122011-12-20 Filip Pizlo <fpizlo@apple.com> 21913 21914 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails 21915 https://bugs.webkit.org/show_bug.cgi?id=74997 21916 <rdar://problem/10612389> 21917 21918 Reviewed by Gavin Barraclough. 21919 21920 * jit/JITArithmetic32_64.cpp: 21921 (JSC::JIT::emit_op_div): 21922 219232011-12-20 Filip Pizlo <fpizlo@apple.com> 21924 21925 JavaScriptCore should be consistent about how it reads and writes ArgumentCount 21926 https://bugs.webkit.org/show_bug.cgi?id=74989 21927 <rdar://problem/10612006> 21928 21929 Reviewed by Gavin Barraclough. 21930 21931 * dfg/DFGJITCompiler.cpp: 21932 (JSC::DFG::JITCompiler::compileFunction): 21933 * jit/JIT.cpp: 21934 (JSC::JIT::privateCompile): 21935 * jit/JITCall32_64.cpp: 21936 (JSC::JIT::compileLoadVarargs): 21937 * jit/JITOpcodes32_64.cpp: 21938 (JSC::JIT::emit_op_get_arguments_length): 21939 (JSC::JIT::emit_op_get_argument_by_val): 21940 * jit/SpecializedThunkJIT.h: 21941 (JSC::SpecializedThunkJIT::SpecializedThunkJIT): 21942 219432011-12-20 Filip Pizlo <fpizlo@apple.com> 21944 21945 Value Profiles for arguments should be more easily accessible to the interpreter 21946 https://bugs.webkit.org/show_bug.cgi?id=74984 21947 <rdar://problem/10611364> 21948 21949 Reviewed by Gavin Barraclough. 21950 21951 * bytecode/CodeBlock.cpp: 21952 (JSC::CodeBlock::stronglyVisitStrongReferences): 21953 (JSC::CodeBlock::shouldOptimizeNow): 21954 (JSC::CodeBlock::dumpValueProfiles): 21955 * bytecode/CodeBlock.h: 21956 (JSC::CodeBlock::setArgumentValueProfileSize): 21957 (JSC::CodeBlock::numberOfArgumentValueProfiles): 21958 (JSC::CodeBlock::valueProfileForArgument): 21959 (JSC::CodeBlock::addValueProfile): 21960 (JSC::CodeBlock::valueProfile): 21961 (JSC::CodeBlock::valueProfileForBytecodeOffset): 21962 (JSC::CodeBlock::totalNumberOfValueProfiles): 21963 (JSC::CodeBlock::getFromAllValueProfiles): 21964 * bytecode/ValueProfile.h: 21965 (JSC::ValueProfile::ValueProfile): 21966 * jit/JIT.cpp: 21967 (JSC::JIT::privateCompile): 21968 * jit/JIT.h: 21969 * jit/JITInlineMethods.h: 21970 (JSC::JIT::emitValueProfilingSite): 21971 219722011-12-20 Gavin Barraclough <barraclough@apple.com> 21973 21974 JSC shell should accept utf8 input. 21975 21976 Reviewed by Filip Pizlo. 21977 21978 * jsc.cpp: 21979 (jscSource): 21980 (functionRun): 21981 (functionLoad): 21982 (functionCheckSyntax): 21983 (runWithScripts): 21984 (runInteractive): 21985 219862011-12-20 Gavin Barraclough <barraclough@apple.com> 21987 21988 Rubber Stamped by Sam Weinig 21989 21990 * runtime/JSGlobalData.cpp: 21991 - removed some dead code. 21992 219932011-12-19 Geoffrey Garen <ggaren@apple.com> 21994 21995 Tightened up Vector<T>::append 21996 https://bugs.webkit.org/show_bug.cgi?id=74906 21997 21998 Reviewed by Sam Weinig. 21999 22000 Not a measurable speedup, but code inspection shows better code generated, 22001 and I believe this is a step toward turning off -fomit-frame-pointer. 22002 22003 * wtf/Vector.h: 22004 (WTF::::append): 22005 (WTF::::appendSlowCase): Split out the slow case into a separate function 22006 to keep unnecessary instructions off the hot path. This means the hot 22007 path can now be inlined more often. 22008 22009 Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a 22010 compiler work-around from 2007. 22011 220122011-12-19 Yuqiang Xian <yuqiang.xian@intel.com> 22013 22014 Temporary GPR should not be lazily allocated in DFG JIT on X86 22015 https://bugs.webkit.org/show_bug.cgi?id=74908 22016 22017 Reviewed by Filip Pizlo. 22018 22019 On X86, we used to allocate a temporary GPR lazily when it's really 22020 used rather than defined. This may cause potential issues of 22021 allocating registers inside control flow and result in problems in 22022 subsequent code generation, for example the DFG JIT may think an 22023 operand already being spilled (to satisfy the allocation request) and 22024 generate code to read the data from memory, but the allocation and 22025 spilling are in a branch which is not taken at runtime, so the 22026 generated code is incorrect. 22027 22028 Although current DFG JIT code doesn't have this problematic pattern, 22029 it's better to cut-off the root to avoid any potential issues in the 22030 future. 22031 22032 * dfg/DFGSpeculativeJIT.cpp: 22033 (JSC::DFG::GPRTemporary::GPRTemporary): 22034 * dfg/DFGSpeculativeJIT.h: 22035 (JSC::DFG::GPRTemporary::gpr): 22036 * dfg/DFGSpeculativeJIT32_64.cpp: 22037 (JSC::DFG::SpeculativeJIT::compile): 22038 220392011-12-19 Yuqiang Xian <yuqiang.xian@intel.com> 22040 22041 Remove unused code for non-speculative Arith operations from DFG JIT 22042 https://bugs.webkit.org/show_bug.cgi?id=74905 22043 22044 Reviewed by Filip Pizlo. 22045 22046 * dfg/DFGSpeculativeJIT.h: 22047 * dfg/DFGSpeculativeJIT32_64.cpp: 22048 * dfg/DFGSpeculativeJIT64.cpp: 22049 220502011-12-19 Gavin Barraclough <barraclough@apple.com> 22051 22052 https://bugs.webkit.org/show_bug.cgi?id=74903 22053 Exceptions not thrown correctly from DFG JIT on 32bit 22054 22055 Reviewed by Oliver Hunt. 22056 22057 Arguments for lookupExceptionHandler are not setup correctly. 22058 In the case of ARMv7 we rely on lr being preserved over a call, 22059 this in invalid. On x86 we don't should be poking the arguments onto the stack! 22060 22061 * bytecode/CodeBlock.h: 22062 (JSC::CodeBlock::bytecodeOffsetForCallAtIndex): 22063 * dfg/DFGAssemblyHelpers.h: 22064 (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): 22065 * dfg/DFGGPRInfo.h: 22066 * dfg/DFGJITCompiler.cpp: 22067 (JSC::DFG::JITCompiler::compileBody): 22068 * dfg/DFGJITCompiler.h: 22069 (JSC::DFG::JITCompiler::addExceptionCheck): 22070 (JSC::DFG::JITCompiler::addFastExceptionCheck): 22071 * dfg/DFGOperations.cpp: 22072 * dfg/DFGOperations.h: 22073 220742011-12-19 Filip Pizlo <fpizlo@apple.com> 22075 22076 If we detect that we can use the JIT, don't use computed opcode lookups 22077 https://bugs.webkit.org/show_bug.cgi?id=74899 22078 <rdar://problem/10604551> 22079 22080 Reviewed by Gavin Barraclough. 22081 22082 * interpreter/Interpreter.cpp: 22083 (JSC::Interpreter::Interpreter): 22084 (JSC::Interpreter::initialize): 22085 (JSC::Interpreter::privateExecute): 22086 * interpreter/Interpreter.h: 22087 (JSC::Interpreter::getOpcode): 22088 (JSC::Interpreter::getOpcodeID): 22089 * runtime/JSGlobalData.cpp: 22090 (JSC::JSGlobalData::JSGlobalData): 22091 220922011-12-19 Geoffrey Garen <ggaren@apple.com> 22093 22094 Try to fix the Qt build. 22095 22096 Unreviewed. 22097 22098 * wtf/ThreadSpecific.h: #include! 22099 221002011-12-18 Filip Pizlo <fpizlo@apple.com> 22101 22102 It should be possible to change the value of an Options variable without recompiling the world 22103 https://bugs.webkit.org/show_bug.cgi?id=74807 22104 22105 Reviewed by Gavin Barraclough. 22106 22107 * runtime/Options.cpp: 22108 (JSC::Options::initializeOptions): 22109 * runtime/Options.h: 22110 221112011-12-19 Sheriff Bot <webkit.review.bot@gmail.com> 22112 22113 Unreviewed, rolling out r103250. 22114 http://trac.webkit.org/changeset/103250 22115 https://bugs.webkit.org/show_bug.cgi?id=74877 22116 22117 it still breaks codegen (Requested by olliej on #webkit). 22118 22119 * dfg/DFGAbstractState.cpp: 22120 (JSC::DFG::AbstractState::execute): 22121 * dfg/DFGByteCodeParser.cpp: 22122 (JSC::DFG::ByteCodeParser::parseBlock): 22123 * dfg/DFGNode.h: 22124 * dfg/DFGPropagator.cpp: 22125 (JSC::DFG::Propagator::propagateArithNodeFlags): 22126 (JSC::DFG::Propagator::fixupNode): 22127 (JSC::DFG::Propagator::byValIsPure): 22128 (JSC::DFG::Propagator::clobbersWorld): 22129 (JSC::DFG::Propagator::getByValLoadElimination): 22130 (JSC::DFG::Propagator::checkStructureLoadElimination): 22131 (JSC::DFG::Propagator::getByOffsetLoadElimination): 22132 (JSC::DFG::Propagator::getPropertyStorageLoadElimination): 22133 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): 22134 (JSC::DFG::Propagator::performNodeCSE): 22135 * dfg/DFGSpeculativeJIT.cpp: 22136 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 22137 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 22138 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): 22139 * dfg/DFGSpeculativeJIT.h: 22140 * dfg/DFGSpeculativeJIT32_64.cpp: 22141 (JSC::DFG::SpeculativeJIT::compile): 22142 * dfg/DFGSpeculativeJIT64.cpp: 22143 (JSC::DFG::SpeculativeJIT::compile): 22144 221452011-12-16 Oliver Hunt <oliver@apple.com> 22146 22147 Rolling r103120 back in with merge errors corrected. 22148 22149 PutByVal[Alias] unnecessarily reloads the storage buffer 22150 https://bugs.webkit.org/show_bug.cgi?id=74747 22151 22152 Reviewed by Gavin Barraclough. 22153 22154 Make PutByVal use GetIndexedStorage to load the storage buffer. 22155 This required switching PutByVal to a vararg node (which is 22156 responsible for most of the noise in this patch). This fixes the 22157 remaining portion of the kraken regression caused by the GetByVal 22158 storage load elimination, and a 1-5% win on some of the sub tests of 22159 the typed array benchmark at: 22160 http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html 22161 22162 * dfg/DFGAbstractState.cpp: 22163 (JSC::DFG::AbstractState::execute): 22164 * dfg/DFGByteCodeParser.cpp: 22165 (JSC::DFG::ByteCodeParser::parseBlock): 22166 * dfg/DFGNode.h: 22167 * dfg/DFGPropagator.cpp: 22168 (JSC::DFG::Propagator::propagateArithNodeFlags): 22169 (JSC::DFG::Propagator::fixupNode): 22170 (JSC::DFG::Propagator::byValIndexIsPure): 22171 (JSC::DFG::Propagator::clobbersWorld): 22172 (JSC::DFG::Propagator::getByValLoadElimination): 22173 (JSC::DFG::Propagator::checkStructureLoadElimination): 22174 (JSC::DFG::Propagator::getByOffsetLoadElimination): 22175 (JSC::DFG::Propagator::getPropertyStorageLoadElimination): 22176 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): 22177 (JSC::DFG::Propagator::performNodeCSE): 22178 * dfg/DFGSpeculativeJIT.cpp: 22179 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 22180 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 22181 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): 22182 * dfg/DFGSpeculativeJIT.h: 22183 * dfg/DFGSpeculativeJIT32_64.cpp: 22184 (JSC::DFG::SpeculativeJIT::compile): 22185 * dfg/DFGSpeculativeJIT64.cpp: 22186 (JSC::DFG::SpeculativeJIT::compile): 22187 221882011-12-15 Geoffrey Garen <ggaren@apple.com> 22189 22190 Placement new does an unnecessary NULL check 22191 https://bugs.webkit.org/show_bug.cgi?id=74676 22192 22193 Reviewed by Sam Weinig. 22194 22195 We can define our own version, which skips the NULL check. 22196 22197 Not a measurable speedup, but code inspection shows better code generated, 22198 and I believe this is a step toward turning off -fomit-frame-pointer. 22199 22200 * API/JSCallbackConstructor.h: 22201 (JSC::JSCallbackConstructor::create): 22202 * API/JSCallbackFunction.h: 22203 (JSC::JSCallbackFunction::create): Use the NotNull version of placement 22204 new to skip the NULL check. 22205 22206 * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new. 22207 22208 (JSC::JSCallbackObject::create): 22209 * debugger/DebuggerActivation.h: 22210 (JSC::DebuggerActivation::create): 22211 * heap/HandleHeap.cpp: 22212 (JSC::HandleHeap::grow): 22213 * heap/HandleHeap.h: 22214 (JSC::HandleHeap::allocate): 22215 * heap/MarkedBlock.cpp: 22216 (JSC::MarkedBlock::create): 22217 (JSC::MarkedBlock::recycle): 22218 * jit/JITCode.h: 22219 (JSC::JITCode::clear): 22220 * jsc.cpp: 22221 (GlobalObject::create): 22222 * profiler/CallIdentifier.h: 22223 * runtime/Arguments.h: 22224 (JSC::Arguments::create): 22225 * runtime/ArrayConstructor.h: 22226 (JSC::ArrayConstructor::create): 22227 * runtime/ArrayPrototype.h: 22228 (JSC::ArrayPrototype::create): 22229 * runtime/BooleanConstructor.h: 22230 (JSC::BooleanConstructor::create): 22231 * runtime/BooleanObject.h: 22232 (JSC::BooleanObject::create): 22233 * runtime/BooleanPrototype.h: 22234 (JSC::BooleanPrototype::create): 22235 * runtime/DateConstructor.h: 22236 (JSC::DateConstructor::create): 22237 * runtime/DateInstance.h: 22238 (JSC::DateInstance::create): 22239 * runtime/DatePrototype.h: 22240 (JSC::DatePrototype::create): 22241 * runtime/Error.h: 22242 (JSC::StrictModeTypeErrorFunction::create): 22243 * runtime/ErrorConstructor.h: 22244 (JSC::ErrorConstructor::create): 22245 * runtime/ErrorInstance.h: 22246 (JSC::ErrorInstance::create): 22247 * runtime/ErrorPrototype.h: 22248 (JSC::ErrorPrototype::create): 22249 * runtime/ExceptionHelpers.h: 22250 (JSC::InterruptedExecutionError::create): 22251 (JSC::TerminatedExecutionError::create): 22252 * runtime/Executable.h: 22253 (JSC::NativeExecutable::create): 22254 (JSC::EvalExecutable::create): 22255 (JSC::ProgramExecutable::create): 22256 (JSC::FunctionExecutable::create): 22257 * runtime/FunctionConstructor.h: 22258 (JSC::FunctionConstructor::create): 22259 * runtime/FunctionPrototype.h: 22260 (JSC::FunctionPrototype::create): 22261 * runtime/GetterSetter.h: 22262 (JSC::GetterSetter::create): 22263 * runtime/JSAPIValueWrapper.h: 22264 (JSC::JSAPIValueWrapper::create): 22265 * runtime/JSActivation.h: 22266 (JSC::JSActivation::create): 22267 * runtime/JSArray.h: 22268 (JSC::JSArray::create): 22269 * runtime/JSBoundFunction.cpp: 22270 (JSC::JSBoundFunction::create): 22271 * runtime/JSByteArray.h: 22272 (JSC::JSByteArray::create): Use the NotNull version of placement 22273 new to skip the NULL check. 22274 22275 * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new. 22276 22277 * runtime/JSFunction.cpp: 22278 (JSC::JSFunction::create): 22279 * runtime/JSFunction.h: 22280 (JSC::JSFunction::create): 22281 * runtime/JSGlobalObject.h: 22282 (JSC::JSGlobalObject::create): 22283 * runtime/JSGlobalThis.h: 22284 (JSC::JSGlobalThis::create): 22285 * runtime/JSNotAnObject.h: 22286 (JSC::JSNotAnObject::create): 22287 * runtime/JSONObject.h: 22288 (JSC::JSONObject::create): 22289 * runtime/JSObject.h: 22290 (JSC::JSFinalObject::create): 22291 * runtime/JSPropertyNameIterator.cpp: 22292 (JSC::JSPropertyNameIterator::create): 22293 * runtime/JSPropertyNameIterator.h: 22294 (JSC::JSPropertyNameIterator::create): 22295 * runtime/JSStaticScopeObject.h: 22296 (JSC::JSStaticScopeObject::create): 22297 * runtime/JSString.cpp: 22298 (JSC::StringObject::create): 22299 * runtime/JSString.h: 22300 (JSC::RopeBuilder::createNull): 22301 (JSC::RopeBuilder::create): 22302 (JSC::RopeBuilder::createHasOtherOwner): 22303 * runtime/MathObject.h: 22304 (JSC::MathObject::create): 22305 * runtime/NativeErrorConstructor.h: 22306 (JSC::NativeErrorConstructor::create): 22307 * runtime/NativeErrorPrototype.h: 22308 (JSC::NativeErrorPrototype::create): 22309 * runtime/NumberConstructor.h: 22310 (JSC::NumberConstructor::create): 22311 * runtime/NumberObject.h: 22312 (JSC::NumberObject::create): 22313 * runtime/NumberPrototype.h: 22314 (JSC::NumberPrototype::create): 22315 * runtime/ObjectConstructor.h: 22316 (JSC::ObjectConstructor::create): 22317 * runtime/ObjectPrototype.h: 22318 (JSC::ObjectPrototype::create): 22319 * runtime/RegExp.cpp: 22320 (JSC::RegExp::createWithoutCaching): 22321 * runtime/RegExpConstructor.h: 22322 (JSC::RegExpConstructor::create): 22323 * runtime/RegExpMatchesArray.h: 22324 (JSC::RegExpMatchesArray::create): 22325 * runtime/RegExpObject.h: 22326 (JSC::RegExpObject::create): 22327 * runtime/RegExpPrototype.h: 22328 (JSC::RegExpPrototype::create): 22329 * runtime/ScopeChain.h: 22330 (JSC::ScopeChainNode::create): 22331 * runtime/StrictEvalActivation.h: 22332 (JSC::StrictEvalActivation::create): 22333 * runtime/StringConstructor.h: 22334 (JSC::StringConstructor::create): 22335 * runtime/StringObject.h: 22336 (JSC::StringObject::create): 22337 * runtime/StringPrototype.h: 22338 (JSC::StringPrototype::create): 22339 * runtime/Structure.h: 22340 (JSC::Structure::create): 22341 (JSC::Structure::createStructure): 22342 * runtime/StructureChain.h: 22343 (JSC::StructureChain::create): 22344 * testRegExp.cpp: 22345 (GlobalObject::create): 22346 * wtf/BitVector.cpp: 22347 (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement 22348 new to skip the NULL check. 22349 22350 * wtf/BumpPointerAllocator.h: 22351 (WTF::BumpPointerPool::create): Standardized spacing to make grep easier. 22352 22353 * wtf/ByteArray.cpp: 22354 (WTF::ByteArray::create): 22355 * wtf/Deque.h: 22356 (WTF::::append): 22357 (WTF::::prepend): Use NotNull, as above. 22358 22359 * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise 22360 hide the name of the global placement new. 22361 22362 (WTF::fastNew): Standardized spacing. Most of these functions don't need 22363 NotNull, since they check for NULL, and the optimizer can see that. 22364 22365 * wtf/HashTable.h: 22366 * wtf/HashTraits.h: 22367 (WTF::SimpleClassHashTraits::constructDeletedValue): 22368 * wtf/MetaAllocator.cpp: 22369 (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above. 22370 22371 * wtf/StdLibExtras.h: 22372 (throw): This is our NotNull placement new. Declaring that we throw is 22373 the C++ way to say that operator new will not return NULL. 22374 22375 * wtf/ThreadSpecific.h: 22376 (WTF::T): 22377 * wtf/Vector.h: 22378 (WTF::::append): 22379 (WTF::::tryAppend): 22380 (WTF::::uncheckedAppend): 22381 (WTF::::insert): 22382 * wtf/text/AtomicStringHash.h: 22383 * wtf/text/StringImpl.cpp: 22384 (WTF::StringImpl::createUninitialized): 22385 (WTF::StringImpl::reallocate): 22386 * wtf/text/StringImpl.h: 22387 (WTF::StringImpl::tryCreateUninitialized): 22388 * wtf/text/StringStatics.cpp: 22389 (WTF::AtomicString::init): Use NotNull, as above. 22390 22391 * yarr/YarrInterpreter.cpp: 22392 (JSC::Yarr::Interpreter::allocDisjunctionContext): 22393 (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext): 22394 (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized 22395 spacing for easy grep. 22396 223972011-12-19 Eric Carlson <eric.carlson@apple.com> 22398 22399 Enable <track> for Mac build 22400 https://bugs.webkit.org/show_bug.cgi?id=74838 22401 22402 Reviewed by Darin Adler. 22403 22404 * wtf/Platform.h: 22405 224062011-12-18 Filip Pizlo <fpizlo@apple.com> 22407 22408 DFG is too sloppy with register allocation 22409 https://bugs.webkit.org/show_bug.cgi?id=74835 22410 22411 Reviewed by Gavin Barraclough. 22412 22413 Added assertions that at the end of a successfully generated basic block, 22414 all use counts should be zero. This revealed a number of bugs: 22415 22416 - Array length optimizations were turning a must-generate node into one 22417 that is not must-generate, but failing to change the ref count 22418 accordingly. 22419 22420 - Indexed property storage optimizations were failing to deref their 22421 children, or to deref the indexed property storage node itself. Also, 22422 they used the Phantom node as a replacement. But the Phantom node is 22423 must-generate, which was causing bizarre issues. So this introduces a 22424 Nop node, which should be used in cases where you want a node that is 22425 skipped and has no children. 22426 22427 This does not have any significant performance effect, but it should 22428 relieve some register pressure. The main thing this patch adds, though, 22429 are the assertions, which should make it easier to do register allocation 22430 related changes in the future. 22431 22432 * dfg/DFGAbstractState.cpp: 22433 (JSC::DFG::AbstractState::execute): 22434 * dfg/DFGGenerationInfo.h: 22435 (JSC::DFG::GenerationInfo::initConstant): 22436 (JSC::DFG::GenerationInfo::initInteger): 22437 (JSC::DFG::GenerationInfo::initJSValue): 22438 (JSC::DFG::GenerationInfo::initCell): 22439 (JSC::DFG::GenerationInfo::initBoolean): 22440 (JSC::DFG::GenerationInfo::initDouble): 22441 (JSC::DFG::GenerationInfo::initStorage): 22442 (JSC::DFG::GenerationInfo::use): 22443 * dfg/DFGGraph.h: 22444 (JSC::DFG::Graph::clearAndDerefChild1): 22445 (JSC::DFG::Graph::clearAndDerefChild2): 22446 (JSC::DFG::Graph::clearAndDerefChild3): 22447 * dfg/DFGNode.h: 22448 (JSC::DFG::Node::deref): 22449 * dfg/DFGPropagator.cpp: 22450 (JSC::DFG::Propagator::propagateNodePredictions): 22451 (JSC::DFG::Propagator::fixupNode): 22452 * dfg/DFGSpeculativeJIT.cpp: 22453 (JSC::DFG::SpeculativeJIT::compile): 22454 * dfg/DFGSpeculativeJIT32_64.cpp: 22455 (JSC::DFG::SpeculativeJIT::compile): 22456 * dfg/DFGSpeculativeJIT64.cpp: 22457 (JSC::DFG::SpeculativeJIT::compile): 22458 224592011-12-18 Benjamin Poulain <bpoulain@apple.com> 22460 22461 Remove the duplicated code from ASCIICType.h 22462 https://bugs.webkit.org/show_bug.cgi?id=74771 22463 22464 Reviewed by Andreas Kling. 22465 22466 Use isASCIIDigit() and isASCIIAlpha() instead of copying the code. 22467 22468 * wtf/ASCIICType.h: 22469 (WTF::isASCIIDigit): 22470 (WTF::isASCIIAlphanumeric): 22471 (WTF::isASCIIHexDigit): 22472 224732011-12-18 Anders Carlsson <andersca@apple.com> 22474 22475 Set the main frame view scroll position asynchronously 22476 https://bugs.webkit.org/show_bug.cgi?id=74823 22477 22478 Reviewed by Sam Weinig. 22479 22480 * JavaScriptCore.exp: 22481 224822011-12-10 Andreas Kling <kling@webkit.org> 22483 22484 OpaqueJSClass: Remove RVCT2 workarounds. 22485 <http://webkit.org/b/74250> 22486 22487 Reviewed by Benjamin Poulain. 22488 22489 We no longer need workarounds for the RVCT2 compiler since it was 22490 only used for the Symbian port of WebKit which is now defunct. 22491 22492 * API/JSClassRef.cpp: 22493 (OpaqueJSClass::OpaqueJSClass): 22494 (OpaqueJSClassContextData::OpaqueJSClassContextData): 22495 224962011-12-16 Benjamin Poulain <bpoulain@apple.com> 22497 22498 Remove the duplicated code from ASCIICType.h 22499 https://bugs.webkit.org/show_bug.cgi?id=74771 22500 22501 Reviewed by Andreas Kling. 22502 22503 The functions were sharing similar code and were defined for the various input types. 22504 Use templates instead to avoid code duplication. 22505 22506 * wtf/ASCIICType.h: 22507 (WTF::isASCII): 22508 (WTF::isASCIIAlpha): 22509 (WTF::isASCIIAlphanumeric): 22510 (WTF::isASCIIDigit): 22511 (WTF::isASCIIHexDigit): 22512 (WTF::isASCIILower): 22513 (WTF::isASCIIOctalDigit): 22514 (WTF::isASCIIPrintable): 22515 (WTF::isASCIISpace): 22516 (WTF::isASCIIUpper): 22517 (WTF::toASCIILower): 22518 (WTF::toASCIIUpper): 22519 (WTF::toASCIIHexValue): 22520 (WTF::lowerNibbleToASCIIHexDigit): 22521 (WTF::upperNibbleToASCIIHexDigit): 22522 225232011-12-16 Filip Pizlo <fpizlo@apple.com> 22524 22525 DFG OSR exit may get confused about where in the scratch buffer it stored a value 22526 https://bugs.webkit.org/show_bug.cgi?id=74695 22527 22528 Reviewed by Oliver Hunt. 22529 22530 The code that reads from the scratch buffer now explicitly knows which locations to 22531 read from. No new tests, since this patch covers a case so uncommon that I don't know 22532 how to make a test for it. 22533 22534 * dfg/DFGOSRExitCompiler.h: 22535 (JSC::DFG::OSRExitCompiler::badIndex): 22536 (JSC::DFG::OSRExitCompiler::initializePoisoned): 22537 (JSC::DFG::OSRExitCompiler::poisonIndex): 22538 * dfg/DFGOSRExitCompiler32_64.cpp: 22539 (JSC::DFG::OSRExitCompiler::compileExit): 22540 * dfg/DFGOSRExitCompiler64.cpp: 22541 (JSC::DFG::OSRExitCompiler::compileExit): 22542 225432011-12-16 Oliver Hunt <oliver@apple.com> 22544 22545 PutByVal[Alias] unnecessarily reloads the storage buffer 22546 https://bugs.webkit.org/show_bug.cgi?id=74747 22547 22548 Reviewed by Gavin Barraclough. 22549 22550 Make PutByVal use GetIndexedStorage to load the storage buffer. 22551 This required switching PutByVal to a vararg node (which is 22552 responsible for most of the noise in this patch). This fixes the 22553 remaining portion of the kraken regression caused by the GetByVal 22554 storage load elimination, and a 1-5% win on some of the sub tests of 22555 the typed array benchmark at: 22556 http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html 22557 22558 * dfg/DFGAbstractState.cpp: 22559 (JSC::DFG::AbstractState::execute): 22560 * dfg/DFGByteCodeParser.cpp: 22561 (JSC::DFG::ByteCodeParser::parseBlock): 22562 * dfg/DFGNode.h: 22563 * dfg/DFGPropagator.cpp: 22564 (JSC::DFG::Propagator::propagateArithNodeFlags): 22565 (JSC::DFG::Propagator::fixupNode): 22566 (JSC::DFG::Propagator::byValIndexIsPure): 22567 (JSC::DFG::Propagator::clobbersWorld): 22568 (JSC::DFG::Propagator::getByValLoadElimination): 22569 (JSC::DFG::Propagator::checkStructureLoadElimination): 22570 (JSC::DFG::Propagator::getByOffsetLoadElimination): 22571 (JSC::DFG::Propagator::getPropertyStorageLoadElimination): 22572 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): 22573 (JSC::DFG::Propagator::performNodeCSE): 22574 * dfg/DFGSpeculativeJIT.cpp: 22575 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 22576 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 22577 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): 22578 * dfg/DFGSpeculativeJIT.h: 22579 * dfg/DFGSpeculativeJIT32_64.cpp: 22580 (JSC::DFG::SpeculativeJIT::compile): 22581 * dfg/DFGSpeculativeJIT64.cpp: 22582 (JSC::DFG::SpeculativeJIT::compile): 22583 225842011-12-16 Daniel Bates <dbates@rim.com> 22585 22586 Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h 22587 22588 Rubber-stamped by Antonio Gomes. 22589 22590 BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't 22591 declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h 22592 instead of BlackBerryPlatformMisc.h. 22593 22594 * wtf/Assertions.cpp: 22595 225962011-12-16 Mark Hahnenberg <mhahnenberg@apple.com> 22597 22598 De-virtualize destructors 22599 https://bugs.webkit.org/show_bug.cgi?id=74331 22600 22601 Reviewed by Geoffrey Garen. 22602 22603 This is a megapatch which frees us from the chains of virtual destructors. 22604 22605 In order to remove the virtual destructors, which are the last of the virtual 22606 functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to 22607 the cell rather than to the structure because in order to be able to lazily call 22608 the static destroy() functions that will replace the virtual destructors, we 22609 need to be able to access the ClassInfo without the danger of the object's 22610 Structure being collected before the object itself. 22611 22612 After adding the ClassInfo to the cell, we can then begin to remove our use 22613 of vptrs for optimizations within the JIT and the GC. When we have removed 22614 all of the stored vptrs from JSGlobalData, we can then also remove all of 22615 the related VPtrStealingHack code. 22616 22617 The replacement for virtual destructors will be to add a static destroy function 22618 pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has 22619 a non-trivial destructor will require its own static destroy function to static 22620 call its corresponding destructor, which will now be non-virtual. In future 22621 patches we will slowly move away from destructors altogether as we make more and 22622 more objects backed by GC memory rather than malloc-ed memory. The GC will now 22623 call the static destroy method rather than the virtual destructor. 22624 22625 As we go through the hierarchy and add static destroy functions to classes, 22626 we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes 22627 to which it applies. The future goal is to eventually have every class have that assert. 22628 22629 * API/JSCallbackConstructor.cpp: 22630 (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call 22631 ~JSCallbackConstructor because it has some extra destruction logic. 22632 * API/JSCallbackConstructor.h: 22633 * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction. 22634 * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject 22635 because it has a member OwnPtr that needs destruction. 22636 (JSC::::destroy): 22637 * API/JSCallbackObject.h: 22638 * JavaScriptCore.exp: Add/remove necessary symbols for JSC. 22639 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols. 22640 * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't 22641 have its own ClassInfo despite the fact that it overrides a number of MethodTable 22642 methods. Added the ClassInfo, along with an assertion that its destructor is trivial. 22643 * debugger/DebuggerActivation.h: 22644 * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray, 22645 isJSString, as it is no longer necessary. 22646 (JSC::DFG::putByVal): 22647 * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the 22648 JSArray ClassInfo pointer. 22649 (JSC::DFG::tryCacheGetByID): 22650 * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo 22651 comparisons since we don't have vptrs anymore. 22652 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 22653 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 22654 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 22655 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 22656 (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): 22657 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 22658 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): 22659 (JSC::DFG::SpeculativeJIT::compare): 22660 (JSC::DFG::SpeculativeJIT::compileStrictEq): 22661 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): 22662 * dfg/DFGSpeculativeJIT.h: Ditto. 22663 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): 22664 * dfg/DFGSpeculativeJIT32_64.cpp: Ditto. 22665 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 22666 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 22667 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 22668 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 22669 (JSC::DFG::SpeculativeJIT::emitBranch): 22670 (JSC::DFG::SpeculativeJIT::compile): 22671 * dfg/DFGSpeculativeJIT64.cpp: Ditto. 22672 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 22673 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 22674 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 22675 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 22676 (JSC::DFG::SpeculativeJIT::emitBranch): 22677 (JSC::DFG::SpeculativeJIT::compile): 22678 * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with 22679 ClassInfo comparisons. 22680 (JSC::Heap::Heap): 22681 * heap/MarkStack.cpp: Ditto. 22682 (JSC::MarkStackThreadSharedData::markingThreadMain): 22683 (JSC::visitChildren): 22684 (JSC::SlotVisitor::drain): 22685 * heap/MarkStack.h: Ditto. 22686 (JSC::MarkStack::MarkStack): 22687 * heap/MarkedBlock.cpp: Ditto. 22688 (JSC::MarkedBlock::callDestructor): 22689 (JSC::MarkedBlock::specializedSweep): 22690 * heap/MarkedBlock.h: Ditto. 22691 * heap/SlotVisitor.h: Ditto. 22692 (JSC::SlotVisitor::SlotVisitor): 22693 * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them. 22694 We'll have to rename this class and make it use ClassInfo ptrs in a future patch. 22695 (JSC::VTableSpectrum::count): 22696 * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray, 22697 etc. functions. 22698 (JSC::loadVarargs): 22699 (JSC::Interpreter::tryCacheGetByID): 22700 (JSC::Interpreter::privateExecute): 22701 * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject 22702 * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting, 22703 remove all vtable related code. 22704 (JSC::JIT::emitLoadCharacterString): 22705 (JSC::JIT::emitAllocateBasicJSObject): 22706 (JSC::JIT::emitAllocateJSFinalObject): 22707 (JSC::JIT::emitAllocateJSFunction): 22708 * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo. 22709 (JSC::JIT::privateCompileCTIMachineTrampolines): 22710 (JSC::JIT::emit_op_to_primitive): 22711 (JSC::JIT::emit_op_convert_this): 22712 * jit/JITOpcodes32_64.cpp: Ditto. 22713 (JSC::JIT::privateCompileCTIMachineTrampolines): 22714 (JSC::JIT::emit_op_to_primitive): 22715 (JSC::JIT::emitSlow_op_eq): 22716 (JSC::JIT::emitSlow_op_neq): 22717 (JSC::JIT::compileOpStrictEq): 22718 (JSC::JIT::emit_op_convert_this): 22719 * jit/JITPropertyAccess.cpp: Ditto. 22720 (JSC::JIT::stringGetByValStubGenerator): 22721 (JSC::JIT::emit_op_get_by_val): 22722 (JSC::JIT::emitSlow_op_get_by_val): 22723 (JSC::JIT::emit_op_put_by_val): 22724 (JSC::JIT::privateCompilePutByIdTransition): 22725 (JSC::JIT::privateCompilePatchGetArrayLength): 22726 * jit/JITPropertyAccess32_64.cpp: Ditto. 22727 (JSC::JIT::stringGetByValStubGenerator): 22728 (JSC::JIT::emit_op_get_by_val): 22729 (JSC::JIT::emitSlow_op_get_by_val): 22730 (JSC::JIT::emit_op_put_by_val): 22731 (JSC::JIT::privateCompilePatchGetArrayLength): 22732 * jit/JITStubs.cpp: Remove global data argument from isJSString, etc. 22733 (JSC::JITThunks::tryCacheGetByID): 22734 (JSC::DEFINE_STUB_FUNCTION): 22735 * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff. 22736 (JSC::SpecializedThunkJIT::loadJSStringArgument): 22737 * runtime/ArrayConstructor.cpp: Add trivial destructor assert. 22738 * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray. 22739 (JSC::arrayProtoFuncToString): 22740 (JSC::arrayProtoFuncJoin): 22741 (JSC::arrayProtoFuncPop): 22742 (JSC::arrayProtoFuncPush): 22743 (JSC::arrayProtoFuncShift): 22744 (JSC::arrayProtoFuncSplice): 22745 (JSC::arrayProtoFuncUnShift): 22746 (JSC::arrayProtoFuncFilter): 22747 (JSC::arrayProtoFuncMap): 22748 (JSC::arrayProtoFuncEvery): 22749 (JSC::arrayProtoFuncForEach): 22750 (JSC::arrayProtoFuncSome): 22751 (JSC::arrayProtoFuncReduce): 22752 (JSC::arrayProtoFuncReduceRight): 22753 * runtime/BooleanConstructor.cpp: Add trivial destructor assert. 22754 * runtime/BooleanObject.cpp: Ditto. 22755 * runtime/BooleanPrototype.cpp: Ditto. 22756 * runtime/ClassInfo.h: Add destroy function pointer to MethodTable. 22757 * runtime/DateConstructor.cpp: Add trivial destructor assert. 22758 * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr 22759 that needs destruction. 22760 (JSC::DateInstance::destroy): 22761 * runtime/DateInstance.h: 22762 * runtime/Error.cpp: Ditto (because of UString member). 22763 (JSC::StrictModeTypeErrorFunction::destroy): 22764 * runtime/Error.h: 22765 * runtime/ErrorConstructor.cpp: Add trivial destructor assert. 22766 * runtime/ErrorInstance.cpp: Ditto. 22767 * runtime/ExceptionHelpers.cpp: Ditto. 22768 * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses. 22769 (JSC::ExecutableBase::destroy): 22770 (JSC::NativeExecutable::destroy): 22771 (JSC::ScriptExecutable::destroy): 22772 (JSC::EvalExecutable::destroy): 22773 (JSC::ProgramExecutable::destroy): 22774 (JSC::FunctionExecutable::destroy): 22775 * runtime/Executable.h: 22776 * runtime/FunctionConstructor.cpp: Add trivial destructor assert. 22777 * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray. 22778 (JSC::functionProtoFuncApply): 22779 * runtime/GetterSetter.cpp: Ditto. 22780 * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no 22781 longer exists. 22782 (JSC::initializeThreadingOnce): 22783 * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert, 22784 remove first arg from isJSString. 22785 (JSC::InternalFunction::displayName): 22786 * runtime/InternalFunction.h: Remove VPtrStealingHack. 22787 * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert. 22788 * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in 22789 destructor with ClassInfo checks. 22790 (JSC::JSArray::~JSArray): 22791 (JSC::JSArray::destroy): 22792 * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray 22793 and change them to check the ClassInfo rather than the vptrs. 22794 (JSC::isJSArray): 22795 * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray. 22796 (JSC::boundFunctionCall): 22797 (JSC::boundFunctionConstruct): 22798 * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks. 22799 (JSC::JSByteArray::~JSByteArray): 22800 (JSC::JSByteArray::destroy): 22801 * runtime/JSByteArray.h: Remove VPtrStealingHack code. 22802 (JSC::isJSByteArray): 22803 * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function. 22804 (JSC::JSCell::destroy): 22805 * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset 22806 of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to 22807 the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions, 22808 as they are no longer used. Add a validatedClassInfo function to JSCell for any clients 22809 that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the 22810 same one as that contained in the Structure. This isn't used too often, because most of 22811 the places where we compare the ClassInfo to things can be called during destruction. 22812 Since the Structure is unreliable during the phase when destructors are being called, 22813 we can't call validatedClassInfo. 22814 (JSC::JSCell::classInfoOffset): 22815 (JSC::JSCell::structure): 22816 (JSC::JSCell::classInfo): 22817 * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor, 22818 remove first arg from call to isJSString. 22819 (JSC::JSFunction::destroy): 22820 (JSC::JSFunction::displayName): 22821 * runtime/JSFunction.h: 22822 * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs, 22823 as these vptrs are no longer needed in the codebase. 22824 * runtime/JSGlobalData.h: 22825 (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use 22826 ClassInfo rather than the vptr. 22827 * runtime/JSGlobalObject.cpp: Add static destroy function. 22828 (JSC::JSGlobalObject::destroy): 22829 * runtime/JSGlobalObject.h: 22830 * runtime/JSGlobalThis.cpp: Add trivial destructor assert. 22831 * runtime/JSNotAnObject.cpp: Ditto. 22832 * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls. 22833 (JSC::Stringifier::Holder::appendNextProperty): 22834 (JSC::Walker::walk): 22835 * runtime/JSObject.cpp: 22836 (JSC::JSFinalObject::destroy): 22837 (JSC::JSNonFinalObject::destroy): 22838 (JSC::JSObject::destroy): 22839 * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor 22840 from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and 22841 JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code. 22842 (JSC::JSObject::finishCreation): 22843 (JSC::JSNonFinalObject::finishCreation): 22844 (JSC::JSFinalObject::finishCreation): 22845 (JSC::isJSFinalObject): 22846 * runtime/JSPropertyNameIterator.cpp: Add static destroy. 22847 (JSC::JSPropertyNameIterator::destroy): 22848 * runtime/JSPropertyNameIterator.h: 22849 * runtime/JSStaticScopeObject.cpp: Ditto. 22850 (JSC::JSStaticScopeObject::destroy): 22851 * runtime/JSStaticScopeObject.h: Ditto. 22852 * runtime/JSString.cpp: 22853 (JSC::JSString::destroy): 22854 * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code, 22855 since we no longer need to fixup vptrs. 22856 (JSC::jsSingleCharacterString): 22857 (JSC::jsSingleCharacterSubstring): 22858 (JSC::jsNontrivialString): 22859 (JSC::jsString): 22860 (JSC::jsSubstring8): 22861 (JSC::jsSubstring): 22862 (JSC::jsOwnedString): 22863 (JSC::jsStringBuilder): 22864 (JSC::isJSString): 22865 * runtime/JSVariableObject.cpp: 22866 (JSC::JSVariableObject::destroy): 22867 * runtime/JSVariableObject.h: Ditto. 22868 * runtime/JSWrapperObject.cpp: 22869 * runtime/JSWrapperObject.h: Add trivial destructor assert. 22870 * runtime/MathObject.cpp: Ditto. 22871 * runtime/NativeErrorConstructor.cpp: Ditto. 22872 * runtime/NumberConstructor.cpp: Ditto. 22873 * runtime/NumberObject.cpp: Ditto. 22874 * runtime/NumberPrototype.cpp: Ditto. 22875 * runtime/ObjectConstructor.cpp: Ditto. 22876 * runtime/ObjectPrototype.cpp: Ditto. 22877 * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString. 22878 (JSC::jsString): 22879 (JSC::jsLess): 22880 (JSC::jsLessEq): 22881 * runtime/RegExp.cpp: Add static destroy. 22882 (JSC::RegExp::destroy): 22883 * runtime/RegExp.h: 22884 * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray. 22885 (JSC::RegExpConstructor::destroy): 22886 (JSC::RegExpMatchesArray::destroy): 22887 * runtime/RegExpConstructor.h: 22888 * runtime/RegExpMatchesArray.h: 22889 * runtime/RegExpObject.cpp: Add static destroy. 22890 (JSC::RegExpObject::destroy): 22891 * runtime/RegExpObject.h: 22892 * runtime/ScopeChain.cpp: Add trivial destructor assert. 22893 * runtime/ScopeChain.h: 22894 * runtime/StrictEvalActivation.cpp: Ditto. 22895 * runtime/StringConstructor.cpp: 22896 * runtime/StringObject.cpp: Ditto. Remove vtableAnchor. 22897 * runtime/StringObject.h: 22898 * runtime/StringPrototype.cpp: Ditto. 22899 * runtime/Structure.cpp: Add static destroy. 22900 (JSC::Structure::destroy): 22901 * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h 22902 because they need to have the full Structure type to access the ClassInfo to store in the JSCell. 22903 (JSC::JSCell::setStructure): 22904 (JSC::JSCell::validatedClassInfo): 22905 (JSC::JSCell::JSCell): 22906 (JSC::JSCell::finishCreation): 22907 * runtime/StructureChain.cpp: Add static destroy. 22908 (JSC::StructureChain::destroy): 22909 * runtime/StructureChain.h: 22910 * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs 22911 ability to tell us when a class has a trivial destructor. We will use this assert 22912 more in future patches as we move toward having all JSC objects backed by GC memory, 22913 which means moving away from using destructors/finalizers. 22914 229152011-12-15 Martin Robinson <mrobinson@igalia.com> 22916 22917 Fix 'make dist' in preparation for the GTK+ release. 22918 22919 * GNUmakefile.list.am: Add missing header. 22920 229212011-12-15 Sam Weinig <sam@webkit.org> 22922 22923 <rdar://problem/10552550> JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly 22924 22925 Reviewed by Gavin Barraclough. 22926 22927 Original patch by Jim Grosbach. 22928 22929 * jit/JITStubs.cpp: 22930 (JSC::ctiTrampoline): 22931 (JSC::ctiVMThrowTrampoline): 22932 Replace uses of the 'cpy' mnemonic with 'mov'. 22933 229342011-12-15 Filip Pizlo <fpizlo@apple.com> 22935 22936 Value profiling should distinguished between NaN and non-NaN doubles 22937 https://bugs.webkit.org/show_bug.cgi?id=74682 22938 22939 Reviewed by Gavin Barraclough. 22940 22941 Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union 22942 of the two. 22943 22944 * bytecode/PredictedType.cpp: 22945 (JSC::predictionToString): 22946 (JSC::predictionFromValue): 22947 * bytecode/PredictedType.h: 22948 (JSC::isDoubleRealPrediction): 22949 (JSC::isDoublePrediction): 22950 229512011-12-15 Anders Carlsson <andersca@apple.com> 22952 22953 Regression (r102866): Navigating away from or closing a page with a plugin crashes 22954 https://bugs.webkit.org/show_bug.cgi?id=74655 22955 <rdar://problem/10590024> 22956 22957 Reviewed by Sam Weinig. 22958 22959 Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes, 22960 using a modified version of the technique described here: 22961 http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699 22962 22963 * wtf/Functional.h: 22964 229652011-12-15 Andy Wingo <wingo@igalia.com> 22966 22967 Warnings fixes in Interpreter.cpp and PrivateExecute.cpp 22968 https://bugs.webkit.org/show_bug.cgi?id=74624 22969 22970 Reviewed by Darin Adler. 22971 22972 * interpreter/Interpreter.cpp: 22973 (JSC::Interpreter::privateExecute): Fix variables unused in 22974 release mode. 22975 * wtf/ParallelJobsGeneric.cpp: 22976 (WTF::ParallelEnvironment::ParallelEnvironment): Fix 22977 signed/unsigned comparison warning, with a cast. 22978 229792011-12-15 Andy Wingo <wingo@igalia.com> 22980 22981 Use more macrology in JSC::Options 22982 https://bugs.webkit.org/show_bug.cgi?id=72938 22983 22984 Reviewed by Filip Pizlo. 22985 22986 * runtime/Options.cpp: 22987 (JSC::Options::initializeOptions): 22988 * runtime/Options.h: Use macros to ensure that all heuristics are 22989 declared and have initializers. 22990 229912011-12-15 Anders Carlsson <andersca@apple.com> 22992 22993 Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define 22994 https://bugs.webkit.org/show_bug.cgi?id=74639 22995 22996 Reviewed by Andreas Kling. 22997 22998 Add ENABLE_THREADED_SCROLLING #define. 22999 23000 * wtf/Platform.h: 23001 230022011-12-15 Anders Carlsson <andersca@apple.com> 23003 23004 EventDispatcher should handle wheel events on the connection queue 23005 https://bugs.webkit.org/show_bug.cgi?id=74627 23006 23007 Reviewed by Andreas Kling. 23008 23009 Add a BoundFunctionImpl specialization that takes three parameters. 23010 23011 * wtf/Functional.h: 23012 (WTF::C::): 23013 (WTF::R): 23014 (WTF::bind): 23015 230162011-12-14 Anders Carlsson <andersca@apple.com> 23017 23018 Add WTF::Function to wtf/Forward.h 23019 https://bugs.webkit.org/show_bug.cgi?id=74576 23020 23021 Reviewed by Adam Roben. 23022 23023 * jsc.cpp: 23024 Work around a name conflict in the readline library. 23025 23026 * wtf/Forward.h: 23027 Add Function. 23028 230292011-12-15 Igor Oliveira <igor.oliveira@openbossa.org> 23030 23031 [Qt] Support requestAnimationFrame API 23032 https://bugs.webkit.org/show_bug.cgi?id=74528 23033 23034 Let Qt port use REQUEST_ANIMATION_FRAME_TIMER. 23035 23036 Reviewed by Kenneth Rohde Christiansen. 23037 23038 * wtf/Platform.h: 23039 230402011-12-15 Andy Wingo <wingo@igalia.com> 23041 23042 Minor refactor to Parser::parseTryStatement 23043 https://bugs.webkit.org/show_bug.cgi?id=74507 23044 23045 Reviewed by Geoffrey Garen. 23046 23047 * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the 23048 Parser's declareVariable instead of going directly to the scope. 23049 This will facilitate future checks related to harmony block 23050 scoping. 23051 230522011-12-15 Andy Wingo <wingo@igalia.com> 23053 23054 Rename JSC::Heuristics to JSC::Options 23055 https://bugs.webkit.org/show_bug.cgi?id=72889 23056 23057 Reviewed by Filip Pizlo. 23058 23059 * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp. 23060 * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h. 23061 23062 * CMakeLists.txt: 23063 * GNUmakefile.list.am: 23064 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 23065 * JavaScriptCore.xcodeproj/project.pbxproj: 23066 * Target.pri: 23067 * bytecode/CodeBlock.cpp: 23068 (JSC::CodeBlock::shouldOptimizeNow): 23069 * bytecode/CodeBlock.h: 23070 (JSC::CodeBlock::likelyToTakeSlowCase): 23071 (JSC::CodeBlock::couldTakeSlowCase): 23072 (JSC::CodeBlock::likelyToTakeSpecialFastCase): 23073 (JSC::CodeBlock::likelyToTakeDeepestSlowCase): 23074 (JSC::CodeBlock::likelyToTakeAnySlowCase): 23075 (JSC::CodeBlock::reoptimizationRetryCounter): 23076 (JSC::CodeBlock::countReoptimization): 23077 (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): 23078 (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): 23079 (JSC::CodeBlock::optimizeNextInvocation): 23080 (JSC::CodeBlock::dontOptimizeAnytimeSoon): 23081 (JSC::CodeBlock::optimizeSoon): 23082 (JSC::CodeBlock::largeFailCountThreshold): 23083 (JSC::CodeBlock::largeFailCountThresholdForLoop): 23084 (JSC::CodeBlock::shouldReoptimizeNow): 23085 (JSC::CodeBlock::shouldReoptimizeFromLoopNow): 23086 * dfg/DFGByteCodeParser.cpp: 23087 (JSC::DFG::ByteCodeParser::handleInlining): 23088 * dfg/DFGCapabilities.h: 23089 (JSC::DFG::mightCompileEval): 23090 (JSC::DFG::mightCompileProgram): 23091 (JSC::DFG::mightCompileFunctionForCall): 23092 (JSC::DFG::mightCompileFunctionForConstruct): 23093 (JSC::DFG::mightInlineFunctionForCall): 23094 (JSC::DFG::mightInlineFunctionForConstruct): 23095 * dfg/DFGOSRExit.cpp: 23096 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): 23097 * dfg/DFGOSRExitCompiler32_64.cpp: 23098 (JSC::DFG::OSRExitCompiler::compileExit): 23099 * dfg/DFGOSRExitCompiler64.cpp: 23100 (JSC::DFG::OSRExitCompiler::compileExit): 23101 * dfg/DFGVariableAccessData.h: 23102 (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): 23103 * heap/MarkStack.cpp: 23104 (JSC::MarkStackSegmentAllocator::allocate): 23105 (JSC::MarkStackSegmentAllocator::shrinkReserve): 23106 (JSC::MarkStackArray::MarkStackArray): 23107 (JSC::MarkStackArray::donateSomeCellsTo): 23108 (JSC::MarkStackArray::stealSomeCellsFrom): 23109 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): 23110 (JSC::SlotVisitor::donateSlow): 23111 (JSC::SlotVisitor::drain): 23112 (JSC::SlotVisitor::drainFromShared): 23113 * heap/MarkStack.h: 23114 (JSC::MarkStack::mergeOpaqueRootsIfProfitable): 23115 (JSC::MarkStack::addOpaqueRoot): 23116 (JSC::MarkStackArray::canDonateSomeCells): 23117 * heap/SlotVisitor.h: 23118 (JSC::SlotVisitor::donate): 23119 * jit/JIT.cpp: 23120 (JSC::JIT::emitOptimizationCheck): 23121 * runtime/InitializeThreading.cpp: 23122 (JSC::initializeThreadingOnce): Adapt callers and build systems. 23123 23124 * testRegExp.cpp: 23125 (CommandLine::CommandLine): 23126 * jsc.cpp: 23127 (CommandLine::CommandLine): 23128 Rename from Options, to avoid name conflict. 23129 231302011-12-14 Sam Weinig <sam@webkit.org> 23131 23132 Revert unintentional change to JavaScriptCore.def 23133 23134 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 23135 231362011-12-14 Sam Weinig <weinig@apple.com> 23137 23138 Remove whitespace from InheritedPropertySheets attributes in 23139 vsprops files to appease the Visual Studio project migrator. 23140 23141 Reviewed by Adam Roben. 23142 23143 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 23144 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: 23145 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: 23146 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: 23147 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: 23148 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: 23149 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: 23150 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: 23151 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: 23152 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: 23153 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: 23154 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: 23155 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: 23156 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: 23157 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: 23158 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: 23159 * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: 23160 * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: 23161 * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: 23162 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: 23163 * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: 23164 * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: 23165 * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: 23166 * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: 23167 * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: 23168 * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: 23169 * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: 23170 * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: 23171 * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: 23172 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: 23173 * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: 23174 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: 23175 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: 23176 * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: 23177 * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: 23178 * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: 23179 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: 23180 * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: 23181 * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: 23182 * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: 23183 * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: 23184 * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: 23185 * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: 23186 231872011-12-14 Anders Carlsson <andersca@apple.com> 23188 23189 binding a member function should ref/deref the object pointer if needed 23190 https://bugs.webkit.org/show_bug.cgi?id=74552 23191 23192 Reviewed by Sam Weinig. 23193 23194 Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref 23195 member functions which the right type. Use this to determine if we should ref/deref the first parameter. 23196 23197 * wtf/Functional.h: 23198 (WTF::R): 23199 (WTF::C::): 23200 (WTF::RefAndDeref::ref): 23201 (WTF::RefAndDeref::deref): 23202 232032011-12-14 Hajime Morrita <morrita@chromium.org> 23204 23205 JS_INLINE and WTF_INLINE should be visible from WebCore 23206 https://bugs.webkit.org/show_bug.cgi?id=73191 23207 23208 - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. 23209 - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. 23210 - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. 23211 23212 Reviewed by Kevin Ollivier. 23213 23214 * JavaScriptCore.xcodeproj/project.pbxproj: 23215 * config.h: 23216 * runtime/JSExportMacros.h: Added. 23217 * wtf/ExportMacros.h: 23218 * wtf/Platform.h: 23219 * wtf/WTFThreadData.h: 23220 * wtf/text/AtomicString.h: 23221 * wtf/text/StringStatics.cpp: 23222 232232011-12-14 Anders Carlsson <andersca@apple.com> 23224 23225 Work around a bug in the MSVC2005 compiler 23226 https://bugs.webkit.org/show_bug.cgi?id=74550 23227 23228 Reviewed by Sam Weinig. 23229 23230 Add template parameters for the return types of the partial specializations of BoundFunctionImpl. 23231 23232 * wtf/Functional.h: 23233 (WTF::R): 23234 232352011-12-13 Jon Lee <jonlee@apple.com> 23236 23237 Enable notifications on Mac. 23238 23239 Reviewed by Sam Weinig. 23240 23241 * Configurations/FeatureDefines.xcconfig: 23242 232432011-12-14 David Kilzer <ddkilzer@apple.com> 23244 23245 Remove definition of old ENABLE(YARR) macro 23246 <http://webkit.org/b/74532> 23247 23248 Reviewed by Darin Adler. 23249 23250 * wtf/Platform.h: Removed ENABLE_YARR macros. 23251 232522011-12-14 Anders Carlsson <andersca@apple.com> 23253 23254 bind should handle member functions 23255 https://bugs.webkit.org/show_bug.cgi?id=74529 23256 23257 Reviewed by Sam Weinig. 23258 23259 Add FunctionWrapper partial specializations for member function pointers. 23260 23261 * wtf/Functional.h: 23262 (WTF::C::): 23263 232642011-12-14 Gavin Barraclough <barraclough@apple.com> 23265 23266 DFG relies on returning a struct in registers 23267 https://bugs.webkit.org/show_bug.cgi?id=74527 23268 23269 Reviewed by Geoff Garen. 23270 23271 This will not work on all platforms. Returning a uint64_t will more reliably achieve 23272 what we want, on 32-bit platforms (on 64-bit, stick with the struct return). 23273 23274 * dfg/DFGOperations.cpp: 23275 * dfg/DFGOperations.h: 23276 (JSC::DFG::DFGHandler::dfgHandlerEncoded): 23277 232782011-12-14 Anders Carlsson <andersca@apple.com> 23279 23280 Add unary and binary bind overloads 23281 https://bugs.webkit.org/show_bug.cgi?id=74524 23282 23283 Reviewed by Sam Weinig. 23284 23285 * wtf/Functional.h: 23286 (WTF::R): 23287 (WTF::FunctionWrapper::ResultType): 23288 (WTF::bind): 23289 232902011-12-14 Anders Carlsson <andersca@apple.com> 23291 23292 Add back the callOnMainThread overload that takes a WTF::Function 23293 https://bugs.webkit.org/show_bug.cgi?id=74512 23294 23295 Reviewed by Darin Adler. 23296 23297 Add back the overload; the changes to WebCore should hopefully keep Windows building. 23298 23299 * wtf/MainThread.cpp: 23300 (WTF::callFunctionObject): 23301 (WTF::callOnMainThread): 23302 * wtf/MainThread.h: 23303 233042011-12-13 Filip Pizlo <fpizlo@apple.com> 23305 23306 DFG should infer when local variables are doubles 23307 https://bugs.webkit.org/show_bug.cgi?id=74480 23308 23309 Reviewed by Oliver Hunt. 23310 23311 Introduced the notion that a local variable (though not an argument, yet!) can 23312 be stored as a double, and will be guaranteed to always contain a double. This 23313 requires more magic in the OSR (conversion in both entry and exit). The inference 23314 is quite unorthodox: all uses of a variable vote on whether they think it should 23315 be a double or a JSValue, based on how they use it. If they use it in an integer 23316 or boxed value context, they vote JSValue. If they use it in a double context, 23317 they vote double. This voting is interleaved in the propagator's fixpoint, so 23318 that variables voted double then have a double prediction propagated from them. 23319 This interleaving is needed because a variable that actually always contains an 23320 integer that always gets used in arithmetic that involves doubles may end up 23321 being voted double, which then means that all uses of the variable will see a 23322 double rather than an integer. 23323 23324 This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7% 23325 to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to 23326 Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial. 23327 It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar 23328 results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall 23329 win on SunSpider. 23330 23331 * bytecode/ValueRecovery.h: 23332 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble): 23333 (JSC::ValueRecovery::dump): 23334 * dfg/DFGAbstractState.cpp: 23335 (JSC::DFG::AbstractState::execute): 23336 * dfg/DFGAssemblyHelpers.h: 23337 (JSC::DFG::AssemblyHelpers::boxDouble): 23338 * dfg/DFGGraph.cpp: 23339 (JSC::DFG::Graph::dump): 23340 * dfg/DFGJITCompiler.h: 23341 (JSC::DFG::JITCompiler::noticeOSREntry): 23342 * dfg/DFGOSREntry.cpp: 23343 (JSC::DFG::prepareOSREntry): 23344 * dfg/DFGOSREntry.h: 23345 * dfg/DFGOSRExitCompiler64.cpp: 23346 (JSC::DFG::OSRExitCompiler::compileExit): 23347 * dfg/DFGPropagator.cpp: 23348 (JSC::DFG::Propagator::vote): 23349 (JSC::DFG::Propagator::doRoundOfDoubleVoting): 23350 (JSC::DFG::Propagator::propagatePredictions): 23351 (JSC::DFG::Propagator::fixupNode): 23352 * dfg/DFGSpeculativeJIT.cpp: 23353 (JSC::DFG::ValueSource::dump): 23354 (JSC::DFG::SpeculativeJIT::compile): 23355 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 23356 * dfg/DFGSpeculativeJIT.h: 23357 * dfg/DFGSpeculativeJIT32_64.cpp: 23358 (JSC::DFG::SpeculativeJIT::compile): 23359 * dfg/DFGSpeculativeJIT64.cpp: 23360 (JSC::DFG::SpeculativeJIT::compile): 23361 * dfg/DFGVariableAccessData.h: 23362 (JSC::DFG::VariableAccessData::VariableAccessData): 23363 (JSC::DFG::VariableAccessData::clearVotes): 23364 (JSC::DFG::VariableAccessData::vote): 23365 (JSC::DFG::VariableAccessData::doubleVoteRatio): 23366 (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): 23367 (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): 23368 (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): 23369 * runtime/Arguments.cpp: 23370 (JSC::Arguments::tearOff): 23371 * runtime/Heuristics.cpp: 23372 (JSC::Heuristics::initializeHeuristics): 23373 * runtime/Heuristics.h: 23374 233752011-12-13 Anders Carlsson <andersca@apple.com> 23376 23377 Try to fix the Windows build. 23378 23379 Remove the callOnMainThread overload that takes a WTF::Function since it's not being used. 23380 23381 * wtf/MainThread.cpp: 23382 * wtf/MainThread.h: 23383 233842011-12-13 Anders Carlsson <andersca@apple.com> 23385 23386 Add a very bare-bones implementation of bind and Function to WTF 23387 https://bugs.webkit.org/show_bug.cgi?id=74462 23388 23389 Reviewed by Sam Weinig. 23390 23391 In order to make it easier to package up function calls and send them across 23392 threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new 23393 wtf/Functional.h header. 23394 23395 Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied, 23396 but I'll add more as the need arises. 23397 23398 * GNUmakefile.list.am: 23399 * JavaScriptCore.gypi: 23400 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 23401 * JavaScriptCore.xcodeproj/project.pbxproj: 23402 * wtf/Functional.h: Added. 23403 (WTF::R): 23404 (WTF::FunctionImplBase::~FunctionImplBase): 23405 (WTF::FunctionWrapper::ResultType): 23406 (WTF::FunctionBase::isNull): 23407 (WTF::FunctionBase::FunctionBase): 23408 (WTF::FunctionBase::impl): 23409 (WTF::bind): 23410 * wtf/MainThread.cpp: 23411 (WTF::callFunctionObject): 23412 (WTF::callOnMainThread): 23413 * wtf/MainThread.h: 23414 * wtf/wtf.pro: 23415 234162011-12-13 Geoffrey Garen <ggaren@apple.com> 23417 23418 <rdar://problem/10577239> GC Crash introduced in r102545 23419 23420 Reviewed by Gavin Barraclough. 23421 23422 MarkedArgumentBuffer was still marking items in forwards order, even though 23423 the argument order has been reversed. 23424 23425 I fixed this bug, and replaced address calculation code with some helper 23426 functions -- mallocBase() and slotFor() -- so it stays fixed everywhere. 23427 23428 * runtime/ArgList.cpp: 23429 (JSC::MarkedArgumentBuffer::markLists): 23430 (JSC::MarkedArgumentBuffer::slowAppend): 23431 * runtime/ArgList.h: 23432 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): 23433 (JSC::MarkedArgumentBuffer::at): 23434 (JSC::MarkedArgumentBuffer::append): 23435 (JSC::MarkedArgumentBuffer::last): 23436 (JSC::MarkedArgumentBuffer::slotFor): 23437 (JSC::MarkedArgumentBuffer::mallocBase): 23438 234392011-12-13 Filip Pizlo <fpizlo@apple.com> 23440 23441 DFG OSR exit for UInt32ToNumber should roll forward, not roll backward 23442 https://bugs.webkit.org/show_bug.cgi?id=74463 23443 23444 Reviewed by Gavin Barraclough. 23445 23446 Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing 23447 how to execute the slow path of UInt32ToNumber. 23448 23449 * bytecode/CodeBlock.h: 23450 (JSC::CodeBlock::lastOSRExit): 23451 * bytecode/CodeOrigin.h: 23452 (JSC::CodeOrigin::operator!=): 23453 * bytecode/ValueRecovery.h: 23454 (JSC::ValueRecovery::uint32InGPR): 23455 (JSC::ValueRecovery::gpr): 23456 (JSC::ValueRecovery::dump): 23457 * dfg/DFGAssemblyHelpers.cpp: 23458 * dfg/DFGAssemblyHelpers.h: 23459 * dfg/DFGOSRExit.h: 23460 (JSC::DFG::OSRExit::valueRecoveryForOperand): 23461 * dfg/DFGOSRExitCompiler32_64.cpp: 23462 (JSC::DFG::OSRExitCompiler::compileExit): 23463 * dfg/DFGOSRExitCompiler64.cpp: 23464 (JSC::DFG::OSRExitCompiler::compileExit): 23465 * dfg/DFGSpeculativeJIT.cpp: 23466 (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): 23467 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): 23468 * dfg/DFGSpeculativeJIT.h: 23469 * dfg/DFGSpeculativeJIT32_64.cpp: 23470 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): 23471 (JSC::DFG::SpeculativeJIT::compile): 23472 * dfg/DFGSpeculativeJIT64.cpp: 23473 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): 23474 (JSC::DFG::SpeculativeJIT::compile): 23475 234762011-12-13 Oliver Hunt <oliver@apple.com> 23477 23478 Arguments object doesn't handle mutation of length property correctly 23479 https://bugs.webkit.org/show_bug.cgi?id=74454 23480 23481 Reviewed by Gavin Barraclough. 23482 23483 Correct handling of arguments objects with overridden length property 23484 23485 * interpreter/Interpreter.cpp: 23486 (JSC::loadVarargs): 23487 * runtime/Arguments.cpp: 23488 (JSC::Arguments::copyToArguments): 23489 (JSC::Arguments::fillArgList): 23490 234912011-12-13 Filip Pizlo <fpizlo@apple.com> 23492 23493 DFG GetByVal CSE rule should match PutByValAlias 23494 https://bugs.webkit.org/show_bug.cgi?id=74390 23495 23496 Reviewed by Geoff Garen. 23497 23498 Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider. 23499 23500 * dfg/DFGPropagator.cpp: 23501 (JSC::DFG::Propagator::getByValLoadElimination): 23502 235032011-12-13 Andy Wingo <wingo@igalia.com> 23504 23505 Fix interpreter debug build. 23506 https://bugs.webkit.org/show_bug.cgi?id=74439 23507 23508 Reviewed by Geoffrey Garen. 23509 23510 * bytecode/ValueRecovery.h: Include stdio.h on debug builds. 23511 235122011-12-13 Filip Pizlo <fpizlo@apple.com> 23513 23514 DFG should know exactly why recompilation was triggered 23515 https://bugs.webkit.org/show_bug.cgi?id=74362 23516 23517 Reviewed by Oliver Hunt. 23518 23519 Each OSR exit is now individually counted, as well as counting the total number 23520 of OSR exits that occurred in a code block. If recompilation is triggered, we 23521 check to see if there are OSR exit sites that make up a sufficiently large 23522 portion of the total OSR exits that occurred. For any such OSR exit sites, we 23523 add a description of the site (bytecode index, kind) to a data structure in the 23524 corresponding baseline CodeBlock. Then, when we recompile the code, we immediately 23525 know which speculations would be unwise based on the fact that previous such 23526 speculations proved to be fruitless. 23527 23528 This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue, 23529 and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less 23530 than 0.5%. 23531 23532 * CMakeLists.txt: 23533 * GNUmakefile.list.am: 23534 * JavaScriptCore.xcodeproj/project.pbxproj: 23535 * Target.pri: 23536 * bytecode/CodeBlock.cpp: 23537 (JSC::CodeBlock::tallyFrequentExitSites): 23538 * bytecode/CodeBlock.h: 23539 (JSC::CodeBlock::addFrequentExitSite): 23540 (JSC::CodeBlock::exitProfile): 23541 (JSC::CodeBlock::reoptimize): 23542 (JSC::CodeBlock::tallyFrequentExitSites): 23543 * bytecode/DFGExitProfile.cpp: Added. 23544 (JSC::DFG::ExitProfile::ExitProfile): 23545 (JSC::DFG::ExitProfile::~ExitProfile): 23546 (JSC::DFG::ExitProfile::add): 23547 (JSC::DFG::QueryableExitProfile::QueryableExitProfile): 23548 (JSC::DFG::QueryableExitProfile::~QueryableExitProfile): 23549 * bytecode/DFGExitProfile.h: Added. 23550 (JSC::DFG::exitKindToString): 23551 (JSC::DFG::exitKindIsCountable): 23552 (JSC::DFG::FrequentExitSite::FrequentExitSite): 23553 (JSC::DFG::FrequentExitSite::operator!): 23554 (JSC::DFG::FrequentExitSite::operator==): 23555 (JSC::DFG::FrequentExitSite::hash): 23556 (JSC::DFG::FrequentExitSite::bytecodeOffset): 23557 (JSC::DFG::FrequentExitSite::kind): 23558 (JSC::DFG::FrequentExitSite::isHashTableDeletedValue): 23559 (JSC::DFG::FrequentExitSiteHash::hash): 23560 (JSC::DFG::FrequentExitSiteHash::equal): 23561 (JSC::DFG::QueryableExitProfile::hasExitSite): 23562 * dfg/DFGAssemblyHelpers.h: 23563 (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock): 23564 (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor): 23565 * dfg/DFGByteCodeParser.cpp: 23566 (JSC::DFG::ByteCodeParser::makeSafe): 23567 (JSC::DFG::ByteCodeParser::makeDivSafe): 23568 (JSC::DFG::ByteCodeParser::handleCall): 23569 (JSC::DFG::ByteCodeParser::handleIntrinsic): 23570 (JSC::DFG::ByteCodeParser::parseBlock): 23571 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 23572 * dfg/DFGOSRExit.cpp: 23573 (JSC::DFG::OSRExit::OSRExit): 23574 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): 23575 * dfg/DFGOSRExit.h: 23576 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite): 23577 * dfg/DFGOSRExitCompiler.cpp: 23578 * dfg/DFGOSRExitCompiler32_64.cpp: 23579 (JSC::DFG::OSRExitCompiler::compileExit): 23580 * dfg/DFGOSRExitCompiler64.cpp: 23581 (JSC::DFG::OSRExitCompiler::compileExit): 23582 * dfg/DFGSpeculativeJIT.cpp: 23583 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 23584 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 23585 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): 23586 (JSC::DFG::SpeculativeJIT::compileGetByValOnString): 23587 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 23588 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): 23589 (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): 23590 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): 23591 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 23592 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): 23593 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): 23594 (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject): 23595 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 23596 (JSC::DFG::SpeculativeJIT::compileArithMul): 23597 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): 23598 * dfg/DFGSpeculativeJIT.h: 23599 (JSC::DFG::SpeculativeJIT::speculationCheck): 23600 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 23601 * dfg/DFGSpeculativeJIT32_64.cpp: 23602 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 23603 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 23604 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 23605 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 23606 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 23607 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 23608 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 23609 (JSC::DFG::SpeculativeJIT::compile): 23610 * dfg/DFGSpeculativeJIT64.cpp: 23611 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 23612 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 23613 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 23614 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 23615 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 23616 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 23617 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 23618 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 23619 (JSC::DFG::SpeculativeJIT::emitBranch): 23620 (JSC::DFG::SpeculativeJIT::compile): 23621 * runtime/Heuristics.cpp: 23622 (JSC::Heuristics::initializeHeuristics): 23623 * runtime/Heuristics.h: 23624 236252011-12-13 Michael Saboff <msaboff@apple.com> 23626 23627 Cleanup of StringImpl::equal in r102631 post commit 23628 https://bugs.webkit.org/show_bug.cgi?id=74421 23629 23630 Reviewed by Darin Adler. 23631 23632 * wtf/text/AtomicString.h: 23633 (WTF::operator==): Removed cast no longer needed. 23634 * wtf/text/StringImpl.h: 23635 (WTF::equal): Changed template to several overloaded methods. 23636 236372011-12-12 Michael Saboff <msaboff@apple.com> 23638 23639 Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h 23640 https://bugs.webkit.org/show_bug.cgi?id=73622 23641 23642 Reviewed by Oliver Hunt. 23643 23644 Moved equal(charType1 *, charType2, unsigned) template methods 23645 from static StringImpl.cpp to StringImpl.h and then replaced the 23646 processor specific character comparison code in StringHash::equal 23647 with calls to these methods. 23648 23649 This change is worth 3% on SunSpider string-unpack-code as reported 23650 by the SunSpider command line harness. No other tests appear to 23651 have measurable performance changes. 23652 23653 * wtf/text/AtomicString.h: 23654 (WTF::operator==): 23655 * wtf/text/StringHash.h: 23656 (WTF::StringHash::equal): 23657 * wtf/text/StringImpl.cpp: 23658 * wtf/text/StringImpl.h: 23659 (WTF::LChar): 23660 (WTF::UChar): 23661 (WTF::equal): 23662 236632011-12-12 Filip Pizlo <fpizlo@apple.com> 23664 23665 ARMv7 version of DFG soft modulo does register allocation inside of control flow 23666 https://bugs.webkit.org/show_bug.cgi?id=74354 23667 23668 Reviewed by Gavin Barraclough. 23669 23670 * dfg/DFGSpeculativeJIT.cpp: 23671 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 23672 236732011-12-12 Andy Wingo <wingo@igalia.com> 23674 23675 Simplify autotools configure.ac 23676 https://bugs.webkit.org/show_bug.cgi?id=74312 23677 23678 Reviewed by Martin Robinson. 23679 23680 * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags. 23681 236822011-12-12 Filip Pizlo <fpizlo@apple.com> 23683 23684 DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber 23685 https://bugs.webkit.org/show_bug.cgi?id=74329 23686 23687 Reviewed by Gavin Barraclough. 23688 23689 * dfg/DFGPropagator.cpp: 23690 (JSC::DFG::Propagator::getByValLoadElimination): 23691 236922011-12-09 Alexander Pavlov <apavlov@chromium.org> 23693 23694 WebKit does not enumerate over CSS properties in HTMLElement.style 23695 https://bugs.webkit.org/show_bug.cgi?id=23946 23696 23697 Reviewed by Darin Adler. 23698 23699 Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, 23700 introduce an std::sort() comparator function. 23701 23702 * JavaScriptCore.exp: 23703 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 23704 * wtf/text/WTFString.h: 23705 (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. 23706 237072011-12-12 Alexander Pavlov <apavlov@chromium.org> 23708 23709 Unreviewed, build fix. 23710 23711 Revert r102570 which broke SnowLeopard builders. 23712 23713 * JavaScriptCore.exp: 23714 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 23715 * wtf/text/WTFString.h: 23716 237172011-12-09 Alexander Pavlov <apavlov@chromium.org> 23718 23719 WebKit does not enumerate over CSS properties in HTMLElement.style 23720 https://bugs.webkit.org/show_bug.cgi?id=23946 23721 23722 Reviewed by Darin Adler. 23723 23724 Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, 23725 introduce an std::sort() comparator function. 23726 23727 * JavaScriptCore.exp: 23728 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 23729 * wtf/text/WTFString.h: 23730 (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. 23731 237322011-12-12 Carlos Garcia Campos <cgarcia@igalia.com> 23733 23734 Unreviewed. Fix make distcheck issues. 23735 23736 * GNUmakefile.list.am: 23737 237382011-12-11 Sam Weinig <sam@webkit.org> 23739 23740 Fix another signed vs. unsigned warning 23741 23742 * runtime/ArgList.h: 23743 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): 23744 237452011-12-11 Sam Weinig <sam@webkit.org> 23746 23747 Fix a signed vs. unsigned warning. 23748 23749 * runtime/ArgList.cpp: 23750 (JSC::MarkedArgumentBuffer::slowAppend): 23751 Cast inlineCapacity to an int to appease the warning. This is known OK 23752 since inlineCapacity is defined to be 8. 23753 237542011-12-11 Geoffrey Garen <ggaren@apple.com> 23755 23756 Rolled out *another* debugging change I committed accidentally. 23757 23758 Unreviewed. 23759 23760 * Configurations/Base.xcconfig: 23761 237622011-12-11 Geoffrey Garen <ggaren@apple.com> 23763 23764 Rolled out a debug counter I committed accidentally. 23765 23766 Unreviewed. 23767 23768 * jit/JITStubs.cpp: 23769 (JSC::arityCheckFor): 23770 237712011-12-10 Geoffrey Garen <ggaren@apple.com> 23772 23773 v8 benchmark takes 12-13 million function call slow paths due to extra arguments 23774 https://bugs.webkit.org/show_bug.cgi?id=74244 23775 23776 Reviewed by Filip Pizlo. 23777 23778 .arguments function of order the Reversed 23779 23780 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken 23781 and SunSpider. 23782 23783 * bytecode/CodeBlock.h: 23784 (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface 23785 to this function is an argument number. 23786 23787 * bytecompiler/BytecodeGenerator.cpp: 23788 (JSC::BytecodeGenerator::BytecodeGenerator): 23789 (JSC::BytecodeGenerator::emitCall): 23790 (JSC::BytecodeGenerator::emitConstruct): 23791 (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame 23792 helper functions for computing offsets for arguments, rather than doing 23793 the math by hand. 23794 23795 Switched to iterating argument offsets backwards (--) instead of forwards (++). 23796 23797 * bytecompiler/BytecodeGenerator.h: 23798 (JSC::CallArguments::thisRegister): 23799 (JSC::CallArguments::argumentRegister): 23800 (JSC::CallArguments::registerOffset): Updated for arguments being reversed. 23801 23802 * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order. 23803 23804 * dfg/DFGByteCodeParser.cpp: 23805 (JSC::DFG::ByteCodeParser::getArgument): 23806 (JSC::DFG::ByteCodeParser::setArgument): 23807 (JSC::DFG::ByteCodeParser::flush): 23808 (JSC::DFG::ByteCodeParser::addCall): 23809 (JSC::DFG::ByteCodeParser::handleCall): 23810 (JSC::DFG::ByteCodeParser::handleInlining): 23811 (JSC::DFG::ByteCodeParser::handleMinMax): 23812 (JSC::DFG::ByteCodeParser::handleIntrinsic): 23813 (JSC::DFG::ByteCodeParser::parseBlock): 23814 (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices 23815 that just-in-time convert to bytecode operands (i.e., indexes in the register 23816 file) through helper functions. This means only one piece of code needs 23817 to know how arguments are laid out in the register file. 23818 23819 * dfg/DFGGraph.cpp: 23820 (JSC::DFG::Graph::dump): Ditto. 23821 23822 * dfg/DFGGraph.h: 23823 (JSC::DFG::Graph::valueProfileFor): Ditto. 23824 23825 * dfg/DFGJITCompiler.cpp: 23826 (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch: 23827 Treat too many arguments as an arity match. 23828 23829 * dfg/DFGOSRExit.h: 23830 (JSC::DFG::OSRExit::variableForIndex): 23831 (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above. 23832 23833 * dfg/DFGOperands.h: 23834 (JSC::DFG::operandToArgument): 23835 (JSC::DFG::argumentToOperand): These are now the only two lines of code in 23836 the DFG compiler that know how arguments are laid out in memory. 23837 23838 (JSC::DFG::Operands::operand): 23839 (JSC::DFG::Operands::setOperand): Use helper functions, as above. 23840 23841 * dfg/DFGOperations.cpp: The whole point of this patch: 23842 Treat too many arguments as an arity match. 23843 23844 * dfg/DFGSpeculativeJIT32_64.cpp: 23845 (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. 23846 23847 Also, don't tag the caller frame slot as a cell, because it's not a cell. 23848 23849 * dfg/DFGSpeculativeJIT64.cpp: 23850 (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. 23851 23852 * dfg/DFGSpeculativeJIT.cpp: 23853 (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above. 23854 23855 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed 23856 argument virtual register instead of recomputing by hand. 23857 23858 * dfg/DFGSpeculativeJIT.h: 23859 (JSC::DFG::SpeculativeJIT::callFrameSlot): 23860 (JSC::DFG::SpeculativeJIT::argumentSlot): 23861 (JSC::DFG::SpeculativeJIT::callFrameTagSlot): 23862 (JSC::DFG::SpeculativeJIT::callFramePayloadSlot): 23863 (JSC::DFG::SpeculativeJIT::argumentTagSlot): 23864 (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper 23865 functions for dealing with callee arguments specifically. These still 23866 build on top of our other helper functions, and have no direct knowledge 23867 of how arguments are laid out in the register file. 23868 23869 (JSC::DFG::SpeculativeJIT::resetCallArguments): 23870 (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to 23871 argumentOffset to match CallFrame naming. 23872 23873 (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper 23874 functions, as above. 23875 23876 * interpreter/CallFrame.h: 23877 (JSC::ExecState::argumentOffset): 23878 (JSC::ExecState::argumentOffsetIncludingThis): 23879 (JSC::ExecState::argument): 23880 (JSC::ExecState::setArgument): 23881 (JSC::ExecState::thisArgumentOffset): 23882 (JSC::ExecState::thisValue): 23883 (JSC::ExecState::setThisValue): 23884 (JSC::ExecState::offsetFor): 23885 (JSC::ExecState::hostThisRegister): 23886 (JSC::ExecState::hostThisValue): Added a bunch of helper functions for 23887 computing where an argument is in the register file. Anything in the 23888 runtime that needs to access arguments should use these helpers. 23889 23890 * interpreter/CallFrameClosure.h: 23891 (JSC::CallFrameClosure::setThis): 23892 (JSC::CallFrameClosure::setArgument): 23893 (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now 23894 that too many arguments counts as an arity match and doesn't require 23895 preserving two copies of our arguments. 23896 23897 * interpreter/Interpreter.cpp: 23898 (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something 23899 special if the caller provided too few arguments. 23900 23901 Key simplification: We never need to maintain two copies of our arguments 23902 anymore. 23903 23904 (JSC::eval): 23905 (JSC::loadVarargs): Use helper functions. 23906 23907 (JSC::Interpreter::unwindCallFrame): Updated for new interface. 23908 23909 (JSC::Interpreter::execute): 23910 (JSC::Interpreter::executeCall): 23911 (JSC::Interpreter::executeConstruct): 23912 (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper 23913 functions. 23914 23915 (JSC::Interpreter::privateExecute): No need to check for stack overflow 23916 when calling host functions because they have zero callee registers. 23917 23918 (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments 23919 object, since there's no special constructor for this anymore. 23920 23921 * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some 23922 workers tests were hitting stack overflow in some of my testing. We should 23923 make this test more exact in future. 23924 23925 * interpreter/RegisterFile.h: Death to all runtime knowledge of argument 23926 location that does not belong to the CallFrame class! 23927 23928 * jit/JIT.cpp: 23929 (JSC::JIT::privateCompile): I am a broken record and I use helper functions. 23930 23931 Also, the whole point of this patch: Treat too many arguments as an arity match. 23932 23933 * jit/JITCall32_64.cpp: 23934 (JSC::JIT::compileLoadVarargs): 23935 * jit/JITCall.cpp: 23936 (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use 23937 helper functions, for backwards-correctness. Removed the condition 23938 pertaining to declared argument count because, now that arguments are 23939 always in just one place, this optimization is valid for all functions. 23940 Standardized the if predicate for each line of the optimization. This might 23941 fix a bug, but I couldn't get the bug to crash in practice. 23942 23943 * jit/JITOpcodes32_64.cpp: 23944 (JSC::JIT::emit_op_create_arguments): 23945 (JSC::JIT::emit_op_get_argument_by_val): 23946 (JSC::JIT::emitSlow_op_get_argument_by_val): 23947 * jit/JITOpcodes.cpp: 23948 (JSC::JIT::emit_op_create_arguments): 23949 (JSC::JIT::emit_op_get_argument_by_val): 23950 (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params 23951 optimization because it's no longer an optimization, now that arguments 23952 are always contiguous in a known location. 23953 23954 Updated argument access opcode math for backwards-correctness. 23955 23956 * jit/JITStubs.cpp: 23957 (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This 23958 function is slightly different because it copies the call frame in 23959 addition to the arguments. (In the Interpreter, the call frame is not 23960 set up by this point.) 23961 23962 (JSC::lazyLinkFor): The whole point of this patch: Treat too many 23963 arguments as an arity match. 23964 23965 (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff(). 23966 23967 * jit/JITStubs.h: 23968 * jit/SpecializedThunkJIT.h: 23969 (JSC::SpecializedThunkJIT::loadDoubleArgument): 23970 (JSC::SpecializedThunkJIT::loadCellArgument): 23971 (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They 23972 build strong bones and teeth! 23973 23974 * runtime/ArgList.cpp: 23975 (JSC::ArgList::getSlice): 23976 (JSC::MarkedArgumentBuffer::slowAppend): 23977 * runtime/ArgList.h: 23978 (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer): 23979 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): 23980 (JSC::MarkedArgumentBuffer::at): 23981 (JSC::MarkedArgumentBuffer::clear): 23982 (JSC::MarkedArgumentBuffer::append): 23983 (JSC::MarkedArgumentBuffer::removeLast): 23984 (JSC::MarkedArgumentBuffer::last): 23985 (JSC::ArgList::ArgList): 23986 (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't 23987 play nice with backwards-ness, so I changed to using manual allocation. 23988 23989 Fixed a FIXME about not all values being marked in the case of out-of-line 23990 arguments. I had to rewrite the loop anyway, and I didn't feel like 23991 maintaining fidelity to its old bugs. 23992 23993 * runtime/Arguments.cpp: 23994 (JSC::Arguments::visitChildren): 23995 (JSC::Arguments::copyToArguments): 23996 (JSC::Arguments::fillArgList): 23997 (JSC::Arguments::getOwnPropertySlotByIndex): 23998 (JSC::Arguments::getOwnPropertySlot): 23999 (JSC::Arguments::getOwnPropertyDescriptor): 24000 (JSC::Arguments::putByIndex): 24001 (JSC::Arguments::put): 24002 (JSC::Arguments::tearOff): 24003 * runtime/Arguments.h: 24004 (JSC::Arguments::create): 24005 (JSC::Arguments::Arguments): 24006 (JSC::Arguments::argument): 24007 (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted 24008 lots of tricky code designed to maintain two different copies of function 24009 arguments. Now that arguments are always contiguous in one place in memory, 24010 this complexity can go away. 24011 24012 Reduced down to one create function for the Arguments class, from three. 24013 24014 Moved tearOff() into an out-of-line function because it's huge. 24015 24016 Moved logic about whether to tear off eagerly into the Arguments class, 24017 so we didn't have to duplicate it elsewhere. 24018 24019 * runtime/JSActivation.cpp: 24020 (JSC::JSActivation::JSActivation): 24021 (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to 24022 m_numCapturedArgs because if the value really were m_numParametersMinusThis 24023 we would be marking too much. (We shouldn't mark 'this' because it can't 24024 be captured.) Also, use helper functions. 24025 24026 * runtime/JSActivation.h: 24027 (JSC::JSActivation::tearOff): Use helper functions. 24028 24029 * runtime/JSArray.cpp: 24030 (JSC::JSArray::copyToArguments): 24031 * runtime/JSArray.h: Use helper functions, as above. 24032 240332011-12-10 Mark Hahnenberg <mhahnenberg@apple.com> 24034 24035 JSC testapi is crashing on Windows 24036 https://bugs.webkit.org/show_bug.cgi?id=74233 24037 24038 Reviewed by Sam Weinig. 24039 24040 Same error we've encountered before where we are calling the wrong version of 24041 visitChildren and objects that are still reachable aren't getting marked. 24042 This problem will go away soon with the removal of vptrs for these sorts of 24043 optimizations in favor of using the ClassInfo, but for now we can simply give 24044 JSFinalObject a bogus virtual method that Visual Studio can't optimize away to 24045 ensure that JSFinalObject will always have a unique vptr. We don't have to worry 24046 about JSString or JSArray right now, which are the other two special cases for 24047 visitChildren, since they already have their own virtual functions. 24048 24049 * JavaScriptCore.exp: 24050 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 24051 * runtime/JSObject.cpp: 24052 (JSC::JSFinalObject::vtableAnchor): 24053 * runtime/JSObject.h: 24054 240552011-12-10 Alexis Menard <alexis.menard@openbossa.org> 24056 24057 Unused variable in YarrJIT.cpp. 24058 https://bugs.webkit.org/show_bug.cgi?id=74237 24059 24060 Reviewed by Andreas Kling. 24061 24062 Variable is set but not used so we can remove it. 24063 24064 * yarr/YarrJIT.cpp: 24065 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 24066 240672011-12-09 Filip Pizlo <fpizlo@apple.com> 24068 24069 DFG ArithMul power-of-two case does not check for overflow 24070 https://bugs.webkit.org/show_bug.cgi?id=74230 24071 24072 Reviewed by Gavin Barraclough. 24073 24074 Disabled power-of-2 peephole optimization for multiplication, because it was wrong, 24075 and any attempt to fix it would likely introduce code bloat and register pressure. 24076 24077 * dfg/DFGSpeculativeJIT.cpp: 24078 (JSC::DFG::SpeculativeJIT::compileArithMul): 24079 240802011-12-09 David Levin <levin@chromium.org> 24081 24082 REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock 24083 https://bugs.webkit.org/show_bug.cgi?id=73886 24084 24085 Reviewed by Darin Adler. 24086 24087 * runtime/SymbolTable.h: 24088 (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for 24089 another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads. 24090 Bug 58091 is about changing these deprecated calls to something else but that something 24091 else will still need to be in all of these places. 24092 240932011-12-09 Konrad Piascik <kpiascik@rim.com> 24094 24095 Remove unnecessary file DissasemblerARM.cpp from build system 24096 https://bugs.webkit.org/show_bug.cgi?id=74184 24097 24098 Reviewed by Daniel Bates. 24099 24100 * PlatformBlackBerry.cmake: 24101 241022011-12-09 Filip Pizlo <fpizlo@apple.com> 24103 24104 DFG's interpretation of rare case profiles should be frequency-based not count-based 24105 https://bugs.webkit.org/show_bug.cgi?id=74170 24106 24107 Reviewed by Geoff Garen. 24108 24109 DFG optimizes for rare cases only when the rare case counter is above some threshold 24110 and it also constitutes a large enough fraction of total function executions. Also 24111 added some minor debug logic. 24112 24113 * bytecode/CodeBlock.cpp: 24114 (JSC::CodeBlock::CodeBlock): 24115 * bytecode/CodeBlock.h: 24116 (JSC::CodeBlock::likelyToTakeSlowCase): 24117 (JSC::CodeBlock::couldTakeSlowCase): 24118 (JSC::CodeBlock::likelyToTakeSpecialFastCase): 24119 (JSC::CodeBlock::likelyToTakeDeepestSlowCase): 24120 (JSC::CodeBlock::likelyToTakeAnySlowCase): 24121 (JSC::CodeBlock::executionEntryCount): 24122 * dfg/DFGByteCodeParser.cpp: 24123 (JSC::DFG::ByteCodeParser::makeSafe): 24124 (JSC::DFG::ByteCodeParser::makeDivSafe): 24125 (JSC::DFG::ByteCodeParser::handleCall): 24126 (JSC::DFG::ByteCodeParser::parseBlock): 24127 * dfg/DFGDriver.cpp: 24128 (JSC::DFG::compile): 24129 * jit/JIT.cpp: 24130 (JSC::JIT::privateCompile): 24131 * runtime/Heuristics.cpp: 24132 (JSC::Heuristics::initializeHeuristics): 24133 * runtime/Heuristics.h: 24134 241352011-12-09 Oliver Hunt <oliver@apple.com> 24136 24137 PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage 24138 https://bugs.webkit.org/show_bug.cgi?id=74223 24139 24140 Reviewed by Geoffrey Garen. 24141 24142 Don't clobber GetIndexedPropertyStorage when we see PutByValAlias 24143 24144 * dfg/DFGPropagator.cpp: 24145 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): 24146 241472011-12-09 David Levin <levin@chromium.org> 24148 24149 Hash* iterators should allow comparison between const and const versions. 24150 https://bugs.webkit.org/show_bug.cgi?id=73370 24151 24152 Reviewed by Darin Adler. 24153 24154 * wtf/HashTable.h: Add the operators needed to do this. 24155 (WTF::HashTableConstIterator::operator==): 24156 (WTF::HashTableConstIterator::operator!=): 24157 (WTF::HashTableIterator::operator==): 24158 (WTF::HashTableIterator::operator!=): 24159 (WTF::operator==): 24160 (WTF::operator!=): 24161 241622011-12-09 Michael Saboff <msaboff@apple.com> 24163 24164 YARR: Multi-character read optimization for 8bit strings 24165 https://bugs.webkit.org/show_bug.cgi?id=74191 24166 24167 Reviewed by Oliver Hunt. 24168 24169 Changed generatePatternCharacterOnce to generate 24170 code for 1 to 4 characters in the 8 bit case. 24171 This is worth 29% improvement on SunSpider regexp-dna test. 24172 It provides no benefit to v8-regexp. 24173 24174 * yarr/YarrJIT.cpp: 24175 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 24176 (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment. 24177 241782011-12-09 David Levin <levin@chromium.org> 24179 24180 Regression(r53595): Sync xhr requests in workers aren't terminated on worker close. 24181 https://bugs.webkit.org/show_bug.cgi?id=71695 24182 24183 Reviewed by Zoltan Herczeg. 24184 24185 * wtf/MessageQueue.h: 24186 (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages 24187 even after the queue has been killed. This is useful when one wants to 24188 kill a queue but then go through it to run clean up tasks from it. 24189 241902011-12-09 Adrienne Walker <enne@google.com> 24191 24192 Fix HashMap<..., OwnPtr<...> >::add compilation errors 24193 https://bugs.webkit.org/show_bug.cgi?id=74159 24194 24195 Reviewed by Darin Adler. 24196 24197 Add a constructor to OwnPtr that takes the empty value (nullptr_t) 24198 from HashTraits so that this function can compile. 24199 24200 * wtf/OwnPtr.h: 24201 (WTF::OwnPtr::OwnPtr): 24202 242032011-12-09 Oliver Hunt <oliver@apple.com> 24204 24205 Avoid reloading storage pointer for indexed properties unnecessarily 24206 https://bugs.webkit.org/show_bug.cgi?id=74136 24207 24208 Reviewed by Filip Pizlo. 24209 24210 Add a node to represent loading property storage for indexed properties. 24211 This allows us to reduce code generated for sequential access of arrays, 24212 strings, etc. This results in up to 5% improvement in code that is 24213 very heavy on indexed reads, such as matrix operations in typed arrays 24214 and 20% faster on microbenchmarks. 24215 24216 Currently this is only supported by GetByVal and other similar indexed reads. 24217 24218 * bytecode/PredictedType.h: 24219 (JSC::isFixedIndexedStorageObjectPrediction): 24220 * dfg/DFGAbstractState.cpp: 24221 (JSC::DFG::AbstractState::execute): 24222 * dfg/DFGByteCodeParser.cpp: 24223 (JSC::DFG::ByteCodeParser::handleIntrinsic): 24224 (JSC::DFG::ByteCodeParser::parseBlock): 24225 * dfg/DFGNode.h: 24226 * dfg/DFGPropagator.cpp: 24227 (JSC::DFG::Propagator::propagateNodePredictions): 24228 (JSC::DFG::Propagator::fixupNode): 24229 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): 24230 (JSC::DFG::Propagator::performNodeCSE): 24231 * dfg/DFGSpeculativeJIT.cpp: 24232 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): 24233 (JSC::DFG::SpeculativeJIT::compileGetByValOnString): 24234 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): 24235 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): 24236 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): 24237 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): 24238 * dfg/DFGSpeculativeJIT.h: 24239 * dfg/DFGSpeculativeJIT32_64.cpp: 24240 (JSC::DFG::SpeculativeJIT::compile): 24241 * dfg/DFGSpeculativeJIT64.cpp: 24242 (JSC::DFG::SpeculativeJIT::compile): 24243 242442011-12-08 Fady Samuel <fsamuel@chromium.org> 24245 24246 [Chromium] Enable viewport metatag 24247 https://bugs.webkit.org/show_bug.cgi?id=73495 24248 24249 Reviewed by Darin Fisher. 24250 24251 * wtf/Platform.h: Added ENABLE(VIEWPORT) tag. 24252 242532011-12-08 Adam Klein <adamk@chromium.org> 24254 24255 Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope 24256 https://bugs.webkit.org/show_bug.cgi?id=73964 24257 24258 Reviewed by Darin Adler. 24259 24260 * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs. 24261 242622011-12-08 Thouraya ANDOLSI <thouraya.andolsi@st.com> 24263 24264 https://bugs.webkit.org/show_bug.cgi?id=74005 24265 fix unaligned access memory in generatePatternCharacterOnce function 24266 for SH4 platforms. 24267 24268 Reviewed by Gavin Barraclough. 24269 24270 * assembler/MacroAssemblerARM.h: 24271 (JSC::MacroAssemblerARM::load16Unaligned): 24272 * assembler/MacroAssemblerARMv7.h: 24273 (JSC::MacroAssemblerARMv7::load16Unaligned): 24274 * assembler/MacroAssemblerMIPS.h: 24275 (JSC::MacroAssemblerMIPS::load16Unaligned): 24276 * assembler/MacroAssemblerSH4.h: 24277 (JSC::MacroAssemblerSH4::lshift32): 24278 (JSC::MacroAssemblerSH4::load8): 24279 (JSC::MacroAssemblerSH4::load16): 24280 (JSC::MacroAssemblerSH4::load16Unaligned): 24281 (JSC::MacroAssemblerSH4::branch8): 24282 * assembler/MacroAssemblerX86Common.h: 24283 (JSC::MacroAssemblerX86Common::load16Unaligned): 24284 * jit/JIT.h: 24285 * yarr/YarrJIT.cpp: 24286 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 24287 242882011-12-08 Michael Saboff <msaboff@apple.com> 24289 24290 Add 8 bit paths for StringTypeAdapter classes 24291 https://bugs.webkit.org/show_bug.cgi?id=73882 24292 24293 Reviewed by Darin Adler. 24294 24295 Added is8Bit() method and writeTo(LChar*) methods 24296 to StringTypeAdapter<> classes. The writeTo(LChar*) 24297 method can be used if is8Bit() returns true. The 24298 non-native 8 bit classes contain ASSERT(is8Bit()) 24299 in their writeTo(LChar*). 24300 24301 Updated all of the various versions of tryMakeString() to 24302 use 8 bit processing in the updated StringTypeAdapter<> 24303 classes. 24304 24305 This has slight if any performance improvement on kraken. 24306 24307 * runtime/UStringConcatenate.h: 24308 * wtf/text/StringConcatenate.h: 24309 (WTF::tryMakeString): 24310 * wtf/text/StringOperators.h: 24311 (WTF::StringAppend::is8Bit): 24312 (WTF::StringAppend::writeTo): 24313 243142011-12-07 Filip Pizlo <fpizlo@apple.com> 24315 24316 DFG CSE should know that CheckFunction is pure 24317 https://bugs.webkit.org/show_bug.cgi?id=74044 24318 24319 Reviewed by Oliver Hunt. 24320 24321 Possible slight win on V8, no regressions. 24322 24323 * dfg/DFGPropagator.cpp: 24324 (JSC::DFG::Propagator::checkFunctionElimination): 24325 243262011-12-07 Michael Saboff <msaboff@apple.com> 24327 24328 StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing. 24329 https://bugs.webkit.org/show_bug.cgi?id=73995 24330 24331 Reviewed by Geoffrey Garen. 24332 24333 Problem was that a call to characters on an StringImpl associated 24334 with a StringBuilder that is being appended to gets stale. 24335 Added a new m_valid16BitShadowlen that keeps the length of 24336 the 16 bit shadow that has been upconverted or will be up converted 24337 with the first getCharacters(). When StringBuilder::characters or 24338 ::reifyString is called, further characters are upconverted if 24339 we have a shadow16bit copy and the m_valid16BitShadowlen is updated. 24340 24341 * JavaScriptCore.exp: 24342 * wtf/text/StringBuilder.cpp: 24343 (WTF::StringBuilder::reifyString): 24344 * wtf/text/StringBuilder.h: 24345 (WTF::StringBuilder::StringBuilder): 24346 (WTF::StringBuilder::characters): 24347 (WTF::StringBuilder::clear): Cleaned up as part of the change. 24348 * wtf/text/StringImpl.cpp: 24349 (WTF::StringImpl::getData16SlowCase): 24350 (WTF::StringImpl::upconvertCharacters): 24351 * wtf/text/StringImpl.h: 24352 243532011-12-07 Filip Pizlo <fpizlo@apple.com> 24354 24355 Compare and Swap should be enabled on ARMv7 24356 https://bugs.webkit.org/show_bug.cgi?id=74023 24357 24358 Reviewed by Geoff Garen. 24359 24360 Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC. 24361 It gives the expected speed-up on multi-core ARMv7 devices. 24362 24363 * wtf/Atomics.h: 24364 (WTF::weakCompareAndSwap): 24365 * wtf/Platform.h: 24366 243672011-12-07 Filip Pizlo <fpizlo@apple.com> 24368 24369 DFG CSE is overzealous with GetByVal 24370 https://bugs.webkit.org/show_bug.cgi?id=74042 24371 24372 Reviewed by Oliver Hunt. 24373 24374 Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal 24375 is tested in all places that matter. 24376 24377 * dfg/DFGPropagator.cpp: 24378 (JSC::DFG::Propagator::byValIsPure): 24379 (JSC::DFG::Propagator::clobbersWorld): 24380 (JSC::DFG::Propagator::getByValLoadElimination): 24381 (JSC::DFG::Propagator::checkStructureLoadElimination): 24382 (JSC::DFG::Propagator::getByOffsetLoadElimination): 24383 (JSC::DFG::Propagator::getPropertyStorageLoadElimination): 24384 (JSC::DFG::Propagator::performNodeCSE): 24385 243862011-12-07 Sheriff Bot <webkit.review.bot@gmail.com> 24387 24388 Unreviewed, rolling out r102267. 24389 http://trac.webkit.org/changeset/102267 24390 https://bugs.webkit.org/show_bug.cgi?id=74032 24391 24392 Breaks build on Chromium Mac Debug (Requested by aklein on 24393 #webkit). 24394 24395 * wtf/HashTraits.h: 24396 243972011-12-07 Adam Klein <adamk@chromium.org> 24398 24399 Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope 24400 https://bugs.webkit.org/show_bug.cgi?id=73964 24401 24402 Reviewed by Ryosuke Niwa. 24403 24404 * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null. 24405 244062011-12-07 Filip Pizlo <fpizlo@apple.com> 24407 24408 Non-Mac devices should benefit from a larger heap 24409 https://bugs.webkit.org/show_bug.cgi?id=74015 24410 24411 Reviewed by Geoff Garen. 24412 24413 Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in 24414 Heap.cpp, and got in the way of having more granular, per-platform control over 24415 what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB). 24416 24417 * heap/Heap.cpp: 24418 (JSC::GCTimer::heapSizeForHint): 24419 * wtf/Platform.h: 24420 244212011-11-30 Simon Hausmann <simon.hausmann@nokia.com> 24422 24423 [Qt] V8 build fixes. 24424 24425 Reviewed by Tor Arne Vestbø. 24426 24427 * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in 24428 VPATH. Prefix SOURCES correctly and make sure that runtime/ is 24429 in the include search path when building with v8. 24430 244312011-12-06 Filip Pizlo <fpizlo@apple.com> 24432 24433 Zapping a block that is Marked leads to dead objects being mistaken for live ones 24434 https://bugs.webkit.org/show_bug.cgi?id=73982 24435 24436 Reviewed by Geoff Garen. 24437 24438 Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally, 24439 the code asserts that: 24440 24441 - If we zap a Marked or Zapped block then the free list is empty, because this 24442 can only happen if the block was never free-listed. 24443 24444 - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated 24445 blocks are those that cannot be referred to by SizeClass::currentBlock (since 24446 SizeClass::currentBlock only refers to blocks that are candidates for allocation, 24447 and Allocated blocks are those who have been exhausted by allocation and will not 24448 be allocated from again), and New blocks cannot be referred to by anything except 24449 during a brief window inside the allocation slow-path. 24450 24451 * heap/MarkedBlock.cpp: 24452 (JSC::MarkedBlock::zapFreeList): 24453 244542011-12-06 Filip Pizlo <fpizlo@apple.com> 24455 24456 DFG 32_64 call linking does not handle non-cell callees correctly 24457 https://bugs.webkit.org/show_bug.cgi?id=73965 24458 24459 Reviewed by Sam Weinig. 24460 24461 * dfg/DFGSpeculativeJIT32_64.cpp: 24462 (JSC::DFG::SpeculativeJIT::emitCall): 24463 244642011-12-06 Sam Weinig <sam@webkit.org> 24465 24466 Remove unintentional type name shadowing in the Interpreter 24467 https://bugs.webkit.org/show_bug.cgi?id=73963 24468 24469 Reviewed by Oliver Hunt. 24470 24471 * interpreter/Interpreter.cpp: 24472 (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable, 24473 which shadows the FunctionExecutable type name, with functionExecutable. 24474 244752011-12-06 Michael Saboff <msaboff@apple.com> 24476 24477 r102146 from 73875 broke fast/js/encode-URI-test.html 24478 https://bugs.webkit.org/show_bug.cgi?id=73950 24479 24480 Reviewed by Gavin Barraclough. 24481 24482 * runtime/JSGlobalObjectFunctions.cpp: 24483 (JSC::globalFuncUnescape): Restructured to handle 24484 the %uHHHH case to output the resulting character 24485 and continue so that a failure in finding 4 hex 24486 digits will fall through and output the '%'. 24487 Due to style check, changed the temporary 24488 character variable to a more descriptive name. 24489 244902011-12-06 Filip Pizlo <fpizlo@apple.com> 24491 24492 GC zapping logic could benefit from some more assertions 24493 https://bugs.webkit.org/show_bug.cgi?id=73947 24494 24495 Reviewed by Gavin Barraclough. 24496 24497 - If you're in a zapped block and you're zapped, then your mark bit should 24498 never be set. 24499 24500 - If you're being marked, then you should never be zapped. 24501 24502 * heap/MarkedBlock.h: 24503 (JSC::MarkedBlock::isLive): 24504 * runtime/Structure.h: 24505 (JSC::MarkStack::internalAppend): 24506 245072011-12-06 Oliver Hunt <oliver@apple.com> 24508 24509 Don't allocate register in typedarray control flow 24510 https://bugs.webkit.org/show_bug.cgi?id=73944 24511 24512 Reviewed by Gavin Barraclough. 24513 24514 Move a temporary allocation outside of control flow. 24515 24516 * dfg/DFGSpeculativeJIT.cpp: 24517 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): 24518 245192011-12-06 Gavin Barraclough <barraclough@apple.com> 24520 24521 https://bugs.webkit.org/show_bug.cgi?id=68328 24522 The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant 24523 24524 Reviewed by Geoff Garen. 24525 24526 Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions 24527 that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the 24528 hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select 24529 a thunk genertaor to use based on the Intrinsic. 24530 24531 * JavaScriptCore.xcodeproj/project.pbxproj: 24532 * create_hash_table: 24533 * dfg/DFGByteCodeParser.cpp: 24534 (JSC::DFG::ByteCodeParser::handleCall): 24535 (JSC::DFG::ByteCodeParser::handleIntrinsic): 24536 * dfg/DFGCapabilities.h: 24537 * dfg/DFGIntrinsic.h: Removed. 24538 * jit/JITStubs.cpp: 24539 (JSC::JITThunks::hostFunctionStub): 24540 * jit/JITStubs.h: 24541 * runtime/Executable.cpp: 24542 (JSC::ExecutableBase::intrinsic): 24543 (JSC::NativeExecutable::intrinsic): 24544 * runtime/Executable.h: 24545 (JSC::ExecutableBase::intrinsicFor): 24546 (JSC::NativeExecutable::create): 24547 (JSC::NativeExecutable::finishCreation): 24548 * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h. 24549 * runtime/JSGlobalData.cpp: 24550 (JSC::thunkGeneratorForIntrinsic): 24551 (JSC::JSGlobalData::getHostFunction): 24552 * runtime/JSGlobalData.h: 24553 * runtime/Lookup.cpp: 24554 (JSC::HashTable::createTable): 24555 (JSC::setUpStaticFunctionSlot): 24556 * runtime/Lookup.h: 24557 (JSC::HashEntry::initialize): 24558 (JSC::HashEntry::intrinsic): 24559 245602011-12-06 Michael Saboff <msaboff@apple.com> 24561 24562 Add 8 bit paths to global object functions 24563 https://bugs.webkit.org/show_bug.cgi?id=73875 24564 24565 Added 8 bit paths for converions methods. 24566 24567 This is worth 1.5% on kraken audio-oscillator, 24568 1.6% on stanford-crypto-ccm and 2.5% on 24569 stanford-crypto-sha256-iterative. See bug for 24570 a full report. 24571 24572 Reviewed by Oliver Hunt. 24573 24574 * runtime/JSGlobalObjectFunctions.cpp: 24575 (JSC::decode): Split into a templated helper. 24576 (JSC::parseInt): Split into a templated helper. 24577 (JSC::parseFloat): Added an 8 bit path 24578 (JSC::globalFuncEscape): Added 8 bit path 24579 (JSC::globalFuncUnescape): Added 8 bit path 24580 * runtime/JSStringBuilder.h: 24581 (JSC::JSStringBuilder::append): New append for LChar 24582 * wtf/text/StringBuilder.h: 24583 (WTF::StringBuilder::append): New append for LChar 24584 245852011-11-21 Balazs Kelemen <kbalazs@webkit.org> 24586 24587 Enable ParallelJobs by default 24588 https://bugs.webkit.org/show_bug.cgi?id=70032 24589 24590 Reviewed by Zoltan Herczeg. 24591 24592 According to measurements on Mac and Linux it is a 24593 considerable speedup for SVG on multicore. 24594 24595 Remove the ENABLE(PARALLEL_JOBS) guard. 24596 Fix build on Windows and Chromium. 24597 24598 * JavaScriptCore.gypi: Add the files to the build. It was 24599 missing for the gyp build system. 24600 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 24601 Export symbols. 24602 * wtf/ParallelJobs.h: 24603 * wtf/ParallelJobsGeneric.cpp: 24604 (WTF::ParallelEnvironment::ParallelEnvironment): 24605 (WTF::ParallelEnvironment::execute): 24606 Deinline these to avoid exporting a lot of symbols. 24607 These are non-trivial and called only once on a given object 24608 so it doesn't seems to be worthwile to inline them. 24609 Additionally fix a signed-unsigned comparison in the constructor. 24610 * wtf/ParallelJobsGeneric.h: 24611 * wtf/Platform.h: 24612 246132011-12-06 Simon Hausmann <simon.hausmann@nokia.com> 24614 24615 [Qt] build-jsc script doesn't work 24616 https://bugs.webkit.org/show_bug.cgi?id=73910 24617 24618 Reviewed by Tor Arne Vestbø. 24619 24620 * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC 24621 (moved from top-level WebKit.pro). Also add v8 scopes to only build 24622 WTF during v8 builds. 24623 246242011-12-05 Anders Carlsson <andersca@apple.com> 24625 24626 Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11. 24627 24628 Reviewed by Darin Adler. 24629 24630 * wtf/HashMap.h: 24631 246322011-12-05 Michael Saboff <msaboff@apple.com> 24633 24634 Create StringImpl::empty() as an 8 bit string 24635 https://bugs.webkit.org/show_bug.cgi?id=73871 24636 24637 Reviewed by Oliver Hunt. 24638 24639 * wtf/text/StringStatics.cpp: 24640 (WTF::StringImpl::empty): Changed to be an 8 bit string. 24641 246422011-12-05 Darin Adler <darin@apple.com> 24643 24644 Convert JSClassRef to use HashMap<OwnPtr> 24645 https://bugs.webkit.org/show_bug.cgi?id=73780 24646 24647 Reviewed by Andreas Kling. 24648 24649 * API/JSCallbackObjectFunctions.h: 24650 (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map 24651 entries because the hash map now has an OwnPtr instead of a raw pointer. 24652 24653 * API/JSClassRef.cpp: 24654 (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and 24655 m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating. 24656 Removed the code that gets and deletes existing entries, and just use set, 24657 which now handles deletion automatically due to it being OwnPtr. 24658 (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion 24659 with assertion-only NDEBUG-only code. 24660 (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when 24661 allocating. Use OwnPtr when adding. Removed unneeded code to set 24662 staticValues and staticFunctions to 0. Removed unneeded destructor. 24663 (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local. 24664 (OpaqueJSClass::staticFunctions): Ditto. 24665 (OpaqueJSClass::prototype): Added use of adoptPtr. 24666 24667 * API/JSClassRef.h: Made the static values and static functions tables 24668 use OwnPtr for the entries. Also used OwnPtr for the pointers to the 24669 tables themselves. Also removed ~OpaqueJSClassContextData(), letting 24670 the compiler generate it. 24671 246722011-12-05 Oliver Hunt <oliver@apple.com> 24673 24674 Land uncommitted bit of float array support 24675 https://bugs.webkit.org/show_bug.cgi?id=73873 24676 24677 Reviewed by Filip Pizlo. 24678 24679 * dfg/DFGSpeculativeJIT.cpp: 24680 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): 24681 246822011-12-05 Benjamin Poulain <benjamin@webkit.org> 24683 24684 Update String::containsOnlyASCII() to handle 8 bits strings 24685 https://bugs.webkit.org/show_bug.cgi?id=73799 24686 24687 Reviewed by Darin Adler. 24688 24689 Implement String::containsOnlyASCII() so that it does not 24690 call String::characters(). 24691 24692 * wtf/text/WTFString.h: 24693 (WTF::String::containsOnlyASCII): 24694 246952011-12-05 Filip Pizlo <fpizlo@apple.com> 24696 24697 Unreviewed build fix for non-DFG platforms. 24698 24699 * dfg/DFGRepatch.h: 24700 247012011-12-05 Filip Pizlo <fpizlo@apple.com> 24702 24703 Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they 24704 were compact offsets 24705 https://bugs.webkit.org/show_bug.cgi?id=73861 24706 24707 Reviewed by Gavin Barraclough. 24708 24709 * jit/JITPropertyAccess32_64.cpp: 24710 (JSC::JIT::resetPatchPutById): 24711 247122011-12-05 Filip Pizlo <fpizlo@apple.com> 24713 24714 Unreviewed, build fixes for ARM. 24715 24716 * assembler/AbstractMacroAssembler.h: 24717 (JSC::AbstractMacroAssembler::unreachableForPlatform): 24718 * assembler/MacroAssemblerARMv7.h: 24719 (JSC::MacroAssemblerARMv7::loadDouble): 24720 (JSC::MacroAssemblerARMv7::loadFloat): 24721 (JSC::MacroAssemblerARMv7::storeFloat): 24722 (JSC::MacroAssemblerARMv7::convertFloatToDouble): 24723 (JSC::MacroAssemblerARMv7::convertDoubleToFloat): 24724 247252011-12-05 Benjamin Poulain <benjamin@webkit.org> 24726 24727 Update String::containsOnlyLatin1() to avoid converting to 16 bits 24728 https://bugs.webkit.org/show_bug.cgi?id=73797 24729 24730 Reviewed by Andreas Kling. 24731 24732 When the String use 8bits StringImpl, there is no need to iterate 24733 over the string. 24734 24735 The function charactersAreAllLatin1() is removed because it is not 24736 used anywhere. 24737 24738 * wtf/text/WTFString.h: 24739 (WTF::String::containsOnlyLatin1): 24740 247412011-12-05 Michael Saboff <msaboff@apple.com> 24742 24743 8 bit string work slows down Kraken json-stringify-tinderbox 24744 https://bugs.webkit.org/show_bug.cgi?id=73457 24745 24746 Added 8 bit path to StringBuilder. StringBuilder starts 24747 assuming 8 bit contents and gets converted to 16 bit upon 24748 seeing the first 16 bit character or string. Split 24749 appendUninitialiezed into an inlined fast and function call 24750 slow case. 24751 24752 Factored out the processing of the UString argument from 24753 Stringifier::appendQuotedString() to a static templated function 24754 based on character size. 24755 24756 This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox. 24757 This change introduces a 4.8% slowdown to json-parse-financial. 24758 This slowdown will be addressed in a subsequent patch to StringImpl::equal. 24759 24760 Reviewed by Oliver Hunt. 24761 24762 * runtime/JSONObject.cpp: 24763 (JSC::appendStringToUStringBuilder): 24764 (JSC::Stringifier::appendQuotedString): 24765 * wtf/text/StringBuilder.cpp: 24766 (WTF::StringBuilder::resize): 24767 (WTF::StringBuilder::allocateBuffer): 24768 (WTF::StringBuilder::allocateBufferUpConvert): 24769 (WTF::LChar): 24770 (WTF::UChar): 24771 (WTF::StringBuilder::reserveCapacity): 24772 (WTF::StringBuilder::appendUninitialized): 24773 (WTF::StringBuilder::appendUninitializedSlow): 24774 (WTF::StringBuilder::append): 24775 (WTF::StringBuilder::shrinkToFit): 24776 * wtf/text/StringBuilder.h: 24777 (WTF::StringBuilder::StringBuilder): 24778 (WTF::StringBuilder::append): 24779 (WTF::StringBuilder::operator[]): 24780 (WTF::StringBuilder::characters8): 24781 (WTF::StringBuilder::characters16): 24782 (WTF::StringBuilder::charactersBlah): 24783 (WTF::LChar): 24784 (WTF::UChar): 24785 247862011-12-01 Gavin Barraclough <barraclough@apple.com> 24787 24788 https://bugs.webkit.org/show_bug.cgi?id=73624 24789 JIT + INTERPRETER builds are broken 24790 24791 Reviewed by Geoff Garen, Sam Weinig. 24792 24793 These don't fallback to the interpreter correctly. 24794 Thunk creation assumes that is the JIT is compiled in, then it is enabled. 24795 24796 * jit/JITStubs.cpp: 24797 (JSC::JITThunks::JITThunks): 24798 * runtime/Executable.h: 24799 (JSC::NativeExecutable::create): 24800 (JSC::NativeExecutable::finishCreation): 24801 * runtime/JSGlobalData.cpp: 24802 (JSC::JSGlobalData::getHostFunction): 24803 248042011-12-05 Zoltan Herczeg <zherczeg@webkit.org> 24805 24806 MacroAssemblerSH4 does not implement readCallTarget 24807 https://bugs.webkit.org/show_bug.cgi?id=73434 24808 24809 Reviewed by Csaba Osztrogonác. 24810 24811 * assembler/MacroAssemblerSH4.h: Support for SH4. 24812 (JSC::MacroAssemblerSH4::readCallTarget): 24813 * assembler/SH4Assembler.h: 24814 (JSC::SH4Assembler::readCallTarget): 24815 248162011-12-04 Filip Pizlo <fpizlo@apple.com> 24817 24818 DFG should optimize strict equality 24819 https://bugs.webkit.org/show_bug.cgi?id=73764 24820 24821 Reviewed by Oliver Hunt. 24822 24823 1% speed-up on V8. 24824 24825 * dfg/DFGSpeculativeJIT.cpp: 24826 (JSC::DFG::SpeculativeJIT::compare): 24827 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): 24828 (JSC::DFG::SpeculativeJIT::compileStrictEq): 24829 * dfg/DFGSpeculativeJIT.h: 24830 * dfg/DFGSpeculativeJIT32_64.cpp: 24831 (JSC::DFG::SpeculativeJIT::compileIntegerCompare): 24832 (JSC::DFG::SpeculativeJIT::compileDoubleCompare): 24833 (JSC::DFG::SpeculativeJIT::compile): 24834 * dfg/DFGSpeculativeJIT64.cpp: 24835 (JSC::DFG::SpeculativeJIT::compileIntegerCompare): 24836 (JSC::DFG::SpeculativeJIT::compileDoubleCompare): 24837 (JSC::DFG::SpeculativeJIT::compile): 24838 248392011-12-03 Darin Adler <darin@apple.com> 24840 24841 Use HashMap<OwnPtr> for ScriptSampleRecordMap 24842 https://bugs.webkit.org/show_bug.cgi?id=73758 24843 24844 Reviewed by Andreas Kling. 24845 24846 * bytecode/SamplingTool.cpp: 24847 (JSC::SamplingTool::notifyOfScope): Added adoptPtr. 24848 (JSC::SamplingTool::dump): Added get. 24849 * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr. 24850 248512011-12-03 Darin Adler <darin@apple.com> 24852 24853 Use HashMap<OwnPtr> for the opaqueJSClassData map 24854 https://bugs.webkit.org/show_bug.cgi?id=73759 24855 24856 Reviewed by Andreas Kling. 24857 24858 * API/JSClassRef.cpp: 24859 (OpaqueJSClass::contextData): Update types. 24860 * runtime/JSGlobalData.cpp: 24861 (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the 24862 timing the same. If we didn't care about the order of operations, we could remove this, too. 24863 * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the 24864 opaqueJSClassData map. 24865 248662011-12-03 Darin Adler <darin@apple.com> 24867 24868 Change HashMap implementation to use the pass type and peek type from traits for the mapped value 24869 https://bugs.webkit.org/show_bug.cgi?id=72474 24870 24871 Reviewed by Anders Carlsson. 24872 24873 * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType, 24874 and PeekType from the traits of the mapped value instead of hard-coding them here. 24875 Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself, 24876 to accomodate a PassInType that can't be copied. Use the store, peek, and passOut 24877 functions from the traits as well. 24878 24879 * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include 24880 PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had 24881 an earlier version that was just PassType, PeekType, pass, and peek. Also commented 24882 the HashTraits for RefPtr to foreshadow some work we can do there. 24883 24884 * wtf/RefPtrHashMap.h: Same changes as HashMap.h. 24885 248862011-12-02 David Levin <levin@chromium.org> 24887 24888 Rename WTF class from TemporarilyChange to TemporaryChange. 24889 https://bugs.webkit.org/show_bug.cgi?id=73479 24890 24891 Reviewed by Eric Seidel. 24892 24893 * JavaScriptCore.gypi: 24894 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 24895 * JavaScriptCore.xcodeproj/project.pbxproj: 24896 * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h. 24897 (WTF::TemporaryChange::TemporaryChange): 24898 (WTF::TemporaryChange::~TemporaryChange): 24899 249002011-12-02 Mark Hahnenberg <mhahnenberg@apple.com> 24901 24902 REGRESSION (r99754): All layout tests crash on Windows 24903 https://bugs.webkit.org/show_bug.cgi?id=72305 24904 24905 Reviewed by Geoffrey Garen. 24906 24907 Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in 24908 JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of 24909 a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an 24910 incorrect version of visitChildren on the object, which left its children unmarked, causing them to be 24911 collected when they were still reachable. 24912 24913 * runtime/JSFunction.cpp: 24914 (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away. 24915 * runtime/JSFunction.h: 24916 * runtime/JSGlobalData.cpp: 24917 (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization 24918 purposes are distinct from one another. 24919 249202011-12-02 Oliver Hunt <oliver@apple.com> 24921 24922 Improve float array support in the DFG JIT 24923 https://bugs.webkit.org/show_bug.cgi?id=73722 24924 24925 Reviewed by Gavin Barraclough. 24926 24927 Add basic support for float typed arrays in JSC. This is currently 24928 less optimal than it could be in the following ways: 24929 * float32Array1[0] = float32Array2[0] (eg. an element by element copy) 24930 promotes float to double and then back to float. 24931 * float64Array[0] will always perform NaN tests in order to prevent 24932 signalling NaNs from entering the engine. 24933 24934 We also don't support Float32Array on ARMv7 24935 24936 * assembler/MacroAssemblerARMv7.h: 24937 (JSC::MacroAssemblerARMv7::loadDouble): 24938 (JSC::MacroAssemblerARMv7::loadFloat): 24939 (JSC::MacroAssemblerARMv7::storeDouble): 24940 (JSC::MacroAssemblerARMv7::storeFloat): 24941 (JSC::MacroAssemblerARMv7::convertFloatToDouble): 24942 (JSC::MacroAssemblerARMv7::convertDoubleToFloat): 24943 * assembler/MacroAssemblerX86Common.h: 24944 (JSC::MacroAssemblerX86Common::loadDouble): 24945 (JSC::MacroAssemblerX86Common::loadFloat): 24946 (JSC::MacroAssemblerX86Common::storeDouble): 24947 (JSC::MacroAssemblerX86Common::storeFloat): 24948 (JSC::MacroAssemblerX86Common::convertDoubleToFloat): 24949 (JSC::MacroAssemblerX86Common::convertFloatToDouble): 24950 * assembler/X86Assembler.h: 24951 (JSC::X86Assembler::cvtsd2ss_rr): 24952 (JSC::X86Assembler::cvtss2sd_rr): 24953 (JSC::X86Assembler::movsd_rm): 24954 (JSC::X86Assembler::movss_rm): 24955 (JSC::X86Assembler::movsd_mr): 24956 (JSC::X86Assembler::movss_mr): 24957 * dfg/DFGAbstractState.cpp: 24958 (JSC::DFG::AbstractState::execute): 24959 * dfg/DFGNode.h: 24960 (JSC::DFG::Node::shouldSpeculateFloat32Array): 24961 * dfg/DFGPropagator.cpp: 24962 (JSC::DFG::Propagator::propagateNodePredictions): 24963 * dfg/DFGSpeculativeJIT.cpp: 24964 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 24965 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): 24966 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): 24967 * dfg/DFGSpeculativeJIT.h: 24968 * dfg/DFGSpeculativeJIT32_64.cpp: 24969 (JSC::DFG::SpeculativeJIT::compile): 24970 * dfg/DFGSpeculativeJIT64.cpp: 24971 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 24972 (JSC::DFG::SpeculativeJIT::compile): 24973 249742011-12-02 Sheriff Bot <webkit.review.bot@gmail.com> 24975 24976 Unreviewed, rolling out r101801. 24977 http://trac.webkit.org/changeset/101801 24978 https://bugs.webkit.org/show_bug.cgi?id=73667 24979 24980 Build is still broken (Requested by Ossy on #webkit). 24981 24982 * assembler/SH4Assembler.h: 24983 249842011-12-01 Darin Adler <darin@apple.com> 24985 24986 Prepare to deploy pass and peek types in the HashMap class 24987 https://bugs.webkit.org/show_bug.cgi?id=73477 24988 24989 Reviewed by Adam Roben. 24990 24991 This patch adds private typedefs inside the HashMap class, 24992 and uses them as appropriate. A future patch will actually 24993 tie those typedefs to hash traits, which will allow us to 24994 make HashMap work with OwnPtr mapped values and to optimize 24995 how HashMap works with RefPtr mapped values. 24996 24997 Also changed the hash translator and adapter struct templates 24998 to use template functions to simplify them and make them more 24999 flexible. 25000 25001 Also removed some unused template arguments. 25002 25003 This goes out of its way to not change behavior. Future patches 25004 will change the peek type to be a reference type, which will 25005 reduce reference count churn a bit for hash tables with RefPtr 25006 mapped values, and then do further optimizations for RefPtr 25007 and OwnPtr by getting types from the hash traits. 25008 25009 * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType, 25010 and MappedPeekType typedefs, and used them for the arguments 25011 and return types of the get, set, add, take, and inlineAdd 25012 functions. 25013 (WTF::HashMapTranslator): Changed this struct template to take 25014 fewer arguments, and changed its member functions to be 25015 function templates instead. This allows the compiler to 25016 determine types more flexibly and also simplifies use of it. 25017 (WTF::HashMapTranslatorAdapter): Ditto. 25018 (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter. 25019 Also reduced the arguments passed to the HashTable function template. 25020 (WTF::HashMap::contains): Ditto. 25021 (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. 25022 (WTF::HashMap::set): Ditto. 25023 (WTF::HashMap::add): Ditto. 25024 (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. 25025 (WTF::HashMap::get): Ditto. 25026 (WTF::HashMap::take): Ditto, but return MappedPassOutType and use 25027 that type in the implementation. 25028 (WTF::deleteAllValues): Removed unneeded template arguments from 25029 call to deleteAllPairSeconds. 25030 (WTF::deleteAllKeys): Removed unneeded template arguments from 25031 call to deleteAllPairFirsts. 25032 25033 * wtf/HashSet.h: 25034 (WTF::IdentityExtractor): Changed this to be a struct rather than 25035 a struct template, and replaced the extract function with a function 25036 template. This allows the compiler to deduce the type. 25037 (WTF::HashSetTranslatorAdapter): Changed this struct template to take 25038 fewer arguments, and changed its member functions to be 25039 function templates instead. This allows the compiler to 25040 determine types more flexibly and also simplifies use of it. 25041 (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter. 25042 Also reduced the arguments passed to the HashTable function template. 25043 (WTF::HashSet::contains): Ditto. 25044 (WTF::HashSet::add): Ditto. 25045 25046 * wtf/HashTable.h: 25047 (WTF::IdentityHashTranslator): Changed this struct template to take 25048 fewer arguments, and changed its member functions to be 25049 function templates instead. This allows the compiler to 25050 determine types more flexibly and also simplifies use of it. 25051 (WTF::HashTable::add): Reduced arguments passed to the function template. 25052 (WTF::HashTable::find): Ditto, also reversed the template arguments so the 25053 translator comes first so the compiler can deduce the other type. 25054 (WTF::HashTable::contains): Ditto. 25055 (WTF::HashTable::lookup): Ditto. 25056 (WTF::HashTable::lookupForWriting): Ditto. 25057 (WTF::HashTable::checkKey): Ditto. 25058 (WTF::HashTable::fullLookupForWriting): Ditto. 25059 (WTF::HashTable::add): Ditto. 25060 (WTF::HashTable::addPassingHashCode): Ditto. 25061 (WTF::HashTable::find): Ditto. 25062 (WTF::HashTable::contains): Ditto. 25063 25064 * wtf/ListHashSet.h: 25065 (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take 25066 fewer arguments, and changed its member functions to be function templates 25067 instead. This allows the compiler to determine types more flexibly and 25068 also simplifies use of it. 25069 (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable 25070 functon template. 25071 (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the 25072 same way we changed ListHashSetNodeHashFunctions above. 25073 (WTF::ListHashSetTranslatorAdapter::equal): 25074 (WTF::::contains): 25075 (WTF::::add): 25076 (WTF::::insertBefore): 25077 25078 * wtf/RefPtrHashMap.h: Updated comments. Removed the 25079 RefPtrHashMapRawKeyTranslator struct template; we can use the 25080 HashMapTranslator struct template from HashMap.h instead now that 25081 it is more flexible. Added MappedPassInType, MappedPassOutType, 25082 and MappedPeekType typedefs, and used them for the arguments 25083 and return types of the get, inlineGet, set, add, take, and inlineAdd 25084 functions. Changed the name of the RawKeyTranslator type to 25085 Translator since it's now a class that can handle both raw keys 25086 and conventional keys. 25087 (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator. 25088 Reduced the arguments passed to the HashTable function template. 25089 (WTF::HashMap::contains): Ditto. 25090 (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. 25091 (WTF::HashMap::set): Ditto. 25092 (WTF::HashMap::add): Ditto. 25093 (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. 25094 (WTF::HashMap::get): Ditto. 25095 (WTF::HashMap::take): Ditto, but return MappedPassOutType and use 25096 that type in the implementation. 25097 (WTF::deleteAllValues): Removed unneeded template arguments from 25098 call to deleteAllPairSeconds. 25099 (WTF::deleteAllKeys): Removed unneeded template arguments from 25100 call to deleteAllPairFirsts. 25101 251022011-12-02 Zoltan Herczeg <zherczeg@webkit.org> 25103 25104 MacroAssemblerSH4 does not implement readCallTarget 25105 https://bugs.webkit.org/show_bug.cgi?id=73434 25106 25107 Reviewed by Csaba Osztrogonác. 25108 25109 * assembler/SH4Assembler.h: 25110 (JSC::SH4Assembler::readCallTarget): Support for SH4. 25111 251122011-12-02 Hajime Morrita <morrita@chromium.org> 25113 25114 Unreviewed, rolling out r101751 and r101775. 25115 http://trac.webkit.org/changeset/101751 25116 http://trac.webkit.org/changeset/101775 25117 https://bugs.webkit.org/show_bug.cgi?id=73191 25118 25119 breaks Windows build 25120 25121 * JavaScriptCore.xcodeproj/project.pbxproj: 25122 * config.h: 25123 * runtime/JSExportMacros.h: Removed. 25124 * wtf/ExportMacros.h: 25125 * wtf/Platform.h: 25126 * wtf/WTFThreadData.h: 25127 * wtf/text/AtomicString.h: 25128 * wtf/text/StringStatics.cpp: 25129 251302011-12-01 Hajime Morrita <morrita@chromium.org> 25131 25132 JS_INLINE and WTF_INLINE should be visible from WebCore 25133 https://bugs.webkit.org/show_bug.cgi?id=73191 25134 25135 - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. 25136 - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. 25137 - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. 25138 25139 Reviewed by Kevin Ollivier. 25140 25141 * JavaScriptCore.xcodeproj/project.pbxproj: 25142 * config.h: 25143 * runtime/JSExportMacros.h: Added. 25144 * wtf/ExportMacros.h: 25145 * wtf/Platform.h: 25146 * wtf/WTFThreadData.h: 25147 * wtf/text/AtomicString.h: 25148 * wtf/text/StringStatics.cpp: 25149 251502011-12-01 Michael Saboff <msaboff@apple.com> 25151 25152 Changes proposed for 73457 slow down Kraken json-parse-financial 25153 https://bugs.webkit.org/show_bug.cgi?id=73584 25154 25155 Restructured StringImpl::equal to take advantage of 8 or 4 bytes 25156 at a time when possible. 25157 25158 This is worth ~3% on Kraken json-parse-financial. It provides 25159 ~2% on SunSpider string-unpack-code. 25160 25161 Reviewed by Sam Weinig. 25162 25163 * wtf/text/StringImpl.cpp: 25164 (WTF::equal): 25165 251662011-12-01 Oliver Hunt <oliver@apple.com> 25167 25168 Support integer typed arrays in the DFG JIT 25169 https://bugs.webkit.org/show_bug.cgi?id=73608 25170 25171 Reviewed by Filip Pizlo. 25172 25173 Add support for all the integral typed arrays in the DFG JIT. 25174 Currently this loads the contents of Uint32 arrays as doubles, 25175 which is clearly not as efficient as it could be, but this is 25176 still in the order of 10-20x faster than the existing behaviour. 25177 25178 This needed us to add support for writing 16bit values to the 25179 macroassembler, and also to support double<->unsigned conversion. 25180 25181 * assembler/ARMv7Assembler.h: 25182 (JSC::ARMv7Assembler::strh): 25183 (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned): 25184 * assembler/MacroAssemblerARMv7.h: 25185 (JSC::MacroAssemblerARMv7::store16): 25186 (JSC::MacroAssemblerARMv7::truncateDoubleToUint32): 25187 * assembler/MacroAssemblerX86Common.h: 25188 (JSC::MacroAssemblerX86Common::store16): 25189 (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): 25190 * assembler/X86Assembler.h: 25191 (JSC::X86Assembler::movw_rm): 25192 (JSC::X86Assembler::cvttsd2siq_rr): 25193 * bytecode/PredictedType.cpp: 25194 (JSC::predictionToString): 25195 (JSC::predictionFromClassInfo): 25196 * bytecode/PredictedType.h: 25197 (JSC::isInt8ArrayPrediction): 25198 (JSC::isInt16ArrayPrediction): 25199 (JSC::isInt32ArrayPrediction): 25200 (JSC::isUint8ArrayPrediction): 25201 (JSC::isUint16ArrayPrediction): 25202 (JSC::isUint32ArrayPrediction): 25203 (JSC::isFloat32ArrayPrediction): 25204 (JSC::isFloat64ArrayPrediction): 25205 * dfg/DFGAbstractState.cpp: 25206 (JSC::DFG::AbstractState::initialize): 25207 (JSC::DFG::AbstractState::execute): 25208 * dfg/DFGNode.h: 25209 (JSC::DFG::Node::shouldSpeculateInt8Array): 25210 (JSC::DFG::Node::shouldSpeculateInt16Array): 25211 (JSC::DFG::Node::shouldSpeculateInt32Array): 25212 (JSC::DFG::Node::shouldSpeculateUint8Array): 25213 (JSC::DFG::Node::shouldSpeculateUint16Array): 25214 (JSC::DFG::Node::shouldSpeculateUint32Array): 25215 (JSC::DFG::Node::shouldSpeculateFloat32Array): 25216 (JSC::DFG::Node::shouldSpeculateFloat64Array): 25217 * dfg/DFGPropagator.cpp: 25218 (JSC::DFG::Propagator::propagateNodePredictions): 25219 (JSC::DFG::Propagator::fixupNode): 25220 (JSC::DFG::Propagator::performNodeCSE): 25221 * dfg/DFGSpeculativeJIT.cpp: 25222 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 25223 (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): 25224 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): 25225 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 25226 * dfg/DFGSpeculativeJIT.h: 25227 * dfg/DFGSpeculativeJIT32_64.cpp: 25228 (JSC::DFG::SpeculativeJIT::compile): 25229 * dfg/DFGSpeculativeJIT64.cpp: 25230 (JSC::DFG::SpeculativeJIT::compile): 25231 * runtime/JSGlobalData.h: 25232 252332011-12-01 Benjamin Poulain <benjamin@webkit.org> 25234 25235 URLs are encoded in UTF-8, then decoded as if they are Latin1 25236 https://bugs.webkit.org/show_bug.cgi?id=71758 25237 25238 Reviewed by Darin Adler. 25239 25240 Add the operator == between a String and a Vector of char. The implementation 25241 is the same as the comparison of String and char* but adds the length as a 25242 parameter for comparing the strings. 25243 25244 * JavaScriptCore.exp: 25245 * wtf/text/StringImpl.h: 25246 (WTF::equal): 25247 * wtf/text/WTFString.h: 25248 (WTF::operator==): 25249 (WTF::operator!=): 25250 252512011-12-01 Martin Robinson <mrobinson@igalia.com> 25252 25253 [GTK] Read fonts from the jhbuild root 25254 https://bugs.webkit.org/show_bug.cgi?id=73487 25255 25256 Reviewed by Gustavo Noronha Silva. 25257 25258 Read fonts from the jhbuild root instead of from the system. This will ensure 25259 that all testers use the same fonts instead of leaving this up to luck. 25260 25261 * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner. 25262 252632011-12-01 Martin Robinson <mrobinson@igalia.com> 25264 25265 [GTK] Add a helper function to find the current executable's path 25266 https://bugs.webkit.org/show_bug.cgi?id=73473 25267 25268 Reviewed by Gustavo Noronha Silva. 25269 25270 Add a WTF helper which gets the binary path. This is currently only used 25271 in WebKit2. 25272 25273 * GNUmakefile.list.am: Add the new file to the source list. 25274 * wtf/gobject/GlibUtilities.cpp: Added. 25275 (getCurrentExecutablePath): 25276 * wtf/gobject/GlibUtilities.h: Added. 25277 252782011-12-01 Sheriff Bot <webkit.review.bot@gmail.com> 25279 25280 Unreviewed, rolling out r101691. 25281 http://trac.webkit.org/changeset/101691 25282 https://bugs.webkit.org/show_bug.cgi?id=73588 25283 25284 Tests fail on Chromium bots, early warning system warned 25285 committer, please adjust test_expectations in patch (Requested 25286 by scheib on #webkit). 25287 25288 * JavaScriptCore.exp: 25289 * wtf/text/StringImpl.h: 25290 * wtf/text/WTFString.h: 25291 252922011-12-01 Filip Pizlo <fpizlo@apple.com> 25293 25294 ARMv7 only allows for one-shot patching of compact offsets, while the 25295 JIT expects to be able to repatch 25296 https://bugs.webkit.org/show_bug.cgi?id=73548 25297 25298 Reviewed by Oliver Hunt. 25299 25300 * assembler/ARMv7Assembler.h: 25301 (JSC::ARMv7Assembler::setUInt7ForLoad): 25302 253032011-11-30 Benjamin Poulain <benjamin@webkit.org> 25304 25305 URLs are encoded in UTF-8, then decoded as if they are Latin1 25306 https://bugs.webkit.org/show_bug.cgi?id=71758 25307 25308 Reviewed by Darin Adler. 25309 25310 Add the operator == between a String and a Vector of char. The implementation 25311 is the same as the comparison of String and char* but adds the length as a 25312 parameter for comparing the strings. 25313 25314 * JavaScriptCore.exp: 25315 * wtf/text/StringImpl.h: 25316 (WTF::equal): 25317 * wtf/text/WTFString.h: 25318 (WTF::operator==): 25319 (WTF::operator!=): 25320 253212011-11-30 Dmitry Lomov <dslomov@google.com> 25322 25323 https://bugs.webkit.org/show_bug.cgi?id=73503 25324 [Chromium][V8] Implement ArrayBuffer transfer in chromium. 25325 Portions of this patch come from Luke Zarko. 25326 25327 Reviewed by David Levin. 25328 25329 * wtf/ArrayBuffer.cpp: 25330 (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr. 25331 * wtf/ArrayBuffer.h: 25332 (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr. 25333 (WTF::ArrayBuffer::isNeutered): 25334 * wtf/TypedArrayBase.h: 25335 (WTF::TypedArrayBase::neuter): 25336 253372011-12-01 Chao-ying Fu <fu@mips.com> 25338 25339 MacroAssemblerMIPS does not implement readCallTarget 25340 https://bugs.webkit.org/show_bug.cgi?id=73432 25341 25342 Reviewed by Zoltan Herczeg. 25343 25344 * assembler/MIPSAssembler.h: 25345 (JSC::MIPSAssembler::readCallTarget): 25346 * assembler/MacroAssemblerMIPS.h: 25347 (JSC::MacroAssemblerMIPS::readCallTarget): 25348 253492011-12-01 Noel Gordon <noel.gordon@gmail.com> 25350 25351 [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects 25352 https://bugs.webkit.org/show_bug.cgi?id=73527 25353 25354 Reviewed by Simon Hausmann. 25355 25356 wtf/qt/ThreadingQt.cpp was removed in r101477 25357 25358 * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp 25359 253602011-12-01 Filip Pizlo <fpizlo@apple.com> 25361 25362 BitVector isInline check could fail 25363 https://bugs.webkit.org/show_bug.cgi?id=70691 25364 25365 Reviewed by Gavin Barraclough. 25366 25367 Switch back to using the high bit as the inline marker, to make 25368 all of the bit indexing operations simpler. Computing the size in 25369 words and in bytes of a bitvector, using the number of bits as 25370 input is error-prone enough; and with the current approach to 25371 solving the X86 bug we end up getting it wrong. Making it right 25372 seems hard. 25373 25374 So instead, to solve the original problem (the high bit may be 25375 meaningful on 32-bit systems), the out-of-line storage pointer is 25376 right-shifted by 1. Compared to the original BitVector code, this 25377 is a much smaller change (just three lines). 25378 25379 This solves a bug where the DFG was corrupting its call frame 25380 because BitVector lost track of some bits. 25381 25382 * wtf/BitVector.cpp: 25383 (WTF::BitVector::setSlow): 25384 (WTF::BitVector::resizeOutOfLine): 25385 * wtf/BitVector.h: 25386 (WTF::BitVector::quickGet): 25387 (WTF::BitVector::quickSet): 25388 (WTF::BitVector::quickClear): 25389 (WTF::BitVector::makeInlineBits): 25390 (WTF::BitVector::isInline): 25391 (WTF::BitVector::outOfLineBits): 25392 253932011-11-30 Filip Pizlo <fpizlo@apple.com> 25394 25395 DFG should make it easier to notice node boundaries in disassembly 25396 https://bugs.webkit.org/show_bug.cgi?id=73509 25397 25398 Rubber-stamped by Gavin Barraclough 25399 25400 If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will 25401 be emitted at node boundaries, where the immediate being xor'd is the 25402 node index. 25403 25404 * dfg/DFGCommon.h: 25405 * dfg/DFGSpeculativeJIT.cpp: 25406 (JSC::DFG::SpeculativeJIT::compile): 25407 254082011-11-30 Geoffrey Garen <ggaren@apple.com> 25409 25410 Removed ArgList iterators. 25411 25412 Reviewed by Gavin Barraclough. 25413 25414 Another step toward reversing the argument order. 25415 25416 * interpreter/Interpreter.cpp: 25417 (JSC::Interpreter::executeCall): 25418 (JSC::Interpreter::executeConstruct): Switched from iterator to int. 25419 25420 * runtime/ArgList.h: 25421 (JSC::ArgList::ArgList): 25422 (JSC::ArgList::isEmpty): Removed iterators. 25423 25424 * runtime/JSArray.cpp: 25425 (JSC::JSArray::finishCreation): Switched from iterator to int. 25426 254272011-11-30 Yuqiang Xian <yuqiang.xian@intel.com> 25428 25429 32 bit DFG should handle logicalNot slow case instead of simply bailing out 25430 https://bugs.webkit.org/show_bug.cgi?id=73515 25431 25432 Reviewed by Filip Pizlo. 25433 25434 This improves Kraken performance by 14%, mainly due to ~3X improvement 25435 on imaging-desaturate. 25436 25437 * dfg/DFGSpeculativeJIT32_64.cpp: 25438 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 25439 254402011-11-30 Max Vujovic <mvujovic@adobe.com> 25441 25442 Some date values not handled consistently with IE/Firefox 25443 https://bugs.webkit.org/show_bug.cgi?id=14176 25444 25445 Reviewed by Gavin Barraclough. 25446 25447 Changed time zone offset parsing behavior to match IE/Firefox/Opera's in 25448 implementation dependent cases like "GMT-4". 25449 25450 * wtf/DateMath.cpp: 25451 (WTF::parseDateFromNullTerminatedCharacters): 25452 254532011-11-30 Mark Hahnenberg <mhahnenberg@apple.com> 25454 25455 toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback 25456 https://bugs.webkit.org/show_bug.cgi?id=73368 25457 25458 Reviewed by Darin Adler. 25459 25460 We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever 25461 happens to be in the first class of the chain, which potentially could be null. 25462 25463 <rdar://problem/10493218> 25464 25465 * API/JSCallbackFunction.cpp: 25466 (JSC::JSCallbackFunction::toStringCallback): 25467 (JSC::JSCallbackFunction::valueOfCallback): 25468 254692011-11-29 Sam Weinig <sam@webkit.org> 25470 25471 Add adoptCF and adoptNS convenience functions to RetainPtr.h 25472 https://bugs.webkit.org/show_bug.cgi?id=73399 25473 25474 Reviewed by Anders Carlsson. 25475 25476 * wtf/RetainPtr.h: 25477 (WTF::adoptCF): 25478 (WTF::adoptNS): 25479 These adoption functions match the pattern we use in other 25480 smart pointer classes. 25481 254822011-11-30 Adam Roben <aroben@apple.com> 25483 25484 Fix RetainPtr's move assignment operators 25485 25486 Fixes <http://webkit.org/b/73449> RetainPtr's move assignment operators don't modify the 25487 pointer being assigned to 25488 25489 I didn't write a test for this because we don't have a way of unit testing C++11 code (see 25490 <http://webkit.org/b/73448>). 25491 25492 Reviewed by Anders Carlsson. 25493 25494 * wtf/RetainPtr.h: 25495 (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own 25496 pointer. 25497 254982011-11-30 Csaba Osztrogonác <ossy@webkit.org> 25499 25500 Unreviewed rolling out incorrect r101481. 25501 25502 * assembler/MIPSAssembler.h: 25503 * assembler/MacroAssemblerMIPS.h: 25504 255052011-11-30 Simon Hausmann <simon.hausmann@nokia.com> 25506 25507 Fix compilation with MingW. 25508 25509 Reviewed by Csaba Osztrogonác. 25510 25511 * wtf/ThreadingWin.cpp: 25512 (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for 25513 the time being make the thread name setting unimplemented for MingW. 25514 255152011-11-30 Simon Hausmann <simon.hausmann@nokia.com> 25516 25517 Unreviewed propective build fix for Qt/Windows part 2 after r101477. 25518 25519 * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific<T>::Data 25520 255212011-11-30 Simon Hausmann <simon.hausmann@nokia.com> 25522 25523 Unreviewed propective build fix for Qt/Windows after r101477. 25524 25525 * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's 25526 only referenced from within another OS(WINDOWS) section. 25527 255282011-11-30 Csaba Osztrogonác <ossy@webkit.org> 25529 25530 Unreviewed speculative buildfix after r101457. 25531 25532 * assembler/MIPSAssembler.h: 25533 (JSC::MIPSAssembler::readCallTarget): 25534 * assembler/MacroAssemblerMIPS.h: 25535 (JSC::MacroAssemblerMIPS::readCallTarget): 25536 255372011-11-30 Andrew Wason <rectalogic@rectalogic.com> 25538 25539 Replace Qt QThread threading back-end with pthread/Win32 threading back-ends 25540 https://bugs.webkit.org/show_bug.cgi?id=72155 25541 25542 Reviewed by Simon Hausmann. 25543 25544 Use ThreadingPthreads and ThreadingWin instead of ThreadingQt. 25545 25546 * heap/MachineStackMarker.cpp: 25547 * wtf/MainThread.cpp: 25548 (WTF::initializeMainThread): 25549 * wtf/Platform.h: 25550 * wtf/ThreadSpecific.h: Drop QThreadStorage related code. 25551 (WTF::::destroy): 25552 * wtf/ThreadingPrimitives.h: 25553 * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread(). 25554 (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread. 25555 (WTF::scheduleDispatchFunctionsOnMainThread): 25556 * wtf/qt/ThreadingQt.cpp: Removed. 25557 * wtf/wtf.pro: 25558 255592011-11-30 Csaba Osztrogonác <ossy@webkit.org> 25560 25561 MacroAssemblerARM does not implement readCallTarget 25562 https://bugs.webkit.org/show_bug.cgi?id=73413 25563 25564 Based on Filip Pizlo's patch. 25565 25566 Buildfix. Rubber-stamped by Gabor Loki. 25567 25568 * assembler/ARMAssembler.h: 25569 (JSC::ARMAssembler::readCallTarget): 25570 * assembler/MacroAssemblerARM.h: 25571 (JSC::MacroAssemblerARM::readCallTarget): 25572 255732011-11-29 Filip Pizlo <fpizlo@apple.com> 25574 25575 Resetting a put_by_id inline cache should preserve the "isDirect" bit 25576 https://bugs.webkit.org/show_bug.cgi?id=73375 25577 25578 Reviewed by Gavin Barraclough. 25579 25580 For the replace case, we can find out if it was direct by looking at the 25581 slow call. For the transition case, we explicitly remember if it was 25582 direct. 25583 25584 * bytecode/CodeBlock.cpp: 25585 (JSC::printStructureStubInfo): 25586 * bytecode/StructureStubInfo.cpp: 25587 (JSC::StructureStubInfo::deref): 25588 (JSC::StructureStubInfo::visitWeakReferences): 25589 * bytecode/StructureStubInfo.h: 25590 (JSC::isPutByIdAccess): 25591 (JSC::StructureStubInfo::initPutByIdTransition): 25592 * dfg/DFGByteCodeParser.cpp: 25593 (JSC::DFG::ByteCodeParser::parseBlock): 25594 * dfg/DFGRepatch.cpp: 25595 (JSC::DFG::tryCachePutByID): 25596 * jit/JIT.h: 25597 * jit/JITPropertyAccess.cpp: 25598 (JSC::JIT::resetPatchPutById): 25599 (JSC::JIT::isDirectPutById): 25600 * jit/JITPropertyAccess32_64.cpp: 25601 (JSC::JIT::resetPatchPutById): 25602 * jit/JITStubs.cpp: 25603 (JSC::JITThunks::tryCachePutByID): 25604 256052011-11-29 Sam Weinig <sam@webkit.org> 25606 25607 Remove RetainPtr::releaseRef 25608 https://bugs.webkit.org/show_bug.cgi?id=73396 25609 25610 Reviewed by Dan Bernstein. 25611 25612 * wtf/RetainPtr.h: 25613 Be gone releaseRef! Long live leakRef! 25614 256152011-11-29 Sam Weinig <sam@webkit.org> 25616 25617 Add move semantics to RetainPtr 25618 https://bugs.webkit.org/show_bug.cgi?id=73393 25619 25620 Reviewed by Anders Carlsson. 25621 25622 * wtf/RetainPtr.h: 25623 (WTF::RetainPtr::RetainPtr): 25624 Add a move constructor and move enabled assignment operators 25625 to RetainPtr if the compiler being used supports rvalue 25626 references. If the compiler does not support it, we fallback 25627 to the copy semantics we have always had. 25628 256292011-11-29 Yuqiang Xian <yuqiang.xian@intel.com> 25630 25631 DFG local CSE may cause incorrect reference counting for a node 25632 https://bugs.webkit.org/show_bug.cgi?id=73390 25633 25634 Reviewed by Filip Pizlo. 25635 25636 When performing a node substitution, the ref count of the replaced 25637 child will be increased, no matter whether the user node is skipped in 25638 code generation or not. This will cause the reference count of the 25639 replaced child never get the chance to become zero and so the 25640 registers occupied by it cannot be reused simply without spilling, if 25641 it's used by a "skipped" node. 25642 This is a 1% gain on V8 benchmark, tested on IA32 Linux. 25643 25644 * dfg/DFGPropagator.cpp: 25645 (JSC::DFG::Propagator::performSubstitution): 25646 (JSC::DFG::Propagator::performNodeCSE): 25647 256482011-11-29 David Levin <levin@chromium.org> 25649 25650 Add a way to revert a variable to its previous value after leaving a scope. 25651 https://bugs.webkit.org/show_bug.cgi?id=73371 25652 25653 Reviewed by Adam Barth. 25654 25655 In case anyone from Chromium sees this, it is nearly identical to AutoReset 25656 but if the same name were used, it causes unnecessary ambiguity. 25657 25658 * JavaScriptCore.xcodeproj/project.pbxproj: 25659 * wtf/TemporarilyChange.h: Added. 25660 (WTF::TemporarilyChange::TemporarilyChange): 25661 (WTF::TemporarilyChange::~TemporarilyChange): 25662 256632011-11-29 Sam Weinig <sam@webkit.org> 25664 25665 Add COMPILER_SUPPORTS macro to allow for compiler feature testing 25666 https://bugs.webkit.org/show_bug.cgi?id=73386 25667 25668 Reviewed by Anders Carlsson. 25669 25670 * wtf/Compiler.h: 25671 Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and 25672 rvalue references for Clang. 25673 256742011-11-29 Oliver Hunt <oliver@apple.com> 25675 25676 Allow WebCore to describe typed arrays to JSC 25677 https://bugs.webkit.org/show_bug.cgi?id=73355 25678 25679 Reviewed by Gavin Barraclough. 25680 25681 Allow globaldata to track the structure of typed arrays. 25682 25683 * runtime/JSGlobalData.h: 25684 (JSC::TypedArrayDescriptor::TypedArrayDescriptor): 25685 256862011-11-28 Filip Pizlo <fpizlo@apple.com> 25687 25688 DFG debugCall() mechanism only works on X86 and X86-64 25689 https://bugs.webkit.org/show_bug.cgi?id=73282 25690 25691 Reviewed by Oliver Hunt. 25692 25693 * dfg/DFGAssemblyHelpers.h: 25694 (JSC::DFG::AssemblyHelpers::debugCall): 25695 256962011-11-28 Filip Pizlo <fpizlo@apple.com> 25697 25698 DFG non-X86 ArithDiv does speculation failure after mutating state, 25699 without a value recovery 25700 https://bugs.webkit.org/show_bug.cgi?id=73286 25701 25702 Reviewed by Gavin Barraclough. 25703 25704 * dfg/DFGSpeculativeJIT32_64.cpp: 25705 (JSC::DFG::SpeculativeJIT::compile): 25706 257072011-11-28 Filip Pizlo <fpizlo@apple.com> 25708 25709 Unreviewed build fixes for ARM. 25710 25711 * assembler/MacroAssemblerARMv7.h: 25712 (JSC::MacroAssemblerARMv7::readCallTarget): 25713 * dfg/DFGSpeculativeJIT.h: 25714 (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): 25715 257162011-11-20 Roland Steiner <rolandsteiner@chromium.org> 25717 25718 <style scoped>: add ENABLE(STYLE_SCOPED) flag to WebKit 25719 https://bugs.webkit.org/show_bug.cgi?id=72848 25720 25721 Add ENABLE_STYLE_SCOPED flag. 25722 25723 Reviewed by Dimitri Glazkov. 25724 25725 * Configurations/FeatureDefines.xcconfig: 25726 257272011-11-28 Jon Lee <jonlee@apple.com> 25728 25729 Create skeleton framework for notifications support in WK2 25730 https://bugs.webkit.org/show_bug.cgi?id=73253 25731 <rdar://problem/10356943> 25732 25733 * Configurations/FeatureDefines.xcconfig: Split out ENABLE_NOTIFICATIONS based on platform. 25734 257352011-11-28 Oliver Hunt <oliver@apple.com> 25736 25737 Fix windows build. 25738 25739 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 25740 257412011-11-28 Oliver Hunt <oliver@apple.com> 25742 25743 Fix gyp build 25744 25745 * JavaScriptCore.gypi: 25746 257472011-11-28 Filip Pizlo <fpizlo@apple.com> 25748 25749 GetById should not always speculate cell 25750 https://bugs.webkit.org/show_bug.cgi?id=73181 25751 25752 Reviewed by Gavin Barraclough. 25753 25754 GetById will now speculate cell if the predictions of the base are cell. 25755 Otherwise it will do like the old JIT (and like the old non-speculative 25756 DFG JIT): if not cell, go straight to slow-path but otherwise don't OSR 25757 out. This is a 1% speed-up on SunSpider. 25758 25759 * dfg/DFGAbstractState.cpp: 25760 (JSC::DFG::AbstractState::execute): 25761 * dfg/DFGOperations.cpp: 25762 * dfg/DFGOperations.h: 25763 * dfg/DFGSpeculativeJIT.h: 25764 (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): 25765 (JSC::DFG::SpeculativeJIT::callOperation): 25766 * dfg/DFGSpeculativeJIT32_64.cpp: 25767 (JSC::DFG::SpeculativeJIT::cachedGetById): 25768 (JSC::DFG::SpeculativeJIT::compile): 25769 * dfg/DFGSpeculativeJIT64.cpp: 25770 (JSC::DFG::SpeculativeJIT::compile): 25771 257722011-11-28 Oliver Hunt <oliver@apple.com> 25773 25774 Move typed array implementations into wtf 25775 https://bugs.webkit.org/show_bug.cgi?id=73248 25776 25777 Reviewed by Sam Weinig. 25778 25779 Move typed array implementation files from WebCore to wtf. Inline the 25780 .cpp files for each of the array views to cut down on unnecessary exports 25781 and function call overhead for trivial operations. 25782 25783 Added files to all the project files. 25784 25785 * GNUmakefile.list.am: 25786 * JavaScriptCore.exp: 25787 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 25788 * JavaScriptCore.xcodeproj/project.pbxproj: 25789 * wtf/ArrayBuffer.cpp: Renamed from Source/WebCore/html/canvas/Float32Array.cpp. 25790 (WTF::ArrayBuffer::transfer): 25791 (WTF::ArrayBuffer::addView): 25792 (WTF::ArrayBuffer::removeView): 25793 * wtf/ArrayBuffer.h: Renamed from Source/WebCore/html/canvas/ArrayBuffer.cpp. 25794 (WTF::ArrayBufferContents::ArrayBufferContents): 25795 (WTF::ArrayBufferContents::data): 25796 (WTF::ArrayBufferContents::sizeInBytes): 25797 (WTF::ArrayBufferContents::transfer): 25798 (WTF::ArrayBuffer::~ArrayBuffer): 25799 (WTF::ArrayBuffer::clampValue): 25800 (WTF::ArrayBuffer::create): 25801 (WTF::ArrayBuffer::ArrayBuffer): 25802 (WTF::ArrayBuffer::data): 25803 (WTF::ArrayBuffer::byteLength): 25804 (WTF::ArrayBuffer::slice): 25805 (WTF::ArrayBuffer::sliceImpl): 25806 (WTF::ArrayBuffer::clampIndex): 25807 (WTF::ArrayBufferContents::tryAllocate): 25808 (WTF::ArrayBufferContents::~ArrayBufferContents): 25809 * wtf/ArrayBufferView.cpp: Copied from Source/WebCore/bindings/js/JSArrayBufferCustom.cpp. 25810 (WTF::ArrayBufferView::ArrayBufferView): 25811 (WTF::ArrayBufferView::~ArrayBufferView): 25812 (WTF::ArrayBufferView::neuter): 25813 * wtf/ArrayBufferView.h: Renamed from Source/WebCore/html/canvas/ArrayBufferView.h. 25814 (WTF::ArrayBufferView::isByteArray): 25815 (WTF::ArrayBufferView::isUnsignedByteArray): 25816 (WTF::ArrayBufferView::isShortArray): 25817 (WTF::ArrayBufferView::isUnsignedShortArray): 25818 (WTF::ArrayBufferView::isIntArray): 25819 (WTF::ArrayBufferView::isUnsignedIntArray): 25820 (WTF::ArrayBufferView::isFloatArray): 25821 (WTF::ArrayBufferView::isDoubleArray): 25822 (WTF::ArrayBufferView::isDataView): 25823 (WTF::ArrayBufferView::buffer): 25824 (WTF::ArrayBufferView::baseAddress): 25825 (WTF::ArrayBufferView::byteOffset): 25826 (WTF::ArrayBufferView::verifySubRange): 25827 (WTF::ArrayBufferView::clampOffsetAndNumElements): 25828 (WTF::ArrayBufferView::setImpl): 25829 (WTF::ArrayBufferView::setRangeImpl): 25830 (WTF::ArrayBufferView::zeroRangeImpl): 25831 (WTF::ArrayBufferView::calculateOffsetAndLength): 25832 * wtf/CMakeLists.txt: 25833 * wtf/Float32Array.h: Renamed from Source/WebCore/html/canvas/Float32Array.h. 25834 (WTF::Float32Array::set): 25835 (WTF::Float32Array::item): 25836 (WTF::Float32Array::isFloatArray): 25837 (WTF::Float32Array::create): 25838 (WTF::Float32Array::Float32Array): 25839 (WTF::Float32Array::subarray): 25840 * wtf/Float64Array.h: Renamed from Source/WebCore/html/canvas/Float64Array.h. 25841 (WTF::Float64Array::set): 25842 (WTF::Float64Array::item): 25843 (WTF::Float64Array::isDoubleArray): 25844 (WTF::Float64Array::create): 25845 (WTF::Float64Array::Float64Array): 25846 (WTF::Float64Array::subarray): 25847 * wtf/Int16Array.h: Renamed from Source/WebCore/html/canvas/Int16Array.cpp. 25848 (WTF::Int16Array::set): 25849 (WTF::Int16Array::isShortArray): 25850 (WTF::Int16Array::create): 25851 (WTF::Int16Array::Int16Array): 25852 (WTF::Int16Array::subarray): 25853 * wtf/Int32Array.h: Renamed from Source/WebCore/html/canvas/Int32Array.cpp. 25854 (WTF::Int32Array::set): 25855 (WTF::Int32Array::isIntArray): 25856 (WTF::Int32Array::create): 25857 (WTF::Int32Array::Int32Array): 25858 (WTF::Int32Array::subarray): 25859 * wtf/Int8Array.h: Renamed from Source/WebCore/html/canvas/Int8Array.cpp. 25860 (WTF::Int8Array::set): 25861 (WTF::Int8Array::isByteArray): 25862 (WTF::Int8Array::create): 25863 (WTF::Int8Array::Int8Array): 25864 (WTF::Int8Array::subarray): 25865 * wtf/IntegralTypedArrayBase.h: Renamed from Source/WebCore/html/canvas/IntegralTypedArrayBase.h. 25866 (WTF::IntegralTypedArrayBase::set): 25867 (WTF::IntegralTypedArrayBase::item): 25868 (WTF::IntegralTypedArrayBase::IntegralTypedArrayBase): 25869 * wtf/TypedArrayBase.h: Renamed from Source/WebCore/html/canvas/TypedArrayBase.h. 25870 (WTF::TypedArrayBase::data): 25871 (WTF::TypedArrayBase::set): 25872 (WTF::TypedArrayBase::setRange): 25873 (WTF::TypedArrayBase::zeroRange): 25874 (WTF::TypedArrayBase::length): 25875 (WTF::TypedArrayBase::byteLength): 25876 (WTF::TypedArrayBase::TypedArrayBase): 25877 (WTF::TypedArrayBase::create): 25878 (WTF::TypedArrayBase::subarrayImpl): 25879 * wtf/Uint16Array.h: Renamed from Source/WebCore/html/canvas/Uint16Array.cpp. 25880 (WTF::Uint16Array::set): 25881 (WTF::Uint16Array::isUnsignedShortArray): 25882 (WTF::Uint16Array::create): 25883 (WTF::Uint16Array::Uint16Array): 25884 (WTF::Uint16Array::subarray): 25885 * wtf/Uint32Array.h: Renamed from Source/WebCore/html/canvas/Uint32Array.cpp. 25886 (WTF::Uint32Array::set): 25887 (WTF::Uint32Array::isUnsignedIntArray): 25888 (WTF::Uint32Array::create): 25889 (WTF::Uint32Array::Uint32Array): 25890 (WTF::Uint32Array::subarray): 25891 * wtf/Uint8Array.h: Renamed from Source/WebCore/html/canvas/Uint8Array.h. 25892 (WTF::Uint8Array::set): 25893 (WTF::Uint8Array::isUnsignedByteArray): 25894 (WTF::Uint8Array::create): 25895 (WTF::Uint8Array::Uint8Array): 25896 (WTF::Uint8Array::subarray): 25897 * wtf/wtf.pro: 25898 258992011-11-27 Filip Pizlo <fpizlo@apple.com> 25900 25901 Don't try to optimize huge code blocks 25902 https://bugs.webkit.org/show_bug.cgi?id=73187 25903 25904 Reviewed by Oliver Hunt. 25905 25906 This unifies the heuristics used for deciding if a code block is too big 25907 to optimize, and sets this heuristic to 1000, which is intuitively better 25908 than numeric_limits<unsigned>::max(). It also results in what looks like 25909 a speed-up on both SunSpider and V8 (in Tools/Scripts/bencher). 25910 25911 * dfg/DFGCapabilities.h: 25912 (JSC::DFG::mightCompileEval): 25913 (JSC::DFG::mightCompileProgram): 25914 (JSC::DFG::mightCompileFunctionForCall): 25915 (JSC::DFG::mightCompileFunctionForConstruct): 25916 * runtime/Heuristics.cpp: 25917 (JSC::Heuristics::initializeHeuristics): 25918 * runtime/Heuristics.h: 25919 259202011-11-28 Filip Pizlo <fpizlo@apple.com> 25921 25922 Either remove the GetMethod node from the DFG backend, or find a use for it 25923 https://bugs.webkit.org/show_bug.cgi?id=73178 25924 25925 Reviewed by Gavin Barraclough. 25926 25927 More testing seemed to imply that the GetMethod code was indeed not profitable 25928 in any major test. So, it's probably best to just remove it. 25929 25930 * bytecode/CodeBlock.cpp: 25931 (JSC::MethodCallLinkInfo::reset): 25932 * dfg/DFGAbstractState.cpp: 25933 (JSC::DFG::AbstractState::execute): 25934 * dfg/DFGJITCompiler.cpp: 25935 (JSC::DFG::JITCompiler::link): 25936 * dfg/DFGJITCompiler.h: 25937 * dfg/DFGNode.h: 25938 (JSC::DFG::Node::hasIdentifier): 25939 (JSC::DFG::Node::hasHeapPrediction): 25940 * dfg/DFGOperations.cpp: 25941 * dfg/DFGOperations.h: 25942 * dfg/DFGPropagator.cpp: 25943 (JSC::DFG::Propagator::propagateNodePredictions): 25944 * dfg/DFGRepatch.cpp: 25945 * dfg/DFGRepatch.h: 25946 * dfg/DFGSpeculativeJIT.h: 25947 * dfg/DFGSpeculativeJIT32_64.cpp: 25948 (JSC::DFG::SpeculativeJIT::cachedGetById): 25949 (JSC::DFG::SpeculativeJIT::compile): 25950 * dfg/DFGSpeculativeJIT64.cpp: 25951 (JSC::DFG::SpeculativeJIT::cachedGetById): 25952 (JSC::DFG::SpeculativeJIT::compile): 25953 259542011-11-28 Michael Saboff <msaboff@apple.com> 25955 25956 Change set 101187 from bug 73154 removed already lower case optimization 25957 https://bugs.webkit.org/show_bug.cgi?id=73174 25958 25959 Added back the "string is already lower case" optimization. 25960 25961 Reviewed by Geoffrey Garen. 25962 25963 * runtime/StringPrototype.cpp: 25964 (JSC::stringProtoFuncToLowerCase): 25965 259662011-11-28 Simon Hausmann <simon.hausmann@nokia.com> 25967 25968 Unreviewed prospective build fix. Touch the file to trigger correct 25969 rebuild on the Qt mips/sh4/sl bot. 25970 25971 * wtf/unicode/qt4/UnicodeQt4.h: 25972 259732011-11-28 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> 25974 25975 [Qt] Remove cruft from project file 25976 25977 Reviewed by Simon Hausmann. 25978 25979 * Target.pri: 25980 259812011-11-28 Simon Hausmann <simon.hausmann@nokia.com> 25982 25983 [Qt] WTF should be built as separate static library 25984 https://bugs.webkit.org/show_bug.cgi?id=73201 25985 25986 Reviewed by Tor Arne Vestbø. 25987 25988 * Target.pri: Don't claim to build WTF, as that would cause 25989 the debug-with-shlibs build to not link in wtf. 25990 * jsc.pro: Require wtf. 25991 * wtf/wtf.pri: Removed. 25992 * wtf/wtf.pro: Added. Pro file to build wtf statically. 25993 259942011-11-28 Martin Robinson <mrobinson@igalia.com> 25995 25996 [GTK] JavaScriptCore generated sources should build in the DerivedSources directory 25997 https://bugs.webkit.org/show_bug.cgi?id=73197 25998 25999 Reviewed by Philippe Normand. 26000 26001 Build all JavaScriptCore generated sources in DerivedSources. 26002 26003 * GNUmakefile.am: Update generation rules. 26004 * GNUmakefile.list.am: Update source lists. 26005 260062011-11-27 Filip Pizlo <fpizlo@apple.com> 26007 26008 DFG should not emit GetMethod node 26009 https://bugs.webkit.org/show_bug.cgi?id=73175 26010 26011 Reviewed by Gavin Barraclough. 26012 26013 Replaces all instances of the GetMethod node with GetById. This appears to 26014 be a slight win on V8. This patch leaves GetMethod support in the code-base, 26015 making this decision easy to reverse, for now. 26016 26017 * dfg/DFGByteCodeParser.cpp: 26018 (JSC::DFG::ByteCodeParser::parseBlock): 26019 260202011-11-26 Hajime Morrita <morrita@chromium.org> 26021 26022 Needs WTF_INLINE and JS_INLINE 26023 https://bugs.webkit.org/show_bug.cgi?id=72853 26024 26025 Reviewed by Kevin Ollivier. 26026 26027 Added WTF_HIDDEN, WTF_INLINE and JS_INLINE which 26028 indirect __attribute__((visibility("hidden")) 26029 26030 * config.h: 26031 * wtf/ExportMacros.h: 26032 260332011-11-25 Michael Saboff <msaboff@apple.com> 26034 26035 String.prototype.toLower should be optimized for 8 bit strings 26036 https://bugs.webkit.org/show_bug.cgi?id=73154 26037 26038 Changed stringProtoFuncToLowerCase to use StringImpl::lower() which has 26039 been optimized for 8 bit strings. 26040 26041 This is worth ~7% to sunspider string.tagcloud. 26042 26043 Reviewed by Filip Pizlo. 26044 26045 * runtime/StringPrototype.cpp: 26046 (JSC::stringProtoFuncToLowerCase): 26047 260482011-11-25 Michael Saboff <msaboff@apple.com> 26049 26050 Array.toString always uses StringImpl::characters() 26051 https://bugs.webkit.org/show_bug.cgi?id=72969 26052 26053 If all component strings are 8 bit, create an 8 bit result string for toString(). 26054 26055 This appears to be performance neutral to sunspider and v8. 26056 26057 Reviewed by Filip Pizlo. 26058 26059 * runtime/ArrayPrototype.cpp: 26060 (JSC::arrayProtoFuncToString): 26061 260622011-11-24 Michael Saboff <msaboff@apple.com> 26063 26064 UString methods are not character size aware 26065 https://bugs.webkit.org/show_bug.cgi?id=72975 26066 26067 Changed the UString number constructors to build 8 bit strings. 26068 Modified the other methods to check string bitness and process 26069 with 8 bits wherre appropriate. 26070 26071 * runtime/UString.cpp: 26072 (JSC::UString::number): 26073 (JSC::operator==): 26074 (JSC::operator<): 26075 (JSC::UString::ascii): 26076 260772011-11-24 Michael Saboff <msaboff@apple.com> 26078 26079 JavaScript string to number conversion functions use characters() 26080 https://bugs.webkit.org/show_bug.cgi?id=72974 26081 26082 Change the various JS to number routines to process strings 26083 using characters8() or characters16() as appropriate. 26084 Implemented using static template methods. 26085 26086 Reviewed by Filip Pizlo. 26087 26088 * runtime/JSGlobalObjectFunctions.cpp: 26089 (JSC::isInfinity): 26090 (JSC::jsHexIntegerLiteral): 26091 (JSC::jsStrDecimalLiteral): 26092 (JSC::toDouble): 26093 (JSC::jsToNumber): 26094 260952011-11-24 Michael Saboff <msaboff@apple.com> 26096 26097 Empty JSStrings are created as 16 bit 26098 https://bugs.webkit.org/show_bug.cgi?id=72968 26099 26100 Clear m_is8Bit flag for empty strings. 26101 26102 Reviewed by Filip Pizlo. 26103 26104 * runtime/JSString.h: 26105 (JSC::RopeBuilder::finishCreation): 26106 261072011-11-24 Michael Saboff <msaboff@apple.com> 26108 26109 Tune JSStringBuilder for 8 bit Strings 26110 https://bugs.webkit.org/show_bug.cgi?id=72683 26111 26112 Changed JSStringBuilder to use 8 bit buffers until 16 bit data is added. 26113 When 16 bit data is to be added, the 8 bit buffer is converted to 16 bit 26114 and building continues with a 16 bit buffer. 26115 26116 Reviewed by Filip Pizlo. 26117 26118 * runtime/JSStringBuilder.h: 26119 (JSC::JSStringBuilder::JSStringBuilder): 26120 (JSC::JSStringBuilder::append): 26121 (JSC::JSStringBuilder::upConvert): 26122 (JSC::JSStringBuilder::build): 26123 * runtime/UString.h: 26124 (JSC::UString::adopt): 26125 * wtf/text/StringImpl.h: 26126 (WTF::StringImpl::adopt): 26127 261282011-11-24 Zeno Albisser <zeno@webkit.org> 26129 26130 [Qt]WK2][Mac] Use Mac port's IPC implementation instead of Unix sockets 26131 https://bugs.webkit.org/show_bug.cgi?id=72495 26132 26133 Update defines to not use Unix Domain Sockets for platform Qt on Mac. 26134 This enables Qt to reuse existing code for mach ports and Grand 26135 Central Dispatch based IPC. 26136 26137 Reviewed by Simon Hausmann. 26138 26139 * wtf/Platform.h: 26140 261412011-11-24 Simon Hausmann <simon.hausmann@nokia.com> 26142 26143 [Qt] REGRESSION(r101131): WTF::scheduleDispatchFunctionsOnMainThread() doesn't work reliably 26144 26145 Reviewed by Andreas Kling. 26146 26147 We must make sure that the MainThreadInvoker object lives in the gui thread. There are a few 26148 ways of doing that and this fix seems like the least intrusive one by simply pushing the 26149 invoker to the gui thread if it's not there already. 26150 26151 * wtf/qt/MainThreadQt.cpp: 26152 (WTF::scheduleDispatchFunctionsOnMainThread): 26153 261542011-11-24 Patrick Gansterer <paroga@webkit.org> 26155 26156 [Qt] Use QEvent for dispatchFunctionsFromMainThread() 26157 https://bugs.webkit.org/show_bug.cgi?id=72704 26158 26159 Reviewed by Simon Hausmann. 26160 26161 Replace QMetaObject::invokeMethod with QCoreApplication::postEvent. 26162 This is the same as what invokeMethod does internally, but reduces 26163 the dependency on some internal QThread stuff. 26164 26165 * wtf/qt/MainThreadQt.cpp: 26166 (WTF::MainThreadInvoker::MainThreadInvoker): 26167 (WTF::MainThreadInvoker::event): 26168 (WTF::scheduleDispatchFunctionsOnMainThread): 26169 261702011-11-23 George Staikos <staikos@webkit.org> 26171 26172 Remove BlackBerry OS support from RandomNumberSeed, making QNX=UNIX. 26173 https://bugs.webkit.org/show_bug.cgi?id=73028 26174 26175 Reviewed by Daniel Bates. 26176 26177 * wtf/RandomNumberSeed.h: 26178 (WTF::initializeRandomNumberGenerator): 26179 261802011-11-23 Nikolas Zimmermann <nzimmermann@rim.com> 26181 26182 Add flags/precision arguments to String::number(double) to allow fine-grained control over the result string 26183 https://bugs.webkit.org/show_bug.cgi?id=72793 26184 26185 Reviewed by Zoltan Herczeg. 26186 26187 This new code will be used in follow-up patches to replace the String::format("%.2f") usage in 26188 platform/text/TextStream.cpp, and String::format("%.6lg") usage in svg/SVGPathStringBuilder.cpp. 26189 26190 The String::number(double) currently calls String::format("%.6lg") in trunk. In order to replace 26191 this by a variant that properly rounds to six significant figures, JSC code could be refactored. 26192 JSCs Number.toPrecision/toFixed uses wtf/dtoa/double-conversion which provides all features we need, 26193 except truncating trailing zeros, needed to mimic the "g" format, which is either f or e but with 26194 trailing zeros removed, producing shorter results. Changed the default signature to: 26195 26196 "static String number(double, unsigned = ShouldRoundSignificantFigures | ShouldTruncateTrailingZeros, unsigned precision = 6);". 26197 26198 In WebCore we can now replace String::format() calls like this: 26199 String::format("%.2f", f) -> String::number(f, ShouldRoundDecimalPlaces, 2) 26200 String::format("%.6lg", f) -> String::number(f) 26201 26202 The default parameters for precison & flags exactly match the format of the string produced now, except that the result 26203 is rounded according to the rounding mode / formatting mode and precision. This paves the way towards reliable results 26204 in the d="" attribute dumps of SVG paths across platforms. The dtoa rounding code enforces a unique zero, resolving 26205 all 0.0 vs. -0.0 issues currently seen on Windows, and some Gtk/Qt bots. 26206 26207 This patch needs a rebaseline of svg/dom/length-list-parser.html as we don't perfecly mimic the String::format() "lg" mode 26208 result for exponentials, we used to return eg. "e-7" and now return "e-07" - the trailing zero truncation hasn't been 26209 implemented for exponentials, as this really affects only this test and thus wasn't worth the trouble - in contrary the 26210 trailing zero truncation is needed for thousands of other results in "f" notation, and thus needed to match the DRT results. 26211 26212 Here's a performance comparision using a JSC release build and some arbitary numbers: 26213 Converting 123.456 using old approach took 95.527100ms. avg 0.000955ms/call. 26214 Converting 123.456 using new approach took 28.126953ms. avg 0.000281ms/call. 26215 26216 Converting 123 using old approach took 85.411133ms. avg 0.000854ms/call. 26217 Converting 123 using new approach took 24.190186ms. avg 0.000242ms/call. 26218 26219 Converting 0.1 using old approach took 92.622803ms. avg 0.000926ms/call. 26220 Converting 0.1 using new approach took 23.317871ms. avg 0.000233ms/call. 26221 26222 Converting 1/i using old approach took 106.893066ms. avg 0.001069ms/call. 26223 Converting 1/i using new approach took 27.164062ms. avg 0.000272ms/call. 26224 26225 For all numbers I've tested in RoundingSignificantFigures mode and 6 digit precision the speedup was at least 250%. 26226 26227 * JavaScriptCore.exp: Change String::number(double) signature. 26228 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Ditto. 26229 * runtime/NumberPrototype.cpp: 26230 (JSC::numberProtoFuncToFixed): Refactor this into numberToFixedPrecisionString(), move to wtf/dtoa.cpp. 26231 (JSC::numberProtoFuncToPrecision): Ditto, refactor this into numberToFixedWidthString. 26232 * wtf/dtoa.cpp: Moved fixedWidth/Precision helpers into dtoa, extend numberToFixedPrecisionString(). Add a mode which allows to truncate trailing zeros/decimal point. 26233 to make it possible to use them to generate strings that match the output from String::format("%6.lg"), while using our dtoas rounding facilities. 26234 * wtf/dtoa.h: 26235 * wtf/dtoa/utils.h: Expose new helper method, which allows us to truncate the result, before generating the output const char*. 26236 (WTF::double_conversion::StringBuilder::SetPosition): 26237 * wtf/text/WTFString.cpp: 26238 (WTF::String::number): Remove String::format("%6.lg") usage! Switch to rounding to six significant figures, while matching the output of String::format. 26239 * wtf/text/WTFString.h: 26240 262412011-11-23 Hajime Morrita <morrita@chromium.org> 26242 26243 WTF::String has extra WTF_EXPORT_PRIVATE 26244 https://bugs.webkit.org/show_bug.cgi?id=72858 26245 26246 Reviewed by Kevin Ollivier. 26247 26248 * wtf/text/WTFString.h: 26249 (WTF::String::String): 26250 262512011-11-23 Raphael Kubo da Costa <kubo@profusion.mobi> 26252 26253 [CMake] Move the top-level logic to the top-level directory. 26254 https://bugs.webkit.org/show_bug.cgi?id=72685 26255 26256 Reviewed by Brent Fulgham. 26257 26258 * CMakeLists.txt: Point to the right Source/ directory. 26259 * wtf/CMakeLists.txt: Ditto. 26260 262612011-11-22 Yuqiang Xian <yuqiang.xian@intel.com> 26262 26263 Strength reduction for Mul and Mod operations for known constants in DFG 26264 https://bugs.webkit.org/show_bug.cgi?id=72878 26265 26266 Reviewed by Filip Pizlo. 26267 26268 Also the code should be commonly shared by both 32_64 and 64. 26269 26270 * dfg/DFGNode.h: 26271 (JSC::DFG::nodeMayOverflow): 26272 * dfg/DFGSpeculativeJIT.cpp: 26273 (JSC::DFG::fmodAsDFGOperation): 26274 (JSC::DFG::SpeculativeJIT::compileInstanceOf): 26275 (JSC::DFG::isPowerOfTwo): 26276 (JSC::DFG::logTwo): 26277 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 26278 (JSC::DFG::SpeculativeJIT::compileArithMul): 26279 (JSC::DFG::SpeculativeJIT::compileArithMod): 26280 * dfg/DFGSpeculativeJIT.h: 26281 * dfg/DFGSpeculativeJIT32_64.cpp: 26282 (JSC::DFG::SpeculativeJIT::compile): 26283 * dfg/DFGSpeculativeJIT64.cpp: 26284 (JSC::DFG::SpeculativeJIT::compile): 26285 262862011-11-22 Daniel Bates <dbates@rim.com> 26287 26288 Add WTF infrastructure for the BlackBerry port 26289 https://bugs.webkit.org/show_bug.cgi?id=72970 26290 26291 Reviewed by Antonio Gomes. 26292 26293 * wtf/Assertions.cpp: Added BlackBerry-specific logging directive. 26294 * wtf/MathExtras.h: 26295 (abs): Added; stdlib doesn't contain abs() on QNX. 26296 * wtf/Platform.h: Define WTF_PLATFORM_BLACKBERRY and enable some platform features. 26297 * wtf/RandomNumberSeed.h: 26298 (WTF::initializeRandomNumberGenerator): For the BlackBerry port, we initialize 26299 the bad pseudo random number generator using time(3) before initializing the 26300 Mersenne Twister random number generator. 26301 * wtf/ThreadingPthreads.cpp: 26302 (WTF::createThreadInternal): Added. 26303 * wtf/blackberry: Added. 26304 * wtf/blackberry/MainThreadBlackBerry.cpp: Added. 26305 (WTF::initializeMainThreadPlatform): 26306 (WTF::scheduleDispatchFunctionsOnMainThread): 26307 * wtf/text/WTFString.h: Added constructor and conversion operator for 26308 BlackBerry WebString string object. 26309 263102011-11-22 Sheriff Bot <webkit.review.bot@gmail.com> 26311 26312 Unreviewed, rolling out r100988. 26313 http://trac.webkit.org/changeset/100988 26314 https://bugs.webkit.org/show_bug.cgi?id=72941 26315 26316 "Broke pixel tests on Chromium-Linux" (Requested by kbalazs on 26317 #webkit). 26318 26319 * JavaScriptCore.gypi: 26320 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 26321 * wtf/ParallelJobs.h: 26322 * wtf/ParallelJobsGeneric.cpp: 26323 * wtf/ParallelJobsGeneric.h: 26324 (WTF::ParallelEnvironment::ParallelEnvironment): 26325 (WTF::ParallelEnvironment::execute): 26326 * wtf/Platform.h: 26327 263282011-11-21 Balazs Kelemen <kbalazs@webkit.org> 26329 26330 Enable ParallelJobs by default 26331 https://bugs.webkit.org/show_bug.cgi?id=70032 26332 26333 Reviewed by Zoltan Herczeg. 26334 26335 According to measurements on Mac and Linux it is a 26336 considerable speedup for SVG on multicore. 26337 26338 Remove the ENABLE(PARALLEL_JOBS) guard. 26339 Fix build on Windows and Chromium. 26340 26341 * JavaScriptCore.gypi: Add the files to the build. It was 26342 missing for the gyp build system. 26343 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 26344 Export symbols. 26345 * wtf/ParallelJobs.h: 26346 * wtf/ParallelJobsGeneric.cpp: 26347 (WTF::ParallelEnvironment::ParallelEnvironment): 26348 (WTF::ParallelEnvironment::execute): 26349 Deinline these to avoid exporting a lot of symbols. 26350 These are non-trivial and called only once on a given object 26351 so it doesn't seems to be worthwile to inline them. 26352 Additionally fix a signed-unsigned comparison in the constructor. 26353 * wtf/ParallelJobsGeneric.h: 26354 * wtf/Platform.h: 26355 263562011-11-21 Filip Pizlo <fpizlo@apple.com> 26357 26358 DFG should have richer debug output for CFA and phi processing 26359 https://bugs.webkit.org/show_bug.cgi?id=72922 26360 26361 Reviewed by Gavin Barraclough. 26362 26363 In the default verbose mode, we now print information about variable 26364 state at the bottom of basic blocks in addition to the top, and we 26365 also print local variable linking. In the verbose propagation mode, 26366 the state of phi processing is dumped more richly and CFA merging (the 26367 most subtle part of CFA) is traced as well. 26368 26369 * dfg/DFGAbstractState.cpp: 26370 (JSC::DFG::AbstractState::endBasicBlock): 26371 (JSC::DFG::AbstractState::mergeStateAtTail): 26372 * dfg/DFGAbstractValue.h: 26373 (JSC::DFG::StructureAbstractValue::dump): 26374 (JSC::DFG::AbstractValue::dump): 26375 * dfg/DFGByteCodeParser.cpp: 26376 (JSC::DFG::ByteCodeParser::processPhiStack): 26377 (JSC::DFG::ByteCodeParser::parse): 26378 * dfg/DFGCommon.h: 26379 (JSC::DFG::NodeIndexTraits::dump): 26380 * dfg/DFGDriver.cpp: 26381 (JSC::DFG::compile): 26382 * dfg/DFGGraph.cpp: 26383 (JSC::DFG::Graph::dump): 26384 * dfg/DFGNode.h: 26385 (JSC::DFG::Node::dumpChildren): 26386 * dfg/DFGOSRExitCompiler.cpp: 26387 * dfg/DFGOperands.h: 26388 (JSC::DFG::OperandValueTraits::dump): 26389 (JSC::DFG::dumpOperands): 26390 263912011-11-21 Filip Pizlo <fpizlo@apple.com> 26392 26393 Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken 26394 https://bugs.webkit.org/show_bug.cgi?id=71505 26395 26396 Reviewed by Gavin Barraclough. 26397 26398 It turns out that we were corrupting phi nodes in case of overflow. The bug is 26399 really obvious, but producing a test case that causes the badness is hard. Even 26400 when the phi nodes do get corrupt, there's more that has to happen before it 26401 causes incorrect execution - and I wasn't able to reproduce in any kind of 26402 sensible reduced case. 26403 26404 * dfg/DFGByteCodeParser.cpp: 26405 (JSC::DFG::ByteCodeParser::processPhiStack): 26406 264072011-11-21 Simon Hausmann <simon.hausmann@nokia.com> 26408 26409 [Qt] Speed up debug builds. 26410 https://bugs.webkit.org/show_bug.cgi?id=72882 26411 26412 Reviewed by Tor Arne Vestbø. 26413 26414 * Target.pri: Make BUILDING_JavaScriptCore available earlier, so it can be 26415 used by the build system. 26416 264172011-11-21 Sheriff Bot <webkit.review.bot@gmail.com> 26418 26419 Unreviewed, rolling out r100913. 26420 http://trac.webkit.org/changeset/100913 26421 https://bugs.webkit.org/show_bug.cgi?id=72885 26422 26423 "Break Windows build" (Requested by kbalazs on #webkit). 26424 26425 * JavaScriptCore.gypi: 26426 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 26427 * wtf/ParallelJobs.h: 26428 * wtf/ParallelJobsGeneric.cpp: 26429 * wtf/ParallelJobsGeneric.h: 26430 (WTF::ParallelEnvironment::ParallelEnvironment): 26431 (WTF::ParallelEnvironment::execute): 26432 * wtf/Platform.h: 26433 264342011-11-21 Balazs Kelemen <kbalazs@webkit.org> 26435 26436 Enable ParallelJobs by default 26437 https://bugs.webkit.org/show_bug.cgi?id=70032 26438 26439 Reviewed by Zoltan Herczeg. 26440 26441 According to measurements on Mac and Linux it is a 26442 considerable speedup for SVG on multicore. 26443 26444 Remove the ENABLE(PARALLEL_JOBS) guard. 26445 Fix build on Windows and Chromium. 26446 26447 * JavaScriptCore.gypi: Add the files to the build. It was 26448 missing for the gyp build system. 26449 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 26450 Export symbols. 26451 * wtf/ParallelJobs.h: 26452 * wtf/ParallelJobsGeneric.cpp: 26453 (WTF::ParallelEnvironment::ParallelEnvironment): 26454 (WTF::ParallelEnvironment::execute): 26455 Deinline these to avoid exporting a lot of symbols. 26456 These are non-trivial and called only once on a given object 26457 so it doesn't seems to be worthwile to inline them. 26458 Additionally fix a signed-unsigned comparison in the constructor. 26459 * wtf/ParallelJobsGeneric.h: 26460 * wtf/Platform.h: 26461 264622011-11-21 Andy Wingo <wingo@igalia.com> 26463 26464 Add .dir-locals.el file for better Emacs defaults 26465 https://bugs.webkit.org/show_bug.cgi?id=72483 26466 26467 Reviewed by Xan Lopez. 26468 26469 * .dir-locals.el: Set appropriate directory-local variables for Emacs. 26470 264712011-11-21 Filip Pizlo <fpizlo@apple.com> 26472 26473 Another attempt at a build fix. 26474 26475 * dfg/DFGRepatch.h: 26476 (JSC::DFG::dfgResetGetByID): 26477 (JSC::DFG::dfgResetPutByID): 26478 264792011-11-20 Filip Pizlo <fpizlo@apple.com> 26480 26481 Unreviewed interpreter build fix. 26482 26483 * bytecode/CodeBlock.cpp: 26484 (JSC::CodeBlock::finalizeUnconditionally): 26485 * dfg/DFGRepatch.h: 26486 264872011-11-20 Yuqiang Xian <yuqiang.xian@intel.com> 26488 26489 Improve modulo operation on 32bit platforms 26490 https://bugs.webkit.org/show_bug.cgi?id=72501 26491 26492 Reviewed by Filip Pizlo. 26493 26494 Extend softModulo to support X86 and MIPS in baseline JIT. 26495 Apply the same optimization to 32bit DFG JIT. 26496 1% gain on Kraken, tested on Linux Core i7 Nehalem 32bit. 26497 26498 * dfg/DFGSpeculativeJIT.h: 26499 * dfg/DFGSpeculativeJIT32_64.cpp: 26500 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 26501 (JSC::DFG::SpeculativeJIT::compile): 26502 * jit/JITArithmetic32_64.cpp: 26503 (JSC::JIT::emit_op_mod): 26504 (JSC::JIT::emitSlow_op_mod): 26505 * jit/JITOpcodes32_64.cpp: 26506 (JSC::JIT::softModulo): 26507 * wtf/Platform.h: 26508 265092011-11-18 Filip Pizlo <fpizlo@apple.com> 26510 26511 Inline caches that refer to otherwise dead objects should be cleared 26512 https://bugs.webkit.org/show_bug.cgi?id=72311 26513 26514 Reviewed by Geoff Garen. 26515 26516 DFG code blocks now participate in the weak reference harvester fixpoint 26517 so that they only consider themselves to be live if either they are 26518 currently executing, or their owner is live and all of their weak references 26519 are live. If not, the relevant code blocks are jettisoned. 26520 26521 Inline caches in both the old JIT and the DFG are now cleared if any of 26522 their references are not marked at the end of a GC. 26523 26524 This is performance-neutral on SunSpider, V8, and Kraken. With the clear- 26525 all-code-on-GC policy that we currently have, it shows a slight reduction 26526 in memory usage. If we turn that policy off, it's pretty easy to come up 26527 with an example program that will cause ToT to experience linear heap 26528 growth, while with this patch, the heap stays small and remains at a 26529 constant size. 26530 26531 * assembler/ARMv7Assembler.h: 26532 (JSC::ARMv7Assembler::readCallTarget): 26533 * assembler/MacroAssemblerARMv7.h: 26534 (JSC::MacroAssemblerARMv7::readCallTarget): 26535 * assembler/MacroAssemblerX86.h: 26536 (JSC::MacroAssemblerX86::readCallTarget): 26537 * assembler/MacroAssemblerX86_64.h: 26538 (JSC::MacroAssemblerX86_64::readCallTarget): 26539 * bytecode/CodeBlock.cpp: 26540 (JSC::CodeBlock::visitAggregate): 26541 (JSC::CodeBlock::performTracingFixpointIteration): 26542 (JSC::CodeBlock::visitWeakReferences): 26543 (JSC::CodeBlock::finalizeUnconditionally): 26544 (JSC::CodeBlock::stronglyVisitStrongReferences): 26545 (JSC::MethodCallLinkInfo::reset): 26546 (JSC::ProgramCodeBlock::jettison): 26547 (JSC::EvalCodeBlock::jettison): 26548 (JSC::FunctionCodeBlock::jettison): 26549 * bytecode/CodeBlock.h: 26550 (JSC::CodeBlock::reoptimize): 26551 (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan): 26552 * bytecode/Instruction.h: 26553 (JSC::PolymorphicAccessStructureList::visitWeak): 26554 * bytecode/StructureStubInfo.cpp: 26555 (JSC::StructureStubInfo::visitWeakReferences): 26556 * bytecode/StructureStubInfo.h: 26557 (JSC::isGetByIdAccess): 26558 (JSC::isPutByIdAccess): 26559 (JSC::StructureStubInfo::reset): 26560 * dfg/DFGJITCompiler.cpp: 26561 (JSC::DFG::JITCompiler::link): 26562 * dfg/DFGOperations.cpp: 26563 * dfg/DFGRepatch.cpp: 26564 (JSC::DFG::dfgRepatchByIdSelfAccess): 26565 (JSC::DFG::dfgResetGetByID): 26566 (JSC::DFG::dfgResetPutByID): 26567 * dfg/DFGRepatch.h: 26568 (JSC::DFG::dfgResetGetByID): 26569 (JSC::DFG::dfgResetPutByID): 26570 * jit/JIT.h: 26571 * jit/JITPropertyAccess.cpp: 26572 (JSC::JIT::resetPatchGetById): 26573 (JSC::JIT::resetPatchPutById): 26574 * jit/JITPropertyAccess32_64.cpp: 26575 (JSC::JIT::resetPatchGetById): 26576 (JSC::JIT::resetPatchPutById): 26577 * jit/JITStubs.cpp: 26578 (JSC::DEFINE_STUB_FUNCTION): 26579 * jit/JITWriteBarrier.h: 26580 (JSC::JITWriteBarrierBase::clearToMaxUnsigned): 26581 265822011-11-20 Filip Pizlo <fpizlo@apple.com> 26583 26584 Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken 26585 https://bugs.webkit.org/show_bug.cgi?id=71505 26586 26587 Reviewed by Oliver Hunt. 26588 26589 The bytecode generator was assuming that call_varargs never reuses the base register 26590 (i.e. the function being called) for the result. This is no longer true. 26591 26592 * bytecompiler/BytecodeGenerator.cpp: 26593 (JSC::BytecodeGenerator::emitCallVarargs): 26594 * bytecompiler/BytecodeGenerator.h: 26595 * bytecompiler/NodesCodegen.cpp: 26596 (JSC::ApplyFunctionCallDotNode::emitBytecode): 26597 265982011-11-20 Filip Pizlo <fpizlo@apple.com> 26599 26600 DFG 32_64 should directly store double virtual registers on SetLocal 26601 https://bugs.webkit.org/show_bug.cgi?id=72845 26602 26603 Reviewed by Oliver Hunt. 26604 26605 2% win on Kraken. 26606 26607 * dfg/DFGSpeculativeJIT32_64.cpp: 26608 (JSC::DFG::SpeculativeJIT::compile): 26609 266102011-11-20 Noel Gordon <noel.gordon@gmail.com> 26611 26612 [chromium] Remove DFG::JITCodeGenerator from the gyp projects 26613 https://bugs.webkit.org/show_bug.cgi?id=72842 26614 26615 Reviewed by Filip Pizlo. 26616 26617 dfg/DFGJITCodeGenerator.{h,cpp} were removed in r100244 26618 26619 * JavaScriptCore.gypi: remove dfg/DFGJITCodeGenerator.{h,cpp} 26620 266212011-11-18 Daniel Bates <dbates@rim.com> 26622 26623 Add CMake build infrastructure for the BlackBerry port 26624 https://bugs.webkit.org/show_bug.cgi?id=72768 26625 26626 Reviewed by Antonio Gomes. 26627 26628 * PlatformBlackBerry.cmake: Added. 26629 * shell/PlatformBlackBerry.cmake: Added. 26630 * wtf/PlatformBlackBerry.cmake: Added. 26631 266322011-11-18 Filip Pizlo <fpizlo@apple.com> 26633 26634 DFG JIT fails speculation on InstanceOf if the base is not an object 26635 https://bugs.webkit.org/show_bug.cgi?id=72709 26636 26637 Reviewed by Geoff Garen. 26638 26639 InstanceOf already leverages the fact that we only allow the default 26640 hasInstance implementation. So, if the base is predicted to possibly 26641 be not an object and the CFA has not yet proven otherwise, InstanceOf 26642 will abstain from speculating cell and instead return false if the 26643 base is not a cell. 26644 26645 This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so 26646 speed-up in earley-boyer. Neutral according to bencher on SunSpider, 26647 V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9% 26648 win on V8 even on my harness, due to a 12.5% win on earley-boyer. 26649 26650 I also took this opportunity to make the code for InstanceOf common 26651 between the two JITs. This was partially successful, in that the 26652 "common code" has a bunch of #if's, but overall it seems like a code 26653 size reduction. 26654 26655 * dfg/DFGAbstractState.cpp: 26656 (JSC::DFG::AbstractState::execute): 26657 * dfg/DFGSpeculativeJIT.cpp: 26658 (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject): 26659 (JSC::DFG::SpeculativeJIT::compileInstanceOf): 26660 * dfg/DFGSpeculativeJIT.h: 26661 * dfg/DFGSpeculativeJIT32_64.cpp: 26662 (JSC::DFG::SpeculativeJIT::compile): 26663 * dfg/DFGSpeculativeJIT64.cpp: 26664 (JSC::DFG::SpeculativeJIT::compile): 26665 266662011-11-18 Mark Hahnenberg <mhahnenberg@apple.com> 26667 26668 Forgot to completely de-virtualize isDynamicScope 26669 https://bugs.webkit.org/show_bug.cgi?id=72763 26670 26671 Reviewed by Darin Adler. 26672 26673 * runtime/JSActivation.h: Removed virtual keyword. 26674 266752011-11-18 Filip Pizlo <fpizlo@apple.com> 26676 26677 Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*) 26678 https://bugs.webkit.org/show_bug.cgi?id=72292 26679 26680 Reviewed by Darin Adler. 26681 26682 Fix this for 32_64. 26683 26684 * dfg/DFGOSRExitCompiler32_64.cpp: 26685 (JSC::DFG::OSRExitCompiler::compileExit): 26686 266872011-11-18 Mark Hahnenberg <mhahnenberg@apple.com> 26688 26689 De-virtualize ExecutableBase::intrinsic 26690 https://bugs.webkit.org/show_bug.cgi?id=72548 26691 26692 Reviewed by Oliver Hunt. 26693 26694 * runtime/Executable.cpp: 26695 (JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value. 26696 * runtime/Executable.h: 26697 * runtime/JSCell.h: 26698 (JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo 26699 rather than requiring C++ RTTI. 26700 267012011-11-18 Patrick Gansterer <paroga@webkit.org> 26702 26703 [CMake] Remove duplicate dtoa files from CMakeLists.txt 26704 https://bugs.webkit.org/show_bug.cgi?id=72711 26705 26706 Reviewed by Brent Fulgham. 26707 26708 * wtf/CMakeLists.txt: 26709 267102011-11-17 Michael Saboff <msaboff@apple.com> 26711 26712 [Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore 26713 https://bugs.webkit.org/show_bug.cgi?id=72602 26714 26715 Fixed StringImpl::foldCase by adding return in the case we need to handle 26716 folding of 8 bit strings with Latin-1 characters. 26717 26718 Fixed case where StringImpl::replace was using a char temp instead of an 26719 LChar temp. 26720 26721 Because of the second change, I changed other uses of char or 26722 unsigned char to LChar. 26723 26724 Reviewed by Zoltan Herczeg. 26725 26726 * wtf/text/StringImpl.cpp: 26727 (WTF::StringImpl::upper): 26728 (WTF::StringImpl::foldCase): 26729 (WTF::equal): 26730 (WTF::equalIgnoringCase): 26731 (WTF::StringImpl::replace): 26732 267332011-11-17 Patrick Gansterer <paroga@webkit.org> 26734 26735 [CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt 26736 https://bugs.webkit.org/show_bug.cgi?id=72644 26737 26738 Reviewed by Brent Fulgham. 26739 26740 All ports need to do the same determination about fast malloc. Move the CMake code from 26741 platform specific files into the generic one, so that additional ports can reuse it. 26742 26743 * wtf/CMakeLists.txt: 26744 * wtf/PlatformEfl.cmake: 26745 * wtf/PlatformWinCE.cmake: 26746 267472011-11-17 Mark Hahnenberg <mhahnenberg@apple.com> 26748 26749 Add finalizer to JSActivation 26750 https://bugs.webkit.org/show_bug.cgi?id=72575 26751 26752 Reviewed by Geoffrey Garen. 26753 26754 * runtime/JSActivation.cpp: 26755 (JSC::JSActivation::finishCreation): Attach finalize function to objects during creation. 26756 (JSC::JSActivation::finalize): 26757 * runtime/JSActivation.h: Replaced virtual destructor with static finalize function. 26758 267592011-11-15 Filip Pizlo <fpizlo@apple.com> 26760 26761 Code block jettisoning should be part of the GC's transitive closure 26762 https://bugs.webkit.org/show_bug.cgi?id=72467 26763 26764 Reviewed by Geoff Garen. 26765 26766 Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all 26767 DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak 26768 references) and helps track what state each of those code blocks is in during 26769 GC. The state consists of two flags; mayBeExecuting, which tells if the code block 26770 is live from call frames; and isJettisoned, which tells if the code block is 26771 not owned by any executable and thus should be deleted as soon as it is not 26772 mayBeExecuting. 26773 26774 - Not executing, Not jettisoned: The code block may or may not be reachable from 26775 any executables, but it is owned by an executable, and hence should be 26776 kept alive if its executable is live and if all of its weak references are 26777 live. Otherwise it should be deleted during the current GC cycle, and its 26778 outgoing references should not be scanned. 26779 26780 - Not executing but jettisoned: The code block should be deleted as soon as 26781 possible and none of its outgoing references should be scanned. 26782 26783 - Executing but not jettisoned: The code block should be kept alive during this 26784 GC cycle, and all of its outgoing references (including the weak ones) 26785 should be scanned and marked strongly. The mayBeExecuting bit will be cleared at 26786 the end of the GC cycle. 26787 26788 - Executing and jettisoned: The code block should be kept alive during this 26789 GC cycle, and all of its outgoing references (including the weak ones) 26790 should be scanned and marked strongly. However, on the next GC cycle, it 26791 will have its mayBeExecuting bit cleared and hence it will become a candidate 26792 for immediate deletion provided it is not executing again. 26793 26794 This is performance-neutral. 26795 26796 * CMakeLists.txt: 26797 * GNUmakefile.list.am: 26798 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 26799 * JavaScriptCore.xcodeproj/project.pbxproj: 26800 * Target.pri: 26801 * bytecode/CodeBlock.cpp: 26802 (JSC::CodeBlock::~CodeBlock): 26803 * bytecode/CodeBlock.h: 26804 (JSC::CodeBlock::setJITCode): 26805 (JSC::CodeBlock::DFGData::DFGData): 26806 (JSC::DFGCodeBlocks::mark): 26807 * heap/ConservativeRoots.cpp: 26808 (JSC::ConservativeRoots::add): 26809 * heap/ConservativeRoots.h: 26810 * heap/DFGCodeBlocks.cpp: Added. 26811 (JSC::DFGCodeBlocks::DFGCodeBlocks): 26812 (JSC::DFGCodeBlocks::~DFGCodeBlocks): 26813 (JSC::DFGCodeBlocks::jettison): 26814 (JSC::DFGCodeBlocks::clearMarks): 26815 (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks): 26816 (JSC::DFGCodeBlocks::traceMarkedCodeBlocks): 26817 * heap/DFGCodeBlocks.h: Added. 26818 * heap/Heap.cpp: 26819 (JSC::Heap::jettisonDFGCodeBlock): 26820 (JSC::Heap::markRoots): 26821 (JSC::Heap::collect): 26822 * heap/Heap.h: 26823 * heap/JettisonedCodeBlocks.cpp: Removed. 26824 * heap/JettisonedCodeBlocks.h: Removed. 26825 * interpreter/RegisterFile.cpp: 26826 (JSC::RegisterFile::gatherConservativeRoots): 26827 * interpreter/RegisterFile.h: 26828 * runtime/Executable.cpp: 26829 (JSC::jettisonCodeBlock): 26830 268312011-11-16 Filip Pizlo <fpizlo@apple.com> 26832 26833 Unreviewed, build fix for 32-bit. 26834 26835 * dfg/DFGSpeculativeJIT32_64.cpp: 26836 (JSC::DFG::SpeculativeJIT::compile): 26837 268382011-11-16 Geoffrey Garen <ggaren@apple.com> 26839 26840 Some CachedCall cleanup, in preparation for reversing argument order. 26841 26842 Reviewed by Gavin Barraclough. 26843 26844 * bytecode/CodeBlock.cpp: 26845 (JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter, 26846 so I can test it. 26847 26848 * interpreter/CachedCall.h: 26849 (JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because 26850 we are not that desperate for character saving. 26851 26852 (JSC::CachedCall::setThis): 26853 (JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for 26854 CallFrameClosure. 26855 26856 * interpreter/CallFrameClosure.h: 26857 (JSC::CallFrameClosure::setThis): 26858 (JSC::CallFrameClosure::setArgument): 26859 (JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing, 26860 with an explicit setter for 'this', since that's how most clients think. 26861 26862 * interpreter/Interpreter.cpp: 26863 (JSC::Interpreter::prepareForRepeatCall): 26864 * interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis, 26865 for clarity. 26866 268672011-11-16 Mark Hahnenberg <mhahnenberg@apple.com> 26868 26869 De-virtualize ScriptExecutable::unlinkCalls 26870 https://bugs.webkit.org/show_bug.cgi?id=72546 26871 26872 Reviewed by Geoffrey Garen. 26873 26874 * runtime/Executable.cpp: 26875 (JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error 26876 due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which 26877 didn't have complete type information on the things that needed to be destructed in the implicit destructor. 26878 * runtime/Executable.h: 26879 (JSC::EvalExecutable::createStructure): Used new type value from JSType 26880 (JSC::ProgramExecutable::createStructure): Ditto 26881 (JSC::FunctionExecutable::createStructure): Ditto 26882 (JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation. 26883 * runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable. Remove explicit numbers, since 26884 that just adds noise to patches and they currently have no significance. 26885 268862011-11-16 Filip Pizlo <fpizlo@apple.com> 26887 26888 JSC::CodeBlock should know which references generated by the DFG are weak 26889 https://bugs.webkit.org/show_bug.cgi?id=72563 26890 26891 Reviewed by Geoff Garen. 26892 26893 CodeBlock::m_dfgData now tracks weak references and weak reference transitions 26894 (like ephemerons) generated by the DFG. The DFG makes sure to notify the 26895 CodeBlock of all uses of weak references and weak reference transitions. 26896 CodeBlock currently marks them strongly, since the weak marking logic is not 26897 in place, yet. 26898 26899 * bytecode/CodeBlock.cpp: 26900 (JSC::CodeBlock::visitAggregate): 26901 (JSC::CodeBlock::stronglyVisitWeakReferences): 26902 * bytecode/CodeBlock.h: 26903 (JSC::CodeBlock::appendWeakReference): 26904 (JSC::CodeBlock::shrinkWeakReferencesToFit): 26905 (JSC::CodeBlock::appendWeakReferenceTransition): 26906 (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit): 26907 (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition): 26908 * bytecode/CodeOrigin.h: 26909 (JSC::CodeOrigin::codeOriginOwner): 26910 * dfg/DFGByteCodeParser.cpp: 26911 (JSC::DFG::ByteCodeParser::handleCall): 26912 (JSC::DFG::ByteCodeParser::handleInlining): 26913 (JSC::DFG::ByteCodeParser::parseBlock): 26914 * dfg/DFGJITCompiler.cpp: 26915 (JSC::DFG::JITCompiler::link): 26916 * dfg/DFGJITCompiler.h: 26917 (JSC::DFG::JITCompiler::addWeakReference): 26918 (JSC::DFG::JITCompiler::addWeakReferenceTransition): 26919 (JSC::DFG::JITCompiler::branchWeakPtr): 26920 * dfg/DFGSpeculativeJIT.h: 26921 * dfg/DFGSpeculativeJIT32_64.cpp: 26922 (JSC::DFG::SpeculativeJIT::compile): 26923 * dfg/DFGSpeculativeJIT64.cpp: 26924 (JSC::DFG::SpeculativeJIT::fillJSValue): 26925 (JSC::DFG::SpeculativeJIT::compile): 26926 269272011-11-16 Michael Saboff <msaboff@apple.com> 26928 26929 LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185) 26930 https://bugs.webkit.org/show_bug.cgi?id=72561 26931 26932 Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED(). 26933 Simplified the code in the process. 26934 26935 Reviewed by James Robinson. 26936 26937 * yarr/YarrInterpreter.cpp: 26938 (JSC::Yarr::Interpreter::CharAccess::CharAccess): 26939 (JSC::Yarr::Interpreter::CharAccess::~CharAccess): 26940 269412011-11-16 Geoffrey Garen <ggaren@apple.com> 26942 26943 Interpreter build fixes. 26944 26945 * bytecode/CodeBlock.h: 26946 * interpreter/Interpreter.cpp: 26947 (JSC::Interpreter::privateExecute): 26948 269492011-11-16 Patrick Gansterer <paroga@webkit.org> 26950 26951 Unreviewed. Build fix for !ENABLE(JIT) after r100363. 26952 26953 * bytecode/CodeBlock.h: 26954 269552011-11-16 Geoffrey Garen <ggaren@apple.com> 26956 26957 Rolled back in r100375 and r100385 with 32-bit build fixed. 26958 26959 * dfg/DFGOperations.cpp: 26960 * jit/JITStubs.cpp: 26961 (JSC::DEFINE_STUB_FUNCTION): 26962 * runtime/ArgList.cpp: 26963 (JSC::ArgList::getSlice): 26964 * runtime/ArgList.h: 26965 * runtime/JSArray.cpp: 26966 (JSC::JSArray::finishCreation): 26967 * runtime/JSArray.h: 26968 (JSC::JSArray::create): 26969 * runtime/JSGlobalObject.h: 26970 (JSC::constructArray): 26971 269722011-11-16 Filip Pizlo <fpizlo@apple.com> 26973 26974 DFG global variable CSE mishandles the cross-global-object inlining corner case 26975 https://bugs.webkit.org/show_bug.cgi?id=72542 26976 26977 Reviewed by Geoff Garen. 26978 26979 Moved code to get the global object for a code origin into CodeBlock, so it is 26980 more broadly accessible. Fixed CSE to compare both the variable number, and the 26981 global object, before deciding to perform elimination. 26982 26983 * bytecode/CodeBlock.h: 26984 (JSC::CodeBlock::globalObjectFor): 26985 * dfg/DFGAssemblyHelpers.h: 26986 (JSC::DFG::AssemblyHelpers::globalObjectFor): 26987 * dfg/DFGPropagator.cpp: 26988 (JSC::DFG::Propagator::globalVarLoadElimination): 26989 (JSC::DFG::Propagator::performNodeCSE): 26990 269912011-11-16 Michael Saboff <msaboff@apple.com> 26992 26993 Enable 8 Bit Strings in JavaScriptCore 26994 https://bugs.webkit.org/show_bug.cgi?id=71337 26995 26996 This patch turns on 8 bit strings in StringImpl and enables 26997 their use in JavaScriptCore. Some of the changes are to 26998 turn on code that had been staged (Lexer.cpp, Identifier.cpp, 26999 SmallStrings.cpp and some of StringImpl.{h,cpp}). 27000 Other changes are minor fixes to make 8 bit strings work 27001 (UString.h, StringImpl::getData16SlowCase()). 27002 Changed StringBuffer to be a templated class based on character 27003 type. This change rippled into WebCore code as well. 27004 27005 Reviewed by Geoffrey Garen. 27006 27007 * JavaScriptCore.exp: 27008 * parser/Lexer.cpp: 27009 (JSC::::append8): Changed to use 8 bit buffers. 27010 (JSC::::parseIdentifier): Changed to use 8 bit buffers. 27011 (JSC::::parseString): Changed to use 8 bit buffers. 27012 * runtime/Identifier.cpp: 27013 (JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit 27014 (JSC::Identifier::toUInt32FromCharacters): Templated helper. 27015 (JSC::Identifier::toUInt32): Added 8 bit optimized path. 27016 * runtime/SmallStrings.cpp: 27017 (JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings 27018 * runtime/UString.h: 27019 (JSC::UString::characters): Now calls StringImpl::characters() 27020 * wtf/Forward.h: 27021 * wtf/text/StringBuffer.h: Made StringBuffer a template base on character type. 27022 (WTF::StringBuffer::StringBuffer): 27023 (WTF::StringBuffer::characters): 27024 (WTF::StringBuffer::release): 27025 * wtf/text/StringImpl.cpp: 27026 (WTF::StringImpl::create): 27027 (WTF::StringImpl::getData16SlowCase): Fixed null terminated case. 27028 (WTF::StringImpl::removeCharacters): Added 8 bit path. 27029 (WTF::StringImpl::simplifyMatchedCharactersToSpace): 27030 (WTF::StringImpl::simplifyWhiteSpace): 27031 (WTF::equal): Removed bug from code copied from null terminated version. 27032 (WTF::StringImpl::adopt): Added 8 bit path. 27033 (WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation. 27034 * wtf/text/StringImpl.h: 27035 (WTF::StringImpl::StringImpl): Added new 8 bit constructor. 27036 (WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED(). 27037 (WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings. 27038 (WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings. 27039 * wtf/text/WTFString.h: 27040 (WTF::String::adopt): Changed to use StringBuffer template. 27041 270422011-11-16 Mark Hahnenberg <mhahnenberg@apple.com> 27043 27044 De-virtualize ExecutableBase::clearCodeVirtual 27045 https://bugs.webkit.org/show_bug.cgi?id=72337 27046 27047 Reviewed by Darin Adler. 27048 27049 Added static finalize functions to the subclasses of ExecutableBase that provide an implementation 27050 of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method, 27051 and had the finalize functions call the corresponding clearCode methods. 27052 27053 * runtime/Executable.cpp: 27054 (JSC::ExecutableBase::clearCode): 27055 (JSC::NativeExecutable::finalize): 27056 (JSC::EvalExecutable::finalize): 27057 (JSC::EvalExecutable::clearCode): 27058 (JSC::ProgramExecutable::finalize): 27059 (JSC::ProgramExecutable::clearCode): 27060 (JSC::FunctionExecutable::discardCode): 27061 (JSC::FunctionExecutable::finalize): 27062 (JSC::FunctionExecutable::clearCode): 27063 * runtime/Executable.h: 27064 (JSC::ExecutableBase::finishCreation): 27065 (JSC::NativeExecutable::create): 27066 (JSC::EvalExecutable::create): 27067 (JSC::ProgramExecutable::create): 27068 (JSC::FunctionExecutable::create): 27069 270702011-11-16 Yusuke Suzuki <utatane.tea@gmail.com> 27071 27072 String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral 27073 https://bugs.webkit.org/show_bug.cgi?id=71572 27074 27075 Reviewed by Gavin Barraclough and Darin Adler. 27076 27077 * runtime/RegExpObject.cpp: 27078 (JSC::regExpObjectSource): 27079 270802011-11-16 Darin Adler <darin@apple.com> 27081 27082 Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer 27083 https://bugs.webkit.org/show_bug.cgi?id=72475 27084 27085 Reviewed by Adam Roben. 27086 27087 * wtf/HashTraits.h: Specialize HashTraits for OwnPtr. 27088 Do overloads so we can pass a nullptr and also be sure to get the 27089 raw pointer type from the OwnPtr template so we handle both forms 27090 of OwnPtr: OwnPtr<T> and OwnPtr<T*>. 27091 270922011-11-16 Simon Hausmann <simon.hausmann@nokia.com> 27093 27094 [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions 27095 27096 Reviewed by Tor Arne Vestbø. 27097 27098 * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf. 27099 271002011-11-16 Simon Hausmann <simon.hausmann@nokia.com> 27101 27102 Unreviewed, rolling out r100266. 27103 http://trac.webkit.org/changeset/100266 27104 27105 Broke WTR. 27106 27107 * Target.pri: 27108 271092011-11-16 Darin Adler <darin@apple.com> 27110 27111 Add a "pass type" and "peek type" concept to HashTraits 27112 https://bugs.webkit.org/show_bug.cgi?id=72473 27113 27114 Reviewed by Filip Pizlo. 27115 27116 * wtf/HashTraits.h: Added the pass type and peek type. 27117 For OwnPtr, the pass type will be PassOwnPtr and the peek 27118 type will be a raw pointer. 27119 271202011-11-16 Darin Adler <darin@apple.com> 27121 27122 Fix some hash traits that don't derive from the base hash traits 27123 https://bugs.webkit.org/show_bug.cgi?id=72470 27124 27125 Reviewed by Filip Pizlo. 27126 27127 Hash traits structures need to derive from the base hash traits in 27128 HashTraits.h, but some were not. This is needed for compatibility with 27129 some additional traits we will be adding to make OwnPtr work with HashMap. 27130 27131 * runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from 27132 HashTraits<int>. This enabled removal of all the members except for the 27133 ones that control the empty value, because this is otherwise the same 27134 as the standard int hash. 27135 27136 * runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive 27137 from HashTraits<SymbolTableEntry> and removed redundant members. 27138 271392011-11-15 Sheriff Bot <webkit.review.bot@gmail.com> 27140 27141 Unreviewed, rolling out r100375 and r100385. 27142 http://trac.webkit.org/changeset/100375 27143 http://trac.webkit.org/changeset/100385 27144 https://bugs.webkit.org/show_bug.cgi?id=72465 27145 27146 They broke 32 bit builds on Qt (Requested by ossy on #webkit). 27147 27148 * dfg/DFGOperations.cpp: 27149 * jit/JITStubs.cpp: 27150 (JSC::DEFINE_STUB_FUNCTION): 27151 * runtime/ArgList.cpp: 27152 (JSC::ArgList::getSlice): 27153 * runtime/ArgList.h: 27154 (JSC::ArgList::ArgList): 27155 * runtime/JSArray.cpp: 27156 * runtime/JSArray.h: 27157 * runtime/JSGlobalObject.h: 27158 271592011-11-15 George Staikos <staikos@webkit.org> 27160 27161 Remove the guard page from the addressable stack region on QNX. 27162 https://bugs.webkit.org/show_bug.cgi?id=72455 27163 27164 Reviewed by Daniel Bates. 27165 27166 * wtf/StackBounds.cpp: 27167 (WTF::StackBounds::initialize): 27168 271692011-11-15 Michael Saboff <msaboff@apple.com> 27170 27171 Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings 27172 https://bugs.webkit.org/show_bug.cgi?id=72323 27173 27174 Added 8 bit optimized paths for String and UString ascii() and utf8() methods. 27175 27176 Added String::characters8(), characters16() and is8Bit() helper methods. 27177 27178 Added an new Unicode::convertLatin1ToUTF8() method that works on 27179 LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8(). 27180 27181 Reviewed by Geoff Garen. 27182 27183 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 27184 * runtime/UString.cpp: 27185 (JSC::UString::utf8): 27186 * wtf/text/WTFString.cpp: 27187 (WTF::String::ascii): 27188 (WTF::String::utf8): 27189 * wtf/text/WTFString.h: 27190 (WTF::String::characters8): 27191 (WTF::String::characters16): 27192 (WTF::String::is8Bit): 27193 (WTF::LChar): 27194 (WTF::UChar): 27195 * wtf/unicode/UTF8.cpp: 27196 (WTF::Unicode::convertLatin1ToUTF8): 27197 * wtf/unicode/UTF8.h: 27198 * wtf/unicode/Unicode.h: 27199 272002011-11-15 Darin Adler <darin@apple.com> 27201 27202 REGRESSION (r98887): ParserArena and Keywords leaking 27203 https://bugs.webkit.org/show_bug.cgi?id=72428 27204 27205 Reviewed by Sam Weinig. 27206 27207 * parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr 27208 need to be able to destroy it. 27209 27210 * parser/Parser.cpp: 27211 (JSC::Parser::Parser): Use get now that parserArena is an OwnPtr. 27212 27213 * runtime/JSGlobalData.cpp: 27214 (JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members. 27215 27216 * runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr. 27217 272182011-11-15 Geoffrey Garen <ggaren@apple.com> 27219 27220 Removed another use of ArgList that baked in the assumption that arguments 27221 are forward in the regiter file. 27222 27223 Reviewed by Sam Weinig. 27224 27225 * dfg/DFGOperations.cpp: 27226 * jit/JITStubs.cpp: 27227 (JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of 27228 working through ArgList. 27229 27230 * runtime/ArgList.h: Removed! 27231 272322011-11-15 Geoffrey Garen <ggaren@apple.com> 27233 27234 Removed a use of ArgList that baked in the assumption that arguments 27235 are forward in the regiter file. 27236 27237 Reviewed by Sam Weinig. 27238 27239 * dfg/DFGOperations.cpp: 27240 * jit/JITStubs.cpp: 27241 (JSC::DEFINE_STUB_FUNCTION): Use new API. 27242 27243 * runtime/ArgList.cpp: 27244 (JSC::ArgList::getSlice): No need to provide an arbitrary constructor -- 27245 getSlice can do the right thing by using its rights to private data. 27246 27247 * runtime/ArgList.h: Removed constructor that took a forward-contiguous 27248 set of arguments. 27249 27250 * runtime/JSArray.cpp: 27251 (JSC::JSArray::finishCreation): 27252 * runtime/JSArray.h: 27253 (JSC::JSArray::create): 27254 * runtime/JSGlobalObject.h: 27255 (JSC::constructArray): Added explicit support for creating an array from 27256 a pre-allocated set of values, so we could stop relying on the ArgList 27257 API we want to remove. 27258 272592011-11-15 Filip Pizlo <fpizlo@apple.com> 27260 27261 Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*) 27262 https://bugs.webkit.org/show_bug.cgi?id=72292 27263 27264 Reviewed by Geoff Garen. 27265 27266 We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling 27267 an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion() 27268 instead of CodeBlock::alternative(). 27269 27270 No performance effect. 27271 27272 No tests because all of our heuristics work very hard to make sure that this never happens in 27273 the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation) 27274 is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still 27275 because the whole point of jettisoning is to bring the probability of future OSR exits to as 27276 close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR 27277 exit after a jettison to be the first of its kind; our whole design tries to ensure that 27278 CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning 27279 is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR 27280 compilation. So this is a truly evil case, and any test for it would be quite fragile. 27281 27282 * bytecode/CodeBlock.h: 27283 (JSC::CodeBlock::specializationKind): 27284 (JSC::CodeBlock::largeFailCountThreshold): 27285 (JSC::CodeBlock::largeFailCountThresholdForLoop): 27286 * dfg/DFGAssemblyHelpers.h: 27287 (JSC::DFG::AssemblyHelpers::AssemblyHelpers): 27288 (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor): 27289 (JSC::DFG::AssemblyHelpers::baselineCodeBlock): 27290 * dfg/DFGDriver.cpp: 27291 (JSC::DFG::compile): 27292 * dfg/DFGOSRExitCompiler.cpp: 27293 * dfg/DFGOSRExitCompiler64.cpp: 27294 (JSC::DFG::OSRExitCompiler::compileExit): 27295 272962011-11-15 Geoffrey Garen <ggaren@apple.com> 27297 27298 Use MarkedArgumentBuffer to avoid making assumptions about argument order 27299 https://bugs.webkit.org/show_bug.cgi?id=72418 27300 27301 Reviewed by Sam Weinig. 27302 27303 A step toward reversing the argument order. 27304 27305 * runtime/JSONObject.cpp: 27306 (JSC::Stringifier::toJSON): 27307 (JSC::Stringifier::appendStringifiedValue): 27308 (JSC::Walker::callReviver): Don't assume that ArgList wants to point 27309 at arguments in forward order. Instead, use MarkedArgumentBuffer, which 27310 will make the decision for us. 27311 273122011-11-15 Filip Pizlo <fpizlo@apple.com> 27313 27314 DFG should distinguish between constants in the constant pool and weak 27315 constants added as artifacts of code generation 27316 https://bugs.webkit.org/show_bug.cgi?id=72367 27317 27318 Reviewed by Geoff Garen. 27319 27320 Added the notion of a WeakJSConstant, which is like a JSConstant except that 27321 it can only refer to JSCell*. Currently all WeakJSConstants are also backed 27322 by constants in the constant pool, since weak references originated from 27323 machine code are not yet properly handled. 27324 27325 Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant 27326 and CheckStructure. This results in improved CSE, leading to a 1% win on V8. 27327 27328 * dfg/DFGAbstractState.cpp: 27329 (JSC::DFG::AbstractState::execute): 27330 * dfg/DFGByteCodeParser.cpp: 27331 (JSC::DFG::ByteCodeParser::cellConstant): 27332 (JSC::DFG::ByteCodeParser::prepareToParseBlock): 27333 (JSC::DFG::ByteCodeParser::parseBlock): 27334 * dfg/DFGGraph.cpp: 27335 (JSC::DFG::Graph::dump): 27336 * dfg/DFGGraph.h: 27337 (JSC::DFG::Graph::getJSConstantPrediction): 27338 (JSC::DFG::Graph::valueOfJSConstant): 27339 (JSC::DFG::Graph::valueOfInt32Constant): 27340 (JSC::DFG::Graph::valueOfNumberConstant): 27341 (JSC::DFG::Graph::valueOfBooleanConstant): 27342 * dfg/DFGNode.h: 27343 (JSC::DFG::Node::isWeakConstant): 27344 (JSC::DFG::Node::hasConstant): 27345 (JSC::DFG::Node::weakConstant): 27346 (JSC::DFG::Node::valueOfJSConstant): 27347 (JSC::DFG::Node::isInt32Constant): 27348 (JSC::DFG::Node::isDoubleConstant): 27349 (JSC::DFG::Node::isNumberConstant): 27350 (JSC::DFG::Node::isBooleanConstant): 27351 (JSC::DFG::Node::hasIdentifier): 27352 * dfg/DFGPropagator.cpp: 27353 (JSC::DFG::Propagator::propagateNodePredictions): 27354 (JSC::DFG::Propagator::performNodeCSE): 27355 * dfg/DFGSpeculativeJIT32_64.cpp: 27356 (JSC::DFG::SpeculativeJIT::compile): 27357 * dfg/DFGSpeculativeJIT64.cpp: 27358 (JSC::DFG::SpeculativeJIT::compile): 27359 273602011-11-15 Michael Saboff <msaboff@apple.com> 27361 27362 Towards 8 bit Strings - Initial JS String Tuning 27363 https://bugs.webkit.org/show_bug.cgi?id=72326 27364 27365 Added 8 bit optimized paths for the methods below. 27366 27367 Reviewed by Geoffrey Garen. 27368 27369 * runtime/JSString.h: 27370 (JSC::jsSubstring8): 27371 * runtime/StringPrototype.cpp: 27372 (JSC::jsSpliceSubstrings): 27373 (JSC::jsSpliceSubstringsWithSeparators): 27374 (JSC::stringProtoFuncReplace): 27375 (JSC::stringProtoFuncCharCodeAt): 27376 273772011-11-15 Gavin Barraclough <barraclough@apple.com> 27378 27379 Result of Error.prototype.toString not ES5 conformant 27380 https://bugs.webkit.org/show_bug.cgi?id=70889 27381 27382 Reviewed by Oliver Hunt. 27383 27384 * runtime/ErrorPrototype.cpp: 27385 (JSC::errorProtoFuncToString): 27386 273872011-11-15 Simon Hausmann <simon.hausmann@nokia.com> 27388 27389 [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions 27390 27391 Reviewed by Tor Arne Vestbø. 27392 27393 * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf. 27394 273952011-11-15 Yuqiang Xian <yuqiang.xian@intel.com> 27396 27397 Remove DFGJITCompilerInlineMethods 27398 https://bugs.webkit.org/show_bug.cgi?id=72366 27399 27400 Reviewed by Filip Pizlo. 27401 27402 Those methods are actually seldom used. Modify the few such places and 27403 remove DFGJITCompilerInlineMethods stuffs totally. 27404 27405 * GNUmakefile.list.am: 27406 * JavaScriptCore.xcodeproj/project.pbxproj: 27407 * dfg/DFGJITCompiler.h: 27408 (JSC::DFG::JITCompiler::addressOfDoubleConstant): 27409 * dfg/DFGJITCompilerInlineMethods.h: Removed. 27410 * dfg/DFGSpeculativeJIT.cpp: 27411 * dfg/DFGSpeculativeJIT.h: 27412 (JSC::DFG::SpeculativeJIT::silentFillFPR): 27413 * dfg/DFGSpeculativeJIT32_64.cpp: 27414 (JSC::DFG::SpeculativeJIT::fillJSValue): 27415 (JSC::DFG::SpeculativeJIT::cachedGetMethod): 27416 274172011-11-14 Filip Pizlo <fpizlo@apple.com> 27418 27419 DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined 27420 https://bugs.webkit.org/show_bug.cgi?id=72348 27421 27422 Reviewed by Gavin Barraclough. 27423 27424 Moved all of JITCodeGenerator into SpeculativeJIT. 27425 27426 * CMakeLists.txt: 27427 * GNUmakefile.list.am: 27428 * JavaScriptCore.xcodeproj/project.pbxproj: 27429 * Target.pri: 27430 * dfg/DFGJITCodeGenerator.cpp: Removed. 27431 * dfg/DFGJITCodeGenerator.h: Removed. 27432 * dfg/DFGJITCodeGenerator32_64.cpp: Removed. 27433 * dfg/DFGJITCodeGenerator64.cpp: Removed. 27434 * dfg/DFGJITCompiler.cpp: 27435 * dfg/DFGRepatch.cpp: 27436 (JSC::DFG::generateProtoChainAccessStub): 27437 (JSC::DFG::tryCacheGetByID): 27438 (JSC::DFG::tryCachePutByID): 27439 * dfg/DFGSpeculativeJIT.cpp: 27440 (JSC::DFG::SpeculativeJIT::clearGenerationInfo): 27441 (JSC::DFG::SpeculativeJIT::fillStorage): 27442 (JSC::DFG::SpeculativeJIT::useChildren): 27443 (JSC::DFG::SpeculativeJIT::isStrictInt32): 27444 (JSC::DFG::SpeculativeJIT::isKnownInteger): 27445 (JSC::DFG::SpeculativeJIT::isKnownNumeric): 27446 (JSC::DFG::SpeculativeJIT::isKnownCell): 27447 (JSC::DFG::SpeculativeJIT::isKnownNotCell): 27448 (JSC::DFG::SpeculativeJIT::isKnownNotInteger): 27449 (JSC::DFG::SpeculativeJIT::isKnownNotNumber): 27450 (JSC::DFG::SpeculativeJIT::isKnownBoolean): 27451 (JSC::DFG::SpeculativeJIT::writeBarrier): 27452 (JSC::DFG::SpeculativeJIT::markCellCard): 27453 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare): 27454 (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): 27455 (JSC::DFG::dataFormatString): 27456 (JSC::DFG::SpeculativeJIT::dump): 27457 (JSC::DFG::SpeculativeJIT::checkConsistency): 27458 (JSC::DFG::GPRTemporary::GPRTemporary): 27459 (JSC::DFG::GPRTemporary::adopt): 27460 (JSC::DFG::FPRTemporary::FPRTemporary): 27461 * dfg/DFGSpeculativeJIT.h: 27462 (JSC::DFG::SpeculativeJIT::at): 27463 (JSC::DFG::SpeculativeJIT::lock): 27464 (JSC::DFG::SpeculativeJIT::unlock): 27465 (JSC::DFG::SpeculativeJIT::canReuse): 27466 (JSC::DFG::SpeculativeJIT::reuse): 27467 (JSC::DFG::SpeculativeJIT::allocate): 27468 (JSC::DFG::SpeculativeJIT::tryAllocate): 27469 (JSC::DFG::SpeculativeJIT::fprAllocate): 27470 (JSC::DFG::SpeculativeJIT::isFilled): 27471 (JSC::DFG::SpeculativeJIT::isFilledDouble): 27472 (JSC::DFG::SpeculativeJIT::use): 27473 (JSC::DFG::SpeculativeJIT::selectScratchGPR): 27474 (JSC::DFG::SpeculativeJIT::silentSpillGPR): 27475 (JSC::DFG::SpeculativeJIT::silentSpillFPR): 27476 (JSC::DFG::SpeculativeJIT::silentFillGPR): 27477 (JSC::DFG::SpeculativeJIT::silentFillFPR): 27478 (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters): 27479 (JSC::DFG::SpeculativeJIT::silentFillAllRegisters): 27480 (JSC::DFG::SpeculativeJIT::boxDouble): 27481 (JSC::DFG::SpeculativeJIT::unboxDouble): 27482 (JSC::DFG::SpeculativeJIT::spill): 27483 (JSC::DFG::SpeculativeJIT::isConstant): 27484 (JSC::DFG::SpeculativeJIT::isJSConstant): 27485 (JSC::DFG::SpeculativeJIT::isInt32Constant): 27486 (JSC::DFG::SpeculativeJIT::isDoubleConstant): 27487 (JSC::DFG::SpeculativeJIT::isNumberConstant): 27488 (JSC::DFG::SpeculativeJIT::isBooleanConstant): 27489 (JSC::DFG::SpeculativeJIT::isFunctionConstant): 27490 (JSC::DFG::SpeculativeJIT::valueOfInt32Constant): 27491 (JSC::DFG::SpeculativeJIT::valueOfNumberConstant): 27492 (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant): 27493 (JSC::DFG::SpeculativeJIT::valueOfJSConstant): 27494 (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant): 27495 (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant): 27496 (JSC::DFG::SpeculativeJIT::isNullConstant): 27497 (JSC::DFG::SpeculativeJIT::identifier): 27498 (JSC::DFG::SpeculativeJIT::flushRegisters): 27499 (JSC::DFG::SpeculativeJIT::isFlushed): 27500 (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr): 27501 (JSC::DFG::SpeculativeJIT::bitOp): 27502 (JSC::DFG::SpeculativeJIT::shiftOp): 27503 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): 27504 (JSC::DFG::SpeculativeJIT::addressOfCallData): 27505 (JSC::DFG::SpeculativeJIT::tagOfCallData): 27506 (JSC::DFG::SpeculativeJIT::payloadOfCallData): 27507 (JSC::DFG::SpeculativeJIT::integerResult): 27508 (JSC::DFG::SpeculativeJIT::noResult): 27509 (JSC::DFG::SpeculativeJIT::cellResult): 27510 (JSC::DFG::SpeculativeJIT::booleanResult): 27511 (JSC::DFG::SpeculativeJIT::jsValueResult): 27512 (JSC::DFG::SpeculativeJIT::storageResult): 27513 (JSC::DFG::SpeculativeJIT::doubleResult): 27514 (JSC::DFG::SpeculativeJIT::initConstantInfo): 27515 (JSC::DFG::SpeculativeJIT::resetCallArguments): 27516 (JSC::DFG::SpeculativeJIT::addCallArgument): 27517 (JSC::DFG::SpeculativeJIT::setupArguments): 27518 (JSC::DFG::SpeculativeJIT::setupArgumentsExecState): 27519 (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): 27520 (JSC::DFG::SpeculativeJIT::setupTwoStubArgs): 27521 (JSC::DFG::SpeculativeJIT::setupStubArguments): 27522 (JSC::DFG::SpeculativeJIT::callOperation): 27523 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): 27524 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): 27525 (JSC::DFG::SpeculativeJIT::setupResults): 27526 (JSC::DFG::SpeculativeJIT::appendCallSetResult): 27527 (JSC::DFG::SpeculativeJIT::addBranch): 27528 (JSC::DFG::SpeculativeJIT::linkBranches): 27529 (JSC::DFG::SpeculativeJIT::block): 27530 (JSC::DFG::SpeculativeJIT::checkConsistency): 27531 (JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord): 27532 (JSC::DFG::IntegerOperand::IntegerOperand): 27533 (JSC::DFG::IntegerOperand::~IntegerOperand): 27534 (JSC::DFG::IntegerOperand::index): 27535 (JSC::DFG::IntegerOperand::format): 27536 (JSC::DFG::IntegerOperand::gpr): 27537 (JSC::DFG::IntegerOperand::use): 27538 (JSC::DFG::DoubleOperand::DoubleOperand): 27539 (JSC::DFG::DoubleOperand::~DoubleOperand): 27540 (JSC::DFG::DoubleOperand::index): 27541 (JSC::DFG::DoubleOperand::fpr): 27542 (JSC::DFG::DoubleOperand::use): 27543 (JSC::DFG::JSValueOperand::JSValueOperand): 27544 (JSC::DFG::JSValueOperand::~JSValueOperand): 27545 (JSC::DFG::JSValueOperand::index): 27546 (JSC::DFG::JSValueOperand::gpr): 27547 (JSC::DFG::JSValueOperand::jsValueRegs): 27548 (JSC::DFG::JSValueOperand::isDouble): 27549 (JSC::DFG::JSValueOperand::fill): 27550 (JSC::DFG::JSValueOperand::tagGPR): 27551 (JSC::DFG::JSValueOperand::payloadGPR): 27552 (JSC::DFG::JSValueOperand::fpr): 27553 (JSC::DFG::JSValueOperand::use): 27554 (JSC::DFG::StorageOperand::StorageOperand): 27555 (JSC::DFG::StorageOperand::~StorageOperand): 27556 (JSC::DFG::StorageOperand::index): 27557 (JSC::DFG::StorageOperand::gpr): 27558 (JSC::DFG::StorageOperand::use): 27559 (JSC::DFG::GPRTemporary::~GPRTemporary): 27560 (JSC::DFG::GPRTemporary::gpr): 27561 (JSC::DFG::FPRTemporary::~FPRTemporary): 27562 (JSC::DFG::FPRTemporary::fpr): 27563 (JSC::DFG::FPRTemporary::FPRTemporary): 27564 (JSC::DFG::GPRResult::GPRResult): 27565 (JSC::DFG::GPRResult2::GPRResult2): 27566 (JSC::DFG::FPRResult::FPRResult): 27567 (JSC::DFG::FPRResult::lockedResult): 27568 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 27569 * dfg/DFGSpeculativeJIT32_64.cpp: 27570 (JSC::DFG::SpeculativeJIT::fillInteger): 27571 (JSC::DFG::SpeculativeJIT::fillDouble): 27572 (JSC::DFG::SpeculativeJIT::fillJSValue): 27573 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): 27574 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): 27575 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): 27576 (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp): 27577 (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp): 27578 (JSC::DFG::SpeculativeJIT::cachedGetById): 27579 (JSC::DFG::SpeculativeJIT::cachedPutById): 27580 (JSC::DFG::SpeculativeJIT::cachedGetMethod): 27581 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): 27582 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 27583 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): 27584 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 27585 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): 27586 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 27587 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): 27588 (JSC::DFG::SpeculativeJIT::emitCall): 27589 * dfg/DFGSpeculativeJIT64.cpp: 27590 (JSC::DFG::SpeculativeJIT::fillInteger): 27591 (JSC::DFG::SpeculativeJIT::fillDouble): 27592 (JSC::DFG::SpeculativeJIT::fillJSValue): 27593 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): 27594 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): 27595 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): 27596 (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp): 27597 (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp): 27598 (JSC::DFG::SpeculativeJIT::cachedGetById): 27599 (JSC::DFG::SpeculativeJIT::cachedPutById): 27600 (JSC::DFG::SpeculativeJIT::cachedGetMethod): 27601 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): 27602 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): 27603 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): 27604 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): 27605 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): 27606 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 27607 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): 27608 (JSC::DFG::SpeculativeJIT::emitCall): 27609 * runtime/JSFunction.h: 27610 276112011-11-14 Filip Pizlo <fpizlo@apple.com> 27612 27613 Weak reference harvesters should run to fixpoint 27614 https://bugs.webkit.org/show_bug.cgi?id=72346 27615 27616 Reviewed by Oliver Hunt. 27617 27618 * heap/Heap.cpp: 27619 (JSC::Heap::markRoots): 27620 * heap/ListableHandler.h: 27621 (JSC::ListableHandler::next): 27622 (JSC::ListableHandler::List::head): 27623 (JSC::ListableHandler::List::removeNext): 27624 (JSC::ListableHandler::List::removeAll): 27625 * heap/MarkStack.cpp: 27626 (JSC::MarkStackThreadSharedData::reset): 27627 (JSC::SlotVisitor::harvestWeakReferences): 27628 * heap/MarkStack.h: 27629 (JSC::MarkStack::isEmpty): 27630 276312011-11-14 Oliver Hunt <oliver@apple.com> 27632 27633 Start migrating typed array impl types to WTF 27634 https://bugs.webkit.org/show_bug.cgi?id=72336 27635 27636 Reviewed by Geoffrey Garen. 27637 27638 Add typed array impls to WTF forwarding header. 27639 27640 * wtf/Forward.h: 27641 276422011-11-14 Julien Chaffraix <jchaffraix@webkit.org> 27643 27644 Add --css-grid-layout to build-webkit and the build systems 27645 https://bugs.webkit.org/show_bug.cgi?id=72320 27646 27647 Reviewed by Ojan Vafai. 27648 27649 * Configurations/FeatureDefines.xcconfig: 27650 276512011-11-14 Geoffrey Garen <ggaren@apple.com> 27652 27653 A little bit of arguments / activation cleanup 27654 https://bugs.webkit.org/show_bug.cgi?id=72339 27655 27656 Reviewed by Gavin Barraclough. 27657 27658 Renamed copyRegisters => tearOff to match bytecode and other terminology. 27659 27660 Renamed setActivation => didTearOffActivation to indicate that this is a 27661 notification the object may choose to ignore. Moved "Should I ignore?" 27662 code into the arguments object to avoid duplication elsewhere. 27663 27664 * interpreter/Interpreter.cpp: 27665 (JSC::Interpreter::unwindCallFrame): 27666 (JSC::Interpreter::privateExecute): 27667 (JSC::Interpreter::retrieveArguments): 27668 * jit/JITStubs.cpp: 27669 (JSC::DEFINE_STUB_FUNCTION): 27670 * runtime/Arguments.h: 27671 (JSC::Arguments::createAndTearOff): 27672 (JSC::Arguments::didTearOffActivation): 27673 (JSC::Arguments::finishCreationButDontTearOff): 27674 (JSC::Arguments::finishCreation): 27675 (JSC::Arguments::finishCreationAndTearOff): 27676 (JSC::Arguments::tearOff): 27677 27678 * runtime/JSActivation.h: 27679 (JSC::JSActivation::tearOff): Moved Activation's code into its own header 27680 because that's where it belongs. 27681 276822011-11-14 Gavin Barraclough <barraclough@apple.com> 27683 27684 Should sign the jsc binary 27685 https://bugs.webkit.org/show_bug.cgi?id=72332 27686 27687 Reviewed by David Kilzer. 27688 27689 * Configurations/JSC.xcconfig: 27690 * entitlements.plist: Added. 27691 276922011-11-14 Filip Pizlo <fpizlo@apple.com> 27693 27694 DFG's inline references to objects should be tracked 27695 https://bugs.webkit.org/show_bug.cgi?id=72313 27696 27697 Reviewed by Gavin Barraclough. 27698 27699 Added a pinCell() method in the parser that currently creates a 27700 dummy constant in CodeBlock. Added calls to pinCell() wherever the 27701 DFG would inline a constant reference that the original code would 27702 not have referred to. 27703 27704 * dfg/DFGByteCodeParser.cpp: 27705 (JSC::DFG::ByteCodeParser::getCellConstantIndex): 27706 (JSC::DFG::ByteCodeParser::pinCell): 27707 (JSC::DFG::ByteCodeParser::cellConstant): 27708 (JSC::DFG::ByteCodeParser::handleCall): 27709 (JSC::DFG::ByteCodeParser::handleInlining): 27710 (JSC::DFG::ByteCodeParser::parseBlock): 27711 277122011-11-14 Filip Pizlo <fpizlo@apple.com> 27713 27714 DFG put_by_id transition optimizations test the wrong structures 27715 https://bugs.webkit.org/show_bug.cgi?id=72324 27716 27717 Reviewed by Gavin Barraclough. 27718 27719 * dfg/DFGByteCodeParser.cpp: 27720 (JSC::DFG::ByteCodeParser::structureChainIsStillValid): 27721 (JSC::DFG::ByteCodeParser::parseBlock): 27722 * jit/JITPropertyAccess.cpp: 27723 (JSC::JIT::privateCompilePutByIdTransition): 27724 277252011-11-14 Michael Saboff <msaboff@apple.com> 27726 27727 Further changes and cleanup to JSString.h and cpp. 27728 27729 Reviewed by Darin Adler. 27730 27731 * runtime/JSString.cpp: 27732 (JSC::JSString::resolveRope): Change PassRefPtr to RefPtr. Eliminated exec in slow case calls. 27733 (JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name. 27734 (JSC::JSString::resolveRopeSlowCase): Removed exec parameter. 27735 * runtime/JSString.h: 27736 277372011-11-14 Adam Barth <abarth@webkit.org> 27738 27739 DateMath.cpp should not depend on JavaScriptCore 27740 https://bugs.webkit.org/show_bug.cgi?id=71747 27741 27742 Reviewed by Darin Adler. 27743 27744 This patch moves the JSC-specific parts of DateMath into JSDateMath in 27745 JavaScriptCore. There shouldn't be any behavior change. 27746 27747 * CMakeLists.txt: 27748 * GNUmakefile.list.am: 27749 * JavaScriptCore.gypi: 27750 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 27751 * JavaScriptCore.xcodeproj/project.pbxproj: 27752 * Target.pri: 27753 * runtime/DateConstructor.cpp: 27754 * runtime/DateConversion.cpp: 27755 * runtime/DateInstance.cpp: 27756 * runtime/DateInstanceCache.h: 27757 * runtime/DatePrototype.cpp: 27758 * runtime/InitializeThreading.cpp: 27759 * runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp. 27760 (JSC::timeToMS): 27761 (JSC::msToSeconds): 27762 * runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h. 27763 * wtf/DateMath.cpp: 27764 (WTF::isLeapYear): 27765 (WTF::msToDays): 27766 (WTF::msToMinutes): 27767 (WTF::msToHours): 27768 (WTF::parseDateFromNullTerminatedCharacters): 27769 (WTF::makeRFC2822DateString): 27770 * wtf/DateMath.h: 27771 277722011-11-14 Michael Saboff <msaboff@apple.com> 27773 27774 Towards 8 bit strings - Add 8 bit handling to JSString Ropes 27775 https://bugs.webkit.org/show_bug.cgi?id=72317 27776 27777 Added bit to track that a rope is made up of all 8 bit fibers. 27778 Created an 8 bit path (fast and slow cases) to handle 8 bit 27779 only ropes. 27780 27781 Reviewed by Oliver Hunt. 27782 27783 * runtime/JSString.cpp: 27784 (JSC::JSString::resolveRope): 27785 (JSC::JSString::resolveRopeSlowCase8): 27786 (JSC::JSString::resolveRopeSlowCase16): 27787 * runtime/JSString.h: 27788 (JSC::RopeBuilder::finishCreation): 27789 (JSC::RopeBuilder::is8Bit): 27790 (JSC::jsSubstring8): 27791 277922011-11-14 Geoffrey Garen <ggaren@apple.com> 27793 27794 A little bit of function call cleanup 27795 https://bugs.webkit.org/show_bug.cgi?id=72314 27796 27797 Reviewed by Oliver Hunt. 27798 27799 * bytecompiler/BytecodeGenerator.cpp: 27800 (JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset 27801 because this value doesn't give you the offset of the callee's call frame. 27802 27803 (JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead 27804 of greater-than. Removed comment since its reasoning was wrong. 27805 27806 (JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above. 27807 27808 (JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way 27809 to ask this question, giving the bytecode generator more freedom to change 27810 internal implementation details. 27811 27812 * bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because 27813 16 was overkill. 27814 (JSC::CallArguments::registerOffset): Updated for rename mentioned above. 27815 27816 * bytecompiler/NodesCodegen.cpp: 27817 (JSC::CallArguments::CallArguments): 27818 (JSC::CallArguments::newArgument): Factored out argument allocation into 27819 a helper function, so I can change it later. 27820 27821 (JSC::CallFunctionCallDotNode::emitBytecode): 27822 (JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above. 27823 278242011-11-14 Tony Chang <tony@chromium.org> 27825 27826 Remove the CSS3_FLEXBOX compile time flag and enable on all ports 27827 https://bugs.webkit.org/show_bug.cgi?id=72196 27828 27829 Reviewed by Ojan Vafai. 27830 27831 * Configurations/FeatureDefines.xcconfig: 27832 278332011-11-14 Mark Rowe <mrowe@apple.com> 27834 27835 <rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore 27836 27837 testRegExp and testapi.js were being installed in the JavaScriptCore framework. 27838 As test-only tools they shouldn't be installed there by default, only when 27839 FORCE_TOOL_INSTALL is set to YES. 27840 27841 This patch incorprorates a few related changes: 27842 1) Make the jsc and testRegExp targets be configured via .xcconfig files. 27843 2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when 27844 FORCE_TOOL_INSTALL is YES. 27845 3) Switches the testapi target to using a script build phase to install testapi.js 27846 so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure 27847 why this isn't the built-in behavior when a Copy Files build phase has "Copy only 27848 when installing" checked, but it doesn't seem to be. 27849 4) Other random cleanup such as removing a bogus group that refers to files that do 27850 not exist, moving testRegExp.cpp in to the tests group, etc. 27851 27852 Reviewed by Geoff Garen. 27853 27854 * Configurations/JSC.xcconfig: Added. 27855 * Configurations/TestRegExp.xcconfig: Added. 27856 * JavaScriptCore.xcodeproj/project.pbxproj: 27857 278582011-11-14 Michael Saboff <msaboff@apple.com> 27859 27860 Towards 8 bit strings - Add 8 bit paths to StringImpl methods 27861 https://bugs.webkit.org/show_bug.cgi?id=72290 27862 27863 Added 8 bit patchs to StringImpl to number and find methods. 27864 27865 Reviewed by Oliver Hunt. 27866 27867 * wtf/text/StringImpl.cpp: 27868 (WTF::StringImpl::toIntStrict): 27869 (WTF::StringImpl::toUIntStrict): 27870 (WTF::StringImpl::toInt64Strict): 27871 (WTF::StringImpl::toUInt64Strict): 27872 (WTF::StringImpl::toIntPtrStrict): 27873 (WTF::StringImpl::toInt): 27874 (WTF::StringImpl::toUInt): 27875 (WTF::StringImpl::toInt64): 27876 (WTF::StringImpl::toUInt64): 27877 (WTF::StringImpl::toIntPtr): 27878 (WTF::StringImpl::toDouble): 27879 (WTF::StringImpl::toFloat): 27880 (WTF::StringImpl::find): 27881 (WTF::StringImpl::reverseFind): 27882 * wtf/text/WTFString.cpp: 27883 (WTF::toIntegralType): 27884 (WTF::lengthOfCharactersAsInteger): 27885 (WTF::charactersToIntStrict): 27886 (WTF::charactersToUIntStrict): 27887 (WTF::charactersToInt64Strict): 27888 (WTF::charactersToUInt64Strict): 27889 (WTF::charactersToIntPtrStrict): 27890 (WTF::charactersToInt): 27891 (WTF::charactersToUInt): 27892 (WTF::charactersToInt64): 27893 (WTF::charactersToUInt64): 27894 (WTF::charactersToIntPtr): 27895 (WTF::toDoubleType): 27896 (WTF::charactersToDouble): 27897 (WTF::charactersToFloat): 27898 * wtf/text/WTFString.h: 27899 (WTF::find): 27900 (WTF::reverseFind): 27901 279022011-11-14 Vincent Scheib <scheib@chromium.org> 27903 27904 Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags 27905 https://bugs.webkit.org/show_bug.cgi?id=72286 27906 27907 Reviewed by Adam Barth. 27908 27909 * wtf/Platform.h: 27910 279112011-11-14 Gavin Barraclough <barraclough@apple.com> 27912 27913 https://bugs.webkit.org/show_bug.cgi?id=72280 27914 27915 Rubber stamped by Geoff Garen. 27916 27917 Fix 32-bit Lion. 27918 27919 * JavaScriptCore.xcodeproj/project.pbxproj: 27920 * wtf/OSAllocatorPosix.cpp: 27921 (WTF::OSAllocator::reserveAndCommit): 27922 279232011-11-14 Geoffrey Garen <ggaren@apple.com> 27924 27925 32-bit Build fix: declare virtual register indices to be int rather than 27926 unsigned, since they can be positive or negative. 27927 27928 For better clarity, explicitly use ReturnPC instead of -1 as the "invalid" 27929 state, since we'll never load and operate on the ReturnPC as a JS value. 27930 27931 * jit/JIT.cpp: 27932 (JSC::JIT::JIT): 27933 * jit/JIT.h: 27934 * jit/JITInlineMethods.h: 27935 (JSC::JIT::emitLoadTag): 27936 (JSC::JIT::emitLoadPayload): 27937 (JSC::JIT::emitLoad): 27938 (JSC::JIT::emitLoad2): 27939 (JSC::JIT::emitLoadDouble): 27940 (JSC::JIT::emitLoadInt32ToDouble): 27941 (JSC::JIT::emitStore): 27942 (JSC::JIT::emitStoreInt32): 27943 (JSC::JIT::emitStoreAndMapInt32): 27944 (JSC::JIT::emitStoreCell): 27945 (JSC::JIT::emitStoreBool): 27946 (JSC::JIT::emitStoreDouble): 27947 (JSC::JIT::map): 27948 (JSC::JIT::unmap): 27949 (JSC::JIT::isMapped): 27950 (JSC::JIT::getMappedPayload): 27951 (JSC::JIT::getMappedTag): 27952 (JSC::JIT::emitJumpSlowCaseIfNotJSCell): 27953 279542011-11-14 Michael Saboff <msaboff@apple.com> 27955 27956 Remove unused m_data member from UStringSourceProvider 27957 https://bugs.webkit.org/show_bug.cgi?id=72289 27958 27959 Removed unused m_data member from UStringSourceProvider. 27960 27961 Reviewed by Oliver Hunt. 27962 27963 * parser/SourceProvider.h: 27964 (JSC::UStringSourceProvider::UStringSourceProvider): 27965 279662011-11-14 Michael Saboff <msaboff@apple.com> 27967 27968 Towards 8 Bit Strings: Templatize YARR Parser 27969 https://bugs.webkit.org/show_bug.cgi?id=72288 27970 27971 Changed Yarr::Parser to be a template based on character type. 27972 27973 Reviewed by Oliver Hunt. 27974 27975 * yarr/YarrParser.h: 27976 (JSC::Yarr::Parser::Parser): 27977 (JSC::Yarr::parse): 27978 279792011-11-14 Geoffrey Garen <ggaren@apple.com> 27980 27981 32-bit build fix: Removed unused declaration. 27982 27983 * dfg/DFGJITCodeGenerator32_64.cpp: 27984 (JSC::DFG::JITCodeGenerator::emitCall): 27985 279862011-11-12 Geoffrey Garen <ggaren@apple.com> 27987 27988 Standardized the JS calling convention 27989 https://bugs.webkit.org/show_bug.cgi?id=72221 27990 27991 Reviewed by Oliver Hunt. 27992 27993 This patch standardizes the calling convention so that the caller always 27994 sets up the callee's CallFrame. Adjustments for call type, callee type, 27995 argument count, etc. now always take place after that initial setup. 27996 27997 This is a step toward reversing the argument order, but also has these 27998 immediate benefits (measured on x64): 27999 28000 (1) 1% benchmark speedup across the board. 28001 28002 (2) 50% code size reduction in baseline JIT function calls. 28003 28004 (3) 1.5x speedup for single-dispatch .apply forwarding. 28005 28006 (4) 1.1x speedup for multi-dispatch .apply forwarding. 28007 28008 This change affected the baseline JIT most, since the baseline JIT had 28009 lots of ad hoc calling conventions for different caller / callee types. 28010 28011 * assembler/MacroAssemblerX86_64.h: 28012 (JSC::MacroAssemblerX86_64::branchPtr): 28013 (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into 28014 a test, like other assemblers do. (I added some compares to 0, and didn't 28015 want them to be slow.) 28016 28017 * bytecode/CodeBlock.cpp: 28018 (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so 28019 op_call_varargs could share code generation with other forms of op_call. 28020 This is also a small optimization, since op_*varargs no longer have to 28021 pass arguments to each other through the register file. 28022 28023 (JSC::CallLinkInfo::unlink): 28024 * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows 28025 us to link functions called through .apply syntax. We need to distinguish 28026 CallVarargs from Call because CallVarargs changes its argument count 28027 on each inovcation, so we must always link to the argument count checking 28028 version of the callee. 28029 28030 * bytecode/Opcode.h: 28031 * bytecompiler/BytecodeGenerator.cpp: 28032 (JSC::BytecodeGenerator::emitCallVarargs): 28033 * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs. 28034 28035 * bytecompiler/NodesCodegen.cpp: 28036 (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified 28037 some of this bytecode generation to remove redundant copies. 28038 28039 * dfg/DFGJITCodeGenerator32_64.cpp: 28040 (JSC::DFG::JITCodeGenerator::emitCall): 28041 * dfg/DFGJITCodeGenerator64.cpp: 28042 (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs. 28043 DFG doesn't support this type, but its code needs to change slightly 28044 to accomodate a 3-state variable. 28045 28046 Stopped passing the argument count in regT1 because this is non-standard. 28047 (The argument count goes in the CallFrame. This trades speed on the slow 28048 path for speed and code size on the fast path, and simplicity on all paths. 28049 A good trade, in my opinion.) 28050 28051 * dfg/DFGJITCompiler.cpp: 28052 (JSC::DFG::JITCompiler::compileEntry): 28053 (JSC::DFG::JITCompiler::link): 28054 (JSC::DFG::JITCompiler::compile): 28055 (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame 28056 setup more obvious when single-stepping. Also, updated for argument count 28057 not being in regT1. 28058 28059 * dfg/DFGJITCompiler.h: 28060 (JSC::DFG::JITCompiler::addJSCall): 28061 (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call 28062 type: CallVarargs. 28063 28064 * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before 28065 doing anything else. Don't check for stack overflow because we have no callee 28066 registers, and our caller has already checked for its own registers. 28067 28068 * dfg/DFGRepatch.cpp: 28069 (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument 28070 count doesn't match -- we just need to link to the argument count checking 28071 version. 28072 28073 * interpreter/CallFrameClosure.h: 28074 (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many 28075 arguments from C++, we need to supply a full copy of the arguments prior 28076 to the subset copy that matches our callee's argument count. (That is what 28077 the standard calling convention would have produced in JS.) I would have 28078 split this into its own patch, but I couldn't find a way to get the JIT 28079 to fail a regression test in this area without my patch applied. 28080 28081 * interpreter/Interpreter.cpp: Let the true code bomb begin! 28082 28083 (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame, 28084 and not eval()'s caller frame. We no longer leave the CallFrame pointing 28085 to eval()'s caller during a call to eval(), since that is not standard. 28086 28087 (JSC::loadVarargs): Factored out a shared helper function for use by JIT 28088 and interpreter because half the code means one quarter the bugs -- in my 28089 programming, at least. 28090 28091 (JSC::Interpreter::execute): Removed a now-unused way to invoke eval. 28092 28093 (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following 28094 putDirect, because it got in the way of my testing. (When putting a 28095 function, the cached base of a PutPropertySlot can be 0 to signify "do 28096 not optimize".) 28097 28098 op_call_eval: Updated for new, standard eval calling convention. 28099 28100 op_load_varargs: Merged op_load_varargs into op_call_varargs. 28101 28102 op_call_varags: Updated for new, standard eval calling convention. Don't 28103 check for stack overflow because the loadVarargs helper function already 28104 checked. 28105 28106 * interpreter/Interpreter.h: 28107 (JSC::Interpreter::execute): Headers are fun and educational! 28108 28109 * interpreter/RegisterFile.cpp: 28110 (JSC::RegisterFile::growSlowCase): 28111 * interpreter/RegisterFile.h: 28112 (JSC::RegisterFile::grow): Factored out the slow case into a slow 28113 case because it was cramping the style of my fast case. 28114 28115 * jit/JIT.cpp: 28116 (JSC::JIT::privateCompile): Moved initialization of 28117 RegisterFile::CodeBlock to make it more obvious when debugging. Removed 28118 assumption that argument count is in regT1, as above. Removed call to 28119 restoreArgumentReference() because the JITStubCall abstraction does this for us. 28120 28121 (JSC::JIT::linkFor): Link even if we miss on argument count, as above. 28122 28123 * jit/JIT.h: 28124 * jit/JITCall32_64.cpp: 28125 (JSC::JIT::emitSlow_op_call): 28126 (JSC::JIT::emitSlow_op_call_eval): 28127 (JSC::JIT::emitSlow_op_call_varargs): 28128 (JSC::JIT::emitSlow_op_construct): 28129 (JSC::JIT::emit_op_call_eval): 28130 (JSC::JIT::emit_op_call_varargs): Share all function call code generation. 28131 Don't count call_eval when accounting for linkable function calls because 28132 eval doesn't link. (Its fast path is to perform the eval.) 28133 28134 (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization 28135 to our new calling convention. The key to this optimization is the 28136 observation that, in a function that declares no arguments, if any 28137 arguments are passed, they all end up right behind 'this'. 28138 28139 (JSC::JIT::compileCallEval): 28140 (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity. 28141 28142 (JSC::JIT::compileOpCall): 28143 (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader, 28144 this is the whole point of my patch. The caller now unconditionally moves 28145 the CallFrame forward and fills in the data it knows before taking any 28146 branches to deal with weird caller/callee pairs. 28147 28148 This also means that there is almost no slow path for calls -- it all 28149 gets folded into the shared virtual call stub. The only things remaining 28150 in the slow path are the rare case counter and a call to the stub. 28151 28152 * jit/JITOpcodes32_64.cpp: 28153 (JSC::JIT::privateCompileCTIMachineTrampolines): 28154 (JSC::JIT::privateCompileCTINativeCall): Updated for values being in 28155 different registers or in memory, based on our new standard calling 28156 convention. 28157 28158 Added a shared path for calling out to CTI helper functions for non-JS 28159 calls. 28160 28161 * jit/JITPropertyAccess32_64.cpp: 28162 (JSC::JIT::emit_op_method_check): method_check emits its own code and 28163 the following get_by_id's code, so it needs to add both when informing 28164 result chaining of its result. This is important because the standard 28165 calling convention can now take advantage of this chaining. 28166 28167 * jit/JITCall.cpp: 28168 (JSC::JIT::compileLoadVarargs): 28169 (JSC::JIT::compileCallEval): 28170 (JSC::JIT::compileCallEvalSlowCase): 28171 (JSC::JIT::compileOpCall): 28172 (JSC::JIT::compileOpCallSlowCase): 28173 * jit/JITOpcodes.cpp: 28174 (JSC::JIT::privateCompileCTIMachineTrampolines): 28175 (JSC::JIT::emit_op_call_eval): 28176 (JSC::JIT::emit_op_call_varargs): 28177 (JSC::JIT::emitSlow_op_call): 28178 (JSC::JIT::emitSlow_op_call_eval): 28179 (JSC::JIT::emitSlow_op_call_varargs): 28180 (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a 28181 second time, now with 64 bits. 28182 28183 * jit/JITStubs.cpp: 28184 (JSC::throwExceptionFromOpCall): 28185 (JSC::jitCompileFor): 28186 (JSC::arityCheckFor): 28187 (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose: 28188 Exceptions thrown in the middle of a function call now use a shared helper 28189 function (throwExceptionFromOpCall). This function understands that the 28190 CallFrame currently points to the callEE, and the exception must be 28191 thrown by the callER. (The old calling convention would often still have 28192 the CallFrame pointing at the callER at the point of an exception. That 28193 is not the way of our new, standard calling convention.) 28194 28195 (JSC::op_call_eval): Finish standard CallFrame setup before calling 28196 our eval helper function, which now depends on that setup. 28197 28198 * runtime/Arguments.h: 28199 (JSC::Arguments::length): Renamed numProvidedArguments() to length() 28200 because that's what other objects call it, and the difference made our 28201 new loadVarargs helper function hard to read. 28202 28203 * runtime/Executable.cpp: 28204 (JSC::FunctionExecutable::compileForCallInternal): 28205 (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build 28206 fixes. 28207 28208 * runtime/FunctionPrototype.cpp: 28209 (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when 28210 the .apply call_varargs optimization fails. (This bug appears on layout 28211 tests when you disable the optimization.) 28212 282132011-11-11 Jer Noble <jer.noble@apple.com> 28214 28215 Implement MediaController. 28216 https://bugs.webkit.org/show_bug.cgi?id=71408 28217 28218 Reviewed by Eric Carlson. 28219 28220 Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as 28221 CoreAudioClock.h is not available there. 28222 28223 * wtf/Platform.h: 28224 282252011-11-14 Patrick Gansterer <paroga@webkit.org> 28226 28227 [WIN] Remove dependency on pthread from FastMalloc 28228 https://bugs.webkit.org/show_bug.cgi?id=72098 28229 28230 Reviewed by Adam Roben. 28231 28232 All pthread calls are already ported to native Windows calls. 28233 Use the native version for all OS(WINDOWS) to remove the 28234 runtime dependency on the pthread dll. 28235 28236 * wtf/FastMalloc.cpp: 28237 282382011-11-14 Simon Hausmann <simon.hausmann@nokia.com> 28239 28240 [Qt] Replace use of QApplication with QGuiApplication. 28241 28242 Reviewed by Tor Arne Vestbø. 28243 28244 * wtf/qt/compat/qguiapplication.h: 28245 (QGuiApplication::styleHints): Introduce styleHints wrapper hack. 28246 282472011-11-14 Carlos Garcia Campos <cgarcia@igalia.com> 28248 28249 Unreviewed. Fix make distcheck build. 28250 28251 * GNUmakefile.list.am: Add missing files. 28252 282532011-11-11 Yury Semikhatsky <yurys@chromium.org> 28254 28255 Web Inspector: function remote objetct should provide access to function position in the script 28256 https://bugs.webkit.org/show_bug.cgi?id=71808 28257 28258 Exposed accessor for function source code. 28259 28260 Reviewed by Pavel Feldman. 28261 28262 * JavaScriptCore.exp: 28263 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 28264 * runtime/JSFunction.cpp: 28265 (JSC::JSFunction::sourceCode): 28266 * runtime/JSFunction.h: 28267 282682011-11-13 Yuqiang Xian <yuqiang.xian@intel.com> 28269 28270 Fix silent spilling/filling GPRs in DFG 32_64 28271 https://bugs.webkit.org/show_bug.cgi?id=72201 28272 28273 Reviewed by Gavin Barraclough. 28274 28275 Current silentSpillGPR/silentFillGPR may not work as expected for some 28276 cases in 32_64. If there's a JSValue which was retained by two GPRs, 28277 we may end up failing to spill/fill some GPRs or redundantly 28278 spilling/filling some GPRs. For example, if we tend to exclude "eax" 28279 from spilling while a JSValue is retained by both "eax" and "edx", 28280 then "edx" won't be spilled as well (wrong). And if another JSValue is 28281 retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled 28282 twice. The similar problem applies to silentFillGPR. 28283 The fix is to make silentSpillGPR/silentFillGPR more straightforward, 28284 i.e., spilling/filling based on the GPR instead of the virtual 28285 register. FPR spilling/filling is also modified accordingly to make it 28286 consistent with GPR spilling/filling. 28287 28288 * dfg/DFGJITCodeGenerator.h: 28289 (JSC::DFG::JITCodeGenerator::silentSpillGPR): 28290 (JSC::DFG::JITCodeGenerator::silentSpillFPR): 28291 (JSC::DFG::JITCodeGenerator::silentFillGPR): 28292 (JSC::DFG::JITCodeGenerator::silentFillFPR): 28293 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): 28294 (JSC::DFG::JITCodeGenerator::silentFillAllRegisters): 28295 282962011-11-12 Laszlo Gombos <laszlo.1.gombos@nokia.com> 28297 28298 [Qt][Symbian] Remove support for WINSCW compiler 28299 https://bugs.webkit.org/show_bug.cgi?id=70178 28300 28301 Reviewed by Chang Shu. 28302 28303 * API/JSStringRef.h: 28304 * create_hash_table: Revert r45553. 28305 * runtime/JSGlobalData.cpp: Revert r45553. 28306 * runtime/LiteralParser.cpp: Remove WINSCW comment. 28307 (JSC::LiteralParser::Lexer::lexString): 28308 * runtime/Lookup.h: Revert r45553. 28309 * runtime/Structure.h: Revert r48461. 28310 * wtf/Alignment.h: 28311 * wtf/Assertions.h: Revert r52337. 28312 * wtf/Compiler.h: 28313 * wtf/ListRefPtr.h: Revert r48988. 28314 (WTF::ListRefPtr::~ListRefPtr): 28315 * wtf/OwnArrayPtr.h: Revert r45911. 28316 (WTF::OwnArrayPtr::operator UnspecifiedBoolType): 28317 * wtf/PassOwnArrayPtr.h: 28318 (WTF::PassOwnArrayPtr::operator UnspecifiedBoolType): 28319 * wtf/PassRefPtr.h: 28320 * wtf/StaticConstructors.h: 28321 * wtf/unicode/qt4/UnicodeQt4.h: 28322 283232011-11-12 Patrick Gansterer <paroga@webkit.org> 28324 28325 Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code. 28326 28327 * dfg/DFGCorrectableJumpPoint.cpp: 28328 * dfg/DFGCorrectableJumpPoint.h: 28329 283302011-11-12 Patrick Gansterer <paroga@webkit.org> 28331 28332 [CMake] Move list of DFG source files into correct file 28333 https://bugs.webkit.org/show_bug.cgi?id=72212 28334 28335 Reviewed by Daniel Bates. 28336 28337 The DFG files are platform independent. So move them from 28338 the EFL specific file into the general CMakeLists.txt. 28339 28340 * CMakeLists.txt: 28341 * PlatformEfl.cmake: 28342 283432011-11-12 Patrick Gansterer <paroga@webkit.org> 28344 28345 Fix "unused variable" warning in JSLock 28346 https://bugs.webkit.org/show_bug.cgi?id=72213 28347 28348 Reviewed by Anders Carlsson. 28349 28350 Use ASSERT_UNUSED() instead of ASSERT() to make sure 28351 that the variable is also used in the release build. 28352 28353 * runtime/JSLock.cpp: 28354 (JSC::JSLock::lock): 28355 (JSC::JSLock::unlock): 28356 283572011-11-11 Gavin Barraclough <barraclough@apple.com> 28358 28359 Update iOS compiler version. 28360 28361 Reviewed by David Kilzer. 28362 28363 * Configurations/CompilerVersion.xcconfig: 28364 - Update compiler version. 28365 283662011-11-11 Gavin Barraclough <barraclough@apple.com> 28367 28368 Update iOS port's configuration setting, particularly in Platform.h 28369 https://bugs.webkit.org/show_bug.cgi?id=72187 28370 28371 Reviewed by David Kilzer. 28372 28373 * interpreter/Interpreter.h: 28374 - Lower the reentry depth. 28375 * runtime/DatePrototype.cpp: 28376 - iOS also uses CF. 28377 * wtf/FastMalloc.cpp: 28378 (WTF::TCMalloc_PageHeap::IncrementalScavenge): 28379 - Update fastmalloc configuration for iOS. 28380 * wtf/OSAllocatorPosix.cpp: 28381 (WTF::OSAllocator::reserveAndCommit): 28382 - Added flag. 28383 * wtf/Platform.h: 28384 - Update platform configuration for iOS. 28385 283862011-11-11 David Kilzer <ddkilzer@apple.com> 28387 28388 Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X 28389 <http://webkit.org/b/72175> 28390 28391 Reviewed by Joseph Pecoraro. 28392 28393 * wtf/Platform.h: Move the definition of the BUILDING_ON_* and 28394 TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined 28395 so that they're only defined on Mac OS X builds. Also include 28396 Availability.h, which is needed on iOS builds. 28397 283982011-11-11 Darin Adler <darin@apple.com> 28399 28400 Remove all releaseRef implementations except for RetainPtr 28401 https://bugs.webkit.org/show_bug.cgi?id=71423 28402 28403 Reviewed by Julien Chaffraix. 28404 28405 * API/JSRetainPtr.h: Removed releaseRef. 28406 * wtf/PassRefPtr.h: Removed releaseRef. 28407 284082011-11-11 Darin Adler <darin@apple.com> 28409 28410 * JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file. 28411 If an older Xcode downgrades this file and we have a risk of some kind of 28412 oscillating commit situation, please contact me so I know not to do this again. 28413 284142011-11-11 Mark Hahnenberg <mhahnenberg@apple.com> 28415 28416 Add jsCast to replace static_cast 28417 https://bugs.webkit.org/show_bug.cgi?id=72071 28418 28419 Reviewed by Geoffrey Garen. 28420 28421 Added new jsCast and changed all of the static_cast sites in functions that 28422 are in the MethodTable to use jsCast instead. 28423 28424 * API/JSCallbackFunction.cpp: 28425 (JSC::JSCallbackFunction::toStringCallback): 28426 (JSC::JSCallbackFunction::valueOfCallback): 28427 * API/JSCallbackObject.h: 28428 (JSC::JSCallbackObject::visitChildren): 28429 * API/JSCallbackObjectFunctions.h: 28430 (JSC::::className): 28431 (JSC::::getOwnPropertySlot): 28432 (JSC::::getOwnPropertyDescriptor): 28433 (JSC::::put): 28434 (JSC::::deleteProperty): 28435 (JSC::::deletePropertyByIndex): 28436 (JSC::::getConstructData): 28437 (JSC::::hasInstance): 28438 (JSC::::getCallData): 28439 (JSC::::getOwnPropertyNames): 28440 * debugger/DebuggerActivation.cpp: 28441 (JSC::DebuggerActivation::visitChildren): 28442 (JSC::DebuggerActivation::className): 28443 (JSC::DebuggerActivation::getOwnPropertySlot): 28444 (JSC::DebuggerActivation::put): 28445 (JSC::DebuggerActivation::putWithAttributes): 28446 (JSC::DebuggerActivation::deleteProperty): 28447 (JSC::DebuggerActivation::getOwnPropertyNames): 28448 (JSC::DebuggerActivation::getOwnPropertyDescriptor): 28449 (JSC::DebuggerActivation::defineGetter): 28450 (JSC::DebuggerActivation::defineSetter): 28451 * runtime/Arguments.cpp: 28452 (JSC::Arguments::visitChildren): 28453 (JSC::Arguments::getOwnPropertySlotByIndex): 28454 (JSC::Arguments::getOwnPropertySlot): 28455 (JSC::Arguments::getOwnPropertyDescriptor): 28456 (JSC::Arguments::getOwnPropertyNames): 28457 (JSC::Arguments::putByIndex): 28458 (JSC::Arguments::put): 28459 (JSC::Arguments::deletePropertyByIndex): 28460 (JSC::Arguments::deleteProperty): 28461 * runtime/ArrayConstructor.cpp: 28462 (JSC::ArrayConstructor::getOwnPropertySlot): 28463 (JSC::ArrayConstructor::getOwnPropertyDescriptor): 28464 * runtime/ArrayPrototype.cpp: 28465 (JSC::ArrayPrototype::getOwnPropertySlot): 28466 (JSC::ArrayPrototype::getOwnPropertyDescriptor): 28467 * runtime/BooleanPrototype.cpp: 28468 (JSC::BooleanPrototype::getOwnPropertySlot): 28469 (JSC::BooleanPrototype::getOwnPropertyDescriptor): 28470 * runtime/DateConstructor.cpp: 28471 (JSC::DateConstructor::getOwnPropertySlot): 28472 (JSC::DateConstructor::getOwnPropertyDescriptor): 28473 * runtime/DatePrototype.cpp: 28474 (JSC::DatePrototype::getOwnPropertySlot): 28475 (JSC::DatePrototype::getOwnPropertyDescriptor): 28476 * runtime/ErrorPrototype.cpp: 28477 (JSC::ErrorPrototype::getOwnPropertySlot): 28478 (JSC::ErrorPrototype::getOwnPropertyDescriptor): 28479 * runtime/Executable.cpp: 28480 (JSC::ExecutableBase::clearCode): 28481 (JSC::EvalExecutable::visitChildren): 28482 (JSC::ProgramExecutable::visitChildren): 28483 (JSC::FunctionExecutable::visitChildren): 28484 * runtime/GetterSetter.cpp: 28485 (JSC::GetterSetter::visitChildren): 28486 * runtime/JSActivation.cpp: 28487 (JSC::JSActivation::visitChildren): 28488 (JSC::JSActivation::getOwnPropertyNames): 28489 (JSC::JSActivation::getOwnPropertySlot): 28490 (JSC::JSActivation::put): 28491 (JSC::JSActivation::putWithAttributes): 28492 * runtime/JSArray.cpp: 28493 (JSC::JSArray::getOwnPropertySlotByIndex): 28494 (JSC::JSArray::getOwnPropertySlot): 28495 (JSC::JSArray::getOwnPropertyDescriptor): 28496 (JSC::JSArray::put): 28497 (JSC::JSArray::putByIndex): 28498 (JSC::JSArray::deleteProperty): 28499 (JSC::JSArray::deletePropertyByIndex): 28500 (JSC::JSArray::getOwnPropertyNames): 28501 (JSC::JSArray::visitChildren): 28502 * runtime/JSBoundFunction.cpp: 28503 (JSC::JSBoundFunction::hasInstance): 28504 (JSC::JSBoundFunction::visitChildren): 28505 * runtime/JSByteArray.cpp: 28506 (JSC::JSByteArray::getOwnPropertySlot): 28507 (JSC::JSByteArray::getOwnPropertyDescriptor): 28508 (JSC::JSByteArray::getOwnPropertySlotByIndex): 28509 (JSC::JSByteArray::put): 28510 (JSC::JSByteArray::putByIndex): 28511 (JSC::JSByteArray::getOwnPropertyNames): 28512 * runtime/JSCell.h: 28513 (JSC::JSCell::visitChildren): 28514 (JSC::jsCast): 28515 * runtime/JSFunction.cpp: 28516 (JSC::JSFunction::visitChildren): 28517 (JSC::JSFunction::getCallData): 28518 (JSC::JSFunction::getOwnPropertySlot): 28519 (JSC::JSFunction::getOwnPropertyDescriptor): 28520 (JSC::JSFunction::getOwnPropertyNames): 28521 (JSC::JSFunction::put): 28522 (JSC::JSFunction::deleteProperty): 28523 (JSC::JSFunction::getConstructData): 28524 * runtime/JSGlobalData.cpp: 28525 (JSC::StackPreservingRecompiler::operator()): 28526 * runtime/JSGlobalObject.cpp: 28527 (JSC::JSGlobalObject::put): 28528 (JSC::JSGlobalObject::putWithAttributes): 28529 (JSC::JSGlobalObject::defineGetter): 28530 (JSC::JSGlobalObject::defineSetter): 28531 (JSC::JSGlobalObject::visitChildren): 28532 (JSC::JSGlobalObject::getOwnPropertySlot): 28533 (JSC::JSGlobalObject::getOwnPropertyDescriptor): 28534 (JSC::JSGlobalObject::clearRareData): 28535 * runtime/JSGlobalThis.cpp: 28536 (JSC::JSGlobalThis::visitChildren): 28537 * runtime/JSONObject.cpp: 28538 (JSC::JSONObject::getOwnPropertySlot): 28539 (JSC::JSONObject::getOwnPropertyDescriptor): 28540 * runtime/JSObject.cpp: 28541 (JSC::JSObject::finalize): 28542 (JSC::JSObject::visitChildren): 28543 (JSC::JSObject::getOwnPropertySlotByIndex): 28544 (JSC::JSObject::put): 28545 (JSC::JSObject::putByIndex): 28546 (JSC::JSObject::deleteProperty): 28547 (JSC::JSObject::deletePropertyByIndex): 28548 * runtime/JSObject.h: 28549 (JSC::JSObject::getOwnPropertySlot): 28550 * runtime/JSPropertyNameIterator.cpp: 28551 (JSC::JSPropertyNameIterator::visitChildren): 28552 * runtime/JSStaticScopeObject.cpp: 28553 (JSC::JSStaticScopeObject::visitChildren): 28554 (JSC::JSStaticScopeObject::put): 28555 (JSC::JSStaticScopeObject::putWithAttributes): 28556 (JSC::JSStaticScopeObject::getOwnPropertySlot): 28557 * runtime/JSString.cpp: 28558 (JSC::JSString::visitChildren): 28559 (JSC::JSString::toThisObject): 28560 (JSC::JSString::getOwnPropertySlot): 28561 (JSC::JSString::getOwnPropertySlotByIndex): 28562 * runtime/JSVariableObject.cpp: 28563 (JSC::JSVariableObject::deleteProperty): 28564 (JSC::JSVariableObject::getOwnPropertyNames): 28565 * runtime/JSWrapperObject.cpp: 28566 (JSC::JSWrapperObject::visitChildren): 28567 * runtime/MathObject.cpp: 28568 (JSC::MathObject::getOwnPropertySlot): 28569 (JSC::MathObject::getOwnPropertyDescriptor): 28570 * runtime/NativeErrorConstructor.cpp: 28571 (JSC::NativeErrorConstructor::visitChildren): 28572 * runtime/NumberConstructor.cpp: 28573 (JSC::NumberConstructor::getOwnPropertySlot): 28574 (JSC::NumberConstructor::getOwnPropertyDescriptor): 28575 * runtime/NumberPrototype.cpp: 28576 (JSC::NumberPrototype::getOwnPropertySlot): 28577 (JSC::NumberPrototype::getOwnPropertyDescriptor): 28578 * runtime/ObjectConstructor.cpp: 28579 (JSC::ObjectConstructor::getOwnPropertySlot): 28580 (JSC::ObjectConstructor::getOwnPropertyDescriptor): 28581 * runtime/ObjectPrototype.cpp: 28582 (JSC::ObjectPrototype::put): 28583 (JSC::ObjectPrototype::getOwnPropertySlotByIndex): 28584 (JSC::ObjectPrototype::getOwnPropertySlot): 28585 (JSC::ObjectPrototype::getOwnPropertyDescriptor): 28586 * runtime/RegExpConstructor.cpp: 28587 (JSC::RegExpConstructor::getOwnPropertySlot): 28588 (JSC::RegExpConstructor::getOwnPropertyDescriptor): 28589 (JSC::RegExpConstructor::put): 28590 * runtime/RegExpMatchesArray.h: 28591 (JSC::RegExpMatchesArray::getOwnPropertySlot): 28592 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): 28593 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): 28594 (JSC::RegExpMatchesArray::put): 28595 (JSC::RegExpMatchesArray::putByIndex): 28596 (JSC::RegExpMatchesArray::deleteProperty): 28597 (JSC::RegExpMatchesArray::deletePropertyByIndex): 28598 (JSC::RegExpMatchesArray::getOwnPropertyNames): 28599 * runtime/RegExpObject.cpp: 28600 (JSC::RegExpObject::visitChildren): 28601 (JSC::RegExpObject::getOwnPropertySlot): 28602 (JSC::RegExpObject::getOwnPropertyDescriptor): 28603 (JSC::RegExpObject::put): 28604 * runtime/RegExpPrototype.cpp: 28605 (JSC::RegExpPrototype::getOwnPropertySlot): 28606 (JSC::RegExpPrototype::getOwnPropertyDescriptor): 28607 * runtime/ScopeChain.cpp: 28608 (JSC::ScopeChainNode::visitChildren): 28609 * runtime/StringConstructor.cpp: 28610 (JSC::StringConstructor::getOwnPropertySlot): 28611 (JSC::StringConstructor::getOwnPropertyDescriptor): 28612 * runtime/StringObject.cpp: 28613 (JSC::StringObject::getOwnPropertySlot): 28614 (JSC::StringObject::getOwnPropertySlotByIndex): 28615 (JSC::StringObject::getOwnPropertyDescriptor): 28616 (JSC::StringObject::deleteProperty): 28617 (JSC::StringObject::getOwnPropertyNames): 28618 * runtime/StringPrototype.cpp: 28619 (JSC::StringPrototype::getOwnPropertySlot): 28620 (JSC::StringPrototype::getOwnPropertyDescriptor): 28621 * runtime/Structure.cpp: 28622 (JSC::Structure::visitChildren): 28623 * runtime/StructureChain.cpp: 28624 (JSC::StructureChain::visitChildren): 28625 286262011-11-11 Gavin Barraclough <barraclough@apple.com> 28627 28628 Enable DFG JIT for ARMv7/iOS. 28629 28630 Rubber stamped by Oliver Hunt. 28631 28632 * wtf/Platform.h: 28633 - enable DFG JIT for ARMv7/iOS. 28634 286352011-11-11 Mark Hahnenberg <mhahnenberg@apple.com> 28636 28637 De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject 28638 https://bugs.webkit.org/show_bug.cgi?id=72035 28639 28640 Reviewed by Geoffrey Garen. 28641 28642 De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses. 28643 28644 * JavaScriptCore.exp: 28645 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 28646 * bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable. 28647 (JSC::BytecodeGenerator::BytecodeGenerator): 28648 * interpreter/Interpreter.cpp: Ditto. 28649 (JSC::Interpreter::execute): 28650 * runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers. 28651 * runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table. 28652 (JSC::JSGlobalObject::JSGlobalObject): 28653 (JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers. 28654 (JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table. 28655 (JSC::JSGlobalObject::supportsRichSourceInfo): Ditto. 28656 (JSC::JSGlobalObject::shouldInterruptScript): Ditto. 28657 * runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup. 28658 (JSC::TimeoutChecker::didTimeOut): 28659 286602011-11-11 Mark Hahnenberg <mhahnenberg@apple.com> 28661 28662 De-virtualize JSGlobalObject::allowsAccessFrom 28663 https://bugs.webkit.org/show_bug.cgi?id=71969 28664 28665 Reviewed by Darin Adler. 28666 28667 * runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to 28668 JSDOMWindowBase and WebScriptObject. 28669 286702011-11-11 Sheriff Bot <webkit.review.bot@gmail.com> 28671 28672 Unreviewed, rolling out r99950. 28673 http://trac.webkit.org/changeset/99950 28674 https://bugs.webkit.org/show_bug.cgi?id=72117 28675 28676 "Landed wrong patch by mistake" (Requested by yurys on 28677 #webkit). 28678 28679 * JavaScriptCore.exp: 28680 * runtime/JSFunction.cpp: 28681 * runtime/JSFunction.h: 28682 286832011-11-11 Patrick Gansterer <paroga@webkit.org> 28684 28685 Unreviewed. Build fix for !ENABLE(JIT) after r99898. 28686 28687 * bytecode/CodeBlock.cpp: 28688 (JSC::CodeBlock::CodeBlock): 28689 286902011-11-10 Dan Bernstein <mitz@apple.com> 28691 28692 Disabling assertions breaks the debug build 28693 https://bugs.webkit.org/show_bug.cgi?id=72091 28694 28695 Reviewed by Geoff Garen. 28696 28697 * dfg/DFGNode.h: Made hasIdentifier() available when assertions are 28698 disabled. It is used in Graph::dump(). 28699 * runtime/JSObject.cpp: 28700 (JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation 28701 only if assertions are enabled. 28702 * wtf/Deque.h: 28703 (WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED. 28704 * wtf/ThreadRestrictionVerifier.h: 28705 (WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of 28706 a local variable that is only used in an assertion. 28707 287082011-11-10 Filip Pizlo <fpizlo@apple.com> 28709 28710 JSString forgets to clear m_fibers when resolving ropes 28711 https://bugs.webkit.org/show_bug.cgi?id=72089 28712 28713 Reviewed by Geoff Garen. 28714 28715 * runtime/JSString.cpp: 28716 (JSC::JSString::resolveRopeSlowCase): 28717 287182011-11-09 Filip Pizlo <fpizlo@apple.com> 28719 28720 DFG byte array support sometimes clamps values incorrectly 28721 https://bugs.webkit.org/show_bug.cgi?id=71975 28722 28723 Reviewed by Oliver Hunt. 28724 28725 * dfg/DFGSpeculativeJIT.cpp: 28726 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 28727 287282011-11-10 Filip Pizlo <fpizlo@apple.com> 28729 28730 ValueProfile/PredictedType contains dead code, and doesn't recognize functions 28731 https://bugs.webkit.org/show_bug.cgi?id=72065 28732 28733 Reviewed by Gavin Barraclough and Geoff Garen. 28734 28735 Added PredictFunction support, and did some cleaning up along the way. 28736 ValueProfile no longer has statistics machinery, because we never used 28737 it. Rearranged some bits in PredictedType to more easily make room for 28738 one more object type. Changed some debug code to use more consistent 28739 conventions (ByteArray becomes Bytearray so that if we ever have a 28740 "Byte" prediction we don't get confused between a prediction that is 28741 the union of Byte and Array and a prediction that indicates precisely 28742 a ByteArray). 28743 28744 * bytecode/PredictedType.cpp: 28745 (JSC::predictionToString): 28746 (JSC::predictionFromClassInfo): 28747 * bytecode/PredictedType.h: 28748 (JSC::isFunctionPrediction): 28749 * bytecode/ValueProfile.cpp: 28750 * bytecode/ValueProfile.h: 28751 (JSC::ValueProfile::dump): 28752 * dfg/DFGAbstractState.cpp: 28753 (JSC::DFG::AbstractState::execute): 28754 * dfg/DFGPropagator.cpp: 28755 (JSC::DFG::Propagator::propagateNodePredictions): 28756 287572011-11-10 David Kilzer <ddkilzer@apple.com> 28758 28759 <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR 28760 28761 Reviewed by Joseph Pecoraro. 28762 28763 * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js 28764 script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath 28765 for installation. Also removed "Versions/A/" from the path 28766 since this is unneeded due the default symlinks present in the 28767 framework. 28768 287692011-11-10 Gavin Barraclough <barraclough@apple.com> 28770 28771 Add ARMv7 support to the DFG JIT 28772 https://bugs.webkit.org/show_bug.cgi?id=72061 28773 28774 Reviewed by Geoff Garen. 28775 28776 * dfg/DFGAssemblyHelpers.h: 28777 (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall): 28778 (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): 28779 (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader): 28780 (JSC::DFG::AssemblyHelpers::boxDouble): 28781 (JSC::DFG::AssemblyHelpers::unboxDouble): 28782 - Add CPU(ARM) copies of these functions. 28783 * dfg/DFGJITCodeGenerator.h: 28784 (JSC::DFG::JITCodeGenerator::spill): 28785 - Fix matching of '}' re #if blocks, makes some tools happy. 28786 (JSC::DFG::JITCodeGenerator::setupArguments): 28787 (JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState): 28788 (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult): 28789 (JSC::DFG::JITCodeGenerator::appendCallSetResult): 28790 - Add CPU(ARM) / 4 argument register copies of these functions. 28791 * dfg/DFGJITCodeGenerator32_64.cpp: 28792 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 28793 - Should use callOperation to plant a call to a DFG_OPERATION. 28794 (JSC::DFG::JITCodeGenerator::cachedGetById): 28795 (JSC::DFG::JITCodeGenerator::cachedPutById): 28796 - These methods need to plant a relinkable jump; we currently do so 28797 using beginUninterruptedSequence() / endUninterruptedSequence(). 28798 * dfg/DFGJITCodeGenerator64.cpp: 28799 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 28800 - Should use callOperation to plant a call to a DFG_OPERATION. 28801 * dfg/DFGJITCompiler.cpp: 28802 (JSC::DFG::JITCompiler::linkOSRExits): 28803 - This method needs to plant a relinkable jump; we currently do so 28804 using beginUninterruptedSequence() / endUninterruptedSequence(). 28805 (JSC::DFG::JITCompiler::compileBody): 28806 - Add abstraction to retrieve the pc after a call. 28807 * dfg/DFGOSRExitCompiler.cpp: 28808 - Fix a bug - CodeLocationLabel needs a data address rather than an 28809 executable one, but can just take a MacroAssemblerCodePtr instead! 28810 * dfg/DFGOperations.cpp: 28811 * dfg/DFGSpeculativeJIT.cpp: 28812 (JSC::DFG::compileClampDoubleToByte): 28813 - Add FIXME comment to come back to! - bug#72054. 28814 * dfg/DFGSpeculativeJIT.h: 28815 (JSC::DFG::SpeculativeJIT::speculationCheck): 28816 - Add missing method (ooops, required by bug#72047) 28817 * dfg/DFGSpeculativeJIT32_64.cpp: 28818 - Need to wrap fmod on ARMv7. 28819 28820 288212011-11-10 Filip Pizlo <fpizlo@apple.com> 28822 28823 DFG should not reparse code that was just parsed 28824 https://bugs.webkit.org/show_bug.cgi?id=71977 28825 28826 Reviewed by Geoff Garen. 28827 28828 The instruction stream of a code block is now kept around until 28829 the next GC. When doing either an optimizing compilation of an 28830 executable, or inlining of an executable, we now try to find the 28831 already preexisting bytecode. If we find it, we don't have to parse. 28832 If we don't find it, we parse as before. Inlining takes the extra 28833 step of caching code blocks, so if the same executable gets inlined 28834 multiple times into the same caller, then we parse it at most once 28835 even if prior to inlining that executable did not have any code 28836 blocks with an instruction stream. 28837 28838 Also fixed a silly bug where the strict mode for various operations 28839 was being determined by looking at the machine code block rather 28840 than the inlinee. 28841 28842 To enable the delete-on-next-GC policy, I introduced the notion 28843 of an ultra weak finalizer, which anyone can register during 28844 tracing. This is thread-safe (for parallel GC) and 28845 stop-the-world-safe (so calls to free() are postponed until the 28846 world is resumed). This required reusing some facilities previously 28847 created for WeakReferenceHarvester, so I created a common utility 28848 class. I also retweaked the handling of WeakReferenceHarvesters, 28849 since they should be executed during stop-the-world since in the 28850 future we may want to allow them to call drain(). 28851 28852 2% win on SunSpider. 2% win on V8, when run in my harness. Neutral 28853 elsewhere. 28854 28855 * JavaScriptCore.xcodeproj/project.pbxproj: 28856 * bytecode/CodeBlock.cpp: 28857 (JSC::CodeBlock::CodeBlock): 28858 (JSC::CodeBlock::visitAggregate): 28859 (JSC::CodeBlock::copyPostParseDataFrom): 28860 (JSC::CodeBlock::copyPostParseDataFromAlternative): 28861 (JSC::CodeBlock::finalizeUnconditionally): 28862 * bytecode/CodeBlock.h: 28863 (JSC::CodeBlock::canProduceCopyWithBytecode): 28864 (JSC::CodeBlock::discardBytecodeLater): 28865 (JSC::CodeBlock::handleBytecodeDiscardingOpportunity): 28866 (JSC::GlobalCodeBlock::GlobalCodeBlock): 28867 (JSC::ProgramCodeBlock::ProgramCodeBlock): 28868 (JSC::EvalCodeBlock::EvalCodeBlock): 28869 (JSC::FunctionCodeBlock::FunctionCodeBlock): 28870 (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker): 28871 (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker): 28872 * dfg/DFGAssemblyHelpers.h: 28873 (JSC::DFG::AssemblyHelpers::strictModeFor): 28874 * dfg/DFGByteCodeCache.h: Added. 28875 (JSC::DFG::CodeBlockKey::CodeBlockKey): 28876 (JSC::DFG::CodeBlockKey::operator==): 28877 (JSC::DFG::CodeBlockKey::hash): 28878 (JSC::DFG::CodeBlockKey::executable): 28879 (JSC::DFG::CodeBlockKey::kind): 28880 (JSC::DFG::CodeBlockKey::isHashTableDeletedValue): 28881 (JSC::DFG::CodeBlockKeyHash::hash): 28882 (JSC::DFG::CodeBlockKeyHash::equal): 28883 (JSC::DFG::ByteCodeCache::ByteCodeCache): 28884 (JSC::DFG::ByteCodeCache::~ByteCodeCache): 28885 (JSC::DFG::ByteCodeCache::get): 28886 * dfg/DFGByteCodeParser.cpp: 28887 (JSC::DFG::ByteCodeParser::handleInlining): 28888 * dfg/DFGJITCodeGenerator32_64.cpp: 28889 (JSC::DFG::JITCodeGenerator::cachedPutById): 28890 * dfg/DFGJITCodeGenerator64.cpp: 28891 (JSC::DFG::JITCodeGenerator::cachedPutById): 28892 * dfg/DFGSpeculativeJIT64.cpp: 28893 (JSC::DFG::SpeculativeJIT::compile): 28894 * heap/Heap.cpp: 28895 (JSC::Heap::finalizeUnconditionally): 28896 (JSC::Heap::markRoots): 28897 (JSC::Heap::collect): 28898 * heap/Heap.h: 28899 * heap/ListableHandler.h: Added. 28900 (JSC::ListableHandler::ListableHandler): 28901 (JSC::ListableHandler::~ListableHandler): 28902 (JSC::ListableHandler::List::List): 28903 (JSC::ListableHandler::List::addNotThreadSafe): 28904 (JSC::ListableHandler::List::addThreadSafe): 28905 (JSC::ListableHandler::List::hasNext): 28906 (JSC::ListableHandler::List::removeNext): 28907 * heap/MarkStack.cpp: 28908 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): 28909 (JSC::SlotVisitor::harvestWeakReferences): 28910 (JSC::SlotVisitor::finalizeUnconditionally): 28911 * heap/MarkStack.h: 28912 (JSC::MarkStack::addWeakReferenceHarvester): 28913 (JSC::MarkStack::addUnconditionalFinalizer): 28914 * heap/SlotVisitor.h: 28915 * heap/UnconditionalFinalizer.h: Added. 28916 (JSC::UnconditionalFinalizer::~UnconditionalFinalizer): 28917 * heap/WeakReferenceHarvester.h: 28918 (JSC::WeakReferenceHarvester::WeakReferenceHarvester): 28919 (JSC::WeakReferenceHarvester::~WeakReferenceHarvester): 28920 * runtime/Executable.cpp: 28921 (JSC::EvalExecutable::compileInternal): 28922 (JSC::ProgramExecutable::compileInternal): 28923 (JSC::FunctionExecutable::baselineCodeBlockFor): 28924 (JSC::FunctionExecutable::codeBlockWithBytecodeFor): 28925 (JSC::FunctionExecutable::produceCodeBlockFor): 28926 (JSC::FunctionExecutable::compileForCallInternal): 28927 (JSC::FunctionExecutable::compileForConstructInternal): 28928 * runtime/Executable.h: 28929 (JSC::FunctionExecutable::profiledCodeBlockFor): 28930 289312011-11-10 Gavin Barraclough <barraclough@apple.com> 28932 28933 Add ARMv7 register info for the DFG JIT 28934 https://bugs.webkit.org/show_bug.cgi?id=72050 28935 28936 Reviewed by Geoff Garen. 28937 28938 * dfg/DFGFPRInfo.h: 28939 (JSC::DFG::FPRInfo::toRegister): 28940 (JSC::DFG::FPRInfo::toIndex): 28941 (JSC::DFG::FPRInfo::debugName): 28942 * dfg/DFGGPRInfo.h: 28943 (JSC::DFG::GPRInfo::toRegister): 28944 (JSC::DFG::GPRInfo::toIndex): 28945 (JSC::DFG::GPRInfo::debugName): 28946 289472011-11-10 Gavin Barraclough <barraclough@apple.com> 28948 28949 #ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64 28950 https://bugs.webkit.org/show_bug.cgi?id=72047 28951 28952 Reviewed by Geoff Garen. 28953 28954 We currently don't attempt to abstract divide through the macro assembler, 28955 due to these instructions commonly having specific requirements. This means 28956 there is architecture specific code in the JIT - #ifdef it, and provide a 28957 common implementation. 28958 28959 * dfg/DFGSpeculativeJIT32_64.cpp: 28960 (JSC::DFG::fmodAsDFGOperation): 28961 (JSC::DFG::SpeculativeJIT::compile): 28962 289632011-11-10 Gavin Barraclough <barraclough@apple.com> 28964 28965 Add ENABLE_VALUE_PROFILER support for ARMv7 28966 https://bugs.webkit.org/show_bug.cgi?id=72043 28967 28968 Reviewed by Geoff Garen. 28969 28970 This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code. 28971 28972 * jit/JITArithmetic32_64.cpp: 28973 (JSC::JIT::emitSlow_op_mod): 28974 - cleanup location of UNUSED_PARAM 28975 * jit/JITStubs.cpp: 28976 (JSC::ctiTrampoline): 28977 (JSC::ctiVMThrowTrampoline): 28978 (JSC::ctiOpThrowNotCaught): 28979 (JSC::JITThunks::JITThunks): 28980 * jit/JITStubs.h: 28981 - Update JITStackFrame structure & asm code to spill more registers. 28982 * jit/JSInterfaceJIT.h: 28983 - Assign a bucketCounterRegister. 28984 289852011-11-10 Gavin Barraclough <barraclough@apple.com> 28986 28987 Fix sampling counters on ARMv7, move add64 functionality to macro assembler 28988 https://bugs.webkit.org/show_bug.cgi?id=72040 28989 28990 Reviewed by Geoff Garen. 28991 28992 The ability to add an integer to a uint64_t in memory is poorly copied in 28993 multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly 28994 designed interface since add32 is not required to set flags (we have no 28995 concept of flags in the macro assembler interface). 28996 28997 * assembler/MacroAssemblerARMv7.h: 28998 (JSC::MacroAssemblerARMv7::add64): 28999 * assembler/MacroAssemblerX86.h: 29000 (JSC::MacroAssemblerX86::add64): 29001 * assembler/MacroAssemblerX86_64.h: 29002 (JSC::MacroAssemblerX86_64::add64): 29003 * dfg/DFGAssemblyHelpers.cpp: 29004 * dfg/DFGAssemblyHelpers.h: 29005 (JSC::DFG::AssemblyHelpers::emitCount): 29006 * dfg/DFGJITCodeGenerator.cpp: 29007 (JSC::DFG::JITCodeGenerator::writeBarrier): 29008 * jit/JIT.h: 29009 * jit/JITInlineMethods.h: 29010 (JSC::JIT::emitCount): 29011 29012011-11-10 Ryuan Choi <ryuan.choi@samsung.com> 29013 29014 [CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake 29015 https://bugs.webkit.org/show_bug.cgi?id=56705 29016 29017 Reviewed by Adam Roben. 29018 29019 * CMakeLists.txt: 29020 * PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt. 29021 * PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt. 29022 * shell/CMakeLists.txt: 29023 * shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt. 29024 * shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt. 29025 * wtf/CMakeLists.txt: 29026 * wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt. 29027 * wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt. 29028 290292011-11-10 Carlos Garcia Campos <cgarcia@igalia.com> 29030 29031 Unreviewed. Fix make distcheck build. 29032 29033 * GNUmakefile.list.am: Add missing files. 29034 290352011-11-09 Michael Saboff <msaboff@apple.com> 29036 29037 Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type 29038 https://bugs.webkit.org/show_bug.cgi?id=71862 29039 29040 Changed LiteralParser to be templatized of character type. 29041 29042 Moved five enums out of class definition to work around a clang compiler defect. 29043 29044 Added lexIdentifier templated method to break out character specific versions. 29045 Added static setParserTokenString templated method to handle setting approriately 29046 sized string pointer. 29047 29048 To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two 29049 flavors of LiteralParser are explicitly instantiated at the end of 29050 LiteralParser.cpp. 29051 29052 Reviewed by Oliver Hunt. 29053 29054 * API/JSValueRef.cpp: 29055 (JSValueMakeFromJSONString): 29056 * JavaScriptCore.exp: 29057 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 29058 * interpreter/Interpreter.cpp: 29059 (JSC::Interpreter::callEval): 29060 (JSC::Interpreter::execute): 29061 * runtime/JSGlobalObjectFunctions.cpp: 29062 (JSC::globalFuncEval): 29063 * runtime/JSONObject.cpp: 29064 (JSC::JSONProtoFuncParse): 29065 * runtime/LiteralParser.cpp: 29066 (JSC::isJSONWhiteSpace): 29067 (JSC::::tryJSONPParse): 29068 (JSC::::makeIdentifier): 29069 (JSC::::Lexer::lex): 29070 (JSC::::Lexer::lexIdentifier): 29071 (JSC::::Lexer::next): 29072 (JSC::LChar): 29073 (JSC::UChar): 29074 (JSC::isSafeStringCharacter): 29075 (JSC::::Lexer::lexString): 29076 (JSC::::Lexer::lexNumber): 29077 (JSC::::parse): 29078 * runtime/LiteralParser.h: 29079 (JSC::LiteralParser::LiteralParser): 29080 (JSC::LiteralParser::getErrorMessage): 29081 (JSC::LiteralParser::tryLiteralParse): 29082 (JSC::LiteralParser::Lexer::Lexer): 29083 (JSC::LiteralParser::Lexer::currentToken): 29084 (JSC::LiteralParser::Lexer::getErrorMessage): 29085 * runtime/UString.h: 29086 (JSC::LChar): 29087 (JSC::UChar): 29088 * wtf/text/StringBuilder.cpp: 29089 (WTF::StringBuilder::append): 29090 * wtf/text/StringBuilder.h: 29091 (WTF::StringBuilder::append): 29092 290932011-11-09 Filip Pizlo <fpizlo@apple.com> 29094 29095 Multiple CodeBlock should be able to share the same instruction 29096 stream without copying 29097 https://bugs.webkit.org/show_bug.cgi?id=71978 29098 29099 Reviewed by Oliver Hunt. 29100 29101 This refactors CodeBlock::m_instructions to be a Vector boxed in a 29102 ref-counted object, but otherwise does not take advantage of this. 29103 29104 This is performance neutral. 29105 29106 * bytecode/CodeBlock.cpp: 29107 (JSC::CodeBlock::printStructure): 29108 (JSC::CodeBlock::printStructures): 29109 (JSC::CodeBlock::dump): 29110 (JSC::CodeBlock::CodeBlock): 29111 (JSC::CodeBlock::visitAggregate): 29112 (JSC::CodeBlock::shrinkToFit): 29113 * bytecode/CodeBlock.h: 29114 (JSC::CodeBlock::hasInstructions): 29115 (JSC::CodeBlock::numberOfInstructions): 29116 (JSC::CodeBlock::instructions): 29117 * jit/JIT.cpp: 29118 (JSC::JIT::JIT): 29119 291202011-11-09 Gavin Barraclough <barraclough@apple.com> 29121 29122 Renovate ARMv7 assembler/macro-assembler 29123 https://bugs.webkit.org/show_bug.cgi?id=71982 29124 29125 Reviewed by Geoff Garen. 29126 29127 ARMv7Assembler: 29128 * add support for strb (byte stores) 29129 * rename the VMOV_CtoS opcodes (there are currently backwards!) 29130 * add support for adc (add with carry) 29131 * add support for vsqrt, vabs 29132 * add support for vmov (between FPRs, and to/from GPR pairs). 29133 * remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures). 29134 * rename vcvt_F64_S32 to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32). 29135 * rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates). 29136 29137 MacroAssemblerARMv7: 29138 * add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32, 29139 * add store8, and store32 imm to base-index. 29140 * fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code). 29141 * Update supportsFloating* flags (all features now supported). 29142 * add moveDouble, storeDouble to absolute address, addDouble to absolute address 29143 * add 3-operand double operations. 29144 * implement sqrtDouble/absDouble 29145 * add branchTruncateDoubleToInt32, implement truncateDoubleToInt32 29146 * move should do nothing if src == dest 29147 * branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed). 29148 * add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address. 29149 291502011-11-09 Gavin Barraclough <barraclough@apple.com> 29151 29152 https://bugs.webkit.org/show_bug.cgi?id=71873 29153 29154 Reviewed by Geoff Garen. 29155 29156 Incrementally re-landing these changes, trying to determine what went wrong. 29157 (The whole patch failed tests on the build bot but worked locally. 29158 29159 * dfg/DFGByteCodeParser.cpp: 29160 (JSC::DFG::ByteCodeParser::handleIntrinsic): 29161 291622011-11-09 Filip Pizlo <fpizlo@apple.com> 29163 29164 DFG OSR exit code should be lazily generated 29165 https://bugs.webkit.org/show_bug.cgi?id=71744 29166 29167 Reviewed by Gavin Barraclough. 29168 29169 The OSR exit code is now generated the first time it is executed, 29170 rather than right after speculative compilation. Because most OSR 29171 exits are never taken, this should greatly reduce both code size 29172 and compilation time. 29173 29174 This is a 1% win on SunSpider, and a 1% win on V8 when running in 29175 my harness. No change in V8 in V8's harness (due to the long runs, 29176 so compile time is not an issue) and no change in Kraken (again, 29177 long runs of small code so compile time has no measurable effect). 29178 29179 * CMakeListsEfl.txt: 29180 * GNUmakefile.list.am: 29181 * JavaScriptCore.xcodeproj/project.pbxproj: 29182 * Target.pri: 29183 * assembler/AbstractMacroAssembler.h: 29184 * assembler/MacroAssemblerX86.h: 29185 (JSC::MacroAssemblerX86::jump): 29186 * assembler/MacroAssemblerX86_64.h: 29187 (JSC::MacroAssemblerX86_64::jump): 29188 * assembler/X86Assembler.h: 29189 (JSC::X86Assembler::jmp_m): 29190 * bytecode/CodeBlock.h: 29191 (JSC::CodeBlock::createDFGDataIfNecessary): 29192 (JSC::CodeBlock::appendDFGOSREntryData): 29193 (JSC::CodeBlock::numberOfDFGOSREntries): 29194 (JSC::CodeBlock::dfgOSREntryData): 29195 (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex): 29196 (JSC::CodeBlock::appendOSRExit): 29197 (JSC::CodeBlock::appendSpeculationRecovery): 29198 (JSC::CodeBlock::numberOfOSRExits): 29199 (JSC::CodeBlock::numberOfSpeculationRecoveries): 29200 (JSC::CodeBlock::osrExit): 29201 (JSC::CodeBlock::speculationRecovery): 29202 * dfg/DFGAssemblyHelpers.h: 29203 (JSC::DFG::AssemblyHelpers::debugCall): 29204 * dfg/DFGCorrectableJumpPoint.cpp: Added. 29205 (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch): 29206 * dfg/DFGCorrectableJumpPoint.h: Added. 29207 (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint): 29208 (JSC::DFG::CorrectableJumpPoint::switchToLateJump): 29209 (JSC::DFG::CorrectableJumpPoint::correctInitialJump): 29210 (JSC::DFG::CorrectableJumpPoint::correctLateJump): 29211 (JSC::DFG::CorrectableJumpPoint::initialJump): 29212 (JSC::DFG::CorrectableJumpPoint::lateJump): 29213 (JSC::DFG::CorrectableJumpPoint::correctJump): 29214 (JSC::DFG::CorrectableJumpPoint::getJump): 29215 * dfg/DFGJITCompiler.cpp: 29216 (JSC::DFG::JITCompiler::linkOSRExits): 29217 (JSC::DFG::JITCompiler::compileBody): 29218 (JSC::DFG::JITCompiler::link): 29219 * dfg/DFGJITCompiler.h: 29220 * dfg/DFGOSRExit.cpp: Added. 29221 (JSC::DFG::OSRExit::OSRExit): 29222 (JSC::DFG::OSRExit::dump): 29223 * dfg/DFGOSRExit.h: 29224 * dfg/DFGOSRExitCompiler.cpp: Added. 29225 * dfg/DFGOSRExitCompiler.h: 29226 * dfg/DFGOSRExitCompiler32_64.cpp: 29227 (JSC::DFG::OSRExitCompiler::compileExit): 29228 * dfg/DFGOSRExitCompiler64.cpp: 29229 (JSC::DFG::OSRExitCompiler::compileExit): 29230 * dfg/DFGOperations.cpp: 29231 * dfg/DFGSpeculativeJIT.cpp: 29232 * dfg/DFGSpeculativeJIT.h: 29233 (JSC::DFG::SpeculativeJIT::speculationCheck): 29234 * dfg/DFGThunks.cpp: Added. 29235 (JSC::DFG::osrExitGenerationThunkGenerator): 29236 * dfg/DFGThunks.h: Added. 29237 * jit/JITCode.h: 29238 (JSC::JITCode::dataAddressAtOffset): 29239 * runtime/JSGlobalData.h: 29240 292412011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> 29242 29243 Fixing build breakage 29244 29245 Unreviewed build fix 29246 29247 * JavaScriptCore.exp: 29248 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 29249 292502011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> 29251 29252 De-virtualize JSVariableObject::isDynamicScope 29253 https://bugs.webkit.org/show_bug.cgi?id=71933 29254 29255 Reviewed by Geoffrey Garen. 29256 29257 * runtime/JSActivation.cpp: 29258 * runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope 29259 (JSC::JSActivation::isDynamicScope): 29260 * runtime/JSGlobalObject.cpp: 29261 * runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope 29262 (JSC::JSGlobalObject::isDynamicScope): 29263 * runtime/JSStaticScopeObject.cpp: 29264 * runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope 29265 (JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType 29266 (JSC::JSStaticScopeObject::isDynamicScope): 29267 * runtime/JSType.h: Added new type for JSStaticScopeObject 29268 * runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the 29269 object's type and calls the corresponding implementation. 29270 (JSC::JSVariableObject::isDynamicScope): 29271 * runtime/JSVariableObject.h: 29272 292732011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> 29274 29275 De-virtualize JSGlobalObject::hasOwnPropertyForWrite 29276 https://bugs.webkit.org/show_bug.cgi?id=71934 29277 29278 Reviewed by Geoffrey Garen. 29279 29280 * runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it. 29281 292822011-11-09 Gavin Barraclough <barraclough@apple.com> 29283 29284 https://bugs.webkit.org/show_bug.cgi?id=71873 29285 29286 Reviewed by Geoff Garen. 29287 29288 Incrementally re-landing these changes, trying to determine what went wrong. 29289 (The whole patch failed tests on the build bot but worked locally. 29290 29291 * assembler/MacroAssemblerARM.h: 29292 (JSC::MacroAssemblerARM::absDouble): 29293 * assembler/MacroAssemblerARMv7.h: 29294 * assembler/MacroAssemblerMIPS.h: 29295 (JSC::MacroAssemblerMIPS::absDouble): 29296 * assembler/MacroAssemblerSH4.h: 29297 (JSC::MacroAssemblerSH4::absDouble): 29298 * assembler/MacroAssemblerX86.h: 29299 (JSC::MacroAssemblerX86::absDouble): 29300 * assembler/MacroAssemblerX86Common.h: 29301 * assembler/MacroAssemblerX86_64.h: 29302 (JSC::MacroAssemblerX86_64::absDouble): 29303 * dfg/DFGSpeculativeJIT32_64.cpp: 29304 (JSC::DFG::SpeculativeJIT::compile): 29305 * dfg/DFGSpeculativeJIT64.cpp: 29306 (JSC::DFG::SpeculativeJIT::compile): 29307 * jit/ThunkGenerators.cpp: 29308 (JSC::absThunkGenerator): 29309 293102011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> 29311 29312 De-virtualize JSObject::getOwnPropertyDescriptor 29313 https://bugs.webkit.org/show_bug.cgi?id=71523 29314 29315 Reviewed by Sam Weinig. 29316 29317 Added getOwnPropertyDescriptor to the MethodTable, changed all of the 29318 virtual versions of getOwnPropertyDescriptor to static ones, and 29319 changed all of the call sites to the corresponding lookup in the MethodTable. 29320 29321 * API/JSCallbackObject.h: 29322 * API/JSCallbackObjectFunctions.h: 29323 (JSC::::getOwnPropertyDescriptor): 29324 * JavaScriptCore.exp: 29325 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 29326 * debugger/DebuggerActivation.cpp: 29327 (JSC::DebuggerActivation::getOwnPropertyDescriptor): 29328 * debugger/DebuggerActivation.h: 29329 * runtime/Arguments.cpp: 29330 (JSC::Arguments::getOwnPropertyDescriptor): 29331 * runtime/Arguments.h: 29332 * runtime/ArrayConstructor.cpp: 29333 (JSC::ArrayConstructor::getOwnPropertyDescriptor): 29334 * runtime/ArrayConstructor.h: 29335 * runtime/ArrayPrototype.cpp: 29336 (JSC::ArrayPrototype::getOwnPropertyDescriptor): 29337 * runtime/ArrayPrototype.h: 29338 * runtime/BooleanPrototype.cpp: 29339 (JSC::BooleanPrototype::getOwnPropertyDescriptor): 29340 * runtime/BooleanPrototype.h: 29341 * runtime/ClassInfo.h: 29342 * runtime/DateConstructor.cpp: 29343 (JSC::DateConstructor::getOwnPropertyDescriptor): 29344 * runtime/DateConstructor.h: 29345 * runtime/DatePrototype.cpp: 29346 (JSC::DatePrototype::getOwnPropertyDescriptor): 29347 * runtime/DatePrototype.h: 29348 * runtime/ErrorPrototype.cpp: 29349 (JSC::ErrorPrototype::getOwnPropertyDescriptor): 29350 * runtime/ErrorPrototype.h: 29351 * runtime/JSArray.cpp: 29352 (JSC::JSArray::getOwnPropertyDescriptor): 29353 * runtime/JSArray.h: 29354 * runtime/JSByteArray.cpp: 29355 (JSC::JSByteArray::getOwnPropertyDescriptor): 29356 * runtime/JSByteArray.h: 29357 * runtime/JSCell.cpp: 29358 (JSC::JSCell::getOwnPropertyDescriptor): 29359 * runtime/JSCell.h: 29360 * runtime/JSFunction.cpp: 29361 (JSC::JSFunction::getOwnPropertyDescriptor): 29362 * runtime/JSFunction.h: 29363 * runtime/JSGlobalObject.cpp: 29364 (JSC::JSGlobalObject::getOwnPropertyDescriptor): 29365 * runtime/JSGlobalObject.h: 29366 * runtime/JSNotAnObject.cpp: 29367 (JSC::JSNotAnObject::getOwnPropertyDescriptor): 29368 * runtime/JSNotAnObject.h: 29369 * runtime/JSONObject.cpp: 29370 (JSC::JSONObject::getOwnPropertyDescriptor): 29371 * runtime/JSONObject.h: 29372 * runtime/JSObject.cpp: 29373 (JSC::JSObject::vtableAnchor): 29374 (JSC::JSObject::propertyIsEnumerable): 29375 (JSC::JSObject::getOwnPropertyDescriptor): 29376 (JSC::JSObject::getPropertyDescriptor): 29377 (JSC::JSObject::defineOwnProperty): 29378 * runtime/JSObject.h: 29379 * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a 29380 bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject. There were 29381 no call sites for this version of getOwnPropertyDescriptor in the entire project. 29382 * runtime/JSString.h: 29383 * runtime/Lookup.h: 29384 (JSC::getStaticPropertyDescriptor): 29385 (JSC::getStaticFunctionDescriptor): 29386 (JSC::getStaticValueDescriptor): 29387 * runtime/MathObject.cpp: 29388 (JSC::MathObject::getOwnPropertyDescriptor): 29389 * runtime/MathObject.h: 29390 * runtime/NumberConstructor.cpp: 29391 (JSC::NumberConstructor::getOwnPropertyDescriptor): 29392 * runtime/NumberConstructor.h: 29393 * runtime/NumberPrototype.cpp: 29394 (JSC::NumberPrototype::getOwnPropertyDescriptor): 29395 * runtime/NumberPrototype.h: 29396 * runtime/ObjectConstructor.cpp: 29397 (JSC::ObjectConstructor::getOwnPropertyDescriptor): 29398 (JSC::objectConstructorGetOwnPropertyDescriptor): 29399 * runtime/ObjectConstructor.h: 29400 * runtime/ObjectPrototype.cpp: 29401 (JSC::ObjectPrototype::getOwnPropertyDescriptor): 29402 * runtime/ObjectPrototype.h: 29403 * runtime/RegExpConstructor.cpp: 29404 (JSC::RegExpConstructor::getOwnPropertyDescriptor): 29405 * runtime/RegExpConstructor.h: 29406 * runtime/RegExpMatchesArray.h: 29407 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): 29408 * runtime/RegExpObject.cpp: 29409 (JSC::RegExpObject::getOwnPropertyDescriptor): 29410 * runtime/RegExpObject.h: 29411 * runtime/RegExpPrototype.cpp: 29412 (JSC::RegExpPrototype::getOwnPropertyDescriptor): 29413 * runtime/RegExpPrototype.h: 29414 * runtime/StringConstructor.cpp: 29415 (JSC::StringConstructor::getOwnPropertyDescriptor): 29416 * runtime/StringConstructor.h: 29417 * runtime/StringObject.cpp: 29418 (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable. 29419 (JSC::StringObject::getOwnPropertyDescriptor): 29420 * runtime/StringObject.h: 29421 * runtime/StringPrototype.cpp: 29422 (JSC::StringPrototype::getOwnPropertyDescriptor): 29423 * runtime/StringPrototype.h: 29424 294252011-11-09 Gavin Barraclough <barraclough@apple.com> 29426 29427 https://bugs.webkit.org/show_bug.cgi?id=71873 29428 29429 Reviewed by Geoff Garen. 29430 29431 Incrementally re-landing these changes, trying to determine what went wrong. 29432 (The whole patch failed tests on the build bot but worked locally. 29433 29434 * assembler/MacroAssemblerARM.h: 29435 (JSC::MacroAssemblerARM::supportsFloatingPoint): 29436 (JSC::MacroAssemblerARM::supportsFloatingPointTruncate): 29437 (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): 29438 (JSC::MacroAssemblerARM::supportsFloatingPointAbs): 29439 * assembler/MacroAssemblerARMv7.h: 29440 (JSC::MacroAssemblerARMv7::supportsFloatingPoint): 29441 (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate): 29442 (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): 29443 (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs): 29444 * assembler/MacroAssemblerMIPS.h: 29445 (JSC::MacroAssemblerMIPS::supportsFloatingPoint): 29446 (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate): 29447 (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt): 29448 (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs): 29449 * assembler/MacroAssemblerSH4.h: 29450 (JSC::MacroAssemblerSH4::supportsFloatingPoint): 29451 (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate): 29452 (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt): 29453 (JSC::MacroAssemblerSH4::supportsFloatingPointAbs): 29454 * assembler/MacroAssemblerX86.h: 29455 (JSC::MacroAssemblerX86::supportsFloatingPoint): 29456 (JSC::MacroAssemblerX86::supportsFloatingPointTruncate): 29457 (JSC::MacroAssemblerX86::supportsFloatingPointSqrt): 29458 (JSC::MacroAssemblerX86::supportsFloatingPointAbs): 29459 * assembler/MacroAssemblerX86_64.h: 29460 (JSC::MacroAssemblerX86_64::supportsFloatingPoint): 29461 (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate): 29462 (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt): 29463 (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs): 29464 * jit/ThunkGenerators.cpp: 29465 (JSC::absThunkGenerator): 29466 294672011-11-08 Darin Adler <darin@apple.com> 29468 29469 Add code path in HashTable for emptyValueIsZero that does not require copying the empty value 29470 https://bugs.webkit.org/show_bug.cgi?id=71875 29471 29472 Reviewed by Anders Carlsson. 29473 29474 This is a step along the path of making OwnPtr work as HashMap value types. 29475 29476 * wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here. 29477 Also fixed include style. To include other WTF headers inside WTF, we use "" includes. 29478 I did not change the code to fix style checker complaints. 29479 29480 * wtf/HashTable.h: Added includes as needed and fixed include style. 29481 (WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which 29482 gave it internal linkage for no good reason. 29483 (WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid 29484 construction/destruction problems instead of doing the trick where we construct and destroy 29485 an empty value twice. It's cleaner and simpler and avoids copying the empty value. 29486 (WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the 29487 empty value is zero rather than copying an empty value. 29488 29489 * wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h. 29490 294912011-11-09 Gabor Rapcsanyi <rgabor@webkit.org> 29492 29493 Buildfix for 32bit debug mode. 29494 29495 Reviewed by Csaba Osztrogonác. 29496 29497 * dfg/DFGAbstractState.cpp: 29498 (JSC::DFG::AbstractState::dump): 29499 * dfg/DFGGraph.cpp: 29500 (JSC::DFG::Graph::dump): 29501 295022011-11-09 Andy Wingo <wingo@igalia.com> 29503 29504 Enable the DFG JIT on X86-64 Linux platforms 29505 https://bugs.webkit.org/show_bug.cgi?id=71373 29506 29507 Reviewed by Csaba Osztrogonác. 29508 29509 * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the 29510 x86-64 GNU/Linux platform. 29511 * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build. 29512 295132011-11-09 Csaba Osztrogonác <ossy@webkit.org> 29514 29515 Enable the DFG JIT on x86-64 Linux platforms 29516 https://bugs.webkit.org/show_bug.cgi?id=71373 29517 29518 Enable DFG JIT by default on X86 Linux and Mac platforms 29519 https://bugs.webkit.org/show_bug.cgi?id=71686 29520 29521 Buildfix for stricter compilers: -Werror=unused-but-set-variable 29522 29523 Reviewed by Zoltan Herczeg. 29524 29525 * dfg/DFGSpeculativeJIT.cpp: 29526 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 29527 * dfg/DFGSpeculativeJIT32_64.cpp: 29528 (JSC::DFG::SpeculativeJIT::compile): 29529 * dfg/DFGSpeculativeJIT64.cpp: 29530 (JSC::DFG::SpeculativeJIT::compile): 29531 295322011-11-09 Sheriff Bot <webkit.review.bot@gmail.com> 29533 29534 Unreviewed, rolling out r99678. 29535 http://trac.webkit.org/changeset/99678 29536 https://bugs.webkit.org/show_bug.cgi?id=71882 29537 29538 broke the build with -Werror=unused-but-set-variable 29539 (Requested by tronical_ on #webkit). 29540 29541 * CMakeListsEfl.txt: 29542 * wtf/Platform.h: 29543 295442011-11-09 Andy Wingo <wingo@igalia.com> 29545 29546 Enable the DFG JIT on X86-64 Linux platforms 29547 https://bugs.webkit.org/show_bug.cgi?id=71373 29548 29549 Reviewed by Filip Pizlo. 29550 29551 * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the 29552 x86-64 GNU/Linux platform. 29553 * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build. 29554 295552011-11-09 Mark Hahnenberg <mhahnenberg@apple.com> 29556 29557 De-virtualize JSObject::defineOwnProperty 29558 https://bugs.webkit.org/show_bug.cgi?id=71429 29559 29560 Reviewed by Geoffrey Garen. 29561 29562 Added defineOwnProperty to the MethodTable, changed all the virtual 29563 implementations of defineOwnProperty to static ones, and replaced 29564 all call sites with corresponding lookups in the MethodTable. 29565 29566 * JavaScriptCore.exp: 29567 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 29568 * runtime/Arguments.cpp: 29569 (JSC::Arguments::createStrictModeCallerIfNecessary): 29570 (JSC::Arguments::createStrictModeCalleeIfNecessary): 29571 * runtime/ClassInfo.h: 29572 * runtime/JSCell.cpp: 29573 (JSC::JSCell::defineOwnProperty): 29574 * runtime/JSCell.h: 29575 * runtime/JSObject.cpp: 29576 (JSC::JSObject::defineOwnProperty): 29577 * runtime/JSObject.h: 29578 * runtime/ObjectConstructor.cpp: 29579 (JSC::objectConstructorDefineProperty): 29580 (JSC::defineProperties): 29581 295822011-11-09 Simon Hausmann <simon.hausmann@nokia.com> 29583 29584 [Qt] Build system cleanup 29585 https://bugs.webkit.org/show_bug.cgi?id=71815 29586 29587 Reviewed by Kenneth Rohde Christiansen. 29588 29589 * wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf. 29590 295912011-11-08 Simon Hausmann <simon.hausmann@nokia.com> 29592 29593 [Qt] Replace use of QApplication with QGuiApplication 29594 https://bugs.webkit.org/show_bug.cgi?id=71794 29595 29596 Reviewed by Andreas Kling. 29597 29598 Add compat headers for use when building with Qt 4: QGuiApplication 29599 is typedef'ed to QApplication. 29600 29601 * wtf/qt/compat/QGuiApplication: Added. 29602 * wtf/qt/compat/qguiapplication.h: Added. 29603 296042011-11-08 Sheriff Bot <webkit.review.bot@gmail.com> 29605 29606 Unreviewed, rolling out r99647. 29607 http://trac.webkit.org/changeset/99647 29608 https://bugs.webkit.org/show_bug.cgi?id=71876 29609 29610 It broke jsc and layout tests on all bot (Requested by 29611 Ossy_night on #webkit). 29612 29613 * assembler/MacroAssemblerARM.h: 29614 (JSC::MacroAssemblerARM::supportsFloatingPoint): 29615 (JSC::MacroAssemblerARM::supportsFloatingPointTruncate): 29616 (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): 29617 (JSC::MacroAssemblerARM::supportsDoubleBitops): 29618 (JSC::MacroAssemblerARM::andnotDouble): 29619 * assembler/MacroAssemblerARMv7.h: 29620 (JSC::MacroAssemblerARMv7::supportsFloatingPoint): 29621 (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate): 29622 (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): 29623 (JSC::MacroAssemblerARMv7::supportsDoubleBitops): 29624 * assembler/MacroAssemblerMIPS.h: 29625 (JSC::MacroAssemblerMIPS::andnotDouble): 29626 (JSC::MacroAssemblerMIPS::supportsFloatingPoint): 29627 (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate): 29628 (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt): 29629 (JSC::MacroAssemblerMIPS::supportsDoubleBitops): 29630 * assembler/MacroAssemblerSH4.h: 29631 (JSC::MacroAssemblerSH4::supportsFloatingPoint): 29632 (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate): 29633 (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt): 29634 (JSC::MacroAssemblerSH4::supportsDoubleBitops): 29635 (JSC::MacroAssemblerSH4::andnotDouble): 29636 * assembler/MacroAssemblerX86.h: 29637 (JSC::MacroAssemblerX86::MacroAssemblerX86): 29638 (JSC::MacroAssemblerX86::supportsFloatingPoint): 29639 (JSC::MacroAssemblerX86::supportsFloatingPointTruncate): 29640 (JSC::MacroAssemblerX86::supportsFloatingPointSqrt): 29641 (JSC::MacroAssemblerX86::supportsDoubleBitops): 29642 * assembler/MacroAssemblerX86Common.h: 29643 (JSC::MacroAssemblerX86Common::andnotDouble): 29644 * assembler/MacroAssemblerX86_64.h: 29645 (JSC::MacroAssemblerX86_64::supportsFloatingPoint): 29646 (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate): 29647 (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt): 29648 (JSC::MacroAssemblerX86_64::supportsDoubleBitops): 29649 * assembler/X86Assembler.h: 29650 * dfg/DFGByteCodeParser.cpp: 29651 (JSC::DFG::ByteCodeParser::handleIntrinsic): 29652 * dfg/DFGSpeculativeJIT32_64.cpp: 29653 (JSC::DFG::SpeculativeJIT::compile): 29654 * dfg/DFGSpeculativeJIT64.cpp: 29655 (JSC::DFG::SpeculativeJIT::compile): 29656 * jit/ThunkGenerators.cpp: 29657 (JSC::absThunkGenerator): 29658 * runtime/JSGlobalData.cpp: 29659 296602011-11-08 Gavin Barraclough <barraclough@apple.com> 29661 29662 Better abstract 'abs' operation through the MacroAssembler. 29663 https://bugs.webkit.org/show_bug.cgi?id=71873 29664 29665 Reviewed by Geoff Garen. 29666 29667 Currently the x86 specific instruction sequence to perform a double abs 29668 is duplicated throughout the JITs / thunk generators. 29669 29670 * assembler/MacroAssemblerARM.h: 29671 (JSC::MacroAssemblerARM::supportsFloatingPoint): 29672 (JSC::MacroAssemblerARM::supportsFloatingPointTruncate): 29673 (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): 29674 (JSC::MacroAssemblerARM::supportsFloatingPointAbs): 29675 (JSC::MacroAssemblerARM::absDouble): 29676 - Renamed supportsFloatingPointAbs, make these methods static so that 29677 we can check the JIT's capabilites before we begin compilation. 29678 * assembler/MacroAssemblerARMv7.h: 29679 (JSC::MacroAssemblerARMv7::supportsFloatingPoint): 29680 (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate): 29681 (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): 29682 (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs): 29683 - Renamed supportsFloatingPointAbs, make these methods static so that 29684 we can check the JIT's capabilites before we begin compilation. 29685 * assembler/MacroAssemblerMIPS.h: 29686 (JSC::MacroAssemblerMIPS::absDouble): 29687 (JSC::MacroAssemblerMIPS::supportsFloatingPoint): 29688 (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate): 29689 (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt): 29690 (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs): 29691 - Renamed supportsFloatingPointAbs, make these methods static so that 29692 we can check the JIT's capabilites before we begin compilation. 29693 * assembler/MacroAssemblerSH4.h: 29694 (JSC::MacroAssemblerSH4::supportsFloatingPoint): 29695 (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate): 29696 (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt): 29697 (JSC::MacroAssemblerSH4::supportsFloatingPointAbs): 29698 (JSC::MacroAssemblerSH4::absDouble): 29699 - Renamed supportsFloatingPointAbs, make these methods static so that 29700 we can check the JIT's capabilites before we begin compilation. 29701 * assembler/MacroAssemblerX86.h: 29702 (JSC::MacroAssemblerX86::absDouble): 29703 (JSC::MacroAssemblerX86::supportsFloatingPoint): 29704 (JSC::MacroAssemblerX86::supportsFloatingPointTruncate): 29705 (JSC::MacroAssemblerX86::supportsFloatingPointSqrt): 29706 (JSC::MacroAssemblerX86::supportsFloatingPointAbs): 29707 - Made supports* methods static so that we can check the JIT's 29708 capabilites before we begin compilation. Added absDouble. 29709 * assembler/MacroAssemblerX86Common.h: 29710 - Removed andnotDouble, added s_maskSignBit. 29711 * assembler/MacroAssemblerX86_64.h: 29712 (JSC::MacroAssemblerX86_64::absDouble): 29713 (JSC::MacroAssemblerX86_64::supportsFloatingPoint): 29714 (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate): 29715 (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt): 29716 (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs): 29717 - Made supports* methods static so that we can check the JIT's 29718 capabilites before we begin compilation. Added absDouble. 29719 * assembler/X86Assembler.h: 29720 (JSC::X86Assembler::andpd_rr): 29721 (JSC::X86Assembler::andpd_mr): 29722 - Added support for andpd instruction. 29723 * dfg/DFGByteCodeParser.cpp: 29724 (JSC::DFG::ByteCodeParser::handleIntrinsic): 29725 - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt. 29726 * dfg/DFGSpeculativeJIT32_64.cpp: 29727 (JSC::DFG::SpeculativeJIT::compile): 29728 - Switched to use doubleAbs, we can now also reuse the operand register for the result. 29729 * dfg/DFGSpeculativeJIT64.cpp: 29730 (JSC::DFG::SpeculativeJIT::compile): 29731 - Switched to use doubleAbs, we can now also reuse the operand register for the result. 29732 * jit/ThunkGenerators.cpp: 29733 - Switched to use doubleAbs. 29734 (JSC::absThunkGenerator): 29735 * runtime/JSGlobalData.cpp: 29736 - Declared MacroAssemblerX86Common::s_maskSignBit here. 29737 This is a little ugly, but it doesn't seem worth adding a whole extra .cpp 29738 to the compile for just one constant. 29739 297402011-11-08 Gavin Barraclough <barraclough@apple.com> 29741 29742 Move duplicates of SYMBOL_STRING* macros to the single location 29743 https://bugs.webkit.org/show_bug.cgi?id=71456 29744 29745 Reviewed by Sam Weinig. 29746 29747 * JavaScriptCore.xcodeproj/project.pbxproj: 29748 * dfg/DFGOperations.cpp: 29749 * jit/JITStubs.cpp: 29750 * wtf/InlineASM.h: Added. 29751 - Moved asm related macros. 29752 297532011-11-08 Gavin Barraclough <barraclough@apple.com> 29754 29755 Move code to handle 8bit regs from X86Assembler to MacroAssembler 29756 https://bugs.webkit.org/show_bug.cgi?id=71867 29757 29758 Reviewed by Oliver Hunt. 29759 29760 This code is fine, but is in the wrong place really. X86 assembler should 29761 basically just format up exactly the instruction you request - not expand 29762 out to a set of instructions (that is what the macro assembler layer is 29763 for!). For other 8-bit ops, on X86 we don't guard against clients accessing 29764 the XH registers. 29765 29766 * assembler/MacroAssemblerX86Common.h: 29767 (JSC::MacroAssemblerX86Common::store8): 29768 * assembler/X86Assembler.h: 29769 (JSC::X86Assembler::movb_rm): 29770 - moved some code. 29771 297722011-11-08 Filip Pizlo <fpizlo@apple.com> 29773 29774 Unreviewed build fix for GTK. 29775 29776 * GNUmakefile.list.am: 29777 297782011-11-08 Gavin Barraclough <barraclough@apple.com> 29779 29780 Build fix. 29781 29782 * assembler/X86Assembler.h: 29783 297842011-11-08 Gavin Barraclough <barraclough@apple.com> 29785 29786 Errrk, failed to commit this in last change. 29787 29788 * assembler/X86Assembler.h: 29789 297902011-11-08 Gavin Barraclough <barraclough@apple.com> 29791 29792 Remove an unused method. 29793 29794 Rubber stamped by Geoff Garen. 29795 29796 * assembler/AbstractMacroAssembler.h: 29797 * assembler/AssemblerBuffer.h: 29798 - removed rewindToLabel. 29799 298002011-11-08 Gavin Barraclough <barraclough@apple.com> 29801 29802 Fix OSR entry points to calculate offsets correctly WRT to branch compaction. 29803 https://bugs.webkit.org/show_bug.cgi?id=71864 29804 29805 Reviewed by Filip Pizlo. 29806 29807 * assembler/LinkBuffer.h: 29808 (JSC::LinkBuffer::offsetOf): 29809 - We use this to return the offsets into the code of the entry points. 29810 * dfg/DFGJITCompiler.cpp: 29811 (JSC::DFG::JITCompiler::compileEntry): 29812 (JSC::DFG::JITCompiler::compileBody): 29813 (JSC::DFG::JITCompiler::compile): 29814 (JSC::DFG::JITCompiler::compileFunction): 29815 - Move the construction of the speculative JIT outside of 29816 compileBody, such that it is still available to link the 29817 OSR entry points at the point we are linking. 29818 * dfg/DFGJITCompiler.h: 29819 (JSC::DFG::JITCompiler::noticeOSREntry): 29820 - Pass the label of the block & linkbuffer into noticeOSREntry. 29821 * dfg/DFGSpeculativeJIT.cpp: 29822 (JSC::DFG::SpeculativeJIT::compile): 29823 (JSC::DFG::SpeculativeJIT::linkOSREntries): 29824 - Moved call to noticeOSREntry until we we linking. 29825 * dfg/DFGSpeculativeJIT.h: 29826 * jit/JIT.cpp: 29827 (JSC::JIT::privateCompileMainPass): 29828 (JSC::JIT::privateCompileSlowCases): 29829 (JSC::JIT::privateCompile): 29830 - Moved calculation of entries until we we linking. 29831 * jit/JIT.h: 29832 - Removed some members. 29833 298342011-11-08 Filip Pizlo <fpizlo@apple.com> 29835 29836 DFG OSR exit code should be generated by a separate compiler, not 29837 related to DFG::JITCompiler 29838 https://bugs.webkit.org/show_bug.cgi?id=71787 29839 29840 Reviewed by Gavin Barraclough. 29841 29842 Moves the exitSpeculativeWithOSR() method from JITCompiler to 29843 OSRExitCompiler::compileExit(). 29844 29845 * CMakeListsEfl.txt: 29846 * JavaScriptCore.xcodeproj/project.pbxproj: 29847 * Target.pri: 29848 * dfg/DFGJITCompiler.cpp: 29849 (JSC::DFG::JITCompiler::linkOSRExits): 29850 * dfg/DFGJITCompiler32_64.cpp: Removed. 29851 * dfg/DFGOSRExitCompiler.h: Added. 29852 (JSC::DFG::OSRExitCompiler::OSRExitCompiler): 29853 * dfg/DFGOSRExitCompiler32_64.cpp: Added. 29854 (JSC::DFG::OSRExitCompiler::compileExit): 29855 * dfg/DFGOSRExitCompiler64.cpp: Added. 29856 (JSC::DFG::OSRExitCompiler::compileExit): 29857 * runtime/JSValue.h: 29858 298592011-11-08 Filip Pizlo <fpizlo@apple.com> 29860 29861 Basic DFG definitions should be moved out of DFGNode.h 29862 https://bugs.webkit.org/show_bug.cgi?id=71861 29863 29864 Rubber-stamped by Gavin Barraclough. 29865 29866 * JavaScriptCore.xcodeproj/project.pbxproj: 29867 * dfg/DFGCommon.h: Added. 29868 (JSC::DFG::NodeIndexTraits::defaultValue): 29869 * dfg/DFGNode.h: 29870 * dfg/DFGOSRExit.h: 29871 * dfg/DFGRegisterBank.h: 29872 298732011-11-08 Michael Saboff <msaboff@apple.com> 29874 29875 Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type 29876 https://bugs.webkit.org/show_bug.cgi?id=71761 29877 29878 Templatized Parser based on Lexer<T>. Moved two enums, 29879 SourceElementsMode and FunctionRequirements out of Parser definition 29880 to work around a clang compiler defect. 29881 29882 Cleaned up SourceCode data() to return StringImpl* and eliminated 29883 the recently added stringData() virtual method. 29884 29885 To keep code in Parser.cpp and keep Parser.h small, the two flavors 29886 of Parser are explicitly instantiated at the end of Parser.cpp. 29887 29888 Reviewed by Gavin Barraclough. 29889 29890 * interpreter/Interpreter.cpp: 29891 (JSC::appendSourceToError): 29892 * parser/Lexer.cpp: 29893 (JSC::::setCode): 29894 (JSC::::sourceCode): 29895 * parser/Parser.cpp: 29896 (JSC::::Parser): 29897 (JSC::::~Parser): 29898 (JSC::::parseInner): 29899 (JSC::::didFinishParsing): 29900 (JSC::::allowAutomaticSemicolon): 29901 (JSC::::parseSourceElements): 29902 (JSC::::parseVarDeclaration): 29903 (JSC::::parseConstDeclaration): 29904 (JSC::::parseDoWhileStatement): 29905 (JSC::::parseWhileStatement): 29906 (JSC::::parseVarDeclarationList): 29907 (JSC::::parseConstDeclarationList): 29908 (JSC::::parseForStatement): 29909 (JSC::::parseBreakStatement): 29910 (JSC::::parseContinueStatement): 29911 (JSC::::parseReturnStatement): 29912 (JSC::::parseThrowStatement): 29913 (JSC::::parseWithStatement): 29914 (JSC::::parseSwitchStatement): 29915 (JSC::::parseSwitchClauses): 29916 (JSC::::parseSwitchDefaultClause): 29917 (JSC::::parseTryStatement): 29918 (JSC::::parseDebuggerStatement): 29919 (JSC::::parseBlockStatement): 29920 (JSC::::parseStatement): 29921 (JSC::::parseFormalParameters): 29922 (JSC::::parseFunctionBody): 29923 (JSC::::parseFunctionInfo): 29924 (JSC::::parseFunctionDeclaration): 29925 (JSC::::parseExpressionOrLabelStatement): 29926 (JSC::::parseExpressionStatement): 29927 (JSC::::parseIfStatement): 29928 (JSC::::parseExpression): 29929 (JSC::::parseAssignmentExpression): 29930 (JSC::::parseConditionalExpression): 29931 (JSC::::isBinaryOperator): 29932 (JSC::::parseBinaryExpression): 29933 (JSC::::parseProperty): 29934 (JSC::::parseObjectLiteral): 29935 (JSC::::parseStrictObjectLiteral): 29936 (JSC::::parseArrayLiteral): 29937 (JSC::::parsePrimaryExpression): 29938 (JSC::::parseArguments): 29939 (JSC::::parseMemberExpression): 29940 (JSC::::parseUnaryExpression): 29941 * parser/Parser.h: 29942 (JSC::::parse): 29943 (JSC::parse): 29944 * parser/SourceCode.h: 29945 (JSC::SourceCode::data): 29946 (JSC::SourceCode::subExpression): 29947 * parser/SourceProvider.h: 29948 (JSC::UStringSourceProvider::data): 29949 299502011-11-08 Gavin Barraclough <barraclough@apple.com> 29951 29952 Fix PropertyAccessRecords in DFG JIT to take account of branch compaction. 29953 https://bugs.webkit.org/show_bug.cgi?id=71855 29954 29955 Reviewed by Filip Pizlo. 29956 29957 The DFG JIT presently calculates a set of offsets early, before branches have been compacted. 29958 This won't work on ARMv7. 29959 29960 * assembler/AbstractMacroAssembler.h: 29961 (JSC::AbstractMacroAssembler::differenceBetweenCodePtr): 29962 * assembler/LinkBuffer.h: 29963 (JSC::LinkBuffer::locationOf): 29964 * dfg/DFGJITCodeGenerator32_64.cpp: 29965 (JSC::DFG::JITCodeGenerator::cachedGetById): 29966 (JSC::DFG::JITCodeGenerator::cachedPutById): 29967 * dfg/DFGJITCodeGenerator64.cpp: 29968 (JSC::DFG::JITCodeGenerator::cachedGetById): 29969 (JSC::DFG::JITCodeGenerator::cachedPutById): 29970 * dfg/DFGJITCompiler.cpp: 29971 (JSC::DFG::JITCompiler::link): 29972 * dfg/DFGJITCompiler.h: 29973 (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): 29974 (JSC::DFG::JITCompiler::addPropertyAccess): 29975 299762011-11-08 Gavin Barraclough <barraclough@apple.com> 29977 29978 DFG JIT calculation of OSR entry points is not THUMB2 safe 29979 https://bugs.webkit.org/show_bug.cgi?id=71852 29980 29981 Reviewed by Oliver Hunt. 29982 29983 Executable addresses are tagged with a low bit set to distinguish 29984 between THUMB2 and traditional ARM. 29985 29986 * dfg/DFGJITCompiler.cpp: 29987 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 29988 * dfg/DFGJITCompiler32_64.cpp: 29989 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 29990 * dfg/DFGOSREntry.cpp: 29991 (JSC::DFG::prepareOSREntry): 29992 * jit/JITCode.h: 29993 (JSC::JITCode::executableAddressAtOffset): 29994 (JSC::JITCode::start): 29995 (JSC::JITCode::size): 29996 299972011-11-08 Michael Saboff <msaboff@apple.com> 29998 29999 JSC::Parser::Parser leaks Lexer member 30000 https://bugs.webkit.org/show_bug.cgi?id=71847 30001 30002 Changed m_lexer member of Parser to be OwnPtr to fix a memory leak. 30003 30004 Reviewed by Oliver Hunt. 30005 30006 * parser/Parser.cpp: 30007 (JSC::Parser::Parser): 30008 (JSC::Parser::parseFunctionBody): 30009 * parser/Parser.h: 30010 300112011-11-08 Yuqiang Xian <yuqiang.xian@intel.com> 30012 30013 Enable DFG JIT by default on X86 Linux and Mac platforms 30014 https://bugs.webkit.org/show_bug.cgi?id=71686 30015 30016 Reviewed by Filip Pizlo. 30017 30018 We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86. 30019 30020 * wtf/Platform.h: 30021 300222011-11-08 Yuqiang Xian <yuqiang.xian@intel.com> 30023 30024 DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519 30025 https://bugs.webkit.org/show_bug.cgi?id=71768 30026 30027 Reviewed by Geoffrey Garen. 30028 30029 Also includes a fix to make the newly introduced AssemblyHelpers 30030 friend of JSValue as we need the Tag definitions. 30031 30032 * CMakeListsEfl.txt: 30033 * GNUmakefile.list.am: 30034 * Target.pri: 30035 * runtime/JSValue.h: 30036 300372011-11-07 Yuqiang Xian <yuqiang.xian@intel.com> 30038 30039 Fix gcc 4.4 compilation warnings in DFG 32_64 30040 https://bugs.webkit.org/show_bug.cgi?id=71762 30041 30042 Reviewed by Filip Pizlo. 30043 30044 * dfg/DFGJITCodeGenerator.h: 30045 (JSC::DFG::JITCodeGenerator::registersMatched): 30046 300472011-11-07 Filip Pizlo <fpizlo@apple.com> 30048 30049 DFG code base should allow for classes not related to DFG::JITCompiler 30050 to use DFG idioms 30051 https://bugs.webkit.org/show_bug.cgi?id=71746 30052 30053 Reviewed by Gavin Barraclough. 30054 30055 * JavaScriptCore.xcodeproj/project.pbxproj: 30056 * dfg/DFGAssemblyHelpers.cpp: Added. 30057 (JSC::DFG::AssemblyHelpers::decodedCodeMapFor): 30058 (JSC::DFG::AssemblyHelpers::emitCount): 30059 (JSC::DFG::AssemblyHelpers::setSamplingFlag): 30060 (JSC::DFG::AssemblyHelpers::clearSamplingFlag): 30061 (JSC::DFG::AssemblyHelpers::jitAssertIsInt32): 30062 (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32): 30063 (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber): 30064 (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble): 30065 (JSC::DFG::AssemblyHelpers::jitAssertIsCell): 30066 * dfg/DFGAssemblyHelpers.h: Added. 30067 * dfg/DFGJITCompiler.cpp: 30068 * dfg/DFGJITCompiler.h: 30069 (JSC::DFG::JITCompiler::JITCompiler): 30070 (JSC::DFG::JITCompiler::graph): 30071 * dfg/DFGJITCompiler32_64.cpp: 30072 * dfg/DFGOSRExit.h: Added. 30073 (JSC::DFG::SpeculationRecovery::SpeculationRecovery): 30074 (JSC::DFG::SpeculationRecovery::type): 30075 (JSC::DFG::SpeculationRecovery::dest): 30076 (JSC::DFG::SpeculationRecovery::src): 30077 (JSC::DFG::OSRExit::numberOfRecoveries): 30078 (JSC::DFG::OSRExit::valueRecovery): 30079 (JSC::DFG::OSRExit::isArgument): 30080 (JSC::DFG::OSRExit::isVariable): 30081 (JSC::DFG::OSRExit::argumentForIndex): 30082 (JSC::DFG::OSRExit::variableForIndex): 30083 (JSC::DFG::OSRExit::operandForArgument): 30084 (JSC::DFG::OSRExit::operandForIndex): 30085 * dfg/DFGSpeculativeJIT.h: 30086 300872011-11-07 Filip Pizlo <fpizlo@apple.com> 30088 30089 Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet, 30090 but it appears to help on other benchmarks. 30091 30092 Rubber stamped by Oliver Hunt. 30093 30094 * bytecode/ValueProfile.h: 30095 300962011-11-07 Ariya Hidayat <ariya@sencha.com> 30097 30098 "use strict" can not contain escape sequences or line continuation 30099 https://bugs.webkit.org/show_bug.cgi?id=71532 30100 30101 Reviewed by Darin Adler. 30102 30103 Store the actual literal length (before the escapes and line 30104 continuation are encoded) while parsing the directive and use it 30105 for the directive comparison. 30106 30107 * parser/Parser.cpp: 30108 (JSC::Parser::parseSourceElements): 30109 (JSC::Parser::parseStatement): 30110 * parser/Parser.h: 30111 301122011-11-06 Filip Pizlo <fpizlo@apple.com> 30113 30114 DFG operationCreateThis slow path may get the wrong callee in case of inlining 30115 https://bugs.webkit.org/show_bug.cgi?id=71647 30116 30117 Reviewed by Oliver Hunt. 30118 30119 No new tests because I only saw this manifest itself when I had other bugs 30120 leading to spurious slow path executions. 30121 30122 * dfg/DFGJITCodeGenerator.h: 30123 (JSC::DFG::callOperation): 30124 * dfg/DFGOperations.cpp: 30125 * dfg/DFGOperations.h: 30126 * dfg/DFGSpeculativeJIT32_64.cpp: 30127 (JSC::DFG::SpeculativeJIT::compile): 30128 * dfg/DFGSpeculativeJIT64.cpp: 30129 (JSC::DFG::SpeculativeJIT::compile): 30130 301312011-11-07 Mark Hahnenberg <mhahnenberg@apple.com> 30132 30133 De-virtualize JSObject::putWithAttributes 30134 https://bugs.webkit.org/show_bug.cgi?id=71716 30135 30136 Reviewed by Darin Adler. 30137 30138 Added putWithAttributes to the MethodTable, changed all the virtual 30139 implementations of putWithAttributes to static ones, and replaced 30140 all call sites with corresponding lookups in the MethodTable. 30141 30142 * API/JSObjectRef.cpp: 30143 (JSObjectSetProperty): 30144 * JavaScriptCore.exp: 30145 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30146 * debugger/DebuggerActivation.cpp: 30147 (JSC::DebuggerActivation::putWithAttributes): 30148 * debugger/DebuggerActivation.h: 30149 * interpreter/Interpreter.cpp: 30150 (JSC::Interpreter::execute): 30151 * runtime/ClassInfo.h: 30152 * runtime/JSActivation.cpp: 30153 (JSC::JSActivation::putWithAttributes): 30154 * runtime/JSActivation.h: 30155 * runtime/JSCell.cpp: 30156 (JSC::JSCell::putWithAttributes): 30157 * runtime/JSCell.h: 30158 * runtime/JSGlobalObject.cpp: 30159 (JSC::JSGlobalObject::putWithAttributes): 30160 * runtime/JSGlobalObject.h: 30161 * runtime/JSObject.cpp: 30162 (JSC::JSObject::putWithAttributes): 30163 (JSC::putDescriptor): 30164 * runtime/JSObject.h: 30165 * runtime/JSStaticScopeObject.cpp: 30166 (JSC::JSStaticScopeObject::putWithAttributes): 30167 * runtime/JSStaticScopeObject.h: 30168 * runtime/JSVariableObject.cpp: 30169 (JSC::JSVariableObject::putWithAttributes): 30170 * runtime/JSVariableObject.h: 30171 301722011-11-07 Dmitry Lomov <dslomov@google.com> 30173 30174 Unreviewed. Release build fix. 30175 30176 * parser/Lexer.cpp: 30177 (JSC::assertCharIsIn8BitRange): 30178 301792011-11-07 Filip Pizlo <fpizlo@apple.com> 30180 30181 Switch the value profiler back to 8 buckets, because we suspect that while this 30182 is more expensive it's also more stable. 30183 30184 Rubber stamped by Geoff Garen. 30185 30186 * bytecode/ValueProfile.h: 30187 301882011-11-07 Andrew Wason <rectalogic@rectalogic.com> 30189 30190 Uninitialized Heap member var 30191 https://bugs.webkit.org/show_bug.cgi?id=71722 30192 30193 Reviewed by Filip Pizlo. 30194 30195 * heap/Heap.cpp: 30196 (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit 30197 301982011-11-07 Yuqiang Xian <yuqiang.xian@intel.com> 30199 30200 DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible 30201 https://bugs.webkit.org/show_bug.cgi?id=71684 30202 30203 Reviewed by Filip Pizlo. 30204 30205 Currently in DFG JIT, we try to reuse the physical register of an 30206 operand for temporary usage if the current use of the operand is the 30207 last use. But sometimes this can be wrong, for example if there are 30208 possible speculation failures and we need to fallback to baseline JIT, 30209 the value of the operand which is supposed to be hold in the physical 30210 register can be modified by register reusing. The fixes the last 30211 inspector failures in layout test on Mac 32-bit if switching on DFG. 30212 30213 * dfg/DFGSpeculativeJIT32_64.cpp: 30214 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 30215 (JSC::DFG::SpeculativeJIT::compile): 30216 302172011-11-07 Ryosuke Niwa <rniwa@webkit.org> 30218 30219 REGRESSION(r99436): Broke Snow Leopard debug build 30220 https://bugs.webkit.org/show_bug.cgi?id=71713 30221 30222 Reviewed by Darin Adler. 30223 30224 Put the assertion in a template and use template specialization 30225 to avoid warning when instantiated with UChar or LChar. 30226 30227 In the long term, we should have traits for unsigned integral types 30228 and use that to specialize template instead of specializing it for UChar and LChar. 30229 30230 * parser/Lexer.cpp: 30231 (JSC::assertCharIsIn8BitRange): 30232 (JSC::::append8): 30233 302342011-11-07 ChangSeok Oh <shivamidow@gmail.com> 30235 30236 [EFL] Support requestAnimationFrame API 30237 https://bugs.webkit.org/show_bug.cgi?id=67112 30238 30239 Reviewed by Andreas Kling. 30240 30241 Let EFL port use REQUEST_ANIMATION_FRAME_TIMER. 30242 30243 * wtf/Platform.h: 30244 302452011-11-07 Michael Saboff <msaboff@apple.com> 30246 30247 Towards 8 Bit Strings: Templatize JSC::Lexer class by character type 30248 https://bugs.webkit.org/show_bug.cgi?id=71331 30249 30250 Change the Lexer class to be a template class based on the character 30251 type of the source. In the process updated the parseIdentifier() 30252 and parseString() methods to create 8 bit strings where possible. 30253 Also added some helper methods for accumulating temporary string 30254 data in the 8 and 16 bit vectors. 30255 30256 Changed the SourceProvider::data() virtual method to return a 30257 StringImpl* instead of a UChar*. 30258 30259 Updated the KeywordLookup generator to create code to match keywords 30260 for both 8 and 16 bit source strings. 30261 30262 Due to a compiler bug (<rdar://problem/10194295>) moved enum 30263 definition outside of Lexer class declaration. Remove second enum 30264 no longer needed. 30265 30266 Reviewed by Darin Adler. 30267 30268 * KeywordLookupGenerator.py: 30269 * interpreter/Interpreter.cpp: 30270 (JSC::Interpreter::callEval): 30271 * parser/Lexer.cpp: 30272 (JSC::::Lexer): 30273 (JSC::::~Lexer): 30274 (JSC::::getInvalidCharMessage): 30275 (JSC::::currentCharacter): 30276 (JSC::::setCode): 30277 (JSC::::internalShift): 30278 (JSC::::shift): 30279 (JSC::::peek): 30280 (JSC::::getUnicodeCharacter): 30281 (JSC::::shiftLineTerminator): 30282 (JSC::::lastTokenWasRestrKeyword): 30283 (JSC::::record8): 30284 (JSC::::append8): 30285 (JSC::::append16): 30286 (JSC::::record16): 30287 (JSC::::parseIdentifier): 30288 (JSC::::parseIdentifierSlowCase): 30289 (JSC::::parseString): 30290 (JSC::::parseStringSlowCase): 30291 (JSC::::parseHex): 30292 (JSC::::parseOctal): 30293 (JSC::::parseDecimal): 30294 (JSC::::parseNumberAfterDecimalPoint): 30295 (JSC::::parseNumberAfterExponentIndicator): 30296 (JSC::::parseMultilineComment): 30297 (JSC::::nextTokenIsColon): 30298 (JSC::::lex): 30299 (JSC::::scanRegExp): 30300 (JSC::::skipRegExp): 30301 (JSC::::clear): 30302 (JSC::::sourceCode): 30303 * parser/Lexer.h: 30304 (JSC::Lexer::append16): 30305 (JSC::Lexer::currentOffset): 30306 (JSC::Lexer::setOffsetFromCharOffset): 30307 (JSC::::isWhiteSpace): 30308 (JSC::::isLineTerminator): 30309 (JSC::::convertHex): 30310 (JSC::::convertUnicode): 30311 (JSC::::makeIdentifier): 30312 (JSC::::setCodeStart): 30313 (JSC::::makeIdentifierLCharFromUChar): 30314 (JSC::::lexExpectIdentifier): 30315 * parser/Parser.cpp: 30316 (JSC::Parser::Parser): 30317 (JSC::Parser::parseProperty): 30318 (JSC::Parser::parseMemberExpression): 30319 * parser/Parser.h: 30320 (JSC::Parser::next): 30321 (JSC::Parser::nextExpectIdentifier): 30322 * parser/ParserArena.h: 30323 (JSC::IdentifierArena::makeIdentifier): 30324 (JSC::IdentifierArena::makeIdentifierLCharFromUChar): 30325 * parser/SourceCode.h: 30326 (JSC::SourceCode::subExpression): 30327 * parser/SourceProvider.h: 30328 (JSC::UStringSourceProvider::stringData): 30329 * parser/SourceProviderCache.h: 30330 * parser/SyntaxChecker.h: 30331 * runtime/FunctionPrototype.cpp: 30332 (JSC::insertSemicolonIfNeeded): 30333 * runtime/Identifier.cpp: 30334 (JSC::IdentifierTable::add): 30335 (JSC::IdentifierLCharFromUCharTranslator::hash): 30336 (JSC::IdentifierLCharFromUCharTranslator::equal): 30337 (JSC::IdentifierLCharFromUCharTranslator::translate): 30338 (JSC::Identifier::add8): 30339 * runtime/Identifier.h: 30340 (JSC::Identifier::Identifier): 30341 (JSC::Identifier::createLCharFromUChar): 30342 (JSC::Identifier::canUseSingleCharacterString): 30343 (JSC::IdentifierCharBufferTranslator::hash): 30344 (JSC::IdentifierCharBufferTranslator::equal): 30345 (JSC::IdentifierCharBufferTranslator::translate): 30346 (JSC::Identifier::add): 30347 (JSC::Identifier::equal): 30348 (JSC::IdentifierTable::add): 30349 * runtime/JSGlobalObjectFunctions.cpp: 30350 (JSC::decode): 30351 (JSC::parseIntOverflow): 30352 (JSC::globalFuncUnescape): 30353 * runtime/JSGlobalObjectFunctions.h: 30354 (JSC::parseIntOverflow): 30355 * runtime/LiteralParser.cpp: 30356 (JSC::LiteralParser::tryJSONPParse): 30357 (JSC::LiteralParser::Lexer::lexString): 30358 * wtf/text/StringImpl.h: 30359 303602011-11-07 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> 30361 30362 [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree 30363 30364 Allows us to not package up the whole Source/JavaScriptCore directory for the 30365 buildbots. 30366 30367 Reviewed-by Simon Hausmann. 30368 30369 * jsc.pro: 30370 303712011-11-06 Filip Pizlo <fpizlo@apple.com> 30372 30373 REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call 30374 to initializeMainThread, and crashes 30375 https://bugs.webkit.org/show_bug.cgi?id=71643 30376 30377 Reviewed by Sam Weinig. 30378 30379 * jsc.cpp: 30380 (main): 30381 303822011-11-06 Sam Weinig <sam@webkit.org> 30383 30384 Add space missing from some class declarations 30385 https://bugs.webkit.org/show_bug.cgi?id=71632 30386 30387 Reviewed by Anders Carlsson. 30388 30389 * assembler/AssemblerBufferWithConstantPool.h: 30390 * bytecode/CodeBlock.h: 30391 * dfg/DFGVariableAccessData.h: 30392 * heap/VTableSpectrum.h: 30393 * jit/ExecutableAllocator.cpp: 30394 * jit/ExecutableAllocatorFixedVMPool.cpp: 30395 * wtf/MetaAllocatorHandle.h: 30396 * wtf/UnionFind.h: 30397 303982011-11-06 Sam Weinig <sam@webkit.org> 30399 30400 Allow use of FINAL in JavaScriptCore 30401 https://bugs.webkit.org/show_bug.cgi?id=71630 30402 30403 Reviewed by Anders Carlsson. 30404 30405 * Configurations/Base.xcconfig: 30406 Don't warn about C++11 extensions used in C++98 mode. 30407 304082011-11-05 Filip Pizlo <fpizlo@apple.com> 30409 30410 Value profiling should just use two buckets 30411 https://bugs.webkit.org/show_bug.cgi?id=71619 30412 30413 Reviewed by Gavin Barraclough. 30414 30415 Added one more configuration options (like Heuristics::minimumOptimizationDelay), 30416 improved debugging in JIT optimization support, changed the number of buckets 30417 in the value profile from 9 to 2, and wrote a more optimal value profiling path 30418 in the old JIT to take advantage of this. It's still possible to play around with 30419 larger numbers of buckets, and we should probably keep this for a little while 30420 until we convince ourselves that using just two buckets is the right call. 30421 30422 * bytecode/CodeBlock.cpp: 30423 (JSC::CodeBlock::shouldOptimizeNow): 30424 * bytecode/ValueProfile.h: 30425 * jit/JITInlineMethods.h: 30426 (JSC::JIT::emitValueProfilingSite): 30427 * jit/JITStubs.cpp: 30428 (JSC::DEFINE_STUB_FUNCTION): 30429 * runtime/Heuristics.cpp: 30430 (JSC::Heuristics::initializeHeuristics): 30431 * runtime/Heuristics.h: 30432 304332011-11-03 Filip Pizlo <fpizlo@apple.com> 30434 30435 JSC should be able to sample itself in a more flexible way than just sampling flags 30436 https://bugs.webkit.org/show_bug.cgi?id=71522 30437 30438 Reviewed by Gavin Barraclough. 30439 30440 Added a construct that looks like SamplingRegion samplingRegion("name"). 30441 30442 * JavaScriptCore.exp: 30443 * JavaScriptCore.xcodeproj/project.pbxproj: 30444 * bytecode/SamplingTool.cpp: 30445 (JSC::SamplingRegion::Locker::Locker): 30446 (JSC::SamplingRegion::Locker::~Locker): 30447 (JSC::SamplingRegion::sample): 30448 (JSC::SamplingRegion::dump): 30449 (JSC::SamplingRegion::dumpInternal): 30450 (JSC::SamplingThread::threadStartFunc): 30451 * bytecode/SamplingTool.h: 30452 (JSC::SamplingRegion::SamplingRegion): 30453 (JSC::SamplingRegion::~SamplingRegion): 30454 (JSC::SamplingRegion::exchangeCurrent): 30455 * bytecompiler/BytecodeGenerator.cpp: 30456 (JSC::BytecodeGenerator::generate): 30457 * dfg/DFGDriver.cpp: 30458 (JSC::DFG::compile): 30459 * heap/Heap.cpp: 30460 (JSC::Heap::markRoots): 30461 (JSC::Heap::collect): 30462 * heap/VTableSpectrum.cpp: 30463 (JSC::VTableSpectrum::countVPtr): 30464 (JSC::VTableSpectrum::dump): 30465 * heap/VTableSpectrum.h: 30466 * jsc.cpp: 30467 (main): 30468 (runWithScripts): 30469 * parser/Parser.h: 30470 (JSC::parse): 30471 * runtime/Executable.cpp: 30472 (JSC::EvalExecutable::compileInternal): 30473 (JSC::ProgramExecutable::compileInternal): 30474 (JSC::FunctionExecutable::compileForCallInternal): 30475 (JSC::FunctionExecutable::compileForConstructInternal): 30476 * wtf/Atomics.h: 30477 (WTF::weakCompareAndSwap): 30478 * wtf/Platform.h: 30479 * wtf/Spectrum.h: Added. 30480 (WTF::Spectrum::Spectrum): 30481 (WTF::Spectrum::add): 30482 (WTF::Spectrum::get): 30483 (WTF::Spectrum::begin): 30484 (WTF::Spectrum::end): 30485 (WTF::Spectrum::KeyAndCount::KeyAndCount): 30486 (WTF::Spectrum::KeyAndCount::operator<): 30487 (WTF::Spectrum::buildList): 30488 * wtf/wtf.pri: 30489 304902011-11-05 Sam Weinig <sam@webkit.org> 30491 30492 Fix windows build. 30493 30494 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30495 304962011-11-04 Sam Weinig <sam@webkit.org> 30497 30498 Reduce the number of putWithAttributes 30499 https://bugs.webkit.org/show_bug.cgi?id=71597 30500 30501 Reviewed by Adam Roben. 30502 30503 * JavaScriptCore.exp: 30504 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30505 Remove exports of removed functions. 30506 30507 * runtime/JSActivation.cpp: 30508 (JSC::JSActivation::putWithAttributes): 30509 Calling the overload without the extra parameters does the same thing. 30510 30511 * runtime/JSObject.cpp: 30512 (JSC::JSObject::putWithAttributes): 30513 * runtime/JSObject.h: 30514 Remove four unused JSObject::putWithAttributes overloads and make one of the remaining 30515 two overloads not virtual, since no one overrides it. 30516 305172011-11-04 Pratik Solanki <psolanki@apple.com> 30518 30519 sqrtDouble and andnotDouble should be declared noreturn 30520 https://bugs.webkit.org/show_bug.cgi?id=71592 30521 30522 Reviewed by Sam Weinig. 30523 30524 * assembler/MacroAssemblerARMv7.h: 30525 305262011-11-04 Mark Hahnenberg <mhahnenberg@apple.com> 30527 30528 De-virtualize JSObject::hasInstance 30529 https://bugs.webkit.org/show_bug.cgi?id=71430 30530 30531 Reviewed by Darin Adler. 30532 30533 Added hasInstance to the MethodTable, changed all the virtual 30534 implementations of hasInstance to static ones, and replaced 30535 all call sites with corresponding lookups in the MethodTable. 30536 30537 * API/JSCallbackObject.h: 30538 * API/JSCallbackObjectFunctions.h: 30539 (JSC::::hasInstance): 30540 * API/JSValueRef.cpp: 30541 (JSValueIsInstanceOfConstructor): 30542 * JavaScriptCore.exp: 30543 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30544 * interpreter/Interpreter.cpp: 30545 (JSC::Interpreter::privateExecute): 30546 * jit/JITStubs.cpp: 30547 (JSC::DEFINE_STUB_FUNCTION): 30548 * runtime/ClassInfo.h: 30549 * runtime/JSBoundFunction.cpp: 30550 (JSC::JSBoundFunction::hasInstance): 30551 * runtime/JSBoundFunction.h: 30552 * runtime/JSCell.cpp: 30553 (JSC::JSCell::hasInstance): 30554 * runtime/JSCell.h: 30555 * runtime/JSObject.cpp: 30556 (JSC::JSObject::hasInstance): 30557 * runtime/JSObject.h: 30558 305592011-11-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> 30560 30561 [Qt] Refactor and clean up the qmake build system 30562 30563 The qmake build system has accumulated a bit of cruft and redundancy 30564 over time. There's also a fairly tight coupling between how to build 30565 the various targets, and _what_ to build, making it harder to add new 30566 rules or sources. This patch aims to elevate these issues somewhat. 30567 30568 This is a short-list of the changes: 30569 30570 * The rules for how to build targets are now mostly contained as 30571 prf-files in Tools/qmake/mkspecs/features. Using mkspecs also 30572 allows us to do pre- and post-processing of each project file, 30573 which helps to clean up the actual project files. 30574 30575 * Derived sources are no longer generated as a separate make-step 30576 but is part of each target's project file as a subdir. Makefile 30577 rules are used to ensure that we run make on the derived sources 30578 before running qmake on the actual target makefile. This makes 30579 it easier to keep a proper dependency between derived sources 30580 and the target. 30581 30582 * We use GNU make and the compiler to generate dependencies on 30583 UNIX-based systems running Qt 5. This allows us to lessen the 30584 need to run qmake, which should reduce compile time. 30585 30586 * WebKit2 is now build by default if building with Qt 5. It can 30587 be disabled by passing --no-webkit2 to build-webkit. 30588 30589 The result of these changes are hopefully a cleaner and easier 30590 build system to modify, and faster build times due to no longer 30591 running qmake on every single build. It's also a first step 30592 towards possibly generating the list of sources using another 30593 build system. 30594 30595 https://bugs.webkit.org/show_bug.cgi?id=71222 30596 30597 Reviewed by Simon Hausmann. 30598 30599 * DerivedSources.pri: Added. 30600 * DerivedSources.pro: Removed. 30601 * JavaScriptCore.pro: 30602 * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro. 30603 * headers.pri: Removed. 30604 * jsc.pro: 30605 * wtf/wtf.pri: 30606 * yarr/yarr.pri: 30607 306082011-11-04 Yuqiang Xian <yuqiang.xian@intel.com> 30609 30610 More code clean-up in DFG 32_64 30611 https://bugs.webkit.org/show_bug.cgi?id=71540 30612 30613 Remove unnecessary code duplications, and fix compilation warnings. 30614 30615 Reviewed by Gavin Barraclough. 30616 30617 * dfg/DFGJITCompiler.cpp: 30618 (JSC::DFG::JITCompiler::emitCount): 30619 (JSC::DFG::JITCompiler::setSamplingFlag): 30620 (JSC::DFG::JITCompiler::clearSamplingFlag): 30621 (JSC::DFG::JITCompiler::jitAssertIsCell): 30622 * dfg/DFGJITCompiler32_64.cpp: 30623 * dfg/DFGSpeculativeJIT32_64.cpp: 30624 (JSC::DFG::SpeculativeJIT::compile): 30625 306262011-11-04 Csaba Osztrogonác <ossy@webkit.org> 30627 30628 De-virtualize JSObject::hasInstance 30629 https://bugs.webkit.org/show_bug.cgi?id=71430 30630 30631 Unreviewed rolling out r99238, because it made a test crash on all platform. 30632 30633 * API/JSCallbackObject.h: 30634 * API/JSCallbackObjectFunctions.h: 30635 (JSC::::hasInstance): 30636 * API/JSValueRef.cpp: 30637 (JSValueIsInstanceOfConstructor): 30638 * JavaScriptCore.exp: 30639 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30640 * interpreter/Interpreter.cpp: 30641 (JSC::Interpreter::privateExecute): 30642 * jit/JITStubs.cpp: 30643 (JSC::DEFINE_STUB_FUNCTION): 30644 * runtime/ClassInfo.h: 30645 * runtime/JSBoundFunction.cpp: 30646 (JSC::JSBoundFunction::hasInstance): 30647 * runtime/JSBoundFunction.h: 30648 * runtime/JSCell.cpp: 30649 * runtime/JSCell.h: 30650 * runtime/JSObject.cpp: 30651 (JSC::JSObject::hasInstance): 30652 * runtime/JSObject.h: 30653 306542011-11-03 Mark Hahnenberg <mhahnenberg@apple.com> 30655 30656 De-virtualize JSObject::getPropertyNames 30657 https://bugs.webkit.org/show_bug.cgi?id=71306 30658 30659 Reviewed by Darin Adler. 30660 30661 Added getPropertyNames to the MethodTable, changed all the virtual 30662 implementations of getPropertyNames to static ones, and replaced 30663 all call sites with corresponding lookups in the MethodTable. 30664 30665 * API/JSObjectRef.cpp: 30666 (JSObjectCopyPropertyNames): 30667 * JavaScriptCore.exp: 30668 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30669 * debugger/DebuggerActivation.cpp: 30670 (JSC::DebuggerActivation::getOwnPropertyNames): 30671 * runtime/ClassInfo.h: 30672 * runtime/JSCell.cpp: 30673 (JSC::JSCell::getPropertyNames): 30674 * runtime/JSCell.h: 30675 * runtime/JSObject.cpp: 30676 (JSC::JSObject::getPropertyNames): 30677 (JSC::JSObject::getOwnPropertyNames): 30678 * runtime/JSObject.h: 30679 * runtime/JSPropertyNameIterator.cpp: 30680 (JSC::JSPropertyNameIterator::create): 30681 * runtime/ScopeChain.cpp: 30682 (JSC::ScopeChainNode::print): 30683 * runtime/Structure.cpp: 30684 (JSC::Structure::getPropertyNamesFromStructure): 30685 * runtime/Structure.h: 30686 306872011-11-03 Darin Adler <darin@apple.com> 30688 30689 Change remaining callers of releaseRef to call leakRef 30690 https://bugs.webkit.org/show_bug.cgi?id=71422 30691 30692 * wtf/text/AtomicString.cpp: 30693 (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef. 30694 306952011-11-02 Darin Adler <darin@apple.com> 30696 30697 Change remaining callers of releaseRef to call leakRef 30698 https://bugs.webkit.org/show_bug.cgi?id=71422 30699 30700 * wtf/text/AtomicString.cpp: 30701 (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef. 30702 307032011-11-03 Mark Hahnenberg <mhahnenberg@apple.com> 30704 30705 De-virtualize JSObject::hasInstance 30706 https://bugs.webkit.org/show_bug.cgi?id=71430 30707 30708 Reviewed by Darin Adler. 30709 30710 Added hasInstance to the MethodTable, changed all the virtual 30711 implementations of hasInstance to static ones, and replaced 30712 all call sites with corresponding lookups in the MethodTable. 30713 30714 * API/JSCallbackObject.h: 30715 * API/JSCallbackObjectFunctions.h: 30716 (JSC::::hasInstance): 30717 * API/JSValueRef.cpp: 30718 (JSValueIsInstanceOfConstructor): 30719 * JavaScriptCore.exp: 30720 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30721 * interpreter/Interpreter.cpp: 30722 (JSC::Interpreter::privateExecute): 30723 * jit/JITStubs.cpp: 30724 (JSC::DEFINE_STUB_FUNCTION): 30725 * runtime/ClassInfo.h: 30726 * runtime/JSBoundFunction.cpp: 30727 (JSC::JSBoundFunction::hasInstance): 30728 * runtime/JSBoundFunction.h: 30729 * runtime/JSCell.cpp: 30730 (JSC::JSCell::hasInstance): 30731 * runtime/JSCell.h: 30732 * runtime/JSObject.cpp: 30733 (JSC::JSObject::hasInstance): 30734 * runtime/JSObject.h: 30735 307362011-11-03 Filip Pizlo <fpizlo@apple.com> 30737 30738 JIT-specific code should be able to refer to register types even on JIT-disabled builds 30739 https://bugs.webkit.org/show_bug.cgi?id=71498 30740 30741 Reviewed by Gavin Barraclough. 30742 30743 * assembler/MacroAssembler.h: 30744 (MacroAssembler::MacroAssembler): 30745 307462011-11-03 Mark Hahnenberg <mhahnenberg@apple.com> 30747 30748 De-virtualize JSObject::className 30749 https://bugs.webkit.org/show_bug.cgi?id=71428 30750 30751 Reviewed by Sam Weinig. 30752 30753 Added className to the MethodTable, changed all the virtual 30754 implementations of className to static ones, and replaced 30755 all call sites with corresponding lookups in the MethodTable. 30756 30757 * API/JSCallbackObject.h: 30758 * API/JSCallbackObjectFunctions.h: 30759 (JSC::::className): 30760 * JavaScriptCore.exp: 30761 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30762 * debugger/DebuggerActivation.cpp: 30763 (JSC::DebuggerActivation::className): 30764 * debugger/DebuggerActivation.h: 30765 * jsc.cpp: 30766 (GlobalObject::createStructure): 30767 * profiler/Profiler.cpp: 30768 (JSC::Profiler::createCallIdentifier): 30769 * runtime/ClassInfo.h: 30770 * runtime/JSCell.cpp: 30771 (JSC::JSCell::className): 30772 * runtime/JSCell.h: 30773 * runtime/JSObject.cpp: 30774 (JSC::JSObject::className): 30775 * runtime/JSObject.h: 30776 * runtime/ObjectPrototype.cpp: 30777 (JSC::objectProtoFuncToString): 30778 * testRegExp.cpp: 30779 (GlobalObject::createStructure): 30780 307812011-11-02 Jer Noble <jer.noble@apple.com> 30782 30783 Add Clock class and platform-specific implementations. 30784 https://bugs.webkit.org/show_bug.cgi?id=71341 30785 30786 Reviewed by Sam Weinig. 30787 30788 Add WTF_USE_COREAUDIO macro for use by PlatformClockCA. 30789 30790 * wtf/Platform.h: 30791 307922011-11-03 Pavel Feldman <pfeldman@chromium.org> 30793 30794 Not reviewed: fixing win build. step2. 30795 30796 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30797 307982011-11-03 Pavel Feldman <pfeldman@chromium.org> 30799 30800 Not reviewed: fix windows build, step1 30801 30802 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 30803 308042011-11-03 Pavel Feldman <pfeldman@google.com> 30805 30806 Web Inspector: preserve script location for inline handlers. 30807 https://bugs.webkit.org/show_bug.cgi?id=71367 30808 30809 Makes SourceCode factories receive TextPosition instead of the line number; 30810 Stores consistent position values in SourceCode and SourceProvider; 30811 30812 Reviewed by Yury Semikhatsky. 30813 30814 * API/JSBase.cpp: 30815 (JSEvaluateScript): 30816 (JSCheckScriptSyntax): 30817 * API/JSObjectRef.cpp: 30818 (JSObjectMakeFunction): 30819 * parser/SourceCode.h: 30820 (JSC::makeSource): 30821 * parser/SourceProvider.h: 30822 (JSC::SourceProvider::SourceProvider): 30823 (JSC::SourceProvider::startPosition): 30824 (JSC::UStringSourceProvider::create): 30825 (JSC::UStringSourceProvider::UStringSourceProvider): 30826 * runtime/FunctionConstructor.cpp: 30827 (JSC::constructFunction): 30828 (JSC::constructFunctionSkippingEvalEnabledCheck): 30829 * runtime/FunctionConstructor.h: 30830 308312011-11-03 Kentaro Hara <haraken@chromium.org> 30832 30833 Fixed wrong implementation of doubleValue % 2^{64}. 30834 https://bugs.webkit.org/show_bug.cgi?id=67980 30835 30836 Reviewed by Hajime Morita. 30837 30838 fast/events/constructors/progress-event-constructor.html was failing 30839 because of the wrong implementation of conversion from an ECMAScript value 30840 to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long). 30841 In particular, the calculation of doubleValue % 2^{64} was wrong. 30842 This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h. 30843 30844 * wtf/MathExtras.h: 30845 (doubleToInteger): Implemented the spec correctly. 30846 308472011-11-03 Sheriff Bot <webkit.review.bot@gmail.com> 30848 30849 Unreviewed, rolling out r99089. 30850 http://trac.webkit.org/changeset/99089 30851 https://bugs.webkit.org/show_bug.cgi?id=71448 30852 30853 @plt postfix for math functions cause crash on Linux 32 (the 30854 symbol is defined but it points to NULL) (Requested by 30855 zherczeg on #webkit). 30856 30857 * dfg/DFGOperations.cpp: 30858 * jit/JITStubs.cpp: 30859 * jit/ThunkGenerators.cpp: 30860 308612011-11-02 Filip Pizlo <fpizlo@apple.com> 30862 30863 DFG inlining breaks function.arguments[something] if the argument being 30864 retrieved was subjected to DFG's unboxing optimizations 30865 https://bugs.webkit.org/show_bug.cgi?id=71436 30866 30867 Reviewed by Oliver Hunt. 30868 30869 This makes inlined arguments retrieval use some of the same machinery as 30870 OSR to determine where from, and how, to retrieve a value that the DFG 30871 might have somehow squirreled away while the old JIT would put it in its 30872 obvious location, using an obvious format. 30873 30874 To that end, previously DFG-internal notions such as DataFormat, 30875 VirtualRegister, and ValueRecovery are now in bytecode/ since they are 30876 stored as part of InlineCallFrames. 30877 30878 * bytecode/CodeOrigin.h: 30879 * dfg/DFGAbstractState.cpp: 30880 (JSC::DFG::AbstractState::execute): 30881 * dfg/DFGByteCodeParser.cpp: 30882 (JSC::DFG::ByteCodeParser::handleInlining): 30883 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 30884 * dfg/DFGJITCompiler.cpp: 30885 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 30886 * dfg/DFGJITCompiler32_64.cpp: 30887 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 30888 * dfg/DFGNode.h: 30889 * dfg/DFGPropagator.cpp: 30890 (JSC::DFG::Propagator::propagateNodePredictions): 30891 * dfg/DFGSpeculativeJIT.cpp: 30892 (JSC::DFG::SpeculativeJIT::compile): 30893 * dfg/DFGSpeculativeJIT64.cpp: 30894 (JSC::DFG::SpeculativeJIT::compile): 30895 * interpreter/CallFrame.cpp: 30896 (JSC::CallFrame::trueCallerFrame): 30897 * interpreter/CallFrame.h: 30898 (JSC::ExecState::inlineCallFrame): 30899 * interpreter/Register.h: 30900 (JSC::Register::asInlineCallFrame): 30901 (JSC::Register::unboxedInt32): 30902 (JSC::Register::unboxedBoolean): 30903 (JSC::Register::unboxedCell): 30904 * runtime/Arguments.h: 30905 (JSC::Arguments::finishCreationAndCopyRegisters): 30906 309072011-11-02 Filip Pizlo <fpizlo@apple.com> 30908 30909 ValueRecovery should be moved out of the DFG JIT 30910 https://bugs.webkit.org/show_bug.cgi?id=71439 30911 30912 Reviewed by Oliver Hunt. 30913 30914 * JavaScriptCore.xcodeproj/project.pbxproj: 30915 * bytecode/DataFormat.h: Added. 30916 (JSC::dataFormatToString): 30917 (JSC::needDataFormatConversion): 30918 (JSC::isJSFormat): 30919 (JSC::isJSInteger): 30920 (JSC::isJSDouble): 30921 (JSC::isJSCell): 30922 (JSC::isJSBoolean): 30923 * bytecode/ValueRecovery.h: Added. 30924 (JSC::ValueRecovery::ValueRecovery): 30925 (JSC::ValueRecovery::alreadyInRegisterFile): 30926 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32): 30927 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell): 30928 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean): 30929 (JSC::ValueRecovery::inGPR): 30930 (JSC::ValueRecovery::inPair): 30931 (JSC::ValueRecovery::inFPR): 30932 (JSC::ValueRecovery::displacedInRegisterFile): 30933 (JSC::ValueRecovery::constant): 30934 (JSC::ValueRecovery::technique): 30935 (JSC::ValueRecovery::isInRegisters): 30936 (JSC::ValueRecovery::gpr): 30937 (JSC::ValueRecovery::tagGPR): 30938 (JSC::ValueRecovery::payloadGPR): 30939 (JSC::ValueRecovery::fpr): 30940 (JSC::ValueRecovery::virtualRegister): 30941 (JSC::ValueRecovery::dump): 30942 * bytecode/VirtualRegister.h: Added. 30943 * dfg/DFGGenerationInfo.h: 30944 (JSC::DFG::GenerationInfo::isJSFormat): 30945 * dfg/DFGSpeculativeJIT.cpp: 30946 (JSC::DFG::ValueSource::dump): 30947 * dfg/DFGSpeculativeJIT.h: 30948 * dfg/DFGVariableAccessData.h: 30949 309502011-11-02 Sam Weinig <sam@webkit.org> 30951 30952 Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter 30953 https://bugs.webkit.org/show_bug.cgi?id=71333 30954 30955 Reviewed by Gavin Barraclough. 30956 30957 Tested by fast/dom/getter-on-window-object2.html 30958 30959 * runtime/PropertyDescriptor.cpp: 30960 (JSC::PropertyDescriptor::setDescriptor): 30961 The attributes returned from Structure::get do not include Getter or Setter, so 30962 instead check if the value is a GetterSetter like we do elsewhere. If it is, update 30963 the descriptor's attributes accordingly. 30964 309652011-11-02 Yuqiang Xian <yuqiang.xian@intel.com> 30966 30967 FunctionPtr should accept FASTCALL functions on X86 30968 https://bugs.webkit.org/show_bug.cgi?id=71434 30969 30970 Reviewed by Filip Pizlo. 30971 30972 On X86 we sometimes use FASTCALL convention functions, for example the 30973 cti functions, and we may need the pointers to such functions, e.g., 30974 in current DFG register file check and arity check, though long term 30975 we may avoid such usage of cti calls in DFG. 30976 30977 * assembler/MacroAssemblerCodeRef.h: 30978 (JSC::FunctionPtr::FunctionPtr): 30979 309802011-11-02 Filip Pizlo <fpizlo@apple.com> 30981 30982 Inlined uses of the global object should use the right global object 30983 https://bugs.webkit.org/show_bug.cgi?id=71427 30984 30985 Reviewed by Oliver Hunt. 30986 30987 * dfg/DFGJITCompiler.h: 30988 (JSC::DFG::JITCompiler::globalObjectFor): 30989 * dfg/DFGSpeculativeJIT64.cpp: 30990 (JSC::DFG::SpeculativeJIT::compile): 30991 309922011-11-02 Yuqiang Xian <yuqiang.xian@intel.com> 30993 30994 Remove some unnecessary loads/stores in DFG JIT 32_64 30995 https://bugs.webkit.org/show_bug.cgi?id=71090 30996 30997 Reviewed by Filip Pizlo. 30998 30999 In fillSpeculateCell and OSR exit, some unnecessary loads/stores can 31000 be eliminated. 31001 31002 * dfg/DFGJITCompiler32_64.cpp: 31003 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 31004 * dfg/DFGSpeculativeJIT32_64.cpp: 31005 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 31006 310072011-11-02 Adam Klein <adamk@chromium.org> 31008 31009 Replace usage of StringImpl with String where possible in CharacterData and Text 31010 https://bugs.webkit.org/show_bug.cgi?id=71383 31011 31012 Reviewed by Darin Adler. 31013 31014 * wtf/text/WTFString.h: 31015 (WTF::String::containsOnlyWhitespace): Added new method. 31016 310172011-11-02 Mark Hahnenberg <mhahnenberg@apple.com> 31018 31019 De-virtualize JSObject::getOwnPropertyNames 31020 https://bugs.webkit.org/show_bug.cgi?id=71307 31021 31022 Reviewed by Darin Adler. 31023 31024 Added getOwnPropertyNames to the MethodTable, changed all the virtual 31025 implementations of getOwnPropertyNames to static ones, and replaced 31026 all call sites with corresponding lookups in the MethodTable. 31027 31028 * API/JSCallbackObject.h: 31029 * API/JSCallbackObjectFunctions.h: 31030 (JSC::::getOwnPropertyNames): 31031 * JavaScriptCore.exp: 31032 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 31033 * debugger/DebuggerActivation.cpp: 31034 (JSC::DebuggerActivation::getOwnPropertyNames): 31035 * debugger/DebuggerActivation.h: 31036 * runtime/Arguments.cpp: 31037 (JSC::Arguments::getOwnPropertyNames): 31038 * runtime/Arguments.h: 31039 * runtime/ClassInfo.h: 31040 * runtime/JSActivation.cpp: 31041 (JSC::JSActivation::getOwnPropertyNames): 31042 * runtime/JSActivation.h: 31043 * runtime/JSArray.cpp: 31044 (JSC::JSArray::getOwnPropertyNames): 31045 * runtime/JSArray.h: 31046 * runtime/JSByteArray.cpp: 31047 (JSC::JSByteArray::getOwnPropertyNames): 31048 * runtime/JSByteArray.h: 31049 * runtime/JSCell.cpp: 31050 (JSC::JSCell::getOwnPropertyNames): 31051 * runtime/JSCell.h: 31052 * runtime/JSFunction.cpp: 31053 (JSC::JSFunction::getOwnPropertyNames): 31054 * runtime/JSFunction.h: 31055 * runtime/JSNotAnObject.cpp: 31056 (JSC::JSNotAnObject::getOwnPropertyNames): 31057 * runtime/JSNotAnObject.h: 31058 * runtime/JSONObject.cpp: 31059 (JSC::Stringifier::Holder::appendNextProperty): 31060 (JSC::Walker::walk): 31061 * runtime/JSObject.cpp: 31062 (JSC::JSObject::getPropertyNames): 31063 (JSC::JSObject::getOwnPropertyNames): 31064 * runtime/JSObject.h: 31065 * runtime/JSVariableObject.cpp: 31066 (JSC::JSVariableObject::~JSVariableObject): 31067 (JSC::JSVariableObject::getOwnPropertyNames): 31068 * runtime/JSVariableObject.h: 31069 * runtime/ObjectConstructor.cpp: 31070 (JSC::objectConstructorGetOwnPropertyNames): 31071 (JSC::objectConstructorKeys): 31072 (JSC::defineProperties): 31073 * runtime/RegExpMatchesArray.h: 31074 (JSC::RegExpMatchesArray::getOwnPropertyNames): 31075 * runtime/StringObject.cpp: 31076 (JSC::StringObject::getOwnPropertyNames): 31077 * runtime/StringObject.h: 31078 * runtime/Structure.h: 31079 310802011-11-02 Dean Jackson <dino@apple.com> 31081 31082 Add ENABLE_CSS_SHADERS flag 31083 https://bugs.webkit.org/show_bug.cgi?id=71394 31084 31085 Reviewed by Sam Weinig. 31086 31087 * Configurations/FeatureDefines.xcconfig: 31088 310892011-11-02 Alexey Shabalin <a.shabalin@gmail.com> 31090 31091 TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586) 31092 https://bugs.webkit.org/show_bug.cgi?id=70610 31093 31094 Reviewed by Martin Robinson. 31095 31096 Properly annotate ASM on BSD and Linux x86 systems. 31097 31098 * dfg/DFGOperations.cpp: Add annotation for X86. 31099 * jit/JITStubs.cpp: Ditto. 31100 * jit/ThunkGenerators.cpp: Ditto. 31101 311022011-11-02 Xianzhu Wang <wangxianzhu@chromium.org> 31103 31104 Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate() 31105 https://bugs.webkit.org/show_bug.cgi?id=71347 31106 31107 Reviewed by Geoffrey Garen. 31108 31109 * wtf/text/StringImpl.cpp: 31110 (WTF::StringImpl::reallocate): 31111 311122011-11-01 Darin Adler <darin@apple.com> 31113 31114 Cut down on malloc/free a bit in the parser arena 31115 https://bugs.webkit.org/show_bug.cgi?id=71343 31116 31117 Reviewed by Oliver Hunt. 31118 31119 * parser/ParserArena.cpp: 31120 (JSC::ParserArena::deallocateObjects): Call the destructors of 31121 the deletable objects before freeing the pools. Don't call 31122 fastFree on the deletable objects any more. 31123 31124 * parser/ParserArena.h: 31125 (JSC::ParserArena::allocateDeletable): Use allocateFreeable 31126 instead of fastMalloc here. 31127 311282011-11-01 Sam Weinig <sam@webkit.org> 31129 31130 Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor 31131 https://bugs.webkit.org/show_bug.cgi?id=71336 31132 31133 Reviewed by Darin Adler. 31134 31135 * debugger/DebuggerActivation.cpp: 31136 * debugger/DebuggerActivation.h: 31137 Remove overrides of lookupGetter/lookupSetter, which are no longer needed 31138 due to implementing getPropertyDescriptor. 31139 31140 * runtime/JSObject.cpp: 31141 (JSC::JSObject::lookupGetter): 31142 (JSC::JSObject::lookupSetter): 31143 * runtime/JSObject.h: 31144 De-virtualize lookupGetter/lookupSetter, and implement them in terms of 31145 getPropertyDescriptor. 31146 311472011-11-01 Mark Hahnenberg <mhahnenberg@apple.com> 31148 31149 De-virtualize JSObject::defineSetter 31150 https://bugs.webkit.org/show_bug.cgi?id=71303 31151 31152 Reviewed by Darin Adler. 31153 31154 Added defineSetter to the MethodTable, changed all the virtual 31155 implementations of defineSetter to static ones, and replaced 31156 all call sites with corresponding lookups in the MethodTable. 31157 31158 * JavaScriptCore.exp: 31159 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 31160 * debugger/DebuggerActivation.cpp: 31161 (JSC::DebuggerActivation::defineSetter): 31162 * debugger/DebuggerActivation.h: 31163 * interpreter/Interpreter.cpp: 31164 (JSC::Interpreter::privateExecute): 31165 * jit/JITStubs.cpp: 31166 (JSC::DEFINE_STUB_FUNCTION): 31167 * runtime/ClassInfo.h: 31168 * runtime/JSCell.cpp: 31169 (JSC::JSCell::defineSetter): 31170 * runtime/JSCell.h: 31171 * runtime/JSGlobalObject.cpp: 31172 (JSC::JSGlobalObject::defineSetter): 31173 * runtime/JSGlobalObject.h: 31174 * runtime/JSObject.cpp: 31175 (JSC::JSObject::defineSetter): 31176 (JSC::putDescriptor): 31177 * runtime/JSObject.h: 31178 * runtime/ObjectPrototype.cpp: 31179 (JSC::objectProtoFuncDefineSetter): 31180 311812011-11-01 Filip Pizlo <fpizlo@apple.com> 31182 31183 DFG inlining breaks function.arguments 31184 https://bugs.webkit.org/show_bug.cgi?id=71329 31185 31186 Reviewed by Oliver Hunt. 31187 31188 The DFG was forgetting to store code origin mappings for inlined 31189 call sites. Some of the fast-path optimizations for 31190 CallFrame::trueCallerFrame() were wrong. An assertion in Arguments 31191 was wrong. 31192 31193 I also took the opportunity to decrease code duplication between 31194 DFG64 and DFG32_64, because I didn't feel like writing the same 31195 code twice. 31196 31197 * bytecode/CodeBlock.h: 31198 (JSC::ExecState::isInlineCallFrame): 31199 * dfg/DFGJITCompiler.cpp: 31200 (JSC::DFG::JITCompiler::compileEntry): 31201 (JSC::DFG::JITCompiler::compileBody): 31202 (JSC::DFG::JITCompiler::link): 31203 (JSC::DFG::JITCompiler::compile): 31204 (JSC::DFG::JITCompiler::compileFunction): 31205 * dfg/DFGJITCompiler32_64.cpp: 31206 * dfg/DFGNode.h: 31207 * interpreter/CallFrame.cpp: 31208 (JSC::CallFrame::trueCallerFrame): 31209 * interpreter/CallFrame.h: 31210 * runtime/Arguments.h: 31211 (JSC::Arguments::getArgumentsData): 31212 312132011-11-01 Xianzhu Wang <wangxianzhu@chromium.org> 31214 31215 StringImpl::reallocate() should have a 8-bit version 31216 https://bugs.webkit.org/show_bug.cgi?id=71210 31217 31218 Reviewed by Geoffrey Garen. 31219 31220 * wtf/text/StringImpl.cpp: 31221 (WTF::StringImpl::reallocate): 31222 * wtf/text/StringImpl.h: 31223 312242011-10-31 Filip Pizlo <fpizlo@apple.com> 31225 31226 The GC should be parallel 31227 https://bugs.webkit.org/show_bug.cgi?id=70995 31228 31229 Reviewed by Geoff Garen. 31230 31231 Added parallel tracing to the GC. This works by having local mark 31232 stacks per thread, and a global shared one. Threads sometimes 31233 donate cells from the mark stack to the global one if the heuristics 31234 tell them that it's affordable to do so. Threads that have depleted 31235 their local mark stacks try to steal some from the shared one. 31236 31237 Marking is now done using an atomic weak relaxed CAS (compare-and-swap). 31238 31239 This is a 23% speed-up on V8-splay when I use 4 marking threads, 31240 leading to a 3.5% speed-up on V8. 31241 31242 It also appears that this reduces GC pause times on real websites by 31243 more than half. 31244 31245 * JavaScriptCore.exp: 31246 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 31247 * heap/Heap.cpp: 31248 (JSC::Heap::Heap): 31249 (JSC::Heap::~Heap): 31250 (JSC::Heap::markRoots): 31251 * heap/Heap.h: 31252 * heap/MarkStack.cpp: 31253 (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator): 31254 (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator): 31255 (JSC::MarkStackSegmentAllocator::allocate): 31256 (JSC::MarkStackSegmentAllocator::release): 31257 (JSC::MarkStackSegmentAllocator::shrinkReserve): 31258 (JSC::MarkStackArray::MarkStackArray): 31259 (JSC::MarkStackArray::~MarkStackArray): 31260 (JSC::MarkStackArray::expand): 31261 (JSC::MarkStackArray::refill): 31262 (JSC::MarkStackArray::donateSomeCellsTo): 31263 (JSC::MarkStackArray::stealSomeCellsFrom): 31264 (JSC::MarkStackThreadSharedData::markingThreadMain): 31265 (JSC::MarkStackThreadSharedData::markingThreadStartFunc): 31266 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): 31267 (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData): 31268 (JSC::MarkStackThreadSharedData::reset): 31269 (JSC::MarkStack::reset): 31270 (JSC::SlotVisitor::donateSlow): 31271 (JSC::SlotVisitor::drain): 31272 (JSC::SlotVisitor::drainFromShared): 31273 (JSC::MarkStack::mergeOpaqueRoots): 31274 (JSC::SlotVisitor::harvestWeakReferences): 31275 * heap/MarkStack.h: 31276 (JSC::MarkStackSegment::data): 31277 (JSC::MarkStackSegment::capacityFromSize): 31278 (JSC::MarkStackSegment::sizeFromCapacity): 31279 (JSC::MarkStackArray::postIncTop): 31280 (JSC::MarkStackArray::preDecTop): 31281 (JSC::MarkStackArray::setTopForFullSegment): 31282 (JSC::MarkStackArray::setTopForEmptySegment): 31283 (JSC::MarkStackArray::top): 31284 (JSC::MarkStackArray::validatePrevious): 31285 (JSC::MarkStack::addWeakReferenceHarvester): 31286 (JSC::MarkStack::mergeOpaqueRootsIfNecessary): 31287 (JSC::MarkStack::mergeOpaqueRootsIfProfitable): 31288 (JSC::MarkStack::MarkStack): 31289 (JSC::MarkStack::addOpaqueRoot): 31290 (JSC::MarkStack::containsOpaqueRoot): 31291 (JSC::MarkStack::opaqueRootCount): 31292 (JSC::MarkStackArray::append): 31293 (JSC::MarkStackArray::canRemoveLast): 31294 (JSC::MarkStackArray::removeLast): 31295 (JSC::MarkStackArray::isEmpty): 31296 (JSC::MarkStackArray::canDonateSomeCells): 31297 (JSC::MarkStackArray::size): 31298 (JSC::ParallelModeEnabler::ParallelModeEnabler): 31299 (JSC::ParallelModeEnabler::~ParallelModeEnabler): 31300 * heap/MarkedBlock.h: 31301 (JSC::MarkedBlock::testAndSetMarked): 31302 * heap/SlotVisitor.h: 31303 (JSC::SlotVisitor::donate): 31304 (JSC::SlotVisitor::donateAndDrain): 31305 (JSC::SlotVisitor::donateKnownParallel): 31306 (JSC::SlotVisitor::SlotVisitor): 31307 * heap/WeakReferenceHarvester.h: 31308 * runtime/Heuristics.cpp: 31309 (JSC::Heuristics::initializeHeuristics): 31310 * runtime/Heuristics.h: 31311 * wtf/Atomics.h: 31312 (WTF::weakCompareAndSwap): 31313 * wtf/Bitmap.h: 31314 (WTF::::Bitmap): 31315 (WTF::::get): 31316 (WTF::::set): 31317 (WTF::::testAndSet): 31318 (WTF::::testAndClear): 31319 (WTF::::concurrentTestAndSet): 31320 (WTF::::concurrentTestAndClear): 31321 (WTF::::clear): 31322 (WTF::::clearAll): 31323 (WTF::::nextPossiblyUnset): 31324 (WTF::::findRunOfZeros): 31325 (WTF::::count): 31326 (WTF::::isEmpty): 31327 (WTF::::isFull): 31328 * wtf/MainThread.h: 31329 (WTF::isMainThreadOrGCThread): 31330 * wtf/Platform.h: 31331 * wtf/ThreadSpecific.h: 31332 (WTF::::isSet): 31333 * wtf/mac/MainThreadMac.mm: 31334 (WTF::initializeGCThreads): 31335 (WTF::initializeMainThreadPlatform): 31336 (WTF::initializeMainThreadToProcessMainThreadPlatform): 31337 (WTF::registerGCThread): 31338 (WTF::isMainThreadOrGCThread): 31339 313402011-10-31 Mark Hahnenberg <mhahnenberg@apple.com> 31341 31342 De-virtualize JSObject::defaultValue 31343 https://bugs.webkit.org/show_bug.cgi?id=71146 31344 31345 Reviewed by Sam Weinig. 31346 31347 Added defaultValue to the MethodTable. Replaced all virtual versions of 31348 defaultValue with static versions. Replaced all call sites with lookups in the 31349 MethodTable. 31350 31351 * JavaScriptCore.exp: 31352 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 31353 * runtime/ClassInfo.h: 31354 * runtime/ExceptionHelpers.cpp: 31355 (JSC::InterruptedExecutionError::defaultValue): 31356 (JSC::TerminatedExecutionError::defaultValue): 31357 * runtime/ExceptionHelpers.h: 31358 * runtime/JSCell.cpp: 31359 (JSC::JSCell::defaultValue): 31360 * runtime/JSCell.h: 31361 * runtime/JSNotAnObject.cpp: 31362 (JSC::JSNotAnObject::defaultValue): 31363 * runtime/JSNotAnObject.h: 31364 * runtime/JSObject.cpp: 31365 (JSC::JSObject::getPrimitiveNumber): 31366 (JSC::JSObject::defaultValue): 31367 * runtime/JSObject.h: 31368 (JSC::JSObject::toPrimitive): 31369 313702011-10-31 Mark Hahnenberg <mhahnenberg@apple.com> 31371 31372 Interpreter build fix 31373 31374 Unreviewed build fix 31375 31376 * interpreter/Interpreter.cpp: 31377 (JSC::Interpreter::privateExecute): 31378 * runtime/Executable.cpp: 31379 (JSC::FunctionExecutable::compileForCallInternal): 31380 (JSC::FunctionExecutable::compileForConstructInternal): 31381 313822011-10-31 Filip Pizlo <fpizlo@apple.com> 31383 31384 DFG OSR exits should add to value profiles 31385 https://bugs.webkit.org/show_bug.cgi?id=71202 31386 31387 Reviewed by Oliver Hunt. 31388 31389 Value profiles now have an extra special slot not used by the old JIT's 31390 profiling, which is reserved for OSR exits. 31391 31392 The DFG's OSR exit code now knows which register, node index, and value 31393 profiling site was responsible for the (possibly flawed) information that 31394 led to the OSR failure. This is somewhat opportunistic and imperfect; 31395 if there's a lot of control flow between the value profiling site and the 31396 OSR failure point, then this mechanism simply gives up. It also gives up 31397 if the OSR failure is caused by either known deficiencies in the DFG 31398 (like that we always assume that the index in a strict charCodeAt access 31399 is within bounds) or where the OSR failure would be catalogues and 31400 profiled through other means (like slow case counters). 31401 31402 This patch also adds the notion of a JSValueRegs, which is either a 31403 single register in JSVALUE64 or a pair in JSVALUE32_64. We should 31404 probably move the 32_64 DFG towards using this, since it often makes it 31405 easier to share code between 64 and 32_64. 31406 31407 Also fixed a number of pathologies that this uncovered. op_method_check 31408 didn't have a value profiling site on the slow path. GetById should not 31409 always force OSR exit if it never executed in the old JIT; we may be 31410 able to infer its type if it's a array or string length get. Finally, 31411 these changes benefit from a slight tweak to optimization delay 31412 heuristics (profile fullness is now 0.35 instead of 0.25). 31413 31414 3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes 31415 and imaging-darkroom. 31416 31417 * bytecode/ValueProfile.cpp: 31418 (JSC::ValueProfile::computeStatistics): 31419 (JSC::ValueProfile::computeUpdatedPrediction): 31420 * bytecode/ValueProfile.h: 31421 (JSC::ValueProfile::ValueProfile): 31422 (JSC::ValueProfile::specFailBucket): 31423 (JSC::ValueProfile::numberOfSamples): 31424 (JSC::ValueProfile::isLive): 31425 (JSC::ValueProfile::numberOfInt32s): 31426 (JSC::ValueProfile::numberOfDoubles): 31427 (JSC::ValueProfile::numberOfCells): 31428 (JSC::ValueProfile::numberOfObjects): 31429 (JSC::ValueProfile::numberOfFinalObjects): 31430 (JSC::ValueProfile::numberOfStrings): 31431 (JSC::ValueProfile::numberOfArrays): 31432 (JSC::ValueProfile::numberOfBooleans): 31433 (JSC::ValueProfile::dump): 31434 * dfg/DFGAbstractState.cpp: 31435 (JSC::DFG::AbstractState::execute): 31436 * dfg/DFGByteCodeParser.cpp: 31437 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): 31438 (JSC::DFG::ByteCodeParser::getPrediction): 31439 (JSC::DFG::ByteCodeParser::parseBlock): 31440 * dfg/DFGGPRInfo.h: 31441 (JSC::DFG::JSValueRegs::JSValueRegs): 31442 (JSC::DFG::JSValueRegs::operator!): 31443 (JSC::DFG::JSValueRegs::gpr): 31444 (JSC::DFG::JSValueSource::JSValueSource): 31445 (JSC::DFG::JSValueSource::unboxedCell): 31446 (JSC::DFG::JSValueSource::operator!): 31447 (JSC::DFG::JSValueSource::isAddress): 31448 (JSC::DFG::JSValueSource::offset): 31449 (JSC::DFG::JSValueSource::base): 31450 (JSC::DFG::JSValueSource::gpr): 31451 (JSC::DFG::JSValueSource::asAddress): 31452 (JSC::DFG::JSValueSource::notAddress): 31453 (JSC::DFG::JSValueRegs::tagGPR): 31454 (JSC::DFG::JSValueRegs::payloadGPR): 31455 (JSC::DFG::JSValueSource::tagGPR): 31456 (JSC::DFG::JSValueSource::payloadGPR): 31457 (JSC::DFG::JSValueSource::hasKnownTag): 31458 (JSC::DFG::JSValueSource::tag): 31459 * dfg/DFGGenerationInfo.h: 31460 (JSC::DFG::GenerationInfo::jsValueRegs): 31461 * dfg/DFGGraph.h: 31462 (JSC::DFG::Graph::valueProfileFor): 31463 * dfg/DFGJITCodeGenerator.h: 31464 (JSC::JSValueOperand::jsValueRegs): 31465 * dfg/DFGJITCompiler.cpp: 31466 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 31467 * dfg/DFGJITCompiler.h: 31468 (JSC::DFG::JITCompiler::valueProfileFor): 31469 * dfg/DFGJITCompiler32_64.cpp: 31470 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 31471 * dfg/DFGPropagator.cpp: 31472 (JSC::DFG::Propagator::propagateNodePredictions): 31473 * dfg/DFGSpeculativeJIT.cpp: 31474 (JSC::DFG::OSRExit::OSRExit): 31475 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 31476 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 31477 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): 31478 (JSC::DFG::SpeculativeJIT::compileGetByValOnString): 31479 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 31480 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): 31481 * dfg/DFGSpeculativeJIT.h: 31482 (JSC::DFG::SpeculativeJIT::speculationCheck): 31483 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 31484 * dfg/DFGSpeculativeJIT32_64.cpp: 31485 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 31486 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 31487 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 31488 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 31489 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 31490 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 31491 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 31492 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 31493 (JSC::DFG::SpeculativeJIT::compile): 31494 * dfg/DFGSpeculativeJIT64.cpp: 31495 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 31496 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 31497 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 31498 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 31499 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 31500 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 31501 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 31502 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 31503 (JSC::DFG::SpeculativeJIT::emitBranch): 31504 (JSC::DFG::SpeculativeJIT::compile): 31505 * jit/JITPropertyAccess.cpp: 31506 (JSC::JIT::emitSlow_op_method_check): 31507 * jit/JITPropertyAccess32_64.cpp: 31508 (JSC::JIT::emitSlow_op_method_check): 31509 * runtime/Heuristics.cpp: 31510 (JSC::Heuristics::initializeHeuristics): 31511 * runtime/JSValue.h: 31512 315132011-10-31 Sam Weinig <sam@webkit.org> 31514 31515 Remove need for virtual JSObject::unwrappedObject 31516 https://bugs.webkit.org/show_bug.cgi?id=71034 31517 31518 Reviewed by Geoffrey Garen. 31519 31520 * JavaScriptCore.exp: 31521 Update exports. 31522 31523 * CMakeLists.txt: 31524 * GNUmakefile.list.am: 31525 * JavaScriptCore.exp: 31526 * JavaScriptCore.gypi: 31527 * JavaScriptCore.pro: 31528 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 31529 * JavaScriptCore.xcodeproj/project.pbxproj: 31530 Add JSGlobalThis.cpp. 31531 31532 * runtime/JSGlobalThis.cpp: Added. 31533 (JSC::JSGlobalThis::visitChildren): 31534 (JSC::JSGlobalThis::unwrappedObject): 31535 * runtime/JSGlobalThis.h: 31536 (JSC::JSGlobalThis::createStructure): 31537 Move underlying object from JSDOMWindowShell down to JSGlobalThis 31538 and corresponding visitChildren method. 31539 31540 * runtime/JSObject.cpp: 31541 (JSC::JSObject::unwrappedObject): 31542 Change unwrappedObject from virtual, to just needing an if check. 31543 31544 * runtime/JSObject.h: 31545 (JSC::JSObject::isGlobalThis): 31546 * runtime/JSType.h: 31547 Add isGlobalThis predicate and type. 31548 315492011-10-31 Xianzhu Wang <wangxianzhu@chromium.org> 31550 31551 WTF::StringImpl::create(const char*, unsigned) calls itself 31552 https://bugs.webkit.org/show_bug.cgi?id=71206 31553 31554 The original implementation just calls itself, causing infinite recursion. 31555 Cast the first parameter to const LChar* to fix that. 31556 31557 Reviewed by Ryosuke Niwa. 31558 31559 * wtf/text/StringImpl.h: 31560 (WTF::StringImpl::create): 31561 315622011-10-31 Andy Wingo <wingo@igalia.com> 31563 31564 Fix DFG JIT compilation on Linux targets. 31565 https://bugs.webkit.org/show_bug.cgi?id=70904 31566 31567 Reviewed by Darin Adler. 31568 31569 * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this 31570 macro. 31571 31572 * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the 31573 simplified definition from jit/JITStubs.cpp. 31574 (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue): 31575 Use the macro to access trampoline targets through the PLT on PIC 31576 systems, instead of introducing a text relocation. Otherwise, the 31577 library fails to link. 31578 315792011-10-31 Mark Hahnenberg <mhahnenberg@apple.com> 31580 31581 De-virtualize JSObject::defineGetter 31582 https://bugs.webkit.org/show_bug.cgi?id=71134 31583 31584 Reviewed by Darin Adler. 31585 31586 Added defineGetter to the MethodTable. Replaced all virtual versions of defineGetter 31587 with static versions. Replaced all call sites with lookups in the MethodTable. 31588 31589 * JavaScriptCore.exp: 31590 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 31591 * debugger/DebuggerActivation.cpp: 31592 (JSC::DebuggerActivation::defineGetter): 31593 * debugger/DebuggerActivation.h: 31594 * interpreter/Interpreter.cpp: 31595 (JSC::Interpreter::privateExecute): 31596 * jit/JITStubs.cpp: 31597 (JSC::DEFINE_STUB_FUNCTION): 31598 * runtime/ClassInfo.h: 31599 * runtime/JSCell.cpp: 31600 (JSC::JSCell::defineGetter): 31601 * runtime/JSCell.h: 31602 * runtime/JSGlobalObject.cpp: 31603 (JSC::JSGlobalObject::defineGetter): 31604 * runtime/JSGlobalObject.h: 31605 * runtime/JSObject.cpp: 31606 (JSC::JSObject::defineGetter): 31607 (JSC::putDescriptor): 31608 * runtime/JSObject.h: 31609 * runtime/ObjectPrototype.cpp: 31610 (JSC::objectProtoFuncDefineGetter): 31611 316122011-10-31 Michael Saboff <msaboff@apple.com> 31613 31614 Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData 31615 https://bugs.webkit.org/show_bug.cgi?id=71138 31616 31617 Restructure and movement of Lexer and Parser code. 31618 Moved Lexer and Parser objects out of JSGlobalData. 31619 Added a new ParserTokens class and instance to JSGlobalData that 31620 have JavaScript token related definitions. 31621 Replaced JSGlobalData arguments to Node classes with lineNumber, 31622 as that was the only use of the JSGlobalData. 31623 Combined JSParser and Parser classes into one class, 31624 eliminating JSParser.h and .cpp. 31625 Various supporting #include changes. 31626 31627 These mostly mechanical changes are done in preparation to 31628 making the Lexer and Parser template classes. 31629 31630 Reviewed by Darin Adler. 31631 31632 * CMakeLists.txt: 31633 * GNUmakefile.list.am: 31634 * JavaScriptCore.gypi: 31635 * JavaScriptCore.pro: 31636 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 31637 * JavaScriptCore.xcodeproj/project.pbxproj: 31638 * bytecompiler/NodesCodegen.cpp: 31639 (JSC::ArrayNode::toArgumentList): 31640 (JSC::ApplyFunctionCallDotNode::emitBytecode): 31641 * parser/ASTBuilder.h: 31642 (JSC::ASTBuilder::ASTBuilder): 31643 (JSC::ASTBuilder::createSourceElements): 31644 (JSC::ASTBuilder::createCommaExpr): 31645 (JSC::ASTBuilder::createLogicalNot): 31646 (JSC::ASTBuilder::createUnaryPlus): 31647 (JSC::ASTBuilder::createVoid): 31648 (JSC::ASTBuilder::thisExpr): 31649 (JSC::ASTBuilder::createResolve): 31650 (JSC::ASTBuilder::createObjectLiteral): 31651 (JSC::ASTBuilder::createArray): 31652 (JSC::ASTBuilder::createNumberExpr): 31653 (JSC::ASTBuilder::createString): 31654 (JSC::ASTBuilder::createBoolean): 31655 (JSC::ASTBuilder::createNull): 31656 (JSC::ASTBuilder::createBracketAccess): 31657 (JSC::ASTBuilder::createDotAccess): 31658 (JSC::ASTBuilder::createRegExp): 31659 (JSC::ASTBuilder::createNewExpr): 31660 (JSC::ASTBuilder::createConditionalExpr): 31661 (JSC::ASTBuilder::createAssignResolve): 31662 (JSC::ASTBuilder::createFunctionExpr): 31663 (JSC::ASTBuilder::createFunctionBody): 31664 (JSC::ASTBuilder::createGetterOrSetterProperty): 31665 (JSC::ASTBuilder::createArguments): 31666 (JSC::ASTBuilder::createArgumentsList): 31667 (JSC::ASTBuilder::createPropertyList): 31668 (JSC::ASTBuilder::createElementList): 31669 (JSC::ASTBuilder::createFormalParameterList): 31670 (JSC::ASTBuilder::createClause): 31671 (JSC::ASTBuilder::createClauseList): 31672 (JSC::ASTBuilder::createFuncDeclStatement): 31673 (JSC::ASTBuilder::createBlockStatement): 31674 (JSC::ASTBuilder::createExprStatement): 31675 (JSC::ASTBuilder::createIfStatement): 31676 (JSC::ASTBuilder::createForLoop): 31677 (JSC::ASTBuilder::createForInLoop): 31678 (JSC::ASTBuilder::createEmptyStatement): 31679 (JSC::ASTBuilder::createVarStatement): 31680 (JSC::ASTBuilder::createReturnStatement): 31681 (JSC::ASTBuilder::createBreakStatement): 31682 (JSC::ASTBuilder::createContinueStatement): 31683 (JSC::ASTBuilder::createTryStatement): 31684 (JSC::ASTBuilder::createSwitchStatement): 31685 (JSC::ASTBuilder::createWhileStatement): 31686 (JSC::ASTBuilder::createDoWhileStatement): 31687 (JSC::ASTBuilder::createLabelStatement): 31688 (JSC::ASTBuilder::createWithStatement): 31689 (JSC::ASTBuilder::createThrowStatement): 31690 (JSC::ASTBuilder::createDebugger): 31691 (JSC::ASTBuilder::createConstStatement): 31692 (JSC::ASTBuilder::appendConstDecl): 31693 (JSC::ASTBuilder::combineCommaNodes): 31694 (JSC::ASTBuilder::appendBinaryOperation): 31695 (JSC::ASTBuilder::createAssignment): 31696 (JSC::ASTBuilder::createNumber): 31697 (JSC::ASTBuilder::makeTypeOfNode): 31698 (JSC::ASTBuilder::makeDeleteNode): 31699 (JSC::ASTBuilder::makeNegateNode): 31700 (JSC::ASTBuilder::makeBitwiseNotNode): 31701 (JSC::ASTBuilder::makeMultNode): 31702 (JSC::ASTBuilder::makeDivNode): 31703 (JSC::ASTBuilder::makeModNode): 31704 (JSC::ASTBuilder::makeAddNode): 31705 (JSC::ASTBuilder::makeSubNode): 31706 (JSC::ASTBuilder::makeLeftShiftNode): 31707 (JSC::ASTBuilder::makeRightShiftNode): 31708 (JSC::ASTBuilder::makeURightShiftNode): 31709 (JSC::ASTBuilder::makeBitOrNode): 31710 (JSC::ASTBuilder::makeBitAndNode): 31711 (JSC::ASTBuilder::makeBitXOrNode): 31712 (JSC::ASTBuilder::makeFunctionCallNode): 31713 (JSC::ASTBuilder::makeBinaryNode): 31714 (JSC::ASTBuilder::makeAssignNode): 31715 (JSC::ASTBuilder::makePrefixNode): 31716 (JSC::ASTBuilder::makePostfixNode): 31717 * parser/JSParser.cpp: Removed. 31718 * parser/JSParser.h: Removed. 31719 * parser/Lexer.cpp: 31720 (JSC::Keywords::Keywords): 31721 (JSC::Lexer::Lexer): 31722 (JSC::Lexer::~Lexer): 31723 (JSC::Lexer::setCode): 31724 (JSC::Lexer::parseIdentifier): 31725 * parser/Lexer.h: 31726 (JSC::Keywords::isKeyword): 31727 (JSC::Keywords::getKeyword): 31728 (JSC::Keywords::~Keywords): 31729 (JSC::Lexer::setIsReparsing): 31730 (JSC::Lexer::isReparsing): 31731 (JSC::Lexer::lineNumber): 31732 (JSC::Lexer::setLastLineNumber): 31733 (JSC::Lexer::lastLineNumber): 31734 (JSC::Lexer::prevTerminator): 31735 (JSC::Lexer::sawError): 31736 (JSC::Lexer::getErrorMessage): 31737 (JSC::Lexer::currentOffset): 31738 (JSC::Lexer::setOffset): 31739 (JSC::Lexer::setLineNumber): 31740 (JSC::Lexer::sourceProvider): 31741 (JSC::Lexer::isWhiteSpace): 31742 (JSC::Lexer::isLineTerminator): 31743 (JSC::Lexer::convertHex): 31744 (JSC::Lexer::convertUnicode): 31745 (JSC::Lexer::makeIdentifier): 31746 (JSC::Lexer::lexExpectIdentifier): 31747 * parser/NodeConstructors.h: 31748 (JSC::ParserArenaFreeable::operator new): 31749 (JSC::ParserArenaDeletable::operator new): 31750 (JSC::ParserArenaRefCounted::ParserArenaRefCounted): 31751 (JSC::Node::Node): 31752 (JSC::ExpressionNode::ExpressionNode): 31753 (JSC::StatementNode::StatementNode): 31754 (JSC::NullNode::NullNode): 31755 (JSC::BooleanNode::BooleanNode): 31756 (JSC::NumberNode::NumberNode): 31757 (JSC::StringNode::StringNode): 31758 (JSC::RegExpNode::RegExpNode): 31759 (JSC::ThisNode::ThisNode): 31760 (JSC::ResolveNode::ResolveNode): 31761 (JSC::ElementNode::ElementNode): 31762 (JSC::ArrayNode::ArrayNode): 31763 (JSC::PropertyNode::PropertyNode): 31764 (JSC::PropertyListNode::PropertyListNode): 31765 (JSC::ObjectLiteralNode::ObjectLiteralNode): 31766 (JSC::BracketAccessorNode::BracketAccessorNode): 31767 (JSC::DotAccessorNode::DotAccessorNode): 31768 (JSC::ArgumentListNode::ArgumentListNode): 31769 (JSC::ArgumentsNode::ArgumentsNode): 31770 (JSC::NewExprNode::NewExprNode): 31771 (JSC::EvalFunctionCallNode::EvalFunctionCallNode): 31772 (JSC::FunctionCallValueNode::FunctionCallValueNode): 31773 (JSC::FunctionCallResolveNode::FunctionCallResolveNode): 31774 (JSC::FunctionCallBracketNode::FunctionCallBracketNode): 31775 (JSC::FunctionCallDotNode::FunctionCallDotNode): 31776 (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode): 31777 (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode): 31778 (JSC::PrePostResolveNode::PrePostResolveNode): 31779 (JSC::PostfixResolveNode::PostfixResolveNode): 31780 (JSC::PostfixBracketNode::PostfixBracketNode): 31781 (JSC::PostfixDotNode::PostfixDotNode): 31782 (JSC::PostfixErrorNode::PostfixErrorNode): 31783 (JSC::DeleteResolveNode::DeleteResolveNode): 31784 (JSC::DeleteBracketNode::DeleteBracketNode): 31785 (JSC::DeleteDotNode::DeleteDotNode): 31786 (JSC::DeleteValueNode::DeleteValueNode): 31787 (JSC::VoidNode::VoidNode): 31788 (JSC::TypeOfResolveNode::TypeOfResolveNode): 31789 (JSC::TypeOfValueNode::TypeOfValueNode): 31790 (JSC::PrefixResolveNode::PrefixResolveNode): 31791 (JSC::PrefixBracketNode::PrefixBracketNode): 31792 (JSC::PrefixDotNode::PrefixDotNode): 31793 (JSC::PrefixErrorNode::PrefixErrorNode): 31794 (JSC::UnaryOpNode::UnaryOpNode): 31795 (JSC::UnaryPlusNode::UnaryPlusNode): 31796 (JSC::NegateNode::NegateNode): 31797 (JSC::BitwiseNotNode::BitwiseNotNode): 31798 (JSC::LogicalNotNode::LogicalNotNode): 31799 (JSC::BinaryOpNode::BinaryOpNode): 31800 (JSC::MultNode::MultNode): 31801 (JSC::DivNode::DivNode): 31802 (JSC::ModNode::ModNode): 31803 (JSC::AddNode::AddNode): 31804 (JSC::SubNode::SubNode): 31805 (JSC::LeftShiftNode::LeftShiftNode): 31806 (JSC::RightShiftNode::RightShiftNode): 31807 (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode): 31808 (JSC::LessNode::LessNode): 31809 (JSC::GreaterNode::GreaterNode): 31810 (JSC::LessEqNode::LessEqNode): 31811 (JSC::GreaterEqNode::GreaterEqNode): 31812 (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode): 31813 (JSC::InstanceOfNode::InstanceOfNode): 31814 (JSC::InNode::InNode): 31815 (JSC::EqualNode::EqualNode): 31816 (JSC::NotEqualNode::NotEqualNode): 31817 (JSC::StrictEqualNode::StrictEqualNode): 31818 (JSC::NotStrictEqualNode::NotStrictEqualNode): 31819 (JSC::BitAndNode::BitAndNode): 31820 (JSC::BitOrNode::BitOrNode): 31821 (JSC::BitXOrNode::BitXOrNode): 31822 (JSC::LogicalOpNode::LogicalOpNode): 31823 (JSC::ConditionalNode::ConditionalNode): 31824 (JSC::ReadModifyResolveNode::ReadModifyResolveNode): 31825 (JSC::AssignResolveNode::AssignResolveNode): 31826 (JSC::ReadModifyBracketNode::ReadModifyBracketNode): 31827 (JSC::AssignBracketNode::AssignBracketNode): 31828 (JSC::AssignDotNode::AssignDotNode): 31829 (JSC::ReadModifyDotNode::ReadModifyDotNode): 31830 (JSC::AssignErrorNode::AssignErrorNode): 31831 (JSC::CommaNode::CommaNode): 31832 (JSC::ConstStatementNode::ConstStatementNode): 31833 (JSC::SourceElements::SourceElements): 31834 (JSC::EmptyStatementNode::EmptyStatementNode): 31835 (JSC::DebuggerStatementNode::DebuggerStatementNode): 31836 (JSC::ExprStatementNode::ExprStatementNode): 31837 (JSC::VarStatementNode::VarStatementNode): 31838 (JSC::IfNode::IfNode): 31839 (JSC::IfElseNode::IfElseNode): 31840 (JSC::DoWhileNode::DoWhileNode): 31841 (JSC::WhileNode::WhileNode): 31842 (JSC::ForNode::ForNode): 31843 (JSC::ContinueNode::ContinueNode): 31844 (JSC::BreakNode::BreakNode): 31845 (JSC::ReturnNode::ReturnNode): 31846 (JSC::WithNode::WithNode): 31847 (JSC::LabelNode::LabelNode): 31848 (JSC::ThrowNode::ThrowNode): 31849 (JSC::TryNode::TryNode): 31850 (JSC::ParameterNode::ParameterNode): 31851 (JSC::FuncExprNode::FuncExprNode): 31852 (JSC::FuncDeclNode::FuncDeclNode): 31853 (JSC::CaseClauseNode::CaseClauseNode): 31854 (JSC::ClauseListNode::ClauseListNode): 31855 (JSC::CaseBlockNode::CaseBlockNode): 31856 (JSC::SwitchNode::SwitchNode): 31857 (JSC::ConstDeclNode::ConstDeclNode): 31858 (JSC::BlockNode::BlockNode): 31859 (JSC::ForInNode::ForInNode): 31860 * parser/NodeInfo.h: 31861 * parser/Nodes.cpp: 31862 (JSC::StatementNode::setLoc): 31863 (JSC::ScopeNode::ScopeNode): 31864 (JSC::ProgramNode::ProgramNode): 31865 (JSC::ProgramNode::create): 31866 (JSC::EvalNode::EvalNode): 31867 (JSC::EvalNode::create): 31868 (JSC::FunctionBodyNode::FunctionBodyNode): 31869 (JSC::FunctionBodyNode::create): 31870 * parser/Nodes.h: 31871 (JSC::Node::lineNo): 31872 * parser/Parser.cpp: 31873 (JSC::Parser::Parser): 31874 (JSC::Parser::~Parser): 31875 (JSC::Parser::parseInner): 31876 (JSC::Parser::allowAutomaticSemicolon): 31877 (JSC::Parser::parseSourceElements): 31878 (JSC::Parser::parseVarDeclaration): 31879 (JSC::Parser::parseConstDeclaration): 31880 (JSC::Parser::parseDoWhileStatement): 31881 (JSC::Parser::parseWhileStatement): 31882 (JSC::Parser::parseVarDeclarationList): 31883 (JSC::Parser::parseConstDeclarationList): 31884 (JSC::Parser::parseForStatement): 31885 (JSC::Parser::parseBreakStatement): 31886 (JSC::Parser::parseContinueStatement): 31887 (JSC::Parser::parseReturnStatement): 31888 (JSC::Parser::parseThrowStatement): 31889 (JSC::Parser::parseWithStatement): 31890 (JSC::Parser::parseSwitchStatement): 31891 (JSC::Parser::parseSwitchClauses): 31892 (JSC::Parser::parseSwitchDefaultClause): 31893 (JSC::Parser::parseTryStatement): 31894 (JSC::Parser::parseDebuggerStatement): 31895 (JSC::Parser::parseBlockStatement): 31896 (JSC::Parser::parseStatement): 31897 (JSC::Parser::parseFormalParameters): 31898 (JSC::Parser::parseFunctionBody): 31899 (JSC::Parser::parseFunctionInfo): 31900 (JSC::Parser::parseFunctionDeclaration): 31901 (JSC::LabelInfo::LabelInfo): 31902 (JSC::Parser::parseExpressionOrLabelStatement): 31903 (JSC::Parser::parseExpressionStatement): 31904 (JSC::Parser::parseIfStatement): 31905 (JSC::Parser::parseExpression): 31906 (JSC::Parser::parseAssignmentExpression): 31907 (JSC::Parser::parseConditionalExpression): 31908 (JSC::isUnaryOp): 31909 (JSC::Parser::isBinaryOperator): 31910 (JSC::Parser::parseBinaryExpression): 31911 (JSC::Parser::parseProperty): 31912 (JSC::Parser::parseObjectLiteral): 31913 (JSC::Parser::parseStrictObjectLiteral): 31914 (JSC::Parser::parseArrayLiteral): 31915 (JSC::Parser::parsePrimaryExpression): 31916 (JSC::Parser::parseArguments): 31917 (JSC::Parser::parseMemberExpression): 31918 (JSC::Parser::parseUnaryExpression): 31919 * parser/Parser.h: 31920 (JSC::isEvalNode): 31921 (JSC::EvalNode): 31922 (JSC::DepthManager::DepthManager): 31923 (JSC::DepthManager::~DepthManager): 31924 (JSC::ScopeLabelInfo::ScopeLabelInfo): 31925 (JSC::Scope::Scope): 31926 (JSC::Scope::startSwitch): 31927 (JSC::Scope::endSwitch): 31928 (JSC::Scope::startLoop): 31929 (JSC::Scope::endLoop): 31930 (JSC::Scope::inLoop): 31931 (JSC::Scope::breakIsValid): 31932 (JSC::Scope::continueIsValid): 31933 (JSC::Scope::pushLabel): 31934 (JSC::Scope::popLabel): 31935 (JSC::Scope::getLabel): 31936 (JSC::Scope::setIsFunction): 31937 (JSC::Scope::isFunction): 31938 (JSC::Scope::isFunctionBoundary): 31939 (JSC::Scope::declareVariable): 31940 (JSC::Scope::declareWrite): 31941 (JSC::Scope::preventNewDecls): 31942 (JSC::Scope::allowsNewDecls): 31943 (JSC::Scope::declareParameter): 31944 (JSC::Scope::useVariable): 31945 (JSC::Scope::setNeedsFullActivation): 31946 (JSC::Scope::collectFreeVariables): 31947 (JSC::Scope::getUncapturedWrittenVariables): 31948 (JSC::Scope::getCapturedVariables): 31949 (JSC::Scope::setStrictMode): 31950 (JSC::Scope::strictMode): 31951 (JSC::Scope::isValidStrictMode): 31952 (JSC::Scope::shadowsArguments): 31953 (JSC::Scope::copyCapturedVariablesToVector): 31954 (JSC::Scope::saveFunctionInfo): 31955 (JSC::Scope::restoreFunctionInfo): 31956 (JSC::ScopeRef::ScopeRef): 31957 (JSC::ScopeRef::operator->): 31958 (JSC::ScopeRef::index): 31959 (JSC::ScopeRef::hasContainingScope): 31960 (JSC::ScopeRef::containingScope): 31961 (JSC::Parser::AllowInOverride::AllowInOverride): 31962 (JSC::Parser::AllowInOverride::~AllowInOverride): 31963 (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef): 31964 (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef): 31965 (JSC::Parser::AutoPopScopeRef::setPopped): 31966 (JSC::Parser::currentScope): 31967 (JSC::Parser::pushScope): 31968 (JSC::Parser::popScopeInternal): 31969 (JSC::Parser::popScope): 31970 (JSC::Parser::declareVariable): 31971 (JSC::Parser::declareWrite): 31972 (JSC::Parser::findCachedFunctionInfo): 31973 (JSC::Parser::isFunctionBodyNode): 31974 (JSC::Parser::next): 31975 (JSC::Parser::nextExpectIdentifier): 31976 (JSC::Parser::nextTokenIsColon): 31977 (JSC::Parser::consume): 31978 (JSC::Parser::getToken): 31979 (JSC::Parser::match): 31980 (JSC::Parser::tokenStart): 31981 (JSC::Parser::tokenLine): 31982 (JSC::Parser::tokenEnd): 31983 (JSC::Parser::getTokenName): 31984 (JSC::Parser::updateErrorMessageSpecialCase): 31985 (JSC::Parser::updateErrorMessage): 31986 (JSC::Parser::updateErrorWithNameAndMessage): 31987 (JSC::Parser::startLoop): 31988 (JSC::Parser::endLoop): 31989 (JSC::Parser::startSwitch): 31990 (JSC::Parser::endSwitch): 31991 (JSC::Parser::setStrictMode): 31992 (JSC::Parser::strictMode): 31993 (JSC::Parser::isValidStrictMode): 31994 (JSC::Parser::declareParameter): 31995 (JSC::Parser::breakIsValid): 31996 (JSC::Parser::continueIsValid): 31997 (JSC::Parser::pushLabel): 31998 (JSC::Parser::popLabel): 31999 (JSC::Parser::getLabel): 32000 (JSC::Parser::autoSemiColon): 32001 (JSC::Parser::canRecurse): 32002 (JSC::Parser::lastTokenEnd): 32003 (JSC::Parser::DepthManager::DepthManager): 32004 (JSC::Parser::DepthManager::~DepthManager): 32005 (JSC::Parser::parse): 32006 (JSC::parse): 32007 * parser/ParserTokens.h: Added. 32008 (JSC::JSTokenInfo::JSTokenInfo): 32009 * parser/SourceCode.h: 32010 (JSC::SourceCode::subExpression): 32011 * parser/SourceProviderCacheItem.h: 32012 * parser/SyntaxChecker.h: 32013 (JSC::SyntaxChecker::SyntaxChecker): 32014 (JSC::SyntaxChecker::makeFunctionCallNode): 32015 (JSC::SyntaxChecker::createCommaExpr): 32016 (JSC::SyntaxChecker::makeAssignNode): 32017 (JSC::SyntaxChecker::makePrefixNode): 32018 (JSC::SyntaxChecker::makePostfixNode): 32019 (JSC::SyntaxChecker::makeTypeOfNode): 32020 (JSC::SyntaxChecker::makeDeleteNode): 32021 (JSC::SyntaxChecker::makeNegateNode): 32022 (JSC::SyntaxChecker::makeBitwiseNotNode): 32023 (JSC::SyntaxChecker::createLogicalNot): 32024 (JSC::SyntaxChecker::createUnaryPlus): 32025 (JSC::SyntaxChecker::createVoid): 32026 (JSC::SyntaxChecker::thisExpr): 32027 (JSC::SyntaxChecker::createResolve): 32028 (JSC::SyntaxChecker::createObjectLiteral): 32029 (JSC::SyntaxChecker::createArray): 32030 (JSC::SyntaxChecker::createNumberExpr): 32031 (JSC::SyntaxChecker::createString): 32032 (JSC::SyntaxChecker::createBoolean): 32033 (JSC::SyntaxChecker::createNull): 32034 (JSC::SyntaxChecker::createBracketAccess): 32035 (JSC::SyntaxChecker::createDotAccess): 32036 (JSC::SyntaxChecker::createRegExp): 32037 (JSC::SyntaxChecker::createNewExpr): 32038 (JSC::SyntaxChecker::createConditionalExpr): 32039 (JSC::SyntaxChecker::createAssignResolve): 32040 (JSC::SyntaxChecker::createFunctionExpr): 32041 (JSC::SyntaxChecker::createFunctionBody): 32042 (JSC::SyntaxChecker::createArguments): 32043 (JSC::SyntaxChecker::createArgumentsList): 32044 (JSC::SyntaxChecker::createProperty): 32045 (JSC::SyntaxChecker::createPropertyList): 32046 (JSC::SyntaxChecker::createFuncDeclStatement): 32047 (JSC::SyntaxChecker::createBlockStatement): 32048 (JSC::SyntaxChecker::createExprStatement): 32049 (JSC::SyntaxChecker::createIfStatement): 32050 (JSC::SyntaxChecker::createForLoop): 32051 (JSC::SyntaxChecker::createForInLoop): 32052 (JSC::SyntaxChecker::createEmptyStatement): 32053 (JSC::SyntaxChecker::createVarStatement): 32054 (JSC::SyntaxChecker::createReturnStatement): 32055 (JSC::SyntaxChecker::createBreakStatement): 32056 (JSC::SyntaxChecker::createContinueStatement): 32057 (JSC::SyntaxChecker::createTryStatement): 32058 (JSC::SyntaxChecker::createSwitchStatement): 32059 (JSC::SyntaxChecker::createWhileStatement): 32060 (JSC::SyntaxChecker::createWithStatement): 32061 (JSC::SyntaxChecker::createDoWhileStatement): 32062 (JSC::SyntaxChecker::createLabelStatement): 32063 (JSC::SyntaxChecker::createThrowStatement): 32064 (JSC::SyntaxChecker::createDebugger): 32065 (JSC::SyntaxChecker::createConstStatement): 32066 (JSC::SyntaxChecker::appendConstDecl): 32067 (JSC::SyntaxChecker::createGetterOrSetterProperty): 32068 (JSC::SyntaxChecker::combineCommaNodes): 32069 (JSC::SyntaxChecker::operatorStackPop): 32070 * runtime/Executable.cpp: 32071 (JSC::EvalExecutable::compileInternal): 32072 (JSC::ProgramExecutable::checkSyntax): 32073 (JSC::ProgramExecutable::compileInternal): 32074 (JSC::FunctionExecutable::produceCodeBlockFor): 32075 (JSC::FunctionExecutable::fromGlobalCode): 32076 * runtime/JSGlobalData.cpp: 32077 (JSC::JSGlobalData::JSGlobalData): 32078 (JSC::JSGlobalData::~JSGlobalData): 32079 * runtime/JSGlobalData.h: 32080 * runtime/LiteralParser.cpp: 32081 (JSC::LiteralParser::tryJSONPParse): 32082 320832011-10-31 Filip Pizlo <fpizlo@apple.com> 32084 32085 REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding 32086 https://bugs.webkit.org/show_bug.cgi?id=71227 32087 32088 Reviewed by Oliver Hunt. 32089 32090 No new tests, since while I can see exactly where the DFG went wrong on the 32091 site in question from looking at the generated machine code, and while I can 32092 certainly believe that such a scenario would happen, I cannot visualize how 32093 to make it happen reproducibly. It requires an odd combination of double 32094 values getting spilled and then refilled, but then reboxed at just the right 32095 time so that the spilled value is an unboxed double while the in-register 32096 value is a boxed double. 32097 32098 * dfg/DFGJITCodeGenerator.h: 32099 (JSC::DFG::JITCodeGenerator::silentFillGPR): 32100 321012011-10-30 Filip Pizlo <fpizlo@apple.com> 32102 32103 JSParser::parsePrimaryExpression should have an overflow check 32104 https://bugs.webkit.org/show_bug.cgi?id=71197 32105 32106 Reviewed by Geoff Garen. 32107 32108 * parser/JSParser.cpp: 32109 (JSC::JSParser::parsePrimaryExpression): 32110 321112011-10-30 Filip Pizlo <fpizlo@apple.com> 32112 32113 DFG ValueAdd(string, int) should not fail speculation 32114 https://bugs.webkit.org/show_bug.cgi?id=71195 32115 32116 Reviewed by Geoff Garen. 32117 32118 1% speed-up on V8. 32119 32120 * dfg/DFGNode.h: 32121 (JSC::DFG::Node::shouldNotSpeculateInteger): 32122 (JSC::DFG::Node::shouldSpeculateInteger): 32123 321242011-10-30 Filip Pizlo <fpizlo@apple.com> 32125 32126 The DFG inliner should not flush the callee 32127 https://bugs.webkit.org/show_bug.cgi?id=71191 32128 32129 Reviewed by Oliver Hunt. 32130 32131 0.6% speed-up on V8. 32132 32133 * bytecode/CodeBlock.cpp: 32134 (JSC::CodeBlock::visitAggregate): 32135 * bytecode/CodeOrigin.h: 32136 * dfg/DFGByteCodeParser.cpp: 32137 (JSC::DFG::ByteCodeParser::flush): 32138 (JSC::DFG::ByteCodeParser::handleInlining): 32139 (JSC::DFG::ByteCodeParser::parseBlock): 32140 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 32141 (JSC::DFG::ByteCodeParser::parse): 32142 * dfg/DFGJITCompiler.cpp: 32143 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 32144 * dfg/DFGJITCompiler32_64.cpp: 32145 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 32146 * interpreter/CallFrame.cpp: 32147 (JSC::CallFrame::trueCallerFrameSlow): 32148 321492011-10-28 Mark Hahnenberg <mhahnenberg@apple.com> 32150 32151 De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject 32152 https://bugs.webkit.org/show_bug.cgi?id=70968 32153 32154 Reviewed by Geoffrey Garen. 32155 32156 * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their 32157 TypeInfo. Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 32158 needed it because Windows wouldn't build without it. 32159 (JSC::::createStructure): 32160 * API/JSCallbackObject.h: 32161 * JavaScriptCore.exp: 32162 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 32163 * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 32164 (JSC::ErrorInstance::createStructure): 32165 * runtime/ErrorPrototype.h: Ditto 32166 (JSC::ErrorPrototype::createStructure): 32167 * runtime/JSActivation.h: Ditto 32168 (JSC::JSActivation::createStructure): 32169 * runtime/JSGlobalObject.h: Ditto 32170 (JSC::JSGlobalObject::createStructure): 32171 * runtime/JSObject.h: De-virtualized functions. They now check the JSType of the object for the corresponding type. 32172 (JSC::JSObject::isGlobalObject): 32173 (JSC::JSObject::isVariableObject): 32174 (JSC::JSObject::isActivationObject): 32175 (JSC::JSObject::isErrorInstance): 32176 * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance. 32177 * runtime/JSVariableObject.cpp: Removed virtual function. 32178 * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure. 32179 (JSC::JSVariableObject::createStructure): 32180 321812011-10-28 Pavel Feldman <pfeldman@google.com> 32182 32183 Reset line numbers for scripts generated with document.write. 32184 https://bugs.webkit.org/show_bug.cgi?id=71099 32185 32186 Reviewed by Yury Semikhatsky. 32187 32188 * wtf/text/TextPosition.h: 32189 (WTF::OrdinalNumber::OrdinalNumber): 32190 321912011-10-27 Daniel Bates <dbates@rim.com> 32192 32193 CMake: Add support to optionally install the built JavaScript shell 32194 https://bugs.webkit.org/show_bug.cgi?id=71062 32195 32196 Reviewed by Antonio Gomes. 32197 32198 Generate an installation rule for installing the JavaScript shell in 32199 /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL 32200 is defined. 32201 32202 * shell/CMakeLists.txt: 32203 322042011-10-27 Kentaro Hara <haraken@chromium.org> 32205 32206 Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL 32207 https://bugs.webkit.org/show_bug.cgi?id=70215 32208 32209 Reviewed by Adam Barth. 32210 32211 Added a method that judges if a given JSValue is empty. 32212 32213 Tests: transforms/svg-vs-css.xhtml 32214 transforms/cssmatrix-2d-interface.xhtml 32215 transforms/cssmatrix-3d-interface.xhtml 32216 32217 * runtime/JSValue.h: 32218 * runtime/JSValueInlineMethods.h: 32219 (JSC::JSValue::isEmpty): 32220 322212011-10-27 Michael Saboff <msaboff@apple.com> 32222 32223 ENH: Add 8 bit string support to JSC JIT 32224 https://bugs.webkit.org/show_bug.cgi?id=71073 32225 32226 Changed the JIT String character access generation to create code 32227 to check the character size and load8() or load16() as approriate. 32228 32229 Reviewed by Gavin Barraclough. 32230 32231 * assembler/MacroAssemblerX86Common.h: 32232 (JSC::MacroAssemblerX86Common::load8): 32233 * assembler/X86Assembler.h: 32234 (JSC::X86Assembler::movzbl_mr): 32235 * dfg/DFGSpeculativeJIT.cpp: 32236 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): 32237 (JSC::DFG::SpeculativeJIT::compileGetByValOnString): 32238 * jit/JITInlineMethods.h: 32239 (JSC::JIT::emitLoadCharacterString): 32240 * jit/JITPropertyAccess.cpp: 32241 (JSC::JIT::stringGetByValStubGenerator): 32242 * jit/JITPropertyAccess32_64.cpp: 32243 (JSC::JIT::stringGetByValStubGenerator): 32244 * jit/JSInterfaceJIT.h: 32245 (JSC::ThunkHelpers::stringImplFlagsOffset): 32246 (JSC::ThunkHelpers::stringImpl8BitFlag): 32247 * jit/ThunkGenerators.cpp: 32248 (JSC::stringCharLoad): 32249 322502011-10-27 Filip Pizlo <fpizlo@apple.com> 32251 32252 If the bytecode generator emits code after the return in the first basic block, 32253 DFG's inliner crashes 32254 https://bugs.webkit.org/show_bug.cgi?id=71071 32255 32256 Reviewed by Gavin Barraclough. 32257 32258 Removed some cruft dealing with parsing failures due to unsupported functionality 32259 (that's never reached anymore due to it being caught in DFGCapabilities). This 32260 allowed me to repurpose the bool return from parseBlock() to mean: true if we 32261 should continue to parse, or false if we've already parsed all live code. 32262 32263 * dfg/DFGByteCodeParser.cpp: 32264 (JSC::DFG::ByteCodeParser::ByteCodeParser): 32265 (JSC::DFG::ByteCodeParser::parseBlock): 32266 (JSC::DFG::ByteCodeParser::parseCodeBlock): 32267 322682011-10-27 Joseph Pecoraro <pecoraro@apple.com> 32269 32270 Reviewed by David Kilzer. 32271 32272 Make FeatureDefines Identical Across OS X Projects 32273 https://bugs.webkit.org/show_bug.cgi?id=71051 32274 32275 * Configurations/FeatureDefines.xcconfig: 32276 322772011-10-27 Filip Pizlo <fpizlo@apple.com> 32278 32279 Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic 32280 https://bugs.webkit.org/show_bug.cgi?id=71045 32281 32282 Reviewed by Geoff Garen. 32283 32284 Make sure that if a structure is pinned, it also has a property map. 32285 32286 * runtime/Structure.cpp: 32287 (JSC::Structure::changePrototypeTransition): 32288 (JSC::Structure::despecifyFunctionTransition): 32289 (JSC::Structure::getterSetterTransition): 32290 (JSC::Structure::toDictionaryTransition): 32291 (JSC::Structure::preventExtensionsTransition): 32292 (JSC::Structure::addPropertyWithoutTransition): 32293 (JSC::Structure::removePropertyWithoutTransition): 32294 (JSC::Structure::pin): 32295 (JSC::Structure::copyPropertyTableForPinning): 32296 * runtime/Structure.h: 32297 (JSC::Structure::materializePropertyMapIfNecessaryForPinning): 32298 322992011-10-27 Michael Saboff <msaboff@apple.com> 32300 32301 32bit build failure after r98624 32302 https://bugs.webkit.org/show_bug.cgi?id=71064 32303 32304 Disambiguated operator overload with unsigned index (0u). 32305 32306 Reviewed by Sam Weinig. 32307 32308 * runtime/UString.h: 32309 (JSC::operator==): 32310 323112011-10-27 Gustavo Noronha Silva <gns@gnome.org> 32312 32313 Fix building on GNU/kFreeBSD 32314 https://bugs.webkit.org/show_bug.cgi?id=71005 32315 32316 Reviewed by Darin Adler. 32317 32318 * config.h: 32319 * wtf/Platform.h: 32320 323212011-10-27 Michael Saboff <msaboff@apple.com> 32322 32323 Investigate storing strings in 8-bit buffers when possible 32324 https://bugs.webkit.org/show_bug.cgi?id=66161 32325 32326 Investigate storing strings in 8-bit buffers when possible 32327 https://bugs.webkit.org/show_bug.cgi?id=66161 32328 32329 Added support for 8 bit string data in StringImpl. Changed 32330 (UChar*) m_data to m_data16. Added char* m_data8 as a union 32331 with m_data16. Added UChar* m_copyData16 to the other union 32332 to store a 16 bit copy of an 8 bit string when needed. 32333 Added characters8() and characters16() accessor methods 32334 that assume the caller has checked the underlying string type 32335 via the new is8Bit() method. The characters() method will 32336 return a UChar* of the string, materializing a 16 bit copy if the 32337 string is an 8 bit string. Added two flags, one for 8 bit buffer 32338 and a second for a 16 bit copy for an 8 bit string. 32339 32340 Fixed method name typo (StringHasher::defaultCoverter()). 32341 32342 Over time the goal is to eliminate calls to characters() and 32343 us the character8() and characters16() accessors. 32344 32345 This patch does not include changes that actually create 8 bit 32346 strings. This is the first of at least 8 patches. Subsequent 32347 patches will be submitted for JIT changes, making the JSC lexer, 32348 parser and literal parser, JavaScript string changes and 32349 then changes in webcore to take advantage of the 8 bit strings. 32350 32351 This change is performance neutral for SunSpider and V8 when 32352 run from the command line with "jsc". 32353 32354 Reviewed by Geoffrey Garen. 32355 32356 * JavaScriptCore.exp: 32357 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def 32358 * interpreter/Interpreter.cpp: 32359 (JSC::Interpreter::callEval): 32360 * parser/SourceProvider.h: 32361 (JSC::UStringSourceProvider::data): 32362 (JSC::UStringSourceProvider::UStringSourceProvider): 32363 * runtime/Identifier.cpp: 32364 (JSC::IdentifierCStringTranslator::hash): 32365 (JSC::IdentifierCStringTranslator::equal): 32366 (JSC::IdentifierCStringTranslator::translate): 32367 (JSC::Identifier::add): 32368 (JSC::Identifier::toUInt32): 32369 * runtime/Identifier.h: 32370 (JSC::Identifier::equal): 32371 (JSC::operator==): 32372 (JSC::operator!=): 32373 * runtime/JSString.cpp: 32374 (JSC::JSString::resolveRope): 32375 (JSC::JSString::resolveRopeSlowCase): 32376 * runtime/RegExp.cpp: 32377 (JSC::RegExp::match): 32378 * runtime/StringPrototype.cpp: 32379 (JSC::jsSpliceSubstringsWithSeparators): 32380 * runtime/UString.cpp: 32381 (JSC::UString::UString): 32382 (JSC::equalSlowCase): 32383 (JSC::UString::utf8): 32384 * runtime/UString.h: 32385 (JSC::UString::characters): 32386 (JSC::UString::characters8): 32387 (JSC::UString::characters16): 32388 (JSC::UString::is8Bit): 32389 (JSC::UString::operator[]): 32390 (JSC::UString::find): 32391 (JSC::operator==): 32392 * wtf/StringHasher.h: 32393 (WTF::StringHasher::computeHash): 32394 (WTF::StringHasher::defaultConverter): 32395 * wtf/text/AtomicString.cpp: 32396 (WTF::CStringTranslator::hash): 32397 (WTF::CStringTranslator::equal): 32398 (WTF::CStringTranslator::translate): 32399 (WTF::AtomicString::add): 32400 * wtf/text/AtomicString.h: 32401 (WTF::AtomicString::AtomicString): 32402 (WTF::AtomicString::contains): 32403 (WTF::AtomicString::find): 32404 (WTF::AtomicString::add): 32405 (WTF::operator==): 32406 (WTF::operator!=): 32407 (WTF::equalIgnoringCase): 32408 * wtf/text/StringConcatenate.h: 32409 * wtf/text/StringHash.h: 32410 (WTF::StringHash::equal): 32411 (WTF::CaseFoldingHash::hash): 32412 * wtf/text/StringImpl.cpp: 32413 (WTF::StringImpl::~StringImpl): 32414 (WTF::StringImpl::createUninitialized): 32415 (WTF::StringImpl::create): 32416 (WTF::StringImpl::getData16SlowCase): 32417 (WTF::StringImpl::containsOnlyWhitespace): 32418 (WTF::StringImpl::substring): 32419 (WTF::StringImpl::characterStartingAt): 32420 (WTF::StringImpl::lower): 32421 (WTF::StringImpl::upper): 32422 (WTF::StringImpl::fill): 32423 (WTF::StringImpl::foldCase): 32424 (WTF::StringImpl::stripMatchedCharacters): 32425 (WTF::StringImpl::removeCharacters): 32426 (WTF::StringImpl::simplifyMatchedCharactersToSpace): 32427 (WTF::StringImpl::toIntStrict): 32428 (WTF::StringImpl::toUIntStrict): 32429 (WTF::StringImpl::toInt64Strict): 32430 (WTF::StringImpl::toUInt64Strict): 32431 (WTF::StringImpl::toIntPtrStrict): 32432 (WTF::StringImpl::toInt): 32433 (WTF::StringImpl::toUInt): 32434 (WTF::StringImpl::toInt64): 32435 (WTF::StringImpl::toUInt64): 32436 (WTF::StringImpl::toIntPtr): 32437 (WTF::StringImpl::toDouble): 32438 (WTF::StringImpl::toFloat): 32439 (WTF::equal): 32440 (WTF::equalIgnoringCase): 32441 (WTF::StringImpl::find): 32442 (WTF::StringImpl::findIgnoringCase): 32443 (WTF::StringImpl::reverseFind): 32444 (WTF::StringImpl::replace): 32445 (WTF::StringImpl::defaultWritingDirection): 32446 (WTF::StringImpl::adopt): 32447 (WTF::StringImpl::createWithTerminatingNullCharacter): 32448 * wtf/text/StringImpl.h: 32449 (WTF::StringImpl::StringImpl): 32450 (WTF::StringImpl::create): 32451 (WTF::StringImpl::create8): 32452 (WTF::StringImpl::tryCreateUninitialized): 32453 (WTF::StringImpl::flagsOffset): 32454 (WTF::StringImpl::flagIs8Bit): 32455 (WTF::StringImpl::dataOffset): 32456 (WTF::StringImpl::is8Bit): 32457 (WTF::StringImpl::characters8): 32458 (WTF::StringImpl::characters16): 32459 (WTF::StringImpl::characters): 32460 (WTF::StringImpl::has16BitShadow): 32461 (WTF::StringImpl::setHash): 32462 (WTF::StringImpl::hash): 32463 (WTF::StringImpl::copyChars): 32464 (WTF::StringImpl::operator[]): 32465 (WTF::StringImpl::find): 32466 (WTF::StringImpl::findIgnoringCase): 32467 (WTF::equal): 32468 (WTF::equalIgnoringCase): 32469 (WTF::StringImpl::isolatedCopy): 32470 * wtf/text/WTFString.cpp: 32471 (WTF::String::String): 32472 (WTF::String::append): 32473 (WTF::String::format): 32474 (WTF::String::fromUTF8): 32475 (WTF::String::fromUTF8WithLatin1Fallback): 32476 * wtf/text/WTFString.h: 32477 (WTF::String::find): 32478 (WTF::String::findIgnoringCase): 32479 (WTF::String::contains): 32480 (WTF::String::append): 32481 (WTF::String::fromUTF8): 32482 (WTF::String::fromUTF8WithLatin1Fallback): 32483 (WTF::operator==): 32484 (WTF::operator!=): 32485 (WTF::equalIgnoringCase): 32486 * wtf/unicode/Unicode.h: 32487 * yarr/YarrJIT.cpp: 32488 (JSC::Yarr::execute): 32489 * yarr/YarrJIT.h: 32490 (JSC::Yarr::YarrCodeBlock::execute): 32491 * yarr/YarrParser.h: 32492 (JSC::Yarr::Parser::Parser): 32493 324942011-10-27 Mark Hahnenberg <mhahnenberg@apple.com> 32495 32496 Fixing windows build 32497 32498 Unreviewed build fix 32499 32500 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 32501 325022011-10-27 Mark Hahnenberg <mhahnenberg@apple.com> 32503 32504 Add ability to check for presence of static members at compile time 32505 https://bugs.webkit.org/show_bug.cgi?id=70986 32506 32507 Reviewed by Geoffrey Garen. 32508 32509 Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 32510 HAS_MEMBER_NAMED macro to use that template to check if the specified class 32511 does indeed have a method with that name. This mechanism is not currently 32512 used anywhere, but will be in the future when adding virtual methods from 32513 JSObject to the MethodTable. 32514 32515 * runtime/ClassInfo.h: 32516 325172011-10-27 Mark Hahnenberg <mhahnenberg@apple.com> 32518 32519 De-virtualize JSCell::toThisObject 32520 https://bugs.webkit.org/show_bug.cgi?id=70958 32521 32522 Reviewed by Geoffrey Garen. 32523 32524 Converted all instances of toThisObject to static functions, 32525 added toThisObject to the MethodTable, and replaced all call sites 32526 with a corresponding lookup in the MethodTable. 32527 32528 * API/JSContextRef.cpp: 32529 * JavaScriptCore.exp: 32530 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 32531 * runtime/ClassInfo.h: 32532 * runtime/JSActivation.cpp: 32533 (JSC::JSActivation::toThisObject): 32534 * runtime/JSActivation.h: 32535 * runtime/JSCell.cpp: 32536 (JSC::JSCell::toThisObject): 32537 * runtime/JSCell.h: 32538 * runtime/JSObject.cpp: 32539 (JSC::JSObject::put): 32540 (JSC::JSObject::toThisObject): 32541 * runtime/JSObject.h: 32542 (JSC::JSValue::toThisObject): 32543 * runtime/JSStaticScopeObject.cpp: 32544 (JSC::JSStaticScopeObject::toThisObject): 32545 * runtime/JSStaticScopeObject.h: 32546 * runtime/JSString.cpp: 32547 (JSC::JSString::toThisObject): 32548 * runtime/JSString.h: 32549 * runtime/StrictEvalActivation.cpp: 32550 (JSC::StrictEvalActivation::toThisObject): 32551 * runtime/StrictEvalActivation.h: 32552 325532011-10-27 Yuqiang Xian <yuqiang.xian@intel.com> 32554 32555 Fix a small bug in callOperation after r98431 32556 https://bugs.webkit.org/show_bug.cgi?id=70984 32557 32558 Reviewed by Geoffrey Garen. 32559 32560 TrustedImmPtr is not expecting "int" type parameters. 32561 32562 * dfg/DFGJITCodeGenerator.h: 32563 (JSC::DFG::callOperation): 32564 325652011-10-26 Oliver Hunt <oliver@apple.com> 32566 32567 Restore structure-clearing behaviour of allocateCell<> 32568 https://bugs.webkit.org/show_bug.cgi?id=70976 32569 32570 Reviewed by Geoffrey Garen. 32571 32572 This restores the logic that allows the markstack to filter 32573 live objects that have not yet been initialised. 32574 32575 * runtime/JSCell.h: 32576 (JSC::JSCell::clearStructure): 32577 Validation-safe method to clear a cell's structure. 32578 (JSC::allocateCell): 32579 Call the above method. 32580 * runtime/Structure.h: 32581 (JSC::MarkStack::internalAppend): 32582 Don't visit cells that haven't been initialised. 32583 325842011-10-26 Filip Pizlo <fpizlo@apple.com> 32585 32586 REGRESSION (r97030): Cannot log in to progressive.com 32587 https://bugs.webkit.org/show_bug.cgi?id=70094 32588 32589 Reviewed by Oliver Hunt. 32590 32591 * dfg/DFGByteCodeParser.cpp: 32592 (JSC::DFG::ByteCodeParser::handleCall): 32593 325942011-10-26 Mark Hahnenberg <mhahnenberg@apple.com> 32595 32596 Remove getOwnPropertySlotVirtual 32597 https://bugs.webkit.org/show_bug.cgi?id=70741 32598 32599 Reviewed by Geoffrey Garen. 32600 32601 Removed all declarations and definitions of getOwnPropertySlotVirtual. 32602 Also replaced all call sites to getOwnPropertyVirtualVirtual with a 32603 corresponding lookup in the MethodTable. 32604 32605 * API/JSCallbackObject.h: 32606 * API/JSCallbackObjectFunctions.h: 32607 (JSC::::getOwnPropertyDescriptor): 32608 * JavaScriptCore.exp: 32609 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 32610 * debugger/DebuggerActivation.cpp: 32611 (JSC::DebuggerActivation::getOwnPropertySlot): 32612 * debugger/DebuggerActivation.h: 32613 * runtime/Arguments.cpp: 32614 * runtime/Arguments.h: 32615 * runtime/ArrayConstructor.cpp: 32616 * runtime/ArrayConstructor.h: 32617 * runtime/ArrayPrototype.cpp: 32618 * runtime/ArrayPrototype.h: 32619 * runtime/BooleanPrototype.cpp: 32620 * runtime/BooleanPrototype.h: 32621 * runtime/DateConstructor.cpp: 32622 * runtime/DateConstructor.h: 32623 * runtime/DatePrototype.cpp: 32624 * runtime/DatePrototype.h: 32625 (JSC::DatePrototype::create): 32626 * runtime/ErrorPrototype.cpp: 32627 * runtime/ErrorPrototype.h: 32628 * runtime/JSActivation.cpp: 32629 * runtime/JSActivation.h: 32630 * runtime/JSArray.cpp: 32631 (JSC::JSArray::getOwnPropertySlotByIndex): 32632 * runtime/JSArray.h: 32633 * runtime/JSByteArray.cpp: 32634 * runtime/JSByteArray.h: 32635 * runtime/JSCell.cpp: 32636 * runtime/JSCell.h: 32637 * runtime/JSFunction.cpp: 32638 (JSC::JSFunction::getOwnPropertyDescriptor): 32639 (JSC::JSFunction::getOwnPropertyNames): 32640 (JSC::JSFunction::put): 32641 * runtime/JSFunction.h: 32642 * runtime/JSGlobalObject.cpp: 32643 * runtime/JSGlobalObject.h: 32644 * runtime/JSNotAnObject.cpp: 32645 * runtime/JSNotAnObject.h: 32646 * runtime/JSONObject.cpp: 32647 (JSC::Stringifier::Holder::appendNextProperty): 32648 (JSC::Walker::walk): 32649 * runtime/JSONObject.h: 32650 * runtime/JSObject.cpp: 32651 (JSC::JSObject::getOwnPropertySlotByIndex): 32652 (JSC::JSObject::hasOwnProperty): 32653 * runtime/JSObject.h: 32654 (JSC::JSCell::fastGetOwnPropertySlot): 32655 (JSC::JSObject::getPropertySlot): 32656 (JSC::JSValue::get): 32657 * runtime/JSStaticScopeObject.cpp: 32658 * runtime/JSStaticScopeObject.h: 32659 * runtime/JSString.cpp: 32660 (JSC::JSString::getOwnPropertySlot): 32661 * runtime/JSString.h: 32662 * runtime/MathObject.cpp: 32663 * runtime/MathObject.h: 32664 (JSC::MathObject::create): 32665 * runtime/NumberConstructor.cpp: 32666 * runtime/NumberConstructor.h: 32667 * runtime/NumberPrototype.cpp: 32668 * runtime/NumberPrototype.h: 32669 * runtime/ObjectConstructor.cpp: 32670 * runtime/ObjectConstructor.h: 32671 * runtime/ObjectPrototype.cpp: 32672 * runtime/ObjectPrototype.h: 32673 * runtime/RegExpConstructor.cpp: 32674 * runtime/RegExpConstructor.h: 32675 * runtime/RegExpMatchesArray.h: 32676 (JSC::RegExpMatchesArray::createStructure): 32677 * runtime/RegExpObject.cpp: 32678 * runtime/RegExpObject.h: 32679 * runtime/RegExpPrototype.cpp: 32680 * runtime/RegExpPrototype.h: 32681 * runtime/StringConstructor.cpp: 32682 * runtime/StringConstructor.h: 32683 * runtime/StringObject.cpp: 32684 * runtime/StringObject.h: 32685 * runtime/StringPrototype.cpp: 32686 * runtime/StringPrototype.h: 32687 326882011-10-26 Alejandro G. Castro <alex@igalia.com> 32689 32690 [GTK] [WK2] Add WebKit2 distcheck support 32691 https://bugs.webkit.org/show_bug.cgi?id=70933 32692 32693 Reviewed by Martin Robinson. 32694 32695 * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list. 32696 326972011-10-26 Michael Saboff <msaboff@apple.com> 32698 32699 Increase StringImpl Flag Bits for 8 bit Strings 32700 https://bugs.webkit.org/show_bug.cgi?id=70937 32701 32702 Increased the number of bits used for flags in StringImpl 32703 from 6 to 8 bits. This frees up 2 flag bits that will be 32704 used for 8-bit string support. Updated hash methods accordingly. 32705 Changed hash value masking from the low bits to the high 32706 bits. 32707 32708 Reviewed by Darin Adler. 32709 32710 * create_hash_table: 32711 * wtf/StringHasher.h: 32712 (WTF::StringHasher::hash): 32713 * wtf/text/StringImpl.h: 32714 327152011-10-26 Dan Bernstein <mitz@apple.com> 32716 32717 Build fix. 32718 32719 Reverted r98488, which caused the scripts’ status messages to be included in the generated 32720 files. 32721 32722 * create_hash_table: 32723 * create_jit_stubs: 32724 327252011-10-26 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> 32726 32727 Don't print regular output to STDERR when generating hashtables and JIT stubs 32728 32729 Reviewed by Simon Hausmann. 32730 32731 * create_hash_table: 32732 * create_jit_stubs: 32733 327342011-10-25 Gavin Barraclough <barraclough@apple.com> 32735 32736 Split DFGJITCodeGenerator::callOperation methods 32737 https://bugs.webkit.org/show_bug.cgi?id=70870 32738 32739 Reviewed by Filip Pizlo. 32740 32741 The DFGJITCodeGenerator currently contains two sets of callOperation methods. 32742 One set works with the JSVALUE64 value representation and passes arguments in 32743 registers (suitable for use on x86-64), and one set works with the JSVALUE32_64 32744 value representation and passes arguments in memory (suitable for use on x86). 32745 By refactoring out the representation and calling convention specific aspects 32746 of the code we can also configure the DFG JIT to operator on platforms that use 32747 the JSVALUE32_64 value representation but pass arguments in registers. 32748 32749 On platforms supported by the JIT, the payload precedes the tag of a value in 32750 argument/result ordering, as such, in order to make the setupResults method 32751 generally applicable to return the results of a function that are returned in 32752 two registers, the ordering of arguments to this function has been reversed - 32753 as is the ordering of augments passed to setupArguments methods, with respect 32754 to the ordering with which they are passed in to callOperation. 32755 This inconsistency will be resolved in a later change when we combine the pairs 32756 of arguments passed into callOperation, such that the function signatures can 32757 be made consistent across the two value representations (the callOperation 32758 methods will be passed a reference to a struct representing the JSValue 32759 temporary, this will consist of two gprs on 32_64 and one on 64). 32760 32761 * dfg/DFGJITCodeGenerator.h: 32762 (JSC::DFG::resetCallArguments): 32763 (JSC::DFG::addCallArgument): 32764 - moved, removed tag,payload version of this method. 32765 (JSC::DFG::setupArguments): 32766 (JSC::DFG::setupArgumentsExecState): 32767 (JSC::DFG::setupArgumentsWithExecState): 32768 - Calling convention specific portion of callOperation refactored out into these methods. 32769 (JSC::DFG::callOperation): 32770 - updated these methods to use setupArguments* methods. 32771 (JSC::DFG::setupResults): 32772 - setupResults is now passed payload,tag. 32773 (JSC::DFG::appendCallWithExceptionCheckSetResult): 32774 - Added fpr versions of this function. 32775 (JSC::DFG::appendCallSetResult): 32776 - Added versions of this function without exception check. 32777 * dfg/DFGJITCodeGenerator32_64.cpp: 32778 (JSC::DFG::JITCodeGenerator::emitCall): 32779 - setupResults is now passed payload,tag. 32780 327812011-10-25 Mark Hahnenberg <mhahnenberg@apple.com> 32782 32783 Remove deletePropertyVirtual 32784 https://bugs.webkit.org/show_bug.cgi?id=70738 32785 32786 Reviewed by Geoffrey Garen. 32787 32788 Removed all declarations and definitions of deletePropertyVirtual. 32789 Also replaced all call sites to deletePropertyVirtual with a 32790 corresponding lookup in the MethodTable. 32791 32792 * API/JSCallbackObject.h: 32793 * API/JSCallbackObjectFunctions.h: 32794 (JSC::::deletePropertyByIndex): 32795 * API/JSObjectRef.cpp: 32796 (JSObjectDeleteProperty): 32797 * JavaScriptCore.exp: 32798 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 32799 * debugger/DebuggerActivation.cpp: 32800 (JSC::DebuggerActivation::deleteProperty): 32801 * debugger/DebuggerActivation.h: 32802 * interpreter/Interpreter.cpp: 32803 (JSC::Interpreter::privateExecute): 32804 * jit/JITStubs.cpp: 32805 (JSC::DEFINE_STUB_FUNCTION): 32806 * runtime/Arguments.cpp: 32807 * runtime/Arguments.h: 32808 * runtime/ArrayPrototype.cpp: 32809 (JSC::arrayProtoFuncPop): 32810 (JSC::arrayProtoFuncReverse): 32811 (JSC::arrayProtoFuncShift): 32812 (JSC::arrayProtoFuncSplice): 32813 (JSC::arrayProtoFuncUnShift): 32814 * runtime/JSActivation.cpp: 32815 * runtime/JSActivation.h: 32816 * runtime/JSArray.cpp: 32817 (JSC::JSArray::deleteProperty): 32818 (JSC::JSArray::deletePropertyByIndex): 32819 * runtime/JSArray.h: 32820 * runtime/JSCell.cpp: 32821 (JSC::JSCell::deleteProperty): 32822 (JSC::JSCell::deletePropertyByIndex): 32823 * runtime/JSCell.h: 32824 * runtime/JSFunction.cpp: 32825 * runtime/JSFunction.h: 32826 * runtime/JSNotAnObject.cpp: 32827 * runtime/JSNotAnObject.h: 32828 * runtime/JSONObject.cpp: 32829 (JSC::Walker::walk): 32830 * runtime/JSObject.cpp: 32831 (JSC::JSObject::deletePropertyByIndex): 32832 (JSC::JSObject::defineOwnProperty): 32833 * runtime/JSObject.h: 32834 * runtime/JSVariableObject.cpp: 32835 * runtime/JSVariableObject.h: 32836 * runtime/RegExpMatchesArray.h: 32837 * runtime/StrictEvalActivation.cpp: 32838 * runtime/StrictEvalActivation.h: 32839 * runtime/StringObject.cpp: 32840 * runtime/StringObject.h: 32841 328422011-10-25 Mark Hahnenberg <mhahnenberg@apple.com> 32843 32844 Remove putVirtual 32845 https://bugs.webkit.org/show_bug.cgi?id=70740 32846 32847 Reviewed by Geoffrey Garen. 32848 32849 Removed all declarations and definitions of putVirtual. 32850 Also replaced all call sites to putVirtual with a 32851 corresponding lookup in the MethodTable. 32852 32853 * API/JSCallbackObject.h: 32854 * API/JSCallbackObjectFunctions.h: 32855 * API/JSObjectRef.cpp: 32856 (JSObjectSetProperty): 32857 (JSObjectSetPropertyAtIndex): 32858 * JavaScriptCore.exp: 32859 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 32860 * debugger/DebuggerActivation.cpp: 32861 (JSC::DebuggerActivation::put): 32862 * debugger/DebuggerActivation.h: 32863 * dfg/DFGOperations.cpp: 32864 * interpreter/Interpreter.cpp: 32865 (JSC::Interpreter::execute): 32866 (JSC::Interpreter::privateExecute): 32867 * jsc.cpp: 32868 (GlobalObject::finishCreation): 32869 * runtime/Arguments.cpp: 32870 * runtime/Arguments.h: 32871 * runtime/ArrayPrototype.cpp: 32872 (JSC::putProperty): 32873 (JSC::arrayProtoFuncConcat): 32874 (JSC::arrayProtoFuncPush): 32875 (JSC::arrayProtoFuncReverse): 32876 (JSC::arrayProtoFuncShift): 32877 (JSC::arrayProtoFuncSlice): 32878 (JSC::arrayProtoFuncSort): 32879 (JSC::arrayProtoFuncSplice): 32880 (JSC::arrayProtoFuncUnShift): 32881 (JSC::arrayProtoFuncFilter): 32882 (JSC::arrayProtoFuncMap): 32883 * runtime/JSActivation.cpp: 32884 * runtime/JSActivation.h: 32885 * runtime/JSArray.cpp: 32886 (JSC::JSArray::putSlowCase): 32887 (JSC::JSArray::push): 32888 (JSC::JSArray::shiftCount): 32889 (JSC::JSArray::unshiftCount): 32890 * runtime/JSArray.h: 32891 * runtime/JSByteArray.cpp: 32892 * runtime/JSByteArray.h: 32893 * runtime/JSCell.cpp: 32894 (JSC::JSCell::put): 32895 (JSC::JSCell::putByIndex): 32896 * runtime/JSCell.h: 32897 * runtime/JSFunction.cpp: 32898 * runtime/JSFunction.h: 32899 * runtime/JSGlobalObject.cpp: 32900 * runtime/JSGlobalObject.h: 32901 * runtime/JSNotAnObject.cpp: 32902 * runtime/JSNotAnObject.h: 32903 * runtime/JSONObject.cpp: 32904 (JSC::Walker::walk): 32905 * runtime/JSObject.cpp: 32906 (JSC::JSObject::putByIndex): 32907 (JSC::JSObject::defineOwnProperty): 32908 * runtime/JSObject.h: 32909 (JSC::JSValue::put): 32910 * runtime/JSStaticScopeObject.cpp: 32911 * runtime/JSStaticScopeObject.h: 32912 * runtime/ObjectPrototype.cpp: 32913 * runtime/ObjectPrototype.h: 32914 * runtime/RegExpConstructor.cpp: 32915 * runtime/RegExpConstructor.h: 32916 * runtime/RegExpMatchesArray.h: 32917 * runtime/RegExpObject.cpp: 32918 * runtime/RegExpObject.h: 32919 * runtime/StringObject.cpp: 32920 * runtime/StringObject.h: 32921 * runtime/StringPrototype.cpp: 32922 (JSC::stringProtoFuncSplit): 32923 329242011-10-25 Gavin Barraclough <barraclough@apple.com> 32925 32926 Separate out function linking & exception check data structures. 32927 https://bugs.webkit.org/show_bug.cgi?id=70858 32928 32929 Reviewed by Oliver Hunt. 32930 32931 This will make it easier to refactor the callOperation methods to spilt the value 32932 representation specific handling from the cpu/calling-convention implementation. 32933 32934 * dfg/DFGJITCodeGenerator.h: 32935 (JSC::DFG::appendCallWithExceptionCheck): 32936 * dfg/DFGJITCodeGenerator32_64.cpp: 32937 (JSC::DFG::JITCodeGenerator::emitCall): 32938 * dfg/DFGJITCodeGenerator64.cpp: 32939 (JSC::DFG::JITCodeGenerator::emitCall): 32940 * dfg/DFGJITCompiler.cpp: 32941 (JSC::DFG::JITCompiler::compileBody): 32942 (JSC::DFG::JITCompiler::link): 32943 * dfg/DFGJITCompiler.h: 32944 (JSC::DFG::CallLinkRecord::CallLinkRecord): 32945 (JSC::DFG::CallExceptionRecord::CallExceptionRecord): 32946 (JSC::DFG::JITCompiler::JITCompiler): 32947 (JSC::DFG::JITCompiler::notifyCall): 32948 (JSC::DFG::JITCompiler::appendCall): 32949 (JSC::DFG::JITCompiler::addExceptionCheck): 32950 (JSC::DFG::JITCompiler::addFastExceptionCheck): 32951 * dfg/DFGJITCompiler32_64.cpp: 32952 (JSC::DFG::JITCompiler::compileBody): 32953 (JSC::DFG::JITCompiler::link): 32954 329552011-10-25 Filip Pizlo <fpizlo@apple.com> 32956 32957 Tiered compilation may introduce dangling pointers in constant buffers 32958 https://bugs.webkit.org/show_bug.cgi?id=70854 32959 32960 Reviewed by Oliver Hunt. 32961 32962 Tiered compilation now copies constant buffers, which fixes the regression in 32963 https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this 32964 regression relies on a subtle interleaving of optimized compilation and garbage 32965 collection, and cannot be reproduced in a simple test. 32966 32967 This also adds some new debug support, which was used to fix this bug and is 32968 likely to be useful in the future. 32969 32970 * bytecode/CodeBlock.cpp: 32971 (JSC::CodeBlock::copyDataFrom): 32972 (JSC::CodeBlock::usesOpcode): 32973 * bytecode/CodeBlock.h: 32974 * dfg/DFGGraph.cpp: 32975 (JSC::DFG::Graph::dump): 32976 329772011-10-25 Mark Hahnenberg <mhahnenberg@apple.com> 32978 32979 Fixing Windows build after r98367 32980 32981 Unreviewed build fix 32982 32983 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 32984 329852011-10-25 Yuqiang Xian <yuqiang.xian@intel.com> 32986 32987 Add missing DFG file entries to the make lists for GTK and Qt ports 32988 https://bugs.webkit.org/show_bug.cgi?id=70806 32989 32990 Reviewed by Darin Adler. 32991 32992 * GNUmakefile.list.am: 32993 * JavaScriptCore.pro: 32994 329952011-10-25 Mark Hahnenberg <mhahnenberg@apple.com> 32996 32997 Add getOwnPropertySlot to MethodTable 32998 https://bugs.webkit.org/show_bug.cgi?id=69807 32999 33000 Reviewed by Oliver Hunt. 33001 33002 * JavaScriptCore.exp: 33003 * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable. 33004 * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 33005 reference it in their MethodTables. 33006 330072011-10-25 Oliver Hunt <oliver@apple.com> 33008 33009 Need to support marking of multiple nested codeblocks when compiling 33010 https://bugs.webkit.org/show_bug.cgi?id=70832 33011 33012 Reviewed by Gavin Barraclough. 33013 33014 When inlining a function we end up with multiple codeblocks being 33015 compiled at the same time, so we need to support a list of live 33016 codeblocks. 33017 33018 * heap/Heap.cpp: 33019 (JSC::Heap::markRoots): 33020 * runtime/JSGlobalData.cpp: 33021 (JSC::JSGlobalData::JSGlobalData): 33022 * runtime/JSGlobalData.h: 33023 (JSC::JSGlobalData::startedCompiling): 33024 (JSC::JSGlobalData::finishedCompiling): 33025 330262011-10-24 Yuqiang Xian <yuqiang.xian@intel.com> 33027 33028 DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger 33029 https://bugs.webkit.org/show_bug.cgi?id=70798 33030 33031 Reviewed by Filip Pizlo. 33032 33033 When filling an integer for a known integer node (not speculated), it 33034 should accept DataFormatJSInteger as well. 33035 33036 * dfg/DFGJITCodeGenerator32_64.cpp: 33037 (JSC::DFG::JITCodeGenerator::fillInteger): 33038 330392011-10-24 Geoffrey Garen <ggaren@apple.com> 33040 33041 Build fix: removed some cases of threadsafeCopy() that I missed in 33042 my previous patch. 33043 33044 * JavaScriptCore.order: 33045 330462011-10-24 Geoffrey Garen <ggaren@apple.com> 33047 33048 Removed SharedUChar and tightened language around its previous uses 33049 https://bugs.webkit.org/show_bug.cgi?id=70698 33050 33051 Reviewed by David Levin. 33052 33053 - Removed SharedUChar because most of its functionality has moved into 33054 other abstraction layers, and we want remaining clients to choose their 33055 abstractions explicitly instead of relying on StringImpl to provide this 33056 behavior implicitly, since we think they can sometimes make more efficient 33057 choices. 33058 33059 - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because 33060 the former names could give the impression that the resulting object was 33061 thread-safe, but actually it's just an isolated copy, which is not 33062 thread-safe by itself, but can be used to implement a thread-safe 33063 algorithm through isolation. 33064 33065 * wtf/CrossThreadRefCounted.h: Removed. 33066 33067 * JavaScriptCore.exp: Export! 33068 33069 * wtf/text/StringImpl.cpp: 33070 (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above. 33071 33072 * wtf/text/StringImpl.h: 33073 (WTF::StringImpl::length): Ditto. 33074 33075 (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial. 33076 33077 * wtf/text/WTFString.cpp: 33078 (WTF::String::isolatedCopy): 33079 * wtf/text/WTFString.h: Updated for StringImpl changes. 33080 33081 * API/OpaqueJSString.h: 33082 * GNUmakefile.list.am: 33083 * JavaScriptCore.exp: 33084 * JavaScriptCore.gypi: 33085 * JavaScriptCore.order: 33086 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 33087 * JavaScriptCore.xcodeproj/project.pbxproj: 33088 * wtf/CMakeLists.txt: 33089 * wtf/OwnFastMallocPtr.h: 33090 * wtf/RefCounted.h: 33091 * wtf/SizeLimits.cpp: 33092 * wtf/ThreadSafeRefCounted.h: 33093 * wtf/wtf.pri: 33094 * yarr/YarrPattern.h: Updated these files to accomodate removal of 33095 CrossThreadRefCounted.h. 33096 330972011-10-24 Oliver Hunt <oliver@apple.com> 33098 33099 Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*) 33100 https://bugs.webkit.org/show_bug.cgi?id=70689 33101 33102 Reviewed by Filip Pizlo. 33103 33104 While performing codegen we need to make the GlobalData explicitly 33105 aware of the codeblock being compiled, as compilation may trigger GC 33106 and CodeBlock holds GC values, but has not yet been assigned to its 33107 owner executable. 33108 33109 * bytecompiler/BytecodeGenerator.cpp: 33110 (JSC::BytecodeGenerator::BytecodeGenerator): 33111 (JSC::BytecodeGenerator::~BytecodeGenerator): 33112 * bytecompiler/BytecodeGenerator.h: 33113 * heap/AllocationSpace.cpp: 33114 (JSC::AllocationSpace::allocateSlowCase): 33115 * heap/Heap.cpp: 33116 (JSC::Heap::markRoots): 33117 * runtime/JSGlobalData.cpp: 33118 (JSC::JSGlobalData::JSGlobalData): 33119 * runtime/JSGlobalData.h: 33120 (JSC::JSGlobalData::startedCompiling): 33121 (JSC::JSGlobalData::finishedCompiling): 33122 331232011-10-24 Filip Pizlo <fpizlo@apple.com> 33124 33125 Object-or-other branch speculation may corrupt the state for OSR if the child of the 33126 branch is an integer 33127 https://bugs.webkit.org/show_bug.cgi?id=70777 33128 33129 Reviewed by Oliver Hunt. 33130 33131 * dfg/DFGSpeculativeJIT64.cpp: 33132 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 33133 331342011-10-24 Filip Pizlo <fpizlo@apple.com> 33135 33136 op_new_array_buffer is not inlined correctly 33137 https://bugs.webkit.org/show_bug.cgi?id=70770 33138 33139 Reviewed by Oliver Hunt. 33140 33141 Disabled inlining of op_new_array_buffer, for now. 33142 33143 * dfg/DFGCapabilities.h: 33144 (JSC::DFG::canInlineOpcode): 33145 331462011-10-24 Yuqiang Xian <yuqiang.xian@intel.com> 33147 33148 Add boolean speculations to DFG JIT 32_64 33149 https://bugs.webkit.org/show_bug.cgi?id=70706 33150 33151 Reviewed by Filip Pizlo. 33152 33153 Different from the boolean speculations in DFG 64, the boolean 33154 speculations in DFG 32_64 will use a 32bit GPR to hold the primitive 33155 boolean instead of a JSBoolean. This choice is not only for 33156 performance, but also to save a register as we're short of registers on 33157 X86. 33158 To accomplish this we make use of DataFormatBoolean, allow a value to 33159 be represented as a primitive boolean and converted from/to a 33160 JSBoolean. 33161 This patch also fixes SpillOrder in 32_64, which should be different 33162 from 64, and fixes needDataFormatConversion logic in 32_64. 33163 33164 * assembler/MacroAssemblerX86Common.h: 33165 (JSC::MacroAssemblerX86Common::branchTest32): 33166 We don't expect byte test actually as it doesn't work for registers 33167 esp..edi on X86. 33168 * dfg/DFGGenerationInfo.h: 33169 (JSC::DFG::needDataFormatConversion): 33170 (JSC::DFG::GenerationInfo::initBoolean): 33171 (JSC::DFG::GenerationInfo::gpr): 33172 (JSC::DFG::GenerationInfo::fillInteger): 33173 (JSC::DFG::GenerationInfo::fillBoolean): 33174 * dfg/DFGJITCodeGenerator.cpp: 33175 (JSC::DFG::JITCodeGenerator::checkConsistency): 33176 * dfg/DFGJITCodeGenerator.h: 33177 (JSC::DFG::JITCodeGenerator::use): 33178 (JSC::DFG::JITCodeGenerator::silentSpillGPR): 33179 (JSC::DFG::JITCodeGenerator::silentFillGPR): 33180 (JSC::DFG::JITCodeGenerator::spill): 33181 (JSC::DFG::cellResult): 33182 (JSC::DFG::booleanResult): 33183 * dfg/DFGJITCodeGenerator32_64.cpp: 33184 (JSC::DFG::JITCodeGenerator::fillJSValue): 33185 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): 33186 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 33187 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): 33188 * dfg/DFGJITCompiler32_64.cpp: 33189 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 33190 * dfg/DFGSpeculativeJIT.cpp: 33191 (JSC::DFG::ValueSource::dump): 33192 (JSC::DFG::ValueRecovery::dump): 33193 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 33194 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 33195 * dfg/DFGSpeculativeJIT.h: 33196 (JSC::DFG::ValueSource::forPrediction): 33197 (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean): 33198 (JSC::DFG::ValueRecovery::inGPR): 33199 (JSC::DFG::ValueRecovery::gpr): 33200 * dfg/DFGSpeculativeJIT32_64.cpp: 33201 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 33202 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 33203 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 33204 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 33205 (JSC::DFG::SpeculativeJIT::compare): 33206 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 33207 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 33208 (JSC::DFG::SpeculativeJIT::emitBranch): 33209 (JSC::DFG::SpeculativeJIT::compile): 33210 332112011-10-24 Mark Hahnenberg <mhahnenberg@apple.com> 33212 33213 Fixing Windows build 33214 33215 Unreviewed build fix 33216 33217 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 33218 332192011-10-24 Yuqiang Xian <yuqiang.xian@intel.com> 33220 33221 BitVector isInline check could fail 33222 https://bugs.webkit.org/show_bug.cgi?id=70691 33223 33224 Reviewed by Geoffrey Garen. 33225 33226 Current BitVector uses the highest bit of m_bitsOrPointer to indicate 33227 whether it's an inlined bit set or a pointer to an outOfLine bit set. 33228 This check may fail in case the pointer also has the highest bit set, 33229 which is surely possible on IA32 (Linux). 33230 In this case the check failure can result in unexpected behaviors, 33231 for example if the BitVector is incorrectly determined as having an 33232 inlined bit set, then setting a bit exceeding maxInlineBits will wrongly 33233 modify the memory adjacent to the BitVector object. 33234 This fix is to use the lowest bit of m_bitsOrPointer to indicate inline 33235 or outofline, based on the assumption that the pointer to OutOfLineBits 33236 should be 4 or 8 byte aligned. 33237 We could mark the lowest bit (bit 0) with 1 for inlined bit set, 33238 and bits 1~bitsInPointer are used for bit set/test. 33239 In this case we need do one bit more shift for bit set/test. 33240 33241 * wtf/BitVector.cpp: 33242 (WTF::BitVector::resizeOutOfLine): 33243 * wtf/BitVector.h: 33244 (WTF::BitVector::quickGet): 33245 (WTF::BitVector::quickSet): 33246 (WTF::BitVector::quickClear): 33247 (WTF::BitVector::makeInlineBits): 33248 (WTF::BitVector::isInline): 33249 332502011-10-24 Mark Hahnenberg <mhahnenberg@apple.com> 33251 33252 Rename static getOwnPropertySlot to getOwnPropertySlotByIndex 33253 https://bugs.webkit.org/show_bug.cgi?id=70271 33254 33255 Reviewed by Darin Adler. 33256 33257 Renaming versions of getOwnPropertySlot that use an unsigned as the property 33258 name to "getOwnPropertySlotByIndex" in preparation for adding them to the 33259 MethodTable, which requires unique names for each method. 33260 33261 * JavaScriptCore.exp: 33262 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 33263 * runtime/Arguments.cpp: 33264 (JSC::Arguments::getOwnPropertySlotVirtual): 33265 (JSC::Arguments::getOwnPropertySlotByIndex): 33266 * runtime/Arguments.h: 33267 * runtime/JSArray.cpp: 33268 (JSC::JSArray::getOwnPropertySlotVirtual): 33269 (JSC::JSArray::getOwnPropertySlotByIndex): 33270 (JSC::JSArray::getOwnPropertySlot): 33271 * runtime/JSArray.h: 33272 * runtime/JSByteArray.cpp: 33273 (JSC::JSByteArray::getOwnPropertySlotVirtual): 33274 (JSC::JSByteArray::getOwnPropertySlotByIndex): 33275 * runtime/JSByteArray.h: 33276 * runtime/JSCell.cpp: 33277 (JSC::JSCell::getOwnPropertySlotVirtual): 33278 (JSC::JSCell::getOwnPropertySlotByIndex): 33279 * runtime/JSCell.h: 33280 * runtime/JSNotAnObject.cpp: 33281 (JSC::JSNotAnObject::getOwnPropertySlotVirtual): 33282 (JSC::JSNotAnObject::getOwnPropertySlotByIndex): 33283 * runtime/JSNotAnObject.h: 33284 * runtime/JSObject.cpp: 33285 (JSC::JSObject::getOwnPropertySlotVirtual): 33286 (JSC::JSObject::getOwnPropertySlotByIndex): 33287 * runtime/JSObject.h: 33288 * runtime/JSString.cpp: 33289 (JSC::JSString::getOwnPropertySlotVirtual): 33290 (JSC::JSString::getOwnPropertySlotByIndex): 33291 * runtime/JSString.h: 33292 * runtime/ObjectPrototype.cpp: 33293 (JSC::ObjectPrototype::getOwnPropertySlotVirtual): 33294 (JSC::ObjectPrototype::getOwnPropertySlotByIndex): 33295 * runtime/ObjectPrototype.h: 33296 * runtime/RegExpMatchesArray.h: 33297 (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual): 33298 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): 33299 * runtime/StringObject.cpp: 33300 (JSC::StringObject::getOwnPropertySlotVirtual): 33301 (JSC::StringObject::getOwnPropertySlotByIndex): 33302 * runtime/StringObject.h: 33303 333042011-10-24 Patrick Gansterer <paroga@webkit.org> 33305 33306 Interpreter build fix after r98179. 33307 33308 * bytecode/CodeBlock.h: 33309 Moved CodeBlock::baselineVersion() into ENABLE(JIT) block, 33310 since it is only used there. 33311 333122011-10-23 Geoffrey Garen <ggaren@apple.com> 33313 33314 Fixed a typo Darin spotted. 33315 33316 * wtf/StringHasher.h: 33317 (WTF::StringHasher::hash): Expelliarmus! 33318 333192011-10-23 Geoffrey Garen <ggaren@apple.com> 33320 33321 Removed StringImpl::createStrippingNullCharacters 33322 https://bugs.webkit.org/show_bug.cgi?id=70700 33323 33324 Reviewed by David Levin. 33325 33326 It was unused. 33327 33328 * JavaScriptCore.exp: 33329 * wtf/text/StringImpl.cpp: 33330 * wtf/text/StringImpl.h: 33331 333322011-10-22 Filip Pizlo <fpizlo@apple.com> 33333 33334 DFG should inline constructors 33335 https://bugs.webkit.org/show_bug.cgi?id=70675 33336 33337 Reviewed by Oliver Hunt. 33338 33339 Adds support for inlining constructors. Also fixes two pathologies 33340 uncovered along the way: CheckMethod claimed that it never returned a 33341 result (causing CheckMethod -> SetLocal -> GetLocal sequences to 33342 result in the GetLocal doing OSR exit), and get_by_id parsing never 33343 checked if it was hot in slow path. Also fiddled with inlining 33344 heuristics; it appears that for now, the more inlining, the happier 33345 V8 is. Finally, a bug was uncovered where a silent spill of a boxed 33346 integer that had previously been spilled unboxed causes the silent 33347 fill to forget to unbox. 33348 33349 This appears to be a 4% speed-up on V8 in their harness, or a 1% 33350 speed-up in my harness. The difference is due to warm-up: in my 33351 harness we see significant amounts of time spent in compilation, but 33352 in V8's harness compilation gets amortizes. Profiling indicates that 33353 we have the potential for a 5% win from basic optimizations like 33354 generating OSR exits lazily and holding onto bytecode longer. 33355 33356 * dfg/DFGAbstractState.cpp: 33357 (JSC::DFG::AbstractState::execute): 33358 * dfg/DFGByteCodeParser.cpp: 33359 (JSC::DFG::ByteCodeParser::handleCall): 33360 (JSC::DFG::ByteCodeParser::handleInlining): 33361 (JSC::DFG::ByteCodeParser::handleMinMax): 33362 (JSC::DFG::ByteCodeParser::parseBlock): 33363 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 33364 (JSC::DFG::ByteCodeParser::parse): 33365 * dfg/DFGCapabilities.h: 33366 (JSC::DFG::mightInlineFunctionForConstruct): 33367 (JSC::DFG::canInlineOpcode): 33368 (JSC::DFG::mightInlineFunctionFor): 33369 (JSC::DFG::canInlineFunctionFor): 33370 * dfg/DFGJITCodeGenerator.h: 33371 (JSC::DFG::JITCodeGenerator::silentFillGPR): 33372 * runtime/Executable.h: 33373 (JSC::isCall): 33374 (JSC::ExecutableBase::intrinsicFor): 33375 * runtime/Heuristics.cpp: 33376 (JSC::Heuristics::initializeHeuristics): 33377 * runtime/Heuristics.h: 33378 333792011-10-23 Noel Gordon <noel.gordon@gmail.com> 33380 33381 [chromium] Remove RopeImpl.{h,cpp} from the gyp projects 33382 https://bugs.webkit.org/show_bug.cgi?id=70703 33383 33384 Reviewed by Kent Tamura. 33385 33386 runtime/RopeImpl.{h,cpp} were removed in r97872, remove references 33387 to these files from the gyp project files. 33388 33389 * JavaScriptCore.gypi: 33390 333912011-10-23 Mark Hahnenberg <mhahnenberg@apple.com> 33392 33393 Add deleteProperty to the MethodTable 33394 https://bugs.webkit.org/show_bug.cgi?id=70162 33395 33396 Reviewed by Sam Weinig. 33397 33398 * JavaScriptCore.exp: 33399 * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable. 33400 * runtime/JSFunction.h: Changed JSFunction::deleteProperty to 33401 be protected rather than private for subclasses who don't provide their own 33402 implementation. 33403 334042011-10-23 Mark Hahnenberg <mhahnenberg@apple.com> 33405 33406 Remove getConstructDataVirtual 33407 https://bugs.webkit.org/show_bug.cgi?id=70638 33408 33409 Reviewed by Darin Adler. 33410 33411 Removed all declarations and definitions of getConstructDataVirtual. 33412 Also replaced all call sites to getConstructDataVirtual with a 33413 corresponding lookup in the MethodTable. 33414 33415 * API/JSCallbackConstructor.cpp: 33416 * API/JSCallbackConstructor.h: 33417 * API/JSCallbackObject.h: 33418 * API/JSCallbackObjectFunctions.h: 33419 * API/JSObjectRef.cpp: 33420 (JSObjectIsConstructor): 33421 (JSObjectCallAsConstructor): 33422 * JavaScriptCore.exp: 33423 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 33424 * dfg/DFGOperations.cpp: 33425 * interpreter/Interpreter.cpp: 33426 (JSC::Interpreter::privateExecute): 33427 * jit/JITStubs.cpp: 33428 (JSC::DEFINE_STUB_FUNCTION): 33429 * runtime/ArrayConstructor.cpp: 33430 * runtime/ArrayConstructor.h: 33431 * runtime/BooleanConstructor.cpp: 33432 * runtime/BooleanConstructor.h: 33433 * runtime/DateConstructor.cpp: 33434 * runtime/DateConstructor.h: 33435 * runtime/Error.h: 33436 (JSC::StrictModeTypeErrorFunction::getConstructData): 33437 * runtime/ErrorConstructor.cpp: 33438 * runtime/ErrorConstructor.h: 33439 * runtime/FunctionConstructor.cpp: 33440 * runtime/FunctionConstructor.h: 33441 * runtime/JSCell.cpp: 33442 * runtime/JSCell.h: 33443 * runtime/JSFunction.cpp: 33444 * runtime/JSFunction.h: 33445 * runtime/JSObject.h: 33446 (JSC::getConstructData): 33447 * runtime/NativeErrorConstructor.cpp: 33448 * runtime/NativeErrorConstructor.h: 33449 * runtime/NumberConstructor.cpp: 33450 * runtime/NumberConstructor.h: 33451 * runtime/ObjectConstructor.cpp: 33452 * runtime/ObjectConstructor.h: 33453 * runtime/RegExpConstructor.cpp: 33454 * runtime/RegExpConstructor.h: 33455 * runtime/StringConstructor.cpp: 33456 * runtime/StringConstructor.h: 33457 334582011-10-23 Geoffrey Garen <ggaren@apple.com> 33459 33460 Try to fix the SL build. 33461 33462 * dfg/DFGByteCodeParser.cpp: 33463 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast 33464 away int vs unisgned warning. 33465 334662011-10-21 Geoffrey Garen <ggaren@apple.com> 33467 33468 Separated string lifetime bits from character buffer state bits 33469 https://bugs.webkit.org/show_bug.cgi?id=70673 33470 33471 Reviewed by Anders Carlsson. 33472 33473 Moved the static/immortal bit into the bottom bit of the refcount, and 33474 moved all other bits into the high bits of the hash code. 33475 33476 This is the first step toward a new Characters/PassString class, and it 33477 makes ref/deref slightly more efficient. 33478 33479 * create_hash_table: 33480 * wtf/StringHasher.h: 33481 (WTF::StringHasher::hash): Tweaked the string hashing function to leave 33482 the top bits clear, so they can be used as flags. 33483 33484 Fixed some small differences between the PERL copy of this function and 33485 the C++ copy of this function, which could have in theory caused subtle 33486 crashes. 33487 33488 * wtf/text/StringImpl.cpp: 33489 (WTF::StringImpl::sharedBuffer): 33490 (WTF::StringImpl::createWithTerminatingNullCharacter): 33491 * wtf/text/StringImpl.h: 33492 (WTF::StringImpl::StringImpl): 33493 (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to 33494 s_didReportExtraCost, since the original name was both self-contradictory 33495 and used as a double-negative. 33496 33497 (WTF::StringImpl::isIdentifier): 33498 (WTF::StringImpl::setIsIdentifier): 33499 (WTF::StringImpl::hasTerminatingNullCharacter): 33500 (WTF::StringImpl::isAtomic): 33501 (WTF::StringImpl::setIsAtomic): 33502 (WTF::StringImpl::setHash): 33503 (WTF::StringImpl::rawHash): 33504 (WTF::StringImpl::hasHash): 33505 (WTF::StringImpl::existingHash): 33506 (WTF::StringImpl::hash): 33507 (WTF::StringImpl::hasOneRef): 33508 (WTF::StringImpl::ref): 33509 (WTF::StringImpl::deref): 33510 (WTF::StringImpl::bufferOwnership): 33511 (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom 33512 bit of the refcount. Now, all lifetime information lives in the refcount 33513 field. Moved the other bits into the hash code field. 33514 335152011-10-21 Filip Pizlo <fpizlo@apple.com> 33516 33517 DFG inlining sometimes fails to reset constant references 33518 https://bugs.webkit.org/show_bug.cgi?id=70668 33519 33520 Reviewed by Anders Carlsson. 33521 33522 Reset constant references when we need to (new block created) and not 33523 when we don't (change of inlining depth). 33524 33525 * dfg/DFGByteCodeParser.cpp: 33526 (JSC::DFG::ByteCodeParser::handleInlining): 33527 (JSC::DFG::ByteCodeParser::prepareToParseBlock): 33528 (JSC::DFG::ByteCodeParser::parseBlock): 33529 (JSC::DFG::ByteCodeParser::parseCodeBlock): 33530 335312011-10-21 Filip Pizlo <fpizlo@apple.com> 33532 33533 DFG should have inlining 33534 https://bugs.webkit.org/show_bug.cgi?id=69996 33535 33536 Reviewed by Oliver Hunt. 33537 33538 Implements inlining that's hooked into the bytecode parser. Only 33539 works for calls, for now, though nothing fundamentally prevents us 33540 from inlining constructor calls. 2% overall speed-up on all 33541 benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and 33542 richards respectively), neutral on Kraken and SunSpider. 33543 33544 * bytecode/CodeBlock.cpp: 33545 (JSC::CodeBlock::visitAggregate): 33546 * bytecode/CodeBlock.h: 33547 (JSC::CodeBlock::baselineVersion): 33548 (JSC::CodeBlock::setInstructionCount): 33549 (JSC::CodeBlock::likelyToTakeSlowCase): 33550 (JSC::CodeBlock::couldTakeSlowCase): 33551 (JSC::CodeBlock::likelyToTakeSpecialFastCase): 33552 (JSC::CodeBlock::likelyToTakeDeepestSlowCase): 33553 (JSC::CodeBlock::likelyToTakeAnySlowCase): 33554 * bytecode/CodeOrigin.h: 33555 (JSC::CodeOrigin::inlineDepthForCallFrame): 33556 (JSC::CodeOrigin::inlineDepth): 33557 (JSC::CodeOrigin::operator==): 33558 (JSC::CodeOrigin::inlineStack): 33559 * bytecompiler/BytecodeGenerator.cpp: 33560 (JSC::BytecodeGenerator::generate): 33561 * dfg/DFGAbstractState.cpp: 33562 (JSC::DFG::AbstractState::beginBasicBlock): 33563 (JSC::DFG::AbstractState::execute): 33564 (JSC::DFG::AbstractState::mergeStateAtTail): 33565 * dfg/DFGBasicBlock.h: 33566 (JSC::DFG::BasicBlock::BasicBlock): 33567 (JSC::DFG::BasicBlock::ensureLocals): 33568 (JSC::DFG::UnlinkedBlock::UnlinkedBlock): 33569 * dfg/DFGByteCodeParser.cpp: 33570 (JSC::DFG::ByteCodeParser::ByteCodeParser): 33571 (JSC::DFG::ByteCodeParser::getDirect): 33572 (JSC::DFG::ByteCodeParser::get): 33573 (JSC::DFG::ByteCodeParser::setDirect): 33574 (JSC::DFG::ByteCodeParser::set): 33575 (JSC::DFG::ByteCodeParser::getLocal): 33576 (JSC::DFG::ByteCodeParser::getArgument): 33577 (JSC::DFG::ByteCodeParser::flush): 33578 (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry): 33579 (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand): 33580 (JSC::DFG::ByteCodeParser::handleInlining): 33581 (JSC::DFG::ByteCodeParser::parseBlock): 33582 (JSC::DFG::ByteCodeParser::processPhiStack): 33583 (JSC::DFG::ByteCodeParser::linkBlock): 33584 (JSC::DFG::ByteCodeParser::linkBlocks): 33585 (JSC::DFG::ByteCodeParser::handleSuccessor): 33586 (JSC::DFG::ByteCodeParser::determineReachability): 33587 (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): 33588 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 33589 (JSC::DFG::ByteCodeParser::parseCodeBlock): 33590 (JSC::DFG::ByteCodeParser::parse): 33591 * dfg/DFGCapabilities.cpp: 33592 (JSC::DFG::canHandleOpcodes): 33593 (JSC::DFG::canCompileOpcodes): 33594 (JSC::DFG::canInlineOpcodes): 33595 * dfg/DFGCapabilities.h: 33596 (JSC::DFG::mightCompileEval): 33597 (JSC::DFG::mightCompileProgram): 33598 (JSC::DFG::mightCompileFunctionForCall): 33599 (JSC::DFG::mightCompileFunctionForConstruct): 33600 (JSC::DFG::mightInlineFunctionForCall): 33601 (JSC::DFG::mightInlineFunctionForConstruct): 33602 (JSC::DFG::canInlineOpcode): 33603 (JSC::DFG::canInlineOpcodes): 33604 (JSC::DFG::canInlineFunctionForCall): 33605 (JSC::DFG::canInlineFunctionForConstruct): 33606 * dfg/DFGGraph.cpp: 33607 (JSC::DFG::printWhiteSpace): 33608 (JSC::DFG::Graph::dumpCodeOrigin): 33609 (JSC::DFG::Graph::dump): 33610 * dfg/DFGGraph.h: 33611 (JSC::DFG::GetBytecodeBeginForBlock::operator()): 33612 (JSC::DFG::Graph::blockIndexForBytecodeOffset): 33613 * dfg/DFGJITCompiler.cpp: 33614 (JSC::DFG::JITCompiler::decodedCodeMapFor): 33615 (JSC::DFG::JITCompiler::linkOSRExits): 33616 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 33617 * dfg/DFGJITCompiler.h: 33618 (JSC::DFG::JITCompiler::debugCall): 33619 (JSC::DFG::JITCompiler::baselineCodeBlockFor): 33620 * dfg/DFGJITCompiler32_64.cpp: 33621 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 33622 * dfg/DFGNode.h: 33623 (JSC::DFG::Node::hasVariableAccessData): 33624 (JSC::DFG::Node::shouldGenerate): 33625 * dfg/DFGOperands.h: 33626 (JSC::DFG::Operands::ensureLocals): 33627 (JSC::DFG::Operands::setLocal): 33628 (JSC::DFG::Operands::getLocal): 33629 * dfg/DFGPropagator.cpp: 33630 (JSC::DFG::Propagator::propagateNodePredictions): 33631 * dfg/DFGSpeculativeJIT.cpp: 33632 (JSC::DFG::OSRExit::OSRExit): 33633 (JSC::DFG::SpeculativeJIT::compile): 33634 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 33635 * dfg/DFGSpeculativeJIT.h: 33636 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 33637 * dfg/DFGSpeculativeJIT32_64.cpp: 33638 (JSC::DFG::SpeculativeJIT::compile): 33639 * dfg/DFGSpeculativeJIT64.cpp: 33640 (JSC::DFG::SpeculativeJIT::compile): 33641 * interpreter/CallFrame.cpp: 33642 (JSC::CallFrame::trueCallerFrameSlow): 33643 * jit/JITCall.cpp: 33644 (JSC::JIT::compileOpCallSlowCase): 33645 * jit/JITStubs.cpp: 33646 (JSC::DEFINE_STUB_FUNCTION): 33647 * runtime/Executable.cpp: 33648 (JSC::FunctionExecutable::baselineCodeBlockFor): 33649 (JSC::FunctionExecutable::produceCodeBlockFor): 33650 (JSC::FunctionExecutable::compileForCallInternal): 33651 (JSC::FunctionExecutable::compileForConstructInternal): 33652 * runtime/Executable.h: 33653 (JSC::FunctionExecutable::profiledCodeBlockFor): 33654 (JSC::FunctionExecutable::parameterCount): 33655 * runtime/Heuristics.cpp: 33656 (JSC::Heuristics::initializeHeuristics): 33657 * runtime/Heuristics.h: 33658 * runtime/JSFunction.h: 33659 336602011-10-21 Mark Hahnenberg <mhahnenberg@apple.com> 33661 33662 Add put to the MethodTable 33663 https://bugs.webkit.org/show_bug.cgi?id=70439 33664 33665 Reviewed by Oliver Hunt. 33666 33667 * JavaScriptCore.exp: 33668 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 33669 * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable. 33670 * runtime/JSFunction.h: Changed access modifier for put to protected since some 33671 subclasses of JSFunction need to reference it in their MethodTables. 33672 336732011-10-21 Mark Hahnenberg <mhahnenberg@apple.com> 33674 33675 Add finalizer to JSObject 33676 https://bugs.webkit.org/show_bug.cgi?id=70336 33677 33678 Reviewed by Darin Adler. 33679 33680 * heap/MarkedBlock.cpp: 33681 (JSC::MarkedBlock::callDestructor): Skip the call to the destructor 33682 if we're a JSFinalObject, since the finalizer takes care of things. 33683 * runtime/JSCell.h: 33684 (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with 33685 future changes and the fact that we no longer always call the destructor, making 33686 the information provided less useful. 33687 * runtime/JSObject.cpp: 33688 (JSC::JSObject::finalize): Add finalizer for JSObject. 33689 (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line 33690 property storage, we add a finalizer to ourself. 33691 * runtime/JSObject.h: 33692 336932011-10-21 Simon Hausmann <simon.hausmann@nokia.com> 33694 33695 Remove QtScript source code from WebKit. 33696 https://bugs.webkit.org/show_bug.cgi?id=64088 33697 33698 Reviewed by Tor Arne Vestbø. 33699 33700 Removed dead code that isn't developed anymore. 33701 33702 * JavaScriptCore.gypi: 33703 * JavaScriptCore.pri: 33704 * qt/api/QtScript.pro: Removed. 33705 * qt/api/qscriptconverter_p.h: Removed. 33706 * qt/api/qscriptengine.cpp: Removed. 33707 * qt/api/qscriptengine.h: Removed. 33708 * qt/api/qscriptengine_p.cpp: Removed. 33709 * qt/api/qscriptengine_p.h: Removed. 33710 * qt/api/qscriptfunction.cpp: Removed. 33711 * qt/api/qscriptfunction_p.h: Removed. 33712 * qt/api/qscriptoriginalglobalobject_p.h: Removed. 33713 * qt/api/qscriptprogram.cpp: Removed. 33714 * qt/api/qscriptprogram.h: Removed. 33715 * qt/api/qscriptprogram_p.h: Removed. 33716 * qt/api/qscriptstring.cpp: Removed. 33717 * qt/api/qscriptstring.h: Removed. 33718 * qt/api/qscriptstring_p.h: Removed. 33719 * qt/api/qscriptsyntaxcheckresult.cpp: Removed. 33720 * qt/api/qscriptsyntaxcheckresult.h: Removed. 33721 * qt/api/qscriptsyntaxcheckresult_p.h: Removed. 33722 * qt/api/qscriptvalue.cpp: Removed. 33723 * qt/api/qscriptvalue.h: Removed. 33724 * qt/api/qscriptvalue_p.h: Removed. 33725 * qt/api/qscriptvalueiterator.cpp: Removed. 33726 * qt/api/qscriptvalueiterator.h: Removed. 33727 * qt/api/qscriptvalueiterator_p.h: Removed. 33728 * qt/api/qtscriptglobal.h: Removed. 33729 * qt/benchmarks/benchmarks.pri: Removed. 33730 * qt/benchmarks/benchmarks.pro: Removed. 33731 * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed. 33732 * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed. 33733 * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed. 33734 * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed. 33735 * qt/tests/qscriptengine/qscriptengine.pro: Removed. 33736 * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed. 33737 * qt/tests/qscriptstring/qscriptstring.pro: Removed. 33738 * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed. 33739 * qt/tests/qscriptvalue/qscriptvalue.pro: Removed. 33740 * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed. 33741 * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed. 33742 * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed. 33743 * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed. 33744 * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed. 33745 * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed. 33746 * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed. 33747 * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed. 33748 * qt/tests/tests.pri: Removed. 33749 * qt/tests/tests.pro: Removed. 33750 337512011-10-21 Zheng Liu <zheng.z.liu@intel.com> 33752 33753 bytecompiler sometimes generates incorrect bytecode for put_by_id 33754 https://bugs.webkit.org/show_bug.cgi?id=70403 33755 33756 Reviewed by Filip Pizlo. 33757 33758 * bytecompiler/NodesCodegen.cpp: 33759 (JSC::AssignDotNode::emitBytecode): 33760 (JSC::AssignBracketNode::emitBytecode): 33761 337622011-10-20 Filip Pizlo <fpizlo@apple.com> 33763 33764 DFG should not try to predict argument types by looking at the values of 33765 argument registers at the time of compilation 33766 https://bugs.webkit.org/show_bug.cgi?id=70578 33767 33768 Reviewed by Oliver Hunt. 33769 33770 * bytecode/CodeBlock.cpp: 33771 * dfg/DFGDriver.cpp: 33772 (JSC::DFG::compile): 33773 (JSC::DFG::tryCompile): 33774 (JSC::DFG::tryCompileFunction): 33775 * dfg/DFGDriver.h: 33776 (JSC::DFG::tryCompileFunction): 33777 * dfg/DFGGraph.cpp: 33778 (JSC::DFG::Graph::predictArgumentTypes): 33779 * dfg/DFGGraph.h: 33780 * runtime/Executable.cpp: 33781 (JSC::FunctionExecutable::compileOptimizedForCall): 33782 (JSC::FunctionExecutable::compileOptimizedForConstruct): 33783 (JSC::FunctionExecutable::compileForCallInternal): 33784 (JSC::FunctionExecutable::compileForConstructInternal): 33785 * runtime/Executable.h: 33786 (JSC::FunctionExecutable::compileForCall): 33787 (JSC::FunctionExecutable::compileForConstruct): 33788 (JSC::FunctionExecutable::compileFor): 33789 (JSC::FunctionExecutable::compileOptimizedFor): 33790 337912011-10-20 Filip Pizlo <fpizlo@apple.com> 33792 33793 DFG call optimization handling will fail if the call had been unlinked due 33794 to the callee being optimized 33795 https://bugs.webkit.org/show_bug.cgi?id=70468 33796 33797 Reviewed by Geoff Garen. 33798 33799 If a call had ever been linked, we remember this fact as well as the function 33800 to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are 33801 called. 33802 33803 * bytecode/CodeBlock.cpp: 33804 (JSC::CodeBlock::visitAggregate): 33805 * bytecode/CodeBlock.h: 33806 * dfg/DFGByteCodeParser.cpp: 33807 (JSC::DFG::ByteCodeParser::parseBlock): 33808 * dfg/DFGRepatch.cpp: 33809 (JSC::DFG::dfgLinkFor): 33810 * jit/JIT.cpp: 33811 (JSC::JIT::linkFor): 33812 338132011-10-20 Yuqiang Xian <yuqiang.xian@intel.com> 33814 33815 DFG JIT 32_64 - Fix ByteArray speculation 33816 https://bugs.webkit.org/show_bug.cgi?id=70571 33817 33818 Reviewed by Filip Pizlo. 33819 33820 * dfg/DFGSpeculativeJIT.h: 33821 (JSC::DFG::ValueSource::forPrediction): 33822 * dfg/DFGSpeculativeJIT32_64.cpp: 33823 (JSC::DFG::SpeculativeJIT::compile): 33824 338252011-10-20 Vincent Scheib <scheib@chromium.org> 33826 33827 MouseLock compile and run time flags. 33828 https://bugs.webkit.org/show_bug.cgi?id=70530 33829 33830 Reviewed by Darin Fisher. 33831 33832 * wtf/Platform.h: 33833 338342011-10-20 Mark Hahnenberg <mhahnenberg@apple.com> 33835 33836 Rename static deleteProperty to deletePropertyByIndex 33837 https://bugs.webkit.org/show_bug.cgi?id=70257 33838 33839 Reviewed by Geoffrey Garen. 33840 33841 Renaming versions of deleteProperty that use an unsigned as the property 33842 name to "deletePropertyByIndex" in preparation for adding them to the 33843 MethodTable, which requires unique names for each method. 33844 33845 * API/JSCallbackObject.h: 33846 * API/JSCallbackObjectFunctions.h: 33847 (JSC::::deletePropertyVirtual): 33848 (JSC::::deletePropertyByIndex): 33849 * runtime/Arguments.cpp: 33850 (JSC::Arguments::deletePropertyVirtual): 33851 (JSC::Arguments::deletePropertyByIndex): 33852 * runtime/Arguments.h: 33853 * runtime/JSArray.cpp: 33854 (JSC::JSArray::deletePropertyVirtual): 33855 (JSC::JSArray::deletePropertyByIndex): 33856 * runtime/JSArray.h: 33857 * runtime/JSCell.cpp: 33858 (JSC::JSCell::deletePropertyVirtual): 33859 (JSC::JSCell::deletePropertyByIndex): 33860 * runtime/JSCell.h: 33861 * runtime/JSNotAnObject.cpp: 33862 (JSC::JSNotAnObject::deletePropertyVirtual): 33863 (JSC::JSNotAnObject::deletePropertyByIndex): 33864 * runtime/JSNotAnObject.h: 33865 * runtime/JSObject.cpp: 33866 (JSC::JSObject::deletePropertyVirtual): 33867 (JSC::JSObject::deletePropertyByIndex): 33868 * runtime/JSObject.h: 33869 * runtime/RegExpMatchesArray.h: 33870 (JSC::RegExpMatchesArray::deletePropertyVirtual): 33871 (JSC::RegExpMatchesArray::deletePropertyByIndex): 33872 338732011-10-20 Filip Pizlo <fpizlo@apple.com> 33874 33875 https://bugs.webkit.org/show_bug.cgi?id=70482 33876 DFG-related stubs in the old JIT should not be built if the DFG is disabled 33877 33878 Reviewed by Zoltan Herczeg. 33879 33880 Aiming for a slight code size/build time reduction if the DFG is not in 33881 play. This should also make further DFG development slightly easier since 33882 the bodies of these JIT stubs can now safely refer to things that are only 33883 declared when the DFG is enabled. 33884 33885 * jit/JITStubs.cpp: 33886 * jit/JITStubs.h: 33887 338882011-10-19 Filip Pizlo <fpizlo@apple.com> 33889 33890 DFG ConvertThis emits slow code when the source node is known to be, 33891 but not predicted to be, a final object 33892 https://bugs.webkit.org/show_bug.cgi?id=70466 33893 33894 Reviewed by Oliver Hunt. 33895 33896 Added a new case in ConvertThis compilation. 33897 33898 * dfg/DFGSpeculativeJIT32_64.cpp: 33899 (JSC::DFG::SpeculativeJIT::compile): 33900 * dfg/DFGSpeculativeJIT64.cpp: 33901 (JSC::DFG::SpeculativeJIT::compile): 33902 339032011-10-19 Filip Pizlo <fpizlo@apple.com> 33904 33905 Optimization triggers in the old JIT may sometimes fire repeatedly even 33906 though there is no optimization to be done 33907 https://bugs.webkit.org/show_bug.cgi?id=70467 33908 33909 Reviewed by Oliver Hunt. 33910 33911 If optimize_from_ret does nothing, it delays the next optimization trigger. 33912 This is performance-neutral. 33913 33914 * jit/JITStubs.cpp: 33915 (JSC::DEFINE_STUB_FUNCTION): 33916 * runtime/Heuristics.cpp: 33917 (JSC::Heuristics::initializeHeuristics): 33918 339192011-10-19 Yuqiang Xian <yuqiang.xian@intel.com> 33920 33921 DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble 33922 https://bugs.webkit.org/show_bug.cgi?id=70460 33923 33924 Reviewed by Filip Pizlo. 33925 33926 As pointed out by Gavin in bug #70418, when a value is already in memory 33927 we can avoid loading it to two GPRs at first and then unboxing them to a FPR. 33928 This gives 9% improvement on Kraken if without the change in bug #70418, 33929 and 1% if based on the code with bug #70418 change. 33930 Performance is neutral in V8 and SunSpider. 33931 33932 * dfg/DFGJITCodeGenerator32_64.cpp: 33933 (JSC::DFG::JITCodeGenerator::fillDouble): 33934 * dfg/DFGSpeculativeJIT32_64.cpp: 33935 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 33936 339372011-10-19 Gavin Barraclough <barraclough@apple.com> 33938 33939 Poisoning of strict caller,arguments inappropriately poisoning "in" 33940 https://bugs.webkit.org/show_bug.cgi?id=63398 33941 33942 Reviewed by Oliver Hunt. 33943 33944 This fixes the problem by correctly implementing the spec - 33945 the error should actually be being thrown from a standard JS getter/setter. 33946 This implements spec correct behaviour for strict mode JS functions & bound 33947 functions, I'll follow up with a patch to do the same for arguments. 33948 33949 * runtime/JSBoundFunction.cpp: 33950 (JSC::JSBoundFunction::finishCreation): 33951 - Add the poisoned caller/arguments properties. 33952 * runtime/JSBoundFunction.h: 33953 * runtime/JSFunction.cpp: 33954 (JSC::JSFunction::finishCreation): 33955 (JSC::JSFunction::getOwnPropertySlot): 33956 (JSC::JSFunction::getOwnPropertyDescriptor): 33957 (JSC::JSFunction::put): 33958 - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter. 33959 * runtime/JSFunction.h: 33960 * runtime/JSGlobalObject.cpp: 33961 (JSC::JSGlobalObject::createThrowTypeError): 33962 (JSC::JSGlobalObject::visitChildren): 33963 * runtime/JSGlobalObject.h: 33964 (JSC::JSGlobalObject::throwTypeErrorGetterSetter): 33965 - Add a ThrowTypeError type, per ES5 13.2.3. 33966 * runtime/JSGlobalObjectFunctions.cpp: 33967 (JSC::globalFuncThrowTypeError): 33968 * runtime/JSGlobalObjectFunctions.h: 33969 - Implementation of ThrowTypeError. 33970 * runtime/JSObject.cpp: 33971 (JSC::JSObject::initializeGetterSetterProperty): 33972 * runtime/JSObject.h: 33973 - This function adds a new property (must not exist already) that is an initialized getter/setter. 33974 339752011-10-19 Yuqiang Xian <yuqiang.xian@intel.com> 33976 33977 DFG JIT 32_64 - improve double boxing/unboxing 33978 https://bugs.webkit.org/show_bug.cgi?id=70418 33979 33980 Reviewed by Gavin Barraclough. 33981 33982 Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently, 33983 which tries to exchange data through memory. 33984 On X86 some SSE instructions can help us on such operations with better performance. 33985 This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider, 33986 and 2% on V8, tested on Linux X86 (Core i7 Nehalem). 33987 33988 * assembler/MacroAssemblerX86Common.h: 33989 (JSC::MacroAssemblerX86Common::lshiftPacked): 33990 (JSC::MacroAssemblerX86Common::rshiftPacked): 33991 (JSC::MacroAssemblerX86Common::orPacked): 33992 (JSC::MacroAssemblerX86Common::moveInt32ToPacked): 33993 (JSC::MacroAssemblerX86Common::movePackedToInt32): 33994 * assembler/X86Assembler.h: 33995 (JSC::X86Assembler::movd_rr): 33996 (JSC::X86Assembler::psllq_i8r): 33997 (JSC::X86Assembler::psrlq_i8r): 33998 (JSC::X86Assembler::por_rr): 33999 * dfg/DFGJITCodeGenerator.h: 34000 (JSC::DFG::JITCodeGenerator::boxDouble): 34001 (JSC::DFG::JITCodeGenerator::unboxDouble): 34002 * dfg/DFGJITCodeGenerator32_64.cpp: 34003 (JSC::DFG::JITCodeGenerator::fillDouble): 34004 (JSC::DFG::JITCodeGenerator::fillJSValue): 34005 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): 34006 (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber): 34007 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): 34008 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): 34009 * dfg/DFGJITCompiler.h: 34010 (JSC::DFG::JITCompiler::boxDouble): 34011 (JSC::DFG::JITCompiler::unboxDouble): 34012 * dfg/DFGSpeculativeJIT32_64.cpp: 34013 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 34014 (JSC::DFG::SpeculativeJIT::convertToDouble): 34015 (JSC::DFG::SpeculativeJIT::compile): 34016 340172011-10-19 Gyuyoung Kim <gyuyoung.kim@samsung.com> 34018 34019 [EFL] Fix DSO linkage of wtf_efl. 34020 34021 Unreviewed build fix. 34022 34023 Need to add -ldl to jsc_efl (requested by dladdr). 34024 34025 * wtf/CMakeListsEfl.txt: 34026 340272011-10-19 Geoffrey Garen <ggaren@apple.com> 34028 34029 Removed StringImplBase, fusing it into StringImpl 34030 https://bugs.webkit.org/show_bug.cgi?id=70443 34031 34032 Reviewed by Gavin Barraclough. 34033 34034 * GNUmakefile.list.am: 34035 * JavaScriptCore.gypi: 34036 * JavaScriptCore.order: 34037 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 34038 * JavaScriptCore.xcodeproj/project.pbxproj: 34039 * wtf/CMakeLists.txt: 34040 * wtf/text/StringImpl.h: 34041 (WTF::StringImpl::StringImpl): 34042 (WTF::StringImpl::ref): 34043 (WTF::StringImpl::length): 34044 * wtf/text/StringImplBase.h: Removed. 34045 * wtf/wtf.pri: Removed! 34046 340472011-10-19 Mark Hahnenberg <mhahnenberg@apple.com> 34048 34049 Add getConstructData to the MethodTable 34050 https://bugs.webkit.org/show_bug.cgi?id=70163 34051 34052 Reviewed by Geoffrey Garen. 34053 34054 Adding getConstructData to the MethodTable in order to be able to 34055 remove all calls to getConstructDataVirtual soon. Part of the process 34056 of de-virtualizing JSCell. 34057 34058 * JavaScriptCore.exp: 34059 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 34060 * runtime/ClassInfo.h: 34061 340622011-10-18 Oliver Hunt <oliver@apple.com> 34063 34064 Support CanvasPixelArray in the DFG 34065 https://bugs.webkit.org/show_bug.cgi?id=70384 34066 34067 Reviewed by Filip Pizlo. 34068 34069 Add support for the old CanvasPixelArray optimisations to the 34070 DFG. This removes the regression seen in the DFG when using 34071 a CPA. 34072 34073 * assembler/MacroAssemblerX86Common.h: 34074 (JSC::MacroAssemblerX86Common::store8): 34075 (JSC::MacroAssemblerX86Common::truncateDoubleToInt32): 34076 * assembler/X86Assembler.h: 34077 (JSC::X86Assembler::movb_rm): 34078 (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8): 34079 * bytecode/PredictedType.cpp: 34080 (JSC::predictionToString): 34081 (JSC::predictionFromClassInfo): 34082 * bytecode/PredictedType.h: 34083 (JSC::isByteArrayPrediction): 34084 * dfg/DFGAbstractState.cpp: 34085 (JSC::DFG::AbstractState::initialize): 34086 (JSC::DFG::AbstractState::execute): 34087 * dfg/DFGNode.h: 34088 (JSC::DFG::Node::shouldSpeculateByteArray): 34089 * dfg/DFGPropagator.cpp: 34090 (JSC::DFG::Propagator::propagateNodePredictions): 34091 (JSC::DFG::Propagator::fixupNode): 34092 (JSC::DFG::Propagator::performNodeCSE): 34093 * dfg/DFGSpeculativeJIT.cpp: 34094 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 34095 (JSC::DFG::compileClampDoubleToByte): 34096 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): 34097 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): 34098 * dfg/DFGSpeculativeJIT.h: 34099 * dfg/DFGSpeculativeJIT32_64.cpp: 34100 (JSC::DFG::SpeculativeJIT::compile): 34101 * dfg/DFGSpeculativeJIT64.cpp: 34102 (JSC::DFG::SpeculativeJIT::compile): 34103 * runtime/JSByteArray.h: 34104 (JSC::JSByteArray::offsetOfStorage): 34105 * wtf/ByteArray.cpp: 34106 * wtf/ByteArray.h: 34107 (WTF::ByteArray::offsetOfSize): 34108 (WTF::ByteArray::offsetOfData): 34109 341102011-10-18 Geoffrey Garen <ggaren@apple.com> 34111 34112 Some rope cleanup following r97827 34113 https://bugs.webkit.org/show_bug.cgi?id=70398 34114 34115 Reviewed by Oliver Hunt. 34116 34117 9% speedup on date-format-xparb, neutral overall. 34118 34119 - Removed RopeImpl*. 34120 - Removed JSString::m_fiberCount, since this can be deduced from other data. 34121 - Renamed a jsString() variant to jsStringFromArguments for clarity. 34122 34123 * CMakeLists.txt: 34124 * GNUmakefile.list.am: 34125 * JavaScriptCore.order: 34126 * JavaScriptCore.pro: 34127 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 34128 * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*. 34129 34130 * dfg/DFGSpeculativeJIT.cpp: 34131 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): 34132 (JSC::DFG::SpeculativeJIT::compileGetByValOnString): 34133 * jit/JITInlineMethods.h: 34134 (JSC::JIT::emitLoadCharacterString): 34135 * jit/JITPropertyAccess.cpp: 34136 (JSC::JIT::stringGetByValStubGenerator): 34137 * jit/JITPropertyAccess32_64.cpp: 34138 (JSC::JIT::stringGetByValStubGenerator): 34139 * jit/SpecializedThunkJIT.h: 34140 (JSC::SpecializedThunkJIT::loadJSStringArgument): 34141 * jit/ThunkGenerators.cpp: 34142 (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead 34143 of testing m_fiberCount, since m_fiberCount is gone now. 34144 34145 * runtime/JSString.cpp: 34146 (JSC::JSString::RopeBuilder::expand): 34147 (JSC::JSString::visitChildren): 34148 (JSC::JSString::resolveRope): 34149 (JSC::JSString::resolveRopeSlowCase): 34150 (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber 34151 in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now. 34152 34153 * runtime/JSString.h: 34154 (JSC::RopeBuilder::JSString): 34155 (JSC::RopeBuilder::finishCreation): 34156 (JSC::RopeBuilder::offsetOfLength): 34157 (JSC::RopeBuilder::isRope): 34158 (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed 34159 jsString => jsStringFromArguments for clarity. 34160 34161 * runtime/Operations.h: 34162 (JSC::jsStringFromArguments): Renamed. 34163 34164 * runtime/RopeImpl.cpp: Removed. 34165 * runtime/RopeImpl.h: Removed. 34166 34167 * runtime/SmallStrings.cpp: 34168 (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty, 34169 which is slightly faster. 34170 34171 * runtime/StringPrototype.cpp: 34172 (JSC::stringProtoFuncConcat): Updated for rename. 34173 34174 * wtf/text/StringImplBase.h: 34175 (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid 34176 StringImpl, since this was only used by RopeImpl, which is now gone. 34177 341782011-10-19 Rafael Antognolli <antognolli@profusion.mobi> 34179 34180 [EFL] Fix DSO linkage of jsc_efl. 34181 https://bugs.webkit.org/show_bug.cgi?id=70412 34182 34183 Unreviewed build fix. 34184 34185 Need to add -ldl to jsc_efl (requested by dladdr). 34186 34187 * shell/CMakeListsEfl.txt: 34188 341892011-10-18 Geoffrey Garen <ggaren@apple.com> 34190 34191 Rolled out last Windows build fix because it was wrong. 34192 341932011-10-18 Geoffrey Garen <ggaren@apple.com> 34194 34195 Rolled out last Windows build fix because it was wrong. 34196 341972011-10-18 Geoffrey Garen <ggaren@apple.com> 34198 34199 Try to fix part of the Windows build. 34200 34201 Export! 34202 342032011-10-18 Geoffrey Garen <ggaren@apple.com> 34204 34205 Switched ropes from malloc memory to GC memory 34206 https://bugs.webkit.org/show_bug.cgi?id=70364 34207 34208 Reviewed by Gavin Barraclough. 34209 34210 ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings 34211 having C++ destructors. 34212 34213 * heap/MarkStack.cpp: 34214 (JSC::visitChildren): Call the JSString visitChildren function now, 34215 since it's no longer a no-op. 34216 34217 * runtime/JSString.cpp: 34218 (JSC::JSString::~JSString): Moved this destructor out of line because 34219 it's called virtually, so there's no value to inlining. 34220 34221 (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin 34222 initializing wrapper around JSString. JSString now represents ropes 34223 directly, rather than relying on an underlying malloc object. 34224 34225 (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC 34226 objects now. 34227 34228 (JSC::JSString::resolveRope): 34229 (JSC::JSString::resolveRopeSlowCase): 34230 (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead 34231 of malloc objects. 34232 34233 (JSC::JSString::replaceCharacter): Removed optimizations for substringing 34234 ropes and replacing subsections of ropes. We want to reimplement versions 34235 of these optimizations in the future, but this patch already has good 34236 performance without them. 34237 34238 * runtime/JSString.h: 34239 (JSC::RopeBuilder::JSString): 34240 (JSC::RopeBuilder::finishCreation): 34241 (JSC::RopeBuilder::createNull): 34242 (JSC::RopeBuilder::create): 34243 (JSC::RopeBuilder::createHasOtherOwner): 34244 (JSC::jsSingleCharacterString): 34245 (JSC::jsSingleCharacterSubstring): 34246 (JSC::jsNontrivialString): 34247 (JSC::jsString): 34248 (JSC::jsSubstring): 34249 (JSC::jsOwnedString): Lots of mechanical changes here. The two important 34250 things are: (1) The fibers in JSString::m_fibers are JSStrings now, not 34251 malloc objects; (2) I simplified the JSString constructor interface to 34252 only accept PassRefPtr<StringImpl>, instead of variations on that like 34253 UString, reducing refcount churn. 34254 34255 * runtime/JSValue.h: 34256 * runtime/JSValue.cpp: 34257 (JSC::JSValue::toPrimitiveString): Updated this function to return a 34258 JSString instead of a UString, since that's what clients want now. 34259 34260 * runtime/Operations.cpp: 34261 (JSC::jsAddSlowCase): 34262 * runtime/Operations.h: 34263 (JSC::jsString): 34264 * runtime/SmallStrings.cpp: 34265 (JSC::SmallStrings::createEmptyString): Updated for interface changes above. 34266 34267 * runtime/StringConstructor.cpp: 34268 (JSC::constructWithStringConstructor): 34269 * runtime/StringObject.h: 34270 (JSC::StringObject::create): Don't create a new JSString if we already 34271 have a JSString. 34272 34273 * runtime/StringPrototype.cpp: 34274 (JSC::stringProtoFuncConcat): Updated for interface changes above. 34275 342762011-10-18 Gavin Barraclough <barraclough@apple.com> 34277 34278 Errrk, fix partial commit of r97825! 34279 34280 * runtime/DatePrototype.cpp: 34281 (JSC::dateProtoFuncToISOString): 34282 342832011-10-18 Gavin Barraclough <barraclough@apple.com> 34284 34285 Date.prototype.toISOString fails to throw exception 34286 https://bugs.webkit.org/show_bug.cgi?id=70394 34287 34288 Reviewed by Sam Weinig. 34289 34290 * runtime/DatePrototype.cpp: 34291 (JSC::dateProtoFuncToISOString): 34292 - Should throw a range error if the internal value is not finite. 34293 342942011-10-18 Mark Hahnenberg <mhahnenberg@apple.com> 34295 34296 Rename static put to putByIndex 34297 https://bugs.webkit.org/show_bug.cgi?id=70281 34298 34299 Reviewed by Geoffrey Garen. 34300 34301 Renaming versions of deleteProperty that use an unsigned as the property 34302 name to "deletePropertyByIndex" in preparation for adding them to the 34303 MethodTable, which requires unique names for each method. 34304 34305 * dfg/DFGOperations.cpp: 34306 (JSC::DFG::putByVal): 34307 * jit/JITStubs.cpp: 34308 (JSC::DEFINE_STUB_FUNCTION): 34309 * runtime/Arguments.cpp: 34310 (JSC::Arguments::putVirtual): 34311 (JSC::Arguments::putByIndex): 34312 * runtime/Arguments.h: 34313 * runtime/ArrayPrototype.cpp: 34314 (JSC::arrayProtoFuncMap): 34315 * runtime/JSArray.cpp: 34316 (JSC::JSArray::put): 34317 (JSC::JSArray::putVirtual): 34318 (JSC::JSArray::putByIndex): 34319 * runtime/JSArray.h: 34320 * runtime/JSByteArray.cpp: 34321 (JSC::JSByteArray::putVirtual): 34322 (JSC::JSByteArray::putByIndex): 34323 * runtime/JSByteArray.h: 34324 * runtime/JSCell.cpp: 34325 (JSC::JSCell::putVirtual): 34326 (JSC::JSCell::putByIndex): 34327 * runtime/JSCell.h: 34328 * runtime/JSNotAnObject.cpp: 34329 (JSC::JSNotAnObject::putVirtual): 34330 (JSC::JSNotAnObject::putByIndex): 34331 * runtime/JSNotAnObject.h: 34332 * runtime/JSObject.cpp: 34333 (JSC::JSObject::putVirtual): 34334 (JSC::JSObject::putByIndex): 34335 * runtime/JSObject.h: 34336 * runtime/RegExpConstructor.cpp: 34337 (JSC::RegExpMatchesArray::fillArrayInstance): 34338 * runtime/RegExpMatchesArray.h: 34339 (JSC::RegExpMatchesArray::putVirtual): 34340 (JSC::RegExpMatchesArray::putByIndex): 34341 343422011-10-18 Gavin Barraclough <barraclough@apple.com> 34343 34344 Array.prototype methods missing exception checks 34345 https://bugs.webkit.org/show_bug.cgi?id=70360 34346 34347 Reviewed by Geoff Garen. 34348 34349 Missing exception checks after calls to the static getProperty helper, 34350 these may result in the wrong exception being thrown (or an ASSERT being hit, 34351 as is currently the case running test-262). 34352 34353 No performance impact. 34354 34355 * runtime/ArrayPrototype.cpp: 34356 (JSC::arrayProtoFuncConcat): 34357 (JSC::arrayProtoFuncReverse): 34358 (JSC::arrayProtoFuncShift): 34359 (JSC::arrayProtoFuncSlice): 34360 (JSC::arrayProtoFuncSplice): 34361 (JSC::arrayProtoFuncUnShift): 34362 (JSC::arrayProtoFuncReduce): 34363 (JSC::arrayProtoFuncReduceRight): 34364 (JSC::arrayProtoFuncIndexOf): 34365 (JSC::arrayProtoFuncLastIndexOf): 34366 343672011-10-18 Adam Barth <abarth@webkit.org> 34368 34369 Always enable ENABLE(XPATH) 34370 https://bugs.webkit.org/show_bug.cgi?id=70217 34371 34372 Reviewed by Eric Seidel. 34373 34374 * Configurations/FeatureDefines.xcconfig: 34375 343762011-10-18 Gavin Barraclough <barraclough@apple.com> 34377 34378 Indexed arguments on the Arguments object should be enumerable. 34379 https://bugs.webkit.org/show_bug.cgi?id=70302 34380 34381 Reviewed by Sam Weinig. 34382 34383 See ECMA-262 5.1 chapter 10.6 step 11b. 34384 This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in. 34385 34386 * runtime/Arguments.cpp: 34387 (JSC::Arguments::getOwnPropertyDescriptor): 34388 - The 'enumerable' property should be true for indexed arguments. 34389 (JSC::Arguments::getOwnPropertyNames): 34390 - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'. 34391 343922011-10-18 Gustavo Noronha Silva <gns@gnome.org> 34393 34394 Fix distcheck. 34395 34396 * GNUmakefile.list.am: fix a typo and add a missing header to the 34397 list. 34398 343992011-10-18 Balazs Kelemen <kbalazs@webkit.org> 34400 34401 ParallelJobs: maximum number of threads should be determined dynamically 34402 https://bugs.webkit.org/show_bug.cgi?id=68540 34403 34404 Reviewed by Zoltan Herczeg. 34405 34406 Add logic to determine the number of cores and use this as 34407 the maximum number of threads. The implementation currently 34408 covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD. 34409 The patch was tested on Linux, Mac and Windows which was enough to 34410 cover all code path. It should work on the rest accoring to the 34411 documentation of those OS's. The hard coded constant is still used 34412 on uncovered OS's which should be fixed in the future. 34413 34414 * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber 34415 argument because clients should always fill it and the 0 default value 34416 was incorrect anyway. 34417 (WTF::ParallelJobs::ParallelJobs): 34418 * wtf/ParallelJobsGeneric.cpp: 34419 (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads): 34420 * wtf/ParallelJobsGeneric.h: 34421 (WTF::ParallelEnvironment::ParallelEnvironment): 34422 344232011-10-17 Gavin Barraclough <barraclough@apple.com> 34424 34425 Reverted r997709, this caused test failures. 34426 34427 * jit/JITStubs.cpp: 34428 (JSC::DEFINE_STUB_FUNCTION): 34429 * runtime/JSObject.cpp: 34430 (JSC::JSObject::hasProperty): 34431 (JSC::JSObject::hasOwnProperty): 34432 344332011-10-17 Ryosuke Niwa <rniwa@webkit.org> 34434 34435 Rename deregister* to unregister* 34436 https://bugs.webkit.org/show_bug.cgi?id=70272 34437 34438 Reviewed by Darin Adler. 34439 34440 Renamed deregisterWeakMap to unregisterWeakMap. 34441 34442 * runtime/JSGlobalObject.h: 34443 (JSC::JSGlobalObject::unregisterWeakMap): 34444 344452011-10-17 Gavin Barraclough <barraclough@apple.com> 34446 34447 Poisoning of strict caller/arguments inappropriately poisoning "in" 34448 https://bugs.webkit.org/show_bug.cgi?id=63398 34449 34450 Reviewed by Sam Weinig. 34451 34452 The problem here is that the has[Own]Property methods get the slot rather than 34453 the descriptor, and getting the slot may cause the property to be eagerly accessed. 34454 34455 * jit/JITStubs.cpp: 34456 (JSC::DEFINE_STUB_FUNCTION): 34457 - We don't expect hasProperty to ever throw. If it does, it won't get caught 34458 (since it is after the exception check), so ASSERT to guard against this. 34459 * runtime/JSObject.cpp: 34460 (JSC::JSObject::hasProperty): 34461 (JSC::JSObject::hasOwnProperty): 34462 - These methods should not check for the presence of the descriptor; never get the value. 34463 344642011-10-17 Gavin Barraclough <barraclough@apple.com> 34465 34466 Exception ordering in String.prototype.replace 34467 https://bugs.webkit.org/show_bug.cgi?id=70290 34468 34469 If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called. 34470 34471 Reviewed by Oliver Hunt. 34472 34473 * runtime/StringPrototype.cpp: 34474 (JSC::stringProtoFuncReplace): 34475 344762011-10-17 Filip Pizlo <fpizlo@apple.com> 34477 34478 DFG bytecode parser should understand inline stacks 34479 https://bugs.webkit.org/show_bug.cgi?id=70278 34480 34481 Reviewed by Oliver Hunt. 34482 34483 The DFG bytecode parser is now capable of parsing multiple code blocks at 34484 once. This remains turned off since not all inlining functionality is 34485 implemented. 34486 34487 This required making a few changes elsewhere in the system. The bytecode 34488 parser now may do some of the same things that the bytecode generator does, 34489 like allocating constants and identifiers. Basic block linking relies on 34490 bytecode indices, which are only meaningful within the context of one basic 34491 block. This is fine, so long as linking is done eagerly whenever switching 34492 from one code block to another. 34493 34494 * bytecode/CodeOrigin.h: 34495 (JSC::CodeOrigin::CodeOrigin): 34496 * bytecompiler/BytecodeGenerator.h: 34497 * dfg/DFGBasicBlock.h: 34498 * dfg/DFGByteCodeParser.cpp: 34499 (JSC::DFG::ByteCodeParser::ByteCodeParser): 34500 (JSC::DFG::ByteCodeParser::get): 34501 (JSC::DFG::ByteCodeParser::set): 34502 (JSC::DFG::ByteCodeParser::getThis): 34503 (JSC::DFG::ByteCodeParser::setThis): 34504 (JSC::DFG::ByteCodeParser::currentCodeOrigin): 34505 (JSC::DFG::ByteCodeParser::getPrediction): 34506 (JSC::DFG::ByteCodeParser::makeSafe): 34507 (JSC::DFG::ByteCodeParser::makeDivSafe): 34508 (JSC::DFG::ByteCodeParser::InlineStackEntry::executable): 34509 (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry): 34510 (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand): 34511 (JSC::DFG::ByteCodeParser::parseBlock): 34512 (JSC::DFG::ByteCodeParser::linkBlock): 34513 (JSC::DFG::ByteCodeParser::linkBlocks): 34514 (JSC::DFG::ByteCodeParser::setupPredecessors): 34515 (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): 34516 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 34517 (JSC::DFG::ByteCodeParser::parseCodeBlock): 34518 (JSC::DFG::ByteCodeParser::parse): 34519 * dfg/DFGGraph.h: 34520 (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock): 34521 (JSC::DFG::GetBytecodeBeginForBlock::operator()): 34522 (JSC::DFG::Graph::blockIndexForBytecodeOffset): 34523 * dfg/DFGNode.h: 34524 * runtime/Identifier.h: 34525 (JSC::IdentifierMapIndexHashTraits::emptyValue): 34526 * runtime/JSValue.h: 34527 * wtf/StdLibExtras.h: 34528 (WTF::binarySearchWithFunctor): 34529 345302011-10-17 Gavin Barraclough <barraclough@apple.com> 34531 34532 Incorrect behavior from String match/search & undefined pattern 34533 https://bugs.webkit.org/show_bug.cgi?id=70286 34534 34535 Reviewed by Sam weinig. 34536 34537 * runtime/StringPrototype.cpp: 34538 (JSC::stringProtoFuncMatch): 34539 - In case of undefined, pattern is "". 34540 (JSC::stringProtoFuncSearch): 34541 - In case of undefined, pattern is "". 34542 345432011-10-17 Gavin Barraclough <barraclough@apple.com> 34544 34545 https://bugs.webkit.org/show_bug.cgi?id=70207 34546 After deleting __defineSetter__, it is absent but appears in name list 34547 34548 Reviewed by Darin Adler. 34549 34550 * runtime/JSObject.cpp: 34551 (JSC::JSObject::getOwnPropertyNames): 34552 - This should check whether static functions have been reified. 34553 345542011-10-17 Geoffrey Garen <ggaren@apple.com> 34555 34556 Mac build fix. 34557 34558 * JavaScriptCore.exp: Export! 34559 345602011-10-17 Geoffrey Garen <ggaren@apple.com> 34561 34562 Windows build fix. 34563 34564 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export! 34565 345662011-10-17 Geoffrey Garen <ggaren@apple.com> 34567 34568 Windows build fix. 34569 34570 * heap/HandleStack.cpp: Added a missing #include. 34571 345722011-10-17 Geoffrey Garen <ggaren@apple.com> 34573 34574 Windows build fix. 34575 34576 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no 34577 longer existant symbol. 34578 34579 * heap/MarkStack.cpp: 34580 (JSC::MarkStackArray::shrinkAllocation): Cast to the right type. 34581 345822011-10-17 Geoffrey Garen <ggaren@apple.com> 34583 34584 Simplified GC marking logic 34585 https://bugs.webkit.org/show_bug.cgi?id=70258 34586 34587 Reviewed by Filip Pizlo. 34588 34589 No perf. change. 34590 34591 This is a first step toward GC allocating string backing stores, starting 34592 with ropes. It also enables future simplifications and optimizations. 34593 34594 - Replaced some complex mark stack logic with a simple linear stack of 34595 JSCell pointers. 34596 34597 - Replaced logic for short-circuiting marking based on JSType and/or 34598 Structure flags with special cases for object, array, and string. 34599 34600 - Fiddled with inlining for better codegen. 34601 34602 * JavaScriptCore.exp: 34603 * heap/HandleStack.cpp: Build! 34604 34605 * heap/Heap.cpp: 34606 (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking. 34607 34608 * heap/HeapRootVisitor.h: Removed unused functions that no longer build. 34609 34610 * heap/MarkStack.cpp: 34611 (JSC::MarkStackArray::MarkStackArray): 34612 (JSC::MarkStackArray::~MarkStackArray): 34613 (JSC::MarkStackArray::expand): 34614 (JSC::MarkStackArray::shrinkAllocation): 34615 (JSC::MarkStack::reset): 34616 (JSC::visitChildren): 34617 (JSC::SlotVisitor::drain): 34618 * heap/MarkStack.h: 34619 (JSC::MarkStack::MarkStack): 34620 (JSC::MarkStack::~MarkStack): 34621 (JSC::MarkStackArray::append): 34622 (JSC::MarkStackArray::removeLast): 34623 (JSC::MarkStackArray::isEmpty): 34624 (JSC::MarkStack::append): 34625 (JSC::MarkStack::appendUnbarrieredPointer): 34626 (JSC::MarkStack::internalAppend): Replaced complex mark set logic with 34627 simple linear stack. 34628 34629 * heap/SlotVisitor.h: 34630 (JSC::SlotVisitor::SlotVisitor): Updated for above changes. 34631 34632 * runtime/JSArray.cpp: 34633 (JSC::JSArray::visitChildren): 34634 * runtime/JSArray.h: 34635 * runtime/JSObject.cpp: 34636 (JSC::JSObject::visitChildren): 34637 * runtime/JSObject.h: Don't inline visitChildren; it's too big. 34638 34639 * runtime/Structure.h: 34640 (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType 34641 because it prevented strings from owning GC pointers. 34642 34643 * runtime/WriteBarrier.h: 34644 (JSC::MarkStack::appendValues): No need to validate; internalAppend will 34645 do that for us. 34646 346472011-10-17 Adam Roben <aroben@apple.com> 34648 34649 Windows build fix after r97536, part 3 34650 34651 * runtime/JSAPIValueWrapper.h: 34652 * runtime/JSObject.h: 34653 Use JS_EXPORTDATA to export the s_info members. 34654 346552011-10-17 Adam Roben <aroben@apple.com> 34656 34657 Interpreter build fix after r97564 34658 34659 * runtime/Executable.cpp: 34660 (JSC::FunctionExecutable::compileForCallInternal): 34661 (JSC::FunctionExecutable::compileForConstructInternal): 34662 Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used 34663 there. 34664 346652011-10-17 Adam Roben <aroben@apple.com> 34666 34667 Windows build fix after r97536, part 2 34668 34669 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back 34670 JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I 34671 was at it. 34672 346732011-10-17 Adam Roben <aroben@apple.com> 34674 34675 Windows build fix after r97536 34676 34677 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of 34678 JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of 34679 s_info members, which need to be exported via JS_EXPORTDATA instead. 34680 346812011-10-17 Patrick Gansterer <paroga@webkit.org> 34682 34683 Interpreter build fix after r97436, r97506, r97532 and r97537. 34684 34685 * interpreter/Interpreter.cpp: 34686 (JSC::Interpreter::privateExecute): 34687 346882011-10-16 Adam Barth <abarth@webkit.org> 34689 34690 Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code 34691 https://bugs.webkit.org/show_bug.cgi?id=70216 34692 34693 Reviewed by Eric Seidel. 34694 34695 * wtf/Platform.h: 34696 346972011-10-16 Noel Gordon <noel.gordon@gmail.com> 34698 34699 [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files 34700 https://bugs.webkit.org/show_bug.cgi?id=70205 34701 34702 Reviewed by James Robinson. 34703 34704 wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557. 34705 wtf/gtk/ThreadingGtk.cpp was removed in r97269. 34706 34707 * JavaScriptCore.gypi: 34708 347092011-10-16 Adam Barth <abarth@webkit.org> 34710 34711 Always enable ENABLE(DOM_STORAGE) 34712 https://bugs.webkit.org/show_bug.cgi?id=70189 34713 34714 Reviewed by Eric Seidel. 34715 34716 * Configurations/FeatureDefines.xcconfig: 34717 347182011-10-15 Dan Horák <dan@danny.cz> 34719 34720 The s390 and s390x architectures both use 64-bit double type 34721 that conforms to the IEEE-754 standard. 34722 34723 https://bugs.webkit.org/show_bug.cgi?id=69940 34724 34725 Reviewed by Gavin Barraclough. 34726 34727 * wtf/dtoa/utils.h: 34728 347292011-10-14 Filip Pizlo <fpizlo@apple.com> 34730 34731 FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks 34732 https://bugs.webkit.org/show_bug.cgi?id=70157 34733 34734 Reviewed by Geoff Garen. 34735 34736 Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal() 34737 and compileForConstructInternal() to use this method. This required more cleanly 34738 exposing some of CodeBlock's tiering functionality and moving the CompilationKind 34739 enum to Executable.h, as this was the easiest way to make it available to the 34740 declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator. 34741 34742 * bytecode/CodeBlock.cpp: 34743 (JSC::CodeBlock::copyDataFrom): 34744 (JSC::CodeBlock::copyDataFromAlternative): 34745 * bytecode/CodeBlock.h: 34746 (JSC::CodeBlock::setAlternative): 34747 * bytecompiler/BytecodeGenerator.h: 34748 * runtime/Executable.cpp: 34749 (JSC::EvalExecutable::compileInternal): 34750 (JSC::ProgramExecutable::compileInternal): 34751 (JSC::FunctionExecutable::produceCodeBlockFor): 34752 (JSC::FunctionExecutable::compileForCallInternal): 34753 (JSC::FunctionExecutable::compileForConstructInternal): 34754 * runtime/Executable.h: 34755 (JSC::FunctionExecutable::codeBlockFor): 34756 347572011-10-15 Laszlo Gombos <laszlo.1.gombos@nokia.com> 34758 34759 [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port 34760 https://bugs.webkit.org/show_bug.cgi?id=69920 34761 34762 Reviewed by Kenneth Rohde Christiansen. 34763 34764 * JavaScriptCore.pri: 34765 * JavaScriptCore.pro: 34766 * heap/MarkStack.h: 34767 (JSC::::shrinkAllocation): 34768 * jit/ExecutableAllocator.cpp: 34769 * jit/ExecutableAllocator.h: 34770 (JSC::ExecutableAllocator::cacheFlush): 34771 * jit/JITStubs.cpp: 34772 * jsc.pro: 34773 * runtime/ArrayPrototype.cpp: 34774 (JSC::arrayProtoFuncToString): 34775 * runtime/DatePrototype.cpp: 34776 (JSC::formatLocaleDate): 34777 * runtime/StringPrototype.cpp: 34778 (JSC::stringProtoFuncLastIndexOf): 34779 * runtime/TimeoutChecker.cpp: 34780 (JSC::getCPUTime): 34781 * wtf/Assertions.cpp: 34782 * wtf/Assertions.h: 34783 * wtf/Atomics.h: 34784 * wtf/MathExtras.h: 34785 * wtf/OSAllocator.h: 34786 (WTF::OSAllocator::decommitAndRelease): 34787 * wtf/OSAllocatorSymbian.cpp: Removed. 34788 * wtf/OSRandomSource.cpp: 34789 (WTF::cryptographicallyRandomValuesFromOS): 34790 * wtf/PageAllocation.h: 34791 * wtf/PageAllocatorSymbian.h: Removed. 34792 * wtf/PageBlock.cpp: 34793 * wtf/Platform.h: 34794 * wtf/StackBounds.cpp: 34795 * wtf/wtf.pri: 34796 347972011-10-15 Yuqiang Xian <yuqiang.xian@intel.com> 34798 34799 Trivial fix for a missing change in r97512 34800 https://bugs.webkit.org/show_bug.cgi?id=70166 34801 34802 Reviewed by Gavin Barraclough. 34803 34804 * dfg/DFGJITCompiler32_64.cpp: 34805 (JSC::DFG::JITCompiler::link): 34806 348072011-10-14 Mark Hahnenberg <mhahnenberg@apple.com> 34808 34809 Rename getOwnPropertySlot to getOwnPropertySlotVirtual 34810 https://bugs.webkit.org/show_bug.cgi?id=69810 34811 34812 Reviewed by Geoffrey Garen. 34813 34814 Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual 34815 in preparation for when we add the static getOwnPropertySlot to the MethodTable 34816 in ClassInfo. 34817 34818 Also added a few static getOwnPropertySlot functions where they had been overlooked 34819 before (especially in CodeGeneratorJS.pm). 34820 34821 * API/JSCallbackObject.h: 34822 * API/JSCallbackObjectFunctions.h: 34823 (JSC::::getOwnPropertySlotVirtual): 34824 (JSC::::getOwnPropertySlot): 34825 (JSC::::getOwnPropertyDescriptor): 34826 (JSC::::staticFunctionGetter): 34827 * JavaScriptCore.exp: 34828 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 34829 * debugger/DebuggerActivation.cpp: 34830 (JSC::DebuggerActivation::getOwnPropertySlotVirtual): 34831 (JSC::DebuggerActivation::getOwnPropertySlot): 34832 * debugger/DebuggerActivation.h: 34833 * runtime/Arguments.cpp: 34834 (JSC::Arguments::getOwnPropertySlotVirtual): 34835 (JSC::Arguments::getOwnPropertySlot): 34836 * runtime/Arguments.h: 34837 * runtime/ArrayConstructor.cpp: 34838 (JSC::ArrayConstructor::getOwnPropertySlotVirtual): 34839 (JSC::ArrayConstructor::getOwnPropertySlot): 34840 * runtime/ArrayConstructor.h: 34841 * runtime/ArrayPrototype.cpp: 34842 (JSC::ArrayPrototype::getOwnPropertySlotVirtual): 34843 * runtime/ArrayPrototype.h: 34844 * runtime/BooleanPrototype.cpp: 34845 (JSC::BooleanPrototype::getOwnPropertySlotVirtual): 34846 * runtime/BooleanPrototype.h: 34847 * runtime/DateConstructor.cpp: 34848 (JSC::DateConstructor::getOwnPropertySlotVirtual): 34849 * runtime/DateConstructor.h: 34850 * runtime/DatePrototype.cpp: 34851 (JSC::DatePrototype::getOwnPropertySlotVirtual): 34852 * runtime/DatePrototype.h: 34853 * runtime/ErrorPrototype.cpp: 34854 (JSC::ErrorPrototype::getOwnPropertySlotVirtual): 34855 * runtime/ErrorPrototype.h: 34856 * runtime/JSActivation.cpp: 34857 (JSC::JSActivation::getOwnPropertySlotVirtual): 34858 * runtime/JSActivation.h: 34859 * runtime/JSArray.cpp: 34860 (JSC::JSArray::getOwnPropertySlotVirtual): 34861 (JSC::JSArray::getOwnPropertySlot): 34862 * runtime/JSArray.h: 34863 * runtime/JSBoundFunction.cpp: 34864 (JSC::JSBoundFunction::getOwnPropertySlotVirtual): 34865 * runtime/JSBoundFunction.h: 34866 * runtime/JSByteArray.cpp: 34867 (JSC::JSByteArray::getOwnPropertySlotVirtual): 34868 * runtime/JSByteArray.h: 34869 * runtime/JSCell.cpp: 34870 (JSC::JSCell::getOwnPropertySlotVirtual): 34871 * runtime/JSCell.h: 34872 * runtime/JSFunction.cpp: 34873 (JSC::JSFunction::getOwnPropertySlotVirtual): 34874 (JSC::JSFunction::getOwnPropertyDescriptor): 34875 (JSC::JSFunction::getOwnPropertyNames): 34876 (JSC::JSFunction::put): 34877 * runtime/JSFunction.h: 34878 * runtime/JSGlobalObject.cpp: 34879 (JSC::JSGlobalObject::getOwnPropertySlotVirtual): 34880 * runtime/JSGlobalObject.h: 34881 (JSC::JSGlobalObject::hasOwnPropertyForWrite): 34882 * runtime/JSNotAnObject.cpp: 34883 (JSC::JSNotAnObject::getOwnPropertySlotVirtual): 34884 * runtime/JSNotAnObject.h: 34885 * runtime/JSONObject.cpp: 34886 (JSC::Stringifier::Holder::appendNextProperty): 34887 (JSC::JSONObject::getOwnPropertySlotVirtual): 34888 (JSC::Walker::walk): 34889 * runtime/JSONObject.h: 34890 * runtime/JSObject.cpp: 34891 (JSC::JSObject::getOwnPropertySlotVirtual): 34892 (JSC::JSObject::getOwnPropertySlot): 34893 (JSC::JSObject::hasOwnProperty): 34894 * runtime/JSObject.h: 34895 (JSC::JSObject::getOwnPropertySlotVirtual): 34896 (JSC::JSCell::fastGetOwnPropertySlot): 34897 (JSC::JSObject::getPropertySlot): 34898 (JSC::JSValue::get): 34899 * runtime/JSStaticScopeObject.cpp: 34900 (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual): 34901 * runtime/JSStaticScopeObject.h: 34902 * runtime/JSString.cpp: 34903 (JSC::JSString::getOwnPropertySlotVirtual): 34904 (JSC::JSString::getOwnPropertySlot): 34905 * runtime/JSString.h: 34906 * runtime/Lookup.h: 34907 (JSC::getStaticPropertySlot): 34908 (JSC::getStaticFunctionSlot): 34909 (JSC::getStaticValueSlot): 34910 * runtime/MathObject.cpp: 34911 (JSC::MathObject::getOwnPropertySlotVirtual): 34912 * runtime/MathObject.h: 34913 * runtime/NumberConstructor.cpp: 34914 (JSC::NumberConstructor::getOwnPropertySlotVirtual): 34915 * runtime/NumberConstructor.h: 34916 * runtime/NumberPrototype.cpp: 34917 (JSC::NumberPrototype::getOwnPropertySlotVirtual): 34918 * runtime/NumberPrototype.h: 34919 * runtime/ObjectConstructor.cpp: 34920 (JSC::ObjectConstructor::getOwnPropertySlotVirtual): 34921 * runtime/ObjectConstructor.h: 34922 * runtime/ObjectPrototype.cpp: 34923 (JSC::ObjectPrototype::getOwnPropertySlotVirtual): 34924 * runtime/ObjectPrototype.h: 34925 * runtime/RegExpConstructor.cpp: 34926 (JSC::RegExpConstructor::getOwnPropertySlotVirtual): 34927 * runtime/RegExpConstructor.h: 34928 * runtime/RegExpMatchesArray.h: 34929 (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual): 34930 * runtime/RegExpObject.cpp: 34931 (JSC::RegExpObject::getOwnPropertySlotVirtual): 34932 * runtime/RegExpObject.h: 34933 * runtime/RegExpPrototype.cpp: 34934 (JSC::RegExpPrototype::getOwnPropertySlotVirtual): 34935 * runtime/RegExpPrototype.h: 34936 * runtime/StringConstructor.cpp: 34937 (JSC::StringConstructor::getOwnPropertySlotVirtual): 34938 * runtime/StringConstructor.h: 34939 * runtime/StringObject.cpp: 34940 (JSC::StringObject::getOwnPropertySlotVirtual): 34941 * runtime/StringObject.h: 34942 * runtime/StringPrototype.cpp: 34943 (JSC::StringPrototype::getOwnPropertySlotVirtual): 34944 * runtime/StringPrototype.h: 34945 349462011-10-14 Gavin Barraclough <baraclough@apple.com> 34947 34948 Most built-in properties are not deletable 34949 https://bugs.webkit.org/show_bug.cgi?id=61014 34950 34951 Reviewed by Filip Pizlo. 34952 34953 Our static hash tables don't allow for deleting properties. 34954 This is the cause of a bunch of expected failures in LayoutTests/sputnik. 34955 34956 This fixes the problem by reifying all static functions immediately prior 34957 to the first deletion. Reification is tracked by a flag on the structure, 34958 so properties will no longer 'bounce-back' on later access. 34959 34960 Theoretically there could probably also be an issue with custom accessor 34961 properties, but we probably do not really require any of these to be 34962 Configurable anyway. I'll follow up with a separate patch to address this. 34963 34964 * runtime/ClassInfo.h: 34965 (JSC::ClassInfo::hasStaticProperties): 34966 - detects static property tables. 34967 * runtime/JSObject.cpp: 34968 (JSC::JSObject::deleteProperty): 34969 - call reifyStaticFunctions before deletion. 34970 (JSC::JSObject::reifyStaticFunctions): 34971 - If the class has static functions, set them up now. 34972 * runtime/JSObject.h: 34973 (JSC::JSObject::staticFunctionsReified): 34974 - returns true if static functions have been reified, 34975 and as such should no longer be added. 34976 * runtime/Lookup.cpp: 34977 (JSC::setUpStaticFunctionSlot): 34978 - If static functions have been reified do not add. 34979 * runtime/Lookup.h: 34980 (JSC::HashTable::ConstIterator::ConstIterator): 34981 (JSC::HashTable::ConstIterator::operator->): 34982 (JSC::HashTable::ConstIterator::operator*): 34983 (JSC::HashTable::ConstIterator::operator!=): 34984 (JSC::HashTable::ConstIterator::operator++): 34985 (JSC::HashTable::ConstIterator::skipInvalidKeys): 34986 (JSC::HashTable::begin): 34987 (JSC::HashTable::end): 34988 (JSC::getStaticPropertySlot): 34989 (JSC::getStaticPropertyDescriptor): 34990 (JSC::getStaticFunctionSlot): 34991 (JSC::getStaticFunctionDescriptor): 34992 - setUpStaticFunctionSlot may not add, returns a bool. 34993 (JSC::lookupPut): 34994 - remove redundant branch. 34995 * runtime/Structure.cpp: 34996 (JSC::Structure::Structure): 34997 - initialize new flag in constructors. 34998 * runtime/Structure.h: 34999 (JSC::Structure::staticFunctionsReified): 35000 (JSC::Structure::setStaticFunctionsReified): 35001 - added flag 35002 350032011-10-14 Mark Hahnenberg <mhahnenberg@apple.com> 35004 35005 Rename virtual put to putVirtual 35006 https://bugs.webkit.org/show_bug.cgi?id=69851 35007 35008 Reviewed by Darin Adler. 35009 35010 Renamed virtual versions of put to putVirtual in prepration for 35011 adding the static put to the MethodTable in ClassInfo since the 35012 compiler gets mad if the virtual and static versions have the same 35013 name. 35014 35015 * API/JSCallbackObject.h: 35016 * API/JSCallbackObjectFunctions.h: 35017 (JSC::::putVirtual): 35018 * API/JSObjectRef.cpp: 35019 (JSObjectSetProperty): 35020 (JSObjectSetPropertyAtIndex): 35021 * JavaScriptCore.exp: 35022 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 35023 * debugger/DebuggerActivation.cpp: 35024 (JSC::DebuggerActivation::putVirtual): 35025 (JSC::DebuggerActivation::put): 35026 * debugger/DebuggerActivation.h: 35027 * dfg/DFGOperations.cpp: 35028 (JSC::DFG::putByVal): 35029 * interpreter/Interpreter.cpp: 35030 (JSC::Interpreter::execute): 35031 * jit/JITStubs.cpp: 35032 (JSC::DEFINE_STUB_FUNCTION): 35033 * jsc.cpp: 35034 (GlobalObject::finishCreation): 35035 * runtime/Arguments.cpp: 35036 (JSC::Arguments::putVirtual): 35037 * runtime/Arguments.h: 35038 * runtime/ArrayPrototype.cpp: 35039 (JSC::putProperty): 35040 (JSC::arrayProtoFuncConcat): 35041 (JSC::arrayProtoFuncPush): 35042 (JSC::arrayProtoFuncReverse): 35043 (JSC::arrayProtoFuncShift): 35044 (JSC::arrayProtoFuncSlice): 35045 (JSC::arrayProtoFuncSort): 35046 (JSC::arrayProtoFuncSplice): 35047 (JSC::arrayProtoFuncUnShift): 35048 (JSC::arrayProtoFuncFilter): 35049 (JSC::arrayProtoFuncMap): 35050 * runtime/JSActivation.cpp: 35051 (JSC::JSActivation::putVirtual): 35052 * runtime/JSActivation.h: 35053 * runtime/JSArray.cpp: 35054 (JSC::JSArray::putVirtual): 35055 (JSC::JSArray::putSlowCase): 35056 (JSC::JSArray::push): 35057 (JSC::JSArray::shiftCount): 35058 (JSC::JSArray::unshiftCount): 35059 * runtime/JSArray.h: 35060 * runtime/JSByteArray.cpp: 35061 (JSC::JSByteArray::putVirtual): 35062 * runtime/JSByteArray.h: 35063 * runtime/JSCell.cpp: 35064 (JSC::JSCell::putVirtual): 35065 (JSC::JSCell::put): 35066 * runtime/JSCell.h: 35067 * runtime/JSFunction.cpp: 35068 (JSC::JSFunction::putVirtual): 35069 * runtime/JSFunction.h: 35070 * runtime/JSGlobalObject.cpp: 35071 (JSC::JSGlobalObject::putVirtual): 35072 (JSC::JSGlobalObject::putWithAttributes): 35073 * runtime/JSGlobalObject.h: 35074 * runtime/JSNotAnObject.cpp: 35075 (JSC::JSNotAnObject::putVirtual): 35076 * runtime/JSNotAnObject.h: 35077 * runtime/JSONObject.cpp: 35078 (JSC::Walker::walk): 35079 * runtime/JSObject.cpp: 35080 (JSC::JSObject::putVirtual): 35081 (JSC::JSObject::put): 35082 (JSC::JSObject::defineOwnProperty): 35083 * runtime/JSObject.h: 35084 (JSC::JSValue::put): 35085 * runtime/JSStaticScopeObject.cpp: 35086 (JSC::JSStaticScopeObject::putVirtual): 35087 * runtime/JSStaticScopeObject.h: 35088 * runtime/Lookup.h: 35089 (JSC::lookupPut): 35090 * runtime/ObjectPrototype.cpp: 35091 (JSC::ObjectPrototype::putVirtual): 35092 * runtime/ObjectPrototype.h: 35093 * runtime/RegExpConstructor.cpp: 35094 (JSC::RegExpMatchesArray::fillArrayInstance): 35095 (JSC::RegExpConstructor::putVirtual): 35096 * runtime/RegExpConstructor.h: 35097 * runtime/RegExpMatchesArray.h: 35098 (JSC::RegExpMatchesArray::putVirtual): 35099 * runtime/RegExpObject.cpp: 35100 (JSC::RegExpObject::putVirtual): 35101 * runtime/RegExpObject.h: 35102 * runtime/StringObject.cpp: 35103 (JSC::StringObject::putVirtual): 35104 * runtime/StringObject.h: 35105 * runtime/StringPrototype.cpp: 35106 (JSC::stringProtoFuncSplit): 35107 351082011-10-13 Filip Pizlo <fpizlo@apple.com> 35109 35110 Reflective Arguments retrieval should be hardened for the 35111 possibility of inlining 35112 https://bugs.webkit.org/show_bug.cgi?id=70068 35113 35114 Reviewed by Oliver Hunt. 35115 35116 CodeBlock can now track, as part of its RareData, the virtual inline 35117 stack at callsites. CallFrame walking can now rematerialize "inline" 35118 CallFrames by combining the meta-data in CodeBlock with the information 35119 already in the JS stack. Arguments can now safely retrieve the 35120 arguments from inline CallFrames. 35121 35122 The DFG already had the notion of a "CodeOrigin" in preparation for 35123 inlining. This notion will now be saved into the CodeBlock, if the DFG 35124 had done inlining. So, CodeOrigin has been moved to bytecode/ and has 35125 been changed to behave more like a struct since that is how it's 35126 meant to be used. 35127 35128 * GNUmakefile.list.am: 35129 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 35130 * JavaScriptCore.xcodeproj/project.pbxproj: 35131 * bytecode/CodeBlock.h: 35132 (JSC::CodeBlock::inlineCallFrames): 35133 (JSC::CodeBlock::codeOrigins): 35134 (JSC::CodeBlock::hasCodeOrigins): 35135 (JSC::CodeBlock::codeOriginForReturn): 35136 * bytecode/CodeOrigin.h: Added. 35137 (JSC::CodeOrigin::CodeOrigin): 35138 (JSC::CodeOrigin::isSet): 35139 (JSC::getCallReturnOffsetForCodeOrigin): 35140 * dfg/DFGJITCompiler.cpp: 35141 (JSC::DFG::JITCompiler::link): 35142 * dfg/DFGNode.h: 35143 * dfg/DFGSpeculativeJIT.cpp: 35144 (JSC::DFG::SpeculativeJIT::compile): 35145 * dfg/DFGSpeculativeJIT32_64.cpp: 35146 (JSC::DFG::SpeculativeJIT::compile): 35147 * dfg/DFGSpeculativeJIT64.cpp: 35148 (JSC::DFG::SpeculativeJIT::compile): 35149 * interpreter/CallFrame.cpp: 35150 (JSC::CallFrame::isInlineCallFrame): 35151 (JSC::CallFrame::trueCallerFrame): 35152 * interpreter/CallFrame.h: 35153 (JSC::ExecState::inlineCallFrame): 35154 (JSC::ExecState::setInlineCallFrame): 35155 (JSC::ExecState::isInlineCallFrame): 35156 (JSC::ExecState::trueCallerFrame): 35157 * interpreter/Interpreter.cpp: 35158 (JSC::Interpreter::findFunctionCallFrame): 35159 * interpreter/Register.h: 35160 (JSC::Register::operator=): 35161 (JSC::Register::inlineCallFrame): 35162 * runtime/Arguments.h: 35163 (JSC::Arguments::getArgumentsData): 35164 (JSC::Arguments::finishCreationButDontCopyRegisters): 35165 (JSC::Arguments::finishCreation): 35166 (JSC::Arguments::finishCreationAndCopyRegisters): 35167 * runtime/Executable.h: 35168 (JSC::FunctionExecutable::parameterCount): 35169 351702011-10-14 Mark Hahnenberg <mhahnenberg@apple.com> 35171 35172 Rename virtual deleteProperty to deletePropertyVirtual 35173 https://bugs.webkit.org/show_bug.cgi?id=69884 35174 35175 Reviewed by Darin Adler. 35176 35177 Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for 35178 adding the static deleteProperty to the MethodTable in ClassInfo since the 35179 compiler gets mad if the virtual and static versions have the same name. 35180 35181 * API/JSCallbackObject.h: 35182 * API/JSCallbackObjectFunctions.h: 35183 (JSC::::deletePropertyVirtual): 35184 (JSC::::deleteProperty): 35185 * API/JSObjectRef.cpp: 35186 (JSObjectDeleteProperty): 35187 * JavaScriptCore.exp: 35188 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 35189 * debugger/DebuggerActivation.cpp: 35190 (JSC::DebuggerActivation::deletePropertyVirtual): 35191 (JSC::DebuggerActivation::deleteProperty): 35192 * debugger/DebuggerActivation.h: 35193 * jit/JITStubs.cpp: 35194 (JSC::DEFINE_STUB_FUNCTION): 35195 * runtime/Arguments.cpp: 35196 (JSC::Arguments::deletePropertyVirtual): 35197 * runtime/Arguments.h: 35198 * runtime/ArrayPrototype.cpp: 35199 (JSC::arrayProtoFuncPop): 35200 (JSC::arrayProtoFuncReverse): 35201 (JSC::arrayProtoFuncShift): 35202 (JSC::arrayProtoFuncSplice): 35203 (JSC::arrayProtoFuncUnShift): 35204 * runtime/JSActivation.cpp: 35205 (JSC::JSActivation::deletePropertyVirtual): 35206 * runtime/JSActivation.h: 35207 * runtime/JSArray.cpp: 35208 (JSC::JSArray::deletePropertyVirtual): 35209 (JSC::JSArray::deleteProperty): 35210 * runtime/JSArray.h: 35211 * runtime/JSCell.cpp: 35212 (JSC::JSCell::deletePropertyVirtual): 35213 (JSC::JSCell::deleteProperty): 35214 * runtime/JSCell.h: 35215 * runtime/JSFunction.cpp: 35216 (JSC::JSFunction::deletePropertyVirtual): 35217 * runtime/JSFunction.h: 35218 * runtime/JSNotAnObject.cpp: 35219 (JSC::JSNotAnObject::deletePropertyVirtual): 35220 * runtime/JSNotAnObject.h: 35221 * runtime/JSONObject.cpp: 35222 (JSC::Walker::walk): 35223 * runtime/JSObject.cpp: 35224 (JSC::JSObject::deletePropertyVirtual): 35225 (JSC::JSObject::deleteProperty): 35226 (JSC::JSObject::defineOwnProperty): 35227 * runtime/JSObject.h: 35228 * runtime/JSVariableObject.cpp: 35229 (JSC::JSVariableObject::deletePropertyVirtual): 35230 * runtime/JSVariableObject.h: 35231 * runtime/RegExpMatchesArray.h: 35232 (JSC::RegExpMatchesArray::deletePropertyVirtual): 35233 * runtime/StrictEvalActivation.cpp: 35234 (JSC::StrictEvalActivation::deletePropertyVirtual): 35235 * runtime/StrictEvalActivation.h: 35236 * runtime/StringObject.cpp: 35237 (JSC::StringObject::deletePropertyVirtual): 35238 * runtime/StringObject.h: 35239 352402011-10-14 Peter Beverloo <peter@chromium.org> 35241 35242 [Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo 35243 https://bugs.webkit.org/show_bug.cgi?id=70028 35244 35245 Reviewed by Adam Barth. 35246 35247 * JavaScriptCore.gyp/JavaScriptCore.gyp: 35248 352492011-10-14 Yuqiang Xian <yuqiang.xian@intel.com> 35250 35251 DFG JIT 32_64 - Performance fix for ResolveGlobal 35252 https://bugs.webkit.org/show_bug.cgi?id=70096 35253 35254 Reviewed by Gavin Barraclough. 35255 35256 Structure check of global object should be a pointer comparison 35257 instead of a tag and payload pair comparison. This fix improves 35258 SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X. 35259 Also two trivial fixes for successful 32-bit build are included. 35260 35261 * dfg/DFGSpeculativeJIT.cpp: 35262 * dfg/DFGSpeculativeJIT32_64.cpp: 35263 (JSC::DFG::SpeculativeJIT::compile): 35264 352652011-10-13 Filip Pizlo <fpizlo@apple.com> 35266 35267 Speculation failures in ValueToInt32 are causing a 2x slow-down 35268 in Kraken/stanford-crypto-pbkdf2 35269 https://bugs.webkit.org/show_bug.cgi?id=70089 35270 35271 Reviewed by Gavin Barraclough. 35272 35273 If we can't truncate to Int32 using machine code, then don't fail 35274 speculation. Just call JSC::toInt32. 35275 35276 * dfg/DFGJITCodeGenerator.h: 35277 (JSC::DFG::callOperation): 35278 * dfg/DFGOperations.h: 35279 * dfg/DFGSpeculativeJIT.cpp: 35280 (JSC::DFG::SpeculativeJIT::compileValueToInt32): 35281 * dfg/DFGSpeculativeJIT64.cpp: 35282 (JSC::DFG::SpeculativeJIT::compile): 35283 352842011-10-13 Mark Hahnenberg <mhahnenberg@apple.com> 35285 35286 Rename virtual getConstructData to getConstructDataVirtual 35287 https://bugs.webkit.org/show_bug.cgi?id=69872 35288 35289 Reviewed by Geoffrey Garen. 35290 35291 Renamed virtual getConstructData functions to getConstructDataVirtual to 35292 avoid conflicts when we add static getConstructData to the MethodTable. 35293 35294 * API/JSCallbackConstructor.cpp: 35295 (JSC::JSCallbackConstructor::getConstructDataVirtual): 35296 * API/JSCallbackConstructor.h: 35297 * API/JSCallbackObject.h: 35298 * API/JSCallbackObjectFunctions.h: 35299 (JSC::::getConstructDataVirtual): 35300 * API/JSObjectRef.cpp: 35301 (JSObjectIsConstructor): 35302 (JSObjectCallAsConstructor): 35303 * JavaScriptCore.exp: 35304 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 35305 * dfg/DFGOperations.cpp: 35306 * jit/JITStubs.cpp: 35307 (JSC::DEFINE_STUB_FUNCTION): 35308 * runtime/ArrayConstructor.cpp: 35309 (JSC::ArrayConstructor::getConstructDataVirtual): 35310 * runtime/ArrayConstructor.h: 35311 * runtime/BooleanConstructor.cpp: 35312 (JSC::BooleanConstructor::getConstructDataVirtual): 35313 * runtime/BooleanConstructor.h: 35314 * runtime/DateConstructor.cpp: 35315 (JSC::DateConstructor::getConstructDataVirtual): 35316 * runtime/DateConstructor.h: 35317 * runtime/Error.h: 35318 (JSC::StrictModeTypeErrorFunction::getConstructDataVirtual): 35319 * runtime/ErrorConstructor.cpp: 35320 (JSC::ErrorConstructor::getConstructDataVirtual): 35321 * runtime/ErrorConstructor.h: 35322 * runtime/FunctionConstructor.cpp: 35323 (JSC::FunctionConstructor::getConstructDataVirtual): 35324 * runtime/FunctionConstructor.h: 35325 * runtime/JSCell.cpp: 35326 (JSC::JSCell::getConstructDataVirtual): 35327 * runtime/JSCell.h: 35328 (JSC::getConstructData): 35329 * runtime/JSFunction.cpp: 35330 (JSC::JSFunction::getConstructDataVirtual): 35331 * runtime/JSFunction.h: 35332 * runtime/NativeErrorConstructor.cpp: 35333 (JSC::NativeErrorConstructor::getConstructDataVirtual): 35334 * runtime/NativeErrorConstructor.h: 35335 * runtime/NumberConstructor.cpp: 35336 (JSC::NumberConstructor::getConstructDataVirtual): 35337 * runtime/NumberConstructor.h: 35338 * runtime/ObjectConstructor.cpp: 35339 (JSC::ObjectConstructor::getConstructDataVirtual): 35340 * runtime/ObjectConstructor.h: 35341 * runtime/RegExpConstructor.cpp: 35342 (JSC::RegExpConstructor::getConstructDataVirtual): 35343 * runtime/RegExpConstructor.h: 35344 * runtime/StringConstructor.cpp: 35345 (JSC::StringConstructor::getConstructDataVirtual): 35346 * runtime/StringConstructor.h: 35347 353482011-10-13 Filip Pizlo <fpizlo@apple.com> 35349 35350 Rubber stamped Stephanie Lewis. 35351 35352 DFG_ENABLE() macro was always returning false. 35353 35354 * dfg/DFGNode.h: 35355 353562011-10-13 Gavin Barraclough <baraclough@apple.com> 35357 35358 Speculative build fix for !DFG builds. 35359 35360 * jit/JIT.cpp: 35361 (JSC::JIT::privateCompile): 35362 353632011-10-13 Oliver Hunt <oliver@apple.com> 35364 35365 Fix performance of ValueToInt32 node when predicting double 35366 https://bugs.webkit.org/show_bug.cgi?id=70063 35367 35368 Reviewed by Filip Pizlo. 35369 35370 Currently we fail to inline double to int conversion when 35371 performing a ValueToInt32 operation on a value we predict 35372 to be a double. 35373 35374 * dfg/DFGAbstractState.cpp: 35375 (JSC::DFG::AbstractState::execute): 35376 Apply correct filter for the double prediction path 35377 * dfg/DFGJITCodeGenerator32_64.cpp: 35378 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 35379 * dfg/DFGJITCodeGenerator64.cpp: 35380 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 35381 Support double parameters even when value has been spilled. 35382 * dfg/DFGSpeculativeJIT.cpp: 35383 (JSC::DFG::SpeculativeJIT::compileValueToInt32): 35384 Moved old valueToInt32 code to this function, and added 35385 path for double prediction 35386 * dfg/DFGSpeculativeJIT.h: 35387 * dfg/DFGSpeculativeJIT32_64.cpp: 35388 (JSC::DFG::SpeculativeJIT::compile): 35389 * dfg/DFGSpeculativeJIT64.cpp: 35390 (JSC::DFG::SpeculativeJIT::compile): 35391 Made the two implementations of ValueToInt32 call a single 35392 shared compileValueToInt32 function. 35393 353942011-10-13 Chris Marrin <cmarrin@apple.com> 35395 35396 Sync requestAnimationFrame callback to CVDisplayLink on Mac 35397 https://bugs.webkit.org/show_bug.cgi?id=68911 35398 35399 Reviewed by Simon Fraser. 35400 35401 Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations 35402 that use the DisplayRefreshMonitor logic. 35403 35404 * wtf/Platform.h: 35405 354062011-10-13 Gavin Barraclough <baraclough@apple.com> 35407 35408 DFG JIT should not be using ENABLE macro to enable features 35409 https://bugs.webkit.org/show_bug.cgi?id=70060 35410 35411 Reviewed by Oliver Hunt. 35412 35413 The ENABLE macro is only intended to be used to detect features that are configured 35414 in Platform.h. Using its to detect settings defined in other headers is an error. 35415 35416 The problem is that the ENABLE macro checks if the value is defined, so will silently 35417 return false if you fail to include the header defining the switch. This is not a problem 35418 if (1) the settings are defined in the same header that defines the macro that tests them, 35419 or (2) the header is included everywhere. In the case of ENABLE settings defined in 35420 Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro. 35421 35422 * bytecode/CodeBlock.cpp: 35423 * dfg/DFGByteCodeParser.cpp: 35424 (JSC::DFG::ByteCodeParser::getPrediction): 35425 (JSC::DFG::ByteCodeParser::makeSafe): 35426 * dfg/DFGCapabilities.h: 35427 (JSC::DFG::canCompileOpcode): 35428 * dfg/DFGGraph.cpp: 35429 (JSC::DFG::Graph::predictArgumentTypes): 35430 * dfg/DFGJITCodeGenerator.cpp: 35431 * dfg/DFGJITCodeGenerator.h: 35432 * dfg/DFGJITCompiler.cpp: 35433 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 35434 (JSC::DFG::JITCompiler::compileBody): 35435 (JSC::DFG::JITCompiler::link): 35436 * dfg/DFGJITCompiler.h: 35437 (JSC::DFG::JITCompiler::noticeOSREntry): 35438 * dfg/DFGJITCompiler32_64.cpp: 35439 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 35440 (JSC::DFG::JITCompiler::compileBody): 35441 (JSC::DFG::JITCompiler::link): 35442 * dfg/DFGNode.h: 35443 * dfg/DFGOSREntry.cpp: 35444 (JSC::DFG::prepareOSREntry): 35445 * dfg/DFGOperations.cpp: 35446 * dfg/DFGOperations.h: 35447 * dfg/DFGPropagator.cpp: 35448 (JSC::DFG::Propagator::fixpoint): 35449 (JSC::DFG::Propagator::propagateArithNodeFlags): 35450 (JSC::DFG::Propagator::propagateArithNodeFlagsForward): 35451 (JSC::DFG::Propagator::propagateArithNodeFlagsBackward): 35452 (JSC::DFG::Propagator::propagateNodePredictions): 35453 (JSC::DFG::Propagator::propagatePredictionsForward): 35454 (JSC::DFG::Propagator::propagatePredictionsBackward): 35455 (JSC::DFG::Propagator::propagatePredictions): 35456 (JSC::DFG::Propagator::toDouble): 35457 (JSC::DFG::Propagator::fixupNode): 35458 (JSC::DFG::Propagator::fixup): 35459 (JSC::DFG::Propagator::startIndexForChildren): 35460 (JSC::DFG::Propagator::endIndexForPureCSE): 35461 (JSC::DFG::Propagator::setReplacement): 35462 (JSC::DFG::Propagator::eliminate): 35463 (JSC::DFG::Propagator::performNodeCSE): 35464 (JSC::DFG::Propagator::localCSE): 35465 (JSC::DFG::Propagator::allocateVirtualRegisters): 35466 (JSC::DFG::Propagator::performBlockCFA): 35467 (JSC::DFG::Propagator::performForwardCFA): 35468 (JSC::DFG::Propagator::globalCFA): 35469 * dfg/DFGScoreBoard.h: 35470 * dfg/DFGSpeculativeJIT.cpp: 35471 (JSC::DFG::SpeculativeJIT::compile): 35472 * dfg/DFGSpeculativeJIT.h: 35473 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 35474 * dfg/DFGSpeculativeJIT32_64.cpp: 35475 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 35476 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 35477 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 35478 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 35479 (JSC::DFG::SpeculativeJIT::compile): 35480 * dfg/DFGSpeculativeJIT64.cpp: 35481 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 35482 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 35483 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 35484 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 35485 (JSC::DFG::SpeculativeJIT::compile): 35486 * jit/JIT.cpp: 35487 (JSC::JIT::privateCompile): 35488 354892011-10-13 Gavin Barraclough <baraclough@apple.com> 35490 35491 terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell 35492 35493 Rubber stamped by Filip Pizlo 35494 35495 This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT. 35496 35497 * dfg/DFGSpeculativeJIT32_64.cpp: 35498 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 35499 * dfg/DFGSpeculativeJIT64.cpp: 35500 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 35501 355022011-10-13 Mark Hahnenberg <mhahnenberg@apple.com> 35503 35504 De-virtualized JSCell::toNumber 35505 https://bugs.webkit.org/show_bug.cgi?id=69858 35506 35507 Reviewed by Sam Weinig. 35508 35509 35510 Removed JSCallbackObject::toNumber because its no longer necessary since 35511 JSObject::toNumber now suffices since we implicitly add valueOf to an object's 35512 prototype whenever a convertToType callback is provided. 35513 * API/JSCallbackObject.h: 35514 * API/JSCallbackObjectFunctions.h: 35515 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 35516 35517 De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber. 35518 * runtime/JSCell.cpp: 35519 (JSC::JSCell::toNumber): 35520 * runtime/JSCell.h: 35521 * runtime/JSObject.h: 35522 * runtime/JSString.h: 35523 35524 Removed JSNotAnObject::toNumber because its result doesn't matter and it implements 35525 defaultValue, therefore JSObject::toNumber can cover its case. 35526 * runtime/JSNotAnObject.cpp: 35527 * runtime/JSNotAnObject.h: 35528 355292011-10-13 Xianzhu Wang <wangxianzhu@chromium.org> 35530 35531 Use realloc() to expand/shrink StringBuilder buffer 35532 https://bugs.webkit.org/show_bug.cgi?id=69913 35533 35534 Reviewed by Darin Adler. 35535 35536 * wtf/text/StringBuilder.cpp: 35537 (WTF::StringBuilder::reserveCapacity): 35538 (WTF::StringBuilder::reallocateBuffer): 35539 (WTF::StringBuilder::appendUninitialized): 35540 (WTF::StringBuilder::shrinkToFit): 35541 * wtf/text/StringBuilder.h: 35542 * wtf/text/StringImpl.cpp: 35543 (WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer. 35544 * wtf/text/StringImpl.h: 35545 355462011-10-12 Filip Pizlo <fpizlo@apple.com> 35547 35548 If an Arguments object is being used to copy the arguments, then 35549 make this explicit 35550 https://bugs.webkit.org/show_bug.cgi?id=69995 35551 35552 Reviewed by Sam Weinig. 35553 35554 * interpreter/Interpreter.cpp: 35555 (JSC::Interpreter::retrieveArguments): 35556 * runtime/Arguments.h: 35557 (JSC::Arguments::createAndCopyRegisters): 35558 (JSC::Arguments::finishCreationButDontCopyRegisters): 35559 (JSC::Arguments::finishCreation): 35560 (JSC::Arguments::finishCreationAndCopyRegisters): 35561 355622011-10-12 Filip Pizlo <fpizlo@apple.com> 35563 35564 DFG CFA does not filter structures aggressively enough. 35565 https://bugs.webkit.org/show_bug.cgi?id=69989 35566 35567 Reviewed by Oliver Hunt. 35568 35569 * dfg/DFGAbstractValue.h: 35570 (JSC::DFG::AbstractValue::clear): 35571 (JSC::DFG::AbstractValue::makeTop): 35572 (JSC::DFG::AbstractValue::clobberStructures): 35573 (JSC::DFG::AbstractValue::set): 35574 (JSC::DFG::AbstractValue::merge): 35575 (JSC::DFG::AbstractValue::filter): 35576 (JSC::DFG::AbstractValue::checkConsistency): 35577 355782011-10-12 Adam Barth <abarth@webkit.org> 35579 35580 Remove ENABLE(XHTMLMP) and associated code 35581 https://bugs.webkit.org/show_bug.cgi?id=69729 35582 35583 Reviewed by David Levin. 35584 35585 * Configurations/FeatureDefines.xcconfig: 35586 355872011-10-12 Gavin Barraclough <baraclough@apple.com> 35588 35589 MacroAssemblerX86 8-bit register ops unsafe on CPU(X86) 35590 https://bugs.webkit.org/show_bug.cgi?id=69978 35591 35592 Reviewed by Filip Pizlo. 35593 35594 Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ). 35595 35596 compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding 35597 a couple of xchg instructions. 35598 35599 branchTest8 with a register argument is also affected. In all cases this is currently used 35600 this is testing a value that is correct to 32 or more bits, so we can simply switch these 35601 to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the 35602 32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction). 35603 35604 This fixes the remaining fast/js failures with the DFG JIT 32_64. 35605 35606 * assembler/MacroAssemblerARMv7.h 35607 - removed branchTest8. 35608 * assembler/MacroAssemblerX86Common.h: 35609 (JSC::MacroAssemblerX86Common::compare32): 35610 (JSC::MacroAssemblerX86Common::test8): 35611 (JSC::MacroAssemblerX86Common::test32): 35612 (JSC::MacroAssemblerX86Common::set32): 35613 - added set32 helper that is 'h' register safe. 35614 - removed branchTest8. 35615 * dfg/DFGJITCodeGenerator32_64.cpp: 35616 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 35617 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 35618 - switch uses of branchTest8 to branchTest32. 35619 * dfg/DFGJITCodeGenerator64.cpp: 35620 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 35621 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 35622 - switch uses of branchTest8 to branchTest32. 35623 * dfg/DFGSpeculativeJIT32_64.cpp: 35624 (JSC::DFG::SpeculativeJIT::emitBranch): 35625 - switch uses of branchTest8 to branchTest32. 35626 * dfg/DFGSpeculativeJIT64.cpp: 35627 (JSC::DFG::SpeculativeJIT::emitBranch): 35628 - switch uses of branchTest8 to branchTest32. 35629 356302011-10-12 Gavin Barraclough <baraclough@apple.com> 35631 35632 Errrk, revert accidental commit! 35633 35634 * wtf/Platform.h: 35635 356362011-10-12 Gavin Barraclough <baraclough@apple.com> 35637 35638 Unreviewed, re-land changes from #69890, #69903. 35639 35640 These were reverted due to bug #69897, but #69903 fixed this problem. 35641 35642 * dfg/DFGJITCodeGenerator.h: 35643 (JSC::DFG::JITCodeGenerator::silentFillGPR): 35644 356452011-10-12 Filip Pizlo <fpizlo@apple.com> 35646 35647 ValueProfile::computeUpdatedPrediction doesn't merge statistics correctly 35648 https://bugs.webkit.org/show_bug.cgi?id=69906 35649 35650 Reviewed by Gavin Barraclough. 35651 35652 It turns out that the simplest fix is to switch computeUpdatedPredictions() 35653 to using predictionFromValue() combined with mergePrediction(). Doing so 35654 allowed me to kill off weakBuckets and visitWeakReferences(). Hence this 35655 not only fixes a performance bug but kills off a lot of code that I never 35656 liked to begin with. 35657 35658 This appears to be a 1% win on V8. 35659 35660 * bytecode/CodeBlock.cpp: 35661 (JSC::CodeBlock::visitAggregate): 35662 * bytecode/CodeBlock.h: 35663 * bytecode/PredictedType.cpp: 35664 (JSC::predictionFromValue): 35665 * bytecode/ValueProfile.cpp: 35666 (JSC::ValueProfile::computeStatistics): 35667 (JSC::ValueProfile::computeUpdatedPrediction): 35668 * bytecode/ValueProfile.h: 35669 (JSC::ValueProfile::classInfo): 35670 (JSC::ValueProfile::numberOfSamples): 35671 (JSC::ValueProfile::isLive): 35672 (JSC::ValueProfile::dump): 35673 356742011-10-12 Mark Hahnenberg <mhahnenberg@apple.com> 35675 35676 De-virtualize JSCell::toString 35677 https://bugs.webkit.org/show_bug.cgi?id=69677 35678 35679 Reviewed by Sam Weinig. 35680 35681 Removed toString from JSCallbackObject, since it is no 35682 longer necessary since we now implicitly add toString and valueOf 35683 functions to object prototypes when a convertToType callback 35684 is provided, which is now the standard way to override toString 35685 and valueOf in the JSC C API. 35686 * API/JSCallbackObject.h: 35687 * API/JSCallbackObjectFunctions.h: 35688 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 35689 35690 Removed toString from InterruptedExecutionError and 35691 TerminatedExecutionError and replaced it with defaultValue, 35692 which JSObject::toString calls. We'll probably have to de-virtualize 35693 defaultValue eventually, but we'll cross that bridge when we 35694 come to it. 35695 * runtime/ExceptionHelpers.cpp: 35696 (JSC::InterruptedExecutionError::defaultValue): 35697 (JSC::TerminatedExecutionError::defaultValue): 35698 * runtime/ExceptionHelpers.h: 35699 35700 Removed toString from JSNotAnObject, since its return value doesn't 35701 actually matter and JSObject::toString can cover it. 35702 * runtime/JSNotAnObject.cpp: 35703 * runtime/JSNotAnObject.h: 35704 35705 De-virtualized JSCell::toString, JSObject::toString and JSString::toString. 35706 Added handling of all cases for JSCell to JSCell::toString. 35707 * runtime/JSObject.h: 35708 * runtime/JSString.h: 35709 * runtime/JSCell.cpp: 35710 (JSC::JSCell::toString): 35711 * runtime/JSCell.h: 35712 357132011-10-12 Oliver Hunt <oliver@apple.com> 35714 35715 Global stringStructure caches its prototype chain, abandoning a web page 35716 https://bugs.webkit.org/show_bug.cgi?id=69952 35717 35718 Reviewed by Filip Pizlo. 35719 35720 When visiting a structure, we don't keep the prototype chain 35721 alive if we're not the structure for an object type. 35722 35723 * runtime/Structure.cpp: 35724 (JSC::Structure::visitChildren): 35725 357262011-10-12 Yuqiang Xian <yuqiang.xian@intel.com> 35727 35728 DFG JIT 32_64 - Fix ArrayPop 35729 https://bugs.webkit.org/show_bug.cgi?id=69918 35730 35731 Reviewed by Filip Pizlo. 35732 35733 The storageLengthGPR is polluted by EmptyValueTag and later used to 35734 index the array, which results in abnormal behaviors in execution. 35735 This fix makes 32_64 DFG pass v8-deltablue and kraken 35736 crypto-sha256-iterative on Linux ia32. 35737 35738 * assembler/MacroAssemblerX86Common.h: 35739 (JSC::MacroAssemblerX86Common::store32): 35740 * assembler/X86Assembler.h: 35741 (JSC::X86Assembler::movl_i32m): 35742 * dfg/DFGSpeculativeJIT32_64.cpp: 35743 (JSC::DFG::SpeculativeJIT::compile): 35744 357452011-10-12 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> 35746 35747 Fix build with GLib 2.31 35748 https://bugs.webkit.org/show_bug.cgi?id=69840 35749 35750 Reviewed by Martin Robinson. 35751 35752 * GNUmakefile.list.am: removed ThreadingGtk.cpp. 35753 * wtf/ThreadingPrimitives.h: remove GTK+-specific definitions. 35754 * wtf/gobject/GOwnPtr.cpp: remove GCond and GMutex specializations. 35755 * wtf/gobject/GOwnPtr.h: ditto. 35756 * wtf/gobject/GTypedefs.h: remove GCond and GMutex forward declarations. 35757 * wtf/gtk/ThreadingGtk.cpp: Removed. 35758 357592011-10-12 Filip Pizlo <fpizlo@apple.com> 35760 35761 Layout tests crashing in DFG JIT code 35762 https://bugs.webkit.org/show_bug.cgi?id=69897 35763 35764 Reviewed by Gavin Barraclough. 35765 35766 Abstract value filtration didn't take into account cases where a structure 35767 set filter, combined with predicted type knowledge, could lead to a stronger 35768 filter for the structure abstract value. 35769 35770 This bug would have been benign in release builds; it would have just meant 35771 that the analysis was less precise and some optimization opportunities would 35772 be missed. I have an ASSERT that is meant to catch such cases, and it was 35773 triggering sporadically in one of the LayoutTests. 35774 35775 * dfg/DFGAbstractValue.h: 35776 (JSC::DFG::AbstractValue::filter): 35777 357782011-10-11 Gavin Barraclough <baraclough@apple.com> 35779 35780 Unreviewed, temporarily reverted r97216 due to bug #69897. 35781 35782 * dfg/DFGJITCodeGenerator.h: 35783 (JSC::DFG::JITCodeGenerator::silentFillGPR): 35784 357852011-10-11 Yuqiang Xian <yuqiang.xian@intel.com> 35786 35787 DFG 32_64 - fix silentFillGPR 35788 https://bugs.webkit.org/show_bug.cgi?id=69903 35789 35790 Reviewed by Filip Pizlo. 35791 35792 Fix a small bug in silentFillGPR, 35793 and add the newly introduced DFG file to CMakeListsEfl. 35794 35795 * CMakeListsEfl.txt: 35796 * dfg/DFGJITCodeGenerator.h: 35797 (JSC::DFG::JITCodeGenerator::silentFillGPR): 35798 357992011-10-08 Filip Pizlo <fpizlo@apple.com> 35800 35801 DFG does not have flow-sensitive intraprocedural control flow analysis 35802 https://bugs.webkit.org/show_bug.cgi?id=69690 35803 35804 Reviewed by Gavin Barraclough. 35805 35806 Implemented a control flow analysis (CFA). It currently propagates type 35807 proofs only. For example, if all predecessors to a basic block have 35808 checks that variable X is a JSFinalObject with structure 0xabcdef, then 35809 this basic block will now know this fact and will know that it does not 35810 have to emit either JSFinalObject checks or any structure checks since 35811 the structure is precisely known. The CFA takes heap side-effects into 35812 account (though somewhat conservatively), so that if the object pointed 35813 to by variable X could have possibly undergone a structure transition 35814 then this is reflected: the analysis may simply say that X's structure 35815 is unknown. 35816 35817 This also propagates a wealth of other type information which is 35818 currently not being used. For example, we now know when a variable can 35819 only hold doubles. Even if a variable may hold other types at different 35820 points in its live range, we can still prove exactly when it will only 35821 be double. 35822 35823 There's a bunch of stuff that the CFA could do that it still does not 35824 do, like precise handling of PutStructure (i.e. structure transitions), 35825 precise handling of CheckFunction and CheckMethod, etc. So this is 35826 very much intended to be a starting point rather than an end unto 35827 itself. 35828 35829 This is a 1% win on V8 (mostly due to a 3% win on richards and deltablue) 35830 and a 1% win on Kraken (mostly due to a 6% win on imaging-desaturate). 35831 Neutral on SunSpider. 35832 35833 * GNUmakefile.list.am: 35834 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 35835 * JavaScriptCore.xcodeproj/project.pbxproj: 35836 * bytecode/ActionablePrediction.h: Removed. 35837 * bytecode/PredictedType.cpp: 35838 (JSC::predictionToString): 35839 * bytecode/PredictedType.h: 35840 * dfg/DFGAbstractState.cpp: Added. 35841 (JSC::DFG::AbstractState::AbstractState): 35842 (JSC::DFG::AbstractState::~AbstractState): 35843 (JSC::DFG::AbstractState::beginBasicBlock): 35844 (JSC::DFG::AbstractState::initialize): 35845 (JSC::DFG::AbstractState::endBasicBlock): 35846 (JSC::DFG::AbstractState::reset): 35847 (JSC::DFG::AbstractState::execute): 35848 (JSC::DFG::AbstractState::clobberStructures): 35849 (JSC::DFG::AbstractState::mergeStateAtTail): 35850 (JSC::DFG::AbstractState::merge): 35851 (JSC::DFG::AbstractState::mergeToSuccessors): 35852 (JSC::DFG::AbstractState::mergeVariableBetweenBlocks): 35853 (JSC::DFG::AbstractState::dump): 35854 * dfg/DFGAbstractState.h: Added. 35855 (JSC::DFG::AbstractState::forNode): 35856 (JSC::DFG::AbstractState::isValid): 35857 * dfg/DFGAbstractValue.h: Added. 35858 (JSC::DFG::StructureAbstractValue::StructureAbstractValue): 35859 (JSC::DFG::StructureAbstractValue::clear): 35860 (JSC::DFG::StructureAbstractValue::makeTop): 35861 (JSC::DFG::StructureAbstractValue::top): 35862 (JSC::DFG::StructureAbstractValue::add): 35863 (JSC::DFG::StructureAbstractValue::addAll): 35864 (JSC::DFG::StructureAbstractValue::contains): 35865 (JSC::DFG::StructureAbstractValue::isSubsetOf): 35866 (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan): 35867 (JSC::DFG::StructureAbstractValue::isSupersetOf): 35868 (JSC::DFG::StructureAbstractValue::filter): 35869 (JSC::DFG::StructureAbstractValue::isClear): 35870 (JSC::DFG::StructureAbstractValue::isTop): 35871 (JSC::DFG::StructureAbstractValue::size): 35872 (JSC::DFG::StructureAbstractValue::at): 35873 (JSC::DFG::StructureAbstractValue::operator[]): 35874 (JSC::DFG::StructureAbstractValue::last): 35875 (JSC::DFG::StructureAbstractValue::predictionFromStructures): 35876 (JSC::DFG::StructureAbstractValue::operator==): 35877 (JSC::DFG::StructureAbstractValue::dump): 35878 (JSC::DFG::AbstractValue::AbstractValue): 35879 (JSC::DFG::AbstractValue::clear): 35880 (JSC::DFG::AbstractValue::isClear): 35881 (JSC::DFG::AbstractValue::makeTop): 35882 (JSC::DFG::AbstractValue::clobberStructures): 35883 (JSC::DFG::AbstractValue::isTop): 35884 (JSC::DFG::AbstractValue::top): 35885 (JSC::DFG::AbstractValue::set): 35886 (JSC::DFG::AbstractValue::operator==): 35887 (JSC::DFG::AbstractValue::merge): 35888 (JSC::DFG::AbstractValue::filter): 35889 (JSC::DFG::AbstractValue::validate): 35890 (JSC::DFG::AbstractValue::dump): 35891 * dfg/DFGBasicBlock.h: Added. 35892 (JSC::DFG::BasicBlock::BasicBlock): 35893 (JSC::DFG::BasicBlock::getBytecodeBegin): 35894 * dfg/DFGByteCodeParser.cpp: 35895 (JSC::DFG::ByteCodeParser::getLocal): 35896 (JSC::DFG::ByteCodeParser::setLocal): 35897 (JSC::DFG::ByteCodeParser::getArgument): 35898 (JSC::DFG::ByteCodeParser::setArgument): 35899 (JSC::DFG::ByteCodeParser::parseBlock): 35900 (JSC::DFG::ByteCodeParser::processPhiStack): 35901 (JSC::DFG::ByteCodeParser::setupPredecessors): 35902 * dfg/DFGGraph.cpp: 35903 (JSC::DFG::Graph::dump): 35904 * dfg/DFGGraph.h: 35905 * dfg/DFGJITCodeGenerator.h: 35906 (JSC::DFG::block): 35907 * dfg/DFGJITCodeGenerator32_64.cpp: 35908 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): 35909 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 35910 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 35911 * dfg/DFGJITCodeGenerator64.cpp: 35912 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): 35913 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 35914 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 35915 * dfg/DFGJITCompiler.h: 35916 (JSC::DFG::JITCompiler::noticeOSREntry): 35917 * dfg/DFGNode.h: 35918 (JSC::DFG::NodeIndexTraits::defaultValue): 35919 (JSC::DFG::Node::variableAccessData): 35920 (JSC::DFG::Node::takenBytecodeOffsetDuringParsing): 35921 (JSC::DFG::Node::notTakenBytecodeOffsetDuringParsing): 35922 (JSC::DFG::Node::setTakenBlockIndex): 35923 (JSC::DFG::Node::setNotTakenBlockIndex): 35924 (JSC::DFG::Node::takenBlockIndex): 35925 (JSC::DFG::Node::notTakenBlockIndex): 35926 * dfg/DFGOSREntry.cpp: 35927 (JSC::DFG::prepareOSREntry): 35928 * dfg/DFGOSREntry.h: 35929 * dfg/DFGOperands.h: Added. 35930 (JSC::DFG::operandIsArgument): 35931 (JSC::DFG::OperandValueTraits::defaultValue): 35932 (JSC::DFG::Operands::Operands): 35933 (JSC::DFG::Operands::numberOfArguments): 35934 (JSC::DFG::Operands::numberOfLocals): 35935 (JSC::DFG::Operands::argument): 35936 (JSC::DFG::Operands::local): 35937 (JSC::DFG::Operands::setLocal): 35938 (JSC::DFG::Operands::setArgumentFirstTime): 35939 (JSC::DFG::Operands::setLocalFirstTime): 35940 (JSC::DFG::Operands::operand): 35941 (JSC::DFG::Operands::setOperand): 35942 (JSC::DFG::Operands::clear): 35943 (JSC::DFG::dumpOperands): 35944 * dfg/DFGPropagator.cpp: 35945 (JSC::DFG::Propagator::fixpoint): 35946 (JSC::DFG::Propagator::propagateArithNodeFlags): 35947 (JSC::DFG::Propagator::propagateNodePredictions): 35948 (JSC::DFG::Propagator::propagatePredictions): 35949 (JSC::DFG::Propagator::performBlockCFA): 35950 (JSC::DFG::Propagator::performForwardCFA): 35951 (JSC::DFG::Propagator::globalCFA): 35952 * dfg/DFGSpeculativeJIT.cpp: 35953 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): 35954 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 35955 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 35956 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 35957 (JSC::DFG::SpeculativeJIT::compile): 35958 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): 35959 (JSC::DFG::SpeculativeJIT::compileGetByValOnString): 35960 * dfg/DFGSpeculativeJIT.h: 35961 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 35962 * dfg/DFGSpeculativeJIT32_64.cpp: 35963 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 35964 (JSC::DFG::SpeculativeJIT::compare): 35965 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 35966 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 35967 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 35968 (JSC::DFG::SpeculativeJIT::emitBranch): 35969 (JSC::DFG::SpeculativeJIT::compile): 35970 * dfg/DFGSpeculativeJIT64.cpp: 35971 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 35972 (JSC::DFG::SpeculativeJIT::compare): 35973 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 35974 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 35975 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 35976 (JSC::DFG::SpeculativeJIT::emitBranch): 35977 (JSC::DFG::SpeculativeJIT::compile): 35978 * dfg/DFGStructureSet.h: 35979 (JSC::DFG::StructureSet::clear): 35980 (JSC::DFG::StructureSet::predictionFromStructures): 35981 (JSC::DFG::StructureSet::operator==): 35982 (JSC::DFG::StructureSet::dump): 35983 * dfg/DFGVariableAccessData.h: Added. 35984 359852011-10-11 Gavin Barraclough <baraclough@apple.com> 35986 35987 DFG JIT 32_64 - Fix silentFillGPR for non-integer constants. 35988 https://bugs.webkit.org/show_bug.cgi?id=69890 35989 35990 Reviewed by Oliver Hunt. 35991 35992 Cell constants are currently hitting the valueOfInt32Constant case, there is no constant handling for JSValues. 35993 35994 * dfg/DFGJITCodeGenerator.h: 35995 (JSC::DFG::JITCodeGenerator::silentFillGPR): 35996 359972011-10-11 Ryosuke Niwa <rniwa@webkit.org> 35998 35999 GTK build fix attempt after r97197. 36000 36001 * wtf/BitVector.h: 36002 360032011-10-11 Oliver Hunt <oliver@apple.com> 36004 36005 Remove unintentional logging. 36006 36007 * heap/Heap.cpp: 36008 360092011-10-11 Oliver Hunt <oliver@apple.com> 36010 36011 Tidy up card walking logic 36012 https://bugs.webkit.org/show_bug.cgi?id=69883 36013 36014 Reviewed by Gavin Barraclough. 36015 36016 Special case common cell sizes when walking a block's 36017 cards. 36018 36019 * heap/CardSet.h: 36020 (JSC::::testAndClear): 36021 * heap/Heap.cpp: 36022 (JSC::GCTimer::GCCounter::GCCounter): 36023 (JSC::GCTimer::GCCounter::count): 36024 (JSC::GCTimer::GCCounter::~GCCounter): 36025 (JSC::Heap::markRoots): 36026 * heap/MarkStack.cpp: 36027 (JSC::MarkStack::reset): 36028 * heap/MarkStack.h: 36029 (JSC::MarkStack::visitCount): 36030 (JSC::MarkStack::MarkStack): 36031 (JSC::MarkStack::append): 36032 * heap/MarkedBlock.h: 36033 (JSC::MarkedBlock::gatherDirtyCellsWithSize): 36034 (JSC::MarkedBlock::gatherDirtyCells): 36035 * runtime/Structure.h: 36036 (JSC::MarkStack::internalAppend): 36037 360382011-10-11 Filip Pizlo <fpizlo@apple.com> 36039 36040 DFG virtual register allocator should be more aggressive in 36041 reusing temporary slots 36042 https://bugs.webkit.org/show_bug.cgi?id=69868 36043 36044 Reviewed by Oliver Hunt. 36045 36046 1.2% win on V8, neutral elsewhere. The win is probably because it 36047 increases precision of GC conservative scans. 36048 36049 This required making the DFG::ScoreBoard operate over a bitvector 36050 of preserved variables, rather than just a preserved variable 36051 threshold. To do this, I improved the WTF::BitVector class to make 36052 it more user-friendly. It still retains all previous functionality. 36053 Also made changes to PackedIntVector to accomodate those changes. 36054 Finally, this adds more debugging to the virtual register allocator 36055 and to the OSR exit code, as this was necessary to track down bugs 36056 in an earlier version of this patch. 36057 36058 * dfg/DFGByteCodeParser.cpp: 36059 (JSC::DFG::ByteCodeParser::ByteCodeParser): 36060 (JSC::DFG::ByteCodeParser::getLocal): 36061 * dfg/DFGGraph.h: 36062 * dfg/DFGJITCompiler.cpp: 36063 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 36064 * dfg/DFGPropagator.cpp: 36065 (JSC::DFG::Propagator::allocateVirtualRegisters): 36066 * dfg/DFGScoreBoard.h: 36067 (JSC::DFG::ScoreBoard::ScoreBoard): 36068 (JSC::DFG::ScoreBoard::~ScoreBoard): 36069 (JSC::DFG::ScoreBoard::allocate): 36070 (JSC::DFG::ScoreBoard::use): 36071 (JSC::DFG::ScoreBoard::highWatermark): 36072 (JSC::DFG::ScoreBoard::dump): 36073 (JSC::DFG::ScoreBoard::max): 36074 * dfg/DFGSpeculativeJIT.cpp: 36075 (JSC::DFG::ValueRecovery::dump): 36076 * wtf/BitVector.cpp: 36077 (WTF::BitVector::setSlow): 36078 (WTF::BitVector::resizeOutOfLine): 36079 (WTF::BitVector::dump): 36080 * wtf/BitVector.h: 36081 (WTF::BitVector::BitVector): 36082 (WTF::BitVector::operator=): 36083 (WTF::BitVector::quickGet): 36084 (WTF::BitVector::quickSet): 36085 (WTF::BitVector::quickClear): 36086 (WTF::BitVector::get): 36087 (WTF::BitVector::set): 36088 (WTF::BitVector::clear): 36089 * wtf/PackedIntVector.h: 36090 (WTF::PackedIntVector::get): 36091 (WTF::PackedIntVector::set): 36092 360932011-10-11 Gavin Barraclough <baraclough@apple.com> 36094 36095 DFG JIT 32_64 - Switch to cdecl calling convention. 36096 https://bugs.webkit.org/show_bug.cgi?id=69863 36097 36098 Reviewed by Oliver Hunt. 36099 36100 This makes it easier to keep the stack correctly aligned, which is required on OS X. 36101 36102 * assembler/MacroAssemblerCodeRef.h: 36103 (JSC::FunctionPtr::FunctionPtr): 36104 - Provide default FunctionPtr constructors for CDECL functions on STDCALL platforms. 36105 * dfg/DFGJITCodeGenerator.h: 36106 (JSC::DFG::callOperation): 36107 - Switch calls to poke arguments rather than pushing them. 36108 (JSC::DFG::resetCallArguments): 36109 (JSC::DFG::addCallArgument): 36110 (JSC::DFG::addCallArgumentBoxed): 36111 - Helper functions to stack up call arguments on X86. 36112 * dfg/DFGJITCodeGenerator32_64.cpp: 36113 (JSC::DFG::JITCodeGenerator::emitCall): 36114 - Don't push, poke! 36115 * dfg/DFGJITCompiler32_64.cpp: 36116 (JSC::DFG::JITCompiler::compileBody): 36117 - Don't push, poke! 36118 * dfg/DFGOperations.cpp: 36119 - Switch ReturnAddress wrappers to push return address last, update asm trampolines. 36120 * dfg/DFGOperations.h: 36121 - switch DFG_OPERATION to assert CDECL on STDCALL platforms. 36122 * dfg/DFGSpeculativeJIT32_64.cpp: 36123 (JSC::DFG::fmodWithCDecl): 36124 (JSC::DFG::SpeculativeJIT::compile): 36125 - On STDCALL platforms wrap fmod, since DFG_OPERATION wrappers are CDECL. 36126 361272011-10-11 Gavin Barraclough <baraclough@apple.com> 36128 36129 Switch RegisterSizedBoolean/dfgConvertJSValueToInt32 return type to size_t 36130 https://bugs.webkit.org/show_bug.cgi?id=69821 36131 36132 Reviewed by Filip Pizlo. 36133 36134 Operations returning types Z (int32_t) and B (RegisterSizedBoolean - implemented as an 36135 intptr_t) are indistinguishable on 32-bit Linux, preventing the DFG JIT from building. 36136 36137 dfgConvertJSValueToInt32 would be better returning a value known to be register sized, for 36138 JSVALUE64 (we currently zero-extend in JIT code, potentially introducing an unnecessary 36139 move), so by switching all associated operations to return a size_t we can fix the type 36140 problem on Linux & make it a small tweak that removes an unnecessary instruction. 36141 36142 * dfg/DFGJITCodeGenerator.cpp: 36143 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): 36144 - comparisons now return a size_t. 36145 * dfg/DFGJITCodeGenerator.h: 36146 (JSC::DFG::callOperation): 36147 - Removed Z_DFGOperation_EJ form. 36148 * dfg/DFGJITCodeGenerator32_64.cpp: 36149 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 36150 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 36151 - comparisons now return a size_t. 36152 * dfg/DFGJITCodeGenerator64.cpp: 36153 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 36154 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 36155 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 36156 - comparisons now return a size_t. 36157 * dfg/DFGOperations.cpp: 36158 * dfg/DFGOperations.h: 36159 - Change return types for comparison operations & dfgConvertJSValueToInt32 to size_t, 36160 Both need to return values zero extended to fill a register. 36161 * dfg/DFGSpeculativeJIT.cpp: 36162 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 36163 - comparisons now return a size_t. 36164 * dfg/DFGSpeculativeJIT.h: 36165 * dfg/DFGSpeculativeJIT32_64.cpp: 36166 (JSC::DFG::SpeculativeJIT::compare): 36167 - comparisons now return a size_t. 36168 * dfg/DFGSpeculativeJIT64.cpp: 36169 (JSC::DFG::SpeculativeJIT::compare): 36170 - comparisons now return a size_t. 36171 361722011-10-11 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> 36173 36174 [Qt] Remove all references to QTDIR_build and standalone_package 36175 36176 Qt is now modularized, which means we no longer import WebKit into 36177 the Qt source tree. Instead we use git submodules, and building 36178 QtWebKit as "part of Qt" is really building QtWebKit as from trunk. 36179 36180 To decrease the number of buildsystem configurations we also remove 36181 the standalone_package code-path used when we were providing tarballs 36182 with the derived sources pre-generated. 36183 36184 Reviewed by Simon Hausmann. 36185 36186 * DerivedSources.pro: 36187 * JavaScriptCore.pri: 36188 * JavaScriptCore.pro: 36189 361902011-10-11 Yuqiang Xian <yuqiang.xian@intel.com> 36191 36192 Add missing copyright notice in DFG JIT files 36193 https://bugs.webkit.org/show_bug.cgi?id=69809 36194 36195 Reviewed by Gavin Barraclough. 36196 36197 * dfg/DFGJITCodeGenerator32_64.cpp: 36198 * dfg/DFGJITCompiler32_64.cpp: 36199 * dfg/DFGJITCompilerInlineMethods.h: 36200 * dfg/DFGSpeculativeJIT32_64.cpp: 36201 362022011-10-10 Filip Pizlo <fpizlo@apple.com> 36203 36204 DFG JSVALUE64 spill/fill code should not box integers and doubles 36205 https://bugs.webkit.org/show_bug.cgi?id=69782 36206 36207 Reviewed by Oliver Hunt. 36208 36209 Added the notion of DataFormatInteger and DataFormatDouble to the spillFormat. 36210 This required changing all of the places that spill registers (both silently 36211 and not) and filling registers (both silently and on demand). It also required 36212 changing OSR exit to recognize that a spilled value (DisplacedInRegisterFile) 36213 may have the wrong format for the old JIT (unboxed int or double). 36214 36215 This is a slight win on Kraken (0.25%) and neutral elsewhere. 36216 36217 * dfg/DFGGenerationInfo.h: 36218 (JSC::DFG::GenerationInfo::spill): 36219 * dfg/DFGJITCodeGenerator.h: 36220 (JSC::DFG::JITCodeGenerator::silentFillFPR): 36221 (JSC::DFG::JITCodeGenerator::spill): 36222 * dfg/DFGJITCodeGenerator64.cpp: 36223 (JSC::DFG::JITCodeGenerator::fillInteger): 36224 (JSC::DFG::JITCodeGenerator::fillDouble): 36225 (JSC::DFG::JITCodeGenerator::fillJSValue): 36226 * dfg/DFGJITCompiler.cpp: 36227 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 36228 * dfg/DFGSpeculativeJIT.cpp: 36229 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 36230 * dfg/DFGSpeculativeJIT.h: 36231 (JSC::DFG::ValueRecovery::displacedInRegisterFile): 36232 (JSC::DFG::ValueRecovery::virtualRegister): 36233 * dfg/DFGSpeculativeJIT64.cpp: 36234 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 36235 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 36236 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 36237 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 36238 362392011-10-10 Gavin Barraclough <baraclough@apple.com> 36240 36241 DFG JIT switch dfgConvert methods to use callOperation 36242 https://bugs.webkit.org/show_bug.cgi?id=69806 36243 36244 Reviewed by Filip Pizlo. 36245 36246 * dfg/DFGJITCodeGenerator.h: 36247 (JSC::DFG::callOperation): 36248 * dfg/DFGJITCodeGenerator32_64.cpp: 36249 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): 36250 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 36251 * dfg/DFGJITCodeGenerator64.cpp: 36252 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): 36253 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 36254 * dfg/DFGOperations.h: 36255 362562011-10-10 Gavin Barraclough <baraclough@apple.com> 36257 36258 Remove some unused methods from the DFG JIT. 36259 36260 Rubber stamped by Oliver Hunt 36261 36262 Thee methods were only used by the non-speculative JIT, and can be removed. 36263 36264 * dfg/DFGJITCodeGenerator.h: 36265 * dfg/DFGJITCodeGenerator32_64.cpp: 36266 * dfg/DFGJITCodeGenerator64.cpp: 36267 - removed: 36268 nonSpeculativeAdd 36269 nonSpeculativeArithSub 36270 nonSpeculativeArithMod 36271 nonSpeculativeCheckHasInstance 36272 nonSpeculativeInstanceOf 36273 * dfg/DFGOperations.cpp: 36274 * dfg/DFGOperations.h: 36275 - removed: 36276 operationArithMod 36277 operationInstanceOf 36278 operationThrowHasInstanceError 36279 362802011-10-10 Gavin Barraclough <baraclough@apple.com> 36281 36282 Switch most calls in DFGJITCodeGenerator to use callOperation. 36283 https://bugs.webkit.org/show_bug.cgi?id=69802 36284 36285 Reviewed by Oliver Hunt. 36286 36287 Compares, add, mod are the easy cases. 36288 36289 * dfg/DFGJITCodeGenerator.h: 36290 (JSC::DFG::callOperation): 36291 * dfg/DFGJITCodeGenerator32_64.cpp: 36292 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): 36293 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): 36294 (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod): 36295 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 36296 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 36297 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 36298 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): 36299 * dfg/DFGJITCodeGenerator64.cpp: 36300 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): 36301 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): 36302 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 36303 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 36304 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 36305 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): 36306 * dfg/DFGOperations.cpp: 36307 * dfg/DFGOperations.h: 36308 363092011-10-10 Gavin Barraclough <baraclough@apple.com> 36310 36311 DFG: Switch GetById / PutById to use callOperation 36312 https://bugs.webkit.org/show_bug.cgi?id=69795 36313 36314 Reviewed by Oliver Hunt. 36315 36316 Also make the take base as a cell, so 32_64 doesn't have to set up the cell tag. 36317 36318 * dfg/DFGJITCodeGenerator.h: 36319 (JSC::DFG::callOperation): 36320 * dfg/DFGJITCodeGenerator32_64.cpp: 36321 (JSC::DFG::JITCodeGenerator::cachedGetById): 36322 (JSC::DFG::JITCodeGenerator::cachedPutById): 36323 * dfg/DFGJITCodeGenerator64.cpp: 36324 (JSC::DFG::JITCodeGenerator::cachedGetById): 36325 (JSC::DFG::JITCodeGenerator::cachedPutById): 36326 * dfg/DFGOperations.cpp: 36327 * dfg/DFGOperations.h: 36328 * dfg/DFGRepatch.cpp: 36329 (JSC::DFG::appropriatePutByIdFunction): 36330 363312011-10-10 Filip Pizlo <fpizlo@apple.com> 36332 36333 REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs 36334 https://bugs.webkit.org/show_bug.cgi?id=69412 36335 36336 Reviewed by Oliver Hunt. 36337 36338 * dfg/DFGSpeculativeJIT32_64.cpp: 36339 (JSC::DFG::SpeculativeJIT::compile): 36340 * dfg/DFGSpeculativeJIT64.cpp: 36341 (JSC::DFG::SpeculativeJIT::compile): 36342 * jit/JIT.cpp: 36343 (JSC::JIT::privateCompile): 36344 * jit/JIT.h: 36345 363462011-10-10 Mark Hahnenberg <mhahnenberg@apple.com> 36347 36348 Remove getCallDataVirtual methods 36349 https://bugs.webkit.org/show_bug.cgi?id=69186 36350 36351 Reviewed by Geoffrey Garen. 36352 36353 Removed all getCallDataVirtual methods and replaced their call sites 36354 with an explicit lookup in the MethodTable. 36355 36356 * API/JSCallbackFunction.cpp: 36357 * API/JSCallbackFunction.h: 36358 * API/JSCallbackObject.h: 36359 * API/JSCallbackObjectFunctions.h: 36360 * API/JSObjectRef.cpp: 36361 (JSObjectIsFunction): 36362 (JSObjectCallAsFunction): 36363 * JavaScriptCore.exp: 36364 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 36365 * interpreter/Interpreter.cpp: 36366 (JSC::Interpreter::privateExecute): 36367 * jit/JITStubs.cpp: 36368 (JSC::DEFINE_STUB_FUNCTION): 36369 * runtime/ArrayConstructor.cpp: 36370 * runtime/ArrayConstructor.h: 36371 * runtime/BooleanConstructor.cpp: 36372 * runtime/BooleanConstructor.h: 36373 * runtime/DateConstructor.cpp: 36374 * runtime/DateConstructor.h: 36375 36376 Moved StrictModeTypeErrorFunction to Error.h in order to be able to include 36377 the class definition in JSGlobalObject.cpp. 36378 * runtime/Error.cpp: 36379 (JSC::createTypeErrorFunction): 36380 * runtime/Error.h: 36381 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): 36382 (JSC::StrictModeTypeErrorFunction::create): 36383 (JSC::StrictModeTypeErrorFunction::constructThrowTypeError): 36384 (JSC::StrictModeTypeErrorFunction::getConstructData): 36385 (JSC::StrictModeTypeErrorFunction::callThrowTypeError): 36386 (JSC::StrictModeTypeErrorFunction::getCallData): 36387 (JSC::StrictModeTypeErrorFunction::createStructure): 36388 * runtime/ErrorConstructor.cpp: 36389 * runtime/ErrorConstructor.h: 36390 * runtime/FunctionConstructor.cpp: 36391 * runtime/FunctionConstructor.h: 36392 * runtime/FunctionPrototype.cpp: 36393 * runtime/FunctionPrototype.h: 36394 36395 To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have 36396 to declare their own ClassInfo if they don't override getCallData, provided 36397 an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same 36398 functionality as of the pure virtual method InternalFunction used to have. 36399 Also made this new implementation protected rather than private for the same reason. 36400 Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever 36401 object is being created provides their own implementation of getCallData. This 36402 just makes execution fail earlier in a place where the source of the error is 36403 easy to trace. These ASSERTs are better than putting a null in the MethodTable because 36404 they appear much more intentional to anybody who fails to provide their own 36405 implementation or who tries to explicitly call InternalFunction::getCallData. 36406 * runtime/InternalFunction.cpp: 36407 (JSC::InternalFunction::finishCreation): 36408 (JSC::InternalFunction::getCallData): 36409 * runtime/InternalFunction.h: 36410 * runtime/JSCell.cpp: 36411 * runtime/JSCell.h: 36412 * runtime/JSFunction.cpp: 36413 * runtime/JSFunction.h: 36414 36415 Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable 36416 it to be reused rather than creating a new Structure every time we instantiate it. 36417 * runtime/JSGlobalObject.cpp: 36418 (JSC::JSGlobalObject::reset): 36419 (JSC::JSGlobalObject::visitChildren): 36420 * runtime/JSGlobalObject.h: 36421 (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure): 36422 * runtime/JSONObject.cpp: 36423 (JSC::Stringifier::Stringifier): 36424 (JSC::Stringifier::toJSON): 36425 (JSC::Stringifier::appendStringifiedValue): 36426 * runtime/JSObject.cpp: 36427 (JSC::JSObject::put): 36428 * runtime/JSObject.h: 36429 (JSC::getCallData): 36430 * runtime/NativeErrorConstructor.cpp: 36431 * runtime/NativeErrorConstructor.h: 36432 * runtime/NumberConstructor.cpp: 36433 * runtime/NumberConstructor.h: 36434 * runtime/ObjectConstructor.cpp: 36435 * runtime/ObjectConstructor.h: 36436 * runtime/Operations.cpp: 36437 (JSC::jsTypeStringForValue): 36438 (JSC::jsIsObjectType): 36439 (JSC::jsIsFunctionType): 36440 * runtime/PropertySlot.cpp: 36441 (JSC::PropertySlot::functionGetter): 36442 * runtime/RegExpConstructor.cpp: 36443 * runtime/RegExpConstructor.h: 36444 * runtime/StringConstructor.cpp: 36445 * runtime/StringConstructor.h: 36446 * runtime/Structure.h: 36447 364482011-10-10 Gavin Barraclough <barraclough@apple.com> 36449 36450 Switch last calls from DFGSpeculativeJIT to use callOperation. 36451 https://bugs.webkit.org/show_bug.cgi?id=69780 36452 36453 Reviewed by Oliver Hunt. 36454 36455 Also, rename type in operations for booleans from Z to B, since Z is the mathematical symbol for integers. 36456 36457 * dfg/DFGJITCodeGenerator.cpp: 36458 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): 36459 * dfg/DFGJITCodeGenerator.h: 36460 (JSC::DFG::callOperation): 36461 * dfg/DFGJITCodeGenerator32_64.cpp: 36462 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 36463 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 36464 * dfg/DFGJITCodeGenerator64.cpp: 36465 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 36466 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 36467 * dfg/DFGOperations.h: 36468 * dfg/DFGSpeculativeJIT.cpp: 36469 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 36470 * dfg/DFGSpeculativeJIT.h: 36471 * dfg/DFGSpeculativeJIT32_64.cpp: 36472 (JSC::DFG::SpeculativeJIT::compare): 36473 (JSC::DFG::SpeculativeJIT::compile): 36474 * dfg/DFGSpeculativeJIT64.cpp: 36475 (JSC::DFG::SpeculativeJIT::compare): 36476 (JSC::DFG::SpeculativeJIT::compile): 36477 * wtf/Platform.h: 36478 364792011-10-10 Yuqiang Xian <yuqiang.xian@intel.com> 36480 36481 JSVALUE32_64 DFG JIT - bug fix for V8 benchmark cases "crypto" and "raytrace" 36482 https://bugs.webkit.org/show_bug.cgi?id=69748 36483 36484 Reviewed by Filip Pizlo. 36485 36486 * dfg/DFGJITCodeGenerator32_64.cpp: 36487 (JSC::DFG::JITCodeGenerator::cachedGetMethod): 36488 * dfg/DFGSpeculativeJIT32_64.cpp: 36489 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 36490 364912011-10-10 Adam Roben <aroben@apple.com> 36492 36493 Build fix 36494 36495 * wtf/MainThread.h: Pull in Platform.h since this file uses PLATFORM() macros. 36496 364972011-10-10 Yuqiang Xian <yuqiang.xian@intel.com> 36498 36499 JSVALUE32_64 DFG JIT - Bug fix for BranchNull 36500 https://bugs.webkit.org/show_bug.cgi?id=69743 36501 36502 Reviewed by Darin Adler. 36503 36504 This fixes the error in access-binary-trees. All SunSpider cases passed. 36505 36506 * dfg/DFGJITCodeGenerator32_64.cpp: 36507 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): 36508 365092011-10-07 Gavin Barraclough <barraclough@apple.com> 36510 36511 DFG JIT: callOperation should return the Call. 36512 https://bugs.webkit.org/show_bug.cgi?id=69682 36513 36514 Reviewed by Oliver Hunt. 36515 36516 * dfg/DFGJITCodeGenerator.h: 36517 (JSC::DFG::callOperation): 36518 (JSC::DFG::appendCallWithExceptionCheckSetResult): 36519 * dfg/DFGJITCompiler.h: 36520 (JSC::DFG::JITCompiler::appendCall): 36521 * wtf/Platform.h: 36522 365232011-10-10 Sheriff Bot <webkit.review.bot@gmail.com> 36524 36525 Unreviewed, rolling out r97045. 36526 http://trac.webkit.org/changeset/97045 36527 https://bugs.webkit.org/show_bug.cgi?id=69746 36528 36529 makes apple bots very crashy :( (Requested by kling on 36530 #webkit). 36531 36532 * config.h: 36533 365342011-10-10 Andreas Kling <kling@webkit.org> 36535 36536 Shrink BorderValue. 36537 https://bugs.webkit.org/show_bug.cgi?id=69521 36538 36539 Reviewed by Antti Koivisto. 36540 36541 * config.h: Touch to force full rebuild. 36542 365432011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> 36544 36545 Improve Null or Undefined test in 32_64 DFG 36546 https://bugs.webkit.org/show_bug.cgi?id=69734 36547 36548 Reviewed by Darin Adler. 36549 36550 Currently Null or Undefined value test in 32_64 DFG will check 36551 Null and Undefined tag separately and introduce one more branch. 36552 It can be improved in the way how the baseline JIT is doing - by 36553 relying on the fact that "UndefinedTag + 1 == NullTag and NullTag & 1". 36554 36555 * dfg/DFGJITCodeGenerator32_64.cpp: 36556 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): 36557 * dfg/DFGSpeculativeJIT32_64.cpp: 36558 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 36559 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 36560 365612011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> 36562 36563 JSVALUE32_64 DFG JIT - Bug fix for ConvertThis 36564 https://bugs.webkit.org/show_bug.cgi?id=69721 36565 36566 Reviewed by Darin Adler. 36567 36568 * dfg/DFGSpeculativeJIT32_64.cpp: 36569 (JSC::DFG::SpeculativeJIT::compile): 36570 365712011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> 36572 36573 Remove unused callOperation code of DFG JIT on X86 36574 https://bugs.webkit.org/show_bug.cgi?id=69722 36575 36576 Reviewed by Filip Pizlo. 36577 36578 * dfg/DFGJITCodeGenerator.h: 36579 (JSC::DFG::callOperation): 36580 365812011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> 36582 36583 JSVALUE32_64 DFG JIT - fillJSValue with a pair of GPRs should not set the registerFormat to be DataFormatJSDouble 36584 https://bugs.webkit.org/show_bug.cgi?id=69720 36585 36586 Reviewed by Filip Pizlo. 36587 36588 In JSVALUE32_64 DFG, DataFormatJSDouble is assumed to be represented by 36589 a FPR and will be used for further optimizations, though we currently 36590 don't fully utilize it. For now when filling a JS value which was 36591 spilled as a JSDouble with a pair of GPRs, we'll set the registerFormat 36592 to DataFormatJS to avoid compilation errors. 36593 36594 * dfg/DFGJITCodeGenerator32_64.cpp: 36595 (JSC::DFG::JITCodeGenerator::fillJSValue): 36596 365972011-10-09 Filip Pizlo <fpizlo@apple.com> 36598 36599 DFG should not always speculate that a ByVal access has an integer index 36600 https://bugs.webkit.org/show_bug.cgi?id=69716 36601 36602 Reviewed by Oliver Hunt. 36603 36604 1% win on SunSpider, neutral elsewhere. 36605 36606 * dfg/DFGJITCodeGenerator.h: 36607 (JSC::DFG::callOperation): 36608 * dfg/DFGNode.h: 36609 * dfg/DFGOperations.cpp: 36610 * dfg/DFGOperations.h: 36611 * dfg/DFGPropagator.cpp: 36612 (JSC::DFG::Propagator::byValHasIntBase): 36613 (JSC::DFG::Propagator::clobbersWorld): 36614 (JSC::DFG::Propagator::getMethodLoadElimination): 36615 (JSC::DFG::Propagator::checkStructureLoadElimination): 36616 (JSC::DFG::Propagator::getByOffsetLoadElimination): 36617 (JSC::DFG::Propagator::getPropertyStorageLoadElimination): 36618 (JSC::DFG::Propagator::performNodeCSE): 36619 * dfg/DFGSpeculativeJIT32_64.cpp: 36620 (JSC::DFG::SpeculativeJIT::compile): 36621 * dfg/DFGSpeculativeJIT64.cpp: 36622 (JSC::DFG::SpeculativeJIT::compile): 36623 366242011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> 36625 36626 Fix value profiling in 32_64 JIT 36627 https://bugs.webkit.org/show_bug.cgi?id=69717 36628 36629 Reviewed by Filip Pizlo. 36630 36631 Current value profiling for 32_64 JIT is broken and cannot record 36632 correct predicated types, which results in many speculation failures 36633 in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations 36634 again and again. 36635 With this fix 32_64 DFG JIT can demonstrate real performance gains. 36636 36637 * bytecode/ValueProfile.cpp: 36638 (JSC::ValueProfile::computeStatistics): 36639 * bytecode/ValueProfile.h: 36640 (JSC::ValueProfile::classInfo): 36641 (JSC::ValueProfile::numberOfSamples): 36642 (JSC::ValueProfile::isLive): 36643 (JSC::ValueProfile::numberOfInt32s): 36644 (JSC::ValueProfile::numberOfDoubles): 36645 (JSC::ValueProfile::numberOfBooleans): 36646 (JSC::ValueProfile::dump): 36647 Empty value check should be performed on decoded JSValue, 36648 as for 32_64 empty value is not identical to encoded 0. 36649 * jit/JIT.cpp: 36650 (JSC::JIT::privateCompile): 36651 * jit/JITInlineMethods.h: 36652 (JSC::JIT::emitValueProfilingSite): 36653 * jit/JITStubCall.h: 36654 (JSC::JITStubCall::callWithValueProfiling): 36655 Record the right profiling result for 32_64. 36656 366572011-10-09 Yuqiang Xian <yuqiang.xian@intel.com> 36658 36659 Remove 32 bit restrictions in DFG JIT 36660 https://bugs.webkit.org/show_bug.cgi?id=69711 36661 36662 Reviewed by Filip Pizlo. 36663 36664 op_call/op_construct support was disabled for 32 bit DFG JIT because 36665 there was regression in javascriptcore tests. Now the bugs are fixed 36666 and there should be no regression. This makes 32 bit DFG have the same 36667 capability as 64 bit DFG, and improves the coverage. 36668 36669 * dfg/DFGCapabilities.h: 36670 (JSC::DFG::canCompileOpcode): 36671 366722011-10-08 Mark Hahnenberg <mhahnenberg@apple.com> 36673 36674 Add static version of JSCell::getConstructData 36675 https://bugs.webkit.org/show_bug.cgi?id=69673 36676 36677 Reviewed by Geoffrey Garen. 36678 36679 Added static version of getConstructData to all classes that 36680 override it and changed the virtual versions to call the static 36681 versions. This is the first step in de-virtualizing JSCell::getConstructData. 36682 36683 * API/JSCallbackConstructor.cpp: 36684 (JSC::JSCallbackConstructor::getConstructData): 36685 * API/JSCallbackConstructor.h: 36686 * API/JSCallbackObject.h: 36687 * API/JSCallbackObjectFunctions.h: 36688 (JSC::::getConstructData): 36689 * runtime/ArrayConstructor.cpp: 36690 (JSC::ArrayConstructor::getConstructData): 36691 * runtime/ArrayConstructor.h: 36692 * runtime/BooleanConstructor.cpp: 36693 (JSC::BooleanConstructor::getConstructData): 36694 * runtime/BooleanConstructor.h: 36695 * runtime/DateConstructor.cpp: 36696 (JSC::DateConstructor::getConstructData): 36697 * runtime/DateConstructor.h: 36698 * runtime/ErrorConstructor.cpp: 36699 (JSC::ErrorConstructor::getConstructData): 36700 * runtime/ErrorConstructor.h: 36701 * runtime/FunctionConstructor.cpp: 36702 (JSC::FunctionConstructor::getConstructData): 36703 * runtime/FunctionConstructor.h: 36704 * runtime/JSCell.cpp: 36705 (JSC::JSCell::getConstructData): 36706 * runtime/JSCell.h: 36707 * runtime/JSFunction.cpp: 36708 (JSC::JSFunction::getConstructData): 36709 * runtime/JSFunction.h: 36710 * runtime/NativeErrorConstructor.cpp: 36711 (JSC::NativeErrorConstructor::getConstructData): 36712 * runtime/NativeErrorConstructor.h: 36713 * runtime/NumberConstructor.cpp: 36714 (JSC::NumberConstructor::getConstructData): 36715 * runtime/NumberConstructor.h: 36716 * runtime/ObjectConstructor.cpp: 36717 (JSC::ObjectConstructor::getConstructData): 36718 * runtime/ObjectConstructor.h: 36719 * runtime/RegExpConstructor.cpp: 36720 (JSC::RegExpConstructor::getConstructData): 36721 * runtime/RegExpConstructor.h: 36722 * runtime/StringConstructor.cpp: 36723 (JSC::StringConstructor::getConstructData): 36724 * runtime/StringConstructor.h: 36725 367262011-10-08 Mark Hahnenberg <mhahnenberg@apple.com> 36727 36728 Add static version of JSCell::getOwnPropertySlot 36729 https://bugs.webkit.org/show_bug.cgi?id=69593 36730 36731 Reviewed by Geoffrey Garen. 36732 36733 Added static version of getOwnPropertySlot to every class that overrides 36734 JSCell::getOwnPropertySlot. The virtual versions now call the static versions. 36735 This is the first step in de-virtualizing JSCell::getOwnPropertySlot. 36736 36737 * JavaScriptCore.exp: 36738 * debugger/DebuggerActivation.cpp: 36739 (JSC::DebuggerActivation::getOwnPropertySlot): 36740 * debugger/DebuggerActivation.h: 36741 * runtime/Arguments.cpp: 36742 (JSC::Arguments::getOwnPropertySlot): 36743 * runtime/Arguments.h: 36744 * runtime/ArrayConstructor.h: 36745 * runtime/ArrayPrototype.cpp: 36746 (JSC::ArrayPrototype::getOwnPropertySlot): 36747 * runtime/ArrayPrototype.h: 36748 * runtime/BooleanPrototype.cpp: 36749 (JSC::BooleanPrototype::getOwnPropertySlot): 36750 * runtime/BooleanPrototype.h: 36751 * runtime/DateConstructor.cpp: 36752 (JSC::DateConstructor::getOwnPropertySlot): 36753 * runtime/DateConstructor.h: 36754 * runtime/DatePrototype.cpp: 36755 (JSC::DatePrototype::getOwnPropertySlot): 36756 * runtime/DatePrototype.h: 36757 * runtime/ErrorPrototype.cpp: 36758 (JSC::ErrorPrototype::getOwnPropertySlot): 36759 * runtime/ErrorPrototype.h: 36760 * runtime/JSActivation.cpp: 36761 (JSC::JSActivation::getOwnPropertySlot): 36762 * runtime/JSActivation.h: 36763 * runtime/JSArray.cpp: 36764 (JSC::JSArray::getOwnPropertySlot): 36765 * runtime/JSArray.h: 36766 * runtime/JSBoundFunction.cpp: 36767 (JSC::JSBoundFunction::getOwnPropertySlot): 36768 * runtime/JSBoundFunction.h: 36769 * runtime/JSByteArray.cpp: 36770 (JSC::JSByteArray::getOwnPropertySlot): 36771 * runtime/JSByteArray.h: 36772 * runtime/JSCell.cpp: 36773 (JSC::JSCell::getOwnPropertySlot): 36774 * runtime/JSCell.h: 36775 * runtime/JSFunction.cpp: 36776 (JSC::JSFunction::getOwnPropertySlot): 36777 * runtime/JSFunction.h: 36778 * runtime/JSGlobalObject.cpp: 36779 (JSC::JSGlobalObject::getOwnPropertySlot): 36780 * runtime/JSGlobalObject.h: 36781 * runtime/JSNotAnObject.cpp: 36782 (JSC::JSNotAnObject::getOwnPropertySlot): 36783 * runtime/JSNotAnObject.h: 36784 * runtime/JSONObject.cpp: 36785 (JSC::JSONObject::getOwnPropertySlot): 36786 * runtime/JSONObject.h: 36787 * runtime/JSObject.cpp: 36788 (JSC::JSObject::getOwnPropertySlot): 36789 * runtime/JSObject.h: 36790 (JSC::JSObject::getOwnPropertySlot): 36791 * runtime/JSStaticScopeObject.cpp: 36792 (JSC::JSStaticScopeObject::getOwnPropertySlot): 36793 * runtime/JSStaticScopeObject.h: 36794 * runtime/JSString.cpp: 36795 (JSC::JSString::getOwnPropertySlot): 36796 * runtime/JSString.h: 36797 * runtime/MathObject.cpp: 36798 (JSC::MathObject::getOwnPropertySlot): 36799 * runtime/MathObject.h: 36800 * runtime/NumberConstructor.cpp: 36801 (JSC::NumberConstructor::getOwnPropertySlot): 36802 * runtime/NumberConstructor.h: 36803 * runtime/NumberPrototype.cpp: 36804 (JSC::NumberPrototype::getOwnPropertySlot): 36805 * runtime/NumberPrototype.h: 36806 * runtime/ObjectConstructor.cpp: 36807 (JSC::ObjectConstructor::getOwnPropertySlot): 36808 * runtime/ObjectConstructor.h: 36809 * runtime/ObjectPrototype.cpp: 36810 (JSC::ObjectPrototype::getOwnPropertySlot): 36811 * runtime/ObjectPrototype.h: 36812 * runtime/RegExpConstructor.cpp: 36813 (JSC::RegExpConstructor::getOwnPropertySlot): 36814 * runtime/RegExpConstructor.h: 36815 * runtime/RegExpMatchesArray.h: 36816 (JSC::RegExpMatchesArray::getOwnPropertySlot): 36817 * runtime/RegExpObject.cpp: 36818 (JSC::RegExpObject::getOwnPropertySlot): 36819 * runtime/RegExpObject.h: 36820 * runtime/RegExpPrototype.cpp: 36821 (JSC::RegExpPrototype::getOwnPropertySlot): 36822 * runtime/RegExpPrototype.h: 36823 * runtime/StringConstructor.cpp: 36824 (JSC::StringConstructor::getOwnPropertySlot): 36825 * runtime/StringConstructor.h: 36826 * runtime/StringObject.cpp: 36827 (JSC::StringObject::getOwnPropertySlot): 36828 * runtime/StringObject.h: 36829 * runtime/StringPrototype.cpp: 36830 (JSC::StringPrototype::getOwnPropertySlot): 36831 * runtime/StringPrototype.h: 36832 368332011-10-08 Yuqiang Xian <yuqiang.xian@intel.com> 36834 36835 JSVALUE32_64 DFG JIT - GetLocal should produce a cell result for Array predictions 36836 https://bugs.webkit.org/show_bug.cgi?id=69699 36837 36838 Reviewed by Filip Pizlo. 36839 36840 It should match SetLocal where only payload is stored for array predictions. 36841 36842 * dfg/DFGSpeculativeJIT32_64.cpp: 36843 (JSC::DFG::SpeculativeJIT::compile): 36844 368452011-10-08 Yuqiang Xian <yuqiang.xian@intel.com> 36846 36847 JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot 36848 https://bugs.webkit.org/show_bug.cgi?id=69702 36849 36850 Reviewed by Filip Pizlo. 36851 36852 There are some errors in generating code for Branch and LogicalNot, 36853 when the operand is predicted as ObjectOrOther. 36854 36855 * dfg/DFGSpeculativeJIT32_64.cpp: 36856 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 36857 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 36858 368592011-10-08 Sheriff Bot <webkit.review.bot@gmail.com> 36860 36861 Unreviewed, rolling out r96996. 36862 http://trac.webkit.org/changeset/96996 36863 https://bugs.webkit.org/show_bug.cgi?id=69697 36864 36865 It broke all tests on the Qt bot (Requested by Ossy_night on 36866 #webkit). 36867 36868 * API/JSCallbackFunction.cpp: 36869 (JSC::JSCallbackFunction::getCallDataVirtual): 36870 * API/JSCallbackFunction.h: 36871 * API/JSCallbackObject.h: 36872 * API/JSCallbackObjectFunctions.h: 36873 (JSC::::getCallDataVirtual): 36874 * API/JSObjectRef.cpp: 36875 (JSObjectIsFunction): 36876 (JSObjectCallAsFunction): 36877 * JavaScriptCore.exp: 36878 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 36879 * interpreter/Interpreter.cpp: 36880 (JSC::Interpreter::privateExecute): 36881 * jit/JITStubs.cpp: 36882 (JSC::DEFINE_STUB_FUNCTION): 36883 * runtime/ArrayConstructor.cpp: 36884 (JSC::ArrayConstructor::getCallDataVirtual): 36885 * runtime/ArrayConstructor.h: 36886 * runtime/BooleanConstructor.cpp: 36887 (JSC::BooleanConstructor::getCallDataVirtual): 36888 * runtime/BooleanConstructor.h: 36889 * runtime/DateConstructor.cpp: 36890 (JSC::DateConstructor::getCallDataVirtual): 36891 * runtime/DateConstructor.h: 36892 * runtime/Error.cpp: 36893 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): 36894 (JSC::StrictModeTypeErrorFunction::create): 36895 (JSC::StrictModeTypeErrorFunction::constructThrowTypeError): 36896 (JSC::StrictModeTypeErrorFunction::getConstructData): 36897 (JSC::StrictModeTypeErrorFunction::callThrowTypeError): 36898 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): 36899 (JSC::StrictModeTypeErrorFunction::getCallData): 36900 (JSC::StrictModeTypeErrorFunction::createStructure): 36901 (JSC::createTypeErrorFunction): 36902 * runtime/Error.h: 36903 * runtime/ErrorConstructor.cpp: 36904 (JSC::ErrorConstructor::getCallDataVirtual): 36905 * runtime/ErrorConstructor.h: 36906 * runtime/FunctionConstructor.cpp: 36907 (JSC::FunctionConstructor::getCallDataVirtual): 36908 * runtime/FunctionConstructor.h: 36909 * runtime/FunctionPrototype.cpp: 36910 (JSC::FunctionPrototype::getCallDataVirtual): 36911 * runtime/FunctionPrototype.h: 36912 * runtime/InternalFunction.cpp: 36913 (JSC::InternalFunction::finishCreation): 36914 * runtime/InternalFunction.h: 36915 * runtime/JSCell.cpp: 36916 (JSC::JSCell::getCallDataVirtual): 36917 * runtime/JSCell.h: 36918 (JSC::getCallData): 36919 * runtime/JSFunction.cpp: 36920 (JSC::JSFunction::getCallDataVirtual): 36921 * runtime/JSFunction.h: 36922 * runtime/JSGlobalObject.cpp: 36923 (JSC::JSGlobalObject::reset): 36924 (JSC::JSGlobalObject::visitChildren): 36925 * runtime/JSGlobalObject.h: 36926 * runtime/JSONObject.cpp: 36927 (JSC::Stringifier::Stringifier): 36928 (JSC::Stringifier::toJSON): 36929 (JSC::Stringifier::appendStringifiedValue): 36930 * runtime/JSObject.cpp: 36931 (JSC::JSObject::put): 36932 * runtime/JSObject.h: 36933 * runtime/NativeErrorConstructor.cpp: 36934 (JSC::NativeErrorConstructor::getCallDataVirtual): 36935 * runtime/NativeErrorConstructor.h: 36936 * runtime/NumberConstructor.cpp: 36937 (JSC::NumberConstructor::getCallDataVirtual): 36938 * runtime/NumberConstructor.h: 36939 * runtime/ObjectConstructor.cpp: 36940 (JSC::ObjectConstructor::getCallDataVirtual): 36941 * runtime/ObjectConstructor.h: 36942 * runtime/Operations.cpp: 36943 (JSC::jsTypeStringForValue): 36944 (JSC::jsIsObjectType): 36945 (JSC::jsIsFunctionType): 36946 * runtime/PropertySlot.cpp: 36947 (JSC::PropertySlot::functionGetter): 36948 * runtime/RegExpConstructor.cpp: 36949 (JSC::RegExpConstructor::getCallDataVirtual): 36950 * runtime/RegExpConstructor.h: 36951 * runtime/StringConstructor.cpp: 36952 (JSC::StringConstructor::getCallDataVirtual): 36953 * runtime/StringConstructor.h: 36954 * runtime/Structure.h: 36955 369562011-10-08 Yuqiang Xian <yuqiang.xian@intel.com> 36957 36958 DFG JIT - only Array predictions can result in unboxed cells in register file 36959 https://bugs.webkit.org/show_bug.cgi?id=69695 36960 36961 Reviewed by Filip Pizlo. 36962 36963 In current DFG JIT, only array predictions can result in unboxed cells 36964 in register file, not for the other cell predictions. 36965 36966 * dfg/DFGSpeculativeJIT.h: 36967 (JSC::DFG::ValueSource::forPrediction): 36968 369692011-10-07 Yuqiang Xian <yuqiang.xian@intel.com> 36970 36971 bug fixes for ArrayPush and ArrayPop in 32_64 DFG JIT 36972 https://bugs.webkit.org/show_bug.cgi?id=69696 36973 36974 Reviewed by Filip Pizlo. 36975 36976 On 32-bit, we should use TimesEight (8) instead of ScalePtr (4) 36977 to compute the address of a JS array element. 36978 36979 * dfg/DFGSpeculativeJIT32_64.cpp: 36980 (JSC::DFG::SpeculativeJIT::compile): 36981 369822011-10-07 Mark Hahnenberg <mhahnenberg@apple.com> 36983 36984 Add static version of JSCell::deleteProperty 36985 https://bugs.webkit.org/show_bug.cgi?id=69659 36986 36987 Reviewed by Geoffrey Garen. 36988 36989 Added static version of both versions of put to all classes that 36990 override them and changed the virtual versions to call the static 36991 versions. This is the first step in de-virtualizing JSCell::deleteProperty. 36992 36993 * API/JSCallbackObject.h: 36994 * API/JSCallbackObjectFunctions.h: 36995 (JSC::::deleteProperty): 36996 * debugger/DebuggerActivation.cpp: 36997 (JSC::DebuggerActivation::deleteProperty): 36998 * debugger/DebuggerActivation.h: 36999 * runtime/Arguments.cpp: 37000 (JSC::Arguments::deleteProperty): 37001 * runtime/Arguments.h: 37002 * runtime/JSActivation.cpp: 37003 (JSC::JSActivation::deleteProperty): 37004 * runtime/JSActivation.h: 37005 * runtime/JSArray.cpp: 37006 (JSC::JSArray::deleteProperty): 37007 * runtime/JSArray.h: 37008 * runtime/JSCell.cpp: 37009 (JSC::JSCell::deleteProperty): 37010 * runtime/JSCell.h: 37011 * runtime/JSFunction.cpp: 37012 (JSC::JSFunction::deleteProperty): 37013 * runtime/JSFunction.h: 37014 * runtime/JSNotAnObject.cpp: 37015 (JSC::JSNotAnObject::deleteProperty): 37016 * runtime/JSNotAnObject.h: 37017 * runtime/JSObject.cpp: 37018 (JSC::JSObject::deleteProperty): 37019 * runtime/JSObject.h: 37020 * runtime/JSVariableObject.cpp: 37021 (JSC::JSVariableObject::deleteProperty): 37022 * runtime/JSVariableObject.h: 37023 * runtime/RegExpMatchesArray.h: 37024 (JSC::RegExpMatchesArray::deleteProperty): 37025 * runtime/StrictEvalActivation.cpp: 37026 (JSC::StrictEvalActivation::deleteProperty): 37027 * runtime/StrictEvalActivation.h: 37028 * runtime/StringObject.cpp: 37029 (JSC::StringObject::deleteProperty): 37030 * runtime/StringObject.h: 37031 370322011-10-07 Mark Hahnenberg <mhahnenberg@apple.com> 37033 37034 Remove getCallDataVirtual methods 37035 https://bugs.webkit.org/show_bug.cgi?id=69186 37036 37037 Reviewed by Geoffrey Garen. 37038 37039 Removed all getCallDataVirtual methods and replaced their call sites 37040 with an explicit lookup in the MethodTable. 37041 37042 * API/JSCallbackFunction.cpp: 37043 * API/JSCallbackFunction.h: 37044 * API/JSCallbackObject.h: 37045 * API/JSCallbackObjectFunctions.h: 37046 * API/JSObjectRef.cpp: 37047 (JSObjectIsFunction): 37048 (JSObjectCallAsFunction): 37049 * JavaScriptCore.exp: 37050 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 37051 * interpreter/Interpreter.cpp: 37052 (JSC::Interpreter::privateExecute): 37053 * jit/JITStubs.cpp: 37054 (JSC::DEFINE_STUB_FUNCTION): 37055 * runtime/ArrayConstructor.cpp: 37056 * runtime/ArrayConstructor.h: 37057 * runtime/BooleanConstructor.cpp: 37058 * runtime/BooleanConstructor.h: 37059 * runtime/DateConstructor.cpp: 37060 * runtime/DateConstructor.h: 37061 * runtime/Error.cpp: 37062 (JSC::createTypeErrorFunction): 37063 37064 Moved StrictModeTypeErrorFunction to Error.h in order to be able to include 37065 the class definition in JSGlobalObject.cpp. 37066 * runtime/Error.h: 37067 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): 37068 (JSC::StrictModeTypeErrorFunction::create): 37069 (JSC::StrictModeTypeErrorFunction::constructThrowTypeError): 37070 (JSC::StrictModeTypeErrorFunction::getConstructData): 37071 (JSC::StrictModeTypeErrorFunction::callThrowTypeError): 37072 (JSC::StrictModeTypeErrorFunction::getCallData): 37073 (JSC::StrictModeTypeErrorFunction::createStructure): 37074 * runtime/ErrorConstructor.cpp: 37075 * runtime/ErrorConstructor.h: 37076 * runtime/FunctionConstructor.cpp: 37077 * runtime/FunctionConstructor.h: 37078 * runtime/FunctionPrototype.cpp: 37079 * runtime/FunctionPrototype.h: 37080 37081 To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have 37082 to declare their own ClassInfo if they don't override getCallData, provided 37083 an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same 37084 functionality as of the pure virtual method InternalFunction used to have. 37085 Also made this new implementation protected rather than private for the same reason. 37086 Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever 37087 object is being created provides their own implementation of getCallData. This 37088 just makes execution fail earlier in a place where the source of the error is 37089 easy to trace. These ASSERTs are better than putting a null in the MethodTable because 37090 they appear much more intentional to anybody who fails to provide their own 37091 implementation or who tries to explicitly call InternalFunction::getCallData. 37092 * runtime/InternalFunction.cpp: 37093 (JSC::InternalFunction::finishCreation): 37094 (JSC::InternalFunction::getCallData): 37095 * runtime/InternalFunction.h: 37096 * runtime/JSCell.cpp: 37097 * runtime/JSCell.h: 37098 * runtime/JSFunction.cpp: 37099 * runtime/JSFunction.h: 37100 37101 Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable 37102 it to be reused rather than creating a new Structure every time we instantiate it. 37103 * runtime/JSGlobalObject.cpp: 37104 (JSC::JSGlobalObject::reset): 37105 (JSC::JSGlobalObject::visitChildren): 37106 * runtime/JSGlobalObject.h: 37107 (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure): 37108 * runtime/JSONObject.cpp: 37109 (JSC::Stringifier::Stringifier): 37110 (JSC::Stringifier::toJSON): 37111 (JSC::Stringifier::appendStringifiedValue): 37112 * runtime/JSObject.cpp: 37113 (JSC::JSObject::put): 37114 * runtime/JSObject.h: 37115 (JSC::getCallData): 37116 * runtime/NativeErrorConstructor.cpp: 37117 * runtime/NativeErrorConstructor.h: 37118 * runtime/NumberConstructor.cpp: 37119 * runtime/NumberConstructor.h: 37120 * runtime/ObjectConstructor.cpp: 37121 * runtime/ObjectConstructor.h: 37122 * runtime/Operations.cpp: 37123 (JSC::jsTypeStringForValue): 37124 (JSC::jsIsObjectType): 37125 (JSC::jsIsFunctionType): 37126 * runtime/PropertySlot.cpp: 37127 (JSC::PropertySlot::functionGetter): 37128 * runtime/RegExpConstructor.cpp: 37129 * runtime/RegExpConstructor.h: 37130 * runtime/StringConstructor.cpp: 37131 * runtime/StringConstructor.h: 37132 * runtime/Structure.h: 37133 371342011-10-07 Oliver Hunt <oliver@apple.com> 37135 37136 Add missing break statement. 37137 37138 Reviewed by Gavin Barraclough. 37139 37140 * dfg/DFGPropagator.cpp: 37141 (JSC::DFG::Propagator::propagateNodePredictions): 37142 371432011-10-07 Oliver Hunt <oliver@apple.com> 37144 37145 Support some string intrinsics in the DFG JIT 37146 https://bugs.webkit.org/show_bug.cgi?id=69678 37147 37148 Reviewed by Gavin Barraclough. 37149 37150 Add support for charAt and charCodeAt intrinsics in the DFG. 37151 37152 * create_hash_table: 37153 * dfg/DFGByteCodeParser.cpp: 37154 (JSC::DFG::ByteCodeParser::handleIntrinsic): 37155 * dfg/DFGIntrinsic.h: 37156 * dfg/DFGNode.h: 37157 * dfg/DFGPropagator.cpp: 37158 (JSC::DFG::Propagator::propagateNodePredictions): 37159 (JSC::DFG::Propagator::performNodeCSE): 37160 * dfg/DFGSpeculativeJIT.cpp: 37161 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): 37162 * dfg/DFGSpeculativeJIT.h: 37163 * dfg/DFGSpeculativeJIT32_64.cpp: 37164 (JSC::DFG::SpeculativeJIT::compile): 37165 * dfg/DFGSpeculativeJIT64.cpp: 37166 (JSC::DFG::SpeculativeJIT::compile): 37167 371682011-10-07 Mark Hahnenberg <mhahnenberg@apple.com> 37169 37170 Add static version of JSCell::put 37171 https://bugs.webkit.org/show_bug.cgi?id=69382 37172 37173 Reviewed by Geoffrey Garen. 37174 37175 Added static version of both versions of put to all classes that 37176 override them and changed the virtual versions to call the static 37177 versions. 37178 37179 * API/JSCallbackObject.h: 37180 * API/JSCallbackObjectFunctions.h: 37181 (JSC::::put): 37182 * JavaScriptCore.exp: 37183 * debugger/DebuggerActivation.cpp: 37184 (JSC::DebuggerActivation::put): 37185 * debugger/DebuggerActivation.h: 37186 * runtime/Arguments.cpp: 37187 (JSC::Arguments::put): 37188 * runtime/Arguments.h: 37189 * runtime/JSActivation.cpp: 37190 (JSC::JSActivation::put): 37191 * runtime/JSActivation.h: 37192 * runtime/JSArray.cpp: 37193 (JSC::JSArray::put): 37194 * runtime/JSArray.h: 37195 * runtime/JSByteArray.cpp: 37196 (JSC::JSByteArray::put): 37197 * runtime/JSByteArray.h: 37198 * runtime/JSCell.cpp: 37199 (JSC::JSCell::put): 37200 * runtime/JSCell.h: 37201 * runtime/JSFunction.cpp: 37202 (JSC::JSFunction::put): 37203 * runtime/JSFunction.h: 37204 * runtime/JSGlobalObject.cpp: 37205 (JSC::JSGlobalObject::put): 37206 * runtime/JSGlobalObject.h: 37207 * runtime/JSNotAnObject.cpp: 37208 (JSC::JSNotAnObject::put): 37209 * runtime/JSNotAnObject.h: 37210 * runtime/JSObject.cpp: 37211 (JSC::JSObject::put): 37212 * runtime/JSObject.h: 37213 * runtime/JSStaticScopeObject.cpp: 37214 (JSC::JSStaticScopeObject::put): 37215 * runtime/JSStaticScopeObject.h: 37216 * runtime/ObjectPrototype.cpp: 37217 (JSC::ObjectPrototype::put): 37218 * runtime/ObjectPrototype.h: 37219 * runtime/RegExpConstructor.cpp: 37220 (JSC::RegExpConstructor::put): 37221 * runtime/RegExpConstructor.h: 37222 * runtime/RegExpMatchesArray.h: 37223 (JSC::RegExpMatchesArray::put): 37224 * runtime/RegExpObject.cpp: 37225 (JSC::RegExpObject::put): 37226 * runtime/RegExpObject.h: 37227 * runtime/StringObject.cpp: 37228 (JSC::StringObject::put): 37229 * runtime/StringObject.h: 37230 372312011-10-07 Gavin Barraclough <barraclough@apple.com> 37232 37233 Refactor DFG to make for use of callOperation 37234 https://bugs.webkit.org/show_bug.cgi?id=69672 37235 37236 Reviewed by Oliver Hunt. 37237 37238 * dfg/DFGJITCodeGenerator.h: 37239 (JSC::DFG::callOperation): 37240 - Added new callOperation calls, don't ASSERT flushed (use helpers for unexpected calls, too). 37241 * dfg/DFGOperations.cpp: 37242 * dfg/DFGOperations.h: 37243 - Switch operationNewObject/operationCreateThis to return Cells, 37244 - Added C_DFGOperation_E/C_DFGOperation_EC/J_DFGOperation_EA/J_DFGOperation_EJA call types. 37245 * dfg/DFGSpeculativeJIT32_64.cpp: 37246 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 37247 (JSC::DFG::SpeculativeJIT::emitBranch): 37248 (JSC::DFG::SpeculativeJIT::compile): 37249 - Replace code plating calls to operations to with calls to callOperation. 37250 * dfg/DFGSpeculativeJIT64.cpp: 37251 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 37252 (JSC::DFG::SpeculativeJIT::emitBranch): 37253 (JSC::DFG::SpeculativeJIT::compile): 37254 - Replace code plating calls to operations to with calls to callOperation. 37255 372562011-10-07 Oliver Hunt <oliver@apple.com> 37257 37258 Support string indexing in the DFG 37259 https://bugs.webkit.org/show_bug.cgi?id=69671 37260 37261 Reviewed by Gavin Barraclough. 37262 37263 Emit code to support inline indexing of strings 37264 37265 * dfg/DFGSpeculativeJIT.cpp: 37266 (JSC::DFG::SpeculativeJIT::compileGetByValOnString): 37267 Shared code to perform string indexing. 37268 * dfg/DFGSpeculativeJIT.h: 37269 * dfg/DFGSpeculativeJIT32_64.cpp: 37270 (JSC::DFG::SpeculativeJIT::compile): 37271 * dfg/DFGSpeculativeJIT64.cpp: 37272 (JSC::DFG::SpeculativeJIT::compile): 37273 Use compileGetByValOnString if we predict that the base object 37274 is a string in GetByVal. 37275 * runtime/JSString.h: 37276 (JSC::JSString::offsetOfFiberCount): 37277 (JSC::JSString::offsetOfValue): 37278 372792011-10-07 Filip Pizlo <fpizlo@apple.com> 37280 37281 DFG ConvertThis speculation logic is wrong 37282 https://bugs.webkit.org/show_bug.cgi?id=69663 37283 37284 Reviewed by Oliver Hunt. 37285 37286 * dfg/DFGPropagator.cpp: 37287 (JSC::DFG::Propagator::fixupNode): 37288 * dfg/DFGSpeculativeJIT32_64.cpp: 37289 (JSC::DFG::SpeculativeJIT::compile): 37290 * dfg/DFGSpeculativeJIT64.cpp: 37291 (JSC::DFG::SpeculativeJIT::compile): 37292 372932011-10-07 Oliver Hunt <oliver@apple.com> 37294 37295 Verify that our call speculation is valid. 37296 37297 Reviewed by Filip Pizlo. 37298 37299 Before specialising an intrinsic we need to verify that 37300 we our speculation is correct. 37301 37302 * dfg/DFGByteCodeParser.cpp: 37303 (JSC::DFG::ByteCodeParser::parseBlock): 37304 373052011-10-07 Brent Fulgham <bfulgham@webkit.org> 37306 37307 [WinCairo] Unreviewed build correction for the build bot. 37308 37309 * JavaScriptCore.vcproj/JavaScriptCore.sln: Add the missing 37310 Release_Cairo_CFLite and Debug_Cairo_CFLite targets so that 37311 build-jsc can find the target it needs to run the JSC tests. 37312 373132011-10-07 Oliver Hunt <oliver@apple.com> 37314 37315 Fix 32-bit build. 37316 37317 * jit/JITCall32_64.cpp: 37318 (JSC::JIT::compileOpCall): 37319 373202011-10-07 Oliver Hunt <oliver@apple.com> 37321 37322 Support direct calls to intrinsic functions 37323 https://bugs.webkit.org/show_bug.cgi?id=69646 37324 37325 Reviewed by Gavin Barraclough. 37326 37327 Add support for optimising non-method_check calls 37328 to intrinsic functions (eg. when Math.abs, etc are 37329 cached in local variables). 37330 37331 * bytecode/CodeBlock.h: 37332 (JSC::getCallLinkInfoBytecodeIndex): 37333 Support searching CallLinkInfos by bytecode index 37334 * dfg/DFGByteCodeParser.cpp: 37335 (JSC::DFG::ByteCodeParser::parseBlock): 37336 Add support for linked calls in addition to method_check 37337 when searching for intrinsics 37338 * dfg/DFGNode.h: 37339 (JSC::DFG::Node::hasFunctionCheckData): 37340 (JSC::DFG::Node::function): 37341 Add ability to store a JSFunction* in a node - this is safe 37342 as the function will be marked by the codeblock we're compiling 37343 * dfg/DFGPropagator.cpp: 37344 (JSC::DFG::Propagator::propagateNodePredictions): 37345 (JSC::DFG::Propagator::checkFunctionElimination): 37346 (JSC::DFG::Propagator::performNodeCSE): 37347 Add support for new CheckFunction node, and implement CSE pass. 37348 * dfg/DFGSpeculativeJIT32_64.cpp: 37349 (JSC::DFG::SpeculativeJIT::compile): 37350 * dfg/DFGSpeculativeJIT64.cpp: 37351 (JSC::DFG::SpeculativeJIT::compile): 37352 Rather trivial implementation of CheckFunction 37353 * jit/JIT.cpp: 37354 (JSC::JIT::privateCompile): 37355 * jit/JIT.h: 37356 * jit/JITCall.cpp: 37357 (JSC::JIT::compileOpCall): 37358 * jit/JITCall32_64.cpp: 37359 (JSC::JIT::compileOpCall): 37360 Need to propagate bytecode index for calls now. 37361 373622011-10-07 Dominic Cooney <dominicc@chromium.org> 37363 37364 [JSC] Disable ThreadRestrictionVerifier for JIT ExecutableMemoryHandles 37365 https://bugs.webkit.org/show_bug.cgi?id=69599 37366 37367 Reviewed by Sam Weinig. 37368 37369 DFG JIT manipulates MetaAllocatorHandles across threads, eg in 37370 allocating JITCode buffers on a background thread to execute a 37371 proxy autoconfiguration PAC file but garbage collecting it in 37372 response to allocation on the main thread. Disabling 37373 ThreadRestrictionVerification until there is a verification scheme 37374 that understands this handoff. 37375 37376 * wtf/MetaAllocator.cpp: 37377 (WTF::MetaAllocator::allocate): 37378 373792011-10-06 Filip Pizlo <fpizlo@apple.com> 37380 37381 DFG should not always speculate that ConvertThis is operating on an object 37382 https://bugs.webkit.org/show_bug.cgi?id=69570 37383 37384 Reviewed by Oliver Hunt. 37385 37386 Mostly neutral, but with a slight regression in Kraken since it increases 37387 coverage in DFG and thus reveals some performance pathologies (which I 37388 prefer to think of as performance opportunities, in a good way). 37389 37390 * bytecode/PredictedType.cpp: 37391 (JSC::predictionToString): 37392 * bytecode/PredictedType.h: 37393 (JSC::isOtherPrediction): 37394 (JSC::mergePredictions): 37395 * dfg/DFGPropagator.cpp: 37396 (JSC::DFG::Propagator::propagateNodePredictions): 37397 * dfg/DFGSpeculativeJIT32_64.cpp: 37398 (JSC::DFG::SpeculativeJIT::compile): 37399 * dfg/DFGSpeculativeJIT64.cpp: 37400 (JSC::DFG::SpeculativeJIT::compile): 37401 374022011-10-06 Mark Hahnenberg <mhahnenberg@apple.com> 37403 37404 Windows build fix 37405 37406 Unreviewed build fix. Weird runtime failures on Windows due to 37407 linking issues caused by the ClassInfo struct in JSByteArray not 37408 being declared with JS_EXPORTDATA. 37409 37410 * runtime/JSByteArray.h: 37411 374122011-10-06 Filip Pizlo <fpizlo@apple.com> 37413 37414 Structure does not reset m_previous when pinning the property map 37415 https://bugs.webkit.org/show_bug.cgi?id=69583 37416 37417 Reviewed by Gavin Barraclough. 37418 37419 This is an 0.6% performance improvement in V8, and 0.2% overall. 37420 37421 * runtime/Structure.cpp: 37422 (JSC::Structure::changePrototypeTransition): 37423 (JSC::Structure::despecifyFunctionTransition): 37424 (JSC::Structure::getterSetterTransition): 37425 (JSC::Structure::toDictionaryTransition): 37426 (JSC::Structure::preventExtensionsTransition): 37427 (JSC::Structure::addPropertyWithoutTransition): 37428 (JSC::Structure::removePropertyWithoutTransition): 37429 (JSC::Structure::pin): 37430 * runtime/Structure.h: 37431 374322011-10-06 Anders Carlsson <andersca@apple.com> 37433 37434 When building with clang, enable -Wglobal-constructors and -Wexit-time-destructors 37435 https://bugs.webkit.org/show_bug.cgi?id=69586 37436 37437 Reviewed by Darin Adler. 37438 37439 * Configurations/Base.xcconfig: 37440 Add -Wglobal-constructors and -Wexit-time-destructors when building with clang. 37441 37442 * JavaScriptCore.xcodeproj/project.pbxproj: 37443 When building with clang, we don't need to run the check-for-global-initializers and 37444 check-for-exit-time-destructors anymore. 37445 37446 * jsc.cpp: 37447 (runInteractive): 37448 Move interpreterName into runInteractive. 37449 37450 * wtf/StdLibExtras.h: 37451 When building with clang, disable the -Wglobal-constructors and -Wexit-time-destructors 37452 warnings around the variable declaration. 37453 374542011-10-06 Anders Carlsson <andersca@apple.com> 37455 37456 Add DEFINE_DEBUG_ONLY_GLOBAL for globals that should be defined in debug builds 37457 https://bugs.webkit.org/show_bug.cgi?id=69584 37458 37459 Reviewed by Darin Adler. 37460 37461 Add DEFINE_DEBUG_ONLY_GLOBAL macro. 37462 37463 * wtf/StdLibExtras.h: 37464 374652011-10-06 Oliver Hunt <oliver@apple.com> 37466 37467 Write barrier shouldn't allocate temporaries inside control flow 37468 https://bugs.webkit.org/show_bug.cgi?id=69582 37469 37470 Reviewed by Gavin Barraclough. 37471 37472 Reorder the code to avoid spill-related badness. 37473 37474 * dfg/DFGJITCodeGenerator.cpp: 37475 (JSC::DFG::JITCodeGenerator::writeBarrier): 37476 374772011-10-06 Filip Pizlo <fpizlo@apple.com> 37478 37479 DFG::shouldSpeculate methods are too complicated 37480 https://bugs.webkit.org/show_bug.cgi?id=69560 37481 37482 Reviewed by Geoffrey Garen. 37483 37484 Moved shouldSpeculate methods to DFG::Node, and cleaned them up to 37485 just use node predictions. 37486 37487 By itself this would have meant that SpeculativeJIT code would have 37488 had to say things like m_jit.graph()[nodeIndex].shouldSpeculateXYZ(). 37489 So this adds an at(NodeIndex) method to JITCodeGenerator. I replaced 37490 all uses of the m_jit.graph()[nodeIndex] idiom with at(nodeIndex). 37491 37492 This is an 0.4% progression overall that shows up in all benchmarks, 37493 for reasons unknown. 37494 37495 * dfg/DFGJITCodeGenerator.h: 37496 (JSC::DFG::JITCodeGenerator::at): 37497 (JSC::DFG::JITCodeGenerator::canReuse): 37498 (JSC::DFG::JITCodeGenerator::isFilled): 37499 (JSC::DFG::JITCodeGenerator::isFilledDouble): 37500 (JSC::DFG::JITCodeGenerator::use): 37501 (JSC::DFG::JITCodeGenerator::silentSpillFPR): 37502 (JSC::DFG::JITCodeGenerator::silentFillGPR): 37503 (JSC::DFG::JITCodeGenerator::silentFillFPR): 37504 (JSC::DFG::detectPeepHoleBranch): 37505 (JSC::DFG::integerResult): 37506 (JSC::DFG::noResult): 37507 (JSC::DFG::cellResult): 37508 (JSC::DFG::jsValueResult): 37509 (JSC::DFG::storageResult): 37510 (JSC::DFG::doubleResult): 37511 (JSC::DFG::initConstantInfo): 37512 (JSC::DFG::appendCallWithExceptionCheck): 37513 * dfg/DFGJITCodeGenerator32_64.cpp: 37514 (JSC::DFG::JITCodeGenerator::fillInteger): 37515 (JSC::DFG::JITCodeGenerator::fillDouble): 37516 (JSC::DFG::JITCodeGenerator::fillJSValue): 37517 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): 37518 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 37519 (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber): 37520 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): 37521 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): 37522 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): 37523 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 37524 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 37525 (JSC::DFG::JITCodeGenerator::emitCall): 37526 * dfg/DFGJITCodeGenerator64.cpp: 37527 (JSC::DFG::JITCodeGenerator::fillInteger): 37528 (JSC::DFG::JITCodeGenerator::fillDouble): 37529 (JSC::DFG::JITCodeGenerator::fillJSValue): 37530 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 37531 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): 37532 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 37533 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 37534 (JSC::DFG::JITCodeGenerator::emitCall): 37535 * dfg/DFGNode.h: 37536 (JSC::DFG::Node::shouldSpeculateInteger): 37537 (JSC::DFG::Node::shouldSpeculateDouble): 37538 (JSC::DFG::Node::shouldSpeculateNumber): 37539 (JSC::DFG::Node::shouldNotSpeculateInteger): 37540 (JSC::DFG::Node::shouldSpeculateFinalObject): 37541 (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther): 37542 (JSC::DFG::Node::shouldSpeculateArray): 37543 (JSC::DFG::Node::shouldSpeculateArrayOrOther): 37544 (JSC::DFG::Node::shouldSpeculateObject): 37545 (JSC::DFG::Node::shouldSpeculateCell): 37546 (JSC::DFG::Node::canSpeculateInteger): 37547 * dfg/DFGSpeculativeJIT.cpp: 37548 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): 37549 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 37550 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 37551 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 37552 (JSC::DFG::SpeculativeJIT::compile): 37553 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 37554 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 37555 * dfg/DFGSpeculativeJIT.h: 37556 (JSC::DFG::SpeculativeJIT::isInteger): 37557 (JSC::DFG::SpeculativeJIT::isKnownArray): 37558 (JSC::DFG::SpeculativeJIT::isKnownString): 37559 * dfg/DFGSpeculativeJIT32_64.cpp: 37560 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 37561 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 37562 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 37563 (JSC::DFG::SpeculativeJIT::convertToDouble): 37564 (JSC::DFG::SpeculativeJIT::compare): 37565 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 37566 (JSC::DFG::SpeculativeJIT::emitBranch): 37567 (JSC::DFG::SpeculativeJIT::compile): 37568 * dfg/DFGSpeculativeJIT64.cpp: 37569 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 37570 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 37571 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 37572 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 37573 (JSC::DFG::SpeculativeJIT::compare): 37574 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 37575 (JSC::DFG::SpeculativeJIT::emitBranch): 37576 (JSC::DFG::SpeculativeJIT::compile): 37577 375782011-10-06 Gavin Peters <gavinp@chromium.org> 37579 37580 REGRESSION (r96595): First frame in assertion backtraces is no longer labeled "1" 37581 https://bugs.webkit.org/show_bug.cgi?id=69556 37582 37583 Reviewed by Adam Roben. 37584 37585 * wtf/Assertions.cpp: 37586 375872011-10-06 Filip Pizlo <fpizlo@apple.com> 37588 37589 DFG implementation of UInt32ToNumber is missing a break statement 37590 https://bugs.webkit.org/show_bug.cgi?id=69552 37591 37592 Reviewed by Oliver Hunt. 37593 37594 * dfg/DFGSpeculativeJIT32_64.cpp: 37595 (JSC::DFG::SpeculativeJIT::compile): 37596 * dfg/DFGSpeculativeJIT64.cpp: 37597 (JSC::DFG::SpeculativeJIT::compile): 37598 375992011-10-06 Gavin Barraclough <barraclough@apple.com> 37600 37601 Unreviewed build fix for DFG JIT 32_64 release builds. 37602 37603 * dfg/DFGJITCompiler.cpp: 37604 * dfg/DFGJITCompiler.h: 37605 * dfg/DFGJITCompiler32_64.cpp: 37606 - Remove three unused methods. 37607 376082011-10-06 Gavin Barraclough <barraclough@apple.com> 37609 37610 DFG JIT 32_64 should check type of values being filled by fillSpeculateInt 37611 https://bugs.webkit.org/show_bug.cgi?id=69549 37612 37613 Reviewed by Oliver Hunt. 37614 37615 This breaks sunspider/3d-cube. 37616 37617 * dfg/DFGSpeculativeJIT32_64.cpp: 37618 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 37619 - Speculation check on the tag. 37620 376212011-10-06 Mark Hahnenberg <mhahnenberg@apple.com> 37622 37623 Snow Leopard build fix 37624 37625 Unreviewed build fix 37626 37627 * JavaScriptCore.exp: 37628 376292011-10-05 Gavin Barraclough <barraclough@apple.com> 37630 37631 Add explicit JSGlobalThis type. 37632 https://bugs.webkit.org/show_bug.cgi?id=69478 37633 37634 Reviewed by Darin Adler. 37635 37636 JSC supports a split global object, as used by WebCore for the Window. As a stage 37637 of making this visible to JSC, make it so that if the global this value is not the 37638 global object itself, it must be a subclass of JSGlobalThis. 37639 37640 * API/JSCallbackObjectFunctions.h: 37641 (JSC::::finishCreation): 37642 - Don't pass the thisValue to JSGlobalObject::finishCreation. 37643 * JavaScriptCore.xcodeproj/project.pbxproj: 37644 - Added JSGlobalThis.h 37645 * jsc.cpp: 37646 (GlobalObject::finishCreation): 37647 - Don't pass the thisValue to JSGlobalObject::finishCreation. 37648 * runtime/JSGlobalObject.h: 37649 (JSC::JSGlobalObject::create): 37650 (JSC::JSGlobalObject::finishCreation): 37651 - finishCreation takes a JSGlobalThis, or thisValue is implicit. 37652 * runtime/JSGlobalThis.h: Added. 37653 (JSC::JSGlobalThis::create): 37654 (JSC::JSGlobalThis::JSGlobalThis): 37655 (JSC::JSGlobalThis::finishCreation): 37656 - Thin wrapper on JSNonFinalObject to allow type checking. 37657 * testRegExp.cpp: 37658 (GlobalObject::finishCreation): 37659 - Don't pass the thisValue to JSGlobalObject::finishCreation. 37660 376612011-10-06 Mark Hahnenberg <mhahnenberg@apple.com> 37662 37663 JSC objects need to know their own cell size at runtime. 37664 https://bugs.webkit.org/show_bug.cgi?id=69390 37665 37666 Reviewed by Geoffrey Garen. 37667 37668 Added the cellSize field to ClassInfo and the static calculation of 37669 size of each class to the CREATE_METHOD_TABLE macro, which will be 37670 renamed in a followup patch to make its name match its broader use. 37671 37672 Also added a few ClassInfo structs so that each object that is allocated has its 37673 correct size. 37674 37675 * JavaScriptCore.exp: 37676 * runtime/ClassInfo.h: 37677 37678 Changed JSByteArray s_defaultInfo to s_info so that the template will get the 37679 correct ClassInfo struct from it when it's allocated. 37680 * runtime/JSByteArray.cpp: 37681 * runtime/JSByteArray.h: 37682 * runtime/JSCell.h: 37683 (JSC::allocateCell): 37684 * runtime/JSNotAnObject.cpp: 37685 * runtime/JSNotAnObject.h: 37686 * runtime/JSObject.cpp: 37687 * runtime/JSObject.h: 37688 (JSC::JSCell::cellSize): 37689 * runtime/JSStaticScopeObject.cpp: 37690 * runtime/JSStaticScopeObject.h: 37691 * runtime/StrictEvalActivation.cpp: 37692 * runtime/StrictEvalActivation.h: 37693 376942011-10-06 Gavin Peters <gavinp@chromium.org> 37695 37696 export new stack dumping method 37697 https://bugs.webkit.org/show_bug.cgi?id=69018 37698 37699 The original landing of bug 69018 didn't export WTFGetBacktrace, so that when bug 69453 landed, the first use 37700 of this function, many builds broke. So here we add the exports, so that the function is usable. 37701 37702 Reviewed by Adam Roben. 37703 37704 * JavaScriptCore.exp: 37705 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 37706 377072011-10-06 Csaba Osztrogonác <ossy@webkit.org> 37708 37709 REGRESSION(r96347): Build is broken with MSVC compiler if !PLATFORM(WINDOWS) 37710 https://bugs.webkit.org/show_bug.cgi?id=69413 37711 37712 Reviewed by Darin Adler. 37713 37714 * assembler/MacroAssemblerCodeRef.h: Define STDCALL for MSVC in a proper way. 37715 377162011-10-05 Filip Pizlo <fpizlo@apple.com> 37717 37718 SpeculativeJIT::isKnownString() is wrong 37719 https://bugs.webkit.org/show_bug.cgi?id=69501 37720 37721 Reviewed by Oliver Hunt. 37722 37723 Removed the wrong case (GetLocal predicted String) and added a case that 37724 works (StrCat). 37725 37726 * dfg/DFGSpeculativeJIT.h: 37727 (JSC::DFG::SpeculativeJIT::isKnownString): 37728 377292011-10-05 Ryosuke Niwa <rniwa@webkit.org> 37730 37731 Windows build fix attempt after r96760. 37732 37733 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 37734 377352011-10-05 Chris Rogers <crogers@google.com> 37736 37737 Define a log2f() function for Windows in wtf/MathExtras.h 37738 https://bugs.webkit.org/show_bug.cgi?id=69491 37739 37740 Reviewed by Darin Adler. 37741 37742 * wtf/MathExtras.h: 37743 (log2f): 37744 377452011-10-05 Jer Noble <jer.noble@apple.com> 37746 37747 Enable WEB_AUDIO by default in the WebKit/mac port. 37748 https://bugs.webkit.org/show_bug.cgi?id=68587 37749 37750 Reviewed by Simon Fraser. 37751 37752 * Configurations/FeatureDefines.xcconfig: 37753 * wtf/Platform.h: 37754 377552011-10-05 Filip Pizlo <fpizlo@apple.com> 37756 37757 Assertion hit in JSC::DFG::SpeculativeJIT::compile on SL bots 37758 https://bugs.webkit.org/show_bug.cgi?id=69346 37759 37760 Reviewed by Oliver Hunt. 37761 37762 Removed the assertion, since it was completely wrong for op_post_inc. 37763 Short of having specialized PostInc nodes in the DFG, there is no 37764 robust way of asserting what this assertion was trying to assert while 37765 also supporting op_post_inc. 37766 37767 * dfg/DFGByteCodeParser.cpp: 37768 (JSC::DFG::ByteCodeParser::parseBlock): 37769 * dfg/DFGSpeculativeJIT64.cpp: 37770 (JSC::DFG::SpeculativeJIT::compile): 37771 * dfg/DFGSpeculativeJIT32_64.cpp: 37772 (JSC::DFG::SpeculativeJIT::compile): 37773 377742011-10-05 Geoffrey Garen <ggaren@apple.com> 37775 37776 Added a simpler mechanism for registering one-off finalizers 37777 https://bugs.webkit.org/show_bug.cgi?id=69466 37778 37779 Reviewed by Oliver Hunt. 37780 37781 * heap/Heap.cpp: 37782 (JSC::Heap::addFinalizer): 37783 (JSC::Heap::FinalizerOwner::finalize): 37784 * heap/Heap.h: New function for adding an arbitrary finalizer for an 37785 arbitrary cell without declaring any special classes or Handles yourself. 37786 37787 * JavaScriptCore.exp: Fix build. 37788 37789 * runtime/Executable.cpp: 37790 (JSC::ExecutableBase::clearCode): 37791 (JSC::ExecutableBase::clearCodeVirtual): 37792 (JSC::EvalExecutable::clearCodeVirtual): 37793 (JSC::ProgramExecutable::clearCodeVirtual): 37794 (JSC::FunctionExecutable::discardCode): 37795 (JSC::FunctionExecutable::clearCodeVirtual): 37796 * runtime/Executable.h: 37797 (JSC::ExecutableBase::finishCreation): Use the new mechanism for eager 37798 finalization of executables. 37799 37800 * runtime/JSGlobalObject.cpp: 37801 (JSC::JSGlobalObject::clearRareData): 37802 * runtime/JSGlobalObject.h: 37803 (JSC::JSGlobalObject::createRareDataIfNeeded): 37804 (JSC::JSGlobalObject::registerWeakMap): Use the new mechanism for eager 37805 finalization of weak maps. 37806 378072011-10-05 Adam Roben <aroben@apple.com> 37808 37809 Ensure RetainPtr::hashTableDeletedValue returns a pointer, not a pointer to a pointer 37810 37811 RetainPtr's behavior of allowing the template parameter to be either a pointer type or a 37812 pointed-to type confused us when we implemented hashTableDeletedValue. 37813 37814 Fixes <http://webkit.org/b/69414> <rdar://problem/10236833> Using RetainPtr as the key type 37815 in HashMap/HashSet fails to compile 37816 37817 Reviewed by John Sullivan. 37818 37819 * wtf/RetainPtr.h: 37820 (WTF::RetainPtr::hashTableDeletedValue): Changed to use the PtrType typedef rather than T*, 37821 since T might itself be a pointer. 37822 37823 (WTF::PtrHash<RetainPtr<P> >): Updated this to use PtrType everywhere, even though T* didn't 37824 seem to be causing a problem. 37825 378262011-10-05 Oliver Hunt <oliver@apple.com> 37827 37828 Remove last vestiges of anonymous storage. 37829 37830 Reviewed by Gavin Barraclough. 37831 37832 One anonymous storage function escaped my prior purge of 37833 this feature, this patch removes it. 37834 37835 * runtime/JSGlobalObject.h: 37836 (JSC::JSGlobalObject::finishCreation): 37837 * runtime/JSObject.h: 37838 378392011-10-04 Filip Pizlo <fpizlo@apple.com> 37840 37841 DFG should be capable of a broader range of speculations on branch and not 37842 https://bugs.webkit.org/show_bug.cgi?id=69322 37843 37844 Reviewed by Oliver Hunt. 37845 37846 * bytecode/PredictedType.h: 37847 (JSC::isFinalObjectOrOtherPrediction): 37848 (JSC::isArrayOrOtherPrediction): 37849 * dfg/DFGJITCodeGenerator.cpp: 37850 * dfg/DFGJITCodeGenerator.h: 37851 (JSC::DFG::JITCodeGenerator::JITCodeGenerator): 37852 * dfg/DFGJITCodeGenerator32_64.cpp: 37853 (JSC::DFG::JITCodeGenerator::fillDouble): 37854 (JSC::DFG::JITCodeGenerator::fillJSValue): 37855 * dfg/DFGJITCodeGenerator64.cpp: 37856 (JSC::DFG::JITCodeGenerator::fillDouble): 37857 (JSC::DFG::JITCodeGenerator::fillJSValue): 37858 * dfg/DFGOperations.cpp: 37859 * dfg/DFGSpeculativeJIT.h: 37860 (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObjectOrOther): 37861 (JSC::DFG::SpeculativeJIT::shouldSpeculateArrayOrOther): 37862 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 37863 * dfg/DFGSpeculativeJIT32_64.cpp: 37864 (JSC::DFG::SpeculativeJIT::emitBranch): 37865 * dfg/DFGSpeculativeJIT64.cpp: 37866 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): 37867 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 37868 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): 37869 (JSC::DFG::SpeculativeJIT::emitBranch): 37870 378712011-10-05 Sheriff Bot <webkit.review.bot@gmail.com> 37872 37873 Unreviewed, rolling out r96733. 37874 http://trac.webkit.org/changeset/96733 37875 https://bugs.webkit.org/show_bug.cgi?id=69454 37876 37877 Broke GCC for some reason (Requested by andersca on #webkit). 37878 37879 * wtf/ListHashSet.h: 37880 (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator): 37881 (WTF::ListHashSetReverseIterator::get): 37882 (WTF::ListHashSetReverseIterator::operator*): 37883 (WTF::ListHashSetReverseIterator::operator->): 37884 (WTF::ListHashSetReverseIterator::operator++): 37885 (WTF::ListHashSetReverseIterator::operator--): 37886 (WTF::ListHashSetReverseIterator::operator==): 37887 (WTF::ListHashSetReverseIterator::operator!=): 37888 (WTF::ListHashSetReverseIterator::operator const_reverse_iterator): 37889 (WTF::ListHashSetReverseIterator::node): 37890 (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator): 37891 (WTF::ListHashSetConstReverseIterator::get): 37892 (WTF::ListHashSetConstReverseIterator::operator*): 37893 (WTF::ListHashSetConstReverseIterator::operator->): 37894 (WTF::ListHashSetConstReverseIterator::operator++): 37895 (WTF::ListHashSetConstReverseIterator::operator--): 37896 (WTF::ListHashSetConstReverseIterator::operator==): 37897 (WTF::ListHashSetConstReverseIterator::operator!=): 37898 (WTF::ListHashSetConstReverseIterator::node): 37899 (WTF::::rbegin): 37900 (WTF::::rend): 37901 (WTF::::makeReverseIterator): 37902 (WTF::::makeConstReverseIterator): 37903 379042011-10-04 Oliver Hunt <oliver@apple.com> 37905 37906 Add rudimentary filtering to write barriers 37907 https://bugs.webkit.org/show_bug.cgi?id=69392 37908 37909 Reviewed by Filip Pizlo. 37910 37911 Add approximate filtering for write barriers based on the 37912 target's mark bit. Also add some macros to support dumping 37913 GC phase timings. 37914 37915 * dfg/DFGJITCodeGenerator.cpp: 37916 (JSC::DFG::JITCodeGenerator::markCellCard): 37917 * heap/Heap.cpp: 37918 (JSC::GCTimer::GCTimerScope::GCTimerScope): 37919 (JSC::GCTimer::GCTimerScope::~GCTimerScope): 37920 (JSC::Heap::markRoots): 37921 (JSC::Heap::collect): 37922 Add phase timing information. 37923 * heap/MarkedBlock.h: 37924 (JSC::MarkedBlock::offsetOfMarks): 37925 (JSC::MarkedBlock::gatherDirtyCells): 37926 * jit/JITPropertyAccess.cpp: 37927 (JSC::JIT::emitWriteBarrier): 37928 379292011-10-05 Anders Carlsson <andersca@apple.com> 37930 37931 Use std::reverse_iterator for ListHashSet reverse iterators 37932 https://bugs.webkit.org/show_bug.cgi?id=69446 37933 37934 Reviewed by Darin Adler. 37935 37936 * wtf/ListHashSet.h: 37937 Use the std::reverse_iterator iterator adaptor for the ListHashSet reverse iterators 37938 and get rid of the ListHashSetReverseIterator and ListHashSetConstReverseIterator classes. 37939 379402011-10-04 Gavin Barraclough <barraclough@apple.com> 37941 37942 Make Object.prototype getter/setter methods match ES5 behaviour 37943 https://bugs.webkit.org/show_bug.cgi?id=69393 37944 37945 Reviewed by Sam Weinig. 37946 37947 The rest of Object.prototype no longer substitute Null/Undefined with the global object, 37948 this is old ES3 behaviour. Remove it here too. 37949 37950 * runtime/ObjectPrototype.cpp: 37951 (JSC::objectProtoFuncDefineGetter): 37952 (JSC::objectProtoFuncDefineSetter): 37953 (JSC::objectProtoFuncLookupGetter): 37954 (JSC::objectProtoFuncLookupSetter): 37955 379562011-10-05 Patrick Gansterer <paroga@webkit.org> 37957 37958 Get rid of posixThread in MachineStackMarker::Thread 37959 https://bugs.webkit.org/show_bug.cgi?id=54836 37960 37961 Reviewed by Oliver Hunt. 37962 37963 * heap/MachineStackMarker.cpp: 37964 (JSC::MachineThreads::Thread::Thread): 37965 (JSC::getCurrentPlatformThread): 37966 (JSC::equalThread): 37967 (JSC::MachineThreads::addCurrentThread): 37968 (JSC::MachineThreads::removeCurrentThread): 37969 (JSC::MachineThreads::gatherConservativeRoots): 37970 379712011-10-04 Geoffrey Garen <ggaren@apple.com> 37972 37973 Removed JSValue::toJSNumber 37974 https://bugs.webkit.org/show_bug.cgi?id=69399 37975 37976 No perf. change. 37977 37978 toJSNumber() used to provide an implicit fast path for immediate numbers, 37979 but those fast paths are all explicit now, so it's just cruft. 37980 37981 * interpreter/Interpreter.cpp: 37982 (JSC::Interpreter::privateExecute): 37983 * jit/JITStubs.cpp: 37984 (JSC::DEFINE_STUB_FUNCTION): 37985 * runtime/JSValue.h: 37986 * runtime/JSValueInlineMethods.h: 37987 379882011-10-05 Gavin Peters <gavinp@chromium.org> 37989 37990 REGRESSION (r96595): WTFReportBacktrace listed as the top frame in all assertion backtraces 37991 https://bugs.webkit.org/show_bug.cgi?id=69424 37992 37993 Skip an extra frame in WTFReportBacktrace. As well, I now don't count skipped frames in maxFrames, 37994 so I've updated maxFrames to 31, as with one skipped frame the previous value was effectively 37995 31 reported frames. 37996 37997 Reviewed by Adam Roben. 37998 37999 * wtf/Assertions.cpp: 38000 * wtf/Assertions.h: 38001 380022011-10-05 Patrick Gansterer <paroga@webkit.org> 38003 38004 Unreviewed WinCE build fix for r96595. 38005 38006 * wtf/Assertions.cpp: 38007 RtlCaptureStackBackTrace() isn't available on WinCE. 38008 380092011-10-04 Kent Tamura <tkent@chromium.org> 38010 38011 Introduce feature flags for incomplete input types 38012 https://bugs.webkit.org/show_bug.cgi?id=68971 38013 38014 Reviewed by Hajime Morita. 38015 38016 * Configurations/FeatureDefines.xcconfig: 38017 Add ENABLE_INPUT_TYPE_* flags. They are enabled only for iOS. 38018 380192011-10-04 Geoffrey Garen <ggaren@apple.com> 38020 38021 Build fix. 38022 38023 * jit/JITStubs.cpp: 38024 (JSC::DEFINE_STUB_FUNCTION): Use an explicit cast when shortening. 38025 380262011-10-04 Mark Hahnenberg <mhahnenberg@apple.com> 38027 38028 Add static ClassInfo structs to classes that override JSCell::getCallData 38029 https://bugs.webkit.org/show_bug.cgi?id=69311 38030 38031 Reviewed by Darin Adler. 38032 38033 Added ClassInfo structs to each class that defined its own getCallData 38034 function but did not already have its own ClassInfo struct. This is a 38035 necessary addition for when we switch over to looking up getCallData from 38036 the MethodTable in ClassInfo rather than doing the virtual call (which we 38037 are removing). These new ClassInfo structs are public because we often 38038 use these structs in other areas of the code to uniquely identify JSC classes and 38039 to enforce runtime invariants based on those class identities using ASSERTs. 38040 Also added new createStructure methods to those classes that didn't have 38041 them so that the new ClassInfo structs would be used when creating the Structures 38042 in these classes. 38043 38044 * runtime/BooleanConstructor.cpp: 38045 * runtime/BooleanConstructor.h: 38046 (JSC::BooleanConstructor::createStructure): 38047 38048 getCallData was not marked as static in StrictModeTypeErrorFunction. 38049 * runtime/Error.cpp: 38050 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): 38051 (JSC::StrictModeTypeErrorFunction::getCallData): 38052 (JSC::StrictModeTypeErrorFunction::createStructure): 38053 * runtime/ErrorConstructor.cpp: 38054 * runtime/ErrorConstructor.h: 38055 (JSC::ErrorConstructor::createStructure): 38056 * runtime/FunctionConstructor.cpp: 38057 * runtime/FunctionConstructor.h: 38058 (JSC::FunctionConstructor::createStructure): 38059 * runtime/FunctionPrototype.cpp: 38060 * runtime/FunctionPrototype.h: 38061 380622011-10-03 Geoffrey Garen <ggaren@apple.com> 38063 38064 Some JSValue cleanup 38065 https://bugs.webkit.org/show_bug.cgi?id=69320 38066 38067 Reviewed by Darin Adler. 38068 38069 No measurable performance change. 38070 38071 Removed some JSValue::get* functions. get* used to be an optimization 38072 when every value operation was a virtual function call: get* would combine 38073 two virtual calls into one. Now, with non-virtual, inlined functions, get* 38074 isn't faster, and may be slightly slower. 38075 38076 Merged getBoolean(bool&) and getBoolean() into asBoolean(). 38077 38078 Merged uncheckedGetNumber(), getJSNumber() and getNumber() into 38079 asNumber(). 38080 38081 * runtime/JSValue.h: 38082 * runtime/JSValueInlineMethods.h: 38083 (JSC::JSValue::asNumber): 38084 (JSC::JSValue::asBoolean): As promised! 38085 38086 * runtime/NumberPrototype.cpp: 38087 (JSC::toThisNumber): 38088 (JSC::numberProtoFuncToExponential): 38089 (JSC::numberProtoFuncToFixed): 38090 (JSC::numberProtoFuncToPrecision): 38091 (JSC::numberProtoFuncToString): 38092 (JSC::numberProtoFuncToLocaleString): 38093 (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber() 38094 by switching to toThisNumber(). 38095 38096 * API/JSCallbackObjectFunctions.h: 38097 (JSC::::toNumber): 38098 * dfg/DFGGraph.h: 38099 (JSC::DFG::Graph::valueOfNumberConstant): 38100 (JSC::DFG::Graph::valueOfBooleanConstant): 38101 * dfg/DFGOperations.cpp: 38102 (JSC::DFG::putByVal): 38103 * interpreter/Interpreter.cpp: 38104 (JSC::Interpreter::privateExecute): 38105 * jit/JITStubs.cpp: 38106 (JSC::DEFINE_STUB_FUNCTION): 38107 * runtime/DateInstance.h: 38108 (JSC::DateInstance::internalNumber): 38109 * runtime/FunctionPrototype.cpp: 38110 (JSC::functionProtoFuncBind): 38111 * runtime/JSArray.cpp: 38112 (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber(). 38113 getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber(). 38114 38115 * runtime/JSCell.cpp: 38116 * runtime/JSCell.h: Nixed getJSNumber(). 38117 38118 * runtime/JSGlobalObjectFunctions.cpp: 38119 (JSC::globalFuncParseInt): 38120 * runtime/JSONObject.cpp: 38121 (JSC::gap): 38122 (JSC::Stringifier::Stringifier): 38123 (JSC::Stringifier::appendStringifiedValue): 38124 * runtime/NumberObject.cpp: 38125 * runtime/NumberObject.h: 38126 (JSC::NumberObject::createStructure): 38127 * runtime/Operations.h: 38128 (JSC::JSValue::equalSlowCaseInline): 38129 (JSC::JSValue::strictEqual): 38130 (JSC::jsLess): 38131 (JSC::jsLessEq): 38132 (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber(). 38133 getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber(). 38134 381352011-10-04 Scott Graham <scottmg@chromium.org> 38136 38137 Add GAMEPAD feature flag 38138 https://bugs.webkit.org/show_bug.cgi?id=66859 38139 38140 Reviewed by Darin Fisher. 38141 38142 * Configurations/FeatureDefines.xcconfig: 38143 381442011-10-03 Filip Pizlo <fpizlo@apple.com> 38145 38146 JITCodeGenerator should no longer have code that tries too hard 38147 to be both speculative and non-speculative 38148 https://bugs.webkit.org/show_bug.cgi?id=69321 38149 38150 Reviewed by Gavin Barraclough. 38151 38152 Removed m_isSpeculative and speculationCheck() from JITCodeGenerator. 38153 This required moving emitBranch() to SpeculativeJIT, since it was 38154 the main user of that field and method. Other than trvial clean-ups 38155 in emitBranch(), the code is unchanged (and still has some disparity 38156 between 64 and 32_64, and still lacks some obvious optimizations). 38157 38158 * dfg/DFGJITCodeGenerator.cpp: 38159 * dfg/DFGJITCodeGenerator.h: 38160 (JSC::DFG::JITCodeGenerator::JITCodeGenerator): 38161 * dfg/DFGJITCodeGenerator32_64.cpp: 38162 (JSC::DFG::JITCodeGenerator::fillDouble): 38163 (JSC::DFG::JITCodeGenerator::fillJSValue): 38164 * dfg/DFGJITCodeGenerator64.cpp: 38165 (JSC::DFG::JITCodeGenerator::fillDouble): 38166 (JSC::DFG::JITCodeGenerator::fillJSValue): 38167 * dfg/DFGSpeculativeJIT.h: 38168 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 38169 * dfg/DFGSpeculativeJIT32_64.cpp: 38170 (JSC::DFG::SpeculativeJIT::emitBranch): 38171 * dfg/DFGSpeculativeJIT64.cpp: 38172 (JSC::DFG::SpeculativeJIT::emitBranch): 38173 381742011-10-04 David Hyatt <hyatt@apple.com> 38175 38176 https://bugs.webkit.org/show_bug.cgi?id=69372 38177 38178 [CSS3 Regions] Make sure overflow:visible lets content spill out of regions. 38179 38180 Add support for reverse iteration to ListHashSet to support being able to walk them 38181 backwards easily. 38182 38183 Reviewed by Anders Carlsson. 38184 38185 * wtf/ListHashSet.h: 38186 (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator): 38187 (WTF::ListHashSetReverseIterator::get): 38188 (WTF::ListHashSetReverseIterator::operator*): 38189 (WTF::ListHashSetReverseIterator::operator->): 38190 (WTF::ListHashSetReverseIterator::operator++): 38191 (WTF::ListHashSetReverseIterator::operator--): 38192 (WTF::ListHashSetReverseIterator::operator==): 38193 (WTF::ListHashSetReverseIterator::operator!=): 38194 (WTF::ListHashSetReverseIterator::operator const_reverse_iterator): 38195 (WTF::ListHashSetReverseIterator::node): 38196 (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator): 38197 (WTF::ListHashSetConstReverseIterator::get): 38198 (WTF::ListHashSetConstReverseIterator::operator*): 38199 (WTF::ListHashSetConstReverseIterator::operator->): 38200 (WTF::ListHashSetConstReverseIterator::operator++): 38201 (WTF::ListHashSetConstReverseIterator::operator--): 38202 (WTF::ListHashSetConstReverseIterator::operator==): 38203 (WTF::ListHashSetConstReverseIterator::operator!=): 38204 (WTF::ListHashSetConstReverseIterator::node): 38205 (WTF::::rbegin): 38206 (WTF::::rend): 38207 (WTF::::makeReverseIterator): 38208 (WTF::::makeConstReverseIterator): 38209 (WTF::::makeConstIterator): 38210 382112011-10-04 Gavin Peters <gavinp@chromium.org> 38212 38213 fix gtk breakage caused by changeset 96595 38214 https://bugs.webkit.org/show_bug.cgi?id=69371 38215 38216 ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes 38217 the pretty printer on gtk, which should fix the build on that platform. 38218 38219 Reviewed by NOBODY, this is a build fix. 38220 38221 * wtf/Assertions.cpp: 38222 382232011-10-04 Sheriff Bot <webkit.review.bot@gmail.com> 38224 38225 Unreviewed, rolling out r96630. 38226 http://trac.webkit.org/changeset/96630 38227 https://bugs.webkit.org/show_bug.cgi?id=69368 38228 38229 Caused assertion failures in validateCell (Requested by 38230 mhahnenberg on #webkit). 38231 38232 * runtime/BooleanConstructor.cpp: 38233 * runtime/BooleanConstructor.h: 38234 * runtime/Error.cpp: 38235 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): 38236 (JSC::StrictModeTypeErrorFunction::getCallData): 38237 * runtime/ErrorConstructor.cpp: 38238 * runtime/ErrorConstructor.h: 38239 * runtime/FunctionConstructor.cpp: 38240 * runtime/FunctionConstructor.h: 38241 * runtime/FunctionPrototype.cpp: 38242 * runtime/FunctionPrototype.h: 38243 382442011-10-04 Mark Hahnenberg <mhahnenberg@apple.com> 38245 38246 Add static ClassInfo structs to classes that override JSCell::getCallData 38247 https://bugs.webkit.org/show_bug.cgi?id=69311 38248 38249 Reviewed by Darin Adler. 38250 38251 Added ClassInfo structs to each class that defined its own getCallData 38252 function but did not already have its own ClassInfo struct. This is a 38253 necessary addition for when we switch over to looking up getCallData from 38254 the MethodTable in ClassInfo rather than doing the virtual call (which we 38255 are removing). These new ClassInfo structs are public because we often 38256 use these structs in other areas of the code to uniquely identify JSC classes and 38257 to enforce runtime invariants based on those class identities using ASSERTs. 38258 38259 * runtime/BooleanConstructor.cpp: 38260 * runtime/BooleanConstructor.h: 38261 38262 getCallData was not marked as static is StrictModeTypeErrorFunction. 38263 * runtime/Error.cpp: 38264 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): 38265 (JSC::StrictModeTypeErrorFunction::getCallData): 38266 * runtime/ErrorConstructor.cpp: 38267 * runtime/ErrorConstructor.h: 38268 * runtime/FunctionConstructor.cpp: 38269 * runtime/FunctionConstructor.h: 38270 * runtime/FunctionPrototype.cpp: 38271 * runtime/FunctionPrototype.h: 38272 382732011-10-04 Ryosuke Niwa <rniwa@webkit.org> 38274 38275 Leopard build fix after r96613. 38276 38277 * wtf/Platform.h: 38278 382792011-10-04 Mark Hahnenberg <mhahnenberg@apple.com> 38280 38281 Implicitly add toString and valueOf to prototype when convertToType callback is provided 38282 https://bugs.webkit.org/show_bug.cgi?id=69156 38283 38284 Reviewed by Geoffrey Garen. 38285 38286 Added callbacks for toString and valueOf which are implicitly added to a client object's 38287 prototype if they provide a convertToType callback when declaring their class through 38288 the JSC API. 38289 38290 * API/JSCallbackFunction.cpp: 38291 (JSC::JSCallbackFunction::toStringCallback): 38292 (JSC::JSCallbackFunction::valueOfCallback): 38293 * API/JSCallbackFunction.h: 38294 * API/JSClassRef.cpp: 38295 (OpaqueJSClass::prototype): 38296 * API/tests/testapi.js: 38297 382982011-10-03 Jon Lee <jonlee@apple.com> 38299 38300 Extend DOM WheelEvent to differentiate between physical and logical scroll directions 38301 https://bugs.webkit.org/show_bug.cgi?id=68959 38302 <rdar://problem/10036688> 38303 38304 Reviewed by Sam Weinig. 38305 38306 * wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later. 38307 383082011-10-04 Csaba Osztrogonác <ossy@webkit.org> 38309 38310 MinGW warning fix after r96286. 38311 38312 Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h: 38313 #define __stdcall __attribute__((stdcall)) 38314 #define STDCALL __stdcall 38315 38316 Reviewed by Tor Arne Vestbø. 38317 38318 * assembler/MacroAssemblerCodeRef.h: 38319 383202011-10-04 Gavin Peters <gavinp@chromium.org> 38321 38322 add more stack dumping methods 38323 https://bugs.webkit.org/show_bug.cgi?id=69018 38324 38325 In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets 38326 WebKit programmatically retrieve the current stack. This is useful if you need to add more 38327 reporting to field crash report uploads, if you're tracking down an irreproducable bug, 38328 for instance. 38329 38330 Reviewed by Darin Adler. 38331 38332 * wtf/Assertions.cpp: 38333 * wtf/Assertions.h: 38334 383352011-10-03 Filip Pizlo <fpizlo@apple.com> 38336 38337 DFG should inline Array.push and Array.pop 38338 https://bugs.webkit.org/show_bug.cgi?id=69314 38339 38340 Reviewed by Geoff Garen. 38341 38342 Fix 32-bit. 38343 38344 * dfg/DFGSpeculativeJIT32_64.cpp: 38345 (JSC::DFG::SpeculativeJIT::compile): 38346 383472011-10-03 Filip Pizlo <fpizlo@apple.com> 38348 38349 DFG should inline Array.push and Array.pop 38350 https://bugs.webkit.org/show_bug.cgi?id=69314 38351 38352 Reviewed by Oliver Hunt. 38353 38354 1% speed-up in V8 due to 6% speed-up in V8-deltablue. 38355 38356 * assembler/MacroAssemblerX86_64.h: 38357 (JSC::MacroAssemblerX86_64::storePtr): 38358 * create_hash_table: 38359 * dfg/DFGByteCodeParser.cpp: 38360 (JSC::DFG::ByteCodeParser::handleIntrinsic): 38361 (JSC::DFG::ByteCodeParser::parseBlock): 38362 * dfg/DFGGraph.cpp: 38363 (JSC::DFG::Graph::dump): 38364 * dfg/DFGIntrinsic.h: 38365 * dfg/DFGNode.h: 38366 (JSC::DFG::Node::hasHeapPrediction): 38367 * dfg/DFGOperations.cpp: 38368 * dfg/DFGOperations.h: 38369 * dfg/DFGPropagator.cpp: 38370 (JSC::DFG::Propagator::propagateNodePredictions): 38371 (JSC::DFG::Propagator::getByValLoadElimination): 38372 (JSC::DFG::Propagator::getMethodLoadElimination): 38373 * dfg/DFGSpeculativeJIT32_64.cpp: 38374 (JSC::DFG::SpeculativeJIT::compile): 38375 * dfg/DFGSpeculativeJIT64.cpp: 38376 (JSC::DFG::SpeculativeJIT::compile): 38377 383782011-10-03 Filip Pizlo <fpizlo@apple.com> 38379 38380 JSC ASSERT Opening the Web Inspector 38381 https://bugs.webkit.org/show_bug.cgi?id=69293 38382 38383 Reviewed by Oliver Hunt. 38384 38385 If a polymorphic access structure list has a duplicated structure, then 38386 don't crash. 38387 38388 * dfg/DFGByteCodeParser.cpp: 38389 (JSC::DFG::ByteCodeParser::parseBlock): 38390 383912011-10-03 Gavin Barraclough <barraclough@apple.com> 38392 38393 On X86, switch bucketCount into a register, timeoutCheck into memory 38394 https://bugs.webkit.org/show_bug.cgi?id=69299 38395 38396 Reviewed by Geoff Garen. 38397 38398 We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi; 38399 it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!), 38400 but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub 38401 function too frequently (regressing performance). This patch has no perf impact on sunspider. 38402 38403 * JavaScriptCore.xcodeproj/project.pbxproj: 38404 * assembler/MacroAssemblerX86.h: 38405 (JSC::MacroAssemblerX86::branchAdd32): 38406 (JSC::MacroAssemblerX86::branchSub32): 38407 - Added branchSub32 with AbsoluteAddress. 38408 * jit/JIT.cpp: 38409 (JSC::JIT::emitTimeoutCheck): 38410 - Keep timeout count in memory on X86. 38411 * jit/JITInlineMethods.h: 38412 (JSC::JIT::emitValueProfilingSite): 38413 - remove X86 specific code, switch bucket count back into a register. 38414 * jit/JITStubs.cpp: 38415 - Stop initializing esi (it is no longer the timeoutCheck!) 38416 * jit/JSInterfaceJIT.h: 38417 - change definition of esi to be the bucketCountRegister. 38418 * runtime/JSGlobalData.cpp: 38419 (JSC::JSGlobalData::JSGlobalData): 38420 * runtime/JSGlobalData.h: 38421 - Add timeoutCount as a property to global data (the counter should be per-thread). 38422 384232011-10-03 Filip Pizlo <fpizlo@apple.com> 38424 38425 DFG backends don't have access to per-node predictions from the propagator 38426 https://bugs.webkit.org/show_bug.cgi?id=69291 38427 38428 Reviewed by Oliver Hunt. 38429 38430 Nodes now have two notion of predictions: the heap prediction, which is 38431 what came directly from value profiling, and the propagator's predictions, 38432 which arise out of abstract interpretation. Every node has a propagator 38433 prediction, but not every node has a heap prediction; and there is no 38434 guarantee that a node that has both will keep them consistent as the 38435 propagator may have additional information available to it. 38436 38437 This is performance neutral. 38438 38439 * dfg/DFGGraph.cpp: 38440 (JSC::DFG::Graph::dump): 38441 * dfg/DFGGraph.h: 38442 * dfg/DFGJITCompiler.h: 38443 (JSC::DFG::JITCompiler::getPrediction): 38444 * dfg/DFGNode.h: 38445 (JSC::DFG::Node::Node): 38446 (JSC::DFG::Node::hasHeapPrediction): 38447 (JSC::DFG::Node::getHeapPrediction): 38448 (JSC::DFG::Node::predictHeap): 38449 (JSC::DFG::Node::prediction): 38450 (JSC::DFG::Node::predict): 38451 * dfg/DFGPropagator.cpp: 38452 (JSC::DFG::Propagator::Propagator): 38453 (JSC::DFG::Propagator::setPrediction): 38454 (JSC::DFG::Propagator::mergePrediction): 38455 (JSC::DFG::Propagator::propagateNodePredictions): 38456 (JSC::DFG::Propagator::fixupNode): 38457 (JSC::DFG::Propagator::isPredictedNumerical): 38458 (JSC::DFG::Propagator::logicalNotIsPure): 38459 (JSC::DFG::Propagator::setReplacement): 38460 384612011-10-03 Jer Noble <jer.noble@apple.com> 38462 38463 Unreviewed, rolling out r96526. 38464 http://trac.webkit.org/changeset/96526 38465 https://bugs.webkit.org/show_bug.cgi?id=68587 38466 38467 WEB_AUDIO has numerous 64->32 bit casting warnings, causing 38468 build breakages where -Wall is enabled. 38469 38470 * Configurations/FeatureDefines.xcconfig: 38471 * wtf/Platform.h: 38472 384732011-10-03 Gavin Barraclough <barraclough@apple.com> 38474 38475 Unreviewed build fix for DFG JIT 32_64. 38476 38477 * dfg/DFGJITCompiler32_64.cpp: 38478 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 38479 * dfg/DFGSpeculativeJIT32_64.cpp: 38480 (JSC::DFG::SpeculativeJIT::compile): 38481 384822011-10-02 Filip Pizlo <fpizlo@apple.com> 38483 38484 DFG should speculate more aggressively on obvious cases on 38485 polymorphic get_by_id 38486 https://bugs.webkit.org/show_bug.cgi?id=69235 38487 38488 Reviewed by Oliver Hunt. 38489 38490 This implements trivial polymorphic get_by_id. It also fixes 38491 problems in the CSE for CheckStructure in the put_by_id 38492 transition case. 38493 38494 Doing this required knowing whether a polymorphic get_by_id stub 38495 was doing a direct access rather than a call of some kind. 38496 38497 Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the 38498 scaled mean of all benchmarks. 38499 38500 * GNUmakefile.list.am: 38501 * JavaScriptCore.xcodeproj/project.pbxproj: 38502 * bytecode/Instruction.h: 38503 (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): 38504 (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): 38505 * dfg/DFGByteCodeParser.cpp: 38506 (JSC::DFG::ByteCodeParser::cellConstant): 38507 (JSC::DFG::ByteCodeParser::parseBlock): 38508 * dfg/DFGGraph.cpp: 38509 (JSC::DFG::Graph::dump): 38510 * dfg/DFGGraph.h: 38511 (JSC::DFG::Graph::addStructureSet): 38512 (JSC::DFG::Graph::addStructureTransitionData): 38513 * dfg/DFGNode.h: 38514 (JSC::DFG::StructureTransitionData::StructureTransitionData): 38515 (JSC::DFG::Node::hasStructureTransitionData): 38516 (JSC::DFG::Node::structureTransitionData): 38517 (JSC::DFG::Node::hasStructureSet): 38518 (JSC::DFG::Node::structureSet): 38519 * dfg/DFGPropagator.cpp: 38520 (JSC::DFG::Propagator::checkStructureLoadElimination): 38521 (JSC::DFG::Propagator::performNodeCSE): 38522 * dfg/DFGRepatch.cpp: 38523 (JSC::DFG::tryBuildGetByIDList): 38524 (JSC::DFG::tryBuildGetByIDProtoList): 38525 * dfg/DFGSpeculativeJIT32_64.cpp: 38526 (JSC::DFG::SpeculativeJIT::compile): 38527 * dfg/DFGSpeculativeJIT64.cpp: 38528 (JSC::DFG::SpeculativeJIT::compile): 38529 * dfg/DFGStructureSet.h: Added. 38530 (JSC::DFG::StructureSet::StructureSet): 38531 (JSC::DFG::StructureSet::add): 38532 (JSC::DFG::StructureSet::addAll): 38533 (JSC::DFG::StructureSet::remove): 38534 (JSC::DFG::StructureSet::contains): 38535 (JSC::DFG::StructureSet::isSubsetOf): 38536 (JSC::DFG::StructureSet::isSupersetOf): 38537 (JSC::DFG::StructureSet::size): 38538 (JSC::DFG::StructureSet::at): 38539 (JSC::DFG::StructureSet::operator[]): 38540 (JSC::DFG::StructureSet::last): 38541 * jit/JITPropertyAccess.cpp: 38542 (JSC::JIT::privateCompileGetByIdSelfList): 38543 (JSC::JIT::privateCompileGetByIdProtoList): 38544 (JSC::JIT::privateCompileGetByIdChainList): 38545 * jit/JITPropertyAccess32_64.cpp: 38546 (JSC::JIT::privateCompileGetByIdSelfList): 38547 (JSC::JIT::privateCompileGetByIdProtoList): 38548 (JSC::JIT::privateCompileGetByIdChainList): 38549 * jit/JITStubs.cpp: 38550 (JSC::DEFINE_STUB_FUNCTION): 38551 (JSC::getPolymorphicAccessStructureListSlot): 38552 385532011-10-03 Jer Noble <jer.noble@apple.com> 38554 38555 Enable WEB_AUDIO by default in the WebKit/mac port. 38556 https://bugs.webkit.org/show_bug.cgi?id=68587 38557 38558 Reviewed by Simon Fraser. 38559 38560 * Configurations/FeatureDefines.xcconfig: 38561 * wtf/Platform.h: 38562 385632011-10-03 Carlos Garcia Campos <cgarcia@igalia.com> 38564 38565 [GTK] Fix make distcheck build 38566 https://bugs.webkit.org/show_bug.cgi?id=69243 38567 38568 Reviewed by Martin Robinson. 38569 38570 * GNUmakefile.list.am: 38571 385722011-10-03 Pierre Rossi <pierre.rossi@gmail.com> 38573 38574 [Qt] Build fix: Qt::escape is deprecated in Qt5 38575 https://bugs.webkit.org/show_bug.cgi?id=69162 38576 38577 Use QString::toHtmlEscaped in the Qt5 case. 38578 38579 Reviewed by Andreas Kling. 38580 38581 * JavaScriptCore.pri: 38582 * wtf/qt/UtilsQt.h: Added. 38583 (escapeHtml): 38584 * wtf/wtf.pri: 38585 385862011-10-03 Balazs Kelemen <kbalazs@webkit.org> 38587 38588 libdispatch based ParallelJobs is not enough parallel 38589 https://bugs.webkit.org/show_bug.cgi?id=66378 38590 38591 Reviewed by Zoltan Herczeg. 38592 38593 Use the appropriate libdispatch API for our use case. 38594 Throw away the hard coded limit of parallel threads 38595 and use dispatch_apply with the default priority normal 38596 queue istead of using our own custom serial queue (which 38597 was a misuse of the API). Enabling PARALLEL_JOBS is now 38598 a 60% win (2.63x as fast) on the methanol benchmark 38599 (https://gitorious.org/methanol) with an SVG centric test set 38600 while the old implementation was almost identical (less than 5% win). 38601 38602 * wtf/ParallelJobsLibdispatch.h: 38603 (WTF::ParallelEnvironment::ParallelEnvironment): 38604 (WTF::ParallelEnvironment::execute): 38605 386062011-10-02 Zoltan Herczeg <zherczeg@webkit.org> 38607 38608 [Qt]REGRESSION(r95912): It made sputnik tests flakey 38609 https://bugs.webkit.org/show_bug.cgi?id=68990 38610 38611 Reviewed by Geoffrey Garen. 38612 38613 Changing signed char to int in r96354 solved the 38614 problem. However transitionCount still returns 38615 with a signed char and should be changed to int. 38616 38617 * runtime/Structure.h: 38618 (JSC::Structure::transitionCount): 38619 386202011-10-02 Filip Pizlo <fpizlo@apple.com> 38621 38622 DFG misses some obvious opportunities for common subexpression elimination 38623 https://bugs.webkit.org/show_bug.cgi?id=69233 38624 38625 Reviewed by Oliver Hunt. 38626 38627 0.7% speed-up on SunSpider. 38628 38629 * dfg/DFGPropagator.cpp: 38630 (JSC::DFG::Propagator::getByValLoadElimination): 38631 (JSC::DFG::Propagator::getMethodLoadElimination): 38632 (JSC::DFG::Propagator::checkStructureLoadElimination): 38633 (JSC::DFG::Propagator::getByOffsetLoadElimination): 38634 (JSC::DFG::Propagator::getPropertyStorageLoadElimination): 38635 (JSC::DFG::Propagator::performNodeCSE): 38636 386372011-10-02 Gavin Barraclough <barraclough@apple.com> 38638 38639 Bug 67455 - Different regular expression result 38640 38641 Reviewed by Darin Adler. 38642 38643 Fix a regression introduced in r72140. A return was added to the backtracking loop for 38644 backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration. 38645 This is incorrect. The additional return should only trigger to force an early return if 38646 an error has occured. 38647 38648 * yarr/YarrInterpreter.cpp: 38649 (JSC::Yarr::Interpreter::matchParentheses): 38650 - Simplify some nested if else logic. 38651 (JSC::Yarr::Interpreter::backtrackParentheses): 38652 - Simplify some nested if else logic. 38653 - Only return early from backtrackParentheses on success/error, not on failure. 38654 386552011-10-01 Geoffrey Garen <ggaren@apple.com> 38656 38657 Removed redundant helper functions for allocating Strong handles 38658 https://bugs.webkit.org/show_bug.cgi?id=69218 38659 38660 Reviewed by Sam Weinig. 38661 38662 * heap/Heap.h: 38663 (JSC::Heap::handleHeap): 38664 * runtime/JSGlobalData.h: Removed these helper functions, since they 38665 just created indirection. 38666 38667 * heap/StrongInlines.h: Added. Broke out a header for inline functions 38668 to resolve circular dependencies created by inlining. I'm told this is 38669 the future for JavaScriptCore. 38670 38671 * GNUmakefile.list.am: 38672 * JavaScriptCore.gypi: 38673 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 38674 * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build. 38675 38676 * API/JSCallbackObjectFunctions.h: 38677 (JSC::::init): 38678 * runtime/WeakGCMap.h: 38679 (JSC::WeakGCMap::add): 38680 (JSC::WeakGCMap::set): 38681 * runtime/StructureTransitionTable.h: 38682 (JSC::StructureTransitionTable::setSingleTransition): 38683 * heap/Local.h: 38684 (JSC::::Local): 38685 * heap/Strong.h: 38686 (JSC::::Strong): 38687 (JSC::::set): 38688 * heap/Weak.h: 38689 (JSC::Weak::Weak): 38690 (JSC::Weak::set): Allocate handles directly instead of going through a 38691 chain of forwarding functions. 38692 38693 * bytecompiler/BytecodeGenerator.cpp: 38694 * runtime/JSGlobalData.cpp: 38695 * runtime/LiteralParser.cpp: 38696 * runtime/RegExpCache.cpp: Updated for header changes. 38697 386982011-09-30 Filip Pizlo <fpizlo@apple.com> 38699 38700 All of JSC's heuristics should be in one place for easier tuning 38701 https://bugs.webkit.org/show_bug.cgi?id=69201 38702 38703 Reviewed by Oliver Hunt. 38704 38705 This makes it possible to change tiered compilation heuristics in 38706 one place (Heuristics.cpp) without recompiling the whole project. 38707 38708 It also makes it possible to enable setting heuristics using 38709 environment variables. This is off by default. When turned on, it 38710 makes tuning the system much easier. 38711 38712 * CMakeLists.txt: 38713 * GNUmakefile.list.am: 38714 * JavaScriptCore.pro: 38715 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 38716 * JavaScriptCore.xcodeproj/project.pbxproj: 38717 * bytecode/CodeBlock.cpp: 38718 (JSC::CodeBlock::shouldOptimizeNow): 38719 * bytecode/CodeBlock.h: 38720 * dfg/DFGJITCompiler.cpp: 38721 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 38722 * jit/JIT.cpp: 38723 (JSC::JIT::emitOptimizationCheck): 38724 * runtime/Heuristics.cpp: Added. 38725 (JSC::Heuristics::parse): 38726 (JSC::Heuristics::setHeuristic): 38727 (JSC::Heuristics::initializeHeuristics): 38728 * runtime/Heuristics.h: Added. 38729 * runtime/InitializeThreading.cpp: 38730 (JSC::initializeThreadingOnce): 38731 387322011-10-01 Oliver Hunt <oliver@apple.com> 38733 38734 Support string length in the DFG 38735 https://bugs.webkit.org/show_bug.cgi?id=69215 38736 38737 Reviewed by Geoff Garen. 38738 38739 Adds a GetStringLength node to the DFG so that we can support 38740 string.length inline. 38741 38742 * dfg/DFGNode.h: 38743 * dfg/DFGPropagator.cpp: 38744 (JSC::DFG::Propagator::propagateNodePredictions): 38745 (JSC::DFG::Propagator::fixupNode): 38746 (JSC::DFG::Propagator::performNodeCSE): 38747 * dfg/DFGSpeculativeJIT.h: 38748 (JSC::DFG::SpeculativeJIT::isKnownString): 38749 * dfg/DFGSpeculativeJIT32_64.cpp: 38750 (JSC::DFG::SpeculativeJIT::compile): 38751 * dfg/DFGSpeculativeJIT64.cpp: 38752 (JSC::DFG::SpeculativeJIT::compile): 38753 * runtime/JSString.h: 38754 (JSC::JSString::offsetOfLength): 38755 387562011-10-01 Yuqiang Xian <yuqiang.xian@intel.com> 38757 38758 JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT 38759 https://bugs.webkit.org/show_bug.cgi?id=69205 38760 38761 Reviewed by Gavin Barraclough. 38762 38763 If there are unboxed integers and cells in register file (e.g. by SetLocal), 38764 they must be reboxed before exiting from the speculative DFG JIT execution. 38765 This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new 38766 ValueRecoveryTechnique (AlreadyInRegisterFileAsCell). 38767 38768 * dfg/DFGJITCompiler32_64.cpp: 38769 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 38770 * dfg/DFGSpeculativeJIT.cpp: 38771 (JSC::DFG::ValueSource::dump): 38772 (JSC::DFG::ValueRecovery::dump): 38773 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 38774 * dfg/DFGSpeculativeJIT.h: 38775 (JSC::DFG::ValueSource::forPrediction): 38776 (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell): 38777 387782011-10-01 Sheriff Bot <webkit.review.bot@gmail.com> 38779 38780 Unreviewed, rolling out r96421. 38781 http://trac.webkit.org/changeset/96421 38782 https://bugs.webkit.org/show_bug.cgi?id=69206 38783 38784 It broke Qt-WK2 build (Requested by ossy on #webkit). 38785 38786 * JavaScriptCore.pri: 38787 * wtf/qt/UtilsQt.h: Removed. 38788 * wtf/wtf.pri: 38789 387902011-09-30 Daniel Bates <dbates@webkit.org> 38791 38792 Attempt to fix the Apple Windows and WinCairo Debug builds after 38793 <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203). 38794 38795 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol 38796 ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the 38797 corresponding function, JSValue::toStrictThisObject(), was removed. 38798 387992011-09-30 Yuqiang Xian <yuqiang.xian@intel.com> 38800 38801 DFG operation results are not set correctly in JSVALUE32_64 DFG JIT 38802 https://bugs.webkit.org/show_bug.cgi?id=69126 38803 38804 Reviewed by Gavin Barraclough. 38805 38806 The setupResults routine has the bug of reversing the source and destination. 38807 Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT. 38808 38809 * dfg/DFGJITCodeGenerator.h: 38810 (JSC::DFG::setupTwoStubArgs): 38811 (JSC::DFG::setupResults): 38812 * dfg/DFGJITCodeGenerator32_64.cpp: 38813 (JSC::DFG::JITCodeGenerator::fillJSValue): 38814 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 38815 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 38816 388172011-09-30 Gavin Barraclough <barraclough@apple.com> 38818 38819 Remove toStrictThisObject, toThisString, toThisJSString 38820 https://bugs.webkit.org/show_bug.cgi?id=69203 38821 38822 Rubber stamped by Sam Weinig 38823 38824 These are no longer used. 38825 38826 * JavaScriptCore.exp: 38827 * runtime/JSActivation.cpp: 38828 * runtime/JSActivation.h: 38829 * runtime/JSObject.cpp: 38830 * runtime/JSObject.h: 38831 * runtime/JSStaticScopeObject.cpp: 38832 * runtime/JSStaticScopeObject.h: 38833 * runtime/JSValue.h: 38834 * runtime/StrictEvalActivation.cpp: 38835 * runtime/StrictEvalActivation.h: 38836 388372011-09-30 Filip Pizlo <fpizlo@apple.com> 38838 38839 DFG does not speculate aggressively enough on put_by_id 38840 https://bugs.webkit.org/show_bug.cgi?id=69114 38841 38842 Reviewed by Oliver Hunt. 38843 38844 This adds new nodes along with optimizations for those nodes: 38845 38846 GetPropertyStorage: CheckStructure used to do both the structure 38847 check and retrieve the storage pointer. Now CheckStructure just 38848 checks the structure, and GetPropertyStorage retrieves the 38849 storage pointer. 38850 38851 PutStructure: Changes the structure, and has the expected store 38852 to load optimization with CheckStructure. 38853 38854 PutByOffset: Directly sets the value. Has store to load 38855 optimization with GetByOffset. 38856 38857 * dfg/DFGByteCodeParser.cpp: 38858 (JSC::DFG::ByteCodeParser::cellConstant): 38859 (JSC::DFG::ByteCodeParser::parseBlock): 38860 * dfg/DFGGraph.cpp: 38861 (JSC::DFG::Graph::dump): 38862 * dfg/DFGJITCodeGenerator.cpp: 38863 (JSC::DFG::JITCodeGenerator::writeBarrier): 38864 * dfg/DFGJITCodeGenerator.h: 38865 * dfg/DFGNode.h: 38866 (JSC::DFG::Node::hasStructure): 38867 (JSC::DFG::Node::hasStorageAccessData): 38868 * dfg/DFGPropagator.cpp: 38869 (JSC::DFG::Propagator::propagateNodePredictions): 38870 (JSC::DFG::Propagator::impureCSE): 38871 (JSC::DFG::Propagator::checkStructureLoadElimination): 38872 (JSC::DFG::Propagator::getByOffsetLoadElimination): 38873 (JSC::DFG::Propagator::getPropertyStorageLoadElimination): 38874 (JSC::DFG::Propagator::eliminate): 38875 (JSC::DFG::Propagator::performNodeCSE): 38876 * dfg/DFGSpeculativeJIT32_64.cpp: 38877 (JSC::DFG::SpeculativeJIT::compile): 38878 * dfg/DFGSpeculativeJIT64.cpp: 38879 (JSC::DFG::SpeculativeJIT::compile): 38880 388812011-09-30 Gavin Barraclough <barraclough@apple.com> 38882 38883 StringRecursionChecker should not work in terms of EncodedJSValue 38884 https://bugs.webkit.org/show_bug.cgi?id=69188 38885 38886 Reviewed by Oliver Hunt. 38887 38888 0 is not the empty value on 32_64. 38889 Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation. 38890 38891 * runtime/ArrayPrototype.cpp: 38892 (JSC::arrayProtoFuncToString): 38893 (JSC::arrayProtoFuncToLocaleString): 38894 (JSC::arrayProtoFuncJoin): 38895 * runtime/ErrorPrototype.cpp: 38896 (JSC::errorProtoFuncToString): 38897 * runtime/RegExpPrototype.cpp: 38898 (JSC::regExpProtoFuncToString): 38899 * runtime/StringRecursionChecker.cpp: 38900 (JSC::StringRecursionChecker::throwStackOverflowError): 38901 (JSC::StringRecursionChecker::emptyString): 38902 * runtime/StringRecursionChecker.h: 38903 (JSC::StringRecursionChecker::performCheck): 38904 (JSC::StringRecursionChecker::earlyReturnValue): 38905 389062011-09-30 Gavin Barraclough <barraclough@apple.com> 38907 38908 DFG JIT, Branch on integer can always be a 32-bit compare. 38909 https://bugs.webkit.org/show_bug.cgi?id=69174 38910 38911 Reviewed by Sam Weinig. 38912 38913 if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())), 38914 the JSVALUE64 JIT will currently compare all 64bits in the register, but in 38915 these cases the DataFormat is always a JS boxed integer. In these cases we 38916 can just compare the low 32bits anyway - no need to check the tag. 38917 This allows the code to be unified with the JSVALUE32_64 JIT. 38918 38919 * dfg/DFGSpeculativeJIT32_64.cpp: 38920 (JSC::DFG::SpeculativeJIT::compile): 38921 * dfg/DFGSpeculativeJIT64.cpp: 38922 (JSC::DFG::SpeculativeJIT::compile): 38923 389242011-09-30 Oliver Hunt <oliver@apple.com> 38925 38926 Need a sensible GGC policy 38927 38928 Reviewed by Geoff Garen. 38929 38930 This replaces the existing random collection policy 38931 with a deterministic policy based on nursery size. 38932 38933 * heap/AllocationSpace.cpp: 38934 (JSC::AllocationSpace::allocateSlowCase): 38935 * heap/Heap.cpp: 38936 (JSC::Heap::Heap): 38937 (JSC::Heap::markRoots): 38938 (JSC::Heap::collect): 38939 * heap/Heap.h: 38940 * heap/MarkedSpace.cpp: 38941 (JSC::MarkedSpace::MarkedSpace): 38942 (JSC::MarkedSpace::resetAllocator): 38943 * heap/MarkedSpace.h: 38944 (JSC::MarkedSpace::nurseryWaterMark): 38945 (JSC::MarkedSpace::allocate): 38946 389472011-09-30 Filip Pizlo <fpizlo@apple.com> 38948 38949 DFG 32-bit support for op_call and op_construct causes 38950 run-javascriptcore-tests to fail 38951 https://bugs.webkit.org/show_bug.cgi?id=69171 38952 38953 Reviewed by Gavin Barraclough. 38954 38955 This fixes one obvious bug that was causing test failures (no 38956 support for dummy slow case for op_add in 32_64), and disables 38957 op_call and op_construct by default. 38958 38959 * dfg/DFGCapabilities.h: 38960 (JSC::DFG::canCompileOpcode): 38961 * jit/JITArithmetic32_64.cpp: 38962 (JSC::JIT::emit_op_add): 38963 (JSC::JIT::emitSlow_op_add): 38964 389652011-09-30 Geoffrey Garen <ggaren@apple.com> 38966 38967 Crash due to out of bounds read/write in MarkedSpace 38968 https://bugs.webkit.org/show_bug.cgi?id=69148 38969 38970 This was a case of being surprised by a poorly aritulcated cell size limit, 38971 plus an incorrect ASSERT guarding the cell size limit. 38972 38973 Reviewed by Oliver Hunt. 38974 38975 * heap/MarkedSpace.h: 38976 (JSC::MarkedSpace::sizeClassFor): Changed heap size ranges to be inclusive, 38977 since it makes the ranges easier to understand. 38978 38979 Bumped up the max cell size to support the use case in this bug. Since the 38980 atomSize is much bigger than it used to be, there isn't much accounting 38981 cost to handling more size classes. 38982 38983 Switched to FixedArray, to help catch SizeClass indexing bugs in the future. 38984 38985 * heap/MarkedSpace.cpp: 38986 (JSC::MarkedSpace::MarkedSpace): 38987 (JSC::MarkedSpace::resetAllocator): 38988 (JSC::MarkedSpace::canonicalizeCellLivenessData): Updated for size ranges 38989 being inclusive. 38990 389912011-09-30 Pierre Rossi <pierre.rossi@gmail.com> 38992 38993 [Qt] Build fix: Qt::escape is deprecated in Qt5 38994 https://bugs.webkit.org/show_bug.cgi?id=69162 38995 38996 Use QString::toHtmlEscaped in the Qt5 case. 38997 38998 Reviewed by Andreas Kling. 38999 39000 * JavaScriptCore.pri: 39001 * wtf/qt/UtilsQt.h: Added. 39002 (escapeHtml): 39003 * wtf/wtf.pri: 39004 390052011-09-30 Yuqiang Xian <yuqiang.xian@intel.com> 39006 39007 Fix bug in getHostCallReturnValue of DFG JIT on X86 39008 https://bugs.webkit.org/show_bug.cgi?id=69133 39009 39010 Reviewed by Gavin Barraclough. 39011 39012 We need to insert the additional argument in the stack slot before 39013 return address instead of simply pushing it afterwards. 39014 Also getHostCallReturnValue* should be attributed as stdcall 39015 to make the stack cleaned up by the callee. 39016 39017 * dfg/DFGOperations.cpp: 39018 390192011-09-30 Pierre Rossi <pierre.rossi@gmail.com> 39020 39021 [Qt] wtf header files are unknown to Qt Creator 39022 https://bugs.webkit.org/show_bug.cgi?id=69158 39023 39024 Adding the HEADERS variable in wtf.pri so that 39025 the header files can be accessed easily. 39026 39027 Reviewed by Andreas Kling. 39028 39029 * wtf/wtf.pri: 39030 390312011-09-30 Gavin Barraclough <barraclough@apple.com> 39032 39033 Merge some more of DFGSpeculativeJIT 32_64/64 39034 https://bugs.webkit.org/show_bug.cgi?id=69164 39035 39036 Reviewed by Oliver Hunt. 39037 39038 * dfg/DFGJITCodeGenerator.h: 39039 * dfg/DFGJITCodeGenerator32_64.cpp: 39040 * dfg/DFGJITCodeGenerator64.cpp: 39041 * dfg/DFGSpeculativeJIT.cpp: 39042 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 39043 * dfg/DFGSpeculativeJIT.h: 39044 * dfg/DFGSpeculativeJIT32_64.cpp: 39045 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 39046 (JSC::DFG::SpeculativeJIT::compare): 39047 (JSC::DFG::SpeculativeJIT::compileValueAdd): 39048 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 39049 (JSC::DFG::SpeculativeJIT::compile): 39050 * dfg/DFGSpeculativeJIT64.cpp: 39051 (JSC::DFG::SpeculativeJIT::compare): 39052 (JSC::DFG::SpeculativeJIT::compileValueAdd): 39053 (JSC::DFG::SpeculativeJIT::compileLogicalNot): 39054 (JSC::DFG::SpeculativeJIT::compile): 39055 390562011-09-30 Mark Hahnenberg <mhahnenberg@apple.com> 39057 39058 Add getCallData to MethodTable in ClassInfo 39059 https://bugs.webkit.org/show_bug.cgi?id=69024 39060 39061 Reviewed by Sam Weinig. 39062 39063 * JavaScriptCore.exp: 39064 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 39065 39066 Added the getCallData to the MethodTable in the ClassInfo struct. 39067 * runtime/ClassInfo.h: 39068 390692011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> 39070 39071 Add op_call/op_constructor support to JSVALUE32_64 DFG JIT 39072 https://bugs.webkit.org/show_bug.cgi?id=69120 39073 39074 Reviewed by Gavin Barraclough. 39075 39076 Improve the coverage of JSVALUE32_64 DFG JIT. 39077 39078 * dfg/DFGByteCodeParser.cpp: 39079 (JSC::DFG::ByteCodeParser::parseBlock): 39080 * dfg/DFGCapabilities.h: 39081 (JSC::DFG::canCompileOpcode): 39082 * dfg/DFGJITCodeGenerator.h: 39083 (JSC::DFG::tagOfCallData): 39084 (JSC::DFG::payloadOfCallData): 39085 * dfg/DFGJITCodeGenerator32_64.cpp: 39086 (JSC::DFG::JITCodeGenerator::emitCall): 39087 390882011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> 39089 39090 DFG JIT - register not unlocked after usage in ArithDiv 39091 https://bugs.webkit.org/show_bug.cgi?id=69122 39092 39093 Reviewed by Geoffrey Garen. 39094 39095 Some allocated register is not unlocked after the usage in ArithDiv. 39096 Also there's a typo in "ENBALE_DFG_CONSISTENTCY_CHECK". 39097 39098 * dfg/DFGNode.h: 39099 * dfg/DFGSpeculativeJIT32_64.cpp: 39100 (JSC::DFG::SpeculativeJIT::compile): 39101 * dfg/DFGSpeculativeJIT64.cpp: 39102 (JSC::DFG::SpeculativeJIT::compile): 39103 391042011-09-29 Mark Hahnenberg <mhahnenberg@apple.com> 39105 39106 De-virtualize JSCell::toObject 39107 https://bugs.webkit.org/show_bug.cgi?id=68937 39108 39109 Reviewed by Darin Adler. 39110 39111 * JavaScriptCore.exp: 39112 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 39113 39114 De-virtualized JSCell::toObject and changed its implementation to manually check the 39115 cases for JSString and JSObject rather than leaving it up to the virtual method call. 39116 * runtime/JSCell.cpp: 39117 (JSC::JSCell::toObject): 39118 * runtime/JSCell.h: 39119 39120 Removed JSNotAnObject::toObject because the case for JSObject works for it. 39121 Also removed JSObject::toObject because it was essentially the identity function, 39122 which is not necessary since toObject is no longer virtual. 39123 * runtime/JSNotAnObject.cpp: 39124 * runtime/JSNotAnObject.h: 39125 * runtime/JSObject.cpp: 39126 * runtime/JSObject.h: 39127 39128 De-virtualized JSObject::toObject and JSString::toObject. 39129 * runtime/JSString.h: 39130 391312011-09-29 Gavin Barraclough <barraclough@apple.com> 39132 39133 Start refactoring DFGSpeculativeJIT 39134 https://bugs.webkit.org/show_bug.cgi?id=69112 39135 39136 Reviewed by Oliver Hunt. 39137 39138 Again, move JSVALUE64 code into a DFJSpeculativeJIT64.cpp 39139 39140 * JavaScriptCore.xcodeproj/project.pbxproj: 39141 * dfg/DFGSpeculativeJIT.cpp: 39142 (JSC::DFG::ValueSource::dump): 39143 (JSC::DFG::ValueRecovery::dump): 39144 (JSC::DFG::OSRExit::OSRExit): 39145 (JSC::DFG::OSRExit::dump): 39146 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): 39147 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 39148 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 39149 (JSC::DFG::SpeculativeJIT::compile): 39150 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 39151 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 39152 * dfg/DFGSpeculativeJIT.h: 39153 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): 39154 * dfg/DFGSpeculativeJIT32_64.cpp: 39155 (JSC::DFG::SpeculativeJIT::compare): 39156 * dfg/DFGSpeculativeJIT64.cpp: Copied from Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp. 39157 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 39158 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 39159 (JSC::DFG::SpeculativeJIT::compile): 39160 391612011-09-29 Gavin Barraclough <barraclough@apple.com> 39162 39163 Refactor out trivially duplicated code in DFGJITCodeGenerator. 39164 https://bugs.webkit.org/show_bug.cgi?id=69109 39165 39166 Reviewed by Oliver Hunt. 39167 39168 Some code is trivially redundant between DFGJITCodeGenerator.cpp & DFGJITCodeGenerator32_64.cpp 39169 39170 Basically move a JSVALUE64 specific code into a new DFGJITCodeGenerator64.cpp, leave common code 39171 in DFGJITCodeGenerator.cpp, and remove copies from DFGJITCodeGenerator32_64.cpp. 39172 39173 For some function differences are trivial & make more sense to ifdef individually, and some 39174 Operand methods make more sense left in DFGJITCodeGenerator.cpp alongside similar constructors. 39175 39176 * JavaScriptCore.xcodeproj/project.pbxproj: 39177 * dfg/DFGJITCodeGenerator.cpp: 39178 (JSC::DFG::JITCodeGenerator::isKnownNotNumber): 39179 (JSC::DFG::JITCodeGenerator::isKnownBoolean): 39180 (JSC::DFG::JITCodeGenerator::writeBarrier): 39181 (JSC::DFG::JITCodeGenerator::dump): 39182 (JSC::DFG::JITCodeGenerator::checkConsistency): 39183 (JSC::DFG::GPRTemporary::GPRTemporary): 39184 (JSC::DFG::FPRTemporary::FPRTemporary): 39185 * dfg/DFGJITCodeGenerator32_64.cpp: 39186 * dfg/DFGJITCodeGenerator64.cpp: Copied from Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp. 39187 * dfg/DFGJITCompiler.h: 39188 (JSC::DFG::JITCompiler::branchIfNotCell): 39189 * dfg/DFGJITCompilerInlineMethods.h: 39190 391912011-09-28 Filip Pizlo <fpizlo@apple.com> 39192 39193 DFG JIT should infer which uses of a variable are not aliased 39194 https://bugs.webkit.org/show_bug.cgi?id=68593 39195 39196 Reviewed by Oliver Hunt. 39197 39198 This separates how a variable is stored (i.e. its virtual register) 39199 from how it's predicted. Each variable now takes a 39200 VariableAccessData as its operand, instead of the virtual register. 39201 The VariableAccessData stores the operand and the prediction. If 39202 multiple uses of a variable are aliased, their VariableAccessDatas 39203 are unified. 39204 39205 This also adds tracking of which argument values are used. It 39206 correctly observes that an argument value is not used, if the 39207 argument is assigned to inside the function before being used. 39208 39209 This also adds tracking of which variables are live at the head of 39210 a basic block, and separates that from a variable being live at the 39211 tail. 39212 39213 Finally, this communicates to both OSR entry and OSR exit code how 39214 a variable is predicted at a particular point in the code, rather 39215 than just communicating how it was predicted in the entire code 39216 block (since with this patch there is no longer the notion of a 39217 variable having just one prediction for a code block). 39218 39219 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 39220 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 39221 * JavaScriptCore.xcodeproj/project.pbxproj: 39222 * bytecode/ActionablePrediction.h: Added. 39223 (JSC::actionablePredictionFromPredictedType): 39224 (JSC::valueObeysPrediction): 39225 (JSC::actionablePredictionToString): 39226 (JSC::ActionablePredictions::ActionablePredictions): 39227 (JSC::ActionablePredictions::setArgument): 39228 (JSC::ActionablePredictions::argument): 39229 (JSC::ActionablePredictions::setVariable): 39230 (JSC::ActionablePredictions::variable): 39231 (JSC::ActionablePredictions::argumentUpperBound): 39232 (JSC::ActionablePredictions::variableUpperBound): 39233 (JSC::ActionablePredictions::pack): 39234 (JSC::ActionablePredictions::packVector): 39235 * bytecode/CodeBlock.h: 39236 * bytecode/PredictionTracker.h: 39237 * dfg/DFGByteCodeParser.cpp: 39238 (JSC::DFG::ByteCodeParser::newVariableAccessData): 39239 (JSC::DFG::ByteCodeParser::getLocal): 39240 (JSC::DFG::ByteCodeParser::setLocal): 39241 (JSC::DFG::ByteCodeParser::getArgument): 39242 (JSC::DFG::ByteCodeParser::setArgument): 39243 (JSC::DFG::ByteCodeParser::parseBlock): 39244 (JSC::DFG::ByteCodeParser::processPhiStack): 39245 (JSC::DFG::ByteCodeParser::parse): 39246 * dfg/DFGDriver.cpp: 39247 (JSC::DFG::compile): 39248 * dfg/DFGGraph.cpp: 39249 (JSC::DFG::Graph::nameOfVariableAccessData): 39250 (JSC::DFG::Graph::dump): 39251 (JSC::DFG::Graph::predictArgumentTypes): 39252 * dfg/DFGGraph.h: 39253 (JSC::DFG::operandIsArgument): 39254 (JSC::DFG::VariableRecord::setFirstTime): 39255 (JSC::DFG::BasicBlock::BasicBlock): 39256 (JSC::DFG::Graph::predict): 39257 (JSC::DFG::Graph::getPrediction): 39258 * dfg/DFGJITCompiler.h: 39259 (JSC::DFG::JITCompiler::noticeOSREntry): 39260 * dfg/DFGNode.h: 39261 (JSC::DFG::Node::hasVariableAccessData): 39262 (JSC::DFG::Node::hasLocal): 39263 (JSC::DFG::Node::variableAccessData): 39264 (JSC::DFG::Node::local): 39265 * dfg/DFGOSREntry.cpp: 39266 (JSC::DFG::prepareOSREntry): 39267 * dfg/DFGOSREntry.h: 39268 * dfg/DFGPropagator.cpp: 39269 (JSC::DFG::Propagator::propagateNodePredictions): 39270 * dfg/DFGSpeculativeJIT.cpp: 39271 (JSC::DFG::ValueSource::dump): 39272 (JSC::DFG::OSRExit::OSRExit): 39273 (JSC::DFG::SpeculativeJIT::compile): 39274 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 39275 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 39276 * dfg/DFGSpeculativeJIT.h: 39277 (JSC::DFG::ValueSource::ValueSource): 39278 (JSC::DFG::ValueSource::forPrediction): 39279 (JSC::DFG::ValueSource::isSet): 39280 (JSC::DFG::ValueSource::kind): 39281 (JSC::DFG::ValueSource::nodeIndex): 39282 (JSC::DFG::ValueSource::nodeIndexFromKind): 39283 (JSC::DFG::ValueSource::kindFromNodeIndex): 39284 (JSC::DFG::SpeculativeJIT::isKnownArray): 39285 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 39286 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 39287 * dfg/DFGSpeculativeJIT32_64.cpp: 39288 (JSC::DFG::OSRExit::OSRExit): 39289 (JSC::DFG::SpeculativeJIT::compile): 39290 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 39291 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 39292 * wtf/PackedIntVector.h: Added. 39293 (WTF::PackedIntVector::PackedIntVector): 39294 (WTF::PackedIntVector::operator=): 39295 (WTF::PackedIntVector::size): 39296 (WTF::PackedIntVector::ensureSize): 39297 (WTF::PackedIntVector::resize): 39298 (WTF::PackedIntVector::clearAll): 39299 (WTF::PackedIntVector::get): 39300 (WTF::PackedIntVector::set): 39301 (WTF::PackedIntVector::mask): 39302 * wtf/Platform.h: 39303 * wtf/UnionFind.h: Added. 39304 (WTF::UnionFind::UnionFind): 39305 (WTF::UnionFind::find): 39306 (WTF::UnionFind::unify): 39307 393082011-09-29 Oliver Hunt <oliver@apple.com> 39309 39310 Build fix. 39311 39312 * heap/AllocationSpace.h: 39313 393142011-09-29 Oliver Hunt <oliver@apple.com> 39315 39316 Add logic to collect dirty objects as roots 39317 https://bugs.webkit.org/show_bug.cgi?id=69100 39318 39319 Reviewed by Geoff Garen. 39320 39321 This gives us the ability to walk all the MarkedBlocks in an 39322 AllocationSpace and collect the dirty objects, and then use 39323 them as GC roots. 39324 39325 I also rearranged the order of these instructions because it 39326 makes them smaller on some platforms with some card sizes. 39327 39328 * dfg/DFGJITCodeGenerator.cpp: 39329 (JSC::DFG::JITCodeGenerator::markCellCard): 39330 * dfg/DFGJITCodeGenerator32_64.cpp: 39331 (JSC::DFG::JITCodeGenerator::markCellCard): 39332 * heap/AllocationSpace.cpp: 39333 Tidy up the write barrier logic a bit. 39334 (JSC::MarkedBlock::gatherDirtyObjects): 39335 (JSC::TakeIfDirty::returnValue): 39336 (JSC::TakeIfDirty::TakeIfDirty): 39337 (JSC::TakeIfDirty::operator()): 39338 (JSC::AllocationSpace::gatherDirtyObjects): 39339 * heap/AllocationSpace.h: 39340 * heap/CardSet.h: 39341 (JSC::::isCardMarked): 39342 (JSC::::clearCard): 39343 * heap/Heap.cpp: 39344 (JSC::Heap::markRoots): 39345 * heap/Heap.h: 39346 (JSC::Heap::writeBarrier): 39347 * heap/MarkStack.cpp: 39348 (JSC::SlotVisitor::visitChildren): 39349 * heap/MarkedBlock.h: 39350 (JSC::MarkedBlock::setDirtyObject): 39351 (JSC::MarkedBlock::addressOfCardFor): 39352 * heap/SlotVisitor.h: 39353 * jit/JITPropertyAccess.cpp: 39354 (JSC::JIT::emitWriteBarrier): 39355 Tidy the write barrier a bit. 39356 393572011-09-29 Gavin Barraclough <barraclough@apple.com> 39358 39359 Unreviewed windows build fix. 39360 39361 * assembler/MacroAssemblerCodeRef.h: 39362 * dfg/DFGOperations.h: 39363 393642011-09-29 Filip Pizlo <fpizlo@apple.com> 39365 39366 Structure transitions involving many (> 64) properties sometimes cause structure corruption 39367 https://bugs.webkit.org/show_bug.cgi?id=69102 39368 39369 Reviewed by Darin Adler. 39370 39371 Made m_offset an int instead of a signed char. Changed the code to ensure that transitions 39372 don't lead to the dictionary kind being forgotten. 39373 39374 * runtime/Structure.cpp: 39375 (JSC::Structure::Structure): 39376 * runtime/Structure.h: 39377 393782011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> 39379 39380 DFG operation calls should be stdcall in Linux JSVALUE32_64 DFG JIT 39381 https://bugs.webkit.org/show_bug.cgi?id=69058 39382 39383 Reviewed by Gavin Barraclough. 39384 39385 Also Fixed the stdcall FunctionPtr constructors to make them compiled correctly on Linux 39386 39387 * assembler/MacroAssemblerCodeRef.h: 39388 (JSC::FunctionPtr::FunctionPtr): 39389 393902011-09-29 Mark Hahnenberg <mhahnenberg@apple.com> 39391 39392 De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods 39393 https://bugs.webkit.org/show_bug.cgi?id=68839 39394 39395 Reviewed by Geoffrey Garen. 39396 39397 Removed the remaining visitChildrenVirtual methods. This patch completes the process of 39398 de-virtualizing visitChildren. 39399 39400 * API/JSCallbackObject.h: 39401 * JavaScriptCore.exp: 39402 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 39403 * debugger/DebuggerActivation.cpp: 39404 * debugger/DebuggerActivation.h: 39405 * runtime/Arguments.cpp: 39406 * runtime/Arguments.h: 39407 * runtime/Executable.cpp: 39408 * runtime/Executable.h: 39409 * runtime/GetterSetter.cpp: 39410 * runtime/GetterSetter.h: 39411 * runtime/JSActivation.cpp: 39412 * runtime/JSActivation.h: 39413 * runtime/JSArray.cpp: 39414 * runtime/JSArray.h: 39415 * runtime/JSFunction.cpp: 39416 * runtime/JSFunction.h: 39417 * runtime/JSGlobalObject.cpp: 39418 * runtime/JSGlobalObject.h: 39419 * runtime/JSObject.cpp: 39420 * runtime/JSPropertyNameIterator.cpp: 39421 * runtime/JSPropertyNameIterator.h: 39422 * runtime/JSStaticScopeObject.cpp: 39423 * runtime/JSStaticScopeObject.h: 39424 * runtime/JSValue.h: 39425 * runtime/NativeErrorConstructor.cpp: 39426 * runtime/NativeErrorConstructor.h: 39427 * runtime/RegExpObject.cpp: 39428 * runtime/RegExpObject.h: 39429 * runtime/Structure.cpp: 39430 * runtime/Structure.h: 39431 * runtime/StructureChain.cpp: 39432 * runtime/StructureChain.h: 39433 39434 Inlined the method table access and call to the visitChildren function (the only call sites 39435 to visitChildren are here). 39436 * heap/MarkStack.cpp: 39437 (JSC::SlotVisitor::visitChildren): 39438 39439 Changed the field name for the visitChildren function pointer to visitChildren (from 39440 visitChildrenFunctionPtr) to make call sites less verbose. 39441 * runtime/ClassInfo.h: 39442 39443 Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but 39444 overrides visitChildren, so it needs to have its own ClassInfo. 39445 * runtime/JSBoundFunction.cpp: 39446 * runtime/JSBoundFunction.h: 39447 39448 Had to move className up to make sure that the virtual destructor in JSObject wasn't 39449 the first non-inline virtual method in JSObject (as per the comment in the file). 39450 Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able 39451 to mitigate the cost of an extra method call. 39452 39453 Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make 39454 call sites more concise. Implementation is inline in JSObject.h. 39455 * runtime/JSObject.h: 39456 (JSC::JSCell::methodTable): 39457 * runtime/JSCell.h: 39458 39459 Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to 39460 appease the vtable gods. It refused to compile if there were no virtual methods in 39461 both of these classes due to the presence of a weak vtable pointer. 39462 * runtime/JSWrapperObject.cpp: 39463 (JSC::JSWrapperObject::~JSWrapperObject): 39464 * runtime/JSWrapperObject.h: 39465 * runtime/ScopeChain.cpp: 39466 (JSC::ScopeChainNode::~ScopeChainNode): 39467 * runtime/ScopeChain.h: 39468 394692011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> 39470 39471 Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT 39472 https://bugs.webkit.org/show_bug.cgi?id=69075 39473 39474 Reviewed by Gavin Barraclough. 39475 39476 * dfg/DFGSpeculativeJIT32_64.cpp: 39477 (JSC::DFG::SpeculativeJIT::compile): 39478 394792011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> 39480 39481 JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor 39482 https://bugs.webkit.org/show_bug.cgi?id=69054 39483 39484 Reviewed by Gavin Barraclough. 39485 39486 size_t is equal to uint32_t on most 32-bit platforms, except for Mac OS. 39487 39488 * dfg/DFGNode.h: 39489 394902011-09-28 Filip Pizlo <fpizlo@apple.com> 39491 39492 DFG checkArgumentTypes fails to check boolean predictions 39493 https://bugs.webkit.org/show_bug.cgi?id=69059 39494 39495 Reviewed by Gavin Barraclough. 39496 39497 * dfg/DFGSpeculativeJIT.cpp: 39498 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 39499 * dfg/DFGSpeculativeJIT32_64.cpp: 39500 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 39501 395022011-09-28 Gavin Barraclough <barraclough@apple.com> 39503 39504 Build fix pt 2 for r96286. 39505 39506 * assembler/MacroAssemblerCodeRef.h: 39507 395082011-09-28 Ryosuke Niwa <rniwa@webkit.org> 39509 39510 Build fix attempt for r96286. 39511 39512 * assembler/MacroAssemblerCodeRef.h: 39513 395142011-09-28 Gavin Barraclough <barraclough@apple.com> 39515 39516 DFG JIT Operations on 32_64 should use stdcall calling convention. 39517 https://bugs.webkit.org/show_bug.cgi?id=69046 39518 39519 Reviewed by Sam Weinig. 39520 39521 All calls out are expecting stdcall conventions, but the default on OS X are cdecl. 39522 Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link 39523 directly to std library functions like fmod - leave these calls obeying the default 39524 platform calling convention. 39525 39526 * assembler/MacroAssemblerCodeRef.h: 39527 (JSC::FunctionPtr::FunctionPtr): 39528 - Add implicit constructors for std calls. 39529 * dfg/DFGJITCodeGenerator.h: 39530 (JSC::DFG::callOperation): 39531 - Make this work non-Mac platforms. 39532 * dfg/DFGOperations.cpp: 39533 (JSC::DFG::operationPutByValInternal): 39534 * dfg/DFGOperations.h: 39535 - Mark all operations as stdcalls. 39536 395372011-09-28 Filip Pizlo <fpizlo@apple.com> 39538 39539 DFG JIT falls back on numerical comparisons when it does not 39540 recognize a prediction 39541 https://bugs.webkit.org/show_bug.cgi?id=68977 39542 39543 Reviewed by Geoffrey Garen. 39544 39545 This fixes both the way comparison implementations are selected. It 39546 also fixes a bug where comparisons other than equality (like < or >) 39547 on objects are compiled as if the comparison was equality. 39548 39549 * dfg/DFGSpeculativeJIT.cpp: 39550 (JSC::DFG::SpeculativeJIT::compare): 39551 395522011-09-28 Gavin Barraclough <barraclough@apple.com> 39553 39554 Implement callOperation(D_DFGOperation_DD) for DFG JIT 32_64 39555 https://bugs.webkit.org/show_bug.cgi?id=69026 39556 39557 Reviewed by Sam Weinig. 39558 39559 * assembler/X86Assembler.h: 39560 (JSC::X86Assembler::fstpl): 39561 * dfg/DFGJITCodeGenerator.h: 39562 (JSC::DFG::callOperation): 39563 395642011-09-28 Gavin Barraclough <barraclough@apple.com> 39565 39566 Merge bug#68580, bug#68932 for DFG JIT with JSVALUE32_64 39567 https://bugs.webkit.org/show_bug.cgi?id=69017 39568 39569 Reviewed by Oliver Hunt. 39570 39571 * dfg/DFGJITCodeGenerator.h: 39572 (JSC::DFG::callOperation): 39573 * dfg/DFGOperations.cpp: 39574 * dfg/DFGSpeculativeJIT.cpp: 39575 (JSC::DFG::SpeculativeJIT::compile): 39576 * dfg/DFGSpeculativeJIT32_64.cpp: 39577 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): 39578 (JSC::DFG::SpeculativeJIT::compile): 39579 395802011-09-28 Gavin Barraclough <barraclough@apple.com> 39581 39582 https://bugs.webkit.org/show_bug.cgi?id=64679 39583 Fix bugs in Array.prototype this handling. 39584 39585 Reviewed by Oliver Hunt. 39586 39587 * runtime/ArrayPrototype.cpp: 39588 (JSC::arrayProtoFuncJoin): 39589 (JSC::arrayProtoFuncConcat): 39590 (JSC::arrayProtoFuncPop): 39591 (JSC::arrayProtoFuncPush): 39592 (JSC::arrayProtoFuncReverse): 39593 (JSC::arrayProtoFuncShift): 39594 (JSC::arrayProtoFuncSlice): 39595 (JSC::arrayProtoFuncSort): 39596 (JSC::arrayProtoFuncSplice): 39597 (JSC::arrayProtoFuncUnShift): 39598 (JSC::arrayProtoFuncFilter): 39599 (JSC::arrayProtoFuncMap): 39600 (JSC::arrayProtoFuncEvery): 39601 (JSC::arrayProtoFuncForEach): 39602 (JSC::arrayProtoFuncSome): 39603 (JSC::arrayProtoFuncReduce): 39604 (JSC::arrayProtoFuncReduceRight): 39605 (JSC::arrayProtoFuncIndexOf): 39606 (JSC::arrayProtoFuncLastIndexOf): 39607 - These methods should throw if this value is undefined. 39608 396092011-09-27 Yuqiang Xian <yuqiang.xian@intel.com> 39610 39611 Value profiling in baseline JIT for JSVALUE32_64 39612 https://bugs.webkit.org/show_bug.cgi?id=68750 39613 39614 Reviewed by Geoff Garen. 39615 39616 * jit/JITArithmetic32_64.cpp: 39617 (JSC::JIT::emit_op_mul): 39618 (JSC::JIT::emit_op_div): 39619 * jit/JITCall32_64.cpp: 39620 (JSC::JIT::emit_op_call_put_result): 39621 * jit/JITOpcodes32_64.cpp: 39622 (JSC::JIT::emit_op_resolve): 39623 (JSC::JIT::emit_op_resolve_base): 39624 (JSC::JIT::emit_op_resolve_skip): 39625 (JSC::JIT::emit_op_resolve_global): 39626 (JSC::JIT::emitSlow_op_resolve_global): 39627 (JSC::JIT::emit_op_resolve_with_base): 39628 (JSC::JIT::emit_op_resolve_with_this): 39629 * jit/JITPropertyAccess32_64.cpp: 39630 (JSC::JIT::emit_op_method_check): 39631 (JSC::JIT::emit_op_get_by_val): 39632 (JSC::JIT::emitSlow_op_get_by_val): 39633 (JSC::JIT::emit_op_get_by_id): 39634 (JSC::JIT::emitSlow_op_get_by_id): 39635 (JSC::JIT::emit_op_get_scoped_var): 39636 (JSC::JIT::emit_op_get_global_var): 39637 * jit/JITStubCall.h: 39638 (JSC::JITStubCall::callWithValueProfiling): 39639 396402011-09-28 Yuqiang Xian <yuqiang.xian@intel.com> 39641 39642 Wrong integer checks in JSVALUE32_64 DFG JIT 39643 https://bugs.webkit.org/show_bug.cgi?id=68985 39644 39645 Reviewed by Geoffrey Garen. 39646 39647 * dfg/DFGJITCodeGenerator32_64.cpp: 39648 (JSC::DFG::JITCodeGenerator::fillDouble): 39649 * dfg/DFGSpeculativeJIT32_64.cpp: 39650 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 39651 396522011-09-28 Adam Barth <abarth@webkit.org> 39653 39654 Remove empty directories. 39655 39656 * wtf/brew: Removed. 39657 * wtf/unicode/brew: Removed. 39658 396592011-09-27 Filip Pizlo <fpizlo@apple.com> 39660 39661 DFG JIT cannot compile op_new_object, op_new_array, 39662 op_new_array_buffer, or op_new_regexp 39663 https://bugs.webkit.org/show_bug.cgi?id=68580 39664 39665 Reviewed by Oliver Hunt. 39666 39667 This implements all four opcodes, but has op_new_regexp turns off 39668 by default because it unveils some bad speculation logic when 39669 compiling string-validate-input. 39670 39671 With op_new_regexp turned off, this is a 5% win on Kraken and a 39672 0.7% speed-up on V8. Neutral on SunSpider. 39673 39674 * dfg/DFGByteCodeParser.cpp: 39675 (JSC::DFG::ByteCodeParser::parseBlock): 39676 * dfg/DFGCapabilities.h: 39677 (JSC::DFG::canCompileOpcode): 39678 * dfg/DFGJITCodeGenerator.h: 39679 (JSC::DFG::callOperation): 39680 * dfg/DFGNode.h: 39681 (JSC::DFG::Node::hasConstantBuffer): 39682 (JSC::DFG::Node::startConstant): 39683 (JSC::DFG::Node::numConstants): 39684 (JSC::DFG::Node::hasRegexpIndex): 39685 (JSC::DFG::Node::regexpIndex): 39686 * dfg/DFGOperations.cpp: 39687 * dfg/DFGOperations.h: 39688 * dfg/DFGPropagator.cpp: 39689 (JSC::DFG::Propagator::propagateNodePredictions): 39690 * dfg/DFGSpeculativeJIT.cpp: 39691 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): 39692 (JSC::DFG::SpeculativeJIT::compile): 39693 * dfg/DFGSpeculativeJIT.h: 39694 (JSC::DFG::SpeculativeJIT::isKnownArray): 39695 396962011-09-27 Filip Pizlo <fpizlo@apple.com> 39697 39698 DFG JIT should speculate more aggressively on reads of array.length 39699 https://bugs.webkit.org/show_bug.cgi?id=68932 39700 39701 Reviewed by Oliver Hunt. 39702 39703 This is a 2% speed-up on Kraken, neutral elsewhere. 39704 39705 * dfg/DFGNode.h: 39706 * dfg/DFGPropagator.cpp: 39707 (JSC::DFG::Propagator::propagateNodePredictions): 39708 (JSC::DFG::Propagator::fixupNode): 39709 (JSC::DFG::Propagator::performNodeCSE): 39710 * dfg/DFGSpeculativeJIT.cpp: 39711 (JSC::DFG::SpeculativeJIT::compile): 39712 397132011-09-27 Gavin Barraclough <barraclough@apple.com> 39714 39715 DFG JIT - merge changes between 95905 - 96175 39716 https://bugs.webkit.org/show_bug.cgi?id=68963 39717 39718 Reviewed by Sam Weinig. 39719 39720 Merge missing changes from bug#68677, bug#68784, bug#68785. 39721 39722 * dfg/DFGJITCompiler32_64.cpp: 39723 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 39724 (JSC::DFG::JITCompiler::compileEntry): 39725 (JSC::DFG::JITCompiler::compileBody): 39726 * dfg/DFGSpeculativeJIT32_64.cpp: 39727 (JSC::DFG::SpeculativeJIT::compile): 39728 397292011-09-27 Gavin Barraclough <barraclough@apple.com> 39730 39731 Get JSVALUE32_64 DFG JIT building on OS X. 39732 https://bugs.webkit.org/show_bug.cgi?id=68961 39733 39734 Reviewed by Geoff Garen. 39735 39736 * Merge bug #68763 (DFG JIT should not eagerly initialize integer tags in the register file). 39737 * Forward-declare functions in DFGOperations.cpp 39738 * UNUSED_PARAM for unused arguments 39739 * NO_RETURN for unimplemented function that ASSERT_NOT_REACHED 39740 * Fix argument types handled by OpInfo constructor. 39741 * Use SYMBOL_STRING instead of STRINGIZE for asm symbols. 39742 * Add files to Xcode project. 39743 397442011-09-27 Yuqiang Xian <yuqiang.xian@intel.com> 39745 39746 Bug fixes for GetById, PutById, and GetByOffset in JSVALUE32_64 DFG JIT 39747 https://bugs.webkit.org/show_bug.cgi?id=68755 39748 39749 Reviewed by Gavin Barraclough. 39750 39751 We need to load/store and repatch both tag and payload of a property 39752 for GetById/PutById. Also reorder the loads of tag and payload for 39753 GetByOffset as the result tag GPR could reuse the storage GPR. 39754 39755 * bytecode/StructureStubInfo.h: 39756 * dfg/DFGJITCodeGenerator32_64.cpp: 39757 (JSC::DFG::JITCodeGenerator::cachedGetById): 39758 (JSC::DFG::JITCodeGenerator::cachedPutById): 39759 * dfg/DFGJITCompiler.h: 39760 (JSC::DFG::JITCompiler::addPropertyAccess): 39761 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): 39762 * dfg/DFGJITCompiler32_64.cpp: 39763 (JSC::DFG::JITCompiler::link): 39764 * dfg/DFGRepatch.cpp: 39765 (JSC::DFG::dfgRepatchByIdSelfAccess): 39766 * dfg/DFGSpeculativeJIT32_64.cpp: 39767 (JSC::DFG::SpeculativeJIT::compile): 39768 397692011-09-24 Gavin Barraclough <barraclough@apple.com> 39770 39771 Macro assembler branch8 & 16 methods vary in treatment of upper bits 39772 https://bugs.webkit.org/show_bug.cgi?id=68301 39773 39774 Reviewed by Sam Weinig. 39775 39776 Fix for branch16 - remove it! 39777 No performance impact. 39778 39779 * assembler/MacroAssembler.h: 39780 * assembler/MacroAssemblerARM.h: 39781 * assembler/MacroAssemblerARMv7.h: 39782 * assembler/MacroAssemblerMIPS.h: 39783 * assembler/MacroAssemblerSH4.h: 39784 * assembler/MacroAssemblerX86Common.h: 39785 * yarr/YarrJIT.cpp: 39786 (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals): 39787 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 39788 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): 39789 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): 39790 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): 39791 397922011-09-27 Mark Hahnenberg <mhahnenberg@apple.com> 39793 39794 Add static version of JSCell::getCallData 39795 https://bugs.webkit.org/show_bug.cgi?id=68741 39796 39797 Reviewed by Darin Adler. 39798 39799 In this patch we just extract the bodies of the virtual getCallData methods 39800 throughout the JSCell inheritance hierarchy out into static methods, which are 39801 now called from the virtual methods. This is an intermediate step in trying to 39802 move the virtual-ness of getCallData into our own method table stored in 39803 ClassInfo. We need to convert the methods to static methods because static methods 39804 can be represented as function pointers rather than pointers to member functions, and 39805 function pointers are smaller and faster to call than pointers to member functions. 39806 39807 * API/JSCallbackFunction.cpp: 39808 (JSC::JSCallbackFunction::getCallDataVirtual): 39809 (JSC::JSCallbackFunction::getCallData): 39810 * API/JSCallbackFunction.h: 39811 * API/JSCallbackObject.h: 39812 * API/JSCallbackObjectFunctions.h: 39813 (JSC::::getCallDataVirtual): 39814 (JSC::::getCallData): 39815 * API/JSObjectRef.cpp: 39816 (JSObjectIsFunction): 39817 (JSObjectCallAsFunction): 39818 * JavaScriptCore.exp: 39819 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 39820 * interpreter/Interpreter.cpp: 39821 (JSC::Interpreter::privateExecute): 39822 * jit/JITStubs.cpp: 39823 (JSC::DEFINE_STUB_FUNCTION): 39824 * runtime/ArrayConstructor.cpp: 39825 (JSC::ArrayConstructor::getCallDataVirtual): 39826 (JSC::ArrayConstructor::getCallData): 39827 * runtime/ArrayConstructor.h: 39828 * runtime/BooleanConstructor.cpp: 39829 (JSC::BooleanConstructor::getCallDataVirtual): 39830 (JSC::BooleanConstructor::getCallData): 39831 * runtime/BooleanConstructor.h: 39832 * runtime/DateConstructor.cpp: 39833 (JSC::DateConstructor::getCallDataVirtual): 39834 (JSC::DateConstructor::getCallData): 39835 * runtime/DateConstructor.h: 39836 * runtime/Error.cpp: 39837 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual): 39838 (JSC::StrictModeTypeErrorFunction::getCallData): 39839 * runtime/ErrorConstructor.cpp: 39840 (JSC::ErrorConstructor::getCallDataVirtual): 39841 (JSC::ErrorConstructor::getCallData): 39842 * runtime/ErrorConstructor.h: 39843 * runtime/FunctionConstructor.cpp: 39844 (JSC::FunctionConstructor::getCallDataVirtual): 39845 (JSC::FunctionConstructor::getCallData): 39846 * runtime/FunctionConstructor.h: 39847 * runtime/FunctionPrototype.cpp: 39848 (JSC::FunctionPrototype::getCallDataVirtual): 39849 (JSC::FunctionPrototype::getCallData): 39850 * runtime/FunctionPrototype.h: 39851 * runtime/InternalFunction.h: 39852 * runtime/JSCell.cpp: 39853 (JSC::JSCell::getCallDataVirtual): 39854 (JSC::JSCell::getCallData): 39855 * runtime/JSCell.h: 39856 (JSC::getCallData): 39857 * runtime/JSFunction.cpp: 39858 (JSC::JSFunction::getCallDataVirtual): 39859 (JSC::JSFunction::getCallData): 39860 * runtime/JSFunction.h: 39861 * runtime/JSONObject.cpp: 39862 (JSC::Stringifier::Stringifier): 39863 (JSC::Stringifier::toJSON): 39864 (JSC::Stringifier::appendStringifiedValue): 39865 * runtime/JSObject.cpp: 39866 (JSC::JSObject::put): 39867 * runtime/NativeErrorConstructor.cpp: 39868 (JSC::NativeErrorConstructor::getCallDataVirtual): 39869 (JSC::NativeErrorConstructor::getCallData): 39870 * runtime/NativeErrorConstructor.h: 39871 * runtime/NumberConstructor.cpp: 39872 (JSC::NumberConstructor::getCallDataVirtual): 39873 (JSC::NumberConstructor::getCallData): 39874 * runtime/NumberConstructor.h: 39875 * runtime/ObjectConstructor.cpp: 39876 (JSC::ObjectConstructor::getCallDataVirtual): 39877 (JSC::ObjectConstructor::getCallData): 39878 * runtime/ObjectConstructor.h: 39879 * runtime/Operations.cpp: 39880 (JSC::jsTypeStringForValue): 39881 (JSC::jsIsObjectType): 39882 (JSC::jsIsFunctionType): 39883 * runtime/PropertySlot.cpp: 39884 (JSC::PropertySlot::functionGetter): 39885 * runtime/RegExpConstructor.cpp: 39886 (JSC::RegExpConstructor::getCallDataVirtual): 39887 (JSC::RegExpConstructor::getCallData): 39888 * runtime/RegExpConstructor.h: 39889 * runtime/StringConstructor.cpp: 39890 (JSC::StringConstructor::getCallDataVirtual): 39891 (JSC::StringConstructor::getCallData): 39892 * runtime/StringConstructor.h: 39893 398942011-09-27 Tim Horton <timothy_horton@apple.com> 39895 39896 Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption 39897 https://bugs.webkit.org/show_bug.cgi?id=68816 39898 <rdar://problem/10186468> 39899 39900 Reviewed by Simon Fraser. 39901 39902 Add ByteArray::clear, which zeros the memory in the ByteArray. 39903 39904 * wtf/ByteArray.h: 39905 (WTF::ByteArray::clear): Added. 39906 399072011-09-27 Sheriff Bot <webkit.review.bot@gmail.com> 39908 39909 Unreviewed, rolling out r96131. 39910 http://trac.webkit.org/changeset/96131 39911 https://bugs.webkit.org/show_bug.cgi?id=68927 39912 39913 It made 18+ tests crash on all platform (Requested by 39914 Ossy_night on #webkit). 39915 39916 * JavaScriptCore.exp: 39917 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 39918 * interpreter/Interpreter.cpp: 39919 (JSC::Interpreter::throwException): 39920 * interpreter/Interpreter.h: 39921 * jsc.cpp: 39922 (GlobalObject::finishCreation): 39923 * parser/Parser.h: 39924 (JSC::Parser::parse): 39925 * runtime/CommonIdentifiers.h: 39926 * runtime/Error.cpp: 39927 (JSC::addErrorInfo): 39928 * runtime/Error.h: 39929 399302011-09-27 Mark Hahnenberg <mhahnenberg@apple.com> 39931 39932 De-virtualize JSCell::getPrimitiveNumber 39933 https://bugs.webkit.org/show_bug.cgi?id=68851 39934 39935 Reviewed by Darin Adler. 39936 39937 * JavaScriptCore.exp: 39938 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 39939 39940 Changed JSCell::getPrimitiveNumber to manually handle the dispatch for 39941 JSCells (JSObject and JSString in this case). 39942 * runtime/JSCell.cpp: 39943 (JSC::JSCell::getPrimitiveNumber): 39944 * runtime/JSCell.h: 39945 39946 Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't 39947 matter and it already implements defaultValue, so JSObject::getPrimitiveNumber 39948 can cover the case for JSNotAnObject. 39949 * runtime/JSNotAnObject.cpp: 39950 * runtime/JSNotAnObject.h: 39951 39952 De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber 39953 and changed them to be const. Also made JSString::getPrimitiveNumber public 39954 because it needs to be called from JSCell::getPrimitiveNumber and also since it's 39955 no longer virtual, we want people who have a more specific pointer (JSString* 39956 instead of JSCell*) to not have to pay the cost of a virtual method call. 39957 * runtime/JSObject.cpp: 39958 (JSC::JSObject::getPrimitiveNumber): 39959 * runtime/JSObject.h: 39960 * runtime/JSString.cpp: 39961 (JSC::JSString::getPrimitiveNumber): 39962 * runtime/JSString.h: 39963 399642011-09-27 Juan Carlos Montemayor Elosua <j.mont@me.com> 39965 39966 Implement Error.stack 39967 https://bugs.webkit.org/show_bug.cgi?id=66994 39968 39969 Reviewed by Oliver Hunt. 39970 39971 This patch utilizes topCallFrame to create a stack trace when 39972 an error is thrown. Users will also be able to use the stack() 39973 command in jsc to get arrays with stack trace information. 39974 39975 * JavaScriptCore.exp: 39976 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 39977 * interpreter/Interpreter.cpp: 39978 (JSC::getCallerLine): 39979 (JSC::getSourceURLFromCallFrame): 39980 (JSC::getStackFrameCodeType): 39981 (JSC::Interpreter::getStackTrace): 39982 (JSC::Interpreter::throwException): 39983 * interpreter/Interpreter.h: 39984 (JSC::StackFrame::toString): 39985 * jsc.cpp: 39986 (GlobalObject::finishCreation): 39987 (functionJSCStack): 39988 * parser/Parser.h: 39989 (JSC::Parser::parse): 39990 * runtime/CommonIdentifiers.h: 39991 * runtime/Error.cpp: 39992 (JSC::addErrorInfo): 39993 * runtime/Error.h: 39994 399952011-09-27 Carlos Garcia Campos <cgarcia@igalia.com> 39996 39997 [GTK] Reorganize header files 39998 https://bugs.webkit.org/show_bug.cgi?id=65616 39999 40000 Reviewed by Martin Robinson. 40001 40002 Install header files under $libwebkitgtkincludedir/JavaScriptCore. 40003 40004 * GNUmakefile.am: Use $libwebkitgtkincludedir. 40005 * javascriptcoregtk.pc.in: Use webkitgtk-<api-version> as include dir. 40006 400072011-09-26 Geoffrey Garen <ggaren@apple.com> 40008 40009 REGRESSION (r95912): Conservative marking doesn't filter out pointers to 40010 MarkedBlock metadata 40011 https://bugs.webkit.org/show_bug.cgi?id=68860 40012 40013 Reviewed by Oliver Hunt. 40014 40015 Bencher says no performance change, maybe a 7% speedup on kraken-imaging-darkroom. 40016 40017 * heap/MarkedBlock.h: 40018 (JSC::MarkedBlock::isAtomAligned): Renamed atomMask to atomAlignment mask 40019 because the mask doesn't produce the actual atom number. 40020 40021 (JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good 40022 enough; we also need to test that a pointer is beyond the metadata section 40023 of a MarkedBlock, to avoid treating random metadata as a JSCell. 40024 400252011-09-26 Mark Hahnenberg <mhahnenberg@apple.com> 40026 40027 Make JSCell::toBoolean non-virtual 40028 https://bugs.webkit.org/show_bug.cgi?id=67727 40029 40030 Reviewed by Geoffrey Garen. 40031 40032 JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where 40033 before it was simply virtual and would crash if its implementation was called). 40034 Its descendants in JSObject and JSString have also been made non-virtual. JSCell now 40035 explicitly covers all cases of toBoolean, so having a virtual implementation of 40036 JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell. 40037 40038 * JavaScriptCore.exp: 40039 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 40040 * runtime/JSCell.cpp: 40041 * runtime/JSCell.h: 40042 * runtime/JSNotAnObject.cpp: 40043 * runtime/JSNotAnObject.h: 40044 * runtime/JSObject.h: 40045 * runtime/JSString.h: 40046 (JSC::JSCell::toBoolean): 40047 (JSC::JSValue::toBoolean): 40048 400492011-09-26 Chris Marrin <cmarrin@apple.com> 40050 40051 Enable requestAnimationFrame on Windows 40052 https://bugs.webkit.org/show_bug.cgi?id=68397 40053 40054 Reviewed by Simon Fraser. 40055 40056 Enabled REQUEST_ANIMATION_FRAME_TIMER for Windows 40057 40058 * wtf/Platform.h: 40059 400602011-09-26 Noel Gordon <noel.gordon@gmail.com> 40061 40062 [Chromium] Remove DFGAliasTracker.h references from gyp project files 40063 https://bugs.webkit.org/show_bug.cgi?id=68787 40064 40065 Reviewed by Geoffrey Garen. 40066 40067 DFG/DFGAliasTracker.h was removed in r95389. Cleanup (remove) references 40068 to that file from the gyp project files. 40069 40070 * JavaScriptCore.gypi: 40071 400722011-09-26 Zoltan Herczeg <zherczeg@webkit.org> 40073 40074 [Qt]REGRESSION(r95865): It made 4 tests crash 40075 https://bugs.webkit.org/show_bug.cgi?id=68780 40076 40077 Reviewed by Oliver Hunt. 40078 40079 emitJumpSlowCaseIfNotJSCell(...) cannot be moved 40080 away since the next load depends on it. 40081 40082 * jit/JITPropertyAccess32_64.cpp: 40083 (JSC::JIT::emit_op_put_by_val): 40084 400852011-09-25 Mark Hahnenberg <mhahnenberg@apple.com> 40086 40087 Add custom vtable struct to ClassInfo struct 40088 https://bugs.webkit.org/show_bug.cgi?id=68567 40089 40090 Reviewed by Oliver Hunt. 40091 40092 Declared/defined the MethodTable struct and added it to the ClassInfo struct. 40093 Also defined the CREATE_METHOD_TABLE macro to generate these method tables 40094 succinctly where they need to be defined. 40095 40096 Also added to it the first function to use this macro, visitChildren. 40097 40098 This is part of the process of getting rid of all C++ virtual methods in JSCell. 40099 Eventually all virtual functions in JSCell that can't easily be converted to 40100 non-virtual functions will be put into this custom vtable structure. 40101 * runtime/ClassInfo.h: 40102 40103 Added the CREATE_METHOD_TABLE macro call as the last argument to each of the 40104 ClassInfo structs declared in these classes. This saves us from having to visit 40105 each s_info definition in the future when we add more methods to the MethodTable. 40106 * API/JSCallbackConstructor.cpp: 40107 * API/JSCallbackFunction.cpp: 40108 * API/JSCallbackObject.cpp: 40109 * JavaScriptCore.exp: 40110 * runtime/Arguments.cpp: 40111 * runtime/ArrayConstructor.cpp: 40112 * runtime/ArrayPrototype.cpp: 40113 * runtime/BooleanObject.cpp: 40114 * runtime/BooleanPrototype.cpp: 40115 * runtime/DateConstructor.cpp: 40116 * runtime/DateInstance.cpp: 40117 * runtime/DatePrototype.cpp: 40118 * runtime/ErrorInstance.cpp: 40119 * runtime/ErrorPrototype.cpp: 40120 * runtime/ExceptionHelpers.cpp: 40121 * runtime/Executable.cpp: 40122 * runtime/GetterSetter.cpp: 40123 * runtime/InternalFunction.cpp: 40124 * runtime/JSAPIValueWrapper.cpp: 40125 * runtime/JSActivation.cpp: 40126 * runtime/JSArray.cpp: 40127 * runtime/JSByteArray.cpp: 40128 * runtime/JSFunction.cpp: 40129 * runtime/JSGlobalObject.cpp: 40130 * runtime/JSONObject.cpp: 40131 * runtime/JSObject.cpp: 40132 * runtime/JSPropertyNameIterator.cpp: 40133 * runtime/JSString.cpp: 40134 * runtime/MathObject.cpp: 40135 * runtime/NativeErrorConstructor.cpp: 40136 * runtime/NumberConstructor.cpp: 40137 * runtime/NumberObject.cpp: 40138 * runtime/NumberPrototype.cpp: 40139 * runtime/ObjectConstructor.cpp: 40140 * runtime/ObjectPrototype.cpp: 40141 * runtime/RegExp.cpp: 40142 * runtime/RegExpConstructor.cpp: 40143 * runtime/RegExpObject.cpp: 40144 * runtime/RegExpPrototype.cpp: 40145 * runtime/ScopeChain.cpp: 40146 * runtime/StringConstructor.cpp: 40147 * runtime/StringObject.cpp: 40148 * runtime/StringPrototype.cpp: 40149 * runtime/Structure.cpp: 40150 * runtime/StructureChain.cpp: 40151 40152 Had to make visitChildren and visitChildrenVirtual protected instead of private 40153 because some of the subclasses of JSWrapperObject need access to JSWrapperObject's 40154 visitChildren function pointer in their vtable since they don't provide their own 40155 implementation. Same for RegExpObject. 40156 * runtime/JSWrapperObject.h: 40157 * runtime/RegExpObject.h: 40158 401592011-09-25 Adam Barth <abarth@webkit.org> 40160 40161 Finish removing PLATFORM(BREWMP) by removing associated code 40162 https://bugs.webkit.org/show_bug.cgi?id=68779 40163 40164 Reviewed by Sam Weinig. 40165 40166 * JavaScriptCore.gyp/JavaScriptCore.gyp: 40167 * JavaScriptCore.gypi: 40168 * gyp/JavaScriptCore.gyp: 40169 * wscript: 40170 * wtf/FastMalloc.cpp: 40171 (WTF::fastMallocSize): 40172 * wtf/Vector.h: 40173 * wtf/brew: Removed. 40174 * wtf/brew/MainThreadBrew.cpp: Removed. 40175 * wtf/brew/OwnPtrBrew.cpp: Removed. 40176 * wtf/brew/RefPtrBrew.h: Removed. 40177 * wtf/brew/ShellBrew.h: Removed. 40178 * wtf/brew/StringBrew.cpp: Removed. 40179 * wtf/brew/SystemMallocBrew.h: Removed. 40180 * wtf/unicode/brew: Removed. 40181 * wtf/unicode/brew/UnicodeBrew.cpp: Removed. 40182 * wtf/unicode/brew/UnicodeBrew.h: Removed. 40183 401842011-09-25 Filip Pizlo <fpizlo@apple.com> 40185 40186 DFG JIT does not count speculation successes correctly 40187 https://bugs.webkit.org/show_bug.cgi?id=68785 40188 40189 Reviewed by Geoffrey Garen. 40190 40191 * dfg/DFGJITCompiler.cpp: 40192 (JSC::DFG::JITCompiler::compileEntry): 40193 (JSC::DFG::JITCompiler::compileBody): 40194 * dfg/DFGOperations.cpp: 40195 401962011-09-25 Filip Pizlo <fpizlo@apple.com> 40197 40198 DFG support for op_resolve_global is not enabled 40199 https://bugs.webkit.org/show_bug.cgi?id=68786 40200 40201 Reviewed by Geoffrey Garen. 40202 40203 * dfg/DFGCapabilities.h: 40204 (JSC::DFG::canCompileOpcode): 40205 402062011-09-25 Filip Pizlo <fpizlo@apple.com> 40207 40208 DFG static prediction code is no longer needed and should be removed 40209 https://bugs.webkit.org/show_bug.cgi?id=68784 40210 40211 Reviewed by Oliver Hunt. 40212 40213 This gets rid of static prediction code, and ensures that we do not 40214 try to compile code where dynamic predictions are not available. 40215 This is accomplished by immediately performing an OSR exit wherever 40216 a value is retrieved for which no predictions exist. 40217 40218 This also adds value profiling for this on functions used for calls. 40219 40220 The heuristics for deciding when to optimize code are also tweaked, 40221 since it is now profitable to optimize sooner. This may need to be 40222 tweaked further, but this patch only makes minimal changes. 40223 40224 This results in a 16% speed-up on Kraken/ai-astar, leading to a 3% 40225 overall win on Kraken. It's neutral elsewhere. 40226 40227 * bytecode/CodeBlock.cpp: 40228 (JSC::CodeBlock::shouldOptimizeNow): 40229 (JSC::CodeBlock::dumpValueProfiles): 40230 * bytecode/CodeBlock.h: 40231 * bytecode/PredictedType.cpp: 40232 (JSC::predictionToString): 40233 * bytecode/PredictedType.h: 40234 (JSC::isCellPrediction): 40235 (JSC::isObjectPrediction): 40236 (JSC::isFinalObjectPrediction): 40237 (JSC::isStringPrediction): 40238 (JSC::isArrayPrediction): 40239 (JSC::isInt32Prediction): 40240 (JSC::isDoublePrediction): 40241 (JSC::isNumberPrediction): 40242 (JSC::isBooleanPrediction): 40243 (JSC::mergePredictions): 40244 * bytecode/PredictionTracker.h: 40245 (JSC::PredictionTracker::predictArgument): 40246 (JSC::PredictionTracker::predict): 40247 (JSC::PredictionTracker::predictGlobalVar): 40248 * bytecode/ValueProfile.cpp: 40249 (JSC::ValueProfile::computeUpdatedPrediction): 40250 * dfg/DFGByteCodeParser.cpp: 40251 (JSC::DFG::ByteCodeParser::set): 40252 (JSC::DFG::ByteCodeParser::addCall): 40253 (JSC::DFG::ByteCodeParser::getPrediction): 40254 (JSC::DFG::ByteCodeParser::parseBlock): 40255 * dfg/DFGGraph.cpp: 40256 (JSC::DFG::Graph::predictArgumentTypes): 40257 * dfg/DFGGraph.h: 40258 (JSC::DFG::Graph::predict): 40259 (JSC::DFG::Graph::predictGlobalVar): 40260 (JSC::DFG::Graph::getMethodCheckPrediction): 40261 (JSC::DFG::Graph::getJSConstantPrediction): 40262 (JSC::DFG::Graph::getPrediction): 40263 * dfg/DFGJITCodeGenerator.cpp: 40264 (JSC::DFG::JITCodeGenerator::writeBarrier): 40265 (JSC::DFG::JITCodeGenerator::emitBranch): 40266 * dfg/DFGJITCompiler.h: 40267 (JSC::DFG::JITCompiler::getPrediction): 40268 * dfg/DFGNode.h: 40269 (JSC::DFG::Node::valueOfJSConstantNode): 40270 (JSC::DFG::Node::isInt32Constant): 40271 (JSC::DFG::Node::isDoubleConstant): 40272 (JSC::DFG::Node::isNumberConstant): 40273 (JSC::DFG::Node::isBooleanConstant): 40274 (JSC::DFG::Node::predict): 40275 * dfg/DFGPropagator.cpp: 40276 (JSC::DFG::Propagator::Propagator): 40277 (JSC::DFG::Propagator::propagateNodePredictions): 40278 (JSC::DFG::Propagator::fixupNode): 40279 (JSC::DFG::Propagator::isPredictedNumerical): 40280 (JSC::DFG::Propagator::logicalNotIsPure): 40281 * dfg/DFGSpeculativeJIT.cpp: 40282 (JSC::DFG::SpeculativeJIT::compile): 40283 * dfg/DFGSpeculativeJIT.h: 40284 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): 40285 (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble): 40286 (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber): 40287 (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger): 40288 (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject): 40289 (JSC::DFG::SpeculativeJIT::shouldSpeculateArray): 40290 (JSC::DFG::SpeculativeJIT::shouldSpeculateObject): 40291 (JSC::DFG::SpeculativeJIT::shouldSpeculateCell): 40292 * jit/JIT.cpp: 40293 (JSC::JIT::privateCompile): 40294 402952011-09-25 Filip Pizlo <fpizlo@apple.com> 40296 40297 DFG JIT Construct opcode takes a this argument even though it's 40298 not passed 40299 https://bugs.webkit.org/show_bug.cgi?id=68782 40300 40301 Reviewed by Oliver Hunt. 40302 40303 This is performance-neutral, mostly. It's a slight speed-up on 40304 v8-splay. 40305 40306 * dfg/DFGByteCodeParser.cpp: 40307 (JSC::DFG::ByteCodeParser::addCall): 40308 * dfg/DFGJITCodeGenerator.cpp: 40309 (JSC::DFG::JITCodeGenerator::emitCall): 40310 403112011-09-25 Filip Pizlo <fpizlo@apple.com> 40312 40313 DFG tracking of the value in cachedResultRegister does not handle 40314 op_mov correctly 40315 https://bugs.webkit.org/show_bug.cgi?id=68781 40316 40317 Reviewed by Oliver Hunt. 40318 40319 This takes the simplest approach: it makes the old JIT dumber rather 40320 than making the DFG JIT smarter. This is performance-neutral. 40321 40322 * jit/JIT.h: 40323 (JSC::JIT::canBeOptimized): 40324 * jit/JITOpcodes.cpp: 40325 (JSC::JIT::emit_op_mov): 40326 403272011-09-25 Adam Barth <abarth@webkit.org> 40328 40329 Remove PLATFORM(HAIKU) and associated code 40330 https://bugs.webkit.org/show_bug.cgi?id=68774 40331 40332 Reviewed by Sam Weinig. 40333 40334 * JavaScriptCore.gyp/JavaScriptCore.gyp: 40335 * JavaScriptCore.gypi: 40336 * gyp/JavaScriptCore.gyp: 40337 * heap/MachineStackMarker.cpp: 40338 * wtf/PageAllocation.h: 40339 * wtf/Platform.h: 40340 * wtf/StackBounds.cpp: 40341 * wtf/haiku: Removed. 40342 * wtf/haiku/MainThreadHaiku.cpp: Removed. 40343 * wtf/haiku/StringHaiku.cpp: Removed. 40344 * wtf/text/WTFString.h: 40345 403462011-09-24 Adam Barth <abarth@webkit.org> 40347 40348 Always enable ENABLE(OFFLINE_WEB_APPLICATIONS) 40349 https://bugs.webkit.org/show_bug.cgi?id=68767 40350 40351 Reviewed by Eric Seidel. 40352 40353 * Configurations/FeatureDefines.xcconfig: 40354 403552011-09-24 Filip Pizlo <fpizlo@apple.com> 40356 40357 JIT implementation of put_by_val increments m_length instead of setting 40358 it to index+1 40359 https://bugs.webkit.org/show_bug.cgi?id=68766 40360 40361 Reviewed by Geoffrey Garen. 40362 40363 * jit/JITPropertyAccess.cpp: 40364 (JSC::JIT::emit_op_put_by_val): 40365 403662011-09-24 Geoffrey Garen <ggaren@apple.com> 40367 40368 More build fixage. 40369 40370 * heap/ConservativeRoots.cpp: Our system of #includes, it is chaos. 40371 403722011-09-24 Filip Pizlo <fpizlo@apple.com> 40373 40374 The DFG should not attempt to guess types in the absence of value 40375 profiles 40376 https://bugs.webkit.org/show_bug.cgi?id=68677 40377 40378 Reviewed by Oliver Hunt. 40379 40380 This adds the ForceOSRExit node, which is ignored by the propagator 40381 and virtual register allocator (and hence ensuring that liveness analysis 40382 works correctly), but forces terminateSpeculativeExecution() in the 40383 back-end. This appears to be a slight speed-up on benchmark averages, 40384 with ~5% swings on individual benchmarks, in both directions. But it's 40385 never a regression on any average, and appears to be a ~1% progression 40386 in the SunSpider average. 40387 40388 This also adds a bit better debugging support in the old JIT and in DFG, 40389 as this was necessary to debug the much more frequent OSR transitions 40390 that occur with this change. 40391 40392 * dfg/DFGByteCodeParser.cpp: 40393 (JSC::DFG::ByteCodeParser::addCall): 40394 (JSC::DFG::ByteCodeParser::getStrongPrediction): 40395 (JSC::DFG::ByteCodeParser::parseBlock): 40396 * dfg/DFGJITCompiler.cpp: 40397 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 40398 * dfg/DFGNode.h: 40399 * dfg/DFGPropagator.cpp: 40400 (JSC::DFG::Propagator::propagateNodePredictions): 40401 * dfg/DFGSpeculativeJIT.cpp: 40402 (JSC::DFG::SpeculativeJIT::compile): 40403 * jit/JIT.cpp: 40404 (JSC::JIT::privateCompileMainPass): 40405 (JSC::JIT::privateCompileSlowCases): 40406 (JSC::JIT::privateCompile): 40407 * jit/JIT.h: 40408 404092011-09-24 Geoffrey Garen <ggaren@apple.com> 40410 40411 Some Windows build fixage. 40412 40413 * heap/MarkedBlock.cpp: 40414 (JSC::MarkedBlock::sweep): 40415 * heap/MarkedBlock.h: 40416 (JSC::MarkedBlock::isLive): Show the compiler that all control paths 40417 return a value. There, there, compiler. Everything's going to be OK. 40418 40419 * runtime/JSCell.h: 40420 (JSC::JSCell::setVPtr): Oops! Unrename this function. 40421 404222011-09-24 Geoffrey Garen <ggaren@apple.com> 40423 40424 Allocate new objects unmarked 40425 https://bugs.webkit.org/show_bug.cgi?id=68764 40426 40427 Reviewed by Oliver Hunt. 40428 40429 This is a pre-requisite to using the mark bit to determine object age. 40430 40431 ~2% v8 speedup, mostly due to a 12% v8-splay speedup. 40432 40433 * heap/MarkedBlock.h: 40434 (JSC::MarkedBlock::isLive): 40435 (JSC::MarkedBlock::isLiveCell): These two functions are the reason for 40436 this patch. They can now determine object liveness without relying on 40437 newly allocated objects having their mark bits set. Each MarkedBlock 40438 now has a state variable that tells us how to determine whether its 40439 cells are live. (This new state variable supercedes the old one about 40440 destructor state. The rest of this patch is just refactoring to support 40441 the invariants of this new state variable without introducing a 40442 performance regression.) 40443 40444 (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal 40445 state when a block becomes fully allocated. 40446 40447 (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into 40448 this function because, logically, clearing all mark bits is the first 40449 step in saying "mark bits now exactly reflect object liveness". 40450 40451 (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify 40452 that this function only tells you about the mark bits, so it's only 40453 meaningful if you've put the mark bits into a meaningful state before 40454 calling it. 40455 40456 (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function 40457 instead of testing mark bits, since mark bits are not always the right 40458 way to find out if an object is live anymore. (New objects are live, but 40459 not marked.) 40460 40461 * heap/MarkedBlock.cpp: 40462 (JSC::MarkedBlock::recycle): 40463 (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even 40464 initialization when recycling an old block -- into the MarkedBlock 40465 constructor, for simplicity. 40466 40467 (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for 40468 a zapped cell before running a destructor, and always zap after 40469 running a destructor. This does not seem to be expensive, and the 40470 alternative just creates a too-confusing matrix of possible cell states 40471 ((zombie undestructed cell + zombie destructed cell + zapped destructed 40472 cell) * 5! permutations for progressing through block states = "Oh my!"). 40473 40474 (JSC::MarkedBlock::specializedSweep): 40475 (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing 40476 optimization to use template specialization to constant fold lots of 40477 branches and elide certain operations entirely during a sweep. Merged 40478 four or five functions that were logically about sweeping into this one 40479 function pair, so there's only one way to do things now, it's 40480 automatically correct, and it's always fast. 40481 40482 (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit 40483 about exactly what it does, and to honor the new block state system. 40484 40485 * heap/AllocationSpace.cpp: 40486 (JSC::AllocationSpace::allocateBlock): Updated for rename. 40487 40488 (JSC::AllocationSpace::freeBlocks): Updated for changed interface. 40489 40490 (JSC::TakeIfUnmarked::TakeIfUnmarked): 40491 (JSC::TakeIfUnmarked::operator()): 40492 (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed 40493 to clarify that this functor only tests the mark bits, so it's only 40494 valid if you've put the mark bits into a meaningful state before 40495 calling it. 40496 40497 (JSC::AllocationSpace::shrink): Updated for rename. 40498 40499 * heap/AllocationSpace.h: 40500 (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a 40501 little more specific about what we're making canonical. 40502 40503 (JSC::AllocationSpace::forEachCell): Updated for rename. 40504 40505 (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell 40506 liveness data before iterating blocks -- clients that want iterated 40507 blocks to have valid cell lieveness data should make this call for 40508 themselves. (And not all clients want it.) 40509 40510 * heap/ConservativeRoots.cpp: 40511 (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed 40512 obsolete comment. 40513 40514 * heap/Heap.cpp: 40515 (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...() 40516 because clearMarks() now does that implicitly. 40517 40518 (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since 40519 tear-down tests cell liveness when running destructors. 40520 40521 (JSC::Heap::markRoots): 40522 (JSC::Heap::collect): Moved weak reference harvesting out of markRoots() 40523 and into collect, since it strictly depends on root marking, and does 40524 not contribute to root marking. 40525 40526 (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more 40527 specific about what we're making canonical. 40528 40529 * heap/Heap.h: 40530 (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness 40531 data before iterating protected cells, since we know they're all live, 40532 and don't need to test for it. 40533 40534 * heap/Local.h: 40535 (JSC::::set): Can't make the same ASSERT we used to because we just don't 40536 have the mark bits for it anymore. Perhaps we can bring this ASSERT back 40537 in a weaker form in the future. 40538 40539 * heap/MarkedSpace.cpp: 40540 (JSC::MarkedSpace::addBlock): 40541 (JSC::MarkedSpace::removeBlock): Updated for interface change. 40542 (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more 40543 specific about what we're making canonical. 40544 40545 * heap/MarkedSpace.h: 40546 (JSC::MarkedSpace::allocate): 40547 (JSC::MarkedSpace::SizeClass::SizeClass): 40548 (JSC::MarkedSpace::SizeClass::resetAllocator): 40549 (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator 40550 functionality a bit. We now track only one block -- "currentBlock" -- 40551 and rely on its internal state to know whether it has more cells to 40552 allocate. 40553 40554 * heap/Weak.h: 40555 (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't 40556 have the mark bits for it anymore. Perhaps we can bring this ASSERT back 40557 in a weaker form in the future. 40558 40559 * runtime/JSCell.h: 40560 (JSC::JSCell::vptr): 40561 (JSC::JSCell::zap): 40562 (JSC::JSCell::isZapped): 40563 (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction. 40564 In the future, exactly how a JSCell zaps itself will change, as the 40565 internal representation of JSCell changes. 40566 405672011-09-24 Filip Pizlo <fpizlo@apple.com> 40568 40569 DFG JIT should not eagerly initialize integer tags in the register file 40570 https://bugs.webkit.org/show_bug.cgi?id=68763 40571 40572 Reviewed by Oliver Hunt. 40573 40574 * dfg/DFGJITCompiler.cpp: 40575 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 40576 * dfg/DFGSpeculativeJIT.cpp: 40577 (JSC::DFG::ValueRecovery::dump): 40578 (JSC::DFG::OSRExit::OSRExit): 40579 (JSC::DFG::SpeculativeJIT::compile): 40580 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 40581 * dfg/DFGSpeculativeJIT.h: 40582 (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32): 40583 (JSC::DFG::OSRExit::operandForArgument): 40584 (JSC::DFG::OSRExit::operandForIndex): 40585 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 40586 405872011-09-23 Yuqiang Xian <yuqiang.xian@intel.com> 40588 40589 Add JSVALUE32_64 support to DFG JIT 40590 https://bugs.webkit.org/show_bug.cgi?id=67460 40591 40592 Reviewed by Gavin Barraclough. 40593 40594 This is the initial attempt to add JSVALUE32_64 support to DFG JIT. 40595 It's tested on IA32 Linux EFL port currently. It still cannot run 40596 all the test cases and benchmarks so should be turned off now. 40597 40598 The major work includes: 40599 1) dealing with JSVALUE32_64 data format in DFG JIT; 40600 2) bindings between 64-bit JS Value and 32-bit registers; 40601 3) handling of function calls. Currently for DFG operation function 40602 calls we follow the X86 cdecl calling convention on Linux, and the 40603 implementation is in a naive way by pushing the arguments into stack 40604 one by one. 40605 40606 The known issues include: 40607 1) some code duplicates unnecessarily, especially in Speculative JIT 40608 code generation, where most of the operations on SpeculataInteger / 40609 SpeculateDouble should be identical to the JSVALUE64 code. Refactoring 40610 is needed in the future; 40611 2) lack of op_call and op_construct support, comparing to current 40612 JSVALUE64 DFG; 40613 3) currently integer speculations assume to be StrictInt32; 40614 4) lack of JSBoolean speculations; 40615 5) boxing and unboxing doubles could be improved; 40616 6) DFG X86 register description is different with the baseline JIT, 40617 the timeoutCheckRegister is used for general purpose usage; 40618 7) calls to runtime functions with primitive double parameters (e.g. 40619 fmod) don't work. Support needs to be added to the assembler to 40620 implement the mechanism of passing double parameters for X86 cdecl 40621 convention. 40622 40623 And there should be many other hidden bugs which should be exposed and 40624 resolved in later debugging process. 40625 40626 * CMakeListsEfl.txt: 40627 * assembler/MacroAssemblerX86.h: 40628 (JSC::MacroAssemblerX86::loadDouble): 40629 (JSC::MacroAssemblerX86::storeDouble): 40630 * assembler/X86Assembler.h: 40631 (JSC::X86Assembler::movsd_rm): 40632 * bytecode/StructureStubInfo.h: 40633 * dfg/DFGByteCodeParser.cpp: 40634 (JSC::DFG::ByteCodeParser::parseBlock): 40635 * dfg/DFGCapabilities.h: 40636 (JSC::DFG::canCompileOpcode): 40637 * dfg/DFGFPRInfo.h: 40638 (JSC::DFG::FPRInfo::debugName): 40639 * dfg/DFGGPRInfo.h: 40640 (JSC::DFG::GPRInfo::toRegister): 40641 (JSC::DFG::GPRInfo::toIndex): 40642 (JSC::DFG::GPRInfo::debugName): 40643 * dfg/DFGGenerationInfo.h: 40644 (JSC::DFG::needDataFormatConversion): 40645 (JSC::DFG::GenerationInfo::initJSValue): 40646 (JSC::DFG::GenerationInfo::initDouble): 40647 (JSC::DFG::GenerationInfo::gpr): 40648 (JSC::DFG::GenerationInfo::tagGPR): 40649 (JSC::DFG::GenerationInfo::payloadGPR): 40650 (JSC::DFG::GenerationInfo::fpr): 40651 (JSC::DFG::GenerationInfo::fillJSValue): 40652 (JSC::DFG::GenerationInfo::fillCell): 40653 (JSC::DFG::GenerationInfo::fillDouble): 40654 * dfg/DFGJITCodeGenerator.cpp: 40655 * dfg/DFGJITCodeGenerator.h: 40656 (JSC::DFG::JITCodeGenerator::allocate): 40657 (JSC::DFG::JITCodeGenerator::use): 40658 (JSC::DFG::JITCodeGenerator::registersMatched): 40659 (JSC::DFG::JITCodeGenerator::silentSpillGPR): 40660 (JSC::DFG::JITCodeGenerator::silentFillGPR): 40661 (JSC::DFG::JITCodeGenerator::silentFillFPR): 40662 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): 40663 (JSC::DFG::JITCodeGenerator::silentFillAllRegisters): 40664 (JSC::DFG::JITCodeGenerator::boxDouble): 40665 (JSC::DFG::JITCodeGenerator::unboxDouble): 40666 (JSC::DFG::JITCodeGenerator::spill): 40667 (JSC::DFG::addressOfDoubleConstant): 40668 (JSC::DFG::integerResult): 40669 (JSC::DFG::jsValueResult): 40670 (JSC::DFG::setupResults): 40671 (JSC::DFG::callOperation): 40672 (JSC::JSValueOperand::JSValueOperand): 40673 (JSC::JSValueOperand::~JSValueOperand): 40674 (JSC::JSValueOperand::isDouble): 40675 (JSC::JSValueOperand::fill): 40676 (JSC::JSValueOperand::tagGPR): 40677 (JSC::JSValueOperand::payloadGPR): 40678 (JSC::JSValueOperand::fpr): 40679 (JSC::GPRTemporary::~GPRTemporary): 40680 (JSC::GPRTemporary::gpr): 40681 (JSC::GPRResult2::GPRResult2): 40682 * dfg/DFGJITCodeGenerator32_64.cpp: Added. 40683 (JSC::DFG::JITCodeGenerator::clearGenerationInfo): 40684 (JSC::DFG::JITCodeGenerator::fillInteger): 40685 (JSC::DFG::JITCodeGenerator::fillDouble): 40686 (JSC::DFG::JITCodeGenerator::fillJSValue): 40687 (JSC::DFG::JITCodeGenerator::fillStorage): 40688 (JSC::DFG::JITCodeGenerator::useChildren): 40689 (JSC::DFG::JITCodeGenerator::isStrictInt32): 40690 (JSC::DFG::JITCodeGenerator::isKnownInteger): 40691 (JSC::DFG::JITCodeGenerator::isKnownNumeric): 40692 (JSC::DFG::JITCodeGenerator::isKnownCell): 40693 (JSC::DFG::JITCodeGenerator::isKnownNotInteger): 40694 (JSC::DFG::JITCodeGenerator::isKnownNotNumber): 40695 (JSC::DFG::JITCodeGenerator::isKnownBoolean): 40696 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): 40697 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 40698 (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber): 40699 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): 40700 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): 40701 (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod): 40702 (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance): 40703 (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf): 40704 (JSC::DFG::JITCodeGenerator::cachedGetById): 40705 (JSC::DFG::JITCodeGenerator::writeBarrier): 40706 (JSC::DFG::JITCodeGenerator::cachedPutById): 40707 (JSC::DFG::JITCodeGenerator::cachedGetMethod): 40708 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): 40709 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): 40710 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull): 40711 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 40712 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 40713 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): 40714 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 40715 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): 40716 (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq): 40717 (JSC::DFG::JITCodeGenerator::emitBranch): 40718 (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot): 40719 (JSC::DFG::JITCodeGenerator::emitCall): 40720 (JSC::DFG::JITCodeGenerator::speculationCheck): 40721 (JSC::DFG::dataFormatString): 40722 (JSC::DFG::JITCodeGenerator::dump): 40723 (JSC::DFG::JITCodeGenerator::checkConsistency): 40724 (JSC::DFG::GPRTemporary::GPRTemporary): 40725 (JSC::DFG::FPRTemporary::FPRTemporary): 40726 * dfg/DFGJITCompiler.cpp: 40727 * dfg/DFGJITCompiler.h: 40728 (JSC::DFG::JITCompiler::tagForGlobalVar): 40729 (JSC::DFG::JITCompiler::payloadForGlobalVar): 40730 (JSC::DFG::JITCompiler::appendCallWithExceptionCheck): 40731 (JSC::DFG::JITCompiler::addressOfDoubleConstant): 40732 (JSC::DFG::JITCompiler::boxDouble): 40733 (JSC::DFG::JITCompiler::unboxDouble): 40734 (JSC::DFG::JITCompiler::addPropertyAccess): 40735 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): 40736 * dfg/DFGJITCompiler32_64.cpp: Added. 40737 (JSC::DFG::JITCompiler::fillNumericToDouble): 40738 (JSC::DFG::JITCompiler::fillInt32ToInteger): 40739 (JSC::DFG::JITCompiler::fillToJS): 40740 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 40741 (JSC::DFG::JITCompiler::linkOSRExits): 40742 (JSC::DFG::JITCompiler::compileEntry): 40743 (JSC::DFG::JITCompiler::compileBody): 40744 (JSC::DFG::JITCompiler::link): 40745 (JSC::DFG::JITCompiler::compile): 40746 (JSC::DFG::JITCompiler::compileFunction): 40747 (JSC::DFG::JITCompiler::jitAssertIsInt32): 40748 (JSC::DFG::JITCompiler::jitAssertIsJSInt32): 40749 (JSC::DFG::JITCompiler::jitAssertIsJSNumber): 40750 (JSC::DFG::JITCompiler::jitAssertIsJSDouble): 40751 (JSC::DFG::JITCompiler::jitAssertIsCell): 40752 (JSC::DFG::JITCompiler::emitCount): 40753 (JSC::DFG::JITCompiler::setSamplingFlag): 40754 (JSC::DFG::JITCompiler::clearSamplingFlag): 40755 * dfg/DFGJITCompilerInlineMethods.h: Added. 40756 (JSC::DFG::JITCompiler::emitLoadTag): 40757 (JSC::DFG::JITCompiler::emitLoadPayload): 40758 (JSC::DFG::JITCompiler::emitLoad): 40759 (JSC::DFG::JITCompiler::emitLoad2): 40760 (JSC::DFG::JITCompiler::emitLoadDouble): 40761 (JSC::DFG::JITCompiler::emitLoadInt32ToDouble): 40762 (JSC::DFG::JITCompiler::emitStore): 40763 (JSC::DFG::JITCompiler::emitStoreInt32): 40764 (JSC::DFG::JITCompiler::emitStoreCell): 40765 (JSC::DFG::JITCompiler::emitStoreBool): 40766 (JSC::DFG::JITCompiler::emitStoreDouble): 40767 * dfg/DFGNode.h: 40768 * dfg/DFGOperations.cpp: 40769 * dfg/DFGRepatch.cpp: 40770 (JSC::DFG::generateProtoChainAccessStub): 40771 (JSC::DFG::tryCacheGetByID): 40772 (JSC::DFG::tryBuildGetByIDList): 40773 (JSC::DFG::tryCachePutByID): 40774 * dfg/DFGSpeculativeJIT.cpp: 40775 * dfg/DFGSpeculativeJIT.h: 40776 (JSC::DFG::ValueRecovery::inGPR): 40777 (JSC::DFG::ValueRecovery::inPair): 40778 (JSC::DFG::ValueRecovery::tagGPR): 40779 (JSC::DFG::ValueRecovery::payloadGPR): 40780 * dfg/DFGSpeculativeJIT32_64.cpp: Added. 40781 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 40782 (JSC::DFG::ValueSource::dump): 40783 (JSC::DFG::ValueRecovery::dump): 40784 (JSC::DFG::OSRExit::OSRExit): 40785 (JSC::DFG::OSRExit::dump): 40786 (JSC::DFG::SpeculativeJIT::fillSpeculateInt): 40787 (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict): 40788 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 40789 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 40790 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 40791 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 40792 (JSC::DFG::SpeculativeJIT::convertToDouble): 40793 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): 40794 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 40795 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 40796 (JSC::DFG::SpeculativeJIT::compare): 40797 (JSC::DFG::SpeculativeJIT::compile): 40798 (JSC::DFG::SpeculativeJIT::compileMovHint): 40799 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 40800 (JSC::DFG::SpeculativeJIT::initializeVariableTypes): 40801 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 40802 * runtime/JSValue.h: 40803 408042011-09-23 Filip Pizlo <fpizlo@apple.com> 40805 40806 wtf/BitVector.h has a variety of bugs which manifest when the 40807 vector grows beyond 63 bits 40808 https://bugs.webkit.org/show_bug.cgi?id=68746 40809 40810 Reviewed by Oliver Hunt. 40811 40812 Out-of-lined slow path code in BitVector so that not every user 40813 of CodeBlock ends up having to compile it. Fixed a variety of 40814 index computation and size computation bugs. 40815 40816 I have not seen these issues manifest themselves, but they are 40817 blocking a patch that uses BitVector more aggressively. 40818 40819 * GNUmakefile.list.am: 40820 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 40821 * JavaScriptCore.xcodeproj/project.pbxproj: 40822 * wtf/BitVector.cpp: Added. 40823 (BitVector::BitVector): 40824 (BitVector::operator=): 40825 (BitVector::resize): 40826 (BitVector::clearAll): 40827 (BitVector::OutOfLineBits::create): 40828 (BitVector::OutOfLineBits::destroy): 40829 (BitVector::resizeOutOfLine): 40830 * wtf/BitVector.h: 40831 (WTF::BitVector::ensureSize): 40832 (WTF::BitVector::get): 40833 (WTF::BitVector::set): 40834 (WTF::BitVector::clear): 40835 (WTF::BitVector::byteCount): 40836 (WTF::BitVector::OutOfLineBits::numWords): 40837 (WTF::BitVector::OutOfLineBits::bits): 40838 (WTF::BitVector::outOfLineBits): 40839 * wtf/CMakeLists.txt: 40840 * wtf/wtf.pri: 40841 408422011-09-23 Adam Klein <adamk@chromium.org> 40843 40844 Add ENABLE_MUTATION_OBSERVERS feature flag 40845 https://bugs.webkit.org/show_bug.cgi?id=68732 40846 40847 Reviewed by Ojan Vafai. 40848 40849 This flag will guard an implementation of the "Mutation Observers" proposed in 40850 http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html 40851 40852 * Configurations/FeatureDefines.xcconfig: 40853 408542011-09-23 Mark Hahnenberg <mhahnenberg@apple.com> 40855 40856 De-virtualize JSCell::getJSNumber 40857 https://bugs.webkit.org/show_bug.cgi?id=68651 40858 40859 Reviewed by Oliver Hunt. 40860 40861 Added a new JSType to check whether or not something is a 40862 NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not 40863 currently a better way to determine whether something is indeed a NumberObject. 40864 Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo 40865 for whether the object is a NumberObject or not. This patch is part of 40866 the larger process of de-virtualizing JSCell. 40867 40868 * JavaScriptCore.exp: 40869 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 40870 * runtime/JSCell.cpp: 40871 (JSC::JSCell::getJSNumber): 40872 * runtime/JSCell.h: 40873 (JSC::JSValue::getJSNumber): 40874 * runtime/JSType.h: 40875 * runtime/JSTypeInfo.h: 40876 (JSC::TypeInfo::isNumberObject): 40877 * runtime/JSValue.h: 40878 * runtime/NumberObject.cpp: 40879 (JSC::NumberObject::getJSNumber): 40880 * runtime/NumberObject.h: 40881 (JSC::NumberObject::createStructure): 40882 * runtime/NumberPrototype.h: 40883 (JSC::NumberPrototype::createStructure): 40884 408852011-09-23 Filip Pizlo <fpizlo@apple.com> 40886 40887 Resolve opcodes should have value profiling. 40888 https://bugs.webkit.org/show_bug.cgi?id=68723 40889 40890 Reviewed by Oliver Hunt. 40891 40892 This adds value profiling to all forms of op_resolve in the 40893 old JIT, and patches that information into the DFG along with 40894 performing the appropriate type propagation. 40895 40896 * dfg/DFGByteCodeParser.cpp: 40897 (JSC::DFG::ByteCodeParser::parseBlock): 40898 * dfg/DFGGraph.h: 40899 (JSC::DFG::Graph::predict): 40900 * dfg/DFGNode.h: 40901 (JSC::DFG::Node::hasIdentifier): 40902 (JSC::DFG::Node::resolveGlobalDataIndex): 40903 (JSC::DFG::Node::hasPrediction): 40904 * dfg/DFGPropagator.cpp: 40905 (JSC::DFG::Propagator::propagateNodePredictions): 40906 * dfg/DFGSpeculativeJIT.cpp: 40907 (JSC::DFG::SpeculativeJIT::compile): 40908 * jit/JITOpcodes.cpp: 40909 (JSC::JIT::emit_op_resolve): 40910 (JSC::JIT::emit_op_resolve_base): 40911 (JSC::JIT::emit_op_resolve_skip): 40912 (JSC::JIT::emit_op_resolve_global): 40913 (JSC::JIT::emitSlow_op_resolve_global): 40914 (JSC::JIT::emit_op_resolve_with_base): 40915 (JSC::JIT::emit_op_resolve_with_this): 40916 (JSC::JIT::emitSlow_op_resolve_global_dynamic): 40917 * jit/JITStubCall.h: 40918 (JSC::JITStubCall::callWithValueProfiling): 40919 409202011-09-23 Oliver Hunt <oliver@apple.com> 40921 40922 Fix windows build. 40923 40924 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 40925 409262011-09-23 Gavin Barraclough <barraclough@apple.com> 40927 40928 Strict mode does not work in non-trivial nested functions. 40929 https://bugs.webkit.org/show_bug.cgi?id=68740 40930 40931 Reviewed by Oliver Hunt. 40932 40933 Function-info caching does not preserve all state that it should. 40934 40935 * parser/JSParser.cpp: 40936 (JSC::JSParser::Scope::saveFunctionInfo): 40937 (JSC::JSParser::Scope::restoreFunctionInfo): 40938 (JSC::JSParser::parseFunctionInfo): 40939 * parser/SourceProviderCacheItem.h: 40940 409412011-09-23 Filip Pizlo <fpizlo@apple.com> 40942 40943 ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED 40944 https://bugs.webkit.org/show_bug.cgi?id=68724 40945 40946 Reviewed by Oliver Hunt. 40947 40948 * dfg/DFGPropagator.cpp: 40949 (JSC::DFG::Propagator::propagateNodePredictions): 40950 409512011-09-23 Oliver Hunt <oliver@apple.com> 40952 40953 Build fix. 40954 40955 * JavaScriptCore.xcodeproj/project.pbxproj: 40956 409572011-09-23 Filip Pizlo <fpizlo@apple.com> 40958 40959 DFG implementation of PutScopedVar corrupts register allocation 40960 https://bugs.webkit.org/show_bug.cgi?id=68735 40961 40962 Reviewed by Oliver Hunt. 40963 40964 * dfg/DFGSpeculativeJIT.cpp: 40965 (JSC::DFG::SpeculativeJIT::compile): 40966 409672011-09-23 Oliver Hunt <oliver@apple.com> 40968 40969 Make write barriers actually do something when enabled 40970 https://bugs.webkit.org/show_bug.cgi?id=68717 40971 40972 Reviewed by Geoffrey Garen. 40973 40974 Add a basic card marking style write barrier to JSC (currently 40975 turned off). This requires two scratch registers in the JIT 40976 so there was some register re-arranging to satisfy that requirement. 40977 Happily this produced a minor perf bump in sunspider (~0.5%). 40978 40979 Turning the barriers on causes an overall regression of around 1.5% 40980 40981 * JavaScriptCore.exp: 40982 * JavaScriptCore.xcodeproj/project.pbxproj: 40983 * assembler/MacroAssemblerX86Common.h: 40984 (JSC::MacroAssemblerX86Common::store8): 40985 * assembler/X86Assembler.h: 40986 (JSC::X86Assembler::movb_i8m): 40987 * dfg/DFGJITCodeGenerator.cpp: 40988 (JSC::DFG::JITCodeGenerator::isKnownNotCell): 40989 (JSC::DFG::JITCodeGenerator::writeBarrier): 40990 (JSC::DFG::JITCodeGenerator::markCellCard): 40991 (JSC::DFG::JITCodeGenerator::cachedPutById): 40992 * dfg/DFGJITCodeGenerator.h: 40993 * dfg/DFGRepatch.cpp: 40994 (JSC::DFG::tryCachePutByID): 40995 * dfg/DFGSpeculativeJIT.cpp: 40996 (JSC::DFG::SpeculativeJIT::compile): 40997 * heap/CardSet.h: Added. 40998 (JSC::CardSet::CardSet): 40999 (JSC::::cardForAtom): 41000 (JSC::::cardMarkedForAtom): 41001 (JSC::::markCardForAtom): 41002 * heap/Heap.cpp: 41003 * heap/Heap.h: 41004 (JSC::Heap::addressOfCardFor): 41005 (JSC::Heap::writeBarrierFastCase): 41006 * heap/MarkedBlock.h: 41007 (JSC::MarkedBlock::setDirtyObject): 41008 (JSC::MarkedBlock::addressOfCardFor): 41009 (JSC::MarkedBlock::offsetOfCards): 41010 * jit/JIT.h: 41011 * jit/JITPropertyAccess.cpp: 41012 (JSC::JIT::emit_op_put_by_val): 41013 (JSC::JIT::emit_op_put_by_id): 41014 (JSC::JIT::privateCompilePutByIdTransition): 41015 (JSC::JIT::emit_op_put_scoped_var): 41016 (JSC::JIT::emit_op_put_global_var): 41017 (JSC::JIT::emitWriteBarrier): 41018 * jit/JITPropertyAccess32_64.cpp: 41019 (JSC::JIT::emit_op_put_by_val): 41020 (JSC::JIT::emit_op_put_by_id): 41021 (JSC::JIT::emitSlow_op_put_by_id): 41022 (JSC::JIT::privateCompilePutByIdTransition): 41023 (JSC::JIT::emit_op_put_scoped_var): 41024 (JSC::JIT::emit_op_put_global_var): 41025 410262011-09-23 Thouraya ANDOLSI <thouraya.andolsi@st.com> 41027 41028 https://bugs.webkit.org/show_bug.cgi?id=68077 41029 SH4 assemblers doesn't refer to executable memory handle. 41030 41031 Reviewed by Gavin Barraclough. 41032 41033 * assembler/MacroAssemblerSH4.h: 41034 (JSC::MacroAssemblerSH4::branch8): 41035 * assembler/SH4Assembler.h: 41036 (JSC::SH4Assembler::executableCopy): 41037 410382011-09-23 Oliver Hunt <oliver@apple.com> 41039 41040 PutScopedVar nodes should report that it has a var number 41041 https://bugs.webkit.org/show_bug.cgi?id=68721 41042 41043 Reviewed by Anders Carlsson. 41044 41045 Another assertion fix. 41046 41047 * dfg/DFGNode.h: 41048 (JSC::DFG::Node::hasVarNumber): 41049 410502011-09-23 Oliver Hunt <oliver@apple.com> 41051 41052 Add a bunch of unhandled node types to the propagator 41053 https://bugs.webkit.org/show_bug.cgi?id=68716 41054 41055 Reviewed by Darin Adler. 41056 41057 Remove the ASSERT_NOT_REACHED() default for debug builds in the 41058 prediction propagator, this way unhandled nodes will just cause 41059 compile time failures rather than failing at some point in the 41060 future. 41061 41062 * dfg/DFGPropagator.cpp: 41063 (JSC::DFG::Propagator::propagateNodePredictions): 41064 410652011-09-23 Mark Hahnenberg <mhahnenberg@apple.com> 41066 41067 Add static version of JSCell::visitChildren 41068 https://bugs.webkit.org/show_bug.cgi?id=68404 41069 41070 Reviewed by Darin Adler. 41071 41072 In this patch we just extract the bodies of the virtual visitChildren methods 41073 throughout the JSCell inheritance hierarchy out into static methods, which are 41074 now called from the virtual methods. This is an intermediate step in trying to 41075 move the virtual-ness of visitChildren into our own custom vtable stored in 41076 ClassInfo. We need to convert the methods to static methods in order to be 41077 able to more easily store and refer to them in our custom vtable since normal 41078 member methods store some implicit information in their types, making it 41079 impossible to store them generically in ClassInfo. 41080 41081 * API/JSCallbackObject.h: 41082 (JSC::JSCallbackObject::visitChildrenVirtual): 41083 (JSC::JSCallbackObject::visitChildren): 41084 * JavaScriptCore.exp: 41085 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 41086 * debugger/DebuggerActivation.cpp: 41087 (JSC::DebuggerActivation::visitChildrenVirtual): 41088 (JSC::DebuggerActivation::visitChildren): 41089 * debugger/DebuggerActivation.h: 41090 * heap/MarkStack.cpp: 41091 (JSC::SlotVisitor::visitChildren): 41092 (JSC::SlotVisitor::drain): 41093 * runtime/Arguments.cpp: 41094 (JSC::Arguments::visitChildrenVirtual): 41095 (JSC::Arguments::visitChildren): 41096 * runtime/Arguments.h: 41097 * runtime/Executable.cpp: 41098 (JSC::EvalExecutable::visitChildrenVirtual): 41099 (JSC::EvalExecutable::visitChildren): 41100 (JSC::ProgramExecutable::visitChildrenVirtual): 41101 (JSC::ProgramExecutable::visitChildren): 41102 (JSC::FunctionExecutable::visitChildrenVirtual): 41103 (JSC::FunctionExecutable::visitChildren): 41104 * runtime/Executable.h: 41105 * runtime/GetterSetter.cpp: 41106 (JSC::GetterSetter::visitChildrenVirtual): 41107 (JSC::GetterSetter::visitChildren): 41108 * runtime/GetterSetter.h: 41109 * runtime/JSActivation.cpp: 41110 (JSC::JSActivation::visitChildrenVirtual): 41111 (JSC::JSActivation::visitChildren): 41112 * runtime/JSActivation.h: 41113 * runtime/JSArray.cpp: 41114 (JSC::JSArray::visitChildrenVirtual): 41115 (JSC::JSArray::visitChildren): 41116 * runtime/JSArray.h: 41117 * runtime/JSBoundFunction.cpp: 41118 (JSC::JSBoundFunction::visitChildrenVirtual): 41119 (JSC::JSBoundFunction::visitChildren): 41120 * runtime/JSBoundFunction.h: 41121 * runtime/JSCell.h: 41122 (JSC::JSCell::visitChildrenVirtual): 41123 (JSC::JSCell::visitChildren): 41124 * runtime/JSFunction.cpp: 41125 (JSC::JSFunction::visitChildrenVirtual): 41126 (JSC::JSFunction::visitChildren): 41127 * runtime/JSFunction.h: 41128 * runtime/JSGlobalObject.cpp: 41129 (JSC::JSGlobalObject::visitChildrenVirtual): 41130 (JSC::JSGlobalObject::visitChildren): 41131 * runtime/JSGlobalObject.h: 41132 * runtime/JSObject.cpp: 41133 (JSC::JSObject::visitChildrenVirtual): 41134 (JSC::JSObject::visitChildren): 41135 * runtime/JSObject.h: 41136 (JSC::JSObject::visitChildrenDirect): 41137 * runtime/JSPropertyNameIterator.cpp: 41138 (JSC::JSPropertyNameIterator::visitChildrenVirtual): 41139 (JSC::JSPropertyNameIterator::visitChildren): 41140 * runtime/JSPropertyNameIterator.h: 41141 * runtime/JSStaticScopeObject.cpp: 41142 (JSC::JSStaticScopeObject::visitChildrenVirtual): 41143 (JSC::JSStaticScopeObject::visitChildren): 41144 * runtime/JSStaticScopeObject.h: 41145 * runtime/JSWrapperObject.cpp: 41146 (JSC::JSWrapperObject::visitChildrenVirtual): 41147 (JSC::JSWrapperObject::visitChildren): 41148 * runtime/JSWrapperObject.h: 41149 * runtime/NativeErrorConstructor.cpp: 41150 (JSC::NativeErrorConstructor::visitChildrenVirtual): 41151 (JSC::NativeErrorConstructor::visitChildren): 41152 * runtime/NativeErrorConstructor.h: 41153 * runtime/RegExpObject.cpp: 41154 (JSC::RegExpObject::visitChildrenVirtual): 41155 (JSC::RegExpObject::visitChildren): 41156 * runtime/RegExpObject.h: 41157 * runtime/ScopeChain.cpp: 41158 (JSC::ScopeChainNode::visitChildrenVirtual): 41159 (JSC::ScopeChainNode::visitChildren): 41160 * runtime/ScopeChain.h: 41161 * runtime/Structure.cpp: 41162 (JSC::Structure::visitChildrenVirtual): 41163 (JSC::Structure::visitChildren): 41164 * runtime/Structure.h: 41165 * runtime/StructureChain.cpp: 41166 (JSC::StructureChain::visitChildrenVirtual): 41167 (JSC::StructureChain::visitChildren): 41168 * runtime/StructureChain.h: 41169 411702011-09-23 Oliver Hunt <oliver@apple.com> 41171 41172 Node propagation doesn't handle PutScopedVar 41173 https://bugs.webkit.org/show_bug.cgi?id=68713 41174 41175 Reviewed by Sam Weinig. 41176 41177 This was causing assertion failures. 41178 41179 * dfg/DFGPropagator.cpp: 41180 (JSC::DFG::Propagator::propagateNodePredictions): 41181 411822011-09-23 Anders Carlsson <andersca@apple.com> 41183 41184 Make sure to define OVERRIDE and FINAL for older builds of clang. 41185 41186 * wtf/Compiler.h: 41187 411882011-09-23 Gavin Barraclough <barraclough@apple.com> 41189 41190 Implement op_resolve_global in the DFG JIT 41191 https://bugs.webkit.org/show_bug.cgi?id=68704 41192 41193 Reviewed by Oliver Hunt. 41194 41195 This is performance neutral, but increases coverage. 41196 41197 * dfg/DFGByteCodeParser.cpp: 41198 (JSC::DFG::ByteCodeParser::ByteCodeParser): 41199 (JSC::DFG::ByteCodeParser::parseBlock): 41200 * dfg/DFGNode.h: 41201 (JSC::DFG::Node::hasIdentifier): 41202 (JSC::DFG::Node::resolveInfoIndex): 41203 * dfg/DFGOperations.cpp: 41204 * dfg/DFGOperations.h: 41205 * dfg/DFGSpeculativeJIT.cpp: 41206 (JSC::DFG::SpeculativeJIT::compile): 41207 412082011-09-23 Mark Rowe <mrowe@apple.com> 41209 41210 Define BUILDING_ON_LION / TARGETING_LION when appropriate in Platform.h. 41211 41212 * wtf/Platform.h: 41213 412142011-09-22 Anders Carlsson <andersca@apple.com> 41215 41216 We should add support for OVERRIDE and FINAL annotations 41217 https://bugs.webkit.org/show_bug.cgi?id=68654 41218 41219 Reviewed by David Hyatt. 41220 41221 Add OVERRIDE and FINAL macros for compilers that support them. 41222 41223 * wtf/Compiler.h: 41224 412252011-09-22 Filip Pizlo <fpizlo@apple.com> 41226 41227 GetScopedVar should have value profiling 41228 https://bugs.webkit.org/show_bug.cgi?id=68676 41229 41230 Reviewed by Oliver Hunt. 41231 41232 Added GetScopedVar value profiling and predictin propagation. 41233 Added GetScopeChain to CSE. 41234 41235 * dfg/DFGByteCodeParser.cpp: 41236 (JSC::DFG::ByteCodeParser::parseBlock): 41237 * dfg/DFGGraph.h: 41238 (JSC::DFG::Graph::predict): 41239 * dfg/DFGNode.h: 41240 (JSC::DFG::Node::hasPrediction): 41241 * dfg/DFGPropagator.cpp: 41242 (JSC::DFG::Propagator::propagateNodePredictions): 41243 (JSC::DFG::Propagator::getScopeChainLoadElimination): 41244 (JSC::DFG::Propagator::performNodeCSE): 41245 * jit/JITPropertyAccess.cpp: 41246 (JSC::JIT::emit_op_get_scoped_var): 41247 412482011-09-22 Filip Pizlo <fpizlo@apple.com> 41249 41250 PPC build fix, part 3. 41251 41252 * runtime/Executable.cpp: 41253 (JSC::FunctionExecutable::compileForConstructInternal): 41254 412552011-09-22 Filip Pizlo <fpizlo@apple.com> 41256 41257 Another PPC build fix. 41258 41259 * runtime/Executable.cpp: 41260 * runtime/Executable.h: 41261 412622011-09-22 Dean Jackson <dino@apple.com> 41263 41264 Add ENABLE_CSS_FILTERS 41265 https://bugs.webkit.org/show_bug.cgi?id=68652 41266 41267 Reviewed by Simon Fraser. 41268 41269 * Configurations/FeatureDefines.xcconfig: 41270 412712011-09-22 Gavin Barraclough <barraclough@apple.com> 41272 41273 Incorrect this value passed to callbacks. 41274 https://bugs.webkit.org/show_bug.cgi?id=68668 41275 41276 Reviewed by Oliver Hunt. 41277 41278 From Array/String prototype function. Should be undefined, but 41279 global object is passed instead (this is visible for strict callbacks). 41280 41281 * runtime/ArrayPrototype.cpp: 41282 (JSC::arrayProtoFuncSort): 41283 (JSC::arrayProtoFuncFilter): 41284 (JSC::arrayProtoFuncMap): 41285 (JSC::arrayProtoFuncEvery): 41286 (JSC::arrayProtoFuncForEach): 41287 (JSC::arrayProtoFuncSome): 41288 * runtime/JSArray.cpp: 41289 (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key): 41290 (JSC::JSArray::sort): 41291 * runtime/StringPrototype.cpp: 41292 (JSC::stringProtoFuncReplace): 41293 412942011-09-22 Gavin Barraclough <barraclough@apple.com> 41295 41296 Function.prototype.bind.length shoudl be 1. 41297 41298 Rubber stamped by Olier Hunt. 41299 41300 * runtime/FunctionPrototype.cpp: 41301 (JSC::FunctionPrototype::addFunctionProperties): 41302 413032011-09-22 Filip Pizlo <fpizlo@apple.com> 41304 41305 PPC build fix. 41306 41307 * bytecode/CodeBlock.h: 41308 413092011-09-22 Gavin Barraclough <barraclough@apple.com> 41310 41311 Windows build fix pt. 2 41312 41313 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 41314 413152011-09-22 Gavin Barraclough <barraclough@apple.com> 41316 41317 Windows build fix pt. 1 41318 41319 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 41320 413212011-09-21 Filip Pizlo <fpizlo@apple.com> 41322 41323 DFG JIT does not support to_primitive or strcat 41324 https://bugs.webkit.org/show_bug.cgi?id=68582 41325 41326 Reviewed by Darin Adler. 41327 41328 This adds functional support for to_primitive and strcat. It focuses 41329 on minimizing the amount of code emitted on to_primitive (if we know 41330 that it is a primitive or can speculate cheaply, then we omit the 41331 slow path) and on keeping the implementation of strcat simple while 41332 leveraging whatever optimizations we have already. In particular, 41333 unlike the Call and Construct nodes which require extending the size 41334 of the DFG's callee registers, StrCat takes advantage of the fact 41335 that no JS code can run while StrCat is in progress and uses a 41336 scratch buffer, rather than the register file, to store the list of 41337 values to concatenate. This was done mainly to keep the code simple, 41338 but there are probably other benefits to keeping call frame sizes 41339 down. Essentially, this patch ensures that the presence of an 41340 op_strcat does not mess up any other optimizations we might do while 41341 ensuring that if you do execute it, it'll work about as well as you'd 41342 expect. 41343 41344 When combined with the previous patch for integer division, this is a 41345 14% speed-up on Kraken. Without it, it would have been a 2% loss. 41346 41347 * assembler/AbstractMacroAssembler.h: 41348 (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr): 41349 * dfg/DFGByteCodeParser.cpp: 41350 (JSC::DFG::ByteCodeParser::parseBlock): 41351 * dfg/DFGCapabilities.h: 41352 (JSC::DFG::canCompileOpcode): 41353 * dfg/DFGJITCodeGenerator.h: 41354 (JSC::DFG::JITCodeGenerator::callOperation): 41355 * dfg/DFGJITCompiler.cpp: 41356 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 41357 * dfg/DFGNode.h: 41358 * dfg/DFGOperations.cpp: 41359 * dfg/DFGOperations.h: 41360 * dfg/DFGPropagator.cpp: 41361 (JSC::DFG::Propagator::propagateNodePredictions): 41362 (JSC::DFG::Propagator::performNodeCSE): 41363 * dfg/DFGSpeculativeJIT.cpp: 41364 (JSC::DFG::SpeculativeJIT::compile): 41365 * runtime/JSGlobalData.cpp: 41366 (JSC::JSGlobalData::JSGlobalData): 41367 (JSC::JSGlobalData::~JSGlobalData): 41368 * runtime/JSGlobalData.h: 41369 (JSC::JSGlobalData::scratchBufferForSize): 41370 413712011-09-22 Filip Pizlo <fpizlo@apple.com> 41372 41373 DFG JIT should support integer division 41374 https://bugs.webkit.org/show_bug.cgi?id=68597 41375 41376 Reviewed by Darin Adler. 41377 41378 This adds support for ArithDiv speculating integer, and speculating 41379 that the result is integer (i.e. remainder = 0). 41380 41381 This is a 4% win on Kraken and a 1% loss on V8. 41382 41383 * bytecode/CodeBlock.h: 41384 * dfg/DFGByteCodeParser.cpp: 41385 (JSC::DFG::ByteCodeParser::makeDivSafe): 41386 (JSC::DFG::ByteCodeParser::parseBlock): 41387 * dfg/DFGNode.h: 41388 (JSC::DFG::Node::hasArithNodeFlags): 41389 * dfg/DFGPropagator.cpp: 41390 (JSC::DFG::Propagator::propagateArithNodeFlags): 41391 (JSC::DFG::Propagator::propagateNodePredictions): 41392 (JSC::DFG::Propagator::fixupNode): 41393 * dfg/DFGSpeculativeJIT.cpp: 41394 (JSC::DFG::SpeculativeJIT::compile): 41395 * jit/JITArithmetic.cpp: 41396 (JSC::JIT::emit_op_div): 41397 413982011-09-22 Oliver Hunt <oliver@apple.com> 41399 41400 Implement put_scoped_var in the DFG jit 41401 https://bugs.webkit.org/show_bug.cgi?id=68653 41402 41403 Reviewed by Gavin Barraclough. 41404 41405 Naive implementation of put_scoped_var. Same story as the 41406 get_scoped_var implementation, although I've hoisted scope 41407 object acquisition into a separate dfg node. Ideally in the 41408 future we would reuse the resolved scope chain object, but 41409 for now we don't. 41410 41411 * dfg/DFGByteCodeParser.cpp: 41412 (JSC::DFG::ByteCodeParser::parseBlock): 41413 * dfg/DFGCapabilities.h: 41414 (JSC::DFG::canCompileOpcode): 41415 * dfg/DFGNode.h: 41416 (JSC::DFG::Node::hasScopeChainDepth): 41417 (JSC::DFG::Node::scopeChainDepth): 41418 * dfg/DFGPropagator.cpp: 41419 (JSC::DFG::Propagator::propagateNodePredictions): 41420 * dfg/DFGSpeculativeJIT.cpp: 41421 (JSC::DFG::SpeculativeJIT::compile): 41422 414232011-09-22 Gavin Barraclough <barraclough@apple.com> 41424 41425 Implement Function.prototype.bind 41426 https://bugs.webkit.org/show_bug.cgi?id=26382 41427 41428 Reviewed by Sam Weinig. 41429 41430 This patch provides a basic functional implementation 41431 for Function.bind. It should (hopefully!) be fully 41432 functionally correct, and the bound functions can be 41433 called to quickly (since they are a subclass of 41434 JSFunction, not InternalFunction), but we'll probably 41435 want to follow up with some optimization work to keep 41436 bound calls in JIT code. 41437 41438 * JavaScriptCore.JSVALUE32_64only.exp: 41439 * JavaScriptCore.JSVALUE64only.exp: 41440 * JavaScriptCore.exp: 41441 * JavaScriptCore.xcodeproj/project.pbxproj: 41442 * jit/JITStubs.cpp: 41443 (JSC::JITThunks::hostFunctionStub): 41444 * jit/JITStubs.h: 41445 * jsc.cpp: 41446 (GlobalObject::addFunction): 41447 * runtime/CommonIdentifiers.h: 41448 * runtime/ConstructData.h: 41449 * runtime/Executable.h: 41450 (JSC::NativeExecutable::NativeExecutable): 41451 * runtime/FunctionPrototype.cpp: 41452 (JSC::FunctionPrototype::addFunctionProperties): 41453 (JSC::functionProtoFuncBind): 41454 * runtime/FunctionPrototype.h: 41455 * runtime/JSBoundFunction.cpp: Added. 41456 (JSC::boundFunctionCall): 41457 (JSC::boundFunctionConstruct): 41458 (JSC::JSBoundFunction::create): 41459 (JSC::JSBoundFunction::hasInstance): 41460 (JSC::JSBoundFunction::getOwnPropertySlot): 41461 (JSC::JSBoundFunction::getOwnPropertyDescriptor): 41462 (JSC::JSBoundFunction::JSBoundFunction): 41463 (JSC::JSBoundFunction::finishCreation): 41464 * runtime/JSBoundFunction.h: Added. 41465 (JSC::JSBoundFunction::targetFunction): 41466 (JSC::JSBoundFunction::boundThis): 41467 (JSC::JSBoundFunction::boundArgs): 41468 (JSC::JSBoundFunction::createStructure): 41469 * runtime/JSFunction.cpp: 41470 (JSC::JSFunction::create): 41471 (JSC::JSFunction::finishCreation): 41472 (JSC::createDescriptorForThrowingProperty): 41473 (JSC::JSFunction::getOwnPropertySlot): 41474 * runtime/JSFunction.h: 41475 * runtime/JSGlobalData.cpp: 41476 (JSC::JSGlobalData::getHostFunction): 41477 * runtime/JSGlobalData.h: 41478 * runtime/JSGlobalObject.cpp: 41479 (JSC::JSGlobalObject::reset): 41480 (JSC::JSGlobalObject::visitChildren): 41481 * runtime/JSGlobalObject.h: 41482 (JSC::JSGlobalObject::boundFunctionStructure): 41483 * runtime/Lookup.cpp: 41484 (JSC::setUpStaticFunctionSlot): 41485 414862011-09-22 Oliver Hunt <oliver@apple.com> 41487 41488 Implement get_scoped_var in the DFG 41489 https://bugs.webkit.org/show_bug.cgi?id=68640 41490 41491 Reviewed by Gavin Barraclough. 41492 41493 Naive implementation of get_scoped_var in the DFG. Essentially this 41494 is the bare minimum required to get correct behaviour, so there's no 41495 load/store coalescing or type profiling involved, even though these 41496 would be wins. No impact on SunSpider or V8. 41497 41498 * dfg/DFGByteCodeParser.cpp: 41499 (JSC::DFG::ByteCodeParser::parseBlock): 41500 * dfg/DFGCapabilities.h: 41501 (JSC::DFG::canCompileOpcode): 41502 * dfg/DFGNode.h: 41503 (JSC::DFG::Node::hasVarNumber): 41504 (JSC::DFG::Node::hasScopeChainDepth): 41505 (JSC::DFG::Node::scopeChainDepth): 41506 * dfg/DFGPropagator.cpp: 41507 (JSC::DFG::Propagator::propagateNodePredictions): 41508 * dfg/DFGSpeculativeJIT.cpp: 41509 (JSC::DFG::SpeculativeJIT::compile): 41510 415112011-09-22 Adam Roben <aroben@apple.com> 41512 41513 Remove FindSafari from all our .sln files 41514 41515 It isn't used anymore, so there's no point in building it. 41516 41517 Part of <http://webkit.org/b/68628> Remove FindSafari 41518 41519 Reviewed by Steve Falkenburg. 41520 41521 * JavaScriptCore.vcproj/JavaScriptCore.sln: 41522 415232011-09-22 Filip Pizlo <fpizlo@apple.com> 41524 41525 32-bit call code clobbers the function cell tag 41526 https://bugs.webkit.org/show_bug.cgi?id=68606 41527 41528 Reviewed by Csaba Osztrogonác. 41529 41530 This is a minimalistic fix: it simply emits code to restore the 41531 cell tag on the slow path, if we know that we failed due to 41532 emitCallIfNotType. 41533 41534 * jit/JITCall32_64.cpp: 41535 (JSC::JIT::compileOpCallVarargsSlowCase): 41536 (JSC::JIT::compileOpCallSlowCase): 41537 415382011-09-21 Gavin Barraclough <barraclough@apple.com> 41539 41540 Add missing addPtr->add32 mapping for X86. 41541 41542 Rubber stamped by Sam Weinig. 41543 41544 * assembler/MacroAssembler.h: 41545 (JSC::MacroAssembler::addPtr): 41546 415472011-09-21 Gavin Barraclough <barraclough@apple.com> 41548 41549 Add missing addDouble for AbsoluteAddress to X86 41550 41551 Rubber stamped by Geoff Garen. 41552 41553 * assembler/MacroAssemblerX86.h: 41554 (JSC::MacroAssemblerX86::addDouble): 41555 * assembler/X86Assembler.h: 41556 (JSC::X86Assembler::addsd_mr): 41557 (JSC::X86Assembler::cvtsi2sd_rr): 41558 (JSC::X86Assembler::cvtsi2sd_mr): 41559 415602011-09-21 Gavin Barraclough <barraclough@apple.com> 41561 41562 Build fix following fix for bug #68586. 41563 41564 * jit/JIT.cpp: 41565 * jit/JITInlineMethods.h: 41566 415672011-09-21 Filip Pizlo <fpizlo@apple.com> 41568 41569 DFG JIT should be able to compile op_throw 41570 https://bugs.webkit.org/show_bug.cgi?id=68571 41571 41572 Reviewed by Geoffrey Garen. 41573 41574 This compiles op_throw in the simplest way possible: it's an OSR 41575 point back to the old JIT. This is a good step towards increasing 41576 coverage, particularly on Kraken, but it's neutral because the 41577 same functions that do throw also use some other unsupported 41578 opcodes. 41579 41580 * dfg/DFGByteCodeParser.cpp: 41581 (JSC::DFG::ByteCodeParser::parseBlock): 41582 * dfg/DFGCapabilities.h: 41583 (JSC::DFG::canCompileOpcode): 41584 * dfg/DFGNode.h: 41585 * dfg/DFGPropagator.cpp: 41586 (JSC::DFG::Propagator::propagateNodePredictions): 41587 * dfg/DFGSpeculativeJIT.cpp: 41588 (JSC::DFG::SpeculativeJIT::compile): 41589 415902011-09-21 Filip Pizlo <fpizlo@apple.com> 41591 41592 DFG should support continuous optimization 41593 https://bugs.webkit.org/show_bug.cgi?id=68329 41594 41595 Reviewed by Geoffrey Garen. 41596 41597 This adds the ability to reoptimize a code block if speculation 41598 failures happen frequently. 6% speed-up on Kraken, 1% slow-down 41599 on V8, neutral on SunSpider. 41600 41601 * CMakeLists.txt: 41602 * GNUmakefile.list.am: 41603 * JavaScriptCore.pro: 41604 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 41605 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 41606 * JavaScriptCore.xcodeproj/project.pbxproj: 41607 * bytecode/CodeBlock.cpp: 41608 (JSC::CodeBlock::CodeBlock): 41609 (JSC::ProgramCodeBlock::jettison): 41610 (JSC::EvalCodeBlock::jettison): 41611 (JSC::FunctionCodeBlock::jettison): 41612 (JSC::CodeBlock::shouldOptimizeNow): 41613 (JSC::CodeBlock::dumpValueProfiles): 41614 * bytecode/CodeBlock.h: 41615 * dfg/DFGByteCodeParser.cpp: 41616 (JSC::DFG::ByteCodeParser::getStrongPrediction): 41617 * dfg/DFGJITCompiler.cpp: 41618 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 41619 (JSC::DFG::JITCompiler::compileEntry): 41620 (JSC::DFG::JITCompiler::compileBody): 41621 * dfg/DFGJITCompiler.h: 41622 (JSC::DFG::JITCompiler::noticeOSREntry): 41623 * dfg/DFGOSREntry.cpp: 41624 (JSC::DFG::prepareOSREntry): 41625 * dfg/DFGOSREntry.h: 41626 (JSC::DFG::getOSREntryDataBytecodeIndex): 41627 * dfg/DFGSpeculativeJIT.cpp: 41628 (JSC::DFG::SpeculativeJIT::compile): 41629 * heap/ConservativeRoots.cpp: 41630 (JSC::ConservativeRoots::ConservativeRoots): 41631 (JSC::ConservativeRoots::~ConservativeRoots): 41632 (JSC::DummyMarkHook::mark): 41633 (JSC::ConservativeRoots::genericAddPointer): 41634 (JSC::ConservativeRoots::genericAddSpan): 41635 (JSC::ConservativeRoots::add): 41636 * heap/ConservativeRoots.h: 41637 * heap/Heap.cpp: 41638 (JSC::Heap::addJettisonCodeBlock): 41639 (JSC::Heap::markRoots): 41640 * heap/Heap.h: 41641 * heap/JettisonedCodeBlocks.cpp: Added. 41642 (JSC::JettisonedCodeBlocks::JettisonedCodeBlocks): 41643 (JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks): 41644 (JSC::JettisonedCodeBlocks::addCodeBlock): 41645 (JSC::JettisonedCodeBlocks::clearMarks): 41646 (JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks): 41647 (JSC::JettisonedCodeBlocks::traceCodeBlocks): 41648 * heap/JettisonedCodeBlocks.h: Added. 41649 (JSC::JettisonedCodeBlocks::mark): 41650 * interpreter/RegisterFile.cpp: 41651 (JSC::RegisterFile::gatherConservativeRoots): 41652 * interpreter/RegisterFile.h: 41653 * jit/JITStubs.cpp: 41654 (JSC::DEFINE_STUB_FUNCTION): 41655 * runtime/Executable.cpp: 41656 (JSC::jettisonCodeBlock): 41657 (JSC::EvalExecutable::jettisonOptimizedCode): 41658 (JSC::ProgramExecutable::jettisonOptimizedCode): 41659 (JSC::FunctionExecutable::jettisonOptimizedCodeForCall): 41660 (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct): 41661 * runtime/Executable.h: 41662 (JSC::FunctionExecutable::jettisonOptimizedCodeFor): 41663 * wtf/BitVector.h: Added. 41664 (WTF::BitVector::BitVector): 41665 (WTF::BitVector::~BitVector): 41666 (WTF::BitVector::operator=): 41667 (WTF::BitVector::size): 41668 (WTF::BitVector::ensureSize): 41669 (WTF::BitVector::resize): 41670 (WTF::BitVector::clearAll): 41671 (WTF::BitVector::get): 41672 (WTF::BitVector::set): 41673 (WTF::BitVector::clear): 41674 (WTF::BitVector::bitsInPointer): 41675 (WTF::BitVector::maxInlineBits): 41676 (WTF::BitVector::byteCount): 41677 (WTF::BitVector::makeInlineBits): 41678 (WTF::BitVector::OutOfLineBits::numBits): 41679 (WTF::BitVector::OutOfLineBits::numWords): 41680 (WTF::BitVector::OutOfLineBits::bits): 41681 (WTF::BitVector::OutOfLineBits::create): 41682 (WTF::BitVector::OutOfLineBits::destroy): 41683 (WTF::BitVector::OutOfLineBits::OutOfLineBits): 41684 (WTF::BitVector::isInline): 41685 (WTF::BitVector::outOfLineBits): 41686 (WTF::BitVector::resizeOutOfLine): 41687 (WTF::BitVector::bits): 41688 416892011-09-21 Gavin Barraclough <barraclough@apple.com> 41690 41691 Add X86 GPRInfo for DFG JIT. 41692 https://bugs.webkit.org/show_bug.cgi?id=68586 41693 41694 Reviewed by Geoff Garen. 41695 41696 * dfg/DFGGPRInfo.h: 41697 (JSC::DFG::GPRInfo::toRegister): 41698 (JSC::DFG::GPRInfo::toIndex): 41699 (JSC::DFG::GPRInfo::debugName): 41700 417012011-09-21 Gavin Barraclough <barraclough@apple.com> 41702 41703 Should support value profiling on CPU(X86) 41704 https://bugs.webkit.org/show_bug.cgi?id=68575 41705 41706 Reviewed by Sam Weinig. 41707 41708 Fix verbose profiling in ToT (SlowCaseProfile had been 41709 partially renamed to RareCaseProfile), add in-memory 41710 bucket counter for CPU(X86), move JIT::m_canBeOptimized 41711 out of the DFG_JIT ifdef. 41712 41713 * bytecode/CodeBlock.cpp: 41714 (JSC::CodeBlock::resetRareCaseProfiles): 41715 (JSC::CodeBlock::dumpValueProfiles): 41716 * bytecode/CodeBlock.h: 41717 * dfg/DFGByteCodeParser.cpp: 41718 (JSC::DFG::ByteCodeParser::makeSafe): 41719 * jit/JIT.cpp: 41720 (JSC::JIT::privateCompileSlowCases): 41721 (JSC::JIT::privateCompile): 41722 * jit/JIT.h: 41723 * jit/JITInlineMethods.h: 41724 (JSC::JIT::emitValueProfilingSite): 41725 417262011-09-21 Filip Pizlo <fpizlo@apple.com> 41727 41728 DFG does not support compiling functions as constructors 41729 https://bugs.webkit.org/show_bug.cgi?id=68500 41730 41731 Reviewed by Oliver Hunt. 41732 41733 This adds support for compiling constructors to the DFG. It's a 41734 1% speed-up on V8, mostly due to a 6% speed-up on early-boyer. 41735 It's also a 13% win on access-binary-trees, but it's neutral in 41736 the SunSpider and Kraken averages. 41737 41738 * dfg/DFGByteCodeParser.cpp: 41739 (JSC::DFG::ByteCodeParser::parseBlock): 41740 * dfg/DFGCapabilities.h: 41741 (JSC::DFG::mightCompileFunctionForConstruct): 41742 (JSC::DFG::canCompileOpcode): 41743 * dfg/DFGNode.h: 41744 * dfg/DFGOperations.cpp: 41745 * dfg/DFGOperations.h: 41746 * dfg/DFGPropagator.cpp: 41747 (JSC::DFG::Propagator::propagateNodePredictions): 41748 (JSC::DFG::Propagator::performNodeCSE): 41749 * dfg/DFGSpeculativeJIT.cpp: 41750 (JSC::DFG::SpeculativeJIT::compile): 41751 * runtime/Executable.cpp: 41752 (JSC::FunctionExecutable::compileOptimizedForConstruct): 41753 (JSC::FunctionExecutable::compileForConstructInternal): 41754 * runtime/Executable.h: 41755 (JSC::FunctionExecutable::compileForConstruct): 41756 (JSC::FunctionExecutable::compileFor): 41757 (JSC::FunctionExecutable::compileOptimizedFor): 41758 417592011-09-21 Gavin Barraclough <barraclough@apple.com> 41760 41761 Replace jsFunctionVPtr compares with a type check on the Structure. 41762 https://bugs.webkit.org/show_bug.cgi?id=68557 41763 41764 Reviewed by Oliver Hunt. 41765 41766 This will permit calls to still optimize to subclasses of JSFunction 41767 that have the correct type (but a different C++ vptr). 41768 41769 This patch stops passing the globalData into numerous functions. 41770 41771 * dfg/DFGByteCodeParser.cpp: 41772 (JSC::DFG::ByteCodeParser::parseBlock): 41773 * dfg/DFGGraph.h: 41774 (JSC::DFG::Graph::isFunctionConstant): 41775 (JSC::DFG::Graph::valueOfFunctionConstant): 41776 * dfg/DFGJITCompiler.h: 41777 (JSC::DFG::JITCompiler::isFunctionConstant): 41778 (JSC::DFG::JITCompiler::valueOfFunctionConstant): 41779 * dfg/DFGOperations.cpp: 41780 * interpreter/Interpreter.cpp: 41781 (JSC::Interpreter::privateExecute): 41782 * jit/JIT.h: 41783 * jit/JITCall.cpp: 41784 (JSC::JIT::compileOpCallVarargs): 41785 (JSC::JIT::compileOpCallSlowCase): 41786 * jit/JITCall32_64.cpp: 41787 (JSC::JIT::compileOpCallVarargs): 41788 (JSC::JIT::compileOpCallSlowCase): 41789 * jit/JITInlineMethods.h: 41790 (JSC::JIT::emitJumpIfNotType): 41791 * jit/JITStubs.cpp: 41792 (JSC::DEFINE_STUB_FUNCTION): 41793 * runtime/Executable.h: 41794 (JSC::isHostFunction): 41795 * runtime/JSFunction.h: 41796 (JSC::JSFunction::createStructure): 41797 * runtime/JSObject.cpp: 41798 (JSC::JSObject::put): 41799 (JSC::JSObject::putWithAttributes): 41800 * runtime/JSObject.h: 41801 (JSC::getJSFunction): 41802 (JSC::JSObject::putDirect): 41803 (JSC::JSObject::putDirectWithoutTransition): 41804 * runtime/JSType.h: 41805 418062011-09-21 Geoffrey Garen <ggaren@apple.com> 41807 41808 Removed WTFTHREADDATA_MULTITHREADED, making it always true 41809 https://bugs.webkit.org/show_bug.cgi?id=68549 41810 41811 Reviewed by Darin Adler. 41812 41813 Another part of making threads exist in WebKit. 41814 41815 * wtf/WTFThreadData.cpp: 41816 * wtf/WTFThreadData.h: 41817 (WTF::wtfThreadData): 41818 418192011-09-21 Dan Bernstein <mitz@apple.com> 41820 41821 JavaScriptCore Part of: Prevent the WebKit frameworks from defining inappropriately-named Objective-C classes 41822 https://bugs.webkit.org/show_bug.cgi?id=68451 41823 41824 Reviewed by Darin Adler. 41825 41826 * JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase that invokes 41827 check-for-inappropriate-objc-class-names, allowing only class names prefixed with "JS". 41828 418292011-09-20 Gavin Barraclough <barraclough@apple.com> 41830 41831 MacroAssembler fixes. 41832 https://bugs.webkit.org/show_bug.cgi?id=68494 41833 41834 Reviewed by Sam Weinig. 41835 41836 Add X86-64's 3 operand or32 to other MacroAssembler, fix load32's [const] void* mismatch 41837 41838 * assembler/MacroAssembler.h: 41839 (JSC::MacroAssembler::orPtr): 41840 (JSC::MacroAssembler::loadPtr): 41841 * assembler/MacroAssemblerARM.h: 41842 (JSC::MacroAssemblerARM::or32): 41843 * assembler/MacroAssemblerARMv7.h: 41844 (JSC::MacroAssemblerARMv7::or32): 41845 * assembler/MacroAssemblerMIPS.h: 41846 (JSC::MacroAssemblerMIPS::or32): 41847 * assembler/MacroAssemblerSH4.h: 41848 (JSC::MacroAssemblerSH4::or32): 41849 (JSC::MacroAssemblerSH4::load32): 41850 * assembler/MacroAssemblerX86.h: 41851 (JSC::MacroAssemblerX86::load32): 41852 * assembler/MacroAssemblerX86_64.h: 41853 (JSC::MacroAssemblerX86_64::load32): 41854 418552011-09-20 Geoffrey Garen <ggaren@apple.com> 41856 41857 Some Heap cleanup. 41858 41859 Reviewed by Beth Dakin. 41860 41861 * heap/MarkedBlock.cpp: 41862 (JSC::MarkedBlock::blessNewBlock): Removed blessNewBlockForSlowPath() 41863 because it was unused; renamed blessNewBlockForFastPath() to blessNewBlock() 41864 since there is only one now. 41865 41866 * heap/MarkedBlock.h: Removed ownerSet-related stuff since it was unused. 41867 Updated mark bit overhead calculation. Deployed atomsPerBlock in one 41868 place where we were recalculating it. 41869 41870 * heap/MarkedSpace.cpp: 41871 (JSC::MarkedSpace::addBlock): Updated for rename. 41872 418732011-09-20 Filip Pizlo <fpizlo@apple.com> 41874 41875 DFG JIT always speculates integer on modulo 41876 https://bugs.webkit.org/show_bug.cgi?id=68485 41877 41878 Reviewed by Oliver Hunt. 41879 41880 Added support for double modulo, which is a call to fmod(). 41881 Also added support for recording the old JIT's statistics 41882 on op_mod and propagating them along the graph. Finally, 41883 fixed a goof in the ArithNodeFlags propagation logic that 41884 was made obvious when I started testing ArithMod. 41885 41886 * dfg/DFGByteCodeParser.cpp: 41887 (JSC::DFG::ByteCodeParser::makeSafe): 41888 (JSC::DFG::ByteCodeParser::parseBlock): 41889 * dfg/DFGNode.h: 41890 (JSC::DFG::Node::hasArithNodeFlags): 41891 * dfg/DFGPropagator.cpp: 41892 (JSC::DFG::Propagator::propagateArithNodeFlags): 41893 (JSC::DFG::Propagator::propagateNodePredictions): 41894 (JSC::DFG::Propagator::fixupNode): 41895 * dfg/DFGSpeculativeJIT.cpp: 41896 (JSC::DFG::SpeculativeJIT::compile): 41897 418982011-09-20 ChangSeok Oh <shivamidow@gmail.com> 41899 41900 [GTK] requestAnimationFrame support for gtk port 41901 https://bugs.webkit.org/show_bug.cgi?id=66280 41902 41903 Reviewed by Martin Robinson. 41904 41905 Let GTK port use REQUEST_ANIMATION_FRAME_TIMER. 41906 41907 * wtf/Platform.h: 41908 419092011-09-20 Filip Pizlo <fpizlo@apple.com> 41910 41911 DFG JIT performs too many negative zero checks, and too many 41912 overflow checks 41913 https://bugs.webkit.org/show_bug.cgi?id=68430 41914 41915 Reviewed by Oliver Hunt. 41916 41917 This adds comprehensive support for deciding how to perform an 41918 arithmetic operations based on a combination of overflow profiling, 41919 negative zero profiling, value profiling, and a static analysis of 41920 how the results of these operations get used. 41921 41922 This is a 72% speed-up on stanford-crypto-sha256-iterative, and a 41923 2.5% speed-up on the Kraken average, a 1.4% speed-up on the V8 41924 geomean, and neutral on SunSpider. It's also an 8.5% speed-up on 41925 V8-crypto, because apparenty everything we do speeds up crypto. 41926 41927 * dfg/DFGByteCodeParser.cpp: 41928 (JSC::DFG::ByteCodeParser::toInt32): 41929 (JSC::DFG::ByteCodeParser::toNumber): 41930 (JSC::DFG::ByteCodeParser::isSmallInt32Constant): 41931 (JSC::DFG::ByteCodeParser::valueOfInt32Constant): 41932 (JSC::DFG::ByteCodeParser::weaklyPredictInt32): 41933 (JSC::DFG::ByteCodeParser::makeSafe): 41934 (JSC::DFG::ByteCodeParser::handleMinMax): 41935 (JSC::DFG::ByteCodeParser::handleIntrinsic): 41936 (JSC::DFG::ByteCodeParser::parseBlock): 41937 (JSC::DFG::ByteCodeParser::processPhiStack): 41938 (JSC::DFG::ByteCodeParser::parse): 41939 * dfg/DFGGraph.cpp: 41940 (JSC::DFG::Graph::dump): 41941 * dfg/DFGJITCodeGenerator.cpp: 41942 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): 41943 * dfg/DFGNode.h: 41944 (JSC::DFG::nodeUsedAsNumber): 41945 (JSC::DFG::nodeCanTruncateInteger): 41946 (JSC::DFG::nodeCanIgnoreNegativeZero): 41947 (JSC::DFG::nodeCanSpeculateInteger): 41948 (JSC::DFG::arithNodeFlagsAsString): 41949 (JSC::DFG::Node::Node): 41950 (JSC::DFG::Node::hasArithNodeFlags): 41951 (JSC::DFG::Node::rawArithNodeFlags): 41952 (JSC::DFG::Node::arithNodeFlags): 41953 (JSC::DFG::Node::arithNodeFlagsForCompare): 41954 (JSC::DFG::Node::setArithNodeFlag): 41955 (JSC::DFG::Node::mergeArithNodeFlags): 41956 * dfg/DFGPropagator.cpp: 41957 (JSC::DFG::Propagator::fixpoint): 41958 (JSC::DFG::Propagator::isNotNegZero): 41959 (JSC::DFG::Propagator::isNotZero): 41960 (JSC::DFG::Propagator::propagateArithNodeFlags): 41961 (JSC::DFG::Propagator::propagateArithNodeFlagsForward): 41962 (JSC::DFG::Propagator::propagateArithNodeFlagsBackward): 41963 (JSC::DFG::Propagator::propagateNodePredictions): 41964 (JSC::DFG::Propagator::propagatePredictionsForward): 41965 (JSC::DFG::Propagator::propagatePredictionsBackward): 41966 (JSC::DFG::Propagator::toDouble): 41967 (JSC::DFG::Propagator::fixupNode): 41968 (JSC::DFG::Propagator::fixup): 41969 (JSC::DFG::Propagator::startIndexForChildren): 41970 (JSC::DFG::Propagator::endIndexForPureCSE): 41971 (JSC::DFG::Propagator::pureCSE): 41972 (JSC::DFG::Propagator::clobbersWorld): 41973 (JSC::DFG::Propagator::setReplacement): 41974 (JSC::DFG::Propagator::performNodeCSE): 41975 (JSC::DFG::Propagator::localCSE): 41976 * dfg/DFGSpeculativeJIT.cpp: 41977 (JSC::DFG::SpeculativeJIT::compile): 41978 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 41979 419802011-09-19 Oliver Hunt <oliver@apple.com> 41981 41982 Refactor Heap allocation logic into separate AllocationSpace class 41983 https://bugs.webkit.org/show_bug.cgi?id=68409 41984 41985 Reviewed by Gavin Barraclough. 41986 41987 This patch hoists direct manipulation of the MarkedSpace and related 41988 data out of Heap and into a separate class. This will allow us to 41989 have multiple allocation spaces in future, so easing the way towards 41990 having GC'd backing stores for objects. 41991 41992 * CMakeLists.txt: 41993 * GNUmakefile.list.am: 41994 * JavaScriptCore.exp: 41995 * JavaScriptCore.gypi: 41996 * JavaScriptCore.pro: 41997 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 41998 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 41999 * JavaScriptCore.xcodeproj/project.pbxproj: 42000 * debugger/Debugger.cpp: 42001 (JSC::Debugger::recompileAllJSFunctions): 42002 * heap/AllocationSpace.cpp: Added. 42003 (JSC::AllocationSpace::tryAllocate): 42004 (JSC::AllocationSpace::allocateSlowCase): 42005 (JSC::AllocationSpace::allocateBlock): 42006 (JSC::AllocationSpace::freeBlocks): 42007 (JSC::TakeIfEmpty::TakeIfEmpty): 42008 (JSC::TakeIfEmpty::operator()): 42009 (JSC::TakeIfEmpty::returnValue): 42010 (JSC::AllocationSpace::shrink): 42011 * heap/AllocationSpace.h: Added. 42012 (JSC::AllocationSpace::AllocationSpace): 42013 (JSC::AllocationSpace::blocks): 42014 (JSC::AllocationSpace::sizeClassFor): 42015 (JSC::AllocationSpace::setHighWaterMark): 42016 (JSC::AllocationSpace::highWaterMark): 42017 (JSC::AllocationSpace::canonicalizeBlocks): 42018 (JSC::AllocationSpace::resetAllocator): 42019 (JSC::AllocationSpace::forEachCell): 42020 (JSC::AllocationSpace::forEachBlock): 42021 (JSC::AllocationSpace::allocate): 42022 * heap/Heap.cpp: 42023 (JSC::Heap::Heap): 42024 (JSC::Heap::reportExtraMemoryCostSlowCase): 42025 (JSC::Heap::getConservativeRegisterRoots): 42026 (JSC::Heap::markRoots): 42027 (JSC::Heap::clearMarks): 42028 (JSC::Heap::sweep): 42029 (JSC::Heap::objectCount): 42030 (JSC::Heap::size): 42031 (JSC::Heap::capacity): 42032 (JSC::Heap::globalObjectCount): 42033 (JSC::Heap::objectTypeCounts): 42034 (JSC::Heap::collect): 42035 (JSC::Heap::canonicalizeBlocks): 42036 (JSC::Heap::resetAllocator): 42037 (JSC::Heap::freeBlocks): 42038 (JSC::Heap::shrink): 42039 * heap/Heap.h: 42040 (JSC::Heap::objectSpace): 42041 (JSC::Heap::sizeClassForObject): 42042 (JSC::Heap::allocate): 42043 * jit/JITInlineMethods.h: 42044 (JSC::JIT::emitAllocateBasicJSObject): 42045 * runtime/JSGlobalData.cpp: 42046 (JSC::JSGlobalData::recompileAllJSFunctions): 42047 (JSC::JSGlobalData::releaseExecutableMemory): 42048 420492011-09-19 Geoffrey Garen <ggaren@apple.com> 42050 42051 Removed BREWMP* platform #ifdefs 42052 https://bugs.webkit.org/show_bug.cgi?id=68425 42053 42054 BREWMP* has no maintainer, and this is dead code. 42055 42056 Reviewed by Darin Adler. 42057 42058 * heap/MarkStack.h: 42059 (JSC::::shrinkAllocation): 42060 * jit/ExecutableAllocator.h: 42061 (JSC::ExecutableAllocator::cacheFlush): 42062 * runtime/TimeoutChecker.cpp: 42063 (JSC::getCPUTime): 42064 * wtf/Assertions.cpp: 42065 * wtf/Assertions.h: 42066 * wtf/CurrentTime.cpp: 42067 * wtf/DateMath.cpp: 42068 (WTF::calculateUTCOffset): 42069 * wtf/FastMalloc.cpp: 42070 (WTF::fastMalloc): 42071 (WTF::fastCalloc): 42072 (WTF::fastMallocSize): 42073 * wtf/FastMalloc.h: 42074 * wtf/MainThread.cpp: 42075 * wtf/MathExtras.h: 42076 * wtf/OwnPtrCommon.h: 42077 * wtf/Platform.h: 42078 * wtf/RandomNumber.cpp: 42079 (WTF::randomNumber): 42080 * wtf/RandomNumberSeed.h: 42081 (WTF::initializeRandomNumberGenerator): 42082 * wtf/text/WTFString.h: 42083 * wtf/unicode/Unicode.h: 42084 420852011-09-20 Adam Roben <aroben@apple.com> 42086 42087 Windows build fix after r95523 42088 42089 * wtf/CheckedArithmetic.h: Added stdint.h so we can have int64_t defined. 42090 420912011-09-18 Filip Pizlo <fpizlo@apple.com> 42092 42093 DFG JIT does not speculate aggressively enough on GetById 42094 https://bugs.webkit.org/show_bug.cgi?id=68320 42095 42096 Reviewed by Oliver Hunt. 42097 42098 This adds the ability to access properties directly, by offset. 42099 This optimization kicks in when at the time of DFG compilation, 42100 it appears that the given get_by_id is self-cached by the old JIT. 42101 Two new opcodes get introduced: CheckStructure and GetByOffset. 42102 CheckStructure performs a speculation check on the object's 42103 structure, and returns the storage pointer. GetByOffset performs 42104 a direct read of the field from the storage pointer. Both 42105 CheckStructure and GetByOffset can be CSE'd, so that we can 42106 eliminate redundant structure checks, and redundant reads of the 42107 same field. 42108 42109 This is a 4% speed-up on V8, a 2% slow-down on Kraken, and 42110 neutral on SunSpider. 42111 42112 * bytecode/PredictedType.cpp: 42113 (JSC::predictionFromClassInfo): 42114 (JSC::predictionFromStructure): 42115 (JSC::predictionFromCell): 42116 * bytecode/PredictedType.h: 42117 * dfg/DFGByteCodeParser.cpp: 42118 (JSC::DFG::ByteCodeParser::parseBlock): 42119 * dfg/DFGGenerationInfo.h: 42120 (JSC::DFG::dataFormatToString): 42121 (JSC::DFG::needDataFormatConversion): 42122 (JSC::DFG::GenerationInfo::initStorage): 42123 (JSC::DFG::GenerationInfo::spill): 42124 (JSC::DFG::GenerationInfo::fillStorage): 42125 * dfg/DFGGraph.h: 42126 (JSC::DFG::Graph::predict): 42127 (JSC::DFG::Graph::getPrediction): 42128 * dfg/DFGJITCodeGenerator.cpp: 42129 (JSC::DFG::JITCodeGenerator::fillInteger): 42130 (JSC::DFG::JITCodeGenerator::fillDouble): 42131 (JSC::DFG::JITCodeGenerator::fillJSValue): 42132 (JSC::DFG::JITCodeGenerator::fillStorage): 42133 (JSC::DFG::GPRTemporary::GPRTemporary): 42134 * dfg/DFGJITCodeGenerator.h: 42135 (JSC::DFG::JITCodeGenerator::silentSpillGPR): 42136 (JSC::DFG::JITCodeGenerator::silentFillGPR): 42137 (JSC::DFG::JITCodeGenerator::spill): 42138 (JSC::DFG::JITCodeGenerator::storageResult): 42139 (JSC::DFG::StorageOperand::StorageOperand): 42140 (JSC::DFG::StorageOperand::~StorageOperand): 42141 (JSC::DFG::StorageOperand::index): 42142 (JSC::DFG::StorageOperand::gpr): 42143 (JSC::DFG::StorageOperand::use): 42144 * dfg/DFGNode.h: 42145 (JSC::DFG::OpInfo::OpInfo): 42146 (JSC::DFG::Node::Node): 42147 (JSC::DFG::Node::hasPrediction): 42148 (JSC::DFG::Node::hasStructure): 42149 (JSC::DFG::Node::structure): 42150 (JSC::DFG::Node::hasStorageAccessData): 42151 (JSC::DFG::Node::storageAccessDataIndex): 42152 * dfg/DFGPropagator.cpp: 42153 (JSC::DFG::Propagator::propagateNode): 42154 (JSC::DFG::Propagator::globalVarLoadElimination): 42155 (JSC::DFG::Propagator::getMethodLoadElimination): 42156 (JSC::DFG::Propagator::checkStructureLoadElimination): 42157 (JSC::DFG::Propagator::getByOffsetLoadElimination): 42158 (JSC::DFG::Propagator::performNodeCSE): 42159 * dfg/DFGSpeculativeJIT.cpp: 42160 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 42161 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 42162 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 42163 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 42164 (JSC::DFG::SpeculativeJIT::compile): 42165 * wtf/StdLibExtras.h: 42166 (WTF::safeCast): 42167 421682011-09-19 Mark Hahnenberg <mhahnenberg@apple.com> 42169 42170 Remove toPrimitive from JSCell 42171 https://bugs.webkit.org/show_bug.cgi?id=67875 42172 42173 Reviewed by Darin Adler. 42174 42175 Part of the refactoring process to un-virtualize JSCell. We move 42176 all of the implicit functionality provided by the virtual toPrimitive method 42177 in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while 42178 also de-virtualizing JSCell::toPrimitive. 42179 42180 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 42181 * runtime/JSCell.cpp: 42182 (JSC::JSCell::toPrimitive): 42183 * runtime/JSCell.h: 42184 42185 We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from 42186 JSObject. This pushes the virtual method further down, enabling us to get rid 42187 of the virtual call in JSCell. Eventually we'll probably have to deal with this 42188 again, but we'll cross that bridge when we come to it. 42189 * runtime/JSNotAnObject.cpp: 42190 (JSC::JSNotAnObject::defaultValue): 42191 * runtime/JSNotAnObject.h: 42192 * runtime/JSObject.h: 42193 * runtime/JSString.h: 42194 421952011-09-19 Geoffrey Garen <ggaren@apple.com> 42196 42197 Removed ENABLE_LAZY_BLOCK_FREEING and related #ifdefs 42198 https://bugs.webkit.org/show_bug.cgi?id=68424 42199 42200 As discussed on webkit-dev. All ports build with threads enabled in JSC now. 42201 42202 This may break WinCE and other ports that have not built and tested with 42203 this configuration. I've filed bugs for port maintainers. It's time for 42204 WebKit to move forward. 42205 42206 Reviewed by Mark Rowe. 42207 42208 * heap/Heap.cpp: 42209 (JSC::Heap::Heap): 42210 (JSC::Heap::~Heap): 42211 (JSC::Heap::destroy): 42212 (JSC::Heap::blockFreeingThreadMain): 42213 (JSC::Heap::allocateBlock): 42214 (JSC::Heap::freeBlocks): 42215 (JSC::Heap::releaseFreeBlocks): 42216 * heap/Heap.h: 42217 * wtf/Platform.h: 42218 422192011-09-19 Geoffrey Garen <ggaren@apple.com> 42220 42221 Removed ENABLE_WTF_MULTIPLE_THREADS and related #ifdefs 42222 https://bugs.webkit.org/show_bug.cgi?id=68423 42223 42224 As discussed on webkit-dev. All ports build with threads enabled in WTF now. 42225 42226 This may break WinCE and other ports that have not built and tested with 42227 this configuration. I've filed bugs for port maintainers. It's time for 42228 WebKit to move forward. 42229 42230 Reviewed by Mark Rowe. 42231 42232 * wtf/CryptographicallyRandomNumber.cpp: 42233 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber): 42234 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues): 42235 * wtf/FastMalloc.cpp: 42236 * wtf/Platform.h: 42237 * wtf/RandomNumber.cpp: 42238 (WTF::randomNumber): 42239 * wtf/RefCountedLeakCounter.cpp: 42240 (WTF::RefCountedLeakCounter::increment): 42241 (WTF::RefCountedLeakCounter::decrement): 42242 * wtf/ThreadingPthreads.cpp: 42243 (WTF::initializeThreading): 42244 * wtf/ThreadingWin.cpp: 42245 (WTF::initializeThreading): 42246 * wtf/dtoa.cpp: 42247 (WTF::pow5mult): 42248 * wtf/gtk/ThreadingGtk.cpp: 42249 (WTF::initializeThreading): 42250 * wtf/qt/ThreadingQt.cpp: 42251 (WTF::initializeThreading): 42252 422532011-09-19 Geoffrey Garen <ggaren@apple.com> 42254 42255 Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs. 42256 https://bugs.webkit.org/show_bug.cgi?id=68422 42257 42258 As discussed on webkit-dev. All ports build with threads enabled in JSC now. 42259 42260 This may break WinCE and other ports that have not built and tested with 42261 this configuration. I've filed bugs for port maintainers. It's time for 42262 WebKit to move forward. 42263 42264 Reviewed by Sam Weinig. 42265 42266 * API/APIShims.h: 42267 (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): 42268 * API/JSContextRef.cpp: 42269 * heap/MachineStackMarker.cpp: 42270 (JSC::MachineThreads::MachineThreads): 42271 (JSC::MachineThreads::~MachineThreads): 42272 (JSC::MachineThreads::gatherConservativeRoots): 42273 * heap/MachineStackMarker.h: 42274 * runtime/InitializeThreading.cpp: 42275 (JSC::initializeThreadingOnce): 42276 (JSC::initializeThreading): 42277 * runtime/JSGlobalData.cpp: 42278 (JSC::JSGlobalData::sharedInstance): 42279 * runtime/JSGlobalData.h: 42280 (JSC::JSGlobalData::makeUsableFromMultipleThreads): 42281 * runtime/JSLock.cpp: 42282 * runtime/Structure.cpp: 42283 * wtf/Platform.h: 42284 422852011-09-19 Sheriff Bot <webkit.review.bot@gmail.com> 42286 42287 Unreviewed, rolling out r95493 and r95496. 42288 http://trac.webkit.org/changeset/95493 42289 http://trac.webkit.org/changeset/95496 42290 https://bugs.webkit.org/show_bug.cgi?id=68418 42291 42292 Broke Windows build (Requested by rniwa on #webkit). 42293 42294 * CMakeLists.txt: 42295 * GNUmakefile.list.am: 42296 * JavaScriptCore.exp: 42297 * JavaScriptCore.gypi: 42298 * JavaScriptCore.pro: 42299 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 42300 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 42301 * JavaScriptCore.xcodeproj/project.pbxproj: 42302 * debugger/Debugger.cpp: 42303 (JSC::Debugger::recompileAllJSFunctions): 42304 * heap/AllocationSpace.cpp: Removed. 42305 * heap/AllocationSpace.h: Removed. 42306 * heap/Heap.cpp: 42307 (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty): 42308 (JSC::CountFunctor::TakeIfEmpty::operator()): 42309 (JSC::CountFunctor::TakeIfEmpty::returnValue): 42310 (JSC::Heap::Heap): 42311 (JSC::Heap::reportExtraMemoryCostSlowCase): 42312 (JSC::Heap::tryAllocate): 42313 (JSC::Heap::allocateSlowCase): 42314 (JSC::Heap::getConservativeRegisterRoots): 42315 (JSC::Heap::markRoots): 42316 (JSC::Heap::clearMarks): 42317 (JSC::Heap::sweep): 42318 (JSC::Heap::objectCount): 42319 (JSC::Heap::size): 42320 (JSC::Heap::capacity): 42321 (JSC::Heap::globalObjectCount): 42322 (JSC::Heap::objectTypeCounts): 42323 (JSC::Heap::collect): 42324 (JSC::Heap::canonicalizeBlocks): 42325 (JSC::Heap::resetAllocator): 42326 (JSC::Heap::allocateBlock): 42327 (JSC::Heap::freeBlocks): 42328 (JSC::Heap::shrink): 42329 * heap/Heap.h: 42330 (JSC::Heap::markedSpace): 42331 (JSC::Heap::forEachCell): 42332 (JSC::Heap::forEachBlock): 42333 (JSC::Heap::sizeClassFor): 42334 (JSC::Heap::allocate): 42335 * jit/JITInlineMethods.h: 42336 (JSC::JIT::emitAllocateBasicJSObject): 42337 * runtime/JSGlobalData.cpp: 42338 (JSC::JSGlobalData::recompileAllJSFunctions): 42339 (JSC::JSGlobalData::releaseExecutableMemory): 42340 423412011-09-19 Gavin Barraclough <barraclough@apple.com> 42342 42343 Errrk, missed stylebot comments in last commit. 42344 42345 * runtime/StringPrototype.cpp: 42346 (JSC::stringProtoFuncSplit): 42347 423482011-09-19 Gavin Barraclough <barraclough@apple.com> 42349 42350 String#split is buggy 42351 https://bugs.webkit.org/show_bug.cgi?id=68348 42352 42353 Reviewed by Sam Weinig. 42354 42355 * runtime/StringPrototype.cpp: 42356 (JSC::jsStringWithReuse): 42357 - added helper function to reuse original JSString value. 42358 (JSC::stringProtoFuncSplit): 42359 - Rewritten from the spec. 42360 * tests/mozilla/ecma/String/15.5.4.8-2.js: 42361 (getTestCases): 42362 - This test is not ES5 compliant. 42363 423642011-09-19 Geoffrey Garen <ggaren@apple.com> 42365 42366 Removed lots of friend declarations from JSCell, so we can more 42367 effectively make use of private and protected. 42368 42369 Reviewed by Sam Weinig. 42370 42371 * runtime/JSCell.h: Removed MSVCBugWorkaround because it was a lot of 42372 confusion for not much safety. 42373 (JSC::JSCell::operator new): Made this public because it is used by a 42374 few clients, and not really dangerous. 42375 42376 * runtime/JSObject.cpp: 42377 (JSC::JSObject::put): 42378 (JSC::JSObject::deleteProperty): 42379 (JSC::JSObject::defineGetter): 42380 (JSC::JSObject::defineSetter): 42381 (JSC::JSObject::getPropertySpecificValue): 42382 (JSC::JSObject::getOwnPropertyNames): 42383 (JSC::JSObject::seal): 42384 (JSC::JSObject::freeze): 42385 (JSC::JSObject::preventExtensions): 42386 (JSC::JSObject::removeDirect): 42387 (JSC::JSObject::createInheritorID): 42388 (JSC::JSObject::allocatePropertyStorage): 42389 (JSC::JSObject::getOwnPropertyDescriptor): 42390 * runtime/JSObject.h: 42391 (JSC::JSObject::getDirect): 42392 (JSC::JSObject::getDirectLocation): 42393 (JSC::JSObject::hasCustomProperties): 42394 (JSC::JSObject::hasGetterSetterProperties): 42395 (JSC::JSObject::isSealed): 42396 (JSC::JSObject::isFrozen): 42397 (JSC::JSObject::isExtensible): 42398 (JSC::JSObject::flattenDictionaryObject): 42399 (JSC::JSObject::finishCreation): 42400 (JSC::JSObject::prototype): 42401 (JSC::JSObject::setPrototype): 42402 (JSC::JSObject::inlineGetOwnPropertySlot): 42403 (JSC::JSCell::fastGetOwnProperty): 42404 (JSC::JSObject::putDirectInternal): 42405 (JSC::JSObject::putDirectWithoutTransition): 42406 (JSC::JSObject::transitionTo): 42407 (JSC::JSObject::visitChildrenDirect): Changed all use of m_structure to 42408 structure() / setStructure(), so we don't have to be a friend of JSCell. 42409 42410 * runtime/Structure.h: 42411 (JSC::JSCell::setStructure): Added, to avoid direct access by JSObject 42412 to JSCell::m_structure. 42413 424142011-09-19 Adam Barth <abarth@webkit.org> 42415 42416 Always enable ENABLE(EVENTSOURCE) 42417 https://bugs.webkit.org/show_bug.cgi?id=68414 42418 42419 Reviewed by Eric Seidel. 42420 42421 * Configurations/FeatureDefines.xcconfig: 42422 424232011-09-19 Eli Fidler <efidler@rim.com> 42424 42425 Enable JSC_MULTIPLE_THREADS for OS(QNX). 42426 https://bugs.webkit.org/show_bug.cgi?id=68047 42427 42428 Reviewed by Daniel Bates. 42429 42430 SA_RESTART was required for SIGUSR2-based debugging, but is not 42431 present on QNX. This debugging doesn't seem critical to 42432 JSC_MULTIPLE_THREADS, so allow it to proceed. 42433 42434 * heap/MachineStackMarker.cpp: 42435 (JSC::MachineThreads::Thread::Thread): 42436 (JSC::getPlatformThreadRegisters): 42437 (JSC::otherThreadStackPointer): 42438 (JSC::freePlatformThreadRegisters): 42439 * wtf/Platform.h: enable PTHREADS for OS(QNX) 42440 424412011-09-19 Oliver Hunt <oliver@apple.com> 42442 42443 Windows build fix. 42444 42445 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 42446 424472011-09-19 Oliver Hunt <oliver@apple.com> 42448 42449 Refactor Heap allocation logic into separate AllocationSpace class 42450 https://bugs.webkit.org/show_bug.cgi?id=68409 42451 42452 Reviewed by Gavin Barraclough. 42453 42454 This patch hoists direct manipulation of the MarkedSpace and related 42455 data out of Heap and into a separate class. This will allow us to 42456 have multiple allocation spaces in future, so easing the way towards 42457 having GC'd backing stores for objects. 42458 42459 * CMakeLists.txt: 42460 * GNUmakefile.list.am: 42461 * JavaScriptCore.exp: 42462 * JavaScriptCore.gypi: 42463 * JavaScriptCore.pro: 42464 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 42465 * JavaScriptCore.xcodeproj/project.pbxproj: 42466 * debugger/Debugger.cpp: 42467 (JSC::Debugger::recompileAllJSFunctions): 42468 * heap/AllocationSpace.cpp: Added. 42469 (JSC::AllocationSpace::tryAllocate): 42470 (JSC::AllocationSpace::allocateSlowCase): 42471 (JSC::AllocationSpace::allocateBlock): 42472 (JSC::AllocationSpace::freeBlocks): 42473 (JSC::TakeIfEmpty::TakeIfEmpty): 42474 (JSC::TakeIfEmpty::operator()): 42475 (JSC::TakeIfEmpty::returnValue): 42476 (JSC::AllocationSpace::shrink): 42477 * heap/AllocationSpace.h: Added. 42478 (JSC::AllocationSpace::AllocationSpace): 42479 (JSC::AllocationSpace::blocks): 42480 (JSC::AllocationSpace::sizeClassFor): 42481 (JSC::AllocationSpace::setHighWaterMark): 42482 (JSC::AllocationSpace::highWaterMark): 42483 (JSC::AllocationSpace::canonicalizeBlocks): 42484 (JSC::AllocationSpace::resetAllocator): 42485 (JSC::AllocationSpace::forEachCell): 42486 (JSC::AllocationSpace::forEachBlock): 42487 (JSC::AllocationSpace::allocate): 42488 * heap/Heap.cpp: 42489 (JSC::Heap::Heap): 42490 (JSC::Heap::reportExtraMemoryCostSlowCase): 42491 (JSC::Heap::getConservativeRegisterRoots): 42492 (JSC::Heap::markRoots): 42493 (JSC::Heap::clearMarks): 42494 (JSC::Heap::sweep): 42495 (JSC::Heap::objectCount): 42496 (JSC::Heap::size): 42497 (JSC::Heap::capacity): 42498 (JSC::Heap::globalObjectCount): 42499 (JSC::Heap::objectTypeCounts): 42500 (JSC::Heap::collect): 42501 (JSC::Heap::canonicalizeBlocks): 42502 (JSC::Heap::resetAllocator): 42503 (JSC::Heap::freeBlocks): 42504 (JSC::Heap::shrink): 42505 * heap/Heap.h: 42506 (JSC::Heap::objectSpace): 42507 (JSC::Heap::sizeClassForObject): 42508 (JSC::Heap::allocate): 42509 * jit/JITInlineMethods.h: 42510 (JSC::JIT::emitAllocateBasicJSObject): 42511 * runtime/JSGlobalData.cpp: 42512 (JSC::JSGlobalData::recompileAllJSFunctions): 42513 (JSC::JSGlobalData::releaseExecutableMemory): 42514 425152011-09-19 Adam Roben <aroben@apple.com> 42516 42517 Windows build fix after r95310 42518 42519 * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added 42520 include\private\JavaScriptCore to the include path so DFGIntrinsic.h can be found. 42521 425222011-09-19 Filip Pizlo <fpizlo@apple.com> 42523 42524 DFG speculation failures should act as additional value profiles 42525 https://bugs.webkit.org/show_bug.cgi?id=68335 42526 42527 Reviewed by Oliver Hunt. 42528 42529 This adds slow-case counters to the old JIT. It also ensures that 42530 negative zero in multiply is handled carefully. The old JIT 42531 previously took slow path if the result of a multiply was zero, 42532 which, without any changes, would cause the DFG to think that 42533 every such multiply produced a double result. 42534 42535 This also fixes a bug in the old JIT's handling of decrements. It 42536 would take the slow path if the result was zero, but not if it 42537 underflowed. 42538 42539 By itself, this would be a 1% slow-down on V8 and Kraken. But then 42540 I wrote optimizations in the DFG that take advantage of this new 42541 information. It's no longer the case that every multiply needs to 42542 do a check for negative zero; it only happens if the negative 42543 zero is ignored. 42544 42545 This results in a 12% speed-up on v8-crypto, for a 1.4% geomean 42546 speed-up in V8. It's mostly neutral on Kraken. I can see an 42547 0.5% slow-down and it appears to be significant. 42548 42549 * bytecode/CodeBlock.cpp: 42550 (JSC::CodeBlock::resetRareCaseProfiles): 42551 (JSC::CodeBlock::dumpValueProfiles): 42552 * bytecode/CodeBlock.h: 42553 * bytecode/ValueProfile.h: 42554 (JSC::RareCaseProfile::RareCaseProfile): 42555 (JSC::getRareCaseProfileBytecodeOffset): 42556 * dfg/DFGByteCodeParser.cpp: 42557 (JSC::DFG::ByteCodeParser::toInt32): 42558 (JSC::DFG::ByteCodeParser::makeSafe): 42559 (JSC::DFG::ByteCodeParser::parseBlock): 42560 * dfg/DFGJITCodeGenerator.cpp: 42561 (JSC::DFG::GPRTemporary::GPRTemporary): 42562 * dfg/DFGJITCodeGenerator.h: 42563 * dfg/DFGNode.h: 42564 * dfg/DFGPropagator.cpp: 42565 (JSC::DFG::Propagator::propagateNode): 42566 (JSC::DFG::Propagator::fixupNode): 42567 (JSC::DFG::Propagator::clobbersWorld): 42568 (JSC::DFG::Propagator::performNodeCSE): 42569 * dfg/DFGSpeculativeJIT.cpp: 42570 (JSC::DFG::SpeculativeJIT::compile): 42571 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 42572 * jit/JIT.cpp: 42573 (JSC::JIT::privateCompileSlowCases): 42574 * jit/JIT.h: 42575 (JSC::JIT::linkDummySlowCase): 42576 * jit/JITArithmetic.cpp: 42577 (JSC::JIT::emit_op_post_dec): 42578 (JSC::JIT::emit_op_pre_dec): 42579 (JSC::JIT::compileBinaryArithOp): 42580 (JSC::JIT::emit_op_add): 42581 (JSC::JIT::emitSlow_op_add): 42582 * jit/JITInlineMethods.h: 42583 (JSC::JIT::addSlowCase): 42584 425852011-09-19 Adam Roben <aroben@apple.com> 42586 42587 Windows build fix after r94575 42588 42589 * JavaScriptCore.vcproj/JavaScriptCore.sln: Relinearized project dependencies. testRegExp 42590 now builds just before FindSafari. 42591 425922011-09-19 Sheriff Bot <webkit.review.bot@gmail.com> 42593 42594 Unreviewed, rolling out r95466. 42595 http://trac.webkit.org/changeset/95466 42596 https://bugs.webkit.org/show_bug.cgi?id=68389 42597 42598 Incorrect version of the patch. (Requested by mhahnenberg on 42599 #webkit). 42600 42601 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 42602 * runtime/JSCell.cpp: 42603 (JSC::JSCell::toPrimitive): 42604 * runtime/JSCell.h: 42605 (JSC::JSCell::JSValue::toPrimitive): 42606 * runtime/JSNotAnObject.cpp: 42607 (JSC::JSNotAnObject::toPrimitive): 42608 * runtime/JSNotAnObject.h: 42609 * runtime/JSObject.h: 42610 * runtime/JSString.h: 42611 426122011-09-19 Mark Hahnenberg <mhahnenberg@apple.com> 42613 42614 Remove toPrimitive from JSCell 42615 https://bugs.webkit.org/show_bug.cgi?id=67875 42616 42617 Reviewed by Geoffrey Garen. 42618 42619 Part of the refactoring process to un-virtualize JSCell. We move 42620 all of the implicit functionality provided by the virtual toPrimitive method 42621 in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while 42622 also de-virtualizing JSCell::toPrimitive. 42623 42624 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 42625 * runtime/JSCell.cpp: 42626 (JSC::JSCell::toPrimitive): 42627 * runtime/JSCell.h: 42628 42629 We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from 42630 JSObject. This pushes the virtual method further down, enabling us to get rid 42631 of the virtual call in JSCell. Eventually we'll probably have to deal with this 42632 again, but we'll cross that bridge when we come to it. 42633 * runtime/JSNotAnObject.cpp: 42634 (JSC::JSNotAnObject::defaultValue): 42635 * runtime/JSNotAnObject.h: 42636 * runtime/JSObject.h: 42637 * runtime/JSString.h: 42638 (JSC::JSValue::toPrimitive): 42639 426402011-09-19 Oliver Hunt <oliver@apple.com> 42641 42642 Build fix. 42643 42644 * jit/JITPropertyAccess32_64.cpp: 42645 (JSC::JIT::compileGetDirectOffset): 42646 426472011-09-19 Oliver Hunt <oliver@apple.com> 42648 42649 Rename NewSpace.{h,cpp} to MarkedSpace.{h,cpp} 42650 https://bugs.webkit.org/show_bug.cgi?id=68376 42651 42652 Reviewed by Gavin Barraclough. 42653 42654 Renamed the the MarkedSpace files to match new name, and 42655 updated the relevant references. 42656 42657 * CMakeLists.txt: 42658 * GNUmakefile.list.am: 42659 * JavaScriptCore.gypi: 42660 * JavaScriptCore.pro: 42661 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 42662 * JavaScriptCore.xcodeproj/project.pbxproj: 42663 * heap/Heap.h: 42664 * heap/MarkedSpace.cpp: Renamed from Source/JavaScriptCore/heap/NewSpace.cpp. 42665 (JSC::MarkedSpace::MarkedSpace): 42666 (JSC::MarkedSpace::addBlock): 42667 (JSC::MarkedSpace::removeBlock): 42668 (JSC::MarkedSpace::resetAllocator): 42669 (JSC::MarkedSpace::canonicalizeBlocks): 42670 * heap/MarkedSpace.h: Renamed from Source/JavaScriptCore/heap/NewSpace.h. 42671 (JSC::MarkedSpace::waterMark): 42672 (JSC::MarkedSpace::highWaterMark): 42673 (JSC::MarkedSpace::setHighWaterMark): 42674 (JSC::MarkedSpace::sizeClassFor): 42675 (JSC::MarkedSpace::allocate): 42676 (JSC::MarkedSpace::forEachBlock): 42677 (JSC::MarkedSpace::SizeClass::SizeClass): 42678 (JSC::MarkedSpace::SizeClass::resetAllocator): 42679 (JSC::MarkedSpace::SizeClass::canonicalizeBlock): 42680 * runtime/JSCell.h: 42681 426822011-09-19 Oliver Hunt <oliver@apple.com> 42683 42684 Rename NewSpace to MarkedSpace 42685 https://bugs.webkit.org/show_bug.cgi?id=68375 42686 42687 Reviewed by Gavin Barraclough. 42688 42689 Rename NewSpace to a more accurate name, and update all uses. 42690 This patch doesn't rename the files themselves as that will 42691 just make the patch appear bigger than it is. 42692 42693 * JavaScriptCore.exp: 42694 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 42695 * heap/Heap.cpp: 42696 (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty): 42697 (JSC::CountFunctor::TakeIfEmpty::operator()): 42698 (JSC::Heap::Heap): 42699 (JSC::Heap::reportExtraMemoryCostSlowCase): 42700 (JSC::Heap::tryAllocate): 42701 (JSC::Heap::allocateSlowCase): 42702 (JSC::Heap::collect): 42703 (JSC::Heap::canonicalizeBlocks): 42704 (JSC::Heap::resetAllocator): 42705 (JSC::Heap::isValidAllocation): 42706 (JSC::Heap::shrink): 42707 * heap/Heap.h: 42708 (JSC::Heap::markedSpace): 42709 (JSC::Heap::sizeClassFor): 42710 (JSC::Heap::allocate): 42711 * heap/NewSpace.cpp: 42712 (JSC::MarkedSpace::MarkedSpace): 42713 (JSC::MarkedSpace::addBlock): 42714 (JSC::MarkedSpace::removeBlock): 42715 (JSC::MarkedSpace::resetAllocator): 42716 (JSC::MarkedSpace::canonicalizeBlocks): 42717 * heap/NewSpace.h: 42718 (JSC::MarkedSpace::waterMark): 42719 (JSC::MarkedSpace::highWaterMark): 42720 (JSC::MarkedSpace::setHighWaterMark): 42721 (JSC::MarkedSpace::sizeClassFor): 42722 (JSC::MarkedSpace::allocate): 42723 (JSC::MarkedSpace::forEachBlock): 42724 (JSC::MarkedSpace::SizeClass::SizeClass): 42725 (JSC::MarkedSpace::SizeClass::resetAllocator): 42726 (JSC::MarkedSpace::SizeClass::canonicalizeBlock): 42727 * jit/JITInlineMethods.h: 42728 (JSC::JIT::emitAllocateBasicJSObject): 42729 427302011-09-19 Peter Rybin <peter.rybin@gmail.com> 42731 42732 TextPosition refactoring: Merge ZeroBasedNumber and OneBasedNumber classes 42733 https://bugs.webkit.org/show_bug.cgi?id=63541 42734 42735 Reviewed by Adam Barth. 42736 42737 * parser/SourceProvider.h: 42738 (JSC::SourceProvider::startPosition): 42739 * wtf/text/TextPosition.h: 42740 (WTF::OrdinalNumber::fromZeroBasedInt): 42741 (WTF::OrdinalNumber::fromOneBasedInt): 42742 (WTF::OrdinalNumber::OrdinalNumber): 42743 (WTF::OrdinalNumber::zeroBasedInt): 42744 (WTF::OrdinalNumber::oneBasedInt): 42745 (WTF::OrdinalNumber::operator==): 42746 (WTF::OrdinalNumber::operator!=): 42747 (WTF::OrdinalNumber::first): 42748 (WTF::OrdinalNumber::beforeFirst): 42749 (WTF::TextPosition::TextPosition): 42750 (WTF::TextPosition::minimumPosition): 42751 (WTF::TextPosition::belowRangePosition): 42752 427532011-09-19 Dan Bernstein <mitz@apple.com> 42754 42755 JavaScriptCore part of [mac] WebKit contains Objective-C classes that are not prefixed with its standard prefixes 42756 https://bugs.webkit.org/show_bug.cgi?id=68323 42757 42758 Reviewed by Sam Weinig. 42759 42760 Renamed WTFMainThreadCaller to JSWTFMainThreadCaller. 42761 42762 * wtf/mac/MainThreadMac.mm: 42763 (WTF::initializeMainThreadPlatform): 42764 (WTF::initializeMainThreadToProcessMainThreadPlatform): 42765 427662011-09-19 Oliver Hunt <oliver@apple.com> 42767 42768 Remove direct property slot pointers from the instruction stream 42769 https://bugs.webkit.org/show_bug.cgi?id=68373 42770 42771 Reviewed by Gavin Barraclough. 42772 42773 Use an indirect load to access prototype properties rather than directly 42774 storing the property address in the instruction stream. This should allow 42775 further optimisations in future, and also provides a 0.5% win to sunspider. 42776 42777 * dfg/DFGRepatch.cpp: 42778 (JSC::DFG::generateProtoChainAccessStub): 42779 * jit/JITPropertyAccess.cpp: 42780 (JSC::JIT::compileGetDirectOffset): 42781 * jit/JITPropertyAccess32_64.cpp: 42782 (JSC::JIT::compileGetDirectOffset): 42783 * runtime/JSObject.h: 42784 (JSC::JSObject::addressOfPropertyStorage): 42785 427862011-09-19 Oliver Hunt <oliver@apple.com> 42787 42788 Remove bump allocator 42789 https://bugs.webkit.org/show_bug.cgi?id=68370 42790 42791 Reviewed by Sam Weinig. 42792 42793 Can't do anything with this allocator currently, and it's 42794 increasing the complexity of the GC code. Slight progression 42795 on SunSpider, slight regression (undoing the original progression) 42796 in V8. 42797 42798 * heap/Heap.cpp: 42799 (JSC::Heap::collect): 42800 * heap/Heap.h: 42801 * heap/NewSpace.cpp: 42802 (JSC::NewSpace::NewSpace): 42803 * heap/NewSpace.h: 42804 (JSC::NewSpace::allocate): 42805 * runtime/JSObject.cpp: 42806 (JSC::JSObject::allocatePropertyStorage): 42807 * runtime/JSObject.h: 42808 (JSC::JSObject::~JSObject): 42809 (JSC::JSObject::visitChildrenDirect): 42810 * runtime/StorageBarrier.h: 42811 (JSC::StorageBarrier::set): 42812 428132011-09-19 Carlos Garcia Campos <cgarcia@igalia.com> 42814 42815 [GTK] Fix distcheck build 42816 https://bugs.webkit.org/show_bug.cgi?id=68346 42817 42818 Reviewed by Philippe Normand. 42819 42820 * GNUmakefile.list.am: 42821 428222011-09-19 Carlos Garcia Campos <cgarcia@igalia.com> 42823 42824 [GTK] Fix distcheck build 42825 https://bugs.webkit.org/show_bug.cgi?id=68241 42826 42827 Reviewed by Martin Robinson. 42828 42829 * GNUmakefile.list.am: 42830 428312011-09-18 Dan Bernstein <mitz@apple.com> 42832 42833 Removed ProfilerServer. 42834 42835 Reviewed by Mark Rowe. 42836 42837 * JavaScriptCore.gypi: 42838 * JavaScriptCore.xcodeproj/project.pbxproj: 42839 * profiler/ProfilerServer.h: Removed. 42840 * profiler/ProfilerServer.mm: Removed. 42841 * runtime/JSGlobalData.cpp: 42842 (JSC::JSGlobalData::JSGlobalData): 42843 * wscript: 42844 428452011-09-17 Filip Pizlo <fpizlo@apple.com> 42846 42847 DFG JIT should inline Math.min, Math.max, and Math.sqrt 42848 https://bugs.webkit.org/show_bug.cgi?id=68318 42849 42850 Reviewed by Gavin Barraclough. 42851 42852 Adds Math.min, Math.max, and Math.sqrt intrinsics. Adds support for 42853 a function to have an intrinsic but not a thunk generator. This is 42854 a 7% speed-up on access-nbody, and neutral elsewhere, mainly because 42855 we're still not DFG compiling the bulk of the hot code in Kraken audio 42856 benchmarks. 42857 42858 * create_hash_table: 42859 * dfg/DFGByteCodeParser.cpp: 42860 (JSC::DFG::ByteCodeParser::handleMinMax): 42861 (JSC::DFG::ByteCodeParser::handleIntrinsic): 42862 * dfg/DFGIntrinsic.h: 42863 * dfg/DFGNode.h: 42864 * dfg/DFGPropagator.cpp: 42865 (JSC::DFG::Propagator::propagateNode): 42866 (JSC::DFG::Propagator::fixupNode): 42867 * dfg/DFGSpeculativeJIT.cpp: 42868 (JSC::DFG::SpeculativeJIT::compile): 42869 * jit/JITStubs.cpp: 42870 (JSC::JITThunks::hostFunctionStub): 42871 * runtime/Lookup.cpp: 42872 (JSC::setUpStaticFunctionSlot): 42873 428742011-09-18 Nico Weber <thakis@chromium.org> 42875 42876 Remove two files from JavaScriptCore.gypi that were removed in r95240 42877 https://bugs.webkit.org/show_bug.cgi?id=68327 42878 42879 Unreviewed, build warning fix. 42880 42881 * JavaScriptCore.gypi: 42882 428832011-09-17 Oliver Hunt <oliver@apple.com> 42884 42885 Remove special case handling of inline storage from the JIT 42886 https://bugs.webkit.org/show_bug.cgi?id=68319 42887 42888 Reviewed by Gavin Barraclough. 42889 42890 Simplify logic used for reading and writing to property storage 42891 by removing the special cases for inline storage. This has no 42892 perf impact. 42893 42894 * dfg/DFGRepatch.cpp: 42895 (JSC::DFG::generateProtoChainAccessStub): 42896 (JSC::DFG::tryBuildGetByIDList): 42897 * jit/JIT.h: 42898 * jit/JITPropertyAccess.cpp: 42899 (JSC::JIT::compilePutDirectOffset): 42900 (JSC::JIT::compileGetDirectOffset): 42901 (JSC::JIT::privateCompilePutByIdTransition): 42902 (JSC::JIT::privateCompileGetByIdSelfList): 42903 * jit/JITPropertyAccess32_64.cpp: 42904 (JSC::JIT::compilePutDirectOffset): 42905 (JSC::JIT::compileGetDirectOffset): 42906 (JSC::JIT::privateCompilePutByIdTransition): 42907 (JSC::JIT::privateCompileGetByIdSelfList): 42908 429092011-09-17 Filip Pizlo <fpizlo@apple.com> 42910 42911 DFG JIT does not have full block-local CSE 42912 https://bugs.webkit.org/show_bug.cgi?id=68316 42913 42914 Reviewed by Oliver Hunt. 42915 42916 This adds block-local CSE to the DFG. CSE runs in the propagator just after 42917 type propagation. It is part of the propagator itself because it needs to 42918 use the propagator's internal data structures to determine which operations 42919 may have side effects. Because it changes the live-ranges of nodes, the 42920 virtual register allocator had to be moved into the propagator so that it 42921 runs after CSE. To ensure that the back-end knows to keep the inputs to 42922 any eliminated node alive for OSR, a new node type, Phantom, was introduced. 42923 It is a no-op but prolonges the live-range of its inputs. 42924 42925 This is an 80% speed-up on imaging-gaussian-blur, and a 10% speed-up on 42926 Kraken. 42927 42928 * JavaScriptCore.xcodeproj/project.pbxproj: 42929 * dfg/DFGAliasTracker.h: Removed. 42930 * dfg/DFGByteCodeParser.cpp: 42931 (JSC::DFG::ByteCodeParser::parseBlock): 42932 (JSC::DFG::ByteCodeParser::parse): 42933 * dfg/DFGGraph.cpp: 42934 (JSC::DFG::Graph::dump): 42935 * dfg/DFGGraph.h: 42936 (JSC::DFG::MethodCheckData::operator==): 42937 (JSC::DFG::MethodCheckData::operator!=): 42938 * dfg/DFGNode.h: 42939 (JSC::DFG::Node::hasVirtualRegister): 42940 (JSC::DFG::Node::setRefCount): 42941 * dfg/DFGPropagator.cpp: 42942 (JSC::DFG::Propagator::Propagator): 42943 (JSC::DFG::Propagator::fixpoint): 42944 (JSC::DFG::Propagator::propagateNode): 42945 (JSC::DFG::Propagator::canonicalize): 42946 (JSC::DFG::Propagator::computeStartIndex): 42947 (JSC::DFG::Propagator::startIndex): 42948 (JSC::DFG::Propagator::pureCSE): 42949 (JSC::DFG::Propagator::globalVarLoadElimination): 42950 (JSC::DFG::Propagator::getByValLoadElimination): 42951 (JSC::DFG::Propagator::getMethodLoadElimination): 42952 (JSC::DFG::Propagator::performSubstitution): 42953 (JSC::DFG::Propagator::setReplacement): 42954 (JSC::DFG::Propagator::performNodeCSE): 42955 (JSC::DFG::Propagator::performBlockCSE): 42956 (JSC::DFG::Propagator::localCSE): 42957 (JSC::DFG::Propagator::allocateVirtualRegisters): 42958 (JSC::DFG::propagate): 42959 * dfg/DFGSpeculativeJIT.cpp: 42960 (JSC::DFG::SpeculativeJIT::compile): 42961 429622011-09-16 Filip Pizlo <fpizlo@apple.com> 42963 42964 method_check should repatch itself if it finds that the new structure(s) 42965 are the result of transitions from the old structure(s) 42966 https://bugs.webkit.org/show_bug.cgi?id=68294 42967 42968 Reviewed by Gavin Barraclough. 42969 42970 Previously a patched method_check would slow-path to get_by_id. Now it 42971 slow-paths to method_check_update, which attempts to correct the 42972 method_check due to structure transitions before bailing to get_by_id. 42973 42974 This is a 1-2% speed-up on some benchmarks and is not a slow-down 42975 anywhere, leading to a 0.6% speed-up on the Kraken geomean. 42976 42977 * jit/JITPropertyAccess.cpp: 42978 (JSC::JIT::patchMethodCallProto): 42979 * jit/JITStubs.cpp: 42980 (JSC::DEFINE_STUB_FUNCTION): 42981 * jit/JITStubs.h: 42982 * runtime/Structure.h: 42983 (JSC::Structure::transitivelyTransitionedFrom): 42984 429852011-09-16 Ryosuke Niwa <rniwa@webkit.org> 42986 42987 Touch Platform.h in the hope to fix SnowLeopard Intel Release (WebKit2 Tests). 42988 42989 * wtf/Platform.h: 42990 429912011-09-16 Sam Weinig <sam@webkit.org> 42992 42993 Rename APIValueWrapper type to APIValueWrapperType for consistency 42994 https://bugs.webkit.org/show_bug.cgi?id=68306 42995 42996 Reviewed by Anders Carlsson. 42997 42998 * runtime/JSAPIValueWrapper.h: 42999 (JSC::JSAPIValueWrapper::createStructure): 43000 Update name. 43001 43002 * runtime/JSType.h: 43003 Update name and un-indent. 43004 43005 * runtime/Structure.h: 43006 (JSC::JSCell::isAPIValueWrapper): 43007 Update name. 43008 430092011-09-16 Sam Weinig <sam@webkit.org> 43010 43011 Remove unused isStrictModeFunction function 43012 https://bugs.webkit.org/show_bug.cgi?id=68305 43013 43014 Reviewed by Anders Carlsson. 43015 43016 * runtime/JSObject.h: 43017 (JSC::JSObject::isStrictModeFunction): 43018 430192011-09-16 Sam Weinig <sam@webkit.org> 43020 43021 Cleanup JSTypeInfo a bit 43022 https://bugs.webkit.org/show_bug.cgi?id=68289 43023 43024 Reviewed by Anders Carlsson. 43025 43026 * dfg/DFGOperations.cpp: 43027 * jit/JITStubs.cpp: 43028 (JSC::DEFINE_STUB_FUNCTION): 43029 Replace direct access to flags() with predicate. 43030 43031 * runtime/JSObject.h: 43032 (JSC::JSFinalObject::createStructure): 43033 Pass FinalObjectType instead of using special IsJSFinalObject. 43034 43035 * runtime/JSTypeInfo.h: 43036 (JSC::TypeInfo::TypeInfo): 43037 Add additional assert that you should no object should OverridesHasInstance but not have ImplementsHasInstance set. 43038 43039 (JSC::TypeInfo::isFinalObject): 43040 Added. 43041 43042 (JSC::TypeInfo::masqueradesAsUndefined): 43043 (JSC::TypeInfo::implementsHasInstance): 43044 (JSC::TypeInfo::isEnvironmentRecord): 43045 (JSC::TypeInfo::overridesHasInstance): 43046 (JSC::TypeInfo::implementsDefaultHasInstance): 43047 (JSC::TypeInfo::overridesGetOwnPropertySlot): 43048 (JSC::TypeInfo::overridesVisitChildren): 43049 (JSC::TypeInfo::overridesGetPropertyNames): 43050 (JSC::TypeInfo::prohibitsPropertyCaching): 43051 (JSC::TypeInfo::isSetOnFlags1): 43052 (JSC::TypeInfo::isSetOnFlags2): 43053 Replace direct bit twiddling with helper functions. 43054 43055 * runtime/Structure.cpp: 43056 (JSC::Structure::Structure): 43057 Use new isFinalObject() predicate. 43058 430592011-09-16 Gavin Barraclough <barraclough@apple.com> 43060 43061 Unsigned bit shift fails under certain conditions in 32 bit builds 43062 https://bugs.webkit.org/show_bug.cgi?id=68166 43063 43064 Reviewed by Geoff Garen. 43065 43066 The major bug here is that the slow case (which handles shifts of 43067 doubles) doesn't check for negative results from an unsigned shift 43068 (which should be unsigned, and as such can't be represented by a 43069 signed integer immediate). The implementation is also flawed for 43070 shifts by negative shift amounts (treats as shift by zero). 43071 43072 * jit/JITArithmetic32_64.cpp: 43073 (JSC::JIT::emitRightShift): 43074 (JSC::JIT::emitRightShiftSlowCase): 43075 430762011-09-16 Geoffrey Garen <ggaren@apple.com> 43077 43078 Removed undetectable style.filter. 43079 43080 Reviewed by Sam Weinig. 43081 43082 This feature was added in http://trac.webkit.org/changeset/15557 to 43083 support housingmaps.com. But housingmaps.com no longer needs this hack, 43084 we don't know of other websites that need it, and we don't know of 43085 any other browsers that have implemented this feature. 43086 43087 * GNUmakefile.list.am: 43088 * JavaScriptCore.gypi: 43089 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 43090 * JavaScriptCore.xcodeproj/project.pbxproj: 43091 * runtime/JSTypeInfo.h: 43092 * runtime/StringObjectThatMasqueradesAsUndefined.h: Removed. 43093 430942011-09-15 Sam Weinig <sam@webkit.org> 43095 43096 Prepare JSTypes for more Object subtypes 43097 https://bugs.webkit.org/show_bug.cgi?id=68200 43098 43099 Reviewed by Gavin Barraclough. 43100 43101 * dfg/DFGJITCompiler.h: 43102 (JSC::DFG::JITCompiler::branchIfNotObject): 43103 * jit/JITInlineMethods.h: 43104 (JSC::JIT::emitJumpIfNotObject): 43105 * runtime/JSGlobalObject.h: 43106 (JSC::Structure::prototypeForLookup): 43107 * runtime/JSObject.h: 43108 (JSC::JSObject::finishCreation): 43109 * runtime/JSType.h: 43110 * runtime/JSTypeInfo.h: 43111 (JSC::TypeInfo::type): 43112 (JSC::TypeInfo::isObject): 43113 (JSC::TypeInfo::isFinal): 43114 (JSC::TypeInfo::prohibitsPropertyCaching): 43115 * runtime/NativeErrorConstructor.h: 43116 (JSC::NativeErrorConstructor::finishCreation): 43117 * runtime/Operations.cpp: 43118 (JSC::jsIsObjectType): 43119 * runtime/Structure.cpp: 43120 (JSC::Structure::addPropertyTransitionToExistingStructure): 43121 (JSC::Structure::addPropertyTransition): 43122 * runtime/Structure.h: 43123 (JSC::Structure::isObject): 43124 (JSC::JSCell::isObject): 43125 431262011-09-16 Geoffrey Garen <ggaren@apple.com> 43127 43128 Rolled back in r95201 with test failure fixed. 43129 43130 I missed two cases of jumpSlowToHot in rshift -- these cases need to be 43131 sure to initialize regT1 to the int tag, since it will otherwise hold 43132 the top 32 bits of a double. 43133 43134 * jit/JIT.h: 43135 * jit/JITArithmetic32_64.cpp: 43136 (JSC::JIT::emit_op_lshift): 43137 (JSC::JIT::emitRightShift): 43138 (JSC::JIT::emitRightShiftSlowCase): 43139 (JSC::JIT::emit_op_bitand): 43140 (JSC::JIT::emit_op_bitor): 43141 (JSC::JIT::emit_op_bitxor): 43142 (JSC::JIT::emit_op_bitnot): 43143 (JSC::JIT::emit_op_post_inc): 43144 (JSC::JIT::emit_op_post_dec): 43145 (JSC::JIT::emit_op_pre_inc): 43146 (JSC::JIT::emit_op_pre_dec): 43147 * jit/JITInlineMethods.h: 43148 (JSC::JIT::emitStoreAndMapInt32): 43149 431502011-09-16 Filip Pizlo <fpizlo@apple.com> 43151 43152 Unreviewed Windows build fix after 95318. 43153 43154 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 43155 431562011-09-16 Adam Roben <aroben@apple.com> 43157 43158 Windows build fix after r95310 43159 43160 * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added include\private\JavaScriptCore to the 43161 include path so DFGIntrinsic.h can be found. 43162 431632011-09-16 Gavin Barraclough <barraclough@apple.com> 43164 43165 Rationalize JSObject::putDirect* methods 43166 https://bugs.webkit.org/show_bug.cgi?id=68274 43167 43168 Reviewed by Sam Weinig. 43169 43170 Delete the *Function variants. These are overall inefficient, 43171 in the way they get the name back from the function rather 43172 than just passing it in. 43173 43174 * JavaScriptCore.exp: 43175 * jsc.cpp: 43176 (GlobalObject::finishCreation): 43177 (GlobalObject::addFunction): 43178 * runtime/FunctionPrototype.cpp: 43179 (JSC::FunctionPrototype::addFunctionProperties): 43180 * runtime/JSGlobalObject.cpp: 43181 (JSC::JSGlobalObject::reset): 43182 * runtime/JSObject.cpp: 43183 (JSC::JSObject::put): 43184 (JSC::JSObject::putWithAttributes): 43185 (JSC::JSObject::defineGetter): 43186 (JSC::JSObject::defineSetter): 43187 * runtime/JSObject.h: 43188 (JSC::JSObject::putDirect): 43189 (JSC::JSObject::putDirectWithoutTransition): 43190 * runtime/Lookup.cpp: 43191 (JSC::setUpStaticFunctionSlot): 43192 * runtime/Lookup.h: 43193 (JSC::lookupPut): 43194 431952011-09-16 Filip Pizlo <fpizlo@apple.com> 43196 43197 Unreviewed build fix for Windows. 43198 43199 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 43200 432012011-09-16 Filip Pizlo <fpizlo@apple.com> 43202 43203 Unreviewed build fix for non-DFG builds. 43204 43205 * runtime/Executable.h: 43206 (JSC::NativeExecutable::finishCreation): 43207 432082011-09-16 Filip Pizlo <fpizlo@apple.com> 43209 43210 DFG JIT should inline Math.abs 43211 https://bugs.webkit.org/show_bug.cgi?id=68227 43212 43213 Reviewed by Oliver Hunt. 43214 43215 This adds the ability to track intrinsic functions throughout the 43216 host function infrastructure, so that the DFG can easily query 43217 whether or not a call's target is intrinsic, and if so, which 43218 intrinsic it is. 43219 43220 On top of this, it adds Math.abs intrinsics to DFG. Call(Math.abs) 43221 is transformed into ValueToNumber<-ArithAbs nodes. These nodes 43222 then get optimized using the usual tricks. 43223 43224 Also had to make a completely unrelated change to 43225 DateInstanceCache.h in order to fix a preexisting alphabetical 43226 sorting problem in JSGlobalData.h 43227 43228 This results in a big win in imaging-gaussian-blur: 61% faster 43229 than before. The net win on Kraken is around 13%. 43230 43231 * JavaScriptCore.xcodeproj/project.pbxproj: 43232 * create_hash_table: 43233 * dfg/DFGByteCodeParser.cpp: 43234 (JSC::DFG::ByteCodeParser::parseBlock): 43235 * dfg/DFGGraph.h: 43236 (JSC::DFG::Graph::isFunctionConstant): 43237 (JSC::DFG::Graph::valueOfFunctionConstant): 43238 * dfg/DFGIntrinsic.h: Added. 43239 * dfg/DFGJITCodeGenerator.h: 43240 (JSC::DFG::JITCodeGenerator::isFunctionConstant): 43241 (JSC::DFG::JITCodeGenerator::valueOfFunctionConstant): 43242 * dfg/DFGJITCompiler.h: 43243 (JSC::DFG::JITCompiler::isFunctionConstant): 43244 (JSC::DFG::JITCompiler::valueOfFunctionConstant): 43245 * dfg/DFGNode.h: 43246 * dfg/DFGPropagator.cpp: 43247 (JSC::DFG::Propagator::propagateNode): 43248 * dfg/DFGSpeculativeJIT.cpp: 43249 (JSC::DFG::SpeculativeJIT::compile): 43250 * jit/JITStubs.cpp: 43251 (JSC::JITThunks::hostFunctionStub): 43252 * jit/JITStubs.h: 43253 * runtime/DateInstanceCache.h: 43254 * runtime/Executable.cpp: 43255 (JSC::ExecutableBase::intrinsic): 43256 (JSC::NativeExecutable::intrinsic): 43257 * runtime/Executable.h: 43258 (JSC::NativeExecutable::create): 43259 (JSC::NativeExecutable::finishCreation): 43260 * runtime/JSGlobalData.cpp: 43261 (JSC::JSGlobalData::getHostFunction): 43262 * runtime/JSGlobalData.h: 43263 * runtime/Lookup.cpp: 43264 (JSC::HashTable::createTable): 43265 (JSC::setUpStaticFunctionSlot): 43266 * runtime/Lookup.h: 43267 (JSC::HashEntry::initialize): 43268 (JSC::HashEntry::intrinsic): 43269 432702011-09-16 Filip Pizlo <fpizlo@apple.com> 43271 43272 REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences 43273 using Domino's online ordering 43274 https://bugs.webkit.org/show_bug.cgi?id=68220 43275 43276 Reviewed by Oliver Hunt. 43277 43278 Weak handle processing can result in new objects being marked, which 43279 results in new WeakReferencesHarvesters being added. But weak 43280 reference harvesters are only processed before weak handle processing, 43281 so there's the risk that a weak reference harvester will persist 43282 until the next collection, by which time it may have been deleted. 43283 43284 * heap/Heap.cpp: 43285 (JSC::Heap::markRoots): 43286 432872011-09-16 Csaba Osztrogonác <ossy@webkit.org> 43288 43289 REGRESSION(r95201): It made two tests fail 43290 https://bugs.webkit.org/show_bug.cgi?id=68230 43291 43292 Unreviewed rolling out r95201. 43293 43294 * jit/JIT.h: 43295 * jit/JITArithmetic32_64.cpp: 43296 (JSC::JIT::emit_op_lshift): 43297 (JSC::JIT::emitRightShift): 43298 (JSC::JIT::emit_op_bitand): 43299 (JSC::JIT::emit_op_bitor): 43300 (JSC::JIT::emit_op_bitxor): 43301 (JSC::JIT::emit_op_bitnot): 43302 (JSC::JIT::emit_op_post_inc): 43303 (JSC::JIT::emit_op_post_dec): 43304 (JSC::JIT::emit_op_pre_inc): 43305 (JSC::JIT::emit_op_pre_dec): 43306 * jit/JITInlineMethods.h: 43307 433082011-09-15 Filip Pizlo <fpizlo@apple.com> 43309 43310 DFG JIT does not optimize method_check 43311 https://bugs.webkit.org/show_bug.cgi?id=68215 43312 43313 Reviewed by Oliver Hunt. 43314 43315 MethodCallLinkInfo and StructureStubInfo are now searchable by 43316 bytecodeIndex, so that DFG::ByteCodeParser can use that information 43317 to determine how to optimize GetMethod. 43318 43319 A new node op has been added to DFG: CheckMethod. This is a variant 43320 of GetMethod that has been optimized for the case that GetMethod 43321 always takes the fast path. CheckMethod results in only a very 43322 small amount of code (two loads and two branches in the worst case, 43323 one load and one branch in the best case). CheckMethod behaves as 43324 if it were a constant. 43325 43326 Introduced the notion that a DFG node that is not JSConstant 43327 behaves as a constant. CheckMethod uses this functionality. 43328 43329 This is a 3% speed-up on Kraken, and a small speed-up on V8. 43330 Appears to be neutral on SunSpider. 43331 43332 * bytecode/CodeBlock.h: 43333 (JSC::getStructureStubInfoBytecodeIndex): 43334 (JSC::getMethodCallLinkInfoBytecodeIndex): 43335 * bytecode/PredictedType.cpp: 43336 (JSC::predictionFromCell): 43337 (JSC::predictionFromValue): 43338 * bytecode/PredictedType.h: 43339 * bytecode/StructureStubInfo.h: 43340 * dfg/DFGAliasTracker.h: 43341 (JSC::DFG::AliasTracker::recordGetMethod): 43342 * dfg/DFGByteCodeParser.cpp: 43343 (JSC::DFG::ByteCodeParser::parseBlock): 43344 * dfg/DFGGraph.cpp: 43345 (JSC::DFG::Graph::dump): 43346 * dfg/DFGGraph.h: 43347 (JSC::DFG::Graph::getMethodCheckPrediction): 43348 (JSC::DFG::Graph::getPrediction): 43349 (JSC::DFG::Graph::isConstant): 43350 (JSC::DFG::Graph::isJSConstant): 43351 (JSC::DFG::Graph::valueOfJSConstant): 43352 (JSC::DFG::Graph::valueOfInt32Constant): 43353 (JSC::DFG::Graph::valueOfNumberConstant): 43354 (JSC::DFG::Graph::valueOfBooleanConstant): 43355 (JSC::DFG::Graph::valueOfJSConstantNode): 43356 * dfg/DFGJITCodeGenerator.cpp: 43357 (JSC::DFG::JITCodeGenerator::fillInteger): 43358 (JSC::DFG::JITCodeGenerator::fillDouble): 43359 (JSC::DFG::JITCodeGenerator::fillJSValue): 43360 (JSC::DFG::JITCodeGenerator::isKnownNotInteger): 43361 (JSC::DFG::JITCodeGenerator::isKnownNotNumber): 43362 * dfg/DFGJITCodeGenerator.h: 43363 (JSC::DFG::JITCodeGenerator::silentSpillFPR): 43364 (JSC::DFG::JITCodeGenerator::silentFillGPR): 43365 (JSC::DFG::JITCodeGenerator::silentFillFPR): 43366 * dfg/DFGJITCompiler.cpp: 43367 (JSC::DFG::JITCompiler::fillNumericToDouble): 43368 (JSC::DFG::JITCompiler::fillInt32ToInteger): 43369 (JSC::DFG::JITCompiler::fillToJS): 43370 * dfg/DFGNode.h: 43371 (JSC::DFG::Node::hasConstant): 43372 (JSC::DFG::Node::hasIdentifier): 43373 (JSC::DFG::Node::hasMethodCheckData): 43374 (JSC::DFG::Node::methodCheckDataIndex): 43375 (JSC::DFG::Node::valueOfJSConstant): 43376 * dfg/DFGPropagator.cpp: 43377 (JSC::DFG::Propagator::propagateNode): 43378 * dfg/DFGSpeculativeJIT.cpp: 43379 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 43380 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 43381 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 43382 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 43383 (JSC::DFG::SpeculativeJIT::compile): 43384 * jit/JIT.cpp: 43385 (JSC::JIT::privateCompile): 43386 * jit/JIT.h: 43387 (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo): 43388 (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo): 43389 * jit/JITPropertyAccess.cpp: 43390 (JSC::JIT::emit_op_method_check): 43391 (JSC::JIT::compileGetByIdHotPath): 43392 (JSC::JIT::emit_op_put_by_id): 43393 * jit/JITPropertyAccess32_64.cpp: 43394 (JSC::JIT::emit_op_method_check): 43395 (JSC::JIT::compileGetByIdHotPath): 43396 (JSC::JIT::emit_op_put_by_id): 43397 * runtime/JSCell.h: 43398 (JSC::JSCell::JSCell::structureAddress): 43399 434002011-09-15 Adam Barth <abarth@webkit.org> 43401 43402 Rename ENABLE(DATABASE) to ENABLE(SQL_DATABASE) 43403 https://bugs.webkit.org/show_bug.cgi?id=68205 43404 43405 Reviewed by Eric Seidel. 43406 43407 * Configurations/FeatureDefines.xcconfig: 43408 * wtf/Platform.h: 43409 434102011-09-15 Mark Hahnenberg <mhahnenberg@apple.com> 43411 43412 Unzip initialization lists and constructors in JSCell hierarchy (7/7) 43413 https://bugs.webkit.org/show_bug.cgi?id=68122 43414 43415 Reviewed by Geoffrey Garen. 43416 43417 Completed the seventh and final level of the refactoring to add finishCreation() 43418 methods to all classes within the JSCell hierarchy with non-trivial 43419 constructor bodies. 43420 43421 JSCallbackObject was missed in previous patches due to the fact that 43422 it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so 43423 this is just a bit of retroactive cleanup. 43424 43425 * API/JSCallbackObject.h: 43426 (JSC::JSCallbackObject::create): 43427 * API/JSCallbackObjectFunctions.h: 43428 (JSC::::JSCallbackObject): 43429 434302011-09-15 Filip Pizlo <fpizlo@apple.com> 43431 43432 The DFG non-speculative JIT is no longer used and should be removed. 43433 https://bugs.webkit.org/show_bug.cgi?id=68177 43434 43435 Reviewed by Geoffrey Garen. 43436 43437 This removes the non-speculative JIT and everything that relied on it, 43438 including the ability to turn on DFG but not tiered compilation the, 43439 ability to perform speculation failure into non-speculative JIT code, 43440 and the ability to statically terminate speculation. 43441 43442 * GNUmakefile.list.am: 43443 * JavaScriptCore.pro: 43444 * JavaScriptCore.xcodeproj/project.pbxproj: 43445 * bytecode/CodeBlock.h: 43446 * bytecompiler/BytecodeGenerator.cpp: 43447 (JSC::BytecodeGenerator::emitLoopHint): 43448 * dfg/DFGByteCodeParser.cpp: 43449 (JSC::DFG::ByteCodeParser::ByteCodeParser): 43450 (JSC::DFG::ByteCodeParser::getStrongPrediction): 43451 (JSC::DFG::ByteCodeParser::parseBlock): 43452 * dfg/DFGDriver.cpp: 43453 (JSC::DFG::compile): 43454 * dfg/DFGGenerationInfo.h: 43455 * dfg/DFGGraph.cpp: 43456 (JSC::DFG::Graph::predictArgumentTypes): 43457 * dfg/DFGJITCodeGenerator.cpp: 43458 * dfg/DFGJITCompiler.cpp: 43459 (JSC::DFG::JITCompiler::linkOSRExits): 43460 (JSC::DFG::JITCompiler::compileBody): 43461 * dfg/DFGJITCompiler.h: 43462 * dfg/DFGNode.h: 43463 * dfg/DFGNonSpeculativeJIT.cpp: Removed. 43464 * dfg/DFGNonSpeculativeJIT.h: Removed. 43465 * dfg/DFGOSREntry.cpp: 43466 (JSC::DFG::prepareOSREntry): 43467 * dfg/DFGPropagator.cpp: 43468 * dfg/DFGPropagator.h: 43469 * dfg/DFGSpeculativeJIT.cpp: 43470 (JSC::DFG::SpeculativeJIT::compile): 43471 * dfg/DFGSpeculativeJIT.h: 43472 (JSC::DFG::SpeculativeJIT::osrExits): 43473 (JSC::DFG::SpeculativeJIT::speculationRecovery): 43474 (JSC::DFG::SpeculativeJIT::speculationCheck): 43475 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 43476 * jit/JIT.cpp: 43477 (JSC::JIT::privateCompileMainPass): 43478 (JSC::JIT::privateCompile): 43479 * jit/JIT.h: 43480 * jit/JITCode.h: 43481 (JSC::JITCode::bottomTierJIT): 43482 * runtime/JSGlobalData.cpp: 43483 (JSC::JSGlobalData::JSGlobalData): 43484 (JSC::JSGlobalData::~JSGlobalData): 43485 * runtime/JSGlobalData.h: 43486 * wtf/Platform.h: 43487 434882011-09-15 Eric Seidel <eric@webkit.org> 43489 43490 Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default 43491 https://bugs.webkit.org/show_bug.cgi?id=68182 43492 43493 Reviewed by Adam Barth. 43494 43495 * Configurations/FeatureDefines.xcconfig: 43496 434972011-09-15 Filip Pizlo <fpizlo@apple.com> 43498 43499 DFG speculative JIT sometimes asserts that a value is not a number 43500 even when it doesn't know anything about the number 43501 https://bugs.webkit.org/show_bug.cgi?id=68189 43502 43503 Reviewed by Oliver Hunt. 43504 43505 * dfg/DFGGenerationInfo.h: 43506 (JSC::DFG::GenerationInfo::isUnknownJS): 43507 * dfg/DFGJITCodeGenerator.cpp: 43508 (JSC::DFG::JITCodeGenerator::isKnownNotNumber): 43509 435102011-09-15 Filip Pizlo <fpizlo@apple.com> 43511 43512 All of the functionality in the non-speculative JIT should be 43513 available to the speculative JIT via helper methods 43514 https://bugs.webkit.org/show_bug.cgi?id=68186 43515 43516 Reviewed by Oliver Hunt. 43517 43518 Stole all of the goodness from NonSpeculativeJIT and placed it 43519 in JITCodeGenerator. Left all of the badness (i.e. subtle code 43520 duplication with SpeculativeJIT, etc). This is in preparation 43521 for removing the NonSpeculativeJIT entirely, but having its 43522 goodness available for reuse in the SpeculativeJIT if necessary. 43523 43524 * dfg/DFGJITCodeGenerator.cpp: 43525 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber): 43526 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 43527 (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber): 43528 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp): 43529 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp): 43530 (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod): 43531 (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance): 43532 (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf): 43533 * dfg/DFGJITCodeGenerator.h: 43534 (JSC::DFG::JITCodeGenerator::nonSpeculativeAdd): 43535 (JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub): 43536 * dfg/DFGNonSpeculativeJIT.cpp: 43537 (JSC::DFG::NonSpeculativeJIT::compile): 43538 * dfg/DFGNonSpeculativeJIT.h: 43539 435402011-09-15 Sheriff Bot <webkit.review.bot@gmail.com> 43541 43542 Unreviewed, rolling out r95167. 43543 http://trac.webkit.org/changeset/95167 43544 https://bugs.webkit.org/show_bug.cgi?id=68191 43545 43546 Patch needs further work. (Requested by mhahnenberg on 43547 #webkit). 43548 43549 * JavaScriptCore.exp: 43550 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 43551 * runtime/JSCell.cpp: 43552 (JSC::JSCell::toBoolean): 43553 * runtime/JSCell.h: 43554 (JSC::JSCell::JSValue::toBoolean): 43555 * runtime/JSNotAnObject.cpp: 43556 (JSC::JSNotAnObject::toBoolean): 43557 * runtime/JSNotAnObject.h: 43558 * runtime/JSObject.h: 43559 * runtime/JSString.h: 43560 * runtime/StringObjectThatMasqueradesAsUndefined.h: 43561 (JSC::StringObjectThatMasqueradesAsUndefined::toBoolean): 43562 435632011-09-15 Filip Pizlo <fpizlo@apple.com> 43564 43565 Unreviewed build fix for platforms that expect a linkable symbol 43566 for primitive static const's. 43567 43568 * bytecode/CodeBlock.h: 43569 * jit/JIT.cpp: 43570 (JSC::JIT::emitOptimizationCheck): 43571 435722011-09-15 Filip Pizlo <fpizlo@apple.com> 43573 43574 Unreviewed build fix for assertion on existence of alternative 43575 CodeBlock. 43576 43577 * dfg/DFGGraph.cpp: 43578 (JSC::DFG::Graph::predictArgumentTypes): 43579 435802011-09-14 Filip Pizlo <fpizlo@apple.com> 43581 43582 Value profiles collect no information for global variables 43583 https://bugs.webkit.org/show_bug.cgi?id=68143 43584 43585 Reviewed by Geoffrey Garen. 43586 43587 17% speed-up on string-fasta. Neutral elsewhere. 43588 43589 * dfg/DFGByteCodeParser.cpp: 43590 (JSC::DFG::ByteCodeParser::getStrongPrediction): 43591 (JSC::DFG::ByteCodeParser::stronglyPredict): 43592 (JSC::DFG::ByteCodeParser::parseBlock): 43593 * jit/JITPropertyAccess.cpp: 43594 (JSC::JIT::emit_op_get_global_var): 43595 435962011-09-15 Eric Seidel <eric@webkit.org> 43597 43598 Remove ENABLE_SVG_ANIMATION as all major ports have it on by default 43599 https://bugs.webkit.org/show_bug.cgi?id=68022 43600 43601 Reviewed by Ryosuke Niwa. 43602 43603 * Configurations/FeatureDefines.xcconfig: 43604 436052011-09-15 Gavin Barraclough <barraclough@apple.com> 43606 43607 Ooops, revert accidentally commited unreviewed changes. 43608 43609 * jit/JITOpcodes32_64.cpp: 43610 (JSC::JIT::emit_op_jfalse): 43611 (JSC::JIT::emit_op_jtrue): 43612 * jit/JSInterfaceJIT.h: 43613 * runtime/JSValue.h: 43614 436152011-09-15 Sheriff Bot <webkit.review.bot@gmail.com> 43616 43617 Unreviewed, rolling out r95163. 43618 http://trac.webkit.org/changeset/95163 43619 https://bugs.webkit.org/show_bug.cgi?id=68180 43620 43621 [Qt] The QT_GCC_X variables were removed in Qt5 by accident. 43622 (Requested by darktears on #webkit). 43623 43624 * JavaScriptCore.pro: 43625 436262011-09-15 Gavin Barraclough <barraclough@apple.com> 43627 43628 Windows build fix p1. 43629 43630 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 43631 * jit/JITOpcodes32_64.cpp: 43632 (JSC::JIT::emit_op_jfalse): 43633 (JSC::JIT::emit_op_jtrue): 43634 * jit/JSInterfaceJIT.h: 43635 * runtime/JSValue.h: 43636 436372011-09-14 Filip Pizlo <fpizlo@apple.com> 43638 43639 Tiered compilation should be enabled by default on platforms 43640 that support the DFG JIT 43641 https://bugs.webkit.org/show_bug.cgi?id=68136 43642 43643 Reviewed by Sam Weinig. 43644 43645 Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on 43646 Kraken. Large progressions on some benchmarks, including 43647 3x on imaging-desaturate. 43648 43649 * wtf/Platform.h: 43650 436512011-09-15 Gavin Barraclough <barraclough@apple.com> 43652 43653 devirtualize preventExtensions 43654 https://bugs.webkit.org/show_bug.cgi?id=68176 43655 43656 Reviewed by Oliver Hunt. 43657 43658 This is virtual due to problems in JSFunction putting the prototype 43659 property, but we can fix this problem a different way, just setting 43660 the checkReadOnly flag to false in the put. 43661 43662 * runtime/JSFunction.cpp: 43663 (JSC::JSFunction::getOwnPropertySlot): 43664 * runtime/JSFunction.h: 43665 * runtime/JSObject.h: 43666 436672011-09-15 Geoffrey Garen <ggaren@apple.com> 43668 43669 Value chaining for JSValue32_64 bitops. 43670 43671 Reviewed by Sam Weinig. 43672 43673 SunSpider says 2.3% faster, v8 ~1% faster (mostly due to crypto). 43674 43675 * jit/JIT.h: 43676 * jit/JITInlineMethods.h: 43677 (JSC::JIT::emitStoreAndMapInt32): New int32 helper function for stores 43678 that can chain their results, which is the common case. 43679 43680 * jit/JITArithmetic32_64.cpp: 43681 (JSC::JIT::emit_op_lshift): 43682 (JSC::JIT::emitRightShift): 43683 (JSC::JIT::emit_op_bitand): 43684 (JSC::JIT::emit_op_bitor): 43685 (JSC::JIT::emit_op_bitxor): 43686 (JSC::JIT::emit_op_bitnot): 43687 (JSC::JIT::emit_op_pre_inc): 43688 (JSC::JIT::emit_op_pre_dec): Deployed new function. 43689 (JSC::JIT::emit_op_post_inc): 43690 (JSC::JIT::emit_op_post_dec): Had to reorder these functions so they 43691 computed their result values last, to make them elligible for chaining. 43692 436932011-09-15 Adam Roben <aroben@apple.com> 43694 43695 Clang build fix after r95172 43696 43697 * dfg/DFGSpeculativeJIT.h: 43698 (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject): 43699 (JSC::DFG::SpeculativeJIT::shouldSpeculateArray): 43700 Added parentheses to make precendence clear. 43701 437022011-09-14 Filip Pizlo <fpizlo@apple.com> 43703 43704 DFG does not speculate aggressively enough on comparisons 43705 https://bugs.webkit.org/show_bug.cgi?id=68138 43706 43707 Reviewed by Oliver Hunt. 43708 43709 This is a 75% speed-up on Kraken/ai-astar. It's a 1% win on 43710 V8 and an 8.5% win on Kraken. Neutral on SunSpider. 43711 43712 * dfg/DFGSpeculativeJIT.cpp: 43713 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): 43714 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): 43715 (JSC::DFG::SpeculativeJIT::compileObjectEquality): 43716 (JSC::DFG::SpeculativeJIT::compare): 43717 * dfg/DFGSpeculativeJIT.h: 43718 (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject): 43719 (JSC::DFG::SpeculativeJIT::shouldSpeculateArray): 43720 (JSC::DFG::SpeculativeJIT::shouldSpeculateObject): 43721 (JSC::DFG::SpeculativeJIT::shouldSpeculateCell): 43722 437232011-09-14 Filip Pizlo <fpizlo@apple.com> 43724 43725 DFG JIT does not leverage integer speculations on branches 43726 https://bugs.webkit.org/show_bug.cgi?id=68140 43727 43728 Reviewed by Oliver Hunt. 43729 43730 * dfg/DFGJITCodeGenerator.cpp: 43731 (JSC::DFG::JITCodeGenerator::isStrictInt32): 43732 * dfg/DFGJITCodeGenerator.h: 43733 * dfg/DFGSpeculativeJIT.cpp: 43734 (JSC::DFG::SpeculativeJIT::compile): 43735 437362011-09-14 Gavin Barraclough <barraclough@apple.com> 43737 43738 [n]stricteq code is bogus in JSValue32_64 JIT 43739 https://bugs.webkit.org/show_bug.cgi?id=68141 43740 43741 Reviewed by Sam Weinig. 43742 43743 The code tries to check for both ints or cells, but this check also 43744 catches cases where values that are undefined, null, etc (probably 43745 was incorrectly assuming cell was the 2nd highest tag?). 43746 43747 Also, there is no need not to handle int on the fast path. 43748 stricteq is just a case of comparing the payloads, if we: 43749 * handle cases of differing tags on a slow path 43750 * handle doubles a slow path 43751 * handle both-are-string on a slow path 43752 43753 * jit/JITOpcodes32_64.cpp: 43754 (JSC::JIT::compileOpStrictEq): 43755 (JSC::JIT::emitSlow_op_stricteq): 43756 (JSC::JIT::emitSlow_op_nstricteq): 43757 437582011-09-14 Mark Hahnenberg <mhahnenberg@apple.com> 43759 43760 Make JSCell::toBoolean non-virtual 43761 https://bugs.webkit.org/show_bug.cgi?id=67727 43762 43763 Reviewed by Sam Weinig. 43764 43765 JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where 43766 before it was simply virtual and would crash if its implementation was called). 43767 Its descendants in JSObject and JSString have also been made non-virtual. JSCell now 43768 explicitly covers all cases of toBoolean, so having a virtual implementation of 43769 JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell. 43770 43771 * JavaScriptCore.exp: 43772 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 43773 * runtime/JSCell.cpp: 43774 * runtime/JSCell.h: 43775 * runtime/JSNotAnObject.cpp: 43776 * runtime/JSNotAnObject.h: 43777 * runtime/JSObject.h: 43778 * runtime/JSString.h: 43779 (JSC::JSCell::toBoolean): 43780 (JSC::JSValue::toBoolean): 43781 * runtime/StringObjectThatMasqueradesAsUndefined.h: 43782 437832011-09-14 Alexis Menard <alexis.menard@openbossa.org> 43784 43785 [Qt] Replace QT_GCC_X as they don't exist in Qt5 anymore. 43786 https://bugs.webkit.org/show_bug.cgi?id=68114 43787 43788 Reviewed by Kenneth Rohde Christiansen. 43789 43790 Use the new GCC_X variables defined in WebKit.pri to replace 43791 the usage of QT_GCC_X. 43792 43793 * JavaScriptCore.pro: 43794 437952011-09-14 Sheriff Bot <webkit.review.bot@gmail.com> 43796 43797 Unreviewed, rolling out r95145. 43798 http://trac.webkit.org/changeset/95145 43799 https://bugs.webkit.org/show_bug.cgi?id=68139 43800 43801 The GTK+ build is working now, so revert this trial build fix. 43802 (Requested by mrobinson on #webkit). 43803 43804 * GNUmakefile.list.am: 43805 438062011-09-14 Patrick Gansterer <paroga@webkit.org> 43807 43808 Port MachineStackMarker to Windows ARM and MIPS 43809 https://bugs.webkit.org/show_bug.cgi?id=68068 43810 43811 Reviewed by Geoffrey Garen. 43812 43813 Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS). 43814 Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for 43815 CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for 43816 CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS). 43817 43818 * heap/MachineStackMarker.cpp: 43819 (JSC::getPlatformThreadRegisters): 43820 (JSC::otherThreadStackPointer): 43821 438222011-09-12 Filip Pizlo <fpizlo@apple.com> 43823 43824 DFG JIT always speculates that ValueAdd is a numeric addition 43825 https://bugs.webkit.org/show_bug.cgi?id=67956 43826 43827 Reviewed by Geoffrey Garen. 43828 43829 * dfg/DFGJITCodeGenerator.cpp: 43830 (JSC::DFG::JITCodeGenerator::isKnownNotNumber): 43831 * dfg/DFGJITCodeGenerator.h: 43832 * dfg/DFGNonSpeculativeJIT.cpp: 43833 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 43834 (JSC::DFG::NonSpeculativeJIT::basicArithOp): 43835 * dfg/DFGOperations.cpp: 43836 * dfg/DFGOperations.h: 43837 * dfg/DFGSpeculativeJIT.cpp: 43838 (JSC::DFG::SpeculativeJIT::compile): 43839 * dfg/DFGSpeculativeJIT.h: 43840 (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber): 43841 438422011-09-14 Anders Carlsson <andersca@apple.com> 43843 43844 Stop building BinarySemaphore to see if that's what's breaking the GTK+ build. 43845 43846 * GNUmakefile.list.am: 43847 438482011-09-14 Anders Carlsson <andersca@apple.com> 43849 43850 This is getting old. Yet another build fix attempt. 43851 43852 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: 43853 438542011-09-14 Anders Carlsson <andersca@apple.com> 43855 43856 Yet another build fix attempt. 43857 43858 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 43859 438602011-09-14 Anders Carlsson <andersca@apple.com> 43861 43862 How I "love" Visual Studio... 43863 43864 Try to fix build again. 43865 43866 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: 43867 438682011-09-14 Anders Carlsson <andersca@apple.com> 43869 43870 Try to fix Windows build. 43871 43872 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: 43873 438742011-09-14 Anders Carlsson <andersca@apple.com> 43875 43876 Add BinarySemaphore class from WebKit2 to WTF 43877 https://bugs.webkit.org/show_bug.cgi?id=68132 43878 43879 Reviewed by Sam Weinig. 43880 43881 * GNUmakefile.list.am: 43882 * JavaScriptCore.gypi: 43883 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 43884 * JavaScriptCore.xcodeproj/project.pbxproj: 43885 * wtf/CMakeLists.txt: 43886 Update build systems. 43887 43888 * wtf/threads: Added. 43889 * wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp. 43890 * wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h. 43891 * wtf/threads/win: Added. 43892 * wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp. 43893 438942011-09-14 Filip Pizlo <fpizlo@apple.com> 43895 43896 Unreviewed build fix for Interpreter. 43897 43898 * interpreter/Interpreter.cpp: 43899 (JSC::Interpreter::privateExecute): 43900 439012011-09-14 Anders Carlsson <andersca@apple.com> 43902 43903 Add wtf/threads and wtf/threads/win, so we can be sure that the EWS 43904 bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132 43905 43906 Rubber-stamped by Sam Weinig. 43907 43908 * wtf/threads: Added. 43909 * wtf/threads/win: Added. 43910 439112011-09-14 Filip Pizlo <fpizlo@apple.com> 43912 43913 DFG JIT should not speculate integer if the value is always going to be 43914 used as a double anyway 43915 https://bugs.webkit.org/show_bug.cgi?id=68127 43916 43917 Reviewed by Oliver Hunt. 43918 43919 Added a ValueToDouble node, which is a variant of ValueToNumber that 43920 hints that it will only be used as a double and never as an integer. 43921 Thus, it turns off integer speculation even if the value profiler 43922 told us that the value source is an int. The logic for converting a 43923 ValueToNumber into a ValueToDouble is found in Propagator. 43924 43925 This appears to be a 22% speed-up in imaging-darkroom. 43926 43927 * dfg/DFGNode.h: 43928 * dfg/DFGNonSpeculativeJIT.cpp: 43929 (JSC::DFG::NonSpeculativeJIT::compile): 43930 * dfg/DFGPropagator.cpp: 43931 (JSC::DFG::Propagator::fixpoint): 43932 (JSC::DFG::Propagator::toDouble): 43933 (JSC::DFG::Propagator::fixupNode): 43934 (JSC::DFG::Propagator::fixup): 43935 * dfg/DFGSpeculativeJIT.cpp: 43936 (JSC::DFG::SpeculativeJIT::compile): 43937 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 43938 439392011-09-14 Filip Pizlo <fpizlo@apple.com> 43940 43941 Tiered compilation heuristics do not account for value profile fullness 43942 https://bugs.webkit.org/show_bug.cgi?id=68116 43943 43944 Reviewed by Oliver Hunt. 43945 43946 Tiered compilation avoids invoking the DFG JIT if it finds that value 43947 profiles contain insufficient information. Instead, it produces a 43948 prediction from the current value profile, and then clears the value 43949 profile. This allows the value profile to heat up from scratch for 43950 some number of additional executions. The new profiles will then be 43951 merged with the previous prediction. Once the amount of information 43952 in predictions is enough according to heuristics in CodeBlock.cpp, 43953 DFG optimization is allowed to proceed. 43954 43955 * CMakeLists.txt: 43956 * GNUmakefile.list.am: 43957 * JavaScriptCore.pro: 43958 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 43959 * JavaScriptCore.xcodeproj/project.pbxproj: 43960 * bytecode/CodeBlock.cpp: 43961 (JSC::CodeBlock::CodeBlock): 43962 (JSC::CodeBlock::~CodeBlock): 43963 (JSC::CodeBlock::visitAggregate): 43964 (JSC::CodeBlock::visitWeakReferences): 43965 (JSC::CodeBlock::shouldOptimizeNow): 43966 (JSC::CodeBlock::dumpValueProfiles): 43967 * bytecode/CodeBlock.h: 43968 * bytecode/PredictedType.cpp: 43969 (JSC::predictionToString): 43970 * bytecode/PredictedType.h: 43971 * bytecode/ValueProfile.cpp: Added. 43972 (JSC::ValueProfile::computeStatistics): 43973 (JSC::ValueProfile::computeUpdatedPrediction): 43974 * bytecode/ValueProfile.h: 43975 (JSC::ValueProfile::ValueProfile): 43976 (JSC::ValueProfile::classInfo): 43977 (JSC::ValueProfile::numberOfSamples): 43978 (JSC::ValueProfile::totalNumberOfSamples): 43979 (JSC::ValueProfile::isLive): 43980 (JSC::ValueProfile::numberOfInt32s): 43981 (JSC::ValueProfile::numberOfDoubles): 43982 (JSC::ValueProfile::numberOfBooleans): 43983 (JSC::ValueProfile::dump): 43984 (JSC::getValueProfileBytecodeOffset): 43985 * dfg/DFGByteCodeParser.cpp: 43986 (JSC::DFG::ByteCodeParser::stronglyPredict): 43987 * dfg/DFGGraph.cpp: 43988 (JSC::DFG::Graph::predictArgumentTypes): 43989 * dfg/DFGJITCompiler.cpp: 43990 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 43991 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 43992 * jit/JIT.cpp: 43993 (JSC::JIT::emitOptimizationCheck): 43994 * jit/JITInlineMethods.h: 43995 (JSC::JIT::emitValueProfilingSite): 43996 * jit/JITStubs.cpp: 43997 (JSC::DEFINE_STUB_FUNCTION): 43998 439992011-09-14 Filip Pizlo <fpizlo@apple.com> 44000 44001 DFG should not speculate that the child of LogicalNot is a boolean if 44002 predictions tell us otherwise 44003 https://bugs.webkit.org/show_bug.cgi?id=68118 44004 44005 Reviewed by Geoffrey Garen. 44006 44007 * dfg/DFGJITCodeGenerator.cpp: 44008 (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot): 44009 * dfg/DFGJITCodeGenerator.h: 44010 * dfg/DFGNonSpeculativeJIT.cpp: 44011 (JSC::DFG::NonSpeculativeJIT::compile): 44012 * dfg/DFGSpeculativeJIT.cpp: 44013 (JSC::DFG::SpeculativeJIT::compile): 44014 440152011-09-14 Filip Pizlo <fpizlo@apple.com> 44016 44017 Unreviewed build fix. Turn off tiered compilation. 44018 44019 * wtf/Platform.h: 44020 440212011-09-13 Filip Pizlo <fpizlo@apple.com> 44022 44023 Prediction tracking is not precise enough 44024 https://bugs.webkit.org/show_bug.cgi?id=67993 44025 44026 Reviewed by Oliver Hunt. 44027 44028 Added a richer set of type predictions, including JSFinalObject, JSString, 44029 object that is not a JSFinalObject or JSArray (ObjectOther), some object 44030 but we don't or care know what kind (SomeObject), definitely an object, 44031 cell that is not an object or JSString, an value that is none of the above 44032 (so either Undefined or Null). Made the propagator and value profiler work 44033 with the new types. 44034 44035 Performance is neutral, because the DFG JIT does not take advantage of this 44036 new knowledge yet. 44037 44038 In the process of writing predictionToString() (which is now considerably 44039 more complex) I decided to finally add a BoundsCheckedPointer, which 44040 should come in handy in other places, like at least the OSR scratch buffer 44041 and the CompactJITCodeMap. It's great for cases where you want to 44042 do pointer arithmetic, you want to have assertions about the 44043 pointer not going out of bounds, but you don't want to write those 44044 assertions yourself. 44045 44046 This also required refactoring inherits(), since the ValueProfiler may 44047 want to do the equivalent of inherits() but given two ClassInfo's. 44048 44049 * GNUmakefile.list.am: 44050 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 44051 * JavaScriptCore.xcodeproj/project.pbxproj: 44052 * bytecode/PredictedType.cpp: Added. 44053 (JSC::predictionToString): 44054 (JSC::makePrediction): 44055 (JSC::predictionFromValue): 44056 * bytecode/PredictedType.h: 44057 (JSC::isCellPrediction): 44058 (JSC::isObjectPrediction): 44059 (JSC::isFinalObjectPrediction): 44060 (JSC::isStringPrediction): 44061 (JSC::mergePredictions): 44062 * bytecode/ValueProfile.h: 44063 (JSC::ValueProfile::numberOfObjects): 44064 (JSC::ValueProfile::numberOfFinalObjects): 44065 (JSC::ValueProfile::numberOfStrings): 44066 (JSC::ValueProfile::probabilityOfObject): 44067 (JSC::ValueProfile::probabilityOfFinalObject): 44068 (JSC::ValueProfile::probabilityOfString): 44069 (JSC::ValueProfile::dump): 44070 (JSC::ValueProfile::Statistics::Statistics): 44071 (JSC::ValueProfile::computeStatistics): 44072 * dfg/DFGByteCodeParser.cpp: 44073 (JSC::DFG::ByteCodeParser::stronglyPredict): 44074 * dfg/DFGGraph.cpp: 44075 (JSC::DFG::Graph::dump): 44076 (JSC::DFG::Graph::predictArgumentTypes): 44077 * dfg/DFGNode.h: 44078 (JSC::DFG::Node::predict): 44079 * dfg/DFGPropagator.cpp: 44080 (JSC::DFG::Propagator::propagateNode): 44081 * runtime/ClassInfo.h: 44082 (JSC::ClassInfo::isSubClassOf): 44083 * runtime/JSObject.h: 44084 (JSC::JSCell::inherits): 44085 * wtf/BoundsCheckedPointer.h: Added. 44086 (WTF::BoundsCheckedPointer::BoundsCheckedPointer): 44087 (WTF::BoundsCheckedPointer::operator=): 44088 (WTF::BoundsCheckedPointer::operator+=): 44089 (WTF::BoundsCheckedPointer::operator-=): 44090 (WTF::BoundsCheckedPointer::operator+): 44091 (WTF::BoundsCheckedPointer::operator-): 44092 (WTF::BoundsCheckedPointer::operator++): 44093 (WTF::BoundsCheckedPointer::operator--): 44094 (WTF::BoundsCheckedPointer::operator<): 44095 (WTF::BoundsCheckedPointer::operator<=): 44096 (WTF::BoundsCheckedPointer::operator>): 44097 (WTF::BoundsCheckedPointer::operator>=): 44098 (WTF::BoundsCheckedPointer::operator==): 44099 (WTF::BoundsCheckedPointer::operator!=): 44100 (WTF::BoundsCheckedPointer::operator!): 44101 (WTF::BoundsCheckedPointer::get): 44102 (WTF::BoundsCheckedPointer::operator*): 44103 (WTF::BoundsCheckedPointer::operator[]): 44104 (WTF::BoundsCheckedPointer::strcat): 44105 (WTF::BoundsCheckedPointer::validate): 44106 * wtf/CMakeLists.txt: 44107 441082011-09-14 Csaba Osztrogonác <ossy@webkit.org> 44109 44110 [Qt] Win32 builds with threads turned off 44111 https://bugs.webkit.org/show_bug.cgi?id=67864 44112 44113 Reviewed by Geoffrey Garen. 44114 44115 * JavaScriptCore.pri: Link pthread library on Windows platform. 44116 * wtf/Platform.h: Enable multiple threads. 44117 441182011-09-14 Mark Hahnenberg <mhahnenberg@apple.com> 44119 44120 Unzip initialization lists and constructors in JSCell hierarchy (6/7) 44121 https://bugs.webkit.org/show_bug.cgi?id=67692 44122 44123 Reviewed by Geoffrey Garen. 44124 44125 Completed the sixth level of the refactoring to add finishCreation() 44126 methods to all classes within the JSCell hierarchy with non-trivial 44127 constructor bodies. 44128 44129 This primarily consists of pushing the calls to finishCreation() down 44130 into the constructors of the subclasses of the fifth level of the hierarchy 44131 as well as pulling the finishCreation() calls out into the class's corresponding 44132 create() method if it has one. Doing both simultaneously allows us to 44133 maintain the invariant that the finishCreation() method chain is called exactly 44134 once during the creation of an object, since calling it any other number of 44135 times (0, 2, or more) will cause an assertion failure. 44136 44137 * API/JSCallbackFunction.cpp: 44138 (JSC::JSCallbackFunction::JSCallbackFunction): 44139 * API/JSCallbackFunction.h: 44140 (JSC::JSCallbackFunction::create): 44141 * jsc.cpp: 44142 (GlobalObject::create): 44143 (GlobalObject::GlobalObject): 44144 * runtime/ArrayConstructor.cpp: 44145 (JSC::ArrayConstructor::ArrayConstructor): 44146 * runtime/ArrayConstructor.h: 44147 (JSC::ArrayConstructor::create): 44148 * runtime/BooleanConstructor.cpp: 44149 (JSC::BooleanConstructor::BooleanConstructor): 44150 * runtime/BooleanConstructor.h: 44151 (JSC::BooleanConstructor::create): 44152 * runtime/BooleanPrototype.cpp: 44153 (JSC::BooleanPrototype::BooleanPrototype): 44154 * runtime/BooleanPrototype.h: 44155 (JSC::BooleanPrototype::create): 44156 * runtime/DateConstructor.cpp: 44157 (JSC::DateConstructor::DateConstructor): 44158 * runtime/DateConstructor.h: 44159 (JSC::DateConstructor::create): 44160 * runtime/DatePrototype.cpp: 44161 (JSC::DatePrototype::DatePrototype): 44162 * runtime/DatePrototype.h: 44163 (JSC::DatePrototype::create): 44164 * runtime/Error.cpp: 44165 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): 44166 (JSC::StrictModeTypeErrorFunction::create): 44167 * runtime/ErrorConstructor.cpp: 44168 (JSC::ErrorConstructor::ErrorConstructor): 44169 * runtime/ErrorConstructor.h: 44170 (JSC::ErrorConstructor::create): 44171 * runtime/FunctionConstructor.cpp: 44172 (JSC::FunctionConstructor::FunctionConstructor): 44173 * runtime/FunctionConstructor.h: 44174 (JSC::FunctionConstructor::create): 44175 * runtime/FunctionPrototype.cpp: 44176 (JSC::FunctionPrototype::FunctionPrototype): 44177 * runtime/FunctionPrototype.h: 44178 (JSC::FunctionPrototype::create): 44179 * runtime/NativeErrorConstructor.cpp: 44180 (JSC::NativeErrorConstructor::NativeErrorConstructor): 44181 * runtime/NativeErrorConstructor.h: 44182 (JSC::NativeErrorConstructor::create): 44183 * runtime/NativeErrorPrototype.cpp: 44184 (JSC::NativeErrorPrototype::NativeErrorPrototype): 44185 (JSC::NativeErrorPrototype::finishCreation): 44186 * runtime/NativeErrorPrototype.h: 44187 (JSC::NativeErrorPrototype::create): 44188 * runtime/NumberConstructor.cpp: 44189 (JSC::NumberConstructor::NumberConstructor): 44190 * runtime/NumberConstructor.h: 44191 (JSC::NumberConstructor::create): 44192 * runtime/NumberPrototype.cpp: 44193 (JSC::NumberPrototype::NumberPrototype): 44194 * runtime/NumberPrototype.h: 44195 (JSC::NumberPrototype::create): 44196 * runtime/ObjectConstructor.cpp: 44197 (JSC::ObjectConstructor::ObjectConstructor): 44198 * runtime/ObjectConstructor.h: 44199 (JSC::ObjectConstructor::create): 44200 * runtime/RegExpConstructor.cpp: 44201 (JSC::RegExpConstructor::RegExpConstructor): 44202 * runtime/RegExpConstructor.h: 44203 (JSC::RegExpConstructor::create): 44204 * runtime/RegExpPrototype.cpp: 44205 (JSC::RegExpPrototype::RegExpPrototype): 44206 * runtime/RegExpPrototype.h: 44207 (JSC::RegExpPrototype::create): 44208 * runtime/StringConstructor.cpp: 44209 (JSC::StringConstructor::StringConstructor): 44210 * runtime/StringConstructor.h: 44211 (JSC::StringConstructor::create): 44212 * runtime/StringObjectThatMasqueradesAsUndefined.h: 44213 (JSC::StringObjectThatMasqueradesAsUndefined::create): 44214 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): 44215 * runtime/StringPrototype.cpp: 44216 (JSC::StringPrototype::StringPrototype): 44217 * runtime/StringPrototype.h: 44218 (JSC::StringPrototype::create): 44219 442202011-09-13 Eric Seidel <eric@webkit.org> 44221 44222 Remove ENABLE_SVG_USE as <use> is required by HTML5 44223 https://bugs.webkit.org/show_bug.cgi?id=68019 44224 44225 Reviewed by Ryosuke Niwa. 44226 44227 * Configurations/FeatureDefines.xcconfig: 44228 442292011-09-14 Iain Merrick <husky@google.com> 44230 44231 HashTraits.h should include template specialization for WTF::String 44232 https://bugs.webkit.org/show_bug.cgi?id=67851 44233 44234 Ensure that the template specialization for HashTraits<String> is always 44235 picked up. (Previously it was possible to include HashSet and String but 44236 not the correct HashTraits, so you would get an inefficient template 44237 instantiation.) 44238 44239 Reviewed by Darin Adler. 44240 44241 * wtf/HashTraits.h: 44242 * wtf/text/StringHash.h: 44243 442442011-09-13 Filip Pizlo <fpizlo@apple.com> 44245 44246 SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should 44247 return false if either node can be double 44248 https://bugs.webkit.org/show_bug.cgi?id=67985 44249 44250 Reviewed by Geoffrey Garen. 44251 44252 This is a 17% speed-up on 3d-cube. 44253 44254 This required allowing us to check if a constant is double but not 44255 integer, and making the shouldSpeculateInteger() check test for 44256 any hints of doubly-ness in its operands. This also required 44257 changing some terminology: previously "isDouble" often meant 44258 "isDouble or isInt32". Now "isDouble" means exactly what the name 44259 suggests, and "isNumber" means "isDouble or isInt32". 44260 44261 * dfg/DFGByteCodeParser.cpp: 44262 (JSC::DFG::ByteCodeParser::toNumber): 44263 (JSC::DFG::ByteCodeParser::parseBlock): 44264 * dfg/DFGGenerationInfo.h: 44265 (JSC::DFG::isJSFormat): 44266 (JSC::DFG::isJSInteger): 44267 (JSC::DFG::isJSDouble): 44268 (JSC::DFG::isJSCell): 44269 (JSC::DFG::isJSBoolean): 44270 (JSC::DFG::GenerationInfo::isJSFormat): 44271 (JSC::DFG::GenerationInfo::isJSInteger): 44272 (JSC::DFG::GenerationInfo::isJSDouble): 44273 (JSC::DFG::GenerationInfo::isJSCell): 44274 (JSC::DFG::GenerationInfo::isJSBoolean): 44275 * dfg/DFGGraph.h: 44276 (JSC::DFG::Graph::isNumberConstant): 44277 (JSC::DFG::Graph::valueOfNumberConstant): 44278 * dfg/DFGJITCodeGenerator.cpp: 44279 (JSC::DFG::JITCodeGenerator::fillInteger): 44280 (JSC::DFG::JITCodeGenerator::fillDouble): 44281 (JSC::DFG::JITCodeGenerator::fillJSValue): 44282 (JSC::DFG::JITCodeGenerator::isKnownInteger): 44283 (JSC::DFG::JITCodeGenerator::isKnownNumeric): 44284 (JSC::DFG::JITCodeGenerator::isKnownCell): 44285 (JSC::DFG::JITCodeGenerator::isKnownNotInteger): 44286 (JSC::DFG::JITCodeGenerator::isKnownBoolean): 44287 * dfg/DFGJITCodeGenerator.h: 44288 (JSC::DFG::JITCodeGenerator::silentFillFPR): 44289 (JSC::DFG::JITCodeGenerator::isNumberConstant): 44290 (JSC::DFG::JITCodeGenerator::valueOfNumberConstant): 44291 (JSC::DFG::JITCodeGenerator::initConstantInfo): 44292 * dfg/DFGJITCompiler.cpp: 44293 (JSC::DFG::JITCompiler::fillNumericToDouble): 44294 (JSC::DFG::JITCompiler::fillToJS): 44295 * dfg/DFGJITCompiler.h: 44296 (JSC::DFG::JITCompiler::isNumberConstant): 44297 (JSC::DFG::JITCompiler::valueOfNumberConstant): 44298 * dfg/DFGNode.h: 44299 (JSC::DFG::Node::isDoubleConstant): 44300 (JSC::DFG::Node::isNumberConstant): 44301 (JSC::DFG::Node::valueOfNumberConstant): 44302 (JSC::DFG::Node::hasNumberResult): 44303 * dfg/DFGNonSpeculativeJIT.cpp: 44304 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 44305 (JSC::DFG::NonSpeculativeJIT::compile): 44306 * dfg/DFGSpeculativeJIT.cpp: 44307 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 44308 * dfg/DFGSpeculativeJIT.h: 44309 (JSC::DFG::SpeculativeJIT::isInteger): 44310 (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble): 44311 (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger): 44312 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): 44313 443142011-09-13 Anders Carlsson <andersca@apple.com> 44315 44316 Disable C++ exceptions when building with clang 44317 https://bugs.webkit.org/show_bug.cgi?id=68031 44318 <rdar://problem/9556880> 44319 44320 Reviewed by Mark Rowe. 44321 44322 * Configurations/Base.xcconfig: 44323 443242011-09-13 Eric Seidel <eric@webkit.org> 44325 44326 Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5 44327 https://bugs.webkit.org/show_bug.cgi?id=68018 44328 44329 Reviewed by Ryosuke Niwa. 44330 44331 * Configurations/FeatureDefines.xcconfig: 44332 443332011-09-13 Sam Weinig <sam@webkit.org> 44334 44335 Object.getPrototypeOf should use JSValue::get() 44336 https://bugs.webkit.org/show_bug.cgi?id=67973 44337 44338 Reviewed by Darin Adler. 44339 44340 * runtime/ObjectConstructor.cpp: 44341 (JSC::objectConstructorGetPrototypeOf): 44342 Pipe through JSValue::get() to allow overrides. 44343 443442011-09-12 Filip Pizlo <fpizlo@apple.com> 44345 44346 JavaScriptCore does not have baseline->speculative OSR 44347 https://bugs.webkit.org/show_bug.cgi?id=67920 44348 44349 Reviewed by Oliver Hunt. 44350 44351 This adds the ability to on-stack-replace (OSR) from code that is 44352 running hot in the old JIT to code compiled by the new JIT. This 44353 ensures that long-running loops benefit from DFG optimization. 44354 It also ensures that if code experiences a speculation failure 44355 in DFG code, it has an opportunity to reenter the DFG once every 44356 1,000 loop iterations or so. 44357 44358 This results in a 2.88x speed-up on Kraken/imaging-desaturate, 44359 and is a pure win on the main three benchmark suites (SunSpider, 44360 V8, Kraken), when tiered compilation is enabled. 44361 44362 * JavaScriptCore.xcodeproj/project.pbxproj: 44363 * bytecode/CodeBlock.cpp: 44364 (JSC::CodeBlock::dump): 44365 (JSC::CodeBlock::CodeBlock): 44366 (JSC::ProgramCodeBlock::compileOptimized): 44367 (JSC::EvalCodeBlock::compileOptimized): 44368 (JSC::FunctionCodeBlock::compileOptimized): 44369 * bytecode/CodeBlock.h: 44370 * bytecode/Opcode.h: 44371 * bytecode/PredictedType.h: Added. 44372 (JSC::isCellPrediction): 44373 (JSC::isArrayPrediction): 44374 (JSC::isInt32Prediction): 44375 (JSC::isDoublePrediction): 44376 (JSC::isNumberPrediction): 44377 (JSC::isBooleanPrediction): 44378 (JSC::isStrongPrediction): 44379 (JSC::predictionToString): 44380 (JSC::mergePredictions): 44381 (JSC::mergePrediction): 44382 (JSC::makePrediction): 44383 * bytecode/PredictionTracker.h: Added. 44384 (JSC::operandIsArgument): 44385 (JSC::PredictionSlot::PredictionSlot): 44386 (JSC::PredictionTracker::PredictionTracker): 44387 (JSC::PredictionTracker::initializeSimilarTo): 44388 (JSC::PredictionTracker::copyLocalsFrom): 44389 (JSC::PredictionTracker::numberOfArguments): 44390 (JSC::PredictionTracker::numberOfVariables): 44391 (JSC::PredictionTracker::argumentOffsetForOperand): 44392 (JSC::PredictionTracker::predictArgument): 44393 (JSC::PredictionTracker::predict): 44394 (JSC::PredictionTracker::predictGlobalVar): 44395 (JSC::PredictionTracker::getArgumentPrediction): 44396 (JSC::PredictionTracker::getPrediction): 44397 (JSC::PredictionTracker::getGlobalVarPrediction): 44398 * bytecompiler/BytecodeGenerator.cpp: 44399 (JSC::BytecodeGenerator::emitLoopHint): 44400 * bytecompiler/BytecodeGenerator.h: 44401 * bytecompiler/NodesCodegen.cpp: 44402 (JSC::DoWhileNode::emitBytecode): 44403 (JSC::WhileNode::emitBytecode): 44404 (JSC::ForNode::emitBytecode): 44405 (JSC::ForInNode::emitBytecode): 44406 * dfg/DFGByteCodeParser.cpp: 44407 (JSC::DFG::ByteCodeParser::parseBlock): 44408 * dfg/DFGCapabilities.h: 44409 (JSC::DFG::canCompileOpcode): 44410 * dfg/DFGDriver.cpp: 44411 (JSC::DFG::compile): 44412 * dfg/DFGGraph.cpp: 44413 (JSC::DFG::Graph::dump): 44414 * dfg/DFGGraph.h: 44415 (JSC::DFG::BasicBlock::BasicBlock): 44416 (JSC::DFG::Graph::predict): 44417 (JSC::DFG::Graph::getPrediction): 44418 * dfg/DFGJITCompiler.cpp: 44419 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 44420 (JSC::DFG::JITCompiler::compileEntry): 44421 (JSC::DFG::JITCompiler::compileBody): 44422 * dfg/DFGJITCompiler.h: 44423 (JSC::DFG::JITCompiler::noticeOSREntry): 44424 * dfg/DFGNode.h: 44425 * dfg/DFGOSREntry.cpp: Added. 44426 (JSC::DFG::predictionIsValid): 44427 (JSC::DFG::prepareOSREntry): 44428 * dfg/DFGOSREntry.h: Added. 44429 (JSC::DFG::prepareOSREntry): 44430 * dfg/DFGPredictionTracker.h: Removed. 44431 * dfg/DFGPropagator.cpp: 44432 (JSC::DFG::Propagator::mergeUse): 44433 (JSC::DFG::Propagator::mergePrediction): 44434 * dfg/DFGSpeculativeJIT.cpp: 44435 (JSC::DFG::SpeculativeJIT::compile): 44436 * jit/CompactJITCodeMap.h: 44437 (JSC::CompactJITCodeMap::numberOfEntries): 44438 (JSC::CompactJITCodeMap::decode): 44439 (JSC::CompactJITCodeMap::Decoder::Decoder): 44440 (JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining): 44441 (JSC::CompactJITCodeMap::Decoder::read): 44442 * jit/JIT.cpp: 44443 (JSC::JIT::emitOptimizationCheck): 44444 (JSC::JIT::emitTimeoutCheck): 44445 (JSC::JIT::privateCompileMainPass): 44446 * jit/JIT.h: 44447 (JSC::JIT::emit_op_loop_hint): 44448 * jit/JITStubs.cpp: 44449 (JSC::DEFINE_STUB_FUNCTION): 44450 * runtime/Executable.cpp: 44451 (JSC::EvalExecutable::compileInternal): 44452 (JSC::ProgramExecutable::compileInternal): 44453 (JSC::FunctionExecutable::compileForCallInternal): 44454 (JSC::FunctionExecutable::compileForConstructInternal): 44455 444562011-09-12 Sam Weinig <sam@webkit.org> 44457 44458 Don't allow setting __proto__ to be a getter or setter 44459 https://bugs.webkit.org/show_bug.cgi?id=67982 44460 44461 Reviewed by Gavin Barraclough. 44462 44463 * runtime/JSObject.cpp: 44464 (JSC::JSObject::defineGetter): 44465 (JSC::JSObject::defineSetter): 44466 Disallow setting a getter or setter on __proto__. 44467 444682011-09-12 James Robinson <jamesr@chromium.org> 44469 44470 Unreviewed build fix for chromium. 44471 44472 Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which 44473 is currently only compiled in by ports that use JavaScriptCore. This code is currently unreachable in builds so 44474 no change in functionality. 44475 44476 * yarr/YarrInterpreter.cpp: 44477 (JSC::Yarr::Interpreter::CharAccess::CharAccess): 44478 444792011-09-09 Filip Pizlo <fpizlo@apple.com> 44480 44481 JavaScriptCore does not have speculative->baseline OSR 44482 https://bugs.webkit.org/show_bug.cgi?id=67826 44483 44484 Reviewed by Oliver Hunt. 44485 44486 This adds the ability to bail out of DFG speculative JIT execution by 44487 performing an on-stack replacement (OSR) that results in the control 44488 flow going to the equivalent code generated by the old JIT. 44489 44490 This required a number of new features, as well as taking advantage of 44491 some features that happened to already be present: 44492 44493 We already had a policy of storing the bytecode index for which a DFG 44494 node was generated inside the DFG::Node class. This was previously 44495 called exceptionInfo. It's now renamed to codeOrigin to reflect that 44496 it's used for more than just excpetions. OSR uses this to figure out 44497 which bytecode index to use to look up the machine code location in 44498 the code generated by the old JIT that we should be jumping to. 44499 44500 CodeBlock now stores a mapping between bytecode indices and machine 44501 code offsets for code generated by the old JIT. This is implemented 44502 by CompactJITCodeMap, which tries to compress this data a bit. The 44503 OSR compiler decodes this and uses it to find the machine code 44504 locations it should be jumping to. 44505 44506 We already had a mechanism that emitted SetLocal nodes in the DFG graph 44507 that told us the time at which the old JIT would have stored something 44508 into its register file, and the DFG::Node that corresponds to the value 44509 that it would have stored. These SetLocal's were mostly dead-code- 44510 eliminated, but our DCE leaves the nodes intact except for making them 44511 have 0 as the ref count. This allows the OSR compiler to construct a 44512 mapping between the state as it would have been seen by the old JIT 44513 and the state as the DFG JIT sees it. The OSR compiler uses this to 44514 generate code that reshapes the call frame so that it is like what the 44515 old JIT would expect. 44516 44517 Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION) 44518 we no longer emit the non-speculative path. 44519 44520 * JavaScriptCore.xcodeproj/project.pbxproj: 44521 * bytecode/CodeBlock.h: 44522 * dfg/DFGByteCodeParser.cpp: 44523 (JSC::DFG::ByteCodeParser::currentCodeOrigin): 44524 (JSC::DFG::ByteCodeParser::addToGraph): 44525 * dfg/DFGGPRInfo.h: 44526 * dfg/DFGGenerationInfo.h: 44527 (JSC::DFG::GenerationInfo::alive): 44528 * dfg/DFGGraph.cpp: 44529 (JSC::DFG::Graph::dump): 44530 * dfg/DFGJITCodeGenerator.cpp: 44531 (JSC::DFG::JITCodeGenerator::emitCall): 44532 * dfg/DFGJITCodeGenerator.h: 44533 (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck): 44534 * dfg/DFGJITCompiler.cpp: 44535 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): 44536 (JSC::DFG::JITCompiler::linkOSRExits): 44537 (JSC::DFG::JITCompiler::compileBody): 44538 (JSC::DFG::JITCompiler::link): 44539 * dfg/DFGJITCompiler.h: 44540 (JSC::DFG::CallRecord::CallRecord): 44541 (JSC::DFG::JITCompiler::notifyCall): 44542 (JSC::DFG::JITCompiler::appendCallWithExceptionCheck): 44543 (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck): 44544 (JSC::DFG::JITCompiler::addJSCall): 44545 (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): 44546 * dfg/DFGNode.h: 44547 (JSC::DFG::CodeOrigin::CodeOrigin): 44548 (JSC::DFG::CodeOrigin::isSet): 44549 (JSC::DFG::CodeOrigin::bytecodeIndex): 44550 (JSC::DFG::Node::Node): 44551 (JSC::DFG::Node::child1Unchecked): 44552 * dfg/DFGNonSpeculativeJIT.cpp: 44553 (JSC::DFG::NonSpeculativeJIT::compile): 44554 * dfg/DFGSpeculativeJIT.cpp: 44555 (JSC::DFG::ValueSource::dump): 44556 (JSC::DFG::ValueRecovery::dump): 44557 (JSC::DFG::OSRExit::OSRExit): 44558 (JSC::DFG::SpeculativeJIT::compile): 44559 (JSC::DFG::SpeculativeJIT::compileMovHint): 44560 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 44561 * dfg/DFGSpeculativeJIT.h: 44562 (JSC::DFG::ValueSource::ValueSource): 44563 (JSC::DFG::ValueSource::isSet): 44564 (JSC::DFG::ValueSource::nodeIndex): 44565 (JSC::DFG::ValueRecovery::ValueRecovery): 44566 (JSC::DFG::ValueRecovery::alreadyInRegisterFile): 44567 (JSC::DFG::ValueRecovery::inGPR): 44568 (JSC::DFG::ValueRecovery::inFPR): 44569 (JSC::DFG::ValueRecovery::displacedInRegisterFile): 44570 (JSC::DFG::ValueRecovery::constant): 44571 (JSC::DFG::ValueRecovery::technique): 44572 (JSC::DFG::ValueRecovery::gpr): 44573 (JSC::DFG::ValueRecovery::fpr): 44574 (JSC::DFG::ValueRecovery::virtualRegister): 44575 (JSC::DFG::OSRExit::numberOfRecoveries): 44576 (JSC::DFG::OSRExit::valueRecovery): 44577 (JSC::DFG::OSRExit::isArgument): 44578 (JSC::DFG::OSRExit::argumentForIndex): 44579 (JSC::DFG::OSRExit::variableForIndex): 44580 (JSC::DFG::OSRExit::operandForIndex): 44581 (JSC::DFG::SpeculativeJIT::osrExits): 44582 (JSC::DFG::SpeculativeJIT::speculationCheck): 44583 (JSC::DFG::SpeculativeJIT::valueSourceForOperand): 44584 (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand): 44585 (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): 44586 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): 44587 (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator): 44588 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 44589 * jit/CompactJITCodeMap.h: Added. 44590 (JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset): 44591 (JSC::BytecodeAndMachineOffset::getBytecodeIndex): 44592 (JSC::BytecodeAndMachineOffset::getMachineCodeOffset): 44593 (JSC::CompactJITCodeMap::~CompactJITCodeMap): 44594 (JSC::CompactJITCodeMap::decode): 44595 (JSC::CompactJITCodeMap::CompactJITCodeMap): 44596 (JSC::CompactJITCodeMap::at): 44597 (JSC::CompactJITCodeMap::decodeNumber): 44598 (JSC::CompactJITCodeMap::Encoder::Encoder): 44599 (JSC::CompactJITCodeMap::Encoder::~Encoder): 44600 (JSC::CompactJITCodeMap::Encoder::append): 44601 (JSC::CompactJITCodeMap::Encoder::finish): 44602 (JSC::CompactJITCodeMap::Encoder::appendByte): 44603 (JSC::CompactJITCodeMap::Encoder::encodeNumber): 44604 (JSC::CompactJITCodeMap::Encoder::ensureCapacityFor): 44605 * jit/JIT.cpp: 44606 (JSC::JIT::privateCompileMainPass): 44607 (JSC::JIT::privateCompile): 44608 * jit/JIT.h: 44609 * runtime/JSGlobalData.cpp: 44610 (JSC::JSGlobalData::JSGlobalData): 44611 (JSC::JSGlobalData::~JSGlobalData): 44612 * runtime/JSGlobalData.h: 44613 (JSC::JSGlobalData::osrScratchBufferForSize): 44614 * runtime/JSValue.cpp: 44615 (JSC::JSValue::description): 44616 446172011-09-12 Geoffrey Garen <ggaren@apple.com> 44618 44619 Re-enabled ENABLE(LAZY_BLOCK_FREEING). 44620 44621 Reviewed by Stephanie Lewis. 44622 44623 I accidentally disabled this in r94890, causing a big performance regression. 44624 44625 * wtf/Platform.h: 44626 446272011-09-12 Michael Saboff <msaboff@apple.com> 44628 44629 Broken Build for ARM - lshift32() needs TrustedImm32 arg 44630 https://bugs.webkit.org/show_bug.cgi?id=67965 44631 44632 Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1); 44633 44634 Reviewed by Anders Carlsson. 44635 44636 * assembler/MacroAssemblerARM.h: 44637 (JSC::MacroAssemblerARM::branch16): 44638 446392011-09-12 Michael Saboff <msaboff@apple.com> 44640 44641 Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h 44642 https://bugs.webkit.org/show_bug.cgi?id=67961 44643 44644 Added missing semicolon. 44645 44646 Reviewed by Ryosuke Niwa. 44647 44648 * assembler/MacroAssemblerARM.h: 44649 (JSC::MacroAssemblerARM::branch16): 44650 446512011-09-12 Michael Saboff <msaboff@apple.com> 44652 44653 Update RegExp and related classes to use 8 bit strings when available 44654 https://bugs.webkit.org/show_bug.cgi?id=67337 44655 44656 Modified both the Yarr interpreter and JIT to handle 8 bit subject strings. 44657 The code paths are triggered by the UString::is8bit() method which currently 44658 returns false. Implemented JIT changes for all current architectures. 44659 Tested X86_64 and ARM v7. 44660 44661 This includes some code that will likely change as we complete the 44662 8 bit string changes. This includes the way the raw buffer pointers 44663 are accessed as well as replacing the CharAccess class with a 44664 string interator returned from UString. 44665 44666 Fixed build breakage in testRegExp.cpp due to globalObject construction 44667 changes. 44668 44669 Reviewed by Gavin Barraclough. 44670 44671 * JavaScriptCore.exp: 44672 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 44673 * testRegExp.cpp: 44674 (GlobalObject::finishCreation): 44675 (GlobalObject::GlobalObject): 44676 * assembler/ARMAssembler.cpp: 44677 (JSC::ARMAssembler::baseIndexTransfer32): 44678 * assembler/ARMAssembler.h: 44679 * assembler/ARMv7Assembler.h: 44680 (JSC::ARMv7Assembler::ubfx): 44681 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5): 44682 * assembler/MacroAssemblerARM.h: 44683 (JSC::MacroAssemblerARM::load8): 44684 (JSC::MacroAssemblerARM::branch8): 44685 (JSC::MacroAssemblerARM::branch16): 44686 * assembler/MacroAssemblerARMv7.h: 44687 (JSC::MacroAssemblerARMv7::load8): 44688 (JSC::MacroAssemblerARMv7::branch16): 44689 (JSC::MacroAssemblerARMv7::branch8): 44690 * assembler/MacroAssemblerMIPS.h: 44691 (JSC::MacroAssemblerMIPS::load8): 44692 (JSC::MacroAssemblerMIPS::branch8): 44693 (JSC::MacroAssemblerMIPS::branch16): 44694 * assembler/MacroAssemblerSH4.h: 44695 (JSC::MacroAssemblerSH4::load8): 44696 (JSC::MacroAssemblerSH4::branch8): 44697 (JSC::MacroAssemblerSH4::branch16): 44698 * assembler/MacroAssemblerX86Common.h: 44699 (JSC::MacroAssemblerX86Common::load8): 44700 (JSC::MacroAssemblerX86Common::branch16): 44701 (JSC::MacroAssemblerX86Common::branch8): 44702 * assembler/SH4Assembler.h: 44703 (JSC::SH4Assembler::extub): 44704 (JSC::SH4Assembler::printInstr): 44705 * assembler/X86Assembler.h: 44706 (JSC::X86Assembler::cmpw_ir): 44707 (JSC::X86Assembler::movzbl_mr): 44708 * runtime/RegExp.cpp: 44709 (JSC::RegExp::compile): 44710 (JSC::RegExp::compileIfNecessary): 44711 (JSC::RegExp::match): 44712 (JSC::RegExp::matchCompareWithInterpreter): 44713 * runtime/RegExp.h: 44714 * runtime/UString.h: 44715 (JSC::UString::is8Bit): 44716 * yarr/Yarr.h: 44717 * yarr/YarrInterpreter.cpp: 44718 (JSC::Yarr::Interpreter::CharAccess::CharAccess): 44719 (JSC::Yarr::Interpreter::CharAccess::~CharAccess): 44720 (JSC::Yarr::Interpreter::CharAccess::operator[]): 44721 (JSC::Yarr::Interpreter::InputStream::InputStream): 44722 (JSC::Yarr::Interpreter::Interpreter): 44723 (JSC::Yarr::interpret): 44724 * yarr/YarrJIT.cpp: 44725 (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals): 44726 (JSC::Yarr::YarrGenerator::readCharacter): 44727 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 44728 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): 44729 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): 44730 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): 44731 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): 44732 (JSC::Yarr::YarrGenerator::generateDotStarEnclosure): 44733 (JSC::Yarr::YarrGenerator::YarrGenerator): 44734 (JSC::Yarr::YarrGenerator::compile): 44735 (JSC::Yarr::jitCompile): 44736 (JSC::Yarr::execute): 44737 * yarr/YarrJIT.h: 44738 (JSC::Yarr::YarrCodeBlock::has8BitCode): 44739 (JSC::Yarr::YarrCodeBlock::has16BitCode): 44740 (JSC::Yarr::YarrCodeBlock::set8BitCode): 44741 (JSC::Yarr::YarrCodeBlock::set16BitCode): 44742 (JSC::Yarr::YarrCodeBlock::execute): 44743 * yarr/YarrParser.h: 44744 (JSC::Yarr::Parser::Parser): 44745 447462011-09-12 Andras Becsi <andras.becsi@nokia.com> 44747 44748 [Qt] Build fails after r94920 with strict compiler 44749 https://bugs.webkit.org/show_bug.cgi?id=67928 44750 44751 Reviewed by Csaba Osztrogonác. 44752 44753 * wtf/RedBlackTree.h: 44754 (WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot. 44755 447562011-09-12 Patrick Gansterer <paroga@webkit.org> 44757 44758 Unreviewed build fix after r94871. 44759 44760 * runtime/InitializeThreading.cpp: 44761 (JSC::initializeThreadingOnce): 44762 * wtf/FastMalloc.cpp: 44763 * wtf/RefCountedLeakCounter.h: 44764 447652011-09-11 Filip Pizlo <fpizlo@apple.com> 44766 44767 DFGNode.h has macros that indicate the enabling of a feature, but 44768 they do not use the ENABLE() idiom. 44769 https://bugs.webkit.org/show_bug.cgi?id=67907 44770 44771 Reviewed by Oliver Hunt. 44772 44773 * dfg/DFGByteCodeParser.cpp: 44774 (JSC::DFG::ByteCodeParser::stronglyPredict): 44775 (JSC::DFG::ByteCodeParser::parse): 44776 * dfg/DFGGraph.cpp: 44777 (JSC::DFG::Graph::predictArgumentTypes): 44778 * dfg/DFGJITCodeGenerator.cpp: 44779 * dfg/DFGJITCodeGenerator.h: 44780 * dfg/DFGJITCompiler.cpp: 44781 (JSC::DFG::JITCompiler::fillInt32ToInteger): 44782 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 44783 (JSC::DFG::JITCompiler::compileBody): 44784 (JSC::DFG::JITCompiler::link): 44785 * dfg/DFGJITCompiler.h: 44786 * dfg/DFGNode.h: 44787 * dfg/DFGNonSpeculativeJIT.cpp: 44788 (JSC::DFG::NonSpeculativeJIT::compile): 44789 * dfg/DFGOperations.cpp: 44790 * dfg/DFGOperations.h: 44791 * dfg/DFGPropagator.cpp: 44792 (JSC::DFG::Propagator::fixpoint): 44793 (JSC::DFG::Propagator::propagateNode): 44794 (JSC::DFG::Propagator::propagateForward): 44795 (JSC::DFG::Propagator::propagateBackward): 44796 (JSC::DFG::propagate): 44797 * dfg/DFGScoreBoard.h: 44798 * dfg/DFGSpeculativeJIT.cpp: 44799 (JSC::DFG::SpeculativeJIT::compile): 44800 * dfg/DFGSpeculativeJIT.h: 44801 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 44802 * jit/JIT.cpp: 44803 (JSC::JIT::privateCompile): 44804 448052011-09-11 Fumitoshi Ukai <ukai@chromium.org> 44806 44807 Unreviewed build fix for chromium/mac & clang. 44808 44809 Fix the macro redefinition error by r94927, because chromium set 44810 ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and 44811 it is not PLATFORM(QT). 44812 ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror] 44813 #define ENABLE_JSC_MULTIPLE_THREADS 1 44814 <command line>:43:9: note: previous definition is here 44815 #define ENABLE_JSC_MULTIPLE_THREADS 0 44816 1 error generated. 44817 44818 * wtf/Platform.h: 44819 448202011-09-11 Sam Weinig <sam@webkit.org> 44821 44822 Remove JSCell::isPropertyNameIterator(), it is unused 44823 https://bugs.webkit.org/show_bug.cgi?id=67911 44824 44825 Reviewed by Oliver Hunt. 44826 44827 * runtime/JSCell.h: 44828 * runtime/JSPropertyNameIterator.h: 44829 448302011-09-11 Sam Weinig <sam@webkit.org> 44831 44832 De-virtualize JSCell::isAPIValueWrapper 44833 https://bugs.webkit.org/show_bug.cgi?id=67909 44834 44835 Reviewed by Oliver Hunt. 44836 44837 * runtime/JSAPIValueWrapper.h: 44838 (JSC::JSAPIValueWrapper::createStructure): 44839 Set the correct type on structure creation. 44840 44841 * runtime/JSCell.h: 44842 Remove virtual keyword and default implementation. 44843 44844 * runtime/JSType.h: 44845 Add type for APIValueWrapper. It must come after CompoundType since 44846 the APIValueWrapper has children in need of marking. 44847 44848 * runtime/Structure.h: 44849 (JSC::JSCell::isAPIValueWrapper): 44850 Implement predicate using type info. 44851 448522011-09-10 Sam Weinig <sam@webkit.org> 44853 44854 De-virtualize JSCell::isGetterSetter, type information is available for it 44855 https://bugs.webkit.org/show_bug.cgi?id=67902 44856 44857 Reviewed by Dan Bernstein. 44858 44859 * runtime/GetterSetter.cpp: 44860 * runtime/GetterSetter.h: 44861 Remove override of isGetterSetter. 44862 44863 * runtime/JSCell.cpp: 44864 * runtime/JSCell.h: 44865 De-virtualize and remove silly base implementation. 44866 44867 * runtime/Structure.h: 44868 (JSC::JSCell::isGetterSetter): 44869 Use type info to determine getter-setter-hood. 44870 448712011-09-09 Oliver Hunt <oliver@apple.com> 44872 44873 Remove support for anonymous storage from jsobjects 44874 https://bugs.webkit.org/show_bug.cgi?id=67881 44875 44876 Reviewed by Sam Weinig. 44877 44878 Remove all use of anonymous slots, essentially a mechanical change 44879 in JavaScriptCore 44880 44881 * API/JSCallbackConstructor.h: 44882 (JSC::JSCallbackConstructor::createStructure): 44883 * API/JSCallbackFunction.h: 44884 (JSC::JSCallbackFunction::createStructure): 44885 * API/JSCallbackObject.h: 44886 (JSC::JSCallbackObject::createStructure): 44887 * JavaScriptCore.exp: 44888 * debugger/DebuggerActivation.h: 44889 (JSC::DebuggerActivation::createStructure): 44890 * heap/MarkStack.cpp: 44891 (JSC::MarkStack::validateValue): 44892 * heap/MarkStack.h: 44893 * runtime/Arguments.h: 44894 (JSC::Arguments::createStructure): 44895 * runtime/ArrayConstructor.h: 44896 (JSC::ArrayConstructor::createStructure): 44897 * runtime/ArrayPrototype.cpp: 44898 (JSC::ArrayPrototype::finishCreation): 44899 * runtime/ArrayPrototype.h: 44900 (JSC::ArrayPrototype::createStructure): 44901 * runtime/BooleanObject.h: 44902 (JSC::BooleanObject::createStructure): 44903 * runtime/BooleanPrototype.cpp: 44904 (JSC::BooleanPrototype::BooleanPrototype): 44905 * runtime/BooleanPrototype.h: 44906 (JSC::BooleanPrototype::createStructure): 44907 * runtime/DateConstructor.h: 44908 (JSC::DateConstructor::createStructure): 44909 * runtime/DateInstance.h: 44910 (JSC::DateInstance::createStructure): 44911 * runtime/DatePrototype.cpp: 44912 (JSC::DatePrototype::DatePrototype): 44913 * runtime/DatePrototype.h: 44914 (JSC::DatePrototype::createStructure): 44915 * runtime/ErrorInstance.h: 44916 (JSC::ErrorInstance::createStructure): 44917 * runtime/ErrorPrototype.cpp: 44918 (JSC::ErrorPrototype::finishCreation): 44919 * runtime/ErrorPrototype.h: 44920 (JSC::ErrorPrototype::createStructure): 44921 * runtime/ExceptionHelpers.h: 44922 (JSC::InterruptedExecutionError::createStructure): 44923 (JSC::TerminatedExecutionError::createStructure): 44924 * runtime/Executable.h: 44925 (JSC::ExecutableBase::createStructure): 44926 (JSC::NativeExecutable::createStructure): 44927 (JSC::EvalExecutable::createStructure): 44928 (JSC::ProgramExecutable::createStructure): 44929 (JSC::FunctionExecutable::createStructure): 44930 * runtime/FunctionPrototype.h: 44931 (JSC::FunctionPrototype::createStructure): 44932 * runtime/GetterSetter.h: 44933 (JSC::GetterSetter::createStructure): 44934 * runtime/InternalFunction.h: 44935 (JSC::InternalFunction::createStructure): 44936 * runtime/JSAPIValueWrapper.h: 44937 (JSC::JSAPIValueWrapper::createStructure): 44938 * runtime/JSActivation.h: 44939 (JSC::JSActivation::createStructure): 44940 * runtime/JSArray.h: 44941 (JSC::JSArray::createStructure): 44942 * runtime/JSByteArray.cpp: 44943 (JSC::JSByteArray::createStructure): 44944 * runtime/JSCell.h: 44945 * runtime/JSFunction.h: 44946 (JSC::JSFunction::createStructure): 44947 * runtime/JSGlobalObject.h: 44948 (JSC::JSGlobalObject::finishCreation): 44949 (JSC::JSGlobalObject::createStructure): 44950 * runtime/JSNotAnObject.h: 44951 (JSC::JSNotAnObject::createStructure): 44952 * runtime/JSONObject.h: 44953 (JSC::JSONObject::createStructure): 44954 * runtime/JSObject.h: 44955 (JSC::JSObject::createStructure): 44956 (JSC::JSNonFinalObject::createStructure): 44957 (JSC::JSFinalObject::createStructure): 44958 * runtime/JSPropertyNameIterator.cpp: 44959 (JSC::JSPropertyNameIterator::create): 44960 * runtime/JSPropertyNameIterator.h: 44961 (JSC::JSPropertyNameIterator::createStructure): 44962 * runtime/JSStaticScopeObject.h: 44963 (JSC::JSStaticScopeObject::createStructure): 44964 * runtime/JSString.h: 44965 (JSC::RopeBuilder::createStructure): 44966 * runtime/JSVariableObject.h: 44967 (JSC::JSVariableObject::createStructure): 44968 * runtime/JSWrapperObject.h: 44969 (JSC::JSWrapperObject::createStructure): 44970 * runtime/MathObject.h: 44971 (JSC::MathObject::createStructure): 44972 * runtime/NativeErrorConstructor.h: 44973 (JSC::NativeErrorConstructor::createStructure): 44974 * runtime/NumberConstructor.h: 44975 (JSC::NumberConstructor::createStructure): 44976 * runtime/NumberObject.h: 44977 (JSC::NumberObject::createStructure): 44978 * runtime/NumberPrototype.cpp: 44979 (JSC::NumberPrototype::NumberPrototype): 44980 * runtime/NumberPrototype.h: 44981 (JSC::NumberPrototype::createStructure): 44982 * runtime/ObjectConstructor.h: 44983 (JSC::ObjectConstructor::createStructure): 44984 * runtime/ObjectPrototype.cpp: 44985 (JSC::ObjectPrototype::finishCreation): 44986 * runtime/ObjectPrototype.h: 44987 (JSC::ObjectPrototype::createStructure): 44988 * runtime/RegExp.h: 44989 (JSC::RegExp::createStructure): 44990 * runtime/RegExpConstructor.h: 44991 (JSC::RegExpConstructor::createStructure): 44992 * runtime/RegExpObject.h: 44993 (JSC::RegExpObject::createStructure): 44994 * runtime/RegExpPrototype.h: 44995 (JSC::RegExpPrototype::createStructure): 44996 * runtime/ScopeChain.h: 44997 (JSC::ScopeChainNode::createStructure): 44998 * runtime/StrictEvalActivation.h: 44999 (JSC::StrictEvalActivation::createStructure): 45000 * runtime/StringConstructor.h: 45001 (JSC::StringConstructor::createStructure): 45002 * runtime/StringObject.h: 45003 (JSC::StringObject::createStructure): 45004 * runtime/StringObjectThatMasqueradesAsUndefined.h: 45005 (JSC::StringObjectThatMasqueradesAsUndefined::createStructure): 45006 * runtime/StringPrototype.cpp: 45007 (JSC::StringPrototype::StringPrototype): 45008 * runtime/StringPrototype.h: 45009 (JSC::StringPrototype::createStructure): 45010 * runtime/Structure.cpp: 45011 (JSC::Structure::Structure): 45012 (JSC::Structure::materializePropertyMap): 45013 (JSC::Structure::addPropertyTransitionToExistingStructure): 45014 (JSC::Structure::addPropertyTransition): 45015 (JSC::Structure::removePropertyTransition): 45016 (JSC::Structure::changePrototypeTransition): 45017 (JSC::Structure::despecifyFunctionTransition): 45018 (JSC::Structure::getterSetterTransition): 45019 (JSC::Structure::toDictionaryTransition): 45020 (JSC::Structure::preventExtensionsTransition): 45021 (JSC::Structure::flattenDictionaryStructure): 45022 (JSC::Structure::addPropertyWithoutTransition): 45023 (JSC::Structure::removePropertyWithoutTransition): 45024 (JSC::Structure::get): 45025 (JSC::Structure::putSpecificValue): 45026 (JSC::Structure::remove): 45027 (JSC::Structure::checkConsistency): 45028 * runtime/Structure.h: 45029 (JSC::Structure::create): 45030 (JSC::Structure::propertyStorageSize): 45031 (JSC::Structure::get): 45032 * runtime/StructureChain.h: 45033 (JSC::StructureChain::createStructure): 45034 450352011-09-11 Jarred Nicholls <jarred@sencha.com> 45036 45037 [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library 45038 https://bugs.webkit.org/show_bug.cgi?id=67864 45039 45040 Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build. 45041 45042 Reviewed by Csaba Osztrogonác. 45043 45044 * wtf/Platform.h: 45045 450462011-09-11 Filip Pizlo <fpizlo@apple.com> 45047 45048 ARM and MIPS assemblers still refer to executable pools. 45049 https://bugs.webkit.org/show_bug.cgi?id=67903 45050 45051 Reviewed by Csaba Osztrogonác. 45052 45053 * assembler/ARMAssembler.cpp: 45054 (JSC::ARMAssembler::executableCopy): 45055 * assembler/ARMAssembler.h: 45056 * assembler/AssemblerBufferWithConstantPool.h: 45057 * assembler/MIPSAssembler.h: 45058 (JSC::MIPSAssembler::executableCopy): 45059 450602011-09-08 Filip Pizlo <fpizlo@apple.com> 45061 45062 The executable allocator makes it difficult to free individual 45063 chunks of executable memory 45064 https://bugs.webkit.org/show_bug.cgi?id=66363 45065 45066 Reviewed by Oliver Hunt. 45067 45068 Introduced a best-fit, balanced-tree based allocator. The allocator 45069 required a balanced tree that does not allocate memory and that 45070 permits the removal of individual nodes directly (as opposed to by 45071 key); neither AVLTree nor WebCore's PODRedBlackTree supported this. 45072 Changed all references to executable code to use a reference counted 45073 handle. 45074 45075 * GNUmakefile.list.am: 45076 * JavaScriptCore.exp: 45077 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 45078 * JavaScriptCore.xcodeproj/project.pbxproj: 45079 * assembler/AssemblerBuffer.h: 45080 (JSC::AssemblerBuffer::executableCopy): 45081 * assembler/LinkBuffer.h: 45082 (JSC::LinkBuffer::LinkBuffer): 45083 (JSC::LinkBuffer::finalizeCode): 45084 (JSC::LinkBuffer::linkCode): 45085 * assembler/MacroAssemblerCodeRef.h: 45086 (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef): 45087 (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef): 45088 (JSC::MacroAssemblerCodeRef::executableMemory): 45089 (JSC::MacroAssemblerCodeRef::code): 45090 (JSC::MacroAssemblerCodeRef::size): 45091 (JSC::MacroAssemblerCodeRef::operator!): 45092 * assembler/X86Assembler.h: 45093 (JSC::X86Assembler::executableCopy): 45094 (JSC::X86Assembler::X86InstructionFormatter::executableCopy): 45095 * bytecode/CodeBlock.h: 45096 * bytecode/Instruction.h: 45097 * bytecode/StructureStubInfo.h: 45098 * dfg/DFGJITCompiler.cpp: 45099 (JSC::DFG::JITCompiler::compile): 45100 (JSC::DFG::JITCompiler::compileFunction): 45101 * dfg/DFGRepatch.cpp: 45102 (JSC::DFG::generateProtoChainAccessStub): 45103 (JSC::DFG::tryCacheGetByID): 45104 (JSC::DFG::tryBuildGetByIDList): 45105 (JSC::DFG::tryBuildGetByIDProtoList): 45106 (JSC::DFG::tryCachePutByID): 45107 * jit/ExecutableAllocator.cpp: 45108 (JSC::ExecutableAllocator::initializeAllocator): 45109 (JSC::ExecutableAllocator::ExecutableAllocator): 45110 (JSC::ExecutableAllocator::allocate): 45111 (JSC::ExecutableAllocator::committedByteCount): 45112 (JSC::ExecutableAllocator::dumpProfile): 45113 * jit/ExecutableAllocator.h: 45114 (JSC::ExecutableAllocator::dumpProfile): 45115 * jit/ExecutableAllocatorFixedVMPool.cpp: 45116 (JSC::ExecutableAllocator::initializeAllocator): 45117 (JSC::ExecutableAllocator::ExecutableAllocator): 45118 (JSC::ExecutableAllocator::isValid): 45119 (JSC::ExecutableAllocator::underMemoryPressure): 45120 (JSC::ExecutableAllocator::allocate): 45121 (JSC::ExecutableAllocator::committedByteCount): 45122 (JSC::ExecutableAllocator::dumpProfile): 45123 * jit/JIT.cpp: 45124 (JSC::JIT::privateCompile): 45125 * jit/JIT.h: 45126 (JSC::JIT::compileCTIMachineTrampolines): 45127 (JSC::JIT::compileCTINativeCall): 45128 * jit/JITCode.h: 45129 (JSC::JITCode::operator !): 45130 (JSC::JITCode::addressForCall): 45131 (JSC::JITCode::offsetOf): 45132 (JSC::JITCode::execute): 45133 (JSC::JITCode::start): 45134 (JSC::JITCode::size): 45135 (JSC::JITCode::getExecutableMemory): 45136 (JSC::JITCode::HostFunction): 45137 (JSC::JITCode::JITCode): 45138 * jit/JITOpcodes.cpp: 45139 (JSC::JIT::privateCompileCTIMachineTrampolines): 45140 (JSC::JIT::privateCompileCTINativeCall): 45141 * jit/JITOpcodes32_64.cpp: 45142 (JSC::JIT::privateCompileCTIMachineTrampolines): 45143 (JSC::JIT::privateCompileCTINativeCall): 45144 * jit/JITPropertyAccess.cpp: 45145 (JSC::JIT::stringGetByValStubGenerator): 45146 (JSC::JIT::emitSlow_op_get_by_val): 45147 (JSC::JIT::privateCompilePutByIdTransition): 45148 (JSC::JIT::privateCompilePatchGetArrayLength): 45149 (JSC::JIT::privateCompileGetByIdProto): 45150 (JSC::JIT::privateCompileGetByIdSelfList): 45151 (JSC::JIT::privateCompileGetByIdProtoList): 45152 (JSC::JIT::privateCompileGetByIdChainList): 45153 (JSC::JIT::privateCompileGetByIdChain): 45154 * jit/JITPropertyAccess32_64.cpp: 45155 (JSC::JIT::stringGetByValStubGenerator): 45156 (JSC::JIT::emitSlow_op_get_by_val): 45157 (JSC::JIT::privateCompilePutByIdTransition): 45158 (JSC::JIT::privateCompilePatchGetArrayLength): 45159 (JSC::JIT::privateCompileGetByIdProto): 45160 (JSC::JIT::privateCompileGetByIdSelfList): 45161 (JSC::JIT::privateCompileGetByIdProtoList): 45162 (JSC::JIT::privateCompileGetByIdChainList): 45163 (JSC::JIT::privateCompileGetByIdChain): 45164 * jit/JITStubs.cpp: 45165 (JSC::JITThunks::JITThunks): 45166 (JSC::DEFINE_STUB_FUNCTION): 45167 (JSC::getPolymorphicAccessStructureListSlot): 45168 (JSC::JITThunks::ctiStub): 45169 (JSC::JITThunks::hostFunctionStub): 45170 * jit/JITStubs.h: 45171 * jit/SpecializedThunkJIT.h: 45172 (JSC::SpecializedThunkJIT::SpecializedThunkJIT): 45173 (JSC::SpecializedThunkJIT::finalize): 45174 * jit/ThunkGenerators.cpp: 45175 (JSC::charCodeAtThunkGenerator): 45176 (JSC::charAtThunkGenerator): 45177 (JSC::fromCharCodeThunkGenerator): 45178 (JSC::sqrtThunkGenerator): 45179 (JSC::floorThunkGenerator): 45180 (JSC::ceilThunkGenerator): 45181 (JSC::roundThunkGenerator): 45182 (JSC::expThunkGenerator): 45183 (JSC::logThunkGenerator): 45184 (JSC::absThunkGenerator): 45185 (JSC::powThunkGenerator): 45186 * jit/ThunkGenerators.h: 45187 * runtime/Executable.h: 45188 (JSC::NativeExecutable::create): 45189 * runtime/InitializeThreading.cpp: 45190 (JSC::initializeThreadingOnce): 45191 * runtime/JSGlobalData.cpp: 45192 (JSC::JSGlobalData::JSGlobalData): 45193 (JSC::JSGlobalData::dumpSampleData): 45194 * runtime/JSGlobalData.h: 45195 (JSC::JSGlobalData::getCTIStub): 45196 * wtf/CMakeLists.txt: 45197 * wtf/MetaAllocator.cpp: Added. 45198 (WTF::MetaAllocatorHandle::MetaAllocatorHandle): 45199 (WTF::MetaAllocatorHandle::~MetaAllocatorHandle): 45200 (WTF::MetaAllocatorHandle::shrink): 45201 (WTF::MetaAllocator::MetaAllocator): 45202 (WTF::MetaAllocator::allocate): 45203 (WTF::MetaAllocator::currentStatistics): 45204 (WTF::MetaAllocator::findAndRemoveFreeSpace): 45205 (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle): 45206 (WTF::MetaAllocator::addFreshFreeSpace): 45207 (WTF::MetaAllocator::debugFreeSpaceSize): 45208 (WTF::MetaAllocator::addFreeSpace): 45209 (WTF::MetaAllocator::incrementPageOccupancy): 45210 (WTF::MetaAllocator::decrementPageOccupancy): 45211 (WTF::MetaAllocator::roundUp): 45212 (WTF::MetaAllocator::allocFreeSpaceNode): 45213 (WTF::MetaAllocator::freeFreeSpaceNode): 45214 (WTF::MetaAllocator::dumpProfile): 45215 * wtf/MetaAllocator.h: Added. 45216 (WTF::MetaAllocator::bytesAllocated): 45217 (WTF::MetaAllocator::bytesReserved): 45218 (WTF::MetaAllocator::bytesCommitted): 45219 (WTF::MetaAllocator::dumpProfile): 45220 (WTF::MetaAllocator::~MetaAllocator): 45221 * wtf/MetaAllocatorHandle.h: Added. 45222 * wtf/RedBlackTree.h: Added. 45223 (WTF::RedBlackTree::Node::Node): 45224 (WTF::RedBlackTree::Node::successor): 45225 (WTF::RedBlackTree::Node::predecessor): 45226 (WTF::RedBlackTree::Node::reset): 45227 (WTF::RedBlackTree::Node::parent): 45228 (WTF::RedBlackTree::Node::setParent): 45229 (WTF::RedBlackTree::Node::left): 45230 (WTF::RedBlackTree::Node::setLeft): 45231 (WTF::RedBlackTree::Node::right): 45232 (WTF::RedBlackTree::Node::setRight): 45233 (WTF::RedBlackTree::Node::color): 45234 (WTF::RedBlackTree::Node::setColor): 45235 (WTF::RedBlackTree::RedBlackTree): 45236 (WTF::RedBlackTree::insert): 45237 (WTF::RedBlackTree::remove): 45238 (WTF::RedBlackTree::findExact): 45239 (WTF::RedBlackTree::findLeastGreaterThanOrEqual): 45240 (WTF::RedBlackTree::findGreatestLessThanOrEqual): 45241 (WTF::RedBlackTree::first): 45242 (WTF::RedBlackTree::last): 45243 (WTF::RedBlackTree::size): 45244 (WTF::RedBlackTree::isEmpty): 45245 (WTF::RedBlackTree::treeMinimum): 45246 (WTF::RedBlackTree::treeMaximum): 45247 (WTF::RedBlackTree::treeInsert): 45248 (WTF::RedBlackTree::leftRotate): 45249 (WTF::RedBlackTree::rightRotate): 45250 (WTF::RedBlackTree::removeFixup): 45251 * wtf/wtf.pri: 45252 * yarr/YarrJIT.cpp: 45253 (JSC::Yarr::YarrGenerator::compile): 45254 * yarr/YarrJIT.h: 45255 (JSC::Yarr::YarrCodeBlock::execute): 45256 (JSC::Yarr::YarrCodeBlock::getAddr): 45257 452582011-09-10 Sam Weinig <sam@webkit.org> 45259 45260 Remove JSC::isZombie() function, it did nothing and was called by no-one. 45261 https://bugs.webkit.org/show_bug.cgi?id=67901 45262 45263 Reviewed by Andy Estes. 45264 45265 * JavaScriptCore.exp: 45266 * runtime/JSCell.cpp: 45267 * runtime/JSValue.h: 45268 452692011-09-10 Sam Weinig <sam@webkit.org> 45270 45271 Add isInterruptedExecutionException and isTerminatedExecutionException predicates 45272 https://bugs.webkit.org/show_bug.cgi?id=67892 45273 45274 Reviewed by Andy "First Time Reviewer" Estes. 45275 45276 * JavaScriptCore.exp: 45277 Add symbols. 45278 45279 * interpreter/Interpreter.cpp: 45280 (JSC::Interpreter::throwException): 45281 Use new predicates. 45282 45283 * runtime/ExceptionHelpers.cpp: 45284 (JSC::createInterruptedExecutionException): 45285 (JSC::isInterruptedExecutionException): 45286 (JSC::createTerminatedExecutionException): 45287 (JSC::isTerminatedExecutionException): 45288 * runtime/ExceptionHelpers.h: 45289 (JSC::InterruptedExecutionError::InterruptedExecutionError): 45290 Add predicates. 45291 452922011-09-10 Filip Pizlo <fpizlo@apple.com> 45293 45294 DFG JIT completely undoes speculative compilation even in the case of 45295 a partial static speculation failure 45296 https://bugs.webkit.org/show_bug.cgi?id=67798 45297 45298 Reviewed by Geoffrey Garen. 45299 45300 This is a regression with static speculation, so it is turned off by 45301 default. But it is a necessary prerequisite for further work on 45302 dynamic speculation. 45303 45304 * dfg/DFGJITCodeGenerator.cpp: 45305 (JSC::DFG::JITCodeGenerator::clearGenerationInfo): 45306 * dfg/DFGJITCodeGenerator.h: 45307 * dfg/DFGSpeculativeJIT.cpp: 45308 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 45309 (JSC::DFG::SpeculativeJIT::compile): 45310 * dfg/DFGSpeculativeJIT.h: 45311 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 45312 453132011-09-09 Chris Marrin <cmarrin@apple.com> 45314 45315 requestAnimationFrame doesn't throttle on Mac 45316 https://bugs.webkit.org/show_bug.cgi?id=67171 45317 45318 Reviewed by Simon Fraser. 45319 45320 Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run 45321 requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController. 45322 Currently only enabled for PLATFORM(MAC) 45323 45324 * wtf/Platform.h: 45325 453262011-09-09 Geoffrey Garen <ggaren@apple.com> 45327 45328 Reviewed by Dan Bernstein. 45329 45330 Removed ENABLE(SINGLE_THREADED) support, since it is always false 45331 https://bugs.webkit.org/show_bug.cgi?id=67862 45332 45333 Next step toward making the baseline platform assumption that threads exist. 45334 45335 * wtf/wtf.pri: 45336 * JavaScriptCore.gypi: 45337 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to 45338 ThreadingNone.cpp, which was only compiled in single-threaded mode. 45339 45340 * wtf/Platform.h: 45341 * wtf/ThreadSpecific.h: 45342 (WTF::::destroy): 45343 * wtf/qt/ThreadingQt.cpp: Removed now-dead code. 45344 45345 * wtf/ThreadingNone.cpp: Removed. 45346 453472011-09-09 Mark Hahnenberg <mhahnenberg@apple.com> 45348 45349 Unzip initialization lists and constructors in JSCell hierarchy (5/7) 45350 https://bugs.webkit.org/show_bug.cgi?id=67420 45351 45352 Reviewed by Geoffrey Garen. 45353 45354 Completed the fifth level of the refactoring to add finishCreation() 45355 methods to all classes within the JSCell hierarchy with non-trivial 45356 constructor bodies. 45357 45358 This primarily consists of pushing the calls to finishCreation() down 45359 into the constructors of the subclasses of the second level of the hierarchy 45360 as well as pulling the finishCreation() calls out into the class's corresponding 45361 create() method if it has one. Doing both simultaneously allows us to 45362 maintain the invariant that the finishCreation() method chain is called exactly 45363 once during the creation of an object, since calling it any other number of 45364 times (0, 2, or more) will cause an assertion failure. 45365 45366 * API/JSCallbackConstructor.cpp: 45367 (JSC::JSCallbackConstructor::JSCallbackConstructor): 45368 * API/JSCallbackConstructor.h: 45369 (JSC::JSCallbackConstructor::create): 45370 * API/JSCallbackFunction.cpp: 45371 (JSC::JSCallbackFunction::JSCallbackFunction): 45372 (JSC::JSCallbackFunction::finishCreation): 45373 * API/JSCallbackFunction.h: 45374 * API/JSCallbackObject.h: 45375 * API/JSCallbackObjectFunctions.h: 45376 (JSC::::JSCallbackObject): 45377 (JSC::::finishCreation): 45378 * JavaScriptCore.exp: 45379 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 45380 * debugger/DebuggerActivation.cpp: 45381 * debugger/DebuggerActivation.h: 45382 (JSC::DebuggerActivation::create): 45383 * jsc.cpp: 45384 (GlobalObject::finishCreation): 45385 (GlobalObject::GlobalObject): 45386 * runtime/ArrayConstructor.cpp: 45387 (JSC::ArrayConstructor::ArrayConstructor): 45388 (JSC::ArrayConstructor::finishCreation): 45389 * runtime/ArrayConstructor.h: 45390 * runtime/ArrayPrototype.cpp: 45391 (JSC::ArrayPrototype::ArrayPrototype): 45392 * runtime/ArrayPrototype.h: 45393 (JSC::ArrayPrototype::create): 45394 * runtime/BooleanConstructor.cpp: 45395 (JSC::BooleanConstructor::BooleanConstructor): 45396 (JSC::BooleanConstructor::finishCreation): 45397 * runtime/BooleanConstructor.h: 45398 * runtime/BooleanObject.cpp: 45399 (JSC::BooleanObject::BooleanObject): 45400 * runtime/BooleanObject.h: 45401 (JSC::BooleanObject::create): 45402 * runtime/BooleanPrototype.cpp: 45403 (JSC::BooleanPrototype::BooleanPrototype): 45404 (JSC::BooleanPrototype::finishCreation): 45405 * runtime/BooleanPrototype.h: 45406 * runtime/DateConstructor.cpp: 45407 (JSC::DateConstructor::DateConstructor): 45408 (JSC::DateConstructor::finishCreation): 45409 * runtime/DateConstructor.h: 45410 * runtime/DateInstance.cpp: 45411 (JSC::DateInstance::DateInstance): 45412 * runtime/DateInstance.h: 45413 (JSC::DateInstance::create): 45414 * runtime/DatePrototype.cpp: 45415 (JSC::DatePrototype::DatePrototype): 45416 (JSC::DatePrototype::finishCreation): 45417 * runtime/DatePrototype.h: 45418 * runtime/Error.cpp: 45419 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): 45420 * runtime/ErrorConstructor.cpp: 45421 (JSC::ErrorConstructor::ErrorConstructor): 45422 (JSC::ErrorConstructor::finishCreation): 45423 * runtime/ErrorConstructor.h: 45424 * runtime/ErrorPrototype.cpp: 45425 (JSC::ErrorPrototype::ErrorPrototype): 45426 * runtime/ErrorPrototype.h: 45427 (JSC::ErrorPrototype::create): 45428 * runtime/FunctionConstructor.cpp: 45429 (JSC::FunctionConstructor::FunctionConstructor): 45430 (JSC::FunctionConstructor::finishCreation): 45431 * runtime/FunctionConstructor.h: 45432 * runtime/FunctionPrototype.cpp: 45433 (JSC::FunctionPrototype::FunctionPrototype): 45434 (JSC::FunctionPrototype::finishCreation): 45435 * runtime/FunctionPrototype.h: 45436 * runtime/InternalFunction.cpp: 45437 (JSC::InternalFunction::InternalFunction): 45438 * runtime/InternalFunction.h: 45439 * runtime/JSActivation.cpp: 45440 (JSC::JSActivation::JSActivation): 45441 * runtime/JSActivation.h: 45442 (JSC::JSActivation::create): 45443 * runtime/JSGlobalObject.h: 45444 (JSC::JSGlobalObject::create): 45445 (JSC::JSGlobalObject::JSGlobalObject): 45446 * runtime/JSONObject.cpp: 45447 (JSC::JSONObject::JSONObject): 45448 * runtime/JSONObject.h: 45449 (JSC::JSONObject::create): 45450 * runtime/JSStaticScopeObject.h: 45451 (JSC::JSStaticScopeObject::create): 45452 (JSC::JSStaticScopeObject::JSStaticScopeObject): 45453 * runtime/JSString.cpp: 45454 (JSC::StringObject::create): 45455 * runtime/MathObject.cpp: 45456 (JSC::MathObject::MathObject): 45457 * runtime/MathObject.h: 45458 (JSC::MathObject::create): 45459 * runtime/NativeErrorConstructor.cpp: 45460 (JSC::NativeErrorConstructor::NativeErrorConstructor): 45461 * runtime/NativeErrorConstructor.h: 45462 (JSC::NativeErrorConstructor::finishCreation): 45463 * runtime/NativeErrorPrototype.cpp: 45464 (JSC::NativeErrorPrototype::NativeErrorPrototype): 45465 (JSC::NativeErrorPrototype::finishCreation): 45466 * runtime/NativeErrorPrototype.h: 45467 * runtime/NumberConstructor.cpp: 45468 (JSC::NumberConstructor::NumberConstructor): 45469 (JSC::NumberConstructor::finishCreation): 45470 * runtime/NumberConstructor.h: 45471 * runtime/NumberObject.cpp: 45472 (JSC::NumberObject::NumberObject): 45473 * runtime/NumberObject.h: 45474 (JSC::NumberObject::create): 45475 * runtime/NumberPrototype.cpp: 45476 (JSC::NumberPrototype::NumberPrototype): 45477 (JSC::NumberPrototype::finishCreation): 45478 * runtime/NumberPrototype.h: 45479 * runtime/ObjectConstructor.cpp: 45480 (JSC::ObjectConstructor::ObjectConstructor): 45481 (JSC::ObjectConstructor::finishCreation): 45482 * runtime/ObjectConstructor.h: 45483 * runtime/RegExpConstructor.cpp: 45484 (JSC::RegExpConstructor::RegExpConstructor): 45485 (JSC::RegExpConstructor::finishCreation): 45486 (JSC::RegExpMatchesArray::RegExpMatchesArray): 45487 * runtime/RegExpConstructor.h: 45488 * runtime/RegExpMatchesArray.h: 45489 (JSC::RegExpMatchesArray::create): 45490 * runtime/RegExpObject.cpp: 45491 (JSC::RegExpObject::RegExpObject): 45492 * runtime/RegExpObject.h: 45493 (JSC::RegExpObject::create): 45494 * runtime/RegExpPrototype.cpp: 45495 (JSC::RegExpPrototype::RegExpPrototype): 45496 * runtime/StringConstructor.cpp: 45497 (JSC::StringConstructor::StringConstructor): 45498 (JSC::StringConstructor::finishCreation): 45499 * runtime/StringConstructor.h: 45500 * runtime/StringObject.cpp: 45501 (JSC::StringObject::StringObject): 45502 * runtime/StringObject.h: 45503 (JSC::StringObject::create): 45504 * runtime/StringObjectThatMasqueradesAsUndefined.h: 45505 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): 45506 * runtime/StringPrototype.cpp: 45507 (JSC::StringPrototype::StringPrototype): 45508 (JSC::StringPrototype::finishCreation): 45509 * runtime/StringPrototype.h: 45510 455112011-09-09 Geoffrey Garen <ggaren@apple.com> 45512 45513 Build fix: Guard against double-#define for something already #defined 45514 by the build system. 45515 45516 * wtf/Platform.h: 45517 455182011-09-09 Geoffrey Garen <ggaren@apple.com> 45519 45520 Reviewed by Dan Bernstein. 45521 45522 Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or 45523 !ENABLE_WTF_MULTIPLE_THREADS 45524 https://bugs.webkit.org/show_bug.cgi?id=67860 45525 45526 First step toward making the baseline platform assumption that threads 45527 exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, 45528 or !ENABLE_WTF_MULTIPLE_THREADS. 45529 45530 * wtf/Platform.h: 45531 455322011-09-09 Laszlo Gombos <laszlo.1.gombos@nokia.com> 45533 45534 [Qt] Remove common.pri 45535 https://bugs.webkit.org/show_bug.cgi?id=67814 45536 45537 Reviewed by Andreas Kling. 45538 45539 * JavaScriptCore.pri: 45540 455412011-09-08 Mark Hahnenberg <mhahnenberg@apple.com> 45542 45543 REGRESSION(r94811): Assertion failure in 2 worker tests 45544 https://bugs.webkit.org/show_bug.cgi?id=67829 45545 45546 Reviewed by Sam Weinig. 45547 45548 Fixing a couple tests that were broken due to the wrong values being 45549 set in the parent class pointers in the ClassInfo structs for 45550 TerminatedExecutionError and InterruptedExecutionError. 45551 45552 * runtime/ExceptionHelpers.cpp: 45553 455542011-09-08 Oliver Hunt <oliver@apple.com> 45555 45556 Use bump allocator for initial property storage 45557 https://bugs.webkit.org/show_bug.cgi?id=67494 45558 45559 Reviewed by Geoffrey Garen. 45560 45561 Use a bump allocator for initial allocation of property storage, 45562 and promote to fastMalloc memory only if it survives a GC pass. 45563 45564 Comes out as a 1% win on v8, and is a useful step on the way to 45565 GC allocation of all property storage. 45566 45567 * JavaScriptCore.exp: 45568 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 45569 * JavaScriptCore.xcodeproj/project.pbxproj: 45570 * heap/Heap.cpp: 45571 (JSC::Heap::collect): 45572 * heap/Heap.h: 45573 (JSC::Heap::allocatePropertyStorage): 45574 (JSC::Heap::inPropertyStorageNursery): 45575 * heap/MarkedBlock.h: 45576 * heap/NewSpace.cpp: 45577 (JSC::NewSpace::NewSpace): 45578 * heap/NewSpace.h: 45579 (JSC::NewSpace::resetPropertyStorageNursery): 45580 (JSC::NewSpace::allocatePropertyStorage): 45581 (JSC::NewSpace::inPropertyStorageNursery): 45582 * jit/JITStubs.cpp: 45583 (JSC::DEFINE_STUB_FUNCTION): 45584 * runtime/JSObject.cpp: 45585 (JSC::JSObject::allocatePropertyStorage): 45586 * runtime/JSObject.h: 45587 (JSC::JSObject::isUsingInlineStorage): 45588 (JSC::JSObject::JSObject): 45589 (JSC::JSObject::propertyStorage): 45590 (JSC::JSObject::~JSObject): 45591 (JSC::JSObject::putDirectInternal): 45592 (JSC::JSObject::putDirectWithoutTransition): 45593 (JSC::JSObject::putDirectFunctionWithoutTransition): 45594 (JSC::JSObject::transitionTo): 45595 (JSC::JSObject::visitChildrenDirect): 45596 * runtime/StorageBarrier.h: Added. 45597 (JSC::StorageBarrier::StorageBarrier): 45598 (JSC::StorageBarrier::set): 45599 (JSC::StorageBarrier::operator->): 45600 (JSC::StorageBarrier::operator*): 45601 (JSC::StorageBarrier::operator[]): 45602 (JSC::StorageBarrier::get): 45603 456042011-09-08 Sam Weinig <sam@webkit.org> 45605 45606 Remove the Completion object from JSC, I have never liked it 45607 https://bugs.webkit.org/show_bug.cgi?id=67755 45608 45609 Reviewed by Gavin Barraclough. 45610 45611 - Removes the Completion object and replaces its use with out parameter exceptions. 45612 - Remove ComplType and virtual exceptionType() function on JSObject. Replace with 45613 ClassInfo for InterruptedExecutionError and TerminatedExecutionError. 45614 45615 * API/JSBase.cpp: 45616 (JSEvaluateScript): 45617 (JSCheckScriptSyntax): 45618 * JavaScriptCore.exp: 45619 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 45620 * interpreter/Interpreter.cpp: 45621 (JSC::Interpreter::throwException): 45622 * jsc.cpp: 45623 (functionLoad): 45624 (functionCheckSyntax): 45625 (runWithScripts): 45626 (runInteractive): 45627 * runtime/Completion.cpp: 45628 (JSC::checkSyntax): 45629 (JSC::evaluate): 45630 * runtime/Completion.h: 45631 * runtime/ExceptionHelpers.cpp: 45632 (JSC::InterruptedExecutionError::toString): 45633 (JSC::TerminatedExecutionError::toString): 45634 (JSC::createInterruptedExecutionException): 45635 * runtime/ExceptionHelpers.h: 45636 (JSC::InterruptedExecutionError::InterruptedExecutionError): 45637 (JSC::InterruptedExecutionError::create): 45638 (JSC::InterruptedExecutionError::createStructure): 45639 (JSC::TerminatedExecutionError::TerminatedExecutionError): 45640 (JSC::TerminatedExecutionError::create): 45641 (JSC::TerminatedExecutionError::createStructure): 45642 * runtime/JSGlobalData.cpp: 45643 (JSC::JSGlobalData::JSGlobalData): 45644 * runtime/JSObject.h: 45645 456462011-09-08 Ryosuke Niwa <rniwa@webkit.org> 45647 45648 Build fix. 45649 45650 * dfg/DFGCapabilities.cpp: 45651 456522011-09-08 Filip Pizlo <fpizlo@apple.com> 45653 45654 Value profling and execution count profiling is performed even for 45655 code that cannot be optimized 45656 https://bugs.webkit.org/show_bug.cgi?id=67694 45657 45658 Reviewed by Gavin Barraclough. 45659 45660 This is a 2% speed-up on V8 when tiered compilation is enabled. 45661 45662 * JavaScriptCore.xcodeproj/project.pbxproj: 45663 * bytecode/CodeBlock.cpp: 45664 (JSC::ProgramCodeBlock::canCompileWithDFG): 45665 (JSC::EvalCodeBlock::canCompileWithDFG): 45666 (JSC::FunctionCodeBlock::canCompileWithDFG): 45667 * bytecode/CodeBlock.h: 45668 * dfg/DFGCapabilities.cpp: Added. 45669 (JSC::DFG::canCompileOpcodes): 45670 * dfg/DFGCapabilities.h: Added. 45671 (JSC::DFG::mightCompileEval): 45672 (JSC::DFG::mightCompileProgram): 45673 (JSC::DFG::mightCompileFunctionForCall): 45674 (JSC::DFG::mightCompileFunctionForConstruct): 45675 (JSC::DFG::canCompileOpcode): 45676 (JSC::DFG::canCompileEval): 45677 (JSC::DFG::canCompileProgram): 45678 (JSC::DFG::canCompileFunctionForCall): 45679 (JSC::DFG::canCompileFunctionForConstruct): 45680 * jit/JIT.cpp: 45681 (JSC::JIT::emitOptimizationCheck): 45682 (JSC::JIT::privateCompile): 45683 * jit/JIT.h: 45684 (JSC::JIT::shouldEmitProfiling): 45685 * jit/JITInlineMethods.h: 45686 (JSC::JIT::emitValueProfilingSite): 45687 456882011-09-08 Filip Pizlo <fpizlo@apple.com> 45689 45690 DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries 45691 https://bugs.webkit.org/show_bug.cgi?id=67840 45692 45693 Reviewed by Gavin Barraclough. 45694 45695 * dfg/DFGSpeculativeJIT.cpp: 45696 (JSC::DFG::SpeculativeJIT::initializeVariableTypes): 45697 456982011-09-08 Thouraya ANDOLSI <thouraya.andolsi@st.com> 45699 45700 https://bugs.webkit.org/show_bug.cgi?id=67771 45701 45702 Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace 45703 and patchOffsetGetByIdSlowCaseCall 45704 and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms. 45705 45706 Reviewed by Gavin Barraclough. 45707 45708 * jit/JIT.h: 45709 * wtf/dtoa/utils.h: 45710 457112011-09-08 Mark Hahnenberg <mhahnenberg@apple.com> 45712 45713 Remove getUInt32 from JSCell 45714 https://bugs.webkit.org/show_bug.cgi?id=67691 45715 45716 Reviewed by Oliver Hunt. 45717 45718 We don't use JSCell::getUInt32 anymore, so it has been removed. 45719 45720 * JavaScriptCore.exp: 45721 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 45722 * runtime/JSCell.cpp: 45723 * runtime/JSCell.h: 45724 457252011-09-07 Filip Pizlo <fpizlo@apple.com> 45726 45727 PPC build fix. 45728 45729 * bytecode/CodeBlock.cpp: 45730 (JSC::CodeBlock::~CodeBlock): 45731 457322011-09-07 Oliver Hunt <oliver@apple.com> 45733 45734 Release mode build fix. 45735 45736 * API/JSCallbackObject.h: 45737 (JSC::JSCallbackObject::create): 45738 457392011-09-06 Oliver Hunt <oliver@apple.com> 45740 45741 Remove JSObjectWithGlobalObject 45742 https://bugs.webkit.org/show_bug.cgi?id=67689 45743 45744 Reviewed by Geoff Garen. 45745 45746 Remove JSObjectWithGlobalObject, and update code to stop using anonymous 45747 storage to access the global object that a JSObject comes from. Largely 45748 mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject. 45749 45750 * API/JSCallbackConstructor.cpp: 45751 (JSC::JSCallbackConstructor::JSCallbackConstructor): 45752 (JSC::JSCallbackConstructor::finishCreation): 45753 * API/JSCallbackConstructor.h: 45754 * API/JSCallbackObject.cpp: 45755 * API/JSCallbackObject.h: 45756 (JSC::JSCallbackObject::create): 45757 * API/JSCallbackObjectFunctions.h: 45758 (JSC::::JSCallbackObject): 45759 (JSC::::finishCreation): 45760 (JSC::::staticFunctionGetter): 45761 * API/JSClassRef.cpp: 45762 (OpaqueJSClass::prototype): 45763 * API/JSObjectRef.cpp: 45764 (JSObjectMake): 45765 (JSObjectGetPrivate): 45766 (JSObjectSetPrivate): 45767 (JSObjectGetPrivateProperty): 45768 (JSObjectSetPrivateProperty): 45769 (JSObjectDeletePrivateProperty): 45770 * API/JSValueRef.cpp: 45771 (JSValueIsObjectOfClass): 45772 * API/JSWeakObjectMapRefPrivate.cpp: 45773 * JavaScriptCore.exp: 45774 * JavaScriptCore.xcodeproj/project.pbxproj: 45775 * bytecode/CodeBlock.h: 45776 * dfg/DFGRepatch.cpp: 45777 (JSC::DFG::dfgRepatchGetMethodFast): 45778 (JSC::DFG::tryCacheGetMethod): 45779 * jit/JIT.h: 45780 * jit/JITInlineMethods.h: 45781 (JSC::JIT::emitAllocateJSFunction): 45782 * jit/JITPropertyAccess.cpp: 45783 (JSC::JIT::patchMethodCallProto): 45784 * jit/JITStubs.cpp: 45785 (JSC::DEFINE_STUB_FUNCTION): 45786 * runtime/DatePrototype.cpp: 45787 * runtime/InternalFunction.cpp: 45788 (JSC::InternalFunction::InternalFunction): 45789 (JSC::InternalFunction::finishCreation): 45790 * runtime/InternalFunction.h: 45791 * runtime/JSFunction.cpp: 45792 (JSC::JSFunction::JSFunction): 45793 (JSC::JSFunction::finishCreation): 45794 * runtime/JSFunction.h: 45795 (JSC::JSFunction::create): 45796 (JSC::JSFunction::createStructure): 45797 * runtime/JSGlobalObject.cpp: 45798 (JSC::JSGlobalObject::reset): 45799 * runtime/JSONObject.cpp: 45800 (JSC::JSONObject::JSONObject): 45801 (JSC::JSONObject::finishCreation): 45802 * runtime/JSONObject.h: 45803 * runtime/JSObject.h: 45804 (JSC::JSObject::globalObject): 45805 * runtime/JSObjectWithGlobalObject.cpp: Removed. 45806 * runtime/JSObjectWithGlobalObject.h: Removed. 45807 * runtime/JSValue.cpp: 45808 (JSC::JSValue::isValidCallee): 45809 * runtime/Lookup.cpp: 45810 (JSC::setUpStaticFunctionSlot): 45811 * runtime/Lookup.h: 45812 * runtime/MathObject.cpp: 45813 (JSC::MathObject::MathObject): 45814 (JSC::MathObject::finishCreation): 45815 * runtime/MathObject.h: 45816 * runtime/NumberPrototype.cpp: 45817 * runtime/RegExpObject.cpp: 45818 (JSC::RegExpObject::RegExpObject): 45819 (JSC::RegExpObject::finishCreation): 45820 * runtime/RegExpObject.h: 45821 * runtime/Structure.cpp: 45822 (JSC::Structure::Structure): 45823 * runtime/Structure.h: 45824 (JSC::Structure::create): 45825 (JSC::Structure::globalObject): 45826 458272011-09-07 Gavin Barraclough <barraclough@apple.com> 45828 45829 Refactor JIT checks for ObjectType into helper functions. 45830 45831 Rubber stamped by Sam Weinig. 45832 45833 * dfg/DFGJITCompiler.h: 45834 (JSC::DFG::JITCompiler::branchIfNotObject): 45835 * dfg/DFGNonSpeculativeJIT.cpp: 45836 (JSC::DFG::NonSpeculativeJIT::compile): 45837 * dfg/DFGSpeculativeJIT.cpp: 45838 (JSC::DFG::SpeculativeJIT::compile): 45839 * jit/JIT.h: 45840 * jit/JITCall32_64.cpp: 45841 (JSC::JIT::emit_op_ret_object_or_this): 45842 * jit/JITInlineMethods.h: 45843 (JSC::JIT::emitJumpIfNotObject): 45844 * jit/JITOpcodes.cpp: 45845 (JSC::JIT::emit_op_instanceof): 45846 (JSC::JIT::emit_op_ret_object_or_this): 45847 (JSC::JIT::emit_op_get_pnames): 45848 (JSC::JIT::emit_op_create_this): 45849 * jit/JITOpcodes32_64.cpp: 45850 (JSC::JIT::emit_op_instanceof): 45851 (JSC::JIT::emit_op_get_pnames): 45852 (JSC::JIT::emit_op_create_this): 45853 458542011-09-07 Sheriff Bot <webkit.review.bot@gmail.com> 45855 45856 Unreviewed, rolling out r94627 and r94632. 45857 http://trac.webkit.org/changeset/94627 45858 http://trac.webkit.org/changeset/94632 45859 https://bugs.webkit.org/show_bug.cgi?id=67698 45860 45861 It broke tests on GTK and Qt (Requested by Ossy on #webkit). 45862 45863 * API/JSCallbackConstructor.cpp: 45864 (JSC::JSCallbackConstructor::JSCallbackConstructor): 45865 * API/JSCallbackConstructor.h: 45866 (JSC::JSCallbackConstructor::create): 45867 * API/JSCallbackFunction.cpp: 45868 (JSC::JSCallbackFunction::JSCallbackFunction): 45869 * API/JSCallbackFunction.h: 45870 * JavaScriptCore.exp: 45871 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 45872 * debugger/DebuggerActivation.cpp: 45873 (JSC::DebuggerActivation::create): 45874 * debugger/DebuggerActivation.h: 45875 * jsc.cpp: 45876 (GlobalObject::constructorBody): 45877 (GlobalObject::GlobalObject): 45878 * runtime/ArrayConstructor.cpp: 45879 (JSC::ArrayConstructor::ArrayConstructor): 45880 * runtime/ArrayConstructor.h: 45881 * runtime/ArrayPrototype.cpp: 45882 (JSC::ArrayPrototype::ArrayPrototype): 45883 * runtime/ArrayPrototype.h: 45884 (JSC::ArrayPrototype::create): 45885 * runtime/BooleanConstructor.cpp: 45886 (JSC::BooleanConstructor::BooleanConstructor): 45887 * runtime/BooleanConstructor.h: 45888 * runtime/BooleanObject.cpp: 45889 (JSC::BooleanObject::BooleanObject): 45890 * runtime/BooleanObject.h: 45891 (JSC::BooleanObject::create): 45892 * runtime/BooleanPrototype.cpp: 45893 (JSC::BooleanPrototype::BooleanPrototype): 45894 * runtime/BooleanPrototype.h: 45895 * runtime/DateConstructor.cpp: 45896 (JSC::DateConstructor::DateConstructor): 45897 * runtime/DateConstructor.h: 45898 * runtime/DateInstance.cpp: 45899 (JSC::DateInstance::DateInstance): 45900 * runtime/DateInstance.h: 45901 (JSC::DateInstance::create): 45902 * runtime/DatePrototype.cpp: 45903 (JSC::DatePrototype::DatePrototype): 45904 * runtime/DatePrototype.h: 45905 * runtime/Error.cpp: 45906 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): 45907 * runtime/ErrorConstructor.cpp: 45908 (JSC::ErrorConstructor::ErrorConstructor): 45909 * runtime/ErrorConstructor.h: 45910 (JSC::ErrorConstructor::create): 45911 * runtime/ErrorPrototype.cpp: 45912 (JSC::ErrorPrototype::ErrorPrototype): 45913 * runtime/ErrorPrototype.h: 45914 (JSC::ErrorPrototype::create): 45915 * runtime/FunctionConstructor.cpp: 45916 (JSC::FunctionConstructor::FunctionConstructor): 45917 * runtime/FunctionConstructor.h: 45918 * runtime/FunctionPrototype.cpp: 45919 (JSC::FunctionPrototype::FunctionPrototype): 45920 * runtime/FunctionPrototype.h: 45921 * runtime/InternalFunction.cpp: 45922 (JSC::InternalFunction::InternalFunction): 45923 * runtime/InternalFunction.h: 45924 * runtime/JSActivation.cpp: 45925 (JSC::JSActivation::JSActivation): 45926 * runtime/JSActivation.h: 45927 (JSC::JSActivation::create): 45928 * runtime/JSGlobalObject.h: 45929 (JSC::JSGlobalObject::create): 45930 (JSC::JSGlobalObject::JSGlobalObject): 45931 * runtime/JSONObject.cpp: 45932 (JSC::JSONObject::JSONObject): 45933 * runtime/JSONObject.h: 45934 (JSC::JSONObject::create): 45935 * runtime/JSStaticScopeObject.h: 45936 (JSC::JSStaticScopeObject::create): 45937 (JSC::JSStaticScopeObject::JSStaticScopeObject): 45938 * runtime/JSString.cpp: 45939 (JSC::StringObject::create): 45940 * runtime/MathObject.cpp: 45941 (JSC::MathObject::MathObject): 45942 * runtime/MathObject.h: 45943 (JSC::MathObject::create): 45944 * runtime/NativeErrorConstructor.cpp: 45945 (JSC::NativeErrorConstructor::NativeErrorConstructor): 45946 * runtime/NativeErrorConstructor.h: 45947 (JSC::NativeErrorConstructor::constructorBody): 45948 * runtime/NativeErrorPrototype.cpp: 45949 (JSC::NativeErrorPrototype::NativeErrorPrototype): 45950 (JSC::NativeErrorPrototype::constructorBody): 45951 * runtime/NativeErrorPrototype.h: 45952 * runtime/NumberConstructor.cpp: 45953 (JSC::NumberConstructor::NumberConstructor): 45954 * runtime/NumberConstructor.h: 45955 * runtime/NumberObject.cpp: 45956 (JSC::NumberObject::NumberObject): 45957 * runtime/NumberObject.h: 45958 (JSC::NumberObject::create): 45959 * runtime/NumberPrototype.cpp: 45960 (JSC::NumberPrototype::NumberPrototype): 45961 * runtime/NumberPrototype.h: 45962 * runtime/ObjectConstructor.cpp: 45963 (JSC::ObjectConstructor::ObjectConstructor): 45964 * runtime/ObjectConstructor.h: 45965 * runtime/RegExpConstructor.cpp: 45966 (JSC::RegExpConstructor::RegExpConstructor): 45967 (JSC::RegExpMatchesArray::RegExpMatchesArray): 45968 * runtime/RegExpConstructor.h: 45969 * runtime/RegExpMatchesArray.h: 45970 (JSC::RegExpMatchesArray::create): 45971 * runtime/RegExpObject.cpp: 45972 (JSC::RegExpObject::RegExpObject): 45973 * runtime/RegExpObject.h: 45974 (JSC::RegExpObject::create): 45975 * runtime/RegExpPrototype.cpp: 45976 (JSC::RegExpPrototype::RegExpPrototype): 45977 * runtime/StringConstructor.cpp: 45978 (JSC::StringConstructor::StringConstructor): 45979 * runtime/StringConstructor.h: 45980 * runtime/StringObject.cpp: 45981 (JSC::StringObject::StringObject): 45982 * runtime/StringObject.h: 45983 (JSC::StringObject::create): 45984 * runtime/StringObjectThatMasqueradesAsUndefined.h: 45985 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): 45986 * runtime/StringPrototype.cpp: 45987 (JSC::StringPrototype::StringPrototype): 45988 * runtime/StringPrototype.h: 45989 459902011-09-06 Xianzhu Wang <wangxianzhu@chromium.org> 45991 45992 Replace usages of Vector<UChar> with existing StringBuilder 45993 https://bugs.webkit.org/show_bug.cgi?id=67079 45994 45995 Reviewed by Gavin Barraclough. 45996 45997 This is part of work to support 8-bit string buffers. 45998 Adds StringBuilder::characters() because the original Vector<UChar>::data() 45999 is widely used. 46000 Sets the minimum size of buffer to 16 to prevent possible performance 46001 regression. Further performance investigation should be done in 46002 https://bugs.webkit.org/show_bug.cgi?id=67084. 46003 46004 * wtf/Forward.h: 46005 * wtf/text/StringBuilder.cpp: 46006 (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes. 46007 * wtf/text/StringBuilder.h: 46008 (WTF::StringBuilder::operator[]): 46009 (WTF::StringBuilder::characters): Added. 46010 460112011-09-06 Mark Hahnenberg <mhahnenberg@apple.com> 46012 46013 Fix broken snow leopard build 46014 https://bugs.webkit.org/show_bug.cgi?id=67693 46015 46016 Reviewed by Daniel Bates. 46017 46018 Removed unnecessary symbol export. 46019 46020 * JavaScriptCore.exp: 46021 460222011-09-06 Filip Pizlo <fpizlo@apple.com> 46023 46024 DFG JIT does not optimize booleans 46025 https://bugs.webkit.org/show_bug.cgi?id=67670 46026 46027 Reviewed by Gavin Barraclough. 46028 46029 This adds boolean value profiling, boolean prediction in the DFG, 46030 boolean forward flow propagation in the DFGPropagator, boolean 46031 data format in DFG generation info, and comprehensive optimizations 46032 based on both boolean prediction and boolean generation info. 46033 This is brings the speed-up on v8-richards to 12%, and gives slight 46034 speed-ups elsewhere as well. 46035 46036 Making this work right required navigating some subtleties in 46037 value profiling. Some functions get compiled with insufficient 46038 information because some important path of the function never 46039 executed. In these cases, we wish to fall back on static 46040 speculation. But to do so, we need to ensure that predictions that 46041 are inherent in the code (like that GetById almost certainly takes 46042 a cell operand) are reflected in predictions that we make in 46043 DFGPropagator. Thus, DFGPropagator now does both backward and 46044 forward flow, using a both forward and backward fixpoint. 46045 46046 The backward flow in DFGPropagator is a separate static analysis, 46047 and needs to keep a set of backward flow abstract values for 46048 variables, arguments, and globals. To make this easy, this patch 46049 factors out DFGGraph's prediction tracking capability into 46050 DFGPredictionTracker, which now gets used by both DFGGraph (for 46051 forward flow predictions) and DFGPropagator (for backward flow 46052 predictions). Backward flow predictions eventually get merged 46053 into forward flow ones, but the two are not equivalent: a forward 46054 flow prediction is a superset of the backward flow prediction. 46055 46056 Debugging these prediction issues required a better understanding 46057 of where we fail speculation, and what our value predictions look 46058 like. This patch also adds optional verbose speculation failure 46059 (so an informative printf fires whenever speculation failure occurs) 46060 and slight improvements to the verbosity in other places. 46061 46062 * bytecode/ValueProfile.h: 46063 (JSC::ValueProfile::numberOfBooleans): 46064 (JSC::ValueProfile::probabilityOfBoolean): 46065 (JSC::ValueProfile::dump): 46066 (JSC::ValueProfile::computeStatistics): 46067 * dfg/DFGByteCodeParser.cpp: 46068 (JSC::DFG::ByteCodeParser::stronglyPredict): 46069 (JSC::DFG::ByteCodeParser::parseBlock): 46070 * dfg/DFGGenerationInfo.h: 46071 (JSC::DFG::dataFormatToString): 46072 (JSC::DFG::needDataFormatConversion): 46073 * dfg/DFGGraph.cpp: 46074 (JSC::DFG::Graph::dump): 46075 (JSC::DFG::Graph::predictArgumentTypes): 46076 * dfg/DFGGraph.h: 46077 (JSC::DFG::Graph::Graph): 46078 (JSC::DFG::Graph::predictions): 46079 (JSC::DFG::Graph::predict): 46080 (JSC::DFG::Graph::predictGlobalVar): 46081 (JSC::DFG::Graph::getPrediction): 46082 (JSC::DFG::Graph::getGlobalVarPrediction): 46083 (JSC::DFG::Graph::isBooleanConstant): 46084 (JSC::DFG::Graph::valueOfBooleanConstant): 46085 * dfg/DFGJITCodeGenerator.cpp: 46086 (JSC::DFG::JITCodeGenerator::fillInteger): 46087 (JSC::DFG::JITCodeGenerator::fillDouble): 46088 (JSC::DFG::JITCodeGenerator::fillJSValue): 46089 (JSC::DFG::JITCodeGenerator::isKnownNotInteger): 46090 (JSC::DFG::JITCodeGenerator::isKnownBoolean): 46091 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): 46092 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 46093 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): 46094 (JSC::DFG::JITCodeGenerator::emitBranch): 46095 (JSC::DFG::JITCodeGenerator::speculationCheck): 46096 (JSC::DFG::GPRTemporary::GPRTemporary): 46097 * dfg/DFGJITCodeGenerator.h: 46098 (JSC::DFG::JITCodeGenerator::isBooleanConstant): 46099 (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant): 46100 * dfg/DFGJITCompiler.cpp: 46101 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 46102 (JSC::DFG::JITCompiler::link): 46103 * dfg/DFGJITCompiler.h: 46104 (JSC::DFG::JITCompiler::debugCall): 46105 (JSC::DFG::JITCompiler::isBooleanConstant): 46106 (JSC::DFG::JITCompiler::valueOfBooleanConstant): 46107 * dfg/DFGNode.h: 46108 (JSC::DFG::isBooleanPrediction): 46109 (JSC::DFG::predictionToString): 46110 (JSC::DFG::mergePredictions): 46111 (JSC::DFG::makePrediction): 46112 (JSC::DFG::Node::isBooleanConstant): 46113 (JSC::DFG::Node::valueOfBooleanConstant): 46114 (JSC::DFG::Node::hasBooleanResult): 46115 (JSC::DFG::Node::hasNumericResult): 46116 (JSC::DFG::Node::predict): 46117 * dfg/DFGOperations.cpp: 46118 * dfg/DFGOperations.h: 46119 * dfg/DFGPredictionTracker.h: Added. 46120 (JSC::DFG::operandIsArgument): 46121 (JSC::DFG::PredictionSlot::PredictionSlot): 46122 (JSC::DFG::PredictionTracker::PredictionTracker): 46123 (JSC::DFG::PredictionTracker::initializeSimilarTo): 46124 (JSC::DFG::PredictionTracker::numberOfArguments): 46125 (JSC::DFG::PredictionTracker::numberOfVariables): 46126 (JSC::DFG::PredictionTracker::argumentOffsetForOperand): 46127 (JSC::DFG::PredictionTracker::predictArgument): 46128 (JSC::DFG::PredictionTracker::predict): 46129 (JSC::DFG::PredictionTracker::predictGlobalVar): 46130 (JSC::DFG::PredictionTracker::getArgumentPrediction): 46131 (JSC::DFG::PredictionTracker::getPrediction): 46132 (JSC::DFG::PredictionTracker::getGlobalVarPrediction): 46133 * dfg/DFGPropagator.cpp: 46134 (JSC::DFG::Propagator::Propagator): 46135 (JSC::DFG::Propagator::fixpoint): 46136 (JSC::DFG::Propagator::setPrediction): 46137 (JSC::DFG::Propagator::mergeUse): 46138 (JSC::DFG::Propagator::mergePrediction): 46139 (JSC::DFG::Propagator::propagateNode): 46140 * dfg/DFGSpeculativeJIT.cpp: 46141 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 46142 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 46143 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 46144 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): 46145 (JSC::DFG::SpeculativeJIT::compare): 46146 (JSC::DFG::SpeculativeJIT::compile): 46147 * dfg/DFGSpeculativeJIT.h: 46148 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): 46149 (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand): 46150 (JSC::DFG::SpeculateBooleanOperand::index): 46151 (JSC::DFG::SpeculateBooleanOperand::gpr): 46152 (JSC::DFG::SpeculateBooleanOperand::use): 46153 * runtime/JSGlobalData.h: 46154 * runtime/JSValue.cpp: 46155 (JSC::JSValue::description): 46156 461572011-09-06 Mark Hahnenberg <mhahnenberg@apple.com> 46158 46159 Unzip initialization lists and constructors in JSCell hierarchy (5/7) 46160 https://bugs.webkit.org/show_bug.cgi?id=67420 46161 46162 Reviewed by Geoffrey Garen. 46163 46164 Completed the fifth level of the refactoring to add finishCreation() 46165 methods to all classes within the JSCell hierarchy with non-trivial 46166 constructor bodies. 46167 46168 This primarily consists of pushing the calls to finishCreation() down 46169 into the constructors of the subclasses of the second level of the hierarchy 46170 as well as pulling the finishCreation() calls out into the class's corresponding 46171 create() method if it has one. Doing both simultaneously allows us to 46172 maintain the invariant that the finishCreation() method chain is called exactly 46173 once during the creation of an object, since calling it any other number of 46174 times (0, 2, or more) will cause an assertion failure. 46175 46176 * API/JSCallbackConstructor.cpp: 46177 (JSC::JSCallbackConstructor::JSCallbackConstructor): 46178 * API/JSCallbackConstructor.h: 46179 (JSC::JSCallbackConstructor::create): 46180 * API/JSCallbackFunction.cpp: 46181 (JSC::JSCallbackFunction::JSCallbackFunction): 46182 (JSC::JSCallbackFunction::finishCreation): 46183 * API/JSCallbackFunction.h: 46184 * JavaScriptCore.exp: 46185 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 46186 * debugger/DebuggerActivation.cpp: 46187 * debugger/DebuggerActivation.h: 46188 (JSC::DebuggerActivation::create): 46189 * jsc.cpp: 46190 (GlobalObject::finishCreation): 46191 (GlobalObject::GlobalObject): 46192 * runtime/ArrayConstructor.cpp: 46193 (JSC::ArrayConstructor::ArrayConstructor): 46194 (JSC::ArrayConstructor::finishCreation): 46195 * runtime/ArrayConstructor.h: 46196 * runtime/ArrayPrototype.cpp: 46197 (JSC::ArrayPrototype::ArrayPrototype): 46198 * runtime/ArrayPrototype.h: 46199 (JSC::ArrayPrototype::create): 46200 * runtime/BooleanConstructor.cpp: 46201 (JSC::BooleanConstructor::BooleanConstructor): 46202 (JSC::BooleanConstructor::finishCreation): 46203 * runtime/BooleanConstructor.h: 46204 * runtime/BooleanObject.cpp: 46205 (JSC::BooleanObject::BooleanObject): 46206 * runtime/BooleanObject.h: 46207 (JSC::BooleanObject::create): 46208 * runtime/BooleanPrototype.cpp: 46209 (JSC::BooleanPrototype::BooleanPrototype): 46210 (JSC::BooleanPrototype::finishCreation): 46211 * runtime/BooleanPrototype.h: 46212 * runtime/DateConstructor.cpp: 46213 (JSC::DateConstructor::DateConstructor): 46214 (JSC::DateConstructor::finishCreation): 46215 * runtime/DateConstructor.h: 46216 * runtime/DateInstance.cpp: 46217 (JSC::DateInstance::DateInstance): 46218 * runtime/DateInstance.h: 46219 (JSC::DateInstance::create): 46220 * runtime/DatePrototype.cpp: 46221 (JSC::DatePrototype::DatePrototype): 46222 (JSC::DatePrototype::finishCreation): 46223 * runtime/DatePrototype.h: 46224 * runtime/Error.cpp: 46225 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): 46226 * runtime/ErrorConstructor.cpp: 46227 (JSC::ErrorConstructor::ErrorConstructor): 46228 (JSC::ErrorConstructor::finishCreation): 46229 * runtime/ErrorConstructor.h: 46230 * runtime/ErrorPrototype.cpp: 46231 (JSC::ErrorPrototype::ErrorPrototype): 46232 * runtime/ErrorPrototype.h: 46233 (JSC::ErrorPrototype::create): 46234 * runtime/FunctionConstructor.cpp: 46235 (JSC::FunctionConstructor::FunctionConstructor): 46236 (JSC::FunctionConstructor::finishCreation): 46237 * runtime/FunctionConstructor.h: 46238 * runtime/FunctionPrototype.cpp: 46239 (JSC::FunctionPrototype::FunctionPrototype): 46240 (JSC::FunctionPrototype::finishCreation): 46241 * runtime/FunctionPrototype.h: 46242 * runtime/InternalFunction.cpp: 46243 (JSC::InternalFunction::InternalFunction): 46244 * runtime/InternalFunction.h: 46245 * runtime/JSActivation.cpp: 46246 (JSC::JSActivation::JSActivation): 46247 * runtime/JSActivation.h: 46248 (JSC::JSActivation::create): 46249 * runtime/JSGlobalObject.h: 46250 (JSC::JSGlobalObject::create): 46251 (JSC::JSGlobalObject::JSGlobalObject): 46252 * runtime/JSONObject.cpp: 46253 (JSC::JSONObject::JSONObject): 46254 * runtime/JSONObject.h: 46255 (JSC::JSONObject::create): 46256 * runtime/JSStaticScopeObject.h: 46257 (JSC::JSStaticScopeObject::create): 46258 (JSC::JSStaticScopeObject::JSStaticScopeObject): 46259 * runtime/JSString.cpp: 46260 (JSC::StringObject::create): 46261 * runtime/MathObject.cpp: 46262 (JSC::MathObject::MathObject): 46263 * runtime/MathObject.h: 46264 (JSC::MathObject::create): 46265 * runtime/NativeErrorConstructor.cpp: 46266 (JSC::NativeErrorConstructor::NativeErrorConstructor): 46267 * runtime/NativeErrorConstructor.h: 46268 (JSC::NativeErrorConstructor::finishCreation): 46269 * runtime/NativeErrorPrototype.cpp: 46270 (JSC::NativeErrorPrototype::NativeErrorPrototype): 46271 (JSC::NativeErrorPrototype::finishCreation): 46272 * runtime/NativeErrorPrototype.h: 46273 * runtime/NumberConstructor.cpp: 46274 (JSC::NumberConstructor::NumberConstructor): 46275 (JSC::NumberConstructor::finishCreation): 46276 * runtime/NumberConstructor.h: 46277 * runtime/NumberObject.cpp: 46278 (JSC::NumberObject::NumberObject): 46279 * runtime/NumberObject.h: 46280 (JSC::NumberObject::create): 46281 * runtime/NumberPrototype.cpp: 46282 (JSC::NumberPrototype::NumberPrototype): 46283 (JSC::NumberPrototype::finishCreation): 46284 * runtime/NumberPrototype.h: 46285 * runtime/ObjectConstructor.cpp: 46286 (JSC::ObjectConstructor::ObjectConstructor): 46287 (JSC::ObjectConstructor::finishCreation): 46288 * runtime/ObjectConstructor.h: 46289 * runtime/RegExpConstructor.cpp: 46290 (JSC::RegExpConstructor::RegExpConstructor): 46291 (JSC::RegExpConstructor::finishCreation): 46292 (JSC::RegExpMatchesArray::RegExpMatchesArray): 46293 * runtime/RegExpConstructor.h: 46294 * runtime/RegExpMatchesArray.h: 46295 (JSC::RegExpMatchesArray::create): 46296 * runtime/RegExpObject.cpp: 46297 (JSC::RegExpObject::RegExpObject): 46298 * runtime/RegExpObject.h: 46299 (JSC::RegExpObject::create): 46300 * runtime/RegExpPrototype.cpp: 46301 (JSC::RegExpPrototype::RegExpPrototype): 46302 * runtime/StringConstructor.cpp: 46303 (JSC::StringConstructor::StringConstructor): 46304 (JSC::StringConstructor::finishCreation): 46305 * runtime/StringConstructor.h: 46306 * runtime/StringObject.cpp: 46307 (JSC::StringObject::StringObject): 46308 * runtime/StringObject.h: 46309 (JSC::StringObject::create): 46310 * runtime/StringObjectThatMasqueradesAsUndefined.h: 46311 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): 46312 * runtime/StringPrototype.cpp: 46313 (JSC::StringPrototype::StringPrototype): 46314 (JSC::StringPrototype::finishCreation): 46315 * runtime/StringPrototype.h: 46316 463172011-09-06 Filip Pizlo <fpizlo@apple.com> 46318 46319 Accessibility tests crashing in BasicRawSentinelNode code 46320 https://bugs.webkit.org/show_bug.cgi?id=67682 46321 46322 Reviewed by Geoffrey Garen. 46323 46324 A CodeBlock should ensure that no other CodeBlocks have references to it after 46325 it is destroyed. 46326 46327 * bytecode/CodeBlock.cpp: 46328 (JSC::CodeBlock::~CodeBlock): 46329 463302011-09-06 Yong Li <yoli@rim.com> 46331 46332 https://bugs.webkit.org/show_bug.cgi?id=67486 46333 This reverts r65993 which gives wrong results for rshift 46334 in some corner cases (see the test). 46335 46336 Reviewed by Gavin Barraclough. 46337 46338 New test: fast/js/floating-point-truncate-rshift.html 46339 46340 * assembler/ARMAssembler.h: 46341 * assembler/MacroAssemblerARM.h: 46342 (JSC::MacroAssemblerARM::supportsFloatingPointTruncate): 46343 (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32): 46344 463452011-09-06 Filip Pizlo <fpizlo@apple.com> 46346 46347 Unreviewed build fix for r94559. 46348 46349 Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded 46350 new out-of-line JIT-specific method definitions with !ENABLE(JIT). 46351 46352 * bytecode/CodeBlock.cpp: 46353 * runtime/Executable.cpp: 46354 (JSC::EvalExecutable::compileInternal): 46355 (JSC::ProgramExecutable::compileInternal): 46356 (JSC::FunctionExecutable::compileForCallInternal): 46357 463582011-09-06 Mark Hahnenberg <mhahnenberg@apple.com> 46359 46360 Fix broken PPC build due to new dtoa library 46361 https://bugs.webkit.org/show_bug.cgi?id=67654 46362 46363 Reviewed by Dan Bernstein. 46364 46365 Added condition for PPC in the new dtoa compatibility check so that 46366 building won't fail. 46367 46368 * wtf/dtoa/utils.h: 46369 463702011-09-05 Oliver Hunt <oliver@apple.com> 46371 46372 An object's structure should reference the global object responsible for its creation 46373 https://bugs.webkit.org/show_bug.cgi?id=67624 46374 46375 Reviewed by Gavin Barraclough. 46376 46377 Add a reference to a GlobalObject to Structure, and update all calls to 46378 Structure::create() to pass the global object that is the origin for that 46379 structure. For objects where the appropriate global object isn't available 46380 at construction time (global object prototypes, etc), or objects that 46381 logically don't have a global object (strings, etc) we just pass null. 46382 46383 This change is largely mechanical (passing a new globalObject parameter 46384 around). 46385 46386 * API/JSCallbackConstructor.h: 46387 (JSC::JSCallbackConstructor::createStructure): 46388 * API/JSCallbackFunction.h: 46389 (JSC::JSCallbackFunction::createStructure): 46390 * API/JSCallbackObject.h: 46391 (JSC::JSCallbackObject::createStructure): 46392 * API/JSContextRef.cpp: 46393 * JavaScriptCore.exp: 46394 * debugger/DebuggerActivation.h: 46395 (JSC::DebuggerActivation::createStructure): 46396 * runtime/Arguments.h: 46397 (JSC::Arguments::createStructure): 46398 * runtime/ArrayConstructor.h: 46399 (JSC::ArrayConstructor::createStructure): 46400 * runtime/ArrayPrototype.h: 46401 (JSC::ArrayPrototype::createStructure): 46402 * runtime/BooleanObject.h: 46403 (JSC::BooleanObject::createStructure): 46404 * runtime/BooleanPrototype.h: 46405 (JSC::BooleanPrototype::createStructure): 46406 * runtime/DateConstructor.h: 46407 (JSC::DateConstructor::createStructure): 46408 * runtime/DateInstance.h: 46409 (JSC::DateInstance::createStructure): 46410 * runtime/DatePrototype.h: 46411 (JSC::DatePrototype::createStructure): 46412 * runtime/ErrorInstance.h: 46413 (JSC::ErrorInstance::createStructure): 46414 * runtime/ErrorPrototype.h: 46415 (JSC::ErrorPrototype::createStructure): 46416 * runtime/Executable.h: 46417 (JSC::ExecutableBase::createStructure): 46418 (JSC::NativeExecutable::createStructure): 46419 (JSC::EvalExecutable::createStructure): 46420 (JSC::ProgramExecutable::createStructure): 46421 (JSC::FunctionExecutable::createStructure): 46422 * runtime/FunctionPrototype.h: 46423 (JSC::FunctionPrototype::createStructure): 46424 * runtime/GetterSetter.h: 46425 (JSC::GetterSetter::createStructure): 46426 * runtime/InternalFunction.h: 46427 (JSC::InternalFunction::createStructure): 46428 * runtime/JSAPIValueWrapper.h: 46429 (JSC::JSAPIValueWrapper::createStructure): 46430 * runtime/JSActivation.h: 46431 (JSC::JSActivation::createStructure): 46432 * runtime/JSArray.h: 46433 (JSC::JSArray::createStructure): 46434 * runtime/JSByteArray.cpp: 46435 (JSC::JSByteArray::createStructure): 46436 * runtime/JSByteArray.h: 46437 * runtime/JSFunction.h: 46438 (JSC::JSFunction::createStructure): 46439 * runtime/JSGlobalData.cpp: 46440 (JSC::JSGlobalData::JSGlobalData): 46441 * runtime/JSGlobalObject.cpp: 46442 (JSC::JSGlobalObject::reset): 46443 * runtime/JSGlobalObject.h: 46444 (JSC::JSGlobalObject::finishCreation): 46445 (JSC::JSGlobalObject::createStructure): 46446 * runtime/JSNotAnObject.h: 46447 (JSC::JSNotAnObject::createStructure): 46448 * runtime/JSONObject.h: 46449 (JSC::JSONObject::createStructure): 46450 * runtime/JSObject.cpp: 46451 (JSC::JSObject::createInheritorID): 46452 * runtime/JSObject.h: 46453 (JSC::JSObject::createStructure): 46454 (JSC::JSNonFinalObject::createStructure): 46455 (JSC::JSFinalObject::createStructure): 46456 (JSC::createEmptyObjectStructure): 46457 * runtime/JSObjectWithGlobalObject.h: 46458 (JSC::JSObjectWithGlobalObject::createStructure): 46459 * runtime/JSPropertyNameIterator.h: 46460 (JSC::JSPropertyNameIterator::createStructure): 46461 * runtime/JSStaticScopeObject.h: 46462 (JSC::JSStaticScopeObject::createStructure): 46463 * runtime/JSString.h: 46464 (JSC::RopeBuilder::createStructure): 46465 * runtime/JSVariableObject.h: 46466 (JSC::JSVariableObject::createStructure): 46467 * runtime/JSWrapperObject.h: 46468 (JSC::JSWrapperObject::createStructure): 46469 * runtime/MathObject.h: 46470 (JSC::MathObject::createStructure): 46471 * runtime/NativeErrorConstructor.h: 46472 (JSC::NativeErrorConstructor::createStructure): 46473 (JSC::NativeErrorConstructor::constructorBody): 46474 * runtime/NumberConstructor.h: 46475 (JSC::NumberConstructor::createStructure): 46476 * runtime/NumberObject.h: 46477 (JSC::NumberObject::createStructure): 46478 * runtime/NumberPrototype.h: 46479 (JSC::NumberPrototype::createStructure): 46480 * runtime/ObjectConstructor.h: 46481 (JSC::ObjectConstructor::createStructure): 46482 * runtime/ObjectPrototype.h: 46483 (JSC::ObjectPrototype::createStructure): 46484 * runtime/RegExp.h: 46485 (JSC::RegExp::createStructure): 46486 * runtime/RegExpConstructor.h: 46487 (JSC::RegExpConstructor::createStructure): 46488 * runtime/RegExpObject.h: 46489 (JSC::RegExpObject::createStructure): 46490 * runtime/RegExpPrototype.h: 46491 (JSC::RegExpPrototype::createStructure): 46492 * runtime/ScopeChain.h: 46493 (JSC::ScopeChainNode::createStructure): 46494 * runtime/StrictEvalActivation.h: 46495 (JSC::StrictEvalActivation::createStructure): 46496 * runtime/StringConstructor.h: 46497 (JSC::StringConstructor::createStructure): 46498 * runtime/StringObject.h: 46499 (JSC::StringObject::createStructure): 46500 * runtime/StringObjectThatMasqueradesAsUndefined.h: 46501 (JSC::StringObjectThatMasqueradesAsUndefined::create): 46502 (JSC::StringObjectThatMasqueradesAsUndefined::createStructure): 46503 * runtime/StringPrototype.h: 46504 (JSC::StringPrototype::createStructure): 46505 * runtime/Structure.cpp: 46506 (JSC::Structure::Structure): 46507 (JSC::Structure::visitChildren): 46508 * runtime/Structure.h: 46509 (JSC::Structure::create): 46510 (JSC::Structure::globalObject): 46511 (JSC::Structure::setGlobalObject): 46512 * runtime/StructureChain.h: 46513 (JSC::StructureChain::createStructure): 46514 465152011-09-06 Michael Saboff <msaboff@apple.com> 46516 46517 Add windows changes for JSC:RegExp functional tests 46518 https://bugs.webkit.org/show_bug.cgi?id=67521 46519 46520 Windows build changes for regular expression functional test. 46521 46522 Rubber-stamped by Gavin Barraclough. 46523 46524 * JavaScriptCore.vcproj/JavaScriptCore.sln: 46525 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 46526 * JavaScriptCore.vcproj/testRegExp: Added. 46527 * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added. 46528 * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added. 46529 * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added. 46530 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added. 46531 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added. 46532 * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added. 46533 * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added. 46534 * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added. 46535 * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added. 46536 * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added. 46537 * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added. 46538 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added. 46539 465402011-09-06 Filip Pizlo <fpizlo@apple.com> 46541 46542 JavaScriptCore does not have tiered compilation 46543 https://bugs.webkit.org/show_bug.cgi?id=67176 46544 46545 Reviewed by Gavin Barraclough. 46546 46547 This adds the ability to have multiple CodeBlocks associated with 46548 a particular role in an Executable. These are stored in 46549 descending order of compiler tier. CodeBlocks are optimized when 46550 a counter (m_executeCounter) that is incremented in loops and 46551 epilogues becomes positive. Optimizing means that all calls to 46552 the old CodeBlock are unlinked. 46553 46554 The DFG can now pull in predictions from ValueProfiles, and 46555 propagate them along the graph. To support the new phase while 46556 maintaing some level of abstraction, a DFGDriver was introduced 46557 that encapsulates how to run the DFG compiler. 46558 46559 This is turned off by default because it's not yet a performance 46560 win on all benchmarks. It speeds up crypto and richards by 46561 10% and 6% respectively, but still does not do as good of a job 46562 as it could. Notably, the DFG backend has not changed, and 46563 is largely oblivious to the new information being made available 46564 to it. 46565 46566 When turned off (the default), this patch is performance neutral. 46567 46568 * CMakeLists.txt: 46569 * GNUmakefile.am: 46570 * GNUmakefile.list.am: 46571 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 46572 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 46573 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 46574 * JavaScriptCore.xcodeproj/project.pbxproj: 46575 * assembler/MacroAssemblerX86.h: 46576 (JSC::MacroAssemblerX86::branchAdd32): 46577 * assembler/MacroAssemblerX86_64.h: 46578 (JSC::MacroAssemblerX86_64::branchAdd32): 46579 * bytecode/CodeBlock.cpp: 46580 (JSC::CodeBlock::CodeBlock): 46581 (JSC::CodeBlock::~CodeBlock): 46582 (JSC::CodeBlock::visitAggregate): 46583 (JSC::CallLinkInfo::unlink): 46584 (JSC::CodeBlock::unlinkCalls): 46585 (JSC::CodeBlock::unlinkIncomingCalls): 46586 (JSC::CodeBlock::clearEvalCache): 46587 (JSC::replaceExistingEntries): 46588 (JSC::CodeBlock::copyDataFromAlternative): 46589 (JSC::ProgramCodeBlock::replacement): 46590 (JSC::EvalCodeBlock::replacement): 46591 (JSC::FunctionCodeBlock::replacement): 46592 (JSC::ProgramCodeBlock::compileOptimized): 46593 (JSC::EvalCodeBlock::compileOptimized): 46594 (JSC::FunctionCodeBlock::compileOptimized): 46595 * bytecode/CodeBlock.h: 46596 (JSC::GlobalCodeBlock::GlobalCodeBlock): 46597 (JSC::ProgramCodeBlock::ProgramCodeBlock): 46598 (JSC::EvalCodeBlock::EvalCodeBlock): 46599 (JSC::FunctionCodeBlock::FunctionCodeBlock): 46600 * bytecode/ValueProfile.h: 46601 (JSC::ValueProfile::dump): 46602 (JSC::ValueProfile::computeStatistics): 46603 * bytecompiler/BytecodeGenerator.cpp: 46604 (JSC::BytecodeGenerator::BytecodeGenerator): 46605 * bytecompiler/BytecodeGenerator.h: 46606 * dfg/DFGByteCodeParser.cpp: 46607 (JSC::DFG::ByteCodeParser::ByteCodeParser): 46608 (JSC::DFG::ByteCodeParser::addCall): 46609 (JSC::DFG::ByteCodeParser::dynamicallyPredict): 46610 (JSC::DFG::ByteCodeParser::parseBlock): 46611 (JSC::DFG::parse): 46612 * dfg/DFGDriver.cpp: Added. 46613 (JSC::DFG::compile): 46614 (JSC::DFG::tryCompile): 46615 (JSC::DFG::tryCompileFunction): 46616 * dfg/DFGDriver.h: Added. 46617 (JSC::DFG::tryCompile): 46618 (JSC::DFG::tryCompileFunction): 46619 * dfg/DFGGraph.cpp: 46620 (JSC::DFG::Graph::dump): 46621 (JSC::DFG::Graph::predictArgumentTypes): 46622 * dfg/DFGGraph.h: 46623 (JSC::DFG::Graph::predict): 46624 (JSC::DFG::Graph::predictGlobalVar): 46625 (JSC::DFG::Graph::isConstant): 46626 (JSC::DFG::Graph::isJSConstant): 46627 (JSC::DFG::Graph::isInt32Constant): 46628 (JSC::DFG::Graph::isDoubleConstant): 46629 (JSC::DFG::Graph::valueOfJSConstant): 46630 (JSC::DFG::Graph::valueOfInt32Constant): 46631 (JSC::DFG::Graph::valueOfDoubleConstant): 46632 * dfg/DFGJITCompiler.cpp: 46633 (JSC::DFG::JITCompiler::link): 46634 * dfg/DFGJITCompiler.h: 46635 (JSC::DFG::JITCompiler::isConstant): 46636 (JSC::DFG::JITCompiler::isJSConstant): 46637 (JSC::DFG::JITCompiler::isInt32Constant): 46638 (JSC::DFG::JITCompiler::isDoubleConstant): 46639 (JSC::DFG::JITCompiler::valueOfJSConstant): 46640 (JSC::DFG::JITCompiler::valueOfInt32Constant): 46641 (JSC::DFG::JITCompiler::valueOfDoubleConstant): 46642 * dfg/DFGNode.h: 46643 (JSC::DFG::isCellPrediction): 46644 (JSC::DFG::isNumberPrediction): 46645 (JSC::DFG::predictionToString): 46646 (JSC::DFG::mergePrediction): 46647 (JSC::DFG::makePrediction): 46648 (JSC::DFG::Node::valueOfJSConstant): 46649 (JSC::DFG::Node::isInt32Constant): 46650 (JSC::DFG::Node::isDoubleConstant): 46651 (JSC::DFG::Node::valueOfInt32Constant): 46652 (JSC::DFG::Node::valueOfDoubleConstant): 46653 (JSC::DFG::Node::predict): 46654 * dfg/DFGPropagation.cpp: Added. 46655 (JSC::DFG::Propagator::Propagator): 46656 (JSC::DFG::Propagator::fixpoint): 46657 (JSC::DFG::Propagator::setPrediction): 46658 (JSC::DFG::Propagator::mergePrediction): 46659 (JSC::DFG::Propagator::propagateNode): 46660 (JSC::DFG::Propagator::propagateForward): 46661 (JSC::DFG::Propagator::propagateBackward): 46662 (JSC::DFG::propagate): 46663 * dfg/DFGPropagation.h: Added. 46664 (JSC::DFG::propagate): 46665 * dfg/DFGRepatch.cpp: 46666 (JSC::DFG::dfgLinkFor): 46667 * heap/HandleHeap.h: 46668 (JSC::HandleHeap::Node::Node): 46669 * jit/JIT.cpp: 46670 (JSC::JIT::emitOptimizationCheck): 46671 (JSC::JIT::emitTimeoutCheck): 46672 (JSC::JIT::privateCompile): 46673 (JSC::JIT::linkFor): 46674 * jit/JIT.h: 46675 (JSC::JIT::emitOptimizationCheck): 46676 * jit/JITCall32_64.cpp: 46677 (JSC::JIT::emit_op_ret): 46678 (JSC::JIT::emit_op_ret_object_or_this): 46679 * jit/JITCode.h: 46680 (JSC::JITCode::JITCode): 46681 (JSC::JITCode::bottomTierJIT): 46682 (JSC::JITCode::topTierJIT): 46683 (JSC::JITCode::nextTierJIT): 46684 * jit/JITOpcodes.cpp: 46685 (JSC::JIT::emit_op_ret): 46686 (JSC::JIT::emit_op_ret_object_or_this): 46687 * jit/JITStubs.cpp: 46688 (JSC::DEFINE_STUB_FUNCTION): 46689 * jit/JITStubs.h: 46690 * runtime/Executable.cpp: 46691 (JSC::EvalExecutable::compileOptimized): 46692 (JSC::EvalExecutable::compileInternal): 46693 (JSC::ProgramExecutable::compileOptimized): 46694 (JSC::ProgramExecutable::compileInternal): 46695 (JSC::FunctionExecutable::compileOptimizedForCall): 46696 (JSC::FunctionExecutable::compileOptimizedForConstruct): 46697 (JSC::FunctionExecutable::compileForCallInternal): 46698 (JSC::FunctionExecutable::compileForConstructInternal): 46699 * runtime/Executable.h: 46700 (JSC::EvalExecutable::compile): 46701 (JSC::ProgramExecutable::compile): 46702 (JSC::FunctionExecutable::compileForCall): 46703 (JSC::FunctionExecutable::compileForConstruct): 46704 (JSC::FunctionExecutable::compileOptimizedFor): 46705 * wtf/Platform.h: 46706 * wtf/SentinelLinkedList.h: 46707 (WTF::BasicRawSentinelNode::BasicRawSentinelNode): 46708 (WTF::BasicRawSentinelNode::setPrev): 46709 (WTF::BasicRawSentinelNode::setNext): 46710 (WTF::BasicRawSentinelNode::prev): 46711 (WTF::BasicRawSentinelNode::next): 46712 (WTF::BasicRawSentinelNode::isOnList): 46713 (WTF::::remove): 46714 (WTF::::SentinelLinkedList): 46715 (WTF::::begin): 46716 (WTF::::end): 46717 (WTF::::push): 46718 467192011-09-05 Sheriff Bot <webkit.review.bot@gmail.com> 46720 46721 Unreviewed, rolling out r94445 and r94448. 46722 http://trac.webkit.org/changeset/94445 46723 http://trac.webkit.org/changeset/94448 46724 https://bugs.webkit.org/show_bug.cgi?id=67595 46725 46726 It broke everything (Requested by ossy on #webkit). 46727 46728 * JavaScriptCore.exp: 46729 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 46730 * heap/Heap.cpp: 46731 (JSC::Heap::collect): 46732 * heap/Heap.h: 46733 * heap/NewSpace.cpp: 46734 (JSC::NewSpace::NewSpace): 46735 * heap/NewSpace.h: 46736 * jit/JITStubs.cpp: 46737 (JSC::DEFINE_STUB_FUNCTION): 46738 * runtime/JSObject.cpp: 46739 (JSC::JSObject::allocatePropertyStorage): 46740 * runtime/JSObject.h: 46741 (JSC::JSObject::~JSObject): 46742 (JSC::JSObject::putDirectInternal): 46743 (JSC::JSObject::putDirectWithoutTransition): 46744 (JSC::JSObject::putDirectFunctionWithoutTransition): 46745 (JSC::JSObject::transitionTo): 46746 (JSC::JSObject::visitChildrenDirect): 46747 467482011-09-05 Patrick Gansterer <paroga@webkit.org> 46749 46750 Unreviewed build fix for r94452. 46751 46752 Add config.h as the first header to the cc files as required by the coding style. 46753 Reuse macros from Assertions.h instead of adding addional #ifdefs. 46754 46755 * wtf/dtoa/bignum-dtoa.cc: 46756 * wtf/dtoa/bignum.cc: 46757 * wtf/dtoa/cached-powers.cc: 46758 * wtf/dtoa/diy-fp.cc: 46759 * wtf/dtoa/double-conversion.cc: 46760 * wtf/dtoa/fast-dtoa.cc: 46761 * wtf/dtoa/fixed-dtoa.cc: 46762 * wtf/dtoa/strtod.cc: 46763 * wtf/dtoa/utils.h: 46764 467652011-09-05 Andras Becsi <andras.becsi@nokia.com> 46766 46767 [Qt][WK2] Fix the build 46768 46769 Rubber-stamped by Csaba Osztrogonác. 46770 46771 * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452. 46772 The variable fractional_part is only set but never used. 46773 467742011-09-04 Mark Hahnenberg <mhahnenberg@apple.com> 46775 46776 REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release 46777 https://bugs.webkit.org/show_bug.cgi?id=67562 46778 46779 Reviewed by Darin Adler. 46780 46781 Fixing the build (again which was broken by the dtoa patch. Needed 46782 to make sure WTF::double_conversion::initialize() is called for Qt 46783 as well as adding a check for WinCE in dtoa/utils.h 46784 46785 * runtime/InitializeThreading.cpp: 46786 (JSC::initializeThreadingOnce): 46787 * wtf/dtoa/cached-powers.cc: 46788 * wtf/dtoa/utils.h: 46789 467902011-09-03 Filip Pizlo <fpizlo@apple.com> 46791 46792 ThunkGenerators does not convert positive double zero into integer zero 46793 https://bugs.webkit.org/show_bug.cgi?id=67553 46794 46795 Reviewed by Gavin Barraclough. 46796 46797 This is an 0.5% speed-up on V8 and neutral elsewhere. 46798 46799 * jit/SpecializedThunkJIT.h: 46800 (JSC::SpecializedThunkJIT::returnDouble): 46801 468022011-09-03 Kevin Ollivier <kevino@theolliviers.com> 46803 46804 [wx] Unreviewed build fix. Add wtf/dtoa directory to build. 46805 46806 * wscript: 46807 468082011-09-03 Filip Pizlo <fpizlo@apple.com> 46809 46810 DFG variable predictions only work for local variables, not temporaries 46811 https://bugs.webkit.org/show_bug.cgi?id=67554 46812 46813 Reviewed by Gavin Barraclough. 46814 46815 This appears to be a slight speed-up in Kraken (0.3% but significant) 46816 and neutral elsewhere. 46817 46818 * dfg/DFGGraph.h: 46819 (JSC::DFG::Graph::predict): 46820 468212011-09-02 Filip Pizlo <fpizlo@apple.com> 46822 46823 DFG JIT speculation failure does recovery of additions in reverse and 46824 doesn't rebox 46825 https://bugs.webkit.org/show_bug.cgi?id=67551 46826 46827 Reviewed by Sam Weinig. 46828 46829 * dfg/DFGJITCompiler.cpp: 46830 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 46831 468322011-09-02 Filip Pizlo <fpizlo@apple.com> 46833 46834 ValueProfile does not make it safe to introspect cell values 46835 after garbage collection 46836 https://bugs.webkit.org/show_bug.cgi?id=67354 46837 46838 Reviewed by Gavin Barraclough. 46839 46840 ValueProfile buckets are now weak references, implemented using a 46841 light-weight weak reference mechanism that this patch also adds (the 46842 WeakReferenceHarvester). If a cell stored in a ValueProfile bucket 46843 is not marked, then the bucket is transformed into a Structure 46844 pointer. If the Structure is not marked either, then it is turned 46845 into a ClassInfo pointer. 46846 46847 * JavaScriptCore.xcodeproj/project.pbxproj: 46848 * bytecode/CodeBlock.cpp: 46849 (JSC::CodeBlock::~CodeBlock): 46850 (JSC::CodeBlock::visitAggregate): 46851 (JSC::CodeBlock::visitWeakReferences): 46852 * bytecode/CodeBlock.h: 46853 * bytecode/ValueProfile.h: 46854 (JSC::ValueProfile::ValueProfile): 46855 (JSC::ValueProfile::classInfo): 46856 (JSC::ValueProfile::numberOfInt32s): 46857 (JSC::ValueProfile::numberOfDoubles): 46858 (JSC::ValueProfile::numberOfCells): 46859 (JSC::ValueProfile::numberOfArrays): 46860 (JSC::ValueProfile::probabilityOfArray): 46861 (JSC::ValueProfile::WeakBucket::WeakBucket): 46862 (JSC::ValueProfile::WeakBucket::operator!): 46863 (JSC::ValueProfile::WeakBucket::isEmpty): 46864 (JSC::ValueProfile::WeakBucket::isClassInfo): 46865 (JSC::ValueProfile::WeakBucket::isStructure): 46866 (JSC::ValueProfile::WeakBucket::asStructure): 46867 (JSC::ValueProfile::WeakBucket::asClassInfo): 46868 (JSC::ValueProfile::WeakBucket::getClassInfo): 46869 * heap/Heap.cpp: 46870 (JSC::Heap::harvestWeakReferences): 46871 (JSC::Heap::markRoots): 46872 * heap/Heap.h: 46873 * heap/MarkStack.cpp: 46874 (JSC::SlotVisitor::drain): 46875 (JSC::SlotVisitor::harvestWeakReferences): 46876 * heap/MarkStack.h: 46877 (JSC::MarkStack::addWeakReferenceHarvester): 46878 (JSC::MarkStack::MarkStack): 46879 (JSC::MarkStack::appendUnbarrieredPointer): 46880 * heap/SlotVisitor.h: 46881 * heap/WeakReferenceHarvester.h: Added. 46882 (JSC::WeakReferenceHarvester::WeakReferenceHarvester): 46883 (JSC::WeakReferenceHarvester::~WeakReferenceHarvester): 46884 468852011-09-02 Michael Saboff <msaboff@apple.com> 46886 46887 Replace local implementation of string equals() methods with UString versions 46888 https://bugs.webkit.org/show_bug.cgi?id=67342 46889 46890 In preparation to allowing StringImpl to be backed by 8 bit 46891 characters when appropriate, we need to eliminate or change the 46892 usage of StringImpl::characters(). Change the uses of characters() 46893 that are used to implement redundant equals() methods. 46894 46895 Reviewed by Gavin Barraclough. 46896 46897 * runtime/Identifier.cpp: 46898 (JSC::Identifier::equal): 46899 * runtime/Identifier.h: 46900 (JSC::Identifier::equal): 46901 * wtf/text/AtomicString.cpp: 46902 (WTF::CStringTranslator::equal): Moved an optimized method to here. 46903 (WTF::operator==): 46904 * wtf/text/StringImpl.cpp: 46905 (WTF::equal): 46906 * wtf/text/StringImpl.h: 46907 469082011-09-02 Michael Saboff <msaboff@apple.com> 46909 46910 Add JSC:RegExp functional tests 46911 https://bugs.webkit.org/show_bug.cgi?id=67339 46912 46913 Added new test driver program (testRegExp) and corresponding data file 46914 along with build scripts changes. 46915 46916 Reviewed by Gavin Barraclough. 46917 46918 * JavaScriptCore.exp: 46919 * JavaScriptCore.xcodeproj/project.pbxproj: 46920 * testRegExp.cpp: Added. 46921 (Options::Options): 46922 (StopWatch::start): 46923 (StopWatch::stop): 46924 (StopWatch::getElapsedMS): 46925 (RegExpTest::RegExpTest): 46926 (GlobalObject::create): 46927 (GlobalObject::className): 46928 (GlobalObject::GlobalObject): 46929 (main): 46930 (cleanupGlobalData): 46931 (testOneRegExp): 46932 (scanString): 46933 (parseRegExpLine): 46934 (parseTestLine): 46935 (runFromFiles): 46936 (printUsageStatement): 46937 (parseArguments): 46938 (realMain): 46939 * tests/regexp: Added. 46940 * tests/regexp/RegExpTest.data: Added. 46941 469422011-09-02 Michael Saboff <msaboff@apple.com> 46943 46944 Add JSC:RegExp functional test data generator 46945 https://bugs.webkit.org/show_bug.cgi?id=67519 46946 46947 Add a data generator for regular expressions. To enable, change the 46948 #undef REGEXP_FUNC_TEST_DATA_GEN to #define. Then compile and use 46949 regular expressions. The resulting data will be in /tmp/RegExpTestsData. 46950 46951 Reviewed by Gavin Barraclough. 46952 46953 * runtime/RegExp.cpp: 46954 (JSC::regExpFlags): 46955 (JSC::RegExpFunctionalTestCollector::clearRegExp): 46956 (JSC::RegExpFunctionalTestCollector::get): 46957 (JSC::RegExpFunctionalTestCollector::outputOneTest): 46958 (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector): 46959 (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector): 46960 (JSC::RegExpFunctionalTestCollector::outputEscapedUString): 46961 (JSC::RegExp::~RegExp): 46962 (JSC::RegExp::compile): 46963 (JSC::RegExp::match): 46964 (JSC::RegExp::matchCompareWithInterpreter): 46965 469662011-09-02 Mark Hahnenberg <mhahnenberg@apple.com> 46967 46968 Fix the broken build due to dtoa patch 46969 https://bugs.webkit.org/show_bug.cgi?id=67534 46970 46971 Reviewed by Oliver Hunt. 46972 46973 Fixing the build. 46974 46975 * GNUmakefile.list.am: 46976 * wtf/dtoa/bignum.cc: 46977 * wtf/dtoa/fast-dtoa.cc: 46978 * wtf/dtoa/utils.h: 46979 469802011-09-02 Oliver Hunt <oliver@apple.com> 46981 46982 Remove OldSpace classes 46983 https://bugs.webkit.org/show_bug.cgi?id=67533 46984 46985 Reviewed by Gavin Barraclough. 46986 46987 Remove the unused OldSpace classes 46988 46989 * CMakeLists.txt: 46990 * GNUmakefile.list.am: 46991 * JavaScriptCore.gypi: 46992 * JavaScriptCore.pro: 46993 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 46994 * JavaScriptCore.xcodeproj/project.pbxproj: 46995 * heap/Heap.cpp: 46996 (JSC::Heap::writeBarrierSlowCase): 46997 * heap/MarkedBlock.h: 46998 * heap/OldSpace.cpp: Removed. 46999 * heap/OldSpace.h: Removed. 47000 470012011-09-02 James Robinson <jamesr@chromium.org> 47002 47003 Compile fix for mac build. 47004 47005 * wtf/CheckedArithmetic.h: 47006 (WTF::operator+): 47007 (WTF::operator-): 47008 (WTF::operator*): 47009 470102011-08-30 Matthew Delaney <mdelaney@apple.com> 47011 47012 Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData 47013 https://bugs.webkit.org/show_bug.cgi?id=65352 47014 47015 Reviewed by Simon Fraser. 47016 47017 New test: fast/canvas/canvas-getImageData-large-crash.html 47018 47019 This patch prevents overflows from happening in getImageData, createImageData, and canvas creation 47020 calls that specify widths and heights that end up overflowing the ints that we store those values in 47021 as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer 47022 arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC 47023 is just to add a new helper method described below. 47024 47025 * wtf/MathExtras.h: 47026 (isWithinIntRange): Reports if a float's value is within the range expressible by an int. 47027 470282011-09-02 Mark Hahnenberg <mhahnenberg@apple.com> 47029 47030 Incorporate newer, faster dtoa library 47031 https://bugs.webkit.org/show_bug.cgi?id=66346 47032 47033 Reviewed by Oliver Hunt. 47034 47035 Added new dtoa library at http://code.google.com/p/double-conversion/. 47036 Replaced old call to dtoa. The new library is much faster than the old one. 47037 We still use the old dtoa for some stuff in WebCore as well as the old strtod, 47038 but we can phase these out eventually as well. 47039 47040 * GNUmakefile.list.am: 47041 * JavaScriptCore.exp: 47042 * JavaScriptCore.gypi: 47043 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 47044 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 47045 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 47046 * JavaScriptCore.xcodeproj/project.pbxproj: 47047 * runtime/InitializeThreading.cpp: 47048 * runtime/NumberPrototype.cpp: 47049 (JSC::numberProtoFuncToExponential): 47050 (JSC::numberProtoFuncToFixed): 47051 (JSC::numberProtoFuncToPrecision): 47052 * runtime/UString.cpp: 47053 (JSC::UString::number): 47054 * wtf/CMakeLists.txt: 47055 * wtf/ThreadingPthreads.cpp: 47056 (WTF::initializeThreading): 47057 * wtf/ThreadingWin.cpp: 47058 (WTF::initializeThreading): 47059 * wtf/dtoa.cpp: 47060 (WTF::dtoa): 47061 * wtf/dtoa.h: 47062 * wtf/dtoa/COPYING: Added. 47063 * wtf/dtoa/LICENSE: Added. 47064 * wtf/dtoa/README: Added. 47065 * wtf/dtoa/bignum-dtoa.cc: Added. 47066 * wtf/dtoa/bignum-dtoa.h: Added. 47067 * wtf/dtoa/bignum.cc: Added. 47068 * wtf/dtoa/bignum.h: Added. 47069 (WTF::double_conversion::Bignum::Times10): 47070 (WTF::double_conversion::Bignum::Equal): 47071 (WTF::double_conversion::Bignum::LessEqual): 47072 (WTF::double_conversion::Bignum::Less): 47073 (WTF::double_conversion::Bignum::PlusEqual): 47074 (WTF::double_conversion::Bignum::PlusLessEqual): 47075 (WTF::double_conversion::Bignum::PlusLess): 47076 (WTF::double_conversion::Bignum::EnsureCapacity): 47077 (WTF::double_conversion::Bignum::BigitLength): 47078 * wtf/dtoa/cached-powers.cc: Added. 47079 * wtf/dtoa/cached-powers.h: Added. 47080 * wtf/dtoa/diy-fp.cc: Added. 47081 * wtf/dtoa/diy-fp.h: Added. 47082 (WTF::double_conversion::DiyFp::DiyFp): 47083 (WTF::double_conversion::DiyFp::Subtract): 47084 (WTF::double_conversion::DiyFp::Minus): 47085 (WTF::double_conversion::DiyFp::Times): 47086 (WTF::double_conversion::DiyFp::Normalize): 47087 (WTF::double_conversion::DiyFp::f): 47088 (WTF::double_conversion::DiyFp::e): 47089 (WTF::double_conversion::DiyFp::set_f): 47090 (WTF::double_conversion::DiyFp::set_e): 47091 * wtf/dtoa/double-conversion.cc: Added. 47092 * wtf/dtoa/double-conversion.h: Added. 47093 (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter): 47094 (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter): 47095 * wtf/dtoa/double.h: Added. 47096 (WTF::double_conversion::double_to_uint64): 47097 (WTF::double_conversion::uint64_to_double): 47098 (WTF::double_conversion::Double::Double): 47099 (WTF::double_conversion::Double::AsDiyFp): 47100 (WTF::double_conversion::Double::AsNormalizedDiyFp): 47101 (WTF::double_conversion::Double::AsUint64): 47102 (WTF::double_conversion::Double::NextDouble): 47103 (WTF::double_conversion::Double::Exponent): 47104 (WTF::double_conversion::Double::Significand): 47105 (WTF::double_conversion::Double::IsDenormal): 47106 (WTF::double_conversion::Double::IsSpecial): 47107 (WTF::double_conversion::Double::IsNan): 47108 (WTF::double_conversion::Double::IsInfinite): 47109 (WTF::double_conversion::Double::Sign): 47110 (WTF::double_conversion::Double::UpperBoundary): 47111 (WTF::double_conversion::Double::NormalizedBoundaries): 47112 (WTF::double_conversion::Double::value): 47113 (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude): 47114 (WTF::double_conversion::Double::Infinity): 47115 (WTF::double_conversion::Double::NaN): 47116 (WTF::double_conversion::Double::DiyFpToUint64): 47117 * wtf/dtoa/fast-dtoa.cc: Added. 47118 * wtf/dtoa/fast-dtoa.h: Added. 47119 * wtf/dtoa/fixed-dtoa.cc: Added. 47120 * wtf/dtoa/fixed-dtoa.h: Added. 47121 * wtf/dtoa/strtod.cc: Added. 47122 * wtf/dtoa/strtod.h: Added. 47123 * wtf/dtoa/utils.h: Added. 47124 (WTF::double_conversion::Max): 47125 (WTF::double_conversion::Min): 47126 (WTF::double_conversion::StrLength): 47127 (WTF::double_conversion::Vector::Vector): 47128 (WTF::double_conversion::Vector::SubVector): 47129 (WTF::double_conversion::Vector::length): 47130 (WTF::double_conversion::Vector::is_empty): 47131 (WTF::double_conversion::Vector::start): 47132 (WTF::double_conversion::Vector::operator[]): 47133 (WTF::double_conversion::Vector::first): 47134 (WTF::double_conversion::Vector::last): 47135 (WTF::double_conversion::StringBuilder::StringBuilder): 47136 (WTF::double_conversion::StringBuilder::~StringBuilder): 47137 (WTF::double_conversion::StringBuilder::size): 47138 (WTF::double_conversion::StringBuilder::position): 47139 (WTF::double_conversion::StringBuilder::Reset): 47140 (WTF::double_conversion::StringBuilder::AddCharacter): 47141 (WTF::double_conversion::StringBuilder::AddString): 47142 (WTF::double_conversion::StringBuilder::AddSubstring): 47143 (WTF::double_conversion::StringBuilder::AddPadding): 47144 (WTF::double_conversion::StringBuilder::Finalize): 47145 (WTF::double_conversion::StringBuilder::is_finalized): 47146 (WTF::double_conversion::BitCast): 47147 * wtf/wtf.pri: 47148 471492011-09-02 Filip Pizlo <fpizlo@apple.com> 47150 47151 DFG graph has no way of distinguishing or reconciling between static 47152 and dynamic predictions 47153 https://bugs.webkit.org/show_bug.cgi?id=67343 47154 47155 Reviewed by Gavin Barraclough. 47156 47157 PredictedType now stores the source of the prediction. Merging predictions, 47158 which was previously done with a bitwise or, is now done via the 47159 mergePredictions (equivalent to |) and mergePrediction (equivalent to |=) 47160 functions, which correctly handle combinations of static and dynamic. 47161 47162 This is performance-neutral, since all predictions are currently static and 47163 so the code has no visible effects. 47164 47165 * dfg/DFGByteCodeParser.cpp: 47166 (JSC::DFG::ByteCodeParser::set): 47167 (JSC::DFG::ByteCodeParser::staticallyPredictArray): 47168 (JSC::DFG::ByteCodeParser::staticallyPredictInt32): 47169 (JSC::DFG::ByteCodeParser::parseBlock): 47170 * dfg/DFGGraph.h: 47171 (JSC::DFG::Graph::predict): 47172 (JSC::DFG::Graph::predictGlobalVar): 47173 * dfg/DFGNode.h: 47174 (JSC::DFG::isArrayPrediction): 47175 (JSC::DFG::isInt32Prediction): 47176 (JSC::DFG::isDoublePrediction): 47177 (JSC::DFG::isDynamicPrediction): 47178 (JSC::DFG::mergePredictions): 47179 (JSC::DFG::mergePrediction): 47180 (JSC::DFG::makePrediction): 47181 (JSC::DFG::Node::predict): 47182 471832011-09-02 Oliver Hunt <oliver@apple.com> 47184 47185 Fix 32bit build. 47186 47187 * heap/NewSpace.h: 47188 (JSC::NewSpace::allocatePropertyStorage): 47189 (JSC::NewSpace::inPropertyStorageNursery): 47190 471912011-09-02 Oliver Hunt <oliver@apple.com> 47192 47193 Use bump allocator for initial property storage 47194 https://bugs.webkit.org/show_bug.cgi?id=67494 47195 47196 Reviewed by Gavin Barraclough. 47197 47198 Switch to a bump allocator for the initial out of line 47199 property storage. This gives us slightly faster allocation 47200 for short lived objects that need out of line storage at 47201 the cost of an additional memcpy when the object survives 47202 a GC pass. 47203 47204 No performance impact. 47205 47206 * JavaScriptCore.exp: 47207 * heap/Heap.cpp: 47208 (JSC::Heap::collect): 47209 * heap/Heap.h: 47210 (JSC::Heap::allocatePropertyStorage): 47211 (JSC::Heap::inPropertyStorageNursary): 47212 * heap/NewSpace.cpp: 47213 (JSC::NewSpace::NewSpace): 47214 * heap/NewSpace.h: 47215 (JSC::NewSpace::resetPropertyStorageNursary): 47216 (JSC::NewSpace::allocatePropertyStorage): 47217 (JSC::NewSpace::inPropertyStorageNursary): 47218 * jit/JITStubs.cpp: 47219 (JSC::DEFINE_STUB_FUNCTION): 47220 * runtime/JSObject.cpp: 47221 (JSC::JSObject::allocatePropertyStorage): 47222 * runtime/JSObject.h: 47223 (JSC::JSObject::~JSObject): 47224 (JSC::JSObject::putDirectInternal): 47225 (JSC::JSObject::putDirectWithoutTransition): 47226 (JSC::JSObject::putDirectFunctionWithoutTransition): 47227 (JSC::JSObject::transitionTo): 47228 (JSC::JSObject::visitChildrenDirect): 47229 472302011-09-01 Mark Rowe <mrowe@apple.com> 47231 47232 Fix the build. 47233 47234 * JavaScriptCore.JSVALUE32_64only.exp: 47235 * JavaScriptCore.JSVALUE64only.exp: 47236 * JavaScriptCore.exp: 47237 472382011-09-01 Mark Hahnenberg <mhahnenberg@apple.com> 47239 47240 Unzip initialization lists and constructors in JSCell hierarchy (4/7) 47241 https://bugs.webkit.org/show_bug.cgi?id=67174 47242 47243 Reviewed by Oliver Hunt. 47244 47245 Completed the fourth level of the refactoring to add finishCreation() 47246 methods to all classes within the JSCell hierarchy with non-trivial 47247 constructor bodies. 47248 47249 This primarily consists of pushing the calls to finishCreation() down 47250 into the constructors of the subclasses of the second level of the hierarchy 47251 as well as pulling the finishCreation() calls out into the class's corresponding 47252 create() method if it has one. Doing both simultaneously allows us to 47253 maintain the invariant that the finishCreation() method chain is called exactly 47254 once during the creation of an object, since calling it any other number of 47255 times (0, 2, or more) will cause an assertion failure. 47256 47257 * API/JSCallbackConstructor.cpp: 47258 (JSC::JSCallbackConstructor::JSCallbackConstructor): 47259 (JSC::JSCallbackConstructor::finishCreation): 47260 * API/JSCallbackConstructor.h: 47261 * API/JSCallbackObject.h: 47262 (JSC::JSCallbackObject::create): 47263 * API/JSCallbackObjectFunctions.h: 47264 (JSC::::JSCallbackObject): 47265 (JSC::::finishCreation): 47266 * JavaScriptCore.JSVALUE64only.exp: 47267 * JavaScriptCore.exp: 47268 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 47269 * debugger/DebuggerActivation.cpp: 47270 (JSC::DebuggerActivation::DebuggerActivation): 47271 (JSC::DebuggerActivation::create): 47272 * debugger/DebuggerActivation.h: 47273 * runtime/Arguments.h: 47274 (JSC::Arguments::create): 47275 (JSC::Arguments::createNoParameters): 47276 (JSC::Arguments::Arguments): 47277 * runtime/ArrayPrototype.cpp: 47278 (JSC::ArrayPrototype::ArrayPrototype): 47279 (JSC::ArrayPrototype::finishCreation): 47280 * runtime/ArrayPrototype.h: 47281 * runtime/BooleanObject.cpp: 47282 (JSC::BooleanObject::BooleanObject): 47283 (JSC::BooleanObject::finishCreation): 47284 * runtime/BooleanObject.h: 47285 * runtime/DateInstance.cpp: 47286 (JSC::DateInstance::DateInstance): 47287 (JSC::DateInstance::finishCreation): 47288 * runtime/DateInstance.h: 47289 * runtime/ErrorInstance.cpp: 47290 (JSC::ErrorInstance::ErrorInstance): 47291 * runtime/ErrorInstance.h: 47292 (JSC::ErrorInstance::create): 47293 * runtime/ErrorPrototype.cpp: 47294 (JSC::ErrorPrototype::ErrorPrototype): 47295 (JSC::ErrorPrototype::finishCreation): 47296 * runtime/ErrorPrototype.h: 47297 * runtime/ExceptionHelpers.cpp: 47298 (JSC::InterruptedExecutionError::InterruptedExecutionError): 47299 (JSC::InterruptedExecutionError::create): 47300 (JSC::TerminatedExecutionError::TerminatedExecutionError): 47301 (JSC::TerminatedExecutionError::create): 47302 * runtime/Executable.cpp: 47303 (JSC::EvalExecutable::EvalExecutable): 47304 (JSC::ProgramExecutable::ProgramExecutable): 47305 (JSC::FunctionExecutable::FunctionExecutable): 47306 * runtime/Executable.h: 47307 (JSC::NativeExecutable::create): 47308 (JSC::NativeExecutable::NativeExecutable): 47309 (JSC::EvalExecutable::create): 47310 (JSC::ProgramExecutable::create): 47311 (JSC::FunctionExecutable::create): 47312 * runtime/InternalFunction.cpp: 47313 (JSC::InternalFunction::InternalFunction): 47314 (JSC::InternalFunction::finishCreation): 47315 * runtime/InternalFunction.h: 47316 * runtime/JSActivation.cpp: 47317 (JSC::JSActivation::JSActivation): 47318 (JSC::JSActivation::finishCreation): 47319 * runtime/JSActivation.h: 47320 * runtime/JSArray.cpp: 47321 (JSC::JSArray::JSArray): 47322 * runtime/JSArray.h: 47323 (JSC::JSArray::create): 47324 * runtime/JSByteArray.cpp: 47325 (JSC::JSByteArray::JSByteArray): 47326 * runtime/JSByteArray.h: 47327 (JSC::JSByteArray::create): 47328 * runtime/JSFunction.cpp: 47329 (JSC::JSFunction::JSFunction): 47330 (JSC::JSFunction::finishCreation): 47331 * runtime/JSFunction.h: 47332 (JSC::JSFunction::create): 47333 * runtime/JSGlobalObject.h: 47334 (JSC::JSGlobalObject::JSGlobalObject): 47335 (JSC::JSGlobalObject::finishCreation): 47336 * runtime/JSNotAnObject.h: 47337 (JSC::JSNotAnObject::JSNotAnObject): 47338 (JSC::JSNotAnObject::create): 47339 * runtime/JSONObject.cpp: 47340 (JSC::JSONObject::JSONObject): 47341 (JSC::JSONObject::finishCreation): 47342 * runtime/JSONObject.h: 47343 * runtime/JSObjectWithGlobalObject.cpp: 47344 (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject): 47345 * runtime/JSObjectWithGlobalObject.h: 47346 * runtime/JSStaticScopeObject.h: 47347 (JSC::JSStaticScopeObject::create): 47348 (JSC::JSStaticScopeObject::finishCreation): 47349 (JSC::JSStaticScopeObject::JSStaticScopeObject): 47350 * runtime/JSVariableObject.h: 47351 (JSC::JSVariableObject::JSVariableObject): 47352 * runtime/JSWrapperObject.h: 47353 (JSC::JSWrapperObject::JSWrapperObject): 47354 * runtime/MathObject.cpp: 47355 (JSC::MathObject::MathObject): 47356 (JSC::MathObject::finishCreation): 47357 * runtime/MathObject.h: 47358 * runtime/NumberObject.cpp: 47359 (JSC::NumberObject::NumberObject): 47360 (JSC::NumberObject::finishCreation): 47361 * runtime/NumberObject.h: 47362 * runtime/ObjectPrototype.cpp: 47363 (JSC::ObjectPrototype::ObjectPrototype): 47364 * runtime/ObjectPrototype.h: 47365 (JSC::ObjectPrototype::create): 47366 * runtime/RegExpConstructor.cpp: 47367 (JSC::RegExpMatchesArray::RegExpMatchesArray): 47368 (JSC::RegExpMatchesArray::finishCreation): 47369 * runtime/RegExpMatchesArray.h: 47370 * runtime/RegExpObject.cpp: 47371 (JSC::RegExpObject::RegExpObject): 47372 (JSC::RegExpObject::finishCreation): 47373 * runtime/RegExpObject.h: 47374 * runtime/StrictEvalActivation.cpp: 47375 (JSC::StrictEvalActivation::StrictEvalActivation): 47376 * runtime/StrictEvalActivation.h: 47377 (JSC::StrictEvalActivation::create): 47378 * runtime/StringObject.cpp: 47379 (JSC::StringObject::StringObject): 47380 (JSC::StringObject::finishCreation): 47381 * runtime/StringObject.h: 47382 473832011-09-01 Daniel Bates <dbates@rim.com> 47384 47385 QNX GCC distribution doesn't support vasprintf() 47386 https://bugs.webkit.org/show_bug.cgi?id=67423 47387 47388 Reviewed by Antonio Gomes. 47389 47390 * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX. 47391 473922011-09-01 Michael Saboff <msaboff@apple.com> 47393 47394 Remove simple usage of UString::characters() from JavaScriptCore 47395 https://bugs.webkit.org/show_bug.cgi?id=67340 47396 47397 In preparation to allowing StringImpl to be backed by 8 bit 47398 characters when appropriate, we need to eliminate or change the 47399 usage of StringImpl::characters(). Most of the changes below 47400 change s->characters()[0] to s[0]. 47401 47402 Reviewed by Geoffrey Garen. 47403 47404 * bytecompiler/BytecodeGenerator.cpp: 47405 (JSC::keyForCharacterSwitch): 47406 * bytecompiler/NodesCodegen.cpp: 47407 (JSC::processClauseList): 47408 * interpreter/Interpreter.cpp: 47409 (JSC::Interpreter::privateExecute): 47410 * jit/JITStubs.cpp: 47411 (JSC::DEFINE_STUB_FUNCTION): 47412 * runtime/Identifier.cpp: 47413 (JSC::Identifier::addSlowCase): 47414 * runtime/JSGlobalObjectFunctions.cpp: 47415 (JSC::jsToNumber): 47416 (JSC::parseFloat): 47417 * runtime/JSString.cpp: 47418 (JSC::JSString::substringFromRope): 47419 * runtime/JSString.h: 47420 (JSC::jsSingleCharacterSubstring): 47421 (JSC::jsString): 47422 (JSC::jsSubstring): 47423 (JSC::jsOwnedString): 47424 * runtime/RegExp.cpp: 47425 (JSC::regExpFlags): 47426 * wtf/text/StringBuilder.h: 47427 (WTF::StringBuilder::operator[]): 47428 474292011-09-01 Ada Chan <adachan@apple.com> 47430 47431 Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160. 47432 47433 Reviewed by Darin Adler. 47434 47435 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 47436 474372011-09-01 Hao Zheng <zhenghao@chromium.org> 47438 47439 Define PTHREAD_KEYS_MAX to fix Android port build. 47440 https://bugs.webkit.org/show_bug.cgi?id=67362 47441 47442 Reviewed by Adam Barth. 47443 47444 PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it. 47445 47446 * wtf/ThreadIdentifierDataPthreads.cpp: 47447 474482011-08-31 Oliver Hunt <oliver@apple.com> 47449 47450 Fix build. 47451 47452 * wtf/CheckedArithmetic.h: 47453 (WTF::Checked::Checked): 47454 (WTF::Checked::operator=): 47455 474562011-08-31 Oliver Hunt <oliver@apple.com> 47457 47458 fast/regex/overflow.html asserts in debug builds 47459 https://bugs.webkit.org/show_bug.cgi?id=67326 47460 47461 Reviewed by Gavin Barraclough. 47462 47463 The deliberate overflows in these expressions don't interact nicely 47464 with Checked<32bit-type> so we just bump up to Checked<int64_t> for the 47465 intermediate calculations. 47466 47467 * yarr/YarrJIT.cpp: 47468 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): 47469 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): 47470 474712011-08-31 Jeff Miller <jeffm@apple.com> 47472 47473 REGRESSION(92210): AVFoundation media engine is disabled on OS X 47474 https://bugs.webkit.org/show_bug.cgi?id=67316 47475 47476 Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h, 47477 since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the 47478 changes that were made in r92210. 47479 47480 Reviewed by Darin Adler. 47481 47482 * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac. 47483 474842011-08-31 Peter Beverloo <peter@chromium.org> 47485 47486 Add Android's platform specification and the right atomic functions. 47487 https://bugs.webkit.org/show_bug.cgi?id=66687 47488 47489 Reviewed by Adam Barth. 47490 47491 * wtf/Atomics.h: 47492 (WTF::atomicIncrement): 47493 (WTF::atomicDecrement): 47494 * wtf/Platform.h: 47495 474962011-08-30 Oliver Hunt <oliver@apple.com> 47497 47498 Add support for checked arithmetic 47499 https://bugs.webkit.org/show_bug.cgi?id=67095 47500 47501 Reviewed by Sam Weinig. 47502 47503 Add a checked arithmetic class Checked<T> that provides overflow-safe 47504 arithmetic over all integral types. Checked<T> supports addition, subtraction 47505 and multiplication, along with "bool" conversions and equality operators. 47506 47507 Checked<> can be used in either CRASH() on overflow or delayed failure modes, 47508 although the default is to CRASH(). 47509 47510 To ensure the code is actually in use (rather than checking in dead code) I've 47511 made a couple of properties in YARR use Checked<int> and Checked<unsigned> 47512 instead of raw value arithmetic. This has resulted in a moderate set of changes, 47513 to YARR - mostly adding .get() calls, but a couple of casts from unsigned long 47514 to unsigned for some uses of sizeof, as Checked<> currently does not support 47515 mixed signed-ness of types wider that 32 bits. 47516 47517 Happily the increased type safety of Checked<> means that it's not possible to 47518 accidentally assign away precision, nor accidentally call integer overload of 47519 a function instead of the bool version. 47520 47521 No measurable regression in performance, and SunSpider claims this patch to be 47522 a progression of 0.3%. 47523 47524 * GNUmakefile.list.am: 47525 * JavaScriptCore.gypi: 47526 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 47527 * JavaScriptCore.xcodeproj/project.pbxproj: 47528 * wtf/CheckedArithmetic.h: Added. 47529 (WTF::CrashOnOverflow::overflowed): 47530 (WTF::CrashOnOverflow::clearOverflow): 47531 (WTF::CrashOnOverflow::hasOverflowed): 47532 (WTF::RecordOverflow::RecordOverflow): 47533 (WTF::RecordOverflow::overflowed): 47534 (WTF::RecordOverflow::clearOverflow): 47535 (WTF::RecordOverflow::hasOverflowed): 47536 (WTF::isInBounds): 47537 (WTF::safeAdd): 47538 (WTF::safeSub): 47539 (WTF::safeMultiply): 47540 (WTF::safeEquals): 47541 (WTF::workAroundClangBug): 47542 (WTF::Checked::Checked): 47543 (WTF::Checked::operator=): 47544 (WTF::Checked::operator++): 47545 (WTF::Checked::operator--): 47546 (WTF::Checked::operator!): 47547 (WTF::Checked::operator UnspecifiedBoolType*): 47548 (WTF::Checked::get): 47549 (WTF::Checked::operator+=): 47550 (WTF::Checked::operator-=): 47551 (WTF::Checked::operator*=): 47552 (WTF::Checked::operator==): 47553 (WTF::Checked::operator!=): 47554 (WTF::operator+): 47555 (WTF::operator-): 47556 (WTF::operator*): 47557 * yarr/YarrInterpreter.cpp: 47558 (JSC::Yarr::ByteCompiler::atomPatternCharacter): 47559 (JSC::Yarr::ByteCompiler::atomCharacterClass): 47560 (JSC::Yarr::ByteCompiler::atomBackReference): 47561 (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd): 47562 (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd): 47563 (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd): 47564 (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd): 47565 * yarr/YarrInterpreter.h: 47566 (JSC::Yarr::ByteTerm::ByteTerm): 47567 (JSC::Yarr::ByteTerm::CheckInput): 47568 (JSC::Yarr::ByteTerm::UncheckInput): 47569 * yarr/YarrJIT.cpp: 47570 (JSC::Yarr::YarrGenerator::generateAssertionEOL): 47571 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): 47572 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): 47573 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): 47574 (JSC::Yarr::YarrGenerator::generateCharacterClassOnce): 47575 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): 47576 (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy): 47577 (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): 47578 * yarr/YarrPattern.cpp: 47579 (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets): 47580 * yarr/YarrPattern.h: 47581 475822011-08-31 Andrei Popescu <andreip@google.com> 47583 47584 Investigate current uses of OS(ANDROID) 47585 https://bugs.webkit.org/show_bug.cgi?id=66761 47586 47587 Unreviewed, build fix for ARM platforms. 47588 47589 * wtf/Platform.h: 47590 475912011-08-31 Andrei Popescu <andreip@google.com> 47592 47593 Investigate current uses of OS(ANDROID) 47594 https://bugs.webkit.org/show_bug.cgi?id=66761 47595 47596 Reviewed by Darin Adler. 47597 47598 Remove the last legacy Android code. 47599 47600 No new tests needed as the code wasn't tested in the first place. 47601 47602 * wtf/Atomics.h: 47603 * wtf/Platform.h: 47604 * wtf/ThreadingPthreads.cpp: 47605 (WTF::createThreadInternal): 47606 476072011-08-30 Aaron Colwell <acolwell@chromium.org> 47608 47609 Add MediaSource API to HTMLMediaElement 47610 https://bugs.webkit.org/show_bug.cgi?id=64731 47611 47612 Reviewed by Eric Carlson. 47613 47614 * Configurations/FeatureDefines.xcconfig: 47615 476162011-08-30 Oliver Hunt <oliver@apple.com> 47617 47618 TypedArrays don't ensure that denormalised values are normalised 47619 https://bugs.webkit.org/show_bug.cgi?id=67178 47620 47621 Reviewed by Gavin Barraclough. 47622 47623 Add a couple of assertions to jsNumber() to ensure that 47624 we block signaling NaNs 47625 47626 * runtime/JSValue.h: 47627 (JSC::jsDoubleNumber): 47628 (JSC::jsNumber): 47629 476302011-08-30 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org> 47631 47632 [Qt] Do not unconditionally use pkg-config in .pro files 47633 https://bugs.webkit.org/show_bug.cgi?id=67055 47634 47635 Reviewed by Andreas Kling. 47636 47637 Original patch from Rohan McGovern <rohan.mcgovern@nokia.com> 47638 47639 Using the first pkg-config in PATH is prone to errors when cross 47640 compiling inside the Qt repository (using Qt's build-system). 47641 47642 This patch protect calls for pkg-config with 47643 !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to 47644 QT_CONFIG by Qt's 'configure' when cross-compiling on systems 47645 without pkg-config. 47646 47647 The respective change in Qt's configure has been submited already. 47648 47649 No new tests as this is just a build change. 47650 47651 * wtf/wtf.pri: protect pkg-config calls 47652 476532011-08-29 Daniel Bates <dbates@webkit.org> 47654 47655 Add HAVE(VASPRINTF) macro to test for vasprintf() support 47656 https://bugs.webkit.org/show_bug.cgi?id=67156 47657 47658 Reviewed by Darin Adler. 47659 47660 Encapsulate testing of vasprintf() support in a HAVE macro 47661 instead of hardcoding the list of supported/unsupported 47662 compilers at the call site. 47663 47664 * wtf/Platform.h: 47665 476662011-08-29 Mark Hahnenberg <mhahnenberg@apple.com> 47667 47668 Unzip initialization lists and constructors in JSCell hierarchy (3/7) 47669 https://bugs.webkit.org/show_bug.cgi?id=67064 47670 47671 Reviewed by Darin Adler. 47672 47673 Completed the third level of the refactoring to add finishCreation() 47674 methods to all classes within the JSCell hierarchy with non-trivial 47675 constructor bodies. 47676 47677 This primarily consists of pushing the calls to finishCreation() down 47678 into the constructors of the subclasses of the second level of the hierarchy 47679 as well as pulling the finishCreation() calls out into the class's corresponding 47680 create() method if it has one. Doing both simultaneously allows us to 47681 maintain the invariant that the finishCreation() method chain is called exactly 47682 once during the creation of an object, since calling it any other number of 47683 times (0, 2, or more) will cause an assertion failure. 47684 47685 * debugger/DebuggerActivation.cpp: 47686 (JSC::DebuggerActivation::DebuggerActivation): 47687 (JSC::DebuggerActivation::finishCreation): 47688 * debugger/DebuggerActivation.h: 47689 (JSC::DebuggerActivation::create): 47690 * runtime/Arguments.h: 47691 (JSC::Arguments::create): 47692 (JSC::Arguments::createNoParameters): 47693 (JSC::Arguments::Arguments): 47694 (JSC::Arguments::finishCreation): 47695 * runtime/ErrorInstance.cpp: 47696 (JSC::ErrorInstance::ErrorInstance): 47697 * runtime/ErrorInstance.h: 47698 (JSC::ErrorInstance::finishCreation): 47699 * runtime/ExceptionHelpers.cpp: 47700 (JSC::InterruptedExecutionError::InterruptedExecutionError): 47701 (JSC::TerminatedExecutionError::TerminatedExecutionError): 47702 * runtime/Executable.cpp: 47703 (JSC::EvalExecutable::EvalExecutable): 47704 (JSC::ProgramExecutable::ProgramExecutable): 47705 (JSC::FunctionExecutable::FunctionExecutable): 47706 Moved the assignment of m_firstLine and m_lastLine into the 47707 FunctionExecutable::finishCreation() method in Executable.h 47708 * runtime/Executable.h: 47709 (JSC::ScriptExecutable::ScriptExecutable): 47710 (JSC::EvalExecutable::create): 47711 (JSC::ProgramExecutable::create): 47712 (JSC::FunctionExecutable::create): 47713 (JSC::FunctionExecutable::finishCreation): 47714 * runtime/JSArray.cpp: 47715 (JSC::JSArray::JSArray): 47716 (JSC::JSArray::finishCreation): 47717 * runtime/JSArray.h: 47718 * runtime/JSByteArray.cpp: 47719 (JSC::JSByteArray::JSByteArray): 47720 * runtime/JSByteArray.h: 47721 (JSC::JSByteArray::finishCreation): 47722 * runtime/JSNotAnObject.h: 47723 (JSC::JSNotAnObject::JSNotAnObject): 47724 * runtime/JSObject.h: 47725 (JSC::JSNonFinalObject::JSNonFinalObject): 47726 * runtime/JSObjectWithGlobalObject.cpp: 47727 (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject): 47728 (JSC::JSObjectWithGlobalObject::finishCreation): 47729 * runtime/JSObjectWithGlobalObject.h: 47730 * runtime/JSVariableObject.h: 47731 (JSC::JSVariableObject::JSVariableObject): 47732 (JSC::JSVariableObject::finishCreation): 47733 * runtime/JSWrapperObject.h: 47734 (JSC::JSWrapperObject::JSWrapperObject): 47735 * runtime/ObjectPrototype.cpp: 47736 (JSC::ObjectPrototype::ObjectPrototype): 47737 (JSC::ObjectPrototype::finishCreation): 47738 * runtime/ObjectPrototype.h: 47739 * runtime/StrictEvalActivation.cpp: 47740 (JSC::StrictEvalActivation::StrictEvalActivation): 47741 477422011-08-29 Andreas Kling <kling@webkit.org> 47743 47744 Unreviewed build fix after r93990. 47745 47746 * wtf/HashTable.h: 47747 477482011-08-29 Andreas Kling <kling@webkit.org> 47749 47750 Viewing a post on reddit.com wastes a lot of memory on event listeners. 47751 https://bugs.webkit.org/show_bug.cgi?id=67133 47752 47753 Reviewed by Darin Adler. 47754 47755 Add a minimum table size to the HashTraits, instead of having it hard coded. 47756 The default value remains at 64, but can now be specialized. 47757 47758 * runtime/StructureTransitionTable.h: 47759 * wtf/HashTable.h: 47760 (WTF::HashTable::shouldShrink): 47761 (WTF::::expand): 47762 (WTF::::checkTableConsistencyExceptSize): 47763 * wtf/HashTraits.h: 47764 477652011-08-28 Jonathan Liu <net147@gmail.com> 47766 47767 Fix build error when compiling with MinGW-w64 by disabling JIT 47768 on Windows 64-bit 47769 https://bugs.webkit.org/show_bug.cgi?id=61235 47770 47771 Reviewed by Gavin Barraclough. 47772 47773 The fixed mmap executable allocator for JIT on x86_64 requires 47774 sys/mman.h which is not available on Windows. 47775 47776 * wtf/Platform.h: 47777 477782011-08-27 Filip Pizlo <fpizlo@apple.com> 47779 47780 JSC::Executable is inconsistent about using weak handle finalizers 47781 and destructors for releasing memory 47782 https://bugs.webkit.org/show_bug.cgi?id=67072 47783 47784 Reviewed by Darin Adler. 47785 47786 Moved more of the destruction of Executable state into the finalizer, 47787 which also resulted in an opportunity to mostly combine this with 47788 discardCode(). This also means that the finalizer is now enabled even 47789 when the JIT is turned off. This is performance neutral on SunSpider, 47790 V8, and Kraken. 47791 47792 * runtime/Executable.cpp: 47793 (JSC::ExecutableBase::clearCode): 47794 (JSC::ExecutableFinalizer::finalize): 47795 (JSC::EvalExecutable::clearCode): 47796 (JSC::ProgramExecutable::clearCode): 47797 (JSC::FunctionExecutable::discardCode): 47798 (JSC::FunctionExecutable::clearCode): 47799 * runtime/Executable.h: 47800 (JSC::ExecutableBase::finishCreation): 47801 478022011-08-26 Gavin Barraclough <barraclough@apple.com> 47803 47804 DFG JIT - ArithMod may clobber operands. 47805 https://bugs.webkit.org/show_bug.cgi?id=67085 47806 47807 Reviewed by Sam Weinig. 47808 47809 unboxDouble must be called on a temporary. 47810 47811 * dfg/DFGJITCodeGenerator.cpp: 47812 (JSC::DFG::JITCodeGenerator::fillDouble): 47813 * dfg/DFGJITCodeGenerator.h: 47814 (JSC::DFG::JITCodeGenerator::boxDouble): 47815 * dfg/DFGNonSpeculativeJIT.cpp: 47816 (JSC::DFG::NonSpeculativeJIT::compile): 47817 * dfg/DFGSpeculativeJIT.cpp: 47818 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 47819 478202011-08-26 Mark Hahnenberg <mhahnenberg@apple.com> 47821 47822 Unzip initialization lists and constructors in JSCell hierarchy (2/7) 47823 https://bugs.webkit.org/show_bug.cgi?id=66957 47824 47825 Reviewed by Darin Adler. 47826 47827 Completed the second level of the refactoring to add finishCreation() 47828 methods to all classes within the JSCell hierarchy with non-trivial 47829 constructor bodies. 47830 47831 * runtime/Executable.h: 47832 (JSC::ExecutableBase::ExecutableBase): 47833 (JSC::ExecutableBase::create): 47834 (JSC::NativeExecutable::create): 47835 (JSC::NativeExecutable::finishCreation): 47836 (JSC::NativeExecutable::NativeExecutable): 47837 (JSC::ScriptExecutable::ScriptExecutable): 47838 (JSC::ScriptExecutable::finishCreation): 47839 * runtime/GetterSetter.h: 47840 (JSC::GetterSetter::GetterSetter): 47841 (JSC::GetterSetter::create): 47842 * runtime/JSAPIValueWrapper.h: 47843 (JSC::JSAPIValueWrapper::create): 47844 (JSC::JSAPIValueWrapper::JSAPIValueWrapper): 47845 * runtime/JSObject.h: 47846 (JSC::JSNonFinalObject::JSNonFinalObject): 47847 (JSC::JSNonFinalObject::finishCreation): 47848 (JSC::JSFinalObject::create): 47849 (JSC::JSFinalObject::finishCreation): 47850 (JSC::JSFinalObject::JSFinalObject): 47851 (JSC::JSObject::JSObject): 47852 * runtime/JSPropertyNameIterator.cpp: 47853 (JSC::JSPropertyNameIterator::JSPropertyNameIterator): 47854 (JSC::JSPropertyNameIterator::create): 47855 * runtime/JSPropertyNameIterator.h: 47856 (JSC::JSPropertyNameIterator::create): 47857 * runtime/RegExp.cpp: 47858 (JSC::RegExp::RegExp): 47859 (JSC::RegExp::createWithoutCaching): 47860 * runtime/ScopeChain.h: 47861 (JSC::ScopeChainNode::ScopeChainNode): 47862 (JSC::ScopeChainNode::create): 47863 * runtime/Structure.cpp: 47864 (JSC::Structure::Structure): 47865 * runtime/Structure.h: 47866 (JSC::Structure::create): 47867 (JSC::Structure::finishCreation): 47868 (JSC::Structure::createStructure): 47869 * runtime/StructureChain.cpp: 47870 (JSC::StructureChain::StructureChain): 47871 * runtime/StructureChain.h: 47872 (JSC::StructureChain::create): 47873 478742011-08-26 Filip Pizlo <fpizlo@apple.com> 47875 47876 The GC does not have a facility for profiling the kinds of objects 47877 that occupy the heap 47878 https://bugs.webkit.org/show_bug.cgi?id=66849 47879 47880 Reviewed by Geoffrey Garen. 47881 47882 Destructor calls and object scans are now optionally counted, per 47883 vtable. When the heap is destroyed and profiling is enabled, the 47884 counts are dumped, with care taken to print the names of classes 47885 (modulo C++ mangling) sorted in descending commonality. 47886 47887 * GNUmakefile.list.am: 47888 * JavaScriptCore.exp: 47889 * JavaScriptCore.pro: 47890 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 47891 * JavaScriptCore.xcodeproj/project.pbxproj: 47892 * heap/Heap.cpp: 47893 (JSC::Heap::destroy): 47894 * heap/Heap.h: 47895 * heap/MarkStack.cpp: 47896 (JSC::SlotVisitor::visitChildren): 47897 (JSC::SlotVisitor::drain): 47898 * heap/MarkStack.h: 47899 * heap/MarkedBlock.cpp: 47900 (JSC::MarkedBlock::callDestructor): 47901 * heap/MarkedBlock.h: 47902 * heap/VTableSpectrum.cpp: Added. 47903 (JSC::VTableSpectrum::VTableSpectrum): 47904 (JSC::VTableSpectrum::~VTableSpectrum): 47905 (JSC::VTableSpectrum::countVPtr): 47906 (JSC::VTableSpectrum::count): 47907 (JSC::VTableAndCount::VTableAndCount): 47908 (JSC::VTableAndCount::operator<): 47909 (JSC::VTableSpectrum::dump): 47910 * heap/VTableSpectrum.h: Added. 47911 * wtf/Platform.h: 47912 479132011-08-26 Juan C. Montemayor <jmont@apple.com> 47914 47915 Update topCallFrame when calling host functions in the JIT 47916 https://bugs.webkit.org/show_bug.cgi?id=67010 47917 47918 Reviewed by Oliver Hunt. 47919 47920 The topCallFrame is not being updated when a host function is 47921 called by the JIT. This causes problems when trying to create a 47922 stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994). 47923 47924 * jit/JITOpcodes.cpp: 47925 (JSC::JIT::privateCompileCTIMachineTrampolines): 47926 (JSC::JIT::privateCompileCTINativeCall): 47927 479282011-08-26 Alexey Proskuryakov <ap@apple.com> 47929 47930 Get rid of frame life support timer 47931 https://bugs.webkit.org/show_bug.cgi?id=66874 47932 47933 Reviewed by Geoff Garen. 47934 47935 * runtime/JSGlobalObject.h: 47936 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 47937 globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase. 47938 479392011-08-26 Chao-ying Fu <fu@mips.com> 47940 47941 Fix MIPS patchOffsetGetByIdSlowCaseCall 47942 https://bugs.webkit.org/show_bug.cgi?id=67046 47943 47944 Reviewed by Gavin Barraclough. 47945 47946 * jit/JIT.h: 47947 479482011-08-25 Mark Hahnenberg <mhahnenberg@apple.com> 47949 47950 Fixing broken build due to unused variables in release mode 47951 https://bugs.webkit.org/show_bug.cgi?id=67004 47952 47953 Unreviewed, release build fix. 47954 47955 Fixing broken build due to unused variables in ASSERTs in release build. 47956 47957 * runtime/JSObject.h: 47958 (JSC::JSObject::finishCreation): 47959 * runtime/JSString.h: 47960 (JSC::RopeBuilder::finishCreation): 47961 * runtime/ScopeChain.h: 47962 (JSC::ScopeChainNode::finishCreation): 47963 479642011-08-25 Mark Hahnenberg <mhahnenberg@apple.com> 47965 47966 Unzip initialization lists and constructors in JSCell hierarchy (1/7) 47967 https://bugs.webkit.org/show_bug.cgi?id=66827 47968 47969 Reviewed by Geoffrey Garen. 47970 47971 Added finishCreation() methods to all immediately subclasses of JSCell with 47972 non-empty constructors. Part of a larger refactoring to "unzip" initialization 47973 lists and constructor bodies. Also renamed JSCell's constructorBody() method 47974 to finishCreation(). 47975 47976 * runtime/Executable.h: 47977 (JSC::ExecutableBase::ExecutableBase): 47978 (JSC::ExecutableBase::constructorBody): 47979 * runtime/GetterSetter.h: 47980 (JSC::GetterSetter::GetterSetter): 47981 * runtime/JSAPIValueWrapper.h: 47982 (JSC::JSAPIValueWrapper::constructorBody): 47983 (JSC::JSAPIValueWrapper::JSAPIValueWrapper): 47984 * runtime/JSCell.h: 47985 (JSC::JSCell::JSCell::JSCell): 47986 (JSC::JSCell::JSCell::constructorBody): 47987 * runtime/JSObject.h: 47988 (JSC::JSObject::constructorBody): 47989 (JSC::JSObject::JSObject): 47990 * runtime/JSPropertyNameIterator.h: 47991 (JSC::JSPropertyNameIterator::constructorBody): 47992 * runtime/JSString.h: 47993 (JSC::RopeBuilder::JSString): 47994 (JSC::RopeBuilder::constructorBody): 47995 * runtime/RegExp.cpp: 47996 (JSC::RegExp::RegExp): 47997 (JSC::RegExp::constructorBody): 47998 * runtime/RegExp.h: 47999 * runtime/ScopeChain.h: 48000 (JSC::ScopeChainNode::ScopeChainNode): 48001 (JSC::ScopeChainNode::constructorBody): 48002 * runtime/Structure.cpp: 48003 (JSC::Structure::Structure): 48004 * runtime/StructureChain.cpp: 48005 (JSC::StructureChain::StructureChain): 48006 * runtime/StructureChain.h: 48007 (JSC::StructureChain::create): 48008 (JSC::StructureChain::constructorBody): 48009 480102011-08-25 Gabor Loki <loki@webkit.org> 48011 48012 REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot 48013 https://bugs.webkit.org/show_bug.cgi?id=66956 48014 48015 Rebaseline constants for patching GetByIdSlowCaseCall on ARM. 48016 48017 Reviewed by Oliver Hunt. 48018 48019 * jit/JIT.h: 48020 480212011-08-24 Juan C. Montemayor <jmont@apple.com> 48022 48023 Keep track of topCallFrame for Stack traces 48024 https://bugs.webkit.org/show_bug.cgi?id=66571 48025 48026 Reviewed by Geoffrey Garen. 48027 48028 This patch adds a TopCallFrame to JSC in order to have that information 48029 when an error is thrown to create a stack trace. The TopCallFrame is 48030 updated throughout select points in the Interpreter and the JSC. 48031 48032 * interpreter/Interpreter.cpp: 48033 (JSC::Interpreter::unwindCallFrame): 48034 (JSC::Interpreter::throwException): 48035 (JSC::Interpreter::execute): 48036 (JSC::Interpreter::executeCall): 48037 (JSC::Interpreter::executeConstruct): 48038 (JSC::Interpreter::privateExecute): 48039 * interpreter/Interpreter.h: 48040 (JSC::TopCallFrameSetter::TopCallFrameSetter): 48041 (JSC::TopCallFrameSetter::~TopCallFrameSetter): 48042 * jit/JIT.h: 48043 * jit/JITInlineMethods.h: 48044 (JSC::JIT::updateTopCallFrame): 48045 * jit/JITStubCall.h: 48046 (JSC::JITStubCall::call): 48047 * jit/JITStubs.cpp: 48048 (JSC::throwExceptionFromOpCall): 48049 (JSC::DEFINE_STUB_FUNCTION): 48050 (JSC::arityCheckFor): 48051 * runtime/JSGlobalData.cpp: 48052 (JSC::JSGlobalData::JSGlobalData): 48053 * runtime/JSGlobalData.h: 48054 480552011-08-24 Filip Pizlo <fpizlo@apple.com> 48056 48057 ErrorInstance::create sometimes has two heap object constructions 48058 in flight at once 48059 https://bugs.webkit.org/show_bug.cgi?id=66845 48060 48061 Reviewed by Darin Adler. 48062 48063 The fix is simple since there is already a second create() method 48064 that takes a UString. 48065 48066 * runtime/ErrorInstance.cpp: 48067 (JSC::ErrorInstance::create): 48068 480692011-08-24 Filip Pizlo <fpizlo@apple.com> 48070 48071 There is no facility for profiling how the write barrier is used 48072 https://bugs.webkit.org/show_bug.cgi?id=66747 48073 48074 Reviewed by Geoffrey Garen. 48075 48076 Added facilities for the JIT to specify the kind of write barrier 48077 being executed. Added code for profiling the number of each kind 48078 of barrier encountered. 48079 48080 * GNUmakefile.list.am: 48081 * JavaScriptCore.exp: 48082 * JavaScriptCore.pro: 48083 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 48084 * JavaScriptCore.xcodeproj/project.pbxproj: 48085 * dfg/DFGJITCodeGenerator.cpp: 48086 (JSC::DFG::JITCodeGenerator::writeBarrier): 48087 (JSC::DFG::JITCodeGenerator::cachedPutById): 48088 * dfg/DFGJITCodeGenerator.h: 48089 * dfg/DFGJITCompiler.cpp: 48090 (JSC::DFG::JITCompiler::emitCount): 48091 * dfg/DFGJITCompiler.h: 48092 (JSC::DFG::JITCompiler::emitCount): 48093 * dfg/DFGNonSpeculativeJIT.cpp: 48094 (JSC::DFG::NonSpeculativeJIT::compile): 48095 * dfg/DFGRepatch.cpp: 48096 (JSC::DFG::tryCachePutByID): 48097 * dfg/DFGSpeculativeJIT.cpp: 48098 (JSC::DFG::SpeculativeJIT::compile): 48099 * heap/Heap.h: 48100 (JSC::Heap::writeBarrier): 48101 * heap/WriteBarrierSupport.cpp: Added. 48102 (JSC::WriteBarrierCounters::initialize): 48103 * heap/WriteBarrierSupport.h: Added. 48104 (JSC::WriteBarrierCounters::WriteBarrierCounters): 48105 (JSC::WriteBarrierCounters::jitCounterFor): 48106 (JSC::WriteBarrierCounters::countWriteBarrier): 48107 * jit/JIT.h: 48108 * jit/JITPropertyAccess.cpp: 48109 (JSC::JIT::emit_op_put_by_id): 48110 (JSC::JIT::privateCompilePutByIdTransition): 48111 (JSC::JIT::emit_op_put_scoped_var): 48112 (JSC::JIT::emit_op_put_global_var): 48113 (JSC::JIT::emitWriteBarrier): 48114 * jit/JITPropertyAccess32_64.cpp: 48115 (JSC::JIT::emit_op_put_by_val): 48116 (JSC::JIT::emit_op_put_by_id): 48117 (JSC::JIT::privateCompilePutByIdTransition): 48118 (JSC::JIT::emit_op_put_scoped_var): 48119 (JSC::JIT::emit_op_put_global_var): 48120 (JSC::JIT::emitWriteBarrier): 48121 * runtime/InitializeThreading.cpp: 48122 (JSC::initializeThreadingOnce): 48123 * runtime/WriteBarrier.h: 48124 (JSC::WriteBarrierBase::setWithoutWriteBarrier): 48125 481262011-08-23 Mark Hahnenberg <mhahnenberg@apple.com> 48127 48128 Add checks to ensure allocation does not take place during initialization of GC-managed objects 48129 https://bugs.webkit.org/show_bug.cgi?id=65288 48130 48131 Reviewed by Darin Adler. 48132 48133 Adding the new validation functionality. In its current state, it will performs checks, 48134 but they don't fail unless you do allocation in the arguments to the parent constructor in the 48135 initialization list of a class. The allocateCell() method turns on the global flag disallowing any new 48136 allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still 48137 allowed in constructor bodies while other refactoring efforts continue. 48138 48139 * runtime/JSCell.h: 48140 (JSC::JSCell::JSCell::constructorBody): 48141 (JSC::JSCell::JSCell::JSCell): 48142 (JSC::JSCell::allocateCell): 48143 * runtime/JSGlobalData.cpp: 48144 (JSC::JSGlobalData::JSGlobalData): 48145 * runtime/JSGlobalData.h: 48146 (JSC::JSGlobalData::isInitializingObject): 48147 (JSC::JSGlobalData::setInitializingObject): 48148 * runtime/StringObjectThatMasqueradesAsUndefined.h: 48149 (JSC::StringObjectThatMasqueradesAsUndefined::create): 48150 481512011-08-23 Gavin Barraclough <barraclough@apple.com> 48152 48153 https://bugs.webkit.org/show_bug.cgi?id=55347 48154 "name" and "message" enumerable on *Error.prototype 48155 48156 Reviewed by Sam Weinig. 48157 48158 The default value of a NativeErrorPrototype's message 48159 property is "", not the name of the error. 48160 48161 * runtime/NativeErrorConstructor.cpp: 48162 (JSC::NativeErrorConstructor::NativeErrorConstructor): 48163 * runtime/NativeErrorConstructor.h: 48164 (JSC::NativeErrorConstructor::create): 48165 (JSC::NativeErrorConstructor::constructorBody): 48166 * runtime/NativeErrorPrototype.cpp: 48167 (JSC::NativeErrorPrototype::NativeErrorPrototype): 48168 (JSC::NativeErrorPrototype::constructorBody): 48169 * runtime/NativeErrorPrototype.h: 48170 (JSC::NativeErrorPrototype::create): 48171 * runtime/StringPrototype.cpp: 48172 (JSC::StringPrototype::StringPrototype): 48173 * runtime/StringPrototype.h: 48174 (JSC::StringPrototype::create): 48175 481762011-08-23 Steve Block <steveblock@google.com> 48177 48178 Remove last occurrences of PLATFORM(ANDROID) 48179 https://bugs.webkit.org/show_bug.cgi?id=66763 48180 48181 Reviewed by Tony Gentilcore. 48182 48183 * wtf/Platform.h: 48184 481852011-08-23 Steve Block <steveblock@google.com> 48186 48187 Remove all mention of removed Android files from build scripts 48188 https://bugs.webkit.org/show_bug.cgi?id=66755 48189 48190 Reviewed by Tony Gentilcore. 48191 48192 * JavaScriptCore.gyp/JavaScriptCore.gyp: 48193 * JavaScriptCore.gypi: 48194 * gyp/JavaScriptCore.gyp: 48195 481962011-08-23 Adam Barth <abarth@webkit.org> 48197 48198 Remove WebCore/editing/android and other Android-specific directories 48199 https://bugs.webkit.org/show_bug.cgi?id=66739 48200 48201 Reviewed by Steve Block. 48202 48203 Now that Android shares more code with Chromium, we don't need these 48204 Android-specific files. 48205 48206 * wtf/android: Removed. 48207 * wtf/android/AndroidThreading.h: Removed. 48208 * wtf/android/MainThreadAndroid.cpp: Removed. 48209 482102011-08-23 Ilya Tikhonovsky <loislo@chromium.org> 48211 48212 Unreviewed build fix for compile error on Windows for r93560. 48213 48214 * runtime/SamplingCounter.h: 48215 482162011-08-22 Filip Pizlo <fpizlo@apple.com> 48217 48218 Sampling counter support is in the bytecode directory 48219 https://bugs.webkit.org/show_bug.cgi?id=66724 48220 48221 Reviewed by Darin Adler. 48222 48223 Moved SamplingCounter to a separate header in runtime/. 48224 48225 * GNUmakefile.list.am: 48226 * JavaScriptCore.pro: 48227 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 48228 * JavaScriptCore.xcodeproj/project.pbxproj: 48229 * bytecode/SamplingTool.cpp: 48230 * bytecode/SamplingTool.h: 48231 * runtime/SamplingCounter.cpp: Added. 48232 (JSC::AbstractSamplingCounter::dump): 48233 * runtime/SamplingCounter.h: Added. 48234 (JSC::AbstractSamplingCounter::count): 48235 (JSC::AbstractSamplingCounter::addressOfCounter): 48236 (JSC::AbstractSamplingCounter::init): 48237 (JSC::SamplingCounter::SamplingCounter): 48238 (JSC::GlobalSamplingCounter::name): 48239 (JSC::DeletableSamplingCounter::DeletableSamplingCounter): 48240 (JSC::DeletableSamplingCounter::~DeletableSamplingCounter): 48241 482422011-08-21 Martin Robinson <mrobinson@igalia.com> 48243 48244 Fix 'make dist' for WebKitGTK+. 48245 48246 * GNUmakefile.list.am: Add a missing header to the sources list. 48247 482482011-08-20 Filip Pizlo <fpizlo@apple.com> 48249 48250 JavaScriptCore bytecompiler does not compute scope depth correctly 48251 in the case of constant declarations 48252 https://bugs.webkit.org/show_bug.cgi?id=66572 48253 48254 Reviewed by Oliver Hunt. 48255 48256 Changed the handling of const to add the dynamic scope depth. 48257 48258 * bytecompiler/NodesCodegen.cpp: 48259 (JSC::ConstDeclNode::emitCodeSingle): 48260 482612011-08-19 Daniel Bates <dbates@webkit.org> 48262 48263 Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS 48264 https://bugs.webkit.org/show_bug.cgi?id=66617 48265 48266 Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS). 48267 But we cause a compile error if the platform doesn't support SA_RESTART regardless of 48268 whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require 48269 SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled. 48270 48271 Reviewed by Antonio Gomes. 48272 48273 * heap/MachineStackMarker.cpp: 48274 482752011-08-19 Filip Pizlo <fpizlo@apple.com> 48276 48277 The JSC JIT currently has no facility to profile and report 48278 the types of values 48279 https://bugs.webkit.org/show_bug.cgi?id=65901 48280 48281 Reviewed by Gavin Barraclough. 48282 48283 Added the ability to profile the values seen at function calls (both 48284 arguments and results) and heap loads. This is done with emphasis 48285 on performance. A value profiling site consists of: add, and, 48286 move, and store; no branching is necessary. Each value profiling 48287 site (called a ValueProfile) has a ring buffer of 8 recently-seen 48288 values. ValueProfiles are stored in the CodeBlock; there will be 48289 one for each argument (excluding this) and each heap load or callsite. 48290 Each time a value profiling site executes, it stores the value into 48291 a pseudo-random element in the ValueProfile buffer. The point is 48292 that for frequently executed code, we will have 8 somewhat recent 48293 values in the buffer and will be able to not only figure out what 48294 type it is, but also to be able to reason about the actual values 48295 if we wish to do so. 48296 48297 This feature is currently disabled by default. When enabled, it 48298 results in a 3.7% slow-down on SunSpider. 48299 48300 * JavaScriptCore.xcodeproj/project.pbxproj: 48301 * bytecode/CodeBlock.cpp: 48302 (JSC::CodeBlock::~CodeBlock): 48303 * bytecode/CodeBlock.h: 48304 (JSC::CodeBlock::addValueProfile): 48305 (JSC::CodeBlock::numberOfValueProfiles): 48306 (JSC::CodeBlock::valueProfile): 48307 (JSC::CodeBlock::valueProfileForBytecodeOffset): 48308 * bytecode/ValueProfile.h: Added. 48309 (JSC::ValueProfile::ValueProfile): 48310 (JSC::ValueProfile::numberOfSamples): 48311 (JSC::ValueProfile::computeProbability): 48312 (JSC::ValueProfile::numberOfInt32s): 48313 (JSC::ValueProfile::numberOfDoubles): 48314 (JSC::ValueProfile::numberOfCells): 48315 (JSC::ValueProfile::probabilityOfInt32): 48316 (JSC::ValueProfile::probabilityOfDouble): 48317 (JSC::ValueProfile::probabilityOfCell): 48318 (JSC::getValueProfileBytecodeOffset): 48319 * jit/JIT.cpp: 48320 (JSC::JIT::privateCompileSlowCases): 48321 (JSC::JIT::privateCompile): 48322 * jit/JIT.h: 48323 (JSC::JIT::emitValueProfilingSite): 48324 * jit/JITCall.cpp: 48325 (JSC::JIT::emit_op_call_put_result): 48326 * jit/JITInlineMethods.h: 48327 (JSC::JIT::emitValueProfilingSite): 48328 * jit/JITPropertyAccess.cpp: 48329 (JSC::JIT::emit_op_get_by_val): 48330 (JSC::JIT::emitSlow_op_get_by_val): 48331 (JSC::JIT::emit_op_method_check): 48332 (JSC::JIT::emit_op_get_by_id): 48333 (JSC::JIT::emitSlow_op_get_by_id): 48334 * jit/JSInterfaceJIT.h: 48335 * wtf/Platform.h: 48336 * wtf/StdLibExtras.h: 48337 (WTF::binarySearch): 48338 (WTF::genericBinarySearch): 48339 483402011-08-19 Daniel Bates <dbates@webkit.org> 48341 48342 Don't include DisallowCType.h when building on QNX 48343 https://bugs.webkit.org/show_bug.cgi?id=66616 48344 48345 Reviewed by Antonio Gomes. 48346 48347 * config.h: 48348 483492011-08-19 Daniel Bates <dbates@webkit.org> 48350 48351 Implement ExecutableAllocator::cacheFlush() for QNX 48352 https://bugs.webkit.org/show_bug.cgi?id=66611 48353 48354 Reviewed by Antonio Gomes. 48355 48356 * jit/ExecutableAllocator.h: 48357 (JSC::ExecutableAllocator::cacheFlush): 48358 483592011-08-19 Daniel Bates <dbates@webkit.org> 48360 48361 Implement WTF::atomic{Increment, Decrement}() for QNX 48362 https://bugs.webkit.org/show_bug.cgi?id=66605 48363 48364 Reviewed by Darin Adler. 48365 48366 * wtf/Atomics.h: 48367 (WTF::atomicIncrement): 48368 (WTF::atomicDecrement): 48369 483702011-08-19 Beth Dakin <bdakin@apple.com> 48371 48372 https://bugs.webkit.org/show_bug.cgi?id=66590 48373 Re-name scrollbar painter types 48374 48375 Reviewed by Sam Weinig. 48376 48377 WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer 48378 applies. 48379 * wtf/Platform.h: 48380 483812011-08-18 Mark Hahnenberg <mhahnenberg@apple.com> 48382 48383 Move allocation in constructors into separate constructorBody() methods 48384 https://bugs.webkit.org/show_bug.cgi?id=66265 48385 48386 Reviewed by Oliver Hunt. 48387 48388 Refactoring to put all allocations that need to be done after the object's 48389 initialization list has executed but before the object is ready for use 48390 into a separate constructorBody() method. This method is still called by the constructor, 48391 so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring. 48392 48393 * JavaScriptCore.exp: 48394 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 48395 * jsc.cpp: 48396 (GlobalObject::constructorBody): 48397 (GlobalObject::GlobalObject): 48398 * runtime/ErrorInstance.cpp: 48399 (JSC::ErrorInstance::ErrorInstance): 48400 * runtime/ErrorInstance.h: 48401 (JSC::ErrorInstance::constructorBody): 48402 * runtime/ErrorPrototype.cpp: 48403 (JSC::ErrorPrototype::ErrorPrototype): 48404 (JSC::ErrorPrototype::constructorBody): 48405 * runtime/ErrorPrototype.h: 48406 * runtime/Executable.cpp: 48407 (JSC::FunctionExecutable::FunctionExecutable): 48408 * runtime/Executable.h: 48409 (JSC::FunctionExecutable::constructorBody): 48410 * runtime/InternalFunction.cpp: 48411 (JSC::InternalFunction::InternalFunction): 48412 * runtime/InternalFunction.h: 48413 (JSC::InternalFunction::constructorBody): 48414 * runtime/JSByteArray.cpp: 48415 (JSC::JSByteArray::JSByteArray): 48416 * runtime/JSByteArray.h: 48417 (JSC::JSByteArray::constructorBody): 48418 * runtime/JSFunction.cpp: 48419 (JSC::JSFunction::JSFunction): 48420 (JSC::JSFunction::constructorBody): 48421 * runtime/JSFunction.h: 48422 * runtime/JSGlobalObject.h: 48423 (JSC::JSGlobalObject::JSGlobalObject): 48424 (JSC::JSGlobalObject::constructorBody): 48425 * runtime/JSPropertyNameIterator.cpp: 48426 (JSC::JSPropertyNameIterator::JSPropertyNameIterator): 48427 * runtime/JSPropertyNameIterator.h: 48428 (JSC::JSPropertyNameIterator::constructorBody): 48429 * runtime/JSString.h: 48430 (JSC::RopeBuilder::JSString): 48431 (JSC::RopeBuilder::constructorBody): 48432 * runtime/NativeErrorConstructor.cpp: 48433 (JSC::NativeErrorConstructor::NativeErrorConstructor): 48434 * runtime/NativeErrorConstructor.h: 48435 (JSC::NativeErrorConstructor::constructorBody): 48436 * runtime/NativeErrorPrototype.cpp: 48437 (JSC::NativeErrorPrototype::NativeErrorPrototype): 48438 (JSC::NativeErrorPrototype::constructorBody): 48439 * runtime/NativeErrorPrototype.h: 48440 * runtime/StringObject.cpp: 48441 * runtime/StringObject.h: 48442 (JSC::StringObject::create): 48443 * runtime/StringObjectThatMasqueradesAsUndefined.h: 48444 (JSC::StringObjectThatMasqueradesAsUndefined::create): 48445 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): 48446 * runtime/StringPrototype.cpp: 48447 (JSC::StringPrototype::StringPrototype): 48448 * runtime/StringPrototype.h: 48449 (JSC::StringPrototype::create): 48450 484512011-08-10 Filip Pizlo <fpizlo@apple.com> 48452 48453 DFG non-speculative JIT does not inline the double case of ValueAdd 48454 https://bugs.webkit.org/show_bug.cgi?id=66025 48455 48456 Reviewed by Gavin Barraclough. 48457 48458 This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few 48459 benchmarks (imaging-darkroom, stanford-crypto-pbkdf2, 48460 stanford-crypto-sha256-iterative). It looks like it might have 48461 a speed-up in SunSpider (though not statistically significant or 48462 particularly reproducible) and a slight slow-down in V8 (0.14%, 48463 not statistically significant). It does slow down v8-crypto by 48464 1.5%. 48465 48466 * dfg/DFGJITCodeGenerator.cpp: 48467 (JSC::DFG::JITCodeGenerator::isKnownInteger): 48468 (JSC::DFG::JITCodeGenerator::isKnownNumeric): 48469 * dfg/DFGNonSpeculativeJIT.cpp: 48470 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 48471 (JSC::DFG::NonSpeculativeJIT::basicArithOp): 48472 * dfg/DFGOperations.cpp: 48473 484742011-08-18 Filip Pizlo <fpizlo@apple.com> 48475 48476 [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly 48477 https://bugs.webkit.org/show_bug.cgi?id=66426 48478 48479 Reviewed by Oliver Hunt. 48480 48481 Changed the branchTestPtr to branchTest32. 48482 48483 * dfg/DFGSpeculativeJIT.cpp: 48484 (JSC::DFG::SpeculativeJIT::compile): 48485 484862011-08-17 Thouraya ANDOLSI <thouraya.andolsi@st.com> 48487 48488 https://bugs.webkit.org/show_bug.cgi?id=66379 48489 implements load32WithCompactAddressOffsetPatch function 48490 and fixes store32 and moveWithPatch functions for SH4 platforms. 48491 48492 Reviewed by Gavin Barraclough. 48493 48494 * assembler/MacroAssemblerSH4.h: 48495 (JSC::MacroAssemblerSH4::rshift32): 48496 (JSC::MacroAssemblerSH4::store32): 48497 (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch): 48498 (JSC::MacroAssemblerSH4::moveWithPatch): 48499 * assembler/SH4Assembler.h: 48500 (JSC::SH4Assembler::movlMemRegCompact): 48501 (JSC::SH4Assembler::readPointer): 48502 (JSC::SH4Assembler::repatchCompact): 48503 * jit/JIT.h: 48504 485052011-08-17 Filip Pizlo <fpizlo@apple.com> 48506 48507 JSC verbose debugging output sometimes doesn't work as expected. 48508 https://bugs.webkit.org/show_bug.cgi?id=66107 48509 48510 Reviewed by Gavin Barraclough. 48511 48512 Hardened the CodeBlock::dump() code so that it no longer crashes. Improved 48513 the DFG verbose code so that it prints slightly more useful information. 48514 48515 * assembler/LinkBuffer.h: 48516 (JSC::LinkBuffer::debugSize): 48517 * bytecode/CodeBlock.cpp: 48518 (JSC::valueToSourceString): 48519 (JSC::CodeBlock::dump): 48520 * bytecode/CodeBlock.h: 48521 (JSC::CodeBlock::numberOfRegExps): 48522 * dfg/DFGJITCompiler.cpp: 48523 (JSC::DFG::JITCompiler::link): 48524 485252011-08-16 Michael Saboff <msaboff@apple.com> 48526 48527 Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure 48528 https://bugs.webkit.org/show_bug.cgi?id=66351 48529 48530 JIT::privateCompilePutByIdTransition expects that regT0 and regT1 48531 have the basePayload and baseTag respectively. In some cases, 48532 we may get to this generated code with one or both of these 48533 registers trash. One know case is that regT0 on ARM may be 48534 trashed as regT0 (r0) is also arg0 and can be overrun with sp due 48535 to calls to JIT::restoreReturnAddress(). This patch uses the 48536 values on the stack. A longer term solution is to work out all 48537 cases so that the register entry assumptions can assured. 48538 48539 While fixing this, also determined that the additional stack offset 48540 of sizeof(void*) is not needed for ARM. 48541 48542 Reviewed by Gavin Barraclough. 48543 48544 * jit/JITPropertyAccess32_64.cpp: 48545 (JSC::JIT::privateCompilePutByIdTransition): 48546 485472011-08-15 Gavin Barraclough <barraclough@apple.com> 48548 48549 https://bugs.webkit.org/show_bug.cgi?id=66263 48550 DFG JIT does not always zero extend boolean result of DFG operations 48551 48552 Reviewed by Sam Weinig. 48553 48554 * dfg/DFGOperations.cpp: 48555 * dfg/DFGOperations.h: 48556 - Change bool return values to a 64-bit type. 48557 485582011-08-15 Gavin Barraclough <barraclough@apple.com> 48559 48560 Crash accessing static property on sealed object 48561 https://bugs.webkit.org/show_bug.cgi?id=66242 48562 48563 Reviewed by Sam Weinig. 48564 48565 * runtime/JSObject.h: 48566 (JSC::JSObject::putDirectInternal): 48567 - should only check isExtensible if checkReadOnly. 48568 485692011-08-15 Sam Weinig <sam@webkit.org> 48570 48571 Fix release build when building with Clang. 48572 48573 Reviewed by Anders Carlsson. 48574 48575 * runtime/Identifier.cpp: 48576 (JSC::Identifier::checkCurrentIdentifierTable): 48577 Add NO_RETURN_DUE_TO_CRASH. 48578 485792011-08-15 Oliver Varga <Varga.Oliver@stud.u-szeged.hu> 48580 48581 Reviewed by Nikolas Zimmermann. 48582 48583 Speed up SVGSMILElement::findInstanceTime. 48584 https://bugs.webkit.org/show_bug.cgi?id=61025 48585 48586 Add a new parameter to StdlibExtras.h::binarySerarch function 48587 to also handle cases when the array does not contain the key value. 48588 This is needed for an svg function. 48589 48590 * wtf/StdLibExtras.h: 48591 (WTF::binarySearch): 48592 485932011-08-13 Sam Weinig <sam@webkit.org> 48594 48595 Add back 0xbbadbeef to CRASH to allow for old habits 48596 https://bugs.webkit.org/show_bug.cgi?id=66190 48597 48598 Reviewed by David Kilzer. 48599 48600 * wtf/Assertions.h: 48601 Add back the assignment to the memory address 0xbbadbeef in the CRASH 48602 macro, as it does not cause issue in the clang static analyzer and many 48603 people use its presence in crash reports to easily identify ASSERTs. 48604 486052011-08-13 Sam Weinig <sam@webkit.org> 48606 48607 Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore 48608 https://bugs.webkit.org/show_bug.cgi?id=66182 48609 48610 Reviewed by Dan Bernstein. 48611 48612 Fixes 10 warnings in JavaScriptCore and 2 in testapi. 48613 48614 * API/tests/testapi.c: 48615 (main): 48616 Remove dead variables. 48617 48618 * dfg/DFGGraph.cpp: 48619 (JSC::DFG::Graph::dump): 48620 Initialize hasPrinted and silence an unused warning by casting to void (Ok here 48621 since it is debug code and I want to keep it clear that if other cases are added, 48622 the hasPrinted flag would be needed). 48623 48624 * wtf/dtoa.cpp: 48625 (WTF::d2b): 48626 The variable "de" in the else block is always zero, so there is no reason to 48627 use it. 48628 486292011-08-12 Sam Weinig <sam@webkit.org> 48630 48631 Use __builtin_trap() for CRASH when building with clang 48632 https://bugs.webkit.org/show_bug.cgi?id=66152 48633 48634 Reviewed by Anders Carlsson. 48635 48636 * wtf/Assertions.h: 48637 Add Clang specific CRASH macro that calls __builtin_trap() instead 48638 of silly techniques to crash. This allows the static analyzer to understand 48639 that we are intentionally crashing. As a result, we need to mark some functions 48640 as not returning. 48641 48642 Also adds a macros that annotates a function as never returning due to ASSERT or CRASH. 48643 48644 * wtf/Compiler.h: 48645 Add COMPILIER(CLANG) and fix some formatting and spelling mistakes. 48646 48647 * wtf/FastMalloc.cpp: 48648 (WTF::Internal::fastMallocMatchFailed): 48649 Add NO_RETURN_DUE_TO_CRASH. 48650 48651 * yarr/YarrParser.h: 48652 (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary): 48653 (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference): 48654 Add NO_RETURN_DUE_TO_ASSERT. 48655 486562011-08-12 Filip Pizlo <fpizlo@apple.com> 48657 48658 DFG JIT has inconsistent use of boxDouble and unboxDouble, 48659 inconsistent use of assertions regarding doubles, and those 48660 assertions are not turned on in debug builds 48661 https://bugs.webkit.org/show_bug.cgi?id=66160 48662 48663 Reviewed by Gavin Barraclough. 48664 48665 JIT assertions are now turned on in debug builds. JIT 48666 assertions are now used for boxing and unboxing doubles, and boxing 48667 and unboxing no longer involves code duplication. 48668 48669 * dfg/DFGJITCodeGenerator.cpp: 48670 (JSC::DFG::JITCodeGenerator::fillDouble): 48671 * dfg/DFGJITCodeGenerator.h: 48672 (JSC::DFG::JITCodeGenerator::boxDouble): 48673 (JSC::DFG::JITCodeGenerator::unboxDouble): 48674 * dfg/DFGJITCompiler.cpp: 48675 (JSC::DFG::JITCompiler::fillNumericToDouble): 48676 (JSC::DFG::GeneralizedRegister::moveTo): 48677 (JSC::DFG::GeneralizedRegister::swapWith): 48678 * dfg/DFGJITCompiler.h: 48679 (JSC::DFG::JITCompiler::boxDouble): 48680 (JSC::DFG::JITCompiler::unboxDouble): 48681 * dfg/DFGNode.h: 48682 * dfg/DFGNonSpeculativeJIT.cpp: 48683 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 48684 (JSC::DFG::NonSpeculativeJIT::compile): 48685 * dfg/DFGSpeculativeJIT.cpp: 48686 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 48687 (JSC::DFG::SpeculativeJIT::convertToDouble): 48688 486892011-08-12 Mark Rowe <mrowe@apple.com> 48690 48691 Be more forward-looking in the choice of compiler. 48692 48693 Rubber-stamped by Jon Honeycutt. 48694 48695 * Configurations/CompilerVersion.xcconfig: 48696 486972011-08-12 Kalev Lember <kalevlember@gmail.com> 48698 48699 [GTK] Fix non-pthreads build after r91906. 48700 https://bugs.webkit.org/show_bug.cgi?id=66151 48701 48702 Reviewed by David Levin. 48703 48704 r91906 broke the non-pthreads GTK+ build by including a header which 48705 doesn't exist. Fix it by including DateMath.h instead of DateMap.h. 48706 48707 * wtf/gtk/ThreadingGtk.cpp: 48708 487092011-08-12 Mark Rowe <mrowe@apple.com> 48710 48711 Update some configuration settings that were missed back in r92432. 48712 48713 * Configurations/CompilerVersion.xcconfig: 48714 487152011-08-12 Filip Pizlo <fpizlo@apple.com> 48716 48717 REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation: 48718 Matrix3D.invert) 48719 https://bugs.webkit.org/show_bug.cgi?id=66038 48720 48721 Reviewed by Gavin Barraclough. 48722 48723 Simplest and lowest-impact fix for the case where the spilled format 48724 of a DFG node differs from the register format: if the format is 48725 converted then indicate that the spilled value is no longer valid 48726 ("kill the spill"). 48727 48728 * dfg/DFGGenerationInfo.h: 48729 (JSC::DFG::GenerationInfo::killSpilled): 48730 * dfg/DFGJITCodeGenerator.cpp: 48731 (JSC::DFG::JITCodeGenerator::fillDouble): 48732 * dfg/DFGSpeculativeJIT.cpp: 48733 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 48734 487352011-08-12 Sam Weinig <sam@webkit.org> 48736 48737 Move compiler specific macros to their own header 48738 https://bugs.webkit.org/show_bug.cgi?id=66119 48739 48740 Reviewed by Anders Carlsson. 48741 48742 * JavaScriptCore.gypi: 48743 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 48744 * JavaScriptCore.xcodeproj/project.pbxproj: 48745 * wtf/CMakeLists.txt: 48746 Add Compiler.h 48747 48748 * wtf/AlwaysInline.h: 48749 Move the contents of this file (which no longer was just about ALWAYS_INLINE) to 48750 Compiler.h. We can remove this file in a later commit. 48751 48752 * wtf/Compiler.h: Added. 48753 Put all compiler specific checks and features in this file. 48754 48755 * wtf/Platform.h: 48756 Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature) 48757 to Compiler.h. Include Compiler.h since it is necessary. 48758 487592011-08-11 Filip Pizlo <fpizlo@apple.com> 48760 48761 DFG JIT-specific structure stub info code offset fields are signed 48762 8-bit, but it is possible for the offsets to be greater than 127 48763 https://bugs.webkit.org/show_bug.cgi?id=66122 48764 48765 Reviewed by Gavin Barraclough. 48766 48767 * bytecode/StructureStubInfo.h: 48768 * dfg/DFGJITCodeGenerator.cpp: 48769 (JSC::DFG::JITCodeGenerator::cachedGetById): 48770 (JSC::DFG::JITCodeGenerator::cachedPutById): 48771 487722011-08-11 Filip Pizlo <fpizlo@apple.com> 48773 48774 DFG JIT speculation failure code sometimes picks the wrong register 48775 as a scratch register. 48776 https://bugs.webkit.org/show_bug.cgi?id=66104 48777 48778 Reviewed by Gavin Barraclough. 48779 48780 Hardened the code with more assertions and fixed the bug. Now a 48781 spilled register is only used for scratch if it also isn't being 48782 used for shuffling. 48783 48784 * dfg/DFGJITCompiler.cpp: 48785 (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation): 48786 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 48787 487882011-08-11 Sheriff Bot <webkit.review.bot@gmail.com> 48789 48790 Unreviewed, rolling out r92880. 48791 http://trac.webkit.org/changeset/92880 48792 https://bugs.webkit.org/show_bug.cgi?id=66123 48793 48794 Breaks compile in VS2010 (Requested by jamesr_ on #webkit). 48795 48796 * wtf/PassRefPtr.h: 48797 487982011-08-11 Mark Rowe <mrowe@apple.com> 48799 48800 Don't conditionalize the use of -fomit-frame-pointer on compiler version as 48801 all of our supported compilers are now new enough to have the same, sane behavior. 48802 48803 Rubber-stamped by Sam Weinig. 48804 48805 * Configurations/JavaScriptCore.xcconfig: 48806 488072011-08-11 Filip Pizlo <fpizlo@apple.com> 48808 48809 DFG JIT verbose mode does not report the generated types of nodes 48810 https://bugs.webkit.org/show_bug.cgi?id=65830 48811 48812 Reviewed by Sam Weinig. 48813 48814 Added code that prints the type selected for each node's result. 48815 48816 * dfg/DFGGenerationInfo.h: 48817 (JSC::DFG::dataFormatToString): 48818 * dfg/DFGNonSpeculativeJIT.cpp: 48819 (JSC::DFG::NonSpeculativeJIT::compile): 48820 * dfg/DFGSpeculativeJIT.cpp: 48821 (JSC::DFG::SpeculativeJIT::compile): 48822 488232011-08-11 James Robinson <jamesr@chromium.org> 48824 48825 nullptr can't be used for PassRefPtr 48826 https://bugs.webkit.org/show_bug.cgi?id=66024 48827 48828 Reviewed by Anders Carlsson. 48829 48830 * wtf/PassRefPtr.h: 48831 (WTF::PassRefPtr::PassRefPtr): 48832 488332011-08-11 Daniel Bates <dbates@rim.com> 48834 48835 Removed unused variable in StackBounds::initialize() to resolve 48836 compiler warning when building on QNX. 48837 https://bugs.webkit.org/show_bug.cgi?id=66072 48838 48839 Reviewed by Antonio Gomes. 48840 48841 * wtf/StackBounds.cpp: 48842 (WTF::StackBounds::initialize): 48843 488442011-08-11 Devdatta Deshpande <pwjd73@motorola.com> 48845 48846 Implementation of monotonically increasing clock on GTK 48847 https://bugs.webkit.org/show_bug.cgi?id=62175 48848 48849 Reviewed by Martin Robinson. 48850 48851 * wtf/CurrentTime.cpp: 48852 (WTF::monotonicallyIncreasingTime): 48853 The default implementation of monotonicallyIncreasingTime only 48854 guarantees the result to be non-decreasing. 48855 If the system time is changed to past then default implementation will 48856 still fail and WebCore timers will not fire. 48857 488582011-08-10 Geoffrey Garen <ggaren@apple.com> 48859 48860 Removed some incorrect code that was dead. 48861 48862 Reviewed by Oliver Hunt. 48863 48864 clearSingleTransition() wasn't resetting m_data. Luckily, 48865 no one cares, because its caller was unused. Removed both. 48866 48867 * runtime/Structure.cpp: 48868 * runtime/StructureTransitionTable.h: 48869 (JSC::StructureTransitionTable::~StructureTransitionTable): 48870 488712011-08-10 Filip Pizlo <fpizlo@apple.com> 48872 48873 REGRESSION(r92670-r92744): WebKit crashes when opening Gmail 48874 https://bugs.webkit.org/show_bug.cgi?id=66010 48875 48876 Reviewed by Oliver Hunt. 48877 48878 Made sure that Construct calls use() on the this argument. 48879 48880 * dfg/DFGJITCodeGenerator.cpp: 48881 (JSC::DFG::JITCodeGenerator::emitCall): 48882 488832011-08-10 Mark Hahnenberg <mhahnenberg@apple.com> 48884 48885 JSC should always throw when function arg list is too long 48886 https://bugs.webkit.org/show_bug.cgi?id=65869 48887 48888 Reviewed by Oliver Hunt. 48889 48890 Changed the behavior of the interpreter and JIT to throw an exception 48891 when too many arguments are passed rather than truncating the list. Added 48892 a new method to create a "Too many arguments." exception used by this 48893 new functionality. 48894 48895 * interpreter/Interpreter.cpp: 48896 (JSC::Interpreter::privateExecute): 48897 * jit/JITStubs.cpp: 48898 (JSC::DEFINE_STUB_FUNCTION): 48899 * runtime/ExceptionHelpers.cpp: 48900 (JSC::createTooManyParamsError): 48901 * runtime/ExceptionHelpers.h: 48902 489032011-08-10 Oliver Hunt <oliver@apple.com> 48904 48905 Make GC checks more aggressive in release builds 48906 https://bugs.webkit.org/show_bug.cgi?id=66001 48907 48908 Reviewed by Gavin Barraclough. 48909 48910 * heap/HandleHeap.cpp: 48911 (JSC::HandleHeap::visitStrongHandles): 48912 (JSC::HandleHeap::visitWeakHandles): 48913 (JSC::HandleHeap::finalizeWeakHandles): 48914 (JSC::HandleHeap::writeBarrier): 48915 (JSC::HandleHeap::isLiveNode): 48916 (JSC::HandleHeap::isValidWeakNode): 48917 Increase handle heap validation logic, and make some of 48918 the crashes trigger in release builds as well as debug. 48919 * heap/HandleHeap.h: 48920 (JSC::HandleHeap::allocate): 48921 (JSC::HandleHeap::makeWeak): 48922 Ditto 48923 * runtime/JSGlobalData.cpp: 48924 (WTF::Recompiler::operator()): 48925 * runtime/JSGlobalObject.cpp: 48926 (JSC::JSGlobalObject::visitChildren): 48927 Fix GC bugs found while testing this patch 48928 489292011-08-10 Oliver Hunt <oliver@apple.com> 48930 48931 JSEvaluteScript does not return the correct object when given JSONP data 48932 https://bugs.webkit.org/show_bug.cgi?id=66003 48933 48934 Reviewed by Gavin Barraclough. 48935 48936 Make sure we propagate the result of the function call rather than the 48937 argument. 48938 48939 * interpreter/Interpreter.cpp: 48940 (JSC::Interpreter::execute): 48941 489422011-08-10 Filip Pizlo <fpizlo@apple.com> 48943 48944 DFG JIT heap prediction causes regressions when combined with 48945 aggressive integer prediction 48946 https://bugs.webkit.org/show_bug.cgi?id=65954 48947 48948 Reviewed by Gavin Barraclough. 48949 48950 Disabled heap prediction, but did not remove the capability. 48951 This improves V8 crypto performance by 20%. 48952 48953 * dfg/DFGGraph.h: 48954 (JSC::DFG::Graph::predict): 48955 489562011-08-09 Filip Pizlo <fpizlo@apple.com> 48957 48958 DFG JIT does not speculative integers as aggressively as it should 48959 https://bugs.webkit.org/show_bug.cgi?id=65949 48960 48961 Reviewed by Gavin Barraclough. 48962 48963 Added a tree walk to propagate integer predictions through arithmetic 48964 expressions. 48965 48966 This is a 71% speed-up on Kraken's imaging-gaussian-blur, which 48967 translates to a 19% speed-up on Kraken overall. It's neutral on 48968 other benchmarks. 48969 48970 * dfg/DFGByteCodeParser.cpp: 48971 (JSC::DFG::ByteCodeParser::predictInt32): 48972 489732011-08-09 Filip Pizlo <fpizlo@apple.com> 48974 48975 DFG JIT has no way of propagating predictions to loads and calls 48976 https://bugs.webkit.org/show_bug.cgi?id=65883 48977 48978 Reviewed by Gavin Barraclough. 48979 48980 This introduces the capability to store predictions on graph 48981 nodes. To save space while being somewhat consistent, the 48982 prediction is always stored in the second OpInfo slot (since 48983 a GetById will use the first one for the identifier). This 48984 change is a natural extension of r92593 (global variable 48985 prediction). 48986 48987 This is a 1.5% win on V8 in the arithmetic mean, and a 0.6% 48988 win on V8 in the geometric mean. It is neutral on SunSpider 48989 and Kraken. Interestingly, on V8 it regresses crypto by 3% 48990 while progressing deltablue and richards by 2.6% and 4.3%, 48991 respectively. 48992 48993 * dfg/DFGByteCodeParser.cpp: 48994 (JSC::DFG::ByteCodeParser::addToGraph): 48995 (JSC::DFG::ByteCodeParser::addCall): 48996 (JSC::DFG::ByteCodeParser::parseBlock): 48997 * dfg/DFGGraph.cpp: 48998 (JSC::DFG::Graph::dump): 48999 * dfg/DFGGraph.h: 49000 (JSC::DFG::Graph::predict): 49001 (JSC::DFG::Graph::getPrediction): 49002 * dfg/DFGNode.h: 49003 (JSC::DFG::isCellPrediction): 49004 (JSC::DFG::isArrayPrediction): 49005 (JSC::DFG::isInt32Prediction): 49006 (JSC::DFG::isDoublePrediction): 49007 (JSC::DFG::isNumberPrediction): 49008 (JSC::DFG::predictionToString): 49009 (JSC::DFG::Node::Node): 49010 (JSC::DFG::Node::hasPrediction): 49011 (JSC::DFG::Node::getPrediction): 49012 (JSC::DFG::Node::predict): 49013 490142011-08-09 Filip Pizlo <fpizlo@apple.com> 49015 49016 DFG JIT passes the this argument to constructors even though 49017 it's not necessary 49018 https://bugs.webkit.org/show_bug.cgi?id=65943 49019 49020 Reviewed by Gavin Barraclough. 49021 49022 * dfg/DFGJITCodeGenerator.cpp: 49023 (JSC::DFG::JITCodeGenerator::emitCall): 49024 490252011-08-09 Chao-ying Fu <fu@mips.com> 49026 49027 Fix one MIPS instruction to call JITStubThunked_##op 49028 https://bugs.webkit.org/show_bug.cgi?id=65942 49029 49030 Reviewed by Gavin Barraclough. 49031 49032 Changed "bal" to "jalr" for a possible processor mode change from 49033 MIPS32 to MIPS16. 49034 49035 * jit/JITStubs.cpp: 49036 490372011-08-09 Filip Pizlo <fpizlo@apple.com> 49038 49039 DFG JIT failure loading web site 49040 https://bugs.webkit.org/show_bug.cgi?id=65930 49041 49042 Reviewed by Oliver Hunt. 49043 49044 Put the use() call after the fpr()/gpr() calls, since doing otherwise 49045 breaks the register allocator. 49046 49047 * dfg/DFGNonSpeculativeJIT.cpp: 49048 (JSC::DFG::NonSpeculativeJIT::compile): 49049 490502011-08-09 Mark Hahnenberg <mhahnenberg@apple.com> 49051 49052 Add ParentClass typedef in all JSC classes 49053 https://bugs.webkit.org/show_bug.cgi?id=65731 49054 49055 Reviewed by Oliver Hunt. 49056 49057 Just added the Base typedefs in all the classes that are a subclass of JSCell 49058 to point at their parent classes. This is a change to support future changes to the way 49059 constructors and destructors are implemented in JS objects, among other things. 49060 49061 * API/JSCallbackConstructor.h: 49062 * API/JSCallbackFunction.h: 49063 * API/JSCallbackObject.h: 49064 (JSC::JSCallbackObject::createStructure): 49065 (JSC::JSCallbackObject::visitChildren): 49066 * API/JSCallbackObjectFunctions.h: 49067 (JSC::::asCallbackObject): 49068 (JSC::::JSCallbackObject): 49069 (JSC::::init): 49070 (JSC::::className): 49071 (JSC::::getOwnPropertySlot): 49072 (JSC::::getOwnPropertyDescriptor): 49073 (JSC::::put): 49074 (JSC::::deleteProperty): 49075 (JSC::::getConstructData): 49076 (JSC::::construct): 49077 (JSC::::hasInstance): 49078 (JSC::::getCallData): 49079 (JSC::::call): 49080 (JSC::::getOwnPropertyNames): 49081 (JSC::::toNumber): 49082 (JSC::::toString): 49083 (JSC::::setPrivate): 49084 (JSC::::getPrivate): 49085 (JSC::::inherits): 49086 (JSC::::getStaticValue): 49087 (JSC::::staticFunctionGetter): 49088 (JSC::::callbackGetter): 49089 * debugger/DebuggerActivation.h: 49090 * jsc.cpp: 49091 * runtime/Arguments.h: 49092 * runtime/ArrayConstructor.h: 49093 * runtime/ArrayPrototype.h: 49094 * runtime/BooleanConstructor.h: 49095 * runtime/BooleanObject.h: 49096 * runtime/BooleanPrototype.h: 49097 * runtime/DateConstructor.h: 49098 * runtime/DateInstance.h: 49099 * runtime/DatePrototype.h: 49100 * runtime/Error.cpp: 49101 * runtime/ErrorConstructor.h: 49102 * runtime/ErrorInstance.h: 49103 * runtime/ErrorPrototype.h: 49104 * runtime/ExceptionHelpers.cpp: 49105 * runtime/Executable.h: 49106 * runtime/FunctionConstructor.h: 49107 * runtime/FunctionPrototype.h: 49108 * runtime/GetterSetter.h: 49109 * runtime/InternalFunction.h: 49110 * runtime/JSAPIValueWrapper.h: 49111 * runtime/JSActivation.h: 49112 * runtime/JSArray.h: 49113 * runtime/JSFunction.h: 49114 * runtime/JSGlobalObject.h: 49115 * runtime/JSNotAnObject.h: 49116 * runtime/JSONObject.h: 49117 * runtime/JSObject.h: 49118 * runtime/JSPropertyNameIterator.h: 49119 * runtime/JSStaticScopeObject.h: 49120 * runtime/JSString.h: 49121 * runtime/JSVariableObject.h: 49122 * runtime/JSWrapperObject.h: 49123 * runtime/MathObject.h: 49124 * runtime/NativeErrorConstructor.h: 49125 * runtime/NativeErrorPrototype.h: 49126 * runtime/NumberConstructor.h: 49127 * runtime/NumberObject.h: 49128 * runtime/NumberPrototype.h: 49129 * runtime/ObjectConstructor.h: 49130 * runtime/ObjectPrototype.h: 49131 * runtime/RegExp.h: 49132 * runtime/RegExpConstructor.h: 49133 * runtime/RegExpMatchesArray.h: 49134 * runtime/RegExpObject.h: 49135 (JSC::RegExpObject::create): 49136 * runtime/RegExpPrototype.h: 49137 * runtime/ScopeChain.h: 49138 * runtime/StrictEvalActivation.h: 49139 * runtime/StringConstructor.h: 49140 * runtime/StringObject.h: 49141 * runtime/StringObjectThatMasqueradesAsUndefined.h: 49142 * runtime/StringPrototype.h: 49143 * runtime/Structure.h: 49144 * runtime/StructureChain.h: 49145 491462011-08-08 Oliver Hunt <oliver@apple.com> 49147 49148 Using mprotect to create guard pages breaks our use of madvise to release executable memory 49149 https://bugs.webkit.org/show_bug.cgi?id=65870 49150 49151 Reviewed by Gavin Barraclough. 49152 49153 Use mmap rather than mprotect to clear guard page permissions. 49154 49155 * wtf/OSAllocatorPosix.cpp: 49156 (WTF::OSAllocator::reserveAndCommit): 49157 491582011-08-08 Oliver Hunt <oliver@apple.com> 49159 49160 Non-extensibility does not prevent mutating [[Prototype]] 49161 https://bugs.webkit.org/show_bug.cgi?id=65832 49162 49163 Reviewed by Gavin Barraclough. 49164 49165 Disallow mutation of __proto__ on objects that are not extensible. 49166 49167 * runtime/JSObject.cpp: 49168 (JSC::JSObject::put): 49169 491702011-08-08 Filip Pizlo <fpizlo@apple.com> 49171 49172 DFG JIT does not track speculation decisions for global variables 49173 https://bugs.webkit.org/show_bug.cgi?id=65825 49174 49175 Reviewed by Gavin Barraclough. 49176 49177 Added the capability to track predictions for global variables, and 49178 ensured that code can abstract over the source of prediction (local 49179 versus global variable) wherever it is appropriate to do so. Also 49180 cleaned up the code in SpeculativeJIT that decides how to speculate 49181 based on recorded predictions (for example instead of using isInteger, 49182 which makes sense for local predictions where the GetLocal would 49183 return an integer value, we now tend to use shouldSpeculateInteger, 49184 which checks if the value is either already an integer or should be 49185 speculated to be an integer). 49186 49187 This is an 0.8% win on SunSpider, almost entirely thanks to a 25% 49188 win on controlflow-recursive. It's also a 4.8% win on v8-crypto. 49189 49190 * dfg/DFGByteCodeParser.cpp: 49191 (JSC::DFG::ByteCodeParser::predictArray): 49192 (JSC::DFG::ByteCodeParser::predictInt32): 49193 (JSC::DFG::ByteCodeParser::parseBlock): 49194 * dfg/DFGGraph.cpp: 49195 (JSC::DFG::Graph::dump): 49196 * dfg/DFGGraph.h: 49197 (JSC::DFG::Graph::predictGlobalVar): 49198 (JSC::DFG::Graph::predict): 49199 (JSC::DFG::Graph::getGlobalVarPrediction): 49200 (JSC::DFG::Graph::getPrediction): 49201 * dfg/DFGSpeculativeJIT.cpp: 49202 (JSC::DFG::SpeculativeJIT::compile): 49203 * dfg/DFGSpeculativeJIT.h: 49204 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): 49205 (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble): 49206 492072011-08-07 Martin Robinson <mrobinson@igalia.com> 49208 49209 Distribution fix for GTK+. 49210 49211 * GNUmakefile.list.am: Strip removed files from the source list. 49212 492132011-08-06 Gavin Barraclough <barraclough@apple.com> 49214 49215 https://bugs.webkit.org/show_bug.cgi?id=65821 49216 Don't form identifiers the first time a string is used as a property name. 49217 49218 Reviewed by Oliver Hunt. 49219 49220 This is a 1% win on SunSpider. 49221 49222 * dfg/DFGOperations.cpp: 49223 - Use fastGetOwnProperty. 49224 * jit/JITStubs.cpp: 49225 (JSC::DEFINE_STUB_FUNCTION): 49226 - Use fastGetOwnProperty. 49227 * runtime/JSCell.h: 49228 * runtime/JSObject.h: 49229 (JSC::JSCell::fastGetOwnProperty): 49230 - Fast call to get a property without creating an identifier the first time. 49231 * runtime/PropertyMapHashTable.h: 49232 (JSC::PropertyTable::find): 49233 (JSC::PropertyTable::findWithString): 49234 - Add interface to look up by either strinsg or identifiers. 49235 * runtime/Structure.h: 49236 (JSC::Structure::get): 49237 - Add a get() call that takes a UString, not an Identifier. 49238 * wtf/text/StringImpl.h: 49239 (WTF::StringImpl::hasHash): 49240 - Add a call to check if the has has been set (to detect the first use as a property name). 49241 492422011-08-06 Aron Rosenberg <arosenberg@logitech.com> 49243 49244 Reviewed by Benjamin Poulain. 49245 49246 [Qt] Fix build with Intel compiler on Windows 49247 https://bugs.webkit.org/show_bug.cgi?id=65088 49248 49249 Intel compiler needs .lib suffixes instead of .a 49250 Intel compiler doesn't support nullptr 49251 Intel compiler supports unsized arrays 49252 49253 * JavaScriptCore.pri: 49254 * jsc.cpp: 49255 * wtf/ByteArray.h: 49256 * wtf/NullPtr.h: 49257 492582011-08-05 Gavin Barraclough <barraclough@apple.com> 49259 49260 String replace with the empty string means string removal 49261 https://bugs.webkit.org/show_bug.cgi?id=65799 49262 49263 Reviewed by Sam Weinig. 49264 49265 Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%. 49266 49267 * runtime/StringPrototype.cpp: 49268 (JSC::jsSpliceSubstrings): 49269 (JSC::stringProtoFuncReplace): 49270 492712011-08-05 Noel Gordon <noel.gordon@gmail.com> 49272 49273 [Chromium] Remove JSZombie references from gyp project files. 49274 https://bugs.webkit.org/show_bug.cgi?id=65798 49275 49276 JSC runtime/JSZombie.{cpp,h} were removed in r92046. Remove references to these 49277 file names from the gyp projects. 49278 49279 Reviewed by Darin Adler. 49280 49281 * JavaScriptCore.gypi: zombies be gone. 49282 492832011-08-05 Mark Rowe <mrowe@apple.com> 49284 49285 <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object 49286 is tied to a particular dispatch queue 49287 49288 A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier 49289 with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier 49290 to ensure that all operations are performed on the given dispatch queue. 49291 49292 Reviewed by Anders Carlsson. 49293 49294 * wtf/RefCounted.h: 49295 (WTF::RefCountedBase::setDispatchQueueForVerifier): 49296 * wtf/ThreadRestrictionVerifier.h: 49297 (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier): 49298 (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier): 49299 (WTF::ThreadRestrictionVerifier::setDispatchQueueMode): 49300 (WTF::ThreadRestrictionVerifier::setShared): 49301 (WTF::ThreadRestrictionVerifier::isSafeToUse): 49302 493032011-08-05 Oliver Hunt <oliver@apple.com> 49304 49305 Inline allocation of function objects 49306 https://bugs.webkit.org/show_bug.cgi?id=65779 49307 49308 Reviewed by Gavin Barraclough. 49309 49310 Inline allocation and initilisation of function objects 49311 in generated code. This ended up being a 60-70% improvement 49312 in function allocation performance. This improvement shows 49313 up as a ~2% improvement in 32bit sunspider and V8, but is a 49314 wash on 64-bit. 49315 49316 We currently don't inline the allocation of named function 49317 expressions, as that requires being able to gc allocate a 49318 variable object. 49319 49320 * jit/JIT.cpp: 49321 (JSC::JIT::privateCompileSlowCases): 49322 * jit/JIT.h: 49323 (JSC::JIT::emitStoreCell): 49324 * jit/JITInlineMethods.h: 49325 (JSC::JIT::emitAllocateBasicJSObject): 49326 (JSC::JIT::emitAllocateJSFinalObject): 49327 (JSC::JIT::emitAllocateJSFunction): 49328 * jit/JITOpcodes.cpp: 49329 (JSC::JIT::emit_op_new_func): 49330 (JSC::JIT::emitSlow_op_new_func): 49331 (JSC::JIT::emit_op_new_func_exp): 49332 (JSC::JIT::emitSlow_op_new_func_exp): 49333 * jit/JITOpcodes32_64.cpp: 49334 Removed duplicate implementation of op_new_func and op_new_func_exp 49335 * runtime/JSFunction.h: 49336 (JSC::JSFunction::offsetOfScopeChain): 49337 (JSC::JSFunction::offsetOfExecutable): 49338 493392011-08-04 David Levin <levin@chromium.org> 49340 49341 CStringBuffer should have thread safety checks turned on. 49342 https://bugs.webkit.org/show_bug.cgi?id=58093 49343 49344 Reviewed by Dmitry Titov. 49345 49346 * wtf/text/CString.h: 49347 (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that 49348 turned this off for Chromium. 49349 493502011-08-04 Mark Rowe <mrowe@apple.com> 49351 49352 Future-proof Xcode configuration settings. 49353 49354 * Configurations/Base.xcconfig: 49355 * Configurations/DebugRelease.xcconfig: 49356 * Configurations/JavaScriptCore.xcconfig: 49357 * Configurations/Version.xcconfig: 49358 493592011-08-04 Mark Hahnenberg <mhahnenberg@apple.com> 49360 49361 Interpreter can potentially GC in the middle of initializing a structure chain 49362 https://bugs.webkit.org/show_bug.cgi?id=65638 49363 49364 Reviewed by Oliver Hunt. 49365 49366 Moved the allocation of a prototype StructureChain before the initialization of 49367 the structure chain within the interpreter that was causing intermittent GC crashes. 49368 49369 * interpreter/Interpreter.cpp: 49370 (JSC::Interpreter::tryCachePutByID): 49371 * wtf/Platform.h: 49372 493732011-08-04 Filip Pizlo <fpizlo@apple.com> 49374 49375 Eval handling attempts literal parsing even when the eval 49376 string is in the cache 49377 https://bugs.webkit.org/show_bug.cgi?id=65675 49378 49379 Reviewed by Oliver Hunt. 49380 49381 This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall 49382 in SunSpider. It's neutral on V8. 49383 49384 * bytecode/EvalCodeCache.h: 49385 (JSC::EvalCodeCache::tryGet): 49386 (JSC::EvalCodeCache::getSlow): 49387 (JSC::EvalCodeCache::get): 49388 * interpreter/Interpreter.cpp: 49389 (JSC::Interpreter::callEval): 49390 493912011-08-03 Mark Rowe <mrowe@apple.com> 49392 49393 Bring some order to FeatureDefines.xcconfig to make it easier to follow. 49394 49395 Reviewed by Sam Weinig. 49396 49397 * Configurations/FeatureDefines.xcconfig: 49398 493992011-08-03 Mark Rowe <mrowe@apple.com> 49400 49401 Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings 49402 49403 Reviewed by Dave Kilzer. 49404 49405 * Configurations/FeatureDefines.xcconfig: 49406 494072011-08-03 Filip Pizlo <fpizlo@apple.com> 49408 49409 JSC GC heap size improvement breaks build on some platforms due to 49410 unused parameter 49411 https://bugs.webkit.org/show_bug.cgi?id=65641 49412 49413 Reviewed by Darin Adler. 49414 49415 Fix build on non-x86 platforms, by ensuring that the relevant 49416 parameter always appears to be used even when it isn't. 49417 49418 * heap/Heap.cpp: 49419 494202011-08-03 Carlos Garcia Campos <cgarcia@igalia.com> 49421 49422 [GTK] Reorganize pkg-config files 49423 https://bugs.webkit.org/show_bug.cgi?id=65548 49424 49425 Reviewed by Martin Robinson. 49426 49427 * GNUmakefile.am: 49428 * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in. 49429 494302011-08-01 David Levin <levin@chromium.org> 49431 49432 Add asserts to RefCounted to make sure ref/deref happens on the right thread. 49433 https://bugs.webkit.org/show_bug.cgi?id=31639 49434 49435 Reviewed by Dmitry Titov. 49436 49437 * GNUmakefile.list.am: Added new files to the build. 49438 * JavaScriptCore.gypi: Ditto. 49439 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto. 49440 * JavaScriptCore.xcodeproj/project.pbxproj: Ditto. 49441 * jit/ExecutableAllocator.h: 49442 (JSC::ExecutablePool::ExecutablePool): Turned off checks for this 49443 due to not being able to figure out what was guarding it (bug 58091). 49444 * parser/SourceProvider.h: 49445 (JSC::SourceProvider::SourceProvider): Ditto. 49446 * wtf/CMakeLists.txt: Added new files to the build. 49447 * wtf/ThreadRestrictionVerifier.h: Added. 49448 Everything is done in the header to avoid the issue with exports 49449 that are only useful in debug but still needing to export them. 49450 * wtf/RefCounted.h: 49451 (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier. 49452 and filed bug 58171 about making it stricter. 49453 (WTF::RefCountedBase::hasOneRef): Ditto. 49454 (WTF::RefCountedBase::refCount): Ditto. 49455 (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based 49456 on a mutex. This is in the header to avoid adding more exports from JavaScriptCore. 49457 (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification. 49458 Filed bug 58174 to remove this method. 49459 (WTF::RefCountedBase::derefBase): 49460 * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted. 49461 * wtf/text/CString.h: 49462 (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being 49463 done in Chromium (bug 58093). 49464 494652011-08-02 Filip Pizlo <fpizlo@apple.com> 49466 49467 JSC GC may not be able to reuse partially-free blocks after a 49468 full collection 49469 https://bugs.webkit.org/show_bug.cgi?id=65585 49470 49471 Reviewed by Darin Adler. 49472 49473 This fixes the linked list management bug. This fix is performance 49474 neutral on SunSpider. 49475 49476 * heap/NewSpace.cpp: 49477 (JSC::NewSpace::removeBlock): 49478 494792011-07-30 Oliver Hunt <oliver@apple.com> 49480 49481 Simplify JSFunction creation for functions written in JS 49482 https://bugs.webkit.org/show_bug.cgi?id=65422 49483 49484 Reviewed by Gavin Barraclough. 49485 49486 Remove hash lookups used to write name property and transition 49487 function structure by caching the resultant structure and property 49488 offset in JSGlobalObject. This doesn't impact performance, but 49489 we can use this change to make other improvements later. 49490 49491 * runtime/Executable.cpp: 49492 (JSC::FunctionExecutable::FunctionExecutable): 49493 * runtime/Executable.h: 49494 (JSC::ScriptExecutable::ScriptExecutable): 49495 (JSC::FunctionExecutable::jsName): 49496 * runtime/JSFunction.cpp: 49497 (JSC::JSFunction::JSFunction): 49498 * runtime/JSGlobalObject.cpp: 49499 (JSC::JSGlobalObject::reset): 49500 * runtime/JSGlobalObject.h: 49501 (JSC::JSGlobalObject::namedFunctionStructure): 49502 (JSC::JSGlobalObject::functionNameOffset): 49503 495042011-08-02 Filip Pizlo <fpizlo@apple.com> 49505 49506 JSC GC uses dummy cells to avoid having to remember which cells 49507 it has already destroyed 49508 https://bugs.webkit.org/show_bug.cgi?id=65556 49509 49510 Reviewed by Oliver Hunt. 49511 49512 This gets rid of dummy cells, and ensures that it's not necessary 49513 to invoke a destructor on cells that have already been swept. In 49514 the common case, a block knows that either all of its free cells 49515 still need to have destructors called, or none of them do, which 49516 minimizes the amount of branching that needs to happen per cell 49517 when performing a sweep. 49518 49519 This is performance neutral on SunSpider and V8. It is meant as 49520 a stepping stone to simplify the implementation of more 49521 sophisticated sweeping algorithms. 49522 49523 * heap/Heap.cpp: 49524 (JSC::CountFunctor::ClearMarks::operator()): 49525 * heap/MarkedBlock.cpp: 49526 (JSC::MarkedBlock::initForCellSize): 49527 (JSC::MarkedBlock::callDestructor): 49528 (JSC::MarkedBlock::specializedReset): 49529 (JSC::MarkedBlock::reset): 49530 (JSC::MarkedBlock::specializedSweep): 49531 (JSC::MarkedBlock::sweep): 49532 (JSC::MarkedBlock::produceFreeList): 49533 (JSC::MarkedBlock::lazySweep): 49534 (JSC::MarkedBlock::blessNewBlockForFastPath): 49535 (JSC::MarkedBlock::blessNewBlockForSlowPath): 49536 (JSC::MarkedBlock::canonicalizeBlock): 49537 * heap/MarkedBlock.h: 49538 (JSC::MarkedBlock::FreeCell::setNoObject): 49539 (JSC::MarkedBlock::setDestructorState): 49540 (JSC::MarkedBlock::destructorState): 49541 (JSC::MarkedBlock::notifyMayHaveFreshFreeCells): 49542 * runtime/JSCell.cpp: 49543 * runtime/JSCell.h: 49544 (JSC::JSCell::JSCell::JSCell): 49545 * runtime/JSGlobalData.cpp: 49546 (JSC::JSGlobalData::JSGlobalData): 49547 (JSC::JSGlobalData::clearBuiltinStructures): 49548 * runtime/JSGlobalData.h: 49549 * runtime/Structure.h: 49550 495512011-08-01 Michael Saboff <msaboff@apple.com> 49552 49553 Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors 49554 https://bugs.webkit.org/show_bug.cgi?id=65502 49555 49556 Reviewed by Anders Carlsson. 49557 49558 With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail, 49559 added an assert to the return code of madvise to catch any regressions. 49560 49561 * wtf/TCSystemAlloc.cpp: 49562 (TCMalloc_SystemRelease): 49563 495642011-08-02 Anders Carlsson <andersca@apple.com> 49565 49566 Fix Windows build. 49567 49568 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 49569 495702011-08-02 Anders Carlsson <andersca@apple.com> 49571 49572 Fix a Windows build error. 49573 49574 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 49575 495762011-08-02 Filip Pizlo <fpizlo@apple.com> 49577 49578 JSC GC is far too conservative about growing the heap size, particularly 49579 on desktop platforms 49580 https://bugs.webkit.org/show_bug.cgi?id=65438 49581 49582 Reviewed by Oliver Hunt. 49583 49584 The minimum heap size is now 16MB instead of 512KB, provided all of the 49585 following are true: 49586 a) ENABLE(LARGE_HEAP) is set, which currently only happens on 49587 x86 targets, but could reasonably happen on any platform that is 49588 known to have a decent amount of RAM. 49589 b) JSGlobalData is initialized with HeapSize = LargeHeap, which 49590 currently only happens when it's the JSDOMWindowBase in WebCore or 49591 in the jsc command-line tool. 49592 49593 This is a 4.1% speed-up on SunSpider. 49594 49595 * JavaScriptCore.exp: 49596 * heap/Heap.cpp: 49597 (JSC::Heap::Heap): 49598 (JSC::Heap::collect): 49599 * heap/Heap.h: 49600 * jsc.cpp: 49601 (main): 49602 * runtime/JSGlobalData.cpp: 49603 (JSC::JSGlobalData::JSGlobalData): 49604 (JSC::JSGlobalData::createContextGroup): 49605 (JSC::JSGlobalData::create): 49606 (JSC::JSGlobalData::createLeaked): 49607 (JSC::JSGlobalData::sharedInstance): 49608 * runtime/JSGlobalData.h: 49609 * wtf/Platform.h: 49610 496112011-08-02 Filip Pizlo <fpizlo@apple.com> 49612 49613 JSC does a GC even when the heap still has free pages 49614 https://bugs.webkit.org/show_bug.cgi?id=65445 49615 49616 Reviewed by Oliver Hunt. 49617 49618 If the high watermark is not reached, then we allocate new blocks as 49619 before. If the current watermark does reach (or exceed) the high 49620 watermark, then we check if there is a block on the free block pool. 49621 If there is, we simply allocation from it. If there isn't, we 49622 invoke a collectin as before. This effectively couples the elastic 49623 scavenging to the collector's decision function. That is, if an 49624 application rapidly varies its heap usage (sometimes using more and 49625 sometimes less) then the collector will not thrash as it used to. 49626 But if heap usage drops and stays low then the scavenger thread and 49627 the GC will eventually reach a kind of consensus: the GC will set 49628 the watermark low because of low heap usage, and the scavenger thread 49629 will steadily eliminate pages from the free page pool, until the size 49630 of the free pool is below the high watermark. 49631 49632 On command-line, this is neutral on SunSpider and Kraken and a 3% win 49633 on V8. In browser, this is a 1% win on V8 and neutral on the other 49634 two. 49635 49636 * heap/Heap.cpp: 49637 (JSC::Heap::allocateSlowCase): 49638 (JSC::Heap::allocateBlock): 49639 * heap/Heap.h: 49640 496412011-08-02 Jeff Miller <jeffm@apple.com> 49642 49643 Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h 49644 https://bugs.webkit.org/show_bug.cgi?id=65552 49645 49646 Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h. 49647 49648 Reviewed by Adam Roben. 49649 49650 * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION. 49651 496522011-08-01 Jean-luc Brouillet <jeanluc@chromium.org> 49653 49654 Removing old source files in gyp files that slow build 49655 https://bugs.webkit.org/show_bug.cgi?id=65503 49656 49657 Reviewed by Adam Barth. 49658 49659 A number of stale files are listed in the gyp files. These slow the 49660 build on Visual Studio 2010. Removing them. 49661 49662 * JavaScriptCore.gypi: 49663 496642011-07-14 David Levin <levin@chromium.org> 49665 49666 currentThread is too slow! 49667 https://bugs.webkit.org/show_bug.cgi?id=64577 49668 49669 Reviewed by Darin Adler and Dmitry Titov. 49670 49671 The problem is that currentThread results in a pthread_once call which always takes a lock. 49672 With this change, currentThread is 10% faster than isMainThread in release mode and only 49673 5% slower than isMainThread in debug. 49674 49675 * wtf/ThreadIdentifierDataPthreads.cpp: 49676 (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff 49677 which is no longer needed because this is called from initializeThreading(). 49678 (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because 49679 intialization of the pthread key should already be done. 49680 (WTF::ThreadIdentifierData::initialize): Ditto. 49681 * wtf/ThreadIdentifierDataPthreads.h: 49682 * wtf/ThreadingPthreads.cpp: 49683 (WTF::initializeThreading): Acquire the pthread key here. 49684 496852011-08-01 Filip Pizlo <fpizlo@apple.com> 49686 49687 DFG JIT sometimes creates speculation check data structures that have 49688 invalid information about the format of a register 49689 https://bugs.webkit.org/show_bug.cgi?id=65490 49690 49691 Reviewed by Gavin Barraclough. 49692 49693 The code now makes sure to (1) always have correct and up-to-date 49694 information about register format at the time that a speculation 49695 check is emitted, (2) assert that speculation data is correct 49696 inside the speculation check implementation, and (3) avoid creating 49697 speculation data altogether if compilation has already failed, since 49698 at that point the format data is almost guaranteed to be bogus. 49699 49700 * dfg/DFGNonSpeculativeJIT.cpp: 49701 (JSC::DFG::EntryLocation::EntryLocation): 49702 * dfg/DFGSpeculativeJIT.cpp: 49703 (JSC::DFG::SpeculationCheck::SpeculationCheck): 49704 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 49705 (JSC::DFG::SpeculativeJIT::compile): 49706 * dfg/DFGSpeculativeJIT.h: 49707 (JSC::DFG::SpeculativeJIT::speculationCheck): 49708 497092011-08-01 Filip Pizlo <fpizlo@apple.com> 49710 49711 REGRESSION(r92092): Build fails on 64 bit 49712 https://bugs.webkit.org/show_bug.cgi?id=65458 49713 49714 Reviewed by Oliver Hunt. 49715 49716 The build was broken because some compilers were smart enough to see 49717 an array index out of bounds due to the decision fuction for when to 49718 go from precise size classes to imprecise size classes being broken: 49719 it would assume that sizes in the range 97..128 belonged to a precise 49720 size class when in fact they belonged to an imprecise one. 49721 49722 In fact, the code would have run correctly, by way of a fluke, because 49723 though the 4th precise size class (for 97..128) didn't exist, the next 49724 array over from m_preciseSizeClasses was m_impreciseSizeClasses, and 49725 its first entry would have been a size class that is appropriate for 49726 allocations in the range 97..128. However, this relies on specific 49727 ordering of fields in NewSpace, so it's still a bug. 49728 49729 This fixes the bug by ensuring that allocations larger than 96 use 49730 the imprecise size classes. 49731 49732 * heap/NewSpace.h: 49733 (JSC::NewSpace::sizeClassFor): 49734 497352011-07-31 Gavin Barraclough <barraclough@apple.com> 49736 49737 https://bugs.webkit.org/show_bug.cgi?id=64679 49738 Fix bugs in Array.prototype this handling. 49739 49740 Unreviewed - rolling out r91290. 49741 49742 Looks like the wild wild web isn't ready for this yet. 49743 49744 This change broke http://slides.html5rocks.com/#landing-slide. 49745 Interestingly, this might only be due to our lack of bind support - 49746 it looks like this site is calling Array.prototype.slice as a part 49747 of its bind implementation. 49748 49749 * runtime/ArrayPrototype.cpp: 49750 (JSC::arrayProtoFuncJoin): 49751 (JSC::arrayProtoFuncConcat): 49752 (JSC::arrayProtoFuncPop): 49753 (JSC::arrayProtoFuncPush): 49754 (JSC::arrayProtoFuncReverse): 49755 (JSC::arrayProtoFuncShift): 49756 (JSC::arrayProtoFuncSlice): 49757 (JSC::arrayProtoFuncSort): 49758 (JSC::arrayProtoFuncSplice): 49759 (JSC::arrayProtoFuncUnShift): 49760 (JSC::arrayProtoFuncFilter): 49761 (JSC::arrayProtoFuncMap): 49762 (JSC::arrayProtoFuncEvery): 49763 (JSC::arrayProtoFuncForEach): 49764 (JSC::arrayProtoFuncSome): 49765 (JSC::arrayProtoFuncReduce): 49766 (JSC::arrayProtoFuncReduceRight): 49767 (JSC::arrayProtoFuncIndexOf): 49768 (JSC::arrayProtoFuncLastIndexOf): 49769 497702011-07-31 Filip Pizlo <fpizlo@apple.com> 49771 49772 JSC GC lays out size classes under wrong assumptions about expected 49773 object size. 49774 https://bugs.webkit.org/show_bug.cgi?id=65437 49775 49776 Reviewed by Oliver Hunt. 49777 49778 Changed the atom size - which is both the smallest allocation size and 49779 the smallest possible stepping unit for size class spacing - from 49780 8 bytes to 4 pointer-size words. This is a 1% win on SunSpider. 49781 49782 * heap/MarkedBlock.h: 49783 497842011-07-31 Filip Pizlo <fpizlo@apple.com> 49785 49786 DFG non-speculative JIT does not optimize PutByVal 49787 https://bugs.webkit.org/show_bug.cgi?id=65424 49788 49789 Reviewed by Gavin Barraclough. 49790 49791 Added code to emit PutByVal inline fast path. 49792 49793 * dfg/DFGNonSpeculativeJIT.cpp: 49794 (JSC::DFG::NonSpeculativeJIT::compile): 49795 497962011-07-31 Filip Pizlo <fpizlo@apple.com> 49797 49798 The JSC garbage collector returns memory to the operating system too 49799 eagerly. 49800 https://bugs.webkit.org/show_bug.cgi?id=65382 49801 49802 Reviewed by Oliver Hunt. 49803 49804 This introduces a memory reuse model similar to the one in FastMalloc. 49805 A periodic scavenger thread runs in the background and returns half the 49806 free memory to the OS on each timer fire. New block allocations first 49807 attempt to get the memory from the collector's internal pool, reverting 49808 to OS allocation only when this pool is empty. 49809 49810 * heap/Heap.cpp: 49811 (JSC::Heap::Heap): 49812 (JSC::Heap::~Heap): 49813 (JSC::Heap::destroy): 49814 (JSC::Heap::waitForRelativeTimeWhileHoldingLock): 49815 (JSC::Heap::waitForRelativeTime): 49816 (JSC::Heap::blockFreeingThreadStartFunc): 49817 (JSC::Heap::blockFreeingThreadMain): 49818 (JSC::Heap::allocateBlock): 49819 (JSC::Heap::freeBlocks): 49820 (JSC::Heap::releaseFreeBlocks): 49821 * heap/Heap.h: 49822 * heap/MarkedBlock.cpp: 49823 (JSC::MarkedBlock::destroy): 49824 (JSC::MarkedBlock::MarkedBlock): 49825 (JSC::MarkedBlock::initForCellSize): 49826 (JSC::MarkedBlock::reset): 49827 * heap/MarkedBlock.h: 49828 * wtf/Platform.h: 49829 498302011-07-30 Filip Pizlo <fpizlo@apple.com> 49831 49832 DFG JIT speculation failure pass sometimes forgets to emit code to 49833 move certain registers. 49834 https://bugs.webkit.org/show_bug.cgi?id=65421 49835 49836 Reviewed by Oliver Hunt. 49837 49838 Restructured the offending loops (for gprs and fprs). It's once again 49839 possible to use spreadsheets on docs.google.com. 49840 49841 * dfg/DFGJITCompiler.cpp: 49842 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 49843 498442011-07-30 Patrick Gansterer <paroga@webkit.org> 49845 49846 Remove inclusion of MainThread.h from Threading.h 49847 https://bugs.webkit.org/show_bug.cgi?id=65081 49848 49849 Reviewed by Darin Adler. 49850 49851 Add missing and remove unneeded include statements for MainThread. 49852 49853 * wtf/CryptographicallyRandomNumber.cpp: 49854 * wtf/Threading.h: 49855 * wtf/ThreadingPthreads.cpp: 49856 * wtf/text/StringStatics.cpp: 49857 498582011-07-30 Oliver Hunt <oliver@apple.com> 49859 49860 Reduce the size of JSGlobalObject slightly 49861 https://bugs.webkit.org/show_bug.cgi?id=65417 49862 49863 Reviewed by Dan Bernstein. 49864 49865 Push a few members that either aren't commonly used, 49866 or aren't frequently accessed into a separate struct. 49867 49868 * runtime/JSGlobalObject.cpp: 49869 (JSC::JSGlobalObject::init): 49870 (JSC::JSGlobalObject::WeakMapsFinalizer::finalize): 49871 * runtime/JSGlobalObject.h: 49872 (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData): 49873 (JSC::JSGlobalObject::createRareDataIfNeeded): 49874 (JSC::JSGlobalObject::setProfileGroup): 49875 (JSC::JSGlobalObject::profileGroup): 49876 (JSC::JSGlobalObject::registerWeakMap): 49877 (JSC::JSGlobalObject::deregisterWeakMap): 49878 498792011-07-30 Balazs Kelemen <kbalazs@webkit.org> 49880 49881 MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion 49882 https://bugs.webkit.org/show_bug.cgi?id=65263 49883 49884 Reviewed by Dmitry Titov. 49885 49886 * wtf/Deque.h: 49887 (WTF::::operator): Don't check the validity of an iterator 49888 that will be reassigned right now. 49889 * wtf/MessageQueue.h: 49890 (WTF::::removeIf): Revert r51198 as I beleave this is the better 49891 solution for the problem that was solved by that. 49892 498932011-07-29 Filip Pizlo <fpizlo@apple.com> 49894 49895 JSC GC zombie support no longer works, and is likely no longer needed. 49896 https://bugs.webkit.org/show_bug.cgi?id=65404 49897 49898 Reviewed by Darin Adler. 49899 49900 This removes zombies, because they no longer work, are not tested, are 49901 probably not needed, and are getting in the way of GC optimization 49902 work. 49903 49904 * JavaScriptCore.xcodeproj/project.pbxproj: 49905 * heap/Handle.h: 49906 (JSC::HandleConverter::operator->): 49907 (JSC::HandleConverter::operator*): 49908 * heap/HandleHeap.cpp: 49909 (JSC::HandleHeap::isValidWeakNode): 49910 * heap/Heap.cpp: 49911 (JSC::Heap::destroy): 49912 (JSC::Heap::collect): 49913 * heap/MarkedBlock.cpp: 49914 (JSC::MarkedBlock::sweep): 49915 * heap/MarkedBlock.h: 49916 (JSC::MarkedBlock::clearMarks): 49917 * interpreter/Register.h: 49918 (JSC::Register::Register): 49919 (JSC::Register::operator=): 49920 * runtime/ArgList.h: 49921 (JSC::MarkedArgumentBuffer::append): 49922 (JSC::ArgList::ArgList): 49923 * runtime/JSCell.cpp: 49924 (JSC::isZombie): 49925 * runtime/JSCell.h: 49926 * runtime/JSGlobalData.cpp: 49927 (JSC::JSGlobalData::JSGlobalData): 49928 (JSC::JSGlobalData::clearBuiltinStructures): 49929 * runtime/JSGlobalData.h: 49930 * runtime/JSValue.h: 49931 * runtime/JSValueInlineMethods.h: 49932 (JSC::JSValue::JSValue): 49933 * runtime/JSZombie.cpp: Removed. 49934 * runtime/JSZombie.h: Removed. 49935 * runtime/WriteBarrier.h: 49936 (JSC::WriteBarrierBase::setEarlyValue): 49937 (JSC::WriteBarrierBase::operator*): 49938 (JSC::WriteBarrierBase::setWithoutWriteBarrier): 49939 * wtf/Platform.h: 49940 499412011-07-29 Filip Pizlo <fpizlo@apple.com> 49942 49943 DFG JIT verbose mode provides no details about predictions 49944 https://bugs.webkit.org/show_bug.cgi?id=65389 49945 49946 Reviewed by Darin Adler. 49947 49948 Added a print-out of the predictions to the IR dump, with names as follows: 49949 "p-bottom" = the parser made no predictions 49950 "p-int32" = the parser predicted int32 49951 ... (same for array, cell, double, number) 49952 "p-top" = the parser made conflicting predictions which will be ignored. 49953 49954 * dfg/DFGGraph.cpp: 49955 (JSC::DFG::Graph::dump): 49956 * dfg/DFGGraph.h: 49957 (JSC::DFG::predictionToString): 49958 499592011-07-29 Filip Pizlo <fpizlo@apple.com> 49960 49961 DFG JIT does not have any way of undoing double speculation. 49962 https://bugs.webkit.org/show_bug.cgi?id=65334 49963 49964 Reviewed by Gavin Barraclough. 49965 49966 This adds code to do a branchConvertDoubleToInt on specualtion failure. 49967 This is performance-neutral on most benchmarks but does result in 49968 a slight improvement in Kraken. 49969 49970 * dfg/DFGJITCompiler.cpp: 49971 (JSC::DFG::GeneralizedRegister::moveTo): 49972 (JSC::DFG::GeneralizedRegister::swapWith): 49973 (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation): 49974 (JSC::DFG::ShuffledRegister::handleCyclingPermutation): 49975 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 49976 499772011-07-29 Filip Pizlo <fpizlo@apple.com> 49978 49979 Crash when opening docs.google.com 49980 https://bugs.webkit.org/show_bug.cgi?id=65327 49981 49982 Reviewed by Gavin Barraclough. 49983 49984 The speculative JIT was only checking whether a value is an array when 49985 we had already checked that it was, rather then when we hadn't. 49986 49987 * dfg/DFGSpeculativeJIT.cpp: 49988 (JSC::DFG::SpeculativeJIT::compile): 49989 499902011-07-28 Oliver Hunt <oliver@apple.com> 49991 49992 *_list instructions are only used in one place, where the code is wrong. 49993 https://bugs.webkit.org/show_bug.cgi?id=65348 49994 49995 Reviewed by Darin Adler. 49996 49997 Simply remove the instructions and all users. Speeds up the interpreter 49998 slightly due to code motion, but otherwise has no effect (because none 49999 of the _list instructions are ever used). 50000 50001 * bytecode/CodeBlock.cpp: 50002 (JSC::isPropertyAccess): 50003 (JSC::CodeBlock::dump): 50004 (JSC::CodeBlock::visitStructures): 50005 * bytecode/Instruction.h: 50006 * bytecode/Opcode.h: 50007 * interpreter/Interpreter.cpp: 50008 (JSC::Interpreter::privateExecute): 50009 * jit/JIT.cpp: 50010 (JSC::JIT::privateCompileMainPass): 50011 500122011-07-28 Gavin Barraclough <barraclough@apple.com> 50013 50014 https://bugs.webkit.org/show_bug.cgi?id=65325 50015 Performance tweak to parseInt 50016 50017 Reviewed by Oliver Hunt. 50018 50019 * runtime/JSGlobalObjectFunctions.cpp: 50020 (JSC::globalFuncParseInt): 50021 - This change may an existing optimization redundant, 50022 cleanup from Darin's comments, plus fix existing bugs. 50023 500242011-07-28 Gavin Barraclough <barraclough@apple.com> 50025 50026 https://bugs.webkit.org/show_bug.cgi?id=65325 50027 Performance tweak to parseInt 50028 50029 Reviewed by Oliver Hunt. 50030 50031 * runtime/JSGlobalObjectFunctions.cpp: 50032 (JSC::globalFuncParseInt): 50033 - parseInt applied to small positive numbers = floor. 50034 500352011-07-28 Dan Bernstein <mitz@apple.com> 50036 50037 Build fix. 50038 50039 * runtime/Executable.cpp: 50040 (JSC::FunctionExecutable::compileForCallInternal): 50041 500422011-07-28 Kent Tamura <tkent@chromium.org> 50043 50044 Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace(). 50045 https://bugs.webkit.org/show_bug.cgi?id=65300 50046 50047 Reviewed by Darin Adler. 50048 50049 r91837 had performance regression of StringImpl::stripWhiteSpace() 50050 and simplifyWhiteSpace(). This changes the code so that compilers 50051 generates code equivalent to r91836 or piror. 50052 50053 * wtf/text/StringImpl.cpp: 50054 (WTF::StringImpl::stripMatchedCharacters): 50055 A template member function for stripWhiteSpace(). This function takes a functor. 50056 (WTF::UCharPredicate): 50057 A functor for generic predicate for single UChar argument. 50058 (WTF::SpaceOrNewlinePredicate): 50059 A special functor for isSpaceOrNewline(). 50060 (WTF::StringImpl::stripWhiteSpace): 50061 Use stripmatchedCharacters(). 50062 (WTF::StringImpl::simplifyMatchedCharactersToSpace): 50063 A template member function for simplifyWhiteSpace(). 50064 (WTF::StringImpl::simplifyWhiteSpace): 50065 Use simplifyMatchedCharactersToSpace(). 50066 * wtf/text/StringImpl.h: 50067 500682011-07-27 Dmitry Lomov <dslomov@google.com> 50069 50070 [chromium] Turn on WTF_MULTIPLE_THREADS. 50071 https://bugs.webkit.org/show_bug.cgi?id=61017 50072 The patch turns on WTF_MULTIPLE_THREADS in chromium and 50073 pushes some relevant initializations from JSC::initializeThreading 50074 to WTF::initializeThreading. 50075 50076 Reviewed by David Levin. 50077 50078 * runtime/InitializeThreading.cpp: 50079 (JSC::initializeThreadingOnce): 50080 * wtf/FastMalloc.cpp: 50081 (WTF::isForbidden): 50082 (WTF::fastMallocForbid): 50083 (WTF::fastMallocAllow): 50084 * wtf/Platform.h: 50085 * wtf/ThreadingPthreads.cpp: 50086 (WTF::initializeThreading): 50087 * wtf/ThreadingWin.cpp: 50088 (WTF::initializeThreading): 50089 * wtf/gtk/ThreadingGtk.cpp: 50090 (WTF::initializeThreading): 50091 * wtf/qt/ThreadingQt.cpp: 50092 (WTF::initializeThreading): 50093 500942011-07-27 Mark Hahnenberg <mhahnenberg@apple.com> 50095 50096 Remove operator new from JSCell 50097 https://bugs.webkit.org/show_bug.cgi?id=64999 50098 50099 Reviewed by Oliver Hunt. 50100 50101 Removed the implementation of operator new in JSCell, so any further uses 50102 will not successfully link. Also removed any remaining uses of operator new. 50103 50104 * API/JSContextRef.cpp: 50105 * debugger/DebuggerActivation.h: 50106 (JSC::DebuggerActivation::create): 50107 * interpreter/Interpreter.cpp: 50108 (JSC::Interpreter::execute): 50109 (JSC::Interpreter::createExceptionScope): 50110 (JSC::Interpreter::privateExecute): 50111 * jit/JITStubs.cpp: 50112 (JSC::DEFINE_STUB_FUNCTION): 50113 * runtime/JSCell.h: 50114 * runtime/JSGlobalObject.h: 50115 (JSC::JSGlobalObject::create): 50116 * runtime/JSStaticScopeObject.h: 50117 (JSC::JSStaticScopeObject::create): 50118 (JSC::JSStaticScopeObject::JSStaticScopeObject): 50119 * runtime/StrictEvalActivation.h: 50120 (JSC::StrictEvalActivation::create): 50121 501222011-07-27 Filip Pizlo <fpizlo@apple.com> 50123 50124 DFG graph has no notion of double prediction. 50125 https://bugs.webkit.org/show_bug.cgi?id=65234 50126 50127 Reviewed by Gavin Barraclough. 50128 50129 Added the notion of PredictDouble, and PredictNumber, which is the least 50130 upper bound of PredictInt32 and PredictDouble. Least upper bound is 50131 defined as the bitwise-or of two predictions. Bottom is defined as 0, 50132 and Top is defined as all bits being set. Added the ability to explicitly 50133 distinguish between a node having had a prediction associated with it, 50134 and that prediction still being valid (i.e. no conflicting predictions 50135 have also been added). Used this to guard the speculative JIT from 50136 speculating Int32 in cases where the graph knows that the value is 50137 double, which currently only happens for GetLocal nodes on arguments 50138 which were double at compile-time. 50139 50140 * dfg/DFGGraph.cpp: 50141 (JSC::DFG::Graph::predictArgumentTypes): 50142 * dfg/DFGGraph.h: 50143 (JSC::DFG::isCellPrediction): 50144 (JSC::DFG::isArrayPrediction): 50145 (JSC::DFG::isInt32Prediction): 50146 (JSC::DFG::isDoublePrediction): 50147 (JSC::DFG::isNumberPrediction): 50148 * dfg/DFGSpeculativeJIT.cpp: 50149 (JSC::DFG::SpeculativeJIT::compile): 50150 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 50151 (JSC::DFG::SpeculativeJIT::initializeVariableTypes): 50152 * dfg/DFGSpeculativeJIT.h: 50153 (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble): 50154 501552011-07-27 Gavin Barraclough <barraclough@apple.com> 50156 50157 https://bugs.webkit.org/show_bug.cgi?id=65294 50158 DFG JIT - may speculate based on wrong arguments. 50159 50160 Reviewed by Oliver Hunt 50161 50162 In the case of a DFG compiled function calling to and compiling a second function that 50163 also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp), 50164 we call compileFor passing the caller functions exec state, rather than the callee's. 50165 This may lead to mis-optimization, since the DFG compiler will example the exec state's 50166 arguments on the assumption that these will be passed to the callee - it is wanting the 50167 callee exec state, not the caller's exec state. 50168 50169 Fixing this for all cases of compilation is tricksy, due to the way the numeric sort 50170 function is compiled, & the structure of the calls in the Interpreter::execute methods. 50171 Only fix for compilation from the JIT, in other calls don't speculate based on arguments 50172 for now. 50173 50174 * dfg/DFGOperations.cpp: 50175 * runtime/Executable.cpp: 50176 (JSC::tryDFGCompile): 50177 (JSC::tryDFGCompileFunction): 50178 (JSC::FunctionExecutable::compileForCallInternal): 50179 * runtime/Executable.h: 50180 (JSC::FunctionExecutable::compileForCall): 50181 (JSC::FunctionExecutable::compileFor): 50182 501832011-07-27 Oliver Hunt <oliver@apple.com> 50184 50185 Handle callback oriented JSONP 50186 https://bugs.webkit.org/show_bug.cgi?id=65271 50187 50188 Reviewed by Gavin Barraclough. 50189 50190 Handle the callback oriented versions of JSONP. The Literal parser 50191 now handles <Identifier> (. <Identifier>)* (jsonData). 50192 50193 * interpreter/Interpreter.cpp: 50194 (JSC::Interpreter::execute): 50195 * runtime/LiteralParser.cpp: 50196 (JSC::LiteralParser::tryJSONPParse): 50197 (JSC::LiteralParser::Lexer::lex): 50198 * runtime/LiteralParser.h: 50199 502002011-07-27 Stephanie Lewis <slewis@apple.com> 50201 50202 Revert http://trac.webkit.org/changeset/90415. 50203 Caused a 5% sunspider regression in-browser. 50204 50205 Unreviewed rollout. 50206 50207 * bytecode/CodeBlock.cpp: 50208 (JSC::CodeBlock::visitAggregate): 50209 * heap/Heap.cpp: 50210 (JSC::Heap::collectAllGarbage): 50211 * heap/MarkStack.h: 50212 (JSC::MarkStack::MarkStack): 50213 * runtime/JSGlobalData.cpp: 50214 (JSC::JSGlobalData::releaseExecutableMemory): 50215 * runtime/RegExp.cpp: 50216 (JSC::RegExp::compile): 50217 (JSC::RegExp::invalidateCode): 50218 * runtime/RegExp.h: 50219 502202011-07-27 Shinya Kawanaka <shinyak@google.com> 50221 50222 Added an interface to take IsWhiteSpaceFunctionPtr. 50223 https://bugs.webkit.org/show_bug.cgi?id=57746 50224 50225 Reviewed by Kent Tamura. 50226 50227 * wtf/text/StringImpl.cpp: 50228 (WTF::StringImpl::stripWhiteSpace): 50229 Added an interface to take IsWhiteSpaceFunctionPtr. 50230 (WTF::StringImpl::simplifyWhiteSpace): ditto. 50231 * wtf/text/StringImpl.h: 50232 * wtf/text/WTFString.cpp: 50233 (WTF::String::stripWhiteSpace): ditto. 50234 (WTF::String::simplifyWhiteSpace): ditto. 50235 * wtf/text/WTFString.h: 50236 502372011-07-27 Filip Pizlo <fpizlo@apple.com> 50238 50239 DFG JIT speculation failure code performs incorrect conversions in 50240 the case where two registers need to be swapped. 50241 https://bugs.webkit.org/show_bug.cgi?id=65233 50242 50243 Reviewed by Gavin Barraclough. 50244 50245 * dfg/DFGJITCompiler.cpp: 50246 (JSC::DFG::GeneralizedRegister::swapWith): 50247 502482011-07-26 Mark Hahnenberg <mhahnenberg@apple.com> 50249 50250 reduce and reduceRight bind callback's this to null rather than undefined 50251 https://bugs.webkit.org/show_bug.cgi?id=62264 50252 50253 Reviewed by Oliver Hunt. 50254 50255 Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly 50256 when calling the callback function without an argument for this, which means it should 50257 be undefined according to ES 15.4.4.21 and 15.4.4.22. 50258 50259 * runtime/ArrayPrototype.cpp: 50260 (JSC::arrayProtoFuncReduce): 50261 (JSC::arrayProtoFuncReduceRight): 50262 502632011-07-26 Filip Pizlo <fpizlo@apple.com> 50264 50265 JSC command-line tool does not come with any facility for 50266 measuring time precisely. 50267 https://bugs.webkit.org/show_bug.cgi?id=65223 50268 50269 Reviewed by Gavin Barraclough. 50270 50271 Exposed WTF::currentTime() as currentTimePrecise(). 50272 50273 * jsc.cpp: 50274 (GlobalObject::GlobalObject): 50275 (functionPreciseTime): 50276 502772011-07-26 Filip Pizlo <fpizlo@apple.com> 50278 50279 DFG speculative JIT never emits inline double comparisons, even when it 50280 would be obvious more efficient to do so. 50281 https://bugs.webkit.org/show_bug.cgi?id=65212 50282 50283 Reviewed by Gavin Barraclough. 50284 50285 This handles the obvious case of inlining double comparisons: it only addresses 50286 the speculative JIT, and only for fused compare/branch sequences. But it does 50287 handle the case where both operands are double (and there is no slow path), 50288 or where one operand is double and the other is unknown type (in which case it 50289 attempts to unbox the double, otherwise taking slow path). This is an 0.8% 50290 speed-up on SunSpider. 50291 50292 * dfg/DFGSpeculativeJIT.cpp: 50293 (JSC::DFG::SpeculativeJIT::convertToDouble): 50294 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): 50295 (JSC::DFG::SpeculativeJIT::compare): 50296 (JSC::DFG::SpeculativeJIT::compile): 50297 * dfg/DFGSpeculativeJIT.h: 50298 (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble): 50299 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): 50300 503012011-07-26 Filip Pizlo <fpizlo@apple.com> 50302 50303 https://bugs.webkit.org/show_bug.cgi?id=64969 50304 DFG JIT generates inefficient code for speculation failures. 50305 50306 Reviewed by Gavin Barraclough. 50307 50308 This implements a speculation failure strategy where (1) values spilled on 50309 non-speculative but not spilled on speculative are spilled, (2) values that 50310 are in registers on both paths are rearranged without ever touching memory, 50311 and (3) values spilled on speculative but not spilled on non-speculative are 50312 filled. 50313 50314 The register shuffling is the most interesting part of this patch. It 50315 constructs a permutation graph for registers. Each node represents a 50316 register, and each directed edge corresponds to the register's value having 50317 to be moved to a different register as part of the shuffling. This is a 50318 directed graph where each node may only have 0 or 1 incoming edges, and 50319 0 or 1 outgoing edges. The algorithm then first finds maximal non-cyclic 50320 subgraphs where all nodes in the subgraph are reachable from a start node. 50321 Such subgraphs always resemble linked lists, and correspond to simply 50322 moving the value in the second-to-last register into the last register, and 50323 then moving the value in the third-to-last register into the second-to-last 50324 register, and so on. Once these subgraphs are taken care of, the remaining 50325 subgraphs are cycles, and are handled using either (a) conversion or no-op 50326 if the cycle involves one node, (b) swap if it involves two nodes, or (c) 50327 a cyclic shuffle involving a scratch register if there are three or more 50328 nodes. 50329 50330 * dfg/DFGGenerationInfo.h: 50331 (JSC::DFG::needDataFormatConversion): 50332 * dfg/DFGJITCompiler.cpp: 50333 (JSC::DFG::GeneralizedRegister::GeneralizedRegister): 50334 (JSC::DFG::GeneralizedRegister::createGPR): 50335 (JSC::DFG::GeneralizedRegister::createFPR): 50336 (JSC::DFG::GeneralizedRegister::dump): 50337 (JSC::DFG::GeneralizedRegister::findInSpeculationCheck): 50338 (JSC::DFG::GeneralizedRegister::findInEntryLocation): 50339 (JSC::DFG::GeneralizedRegister::previousDataFormat): 50340 (JSC::DFG::GeneralizedRegister::nextDataFormat): 50341 (JSC::DFG::GeneralizedRegister::convert): 50342 (JSC::DFG::GeneralizedRegister::moveTo): 50343 (JSC::DFG::GeneralizedRegister::swapWith): 50344 (JSC::DFG::ShuffledRegister::ShuffledRegister): 50345 (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation): 50346 (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation): 50347 (JSC::DFG::ShuffledRegister::handleCyclingPermutation): 50348 (JSC::DFG::ShuffledRegister::lookup): 50349 (JSC::DFG::lookupForRegister): 50350 (JSC::DFG::NodeToRegisterMap::Tuple::Tuple): 50351 (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap): 50352 (JSC::DFG::NodeToRegisterMap::set): 50353 (JSC::DFG::NodeToRegisterMap::end): 50354 (JSC::DFG::NodeToRegisterMap::find): 50355 (JSC::DFG::NodeToRegisterMap::clear): 50356 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 50357 (JSC::DFG::JITCompiler::linkSpeculationChecks): 50358 * dfg/DFGJITCompiler.h: 50359 * dfg/DFGNonSpeculativeJIT.cpp: 50360 (JSC::DFG::EntryLocation::EntryLocation): 50361 * dfg/DFGNonSpeculativeJIT.h: 50362 * dfg/DFGSpeculativeJIT.cpp: 50363 (JSC::DFG::SpeculationCheck::SpeculationCheck): 50364 * dfg/DFGSpeculativeJIT.h: 50365 503662011-07-26 Oliver Hunt <oliver@apple.com> 50367 50368 Buffer overflow creating error messages for JSON.parse 50369 https://bugs.webkit.org/show_bug.cgi?id=65211 50370 50371 Reviewed by Darin Adler. 50372 50373 Parse string length to the UString constructor. 50374 50375 * runtime/LiteralParser.cpp: 50376 (JSC::LiteralParser::parse): 50377 503782011-07-26 Mark Hahnenberg <mhahnenberg@apple.com> 50379 50380 Refactor automatically generated JS DOM bindings to replace operator new with static create methods 50381 https://bugs.webkit.org/show_bug.cgi?id=64732 50382 50383 Reviewed by Oliver Hunt. 50384 50385 Replacing the public constructors in the automatically generated JS DOM bindings with static 50386 create methods. JSByteArray is used by several of these bindings in WebCore. 50387 50388 * JavaScriptCore.exp: 50389 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 50390 * runtime/JSByteArray.cpp: 50391 (JSC::JSByteArray::create): 50392 * runtime/JSByteArray.h: 50393 503942011-07-26 Alexis Menard <alexis.menard@openbossa.org> 50395 50396 Unreviewed build fix for Qt/Linux. 50397 50398 On platforms with no glib and gstreamer we should not build javascriptcore 50399 with the Glib support. This is related to http://trac.webkit.org/changeset/91752. 50400 50401 * wtf/wtf.pri: 50402 504032011-07-26 Juan C. Montemayor <jmont@apple.com> 50404 50405 JSON errors should be informative 50406 https://bugs.webkit.org/show_bug.cgi?id=63339 50407 50408 Added error messages to the JSON Parser. 50409 50410 Reviewed by Oliver Hunt. 50411 50412 * runtime/JSONObject.cpp: 50413 (JSC::JSONProtoFuncParse): 50414 * runtime/LiteralParser.cpp: 50415 (JSC::LiteralParser::Lexer::lex): 50416 (JSC::LiteralParser::Lexer::lexString): 50417 (JSC::LiteralParser::Lexer::lexNumber): 50418 (JSC::LiteralParser::parse): 50419 * runtime/LiteralParser.h: 50420 (JSC::LiteralParser::getErrorMessage): 50421 (JSC::LiteralParser::Lexer::sawError): 50422 (JSC::LiteralParser::Lexer::getErrorMessage): 50423 504242011-07-26 Sheriff Bot <webkit.review.bot@gmail.com> 50425 50426 Unreviewed, rolling out r91746. 50427 http://trac.webkit.org/changeset/91746 50428 https://bugs.webkit.org/show_bug.cgi?id=65180 50429 50430 It broke SL build (Requested by Ossy on #webkit). 50431 50432 * wtf/text/StringImpl.cpp: 50433 (WTF::StringImpl::stripWhiteSpace): 50434 (WTF::StringImpl::simplifyWhiteSpace): 50435 * wtf/text/StringImpl.h: 50436 * wtf/text/WTFString.cpp: 50437 * wtf/text/WTFString.h: 50438 504392011-07-26 Alexis Menard <alexis.menard@openbossa.org> 50440 50441 Reviewed by Andreas Kling. 50442 50443 [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac. 50444 https://bugs.webkit.org/show_bug.cgi?id=63472 50445 50446 Enable the bits needed for GStreamer only when QtMultimedia is not used. 50447 50448 * wtf/wtf.pri: 50449 504502011-07-26 Shinya Kawanaka <shinyak@google.com> 50451 50452 Added an interface to take IsWhiteSpaceFunctionPtr. 50453 https://bugs.webkit.org/show_bug.cgi?id=57746 50454 50455 Reviewed by Kent Tamura. 50456 50457 * wtf/text/StringImpl.cpp: 50458 (WTF::StringImpl::stripWhiteSpace): 50459 Added an interface to take IsWhiteSpaceFunctionPtr. 50460 (WTF::StringImpl::simplifyWhiteSpace): ditto. 50461 * wtf/text/StringImpl.h: 50462 * wtf/text/WTFString.cpp: 50463 (WTF::String::stripWhiteSpace): ditto. 50464 (WTF::String::simplifyWhiteSpace): ditto. 50465 * wtf/text/WTFString.h: 50466 504672011-07-25 Filip Pizlo <fpizlo@apple.com> 50468 50469 DFG non-speculative JIT emits inefficient code for arithmetic 50470 involving two registers 50471 https://bugs.webkit.org/show_bug.cgi?id=65160 50472 50473 Reviewed by Gavin Barraclough. 50474 50475 The non-speculative JIT now emits inline code for double arithmetic, but 50476 still attempts integer arithmetic first. This is a speed-up on SunSpider 50477 (albeit a small one), and a large speed-up on Kraken. 50478 50479 * dfg/DFGNonSpeculativeJIT.cpp: 50480 (JSC::DFG::NonSpeculativeJIT::basicArithOp): 50481 504822011-07-25 Ryuan Choi <ryuan.choi@samsung.com> 50483 50484 [EFL] Build break with --debug after r89153. 50485 https://bugs.webkit.org/show_bug.cgi?id=65150 50486 50487 Unreviewed build fix. 50488 50489 * wtf/CMakeListsEfl.txt: Add missing libraries. 50490 504912011-07-25 Filip Pizlo <fpizlo@apple.com> 50492 50493 DFG non-speculative JIT emits obviously inefficient code for arithmetic 50494 where one operand is a constant. 50495 https://bugs.webkit.org/show_bug.cgi?id=65146 50496 50497 Reviewed by Gavin Barraclough. 50498 50499 Changed the code to emit double arithmetic inline. 50500 50501 * dfg/DFGNonSpeculativeJIT.cpp: 50502 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 50503 505042011-07-25 Filip Pizlo <fpizlo@apple.com> 50505 50506 DFG JIT bytecode parser misuses pointers into objects allocated as part of a 50507 WTF::Vector. 50508 https://bugs.webkit.org/show_bug.cgi?id=65128 50509 50510 Reviewed by Gavin Barraclough. 50511 50512 The bytecode parser code seems to be right to have a DFGNode& phiNode reference 50513 into the graph, since this makes the code greatly more readable. This patch 50514 thus makes the minimal change necessary to make the code right: it uses a 50515 pointer (to disambiguate between reloading the pointer and performing a 50516 copy from one location of the vector to another) and reloads it after the 50517 calls to addToGraph(). 50518 50519 * dfg/DFGByteCodeParser.cpp: 50520 (JSC::DFG::ByteCodeParser::processPhiStack): 50521 505222011-07-25 Sheriff Bot <webkit.review.bot@gmail.com> 50523 50524 Unreviewed, rolling out r91686. 50525 http://trac.webkit.org/changeset/91686 50526 https://bugs.webkit.org/show_bug.cgi?id=65144 50527 50528 1.5% regression in JSC (Requested by jmontemayor on #webkit). 50529 50530 * runtime/JSONObject.cpp: 50531 (JSC::JSONProtoFuncParse): 50532 * runtime/LiteralParser.cpp: 50533 (JSC::LiteralParser::Lexer::lex): 50534 (JSC::LiteralParser::Lexer::lexString): 50535 (JSC::LiteralParser::Lexer::lexNumber): 50536 (JSC::LiteralParser::parse): 50537 * runtime/LiteralParser.h: 50538 505392011-07-25 Jon Lee <jonlee@apple.com> 50540 50541 Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available 50542 https://bugs.webkit.org/show_bug.cgi?id=65132 50543 <rdar://problem/9836297> 50544 50545 Reviewed by Oliver Hunt. 50546 50547 Make sure the JIT is available to use before running the following calls: 50548 50549 * bytecode/CodeBlock.cpp: 50550 (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available. 50551 * bytecode/CodeBlock.h: 50552 (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion. 50553 505542011-07-25 Juan C. Montemayor <jmont@apple.com> 50555 50556 JSON errors should be informative 50557 https://bugs.webkit.org/show_bug.cgi?id=63339 50558 50559 Added error messages to the JSON Parser. 50560 50561 Reviewed by Oliver Hunt. 50562 50563 * runtime/JSONObject.cpp: 50564 (JSC::JSONProtoFuncParse): 50565 * runtime/LiteralParser.cpp: 50566 (JSC::LiteralParser::Lexer::lex): 50567 (JSC::LiteralParser::Lexer::lexString): 50568 (JSC::LiteralParser::Lexer::lexNumber): 50569 (JSC::LiteralParser::parse): 50570 * runtime/LiteralParser.h: 50571 (JSC::LiteralParser::getErrorMessage): 50572 (JSC::LiteralParser::Lexer::sawError): 50573 (JSC::LiteralParser::Lexer::getErrorMessage): 50574 505752011-07-25 Filip Pizlo <fpizlo@apple.com> 50576 50577 X86-64 assembler emits three instructions instead of two for certain 50578 loads and stores. 50579 https://bugs.webkit.org/show_bug.cgi?id=65095 50580 50581 Reviewed by Gavin Barraclough. 50582 50583 Simply made these four methods in the assembler use the scratch register, 50584 which they were previously avoiding. It still optimizes for the case where 50585 an absolute address memory accesses is using EAX. This results in a slight 50586 performance improvement. 50587 50588 * assembler/MacroAssemblerX86_64.h: 50589 (JSC::MacroAssemblerX86_64::load32): 50590 (JSC::MacroAssemblerX86_64::store32): 50591 (JSC::MacroAssemblerX86_64::loadPtr): 50592 (JSC::MacroAssemblerX86_64::storePtr): 50593 505942011-07-25 Ryuan Choi <ryuan.choi@samsung.com> 50595 50596 [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime. 50597 https://bugs.webkit.org/show_bug.cgi?id=64354 50598 50599 Use ecore_time_unix_get which returns unix time as double type for currentTime 50600 and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime. 50601 50602 Reviewed by Kent Tamura. 50603 50604 * wtf/CurrentTime.cpp: 50605 (WTF::currentTime): 50606 (WTF::monotonicallyIncreasingTime): 50607 506082011-07-22 Sommer Panage <panage@apple.com> 50609 50610 Reviewed by Oliver Hunt. 50611 50612 export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h 50613 https://bugs.webkit.org/show_bug.cgi?id=64981 50614 50615 UIAutomation for iOS would like to support a Javascript backtrace in our error logs. 50616 Currently, the C API does not provide the tools to do this. However, the private API 50617 does expose the necessary functionality to get a backtrace 50618 (via Interpreter::retrieveLastCaller). We recognize this information may result in 50619 failure in the cases of programs run by 'eval', stack frames beneath host function 50620 call frames, and in programs run from other programs. Thus, we propose exporting our 50621 JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools 50622 we need while not advertising an API that isn't really ready for full use. 50623 50624 * API/JSContextRef.cpp: 50625 * API/JSContextRefPrivate.h: 50626 * JavaScriptCore.exp: 50627 50628 506292011-07-22 Gavin Barraclough <barraclough@apple.com> 50630 50631 https://bugs.webkit.org/show_bug.cgi?id=65051 50632 DFG JIT - Enable by default for mac platform on x86-64. 50633 50634 Rubber Stamped by Geoff Garen. 50635 50636 This is now a performance progression. 50637 50638 * wtf/Platform.h: 50639 - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS. 50640 506412011-07-22 Gavin Barraclough <barraclough@apple.com> 50642 50643 https://bugs.webkit.org/show_bug.cgi?id=65047 50644 DFG JIT - Add support for op_resolve/op_resolve_base 50645 50646 Reviewed by Sam Weinig. 50647 50648 These are necessary for any significant eval code coverage 50649 (and as such increase LayoutTest coverage). 50650 50651 * dfg/DFGAliasTracker.h: 50652 (JSC::DFG::AliasTracker::recordResolve): 50653 - Conservatively blow aliasing optimizations for now. 50654 * dfg/DFGByteCodeParser.cpp: 50655 (JSC::DFG::ByteCodeParser::parseBlock): 50656 - Add support for op_resolve/op_resolve_base. 50657 * dfg/DFGJITCodeGenerator.h: 50658 (JSC::DFG::JITCodeGenerator::callOperation): 50659 - Add call with exec, identifer aguments. 50660 * dfg/DFGNode.h: 50661 - Add new node types. 50662 (JSC::DFG::Node::hasIdentifier): 50663 - Resolve nodes have identifiers, too! 50664 * dfg/DFGNonSpeculativeJIT.cpp: 50665 (JSC::DFG::NonSpeculativeJIT::compile): 50666 - Add generation for new Nodes. 50667 * dfg/DFGOperations.cpp: 50668 * dfg/DFGOperations.h: 50669 - Added new operations. 50670 * dfg/DFGSpeculativeJIT.cpp: 50671 (JSC::DFG::SpeculativeJIT::compile): 50672 - Add generation for new Nodes. 50673 506742011-07-22 Gavin Barraclough <barraclough@apple.com> 50675 50676 https://bugs.webkit.org/show_bug.cgi?id=65036 50677 Messing with the register allocation within flow control = badness. 50678 50679 Reviewed by Sam Weinig. 50680 50681 * dfg/DFGNonSpeculativeJIT.cpp: 50682 (JSC::DFG::NonSpeculativeJIT::compile): 50683 - Fix register allocation. 50684 506852011-07-22 Mark Hahnenberg <mhahnenberg@apple.com> 50686 50687 Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly. 50688 https://bugs.webkit.org/show_bug.cgi?id=63986 50689 50690 Reviewed by Geoffrey Garen. 50691 50692 Changed the implementation of Date.prototype.toISOString() to use the extended year 50693 format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1. 50694 50695 * runtime/DatePrototype.cpp: 50696 (JSC::dateProtoFuncToISOString): 50697 506982011-07-21 Gavin Barraclough <barraclough@apple.com> 50699 50700 Windows build fix 50701 50702 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 50703 507042011-07-21 Ryosuke Niwa <rniwa@webkit.org> 50705 50706 Build fix after r91555. 50707 50708 * JavaScriptCore.exp: 50709 507102011-07-21 Gavin Barraclough <barraclough@apple.com> 50711 50712 https://bugs.webkit.org/show_bug.cgi?id=19271 50713 eliminate PIC branches by changing NaN handling in JSValue::toNumber 50714 50715 Reviewed by Sam Weinig. 50716 50717 Moving the non-numeric cases out of line seems to be a consistent 50718 win on SunSpider for me, to the order of about 0.5%. 50719 50720 * runtime/JSCell.h: 50721 (JSC::JSCell::JSValue::toNumber): 50722 - Changed to only handle values that are already numbers, moce non-numeric cases out of line. 50723 * runtime/JSValue.cpp: 50724 (JSC::JSValue::toNumberSlowCase): 50725 - Added toNumberSlowCase, handling non-numeric cases. 50726 * runtime/JSValue.h: 50727 - Add declaration of toNumberSlowCase. 50728 507292011-07-21 Gavin Barraclough <barraclough@apple.com> 50730 50731 https://bugs.webkit.org/show_bug.cgi?id=64875 50732 Use of `yield` keyword is broken 50733 50734 Reviewed by Sam Weinig. 50735 50736 * parser/Lexer.cpp: 50737 (JSC::Lexer::parseIdentifier): 50738 - The bug here is that a successful match of a RESERVED_IF_STRICT token from 50739 parseKeyword is being nullified back to IDENT. The problem is that in the 50740 case of IDENT matches parseKeyword should not move the lexer's input 50741 position, but in the case of RESERVED_IF_STRICT it has done so. 50742 507432011-07-21 Gavin Barraclough <barraclough@apple.com> 50744 50745 https://bugs.webkit.org/show_bug.cgi?id=64900 50746 Function.prototype.apply should accept an array-like object as its second argument 50747 50748 Reviewed by Sam Weinig. 50749 50750 * interpreter/Interpreter.cpp: 50751 (JSC::Interpreter::privateExecute): 50752 * jit/JITStubs.cpp: 50753 (JSC::DEFINE_STUB_FUNCTION): 50754 * runtime/FunctionPrototype.cpp: 50755 (JSC::functionProtoFuncApply): 50756 - Remove the type error if object is not an array. 50757 507582011-07-21 Gavin Barraclough <barraclough@apple.com> 50759 50760 https://bugs.webkit.org/show_bug.cgi?id=64964 50761 DFG JIT - Enable support for eval code 50762 50763 Reviewed by Sam Weinig. 50764 50765 This is basically the same as program code, to the JIT! 50766 50767 * bytecode/Opcode.cpp: 50768 * bytecode/Opcode.h: 50769 - Enable opcodeNames in !NDEBUG builds. 50770 * dfg/DFGOperations.cpp: 50771 - Fix a bug exposed by eval support, throw correct type error for new. 50772 * runtime/Executable.cpp: 50773 (JSC::EvalExecutable::compileInternal): 50774 - Enable DFG JIT for eval code. 50775 507762011-07-20 Sheriff Bot <webkit.review.bot@gmail.com> 50777 50778 Unreviewed, rolling out r91380. 50779 http://trac.webkit.org/changeset/91380 50780 https://bugs.webkit.org/show_bug.cgi?id=64924 50781 50782 Caused assertion failures in Chromium's IndexedDB tests 50783 (Requested by rniwa on #webkit). 50784 50785 * wtf/ThreadIdentifierDataPthreads.cpp: 50786 (WTF::ThreadIdentifierData::identifier): 50787 (WTF::ThreadIdentifierData::initialize): 50788 (WTF::ThreadIdentifierData::initializeKeyOnceHelper): 50789 (WTF::ThreadIdentifierData::initializeKeyOnce): 50790 * wtf/ThreadIdentifierDataPthreads.h: 50791 * wtf/ThreadingPthreads.cpp: 50792 (WTF::initializeThreading): 50793 507942011-07-20 Filip Pizlo <fpizlo@apple.com> 50795 50796 DFG non-speculative JIT does not use() the aliased GetByVal, 50797 resulting in bloated use counts. 50798 https://bugs.webkit.org/show_bug.cgi?id=64911 50799 50800 Reviewed by Gavin Barraclough. 50801 50802 Inserted a call to use() for the aliased GetByVal. 50803 50804 * dfg/DFGNonSpeculativeJIT.cpp: 50805 (JSC::DFG::NonSpeculativeJIT::compile): 50806 508072011-07-20 Gavin Barraclough <barraclough@apple.com> 50808 50809 https://bugs.webkit.org/show_bug.cgi?id=64909 50810 DFG JIT - Missing ToInt32 conversions for double constants. 50811 50812 Reviewed by Sam Weinig. 50813 50814 * dfg/DFGByteCodeParser.cpp: 50815 (JSC::DFG::ByteCodeParser::toInt32): 50816 - We cannot trivially omit ToInt32 conversions on double constants. 50817 508182011-07-20 Filip Pizlo <fpizlo@apple.com> 50819 50820 DFG speculative JIT sometimes claims to use compare operands twice, leading to 50821 use count corruption. 50822 https://bugs.webkit.org/show_bug.cgi?id=64903 50823 50824 Reviewed by Gavin Barraclough. 50825 50826 Move the calls to use() in SpeculativeJIT::compare() so that they only happen 50827 if the JITCodeGenerator's helper method (which also calls use()) is not called. 50828 50829 * dfg/DFGSpeculativeJIT.cpp: 50830 (JSC::DFG::SpeculativeJIT::compare): 50831 508322011-07-20 Oliver Hunt <oliver@apple.com> 50833 50834 Don't throw away code when JSGarbageCollect API is called 50835 https://bugs.webkit.org/show_bug.cgi?id=64894 50836 50837 Reviewed by Sam Weinig. 50838 50839 Just call collectAllGarbage. That will clean up all unneeded 50840 code without causing any pathological recompilation problems. 50841 50842 * API/JSBase.cpp: 50843 (JSGarbageCollect): 50844 508452011-07-20 Oliver Hunt <oliver@apple.com> 50846 50847 Codeblock doesn't visit cached structures in global resolve instructions 50848 https://bugs.webkit.org/show_bug.cgi?id=64889 50849 50850 Reviewed by Sam Weinig. 50851 50852 Visit the global resolve instructions. This fixes a couple 50853 of random crashes seen in the jquery tests when using the 50854 interpreter. 50855 50856 * bytecode/CodeBlock.cpp: 50857 (JSC::CodeBlock::visitAggregate): 50858 508592011-07-20 James Robinson <jamesr@chromium.org> 50860 50861 Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock 50862 https://bugs.webkit.org/show_bug.cgi?id=64841 50863 50864 Reviewed by Mark Rowe. 50865 50866 http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the 50867 monotonic clock instead of WTF::currentTime(). This broke many plugin tests on WebKit2 for reasons that are 50868 unclear. This reverts everything except for WebCore::ThreadTimers back to the previous behavior. 50869 50870 * wtf/ThreadingPthreads.cpp: 50871 (WTF::ThreadCondition::timedWait): 50872 * wtf/ThreadingWin.cpp: 50873 (WTF::absoluteTimeToWaitTimeoutInterval): 50874 * wtf/gtk/ThreadingGtk.cpp: 50875 (WTF::ThreadCondition::timedWait): 50876 * wtf/qt/ThreadingQt.cpp: 50877 (WTF::ThreadCondition::timedWait): 50878 508792011-07-14 David Levin <levin@chromium.org> 50880 50881 currentThread is too slow! 50882 https://bugs.webkit.org/show_bug.cgi?id=64577 50883 50884 Reviewed by Darin Adler and Dmitry Titov. 50885 50886 The problem is that currentThread results in a pthread_once call which always takes a lock. 50887 With this change, currentThread is 10% faster than isMainThread in release mode and only 50888 5% slower than isMainThread in debug. 50889 50890 * wtf/ThreadIdentifierDataPthreads.cpp: 50891 (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff 50892 which is no longer needed because this is called from initializeThreading(). 50893 (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because 50894 intialization of the pthread key should already be done. 50895 (WTF::ThreadIdentifierData::initialize): Ditto. 50896 * wtf/ThreadIdentifierDataPthreads.h: 50897 * wtf/ThreadingPthreads.cpp: 50898 (WTF::initializeThreading): Acquire the pthread key here. 50899 509002011-07-20 Mark Rowe <mrowe@apple.com> 50901 50902 Fix the 32-bit build. 50903 50904 * runtime/ObjectPrototype.cpp: 50905 (JSC::objectProtoFuncToString): 50906 509072011-07-19 Gavin Barraclough <barraclough@apple.com> 50908 50909 https://bugs.webkit.org/show_bug.cgi?id=64678 50910 Fix bugs in Object.prototype this handling. 50911 50912 Reviewed by Darin Adler. 50913 50914 Fix ES5.1 correctness issues identified by Mads Ager. 50915 50916 * runtime/ObjectPrototype.cpp: 50917 (JSC::objectProtoFuncToString): 50918 - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]". 50919 509202011-07-19 Mark Hahnenberg <mhahnenberg@apple.com> 50921 50922 [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation 50923 https://bugs.webkit.org/show_bug.cgi?id=63918 50924 50925 Reviewed by Darin Adler. 50926 50927 When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost 50928 method due to additional string copying within several of the constructors when dealing with 50929 UStrings. This has been added to the UString version of the appendStringInConstruct method 50930 within the JSString class. 50931 50932 * runtime/JSString.h: 50933 (JSC::RopeBuilder::JSString): 50934 (JSC::RopeBuilder::appendStringInConstruct): 50935 509362011-07-19 Gavin Barraclough <barraclough@apple.com> 50937 50938 https://bugs.webkit.org/show_bug.cgi?id=64679 50939 Fix bugs in Array.prototype this handling. 50940 50941 Reviewed by Oliver Hunt. 50942 50943 * runtime/ArrayPrototype.cpp: 50944 (JSC::arrayProtoFuncJoin): 50945 (JSC::arrayProtoFuncConcat): 50946 (JSC::arrayProtoFuncPop): 50947 (JSC::arrayProtoFuncPush): 50948 (JSC::arrayProtoFuncReverse): 50949 (JSC::arrayProtoFuncShift): 50950 (JSC::arrayProtoFuncSlice): 50951 (JSC::arrayProtoFuncSort): 50952 (JSC::arrayProtoFuncSplice): 50953 (JSC::arrayProtoFuncUnShift): 50954 (JSC::arrayProtoFuncFilter): 50955 (JSC::arrayProtoFuncMap): 50956 (JSC::arrayProtoFuncEvery): 50957 (JSC::arrayProtoFuncForEach): 50958 (JSC::arrayProtoFuncSome): 50959 (JSC::arrayProtoFuncReduce): 50960 (JSC::arrayProtoFuncReduceRight): 50961 (JSC::arrayProtoFuncIndexOf): 50962 (JSC::arrayProtoFuncLastIndexOf): 50963 - These methods should throw if this value is undefined. 50964 509652011-07-19 Gavin Barraclough <barraclough@apple.com> 50966 50967 https://bugs.webkit.org/show_bug.cgi?id=64677 50968 Fix bugs in String.prototype this handling. 50969 50970 Reviewed by Oliver Hunt. 50971 50972 undefined/null this values should throw TypeErrors, not convert to 50973 the global object, and primitive values should not be converted via 50974 object types. 50975 50976 * runtime/StringPrototype.cpp: 50977 (JSC::stringProtoFuncReplace): 50978 (JSC::stringProtoFuncCharAt): 50979 (JSC::stringProtoFuncCharCodeAt): 50980 (JSC::stringProtoFuncIndexOf): 50981 (JSC::stringProtoFuncLastIndexOf): 50982 (JSC::stringProtoFuncMatch): 50983 (JSC::stringProtoFuncSearch): 50984 (JSC::stringProtoFuncSlice): 50985 (JSC::stringProtoFuncSplit): 50986 (JSC::stringProtoFuncSubstr): 50987 (JSC::stringProtoFuncSubstring): 50988 (JSC::stringProtoFuncToLowerCase): 50989 (JSC::stringProtoFuncToUpperCase): 50990 (JSC::stringProtoFuncLocaleCompare): 50991 (JSC::stringProtoFuncBig): 50992 (JSC::stringProtoFuncSmall): 50993 (JSC::stringProtoFuncBlink): 50994 (JSC::stringProtoFuncBold): 50995 (JSC::stringProtoFuncFixed): 50996 (JSC::stringProtoFuncItalics): 50997 (JSC::stringProtoFuncStrike): 50998 (JSC::stringProtoFuncSub): 50999 (JSC::stringProtoFuncSup): 51000 (JSC::stringProtoFuncFontcolor): 51001 (JSC::stringProtoFuncFontsize): 51002 (JSC::stringProtoFuncAnchor): 51003 (JSC::stringProtoFuncLink): 51004 (JSC::trimString): 51005 - These methods should throw if this value is undefined, 51006 convert ToString directly, not via ToObject. 51007 510082011-07-19 Filip Pizlo <fpizlo@apple.com> 51009 51010 DFG JIT sometimes emits spill code even when the respective values 51011 are never needed. 51012 https://bugs.webkit.org/show_bug.cgi?id=64774 51013 51014 Reviewed by Gavin Barraclough. 51015 51016 The main high-level change is that it is now easier to call use() on a 51017 virtual register. JSValueOperand and its other-typed relatives now have 51018 a handy use() method, and jsValueResult() and friends now make it easier to 51019 pass UseChildrenCalledExplicitly. 51020 51021 The rest of this patch hoists the call to use() as high as possible for 51022 all of those cases where either flushRegisters() or silentSpillAllRegisters() 51023 may be called. 51024 51025 * dfg/DFGJITCodeGenerator.cpp: 51026 (JSC::DFG::JITCodeGenerator::cachedGetById): 51027 (JSC::DFG::JITCodeGenerator::cachedGetMethod): 51028 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 51029 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 51030 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): 51031 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 51032 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): 51033 (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq): 51034 (JSC::DFG::JITCodeGenerator::emitBranch): 51035 * dfg/DFGJITCodeGenerator.h: 51036 (JSC::DFG::JITCodeGenerator::use): 51037 (JSC::DFG::JITCodeGenerator::integerResult): 51038 (JSC::DFG::JITCodeGenerator::jsValueResult): 51039 (JSC::DFG::IntegerOperand::use): 51040 (JSC::DFG::DoubleOperand::use): 51041 (JSC::DFG::JSValueOperand::use): 51042 * dfg/DFGNonSpeculativeJIT.cpp: 51043 (JSC::DFG::NonSpeculativeJIT::valueToNumber): 51044 (JSC::DFG::NonSpeculativeJIT::valueToInt32): 51045 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 51046 (JSC::DFG::NonSpeculativeJIT::basicArithOp): 51047 (JSC::DFG::NonSpeculativeJIT::compile): 51048 * dfg/DFGSpeculativeJIT.cpp: 51049 (JSC::DFG::SpeculativeJIT::compile): 51050 * dfg/DFGSpeculativeJIT.h: 51051 (JSC::DFG::SpeculateStrictInt32Operand::use): 51052 (JSC::DFG::SpeculateCellOperand::use): 51053 510542011-07-19 Xan Lopez <xlopez@igalia.com> 51055 51056 ARMv7 backend broken, lacks 3 parameter rshift32 method 51057 https://bugs.webkit.org/show_bug.cgi?id=64571 51058 51059 Reviewed by Zoltan Herczeg. 51060 51061 * assembler/MacroAssemblerARMv7.h: 51062 (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method. 51063 510642011-07-18 Filip Pizlo <fpizlo@apple.com> 51065 51066 DFG JIT does not optimize strict equality as effectively as the old JIT does. 51067 https://bugs.webkit.org/show_bug.cgi?id=64759 51068 51069 Reviewed by Gavin Barraclough. 51070 51071 This adds a more complete set of strict equality optimizations. If either 51072 operand is known numeric, then the code reverts to the old style of optimizing 51073 (first try integer comparison). Otherwise it uses the old JIT's trick of 51074 first simultaneously checking if both operands are either numbers or cells; 51075 if not then a fast path is taken. 51076 51077 * dfg/DFGJITCodeGenerator.cpp: 51078 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq): 51079 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq): 51080 (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq): 51081 * dfg/DFGJITCodeGenerator.h: 51082 * dfg/DFGNonSpeculativeJIT.cpp: 51083 (JSC::DFG::NonSpeculativeJIT::compile): 51084 * dfg/DFGOperations.cpp: 51085 * dfg/DFGOperations.h: 51086 * dfg/DFGSpeculativeJIT.cpp: 51087 (JSC::DFG::SpeculativeJIT::compile): 51088 510892011-07-18 Gavin Barraclough <barraclough@apple.com> 51090 51091 https://bugs.webkit.org/show_bug.cgi?id=64760 51092 DFG JIT - Should be able to compile program code. 51093 51094 Reviewed by Geoff Garen. 51095 51096 Add support for op_end, hooks to compile program code in Executable.cpp. 51097 51098 * dfg/DFGByteCodeParser.cpp: 51099 (JSC::DFG::ByteCodeParser::parseBlock): 51100 - Add support for op_end 51101 * dfg/DFGJITCompiler.cpp: 51102 (JSC::DFG::JITCompiler::compileEntry): 51103 (JSC::DFG::JITCompiler::compileBody): 51104 (JSC::DFG::JITCompiler::link): 51105 - Added, separate out steps of compileFunction. 51106 (JSC::DFG::JITCompiler::compile): 51107 - Added, compile program code. 51108 (JSC::DFG::JITCompiler::compileFunction): 51109 - Sections separated out to helper functions. 51110 * dfg/DFGJITCompiler.h: 51111 (JSC::DFG::JITCompiler::JITCompiler): 51112 - Added m_exceptionCheckCount. 51113 * runtime/Executable.cpp: 51114 (JSC::tryDFGCompile): 51115 (JSC::tryDFGCompileFunction): 51116 (JSC::ProgramExecutable::compileInternal): 51117 (JSC::FunctionExecutable::compileForCallInternal): 51118 - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code. 51119 511202011-07-18 Gavin Barraclough <barraclough@apple.com> 51121 51122 https://bugs.webkit.org/show_bug.cgi?id=64678 51123 Fix bugs in Object.prototype this handling. 51124 51125 Reviewed by Oliver Hunt. 51126 51127 undefined/null this values should throw TypeErrors, not convert to the global object, 51128 also, to toLocaleString should be calling the ToObject & invoking the object's toString 51129 function, even for values that are already strings. 51130 51131 * runtime/ObjectPrototype.cpp: 51132 (JSC::objectProtoFuncValueOf): 51133 (JSC::objectProtoFuncHasOwnProperty): 51134 (JSC::objectProtoFuncIsPrototypeOf): 51135 (JSC::objectProtoFuncPropertyIsEnumerable): 51136 (JSC::objectProtoFuncToLocaleString): 51137 (JSC::objectProtoFuncToString): 51138 511392011-07-18 Filip Pizlo <fpizlo@apple.com> 51140 51141 JSC GC lazy sweep does not inline the common cases of cell destruction. 51142 https://bugs.webkit.org/show_bug.cgi?id=64745 51143 51144 Reviewed by Oliver Hunt. 51145 51146 This inlines the case of JSFinalObject destruction. 51147 51148 * heap/MarkedBlock.cpp: 51149 (JSC::MarkedBlock::lazySweep): 51150 511512011-07-18 Oliver Hunt <oliver@apple.com> 51152 51153 Interpreter build-fix 51154 51155 * interpreter/Interpreter.cpp: 51156 (JSC::Interpreter::privateExecute): 51157 511582011-07-18 Filip Pizlo <fpizlo@apple.com> 51159 51160 DFG JIT does not optimize equal-null comparisons and branches. 51161 https://bugs.webkit.org/show_bug.cgi?id=64659 51162 51163 Reviewed by Gavin Barraclough. 51164 51165 Added a peephole-aware compare-to-null implementation to JITCodeGenerator, 51166 which is used by both the speculative and non-speculative JIT. Through 51167 the use of the new isNullConstant helper, the two JITs invoke the 51168 nonSpecualtiveCompareNull() helper instead of their regular comparison 51169 helpers when compiling CompareEq. Through the use of the new isKnownCell 51170 helper, the compare-null code will skip the is-a-cell check if the 51171 speculative JIT had been speculating cell. 51172 51173 * dfg/DFGJITCodeGenerator.cpp: 51174 (JSC::DFG::JITCodeGenerator::isKnownCell): 51175 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull): 51176 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull): 51177 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull): 51178 * dfg/DFGJITCodeGenerator.h: 51179 (JSC::DFG::JITCodeGenerator::isNullConstant): 51180 * dfg/DFGNonSpeculativeJIT.cpp: 51181 (JSC::DFG::NonSpeculativeJIT::compile): 51182 * dfg/DFGOperations.cpp: 51183 * dfg/DFGSpeculativeJIT.cpp: 51184 (JSC::DFG::SpeculativeJIT::compile): 51185 511862011-07-18 James Robinson <jamesr@chromium.org> 51187 51188 Timer scheduling should be based off the monotonic clock 51189 https://bugs.webkit.org/show_bug.cgi?id=64544 51190 51191 Reviewed by Darin Adler. 51192 51193 Switches ThreadCondition::timedWait and related utility functions from currentTime() to 51194 monotonicallyIncreasingTime(). 51195 51196 Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit. 51197 51198 * JavaScriptCore.exp: 51199 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 51200 * wtf/ThreadingPthreads.cpp: 51201 (WTF::ThreadCondition::timedWait): 51202 * wtf/ThreadingWin.cpp: 51203 (WTF::absoluteTimeToWaitTimeoutInterval): 51204 * wtf/gtk/ThreadingGtk.cpp: 51205 (WTF::ThreadCondition::timedWait): 51206 * wtf/qt/ThreadingQt.cpp: 51207 (WTF::ThreadCondition::timedWait): 51208 512092011-07-18 Filip Pizlo <fpizlo@apple.com> 51210 51211 JSC JIT does not inline GC allocation fast paths 51212 https://bugs.webkit.org/show_bug.cgi?id=64582 51213 51214 Reviewed by Oliver Hunt. 51215 51216 This addresses inlining allocation for the easiest-to-allocate cases: 51217 op_new_object and op_create_this. Inlining GC allocation fast paths 51218 required three changes. First, the JSGlobalData now saves the vtable 51219 pointer of JSFinalObject, since that's what op_new_object and 51220 op_create_this allocate. Second, the Heap exposes a reference to 51221 the appropriate SizeClass, so that the JIT may inline accesses 51222 directly to the SizeClass for JSFinalObject allocations. And third, 51223 the JIT is extended with code to emit inline fast paths for GC 51224 allocation. A stub call is emitted in the case where the inline fast 51225 path fails. 51226 51227 * heap/Heap.h: 51228 (JSC::Heap::sizeClassFor): 51229 (JSC::Heap::allocate): 51230 * jit/JIT.cpp: 51231 (JSC::JIT::privateCompileSlowCases): 51232 * jit/JIT.h: 51233 * jit/JITInlineMethods.h: 51234 (JSC::JIT::emitAllocateJSFinalObject): 51235 * jit/JITOpcodes.cpp: 51236 (JSC::JIT::emit_op_new_object): 51237 (JSC::JIT::emitSlow_op_new_object): 51238 (JSC::JIT::emit_op_create_this): 51239 (JSC::JIT::emitSlow_op_create_this): 51240 * jit/JITOpcodes32_64.cpp: 51241 (JSC::JIT::emit_op_new_object): 51242 (JSC::JIT::emitSlow_op_new_object): 51243 (JSC::JIT::emit_op_create_this): 51244 (JSC::JIT::emitSlow_op_create_this): 51245 * runtime/JSGlobalData.cpp: 51246 (JSC::JSGlobalData::storeVPtrs): 51247 * runtime/JSGlobalData.h: 51248 * runtime/JSObject.h: 51249 (JSC::JSFinalObject::JSFinalObject): 51250 (JSC::JSObject::offsetOfInheritorID): 51251 512522011-07-18 Mark Hahnenberg <mhahnenberg@apple.com> 51253 51254 Refactor JSC to replace JSCell::operator new with static create method 51255 https://bugs.webkit.org/show_bug.cgi?id=64466 51256 51257 Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com). 51258 51259 First step in a longer refactoring process to remove the use of 51260 operator new overloading in order to allocate GC objects and to replace 51261 this method with static create methods for each individual type of heap-allocated 51262 JS object. This particular patch only deals with replacing uses of 51263 operator new within JSC proper. Future patches will remove it from the 51264 parts that interface with the DOM. Due to the DOM's continued dependence 51265 on it, operator new has not actually been removed from JSCell. 51266 51267 * API/JSCallbackConstructor.h: 51268 (JSC::JSCallbackConstructor::create): 51269 * API/JSCallbackFunction.h: 51270 (JSC::JSCallbackFunction::create): 51271 * API/JSCallbackObject.h: 51272 (JSC::JSCallbackObject::operator new): 51273 (JSC::JSCallbackObject::create): 51274 * API/JSCallbackObjectFunctions.h: 51275 (JSC::::staticFunctionGetter): 51276 * API/JSClassRef.cpp: 51277 (OpaqueJSClass::prototype): 51278 * API/JSContextRef.cpp: 51279 * API/JSObjectRef.cpp: 51280 (JSObjectMake): 51281 (JSObjectMakeFunctionWithCallback): 51282 (JSObjectMakeConstructor): 51283 * JavaScriptCore.exp: 51284 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 51285 * bytecode/CodeBlock.cpp: 51286 (JSC::CodeBlock::createActivation): 51287 * bytecompiler/BytecodeGenerator.cpp: 51288 (JSC::BytecodeGenerator::BytecodeGenerator): 51289 * bytecompiler/BytecodeGenerator.h: 51290 (JSC::BytecodeGenerator::makeFunction): 51291 * bytecompiler/NodesCodegen.cpp: 51292 (JSC::RegExpNode::emitBytecode): 51293 * interpreter/Interpreter.cpp: 51294 (JSC::Interpreter::privateExecute): 51295 (JSC::Interpreter::retrieveArguments): 51296 * jit/JITStubs.cpp: 51297 (JSC::DEFINE_STUB_FUNCTION): 51298 * jsc.cpp: 51299 (GlobalObject::create): 51300 (GlobalObject::GlobalObject): 51301 (functionRun): 51302 (jscmain): 51303 * runtime/Arguments.h: 51304 (JSC::Arguments::create): 51305 (JSC::Arguments::createNoParameters): 51306 * runtime/ArrayConstructor.cpp: 51307 (JSC::constructArrayWithSizeQuirk): 51308 * runtime/ArrayConstructor.h: 51309 (JSC::ArrayConstructor::create): 51310 * runtime/ArrayPrototype.cpp: 51311 (JSC::arrayProtoFuncSplice): 51312 * runtime/ArrayPrototype.h: 51313 (JSC::ArrayPrototype::create): 51314 * runtime/BooleanConstructor.cpp: 51315 (JSC::constructBoolean): 51316 (JSC::constructBooleanFromImmediateBoolean): 51317 * runtime/BooleanConstructor.h: 51318 (JSC::BooleanConstructor::create): 51319 * runtime/BooleanObject.h: 51320 (JSC::BooleanObject::create): 51321 * runtime/BooleanPrototype.h: 51322 (JSC::BooleanPrototype::create): 51323 * runtime/DateConstructor.cpp: 51324 (JSC::constructDate): 51325 * runtime/DateConstructor.h: 51326 (JSC::DateConstructor::create): 51327 * runtime/DateInstance.h: 51328 (JSC::DateInstance::create): 51329 * runtime/DatePrototype.h: 51330 (JSC::DatePrototype::create): 51331 * runtime/Error.cpp: 51332 (JSC::createError): 51333 (JSC::createEvalError): 51334 (JSC::createRangeError): 51335 (JSC::createReferenceError): 51336 (JSC::createSyntaxError): 51337 (JSC::createTypeError): 51338 (JSC::createURIError): 51339 (JSC::StrictModeTypeErrorFunction::create): 51340 (JSC::createTypeErrorFunction): 51341 * runtime/ErrorConstructor.h: 51342 (JSC::ErrorConstructor::create): 51343 * runtime/ErrorInstance.cpp: 51344 (JSC::ErrorInstance::ErrorInstance): 51345 (JSC::ErrorInstance::create): 51346 * runtime/ErrorInstance.h: 51347 * runtime/ErrorPrototype.cpp: 51348 (JSC::ErrorPrototype::ErrorPrototype): 51349 * runtime/ErrorPrototype.h: 51350 (JSC::ErrorPrototype::create): 51351 * runtime/ExceptionHelpers.cpp: 51352 (JSC::InterruptedExecutionError::InterruptedExecutionError): 51353 (JSC::InterruptedExecutionError::create): 51354 (JSC::createInterruptedExecutionException): 51355 (JSC::TerminatedExecutionError::TerminatedExecutionError): 51356 (JSC::TerminatedExecutionError::create): 51357 (JSC::createTerminatedExecutionException): 51358 * runtime/Executable.cpp: 51359 (JSC::FunctionExecutable::FunctionExecutable): 51360 (JSC::FunctionExecutable::fromGlobalCode): 51361 * runtime/Executable.h: 51362 (JSC::ExecutableBase::create): 51363 (JSC::NativeExecutable::create): 51364 (JSC::ScriptExecutable::ScriptExecutable): 51365 (JSC::EvalExecutable::create): 51366 (JSC::ProgramExecutable::create): 51367 (JSC::FunctionExecutable::create): 51368 (JSC::FunctionExecutable::make): 51369 * runtime/FunctionConstructor.cpp: 51370 (JSC::constructFunctionSkippingEvalEnabledCheck): 51371 * runtime/FunctionConstructor.h: 51372 (JSC::FunctionConstructor::create): 51373 * runtime/FunctionPrototype.cpp: 51374 (JSC::FunctionPrototype::addFunctionProperties): 51375 * runtime/FunctionPrototype.h: 51376 (JSC::FunctionPrototype::create): 51377 * runtime/GetterSetter.h: 51378 (JSC::GetterSetter::create): 51379 * runtime/JSAPIValueWrapper.h: 51380 (JSC::JSAPIValueWrapper::create): 51381 (JSC::jsAPIValueWrapper): 51382 * runtime/JSActivation.cpp: 51383 (JSC::JSActivation::argumentsGetter): 51384 * runtime/JSActivation.h: 51385 (JSC::JSActivation::create): 51386 * runtime/JSArray.h: 51387 (JSC::JSArray::create): 51388 * runtime/JSCell.h: 51389 (JSC::JSCell::allocateCell): 51390 * runtime/JSFunction.h: 51391 (JSC::JSFunction::create): 51392 * runtime/JSGlobalObject.cpp: 51393 (JSC::JSGlobalObject::init): 51394 (JSC::JSGlobalObject::reset): 51395 * runtime/JSGlobalObject.h: 51396 (JSC::constructEmptyArray): 51397 (JSC::constructArray): 51398 * runtime/JSNotAnObject.h: 51399 (JSC::JSNotAnObject::create): 51400 * runtime/JSONObject.h: 51401 (JSC::JSONObject::create): 51402 * runtime/JSObject.cpp: 51403 (JSC::JSObject::defineGetter): 51404 (JSC::JSObject::defineSetter): 51405 (JSC::putDescriptor): 51406 * runtime/JSObject.h: 51407 (JSC::JSFinalObject::create): 51408 * runtime/JSPropertyNameIterator.cpp: 51409 (JSC::JSPropertyNameIterator::create): 51410 * runtime/JSPropertyNameIterator.h: 51411 (JSC::JSPropertyNameIterator::create): 51412 * runtime/JSString.cpp: 51413 (JSC::JSString::substringFromRope): 51414 (JSC::JSString::replaceCharacter): 51415 (JSC::StringObject::create): 51416 * runtime/JSString.h: 51417 (JSC::RopeBuilder::JSString): 51418 (JSC::RopeBuilder::create): 51419 (JSC::RopeBuilder::createHasOtherOwner): 51420 (JSC::jsSingleCharacterString): 51421 (JSC::jsSingleCharacterSubstring): 51422 (JSC::jsNontrivialString): 51423 (JSC::jsString): 51424 (JSC::jsSubstring): 51425 (JSC::jsOwnedString): 51426 * runtime/JSValue.cpp: 51427 (JSC::JSValue::toObjectSlowCase): 51428 (JSC::JSValue::synthesizeObject): 51429 (JSC::JSValue::synthesizePrototype): 51430 * runtime/Lookup.cpp: 51431 (JSC::setUpStaticFunctionSlot): 51432 * runtime/MathObject.h: 51433 (JSC::MathObject::create): 51434 * runtime/NativeErrorConstructor.cpp: 51435 (JSC::NativeErrorConstructor::NativeErrorConstructor): 51436 * runtime/NativeErrorConstructor.h: 51437 (JSC::NativeErrorConstructor::create): 51438 * runtime/NativeErrorPrototype.h: 51439 (JSC::NativeErrorPrototype::create): 51440 * runtime/NumberConstructor.cpp: 51441 (JSC::constructWithNumberConstructor): 51442 * runtime/NumberConstructor.h: 51443 (JSC::NumberConstructor::create): 51444 * runtime/NumberObject.cpp: 51445 (JSC::constructNumber): 51446 * runtime/NumberObject.h: 51447 (JSC::NumberObject::create): 51448 * runtime/NumberPrototype.h: 51449 (JSC::NumberPrototype::create): 51450 * runtime/ObjectConstructor.h: 51451 (JSC::ObjectConstructor::create): 51452 * runtime/ObjectPrototype.h: 51453 (JSC::ObjectPrototype::create): 51454 * runtime/Operations.h: 51455 (JSC::jsString): 51456 * runtime/RegExp.cpp: 51457 (JSC::RegExp::RegExp): 51458 (JSC::RegExp::createWithoutCaching): 51459 (JSC::RegExp::create): 51460 * runtime/RegExp.h: 51461 * runtime/RegExpCache.cpp: 51462 (JSC::RegExpCache::lookupOrCreate): 51463 * runtime/RegExpConstructor.cpp: 51464 (JSC::RegExpConstructor::arrayOfMatches): 51465 (JSC::constructRegExp): 51466 * runtime/RegExpConstructor.h: 51467 (JSC::RegExpConstructor::create): 51468 * runtime/RegExpMatchesArray.h: 51469 (JSC::RegExpMatchesArray::create): 51470 * runtime/RegExpObject.h: 51471 (JSC::RegExpObject::create): 51472 * runtime/RegExpPrototype.cpp: 51473 (JSC::regExpProtoFuncCompile): 51474 * runtime/RegExpPrototype.h: 51475 (JSC::RegExpPrototype::create): 51476 * runtime/ScopeChain.h: 51477 (JSC::ScopeChainNode::create): 51478 (JSC::ScopeChainNode::push): 51479 * runtime/SmallStrings.cpp: 51480 (JSC::SmallStrings::createEmptyString): 51481 (JSC::SmallStrings::createSingleCharacterString): 51482 * runtime/StringConstructor.cpp: 51483 (JSC::constructWithStringConstructor): 51484 * runtime/StringConstructor.h: 51485 (JSC::StringConstructor::create): 51486 * runtime/StringObject.h: 51487 (JSC::StringObject::create): 51488 * runtime/StringObjectThatMasqueradesAsUndefined.h: 51489 (JSC::StringObjectThatMasqueradesAsUndefined::create): 51490 * runtime/StringPrototype.cpp: 51491 (JSC::stringProtoFuncMatch): 51492 (JSC::stringProtoFuncSearch): 51493 * runtime/StringPrototype.h: 51494 (JSC::StringPrototype::create): 51495 * runtime/Structure.h: 51496 (JSC::Structure::create): 51497 (JSC::Structure::createStructure): 51498 * runtime/StructureChain.h: 51499 (JSC::StructureChain::create): 51500 515012011-07-17 Ryuan Choi <ryuan.choi@samsung.com> 51502 51503 [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash. 51504 https://bugs.webkit.org/show_bug.cgi?id=64337 51505 51506 Replace ecore_timer_add to Ecore_Pipe. 51507 This is needed because ecore_timer should not be called in a child thread, 51508 but in the main thread. 51509 51510 Reviewed by Antonio Gomes. 51511 51512 * wtf/efl/MainThreadEfl.cpp: 51513 (WTF::pipeObject): 51514 (WTF::monitorDispatchFunctions): 51515 (WTF::initializeMainThreadPlatform): 51516 (WTF::scheduleDispatchFunctionsOnMainThread): 51517 515182011-07-17 Filip Pizlo <fpizlo@apple.com> 51519 51520 DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline. 51521 https://bugs.webkit.org/show_bug.cgi?id=64637 51522 51523 Reviewed by Gavin Barraclough. 51524 51525 * dfg/DFGOperations.cpp: 51526 515272011-07-16 Gavin Barraclough <barraclough@apple.com> 51528 51529 https://bugs.webkit.org/show_bug.cgi?id=64657 51530 Converted this value not preserved when accessed via direct eval. 51531 51532 Reviewed by Oliver Hunt. 51533 51534 Upon entry into a non-strict function, primitive this values should be boxed as Object types 51535 (or substituted with the global object) - which is done by op_convert_this. However we only 51536 do so where this is used lexically within the function (we omit the conversion op if not). 51537 The problem comes if a direct eval (running within the function's scope) accesses the this 51538 value. 51539 51540 We are safe in the case of a single eval, since the this object will be converted within 51541 callEval, however the converted value is not preserved, and a new wrapper object is allocated 51542 each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper 51543 object will be lost between eval statements. 51544 51545 * bytecompiler/BytecodeGenerator.cpp: 51546 (JSC::BytecodeGenerator::BytecodeGenerator): 51547 - If a function uses eval, we always need to convert this. 51548 * interpreter/Interpreter.cpp: 51549 (JSC::Interpreter::execute): 51550 - Don't convert primitive values here - this is too late! 51551 (JSC::Interpreter::privateExecute): 51552 - Changed op_convert_this to call new isPrimitive method. 51553 * jit/JITStubs.cpp: 51554 (JSC::DEFINE_STUB_FUNCTION): 51555 - Changed op_convert_this to call new isPrimitive method. 51556 * runtime/JSCell.h: 51557 (JSC::JSCell::JSValue::isPrimitive): 51558 - Added JSValue::isPrimitive. 51559 * runtime/JSValue.h: 51560 - Added JSValue::isPrimitive. 51561 515622011-07-16 Filip Pizlo <fpizlo@apple.com> 51563 51564 DFG JIT compare/branch code emits is-integer tests even when a value is 51565 definitely not an integer. 51566 https://bugs.webkit.org/show_bug.cgi?id=64654 51567 51568 Reviewed by Gavin Barraclough. 51569 51570 Added the isKnownNotInteger() method, which returns true if a node is 51571 definitely not an integer and will always fail any is-integer test. Then 51572 modified the compare and branch code to use this method; if it returns 51573 true then is-int tests are omitted and the compiler always emits a slow 51574 call. 51575 51576 * dfg/DFGJITCodeGenerator.cpp: 51577 (JSC::DFG::JITCodeGenerator::isKnownNotInteger): 51578 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 51579 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 51580 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): 51581 * dfg/DFGJITCodeGenerator.h: 51582 * dfg/DFGSpeculativeJIT.cpp: 51583 (JSC::DFG::SpeculativeJIT::compare): 51584 515852011-07-16 Filip Pizlo <fpizlo@apple.com> 51586 51587 DFG speculative JIT has dead code for slow calls for branches. 51588 https://bugs.webkit.org/show_bug.cgi?id=64653 51589 51590 Reviewed by Gavin Barraclough. 51591 51592 Removed SpeculativeJIT::compilePeepHoleCall. 51593 51594 * dfg/DFGSpeculativeJIT.cpp: 51595 * dfg/DFGSpeculativeJIT.h: 51596 515972011-07-15 Mark Rowe <mrowe@apple.com> 51598 51599 Fix the build. 51600 51601 * dfg/DFGGraph.h: 51602 516032011-07-15 Gavin Barraclough <barraclough@apple.com> 51604 51605 NativeError.prototype objects have [[Class]] of "Object" but should be "Error" 51606 https://bugs.webkit.org/show_bug.cgi?id=55346 51607 51608 Reviewed by Sam Weinig. 51609 51610 * runtime/ErrorPrototype.cpp: 51611 (JSC::ErrorPrototype::ErrorPrototype): 51612 - Switch to putDirect since we're not the only ones tranitioning this Structure now. 51613 * runtime/NativeErrorPrototype.cpp: 51614 (JSC::NativeErrorPrototype::NativeErrorPrototype): 51615 * runtime/NativeErrorPrototype.h: 51616 - Switch base class to ErrorPrototype. 51617 516182011-07-15 Gavin Barraclough <barraclough@apple.com> 51619 51620 DFG JIT - Where arguments passed are integers, speculate this. 51621 https://bugs.webkit.org/show_bug.cgi?id=64630 51622 51623 Reviewed by Sam Weinig. 51624 51625 Presently the DFG JIT is overly aggressively predicting double. 51626 Use a bit of dynamic information, and curtail this a little. 51627 51628 * dfg/DFGGraph.cpp: 51629 (JSC::DFG::Graph::predictArgumentTypes): 51630 - Check for integer arguments. 51631 * dfg/DFGGraph.h: 51632 - Function declaration. 51633 * runtime/Executable.cpp: 51634 (JSC::tryDFGCompile): 51635 (JSC::FunctionExecutable::compileForCallInternal): 51636 - Add call to predictArgumentTypes. 51637 516382011-07-15 Filip Pizlo <fpizlo@apple.com> 51639 51640 DFG JIT is inconsistent about fusing branches and speculating 51641 integer comparisons for branches. 51642 https://bugs.webkit.org/show_bug.cgi?id=64573 51643 51644 Reviewed by Gavin Barraclough. 51645 51646 This patch moves some of NonSpeculativeJIT's functionality up into the 51647 JITCodeGenerator superclass so that it can be used from both JITs. Now, 51648 in cases where the speculative JIT doesn't want to speculate but still 51649 wants to emit good code, it can reliably emit the same code sequence as 51650 the non-speculative JIT. This patch also extends the non-speculative 51651 JIT's compare optimizations to include compare/branch fusing, and 51652 extends the speculative JIT's compare optimizations to cover StrictEqual. 51653 51654 * dfg/DFGJITCodeGenerator.cpp: 51655 (JSC::DFG::JITCodeGenerator::isKnownInteger): 51656 (JSC::DFG::JITCodeGenerator::isKnownNumeric): 51657 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch): 51658 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare): 51659 * dfg/DFGJITCodeGenerator.h: 51660 (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch): 51661 * dfg/DFGNonSpeculativeJIT.cpp: 51662 (JSC::DFG::NonSpeculativeJIT::compile): 51663 * dfg/DFGNonSpeculativeJIT.h: 51664 * dfg/DFGOperations.cpp: 51665 * dfg/DFGSpeculativeJIT.cpp: 51666 (JSC::DFG::SpeculativeJIT::compare): 51667 (JSC::DFG::SpeculativeJIT::compile): 51668 * dfg/DFGSpeculativeJIT.h: 51669 * wtf/Platform.h: 51670 516712011-07-14 Gavin Barraclough <barraclough@apple.com> 51672 51673 https://bugs.webkit.org/show_bug.cgi?id=64250 51674 Global strict mode function leaking global object as "this". 51675 51676 Reviewed by Oliver Hunt. 51677 51678 The root problem here is that we pass the wrong values into 51679 calls, and then try to fix them up in the callee. Correct 51680 behaviour per the spec is to pass in the value undefined, 51681 as this unless either (1) the function call is based on an 51682 explicit property access or (2) the base of the call comes 51683 directly from a 'with'. 51684 51685 This change does away with the need for this conversion of 51686 objects (non strict code should only box primitives), and 51687 does away with all this conversion for strict functions. 51688 51689 This patch may have web compatibility ramifications, and may 51690 require some advocacy. 51691 51692 * bytecode/CodeBlock.cpp: 51693 (JSC::CodeBlock::dump): 51694 - Removed op_convert_this_strict, added op_resolve_with_this. 51695 * bytecode/Opcode.h: 51696 - Removed op_convert_this_strict, added op_resolve_with_this. 51697 * bytecompiler/BytecodeGenerator.cpp: 51698 (JSC::BytecodeGenerator::BytecodeGenerator): 51699 (JSC::BytecodeGenerator::emitResolveWithThis): 51700 - Removed op_convert_this_strict, added op_resolve_with_this. 51701 * bytecompiler/BytecodeGenerator.h: 51702 - Removed op_convert_this_strict, added op_resolve_with_this. 51703 * bytecompiler/NodesCodegen.cpp: 51704 (JSC::EvalFunctionCallNode::emitBytecode): 51705 (JSC::FunctionCallResolveNode::emitBytecode): 51706 - Removed op_convert_this_strict, added op_resolve_with_this. 51707 * dfg/DFGSpeculativeJIT.cpp: 51708 (JSC::DFG::SpeculativeJIT::compile): 51709 - Change NeedsThisConversion check to test for JSString's vptr 51710 (objects no longer need conversion). 51711 * interpreter/Interpreter.cpp: 51712 (JSC::Interpreter::resolveThisAndProperty): 51713 - Based on resolveBaseAndProperty, but produce correct this value. 51714 (JSC::Interpreter::privateExecute): 51715 - Removed op_convert_this_strict, added op_resolve_with_this. 51716 * interpreter/Interpreter.h: 51717 * jit/JIT.cpp: 51718 (JSC::JIT::privateCompileMainPass): 51719 (JSC::JIT::privateCompileSlowCases): 51720 - Removed op_convert_this_strict, added op_resolve_with_this. 51721 * jit/JIT.h: 51722 * jit/JITOpcodes.cpp: 51723 (JSC::JIT::emit_op_resolve_with_this): 51724 - Removed op_convert_this_strict, added op_resolve_with_this. 51725 (JSC::JIT::emit_op_convert_this): 51726 (JSC::JIT::emitSlow_op_convert_this): 51727 - Change NeedsThisConversion check to test for JSString's vptr 51728 (objects no longer need conversion). 51729 * jit/JITOpcodes32_64.cpp: 51730 (JSC::JIT::emit_op_resolve_with_this): 51731 - Removed op_convert_this_strict, added op_resolve_with_this. 51732 (JSC::JIT::emit_op_convert_this): 51733 (JSC::JIT::emitSlow_op_convert_this): 51734 - Change NeedsThisConversion check to test for JSString's vptr 51735 (objects no longer need conversion). 51736 * jit/JITStubs.cpp: 51737 (JSC::DEFINE_STUB_FUNCTION): 51738 - Removed op_convert_this_strict, added op_resolve_with_this. 51739 * jit/JITStubs.h: 51740 - Removed op_convert_this_strict, added op_resolve_with_this. 51741 * runtime/JSActivation.h: 51742 - removed NeedsThisConversion flag, added IsEnvironmentRecord. 51743 * runtime/JSStaticScopeObject.h: 51744 - removed NeedsThisConversion flag, added IsEnvironmentRecord. 51745 * runtime/JSString.h: 51746 (JSC::RopeBuilder::createStructure): 51747 - removed NeedsThisConversion. 51748 * runtime/JSTypeInfo.h: 51749 (JSC::TypeInfo::isEnvironmentRecord): 51750 (JSC::TypeInfo::overridesHasInstance): 51751 - removed NeedsThisConversion flag, added IsEnvironmentRecord. 51752 * runtime/JSValue.h: 51753 - removed NeedsThisConversion. 51754 * runtime/JSVariableObject.h: 51755 - Corrected StructureFlags inheritance. 51756 * runtime/StrictEvalActivation.h: 51757 (JSC::StrictEvalActivation::createStructure): 51758 - Added IsEnvironmentRecord to StructureFlags, addded createStructure. 51759 * runtime/Structure.h: 51760 - removed NeedsThisConversion. 51761 * tests/mozilla/ecma/String/15.5.4.6-2.js: 51762 (getTestCases): 51763 - Removed invalid test case. 51764 517652011-07-15 Sheriff Bot <webkit.review.bot@gmail.com> 51766 51767 Unreviewed, rolling out r91082, r91087, and r91089. 51768 http://trac.webkit.org/changeset/91082 51769 http://trac.webkit.org/changeset/91087 51770 http://trac.webkit.org/changeset/91089 51771 https://bugs.webkit.org/show_bug.cgi?id=64616 51772 51773 gtk tests are failing a lot after this change. (Requested by 51774 dave_levin on #webkit). 51775 51776 * wtf/ThreadIdentifierDataPthreads.cpp: 51777 (WTF::ThreadIdentifierData::identifier): 51778 (WTF::ThreadIdentifierData::initialize): 51779 (WTF::ThreadIdentifierData::initializeKeyOnceHelper): 51780 (WTF::ThreadIdentifierData::initializeKeyOnce): 51781 * wtf/ThreadIdentifierDataPthreads.h: 51782 * wtf/ThreadingPthreads.cpp: 51783 (WTF::initializeThreading): 51784 517852011-07-15 David Levin <levin@chromium.org> 51786 51787 Another attempted build fix. 51788 51789 * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick 51790 up the definition of PTHREAD_KEYS_MAX. 51791 517922011-07-15 David Levin <levin@chromium.org> 51793 51794 Chromium build fix. 51795 51796 * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick 51797 up the definition of PTHREAD_KEYS_MAX. 51798 517992011-07-14 David Levin <levin@chromium.org> 51800 51801 currentThread is too slow! 51802 https://bugs.webkit.org/show_bug.cgi?id=64577 51803 51804 Reviewed by Darin Adler and Dmitry Titov. 51805 51806 The problem is that currentThread results in a pthread_once call which always takes a lock. 51807 With this change, currentThread is 10% faster than isMainThread in release mode and only 51808 5% slower than isMainThread in debug. 51809 51810 * wtf/ThreadIdentifierDataPthreads.cpp: 51811 (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff 51812 which is no longer needed because this is called from initializeThreading(). 51813 (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because 51814 intialization of the pthread key should already be done. 51815 (WTF::ThreadIdentifierData::initialize): Ditto. 51816 * wtf/ThreadIdentifierDataPthreads.h: 51817 * wtf/ThreadingPthreads.cpp: 51818 (WTF::initializeThreading): Acquire the pthread key here. 51819 518202011-07-14 Filip Pizlo <fpizlo@apple.com> 51821 51822 DFG JIT does not optimize Branch as well as it could. 51823 https://bugs.webkit.org/show_bug.cgi?id=64574 51824 51825 Reviewed by Gavin Barraclough. 51826 51827 This creates a common code path for emitting unfused branches, which does 51828 no speculation, and only performs a slow call if absolutely necessary. 51829 51830 * dfg/DFGJITCodeGenerator.cpp: 51831 (JSC::DFG::JITCodeGenerator::emitBranch): 51832 * dfg/DFGJITCodeGenerator.h: 51833 * dfg/DFGNonSpeculativeJIT.cpp: 51834 (JSC::DFG::NonSpeculativeJIT::compile): 51835 * dfg/DFGSpeculativeJIT.cpp: 51836 (JSC::DFG::SpeculativeJIT::compile): 51837 518382011-07-14 Filip Pizlo <fpizlo@apple.com> 51839 51840 GC allocation fast path has too many operations. 51841 https://bugs.webkit.org/show_bug.cgi?id=64493 51842 51843 Reviewed by Darin Adler. 51844 51845 Changed the timing of the lazy sweep so that it occurs when we land on 51846 a previously-unsweeped block, rather than whenever we land on an unsweeped 51847 cell. After the per-block lazy sweep occurs, the block is turned into a 51848 singly linked list of free cells. The allocation fast path is now just a 51849 load-branch-store to remove a cell from the head of the list. 51850 51851 Additionally, this changes the way new blocks are allocated. Previously, 51852 they would be populated with dummy cells. With this patch, they are 51853 turned into a free list, which means that there will never be destructor 51854 calls for allocations in fresh blocks. 51855 51856 These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on 51857 SunSpider. There are no observed statistically significant slow-downs 51858 on any individual benchmark. 51859 51860 * JavaScriptCore.exp: 51861 * heap/Heap.cpp: 51862 (JSC::Heap::allocateSlowCase): 51863 (JSC::Heap::collect): 51864 (JSC::Heap::canonicalizeBlocks): 51865 (JSC::Heap::resetAllocator): 51866 * heap/Heap.h: 51867 (JSC::Heap::forEachProtectedCell): 51868 (JSC::Heap::forEachCell): 51869 (JSC::Heap::forEachBlock): 51870 (JSC::Heap::allocate): 51871 * heap/MarkedBlock.cpp: 51872 (JSC::MarkedBlock::MarkedBlock): 51873 (JSC::MarkedBlock::lazySweep): 51874 (JSC::MarkedBlock::blessNewBlockForFastPath): 51875 (JSC::MarkedBlock::blessNewBlockForSlowPath): 51876 (JSC::MarkedBlock::canonicalizeBlock): 51877 * heap/MarkedBlock.h: 51878 * heap/NewSpace.cpp: 51879 (JSC::NewSpace::addBlock): 51880 (JSC::NewSpace::canonicalizeBlocks): 51881 * heap/NewSpace.h: 51882 (JSC::NewSpace::allocate): 51883 (JSC::NewSpace::SizeClass::SizeClass): 51884 (JSC::NewSpace::SizeClass::canonicalizeBlock): 51885 * heap/OldSpace.cpp: 51886 (JSC::OldSpace::addBlock): 51887 518882011-07-14 Filip Pizlo <fpizlo@apple.com> 51889 51890 DFG JIT crashes on host constructor calls in debug mode. 51891 https://bugs.webkit.org/show_bug.cgi?id=64562 51892 51893 Reviewed by Gavin Barraclough. 51894 51895 Fixed the relevant ASSERT. 51896 51897 * dfg/DFGOperations.cpp: 51898 518992011-07-14 Filip Pizlo <fpizlo@apple.com> 51900 51901 DFG speculative JIT contains a FIXME for rewinding speculative code generation that 51902 has already been fixed. 51903 https://bugs.webkit.org/show_bug.cgi?id=64022 51904 51905 Reviewed by Gavin Barraclough. 51906 51907 * dfg/DFGSpeculativeJIT.h: 51908 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 51909 519102011-07-14 Ryuan Choi <ryuan.choi@samsung.com> 51911 51912 [EFL] Add OwnPtr specialization for Ecore_Pipe. 51913 https://bugs.webkit.org/show_bug.cgi?id=64515 51914 51915 Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port. 51916 51917 Reviewed by Xan Lopez. 51918 51919 * wtf/OwnPtrCommon.h: 51920 * wtf/efl/OwnPtrEfl.cpp: 51921 (WTF::deleteOwnedPtr): 51922 519232011-07-14 Filip Pizlo <fpizlo@apple.com> 51924 51925 DFG JIT unnecessarily boxes and unboxes values during silent spilling. 51926 https://bugs.webkit.org/show_bug.cgi?id=64068 51927 51928 Reviewed by Gavin Barraclough. 51929 51930 Silent spilling and filling of registers is done during slow-path C 51931 function calls. The silent spill/fill logic does not affect register 51932 allocation on paths that don't involve the C function call. 51933 51934 This changes the silent spilling code to spill in unboxed form. The 51935 silent fill will refill in whatever form the register was spilled in. 51936 For example, the silent spill code may choose not to spill the register 51937 because it was already spilled previously, which would imply that it 51938 was spilled in boxed form. The filling code detects this and either 51939 unboxes, or not, depending on what is appropriate. 51940 51941 This change also results in a simplification of the silent spill/fill 51942 API: silent spilling no longer needs to know about the set of registers 51943 that cannot be trampled, since it never does boxing and hence does not 51944 need a temporary register. 51945 51946 * dfg/DFGJITCodeGenerator.cpp: 51947 (JSC::DFG::JITCodeGenerator::cachedGetById): 51948 (JSC::DFG::JITCodeGenerator::cachedPutById): 51949 * dfg/DFGJITCodeGenerator.h: 51950 (JSC::DFG::JITCodeGenerator::silentSpillGPR): 51951 (JSC::DFG::JITCodeGenerator::silentSpillFPR): 51952 (JSC::DFG::JITCodeGenerator::silentFillFPR): 51953 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): 51954 * dfg/DFGNonSpeculativeJIT.cpp: 51955 (JSC::DFG::NonSpeculativeJIT::valueToNumber): 51956 (JSC::DFG::NonSpeculativeJIT::valueToInt32): 51957 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 51958 (JSC::DFG::NonSpeculativeJIT::basicArithOp): 51959 (JSC::DFG::NonSpeculativeJIT::compare): 51960 (JSC::DFG::NonSpeculativeJIT::compile): 51961 * dfg/DFGSpeculativeJIT.cpp: 51962 (JSC::DFG::SpeculativeJIT::compile): 51963 519642011-07-13 Michael Saboff <msaboff@apple.com> 51965 51966 https://bugs.webkit.org/show_bug.cgi?id=64202 51967 Enh: Improve handling of RegExp in the form of /.*blah.*/ 51968 51969 Reviewed by Gavin Barraclough. 51970 51971 Added code to both the Yarr interpreter and JIT to handle 51972 these expressions a little differently. First off, the terms 51973 in between the leading and trailing .*'s cannot capture and 51974 also this enhancement is limited to single alternative expressions. 51975 If an expression is of the right form with the aforementioned 51976 restrictions, we process the inner terms and then look for the 51977 beginning of the string and end of the string. There is handling 51978 for multiline expressions to allow the beginning and end to be 51979 right after and right before newlines. 51980 51981 This enhancement speeds up expressions of this type 12x on 51982 a MacBookPro. 51983 51984 Cleaned up 'case' statement indentation. 51985 51986 A new set of tests was added as LayoutTests/fast/regex/dotstar.html 51987 51988 * yarr/YarrInterpreter.cpp: 51989 (JSC::Yarr::Interpreter::InputStream::end): 51990 (JSC::Yarr::Interpreter::matchDotStarEnclosure): 51991 (JSC::Yarr::Interpreter::matchDisjunction): 51992 (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure): 51993 (JSC::Yarr::ByteCompiler::emitDisjunction): 51994 * yarr/YarrInterpreter.h: 51995 (JSC::Yarr::ByteTerm::DotStarEnclosure): 51996 * yarr/YarrJIT.cpp: 51997 (JSC::Yarr::YarrGenerator::generateDotStarEnclosure): 51998 (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure): 51999 (JSC::Yarr::YarrGenerator::generateTerm): 52000 (JSC::Yarr::YarrGenerator::backtrackTerm): 52001 * yarr/YarrPattern.cpp: 52002 (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets): 52003 (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms): 52004 (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions): 52005 (JSC::Yarr::YarrPattern::compile): 52006 * yarr/YarrPattern.h: 52007 (JSC::Yarr::PatternTerm::PatternTerm): 52008 520092011-07-13 Xan Lopez <xlopez@igalia.com> 52010 52011 [GTK] Fix distcheck 52012 52013 Reviewed by Martin Robinson. 52014 52015 * GNUmakefile.list.am: add missing files. 52016 520172011-07-13 Filip Pizlo <fpizlo@apple.com> 52018 52019 DFG JIT does not implement prototype chain or list caching for get_by_id. 52020 https://bugs.webkit.org/show_bug.cgi?id=64147 52021 52022 Reviewed by Gavin Barraclough. 52023 52024 This implements unified support for prototype caching, prototype chain 52025 caching, and polymorphic (i.e. list) prototype and prototype chain 52026 caching. This is done by creating common code for emitting prototype 52027 or chain access stubs, and having it factored out into 52028 generateProtoChainAccessStub(). This function is called by 52029 tryCacheGetByID once the latter determines that some form of prototype 52030 access caching is necessary (i.e. the slot being accessed is not on the 52031 base value but on some other object). 52032 52033 Direct prototype list, and prototype chain list, caching is implemented by 52034 linking the slow path to operationGetByIdProtoBuildList(), which uses the 52035 same helper function (generateProtoChainAccessStub()) as tryCacheGetByID. 52036 52037 This change required ensuring that the value in the scratchGPR field in 52038 StructureStubInfo is preserved even after the stub info is in the 52039 chain, or proto_list, states. Hence scratchGPR was moved out of the union 52040 and into the top-level of StructureStubInfo. 52041 52042 * bytecode/StructureStubInfo.h: 52043 * dfg/DFGJITCompiler.cpp: 52044 (JSC::DFG::JITCompiler::compileFunction): 52045 * dfg/DFGOperations.cpp: 52046 * dfg/DFGOperations.h: 52047 * dfg/DFGRepatch.cpp: 52048 (JSC::DFG::emitRestoreScratch): 52049 (JSC::DFG::linkRestoreScratch): 52050 (JSC::DFG::generateProtoChainAccessStub): 52051 (JSC::DFG::tryCacheGetByID): 52052 (JSC::DFG::tryBuildGetByIDProtoList): 52053 (JSC::DFG::dfgBuildGetByIDProtoList): 52054 (JSC::DFG::tryCachePutByID): 52055 * dfg/DFGRepatch.h: 52056 520572011-07-12 Brent Fulgham <bfulgham@webkit.org> 52058 52059 Standardize WinCairo conditionalized code under PLATFORM macro. 52060 https://bugs.webkit.org/show_bug.cgi?id=64377 52061 52062 Reviewed by Maciej Stachowiak. 52063 52064 * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests. 52065 520662011-07-13 David Levin <levin@chromium.org> 52067 52068 Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger. 52069 https://bugs.webkit.org/show_bug.cgi?id=64465 52070 52071 Reviewed by Dmitry Titov. 52072 52073 There isn't a good way to test this as it is very highly unlikely to occur. 52074 52075 * wtf/ThreadIdentifierDataPthreads.cpp: 52076 (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization 52077 isn't thread-safe, change the initialization to be global. 52078 520792011-07-12 Gavin Barraclough <barraclough@apple.com> 52080 52081 https://bugs.webkit.org/show_bug.cgi?id=64424 52082 Our direct eval behaviour deviates slightly from the spec. 52083 52084 Reviewed by Oliver Hunt. 52085 52086 The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where 52087 behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();" 52088 or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables 52089 may be introduced into the caller's environment. 52090 52091 ES5 direct calls are any call where the callee function is provided by a reference, a base 52092 of that Reference is an EnvironmentRecord (this corresponds to all productions 52093 "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name 52094 of the reference is "eval". This means any expression of the form "eval(...)", and that 52095 calls the standard built in eval method from on the Global Object, is considered to be 52096 direct. 52097 52098 In JavaScriptCore we are currently overly restrictive. We also check that the 52099 EnvironmentRecord that is the base of the reference is the Declaractive Environment Record 52100 at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement 52101 that hits a var eval in a nested scope is not considered to be direct. This behaviour does 52102 not emanate from the spec, and is incorrect. 52103 52104 * interpreter/Interpreter.cpp: 52105 (JSC::Interpreter::privateExecute): 52106 - Fixed direct eval check in op_call_eval. 52107 * jit/JITStubs.cpp: 52108 (JSC::DEFINE_STUB_FUNCTION): 52109 - Fixed direct eval check in op_call_eval. 52110 * runtime/Executable.h: 52111 (JSC::isHostFunction): 52112 - Added check for host function with specific NativeFunction. 52113 521142011-07-13 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org> 52115 52116 Reviewed by Andreas Kling. 52117 52118 Broken build on QNX 52119 https://bugs.webkit.org/show_bug.cgi?id=63717 52120 52121 QNX doesn't support pthread's SA_RESTART (required by 52122 JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a 52123 few minor compilation errors here and there. 52124 52125 Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also 52126 tested by him on QNX v6.5 (x86) 52127 52128 * wtf/DateMath.cpp: fix usage of abs/labs 52129 * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS 52130 * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them) 52131 521322011-07-12 Anders Carlsson <andersca@apple.com> 52133 52134 If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition 52135 https://bugs.webkit.org/show_bug.cgi?id=64429 52136 52137 Include the cstddef which has the nullptr_t typedef according to the C++0x standard. 52138 52139 * wtf/NullPtr.h: 52140 521412011-07-13 MORITA Hajime <morrita@google.com> 52142 52143 Refactoring: Ignored ExceptionCode value should be less annoying. 52144 https://bugs.webkit.org/show_bug.cgi?id=63688 52145 52146 Added ASSERT_AT macro. 52147 52148 Reviewed by Darin Adler. 52149 52150 * wtf/Assertions.h: 52151 521522011-07-12 Filip Pizlo <fpizlo@apple.com> 52153 52154 DFG JIT does not implement op_construct. 52155 https://bugs.webkit.org/show_bug.cgi?id=64066 52156 52157 Reviewed by Gavin Barraclough. 52158 52159 This is a fixed implementation of op_construct. Constructor calls are implemented 52160 by reusing almost all of the code for Call, with care taken to make sure that 52161 where the are differences (like selecting different code blocks), those differences 52162 are respected. The two fixes over the last patch are: (1) make sure the 52163 CodeBlock::unlinkCalls respects differences between Call and Construct, and (2) 52164 make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind 52165 (either CodeForCall or CodeForConstruct) when invoking the compiler. 52166 52167 * dfg/DFGAliasTracker.h: 52168 (JSC::DFG::AliasTracker::recordConstruct): 52169 * dfg/DFGByteCodeParser.cpp: 52170 (JSC::DFG::ByteCodeParser::addCall): 52171 (JSC::DFG::ByteCodeParser::parseBlock): 52172 * dfg/DFGJITCodeGenerator.cpp: 52173 (JSC::DFG::JITCodeGenerator::emitCall): 52174 * dfg/DFGNode.h: 52175 * dfg/DFGNonSpeculativeJIT.cpp: 52176 (JSC::DFG::NonSpeculativeJIT::compile): 52177 * dfg/DFGOperations.cpp: 52178 * dfg/DFGOperations.h: 52179 * dfg/DFGRepatch.cpp: 52180 (JSC::DFG::dfgLinkFor): 52181 * dfg/DFGRepatch.h: 52182 * dfg/DFGSpeculativeJIT.cpp: 52183 (JSC::DFG::SpeculativeJIT::compile): 52184 * runtime/CodeBlock.cpp: 52185 (JSC::CodeBlock::unlinkCalls): 52186 521872011-07-12 Oliver Hunt <oliver@apple.com> 52188 52189 Overzealous type validation in method_check 52190 https://bugs.webkit.org/show_bug.cgi?id=64415 52191 52192 Reviewed by Gavin Barraclough. 52193 52194 method_check is essentially just a value look up 52195 optimisation, but it internally stores the value 52196 as a JSFunction, even though it never relies on 52197 this fact. Under GC validation however we end up 52198 trying to enforce that assumption. The fix is 52199 simply to store the value as a correct supertype. 52200 52201 * bytecode/CodeBlock.h: 52202 * dfg/DFGRepatch.cpp: 52203 (JSC::DFG::dfgRepatchGetMethodFast): 52204 (JSC::DFG::tryCacheGetMethod): 52205 * jit/JIT.h: 52206 * jit/JITPropertyAccess.cpp: 52207 (JSC::JIT::patchMethodCallProto): 52208 * jit/JITStubs.cpp: 52209 (JSC::DEFINE_STUB_FUNCTION): 52210 522112011-07-12 Filip Pizlo <fpizlo@apple.com> 52212 52213 COLLECT_ON_EVERY_ALLOCATION no longer works. 52214 https://bugs.webkit.org/show_bug.cgi?id=64388 52215 52216 Reviewed by Oliver Hunt. 52217 52218 Added a flag to Heap that determines if it's safe to collect (which for now means that 52219 JSGlobalObject has actually been initialized, but it should work for other things, too). 52220 This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of 52221 GCing it just grows the heap, if necessary. 52222 52223 Then changed Heap::allocate() to not recurse ad infinitum when 52224 COLLECT_ON_EVERY_ALLOCATION is set. This also makes the allocator generally more 52225 resilient against bugs; this change allowed me to put in handy assertions, such as that 52226 an allocation must succeed after either a collection or after a new block was added. 52227 52228 * heap/Heap.cpp: 52229 (JSC::Heap::Heap): 52230 (JSC::Heap::tryAllocate): 52231 (JSC::Heap::allocate): 52232 (JSC::Heap::collectAllGarbage): 52233 (JSC::Heap::collect): 52234 * heap/Heap.h: 52235 (JSC::Heap::notifyIsSafeToCollect): 52236 * runtime/JSGlobalData.cpp: 52237 (JSC::JSGlobalData::JSGlobalData): 52238 522392011-07-12 Filip Pizlo <fpizlo@apple.com> 52240 52241 DFG JIT put_by_id transition caching does not inform the GC about the structure and 52242 prototype chain that it is referencing. 52243 https://bugs.webkit.org/show_bug.cgi?id=64387 52244 52245 Reviewed by Gavin Barraclough. 52246 52247 Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition(). 52248 52249 * dfg/DFGRepatch.cpp: 52250 (JSC::DFG::tryCachePutByID): 52251 522522011-07-12 Adam Roben <aroben@apple.com> 52253 52254 Ensure no intermediate WTF::Strings are created when concatenating with string literals 52255 52256 Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using 52257 operator+ is suboptimal 52258 52259 Reviewed by Darin Adler. 52260 52261 * wtf/text/StringConcatenate.h: 52262 (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how 52263 many WTF::Strings get copied while evaluating an operator+ expression. 52264 52265 * wtf/text/StringOperators.h: 52266 (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand 52267 side, since operator+ is left-associative. Having the StringAppend on the right-hand side 52268 was causing us to make intermediate WTF::Strings when evaluating expressions that contained 52269 multiple calls to operator+. Added some more overloads for that take a left-hand side of 52270 const char* to resolve overload ambiguity for certain expressions. Added overloads that take 52271 a left-hand side of const UChar* (matching the const char* overloads) so that wide string 52272 literals don't first have to be converted to a WTF::String in operator+ expressions. 52273 522742011-07-12 Adam Roben <aroben@apple.com> 52275 52276 Unreviewed, rolling out r90811. 52277 http://trac.webkit.org/changeset/90811 52278 https://bugs.webkit.org/show_bug.cgi?id=61025 52279 52280 Several svg tests failing assertions beneath 52281 SVGSMILElement::findInstanceTime 52282 52283 * wtf/StdLibExtras.h: 52284 (WTF::binarySearch): 52285 522862011-07-12 Oliver Varga <Varga.Oliver@stud.u-szeged.hu> 52287 52288 Reviewed by Nikolas Zimmermann. 52289 52290 Speed up SVGSMILElement::findInstanceTime. 52291 https://bugs.webkit.org/show_bug.cgi?id=61025 52292 52293 Add a new parameter to StdlibExtras.h::binarySerarch function 52294 to also handle cases when the array does not contain the key value. 52295 This is needed for an svg function. 52296 52297 * wtf/StdLibExtras.h: 52298 (WTF::binarySearch): 52299 523002011-07-11 Filip Pizlo <fpizlo@apple.com> 52301 52302 DFG speculative JIT does not guard itself against floating point speculation 52303 failures on non-floating-point constants. 52304 https://bugs.webkit.org/show_bug.cgi?id=64330 52305 52306 Reviewed by Gavin Barraclough. 52307 52308 Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as 52309 soon as it notices that it's speculating on something that is a non-numeric 52310 JSConstant. 52311 52312 * dfg/DFGSpeculativeJIT.cpp: 52313 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 52314 523152011-07-11 Filip Pizlo <fpizlo@apple.com> 52316 52317 DFG Speculative JIT does not always insert speculation checks when speculating 52318 arrays. 52319 https://bugs.webkit.org/show_bug.cgi?id=64254 52320 52321 Reviewed by Gavin Barraclough. 52322 52323 Changed the SetLocal instruction to always validate that the value being stored 52324 into the local variable is an array, if that variable was marked PredictArray. 52325 This is necessary since uses of arrays assume that if a PredictArray value is 52326 in a local variable then the speculation check validating that the value is an 52327 array was already performed. 52328 52329 * dfg/DFGSpeculativeJIT.cpp: 52330 (JSC::DFG::SpeculativeJIT::compile): 52331 523322011-07-11 Gabor Loki <loki@webkit.org> 52333 52334 Fix the condition of the optimized code in doubleTransfer 52335 https://bugs.webkit.org/show_bug.cgi?id=64261 52336 52337 Reviewed by Zoltan Herczeg. 52338 52339 The condition of the optimized code in doubleTransfer is wrong. The 52340 data transfer should be executed with four bytes aligned address. 52341 VFP cannot perform unaligned memory access. 52342 52343 Reported by Jacob Bramley. 52344 52345 * assembler/ARMAssembler.cpp: 52346 (JSC::ARMAssembler::doubleTransfer): 52347 523482011-07-11 Gabor Loki <loki@webkit.org> 52349 52350 Signed arithmetic bug in dataTransfer32. 52351 https://bugs.webkit.org/show_bug.cgi?id=64257 52352 52353 Reviewed by Zoltan Herczeg. 52354 52355 An arithmetic bug is fixed. If the offset of dataTransfer is half of the 52356 addressable memory space on a 32-bit machine (-2147483648 = 0x80000000) 52357 a load instruction is emitted with a wrong zero offset. 52358 52359 Inspired by Jacob Bramley's patch from JaegerMonkey. 52360 52361 * assembler/ARMAssembler.cpp: 52362 (JSC::ARMAssembler::dataTransfer32): 52363 523642011-07-09 Thouraya Andolsi <thouraya.andolsi@st.com> 52365 52366 Fix unaligned userspace access for SH4 platforms. 52367 https://bugs.webkit.org/show_bug.cgi?id=62993 52368 52369 * wtf/Platform.h: 52370 523712011-07-09 Chao-ying Fu <fu@mips.com> 52372 52373 Fix MIPS build due to readInt32 and readPointer 52374 https://bugs.webkit.org/show_bug.cgi?id=63962 52375 52376 * assembler/MIPSAssembler.h: 52377 (JSC::MIPSAssembler::readInt32): 52378 (JSC::MIPSAssembler::readPointer): 52379 * assembler/MacroAssemblerMIPS.h: 52380 (JSC::MacroAssemblerMIPS::rshift32): 52381 523822011-07-08 Gavin Barraclough <barraclough@apple.com> 52383 52384 https://bugs.webkit.org/show_bug.cgi?id=64181 52385 REGRESSION (r90602): Gmail doesn't load 52386 52387 Rolling out r90601, r90602. 52388 52389 * dfg/DFGAliasTracker.h: 52390 * dfg/DFGByteCodeParser.cpp: 52391 (JSC::DFG::ByteCodeParser::addVarArgChild): 52392 (JSC::DFG::ByteCodeParser::parseBlock): 52393 * dfg/DFGJITCodeGenerator.cpp: 52394 (JSC::DFG::JITCodeGenerator::emitCall): 52395 * dfg/DFGNode.h: 52396 * dfg/DFGNonSpeculativeJIT.cpp: 52397 (JSC::DFG::NonSpeculativeJIT::compile): 52398 * dfg/DFGOperations.cpp: 52399 * dfg/DFGOperations.h: 52400 * dfg/DFGRepatch.cpp: 52401 (JSC::DFG::tryCacheGetByID): 52402 (JSC::DFG::dfgLinkCall): 52403 * dfg/DFGRepatch.h: 52404 * dfg/DFGSpeculativeJIT.cpp: 52405 (JSC::DFG::SpeculativeJIT::compile): 52406 * runtime/JSObject.h: 52407 (JSC::JSObject::isUsingInlineStorage): 52408 524092011-07-08 Kalev Lember <kalev@smartlink.ee> 52410 52411 Reviewed by Adam Roben. 52412 52413 Add missing _WIN32_WINNT and WINVER definitions 52414 https://bugs.webkit.org/show_bug.cgi?id=59702 52415 52416 Moved _WIN32_WINNT and WINVER definitions to config.h so that they are 52417 available for all source files. 52418 52419 In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and 52420 DeleteTimerQueueTimer which are both guarded by 52421 #if (_WIN32_WINNT >= 0x0500) 52422 in MinGW headers. 52423 52424 * config.h: 52425 * wtf/Assertions.cpp: 52426 524272011-07-08 Chang Shu <cshu@webkit.org> 52428 52429 Rename "makeSecure" to "fill" and remove the support for displaying last character 52430 to avoid layering violatation. 52431 https://bugs.webkit.org/show_bug.cgi?id=59114 52432 52433 Reviewed by Alexey Proskuryakov. 52434 52435 * JavaScriptCore.exp: 52436 * JavaScriptCore.order: 52437 * wtf/text/StringImpl.cpp: 52438 (WTF::StringImpl::fill): 52439 * wtf/text/StringImpl.h: 52440 * wtf/text/WTFString.h: 52441 (WTF::String::fill): 52442 524432011-07-08 Benjamin Poulain <benjamin@webkit.org> 52444 52445 [WK2] Do not forward touch events to the web process when it does not need them 52446 https://bugs.webkit.org/show_bug.cgi?id=64164 52447 52448 Reviewed by Kenneth Rohde Christiansen. 52449 52450 Add a convenience function to obtain a reference to the last element of a Deque. 52451 52452 * wtf/Deque.h: 52453 (WTF::Deque::last): 52454 524552011-07-07 Filip Pizlo <fpizlo@apple.com> 52456 52457 DFG JIT does not implement op_construct. 52458 https://bugs.webkit.org/show_bug.cgi?id=64066 52459 52460 Reviewed by Gavin Barraclough. 52461 52462 * dfg/DFGAliasTracker.h: 52463 (JSC::DFG::AliasTracker::recordConstruct): 52464 * dfg/DFGByteCodeParser.cpp: 52465 (JSC::DFG::ByteCodeParser::addCall): 52466 (JSC::DFG::ByteCodeParser::parseBlock): 52467 * dfg/DFGJITCodeGenerator.cpp: 52468 (JSC::DFG::JITCodeGenerator::emitCall): 52469 * dfg/DFGNode.h: 52470 * dfg/DFGNonSpeculativeJIT.cpp: 52471 (JSC::DFG::NonSpeculativeJIT::compile): 52472 * dfg/DFGOperations.cpp: 52473 * dfg/DFGOperations.h: 52474 * dfg/DFGRepatch.cpp: 52475 (JSC::DFG::dfgLinkFor): 52476 * dfg/DFGRepatch.h: 52477 * dfg/DFGSpeculativeJIT.cpp: 52478 (JSC::DFG::SpeculativeJIT::compile): 52479 524802011-07-07 Filip Pizlo <fpizlo@apple.com> 52481 52482 DFG JIT does not implement get_by_id prototype caching. 52483 https://bugs.webkit.org/show_bug.cgi?id=64077 52484 52485 Reviewed by Gavin Barraclough. 52486 52487 * dfg/DFGRepatch.cpp: 52488 (JSC::DFG::emitRestoreScratch): 52489 (JSC::DFG::linkRestoreScratch): 52490 (JSC::DFG::tryCacheGetByID): 52491 * runtime/JSObject.h: 52492 (JSC::JSObject::addressOfPropertyAtOffset): 52493 524942011-07-07 Filip Pizlo <fpizlo@apple.com> 52495 52496 DFG JIT method_check implementation does not link to optimized get_by_id 52497 slow path. 52498 https://bugs.webkit.org/show_bug.cgi?id=64073 52499 52500 Reviewed by Gavin Barraclough. 52501 52502 * dfg/DFGRepatch.cpp: 52503 (JSC::DFG::dfgRepatchGetMethodFast): 52504 525052011-07-07 Oliver Hunt <oliver@apple.com> 52506 52507 Encode jump and link sizes into the appropriate enums 52508 https://bugs.webkit.org/show_bug.cgi?id=64123 52509 52510 Reviewed by Sam Weinig. 52511 52512 Finally kill off the out of line jump and link size arrays, 52513 so we can avoid icky loads and constant fold the linking arithmetic. 52514 52515 * assembler/ARMv7Assembler.cpp: 52516 * assembler/ARMv7Assembler.h: 52517 (JSC::ARMv7Assembler::jumpSizeDelta): 52518 (JSC::ARMv7Assembler::computeJumpType): 52519 525202011-07-06 Juan C. Montemayor <jmont@apple.com> 52521 52522 ASSERT_NOT_REACHED running test 262 52523 https://bugs.webkit.org/show_bug.cgi?id=63951 52524 52525 Added a case to the switch statement where the code was failing. Fixed 52526 some logic as well that gave faulty error messages. 52527 52528 Reviewed by Gavin Barraclough. 52529 52530 * parser/JSParser.cpp: 52531 (JSC::JSParser::getTokenName): 52532 (JSC::JSParser::updateErrorMessageSpecialCase): 52533 (JSC::JSParser::updateErrorMessage): 52534 525352011-07-06 Filip Pizlo <fpizlo@apple.com> 52536 52537 DFG JIT implementation of op_call results in regressions on sunspider 52538 controlflow-recursive. 52539 https://bugs.webkit.org/show_bug.cgi?id=64039 52540 52541 Reviewed by Gavin Barraclough. 52542 52543 * dfg/DFGByteCodeParser.cpp: 52544 (JSC::DFG::ByteCodeParser::isSmallInt32Constant): 52545 (JSC::DFG::ByteCodeParser::parseBlock): 52546 * dfg/DFGSpeculativeJIT.h: 52547 (JSC::DFG::SpeculativeJIT::isInteger): 52548 525492011-07-06 Filip Pizlo <fpizlo@apple.com> 52550 52551 DFG JIT does not support method_check 52552 https://bugs.webkit.org/show_bug.cgi?id=63972 52553 52554 Reviewed by Gavin Barraclough. 52555 52556 * assembler/CodeLocation.h: 52557 (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall): 52558 * bytecode/CodeBlock.cpp: 52559 (JSC::CodeBlock::visitAggregate): 52560 * bytecode/CodeBlock.h: 52561 (JSC::MethodCallLinkInfo::MethodCallLinkInfo): 52562 (JSC::MethodCallLinkInfo::seenOnce): 52563 (JSC::MethodCallLinkInfo::setSeen): 52564 * dfg/DFGAliasTracker.h: 52565 (JSC::DFG::AliasTracker::recordGetMethod): 52566 * dfg/DFGByteCodeParser.cpp: 52567 (JSC::DFG::ByteCodeParser::parseBlock): 52568 * dfg/DFGJITCodeGenerator.cpp: 52569 (JSC::DFG::JITCodeGenerator::cachedGetById): 52570 (JSC::DFG::JITCodeGenerator::cachedGetMethod): 52571 * dfg/DFGJITCodeGenerator.h: 52572 * dfg/DFGJITCompiler.cpp: 52573 (JSC::DFG::JITCompiler::compileFunction): 52574 * dfg/DFGJITCompiler.h: 52575 (JSC::DFG::JITCompiler::addMethodGet): 52576 (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord): 52577 * dfg/DFGNode.h: 52578 (JSC::DFG::Node::hasIdentifier): 52579 * dfg/DFGNonSpeculativeJIT.cpp: 52580 (JSC::DFG::NonSpeculativeJIT::compile): 52581 * dfg/DFGOperations.cpp: 52582 * dfg/DFGOperations.h: 52583 * dfg/DFGRepatch.cpp: 52584 (JSC::DFG::dfgRepatchGetMethodFast): 52585 (JSC::DFG::tryCacheGetMethod): 52586 (JSC::DFG::dfgRepatchGetMethod): 52587 * dfg/DFGRepatch.h: 52588 * dfg/DFGSpeculativeJIT.cpp: 52589 (JSC::DFG::SpeculativeJIT::compile): 52590 * jit/JITWriteBarrier.h: 52591 (JSC::JITWriteBarrier::set): 52592 525932011-07-06 Filip Pizlo <fpizlo@apple.com> 52594 52595 DFG JIT op_call implementation will flush registers even when those registers are dead 52596 https://bugs.webkit.org/show_bug.cgi?id=64023 52597 52598 Reviewed by Gavin Barraclough. 52599 52600 * dfg/DFGJITCodeGenerator.cpp: 52601 (JSC::DFG::JITCodeGenerator::emitCall): 52602 * dfg/DFGJITCodeGenerator.h: 52603 (JSC::DFG::JITCodeGenerator::integerResult): 52604 (JSC::DFG::JITCodeGenerator::noResult): 52605 (JSC::DFG::JITCodeGenerator::cellResult): 52606 (JSC::DFG::JITCodeGenerator::jsValueResult): 52607 (JSC::DFG::JITCodeGenerator::doubleResult): 52608 * dfg/DFGNonSpeculativeJIT.cpp: 52609 (JSC::DFG::NonSpeculativeJIT::compile): 52610 * dfg/DFGSpeculativeJIT.cpp: 52611 (JSC::DFG::SpeculativeJIT::compile): 52612 526132011-07-06 Filip Pizlo <fpizlo@apple.com> 52614 52615 DFG speculative JIT may crash when speculating int on a non-int JSConstant. 52616 https://bugs.webkit.org/show_bug.cgi?id=64017 52617 52618 Reviewed by Gavin Barraclough. 52619 52620 * dfg/DFGSpeculativeJIT.cpp: 52621 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 52622 (JSC::DFG::SpeculativeJIT::compile): 52623 526242011-07-06 Dmitriy Vyukov <dvyukov@google.com> 52625 52626 Reviewed by David Levin. 52627 52628 Allow substitution of dynamic annotations and prevent identical code folding by the linker. 52629 https://bugs.webkit.org/show_bug.cgi?id=62443 52630 52631 * wtf/DynamicAnnotations.cpp: 52632 (WTFAnnotateBenignRaceSized): 52633 (WTFAnnotateHappensBefore): 52634 (WTFAnnotateHappensAfter): 52635 526362011-07-06 Zoltan Herczeg <zherczeg@inf.u-szeged.hu> 52637 52638 Calls on 32 bit machines are failed after r90423 52639 https://bugs.webkit.org/show_bug.cgi?id=63980 52640 52641 Reviewed by Gavin Barraclough. 52642 52643 Copy the necessary lines from JITCall.cpp. 52644 52645 * jit/JITCall32_64.cpp: 52646 (JSC::JIT::compileOpCall): 52647 526482011-07-05 Filip Pizlo <fpizlo@apple.com> 52649 52650 DFG JIT virtual call implementation is inefficient. 52651 https://bugs.webkit.org/show_bug.cgi?id=63974 52652 52653 Reviewed by Gavin Barraclough. 52654 52655 * dfg/DFGOperations.cpp: 52656 * runtime/Executable.h: 52657 (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck): 52658 (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck): 52659 (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor): 52660 (JSC::ExecutableBase::hasJITCodeForCall): 52661 (JSC::ExecutableBase::hasJITCodeForConstruct): 52662 (JSC::ExecutableBase::hasJITCodeFor): 52663 * runtime/JSFunction.h: 52664 (JSC::JSFunction::scopeUnchecked): 52665 526662011-07-05 Oliver Hunt <oliver@apple.com> 52667 52668 Force inlining of simple functions that show up as not being inlined 52669 https://bugs.webkit.org/show_bug.cgi?id=63964 52670 52671 Reviewed by Gavin Barraclough. 52672 52673 Looking at profile data indicates the gcc is failing to inline a 52674 number of trivial functions. This patch hits the ones that show 52675 up in profiles with the ALWAYS_INLINE hammer. 52676 52677 We also replace the memcpy() call in linking with a manual loop. 52678 Apparently memcpy() is almost never faster than an inlined loop. 52679 52680 * assembler/ARMv7Assembler.h: 52681 (JSC::ARMv7Assembler::add): 52682 (JSC::ARMv7Assembler::add_S): 52683 (JSC::ARMv7Assembler::ARM_and): 52684 (JSC::ARMv7Assembler::asr): 52685 (JSC::ARMv7Assembler::b): 52686 (JSC::ARMv7Assembler::blx): 52687 (JSC::ARMv7Assembler::bx): 52688 (JSC::ARMv7Assembler::clz): 52689 (JSC::ARMv7Assembler::cmn): 52690 (JSC::ARMv7Assembler::cmp): 52691 (JSC::ARMv7Assembler::eor): 52692 (JSC::ARMv7Assembler::it): 52693 (JSC::ARMv7Assembler::ldr): 52694 (JSC::ARMv7Assembler::ldrCompact): 52695 (JSC::ARMv7Assembler::ldrh): 52696 (JSC::ARMv7Assembler::ldrb): 52697 (JSC::ARMv7Assembler::lsl): 52698 (JSC::ARMv7Assembler::lsr): 52699 (JSC::ARMv7Assembler::movT3): 52700 (JSC::ARMv7Assembler::mov): 52701 (JSC::ARMv7Assembler::movt): 52702 (JSC::ARMv7Assembler::mvn): 52703 (JSC::ARMv7Assembler::neg): 52704 (JSC::ARMv7Assembler::orr): 52705 (JSC::ARMv7Assembler::orr_S): 52706 (JSC::ARMv7Assembler::ror): 52707 (JSC::ARMv7Assembler::smull): 52708 (JSC::ARMv7Assembler::str): 52709 (JSC::ARMv7Assembler::sub): 52710 (JSC::ARMv7Assembler::sub_S): 52711 (JSC::ARMv7Assembler::tst): 52712 (JSC::ARMv7Assembler::linkRecordSourceComparator): 52713 (JSC::ARMv7Assembler::link): 52714 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8): 52715 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3): 52716 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3): 52717 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8): 52718 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143): 52719 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7): 52720 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3): 52721 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours): 52722 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours): 52723 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16): 52724 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm): 52725 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12): 52726 (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp): 52727 (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp): 52728 * assembler/LinkBuffer.h: 52729 (JSC::LinkBuffer::linkCode): 52730 * assembler/MacroAssemblerARMv7.h: 52731 (JSC::MacroAssemblerARMv7::nearCall): 52732 (JSC::MacroAssemblerARMv7::call): 52733 (JSC::MacroAssemblerARMv7::ret): 52734 (JSC::MacroAssemblerARMv7::moveWithPatch): 52735 (JSC::MacroAssemblerARMv7::branchPtrWithPatch): 52736 (JSC::MacroAssemblerARMv7::storePtrWithPatch): 52737 (JSC::MacroAssemblerARMv7::tailRecursiveCall): 52738 (JSC::MacroAssemblerARMv7::makeTailRecursiveCall): 52739 (JSC::MacroAssemblerARMv7::jump): 52740 (JSC::MacroAssemblerARMv7::makeBranch): 52741 527422011-07-05 Zoltan Herczeg <zherczeg@inf.u-szeged.hu> 52743 52744 Make "Add optimised paths for a few maths functions" work on Qt 52745 https://bugs.webkit.org/show_bug.cgi?id=63893 52746 52747 Reviewed by Oliver Hunt. 52748 52749 Move the generated code to the .text section instead of .data section. 52750 Fix alignment for the 32 bit thunk code. 52751 52752 * jit/ThunkGenerators.cpp: 52753 527542011-07-05 Filip Pizlo <fpizlo@apple.com> 52755 52756 DFG JIT does not implement op_call. 52757 https://bugs.webkit.org/show_bug.cgi?id=63858 52758 52759 Reviewed by Gavin Barraclough. 52760 52761 * bytecode/CodeBlock.cpp: 52762 (JSC::CodeBlock::unlinkCalls): 52763 * bytecode/CodeBlock.h: 52764 (JSC::CodeBlock::setNumberOfCallLinkInfos): 52765 (JSC::CodeBlock::numberOfCallLinkInfos): 52766 * bytecompiler/BytecodeGenerator.cpp: 52767 (JSC::BytecodeGenerator::emitCall): 52768 (JSC::BytecodeGenerator::emitConstruct): 52769 * dfg/DFGAliasTracker.h: 52770 (JSC::DFG::AliasTracker::lookupGetByVal): 52771 (JSC::DFG::AliasTracker::recordCall): 52772 (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion): 52773 * dfg/DFGByteCodeParser.cpp: 52774 (JSC::DFG::ByteCodeParser::ByteCodeParser): 52775 (JSC::DFG::ByteCodeParser::getLocal): 52776 (JSC::DFG::ByteCodeParser::getArgument): 52777 (JSC::DFG::ByteCodeParser::toInt32): 52778 (JSC::DFG::ByteCodeParser::addToGraph): 52779 (JSC::DFG::ByteCodeParser::addVarArgChild): 52780 (JSC::DFG::ByteCodeParser::predictInt32): 52781 (JSC::DFG::ByteCodeParser::parseBlock): 52782 (JSC::DFG::ByteCodeParser::processPhiStack): 52783 (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): 52784 * dfg/DFGGraph.cpp: 52785 (JSC::DFG::Graph::opName): 52786 (JSC::DFG::Graph::dump): 52787 (JSC::DFG::Graph::refChildren): 52788 * dfg/DFGGraph.h: 52789 * dfg/DFGJITCodeGenerator.cpp: 52790 (JSC::DFG::JITCodeGenerator::useChildren): 52791 (JSC::DFG::JITCodeGenerator::emitCall): 52792 * dfg/DFGJITCodeGenerator.h: 52793 (JSC::DFG::JITCodeGenerator::addressOfCallData): 52794 * dfg/DFGJITCompiler.cpp: 52795 (JSC::DFG::JITCompiler::compileFunction): 52796 * dfg/DFGJITCompiler.h: 52797 (JSC::DFG::CallRecord::CallRecord): 52798 (JSC::DFG::JITCompiler::notifyCall): 52799 (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck): 52800 (JSC::DFG::JITCompiler::addJSCall): 52801 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): 52802 (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): 52803 * dfg/DFGNode.h: 52804 (JSC::DFG::Node::Node): 52805 (JSC::DFG::Node::child1): 52806 (JSC::DFG::Node::child2): 52807 (JSC::DFG::Node::child3): 52808 (JSC::DFG::Node::firstChild): 52809 (JSC::DFG::Node::numChildren): 52810 * dfg/DFGNonSpeculativeJIT.cpp: 52811 (JSC::DFG::NonSpeculativeJIT::basicArithOp): 52812 (JSC::DFG::NonSpeculativeJIT::compare): 52813 (JSC::DFG::NonSpeculativeJIT::compile): 52814 * dfg/DFGOperations.cpp: 52815 * dfg/DFGOperations.h: 52816 * dfg/DFGRepatch.cpp: 52817 (JSC::DFG::dfgLinkCall): 52818 * dfg/DFGRepatch.h: 52819 * dfg/DFGSpeculativeJIT.cpp: 52820 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 52821 (JSC::DFG::SpeculativeJIT::compilePeepHoleCall): 52822 (JSC::DFG::SpeculativeJIT::compile): 52823 * dfg/DFGSpeculativeJIT.h: 52824 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): 52825 * interpreter/CallFrame.h: 52826 (JSC::ExecState::calleeAsValue): 52827 * jit/JIT.cpp: 52828 (JSC::JIT::JIT): 52829 (JSC::JIT::privateCompileMainPass): 52830 (JSC::JIT::privateCompileSlowCases): 52831 (JSC::JIT::privateCompile): 52832 (JSC::JIT::linkCall): 52833 (JSC::JIT::linkConstruct): 52834 * jit/JITCall.cpp: 52835 (JSC::JIT::compileOpCall): 52836 * jit/JITCode.h: 52837 (JSC::JITCode::JITCode): 52838 (JSC::JITCode::jitType): 52839 (JSC::JITCode::HostFunction): 52840 * runtime/JSFunction.h: 52841 * runtime/JSGlobalData.h: 52842 528432011-07-05 Oliver Hunt <oliver@apple.com> 52844 52845 Initialize new MarkStack member 52846 52847 * heap/MarkStack.h: 52848 (JSC::MarkStack::MarkStack): 52849 528502011-07-05 Oliver Hunt <oliver@apple.com> 52851 52852 Don't throw out compiled code repeatedly 52853 https://bugs.webkit.org/show_bug.cgi?id=63960 52854 52855 Reviewed by Gavin Barraclough. 52856 52857 Stop throwing away all compiled code every time 52858 we're told to do a full GC. Instead unlink all 52859 callsites during such GC passes to maximise the 52860 number of collectable functions, but otherwise 52861 leave compiled functions alone. 52862 52863 * API/JSBase.cpp: 52864 (JSGarbageCollect): 52865 * bytecode/CodeBlock.cpp: 52866 (JSC::CodeBlock::visitAggregate): 52867 * heap/Heap.cpp: 52868 (JSC::Heap::collectAllGarbage): 52869 * heap/MarkStack.h: 52870 (JSC::MarkStack::shouldUnlinkCalls): 52871 (JSC::MarkStack::setShouldUnlinkCalls): 52872 * runtime/JSGlobalData.cpp: 52873 (JSC::JSGlobalData::recompileAllJSFunctions): 52874 (JSC::JSGlobalData::releaseExecutableMemory): 52875 * runtime/RegExp.cpp: 52876 (JSC::RegExp::compile): 52877 (JSC::RegExp::invalidateCode): 52878 * runtime/RegExp.h: 52879 528802011-07-05 Filip Pizlo <fpizlo@apple.com> 52881 52882 JSC JIT has code duplication for the handling of call and construct 52883 https://bugs.webkit.org/show_bug.cgi?id=63957 52884 52885 Reviewed by Gavin Barraclough. 52886 52887 * jit/JIT.cpp: 52888 (JSC::JIT::linkFor): 52889 * jit/JIT.h: 52890 * jit/JITStubs.cpp: 52891 (JSC::jitCompileFor): 52892 (JSC::DEFINE_STUB_FUNCTION): 52893 (JSC::arityCheckFor): 52894 (JSC::lazyLinkFor): 52895 * runtime/Executable.h: 52896 (JSC::ExecutableBase::generatedJITCodeFor): 52897 (JSC::FunctionExecutable::compileFor): 52898 (JSC::FunctionExecutable::isGeneratedFor): 52899 (JSC::FunctionExecutable::generatedBytecodeFor): 52900 (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor): 52901 529022011-07-05 Gavin Barraclough <barraclough@apple.com> 52903 52904 Build fix following last patch. 52905 52906 * runtime/JSFunction.cpp: 52907 (JSC::createPrototypeProperty): 52908 529092011-07-05 Gavin Barraclough <barraclough@apple.com> 52910 52911 https://bugs.webkit.org/show_bug.cgi?id=63947 52912 ASSERT running Object.preventExtensions(Math.sin) 52913 52914 Reviewed by Oliver Hunt. 52915 52916 This is due to calling scope() on a hostFunction as a part of 52917 calling createPrototypeProperty to reify the prototype property. 52918 But host functions don't have a prototype property anyway! 52919 52920 Prevent callling createPrototypeProperty on a host function. 52921 52922 * runtime/JSFunction.cpp: 52923 (JSC::JSFunction::createPrototypeProperty): 52924 (JSC::JSFunction::preventExtensions): 52925 529262011-07-04 Gavin Barraclough <barraclough@apple.com> 52927 52928 https://bugs.webkit.org/show_bug.cgi?id=63880 52929 Evaluation order of conversions of operands to >, >= incorrect. 52930 52931 Reviewed by Sam Weinig. 52932 52933 Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5 52934 spec. This allows these methods to be reused to perform >, >= relational compares 52935 with correct ordering of type conversions. 52936 52937 * dfg/DFGOperations.cpp: 52938 * interpreter/Interpreter.cpp: 52939 (JSC::Interpreter::privateExecute): 52940 * jit/JITStubs.cpp: 52941 (JSC::DEFINE_STUB_FUNCTION): 52942 * runtime/Operations.h: 52943 (JSC::jsLess): 52944 (JSC::jsLessEq): 52945 529462011-07-04 Gavin Barraclough <barraclough@apple.com> 52947 52948 Reviewed by Sam Weinig. 52949 52950 https://bugs.webkit.org/show_bug.cgi?id=16652 52951 Firefox and JavaScriptCore differ in Number.toString(integer) 52952 52953 Our arbitrary radix (2..36) toString conversion is inaccurate. 52954 This is partly because it uses doubles to perform math that requires 52955 higher accuracy, and partly becasue it does not attempt to correctly 52956 detect where to terminate, instead relying on a simple 'epsilon'. 52957 52958 * runtime/NumberPrototype.cpp: 52959 (JSC::decomposeDouble): 52960 - helper function to extract sign, exponent, mantissa from IEEE doubles. 52961 (JSC::Uint16WithFraction::Uint16WithFraction): 52962 - helper class, u16int with infinite precision fraction, used to convert 52963 the fractional part of the number to a string. 52964 (JSC::Uint16WithFraction::operator*=): 52965 - Multiply by a uint16. 52966 (JSC::Uint16WithFraction::operator<): 52967 - Compare two Uint16WithFractions. 52968 (JSC::Uint16WithFraction::floorAndSubtract): 52969 - Extract the integer portion of the number, and subtract it (clears the integer portion). 52970 (JSC::Uint16WithFraction::comparePoint5): 52971 - Compare to 0.5. 52972 (JSC::Uint16WithFraction::sumGreaterThanOne): 52973 - Passed a second Uint16WithFraction, returns true if the result of adding 52974 the two values would be greater than one. 52975 (JSC::Uint16WithFraction::isNormalized): 52976 - Used by ASSERTs to consistency check internal representation. 52977 (JSC::BigInteger::BigInteger): 52978 - helper class, unbounded integer value, used to convert the integer part 52979 of the number to a string. 52980 (JSC::BigInteger::divide): 52981 - Divide this value through by a uint32. 52982 (JSC::BigInteger::operator!): 52983 - test for zero. 52984 (JSC::toStringWithRadix): 52985 - Performs number to string conversion, with the given radix (2..36). 52986 (JSC::numberProtoFuncToString): 52987 - Changed to use toStringWithRadix. 52988 529892011-07-04 Gavin Barraclough <barraclough@apple.com> 52990 52991 https://bugs.webkit.org/show_bug.cgi?id=63881 52992 Need separate bytecodes for handling >, >= comparisons. 52993 52994 Reviewed by Oliver Hunt. 52995 52996 This clears the way to fix Bug#63880. We currently handle greater-than comparisons 52997 as being using the corresponding op_less, etc opcodes. This is incorrect with 52998 respect to evaluation ordering of the implicit conversions performed on operands - 52999 we should be calling ToPrimitive on the LHS and RHS operands to the greater than, 53000 but instead convert RHS then LHS. 53001 53002 This patch adds opcodes for greater-than comparisons mirroring existing ones used 53003 for less-than. 53004 53005 * bytecode/CodeBlock.cpp: 53006 (JSC::CodeBlock::dump): 53007 * bytecode/Opcode.h: 53008 * bytecompiler/BytecodeGenerator.cpp: 53009 (JSC::BytecodeGenerator::emitJumpIfTrue): 53010 (JSC::BytecodeGenerator::emitJumpIfFalse): 53011 * bytecompiler/NodesCodegen.cpp: 53012 * dfg/DFGByteCodeParser.cpp: 53013 (JSC::DFG::ByteCodeParser::parseBlock): 53014 * dfg/DFGNode.h: 53015 * dfg/DFGNonSpeculativeJIT.cpp: 53016 (JSC::DFG::NonSpeculativeJIT::compare): 53017 (JSC::DFG::NonSpeculativeJIT::compile): 53018 * dfg/DFGNonSpeculativeJIT.h: 53019 * dfg/DFGOperations.cpp: 53020 * dfg/DFGOperations.h: 53021 * dfg/DFGSpeculativeJIT.cpp: 53022 (JSC::DFG::SpeculativeJIT::compare): 53023 (JSC::DFG::SpeculativeJIT::compile): 53024 * dfg/DFGSpeculativeJIT.h: 53025 * interpreter/Interpreter.cpp: 53026 (JSC::Interpreter::privateExecute): 53027 * jit/JIT.cpp: 53028 (JSC::JIT::privateCompileMainPass): 53029 (JSC::JIT::privateCompileSlowCases): 53030 * jit/JIT.h: 53031 (JSC::JIT::emit_op_loop_if_greater): 53032 (JSC::JIT::emitSlow_op_loop_if_greater): 53033 (JSC::JIT::emit_op_loop_if_greatereq): 53034 (JSC::JIT::emitSlow_op_loop_if_greatereq): 53035 * jit/JITArithmetic.cpp: 53036 (JSC::JIT::emit_op_jgreater): 53037 (JSC::JIT::emit_op_jgreatereq): 53038 (JSC::JIT::emit_op_jngreater): 53039 (JSC::JIT::emit_op_jngreatereq): 53040 (JSC::JIT::emitSlow_op_jgreater): 53041 (JSC::JIT::emitSlow_op_jgreatereq): 53042 (JSC::JIT::emitSlow_op_jngreater): 53043 (JSC::JIT::emitSlow_op_jngreatereq): 53044 (JSC::JIT::emit_compareAndJumpSlow): 53045 * jit/JITArithmetic32_64.cpp: 53046 (JSC::JIT::emitBinaryDoubleOp): 53047 * jit/JITStubs.cpp: 53048 (JSC::DEFINE_STUB_FUNCTION): 53049 * jit/JITStubs.h: 53050 * parser/NodeConstructors.h: 53051 (JSC::GreaterNode::GreaterNode): 53052 (JSC::GreaterEqNode::GreaterEqNode): 53053 * parser/Nodes.h: 53054 530552011-07-03 Gavin Barraclough <barraclough@apple.com> 53056 53057 https://bugs.webkit.org/show_bug.cgi?id=63879 53058 Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq. 53059 53060 Reviewed by Sam Weinig. 53061 53062 There is a lot of copy & paste code here; we can reduce duplication by making 53063 a shared implementation. 53064 53065 * assembler/MacroAssembler.h: 53066 (JSC::MacroAssembler::branch32): 53067 (JSC::MacroAssembler::commute): 53068 - Make these function platform agnostic. 53069 * assembler/MacroAssemblerX86Common.h: 53070 - Moved branch32/commute up to MacroAssembler. 53071 * jit/JIT.h: 53072 (JSC::JIT::emit_op_loop_if_lesseq): 53073 (JSC::JIT::emitSlow_op_loop_if_lesseq): 53074 - Add an implementation matching that for op_loop_if_less, which just calls op_jless. 53075 * jit/JITArithmetic.cpp: 53076 (JSC::JIT::emit_op_jless): 53077 (JSC::JIT::emit_op_jlesseq): 53078 (JSC::JIT::emit_op_jnless): 53079 (JSC::JIT::emit_op_jnlesseq): 53080 (JSC::JIT::emitSlow_op_jless): 53081 (JSC::JIT::emitSlow_op_jlesseq): 53082 (JSC::JIT::emitSlow_op_jnless): 53083 (JSC::JIT::emitSlow_op_jnlesseq): 53084 - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64. 53085 (JSC::JIT::emit_compareAndJump): 53086 (JSC::JIT::emit_compareAndJumpSlow): 53087 - Internal implmementation of jless etc for JSVALUE64. 53088 * jit/JITArithmetic32_64.cpp: 53089 (JSC::JIT::emit_compareAndJump): 53090 (JSC::JIT::emit_compareAndJumpSlow): 53091 - Internal implmementation of jless etc for JSVALUE32_64. 53092 * jit/JITOpcodes.cpp: 53093 * jit/JITOpcodes32_64.cpp: 53094 * jit/JITStubs.cpp: 53095 * jit/JITStubs.h: 53096 - Remove old implementation of emit_op_loop_if_lesseq. 53097 530982011-07-03 Sheriff Bot <webkit.review.bot@gmail.com> 53099 53100 Unreviewed, rolling out r90347. 53101 http://trac.webkit.org/changeset/90347 53102 https://bugs.webkit.org/show_bug.cgi?id=63886 53103 53104 Build breaks on Leopard, Chromium-win, WinCairo, and WinCE. 53105 (Requested by tkent on #webkit). 53106 53107 * JavaScriptCore.xcodeproj/project.pbxproj: 53108 * runtime/BigInteger.h: Removed. 53109 * runtime/NumberPrototype.cpp: 53110 (JSC::numberProtoFuncToPrecision): 53111 (JSC::numberProtoFuncToString): 53112 * runtime/Uint16WithFraction.h: Removed. 53113 * wtf/MathExtras.h: 53114 531152011-06-30 Gavin Barraclough <barraclough@apple.com> 53116 53117 Reviewed by Sam Weinig. 53118 53119 https://bugs.webkit.org/show_bug.cgi?id=16652 53120 Firefox and JavaScriptCore differ in Number.toString(integer) 53121 53122 Our arbitrary radix (2..36) toString conversion is inaccurate. 53123 This is partly because it uses doubles to perform math that requires 53124 higher accuracy, and partly becasue it does not attempt to correctly 53125 detect where to terminate, instead relying on a simple 'epsilon'. 53126 53127 * runtime/NumberPrototype.cpp: 53128 (JSC::decomposeDouble): 53129 - helper function to extract sign, exponent, mantissa from IEEE doubles. 53130 (JSC::Uint16WithFraction::Uint16WithFraction): 53131 - helper class, u16int with infinite precision fraction, used to convert 53132 the fractional part of the number to a string. 53133 (JSC::Uint16WithFraction::operator*=): 53134 - Multiply by a uint16. 53135 (JSC::Uint16WithFraction::operator<): 53136 - Compare two Uint16WithFractions. 53137 (JSC::Uint16WithFraction::floorAndSubtract): 53138 - Extract the integer portion of the number, and subtract it (clears the integer portion). 53139 (JSC::Uint16WithFraction::comparePoint5): 53140 - Compare to 0.5. 53141 (JSC::Uint16WithFraction::sumGreaterThanOne): 53142 - Passed a second Uint16WithFraction, returns true if the result of adding 53143 the two values would be greater than one. 53144 (JSC::Uint16WithFraction::isNormalized): 53145 - Used by ASSERTs to consistency check internal representation. 53146 (JSC::BigInteger::BigInteger): 53147 - helper class, unbounded integer value, used to convert the integer part 53148 of the number to a string. 53149 (JSC::BigInteger::divide): 53150 - Divide this value through by a uint32. 53151 (JSC::BigInteger::operator!): 53152 - test for zero. 53153 (JSC::toStringWithRadix): 53154 - Performs number to string conversion, with the given radix (2..36). 53155 (JSC::numberProtoFuncToString): 53156 - Changed to use toStringWithRadix. 53157 531582011-07-02 Gavin Barraclough <barraclough@apple.com> 53159 53160 https://bugs.webkit.org/show_bug.cgi?id=63866 53161 DFG JIT - implement instanceof 53162 53163 Reviewed by Sam Weinig. 53164 53165 Add ops CheckHasInstance & InstanceOf to implement bytecodes 53166 op_check_has_instance & op_instanceof. This is an initial 53167 functional implementation, performance is a wash. We can 53168 follow up with changes to fuse the InstanceOf node with 53169 a subsequant branch, as we do with other comparisons. 53170 53171 * dfg/DFGByteCodeParser.cpp: 53172 (JSC::DFG::ByteCodeParser::parseBlock): 53173 * dfg/DFGJITCompiler.cpp: 53174 (JSC::DFG::JITCompiler::jitAssertIsCell): 53175 * dfg/DFGJITCompiler.h: 53176 (JSC::DFG::JITCompiler::jitAssertIsCell): 53177 * dfg/DFGNode.h: 53178 * dfg/DFGNonSpeculativeJIT.cpp: 53179 (JSC::DFG::NonSpeculativeJIT::compile): 53180 * dfg/DFGOperations.cpp: 53181 * dfg/DFGOperations.h: 53182 * dfg/DFGSpeculativeJIT.cpp: 53183 (JSC::DFG::SpeculativeJIT::compile): 53184 531852011-07-01 Oliver Hunt <oliver@apple.com> 53186 53187 IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren() 53188 https://bugs.webkit.org/show_bug.cgi?id=63732 53189 53190 Reviewed by Gavin Barraclough. 53191 53192 Initialise the memory at the head of the new storage so that 53193 GC is safe if triggered by reportExtraMemoryCost. 53194 53195 * runtime/JSArray.cpp: 53196 (JSC::JSArray::increaseVectorPrefixLength): 53197 531982011-07-01 Oliver Hunt <oliver@apple.com> 53199 53200 GC sweep can occur before an object is completely initialised 53201 https://bugs.webkit.org/show_bug.cgi?id=63836 53202 53203 Reviewed by Gavin Barraclough. 53204 53205 In rare cases it's possible for a GC sweep to occur while a 53206 live, but not completely initialised object is on the stack. 53207 In such a case we may incorrectly choose to mark it, even 53208 though it has no children that need marking. 53209 53210 We resolve this by always zeroing out the structure of any 53211 value returned from JSCell::operator new(), and making the 53212 markstack tolerant of a null structure. 53213 53214 * runtime/JSCell.h: 53215 (JSC::JSCell::JSCell::~JSCell): 53216 (JSC::JSCell::JSCell::operator new): 53217 * runtime/Structure.h: 53218 (JSC::MarkStack::internalAppend): 53219 532202011-07-01 Filip Pizlo <fpizlo@apple.com> 53221 53222 Reviewed by Gavin Barraclough. 53223 53224 DFG non-speculative JIT always performs slow C calls for div and mod. 53225 https://bugs.webkit.org/show_bug.cgi?id=63684 53226 53227 * dfg/DFGNonSpeculativeJIT.cpp: 53228 (JSC::DFG::NonSpeculativeJIT::compile): 53229 532302011-07-01 Juan C. Montemayor <jmont@apple.com> 53231 53232 Reviewed by Oliver Hunt. 53233 53234 Lexer error messages are currently appalling 53235 https://bugs.webkit.org/show_bug.cgi?id=63340 53236 53237 Added error messages for the Lexer. These messages will be displayed 53238 instead of the lexer error messages from the parser that are currently 53239 shown. 53240 53241 * parser/Lexer.cpp: 53242 (JSC::Lexer::getInvalidCharMessage): 53243 (JSC::Lexer::setCode): 53244 (JSC::Lexer::parseString): 53245 (JSC::Lexer::lex): 53246 (JSC::Lexer::clear): 53247 * parser/Lexer.h: 53248 (JSC::Lexer::getErrorMessage): 53249 (JSC::Lexer::setOffset): 53250 * parser/Parser.cpp: 53251 (JSC::Parser::parse): 53252 532532011-07-01 Jungshik Shin <jshin@chromium.org> 53254 53255 Reviewed by Alexey Proskuryakov. 53256 53257 Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in 53258 build files for ports not using ICU. 53259 Add icu/unicode/uscript.h for ports using ICU. It's taken from 53260 ICU 3.6 (the version used on Mac OS 10.5) 53261 53262 http://bugs.webkit.org/show_bug.cgi?id=20797 53263 53264 * GNUmakefile.list.am: 53265 * JavaScriptCore.gypi: 53266 * icu/unicode/uscript.h: Added for UScriptCode enum. 53267 * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added. 53268 * wtf/unicode/icu/UnicodeIcu.h: 53269 * wtf/unicode/brew/UnicodeBrew.h: 53270 * wtf/unicode/glib/UnicodeGLib.h: 53271 * wtf/unicode/qt4/UnicodeQt4.h: 53272 * wtf/unicode/wince/UnicodeWinCE.h: 53273 532742011-07-01 Gavin Barraclough <barraclough@apple.com> 53275 53276 Reviewed by Sam Weinig. 53277 53278 https://bugs.webkit.org/show_bug.cgi?id=63819 53279 Escaping of forwardslashes in strings incorrect if multiple exist. 53280 53281 The bug is in the parameters passed to a substring - should be 53282 start & length, but we're passing start & end indices! 53283 53284 * runtime/RegExpObject.cpp: 53285 (JSC::regExpObjectSource): 53286 532872011-07-01 Adam Roben <aroben@apple.com> 53288 53289 Roll out r90194 53290 http://trac.webkit.org/changeset/90194 53291 https://bugs.webkit.org/show_bug.cgi?id=63778 53292 53293 Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing 53294 assertions in WriteBarrierBase<JSC::Structure>::get 53295 53296 * runtime/JSCell.h: 53297 (JSC::JSCell::JSCell::~JSCell): 53298 532992011-06-30 Oliver Hunt <oliver@apple.com> 53300 53301 Reviewed by Gavin Barraclough. 53302 53303 Add optimised paths for a few maths functions 53304 https://bugs.webkit.org/show_bug.cgi?id=63757 53305 53306 Relanding as a Mac only patch. 53307 53308 This adds specialised thunks for Math.abs, Math.round, Math.ceil, 53309 Math.floor, Math.log, and Math.exp as they are apparently more 53310 important in real web content than we thought, which is somewhat 53311 mind-boggling. On average doubles the performance of the common 53312 cases (eg. actually passing numbers in). They're not as efficient 53313 as they could be, but this way gives them the most portability. 53314 53315 * assembler/MacroAssemblerARM.h: 53316 (JSC::MacroAssemblerARM::supportsDoubleBitops): 53317 (JSC::MacroAssemblerARM::andnotDouble): 53318 * assembler/MacroAssemblerARMv7.h: 53319 (JSC::MacroAssemblerARMv7::supportsDoubleBitops): 53320 (JSC::MacroAssemblerARMv7::andnotDouble): 53321 * assembler/MacroAssemblerMIPS.h: 53322 (JSC::MacroAssemblerMIPS::andnotDouble): 53323 (JSC::MacroAssemblerMIPS::supportsDoubleBitops): 53324 * assembler/MacroAssemblerSH4.h: 53325 (JSC::MacroAssemblerSH4::supportsDoubleBitops): 53326 (JSC::MacroAssemblerSH4::andnotDouble): 53327 * assembler/MacroAssemblerX86.h: 53328 (JSC::MacroAssemblerX86::supportsDoubleBitops): 53329 * assembler/MacroAssemblerX86Common.h: 53330 (JSC::MacroAssemblerX86Common::andnotDouble): 53331 * assembler/MacroAssemblerX86_64.h: 53332 (JSC::MacroAssemblerX86_64::supportsDoubleBitops): 53333 * assembler/X86Assembler.h: 53334 (JSC::X86Assembler::andnpd_rr): 53335 * create_hash_table: 53336 * jit/SpecializedThunkJIT.h: 53337 (JSC::SpecializedThunkJIT::finalize): 53338 (JSC::SpecializedThunkJIT::callDoubleToDouble): 53339 * jit/ThunkGenerators.cpp: 53340 (JSC::floorThunkGenerator): 53341 (JSC::ceilThunkGenerator): 53342 (JSC::roundThunkGenerator): 53343 (JSC::expThunkGenerator): 53344 (JSC::logThunkGenerator): 53345 (JSC::absThunkGenerator): 53346 * jit/ThunkGenerators.h: 53347 533482011-07-01 David Kilzer <ddkilzer@apple.com> 53349 53350 <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp 53351 53352 Fixes the following build error in clang: 53353 53354 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3] 53355 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0); 53356 ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ 53357 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3] 53358 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0); 53359 ^ 53360 ( ) 53361 fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"(" 53362 fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")" 53363 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3] 53364 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0); 53365 ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 53366 1 error generated. 53367 53368 * jit/JITOpcodes32_64.cpp: 53369 (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the 53370 tertiary expression evaluate first. 53371 533722011-07-01 Sheriff Bot <webkit.review.bot@gmail.com> 53373 53374 Unreviewed, rolling out r90177 and r90179. 53375 http://trac.webkit.org/changeset/90177 53376 http://trac.webkit.org/changeset/90179 53377 https://bugs.webkit.org/show_bug.cgi?id=63790 53378 53379 It caused crashes on Qt in debug mode (Requested by Ossy on 53380 #webkit). 53381 53382 * assembler/MacroAssemblerARM.h: 53383 (JSC::MacroAssemblerARM::rshift32): 53384 (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): 53385 (JSC::MacroAssemblerARM::sqrtDouble): 53386 * assembler/MacroAssemblerARMv7.h: 53387 (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): 53388 (JSC::MacroAssemblerARMv7::sqrtDouble): 53389 * assembler/MacroAssemblerMIPS.h: 53390 (JSC::MacroAssemblerMIPS::sqrtDouble): 53391 (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt): 53392 * assembler/MacroAssemblerSH4.h: 53393 (JSC::MacroAssemblerSH4::sqrtDouble): 53394 * assembler/MacroAssemblerX86.h: 53395 * assembler/MacroAssemblerX86Common.h: 53396 * assembler/MacroAssemblerX86_64.h: 53397 * assembler/X86Assembler.h: 53398 * create_hash_table: 53399 * jit/JSInterfaceJIT.h: 53400 (JSC::JSInterfaceJIT::emitLoadDouble): 53401 * jit/SpecializedThunkJIT.h: 53402 (JSC::SpecializedThunkJIT::finalize): 53403 * jit/ThunkGenerators.cpp: 53404 * jit/ThunkGenerators.h: 53405 534062011-06-30 Oliver Hunt <oliver@apple.com> 53407 53408 Reviewed by Beth Dakin. 53409 53410 Make GC validation clear cell structure on destruction 53411 https://bugs.webkit.org/show_bug.cgi?id=63778 53412 53413 * runtime/JSCell.h: 53414 (JSC::JSCell::JSCell::~JSCell): 53415 534162011-06-30 Geoffrey Garen <ggaren@apple.com> 53417 53418 Reviewed by Gavin Barraclough. 53419 53420 Added write barrier that was missing from put_by_id_transition 53421 https://bugs.webkit.org/show_bug.cgi?id=63775 53422 53423 * dfg/DFGJITCodeGenerator.cpp: 53424 (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a 53425 MacroAssembler& argument so our patching functions could use it. 53426 53427 (JSC::DFG::JITCodeGenerator::cachedPutById): 53428 * dfg/DFGJITCodeGenerator.h: 53429 * dfg/DFGNonSpeculativeJIT.cpp: 53430 (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change. 53431 53432 * dfg/DFGRepatch.cpp: 53433 (JSC::DFG::tryCachePutByID): Missing barrier! 53434 53435 * dfg/DFGSpeculativeJIT.cpp: 53436 (JSC::DFG::SpeculativeJIT::compile): Updated for signature change. 53437 53438 * jit/JITPropertyAccess.cpp: 53439 (JSC::JIT::privateCompilePutByIdTransition): 53440 * jit/JITPropertyAccess32_64.cpp: 53441 (JSC::JIT::privateCompilePutByIdTransition): 53442 * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier 53443 because its meaning isn't clear -- maybe in the future we'll have a 53444 clear way to pass all stores through a common function that guarantees 53445 a write barrier, but that's not the case right now. 53446 534472011-06-30 Filip Pizlo <fpizlo@apple.com> 53448 53449 Reviewed by Gavin Barraclough. 53450 53451 DFG non-speculative JIT does not reuse registers when compiling comparisons. 53452 https://bugs.webkit.org/show_bug.cgi?id=63565 53453 53454 * dfg/DFGNonSpeculativeJIT.cpp: 53455 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 53456 (JSC::DFG::NonSpeculativeJIT::basicArithOp): 53457 (JSC::DFG::NonSpeculativeJIT::compare): 53458 534592011-06-30 Geoffrey Garen <ggaren@apple.com> 53460 53461 Reviewed by Gavin Barraclough. 53462 53463 Added empty write barrier stubs in all the right places in the DFG JIT 53464 https://bugs.webkit.org/show_bug.cgi?id=63764 53465 53466 SunSpider thinks this might be a 0.5% speedup. Meh. 53467 53468 * dfg/DFGJITCodeGenerator.cpp: 53469 (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub. 53470 53471 (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special 53472 for the case where base == scratch, since we now require base and scratch 53473 to be not equal, for the sake of the write barrier. 53474 53475 * dfg/DFGJITCodeGenerator.h: Le stub. 53476 53477 * dfg/DFGNonSpeculativeJIT.cpp: 53478 (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register 53479 as the scratch register, since that's incompatible with the write barrier, 53480 which needs a distinct base and scratch. 53481 53482 Do put the global object into a register before loading its var storage, 53483 since it needs to be in a register for the write barrier to operate on it. 53484 53485 * dfg/DFGSpeculativeJIT.cpp: 53486 (JSC::DFG::SpeculativeJIT::compile): 53487 * jit/JITPropertyAccess.cpp: 53488 (JSC::JIT::emitWriteBarrier): Second verse, same as the first. 53489 53490 * jit/JITPropertyAccess.cpp: 53491 (JSC::JIT::emit_op_get_scoped_var): 53492 (JSC::JIT::emit_op_put_scoped_var): 53493 (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more 53494 places. 53495 53496 (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function 53497 is a little more than meaningless. 53498 53499 * jit/JITPropertyAccess32_64.cpp: 53500 (JSC::JIT::emit_op_get_scoped_var): 53501 (JSC::JIT::emit_op_put_scoped_var): 53502 (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more 53503 places. 53504 53505 (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function 53506 is a little more than meaningless. 53507 53508 * runtime/JSVariableObject.h: 53509 (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since 53510 we put the global object in a register and only then load its var storage 53511 by offset. 53512 53513 (JSC::JIT::emitWriteBarrier): 53514 535152011-06-30 Oliver Hunt <oliver@apple.com> 53516 53517 Fix ARMv6 build 53518 53519 * assembler/MacroAssemblerARM.h: 53520 (JSC::MacroAssemblerARM::rshift32): 53521 535222011-06-30 Oliver Hunt <oliver@apple.com> 53523 53524 Reviewed by Gavin Barraclough. 53525 53526 Add optimised paths for a few maths functions 53527 https://bugs.webkit.org/show_bug.cgi?id=63757 53528 53529 This adds specialised thunks for Math.abs, Math.round, Math.ceil, 53530 Math.floor, Math.log, and Math.exp as they are apparently more 53531 important in real web content than we thought, which is somewhat 53532 mind-boggling. On average doubles the performance of the common 53533 cases (eg. actually passing numbers in). They're not as efficient 53534 as they could be, but this way gives them the most portability. 53535 53536 * assembler/MacroAssemblerARM.h: 53537 (JSC::MacroAssemblerARM::supportsDoubleBitops): 53538 (JSC::MacroAssemblerARM::andnotDouble): 53539 * assembler/MacroAssemblerARMv7.h: 53540 (JSC::MacroAssemblerARMv7::supportsDoubleBitops): 53541 (JSC::MacroAssemblerARMv7::andnotDouble): 53542 * assembler/MacroAssemblerMIPS.h: 53543 (JSC::MacroAssemblerMIPS::andnotDouble): 53544 (JSC::MacroAssemblerMIPS::supportsDoubleBitops): 53545 * assembler/MacroAssemblerSH4.h: 53546 (JSC::MacroAssemblerSH4::supportsDoubleBitops): 53547 (JSC::MacroAssemblerSH4::andnotDouble): 53548 * assembler/MacroAssemblerX86.h: 53549 (JSC::MacroAssemblerX86::supportsDoubleBitops): 53550 * assembler/MacroAssemblerX86Common.h: 53551 (JSC::MacroAssemblerX86Common::andnotDouble): 53552 * assembler/MacroAssemblerX86_64.h: 53553 (JSC::MacroAssemblerX86_64::supportsDoubleBitops): 53554 * assembler/X86Assembler.h: 53555 (JSC::X86Assembler::andnpd_rr): 53556 * create_hash_table: 53557 * jit/SpecializedThunkJIT.h: 53558 (JSC::SpecializedThunkJIT::finalize): 53559 (JSC::SpecializedThunkJIT::callDoubleToDouble): 53560 * jit/ThunkGenerators.cpp: 53561 (JSC::floorThunkGenerator): 53562 (JSC::ceilThunkGenerator): 53563 (JSC::roundThunkGenerator): 53564 (JSC::expThunkGenerator): 53565 (JSC::logThunkGenerator): 53566 (JSC::absThunkGenerator): 53567 * jit/ThunkGenerators.h: 53568 535692011-06-30 Cary Clark <caryclark@google.com> 53570 53571 Reviewed by James Robinson. 53572 53573 Use Skia if Skia on Mac Chrome is enabled 53574 https://bugs.webkit.org/show_bug.cgi?id=62999 53575 53576 * wtf/Platform.h: 53577 Add switch to use Skia if, externally, 53578 Skia has been enabled by a gyp define. 53579 535802011-06-30 Juan C. Montemayor <jmont@apple.com> 53581 53582 Reviewed by Geoffrey Garen. 53583 53584 Web Inspector fails to display source for eval with syntax error 53585 https://bugs.webkit.org/show_bug.cgi?id=63583 53586 53587 Web Inspector now displays a link to an eval statement that contains 53588 a syntax error. 53589 53590 * parser/Parser.h: 53591 (JSC::isEvalNode): 53592 (JSC::EvalNode): 53593 (JSC::Parser::parse): 53594 535952011-06-30 Filip Pizlo <fpizlo@apple.com> 53596 53597 Reviewed by Gavin Barraclough. 53598 53599 X86Assembler does not encode byte registers in 64-bit mode correctly. 53600 https://bugs.webkit.org/show_bug.cgi?id=63665 53601 53602 * assembler/X86Assembler.h: 53603 (JSC::X86Assembler::testb_rr): 53604 (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8): 53605 536062011-06-30 Sheriff Bot <webkit.review.bot@gmail.com> 53607 53608 Unreviewed, rolling out r90102. 53609 http://trac.webkit.org/changeset/90102 53610 https://bugs.webkit.org/show_bug.cgi?id=63714 53611 53612 Lots of tests asserting beneath 53613 SVGSMILElement::findInstanceTime (Requested by aroben on 53614 #webkit). 53615 53616 * wtf/StdLibExtras.h: 53617 (WTF::binarySearch): 53618 536192011-06-30 Oliver Varga <Varga.Oliver@stud.u-szeged.hu> 53620 53621 Reviewed by Nikolas Zimmermann. 53622 53623 Speed up SVGSMILElement::findInstanceTime. 53624 https://bugs.webkit.org/show_bug.cgi?id=61025 53625 53626 Add a new parameter to StdlibExtras.h::binarySerarch function 53627 to also handle cases when the array does not contain the key value. 53628 This is needed for an svg function. 53629 53630 * wtf/StdLibExtras.h: 53631 (WTF::binarySearch): 53632 536332011-06-29 Gavin Barraclough <barraclough@apple.com> 53634 53635 Reviewed by Geoff Garen. 53636 53637 https://bugs.webkit.org/show_bug.cgi?id=63669 53638 DFG JIT - fix spectral-norm regression 53639 53640 The problem is a mis-speculation leading to us falling off the speculative path. 53641 Make the speculation logic slightly smarter, don't predict int if one of the 53642 operands is already loaded as a double (we use this logic already for compares). 53643 53644 * dfg/DFGSpeculativeJIT.cpp: 53645 (JSC::DFG::SpeculativeJIT::compile): 53646 * dfg/DFGSpeculativeJIT.h: 53647 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger): 53648 536492011-06-29 Filip Pizlo <fpizlo@apple.com> 53650 53651 Reviewed by Gavin Barraclough. 53652 53653 DFG JIT does not do put_by_id transition caching. 53654 https://bugs.webkit.org/show_bug.cgi?id=63662 53655 53656 * dfg/DFGJITCodeGenerator.cpp: 53657 (JSC::DFG::JITCodeGenerator::cachedPutById): 53658 * dfg/DFGJITCompiler.h: 53659 (JSC::DFG::JITCompiler::addPropertyAccess): 53660 * dfg/DFGRepatch.cpp: 53661 (JSC::DFG::testPrototype): 53662 (JSC::DFG::tryCachePutByID): 53663 536642011-06-29 Geoffrey Garen <ggaren@apple.com> 53665 53666 Reviewed by Oliver Hunt. 53667 53668 Added a dummy write barrier emitting function in all the right places in the old JIT 53669 https://bugs.webkit.org/show_bug.cgi?id=63667 53670 53671 SunSpider reports no change. 53672 53673 * jit/JIT.h: 53674 * jit/JITPropertyAccess.cpp: 53675 (JSC::JIT::emit_op_put_by_id): 53676 (JSC::JIT::emit_op_put_scoped_var): Do it. 53677 53678 (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register 53679 for the sake of the write barrier. 53680 53681 (JSC::JIT::emitWriteBarrier): Empty for now. Not for long! 53682 53683 * jit/JITPropertyAccess32_64.cpp: 53684 (JSC::JIT::emit_op_put_by_val): 53685 (JSC::JIT::emit_op_put_by_id): 53686 (JSC::JIT::emit_op_put_scoped_var): Do it. 53687 53688 (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register 53689 for the sake of the write barrier. 53690 53691 (JSC::JIT::emitWriteBarrier): Empty for now. Not for long! 53692 536932011-06-29 Filip Pizlo <fpizlo@apple.com> 53694 53695 Reviewed by Gavin Barraclough. 53696 53697 DFG JIT does not perform get_by_id self list caching. 53698 https://bugs.webkit.org/show_bug.cgi?id=63605 53699 53700 * bytecode/StructureStubInfo.h: 53701 * dfg/DFGJITCompiler.cpp: 53702 (JSC::DFG::JITCompiler::compileFunction): 53703 * dfg/DFGOperations.cpp: 53704 * dfg/DFGOperations.h: 53705 * dfg/DFGRepatch.cpp: 53706 (JSC::DFG::tryCacheGetByID): 53707 (JSC::DFG::tryBuildGetByIDList): 53708 (JSC::DFG::dfgBuildGetByIDList): 53709 * dfg/DFGRepatch.h: 53710 537112011-06-28 Filip Pizlo <fpizlo@apple.com> 53712 53713 Reviewed by Gavin Barraclough. 53714 53715 DFG JIT lacks array.length caching. 53716 https://bugs.webkit.org/show_bug.cgi?id=63505 53717 53718 * bytecode/StructureStubInfo.h: 53719 * dfg/DFGJITCodeGenerator.cpp: 53720 (JSC::DFG::JITCodeGenerator::cachedGetById): 53721 (JSC::DFG::JITCodeGenerator::cachedPutById): 53722 * dfg/DFGJITCodeGenerator.h: 53723 (JSC::DFG::JITCodeGenerator::tryAllocate): 53724 (JSC::DFG::JITCodeGenerator::selectScratchGPR): 53725 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): 53726 * dfg/DFGJITCompiler.cpp: 53727 (JSC::DFG::JITCompiler::compileFunction): 53728 * dfg/DFGJITCompiler.h: 53729 (JSC::DFG::JITCompiler::addPropertyAccess): 53730 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): 53731 * dfg/DFGRegisterBank.h: 53732 (JSC::DFG::RegisterBank::tryAllocate): 53733 * dfg/DFGRepatch.cpp: 53734 (JSC::DFG::tryCacheGetByID): 53735 537362011-06-28 Pierre Rossi <pierre.rossi@gmail.com> 53737 53738 Reviewed by Eric Seidel. 53739 53740 Warnings in JSC's JIT on 32 bit 53741 https://bugs.webkit.org/show_bug.cgi?id=63259 53742 53743 Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies. 53744 53745 * jit/JITPropertyAccess32_64.cpp: 53746 (JSC::JIT::emit_op_method_check): 53747 (JSC::JIT::compileGetByIdHotPath): 53748 (JSC::JIT::emit_op_put_by_id): 53749 537502011-06-28 Sheriff Bot <webkit.review.bot@gmail.com> 53751 53752 Unreviewed, rolling out r89968. 53753 http://trac.webkit.org/changeset/89968 53754 https://bugs.webkit.org/show_bug.cgi?id=63581 53755 53756 Broke chromium windows compile (Requested by jamesr on 53757 #webkit). 53758 53759 * wtf/Platform.h: 53760 537612011-06-28 Oliver Hunt <oliver@apple.com> 53762 53763 Reviewed by Gavin Barraclough. 53764 53765 Fix sampling build 53766 https://bugs.webkit.org/show_bug.cgi?id=63579 53767 53768 Gets opcode sampling building again, doesn't seem to work alas 53769 53770 * bytecode/SamplingTool.cpp: 53771 (JSC::SamplingTool::notifyOfScope): 53772 * bytecode/SamplingTool.h: 53773 (JSC::SamplingTool::SamplingTool): 53774 * interpreter/Interpreter.cpp: 53775 (JSC::Interpreter::enableSampler): 53776 * runtime/Executable.h: 53777 (JSC::ScriptExecutable::ScriptExecutable): 53778 537792011-06-28 Cary Clark <caryclark@google.com> 53780 53781 Reviewed by James Robinson. 53782 53783 Use Skia if Skia on Mac Chrome is enabled 53784 https://bugs.webkit.org/show_bug.cgi?id=62999 53785 53786 * wtf/Platform.h: 53787 Add switch to use Skia if, externally, 53788 Skia has been enabled by a gyp define. 53789 537902011-06-28 Oliver Hunt <oliver@apple.com> 53791 53792 Reviewed by Gavin Barraclough. 53793 53794 ASSERT when launching debug builds with interpreter and jit enabled 53795 https://bugs.webkit.org/show_bug.cgi?id=63566 53796 53797 Add appropriate guards to the various Executable's memory reporting 53798 logic. 53799 53800 * runtime/Executable.cpp: 53801 (JSC::EvalExecutable::compileInternal): 53802 (JSC::ProgramExecutable::compileInternal): 53803 (JSC::FunctionExecutable::compileForCallInternal): 53804 (JSC::FunctionExecutable::compileForConstructInternal): 53805 538062011-06-28 Gavin Barraclough <barraclough@apple.com> 53807 53808 Reviewed by Oliver Hunt. 53809 53810 https://bugs.webkit.org/show_bug.cgi?id=63563 53811 DFG JIT - add support for double arith to speculative path 53812 53813 Add integer support for div & mod, add double support for div, mod, 53814 add, sub & mul, dynamically selecting based on operand types. 53815 53816 * dfg/DFGJITCodeGenerator.cpp: 53817 (JSC::DFG::FPRTemporary::FPRTemporary): 53818 * dfg/DFGJITCodeGenerator.h: 53819 * dfg/DFGJITCompiler.h: 53820 (JSC::DFG::JITCompiler::assembler): 53821 * dfg/DFGSpeculativeJIT.cpp: 53822 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 53823 (JSC::DFG::SpeculativeJIT::compile): 53824 * dfg/DFGSpeculativeJIT.h: 53825 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): 53826 (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand): 53827 (JSC::DFG::SpeculateDoubleOperand::index): 53828 (JSC::DFG::SpeculateDoubleOperand::fpr): 53829 538302011-06-28 Oliver Hunt <oliver@apple.com> 53831 53832 Fix interpreter build. 53833 53834 * interpreter/Interpreter.cpp: 53835 (JSC::Interpreter::privateExecute): 53836 538372011-06-28 Gavin Barraclough <barraclough@apple.com> 53838 53839 Reviewed by Oliver Hunt. 53840 53841 https://bugs.webkit.org/show_bug.cgi?id=63561 53842 DFG JIT - don't always assume integer in relational compare 53843 53844 If neither operand is known integer, or either is in double representation, 53845 then at least use a function call (don't bail off the speculative path). 53846 53847 * dfg/DFGSpeculativeJIT.cpp: 53848 (JSC::DFG::SpeculativeJIT::compilePeepHoleCall): 53849 (JSC::DFG::SpeculativeJIT::compile): 53850 * dfg/DFGSpeculativeJIT.h: 53851 (JSC::DFG::SpeculativeJIT::isDataFormatDouble): 53852 (JSC::DFG::SpeculativeJIT::compareIsInteger): 53853 538542011-06-28 Oliver Hunt <oliver@apple.com> 53855 53856 Reviewed by Gavin Barraclough. 53857 53858 Make constant array optimisation less strict about what constitutes a constant 53859 https://bugs.webkit.org/show_bug.cgi?id=63554 53860 53861 Now allow string constants in array literals to actually be considered constant, 53862 and so avoid codegen in array literals with strings in them. 53863 53864 * bytecode/CodeBlock.h: 53865 (JSC::CodeBlock::addConstantBuffer): 53866 (JSC::CodeBlock::constantBuffer): 53867 * bytecompiler/BytecodeGenerator.cpp: 53868 (JSC::BytecodeGenerator::addConstantBuffer): 53869 (JSC::BytecodeGenerator::addStringConstant): 53870 (JSC::BytecodeGenerator::emitNewArray): 53871 * bytecompiler/BytecodeGenerator.h: 53872 * interpreter/Interpreter.cpp: 53873 (JSC::Interpreter::privateExecute): 53874 * jit/JITStubs.cpp: 53875 (JSC::DEFINE_STUB_FUNCTION): 53876 538772011-06-28 Gavin Barraclough <barraclough@apple.com> 53878 53879 Reviewed by Oliver Hunt. 53880 53881 https://bugs.webkit.org/show_bug.cgi?id=63560 53882 DFG_JIT allow allocation of specific machine registers 53883 53884 This allow us to allocate the registers necessary to perform x86 53885 idiv instructions for div/mod, and may be useful for shifts, too. 53886 53887 * dfg/DFGJITCodeGenerator.cpp: 53888 (JSC::DFG::GPRTemporary::GPRTemporary): 53889 * dfg/DFGJITCodeGenerator.h: 53890 (JSC::DFG::JITCodeGenerator::allocate): 53891 (JSC::DFG::GPRResult::GPRResult): 53892 * dfg/DFGRegisterBank.h: 53893 (JSC::DFG::RegisterBank::allocateSpecific): 53894 * dfg/DFGSpeculativeJIT.h: 53895 (JSC::DFG::SpeculativeJIT::isInteger): 53896 538972011-06-28 Gavin Barraclough <barraclough@apple.com> 53898 53899 Reviewed by Oliver Hunt. 53900 53901 https://bugs.webkit.org/show_bug.cgi?id=55040 53902 RegExp constructor returns the argument regexp instead of a new object 53903 53904 Per 15.10.3.1, our current behaviour is correct if called as a function, 53905 but incorrect when called as a constructor. 53906 53907 * runtime/RegExpConstructor.cpp: 53908 (JSC::constructRegExp): 53909 (JSC::constructWithRegExpConstructor): 53910 * runtime/RegExpConstructor.h: 53911 539122011-06-28 Luke Macpherson <macpherson@chromium.org> 53913 53914 Reviewed by Darin Adler. 53915 53916 Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits. 53917 https://bugs.webkit.org/show_bug.cgi?id=63469 53918 53919 * wtf/MathExtras.h: 53920 (defaultMinimumForClamp): 53921 Version of std::numeric_limits::min() that returns the largest negative value for floating point types. 53922 (defaultMaximumForClamp): 53923 Symmetric alias for std::numeric_limits::max() 53924 (clampTo): 53925 New templated clamping function that supports arbitrary output types. 53926 (clampToInteger): 53927 Use new clampTo template. 53928 (clampToFloat): 53929 Use new clampTo template. 53930 (clampToPositiveInteger): 53931 Use new clampTo template. 53932 539332011-06-28 Adam Roben <aroben@apple.com> 53934 53935 Windows Debug build fix after r89885 53936 53937 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported 53938 JSGlobalData::releaseExecutableMemory for jsc.exe's benefit. 53939 539402011-06-28 Shinya Kawanaka <shinyak@google.com> 53941 53942 Reviewed by Kent Tamura. 53943 53944 Add const to show() method in WTFString and AtomicString. 53945 https://bugs.webkit.org/show_bug.cgi?id=63515 53946 53947 The lack of const in show() method is painful when 53948 doing something like printf-debug. 53949 53950 * wtf/text/AtomicString.cpp: 53951 (WTF::AtomicString::show): 53952 * wtf/text/AtomicString.h: 53953 * wtf/text/WTFString.cpp: 53954 (String::show): 53955 * wtf/text/WTFString.h: 53956 539572011-06-27 Ryosuke Niwa <rniwa@webkit.org> 53958 53959 Build fix attempt after r89885. 53960 53961 * JavaScriptCore.exp: 53962 * jsc.cpp: 53963 539642011-06-27 Oliver Hunt <oliver@apple.com> 53965 53966 Reviewed by Geoffrey Garen. 53967 53968 Support throwing away non-running code even while other code is running 53969 https://bugs.webkit.org/show_bug.cgi?id=63485 53970 53971 Add a function to CodeBlock to support unlinking direct linked callsites, 53972 and then with that in place add logic to discard code from any function 53973 that is not currently on the stack. 53974 53975 The unlinking completely reverts any optimized call sites, such that they 53976 may be relinked again in future. 53977 53978 * JavaScriptCore.exp: 53979 * bytecode/CodeBlock.cpp: 53980 (JSC::CodeBlock::unlinkCalls): 53981 (JSC::CodeBlock::clearEvalCache): 53982 * bytecode/CodeBlock.h: 53983 (JSC::CallLinkInfo::CallLinkInfo): 53984 (JSC::CallLinkInfo::unlink): 53985 * bytecode/EvalCodeCache.h: 53986 (JSC::EvalCodeCache::clear): 53987 * heap/Heap.cpp: 53988 (JSC::Heap::getConservativeRegisterRoots): 53989 * heap/Heap.h: 53990 * jit/JIT.cpp: 53991 (JSC::JIT::privateCompile): 53992 * jit/JIT.h: 53993 * jit/JITCall.cpp: 53994 (JSC::JIT::compileOpCall): 53995 * jit/JITWriteBarrier.h: 53996 (JSC::JITWriteBarrierBase::clear): 53997 * jsc.cpp: 53998 (GlobalObject::GlobalObject): 53999 (functionReleaseExecutableMemory): 54000 * runtime/Executable.cpp: 54001 (JSC::EvalExecutable::unlinkCalls): 54002 (JSC::ProgramExecutable::unlinkCalls): 54003 (JSC::FunctionExecutable::discardCode): 54004 (JSC::FunctionExecutable::unlinkCalls): 54005 * runtime/Executable.h: 54006 * runtime/JSGlobalData.cpp: 54007 (JSC::SafeRecompiler::returnValue): 54008 (JSC::SafeRecompiler::operator()): 54009 (JSC::JSGlobalData::releaseExecutableMemory): 54010 540112011-06-27 Gavin Barraclough <barraclough@apple.com> 54012 54013 Reviewed by Darin Adler & Oliver Hunt. 54014 54015 https://bugs.webkit.org/show_bug.cgi?id=50554 54016 RegExp.prototype.toString does not escape slashes 54017 54018 The problem here is that we don't escape forwards slashes when converting 54019 a RegExp to a string. This means that RegExp("/").toString() is "///", 54020 which is not a valid RegExp literal. Also, we return an invalid literal 54021 for RegExp.prototype.toString() ("//", which is an empty single-line comment). 54022 54023 From ES5: 54024 "NOTE: The returned String has the form of a RegularExpressionLiteral that 54025 evaluates to another RegExp object with the same behaviour as this object." 54026 54027 * runtime/RegExpObject.cpp: 54028 (JSC::regExpObjectSource): 54029 - Escape forward slashes when getting the source of a RegExp. 54030 * runtime/RegExpPrototype.cpp: 54031 (JSC::regExpProtoFuncToString): 54032 - Remove unnecessary and erroneous hack to return "//" as the string 54033 representation of RegExp.prototype. This is not a valid RegExp literal 54034 (it is an empty single-line comment). 54035 540362011-06-27 Gavin Barraclough <barraclough@apple.com> 54037 54038 Reviewed by Oliver Hunt. 54039 54040 https://bugs.webkit.org/show_bug.cgi?id=63497 54041 Add DEBUG_WITH_BREAKPOINT support to the DFG JIT. 54042 54043 * dfg/DFGByteCodeParser.cpp: 54044 (JSC::DFG::ByteCodeParser::parseBlock): 54045 * dfg/DFGNode.h: 54046 * dfg/DFGNonSpeculativeJIT.cpp: 54047 (JSC::DFG::NonSpeculativeJIT::compile): 54048 * dfg/DFGSpeculativeJIT.cpp: 54049 (JSC::DFG::SpeculativeJIT::compile): 54050 540512011-06-27 Juan C. Montemayor <jmont@apple.com> 54052 54053 Reviewed by Mark Rowe. 54054 54055 Indirectly including TextPosition.h and XPathGrammar.h causes compile errors 54056 https://bugs.webkit.org/show_bug.cgi?id=63392 54057 54058 When both TextPosition.h and XPathGrammar.h are included a compile-error 54059 is caused, since XPathGrammar.h defines a macro called NUMBER and 54060 TextPosition has a typedef named NUMBER. 54061 54062 * wtf/text/TextPosition.h: 54063 (WTF::TextPosition::TextPosition): 54064 (WTF::TextPosition::minimumPosition): 54065 (WTF::TextPosition::belowRangePosition): 54066 540672011-06-27 Filip Pizlo <fpizlo@apple.com> 54068 54069 Reviewed by Gavin Barraclough. 54070 54071 DFG JIT does not perform put_by_id caching. 54072 https://bugs.webkit.org/show_bug.cgi?id=63409 54073 54074 * bytecode/StructureStubInfo.h: 54075 * dfg/DFGJITCodeGenerator.cpp: 54076 (JSC::DFG::JITCodeGenerator::cachedPutById): 54077 * dfg/DFGJITCodeGenerator.h: 54078 * dfg/DFGJITCompiler.cpp: 54079 (JSC::DFG::JITCompiler::compileFunction): 54080 * dfg/DFGJITCompiler.h: 54081 (JSC::DFG::JITCompiler::addPropertyAccess): 54082 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): 54083 * dfg/DFGNonSpeculativeJIT.cpp: 54084 (JSC::DFG::NonSpeculativeJIT::compile): 54085 * dfg/DFGOperations.cpp: 54086 * dfg/DFGOperations.h: 54087 * dfg/DFGRepatch.cpp: 54088 (JSC::DFG::dfgRepatchByIdSelfAccess): 54089 (JSC::DFG::tryCacheGetByID): 54090 (JSC::DFG::appropriatePutByIdFunction): 54091 (JSC::DFG::tryCachePutByID): 54092 (JSC::DFG::dfgRepatchPutByID): 54093 * dfg/DFGRepatch.h: 54094 * dfg/DFGSpeculativeJIT.cpp: 54095 (JSC::DFG::SpeculativeJIT::compile): 54096 540972011-06-27 Gustavo Noronha Silva <gns@gnome.org> 54098 54099 Unreviewed build fix. One more filed missing during distcheck, for 54100 the MIPS build. 54101 54102 * GNUmakefile.list.am: 54103 541042011-06-26 Filip Pizlo <fpizlo@apple.com> 54105 54106 Reviewed by Gavin Barraclough. 54107 54108 DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations. 54109 https://bugs.webkit.org/show_bug.cgi?id=63347 54110 54111 * dfg/DFGNonSpeculativeJIT.cpp: 54112 - Changed arithmetic operations to speculate in favor of integers. 54113 (JSC::DFG::NonSpeculativeJIT::valueToNumber): 54114 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp): 54115 (JSC::DFG::NonSpeculativeJIT::basicArithOp): 54116 (JSC::DFG::NonSpeculativeJIT::compile): 54117 * dfg/DFGNonSpeculativeJIT.h: 54118 * dfg/DFGOperations.cpp: 54119 - Added slow-path routines for arithmetic that perform no speculation; the 54120 non-speculative JIT will generate calls to these in cases where its 54121 speculation fails. 54122 * dfg/DFGOperations.h: 54123 541242011-06-24 Nikolas Zimmermann <nzimmermann@rim.com> 54125 54126 Reviewed by Rob Buis. 54127 54128 Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts 54129 https://bugs.webkit.org/show_bug.cgi?id=59085 54130 54131 * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS. 54132 541332011-06-24 Michael Saboff <msaboff@apple.com> 54134 54135 Reviewed by Gavin Barraclough. 54136 54137 Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub 54138 https://bugs.webkit.org/show_bug.cgi?id=63345 54139 54140 The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10 54141 return 9 and 10 bit quantities, therefore changed their return type from 54142 uint8_t to uint16_t. Also casted the places where they are used as they 54143 are currently shifted and used as 7 or 8 bit values. 54144 54145 These methods are currently used for literals for stack offsets, 54146 including creating and destroying stack frames. The prior truncation of 54147 the upper bits caused stack frames to be too small, thus allowing a 54148 JIT'ed function to access and overwrite stack space outside of the 54149 incorrectly sized stack frame. 54150 54151 * assembler/ARMv7Assembler.h: 54152 (JSC::ARMThumbImmediate::getUInt9): 54153 (JSC::ARMThumbImmediate::getUInt10): 54154 (JSC::ARMv7Assembler::add): 54155 (JSC::ARMv7Assembler::ldr): 54156 (JSC::ARMv7Assembler::str): 54157 (JSC::ARMv7Assembler::sub): 54158 (JSC::ARMv7Assembler::sub_S): 54159 541602011-06-24 Michael Saboff <msaboff@apple.com> 54161 54162 Reviewed by Geoffrey Garen. 54163 54164 releaseFastMallocFreeMemory doesn't adjust free counts for scavenger 54165 https://bugs.webkit.org/show_bug.cgi?id=63015 54166 54167 Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and 54168 min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList(). These 54169 adjustments are a bug. These need to reflect the pages that are released 54170 in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well. 54171 Made ReleaseFreeList a member of TCMalloc_PageHeap in the process. Updated 54172 Check() and helper method CheckList() to check the number of actual free pages 54173 with free_committed_pages_. 54174 54175 The symptom of the problem of the existing code is that the scavenger may 54176 run unneccesarily without any real work to do, i.e. pages on the free lists. 54177 The scanvenger would also end up freeing too many pages, that is going below 54178 the current 528 target free pages. 54179 54180 Note that the style of the changes was kept consistent with the 54181 existing style. 54182 54183 * wtf/FastMalloc.cpp: 54184 (WTF::TCMalloc_PageHeap::Check): 54185 (WTF::TCMalloc_PageHeap::CheckList): 54186 (WTF::TCMalloc_PageHeap::ReleaseFreeList): 54187 541882011-06-24 Abhishek Arya <inferno@chromium.org> 54189 54190 Reviewed by Darin Adler. 54191 54192 Match other clampTo* functions in style with clampToInteger(float) 54193 function. 54194 https://bugs.webkit.org/show_bug.cgi?id=53449 54195 54196 * wtf/MathExtras.h: 54197 (clampToInteger): 54198 (clampToFloat): 54199 (clampToPositiveInteger): 54200 542012011-06-24 Sheriff Bot <webkit.review.bot@gmail.com> 54202 54203 Unreviewed, rolling out r89594. 54204 http://trac.webkit.org/changeset/89594 54205 https://bugs.webkit.org/show_bug.cgi?id=63316 54206 54207 It broke 5 tests on the Qt bot (Requested by Ossy_DC on 54208 #webkit). 54209 54210 * GNUmakefile.list.am: 54211 * JavaScriptCore.gypi: 54212 * icu/unicode/uscript.h: Removed. 54213 * wtf/unicode/ScriptCodesFromICU.h: Removed. 54214 * wtf/unicode/brew/UnicodeBrew.h: 54215 * wtf/unicode/glib/UnicodeGLib.h: 54216 * wtf/unicode/icu/UnicodeIcu.h: 54217 * wtf/unicode/qt4/UnicodeQt4.h: 54218 * wtf/unicode/wince/UnicodeWinCE.h: 54219 542202011-06-23 Filip Pizlo <fpizlo@apple.com> 54221 54222 Reviewed by Gavin Barraclough. 54223 54224 DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal 54225 https://bugs.webkit.org/show_bug.cgi?id=63173 54226 54227 * dfg/DFGJITCodeGenerator.cpp: 54228 (JSC::DFG::JITCodeGenerator::cachedGetById): 54229 * dfg/DFGJITCodeGenerator.h: 54230 * dfg/DFGNonSpeculativeJIT.cpp: 54231 (JSC::DFG::NonSpeculativeJIT::compile): 54232 * dfg/DFGSpeculativeJIT.cpp: 54233 (JSC::DFG::SpeculativeJIT::compile): 54234 542352011-06-23 Oliver Hunt <oliver@apple.com> 54236 54237 Fix Qt again. 54238 54239 * assembler/ARMAssembler.h: 54240 (JSC::ARMAssembler::readPointer): 54241 542422011-06-23 Oliver Hunt <oliver@apple.com> 54243 54244 Fix Qt Build 54245 54246 * assembler/ARMAssembler.h: 54247 (JSC::ARMAssembler::readPointer): 54248 542492011-06-23 Stephanie Lewis <slewis@apple.com> 54250 54251 Reviewed by Darin Adler. 54252 54253 https://bugs.webkit.org/show_bug.cgi?id=63298 54254 Replace Malloc with FastMalloc to match the rest of wtf. 54255 54256 * wtf/BlockStack.h: 54257 (WTF::::~BlockStack): 54258 (WTF::::grow): 54259 (WTF::::shrink): 54260 542612011-06-23 Oliver Hunt <oliver@apple.com> 54262 54263 Reviewed by Gavin Barraclough. 54264 54265 Add the ability to dynamically modify linked call sites 54266 https://bugs.webkit.org/show_bug.cgi?id=63291 54267 54268 Add JITWriteBarrier as a writebarrier class that allows 54269 reading and writing directly into the code stream. 54270 54271 This required adding logic to all the assemblers to allow 54272 us to read values back out of the instruction stream. 54273 54274 * JavaScriptCore.xcodeproj/project.pbxproj: 54275 * assembler/ARMAssembler.h: 54276 (JSC::ARMAssembler::readPointer): 54277 * assembler/ARMv7Assembler.h: 54278 (JSC::ARMv7Assembler::readPointer): 54279 (JSC::ARMv7Assembler::readInt32): 54280 (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst): 54281 (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond): 54282 * assembler/AbstractMacroAssembler.h: 54283 (JSC::AbstractMacroAssembler::readPointer): 54284 * assembler/MIPSAssembler.h: 54285 (JSC::MIPSAssembler::readInt32): 54286 (JSC::MIPSAssembler::readPointer): 54287 * assembler/MacroAssemblerCodeRef.h: 54288 (JSC::MacroAssemblerCodePtr::operator!): 54289 * assembler/SH4Assembler.h: 54290 (JSC::SH4Assembler::readPCrelativeAddress): 54291 (JSC::SH4Assembler::readPointer): 54292 (JSC::SH4Assembler::readInt32): 54293 * assembler/X86Assembler.h: 54294 (JSC::X86Assembler::readPointer): 54295 * bytecode/CodeBlock.cpp: 54296 (JSC::CodeBlock::visitAggregate): 54297 * bytecode/CodeBlock.h: 54298 (JSC::MethodCallLinkInfo::seenOnce): 54299 (JSC::MethodCallLinkInfo::setSeen): 54300 * heap/MarkStack.h: 54301 * jit/JIT.cpp: 54302 (JSC::JIT::privateCompile): 54303 (JSC::JIT::linkCall): 54304 (JSC::JIT::linkConstruct): 54305 * jit/JITPropertyAccess.cpp: 54306 (JSC::JIT::patchMethodCallProto): 54307 * jit/JITPropertyAccess32_64.cpp: 54308 * jit/JITWriteBarrier.h: Added. 54309 (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*): 54310 (JSC::JITWriteBarrierBase::operator!): 54311 (JSC::JITWriteBarrierBase::setFlagOnBarrier): 54312 (JSC::JITWriteBarrierBase::isFlagged): 54313 (JSC::JITWriteBarrierBase::setLocation): 54314 (JSC::JITWriteBarrierBase::location): 54315 (JSC::JITWriteBarrierBase::JITWriteBarrierBase): 54316 (JSC::JITWriteBarrierBase::set): 54317 (JSC::JITWriteBarrierBase::get): 54318 (JSC::JITWriteBarrier::JITWriteBarrier): 54319 (JSC::JITWriteBarrier::set): 54320 (JSC::JITWriteBarrier::get): 54321 (JSC::MarkStack::append): 54322 543232011-06-23 Gavin Barraclough <barraclough@apple.com> 54324 54325 Reviewed by Oliver Hunt. 54326 54327 https://bugs.webkit.org/show_bug.cgi?id=61585 54328 Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/ 54329 54330 This is due to use of int instead of unsigned, bad math around 54331 the 2^31 boundary. 54332 54333 * yarr/YarrInterpreter.cpp: 54334 (JSC::Yarr::ByteCompiler::emitDisjunction): 54335 - Change some uses of int to unsigned, refactor compare logic to 54336 restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1). 54337 * yarr/YarrJIT.cpp: 54338 (JSC::Yarr::YarrGenerator::generate): 54339 (JSC::Yarr::YarrGenerator::backtrack): 54340 - Ditto. 54341 543422011-06-22 Gavin Barraclough <barraclough@apple.com> 54343 54344 Reviewed by Sam Weinig. 54345 54346 https://bugs.webkit.org/show_bug.cgi?id=63218 54347 DFG JIT - remove machine type guarantees from graph 54348 54349 The DFG JIT currently makes assumptions about the types of machine registers 54350 that certain nodes will be loaded into. This will be broken as we generate 54351 nodes to produce both integer and double code paths. Remove int<->double 54352 conversions nodes. This design decision also gave rise to multiple types of 54353 constant nodes, requiring separate handling for each type. Merge these back 54354 into JSConstant. 54355 54356 * dfg/DFGAliasTracker.h: 54357 (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion): 54358 * dfg/DFGByteCodeParser.cpp: 54359 (JSC::DFG::ByteCodeParser::getToInt32): 54360 (JSC::DFG::ByteCodeParser::getToNumber): 54361 (JSC::DFG::ByteCodeParser::toInt32): 54362 (JSC::DFG::ByteCodeParser::toNumber): 54363 (JSC::DFG::ByteCodeParser::isInt32Constant): 54364 (JSC::DFG::ByteCodeParser::isDoubleConstant): 54365 (JSC::DFG::ByteCodeParser::valueOfInt32Constant): 54366 (JSC::DFG::ByteCodeParser::valueOfDoubleConstant): 54367 (JSC::DFG::ByteCodeParser::one): 54368 (JSC::DFG::ByteCodeParser::predictInt32): 54369 * dfg/DFGGraph.cpp: 54370 (JSC::DFG::Graph::dump): 54371 * dfg/DFGJITCodeGenerator.h: 54372 (JSC::DFG::JITCodeGenerator::silentFillGPR): 54373 (JSC::DFG::JITCodeGenerator::silentFillFPR): 54374 (JSC::DFG::JITCodeGenerator::isJSConstant): 54375 (JSC::DFG::JITCodeGenerator::isDoubleConstant): 54376 (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr): 54377 * dfg/DFGJITCompiler.cpp: 54378 (JSC::DFG::JITCompiler::fillNumericToDouble): 54379 (JSC::DFG::JITCompiler::fillInt32ToInteger): 54380 * dfg/DFGJITCompiler.h: 54381 (JSC::DFG::JITCompiler::isJSConstant): 54382 (JSC::DFG::JITCompiler::isInt32Constant): 54383 (JSC::DFG::JITCompiler::isDoubleConstant): 54384 (JSC::DFG::JITCompiler::valueOfJSConstant): 54385 (JSC::DFG::JITCompiler::valueOfInt32Constant): 54386 (JSC::DFG::JITCompiler::valueOfDoubleConstant): 54387 * dfg/DFGNode.h: 54388 (JSC::DFG::Node::Node): 54389 (JSC::DFG::Node::isConstant): 54390 (JSC::DFG::Node::notTakenBytecodeOffset): 54391 * dfg/DFGNonSpeculativeJIT.cpp: 54392 (JSC::DFG::NonSpeculativeJIT::isKnownInteger): 54393 (JSC::DFG::NonSpeculativeJIT::isKnownNumeric): 54394 (JSC::DFG::NonSpeculativeJIT::compile): 54395 * dfg/DFGSpeculativeJIT.cpp: 54396 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 54397 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 54398 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 54399 (JSC::DFG::SpeculativeJIT::compile): 54400 544012011-06-23 Jungshik Shin <jshin@chromium.org> 54402 54403 Reviewed by Alexey Proskuryakov. 54404 54405 Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in 54406 build files for ports not using ICU. 54407 Add icu/unicode/uscript.h for ports using ICU. It's taken from 54408 ICU 3.6 (the version used on Mac OS 10.5) 54409 54410 http://bugs.webkit.org/show_bug.cgi?id=20797 54411 54412 * GNUmakefile.list.am: 54413 * JavaScriptCore.gypi: 54414 * icu/unicode/uscript.h: Added for UScriptCode enum. 54415 * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added. 54416 * wtf/unicode/icu/UnicodeIcu.h: 54417 * wtf/unicode/brew/UnicodeBrew.h: 54418 * wtf/unicode/glib/UnicodeGLib.h: 54419 * wtf/unicode/qt4/UnicodeQt4.h: 54420 * wtf/unicode/wince/UnicodeWinCE.h: 54421 544222011-06-23 Ryuan Choi <ryuan.choi@samsung.com> 54423 54424 Reviewed by Andreas Kling. 54425 54426 [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS. 54427 https://bugs.webkit.org/show_bug.cgi?id=63228 54428 54429 * wtf/Platform.h: Add PLATFORM(EFL) guard. 54430 544312011-06-23 Sheriff Bot <webkit.review.bot@gmail.com> 54432 54433 Unreviewed, rolling out r89547. 54434 http://trac.webkit.org/changeset/89547 54435 https://bugs.webkit.org/show_bug.cgi?id=63252 54436 54437 "Chrmium crash on start" (Requested by yurys on #webkit). 54438 54439 * wtf/DynamicAnnotations.cpp: 54440 (WTFAnnotateBenignRaceSized): 54441 (WTFAnnotateHappensBefore): 54442 (WTFAnnotateHappensAfter): 54443 * wtf/DynamicAnnotations.h: 54444 544452011-06-23 Timur Iskhodzhanov <timurrrr@google.com> 54446 54447 Reviewed by David Levin. 54448 54449 Make dynamic annotations weak symbols and prevent identical code folding by the linker 54450 https://bugs.webkit.org/show_bug.cgi?id=62443 54451 54452 * wtf/DynamicAnnotations.cpp: 54453 (WTFAnnotateBenignRaceSized): 54454 (WTFAnnotateHappensBefore): 54455 (WTFAnnotateHappensAfter): 54456 * wtf/DynamicAnnotations.h: 54457 544582011-06-22 Yael Aharon <yael.aharon@nokia.com> 54459 54460 Reviewed by Andreas Kling. 54461 54462 [Qt] Add a build flag for building with libxml2 and libxslt. 54463 https://bugs.webkit.org/show_bug.cgi?id=63113 54464 54465 * wtf/Platform.h: 54466 544672011-06-22 Sheriff Bot <webkit.review.bot@gmail.com> 54468 54469 Unreviewed, rolling out r89489. 54470 http://trac.webkit.org/changeset/89489 54471 https://bugs.webkit.org/show_bug.cgi?id=63203 54472 54473 Broke chromium mac build on build.webkit.org (Requested by 54474 abarth on #webkit). 54475 54476 * wtf/Platform.h: 54477 544782011-06-22 Cary Clark <caryclark@google.com> 54479 54480 Reviewed by Darin Fisher. 54481 54482 Use Skia if Skia on Mac Chrome is enabled 54483 https://bugs.webkit.org/show_bug.cgi?id=62999 54484 54485 * wtf/Platform.h: 54486 Add switch to use Skia if, externally, 54487 Skia has been enabled by a gyp define. 54488 544892011-06-22 Geoffrey Garen <ggaren@apple.com> 54490 54491 Reviewed by Oliver Hunt. 54492 54493 * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>. 54494 544952011-06-22 Geoffrey Garen <ggaren@apple.com> 54496 54497 Reviewed by Oliver Hunt. 54498 54499 Removed the conceit that global variables are local variables when running global code 54500 https://bugs.webkit.org/show_bug.cgi?id=63106 54501 54502 This is required for write barrier correctness. 54503 54504 SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js. 54505 I was able to reduce the regression with a tiny peephole optimization in 54506 the bytecompiler, but not eliminate it. I'm committing this assuming 54507 that turning on generational GC will win back at least 0.5%. 54508 54509 (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of 54510 the global object's var storage. I considered doing the same kind of 54511 optimization in the existing JIT, but it seemed like moving in the wrong 54512 direction.) 54513 54514 * bytecompiler/BytecodeGenerator.cpp: 54515 (JSC::BytecodeGenerator::addGlobalVar): 54516 (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables 54517 negative indices, since they're no longer negatively offset from the 54518 current stack frame. 54519 54520 Do give global variables monotonically increasing positive indices, since 54521 that's much easier to work with. 54522 54523 Don't limit the number of optimizable global variables, since it's no 54524 longer limited by the register file, since they're no longer stored in 54525 the register file. 54526 54527 (JSC::BytecodeGenerator::registerFor): Global code never has any local 54528 registers because a var in global code is actually a property of the 54529 global object. 54530 54531 (JSC::BytecodeGenerator::constRegisterFor): Ditto. 54532 54533 (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant 54534 propagation and dead code elimination to speed up our compiles and 54535 reduce WTFs / minute. 54536 54537 * bytecompiler/BytecodeGenerator.h: 54538 (JSC::BytecodeGenerator::registerFor): Removed special handling of globals. 54539 54540 (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in 54541 global code, since there are none. 54542 54543 (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals 54544 in global code (i.e., global vars), since there are some. 54545 54546 * interpreter/Interpreter.cpp: 54547 (JSC::Interpreter::callEval): 54548 (JSC::Interpreter::Interpreter): 54549 (JSC::Interpreter::dumpRegisters): 54550 (JSC::Interpreter::execute): 54551 * interpreter/Interpreter.h: Updated for deleted / renamed code. 54552 54553 * interpreter/RegisterFile.cpp: 54554 (JSC::RegisterFile::gatherConservativeRoots): 54555 (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed 54556 data members. 54557 54558 * interpreter/RegisterFile.h: 54559 (JSC::RegisterFile::begin): 54560 (JSC::RegisterFile::size): 54561 (JSC::RegisterFile::RegisterFile): 54562 (JSC::RegisterFile::shrink): Removed all code and comments dealing with 54563 global variables stored in the register file. 54564 54565 (JSC::RegisterFile::grow): Updated for same. 54566 54567 Also, a slight correctness fix: Test the VM commit end, and not just the 54568 in-use end, when checking for stack overflow. In theory, it's invalid to 54569 commit past the end of your allocation, even if you never touch that 54570 memory. This makes the usable size of the stack slightly smaller. No test 54571 because we don't know of any case in practice where this crashes. 54572 54573 * runtime/JSGlobalData.cpp: 54574 (JSC::JSGlobalData::JSGlobalData): Updated for changes above. 54575 54576 * runtime/JSGlobalObject.cpp: 54577 (JSC::JSGlobalObject::resizeRegisters): 54578 (JSC::JSGlobalObject::addStaticGlobals): 54579 * runtime/JSGlobalObject.h: Simplified globals to have monotonically 54580 increasing indexes, always located in our external storage. 54581 545822011-06-21 MORITA Hajime <morrita@google.com> 54583 54584 Unreviewed, rolling out r89401 and r89403. 54585 http://trac.webkit.org/changeset/89401 54586 http://trac.webkit.org/changeset/89403 54587 https://bugs.webkit.org/show_bug.cgi?id=62970 54588 54589 Breaks mac build and mistakenly enables the spellcheck API 54590 54591 * Configurations/FeatureDefines.xcconfig: 54592 * JavaScriptCore.xcodeproj/project.pbxproj: 54593 545942011-06-21 Kent Tamura <tkent@chromium.org> 54595 54596 [Mac] Sort Xcode project files. 54597 54598 * JavaScriptCore.xcodeproj/project.pbxproj: 54599 546002011-06-20 MORITA Hajime <morrita@google.com> 54601 54602 Reviewed by Kent Tamura. 54603 54604 Spellcheck API should be build-able. 54605 https://bugs.webkit.org/show_bug.cgi?id=62970 54606 54607 No new tests, changing only build related files 54608 54609 * Configurations/FeatureDefines.xcconfig: 54610 546112011-06-21 Geoffrey Garen <ggaren@apple.com> 54612 54613 Reviewed by Oliver Hunt. 54614 54615 Moved 'const' off the global-variable-as-local-variable crack pipe 54616 https://bugs.webkit.org/show_bug.cgi?id=63105 54617 54618 This is necessary for moving the rest of the code off of same. 54619 54620 Many problems remain in our handling of const. I have fixed none of them. 54621 54622 * bytecompiler/BytecodeGenerator.h: 54623 (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable 54624 const to directly implement its unique scoping rules. 54625 54626 * bytecompiler/NodesCodegen.cpp: 54627 (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is 54628 for writing, so we don't overwrite const variables. 54629 54630 (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const 54631 variables are available as local variables, since this won't be the case 54632 once global variables are not available as local variables. Instead, use 54633 put_scoped_var in the case where there is no local variable. Like a local 54634 variable, put_scoped_var succeeds even though const properties are 54635 read-only, since put_scoped_var skips read-only checks. (Yay?) 54636 546372011-06-21 Oliver Hunt <oliver@apple.com> 54638 54639 Reviewed by Alexey Proskuryakov. 54640 54641 REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit). 54642 https://bugs.webkit.org/show_bug.cgi?id=63052 54643 54644 Release mode only failure, the stack overflow guards were getting there error 54645 handling inlined, so that they were essentially causing their own demise. 54646 54647 * parser/JSParser.cpp: 54648 (JSC::JSParser::updateErrorMessage): 54649 (JSC::JSParser::updateErrorWithNameAndMessage): 54650 546512011-06-20 Kenneth Russell <kbr@google.com> 54652 54653 Unreviewed. 54654 54655 Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms 54656 https://bugs.webkit.org/show_bug.cgi?id=63022 54657 54658 * wtf/Platform.h: 54659 546602011-06-18 Anders Carlsson <andersca@apple.com> 54661 54662 Reviewed by Darin Adler. 54663 54664 Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr 54665 https://bugs.webkit.org/show_bug.cgi?id=62940 54666 54667 Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT. 54668 54669 * wtf/PassOwnArrayPtr.h: 54670 (WTF::PassOwnArrayPtr::operator=): 54671 * wtf/PassOwnPtr.h: 54672 (WTF::PassOwnPtr::operator=): 54673 * wtf/PassRefPtr.h: 54674 (WTF::PassRefPtr::operator=): 54675 (WTF::NonNullPassRefPtr::operator=): 54676 546772011-06-20 Oliver Hunt <oliver@apple.com> 54678 54679 Reviewed by Darin Adler. 54680 54681 REGRESSION (r79060): Searching for a flight at united.com fails 54682 https://bugs.webkit.org/show_bug.cgi?id=63003 54683 54684 This original change also broke Twitter, and we attempted to refine the fix to 54685 address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United, 54686 we need to revert the change until we understand the problem better. 54687 54688 * wtf/DateMath.cpp: 54689 (WTF::parseDateFromNullTerminatedCharacters): 54690 546912011-06-20 Juan C. Montemayor <jmont@apple.com> 54692 54693 Reviewed by Oliver Hunt. 54694 54695 No context for javascript parse errors. 54696 https://bugs.webkit.org/show_bug.cgi?id=62613 54697 54698 Parse errors now show more details like: 54699 "Unexpected token: ]" 54700 or 54701 "Expected token: while" 54702 54703 For reserved names, numbers, indentifiers, strings, lexer errors, 54704 and EOFs, the following error messages are printed: 54705 54706 "Use of reserved word: super" 54707 "Unexpected number: 42" 54708 "Unexpected identifier: " 54709 "Unexpected string: "foobar"" 54710 "Invalid token character sequence: \u4023" 54711 "Unexpected EOF" 54712 54713 * parser/JSParser.cpp: 54714 (JSC::JSParser::consume): 54715 (JSC::JSParser::getToken): 54716 (JSC::JSParser::getTokenName): 54717 (JSC::JSParser::updateErrorMessageSpecialCase): 54718 (JSC::JSParser::updateErrorMessage): 54719 (JSC::JSParser::updateErrorWithNameAndMessage): 54720 (JSC::jsParse): 54721 (JSC::JSParser::JSParser): 54722 (JSC::JSParser::parseProgram): 54723 (JSC::JSParser::parseVarDeclarationList): 54724 (JSC::JSParser::parseForStatement): 54725 (JSC::JSParser::parseBreakStatement): 54726 (JSC::JSParser::parseContinueStatement): 54727 (JSC::JSParser::parseWithStatement): 54728 (JSC::JSParser::parseTryStatement): 54729 (JSC::JSParser::parseStatement): 54730 (JSC::JSParser::parseFormalParameters): 54731 (JSC::JSParser::parseFunctionInfo): 54732 (JSC::JSParser::parseAssignmentExpression): 54733 (JSC::JSParser::parsePrimaryExpression): 54734 (JSC::JSParser::parseMemberExpression): 54735 (JSC::JSParser::parseUnaryExpression): 54736 * parser/JSParser.h: 54737 * parser/Lexer.cpp: 54738 (JSC::Lexer::lex): 54739 * parser/Parser.cpp: 54740 (JSC::Parser::parse): 54741 547422011-06-20 Nikolas Zimmermann <nzimmermann@rim.com> 54743 54744 Reviewed by Rob Buis. 54745 54746 Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts 54747 https://bugs.webkit.org/show_bug.cgi?id=59085 54748 54749 * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS. 54750 547512011-06-19 Oliver Hunt <oliver@apple.com> 54752 54753 Reviewed by Sam Weinig. 54754 54755 Correct logic for putting errors on the correct line when handling JSONP 54756 https://bugs.webkit.org/show_bug.cgi?id=62962 54757 54758 Minor fix for the minor fix. *sigh* 54759 54760 * interpreter/Interpreter.cpp: 54761 (JSC::Interpreter::execute): 54762 547632011-06-19 Oliver Hunt <oliver@apple.com> 54764 54765 Minor fix to correct layout test results. 54766 54767 * interpreter/Interpreter.cpp: 54768 (JSC::Interpreter::execute): 54769 547702011-06-17 Oliver Hunt <oliver@apple.com> 54771 54772 Reviewed by Gavin Barraclough. 54773 54774 JSONP is unnecessarily slow 54775 https://bugs.webkit.org/show_bug.cgi?id=62920 54776 54777 JSONP has unfortunately become a fairly common idiom online, yet 54778 it triggers very poor performance in JSC as we end up doing codegen 54779 for a large number of property accesses that will 54780 * only be run once, so the vast amount of logic we dump to handle 54781 caching of accesses is unnecessary. 54782 * We are doing codegen that is directly proportional to just 54783 creating the object in the first place. 54784 54785 This patch extends the use of the literal parser to JSONP-like structures 54786 in global code, handling a number of different forms I have seen online. 54787 In an extreme case this improves performance of JSONP by more than 2x 54788 due to removal of code generation and execution time, and a few optimisations 54789 that I made to the parser itself. 54790 54791 * API/JSValueRef.cpp: 54792 (JSValueMakeFromJSONString): 54793 * interpreter/Interpreter.cpp: 54794 (JSC::Interpreter::callEval): 54795 (JSC::Interpreter::execute): 54796 * parser/Lexer.cpp: 54797 (JSC::Lexer::isKeyword): 54798 * parser/Lexer.h: 54799 * runtime/JSGlobalObjectFunctions.cpp: 54800 (JSC::globalFuncEval): 54801 * runtime/JSONObject.cpp: 54802 (JSC::JSONProtoFuncParse): 54803 * runtime/LiteralParser.cpp: 54804 (JSC::LiteralParser::tryJSONPParse): 54805 (JSC::LiteralParser::makeIdentifier): 54806 (JSC::LiteralParser::Lexer::lex): 54807 (JSC::LiteralParser::Lexer::next): 54808 (JSC::isSafeStringCharacter): 54809 (JSC::LiteralParser::Lexer::lexString): 54810 (JSC::LiteralParser::Lexer::lexNumber): 54811 (JSC::LiteralParser::parse): 54812 * runtime/LiteralParser.h: 54813 (JSC::LiteralParser::LiteralParser): 54814 (JSC::LiteralParser::tryLiteralParse): 54815 (JSC::LiteralParser::Lexer::Lexer): 54816 548172011-06-18 Sheriff Bot <webkit.review.bot@gmail.com> 54818 54819 Unreviewed, rolling out r89184. 54820 http://trac.webkit.org/changeset/89184 54821 https://bugs.webkit.org/show_bug.cgi?id=62927 54822 54823 It broke 22 tests on all bot (Requested by Ossy_weekend on 54824 #webkit). 54825 54826 * API/JSValueRef.cpp: 54827 (JSValueMakeFromJSONString): 54828 * interpreter/Interpreter.cpp: 54829 (JSC::Interpreter::callEval): 54830 (JSC::Interpreter::execute): 54831 * parser/Lexer.cpp: 54832 * parser/Lexer.h: 54833 * runtime/JSGlobalObjectFunctions.cpp: 54834 (JSC::globalFuncEval): 54835 * runtime/JSONObject.cpp: 54836 (JSC::JSONProtoFuncParse): 54837 * runtime/LiteralParser.cpp: 54838 (JSC::LiteralParser::Lexer::lex): 54839 (JSC::isSafeStringCharacter): 54840 (JSC::LiteralParser::Lexer::lexString): 54841 (JSC::LiteralParser::Lexer::lexNumber): 54842 (JSC::LiteralParser::parse): 54843 * runtime/LiteralParser.h: 54844 (JSC::LiteralParser::LiteralParser): 54845 (JSC::LiteralParser::tryLiteralParse): 54846 (JSC::LiteralParser::Lexer::Lexer): 54847 (JSC::LiteralParser::Lexer::next): 54848 548492011-06-17 Oliver Hunt <oliver@apple.com> 54850 54851 Reviewed by Gavin Barraclough. 54852 54853 JSONP is unnecessarily slow 54854 https://bugs.webkit.org/show_bug.cgi?id=62920 54855 54856 JSONP has unfortunately become a fairly common idiom online, yet 54857 it triggers very poor performance in JSC as we end up doing codegen 54858 for a large number of property accesses that will 54859 * only be run once, so the vast amount of logic we dump to handle 54860 caching of accesses is unnecessary. 54861 * We are doing codegen that is directly proportional to just 54862 creating the object in the first place. 54863 54864 This patch extends the use of the literal parser to JSONP-like structures 54865 in global code, handling a number of different forms I have seen online. 54866 In an extreme case this improves performance of JSONP by more than 2x 54867 due to removal of code generation and execution time, and a few optimisations 54868 that I made to the parser itself. 54869 54870 * API/JSValueRef.cpp: 54871 (JSValueMakeFromJSONString): 54872 * interpreter/Interpreter.cpp: 54873 (JSC::Interpreter::callEval): 54874 (JSC::Interpreter::execute): 54875 * parser/Lexer.cpp: 54876 (JSC::Lexer::isKeyword): 54877 * parser/Lexer.h: 54878 * runtime/JSGlobalObjectFunctions.cpp: 54879 (JSC::globalFuncEval): 54880 * runtime/JSONObject.cpp: 54881 (JSC::JSONProtoFuncParse): 54882 * runtime/LiteralParser.cpp: 54883 (JSC::LiteralParser::tryJSONPParse): 54884 (JSC::LiteralParser::makeIdentifier): 54885 (JSC::LiteralParser::Lexer::lex): 54886 (JSC::LiteralParser::Lexer::next): 54887 (JSC::isSafeStringCharacter): 54888 (JSC::LiteralParser::Lexer::lexString): 54889 (JSC::LiteralParser::Lexer::lexNumber): 54890 (JSC::LiteralParser::parse): 54891 * runtime/LiteralParser.h: 54892 (JSC::LiteralParser::LiteralParser): 54893 (JSC::LiteralParser::tryLiteralParse): 54894 (JSC::LiteralParser::Lexer::Lexer): 54895 548962011-06-17 Geoffrey Garen <ggaren@apple.com> 54897 54898 Reviewed by Oliver Hunt. 54899 54900 Moved some property access JIT code into property access JIT files 54901 https://bugs.webkit.org/show_bug.cgi?id=62906 54902 54903 * jit/JITOpcodes.cpp: 54904 * jit/JITOpcodes32_64.cpp: 54905 * jit/JITPropertyAccess.cpp: 54906 (JSC::JIT::emitSlow_op_put_by_val): 54907 (JSC::JIT::emit_op_get_scoped_var): 54908 (JSC::JIT::emit_op_put_scoped_var): 54909 (JSC::JIT::emit_op_get_global_var): 54910 (JSC::JIT::emit_op_put_global_var): 54911 * jit/JITPropertyAccess32_64.cpp: 54912 (JSC::JIT::emit_op_get_scoped_var): 54913 (JSC::JIT::emit_op_put_scoped_var): 54914 (JSC::JIT::emit_op_get_global_var): 54915 (JSC::JIT::emit_op_put_global_var): 54916 549172011-06-17 Anders Carlsson <andersca@apple.com> 54918 54919 Build fix. 54920 54921 * JavaScriptCore.xcodeproj/project.pbxproj: 54922 549232011-06-17 Geoffrey Garen <ggaren@apple.com> 54924 54925 Try to fix the Leopard build? 54926 54927 * JavaScriptCore.xcodeproj/project.pbxproj: 54928 549292011-06-16 Geoffrey Garen <ggaren@apple.com> 54930 54931 Reviewed by Oliver Hunt. 54932 54933 Added some write barrier action, compiled out by default 54934 https://bugs.webkit.org/show_bug.cgi?id=62844 54935 54936 * JavaScriptCore.exp: Build! 54937 54938 * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build 54939 issue with Heap.cpp. 54940 54941 * heap/Heap.cpp: 54942 (JSC::Heap::writeBarrierSlowCase): 54943 * heap/Heap.h: 54944 (JSC::Heap::writeBarrier): 54945 * heap/MarkedBlock.h: 54946 (JSC::MarkedBlock::isAtomAligned): 54947 (JSC::MarkedBlock::blockFor): 54948 (JSC::MarkedBlock::atomNumber): 54949 (JSC::MarkedBlock::ownerSetNumber): 54950 (JSC::MarkedBlock::addOldSpaceOwner): 54951 (JSC::MarkedBlock::OwnerSet::OwnerSet): 54952 (JSC::MarkedBlock::OwnerSet::add): 54953 (JSC::MarkedBlock::OwnerSet::clear): 54954 (JSC::MarkedBlock::OwnerSet::size): 54955 (JSC::MarkedBlock::OwnerSet::didOverflow): 54956 (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that 54957 tracks owners for regions within blocks. Currently unused. 54958 549592011-06-17 Raphael Kubo da Costa <kubo@profusion.mobi> 54960 54961 Reviewed by Eric Seidel. 54962 54963 [EFL] Add some OwnPtr specializations for EFL types. 54964 For now there are specializations for Ecore_Evas and Evas_Object. 54965 https://bugs.webkit.org/show_bug.cgi?id=62877 54966 54967 * wtf/CMakeListsEfl.txt: 54968 * wtf/OwnPtrCommon.h: 54969 * wtf/efl/OwnPtrEfl.cpp: Added. 54970 (WTF::deleteOwnedPtr): 54971 549722011-06-17 Joone Hur <joone.hur@collabora.co.uk> 54973 54974 Reviewed by Martin Robinson. 54975 54976 [GTK] Replace GdkRectangle by cairo_rectangle_int_t 54977 https://bugs.webkit.org/show_bug.cgi?id=60687 54978 54979 Replace GdkRectangle by cairo_rectangle_int_t. 54980 54981 * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t. 54982 549832011-06-16 Gavin Barraclough <barraclough@apple.com> 54984 54985 Reviewed by Oliver Hunt. 54986 54987 https://bugs.webkit.org/show_bug.cgi?id=53014 54988 ES5 strict mode keyword restrictions aren't implemented 54989 54990 The following are future restricted words is strict mode code: 54991 implements, interface, let, package, private, protected, public, static, yield 54992 54993 * parser/JSParser.h: 54994 - Add RESERVED_IF_STRICT token. 54995 * parser/Keywords.table: 54996 - Add new future restricted words. 54997 * parser/Lexer.cpp: 54998 (JSC::Lexer::parseIdentifier): 54999 - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT. 55000 (JSC::Lexer::lex): 55001 - Pass strictMode flag to parseIdentifier. 55002 * parser/Lexer.h: 55003 - parseIdentifier needs a strictMode flag. 55004 * runtime/CommonIdentifiers.h: 55005 - Add identifiers for new reserved words. 55006 550072011-06-16 Gavin Barraclough <barraclough@apple.com> 55008 55009 Reviewed by Oliver Hunt. 55010 55011 https://bugs.webkit.org/show_bug.cgi?id=23611 55012 Multiline Javascript comments cause incorrect parsing of following script. 55013 55014 From the spec: 55015 "A MultiLineComment [is] simply discarded if it contains no line terminator, 55016 but if a MultiLineComment contains one or more line terminators, then it is 55017 replaced with a single line terminator, which becomes part of the stream of 55018 inputs for the syntactic grammar." 55019 55020 This may result in behavioural changes, due to automatic semicolon insertion. 55021 55022 * parser/Lexer.cpp: 55023 (JSC::Lexer::parseMultilineComment): 55024 - Set m_terminator is we see a line terminator in a multiline comment. 55025 550262011-06-16 Gavin Barraclough <barraclough@apple.com> 55027 55028 Reviewed by Sam Weinig. 55029 55030 https://bugs.webkit.org/show_bug.cgi?id=62824 55031 DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT 55032 55033 CompareEq of non-integer values is the most common cause of speculation failure. 55034 55035 * dfg/DFGSpeculativeJIT.cpp: 55036 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): 55037 - Support Equals. 55038 (JSC::DFG::SpeculativeJIT::compilePeepHoleEq): 55039 - new! - peephole optimized Eq of JSValues. 55040 (JSC::DFG::SpeculativeJIT::compile): 55041 - Add peephole optimization for CompareEq. 55042 * dfg/DFGSpeculativeJIT.h: 55043 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): 55044 - Add support for dead nodes between compare & branch. 55045 (JSC::DFG::SpeculativeJIT::isInteger): 55046 - Added to determine which form of peephole to do in CompareEq. 55047 550482011-06-16 Geoffrey Garen <ggaren@apple.com> 55049 55050 Try to fix the Windows build. 55051 55052 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another 55053 symbol. 55054 55055 * bytecode/EvalCodeCache.h: 55056 * heap/HandleHeap.h: 55057 * heap/HeapRootVisitor.h: 55058 * heap/NewSpace.h: 55059 * runtime/ArgList.h: 55060 * runtime/ScopeChain.h: 55061 * runtime/SmallStrings.h: 55062 * runtime/Structure.h: Stop forward-declaring things that don't really 55063 exist anymore. 55064 550652011-06-16 Geoffrey Garen <ggaren@apple.com> 55066 55067 Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode 55068 project while crossing my fingers and facing west. 55069 55070 * JavaScriptCore.xcodeproj/project.pbxproj: 55071 550722011-06-16 Geoffrey Garen <ggaren@apple.com> 55073 55074 Build fix: Removed an incorrect symbol on Windows. 55075 55076 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 55077 550782011-06-16 Geoffrey Garen <ggaren@apple.com> 55079 55080 Build fix: Removed an accidental commit from the future. 55081 55082 * CMakeLists.txt: 55083 550842011-06-16 Geoffrey Garen <ggaren@apple.com> 55085 55086 Reviewed by Oliver Hunt. 55087 55088 Introduced SlotVisitor into the project 55089 https://bugs.webkit.org/show_bug.cgi?id=62820 55090 55091 This resolves a class vs typedef forward declaration issue, and gives all 55092 exported symbols the correct names. 55093 55094 * CMakeLists.txt: 55095 * GNUmakefile.list.am: 55096 * JavaScriptCore.exp: 55097 * JavaScriptCore.gypi: 55098 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 55099 * JavaScriptCore.xcodeproj/project.pbxproj: Build! 55100 55101 * bytecode/EvalCodeCache.h: 55102 * heap/HandleHeap.h: 55103 * heap/Heap.cpp: 55104 (JSC::Heap::Heap): 55105 (JSC::Heap::markRoots): 55106 * heap/Heap.h: 55107 * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no 55108 clients operate on a MarkStack. 55109 55110 * heap/MarkStack.cpp: 55111 (JSC::SlotVisitor::visitChildren): 55112 (JSC::SlotVisitor::drain): 55113 * heap/SlotVisitor.h: Added. 55114 (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy 55115 inheritance to give SlotVisitor all the attributes of MarkStack without 55116 making this change giant. Over time, we will move more behavior into 55117 SlotVisitor and its subclasses. 55118 55119 * heap/MarkStack.h: 55120 * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no 55121 clients operate on a MarkStack. 55122 55123 * runtime/ArgList.h: 55124 * runtime/JSCell.h: 55125 * runtime/JSObject.h: 55126 * runtime/ScopeChain.h: 55127 * runtime/SmallStrings.h: 55128 * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no 55129 clients operate on a MarkStack. 55130 551312011-06-15 Oliver Hunt <oliver@apple.com> 55132 55133 Reviewed by Geoffrey Garen. 55134 55135 Reduce memory usage of resolve_global 55136 https://bugs.webkit.org/show_bug.cgi?id=62765 55137 55138 If we have a large number of resolve_globals in a single 55139 block start planting plain resolve instructions instead 55140 whenever we aren't in a loop. This allows us to reduce 55141 the code size for extremely large functions without 55142 losing the performance benefits of op_resolve_global. 55143 55144 * bytecode/CodeBlock.h: 55145 (JSC::CodeBlock::globalResolveInfoCount): 55146 * bytecompiler/BytecodeGenerator.cpp: 55147 (JSC::BytecodeGenerator::shouldAvoidResolveGlobal): 55148 (JSC::BytecodeGenerator::emitResolve): 55149 (JSC::BytecodeGenerator::emitResolveWithBase): 55150 * bytecompiler/BytecodeGenerator.h: 55151 551522011-06-16 Qi Zhang <qi.2.zhang@nokia.com> 55153 55154 Reviewed by Laszlo Gombos. 55155 55156 [Qt] Fix building with CONFIG(use_system_icu) 55157 https://bugs.webkit.org/show_bug.cgi?id=62744 55158 55159 Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set. 55160 55161 * wtf/Platform.h: 55162 551632011-06-15 Darin Adler <darin@apple.com> 55164 55165 Reviewed by Adam Barth. 55166 55167 Remove obsolete LOOSE_OWN_PTR code 55168 https://bugs.webkit.org/show_bug.cgi?id=59909 55169 55170 The internal Apple dependency on this is gone now. 55171 55172 * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer, 55173 set function that takes a raw pointer. 55174 55175 * wtf/OwnPtr.h: Removed constructor that takes a raw pointer, 55176 set functino that takes a raw pointer. 55177 55178 * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr 55179 and assignment operator that takes a nullptr unconditional. 55180 Made constructor that takes a raw pointer private and explicit, 55181 and removed assignment operator that takes a raw pointer. 55182 55183 * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr 55184 unconditional. Made constructor that takes a raw pointer private 55185 and explicit, and removed assignment operator that takes a raw pointer. 55186 551872011-06-15 Sam Weinig <sam@webkit.org> 55188 55189 Reviewed by Geoffrey Garen and Gavin Barraclough. 55190 55191 Make access-nseive ~9x faster on the non-speculative path by 55192 adding special casing for doubles that can lossless-ly be converted 55193 to a uint32_t in getByVal and putByVal. This avoids calls to stringification 55194 and the hash lookup. Long term, we should try and get property of a getByVal 55195 and putByVal to be an integer immediate even in the non-speculative path. 55196 55197 * dfg/DFGOperations.cpp: 55198 (JSC::DFG::putByVal): 55199 (JSC::DFG::operationPutByValInternal): 55200 552012011-06-15 Oliver Hunt <oliver@apple.com> 55202 55203 Reviewed by Darin Adler. 55204 55205 REGRESSION (r88719): 5by5.tv schedule is not visible 55206 https://bugs.webkit.org/show_bug.cgi?id=62720 55207 55208 Problem here is that the lexer wasn't considering '$' to be 55209 a valid character in an identifier. 55210 55211 * parser/Lexer.h: 55212 (JSC::Lexer::lexExpectIdentifier): 55213 552142011-06-15 Oliver Hunt <oliver@apple.com> 55215 55216 Reviewed by Sam Weinig. 55217 55218 Reduce the size of global_resolve 55219 https://bugs.webkit.org/show_bug.cgi?id=62738 55220 55221 Reduce the code size of global_resolve in the JIT by replacing 55222 multiple pointer loads with a single pointer move + two offset 55223 loads. 55224 55225 * jit/JITOpcodes.cpp: 55226 (JSC::JIT::emit_op_resolve_global): 55227 * jit/JITOpcodes32_64.cpp: 55228 (JSC::JIT::emit_op_resolve_global): 55229 552302011-06-14 Geoffrey Garen <ggaren@apple.com> 55231 55232 Reviewed by Dan Bernstein. 55233 55234 Fixed an inavlid ASSERT I found while investigating 55235 <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92 55236 https://bugs.webkit.org/show_bug.cgi?id=62699 55237 55238 No test since we don't know of a way to get WebCore to deallocate the 55239 next-to-finalize handle, which is also the last handle in the list, 55240 while finalizing the second-to-last handle in the list. 55241 55242 * heap/HandleHeap.h: 55243 (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a 55244 non-0 next() after updating it, since it is valid to update m_nextToFinalize 55245 to point to the tail sentinel. 55246 55247 Do ASSERT that m_nextToFinalize has a non-0 next() before updating it, 55248 since it is not valid to update m_nextToFinalize to point past the tail 55249 sentinel. 55250 55251 Also, use m_nextToFinalize consistently for clarity. 55252 552532011-06-14 Gavin Barraclough <barraclough@apple.com> 55254 55255 Reviewed by Sam Weinig. 55256 55257 https://bugs.webkit.org/show_bug.cgi?id=43841 55258 SegmentedVector::operator== typo 55259 55260 * wtf/SegmentedVector.h: 55261 (WTF::SegmentedVectorIterator::operator==): 55262 (WTF::SegmentedVectorIterator::operator!=): 55263 552642011-06-14 Oliver Hunt <oliver@apple.com> 55265 55266 Reviewed by Gavin Barraclough. 55267 55268 Constant array literals result in unnecessarily large amounts of code 55269 https://bugs.webkit.org/show_bug.cgi?id=62658 55270 55271 Add a new version of op_new_array that simply copies values from a buffer 55272 we hang off of the CodeBlock, rather than generating code to place each 55273 entry into the registerfile, and then copying it from the registerfile into 55274 the array. This is a slight improvement on some sunspider tests, but no 55275 measurable overall change. That's okay though as our goal was to reduce 55276 code size without hurting performance. 55277 55278 * bytecode/CodeBlock.cpp: 55279 (JSC::CodeBlock::dump): 55280 * bytecode/CodeBlock.h: 55281 (JSC::CodeBlock::addImmediateBuffer): 55282 (JSC::CodeBlock::immediateBuffer): 55283 * bytecode/Opcode.h: 55284 * bytecompiler/BytecodeGenerator.cpp: 55285 (JSC::BytecodeGenerator::addImmediateBuffer): 55286 (JSC::BytecodeGenerator::emitNewArray): 55287 * bytecompiler/BytecodeGenerator.h: 55288 * bytecompiler/NodesCodegen.cpp: 55289 (JSC::ArrayNode::emitBytecode): 55290 * interpreter/Interpreter.cpp: 55291 (JSC::Interpreter::privateExecute): 55292 * jit/JIT.cpp: 55293 (JSC::JIT::privateCompileMainPass): 55294 * jit/JIT.h: 55295 * jit/JITOpcodes.cpp: 55296 (JSC::JIT::emit_op_new_array): 55297 (JSC::JIT::emit_op_new_array_buffer): 55298 * jit/JITOpcodes32_64.cpp: 55299 * jit/JITStubs.cpp: 55300 (JSC::DEFINE_STUB_FUNCTION): 55301 * jit/JITStubs.h: 55302 553032011-06-14 Sheriff Bot <webkit.review.bot@gmail.com> 55304 55305 Unreviewed, rolling out r88841. 55306 http://trac.webkit.org/changeset/88841 55307 https://bugs.webkit.org/show_bug.cgi?id=62672 55308 55309 Caused many tests to crash (Requested by rniwa on #webkit). 55310 55311 * bytecode/CodeBlock.cpp: 55312 (JSC::CodeBlock::dump): 55313 * bytecode/CodeBlock.h: 55314 * bytecode/Opcode.h: 55315 * bytecompiler/BytecodeGenerator.cpp: 55316 (JSC::BytecodeGenerator::emitNewArray): 55317 * bytecompiler/BytecodeGenerator.h: 55318 * bytecompiler/NodesCodegen.cpp: 55319 (JSC::ArrayNode::emitBytecode): 55320 * interpreter/Interpreter.cpp: 55321 (JSC::Interpreter::privateExecute): 55322 * jit/JIT.cpp: 55323 (JSC::JIT::privateCompileMainPass): 55324 * jit/JIT.h: 55325 * jit/JITOpcodes.cpp: 55326 (JSC::JIT::emit_op_new_array): 55327 * jit/JITOpcodes32_64.cpp: 55328 (JSC::JIT::emit_op_new_array): 55329 * jit/JITStubs.cpp: 55330 * jit/JITStubs.h: 55331 553322011-06-14 Oliver Hunt <oliver@apple.com> 55333 55334 Reviewed by Gavin Barraclough. 55335 55336 Constant array literals result in unnecessarily large amounts of code 55337 https://bugs.webkit.org/show_bug.cgi?id=62658 55338 55339 Add a new version of op_new_array that simply copies values from a buffer 55340 we hang off of the CodeBlock, rather than generating code to place each 55341 entry into the registerfile, and then copying it from the registerfile into 55342 the array. This is a slight improvement on some sunspider tests, but no 55343 measurable overall change. That's okay though as our goal was to reduce 55344 code size without hurting performance. 55345 55346 * bytecode/CodeBlock.cpp: 55347 (JSC::CodeBlock::dump): 55348 * bytecode/CodeBlock.h: 55349 (JSC::CodeBlock::addImmediateBuffer): 55350 (JSC::CodeBlock::immediateBuffer): 55351 * bytecode/Opcode.h: 55352 * bytecompiler/BytecodeGenerator.cpp: 55353 (JSC::BytecodeGenerator::addImmediateBuffer): 55354 (JSC::BytecodeGenerator::emitNewArray): 55355 * bytecompiler/BytecodeGenerator.h: 55356 * bytecompiler/NodesCodegen.cpp: 55357 (JSC::ArrayNode::emitBytecode): 55358 * interpreter/Interpreter.cpp: 55359 (JSC::Interpreter::privateExecute): 55360 * jit/JIT.cpp: 55361 (JSC::JIT::privateCompileMainPass): 55362 * jit/JIT.h: 55363 * jit/JITOpcodes.cpp: 55364 (JSC::JIT::emit_op_new_array): 55365 (JSC::JIT::emit_op_new_array_buffer): 55366 * jit/JITOpcodes32_64.cpp: 55367 * jit/JITStubs.cpp: 55368 (JSC::DEFINE_STUB_FUNCTION): 55369 * jit/JITStubs.h: 55370 553712011-06-14 Stephanie Lewis <slewis@apple.com> 55372 55373 Rubber stamped by Oliver Hunt. 55374 55375 <rdar://problem/9511169> 55376 Update order files. 55377 55378 * JavaScriptCore.order: 55379 553802011-06-14 Sam Weinig <sam@webkit.org> 55381 55382 Reviewed by Geoffrey Garen. 55383 55384 Fix dumping of constants to have the correct constant number. 55385 55386 * bytecode/CodeBlock.cpp: 55387 (JSC::CodeBlock::dump): 55388 553892011-06-14 Benjamin Poulain <benjamin@webkit.org> 55390 55391 Reviewed by Eric Seidel. 55392 55393 KeywordLookupGenerator's Trie does not work with Python 3 55394 https://bugs.webkit.org/show_bug.cgi?id=62635 55395 55396 With Python 3, dict.items() return an iterator. Since the iterator 55397 protocol changed between Python 2 and 3, the easiest way to get the 55398 values is to have something that use the iterator implicitely, like a 55399 for() loop. 55400 55401 * KeywordLookupGenerator.py: 55402 554032011-06-13 Oliver Hunt <oliver@apple.com> 55404 55405 Reviewed by Gavin Barraclough. 55406 55407 Fix llocp and lvalp names in the lexer to something more meaningful 55408 https://bugs.webkit.org/show_bug.cgi?id=62605 55409 55410 A simple rename 55411 55412 * parser/Lexer.cpp: 55413 (JSC::Lexer::parseIdentifier): 55414 (JSC::Lexer::parseString): 55415 (JSC::Lexer::lex): 55416 * parser/Lexer.h: 55417 (JSC::Lexer::lexExpectIdentifier): 55418 554192011-06-13 Oliver Hunt <oliver@apple.com> 55420 55421 Reviewed by Gavin Barraclough. 55422 55423 Make it possible to inline the common case of identifier lexing 55424 https://bugs.webkit.org/show_bug.cgi?id=62600 55425 55426 Add a lexing function that expects to lex an "normal" alpha numeric 55427 identifier (that ignores keywords) so it's possible to inline the 55428 common parsing cases. This comes out as a reasonable parsing speed 55429 boost. 55430 55431 * parser/JSParser.cpp: 55432 (JSC::JSParser::nextExpectIdentifier): 55433 (JSC::JSParser::parseProperty): 55434 (JSC::JSParser::parseMemberExpression): 55435 * parser/Lexer.cpp: 55436 * parser/Lexer.h: 55437 (JSC::Lexer::makeIdentifier): 55438 (JSC::Lexer::lexExpectIdentifier): 55439 554402011-06-13 Xan Lopez <xlopez@igalia.com> 55441 55442 Reviewed by Martin Robinson. 55443 55444 Distcheck fixes. 55445 55446 * GNUmakefile.am: 55447 * GNUmakefile.list.am: 55448 554492011-06-13 Oliver Hunt <oliver@apple.com> 55450 55451 Reviewed by Simon Fraser. 55452 55453 Make it possible to inline Identifier::equal 55454 https://bugs.webkit.org/show_bug.cgi?id=62584 55455 55456 Move Identifier::equal to the Identifier header file. 55457 55458 * runtime/Identifier.cpp: 55459 * runtime/Identifier.h: 55460 (JSC::Identifier::equal): 55461 554622011-06-13 Tony Chang <tony@chromium.org> 55463 55464 Reviewed by Dimitri Glazkov. 55465 55466 rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX 55467 https://bugs.webkit.org/show_bug.cgi?id=62578 55468 55469 * Configurations/FeatureDefines.xcconfig: 55470 554712011-06-13 Tony Chang <tony@chromium.org> 55472 55473 Reviewed by Adam Barth. 55474 55475 rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX 55476 https://bugs.webkit.org/show_bug.cgi?id=62545 55477 55478 * Configurations/FeatureDefines.xcconfig: 55479 554802011-06-12 Patrick Gansterer <paroga@webkit.org> 55481 55482 Unreviewed. Build fix for !ENABLE(JIT) after r88604. 55483 55484 * bytecode/CodeBlock.cpp: 55485 (JSC::CodeBlock::visitAggregate): 55486 554872011-06-11 Gavin Barraclough <barraclough@apple.com> 55488 55489 Reviewed by Darin Adler. 55490 55491 https://bugs.webkit.org/show_bug.cgi?id=16777 55492 55493 Remove #define NaN per Darin's comments. 55494 55495 * runtime/JSGlobalObjectFunctions.cpp: 55496 (JSC::parseIntOverflow): 55497 (JSC::parseInt): 55498 (JSC::jsStrDecimalLiteral): 55499 (JSC::jsToNumber): 55500 (JSC::parseFloat): 55501 * wtf/DateMath.cpp: 55502 (WTF::equivalentYearForDST): 55503 (WTF::parseES5DateFromNullTerminatedCharacters): 55504 (WTF::parseDateFromNullTerminatedCharacters): 55505 (WTF::timeClip): 55506 (JSC::parseDateFromNullTerminatedCharacters): 55507 555082011-06-11 Gavin Barraclough <barraclough@apple.com> 55509 55510 Rubber stamped by Geoff Garen. 55511 55512 https://bugs.webkit.org/show_bug.cgi?id=62503 55513 Remove JIT_OPTIMIZE_* switches 55514 55515 The alternative code paths are untested, and not well maintained. 55516 These were useful when there was more churn in the JIT, but now 55517 are a maintenance overhead. Time to move on, removing. 55518 55519 * bytecode/CodeBlock.cpp: 55520 (JSC::CodeBlock::visitAggregate): 55521 * jit/JIT.cpp: 55522 (JSC::JIT::privateCompileSlowCases): 55523 (JSC::JIT::privateCompile): 55524 (JSC::JIT::linkConstruct): 55525 * jit/JIT.h: 55526 * jit/JITCall.cpp: 55527 * jit/JITCall32_64.cpp: 55528 * jit/JITOpcodes.cpp: 55529 (JSC::JIT::privateCompileCTIMachineTrampolines): 55530 (JSC::JIT::privateCompileCTINativeCall): 55531 * jit/JITOpcodes32_64.cpp: 55532 (JSC::JIT::privateCompileCTIMachineTrampolines): 55533 (JSC::JIT::privateCompileCTINativeCall): 55534 (JSC::JIT::softModulo): 55535 * jit/JITPropertyAccess.cpp: 55536 * jit/JITPropertyAccess32_64.cpp: 55537 * jit/JITStubs.cpp: 55538 (JSC::DEFINE_STUB_FUNCTION): 55539 * runtime/Lookup.cpp: 55540 (JSC::setUpStaticFunctionSlot): 55541 * runtime/Lookup.h: 55542 * wtf/Platform.h: 55543 555442011-06-10 Gavin Barraclough <barraclough@apple.com> 55545 55546 Reviewed by Sam Weinig. 55547 55548 https://bugs.webkit.org/show_bug.cgi?id=16777 55549 Eliminate JSC::NaN and JSC::Inf 55550 55551 There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants. 55552 The ones in std::numeric_limits are perfectly good. 55553 Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite. 55554 55555 * API/JSCallbackObjectFunctions.h: 55556 (JSC::::toNumber): 55557 * API/JSValueRef.cpp: 55558 (JSValueMakeNumber): 55559 (JSValueToNumber): 55560 * JavaScriptCore.exp: 55561 * runtime/CachedTranscendentalFunction.h: 55562 (JSC::CachedTranscendentalFunction::initialize): 55563 * runtime/DateConstructor.cpp: 55564 (JSC::constructDate): 55565 * runtime/DateInstanceCache.h: 55566 (JSC::DateInstanceData::DateInstanceData): 55567 (JSC::DateInstanceCache::reset): 55568 * runtime/JSCell.cpp: 55569 * runtime/JSCell.h: 55570 (JSC::JSCell::JSValue::getPrimitiveNumber): 55571 (JSC::JSCell::JSValue::toNumber): 55572 * runtime/JSGlobalData.cpp: 55573 (JSC::JSGlobalData::JSGlobalData): 55574 (JSC::JSGlobalData::resetDateCache): 55575 * runtime/JSGlobalObject.cpp: 55576 (JSC::JSGlobalObject::reset): 55577 * runtime/JSGlobalObjectFunctions.cpp: 55578 (JSC::globalFuncParseInt): 55579 (JSC::globalFuncIsFinite): 55580 * runtime/JSNotAnObject.cpp: 55581 (JSC::JSNotAnObject::toNumber): 55582 * runtime/JSValue.cpp: 55583 * runtime/JSValue.h: 55584 * runtime/JSValueInlineMethods.h: 55585 (JSC::jsNaN): 55586 * runtime/MathObject.cpp: 55587 (JSC::mathProtoFuncMax): 55588 (JSC::mathProtoFuncMin): 55589 * runtime/NumberConstructor.cpp: 55590 (JSC::numberConstructorNegInfinity): 55591 (JSC::numberConstructorPosInfinity): 55592 * runtime/NumberPrototype.cpp: 55593 (JSC::numberProtoFuncToExponential): 55594 (JSC::numberProtoFuncToFixed): 55595 (JSC::numberProtoFuncToPrecision): 55596 (JSC::numberProtoFuncToString): 55597 * runtime/UString.cpp: 55598 * wtf/DecimalNumber.h: 55599 (WTF::DecimalNumber::DecimalNumber): 55600 * wtf/dtoa.cpp: 55601 (WTF::dtoa): 55602 556032011-06-10 Tony Chang <tony@chromium.org> 55604 55605 Reviewed by Ojan Vafai. 55606 55607 add a compile guard ENABLE(FLEXBOX) 55608 https://bugs.webkit.org/show_bug.cgi?id=62049 55609 55610 * Configurations/FeatureDefines.xcconfig: 55611 556122011-06-10 Gavin Barraclough <barraclough@apple.com> 55613 55614 Reviewed by Sam Weinig. 55615 55616 https://bugs.webkit.org/show_bug.cgi?id=55347 55617 "name" and "message" enumerable on *Error.prototype 55618 55619 This arises from chapter 15 of the spec: 55620 "Every other property described in this clause has the attributes 55621 { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true } 55622 unless otherwise specified." 55623 Standardized properties are not enumerable. 55624 55625 * runtime/ErrorInstance.cpp: 55626 (JSC::ErrorInstance::ErrorInstance): 55627 * runtime/NativeErrorPrototype.cpp: 55628 (JSC::NativeErrorPrototype::NativeErrorPrototype): 55629 556302011-06-09 Geoffrey Garen <ggaren@apple.com> 55631 55632 Build fix: Corrected header spelling. 55633 55634 * heap/OldSpace.h: 55635 556362011-06-09 Geoffrey Garen <ggaren@apple.com> 55637 55638 Reviewed by Oliver Hunt. 55639 55640 Added OldSpace to the project 55641 https://bugs.webkit.org/show_bug.cgi?id=62417 55642 55643 Currently unused. 55644 55645 Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a 55646 per-block flag for testing whether you're in NewSpace vs OldSpace. 55647 55648 * CMakeLists.txt: 55649 * GNUmakefile.list.am: 55650 * JavaScriptCore.gypi: 55651 * JavaScriptCore.pro: 55652 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 55653 * JavaScriptCore.xcodeproj/project.pbxproj: Build! 55654 55655 * heap/MarkedBlock.cpp: 55656 (JSC::MarkedBlock::MarkedBlock): 55657 * heap/MarkedBlock.h: 55658 (JSC::MarkedBlock::inNewSpace): 55659 (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in 55660 write barrier. 55661 55662 * heap/NewSpace.cpp: 55663 (JSC::NewSpace::addBlock): 55664 (JSC::NewSpace::removeBlock): 55665 * heap/NewSpace.h: 55666 (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for 55667 NewSpace-specific operations. 55668 55669 * heap/OldSpace.cpp: Added. 55670 (JSC::OldSpace::OldSpace): 55671 (JSC::OldSpace::addBlock): 55672 (JSC::OldSpace::removeBlock): 55673 * heap/OldSpace.h: Added. 55674 (JSC::OldSpace::forEachBlock): New class for holding promoted blocks. 55675 Not in use yet. 55676 556772011-06-09 Hyowon Kim <hw1008.kim@samsung.com> 55678 55679 Reviewed by Antonio Gomes. 55680 55681 [EFL] Make accelerated compositing build in Webkit-EFL 55682 https://bugs.webkit.org/show_bug.cgi?id=62361 55683 55684 Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port. 55685 55686 * wtf/Platform.h: 55687 556882011-06-09 Gavin Barraclough <barraclough@apple.com> 55689 55690 Reviewed by Geoff Garen. 55691 55692 Bug 62405 - Fix integer overflow in Array.prototype.push 55693 55694 Fix geoff's review comments re static_cast. 55695 55696 * runtime/ArrayPrototype.cpp: 55697 (JSC::arrayProtoFuncPush): 55698 556992011-06-09 Geoffrey Garen <ggaren@apple.com> 55700 55701 Reviewed by Oliver Hunt. 55702 55703 Factored MarkedBlock set management into a helper class with a fast case Bloom filter 55704 https://bugs.webkit.org/show_bug.cgi?id=62413 55705 55706 SunSpider reports a small speedup. 55707 55708 This is in preparation for having ConservativeSet operate on arbitrary 55709 sets of MarkedBlocks, and in preparation for conservative scanning 55710 becoming proportionally more important than other GC activities. 55711 55712 * GNUmakefile.list.am: 55713 * JavaScriptCore.gypi: 55714 * JavaScriptCore.xcodeproj/project.pbxproj: Build-o. 55715 55716 * heap/ConservativeRoots.cpp: 55717 (JSC::ConservativeRoots::add): 55718 * heap/ConservativeRoots.h: 55719 (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet 55720 directly, instead of a Heap, so we can operate on subsets of the Heap 55721 instead. 55722 55723 Use a TinyBloomFilter for single-cycle exclusion of most pointers. This 55724 is particularly important since we expect not to find our subject pointer 55725 in the MarkedBlock hash, and hash misses are more expensive than typical 55726 hash lookups because they have high collision rates. 55727 55728 No need for single-pointer add() to be public anymore, since nobody uses it. 55729 55730 * heap/Heap.cpp: 55731 (JSC::Heap::markRoots): 55732 * heap/Heap.h: 55733 (JSC::Heap::forEachCell): 55734 (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what 55735 ConservativeRoots relies on. 55736 55737 Nixed contains(), since nobody uses it anymore. 55738 55739 * heap/MarkedBlock.h: 55740 (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of 55741 the VM layout properties of MarkedBlocks. 55742 55743 * heap/MarkedBlockSet.h: Added. 55744 (JSC::MarkedBlockSet::add): 55745 (JSC::MarkedBlockSet::remove): 55746 (JSC::MarkedBlockSet::recomputeFilter): 55747 (JSC::MarkedBlockSet::filter): 55748 (JSC::MarkedBlockSet::set): 55749 * heap/TinyBloomFilter.h: Added. 55750 (JSC::TinyBloomFilter::TinyBloomFilter): 55751 (JSC::TinyBloomFilter::add): 55752 (JSC::TinyBloomFilter::ruleOut): New helper class, used above. 55753 55754 * interpreter/RegisterFile.cpp: 55755 (JSC::RegisterFile::gatherConservativeRoots): No need to specifically 55756 exclude values by tag -- the tiny bloom filter is already a register-register 55757 compare, so adding another "rule out" factor just slows things down. 55758 557592011-06-09 Gavin Barraclough <barraclough@apple.com> 55760 55761 Reviewed by Oliver Hunt. 55762 55763 Bug 62405 - Fix integer overflow in Array.prototype.push 55764 55765 There are three integer overflows here, leading to safe (not a security risk) 55766 but incorrect (non-spec-compliant) behaviour. 55767 55768 Two overflows occur when calculating the new length after pushing (one in the 55769 fast version of push in JSArray, one in the generic version in ArrayPrototype). 55770 The other occurs calculating indices to write to when multiple items are pushed. 55771 55772 These errors result in three test-262 failures. 55773 55774 * runtime/ArrayPrototype.cpp: 55775 (JSC::arrayProtoFuncPush): 55776 * runtime/JSArray.cpp: 55777 (JSC::JSArray::put): 55778 (JSC::JSArray::push): 55779 557802011-06-09 Dan Bernstein <mitz@apple.com> 55781 55782 Reviewed by Anders Carlsson. 55783 55784 Add Vector::reverse() 55785 https://bugs.webkit.org/show_bug.cgi?id=62393 55786 55787 * wtf/Vector.h: 55788 (WTF::Vector::reverse): Added 55789 557902011-06-08 Geoffrey Garen <ggaren@apple.com> 55791 55792 Reviewed by Oliver Hunt. 55793 55794 Factored a bunch of Heap functionality into stand-alone functors 55795 https://bugs.webkit.org/show_bug.cgi?id=62337 55796 55797 This is in preparation for making these functors operate on arbitrary 55798 sets of MarkedBlocks. 55799 55800 * JavaScriptCore.exp: This file is a small tragedy. 55801 55802 * debugger/Debugger.cpp: 55803 (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename. 55804 55805 * heap/HandleHeap.h: 55806 (JSC::HandleHeap::forEachStrongHandle): New function for iterating all 55807 strong handles, so we can play along in the functor game. 55808 55809 * heap/Heap.cpp: 55810 (JSC::CountFunctor::CountFunctor::CountFunctor): 55811 (JSC::CountFunctor::CountFunctor::count): 55812 (JSC::CountFunctor::CountFunctor::returnValue): 55813 (JSC::CountFunctor::ClearMarks::operator()): 55814 (JSC::CountFunctor::ResetAllocator::operator()): 55815 (JSC::CountFunctor::Sweep::operator()): 55816 (JSC::CountFunctor::MarkCount::operator()): 55817 (JSC::CountFunctor::Size::operator()): 55818 (JSC::CountFunctor::Capacity::operator()): 55819 (JSC::CountFunctor::Count::operator()): 55820 (JSC::CountFunctor::CountIfGlobalObject::operator()): 55821 (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty): 55822 (JSC::CountFunctor::TakeIfEmpty::operator()): 55823 (JSC::CountFunctor::TakeIfEmpty::returnValue): 55824 (JSC::CountFunctor::RecordType::RecordType): 55825 (JSC::CountFunctor::RecordType::typeName): 55826 (JSC::CountFunctor::RecordType::operator()): 55827 (JSC::CountFunctor::RecordType::returnValue): These functors factor out 55828 behavior that used to be in the functions below. 55829 55830 (JSC::Heap::clearMarks): 55831 (JSC::Heap::sweep): 55832 (JSC::Heap::objectCount): 55833 (JSC::Heap::size): 55834 (JSC::Heap::capacity): 55835 (JSC::Heap::protectedGlobalObjectCount): 55836 (JSC::Heap::protectedObjectCount): 55837 (JSC::Heap::protectedObjectTypeCounts): 55838 (JSC::Heap::objectTypeCounts): 55839 (JSC::Heap::resetAllocator): 55840 (JSC::Heap::freeBlocks): 55841 (JSC::Heap::shrink): Factored out behavior into the functors above. 55842 55843 * heap/Heap.h: 55844 (JSC::Heap::forEachProtectedCell): 55845 (JSC::Heap::forEachCell): 55846 (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose 55847 functor-based templates instead of plain iterators because they're simpler 55848 to implement in this case and they require a lot less code at the call site. 55849 55850 * heap/MarkedBlock.h: 55851 (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for 55852 trivial functors. 55853 55854 (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because 55855 we have a few different kind of "for each" now. 55856 55857 * runtime/JSGlobalData.cpp: 55858 (WTF::Recompile::operator()): 55859 (JSC::JSGlobalData::JSGlobalData): 55860 (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename. 55861 55862 * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused. 55863 558642011-06-08 Mikołaj Małecki <m.malecki@samsung.com> 55865 55866 Reviewed by Pavel Feldman. 55867 55868 Web Inspector: Crash by buffer overrun crash when serializing inspector object tree. 55869 https://bugs.webkit.org/show_bug.cgi?id=52791 55870 55871 No new tests. The problem can be reproduced by trying to create InspectorValue 55872 from 1.0e-100 and call ->toJSONString() on this. 55873 55874 * JavaScriptCore.exp: 55875 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 55876 export 2 functions DecimalNumber::bufferLengthForStringExponential and 55877 DecimalNumber::toStringExponential. 55878 558792011-06-08 Sheriff Bot <webkit.review.bot@gmail.com> 55880 55881 Unreviewed, rolling out r88404. 55882 http://trac.webkit.org/changeset/88404 55883 https://bugs.webkit.org/show_bug.cgi?id=62342 55884 55885 broke win and mac build (Requested by tony^work on #webkit). 55886 55887 * JavaScriptCore.gyp/JavaScriptCore.gyp: 55888 558892011-06-08 Evan Martin <evan@chromium.org> 55890 55891 Reviewed by Adam Barth. 55892 55893 [chromium] use gyp 'settings' type for settings target 55894 https://bugs.webkit.org/show_bug.cgi?id=62323 55895 55896 The 'settings' gyp target type is for targets that exist solely 55897 for their settings (no build rules). The comment above this target 55898 says it's for this, but it incorrectly uses 'none'. 55899 55900 * JavaScriptCore.gyp/JavaScriptCore.gyp: 55901 559022011-06-08 Sailesh Agrawal <sail@chromium.org> 55903 55904 Reviewed by Mihai Parparita. 55905 55906 Chromium Mac: Enable overlay scrollbars 55907 https://bugs.webkit.org/show_bug.cgi?id=59756 55908 55909 Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X. 55910 55911 * wtf/Platform.h: 55912 559132011-06-08 Oliver Hunt <oliver@apple.com> 55914 55915 Reviewed by Geoffrey Garen. 55916 55917 Add faster lookup cache for multi character identifiers 55918 https://bugs.webkit.org/show_bug.cgi?id=62327 55919 55920 Add a non-hash lookup for mutiple character identifiers. This saves us from 55921 adding repeated identifiers to the ParserArena's identifier list as people 55922 tend to not start all their variables and properties with the same character 55923 and happily identifier locality works in our favour. 55924 55925 * parser/ParserArena.h: 55926 (JSC::IdentifierArena::isEmpty): 55927 (JSC::IdentifierArena::clear): 55928 (JSC::IdentifierArena::makeIdentifier): 55929 559302011-06-08 Geoffrey Garen <ggaren@apple.com> 55931 55932 Reviewed by Oliver Hunt. 55933 55934 Took some responsibilities away from NewSpace 55935 https://bugs.webkit.org/show_bug.cgi?id=62325 55936 55937 NewSpace is basically just an allocator now. 55938 55939 Heap acts as a controller, responsible for managing the set of all 55940 MarkedBlocks. 55941 55942 This is in preparation for moving parts of the controller logic into 55943 separate helper classes that can act on arbitrary sets of MarkedBlocks 55944 that may or may not be in NewSpace. 55945 55946 * heap/Heap.cpp: 55947 (JSC::Heap::Heap): 55948 (JSC::Heap::destroy): 55949 (JSC::Heap::allocate): 55950 (JSC::Heap::markRoots): 55951 (JSC::Heap::clearMarks): 55952 (JSC::Heap::sweep): 55953 (JSC::Heap::objectCount): 55954 (JSC::Heap::size): 55955 (JSC::Heap::capacity): 55956 (JSC::Heap::collect): 55957 (JSC::Heap::resetAllocator): 55958 (JSC::Heap::allocateBlock): 55959 (JSC::Heap::freeBlocks): 55960 (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap, 55961 along with all functions that operate on the set of MarkedBlocks. Also 55962 moved responsibility for deciding whether to allocate a new MarkedBlock, 55963 and for allocating it. 55964 55965 * heap/Heap.h: 55966 (JSC::Heap::contains): 55967 (JSC::Heap::forEach): Ditto. 55968 55969 * heap/NewSpace.cpp: 55970 (JSC::NewSpace::addBlock): 55971 (JSC::NewSpace::removeBlock): 55972 (JSC::NewSpace::resetAllocator): 55973 * heap/NewSpace.h: 55974 (JSC::NewSpace::waterMark): 55975 (JSC::NewSpace::allocate): Ditto. 55976 559772011-06-08 Geoffrey Garen <ggaren@apple.com> 55978 55979 Reviewed by Oliver Hunt. 55980 55981 Some more MarkedSpace => NewSpace renaming 55982 https://bugs.webkit.org/show_bug.cgi?id=62305 55983 55984 * JavaScriptCore.exp: 55985 * JavaScriptCore.order: 55986 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 55987 * heap/Heap.cpp: 55988 (JSC::Heap::Heap): 55989 (JSC::Heap::destroy): 55990 (JSC::Heap::reportExtraMemoryCostSlowCase): 55991 (JSC::Heap::allocate): 55992 (JSC::Heap::markRoots): 55993 (JSC::Heap::objectCount): 55994 (JSC::Heap::size): 55995 (JSC::Heap::capacity): 55996 (JSC::Heap::collect): 55997 (JSC::Heap::isValidAllocation): 55998 * heap/Heap.h: 55999 (JSC::Heap::markedSpace): 56000 (JSC::Heap::contains): 56001 (JSC::Heap::forEach): 56002 (JSC::Heap::allocate): 56003 * runtime/JSCell.h: 56004 560052011-06-08 Kevin Ollivier <kevino@theolliviers.com> 56006 56007 Reviewed by Eric Seidel. 56008 56009 Add export macros to profiler headers. 56010 https://bugs.webkit.org/show_bug.cgi?id=27551 56011 56012 * profiler/Profiler.h: 56013 560142011-06-08 Kevin Ollivier <kevino@theolliviers.com> 56015 56016 Reviewed by Eric Seidel. 56017 56018 Add export symbols to parser headers. 56019 https://bugs.webkit.org/show_bug.cgi?id=27551 56020 56021 * parser/SourceProviderCache.h: 56022 560232011-06-08 Kevin Ollivier <kevino@theolliviers.com> 56024 56025 Reviewed by Eric Seidel. 56026 56027 Add export symbols to interpreter headers. 56028 https://bugs.webkit.org/show_bug.cgi?id=27551 56029 56030 * interpreter/Interpreter.h: 56031 560322011-06-08 Kevin Ollivier <kevino@theolliviers.com> 56033 56034 Reviewed by Eric Seidel. 56035 56036 Add export symbols to debugger headers. 56037 https://bugs.webkit.org/show_bug.cgi?id=27551 56038 56039 * debugger/Debugger.h: 56040 * debugger/DebuggerCallFrame.h: 56041 560422011-06-08 Geoffrey Garen <ggaren@apple.com> 56043 56044 Reviewed by Darin Adler. 56045 56046 Moved MarkedSpace.* to NewSpace.* in preparation for more renaming 56047 https://bugs.webkit.org/show_bug.cgi?id=62268 56048 56049 * CMakeLists.txt: 56050 * GNUmakefile.list.am: 56051 * JavaScriptCore.gypi: 56052 * JavaScriptCore.pro: 56053 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 56054 * JavaScriptCore.xcodeproj/project.pbxproj: 56055 * heap/Heap.h: 56056 * heap/MarkedBlock.h: 56057 * heap/MarkedSpace.cpp: Removed. 56058 * heap/MarkedSpace.h: Removed. 56059 * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp. 56060 * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h. 56061 560622011-06-08 Sheriff Bot <webkit.review.bot@gmail.com> 56063 56064 Unreviewed, rolling out r88365. 56065 http://trac.webkit.org/changeset/88365 56066 https://bugs.webkit.org/show_bug.cgi?id=62301 56067 56068 windows bots broken (Requested by loislo_ on #webkit). 56069 56070 * JavaScriptCore.exp: 56071 560722011-06-08 Ryan Sleevi <rsleevi@chromium.org> 56073 56074 Reviewed by Tony Chang. 56075 56076 Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6 56077 56078 Compiling Chromium port under GCC 4.6 produces warnings about nullptr 56079 https://bugs.webkit.org/show_bug.cgi?id=62242 56080 56081 * JavaScriptCore.gyp/JavaScriptCore.gyp: 56082 560832011-06-08 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org> 56084 56085 Reviewed by Andreas Kling. 56086 56087 Webkit on SPARC Solaris has wrong endian 56088 https://bugs.webkit.org/show_bug.cgi?id=29407 56089 56090 Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but 56091 there are more ocurrences of the same code pattern in webkit. 56092 56093 This patch includes the check on these other parts of the code. 56094 56095 This is a speculative fix, I don't have a sparc machine to test and 56096 don't know which kind of test would trigger a crash (but it's quite 56097 obvious that it's the same code duplicated in different files). 56098 56099 * runtime/UString.h: 56100 (JSC::UStringHash::equal): 56101 * wtf/text/StringHash.h: 56102 (WTF::StringHash::equal): 56103 561042011-06-08 Yael Aharon <yael.aharon@nokia.com> 56105 56106 Reviewed by Andreas Kling. 56107 56108 [Qt] Build fix for building QtWebKit inside of Qt. 56109 https://bugs.webkit.org/show_bug.cgi?id=62280 56110 56111 Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore 56112 into QtWebKit.prl. 56113 56114 No new tests, as this is just a build fix. 56115 56116 * JavaScriptCore.pri: 56117 561182011-06-07 Geoffrey Garen <ggaren@apple.com> 56119 56120 Reviewed by Oliver Hunt. 56121 56122 Split 'reset' into 'collect' and 'resetAllocator' 56123 https://bugs.webkit.org/show_bug.cgi?id=62267 56124 56125 * heap/Heap.cpp: 56126 (JSC::Heap::allocate): 56127 (JSC::Heap::collectAllGarbage): 56128 (JSC::Heap::collect): 56129 * heap/Heap.h: 56130 * heap/MarkedBlock.h: 56131 (JSC::MarkedBlock::resetAllocator): 56132 * heap/MarkedSpace.cpp: 56133 (JSC::MarkedSpace::resetAllocator): 56134 * heap/MarkedSpace.h: 56135 (JSC::MarkedSpace::SizeClass::resetAllocator): 56136 561372011-06-07 Geoffrey Garen <ggaren@apple.com> 56138 56139 Reviewed by Sam Weinig. 56140 56141 Renamed some more marks to visits 56142 https://bugs.webkit.org/show_bug.cgi?id=62254 56143 56144 * heap/HandleHeap.cpp: 56145 (JSC::HandleHeap::visitStrongHandles): 56146 (JSC::HandleHeap::visitWeakHandles): 56147 * heap/HandleHeap.h: 56148 * heap/HandleStack.cpp: 56149 (JSC::HandleStack::visit): 56150 * heap/HandleStack.h: 56151 * heap/Heap.cpp: 56152 (JSC::Heap::markProtectedObjects): 56153 (JSC::Heap::markTempSortVectors): 56154 (JSC::Heap::markRoots): 56155 * heap/HeapRootVisitor.h: 56156 (JSC::HeapRootVisitor::visit): 56157 * runtime/ArgList.cpp: 56158 (JSC::MarkedArgumentBuffer::markLists): 56159 561602011-06-07 Gavin Barraclough <barraclough@apple.com> 56161 56162 Reviewed by Sam Weinig 56163 56164 https://bugs.webkit.org/show_bug.cgi?id=55537 56165 Functions claim to have 'callee' which they actually don't (and shouldn't) 56166 56167 * JavaScriptCore.xcodeproj/project.pbxproj: 56168 * runtime/JSFunction.cpp: 56169 (JSC::JSFunction::getOwnPropertyNames): 56170 561712011-06-07 Juan C. Montemayor <jmont@apple.com> 56172 56173 Reviewed by Darin Adler. 56174 56175 Make JSStaticFunction and JSStaticValue less "const" 56176 https://bugs.webkit.org/show_bug.cgi?id=62222 56177 56178 * API/JSObjectRef.h: 56179 * API/tests/testapi.c: 56180 (checkConstnessInJSObjectNames): 56181 (main): 56182 * JavaScriptCore.xcodeproj/project.pbxproj: 56183 561842011-06-07 Gavin Barraclough <barraclough@apple.com> 56185 56186 Reviewed by Sam Weinig. 56187 56188 https://bugs.webkit.org/show_bug.cgi?id=62240 56189 DFG JIT - add support for for-loop array initialization. 56190 56191 Support put by val beyond vector length. 56192 Add a operationPutByValBeyondArrayBounds operation, make 56193 PutValVal call this if the vector length check fails. 56194 56195 * dfg/DFGJITCodeGenerator.h: 56196 (JSC::DFG::JITCodeGenerator::silentSpillGPR): 56197 (JSC::DFG::JITCodeGenerator::silentFillGPR): 56198 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): 56199 (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value): 56200 (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value): 56201 (JSC::DFG::JITCodeGenerator::isIntegerConstant): 56202 (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant): 56203 * dfg/DFGOperations.cpp: 56204 (JSC::DFG::operationPutByValInternal): 56205 * dfg/DFGOperations.h: 56206 * dfg/DFGSpeculativeJIT.cpp: 56207 (JSC::DFG::SpeculativeJIT::compile): 56208 * dfg/DFGSpeculativeJIT.h: 56209 562102011-06-06 James Simonsen <simonjam@chromium.org> 56211 56212 Reviewed by James Robinson. 56213 56214 Add monotonicallyIncreasingTime() to get monotonically increasing time 56215 https://bugs.webkit.org/show_bug.cgi?id=37743 56216 56217 * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime(). 56218 (WTF::monotonicallyIncreasingTime): 56219 * wtf/CurrentTime.h: Add monotonicallyIncreasingTime(). 56220 562212011-06-06 Alexandru Chiculita <achicu@adobe.com> 56222 56223 Reviewed by Kent Tamura. 56224 56225 Add ENABLE_CSS_EXCLUSIONS support for build-webkit script 56226 https://bugs.webkit.org/show_bug.cgi?id=61628 56227 56228 * Configurations/FeatureDefines.xcconfig: 56229 562302011-06-06 Mihnea Ovidenie <mihnea@adobe.com> 56231 56232 Reviewed by Kent Tamura. 56233 56234 Add ENABLE(CSS_REGIONS) guard for CSS Regions support 56235 https://bugs.webkit.org/show_bug.cgi?id=61631 56236 56237 * Configurations/FeatureDefines.xcconfig: 56238 562392011-06-06 Carlos Garcia Campos <cgarcia@igalia.com> 56240 56241 Unreviewed. Fix the GTK+ build. 56242 56243 * GNUmakefile.am: Add javascriptcore_cflags variable. 56244 562452011-06-04 Kevin Ollivier <kevino@theolliviers.com> 56246 56247 [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures 56248 to build on Mac. 56249 56250 * wtf/Platform.h: 56251 562522011-06-04 Gustavo Noronha Silva <gns@gnome.org> 56253 56254 Unreviewed, MIPS build fix. 56255 56256 WebKitGTK+ tarball fails to build on MIPS. 56257 https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691 56258 56259 * GNUmakefile.list.am: Add missing MIPS-related file to the list 56260 of files that are added to the tarball on make dist, and fix 56261 sorting. 56262 562632011-06-04 Sam Weinig <sam@webkit.org> 56264 56265 Reviewed by Darin Adler. 56266 56267 Fix formatting of the output generated by KeywordLookupGenerator.py 56268 https://bugs.webkit.org/show_bug.cgi?id=62083 56269 56270 - Uses correct year for copyright. 56271 - Puts ending brace on same line as "else if" 56272 - Puts starting brace of function on its own line. 56273 - Adds some tasteful whitespace. 56274 - Adds comments to make clear that scopes are ending 56275 - Make macros actually split on two lines. 56276 56277 * KeywordLookupGenerator.py: 56278 562792011-06-04 Adam Barth <abarth@webkit.org> 56280 56281 Reviewed by Eric Seidel. 56282 56283 KeywordLookupGenerator.py spams stdout in Chromium Linux build 56284 https://bugs.webkit.org/show_bug.cgi?id=62087 56285 56286 This action does not appear to be needed. 56287 56288 * JavaScriptCore.gyp/JavaScriptCore.gyp: 56289 562902011-06-03 Oliver Hunt <oliver@apple.com> 56291 56292 Reviewed by Maciej Stachowiak. 56293 56294 Lexer needs to provide Identifier for reserved words 56295 https://bugs.webkit.org/show_bug.cgi?id=62086 56296 56297 Alas it is necessary to provide an Identifier reference for keywords 56298 so that we can do the right thing when they're used in object literals. 56299 We now keep Identifiers for all reserved words in the CommonIdentifiers 56300 structure so that we can access them without a hash lookup. 56301 56302 * KeywordLookupGenerator.py: 56303 * parser/Lexer.cpp: 56304 (JSC::Lexer::parseIdentifier): 56305 * parser/Lexer.h: 56306 * runtime/CommonIdentifiers.cpp: 56307 (JSC::CommonIdentifiers::CommonIdentifiers): 56308 * runtime/CommonIdentifiers.h: 56309 563102011-06-03 Gavin Barraclough <barraclough@apple.com> 56311 56312 Reviewed by Sam Weinig. 56313 56314 Add debug code to break on speculation failures. 56315 56316 * dfg/DFGJITCompiler.cpp: 56317 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 56318 (JSC::DFG::JITCompiler::compileFunction): 56319 * dfg/DFGNode.h: 56320 563212011-06-03 Gavin Barraclough <barraclough@apple.com> 56322 56323 Reviewed by Sam Weinig. 56324 56325 https://bugs.webkit.org/show_bug.cgi?id=62082 56326 DFG JIT - bug passing arguments that need swap 56327 56328 This is really just a typo. 56329 When setting up the arguments for a call out to a C operation, we'll 56330 fail to swap arguments where this is necessary. For example, in the 56331 case of 2 arg calls, where the first argument is in %rdx & the second 56332 is in %rsi we should swap (exec will be passed in %rdi), but we don't. 56333 56334 This can also affect function calls passing three arguments. 56335 56336 * dfg/DFGJITCodeGenerator.h: 56337 (JSC::DFG::JITCodeGenerator::setupTwoStubArgs): 56338 - Call swap with the correct arguments. 56339 563402011-06-03 Oliver Hunt <oliver@apple.com> 56341 56342 Reviewed by Gavin Barraclough. 56343 56344 Force inlining of some hot lexer functions 56345 https://bugs.webkit.org/show_bug.cgi?id=62079 56346 56347 Fix more GCC stupidity 56348 56349 * parser/Lexer.h: 56350 (JSC::Lexer::isWhiteSpace): 56351 (JSC::Lexer::isLineTerminator): 56352 563532011-06-03 Oliver Hunt <oliver@apple.com> 56354 56355 Reviewed by Gavin Barraclough. 56356 56357 GCC not inlining some functions that it really should be 56358 https://bugs.webkit.org/show_bug.cgi?id=62075 56359 56360 Add ALWAYS_INLINE to a number of parsing and lexing functions 56361 that should always be inlined. This gets us ~1.4% on my ad hoc 56362 parser test. 56363 56364 * KeywordLookupGenerator.py: 56365 * parser/JSParser.cpp: 56366 (JSC::JSParser::next): 56367 (JSC::JSParser::nextTokenIsColon): 56368 (JSC::JSParser::consume): 56369 (JSC::JSParser::match): 56370 (JSC::JSParser::tokenStart): 56371 (JSC::JSParser::tokenLine): 56372 (JSC::JSParser::tokenEnd): 56373 * parser/Lexer.cpp: 56374 (JSC::isIdentPart): 56375 563762011-06-03 Oliver Hunt <oliver@apple.com> 56377 56378 Whoops, fix last minute bug. 56379 56380 * parser/Lexer.cpp: 56381 (JSC::Lexer::parseIdentifier): 56382 563832011-06-03 Martin Robinson <mrobinson@igalia.com> 56384 56385 Try to fix the GTK+ build. 56386 56387 * GNUmakefile.am: Clean up some spaces that should be tabs. 56388 * GNUmakefile.list.am: Add KeywordLookup.h to the source list 56389 and clean up some spaces that should be tabs. 56390 563912011-06-03 Oliver Hunt <oliver@apple.com> 56392 56393 Reviewed by Geoffrey Garen. 56394 56395 Improve keyword lookup 56396 https://bugs.webkit.org/show_bug.cgi?id=61913 56397 56398 Rather than doing multiple hash lookups as we currently 56399 do when trying to identify keywords we now use an 56400 automatically generated decision tree (essentially it's 56401 a hard coded patricia trie). We still use the regular 56402 lookup table for the last few characters of an input as 56403 this allows us to completely skip all bounds checks. 56404 56405 * CMakeLists.txt: 56406 * DerivedSources.make: 56407 * DerivedSources.pro: 56408 * GNUmakefile.am: 56409 * JavaScriptCore.gyp/JavaScriptCore.gyp: 56410 * JavaScriptCore.xcodeproj/project.pbxproj: 56411 * KeywordLookupGenerator.py: Added. 56412 * make-generated-sources.sh: 56413 * parser/Lexer.cpp: 56414 (JSC::Lexer::internalShift): 56415 (JSC::Lexer::shift): 56416 (JSC::Lexer::parseIdentifier): 56417 * parser/Lexer.h: 56418 564192011-06-03 Siddharth Mathur <siddharth.mathur@nokia.com> 56420 56421 Reviewed by Benjamin Poulain. 56422 56423 [Qt] Build flag for experimental ICU library support 56424 https://bugs.webkit.org/show_bug.cgi?id=60786 56425 56426 Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental 56427 ICU powered Unicode support. 56428 56429 * JavaScriptCore.pri: Support for use_system_icu CONFIG flag. 56430 * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). 56431 564322011-06-03 Alexis Menard <alexis.menard@openbossa.org> 56433 56434 Reviewed by Benjamin Poulain. 56435 56436 [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6. 56437 https://bugs.webkit.org/show_bug.cgi?id=61957 56438 56439 When building inside the Qt source tree, qmake always append the mkspecs 56440 defines after ours. We have to workaround and make sure that we append 56441 our flags after the qmake variable used inside Qt. This workaround was provided 56442 by our qmake folks. We need to append in both case because qmake behave differently 56443 when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port. 56444 56445 * JavaScriptCore.pro: 56446 564472011-06-02 Jay Civelli <jcivelli@chromium.org> 56448 56449 Reviewed by Adam Barth. 56450 56451 Added a method to generate RFC 2822 compliant date strings. 56452 https://bugs.webkit.org/show_bug.cgi?id=7169 56453 56454 * wtf/DateMath.cpp: 56455 (WTF::twoDigitStringFromNumber): 56456 (WTF::makeRFC2822DateString): 56457 * wtf/DateMath.h: 56458 564592011-06-02 Alexis Menard <alexis.menard@openbossa.org> 56460 56461 Reviewed by Andreas Kling. 56462 56463 [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6. 56464 https://bugs.webkit.org/show_bug.cgi?id=61957 56465 56466 When building inside the Qt source tree, qmake always append the mkspecs 56467 defines after ours. We have to workaround and make sure that we append 56468 our flags after the qmake variable used inside Qt. This workaround was provided 56469 by our qmake folks. 56470 56471 * JavaScriptCore.pro: 56472 564732011-06-01 Oliver Hunt <oliver@apple.com> 56474 56475 Reviewed by Geoffrey Garen. 56476 56477 Add single character lookup cache to IdentifierArena 56478 https://bugs.webkit.org/show_bug.cgi?id=61879 56479 56480 Add a simple lookup cache for single ascii character 56481 identifiers. Produces around a 2% improvement in parse 56482 time for my adhoc parser test. 56483 56484 * parser/ParserArena.h: 56485 (JSC::IdentifierArena::IdentifierArena): 56486 (JSC::IdentifierArena::clear): 56487 (JSC::IdentifierArena::makeIdentifier): 56488 564892011-05-31 Oliver Hunt <oliver@apple.com> 56490 56491 Reviewed by Geoffrey Garen. 56492 56493 Freezing a function and its prototype causes browser to crash. 56494 https://bugs.webkit.org/show_bug.cgi?id=61758 56495 56496 Make JSObject::preventExtensions virtual so that we can override it 56497 and instantiate all lazy 56498 56499 * JavaScriptCore.exp: 56500 * runtime/JSFunction.cpp: 56501 (JSC::createPrototypeProperty): 56502 (JSC::JSFunction::preventExtensions): 56503 (JSC::JSFunction::getOwnPropertySlot): 56504 * runtime/JSFunction.h: 56505 * runtime/JSObject.h: 56506 * runtime/JSObject.cpp: 56507 (JSC::JSObject::seal): 56508 (JSC::JSObject::seal): 56509 565102011-06-01 Sheriff Bot <webkit.review.bot@gmail.com> 56511 56512 Unreviewed, rolling out r87788. 56513 http://trac.webkit.org/changeset/87788 56514 https://bugs.webkit.org/show_bug.cgi?id=61856 56515 56516 breaks windows chromium canary (Requested by jknotten on 56517 #webkit). 56518 56519 * wtf/DateMath.cpp: 56520 (WTF::timeClip): 56521 * wtf/DateMath.h: 56522 565232011-06-01 Jay Civelli <jcivelli@chromium.org> 56524 56525 Reviewed by Adam Barth. 56526 56527 Added a method to generate RFC 2822 compliant date strings. 56528 https://bugs.webkit.org/show_bug.cgi?id=7169 56529 56530 * wtf/DateMath.cpp: 56531 (WTF::twoDigitStringFromNumber): 56532 (WTF::makeRFC2822DateString): 56533 * wtf/DateMath.h: 56534 565352011-05-31 Yong Li <yoli@rim.com> 56536 56537 Reviewed by Eric Seidel. 56538 56539 https://bugs.webkit.org/show_bug.cgi?id=54807 56540 We have been assuming plain bitfields (like "int a : 31") are always signed integers. 56541 However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain 56542 bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned. 56543 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html 56544 Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers, 56545 always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good 56546 rule we should have in order to make our code independent from compilers and compiler flags. 56547 56548 No new test added because this change is not known to fix any issue. 56549 56550 * bytecode/StructureStubInfo.h: 56551 565522011-05-30 Hojong Han <hojong.han@samsung.com> 56553 56554 Reviewed by Geoffrey Garen. 56555 56556 [JSC] malfunction during arithmetic condition check with negative number (-2147483648) 56557 https://bugs.webkit.org/show_bug.cgi?id=61416 56558 56559 * assembler/MacroAssemblerARM.h: 56560 (JSC::MacroAssemblerARM::branch32): 56561 * tests/mozilla/ecma/Expressions/11.12-1.js: 56562 (getTestCases): 56563 565642011-05-29 Geoffrey Garen <ggaren@apple.com> 56565 56566 Reviewed by Sam Weinig. 56567 56568 Some heap refactoring 56569 https://bugs.webkit.org/show_bug.cgi?id=61704 56570 56571 SunSpider says no change. 56572 56573 * JavaScriptCore.exp: Export! 56574 56575 * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now. 56576 56577 (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap. 56578 56579 (JSC::Heap::allocate): Changed inline allocation code to only select the 56580 size class, since this can be optimized out at compile time -- everything 56581 else is now inlined into this out-of-line function. 56582 56583 No need to duplicate ASSERTs made in our caller. 56584 56585 * heap/Heap.h: 56586 (JSC::Heap::heap): 56587 (JSC::Heap::isMarked): 56588 (JSC::Heap::testAndSetMarked): 56589 (JSC::Heap::testAndClearMarked): 56590 (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding 56591 a layer of indirection through MarkedSpace. 56592 56593 (JSC::Heap::allocate): See above. 56594 56595 * heap/MarkedBlock.cpp: 56596 (JSC::MarkedBlock::create): 56597 (JSC::MarkedBlock::MarkedBlock): 56598 * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap. 56599 56600 * heap/MarkedSpace.cpp: 56601 (JSC::MarkedSpace::MarkedSpace): 56602 (JSC::MarkedSpace::allocateBlock): 56603 * heap/MarkedSpace.h: 56604 (JSC::MarkedSpace::allocate): Updated to match changes above. 56605 566062011-05-28 David Kilzer <ddkilzer@apple.com> 56607 56608 BUILD FIX when building only the interpreter 56609 56610 Fixes the following compiler warning: 56611 56612 JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3] 56613 void releaseExecutableMemory(JSGlobalData& globalData) 56614 ^ 56615 56616 * jit/ExecutableAllocator.h: Moved declaration of 56617 JSC::releaseExecutableMemory(). 56618 566192011-05-28 David Kilzer <ddkilzer@apple.com> 56620 56621 BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION) 56622 56623 * assembler/LinkBuffer.h: 56624 (JSC::LinkBuffer::linkCode): Added missing argument. 56625 566262011-05-27 Geoffrey Garen <ggaren@apple.com> 56627 56628 Reviewed by Oliver Hunt. 56629 56630 JS API is too aggressive about throwing exceptions for NULL get or set operations 56631 https://bugs.webkit.org/show_bug.cgi?id=61678 56632 56633 * API/JSCallbackObject.h: Changed our staticValueGetter to a regular 56634 function that returns a JSValue, so it can fail and still forward to 56635 normal property lookup. 56636 56637 * API/JSCallbackObjectFunctions.h: 56638 (JSC::::getOwnPropertySlot): Don't throw an exception when failing to 56639 access a static property -- just forward the access. This allows objects 56640 to observe get/set operations but still let the JS object manage lifetime. 56641 56642 (JSC::::put): Ditto. 56643 56644 (JSC::::getStaticValue): Same as JSCallbackObject.h. 56645 56646 * API/tests/testapi.c: 56647 (MyObject_set_nullGetForwardSet): 56648 * API/tests/testapi.js: Updated tests to reflect slightly less strict 56649 behavior, which matches headerdoc claims. 56650 566512011-05-27 Geoffrey Garen <ggaren@apple.com> 56652 56653 Reviewed by Oliver Hunt. 56654 56655 Property caching is too aggressive for API objects 56656 https://bugs.webkit.org/show_bug.cgi?id=61677 56657 56658 * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our 56659 callback APIs allow the client to change its mind about our propertis at 56660 any time. 56661 56662 * API/tests/testapi.c: 56663 (PropertyCatchalls_getProperty): 56664 (PropertyCatchalls_setProperty): 56665 (PropertyCatchalls_getPropertyNames): 56666 (PropertyCatchalls_class): 56667 (main): 56668 * API/tests/testapi.js: Some tests for dynamic API objects. 56669 56670 * interpreter/Interpreter.cpp: 56671 (JSC::Interpreter::tryCachePutByID): 56672 (JSC::Interpreter::tryCacheGetByID): 56673 * jit/JITStubs.cpp: 56674 (JSC::JITThunks::tryCachePutByID): 56675 (JSC::JITThunks::tryCacheGetByID): 56676 (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client 56677 requires it. 56678 56679 * runtime/JSTypeInfo.h: 56680 (JSC::TypeInfo::TypeInfo): 56681 (JSC::TypeInfo::isFinal): 56682 (JSC::TypeInfo::prohibitsPropertyCaching): 56683 (JSC::TypeInfo::flags): Added a flag to track opting out of property 56684 caching. Fixed an "&&" vs "&" typo that was previously harmless, but 56685 is now harmful since m_flags2 can have more than one bit set. 56686 566872011-05-27 Stephanie Lewis <slewis@apple.com> 56688 56689 Unreviewed. 56690 56691 Fix a typo in the order_file flag. 56692 56693 * Configurations/Base.xcconfig: 56694 566952011-05-27 Patrick Gansterer <paroga@webkit.org> 56696 56697 Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527. 56698 56699 * runtime/JSGlobalData.cpp: 56700 (JSGlobalData::JSGlobalData): 56701 567022011-05-27 Oliver Hunt <oliver@apple.com> 56703 56704 Reviewed by Geoffrey Garen. 56705 56706 Add a few validity assertions to JSCallbackObject 56707 https://bugs.webkit.org/show_bug.cgi?id=61659 56708 56709 * API/JSCallbackObject.h: 56710 (JSC::JSCallbackObject::visitChildren): 56711 567122011-05-27 Oliver Hunt <oliver@apple.com> 56713 56714 Build fix 56715 56716 * runtime/RegExpCache.cpp: 56717 (JSC::RegExpCache::invalidateCode): 56718 567192011-05-27 Oliver Hunt <oliver@apple.com> 56720 56721 Reviewed by Geoffrey Garen. 56722 56723 Try to release unused executable memory when the FixedVMPool allocator is under pressure 56724 https://bugs.webkit.org/show_bug.cgi?id=61651 56725 56726 Rather than crashing when full the FixedVMPool allocator now returns a null 56727 allocation. We replace the code that used to CRASH() on null allocations 56728 with logic that asks the provided globalData to release any executable memory 56729 that it can. Currently this just means throwing away all regexp code, but 56730 in future we'll try to be more aggressive. 56731 56732 * assembler/ARMAssembler.cpp: 56733 (JSC::ARMAssembler::executableCopy): 56734 * assembler/ARMAssembler.h: 56735 * assembler/AssemblerBuffer.h: 56736 (JSC::AssemblerBuffer::executableCopy): 56737 * assembler/AssemblerBufferWithConstantPool.h: 56738 * assembler/LinkBuffer.h: 56739 (JSC::LinkBuffer::LinkBuffer): 56740 (JSC::LinkBuffer::linkCode): 56741 * assembler/MIPSAssembler.h: 56742 (JSC::MIPSAssembler::executableCopy): 56743 * assembler/SH4Assembler.h: 56744 (JSC::SH4Assembler::executableCopy): 56745 * assembler/X86Assembler.h: 56746 (JSC::X86Assembler::executableCopy): 56747 (JSC::X86Assembler::X86InstructionFormatter::executableCopy): 56748 * dfg/DFGJITCompiler.cpp: 56749 (JSC::DFG::JITCompiler::compileFunction): 56750 * jit/ExecutableAllocator.h: 56751 (JSC::ExecutablePool::create): 56752 (JSC::ExecutablePool::alloc): 56753 (JSC::ExecutableAllocator::ExecutableAllocator): 56754 (JSC::ExecutableAllocator::poolForSize): 56755 (JSC::ExecutablePool::ExecutablePool): 56756 (JSC::ExecutablePool::poolAllocate): 56757 * jit/ExecutableAllocatorFixedVMPool.cpp: 56758 (JSC::FixedVMPoolAllocator::alloc): 56759 * jit/JIT.cpp: 56760 (JSC::JIT::privateCompile): 56761 * jit/JITOpcodes.cpp: 56762 (JSC::JIT::privateCompileCTIMachineTrampolines): 56763 * jit/JITOpcodes32_64.cpp: 56764 (JSC::JIT::privateCompileCTIMachineTrampolines): 56765 (JSC::JIT::privateCompileCTINativeCall): 56766 * jit/JITPropertyAccess.cpp: 56767 (JSC::JIT::stringGetByValStubGenerator): 56768 (JSC::JIT::privateCompilePutByIdTransition): 56769 (JSC::JIT::privateCompilePatchGetArrayLength): 56770 (JSC::JIT::privateCompileGetByIdProto): 56771 (JSC::JIT::privateCompileGetByIdSelfList): 56772 (JSC::JIT::privateCompileGetByIdProtoList): 56773 (JSC::JIT::privateCompileGetByIdChainList): 56774 (JSC::JIT::privateCompileGetByIdChain): 56775 * jit/JITPropertyAccess32_64.cpp: 56776 (JSC::JIT::stringGetByValStubGenerator): 56777 (JSC::JIT::privateCompilePutByIdTransition): 56778 (JSC::JIT::privateCompilePatchGetArrayLength): 56779 (JSC::JIT::privateCompileGetByIdProto): 56780 (JSC::JIT::privateCompileGetByIdSelfList): 56781 (JSC::JIT::privateCompileGetByIdProtoList): 56782 (JSC::JIT::privateCompileGetByIdChainList): 56783 (JSC::JIT::privateCompileGetByIdChain): 56784 * jit/SpecializedThunkJIT.h: 56785 (JSC::SpecializedThunkJIT::finalize): 56786 * jit/ThunkGenerators.cpp: 56787 (JSC::charCodeAtThunkGenerator): 56788 (JSC::charAtThunkGenerator): 56789 (JSC::fromCharCodeThunkGenerator): 56790 (JSC::sqrtThunkGenerator): 56791 (JSC::powThunkGenerator): 56792 * runtime/JSGlobalData.cpp: 56793 (JSC::JSGlobalData::JSGlobalData): 56794 (JSC::JSGlobalData::releaseExecutableMemory): 56795 (JSC::releaseExecutableMemory): 56796 * runtime/JSGlobalData.h: 56797 * runtime/RegExpCache.cpp: 56798 (JSC::RegExpCache::invalidateCode): 56799 * runtime/RegExpCache.h: 56800 * yarr/YarrJIT.cpp: 56801 (JSC::Yarr::YarrGenerator::compile): 56802 568032011-05-26 Geoffrey Garen <ggaren@apple.com> 56804 56805 Reviewed by Oliver Hunt. 56806 56807 Optimized ConservativeSet to avoid double-visiting objects 56808 https://bugs.webkit.org/show_bug.cgi?id=61592 56809 56810 SunSpider thinks this might be a 1% speedup 56811 56812 * heap/ConservativeRoots.h: 56813 (JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting 56814 an object. 56815 56816 * heap/Heap.h: 56817 (JSC::Heap::isMarked): 56818 (JSC::Heap::testAndSetMarked): 56819 (JSC::Heap::testAndClearMarked): 56820 (JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type 56821 to void*, since clients want to ask questions about arbitrary pointers 56822 into the heap, even when they aren't known to be JSCells. 56823 56824 * heap/MarkedBlock.h: 56825 (JSC::MarkedBlock::testAndClearMarked): 56826 * heap/MarkedSpace.h: 56827 (JSC::MarkedSpace::isMarked): 56828 (JSC::MarkedSpace::testAndSetMarked): 56829 (JSC::MarkedSpace::testAndClearMarked): 56830 (JSC::MarkedSpace::setMarked): 56831 (JSC::MarkedSpace::contains): Ditto. 56832 56833 * wtf/Bitmap.h: 56834 (WTF::::testAndClear): New function for ConservativeRoots's inverted 56835 marking pass. 56836 568372011-05-27 Stephanie Lewis <slewis@apple.com> 56838 56839 Rubber Stamped by Adam Roben. 56840 56841 Update Order Files. Use -order_file flag since it can order more of the binary. 56842 56843 * Configurations/Base.xcconfig: 56844 * JavaScriptCore.order: 56845 568462011-05-26 Geoffrey Garen <ggaren@apple.com> 56847 56848 Reviewed by Oliver Hunt. 56849 56850 Renamed heapRootMarker to heapRootVisitor to match its class name 56851 https://bugs.webkit.org/show_bug.cgi?id=61584 56852 56853 * heap/Heap.cpp: 56854 (JSC::Heap::markProtectedObjects): 56855 (JSC::Heap::markTempSortVectors): 56856 (JSC::Heap::markRoots): 56857 568582011-05-26 Geoffrey Garen <ggaren@apple.com> 56859 56860 Reviewed by Oliver Hunt. 56861 56862 Removed some interdependency between Heap and SmallStrings by simplifying 56863 the SmallStrings lifetime model 56864 https://bugs.webkit.org/show_bug.cgi?id=61579 56865 56866 SunSpider reports no change. 56867 56868 Using Weak<T> could accomplish this too, but we're not sure it will give 56869 us the performance we need. This is a first step, and it accomplishes 56870 most of the value of using Weak<T>. 56871 56872 * heap/Heap.cpp: 56873 (JSC::Heap::destroy): 56874 (JSC::Heap::markRoots): 56875 (JSC::Heap::reset): Finalize small strings just like other weak handles. 56876 56877 * runtime/SmallStrings.cpp: 56878 (JSC::finalize): 56879 (JSC::SmallStrings::finalizeSmallStrings): 56880 * runtime/SmallStrings.h: Make all small strings trivially weak, instead 56881 of having an "all for one, one for all" memory model. 56882 568832011-05-26 Oliver Hunt <oliver@apple.com> 56884 56885 Reviewed by Geoffrey Garen. 56886 56887 Make RegExpCache a weak map 56888 https://bugs.webkit.org/show_bug.cgi?id=61554 56889 56890 Switch to a weak map for the regexp cache, and hide that 56891 behaviour behind RegExp::create. 56892 56893 When a RegExp is compiled it attempts to add itself to 56894 the "strong" cache. This cache is a simple round-robin 56895 buffer as was the old strong cache. Happily this can 56896 be smaller than the old strong cache as RegExps are only 56897 added when they're compiled so it is under less pressure 56898 to evict. 56899 56900 * bytecompiler/NodesCodegen.cpp: 56901 (JSC::RegExpNode::emitBytecode): 56902 * runtime/RegExp.cpp: 56903 (JSC::RegExp::RegExp): 56904 (JSC::RegExp::create): 56905 (JSC::RegExp::match): 56906 * runtime/RegExp.h: 56907 (JSC::RegExp::gcShouldInvalidateCode): 56908 (JSC::RegExp::hasCode): 56909 (JSC::RegExp::key): 56910 * runtime/RegExpCache.cpp: 56911 (JSC::RegExpCache::lookupOrCreate): 56912 (JSC::RegExpCache::RegExpCache): 56913 (JSC::RegExpCache::isReachableFromOpaqueRoots): 56914 (JSC::RegExpCache::finalize): 56915 * runtime/RegExpCache.h: 56916 * runtime/RegExpConstructor.cpp: 56917 (JSC::constructRegExp): 56918 * runtime/RegExpPrototype.cpp: 56919 (JSC::regExpProtoFuncCompile): 56920 * runtime/StringPrototype.cpp: 56921 (JSC::stringProtoFuncMatch): 56922 (JSC::stringProtoFuncSearch): 56923 569242011-05-26 Geoffrey Garen <ggaren@apple.com> 56925 56926 Reviewed by Oliver Hunt. 56927 56928 Moved Heap-related functions out of JSCell.h and into respective header files 56929 https://bugs.webkit.org/show_bug.cgi?id=61567 56930 56931 * heap/Heap.h: 56932 (JSC::Heap::allocate): 56933 (JSC::Heap::heap): 56934 * heap/MarkedBlock.h: 56935 (JSC::MarkedBlock::allocate): 56936 * heap/MarkedSpace.h: 56937 (JSC::MarkedSpace::sizeClassFor): 56938 (JSC::MarkedSpace::allocate): 56939 * runtime/JSCell.h: 56940 (JSC::JSCell::destructor): 56941 569422011-05-26 Geoffrey Garen <ggaren@apple.com> 56943 56944 Try to fix Windows build. 56945 56946 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 56947 569482011-05-26 Ryosuke Niwa <rniwa@webkit.org> 56949 56950 Reviewed by Eric Seidel. 56951 56952 [debug feature] WTFString should have show() method 56953 https://bugs.webkit.org/show_bug.cgi?id=61149 56954 56955 Added String::show and AtomicString::show in NDEBUG. 56956 56957 * wtf/text/AtomicString.cpp: 56958 (WTF::AtomicString::show): 56959 * wtf/text/AtomicString.h: 56960 * wtf/text/WTFString.cpp: 56961 (String::show): 56962 * wtf/text/WTFString.h: 56963 569642011-05-26 Geoffrey Garen <ggaren@apple.com> 56965 56966 Reviewed by Geoffrey Garen. 56967 56968 Factored out some Heap ASSERTs 56969 https://bugs.webkit.org/show_bug.cgi?id=61565 56970 56971 * JavaScriptCore.exp: 56972 * heap/Heap.cpp: 56973 (JSC::isValidSharedInstanceThreadState): 56974 (JSC::isValidThreadState): 56975 (JSC::Heap::markRoots): 56976 (JSC::Heap::isValidAllocation): 56977 * heap/Heap.h: 56978 * runtime/JSCell.h: 56979 (JSC::JSCell::Heap::allocate): 56980 569812011-05-26 Gavin Barraclough <barraclough@apple.com> 56982 56983 Reviewed by Geoff Garen. 56984 56985 https://bugs.webkit.org/show_bug.cgi?id=61508 56986 DFG JIT - Add support for get by id self caching. 56987 56988 Change the call out to be an unexpected call (using silent spill/fill functions), 56989 add a structure check & compact load to the JIT code, and add repatching mechanisms. 56990 Since DFGOperations may want to be be implemented in asm, make these symbols be extern 56991 "C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation, 56992 so that it can look up its StructureStubInfo. 56993 56994 * JavaScriptCore.xcodeproj/project.pbxproj: 56995 - Added new files. 56996 * bytecode/StructureStubInfo.h: 56997 - Added 'unset' entries to union. 56998 * dfg/DFGJITCodeGenerator.h: 56999 (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck): 57000 - Return the call, we need this to populate the StructureStubInfo. 57001 * dfg/DFGJITCompiler.cpp: 57002 (JSC::DFG::JITCompiler::compileFunction): 57003 - Populate the CodebBlock's StructureStubInfo Vector. 57004 * dfg/DFGJITCompiler.h: 57005 (JSC::DFG::JITCompiler::appendCallWithExceptionCheck): 57006 - Return the call, we need this to populate the StructureStubInfo. 57007 (JSC::DFG::JITCompiler::addPropertyAccess): 57008 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord): 57009 - Add structures to record property access info during compilation. 57010 * dfg/DFGOperations.cpp: 57011 - Made all external methods extern "C". 57012 (JSC::DFG::operationPutByValInternal): 57013 - Moved outside of the extern "C" block. 57014 * dfg/DFGOperations.h: 57015 - Made all external methods extern "C". 57016 * dfg/DFGRepatch.cpp: Added. 57017 (JSC::DFG::dfgRepatchCall): 57018 - repatch a call to link to a new callee function. 57019 (JSC::DFG::dfgRepatchGetByIdSelf): 57020 - Modify the JIT code to optimize self accesses. 57021 (JSC::DFG::tryCacheGetByID): 57022 - Internal implementation of dfgRepatchGetByID (factor out failing cases). 57023 (JSC::DFG::dfgRepatchGetByID): 57024 - Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses! 57025 * dfg/DFGRepatch.h: Added. 57026 - Expose dfgRepatchGetByID. 57027 * dfg/DFGSpeculativeJIT.cpp: 57028 (JSC::DFG::SpeculativeJIT::compile): 57029 - Changed implementation of GetById ops. 57030 570312011-05-26 Geoffrey Garen <ggaren@apple.com> 57032 57033 Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed. 57034 57035 * heap/MarkedBlock.cpp: 57036 (JSC::MarkedBlock::MarkedBlock): 57037 * heap/MarkedBlock.h: 57038 * wtf/DoublyLinkedList.h: 57039 (WTF::::DoublyLinkedListNode): 57040 (WTF::::setPrev): 57041 (WTF::::setNext): 57042 (WTF::::prev): 57043 (WTF::::next): 57044 (WTF::::DoublyLinkedList): 57045 (WTF::::isEmpty): 57046 (WTF::::size): 57047 (WTF::::clear): 57048 (WTF::::head): 57049 (WTF::::append): 57050 (WTF::::remove): 57051 (WTF::::removeHead): 57052 570532011-05-26 Geoffrey Garen <ggaren@apple.com> 57054 57055 Rolled out http://trac.webkit.org/changeset/87408 because it broke the 57056 Windows build. 57057 57058 * heap/MarkedBlock.cpp: 57059 (JSC::MarkedBlock::MarkedBlock): 57060 * heap/MarkedBlock.h: 57061 (JSC::MarkedBlock::setPrev): 57062 (JSC::MarkedBlock::setNext): 57063 (JSC::MarkedBlock::prev): 57064 (JSC::MarkedBlock::next): 57065 * wtf/DoublyLinkedList.h: 57066 (WTF::::DoublyLinkedList): 57067 (WTF::::isEmpty): 57068 (WTF::::head): 57069 (WTF::::append): 57070 (WTF::::remove): 57071 570722011-05-26 Geoffrey Garen <ggaren@apple.com> 57073 57074 Reviewed by Oliver Hunt. 57075 57076 Provide a real owner when copying a property table, for the sake of 57077 write barriers. 57078 https://bugs.webkit.org/show_bug.cgi?id=61547 57079 57080 No test because we can't enable the writeBarrier() ASSERT just yet. 57081 57082 * runtime/Structure.cpp: 57083 (JSC::Structure::addPropertyTransition): 57084 570852011-05-26 Adam Roben <aroben@apple.com> 57086 57087 Windows build fix after r87346 57088 57089 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match 57090 reality. 57091 570922011-05-26 Patrick Gansterer <paroga@webkit.org> 57093 57094 Reviewed by Adam Barth. 57095 57096 ASSERT(isMainThread()) when using single threaded jsc executable 57097 https://bugs.webkit.org/show_bug.cgi?id=60846 57098 57099 Remove the ASSERT since we do not have the concept of MainThread in JSC. 57100 57101 * wtf/CryptographicallyRandomNumber.cpp: 57102 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber): 57103 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues): 57104 571052011-05-25 Gavin Barraclough <barraclough@apple.com> 57106 57107 Reviewed by Sam Weinig. 57108 57109 https://bugs.webkit.org/show_bug.cgi?id=61506 57110 57111 Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator 57112 so that they are available to the SpeculativeJIT. 57113 57114 * dfg/DFGJITCodeGenerator.h: 57115 (JSC::DFG::JITCodeGenerator::silentSpillGPR): 57116 (JSC::DFG::JITCodeGenerator::silentSpillFPR): 57117 (JSC::DFG::JITCodeGenerator::silentFillGPR): 57118 (JSC::DFG::JITCodeGenerator::silentFillFPR): 57119 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters): 57120 (JSC::DFG::JITCodeGenerator::silentFillAllRegisters): 57121 * dfg/DFGNonSpeculativeJIT.h: 57122 571232011-05-25 Ryosuke Niwa <rniwa@webkit.org> 57124 57125 An attempt to revive Windows bots. 57126 57127 * runtime/RegExp.cpp: 57128 * runtime/RegExp.h: 57129 571302011-05-25 Gavin Barraclough <barraclough@apple.com> 57131 57132 Reviewed by Sam Weinig. 57133 57134 Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT 57135 57136 This data structure, used at runtime by the JIT, is currently unnecessarily populated 57137 with default entries during byte compilation. 57138 57139 Aside from meaning that there is JIT specific code in the bytecompiler, this also ties 57140 us to one entry per corresponding bytecode op, which may be undesirable. Instead, 57141 populate this array from the JIT. 57142 57143 The type StructureStubInfo has two unused states, one for gets & one for puts. Unify 57144 these, so that the class can have a default constructor (and to simply switch statements 57145 in code walking over the table). 57146 57147 This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure 57148 to check for functions containing property access. Instead do so in the DFGByteCodeParser. 57149 57150 * bytecode/CodeBlock.cpp: 57151 (JSC::printStructureStubInfo): 57152 * bytecode/CodeBlock.h: 57153 (JSC::CodeBlock::setNumberOfStructureStubInfos): 57154 (JSC::CodeBlock::numberOfStructureStubInfos): 57155 * bytecode/StructureStubInfo.cpp: 57156 (JSC::StructureStubInfo::deref): 57157 (JSC::StructureStubInfo::visitAggregate): 57158 * bytecode/StructureStubInfo.h: 57159 (JSC::StructureStubInfo::StructureStubInfo): 57160 * bytecompiler/BytecodeGenerator.cpp: 57161 (JSC::BytecodeGenerator::emitGetById): 57162 (JSC::BytecodeGenerator::emitPutById): 57163 (JSC::BytecodeGenerator::emitDirectPutById): 57164 * dfg/DFGByteCodeParser.cpp: 57165 (JSC::DFG::ByteCodeParser::parseBlock): 57166 * jit/JIT.cpp: 57167 (JSC::JIT::JIT): 57168 (JSC::JIT::privateCompileMainPass): 57169 (JSC::JIT::privateCompileSlowCases): 57170 (JSC::JIT::privateCompile): 57171 * jit/JIT.h: 57172 * jit/JITPropertyAccess.cpp: 57173 (JSC::JIT::emit_op_get_by_id): 57174 (JSC::JIT::emit_op_put_by_id): 57175 (JSC::JIT::emit_op_method_check): 57176 (JSC::JIT::compileGetByIdHotPath): 57177 (JSC::JIT::compileGetByIdSlowCase): 57178 (JSC::JIT::emitSlow_op_put_by_id): 57179 * jit/JITPropertyAccess32_64.cpp: 57180 (JSC::JIT::emit_op_get_by_id): 57181 (JSC::JIT::emitSlow_op_get_by_id): 57182 (JSC::JIT::emit_op_put_by_id): 57183 (JSC::JIT::emitSlow_op_put_by_id): 57184 (JSC::JIT::emit_op_method_check): 57185 (JSC::JIT::compileGetByIdHotPath): 57186 (JSC::JIT::compileGetByIdSlowCase): 57187 * runtime/Executable.cpp: 57188 (JSC::tryDFGCompile): 57189 571902011-05-25 Gavin Barraclough <barraclough@apple.com> 57191 57192 Reviewed by Sam Weinig. 57193 57194 Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods. 57195 57196 * assembler/AbstractMacroAssembler.h: 57197 (JSC::AbstractMacroAssembler::Call::Call): 57198 (JSC::AbstractMacroAssembler::Call::fromTailJump): 57199 (JSC::AbstractMacroAssembler::Jump::Jump): 57200 (JSC::AbstractMacroAssembler::Jump::link): 57201 (JSC::AbstractMacroAssembler::Jump::linkTo): 57202 (JSC::AbstractMacroAssembler::Jump::isSet): 57203 (JSC::AbstractMacroAssembler::differenceBetween): 57204 (JSC::AbstractMacroAssembler::linkJump): 57205 (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset): 57206 * assembler/LinkBuffer.h: 57207 (JSC::LinkBuffer::link): 57208 (JSC::LinkBuffer::locationOf): 57209 (JSC::LinkBuffer::locationOfNearCall): 57210 (JSC::LinkBuffer::returnAddressOffset): 57211 * assembler/MacroAssemblerARM.h: 57212 (JSC::MacroAssemblerARM::linkCall): 57213 * assembler/MacroAssemblerARMv7.h: 57214 (JSC::MacroAssemblerARMv7::linkCall): 57215 * assembler/MacroAssemblerMIPS.h: 57216 (JSC::MacroAssemblerMIPS::linkCall): 57217 * assembler/MacroAssemblerSH4.cpp: 57218 (JSC::MacroAssemblerSH4::linkCall): 57219 * assembler/MacroAssemblerX86.h: 57220 (JSC::MacroAssemblerX86::linkCall): 57221 * assembler/MacroAssemblerX86_64.h: 57222 (JSC::MacroAssemblerX86_64::linkCall): 57223 572242011-05-25 Gavin Barraclough <barraclough@apple.com> 57225 57226 Reviewed by Sam Weinig. 57227 57228 https://bugs.webkit.org/show_bug.cgi?id=61500 57229 Add JSObject::offsetOfPropertyStorage 57230 57231 * jit/JITPropertyAccess.cpp: 57232 (JSC::JIT::compileGetDirectOffset): 57233 (JSC::JIT::compileGetByIdHotPath): 57234 (JSC::JIT::emit_op_put_by_id): 57235 (JSC::JIT::compilePutDirectOffset): 57236 * jit/JITPropertyAccess32_64.cpp: 57237 (JSC::JIT::compileGetByIdHotPath): 57238 (JSC::JIT::emit_op_put_by_id): 57239 (JSC::JIT::compilePutDirectOffset): 57240 (JSC::JIT::compileGetDirectOffset): 57241 * runtime/JSObject.h: 57242 (JSC::JSObject::offsetOfPropertyStorage): 57243 572442011-05-25 Oliver Hunt <oliver@apple.com> 57245 57246 Reviewed by Geoffrey Garen. 57247 57248 Make RegExp GC allocated 57249 https://bugs.webkit.org/show_bug.cgi?id=61490 57250 57251 Make RegExp GC allocated. Basically mechanical change to replace 57252 most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp> 57253 where actual ownership happens. 57254 57255 Made the RegExpCache use Strong<> references currently to avoid any 57256 changes in behaviour. 57257 57258 * JavaScriptCore.exp: 57259 * bytecode/CodeBlock.cpp: 57260 (JSC::CodeBlock::visitAggregate): 57261 * bytecode/CodeBlock.h: 57262 (JSC::CodeBlock::addRegExp): 57263 * bytecompiler/BytecodeGenerator.cpp: 57264 (JSC::BytecodeGenerator::addRegExp): 57265 (JSC::BytecodeGenerator::emitNewRegExp): 57266 * bytecompiler/BytecodeGenerator.h: 57267 * runtime/JSCell.h: 57268 * runtime/JSGlobalData.cpp: 57269 (JSC::JSGlobalData::JSGlobalData): 57270 (JSC::JSGlobalData::clearBuiltinStructures): 57271 (JSC::JSGlobalData::addRegExpToTrace): 57272 * runtime/JSGlobalData.h: 57273 * runtime/JSGlobalObject.cpp: 57274 (JSC::JSGlobalObject::reset): 57275 * runtime/RegExp.cpp: 57276 (JSC::RegExp::RegExp): 57277 (JSC::RegExp::create): 57278 (JSC::RegExp::invalidateCode): 57279 * runtime/RegExp.h: 57280 (JSC::RegExp::createStructure): 57281 * runtime/RegExpCache.cpp: 57282 (JSC::RegExpCache::lookupOrCreate): 57283 (JSC::RegExpCache::create): 57284 * runtime/RegExpCache.h: 57285 * runtime/RegExpConstructor.cpp: 57286 (JSC::constructRegExp): 57287 * runtime/RegExpObject.cpp: 57288 (JSC::RegExpObject::RegExpObject): 57289 (JSC::RegExpObject::visitChildren): 57290 * runtime/RegExpObject.h: 57291 (JSC::RegExpObject::setRegExp): 57292 (JSC::RegExpObject::RegExpObjectData::RegExpObjectData): 57293 * runtime/RegExpPrototype.cpp: 57294 (JSC::RegExpPrototype::RegExpPrototype): 57295 (JSC::regExpProtoFuncCompile): 57296 * runtime/RegExpPrototype.h: 57297 * runtime/StringPrototype.cpp: 57298 (JSC::stringProtoFuncMatch): 57299 (JSC::stringProtoFuncSearch): 57300 573012011-05-25 Oliver Hunt <oliver@apple.com> 57302 57303 Reviewed by Geoffrey Garen. 57304 57305 Generate regexp code lazily 57306 https://bugs.webkit.org/show_bug.cgi?id=61476 57307 57308 RegExp construction now simply validates the RegExp, it does 57309 not perform actual codegen. 57310 57311 * runtime/RegExp.cpp: 57312 (JSC::RegExp::RegExp): 57313 (JSC::RegExp::recompile): 57314 (JSC::RegExp::compile): 57315 (JSC::RegExp::match): 57316 * runtime/RegExp.h: 57317 (JSC::RegExp::recompileIfNecessary): 57318 * runtime/RegExpConstructor.h: 57319 (JSC::RegExpConstructor::performMatch): 57320 * runtime/RegExpObject.cpp: 57321 (JSC::RegExpObject::match): 57322 * runtime/StringPrototype.cpp: 57323 (JSC::stringProtoFuncReplace): 57324 (JSC::stringProtoFuncMatch): 57325 (JSC::stringProtoFuncSearch): 57326 (JSC::stringProtoFuncSplit): 57327 573282011-05-24 Geoffrey Garen <ggaren@apple.com> 57329 57330 Reviewed by Geoffrey Garen. 57331 57332 Removed MarkSetProperties because it was unused 57333 https://bugs.webkit.org/show_bug.cgi?id=61418 57334 57335 * heap/MarkStack.h: 57336 (JSC::MarkSet::MarkSet): 57337 (JSC::MarkStack::append): 57338 * runtime/JSActivation.cpp: 57339 (JSC::JSActivation::visitChildren): 57340 * runtime/JSArray.h: 57341 (JSC::JSArray::visitChildrenDirect): 57342 * runtime/JSPropertyNameIterator.cpp: 57343 (JSC::JSPropertyNameIterator::visitChildren): 57344 * runtime/WriteBarrier.h: 57345 (JSC::MarkStack::appendValues): 57346 573472011-05-25 Oliver Hunt <oliver@apple.com> 57348 57349 Reviewed by Geoffrey Garen. 57350 57351 Make allocations with guard pages ensure that the allocation succeeded 57352 https://bugs.webkit.org/show_bug.cgi?id=61453 57353 57354 Add null checks, and make PageBlock's operator bool() use 57355 the realbase, rather than the start of usable memory. 57356 57357 * wtf/OSAllocatorPosix.cpp: 57358 (WTF::OSAllocator::reserveAndCommit): 57359 * wtf/PageBlock.h: 57360 (WTF::PageBlock::operator bool): 57361 (WTF::PageBlock::PageBlock): 57362 573632011-04-10 Kevin Ollivier <kevino@theolliviers.com> 57364 57365 Reviewed by Eric Seidel. 57366 57367 Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers. 57368 57369 https://bugs.webkit.org/show_bug.cgi?id=27551 57370 57371 * bytecompiler/BytecodeGenerator.h: 57372 573732011-05-24 Keishi Hattori <keishi@webkit.org> 57374 57375 Reviewed by Kent Tamura. 57376 57377 Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer. 57378 https://bugs.webkit.org/show_bug.cgi?id=61273 57379 57380 * Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag. 57381 573822011-05-24 Kevin Ollivier <kevino@theolliviers.com> 57383 57384 Reviewed by Eric Seidel. 57385 57386 Add export macros to WTFString.h. 57387 57388 https://bugs.webkit.org/show_bug.cgi?id=27551 57389 57390 * wtf/text/WTFString.h: 57391 (WTF::String::String): 57392 (WTF::String::findIgnoringCase): 57393 (WTF::String::isHashTableDeletedValue): 57394 573952011-05-24 Geoffrey Garen <ggaren@apple.com> 57396 57397 Maybe fix the Mac build now? 57398 57399 * JavaScriptCore.xcodeproj/project.pbxproj: 57400 574012011-05-24 Geoffrey Garen <ggaren@apple.com> 57402 57403 Maybe fix the Mac build? 57404 57405 * JavaScriptCore.xcodeproj/project.pbxproj: 57406 574072011-05-24 Geoffrey Garen <ggaren@apple.com> 57408 57409 Reviewed by Oliver Hunt. 57410 57411 Split HeapRootVisitor into its own class 57412 https://bugs.webkit.org/show_bug.cgi?id=61399 57413 57414 * GNUmakefile.list.am: 57415 * JavaScriptCore.gypi: 57416 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 57417 * JavaScriptCore.xcodeproj/project.pbxproj: 57418 * heap/HandleHeap.cpp: 57419 * heap/HandleStack.cpp: 57420 * heap/Heap.cpp: 57421 * heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h. 57422 * heap/MarkStack.h: 57423 * runtime/ArgList.cpp: 57424 * runtime/SmallStrings.cpp: 57425 574262011-05-24 Jay Civelli <jcivelli@chromium.org> 57427 57428 Rubberstamped by David Kilzer. 57429 57430 Updated some files that I forgot in my previous MHTML CL. 57431 57432 * Configurations/FeatureDefines.xcconfig: 57433 574342011-05-24 Geoffrey Garen <ggaren@apple.com> 57435 57436 Fix the Mac build: Yes, please do remove these files, svn. 57437 57438 * JavaScriptCore.xcodeproj/project.pbxproj: 57439 574402011-05-24 Geoffrey Garen <ggaren@apple.com> 57441 57442 Reviewed by Oliver Hunt. 57443 57444 Let's just have one way to get the system page size, bokay? 57445 https://bugs.webkit.org/show_bug.cgi?id=61384 57446 57447 * CMakeListsEfl.txt: 57448 * CMakeListsWinCE.txt: 57449 * GNUmakefile.list.am: 57450 * JavaScriptCore.exp: 57451 * JavaScriptCore.gypi: 57452 * JavaScriptCore.pro: 57453 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp 57454 is gone completely now, since it only existed to provide a duplicate way 57455 to access the system page size. 57456 57457 * heap/MarkStack.cpp: 57458 (JSC::MarkStack::reset): 57459 * heap/MarkStack.h: 57460 (JSC::::MarkStackArray): 57461 (JSC::::shrinkAllocation): Use WTF::pageSize. 57462 57463 * heap/MarkStackPosix.cpp: 57464 * heap/MarkStackSymbian.cpp: 57465 * heap/MarkStackWin.cpp: Removed now-empty files. 57466 57467 * jit/ExecutableAllocator.cpp: 57468 (JSC::ExecutableAllocator::reprotectRegion): 57469 * jit/ExecutableAllocator.h: 57470 (JSC::ExecutableAllocator::ExecutableAllocator): 57471 (JSC::ExecutablePool::ExecutablePool): 57472 (JSC::ExecutablePool::poolAllocate): 57473 * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize. 57474 57475 * wscript: Removed now-empty files. 57476 57477 * wtf/PageBlock.cpp: 57478 (WTF::systemPageSize): Integrated questionable Symbian page size rule 57479 from ExecutableAllocator, because that seems like what the original 57480 author should have done. 57481 574822011-05-24 Oliver Hunt <oliver@apple.com> 57483 57484 Reviewed by Gavin Barraclough. 57485 57486 Interpreter crashes with gc validation enabled due to failure to mark initial cache structure 57487 https://bugs.webkit.org/show_bug.cgi?id=61385 57488 57489 The interpreter uses the structure slot of get_by_id and put_by_id to hold 57490 the initial structure it encountered so that it can identify whether a 57491 given access is stable. 57492 57493 When marking though we only visit the slot when we've decided to cache, and 57494 so this value could die. This was "safe" as the value was only used for a 57495 pointer compare, but it was incorrect. We now just mark the slot like we 57496 should have been doing already. 57497 57498 * bytecode/CodeBlock.cpp: 57499 (JSC::CodeBlock::visitStructures): 57500 575012011-05-24 Adam Roben <aroben@apple.com> 57502 57503 Windows build fix 57504 57505 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions. 57506 575072011-05-24 Geoffrey Garen <ggaren@apple.com> 57508 57509 Windows build fix: update the #if OS(WINDOWS) section to match my last patch. 57510 57511 * heap/MarkStack.h: 57512 (JSC::::shrinkAllocation): 57513 575142011-05-24 Geoffrey Garen <ggaren@apple.com> 57515 57516 Rubber-stamped by Oliver Hunt. 57517 57518 Split out function definitions and class definitions from class 57519 declarations in MarkStack.h, for readability. 57520 57521 * heap/MarkStack.h: 57522 (JSC::MarkStack::MarkStack): 57523 (JSC::MarkStack::~MarkStack): 57524 (JSC::MarkStack::addOpaqueRoot): 57525 (JSC::MarkStack::containsOpaqueRoot): 57526 (JSC::MarkStack::opaqueRootCount): 57527 (JSC::MarkSet::MarkSet): 57528 (JSC::MarkStack::allocateStack): 57529 (JSC::MarkStack::releaseStack): 57530 (JSC::MarkStack::pageSize): 57531 (JSC::::MarkStackArray): 57532 (JSC::::~MarkStackArray): 57533 (JSC::::expand): 57534 (JSC::::append): 57535 (JSC::::removeLast): 57536 (JSC::::last): 57537 (JSC::::isEmpty): 57538 (JSC::::size): 57539 (JSC::::shrinkAllocation): 57540 575412011-05-24 Oliver Hunt <oliver@apple.com> 57542 57543 Reviewed by Geoffrey Garen. 57544 57545 Avoid creating unnecessary identifiers and strings in the syntax checker 57546 https://bugs.webkit.org/show_bug.cgi?id=61378 57547 57548 Selectively tell the lexer that there are some places it does not need to 57549 do the real work of creating Identifiers for IDENT and STRING tokens. 57550 57551 Make parseString and parseIdentifier templatized on whether they should 57552 do real work, or merely validate the tokens. 57553 57554 SunSpider --parse-only reports ~5-8% win depending on hardware. 57555 57556 * parser/ASTBuilder.h: 57557 (JSC::ASTBuilder::createDotAccess): 57558 * parser/JSParser.cpp: 57559 (JSC::JSParser::next): 57560 (JSC::JSParser::consume): 57561 (JSC::JSParser::parseVarDeclarationList): 57562 (JSC::JSParser::parseConstDeclarationList): 57563 (JSC::JSParser::parseExpression): 57564 (JSC::JSParser::parseAssignmentExpression): 57565 (JSC::JSParser::parseConditionalExpression): 57566 (JSC::JSParser::parseBinaryExpression): 57567 (JSC::JSParser::parseProperty): 57568 (JSC::JSParser::parseObjectLiteral): 57569 (JSC::JSParser::parseArrayLiteral): 57570 (JSC::JSParser::parseArguments): 57571 (JSC::JSParser::parseMemberExpression): 57572 * parser/Lexer.cpp: 57573 (JSC::Lexer::parseIdentifier): 57574 (JSC::Lexer::parseString): 57575 (JSC::Lexer::lex): 57576 * parser/Lexer.h: 57577 * parser/SyntaxChecker.h: 57578 (JSC::SyntaxChecker::createDotAccess): 57579 (JSC::SyntaxChecker::createProperty): 57580 575812011-05-23 Michael Saboff <msaboff@apple.com> 57582 57583 Reviewed by Mark Rowe. 57584 57585 Safari often freezes when clicking "Return free memory" in Caches dialog 57586 https://bugs.webkit.org/show_bug.cgi?id=61325 57587 57588 There are two fixes and improvement in instrumentation code used to find 57589 one of the problems. 57590 Changed ReleaseFreeList() to set the "decommitted" bit when releasing 57591 pages to the system and moving Spans from the normal list to the returned 57592 list. 57593 Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge 57594 to eliminate an infinite loop if we can't meet the pagesToRelease target. 57595 Added a check for the decommitted bit being set properly in 57596 TCMalloc_PageHeap::CheckList. 57597 57598 * wtf/FastMalloc.cpp: 57599 (WTF::TCMalloc_PageHeap::scavenge): 57600 (WTF::TCMalloc_PageHeap::Check): 57601 (WTF::TCMalloc_PageHeap::CheckList): 57602 (WTF::ReleaseFreeList): 57603 576042011-05-23 Gavin Barraclough <barraclough@apple.com> 57605 57606 Reviewed by Geoff Garen. 57607 57608 https://bugs.webkit.org/show_bug.cgi?id=61306 57609 57610 The begin characters optimization currently has issues (#61129), 57611 and does not appear to still be a performance win. The prudent 57612 next step seems to be to disable while we ascertain whether this 57613 is still a useful performance optimization. 57614 57615 * yarr/YarrInterpreter.cpp: 57616 (JSC::Yarr::Interpreter::matchDisjunction): 57617 (JSC::Yarr::Interpreter::interpret): 57618 * yarr/YarrInterpreter.h: 57619 (JSC::Yarr::BytecodePattern::BytecodePattern): 57620 * yarr/YarrPattern.cpp: 57621 (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor): 57622 (JSC::Yarr::YarrPattern::compile): 57623 (JSC::Yarr::YarrPattern::YarrPattern): 57624 * yarr/YarrPattern.h: 57625 (JSC::Yarr::YarrPattern::reset): 57626 576272011-05-23 Matthew Delaney <mdelaney@apple.com> 57628 57629 Reviewed by Simon Fraser. 57630 57631 Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger() 57632 https://bugs.webkit.org/show_bug.cgi?id=58216 57633 57634 * wtf/MathExtras.h: 57635 (clampToInteger): 57636 (clampToPositiveInteger): 57637 576382011-05-23 Ruben <chromium@hybridsource.org> 57639 57640 Reviewed by Tony Chang. 57641 57642 Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix 57643 https://bugs.webkit.org/show_bug.cgi?id=61219 57644 57645 * JavaScriptCore.gyp/JavaScriptCore.gyp: 57646 576472011-05-23 Thouraya ANDOLSI <thouraya.andolsi@st.com> 57648 57649 Reviewed by Gavin Barraclough. 57650 57651 [SH4] AssemblerLabel does not name a type 57652 https://bugs.webkit.org/show_bug.cgi?id=59927 57653 57654 SH4Assembler.h file shoold be included before AbstractMacroAssembler.h. 57655 57656 * assembler/MacroAssemblerSH4.h: 57657 576582011-05-23 Ryuan Choi <ryuan.choi@samsung.com> 57659 57660 Rubber stamped by Eric Seidel. 57661 57662 [CMAKE] Refactoring wtf related code. 57663 https://bugs.webkit.org/show_bug.cgi?id=60146 57664 57665 Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt. 57666 57667 * CMakeLists.txt: 57668 * CMakeListsEfl.txt: 57669 * wtf/CMakeLists.txt: 57670 * wtf/CMakeListsEfl.txt: 57671 576722011-05-22 Adam Barth <abarth@webkit.org> 57673 57674 Enable strict PassOwnPtr for everyone. I expect this patch will need 57675 some followups to make the GTK and EFL bots green again. 57676 57677 * wtf/PassOwnPtr.h: 57678 576792011-05-20 Oliver Hunt <oliver@apple.com> 57680 57681 Reviewed by Gavin Barraclough. 57682 57683 Reduce size of inline cache path of get_by_id on ARMv7 57684 https://bugs.webkit.org/show_bug.cgi?id=61221 57685 57686 This reduces the code size of get_by_id by 20 bytes 57687 57688 * assembler/ARMv7Assembler.h: 57689 (JSC::ARMv7Assembler::ldrCompact): 57690 (JSC::ARMv7Assembler::repatchCompact): 57691 (JSC::ARMv7Assembler::setUInt7ForLoad): 57692 * assembler/MacroAssemblerARMv7.h: 57693 (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch): 57694 * jit/JIT.h: 57695 576962011-05-20 Zoltan Herczeg <zherczeg@inf.u-szeged.hu> 57697 57698 Reviewed by Oliver Hunt. 57699 57700 Zombies should "live" forever 57701 https://bugs.webkit.org/show_bug.cgi?id=61170 57702 57703 Reusing zombie cells could still hide garbage 57704 collected cell related bugs. 57705 57706 * JavaScriptCore.pro: 57707 * heap/MarkedBlock.cpp: 57708 (JSC::MarkedBlock::clearMarks): 57709 * heap/MarkedBlock.h: 57710 * heap/MarkedSpace.cpp: 57711 (JSC::MarkedSpace::destroy): 57712 * runtime/JSCell.h: 57713 (JSC::JSCell::JSValue::isZombie): 57714 * runtime/JSZombie.h: 57715 (JSC::JSZombie::~JSZombie): 57716 * runtime/WriteBarrier.h: 57717 (JSC::WriteBarrierBase::setWithoutWriteBarrier): 57718 577192011-05-20 Brady Eidson <beidson@apple.com> 57720 57721 Reviewed by Sam Weinig. 57722 57723 <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203 57724 Horrendous bug in callOnMainThreadAndWait 57725 57726 * wtf/MainThread.cpp: 57727 (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the 57728 syncFlag condition, reacquire the mutex first. 57729 577302011-05-20 Oliver Hunt <oliver@apple.com> 57731 57732 Reviewed by Sam Weinig. 57733 57734 Remove unnecessary double->int conversion at the end of op_div 57735 https://bugs.webkit.org/show_bug.cgi?id=61198 57736 57737 We don't attempt this conversion on 64bit, removing it actually speeds 57738 up sunspider and v8 slightly, and it reduces code size. 57739 57740 * jit/JITArithmetic32_64.cpp: 57741 (JSC::JIT::emit_op_div): 57742 577432011-05-19 Evan Martin <evan@chromium.org> 57744 57745 Reviewed by Tony Chang. 57746 57747 [chromium] remove <(library) variable 57748 https://bugs.webkit.org/show_bug.cgi?id=61158 57749 57750 This was for a build experiment; we can just use the correct value now. 57751 57752 * JavaScriptCore.gyp/JavaScriptCore.gyp: 57753 577542011-05-20 Oliver Hunt <oliver@apple.com> 57755 57756 Reviewed by Sam Weinig. 57757 57758 Interpreter uses wrong bytecode offset for determining exception handler 57759 https://bugs.webkit.org/show_bug.cgi?id=61191 57760 57761 The bytecode offset given for the returnPC from the JIT is 57762 actually the offset for the start of the instruction triggering 57763 the call, whereas in the interpreter it is the actual return 57764 VPC. This means if the next instruction following a call was 57765 in an exception region we would incorrectly redirect to its 57766 handler. Long term we want to completely redo how exceptions 57767 are handled anyway so the simplest and lowest risk fix here is 57768 to simply subtract one from the return vPC so that we have an 57769 offset in the triggering instruction. 57770 57771 It turns out this is caught by a couple of tests already. 57772 57773 * interpreter/Interpreter.cpp: 57774 (JSC::Interpreter::unwindCallFrame): 57775 577762011-05-20 Xan Lopez <xlopez@igalia.com> 57777 57778 Reviewed by Oliver Hunt. 57779 57780 JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap? 57781 https://bugs.webkit.org/show_bug.cgi?id=42756 57782 57783 Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel 57784 check of the available memory. This should give us an 57785 overcommit-like behavior in most systems, which is what we want. 57786 57787 * wtf/OSAllocatorPosix.cpp: 57788 (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap. 57789 577902011-05-19 Gabor Loki <loki@webkit.org> 57791 57792 Fix ARM build after r86919 57793 57794 * assembler/ARMAssembler.h: 57795 (JSC::ARMAssembler::nop): 57796 577972011-05-19 Oliver Hunt <oliver@apple.com> 57798 57799 Reviewed by Gavin Barraclough. 57800 57801 Randomise code starting location a little 57802 https://bugs.webkit.org/show_bug.cgi?id=61161 57803 57804 Add a nop() function to the Assemblers so that we 57805 can randomise code offsets slightly at no real cost. 57806 57807 * assembler/ARMAssembler.h: 57808 (JSC::ARMAssembler::nop): 57809 * assembler/ARMv7Assembler.h: 57810 (JSC::ARMv7Assembler::nop): 57811 * assembler/MacroAssemblerARM.h: 57812 (JSC::MacroAssemblerARM::nop): 57813 * assembler/MacroAssemblerARMv7.h: 57814 (JSC::MacroAssemblerARMv7::nop): 57815 * assembler/MacroAssemblerMIPS.h: 57816 (JSC::MacroAssemblerMIPS::nop): 57817 * assembler/MacroAssemblerSH4.h: 57818 (JSC::MacroAssemblerSH4::nop): 57819 * assembler/MacroAssemblerX86Common.h: 57820 (JSC::MacroAssemblerX86Common::nop): 57821 * assembler/X86Assembler.h: 57822 (JSC::X86Assembler::nop): 57823 * jit/JIT.cpp: 57824 (JSC::JIT::JIT): 57825 (JSC::JIT::privateCompile): 57826 * jit/JIT.h: 57827 * runtime/WeakRandom.h: 57828 (JSC::WeakRandom::getUint32): 57829 578302011-05-19 Oliver Hunt <oliver@apple.com> 57831 57832 Fix windows build. 57833 57834 * wtf/OSAllocatorWin.cpp: 57835 (WTF::OSAllocator::reserveUncommitted): 57836 (WTF::OSAllocator::reserveAndCommit): 57837 578382011-05-19 Oliver Hunt <oliver@apple.com> 57839 57840 Reviewed by Gavin Barraclough. 57841 57842 Add guard pages to each end of the memory region used by the fixedvm allocator 57843 https://bugs.webkit.org/show_bug.cgi?id=61150 57844 57845 Add mechanism to notify the OSAllocator that pages at either end of an 57846 allocation should be considered guard pages. Update PageReservation, 57847 PageAllocation, etc to handle this. 57848 57849 * JavaScriptCore.exp: 57850 * jit/ExecutableAllocatorFixedVMPool.cpp: 57851 (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator): 57852 * wtf/OSAllocator.h: 57853 * wtf/OSAllocatorPosix.cpp: 57854 (WTF::OSAllocator::reserveUncommitted): 57855 (WTF::OSAllocator::reserveAndCommit): 57856 * wtf/PageAllocation.h: 57857 (WTF::PageAllocation::PageAllocation): 57858 * wtf/PageAllocationAligned.h: 57859 (WTF::PageAllocationAligned::PageAllocationAligned): 57860 * wtf/PageBlock.h: 57861 (WTF::PageBlock::PageBlock): 57862 * wtf/PageReservation.h: 57863 (WTF::PageReservation::reserve): 57864 (WTF::PageReservation::reserveWithGuardPages): 57865 Add a new function to make a reservation that will add guard 57866 pages to the ends of an allocation. 57867 (WTF::PageReservation::PageReservation): 57868 578692011-05-19 Oliver Hunt <oliver@apple.com> 57870 57871 Reviewed by Geoffrey Garen. 57872 57873 Make Executables release their JIT code as soon as they become dead 57874 https://bugs.webkit.org/show_bug.cgi?id=61134 57875 57876 Add an ability to clear an Executable's jit code without requiring 57877 it to be destroyed, and then call that from a finalizer. 57878 57879 * heap/Weak.h: 57880 (JSC::Weak::Weak): 57881 (JSC::Weak::leak): 57882 * jit/JITCode.h: 57883 (JSC::JITCode::clear): 57884 * runtime/Executable.cpp: 57885 (JSC::ExecutableFinalizer::finalize): 57886 (JSC::ExecutableBase::executableFinalizer): 57887 * runtime/Executable.h: 57888 (JSC::ExecutableBase::ExecutableBase): 57889 (JSC::ExecutableBase::clearExecutableCode): 57890 578912011-05-19 Adam Roben <aroben@apple.com> 57892 57893 Remove a redundant and broken data export 57894 57895 Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The 57896 JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading 57897 to a linker warning about multiple definitions.) 57898 57899 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info. 57900 579012011-05-18 Oliver Hunt <oliver@apple.com> 57902 57903 Reviewed by Gavin Barraclough. 57904 57905 Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests) 57906 https://bugs.webkit.org/show_bug.cgi?id=61064 57907 57908 Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<> 57909 for its inline storage. This resolves the problem of GC occurring before 57910 a subclass has initialised its anonymous storage. 57911 57912 * runtime/JSObject.h: 57913 579142011-05-18 Adam Barth <abarth@webkit.org> 57915 57916 Reviewed by Sam Weinig. 57917 57918 Delete WTFURL 57919 https://bugs.webkit.org/show_bug.cgi?id=61084 57920 57921 It's been a year and we've failed to complete this project. It's time 57922 to throw in the towel. 57923 57924 * JavaScriptCore.xcodeproj/project.pbxproj: 57925 * wtf/url: Removed. 57926 * wtf/url/api: Removed. 57927 * wtf/url/api/ParsedURL.cpp: Removed. 57928 * wtf/url/api/ParsedURL.h: Removed. 57929 * wtf/url/api/URLString.h: Removed. 57930 * wtf/url/src: Removed. 57931 * wtf/url/src/RawURLBuffer.h: Removed. 57932 * wtf/url/src/URLBuffer.h: Removed. 57933 * wtf/url/src/URLCharacterTypes.cpp: Removed. 57934 * wtf/url/src/URLCharacterTypes.h: Removed. 57935 * wtf/url/src/URLComponent.h: Removed. 57936 * wtf/url/src/URLEscape.cpp: Removed. 57937 * wtf/url/src/URLEscape.h: Removed. 57938 * wtf/url/src/URLParser.h: Removed. 57939 * wtf/url/src/URLQueryCanonicalizer.h: Removed. 57940 * wtf/url/src/URLSegments.cpp: Removed. 57941 * wtf/url/src/URLSegments.h: Removed. 57942 * wtf/url/wtfurl.gyp: Removed. 57943 579442011-05-18 Oliver Hunt <oliver@apple.com> 57945 57946 Reviewed by Sam Weinig. 57947 57948 JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption 57949 https://bugs.webkit.org/show_bug.cgi?id=61090 57950 57951 Remove the Structure-free JSGlobalObject constructor and instead always 57952 pass the structure into the JSGlobalObject constructor. 57953 Stop DebuggerActivation creating a new structure every time, and simply 57954 use a single shared structure held by the GlobalData. 57955 57956 * API/JSContextRef.cpp: 57957 * debugger/DebuggerActivation.cpp: 57958 (JSC::DebuggerActivation::DebuggerActivation): 57959 * jsc.cpp: 57960 (GlobalObject::GlobalObject): 57961 (functionRun): 57962 (jscmain): 57963 * runtime/JSGlobalData.cpp: 57964 (JSC::JSGlobalData::JSGlobalData): 57965 (JSC::JSGlobalData::clearBuiltinStructures): 57966 * runtime/JSGlobalData.h: 57967 * runtime/JSGlobalObject.h: 57968 579692011-05-18 Oliver Hunt <oliver@apple.com> 57970 57971 Reviewed by Adam Roben. 57972 57973 Disable gc validation in release builds 57974 https://bugs.webkit.org/show_bug.cgi?id=60680 57975 57976 Add back the NDEBUG check 57977 57978 * wtf/Platform.h: 57979 579802011-05-17 Geoffrey Garen <ggaren@apple.com> 57981 57982 Rolled out attempts to fix EFL build because they're not enough -- the 57983 build script needs to be fixed. 57984 57985 * runtime/BooleanPrototype.cpp: 57986 * runtime/DateConstructor.cpp: 57987 * runtime/ErrorPrototype.cpp: 57988 579892011-05-17 Geoffrey Garen <ggaren@apple.com> 57990 57991 More attempts to work around the EFL build system being borken. 57992 57993 * runtime/DateConstructor.cpp: 57994 * runtime/ErrorPrototype.cpp: 57995 579962011-05-17 Geoffrey Garen <ggaren@apple.com> 57997 57998 Try to fix the EFL build. 57999 58000 * runtime/BooleanPrototype.cpp: 58001 580022011-05-16 Geoffrey Garen <ggaren@apple.com> 58003 58004 Rolling back in r86653 with build fixed. 58005 58006 Reviewed by Gavin Barraclough and Oliver Hunt. 58007 58008 Global object initialization is expensive 58009 https://bugs.webkit.org/show_bug.cgi?id=60933 58010 58011 Changed a bunch of globals to allocate their properties lazily, and changed 58012 the global object to allocate a bunch of its globals lazily. 58013 58014 This reduces the footprint of a global object from 287 objects with 58 58015 functions for 24K to 173 objects with 20 functions for 15K. 58016 58017 Large patch, but it's all mechanical. 58018 58019 * DerivedSources.make: 58020 * JavaScriptCore.exp: Build! 58021 58022 * create_hash_table: Added a special case for fromCharCode, since it uses 58023 a custom "thunk generator". 58024 58025 * heap/Heap.cpp: 58026 (JSC::TypeCounter::operator()): Fixed a bug where the type counter would 58027 overcount objects that were owned through more than one mechanism because 58028 it was getting in the way of counting the results for this patch. 58029 58030 * interpreter/CallFrame.h: 58031 (JSC::ExecState::arrayConstructorTable): 58032 (JSC::ExecState::arrayPrototypeTable): 58033 (JSC::ExecState::booleanPrototypeTable): 58034 (JSC::ExecState::dateConstructorTable): 58035 (JSC::ExecState::errorPrototypeTable): 58036 (JSC::ExecState::globalObjectTable): 58037 (JSC::ExecState::numberConstructorTable): 58038 (JSC::ExecState::numberPrototypeTable): 58039 (JSC::ExecState::objectPrototypeTable): 58040 (JSC::ExecState::regExpPrototypeTable): 58041 (JSC::ExecState::stringConstructorTable): Added new tables. 58042 58043 * runtime/ArrayConstructor.cpp: 58044 (JSC::ArrayConstructor::ArrayConstructor): 58045 (JSC::ArrayConstructor::getOwnPropertySlot): 58046 (JSC::ArrayConstructor::getOwnPropertyDescriptor): 58047 * runtime/ArrayConstructor.h: 58048 (JSC::ArrayConstructor::createStructure): 58049 * runtime/ArrayPrototype.cpp: 58050 (JSC::ArrayPrototype::getOwnPropertySlot): 58051 (JSC::ArrayPrototype::getOwnPropertyDescriptor): 58052 * runtime/ArrayPrototype.h: 58053 * runtime/BooleanPrototype.cpp: 58054 (JSC::BooleanPrototype::BooleanPrototype): 58055 (JSC::BooleanPrototype::getOwnPropertySlot): 58056 (JSC::BooleanPrototype::getOwnPropertyDescriptor): 58057 * runtime/BooleanPrototype.h: 58058 (JSC::BooleanPrototype::createStructure): 58059 * runtime/DateConstructor.cpp: 58060 (JSC::DateConstructor::DateConstructor): 58061 (JSC::DateConstructor::getOwnPropertySlot): 58062 (JSC::DateConstructor::getOwnPropertyDescriptor): 58063 * runtime/DateConstructor.h: 58064 (JSC::DateConstructor::createStructure): 58065 * runtime/ErrorPrototype.cpp: 58066 (JSC::ErrorPrototype::ErrorPrototype): 58067 (JSC::ErrorPrototype::getOwnPropertySlot): 58068 (JSC::ErrorPrototype::getOwnPropertyDescriptor): 58069 * runtime/ErrorPrototype.h: 58070 (JSC::ErrorPrototype::createStructure): Standardized these objects 58071 to use static tables for function properties. 58072 58073 * runtime/JSGlobalData.cpp: 58074 (JSC::JSGlobalData::JSGlobalData): 58075 (JSC::JSGlobalData::~JSGlobalData): 58076 * runtime/JSGlobalData.h: Added new tables. 58077 58078 * runtime/JSGlobalObject.cpp: 58079 (JSC::JSGlobalObject::reset): 58080 (JSC::JSGlobalObject::addStaticGlobals): 58081 (JSC::JSGlobalObject::getOwnPropertySlot): 58082 (JSC::JSGlobalObject::getOwnPropertyDescriptor): 58083 * runtime/JSGlobalObject.h: 58084 * runtime/JSGlobalObjectFunctions.cpp: 58085 * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a 58086 static table for its global functions. This required uninlining some 58087 things to avoid a circular header dependency. However, those things 58088 probably shouldn't have been inlined in the first place. 58089 58090 Even more global object properties can be made lazy, but that requires 58091 more in-depth changes. 58092 58093 * runtime/MathObject.cpp: 58094 * runtime/NumberConstructor.cpp: 58095 (JSC::NumberConstructor::getOwnPropertySlot): 58096 (JSC::NumberConstructor::getOwnPropertyDescriptor): 58097 * runtime/NumberPrototype.cpp: 58098 (JSC::NumberPrototype::NumberPrototype): 58099 (JSC::NumberPrototype::getOwnPropertySlot): 58100 (JSC::NumberPrototype::getOwnPropertyDescriptor): 58101 * runtime/NumberPrototype.h: 58102 (JSC::NumberPrototype::createStructure): 58103 * runtime/ObjectPrototype.cpp: 58104 (JSC::ObjectPrototype::ObjectPrototype): 58105 (JSC::ObjectPrototype::put): 58106 (JSC::ObjectPrototype::getOwnPropertySlot): 58107 (JSC::ObjectPrototype::getOwnPropertyDescriptor): 58108 * runtime/ObjectPrototype.h: 58109 (JSC::ObjectPrototype::createStructure): 58110 * runtime/RegExpPrototype.cpp: 58111 (JSC::RegExpPrototype::RegExpPrototype): 58112 (JSC::RegExpPrototype::getOwnPropertySlot): 58113 (JSC::RegExpPrototype::getOwnPropertyDescriptor): 58114 * runtime/RegExpPrototype.h: 58115 (JSC::RegExpPrototype::createStructure): 58116 * runtime/StringConstructor.cpp: 58117 (JSC::StringConstructor::StringConstructor): 58118 (JSC::StringConstructor::getOwnPropertySlot): 58119 (JSC::StringConstructor::getOwnPropertyDescriptor): 58120 * runtime/StringConstructor.h: 58121 (JSC::StringConstructor::createStructure): Standardized these objects 58122 to use static tables for function properties. 58123 581242011-05-17 Sam Weinig <sam@webkit.org> 58125 58126 Reviewed by Oliver Hunt. 58127 58128 JSGlobalContextRelease should not trigger a synchronous garbage collection 58129 https://bugs.webkit.org/show_bug.cgi?id=60990 58130 58131 * API/JSContextRef.cpp: 58132 Change synchronous call to collectAllGarbage to a call to trigger the 58133 activityCallback. 58134 581352011-05-16 Oliver Hunt <oliver@apple.com> 58136 58137 Reviewed by Gavin Barraclough. 58138 58139 Reduce code size for inline cache 58140 https://bugs.webkit.org/show_bug.cgi?id=60942 58141 58142 This patch introduces the concept of a "compact" address that 58143 allows individual architectures to control the maximum offset 58144 used for the inline path of get_by_id. This reduces the code 58145 size of get_by_id by 3 bytes on x86 and x86_64 and slightly 58146 improves performance on v8 tests. 58147 58148 * assembler/ARMAssembler.h: 58149 (JSC::ARMAssembler::repatchCompact): 58150 * assembler/ARMv7Assembler.h: 58151 (JSC::ARMv7Assembler::repatchCompact): 58152 * assembler/AbstractMacroAssembler.h: 58153 (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact): 58154 (JSC::AbstractMacroAssembler::differenceBetween): 58155 (JSC::AbstractMacroAssembler::repatchCompact): 58156 * assembler/CodeLocation.h: 58157 (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact): 58158 (JSC::CodeLocationCommon::dataLabelCompactAtOffset): 58159 * assembler/LinkBuffer.h: 58160 (JSC::LinkBuffer::locationOf): 58161 * assembler/MIPSAssembler.h: 58162 (JSC::MIPSAssembler::repatchCompact): 58163 * assembler/MacroAssembler.h: 58164 (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch): 58165 * assembler/MacroAssemblerARM.h: 58166 (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch): 58167 * assembler/MacroAssemblerARMv7.h: 58168 (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch): 58169 * assembler/MacroAssemblerMIPS.h: 58170 (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch): 58171 * assembler/MacroAssemblerSH4.h: 58172 (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch): 58173 * assembler/MacroAssemblerX86.h: 58174 (JSC::MacroAssemblerX86::repatchCompact): 58175 * assembler/MacroAssemblerX86Common.h: 58176 (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch): 58177 * assembler/MacroAssemblerX86_64.h: 58178 (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch): 58179 * assembler/RepatchBuffer.h: 58180 (JSC::RepatchBuffer::repatch): 58181 * assembler/SH4Assembler.h: 58182 (JSC::SH4Assembler::repatchCompact): 58183 * assembler/X86Assembler.h: 58184 (JSC::X86Assembler::movl_mr_disp8): 58185 (JSC::X86Assembler::movq_mr_disp8): 58186 (JSC::X86Assembler::repatchCompact): 58187 (JSC::X86Assembler::setInt8): 58188 (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8): 58189 (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8): 58190 (JSC::X86Assembler::X86InstructionFormatter::memoryModRM): 58191 * jit/JIT.h: 58192 * jit/JITPropertyAccess.cpp: 58193 (JSC::JIT::compileGetByIdHotPath): 58194 (JSC::JIT::emit_op_put_by_id): 58195 (JSC::JIT::patchGetByIdSelf): 58196 * jit/JITPropertyAccess32_64.cpp: 58197 (JSC::JIT::compileGetByIdHotPath): 58198 (JSC::JIT::emit_op_put_by_id): 58199 (JSC::JIT::patchGetByIdSelf): 58200 * jit/JITStubs.cpp: 58201 (JSC::JITThunks::tryCacheGetByID): 58202 582032011-05-16 Sheriff Bot <webkit.review.bot@gmail.com> 58204 58205 Unreviewed, rolling out r86653. 58206 http://trac.webkit.org/changeset/86653 58207 https://bugs.webkit.org/show_bug.cgi?id=60944 58208 58209 "Caused regressions on Windows, OSX and EFL" (Requested by 58210 yutak on #webkit). 58211 58212 * DerivedSources.make: 58213 * DerivedSources.pro: 58214 * GNUmakefile.am: 58215 * GNUmakefile.list.am: 58216 * JavaScriptCore.exp: 58217 * JavaScriptCore.gypi: 58218 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 58219 * create_hash_table: 58220 * heap/Heap.cpp: 58221 (JSC::TypeCounter::operator()): 58222 * interpreter/CallFrame.h: 58223 (JSC::ExecState::arrayTable): 58224 (JSC::ExecState::numberTable): 58225 * runtime/ArrayConstructor.cpp: 58226 (JSC::ArrayConstructor::ArrayConstructor): 58227 * runtime/ArrayConstructor.h: 58228 * runtime/ArrayPrototype.cpp: 58229 (JSC::ArrayPrototype::getOwnPropertySlot): 58230 (JSC::ArrayPrototype::getOwnPropertyDescriptor): 58231 * runtime/ArrayPrototype.h: 58232 * runtime/BooleanPrototype.cpp: 58233 (JSC::BooleanPrototype::BooleanPrototype): 58234 * runtime/BooleanPrototype.h: 58235 * runtime/DateConstructor.cpp: 58236 (JSC::DateConstructor::DateConstructor): 58237 * runtime/DateConstructor.h: 58238 * runtime/ErrorPrototype.cpp: 58239 (JSC::ErrorPrototype::ErrorPrototype): 58240 * runtime/ErrorPrototype.h: 58241 * runtime/JSGlobalData.cpp: 58242 (JSC::JSGlobalData::JSGlobalData): 58243 (JSC::JSGlobalData::~JSGlobalData): 58244 * runtime/JSGlobalData.h: 58245 * runtime/JSGlobalObject.cpp: 58246 (JSC::JSGlobalObject::reset): 58247 * runtime/JSGlobalObject.h: 58248 (JSC::JSGlobalObject::addStaticGlobals): 58249 (JSC::JSGlobalObject::getOwnPropertySlot): 58250 (JSC::JSGlobalObject::getOwnPropertyDescriptor): 58251 * runtime/JSGlobalObjectFunctions.cpp: 58252 (JSC::globalFuncJSCPrint): 58253 * runtime/JSGlobalObjectFunctions.h: 58254 * runtime/MathObject.cpp: 58255 * runtime/NumberConstructor.cpp: 58256 (JSC::NumberConstructor::getOwnPropertySlot): 58257 (JSC::NumberConstructor::getOwnPropertyDescriptor): 58258 * runtime/NumberPrototype.cpp: 58259 (JSC::NumberPrototype::NumberPrototype): 58260 * runtime/NumberPrototype.h: 58261 * runtime/ObjectPrototype.cpp: 58262 (JSC::ObjectPrototype::ObjectPrototype): 58263 (JSC::ObjectPrototype::put): 58264 (JSC::ObjectPrototype::getOwnPropertySlot): 58265 * runtime/ObjectPrototype.h: 58266 * runtime/RegExpPrototype.cpp: 58267 (JSC::RegExpPrototype::RegExpPrototype): 58268 * runtime/RegExpPrototype.h: 58269 * runtime/StringConstructor.cpp: 58270 (JSC::StringConstructor::StringConstructor): 58271 * runtime/StringConstructor.h: 58272 582732011-05-16 Geoffrey Garen <ggaren@apple.com> 58274 58275 Reviewed by Geoffrey Garen. 58276 58277 Global object initialization is expensive 58278 https://bugs.webkit.org/show_bug.cgi?id=60933 58279 58280 Changed a bunch of globals to allocate their properties lazily, and changed 58281 the global object to allocate a bunch of its globals lazily. 58282 58283 This reduces the footprint of a global object from 287 objects with 58 58284 functions for 24K to 173 objects with 20 functions for 15K. 58285 58286 Large patch, but it's all mechanical. 58287 58288 * DerivedSources.make: 58289 * JavaScriptCore.exp: Build! 58290 58291 * create_hash_table: Added a special case for fromCharCode, since it uses 58292 a custom "thunk generator". 58293 58294 * heap/Heap.cpp: 58295 (JSC::TypeCounter::operator()): Fixed a bug where the type counter would 58296 overcount objects that were owned through more than one mechanism because 58297 it was getting in the way of counting the results for this patch. 58298 58299 * interpreter/CallFrame.h: 58300 (JSC::ExecState::arrayConstructorTable): 58301 (JSC::ExecState::arrayPrototypeTable): 58302 (JSC::ExecState::booleanPrototypeTable): 58303 (JSC::ExecState::dateConstructorTable): 58304 (JSC::ExecState::errorPrototypeTable): 58305 (JSC::ExecState::globalObjectTable): 58306 (JSC::ExecState::numberConstructorTable): 58307 (JSC::ExecState::numberPrototypeTable): 58308 (JSC::ExecState::objectPrototypeTable): 58309 (JSC::ExecState::regExpPrototypeTable): 58310 (JSC::ExecState::stringConstructorTable): Added new tables. 58311 58312 * runtime/ArrayConstructor.cpp: 58313 (JSC::ArrayConstructor::ArrayConstructor): 58314 (JSC::ArrayConstructor::getOwnPropertySlot): 58315 (JSC::ArrayConstructor::getOwnPropertyDescriptor): 58316 * runtime/ArrayConstructor.h: 58317 (JSC::ArrayConstructor::createStructure): 58318 * runtime/ArrayPrototype.cpp: 58319 (JSC::ArrayPrototype::getOwnPropertySlot): 58320 (JSC::ArrayPrototype::getOwnPropertyDescriptor): 58321 * runtime/ArrayPrototype.h: 58322 * runtime/BooleanPrototype.cpp: 58323 (JSC::BooleanPrototype::BooleanPrototype): 58324 (JSC::BooleanPrototype::getOwnPropertySlot): 58325 (JSC::BooleanPrototype::getOwnPropertyDescriptor): 58326 * runtime/BooleanPrototype.h: 58327 (JSC::BooleanPrototype::createStructure): 58328 * runtime/DateConstructor.cpp: 58329 (JSC::DateConstructor::DateConstructor): 58330 (JSC::DateConstructor::getOwnPropertySlot): 58331 (JSC::DateConstructor::getOwnPropertyDescriptor): 58332 * runtime/DateConstructor.h: 58333 (JSC::DateConstructor::createStructure): 58334 * runtime/ErrorPrototype.cpp: 58335 (JSC::ErrorPrototype::ErrorPrototype): 58336 (JSC::ErrorPrototype::getOwnPropertySlot): 58337 (JSC::ErrorPrototype::getOwnPropertyDescriptor): 58338 * runtime/ErrorPrototype.h: 58339 (JSC::ErrorPrototype::createStructure): Standardized these objects 58340 to use static tables for function properties. 58341 58342 * runtime/JSGlobalData.cpp: 58343 (JSC::JSGlobalData::JSGlobalData): 58344 (JSC::JSGlobalData::~JSGlobalData): 58345 * runtime/JSGlobalData.h: Added new tables. 58346 58347 * runtime/JSGlobalObject.cpp: 58348 (JSC::JSGlobalObject::reset): 58349 (JSC::JSGlobalObject::addStaticGlobals): 58350 (JSC::JSGlobalObject::getOwnPropertySlot): 58351 (JSC::JSGlobalObject::getOwnPropertyDescriptor): 58352 * runtime/JSGlobalObject.h: 58353 * runtime/JSGlobalObjectFunctions.cpp: 58354 * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a 58355 static table for its global functions. This required uninlining some 58356 things to avoid a circular header dependency. However, those things 58357 probably shouldn't have been inlined in the first place. 58358 58359 Even more global object properties can be made lazy, but that requires 58360 more in-depth changes. 58361 58362 * runtime/MathObject.cpp: 58363 * runtime/NumberConstructor.cpp: 58364 (JSC::NumberConstructor::getOwnPropertySlot): 58365 (JSC::NumberConstructor::getOwnPropertyDescriptor): 58366 * runtime/NumberPrototype.cpp: 58367 (JSC::NumberPrototype::NumberPrototype): 58368 (JSC::NumberPrototype::getOwnPropertySlot): 58369 (JSC::NumberPrototype::getOwnPropertyDescriptor): 58370 * runtime/NumberPrototype.h: 58371 (JSC::NumberPrototype::createStructure): 58372 * runtime/ObjectPrototype.cpp: 58373 (JSC::ObjectPrototype::ObjectPrototype): 58374 (JSC::ObjectPrototype::put): 58375 (JSC::ObjectPrototype::getOwnPropertySlot): 58376 (JSC::ObjectPrototype::getOwnPropertyDescriptor): 58377 * runtime/ObjectPrototype.h: 58378 (JSC::ObjectPrototype::createStructure): 58379 * runtime/RegExpPrototype.cpp: 58380 (JSC::RegExpPrototype::RegExpPrototype): 58381 (JSC::RegExpPrototype::getOwnPropertySlot): 58382 (JSC::RegExpPrototype::getOwnPropertyDescriptor): 58383 * runtime/RegExpPrototype.h: 58384 (JSC::RegExpPrototype::createStructure): 58385 * runtime/StringConstructor.cpp: 58386 (JSC::StringConstructor::StringConstructor): 58387 (JSC::StringConstructor::getOwnPropertySlot): 58388 (JSC::StringConstructor::getOwnPropertyDescriptor): 58389 * runtime/StringConstructor.h: 58390 (JSC::StringConstructor::createStructure): Standardized these objects 58391 to use static tables for function properties. 58392 583932011-05-16 David Kilzer <ddkilzer@apple.com> 58394 58395 <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2 58396 <rdar://problem/9446430> 58397 58398 Reviewed by Mark Rowe. 58399 58400 * Configurations/Base.xcconfig: Fixed typo. 58401 584022011-05-16 Oliver Hunt <oliver@apple.com> 58403 58404 Reviewed by Geoffrey Garen. 58405 58406 JSWeakObjectMap finalisation may occur while gc is in inconsistent state 58407 https://bugs.webkit.org/show_bug.cgi?id=60908 58408 <rdar://problem/9409491> 58409 58410 We need to ensure that we have called all the weak map finalizers while 58411 the global object (and hence global context) is still in a consistent 58412 state. The best way to achieve this is to simply use a weak handle and 58413 finalizer on the global object. 58414 58415 * JavaScriptCore.exp: 58416 * runtime/JSGlobalObject.cpp: 58417 (JSC::JSGlobalObject::WeakMapFinalizer::finalize): 58418 * runtime/JSGlobalObject.h: 58419 (JSC::JSGlobalObject::registerWeakMap): 58420 584212011-05-16 Siddharth Mathur <siddharth.mathur@nokia.com> 58422 58423 Reviewed by Laszlo Gombos. 58424 58425 [Qt][WK2][Symbian] Shared memory implementation for Symbian 58426 https://bugs.webkit.org/show_bug.cgi?id=55875 58427 58428 * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users 58429 584302011-05-16 Gavin Barraclough <barraclough@apple.com> 58431 58432 Rubber stamped by Geoff Garen. 58433 58434 https://bugs.webkit.org/show_bug.cgi?id=60866 58435 Evaluation order broken for empty alternatives in subpatterns 58436 58437 Reverting https://bugs.webkit.org/show_bug.cgi?id=51395 58438 58439 * yarr/YarrPattern.cpp: 58440 (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd): 58441 584422011-05-15 Gavin Barraclough <barraclough@apple.com> 58443 58444 Reviewed by Geoff Garen & Michael Saboff. 58445 58446 https://bugs.webkit.org/show_bug.cgi?id=60860 58447 Simplify backtracking in YARR JIT 58448 58449 YARR JIT currently performs a single pass of code generation over the pattern, 58450 with special handling to allow the code generation for some backtracking code 58451 out of line. We can simplify things by moving to a common mechanism whereby all 58452 forwards matching code is generated in one pass, and all backtracking code is 58453 generated in another. Backtracking code can be generated in reverse order, to 58454 optimized the common fall-through case. 58455 58456 To make it easier to walk over the pattern, we can first convert to a more 58457 byte-code like format before JIT generating. In time we should unify this with 58458 the YARR interpreter to more closely unify the two. 58459 58460 * yarr/YarrJIT.cpp: 58461 (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput): 58462 (JSC::Yarr::YarrGenerator::YarrOp::YarrOp): 58463 (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState): 58464 (JSC::Yarr::YarrGenerator::BacktrackingState::append): 58465 (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough): 58466 (JSC::Yarr::YarrGenerator::BacktrackingState::link): 58467 (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo): 58468 (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList): 58469 (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty): 58470 (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels): 58471 (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord): 58472 (JSC::Yarr::YarrGenerator::generateAssertionBOL): 58473 (JSC::Yarr::YarrGenerator::backtrackAssertionBOL): 58474 (JSC::Yarr::YarrGenerator::generateAssertionEOL): 58475 (JSC::Yarr::YarrGenerator::backtrackAssertionEOL): 58476 (JSC::Yarr::YarrGenerator::matchAssertionWordchar): 58477 (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary): 58478 (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary): 58479 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 58480 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce): 58481 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): 58482 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed): 58483 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): 58484 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): 58485 (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy): 58486 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): 58487 (JSC::Yarr::YarrGenerator::generateCharacterClassOnce): 58488 (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce): 58489 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): 58490 (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed): 58491 (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy): 58492 (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy): 58493 (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy): 58494 (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): 58495 (JSC::Yarr::YarrGenerator::generateTerm): 58496 (JSC::Yarr::YarrGenerator::backtrackTerm): 58497 (JSC::Yarr::YarrGenerator::generate): 58498 (JSC::Yarr::YarrGenerator::backtrack): 58499 (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern): 58500 (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion): 58501 (JSC::Yarr::YarrGenerator::opCompileAlternative): 58502 (JSC::Yarr::YarrGenerator::opCompileBody): 58503 (JSC::Yarr::YarrGenerator::YarrGenerator): 58504 (JSC::Yarr::YarrGenerator::compile): 58505 585062011-05-15 Adam Barth <abarth@webkit.org> 58507 58508 Enable strict PassOwnPtr on Qt. (Build fixes to follow.) 58509 58510 * wtf/PassOwnPtr.h: 58511 585122011-05-15 Geoffrey Garen <ggaren@apple.com> 58513 58514 Reviewed by Maciej Stachowiak. 58515 58516 Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower 58517 in browser than on command line 58518 58519 This patch fixes a few issues in generated code that could unreasonably 58520 prolong object lifetimes. 58521 58522 * heap/Heap.cpp: 58523 (JSC::Heap::collectAllGarbage): Throw away all function code before doing 58524 a major collection. We want to clear polymorphic caches, since they can 58525 keep alive large object graphs that have gone "stale". For the same reason, 58526 but to a lesser extent, we also want to clear linked functions and other 58527 one-off caches. 58528 58529 This has the side-benefit of reducing memory footprint from run-once 58530 functions, and of allowing predictions and caches that have failed to 58531 re-specialize. 58532 58533 Eventually, if compilation costs rise far enough, we may want a more 58534 limited strategy for de-specializing code without throwing it away 58535 completely, but this works for now, and it's the simplest solution. 58536 58537 * jit/JITStubs.cpp: 58538 (JSC::JITThunks::hostFunctionStub): 58539 * jit/JITStubs.h: 58540 * runtime/JSFunction.cpp: Made the host function stub cache weak -- 58541 otherwise it's effectively a memory leak that can seriously fragment the 58542 GC and JIT heaps. 58543 58544 (JSC::JSFunction::JSFunction): 58545 (JSC::JSFunction::visitChildren): Cleared up some comments that confused 58546 me when working with this code. 58547 585482011-05-13 Oliver Hunt <oliver@apple.com> 58549 58550 Reviewed by Geoffrey Garen. 58551 58552 Make GC validation more aggressive 58553 https://bugs.webkit.org/show_bug.cgi?id=60802 58554 58555 This patch makes the checks performed under GC_VALIDATION 58556 much more aggressive, and adds the checks to more places 58557 in order to allow us to catch GC bugs much closer to the 58558 point of failure. 58559 58560 * JavaScriptCore.exp: 58561 * JavaScriptCore.xcodeproj/project.pbxproj: 58562 * debugger/DebuggerActivation.cpp: 58563 (JSC::DebuggerActivation::visitChildren): 58564 * heap/MarkedBlock.cpp: 58565 (JSC::MarkedBlock::MarkedBlock): 58566 * heap/MarkedSpace.cpp: 58567 * runtime/Arguments.cpp: 58568 (JSC::Arguments::visitChildren): 58569 * runtime/Executable.cpp: 58570 (JSC::EvalExecutable::visitChildren): 58571 (JSC::ProgramExecutable::visitChildren): 58572 (JSC::FunctionExecutable::visitChildren): 58573 * runtime/Executable.h: 58574 * runtime/GetterSetter.cpp: 58575 (JSC::GetterSetter::visitChildren): 58576 * runtime/GetterSetter.h: 58577 * runtime/JSAPIValueWrapper.h: 58578 (JSC::JSAPIValueWrapper::createStructure): 58579 (JSC::JSAPIValueWrapper::JSAPIValueWrapper): 58580 * runtime/JSActivation.cpp: 58581 (JSC::JSActivation::visitChildren): 58582 * runtime/JSArray.cpp: 58583 (JSC::JSArray::visitChildren): 58584 * runtime/JSCell.cpp: 58585 (JSC::slowValidateCell): 58586 * runtime/JSCell.h: 58587 (JSC::JSCell::JSCell::unvalidatedStructure): 58588 (JSC::JSCell::JSCell::JSCell): 58589 * runtime/JSFunction.cpp: 58590 (JSC::JSFunction::visitChildren): 58591 * runtime/JSGlobalObject.cpp: 58592 (JSC::JSGlobalObject::visitChildren): 58593 (JSC::slowValidateCell): 58594 * runtime/JSONObject.h: 58595 * runtime/JSObject.cpp: 58596 (JSC::JSObject::visitChildren): 58597 * runtime/JSPropertyNameIterator.cpp: 58598 (JSC::JSPropertyNameIterator::visitChildren): 58599 * runtime/JSPropertyNameIterator.h: 58600 * runtime/JSStaticScopeObject.cpp: 58601 (JSC::JSStaticScopeObject::visitChildren): 58602 * runtime/JSString.h: 58603 (JSC::RopeBuilder::JSString): 58604 * runtime/JSWrapperObject.cpp: 58605 (JSC::JSWrapperObject::visitChildren): 58606 * runtime/NativeErrorConstructor.cpp: 58607 (JSC::NativeErrorConstructor::visitChildren): 58608 * runtime/PropertyMapHashTable.h: 58609 (JSC::PropertyMapEntry::PropertyMapEntry): 58610 * runtime/RegExpObject.cpp: 58611 (JSC::RegExpObject::visitChildren): 58612 * runtime/ScopeChain.cpp: 58613 (JSC::ScopeChainNode::visitChildren): 58614 * runtime/ScopeChain.h: 58615 (JSC::ScopeChainNode::ScopeChainNode): 58616 * runtime/Structure.cpp: 58617 (JSC::Structure::Structure): 58618 (JSC::Structure::addPropertyTransition): 58619 (JSC::Structure::visitChildren): 58620 * runtime/Structure.h: 58621 (JSC::JSCell::classInfo): 58622 * runtime/StructureChain.cpp: 58623 (JSC::StructureChain::visitChildren): 58624 * runtime/StructureChain.h: 58625 * runtime/WriteBarrier.h: 58626 (JSC::validateCell): 58627 (JSC::JSCell): 58628 (JSC::JSGlobalObject): 58629 (JSC::WriteBarrierBase::set): 58630 (JSC::WriteBarrierBase::setMayBeNull): 58631 (JSC::WriteBarrierBase::setEarlyValue): 58632 (JSC::WriteBarrierBase::get): 58633 (JSC::WriteBarrierBase::operator*): 58634 (JSC::WriteBarrierBase::operator->): 58635 (JSC::WriteBarrierBase::unvalidatedGet): 58636 (JSC::WriteBarrier::WriteBarrier): 58637 * wtf/Assertions.h: 58638 586392011-05-13 Oliver Hunt <oliver@apple.com> 58640 58641 Reviewed by Geoffrey Garen. 58642 58643 Make GC validation more aggressive 58644 https://bugs.webkit.org/show_bug.cgi?id=60802 58645 58646 This patch makes the checks performed under GC_VALIDATION 58647 much more aggressive, and adds the checks to more places 58648 in order to allow us to catch GC bugs much closer to the 58649 point of failure. 58650 58651 * JavaScriptCore.exp: 58652 * JavaScriptCore.xcodeproj/project.pbxproj: 58653 * debugger/DebuggerActivation.cpp: 58654 (JSC::DebuggerActivation::visitChildren): 58655 * heap/MarkedBlock.cpp: 58656 (JSC::MarkedBlock::MarkedBlock): 58657 * heap/MarkedSpace.cpp: 58658 * runtime/Arguments.cpp: 58659 (JSC::Arguments::visitChildren): 58660 * runtime/Executable.cpp: 58661 (JSC::EvalExecutable::visitChildren): 58662 (JSC::ProgramExecutable::visitChildren): 58663 (JSC::FunctionExecutable::visitChildren): 58664 * runtime/Executable.h: 58665 * runtime/GetterSetter.cpp: 58666 (JSC::GetterSetter::visitChildren): 58667 * runtime/GetterSetter.h: 58668 * runtime/JSAPIValueWrapper.h: 58669 (JSC::JSAPIValueWrapper::createStructure): 58670 (JSC::JSAPIValueWrapper::JSAPIValueWrapper): 58671 * runtime/JSActivation.cpp: 58672 (JSC::JSActivation::visitChildren): 58673 * runtime/JSArray.cpp: 58674 (JSC::JSArray::visitChildren): 58675 * runtime/JSCell.cpp: 58676 (JSC::slowValidateCell): 58677 * runtime/JSCell.h: 58678 (JSC::JSCell::JSCell::unvalidatedStructure): 58679 (JSC::JSCell::JSCell::JSCell): 58680 * runtime/JSFunction.cpp: 58681 (JSC::JSFunction::visitChildren): 58682 * runtime/JSGlobalObject.cpp: 58683 (JSC::JSGlobalObject::visitChildren): 58684 (JSC::slowValidateCell): 58685 * runtime/JSONObject.h: 58686 * runtime/JSObject.cpp: 58687 (JSC::JSObject::visitChildren): 58688 * runtime/JSPropertyNameIterator.cpp: 58689 (JSC::JSPropertyNameIterator::visitChildren): 58690 * runtime/JSPropertyNameIterator.h: 58691 * runtime/JSStaticScopeObject.cpp: 58692 (JSC::JSStaticScopeObject::visitChildren): 58693 * runtime/JSString.h: 58694 (JSC::RopeBuilder::JSString): 58695 * runtime/JSWrapperObject.cpp: 58696 (JSC::JSWrapperObject::visitChildren): 58697 * runtime/NativeErrorConstructor.cpp: 58698 (JSC::NativeErrorConstructor::visitChildren): 58699 * runtime/PropertyMapHashTable.h: 58700 (JSC::PropertyMapEntry::PropertyMapEntry): 58701 * runtime/RegExpObject.cpp: 58702 (JSC::RegExpObject::visitChildren): 58703 * runtime/ScopeChain.cpp: 58704 (JSC::ScopeChainNode::visitChildren): 58705 * runtime/ScopeChain.h: 58706 (JSC::ScopeChainNode::ScopeChainNode): 58707 * runtime/Structure.cpp: 58708 (JSC::Structure::Structure): 58709 (JSC::Structure::addPropertyTransition): 58710 (JSC::Structure::visitChildren): 58711 * runtime/Structure.h: 58712 (JSC::JSCell::classInfo): 58713 * runtime/StructureChain.cpp: 58714 (JSC::StructureChain::visitChildren): 58715 * runtime/StructureChain.h: 58716 * runtime/WriteBarrier.h: 58717 (JSC::validateCell): 58718 (JSC::JSCell): 58719 (JSC::JSGlobalObject): 58720 (JSC::WriteBarrierBase::set): 58721 (JSC::WriteBarrierBase::setMayBeNull): 58722 (JSC::WriteBarrierBase::setEarlyValue): 58723 (JSC::WriteBarrierBase::get): 58724 (JSC::WriteBarrierBase::operator*): 58725 (JSC::WriteBarrierBase::operator->): 58726 (JSC::WriteBarrierBase::unvalidatedGet): 58727 (JSC::WriteBarrier::WriteBarrier): 58728 * wtf/Assertions.h: 58729 587302011-05-14 Csaba Osztrogonác <ossy@webkit.org> 58731 58732 Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt. 58733 58734 Make GC validation more aggressive 58735 https://bugs.webkit.org/show_bug.cgi?id=60802 58736 58737 * JavaScriptCore.exp: 58738 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 58739 * JavaScriptCore.xcodeproj/project.pbxproj: 58740 * debugger/DebuggerActivation.cpp: 58741 (JSC::DebuggerActivation::visitChildren): 58742 * heap/MarkedBlock.cpp: 58743 (JSC::MarkedBlock::MarkedBlock): 58744 * heap/MarkedSpace.cpp: 58745 * runtime/Arguments.cpp: 58746 (JSC::Arguments::visitChildren): 58747 * runtime/Executable.cpp: 58748 (JSC::EvalExecutable::visitChildren): 58749 (JSC::ProgramExecutable::visitChildren): 58750 (JSC::FunctionExecutable::visitChildren): 58751 * runtime/Executable.h: 58752 (JSC::ProgramExecutable::createStructure): 58753 (JSC::FunctionExecutable::createStructure): 58754 * runtime/GetterSetter.cpp: 58755 (JSC::GetterSetter::visitChildren): 58756 * runtime/GetterSetter.h: 58757 (JSC::GetterSetter::createStructure): 58758 * runtime/JSAPIValueWrapper.h: 58759 (JSC::JSAPIValueWrapper::createStructure): 58760 * runtime/JSActivation.cpp: 58761 (JSC::JSActivation::visitChildren): 58762 * runtime/JSArray.cpp: 58763 (JSC::JSArray::visitChildren): 58764 * runtime/JSCell.cpp: 58765 * runtime/JSCell.h: 58766 (JSC::JSCell::JSCell::JSCell): 58767 * runtime/JSFunction.cpp: 58768 (JSC::JSFunction::visitChildren): 58769 * runtime/JSGlobalObject.cpp: 58770 (JSC::JSGlobalObject::visitChildren): 58771 * runtime/JSONObject.h: 58772 (JSC::JSONObject::createStructure): 58773 * runtime/JSObject.cpp: 58774 (JSC::JSObject::visitChildren): 58775 * runtime/JSPropertyNameIterator.cpp: 58776 (JSC::JSPropertyNameIterator::visitChildren): 58777 * runtime/JSPropertyNameIterator.h: 58778 * runtime/JSStaticScopeObject.cpp: 58779 (JSC::JSStaticScopeObject::visitChildren): 58780 * runtime/JSString.h: 58781 (JSC::RopeBuilder::createStructure): 58782 * runtime/JSWrapperObject.cpp: 58783 (JSC::JSWrapperObject::visitChildren): 58784 * runtime/NativeErrorConstructor.cpp: 58785 (JSC::NativeErrorConstructor::visitChildren): 58786 * runtime/PropertyMapHashTable.h: 58787 (JSC::PropertyMapEntry::PropertyMapEntry): 58788 * runtime/RegExpObject.cpp: 58789 (JSC::RegExpObject::visitChildren): 58790 * runtime/ScopeChain.cpp: 58791 (JSC::ScopeChainNode::visitChildren): 58792 * runtime/ScopeChain.h: 58793 (JSC::ScopeChainNode::ScopeChainNode): 58794 * runtime/Structure.cpp: 58795 (JSC::Structure::Structure): 58796 (JSC::Structure::addPropertyTransition): 58797 (JSC::Structure::visitChildren): 58798 * runtime/Structure.h: 58799 (JSC::Structure::createStructure): 58800 (JSC::JSCell::classInfo): 58801 * runtime/StructureChain.cpp: 58802 (JSC::StructureChain::visitChildren): 58803 * runtime/StructureChain.h: 58804 * runtime/WriteBarrier.h: 58805 (JSC::WriteBarrierBase::set): 58806 (JSC::WriteBarrierBase::get): 58807 (JSC::WriteBarrierBase::operator*): 58808 (JSC::WriteBarrierBase::operator->): 58809 (JSC::WriteBarrier::WriteBarrier): 58810 * wtf/Assertions.h: 58811 588122011-05-13 Oliver Hunt <oliver@apple.com> 58813 58814 Reviewed by Geoffrey Garen. 58815 58816 Make GC validation more aggressive 58817 https://bugs.webkit.org/show_bug.cgi?id=60802 58818 58819 This patch makes the checks performed under GC_VALIDATION 58820 much more aggressive, and adds the checks to more places 58821 in order to allow us to catch GC bugs much closer to the 58822 point of failure. 58823 58824 * JavaScriptCore.exp: 58825 * JavaScriptCore.xcodeproj/project.pbxproj: 58826 * debugger/DebuggerActivation.cpp: 58827 (JSC::DebuggerActivation::visitChildren): 58828 * heap/MarkedBlock.cpp: 58829 (JSC::MarkedBlock::MarkedBlock): 58830 * heap/MarkedSpace.cpp: 58831 * runtime/Arguments.cpp: 58832 (JSC::Arguments::visitChildren): 58833 * runtime/Executable.cpp: 58834 (JSC::EvalExecutable::visitChildren): 58835 (JSC::ProgramExecutable::visitChildren): 58836 (JSC::FunctionExecutable::visitChildren): 58837 * runtime/Executable.h: 58838 * runtime/GetterSetter.cpp: 58839 (JSC::GetterSetter::visitChildren): 58840 * runtime/GetterSetter.h: 58841 * runtime/JSAPIValueWrapper.h: 58842 (JSC::JSAPIValueWrapper::createStructure): 58843 (JSC::JSAPIValueWrapper::JSAPIValueWrapper): 58844 * runtime/JSActivation.cpp: 58845 (JSC::JSActivation::visitChildren): 58846 * runtime/JSArray.cpp: 58847 (JSC::JSArray::visitChildren): 58848 * runtime/JSCell.cpp: 58849 (JSC::slowValidateCell): 58850 * runtime/JSCell.h: 58851 (JSC::JSCell::JSCell::unvalidatedStructure): 58852 (JSC::JSCell::JSCell::JSCell): 58853 * runtime/JSFunction.cpp: 58854 (JSC::JSFunction::visitChildren): 58855 * runtime/JSGlobalObject.cpp: 58856 (JSC::JSGlobalObject::visitChildren): 58857 (JSC::slowValidateCell): 58858 * runtime/JSONObject.h: 58859 * runtime/JSObject.cpp: 58860 (JSC::JSObject::visitChildren): 58861 * runtime/JSPropertyNameIterator.cpp: 58862 (JSC::JSPropertyNameIterator::visitChildren): 58863 * runtime/JSPropertyNameIterator.h: 58864 * runtime/JSStaticScopeObject.cpp: 58865 (JSC::JSStaticScopeObject::visitChildren): 58866 * runtime/JSString.h: 58867 (JSC::RopeBuilder::JSString): 58868 * runtime/JSWrapperObject.cpp: 58869 (JSC::JSWrapperObject::visitChildren): 58870 * runtime/NativeErrorConstructor.cpp: 58871 (JSC::NativeErrorConstructor::visitChildren): 58872 * runtime/PropertyMapHashTable.h: 58873 (JSC::PropertyMapEntry::PropertyMapEntry): 58874 * runtime/RegExpObject.cpp: 58875 (JSC::RegExpObject::visitChildren): 58876 * runtime/ScopeChain.cpp: 58877 (JSC::ScopeChainNode::visitChildren): 58878 * runtime/ScopeChain.h: 58879 (JSC::ScopeChainNode::ScopeChainNode): 58880 * runtime/Structure.cpp: 58881 (JSC::Structure::Structure): 58882 (JSC::Structure::addPropertyTransition): 58883 (JSC::Structure::visitChildren): 58884 * runtime/Structure.h: 58885 (JSC::JSCell::classInfo): 58886 * runtime/StructureChain.cpp: 58887 (JSC::StructureChain::visitChildren): 58888 * runtime/StructureChain.h: 58889 * runtime/WriteBarrier.h: 58890 (JSC::validateCell): 58891 (JSC::JSCell): 58892 (JSC::JSGlobalObject): 58893 (JSC::WriteBarrierBase::set): 58894 (JSC::WriteBarrierBase::setMayBeNull): 58895 (JSC::WriteBarrierBase::setEarlyValue): 58896 (JSC::WriteBarrierBase::get): 58897 (JSC::WriteBarrierBase::operator*): 58898 (JSC::WriteBarrierBase::operator->): 58899 (JSC::WriteBarrierBase::unvalidatedGet): 58900 (JSC::WriteBarrier::WriteBarrier): 58901 * wtf/Assertions.h: 58902 589032011-05-01 Holger Hans Peter Freyther <holger@moiji-mobile.com> 58904 58905 Reviewed by Steve Block. 58906 58907 [android] OS(ANDROID) does not imply PLATFORM(ANDROID) 58908 https://bugs.webkit.org/show_bug.cgi?id=59888 58909 58910 It is possible to build QtWebKit and others for OS(ANDROID). Let 58911 the buildsystem decide which platform is to be build. 58912 58913 * wtf/Platform.h: 58914 589152011-05-12 Maciej Stachowiak <mjs@apple.com> 58916 58917 Reviewed by Darin Adler. 58918 58919 XMLDocumentParserLibxml2 should play nice with strict OwnPtrs 58920 https://bugs.webkit.org/show_bug.cgi?id=59394 58921 58922 This portion of the change introduces a PassTraits template, which 58923 is used to enable takeFirst() to work for a Deque holding OwnPtrs, 58924 and optimize it for a Deque holding RefPtrs. In the future it can 58925 be deployed elsewhere to make our data structures work better with 58926 our smart pointers. 58927 58928 * GNUmakefile.list.am: 58929 * JavaScriptCore.gypi: 58930 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 58931 * JavaScriptCore.xcodeproj/project.pbxproj: 58932 * wtf/CMakeLists.txt: 58933 * wtf/Deque.h: 58934 (WTF::::takeFirst): 58935 * wtf/PassTraits.h: Added. 58936 (WTF::PassTraits::transfer): 58937 589382011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> 58939 58940 Not reviewed. 58941 58942 Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works. 58943 58944 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 58945 589462011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> 58947 58948 Not reviewed. 58949 58950 String operator+ reallocates unnecessarily when concatting > 2 strings 58951 https://bugs.webkit.org/show_bug.cgi?id=58420 58952 58953 Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before. 58954 58955 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 58956 589572011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> 58958 58959 Reviewed by Darin Adler. 58960 58961 String operator+ reallocates unnecessarily when concatting > 2 strings 58962 https://bugs.webkit.org/show_bug.cgi?id=58420 58963 58964 Provide a faster String append operator. 58965 Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary 58966 object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting 58967 N strings using operator+, this leads to N-1 reallocations. 58968 58969 Replace this with a flexible operator+ implementation, that avoids these reallocations. 58970 When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..) 58971 a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays 58972 creation of the final string, until operator String() is invoked. 58973 58974 template<typename T> 58975 StringAppend<String, T> operator+(const String& string1, T string2) 58976 { 58977 return StringAppend<String, T>(string1, string2); 58978 } 58979 58980 template<typename U, typename V, typename W> 58981 StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2) 58982 { 58983 return StringAppend<U, StringAppend<V, W> >(string1, string2); 58984 } 58985 58986 When concatting three strings - "String a, b, c; String result = a + b + c;" following happens: 58987 first a StringAppend<String, String> object is created by operator+(const String& string1, String string2). 58988 Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns 58989 a StringAppend<String, StringAppend<String, String> > object. 58990 Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the 58991 final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us 58992 against too big string allocations, etc. 58993 58994 Note that the second template, defines a recursive way to concat an arbitary number of strings 58995 into a single String with just one allocation. 58996 58997 * GNUmakefile.list.am: Add StringOperators.h to build. 58998 * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols. 58999 * JavaScriptCore.gypi: Add StringOperators.h to build. 59000 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto. 59001 * JavaScriptCore.xcodeproj/project.pbxproj: Ditto. 59002 * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file. 59003 * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file. 59004 * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file. 59005 (WTF::StringAppend::StringAppend): 59006 (WTF::StringAppend::operator String): 59007 (WTF::StringAppend::operator AtomicString): 59008 (WTF::StringAppend::writeTo): 59009 (WTF::StringAppend::length): 59010 (WTF::operator+): 59011 * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append(). 59012 (WTF::emptyString): Add new shared empty string free function. 59013 * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file. 59014 590152011-05-12 Philippe Normand <pnormand@igalia.com> 59016 59017 Unreviewed, GTK build fix. 59018 59019 * wtf/Platform.h: 59020 590212011-05-12 Keith Kyzivat <keith.kyzivat@nokia.com> 59022 59023 Reviewed by Csaba Osztrogonác. 59024 59025 [Qt] Arm debug build failing on ARMAssembler::debugOffset() 59026 https://bugs.webkit.org/show_bug.cgi?id=60688 59027 59028 Related to svn rev 85523 59029 59030 * assembler/ARMAssembler.h: 59031 (JSC::ARMAssembler::debugOffset): 59032 590332011-05-11 Igor Oliveira <igor.oliveira@openbossa.org> 59034 59035 Reviewed by Eric Seidel. 59036 59037 WebKit does not build with GCCE 59038 https://bugs.webkit.org/show_bug.cgi?id=60667 59039 59040 Allow compile WebKit with GCCE 59041 59042 * wtf/Alignment.h: 59043 * wtf/Platform.h: 59044 590452011-05-11 Adam Barth <abarth@webkit.org> 59046 59047 Reviewed by Eric Seidel. 59048 59049 Enable strict PassOwnPtr on Mac 59050 https://bugs.webkit.org/show_bug.cgi?id=60684 59051 59052 This should build cleanly now. 59053 59054 * wtf/PassOwnPtr.h: 59055 590562011-05-11 Oliver Hunt <oliver@apple.com> 59057 59058 Reviewed by Darin Adler. 59059 59060 Protect JSC from WebCore executing JS during JS wrapper finalization 59061 https://bugs.webkit.org/show_bug.cgi?id=60672 59062 <rdar://problem/9350997> 59063 59064 Detect when we're trying to execute JS during GC and prevent the 59065 execution from happening. We also assert that this isn't happening 59066 as it implies incorrect behaviour of an object's destructor. 59067 59068 * JavaScriptCore.exp: 59069 * heap/Heap.cpp: 59070 * heap/Heap.h: 59071 (JSC::Heap::isBusy): 59072 * interpreter/Interpreter.cpp: 59073 (JSC::Interpreter::execute): 59074 (JSC::Interpreter::executeCall): 59075 (JSC::Interpreter::executeConstruct): 59076 * runtime/JSGlobalData.h: 59077 (JSC::JSGlobalData::isCollectorBusy): 59078 590792011-05-11 Oliver Hunt <oliver@apple.com> 59080 59081 Reviewed by Gavin Barraclough. 59082 59083 Enable gc mark validation in temporarily in release builds 59084 https://bugs.webkit.org/show_bug.cgi?id=60678 59085 59086 Make it easier to turn the gc mark validation on and off, and 59087 temporarily turn it on for all builds. 59088 59089 * heap/MarkStack.cpp: 59090 * heap/MarkStack.h: 59091 (JSC::MarkStack::append): 59092 (JSC::MarkStack::internalAppend): 59093 * runtime/WriteBarrier.h: 59094 (JSC::MarkStack::appendValues): 59095 * wtf/Platform.h: 59096 590972011-05-11 Geoffrey Garen <ggaren@apple.com> 59098 59099 Reviewed by Oliver Hunt. 59100 59101 <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com 59102 59103 SunSpider reports no change. 59104 59105 This bug was caused by changing Structure and Executable to being GC 59106 objects, and by a long-standing bug that would thrash the global object 59107 between dictionary and non-dictionary states. 59108 59109 * runtime/BatchedTransitionOptimizer.h: 59110 (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't 59111 eagerly transition to dictionary -- this can cause pathological dictionary 59112 churn, and it's not necessary, since objects know how to automatically 59113 transition to dictionary when necessary. 59114 59115 * runtime/Executable.cpp: 59116 (JSC::EvalExecutable::compileInternal): 59117 (JSC::ProgramExecutable::compileInternal): 59118 (JSC::FunctionExecutable::compileForCallInternal): 59119 (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report 59120 extra cost from compilation, because it can be quite high. This is especially 59121 important for program code, since DOM timers can repeatedly allocate 59122 program code without allocating any other objects. 59123 59124 * runtime/JSObject.cpp: 59125 (JSC::JSObject::removeDirect): Don't transition to the uncacheable state 59126 if the thing we're trying to remove doesn't exist. This can happen during 59127 compilation, since the compiler needs to ensure that no pre-existing 59128 conflicting definitions exist for certain declarations. 59129 591302011-05-11 Oliver Hunt <oliver@apple.com> 59131 59132 Reviewed by Gavin Barraclough. 59133 59134 Make mark stack validation functions do something useful in a release build 59135 https://bugs.webkit.org/show_bug.cgi?id=60645 59136 59137 Turn ASSERTs into actual if(...) CRASH(); statements. 59138 59139 * heap/MarkStack.cpp: 59140 (JSC::MarkStack::validateValue): 59141 591422011-05-11 Xan Lopez <xlopez@igalia.com> 59143 59144 Reviewed by Martin Robinson. 59145 59146 Fix copy&paste error in comment. 59147 59148 * jit/JITPropertyAccess.cpp: 59149 (JSC::JIT::stringGetByValStubGenerator): the value is stored in 59150 regT2, not regT1. 59151 591522011-05-11 Adam Roben <aroben@apple.com> 59153 59154 WinCE build fixes for strict PassOwnPtr 59155 59156 * wtf/unicode/CollatorDefault.cpp: 59157 (WTF::Collator::userDefault): Use adoptPtr. 59158 591592011-05-11 Holger Hans Peter Freyther <holger@moiji-mobile.com> 59160 59161 Unreviewed build fix. 59162 59163 [MIPS] Fix compilation of the MIPS JIT 59164 59165 Include the MIPSAssembler.h first to indirectly include 59166 AssemblerBuffer.h before the AbstractMacroAssembler.h. This 59167 order is used for the ARM and X86 MacroAssembler*.h 59168 59169 * assembler/MacroAssemblerMIPS.h: 59170 591712011-05-11 Adam Roben <aroben@apple.com> 59172 59173 Turn on strict PassOwnPtr on Windows 59174 59175 Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled 59176 59177 Reviewed by Adam Barth. 59178 59179 * wtf/PassOwnPtr.h: 59180 591812011-05-10 Stephanie Lewis <slewis@apple.com> 59182 59183 Unreviewed. 59184 59185 Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130 59186 59187 * Configurations/JavaScriptCore.xcconfig: 59188 591892011-05-10 Adam Barth <abarth@webkit.org> 59190 59191 Reviewed by David Levin. 59192 59193 Enable strict PassOwnPtr on Chromium 59194 https://bugs.webkit.org/show_bug.cgi?id=60502 59195 59196 Other platforms to follow. 59197 59198 * wtf/PassOwnPtr.h: 59199 592002011-05-10 Geoffrey Garen <ggaren@apple.com> 59201 59202 Reviewed by Darin Adler. 59203 59204 Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier 59205 https://bugs.webkit.org/show_bug.cgi?id=60532 59206 59207 * GNUmakefile.list.am: 59208 * JavaScriptCore.gypi: 59209 * JavaScriptCore.xcodeproj/project.pbxproj: Build! 59210 59211 * heap/Handle.h: Moved HandleTypes to its own header because that's the 59212 WebKit style, and it was necessary to resolve a circular dependency 59213 between Handle.h and WriteBarrier.h. 59214 59215 * heap/Heap.h: 59216 (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to 59217 verify that all the code is in the right place. 59218 59219 * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to 59220 resolve a circular dependency. 59221 59222 * runtime/ArgList.h: 59223 * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for 59224 free anymore. 59225 59226 * runtime/PropertyMapHashTable.h: 59227 (JSC::PropertyTable::PropertyTable): Call the real writeBarrier() 59228 function, now that it exists. 59229 59230 * runtime/SmallStrings.h: Removed a stray #include to resolve a circular 59231 dependency. 59232 59233 * runtime/WriteBarrier.h: 59234 (JSC::WriteBarrierBase::set): 59235 (JSC::MarkStack::append): 59236 (JSC::MarkStack::appendValues): Updated to match the changes above. 59237 592382011-05-10 Oliver Hunt <oliver@apple.com> 59239 59240 Build fix. 59241 59242 * heap/MarkStack.cpp: 59243 (JSC::MarkStack::validateValue): 59244 592452011-05-10 Oliver Hunt <oliver@apple.com> 59246 59247 Reviewed by Gavin Barraclough. 59248 59249 Add some aggressive GC validation to debug builds. 59250 https://bugs.webkit.org/show_bug.cgi?id=60601 59251 59252 When assertions are enabled we now do some validity checking 59253 of objects being added to the mark stack. 59254 59255 * bytecode/Instruction.h: 59256 (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo): 59257 (JSC::PolymorphicAccessStructureList::visitAggregate): 59258 * heap/MarkStack.cpp: 59259 (JSC::MarkStack::validateSet): 59260 (JSC::MarkStack::validateValue): 59261 * heap/MarkStack.h: 59262 (JSC::MarkStack::appendValues): 59263 (JSC::MarkStack::append): 59264 (JSC::MarkStack::internalAppend): 59265 592662011-05-09 Darin Adler <darin@apple.com> 59267 59268 Reviewed by Oliver Hunt. 59269 59270 http://bugs.webkit.org/show_bug.cgi?id=60509 59271 Wrong type used for return value from strlen 59272 59273 * wtf/FastMalloc.cpp: 59274 (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since 59275 fastMalloc won't return if it fails. 59276 592772011-05-09 Adam Barth <abarth@webkit.org> 59278 59279 Reviewed by Eric Seidel. 59280 59281 CSP should block Function constructor 59282 https://bugs.webkit.org/show_bug.cgi?id=60240 59283 59284 When eval is disabled, we need to block the use of the function 59285 constructor. However, the WebCore JSC bindings call the function 59286 constructor directly to create inline event listeners. To support that 59287 use, this patch adds an entrypoint that bypasses the check for whether 59288 eval is enabled. 59289 59290 * JavaScriptCore.exp: 59291 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 59292 * runtime/FunctionConstructor.cpp: 59293 (JSC::constructFunction): 59294 (JSC::constructFunctionSkippingEvalEnabledCheck): 59295 * runtime/FunctionConstructor.h: 59296 592972011-05-09 Adam Roben <aroben@apple.com> 59298 59299 Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes 59300 59301 Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other 59302 WebKit1 IDL file changes to avoid build errors 59303 59304 Reviewed by Tim Hatcher. 59305 59306 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: 59307 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: 59308 Updated for script rename. 59309 59310 * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed. 59311 * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed 59312 from react-to-vsprops-changes.py. 59313 (top level): Moved a constant here from main. 59314 (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new 59315 react_to_webkit1_interface_changes function. 59316 (react_to_vsprops_changes): Moved code here from main. Updated to use the 59317 TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa 59318 and touch_if_older_than. 59319 (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL 59320 file has changed. 59321 (mtime_of_newest_file_matching_glob): Added. Code came from main. 59322 (touch_if_older_than): Added. Code came from main. 59323 593242011-05-08 Jessie Berlin <jberlin@apple.com> 59325 59326 Reviewed by Dan Bernstein. 59327 59328 Make JSRetainPtr work with JSGlobalContextRefs. 59329 https://bugs.webkit.org/show_bug.cgi?id=60452 59330 59331 Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs. 59332 59333 * API/JSRetainPtr.h: 59334 (JSRetain): 59335 (JSRelease): 59336 593372011-05-07 Dawit Alemayehu <adawit@kde.org> 59338 59339 Reviewed by Daniel Bates. 59340 59341 Fix compile with GCC 4.6.0 59342 https://bugs.webkit.org/show_bug.cgi?id=60380 59343 59344 Remove unused local variable from code. 59345 59346 * runtime/StringPrototype.cpp: 59347 (JSC::stringProtoFuncMatch): 59348 593492011-05-06 Alexis Menard <alexis.menard@openbossa.org> 59350 59351 Unreviewed build fix with gcc 4.6.0 on linux and c++0x support. 59352 59353 std::tr1::has_trivial_constructor is in <tr1/memory>. 59354 59355 * wtf/TypeTraits.h: 59356 593572011-05-05 Jay Civelli <jcivelli@chromium.org> 59358 59359 Reviewed by Adam Barth. 59360 59361 Added convenience methods to convert from a byte to hex ASCII digit 59362 characters and vice-versa. 59363 https://bugs.webkit.org/show_bug.cgi?id=59834 59364 59365 * wtf/ASCIICType.h: 59366 (WTF::toASCIIHexValue): 59367 (WTF::lowerNibbleToASCIIHexDigit): 59368 (WTF::upperNibbleToASCIIHexDigit): 59369 593702011-05-05 Alexis Menard <alexis.menard@openbossa.org> 59371 59372 Reviewed by Benjamin Poulain. 59373 59374 [Qt] Make QtWebKit build when using gcc 4.6.0 59375 https://bugs.webkit.org/show_bug.cgi?id=60265 59376 59377 If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate 59378 the c++0x support because it works. 59379 59380 * JavaScriptCore.pro: 59381 593822011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch> 59383 59384 Reviewed by Geoffrey Garen. 59385 59386 Port MachineStackMarker.cpp to Windows x64 59387 https://bugs.webkit.org/show_bug.cgi?id=60216 59388 59389 * heap/MachineStackMarker.cpp: 59390 (JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also 59391 on 64-bit Windows. 59392 (JSC::otherThreadStackPointer): return the Rsp register on Windows x64. 59393 593942011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch> 59395 59396 Reviewed by Martin Robinson. 59397 59398 Link libjavascriptcoregtk on Windows with winmm.dll 59399 https://bugs.webkit.org/show_bug.cgi?id=60215 59400 59401 * GNUmakefile.am: 59402 594032011-05-04 Tao Bai <michaelbai@chromium.org> 59404 59405 Reviewed by David Kilzer. 59406 59407 Populate touch-icon url to FrameLoaderClient 59408 https://bugs.webkit.org/show_bug.cgi?id=59143 59409 59410 * Configurations/FeatureDefines.xcconfig: 59411 594122011-05-03 Geoffrey Garen <ggaren@apple.com> 59413 59414 Reviewed by Darin Adler. 59415 59416 <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr 59417 59418 * dfg/DFGSpeculativeJIT.cpp: 59419 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of 59420 code that accidentally survived the conversion to a switch statement, 59421 causing a lot of important code not to run most of the time. 59422 59423 Since this is not a trivial finger-picking mistake, I will not call it a 59424 typo. 59425 594262011-05-04 Adam Roben <aroben@apple.com> 59427 59428 Another attempted build fix 59429 59430 * wtf/OwnPtr.h: 59431 (WTF::OwnPtr::operator==): 59432 (WTF::OwnPtr::operator!=): 59433 * wtf/PassOwnPtr.h: 59434 (WTF::PassOwnPtr::operator==): 59435 (WTF::PassOwnPtr::operator!=): 59436 Added a return statement. And made a tweak based on a suggestion from Anders Carlsson. 59437 594382011-05-04 Adam Roben <aroben@apple.com> 59439 59440 Try to fix Leopard, Qt, and probably others 59441 59442 * wtf/OwnPtr.h: 59443 (WTF::OwnPtr::operator==): 59444 (WTF::OwnPtr::operator!=): 59445 * wtf/PassOwnPtr.h: 59446 (WTF::PassOwnPtr::operator==): 59447 (WTF::PassOwnPtr::operator!=): 59448 Try to get the compiler not to instantiate these function templates unnecessarily. 59449 594502011-05-03 Adam Roben <aroben@apple.com> 59451 59452 Disallow equality comparisons between [Pass]OwnPtrs 59453 59454 If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something 59455 really sneaky, in which case you should stop!) 59456 59457 Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error 59458 59459 Reviewed by Anders Carlsson and Antti Koivisto. 59460 59461 * wtf/OwnPtr.h: 59462 (WTF::OwnPtr::operator==): 59463 (WTF::OwnPtr::operator!=): 59464 * wtf/PassOwnPtr.h: 59465 (WTF::PassOwnPtr::operator==): 59466 (WTF::PassOwnPtr::operator!=): 59467 Added private equality operators that fail to compile when used. (When not used, the 59468 compiler will skip over them because they are function templates.) 59469 594702011-05-04 Alexis Menard <alexis.menard@openbossa.org> 59471 59472 Reviewed by Gavin Barraclough. 59473 59474 JITArithmetic.cpp produces a warning on a unused variable. 59475 https://bugs.webkit.org/show_bug.cgi?id=60060 59476 59477 Just properly use what we already have converted. 59478 59479 * jit/JITArithmetic.cpp: 59480 (JSC::JIT::emitSlow_op_add): 59481 (JSC::JIT::emitSlow_op_mul): 59482 594832011-05-04 Alexis Menard <alexis.menard@openbossa.org> 59484 59485 Reviewed by Geoffrey Garen. 59486 59487 JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0. 59488 https://bugs.webkit.org/show_bug.cgi?id=60050 59489 59490 This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable 59491 in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated 59492 as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED 59493 which copy the idea of ASSERT_UNUSED. 59494 59495 * jit/JIT.h: 59496 * jit/JITPropertyAccess.cpp: 59497 (JSC::JIT::emit_op_method_check): 59498 (JSC::JIT::compileGetByIdHotPath): 59499 (JSC::JIT::emit_op_put_by_id): 59500 * wtf/Assertions.h: 59501 (assertWithMessageUnused): 59502 595032011-04-29 Jer Noble <jer.noble@apple.com> 59504 59505 Reviewed by Eric Seidel. 59506 59507 Implement FULLSCREEN_API on Windows, Part 4: Enable it 59508 https://bugs.webkit.org/show_bug.cgi?id=59798 59509 59510 * wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win. 59511 595122011-05-03 Alexis Menard <alexis.menard@openbossa.org> 59513 59514 Reviewed by Eric Seidel. 59515 59516 Unused but set variable warning in MacroAssemberX86_64 59517 https://bugs.webkit.org/show_bug.cgi?id=59482 59518 59519 * assembler/MacroAssemblerX86_64.h: 59520 (JSC::MacroAssemblerX86_64::call): 59521 (JSC::MacroAssemblerX86_64::tailRecursiveCall): 59522 (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): 59523 595242011-05-03 Oliver Hunt <oliver@apple.com> 59525 59526 Reviewed by Geoffrey Garen. 59527 59528 Make malloc validation useful 59529 https://bugs.webkit.org/show_bug.cgi?id=57502 59530 59531 Reland this patch (rolled out in 82905) without 59532 turning it on by default. 59533 59534 * JavaScriptCore.exp: 59535 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 59536 * wtf/FastMalloc.cpp: 59537 (WTF::tryFastMalloc): 59538 (WTF::fastMalloc): 59539 (WTF::tryFastCalloc): 59540 (WTF::fastCalloc): 59541 (WTF::fastFree): 59542 (WTF::tryFastRealloc): 59543 (WTF::fastRealloc): 59544 (WTF::fastMallocSize): 59545 (WTF::TCMalloc_PageHeap::isScavengerSuspended): 59546 (WTF::TCMalloc_PageHeap::scheduleScavenger): 59547 (WTF::TCMalloc_PageHeap::suspendScavenger): 59548 (WTF::TCMalloc_PageHeap::signalScavenger): 59549 (WTF::TCMallocStats::malloc): 59550 (WTF::TCMallocStats::free): 59551 (WTF::TCMallocStats::fastCalloc): 59552 (WTF::TCMallocStats::tryFastCalloc): 59553 (WTF::TCMallocStats::calloc): 59554 (WTF::TCMallocStats::fastRealloc): 59555 (WTF::TCMallocStats::tryFastRealloc): 59556 (WTF::TCMallocStats::realloc): 59557 (WTF::TCMallocStats::fastMallocSize): 59558 * wtf/FastMalloc.h: 59559 (WTF::Internal::fastMallocValidationHeader): 59560 (WTF::Internal::fastMallocValidationSuffix): 59561 (WTF::Internal::fastMallocMatchValidationType): 59562 (WTF::Internal::setFastMallocMatchValidationType): 59563 (WTF::fastMallocMatchValidateFree): 59564 (WTF::fastMallocValidate): 59565 595662011-05-03 Xan Lopez <xlopez@igalia.com> 59567 59568 Reviewed by Anders Carlsson. 59569 59570 Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield 59571 https://bugs.webkit.org/show_bug.cgi?id=59261 59572 59573 Use unary '+' to force proper type detection in template arguments 59574 with GCC 4.6.0. See bug report for more details. 59575 59576 * runtime/Structure.cpp: 59577 (JSC::StructureTransitionTable::remove): Use '+' to force precise type detection. 59578 (JSC::StructureTransitionTable::add): ditto. 59579 * runtime/Structure.h: 59580 (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto. 59581 595822011-05-03 Jessie Berlin <jberlin@apple.com> 59583 59584 Rubber-stamped by Adam Roben. 59585 59586 Revert r85550 and r85575. 59587 59588 Variables cannot be exported via the .def file. Instead, they should be annotated with 59589 JS_EXPORTDATA. 59590 59591 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 59592 * runtime/Structure.cpp: 59593 (JSC::Structure::materializePropertyMap): 59594 * runtime/Structure.h: 59595 (JSC::Structure::typeInfo): 59596 (JSC::Structure::previousID): 59597 (JSC::Structure::propertyStorageCapacity): 59598 (JSC::Structure::propertyStorageSize): 59599 (JSC::Structure::get): 59600 (JSC::Structure::materializePropertyMapIfNecessary): 59601 596022011-05-02 Adam Roben <aroben@apple.com> 59603 59604 Allow implicit conversion from nullptr_t to PassOwnPtr 59605 59606 This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in 59607 strict PassOwnPtr mode. 59608 59609 Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr 59610 doesn't work, but should 59611 59612 Reviewed by Adam Barth. 59613 59614 * wtf/PassOwnPtr.h: 59615 (WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t. 59616 59617 * wtf/MessageQueue.h: 59618 (WTF::::waitForMessageFilteredWithTimeout): 59619 (WTF::::tryGetMessage): 59620 Use the new implicit conversion. 59621 596222011-05-02 Jessie Berlin <jberlin@apple.com> 59623 59624 Rubber-stamped by Oliver Hunt. 59625 59626 Remove an assertion that Windows was hitting on launch. 59627 59628 * runtime/Structure.cpp: 59629 (JSC::Structure::materializePropertyMap): 59630 * runtime/Structure.h: 59631 (JSC::Structure::typeInfo): 59632 (JSC::Structure::previousID): 59633 (JSC::Structure::propertyStorageCapacity): 59634 (JSC::Structure::propertyStorageSize): 59635 (JSC::Structure::get): 59636 (JSC::Structure::materializePropertyMapIfNecessary): 59637 596382011-05-02 Mark Rowe <mrowe@apple.com> 59639 59640 Reviewed by Geoff Garen. 59641 59642 <rdar://problem/9371948> JavaScriptCore should build with GCC 4.2 59643 59644 * Configurations/CompilerVersion.xcconfig: 59645 596462011-05-02 Gavin Barraclough <barraclough@apple.com> 59647 59648 ARMv7 build fix. 59649 59650 * assembler/AbstractMacroAssembler.h: 59651 (JSC::AbstractMacroAssembler::Jump::link): 59652 (JSC::AbstractMacroAssembler::Jump::linkTo): 59653 596542011-05-02 Oliver Hunt <oliver@apple.com> 59655 59656 Windows build fix. 59657 59658 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 59659 596602011-05-02 Michael Saboff <msaboff@apple.com> 59661 59662 Reviewed by Geoffrey Garen. 59663 59664 crash in JSC::RegExp::match 59665 https://bugs.webkit.org/show_bug.cgi?id=58922 59666 59667 Cleared chained backtrack data label when linking label even if that 59668 label doesn't chain itself. This is needed so that subsequent 59669 backtrack data labels point to the next outer paren and not within 59670 the current paren. 59671 59672 * yarr/YarrJIT.cpp: 59673 (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists): 59674 596752011-05-02 Geoffrey Garen <ggaren@apple.com> 59676 59677 Reviewed by Oliver Hunt. 59678 59679 Tiny bit of heap cleanup. 59680 59681 * heap/MarkedBlock.h: 59682 (JSC::MarkedBlock::contains): Tightened up an assertion and a comment. 59683 59684 * heap/MarkedSpace.h: 59685 (JSC::MarkedSpace::globalData): 59686 (JSC::MarkedSpace::highWaterMark): 59687 (JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class 59688 definition, for better clarity. 59689 596902011-05-02 Oliver Hunt <oliver@apple.com> 59691 59692 Reviewed by Gavin Barraclough. 59693 59694 Correct marking of interpreter data in mixed mode builds 59695 https://bugs.webkit.org/show_bug.cgi?id=59962 59696 59697 We had a few places in mixed mode builds where we would not 59698 track data used by the interpreter for marking. This patch 59699 corrects the problem and adds a number of assertions to catch 59700 live Structures being collected. 59701 59702 * JavaScriptCore.exp: 59703 * assembler/ARMv7Assembler.h: 59704 (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset): 59705 * bytecode/CodeBlock.cpp: 59706 (JSC::CodeBlock::dump): 59707 * bytecode/CodeBlock.h: 59708 (JSC::CodeBlock::addPropertyAccessInstruction): 59709 (JSC::CodeBlock::addGlobalResolveInstruction): 59710 (JSC::CodeBlock::addStructureStubInfo): 59711 (JSC::CodeBlock::addGlobalResolveInfo): 59712 * bytecompiler/BytecodeGenerator.cpp: 59713 (JSC::BytecodeGenerator::emitResolve): 59714 (JSC::BytecodeGenerator::emitResolveWithBase): 59715 (JSC::BytecodeGenerator::emitGetById): 59716 (JSC::BytecodeGenerator::emitPutById): 59717 (JSC::BytecodeGenerator::emitDirectPutById): 59718 * runtime/Structure.cpp: 59719 (JSC::Structure::materializePropertyMap): 59720 * runtime/Structure.h: 59721 (JSC::Structure::typeInfo): 59722 (JSC::Structure::previousID): 59723 (JSC::Structure::propertyStorageCapacity): 59724 (JSC::Structure::propertyStorageSize): 59725 (JSC::Structure::get): 59726 (JSC::Structure::materializePropertyMapIfNecessary): 59727 597282011-05-02 Xan Lopez <xlopez@igalia.com> 59729 59730 Reviewed by Alexey Proskuryakov. 59731 59732 Use native NullPtr when using GCC 4.6.0 and C++0x 59733 https://bugs.webkit.org/show_bug.cgi?id=59252 59734 59735 GCC 4.6.0 has nullptr support, use it when possible. 59736 59737 * wtf/NullPtr.cpp: include config.h to pull in Platform.h before 59738 NullPtr.h, since we need the GCC_VERSION_AT_LEAST definition. 59739 * wtf/NullPtr.h: check for GCC >= 4.6.0 and C++0x in order to 59740 use native nullptr. 59741 597422011-05-02 Gavin Barraclough <barraclough@apple.com> 59743 59744 Reviewed by Oliver Hunt. 59745 59746 https://bugs.webkit.org/show_bug.cgi?id=59950 59747 Clean up AssemblerBuffer to use a Vector internally. 59748 59749 AssemblerBuffer handles reallocing a byte array itself - stop that. 59750 59751 * assembler/ARMAssembler.cpp: 59752 (JSC::ARMAssembler::executableCopy): 59753 * assembler/AssemblerBuffer.h: 59754 (JSC::AssemblerLabel::AssemblerLabel): 59755 (JSC::AssemblerLabel::labelAtOffset): 59756 (JSC::AssemblerBuffer::AssemblerBuffer): 59757 (JSC::AssemblerBuffer::~AssemblerBuffer): 59758 (JSC::AssemblerBuffer::isAvailable): 59759 (JSC::AssemblerBuffer::ensureSpace): 59760 (JSC::AssemblerBuffer::isAligned): 59761 (JSC::AssemblerBuffer::putIntegral): 59762 (JSC::AssemblerBuffer::putIntegralUnchecked): 59763 (JSC::AssemblerBuffer::putByteUnchecked): 59764 (JSC::AssemblerBuffer::putByte): 59765 (JSC::AssemblerBuffer::putShortUnchecked): 59766 (JSC::AssemblerBuffer::putShort): 59767 (JSC::AssemblerBuffer::putIntUnchecked): 59768 (JSC::AssemblerBuffer::putInt): 59769 (JSC::AssemblerBuffer::putInt64Unchecked): 59770 (JSC::AssemblerBuffer::putInt64): 59771 (JSC::AssemblerBuffer::codeSize): 59772 (JSC::AssemblerBuffer::label): 59773 (JSC::AssemblerBuffer::executableCopy): 59774 (JSC::AssemblerBuffer::rewindToLabel): 59775 (JSC::AssemblerBuffer::debugOffset): 59776 (JSC::AssemblerBuffer::append): 59777 (JSC::AssemblerBuffer::grow): 59778 * assembler/AssemblerBufferWithConstantPool.h: 59779 * assembler/MacroAssemblerX86_64.h: 59780 (JSC::MacroAssemblerX86_64::linkCall): 59781 * assembler/X86Assembler.h: 59782 (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel): 59783 597842011-05-02 Jeff Miller <jeffm@apple.com> 59785 59786 Reviewed by Alexy Proskuryakov. 59787 59788 Avoid potential buffer overflow in WTFLog() and WTFLogVerbose() 59789 https://bugs.webkit.org/show_bug.cgi?id=59949 59790 59791 * wtf/Assertions.cpp: Check for 0 or empty format string in WTFLog() and WTFLogVerbose(). 59792 597932011-05-02 Adam Barth <abarth@webkit.org> 59794 59795 Reviewed by Alexey Proskuryakov. 59796 59797 StringImpl::endsWith has some insane code 59798 https://bugs.webkit.org/show_bug.cgi?id=59900 59799 59800 * wtf/text/StringImpl.cpp: 59801 (WTF::StringImpl::endsWith): 59802 - m_data shadows a member variable of the same name. 59803 598042011-05-02 Gabor Loki <loki@webkit.org> 59805 59806 Buildfix for ARM after r85448 59807 59808 * assembler/ARMAssembler.h: 59809 (JSC::ARMAssembler::loadBranchTarget): 59810 598112011-05-01 Oliver Hunt <oliver@apple.com> 59812 59813 Reviewed by Gavin Barraclough. 59814 59815 Strict-mode only reserved words not reserved 59816 https://bugs.webkit.org/show_bug.cgi?id=55342 59817 59818 Fix line number tracking when we rollback the lexer. 59819 59820 * parser/JSParser.cpp: 59821 (JSC::JSParser::parseSourceElements): 59822 598232011-05-01 Oliver Hunt <oliver@apple.com> 59824 59825 Reviewed by Gavin Barraclough. 59826 59827 ES5 Strict mode does not allow getter and setter for same propId 59828 https://bugs.webkit.org/show_bug.cgi?id=57295 59829 59830 Simplify and correct the logic for strict mode object literals. 59831 59832 * parser/JSParser.cpp: 59833 (JSC::JSParser::parseStrictObjectLiteral): 59834 598352011-05-01 Oliver Hunt <oliver@apple.com> 59836 59837 Reviewed by Gavin Barraclough. 59838 59839 Assigning to function identifier under strict should throw 59840 https://bugs.webkit.org/show_bug.cgi?id=59289 59841 59842 Add logic to StaticScopeObject to ensure we don't silently consume 59843 writes to constant properties. 59844 59845 * runtime/JSStaticScopeObject.cpp: 59846 (JSC::JSStaticScopeObject::put): 59847 598482011-05-01 Gavin Barraclough <barraclough@apple.com> 59849 59850 Reviewed by Sam Weinig. 59851 59852 https://bugs.webkit.org/show_bug.cgi?id=59903 59853 Use AssemblerLabel throughout Assembler classes, AssemblerBuffer 59854 59855 Creating a lable() into the AssemblerBuffer should return an AssemblerLabel, 59856 not an unsigned int. 59857 59858 * assembler/ARMAssembler.cpp: 59859 (JSC::ARMAssembler::executableCopy): 59860 * assembler/ARMAssembler.h: 59861 (JSC::ARMAssembler::blx): 59862 (JSC::ARMAssembler::label): 59863 (JSC::ARMAssembler::loadBranchTarget): 59864 * assembler/ARMv7Assembler.h: 59865 (JSC::ARMv7Assembler::b): 59866 (JSC::ARMv7Assembler::blx): 59867 (JSC::ARMv7Assembler::bx): 59868 (JSC::ARMv7Assembler::label): 59869 (JSC::ARMv7Assembler::ARMInstructionFormatter::label): 59870 * assembler/AssemblerBuffer.h: 59871 (JSC::AssemblerBuffer::label): 59872 * assembler/AssemblerBufferWithConstantPool.h: 59873 * assembler/MIPSAssembler.h: 59874 (JSC::MIPSAssembler::label): 59875 (JSC::MIPSAssembler::relocateJumps): 59876 * assembler/SH4Assembler.h: 59877 (JSC::SH4Assembler::loadConstant): 59878 (JSC::SH4Assembler::loadConstantUnReusable): 59879 (JSC::SH4Assembler::call): 59880 (JSC::SH4Assembler::jmp): 59881 (JSC::SH4Assembler::jne): 59882 (JSC::SH4Assembler::je): 59883 (JSC::SH4Assembler::label): 59884 (JSC::SH4Assembler::oneShortOp): 59885 * assembler/X86Assembler.h: 59886 (JSC::X86Assembler::call): 59887 (JSC::X86Assembler::jmp_r): 59888 (JSC::X86Assembler::label): 59889 (JSC::X86Assembler::X86InstructionFormatter::immediateRel32): 59890 (JSC::X86Assembler::X86InstructionFormatter::label): 59891 598922011-05-01 Adam Barth <abarth@webkit.org> 59893 59894 Reviewed by David Levin. 59895 59896 Enable strict mode for OwnPtr and PassOwnPtr 59897 https://bugs.webkit.org/show_bug.cgi?id=59428 59898 59899 * wtf/OwnPtr.h: 59900 599012011-05-01 Patrick Gansterer <paroga@webkit.org> 59902 59903 Reviewed by Adam Barth. 59904 59905 Enable strict OwnPtr for PLATFORM(WIN) 59906 https://bugs.webkit.org/show_bug.cgi?id=59881 59907 59908 * wtf/OwnPtr.h: 59909 599102011-05-01 Gavin Barraclough <barraclough@apple.com> 59911 59912 Reviewed by Sam Weinig. 59913 59914 https://bugs.webkit.org/show_bug.cgi?id=59896 59915 Remove JmpSrc/JmpDst types. 59916 59917 The JmpSrc/JmpDst classes predate the MacroAssembler interface. Having these 59918 object be per-assembler in unhelpful, causes unnecessary code duplication, 59919 and prevents the AssemblerBuffer from providing a richer type for labels. 59920 The limited semantic meaning that they did convey is undermined by the manner 59921 in which their meanings have been overloaded (use of JmpSrc for Call, JmpDst 59922 for data labels). 59923 59924 Jumps on ARMv7 have had additional information added to the object via the 59925 ARMv7 JmpSrc. This data should probably be in the instruction stream. This 59926 patch does not fix the problem, and moves the data (ifdefed) to 59927 AbstractMacroAssembler::Jump (which is effectively where it was before!). 59928 This at least closes the hole such that no further data may be added to JmpSrc, 59929 but this is unfortunate, and should be cleaned up. 59930 59931 * assembler/ARMAssembler.h: 59932 (JSC::ARMAssembler::blx): 59933 (JSC::ARMAssembler::label): 59934 (JSC::ARMAssembler::align): 59935 (JSC::ARMAssembler::loadBranchTarget): 59936 (JSC::ARMAssembler::jmp): 59937 (JSC::ARMAssembler::linkPointer): 59938 (JSC::ARMAssembler::linkJump): 59939 (JSC::ARMAssembler::linkCall): 59940 (JSC::ARMAssembler::getRelocatedAddress): 59941 (JSC::ARMAssembler::getDifferenceBetweenLabels): 59942 (JSC::ARMAssembler::getCallReturnOffset): 59943 * assembler/ARMv7Assembler.h: 59944 (JSC::ARMv7Assembler::b): 59945 (JSC::ARMv7Assembler::blx): 59946 (JSC::ARMv7Assembler::bx): 59947 (JSC::ARMv7Assembler::label): 59948 (JSC::ARMv7Assembler::align): 59949 (JSC::ARMv7Assembler::getRelocatedAddress): 59950 (JSC::ARMv7Assembler::getDifferenceBetweenLabels): 59951 (JSC::ARMv7Assembler::getCallReturnOffset): 59952 (JSC::ARMv7Assembler::linkJump): 59953 (JSC::ARMv7Assembler::linkCall): 59954 (JSC::ARMv7Assembler::linkPointer): 59955 * assembler/AbstractMacroAssembler.h: 59956 (JSC::AbstractMacroAssembler::Label::isSet): 59957 (JSC::AbstractMacroAssembler::Call::Call): 59958 (JSC::AbstractMacroAssembler::Jump::Jump): 59959 (JSC::AbstractMacroAssembler::Jump::link): 59960 (JSC::AbstractMacroAssembler::Jump::linkTo): 59961 (JSC::AbstractMacroAssembler::linkPointer): 59962 (JSC::AbstractMacroAssembler::getLinkerAddress): 59963 * assembler/AssemblerBuffer.h: 59964 (JSC::AssemblerLabel::AssemblerLabel): 59965 (JSC::AssemblerLabel::isSet): 59966 * assembler/LinkBuffer.h: 59967 (JSC::LinkBuffer::patch): 59968 * assembler/MIPSAssembler.h: 59969 (JSC::MIPSAssembler::label): 59970 (JSC::MIPSAssembler::align): 59971 (JSC::MIPSAssembler::getRelocatedAddress): 59972 (JSC::MIPSAssembler::getDifferenceBetweenLabels): 59973 (JSC::MIPSAssembler::getCallReturnOffset): 59974 (JSC::MIPSAssembler::linkJump): 59975 (JSC::MIPSAssembler::linkCall): 59976 (JSC::MIPSAssembler::linkPointer): 59977 * assembler/MacroAssemblerARMv7.h: 59978 (JSC::MacroAssemblerARMv7::branchDouble): 59979 (JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN): 59980 (JSC::MacroAssemblerARMv7::jump): 59981 (JSC::MacroAssemblerARMv7::nearCall): 59982 (JSC::MacroAssemblerARMv7::call): 59983 (JSC::MacroAssemblerARMv7::ret): 59984 (JSC::MacroAssemblerARMv7::tailRecursiveCall): 59985 (JSC::MacroAssemblerARMv7::makeBranch): 59986 * assembler/MacroAssemblerMIPS.h: 59987 (JSC::MacroAssemblerMIPS::nearCall): 59988 (JSC::MacroAssemblerMIPS::call): 59989 (JSC::MacroAssemblerMIPS::tailRecursiveCall): 59990 (JSC::MacroAssemblerMIPS::branchTrue): 59991 (JSC::MacroAssemblerMIPS::branchFalse): 59992 (JSC::MacroAssemblerMIPS::branchEqual): 59993 (JSC::MacroAssemblerMIPS::branchNotEqual): 59994 * assembler/SH4Assembler.h: 59995 (JSC::SH4Assembler::call): 59996 (JSC::SH4Assembler::jmp): 59997 (JSC::SH4Assembler::jne): 59998 (JSC::SH4Assembler::je): 59999 (JSC::SH4Assembler::label): 60000 (JSC::SH4Assembler::align): 60001 (JSC::SH4Assembler::linkJump): 60002 (JSC::SH4Assembler::linkCall): 60003 (JSC::SH4Assembler::linkPointer): 60004 (JSC::SH4Assembler::getCallReturnOffset): 60005 (JSC::SH4Assembler::getRelocatedAddress): 60006 (JSC::SH4Assembler::getDifferenceBetweenLabels): 60007 (JSC::SH4Assembler::patchPointer): 60008 * assembler/X86Assembler.h: 60009 (JSC::X86Assembler::call): 60010 (JSC::X86Assembler::jmp): 60011 (JSC::X86Assembler::jmp_r): 60012 (JSC::X86Assembler::jne): 60013 (JSC::X86Assembler::jnz): 60014 (JSC::X86Assembler::je): 60015 (JSC::X86Assembler::jz): 60016 (JSC::X86Assembler::jl): 60017 (JSC::X86Assembler::jb): 60018 (JSC::X86Assembler::jle): 60019 (JSC::X86Assembler::jbe): 60020 (JSC::X86Assembler::jge): 60021 (JSC::X86Assembler::jg): 60022 (JSC::X86Assembler::ja): 60023 (JSC::X86Assembler::jae): 60024 (JSC::X86Assembler::jo): 60025 (JSC::X86Assembler::jp): 60026 (JSC::X86Assembler::js): 60027 (JSC::X86Assembler::jCC): 60028 (JSC::X86Assembler::label): 60029 (JSC::X86Assembler::labelFor): 60030 (JSC::X86Assembler::align): 60031 (JSC::X86Assembler::linkJump): 60032 (JSC::X86Assembler::linkCall): 60033 (JSC::X86Assembler::linkPointer): 60034 (JSC::X86Assembler::getCallReturnOffset): 60035 (JSC::X86Assembler::getRelocatedAddress): 60036 (JSC::X86Assembler::getDifferenceBetweenLabels): 60037 (JSC::X86Assembler::rewindToLabel): 60038 (JSC::X86Assembler::X86InstructionFormatter::immediateRel32): 60039 (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel): 60040 * jit/JIT.cpp: 60041 (JSC::JIT::privateCompileMainPass): 60042 * jit/JIT.h: 60043 * jit/JITInlineMethods.h: 60044 (JSC::JIT::atJumpTarget): 60045 (JSC::JIT::emitGetVirtualRegister): 60046 * jit/JITOpcodes.cpp: 60047 (JSC::JIT::emit_op_jmp): 60048 (JSC::JIT::emit_op_jfalse): 60049 (JSC::JIT::emit_op_jeq_null): 60050 (JSC::JIT::emit_op_jneq_null): 60051 (JSC::JIT::emit_op_jneq_ptr): 60052 (JSC::JIT::emit_op_jsr): 60053 (JSC::JIT::emit_op_jtrue): 60054 (JSC::JIT::emit_op_jmp_scopes): 60055 600562011-05-01 Chao-ying Fu <fu@mips.com> 60057 60058 Reviewed by Eric Seidel. 60059 60060 Fix MIPS build due to the split of "Condition" enum 60061 https://bugs.webkit.org/show_bug.cgi?id=59407 60062 60063 * assembler/MIPSAssembler.h: 60064 (JSC::MIPSAssembler::debugOffset): 60065 * assembler/MacroAssemblerMIPS.h: 60066 (JSC::MacroAssemblerMIPS::branch32): 60067 (JSC::MacroAssemblerMIPS::compare32): 60068 600692011-04-30 Adam Barth <abarth@webkit.org> 60070 60071 Reviewed by Adam Barth. 60072 60073 Enable strict OwnPtr for GTK 60074 https://bugs.webkit.org/show_bug.cgi?id=59861 60075 60076 * wtf/OwnPtr.h: 60077 600782011-04-30 Gavin Barraclough <barraclough@apple.com> 60079 60080 ARMv7 build fix. 60081 60082 * assembler/AssemblerBufferWithConstantPool.h: 60083 600842011-04-30 Gavin Barraclough <barraclough@apple.com> 60085 60086 Reviewed by Oliver Hunt. 60087 60088 Bug 59869 - AssemblerBuffer cleanup - disambiguate size() 60089 60090 The method size() is called on the AssemblerBuffer both to acquire 60091 the complete size of the code, and to get a position to use as a 60092 label into the code. Instead, add an explicit 'label' method. 60093 60094 * assembler/ARMAssembler.cpp: 60095 (JSC::ARMAssembler::executableCopy): 60096 * assembler/ARMAssembler.h: 60097 (JSC::ARMAssembler::blx): 60098 (JSC::ARMAssembler::codeSize): 60099 (JSC::ARMAssembler::label): 60100 (JSC::ARMAssembler::loadBranchTarget): 60101 * assembler/ARMv7Assembler.h: 60102 (JSC::ARMv7Assembler::b): 60103 (JSC::ARMv7Assembler::blx): 60104 (JSC::ARMv7Assembler::bx): 60105 (JSC::ARMv7Assembler::label): 60106 (JSC::ARMv7Assembler::codeSize): 60107 (JSC::ARMv7Assembler::ARMInstructionFormatter::codeSize): 60108 (JSC::ARMv7Assembler::ARMInstructionFormatter::data): 60109 * assembler/AbstractMacroAssembler.h: 60110 * assembler/AssemblerBuffer.h: 60111 (JSC::AssemblerBuffer::codeSize): 60112 (JSC::AssemblerBuffer::label): 60113 * assembler/AssemblerBufferWithConstantPool.h: 60114 * assembler/LinkBuffer.h: 60115 (JSC::LinkBuffer::LinkBuffer): 60116 (JSC::LinkBuffer::linkCode): 60117 * assembler/MIPSAssembler.h: 60118 (JSC::MIPSAssembler::newJmpSrc): 60119 (JSC::MIPSAssembler::appendJump): 60120 (JSC::MIPSAssembler::label): 60121 (JSC::MIPSAssembler::codeSize): 60122 (JSC::MIPSAssembler::relocateJumps): 60123 * assembler/SH4Assembler.h: 60124 (JSC::SH4Assembler::loadConstant): 60125 (JSC::SH4Assembler::loadConstantUnReusable): 60126 (JSC::SH4Assembler::call): 60127 (JSC::SH4Assembler::jmp): 60128 (JSC::SH4Assembler::jne): 60129 (JSC::SH4Assembler::je): 60130 (JSC::SH4Assembler::label): 60131 (JSC::SH4Assembler::executableCopy): 60132 (JSC::SH4Assembler::oneShortOp): 60133 (JSC::SH4Assembler::codeSize): 60134 * assembler/X86Assembler.h: 60135 (JSC::X86Assembler::call): 60136 (JSC::X86Assembler::jmp_r): 60137 (JSC::X86Assembler::codeSize): 60138 (JSC::X86Assembler::label): 60139 (JSC::X86Assembler::executableCopy): 60140 (JSC::X86Assembler::X86InstructionFormatter::immediateRel32): 60141 (JSC::X86Assembler::X86InstructionFormatter::codeSize): 60142 (JSC::X86Assembler::X86InstructionFormatter::label): 60143 (JSC::X86Assembler::X86InstructionFormatter::executableCopy): 60144 * dfg/DFGJITCompiler.cpp: 60145 (JSC::DFG::JITCompiler::compileFunction): 60146 * jit/JIT.cpp: 60147 (JSC::JIT::privateCompile): 60148 * jit/JITOpcodes.cpp: 60149 (JSC::JIT::privateCompileCTIMachineTrampolines): 60150 * jit/JITOpcodes32_64.cpp: 60151 (JSC::JIT::privateCompileCTIMachineTrampolines): 60152 * yarr/YarrJIT.cpp: 60153 (JSC::Yarr::YarrGenerator::compile): 60154 601552011-04-29 Adam Barth <abarth@webkit.org> 60156 60157 Attempt to fix the Windows build. 60158 60159 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 60160 601612011-04-29 Adam Barth <abarth@webkit.org> 60162 60163 Reviewed by Eric Seidel. 60164 60165 CSP script-src should block eval 60166 https://bugs.webkit.org/show_bug.cgi?id=59850 60167 60168 ggaren recommend a different approach to this patch, essentially 60169 installing a new function for function-eval and changing the AST 60170 representation of operator-eval to call function-eval. However, I'm 60171 not sure that approach is workable because the ASTBuilder doesn't know 60172 about global objects, and there is added complication due to the cache. 60173 60174 This approach is more dynamic, adding a branch in EvalExecutable to 60175 detect whether eval is current disabled in the lexical scope. The spec 60176 is slightly unclear about whether we should return undefined or throw 60177 an exception. I've asked Brandon to clarify the spec, but throwing an 60178 exception seems natural. 60179 60180 * JavaScriptCore.exp: 60181 * runtime/Executable.cpp: 60182 (JSC::EvalExecutable::compileInternal): 60183 * runtime/JSGlobalObject.cpp: 60184 (JSC::JSGlobalObject::disableEval): 60185 * runtime/JSGlobalObject.h: 60186 (JSC::JSGlobalObject::JSGlobalObject): 60187 (JSC::JSGlobalObject::isEvalEnabled): 60188 601892011-04-29 Gavin Barraclough <barraclough@apple.com> 60190 60191 Reviewed by Oliver Hunt. 60192 60193 https://bugs.webkit.org/show_bug.cgi?id=59847 60194 Remove linkOffset from LinkBuffer 60195 60196 This is redundant since removal of recompilation for exception info. 60197 60198 * assembler/LinkBuffer.h: 60199 (JSC::LinkBuffer::LinkBuffer): 60200 (JSC::LinkBuffer::linkCode): 60201 * dfg/DFGJITCompiler.cpp: 60202 (JSC::DFG::JITCompiler::compileFunction): 60203 * jit/JIT.cpp: 60204 (JSC::JIT::JIT): 60205 (JSC::JIT::privateCompile): 60206 * jit/JIT.h: 60207 (JSC::JIT::compile): 60208 (JSC::JIT::compileCTIMachineTrampolines): 60209 (JSC::JIT::compileCTINativeCall): 60210 * jit/JITOpcodes.cpp: 60211 (JSC::JIT::privateCompileCTIMachineTrampolines): 60212 * jit/JITOpcodes32_64.cpp: 60213 (JSC::JIT::privateCompileCTIMachineTrampolines): 60214 (JSC::JIT::privateCompileCTINativeCall): 60215 * jit/JITPropertyAccess.cpp: 60216 (JSC::JIT::stringGetByValStubGenerator): 60217 (JSC::JIT::privateCompilePutByIdTransition): 60218 (JSC::JIT::privateCompilePatchGetArrayLength): 60219 (JSC::JIT::privateCompileGetByIdProto): 60220 (JSC::JIT::privateCompileGetByIdSelfList): 60221 (JSC::JIT::privateCompileGetByIdProtoList): 60222 (JSC::JIT::privateCompileGetByIdChainList): 60223 (JSC::JIT::privateCompileGetByIdChain): 60224 * jit/JITPropertyAccess32_64.cpp: 60225 (JSC::JIT::stringGetByValStubGenerator): 60226 (JSC::JIT::privateCompilePutByIdTransition): 60227 (JSC::JIT::privateCompilePatchGetArrayLength): 60228 (JSC::JIT::privateCompileGetByIdProto): 60229 (JSC::JIT::privateCompileGetByIdSelfList): 60230 (JSC::JIT::privateCompileGetByIdProtoList): 60231 (JSC::JIT::privateCompileGetByIdChainList): 60232 (JSC::JIT::privateCompileGetByIdChain): 60233 * jit/SpecializedThunkJIT.h: 60234 (JSC::SpecializedThunkJIT::finalize): 60235 * yarr/YarrJIT.cpp: 60236 (JSC::Yarr::YarrGenerator::compile): 60237 602382011-04-29 Gavin Barraclough <barraclough@apple.com> 60239 60240 Reviewed by Oliver Hunt & Geoff Garen. 60241 60242 https://bugs.webkit.org/show_bug.cgi?id=59221 60243 [RegexFuzz] Regression blocking testing 60244 60245 Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion 60246 node, emitDisjunction recursively calls to itself to emit the nested disjunction 60247 the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into 60248 account the uncheck that has just taken place). 60249 60250 Also, the special handling given to countToCheck in the case of parenthetical 60251 assertions is nonsense, delete it, along with the isParentheticalAssertion argument. 60252 60253 * yarr/YarrInterpreter.cpp: 60254 (JSC::Yarr::ByteCompiler::emitDisjunction): 60255 602562011-04-29 Csaba Osztrogonác <ossy@webkit.org> 60257 60258 Reviewed by Adam Barth. 60259 60260 Enable strict OwnPtr for Qt 60261 https://bugs.webkit.org/show_bug.cgi?id=59667 60262 60263 * wtf/OwnPtr.h: 60264 602652011-04-29 Dean Jackson <dino@apple.com> 60266 60267 Reviewed by Simon Fraser. 60268 60269 Add ENABLE macro for WebKitAnimation 60270 https://bugs.webkit.org/show_bug.cgi?id=59729 60271 60272 Add new feature to toggle WebKit Animation API. 60273 60274 * Configurations/FeatureDefines.xcconfig: 60275 602762011-04-28 Sam Weinig <sam@webkit.org> 60277 60278 Reviewed by Mark Rowe. 60279 60280 Install testapi.js along side testapi 60281 https://bugs.webkit.org/show_bug.cgi?id=59773 60282 60283 * JavaScriptCore.xcodeproj/project.pbxproj: 60284 Add new build phase to copy testapi.js to install path of testapi 60285 on install. 60286 602872011-04-28 David Levin <levin@chromium.org> 60288 60289 Reviewed by Adam Barth. 60290 60291 Remove IMAGE_RESIZER related code. 60292 https://bugs.webkit.org/show_bug.cgi?id=59735 60293 60294 * Configurations/FeatureDefines.xcconfig: 60295 602962011-04-28 Gavin Barraclough <barraclough@apple.com> 60297 60298 Reviewed by Oliver Hunt. 60299 60300 https://bugs.webkit.org/show_bug.cgi?id=59763 60301 DFG JIT - Unify FPRReg & FPRegisterID 60302 60303 (Following on from GPRReg/RegisterID unification). 60304 60305 * dfg/DFGFPRInfo.h: 60306 (JSC::DFG::FPRInfo::toRegister): 60307 (JSC::DFG::FPRInfo::debugName): 60308 * dfg/DFGGPRInfo.h: 60309 * dfg/DFGJITCodeGenerator.cpp: 60310 (JSC::DFG::JITCodeGenerator::fillDouble): 60311 (JSC::DFG::JITCodeGenerator::checkConsistency): 60312 * dfg/DFGJITCodeGenerator.h: 60313 (JSC::DFG::JITCodeGenerator::boxDouble): 60314 (JSC::DFG::JITCodeGenerator::unboxDouble): 60315 (JSC::DFG::JITCodeGenerator::flushRegisters): 60316 (JSC::DFG::JITCodeGenerator::isFlushed): 60317 (JSC::DFG::JITCodeGenerator::setupTwoStubArgs): 60318 (JSC::DFG::JITCodeGenerator::setupStubArguments): 60319 (JSC::DFG::JITCodeGenerator::callOperation): 60320 (JSC::DFG::GPRResult::lockedResult): 60321 (JSC::DFG::FPRResult::lockedResult): 60322 * dfg/DFGJITCompiler.cpp: 60323 (JSC::DFG::JITCompiler::fillNumericToDouble): 60324 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 60325 (JSC::DFG::JITCompiler::compileFunction): 60326 * dfg/DFGJITCompiler.h: 60327 * dfg/DFGNode.h: 60328 * dfg/DFGNonSpeculativeJIT.cpp: 60329 (JSC::DFG::EntryLocation::EntryLocation): 60330 (JSC::DFG::NonSpeculativeJIT::valueToNumber): 60331 (JSC::DFG::NonSpeculativeJIT::valueToInt32): 60332 (JSC::DFG::NonSpeculativeJIT::numberToInt32): 60333 (JSC::DFG::NonSpeculativeJIT::compile): 60334 * dfg/DFGNonSpeculativeJIT.h: 60335 (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters): 60336 (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters): 60337 * dfg/DFGRegisterBank.h: 60338 (JSC::DFG::RegisterBank::iterator::regID): 60339 (JSC::DFG::RegisterBank::iterator::debugName): 60340 * dfg/DFGSpeculativeJIT.cpp: 60341 (JSC::DFG::SpeculationCheck::SpeculationCheck): 60342 (JSC::DFG::SpeculativeJIT::compile): 60343 * dfg/DFGSpeculativeJIT.h: 60344 603452011-04-28 David Kilzer <ddkilzer@apple.com> 60346 60347 Revert "<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called" 60348 60349 This reverts commit r85195. It was crashing DumpRenderTree on Lion. 60350 60351 * wtf/mac/MainThreadMac.mm: 60352 (WTF::postTimer): 60353 603542011-04-28 Adam Barth <abarth@webkit.org> 60355 60356 Reviewed by Eric Seidel. 60357 60358 Remove WML 60359 https://bugs.webkit.org/show_bug.cgi?id=59678 60360 60361 Remove the WML configuration option from the Mac build system. 60362 60363 * Configurations/FeatureDefines.xcconfig: 60364 603652011-04-28 Sheriff Bot <webkit.review.bot@gmail.com> 60366 60367 Unreviewed, rolling out r85233 and r85235. 60368 http://trac.webkit.org/changeset/85233 60369 http://trac.webkit.org/changeset/85235 60370 https://bugs.webkit.org/show_bug.cgi?id=59754 60371 60372 Causes issues with jsc. (Requested by dave_levin on #webkit). 60373 60374 * GNUmakefile.list.am: 60375 * JavaScriptCore.gypi: 60376 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 60377 * JavaScriptCore.xcodeproj/project.pbxproj: 60378 * jit/ExecutableAllocator.h: 60379 (JSC::ExecutablePool::ExecutablePool): 60380 * parser/SourceProvider.h: 60381 (JSC::SourceProvider::SourceProvider): 60382 * runtime/RegExp.cpp: 60383 (JSC::RegExp::RegExp): 60384 * wtf/CMakeLists.txt: 60385 * wtf/RefCounted.h: 60386 (WTF::RefCountedBase::ref): 60387 (WTF::RefCountedBase::hasOneRef): 60388 (WTF::RefCountedBase::refCount): 60389 (WTF::RefCountedBase::derefBase): 60390 * wtf/SizeLimits.cpp: 60391 * wtf/ThreadRestrictionVerifier.h: Removed. 60392 * wtf/text/CString.h: 60393 (WTF::CStringBuffer::CStringBuffer): 60394 603952011-04-28 Gavin Barraclough <barraclough@apple.com> 60396 60397 Reviewed by Oliver Hunt. 60398 60399 Bug 59740 - DFG JIT - Unify GPRReg & RegisterID 60400 60401 Currently we use a mix of enum values throughout the DFG JIT to represent 60402 gpr registers - the RegisterID provided by the MacroAssembler, and the 60403 GPRReg enum giving the sequential register set over which the RegisterBank 60404 allocates. Unify the two. 60405 60406 Patch to unify FPRReg in a similar fashion will follow. 60407 60408 * JavaScriptCore.xcodeproj/project.pbxproj: 60409 * dfg/DFGFPRInfo.h: Added. 60410 (JSC::DFG::next): 60411 (JSC::DFG::FPRBankInfo::toRegister): 60412 (JSC::DFG::FPRBankInfo::toIndex): 60413 * dfg/DFGGPRInfo.h: Added. 60414 (JSC::DFG::GPRInfo::toRegister): 60415 (JSC::DFG::GPRInfo::toIndex): 60416 (JSC::DFG::GPRInfo::debugName): 60417 * dfg/DFGJITCodeGenerator.cpp: 60418 (JSC::DFG::JITCodeGenerator::fillInteger): 60419 (JSC::DFG::JITCodeGenerator::fillDouble): 60420 (JSC::DFG::JITCodeGenerator::fillJSValue): 60421 (JSC::DFG::JITCodeGenerator::dump): 60422 (JSC::DFG::JITCodeGenerator::checkConsistency): 60423 (JSC::DFG::GPRTemporary::GPRTemporary): 60424 (JSC::DFG::FPRTemporary::FPRTemporary): 60425 * dfg/DFGJITCodeGenerator.h: 60426 (JSC::DFG::JITCodeGenerator::boxDouble): 60427 (JSC::DFG::JITCodeGenerator::unboxDouble): 60428 (JSC::DFG::JITCodeGenerator::spill): 60429 (JSC::DFG::JITCodeGenerator::flushRegisters): 60430 (JSC::DFG::JITCodeGenerator::isFlushed): 60431 (JSC::DFG::JITCodeGenerator::bitOp): 60432 (JSC::DFG::JITCodeGenerator::shiftOp): 60433 (JSC::DFG::JITCodeGenerator::setupTwoStubArgs): 60434 (JSC::DFG::JITCodeGenerator::setupStubArguments): 60435 (JSC::DFG::JITCodeGenerator::callOperation): 60436 (JSC::DFG::IntegerOperand::gpr): 60437 (JSC::DFG::DoubleOperand::gpr): 60438 (JSC::DFG::GPRTemporary::gpr): 60439 (JSC::DFG::FPRTemporary::gpr): 60440 (JSC::DFG::GPRResult::lockedResult): 60441 * dfg/DFGJITCompiler.cpp: 60442 (JSC::DFG::JITCompiler::fillNumericToDouble): 60443 (JSC::DFG::JITCompiler::fillInt32ToInteger): 60444 (JSC::DFG::JITCompiler::fillToJS): 60445 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 60446 (JSC::DFG::JITCompiler::compileFunction): 60447 (JSC::DFG::JITCompiler::jitAssertIsInt32): 60448 (JSC::DFG::JITCompiler::jitAssertIsJSInt32): 60449 (JSC::DFG::JITCompiler::jitAssertIsJSNumber): 60450 (JSC::DFG::JITCompiler::jitAssertIsJSDouble): 60451 * dfg/DFGJITCompiler.h: 60452 (JSC::DFG::JITCompiler::preserveReturnAddressAfterCall): 60453 (JSC::DFG::JITCompiler::restoreReturnAddressBeforeReturn): 60454 (JSC::DFG::JITCompiler::emitGetFromCallFrameHeaderPtr): 60455 (JSC::DFG::JITCompiler::emitPutToCallFrameHeader): 60456 (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader): 60457 (JSC::DFG::JITCompiler::addressForGlobalVar): 60458 (JSC::DFG::JITCompiler::addressFor): 60459 (JSC::DFG::JITCompiler::tagFor): 60460 (JSC::DFG::JITCompiler::payloadFor): 60461 * dfg/DFGNonSpeculativeJIT.cpp: 60462 (JSC::DFG::EntryLocation::EntryLocation): 60463 (JSC::DFG::NonSpeculativeJIT::valueToNumber): 60464 (JSC::DFG::NonSpeculativeJIT::valueToInt32): 60465 (JSC::DFG::NonSpeculativeJIT::numberToInt32): 60466 (JSC::DFG::NonSpeculativeJIT::compile): 60467 * dfg/DFGNonSpeculativeJIT.h: 60468 (JSC::DFG::NonSpeculativeJIT::silentSpillGPR): 60469 (JSC::DFG::NonSpeculativeJIT::silentSpillFPR): 60470 (JSC::DFG::NonSpeculativeJIT::silentFillGPR): 60471 (JSC::DFG::NonSpeculativeJIT::silentFillFPR): 60472 (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters): 60473 (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters): 60474 * dfg/DFGRegisterBank.h: 60475 (JSC::DFG::RegisterBank::allocate): 60476 (JSC::DFG::RegisterBank::retain): 60477 (JSC::DFG::RegisterBank::release): 60478 (JSC::DFG::RegisterBank::lock): 60479 (JSC::DFG::RegisterBank::unlock): 60480 (JSC::DFG::RegisterBank::isLocked): 60481 (JSC::DFG::RegisterBank::name): 60482 (JSC::DFG::RegisterBank::iterator::name): 60483 (JSC::DFG::RegisterBank::iterator::isLocked): 60484 (JSC::DFG::RegisterBank::iterator::release): 60485 (JSC::DFG::RegisterBank::iterator::gpr): 60486 (JSC::DFG::RegisterBank::iterator::debugName): 60487 (JSC::DFG::RegisterBank::iterator::operator++): 60488 (JSC::DFG::RegisterBank::iterator::operator!=): 60489 (JSC::DFG::RegisterBank::iterator::index): 60490 (JSC::DFG::RegisterBank::iterator::iterator): 60491 (JSC::DFG::RegisterBank::begin): 60492 (JSC::DFG::RegisterBank::end): 60493 (JSC::DFG::RegisterBank::isLockedAtIndex): 60494 (JSC::DFG::RegisterBank::nameAtIndex): 60495 (JSC::DFG::RegisterBank::releaseAtIndex): 60496 (JSC::DFG::RegisterBank::allocateInternal): 60497 (JSC::DFG::RegisterBank::MapEntry::MapEntry): 60498 * dfg/DFGScoreBoard.h: 60499 (JSC::DFG::ScoreBoard::~ScoreBoard): 60500 * dfg/DFGSpeculativeJIT.cpp: 60501 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 60502 (JSC::DFG::SpeculationCheck::SpeculationCheck): 60503 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 60504 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 60505 (JSC::DFG::SpeculativeJIT::compile): 60506 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 60507 (JSC::DFG::SpeculativeJIT::initializeVariableTypes): 60508 * dfg/DFGSpeculativeJIT.h: 60509 (JSC::DFG::SpeculateIntegerOperand::gpr): 60510 605112011-04-28 Oliver Hunt <oliver@apple.com> 60512 60513 Reviewed by Gavin Barraclough. 60514 60515 Remove evil addressOfStructure() function 60516 https://bugs.webkit.org/show_bug.cgi?id=59739 60517 60518 Remove the addressOfStructure function from JSCell, and update 60519 callsites to use the same logic as testPrototype() 60520 60521 * jit/JITPropertyAccess.cpp: 60522 (JSC::JIT::privateCompileGetByIdProto): 60523 (JSC::JIT::privateCompileGetByIdProtoList): 60524 * jit/JITPropertyAccess32_64.cpp: 60525 (JSC::JIT::privateCompileGetByIdProto): 60526 (JSC::JIT::privateCompileGetByIdProtoList): 60527 * runtime/JSCell.h: 60528 605292011-04-28 Oliver Hunt <oliver@apple.com> 60530 60531 Reviewed by Gavin Barraclough. 60532 60533 Clean up testPrototype() 60534 https://bugs.webkit.org/show_bug.cgi?id=59734 60535 60536 Remove direct pointer to the inside of a GC object and just do 60537 the indirect load manually. Doesn't effect sunspider but does 60538 clean up the code quite a bit, and simplifies the handling of 60539 GC values. 60540 60541 * jit/JITPropertyAccess.cpp: 60542 (JSC::JIT::testPrototype): 60543 605442011-04-28 David Levin <levin@chromium.org> 60545 60546 Build fix. 60547 60548 * wtf/RefCounted.h: Fix inverted ifdef. 60549 605502011-04-07 David Levin <levin@chromium.org> 60551 60552 Reviewed by Darin Adler. 60553 60554 Add asserts to RefCounted to make sure ref/deref happens on the right thread. 60555 https://bugs.webkit.org/show_bug.cgi?id=31639 60556 60557 * GNUmakefile.list.am: Added new files to the build. 60558 * JavaScriptCore.gypi: Ditto. 60559 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto. 60560 * JavaScriptCore.xcodeproj/project.pbxproj: Ditto. 60561 * jit/ExecutableAllocator.h: 60562 (JSC::ExecutablePool::ExecutablePool): Turned off checks for this 60563 due to not being able to figure out what was guarding it (bug 58091). 60564 * parser/SourceProvider.h: 60565 (JSC::SourceProvider::SourceProvider): Ditto. 60566 * runtime/RegExp.cpp: 60567 (JSC::RegExp::RegExp): Ditto. 60568 * wtf/CMakeLists.txt: Added new files to the build. 60569 * wtf/ThreadRestrictionVerifier.h: Added. 60570 Everything is done in the header to avoid the issue with exports 60571 that are only useful in debug but still needing to export them. 60572 * wtf/RefCounted.h: 60573 (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier. 60574 and filed bug 58171 about making it stricter. 60575 (WTF::RefCountedBase::hasOneRef): Ditto. 60576 (WTF::RefCountedBase::refCount): Ditto. 60577 (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based 60578 on a mutex. This is in the header to avoid adding more exports from JavaScriptCore. 60579 (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification. 60580 Filed bug 58174 to remove this method. 60581 (WTF::RefCountedBase::derefBase): 60582 * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted. 60583 * wtf/text/CString.h: 60584 (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being 60585 done in Chromium's test_shell (bug 58093). 60586 605872011-04-28 Xan Lopez <xlopez@igalia.com> 60588 60589 Unreviewed attempt to fix the build. 60590 60591 * GNUmakefile.am: add -lpthread. 60592 605932011-04-28 Oliver Hunt <oliver@apple.com> 60594 60595 Reviewed by Gavin Barraclough. 60596 60597 Only need a single implementation of testPrototype 60598 https://bugs.webkit.org/show_bug.cgi?id=59724 60599 60600 Remove excess copy of identical testPrototype() code 60601 60602 * jit/JITPropertyAccess.cpp: 60603 (JSC::JIT::testPrototype): 60604 * jit/JITPropertyAccess32_64.cpp: 60605 606062011-04-28 Xan Lopez <xlopez@igalia.com> 60607 60608 Reviewed by Martin Robinson. 60609 60610 [Gtk] Split JSC and WebCore builds 60611 https://bugs.webkit.org/show_bug.cgi?id=19428 60612 60613 Build JavaScriptCore as a libtool shared library instead of a 60614 private convenience library. 60615 60616 * GNUmakefile.am: define new jsc library and adapt to new name for 60617 javascriptcore target. 60618 * GNUmakefile.list.am: ditto. 60619 606202011-04-28 David Kilzer <ddkilzer@apple.com> 60621 60622 <http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called 60623 60624 Reviewed by Simon Fraser. 60625 60626 * wtf/mac/MainThreadMac.mm: 60627 (WTF::postTimer): Use RetainPtr to plug the leak. 60628 606292011-04-27 Sam Weinig <sam@webkit.org> 60630 60631 Reviewed by David Kilzer. 60632 60633 Add way to install testapi in production builds 60634 https://bugs.webkit.org/show_bug.cgi?id=59674 60635 60636 * Configurations/TestAPI.xcconfig: Copied from Configurations/JavaScriptCore.xcconfig. 60637 Add configuration file for TestAPI. In addition to name, we now specify an install path 60638 and allow SKIP_INSTALL to be overridden by setting FORCE_TOOL_INSTALL. 60639 60640 * JavaScriptCore.xcodeproj/project.pbxproj: 60641 Remove in-project build settings and add missing configuration files. Added missing CompilerVersion.xcconfig 60642 file. 60643 606442011-04-27 Adam Barth <abarth@webkit.org> 60645 60646 Reviewed by David Levin. 60647 60648 Enable strict OwnPtrs for Chromium 60649 https://bugs.webkit.org/show_bug.cgi?id=59666 60650 60651 * wtf/OwnPtr.h: 60652 606532011-04-27 Oliver Hunt <oliver@apple.com> 60654 60655 Reviewed by Geoffrey Garen. 60656 60657 Add ability to remove keys from weakmap API 60658 https://bugs.webkit.org/show_bug.cgi?id=59645 60659 60660 Add JSWeakObjectMapRemove API 60661 60662 * API/JSWeakObjectMapRefPrivate.cpp: 60663 * API/JSWeakObjectMapRefPrivate.h: 60664 * JavaScriptCore.exp: 60665 606662011-04-27 Adam Barth <abarth@webkit.org> 60667 60668 Reviewed by David Levin. 60669 60670 Enable strict mode for OwnPtr 60671 https://bugs.webkit.org/show_bug.cgi?id=59428 60672 60673 This patch enables strict mode for OwnPtr on PLATFORM(MAC) only. 60674 60675 * wtf/OwnPtr.h: 60676 606772011-04-27 Steve Block <steveblock@google.com> 60678 60679 Reviewed by David Levin. 60680 60681 Remove Android build system 60682 https://bugs.webkit.org/show_bug.cgi?id=48111 60683 60684 This is to avoid the maintenance burden until the Android port is 60685 fully upstreamed. 60686 60687 * Android.mk: Removed. 60688 * Android.v8.wtf.mk: Removed. 60689 606902011-04-27 Mark Rowe <mrowe@apple.com> 60691 60692 Fix 32-bit build after r85036. 60693 60694 * wtf/Platform.h: USE(PLUGIN_HOST_PROCESS) is only true for 64-bit. 60695 606962011-04-27 Csaba Osztrogonác <ossy@webkit.org> 60697 60698 Unreviewed buildfix after r85036. 60699 60700 Readd non-dead code. 60701 60702 * wtf/OSAllocatorPosix.cpp: 60703 (WTF::OSAllocator::reserveAndCommit): 60704 607052011-04-27 Adam Barth <abarth@webkit.org> 60706 60707 Reviewed by Kenneth Russell. 60708 60709 OwnPtr assignment operator should be private 60710 https://bugs.webkit.org/show_bug.cgi?id=59487 60711 60712 Unfortunately we can't remove the copy constructor because of some 60713 detail about gcc. (The issue is documented in a comment already.) 60714 60715 * wtf/OwnPtr.h: 60716 607172011-04-26 Sheriff Bot <webkit.review.bot@gmail.com> 60718 60719 Unreviewed, rolling out r84977. 60720 http://trac.webkit.org/changeset/84977 60721 https://bugs.webkit.org/show_bug.cgi?id=59568 60722 60723 caused crashes on the SL WK2 bots (Requested by jessieberlin 60724 on #webkit). 60725 60726 * assembler/MacroAssemblerX86_64.h: 60727 (JSC::MacroAssemblerX86_64::call): 60728 (JSC::MacroAssemblerX86_64::tailRecursiveCall): 60729 (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): 60730 607312011-04-26 Kevin Ollivier <kevino@theolliviers.com> 60732 60733 Rubberstamped by Eric Seidel. 60734 60735 Enable waf to be used to build other ports 60736 https://bugs.webkit.org/show_bug.cgi?id=58213 60737 60738 * wscript: 60739 607402011-04-26 Sam Weinig <sam@webkit.org> 60741 60742 Reviewed by David Hyatt. 60743 60744 Remove Datagrid from the tree 60745 https://bugs.webkit.org/show_bug.cgi?id=59543 60746 60747 * Configurations/FeatureDefines.xcconfig: 60748 Remove feature. 60749 607502011-04-26 Adrienne Walker <enne@google.com> 60751 60752 Reviewed by Geoffrey Garen. 60753 60754 Fix incorrect use of OwnPtr<T*> in GCActivityCallback 60755 https://bugs.webkit.org/show_bug.cgi?id=59559 60756 60757 * runtime/GCActivityCallback.h: 60758 607592011-04-26 Xan Lopez <xlopez@igalia.com> 60760 60761 Reviewed by Daniel Bates. 60762 60763 Unused but set variable warning in MacroAssembelX86_64 60764 https://bugs.webkit.org/show_bug.cgi?id=59482 60765 60766 * assembler/MacroAssemblerX86_64.h: 60767 (JSC::MacroAssemblerX86_64::call): do not declare the label 60768 variable if we are not going to use it. 60769 (JSC::MacroAssemblerX86_64::tailRecursiveCall): ditto. 60770 (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): ditto. 60771 607722011-04-26 Dan Bernstein <mitz@apple.com> 60773 60774 Reviewed by Mark Rowe. 60775 60776 Choose the compiler based on the Xcode version for Snow Leopard debug builds. 60777 60778 * Configurations/Base.xcconfig: 60779 * Configurations/CompilerVersion.xcconfig: Added. 60780 607812011-04-25 Geoffrey Garen <ggaren@apple.com> 60782 60783 Reviewed by Oliver Hunt. 60784 60785 Nixed special finalizer handling for WebCore strings 60786 https://bugs.webkit.org/show_bug.cgi?id=59425 60787 60788 SunSpider reports no change. 60789 60790 Not needed anymore, since weak handles have finalizers. 60791 60792 * runtime/JSString.cpp: 60793 (JSC::JSString::resolveRope): 60794 (JSC::JSString::resolveRopeSlowCase): 60795 (JSC::JSString::outOfMemory): 60796 (JSC::JSString::substringFromRope): 60797 (JSC::JSString::replaceCharacter): Updated for removal of union. 60798 60799 * runtime/JSString.h: 60800 (JSC::RopeBuilder::JSString): 60801 (JSC::RopeBuilder::~JSString): 60802 (JSC::RopeBuilder::appendStringInConstruct): 60803 (JSC::RopeBuilder::appendValueInConstructAndIncrementLength): No need for 60804 union or special constructor anymore. 60805 608062011-04-26 Gabor Loki <loki@webkit.org> 60807 60808 Reviewed by Csaba Osztrogonác. 60809 60810 Speeding up SVG filters with multicore (SMP) support 60811 https://bugs.webkit.org/show_bug.cgi?id=43903 60812 60813 Some SVG filters execute a huge number of pixel manipulations, which 60814 cannot be sped up by graphics accelerators, since their algorithm is 60815 too complex. Using the power of Symmetric Multi Processing (SMP) we 60816 can split up a task to smaller (data independent) tasks, which can be 60817 executed independently. 60818 60819 The ParallelJobs framework provides a simple way for distributed 60820 programming. The framework is based on WebKit's threading infrastructure, 60821 Open Multi-Processing's (OpenMP) API, and libdispatch API. 60822 60823 * GNUmakefile.list.am: 60824 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 60825 * JavaScriptCore.xcodeproj/project.pbxproj: 60826 * wtf/CMakeLists.txt: 60827 * wtf/ParallelJobs.h: Added. 60828 (WTF::ParallelJobs::ParallelJobs): 60829 (WTF::ParallelJobs::numberOfJobs): 60830 (WTF::ParallelJobs::parameterForJob): 60831 (WTF::ParallelJobs::executeJobs): 60832 * wtf/ParallelJobsGeneric.cpp: Added. 60833 (WTF::ParallelEnvironment::ThreadPrivate::tryLockFor): 60834 (WTF::ParallelEnvironment::ThreadPrivate::executeJob): 60835 (WTF::ParallelEnvironment::ThreadPrivate::waitForFinish): 60836 (WTF::ParallelEnvironment::ThreadPrivate::workerThread): 60837 * wtf/ParallelJobsGeneric.h: Added. 60838 (WTF::ParallelEnvironment::ParallelEnvironment): 60839 (WTF::ParallelEnvironment::numberOfJobs): 60840 (WTF::ParallelEnvironment::parameterForJob): 60841 (WTF::ParallelEnvironment::executeJobs): 60842 (WTF::ParallelEnvironment::ThreadPrivate::ThreadPrivate): 60843 (WTF::ParallelEnvironment::ThreadPrivate::create): 60844 * wtf/ParallelJobsLibdispatch.h: Added. 60845 (WTF::ParallelEnvironment::ParallelEnvironment): 60846 (WTF::ParallelEnvironment::numberOfJobs): 60847 (WTF::ParallelEnvironment::parameterForJob): 60848 (WTF::ParallelEnvironment::executeJobs): 60849 * wtf/ParallelJobsOpenMP.h: Added. 60850 (WTF::ParallelEnvironment::ParallelEnvironment): 60851 (WTF::ParallelEnvironment::numberOfJobs): 60852 (WTF::ParallelEnvironment::parameterForJob): 60853 (WTF::ParallelEnvironment::executeJobs): 60854 * wtf/Platform.h: 60855 * wtf/wtf.pri: 60856 608572011-04-26 Mihai Parparita <mihaip@chromium.org> 60858 60859 Reviewed by Adam Barth. 60860 60861 Turn off make built-in implicit rules for derived sources makefile 60862 https://bugs.webkit.org/show_bug.cgi?id=59418 60863 60864 We don't use any of make's built-in implicit rules, turning them off 60865 speeds up parsing of the makefile. 60866 60867 * JavaScriptCore.xcodeproj/project.pbxproj: 60868 * gyp/generate-derived-sources.sh: 60869 608702011-04-25 Geoffrey Garen <ggaren@apple.com> 60871 60872 Reviewed by Oliver Hunt. 60873 60874 Custom prototypes on DOM objects don't persist after garbage collection 60875 https://bugs.webkit.org/show_bug.cgi?id=59412 60876 60877 SunSpider reports no change. 60878 60879 The hasCustomProperties() check didn't check for a custom prototype. 60880 60881 * runtime/JSObject.h: 60882 (JSC::JSObject::hasCustomProperties): Changed to delegate to Structure 60883 because it is the "truth" about an object's pedigree. 60884 60885 * runtime/Structure.cpp: 60886 (JSC::Structure::Structure): 60887 * runtime/Structure.h: 60888 (JSC::Structure::didTransition): Track whether a Structure has ever 60889 transitioned for any reason. If so, we have to assume that the object 60890 holding it is custom in some way. 60891 608922011-04-25 Gavin Barraclough <barraclough@apple.com> 60893 60894 Reviewed by Geoff Garen. 60895 60896 https://bugs.webkit.org/show_bug.cgi?id=59405 60897 DFG JIT - add type speculation for integer & array types, for vars & args. 60898 60899 If a var or argument is used as the base for a GetByVal or PutByVal access 60900 we are speculating that it is of type Array (we only generate code on the 60901 speculative path to perform array accesses). By typing the var or args slot 60902 as Array, and checking on entry to the function (in the case of args), and 60903 each time the local is written to, we can avoid a type check at each point 60904 the array is accessed. This will typically hoist type checks out of loops. 60905 60906 Similarly, any local that is incremented or decremented, or is the input or 60907 output or a bitwise operator, is likely to be an integer. By typing the 60908 local as int32 we can avoid speculation checks on access, and tagging when 60909 writing to the slot. All accesses can become 32bit instead of 64. 60910 60911 * dfg/DFGByteCodeParser.cpp: 60912 (JSC::DFG::ByteCodeParser::set): 60913 (JSC::DFG::ByteCodeParser::predictArray): 60914 (JSC::DFG::ByteCodeParser::predictInt32): 60915 (JSC::DFG::ByteCodeParser::parseBlock): 60916 * dfg/DFGGraph.h: 60917 (JSC::DFG::PredictionSlot::PredictionSlot): 60918 (JSC::DFG::Graph::Graph): 60919 (JSC::DFG::Graph::predict): 60920 (JSC::DFG::Graph::getPrediction): 60921 * dfg/DFGJITCompiler.cpp: 60922 (JSC::DFG::JITCompiler::compileFunction): 60923 * dfg/DFGJITCompiler.h: 60924 (JSC::DFG::JITCompiler::tagFor): 60925 (JSC::DFG::JITCompiler::payloadFor): 60926 * dfg/DFGNode.h: 60927 * dfg/DFGNonSpeculativeJIT.cpp: 60928 (JSC::DFG::NonSpeculativeJIT::compile): 60929 * dfg/DFGSpeculativeJIT.cpp: 60930 (JSC::DFG::SpeculativeJIT::compile): 60931 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): 60932 (JSC::DFG::SpeculativeJIT::initializeVariableTypes): 60933 * dfg/DFGSpeculativeJIT.h: 60934 * runtime/Executable.cpp: 60935 (JSC::tryDFGCompile): 60936 609372011-04-25 David Levin <levin@chromium.org> 60938 60939 Reviewed by James Robinson. 60940 60941 Fix OwnPtr strict mode violation in MessageQueue.h 60942 https://bugs.webkit.org/show_bug.cgi?id=59400 60943 60944 * wtf/MessageQueue.h: 60945 (WTF::::waitForMessage): 60946 (WTF::::waitForMessageFilteredWithTimeout): 60947 (WTF::::tryGetMessage): 60948 609492011-04-25 Adam Barth <abarth@webkit.org> 60950 60951 Reviewed by Darin Adler. 60952 60953 JavaScriptCore should play nice strict OwnPtrs 60954 https://bugs.webkit.org/show_bug.cgi?id=59401 60955 60956 * dfg/DFGByteCodeParser.cpp: 60957 (JSC::DFG::ByteCodeParser::parse): 60958 * heap/Heap.cpp: 60959 (JSC::TypeCounter::TypeCounter): 60960 * jit/JITStubs.cpp: 60961 (JSC::JITThunks::JITThunks): 60962 * parser/JSParser.cpp: 60963 (JSC::JSParser::Scope::Scope): 60964 * yarr/YarrJIT.cpp: 60965 (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail): 60966 609672011-04-25 Mark Rowe <mrowe@apple.com> 60968 60969 Build fix. 60970 60971 * wtf/ListHashSet.h: 60972 609732011-04-25 Gavin Barraclough <barraclough@apple.com> 60974 60975 Reviewed by Oliver Hunt. 60976 60977 Bug 59370 - DFG JIT - fix leak of BlocksBlocks 60978 (put the blocks immediately into an OwnPtr). 60979 60980 * dfg/DFGByteCodeParser.cpp: 60981 (JSC::DFG::ByteCodeParser::parse): 60982 609832011-04-25 James Robinson <jamesr@chromium.org> 60984 60985 Reviewed by David Levin. 60986 60987 Fix strict OwnPtr violations in ListHashSet and RenderLayerCompositor 60988 https://bugs.webkit.org/show_bug.cgi?id=59353 60989 60990 * wtf/ListHashSet.h: 60991 (WTF::::ListHashSet): 60992 609932011-04-25 David Levin <levin@chromium.org> 60994 60995 Reviewed by Adam Barth. 60996 60997 Fix PassOwnPtr issues in Structure and JSGlobalData.cpp 60998 https://bugs.webkit.org/show_bug.cgi?id=59347 60999 61000 * runtime/JSGlobalData.cpp: 61001 (JSC::JSGlobalData::JSGlobalData): 61002 * runtime/Structure.cpp: 61003 (JSC::Structure::copyPropertyTable): 61004 (JSC::Structure::createPropertyMap): 61005 * runtime/Structure.h: 61006 610072011-04-25 Oliver Hunt <oliver@apple.com> 61008 61009 Reviewed by Geoffrey Garen. 61010 61011 Make ClassInfo required when creating a Structure 61012 https://bugs.webkit.org/show_bug.cgi?id=59340 61013 61014 Add ClassInfo to all those types which currently don't 61015 have it, and add an assertion to Structure::create to 61016 ensure that the provided classInfo is not null. 61017 61018 * runtime/Executable.h: 61019 (JSC::EvalExecutable::createStructure): 61020 (JSC::ProgramExecutable::createStructure): 61021 (JSC::FunctionExecutable::createStructure): 61022 * runtime/GetterSetter.cpp: 61023 * runtime/GetterSetter.h: 61024 (JSC::GetterSetter::createStructure): 61025 * runtime/JSAPIValueWrapper.cpp: 61026 * runtime/JSAPIValueWrapper.h: 61027 (JSC::JSAPIValueWrapper::createStructure): 61028 * runtime/JSCell.cpp: 61029 * runtime/JSCell.h: 61030 * runtime/JSString.cpp: 61031 * runtime/JSString.h: 61032 (JSC::RopeBuilder::createStructure): 61033 * runtime/Structure.h: 61034 (JSC::Structure::create): 61035 (JSC::JSCell::createDummyStructure): 61036 610372011-04-25 David Levin <levin@chromium.org> 61038 61039 Reviewed by Adam Barth. 61040 61041 PropertyMapHashTable.h should use adoptPtr instead of implicit conversions to PassRefPtr. 61042 https://bugs.webkit.org/show_bug.cgi?id=59342 61043 61044 This patch is to prepare for the strict OwnPtr hack-a-thon. 61045 61046 * runtime/PropertyMapHashTable.h: 61047 (JSC::PropertyTable::copy): 61048 610492011-04-25 Thouraya ANDOLSI <thouraya.andolsi@st.com> 61050 61051 Reviewed by Gavin Barraclough. 61052 61053 Rationalize MacroAssembler branch methods 61054 https://bugs.webkit.org/show_bug.cgi?id=58950 61055 61056 split out the 'Condition' enum into 'RelationalCondition' and 'ResultCondition' 61057 and apply related changes (only for SH4 platforms). 61058 61059 * assembler/MacroAssemblerSH4.cpp: 61060 * assembler/MacroAssemblerSH4.h: 61061 (JSC::MacroAssemblerSH4::compare32): 61062 (JSC::MacroAssemblerSH4::branch32WithUnalignedHalfWords): 61063 (JSC::MacroAssemblerSH4::branchDouble): 61064 (JSC::MacroAssemblerSH4::branch32): 61065 (JSC::MacroAssemblerSH4::branchTest8): 61066 (JSC::MacroAssemblerSH4::branch8): 61067 (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32): 61068 (JSC::MacroAssemblerSH4::test8): 61069 (JSC::MacroAssemblerSH4::branch16): 61070 (JSC::MacroAssemblerSH4::branchTest32): 61071 (JSC::MacroAssemblerSH4::branchAdd32): 61072 (JSC::MacroAssemblerSH4::branchMul32): 61073 (JSC::MacroAssemblerSH4::branchSub32): 61074 (JSC::MacroAssemblerSH4::branchOr32): 61075 (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32): 61076 (JSC::MacroAssemblerSH4::branchPtrWithPatch): 61077 (JSC::MacroAssemblerSH4::SH4Condition): 61078 * assembler/SH4Assembler.h: 61079 (JSC::SH4Assembler::cmpEqImmR0): 61080 610812011-04-25 Adam Barth <abarth@webkit.org> 61082 61083 Reviewed by Eric Seidel. 61084 61085 PropertyMapHashTable should work with strict OwnPtr 61086 https://bugs.webkit.org/show_bug.cgi?id=59337 61087 61088 This patch is in preparation for the strict OwnPtr hack-a-thon. 61089 61090 * runtime/PropertyMapHashTable.h: 61091 (JSC::PropertyTable::PropertyTable): 61092 (JSC::PropertyTable::addDeletedOffset): 61093 610942011-04-25 Geoffrey Garen <ggaren@apple.com> 61095 61096 Reviewed by Sam Weinig. 61097 61098 Nixed MarkStack::deprecatedAppend, since it has no clients left. 61099 61100 * heap/MarkStack.h: 61101 611022011-04-23 Gavin Barraclough <barraclough@apple.com> 61103 61104 Reviewed by Oliver Hunt. 61105 61106 Bug 59287 - DFG JIT - Handle temporaries as vars, allowing support for ?: 61107 61108 SetLocals to temporaries will only be generated if they are used within other 61109 blocks, due to the SSA based DCE. 61110 61111 * dfg/DFGByteCodeParser.cpp: 61112 (JSC::DFG::ByteCodeParser::ByteCodeParser): 61113 (JSC::DFG::ByteCodeParser::get): 61114 (JSC::DFG::ByteCodeParser::set): 61115 (JSC::DFG::ByteCodeParser::getLocal): 61116 (JSC::DFG::ByteCodeParser::setLocal): 61117 (JSC::DFG::ByteCodeParser::parseBlock): 61118 (JSC::DFG::ByteCodeParser::processPhiStack): 61119 (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): 61120 (JSC::DFG::ByteCodeParser::parse): 61121 * dfg/DFGGraph.h: 61122 (JSC::DFG::BasicBlock::BasicBlock): 61123 611242011-04-22 Gavin Barraclough <barraclough@apple.com> 61125 61126 Reviewed by Sam Weinig & Geoff Garen. 61127 61128 Bug 59266 - DFG JIT - Add SSA style DCE 61129 61130 This works by making GetLocal nodes reference SetLocal nodes from prior blocks, 61131 via intermediate Phi nodes. Whenever we add a GetLocal to the graph, also add a 61132 matching child Phi, and add the Phi to a work queue to add references to prior 61133 definitions once we have the full CFG & can determine predecessors. This process 61134 is iterative, inserting new phis into predecessors as necessary. 61135 61136 * dfg/DFGByteCodeParser.cpp: 61137 (JSC::DFG::ByteCodeParser::getVariable): 61138 (JSC::DFG::ByteCodeParser::setVariable): 61139 (JSC::DFG::ByteCodeParser::getArgument): 61140 (JSC::DFG::ByteCodeParser::setArgument): 61141 (JSC::DFG::ByteCodeParser::parseBlock): 61142 (JSC::DFG::ByteCodeParser::processWorkQueue): 61143 (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): 61144 (JSC::DFG::ByteCodeParser::parse): 61145 * dfg/DFGGraph.cpp: 61146 (JSC::DFG::Graph::dump): 61147 (JSC::DFG::Graph::refChildren): 61148 * dfg/DFGGraph.h: 61149 (JSC::DFG::Graph::ref): 61150 * dfg/DFGNode.h: 61151 (JSC::DFG::Node::ref): 61152 * dfg/DFGNonSpeculativeJIT.cpp: 61153 (JSC::DFG::NonSpeculativeJIT::compile): 61154 * dfg/DFGScoreBoard.h: 61155 (JSC::DFG::ScoreBoard::~ScoreBoard): 61156 (JSC::DFG::ScoreBoard::dump): 61157 * dfg/DFGSpeculativeJIT.cpp: 61158 (JSC::DFG::SpeculativeJIT::compile): 61159 611602011-04-22 Vitaly Repeshko <vitalyr@chromium.org> 61161 61162 Reviewed by Adam Barth. 61163 61164 Add missing default constructors for HashMap iterator specializations. 61165 https://bugs.webkit.org/show_bug.cgi?id=59250 61166 61167 * wtf/HashIterators.h: 61168 * wtf/HashTable.h: 61169 (WTF::HashTableConstIterator::HashTableConstIterator): Added cast 61170 to help compiler find the function template. 61171 611722011-04-22 Gavin Barraclough <barraclough@apple.com> 61173 61174 Reviewed by Sam Weinig. 61175 61176 Bug 59262 - DFG JIT - reduce size of VariableRecord 61177 61178 We never need both the get & set node, only the most recent 61179 (which is always a set, if both exist). 61180 61181 * dfg/DFGByteCodeParser.cpp: 61182 (JSC::DFG::ByteCodeParser::getVariable): 61183 (JSC::DFG::ByteCodeParser::setVariable): 61184 (JSC::DFG::ByteCodeParser::getArgument): 61185 (JSC::DFG::ByteCodeParser::setArgument): 61186 (JSC::DFG::ByteCodeParser::parseBlock): 61187 * dfg/DFGGraph.h: 61188 (JSC::DFG::VariableRecord::VariableRecord): 61189 611902011-04-22 Gavin Barraclough <barraclough@apple.com> 61191 61192 Reviewed by Geoffrey Garen. 61193 61194 Bug 59254 - DFG JIT - retain VariableRecords for args/var in all basic blocks, 61195 such that this information is available for DCE. Also, since this enlarges the 61196 size of BasicBlock, make Graph hold a vector of pointers to basic blocks, not a 61197 vector of blocks. 61198 61199 * dfg/DFGByteCodeParser.cpp: 61200 (JSC::DFG::ByteCodeParser::ByteCodeParser): 61201 (JSC::DFG::ByteCodeParser::get): 61202 (JSC::DFG::ByteCodeParser::set): 61203 (JSC::DFG::ByteCodeParser::getVariable): 61204 (JSC::DFG::ByteCodeParser::setVariable): 61205 (JSC::DFG::ByteCodeParser::getArgument): 61206 (JSC::DFG::ByteCodeParser::setArgument): 61207 (JSC::DFG::ByteCodeParser::parseBlock): 61208 (JSC::DFG::ByteCodeParser::setupPredecessors): 61209 (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): 61210 (JSC::DFG::ByteCodeParser::parse): 61211 * dfg/DFGGraph.cpp: 61212 (JSC::DFG::Graph::dump): 61213 * dfg/DFGGraph.h: 61214 (JSC::DFG::VariableRecord::VariableRecord): 61215 (JSC::DFG::BasicBlock::BasicBlock): 61216 (JSC::DFG::BasicBlock::getBytecodeBegin): 61217 (JSC::DFG::Graph::blockIndexForBytecodeOffset): 61218 (JSC::DFG::Graph::blockForBytecodeOffset): 61219 * dfg/DFGNonSpeculativeJIT.cpp: 61220 (JSC::DFG::NonSpeculativeJIT::compile): 61221 * dfg/DFGSpeculativeJIT.cpp: 61222 (JSC::DFG::SpeculativeJIT::compile): 61223 * dfg/DFGSpeculativeJIT.h: 61224 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): 61225 612262011-04-22 Gavin Barraclough <barraclough@apple.com> 61227 61228 Errk, build fix. 61229 61230 * dfg/DFGSpeculativeJIT.cpp: 61231 (JSC::DFG::SpeculativeJIT::compile): 61232 612332011-04-22 Gavin Barraclough <barraclough@apple.com> 61234 61235 Reviewed by Sam Weinig. 61236 61237 Quick cleanup to SpeculativeJIT/NonSpeculativeJIT compile loop, 61238 move out the call to checkConsistency(). 61239 61240 * dfg/DFGNonSpeculativeJIT.cpp: 61241 (JSC::DFG::NonSpeculativeJIT::compile): 61242 * dfg/DFGSpeculativeJIT.cpp: 61243 (JSC::DFG::SpeculativeJIT::compile): 61244 * dfg/DFGSpeculativeJIT.h: 61245 (JSC::DFG::SpeculativeJIT::SpeculativeJIT): 61246 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): 61247 612482011-04-21 Vitaly Repeshko <vitalyr@chromium.org> 61249 61250 Reviewed by Adam Barth. 61251 61252 Provide default constructors for HashMap iterators. 61253 https://bugs.webkit.org/show_bug.cgi?id=59151 61254 61255 These will be used to implement an iterator over EventTarget's 61256 listeners. 61257 61258 * wtf/HashTable.h: 61259 (WTF::HashTableConstIteratorAdapter::HashTableConstIteratorAdapter): 61260 (WTF::HashTableIteratorAdapter::HashTableIteratorAdapter): 61261 612622011-04-22 Gavin Barraclough <barraclough@apple.com> 61263 61264 Reviewed by Geoff Garen. 61265 61266 Bug 59232 - DFG JIT - Add predecessor links to BasicBlocks 61267 61268 These will be necessary for DCE support. 61269 Also factor allocateVirtualRegisters out into its own method. 61270 61271 * dfg/DFGByteCodeParser.cpp: 61272 (JSC::DFG::ByteCodeParser::setupPredecessors): 61273 (JSC::DFG::ByteCodeParser::allocateVirtualRegisters): 61274 (JSC::DFG::ByteCodeParser::parse): 61275 * dfg/DFGGraph.h: 61276 (JSC::DFG::Graph::blockForBytecodeOffset): 61277 * dfg/DFGNode.h: 61278 (JSC::DFG::Node::isTerminal): 61279 612802011-04-22 Oliver Hunt <oliver@apple.com> 61281 61282 Reviewed by Geoffrey Garen. 61283 61284 Object.create creates uncachable objects 61285 https://bugs.webkit.org/show_bug.cgi?id=59164 61286 61287 Use the prototype object's inheritorID, as we 61288 should always have done 61289 61290 * runtime/JSGlobalObject.cpp: 61291 (JSC::JSGlobalObject::reset): 61292 (JSC::JSGlobalObject::visitChildren): 61293 * runtime/JSGlobalObject.h: 61294 (JSC::JSGlobalObject::nullPrototypeObjectStructure): 61295 * runtime/ObjectConstructor.cpp: 61296 (JSC::objectConstructorCreate): 61297 612982011-04-22 Gavin Barraclough <barraclough@apple.com> 61299 61300 Reviewed by Sam Weinig. 61301 61302 Bug 59222 - DFG JIT - don't allocate virtual registers to nodes with no result 61303 61304 We currently allocate virtual registers to nodes which have no result - these are 61305 clearly unused, and may result in us allocating a larger than necessary stack frame. 61306 61307 Encapsulate Node::virtualRegister such that we can ASSERT this is only called on 61308 nodes that have results, and improve the quality of output from the consistency check. 61309 61310 * dfg/DFGByteCodeParser.cpp: 61311 (JSC::DFG::ByteCodeParser::parse): 61312 * dfg/DFGGraph.cpp: 61313 (JSC::DFG::Graph::dump): 61314 * dfg/DFGGraph.h: 61315 (JSC::DFG::Graph::ref): 61316 (JSC::DFG::Graph::deref): 61317 * dfg/DFGJITCodeGenerator.cpp: 61318 (JSC::DFG::JITCodeGenerator::fillInteger): 61319 (JSC::DFG::JITCodeGenerator::fillDouble): 61320 (JSC::DFG::JITCodeGenerator::fillJSValue): 61321 (JSC::DFG::JITCodeGenerator::dump): 61322 (JSC::DFG::JITCodeGenerator::checkConsistency): 61323 * dfg/DFGJITCodeGenerator.h: 61324 (JSC::DFG::JITCodeGenerator::canReuse): 61325 (JSC::DFG::JITCodeGenerator::isFilled): 61326 (JSC::DFG::JITCodeGenerator::isFilledDouble): 61327 (JSC::DFG::JITCodeGenerator::use): 61328 (JSC::DFG::JITCodeGenerator::integerResult): 61329 (JSC::DFG::JITCodeGenerator::noResult): 61330 (JSC::DFG::JITCodeGenerator::cellResult): 61331 (JSC::DFG::JITCodeGenerator::jsValueResult): 61332 (JSC::DFG::JITCodeGenerator::doubleResult): 61333 (JSC::DFG::JITCodeGenerator::initConstantInfo): 61334 * dfg/DFGJITCompiler.cpp: 61335 (JSC::DFG::JITCompiler::fillNumericToDouble): 61336 (JSC::DFG::JITCompiler::fillInt32ToInteger): 61337 (JSC::DFG::JITCompiler::fillToJS): 61338 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative): 61339 * dfg/DFGNode.h: 61340 (JSC::DFG::Node::Node): 61341 (JSC::DFG::Node::hasResult): 61342 (JSC::DFG::Node::virtualRegister): 61343 (JSC::DFG::Node::setVirtualRegister): 61344 (JSC::DFG::Node::refCount): 61345 (JSC::DFG::Node::ref): 61346 (JSC::DFG::Node::deref): 61347 (JSC::DFG::Node::adjustedRefCount): 61348 * dfg/DFGNonSpeculativeJIT.cpp: 61349 (JSC::DFG::NonSpeculativeJIT::isKnownInteger): 61350 (JSC::DFG::NonSpeculativeJIT::isKnownNumeric): 61351 (JSC::DFG::NonSpeculativeJIT::compile): 61352 * dfg/DFGScoreBoard.h: 61353 (JSC::DFG::ScoreBoard::use): 61354 * dfg/DFGSpeculativeJIT.cpp: 61355 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 61356 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 61357 (JSC::DFG::SpeculativeJIT::compile): 61358 613592011-04-22 Sam Weinig <sam@webkit.org> 61360 61361 Reviewed by Gavin Barraclough and Oliver Hunt. 61362 61363 Arrays should participate in global object forwarding fun 61364 https://bugs.webkit.org/show_bug.cgi?id=59215 61365 61366 * runtime/JSGlobalObject.h: 61367 (JSC::constructEmptyArray): 61368 (JSC::constructArray): 61369 Add variants of constructArray that take a global object. 61370 613712011-04-22 Sheriff Bot <webkit.review.bot@gmail.com> 61372 61373 Unreviewed, rolling out r84650 and r84654. 61374 http://trac.webkit.org/changeset/84650 61375 http://trac.webkit.org/changeset/84654 61376 https://bugs.webkit.org/show_bug.cgi?id=59218 61377 61378 Broke Windows build (Requested by bweinstein on #webkit). 61379 61380 * API/JSCallbackObjectFunctions.h: 61381 (JSC::::init): 61382 * JavaScriptCore.exp: 61383 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 61384 * heap/Handle.h: 61385 (JSC::HandleBase::operator!): 61386 (JSC::HandleBase::operator UnspecifiedBoolType*): 61387 (JSC::HandleTypes::getFromSlot): 61388 * heap/HandleHeap.cpp: 61389 (JSC::HandleHeap::markStrongHandles): 61390 (JSC::HandleHeap::markWeakHandles): 61391 (JSC::HandleHeap::finalizeWeakHandles): 61392 (JSC::HandleHeap::writeBarrier): 61393 (JSC::HandleHeap::protectedGlobalObjectCount): 61394 (JSC::HandleHeap::isValidWeakNode): 61395 * heap/HandleHeap.h: 61396 (JSC::HandleHeap::copyWeak): 61397 (JSC::HandleHeap::makeWeak): 61398 (JSC::HandleHeap::Node::slot): 61399 * heap/HandleStack.cpp: 61400 (JSC::HandleStack::mark): 61401 (JSC::HandleStack::grow): 61402 * heap/HandleStack.h: 61403 (JSC::HandleStack::zapTo): 61404 (JSC::HandleStack::push): 61405 * heap/Heap.cpp: 61406 (JSC::HandleHeap::protectedObjectTypeCounts): 61407 * heap/Local.h: 61408 (JSC::::set): 61409 * heap/Strong.h: 61410 (JSC::Strong::set): 61411 * heap/Weak.h: 61412 (JSC::Weak::set): 61413 * runtime/StructureTransitionTable.h: 61414 (JSC::StructureTransitionTable::singleTransition): 61415 (JSC::StructureTransitionTable::setSingleTransition): 61416 * runtime/WeakGCMap.h: 61417 (JSC::WeakGCMap::add): 61418 (JSC::WeakGCMap::set): 61419 * runtime/WriteBarrier.h: 61420 614212011-04-22 Brian Weinstein <bweinstein@apple.com> 61422 61423 Part of Windows build fix from r84650. 61424 61425 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 61426 614272011-04-22 Oliver Hunt <oliver@apple.com> 61428 61429 Reviewed by Geoffrey Garen. 61430 61431 Make it harder to use HandleSlot incorrectly 61432 https://bugs.webkit.org/show_bug.cgi?id=59205 61433 61434 Just add a little type fudging to make it harder to 61435 incorrectly assign through a HandleSlot. 61436 61437 * API/JSCallbackObjectFunctions.h: 61438 (JSC::::init): 61439 * JavaScriptCore.exp: 61440 * heap/Handle.h: 61441 (JSC::HandleBase::operator!): 61442 (JSC::HandleBase::operator UnspecifiedBoolType*): 61443 (JSC::HandleTypes::getFromSlot): 61444 * heap/HandleHeap.cpp: 61445 (JSC::HandleHeap::markStrongHandles): 61446 (JSC::HandleHeap::markWeakHandles): 61447 (JSC::HandleHeap::finalizeWeakHandles): 61448 (JSC::HandleHeap::writeBarrier): 61449 (JSC::HandleHeap::protectedGlobalObjectCount): 61450 (JSC::HandleHeap::isValidWeakNode): 61451 * heap/HandleHeap.h: 61452 (JSC::HandleHeap::copyWeak): 61453 (JSC::HandleHeap::makeWeak): 61454 (JSC::HandleHeap::Node::slot): 61455 * heap/HandleStack.cpp: 61456 (JSC::HandleStack::mark): 61457 (JSC::HandleStack::grow): 61458 * heap/HandleStack.h: 61459 (JSC::HandleStack::zapTo): 61460 (JSC::HandleStack::push): 61461 * heap/Heap.cpp: 61462 (JSC::HandleHeap::protectedObjectTypeCounts): 61463 * heap/Local.h: 61464 (JSC::::set): 61465 * heap/Strong.h: 61466 (JSC::Strong::set): 61467 * heap/Weak.h: 61468 (JSC::Weak::set): 61469 * runtime/StructureTransitionTable.h: 61470 (JSC::StructureTransitionTable::singleTransition): 61471 (JSC::StructureTransitionTable::setSingleTransition): 61472 * runtime/WeakGCMap.h: 61473 (JSC::WeakGCMap::add): 61474 (JSC::WeakGCMap::set): 61475 * runtime/WriteBarrier.h: 61476 (JSC::OpaqueJSValue::toJSValue): 61477 (JSC::OpaqueJSValue::toJSValueRef): 61478 (JSC::OpaqueJSValue::fromJSValue): 61479 614802011-04-22 Patrick Gansterer <paroga@webkit.org> 61481 61482 Unreviewed. Build fix for ENABLE(INTERPRETER) after r84556. 61483 61484 * bytecode/CodeBlock.cpp: 61485 (JSC::CodeBlock::visitAggregate): 61486 614872011-04-21 Sheriff Bot <webkit.review.bot@gmail.com> 61488 61489 Unreviewed, rolling out r84583. 61490 http://trac.webkit.org/changeset/84583 61491 https://bugs.webkit.org/show_bug.cgi?id=59173 61492 61493 "broke 61494 http://trac.webkit.org/export/84593/trunk/LayoutTests/fast/js 61495 /Object-create.html" (Requested by ggaren on #webkit). 61496 61497 * runtime/ObjectConstructor.cpp: 61498 (JSC::objectConstructorCreate): 61499 615002011-04-21 Maciej Stachowiak <mjs@apple.com> 61501 61502 Reviewed by Adam Roben. 61503 61504 Add a feature define to allow <details> and <summary> to be disabled 61505 https://bugs.webkit.org/show_bug.cgi?id=59118 61506 <rdar://problem/9257045> 61507 61508 * Configurations/FeatureDefines.xcconfig: 61509 615102011-04-21 Oliver Hunt <oliver@apple.com> 61511 61512 Reviewed by Geoffrey Garen. 61513 61514 Object.create creates uncachable objects 61515 https://bugs.webkit.org/show_bug.cgi?id=59164 61516 61517 Use the prototype object's inheritorID, as we 61518 should always have done 61519 61520 * runtime/ObjectConstructor.cpp: 61521 (JSC::objectConstructorCreate): 61522 615232011-04-21 Oliver Hunt <oliver@apple.com> 61524 61525 Reviewed by Geoffrey Garen. 61526 61527 Start moving to a general visitor pattern for GC traversal 61528 https://bugs.webkit.org/show_bug.cgi?id=59141 61529 61530 This is just a rename: 61531 markChildren -> visitChildren 61532 markAggregate -> visitAggregate 61533 markStack -> visitor 61534 MarkStack -> typedef'd to SlotVisitor 61535 61536 * API/JSCallbackObject.h: 61537 (JSC::JSCallbackObjectData::visitChildren): 61538 (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren): 61539 (JSC::JSCallbackObject::visitChildren): 61540 * JavaScriptCore.exp: 61541 * bytecode/CodeBlock.cpp: 61542 (JSC::CodeBlock::visitStructures): 61543 (JSC::EvalCodeCache::visitAggregate): 61544 (JSC::CodeBlock::visitAggregate): 61545 * bytecode/CodeBlock.h: 61546 * bytecode/EvalCodeCache.h: 61547 * bytecode/Instruction.h: 61548 (JSC::PolymorphicAccessStructureList::visitAggregate): 61549 * bytecode/StructureStubInfo.cpp: 61550 (JSC::StructureStubInfo::visitAggregate): 61551 * bytecode/StructureStubInfo.h: 61552 * debugger/DebuggerActivation.cpp: 61553 (JSC::DebuggerActivation::visitChildren): 61554 * debugger/DebuggerActivation.h: 61555 * heap/HandleHeap.cpp: 61556 (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): 61557 (JSC::HandleHeap::markStrongHandles): 61558 (JSC::HandleHeap::markWeakHandles): 61559 * heap/HandleHeap.h: 61560 * heap/HandleStack.cpp: 61561 (JSC::HandleStack::mark): 61562 * heap/HandleStack.h: 61563 * heap/Heap.cpp: 61564 (JSC::Heap::markProtectedObjects): 61565 (JSC::Heap::markTempSortVectors): 61566 (JSC::Heap::markRoots): 61567 * heap/Heap.h: 61568 * heap/MarkStack.cpp: 61569 (JSC::MarkStack::visitChildren): 61570 (JSC::MarkStack::drain): 61571 * heap/MarkStack.h: 61572 (JSC::HeapRootVisitor::HeapRootVisitor): 61573 (JSC::HeapRootVisitor::mark): 61574 (JSC::HeapRootVisitor::visitor): 61575 * heap/MarkedSpace.h: 61576 * runtime/ArgList.cpp: 61577 (JSC::MarkedArgumentBuffer::markLists): 61578 * runtime/ArgList.h: 61579 * runtime/Arguments.cpp: 61580 (JSC::Arguments::visitChildren): 61581 * runtime/Arguments.h: 61582 * runtime/Executable.cpp: 61583 (JSC::EvalExecutable::visitChildren): 61584 (JSC::ProgramExecutable::visitChildren): 61585 (JSC::FunctionExecutable::visitChildren): 61586 * runtime/Executable.h: 61587 * runtime/GetterSetter.cpp: 61588 (JSC::GetterSetter::visitChildren): 61589 * runtime/GetterSetter.h: 61590 (JSC::GetterSetter::createStructure): 61591 * runtime/JSAPIValueWrapper.h: 61592 (JSC::JSAPIValueWrapper::createStructure): 61593 * runtime/JSActivation.cpp: 61594 (JSC::JSActivation::visitChildren): 61595 * runtime/JSActivation.h: 61596 * runtime/JSArray.cpp: 61597 (JSC::JSArray::visitChildren): 61598 * runtime/JSArray.h: 61599 (JSC::JSArray::visitDirect): 61600 * runtime/JSCell.h: 61601 (JSC::JSCell::JSCell::visitChildren): 61602 * runtime/JSFunction.cpp: 61603 (JSC::JSFunction::visitChildren): 61604 * runtime/JSFunction.h: 61605 * runtime/JSGlobalObject.cpp: 61606 (JSC::visitIfNeeded): 61607 (JSC::JSGlobalObject::visitChildren): 61608 * runtime/JSGlobalObject.h: 61609 * runtime/JSONObject.cpp: 61610 * runtime/JSObject.cpp: 61611 (JSC::JSObject::visitChildren): 61612 * runtime/JSObject.h: 61613 (JSC::JSObject::visitDirect): 61614 * runtime/JSPropertyNameIterator.cpp: 61615 (JSC::JSPropertyNameIterator::visitChildren): 61616 * runtime/JSPropertyNameIterator.h: 61617 (JSC::JSPropertyNameIterator::createStructure): 61618 * runtime/JSStaticScopeObject.cpp: 61619 (JSC::JSStaticScopeObject::visitChildren): 61620 * runtime/JSStaticScopeObject.h: 61621 * runtime/JSTypeInfo.h: 61622 (JSC::TypeInfo::TypeInfo): 61623 (JSC::TypeInfo::overridesVisitChildren): 61624 * runtime/JSWrapperObject.cpp: 61625 (JSC::JSWrapperObject::visitChildren): 61626 * runtime/JSWrapperObject.h: 61627 * runtime/JSZombie.h: 61628 (JSC::JSZombie::visitChildren): 61629 * runtime/NativeErrorConstructor.cpp: 61630 (JSC::NativeErrorConstructor::visitChildren): 61631 * runtime/NativeErrorConstructor.h: 61632 * runtime/RegExpObject.cpp: 61633 (JSC::RegExpObject::visitChildren): 61634 * runtime/RegExpObject.h: 61635 * runtime/ScopeChain.cpp: 61636 (JSC::ScopeChainNode::visitChildren): 61637 * runtime/ScopeChain.h: 61638 * runtime/SmallStrings.cpp: 61639 (JSC::SmallStrings::visitChildren): 61640 * runtime/SmallStrings.h: 61641 * runtime/Structure.cpp: 61642 (JSC::Structure::Structure): 61643 (JSC::Structure::visitChildren): 61644 * runtime/Structure.h: 61645 * runtime/StructureChain.cpp: 61646 (JSC::StructureChain::visitChildren): 61647 * runtime/StructureChain.h: 61648 (JSC::StructureChain::createStructure): 61649 616502011-04-21 Sheriff Bot <webkit.review.bot@gmail.com> 61651 61652 Unreviewed, rolling out r84548. 61653 http://trac.webkit.org/changeset/84548 61654 https://bugs.webkit.org/show_bug.cgi?id=59144 61655 61656 Broke chromium-win build (Requested by aklein on #webkit). 61657 61658 * wtf/Platform.h: 61659 616602011-04-21 Adam Klein <adamk@chromium.org> 61661 61662 Reviewed by David Levin. 61663 61664 [fileapi] Worker File API calls that create Blobs fail in debug builds due to random number generator thread assertion 61665 https://bugs.webkit.org/show_bug.cgi?id=55728 61666 61667 Enable WTF_MULTIPLE_THREADS for Chromium. 61668 61669 * wtf/Platform.h: 61670 616712011-04-20 Michael Saboff <msaboff@apple.com> 61672 61673 Reviewed by Geoff Garen. 61674 61675 JSString::resolveRope inefficient for common 2 fiber case 61676 https://bugs.webkit.org/show_bug.cgi?id=58994 61677 61678 Split JSString::resolveRope into three routines. 61679 resolveRope allocates the new buffer and handles the 1 or 2 61680 fiber case with single level fibers. 61681 resolveRopeSlowCase handles the general case. 61682 outOfMemory handles the rare out of memory exception case. 61683 61684 * runtime/JSString.cpp: 61685 (JSC::JSString::resolveRope): 61686 (JSC::JSString::resolveRopeSlowCase): 61687 (JSC::JSString::outOfMemory): 61688 * runtime/JSString.h: 61689 616902011-04-20 Adam Klein <adamk@chromium.org> 61691 61692 Reviewed by David Levin. 61693 61694 Rename all uses of JSC_MULTIPLE_THREADS under wtf/... to WTF_MULTIPLE_THREADS 61695 https://bugs.webkit.org/show_bug.cgi?id=59040 61696 61697 This will be used to fix https://bugs.webkit.org/show_bug.cgi?id=55728 61698 by enabling WTF_MULTIPLE_THREADS for Chromium. 61699 61700 * wtf/CryptographicallyRandomNumber.cpp: 61701 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber): 61702 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues): 61703 * wtf/FastMalloc.cpp: 61704 * wtf/Platform.h: 61705 Enable WTF_MULTIPLE_THREADS whenever JSC_MULTIPLE_THREADS is enabled. 61706 * wtf/RandomNumber.cpp: 61707 (WTF::randomNumber): 61708 * wtf/RefCountedLeakCounter.cpp: 61709 (WTF::RefCountedLeakCounter::increment): 61710 (WTF::RefCountedLeakCounter::decrement): 61711 * wtf/dtoa.cpp: 61712 (WTF::pow5mult): 61713 617142011-04-20 Gavin Barraclough <barraclough@apple.com> 61715 61716 Rubber stamped by Geoff Garen 61717 61718 Bug 59069 - DFG JIT - register allocate r8, r9, r10 61719 61720 * dfg/DFGJITCompiler.h: 61721 (JSC::DFG::JITCompiler::gprToRegisterID): 61722 617232011-04-20 Gavin Barraclough <barraclough@apple.com> 61724 61725 Build fix - revert accidental change. 61726 61727 * wtf/Platform.h: 61728 617292011-04-20 Gavin Barraclough <barraclough@apple.com> 61730 61731 Reviewed by Sam Weinig. 61732 61733 Add SAMPLING_FLAGS tool to DFG JIT. 61734 61735 * bytecode/SamplingTool.h: 61736 (JSC::SamplingFlags::addressOfFlags): 61737 * dfg/DFGJITCompiler.cpp: 61738 (JSC::DFG::JITCompiler::setSamplingFlag): 61739 (JSC::DFG::JITCompiler::clearSamplingFlag): 61740 * dfg/DFGJITCompiler.h: 61741 * jit/JITInlineMethods.h: 61742 (JSC::JIT::setSamplingFlag): 61743 (JSC::JIT::clearSamplingFlag): 61744 * wtf/Platform.h: 61745 617462011-04-20 Gavin Barraclough <barraclough@apple.com> 61747 61748 Reviewed by Oliver Hunt. 61749 61750 Bug 59022 - DFG JIT - Optimize branch-on-relational-compare 61751 61752 If a relational compare (< or <=) is immediately followed by a branch, 61753 we can combine the two, avoiding generation of a boolean into a register. 61754 61755 * assembler/MacroAssemblerX86Common.h: 61756 (JSC::MacroAssemblerX86Common::branch32): 61757 (JSC::MacroAssemblerX86Common::invert): 61758 (JSC::MacroAssemblerX86Common::commute): 61759 * dfg/DFGNode.h: 61760 (JSC::DFG::Node::adjustedRefCount): 61761 * dfg/DFGSpeculativeJIT.cpp: 61762 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 61763 (JSC::DFG::SpeculativeJIT::compile): 61764 * dfg/DFGSpeculativeJIT.h: 61765 (JSC::DFG::SpeculativeJIT::isJSConstantWithInt32Value): 61766 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): 61767 617682011-04-20 Gavin Barraclough <barraclough@apple.com> 61769 61770 ARMv7 build fix II. 61771 61772 * jit/JITOpcodes32_64.cpp: 61773 (JSC::JIT::softModulo): 61774 617752011-04-20 Gavin Barraclough <barraclough@apple.com> 61776 61777 ARMv7 build fix. 61778 61779 * assembler/MacroAssemblerARM.h: 61780 (JSC::MacroAssemblerARM::test8): 61781 617822011-04-19 Gavin Barraclough <barraclough@apple.com> 61783 61784 Reviewed by Oliver Hunt. 61785 61786 Rationalize MacroAssembler branch methods 61787 https://bugs.webkit.org/show_bug.cgi?id=58950 61788 61789 The MacroAssembler currently exposes x86's weird behaviour that the 'setcc' 61790 instruction only sets the low 8 bits of a register. Stop that. 61791 61792 Having done so, to clarify remove the 'set32' prefix from test & compare 61793 instructions - these methods all now set a full 32/64 bit register (Ptr size). 61794 The size in the function name should indicate the amount of data being compared. 61795 61796 Also split out the 'Condition' enum into 'RelationalCondition' and 61797 'ResultCondition'. The former is used in binary comparison, the latter is a unary 61798 condition check on the result of an operation. 61799 61800 * JavaScriptCore.xcodeproj/project.pbxproj: 61801 * assembler/MacroAssembler.h: 61802 (JSC::MacroAssembler::branchPtr): 61803 (JSC::MacroAssembler::branch32): 61804 (JSC::MacroAssembler::branch16): 61805 (JSC::MacroAssembler::branchTestPtr): 61806 (JSC::MacroAssembler::comparePtr): 61807 (JSC::MacroAssembler::branchAddPtr): 61808 (JSC::MacroAssembler::branchSubPtr): 61809 (JSC::MacroAssembler::branchTest8): 61810 * assembler/MacroAssemblerARM.h: 61811 (JSC::MacroAssemblerARM::branch8): 61812 (JSC::MacroAssemblerARM::branch32): 61813 (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords): 61814 (JSC::MacroAssemblerARM::branch16): 61815 (JSC::MacroAssemblerARM::branchTest8): 61816 (JSC::MacroAssemblerARM::branchTest32): 61817 (JSC::MacroAssemblerARM::branchAdd32): 61818 (JSC::MacroAssemblerARM::branchMul32): 61819 (JSC::MacroAssemblerARM::branchSub32): 61820 (JSC::MacroAssemblerARM::branchNeg32): 61821 (JSC::MacroAssemblerARM::branchOr32): 61822 (JSC::MacroAssemblerARM::compare32): 61823 (JSC::MacroAssemblerARM::test32): 61824 (JSC::MacroAssemblerARM::test8): 61825 (JSC::MacroAssemblerARM::branchPtrWithPatch): 61826 (JSC::MacroAssemblerARM::ARMCondition): 61827 * assembler/MacroAssemblerARMv7.h: 61828 (JSC::MacroAssemblerARMv7::branch32): 61829 (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords): 61830 (JSC::MacroAssemblerARMv7::branch16): 61831 (JSC::MacroAssemblerARMv7::branch8): 61832 (JSC::MacroAssemblerARMv7::branchTest32): 61833 (JSC::MacroAssemblerARMv7::branchTest8): 61834 (JSC::MacroAssemblerARMv7::branchAdd32): 61835 (JSC::MacroAssemblerARMv7::branchMul32): 61836 (JSC::MacroAssemblerARMv7::branchOr32): 61837 (JSC::MacroAssemblerARMv7::branchSub32): 61838 (JSC::MacroAssemblerARMv7::compare32): 61839 (JSC::MacroAssemblerARMv7::test32): 61840 (JSC::MacroAssemblerARMv7::test8): 61841 (JSC::MacroAssemblerARMv7::branchPtrWithPatch): 61842 (JSC::MacroAssemblerARMv7::makeBranch): 61843 (JSC::MacroAssemblerARMv7::armV7Condition): 61844 * assembler/MacroAssemblerMIPS.h: 61845 (JSC::MacroAssemblerMIPS::branch8): 61846 (JSC::MacroAssemblerMIPS::branch32): 61847 (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords): 61848 (JSC::MacroAssemblerMIPS::branch16): 61849 (JSC::MacroAssemblerMIPS::branchTest32): 61850 (JSC::MacroAssemblerMIPS::branchTest8): 61851 (JSC::MacroAssemblerMIPS::branchAdd32): 61852 (JSC::MacroAssemblerMIPS::branchMul32): 61853 (JSC::MacroAssemblerMIPS::branchSub32): 61854 (JSC::MacroAssemblerMIPS::branchOr32): 61855 (JSC::MacroAssemblerMIPS::compare32): 61856 (JSC::MacroAssemblerMIPS::test8): 61857 (JSC::MacroAssemblerMIPS::test32): 61858 (JSC::MacroAssemblerMIPS::branchPtrWithPatch): 61859 * assembler/MacroAssemblerX86.h: 61860 (JSC::MacroAssemblerX86::branch32): 61861 (JSC::MacroAssemblerX86::branchPtrWithPatch): 61862 * assembler/MacroAssemblerX86Common.h: 61863 (JSC::MacroAssemblerX86Common::branch8): 61864 (JSC::MacroAssemblerX86Common::branch32): 61865 (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords): 61866 (JSC::MacroAssemblerX86Common::branch16): 61867 (JSC::MacroAssemblerX86Common::branchTest32): 61868 (JSC::MacroAssemblerX86Common::branchTest8): 61869 (JSC::MacroAssemblerX86Common::branchAdd32): 61870 (JSC::MacroAssemblerX86Common::branchMul32): 61871 (JSC::MacroAssemblerX86Common::branchSub32): 61872 (JSC::MacroAssemblerX86Common::branchNeg32): 61873 (JSC::MacroAssemblerX86Common::branchOr32): 61874 (JSC::MacroAssemblerX86Common::compare32): 61875 (JSC::MacroAssemblerX86Common::test8): 61876 (JSC::MacroAssemblerX86Common::test32): 61877 (JSC::MacroAssemblerX86Common::x86Condition): 61878 * assembler/MacroAssemblerX86_64.h: 61879 (JSC::MacroAssemblerX86_64::comparePtr): 61880 (JSC::MacroAssemblerX86_64::branchPtr): 61881 (JSC::MacroAssemblerX86_64::branchTestPtr): 61882 (JSC::MacroAssemblerX86_64::branchAddPtr): 61883 (JSC::MacroAssemblerX86_64::branchSubPtr): 61884 (JSC::MacroAssemblerX86_64::branchPtrWithPatch): 61885 (JSC::MacroAssemblerX86_64::branchTest8): 61886 * dfg/DFGSpeculativeJIT.cpp: 61887 (JSC::DFG::SpeculativeJIT::compile): 61888 * jit/JITOpcodes.cpp: 61889 (JSC::JIT::emit_op_eq): 61890 (JSC::JIT::emit_op_neq): 61891 (JSC::JIT::compileOpStrictEq): 61892 (JSC::JIT::emit_op_eq_null): 61893 (JSC::JIT::emit_op_neq_null): 61894 * jit/JITOpcodes32_64.cpp: 61895 (JSC::JIT::emit_op_eq): 61896 (JSC::JIT::emit_op_neq): 61897 (JSC::JIT::compileOpStrictEq): 61898 (JSC::JIT::emit_op_eq_null): 61899 (JSC::JIT::emit_op_neq_null): 61900 619012011-04-20 Balazs Kelemen <kbalazs@webkit.org> 61902 61903 Reviewed by Csaba Osztrogonác. 61904 61905 [Qt] Cleanup includepath adjustment for generated files 61906 https://bugs.webkit.org/show_bug.cgi?id=58869 61907 61908 * JavaScriptCore.pri: Add the directory of generated files to the include 61909 path with absolute path to make it valid in the final build step. 61910 619112011-04-19 Oliver Hunt <oliver@apple.com> 61912 61913 Reviewed by Gavin Barraclough. 61914 61915 Remove unneeded deprecated methods from MarkStack 61916 https://bugs.webkit.org/show_bug.cgi?id=58853 61917 61918 Remove deprecated methods 61919 61920 * heap/MarkStack.h: 61921 619222011-04-19 Mark Rowe <mrowe@apple.com> 61923 61924 Things work best when the Xcode project refers to the file at a path that exists. 61925 61926 * JavaScriptCore.xcodeproj/project.pbxproj: 61927 619282011-04-19 Renata Hodovan <reni@webkit.org> 61929 61930 Reviewed by Eric Seidel. 61931 61932 Move the alignment related macros in Vector.h to new Alignment.h. 61933 https://bugs.webkit.org/show_bug.cgi?id=56000 61934 61935 * JavaScriptCore.gypi: 61936 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 61937 * JavaScriptCore.xcodeproj/project.pbxproj: 61938 * wtf/Alignment.h: Added. 61939 * wtf/CMakeLists.txt: 61940 * wtf/Vector.h: 61941 619422011-04-19 Oliver Hunt <oliver@apple.com> 61943 61944 Reviewed by Gavin Barraclough. 61945 61946 Remove DeprecatedPtr 61947 https://bugs.webkit.org/show_bug.cgi?id=58718 61948 61949 Remove the class an all functions that still exist to support it. 61950 61951 * heap/MarkStack.h: 61952 (JSC::MarkStack::append): 61953 * runtime/JSValue.h: 61954 * runtime/WriteBarrier.h: 61955 619562011-04-19 Jungshik Shin <jshin@chromium.org> 61957 61958 Reviewed by David Levin 61959 61960 Add U+FEFF (Zero width no-break space) to CharacterNames.h. 61961 It's added to the list of characters to treat as zero-width 61962 in WebCore. 61963 61964 https://bugs.webkit.org/show_bug.cgi?id=48860 61965 61966 * wtf/unicode/CharacterNames.h: 61967 619682011-04-19 Csaba Osztrogonác <ossy@webkit.org> 61969 61970 [Qt] REGRESSION(84176): http/tests/xmlhttprequest/event-listener-gc.html fails 61971 https://bugs.webkit.org/show_bug.cgi?id=58871 61972 61973 Unreviewed, rolling out r84176, r84178, r84186, r84212 and r84231. 61974 http://trac.webkit.org/changeset/84176 (original patch) 61975 http://trac.webkit.org/changeset/84178 (original patch - part 2) 61976 http://trac.webkit.org/changeset/84186 (build fix) 61977 http://trac.webkit.org/changeset/84212 61978 http://trac.webkit.org/changeset/84231 (skip failing test) 61979 61980 original bugs: 61981 - https://bugs.webkit.org/show_bug.cgi?id=58718 61982 - https://bugs.webkit.org/show_bug.cgi?id=58853 61983 61984 * heap/MarkStack.h: 61985 (JSC::MarkStack::deprecatedAppendValues): 61986 (JSC::MarkStack::append): 61987 (JSC::MarkStack::deprecatedAppend): 61988 * runtime/JSValue.h: 61989 * runtime/WriteBarrier.h: 61990 (JSC::DeprecatedPtr::DeprecatedPtr): 61991 (JSC::DeprecatedPtr::get): 61992 (JSC::DeprecatedPtr::operator*): 61993 (JSC::DeprecatedPtr::operator->): 61994 (JSC::DeprecatedPtr::slot): 61995 (JSC::DeprecatedPtr::operator UnspecifiedBoolType*): 61996 (JSC::DeprecatedPtr::operator!): 61997 (JSC::operator==): 61998 619992011-04-18 Oliver Hunt <oliver@apple.com> 62000 62001 Reviewed by Gavin Barraclough. 62002 62003 Remove unneeded deprecated methods from MarkStack 62004 https://bugs.webkit.org/show_bug.cgi?id=58853 62005 62006 Remove deprecated methods 62007 62008 * heap/MarkStack.h: 62009 620102011-04-18 Oliver Hunt <oliver@apple.com> 62011 62012 Reviewed by Adam Roben. 62013 62014 Off by one initialising repeat callframe 62015 https://bugs.webkit.org/show_bug.cgi?id=58838 62016 <rdar://problem/8756810> 62017 62018 If the end of a callframe made for a repeat call landed on 62019 a page boundary the following page may not have been committed 62020 which means that the off by one could lead to a crash. However 62021 it could only happen in this case and only on windows which is 62022 why it was so hard to repro. Alas given the steps needed to 62023 reproduce are such that it's not really possible to make a 62024 testcase. 62025 62026 This fix makes the code a little less squirrely by not trying 62027 to avoid the unnecessary initialisation of |this|. 62028 62029 * interpreter/Interpreter.cpp: 62030 (JSC::Interpreter::prepareForRepeatCall): 62031 620322011-04-18 Gavin Barraclough <barraclough@apple.com> 62033 62034 Reviewed by Geoff Garen. 62035 62036 Bug 58829 - DFG JIT - Optimize add/sub immediate, multiply. 62037 62038 Add code generation for add/subtract instruction with immediate operands 62039 (where a child is a constant), and don't bail to non-speculative if an 62040 integer multiple results in a +0 result (only if it should be generating -0). 62041 62042 * dfg/DFGSpeculativeJIT.cpp: 62043 (JSC::DFG::SpeculativeJIT::compile): 62044 * dfg/DFGSpeculativeJIT.h: 62045 (JSC::DFG::SpeculativeJIT::isDoubleConstantWithInt32Value): 62046 620472011-04-18 Gavin Barraclough <barraclough@apple.com> 62048 62049 Reviewed by Geoff Garen. 62050 62051 Bug 58817 - DFG JIT - if speculative compilation fails, throw away code. 62052 62053 If we detect a logical conflict, throw away generated code, 62054 and only compile through the NonSpeculativeJIT. 62055 62056 * assembler/AbstractMacroAssembler.h: 62057 (JSC::AbstractMacroAssembler::rewindToLabel): 62058 * assembler/AssemblerBuffer.h: 62059 (JSC::AssemblerBuffer::rewindToOffset): 62060 * assembler/MacroAssemblerX86Common.h: 62061 (JSC::MacroAssemblerX86Common::branchAdd32): 62062 (JSC::MacroAssemblerX86Common::branchSub32): 62063 * assembler/X86Assembler.h: 62064 (JSC::X86Assembler::rewindToLabel): 62065 (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel): 62066 * dfg/DFGJITCompiler.cpp: 62067 (JSC::DFG::JITCompiler::linkSpeculationChecks): 62068 (JSC::DFG::JITCompiler::compileFunction): 62069 * dfg/DFGNode.h: 62070 * dfg/DFGNonSpeculativeJIT.cpp: 62071 (JSC::DFG::NonSpeculativeJIT::compile): 62072 * dfg/DFGSpeculativeJIT.cpp: 62073 (JSC::DFG::SpeculativeJIT::compile): 62074 * dfg/DFGSpeculativeJIT.h: 62075 (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator): 62076 620772011-04-18 Oliver Hunt <oliver@apple.com> 62078 62079 Reviewed by Gavin Barraclough. 62080 62081 Remove DeprecatedPtr 62082 https://bugs.webkit.org/show_bug.cgi?id=58718 62083 62084 As simple as it sounds. 62085 62086 * runtime/JSValue.h: 62087 * runtime/WriteBarrier.h: 62088 620892011-04-17 Cameron Zwarich <zwarich@apple.com> 62090 62091 Reviewed by Dan Bernstein. 62092 62093 JSC no longer builds with Clang due to -Woverloaded-virtual warning 62094 https://bugs.webkit.org/show_bug.cgi?id=58760 62095 62096 Rename Structure's specificValue overload of put to putSpecificValue to avoid 62097 Clang's warning for overloading a virtual function. 62098 62099 * runtime/Structure.cpp: 62100 (JSC::Structure::addPropertyTransition): 62101 (JSC::Structure::addPropertyWithoutTransition): 62102 (JSC::Structure::putSpecificValue): 62103 * runtime/Structure.h: 62104 621052011-04-17 Patrick Gansterer <paroga@webkit.org> 62106 62107 Reviewed by Adam Barth. 62108 62109 Remove WTF_PLATFORM_SGL 62110 https://bugs.webkit.org/show_bug.cgi?id=58743 62111 62112 WTF_PLATFORM_SGL and PLATFORM(SGL) are not used in the code anywhere. 62113 62114 * wtf/Platform.h: 62115 621162011-04-17 Patrick Gansterer <paroga@webkit.org> 62117 62118 Reviewed by Adam Barth. 62119 62120 Rename PLATFORM(CA) to USE(CA) 62121 https://bugs.webkit.org/show_bug.cgi?id=58742 62122 62123 * wtf/Platform.h: 62124 621252011-04-17 Patrick Gansterer <paroga@webkit.org> 62126 62127 Reviewed by Adam Barth. 62128 62129 Rename PLATFORM(CG) to USE(CG) 62130 https://bugs.webkit.org/show_bug.cgi?id=58729 62131 62132 * wtf/Platform.h: 62133 621342011-04-16 Patrick Gansterer <paroga@webkit.org> 62135 62136 Reviewed by Eric Seidel. 62137 62138 Rename PLATFORM(CAIRO) to USE(CAIRO) 62139 https://bugs.webkit.org/show_bug.cgi?id=55192 62140 62141 * wtf/Platform.h: 62142 * wtf/gobject/GTypedefs.h: 62143 621442011-04-15 Sheriff Bot <webkit.review.bot@gmail.com> 62145 62146 Unreviewed, rolling out r84067. 62147 http://trac.webkit.org/changeset/84067 62148 https://bugs.webkit.org/show_bug.cgi?id=58724 62149 62150 qt build are failing. (Requested by loislo2 on #webkit). 62151 62152 * heap/MarkStack.h: 62153 (JSC::MarkStack::append): 62154 * runtime/JSValue.h: 62155 * runtime/WriteBarrier.h: 62156 (JSC::DeprecatedPtr::DeprecatedPtr): 62157 (JSC::DeprecatedPtr::get): 62158 (JSC::DeprecatedPtr::operator*): 62159 (JSC::DeprecatedPtr::operator->): 62160 (JSC::DeprecatedPtr::slot): 62161 (JSC::DeprecatedPtr::operator UnspecifiedBoolType*): 62162 (JSC::DeprecatedPtr::operator!): 62163 (JSC::operator==): 62164 621652011-04-15 Shishir Agrawal <shishir@chromium.org> 62166 62167 Reviewed by James Robinson. 62168 62169 Add a flag to guard Page Visibility API changes. 62170 https://bugs.webkit.org/show_bug.cgi?id=58464 62171 62172 * Configurations/FeatureDefines.xcconfig: 62173 621742011-04-15 Gavin Barraclough <barraclough@apple.com> 62175 62176 Errrk! - build fix from !x86-64. 62177 62178 * dfg/DFGNode.h: 62179 621802011-04-15 David Levin <levin@chromium.org> 62181 62182 Revert of r83974. 62183 62184 JavaScriptCore shouldn't depend on ../ThirdParty/gtest/xcode/gtest.xcodeproj 62185 https://bugs.webkit.org/show_bug.cgi?id=58716 62186 62187 * JavaScriptCore.xcodeproj/project.pbxproj: 62188 * wtf/tests/RunAllWtfTests.cpp: Removed. 62189 * wtf/tests/StringTests.cpp: Removed. 62190 621912011-04-15 Oliver Hunt <oliver@apple.com> 62192 62193 Reviewed by Gavin Barraclough. 62194 62195 Remove DeprecatedPtr 62196 https://bugs.webkit.org/show_bug.cgi?id=58718 62197 62198 As simple as it sounds. 62199 62200 * heap/MarkStack.h: 62201 (JSC::MarkStack::append): 62202 * runtime/JSValue.h: 62203 * runtime/WriteBarrier.h: 62204 622052011-04-15 Gavin Barraclough <barraclough@apple.com> 62206 62207 Reviewed by Oliver Hunt. 62208 62209 Add a simple tool to gather statistics on whether functions 62210 are completed through the new or old JIT. 62211 62212 * dfg/DFGNode.h: 62213 * dfg/DFGNonSpeculativeJIT.cpp: 62214 (JSC::DFG::NonSpeculativeJIT::compile): 62215 * dfg/DFGSpeculativeJIT.cpp: 62216 (JSC::DFG::SpeculativeJIT::compile): 62217 * jit/JIT.cpp: 62218 (JSC::JIT::privateCompile): 62219 622202011-04-15 Oliver Hunt <oliver@apple.com> 62221 62222 GC allocate Structure 62223 https://bugs.webkit.org/show_bug.cgi?id=58483 62224 62225 Rolling r83894 r83827 r83810 r83809 r83808 back in with 62226 a workaround for the gcc bug seen by the gtk bots 62227 62228 * API/JSCallbackConstructor.cpp: 62229 (JSC::JSCallbackConstructor::JSCallbackConstructor): 62230 * API/JSCallbackConstructor.h: 62231 (JSC::JSCallbackConstructor::createStructure): 62232 * API/JSCallbackFunction.h: 62233 (JSC::JSCallbackFunction::createStructure): 62234 * API/JSCallbackObject.h: 62235 (JSC::JSCallbackObject::createStructure): 62236 * API/JSCallbackObjectFunctions.h: 62237 (JSC::::JSCallbackObject): 62238 * API/JSContextRef.cpp: 62239 * JavaScriptCore.JSVALUE32_64only.exp: 62240 * JavaScriptCore.JSVALUE64only.exp: 62241 * JavaScriptCore.exp: 62242 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 62243 * bytecode/CodeBlock.cpp: 62244 (JSC::CodeBlock::~CodeBlock): 62245 (JSC::CodeBlock::markStructures): 62246 (JSC::CodeBlock::markAggregate): 62247 * bytecode/CodeBlock.h: 62248 (JSC::MethodCallLinkInfo::setSeen): 62249 (JSC::GlobalResolveInfo::GlobalResolveInfo): 62250 * bytecode/Instruction.h: 62251 (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): 62252 (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): 62253 (JSC::PolymorphicAccessStructureList::markAggregate): 62254 (JSC::Instruction::Instruction): 62255 * bytecode/StructureStubInfo.cpp: 62256 (JSC::StructureStubInfo::deref): 62257 (JSC::StructureStubInfo::markAggregate): 62258 * bytecode/StructureStubInfo.h: 62259 (JSC::StructureStubInfo::initGetByIdSelf): 62260 (JSC::StructureStubInfo::initGetByIdProto): 62261 (JSC::StructureStubInfo::initGetByIdChain): 62262 (JSC::StructureStubInfo::initPutByIdTransition): 62263 (JSC::StructureStubInfo::initPutByIdReplace): 62264 * debugger/DebuggerActivation.cpp: 62265 (JSC::DebuggerActivation::DebuggerActivation): 62266 * debugger/DebuggerActivation.h: 62267 (JSC::DebuggerActivation::createStructure): 62268 * heap/Handle.h: 62269 * heap/MarkStack.cpp: 62270 (JSC::MarkStack::markChildren): 62271 (JSC::MarkStack::drain): 62272 * heap/MarkedBlock.cpp: 62273 (JSC::MarkedBlock::MarkedBlock): 62274 (JSC::MarkedBlock::sweep): 62275 * heap/Strong.h: 62276 (JSC::Strong::Strong): 62277 (JSC::Strong::set): 62278 * interpreter/Interpreter.cpp: 62279 (JSC::Interpreter::resolveGlobal): 62280 (JSC::Interpreter::resolveGlobalDynamic): 62281 (JSC::Interpreter::tryCachePutByID): 62282 (JSC::Interpreter::uncachePutByID): 62283 (JSC::Interpreter::tryCacheGetByID): 62284 (JSC::Interpreter::uncacheGetByID): 62285 (JSC::Interpreter::privateExecute): 62286 * jit/JIT.h: 62287 * jit/JITPropertyAccess.cpp: 62288 (JSC::JIT::privateCompilePutByIdTransition): 62289 (JSC::JIT::patchMethodCallProto): 62290 (JSC::JIT::privateCompileGetByIdProto): 62291 (JSC::JIT::privateCompileGetByIdSelfList): 62292 (JSC::JIT::privateCompileGetByIdProtoList): 62293 (JSC::JIT::privateCompileGetByIdChainList): 62294 (JSC::JIT::privateCompileGetByIdChain): 62295 * jit/JITPropertyAccess32_64.cpp: 62296 (JSC::JIT::privateCompilePutByIdTransition): 62297 (JSC::JIT::patchMethodCallProto): 62298 (JSC::JIT::privateCompileGetByIdProto): 62299 (JSC::JIT::privateCompileGetByIdSelfList): 62300 (JSC::JIT::privateCompileGetByIdProtoList): 62301 (JSC::JIT::privateCompileGetByIdChainList): 62302 (JSC::JIT::privateCompileGetByIdChain): 62303 * jit/JITStubs.cpp: 62304 (JSC::JITThunks::tryCachePutByID): 62305 (JSC::JITThunks::tryCacheGetByID): 62306 (JSC::DEFINE_STUB_FUNCTION): 62307 (JSC::getPolymorphicAccessStructureListSlot): 62308 * jit/JSInterfaceJIT.h: 62309 (JSC::JSInterfaceJIT::storePtrWithWriteBarrier): 62310 * jsc.cpp: 62311 (cleanupGlobalData): 62312 * runtime/Arguments.h: 62313 (JSC::Arguments::createStructure): 62314 (JSC::Arguments::Arguments): 62315 (JSC::JSActivation::copyRegisters): 62316 * runtime/ArrayConstructor.cpp: 62317 (JSC::ArrayConstructor::ArrayConstructor): 62318 (JSC::constructArrayWithSizeQuirk): 62319 * runtime/ArrayConstructor.h: 62320 * runtime/ArrayPrototype.cpp: 62321 (JSC::ArrayPrototype::ArrayPrototype): 62322 (JSC::arrayProtoFuncSplice): 62323 * runtime/ArrayPrototype.h: 62324 (JSC::ArrayPrototype::createStructure): 62325 * runtime/BatchedTransitionOptimizer.h: 62326 (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): 62327 * runtime/BooleanConstructor.cpp: 62328 (JSC::BooleanConstructor::BooleanConstructor): 62329 * runtime/BooleanConstructor.h: 62330 * runtime/BooleanObject.cpp: 62331 (JSC::BooleanObject::BooleanObject): 62332 * runtime/BooleanObject.h: 62333 (JSC::BooleanObject::createStructure): 62334 * runtime/BooleanPrototype.cpp: 62335 (JSC::BooleanPrototype::BooleanPrototype): 62336 * runtime/BooleanPrototype.h: 62337 * runtime/DateConstructor.cpp: 62338 (JSC::DateConstructor::DateConstructor): 62339 * runtime/DateConstructor.h: 62340 * runtime/DateInstance.cpp: 62341 (JSC::DateInstance::DateInstance): 62342 * runtime/DateInstance.h: 62343 (JSC::DateInstance::createStructure): 62344 * runtime/DatePrototype.cpp: 62345 (JSC::DatePrototype::DatePrototype): 62346 * runtime/DatePrototype.h: 62347 (JSC::DatePrototype::createStructure): 62348 * runtime/Error.cpp: 62349 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): 62350 * runtime/ErrorConstructor.cpp: 62351 (JSC::ErrorConstructor::ErrorConstructor): 62352 * runtime/ErrorConstructor.h: 62353 * runtime/ErrorInstance.cpp: 62354 (JSC::ErrorInstance::ErrorInstance): 62355 (JSC::ErrorInstance::create): 62356 * runtime/ErrorInstance.h: 62357 (JSC::ErrorInstance::createStructure): 62358 * runtime/ErrorPrototype.cpp: 62359 (JSC::ErrorPrototype::ErrorPrototype): 62360 * runtime/ErrorPrototype.h: 62361 * runtime/ExceptionHelpers.cpp: 62362 (JSC::InterruptedExecutionError::InterruptedExecutionError): 62363 (JSC::TerminatedExecutionError::TerminatedExecutionError): 62364 * runtime/Executable.cpp: 62365 * runtime/Executable.h: 62366 (JSC::ExecutableBase::ExecutableBase): 62367 (JSC::ExecutableBase::createStructure): 62368 (JSC::NativeExecutable::createStructure): 62369 (JSC::NativeExecutable::NativeExecutable): 62370 (JSC::ScriptExecutable::ScriptExecutable): 62371 (JSC::EvalExecutable::createStructure): 62372 (JSC::ProgramExecutable::createStructure): 62373 (JSC::FunctionExecutable::createStructure): 62374 * runtime/FunctionConstructor.cpp: 62375 (JSC::FunctionConstructor::FunctionConstructor): 62376 * runtime/FunctionConstructor.h: 62377 * runtime/FunctionPrototype.cpp: 62378 (JSC::FunctionPrototype::FunctionPrototype): 62379 * runtime/FunctionPrototype.h: 62380 (JSC::FunctionPrototype::createStructure): 62381 * runtime/GetterSetter.h: 62382 (JSC::GetterSetter::GetterSetter): 62383 (JSC::GetterSetter::createStructure): 62384 * runtime/InitializeThreading.cpp: 62385 (JSC::initializeThreadingOnce): 62386 * runtime/InternalFunction.cpp: 62387 (JSC::InternalFunction::InternalFunction): 62388 * runtime/InternalFunction.h: 62389 (JSC::InternalFunction::createStructure): 62390 * runtime/JSAPIValueWrapper.h: 62391 (JSC::JSAPIValueWrapper::createStructure): 62392 (JSC::JSAPIValueWrapper::JSAPIValueWrapper): 62393 * runtime/JSActivation.cpp: 62394 (JSC::JSActivation::JSActivation): 62395 * runtime/JSActivation.h: 62396 (JSC::JSActivation::createStructure): 62397 * runtime/JSArray.cpp: 62398 (JSC::JSArray::JSArray): 62399 * runtime/JSArray.h: 62400 (JSC::JSArray::createStructure): 62401 * runtime/JSByteArray.cpp: 62402 (JSC::JSByteArray::JSByteArray): 62403 (JSC::JSByteArray::createStructure): 62404 * runtime/JSByteArray.h: 62405 (JSC::JSByteArray::JSByteArray): 62406 * runtime/JSCell.cpp: 62407 (JSC::isZombie): 62408 * runtime/JSCell.h: 62409 (JSC::JSCell::JSCell::JSCell): 62410 (JSC::JSCell::JSCell::addressOfStructure): 62411 (JSC::JSCell::JSCell::structure): 62412 (JSC::JSCell::JSCell::markChildren): 62413 (JSC::JSCell::JSValue::isZombie): 62414 * runtime/JSFunction.cpp: 62415 (JSC::JSFunction::JSFunction): 62416 * runtime/JSFunction.h: 62417 (JSC::JSFunction::createStructure): 62418 * runtime/JSGlobalData.cpp: 62419 (JSC::JSGlobalData::storeVPtrs): 62420 (JSC::JSGlobalData::JSGlobalData): 62421 (JSC::JSGlobalData::clearBuiltinStructures): 62422 (JSC::JSGlobalData::createLeaked): 62423 * runtime/JSGlobalData.h: 62424 (JSC::allocateGlobalHandle): 62425 * runtime/JSGlobalObject.cpp: 62426 (JSC::JSGlobalObject::reset): 62427 (JSC::JSGlobalObject::markChildren): 62428 (JSC::JSGlobalObject::copyGlobalsFrom): 62429 * runtime/JSGlobalObject.h: 62430 (JSC::JSGlobalObject::JSGlobalObject): 62431 (JSC::JSGlobalObject::createStructure): 62432 (JSC::Structure::prototypeChain): 62433 (JSC::Structure::isValid): 62434 (JSC::constructEmptyArray): 62435 * runtime/JSNotAnObject.h: 62436 (JSC::JSNotAnObject::JSNotAnObject): 62437 (JSC::JSNotAnObject::createStructure): 62438 * runtime/JSONObject.cpp: 62439 (JSC::JSONObject::JSONObject): 62440 * runtime/JSONObject.h: 62441 (JSC::JSONObject::createStructure): 62442 * runtime/JSObject.cpp: 62443 (JSC::JSObject::defineGetter): 62444 (JSC::JSObject::defineSetter): 62445 (JSC::JSObject::seal): 62446 (JSC::JSObject::freeze): 62447 (JSC::JSObject::preventExtensions): 62448 (JSC::JSObject::removeDirect): 62449 (JSC::JSObject::createInheritorID): 62450 * runtime/JSObject.h: 62451 (JSC::JSObject::createStructure): 62452 (JSC::JSObject::JSObject): 62453 (JSC::JSNonFinalObject::createStructure): 62454 (JSC::JSNonFinalObject::JSNonFinalObject): 62455 (JSC::JSFinalObject::create): 62456 (JSC::JSFinalObject::createStructure): 62457 (JSC::JSFinalObject::JSFinalObject): 62458 (JSC::constructEmptyObject): 62459 (JSC::createEmptyObjectStructure): 62460 (JSC::JSObject::~JSObject): 62461 (JSC::JSObject::setPrototype): 62462 (JSC::JSObject::setStructure): 62463 (JSC::JSObject::inheritorID): 62464 (JSC::JSObject::putDirectInternal): 62465 (JSC::JSObject::transitionTo): 62466 (JSC::JSObject::markChildrenDirect): 62467 * runtime/JSObjectWithGlobalObject.cpp: 62468 (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject): 62469 * runtime/JSObjectWithGlobalObject.h: 62470 (JSC::JSObjectWithGlobalObject::createStructure): 62471 (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject): 62472 * runtime/JSPropertyNameIterator.cpp: 62473 (JSC::JSPropertyNameIterator::JSPropertyNameIterator): 62474 (JSC::JSPropertyNameIterator::create): 62475 (JSC::JSPropertyNameIterator::get): 62476 * runtime/JSPropertyNameIterator.h: 62477 (JSC::JSPropertyNameIterator::createStructure): 62478 (JSC::JSPropertyNameIterator::setCachedStructure): 62479 (JSC::Structure::setEnumerationCache): 62480 * runtime/JSStaticScopeObject.h: 62481 (JSC::JSStaticScopeObject::JSStaticScopeObject): 62482 (JSC::JSStaticScopeObject::createStructure): 62483 * runtime/JSString.h: 62484 (JSC::RopeBuilder::JSString): 62485 (JSC::RopeBuilder::createStructure): 62486 * runtime/JSType.h: 62487 * runtime/JSTypeInfo.h: 62488 (JSC::TypeInfo::TypeInfo): 62489 * runtime/JSValue.h: 62490 * runtime/JSVariableObject.h: 62491 (JSC::JSVariableObject::createStructure): 62492 (JSC::JSVariableObject::JSVariableObject): 62493 (JSC::JSVariableObject::copyRegisterArray): 62494 * runtime/JSWrapperObject.h: 62495 (JSC::JSWrapperObject::createStructure): 62496 (JSC::JSWrapperObject::JSWrapperObject): 62497 * runtime/JSZombie.cpp: 62498 * runtime/JSZombie.h: 62499 (JSC::JSZombie::JSZombie): 62500 (JSC::JSZombie::createStructure): 62501 * runtime/MathObject.cpp: 62502 (JSC::MathObject::MathObject): 62503 * runtime/MathObject.h: 62504 (JSC::MathObject::createStructure): 62505 * runtime/NativeErrorConstructor.cpp: 62506 (JSC::NativeErrorConstructor::NativeErrorConstructor): 62507 (JSC::NativeErrorConstructor::markChildren): 62508 (JSC::constructWithNativeErrorConstructor): 62509 * runtime/NativeErrorConstructor.h: 62510 (JSC::NativeErrorConstructor::createStructure): 62511 * runtime/NativeErrorPrototype.cpp: 62512 (JSC::NativeErrorPrototype::NativeErrorPrototype): 62513 * runtime/NativeErrorPrototype.h: 62514 * runtime/NumberConstructor.cpp: 62515 (JSC::NumberConstructor::NumberConstructor): 62516 * runtime/NumberConstructor.h: 62517 (JSC::NumberConstructor::createStructure): 62518 * runtime/NumberObject.cpp: 62519 (JSC::NumberObject::NumberObject): 62520 * runtime/NumberObject.h: 62521 (JSC::NumberObject::createStructure): 62522 * runtime/NumberPrototype.cpp: 62523 (JSC::NumberPrototype::NumberPrototype): 62524 * runtime/NumberPrototype.h: 62525 * runtime/ObjectConstructor.cpp: 62526 (JSC::ObjectConstructor::ObjectConstructor): 62527 * runtime/ObjectConstructor.h: 62528 (JSC::ObjectConstructor::createStructure): 62529 * runtime/ObjectPrototype.cpp: 62530 (JSC::ObjectPrototype::ObjectPrototype): 62531 * runtime/ObjectPrototype.h: 62532 * runtime/PropertyMapHashTable.h: 62533 (JSC::PropertyTable::PropertyTable): 62534 * runtime/RegExpConstructor.cpp: 62535 (JSC::RegExpConstructor::RegExpConstructor): 62536 (JSC::RegExpMatchesArray::RegExpMatchesArray): 62537 * runtime/RegExpConstructor.h: 62538 (JSC::RegExpConstructor::createStructure): 62539 * runtime/RegExpObject.cpp: 62540 (JSC::RegExpObject::RegExpObject): 62541 * runtime/RegExpObject.h: 62542 (JSC::RegExpObject::createStructure): 62543 * runtime/RegExpPrototype.cpp: 62544 (JSC::RegExpPrototype::RegExpPrototype): 62545 * runtime/RegExpPrototype.h: 62546 * runtime/ScopeChain.h: 62547 (JSC::ScopeChainNode::ScopeChainNode): 62548 (JSC::ScopeChainNode::createStructure): 62549 * runtime/StrictEvalActivation.cpp: 62550 (JSC::StrictEvalActivation::StrictEvalActivation): 62551 * runtime/StringConstructor.cpp: 62552 (JSC::StringConstructor::StringConstructor): 62553 * runtime/StringConstructor.h: 62554 * runtime/StringObject.cpp: 62555 (JSC::StringObject::StringObject): 62556 * runtime/StringObject.h: 62557 (JSC::StringObject::createStructure): 62558 * runtime/StringObjectThatMasqueradesAsUndefined.h: 62559 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined): 62560 (JSC::StringObjectThatMasqueradesAsUndefined::createStructure): 62561 * runtime/StringPrototype.cpp: 62562 (JSC::StringPrototype::StringPrototype): 62563 * runtime/StringPrototype.h: 62564 (JSC::StringPrototype::createStructure): 62565 * runtime/Structure.cpp: 62566 (JSC::StructureTransitionTable::remove): 62567 (JSC::StructureTransitionTable::add): 62568 (JSC::Structure::Structure): 62569 (JSC::Structure::~Structure): 62570 (JSC::Structure::materializePropertyMap): 62571 (JSC::Structure::addPropertyTransitionToExistingStructure): 62572 (JSC::Structure::addPropertyTransition): 62573 (JSC::Structure::removePropertyTransition): 62574 (JSC::Structure::changePrototypeTransition): 62575 (JSC::Structure::despecifyFunctionTransition): 62576 (JSC::Structure::getterSetterTransition): 62577 (JSC::Structure::toDictionaryTransition): 62578 (JSC::Structure::toCacheableDictionaryTransition): 62579 (JSC::Structure::toUncacheableDictionaryTransition): 62580 (JSC::Structure::sealTransition): 62581 (JSC::Structure::freezeTransition): 62582 (JSC::Structure::preventExtensionsTransition): 62583 (JSC::Structure::flattenDictionaryStructure): 62584 (JSC::Structure::copyPropertyTable): 62585 (JSC::Structure::put): 62586 (JSC::Structure::markChildren): 62587 * runtime/Structure.h: 62588 (JSC::Structure::create): 62589 (JSC::Structure::setPrototypeWithoutTransition): 62590 (JSC::Structure::createStructure): 62591 (JSC::JSCell::createDummyStructure): 62592 (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): 62593 * runtime/StructureChain.cpp: 62594 (JSC::StructureChain::StructureChain): 62595 (JSC::StructureChain::markChildren): 62596 * runtime/StructureChain.h: 62597 (JSC::StructureChain::create): 62598 (JSC::StructureChain::head): 62599 (JSC::StructureChain::createStructure): 62600 * runtime/StructureTransitionTable.h: 62601 (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor): 62602 (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer): 62603 (JSC::StructureTransitionTable::~StructureTransitionTable): 62604 (JSC::StructureTransitionTable::slot): 62605 (JSC::StructureTransitionTable::setMap): 62606 (JSC::StructureTransitionTable::singleTransition): 62607 (JSC::StructureTransitionTable::clearSingleTransition): 62608 (JSC::StructureTransitionTable::setSingleTransition): 62609 * runtime/WeakGCMap.h: 62610 (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor): 62611 (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer): 62612 (JSC::WeakGCMap::contains): 62613 (JSC::WeakGCMap::find): 62614 (JSC::WeakGCMap::remove): 62615 (JSC::WeakGCMap::add): 62616 (JSC::WeakGCMap::set): 62617 (JSC::WeakGCMap::finalize): 62618 * runtime/WriteBarrier.h: 62619 (JSC::writeBarrier): 62620 (JSC::WriteBarrierBase::set): 62621 (JSC::WriteBarrierBase::operator*): 62622 (JSC::WriteBarrierBase::operator->): 62623 (JSC::WriteBarrierBase::setWithoutWriteBarrier): 62624 626252011-04-15 Fridrich Strba <fridrich.strba@bluewin.ch> 62626 62627 Reviewed by Gavin Barraclough. 62628 62629 Correctly prefix symbols. Since gcc 4.5.0, Windows x64 symbols 62630 are not prefixed by underscore anymore. This is consistent with 62631 what MSVC does. 62632 https://bugs.webkit.org/show_bug.cgi?id=58573 62633 62634 * jit/JITStubs.cpp: 62635 626362011-04-15 Gavin Barraclough <barraclough@apple.com> 62637 62638 Reviewed by Geoff Garen. 62639 62640 Bug 58705 - DFG JIT Add support for flow control (branch, jump). 62641 62642 Add support for control flow by breaking the CodeBlock up into multiple 62643 basic blocks, generating code for each basic block in turn through the 62644 speculative JIT & then the non-speculative JIT. 62645 62646 * dfg/DFGByteCodeParser.cpp: 62647 (JSC::DFG::ByteCodeParser::setTemporary): 62648 (JSC::DFG::ByteCodeParser::addToGraph): 62649 (JSC::DFG::ByteCodeParser::parseBlock): 62650 (JSC::DFG::ByteCodeParser::parse): 62651 * dfg/DFGGraph.cpp: 62652 (JSC::DFG::Graph::dump): 62653 * dfg/DFGGraph.h: 62654 (JSC::DFG::BasicBlock::BasicBlock): 62655 (JSC::DFG::BasicBlock::getBytecodeOffset): 62656 (JSC::DFG::Graph::blockIndexForBytecodeOffset): 62657 * dfg/DFGJITCodeGenerator.h: 62658 (JSC::DFG::JITCodeGenerator::JITCodeGenerator): 62659 (JSC::DFG::JITCodeGenerator::addBranch): 62660 (JSC::DFG::JITCodeGenerator::linkBranches): 62661 (JSC::DFG::JITCodeGenerator::BranchRecord::BranchRecord): 62662 * dfg/DFGNode.h: 62663 (JSC::DFG::Node::Node): 62664 (JSC::DFG::Node::isJump): 62665 (JSC::DFG::Node::isBranch): 62666 (JSC::DFG::Node::takenBytecodeOffset): 62667 (JSC::DFG::Node::notTakenBytecodeOffset): 62668 * dfg/DFGNonSpeculativeJIT.cpp: 62669 (JSC::DFG::NonSpeculativeJIT::compile): 62670 * dfg/DFGNonSpeculativeJIT.h: 62671 * dfg/DFGSpeculativeJIT.cpp: 62672 (JSC::DFG::SpeculativeJIT::compile): 62673 * dfg/DFGSpeculativeJIT.h: 62674 626752011-04-15 Gavin Barraclough <barraclough@apple.com> 62676 62677 Reviewed by Geoff Garen. 62678 62679 Bug 58701 - DFG JIT - add GetLocal/SetLocal nodes 62680 62681 Use these for both access to arguments & local variables, adds ability 62682 to set locals, such that values will persist between basic blocks. 62683 62684 * dfg/DFGByteCodeParser.cpp: 62685 (JSC::DFG::ByteCodeParser::ByteCodeParser): 62686 (JSC::DFG::ByteCodeParser::get): 62687 (JSC::DFG::ByteCodeParser::set): 62688 (JSC::DFG::ByteCodeParser::getVariable): 62689 (JSC::DFG::ByteCodeParser::setVariable): 62690 (JSC::DFG::ByteCodeParser::getArgument): 62691 (JSC::DFG::ByteCodeParser::setArgument): 62692 (JSC::DFG::ByteCodeParser::getThis): 62693 (JSC::DFG::ByteCodeParser::setThis): 62694 (JSC::DFG::ByteCodeParser::VariableRecord::VariableRecord): 62695 (JSC::DFG::ByteCodeParser::parseBlock): 62696 * dfg/DFGGraph.cpp: 62697 (JSC::DFG::Graph::dump): 62698 (JSC::DFG::Graph::derefChildren): 62699 * dfg/DFGGraph.h: 62700 (JSC::DFG::Graph::ref): 62701 (JSC::DFG::Graph::deref): 62702 * dfg/DFGNode.h: 62703 (JSC::DFG::Node::hasLocal): 62704 (JSC::DFG::Node::local): 62705 * dfg/DFGNonSpeculativeJIT.cpp: 62706 (JSC::DFG::NonSpeculativeJIT::compile): 62707 * dfg/DFGSpeculativeJIT.cpp: 62708 (JSC::DFG::SpeculativeJIT::compile): 62709 627102011-04-15 Gavin Barraclough <barraclough@apple.com> 62711 62712 Reviewed by Sam Weinig. 62713 62714 Bug 58696 - DFG JIT split handling of vars/temporaries 62715 62716 Presently all callee registers are treated as having single block scope, 62717 since the DFG JIT can only compile single block functions. In order to 62718 expand the JIT to support control flow we will need to change to retaining 62719 locals (but not temporaries) across basic block boundaries. 62720 62721 * dfg/DFGByteCodeParser.cpp: 62722 (JSC::DFG::ByteCodeParser::ByteCodeParser): 62723 (JSC::DFG::ByteCodeParser::get): 62724 (JSC::DFG::ByteCodeParser::set): 62725 (JSC::DFG::ByteCodeParser::getVariable): 62726 (JSC::DFG::ByteCodeParser::setVariable): 62727 (JSC::DFG::ByteCodeParser::getTemporary): 62728 (JSC::DFG::ByteCodeParser::setTemporary): 62729 (JSC::DFG::ByteCodeParser::getArgument): 62730 (JSC::DFG::ByteCodeParser::getInt32Constant): 62731 (JSC::DFG::ByteCodeParser::getDoubleConstant): 62732 (JSC::DFG::ByteCodeParser::getJSConstant): 62733 (JSC::DFG::ByteCodeParser::constantUndefined): 62734 (JSC::DFG::ByteCodeParser::constantNull): 62735 (JSC::DFG::ByteCodeParser::one): 62736 (JSC::DFG::ByteCodeParser::parseBlock): 62737 (JSC::DFG::ByteCodeParser::parse): 62738 (JSC::DFG::parse): 62739 * dfg/DFGNode.h: 62740 * dfg/DFGScoreBoard.h: 62741 (JSC::DFG::ScoreBoard::ScoreBoard): 62742 (JSC::DFG::ScoreBoard::~ScoreBoard): 62743 (JSC::DFG::ScoreBoard::allocate): 62744 (JSC::DFG::ScoreBoard::use): 62745 627462011-04-15 Michael Saboff <msaboff@apple.com> 62747 62748 Reviewed by Oliver Hunt. 62749 62750 globalObject moved to JSObjectWithGlobalObject.cpp inhibits inlining 62751 https://bugs.webkit.org/show_bug.cgi?id=58677 62752 62753 Moved JSObjectWithGlobalObject::globalObject() to 62754 runtime/JSObjectWithGlobalObject.h to allow the compiler to inline 62755 it for a performance benefit. An equivalent instance had been in 62756 a header file before r60057. 62757 62758 * JavaScriptCore.exp: 62759 * runtime/JSObjectWithGlobalObject.cpp: 62760 * runtime/JSObjectWithGlobalObject.h: 62761 (JSC::JSObjectWithGlobalObject::globalObject): 62762 627632011-04-14 Oliver Hunt <oliver@apple.com> 62764 62765 Reviewed by Geoffrey Garen. 62766 62767 Make JSNodeFilterCondition handle its lifetime correctly 62768 https://bugs.webkit.org/show_bug.cgi?id=58622 62769 62770 Add export 62771 62772 * JavaScriptCore.exp: 62773 627742011-04-14 Alexey Proskuryakov <ap@apple.com> 62775 62776 Reviewed by Dan Bernstein. 62777 62778 WebKit2: Password field input does not switch to ASCII-compatible source 62779 https://bugs.webkit.org/show_bug.cgi?id=58583 62780 <rdar://problem/9059651> 62781 62782 * wtf/Platform.h: Removed WTF_USE_CARBON_SECURE_INPUT_MODE. It's now only used by Chromium, 62783 and shouldn't be enabled on any other platforms, so there is no reason to make it 62784 configurable via Platform.h. 62785 627862011-04-15 Dmitry Lomov <dslomov@google.com> 62787 62788 Reviewed by David Levin. 62789 62790 Add a sample test case for GTest framework 62791 https://bugs.webkit.org/show_bug.cgi?id=58509 62792 62793 Add an example of GTest testcase, complete with a runner, to JavaScriptCore. 62794 62795 * JavaScriptCore.xcodeproj/project.pbxproj: 62796 * wtf/tests/RunAllWtfTests.cpp: Added. 62797 (main): 62798 * wtf/tests/StringTests.cpp: Added. 62799 628002011-04-15 Anna Cavender <annacc@chromium.org> 62801 62802 Reviewed by Eric Carlson. 62803 62804 Renaming TRACK feature define to VIDEO_TRACK 62805 https://bugs.webkit.org/show_bug.cgi?id=53556 62806 62807 * Configurations/FeatureDefines.xcconfig: 62808 628092011-04-14 Gavin Barraclough <barraclough@apple.com> 62810 62811 Rubber stamped by Geoffrey Garen. 62812 62813 Hide DFG_JIT_RESTRICTIONS behind ARITHMETIC_OP() macro, and rename 62814 m_regressionGuard to m_parseFailed, such that it can be reused for 62815 other failure cases. 62816 62817 * dfg/DFGByteCodeParser.cpp: 62818 (JSC::DFG::ByteCodeParser::ByteCodeParser): 62819 (JSC::DFG::ByteCodeParser::parse): 62820 628212011-04-14 Gavin Barraclough <barraclough@apple.com> 62822 62823 Reviewed by Geoffrey Garen. 62824 62825 Bug 58620 - DFG JIT - loading of arguments should not be lazy 62826 62827 This optimization is overly simplistic. It only works because we never 62828 write out definitions to arguments (since we currently only compile 62829 single block functions). Revert this for now, we may want to reintroduce 62830 something like this again in the future, but it will need to be aware 62831 how to schedule definitions to arguments versus lazy loads that have not 62832 yet been performed. 62833 62834 * dfg/DFGGenerationInfo.h: 62835 (JSC::DFG::GenerationInfo::needsSpill): 62836 * dfg/DFGGraph.cpp: 62837 (JSC::DFG::Graph::dump): 62838 * dfg/DFGGraph.h: 62839 * dfg/DFGJITCodeGenerator.cpp: 62840 (JSC::DFG::JITCodeGenerator::fillInteger): 62841 (JSC::DFG::JITCodeGenerator::fillDouble): 62842 (JSC::DFG::JITCodeGenerator::fillJSValue): 62843 * dfg/DFGJITCodeGenerator.h: 62844 (JSC::DFG::JITCodeGenerator::initConstantInfo): 62845 * dfg/DFGJITCompiler.cpp: 62846 (JSC::DFG::JITCompiler::fillNumericToDouble): 62847 (JSC::DFG::JITCompiler::fillInt32ToInteger): 62848 (JSC::DFG::JITCompiler::fillToJS): 62849 * dfg/DFGNonSpeculativeJIT.cpp: 62850 (JSC::DFG::NonSpeculativeJIT::isKnownInteger): 62851 (JSC::DFG::NonSpeculativeJIT::isKnownNumeric): 62852 (JSC::DFG::NonSpeculativeJIT::compile): 62853 * dfg/DFGSpeculativeJIT.cpp: 62854 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): 62855 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 62856 (JSC::DFG::SpeculativeJIT::compile): 62857 628582011-04-14 Gavin Barraclough <barraclough@apple.com> 62859 62860 Reviewed by Geoffrey Garen. 62861 62862 Bug 58600 - DFG JIT bugs in ValueToInt, PutByVal 62863 62864 The bug in PutByVal is that an operand is in JSValueOperand - when this 62865 locks an integer into a register it will always retag the value without 62866 checking if the register is already locked. This is a problem where the 62867 value being stored by a PutByVal is the same as the subscript. 62868 The subscript is locked into a register first, as a strict integer. 62869 Locking the value results in the subscript being modified. 62870 62871 The bug in ValueToInt related to the function of sillentFillAllRegisters. 62872 The problem is that this method will restore all register values from 62873 prior to the call, overwriting the result of the call out. Allow a 62874 register to be passed to specifically be excluded from being preserved. 62875 62876 * assembler/ARMAssembler.h: 62877 (JSC::ARMAssembler::debugOffset): 62878 * assembler/ARMv7Assembler.h: 62879 (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset): 62880 * assembler/AbstractMacroAssembler.h: 62881 (JSC::AbstractMacroAssembler::debugOffset): 62882 * assembler/AssemblerBuffer.h: 62883 (JSC::AssemblerBuffer::debugOffset): 62884 * assembler/LinkBuffer.h: 62885 (JSC::LinkBuffer::debugAddress): 62886 * assembler/MIPSAssembler.h: 62887 (JSC::MIPSAssembler::debugOffset): 62888 * assembler/MacroAssemblerX86_64.h: 62889 (JSC::MacroAssemblerX86_64::orPtr): 62890 * assembler/X86Assembler.h: 62891 (JSC::X86Assembler::debugOffset): 62892 (JSC::X86Assembler::X86InstructionFormatter::debugOffset): 62893 * dfg/DFGByteCodeParser.cpp: 62894 (JSC::DFG::ByteCodeParser::parse): 62895 * dfg/DFGGenerationInfo.h: 62896 * dfg/DFGJITCodeGenerator.cpp: 62897 (JSC::DFG::JITCodeGenerator::fillJSValue): 62898 * dfg/DFGJITCodeGenerator.h: 62899 (JSC::DFG::JITCodeGenerator::isConstant): 62900 * dfg/DFGJITCompiler.cpp: 62901 (JSC::DFG::JITCompiler::compileFunction): 62902 * dfg/DFGJITCompiler.h: 62903 (JSC::DFG::JITCompiler::isConstant): 62904 * dfg/DFGNonSpeculativeJIT.cpp: 62905 (JSC::DFG::NonSpeculativeJIT::valueToNumber): 62906 (JSC::DFG::NonSpeculativeJIT::valueToInt32): 62907 (JSC::DFG::NonSpeculativeJIT::numberToInt32): 62908 (JSC::DFG::NonSpeculativeJIT::isKnownInteger): 62909 (JSC::DFG::NonSpeculativeJIT::isKnownNumeric): 62910 (JSC::DFG::NonSpeculativeJIT::compile): 62911 * dfg/DFGNonSpeculativeJIT.h: 62912 (JSC::DFG::NonSpeculativeJIT::silentSpillGPR): 62913 (JSC::DFG::NonSpeculativeJIT::silentSpillFPR): 62914 (JSC::DFG::NonSpeculativeJIT::silentFillGPR): 62915 (JSC::DFG::NonSpeculativeJIT::silentFillFPR): 62916 (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters): 62917 (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters): 62918 * dfg/DFGSpeculativeJIT.cpp: 62919 (JSC::DFG::SpeculativeJIT::compile): 62920 629212011-04-14 Geoffrey Garen <ggaren@apple.com> 62922 62923 Reviewed by Oliver Hunt. 62924 62925 Drain the mark stack while marking weak handles, not after. 62926 https://bugs.webkit.org/show_bug.cgi?id=58574 62927 62928 Otherwise, items that would have caused more weak handle marking are 62929 processed after all weak handle marking has finished, and referenced 62930 weak handles get recycled. 62931 62932 * heap/HandleHeap.cpp: 62933 (JSC::HandleHeap::markWeakHandles): Removed looping from here, since we 62934 want Heap::markRoots to be responsible for draining the mark stack. 62935 62936 * heap/Heap.cpp: 62937 (JSC::Heap::markRoots): Moved looping to here, as explained above. 62938 62939 For efficiency's sake, drain the mark stack before starting to mark weak 62940 handles. Otherwise, items drained while marking weak handles may force 62941 an extra trip through the weak handle list. 62942 62943 For correctness's sake, drain the mark stack each time through the weak 62944 handle list. Otherwise, opaque roots that would make weak handles reachable 62945 are not discovered until after weak handle marking is over. 62946 629472011-04-14 Oliver Hunt <oliver@apple.com> 62948 62949 Reviewed by Geoffrey Garen. 62950 62951 Make protected object list in caches window reflect reality 62952 https://bugs.webkit.org/show_bug.cgi?id=58565 62953 62954 Make sure the heap includes objects protected by Strong handles 62955 in its list of protected objects. 62956 62957 * heap/HandleHeap.h: 62958 * heap/Heap.cpp: 62959 (JSC::HandleHeap::protectedObjectTypeCounts): 62960 629612011-04-14 Satish Sampath <satish@chromium.org> 62962 62963 Reviewed by Anders Carlsson. 62964 62965 Don't emit RegExp tables for chromium where they are not used 62966 https://bugs.webkit.org/show_bug.cgi?id=58544 62967 62968 * JavaScriptCore.gyp/JavaScriptCore.gyp: 62969 * create_regex_tables: Added the "--notables" command line argument. 62970 629712011-04-13 Geoffrey Garen <ggaren@apple.com> 62972 62973 Try to fix ASSERTs seen on Windows bots. 62974 62975 * wtf/HashTable.h: 62976 (WTF::hashTableSwap): Force MSVC to use the right version of swap. 62977 629782011-04-13 Ryuan Choi <ryuan.choi@samsung.com> 62979 62980 Reviewed by Kenneth Rohde Christiansen. 62981 62982 [CMAKE] Separate DerivedSources. 62983 https://bugs.webkit.org/show_bug.cgi?id=58427 62984 62985 * CMakeLists.txt: Change DERIVED_SOURCES_DIR to DERIVED_SOURCES_JAVASCRIPTCORE_DIR. 62986 629872011-04-13 Geoffrey Garen <ggaren@apple.com> 62988 62989 Reviewed by Oliver Hunt. 62990 62991 Switched DOM wrappers to use HashMap of Weak<T> instead of WeakGCMap<T> 62992 https://bugs.webkit.org/show_bug.cgi?id=58482 62993 62994 This will allow wrappers to make individual decisions about their lifetimes. 62995 62996 * heap/HandleHeap.h: 62997 (JSC::HandleHeap::copyWeak): New function for copying a weak handle. 62998 It's wasn't previously possible to perform this operation using HandleHeap 62999 API because the HandleHeap doesn't expose its underlying Node structure. 63000 63001 * heap/Local.h: 63002 (JSC::::set): 63003 * heap/Strong.h: 63004 (JSC::Strong::set): Added ASSERTs to verify that dead objects are not 63005 resurrected by placement into handles. 63006 63007 (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table 63008 is efficient. 63009 63010 * heap/Weak.h: 63011 (JSC::Weak::Weak): Fixed a bug where copying a weak pointer would not 63012 copy its weak callback and context. 63013 63014 (JSC::Weak::operator=): Added an assignment operator, since the default 63015 C++ assignment operator did the wrong thing. 63016 63017 (JSC::Weak::set): Added ASSERTs to verify that dead objects are not 63018 resurrected by placement into handles. 63019 63020 (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table 63021 is efficient, and can be done without copying, which is illegal during 63022 the handle finalization phase. 63023 630242011-04-13 Oliver Hunt <oliver@apple.com> 63025 63026 Reviewed by Gavin Barraclough. 63027 63028 Make PropertyMapEntry use a WriteBarrier for specificValue 63029 https://bugs.webkit.org/show_bug.cgi?id=58407 63030 63031 Make PropertyMapEntry use a WriteBarrier for specificValue, and then 63032 propagate the required JSGlobalData through all the methods it ends 63033 up being needed. 63034 63035 * API/JSClassRef.cpp: 63036 (OpaqueJSClass::prototype): 63037 * API/JSContextRef.cpp: 63038 * API/JSObjectRef.cpp: 63039 (JSObjectMake): 63040 (JSObjectSetPrototype): 63041 * JavaScriptCore.exp: 63042 * bytecompiler/BytecodeGenerator.cpp: 63043 (JSC::BytecodeGenerator::BytecodeGenerator): 63044 * interpreter/Interpreter.cpp: 63045 (JSC::appendSourceToError): 63046 (JSC::Interpreter::tryCacheGetByID): 63047 (JSC::Interpreter::privateExecute): 63048 * jit/JITStubs.cpp: 63049 (JSC::JITThunks::tryCacheGetByID): 63050 (JSC::DEFINE_STUB_FUNCTION): 63051 * runtime/BatchedTransitionOptimizer.h: 63052 (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): 63053 * runtime/InternalFunction.cpp: 63054 (JSC::InternalFunction::name): 63055 (JSC::InternalFunction::displayName): 63056 * runtime/JSActivation.cpp: 63057 (JSC::JSActivation::getOwnPropertySlot): 63058 * runtime/JSFunction.cpp: 63059 (JSC::JSFunction::name): 63060 (JSC::JSFunction::displayName): 63061 (JSC::JSFunction::getOwnPropertySlot): 63062 * runtime/JSGlobalObject.cpp: 63063 (JSC::JSGlobalObject::putWithAttributes): 63064 (JSC::JSGlobalObject::reset): 63065 (JSC::JSGlobalObject::resetPrototype): 63066 * runtime/JSGlobalObject.h: 63067 * runtime/JSObject.cpp: 63068 (JSC::JSObject::put): 63069 (JSC::JSObject::deleteProperty): 63070 (JSC::JSObject::defineGetter): 63071 (JSC::JSObject::defineSetter): 63072 (JSC::JSObject::lookupGetter): 63073 (JSC::JSObject::lookupSetter): 63074 (JSC::JSObject::getPropertySpecificValue): 63075 (JSC::JSObject::getOwnPropertyNames): 63076 (JSC::JSObject::seal): 63077 (JSC::JSObject::freeze): 63078 (JSC::JSObject::preventExtensions): 63079 (JSC::JSObject::removeDirect): 63080 (JSC::JSObject::getOwnPropertyDescriptor): 63081 (JSC::JSObject::defineOwnProperty): 63082 * runtime/JSObject.h: 63083 (JSC::JSObject::getDirect): 63084 (JSC::JSObject::getDirectLocation): 63085 (JSC::JSObject::isSealed): 63086 (JSC::JSObject::isFrozen): 63087 (JSC::JSObject::setPrototypeWithCycleCheck): 63088 (JSC::JSObject::setPrototype): 63089 (JSC::JSObject::inlineGetOwnPropertySlot): 63090 (JSC::JSObject::putDirectInternal): 63091 (JSC::JSObject::putDirectWithoutTransition): 63092 (JSC::JSObject::putDirectFunctionWithoutTransition): 63093 * runtime/Lookup.cpp: 63094 (JSC::setUpStaticFunctionSlot): 63095 * runtime/ObjectConstructor.cpp: 63096 (JSC::objectConstructorCreate): 63097 (JSC::objectConstructorSeal): 63098 (JSC::objectConstructorFreeze): 63099 (JSC::objectConstructorPreventExtensions): 63100 (JSC::objectConstructorIsSealed): 63101 (JSC::objectConstructorIsFrozen): 63102 * runtime/Operations.h: 63103 (JSC::normalizePrototypeChain): 63104 * runtime/PropertyMapHashTable.h: 63105 (JSC::PropertyMapEntry::PropertyMapEntry): 63106 (JSC::PropertyTable::PropertyTable): 63107 (JSC::PropertyTable::copy): 63108 * runtime/Structure.cpp: 63109 (JSC::Structure::materializePropertyMap): 63110 (JSC::Structure::despecifyDictionaryFunction): 63111 (JSC::Structure::addPropertyTransition): 63112 (JSC::Structure::removePropertyTransition): 63113 (JSC::Structure::changePrototypeTransition): 63114 (JSC::Structure::despecifyFunctionTransition): 63115 (JSC::Structure::getterSetterTransition): 63116 (JSC::Structure::toDictionaryTransition): 63117 (JSC::Structure::toCacheableDictionaryTransition): 63118 (JSC::Structure::toUncacheableDictionaryTransition): 63119 (JSC::Structure::sealTransition): 63120 (JSC::Structure::freezeTransition): 63121 (JSC::Structure::preventExtensionsTransition): 63122 (JSC::Structure::isSealed): 63123 (JSC::Structure::isFrozen): 63124 (JSC::Structure::addPropertyWithoutTransition): 63125 (JSC::Structure::removePropertyWithoutTransition): 63126 (JSC::Structure::copyPropertyTable): 63127 (JSC::Structure::get): 63128 (JSC::Structure::despecifyFunction): 63129 (JSC::Structure::despecifyAllFunctions): 63130 (JSC::Structure::put): 63131 (JSC::Structure::getPropertyNames): 63132 * runtime/Structure.h: 63133 (JSC::Structure::get): 63134 (JSC::Structure::materializePropertyMapIfNecessary): 63135 631362011-04-13 Paul Knight <pknight@apple.com> 63137 63138 Reviewed by Gavin Barraclough. 63139 63140 BACKTRACE() macro should check for Debug configuration in macro, not WTFReportBacktrace definition 63141 https://bugs.webkit.org/show_bug.cgi?id=58405 63142 63143 The BACKTRACE() macro requires JavaScriptCore be built with a Debug 63144 configuration in order for it to be enabled. Move the NDEBUG check to 63145 the header so it will be enabled when the calling framework or 63146 application is built with a Debug configuration, similar to how 63147 ASSERT() and friends work. 63148 63149 * wtf/Assertions.cpp: 63150 * wtf/Assertions.h: 63151 631522011-04-12 Ben Taylor <bentaylor.solx86@gmail.com> 63153 63154 Reviewed by Alexey Proskuryakov. 63155 63156 https://bugs.webkit.org/show_bug.cgi?id=58131 63157 63158 Provide a workaround for an obscure Studio 12 compiler bug, which 63159 couldn't call src->~T() on a const T *src. 63160 63161 * wtf/Vector.h: 63162 631632011-04-12 Gavin Barraclough <barraclough@apple.com> 63164 63165 Reviewed by Oliver Hunt. 63166 63167 https://bugs.webkit.org/show_bug.cgi?id=58395 63168 Exceptions thrown from property getters called from Array prototype functions can be missed 63169 63170 This is caught by an ASSERT in the top of Interpreter::executeCall. 63171 Check for exceptions after accessing properties that could be getters. 63172 63173 * runtime/ArrayPrototype.cpp: 63174 (JSC::arrayProtoFuncSort): 63175 (JSC::arrayProtoFuncFilter): 63176 (JSC::arrayProtoFuncMap): 63177 (JSC::arrayProtoFuncEvery): 63178 (JSC::arrayProtoFuncForEach): 63179 (JSC::arrayProtoFuncSome): 63180 (JSC::arrayProtoFuncReduce): 63181 (JSC::arrayProtoFuncReduceRight): 63182 - Add exception checks. 63183 631842011-04-12 Oliver Hunt <oliver@apple.com> 63185 63186 Reviewed by Geoffrey Garen. 63187 63188 Make API callback objects use weak handles to run their finalizers 63189 https://bugs.webkit.org/show_bug.cgi?id=58389 63190 63191 Make the API object's private data struct act as a finalizer for 63192 an api object if the callback object has a API defined finalizer. 63193 63194 * API/JSCallbackObject.cpp: 63195 (JSC::JSCallbackObjectData::finalize): 63196 * API/JSCallbackObject.h: 63197 * API/JSCallbackObjectFunctions.h: 63198 (JSC::::init): 63199 * heap/Handle.h: 63200 632012011-04-12 Geoffrey Garen <ggaren@apple.com> 63202 63203 Reviewed by Geoffrey Garen. 63204 63205 Cleaned up hash traits, and added hash traits for handles 63206 https://bugs.webkit.org/show_bug.cgi?id=58381 63207 63208 * heap/Handle.h: 63209 (JSC::HandleBase::swap): 63210 (JSC::Handle::Handle): 63211 (JSC::Handle::swap): Implemented swap, so we can rehash efficiently, and 63212 without creating new handles (which is not allowed during handle finalization). 63213 63214 * heap/Strong.h: 63215 (JSC::Strong::swap): Use new SimpleClassHashTraits to avoid duplication. 63216 63217 * heap/Weak.h: 63218 (JSC::Weak::isHashTableDeletedValue): 63219 (JSC::Weak::Weak): 63220 (JSC::Weak::swap): 63221 (JSC::Weak::hashTableDeletedValue): Ditto. 63222 63223 * wtf/HashTraits.h: 63224 (WTF::SimpleClassHashTraits::constructDeletedValue): 63225 (WTF::SimpleClassHashTraits::isDeletedValue): Added SimpleClassHashTraits, 63226 which are analogous to SimpleClassVectorTraits, since they are used in a 63227 bunch of places. 63228 63229 * wtf/RetainPtr.h: Use new SimpleClassHashTraits to avoid duplication. 63230 63231 * wtf/text/StringHash.h: Use new SimpleClassHashTraits to avoid duplication. 63232 632332011-04-12 Geoffrey Garen <ggaren@apple.com> 63234 63235 Reviewed by Sam Weinig. 63236 63237 Cleaned up some Vector traits, and added missing Vector traits for handles 63238 https://bugs.webkit.org/show_bug.cgi?id=58372 63239 63240 * heap/Local.h: Inherit from SimpleClassVectorTraits to avoid duplication. 63241 63242 * heap/Strong.h: Ditto. 63243 63244 * heap/Weak.h: Ditto. 63245 63246 * parser/JSParser.cpp: Fixed a traits error. No test case because this 63247 particular trait is not currently exercised by the parser. 63248 63249 * runtime/UString.h: No need to override canInitializeWithMemset, since 63250 our base class sets it to true. 63251 63252 * wtf/VectorTraits.h: Inherit from VectorTraitsBase to avoid duplication. 63253 63254 * wtf/text/WTFString.h: No need to override canInitializeWithMemset, since 63255 our base class sets it to true. 63256 632572011-04-12 Thouraya ANDOLSI <thouraya.andolsi@st.com> 63258 63259 Reviewed by Eric Seidel. 63260 63261 [Qt] Enable JIT build for SH4 platforms. 63262 https://bugs.webkit.org/show_bug.cgi?id=58317 63263 enable JIT build for QT backend for SH4 platforms. 63264 63265 * JavaScriptCore.pro: 63266 * wtf/Platform.h: 63267 632682011-04-11 Ben Taylor <bentaylor.solx86@gmail.com> 63269 63270 Reviewed by Alexey Proskuryakov. 63271 63272 https://bugs.webkit.org/show_bug.cgi?id=58289 63273 63274 Fix compilation on Solaris/Studio 12 C++ in wtf/FastMalloc.cpp, 63275 WTF::TCMalloc_PageHeap::runScavengerThread(void*) expected to return a value. 63276 63277 * wtf/FastMalloc.cpp: 63278 (WTF::TCMalloc_PageHeap::runScavengerThread): 63279 632802011-04-11 Mark Rowe <mrowe@apple.com> 63281 63282 Fix the build. 63283 63284 * JavaScriptCore.xcodeproj/project.pbxproj: Headers used outside of JavaScriptCore need to be marked as private. 63285 632862011-04-11 Anna Cavender <annacc@chromium.org> 63287 63288 Reviewed by Eric Carlson. 63289 63290 Setup ENABLE(TRACK) feature define 63291 https://bugs.webkit.org/show_bug.cgi?id=53556 63292 63293 63294 * Configurations/FeatureDefines.xcconfig: 63295 632962011-04-11 Geoffrey Garen <ggaren@apple.com> 63297 63298 Try to fix a few builds. 63299 63300 Updated a few more build configurations for file moves. 63301 63302 * CMakeListsWinCE.txt: 63303 633042011-04-11 Gavin Barraclough <barraclough@apple.com> 63305 63306 Reviewed by Sam Weinig. 63307 63308 Bug 58263 - Use EncodedValueDescriptor on both JSVALUE32_64, JSVALUE64 63309 63310 The JSJITInterface already uses EncodedValueDescriptor to access the tag/payload 63311 separately on JSVALUE64, even though EncodedValueDescriptor is not used in 63312 JSVALUE64's implementation of JSValue. Remove the separate definition for m_ptr 63313 on X86_64. Using the union allows us to remove a layer of makeImmediate()/ 63314 immedaiteValue() methods. 63315 63316 * dfg/DFGNonSpeculativeJIT.cpp: 63317 (JSC::DFG::NonSpeculativeJIT::compile): 63318 * dfg/DFGSpeculativeJIT.cpp: 63319 (JSC::DFG::SpeculativeJIT::compile): 63320 * jit/JITInlineMethods.h: 63321 (JSC::JIT::emitTagAsBoolImmediate): 63322 * jit/JITOpcodes.cpp: 63323 (JSC::JIT::emit_op_not): 63324 (JSC::JIT::emit_op_jeq_null): 63325 (JSC::JIT::emit_op_jneq_null): 63326 (JSC::JIT::emit_op_get_pnames): 63327 (JSC::JIT::emit_op_eq_null): 63328 (JSC::JIT::emit_op_neq_null): 63329 (JSC::JIT::emitSlow_op_not): 63330 * runtime/JSCell.h: 63331 * runtime/JSValue.h: 63332 * runtime/JSValueInlineMethods.h: 63333 (JSC::JSValue::encode): 63334 (JSC::JSValue::decode): 63335 (JSC::JSValue::operator==): 63336 (JSC::JSValue::operator!=): 63337 (JSC::JSValue::JSValue): 63338 (JSC::JSValue::operator bool): 63339 (JSC::JSValue::asInt32): 63340 (JSC::JSValue::isUndefinedOrNull): 63341 (JSC::JSValue::isBoolean): 63342 (JSC::JSValue::isCell): 63343 (JSC::JSValue::isInt32): 63344 (JSC::JSValue::asDouble): 63345 (JSC::JSValue::isNumber): 63346 (JSC::JSValue::asCell): 63347 633482011-04-11 Geoffrey Garen <ggaren@apple.com> 63349 63350 Try to fix a few builds. 63351 63352 Updated a few more build configurations for file moves. 63353 63354 * CMakeListsEfl.txt: 63355 * wscript: 63356 633572011-04-11 Geoffrey Garen <ggaren@apple.com> 63358 63359 Build fix: Updated a file name. 63360 63361 * CMakeLists.txt: 63362 633632011-04-11 Geoffrey Garen <ggaren@apple.com> 63364 63365 Rubber-stamped by Sam Weinig. 63366 63367 Moved remaining heap implementation files to the heap folder. 63368 63369 * Android.mk: 63370 * CMakeLists.txt: 63371 * GNUmakefile.list.am: 63372 * JavaScriptCore.gypi: 63373 * JavaScriptCore.pro: 63374 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 63375 * JavaScriptCore.xcodeproj/project.pbxproj: 63376 * heap/ConservativeRoots.cpp: Copied from runtime/ConservativeSet.cpp. 63377 * heap/ConservativeRoots.h: Copied from runtime/ConservativeSet.h. 63378 * heap/Handle.h: 63379 * heap/Heap.cpp: 63380 * heap/MachineStackMarker.cpp: Copied from runtime/MachineStackMarker.cpp. 63381 * heap/MachineStackMarker.h: Copied from runtime/MachineStackMarker.h. 63382 * heap/MarkStack.cpp: Copied from runtime/MarkStack.cpp. 63383 * heap/MarkStack.h: Copied from runtime/MarkStack.h. 63384 * heap/MarkStackPosix.cpp: Copied from runtime/MarkStackPosix.cpp. 63385 * heap/MarkStackSymbian.cpp: Copied from runtime/MarkStackSymbian.cpp. 63386 * heap/MarkStackWin.cpp: Copied from runtime/MarkStackWin.cpp. 63387 * heap/MarkedBlock.cpp: Copied from runtime/MarkedBlock.cpp. 63388 * heap/MarkedBlock.h: Copied from runtime/MarkedBlock.h. 63389 * heap/MarkedSpace.cpp: Copied from runtime/MarkedSpace.cpp. 63390 * heap/MarkedSpace.h: Copied from runtime/MarkedSpace.h. 63391 * interpreter/RegisterFile.cpp: 63392 * runtime/ConservativeSet.cpp: Removed. 63393 * runtime/ConservativeSet.h: Removed. 63394 * runtime/MachineStackMarker.cpp: Removed. 63395 * runtime/MachineStackMarker.h: Removed. 63396 * runtime/MarkStack.cpp: Removed. 63397 * runtime/MarkStack.h: Removed. 63398 * runtime/MarkStackPosix.cpp: Removed. 63399 * runtime/MarkStackSymbian.cpp: Removed. 63400 * runtime/MarkStackWin.cpp: Removed. 63401 * runtime/MarkedBlock.cpp: Removed. 63402 * runtime/MarkedBlock.h: Removed. 63403 * runtime/MarkedSpace.cpp: Removed. 63404 * runtime/MarkedSpace.h: Removed. 63405 634062011-04-11 Gavin Barraclough <barraclough@apple.com> 63407 63408 Windows build fix. 63409 63410 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 63411 634122011-04-09 Gavin Barraclough <barraclough@apple.com> 63413 63414 Reviewed by Sam Weinig. 63415 63416 Bug 58198 - Clean up JSValue implementation for JSVALUE64 63417 63418 Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64 63419 63420 JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64, 63421 which should not have been here. JSImmediate mostly contained uncalled methods, 63422 along with the internal implementation of the JSValue constructors split unnecessarily 63423 across a number of layers of function calls. These could largely be merged back 63424 together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified. 63425 63426 The .cpp files were empty. 63427 63428 Moving all these methods into JSValue.h seems to be a repro measurable regression, so 63429 I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag 63430 values as static const members of JSValue also measures as a repro regression, so I 63431 have made these #defines. 63432 63433 * Android.mk: 63434 * CMakeLists.txt: 63435 * GNUmakefile.list.am: 63436 * JavaScriptCore.exp: 63437 * JavaScriptCore.gypi: 63438 * JavaScriptCore.pro: 63439 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 63440 * JavaScriptCore.xcodeproj/project.pbxproj: 63441 - Removed JSImmediate.h, JSNumberCell.h. 63442 * bytecompiler/BytecodeGenerator.cpp: 63443 (JSC::BytecodeGenerator::emitLoad): 63444 - Removed class JSImmediate. 63445 * dfg/DFGNonSpeculativeJIT.cpp: 63446 (JSC::DFG::NonSpeculativeJIT::compile): 63447 - Removed class JSImmediate. 63448 * dfg/DFGSpeculativeJIT.cpp: 63449 (JSC::DFG::SpeculativeJIT::compile): 63450 - Removed class JSImmediate. 63451 * jit/JITArithmetic.cpp: 63452 (JSC::JIT::compileBinaryArithOpSlowCase): 63453 - Removed class JSImmediate. 63454 * jit/JITInlineMethods.h: 63455 (JSC::JIT::emitJumpIfJSCell): 63456 (JSC::JIT::emitJumpIfNotJSCell): 63457 (JSC::JIT::emitJumpIfImmediateInteger): 63458 (JSC::JIT::emitJumpIfNotImmediateInteger): 63459 (JSC::JIT::emitFastArithDeTagImmediate): 63460 (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero): 63461 (JSC::JIT::emitFastArithReTagImmediate): 63462 (JSC::JIT::emitTagAsBoolImmediate): 63463 - Removed class JSImmediate. 63464 * jit/JITOpcodes.cpp: 63465 (JSC::JIT::emit_op_not): 63466 (JSC::JIT::emit_op_jeq_null): 63467 (JSC::JIT::emit_op_jneq_null): 63468 (JSC::JIT::emit_op_get_pnames): 63469 (JSC::JIT::emit_op_eq_null): 63470 (JSC::JIT::emit_op_neq_null): 63471 (JSC::JIT::emitSlow_op_not): 63472 - Removed class JSImmediate. 63473 * jit/JSInterfaceJIT.h: 63474 - Removed class JSImmediate. 63475 * runtime/JSCell.h: 63476 - Removed JSImmediate.h, JSNumberCell.h. 63477 * runtime/JSImmediate.cpp: Removed. 63478 * runtime/JSImmediate.h: Removed. 63479 * runtime/JSNumberCell.cpp: Removed. 63480 * runtime/JSNumberCell.h: Removed. 63481 - Removed. 63482 * runtime/JSObject.h: 63483 - Removed JSImmediate.h, JSNumberCell.h. 63484 * runtime/JSString.h: 63485 - Removed JSImmediate.h, JSNumberCell.h. 63486 * runtime/JSValue.h: 63487 - Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64. 63488 * runtime/JSValueInlineMethods.h: Added. 63489 (JSC::JSValue::toInt32): 63490 (JSC::JSValue::toUInt32): 63491 (JSC::JSValue::isUInt32): 63492 (JSC::JSValue::asUInt32): 63493 (JSC::JSValue::uncheckedGetNumber): 63494 (JSC::JSValue::toJSNumber): 63495 (JSC::jsNaN): 63496 (JSC::JSValue::getNumber): 63497 (JSC::JSValue::getBoolean): 63498 (JSC::JSValue::JSValue): 63499 (JSC::JSValue::encode): 63500 (JSC::JSValue::decode): 63501 (JSC::JSValue::operator bool): 63502 (JSC::JSValue::operator==): 63503 (JSC::JSValue::operator!=): 63504 (JSC::JSValue::isUndefined): 63505 (JSC::JSValue::isNull): 63506 (JSC::JSValue::isUndefinedOrNull): 63507 (JSC::JSValue::isCell): 63508 (JSC::JSValue::isInt32): 63509 (JSC::JSValue::isDouble): 63510 (JSC::JSValue::isTrue): 63511 (JSC::JSValue::isFalse): 63512 (JSC::JSValue::tag): 63513 (JSC::JSValue::payload): 63514 (JSC::JSValue::asInt32): 63515 (JSC::JSValue::asDouble): 63516 (JSC::JSValue::asCell): 63517 (JSC::JSValue::isNumber): 63518 (JSC::JSValue::isBoolean): 63519 (JSC::JSValue::makeImmediate): 63520 (JSC::JSValue::immediateValue): 63521 (JSC::reinterpretDoubleToIntptr): 63522 (JSC::reinterpretIntptrToDouble): 63523 - Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h. 63524 * runtime/Operations.h: 63525 - Removed JSImmediate.h, JSNumberCell.h. 63526 * wtf/StdLibExtras.h: 63527 - Export bitwise_cast. 63528 635292011-04-11 Thouraya ANDOLSI <thouraya.andolsi@st.com> 63530 63531 Reviewed by Oliver Hunt. 63532 63533 SH4 JIT SUPPORT. 63534 https://bugs.webkit.org/show_bug.cgi?id=44329 63535 63536 Add JIT remaining part for SH4 platforms. 63537 63538 * assembler/MacroAssemblerSH4.h: 63539 * jit/JIT.h: 63540 * jit/JITInlineMethods.h: 63541 * jit/JITOpcodes32_64.cpp: 63542 * jit/JITPropertyAccess32_64.cpp: 63543 * jit/JITStubs.cpp: 63544 * jit/JITStubs.h: 63545 * jit/JSInterfaceJIT.h: 63546 635472011-04-10 Geoffrey Garen <ggaren@apple.com> 63548 63549 Rubber-stamped by Beth Dakin. 63550 63551 Moved Heap.h and Heap.cpp to the heap folder, because anything less 63552 would be uncivilized. 63553 63554 * Android.mk: 63555 * CMakeLists.txt: 63556 * GNUmakefile.list.am: 63557 * JavaScriptCore.gypi: 63558 * JavaScriptCore.pro: 63559 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 63560 * JavaScriptCore.xcodeproj/project.pbxproj: 63561 * heap/Heap.cpp: Copied from JavaScriptCore/runtime/Heap.cpp. 63562 * heap/Heap.h: Copied from JavaScriptCore/runtime/Heap.h. 63563 * runtime/Heap.cpp: Removed. 63564 * runtime/Heap.h: Removed. 63565 635662011-04-10 Patrick Gansterer <paroga@webkit.org> 63567 63568 Reviewed by Darin Adler. 63569 63570 Remove duplicated code from AtomicString::fromUTF8() 63571 https://bugs.webkit.org/show_bug.cgi?id=53711 63572 63573 * JavaScriptCore.exp: 63574 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 63575 * wtf/text/AtomicString.cpp: 63576 (WTF::AtomicString::fromUTF8Internal): 63577 * wtf/text/AtomicString.h: 63578 (WTF::AtomicString::fromUTF8): 63579 * wtf/unicode/UTF8.cpp: 63580 (WTF::Unicode::calculateStringHashAndLengthFromUTF8): 63581 * wtf/unicode/UTF8.h: 63582 635832011-04-10 Maciej Stachowiak <mjs@apple.com> 63584 63585 Not reviewed. 63586 63587 Fix build (at least on Lion) by adding some newish header files to 63588 PrivateHeaders. 63589 63590 * JavaScriptCore.xcodeproj/project.pbxproj: 63591 635922011-04-09 Geoffrey Garen <ggaren@apple.com> 63593 63594 Not reviewed. 63595 63596 Try recommitting some things svn left out of its last commit. 63597 63598 * heap/Handle.h: 63599 (JSC::HandleBase::operator!): 63600 (JSC::HandleBase::HandleBase): 63601 (JSC::HandleBase::slot): 63602 (JSC::HandleBase::setSlot): 63603 (JSC::Handle::Handle): 63604 * heap/HandleHeap.cpp: 63605 (JSC::HandleHeap::markWeakHandles): 63606 (JSC::HandleHeap::finalizeWeakHandles): 63607 (JSC::HandleHeap::isValidWeakNode): 63608 * heap/HandleHeap.h: 63609 (JSC::HandleHeap::globalData): 63610 636112011-04-08 Geoffrey Garen <ggaren@apple.com> 63612 63613 Reviewed by Oliver Hunt. 63614 63615 A few heap-related renames and file moves. 63616 63617 WeakGCPtr<T> => Weak<T> 63618 Global<T> => Strong<T> 63619 collector/ => heap/ 63620 collector/* => heap/* 63621 runtime/WeakGCPtr.h => heap/Weak.h 63622 63623 (Eventually, even more files should move into the heap directory. Like 63624 Heap.h and Heap.cpp, for example.) 63625 63626 * API/JSClassRef.h: 63627 * CMakeLists.txt: 63628 * GNUmakefile.am: 63629 * GNUmakefile.list.am: 63630 * JavaScriptCore.gypi: 63631 * JavaScriptCore.pri: 63632 * JavaScriptCore.pro: 63633 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 63634 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 63635 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: 63636 * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: 63637 * JavaScriptCore.xcodeproj/project.pbxproj: 63638 * bytecode/SamplingTool.h: 63639 * bytecompiler/BytecodeGenerator.h: 63640 * collector: Removed. 63641 * collector/handles: Removed. 63642 * collector/handles/Global.h: Removed. 63643 * collector/handles/Handle.h: Removed. 63644 * collector/handles/HandleHeap.cpp: Removed. 63645 * collector/handles/HandleHeap.h: Removed. 63646 * collector/handles/HandleStack.cpp: Removed. 63647 * collector/handles/HandleStack.h: Removed. 63648 * collector/handles/Local.h: Removed. 63649 * collector/handles/LocalScope.h: Removed. 63650 * heap: Copied from collector. 63651 * heap/Handle.h: Copied from collector/handles/Handle.h. 63652 * heap/HandleHeap.cpp: Copied from collector/handles/HandleHeap.cpp. 63653 * heap/HandleHeap.h: Copied from collector/handles/HandleHeap.h. 63654 * heap/HandleStack.cpp: Copied from collector/handles/HandleStack.cpp. 63655 * heap/HandleStack.h: Copied from collector/handles/HandleStack.h. 63656 * heap/Local.h: Copied from collector/handles/Local.h. 63657 * heap/LocalScope.h: Copied from collector/handles/LocalScope.h. 63658 * heap/Strong.h: Copied from collector/handles/Global.h. 63659 (JSC::Strong::Strong): 63660 (JSC::Strong::~Strong): 63661 (JSC::Strong::operator=): 63662 * heap/Weak.h: Copied from runtime/WeakGCPtr.h. 63663 (JSC::Weak::Weak): 63664 (JSC::Weak::~Weak): 63665 * heap/handles: Removed. 63666 * interpreter/RegisterFile.h: 63667 * jit/JITStubs.cpp: 63668 (JSC::JITThunks::hostFunctionStub): 63669 * jit/JITStubs.h: 63670 * runtime/Structure.h: 63671 * runtime/WeakGCPtr.h: Removed. 63672 636732011-04-08 Alpha Lam <hclam@chromium.org> 63674 63675 Unreviewed, rolling out r83335. 63676 http://trac.webkit.org/changeset/83335 63677 https://bugs.webkit.org/show_bug.cgi?id=53556 63678 63679 GTK and QT bots are broken 63680 63681 * Configurations/FeatureDefines.xcconfig: 63682 636832011-04-08 Gavin Barraclough <barraclough@apple.com> 63684 63685 Ooops, typo, build fix. 63686 63687 * dfg/DFGByteCodeParser.cpp: 63688 (JSC::DFG::ByteCodeParser::parse): 63689 636902011-04-08 Gavin Barraclough <barraclough@apple.com> 63691 63692 Reviewed by Oliver Hunt. 63693 63694 Bug 58154 - Add support for comparison operators to the DFG JIT. 63695 63696 Add support for <, <=, ==, ===, and also !. Add support for all corresponding 63697 bytecode ops, including the not- and -null forms. Initially add functionally 63698 correct support, we'll revisit the performance. 63699 63700 * dfg/DFGByteCodeParser.cpp: 63701 (JSC::DFG::ByteCodeParser::ByteCodeParser): 63702 (JSC::DFG::ByteCodeParser::constantNull): 63703 (JSC::DFG::ByteCodeParser::parse): 63704 - Add support for parsing of bytecode opcodes, 63705 * dfg/DFGJITCodeGenerator.h: 63706 (JSC::DFG::JITCodeGenerator::callOperation): 63707 - Add new operation call types, return bool values. 63708 * dfg/DFGNode.h: 63709 - Add new node types. 63710 * dfg/DFGNonSpeculativeJIT.cpp: 63711 (JSC::DFG::NonSpeculativeJIT::compile): 63712 - Add code generation for new nodes. 63713 * dfg/DFGOperations.cpp: 63714 (JSC::DFG::operationCompareLess): 63715 (JSC::DFG::operationCompareLessEq): 63716 (JSC::DFG::operationCompareEq): 63717 (JSC::DFG::operationCompareStrictEq): 63718 (JSC::DFG::dfgConvertJSValueToBoolean): 63719 * dfg/DFGOperations.h: 63720 - Add operation callbacks to implement new ops. 63721 * dfg/DFGSpeculativeJIT.cpp: 63722 (JSC::DFG::SpeculativeJIT::compile): 63723 - Add code generation for new nodes. 63724 * jit/JITOpcodes.cpp: 63725 (JSC::JIT::privateCompileCTIMachineTrampolines): 63726 - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate. 63727 * jit/JITPropertyAccess.cpp: 63728 (JSC::JIT::privateCompilePatchGetArrayLength): 63729 - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate. 63730 * runtime/JSImmediate.h: 63731 - Make tag values public, rather than relying on a friend - this matches JSVALUE32_64. 63732 637332011-04-07 Anna Cavender <annacc@chromium.org> 63734 63735 Reviewed by Eric Carlson. 63736 63737 Setup ENABLE(TRACK) feature define 63738 https://bugs.webkit.org/show_bug.cgi?id=53556 63739 63740 63741 * Configurations/FeatureDefines.xcconfig: 63742 637432011-04-07 Balazs Kelemen <kbalazs@webkit.org> 63744 63745 Reviewed by Kenneth Rohde Christiansen. 63746 63747 [WK2][Qt][GTK] Introduce common use flag for the shared UNIX domain socket IPC implementation 63748 https://bugs.webkit.org/show_bug.cgi?id=58030 63749 63750 * wtf/Platform.h: Introduce USE(UNIX_DOMAIN_SOCKETS) for WebKit2. 63751 637522011-04-08 Adam Roben <aroben@apple.com> 63753 63754 Clean build fix 63755 63756 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Don't try to delete directories that 63757 don't exist. Also switched from del /s to rmdir /s, which has the benefit of deleting the 63758 directory itself in addition to the files it contains. 63759 637602011-04-07 Geoffrey Garen <ggaren@apple.com> 63761 63762 Reviewed by Maciej Stachowiak. 63763 63764 Some Handle<T> cleanup 63765 https://bugs.webkit.org/show_bug.cgi?id=58109 63766 63767 * bytecode/SamplingTool.h: Sorted alphabetically because that's the 63768 WebKit style. Added a Global.h #include that was previously missing 63769 but harmless. 63770 63771 * collector/handles/Global.h: 63772 (JSC::Global::Global): Added a null constructor. No need for a special 63773 tag, and the tag is incompatible with some data structures. 63774 63775 (JSC::Global::isHashTableDeletedValue): 63776 (JSC::Global::~Global): 63777 (JSC::Global::set): 63778 (JSC::Global::operator=): 63779 (JSC::Global::clear): 63780 (JSC::Global::hashTableDeletedValue): Reordered constructors to be near 63781 each other. 63782 63783 (JSC::Global::setWithWriteBarrier): Renamed internalSet to 63784 setWithWriteBarrier for clarity, and funneled more code into using set 63785 and setWithWriteBarrier to reduce duplication. 63786 63787 * collector/handles/Handle.h: 63788 (JSC::HandleBase::operator!): 63789 (JSC::HandleBase::HandleBase): Removed isEmpty(), since we already have 63790 boolean and ! operators. 63791 63792 (JSC::HandleBase::slot): 63793 (JSC::HandleBase::setSlot): 63794 (JSC::Handle::Handle): Added general support for null Handles. This was 63795 previously outlawed by ASSERTs, but our code has grown to support and 63796 rely on null Handles. 63797 63798 * collector/handles/HandleHeap.cpp: 63799 (JSC::HandleHeap::markWeakHandles): 63800 (JSC::HandleHeap::finalizeWeakHandles): 63801 (JSC::HandleHeap::isValidWeakNode): Migrated from isValidWeakHandle, 63802 and beefed this up a bit. 63803 63804 * collector/handles/HandleHeap.h: 63805 (JSC::HandleHeap::globalData): Added accessor, used by some new set functions. 63806 63807 * collector/handles/Local.h: Moved hash traits to the bottom of the file, 63808 since this file is about the Local class, not the traits. 63809 63810 (JSC::::Local): Updated for removal of invalidate(). 63811 63812 (JSC::::operator): Deployed "using" to avoid a lot of this-> 63813 template funny business. 63814 63815 (JSC::::setWithSlotCheck): Renamed from internalSet, more specific now. 63816 63817 * interpreter/RegisterFile.h: 63818 (JSC::RegisterFile::RegisterFile): Updated to use null constructor. 63819 63820 * jit/JITStubs.cpp: 63821 (JSC::JITThunks::hostFunctionStub): 63822 63823 * runtime/JSPropertyNameIterator.h: 63824 (JSC::Structure::setEnumerationCache): 63825 * runtime/Structure.h: Removed clearEnumerationCache 63826 because it was an unused holdover from when the enumeration cache was 63827 not a handle. 63828 63829 * runtime/WeakGCMap.h: 63830 (JSC::WeakGCMap::set): Finish initializing our handle before putting it 63831 in the table. This seemed more logical, and at one point was required 63832 to avoid triggering an ASSERT. 63833 63834 * runtime/WeakGCPtr.h: Inherit from Handle instead of rolling our own 63835 handle-like behavior, to avoid duplication. 63836 63837 (JSC::WeakGCPtr::WeakGCPtr): 63838 (JSC::WeakGCPtr::~WeakGCPtr): 63839 (JSC::WeakGCPtr::get): 63840 (JSC::WeakGCPtr::clear): 63841 (JSC::WeakGCPtr::set): 63842 (JSC::WeakGCPtr::setWithWriteBarrier): Removed duplicate code and 63843 standardized on Handle idioms. 63844 638452011-04-07 Adam Barth <abarth@webkit.org> 63846 63847 Reviewed by Martin Robinson. 63848 63849 Refactor Gtk build system to separate list of files 63850 https://bugs.webkit.org/show_bug.cgi?id=58090 63851 63852 This is the first step towards generating part of the GTK build system 63853 using GYP. In the first iteration, our plan is to just generate the 63854 list of files. This patch is the first step, which is to separate out 63855 the part of JavaScriptCore build system that we intend to generate from 63856 the rest of the build system. 63857 63858 * GNUmakefile.am: 63859 * GNUmakefile.list.am: Added. 63860 638612011-04-07 Zoltan Herczeg <zherczeg@webkit.org> 63862 63863 Reviewed by Gavin Barraclough. 63864 63865 Mapping booleans the same way as integers 63866 https://bugs.webkit.org/show_bug.cgi?id=56913 63867 63868 Instead of having a seperate tag field for booleans, 63869 the logical values are stored in the payload field 63870 (for JSValue32_64 representation). 63871 63872 1.007x speedup on SunSpider. 63873 63874 * jit/JIT.h: 63875 * jit/JITInlineMethods.h: 63876 (JSC::JIT::emitStoreBool): 63877 * jit/JITOpcodes32_64.cpp: 63878 (JSC::JIT::emit_op_instanceof): 63879 (JSC::JIT::emit_op_not): 63880 (JSC::JIT::emit_op_jfalse): 63881 (JSC::JIT::emitSlow_op_jfalse): 63882 (JSC::JIT::emit_op_jtrue): 63883 (JSC::JIT::emitSlow_op_jtrue): 63884 (JSC::JIT::emit_op_jeq_null): 63885 (JSC::JIT::emit_op_jneq_null): 63886 (JSC::JIT::emit_op_eq): 63887 (JSC::JIT::emitSlow_op_eq): 63888 (JSC::JIT::emit_op_neq): 63889 (JSC::JIT::emitSlow_op_neq): 63890 (JSC::JIT::compileOpStrictEq): 63891 (JSC::JIT::emit_op_eq_null): 63892 (JSC::JIT::emit_op_neq_null): 63893 * jit/JSInterfaceJIT.h: 63894 * runtime/JSValue.h: 63895 (JSC::JSValue::JSValue): 63896 (JSC::JSValue::isTrue): 63897 (JSC::JSValue::isFalse): 63898 (JSC::JSValue::getBoolean): 63899 639002011-04-07 Eric Seidel <eric@webkit.org> 63901 63902 Reviewed by Adam Barth. 63903 63904 Add stub support for generating Gtk build system from gyp 63905 https://bugs.webkit.org/show_bug.cgi?id=58086 63906 63907 This does not produce a buildable JavaScriptCore, but it 63908 does allow running gyp/configure --port=gtk and having 63909 it generate a gtk.Makefile which we can use for testing 63910 the rest of the plumbing. 63911 63912 * gyp/gtk.gyp: Added. 63913 639142011-04-07 Andrew Scherkus <scherkus@chromium.org> 63915 63916 Revert ENABLE_TRACK patch due to compile failures. 63917 63918 * Configurations/FeatureDefines.xcconfig: 63919 639202011-04-07 Adam Barth <abarth@webkit.org> 63921 63922 Fix whitespace in GNUmakefile.am. 63923 63924 * GNUmakefile.am: 63925 639262011-04-07 Gavin Barraclough <barraclough@apple.com> 63927 63928 Fix a couple of typos in comments that Darin spotted. 63929 63930 * jit/JITOpcodes.cpp: 63931 (JSC::JIT::emit_op_not): 63932 * runtime/JSImmediate.h: 63933 639342011-04-06 Gavin Barraclough <barraclough@apple.com> 63935 63936 Reviewed by Geoff Garen. 63937 Bug 58057 - Store boolean payload in low bit of JSImmediate 63938 63939 And remove some uncalled functions from JSImmediate.h 63940 63941 * jit/JITInlineMethods.h: 63942 (JSC::JIT::emitTagAsBoolImmediate): 63943 * jit/JITOpcodes.cpp: 63944 (JSC::JIT::emit_op_not): 63945 * runtime/JSImmediate.h: 63946 (JSC::JSImmediate::makeInt): 63947 (JSC::JSImmediate::makeBool): 63948 (JSC::JSImmediate::intValue): 63949 (JSC::JSImmediate::boolValue): 63950 (JSC::JSImmediate::asInt32): 63951 (JSC::JSImmediate::toDouble): 63952 (JSC::JSValue::asInt32): 63953 (JSC::JSValue::isUInt32): 63954 (JSC::JSValue::asUInt32): 63955 639562011-04-07 Liang Qi <liang.qi@nokia.com> 63957 63958 Reviewed by Laszlo Gombos. 63959 63960 [Qt][Symbian] Enable webkit build with GCCE on Symbian. 63961 https://bugs.webkit.org/show_bug.cgi?id=57841 63962 63963 * wtf/MathExtras.h: GCCE compiler doesn't support those std static functions. 63964 639652011-04-06 Dai Mikurube <dmikurube@chromium.org> 63966 63967 Reviewed by David Levin. 63968 63969 Add QUOTA build flag for unified quota API 63970 https://bugs.webkit.org/show_bug.cgi?id=57918 63971 63972 * Configurations/FeatureDefines.xcconfig: Added QUOTA build flag 63973 639742011-04-06 Kevin Ollivier <kevino@theolliviers.com> 63975 63976 Reviewed by Darin Adler. 63977 63978 Make sure JS_EXPORT_PRIVATE is an empty define when we aren't using the export macros. 63979 63980 https://bugs.webkit.org/show_bug.cgi?id=27551 63981 63982 * config.h: 63983 639842011-04-06 Oliver Hunt <oliver@apple.com> 63985 63986 Reviewed by Gavin Barraclough. 63987 63988 Stop JSObject::isUsingInlineStorage() from using the structure 63989 https://bugs.webkit.org/show_bug.cgi?id=57986 63990 63991 Make the isUsingInlineStorage() implementation just look at 63992 whether the property storage is inside the object. 63993 63994 * runtime/JSObject.h: 63995 (JSC::JSObject::isUsingInlineStorage): 63996 (JSC::JSObject::JSObject): 63997 639982011-04-06 Gavin Barraclough <barraclough@apple.com> 63999 64000 Rubber stamped by Geoff Garen. 64001 64002 Update comments documenting JSVALUE64/JSVALUE32_64 JSValue representations. 64003 64004 * runtime/JSImmediate.h: 64005 * runtime/JSValue.h: 64006 640072011-04-06 Lucas De Marchi <lucas.demarchi@profusion.mobi> 64008 64009 cmake: Fix build for ARMv7 64010 64011 * CMakeLists.txt: add missing file. 64012 640132011-04-06 Liang Qi <liang.qi@nokia.com> 64014 64015 Reviewed by Benjamin Poulain. 64016 64017 Correct a include file name. 64018 https://bugs.webkit.org/show_bug.cgi?id=57839 64019 64020 * wtf/PageAllocatorSymbian.h: It should be case sensitive. This fix 64021 builds on Unix hosts. 64022 640232011-04-06 Adam Roben <aroben@apple.com> 64024 64025 Build fix after r83056 64026 64027 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Added property svn:executable. 64028 640292011-04-06 Adam Roben <aroben@apple.com> 64030 64031 Move JavaScriptCoreGenerated's file-copying logic out to a new script 64032 64033 Hopefully this will make it easier to modify this logic in the future. I also made the 64034 script much quieter than the old logic, since it didn't seem helpful to see long lists of 64035 filenames during the copying phase. 64036 64037 If we like this new style, we could copy it for our other projects. 64038 64039 Fixes <http://webkit.org/b/57950> JavaScriptCoreGenerated's file-copying logic is hard to 64040 modify and noisy 64041 64042 Reviewed by Steve Falkenburg. 64043 64044 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Moved logic to copy 64045 files from here... 64046 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: ...to here. (Added.) 64047 64048 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added copy-files.cmd 64049 for convenience. 64050 640512011-04-05 Geoffrey Garen <ggaren@apple.com> 64052 64053 Try to fix the Windows build. 64054 64055 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Who likes export files? I do! 64056 640572011-04-05 Geoffrey Garen <ggaren@apple.com> 64058 64059 Reviewed by Oliver Hunt. 64060 64061 Introduced the concept of opaque roots, in preparation for marking the DOM with them 64062 https://bugs.webkit.org/show_bug.cgi?id=57903 64063 64064 * JavaScriptCore.exp: Who likes export files? I do! 64065 64066 * collector/handles/HandleHeap.cpp: 64067 (JSC::isValidWeakHandle): Factored out a helper function for ASSERTs. 64068 64069 (JSC::WeakHandleOwner::~WeakHandleOwner): Moved from header to avoid 64070 weak linkage problems. 64071 64072 (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): New callback. 64073 Currently unused. 64074 64075 (JSC::WeakHandleOwner::finalize): Switched from pure virtual to a 64076 default empty implementation, since not all clients necessarily want 64077 or need non-trivial finalizers. 64078 64079 (JSC::HandleHeap::markWeakHandles): Split updateWeakHandles into two 64080 passes. The first pass marks all reachable weak handles. The second pass 64081 finalizes all unreachable weak handles. This must be two passes because 64082 we don't know the set of finalizable weak handles until we're done 64083 marking all weak handles. 64084 64085 (JSC::HandleHeap::finalizeWeakHandles): Use new helper function. 64086 64087 * collector/handles/HandleHeap.h: Ditto. 64088 64089 * runtime/Heap.cpp: 64090 (JSC::Heap::destroy): 64091 (JSC::Heap::markRoots): 64092 (JSC::Heap::reset): Split out handle marking from handle finalization. 64093 64094 * runtime/MarkStack.cpp: 64095 (JSC::MarkStack::reset): 64096 * runtime/MarkStack.h: 64097 (JSC::MarkStack::addOpaqueRoot): 64098 (JSC::MarkStack::containsOpaqueRoot): 64099 (JSC::MarkStack::opaqueRootCount): 64100 (JSC::HeapRootMarker::markStack): New helper functions for managing the 64101 set of opaque roots. 64102 64103 * runtime/WeakGCMap.h: 64104 (JSC::WeakGCMap::finalize): Renamed to match parent class declaration. 64105 641062011-04-05 Balazs Kelemen <kbalazs@webkit.org> 64107 64108 Reviewed by Darin Adler. 64109 64110 Build fix for YarrParser.h 64111 https://bugs.webkit.org/show_bug.cgi?id=57822 64112 64113 * yarr/YarrParser.h: 64114 (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate): 64115 641162011-04-05 Steve Falkenburg <sfalken@apple.com> 64117 64118 Follow-up Windows build fix. 64119 Don't skip react-to-vsprops-changes.py for all production builds, 64120 only those initiated via JavaScriptCore.make. 64121 64122 * JavaScriptCore.vcproj/JavaScriptCore.make: 64123 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: 64124 641252011-04-05 Oliver Hunt <oliver@apple.com> 64126 64127 Reviewed by Darin Adler. 64128 64129 REGRESSION (r82849): 85,000+ JSC-related leaks seen on SnowLeopard Intel Leaks 64130 https://bugs.webkit.org/show_bug.cgi?id=57857 64131 64132 Whoops, accidentally removed a deref(). 64133 64134 * bytecode/StructureStubInfo.cpp: 64135 (JSC::StructureStubInfo::deref): 64136 641372011-04-05 Steve Falkenburg <sfalken@apple.com> 64138 64139 Windows build fix. 64140 64141 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add per-configuration vsprops files. 64142 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed inheritance from common.vsprops. 64143 Set production environment variable before calling make. 64144 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Added. 64145 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Added. 64146 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Added. 64147 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Added. 64148 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Added. 64149 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Added. 64150 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Added. 64151 641522011-04-05 Oliver Hunt <oliver@apple.com> 64153 64154 Reviewed by Gavin Barraclough. 64155 64156 Make caches window show more info about non-jsobject GC values 64157 https://bugs.webkit.org/show_bug.cgi?id=57874 64158 64159 Add ClassInfo to the various internal JS types that currently 64160 don't have any, and make the text for caches window show the 64161 classname for non-JSObject instances. 64162 64163 * runtime/Executable.cpp: 64164 * runtime/Executable.h: 64165 (JSC::ExecutableBase::createStructure): 64166 (JSC::NativeExecutable::createStructure): 64167 (JSC::NativeExecutable::NativeExecutable): 64168 (JSC::EvalExecutable::createStructure): 64169 (JSC::ProgramExecutable::createStructure): 64170 (JSC::FunctionExecutable::createStructure): 64171 * runtime/Heap.cpp: 64172 (JSC::TypeCounter::typeName): 64173 * runtime/JSGlobalData.cpp: 64174 (JSC::JSGlobalData::JSGlobalData): 64175 * runtime/JSGlobalData.h: 64176 * runtime/ScopeChain.cpp: 64177 * runtime/ScopeChain.h: 64178 (JSC::ScopeChainNode::createStructure): 64179 * runtime/StructureChain.cpp: 64180 * runtime/StructureChain.h: 64181 (JSC::StructureChain::createStructure): 64182 641832011-04-05 Nikolas Zimmermann <nzimmermann@rim.com> 64184 64185 Reviewed by Andreas Kling. 64186 64187 Cleanup StringConcatenate 64188 https://bugs.webkit.org/show_bug.cgi?id=57836 64189 64190 Don't use PassRefPtr in local variables, properly store in RefPtrs and release on return. 64191 Add a makeString() variant taking 9 arguments, needed by a follow-up patch. 64192 64193 * wtf/text/StringConcatenate.h: 64194 (WTF::tryMakeString): 64195 (WTF::makeString): 64196 641972011-04-04 Sheriff Bot <webkit.review.bot@gmail.com> 64198 64199 Unreviewed, rolling out r82876. 64200 http://trac.webkit.org/changeset/82876 64201 https://bugs.webkit.org/show_bug.cgi?id=57816 64202 64203 Caused a lot of test crashes (Requested by tkent on #webkit). 64204 64205 * JavaScriptCore.exp: 64206 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 64207 * wtf/FastMalloc.cpp: 64208 (WTF::tryFastMalloc): 64209 (WTF::fastMalloc): 64210 (WTF::tryFastCalloc): 64211 (WTF::fastCalloc): 64212 (WTF::fastFree): 64213 (WTF::tryFastRealloc): 64214 (WTF::fastRealloc): 64215 (WTF::fastMallocSize): 64216 (WTF::TCMalloc_PageHeap::isScavengerSuspended): 64217 (WTF::TCMalloc_PageHeap::scheduleScavenger): 64218 (WTF::TCMalloc_PageHeap::suspendScavenger): 64219 (WTF::TCMalloc_PageHeap::signalScavenger): 64220 (WTF::TCMallocStats::malloc): 64221 (WTF::TCMallocStats::free): 64222 (WTF::TCMallocStats::fastCalloc): 64223 (WTF::TCMallocStats::tryFastCalloc): 64224 (WTF::TCMallocStats::calloc): 64225 (WTF::TCMallocStats::fastRealloc): 64226 (WTF::TCMallocStats::tryFastRealloc): 64227 (WTF::TCMallocStats::realloc): 64228 (WTF::TCMallocStats::fastMallocSize): 64229 * wtf/FastMalloc.h: 64230 (WTF::Internal::fastMallocMatchValidationType): 64231 (WTF::Internal::fastMallocMatchValidationValue): 64232 (WTF::Internal::setFastMallocMatchValidationType): 64233 (WTF::fastMallocMatchValidateFree): 64234 * wtf/Platform.h: 64235 642362011-04-04 Oliver Hunt <oliver@apple.com> 64237 64238 Reviewed by Antti Koivisto. 64239 64240 Stop JSCell.h from including Structure.h 64241 https://bugs.webkit.org/show_bug.cgi?id=57809 64242 64243 * runtime/GetterSetter.h: 64244 * runtime/JSAPIValueWrapper.h: 64245 * runtime/JSCell.h: 64246 (JSC::JSCell::JSValue::toThisObject): 64247 * runtime/JSString.h: 64248 * runtime/ScopeChain.h: 64249 * runtime/Structure.h: 64250 (JSC::JSCell::isObject): 64251 (JSC::JSCell::isString): 64252 (JSC::JSCell::classInfo): 64253 (JSC::JSCell::createDummyStructure): 64254 (JSC::JSValue::needsThisConversion): 64255 (JSC::MarkStack::internalAppend): 64256 * runtime/StructureChain.h: 64257 642582011-04-04 Oliver Hunt <oliver@apple.com> 64259 64260 Fix clang build. 64261 64262 * wtf/FastMalloc.cpp: 64263 (WTF::fastMalloc): 64264 (WTF::fastCalloc): 64265 (WTF::fastRealloc): 64266 642672011-04-04 Oliver Hunt <oliver@apple.com> 64268 64269 Remove accidental change to Platform.h 64270 64271 * wtf/Platform.h: 64272 642732011-04-04 Geoffrey Garen <ggaren@apple.com> 64274 64275 Reviewed by Oliver Hunt. 64276 64277 Fixed a weak-handle-related leak in RegisterFile 64278 https://bugs.webkit.org/show_bug.cgi?id=57793 64279 64280 * interpreter/RegisterFile.cpp: Nixed leaky GlobalObjectNotifier. 64281 * interpreter/RegisterFile.h: 64282 (JSC::RegisterFile::GlobalObjectOwner::finalize): 64283 (JSC::RegisterFile::RegisterFile): Replaced GlobalObjectNotifier with 64284 a per-RegisterFile weak handle owner, which does not leak. 64285 64286 * runtime/WeakGCPtr.h: 64287 (JSC::WeakGCPtr::set): Allow set() to take a context argument, since 64288 RegisterFile now needs this. (Seems like it was an accidental omission 64289 all along.) 64290 642912011-04-04 Oliver Hunt <oliver@apple.com> 64292 64293 Reviewed by Geoffrey Garen. 64294 64295 Make malloc validation useful 64296 https://bugs.webkit.org/show_bug.cgi?id=57502 64297 64298 This patch changes FAST_MALLOC_MATCH_VALIDATION with a general 64299 corruption check that tags the beginning and end of all allocations 64300 to check for write overflows and overwrites the contents of 64301 memory on free in order to (hopefully) show up use-after-free issues 64302 sooner. 64303 64304 We also turn it on by default for debug builds. 64305 64306 * JavaScriptCore.exp: 64307 * wtf/FastMalloc.cpp: 64308 (WTF::tryFastMalloc): 64309 (WTF::fastMalloc): 64310 (WTF::tryFastCalloc): 64311 (WTF::fastCalloc): 64312 (WTF::fastFree): 64313 (WTF::tryFastRealloc): 64314 (WTF::fastRealloc): 64315 (WTF::TCMalloc_PageHeap::isScavengerSuspended): 64316 (WTF::TCMalloc_PageHeap::scheduleScavenger): 64317 (WTF::TCMalloc_PageHeap::suspendScavenger): 64318 (WTF::TCMalloc_PageHeap::signalScavenger): 64319 (WTF::TCMallocStats::malloc): 64320 (WTF::TCMallocStats::free): 64321 (WTF::TCMallocStats::fastCalloc): 64322 (WTF::TCMallocStats::tryFastCalloc): 64323 (WTF::TCMallocStats::calloc): 64324 (WTF::TCMallocStats::fastRealloc): 64325 (WTF::TCMallocStats::tryFastRealloc): 64326 (WTF::TCMallocStats::realloc): 64327 * wtf/FastMalloc.h: 64328 (WTF::Internal::fastMallocValidationHeader): 64329 (WTF::Internal::fastMallocValidationSuffix): 64330 (WTF::Internal::fastMallocMatchValidationType): 64331 (WTF::Internal::setFastMallocMatchValidationType): 64332 (WTF::fastMallocMatchValidateFree): 64333 (WTF::fastMallocValidate): 64334 * wtf/Platform.h: 64335 643362011-04-04 Geoffrey Garen <ggaren@apple.com> 64337 64338 Reviewed by Oliver Hunt. 64339 64340 Renamed clearWeakPointers => updateWeakHandles and removed misleading comment 64341 https://bugs.webkit.org/show_bug.cgi?id=57790 64342 64343 * collector/handles/HandleHeap.cpp: 64344 (JSC::HandleHeap::updateWeakHandles): Updated for rename. 64345 64346 * collector/handles/HandleHeap.h: Removed comment claiming that this 64347 function should only be called during teardown, because it's actually 64348 called after every GC pass. 64349 64350 * runtime/Heap.cpp: 64351 (JSC::Heap::destroy): 64352 (JSC::Heap::markRoots): Updated for rename. 64353 643542011-04-04 Geoffrey Garen <ggaren@apple.com> 64355 64356 Reviewed by Oliver Hunt. 64357 64358 Standardized handling of handles for immediate values 64359 https://bugs.webkit.org/show_bug.cgi?id=57788 64360 64361 * collector/handles/HandleHeap.cpp: 64362 (JSC::HandleHeap::clearWeakPointers): Don't check for null or non-cell 64363 values here, because our write barrier guarantees that such values are 64364 not in the weak list. 64365 64366 (JSC::HandleHeap::writeBarrier): Standardized on checking for null before 64367 checking for cell, and on using early return instead of if/else. 64368 64369 * collector/handles/HandleHeap.h: 64370 (JSC::HandleHeap::deallocate): 64371 (JSC::HandleHeap::makeWeak): Ditto. 64372 643732011-04-04 Geoffrey Garen <ggaren@apple.com> 64374 64375 Not reviewed. 64376 64377 Removed a redundant variable from HandleHeap 64378 https://bugs.webkit.org/show_bug.cgi?id=57786 64379 64380 Forgot to commit the file that actually removes the data member! 64381 64382 * collector/handles/HandleHeap.h: 64383 643842011-04-04 Geoffrey Garen <ggaren@apple.com> 64385 64386 Reviewed by Oliver Hunt. 64387 64388 Removed a redundant variable from HandleHeap 64389 https://bugs.webkit.org/show_bug.cgi?id=57786 64390 64391 We don't need a specific variable to indicate that we're in the middle 64392 of the finalization phase, since m_nextToFinalize already does this. 64393 64394 * collector/handles/HandleHeap.cpp: 64395 (JSC::HandleHeap::HandleHeap): 64396 (JSC::HandleHeap::clearWeakPointers): 64397 (JSC::HandleHeap::writeBarrier): 64398 643992011-04-04 Geoffrey Garen <ggaren@apple.com> 64400 64401 Reviewed by Oliver Hunt. 64402 64403 Renamed Finalizer => WeakHandleOwner (in preparation for adding a reachability callback) 64404 https://bugs.webkit.org/show_bug.cgi?id=57775 64405 64406 Also renamed noFinalizer => emptyWeakOwner, since this is really an 64407 optimization for a weak owner with empty callbacks. 64408 64409 * collector/handles/HandleHeap.cpp: 64410 (JSC::HandleHeap::clearWeakPointers): Updated for renames. Removed 64411 redundant initialization of m_nextToFinalize. Moved deletion check inside 64412 weak owner check, since the weak owner can't delete the node if there is 64413 no weak owner! 64414 64415 * collector/handles/HandleHeap.h: 64416 (JSC::WeakHandleOwner::~WeakHandleOwner): 64417 (JSC::HandleHeap::makeWeak): Updated for renames. 64418 64419 (JSC::HandleHeap::hasWeakOwner): Changed getFinalizer to hasWeakOwner, 64420 to clarify this function's role in assertions. 64421 64422 (JSC::HandleHeap::Node::Node): 64423 (JSC::HandleHeap::Node::makeWeak): 64424 (JSC::HandleHeap::Node::isWeak): 64425 (JSC::HandleHeap::Node::weakOwner): 64426 (JSC::HandleHeap::Node::weakOwnerContext): 64427 (JSC::HandleHeap::Node::emptyWeakOwner): 64428 * interpreter/RegisterFile.cpp: 64429 (JSC::RegisterFile::globalObjectCollectedNotifier): 64430 * interpreter/RegisterFile.h: 64431 * runtime/WeakGCMap.h: 64432 * runtime/WeakGCPtr.h: 64433 (JSC::WeakGCPtr::WeakGCPtr): 64434 (JSC::WeakGCPtr::set): Updated for renames. 64435 644362011-04-04 Oliver Hunt <oliver@apple.com> 64437 64438 Fix WinCE build. 64439 64440 * bytecode/Instruction.h: 64441 * interpreter/Interpreter.cpp: 64442 (JSC::Interpreter::tryCachePutByID): 64443 (JSC::Interpreter::tryCacheGetByID): 64444 644452011-04-04 Adam Roben <aroben@apple.com> 64446 64447 Delete mt.dep files when doing a clean build due to .vsprops file changes 64448 64449 Apparently this is yet another file that Visual Studio can't figure out it needs to rebuild. 64450 64451 Fixes <http://webkit.org/b/57777> r82850 failed to build on Windows Debug (Build) 64452 64453 Reviewed by Brian Weinstein. 64454 64455 * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: 64456 (main): Added dep to the list of extensions we look for when choosing files to delete. 64457 644582011-04-01 Oliver Hunt <oliver@apple.com> 64459 64460 Reviewed by Geoffrey Garen. 64461 64462 Make StructureChain GC allocated 64463 https://bugs.webkit.org/show_bug.cgi?id=56695 64464 64465 Make StructureChain GC allocated, and make the various owners 64466 mark it correctly. 64467 64468 * JavaScriptCore.exp: 64469 * bytecode/CodeBlock.cpp: 64470 (JSC::CodeBlock::dump): 64471 (JSC::CodeBlock::derefStructures): 64472 (JSC::CodeBlock::refStructures): 64473 (JSC::CodeBlock::markAggregate): 64474 * bytecode/Instruction.h: 64475 (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): 64476 (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): 64477 (JSC::PolymorphicAccessStructureList::derefStructures): 64478 (JSC::PolymorphicAccessStructureList::markAggregate): 64479 (JSC::Instruction::Instruction): 64480 * bytecode/StructureStubInfo.cpp: 64481 (JSC::StructureStubInfo::deref): 64482 (JSC::StructureStubInfo::markAggregate): 64483 * bytecode/StructureStubInfo.h: 64484 (JSC::StructureStubInfo::initGetByIdChain): 64485 (JSC::StructureStubInfo::initPutByIdTransition): 64486 * bytecompiler/BytecodeGenerator.cpp: 64487 (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): 64488 (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): 64489 * collector/handles/Handle.h: 64490 (JSC::HandleConverter::operator->): 64491 (JSC::HandleConverter::operator*): 64492 * interpreter/Interpreter.cpp: 64493 (JSC::Interpreter::privateExecute): 64494 * jit/JITOpcodes.cpp: 64495 (JSC::JIT::emit_op_jneq_ptr): 64496 * jit/JITOpcodes32_64.cpp: 64497 (JSC::JIT::emit_op_jneq_ptr): 64498 * jit/JITPropertyAccess.cpp: 64499 (JSC::JIT::privateCompileGetByIdChainList): 64500 * jit/JITPropertyAccess32_64.cpp: 64501 (JSC::JIT::privateCompileGetByIdChainList): 64502 * jit/JITStubs.cpp: 64503 (JSC::JITThunks::tryCachePutByID): 64504 (JSC::JITThunks::tryCacheGetByID): 64505 (JSC::getPolymorphicAccessStructureListSlot): 64506 (JSC::DEFINE_STUB_FUNCTION): 64507 * runtime/JSCell.h: 64508 * runtime/JSGlobalData.cpp: 64509 (JSC::JSGlobalData::JSGlobalData): 64510 * runtime/JSGlobalData.h: 64511 * runtime/JSGlobalObject.cpp: 64512 (JSC::markIfNeeded): 64513 * runtime/JSGlobalObject.h: 64514 (JSC::Structure::prototypeChain): 64515 * runtime/JSObject.h: 64516 (JSC::JSObject::putDirectInternal): 64517 (JSC::JSObject::markChildrenDirect): 64518 * runtime/JSPropertyNameIterator.cpp: 64519 (JSC::JSPropertyNameIterator::create): 64520 (JSC::JSPropertyNameIterator::get): 64521 (JSC::JSPropertyNameIterator::markChildren): 64522 * runtime/JSPropertyNameIterator.h: 64523 (JSC::JSPropertyNameIterator::setCachedPrototypeChain): 64524 * runtime/JSZombie.cpp: 64525 (JSC::JSZombie::leakedZombieStructure): 64526 * runtime/JSZombie.h: 64527 * runtime/MarkStack.h: 64528 (JSC::MarkStack::append): 64529 * runtime/MarkedBlock.cpp: 64530 (JSC::MarkedBlock::sweep): 64531 * runtime/Structure.cpp: 64532 (JSC::Structure::addPropertyTransition): 64533 * runtime/Structure.h: 64534 (JSC::Structure::markAggregate): 64535 * runtime/StructureChain.cpp: 64536 (JSC::StructureChain::StructureChain): 64537 (JSC::StructureChain::~StructureChain): 64538 (JSC::StructureChain::markChildren): 64539 * runtime/StructureChain.h: 64540 (JSC::StructureChain::create): 64541 (JSC::StructureChain::createStructure): 64542 * runtime/WriteBarrier.h: 64543 (JSC::WriteBarrierBase::get): 64544 (JSC::WriteBarrierBase::operator*): 64545 (JSC::WriteBarrierBase::operator->): 64546 645472011-04-01 Geoffrey Garen <ggaren@apple.com> 64548 64549 Reviewed by Oliver Hunt. 64550 64551 Removed some complexity from HandleHeap 64552 https://bugs.webkit.org/show_bug.cgi?id=57650 64553 64554 Eliminated pointer-tagging flags. 64555 64556 Tied being weak to having a finalizer (or at least a finalizer sentinel). 64557 64558 * collector/handles/HandleHeap.cpp: 64559 (JSC::HandleHeap::clearWeakPointers): Removed the special self-destroying 64560 flag. It was unused. If we bring it back, we'll probably use a shared 64561 autodeallocating finalizer instead. 64562 64563 * collector/handles/HandleHeap.h: 64564 (JSC::HandleHeap::makeWeak): makeWeak and adding a finalizer are now 64565 a single, atomic operation -- this makes the relationship between 64566 finalizers and weak pointers clearer, and impossible to get wrong. 64567 64568 (JSC::HandleHeap::Node::Node): 64569 (JSC::HandleHeap::Node::handleHeap): No more flags. 64570 64571 (JSC::HandleHeap::Node::makeWeak): 64572 (JSC::HandleHeap::Node::isWeak): Ditto above. We use a special sentienl 64573 value in the finalizer slot to indicate that a handle is weak but doesn't 64574 require an external function call for finalization. 64575 645762011-04-01 Geoffrey Garen <ggaren@apple.com> 64577 64578 Reviewed by Oliver Hunt. 64579 64580 Removed WeakGCMap::deprecatedRemove because it was deprecated and unused 64581 https://bugs.webkit.org/show_bug.cgi?id=57648 64582 64583 * runtime/WeakGCMap.h: 64584 645852011-04-01 Adam Roben <aroben@apple.com> 64586 64587 Maintain the invariant that Lexer::m_current is set to -1 when at the end of the code buffer 64588 64589 Covered by existing tests. 64590 64591 Fixes <http://webkit.org/b/56699>. 64592 64593 Reviewed by Oliver Hunt. 64594 64595 * parser/Lexer.h: 64596 (JSC::Lexer::setOffset): Copied code from Lexer::shift to update m_current, because 64597 supposedly the idiom that function uses is fast. 64598 645992011-03-31 Thouraya ANDOLSI <thouraya.andolsi@st.com> 64600 64601 Reviewed by Oliver Hunt. 64602 64603 SH4 JIT SUPPORT. 64604 https://bugs.webkit.org/show_bug.cgi?id=44329 64605 64606 Add YARR support for SH4 platforms (disabled by default). 64607 64608 * GNUmakefile.am: 64609 * assembler/MacroAssembler.h: 64610 * assembler/MacroAssemblerSH4.cpp: Added. 64611 * assembler/MacroAssemblerSH4.h: Added. 64612 * assembler/SH4Assembler.h: Added. 64613 * yarr/YarrJIT.cpp: 64614 646152011-03-30 Adam Roben <aroben@apple.com> 64616 64617 Clean build fix 64618 64619 * JavaScriptCore.vcproj/JavaScriptCore.sln: Serialized project dependencies so projects 64620 don't try to build in parallel (which doesn't mesh with our buildfailed mechanism). 64621 646222011-03-30 Oliver Hunt <oliver@apple.com> 64623 64624 Rollout r82500 64625 64626 * bytecode/CodeBlock.cpp: 64627 (JSC::CodeBlock::dump): 64628 (JSC::CodeBlock::derefStructures): 64629 (JSC::CodeBlock::refStructures): 64630 (JSC::CodeBlock::markAggregate): 64631 * bytecode/Instruction.h: 64632 (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): 64633 (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): 64634 (JSC::PolymorphicAccessStructureList::derefStructures): 64635 (JSC::Instruction::Instruction): 64636 * bytecode/StructureStubInfo.cpp: 64637 (JSC::StructureStubInfo::deref): 64638 * bytecode/StructureStubInfo.h: 64639 (JSC::StructureStubInfo::initGetByIdChain): 64640 (JSC::StructureStubInfo::initPutByIdTransition): 64641 * bytecompiler/BytecodeGenerator.cpp: 64642 (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): 64643 (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): 64644 * interpreter/Interpreter.cpp: 64645 (JSC::Interpreter::privateExecute): 64646 * jit/JITOpcodes.cpp: 64647 (JSC::JIT::emit_op_jneq_ptr): 64648 * jit/JITOpcodes32_64.cpp: 64649 (JSC::JIT::emit_op_jneq_ptr): 64650 * jit/JITPropertyAccess.cpp: 64651 (JSC::JIT::privateCompileGetByIdChainList): 64652 * jit/JITPropertyAccess32_64.cpp: 64653 (JSC::JIT::privateCompileGetByIdChainList): 64654 * jit/JITStubs.cpp: 64655 (JSC::getPolymorphicAccessStructureListSlot): 64656 (JSC::DEFINE_STUB_FUNCTION): 64657 * runtime/JSCell.h: 64658 * runtime/JSGlobalData.cpp: 64659 (JSC::JSGlobalData::JSGlobalData): 64660 * runtime/JSGlobalData.h: 64661 * runtime/JSGlobalObject.cpp: 64662 (JSC::markIfNeeded): 64663 * runtime/JSGlobalObject.h: 64664 (JSC::Structure::prototypeChain): 64665 * runtime/JSObject.h: 64666 (JSC::JSObject::markChildrenDirect): 64667 * runtime/JSPropertyNameIterator.cpp: 64668 (JSC::JSPropertyNameIterator::create): 64669 (JSC::JSPropertyNameIterator::get): 64670 (JSC::JSPropertyNameIterator::markChildren): 64671 * runtime/JSPropertyNameIterator.h: 64672 (JSC::JSPropertyNameIterator::setCachedPrototypeChain): 64673 * runtime/MarkStack.h: 64674 (JSC::MarkStack::append): 64675 * runtime/Structure.h: 64676 * runtime/StructureChain.cpp: 64677 (JSC::StructureChain::StructureChain): 64678 * runtime/StructureChain.h: 64679 (JSC::StructureChain::create): 64680 646812011-03-29 Matthew Delaney <mdelaney@apple.com> 64682 64683 Reviewed by Simon Fraser. 64684 64685 Use the Accelerate vImage vectorized (un)premultiplyImageData functions for ImageBufferCG 64686 64687 https://bugs.webkit.org/show_bug.cgi?id=53134 64688 64689 * wtf/Platform.h: Added in WTF flag for using the Accelerate framework 64690 646912011-03-30 Steve Falkenburg <sfalken@apple.com> 64692 64693 Reviewed by Adam Roben. 64694 64695 Share most vsprops between Release and Production builds in releaseproduction.vsprops 64696 https://bugs.webkit.org/show_bug.cgi?id=57508 64697 64698 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: 64699 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: 64700 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: 64701 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: 64702 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: 64703 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: 64704 * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: 64705 * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: 64706 * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: 64707 * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: 64708 * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: 64709 * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: 64710 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: 64711 * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: 64712 * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: 64713 * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: 64714 647152011-03-30 Mark Rowe <mrowe@apple.com> 64716 64717 Reviewed by Adam Roben. 64718 64719 Explicitly prevent testapi and minidom from being installed rather than relying 64720 on Xcode's current behavior of not installing if INSTALL_PATH is not explicitly 64721 set at the target level. 64722 64723 <rdar://problem/9206357> 64724 64725 * JavaScriptCore.xcodeproj/project.pbxproj: 64726 647272011-03-30 Timur Iskhodzhanov <timurrrr@google.com> 64728 64729 Reviewed by Alexey Proskuryakov. 64730 64731 Add some dynamic annotations to JavaScriptCore/wtf 64732 https://bugs.webkit.org/show_bug.cgi?id=53747 64733 64734 By using these annotations we can improve the precision of finding 64735 WebKit errors using dynamic analysis tools like ThreadSanitizer and Valgrind. 64736 These annotations don't affect the compiled binaries unless USE(DYNAMIC_ANNOTATIONS) is "1". 64737 64738 These files don't add new functionality, so don't need extra tests. 64739 64740 * GNUmakefile.am: 64741 * JavaScriptCore.gypi: 64742 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 64743 * JavaScriptCore.xcodeproj/project.pbxproj: 64744 * wtf/CMakeLists.txt: 64745 * wtf/DynamicAnnotations.cpp: Added. 64746 (WTFAnnotateBenignRaceSized): 64747 (WTFAnnotateHappensBefore): 64748 (WTFAnnotateHappensAfter): 64749 * wtf/DynamicAnnotations.h: Added. 64750 * wtf/ThreadSafeRefCounted.h: 64751 (WTF::ThreadSafeRefCountedBase::derefBase): 64752 * wtf/text/StringStatics.cpp: 64753 (WTF::StringImpl::empty): 64754 647552011-03-30 Oliver Hunt <oliver@apple.com> 64756 64757 Reviewed by Geoffrey Garen. 64758 64759 Make StructureChain GC allocated 64760 https://bugs.webkit.org/show_bug.cgi?id=56695 64761 64762 Make StructureChain GC allocated, and make the various owners 64763 mark it correctly. 64764 64765 * bytecode/CodeBlock.cpp: 64766 (JSC::CodeBlock::dump): 64767 (JSC::CodeBlock::derefStructures): 64768 (JSC::CodeBlock::refStructures): 64769 (JSC::CodeBlock::markAggregate): 64770 * bytecode/Instruction.h: 64771 (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): 64772 (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): 64773 (JSC::PolymorphicAccessStructureList::derefStructures): 64774 (JSC::PolymorphicAccessStructureList::markAggregate): 64775 (JSC::Instruction::Instruction): 64776 * bytecode/StructureStubInfo.cpp: 64777 (JSC::StructureStubInfo::deref): 64778 (JSC::StructureStubInfo::markAggregate): 64779 * bytecode/StructureStubInfo.h: 64780 (JSC::StructureStubInfo::initGetByIdChain): 64781 (JSC::StructureStubInfo::initPutByIdTransition): 64782 * bytecompiler/BytecodeGenerator.cpp: 64783 (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): 64784 (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): 64785 * interpreter/Interpreter.cpp: 64786 (JSC::Interpreter::privateExecute): 64787 * jit/JITOpcodes.cpp: 64788 (JSC::JIT::emit_op_jneq_ptr): 64789 * jit/JITOpcodes32_64.cpp: 64790 (JSC::JIT::emit_op_jneq_ptr): 64791 * jit/JITPropertyAccess.cpp: 64792 (JSC::JIT::privateCompileGetByIdChainList): 64793 * jit/JITPropertyAccess32_64.cpp: 64794 (JSC::JIT::privateCompileGetByIdChainList): 64795 * jit/JITStubs.cpp: 64796 (JSC::getPolymorphicAccessStructureListSlot): 64797 (JSC::DEFINE_STUB_FUNCTION): 64798 * runtime/JSCell.h: 64799 * runtime/JSGlobalData.cpp: 64800 (JSC::JSGlobalData::JSGlobalData): 64801 * runtime/JSGlobalData.h: 64802 * runtime/JSGlobalObject.cpp: 64803 (JSC::markIfNeeded): 64804 * runtime/JSGlobalObject.h: 64805 (JSC::Structure::prototypeChain): 64806 * runtime/JSObject.h: 64807 (JSC::JSObject::markChildrenDirect): 64808 * runtime/JSPropertyNameIterator.cpp: 64809 (JSC::JSPropertyNameIterator::create): 64810 (JSC::JSPropertyNameIterator::get): 64811 (JSC::JSPropertyNameIterator::markChildren): 64812 * runtime/JSPropertyNameIterator.h: 64813 (JSC::JSPropertyNameIterator::setCachedPrototypeChain): 64814 * runtime/MarkStack.h: 64815 (JSC::MarkStack::append): 64816 * runtime/Structure.h: 64817 (JSC::Structure::cachedPrototypeChainSlot): 64818 * runtime/StructureChain.cpp: 64819 (JSC::StructureChain::StructureChain): 64820 * runtime/StructureChain.h: 64821 (JSC::StructureChain::create): 64822 (JSC::StructureChain::createStructure): 64823 648242011-03-30 Steve Falkenburg <sfalken@apple.com> 64825 64826 Reviewed by Adam Roben. 64827 64828 Update Windows production build logic for new production configurations 64829 https://bugs.webkit.org/show_bug.cgi?id=57494 64830 64831 * JavaScriptCore.vcproj/JavaScriptCore.make: 64832 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: 64833 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: 64834 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: 64835 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: 64836 * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: 64837 * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: 64838 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: 64839 * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: 64840 648412011-03-30 Steve Falkenburg <sfalken@apple.com> 64842 64843 Reviewed by Adam Roben. 64844 64845 Rename Windows configuration Release_LTCG to Production for clarity 64846 https://bugs.webkit.org/show_bug.cgi?id=57465 64847 64848 * JavaScriptCore.vcproj/JavaScriptCore.sln: 64849 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 64850 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: 64851 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops. 64852 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Removed. 64853 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: 64854 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 64855 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops. 64856 * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Removed. 64857 * JavaScriptCore.vcproj/jsc/jsc.vcproj: 64858 * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops. 64859 * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Removed. 64860 * JavaScriptCore.vcproj/testapi/testapi.vcproj: 64861 * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops. 64862 * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Removed. 64863 648642011-03-30 Zoltan Herczeg <zherczeg@inf.u-szeged.hu> 64865 64866 Reviewed by Maciej Stachowiak. 64867 64868 Add the NEXT_OPCODE() macro to the DFG-JIT parser 64869 https://bugs.webkit.org/show_bug.cgi?id=57322 64870 64871 In JavaScriptCore we use macros to jump to the next opcode 64872 (both in interpreter and JIT). This macro is added to the 64873 DFG-JIT parser as well. 64874 64875 * dfg/DFGByteCodeParser.cpp: 64876 (JSC::DFG::ByteCodeParser::parse): 64877 648782011-03-29 Geoffrey Garen <ggaren@apple.com> 64879 64880 Reviewed by Darin Adler. 64881 64882 ~25% regression on v8-splay in the SunSpider harness 64883 https://bugs.webkit.org/show_bug.cgi?id=56128 64884 64885 I'm not sure if this is the root cause of the regression Stephanie 64886 measured, but it seems to get us back to previous v8-splay times. 64887 64888 SunSpider reports no change. v8-splay says 41% faster. 64889 64890 * runtime/Heap.cpp: 64891 (JSC::Heap::reset): Make marking proportional to 1X the size of the heap, 64892 not .5X the size of the heap. When the heap is large, this makes a big 64893 difference. (Our old heap growth policy matched this. You can see by 64894 looking at resizeBlocks in revisions prior to r77699.) 64895 648962011-03-29 Steve Falkenburg <sfalken@apple.com> 64897 64898 Reviewed by Darin Adler. 64899 64900 Use per-configuration vsprops in JavaScriptCore to avoid WebKitVSPropsRedirectionDir removal by MSVC IDE 64901 https://bugs.webkit.org/show_bug.cgi?id=57350 64902 64903 Visual Studio's IDE was removing instances of $(WebKitVSPropsRedirectionDir) from 64904 InheritedPropertySheet rules in our vcproj files when the vcproj was edited from within 64905 the IDE. To avoid this, add a separate vsprops file for each project configuration that 64906 contains the required inherited property sheets. 64907 64908 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 64909 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Added. 64910 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Added. 64911 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Added. 64912 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Added. 64913 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Added. 64914 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Added. 64915 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Added. 64916 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Added. 64917 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 64918 * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Added. 64919 * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Added. 64920 * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Added. 64921 * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Added. 64922 * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Added. 64923 * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Added. 64924 * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Added. 64925 * JavaScriptCore.vcproj/jsc/jsc.vcproj: 64926 * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Added. 64927 * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Added. 64928 * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Added. 64929 * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Added. 64930 * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Added. 64931 * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Added. 64932 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Added. 64933 * JavaScriptCore.vcproj/testapi/testapi.vcproj: 64934 * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Added. 64935 * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Added. 64936 * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Added. 64937 * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Added. 64938 * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Added. 64939 * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Added. 64940 649412011-03-29 Oliver Hunt <oliver@apple.com> 64942 64943 Reviewed by Eric Seidel. 64944 64945 REGRESSION(r82173): Causes assertion and test failures in run-javascriptcore-tests on Windows (Requested by aroben on #webkit). 64946 https://bugs.webkit.org/show_bug.cgi?id=57333 64947 64948 constructDate now takes the global object explicitly as it may be called 64949 by functions other than the constructor itself. 64950 64951 * API/JSObjectRef.cpp: 64952 (JSObjectMakeDate): 64953 * runtime/DateConstructor.cpp: 64954 (JSC::constructDate): 64955 (JSC::constructWithDateConstructor): 64956 * runtime/DateConstructor.h: 64957 649582011-03-29 Ben Taylor <bentaylor.solx86@gmail.com> 64959 64960 Reviewed by Benjamin Poulain. 64961 64962 https://bugs.webkit.org/show_bug.cgi?id=41953 64963 64964 Fix compile error on Solaris 10/Sun Studio 12 CC emanating from MathExtras.h 64965 64966 * wtf/MathExtras.h: 64967 649682011-03-29 Ben Taylor <bentaylor.solx86@gmail.com> 64969 64970 Reviewed by Darin Adler. 64971 64972 https://bugs.webkit.org/show_bug.cgi?id=57231 64973 Add conditional for SUNCC supporting alignment macros 64974 64975 Compile fix for Solaris 10/Sun Studio 12 CC 64976 64977 * wtf/Vector.h: 64978 649792011-03-29 Ben Taylor <bentaylor.solx86@gmail.com> 64980 64981 Reviewed by Darin Adler. 64982 64983 https://bugs.webkit.org/show_bug.cgi?id=57256 64984 64985 Fix crash on misaligned reads on Solaris 10/Sparc 64986 64987 * wtf/text/AtomicString.cpp: 64988 (WTF::equal): 64989 649902011-03-28 Oliver Hunt <oliver@apple.com> 64991 64992 Reviewed by Geoffrey Garen. 64993 64994 instanceof Array test fails when using iframes 64995 https://bugs.webkit.org/show_bug.cgi?id=17250 64996 64997 This is a problem with all built in constructors, the use of 64998 lexicalGlobalObject rather than the constructors own 64999 global object reference means that a builtin will always use 65000 the prototype from the lexical global object rather than that 65001 of the constructors origin. 65002 65003 * API/JSObjectRef.cpp: 65004 (JSObjectMakeFunction): 65005 (JSObjectMakeRegExp): 65006 * JavaScriptCore.exp: 65007 * runtime/ArrayConstructor.cpp: 65008 (JSC::constructArrayWithSizeQuirk): 65009 * runtime/BooleanConstructor.cpp: 65010 (JSC::constructBoolean): 65011 (JSC::constructBooleanFromImmediateBoolean): 65012 * runtime/BooleanConstructor.h: 65013 * runtime/DateConstructor.cpp: 65014 (JSC::constructDate): 65015 * runtime/DateInstance.cpp: 65016 * runtime/DateInstance.h: 65017 * runtime/ErrorConstructor.cpp: 65018 (JSC::constructWithErrorConstructor): 65019 (JSC::callErrorConstructor): 65020 * runtime/FunctionConstructor.cpp: 65021 (JSC::constructWithFunctionConstructor): 65022 (JSC::callFunctionConstructor): 65023 (JSC::constructFunction): 65024 * runtime/FunctionConstructor.h: 65025 * runtime/JSCell.cpp: 65026 (JSC::JSCell::getOwnPropertySlot): 65027 (JSC::JSCell::put): 65028 (JSC::JSCell::deleteProperty): 65029 (JSC::JSCell::toThisObject): 65030 (JSC::JSCell::toObject): 65031 * runtime/JSCell.h: 65032 (JSC::JSCell::JSValue::toObject): 65033 * runtime/JSNotAnObject.cpp: 65034 (JSC::JSNotAnObject::toObject): 65035 * runtime/JSNotAnObject.h: 65036 * runtime/JSObject.cpp: 65037 (JSC::JSObject::toObject): 65038 * runtime/JSObject.h: 65039 * runtime/JSString.cpp: 65040 (JSC::StringObject::create): 65041 (JSC::JSString::toObject): 65042 (JSC::JSString::toThisObject): 65043 * runtime/JSString.h: 65044 * runtime/JSValue.cpp: 65045 (JSC::JSValue::toObjectSlowCase): 65046 (JSC::JSValue::toThisObjectSlowCase): 65047 (JSC::JSValue::synthesizeObject): 65048 * runtime/JSValue.h: 65049 * runtime/NumberConstructor.cpp: 65050 (JSC::constructWithNumberConstructor): 65051 * runtime/NumberObject.cpp: 65052 (JSC::constructNumber): 65053 * runtime/NumberObject.h: 65054 * runtime/ObjectConstructor.cpp: 65055 (JSC::constructObject): 65056 (JSC::constructWithObjectConstructor): 65057 (JSC::callObjectConstructor): 65058 * runtime/RegExpConstructor.cpp: 65059 (JSC::constructRegExp): 65060 (JSC::constructWithRegExpConstructor): 65061 (JSC::callRegExpConstructor): 65062 * runtime/RegExpConstructor.h: 65063 * runtime/StringConstructor.cpp: 65064 (JSC::constructWithStringConstructor): 65065 * runtime/StringObject.h: 65066 650672011-03-28 Geoffrey Garen <ggaren@apple.com> 65068 65069 Reviewed by Oliver Hunt. 65070 65071 REGRESSION [r78794-r79249] Allocation of memory is slow when number of active objects is large 65072 https://bugs.webkit.org/show_bug.cgi?id=56823 65073 65074 Partial fix for most of the problem. (TOT still shows a regression, though.) 65075 65076 * runtime/Heap.cpp: 65077 (JSC::Heap::reportExtraMemoryCostSlowCase): Use highWaterMark(), instead of 65078 capacity(), since capacity() is O(n) relative to the size of the heap. 65079 65080 In limited circumstances, capacity() is also worse than highWaterMark() 65081 for measuring extra cost relative to heap size, since capacity() only 65082 measures the *current* capacity of the heap, but the heap will grow if 65083 necessary to attain highWaterMark(). 65084 650852011-03-28 Oliver Hunt <oliver@apple.com> 65086 65087 REGRESSION(r82130): It made all tests crash (Requested by Ossy on #webkit). 65088 https://bugs.webkit.org/show_bug.cgi?id=57251 65089 65090 Build fix, had remnant of another patch in r82130 65091 65092 * jit/JITPropertyAccess.cpp: 65093 (JSC::JIT::privateCompileGetByIdChainList): 65094 650952011-03-27 Oliver Hunt <oliver@apple.com> 65096 65097 Reviewed by Maciej Stachowiak. 65098 65099 Add additional immediate types to allow us to distinguish the source of a JIT immediate 65100 https://bugs.webkit.org/show_bug.cgi?id=57190 65101 65102 Allow us to distinguish whether a JIT immediate is a value that we 65103 control (TrustedImm32 and TrustedImmPtr) vs. ones that can be controlled 65104 or influenced by code we are compiling. Currently we do nothing with this 65105 information -- this change is large and mechanical but would obscure any 65106 logic changes that we would have made. 65107 65108 * assembler/AbstractMacroAssembler.h: 65109 (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr): 65110 (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr): 65111 (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32): 65112 (JSC::AbstractMacroAssembler::Imm32::Imm32): 65113 * assembler/MacroAssembler.h: 65114 (JSC::MacroAssembler::pop): 65115 (JSC::MacroAssembler::poke): 65116 (JSC::MacroAssembler::branchPtr): 65117 (JSC::MacroAssembler::branch32): 65118 (JSC::MacroAssembler::addPtr): 65119 (JSC::MacroAssembler::andPtr): 65120 (JSC::MacroAssembler::orPtr): 65121 (JSC::MacroAssembler::subPtr): 65122 (JSC::MacroAssembler::xorPtr): 65123 (JSC::MacroAssembler::setPtr): 65124 (JSC::MacroAssembler::storePtr): 65125 (JSC::MacroAssembler::branchTestPtr): 65126 (JSC::MacroAssembler::branchSubPtr): 65127 (JSC::MacroAssembler::branchTest8): 65128 * assembler/MacroAssemblerARM.h: 65129 (JSC::MacroAssemblerARM::add32): 65130 (JSC::MacroAssemblerARM::and32): 65131 (JSC::MacroAssemblerARM::lshift32): 65132 (JSC::MacroAssemblerARM::mul32): 65133 (JSC::MacroAssemblerARM::or32): 65134 (JSC::MacroAssemblerARM::rshift32): 65135 (JSC::MacroAssemblerARM::urshift32): 65136 (JSC::MacroAssemblerARM::sub32): 65137 (JSC::MacroAssemblerARM::xor32): 65138 (JSC::MacroAssemblerARM::store32): 65139 (JSC::MacroAssemblerARM::push): 65140 (JSC::MacroAssemblerARM::move): 65141 (JSC::MacroAssemblerARM::branch8): 65142 (JSC::MacroAssemblerARM::branch32): 65143 (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords): 65144 (JSC::MacroAssemblerARM::branch16): 65145 (JSC::MacroAssemblerARM::branchTest8): 65146 (JSC::MacroAssemblerARM::branchTest32): 65147 (JSC::MacroAssemblerARM::branchAdd32): 65148 (JSC::MacroAssemblerARM::branchMul32): 65149 (JSC::MacroAssemblerARM::branchSub32): 65150 (JSC::MacroAssemblerARM::set32Compare32): 65151 (JSC::MacroAssemblerARM::set8Compare32): 65152 (JSC::MacroAssemblerARM::set32Test32): 65153 (JSC::MacroAssemblerARM::set32Test8): 65154 (JSC::MacroAssemblerARM::moveWithPatch): 65155 (JSC::MacroAssemblerARM::branchPtrWithPatch): 65156 (JSC::MacroAssemblerARM::storePtrWithPatch): 65157 * assembler/MacroAssemblerARMv7.h: 65158 (JSC::MacroAssemblerARMv7::add32): 65159 (JSC::MacroAssemblerARMv7::and32): 65160 (JSC::MacroAssemblerARMv7::lshift32): 65161 (JSC::MacroAssemblerARMv7::mul32): 65162 (JSC::MacroAssemblerARMv7::or32): 65163 (JSC::MacroAssemblerARMv7::rshift32): 65164 (JSC::MacroAssemblerARMv7::urshift32): 65165 (JSC::MacroAssemblerARMv7::sub32): 65166 (JSC::MacroAssemblerARMv7::xor32): 65167 (JSC::MacroAssemblerARMv7::load32): 65168 (JSC::MacroAssemblerARMv7::load32WithAddressOffsetPatch): 65169 (JSC::MacroAssemblerARMv7::load16): 65170 (JSC::MacroAssemblerARMv7::store32WithAddressOffsetPatch): 65171 (JSC::MacroAssemblerARMv7::store32): 65172 (JSC::MacroAssemblerARMv7::loadDouble): 65173 (JSC::MacroAssemblerARMv7::storeDouble): 65174 (JSC::MacroAssemblerARMv7::push): 65175 (JSC::MacroAssemblerARMv7::move): 65176 (JSC::MacroAssemblerARMv7::compare32): 65177 (JSC::MacroAssemblerARMv7::test32): 65178 (JSC::MacroAssemblerARMv7::branch32): 65179 (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords): 65180 (JSC::MacroAssemblerARMv7::branch16): 65181 (JSC::MacroAssemblerARMv7::branch8): 65182 (JSC::MacroAssemblerARMv7::branchTest32): 65183 (JSC::MacroAssemblerARMv7::branchTest8): 65184 (JSC::MacroAssemblerARMv7::branchAdd32): 65185 (JSC::MacroAssemblerARMv7::branchMul32): 65186 (JSC::MacroAssemblerARMv7::branchSub32): 65187 (JSC::MacroAssemblerARMv7::nearCall): 65188 (JSC::MacroAssemblerARMv7::call): 65189 (JSC::MacroAssemblerARMv7::set32Compare32): 65190 (JSC::MacroAssemblerARMv7::set8Compare32): 65191 (JSC::MacroAssemblerARMv7::set32Test32): 65192 (JSC::MacroAssemblerARMv7::set32Test8): 65193 (JSC::MacroAssemblerARMv7::moveWithPatch): 65194 (JSC::MacroAssemblerARMv7::branchPtrWithPatch): 65195 (JSC::MacroAssemblerARMv7::storePtrWithPatch): 65196 (JSC::MacroAssemblerARMv7::tailRecursiveCall): 65197 (JSC::MacroAssemblerARMv7::makeJump): 65198 (JSC::MacroAssemblerARMv7::makeBranch): 65199 (JSC::MacroAssemblerARMv7::setupArmAddress): 65200 (JSC::MacroAssemblerARMv7::makeBaseIndexBase): 65201 (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding): 65202 * assembler/MacroAssemblerMIPS.h: 65203 (JSC::MacroAssemblerMIPS::add32): 65204 (JSC::MacroAssemblerMIPS::and32): 65205 (JSC::MacroAssemblerMIPS::lshift32): 65206 (JSC::MacroAssemblerMIPS::mul32): 65207 (JSC::MacroAssemblerMIPS::or32): 65208 (JSC::MacroAssemblerMIPS::rshift32): 65209 (JSC::MacroAssemblerMIPS::urshift32): 65210 (JSC::MacroAssemblerMIPS::sub32): 65211 (JSC::MacroAssemblerMIPS::xor32): 65212 (JSC::MacroAssemblerMIPS::load32): 65213 (JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch): 65214 (JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch): 65215 (JSC::MacroAssemblerMIPS::store32): 65216 (JSC::MacroAssemblerMIPS::push): 65217 (JSC::MacroAssemblerMIPS::move): 65218 (JSC::MacroAssemblerMIPS::branch8): 65219 (JSC::MacroAssemblerMIPS::branch32): 65220 (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords): 65221 (JSC::MacroAssemblerMIPS::branch16): 65222 (JSC::MacroAssemblerMIPS::branchTest32): 65223 (JSC::MacroAssemblerMIPS::branchTest8): 65224 (JSC::MacroAssemblerMIPS::branchAdd32): 65225 (JSC::MacroAssemblerMIPS::branchMul32): 65226 (JSC::MacroAssemblerMIPS::branchSub32): 65227 (JSC::MacroAssemblerMIPS::set8Compare32): 65228 (JSC::MacroAssemblerMIPS::set32Compare32): 65229 (JSC::MacroAssemblerMIPS::set32Test8): 65230 (JSC::MacroAssemblerMIPS::set32Test32): 65231 (JSC::MacroAssemblerMIPS::moveWithPatch): 65232 (JSC::MacroAssemblerMIPS::branchPtrWithPatch): 65233 (JSC::MacroAssemblerMIPS::storePtrWithPatch): 65234 (JSC::MacroAssemblerMIPS::tailRecursiveCall): 65235 (JSC::MacroAssemblerMIPS::loadDouble): 65236 (JSC::MacroAssemblerMIPS::storeDouble): 65237 (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32): 65238 * assembler/MacroAssemblerX86.h: 65239 (JSC::MacroAssemblerX86::add32): 65240 (JSC::MacroAssemblerX86::addWithCarry32): 65241 (JSC::MacroAssemblerX86::and32): 65242 (JSC::MacroAssemblerX86::or32): 65243 (JSC::MacroAssemblerX86::sub32): 65244 (JSC::MacroAssemblerX86::store32): 65245 (JSC::MacroAssemblerX86::branch32): 65246 (JSC::MacroAssemblerX86::moveWithPatch): 65247 (JSC::MacroAssemblerX86::branchPtrWithPatch): 65248 (JSC::MacroAssemblerX86::storePtrWithPatch): 65249 * assembler/MacroAssemblerX86Common.h: 65250 (JSC::MacroAssemblerX86Common::add32): 65251 (JSC::MacroAssemblerX86Common::and32): 65252 (JSC::MacroAssemblerX86Common::lshift32): 65253 (JSC::MacroAssemblerX86Common::mul32): 65254 (JSC::MacroAssemblerX86Common::or32): 65255 (JSC::MacroAssemblerX86Common::rshift32): 65256 (JSC::MacroAssemblerX86Common::urshift32): 65257 (JSC::MacroAssemblerX86Common::sub32): 65258 (JSC::MacroAssemblerX86Common::xor32): 65259 (JSC::MacroAssemblerX86Common::store32): 65260 (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32): 65261 (JSC::MacroAssemblerX86Common::push): 65262 (JSC::MacroAssemblerX86Common::move): 65263 (JSC::MacroAssemblerX86Common::branch8): 65264 (JSC::MacroAssemblerX86Common::branch32): 65265 (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords): 65266 (JSC::MacroAssemblerX86Common::branch16): 65267 (JSC::MacroAssemblerX86Common::branchTest32): 65268 (JSC::MacroAssemblerX86Common::branchTest8): 65269 (JSC::MacroAssemblerX86Common::branchAdd32): 65270 (JSC::MacroAssemblerX86Common::branchMul32): 65271 (JSC::MacroAssemblerX86Common::branchSub32): 65272 (JSC::MacroAssemblerX86Common::set8Compare32): 65273 (JSC::MacroAssemblerX86Common::set32Compare32): 65274 (JSC::MacroAssemblerX86Common::set32Test8): 65275 (JSC::MacroAssemblerX86Common::set32Test32): 65276 * assembler/MacroAssemblerX86_64.h: 65277 (JSC::MacroAssemblerX86_64::add32): 65278 (JSC::MacroAssemblerX86_64::and32): 65279 (JSC::MacroAssemblerX86_64::or32): 65280 (JSC::MacroAssemblerX86_64::sub32): 65281 (JSC::MacroAssemblerX86_64::loadDouble): 65282 (JSC::MacroAssemblerX86_64::addDouble): 65283 (JSC::MacroAssemblerX86_64::convertInt32ToDouble): 65284 (JSC::MacroAssemblerX86_64::store32): 65285 (JSC::MacroAssemblerX86_64::call): 65286 (JSC::MacroAssemblerX86_64::tailRecursiveCall): 65287 (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): 65288 (JSC::MacroAssemblerX86_64::addPtr): 65289 (JSC::MacroAssemblerX86_64::andPtr): 65290 (JSC::MacroAssemblerX86_64::orPtr): 65291 (JSC::MacroAssemblerX86_64::subPtr): 65292 (JSC::MacroAssemblerX86_64::xorPtr): 65293 (JSC::MacroAssemblerX86_64::storePtr): 65294 (JSC::MacroAssemblerX86_64::setPtr): 65295 (JSC::MacroAssemblerX86_64::branchPtr): 65296 (JSC::MacroAssemblerX86_64::branchTestPtr): 65297 (JSC::MacroAssemblerX86_64::branchSubPtr): 65298 (JSC::MacroAssemblerX86_64::moveWithPatch): 65299 (JSC::MacroAssemblerX86_64::branchPtrWithPatch): 65300 (JSC::MacroAssemblerX86_64::storePtrWithPatch): 65301 (JSC::MacroAssemblerX86_64::branchTest8): 65302 * dfg/DFGJITCodeGenerator.h: 65303 (JSC::DFG::JITCodeGenerator::callOperation): 65304 * dfg/DFGJITCompiler.cpp: 65305 (JSC::DFG::JITCompiler::jitAssertIsInt32): 65306 (JSC::DFG::JITCompiler::emitCount): 65307 * dfg/DFGJITCompiler.h: 65308 (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader): 65309 * dfg/DFGNonSpeculativeJIT.cpp: 65310 (JSC::DFG::NonSpeculativeJIT::compile): 65311 * dfg/DFGSpeculativeJIT.cpp: 65312 (JSC::DFG::SpeculativeJIT::fillSpeculateCell): 65313 (JSC::DFG::SpeculativeJIT::compile): 65314 * jit/JIT.cpp: 65315 (JSC::JIT::emitTimeoutCheck): 65316 (JSC::JIT::privateCompile): 65317 * jit/JIT.h: 65318 * jit/JITArithmetic.cpp: 65319 (JSC::JIT::emit_op_urshift): 65320 (JSC::JIT::emitSlow_op_urshift): 65321 (JSC::JIT::emit_op_post_inc): 65322 (JSC::JIT::emit_op_post_dec): 65323 (JSC::JIT::emit_op_pre_inc): 65324 (JSC::JIT::emit_op_pre_dec): 65325 (JSC::JIT::emit_op_mod): 65326 * jit/JITArithmetic32_64.cpp: 65327 (JSC::JIT::emit_op_negate): 65328 (JSC::JIT::emit_op_jnless): 65329 (JSC::JIT::emit_op_jless): 65330 (JSC::JIT::emit_op_jlesseq): 65331 (JSC::JIT::emit_op_lshift): 65332 (JSC::JIT::emitRightShift): 65333 (JSC::JIT::emitRightShiftSlowCase): 65334 (JSC::JIT::emit_op_bitand): 65335 (JSC::JIT::emit_op_bitor): 65336 (JSC::JIT::emit_op_bitxor): 65337 (JSC::JIT::emit_op_bitnot): 65338 (JSC::JIT::emit_op_post_inc): 65339 (JSC::JIT::emit_op_post_dec): 65340 (JSC::JIT::emitSlow_op_post_dec): 65341 (JSC::JIT::emit_op_pre_inc): 65342 (JSC::JIT::emit_op_pre_dec): 65343 (JSC::JIT::emit_op_add): 65344 (JSC::JIT::emitAdd32Constant): 65345 (JSC::JIT::emit_op_sub): 65346 (JSC::JIT::emitSub32Constant): 65347 (JSC::JIT::emitBinaryDoubleOp): 65348 (JSC::JIT::emit_op_mul): 65349 (JSC::JIT::emitSlow_op_mul): 65350 (JSC::JIT::emit_op_div): 65351 (JSC::JIT::emit_op_mod): 65352 * jit/JITCall.cpp: 65353 (JSC::JIT::compileOpCallVarargs): 65354 (JSC::JIT::compileOpCall): 65355 (JSC::JIT::compileOpCallSlowCase): 65356 * jit/JITCall32_64.cpp: 65357 (JSC::JIT::compileOpCallVarargs): 65358 (JSC::JIT::emit_op_ret_object_or_this): 65359 (JSC::JIT::compileOpCall): 65360 (JSC::JIT::compileOpCallSlowCase): 65361 * jit/JITInlineMethods.h: 65362 (JSC::JIT::emitPutCellToCallFrameHeader): 65363 (JSC::JIT::emitPutIntToCallFrameHeader): 65364 (JSC::JIT::emitPutImmediateToCallFrameHeader): 65365 (JSC::JIT::emitLoadCharacterString): 65366 (JSC::JIT::restoreArgumentReferenceForTrampoline): 65367 (JSC::JIT::checkStructure): 65368 (JSC::JIT::setSamplingFlag): 65369 (JSC::JIT::clearSamplingFlag): 65370 (JSC::JIT::emitCount): 65371 (JSC::JIT::sampleInstruction): 65372 (JSC::JIT::sampleCodeBlock): 65373 (JSC::JIT::emitStoreInt32): 65374 (JSC::JIT::emitStoreCell): 65375 (JSC::JIT::emitStoreBool): 65376 (JSC::JIT::emitJumpSlowCaseIfNotJSCell): 65377 (JSC::JIT::emitInitRegister): 65378 (JSC::JIT::emitJumpIfJSCell): 65379 (JSC::JIT::emitJumpIfNotJSCell): 65380 (JSC::JIT::emitJumpIfImmediateInteger): 65381 (JSC::JIT::emitJumpIfNotImmediateInteger): 65382 (JSC::JIT::emitFastArithDeTagImmediate): 65383 (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero): 65384 (JSC::JIT::emitFastArithReTagImmediate): 65385 (JSC::JIT::emitTagAsBoolImmediate): 65386 * jit/JITOpcodes.cpp: 65387 (JSC::JIT::privateCompileCTIMachineTrampolines): 65388 (JSC::JIT::privateCompileCTINativeCall): 65389 (JSC::JIT::emit_op_check_has_instance): 65390 (JSC::JIT::emit_op_instanceof): 65391 (JSC::JIT::emit_op_ret_object_or_this): 65392 (JSC::JIT::emit_op_resolve): 65393 (JSC::JIT::emit_op_to_primitive): 65394 (JSC::JIT::emit_op_resolve_base): 65395 (JSC::JIT::emit_op_ensure_property_exists): 65396 (JSC::JIT::emit_op_resolve_skip): 65397 (JSC::JIT::emit_op_resolve_global): 65398 (JSC::JIT::emitSlow_op_resolve_global): 65399 (JSC::JIT::emit_op_not): 65400 (JSC::JIT::emit_op_jfalse): 65401 (JSC::JIT::emit_op_jeq_null): 65402 (JSC::JIT::emit_op_jneq_null): 65403 (JSC::JIT::emit_op_jneq_ptr): 65404 (JSC::JIT::emit_op_jsr): 65405 (JSC::JIT::emit_op_resolve_with_base): 65406 (JSC::JIT::emit_op_new_func_exp): 65407 (JSC::JIT::emit_op_jtrue): 65408 (JSC::JIT::emit_op_get_pnames): 65409 (JSC::JIT::emit_op_next_pname): 65410 (JSC::JIT::emit_op_to_jsnumber): 65411 (JSC::JIT::emit_op_push_new_scope): 65412 (JSC::JIT::emit_op_catch): 65413 (JSC::JIT::emit_op_eq_null): 65414 (JSC::JIT::emit_op_neq_null): 65415 (JSC::JIT::emit_op_init_lazy_reg): 65416 (JSC::JIT::emit_op_convert_this): 65417 (JSC::JIT::emit_op_convert_this_strict): 65418 (JSC::JIT::emitSlow_op_not): 65419 (JSC::JIT::emitSlow_op_neq): 65420 (JSC::JIT::emit_op_get_arguments_length): 65421 (JSC::JIT::emitSlow_op_get_arguments_length): 65422 (JSC::JIT::emit_op_get_argument_by_val): 65423 (JSC::JIT::emitSlow_op_resolve_global_dynamic): 65424 (JSC::JIT::emit_op_new_regexp): 65425 (JSC::JIT::emit_op_load_varargs): 65426 (JSC::JIT::emitSlow_op_load_varargs): 65427 (JSC::JIT::emit_op_new_func): 65428 * jit/JITOpcodes32_64.cpp: 65429 (JSC::JIT::privateCompileCTIMachineTrampolines): 65430 (JSC::JIT::privateCompileCTINativeCall): 65431 (JSC::JIT::emit_op_loop_if_lesseq): 65432 (JSC::JIT::emit_op_check_has_instance): 65433 (JSC::JIT::emit_op_instanceof): 65434 (JSC::JIT::emit_op_get_scoped_var): 65435 (JSC::JIT::emit_op_put_scoped_var): 65436 (JSC::JIT::emit_op_tear_off_activation): 65437 (JSC::JIT::emit_op_tear_off_arguments): 65438 (JSC::JIT::emit_op_resolve): 65439 (JSC::JIT::emit_op_to_primitive): 65440 (JSC::JIT::emit_op_resolve_base): 65441 (JSC::JIT::emit_op_ensure_property_exists): 65442 (JSC::JIT::emit_op_resolve_skip): 65443 (JSC::JIT::emit_op_resolve_global): 65444 (JSC::JIT::emitSlow_op_resolve_global): 65445 (JSC::JIT::emit_op_not): 65446 (JSC::JIT::emit_op_jfalse): 65447 (JSC::JIT::emit_op_jtrue): 65448 (JSC::JIT::emit_op_jeq_null): 65449 (JSC::JIT::emit_op_jneq_null): 65450 (JSC::JIT::emit_op_jneq_ptr): 65451 (JSC::JIT::emit_op_jsr): 65452 (JSC::JIT::emit_op_eq): 65453 (JSC::JIT::emitSlow_op_eq): 65454 (JSC::JIT::emit_op_neq): 65455 (JSC::JIT::emitSlow_op_neq): 65456 (JSC::JIT::compileOpStrictEq): 65457 (JSC::JIT::emit_op_eq_null): 65458 (JSC::JIT::emit_op_neq_null): 65459 (JSC::JIT::emit_op_resolve_with_base): 65460 (JSC::JIT::emit_op_new_func_exp): 65461 (JSC::JIT::emit_op_get_pnames): 65462 (JSC::JIT::emit_op_next_pname): 65463 (JSC::JIT::emit_op_to_jsnumber): 65464 (JSC::JIT::emit_op_push_new_scope): 65465 (JSC::JIT::emit_op_catch): 65466 (JSC::JIT::emit_op_create_activation): 65467 (JSC::JIT::emit_op_create_arguments): 65468 (JSC::JIT::emit_op_convert_this): 65469 (JSC::JIT::emit_op_convert_this_strict): 65470 (JSC::JIT::emit_op_get_arguments_length): 65471 (JSC::JIT::emitSlow_op_get_arguments_length): 65472 (JSC::JIT::emit_op_get_argument_by_val): 65473 (JSC::JIT::softModulo): 65474 * jit/JITPropertyAccess.cpp: 65475 (JSC::JIT::stringGetByValStubGenerator): 65476 (JSC::JIT::emit_op_get_by_val): 65477 (JSC::JIT::emitSlow_op_get_by_val): 65478 (JSC::JIT::emit_op_get_by_pname): 65479 (JSC::JIT::emit_op_put_by_val): 65480 (JSC::JIT::emit_op_put_by_index): 65481 (JSC::JIT::emit_op_put_getter): 65482 (JSC::JIT::emit_op_put_setter): 65483 (JSC::JIT::emit_op_del_by_id): 65484 (JSC::JIT::emit_op_get_by_id): 65485 (JSC::JIT::emit_op_put_by_id): 65486 (JSC::JIT::emit_op_method_check): 65487 (JSC::JIT::compileGetByIdHotPath): 65488 (JSC::JIT::compileGetByIdSlowCase): 65489 (JSC::JIT::emitSlow_op_put_by_id): 65490 (JSC::JIT::testPrototype): 65491 (JSC::JIT::privateCompilePutByIdTransition): 65492 (JSC::JIT::privateCompilePatchGetArrayLength): 65493 (JSC::JIT::privateCompileGetByIdProto): 65494 (JSC::JIT::privateCompileGetByIdSelfList): 65495 (JSC::JIT::privateCompileGetByIdProtoList): 65496 (JSC::JIT::privateCompileGetByIdChainList): 65497 (JSC::JIT::privateCompileGetByIdChain): 65498 * jit/JITPropertyAccess32_64.cpp: 65499 (JSC::JIT::emit_op_put_getter): 65500 (JSC::JIT::emit_op_put_setter): 65501 (JSC::JIT::emit_op_del_by_id): 65502 (JSC::JIT::emit_op_get_by_id): 65503 (JSC::JIT::emit_op_put_by_id): 65504 (JSC::JIT::emit_op_method_check): 65505 (JSC::JIT::stringGetByValStubGenerator): 65506 (JSC::JIT::emit_op_get_by_val): 65507 (JSC::JIT::emitSlow_op_get_by_val): 65508 (JSC::JIT::emit_op_put_by_val): 65509 (JSC::JIT::compileGetByIdHotPath): 65510 (JSC::JIT::compileGetByIdSlowCase): 65511 (JSC::JIT::emitSlow_op_put_by_id): 65512 (JSC::JIT::testPrototype): 65513 (JSC::JIT::privateCompilePutByIdTransition): 65514 (JSC::JIT::privateCompilePatchGetArrayLength): 65515 (JSC::JIT::privateCompileGetByIdProto): 65516 (JSC::JIT::privateCompileGetByIdSelfList): 65517 (JSC::JIT::privateCompileGetByIdProtoList): 65518 (JSC::JIT::privateCompileGetByIdChainList): 65519 (JSC::JIT::privateCompileGetByIdChain): 65520 (JSC::JIT::emit_op_get_by_pname): 65521 * jit/JITStubCall.h: 65522 (JSC::JITStubCall::addArgument): 65523 * jit/JITStubs.cpp: 65524 (JSC::getPolymorphicAccessStructureListSlot): 65525 (JSC::DEFINE_STUB_FUNCTION): 65526 * jit/JSInterfaceJIT.h: 65527 (JSC::JSInterfaceJIT::emitJumpIfNotJSCell): 65528 (JSC::JSInterfaceJIT::emitLoadInt32): 65529 (JSC::JSInterfaceJIT::emitLoadDouble): 65530 * jit/SpecializedThunkJIT.h: 65531 (JSC::SpecializedThunkJIT::SpecializedThunkJIT): 65532 (JSC::SpecializedThunkJIT::loadJSStringArgument): 65533 (JSC::SpecializedThunkJIT::tagReturnAsInt32): 65534 (JSC::SpecializedThunkJIT::tagReturnAsJSCell): 65535 * jit/ThunkGenerators.cpp: 65536 (JSC::charToString): 65537 (JSC::powThunkGenerator): 65538 * yarr/YarrJIT.cpp: 65539 (JSC::Yarr::YarrGenerator::matchCharacterClass): 65540 (JSC::Yarr::YarrGenerator::storeToFrame): 65541 (JSC::Yarr::YarrGenerator::storeToFrameWithPatch): 65542 (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode): 65543 (JSC::Yarr::YarrGenerator::generatePatternCharacterSingle): 65544 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): 65545 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): 65546 (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy): 65547 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): 65548 (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy): 65549 (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy): 65550 (JSC::Yarr::YarrGenerator::generateParenthesesSingle): 65551 (JSC::Yarr::YarrGenerator::generateDisjunction): 65552 655532011-03-28 Andras Becsi <abecsi@webkit.org> 65554 65555 Reviewed by Csaba Osztrogonác. 65556 65557 [Qt] Fix the linking of jsc with MinGW after r81963. 65558 65559 * jsc.pro: add -l and remove the lib suffix. 65560 655612011-03-27 Ben Taylor <bentaylor.solx86@gmail.com> 65562 65563 Reviewed by Alexey Proskuryakov. 65564 65565 https://bugs.webkit.org/show_bug.cgi?id=57170 Fix last elements 65566 in an enum to remove a trailing comma. Sun Studio 12 CC errors out. 65567 65568 Compile fix only, no actual code change. 65569 65570 * wtf/MessageQueue.h: 65571 655722011-03-25 Oliver Hunt <oliver@apple.com> 65573 65574 Reviewed by Darin Adler. 65575 65576 Allow defineOwnProperty to work on DOMObjects 65577 https://bugs.webkit.org/show_bug.cgi?id=57129 65578 65579 Fix a couple of places where we uses getter()/setter() rather 65580 than [gs]etterPresent(). 65581 65582 * runtime/JSObject.cpp: 65583 (JSC::JSObject::defineOwnProperty): 65584 655852011-03-25 Geoffrey Garen <ggaren@apple.com> 65586 65587 Reviewed by Oliver Hunt. 65588 65589 Crash when paused at a breakpoint caused by inaccurate Activation records. 65590 https://bugs.webkit.org/show_bug.cgi?id=57120 65591 65592 * runtime/JSActivation.cpp: 65593 (JSC::JSActivation::symbolTableGet): 65594 (JSC::JSActivation::symbolTablePut): 65595 (JSC::JSActivation::getOwnPropertyNames): 65596 (JSC::JSActivation::symbolTablePutWithAttributes): 65597 655982011-03-24 Geoffrey Garen <ggaren@apple.com> 65599 65600 Reviewed by Oliver Hunt. 65601 65602 Crash in debugger beneath MarkStack::drain @ me.com, ibm.com 65603 https://bugs.webkit.org/show_bug.cgi?id=57080 65604 <rdar://problem/8525907> 65605 65606 The crash was caused by changes in the executable after recompilation. 65607 65608 The fix is for the activation to copy the data it needs instead of 65609 relying on the data in the executable. 65610 65611 SunSpider and v8 report no change. 65612 65613 * runtime/Arguments.h: 65614 (JSC::JSActivation::copyRegisters): Use our own data members instead of 65615 reading data out of the executable. 65616 65617 * runtime/JSActivation.cpp: 65618 (JSC::JSActivation::JSActivation): Initialize our data members. 65619 65620 (JSC::JSActivation::markChildren): 65621 (JSC::JSActivation::symbolTableGet): 65622 (JSC::JSActivation::symbolTablePut): 65623 (JSC::JSActivation::getOwnPropertyNames): 65624 (JSC::JSActivation::symbolTablePutWithAttributes): 65625 (JSC::JSActivation::isDynamicScope): 65626 (JSC::JSActivation::argumentsGetter): Use our own data members instead of 65627 reading data out of the executable. 65628 65629 * runtime/JSActivation.h: Added new data members to track data previously 65630 tracked by the executable. Since I've removed the executable pointer, 65631 on a 64bit system, I've only made activations bigger by an int. 65632 656332011-03-25 David Kilzer <ddkilzer@apple.com> 65634 65635 Remove duplicate entry from JavaScriptCore.exp 65636 65637 JSC::createStackOverflowError(JSC::ExecState*) was originally 65638 exported in r60057, then duplicated in r60392. 65639 65640 * JavaScriptCore.exp: Removed duplicate entry. 65641 656422011-03-25 Jarred Nicholls <jarred@sencha.com> 65643 65644 Reviewed by Ariya Hidayat. 65645 65646 [Qt] MSVC Build Error - need to link advapi32.lib for jsc.exe 65647 https://bugs.webkit.org/show_bug.cgi?id=56098 65648 65649 Need to link advapi32.lib for jsc.exe since wtf/OSRandomSource.cpp uses the Win32 Crypto API 65650 65651 * jsc.pro: 65652 656532011-03-24 Nikolas Zimmermann <nzimmermann@rim.com> 65654 65655 Reviewed by Darin Adler. 65656 65657 Introduce WTF HexNumber.h 65658 https://bugs.webkit.org/show_bug.cgi?id=56099 65659 65660 Introduce a set of functions that ease converting from a bye or a number to a hex string, 65661 replacing several of these conversions and String::format("%x") usages all over WebCore. 65662 65663 * GNUmakefile.am: Add HexNumber.h to build. 65664 * JavaScriptCore.exp: Export StringBuilder::reserveCapacity. 65665 * JavaScriptCore.gypi: Add HexNumber.h to build. 65666 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export StringBuilder::reserveCapacity. 65667 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add HexNumber.h to build. 65668 * JavaScriptCore.xcodeproj/project.pbxproj: Ditto. 65669 * wtf/CMakeLists.txt: Ditto. 65670 * wtf/HexNumber.h: Added. 65671 (WTF::Internal::hexDigitsForMode): Internal helper. 65672 (WTF::appendByteAsHex): Free function, that appends a byte as hex string into a destination. 65673 (WTF::placeByteAsHex): Ditto, but places the result using *foo++ = '..' or foo[index++] = '..' 65674 (WTF::appendUnsignedAsHex): Free function, that appends a number as hex string into a destination. 65675 656762011-03-24 Geoffrey Garen <ggaren@apple.com> 65677 65678 Windows build fix take 2: Add new symobl. 65679 65680 (I should have used the EWS bots for this!) 65681 65682 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 65683 656842011-03-24 Geoffrey Garen <ggaren@apple.com> 65685 65686 Windows build fix take 1: Removed old symobl. 65687 65688 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 65689 656902011-03-24 Geoffrey Garen <ggaren@apple.com> 65691 65692 Reviewed by Oliver Hunt. 65693 65694 Ensure that all compilation takes place within a dynamic global object scope 65695 https://bugs.webkit.org/show_bug.cgi?id=57054 65696 <rdar://problem/9083011> 65697 65698 Otherwise, entry to the global object scope might throw away the code 65699 we just compiled, causing a crash. 65700 65701 * JavaScriptCore.exp: Updated for signature change. 65702 65703 * debugger/Debugger.cpp: 65704 (JSC::evaluateInGlobalCallFrame): 65705 * debugger/DebuggerCallFrame.cpp: 65706 (JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls 65707 here because (a) they took place outside a dynamic global object scope 65708 and (b) they were redundant. 65709 65710 * interpreter/CachedCall.h: 65711 (JSC::CachedCall::CachedCall): Updated for signature change. 65712 65713 * interpreter/Interpreter.cpp: 65714 (JSC::Interpreter::execute): 65715 (JSC::Interpreter::executeCall): 65716 (JSC::Interpreter::executeConstruct): Declare our dynamic global object 65717 scope earlier, to ensure that compilation takes place within it. 65718 65719 * runtime/Completion.cpp: 65720 (JSC::evaluate): Removed explicit compilation calls here because (a) 65721 they took place outside a dynamic global object scope and (b) they were 65722 redundant. 65723 65724 * runtime/Executable.h: 65725 (JSC::EvalExecutable::compile): 65726 (JSC::ProgramExecutable::compile): 65727 (JSC::FunctionExecutable::compileForCall): 65728 (JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to 65729 verify our new invariant that all compilation takes place within a 65730 dynamic global object scope. 65731 65732 * runtime/JSGlobalObject.cpp: 65733 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): 65734 * runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope 65735 to require a JSGlobalData instead of an ExecState* since it is often 65736 easier to provide the former, and the latter was not necessary. 65737 657382011-03-24 Oliver Hunt <oliver@apple.com> 65739 65740 Reviewed by Geoffrey Garen. 65741 65742 REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear 65743 https://bugs.webkit.org/show_bug.cgi?id=55671 65744 65745 This is no longer necessary, and it seems that with the new weakmap 65746 model it's simply unsafe, so this reduces it to a no-op. 65747 65748 * API/JSWeakObjectMapRefPrivate.cpp: 65749 657502011-03-24 Ben Taylor <bentaylor.solx86@gmail.com> 65751 65752 Reviewed by Darin Adler. 65753 65754 https://bugs.webkit.org/show_bug.cgi?id=20302 65755 Correct implementation of signbit on Solaris 65756 65757 * wtf/MathExtras.h: 65758 (signbit): 65759 657602011-03-23 Mark Rowe <mrowe@apple.com> 65761 65762 Reviewed by Darin Adler. 65763 65764 <rdar://problem/7959320> Threads that use APIs above the BSD layer must be registered with the Obj-C GC. 65765 65766 * wtf/ThreadingPthreads.cpp: 65767 (WTF::initializeCurrentThreadInternal): 65768 657692011-03-23 Mark Rowe <mrowe@apple.com> 65770 65771 Stop setting OTHER_OPTIONS in JavaScriptCore's Makefile. 65772 65773 It's not necessary to pass "-target All" as xcodebuild always builds the 65774 first target in the project unless otherwise specified. The presence of 65775 that option also breaks "make clean" since that results in both the 65776 -target and -alltargets options being passed to xcodebuild. 65777 65778 * Makefile: 65779 657802011-03-23 Pavel Feldman <pfeldman@chromium.org> 65781 65782 Not reviewed: bring back Vector::contains that was removed as a part of roll back. 65783 65784 * wtf/Vector.h: 65785 (WTF::::contains): 65786 657872011-03-23 Sheriff Bot <webkit.review.bot@gmail.com> 65788 65789 Unreviewed, rolling out r81686. 65790 http://trac.webkit.org/changeset/81686 65791 https://bugs.webkit.org/show_bug.cgi?id=56914 65792 65793 Breaks webkit_tests in Chromium again. (Requested by pfeldman 65794 on #webkit). 65795 65796 * wtf/Vector.h: 65797 657982011-03-23 Adam Barth <abarth@webkit.org> 65799 65800 Reviewed by Eric Seidel. 65801 65802 JavaScriptCore GYP build should work on a case-sensitive file system 65803 https://bugs.webkit.org/show_bug.cgi?id=56911 65804 65805 The issue is that there are two UString.h headers, one named UString.h 65806 and one named ustring.h. This patch excludes ustring.h from the header 65807 map to avoid confusion. While I was editing this part of the GYP file, 65808 I cleaned up the exclude rules to be more modern. 65809 65810 * gyp/JavaScriptCore.gyp: 65811 658122011-03-22 Geoffrey Garen <ggaren@apple.com> 65813 65814 Reviewed by Maciej Stachowiak. 65815 65816 REGRESSION (r78382): No scripts appear in the Web Inspector's Scripts 65817 panel on Windows, and many inspector regression tests are failing 65818 https://bugs.webkit.org/show_bug.cgi?id=54490 65819 65820 The bug was caused by two different classes using the same name (Recompiler). 65821 65822 * debugger/Debugger.cpp: 65823 * runtime/JSGlobalData.cpp: 65824 (WTF::Recompiler::operator()): Put Recompiler in an anonymous namespace, 65825 so our two recompilers' inline functions don't stomp each other at 65826 link time. 65827 658282011-03-22 Sam Weinig <sam@webkit.org> 65829 65830 Reviewed by Mark Rowe. 65831 65832 Remove USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER. 65833 <rdar://problem/8944718> 65834 65835 * DerivedSources.make: 65836 Remove generation of USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER. 65837 658382011-03-22 Gabor Loki <loki@webkit.org> 65839 65840 Reviewed by Csaba Osztrogonác. 65841 65842 [Qt] Add DFG module to build system (disabled by default). 65843 https://bugs.webkit.org/show_bug.cgi?id=56845 65844 65845 * JavaScriptCore.pri: 65846 * JavaScriptCore.pro: 65847 658482011-03-22 Eric Seidel <eric@webkit.org> 65849 65850 Reviewed by Adam Barth. 65851 65852 Add support to build-webkit for building with gyp-generated project files 65853 https://bugs.webkit.org/show_bug.cgi?id=56877 65854 65855 Found a couple missing Private headers while trying to make WebCore build. 65856 65857 * JavaScriptCore.gypi: 65858 658592011-03-22 Eric Seidel <eric@webkit.org> 65860 65861 Reviewed by Adam Barth. 65862 65863 Make it possible to build JavaScriptCore and WebCore gyp builds outside of Source 65864 https://bugs.webkit.org/show_bug.cgi?id=56867 65865 65866 This should make it possible to build the gyp-generated JavaScriptCore.xcodeproj 65867 from a JavaScriptCore directory outside of Source. 65868 65869 * gyp/JavaScriptCore.gyp: 65870 * gyp/run-if-exists.sh: Added. 65871 * gyp/update-info-plist.sh: Added. 65872 658732011-03-22 Eric Seidel <eric@webkit.org> 65874 65875 Reviewed by Adam Barth. 65876 65877 Add Profiling Configuration to JavaScriptCore gyp build 65878 https://bugs.webkit.org/show_bug.cgi?id=56862 65879 65880 It appears this is identical to Release, but I suspect 65881 there is someone/thing who uses the Profiling target 65882 so we're adding it for completeness. 65883 65884 * gyp/JavaScriptCore.gyp: 65885 658862011-03-22 Adam Barth <abarth@webkit.org> 65887 65888 Reviewed by Eric Seidel. 65889 65890 Remove os_win32_files variable from the GYP build 65891 https://bugs.webkit.org/show_bug.cgi?id=56804 65892 65893 Now that our understanding of GYP is sufficiently advanced, we don't 65894 need os_win32_files any more. (Turns out Eric was right, as he always 65895 is.) 65896 65897 * JavaScriptCore.gypi: 65898 658992011-03-22 Adam Barth <abarth@webkit.org> 65900 65901 Reviewed by Eric Seidel. 65902 65903 GYP build of JavaScriptCore should be able to link from an empty WebKitBuild directory 65904 https://bugs.webkit.org/show_bug.cgi?id=56803 65905 65906 Previously, we thought we should generate the derived source files in 65907 the shared intermediate build products directory, but there are 65908 assumptions built into other parts of the Mac build system that the 65909 derived source files will be generated in a particular subdirectory of 65910 the build products directory. 65911 65912 This patch is a partial revert of the change that moved the derived 65913 source files to the shared intermediate directory. After this patch, 65914 the GYP build can build JavaScriptCore without help from the main 65915 normal build system. 65916 65917 * JavaScriptCore.gypi: 65918 * gyp/JavaScriptCore.gyp: 65919 * gyp/generate-derived-sources.sh: 65920 * gyp/generate-dtrace-header.sh: 65921 659222011-03-22 Jay Civelli <jcivelli@chromium.org> 65923 65924 Reviewed by David Levin. 65925 65926 Adding a contains method to Vector. 65927 https://bugs.webkit.org/show_bug.cgi?id=55859 65928 65929 * wtf/Vector.h: 65930 (WTF::Vector::contains): 65931 659322011-03-22 Gabor Loki <loki@webkit.org> 65933 65934 Reviewed by Alexey Proskuryakov. 65935 65936 Fix a bunch of typos in DFG. 65937 https://bugs.webkit.org/show_bug.cgi?id=56813 65938 65939 * dfg/DFGByteCodeParser.cpp: 65940 (JSC::DFG::parse): 65941 * dfg/DFGGenerationInfo.h: 65942 (JSC::DFG::GenerationInfo::setSpilled): 65943 * dfg/DFGGraph.cpp: 65944 (JSC::DFG::Graph::dump): 65945 * dfg/DFGGraph.h: 65946 * dfg/DFGJITCodeGenerator.h: 65947 (JSC::DFG::JITCodeGenerator::setupStubArguments): 65948 * dfg/DFGJITCompiler.cpp: 65949 (JSC::DFG::JITCompiler::compileFunction): 65950 * dfg/DFGJITCompiler.h: 65951 * dfg/DFGNode.h: 65952 * dfg/DFGNonSpeculativeJIT.h: 65953 * dfg/DFGOperations.h: 65954 * dfg/DFGRegisterBank.h: 65955 (JSC::DFG::RegisterBank::allocate): 65956 * dfg/DFGScoreBoard.h: 65957 (JSC::DFG::ScoreBoard::~ScoreBoard): 65958 (JSC::DFG::ScoreBoard::allocate): 65959 * dfg/DFGSpeculativeJIT.cpp: 65960 (JSC::DFG::SpeculativeJIT::compile): 65961 * dfg/DFGSpeculativeJIT.h: 65962 659632011-03-22 Adam Barth <abarth@webkit.org> 65964 65965 Reviewed by Eric Seidel. 65966 65967 Production configuration in GYP isn't set up correctly 65968 https://bugs.webkit.org/show_bug.cgi?id=56786 65969 65970 Update JavaScriptCore.gyp with information mined from 65971 JavaScriptCore.xcodeproj. 65972 65973 * JavaScriptCore.gypi: 65974 * gyp/JavaScriptCore.gyp: 65975 659762011-03-22 Kent Tamura <tkent@chromium.org> 65977 65978 Reviewed by Eric Seidel. 65979 65980 REGRESSION(r80096): Number type input unexpectedly rounds fractional values 65981 https://bugs.webkit.org/show_bug.cgi?id=56367 65982 65983 Introduce clampToInteger(unsigned). 65984 65985 * wtf/MathExtras.h: 65986 (clampToInteger): Added. 65987 659882011-03-21 Adam Barth <abarth@webkit.org> 65989 65990 Reviewed by Eric Seidel. 65991 65992 GYP build should not have include paths that point within the source tree 65993 https://bugs.webkit.org/show_bug.cgi?id=56788 65994 65995 Turns out we don't need these include paths anymore now that we have 65996 header maps working properly. 65997 65998 * gyp/JavaScriptCore.gyp: 65999 - Also, remove jsc.cpp from the excluded list because it's not part 66000 of the jsc_files variable instead of the javascriptcore_files 66001 variable. 66002 660032011-03-21 Adam Barth <abarth@webkit.org> 66004 66005 Reviewed by Eric Seidel. 66006 66007 Solve the Assertions.cpp / -Wno-missing-format-attribute mystery 66008 https://bugs.webkit.org/show_bug.cgi?id=56780 66009 66010 The reason we couldn't resolve this warning in the GYP build was that 66011 the normal build disables this warning specifically for this file. 66012 This patch takes the same approach as the previous patch to 66013 WebCoreObjCExtras.mm in that it uses a pragma to suppress the warning 66014 (rather than a build system configuration). 66015 66016 * JavaScriptCore.xcodeproj/project.pbxproj: 66017 - Remove the special-case for this file. 66018 * gyp/JavaScriptCore.gyp: 66019 - Remove the work-around for this issue. 66020 * wtf/Assertions.cpp: 66021 - Add a pragma disabling this warning for this file. 66022 660232011-03-21 Adam Barth <abarth@webkit.org> 66024 66025 Reviewed by Dimitri Glazkov. 66026 66027 WebCore GYP build shouldn't crash on startup 66028 https://bugs.webkit.org/show_bug.cgi?id=56776 66029 66030 Debug builds shouldn't define NDEBUG. This same logic exists in the 66031 project.pbxproj file. 66032 66033 * gyp/JavaScriptCore.gyp: 66034 660352011-03-21 Robert Kroeger <rjkroege@chromium.org> 66036 66037 Reviewed by Antonio Gomes. 66038 66039 Flag to enable/disable a GestureReocognizer framework 66040 66041 https://bugs.webkit.org/show_bug.cgi?id=49345 66042 66043 * wtf/Platform.h: 66044 660452011-03-21 Adam Barth <abarth@webkit.org> 66046 66047 Reviewed by Dimitri Glazkov. 66048 66049 Add new files to JavaScriptCore.gypi 66050 https://bugs.webkit.org/show_bug.cgi?id=56766 66051 66052 * JavaScriptCore.gypi: 66053 660542011-03-21 Sheriff Bot <webkit.review.bot@gmail.com> 66055 66056 Unreviewed, rolling out r81377. 66057 http://trac.webkit.org/changeset/81377 66058 https://bugs.webkit.org/show_bug.cgi?id=56765 66059 66060 WebPageSerializerTest.MultipleFrames is broken (Requested by 66061 simonjam on #webkit). 66062 66063 * wtf/Vector.h: 66064 660652011-03-21 Gabor Loki <loki@webkit.org> 66066 66067 Reviewed by Csaba Osztrogonác. 66068 66069 Extend constant pool to be able to store 16 bit instructions with a constant 66070 https://bugs.webkit.org/show_bug.cgi?id=46796 66071 66072 The putShortWithConstantInt function inserts a 16 bit instruction which 66073 refers a 32 bits constant or literal. This is a vital function for those 66074 target which loads a PC relative value with a 16 bit instruction (like 66075 Thumb-2 instruction set and SH4 architecture). 66076 66077 * assembler/AssemblerBuffer.h: 66078 (JSC::AssemblerBuffer::putIntegral): 66079 (JSC::AssemblerBuffer::putIntegralUnchecked): 66080 * assembler/AssemblerBufferWithConstantPool.h: 66081 660822011-03-21 Philippe Normand <pnormand@igalia.com> 66083 66084 Unreviewed, GTK distcheck build fix. 66085 66086 * GNUmakefile.am: 66087 660882011-03-20 Bill Budge <bbudge@chromium.org> 66089 66090 Reviewed by Adam Barth. 66091 66092 Rename ThreadSafeShared to ThreadSafeRefCounted 66093 https://bugs.webkit.org/show_bug.cgi?id=56714 66094 66095 No new tests. Exposes no new functionality. 66096 66097 * API/JSClassRef.h: 66098 * API/OpaqueJSString.h: 66099 * GNUmakefile.am: 66100 * JavaScriptCore.gypi: 66101 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 66102 * JavaScriptCore.xcodeproj/project.pbxproj: 66103 * wtf/Atomics.h: 66104 * wtf/CMakeLists.txt: 66105 * wtf/CrossThreadRefCounted.h: 66106 (WTF::CrossThreadRefCounted::CrossThreadRefCounted): 66107 (WTF::::crossThreadCopy): 66108 * wtf/ThreadSafeRefCounted.h: Copied from wtf/ThreadSafeShared.h. 66109 (WTF::ThreadSafeRefCountedBase::ThreadSafeRefCountedBase): 66110 (WTF::ThreadSafeRefCountedBase::ref): 66111 (WTF::ThreadSafeRefCountedBase::refCount): 66112 (WTF::ThreadSafeRefCountedBase::derefBase): 66113 (WTF::ThreadSafeRefCounted::ThreadSafeRefCounted): 66114 * wtf/ThreadSafeShared.h: Removed. 66115 * wtf/Threading.h: 66116 661172011-03-19 Patrick Gansterer <paroga@webkit.org> 66118 66119 Reviewed by Darin Adler. 66120 66121 Remove StringImpl::computeHash() 66122 https://bugs.webkit.org/show_bug.cgi?id=49894 66123 66124 Replace remainig StringImpl::computeHash with StringImpl::computeHashStringHasher. 66125 66126 * wtf/text/AtomicString.cpp: 66127 (WTF::CStringTranslator::hash): 66128 (WTF::UCharBufferTranslator::hash): 66129 (WTF::HashAndCharactersTranslator::hash): 66130 * wtf/text/StringImpl.h: 66131 (WTF::StringImpl::setHash): 66132 (WTF::StringImpl::hash): 66133 661342011-03-19 Patrick Gansterer <paroga@webkit.org> 66135 66136 Reviewed by Darin Adler. 66137 66138 Rename WTF::StringHasher methods 66139 https://bugs.webkit.org/show_bug.cgi?id=53532 66140 66141 Rename createHash to computeHash and createBlobHash to hashMemory. 66142 Also add a using WTF::StringHasher in the header file. 66143 66144 * profiler/CallIdentifier.h: 66145 (JSC::CallIdentifier::Hash::hash): 66146 * runtime/Identifier.cpp: 66147 (JSC::IdentifierCStringTranslator::hash): 66148 (JSC::IdentifierUCharBufferTranslator::hash): 66149 * wtf/StringHasher.h: 66150 (WTF::StringHasher::computeHash): 66151 (WTF::StringHasher::hashMemory): 66152 * wtf/text/StringHash.h: 66153 (WTF::CaseFoldingHash::hash): 66154 * wtf/text/StringImpl.h: 66155 (WTF::StringImpl::computeHash): 66156 * wtf/unicode/UTF8.cpp: 66157 (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal): 66158 661592011-03-18 Geoffrey Garen <ggaren@apple.com> 66160 66161 Reviewed by Oliver Hunt. 66162 66163 [GTK] JSC crashes in 32bit Release bots after r80743 66164 https://bugs.webkit.org/show_bug.cgi?id=56180 66165 66166 The crash was caused by referencing GC memory from a GC destructor. This 66167 is not safe because destruction time / order is not guaranteed. 66168 66169 * profiler/ProfileGenerator.cpp: 66170 (JSC::ProfileGenerator::create): 66171 (JSC::ProfileGenerator::ProfileGenerator): 66172 (JSC::ProfileGenerator::willExecute): 66173 (JSC::ProfileGenerator::didExecute): 66174 * profiler/ProfileGenerator.h: 66175 (JSC::ProfileGenerator::origin): Made ExecState* the first argument, 66176 to match the rest of this class and JSC. 66177 66178 Use a JSGlobalObject* instead of an ExecState* with an indirect reference 66179 to a JSGlobalObject* to track our origin. This is simpler and more 66180 efficient, and it removes the destruction order dependency that was causing 66181 our crash. 66182 66183 * profiler/Profiler.cpp: 66184 (JSC::Profiler::startProfiling): Updated for change to JSGlobalObject*. 66185 (JSC::Profiler::stopProfiling): New function for stopping all profiles 66186 for a given global object. This is more straight-forward than multiplexing 66187 through the old function. 66188 66189 (JSC::dispatchFunctionToProfiles): Updated for change to JSGlobalObject*. 66190 * profiler/Profiler.h: Ditto. 66191 66192 * runtime/JSGlobalObject.cpp: 66193 (JSC::JSGlobalObject::~JSGlobalObject): Ditto. 66194 661952011-03-17 Geoffrey Garen <ggaren@apple.com> 66196 66197 Reviewed by Oliver Hunt. 66198 66199 1 Structure leaked beneath JSGlobalData::storeVPtrs() 66200 https://bugs.webkit.org/show_bug.cgi?id=56595 66201 66202 * runtime/Executable.cpp: 66203 (JSC::EvalExecutable::EvalExecutable): 66204 (JSC::ProgramExecutable::ProgramExecutable): 66205 (JSC::FunctionExecutable::FunctionExecutable): 66206 * runtime/Executable.h: 66207 (JSC::ExecutableBase::ExecutableBase): 66208 (JSC::NativeExecutable::NativeExecutable): 66209 (JSC::VPtrHackExecutable::VPtrHackExecutable): 66210 (JSC::ScriptExecutable::ScriptExecutable): Use a raw pointer instead of 66211 PassRefPtr, like JSString does, since JSGlobalData owns the singleton 66212 exectuable structure. 66213 662142011-03-17 Geoffrey Garen <ggaren@apple.com> 66215 66216 Reviewed by Mark Rowe. 66217 66218 Fixed some string leaks seen on the buildbot 66219 https://bugs.webkit.org/show_bug.cgi?id=56619 66220 66221 * runtime/PropertyMapHashTable.h: 66222 (JSC::PropertyTable::~PropertyTable): DEref! 66223 662242011-03-17 Oliver Hunt <oliver@apple.com> 66225 66226 Reviewed by Geoffrey Garen. 66227 66228 Crash in JSC::MarkStack::drain Under Stress 66229 https://bugs.webkit.org/show_bug.cgi?id=56470 66230 66231 We perform a number of gc allocations while when 66232 we are setting up new globals in a piece of global 66233 code. We do this by adding new properties to the 66234 symbol table, and then expanding the storage to fit 66235 at the end. 66236 66237 If a GC happens during this time we will report an 66238 incorrect size for the global object's symbol table 66239 storage. 66240 66241 This patch corrects this by growing the storage size 66242 before we starting adding entries to the symbol table. 66243 66244 * bytecompiler/BytecodeGenerator.cpp: 66245 (JSC::BytecodeGenerator::BytecodeGenerator): 66246 * runtime/JSGlobalObject.cpp: 66247 (JSC::JSGlobalObject::resizeRegisters): 66248 662492011-03-17 Geoffrey Garen <ggaren@apple.com> 66250 66251 Reviewed by Oliver Hunt. 66252 66253 1 Structure leaked beneath JSGlobalData::storeVPtrs() 66254 https://bugs.webkit.org/show_bug.cgi?id=56595 66255 66256 * runtime/JSGlobalData.cpp: 66257 (JSC::JSGlobalData::storeVPtrs): Take local ownership of the Structure 66258 we're using, since the Executable is not designed to own the Structure. 66259 662602011-03-17 Gavin Barraclough <barraclough@apple.com> 66261 66262 Rubber Stamped by Sam Weinig. 66263 66264 Add missing register-register branchTest8 to MacroAssemblerX86Common/X86Assembler. 66265 66266 * assembler/MacroAssemblerX86Common.h: 66267 (JSC::MacroAssemblerX86Common::branchTest8): 66268 * assembler/X86Assembler.h: 66269 (JSC::X86Assembler::testb_rr): 66270 662712011-03-17 Gavin Barraclough <barraclough@apple.com> 66272 66273 Reviewed by Sam Weinig. 66274 66275 Bug 56603 - DFG JIT related cleanup 66276 Move node generation out to separate function, move binarySearch algorithm out 66277 to StdLibExtras, fix Graph::dump() to print comma between non-node children, 66278 even if there are no node children. 66279 66280 * bytecode/CodeBlock.h: 66281 (JSC::getCallReturnOffset): 66282 (JSC::CodeBlock::getStubInfo): 66283 (JSC::CodeBlock::getCallLinkInfo): 66284 (JSC::CodeBlock::getMethodCallLinkInfo): 66285 (JSC::CodeBlock::bytecodeOffset): 66286 - Move binaryChop to binarySearch in StdLibExtras 66287 * dfg/DFGByteCodeParser.cpp: 66288 (JSC::DFG::ByteCodeParser::ByteCodeParser): 66289 (JSC::DFG::ByteCodeParser::parse): 66290 (JSC::DFG::parse): 66291 - Make m_noArithmetic a member, initialize m_currentIndex in the constructor. 66292 * dfg/DFGByteCodeParser.h: 66293 - Change parse() to not take a start index (always 0). 66294 * dfg/DFGGraph.cpp: 66295 (JSC::DFG::Graph::dump): 66296 - Fix Graph::dump() to print comma between non-node children, even if there are no node children. 66297 * dfg/DFGJITCodeGenerator.h: 66298 (JSC::DFG::JITCodeGenerator::JITCodeGenerator): 66299 - Initialize m_compileIndex in constructor. 66300 * dfg/DFGNonSpeculativeJIT.cpp: 66301 (JSC::DFG::NonSpeculativeJIT::compile): 66302 * dfg/DFGNonSpeculativeJIT.h: 66303 - Spilt out compilation of individual node. 66304 * dfg/DFGOperations.cpp: 66305 (JSC::DFG::operationConvertThis): 66306 * dfg/DFGOperations.h: 66307 - Cleanup parameter name. 66308 * dfg/DFGSpeculativeJIT.cpp: 66309 (JSC::DFG::SpeculativeJIT::compile): 66310 * dfg/DFGSpeculativeJIT.h: 66311 - Spilt out compilation of individual node. 66312 * runtime/Executable.cpp: 66313 (JSC::tryDFGCompile): 66314 - Change parse() to not take a start index (always 0). 66315 * wtf/StdLibExtras.h: 66316 (WTF::binarySearch): 66317 - Move binaryChop to binarySearch in StdLibExtras 66318 663192011-03-17 Anders Carlsson <andersca@apple.com> 66320 66321 Reviewed by Geoffrey Garen. 66322 66323 Fix clang build. 66324 66325 * runtime/JSGlobalData.cpp: 66326 (JSC::JSGlobalData::storeVPtrs): 66327 663282011-03-17 Geoffrey Garen <ggaren@apple.com> 66329 66330 Reviewed by Darin Adler. 66331 66332 1 Structure leaked beneath JSGlobalData::storeVPtrs() 66333 https://bugs.webkit.org/show_bug.cgi?id=56595 66334 66335 * JavaScriptCore.xcodeproj/project.pbxproj: 66336 * runtime/JSGlobalData.cpp: 66337 (JSC::JSGlobalData::storeVPtrs): Now that we have an executable, we need 66338 to explicitly run its destructor. 66339 663402011-03-17 Jeff Miller <jeffm@apple.com> 66341 66342 Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj directories, specifically: 66343 66344 *.mode* 66345 *.pbxuser 66346 *.perspective* 66347 project.xcworkspace 66348 xcuserdata 66349 66350 * JavaScriptCore.xcodeproj: Modified property svn:ignore. 66351 663522011-03-17 Gavin Barraclough <barraclough@apple.com> 66353 66354 Reverting r81197, breaks JIT + INTERPRETER build. 66355 66356 * bytecode/CodeBlock.cpp: 66357 (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset): 66358 (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset): 66359 * bytecode/CodeBlock.h: 66360 (JSC::CodeBlock::addPropertyAccessInstruction): 66361 (JSC::CodeBlock::addGlobalResolveInstruction): 66362 (JSC::CodeBlock::addStructureStubInfo): 66363 * bytecode/Opcode.h: 66364 * bytecode/StructureStubInfo.h: 66365 * bytecompiler/BytecodeGenerator.cpp: 66366 (JSC::BytecodeGenerator::emitResolve): 66367 (JSC::BytecodeGenerator::emitResolveWithBase): 66368 (JSC::BytecodeGenerator::emitGetById): 66369 (JSC::BytecodeGenerator::emitPutById): 66370 (JSC::BytecodeGenerator::emitDirectPutById): 66371 (JSC::BytecodeGenerator::emitCall): 66372 (JSC::BytecodeGenerator::emitConstruct): 66373 (JSC::BytecodeGenerator::emitCatch): 66374 663752011-03-17 Ben Taylor <bentaylor.solx86@gmail.com> 66376 66377 Reviewed by Alexey Proskuryakov. 66378 66379 Add a COMPILER(SUNCC) define for Sun Studio 12. 66380 https://bugs.webkit.org/show_bug.cgi?56444 66381 derived from patch 1 of 16 originally from https://bugs.webkit.org/show_bug.cgi?id=24932 66382 66383 * wtf/Platform.h: 66384 663852011-03-17 Jay Civelli <jcivelli@chromium.org> 66386 66387 Reviewed by David Levin. 66388 66389 Adding a contains method to Vector. 66390 https://bugs.webkit.org/show_bug.cgi?id=55859 66391 66392 * wtf/Vector.h: 66393 (WTF::::operator): 66394 (WTF::::contains): 66395 663962011-03-17 Patrick Gansterer <paroga@webkit.org> 66397 66398 Fix the interpreter build. 66399 66400 * interpreter/Interpreter.cpp: 66401 (JSC::Interpreter::privateExecute): Added globalData to inheritorID(). 66402 664032011-03-16 Sam Weinig <sam@webkit.org> 66404 66405 Fix the interpreter build. 66406 66407 * interpreter/Interpreter.cpp: 66408 (JSC::Interpreter::resolve): 66409 (JSC::Interpreter::resolveSkip): 66410 (JSC::Interpreter::resolveGlobal): 66411 (JSC::Interpreter::resolveGlobalDynamic): 66412 (JSC::Interpreter::resolveBaseAndProperty): 66413 (JSC::Interpreter::privateExecute): 66414 Remove .get()s. 66415 664162011-03-16 Adam Barth <abarth@webkit.org> 66417 66418 Reviewed by James Robinson. 66419 66420 Remove USE(BUILTIN_UTF8_CODEC) 66421 https://bugs.webkit.org/show_bug.cgi?id=56508 66422 66423 We added this recently when we were unsure about the stability of the 66424 built-in UTF-8 codec. However, the codec seems to be stable, so we 66425 don't need the macro. 66426 66427 * wtf/Platform.h: 66428 664292011-03-16 Daniel Bates <dbates@rim.com> 66430 66431 Reviewed by Darin Adler. 66432 66433 Make JIT build for ARM Thumb-2 with RVCT 66434 https://bugs.webkit.org/show_bug.cgi?id=56440 66435 66436 Derived from a patch by Dave Tapuska. 66437 66438 Also, modify the RVCT stub template to indicate that it preserves 8 byte stack alignment. 66439 66440 * jit/JITStubs.cpp: 66441 664422011-03-16 Chao-ying Fu <fu@mips.com> 66443 66444 Reviewed by Darin Adler. 66445 66446 Fix MIPS build with const *void 66447 https://bugs.webkit.org/show_bug.cgi?id=56513 66448 66449 * assembler/MacroAssemblerMIPS.h: 66450 (JSC::MacroAssemblerMIPS::load32): 66451 (JSC::MacroAssemblerMIPS::store32): 66452 664532011-03-16 Oliver Hunt <oliver@apple.com> 66454 66455 Reviewed by Darin Adler. 66456 66457 Remove unnecessary caller tracking shenanigans from CodeBlock 66458 https://bugs.webkit.org/show_bug.cgi?id=56483 66459 66460 This removes some leftover cruft from when we made CodeBlock 66461 mark its callees. Removing it gives us a 0.7% progression, 66462 reducing the overall regression to ~1.3%. 66463 66464 * bytecode/CodeBlock.cpp: 66465 (JSC::CodeBlock::shrinkToFit): 66466 * bytecode/CodeBlock.h: 66467 (JSC::CallLinkInfo::CallLinkInfo): 66468 * jit/JIT.cpp: 66469 (JSC::JIT::linkCall): 66470 (JSC::JIT::linkConstruct): 66471 664722011-03-15 Oliver Hunt <oliver@apple.com> 66473 66474 Reviewed by Geoffrey Garen. 66475 66476 Make Structure creation require a JSGlobalData 66477 https://bugs.webkit.org/show_bug.cgi?id=56438 66478 66479 Mechanical change to make Structure::create require JSGlobalData&, and 66480 require all users to provide the globalData. 66481 66482 * API/JSCallbackConstructor.h: 66483 (JSC::JSCallbackConstructor::createStructure): 66484 * API/JSCallbackFunction.h: 66485 (JSC::JSCallbackFunction::createStructure): 66486 * API/JSCallbackObject.h: 66487 (JSC::JSCallbackObject::createStructure): 66488 * API/JSContextRef.cpp: 66489 * JavaScriptCore.exp: 66490 * debugger/DebuggerActivation.cpp: 66491 (JSC::DebuggerActivation::DebuggerActivation): 66492 * debugger/DebuggerActivation.h: 66493 (JSC::DebuggerActivation::createStructure): 66494 * jit/JITStubs.cpp: 66495 (JSC::DEFINE_STUB_FUNCTION): 66496 * jsc.cpp: 66497 (GlobalObject::GlobalObject): 66498 (functionRun): 66499 (jscmain): 66500 * runtime/Arguments.h: 66501 (JSC::Arguments::createStructure): 66502 * runtime/ArrayPrototype.h: 66503 (JSC::ArrayPrototype::createStructure): 66504 * runtime/BooleanObject.h: 66505 (JSC::BooleanObject::createStructure): 66506 * runtime/DateInstance.h: 66507 (JSC::DateInstance::createStructure): 66508 * runtime/DatePrototype.h: 66509 (JSC::DatePrototype::createStructure): 66510 * runtime/ErrorInstance.h: 66511 (JSC::ErrorInstance::createStructure): 66512 * runtime/Executable.h: 66513 (JSC::ExecutableBase::createStructure): 66514 (JSC::EvalExecutable::createStructure): 66515 (JSC::ProgramExecutable::createStructure): 66516 (JSC::FunctionExecutable::createStructure): 66517 * runtime/FunctionPrototype.h: 66518 (JSC::FunctionPrototype::createStructure): 66519 * runtime/GetterSetter.h: 66520 (JSC::GetterSetter::createStructure): 66521 * runtime/InternalFunction.h: 66522 (JSC::InternalFunction::createStructure): 66523 * runtime/JSAPIValueWrapper.h: 66524 (JSC::JSAPIValueWrapper::createStructure): 66525 * runtime/JSActivation.h: 66526 (JSC::JSActivation::createStructure): 66527 * runtime/JSArray.cpp: 66528 (JSC::JSArray::JSArray): 66529 * runtime/JSArray.h: 66530 (JSC::JSArray::createStructure): 66531 * runtime/JSByteArray.cpp: 66532 (JSC::JSByteArray::createStructure): 66533 * runtime/JSByteArray.h: 66534 (JSC::JSByteArray::JSByteArray): 66535 * runtime/JSCell.h: 66536 (JSC::JSCell::JSCell::createDummyStructure): 66537 * runtime/JSFunction.h: 66538 (JSC::JSFunction::createStructure): 66539 * runtime/JSGlobalData.cpp: 66540 (JSC::JSGlobalData::storeVPtrs): 66541 (JSC::JSGlobalData::JSGlobalData): 66542 * runtime/JSGlobalObject.cpp: 66543 (JSC::JSGlobalObject::reset): 66544 * runtime/JSGlobalObject.h: 66545 (JSC::JSGlobalObject::JSGlobalObject): 66546 (JSC::JSGlobalObject::createStructure): 66547 * runtime/JSNotAnObject.h: 66548 (JSC::JSNotAnObject::createStructure): 66549 * runtime/JSONObject.h: 66550 (JSC::JSONObject::createStructure): 66551 * runtime/JSObject.cpp: 66552 (JSC::JSObject::createInheritorID): 66553 * runtime/JSObject.h: 66554 (JSC::JSObject::createStructure): 66555 (JSC::JSNonFinalObject::createStructure): 66556 (JSC::JSFinalObject::createStructure): 66557 (JSC::createEmptyObjectStructure): 66558 (JSC::JSObject::inheritorID): 66559 * runtime/JSObjectWithGlobalObject.h: 66560 (JSC::JSObjectWithGlobalObject::createStructure): 66561 * runtime/JSPropertyNameIterator.h: 66562 (JSC::JSPropertyNameIterator::createStructure): 66563 * runtime/JSStaticScopeObject.h: 66564 (JSC::JSStaticScopeObject::createStructure): 66565 * runtime/JSString.h: 66566 (JSC::RopeBuilder::createStructure): 66567 * runtime/JSVariableObject.h: 66568 (JSC::JSVariableObject::createStructure): 66569 * runtime/JSWrapperObject.h: 66570 (JSC::JSWrapperObject::createStructure): 66571 * runtime/JSZombie.h: 66572 (JSC::JSZombie::createStructure): 66573 * runtime/MathObject.h: 66574 (JSC::MathObject::createStructure): 66575 * runtime/NativeErrorConstructor.cpp: 66576 (JSC::NativeErrorConstructor::NativeErrorConstructor): 66577 * runtime/NativeErrorConstructor.h: 66578 (JSC::NativeErrorConstructor::createStructure): 66579 * runtime/NumberConstructor.h: 66580 (JSC::NumberConstructor::createStructure): 66581 * runtime/NumberObject.h: 66582 (JSC::NumberObject::createStructure): 66583 * runtime/ObjectConstructor.h: 66584 (JSC::ObjectConstructor::createStructure): 66585 * runtime/RegExpConstructor.h: 66586 (JSC::RegExpConstructor::createStructure): 66587 * runtime/RegExpObject.h: 66588 (JSC::RegExpObject::createStructure): 66589 * runtime/ScopeChain.h: 66590 (JSC::ScopeChainNode::createStructure): 66591 * runtime/StringObject.h: 66592 (JSC::StringObject::createStructure): 66593 * runtime/StringObjectThatMasqueradesAsUndefined.h: 66594 (JSC::StringObjectThatMasqueradesAsUndefined::createStructure): 66595 * runtime/StringPrototype.h: 66596 (JSC::StringPrototype::createStructure): 66597 * runtime/Structure.h: 66598 (JSC::Structure::create): 66599 666002011-03-16 Geoffrey Garen <ggaren@apple.com> 66601 66602 Reviewed by Oliver Hunt. 66603 66604 Some conservative root gathering cleanup 66605 https://bugs.webkit.org/show_bug.cgi?id=56447 66606 66607 SunSpider says 0.5% - 1.8% faster. 66608 66609 * interpreter/RegisterFile.cpp: 66610 (JSC::RegisterFile::gatherConservativeRoots): 66611 * interpreter/RegisterFile.h: New helper function for doing the 66612 conservative gathering of the register file. It's still conservative, 66613 since the register file may contain uninitialized values, but it's 66614 moving-safe, because it only visits values tagged as pointers, so there's 66615 no risk of mistaking an integer for a pointer and accidentally changing it. 66616 66617 * runtime/ConservativeSet.cpp: 66618 (JSC::ConservativeRoots::add): 66619 * runtime/ConservativeSet.h: Added a single-value add function, used above. 66620 66621 * runtime/Heap.cpp: 66622 (JSC::Heap::markRoots): Separated machine stack conservative roots from 66623 register file conservative roots because machine stack roots must be 66624 pinned, but register file roots need not be pinned. 66625 66626 Adopted new interface for passing the current stack extent to the machine 66627 stack root gathering routine. This allows us to exclude marking-related 66628 data structures on the stack, and thus avoid double-marking the set of 66629 machine roots. 66630 66631 * runtime/MachineStackMarker.cpp: 66632 (JSC::MachineThreads::gatherFromCurrentThread): 66633 (JSC::MachineThreads::gatherConservativeRoots): 66634 * runtime/MachineStackMarker.h: Added new interface, described above. 66635 66636 * runtime/MarkedBlock.h: 66637 (JSC::MarkedBlock::firstAtom): 66638 * wtf/StdLibExtras.h: 66639 (WTF::roundUpToMultipleOf): Moved roundUpToMultipleOf so it could be used 66640 by MachineStacks. 66641 666422011-03-16 Geoffrey Garen <ggaren@apple.com> 66643 66644 Reviewed by Oliver Hunt. 66645 66646 A little bit of MarkStack cleanup 66647 https://bugs.webkit.org/show_bug.cgi?id=56443 66648 66649 Moved MarkStack functions into MarkStack.h/.cpp. 66650 66651 SunSpider reports no change. 66652 66653 * runtime/JSArray.h: 66654 * runtime/JSCell.h: Moved from here... 66655 * runtime/MarkStack.cpp: 66656 (JSC::MarkStack::markChildren): 66657 (JSC::MarkStack::drain): ...to here. Also, no need to inline drain. It's 66658 a huge function, and not called many times. 66659 66660 * runtime/MarkStack.h: 66661 (JSC::MarkStack::~MarkStack): Moved near constructor, per style guide. 66662 (JSC::MarkStack::append): 66663 (JSC::MarkStack::deprecatedAppend): 66664 (JSC::MarkStack::internalAppend): Moved to here. 66665 666662011-03-15 Geoffrey Garen <ggaren@apple.com> 66667 66668 Reviewed by Oliver Hunt. 66669 66670 Removed another deprecatedAppend 66671 https://bugs.webkit.org/show_bug.cgi?id=56429 66672 66673 * collector/handles/HandleHeap.cpp: 66674 (JSC::HandleHeap::markStrongHandles): 66675 * collector/handles/HandleHeap.h: Use HeapRootMarker, since handles are 66676 marked directly by the Heap. 66677 66678 * runtime/Heap.cpp: 66679 (JSC::Heap::markRoots): Ditto. 66680 666812011-03-15 Geoffrey Garen <ggaren@apple.com> 66682 66683 Reviewed by Oliver Hunt. 66684 66685 Removed some more deprecated / unsafe append 66686 https://bugs.webkit.org/show_bug.cgi?id=56428 66687 66688 * collector/handles/HandleStack.cpp: 66689 (JSC::HandleStack::mark): 66690 * collector/handles/HandleStack.h: Mark the handle stack using a HeapRoot 66691 marker, since it's a heap root. 66692 66693 * runtime/ArgList.cpp: 66694 (JSC::MarkedArgumentBuffer::markLists): 66695 (JSC::MarkedArgumentBuffer::slowAppend): 66696 * runtime/ArgList.h: Ditto. 66697 66698 * runtime/Heap.cpp: 66699 (JSC::Heap::markRoots): Added a mark call for marking the handle stack. 66700 It seems like Oliver forgot this in his last patch. (!) 66701 66702 * runtime/MarkStack.h: Removed appendSlots, since it would allow an 66703 object to embed JSValues directly instead of using WriteBarrier. 66704 66705 (JSC::MarkStack::append): Added a private append for a list of values. 66706 66707 (JSC::HeapRootMarker::mark): Access to the above. 66708 667092011-03-15 Geoffrey Garen <ggaren@apple.com> 66710 66711 Reviewed by Oliver Hunt. 66712 66713 Removed a few more deprecatedAppends, and removed HeapRoot<T> 66714 https://bugs.webkit.org/show_bug.cgi?id=56422 66715 66716 Added HeapRootMarker, a privileged class for marking direct heap roots 66717 that are iterated during each garbage collection. This is easier to use 66718 and more reliable than HeapRoot<T>, so I've removed HeapRoot<T>. 66719 66720 * debugger/Debugger.cpp: 66721 (JSC::evaluateInGlobalCallFrame): 66722 * debugger/DebuggerCallFrame.cpp: 66723 (JSC::DebuggerCallFrame::evaluate): 66724 * interpreter/CallFrame.h: 66725 (JSC::ExecState::exception): 66726 * jit/JITStubs.cpp: 66727 (JSC::DEFINE_STUB_FUNCTION): 66728 * runtime/Completion.cpp: 66729 (JSC::evaluate): exception is no longer a HeapRoot<T>, so no need to 66730 call .get() on it. 66731 66732 * runtime/Heap.cpp: 66733 (JSC::Heap::markProtectedObjects): 66734 (JSC::Heap::markTempSortVectors): 66735 (JSC::Heap::markRoots): 66736 * runtime/Heap.h: Updated to use HeapRootMarker. 66737 66738 * runtime/JSCell.h: 66739 (JSC::JSCell::MarkStack::append): Added private functions for 66740 HeapRootMarker to use. 66741 66742 * runtime/JSGlobalData.h: exception is no longer a HeapRoot<T>. 66743 66744 * runtime/MarkStack.h: 66745 (JSC::HeapRootMarker::HeapRootMarker): 66746 (JSC::HeapRootMarker::mark): Added private functions for 66747 HeapRootMarker to use. 66748 66749 * runtime/SmallStrings.cpp: 66750 (JSC::SmallStrings::markChildren): Updated to use HeapRootMarker. 66751 66752 * runtime/SmallStrings.h: 66753 (JSC::SmallStrings::emptyString): 66754 (JSC::SmallStrings::singleCharacterString): 66755 (JSC::SmallStrings::singleCharacterStrings): Updated to use HeapRootMarker. 66756 66757 * runtime/WriteBarrier.h: Removed HeapRoot<T>. 66758 667592011-03-14 Geoffrey Garen <ggaren@apple.com> 66760 66761 Reviewed by Oliver Hunt. 66762 66763 Made the global object moving-GC-safe 66764 https://bugs.webkit.org/show_bug.cgi?id=56348 66765 66766 SunSpider reports no change. 66767 66768 * runtime/JSGlobalObject.cpp: 66769 (JSC::JSGlobalObject::markChildren): Removed a dubious comment that 66770 suggested we do not need to visit all our references during GC, since 66771 that is not true in a moving GC. 66772 66773 Re-sorted data members by type, removed one duplicate, and added back 66774 the one missing mark I found. 66775 66776 * runtime/JSGlobalObject.h: Re-sorted data members by type. 66777 667782011-03-15 Oliver Hunt <oliver@apple.com> 66779 66780 Reviewed by Geoffrey Garen. 66781 66782 Introduce Local<T> to allow us to start moving to precise marking of locals 66783 https://bugs.webkit.org/show_bug.cgi?id=56394 66784 66785 Introduce a new handle type, Local<T> and a scoping mechanism 66786 LocalScope to allow us to start moving towards precise marking 66787 of temporaries and local variables. 66788 66789 We also start to use the new Local<> type in the JSON stringifier 66790 so that we can have some coverage of their behaviour in the initial 66791 checkin. 66792 66793 * GNUmakefile.am: 66794 * JavaScriptCore.gypi: 66795 * JavaScriptCore.pro: 66796 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 66797 * JavaScriptCore.xcodeproj/project.pbxproj: 66798 * collector/handles/Handle.h: 66799 (JSC::::asObject): 66800 * collector/handles/HandleStack.cpp: Added. 66801 (JSC::HandleStack::HandleStack): 66802 (JSC::HandleStack::mark): 66803 (JSC::HandleStack::grow): 66804 * collector/handles/HandleStack.h: Added. 66805 (JSC::HandleStack::enterScope): 66806 (JSC::HandleStack::zapTo): 66807 (JSC::HandleStack::leaveScope): 66808 (JSC::HandleStack::push): 66809 * collector/handles/Local.h: Added. 66810 (JSC::Local::internalSet): 66811 (JSC::::Local): 66812 (JSC::::operator): 66813 (JSC::LocalStack::LocalStack): 66814 (JSC::LocalStack::peek): 66815 (JSC::LocalStack::pop): 66816 (JSC::LocalStack::push): 66817 (JSC::LocalStack::isEmpty): 66818 (JSC::LocalStack::size): 66819 * collector/handles/LocalScope.h: Added. 66820 (JSC::LocalScope::LocalScope): 66821 (JSC::LocalScope::~LocalScope): 66822 (JSC::LocalScope::release): 66823 * runtime/Heap.cpp: 66824 (JSC::Heap::markRoots): 66825 * runtime/Heap.h: 66826 (JSC::Heap::allocateLocalHandle): 66827 (JSC::Heap::handleStack): 66828 * runtime/JSCell.h: 66829 (JSC::JSCell::::getString): 66830 * runtime/JSGlobalData.cpp: 66831 (JSC::JSGlobalData::JSGlobalData): 66832 * runtime/JSGlobalData.h: 66833 (JSC::JSGlobalData::allocateLocalHandle): 66834 * runtime/JSONObject.cpp: 66835 (JSC::Stringifier::Stringifier): 66836 (JSC::Stringifier::stringify): 66837 (JSC::Stringifier::appendStringifiedValue): 66838 (JSC::Stringifier::Holder::Holder): 66839 (JSC::Walker::Walker): 66840 (JSC::Walker::walk): 66841 (JSC::JSONProtoFuncParse): 66842 (JSC::JSONProtoFuncStringify): 66843 (JSC::JSONStringify): 66844 * runtime/JSONObject.h: 66845 * runtime/MarkStack.h: 66846 (JSC::MarkStack::appendValues): 66847 (JSC::MarkStack::appendSlots): 66848 668492011-03-15 Gavin Barraclough <barraclough@apple.com> 66850 66851 Rubber Stamped by Sam Weinig. 66852 66853 Bug 56420 - Remove ENABLE(JIT) code from ByteCompiler 66854 Some methods have unnecessary differences in name/arguments for interpreter/JIT. 66855 66856 * bytecode/CodeBlock.cpp: 66857 * bytecode/CodeBlock.h: 66858 (JSC::HandlerInfo::HandlerInfo): 66859 (JSC::CodeBlock::addPropertyAccessInfo): 66860 (JSC::CodeBlock::addGlobalResolveInfo): 66861 (JSC::CodeBlock::addCallLinkInfo): 66862 (JSC::CodeBlock::globalResolveInfo): 66863 * bytecode/Opcode.h: 66864 * bytecode/StructureStubInfo.h: 66865 * bytecompiler/BytecodeGenerator.cpp: 66866 (JSC::BytecodeGenerator::emitResolve): 66867 (JSC::BytecodeGenerator::emitResolveWithBase): 66868 (JSC::BytecodeGenerator::emitGetById): 66869 (JSC::BytecodeGenerator::emitPutById): 66870 (JSC::BytecodeGenerator::emitDirectPutById): 66871 (JSC::BytecodeGenerator::emitCall): 66872 (JSC::BytecodeGenerator::emitConstruct): 66873 (JSC::BytecodeGenerator::emitCatch): 66874 668752011-03-15 Gavin Barraclough <barraclough@apple.com> 66876 66877 Reviewed by Sam Weinig. 66878 66879 Fix broken assert in new code. 66880 66881 * dfg/DFGAliasTracker.h: 66882 (JSC::DFG::AliasTracker::recordPutByVal): 66883 - recordPutByVal is called for both PutByVal & PutByValAlias. 66884 668852011-03-15 Gavin Barraclough <barraclough@apple.com> 66886 66887 Rubber stamped by Sam Weinig. 66888 66889 Removed redundant code from BytecodeGenerator. 66890 66891 * bytecompiler/BytecodeGenerator.cpp: 66892 * bytecompiler/BytecodeGenerator.h: 66893 - delete uncalled code missed when reparsing was removed. 66894 668952011-03-15 Kevin Ollivier <kevino@theolliviers.com> 66896 66897 Reviewed by Darin Adler. 66898 66899 Introduce WTF_USE_EXPORT_MACROS, which will allow us to put shared library import/export 66900 info into the headers rather than in export symbol definition files, but disable it on 66901 all platforms initially so we can deal with port build issues one port at a time. 66902 66903 https://bugs.webkit.org/show_bug.cgi?id=27551 66904 66905 * API/JSBase.h: 66906 * config.h: 66907 * wtf/Assertions.h: 66908 * wtf/ExportMacros.h: Added. 66909 * wtf/Platform.h: 66910 669112011-03-14 Laszlo Gombos <laszlo.1.gombos@nokia.com> 66912 66913 Unreviewed build fix. 66914 66915 Buildfix when JIT is not enabled after r81079 66916 https://bugs.webkit.org/show_bug.cgi?id=56361 66917 66918 * runtime/Executable.cpp: 66919 669202011-03-14 Geoffrey Garen <ggaren@apple.com> 66921 66922 Reviewed by Oliver Hunt. 66923 66924 Made the global object moving-GC-safe 66925 https://bugs.webkit.org/show_bug.cgi?id=56348 66926 66927 SunSpider reports no change. 66928 66929 * runtime/JSGlobalObject.cpp: 66930 (JSC::JSGlobalObject::markChildren): Removed a dubious comment that 66931 suggested we do not need to visit all our references during GC, since 66932 that is not true in a moving GC. 66933 66934 Re-sorted data members by type, removed one duplicate, and added back 66935 the one missing mark I found. 66936 66937 * runtime/JSGlobalObject.h: Re-sorted data members by type. 66938 669392011-03-14 Geoffrey Garen <ggaren@apple.com> 66940 66941 Reviewed by Oliver Hunt. 66942 66943 Made JSWrapperObject and subclasses moving-GC-safe 66944 https://bugs.webkit.org/show_bug.cgi?id=56346 66945 66946 SunSpider reports no change. 66947 66948 * runtime/BooleanObject.cpp: 66949 (JSC::BooleanObject::BooleanObject): 66950 * runtime/DateInstance.cpp: 66951 (JSC::DateInstance::DateInstance): No more need for JSGlobalData, since 66952 we don't initialize the wrapped value in our constructor. 66953 66954 * runtime/DateInstance.h: Don't set the OverridesMarkChildren flag because 66955 we do not in fact override markChildren. 66956 66957 * runtime/DatePrototype.h: Declare an anonymous slot, since wrapper object 66958 no longer does so for us. Also added an ASSERT to catch a latent bug, 66959 where DatePrototype stomped on its base class's anonymous slot. Hard-coded 66960 anonymous slots are a plague on our code. This doesn't cause any problems 66961 in our existing code since the base class never reads the anonymous slot 66962 it declares, but it caused crashes when I tried to start using the slot 66963 in an initial version of this patch. 66964 66965 * runtime/JSWrapperObject.h: 66966 (JSC::JSWrapperObject::JSWrapperObject): 66967 (JSC::JSWrapperObject::internalValue): 66968 (JSC::JSWrapperObject::setInternalValue): Resolved a problem where 66969 our internal value was stored in two places: an anonymous slot, and a 66970 data member which was not always visited during GC. Now, we only use the 66971 data member, and we always visit it. (Instead of relying on certain 66972 subclasses to set the OverridesMarkChildren bit, we set it ourselves.) 66973 66974 * runtime/NumberObject.cpp: 66975 (JSC::NumberObject::NumberObject): No more need for JSGlobalData, since 66976 we don't initialize the wrapped value in our constructor. 66977 66978 * runtime/NumberObject.h: Removed meaningless declaration. 66979 66980 * runtime/StringObject.cpp: 66981 (JSC::StringObject::StringObject): No more need for JSGlobalData, since 66982 we don't initialize the wrapped value in our constructor. 66983 66984 * runtime/StringObject.h: Don't set the OverridesMarkChildren flag because 66985 we do not in fact override markChildren. 66986 66987 * runtime/StringPrototype.h: Declare an anonymous slot, since wrapper object 66988 no longer does so for us. Also added an ASSERT to catch a latent bug, 66989 where DatePrototype stomped on its base class's anonymous slot. Hard-coded 66990 anonymous slots are a plague on our code. 66991 669922011-03-14 Michael Saboff <msaboff@apple.com> 66993 66994 Reviewed by Gavin Barraclough. 66995 66996 Look-ahead assertions with back references don’t work as expected 66997 https://bugs.webkit.org/show_bug.cgi?id=56082 66998 66999 Changed parentheses assertion processing to temporarily back out the 67000 number of known characters after the assertion while processing the 67001 assertion. This was done so that assertions don't fail due to 67002 checking the number of required characters as additional to the 67003 rest of the express since assertions don't "consume" input. 67004 Added a byte code to uncheck characters to support the change. 67005 67006 * yarr/YarrInterpreter.cpp: 67007 (JSC::Yarr::Interpreter::matchDisjunction): 67008 (JSC::Yarr::ByteCompiler::uncheckInput): 67009 (JSC::Yarr::ByteCompiler::emitDisjunction): 67010 * yarr/YarrInterpreter.h: 67011 (JSC::Yarr::ByteTerm::UncheckInput): 67012 670132011-03-14 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com> 67014 67015 Reviewed by Laszlo Gombos. 67016 67017 [Qt] Warning that round/roundf functions are already defined when compiled with RVCT 4 on symbian. 67018 https://bugs.webkit.org/show_bug.cgi?id=56133 67019 67020 Add condition to not compile webkit internal math round functions on RVCT compiler versions 67021 from 3.0.0 because they are already defined in compiler math library. 67022 67023 * wtf/MathExtras.h: 67024 670252011-03-14 Gavin Barraclough <barraclough@apple.com> 67026 67027 Reviewed by Geoffrey Garen & Oliver Hunt. 67028 67029 Bug 56284 - Add a dataflow intermediate representation for use in JIT generation. 67030 67031 The JSC JIT presently generates code directly from the bytecode used by the interpreter. 67032 This is not an optimal intermediate representation for JIT code generation, since it does 67033 not capture liveness information of values, and provides little opportunity to perform 67034 any static analysis for even primitive types. The JIT currently generates two code paths, 67035 a fast path handling common cases, and a slower path handling less common operand types. 67036 However the slow path jumps back into the fast path, meaning that information arising 67037 from the earlier type checks cannot be propagated to later operations. 67038 67039 This patch adds: 67040 * a dataflow intermediate representation capable of describing a single basic block 67041 of operations, 67042 * a mechanism to convert a simple, single-block bytecode functions to the new IR, 67043 * and a JIT code generator capable of generating code from this representation. 67044 67045 The JIT generates two code paths, with the slower path not reentering the fast path 67046 mid-block, allowing speculative optimizations to be made on the hot path, with type 67047 information arising from these speculative decisions able to be propagated through the 67048 dataflow. Code generation of both speculative and non-speculative paths exploits the type 67049 and liveness information represented in the dataflow graph to attempt to avoid redundant 67050 boxing and type-checking of values, and to remove unnecessary spills of temporary values 67051 to the RegisterFile. 67052 67053 The dataflow JIT currently can only support a subset of bytecode operations, limited to 67054 arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the 67055 dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be 67056 expanded to include, control-flow, function calls, and then the long-tail of remaining 67057 bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of 67058 this only supports x86-64. 67059 67060 The status of the dataflow JIT is currently work-in-progress. Limitations of the present 67061 JIT code generation may cause performance regressions, particularly: 67062 * the policy to only generate arithmetic code on the speculative path using integer 67063 instructions, never using floating point. 67064 * the policy to only generate arithmetic code on the non-speculative path using 67065 floating point instructions, never using integer. 67066 * always generating JSValue adds on the non-speculative path as a call out to a 67067 C-function, never handling this in JIT code. 67068 * always assuming by-Value property accesses on the speculative path to be array 67069 accesses. 67070 * generating all by-Value property accesses from the non-speculative path as a call 67071 out to a C-function. 67072 * generating all by-Indentifer property accesses as a call out to a C-function. 67073 Due to these regressions, the code is landed in a state where it is disabled in most 67074 cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are 67075 addressed, the JIT will be allowed to trigger in more cases. 67076 67077 * JavaScriptCore.xcodeproj/project.pbxproj: 67078 - Added new files to Xcode project. 67079 * dfg: Added. 67080 - Added directory for new code. 67081 * dfg/DFGByteCodeParser.cpp: Added. 67082 * dfg/DFGByteCodeParser.h: Added. 67083 - Contruct a DFG::Graph representation from a bytecode CodeBlock. 67084 * dfg/DFGGenerationInfo.h: Added. 67085 - Track type & register information for VirtualRegisters during JIT code generation. 67086 * dfg/DFGGraph.cpp: Added. 67087 * dfg/DFGGraph.h: Added. 67088 - Dataflow graph intermediate representation for code generation. 67089 * dfg/DFGJITCodeGenerator.cpp: Added. 67090 * dfg/DFGJITCodeGenerator.h: Added. 67091 - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality. 67092 * dfg/DFGJITCompiler.cpp: Added. 67093 * dfg/DFGJITCompiler.h: Added. 67094 - Class responsible for driving code generation of speculativeJIT & non-speculative 67095 code paths from the dataflow graph. 67096 * dfg/DFGNonSpeculativeJIT.cpp: Added. 67097 * dfg/DFGNonSpeculativeJIT.h: Added. 67098 - Used to generate the non-speculative code path, this make no assumptions 67099 about operand types. 67100 * dfg/DFGOperations.cpp: Added. 67101 * dfg/DFGOperations.h: Added. 67102 - Helper functions called from the JIT generated code. 67103 * dfg/DFGRegisterBank.h: Added. 67104 - Used to track contents of physical registers during JIT code generation. 67105 * dfg/DFGSpeculativeJIT.cpp: Added. 67106 * dfg/DFGSpeculativeJIT.h: Added. 67107 - Used to generate the speculative code path, this make assumptions about 67108 operand types to enable optimization. 67109 * runtime/Executable.cpp: 67110 - Add code to attempt to use the DFG JIT to compile a function, with fallback 67111 to the existing JIT. 67112 * wtf/Platform.h: 67113 - Added compile guards to enable the DFG JIT. 67114 671152011-03-14 Geoffrey Garen <ggaren@apple.com> 67116 67117 Reviewed by Oliver Hunt. 67118 67119 Removed more cases of DeprecatedPtr (exception, SmallStrings) 67120 https://bugs.webkit.org/show_bug.cgi?id=56332 67121 67122 * runtime/Identifier.cpp: 67123 (JSC::Identifier::add): 67124 (JSC::Identifier::addSlowCase): Use a variable instead of a hard-coded 67125 constant, to make this code less brittle. 67126 67127 * runtime/JSGlobalData.h: Use HeapRoot instead of DeprecatedPtr because 67128 this reference is owned and managed directly by the heap. 67129 67130 * runtime/JSString.cpp: 67131 (JSC::JSString::substringFromRope): 67132 * runtime/JSString.h: 67133 (JSC::jsSingleCharacterString): 67134 (JSC::jsSingleCharacterSubstring): 67135 (JSC::jsString): 67136 (JSC::jsStringWithFinalizer): 67137 (JSC::jsSubstring): 67138 (JSC::jsOwnedString): Use a variable instead of a hard-coded 67139 constant, to make this code less brittle. 67140 67141 * runtime/SmallStrings.cpp: 67142 (JSC::SmallStringsStorage::rep): 67143 (JSC::SmallStringsStorage::SmallStringsStorage): 67144 (JSC::SmallStrings::SmallStrings): 67145 (JSC::SmallStrings::markChildren): 67146 (JSC::SmallStrings::clear): 67147 (JSC::SmallStrings::count): Use a variable instead of a hard-coded 67148 constant, to make this code less brittle. 67149 67150 * runtime/SmallStrings.h: 67151 (JSC::SmallStrings::singleCharacterString): Use HeapRoot instead of 67152 DeprecatedPtr because these references are owned and managed directly by 67153 the heap. 67154 67155 Stop using FixedArray because we only want a very limited set 67156 of classes to be able to use HeapRoot. (Replaced with manual ASSERTs.) 67157 67158 * runtime/WriteBarrier.h: 67159 (JSC::operator==): 67160 (JSC::WriteBarrier::WriteBarrier): 67161 (JSC::HeapRoot::HeapRoot): 67162 (JSC::HeapRoot::operator=): Added HeapRoot, which is allowed to set 67163 without write barrier because we assume all HeapRoots are scanned during 67164 all GC passes. 67165 671662011-03-14 Brian Weinstein <bweinstein@apple.com> 67167 67168 Reviewed by Adam Roben and Gavin Barraclough. 67169 67170 FileSystemWin.cpp needs listDirectory() implementation 67171 https://bugs.webkit.org/show_bug.cgi?id=56331 67172 <rdar://problem/9126635> 67173 67174 Give StringConcatenate the ability to deal with const UChar*'s as a String type to append. 67175 67176 * wtf/text/StringConcatenate.h: 67177 671782011-03-14 Mark Rowe <mrowe@apple.com> 67179 67180 Reviewed by Oliver Hunt. 67181 67182 <http://webkit.org/b/56304> REGRESSION(r80892): 100,000+ leaks seen on the build bot 67183 67184 * API/JSClassRef.cpp: 67185 (OpaqueJSClass::OpaqueJSClass): Don't leak any existing entry for the given name if 67186 the class definition contains duplicates. This also removes what look to be leaks 67187 of the StringImpl instances that are used as keys: the HashMap key type is a RefPtr 67188 which retains / releases the instances at the appropriate time, so explicitly calling 67189 ref is not necessary. 67190 671912011-03-14 Oliver Hunt <oliver@apple.com> 67192 67193 Fix windows build 67194 67195 * jit/JSInterfaceJIT.h: 67196 (JSC::JSInterfaceJIT::emitLoadInt32): 67197 (JSC::JSInterfaceJIT::tagFor): 67198 (JSC::JSInterfaceJIT::payloadFor): 67199 (JSC::JSInterfaceJIT::intPayloadFor): 67200 (JSC::JSInterfaceJIT::intTagFor): 67201 (JSC::JSInterfaceJIT::addressFor): 67202 672032011-03-11 Oliver Hunt <oliver@apple.com> 67204 67205 Reviewed by Gavin Barraclough. 67206 67207 Ensure all values are correctly tagged in the registerfile 67208 https://bugs.webkit.org/show_bug.cgi?id=56214 67209 67210 This patch makes sure that all JSCell pointers written to 67211 the registerfile are correctly tagged as JSCells, and replaces 67212 raw int usage with the immediate representation. 67213 67214 For performance, register pressure, and general saneness reasons 67215 I've added abstractions for reading and writing the tag 67216 and payload of integer registers directly for the JSVALUE64 67217 encoding. 67218 67219 * interpreter/Register.h: 67220 (JSC::Register::withInt): 67221 (JSC::Register::withCallee): 67222 (JSC::Register::operator=): 67223 (JSC::Register::i): 67224 (JSC::Register::activation): 67225 (JSC::Register::function): 67226 (JSC::Register::propertyNameIterator): 67227 (JSC::Register::scopeChain): 67228 * jit/JIT.h: 67229 * jit/JITCall.cpp: 67230 (JSC::JIT::compileOpCallInitializeCallFrame): 67231 (JSC::JIT::compileOpCallVarargs): 67232 (JSC::JIT::compileOpCall): 67233 * jit/JITCall32_64.cpp: 67234 (JSC::JIT::compileOpCallInitializeCallFrame): 67235 (JSC::JIT::compileOpCallVarargs): 67236 (JSC::JIT::compileOpCall): 67237 (JSC::JIT::compileOpCallSlowCase): 67238 * jit/JITInlineMethods.h: 67239 (JSC::JIT::emitPutToCallFrameHeader): 67240 (JSC::JIT::emitPutCellToCallFrameHeader): 67241 (JSC::JIT::emitPutIntToCallFrameHeader): 67242 * jit/JITOpcodes.cpp: 67243 (JSC::JIT::privateCompileCTINativeCall): 67244 (JSC::JIT::emit_op_get_pnames): 67245 (JSC::JIT::emit_op_next_pname): 67246 (JSC::JIT::emit_op_load_varargs): 67247 (JSC::JIT::emitSlow_op_load_varargs): 67248 * jit/JITOpcodes32_64.cpp: 67249 (JSC::JIT::privateCompileCTINativeCall): 67250 (JSC::JIT::emit_op_get_pnames): 67251 (JSC::JIT::emit_op_next_pname): 67252 * jit/JSInterfaceJIT.h: 67253 (JSC::JSInterfaceJIT::intPayloadFor): 67254 (JSC::JSInterfaceJIT::intTagFor): 67255 * jit/SpecializedThunkJIT.h: 67256 (JSC::SpecializedThunkJIT::returnJSValue): 67257 (JSC::SpecializedThunkJIT::returnDouble): 67258 (JSC::SpecializedThunkJIT::returnInt32): 67259 (JSC::SpecializedThunkJIT::returnJSCell): 67260 672612011-03-13 Geoffrey Garen <ggaren@apple.com> 67262 67263 Reviewed by Sam Weinig. 67264 67265 A few Heap-related renames (sans file moves, which should come next) 67266 https://bugs.webkit.org/show_bug.cgi?id=56283 67267 67268 ConservativeSet => ConservativeRoots. "Set" was misleading, since items 67269 are not uniqued. Also, "Roots" is more specific about what's in the set. 67270 67271 MachineStackMarker => MachineThreads. "Threads" is more descriptive of 67272 the fact that this class maintains a set of all threads using JSC. 67273 "Stack" was misleading, since this class traverses stacks and registers. 67274 "Mark" was misleading, since this class doesn't mark anything anymore. 67275 67276 registerThread => addCurrentThread. "Current" is more specific. 67277 unregisterThread => removeCurrentThread. "Current" is more specific. 67278 67279 "currentThreadRegistrar" => threadSpecific. The only point of this data 67280 structure is to register a thread-specific destructor with a pointer to 67281 this. 67282 67283 "mark...Conservatively" => "gather". "Mark" is not true, since these 67284 functions don't mark anything. "Conservatively" is redundant, since they 67285 take "ConservativeRoots" as an argument. 67286 67287 * API/APIShims.h: 67288 (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): 67289 * JavaScriptCore.exp: 67290 * runtime/ConservativeSet.cpp: 67291 (JSC::ConservativeRoots::grow): 67292 (JSC::ConservativeRoots::add): 67293 * runtime/ConservativeSet.h: 67294 (JSC::ConservativeRoots::ConservativeRoots): 67295 (JSC::ConservativeRoots::~ConservativeRoots): 67296 (JSC::ConservativeRoots::size): 67297 (JSC::ConservativeRoots::roots): 67298 * runtime/Heap.cpp: 67299 (JSC::Heap::Heap): 67300 (JSC::Heap::markRoots): 67301 * runtime/Heap.h: 67302 (JSC::Heap::machineThreads): 67303 * runtime/JSGlobalData.h: 67304 (JSC::JSGlobalData::makeUsableFromMultipleThreads): 67305 * runtime/MachineStackMarker.cpp: 67306 (JSC::MachineThreads::MachineThreads): 67307 (JSC::MachineThreads::~MachineThreads): 67308 (JSC::MachineThreads::makeUsableFromMultipleThreads): 67309 (JSC::MachineThreads::addCurrentThread): 67310 (JSC::MachineThreads::removeThread): 67311 (JSC::MachineThreads::removeCurrentThread): 67312 (JSC::MachineThreads::gatherFromCurrentThreadInternal): 67313 (JSC::MachineThreads::gatherFromCurrentThread): 67314 (JSC::MachineThreads::gatherFromOtherThread): 67315 (JSC::MachineThreads::gatherConservativeRoots): 67316 * runtime/MachineStackMarker.h: 67317 * runtime/MarkStack.h: 67318 (JSC::MarkStack::append): 67319 673202011-03-13 David Kilzer <ddkilzer@apple.com> 67321 67322 BUILD FIX for armv7 after r80969 67323 67324 Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this. 67325 <https://bugs.webkit.org/show_bug.cgi?id=56270> 67326 67327 * assembler/MacroAssemblerARMv7.h: 67328 (JSC::MacroAssemblerARMv7::load32): Made void* address argument 67329 const. 67330 (JSC::MacroAssemblerARMv7::store32): Ditto. 67331 673322011-03-13 Geoffrey Garen <ggaren@apple.com> 67333 67334 Not reviewed. 67335 67336 Try to fix the Mac build. 67337 67338 * JavaScriptCore.xcodeproj/project.pbxproj: Make sure to forward 67339 ConervativeSet.h, since it's now visible when compiling other projects. 67340 673412011-03-13 Geoffrey Garen <ggaren@apple.com> 67342 67343 Reviewed by Oliver Hunt. 67344 67345 Removed another case of DeprecatedPtr (ConservativeSet) 67346 https://bugs.webkit.org/show_bug.cgi?id=56281 67347 67348 The ConservativeSet is an internal data structure used during marking, 67349 so direct pointers are fine. 67350 67351 * runtime/ConservativeSet.cpp: 67352 (JSC::ConservativeSet::grow): 67353 * runtime/ConservativeSet.h: Added some accessors, for use by MarkStack::append. 67354 (JSC::ConservativeSet::~ConservativeSet): Fixed a typo where we calculated 67355 the size of the set based on sizeof(DeprecatedPtr<T>*) instead of 67356 sizeof(DeprecatedPtr<T>). I'm not sure if this had real-world implications or not. 67357 (JSC::ConservativeSet::size): 67358 (JSC::ConservativeSet::set): Use direct pointers, as stated above. 67359 67360 * runtime/Heap.cpp: 67361 (JSC::Heap::markRoots): 67362 * runtime/MarkStack.h: 67363 (JSC::MarkStack::append): Created a special case of append for 67364 ConservativeSet. I didn't want to add back a generic "append JSCell*" 67365 function, since other class might start using that wrong. (In the end, 67366 this function might go away, since the Heap will want to do something 67367 slightly more interesting with the conservative set, but this is OK for 67368 now.) 67369 673702011-03-13 Geoffrey Garen <ggaren@apple.com> 67371 67372 Reviewed by Oliver Hunt. 67373 67374 Removed another case of DeprecatedPtr (PutPropertySlot) 67375 https://bugs.webkit.org/show_bug.cgi?id=56278 67376 67377 * runtime/PutPropertySlot.h: 67378 (JSC::PutPropertySlot::setExistingProperty): 67379 (JSC::PutPropertySlot::setNewProperty): 67380 (JSC::PutPropertySlot::base): Direct pointer is fine for PutPropertySlot, 67381 since it's a stack-allocated temporary. 67382 673832011-03-13 Geoffrey Garen <ggaren@apple.com> 67384 67385 Reviewed by Oliver Hunt. 67386 67387 Removed one case of DeprecatedPtr (ScopeChainIterator) 67388 https://bugs.webkit.org/show_bug.cgi?id=56277 67389 67390 * runtime/ScopeChain.h: Direct pointer is fine for ScopeChainIterator, 67391 since it's a stack-allocated temporary. 67392 673932011-03-13 Gavin Barraclough <barraclough@apple.com> 67394 67395 Reviewed by Sam Weinig. 67396 67397 Bug 56273 - Add three operand forms to MacroAssember operations. 67398 67399 Adding for X86(_64) for now, should be rolled out to other backends as necessary. 67400 These may allow more efficient code generation in some cases, avoiding the need 67401 for unnecessary register-register move instructions. 67402 67403 * assembler/AbstractMacroAssembler.h: 67404 (JSC::AbstractMacroAssembler::Jump::link): 67405 (JSC::AbstractMacroAssembler::Jump::linkTo): 67406 - marked these methods const. 67407 (JSC::AbstractMacroAssembler::Jump::isSet): 67408 - add a method to check whether a Jump object has been set to 67409 reference an instruction, or is in a null, unset state. 67410 * assembler/MacroAssemblerCodeRef.h: 67411 (JSC::FunctionPtr::FunctionPtr): 67412 - add non-explicit constructor, for FunctionPtr's to C/C++ functions. 67413 * assembler/MacroAssemblerX86Common.h: 67414 (JSC::MacroAssemblerX86Common::and32): 67415 (JSC::MacroAssemblerX86Common::lshift32): 67416 (JSC::MacroAssemblerX86Common::or32): 67417 (JSC::MacroAssemblerX86Common::rshift32): 67418 (JSC::MacroAssemblerX86Common::urshift32): 67419 (JSC::MacroAssemblerX86Common::xor32): 67420 (JSC::MacroAssemblerX86Common::moveDouble): 67421 (JSC::MacroAssemblerX86Common::addDouble): 67422 (JSC::MacroAssemblerX86Common::divDouble): 67423 (JSC::MacroAssemblerX86Common::subDouble): 67424 (JSC::MacroAssemblerX86Common::mulDouble): 67425 (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32): 67426 (JSC::MacroAssemblerX86Common::branchTest32): 67427 (JSC::MacroAssemblerX86Common::branchTest8): 67428 (JSC::MacroAssemblerX86Common::branchAdd32): 67429 (JSC::MacroAssemblerX86Common::branchMul32): 67430 (JSC::MacroAssemblerX86Common::branchSub32): 67431 - add three operand forms of these instructions. 67432 * assembler/MacroAssemblerX86_64.h: 67433 (JSC::MacroAssemblerX86_64::addDouble): 67434 (JSC::MacroAssemblerX86_64::convertInt32ToDouble): 67435 (JSC::MacroAssemblerX86_64::loadPtr): 67436 (JSC::MacroAssemblerX86_64::branchTestPtr): 67437 * assembler/X86Assembler.h: 67438 (JSC::X86Assembler::JmpSrc::isSet): 67439 - add a method to check whether a JmpSrc object has been set to 67440 reference an instruction, or is in a null, unset state. 67441 (JSC::X86Assembler::movsd_rr): 67442 - added FP register-register move. 67443 (JSC::X86Assembler::linkJump): 67444 - Add an assert to check jumps aren't linked more than once. 67445 * jit/JITInlineMethods.h: 67446 (JSC::JIT::emitLoadInt32ToDouble): 67447 - load integers to the FPU via regsiters on x86-64. 67448 674492011-03-13 Gavin Barraclough <barraclough@apple.com> 67450 67451 ARM build fix. 67452 67453 * assembler/MacroAssemblerARM.h: 67454 (JSC::MacroAssemblerARM::load32): 67455 674562011-03-13 Gavin Barraclough <barraclough@apple.com> 67457 67458 Reviewed by Sam Weinig. 67459 67460 Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this. 67461 67462 The JIT need to 'friend' other classes in order to be able to calculate offsets 67463 of various properties, or the absolute addresses of members within specific objects, 67464 in order to JIT generate code that will access members within the class when run. 67465 67466 Instead of using friends in these cases, switch to providing specific accessor 67467 methods to provide this information. In the case of offsets, these can be static 67468 functions, and in the case of pointers to members within a specific object these can 67469 be const methods returning pointers to const values, to prevent clients from 67470 modifying values otherwise encapsulated within classes. 67471 67472 * bytecode/SamplingTool.h: 67473 * interpreter/Register.h: 67474 * interpreter/RegisterFile.h: 67475 * runtime/JSArray.h: 67476 * runtime/JSCell.h: 67477 * runtime/JSTypeInfo.h: 67478 * runtime/JSVariableObject.h: 67479 * runtime/Structure.h: 67480 * wtf/RefCounted.h: 67481 - Change these classes to no longer friend the JIT, add accessors for member offsets. 67482 * jit/JIT.cpp: 67483 * jit/JITCall32_64.cpp: 67484 * jit/JITInlineMethods.h: 67485 * jit/JITOpcodes.cpp: 67486 * jit/JITOpcodes32_64.cpp: 67487 * jit/JITPropertyAccess.cpp: 67488 * jit/JITPropertyAccess32_64.cpp: 67489 - Change the JIT to use class accessors, rather than taking object ofsets directly. 67490 * assembler/AbstractMacroAssembler.h: 67491 * assembler/MacroAssemblerX86_64.h: 67492 * assembler/X86Assembler.h: 67493 - Since the accessors for objects members return const pointers to retain encapsulation, 67494 methods generating code with absolute addresses must be able to handle const pointers 67495 (the JIT doesn't write to these values, do dies treat the pointer to value as const 67496 from within the C++ code of the JIT, if not at runtime!). 67497 674982011-03-12 Sheriff Bot <webkit.review.bot@gmail.com> 67499 67500 Unreviewed, rolling out r80919. 67501 http://trac.webkit.org/changeset/80919 67502 https://bugs.webkit.org/show_bug.cgi?id=56251 67503 67504 all windows bots failed to compile this change (Requested by 67505 loislo on #webkit). 67506 67507 * JavaScriptCore.xcodeproj/project.pbxproj: 67508 * bytecode/StructureStubInfo.cpp: 67509 * interpreter/Register.h: 67510 (JSC::Register::withInt): 67511 (JSC::Register::withCallee): 67512 (JSC::Register::operator=): 67513 (JSC::Register::i): 67514 (JSC::Register::activation): 67515 (JSC::Register::function): 67516 (JSC::Register::propertyNameIterator): 67517 (JSC::Register::scopeChain): 67518 * jit/JIT.h: 67519 * jit/JITCall.cpp: 67520 (JSC::JIT::compileOpCallInitializeCallFrame): 67521 (JSC::JIT::compileOpCallVarargs): 67522 (JSC::JIT::compileOpCall): 67523 * jit/JITCall32_64.cpp: 67524 (JSC::JIT::compileOpCallInitializeCallFrame): 67525 (JSC::JIT::compileOpCallVarargs): 67526 (JSC::JIT::compileOpCall): 67527 (JSC::JIT::compileOpCallSlowCase): 67528 * jit/JITInlineMethods.h: 67529 (JSC::JIT::emitPutToCallFrameHeader): 67530 * jit/JITOpcodes.cpp: 67531 (JSC::JIT::privateCompileCTINativeCall): 67532 (JSC::JIT::emit_op_get_pnames): 67533 (JSC::JIT::emit_op_next_pname): 67534 (JSC::JIT::emit_op_load_varargs): 67535 (JSC::JIT::emitSlow_op_load_varargs): 67536 * jit/JITOpcodes32_64.cpp: 67537 (JSC::JIT::privateCompileCTINativeCall): 67538 (JSC::JIT::emit_op_get_pnames): 67539 (JSC::JIT::emit_op_next_pname): 67540 * jit/JSInterfaceJIT.h: 67541 (JSC::JSInterfaceJIT::payloadFor): 67542 * jit/SpecializedThunkJIT.h: 67543 (JSC::SpecializedThunkJIT::returnJSValue): 67544 (JSC::SpecializedThunkJIT::returnDouble): 67545 (JSC::SpecializedThunkJIT::returnInt32): 67546 (JSC::SpecializedThunkJIT::returnJSCell): 67547 * runtime/ArgList.cpp: 67548 * runtime/DateConversion.cpp: 67549 * runtime/GCActivityCallbackCF.cpp: 67550 * runtime/Identifier.cpp: 67551 * runtime/JSActivation.h: 67552 (JSC::asActivation): 67553 * runtime/JSLock.cpp: 67554 * runtime/JSNumberCell.cpp: 67555 * runtime/JSObject.h: 67556 * runtime/JSPropertyNameIterator.h: 67557 * runtime/JSValue.h: 67558 * runtime/JSZombie.cpp: 67559 * runtime/MarkedBlock.cpp: 67560 * runtime/MarkedSpace.cpp: 67561 * runtime/PropertyNameArray.cpp: 67562 * runtime/ScopeChain.h: 67563 (JSC::ExecState::globalThisValue): 67564 * wtf/DateMath.cpp: 67565 675662011-03-11 Oliver Hunt <oliver@apple.com> 67567 67568 Reviewed by Gavin Barraclough. 67569 67570 Ensure all values are correctly tagged in the registerfile 67571 https://bugs.webkit.org/show_bug.cgi?id=56214 67572 67573 This patch makes sure that all JSCell pointers written to 67574 the registerfile are correctly tagged as JSCells, and replaces 67575 raw int usage with the immediate representation. 67576 67577 For performance, register pressure, and general saneness reasons 67578 I've added abstractions for reading and writing the tag 67579 and payload of integer registers directly for the JSVALUE64 67580 encoding. 67581 67582 * interpreter/Register.h: 67583 (JSC::Register::withInt): 67584 (JSC::Register::withCallee): 67585 (JSC::Register::operator=): 67586 (JSC::Register::i): 67587 (JSC::Register::activation): 67588 (JSC::Register::function): 67589 (JSC::Register::propertyNameIterator): 67590 (JSC::Register::scopeChain): 67591 * jit/JIT.h: 67592 * jit/JITCall.cpp: 67593 (JSC::JIT::compileOpCallInitializeCallFrame): 67594 (JSC::JIT::compileOpCallVarargs): 67595 (JSC::JIT::compileOpCall): 67596 * jit/JITCall32_64.cpp: 67597 (JSC::JIT::compileOpCallInitializeCallFrame): 67598 (JSC::JIT::compileOpCallVarargs): 67599 (JSC::JIT::compileOpCall): 67600 (JSC::JIT::compileOpCallSlowCase): 67601 * jit/JITInlineMethods.h: 67602 (JSC::JIT::emitPutToCallFrameHeader): 67603 (JSC::JIT::emitPutCellToCallFrameHeader): 67604 (JSC::JIT::emitPutIntToCallFrameHeader): 67605 * jit/JITOpcodes.cpp: 67606 (JSC::JIT::privateCompileCTINativeCall): 67607 (JSC::JIT::emit_op_get_pnames): 67608 (JSC::JIT::emit_op_next_pname): 67609 (JSC::JIT::emit_op_load_varargs): 67610 (JSC::JIT::emitSlow_op_load_varargs): 67611 * jit/JITOpcodes32_64.cpp: 67612 (JSC::JIT::privateCompileCTINativeCall): 67613 (JSC::JIT::emit_op_get_pnames): 67614 (JSC::JIT::emit_op_next_pname): 67615 * jit/JSInterfaceJIT.h: 67616 (JSC::JSInterfaceJIT::intPayloadFor): 67617 (JSC::JSInterfaceJIT::intTagFor): 67618 * jit/SpecializedThunkJIT.h: 67619 (JSC::SpecializedThunkJIT::returnJSValue): 67620 (JSC::SpecializedThunkJIT::returnDouble): 67621 (JSC::SpecializedThunkJIT::returnInt32): 67622 (JSC::SpecializedThunkJIT::returnJSCell): 67623 676242011-03-11 Dimitri Glazkov <dglazkov@chromium.org> 67625 67626 Reviewed by Eric Seidel. 67627 67628 Introduce project_dir variable and make paths a whole lot saner. Ok, a little bit saner. 67629 https://bugs.webkit.org/show_bug.cgi?id=56231 67630 67631 * JavaScriptCore.gypi: Added project_dir variable. 67632 * gyp/JavaScriptCore.gyp: Changed to use project_dir, rather than DEPTH/JavaScriptCore. 67633 * gyp/generate-dtrace-header.sh: Changed to use project_dir. 67634 676352011-03-11 Dimitri Glazkov <dglazkov@chromium.org> 67636 67637 Reviewed by Adam Barth. 67638 67639 Start using derived sources correctly and link minidom with JavaScriptCore gyp project. 67640 https://bugs.webkit.org/show_bug.cgi?id=56217 67641 67642 * gyp/JavaScriptCore.gyp: Added derived source files and passing of shared directory 67643 to the scripts. 67644 * gyp/generate-derived-sources.sh: Changed to use passed directory. 67645 * gyp/generate-dtrace-header.sh: Ditto. 67646 676472011-03-11 Eric Carlson <eric.carlson@apple.com> 67648 67649 Reviewed by Sam Weinig. 67650 67651 <rdar://problem/8955589> Adopt AVFoundation media back end on Lion. 67652 67653 No new tests, existing media tests cover this. 67654 67655 * JavaScriptCore.exp: Export cancelCallOnMainThread 67656 * wtf/Platform.h: Define WTF_USE_AVFOUNDATION. 67657 676582011-03-11 Dimitri Glazkov <dglazkov@chromium.org> 67659 67660 Reviewed by Adam Barth. 67661 67662 Tweak dylib paths and add dtrace header generation action to JavaScriptCore gyp project. 67663 https://bugs.webkit.org/show_bug.cgi?id=56207 67664 67665 * JavaScriptCore.gypi: Added Tracing.d to the sources. 67666 * gyp/generate-dtrace-header.sh: Added. 67667 * gyp/JavaScriptCore.gyp: Updated dylib paths (now the project can see them), 67668 and added DTrace header generating step. 67669 676702011-03-10 Oliver Hunt <oliver@apple.com> 67671 67672 Reviewed by Gavin Barraclough. 67673 67674 Fix allocation of native function with a cached thunk 67675 https://bugs.webkit.org/show_bug.cgi?id=56127 67676 67677 Fix this race condition found while fixing zombies. 67678 67679 * collector/handles/HandleHeap.cpp: 67680 (JSC::HandleHeap::clearWeakPointers): 67681 * runtime/Heap.cpp: 67682 (JSC::Heap::reset): 67683 * runtime/JSFunction.cpp: 67684 (JSC::JSFunction::JSFunction): 67685 (JSC::JSFunction::markChildren): 67686 * runtime/JSValue.h: 67687 (JSC::JSValue::decode): 67688 * runtime/JSZombie.cpp: 67689 (JSC::JSZombie::leakedZombieStructure): 67690 * runtime/JSZombie.h: 67691 (JSC::JSZombie::createStructure): 67692 * runtime/MarkedBlock.cpp: 67693 676942011-03-10 Luiz Agostini <luiz.agostini@openbossa.org> 67695 67696 Reviewed by Andreas Kling. 67697 67698 [Qt] fast/workers/stress-js-execution.html is crashing on Qt bot (intermittently) 67699 https://bugs.webkit.org/show_bug.cgi?id=33008 67700 67701 Defining WTF_USE_PTHREAD_BASED_QT=1 for platforms where QThread uses pthread internally. 67702 Symbian is excluded because pthread_kill does not work on it. Mac is excluded because 67703 it has its own ways to do JSC threading. 67704 67705 Defining WTF_USE_PTHREADS inside MachineStackMarker.cpp if USE(PTHREAD_BASED_QT) is true. 67706 67707 * runtime/MachineStackMarker.cpp: 67708 * wtf/Platform.h: 67709 677102011-03-10 Gavin Barraclough <barraclough@apple.com> 67711 67712 Reviewed by Oliver Hunt. 67713 67714 Bug 56077 - ES5 conformance issues with RegExp.prototype 67715 67716 There are three issues causing test failures in sputnik. 67717 67718 (1) lastIndex should be converted at the point it is used, not the point it is set (this is visible if valueOf is overridden). 67719 (2) The 'length' property of the test/exec functions should be 1. 67720 (3) If no input is specified, the input to test()/exec() is "undefined" (i.e. ToString(undefined)) - not RegExp.input. 67721 67722 * runtime/RegExpObject.cpp: 67723 (JSC::RegExpObject::markChildren): 67724 - Added to mark lastIndex 67725 (JSC::regExpObjectLastIndex): 67726 (JSC::setRegExpObjectLastIndex): 67727 - lastIndex is now stored as a JSValue. 67728 (JSC::RegExpObject::match): 67729 - Use accessor methods to get/set lastIndex, add fast case for isUInt32 (don't convert to double). 67730 * runtime/RegExpObject.h: 67731 (JSC::RegExpObject::setLastIndex): 67732 (JSC::RegExpObject::setLastIndex): 67733 - Set lastIndex, either from a size_t or a JSValue. 67734 (JSC::RegExpObject::getLastIndex): 67735 - Get lastIndex. 67736 (JSC::RegExpObject::RegExpObjectData::RegExpObjectData): 67737 - Initialize as a JSValue. 67738 * runtime/RegExpPrototype.cpp: 67739 (JSC::RegExpPrototype::RegExpPrototype): 67740 - Add test/exec properties with length 1. 67741 * runtime/StringPrototype.cpp: 67742 (JSC::stringProtoFuncMatch): 67743 (JSC::stringProtoFuncSearch): 67744 - Do not read RegExp.input if none is provided. 67745 * tests/mozilla/js1_2/regexp/RegExp_input.js: 67746 * tests/mozilla/js1_2/regexp/RegExp_input_as_array.js: 67747 - Update these tests (they relied on non-ES5 behaviour). 67748 677492011-03-10 Geoffrey Garen <ggaren@apple.com> 67750 67751 Reviewed by Oliver Hunt. 67752 67753 Rolled back in 80277 and 80280 with event handler layout test failures fixed. 67754 https://bugs.webkit.org/show_bug.cgi?id=55653 67755 67756 The failures were caused by a last minute typo: assigning to currentEvent 67757 instead of m_currentEvent. 67758 67759 * JavaScriptCore.exp: 67760 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 67761 * JavaScriptCore.xcodeproj/project.pbxproj: 67762 * bytecompiler/BytecodeGenerator.cpp: 67763 * jit/JITOpcodes.cpp: 67764 * jit/JITOpcodes32_64.cpp: 67765 * runtime/Arguments.h: 67766 * runtime/JSActivation.cpp: 67767 * runtime/JSActivation.h: 67768 * runtime/JSCell.h: 67769 * runtime/JSGlobalObject.cpp: 67770 * runtime/JSGlobalObject.h: 67771 * runtime/JSObject.cpp: 67772 * runtime/JSStaticScopeObject.cpp: 67773 * runtime/JSStaticScopeObject.h: 67774 * runtime/JSVariableObject.h: 67775 * runtime/MarkedSpace.cpp: 67776 * runtime/MarkedSpace.h: 67777 677782011-03-09 Oliver Hunt <oliver@apple.com> 67779 67780 Reviewed by Gavin Barraclough. 67781 67782 jquery/manipulation.html fails after r80598 67783 https://bugs.webkit.org/show_bug.cgi?id=56019 67784 67785 When linking a call, codeblock now takes ownership of the linked function 67786 This removes the need for unlinking, and thus the incorrectness that was 67787 showing up in these tests. 67788 67789 * bytecode/CodeBlock.cpp: 67790 (JSC::CodeBlock::~CodeBlock): 67791 (JSC::CodeBlock::markAggregate): 67792 * bytecode/CodeBlock.h: 67793 (JSC::CallLinkInfo::CallLinkInfo): 67794 (JSC::CallLinkInfo::setUnlinked): 67795 (JSC::CodeBlock::addCaller): 67796 * jit/JIT.cpp: 67797 (JSC::JIT::privateCompile): 67798 (JSC::JIT::linkCall): 67799 (JSC::JIT::linkConstruct): 67800 * jit/JIT.h: 67801 * runtime/Executable.cpp: 67802 * runtime/Executable.h: 67803 678042011-03-09 Daniel Bates <dbates@rim.com> 67805 67806 Attempt to fix the WinCE build after changeset 80684 <http://trac.webkit.org/changeset/80684> 67807 (Bug #56041<https://bugs.webkit.org/show_bug.cgi?id=56041>). 67808 67809 * interpreter/Interpreter.cpp: 67810 (JSC::Interpreter::privateExecute): Substitute variable callFrame for exec in call to createSyntaxError(). 67811 678122011-03-09 Gavin Barraclough <barraclough@apple.com> 67813 67814 Reviewed by Sam Weinig. 67815 67816 Bug 56041 - RexExp constructor should only accept flags "gim" 67817 Fix for issues introduced in r80667. 67818 67819 Invalid flags to a RegExp literal are a late syntax error! 67820 67821 * bytecode/CodeBlock.h: 67822 (JSC::CodeBlock::addRegExp): 67823 - Pass a PassRefPtr<RegExp> 67824 * bytecompiler/BytecodeGenerator.cpp: 67825 (JSC::BytecodeGenerator::addRegExp): 67826 (JSC::BytecodeGenerator::emitNewRegExp): 67827 * bytecompiler/BytecodeGenerator.h: 67828 - Pass a PassRefPtr<RegExp> 67829 * bytecompiler/NodesCodegen.cpp: 67830 (JSC::RegExpNode::emitBytecode): 67831 - Should not be ASSERTing that the flags are valid - this is a late(er) error. 67832 * interpreter/Interpreter.cpp: 67833 (JSC::Interpreter::privateExecute): 67834 - Need to check for error from RegExp constructor. 67835 * jit/JITStubs.cpp: 67836 (JSC::DEFINE_STUB_FUNCTION): 67837 - Need to check for error from RegExp constructor. 67838 * runtime/RegExp.h: 67839 (JSC::RegExp::isValid): 67840 - Make isValid check that the regexp was created with valid flags. 67841 * runtime/RegExpKey.h: 67842 - Since we'll not create RegExp objects with invalid flags, separate out the deleted value. 67843 678442011-03-09 Gavin Barraclough <barraclough@apple.com> 67845 67846 Windows build fix part 2. 67847 67848 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 67849 678502011-03-09 Gavin Barraclough <barraclough@apple.com> 67851 67852 Windows build fix part 1. 67853 67854 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 67855 678562011-03-09 Gavin Barraclough <barraclough@apple.com> 67857 67858 Reviewed by Darin Adler. 67859 67860 Bug 56041 - RexExp constructor should only accept flags "gim" 67861 We also should be passing the flags around as a bitfield rather than a string, 67862 and should not have redundant, incompatible code for converting the string to a bitfield! 67863 67864 * JavaScriptCore.exp: 67865 * bytecompiler/NodesCodegen.cpp: 67866 (JSC::RegExpNode::emitBytecode): 67867 - Need to parse flags string to enum. 67868 * runtime/RegExp.cpp: 67869 (JSC::regExpFlags): 67870 (JSC::RegExp::RegExp): 67871 (JSC::RegExp::create): 67872 - Add method to parse flags string to enum, change constructor/create args to take enum. 67873 * runtime/RegExp.h: 67874 (JSC::RegExp::global): 67875 (JSC::RegExp::ignoreCase): 67876 (JSC::RegExp::multiline): 67877 - Change to use new enum values. 67878 * runtime/RegExpCache.cpp: 67879 (JSC::RegExpCache::lookupOrCreate): 67880 (JSC::RegExpCache::create): 67881 * runtime/RegExpCache.h: 67882 - Changed to use regExpFlags enum instead of int/const UString&. 67883 * runtime/RegExpConstructor.cpp: 67884 (JSC::constructRegExp): 67885 - Add use new enum parsing, check for error. 67886 * runtime/RegExpKey.h: 67887 (JSC::RegExpKey::RegExpKey): 67888 * runtime/RegExpPrototype.cpp: 67889 (JSC::RegExpPrototype::RegExpPrototype): 67890 - Pass NoFlags value instead of empty string. 67891 (JSC::regExpProtoFuncCompile): 67892 - Add use new enum parsing, check for error. 67893 * runtime/StringPrototype.cpp: 67894 (JSC::stringProtoFuncMatch): 67895 (JSC::stringProtoFuncSearch): 67896 - Pass NoFlags value instead of empty string. 67897 678982011-03-08 Gavin Barraclough <barraclough@apple.com> 67899 67900 Reviewed by Sam Weinig 67901 67902 Bug 55994 - Functions on Array.prototype should check length first. 67903 These methods are designed to work on generic objects too, and if 'length' 67904 is a getter that throws an exception, ensure this is correctly thrown 67905 (even if other exceptions would be thrown, too). 67906 67907 Make the length check the first thing we do. 67908 This change shows a progression on SunSpider on my machine, but this is likely bogus. 67909 67910 * runtime/ArrayPrototype.cpp: 67911 (JSC::arrayProtoFuncToString): 67912 (JSC::arrayProtoFuncToLocaleString): 67913 (JSC::arrayProtoFuncJoin): 67914 (JSC::arrayProtoFuncPop): 67915 (JSC::arrayProtoFuncPush): 67916 (JSC::arrayProtoFuncReverse): 67917 (JSC::arrayProtoFuncShift): 67918 (JSC::arrayProtoFuncSlice): 67919 (JSC::arrayProtoFuncSort): 67920 (JSC::arrayProtoFuncSplice): 67921 (JSC::arrayProtoFuncUnShift): 67922 (JSC::arrayProtoFuncFilter): 67923 (JSC::arrayProtoFuncMap): 67924 (JSC::arrayProtoFuncEvery): 67925 (JSC::arrayProtoFuncForEach): 67926 (JSC::arrayProtoFuncSome): 67927 (JSC::arrayProtoFuncReduce): 67928 (JSC::arrayProtoFuncReduceRight): 67929 (JSC::arrayProtoFuncIndexOf): 67930 (JSC::arrayProtoFuncLastIndexOf): 67931 679322011-03-07 Oliver Hunt <oliver@apple.com> 67933 67934 Reviewed by Gavin Barraclough. 67935 67936 Make CodeBlock GC write barrier safe 67937 https://bugs.webkit.org/show_bug.cgi?id=55910 67938 67939 In order to make CodeBlock WriteBarrier safe it was necessary 67940 to make it have a single GC owner, and for that reason I have 67941 made ExecutableBase a GC allocated object. This required 67942 updating their creation routines as well as all sites that hold 67943 a reference to them. GC objects that held Executable's have been 67944 converted to WriteBarriers, and all other sites now use Global<>. 67945 67946 As an added benefit this gets rid of JSGlobalData's list of 67947 GlobalCodeBlocks. 67948 67949 Perf testing shows a 0.5% progression on v8, vs. a 0.3% regression 67950 on SunSpider. Given none of the tests that show regressions 67951 demonstrate a regression on their own, and sampling shows up nothing. 67952 I suspect we're just getting one or two additional gc passes at 67953 the end of the run. 67954 67955 * bytecode/CodeBlock.cpp: 67956 (JSC::CodeBlock::dump): 67957 (JSC::CodeBlock::CodeBlock): 67958 (JSC::EvalCodeCache::markAggregate): 67959 (JSC::CodeBlock::markAggregate): 67960 * bytecode/CodeBlock.h: 67961 (JSC::CodeBlock::ownerExecutable): 67962 (JSC::CodeBlock::addConstant): 67963 (JSC::CodeBlock::constantRegister): 67964 (JSC::CodeBlock::getConstant): 67965 (JSC::CodeBlock::addFunctionDecl): 67966 (JSC::CodeBlock::addFunctionExpr): 67967 (JSC::GlobalCodeBlock::GlobalCodeBlock): 67968 (JSC::ExecState::r): 67969 * bytecode/EvalCodeCache.h: 67970 (JSC::EvalCodeCache::get): 67971 * bytecode/SamplingTool.h: 67972 (JSC::ScriptSampleRecord::ScriptSampleRecord): 67973 * bytecompiler/BytecodeGenerator.cpp: 67974 (JSC::BytecodeGenerator::addConstantValue): 67975 (JSC::BytecodeGenerator::emitEqualityOp): 67976 * bytecompiler/BytecodeGenerator.h: 67977 (JSC::BytecodeGenerator::makeFunction): 67978 * debugger/Debugger.cpp: 67979 (JSC::evaluateInGlobalCallFrame): 67980 * debugger/DebuggerCallFrame.cpp: 67981 (JSC::DebuggerCallFrame::evaluate): 67982 * interpreter/Interpreter.cpp: 67983 (JSC::Interpreter::callEval): 67984 * jit/JITInlineMethods.h: 67985 (JSC::JIT::emitLoadDouble): 67986 (JSC::JIT::emitLoadInt32ToDouble): 67987 * jit/JITStubs.cpp: 67988 (JSC::JITThunks::JITThunks): 67989 (JSC::JITThunks::hostFunctionStub): 67990 (JSC::JITThunks::clearHostFunctionStubs): 67991 * jit/JITStubs.h: 67992 * runtime/Completion.cpp: 67993 (JSC::checkSyntax): 67994 (JSC::evaluate): 67995 * runtime/Executable.cpp: 67996 (JSC::EvalExecutable::EvalExecutable): 67997 (JSC::ProgramExecutable::ProgramExecutable): 67998 (JSC::FunctionExecutable::FunctionExecutable): 67999 (JSC::FunctionExecutable::~FunctionExecutable): 68000 (JSC::EvalExecutable::markChildren): 68001 (JSC::ProgramExecutable::markChildren): 68002 (JSC::FunctionExecutable::markChildren): 68003 (JSC::FunctionExecutable::fromGlobalCode): 68004 * runtime/Executable.h: 68005 (JSC::ExecutableBase::ExecutableBase): 68006 (JSC::ExecutableBase::createStructure): 68007 (JSC::NativeExecutable::create): 68008 (JSC::NativeExecutable::NativeExecutable): 68009 (JSC::VPtrHackExecutable::VPtrHackExecutable): 68010 (JSC::ScriptExecutable::ScriptExecutable): 68011 (JSC::EvalExecutable::create): 68012 (JSC::EvalExecutable::createStructure): 68013 (JSC::ProgramExecutable::create): 68014 (JSC::ProgramExecutable::createStructure): 68015 (JSC::FunctionExecutable::create): 68016 (JSC::FunctionExecutable::createStructure): 68017 * runtime/FunctionConstructor.cpp: 68018 (JSC::constructFunction): 68019 * runtime/Heap.cpp: 68020 (JSC::Heap::destroy): 68021 (JSC::Heap::markRoots): 68022 * runtime/Heap.h: 68023 * runtime/JSActivation.cpp: 68024 (JSC::JSActivation::JSActivation): 68025 (JSC::JSActivation::markChildren): 68026 * runtime/JSActivation.h: 68027 (JSC::JSActivation::JSActivationData::JSActivationData): 68028 * runtime/JSCell.h: 68029 * runtime/JSFunction.cpp: 68030 (JSC::JSFunction::JSFunction): 68031 (JSC::JSFunction::~JSFunction): 68032 (JSC::JSFunction::markChildren): 68033 * runtime/JSFunction.h: 68034 * runtime/JSGlobalData.cpp: 68035 (JSC::JSGlobalData::storeVPtrs): 68036 (JSC::JSGlobalData::JSGlobalData): 68037 (JSC::JSGlobalData::getHostFunction): 68038 * runtime/JSGlobalData.h: 68039 * runtime/JSGlobalObjectFunctions.cpp: 68040 (JSC::globalFuncEval): 68041 * runtime/JSObject.cpp: 68042 * runtime/JSStaticScopeObject.cpp: 68043 (JSC::JSStaticScopeObject::markChildren): 68044 * runtime/JSStaticScopeObject.h: 68045 (JSC::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData): 68046 (JSC::JSStaticScopeObject::JSStaticScopeObject): 68047 * runtime/JSZombie.cpp: 68048 (JSC::JSZombie::leakedZombieStructure): 68049 * runtime/JSZombie.h: 68050 (JSC::JSZombie::createStructure): 68051 * runtime/MarkedSpace.h: 68052 680532011-03-07 Andy Estes <aestes@apple.com> 68054 68055 Reviewed by Dan Bernstein. 68056 68057 REGRESSION (r79060): Timestamp is missing from tweets in twitter. 68058 https://bugs.webkit.org/show_bug.cgi?id=55228 68059 68060 A change to the date parser to handle the case where the year is 68061 specified before the time zone inadvertently started accepting strings 68062 such as '+0000' as valid years. Those strings actually represent time 68063 zones in an offset of hours and minutes from UTC, not years. 68064 68065 * wtf/DateMath.cpp: 68066 (WTF::parseDateFromNullTerminatedCharacters): If the current character 68067 in dateString is '+' or '-', do not try to parse the next token as a 68068 year. 68069 680702011-03-06 Yuta Kitamura <yutak@chromium.org> 68071 68072 Reviewed by Kent Tamura. 68073 68074 Add SHA-1 for new WebSocket protocol 68075 https://bugs.webkit.org/show_bug.cgi?id=55039 68076 68077 The code is based on Chromium's portable SHA-1 implementation 68078 (src/base/sha1_portable.cc). Modifications were made in order 68079 to make the code comply with WebKit coding style. 68080 68081 * GNUmakefile.am: 68082 * JavaScriptCore.exp: 68083 * JavaScriptCore.gypi: 68084 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 68085 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 68086 * JavaScriptCore.xcodeproj/project.pbxproj: 68087 * wtf/CMakeLists.txt: 68088 * wtf/MD5.cpp: 68089 (WTF::MD5::MD5): 68090 * wtf/SHA1.cpp: Added. 68091 (WTF::testSHA1): This function will be run the first time SHA1 68092 constructor is called. This function computes a few hash values 68093 and checks the results in debug builds. However, constructor is 68094 probably not a good place to run these tests, so we need to find 68095 a good place for it (bug 55853). 68096 (WTF::expectSHA1): 68097 (WTF::f): 68098 (WTF::k): 68099 (WTF::rotateLeft): 68100 (WTF::SHA1::SHA1): 68101 (WTF::SHA1::addBytes): 68102 (WTF::SHA1::computeHash): 68103 (WTF::SHA1::finalize): 68104 (WTF::SHA1::processBlock): 68105 (WTF::SHA1::reset): 68106 * wtf/SHA1.h: Added. 68107 (WTF::SHA1::addBytes): 68108 * wtf/wtf.pri: 68109 681102011-03-05 Adam Barth <abarth@webkit.org> 68111 68112 Reviewed by Dimitri Glazkov. 68113 68114 Add Derived Sources to WebCore GYP build 68115 https://bugs.webkit.org/show_bug.cgi?id=55813 68116 68117 Rename the action to be friendlier. 68118 68119 * gyp/JavaScriptCore.gyp: 68120 681212011-03-04 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com> 68122 68123 Reviewed by Laszlo Gombos. 68124 68125 [Qt] Need symbian version of cryptographicallyRandomValuesFromOS 68126 https://bugs.webkit.org/show_bug.cgi?id=55782 68127 68128 Implement Symbian version of cryptographicallyRandomValuesFromOS 68129 68130 * wtf/OSRandomSource.cpp: 68131 (WTF::cryptographicallyRandomValuesFromOS): 68132 681332011-03-04 Gavin Barraclough <barraclough@apple.com> 68134 68135 Reviewed by Cameron Zwarich. 68136 68137 Bug 55815 - Should throw an exception from JSObject::defineOwnProperty if !isExtensible(). 68138 68139 * runtime/JSObject.cpp: 68140 (JSC::JSObject::defineOwnProperty): 68141 Add missing check. 68142 681432011-03-04 Gavin Barraclough <barraclough@apple.com> 68144 68145 Rubber stamped by olliej. 68146 68147 Bug 54945 - The web page hangs towards the end of page load in Interpreter enabled javascript code in the latest webkit trunk. 68148 68149 * interpreter/Interpreter.cpp: 68150 (JSC::Interpreter::privateExecute): 68151 (1) don't infinite loop. 68152 (2) goto 1. 68153 681542011-03-04 Gavin Barraclough <barraclough@apple.com> 68155 68156 cmake build fix. 68157 68158 * CMakeLists.txt: 68159 681602011-03-04 Adam Barth <abarth@webkit.org> 68161 68162 Reviewed by Dimitri Glazkov. 68163 68164 Add Copy Files step to JavaScriptCore GYP build for apitest and minidom 68165 https://bugs.webkit.org/show_bug.cgi?id=55798 68166 68167 * JavaScriptCore.gypi: 68168 * gyp/JavaScriptCore.gyp: 68169 681702011-03-04 Adam Barth <abarth@webkit.org> 68171 68172 Reviewed by Dimitri Glazkov. 68173 68174 Remove unneeded round-trips through ../Source in the Chromium GYP build 68175 https://bugs.webkit.org/show_bug.cgi?id=55795 68176 68177 * JavaScriptCore.gyp/JavaScriptCore.gyp: 68178 681792011-03-04 Adam Barth <abarth@webkit.org> 68180 68181 Reviewed by Dimitri Glazkov. 68182 68183 Use target_defaults to reduce boilerplate in GYP build system 68184 https://bugs.webkit.org/show_bug.cgi?id=55790 68185 68186 Instead of setting up the configuration in each target, just defer to 68187 target_defaults. Also, removed a define that was redundant with the 68188 xcconfig. 68189 68190 * gyp/JavaScriptCore.gyp: 68191 681922011-03-03 Gavin Barraclough <barraclough@apple.com> 68193 68194 Reviewed by Sam Weinig. 68195 68196 Bug 55736 - Implement seal/freeze/preventExtensions for normal object types. 68197 Provide basic functionallity from section 15.2.4 of ECMA-262. 68198 This support will need expanding to cover arrays, too. 68199 68200 Shows a 0.5% progression on SunSpidey, this seems to be due to changing 68201 ObjectConstructor to use a static table. 68202 68203 * DerivedSources.make: 68204 * JavaScriptCore.exp: 68205 * interpreter/CallFrame.h: 68206 (JSC::ExecState::objectConstructorTable): 68207 Add a static table for ObjectConstructor. 68208 * runtime/CommonIdentifiers.h: 68209 * runtime/JSGlobalData.cpp: 68210 (JSC::JSGlobalData::JSGlobalData): 68211 (JSC::JSGlobalData::~JSGlobalData): 68212 Add a static table for ObjectConstructor. 68213 * runtime/JSGlobalData.h: 68214 * runtime/JSGlobalObject.cpp: 68215 (JSC::JSGlobalObject::reset): 68216 Add a static table for ObjectConstructor. 68217 * runtime/JSObject.cpp: 68218 (JSC::JSObject::seal): 68219 (JSC::JSObject::freeze): 68220 (JSC::JSObject::preventExtensions): 68221 Transition the object's structure. 68222 (JSC::JSObject::defineOwnProperty): 68223 Check isExtensible. 68224 * runtime/JSObject.h: 68225 (JSC::JSObject::isSealed): 68226 (JSC::JSObject::isFrozen): 68227 (JSC::JSObject::isExtensible): 68228 These wrap method on structure. 68229 (JSC::JSObject::putDirectInternal): 68230 Check isExtensible. 68231 * runtime/ObjectConstructor.cpp: 68232 (JSC::ObjectConstructor::ObjectConstructor): 68233 (JSC::ObjectConstructor::getOwnPropertySlot): 68234 (JSC::ObjectConstructor::getOwnPropertyDescriptor): 68235 Change ObjectConstructor to use a static table. 68236 (JSC::objectConstructorSeal): 68237 (JSC::objectConstructorFreeze): 68238 (JSC::objectConstructorPreventExtensions): 68239 (JSC::objectConstructorIsSealed): 68240 (JSC::objectConstructorIsFrozen): 68241 (JSC::objectConstructorIsExtensible): 68242 Add new methods on Object. 68243 * runtime/ObjectConstructor.h: 68244 (JSC::ObjectConstructor::createStructure): 68245 * runtime/Structure.cpp: 68246 (JSC::Structure::Structure): 68247 init/propagate m_preventExtensions 68248 (JSC::Structure::sealTransition): 68249 (JSC::Structure::freezeTransition): 68250 (JSC::Structure::preventExtensionsTransition): 68251 transition the structure, materializing the property map, setting m_preventExtensions & changing attributes. 68252 (JSC::Structure::isSealed): 68253 (JSC::Structure::isFrozen): 68254 check attributes to detect if object is sealed/frozen. 68255 * runtime/Structure.h: 68256 (JSC::Structure::isExtensible): 68257 checks the m_preventExtensions flag. 68258 682592011-03-04 Steve Falkenburg <sfalken@apple.com> 68260 68261 Reviewed by Jon Honeycutt. 68262 68263 Adopt VersionStamper tool for Windows WebKit DLLs 68264 https://bugs.webkit.org/show_bug.cgi?id=55784 68265 <rdar://problem/9021273> 68266 68267 We now use a tool to stamp the version number onto the Apple WebKit DLLs 68268 during the post-build step. 68269 68270 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Removed. 68271 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: 68272 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: 68273 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: 68274 682752011-03-04 Adam Barth <abarth@webkit.org> 68276 68277 Reviewed by Dimitri Glazkov. 68278 68279 JavaScriptCore GYP build should use a header map 68280 https://bugs.webkit.org/show_bug.cgi?id=55712 68281 68282 This patch moves the os-win32 files into their own variable so that we 68283 can use a header map in the Apple Mac Xcode build. The problem is that 68284 the header map searches the whole project rather than just the files 68285 included in a given target. Another solution to this problem is to 68286 make GYP smarter about filtering out what files are added to the 68287 project file. 68288 68289 * JavaScriptCore.gypi: 68290 * gyp/JavaScriptCore.gyp: 68291 682922011-03-03 Ryosuke Niwa <rniwa@webkit.org> 68293 68294 Reviewed by Darin Adler. 68295 68296 Remove LOOSE_PASS_OWN_ARRAY_PTR from PassOwnArrayPtr.h 68297 https://bugs.webkit.org/show_bug.cgi?id=55554 68298 68299 * runtime/JSGlobalObject.cpp: 68300 (JSC::JSGlobalObject::copyGlobalsTo): Pass nullptr instead of 0. 68301 (JSC::JSGlobalObject::resizeRegisters): Ditto; also use OwnArrayPtr instead of a raw pointer. 68302 * runtime/JSGlobalObject.h: 68303 (JSC::JSGlobalObject::addStaticGlobals): Ditto. 68304 * wtf/PassOwnArrayPtr.h: Removed #define LOOSE_PASS_OWN_ARRAY_PTR 68305 (WTF::PassOwnArrayPtr::PassOwnArrayPtr): Added a constructor that takes nullptr_t. 68306 683072011-03-03 Adam Barth <abarth@webkit.org> 68308 68309 Reviewed by Dimitri Glazkov. 68310 68311 Add jsc to JavaScriptCore GYP build 68312 https://bugs.webkit.org/show_bug.cgi?id=55711 68313 68314 * JavaScriptCore.gypi: 68315 - Move jsc.cpp into jsc_files because it's really part of the jsc 68316 target. 68317 * JavaScriptCore.xcodeproj/project.pbxproj: 68318 - Remove extraneous files from the normal jsc build. I probably 68319 added these by mistake at some point. 68320 * gyp/JavaScriptCore.gyp: 68321 - Add the jsc target to the GYP file. 68322 683232011-03-03 Adam Barth <abarth@webkit.org> 68324 68325 Reviewed by Dimitri Glazkov. 68326 68327 Add testapi to JavaScriptCore GYP build 68328 https://bugs.webkit.org/show_bug.cgi?id=55707 68329 68330 The new testapi target is slightly incomplete. There's a resource 68331 copying step that we don't quite have yet. 68332 68333 This patch also cleans up some of the configuration issues in 68334 JavaScriptCore.xcodeproj. It seems kind of wordy to repeat these for 68335 each target. I suspect there's a more compact way of defining the 68336 configurations, but this removes the "Default" configuration, which is 68337 progress. 68338 68339 * JavaScriptCore.gypi: 68340 * gyp/JavaScriptCore.gyp: 68341 683422011-03-03 Adam Barth <abarth@webkit.org> 68343 68344 Reviewed by Eric Seidel. 68345 68346 Teach JavaScriptCore GYP build about private headers 68347 https://bugs.webkit.org/show_bug.cgi?id=55532 68348 68349 This patch distinguishes between public and private framework headers 68350 so that public headers are copied into the Headers directory and 68351 private headers are copied into the PrivateHeaders directory. 68352 68353 * gyp/JavaScriptCore.gyp: 68354 683552011-03-03 Geoffrey Garen <ggaren@apple.com> 68356 68357 Rolled out 80277 and 80280 because they caused event handler layout test 68358 failures. 68359 68360 * JavaScriptCore.exp: 68361 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 68362 * JavaScriptCore.xcodeproj/project.pbxproj: 68363 * bytecompiler/BytecodeGenerator.cpp: 68364 * jit/JITOpcodes.cpp: 68365 * jit/JITOpcodes32_64.cpp: 68366 * runtime/Arguments.h: 68367 * runtime/JSActivation.cpp: 68368 * runtime/JSActivation.h: 68369 * runtime/JSCell.h: 68370 * runtime/JSGlobalObject.cpp: 68371 * runtime/JSGlobalObject.h: 68372 * runtime/JSObject.cpp: 68373 * runtime/JSStaticScopeObject.cpp: 68374 * runtime/JSStaticScopeObject.h: 68375 * runtime/JSVariableObject.h: 68376 * runtime/MarkedSpace.cpp: 68377 * runtime/MarkedSpace.h: 68378 683792011-03-03 Kevin Ollivier <kevino@theolliviers.com> 68380 68381 [wx] Build fix. Alter order of headers included to make sure windows.h 68382 is configured by wx, and skip Posix implementation file we don't use on Win. 68383 68384 * wscript: 68385 * wtf/wx/StringWx.cpp: 68386 683872011-03-03 Oliver Hunt <oliver@apple.com> 68388 68389 Reviewed by Geoffrey Garen. 68390 68391 JSVariableObject needs to use WriteBarrier for symboltable property storage 68392 https://bugs.webkit.org/show_bug.cgi?id=55698 68393 68394 Replace the direct usage of Register in JSVariableObject (and descendents) 68395 with WriteBarrier. This requires updating the Arguments object to use 68396 WriteBarrier as well. 68397 68398 * interpreter/Interpreter.cpp: 68399 (JSC::Interpreter::unwindCallFrame): 68400 (JSC::Interpreter::privateExecute): 68401 (JSC::Interpreter::retrieveArguments): 68402 * jit/JITStubs.cpp: 68403 (JSC::DEFINE_STUB_FUNCTION): 68404 * runtime/ArgList.h: 68405 (JSC::MarkedArgumentBuffer::initialize): 68406 * runtime/Arguments.cpp: 68407 (JSC::Arguments::markChildren): 68408 (JSC::Arguments::copyToRegisters): 68409 (JSC::Arguments::fillArgList): 68410 (JSC::Arguments::getOwnPropertySlot): 68411 (JSC::Arguments::getOwnPropertyDescriptor): 68412 (JSC::Arguments::put): 68413 * runtime/Arguments.h: 68414 (JSC::Arguments::setActivation): 68415 (JSC::Arguments::Arguments): 68416 (JSC::Arguments::copyRegisters): 68417 (JSC::JSActivation::copyRegisters): 68418 * runtime/JSActivation.cpp: 68419 (JSC::JSActivation::markChildren): 68420 (JSC::JSActivation::symbolTableGet): 68421 (JSC::JSActivation::symbolTablePut): 68422 (JSC::JSActivation::symbolTablePutWithAttributes): 68423 (JSC::JSActivation::put): 68424 (JSC::JSActivation::putWithAttributes): 68425 (JSC::JSActivation::argumentsGetter): 68426 * runtime/JSActivation.h: 68427 * runtime/JSGlobalObject.cpp: 68428 (JSC::JSGlobalObject::put): 68429 (JSC::JSGlobalObject::putWithAttributes): 68430 (JSC::JSGlobalObject::markChildren): 68431 (JSC::JSGlobalObject::copyGlobalsFrom): 68432 (JSC::JSGlobalObject::copyGlobalsTo): 68433 (JSC::JSGlobalObject::resizeRegisters): 68434 * runtime/JSGlobalObject.h: 68435 (JSC::JSGlobalObject::setRegisters): 68436 (JSC::JSGlobalObject::addStaticGlobals): 68437 * runtime/JSStaticScopeObject.cpp: 68438 (JSC::JSStaticScopeObject::put): 68439 (JSC::JSStaticScopeObject::putWithAttributes): 68440 * runtime/JSVariableObject.cpp: 68441 (JSC::JSVariableObject::symbolTableGet): 68442 * runtime/JSVariableObject.h: 68443 (JSC::JSVariableObject::registerAt): 68444 (JSC::JSVariableObject::JSVariableObjectData::JSVariableObjectData): 68445 (JSC::JSVariableObject::symbolTableGet): 68446 (JSC::JSVariableObject::symbolTablePut): 68447 (JSC::JSVariableObject::symbolTablePutWithAttributes): 68448 (JSC::JSVariableObject::copyRegisterArray): 68449 (JSC::JSVariableObject::setRegisters): 68450 684512011-03-03 Geoffrey Garen <ggaren@apple.com> 68452 68453 Try to fix Windows build. 68454 68455 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed obsolete symbol. 68456 68457 * runtime/JSStaticScopeObject.cpp: 68458 (JSC::JSStaticScopeObject::getOwnPropertySlot): Don't mark this function 68459 inline -- it's virtual. 68460 684612011-03-02 Geoffrey Garen <ggaren@apple.com> 68462 68463 Reviewed by Darin Adler. 68464 68465 Moved all variable object storage inline -- upping the object size limit to 1K 68466 https://bugs.webkit.org/show_bug.cgi?id=55653 68467 68468 * JavaScriptCore.exp: 68469 * bytecompiler/BytecodeGenerator.cpp: 68470 * jit/JITOpcodes.cpp: 68471 * runtime/Arguments.h: 68472 * runtime/JSActivation.h: Removed out-of-line storage. Changed d-> to m_. 68473 68474 * runtime/JSCell.h: 68475 (JSC::JSCell::MarkedSpace::sizeClassFor): Added an imprecise size class 68476 to accomodate objects up to 1K. 68477 68478 * runtime/JSGlobalObject.cpp: 68479 * runtime/JSGlobalObject.h: Removed out-of-line storage. Changed d-> to m_. 68480 68481 * runtime/JSObject.cpp: Don't ASSERT that JSFinalObject fills the maximum 68482 object size, since it doesn't anymore. 68483 68484 * runtime/JSStaticScopeObject.cpp: 68485 * runtime/JSStaticScopeObject.h: 68486 * runtime/JSVariableObject.h: Removed out-of-line storage. Changed d-> to m_. 68487 68488 * runtime/MarkedSpace.cpp: 68489 (JSC::MarkedSpace::MarkedSpace): 68490 (JSC::MarkedSpace::reset): 68491 * runtime/MarkedSpace.h: Added an imprecise size class to accomodate objects up to 1K. 68492 684932011-03-03 Timothy Hatcher <timothy@apple.com> 68494 68495 Make APIShims usable from WebCore. 68496 68497 Reviewed by Oliver Hunt. 68498 68499 * ForwardingHeaders/JavaScriptCore/APIShims.h: Added. 68500 * GNUmakefile.am: 68501 * JavaScriptCore.exp: 68502 * JavaScriptCore.gypi: 68503 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: 68504 * JavaScriptCore.xcodeproj/project.pbxproj: 68505 685062011-03-03 Peter Varga <pvarga@webkit.org> 68507 68508 Reviewed by Oliver Hunt. 68509 68510 Begin Characters Optimization Causes YARR Interpreter Errors 68511 https://bugs.webkit.org/show_bug.cgi?id=55479 68512 68513 The addBeginTerm function is removed because it doesn't correctly handle those 68514 cases when an "invalid" term has been 68515 collected (e.g. CharacterClass). Move the removed function to the 68516 setupAlternativeBeginTerms method's switch-case 68517 where the non-allowed cases are correctly handled. 68518 68519 Reenable the Beginning Character Optimization in the YARR Interpreter again. 68520 68521 * yarr/YarrPattern.cpp: 68522 (JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms): 68523 (JSC::Yarr::YarrPattern::compile): 68524 685252011-03-02 Jessie Berlin <jberlin@apple.com> 68526 68527 Reviewed by Adam Roben. 68528 68529 WebKit2: Use CFNetwork Sessions API. 68530 https://bugs.webkit.org/show_bug.cgi?id=55435 68531 68532 Add the ability to create a Private Browsing storage session. 68533 68534 * wtf/Platform.h: 68535 Add a new #define for using CF Storage Sessions. 68536 685372011-03-02 Oliver Hunt <oliver@apple.com> 68538 68539 Reviewed by Gavin Barraclough. 68540 68541 Remove "register slot" concept from PropertySlot 68542 https://bugs.webkit.org/show_bug.cgi?id=55621 68543 68544 PropertySlot had already stopped storing Register "slots" 68545 so this patch is simply removing that api entirely. 68546 This exposed a problem in the ProgramNode constructor for 68547 BytecodeGenerator where it reads from the registerfile 68548 before it has initialised it. 68549 68550 This bug wasn't a problem before as we were merely testing 68551 for property existence rather than the actual value, and 68552 used to work because setRegisterSlot didn't check that the 68553 provided slot contained an initialised value. 68554 68555 To get around this issue we now use symbolTableHasProperty 68556 to do the symbol table check without trying to read the 68557 RegisterFile. 68558 68559 * JavaScriptCore.xcodeproj/project.pbxproj: 68560 * bytecompiler/BytecodeGenerator.cpp: 68561 (JSC::BytecodeGenerator::BytecodeGenerator): 68562 * runtime/Arguments.cpp: 68563 (JSC::Arguments::getOwnPropertySlot): 68564 * runtime/JSActivation.cpp: 68565 (JSC::JSActivation::symbolTableGet): 68566 * runtime/JSGlobalObject.h: 68567 (JSC::JSGlobalObject::symbolTableHasProperty): 68568 * runtime/JSVariableObject.h: 68569 (JSC::JSVariableObject::symbolTableGet): 68570 * runtime/PropertySlot.h: 68571 685722011-03-02 Daniel Cheng <dcheng@chromium.org> 68573 68574 Reviewed by David Levin. 68575 68576 Add feature define for data transfer items 68577 https://bugs.webkit.org/show_bug.cgi?id=55510 68578 68579 * Configurations/FeatureDefines.xcconfig: 68580 * wtf/Platform.h: 68581 685822011-03-02 Adam Roben <aroben@apple.com> 68583 68584 Delete old .res files whenever any .vsprops file changes 68585 68586 Prospective fix for <http://webkit.org/b/55599> r80079 caused incremental Windows builds to 68587 fail 68588 68589 Reviewed by Tony Chang. 68590 68591 * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: 68592 (main): Restructured code to loop over a set of file extensions, deleting any old files that 68593 have that extension. Now deletes .res files, too. (We previously deleted any file matching 68594 *.manifest*, but that turned out to just be the union of *.manifest and *.res.) 68595 685962011-03-02 Adam Barth <abarth@webkit.org> 68597 68598 Reviewed by Dimitri Glazkov. 68599 68600 Teach JavaScriptCore GYP build how to build minidom 68601 https://bugs.webkit.org/show_bug.cgi?id=55536 68602 68603 * JavaScriptCore.gypi: 68604 * gyp/JavaScriptCore.gyp: 68605 686062011-03-01 Adam Barth <abarth@webkit.org> 68607 68608 Reviewed by Eric Seidel. 68609 68610 JavaScriptCore GYP build should copy some headers into the target framework 68611 https://bugs.webkit.org/show_bug.cgi?id=55524 68612 68613 After this patch, all the framework headers are exported as public 68614 headers. We need to teach GYP how to handle private headers. 68615 68616 I struggled to determine how to store the information about whether a 68617 header was public, private, or project (i.e., not exported). 68618 Generally, the GYPI should just list the files, but it seemed siliy to 68619 have an almost duplicated list of files in the GYP file itself. If 68620 this design doesn't scale, we might have to revisit it in the future. 68621 68622 * JavaScriptCore.gyp/JavaScriptCore.gyp: 68623 * JavaScriptCore.gypi: 68624 * gyp/JavaScriptCore.gyp: 68625 686262011-03-01 Sheriff Bot <webkit.review.bot@gmail.com> 68627 68628 Unreviewed, rolling out r80079. 68629 http://trac.webkit.org/changeset/80079 68630 https://bugs.webkit.org/show_bug.cgi?id=55547 68631 68632 "Broke the Win debug build?" (Requested by dcheng on #webkit). 68633 68634 * wtf/Platform.h: 68635 686362011-03-01 Daniel Cheng <dcheng@chromium.org> 68637 68638 Reviewed by David Levin. 68639 68640 Add feature define for data transfer items 68641 https://bugs.webkit.org/show_bug.cgi?id=55510 68642 68643 * wtf/Platform.h: 68644 686452011-03-01 Oliver Hunt <oliver@apple.com> 68646 68647 Reviewed by Joseph Pecoraro. 68648 68649 Misaligned memory access in CloneDeserializer on all ARM arch. 68650 https://bugs.webkit.org/show_bug.cgi?id=48742 68651 68652 Add a CPU class for architectures that need aligned addresses 68653 for memory access. 68654 68655 * wtf/Platform.h: 68656 686572011-03-01 Adam Barth <abarth@webkit.org> 68658 68659 Reviewed by Dimitri Glazkov. 68660 68661 Add pre- and post-build actions for JavaScriptCore GYP build 68662 https://bugs.webkit.org/show_bug.cgi?id=55507 68663 68664 After this patch, we have all the steps for building the main 68665 JavaScriptCore framework except the "copy headers" step, which I'll do 68666 next. 68667 68668 * gyp/JavaScriptCore.gyp: 68669 686702011-03-01 Geoffrey Garen <ggaren@apple.com> 68671 68672 Reviewed by Sam Weinig. 68673 68674 Rolled back in r79627 now that the underlying cause for it crashing is fixed. 68675 https://bugs.webkit.org/show_bug.cgi?id=55159 68676 68677 * JavaScriptCore.exp: 68678 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 68679 * JavaScriptCore.xcodeproj/project.pbxproj: 68680 * runtime/Heap.cpp: 68681 (JSC::Heap::allocateSlowCase): 68682 * runtime/Heap.h: 68683 * runtime/JSCell.h: 68684 (JSC::JSCell::MarkedSpace::sizeClassFor): 68685 (JSC::JSCell::Heap::allocate): 68686 (JSC::JSCell::JSCell::operator new): 68687 * runtime/MarkedBlock.h: 68688 * runtime/MarkedSpace.cpp: 68689 (JSC::MarkedSpace::MarkedSpace): 68690 (JSC::MarkedSpace::allocateBlock): 68691 (JSC::MarkedSpace::reset): 68692 * runtime/MarkedSpace.h: 68693 (JSC::MarkedSpace::SizeClass::SizeClass): 68694 686952011-03-01 Mark Rowe <mrowe@apple.com> 68696 68697 Reviewed by Sam Weinig. 68698 68699 Replace two script phases that do nothing but copy files with copy files build phases. 68700 68701 This speeds up the build by a few seconds on high-end Mac Pros. 68702 68703 * JavaScriptCore.xcodeproj/project.pbxproj: 68704 687052011-03-01 David Kilzer <ddkilzer@apple.com> 68706 68707 Spring cleaning! 68708 68709 Rubber-stamped by Mark Rowe. 68710 68711 * JavaScriptCore.xcodeproj/project.pbxproj: 68712 (Copy Into Framework): Remove "set -x" and its comment. 68713 687142011-03-01 Michael Saboff <msaboff@apple.com> 68715 68716 Reviewed by Darin Adler. 68717 68718 TinyMCE not working in nightlies 68719 https://bugs.webkit.org/show_bug.cgi?id=54978 68720 68721 Disabling setupBeginChars() to temporarily work arround the test 68722 failure. Filed https://bugs.webkit.org/show_bug.cgi?id=55479 68723 to track fixing the issue. 68724 68725 * yarr/YarrPattern.cpp: 68726 (JSC::Yarr::YarrPattern::compile): 68727 687282011-02-23 Joseph Pecoraro <joepeck@webkit.org> 68729 68730 Reviewed by Kenneth Rohde Christiansen. 68731 68732 Viewport parsing no longer accepts "1.0;" value as valid. 68733 https://bugs.webkit.org/show_bug.cgi?id=53705 68734 68735 Include a didReadNumber parameter to String -> float / double 68736 conversion functions. This way, if the "ok" boolean out 68737 parameter is false, you can check to see if there in fact 68738 was a valid number parsed with garbage at the end. Examples 68739 of that would be parsing "123x456" would have ok = false, 68740 but didReadNumber = true. 68741 68742 * JavaScriptCore.exp: 68743 * wtf/text/StringImpl.cpp: 68744 (WTF::StringImpl::toDouble): 68745 (WTF::StringImpl::toFloat): 68746 * wtf/text/StringImpl.h: 68747 * wtf/text/WTFString.cpp: 68748 (WTF::String::toDouble): 68749 (WTF::String::toFloat): 68750 (WTF::charactersToDouble): 68751 (WTF::charactersToFloat): 68752 * wtf/text/WTFString.h: 68753 687542011-02-28 Geoffrey Garen <ggaren@apple.com> 68755 68756 Reviewed by Gavin Barraclough. 68757 68758 Past-the-end writes in VM exceptions (caused crashes in r79627) 68759 https://bugs.webkit.org/show_bug.cgi?id=55448 68760 68761 Some exceptions had the wrong structures, so they misoverestimated their 68762 inline storage sizes. 68763 68764 * runtime/JSGlobalData.cpp: 68765 (JSC::JSGlobalData::JSGlobalData): Use the right structure. 68766 68767 * runtime/JSObject.h: 68768 (JSC::JSNonFinalObject::JSNonFinalObject): 68769 (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity 68770 is correct to verify this doesn't happen again. 68771 687722011-03-01 Andras Becsi <abecsi@webkit.org> 68773 68774 Reviewed by Csaba Osztrogonác. 68775 68776 [Qt] Clean up the project files and move common options to WebKit.pri. 68777 68778 * JavaScriptCore.pri: Move options also needed in WebCore into WebKit.pri. 68779 * JavaScriptCore.pro: Deduplicate options. 68780 * jsc.pro: Ditto. 68781 687822011-03-01 Adam Barth <abarth@webkit.org> 68783 68784 Reviewed by Eric Seidel. 68785 68786 Teach JavaScriptCore GYP build about DEPTH 68787 https://bugs.webkit.org/show_bug.cgi?id=55425 68788 68789 In addition to teaching the JavaScriptCore GYP build about DEPTH, this 68790 change overrides the GCC warning configuration to disable a warning 68791 that's causing probems in Assertions.cpp. With that warning disabled, 68792 JavaScriptCore builds again. 68793 68794 * gyp/JavaScriptCore.gyp: 68795 687962011-02-28 Gavin Barraclough <barraclough@apple.com> 68797 68798 Windows build fix. 68799 68800 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 68801 688022011-02-28 Sheriff Bot <webkit.review.bot@gmail.com> 68803 68804 Unreviewed, rolling out r79948. 68805 http://trac.webkit.org/changeset/79948 68806 https://bugs.webkit.org/show_bug.cgi?id=55439 68807 68808 "caused crashes on the SL release bot" (Requested by ggaren on 68809 #webkit). 68810 68811 * runtime/JSGlobalData.h: 68812 * runtime/WriteBarrier.h: 68813 688142011-02-28 Gavin Barraclough <barraclough@apple.com> 68815 68816 Windows build fix. 68817 68818 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 68819 688202011-02-28 Gavin Barraclough <barraclough@apple.com> 68821 68822 Reviewed by Sam Weinig & Darin Adler. 68823 68824 Bug 55423 - Clean up property tables in Structure 68825 68826 Encapsulate, reduce duplication of table search code, 68827 and reduce the size of the tables (remove the index, 68828 just maintain the tables in the correct order). 68829 68830 Shows a 0.5% - 1% progression on sunspider. 68831 68832 * JavaScriptCore.exp: 68833 * runtime/PropertyMapHashTable.h: 68834 (JSC::isPowerOf2): 68835 (JSC::nextPowerOf2): 68836 bit ops used to calculate table size. 68837 (JSC::PropertyMapEntry::PropertyMapEntry): 68838 (JSC::PropertyTable::ordered_iterator::operator++): 68839 (JSC::PropertyTable::ordered_iterator::operator==): 68840 (JSC::PropertyTable::ordered_iterator::operator!=): 68841 (JSC::PropertyTable::ordered_iterator::operator*): 68842 (JSC::PropertyTable::ordered_iterator::operator->): 68843 (JSC::PropertyTable::ordered_iterator::ordered_iterator): 68844 implementation of the iterator types 68845 (JSC::PropertyTable::PropertyTable): 68846 (JSC::PropertyTable::~PropertyTable): 68847 constructors take an initial capacity for the table, 68848 a table to copy, or both. 68849 (JSC::PropertyTable::begin): 68850 (JSC::PropertyTable::end): 68851 create in-order iterators. 68852 (JSC::PropertyTable::find): 68853 search the hash table 68854 (JSC::PropertyTable::add): 68855 add a value to the hash table 68856 (JSC::PropertyTable::remove): 68857 remove a value from the hash table 68858 (JSC::PropertyTable::size): 68859 (JSC::PropertyTable::isEmpty): 68860 accessors. 68861 (JSC::PropertyTable::propertyStorageSize): 68862 (JSC::PropertyTable::clearDeletedOffsets): 68863 (JSC::PropertyTable::hasDeletedOffset): 68864 (JSC::PropertyTable::getDeletedOffset): 68865 (JSC::PropertyTable::addDeletedOffset): 68866 cache deleted (available) offsets in the property storage array. 68867 (JSC::PropertyTable::copy): 68868 take a copy of the PropertyTable, potentially expanding the capacity. 68869 (JSC::PropertyTable::sizeInMemory): 68870 used for DEBUG build statistics 68871 (JSC::PropertyTable::reinsert): 68872 (JSC::PropertyTable::rehash): 68873 (JSC::PropertyTable::tableCapacity): 68874 (JSC::PropertyTable::deletedEntryIndex): 68875 (JSC::PropertyTable::skipDeletedEntries): 68876 (JSC::PropertyTable::table): 68877 (JSC::PropertyTable::usedCount): 68878 (JSC::PropertyTable::dataSize): 68879 (JSC::PropertyTable::sizeForCapacity): 68880 (JSC::PropertyTable::canInsert): 68881 these methods provide internal implementation. 68882 * runtime/Structure.cpp: 68883 (JSC::Structure::dumpStatistics): 68884 (JSC::Structure::~Structure): 68885 (JSC::Structure::materializePropertyMap): 68886 (JSC::Structure::despecifyDictionaryFunction): 68887 (JSC::Structure::addPropertyTransition): 68888 (JSC::Structure::flattenDictionaryStructure): 68889 (JSC::Structure::copyPropertyTable): 68890 (JSC::Structure::get): 68891 (JSC::Structure::despecifyFunction): 68892 (JSC::Structure::despecifyAllFunctions): 68893 (JSC::Structure::put): 68894 (JSC::Structure::remove): 68895 (JSC::Structure::createPropertyMap): 68896 (JSC::Structure::getPropertyNames): 68897 (JSC::PropertyTable::checkConsistency): 68898 (JSC::Structure::checkConsistency): 68899 factored out code to PropertyMapHashTable.h 68900 * runtime/Structure.h: 68901 (JSC::Structure::propertyStorageSize): 68902 (JSC::Structure::isEmpty): 68903 (JSC::Structure::get): 68904 factored out code to PropertyMapHashTable.h 68905 689062011-02-28 Xan Lopez <xlopez@igalia.com> 68907 68908 Another fix build :( 68909 68910 Fix typo. 68911 68912 * runtime/MachineStackMarker.cpp: 68913 (JSC::freePlatformThreadRegisters): 68914 689152011-02-28 Xan Lopez <xlopez@igalia.com> 68916 68917 Unreviewed build fix for Snow Leopard. 68918 68919 * runtime/MachineStackMarker.cpp: 68920 (JSC::freePlatformThreadRegisters): 68921 689222011-02-28 Alejandro G. Castro <alex@igalia.com> 68923 68924 Unreviewed, fix SnowLeopard compilation after r79952. 68925 68926 * runtime/MachineStackMarker.cpp: 68927 (JSC::freePlatformThreadRegisters): 68928 689292011-02-28 Mark Rowe <mrowe@apple.com> 68930 68931 Reviewed by Darin Adler. 68932 68933 <http://webkit.org/b/55430> OwnArrayPtr.h's LOOSE_OWN_ARRAY_PTR results in link errors. 68934 68935 * wtf/OwnArrayPtr.h: 68936 (WTF::::set): Implement OwnArrayPtr::set. 68937 689382011-02-28 Martin Zoubek <martin.zoubek@acision.com> and Alejandro G. Castro <alex@igalia.com> 68939 68940 Reviewed by Martin Robinson. 68941 68942 Multithread support for JSC on UNIX 68943 https://bugs.webkit.org/show_bug.cgi?id=26838 68944 68945 Implement suspendThread() and resumeThread() for systems with 68946 pthread.h using thread signal handler. 68947 68948 * runtime/MachineStackMarker.cpp: 68949 (JSC::pthreadSignalHandlerSuspendResume): 68950 (JSC::MachineStackMarker::Thread::Thread): 68951 (JSC::getCurrentPlatformThread): 68952 (JSC::suspendThread): 68953 (JSC::resumeThread): 68954 (JSC::getPlatformThreadRegisters): 68955 (JSC::otherThreadStackPointer): 68956 (JSC::freePlatformThreadRegisters): 68957 (JSC::MachineStackMarker::markOtherThreadConservatively): 68958 * wtf/Platform.h: Added Gtk port to use 68959 ENABLE_JSC_MULTIPLE_THREADS. 68960 689612011-02-28 Oliver Hunt <oliver@apple.com> 68962 68963 Reviewed by Darin Adler. 68964 68965 Stop using DeprecatedPtr for the global exception slot 68966 https://bugs.webkit.org/show_bug.cgi?id=55424 68967 68968 Create GCRootPtr to signify that the exception slot is 68969 a gcroot, and so is exempt from the usual writebarrier 68970 restrictions. 68971 68972 * runtime/JSGlobalData.h: 68973 * runtime/WriteBarrier.h: 68974 (JSC::GCRootPtr::GCRootPtr): 68975 (JSC::GCRootPtr::operator=): 68976 689772011-02-28 Adam Barth <abarth@webkit.org> 68978 68979 Reviewed by Dimitri Glazkov. 68980 68981 Use more xcconfig files in JavaScriptCore gyp build 68982 https://bugs.webkit.org/show_bug.cgi?id=55391 68983 68984 The GYP experts tell me that we have have a total of two xcconfig 68985 files: one for the xcodeproj as a whole and one for each target. This 68986 patch uses that technique to re-use the existing xcconfig files and 68987 eliminate the duplication. 68988 68989 Technically, this patch introduces some build errors because the 68990 xcconfig files assume that the xcodeproj file is one level higher in 68991 the directory hierarchy. Specifically, the xcodeproj file can no 68992 longer find the Info.plist or the prefix header. I plan to fix that in 68993 a subsequent patch. 68994 68995 Also, this patch introduces the Release and Production configurations, 68996 which should work correctly now. 68997 68998 * gyp/JavaScriptCore.gyp: 68999 690002011-02-28 Jon Honeycutt <jhoneycutt@apple.com> 69001 69002 Windows build fix. 69003 69004 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 69005 Add symbol to export. 69006 690072011-02-28 Oliver Hunt <oliver@apple.com> 69008 69009 Reviewed by Gavin Barraclough. 69010 69011 Make ScopeChainNode GC allocated 69012 https://bugs.webkit.org/show_bug.cgi?id=55283 69013 69014 Simplify lifetime and other issues with the scopechain 69015 by making it gc allocated. This allows us to simplify 69016 function exit and unwinding, as well as making the 69017 current iterative refcounting go away. 69018 69019 * JavaScriptCore.exp: 69020 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 69021 * bytecode/CodeBlock.cpp: 69022 (JSC::CodeBlock::createActivation): 69023 * bytecode/StructureStubInfo.cpp: 69024 * bytecompiler/BytecodeGenerator.cpp: 69025 (JSC::BytecodeGenerator::generate): 69026 (JSC::BytecodeGenerator::BytecodeGenerator): 69027 (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): 69028 (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): 69029 * bytecompiler/BytecodeGenerator.h: 69030 * debugger/Debugger.cpp: 69031 (JSC::Recompiler::operator()): 69032 * debugger/DebuggerCallFrame.h: 69033 (JSC::DebuggerCallFrame::scopeChain): 69034 * interpreter/CachedCall.h: 69035 (JSC::CachedCall::CachedCall): 69036 * interpreter/CallFrame.h: 69037 * interpreter/Interpreter.cpp: 69038 (JSC::depth): 69039 (JSC::Interpreter::unwindCallFrame): 69040 (JSC::Interpreter::throwException): 69041 (JSC::Interpreter::execute): 69042 (JSC::Interpreter::executeCall): 69043 (JSC::Interpreter::executeConstruct): 69044 (JSC::Interpreter::privateExecute): 69045 * jit/JITCall.cpp: 69046 (JSC::JIT::compileOpCallInitializeCallFrame): 69047 (JSC::JIT::compileOpCall): 69048 * jit/JITCall32_64.cpp: 69049 (JSC::JIT::compileOpCallInitializeCallFrame): 69050 (JSC::JIT::emit_op_ret): 69051 (JSC::JIT::emit_op_ret_object_or_this): 69052 (JSC::JIT::compileOpCall): 69053 * jit/JITOpcodes.cpp: 69054 (JSC::JIT::emit_op_end): 69055 (JSC::JIT::emit_op_ret): 69056 (JSC::JIT::emit_op_ret_object_or_this): 69057 * jit/JITOpcodes32_64.cpp: 69058 (JSC::JIT::emit_op_end): 69059 * jit/JITStubs.cpp: 69060 (JSC::DEFINE_STUB_FUNCTION): 69061 * jit/JITStubs.h: 69062 * runtime/ArgList.cpp: 69063 * runtime/Completion.cpp: 69064 (JSC::evaluate): 69065 * runtime/Completion.h: 69066 * runtime/DateConversion.cpp: 69067 * runtime/Executable.cpp: 69068 (JSC::EvalExecutable::compileInternal): 69069 (JSC::ProgramExecutable::compileInternal): 69070 (JSC::FunctionExecutable::compileForCallInternal): 69071 (JSC::FunctionExecutable::compileForConstructInternal): 69072 * runtime/FunctionConstructor.cpp: 69073 (JSC::constructFunction): 69074 * runtime/GCActivityCallbackCF.cpp: 69075 * runtime/Identifier.cpp: 69076 * runtime/JSCell.h: 69077 * runtime/JSChunk.cpp: Added. 69078 * runtime/JSChunk.h: Added. 69079 * runtime/JSFunction.cpp: 69080 (JSC::JSFunction::JSFunction): 69081 (JSC::JSFunction::markChildren): 69082 (JSC::JSFunction::getCallData): 69083 (JSC::JSFunction::getOwnPropertySlot): 69084 (JSC::JSFunction::getConstructData): 69085 * runtime/JSFunction.h: 69086 (JSC::JSFunction::scope): 69087 (JSC::JSFunction::setScope): 69088 * runtime/JSGlobalData.cpp: 69089 (JSC::JSGlobalData::JSGlobalData): 69090 * runtime/JSGlobalData.h: 69091 * runtime/JSGlobalObject.cpp: 69092 (JSC::JSGlobalObject::init): 69093 (JSC::JSGlobalObject::markChildren): 69094 * runtime/JSGlobalObject.h: 69095 (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): 69096 (JSC::JSGlobalObject::globalScopeChain): 69097 * runtime/JSGlobalObjectFunctions.cpp: 69098 (JSC::globalFuncEval): 69099 * runtime/JSLock.cpp: 69100 * runtime/JSNumberCell.cpp: 69101 * runtime/JSZombie.cpp: 69102 * runtime/MarkedBlock.cpp: 69103 * runtime/MarkedSpace.cpp: 69104 * runtime/PropertyNameArray.cpp: 69105 * runtime/ScopeChain.cpp: 69106 (JSC::ScopeChainNode::print): 69107 (JSC::ScopeChainNode::localDepth): 69108 (JSC::ScopeChainNode::markChildren): 69109 * runtime/ScopeChain.h: 69110 (JSC::ScopeChainNode::ScopeChainNode): 69111 (JSC::ScopeChainNode::createStructure): 69112 (JSC::ScopeChainNode::push): 69113 (JSC::ScopeChainNode::pop): 69114 (JSC::ScopeChainIterator::ScopeChainIterator): 69115 (JSC::ScopeChainIterator::operator*): 69116 (JSC::ScopeChainIterator::operator->): 69117 (JSC::ScopeChainIterator::operator++): 69118 (JSC::ScopeChainNode::begin): 69119 (JSC::ScopeChainNode::end): 69120 (JSC::ExecState::globalData): 69121 (JSC::ExecState::lexicalGlobalObject): 69122 (JSC::ExecState::globalThisValue): 69123 * runtime/ScopeChainMark.h: 69124 * wtf/DateMath.cpp: 69125 691262011-02-27 Adam Barth <abarth@webkit.org> 69127 69128 Reviewed by Eric Seidel. 69129 69130 Implement WTF::randomNumber in terms of WTF::cryptographicallyRandomNumber when possible 69131 https://bugs.webkit.org/show_bug.cgi?id=55326 69132 69133 Currently, randomNumber does a bunch of platform-specific work that to 69134 get a cryptographic randomness when available. Instead, we should use 69135 cryptographicallyRandomNumber, which abstracts this work. 69136 Unfortunately, we can't remove all of the WTF::randomNumber 69137 implementation because not every port has access to cryptographically 69138 random numbers. 69139 69140 * wtf/RandomNumber.cpp: 69141 (WTF::randomNumber): 69142 691432011-02-27 Benjamin Poulain <ikipou@gmail.com> 69144 69145 Reviewed by Darin Adler. 69146 69147 Eliminate DeprecatedPtrList from RenderBlock 69148 https://bugs.webkit.org/show_bug.cgi?id=54972 69149 69150 Add methods find() and contains() using an adaptor to ListHashSet. 69151 Those method are like the one of HashSet, they allow to find objects 69152 based on a different key than the one used to define the set. 69153 69154 Add convenience methods for direct access to the head and tail of the list. 69155 Those methods are providing similar API/behavior as Vector. 69156 69157 * wtf/ListHashSet.h: 69158 (WTF::::first): 69159 (WTF::::last): 69160 (WTF::::removeLast): 69161 (WTF::ListHashSetTranslatorAdapter::hash): 69162 (WTF::ListHashSetTranslatorAdapter::equal): 69163 (WTF::::find): 69164 (WTF::::contains): 69165 691662011-02-26 Patrick Gansterer <paroga@webkit.org> 69167 69168 Reviewed by Andreas Kling. 69169 69170 Add support for DragonFly BSD 69171 https://bugs.webkit.org/show_bug.cgi?id=54407 69172 69173 DragonFly BSD is based on FreeBSD, so handle it like FreeBSD. 69174 69175 * wtf/Platform.h: 69176 691772011-02-26 Adam Barth <abarth@webkit.org> 69178 69179 Reviewed by Dimitri Glazkov. 69180 69181 JavaScriptCore should use the xcconfig file instead of importing that information into GYP 69182 https://bugs.webkit.org/show_bug.cgi?id=55282 69183 69184 Technically, this breaks the build because I had removed one of the 69185 warnings in this config file, but this change seems like an 69186 improvement. 69187 69188 * gyp/JavaScriptCore.gyp: 69189 691902011-02-26 Thouraya ANDOLSI <thouraya.andolsi@st.com> 69191 69192 Reviewed by Nikolas Zimmermann. 69193 69194 SH4 JIT SUPPORT 69195 https://bugs.webkit.org/show_bug.cgi?id=44329 69196 69197 Provide an ExecutableAllocater::cacheFlush() implementation for 69198 Linux/SH4. 69199 69200 * jit/ExecutableAllocator.h: 69201 (JSC::ExecutableAllocator::cacheFlush): 69202 692032011-02-25 Sheriff Bot <webkit.review.bot@gmail.com> 69204 69205 Unreviewed, rolling out r79627. 69206 http://trac.webkit.org/changeset/79627 69207 https://bugs.webkit.org/show_bug.cgi?id=55274 69208 69209 broke worker tests (Requested by olliej on #webkit). 69210 69211 * JavaScriptCore.exp: 69212 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 69213 * runtime/Heap.cpp: 69214 (JSC::Heap::allocate): 69215 * runtime/Heap.h: 69216 * runtime/JSCell.h: 69217 (JSC::JSCell::JSCell::operator new): 69218 (JSC::JSCell::MarkedSpace::sizeClassFor): 69219 (JSC::JSCell::MarkedSpace::allocate): 69220 * runtime/MarkedBlock.h: 69221 * runtime/MarkedSpace.cpp: 69222 (JSC::MarkedSpace::MarkedSpace): 69223 (JSC::MarkedSpace::allocateBlock): 69224 (JSC::MarkedSpace::reset): 69225 * runtime/MarkedSpace.h: 69226 (JSC::MarkedSpace::SizeClass::SizeClass): 69227 692282011-02-25 Michael Saboff <msaboff@apple.com> 69229 69230 Reviewed by Darin Adler. 69231 69232 Leak in JSParser::Scope of ScopeLabelInfo Vector 69233 https://bugs.webkit.org/show_bug.cgi?id=55249 69234 69235 Changed m_labels to be an OwnPtr<>. Added VectorTraits 69236 and Scope copy constructor to support this change. 69237 69238 * parser/JSParser.cpp: 69239 (JSC::JSParser::Scope::~Scope): 69240 692412011-02-25 Fumitoshi Ukai <ukai@chromium.org> 69242 69243 Reviewed by Adam Barth. 69244 69245 WebSocket uses insecure random numbers 69246 https://bugs.webkit.org/show_bug.cgi?id=54714 69247 69248 * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber() 69249 692502011-02-25 Patrick Gansterer <paroga@webkit.org> 69251 69252 Reviewed by Adam Roben. 69253 69254 Move timeBeginPeriod into OS(WINDOWS) section 69255 https://bugs.webkit.org/show_bug.cgi?id=55247 69256 69257 * jsc.cpp: 69258 (main): timeBeginPeriod is available on all Windows versions and not compiler specific. 69259 692602011-02-25 Patrick Gansterer <paroga@webkit.org> 69261 69262 Unreviewed WinCE build fix for r79695. 69263 69264 * jsc.cpp: 69265 (main): SetErrorMode isn't available on WinCE. 69266 692672011-02-25 Adam Roben <aroben@apple.com> 69268 69269 Work around Cygwin's crash-suppression behavior 69270 69271 Cygwin calls ::SetErrorMode(SEM_FAILCRITICALERRORS), which any processes it launches will 69272 inherit. This is bad for testing/debugging, as it causes the post-mortem debugger not to be 69273 invoked. (Cygwin does this because it makes crashes more UNIX-y.) We reset the error mode 69274 when our test apps launch to work around Cygwin's behavior. 69275 69276 Fixes <http://webkit.org/b/55222> Test apps crash silently (without invoking post-mortem 69277 debugger) when launched from Cygwin 1.7 69278 69279 Reviewed by Darin Adler. 69280 69281 * API/tests/testapi.c: Added a now-needed #include. 69282 (main): 69283 * jsc.cpp: 69284 (main): 69285 Call ::SetErrorMode(0) to undo Cygwin's folly. 69286 69287 * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Define NOMINMAX like many of our 69288 other projects do so that windows.h won't define min/max macros that interfere with 69289 std::numeric_limits<T>::min/max. 69290 692912011-02-24 Adam Barth <abarth@webkit.org> 69292 69293 Reviewed by Eric Seidel. 69294 69295 Add GYP project for JavaScriptCore 69296 https://bugs.webkit.org/show_bug.cgi?id=55027 69297 69298 Again, this GYP files is very rough, but it succeeds in building 69299 JavaScriptCore. There's a lot more work to do here, especially in the 69300 area of sharing with JavaScriptGlue.gyp. This patch is more of a 69301 checkpoint so that other folks can help out if they wish. 69302 69303 * gyp: Added. 69304 * gyp/JavaScriptCore.gyp: Added. 69305 * gyp/generate-derived-sources.sh: Added. 69306 693072011-02-24 Adam Barth <abarth@webkit.org> 69308 69309 Reviewed by Eric Seidel. 69310 69311 Add missing files to JavaScriptCore.gypi 69312 https://bugs.webkit.org/show_bug.cgi?id=55193 69313 69314 I forgot to add mm files in my previous patch. 69315 69316 * JavaScriptCore.gyp/JavaScriptCore.gyp: 69317 * JavaScriptCore.gypi: 69318 693192011-02-24 Adam Barth <abarth@webkit.org> 69320 69321 Reviewed by Eric Seidel. 69322 69323 Remove unused parameter name in GCActivityCallback.cpp 69324 https://bugs.webkit.org/show_bug.cgi?id=55194 69325 69326 This change is not strictly required for the GYP-based build system, 69327 but I noticed this error when working on the new build system. 69328 69329 * runtime/GCActivityCallback.cpp: 69330 (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): 69331 693322011-02-24 James Robinson <jamesr@chromium.org> 69333 69334 Reviewed by Darin Fisher. 69335 69336 Add a USE() macro to control use of the built-in UTF8 codec 69337 https://bugs.webkit.org/show_bug.cgi?id=55189 69338 69339 Defaults USE(BUILTIN_UTF8_CODEC) to true for all platforms except chromium, which controls the flag via features.gypi. 69340 69341 * wtf/Platform.h: 69342 693432011-02-24 Geoffrey Garen <ggaren@apple.com> 69344 69345 Reviewed by Darin Adler. 69346 69347 Variable-sized allocation (but still capped at 64 bytes) 69348 https://bugs.webkit.org/show_bug.cgi?id=55159 69349 69350 SunSpider reports no change. 69351 69352 * JavaScriptCore.exp: Some day, I hope not to have to edit this file. 69353 69354 * runtime/Heap.cpp: 69355 (JSC::Heap::allocateSlowCase): Split allocation into a fast and slow 69356 case, so the fast case can inline size class selection and turn it into 69357 a compile-time constant. 69358 69359 Changed the collect-on-every allocation debugging switch to collect only 69360 on every slow allocation, so you can still flip the switch without 69361 recompiling the world. This may also be preferable for debugging purposes, 69362 since collecting after every single allocation can be unusably slow, 69363 and can mask problems by running destructors early. 69364 69365 * runtime/Heap.h: Ditto. 69366 69367 * runtime/JSCell.h: 69368 (JSC::JSCell::MarkedSpace::sizeClassFor): 69369 (JSC::JSCell::Heap::allocate): 69370 (JSC::JSCell::JSCell::operator new): The inlining mentioned above. 69371 69372 * runtime/MarkedBlock.h: Dropped the block size from 256KB to 16KB. With 69373 multiple size classes, allocating a full 256KB for the first allocation 69374 in a given class can be pathologically wasteful. (8KB, or 4KB Mac and 69375 8KB Windows, would be even better, but that seems to be a peformance 69376 regression for now.) 69377 69378 * runtime/MarkedSpace.cpp: 69379 (JSC::MarkedSpace::MarkedSpace): 69380 (JSC::MarkedSpace::allocateBlock): 69381 (JSC::MarkedSpace::reset): There's more than one size class now, and its 69382 cell size is not constant. 69383 69384 * runtime/MarkedSpace.h: 69385 (JSC::MarkedSpace::SizeClass::SizeClass): Ditto. 69386 693872011-02-23 Oliver Hunt <oliver@apple.com> 69388 69389 Reviewed by Geoffrey Garen. 69390 69391 Make WeakGCMap use new handle infrastructure 69392 https://bugs.webkit.org/show_bug.cgi?id=55100 69393 69394 Remove old WeakGCMap implementation and move over to new handle 69395 based logic. 69396 69397 This has a number of benefits, most notably it makes a WeakGCMap 69398 always reflect the true state of the world by as all entries are 69399 removed at the first gc cycle that makes them dead. This allows 69400 us to get rid of code in a wide variety of objects where the only 69401 purpose was to remove themselves from maps. 69402 69403 It also means that we no longer need to have special "unchecked" 69404 versions of any functions on WeakGCMap. Alas in order to maintain 69405 compatibility with the JSWeakObjectMapClear API it is still 69406 necessary to have an api that resembles uncheckedRemove, this is 69407 now deprecatedRemove and will be dealt with in a later patch. 69408 69409 In order to get correct semantics in WeakGCMap we need more 69410 contextual information in the finalizer, so we've added an 69411 abstract class based finaliser and a context parameter to the 69412 calls. 69413 69414 The new an improved WeakGCMap also results in sigificantly more 69415 churn in the weak handle lists so exposed some potential problems 69416 during the post mark phase which have been rectified as well. 69417 69418 * API/JSWeakObjectMapRefPrivate.cpp: 69419 * API/JSWeakObjectMapRefPrivate.h: 69420 * runtime/Heap.cpp: 69421 (JSC::Heap::globalObjectCount): 69422 (JSC::Heap::protectedGlobalObjectCount): 69423 * runtime/JSGlobalData.cpp: 69424 (JSC::JSGlobalData::JSGlobalData): 69425 * runtime/JSGlobalData.h: 69426 * runtime/JSGlobalObject.cpp: 69427 (JSC::JSGlobalObject::~JSGlobalObject): 69428 (JSC::JSGlobalObject::init): 69429 * runtime/WeakGCMap.h: 69430 (JSC::WeakGCMap::iterator::iterator): 69431 (JSC::WeakGCMap::iterator::get): 69432 (JSC::WeakGCMap::iterator::getSlot): 69433 (JSC::WeakGCMap::iterator::operator++): 69434 (JSC::WeakGCMap::iterator::operator==): 69435 (JSC::WeakGCMap::iterator::operator!=): 69436 (JSC::WeakGCMap::WeakGCMap): 69437 (JSC::WeakGCMap::isEmpty): 69438 (JSC::WeakGCMap::clear): 69439 (JSC::WeakGCMap::get): 69440 (JSC::WeakGCMap::getSlot): 69441 (JSC::WeakGCMap::set): 69442 (JSC::WeakGCMap::take): 69443 (JSC::WeakGCMap::size): 69444 (JSC::WeakGCMap::deprecatedRemove): 69445 (JSC::WeakGCMap::begin): 69446 (JSC::WeakGCMap::end): 69447 (JSC::WeakGCMap::~WeakGCMap): 69448 (JSC::WeakGCMap::finalize): 69449 * runtime/WeakGCPtr.h: 69450 (JSC::WeakGCPtr::WeakGCPtr): 69451 (JSC::WeakGCPtr::set): 69452 694532011-02-24 Oliver Hunt <oliver@apple.com> 69454 69455 Reviewed by Gavin Barraclough. 69456 69457 Make weaklist processing deal with weak handles being removed during the iteration 69458 https://bugs.webkit.org/show_bug.cgi?id=55105 69459 69460 It is possible for the handle heap to end up in a broken state if 69461 a handle's finalizer removes either the current or next handle 69462 to be visited during the post-gc cleanup. This patch removes that 69463 problem by allowing the deallocate(Node*) routine to update the 69464 iterator if it is called during finalization. 69465 69466 * collector/handles/HandleHeap.cpp: 69467 (JSC::HandleHeap::HandleHeap): 69468 (JSC::HandleHeap::updateAfterMark): 69469 (JSC::HandleHeap::clearWeakPointers): 69470 (JSC::HandleHeap::writeBarrier): 69471 (JSC::HandleHeap::protectedGlobalObjectCount): 69472 * collector/handles/HandleHeap.h: 69473 (JSC::Finalizer::~Finalizer): 69474 (JSC::HandleHeap::getFinalizer): 69475 (JSC::HandleHeap::deallocate): 69476 (JSC::HandleHeap::makeWeak): 69477 (JSC::HandleHeap::makeSelfDestroying): 69478 (JSC::HandleHeap::Node::Node): 69479 (JSC::HandleHeap::Node::setFinalizer): 69480 (JSC::HandleHeap::Node::finalizer): 69481 (JSC::HandleHeap::Node::finalizerContext): 69482 * interpreter/RegisterFile.cpp: 69483 (JSC::RegisterFile::setGlobalObject): 69484 (JSC::GlobalObjectNotifier::finalize): 69485 (JSC::RegisterFile::globalObjectCollectedNotifier): 69486 * interpreter/RegisterFile.h: 69487 (JSC::RegisterFile::RegisterFile): 69488 * runtime/Heap.cpp: 69489 (JSC::Heap::destroy): 69490 * runtime/WeakGCPtr.h: 69491 (JSC::WeakGCPtr::WeakGCPtr): 69492 (JSC::WeakGCPtr::set): 69493 694942011-02-24 Michael Saboff <msaboff@apple.com> 69495 69496 Reviewed by Oliver Hunt. 69497 69498 PatternAlternative leaked in YarrPatternConstructor::atomParenthesesEnd() 69499 https://bugs.webkit.org/show_bug.cgi?id=55156 69500 69501 Added code to delete unneeded PatternAlternative after it is removed 69502 from m_alternatives Vector. 69503 69504 * yarr/YarrPattern.cpp: 69505 (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd): 69506 695072011-02-24 Eric Seidel <eric@webkit.org> 69508 69509 Reviewed by Anders Carlsson. 69510 69511 VectorBuffer should not call malloc(0) 69512 https://bugs.webkit.org/show_bug.cgi?id=55091 69513 69514 Turns out the malloc() call which was so hot in: 69515 https://bugs.webkit.org/show_bug.cgi?id=55005 69516 was actually just malloc(0). 69517 69518 We shouldn't be calling malloc(0) anyway, since there is no need to 69519 and it might actually do work on some systems. 69520 I believe on Mac it ends up taking the standard spinlocks (expensive) 69521 and the code on Brew actually does a malloc(1) instead. Neither is desirable. 69522 69523 * wtf/Vector.h: 69524 (WTF::VectorBufferBase::allocateBuffer): 69525 (WTF::VectorBufferBase::tryAllocateBuffer): 69526 695272011-02-24 Patrick Gansterer <paroga@webkit.org> 69528 69529 Reviewed by Darin Adler. 69530 69531 Remove obsolete PLATFORM(CI) 69532 https://bugs.webkit.org/show_bug.cgi?id=55082 69533 69534 * wtf/Platform.h: 69535 695362011-02-24 Martin Robinson <mrobinson@igalia.com> 69537 69538 Reviewed by Xan Lopez. 69539 69540 [GTK] Remove the GFile GOwnPtr specialization 69541 https://bugs.webkit.org/show_bug.cgi?id=55154 69542 69543 Remove the GFile specialization of GOwnPtr. It's sufficient to use GRefPtr 69544 to track GFiles since they are just regular reference-counted GObjects. 69545 69546 * wtf/gobject/GOwnPtr.cpp: Remove GFile specialization. 69547 * wtf/gobject/GOwnPtr.h: Ditto. 69548 695492011-02-24 Patrick Gansterer <paroga@webkit.org> 69550 69551 Reviewed by Eric Seidel. 69552 69553 Rename PLATFORM(SKIA) to USE(SKIA) 69554 https://bugs.webkit.org/show_bug.cgi?id=55090 69555 69556 * wtf/Platform.h: 69557 695582011-02-24 Patrick Gansterer <paroga@webkit.org> 69559 69560 Reviewed by Alexey Proskuryakov. 69561 69562 Remove pthreads dependecy for JSLock 69563 https://bugs.webkit.org/show_bug.cgi?id=54832 69564 69565 JSLock is only needed to support an obsolete execution model where JavaScriptCore 69566 automatically protected against concurrent access from multiple threads. 69567 So it's safe to disable it on non-mac platforms where we don't have native pthreads. 69568 69569 * runtime/JSLock.cpp: 69570 695712011-02-24 Chao-ying Fu <fu@mips.com> 69572 69573 Reviewed by Eric Seidel. 69574 69575 Fix MIPS build with new patchOffsetPut/GetByIdPropertyMapOffset1/2 values 69576 https://bugs.webkit.org/show_bug.cgi?id=54997 69577 69578 * jit/JIT.h: 69579 * jit/JITStubs.cpp: 69580 (JSC::JITThunks::JITThunks): 69581 695822011-02-24 Andras Becsi <abecsi@webkit.org> 69583 69584 Reviewed by Laszlo Gombos. 69585 69586 [Qt] MinGW build fails to link 69587 https://bugs.webkit.org/show_bug.cgi?id=55050 69588 69589 Prepend the libraries of subcomponents instead of appending them 69590 to fix the library order according to the dependency of the libraries 69591 69592 * JavaScriptCore.pri: rename addJavaScriptCore to prependJavaScriptCore 69593 * jsc.pro: ditto 69594 695952011-02-24 Eric Seidel <eric@webkit.org> 69596 69597 Reviewed by Adam Barth. 69598 69599 Deque<T> should support inline capacity 69600 https://bugs.webkit.org/show_bug.cgi?id=55032 69601 69602 The title says it all. There are currently no places 69603 which use this code yet, however it's been tested in conjunction 69604 with code for bug 55005. 69605 69606 This also adds an ASSERT that capacity is never 1. If you were able 69607 to set the capacity equal to 1, the Deque would just get confused 69608 and happily append your item but still think it had size 0. 69609 69610 * wtf/Deque.h: 69611 (WTF::DequeIterator::DequeIterator): 69612 (WTF::DequeConstIterator::DequeConstIterator): 69613 (WTF::DequeReverseIterator::DequeReverseIterator): 69614 (WTF::DequeConstReverseIterator::DequeConstReverseIterator): 69615 (WTF::::checkValidity): 69616 (WTF::::checkIndexValidity): 69617 (WTF::::invalidateIterators): 69618 (WTF::::Deque): 69619 (WTF::deleteAllValues): 69620 (WTF::::operator): 69621 (WTF::::destroyAll): 69622 (WTF::::~Deque): 69623 (WTF::::swap): 69624 (WTF::::clear): 69625 (WTF::::findIf): 69626 (WTF::::expandCapacityIfNeeded): 69627 (WTF::::expandCapacity): 69628 (WTF::::takeFirst): 69629 (WTF::::append): 69630 (WTF::::prepend): 69631 (WTF::::removeFirst): 69632 (WTF::::remove): 69633 (WTF::::addToIteratorsList): 69634 (WTF::::removeFromIteratorsList): 69635 (WTF::::DequeIteratorBase): 69636 (WTF::::~DequeIteratorBase): 69637 (WTF::::isEqual): 69638 (WTF::::increment): 69639 (WTF::::decrement): 69640 (WTF::::after): 69641 (WTF::::before): 69642 * wtf/Vector.h: 69643 696442011-02-22 Adam Barth <abarth@webkit.org> 69645 69646 Reviewed by Ojan Vafai. 69647 69648 Add missing files to JavaScriptCore.gypi 69649 https://bugs.webkit.org/show_bug.cgi?id=55020 69650 69651 gypi files are supposed to list every file under the sun. This patch 69652 adds some missing files and sorts the rest. 69653 69654 * JavaScriptCore.gypi: 69655 696562011-02-23 Geoffrey Garen <ggaren@apple.com> 69657 69658 Reviewed by Darin Adler. 69659 69660 Refactored MarkedSpace to operate in terms of size classes 69661 https://bugs.webkit.org/show_bug.cgi?id=55106 69662 69663 SunSpider reports no change. 69664 69665 * runtime/JSCell.h: 69666 (JSC::JSCell::MarkedSpace::sizeClassFor): 69667 (JSC::JSCell::MarkedSpace::allocate): Delegate allocation based on size 69668 class. Since these functions are inline, the compiler can constant fold 69669 them. 69670 69671 * runtime/MarkedBlock.h: 69672 (JSC::MarkedBlock::cellSize): 69673 (JSC::MarkedBlock::size): Factored out a cellSize() helper. 69674 69675 * runtime/MarkedSpace.cpp: 69676 (JSC::MarkedSpace::allocateBlock): 69677 (JSC::MarkedSpace::allocateFromSizeClass): 69678 (JSC::MarkedSpace::shrink): 69679 (JSC::MarkedSpace::reset): 69680 * runtime/MarkedSpace.h: 69681 (JSC::MarkedSpace::SizeClass::SizeClass): 69682 (JSC::MarkedSpace::SizeClass::reset): Changed to operate in terms of 69683 abstract SizeClass objects, which are independent linked lists of blocks 69684 of a certain size class, instead of a single m_heap object. 69685 696862011-02-23 Adam Barth <abarth@webkit.org> 69687 69688 Reviewed by James Robinson. 69689 69690 [Chromium] Use WebKitClient for OSRandomSource instead of trying to talk to the file system in the sandbox 69691 https://bugs.webkit.org/show_bug.cgi?id=55093 69692 69693 Exclude OSRandomSource.cpp from the Chromium build. This function is 69694 implemented in WebKit/chromium/src instead. 69695 69696 * JavaScriptCore.gyp/JavaScriptCore.gyp: 69697 696982011-02-23 Oliver Hunt <oliver@apple.com> 69699 69700 Roll out r64156 as it introduces incorrect behaviour. 69701 69702 * runtime/JSByteArray.h: 69703 (JSC::JSByteArray::setIndex): 69704 697052011-02-23 Geoffrey Garen <ggaren@apple.com> 69706 69707 Reviewed by Oliver Hunt. 69708 69709 Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation 69710 https://bugs.webkit.org/show_bug.cgi?id=55079 69711 69712 SunSpider reports no change. 69713 69714 * runtime/Heap.cpp: 69715 (JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace, 69716 since we want Heap to logically control MarkedSpace. MarkedSpace should 69717 never choose to sweep itself. 69718 69719 * runtime/JSCell.h: 69720 (JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a 69721 member of MarkedBlock. No need to reset nextAtom to firstAtom() when 69722 we reach the end of a block, since there's now an explicit reset pass 69723 during GC. 69724 69725 * runtime/MarkedBlock.cpp: 69726 (JSC::MarkedBlock::MarkedBlock): 69727 * runtime/MarkedBlock.h: 69728 (JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered 69729 some data members to improve cache locality. 69730 69731 * runtime/MarkedSpace.cpp: 69732 (JSC::MarkedSpace::MarkedSpace): 69733 (JSC::MarkedSpace::allocate): 69734 (JSC::MarkedSpace::reset): 69735 * runtime/MarkedSpace.h: 69736 (JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an 69737 explicit reset pass. 69738 697392011-02-23 James Robinson <jamesr@chromium.org> 69740 69741 Unreviewed, rolling out r79428. 69742 http://trac.webkit.org/changeset/79428 69743 https://bugs.webkit.org/show_bug.cgi?id=54714 69744 69745 Does not work in the Chromium sandbox 69746 69747 * JavaScriptCore.exp: 69748 697492011-02-23 Adam Roben <aroben@apple.com> 69750 69751 Fix an off-by-one error in JSC::appendSourceToError 69752 69753 Looks like this bug has been around since the code was first added in r35245. 69754 69755 Fixes <http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError 69756 when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled 69757 69758 Reviewed by Darin Adler. 69759 69760 * interpreter/Interpreter.cpp: 69761 (JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the 69762 character at stop-1 rather than at stop. At this point in the code, stop represents the 69763 index just past the end of the characters we care about, and can even be just past the end 69764 of the entire data buffer. 69765 697662011-02-23 Geoffrey Garen <ggaren@apple.com> 69767 69768 Reviewed by Darin Adler. 69769 69770 Rolled back in r79367 with SnowLeopard Release bot crash fixed. 69771 https://bugs.webkit.org/show_bug.cgi?id=54999 69772 69773 The crash was caused by failure to update the "nextBlock" pointer when 69774 removing a block from the list while shrinking. The fix is to update the 69775 "nextBlock" pointer. 69776 69777 This crash was very rare because it only happened in cases where the very 69778 first block in the heap contained no marked cells. 69779 697802011-02-23 Dan Bernstein <mitz@apple.com> 69781 69782 Reviewed by Gavin Barraclough. 69783 69784 Include frame numbers in backtraces. 69785 https://bugs.webkit.org/show_bug.cgi?id=55060 69786 69787 * wtf/Assertions.cpp: 69788 697892011-02-23 Xan Lopez <xlopez@igalia.com> 69790 69791 Reviewed by Gavin Barraclough. 69792 69793 latest jsc for armv7 crashes in sunspider tests 69794 https://bugs.webkit.org/show_bug.cgi?id=54667 69795 69796 Update JIT offset values in ARMv7 after r78732. Fixes crashes in 69797 SunSpider and JavaScript tests. 69798 69799 * jit/JIT.h: update values. 69800 698012011-02-23 Sheriff Bot <webkit.review.bot@gmail.com> 69802 69803 Unreviewed, rolling out r79418. 69804 http://trac.webkit.org/changeset/79418 69805 https://bugs.webkit.org/show_bug.cgi?id=55043 69806 69807 "breaks shlib linux build" (Requested by morrita on #webkit). 69808 69809 * JavaScriptCore.gyp/JavaScriptCore.gyp: 69810 * JavaScriptCore.gypi: 69811 698122011-02-23 Patrick Gansterer <paroga@webkit.org> 69813 69814 Reviewed by Alexey Proskuryakov. 69815 69816 Use DEFINE_STATIC_LOCAL for ignoreSetMutex in Structure.cpp 69817 https://bugs.webkit.org/show_bug.cgi?id=54831 69818 69819 * runtime/InitializeThreading.cpp: 69820 (JSC::initializeThreadingOnce): 69821 * runtime/Structure.cpp: 69822 (JSC::ignoreSetMutex): 69823 (JSC::Structure::Structure): 69824 (JSC::Structure::~Structure): 69825 (JSC::Structure::initializeThreading): 69826 * runtime/Structure.h: 69827 698282011-02-23 Patrick Gansterer <paroga@webkit.org> 69829 69830 Reviewed by Darin Adler. 69831 69832 Rename PLATFORM(CF) to USE(CF) 69833 https://bugs.webkit.org/show_bug.cgi?id=53540 69834 69835 * runtime/DatePrototype.cpp: 69836 * runtime/GCActivityCallbackCF.cpp: 69837 * runtime/JSGlobalData.cpp: 69838 (JSC::JSGlobalData::JSGlobalData): 69839 * wtf/CurrentTime.cpp: 69840 * wtf/Platform.h: 69841 * wtf/text/AtomicString.h: 69842 * wtf/text/StringImpl.h: 69843 (WTF::StringImpl::computeHash): 69844 * wtf/text/WTFString.h: 69845 * wtf/unicode/icu/CollatorICU.cpp: 69846 (WTF::Collator::userDefault): 69847 698482011-02-23 Fumitoshi Ukai <ukai@chromium.org> 69849 69850 Unreviewed build fix for Windows. 69851 69852 WebSocket uses insecure random numbers 69853 https://bugs.webkit.org/show_bug.cgi?id=54714 69854 69855 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export WTF::cryptographicallyRandomNumber() 69856 698572011-02-23 Fumitoshi Ukai <ukai@chromium.org> 69858 69859 Reviewed by Adam Barth. 69860 69861 WebSocket uses insecure random numbers 69862 https://bugs.webkit.org/show_bug.cgi?id=54714 69863 69864 * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber() 69865 698662011-02-22 Adam Barth <abarth@webkit.org> 69867 69868 Reviewed by Ojan Vafai. 69869 69870 Add missing files to JavaScriptCore.gypi 69871 https://bugs.webkit.org/show_bug.cgi?id=55020 69872 69873 gypi files are supposed to list every file under the sun. This patch 69874 adds some missing files and sorts the rest. 69875 69876 * JavaScriptCore.gypi: 69877 698782011-02-22 Sheriff Bot <webkit.review.bot@gmail.com> 69879 69880 Unreviewed, rolling out r79367. 69881 http://trac.webkit.org/changeset/79367 69882 https://bugs.webkit.org/show_bug.cgi?id=55012 69883 69884 all layout tests are crashing on Snow Leopard (Requested by 69885 rniwa on #webkit). 69886 69887 * GNUmakefile.am: 69888 * JavaScriptCore.gypi: 69889 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 69890 * JavaScriptCore.xcodeproj/project.pbxproj: 69891 * runtime/MarkedBlock.cpp: 69892 (JSC::MarkedBlock::MarkedBlock): 69893 * runtime/MarkedBlock.h: 69894 * runtime/MarkedSpace.cpp: 69895 (JSC::MarkedSpace::destroy): 69896 (JSC::MarkedSpace::allocateBlock): 69897 (JSC::MarkedSpace::freeBlock): 69898 (JSC::MarkedSpace::allocate): 69899 (JSC::MarkedSpace::shrink): 69900 (JSC::MarkedSpace::reset): 69901 * runtime/MarkedSpace.h: 69902 (JSC::CollectorHeap::collectorBlock): 69903 * wtf/CMakeLists.txt: 69904 * wtf/DoublyLinkedList.h: Removed. 69905 699062011-02-22 Geoffrey Garen <ggaren@apple.com> 69907 69908 Reviewed by Oliver Hunt. 69909 69910 Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1) 69911 https://bugs.webkit.org/show_bug.cgi?id=54999 69912 69913 SunSpider reports no change. 69914 69915 * GNUmakefile.am: 69916 * JavaScriptCore.gypi: 69917 * JavaScriptCore.vcproj/WTF/WTF.vcproj: 69918 * JavaScriptCore.xcodeproj/project.pbxproj: So many build systems, so little time. 69919 * wtf/CMakeLists.txt: 69920 69921 * runtime/MarkedBlock.cpp: 69922 (JSC::MarkedBlock::MarkedBlock): 69923 * runtime/MarkedBlock.h: 69924 (JSC::MarkedBlock::setPrev): 69925 (JSC::MarkedBlock::setNext): 69926 (JSC::MarkedBlock::prev): 69927 (JSC::MarkedBlock::next): Added linked list data members and accessors. 69928 69929 * runtime/MarkedSpace.cpp: 69930 (JSC::MarkedSpace::destroy): 69931 (JSC::MarkedSpace::allocateBlock): Stop using vector, since it doesn't exist anymore. 69932 69933 (JSC::MarkedSpace::freeBlocks): New helper function for updating relevant 69934 data structures when freeing blocks. 69935 69936 (JSC::MarkedSpace::allocate): Updated for nextBlock being a pointer and 69937 not a vector index. 69938 69939 (JSC::MarkedSpace::shrink): Construct a temporary list of empties and 69940 then free them, to avoid modifying our hash table while iterating it. 69941 This wasn't a concern before because we were using indirect array 69942 indexing, not direct pointer indexing. 69943 69944 (JSC::MarkedSpace::reset): Updated for nextBlock being a pointer and 69945 not a vector index. 69946 69947 * runtime/MarkedSpace.h: 69948 (JSC::CollectorHeap::CollectorHeap): Changed data type from vector to linked list. 69949 69950 * wtf/DoublyLinkedList.h: Added. New linked list class. 69951 (WTF::::DoublyLinkedList): 69952 (WTF::::isEmpty): 69953 (WTF::::head): 69954 (WTF::::append): 69955 (WTF::::remove): 69956 699572011-02-22 Gavin Barraclough <barraclough@apple.com> 69958 69959 Windows build fix. 69960 69961 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 69962 699632011-02-22 Gavin Barraclough <barraclough@apple.com> 69964 69965 Reviewed by Sam Weinig. 69966 69967 Bug 54988 - Re-create StructureTransitionTable class, encapsulate transition table 69968 69969 The Structure class keeps a table of transitions to derived Structure types. Since 69970 this table commonly contains a single entry we employ an optimization where instead 69971 of holding a map, we may hold a pointer directly to a single instance of the mapped 69972 type. We use an additional bit of data to flag whether the pointer is currently 69973 pointing to a table of transitions, or a singleton transition. Previously we had 69974 commonly used a pattern of storing data in the low bits of pointers, but had moved 69975 away from this since it causes false leaks to be reported by the leaks tool. However 69976 in this case, the entries in the map are weak links - this pointer will never be 69977 responsible for keeping an object alive. As such we can use this approach provided 69978 that the bit is set when a table is not in use (otherwise the table would appear to 69979 be leaked). 69980 69981 Additionally, the transition table currently allows two entries to exist for a given 69982 key - one specialized to a particular value, and one not specialized. This is 69983 unnecessary, wasteful, and a little inconsistent. (If you create an entry for a 69984 specialized value, then a non-specialized entry, both will exist. If you create an 69985 entry for a non-specialized value, then try to create a specialized entry, only a 69986 non-specialized form will be allowed.) 69987 69988 This shows a small progression on v8. 69989 69990 * JavaScriptCore.exp: 69991 * runtime/JSObject.h: 69992 (JSC::JSObject::putDirectInternal): 69993 * runtime/Structure.cpp: 69994 (JSC::StructureTransitionTable::contains): 69995 (JSC::StructureTransitionTable::get): 69996 (JSC::StructureTransitionTable::remove): 69997 (JSC::StructureTransitionTable::add): 69998 (JSC::Structure::dumpStatistics): 69999 (JSC::Structure::Structure): 70000 (JSC::Structure::~Structure): 70001 (JSC::Structure::addPropertyTransitionToExistingStructure): 70002 (JSC::Structure::addPropertyTransition): 70003 * runtime/Structure.h: 70004 (JSC::Structure::get): 70005 * runtime/StructureTransitionTable.h: 70006 (JSC::StructureTransitionTable::Hash::hash): 70007 (JSC::StructureTransitionTable::Hash::equal): 70008 (JSC::StructureTransitionTable::HashTraits::emptyValue): 70009 (JSC::StructureTransitionTable::HashTraits::constructDeletedValue): 70010 (JSC::StructureTransitionTable::HashTraits::isDeletedValue): 70011 (JSC::StructureTransitionTable::StructureTransitionTable): 70012 (JSC::StructureTransitionTable::~StructureTransitionTable): 70013 (JSC::StructureTransitionTable::isUsingSingleSlot): 70014 (JSC::StructureTransitionTable::map): 70015 (JSC::StructureTransitionTable::setMap): 70016 (JSC::StructureTransitionTable::singleTransition): 70017 (JSC::StructureTransitionTable::setSingleTransition): 70018 700192011-02-22 Andras Becsi <abecsi@webkit.org> 70020 70021 Reviewed by Laszlo Gombos. 70022 70023 [Qt] Redesign the build system 70024 https://bugs.webkit.org/show_bug.cgi?id=51339 70025 70026 Part 2. 70027 70028 Build WebCore as a static library, compile the WebKit API and WebKit2 API 70029 in a final step and link to WebKit2, WebCore and JSC libraries to fix 70030 linking issues resulting from stripped away symbols. 70031 70032 * JavaScriptCore.pri: Remove the workaround. 70033 700342011-02-21 Adam Roben <aroben@apple.com> 70035 70036 Fix linker warning on Windows 70037 70038 r79135 tried to export JSObject::s_info by adding it to JavaScriptCore.def. This is the 70039 obvious way (since it's how we export functions), but unfortunately it doesn't work correct. 70040 r79222 made us export it the right way (using the JS_EXPORTDATA macro), but forgot to remove 70041 it from JavaScriptCore.def. This caused us to get linker warnings about exporting the symbol 70042 multiple times. 70043 70044 Rubber-stamped by Anders Carlsson. 70045 70046 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSObject::s_info. 70047 700482011-02-21 Brian Weinstein <bweinstein@apple.com> 70049 70050 Reviewed by Adam Roben. 70051 70052 WebResourceCacheManager should be responsible for managing the CFURLCache as well 70053 as the WebCore memory cache. 70054 https://bugs.webkit.org/show_bug.cgi?id=54886 70055 Part of <rdar://problem/8971738> 70056 70057 Add a new use flag for using the CFURLCache. 70058 70059 * wtf/Platform.h: 70060 700612011-02-21 Xan Lopez <xlopez@igalia.com> 70062 70063 Reviewed by Gavin Barraclough. 70064 70065 Use ASSERT_JIT_OFFSET in JITPropertyAccess32_64.cpp 70066 https://bugs.webkit.org/show_bug.cgi?id=54901 70067 70068 * jit/JIT.h: swap actual and expected values in message, they were 70069 reversed. 70070 * jit/JITCall32_64.cpp: 70071 (JSC::JIT::compileOpCall): use ASSERT_JIT_OFFSET instead of 70072 a simple ASSERT. 70073 * jit/JITPropertyAccess32_64.cpp: 70074 (JSC::JIT::emit_op_method_check): ditto. 70075 (JSC::JIT::compileGetByIdHotPath): ditto. 70076 (JSC::JIT::compileGetByIdSlowCase): ditto. 70077 (JSC::JIT::emit_op_put_by_id): ditto. 70078 700792011-02-21 Gavin Barraclough <barraclough@apple.com> 70080 70081 Ruber stamped by Sam Weinig 70082 70083 Bug 54899 - Math.LOG10E should be 0.4342944819032518 70084 This value is quoted in section 15.8.1.5 of the spec. 70085 70086 * runtime/MathObject.cpp: 70087 (JSC::MathObject::MathObject): 70088 700892011-02-21 Gavin Barraclough <barraclough@apple.com> 70090 70091 Reviewed by Sam Weinig. 70092 70093 Bug 54894 - Make inheritance structure described by ClassInfo match C++ class hierarchy. 70094 70095 The ClassInfo objects describe an inheritance hierarchy, with each ClassInfo instance 70096 containing a pointer to its parent class. These links should reflect the inheritance 70097 hierarchy of C++ classes below JSObject. For the large part it does, but in some cases 70098 entries in the C++ hierarchy are skipped over. This presently likely doesn't matter, 70099 since intervening C++ classes may not have ClassInfo - but would be a potential bug 70100 were ClassInfo were to be added. 70101 70102 * API/JSCallbackConstructor.cpp: 70103 * API/JSCallbackFunction.cpp: 70104 * API/JSCallbackObjectFunctions.h: 70105 * runtime/Arguments.h: 70106 * runtime/ArrayPrototype.cpp: 70107 * runtime/BooleanObject.cpp: 70108 * runtime/DateInstance.cpp: 70109 * runtime/DatePrototype.cpp: 70110 * runtime/ErrorInstance.cpp: 70111 * runtime/InternalFunction.cpp: 70112 * runtime/JSActivation.cpp: 70113 * runtime/JSArray.cpp: 70114 * runtime/JSFunction.cpp: 70115 * runtime/JSONObject.cpp: 70116 * runtime/JSObject.h: 70117 * runtime/JSZombie.h: 70118 * runtime/MathObject.cpp: 70119 * runtime/NativeErrorConstructor.cpp: 70120 * runtime/NumberConstructor.cpp: 70121 * runtime/NumberObject.cpp: 70122 * runtime/RegExpConstructor.cpp: 70123 * runtime/RegExpObject.cpp: 70124 * runtime/StringObject.cpp: 70125 * runtime/StringPrototype.cpp: 70126 701272011-02-21 Adam Roben <aroben@apple.com> 70128 70129 Export JSObject::s_info from JavaScriptCore.dll 70130 70131 This matches what we do for all other ClassInfo objects that WebCore needs access to. 70132 70133 Fixes <http://webkit.org/b/54881> REGRESSION (r79132): Lots of tests crashing in 70134 JSCell::inherits on Windows 70135 70136 Reviewed by Sam Weinig. 70137 70138 * runtime/JSObject.h: Added JS_EXPORTDATA to s_info. 70139 701402011-02-21 Kristian Amlie <kristian.amlie@nokia.com> 70141 70142 Reviewed by Andreas Kling. 70143 70144 Switched to compiler based detection, where the error actually is. 70145 70146 It is not the platform that needs the workaround, it is the compiler. 70147 70148 QtWebKit fails to compile on Windows XP with msvc-2008 70149 https://bugs.webkit.org/show_bug.cgi?id=54746 70150 70151 * bytecode/CodeBlock.h: 70152 * runtime/RegExpObject.h: 70153 701542011-02-20 Gavin Barraclough <barraclough@apple.com> 70155 70156 Reviewed by Oliver Hunt. 70157 70158 https://bugs.webkit.org/show_bug.cgi?id=54839 70159 Remove PrototypeFunction, NativeFunctionWrapper, and GlobalEvalFunction. 70160 70161 Historically, Native functions used to be represented by PrototypeFunctions, however 70162 since introducing call optimizations to the JIT this has used JSFunctions for host 70163 calls too. At the point this change was made, the interpreter continued to use 70164 PrototypeFunctions, however since fallback from the JIT to interpreter was introduced 70165 the interpreter has had to be able to run using host functions represented using 70166 JSFunctions - leading to an unnecessary and redundant divergence in behaviour between 70167 interpreter only builds, and situations where the JIT has fallen back to interpreting. 70168 70169 NativeFunctionWrapper only existed to select between PrototypeFunction and JSFunction 70170 for wrappers for host functions, and as such can also be removed. 70171 70172 GlobalEvalFunction is a redundant wrapper that happens to be derived from 70173 PrototypeFunction. It existed to hold a reference to the global object - but since all 70174 functions how derive from JSObjectWithGlobalObject, this no longer requires an 70175 additional class to provide this functionality. 70176 70177 * JavaScriptCore.JSVALUE32_64only.exp: 70178 * JavaScriptCore.JSVALUE64only.exp: 70179 * JavaScriptCore.xcodeproj/project.pbxproj: 70180 Removed symbols / references to files. 70181 70182 * runtime/GlobalEvalFunction.cpp: Removed. 70183 * runtime/GlobalEvalFunction.h: Removed. 70184 * runtime/NativeFunctionWrapper.h: Removed. 70185 * runtime/PrototypeFunction.cpp: Removed. 70186 * runtime/PrototypeFunction.h: Removed. 70187 Removed. 70188 70189 * runtime/Executable.cpp: 70190 (JSC::NativeExecutable::~NativeExecutable): 70191 * runtime/Executable.h: 70192 (JSC::NativeExecutable::create): 70193 (JSC::NativeExecutable::NativeExecutable): 70194 (JSC::JSFunction::nativeFunction): 70195 * runtime/JSFunction.cpp: 70196 (JSC::callHostFunctionAsConstructor): 70197 (JSC::JSFunction::JSFunction): 70198 (JSC::JSFunction::getCallData): 70199 * runtime/JSFunction.h: 70200 * runtime/JSGlobalData.cpp: 70201 (JSC::JSGlobalData::getHostFunction): 70202 * runtime/JSGlobalData.h: 70203 (JSC::JSGlobalData::getCTIStub): 70204 Added interpreter-friendly constructors for NativeExecutables. 70205 70206 * bytecompiler/BytecodeGenerator.cpp: 70207 * interpreter/Interpreter.cpp: 70208 * jit/JITStubs.cpp: 70209 * jsc.cpp: 70210 * runtime/ArrayConstructor.cpp: 70211 * runtime/BooleanPrototype.cpp: 70212 * runtime/BooleanPrototype.h: 70213 * runtime/CallData.h: 70214 * runtime/DateConstructor.cpp: 70215 * runtime/DateConstructor.h: 70216 * runtime/ErrorPrototype.cpp: 70217 * runtime/ErrorPrototype.h: 70218 * runtime/FunctionPrototype.cpp: 70219 * runtime/FunctionPrototype.h: 70220 * runtime/JSGlobalObject.cpp: 70221 * runtime/JSGlobalObject.h: 70222 * runtime/JSGlobalObjectFunctions.cpp: 70223 * runtime/Lookup.cpp: 70224 * runtime/NumberPrototype.cpp: 70225 * runtime/NumberPrototype.h: 70226 * runtime/ObjectConstructor.cpp: 70227 * runtime/ObjectConstructor.h: 70228 * runtime/ObjectPrototype.cpp: 70229 * runtime/ObjectPrototype.h: 70230 * runtime/RegExpPrototype.cpp: 70231 * runtime/RegExpPrototype.h: 70232 * runtime/SmallStrings.h: 70233 * runtime/StringConstructor.cpp: 70234 * runtime/StringConstructor.h: 70235 Removed use of redundant classes. 70236 702372011-02-19 Laszlo Gombos <laszlo.1.gombos@nokia.com> 70238 70239 Unreviewed build fix for Symbian. 70240 70241 [Symbian] Revert the removal of linking 70242 against hal after r79126. 70243 70244 Dependency on the hal library can not be removed 70245 as it is still used (e.g. in MarkStackSymbian.cpp). 70246 70247 * JavaScriptCore.pri: 70248 702492011-02-19 Gavin Barraclough <barraclough@apple.com> 70250 70251 Interpreter build fix. 70252 70253 * runtime/ArrayConstructor.cpp: 70254 * runtime/BooleanPrototype.cpp: 70255 * runtime/DateConstructor.cpp: 70256 * runtime/ErrorPrototype.cpp: 70257 * runtime/FunctionPrototype.cpp: 70258 * runtime/Lookup.cpp: 70259 * runtime/NumberPrototype.cpp: 70260 * runtime/ObjectConstructor.cpp: 70261 * runtime/ObjectPrototype.cpp: 70262 * runtime/RegExpPrototype.cpp: 70263 * runtime/StringConstructor.cpp: 70264 702652011-02-19 Gavin Barraclough <barraclough@apple.com> 70266 70267 Build fix!! 70268 70269 * JavaScriptCore.exp: 70270 702712011-02-19 Gavin Barraclough <barraclough@apple.com> 70272 70273 Windows build fix!! 70274 70275 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 70276 702772011-02-19 Gavin Barraclough <barraclough@apple.com> 70278 70279 Windows build fix! 70280 70281 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 70282 702832011-02-19 Gavin Barraclough <barraclough@apple.com> 70284 70285 Build fix! 70286 70287 * JavaScriptCore.exp: 70288 702892011-02-18 Gavin Barraclough <barraclough@apple.com> 70290 70291 Reviewed by Sam Weinig. 70292 70293 Bug 54786 - Devirtualize JSCell::classInfo() 70294 70295 Instead of making a virtual function call, add a pointer to the ClassInfo 70296 onto Structure. 70297 70298 This removes a virtual function call, and paves the way towards removing all 70299 the createStructure methods, and StructureFlags/AnonymousSlotCount properties 70300 (these should be able to move onto ClassInfo). 70301 70302 Calls to Structure::create must now pass a pointer to the ClassInfo for the 70303 structure. All objects now have a ClassInfo pointer, non-object cell types 70304 still do not. 70305 70306 Changes are most mechanical, involving three steps: 70307 * Remove virtual classInfo() methods. 70308 * Add &s_info parameter to calls to Structure::create. 70309 * Rename ClassInfo static members on classes from 'info' to 's_info', 70310 for consistency. 70311 70312 * API/JSCallbackConstructor.cpp: 70313 * API/JSCallbackConstructor.h: 70314 * API/JSCallbackFunction.cpp: 70315 * API/JSCallbackFunction.h: 70316 * API/JSCallbackObject.cpp: 70317 * API/JSCallbackObject.h: 70318 * API/JSCallbackObjectFunctions.h: 70319 * API/JSObjectRef.cpp: 70320 * API/JSValueRef.cpp: 70321 * API/JSWeakObjectMapRefPrivate.cpp: 70322 * JavaScriptCore.exp: 70323 * debugger/Debugger.cpp: 70324 * debugger/DebuggerActivation.h: 70325 * debugger/DebuggerCallFrame.cpp: 70326 * interpreter/Interpreter.cpp: 70327 * jit/JITCall32_64.cpp: 70328 * jit/JITOpcodes.cpp: 70329 * jit/JITStubs.cpp: 70330 * profiler/Profiler.cpp: 70331 * runtime/Arguments.cpp: 70332 * runtime/Arguments.h: 70333 * runtime/ArrayConstructor.cpp: 70334 * runtime/ArrayPrototype.cpp: 70335 * runtime/ArrayPrototype.h: 70336 * runtime/BooleanObject.cpp: 70337 * runtime/BooleanObject.h: 70338 * runtime/BooleanPrototype.cpp: 70339 * runtime/DateConstructor.cpp: 70340 * runtime/DateInstance.cpp: 70341 * runtime/DateInstance.h: 70342 * runtime/DatePrototype.cpp: 70343 * runtime/DatePrototype.h: 70344 * runtime/ErrorInstance.cpp: 70345 * runtime/ErrorInstance.h: 70346 * runtime/ErrorPrototype.cpp: 70347 * runtime/FunctionPrototype.cpp: 70348 * runtime/FunctionPrototype.h: 70349 * runtime/GetterSetter.h: 70350 * runtime/GlobalEvalFunction.h: 70351 * runtime/InternalFunction.cpp: 70352 * runtime/InternalFunction.h: 70353 * runtime/JSAPIValueWrapper.h: 70354 * runtime/JSActivation.cpp: 70355 * runtime/JSActivation.h: 70356 * runtime/JSArray.cpp: 70357 * runtime/JSArray.h: 70358 * runtime/JSByteArray.cpp: 70359 * runtime/JSByteArray.h: 70360 * runtime/JSCell.cpp: 70361 * runtime/JSCell.h: 70362 * runtime/JSFunction.cpp: 70363 * runtime/JSFunction.h: 70364 * runtime/JSGlobalData.cpp: 70365 * runtime/JSGlobalObject.cpp: 70366 * runtime/JSGlobalObject.h: 70367 * runtime/JSNotAnObject.h: 70368 * runtime/JSONObject.cpp: 70369 * runtime/JSONObject.h: 70370 * runtime/JSObject.cpp: 70371 * runtime/JSObject.h: 70372 * runtime/JSObjectWithGlobalObject.h: 70373 * runtime/JSPropertyNameIterator.h: 70374 * runtime/JSStaticScopeObject.h: 70375 * runtime/JSString.h: 70376 * runtime/JSVariableObject.h: 70377 * runtime/JSWrapperObject.h: 70378 * runtime/JSZombie.cpp: 70379 * runtime/JSZombie.h: 70380 * runtime/Lookup.cpp: 70381 * runtime/MathObject.cpp: 70382 * runtime/MathObject.h: 70383 * runtime/NativeErrorConstructor.cpp: 70384 * runtime/NativeErrorConstructor.h: 70385 * runtime/NumberConstructor.cpp: 70386 * runtime/NumberConstructor.h: 70387 * runtime/NumberObject.cpp: 70388 * runtime/NumberObject.h: 70389 * runtime/NumberPrototype.cpp: 70390 * runtime/ObjectConstructor.cpp: 70391 * runtime/ObjectPrototype.cpp: 70392 * runtime/RegExpConstructor.cpp: 70393 * runtime/RegExpConstructor.h: 70394 * runtime/RegExpObject.cpp: 70395 * runtime/RegExpObject.h: 70396 * runtime/RegExpPrototype.cpp: 70397 * runtime/ScopeChain.cpp: 70398 * runtime/StringConstructor.cpp: 70399 * runtime/StringObject.cpp: 70400 * runtime/StringObject.h: 70401 * runtime/StringObjectThatMasqueradesAsUndefined.h: 70402 * runtime/StringPrototype.cpp: 70403 * runtime/StringPrototype.h: 70404 * runtime/Structure.cpp: 70405 * runtime/Structure.h: 70406 704072011-02-19 David Kilzer <ddkilzer@apple.com> 70408 70409 <http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc 70410 70411 Reviewed by Dan Bernstein. 70412 70413 * Configurations/Base.xcconfig: Added 70414 JAVASCRIPTCORE_FRAMEWORKS_DIR variable. 70415 * Configurations/JavaScriptCore.xcconfig: Used 70416 JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH. 70417 * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH 70418 for Production configuration of jsc target. 70419 (Copy Into Framework): Removed old build phase. 70420 (Fix Framework Reference): Renamed build phase to "Copy Into 70421 Framework". Added "set -x" call to make the script print the 70422 commands it is running. Added code to exit early for Production 70423 builds since this was never intended for them. Added code to 70424 copy jsc into the JavaScriptCore.framework/Resources directory. 70425 704262011-02-19 Siddharth Mathur <siddharth.mathur@nokia.com> 70427 70428 Reviewed by Laszlo Gombos. 70429 70430 [Symbian] OSAllocator implementation for Symbian OS. 70431 Manages both data and code region requests. V8 and Sunspider tested 70432 OK with interpreter. Not tested with JSC JIT yet as it has unrelated 70433 failures. Also no thread safety yet. 70434 https://bugs.webkit.org/show_bug.cgi?id=51128 70435 70436 * JavaScriptCore.pri: removed HAL linkage 70437 * wtf/Bitmap.h: 70438 (WTF::::findRunOfZeros): find run of zeros in a bitmap. quick n dirty 70439 * wtf/OSAllocator.h: 70440 (WTF::OSAllocator::decommitAndRelease): decommit explicitly 70441 * wtf/OSAllocatorSymbian.cpp: Impl. of OSAllocator interface 70442 (WTF::allocateCodeChunk): utility for code chunks 70443 (WTF::deallocateCodeChunk): utility for code chunks 70444 (WTF::dataAllocatorInstance): getter for data allocator instance 70445 (WTF::OSAllocator::reserveUncommitted): 70446 (WTF::OSAllocator::releaseDecommitted): 70447 (WTF::OSAllocator::commit): 70448 (WTF::OSAllocator::decommit): 70449 (WTF::OSAllocator::reserveAndCommit): 70450 (WTF::PageAllocatorSymbian::PageAllocatorSymbian): maps requests 70451 to one underlying Symbian chunk 70452 (WTF::PageAllocatorSymbian::~PageAllocatorSymbian): 70453 (WTF::PageAllocatorSymbian::reserve): 70454 (WTF::PageAllocatorSymbian::release): 70455 (WTF::PageAllocatorSymbian::commit): 70456 (WTF::PageAllocatorSymbian::decommit): 70457 (WTF::PageAllocatorSymbian::contains): 70458 * wtf/PageAllocatorSymbian.h: Added. 70459 (WTF::SymbianChunk::SymbianChunk): wrapper around RChunk 70460 (WTF::SymbianChunk::~SymbianChunk): 70461 (WTF::SymbianChunk::contains): 70462 704632011-02-19 Yong Li <yoli@rim.com> 70464 70465 Reviewed by Eric Seidel. 70466 70467 https://bugs.webkit.org/show_bug.cgi?id=54687 70468 When being built with armcc, "int" bit fields are treated as 70469 unsigned integers, which will fail the comparisons like "m_offset == -1". 70470 Using "signed" fixes the problem. 70471 70472 * assembler/ARMAssembler.h: 70473 * assembler/ARMv7Assembler.h: 70474 704752011-02-18 Geoffrey Garen <ggaren@apple.com> 70476 70477 Reviewed by Sam Weinig. 70478 70479 Made MarkedSpace block iteration size-class agnostic 70480 https://bugs.webkit.org/show_bug.cgi?id=54792 70481 70482 SunSpider reports no change. 70483 70484 * runtime/MarkedSpace.cpp: 70485 (JSC::MarkedSpace::clearMarks): 70486 (JSC::MarkedSpace::sweep): 70487 (JSC::MarkedSpace::objectCount): 70488 (JSC::MarkedSpace::size): 70489 (JSC::MarkedSpace::capacity): 70490 * runtime/MarkedSpace.h: 70491 (JSC::MarkedSpace::forEach): Iterate blocks in hashing order instead of 70492 size class list order. This is a much simpler convention in a world 70493 of many different size classes. 70494 704952011-02-18 Kristian Amlie <kristian.amlie@nokia.com> 70496 70497 Reviewed by Andreas Kling. 70498 70499 Added friend exception to Qt platform, which also compiles Windows. 70500 70501 QtWebKit fails to compile on Windows XP with msvc-2008 70502 https://bugs.webkit.org/show_bug.cgi?id=54746 70503 70504 * bytecode/CodeBlock.h: 70505 * runtime/RegExpObject.h: 70506 705072011-02-18 Geoffrey Garen <ggaren@apple.com> 70508 70509 (Rolled back in r79022 with crash fixed.) 70510 70511 Reviewed by Sam Weinig. 70512 70513 Use hashing instead of linear search in the conservative pointer test 70514 https://bugs.webkit.org/show_bug.cgi?id=54767 70515 70516 SunSpider reports no change. 70517 70518 * runtime/MarkedSpace.cpp: 70519 (JSC::MarkedSpace::destroy): No need to explicitly clear the blocks array, 70520 since freeBlock removes items for us. 70521 70522 (JSC::MarkedSpace::freeBlock): Fixed a typo that always removed the last 70523 block from the block set instead of the block being freed. Changed to 70524 remove a block from our data structures before deallocating it, since 70525 this is slightly cleaner. 70526 70527 * runtime/MarkedSpace.h: 70528 (JSC::MarkedSpace::contains): Variable-sized objects will use more, 70529 smaller blocks, so it's important for the contains check not to be O(n) 70530 in the number of blocks. 70531 705322011-02-18 chris reiss <christopher.reiss@nokia.com> 70533 70534 Reviewed by Andreas Kling. 70535 70536 REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN 70537 https://bugs.webkit.org/show_bug.cgi?id=49989 70538 70539 updated test fast/js/script-tests/date-parse-test.js 70540 70541 * wtf/DateMath.cpp: 70542 (WTF::parseDateFromNullTerminatedCharacters): 70543 705442011-02-18 Sheriff Bot <webkit.review.bot@gmail.com> 70545 70546 Unreviewed, rolling out r79022. 70547 http://trac.webkit.org/changeset/79022 70548 https://bugs.webkit.org/show_bug.cgi?id=54775 70549 70550 It broke the whole world (Requested by Ossy on #webkit). 70551 70552 * runtime/MarkedSpace.h: 70553 (JSC::MarkedSpace::contains): 70554 705552011-02-18 Yael Aharon <yael.aharon@nokia.com> 70556 70557 Reviewed by Dave Hyatt. 70558 70559 Add support for dir=auto 70560 https://bugs.webkit.org/show_bug.cgi?id=50916 70561 70562 Change defaultWritingDirection() to return if the writing direction 70563 was determined from a letter with strong directionality or not. 70564 70565 * JavaScriptCore.exp: 70566 * JavaScriptCore.order: 70567 * wtf/text/StringImpl.cpp: 70568 (WTF::StringImpl::defaultWritingDirection): 70569 * wtf/text/StringImpl.h: 70570 * wtf/text/WTFString.h: 70571 (WTF::String::defaultWritingDirection): 70572 705732011-02-18 Geoffrey Garen <ggaren@apple.com> 70574 70575 Reviewed by Sam Weinig. 70576 70577 Use hashing instead of linear search in the conservative pointer test 70578 https://bugs.webkit.org/show_bug.cgi?id=54767 70579 70580 SunSpider reports no change. 70581 70582 * runtime/MarkedSpace.h: 70583 (JSC::MarkedSpace::contains): Variable-sized objects will use more, 70584 smaller blocks, so it's important for the contains check not to be O(n) 70585 in the number of blocks. 70586 705872011-02-18 Geoffrey Garen <ggaren@apple.com> 70588 70589 Reviewed by Sam Weinig. 70590 70591 Tightened some usage accounting code in MarkedSpace 70592 https://bugs.webkit.org/show_bug.cgi?id=54761 70593 70594 SunSpider reports no change. 70595 70596 * runtime/Heap.cpp: 70597 (JSC::Heap::Heap): Initialize the marked space high water mark on 70598 construction, instead of relying on some implicit subtleties to make 70599 not initializing it work out OK. 70600 70601 * runtime/Heap.h: Fixed up includes. 70602 70603 * runtime/MarkedBlock.h: Made firstAtom() static so clients can call it 70604 even without having allocated a block. 70605 70606 * runtime/MarkedSpace.cpp: 70607 (JSC::MarkedSpace::MarkedSpace): Don't pre-allocate a block, since this 70608 would be prohibitively expensive with multiple size classes. 70609 70610 (JSC::MarkedSpace::allocateBlock): 70611 (JSC::MarkedSpace::freeBlock): Track allocated blocks in a hash set, 70612 since linear search in the contains check will be prohibitively 70613 expensive once we're using lots of smaller blocks. 70614 70615 (JSC::MarkedSpace::allocate): Don't assume that we always have a block 70616 allocated, since we don't anymore. (See above.) 70617 70618 (JSC::MarkedSpace::reset): 70619 * runtime/MarkedSpace.h: Updated for changes mentioned above. 70620 706212011-02-17 Geoffrey Garen <ggaren@apple.com> 70622 70623 Reviewed by Sam Weinig. 70624 70625 Made object allocation secretly variable-sized (Shhhh!) 70626 https://bugs.webkit.org/show_bug.cgi?id=54721 70627 70628 SunSpider reports no change. 70629 70630 Internally, MarkedBlock now makes variable-sized allocations, even 70631 though MarkedSpace doesn't take advantage of this yet. 70632 70633 * runtime/MarkedBlock.cpp: 70634 (JSC::MarkedBlock::MarkedBlock): No need to ASSERT that allocations are 70635 fixed-sized. 70636 70637 * runtime/MarkedBlock.h: Shrunk the atom size so we can allocate things 70638 that are not multiples of 64 bytes. 70639 706402011-02-17 Geoffrey Garen <ggaren@apple.com> 70641 70642 Reviewed by Sam Weinig. 70643 70644 Fixed some math errors when when using variable-sized cells 70645 https://bugs.webkit.org/show_bug.cgi?id=54717 70646 70647 SunSpider reports no change. 70648 70649 Computer Science Barbie says, "Math is not so hard afterall!" 70650 70651 * runtime/JSCell.h: 70652 (JSC::JSCell::MarkedBlock::allocate): Round up when calculating the 70653 minimum number of atoms required for a cell, since rounding down 70654 will get you splinched. 70655 70656 * runtime/MarkedBlock.cpp: 70657 (JSC::MarkedBlock::MarkedBlock): 70658 (JSC::MarkedBlock::sweep): 70659 * runtime/MarkedBlock.h: 70660 (JSC::MarkedBlock::forEach): Changed a bunch of != tests to < tests 70661 because m_endAtom is actually a fuzzy end -- iterating from firstAtom() 70662 may not hit m_endAtom exactly. 70663 706642011-02-17 Geoffrey Garen <ggaren@apple.com> 70665 70666 Reviewed by Sam Weinig. 70667 70668 A little more abstraction for MarkedSpace::contains 70669 https://bugs.webkit.org/show_bug.cgi?id=54715 70670 70671 * runtime/MarkedBlock.h: 70672 (JSC::MarkedBlock::contains): Added a contains function, so MarkedSpace 70673 doesn't have to know how MarkedBlock tracks containment internally. 70674 70675 * runtime/MarkedSpace.h: 70676 (JSC::MarkedSpace::contains): Call through to MarkedBlock to figure out 70677 if a cell that seems to be in a block is valid. 70678 706792011-02-17 Geoffrey Garen <ggaren@apple.com> 70680 70681 Reviewed by Sam Weinig. 70682 70683 Removed the invariant that the last cell in a block is always marked 70684 https://bugs.webkit.org/show_bug.cgi?id=54713 70685 70686 SunSpider reports no change. 70687 70688 This adds one branch to allocation, but simplifies the mark invariant, 70689 especially in a world of variable-sized cells. Now, it really is true 70690 that any cell whose mark bit is set is a valid, live cell whose 70691 constructor has run and whose destructor has not run. 70692 70693 * runtime/JSCell.h: 70694 (JSC::JSCell::MarkedBlock::allocate): Changed this do-while into a while 70695 since we can no longer rely on a set mark bit to break out of this loop 70696 before it reaches the end of the block. 70697 70698 * runtime/MarkedBlock.cpp: 70699 (JSC::MarkedBlock::MarkedBlock): 70700 (JSC::MarkedBlock::sweep): 70701 * runtime/MarkedBlock.h: 70702 (JSC::MarkedBlock::isEmpty): 70703 (JSC::MarkedBlock::clearMarks): 70704 (JSC::MarkedBlock::markCount): 70705 (JSC::MarkedBlock::forEach): No need to set a special last mark bit. 70706 707072011-02-17 Sheriff Bot <webkit.review.bot@gmail.com> 70708 70709 Unreviewed, rolling out r78856 and r78907. 70710 http://trac.webkit.org/changeset/78856 70711 http://trac.webkit.org/changeset/78907 70712 https://bugs.webkit.org/show_bug.cgi?id=54705 70713 70714 These seem to break tests on 32-bit builds. (Requested by 70715 aroben on #webkit). 70716 70717 * JavaScriptCore.xcodeproj/project.pbxproj: 70718 * collector/handles/Global.h: 70719 (JSC::Global::internalSet): 70720 * collector/handles/Handle.h: 70721 (JSC::HandleTypes::getFromSlot): 70722 (JSC::HandleTypes::toJSValue): 70723 (JSC::HandleTypes::validateUpcast): 70724 (JSC::HandleConverter::operator->): 70725 (JSC::HandleConverter::operator*): 70726 (JSC::Handle::Handle): 70727 (JSC::Handle::get): 70728 * runtime/JSArray.cpp: 70729 (JSC::JSArray::sortNumeric): 70730 * runtime/JSObject.h: 70731 (JSC::JSObject::inlineGetOwnPropertySlot): 70732 * runtime/SlotAccessor.h: Removed. 70733 * runtime/WeakGCPtr.h: 70734 (JSC::WeakGCPtr::get): 70735 (JSC::WeakGCPtr::internalSet): 70736 * runtime/WriteBarrier.h: 70737 (JSC::DeprecatedPtr::DeprecatedPtr): 70738 (JSC::DeprecatedPtr::get): 70739 (JSC::DeprecatedPtr::operator*): 70740 (JSC::DeprecatedPtr::operator->): 70741 (JSC::DeprecatedPtr::slot): 70742 (JSC::DeprecatedPtr::operator UnspecifiedBoolType*): 70743 (JSC::DeprecatedPtr::operator!): 70744 (JSC::WriteBarrierBase::set): 70745 (JSC::WriteBarrierBase::get): 70746 (JSC::WriteBarrierBase::operator*): 70747 (JSC::WriteBarrierBase::operator->): 70748 (JSC::WriteBarrierBase::clear): 70749 (JSC::WriteBarrierBase::slot): 70750 (JSC::WriteBarrierBase::operator UnspecifiedBoolType*): 70751 (JSC::WriteBarrierBase::operator!): 70752 (JSC::WriteBarrierBase::setWithoutWriteBarrier): 70753 (JSC::WriteBarrier::WriteBarrier): 70754 707552011-02-17 Csaba Osztrogonác <ossy@webkit.org> 70756 70757 Unreviewed. 70758 70759 [Qt] Buildfix. 70760 70761 * wtf/RetainPtr.h: Add missing PLATFORM(CF) guard. 70762 707632011-02-17 Geoffrey Garen <ggaren@apple.com> 70764 70765 Reviewed by Oliver Hunt. 70766 70767 Made MarkedBlock variable-sized 70768 https://bugs.webkit.org/show_bug.cgi?id=54692 70769 70770 SunSpider reports no change. 70771 70772 Each MarkedBlock is now composed of a set of fixed-sized atoms, with one 70773 mark bit per atom. A given cell may be composed of one or more atoms. 70774 70775 * runtime/Heap.cpp: 70776 (JSC::Heap::allocate): Made fixed-sizedness a property of MarkedSpace, 70777 bubbling it up from MarkedBlock, since MarkedBlock now supports variable- 70778 sizedness. 70779 70780 * runtime/JSCell.h: 70781 (JSC::JSCell::MarkedBlock::allocate): Removed use of CELLS_PER_BLOCK and 70782 (implicit) one constants -- these quantities are not constant anymore. 70783 Updated for switch from cell to atom. 70784 70785 * runtime/MarkedBlock.cpp: 70786 (JSC::MarkedBlock::create): 70787 (JSC::MarkedBlock::destroy): 70788 (JSC::MarkedBlock::MarkedBlock): 70789 (JSC::MarkedBlock::sweep): 70790 * runtime/MarkedBlock.h: 70791 (JSC::MarkedBlock::firstAtom): 70792 (JSC::MarkedBlock::atoms): 70793 (JSC::MarkedBlock::isAtomAligned): 70794 (JSC::MarkedBlock::blockFor): 70795 (JSC::MarkedBlock::isEmpty): 70796 (JSC::MarkedBlock::clearMarks): 70797 (JSC::MarkedBlock::size): 70798 (JSC::MarkedBlock::capacity): 70799 (JSC::MarkedBlock::atomNumber): 70800 (JSC::MarkedBlock::isMarked): 70801 (JSC::MarkedBlock::testAndSetMarked): 70802 (JSC::MarkedBlock::setMarked): 70803 (JSC::MarkedBlock::forEach): Same as above. Also removed use of CELL_SIZE 70804 and BLOCK_SIZE, and switched away from calling arbitrary pointers cells. 70805 70806 * runtime/MarkedSpace.cpp: 70807 (JSC::MarkedSpace::MarkedSpace): 70808 (JSC::MarkedSpace::allocateBlock): 70809 (JSC::MarkedSpace::allocate): 70810 (JSC::MarkedSpace::reset): 70811 * runtime/MarkedSpace.h: 70812 (JSC::CollectorHeap::CollectorHeap): 70813 (JSC::MarkedSpace::contains): Updated for renames. Made fixed-sizedness 70814 a property of MarkedSpace. 70815 708162011-02-17 Oliver Hunt <oliver@apple.com> 70817 70818 Attempt to fix windows build 70819 70820 * runtime/WriteBarrier.h: 70821 708222011-02-17 Oliver Hunt <oliver@apple.com> 70823 70824 Reviewed by Geoffrey Garen. 70825 70826 Refactor WriteBarrier and DeprecatedPtr to have less code duplication. 70827 https://bugs.webkit.org/show_bug.cgi?id=54608 70828 70829 Make use of the tricks used for Handle, et al to avoid duplicating all 70830 of the logic for DeprecatedPtr and WriteBarrier simply to support known 70831 vs. unknown types. 70832 70833 * JavaScriptCore.xcodeproj/project.pbxproj: 70834 * collector/handles/Global.h: 70835 (JSC::Global::internalSet): 70836 * collector/handles/Handle.h: 70837 (JSC::Handle::Handle): 70838 (JSC::Handle::get): 70839 * runtime/JSArray.cpp: 70840 (JSC::JSArray::sortNumeric): 70841 * runtime/JSObject.h: 70842 (JSC::JSObject::inlineGetOwnPropertySlot): 70843 * runtime/SlotAccessor.h: Added. 70844 (JSC::SlotTypes::getFromBaseType): 70845 (JSC::SlotTypes::convertToBaseType): 70846 (JSC::SlotTypes::getFromSlot): 70847 (JSC::SlotTypes::toJSValue): 70848 (JSC::SlotTypes::validateUpcast): 70849 (JSC::SlotAccessor::operator->): 70850 (JSC::SlotAccessor::operator*): 70851 * runtime/WeakGCPtr.h: 70852 (JSC::WeakGCPtr::get): 70853 (JSC::WeakGCPtr::internalSet): 70854 * runtime/WriteBarrier.h: 70855 (JSC::DeprecatedPtr::DeprecatedPtr): 70856 (JSC::DeprecatedPtr::get): 70857 (JSC::DeprecatedPtr::slot): 70858 (JSC::DeprecatedPtr::operator=): 70859 (JSC::WriteBarrierTranslator::convertToStorage): 70860 (JSC::WriteBarrierTranslator::convertFromStorage): 70861 (JSC::WriteBarrierBase::set): 70862 (JSC::WriteBarrierBase::get): 70863 (JSC::WriteBarrierBase::clear): 70864 (JSC::WriteBarrierBase::slot): 70865 (JSC::WriteBarrierBase::operator UnspecifiedBoolType*): 70866 (JSC::WriteBarrierBase::operator!): 70867 (JSC::WriteBarrierBase::setWithoutWriteBarrier): 70868 (JSC::WriteBarrier::WriteBarrier): 70869 708702011-02-17 Kevin Ollivier <kevino@theolliviers.com> 70871 70872 [wx] Revert incorrect blind fix and restore previous working code. 70873 70874 * wtf/wx/StringWx.cpp: 70875 (WTF::String::String): 70876 708772011-02-16 Geoffrey Garen <ggaren@apple.com> 70878 70879 Reviewed by Maciej Stachowiak. 70880 70881 Intermittent crashes beneath MarkStack::drain 70882 https://bugs.webkit.org/show_bug.cgi?id=54614 70883 <rdar://problem/8971070> 70884 70885 The crashes were caused by a GC happening after the global object's 70886 property table had grown (due to compilation), but before the properties 70887 had been fully initialized by program execution. 70888 70889 * bytecompiler/BytecodeGenerator.cpp: 70890 (JSC::BytecodeGenerator::BytecodeGenerator): Explicitly resize the global 70891 object's register storage immediately, without waiting for program 70892 execution to do it for us. This ensures that the global object's count 70893 of global variables is consistent with the size of its global variable 70894 storage at all times, and it ensures that all global variables are 70895 properly initialized from the get-go. 70896 70897 * runtime/JSGlobalObject.cpp: 70898 (JSC::JSGlobalObject::resizeRegisters): 70899 * runtime/JSGlobalObject.h: Added a helper function for growing the 70900 global object's register storage, and initializing new registers. 70901 70902== Rolled over to ChangeLog-2011-02-16 == 70903