12014-07-18 Dana Burkart <dburkart@apple.com> 2 3 Manually merged patch 4 5 2014-02-21 Mark Lam <mark.lam@apple.com> 6 7 gatherFromOtherThread() needs to align the sp before gathering roots. 8 <https://webkit.org/b/129169> 9 10 The GC scans the stacks of other threads using MachineThreads::gatherFromOtherThread(). 11 gatherFromOtherThread() defines the range of the other thread's stack as 12 being bounded by the other thread's stack pointer and stack base. While 13 the stack base will always be aligned to sizeof(void*), the stack pointer 14 may not be. This is because the other thread may have just pushed a 32-bit 15 value on its stack before we suspended it for scanning. 16 17 The fix is to round the stack pointer up to the next aligned address of 18 sizeof(void*) and start scanning from there. On 64-bit systems, we will 19 effectively ignore the 32-bit word at the bottom of the stack (top of the 20 stack for stacks growing up) because it cannot be a 64-bit pointer anyway. 21 Pointers should always be stored on 64-bit aligned boundaries (our 22 conservative scan algorithm already depends on this assumption). 23 24 On 32-bit systems, the rounding is effectively a no-op. 25 26 * heap/MachineStackMarker.cpp: 27 (JSC::MachineThreads::gatherFromOtherThread): 28 292014-05-23 Dana Burkart <dburkart@apple.com> 30 31 Merge r167832 32 33 2014-04-25 Oliver Hunt <oliver@apple.com> 34 35 Need earlier cell test 36 https://bugs.webkit.org/show_bug.cgi?id=132211 37 38 Reviewed by Mark Lam. 39 40 Move cell test to before the function call repatch 41 location, as the repatch logic for 32bit assumes that the 42 caller will already have performed a cell check. 43 44 * jit/JITCall32_64.cpp: 45 (JSC::JIT::compileOpCall): 46 472014-05-22 Dana Burkart <dburkart@apple.com> 48 49 Merge r165162 50 51 2014-03-05 Mark Lam <mark.lam@apple.com> 52 53 llint_slow_path_check_has_instance() should not adjust PC before accessing operands. 54 <https://webkit.org/b/129768> 55 56 Reviewed by Mark Hahnenberg. 57 58 When evaluating "a instanceof b" where b is an object that ImplementsHasInstance 59 and OverridesHasInstance (e.g. a bound function), the LLINT will take the slow 60 path llint_slow_path_check_has_instance(), and execute a code path that does the 61 following: 62 1. Adjusts the byte code PC to the jump target PC. 63 2. For the purpose of storing the result, get the result registerIndex from the 64 1st operand using the PC as if the PC is still pointing to op_check_has_instance 65 bytecode. 66 67 The result is that whatever value resides after where the jump target PC is will 68 be used as a result register value. Depending on what that value is, the result 69 can be: 70 1. the code coincidently works correctly 71 2. memory corruption 72 3. crashes 73 74 The fix is to only adjust the byte code PC after we have stored the result. 75 76 * llint/LLIntSlowPaths.cpp: 77 (llint_slow_path_check_has_instance): 78 792014-05-02 Matthew Hanson <matthew_hanson@apple.com> 80 81 Merge r167548. 82 83 2014-04-19 Filip Pizlo <fpizlo@apple.com> 84 85 Make it easier to check if an integer sum would overflow 86 https://bugs.webkit.org/show_bug.cgi?id=131900 87 88 Reviewed by Darin Adler. 89 90 * dfg/DFGOperations.cpp: 91 * runtime/Operations.h: 92 (JSC::jsString): 93 942014-05-02 Matthew Hanson <matthew_hanson@apple.com> 95 96 Merge r167544. 97 98 2014-04-19 Filip Pizlo <fpizlo@apple.com> 99 100 Address some feedback on https://bugs.webkit.org/show_bug.cgi?id=130684. 101 102 * dfg/DFGOperations.cpp: 103 * runtime/JSString.h: 104 (JSC::JSRopeString::RopeBuilder::append): 105 1062014-05-02 Matthew Hanson <matthew_hanson@apple.com> 107 108 Merge r167354. 109 110 2014-04-16 Filip Pizlo <fpizlo@apple.com> 111 112 Unreviewed, ARMv7 build fix after r167336. 113 114 * assembler/MacroAssemblerARMv7.h: 115 (JSC::MacroAssemblerARMv7::branchAdd32): 116 1172014-05-02 Matthew Hanson <matthew_hanson@apple.com> 118 119 Merge r167336. 120 121 2014-04-15 Filip Pizlo <fpizlo@apple.com> 122 123 compileMakeRope does not emit necessary bounds checks 124 https://bugs.webkit.org/show_bug.cgi?id=130684 125 <rdar://problem/16398388> 126 127 Reviewed by Oliver Hunt. 128 129 Add string length bounds checks in a bunch of places. We should never allow a string 130 to have a length greater than 2^31-1 because it's not clear that the language has 131 semantics for it and because there is code that assumes that this cannot happen. 132 133 Also add a bunch of tests to that effect to cover the various ways in which this was 134 previously allowed to happen. 135 136 * dfg/DFGOperations.cpp: 137 * dfg/DFGSpeculativeJIT.cpp: 138 (JSC::DFG::SpeculativeJIT::compileMakeRope): 139 * ftl/FTLLowerDFGToLLVM.cpp: 140 (JSC::FTL::LowerDFGToLLVM::compileMakeRope): 141 * runtime/JSString.cpp: 142 (JSC::JSRopeString::RopeBuilder::expand): 143 * runtime/JSString.h: 144 (JSC::JSString::create): 145 (JSC::JSRopeString::RopeBuilder::append): 146 (JSC::JSRopeString::RopeBuilder::release): 147 (JSC::JSRopeString::append): 148 * runtime/Operations.h: 149 (JSC::jsString): 150 (JSC::jsStringFromRegisterArray): 151 (JSC::jsStringFromArguments): 152 * runtime/StringPrototype.cpp: 153 (JSC::stringProtoFuncIndexOf): 154 (JSC::stringProtoFuncSlice): 155 (JSC::stringProtoFuncSubstring): 156 (JSC::stringProtoFuncToLowerCase): 157 * tests/stress/make-large-string-jit-strcat.js: Added. 158 (foo): 159 * tests/stress/make-large-string-jit.js: Added. 160 (foo): 161 * tests/stress/make-large-string-strcat.js: Added. 162 * tests/stress/make-large-string.js: Added. 163 1642014-03-19 Matthew Hanson <matthew_hanson@apple.com> 165 166 Merge r165902. 167 168 2014-03-12 Mark Lam <mark.lam@apple.com> 169 170 Update type of local vars to match the type of String length. 171 <https://webkit.org/b/130077> 172 173 Reviewed by Geoffrey Garen. 174 175 * runtime/JSStringJoiner.cpp: 176 (JSC::JSStringJoiner::join): 177 1782014-03-06 Mark Lam <mark.lam@apple.com> 179 180 Merge r164077, r164089: <rdar://problem/16136637> 181 182 2014-02-13 Mark Lam <mark.lam@apple.com> 183 184 The JSContainerConvertor and ObjcContainerConvertor need to protect JSValueRefs. Part 2. 185 <https://webkit.org/b/128764> 186 187 Reviewed by Mark Hahnenberg. 188 189 toJS() is the wrong cast function to use. We need to use toJSForGC() instead. 190 Also we need to acquire the JSLock to prevent concurrent accesses to the 191 Strong handle list. 192 193 * API/JSValue.mm: 194 (JSContainerConvertor::add): 195 (containerValueToObject): 196 (ObjcContainerConvertor::add): 197 (objectToValue): 198 199 2014-02-13 Mark Lam <mark.lam@apple.com> 200 201 The JSContainerConvertor and ObjcContainerConvertor need to protect JSValueRefs. 202 <https://webkit.org/b/128764> 203 204 Reviewed by Mark Hahnenberg. 205 206 Added a vector of Strong<Unknown> references in the 2 containers, and append 207 the newly created JSValues to those vectors. This will keep all those JS objects 208 alive for the duration of the conversion. 209 210 * API/JSValue.mm: 211 (JSContainerConvertor::add): 212 (ObjcContainerConvertor::add): 213 2142014-03-03 Brent Fulgham <bfulgham@apple.com> 215 216 Unreviewed build fix. 217 <rdar://problem/16197002> 218 219 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Exclude 64-bit assembly code when building 220 32-bit DebugSuffix target. 221 2222014-02-28 Brent Fulgham <bfulgham@apple.com> 223 224 Unreviewed build fix. 225 <rdar://problem/16197002> 226 227 * JavaScriptCore.vcxproj/JavaScriptCore.proj: Remove trailing 228 slash from path names, as this was causing multiple arguments 229 to be concatenated together (the whitespace was getting escaped 230 by the slash.) 231 2322014-01-27 Brent Fulgham <bfulgham@apple.com> 233 234 Merge r162723. 235 236 2014-01-24 Brent Fulgham <bfulgham@apple.com> 237 238 [Win] Convert some NMake files to MSBuild project files 239 https://bugs.webkit.org/show_bug.cgi?id=127579 240 241 Reviewed by Tim Horton. 242 243 * JavaScriptCore.vcxproj/JavaScriptCore.make: Removed. 244 * JavaScriptCore.vcxproj/JavaScriptCore.proj: Added. 245 2462014-01-27 Brent Fulgham <bfulgham@apple.com> 247 248 Merge r154513, r154354. 249 250 2013-08-23 Alex Christensen <alex.christensen@flexsim.com> 251 252 Re-separating Win32 and Win64 builds. 253 https://bugs.webkit.org/show_bug.cgi?id=120178 254 255 Reviewed by Brent Fulgham. 256 257 * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: 258 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make: 259 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make: 260 Pass PlatformArchitecture as a command line parameter to bash scripts. 261 * JavaScriptCore.vcxproj/copy-files.cmd: Use correct architecture 262 for build conditions. 263 * JavaScriptCore.vcxproj/jsc/jscCommon.props: Ditto 264 * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: Ditto 265 2662014-01-23 Brent Fulgham <bfulgham@apple.com> 267 268 Merge r162621 269 270 2014-01-22 Brent Fulgham <bfulgham@apple.com> 271 272 [Win] Update project and solution files for 64-bit builds. 273 https://bugs.webkit.org/show_bug.cgi?id=127457 274 275 Reviewed by Eric Carlson. 276 277 * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add 64-bit target. 278 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Specify v100 target 279 for all builds on this branch. 280 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing 281 file from project view. 282 * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Specify v100 target for 283 all builds on this branch. 284 * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto 285 * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto 286 2872014-01-22 Brent Fulgham <bfulgham@apple.com> 288 289 Merge r157607 290 291 2013-10-17 Alex Christensen <achristensen@webkit.org> 292 293 Run JavaScriptCore tests again on Windows. 294 https://bugs.webkit.org/show_bug.cgi?id=122787 295 296 Reviewed by Tim Horton. 297 298 * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added. 299 * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581. 300 3012013-12-23 Matthew Hanson <matthew_hanson@apple.com> 302 303 Merge 161003: <rdar://problem/15719584> 304 305 2013-12-23 Lucas Forschler <lforschler@apple.com> 306 307 <rdar://problem/15682948> Update copyright strings 308 309 Reviewed by Dan Bernstein. 310 311 * Info.plist: 312 * JavaScriptCore.vcxproj/JavaScriptCore.resources/Info.plist: 313 3142013-12-17 Matthew Hanson <matthew_hanson@apple.com> 315 316 Merge the patch attached to <rdar://problem/15684269> 317 318 2013-10-07 Oliver Hunt <oliver@apple.com> 319 320 PutGlobalProperty doesn't kill specialised values 321 322 Reviewed by Geoff Garen. 323 324 When we're generating instructions to change a global property 325 we just pre-emptively despecialise it. 326 327 * runtime/JSScope.cpp: 328 (JSC::JSScope::resolveContainingScopeInternal): 329 3302013-12-11 Matthew Hanson <matthew_hanson@apple.com> 331 332 Merge r154513 333 334 2013-08-23 Alex Christensen <achristensen@apple.com> 335 336 Re-separating Win32 and Win64 builds. 337 https://bugs.webkit.org/show_bug.cgi?id=120178 338 339 Reviewed by Brent Fulgham. 340 341 * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: 342 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make: 343 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make: 344 Pass PlatformArchitecture as a command line parameter to bash scripts. 345 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: 346 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: 347 * JavaScriptCore.vcxproj/build-generated-files.sh: 348 Use PlatformArchitecture from command line to determine which object directory to use (obj32 or obj64). 349 3502013-12-11 Matthew Hanson <matthew_hanson@apple.com> 351 352 Merge 156934. 353 354 2013-10-04 Brent Fulgham <bfulgham@apple.com> 355 356 Silence compiler warning when building 64-bit (on Windows) 357 358 Reviewed by Geoffrey Garen. 359 360 * jit/JSInterfaceJIT.h: Add a static cast for assignment. 361 3622013-12-10 Matthew Hanson <matthew_hanson@apple.com> 363 364 Merge 154333 365 366 2013-08-20 Alex Christensen <achristensen@apple.com> 367 368 Use PlatformArchitecture to distinguish between 32-bit and 64-bit builds on Windows. 369 https://bugs.webkit.org/show_bug.cgi?id=119512 370 371 Reviewed by Brent Fulgham. 372 373 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: 374 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: 375 * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: 376 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: 377 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: 378 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: 379 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: 380 Replaced obj32, bin32, and lib32 with macros for 64-bit build. 381 3822013-12-10 Matthew Hanson <matthew_hanson@apple.com> 383 384 Merge 152982 385 386 2013-07-22 Alex Christensen <achristensen@apple.com> 387 388 Added assembly files to Windows 64-bit builds. 389 https://bugs.webkit.org/show_bug.cgi?id=118931 390 391 Reviewed by Brent Fulgham. 392 393 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added JITStubsMSVC64.asm for x64 and enabled MASM. 394 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added JITStubsMSVC64.asm. 395 3962013-12-10 Matthew Hanson <matthew_hanson@apple.com> 397 398 Merge 152921 399 400 2013-07-19 Alex Christensen <achristensen@apple.com> 401 402 Added x64 configuration to Visual Studio build. 403 https://bugs.webkit.org/show_bug.cgi?id=118888 404 405 Reviewed by Brent Fulgham. 406 407 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: 408 * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: 409 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: 410 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: 411 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: 412 * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: 413 * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: 414 * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: 415 4162013-11-08 Lucas Forschler <lforschler@apple.com> 417 418 Merge r158882 419 420 2013-11-07 Roger Fong <roger_fong@apple.com> 421 422 Rollout part of r146669 which caused a performance regression. 423 <rdar://problem/15265457>. 424 425 Rubberstamped by Filip Pizlo. 426 427 * jit/JITStubs.cpp: 428 (JSC::DEFINE_STUB_FUNCTION): 429 4302013-10-28 Lucas Forschler <lforschler@apple.com> 431 432 Merge r157830 433 434 2013-10-22 Geoffrey Garen <ggaren@apple.com> 435 436 REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't! 437 https://bugs.webkit.org/show_bug.cgi?id=123179 438 439 Reviewed by Mark Hahnenberg. 440 441 * parser/NodeConstructors.h: 442 (JSC::LogicalOpNode::LogicalOpNode): 443 * parser/ResultType.h: 444 (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean. 445 This is JavaScript (aka Sparta). 446 4472013-10-28 Brent Fulgham <bfulgham@apple.com> 448 449 Debug build correction after r158124. 450 451 * runtime/JSObject.h: 452 (JSC::JSObject::setStructure): Use external hasIndexingHeader function since 453 the member function did not exist at the time of this branch. 454 4552013-10-28 Lucas Forschler <lforschler@apple.com> 456 457 Merge r157830 458 459 2013-10-22 Geoffrey Garen <ggaren@apple.com> 460 461 REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't! 462 https://bugs.webkit.org/show_bug.cgi?id=123179 463 464 Reviewed by Mark Hahnenberg. 465 466 * parser/NodeConstructors.h: 467 (JSC::LogicalOpNode::LogicalOpNode): 468 * parser/ResultType.h: 469 (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean. 470 This is JavaScript (aka Sparta). 471 4722013-10-28 Lucas Forschler <lforschler@apple.com> 473 474 Merge r156302 475 476 2013-09-23 Patrick Gansterer <paroga@webkit.org> 477 478 use NOMINMAX instead of #define min min 479 https://bugs.webkit.org/show_bug.cgi?id=73563 480 481 Reviewed by Brent Fulgham. 482 483 Use NOMINMAX instead of #define min/max as a cleaner 484 way of ensuring that Windows system header files don't 485 define min/max as macro in the first place. 486 487 * config.h: 488 4892013-10-28 Lucas Forschler <lforschler@apple.com> 490 491 Merge r154366 492 493 2013-08-20 Mark Hahnenberg <mhahnenberg@apple.com> 494 495 <https://webkit.org/b/120079> Flattening a dictionary can cause CopiedSpace corruption 496 497 Reviewed by Oliver Hunt. 498 499 When we flatten an object in dictionary mode, we compact its properties. If the object 500 had out-of-line storage in the form of a Butterfly prior to this compaction, and after 501 compaction its properties fit inline, the object's Structure "forgets" that the object 502 has a non-zero Butterfly pointer. During GC, we check the Butterfly and reportLiveBytes 503 with bytes = 0, which causes all sorts of badness in CopiedSpace. 504 505 Instead, after we flatten a dictionary, if properties fit inline we should clear the 506 Butterfly pointer so that the GC doesn't get confused later. 507 508 This patch does this clearing, and it also adds JSObject::checkStructure, which overrides 509 JSCell::checkStructure to add an ASSERT that makes sure that the Structure being assigned 510 agrees with the whether or not the object has a Butterfly. Also added an ASSERT to check 511 that the number of bytes reported to SlotVisitor::copyLater is non-zero. 512 513 * heap/SlotVisitorInlines.h: 514 (JSC::SlotVisitor::copyLater): 515 * runtime/JSObject.cpp: 516 (JSC::JSObject::notifyPresenceOfIndexedAccessors): 517 (JSC::JSObject::convertUndecidedToInt32): 518 (JSC::JSObject::convertUndecidedToDouble): 519 (JSC::JSObject::convertUndecidedToContiguous): 520 (JSC::JSObject::convertInt32ToDouble): 521 (JSC::JSObject::convertInt32ToContiguous): 522 (JSC::JSObject::genericConvertDoubleToContiguous): 523 (JSC::JSObject::switchToSlowPutArrayStorage): 524 (JSC::JSObject::setPrototype): 525 (JSC::JSObject::putDirectAccessor): 526 (JSC::JSObject::seal): 527 (JSC::JSObject::freeze): 528 (JSC::JSObject::preventExtensions): 529 (JSC::JSObject::reifyStaticFunctionsForDelete): 530 (JSC::JSObject::removeDirect): 531 * runtime/JSObject.h: 532 (JSC::JSObject::setButterfly): 533 (JSC::JSObject::putDirectInternal): 534 (JSC::JSObject::setStructure): 535 (JSC::JSObject::setStructureAndReallocateStorageIfNecessary): 536 * runtime/Structure.cpp: 537 (JSC::Structure::flattenDictionaryStructure): 538 5392013-10-28 Mark Lam <mark.lam@apple.com> 540 541 Merge r155471. 542 https://bugs.webkit.org/show_bug.cgi?id=123409. 543 544 Reviewed by Geoffrey Garen. 545 546 Re-implemented fix based on the frame iteration mechanhism before the 547 StackVisitor was available. 548 549 2013-09-10 Joseph Pecoraro <pecoraro@apple.com> 550 551 Web Inspector: [JSC] Caught exception is treated as uncaught 552 https://bugs.webkit.org/show_bug.cgi?id=93607 553 554 Reviewed by Geoff Garen. 555 556 Check up the entire call stack to see if there is an exception handler. 557 558 * interpreter/Interpreter.cpp: 559 (JSC::GetExceptionHandlerFunctor::GetExceptionHandlerFunctor): 560 (JSC::GetExceptionHandlerFunctor::handler): 561 (JSC::GetExceptionHandlerFunctor::operator()): 562 5632013-10-25 Lucas Forschler <lforschler@apple.com> 564 565 Merge r156214 566 567 2013-09-20 Mark Hahnenberg <mhahnenberg@apple.com> 568 569 (un)shiftCountWithAnyIndexingType will start over in the middle of copying if it sees a hole 570 https://bugs.webkit.org/show_bug.cgi?id=121717 571 572 Reviewed by Oliver Hunt. 573 574 This bug caused the array to become corrupted. We now check for holes before we start moving things, 575 and start moving things only once we've determined that there are none. 576 577 * runtime/JSArray.cpp: 578 (JSC::JSArray::shiftCountWithAnyIndexingType): 579 (JSC::JSArray::unshiftCountWithAnyIndexingType): 580 5812013-10-24 Lucas Forschler <lforschler@apple.com> 582 583 Merge r154647 584 585 2013-08-23 Andy Estes <aestes@apple.com> 586 587 Fix issues found by the Clang Static Analyzer 588 https://bugs.webkit.org/show_bug.cgi?id=120230 589 590 Reviewed by Darin Adler. 591 592 * API/JSValue.mm: 593 (valueToString): Don't leak every CFStringRef when in Objective-C GC. 594 * API/ObjCCallbackFunction.mm: 595 (JSC::ObjCCallbackFunctionImpl::~ObjCCallbackFunctionImpl): Don't 596 release m_invocation's target since NSInvocation will do it for us on 597 -dealloc. 598 (objCCallbackFunctionForBlock): Tell NSInvocation to retain its target 599 and -release our reference to the copied block. 600 * API/tests/minidom.c: 601 (createStringWithContentsOfFile): Free buffer before returning. 602 * API/tests/testapi.c: 603 (createStringWithContentsOfFile): Ditto. 604 6052013-10-24 Lucas Forschler <lforschler@apple.com> 606 607 Merge r154346 608 609 2013-08-20 Michael Saboff <msaboff@apple.com> 610 611 https://bugs.webkit.org/show_bug.cgi?id=120075 612 REGRESSION (r128400): BBC4 website not displaying pictures 613 614 Reviewed by Oliver Hunt. 615 616 * runtime/RegExpMatchesArray.h: 617 (JSC::RegExpMatchesArray::createStructure): Changed the array IndexingType to be ArrayWithSlowPutArrayStorage 618 so that the match results will be reified before any other modification to the results array. 619 6202013-10-24 Lucas Forschler <lforschler@apple.com> 621 622 Merge r154303 623 624 2013-08-18 Gavin Barraclough <barraclough@apple.com> 625 626 https://bugs.webkit.org/show_bug.cgi?id=119995 627 Start removing custom implementations of getOwnPropertyDescriptor 628 629 Reviewed by Oliver Hunt. 630 631 This can now typically implemented in terms of getOwnPropertySlot. 632 Add a macro to PropertyDescriptor to define an implementation of GOPD in terms of GOPS. 633 Switch over most classes in JSC & the WebCore bindings generator to use this. 634 635 * API/JSCallbackObjectFunctions.h: 636 * debugger/DebuggerActivation.cpp: 637 * runtime/Arguments.cpp: 638 * runtime/ArrayConstructor.cpp: 639 * runtime/ArrayPrototype.cpp: 640 * runtime/BooleanPrototype.cpp: 641 * runtime/DateConstructor.cpp: 642 * runtime/DatePrototype.cpp: 643 * runtime/ErrorPrototype.cpp: 644 * runtime/JSActivation.cpp: 645 * runtime/JSArray.cpp: 646 * runtime/JSArrayBuffer.cpp: 647 * runtime/JSArrayBufferView.cpp: 648 * runtime/JSCell.cpp: 649 * runtime/JSDataView.cpp: 650 * runtime/JSDataViewPrototype.cpp: 651 * runtime/JSFunction.cpp: 652 * runtime/JSGenericTypedArrayViewInlines.h: 653 * runtime/JSNotAnObject.cpp: 654 * runtime/JSONObject.cpp: 655 * runtime/JSObject.cpp: 656 * runtime/NamePrototype.cpp: 657 * runtime/NumberConstructor.cpp: 658 * runtime/NumberPrototype.cpp: 659 * runtime/ObjectConstructor.cpp: 660 - Implement getOwnPropertySlot in terms of GET_OWN_PROPERTY_DESCRIPTOR_IMPL. 661 * runtime/PropertyDescriptor.h: 662 - Added GET_OWN_PROPERTY_DESCRIPTOR_IMPL macro. 663 * runtime/PropertySlot.h: 664 (JSC::PropertySlot::isValue): 665 (JSC::PropertySlot::isGetter): 666 (JSC::PropertySlot::isCustom): 667 (JSC::PropertySlot::isCacheableValue): 668 (JSC::PropertySlot::isCacheableGetter): 669 (JSC::PropertySlot::isCacheableCustom): 670 (JSC::PropertySlot::attributes): 671 (JSC::PropertySlot::getterSetter): 672 - Add accessors necessary to convert PropertySlot to descriptor. 673 * runtime/RegExpConstructor.cpp: 674 * runtime/RegExpMatchesArray.cpp: 675 * runtime/RegExpMatchesArray.h: 676 * runtime/RegExpObject.cpp: 677 * runtime/RegExpPrototype.cpp: 678 * runtime/StringConstructor.cpp: 679 * runtime/StringObject.cpp: 680 - Implement getOwnPropertySlot in terms of GET_OWN_PROPERTY_DESCRIPTOR_IMPL. 681 6822013-10-24 Oliver Hunt <oliver@apple.com> 683 684 <https://webkit.org/b/119860> Crash during exception unwinding 685 686 Reviewed by Filip Pizlo. 687 688 Add an "Unreachable" NodeType, and then rearrange op_throw and op_throw_reference_error 689 to plant Throw or ThrowReferenceError followed by a flush and then the Unreachable node. 690 691 We need this so that Throw and ThrowReferenceError no longer need to be treated as 692 terminals and the subsequent flush keeps the activation (and other registers) live. 693 694 * dfg/DFGAbstractInterpreterInlines.h: 695 (JSC::DFG::::executeEffects): 696 * dfg/DFGByteCodeParser.cpp: 697 (JSC::DFG::ByteCodeParser::parseBlock): 698 * dfg/DFGClobberize.h: 699 (JSC::DFG::clobberize): 700 * dfg/DFGFixupPhase.cpp: 701 (JSC::DFG::FixupPhase::fixupNode): 702 * dfg/DFGNode.h: 703 (JSC::DFG::Node::isTerminal): 704 * dfg/DFGNodeType.h: 705 * dfg/DFGPredictionPropagationPhase.cpp: 706 (JSC::DFG::PredictionPropagationPhase::propagate): 707 * dfg/DFGSafeToExecute.h: 708 (JSC::DFG::safeToExecute): 709 * dfg/DFGSpeculativeJIT32_64.cpp: 710 (JSC::DFG::SpeculativeJIT::compile): 711 * dfg/DFGSpeculativeJIT64.cpp: 712 (JSC::DFG::SpeculativeJIT::compile): 713 7142013-10-21 Lucas Forschler <lforschler@apple.com> 715 716 Merge r154217 717 718 2013-08-16 Filip Pizlo <fpizlo@apple.com> 719 720 DFG optimizes out strict mode arguments tear off 721 https://bugs.webkit.org/show_bug.cgi?id=119504 722 723 Reviewed by Mark Hahnenberg and Oliver Hunt. 724 725 Don't do the optimization for strict mode. 726 727 * dfg/DFGArgumentsSimplificationPhase.cpp: 728 (JSC::DFG::ArgumentsSimplificationPhase::run): 729 (JSC::DFG::ArgumentsSimplificationPhase::pruneObviousArgumentCreations): 730 7312013-09-04 Dean Jackson <dino@apple.com> 732 733 <rdar://problem/14910916> Disable CSS_SHAPES on safari-537-branch 734 735 Reviewed by Beth Dakin. 736 737 * Configurations/FeatureDefines.xcconfig: 738 7392013-08-27 Lucas Forschler <lforschler@apple.com> 740 741 Merge r154633 742 743 2013-08-25 Mark Hahnenberg <mhahnenberg@apple.com> 744 745 JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on the length of the ArrayStorage after possible reallocing it 746 https://bugs.webkit.org/show_bug.cgi?id=120278 747 748 Reviewed by Geoffrey Garen. 749 750 * runtime/JSObject.cpp: 751 (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): 752 7532013-08-08 Lucas Forschler <lforschler@apple.com> 754 755 Merge r153819 756 757 2013-08-08 Stephanie Lewis <slewis@apple.com> 758 759 <rdar://problem/14680524> REGRESSION(153806): Crash @ yahoo.com when WebKit is built with a .order file 760 761 Unreviewed. 762 763 Ensure llint symbols are in source order. 764 765 * JavaScriptCore.order: 766 767 7682013-08-07 Lucas Forschler <lforschler@apple.com> 769 770 Merge r153775 771 772 2013-08-06 Stephanie Lewis <slewis@apple.com> 773 774 Update Order Files for Safari 775 <rdar://problem/14517392> 776 777 Unreviewed. 778 779 * JavaScriptCore.order: 780 7812013-08-07 Lucas Forschler <lforschler@apple.com> 782 783 Merge patch from <rdar://problem/14655517>. 784 785 * dfg/DFGSpeculativeJIT64.cpp: 786 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 787 7882013-08-07 Lucas Forschler <lforschler@apple.com> 789 790 Merge r153793 791 792 2013-08-07 Mark Hahnenberg <mhahnenberg@apple.com> 793 794 32-bit code gen for TypeOf doesn't properly update the AbstractInterpreter state 795 https://bugs.webkit.org/show_bug.cgi?id=119555 796 797 Reviewed by Geoffrey Garen. 798 799 It uses a speculationCheck where it should be using a DFG_TYPE_CHECK like the 64-bit backend does. 800 This was causing crashes on maps.google.com in 32-bit debug builds. 801 802 * dfg/DFGSpeculativeJIT32_64.cpp: 803 (JSC::DFG::SpeculativeJIT::compile): 804 8052013-08-07 Lucas Forschler <lforschler@apple.com> 806 807 Merge r153374 808 809 2013-07-19 Mark Hahnenberg <mhahnenberg@apple.com> 810 811 Setting a large numeric property on an object causes it to allocate a huge backing store 812 https://bugs.webkit.org/show_bug.cgi?id=118914 813 814 Reviewed by Geoffrey Garen. 815 816 There are two distinct actions that we're trying to optimize for: 817 818 new Array(100000); 819 820 and: 821 822 a = []; 823 a[100000] = 42; 824 825 In the first case, the programmer has indicated that they expect this Array to be very big, 826 so they should get a contiguous array up until some threshold, above which we perform density 827 calculations to see if it is indeed dense enough to warrant being contiguous. 828 829 In the second case, the programmer hasn't indicated anything about the size of the Array, so 830 we should be more conservative and assume it should be sparse until we've proven otherwise. 831 832 Currently both of those cases are handled by MIN_SPARSE_ARRAY_INDEX. We should distinguish 833 between them for the purposes of not over-allocating large backing stores like we see on 834 http://www.peekanalytics.com/burgerjoints/ 835 836 The way that we'll do this is to keep the MIN_SPARSE_ARRAY_INDEX for the first case, and 837 introduce a new heuristic for the second case. If we are putting to an index above a certain 838 threshold (say, 1000) and it is beyond the length of the array, then we will use a sparse 839 map instead. So for example, in the second case above the empty array has a blank indexing 840 type and a length of 0. We put-by-val to an index > 1000 and > a.length, so we'll use a sparse map. 841 842 This fix is ~800x speedup on the accompanying regression test :-o 843 844 * runtime/ArrayConventions.h: 845 (JSC::indexIsSufficientlyBeyondLengthForSparseMap): 846 * runtime/JSObject.cpp: 847 (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes): 848 (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage): 849 (JSC::JSObject::putByIndexBeyondVectorLength): 850 (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): 851 8522013-08-01 Lucas Forschler <lforschler@apple.com> 853 854 Merge r153615 855 856 2013-08-01 Oliver Hunt <oliver@apple.com> 857 858 DFG is not enforcing correct ordering of ToString conversion in MakeRope 859 https://bugs.webkit.org/show_bug.cgi?id=119408 860 861 Reviewed by Filip Pizlo. 862 863 Construct ToString and Phantom nodes in advance of MakeRope 864 nodes to ensure that ordering is ensured, and correct values 865 will be reified on OSR exit. 866 867 * dfg/DFGByteCodeParser.cpp: 868 (JSC::DFG::ByteCodeParser::parseBlock): 869 8702013-08-01 Mark Hahnenberg <mhahnenberg@apple.com> 871 872 GetByVal on Arguments does the wrong size load when checking the Arguments object length 873 https://bugs.webkit.org/show_bug.cgi?id=119281 874 875 Reviewed by Geoffrey Garen. 876 877 This leads to out of bounds accesses and subsequent crashes. 878 879 * dfg/DFGSpeculativeJIT.cpp: 880 (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): 881 * dfg/DFGSpeculativeJIT64.cpp: 882 (JSC::DFG::SpeculativeJIT::compile): 883 8842013-07-29 Lucas Forschler <lforschler@apple.com> 885 886 Merge r153071 887 888 2013-07-23 Mark Lam <mark.lam@apple.com> 889 890 Removed unused sourceOffset from JSTokenLocation. 891 https://bugs.webkit.org/show_bug.cgi?id=118996. 892 893 Reviewed by Geoffrey Garen. 894 895 This also removes the assertion reported in the bug because it is now 896 moot, thereby resolving the assertion failure issue on Windows. 897 898 * bytecompiler/NodesCodegen.cpp: 899 (JSC::ArrayNode::toArgumentList): 900 (JSC::ApplyFunctionCallDotNode::emitBytecode): 901 * parser/Lexer.cpp: 902 (JSC::::lex): 903 * parser/Lexer.h: 904 (JSC::::lexExpectIdentifier): 905 * parser/Nodes.h: 906 * parser/Parser.cpp: 907 (JSC::::Parser): 908 (JSC::::parseFunctionInfo): 909 (JSC::::parseExpressionOrLabelStatement): 910 (JSC::::parseMemberExpression): 911 * parser/Parser.h: 912 (JSC::::parse): 913 * parser/ParserTokens.h: 914 (JSC::JSTokenLocation::JSTokenLocation): 915 9162013-07-29 Lucas Forschler <lforschler@apple.com> 917 918 Merge r153410 919 920 2013-07-28 Oliver Hunt <oliver@apple.com> 921 922 REGRESSION: Crash when opening Facebook.com 923 https://bugs.webkit.org/show_bug.cgi?id=119155 924 925 Reviewed by Andreas Kling. 926 927 Scope nodes are always objects, so we should be using SpecObjectOther 928 rather than SpecCellOther. Marking Scopes as CellOther leads to a 929 contradiction in the CFA, resulting in bogus codegen. 930 931 * dfg/DFGAbstractState.cpp: 932 (JSC::DFG::AbstractState::executeEffects): 933 * dfg/DFGPredictionPropagationPhase.cpp: 934 (JSC::DFG::PredictionPropagationPhase::propagate): 935 9362013-07-24 Lucas Forschler <lforschler@apple.com> 937 938 Merge r153075 939 940 2013-07-23 Filip Pizlo <fpizlo@apple.com> 941 942 DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs 943 https://bugs.webkit.org/show_bug.cgi?id=119032 944 945 Reviewed by Oliver Hunt. 946 947 It just needs some Phantom action. 948 949 * dfg/DFGFixupPhase.cpp: 950 (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd): 951 9522013-07-22 Lucas Forschler <lforschler@apple.com> 953 954 Merge r152882 955 956 2013-07-18 Andreas Kling <akling@apple.com> 957 958 CodeBlock DFG entry list isn't getting shrunk-to-fit after linking. 959 <http://webkit.org/b/118875> 960 <rdar://problem/14488577> 961 962 Reviewed by Geoffrey Garen. 963 964 Move the CodeBlock::shrinkToFit() call out of JITCompiler::link() and to the call sites 965 so SpeculativeJIT::linkOSREntries() can fill in CodeBlock::m_dfgData->osrEntry first. 966 967 886 kB progression on <http://twitter.com/awesomekling> 968 969 * dfg/DFGJITCompiler.cpp: 970 (JSC::DFG::JITCompiler::link): 971 (JSC::DFG::JITCompiler::compile): 972 (JSC::DFG::JITCompiler::compileFunction): 973 9742013-07-22 Lucas Forschler <lforschler@apple.com> 975 976 Merge r152868 977 978 2013-07-18 Filip Pizlo <fpizlo@apple.com> 979 980 LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile 981 https://bugs.webkit.org/show_bug.cgi?id=118865 982 983 Reviewed by Mark Hahnenberg. 984 985 * llint/LowLevelInterpreter64.asm: 986 9872013-07-22 Lucas Forschler <lforschler@apple.com> 988 989 Merge r152848 990 991 2013-07-18 Andreas Kling <akling@apple.com> 992 993 CodeBlock::m_argumentValueProfiles wastes a lot of memory. 994 <http://webkit.org/b/118852> 995 <rdar://problem/14481659> 996 997 Reviewed by Anders Carlsson. 998 999 Use Vector::resizeToFit() for CodeBlock::m_argumentValueProfiles. We don't need any padding 1000 for growth, since we won't be appending to it anyway. 1001 1002 921 KB progression on <http://twitter.com/awesomekling> 1003 1004 * bytecode/CodeBlock.cpp: 1005 (JSC::CodeBlock::setNumParameters): 1006 10072013-07-22 Lucas Forschler <lforschler@apple.com> 1008 1009 Merge r152737 1010 1011 2013-07-16 Mark Hahnenberg <mhahnenberg@apple.com> 1012 1013 Remove reference to JSValueStructSupport.h from JSExport.h 1014 https://bugs.webkit.org/show_bug.cgi?id=118746 1015 1016 Reviewed by Filip Pizlo. 1017 1018 * API/JSExport.h: No such header exists, so it doesn't make sense to reference it. 1019 10202013-07-22 Lucas Forschler <lforschler@apple.com> 1021 1022 Merge r152600 1023 1024 2013-07-12 Brent Fulgham <bfulgham@apple.com> 1025 1026 [Windows] Build correction after r152573/r152577. 1027 https://bugs.webkit.org/show_bug.cgi?id=118610 1028 1029 Reviewed by Oliver Hunt. 1030 1031 * jit/JITThunks.cpp: 1032 (JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second 1033 argument of the make_pair to be a function pointer. 1034 10352013-07-19 Lucas Forschler <lforschler@apple.com> 1036 1037 Merge r152818 1038 1039 2013-07-17 Filip Pizlo <fpizlo@apple.com> 1040 1041 Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813 1042 1043 * dfg/DFGSpeculativeJIT.cpp: 1044 (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): 1045 * dfg/DFGSpeculativeJIT32_64.cpp: 1046 (JSC::DFG::SpeculativeJIT::compile): 1047 10482013-07-19 Lucas Forschler <lforschler@apple.com> 1049 1050 Merge r152813 1051 1052 2013-07-17 Filip Pizlo <fpizlo@apple.com> 1053 1054 DFG assumes that NewFunction will never pass its input through 1055 https://bugs.webkit.org/show_bug.cgi?id=118798 1056 1057 Reviewed by Sam Weinig. 1058 1059 Previously the DFG was assuming that NewFunction always returns a function. That's not 1060 the case. It may return whatever was passed to it, if it wasn't passed SpecEmpty. 1061 1062 This fact needed to be wired through the compiler. 1063 1064 * dfg/DFGAbstractState.cpp: 1065 (JSC::DFG::AbstractState::executeEffects): 1066 * dfg/DFGAbstractValue.h: 1067 (JSC::DFG::AbstractValue::makeTop): 1068 * dfg/DFGGraph.cpp: 1069 (JSC::DFG::Graph::dump): 1070 * dfg/DFGOperations.cpp: 1071 * dfg/DFGOperations.h: 1072 * dfg/DFGPredictionPropagationPhase.cpp: 1073 (JSC::DFG::PredictionPropagationPhase::propagate): 1074 * dfg/DFGSpeculativeJIT.h: 1075 (JSC::DFG::SpeculativeJIT::callOperation): 1076 * dfg/DFGSpeculativeJIT32_64.cpp: 1077 (JSC::DFG::SpeculativeJIT::compile): 1078 * dfg/DFGSpeculativeJIT64.cpp: 1079 (JSC::DFG::SpeculativeJIT::compile): 1080 10812013-07-18 Lucas Forschler <lforschler@apple.com> 1082 1083 Merge r152807 1084 1085 2013-07-17 Geoffrey Garen <ggaren@apple.com> 1086 1087 JSStringCreateWithCFString should not convert the empty string into the NULL string 1088 https://bugs.webkit.org/show_bug.cgi?id=118816 1089 1090 Reviewed by Sam Weinig. 1091 1092 * API/JSStringRef.cpp: 1093 (JSStringCreateWithUTF8CString): Removed an extraneous comment, which 1094 a previous version of the patch made incorrect. 1095 1096 * API/JSStringRefCF.cpp: 1097 (JSStringCreateWithCFString): Don't convert the empty string into the 1098 null string. 1099 11002013-07-17 Lucas Forschler <lforschler@apple.com> 1101 1102 Rollout r152600 1103 11042013-07-17 Lucas Forschler <lforschler@apple.com> 1105 1106 Merge r152600 1107 1108 2013-07-12 Brent Fulgham <bfulgham@apple.com> 1109 1110 [Windows] Build correction after r152573/r152577. 1111 https://bugs.webkit.org/show_bug.cgi?id=118610 1112 1113 Reviewed by Oliver Hunt. 1114 1115 * jit/JITThunks.cpp: 1116 (JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second 1117 argument of the make_pair to be a function pointer. 1118 11192013-07-17 Lucas Forschler <lforschler@apple.com> 1120 1121 Merge r152742 1122 1123 2013-07-16 Filip Pizlo <fpizlo@apple.com> 1124 1125 MakeRope fixup shouldn't lead to an Identity without kids 1126 https://bugs.webkit.org/show_bug.cgi?id=118745 1127 1128 Reviewed by Mark Hahnenberg. 1129 1130 Make the empty string pruning part of fixupMakeRope() stop if it's on the last child. 1131 1132 Make Node::convertToIdentity release-assert that it has exactly one kid. 1133 1134 * dfg/DFGFixupPhase.cpp: 1135 (JSC::DFG::FixupPhase::fixupMakeRope): 1136 * dfg/DFGNode.h: 1137 (JSC::DFG::Node::convertToIdentity): 1138 11392013-07-15 Lucas Forschler <lforschler@apple.com> 1140 1141 Merge r152613 1142 1143 2013-07-13 Commit Queue <commit-queue@webkit.org> 1144 1145 Unreviewed, rolling out r151978. 1146 http://trac.webkit.org/changeset/151978 1147 https://bugs.webkit.org/show_bug.cgi?id=118651 1148 1149 Caused regressions at least 3 websites (Requested by rniwa on 1150 #webkit). 1151 1152 * runtime/JSCJSValue.h: 1153 * runtime/JSString.h: 1154 11552013-07-15 Lucas Forschler <lforschler@apple.com> 1156 1157 Merge r152577 1158 1159 2013-07-11 Oliver Hunt <oliver@apple.com> 1160 1161 Attempt to fix the windows build. 1162 1163 * jit/JITThunks.cpp: 1164 (JSC::JITThunks::hostFunctionStub): 1165 * jit/JITThunks.h: 1166 11672013-07-15 Lucas Forschler <lforschler@apple.com> 1168 1169 Merge r152573 1170 1171 2013-07-10 Oliver Hunt <oliver@apple.com> 1172 1173 NativeExecutable cache needs to use both call and construct functions for key 1174 https://bugs.webkit.org/show_bug.cgi?id=118545 1175 1176 Reviewed by Geoffrey Garen. 1177 1178 Make the native executable cache make use a key pair so we don't decide to 1179 treat all subsequent functions as not being constructors. 1180 1181 * jit/JITThunks.cpp: 1182 (JSC::JITThunks::hostFunctionStub): 1183 * jit/JITThunks.h: 1184 * runtime/JSBoundFunction.cpp: 1185 (JSC::JSBoundFunction::create): 1186 * runtime/JSCell.cpp: 1187 (JSC::JSCell::getCallData): 1188 (JSC::JSCell::getConstructData): 1189 11902013-07-09 Lucas Forschler <lforschler@apple.com> 1191 1192 Merge r152497 1193 1194 2013-07-09 Mark Lam <mark.lam@apple.com> 1195 1196 Gardening to unbreak builds on the Windows bot. 1197 1198 Not reviewed. 1199 1200 * parser/ParserTokens.h: 1201 12022013-07-09 Lucas Forschler <lforschler@apple.com> 1203 1204 Merge r152494 1205 1206 2013-07-09 Mark Lam <mark.lam@apple.com> 1207 1208 Fix 30% JSBench regression (caused by adding column numbers to stack traces). 1209 https://bugs.webkit.org/show_bug.cgi?id=118481. 1210 1211 Reviewed by Mark Hahnenberg and Geoffrey Garen. 1212 1213 Previously, we already capture ExpressionRangeInfo that provides a divot for 1214 each bytecode that can potentially throw an exception (and therefore generate 1215 a stack trace). On first attempt to compute column numbers, we then do a walk 1216 of the source string to record all line start positions in a table associated 1217 with the SourceProvider. The column number can then be computed as 1218 divot - lineStartFor(bytecodeOffset). 1219 1220 The computation of this lineStarts table is the source of the 30% JSBench 1221 performance regression. 1222 1223 The new code now records lineStarts as the lexer and parser scans the source 1224 code. These lineStarts are then used to compute the column number for the 1225 given divot, and stored in the ExpressionRangeInfo. Similarly, we also capture 1226 the line number at the divot point and store that in the ExpressionRangeInfo. 1227 Hence, to look up line and column numbers, we now lookup the ExpressionRangeInfo 1228 for the bytecodeOffset, and then compute the line and column from the values 1229 stored in the expression info. 1230 1231 The strategy: 1232 1. We want to minimize perturbations to the lexer and parser. Specifically, 1233 the changes added should not change how it scans code, and generate bytecode. 1234 2. We regard the divot as the source character position we are interested 1235 in. As such, we'll capture line and lineStart (for column) at the point 1236 when we capture the divot information. This ensures that the 3 values are 1237 consistent. 1238 1239 How the change is done: 1240 1. Change the lexer to track lineStarts. 1241 2. Change the parser to capture line and lineStarts at the point of capturing 1242 divots. 1243 3. Change the parser and associated code to plumb these values all the way to 1244 the point that the correspoinding ExpressionRangeInfo is emitted. 1245 4. Propagate and record SourceCode firstLine and firstLineColumnOffset to the 1246 the necessary places so that we can add them as needed when reifying 1247 UnlinkedCodeBlocks into CodeBlocks. 1248 5. Compress the line and column number values in the ExpressionRangeInfo. In 1249 practice, we seldom have both large line and column numbers. Hence, we can 1250 encode both in an uint32_t most of the time. For the times when we encounter 1251 both large line and column numbers, we have a fallback to store the "fat" 1252 position info. 1253 6. Emit an ExpressionRangeInfo for UnaryOp nodes to get more line and column 1254 number coverage. 1255 7. Change the interpreter to use the new way of computing line and column. 1256 8. Delete old line and column computation code that is now unused. 1257 1258 Misc details: 1259 - the old lexer was tracking both a startOffset and charPosition where 1260 charPosition equals startOffset - SourceCode.startOffset. We now use 1261 startOffset exclusively throughout the system for consistency. 1262 All offset values (including lineStart) are relative to the start of the 1263 SourceProvider string. These values will only be converted to be relative 1264 to the SourceCode.startOffset at the very last minute i.e. when the divot 1265 is stored into the ExpressionRangeInfo. 1266 1267 This change to use the same offset system everywhere reduces confusion 1268 from having to convert back and forth between the 2 systems. It also 1269 enables a lot of assertions to be used. 1270 1271 - Also fixed some bugs in the choice of divot positions to use. For example, 1272 both Eval and Function expressions previously used column numbers from 1273 the start of the expression but used the line number at the end of the 1274 expression. This is now fixed to use either the start or end positions 1275 as appropriate, but not a mix of line and columns from both. 1276 1277 - Why use ints instead of unsigneds for offsets and lineStarts inside the 1278 lexer and parser? 1279 Some tests (e.g. fast/js/call-base-resolution.html and 1280 fast/js/eval-cross-window.html) has shown that lineStart offsets can be 1281 prior to the SourceCode.startOffset. Keeping the lexer offsets as ints 1282 simplifies computations and makes it easier to maintain the assertions 1283 that (startOffset >= lineStartOffset). 1284 1285 However, column and line numbers are always unsigned when we publish 1286 them to the ExpressionRangeInfo. The ints are only used inside the 1287 lexer and parser ... well, and bytecode generator. 1288 1289 - For all cases, lineStart is always captured where the divot is captured. 1290 However, some sputnik conformance tests have shown that we cannot honor 1291 line breaks for assignment statements like the following: 1292 1293 eval("x\u000A*=\u000A-1;"); 1294 1295 In this case, the lineStart is expected to be captured at the start of 1296 the assignment expression instead of at the divot point in the middle. 1297 The assignment expression is the only special case for this. 1298 1299 This patch has been tested against the full layout tests both with release 1300 and debug builds with no regression. 1301 1302 * API/JSContextRef.cpp: 1303 (JSContextCreateBacktrace): 1304 - Updated to use the new StackFrame::computeLineAndColumn(). 1305 * bytecode/CodeBlock.cpp: 1306 (JSC::CodeBlock::CodeBlock): 1307 - Added m_firstLineColumnOffset initialization. 1308 - Plumbed the firstLineColumnOffset into the SourceCode. 1309 - Initialized column for op_debug using the new way. 1310 (JSC::CodeBlock::lineNumberForBytecodeOffset): 1311 - Changed to compute line number using the ExpressionRangeInfo. 1312 (JSC::CodeBlock::columnNumberForBytecodeOffset): Added 1313 - Changed to compute column number using the ExpressionRangeInfo. 1314 (JSC::CodeBlock::expressionRangeForBytecodeOffset): 1315 * bytecode/CodeBlock.h: 1316 (JSC::CodeBlock::firstLineColumnOffset): 1317 (JSC::GlobalCodeBlock::GlobalCodeBlock): 1318 - Plumbed firstLineColumnOffset through to the super class. 1319 (JSC::ProgramCodeBlock::ProgramCodeBlock): 1320 - Plumbed firstLineColumnOffset through to the super class. 1321 (JSC::EvalCodeBlock::EvalCodeBlock): 1322 - Plumbed firstLineColumnOffset through to the super class. 1323 But for EvalCodeBlocks, the firstLineColumnOffset is always 1 1324 because we're starting with a new source string with no start 1325 offset. 1326 (JSC::FunctionCodeBlock::FunctionCodeBlock): 1327 - Plumbed firstLineColumnOffset through to the super class. 1328 1329 * bytecode/ExpressionRangeInfo.h: 1330 - Added modes for encoding line and column into a single 30-bit 1331 unsigned. The encoding is in 1 of 3 modes: 1332 1. FatLineMode: 22-bit line, 8-bit column 1333 2. FatColumnMode: 8-bit line, 22-bit column 1334 3. FatLineAndColumnMode: 32-bit line, 32-bit column 1335 (JSC::ExpressionRangeInfo::encodeFatLineMode): Added. 1336 - Encodes line and column into the 30-bit position using FatLine mode. 1337 (JSC::ExpressionRangeInfo::encodeFatColumnMode): Added. 1338 - Encodes line and column into the 30-bit position using FatColumn mode. 1339 (JSC::ExpressionRangeInfo::decodeFatLineMode): Added. 1340 - Decodes the FatLine mode 30-bit position into line and column. 1341 (JSC::ExpressionRangeInfo::decodeFatColumnMode): Added. 1342 - Decodes the FatColumn mode 30-bit position into line and column. 1343 1344 * bytecode/UnlinkedCodeBlock.cpp: 1345 (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): 1346 - Plumbed startColumn through. 1347 (JSC::UnlinkedFunctionExecutable::link): 1348 - Plumbed startColumn through. 1349 (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): 1350 - Computes a line number using the new way. 1351 (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): 1352 - Added decoding of line and column. 1353 - Added handling of the case when we do not find a fitting expression 1354 range info for a specified bytecodeOffset. This only happens if the 1355 bytecodeOffset is below the first expression range info. In that 1356 case, we'll use the first expression range info entry. 1357 (JSC::UnlinkedCodeBlock::addExpressionInfo): 1358 - Added encoding of line and column. 1359 1360 * bytecode/UnlinkedCodeBlock.h: 1361 - Added m_expressionInfoFatPositions in RareData. 1362 (JSC::UnlinkedFunctionExecutable::functionStartColumn): 1363 (JSC::UnlinkedCodeBlock::shrinkToFit): 1364 - Removed obsoleted m_lineInfo. 1365 * bytecompiler/BytecodeGenerator.cpp: 1366 (JSC::BytecodeGenerator::emitCall): Plumbed line and lineStart through. 1367 (JSC::BytecodeGenerator::emitCallEval): Plumbed line and lineStart through. 1368 (JSC::BytecodeGenerator::emitCallVarargs): Plumbed line and lineStart through. 1369 (JSC::BytecodeGenerator::emitConstruct): Plumbed line and lineStart through. 1370 (JSC::BytecodeGenerator::emitDebugHook): Plumbed lineStart through. 1371 * bytecompiler/BytecodeGenerator.h: 1372 (JSC::BytecodeGenerator::emitNode): 1373 (JSC::BytecodeGenerator::emitNodeInConditionContext): 1374 - Removed obsoleted m_lineInfo. 1375 (JSC::BytecodeGenerator::emitExpressionInfo): 1376 - Plumbed line and lineStart through. 1377 - Compute the line and column to be added to the expression range info. 1378 * bytecompiler/NodesCodegen.cpp: 1379 (JSC::ThrowableExpressionData::emitThrowReferenceError): 1380 (JSC::ResolveNode::emitBytecode): 1381 (JSC::ArrayNode::toArgumentList): 1382 (JSC::BracketAccessorNode::emitBytecode): 1383 (JSC::DotAccessorNode::emitBytecode): 1384 (JSC::NewExprNode::emitBytecode): 1385 (JSC::EvalFunctionCallNode::emitBytecode): 1386 (JSC::FunctionCallValueNode::emitBytecode): 1387 (JSC::FunctionCallResolveNode::emitBytecode): 1388 (JSC::FunctionCallBracketNode::emitBytecode): 1389 (JSC::FunctionCallDotNode::emitBytecode): 1390 (JSC::CallFunctionCallDotNode::emitBytecode): 1391 (JSC::ApplyFunctionCallDotNode::emitBytecode): 1392 (JSC::PostfixNode::emitResolve): 1393 (JSC::PostfixNode::emitBracket): 1394 (JSC::PostfixNode::emitDot): 1395 (JSC::DeleteResolveNode::emitBytecode): 1396 (JSC::DeleteBracketNode::emitBytecode): 1397 (JSC::DeleteDotNode::emitBytecode): 1398 (JSC::PrefixNode::emitResolve): 1399 (JSC::PrefixNode::emitBracket): 1400 (JSC::PrefixNode::emitDot): 1401 - Plumbed line and lineStart through the above as needed. 1402 1403 (JSC::UnaryOpNode::emitBytecode): 1404 - Added emission of an ExpressionRangeInfo for the UnaryOp node. 1405 1406 (JSC::BinaryOpNode::emitStrcat): 1407 (JSC::ThrowableBinaryOpNode::emitBytecode): 1408 (JSC::InstanceOfNode::emitBytecode): 1409 (JSC::emitReadModifyAssignment): 1410 (JSC::ReadModifyResolveNode::emitBytecode): 1411 (JSC::AssignResolveNode::emitBytecode): 1412 (JSC::AssignDotNode::emitBytecode): 1413 (JSC::ReadModifyDotNode::emitBytecode): 1414 (JSC::AssignBracketNode::emitBytecode): 1415 (JSC::ReadModifyBracketNode::emitBytecode): 1416 - Plumbed line and lineStart through the above as needed. 1417 1418 (JSC::ConstStatementNode::emitBytecode): 1419 (JSC::EmptyStatementNode::emitBytecode): 1420 (JSC::DebuggerStatementNode::emitBytecode): 1421 (JSC::ExprStatementNode::emitBytecode): 1422 (JSC::VarStatementNode::emitBytecode): 1423 (JSC::IfElseNode::emitBytecode): 1424 (JSC::DoWhileNode::emitBytecode): 1425 (JSC::WhileNode::emitBytecode): 1426 (JSC::ForNode::emitBytecode): 1427 (JSC::ForInNode::emitBytecode): 1428 (JSC::ContinueNode::emitBytecode): 1429 (JSC::BreakNode::emitBytecode): 1430 (JSC::ReturnNode::emitBytecode): 1431 (JSC::WithNode::emitBytecode): 1432 (JSC::SwitchNode::emitBytecode): 1433 (JSC::LabelNode::emitBytecode): 1434 (JSC::ThrowNode::emitBytecode): 1435 (JSC::TryNode::emitBytecode): 1436 (JSC::ProgramNode::emitBytecode): 1437 (JSC::EvalNode::emitBytecode): 1438 (JSC::FunctionBodyNode::emitBytecode): 1439 - Plumbed line and lineStart through the above as needed. 1440 1441 * interpreter/Interpreter.cpp: 1442 (JSC::appendSourceToError): 1443 - Added line and column arguments for expressionRangeForBytecodeOffset(). 1444 (JSC::StackFrame::computeLineAndColumn): 1445 - Replaces StackFrame::line() and StackFrame::column(). 1446 (JSC::StackFrame::expressionInfo): 1447 - Added line and column arguments. 1448 (JSC::StackFrame::toString): 1449 - Changed to use the new StackFrame::computeLineAndColumn(). 1450 (JSC::Interpreter::getStackTrace): 1451 - Added the needed firstLineColumnOffset arg for the StackFrame. 1452 1453 * interpreter/Interpreter.h: 1454 * parser/ASTBuilder.h: 1455 (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo): 1456 (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo): 1457 (JSC::ASTBuilder::createResolve): 1458 (JSC::ASTBuilder::createBracketAccess): 1459 (JSC::ASTBuilder::createDotAccess): 1460 (JSC::ASTBuilder::createRegExp): 1461 (JSC::ASTBuilder::createNewExpr): 1462 (JSC::ASTBuilder::createAssignResolve): 1463 (JSC::ASTBuilder::createFunctionExpr): 1464 (JSC::ASTBuilder::createFunctionBody): 1465 (JSC::ASTBuilder::createGetterOrSetterProperty): 1466 (JSC::ASTBuilder::createFuncDeclStatement): 1467 (JSC::ASTBuilder::createBlockStatement): 1468 (JSC::ASTBuilder::createExprStatement): 1469 (JSC::ASTBuilder::createIfStatement): 1470 (JSC::ASTBuilder::createForLoop): 1471 (JSC::ASTBuilder::createForInLoop): 1472 (JSC::ASTBuilder::createVarStatement): 1473 (JSC::ASTBuilder::createReturnStatement): 1474 (JSC::ASTBuilder::createBreakStatement): 1475 (JSC::ASTBuilder::createContinueStatement): 1476 (JSC::ASTBuilder::createTryStatement): 1477 (JSC::ASTBuilder::createSwitchStatement): 1478 (JSC::ASTBuilder::createWhileStatement): 1479 (JSC::ASTBuilder::createDoWhileStatement): 1480 (JSC::ASTBuilder::createLabelStatement): 1481 (JSC::ASTBuilder::createWithStatement): 1482 (JSC::ASTBuilder::createThrowStatement): 1483 (JSC::ASTBuilder::createDebugger): 1484 (JSC::ASTBuilder::createConstStatement): 1485 (JSC::ASTBuilder::appendBinaryExpressionInfo): 1486 (JSC::ASTBuilder::appendUnaryToken): 1487 (JSC::ASTBuilder::unaryTokenStackLastStart): 1488 (JSC::ASTBuilder::unaryTokenStackLastLineStartPosition): Added. 1489 (JSC::ASTBuilder::assignmentStackAppend): 1490 (JSC::ASTBuilder::createAssignment): 1491 (JSC::ASTBuilder::setExceptionLocation): 1492 (JSC::ASTBuilder::makeDeleteNode): 1493 (JSC::ASTBuilder::makeFunctionCallNode): 1494 (JSC::ASTBuilder::makeBinaryNode): 1495 (JSC::ASTBuilder::makeAssignNode): 1496 (JSC::ASTBuilder::makePrefixNode): 1497 (JSC::ASTBuilder::makePostfixNode):. 1498 - Plumbed line, lineStart, and startColumn through the above as needed. 1499 1500 * parser/Lexer.cpp: 1501 (JSC::::currentSourcePtr): 1502 (JSC::::setCode): 1503 - Added tracking for sourceoffset and lineStart. 1504 (JSC::::internalShift): 1505 (JSC::::parseIdentifier): 1506 - Added tracking for lineStart. 1507 (JSC::::parseIdentifierSlowCase): 1508 (JSC::::parseString): 1509 - Added tracking for lineStart. 1510 (JSC::::parseStringSlowCase): 1511 (JSC::::lex): 1512 - Added tracking for sourceoffset. 1513 (JSC::::sourceCode): 1514 * parser/Lexer.h: 1515 (JSC::Lexer::currentOffset): 1516 (JSC::Lexer::currentLineStartOffset): 1517 (JSC::Lexer::setOffset): 1518 - Added tracking for lineStart. 1519 (JSC::Lexer::offsetFromSourcePtr): Added. conversion function. 1520 (JSC::Lexer::sourcePtrFromOffset): Added. conversion function. 1521 (JSC::Lexer::setOffsetFromSourcePtr): 1522 (JSC::::lexExpectIdentifier): 1523 - Added tracking for sourceoffset and lineStart. 1524 1525 * parser/NodeConstructors.h: 1526 (JSC::Node::Node): 1527 (JSC::ResolveNode::ResolveNode): 1528 (JSC::EvalFunctionCallNode::EvalFunctionCallNode): 1529 (JSC::FunctionCallValueNode::FunctionCallValueNode): 1530 (JSC::FunctionCallResolveNode::FunctionCallResolveNode): 1531 (JSC::FunctionCallBracketNode::FunctionCallBracketNode): 1532 (JSC::FunctionCallDotNode::FunctionCallDotNode): 1533 (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode): 1534 (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode): 1535 (JSC::PostfixNode::PostfixNode): 1536 (JSC::DeleteResolveNode::DeleteResolveNode): 1537 (JSC::DeleteBracketNode::DeleteBracketNode): 1538 (JSC::DeleteDotNode::DeleteDotNode): 1539 (JSC::PrefixNode::PrefixNode): 1540 (JSC::ReadModifyResolveNode::ReadModifyResolveNode): 1541 (JSC::ReadModifyBracketNode::ReadModifyBracketNode): 1542 (JSC::AssignBracketNode::AssignBracketNode): 1543 (JSC::AssignDotNode::AssignDotNode): 1544 (JSC::ReadModifyDotNode::ReadModifyDotNode): 1545 (JSC::AssignErrorNode::AssignErrorNode): 1546 (JSC::WithNode::WithNode): 1547 (JSC::ForInNode::ForInNode): 1548 - Plumbed line and lineStart through the above as needed. 1549 * parser/Nodes.cpp: 1550 (JSC::StatementNode::setLoc): Plumbed lineStart. 1551 (JSC::ScopeNode::ScopeNode): Plumbed lineStart. 1552 (JSC::ProgramNode::ProgramNode): Plumbed startColumn. 1553 (JSC::ProgramNode::create): Plumbed startColumn. 1554 (JSC::EvalNode::create): 1555 (JSC::FunctionBodyNode::FunctionBodyNode): Plumbed startColumn. 1556 (JSC::FunctionBodyNode::create): Plumbed startColumn. 1557 * parser/Nodes.h: 1558 (JSC::Node::startOffset): 1559 (JSC::Node::lineStartOffset): Added. 1560 (JSC::StatementNode::firstLine): 1561 (JSC::StatementNode::lastLine): 1562 (JSC::ThrowableExpressionData::ThrowableExpressionData): 1563 (JSC::ThrowableExpressionData::setExceptionSourceCode): 1564 (JSC::ThrowableExpressionData::divotStartOffset): 1565 (JSC::ThrowableExpressionData::divotEndOffset): 1566 (JSC::ThrowableExpressionData::divotLine): 1567 (JSC::ThrowableExpressionData::divotLineStart): 1568 (JSC::ThrowableSubExpressionData::ThrowableSubExpressionData): 1569 (JSC::ThrowableSubExpressionData::setSubexpressionInfo): 1570 (JSC::ThrowableSubExpressionData::subexpressionDivot): 1571 (JSC::ThrowableSubExpressionData::subexpressionStartOffset): 1572 (JSC::ThrowableSubExpressionData::subexpressionEndOffset): 1573 (JSC::ThrowableSubExpressionData::subexpressionLine): 1574 (JSC::ThrowableSubExpressionData::subexpressionLineStart): 1575 (JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData): 1576 (JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo): 1577 (JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot): 1578 (JSC::ThrowablePrefixedSubExpressionData::subexpressionStartOffset): 1579 (JSC::ThrowablePrefixedSubExpressionData::subexpressionEndOffset): 1580 (JSC::ThrowablePrefixedSubExpressionData::subexpressionLine): 1581 (JSC::ThrowablePrefixedSubExpressionData::subexpressionLineStart): 1582 (JSC::ScopeNode::startStartOffset): 1583 (JSC::ScopeNode::startLineStartOffset): 1584 (JSC::ProgramNode::startColumn): 1585 (JSC::EvalNode::startColumn): 1586 (JSC::FunctionBodyNode::startColumn): 1587 - Plumbed line and lineStart through the above as needed. 1588 * parser/Parser.cpp: 1589 (JSC::::Parser): 1590 (JSC::::parseSourceElements): 1591 (JSC::::parseVarDeclarationList): 1592 (JSC::::parseConstDeclarationList): 1593 (JSC::::parseForStatement): 1594 (JSC::::parseBreakStatement): 1595 (JSC::::parseContinueStatement): 1596 (JSC::::parseReturnStatement): 1597 (JSC::::parseThrowStatement): 1598 (JSC::::parseWithStatement): 1599 - Plumbed line and lineStart through the above as needed. 1600 (JSC::::parseFunctionBody): 1601 - Plumbed startColumn. 1602 (JSC::::parseFunctionInfo): 1603 (JSC::::parseFunctionDeclaration): 1604 (JSC::LabelInfo::LabelInfo): 1605 (JSC::::parseExpressionOrLabelStatement): 1606 (JSC::::parseAssignmentExpression): 1607 (JSC::::parseBinaryExpression): 1608 (JSC::::parseProperty): 1609 (JSC::::parseObjectLiteral): 1610 (JSC::::parsePrimaryExpression): 1611 (JSC::::parseMemberExpression): 1612 (JSC::::parseUnaryExpression): 1613 - Plumbed line, lineStart, startColumn through the above as needed. 1614 * parser/Parser.h: 1615 (JSC::Parser::next): 1616 (JSC::Parser::nextExpectIdentifier): 1617 (JSC::Parser::tokenStart): 1618 (JSC::Parser::tokenColumn): 1619 (JSC::Parser::tokenEnd): 1620 (JSC::Parser::tokenLineStart): 1621 (JSC::Parser::lastTokenLine): 1622 (JSC::Parser::lastTokenLineStart): 1623 (JSC::::parse): 1624 * parser/ParserTokens.h: 1625 (JSC::JSTokenLocation::JSTokenLocation): 1626 - Plumbed lineStart. 1627 (JSC::JSTokenLocation::lineStartPosition): 1628 (JSC::JSTokenLocation::startPosition): 1629 (JSC::JSTokenLocation::endPosition): 1630 * parser/SourceCode.h: 1631 (JSC::SourceCode::SourceCode): 1632 (JSC::SourceCode::startColumn): 1633 (JSC::makeSource): 1634 (JSC::SourceCode::subExpression): 1635 * parser/SourceProvider.cpp: delete old code. 1636 * parser/SourceProvider.h: delete old code. 1637 * parser/SourceProviderCacheItem.h: 1638 (JSC::SourceProviderCacheItem::closeBraceToken): 1639 (JSC::SourceProviderCacheItem::SourceProviderCacheItem): 1640 - Plumbed lineStart. 1641 * parser/SyntaxChecker.h: 1642 (JSC::SyntaxChecker::makeFunctionCallNode): 1643 (JSC::SyntaxChecker::makeAssignNode): 1644 (JSC::SyntaxChecker::makePrefixNode): 1645 (JSC::SyntaxChecker::makePostfixNode): 1646 (JSC::SyntaxChecker::makeDeleteNode): 1647 (JSC::SyntaxChecker::createResolve): 1648 (JSC::SyntaxChecker::createBracketAccess): 1649 (JSC::SyntaxChecker::createDotAccess): 1650 (JSC::SyntaxChecker::createRegExp): 1651 (JSC::SyntaxChecker::createNewExpr): 1652 (JSC::SyntaxChecker::createAssignResolve): 1653 (JSC::SyntaxChecker::createFunctionExpr): 1654 (JSC::SyntaxChecker::createFunctionBody): 1655 (JSC::SyntaxChecker::createFuncDeclStatement): 1656 (JSC::SyntaxChecker::createForInLoop): 1657 (JSC::SyntaxChecker::createReturnStatement): 1658 (JSC::SyntaxChecker::createBreakStatement): 1659 (JSC::SyntaxChecker::createContinueStatement): 1660 (JSC::SyntaxChecker::createWithStatement): 1661 (JSC::SyntaxChecker::createLabelStatement): 1662 (JSC::SyntaxChecker::createThrowStatement): 1663 (JSC::SyntaxChecker::createGetterOrSetterProperty): 1664 (JSC::SyntaxChecker::appendBinaryExpressionInfo): 1665 (JSC::SyntaxChecker::operatorStackPop): 1666 - Made SyntaxChecker prototype changes to match ASTBuilder due to new 1667 args added for plumbing line, lineStart, and startColumn. 1668 * runtime/CodeCache.cpp: 1669 (JSC::CodeCache::generateBytecode): 1670 (JSC::CodeCache::getCodeBlock): 1671 - Plumbed startColumn. 1672 * runtime/Executable.cpp: 1673 (JSC::FunctionExecutable::FunctionExecutable): 1674 (JSC::ProgramExecutable::compileInternal): 1675 (JSC::FunctionExecutable::produceCodeBlockFor): 1676 (JSC::FunctionExecutable::fromGlobalCode): 1677 - Plumbed startColumn. 1678 * runtime/Executable.h: 1679 (JSC::ScriptExecutable::startColumn): 1680 (JSC::ScriptExecutable::recordParse): 1681 (JSC::FunctionExecutable::create): 1682 - Plumbed startColumn. 1683 16842013-07-08 Lucas Forschler <lforschler@apple.com> 1685 1686 Merge r152052 1687 1688 2013-06-26 Anders Carlsson <andersca@apple.com> 1689 1690 Add JSStringCreateWithCharactersNoCopy SPI 1691 https://bugs.webkit.org/show_bug.cgi?id=118074 1692 <rdar://problem/14279905> 1693 1694 Reviewed by Geoffrey Garen. 1695 1696 * API/JSStringRef.cpp: 1697 (JSStringCreateWithCharactersNoCopy): 1698 Create a new OpaqueJSString, using the newly added StringImpl::createWithoutCopying function. 1699 1700 * API/JSStringRefPrivate.h: Added. 1701 Add a home for the JSStringCreateWithCharactersNoCopy function. 1702 1703 * API/OpaqueJSString.h: 1704 (OpaqueJSString::OpaqueJSString): 1705 Just call isolatedCopy on the passed in string. 1706 1707 * API/tests/testapi.c: 1708 Add an API test for JSStringCreateWithCharactersNoCopy. 1709 1710 * JavaScriptCore.xcodeproj/project.pbxproj: 1711 Add new files. 1712 17132013-07-08 Lucas Forschler <lforschler@apple.com> 1714 1715 Merge r152314 1716 1717 2013-07-02 Mark Hahnenberg <mhahnenberg@apple.com> 1718 1719 Replace RELEASE_ASSERT with ASSERT in CodeBlock:: bytecodeOffsetForCallAtIndex 1720 https://bugs.webkit.org/show_bug.cgi?id=118316 1721 1722 Reviewed by Geoffrey Garen. 1723 1724 This is causing some crashiness in release builds. We should replace it with an ASSERT 1725 until we track down all the places that need fixing in bug 118315. 1726 1727 * bytecode/CodeBlock.h: 1728 (JSC::CodeBlock::bytecodeOffsetForCallAtIndex): 1729 17302013-07-01 Lucas Forschler <lforschler@apple.com> 1731 1732 Merge r152091 1733 1734 2013-06-27 Timothy Hatcher <timothy@apple.com> 1735 1736 Notify the debugger about functions created from source code via new Function() or WebCore::JSLazyEventListener. 1737 1738 https://bugs.webkit.org/show_bug.cgi?id=118063 1739 1740 Reviewed by Geoffrey Garen. 1741 1742 * bytecode/UnlinkedCodeBlock.cpp: 1743 (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Call Debugger::sourceParsed. 1744 17452013-07-01 Lucas Forschler <lforschler@apple.com> 1746 1747 Merge r151978 1748 1749 2013-06-25 Ryosuke Niwa <rniwa@webkit.org> 1750 1751 JSString should remember AtomicString 1752 https://bugs.webkit.org/show_bug.cgi?id=117386 1753 1754 Reviewed by Geoffrey Garen. 1755 1756 Added JSValue::toAtomicString and JSString::atomicString. These two functions allow WebCore to update 1757 JSString's m_value to set isAtomic flag and avoid the AtomicStringTable lookups in subsequent attempts 1758 to obtain the AtomicString of the same value. 1759 1760 * runtime/JSCJSValue.h: 1761 * runtime/JSString.h: 1762 (JSC::JSString::atomicString): 1763 (JSC::JSValue::toAtomicString): 1764 17652013-06-25 Lucas Forschler <lforschler@apple.com> 1766 1767 Merge r151786 1768 1769 2013-06-20 Mark Hahnenberg <mhahnenberg@apple.com> 1770 1771 Improper deallocation of JSManagedValue causes crashes during autorelease pool draining 1772 https://bugs.webkit.org/show_bug.cgi?id=117840 1773 1774 Reviewed by Geoffrey Garen. 1775 1776 Improperly managing a JSManagedValue can cause a crash when the JSC::Weak inside the 1777 JSManagedValue is destroyed upon deallocation. We would rather have improperly maintained 1778 JSManagedValues cause memory leaks than take down the whole app. 1779 1780 The fix is to use the callback to the JSC::Weak on the destruction of the VM so that we 1781 can safely null it out. This will prevent ~Weak from crashing. 1782 1783 * API/JSManagedValue.mm: 1784 (-[JSManagedValue JSC::JSC::]): 1785 (JSManagedValueHandleOwner::finalize): 1786 * API/tests/testapi.mm: Added a test that crashed prior to this fix due to a leaked 1787 managed reference. Also fixed a small style nit I noticed in another test. 1788 17892013-06-25 Lucas Forschler <lforschler@apple.com> 1790 1791 Merge r151923 1792 1793 2013-06-24 Roger Fong <roger_fong@apple.com> 1794 1795 Unreviewed. Makefile build fix for AppleWindows. 1796 1797 * JavaScriptCore.vcxproj/JavaScriptCore.make: 1798 17992013-06-21 Lucas Forschler <lforschler@apple.com> 1800 1801 Merge r151787 1802 1803 2013-06-20 Roger Fong <roger_fong@apple.com> 1804 1805 Make Windows makefile copy build output to a different folder. 1806 <rdar://problem/14219184>. 1807 1808 * JavaScriptCore.vcxproj/JavaScriptCore.make: 1809 18102013-06-18 Roger Fong <roger_fong@apple.com> 1811 1812 Disable some feature flags. 1813 <rdar://problem/14171207>. 1814 1815 Rubberstamped by Jon Lee. 1816 1817 * Configurations/FeatureDefines.xcconfig: 1818 18192013-06-18 Oliver Hunt <oliver@apple.com> 1820 1821 Going to google.com/trends causes a crash 1822 https://bugs.webkit.org/show_bug.cgi?id=117602 1823 1824 Reviewed by Geoffrey Garen. 1825 1826 When handling op_throw, etc we need to flush the variables and arguments 1827 for the entire inline stack, not just the top frame. 1828 1829 * dfg/DFGByteCodeParser.cpp: 1830 (JSC::DFG::ByteCodeParser::flushAllArgumentsAndCapturedVariablesInInlineStack): 1831 (JSC::DFG::ByteCodeParser::parseBlock): 1832 18332013-06-18 Roger Fong <roger_fong@apple.com> 1834 1835 Replace tools32 folder with tools and update WebKit Windows solution accordingly. 1836 <rdar://problem/14118143>. 1837 1838 Rubberstamped by Brent Fulgham. 1839 1840 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: 1841 * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props: 1842 * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props: 1843 * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: 1844 * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props: 1845 * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props: 1846 * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props: 1847 * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd: 1848 * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props: 1849 * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props: 1850 * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props: 1851 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: 1852 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: 1853 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: 1854 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: 1855 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props: 1856 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props: 1857 * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: 1858 * JavaScriptCore.vcxproj/jsc/jscDebug.props: 1859 * JavaScriptCore.vcxproj/jsc/jscProduction.props: 1860 * JavaScriptCore.vcxproj/jsc/jscRelease.props: 1861 * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: 1862 * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props: 1863 * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props: 1864 * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props: 1865 * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: 1866 * JavaScriptCore.vcxproj/testapi/testapiDebug.props: 1867 * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props: 1868 * JavaScriptCore.vcxproj/testapi/testapiProduction.props: 1869 * JavaScriptCore.vcxproj/testapi/testapiRelease.props: 1870 * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props: 1871 18722013-06-17 Roger Fong <roger_fong@apple.com> 1873 1874 Modify Windows makefiles to copy some bin output into Program Files. 1875 https://bugs.webkit.org/show_bug.cgi?id=117714. 1876 <rdar://problem/14179054> 1877 1878 Reviewed by Brent Fulgham. 1879 1880 * JavaScriptCore.vcxproj/JavaScriptCore.make: 1881 18822013-06-14 Ryosuke Niwa <rniwa@webkit.org> 1883 1884 Function names on Object.prototype should be common identifiers 1885 https://bugs.webkit.org/show_bug.cgi?id=117614 1886 1887 Reviewed by Darin Adler. 1888 1889 Patch written by Sam Weinig. Make Object's prototype function names common identififers since they're used frequently. 1890 1891 * runtime/CommonIdentifiers.h: 1892 * runtime/FunctionConstructor.cpp: 1893 (JSC::constructFunction): 1894 * runtime/JSGlobalObject.cpp: 1895 (JSC::JSGlobalObject::reset): 1896 * runtime/JSObject.h: 1897 * runtime/ObjectPrototype.cpp: 1898 (JSC::ObjectPrototype::finishCreation): 1899 * runtime/StringPrototype.cpp: 1900 (JSC::StringPrototype::finishCreation): 1901 19022013-06-13 Ryosuke Niwa <rniwa@webkit.org> 1903 1904 Remove LiteralIdentifierTable 1905 https://bugs.webkit.org/show_bug.cgi?id=117613 1906 1907 Reviewed by Geoffrey Garen. 1908 1909 Removed LiteralIdentifierTable since it doesn't seem to have any perf. impact now. 1910 1911 * runtime/Identifier.cpp: 1912 (JSC::Identifier::add): 1913 19142013-06-12 Conrad Shultz <conrad_shultz@apple.com> 1915 1916 JSExport header documentation substitutes "semicolon" for "colon" 1917 https://bugs.webkit.org/show_bug.cgi?id=117552 1918 1919 Reviewed by Mark Hahnenberg. 1920 1921 * API/JSExport.h: 1922 Fix a couple typos. 1923 19242013-06-10 Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com> 1925 1926 [JSC] Remove a vestige of wxWidgets support. 1927 https://bugs.webkit.org/show_bug.cgi?id=117419 1928 1929 Reviewed by Benjamin Poulain. 1930 1931 * runtime/JSExportMacros.h: Remove a check for BUILDING_WX__ that 1932 seems to have gone unnoticed when the wxWidgets port was removed. 1933 19342013-06-06 Roger Fong <roger_fong@apple.com> 1935 1936 Stop copying AAS binaries into build folder. 1937 https://bugs.webkit.org/show_bug.cgi?id=117319. 1938 1939 Rubberstamped by Darin Adler. 1940 1941 * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd: 1942 * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd: 1943 * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd: 1944 * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: 1945 * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: 1946 * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: 1947 19482013-06-05 Filip Pizlo <fpizlo@apple.com> 1949 1950 DFG CFA shouldn't filter ArrayModes with ALL_NON_ARRAY_ARRAY_MODES if the speculated type is not SpecArray 1951 https://bugs.webkit.org/show_bug.cgi?id=117279 1952 <rdar://problem/14078025> 1953 1954 Reviewed by Mark Hahnenberg. 1955 1956 * dfg/DFGAbstractValue.h: 1957 (JSC::DFG::AbstractValue::filterArrayModesByType): 1958 19592013-06-05 Michael Saboff <msaboff@apple.com> 1960 1961 JSC: Crash beneath cti_op_div @ http://gmailblog.blogspot.com 1962 https://bugs.webkit.org/show_bug.cgi?id=117280 1963 1964 Reviewed by Filip Pizlo. 1965 1966 Updated the merging of VariableAccessData nodes in ArgumentPosition lists 1967 to find the unified VariableAccessData node that is the root of the 1968 current node instead of using the current node directly when merging 1969 attributes. 1970 Added new dump code to dump the ArgumentPosition list. 1971 1972 * dfg/DFGArgumentPosition.h: 1973 (JSC::DFG::rgumentPosition::mergeArgumentPredictionAwareness): 1974 (JSC::DFG::ArgumentPosition::mergeArgumentUnboxingAwareness): 1975 (JSC::DFG::ArgumentPosition::dump): 1976 * dfg/DFGGraph.cpp: 1977 (JSC::DFG::Graph::dump): 1978 19792013-06-05 Bear Travis <betravis@adobe.com> 1980 1981 [CSS Exclusions][CSS Shapes] Split CSS Exclusions & Shapes compile & runtime flags 1982 https://bugs.webkit.org/show_bug.cgi?id=117172 1983 1984 Reviewed by Alexandru Chiculita. 1985 1986 Adding the CSS_SHAPES compile flag. 1987 1988 * Configurations/FeatureDefines.xcconfig: 1989 19902013-06-05 Balazs Kilvady <kilvadyb@homejinni.com> 1991 1992 JSC Assertion tests failures on MIPS. 1993 https://bugs.webkit.org/show_bug.cgi?id=116552 1994 1995 Reviewed by Geoffrey Garen. 1996 1997 Fix condition handlig in branchAdd32 implemetations. 1998 1999 * assembler/MacroAssemblerMIPS.h: 2000 (JSC::MacroAssemblerMIPS::branchAdd32): 2001 20022013-06-04 Julien Brianceau <jbrianceau@nds.com> 2003 2004 [sh4] Add floating point absolute function support in baseline JIT. 2005 https://bugs.webkit.org/show_bug.cgi?id=117147 2006 2007 Reviewed by Geoffrey Garen. 2008 2009 * assembler/MacroAssemblerSH4.h: 2010 (JSC::MacroAssemblerSH4::supportsFloatingPointAbs): 2011 (JSC::MacroAssemblerSH4::absDouble): 2012 * assembler/SH4Assembler.h: 2013 (JSC::SH4Assembler::dabs): 2014 (JSC::SH4Assembler::printInstr): 2015 20162013-06-04 Zan Dobersek <zdobersek@igalia.com> 2017 2018 [JSC] Test262 15.5.4.9_3 test is failing 2019 https://bugs.webkit.org/show_bug.cgi?id=116789 2020 2021 Reviewed by Geoffrey Garen. 2022 2023 Bring the String.prototype.localeCompare behavior in line wit ES5 15.9.4.9. 2024 If method is not given enough arguments, the minimal amount of arguments must be assumed, with their value being undefined. 2025 The first argument to localeCompare, in its string form, is used as the 'that' string that's used in the comparison. 2026 Therefor, when calling str.localeCompare() or str.localeCompare(undefined), the first argument is `undefined` and the 2027 string "undefined" is used as the string to which value of str is compared. 2028 2029 * runtime/StringPrototype.cpp: 2030 (JSC::stringProtoFuncLocaleCompare): Remove the early return in case of no given arguments to achieve the desired behavior. 2031 20322013-06-03 Hojong Han <hojong.han@samsung.com> 2033 2034 [EFL] Implement GCActivityCallback 2035 https://bugs.webkit.org/show_bug.cgi?id=95923 2036 2037 Reviewed by Geoffrey Garen. 2038 2039 Implements the activity triggered garbage collector. 2040 Additional GCs can be triggered by platfrom timer. 2041 It has sort of compaction effect not to make JSC heap grow fast 2042 so that memory usage becomes lower than usual. 2043 2044 * PlatformEfl.cmake: Added. 2045 * heap/HeapTimer.cpp: 2046 (JSC): 2047 (JSC::HeapTimer::HeapTimer): 2048 (JSC::HeapTimer::~HeapTimer): 2049 (JSC::HeapTimer::add): 2050 (JSC::HeapTimer::stop): 2051 (JSC::HeapTimer::timerEvent): 2052 * heap/HeapTimer.h: 2053 (HeapTimer): 2054 * jsc.cpp: 2055 (main): 2056 * runtime/GCActivityCallback.cpp: 2057 (JSC): 2058 (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): 2059 (JSC::DefaultGCActivityCallback::scheduleTimer): 2060 (JSC::DefaultGCActivityCallback::cancelTimer): 2061 (JSC::DefaultGCActivityCallback::didAllocate): 2062 * runtime/GCActivityCallback.h: 2063 (GCActivityCallback): 2064 (JSC::GCActivityCallback::GCActivityCallback): 2065 (DefaultGCActivityCallback): 2066 20672013-06-03 Roger Fong <roger_fong@apple.com> 2068 2069 Nuke VS2005 files from the tree. 2070 <rdar://problem/14042021>. 2071 2072 Rubberstamped by Brent Fulgham. 2073 2074 * JavaScriptCore.vcproj: Removed. 2075 * JavaScriptCore.vcproj/JavaScriptCore: Removed. 2076 * JavaScriptCore.vcproj/JavaScriptCore.make: Removed. 2077 * JavaScriptCore.vcproj/JavaScriptCore.resources: Removed. 2078 * JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist: Removed. 2079 * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed. 2080 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed. 2081 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Removed. 2082 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Removed. 2083 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Removed. 2084 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Removed. 2085 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Removed. 2086 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Removed. 2087 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Removed. 2088 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed. 2089 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed. 2090 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed. 2091 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Removed. 2092 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Removed. 2093 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Removed. 2094 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Removed. 2095 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Removed. 2096 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Removed. 2097 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Removed. 2098 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePGOOptimize.vsprops: Removed. 2099 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: Removed. 2100 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: Removed. 2101 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreLink.cmd: Removed. 2102 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Removed. 2103 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Removed. 2104 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Removed. 2105 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Removed. 2106 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Removed. 2107 * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed. 2108 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed. 2109 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed. 2110 * JavaScriptCore.vcproj/LLIntAssembly: Removed. 2111 * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.make: Removed. 2112 * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Removed. 2113 * JavaScriptCore.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed. 2114 * JavaScriptCore.vcproj/LLIntDesiredOffsets: Removed. 2115 * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed. 2116 * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Removed. 2117 * JavaScriptCore.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed. 2118 * JavaScriptCore.vcproj/LLIntOffsetsExtractor: Removed. 2119 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Removed. 2120 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Removed. 2121 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Removed. 2122 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugAll.vsprops: Removed. 2123 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugCairoCFLite.vsprops: Removed. 2124 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.vsprops: Removed. 2125 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Removed. 2126 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleaseCairoCFLite.vsprops: Removed. 2127 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleasePGO.vsprops: Removed. 2128 * JavaScriptCore.vcproj/jsc: Removed. 2129 * JavaScriptCore.vcproj/jsc/jsc.vcproj: Removed. 2130 * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Removed. 2131 * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Removed. 2132 * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Removed. 2133 * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Removed. 2134 * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: Removed. 2135 * JavaScriptCore.vcproj/jsc/jscPreBuild.cmd: Removed. 2136 * JavaScriptCore.vcproj/jsc/jscPreLink.cmd: Removed. 2137 * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Removed. 2138 * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Removed. 2139 * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Removed. 2140 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Removed. 2141 * JavaScriptCore.vcproj/testRegExp: Removed. 2142 * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Removed. 2143 * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Removed. 2144 * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Removed. 2145 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Removed. 2146 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Removed. 2147 * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Removed. 2148 * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Removed. 2149 * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Removed. 2150 * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Removed. 2151 * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Removed. 2152 * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Removed. 2153 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Removed. 2154 * JavaScriptCore.vcproj/testapi: Removed. 2155 * JavaScriptCore.vcproj/testapi/testapi.vcproj: Removed. 2156 * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Removed. 2157 * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Removed. 2158 * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Removed. 2159 * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Removed. 2160 * JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd: Removed. 2161 * JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd: Removed. 2162 * JavaScriptCore.vcproj/testapi/testapiPreLink.cmd: Removed. 2163 * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Removed. 2164 * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Removed. 2165 * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Removed. 2166 21672013-05-31 Filip Pizlo <fpizlo@apple.com> 2168 2169 Incorrect assertion in DFG::Graph::uncheckedActivationRegisterFor() 2170 <rdar://problem/13989324> 2171 2172 Rubber stamped by Mark Hahnenberg. 2173 2174 This has a bogus assertion that checks that the passed CodeOrigin doesn't have 2175 an inline call frame. This was well intentioned in the sense that it is true 2176 that inlined call frames wouldn't have an activation register. But that doesn't 2177 mean that people won't ask. Removing the assertion fixes a debug-only crash and 2178 has no impact on production code. This change adds a comment to that effect. 2179 2180 * dfg/DFGGraph.h: 2181 (JSC::DFG::Graph::uncheckedActivationRegisterFor): 2182 21832013-05-31 Julien Brianceau <jbrianceau@nds.com> 2184 2185 [sh4] Fix Overflow case of branchMul32 in baseline JIT. 2186 https://bugs.webkit.org/show_bug.cgi?id=117057 2187 2188 Reviewed by Oliver Hunt. 2189 2190 Current implementation of Overflow case in branchMul32 performs an 2191 unsigned multiplication whereas a signed multiplication is expected. 2192 2193 * assembler/MacroAssemblerSH4.h: 2194 (JSC::MacroAssemblerSH4::branchMul32): 2195 21962013-05-31 Julien Brianceau <jbrianceau@nds.com> 2197 2198 [sh4] Fix floating point comparisons in baseline JIT. 2199 https://bugs.webkit.org/show_bug.cgi?id=117066. 2200 2201 Reviewed by Oliver Hunt. 2202 2203 Current implementation of branchDouble function in baseline JIT is wrong 2204 for some conditions and overkill for others. For instance: 2205 - With DoubleGreaterThanOrEqual condition, branch will be taken if either 2206 operand is NaN with current implementation whereras it should not. 2207 - With DoubleNotEqualOrUnordered condition, performed NaN checks are 2208 useless (because comparison result is false if either operand is NaN). 2209 2210 * assembler/MacroAssemblerSH4.h: 2211 (JSC::MacroAssemblerSH4::branchDouble): 2212 22132013-05-31 Julien Brianceau <jbrianceau@nds.com> 2214 2215 [sh4] Fix double floating point transfer in baseline JIT. 2216 https://bugs.webkit.org/show_bug.cgi?id=117054 2217 2218 Reviewed by Oliver Hunt. 2219 2220 In current implementation, dmovRegReg function transfers only one single 2221 FPRegister as PR=1 and SZ=0 in floating point status/control register. 2222 Double transfers must be performed with two fmov.s opcodes. 2223 2224 * assembler/MacroAssemblerSH4.h: 2225 (JSC::MacroAssemblerSH4::moveDouble): 2226 (JSC::MacroAssemblerSH4::addDouble): Handle (op2==dest) case properly. 2227 (JSC::MacroAssemblerSH4::sqrtDouble): 2228 * assembler/SH4Assembler.h: 2229 (JSC::SH4Assembler::fmovsRegReg): 2230 22312013-05-31 Julien Brianceau <jbrianceau@nds.com> 2232 2233 [sh4] Handle branchType properly in branchTruncateDoubleToInt32. 2234 https://bugs.webkit.org/show_bug.cgi?id=117062 2235 2236 Reviewed by Oliver Hunt. 2237 2238 Current implementation of branchTruncateDoubleToInt32 is incorrect 2239 when branchType == BranchIfTruncateSuccessful in sh4 baseline JIT. 2240 2241 * assembler/MacroAssemblerSH4.h: 2242 (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32): 2243 22442013-05-31 Brent Fulgham <bfulgham@apple.com> 2245 2246 [Windows] Unreviewed build fix for VS2005 builders. 2247 2248 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Add 2249 missing export for WTF::SHA1::computeHexDigest 2250 22512013-05-30 David Farler <dfarler@apple.com> 2252 2253 Fix jscore-test when not using --sdk option with jsDriver.pl 2254 https://bugs.webkit.org/show_bug.cgi?id=116339 2255 2256 Reviewed by Joe Pecoraro. 2257 2258 * tests/mozilla/jsDriver.pl: 2259 (execute_tests): 2260 With each test, the shell_command needs to be started from scratch. 2261 2262 This fix will clear the shell_command and start over as before with 2263 the opt_arch option when not using --sdk with jsDriver.pl. 2264 22652013-05-30 Roger Fong <roger_fong@apple.com> 2266 2267 Get rid of JavaScript exports file on AppleWin port. 2268 https://bugs.webkit.org/show_bug.cgi?id=117050. 2269 2270 Reviewed by Darin Adler. 2271 2272 Delete the JavaScriptCoreExportGenerator folder and remove dependencies. 2273 Start linking in WTF.lib now that it's a shared library. 2274 2275 * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: 2276 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: 2277 * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: 2278 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Removed. 2279 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Removed. 2280 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Removed. 2281 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Removed. 2282 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Removed. 2283 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Removed. 2284 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Removed. 2285 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Removed. 2286 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: Removed. 2287 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Removed. 2288 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Removed. 2289 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/make-export-file-generator: Removed. 2290 * JavaScriptCore.vcxproj/jsc/jscCommon.props: 2291 * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: 2292 * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: 2293 * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: 2294 * JavaScriptCore.vcxproj/testapi/testapiCommon.props: 2295 22962013-05-22 David Farler <dfarler@apple.com> 2297 2298 Add --sdk option to jsDriver.pl to run with iOS Simulator 2299 https://bugs.webkit.org/show_bug.cgi?id=116339 2300 2301 Reviewed by David Kilzer. 2302 2303 * tests/mozilla/jsDriver.pl: 2304 (execute_tests): 2305 Prefix shell command with the path to the "sim" tool. 2306 (parse_args): 2307 Add -d / --sdk option. 2308 (usage): 2309 Help message for -d / --sdk option. 2310 23112013-05-30 Julien Brianceau <jbrianceau@nds.com> 2312 2313 [sh4] Optimize NaN checks in LLINT for floating point comparisons. 2314 https://bugs.webkit.org/show_bug.cgi?id=117049 2315 2316 Reviewed by Oliver Hunt. 2317 2318 Use the fcmp/eq opcode in sh4 LLINT to test if a double is NaN. 2319 This is more efficient, doesn't require two tmp registers and requires 2320 less code than current implementation (which converts double to float, 2321 then checks 'E = Emax + 1' and 'f != 0'). 2322 2323 * offlineasm/sh4.rb: 2324 23252013-05-30 Oliver Hunt <oliver@apple.com> 2326 2327 JSCallbackObject does not correctly initialise the PropertySlot for getOwnPropertyDescriptor 2328 https://bugs.webkit.org/show_bug.cgi?id=117053 2329 2330 Reviewed by Mark Hahnenberg. 2331 2332 Set appropriate thisValue on the PropertySlot 2333 2334 * API/JSCallbackObjectFunctions.h: 2335 (JSC::::getOwnPropertyDescriptor): 2336 * API/tests/testapi.mm: 2337 23382013-05-29 Jeffrey Pfau <jpfau@apple.com> 2339 2340 [Mac] Enable cache partitioning and the public suffix list on 10.8 2341 <rdar://problem/13679019> 2342 2343 Rubber-stamped by David Kilzer. 2344 2345 * Configurations/FeatureDefines.xcconfig: 2346 23472013-05-28 Brent Fulgham <bfulgham@apple.com> 2348 2349 [Windows] Put correct byteCompile symbol in file. Previous version 2350 had an extra 'i' appended to the end. 2351 2352 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: 2353 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2354 23552013-05-28 Brent Fulgham <bfulgham@apple.com> 2356 2357 [Windows] Unreviewed build fix. Remove ?byteCompile symbol that 2358 is no longer accessible during link. 2359 2360 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: 2361 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2362 23632013-05-28 Gavin Barraclough <barraclough@apple.com> 2364 2365 String(new Date(2010,10,1)) is wrong in KRAT, YAKT 2366 https://bugs.webkit.org/show_bug.cgi?id=106750 2367 2368 Reviewed by Darin Adler. 2369 2370 * runtime/JSDateMath.cpp: 2371 (JSC::msToGregorianDateTime): 2372 - Additional review comment fix. 2373 23742013-05-28 Brent Fulgham <bfulgham@apple.com> 2375 2376 [Windows] Unreviewed build fix after r150833 2377 2378 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: 2379 A CR/LF combination was lost in the file, combining two symbols. 2380 23812013-05-27 Gavin Barraclough <barraclough@apple.com> 2382 2383 String(new Date(2010,10,1)) is wrong in KRAT, YAKT 2384 https://bugs.webkit.org/show_bug.cgi?id=106750 2385 2386 Reviewed by Darin Adler. 2387 2388 First part of a fix, simplfy date handling code, instead of operating separately 2389 on the UTC-standard and standard-DST offsets, just generate a combined UTC-local 2390 offset (this is what we actually need, and what the OS gives us). 2391 2392 * runtime/JSDateMath.cpp: 2393 (JSC::getLocalTimeOffset): 2394 - removed getUTCOffset, converted getDSTOffset -> getLocalTimeOffset 2395 (JSC::gregorianDateTimeToMS): 2396 (JSC::msToGregorianDateTime): 2397 (JSC::parseDateFromNullTerminatedCharacters): 2398 - call getLocalTimeOffset instead of getUTCOffset/getDSTOffset 2399 * runtime/VM.cpp: 2400 (JSC::VM::resetDateCache): 2401 - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache 2402 * runtime/VM.h: 2403 (JSC::LocalTimeOffsetCache::LocalTimeOffsetCache): 2404 (JSC::LocalTimeOffsetCache::reset): 2405 (LocalTimeOffsetCache): 2406 - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache 2407 24082013-05-28 Mark Hahnenberg <mhahnenberg@apple.com> 2409 2410 r150199 is very wrong 2411 https://bugs.webkit.org/show_bug.cgi?id=116876 2412 2413 JSValue needs to protect its internal JSValueRef. 2414 2415 Reviewed by Darin Adler. 2416 2417 * API/JSValue.mm: 2418 (-[JSValue initWithValue:inContext:]): 2419 (-[JSValue dealloc]): 2420 * API/tests/testapi.mm: Added a simple test to make sure that we protect the 2421 underlying JavaScript value across garbage collections. 2422 24232013-05-27 Patrick Gansterer <paroga@webkit.org> 2424 2425 Use ICU_INCLUDE_DIRS in BlackBerry CMake files 2426 https://bugs.webkit.org/show_bug.cgi?id=116210 2427 2428 Reviewed by Rob Buis. 2429 2430 Set and use the ICU_INCLUDE_DIRS variable to avoid 2431 duplicated adding of the ICU include directory. 2432 2433 * PlatformBlackBerry.cmake: 2434 24352013-05-27 Gabor Rapcsanyi <rgabor@webkit.org> 2436 2437 MacroAssemblerARM should use xor to swap registers instead of move 2438 https://bugs.webkit.org/show_bug.cgi?id=116306 2439 2440 Reviewed by Zoltan Herczeg. 2441 2442 Change register swapping to xor from move and this way we don't need 2443 temporary register anymore. 2444 2445 * assembler/MacroAssemblerARM.h: 2446 (JSC::MacroAssemblerARM::swap): 2447 24482013-05-25 Filip Pizlo <fpizlo@apple.com> 2449 2450 We broke (-2^31/-1)|0 in the DFG 2451 https://bugs.webkit.org/show_bug.cgi?id=116767 2452 2453 Reviewed by Andreas Kling. 2454 2455 The bug is that we were assuming that in the -2^31 case, we already had -2^31 2456 in the result register. This was a wrong assumption. 2457 2458 * dfg/DFGSpeculativeJIT.cpp: 2459 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): 2460 24612013-05-24 Filip Pizlo <fpizlo@apple.com> 2462 2463 We broke !(0/0) 2464 https://bugs.webkit.org/show_bug.cgi?id=116736 2465 2466 Reviewed by Gavin Barraclough. 2467 2468 * parser/ASTBuilder.h: 2469 (JSC::ASTBuilder::createLogicalNot): 2470 * runtime/JSCJSValueInlines.h: 2471 (JSC::JSValue::pureToBoolean): 2472 24732013-05-24 Julien Brianceau <jbrianceau@nds.com> 2474 2475 [sh4] Optimize LLINT generated code and fix few bugs in baseline JIT. 2476 https://bugs.webkit.org/show_bug.cgi?id=116716 2477 2478 Reviewed by Geoffrey Garen. 2479 2480 * assembler/MacroAssemblerSH4.h: 2481 (JSC::MacroAssemblerSH4::mul32): Cosmetic changes. 2482 (JSC::MacroAssemblerSH4::convertInt32ToDouble): Absolute address was not dereferenced. 2483 (JSC::MacroAssemblerSH4::branch32): Absolute address was not dereferenced. 2484 (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): Use all 32 bits of pointer for revertJump call. 2485 * assembler/SH4Assembler.h: 2486 (JSC::SH4Assembler::revertJump): Use changePCrelativeAddress to patch the whole pointer. 2487 (JSC::SH4Assembler::linkJump): Cosmetic change. 2488 * offlineasm/sh4.rb: Optimize LLINT generated code. 2489 24902013-05-23 Peter Wang <peter.wang@torchmobile.com.cn> 2491 2492 CLoop llint backend should not use the d8 register as scratch register 2493 https://bugs.webkit.org/show_bug.cgi?id=116019 2494 2495 Reviewed by Csaba Osztrogonác. 2496 2497 * offlineasm/cloop.rb: 2498 24992013-05-22 Peter Wang <peter.wang@torchmobile.com.cn> 2500 2501 Use uninitialized register in "JIT::emit_op_neq_null" and "emit_op_eq_null" 2502 https://bugs.webkit.org/show_bug.cgi?id=116593 2503 2504 Reviewed by Filip Pizlo. 2505 2506 Generated instructions using uninitialized register. It's caused by a mistake of r126494. 2507 2508 * jit/JITOpcodes32_64.cpp: 2509 (JSC::JIT::emit_op_eq_null): 2510 (JSC::JIT::emit_op_neq_null): 2511 25122013-05-22 Filip Pizlo <fpizlo@apple.com> 2513 2514 Fix indentation of CodeBlock.h 2515 2516 Rubber stampted by Mark Hahnenberg. 2517 2518 * bytecode/CodeBlock.h: 2519 25202013-05-22 Julien Brianceau <jbrianceau@nds.com> 2521 2522 [sh4] Remove MacroAssemblerSH4.cpp file. 2523 https://bugs.webkit.org/show_bug.cgi?id=116596. 2524 2525 Reviewed by Geoffrey Garen. 2526 2527 Move linkCall and repatchCall implementations from MacroAssemblerSH4.cpp 2528 to MacroAssemblerSH4.h and remove MacroAssemblerSH4.cpp, as it is done 2529 for other architectures. 2530 2531 * GNUmakefile.list.am: 2532 * JavaScriptCore.xcodeproj/project.pbxproj: 2533 * Target.pri: 2534 * assembler/MacroAssemblerSH4.cpp: Removed. 2535 * assembler/MacroAssemblerSH4.h: 2536 (JSC::MacroAssemblerSH4::linkCall): 2537 (MacroAssemblerSH4): 2538 (JSC::MacroAssemblerSH4::repatchCall): 2539 25402013-05-21 Brent Fulgham <bfulgham@apple.com> 2541 2542 [Windows] Unreviewed speculative fix for test-bots. 2543 2544 Add export declaration for WTFInvokeCrashHook to avoid runtime 2545 load error on test bots. 2546 2547 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: 2548 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2549 25502013-05-21 Mark Lam <mark.lam@apple.com> 2551 2552 Added missing assert condition for PositiveOrZero in ARM branch32(). 2553 https://bugs.webkit.org/show_bug.cgi?id=116538. 2554 2555 Reviewed by Geoffrey Garen. 2556 2557 * assembler/MacroAssemblerARM.h: 2558 (JSC::MacroAssemblerARM::branchAdd32): 2559 25602013-05-20 Mark Hahnenberg <mhahnenberg@apple.com> 2561 2562 Disable SuperRegion 2563 https://bugs.webkit.org/show_bug.cgi?id=116362 2564 2565 Rubber stamped by Geoff Garen. 2566 2567 * heap/Region.h: 2568 25692013-05-20 Oliver Hunt <oliver@apple.com> 2570 2571 Make C API more robust against null contexts 2572 https://bugs.webkit.org/show_bug.cgi?id=116462 2573 2574 Reviewed by Anders Carlsson. 2575 2576 Handle null contexts in a non-crashy way. It's a bug to ever call the 2577 API with a null context, and the absence of a context means we can't 2578 produce a meaningful result, so we still assert in debug builds. 2579 2580 Now where possible we detect and early return, returning null for any 2581 pointer type, NaN for doubles, and false for any boolean result. 2582 2583 * API/JSBase.cpp: 2584 (JSEvaluateScript): 2585 (JSCheckScriptSyntax): 2586 (JSReportExtraMemoryCost): 2587 * API/JSContextRef.cpp: 2588 (JSContextGetGlobalObject): 2589 (JSContextGetGroup): 2590 (JSContextGetGlobalContext): 2591 (JSContextCreateBacktrace): 2592 * API/JSObjectRef.cpp: 2593 (JSObjectMake): 2594 (JSObjectMakeFunctionWithCallback): 2595 (JSObjectMakeConstructor): 2596 (JSObjectMakeFunction): 2597 (JSObjectMakeArray): 2598 (JSObjectMakeDate): 2599 (JSObjectMakeError): 2600 (JSObjectMakeRegExp): 2601 (JSObjectGetPrototype): 2602 (JSObjectSetPrototype): 2603 (JSObjectHasProperty): 2604 (JSObjectGetProperty): 2605 (JSObjectSetProperty): 2606 (JSObjectGetPropertyAtIndex): 2607 (JSObjectSetPropertyAtIndex): 2608 (JSObjectDeleteProperty): 2609 (JSObjectCopyPropertyNames): 2610 * API/JSValueRef.cpp: 2611 (JSValueGetType): 2612 (JSValueIsUndefined): 2613 (JSValueIsNull): 2614 (JSValueIsBoolean): 2615 (JSValueIsNumber): 2616 (JSValueIsString): 2617 (JSValueIsObject): 2618 (JSValueIsObjectOfClass): 2619 (JSValueIsEqual): 2620 (JSValueIsStrictEqual): 2621 (JSValueIsInstanceOfConstructor): 2622 (JSValueMakeUndefined): 2623 (JSValueMakeNull): 2624 (JSValueMakeBoolean): 2625 (JSValueMakeNumber): 2626 (JSValueMakeString): 2627 (JSValueMakeFromJSONString): 2628 (JSValueCreateJSONString): 2629 (JSValueToBoolean): 2630 (JSValueToNumber): 2631 (JSValueToStringCopy): 2632 (JSValueToObject): 2633 (JSValueProtect): 2634 * API/JSWeakObjectMapRefPrivate.cpp: 2635 26362013-05-20 David Kilzer <ddkilzer@apple.com> 2637 2638 Synchronize FeatureDefines.xcconfig 2639 2640 * Configurations/FeatureDefines.xcconfig: Remove 2641 ENABLE_LINK_PRERENDER. This was missed in r150356. 2642 26432013-05-19 Anders Carlsson <andersca@apple.com> 2644 2645 Remove link prerendering code 2646 https://bugs.webkit.org/show_bug.cgi?id=116415 2647 2648 Reviewed by Darin Adler. 2649 2650 This code was only used by Chromium and is dead now. 2651 2652 * Configurations/FeatureDefines.xcconfig: 2653 26542013-05-18 Patrick Gansterer <paroga@webkit.org> 2655 2656 [CMake] Replace *_LIBRARY_NAME with *_OUTPUT_NAME 2657 https://bugs.webkit.org/show_bug.cgi?id=114554 2658 2659 Reviewed by Gyuyoung Kim. 2660 2661 Using variables as target names is very uncommon in CMake. 2662 The usual way to specify the name of the resulting binary 2663 is to set the OUTPUT_NAME target property. 2664 2665 * CMakeLists.txt: 2666 * shell/CMakeLists.txt: 2667 26682013-05-17 Patrick Gansterer <paroga@webkit.org> 2669 2670 [CMake] Remove invalid include paths 2671 https://bugs.webkit.org/show_bug.cgi?id=116213 2672 2673 Reviewed by Gyuyoung Kim. 2674 2675 Since "${JAVASCRIPTCORE_DIR}/wtf" does not exist, it is safe 2676 to remove them from the list of include directories. 2677 2678 * PlatformEfl.cmake: Removed. 2679 * PlatformGTK.cmake: Removed. 2680 26812013-05-16 Patrick Gansterer <paroga@webkit.org> 2682 2683 Consolidate lists in JavaScriptCore CMake files 2684 https://bugs.webkit.org/show_bug.cgi?id=115992 2685 2686 Reviewed by Gyuyoung Kim. 2687 2688 Move common files into the CMakeLists.txt to avoid duplicating the list of files. 2689 Also rebase the recently added GTK files to match the other CMake ports, since 2690 the submitted patch was based on an older version of the source tree. 2691 2692 * CMakeLists.txt: 2693 * PlatformEfl.cmake: 2694 * PlatformGTK.cmake: 2695 * shell/CMakeLists.txt: 2696 * shell/PlatformEfl.cmake: 2697 * shell/PlatformGTK.cmake: 2698 26992013-05-16 Geoffrey Garen <ggaren@apple.com> 2700 2701 JSValue shouldn't protect/unprotect its context 2702 https://bugs.webkit.org/show_bug.cgi?id=116234 2703 2704 Reviewed by Mark Hahnenberg. 2705 2706 Our retain on _context is sufficient. 2707 2708 * API/JSValue.mm: 2709 (-[JSValue initWithValue:inContext:]): 2710 (-[JSValue dealloc]): 2711 27122013-05-15 Ryosuke Niwa <rniwa@webkit.org> 2713 2714 Another Windows build fix attempt after r150160. 2715 2716 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: 2717 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2718 27192013-05-15 Oliver Hunt <oliver@apple.com> 2720 2721 RefCountedArray needs to use vector initialisers for its backing store 2722 https://bugs.webkit.org/show_bug.cgi?id=116194 2723 2724 Reviewed by Gavin Barraclough. 2725 2726 Use an out of line function to clear the exception stack to avoid 2727 needing to include otherwise unnecessary headers all over the place. 2728 2729 Everything else is just being updated to use that. 2730 2731 * bytecompiler/BytecodeGenerator.cpp: 2732 * interpreter/CallFrame.h: 2733 (JSC::ExecState::clearSupplementaryExceptionInfo): 2734 * interpreter/Interpreter.cpp: 2735 (JSC::Interpreter::addStackTraceIfNecessary): 2736 (JSC::Interpreter::throwException): 2737 * runtime/JSGlobalObject.cpp: 2738 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): 2739 * runtime/VM.cpp: 2740 (JSC): 2741 (JSC::VM::clearExceptionStack): 2742 * runtime/VM.h: 2743 (VM): 2744 (JSC::VM::exceptionStack): 2745 27462013-05-15 Commit Queue <commit-queue@webkit.org> 2747 2748 Unreviewed, rolling out r150051. 2749 http://trac.webkit.org/changeset/150051 2750 https://bugs.webkit.org/show_bug.cgi?id=116186 2751 2752 Broke all JSC tests on Mac and the author is unresponsive 2753 (Requested by rniwa on #webkit). 2754 2755 * JavaScriptCore.xcodeproj/project.pbxproj: 2756 27572013-05-15 Julien Brianceau <jbrianceau@nds.com> 2758 2759 Remove savedTimeoutReg from JITStackFrame for sh4 base JIT. 2760 https://bugs.webkit.org/show_bug.cgi?id=116143 2761 2762 Reviewed by Geoffrey Garen. 2763 2764 Since r148119, timeoutCheckRegister is removed from baseline JIT. 2765 So we don't need to save r8 register in JITStackFrame anymore for sh4. 2766 2767 * jit/JITStubs.cpp: 2768 * jit/JITStubs.h: 2769 (JITStackFrame): 2770 27712013-05-15 Nico Weber <thakis@chromium.org> 2772 2773 WebKit doesn't support MSVS2003 any more, remove preprocessor checks for older versions. 2774 https://bugs.webkit.org/show_bug.cgi?id=116157 2775 2776 Reviewed by Anders Carlsson. 2777 2778 Also remove a gcc3.2 workaround. 2779 2780 Merges parts of these two commits by the talented Nico Weber: 2781 https://chromium.googlesource.com/chromium/blink/+/3677e2f47348daeff405a40b6f90fbdf0654c2f5 2782 https://chromium.googlesource.com/chromium/blink/+/0fcd96c448dc30be1416dcc15713c53710c1a312 2783 2784 * os-win32/inttypes.h: 2785 27862013-05-13 Alvaro Lopez Ortega <alvaro@alobbs.com> 2787 2788 Nightly build's jsc doesn't work without DYLD_FRAMEWORK... 2789 https://bugs.webkit.org/show_bug.cgi?id=79065 2790 2791 Reviewed by Darin Adler. 2792 2793 Fixes the build process so the depencencies of the jsc binary are 2794 modified before its copied to its target directory. In this way 2795 jsc should always use relative reference to the JavaScriptCore 2796 libraries. 2797 2798 * JavaScriptCore.xcodeproj/project.pbxproj: Fixes the commands in 2799 the "Copy Into Framework" target. 2800 28012013-05-13 Mark Hahnenberg <mhahnenberg@apple.com> 2802 2803 Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers 2804 https://bugs.webkit.org/show_bug.cgi?id=116074 2805 2806 If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the 2807 scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the 2808 JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM. 2809 If this happens on a GC thread other than the "main" thread, we will deadlock. The solution 2810 is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early. 2811 2812 Reviewed by Darin Adler. 2813 2814 * API/JSVirtualMachine.mm: 2815 (scanExternalObjectGraph): 2816 28172013-05-13 Benjamin Poulain <benjamin@webkit.org> 2818 2819 Improve stringProtoFuncLastIndexOf for the prefix case 2820 https://bugs.webkit.org/show_bug.cgi?id=115952 2821 2822 Reviewed by Geoffrey Garen. 2823 2824 * runtime/StringPrototype.cpp: 2825 (JSC::stringProtoFuncLastIndexOf): 2826 Use the optimized string search when possible. 2827 2828 On Joseph Pecoraro's tests, this gives a ~30% speed improvement. 2829 28302013-05-13 Zalan Bujtas <zalan@apple.com> 2831 2832 WebProcess consuming very high CPU on linkedin.com 2833 https://bugs.webkit.org/show_bug.cgi?id=115601 2834 2835 Reviewed by Andreas Kling. 2836 2837 Disable WEB_TIMING_MINIMAL. 2838 Turn off window.performance and performance.now(). Some JS frameworks expect 2839 additional Web Timing APIs, when performance.now() is available. 2840 2841 * Configurations/FeatureDefines.xcconfig: 2842 28432013-05-12 Anders Carlsson <andersca@apple.com> 2844 2845 Stop including UnusedParam.h 2846 https://bugs.webkit.org/show_bug.cgi?id=116003 2847 2848 Reviewed by Sam Weinig. 2849 2850 UnusedParam.h is empty now so there's no need to include it anymore. 2851 2852 * API/APICast.h: 2853 * API/tests/JSNode.c: 2854 * API/tests/JSNodeList.c: 2855 * API/tests/minidom.c: 2856 * API/tests/testapi.c: 2857 * assembler/AbstractMacroAssembler.h: 2858 * assembler/MacroAssemblerCodeRef.h: 2859 * bytecode/CodeBlock.cpp: 2860 * heap/HandleStack.h: 2861 * interpreter/JSStackInlines.h: 2862 * jit/CompactJITCodeMap.h: 2863 * jit/ExecutableAllocator.h: 2864 * parser/SourceProvider.h: 2865 * runtime/DatePrototype.cpp: 2866 * runtime/JSNotAnObject.cpp: 2867 * runtime/JSSegmentedVariableObject.h: 2868 * runtime/JSVariableObject.h: 2869 * runtime/Options.cpp: 2870 * runtime/PropertyOffset.h: 2871 28722013-05-11 Martin Robinson <mrobinson@igalia.com> 2873 2874 [GTK] Add a basic cmake build for WTF and JavaScriptCore 2875 https://bugs.webkit.org/show_bug.cgi?id=115967 2876 2877 Reviewed by Laszlo Gombos. 2878 2879 * PlatformGTK.cmake: Added. 2880 * shell/PlatformGTK.cmake: Added. 2881 28822013-05-10 Laszlo Gombos <l.gombos@samsung.com> 2883 2884 Remove USE(OS_RANDOMNESS) 2885 https://bugs.webkit.org/show_bug.cgi?id=108095 2886 2887 Reviewed by Darin Adler. 2888 2889 Remove the USE(OS_RANDOMNESS) guard as it is turned on for all 2890 ports. 2891 2892 * jit/JIT.cpp: 2893 (JSC::JIT::JIT): 2894 28952013-05-10 Mark Hahnenberg <mhahnenberg@apple.com> 2896 2897 Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase 2898 https://bugs.webkit.org/show_bug.cgi?id=115938 2899 2900 We're going to add some more types of check hoisting soon, so let's have the right name here. 2901 2902 Rubber stamped by Filip Pizlo. 2903 2904 * CMakeLists.txt: 2905 * GNUmakefile.list.am: 2906 * JavaScriptCore.xcodeproj/project.pbxproj: 2907 * Target.pri: 2908 * dfg/DFGDriver.cpp: 2909 (JSC::DFG::compile): 2910 * dfg/DFGStructureCheckHoistingPhase.cpp: Removed. 2911 * dfg/DFGStructureCheckHoistingPhase.h: Removed. 2912 * dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp. 2913 (JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase): 2914 (JSC::DFG::performTypeCheckHoisting): 2915 * dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h. 2916 29172013-05-09 Christophe Dumez <ch.dumez@sisa.samsung.com> 2918 2919 Unreviewed build fix after r149836. 2920 2921 It broke at least EFL and GTK builds. Move new static members initialization 2922 outside the class. Those need to have a definition outside the class because 2923 their address is used (e.g. CodeCacheMap::nonGlobalWorkingSetMaxEntries). 2924 2925 * runtime/CodeCache.cpp: 2926 (JSC): 2927 * runtime/CodeCache.h: 2928 (CodeCacheMap): 2929 29302013-05-08 Oliver Hunt <oliver@apple.com> 2931 2932 Code cache stores bogus var references for functions in eval code 2933 https://bugs.webkit.org/show_bug.cgi?id=115747 2934 2935 Reviewed by Mark Hahnenberg. 2936 2937 Non-global eval now uses a per-CodeBlock cache, and only use it 2938 when we're at the top of a function's scope. This means that we 2939 will no longer cache the parsing of a single string across 2940 multiple functions, and we won't cache when we're nested inside 2941 constructs like |with| and |catch| where previously we would, which 2942 is good because caching in those cases is unsound. 2943 2944 * bytecode/EvalCodeCache.h: 2945 (JSC): 2946 (JSC::EvalCodeCache::getSlow): 2947 (JSC::EvalCodeCache::get): 2948 * bytecode/UnlinkedCodeBlock.h: 2949 (JSC::UnlinkedCodeBlock::codeCacheForEval): 2950 (UnlinkedCodeBlock): 2951 (RareData): 2952 * debugger/Debugger.cpp: 2953 (JSC::evaluateInGlobalCallFrame): 2954 * debugger/DebuggerCallFrame.cpp: 2955 (JSC::DebuggerCallFrame::evaluate): 2956 * interpreter/Interpreter.cpp: 2957 (JSC::eval): 2958 * runtime/CodeCache.cpp: 2959 (JSC::CodeCache::CodeCache): 2960 (JSC::CodeCache::generateBytecode): 2961 (JSC): 2962 (JSC::CodeCache::getCodeBlock): 2963 * runtime/CodeCache.h: 2964 (JSC::CodeCacheMap::CodeCacheMap): 2965 (CodeCacheMap): 2966 (JSC::CodeCacheMap::canPruneQuickly): 2967 (JSC::CodeCacheMap::prune): 2968 (JSC::CodeCache::create): 2969 (CodeCache): 2970 * runtime/Executable.cpp: 2971 (JSC::EvalExecutable::EvalExecutable): 2972 (JSC::EvalExecutable::compileInternal): 2973 * runtime/Executable.h: 2974 (JSC::EvalExecutable::create): 2975 (EvalExecutable): 2976 * runtime/JSGlobalObject.cpp: 2977 (JSC::JSGlobalObject::createEvalCodeBlock): 2978 * runtime/JSGlobalObject.h: 2979 (JSGlobalObject): 2980 * runtime/JSGlobalObjectFunctions.cpp: 2981 (JSC::globalFuncEval): 2982 * runtime/VM.cpp: 2983 (JSC::VM::VM): 2984 * runtime/VM.h: 2985 (VM): 2986 29872013-05-08 Mark Hahnenberg <mhahnenberg@apple.com> 2988 2989 DFGArrayMode::fromObserved is too liberal when it sees different Array and NonArray shapes 2990 https://bugs.webkit.org/show_bug.cgi?id=115805 2991 2992 Reviewed by Geoffrey Garen. 2993 2994 It checks the observed ArrayModes to see if we have seen any ArrayWith* first. If so, it assumes it's 2995 an Array::Array, even if we've also observed any NonArrayWith* in the ArrayProfile. This leads to the 2996 code generated by jumpSlowForUnwantedArrayMode to check the indexing type against (shape | IsArray) 2997 instead of just shape, which can cause us to exit a lot in the case that we saw a NonArray. 2998 2999 To fix this we need to add a case that checks for both ArrayWith* and NonArrayWith* cases first, which 3000 should then use Array::PossiblyArray, then do the checks we were already doing. 3001 3002 * bytecode/ArrayProfile.h: 3003 (JSC::hasSeenArray): 3004 (JSC::hasSeenNonArray): 3005 * dfg/DFGArrayMode.cpp: 3006 (JSC::DFG::ArrayMode::fromObserved): 3007 30082013-05-09 Joe Mason <jmason@blackberry.com> 3009 3010 [BlackBerry] Set up logging buffer on start of jsc executable 3011 https://bugs.webkit.org/show_bug.cgi?id=114688 3012 3013 Reviewed by Rob Buis. 3014 3015 Internal PR: 322715 3016 Internally Reviewed By: Jeff Rogers 3017 3018 * jsc.cpp: 3019 (main): call BB::Platform::setupApplicationLogging 3020 30212013-05-08 Michael Saboff <msaboff@apple.com> 3022 3023 JSC: There should be a disassembler for ARM Thumb 2 3024 https://bugs.webkit.org/show_bug.cgi?id=115827 3025 3026 Reviewed by Filip Pizlo. 3027 3028 Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging 3029 and profiling code. The opcode coverage is currently not complete. It covers all 3030 of the integer instructions JSC currently emits, but only a limited number of 3031 floating point opcodes. Currently that is just the 64 bit vmov and vmsr instructions. 3032 3033 The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes 3034 for each instruction group. There is a public format method that does the bulk of 3035 the disassembly work. There are two broad sub-classes, ARMv7D16BitOpcode and 3036 ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes. There are sub-classes under 3037 those two classes for individual and related groups of opcodes. Instructions are 3038 "dispatched" to the right subclass via two arrays of linked lists in the inner classes 3039 OpcodeGroup. There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode. 3040 Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine 3041 that it matches a particular group. OpcodeGroup uses a static method to reinterpret_cast 3042 the Opcode object to the right base class for the instruction group for formatting. 3043 The cast eliminates the need of allocating an object for each decoded instruction. 3044 Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether 3045 the instruction is 16 or 32 bit. 3046 3047 * JavaScriptCore.xcodeproj/project.pbxproj: 3048 * disassembler/ARMv7: Added. 3049 * disassembler/ARMv7/ARMv7DOpcode.cpp: Added. 3050 (ARMv7Disassembler): 3051 (OpcodeGroupInitializer): 3052 (JSC::ARMv7Disassembler::ARMv7DOpcode::init): 3053 (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock): 3054 (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt): 3055 (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode): 3056 (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble): 3057 (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf): 3058 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName): 3059 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName): 3060 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList): 3061 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName): 3062 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init): 3063 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble): 3064 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat): 3065 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format): 3066 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format): 3067 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format): 3068 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format): 3069 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format): 3070 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format): 3071 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format): 3072 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format): 3073 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format): 3074 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format): 3075 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format): 3076 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format): 3077 (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format): 3078 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format): 3079 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format): 3080 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format): 3081 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format): 3082 (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format): 3083 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format): 3084 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format): 3085 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format): 3086 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format): 3087 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format): 3088 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format): 3089 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format): 3090 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format): 3091 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format): 3092 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init): 3093 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble): 3094 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat): 3095 (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format): 3096 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format): 3097 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate): 3098 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format): 3099 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift): 3100 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format): 3101 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format): 3102 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister): 3103 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format): 3104 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format): 3105 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format): 3106 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format): 3107 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format): 3108 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format): 3109 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format): 3110 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format): 3111 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format): 3112 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format): 3113 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format): 3114 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format): 3115 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format): 3116 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format): 3117 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format): 3118 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format): 3119 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format): 3120 * disassembler/ARMv7/ARMv7DOpcode.h: Added. 3121 (ARMv7Disassembler): 3122 (ARMv7DOpcode): 3123 (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode): 3124 (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction): 3125 (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction): 3126 (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName): 3127 (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName): 3128 (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock): 3129 (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock): 3130 (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock): 3131 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock): 3132 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator): 3133 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter): 3134 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString): 3135 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType): 3136 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate): 3137 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate): 3138 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset): 3139 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount): 3140 (ARMv7D16BitOpcode): 3141 (OpcodeGroup): 3142 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup): 3143 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext): 3144 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next): 3145 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches): 3146 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format): 3147 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm): 3148 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd): 3149 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber): 3150 (ARMv7DOpcodeAddRegisterT2): 3151 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn): 3152 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm): 3153 (ARMv7DOpcodeAddSPPlusImmediate): 3154 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd): 3155 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8): 3156 (ARMv7DOpcodeAddSubtract): 3157 (ARMv7DOpcodeAddSubtractT1): 3158 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName): 3159 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op): 3160 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm): 3161 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn): 3162 (ARMv7DOpcodeAddSubtractImmediate3): 3163 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName): 3164 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op): 3165 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3): 3166 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn): 3167 (ARMv7DOpcodeAddSubtractImmediate8): 3168 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName): 3169 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op): 3170 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn): 3171 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8): 3172 (ARMv7DOpcodeBranchConditionalT1): 3173 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition): 3174 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset): 3175 (ARMv7DOpcodeBranchExchangeT1): 3176 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName): 3177 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm): 3178 (ARMv7DOpcodeBranchT2): 3179 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11): 3180 (ARMv7DOpcodeCompareImmediateT1): 3181 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn): 3182 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8): 3183 (ARMv7DOpcodeCompareRegisterT1): 3184 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn): 3185 (ARMv7DOpcodeCompareRegisterT2): 3186 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn): 3187 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm): 3188 (ARMv7DOpcodeDataProcessingRegisterT1): 3189 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName): 3190 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op): 3191 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm): 3192 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn): 3193 (ARMv7DOpcodeGeneratePCRelativeAddress): 3194 (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd): 3195 (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8): 3196 (ARMv7DOpcodeLoadFromLiteralPool): 3197 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt): 3198 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8): 3199 (ARMv7DOpcodeLoadStoreRegisterImmediate): 3200 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName): 3201 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op): 3202 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5): 3203 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn): 3204 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt): 3205 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale): 3206 (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte): 3207 (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord): 3208 (ARMv7DOpcodeLoadStoreRegisterOffsetT1): 3209 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName): 3210 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB): 3211 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm): 3212 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn): 3213 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt): 3214 (ARMv7DOpcodeLoadStoreRegisterSPRelative): 3215 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName): 3216 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op): 3217 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt): 3218 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8): 3219 (ARMv7DOpcodeLogicalImmediateT1): 3220 (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName): 3221 (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op): 3222 (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5): 3223 (ARMv7DOpcodeMiscAddSubSP): 3224 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName): 3225 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op): 3226 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7): 3227 (ARMv7DOpcodeMiscByteHalfwordOps): 3228 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName): 3229 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op): 3230 (ARMv7DOpcodeMiscBreakpointT1): 3231 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8): 3232 (ARMv7DOpcodeMiscCompareAndBranch): 3233 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName): 3234 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op): 3235 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6): 3236 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn): 3237 (ARMv7DOpcodeMiscHint16): 3238 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName): 3239 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA): 3240 (ARMv7DOpcodeMiscIfThenT1): 3241 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition): 3242 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask): 3243 (ARMv7DOpcodeMiscPushPop): 3244 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName): 3245 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op): 3246 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask): 3247 (ARMv7DOpcodeMoveImmediateT1): 3248 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd): 3249 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8): 3250 (ARMv7DOpcodeMoveRegisterT1): 3251 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd): 3252 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm): 3253 (ARMv7D32BitOpcode): 3254 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup): 3255 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext): 3256 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next): 3257 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches): 3258 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format): 3259 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd): 3260 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm): 3261 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn): 3262 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt): 3263 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber): 3264 (ARMv7DOpcodeBranchRelative): 3265 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit): 3266 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1): 3267 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2): 3268 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11): 3269 (ARMv7DOpcodeConditionalBranchT3): 3270 (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset): 3271 (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition): 3272 (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6): 3273 (ARMv7DOpcodeBranchOrBranchLink): 3274 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset): 3275 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10): 3276 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL): 3277 (ARMv7DOpcodeDataProcessingLogicalAndRithmetic): 3278 (ARMv7DOpcodeDataProcessingModifiedImmediate): 3279 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName): 3280 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op): 3281 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit): 3282 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12): 3283 (ARMv7DOpcodeDataProcessingShiftedReg): 3284 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName): 3285 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit): 3286 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op): 3287 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5): 3288 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type): 3289 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit): 3290 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit): 3291 (ARMv7DOpcodeDataProcessingReg): 3292 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1): 3293 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2): 3294 (ARMv7DOpcodeDataProcessingRegShift): 3295 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName): 3296 (ARMv7DOpcodeDataProcessingRegExtend): 3297 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName): 3298 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName): 3299 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate): 3300 (ARMv7DOpcodeDataProcessingRegParallel): 3301 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName): 3302 (ARMv7DOpcodeDataProcessingRegMisc): 3303 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName): 3304 (ARMv7DOpcodeHint32): 3305 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName): 3306 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint): 3307 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption): 3308 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op): 3309 (ARMv7DOpcodeFPTransfer): 3310 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH): 3311 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL): 3312 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt): 3313 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC): 3314 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB): 3315 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd): 3316 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn): 3317 (ARMv7DOpcodeDataLoad): 3318 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName): 3319 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op): 3320 (ARMv7DOpcodeLoadRegister): 3321 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2): 3322 (ARMv7DOpcodeLoadSignedImmediate): 3323 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit): 3324 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit): 3325 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit): 3326 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8): 3327 (ARMv7DOpcodeLoadUnsignedImmediate): 3328 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12): 3329 (ARMv7DOpcodeLongMultipleDivide): 3330 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName): 3331 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName): 3332 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName): 3333 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName): 3334 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo): 3335 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi): 3336 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1): 3337 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2): 3338 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit): 3339 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit): 3340 (ARMv7DOpcodeDataPushPopSingle): 3341 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName): 3342 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op): 3343 (ARMv7DOpcodeDataStoreSingle): 3344 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName): 3345 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op): 3346 (ARMv7DOpcodeStoreSingleImmediate12): 3347 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12): 3348 (ARMv7DOpcodeStoreSingleImmediate8): 3349 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit): 3350 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit): 3351 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit): 3352 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8): 3353 (ARMv7DOpcodeStoreSingleRegister): 3354 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2): 3355 (ARMv7DOpcodeUnmodifiedImmediate): 3356 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName): 3357 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op): 3358 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit): 3359 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate): 3360 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5): 3361 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12): 3362 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16): 3363 (ARMv7DOpcodeVMOVDoublePrecision): 3364 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op): 3365 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2): 3366 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt): 3367 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm): 3368 (ARMv7DOpcodeVMOVSinglePrecision): 3369 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op): 3370 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2): 3371 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt): 3372 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm): 3373 (ARMv7DOpcodeVMSR): 3374 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL): 3375 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt): 3376 * disassembler/ARMv7Disassembler.cpp: Added. 3377 (JSC::tryToDisassemble): 3378 33792013-05-07 Julien Brianceau <jbrianceau@nds.com> 3380 3381 Take advantage of pre-decrement and post-increment opcodes for sh4 base JIT. 3382 https://bugs.webkit.org/show_bug.cgi?id=115722 3383 3384 Reviewed by Oliver Hunt. 3385 3386 * assembler/MacroAssemblerSH4.h: 3387 (JSC::MacroAssemblerSH4::load8PostInc): 3388 (MacroAssemblerSH4): 3389 (JSC::MacroAssemblerSH4::load16Unaligned): 3390 (JSC::MacroAssemblerSH4::load16PostInc): 3391 (JSC::MacroAssemblerSH4::storeDouble): 3392 (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords): 3393 * assembler/SH4Assembler.h: 3394 (JSC::SH4Assembler::movwMemRegIn): 3395 (SH4Assembler): 3396 (JSC::SH4Assembler::movbMemRegIn): 3397 (JSC::SH4Assembler::printInstr): 3398 33992013-05-07 Anders Carlsson <andersca@apple.com> 3400 3401 Remove AlwaysInline.h from WTF 3402 https://bugs.webkit.org/show_bug.cgi?id=115727 3403 3404 Reviewed by Brent Fulgham. 3405 3406 The macro that used to be in AlwaysInline.h is now in Compiler.h so there's no reason 3407 to keep AlwaysInline.h around anymore. 3408 3409 * jit/JSInterfaceJIT.h: 3410 * parser/Lexer.h: 3411 * runtime/JSCJSValue.h: 3412 * runtime/SymbolTable.h: 3413 34142013-05-07 Mikhail Pozdnyakov <mikhail.pozdnyakov@intel.com> 3415 3416 HashTraits<RefPtr<P> >::PeekType should be raw pointer for better performance 3417 https://bugs.webkit.org/show_bug.cgi?id=115646 3418 3419 Reviewed by Darin Adler. 3420 3421 * bytecompiler/StaticPropertyAnalyzer.h: 3422 (JSC::StaticPropertyAnalyzer::putById): 3423 Updated accordingly to new HashMap<.., RefPtr>::get() semantics. 3424 34252013-05-06 Julien Brianceau <jbrianceau@nds.com> 3426 3427 Misc bugfix and cleaning in sh4 base JIT. 3428 https://bugs.webkit.org/show_bug.cgi?id=115627 3429 3430 Reviewed by Oliver Hunt. 3431 3432 Get rid of loadX(RegisterID r0, RegisterID src, RegisterID dest) functions. 3433 Remove misplaced extuw() implementation from MacroAssemblerSH4. 3434 Add movbRegMemr0 and movwRegMemr0 functions in SH4Assembler. 3435 3436 * assembler/MacroAssemblerSH4.h: 3437 (JSC::MacroAssemblerSH4::add32): Skip operation when first operand is a zero immediate. 3438 (JSC::MacroAssemblerSH4::sub32): Skip operation when first operand is a zero immediate. 3439 (JSC::MacroAssemblerSH4::load32): Fix wrong usage of r0 register. 3440 (JSC::MacroAssemblerSH4::load8Signed): Handle "base == r0" case. 3441 (MacroAssemblerSH4): 3442 (JSC::MacroAssemblerSH4::load16): Handle "base == r0" case. 3443 (JSC::MacroAssemblerSH4::load16Unaligned): Use extuw() implementation from SH4Assembler. 3444 (JSC::MacroAssemblerSH4::load16Signed): Cosmetic change. 3445 (JSC::MacroAssemblerSH4::store8): Fix unhandled BaseIndex offset and handle (base == r0) case. 3446 (JSC::MacroAssemblerSH4::store16): Fix unhandled BaseIndex offset and handle (base == r0) case. 3447 (JSC::MacroAssemblerSH4::store32): 3448 * assembler/SH4Assembler.h: 3449 (JSC::SH4Assembler::movwRegMemr0): 3450 (SH4Assembler): 3451 (JSC::SH4Assembler::movbRegMemr0): 3452 (JSC::SH4Assembler::placeConstantPoolBarrier): Cosmetic change. 3453 (JSC::SH4Assembler::maxJumpReplacementSize): 3454 (JSC::SH4Assembler::replaceWithJump): Correct branch range and save an opcode. 3455 (JSC::SH4Assembler::printInstr): 3456 34572013-05-06 Anders Carlsson <andersca@apple.com> 3458 3459 Stop using WTF::deleteAllValues in JavaScriptCore 3460 https://bugs.webkit.org/show_bug.cgi?id=115670 3461 3462 Reviewed by Oliver Hunt. 3463 3464 Change the Vectors used to Vectors of OwnPtrs instead. 3465 3466 * heap/DFGCodeBlocks.cpp: 3467 (JSC::DFGCodeBlocks::~DFGCodeBlocks): 3468 (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks): 3469 34702013-05-06 Andras Becsi <andras.becsi@digia.com> 3471 3472 Build with GCC 4.8 fails because of -Wmaybe-uninitialized 3473 https://bugs.webkit.org/show_bug.cgi?id=115648 3474 3475 Reviewed by Michael Saboff. 3476 3477 Initialize values in Options::setOption since from 3478 there we end up calling OptionRange::init with 3479 uninitialized members. 3480 3481 * runtime/Options.cpp: 3482 34832013-05-06 Gabor Rapcsanyi <rgabor@webkit.org> 3484 3485 JSC ARM traditional failing on Octane NavierStokes test 3486 https://bugs.webkit.org/show_bug.cgi?id=115626 3487 3488 Reviewed by Zoltan Herczeg. 3489 3490 Change the ARM traditional assembler to use double precision on value 3491 conversions. 3492 3493 * assembler/ARMAssembler.h: 3494 34952013-05-03 Michael Saboff <msaboff@apple.com> 3496 3497 There should be a runtime option to constrain what functions get DFG compiled 3498 https://bugs.webkit.org/show_bug.cgi?id=115576 3499 3500 Reviewed by Mark Hahnenberg. 3501 3502 Added OptionRange to Options to allow checking that something is within an option 3503 or not. The new OptionClass supports range strings in the form of [!]<low>[:<high>]. 3504 If only one value is given, then it will be used for both low and high. A leading 3505 '!' inverts the check. If no range is given, then checking for a value within a range 3506 will always return true. Added the option "bytecodeRangeToDFGCompile" that takes an 3507 OptionRange string to select the bytecode range of code blocks to DFG compile. 3508 3509 * dfg/DFGDriver.cpp: 3510 (JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile 3511 range. 3512 * runtime/Options.cpp: 3513 (JSC::parse): Added overloaded parse() for OptionRange. 3514 (JSC::OptionRange::init): Parse range string and then initialize the range. 3515 (JSC::OptionRange::isInRange): Function used by consumer to check if a value is within 3516 the specified range. 3517 (JSC::Options::dumpOption): Added code to dump OptionRange options. 3518 * runtime/Options.h: 3519 (OptionRange): New class. 3520 (JSC::OptionRange::operator= ): This is really used as a default ctor for use within 3521 the Option static array initialization. 3522 (JSC::OptionRange::rangeString): This is used for debug. It assumes that the char* 3523 passed into OptionRange::init is valid when this function is called. 3524 35252013-05-02 Oliver Hunt <oliver@apple.com> 3526 3527 Fix potential bug in lookup logic 3528 https://bugs.webkit.org/show_bug.cgi?id=115522 3529 3530 Reviewed by Mark Hahnenberg. 3531 3532 Though not a problem in practise, it is technically possible 3533 to inject an un-proxied global object into the scope chain 3534 via the C API. This change makes sure that the scope walk 3535 in BytecodeGenerator actually limits itself to scopes that 3536 are statically bindable. 3537 3538 * bytecompiler/BytecodeGenerator.cpp: 3539 (JSC::BytecodeGenerator::resolve): 3540 * runtime/JSObject.h: 3541 (JSObject): 3542 (JSC): 3543 (JSC::JSObject::isStaticScopeObject): 3544 35452013-05-01 Roger Fong <roger_fong@apple.com> 3546 3547 Set Path in makefile for AppleWin. 3548 3549 * JavaScriptCore.vcxproj/JavaScriptCore.make: 3550 35512013-05-01 Benjamin Poulain <benjamin@webkit.org> 3552 3553 Remove the remaining wscript 3554 https://bugs.webkit.org/show_bug.cgi?id=115459 3555 3556 Reviewed by Andreas Kling. 3557 3558 * wscript: Removed. 3559 35602013-04-30 Mark Lam <mark.lam@apple.com> 3561 3562 JSContextGroupSetExecutionTimeLimit() should not pass a callback to the 3563 VM watchdog if its client did not pass one in. 3564 https://bugs.webkit.org/show_bug.cgi?id=115461. 3565 3566 Reviewed by Geoffrey Garen. 3567 3568 * API/JSContextRef.cpp: 3569 (internalScriptTimeoutCallback): 3570 (JSContextGroupSetExecutionTimeLimit): 3571 * API/tests/testapi.c: 3572 (main): 3573 - Added test case when the time limit callback is 0. 3574 - Also updated a check to verify that a TerminatedExecutionException is 3575 thrown when the time out is cancelled. 3576 - Also fixed some cosmetic typos. 3577 35782013-04-30 Geoffrey Garen <ggaren@apple.com> 3579 3580 Removed op_ensure_property_exists 3581 https://bugs.webkit.org/show_bug.cgi?id=115460 3582 3583 Reviewed by Mark Hahnenberg. 3584 3585 It was unused, and whatever it was once used for was not optimized. 3586 3587 * JavaScriptCore.order: 3588 * bytecode/CodeBlock.cpp: 3589 (JSC::CodeBlock::dumpBytecode): 3590 * bytecode/Opcode.h: 3591 (JSC::padOpcodeName): 3592 * jit/JIT.cpp: 3593 (JSC::JIT::privateCompileMainPass): 3594 * jit/JIT.h: 3595 * jit/JITOpcodes.cpp: 3596 * jit/JITOpcodes32_64.cpp: 3597 * jit/JITStubs.cpp: 3598 * jit/JITStubs.h: 3599 * llint/LLIntSlowPaths.cpp: 3600 * llint/LLIntSlowPaths.h: 3601 * llint/LowLevelInterpreter.asm: 3602 36032013-04-30 Oliver Hunt <oliver@apple.com> 3604 3605 JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry 3606 https://bugs.webkit.org/show_bug.cgi?id=115449 3607 3608 Reviewed by Geoffrey Garen. 3609 3610 Rename callframeishost to something that makes sense, and fix 3611 getCallerInfo to correctly handle inline functions calling into 3612 the VM. 3613 3614 * bytecode/CodeBlock.cpp: 3615 (JSC::CodeBlock::codeOriginForReturn): 3616 Make this more robust in the face of incorrect stack walking 3617 * interpreter/CallFrame.cpp: 3618 (JSC::CallFrame::trueCallerFrame): 3619 Everyone has to perform a codeblock() check before calling this 3620 so we might as well just do it here. 3621 * interpreter/Interpreter.cpp: 3622 (JSC::getCallerInfo): 3623 36242013-04-30 Julien Brianceau <jbrianceau@nds.com> 3625 3626 Bug fixing in sh4 base JIT and LLINT. 3627 https://bugs.webkit.org/show_bug.cgi?id=115420 3628 3629 Reviewed by Oliver Hunt. 3630 3631 * assembler/MacroAssemblerSH4.h: 3632 (JSC::MacroAssemblerSH4::lshift32): 3633 (JSC::MacroAssemblerSH4::rshift32): 3634 (JSC::MacroAssemblerSH4::branchMul32): 3635 (JSC::MacroAssemblerSH4::urshift32): 3636 (JSC::MacroAssemblerSH4::replaceWithJump): 3637 (JSC::MacroAssemblerSH4::maxJumpReplacementSize): 3638 * assembler/SH4Assembler.h: 3639 (JSC::SH4Assembler::shldRegReg): 3640 (JSC::SH4Assembler::shadRegReg): 3641 (JSC::SH4Assembler::shalImm8r): 3642 (SH4Assembler): 3643 (JSC::SH4Assembler::sharImm8r): 3644 (JSC::SH4Assembler::maxJumpReplacementSize): 3645 (JSC::SH4Assembler::replaceWithJump): 3646 * offlineasm/sh4.rb: 3647 36482013-04-30 Geoffrey Garen <ggaren@apple.com> 3649 3650 Objective-C JavaScriptCore API should publicly support bridging to C 3651 https://bugs.webkit.org/show_bug.cgi?id=115447 3652 3653 Reviewed by Mark Hahnenberg. 3654 3655 For consistency, I renamed 3656 3657 +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef] 3658 +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef] 3659 -[JSContext globalContext] => -[JSContext JSGlobalContextRef] 3660 3661 I searched svn to verify that these functions don't have clients yet, 3662 so we won't break anything. 3663 3664 I also exported as public API 3665 3666 +[JSValue valueWithJSValueRef:] 3667 +[JSContext contextWithJSGlobalContextRef:] 3668 3669 It's hard to integrate with the C API without these. 3670 36712013-04-30 Commit Queue <rniwa@webkit.org> 3672 3673 Unreviewed, rolling out r149349 and r149354. 3674 http://trac.webkit.org/changeset/149349 3675 http://trac.webkit.org/changeset/149354 3676 https://bugs.webkit.org/show_bug.cgi?id=115444 3677 3678 The Thumb version of compileSoftModulo make invalid use of 3679 registers (Requested by benjaminp on #webkit). 3680 3681 * CMakeLists.txt: 3682 * GNUmakefile.list.am: 3683 * JavaScriptCore.xcodeproj/project.pbxproj: 3684 * assembler/ARMv7Assembler.h: 3685 (ARMv7Assembler): 3686 * assembler/AbstractMacroAssembler.h: 3687 (JSC::isARMv7s): 3688 (JSC): 3689 * assembler/MacroAssemblerARMv7.cpp: Removed. 3690 * assembler/MacroAssemblerARMv7.h: 3691 (MacroAssemblerARMv7): 3692 * dfg/DFGFixupPhase.cpp: 3693 (JSC::DFG::FixupPhase::fixupNode): 3694 * dfg/DFGOperations.cpp: 3695 * dfg/DFGOperations.h: 3696 * dfg/DFGSpeculativeJIT.cpp: 3697 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 3698 (DFG): 3699 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s): 3700 * dfg/DFGSpeculativeJIT.h: 3701 (JSC::DFG::SpeculativeJIT::callOperation): 3702 (SpeculativeJIT): 3703 * dfg/DFGSpeculativeJIT32_64.cpp: 3704 (JSC::DFG::SpeculativeJIT::compile): 3705 37062013-04-30 Zalan Bujtas <zalan@apple.com> 3707 3708 Animations fail to start on http://www.google.com/insidesearch/howsearchworks/thestory/ 3709 https://bugs.webkit.org/show_bug.cgi?id=111244 3710 3711 Reviewed by David Kilzer. 3712 3713 Enable performance.now() as a minimal subset of Web Timing API. 3714 It returns DOMHighResTimeStamp, a monotonically increasing value representing the 3715 number of milliseconds from the start of the navigation of the current document. 3716 JS libraries use this API to check against the requestAnimationFrame() timestamp. 3717 3718 * Configurations/FeatureDefines.xcconfig: 3719 37202013-04-30 Zoltan Arvai <zarvai@inf.u-szeged.hu> 3721 3722 Unreviewed. Speculative build fix on Qt Arm and Mips after r149349. 3723 3724 * dfg/DFGSpeculativeJIT.cpp: 3725 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 3726 37272013-04-29 Cosmin Truta <ctruta@blackberry.com> 3728 3729 [ARM] Expand the use of integer division 3730 https://bugs.webkit.org/show_bug.cgi?id=115138 3731 3732 Reviewed by Benjamin Poulain. 3733 3734 If availability of hardware integer division isn't known at compile 3735 time, check the CPU flags and decide at runtime whether to fall back 3736 to software. Currently, this OS-specific check is implemented on QNX. 3737 3738 Moreover, use operator % instead of fmod() in the calculation of the 3739 software modulo. Even when it's software-emulated, operator % is faster 3740 than fmod(): on ARM v7 QNX, without hardware division, we noticed 3741 >3% speedup on SunSpider. 3742 3743 * CMakeLists.txt: 3744 * GNUmakefile.list.am: 3745 * JavaScriptCore.xcodeproj/project.pbxproj: 3746 * assembler/ARMv7Assembler.h: 3747 (JSC::ARMv7Assembler::sdiv): Did not compile conditionally. 3748 (JSC::ARMv7Assembler::udiv): Ditto. 3749 * assembler/AbstractMacroAssembler.h: 3750 (JSC::isARMv7s): Removed. 3751 * assembler/MacroAssemblerARMv7.cpp: Added. 3752 (JSC::isIntegerDivSupported): Added. 3753 * assembler/MacroAssemblerARMv7.h: 3754 (JSC::MacroAssemblerARMv7::supportsIntegerDiv): Added. 3755 * dfg/DFGFixupPhase.cpp: 3756 (JSC::DFG::FixupPhase::fixupNode): Checked MacroAssembler::supportsIntegerDiv() in ArithDiv case. 3757 * dfg/DFGOperations.cpp: 3758 (JSC::DFG::operationModOnInts): Added. 3759 * dfg/DFGOperations.h: 3760 (JSC::DFG::Z_DFGOperation_ZZ): Added. 3761 * dfg/DFGSpeculativeJIT.cpp: 3762 (JSC::DFG::SpeculativeJIT::compileSoftModulo): Separated the X86-specific and ARM-specific codegen 3763 from the common implementation; used operationModOnInts on ARM. 3764 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM): Renamed from compileIntegerArithDivForARMv7. 3765 (JSC::DFG::SpeculativeJIT::compileArithMod): Allowed run-time detection of integer div on ARM. 3766 * dfg/DFGSpeculativeJIT.h: 3767 (JSC::DFG::SpeculativeJIT::callOperation): Added overloads with Z_DFGOperation_ZZ arguments. 3768 * dfg/DFGSpeculativeJIT32_64.cpp: 3769 (JSC::DFG::SpeculativeJIT::compile): Used compileIntegerArithDivForARM. 3770 37712013-04-29 Benjamin Poulain <benjamin@webkit.org> 3772 3773 Unify the data access of StringImpl members from JavaScriptCore 3774 https://bugs.webkit.org/show_bug.cgi?id=115320 3775 3776 Reviewed by Andreas Kling. 3777 3778 DFG accesses the member infos by directly calling the methods on StringImpl, 3779 while the baseline JIT was using helper methods on ThunkHelpers. 3780 3781 Cut the middle man, and use StringImpl directly everywhere. 3782 3783 * jit/JITInlines.h: 3784 (JSC::JIT::emitLoadCharacterString): 3785 * jit/JITPropertyAccess.cpp: 3786 (JSC::JIT::stringGetByValStubGenerator): 3787 * jit/JITPropertyAccess32_64.cpp: 3788 (JSC::JIT::stringGetByValStubGenerator): 3789 * jit/JSInterfaceJIT.h: 3790 * jit/ThunkGenerators.cpp: 3791 (JSC::stringCharLoad): 3792 37932013-04-29 Benjamin Poulain <bpoulain@apple.com> 3794 3795 Use push and pop for iOS math function thunks 3796 https://bugs.webkit.org/show_bug.cgi?id=115215 3797 3798 Reviewed by Filip Pizlo. 3799 3800 The iOS ABI is a little different than regular ARM ABI regarding stack alignment. 3801 The requirement is 4 bytes: 3802 "The ARM environment uses a stack that—at the point of function calls—is 4-byte aligned, 3803 grows downward, and contains local variables and a function’s parameters." 3804 3805 Subsequently, we can just use push and pop to preserve the link register. 3806 3807 * jit/ThunkGenerators.cpp: 3808 38092013-04-29 Brent Fulgham <bfulgham@webkit.org> 3810 3811 [Windows, WinCairo] Get rid of last few pthread include/link references. 3812 https://bugs.webkit.org/show_bug.cgi?id=115375 3813 3814 Reviewed by Tim Horton. 3815 3816 * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: 3817 * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: 3818 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: 3819 * JavaScriptCore.vcxproj/jsc/jscCommon.props: 3820 * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: 3821 * JavaScriptCore.vcxproj/testapi/testapiCommon.props: 3822 38232013-04-29 Roger Fong <roger_fong@apple.com> 3824 3825 Unreviewed. AppleWin VS2010 build fix. 3826 3827 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 3828 38292013-04-26 Mark Hahnenberg <mhahnenberg@apple.com> 3830 3831 ~BlockAllocator should ASSERT that it has no more Regions left 3832 https://bugs.webkit.org/show_bug.cgi?id=115287 3833 3834 Reviewed by Andreas Kling. 3835 3836 * heap/BlockAllocator.cpp: 3837 (JSC::BlockAllocator::~BlockAllocator): 3838 (JSC::BlockAllocator::allRegionSetsAreEmpty): 3839 * heap/BlockAllocator.h: 3840 (RegionSet): 3841 (JSC::BlockAllocator::RegionSet::isEmpty): 3842 (BlockAllocator): 3843 38442013-04-29 Mark Hahnenberg <mhahnenberg@apple.com> 3845 3846 IndexingTypes should use hex 3847 https://bugs.webkit.org/show_bug.cgi?id=115286 3848 3849 Decimal is kind of confusing/hard to read because they're used as bit masks. Hex seems more appropriate. 3850 3851 Reviewed by Geoffrey Garen. 3852 3853 * runtime/IndexingType.h: 3854 38552013-04-29 Carlos Garcia Campos <cgarcia@igalia.com> 3856 3857 Unreviewed. Fix make distcheck. 3858 3859 * GNUmakefile.list.am: Add missing headers files to compilation 3860 and offlineasm/sh4.rb script. 3861 38622013-04-28 Dean Jackson <dino@apple.com> 3863 3864 [Mac] Disable canvas backing store scaling (HIGH_DPI_CANVAS) 3865 https://bugs.webkit.org/show_bug.cgi?id=115310 3866 3867 Reviewed by Simon Fraser. 3868 3869 Remove ENABLE_HIGH_DPI_CANVAS_macosx. 3870 3871 * Configurations/FeatureDefines.xcconfig: 3872 38732013-04-27 Darin Adler <darin@apple.com> 3874 3875 Move from constructor and member function adoptCF/NS to free function adoptCF/NS. 3876 https://bugs.webkit.org/show_bug.cgi?id=115307 3877 3878 Reviewed by Geoffrey Garen. 3879 3880 * heap/HeapTimer.cpp: 3881 (JSC::HeapTimer::HeapTimer): 3882 * runtime/VM.cpp: 3883 (JSC::enableAssembler): 3884 Use adoptCF free function. 3885 38862013-04-27 Anders Carlsson <andersca@apple.com> 3887 3888 Try to fix the Windows build. 3889 3890 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: 3891 38922013-04-25 Geoffrey Garen <ggaren@apple.com> 3893 3894 Cleaned up pre/post inc/dec in bytecode 3895 https://bugs.webkit.org/show_bug.cgi?id=115222 3896 3897 Reviewed by Filip Pizlo. 3898 3899 A few related changes here: 3900 3901 (*) Removed post_inc and post_dec. The two-result form was awkward to 3902 reason about. Being explicit about the intermediate mov and to_number 3903 reduces DFG overhead, removes some fragile ASSERTs from the DFG, and 3904 fixes a const bug. Plus, we get to blow away 262 lines of code. 3905 3906 (*) Renamed pre_inc and pre_dec to inc and dec, since there's only one 3907 version now. 3908 3909 (*) Renamed to_jsnumber to to_number, to match the ECMA name. 3910 3911 (*) Tightened up the codegen and runtime support for to_number. 3912 3913 3914 * JavaScriptCore.order: Order! 3915 3916 * bytecode/CodeBlock.cpp: 3917 (JSC::CodeBlock::dumpBytecode): 3918 * bytecode/Opcode.h: 3919 (JSC::padOpcodeName): 3920 * bytecompiler/BytecodeGenerator.cpp: 3921 (JSC::BytecodeGenerator::emitInc): 3922 (JSC::BytecodeGenerator::emitDec): 3923 * bytecompiler/BytecodeGenerator.h: 3924 (JSC::BytecodeGenerator::emitToNumber): 3925 (BytecodeGenerator): Removed post_inc and post_dec. 3926 3927 * bytecompiler/NodesCodegen.cpp: 3928 (JSC::emitPreIncOrDec): Updated for rename. 3929 3930 (JSC::emitPostIncOrDec): Issue an explicit mov and to_number when needed. 3931 These are rare, and they boil away in the DFG. 3932 3933 (JSC::PostfixNode::emitResolve): 3934 (JSC::PrefixNode::emitResolve): For const, use an explicit mov instead 3935 of any special forms. This fixes a bug where we would do string 3936 add/subtract instead of number. 3937 3938 * dfg/DFGByteCodeParser.cpp: 3939 (JSC::DFG::ByteCodeParser::parseBlock): 3940 * dfg/DFGCapabilities.h: 3941 (JSC::DFG::canCompileOpcode): 3942 * jit/JIT.cpp: 3943 (JSC::JIT::privateCompileMainPass): 3944 (JSC::JIT::privateCompileSlowCases): 3945 * jit/JIT.h: 3946 * jit/JITArithmetic.cpp: 3947 (JSC::JIT::emit_op_inc): 3948 (JSC::JIT::emitSlow_op_inc): 3949 (JSC::JIT::emit_op_dec): 3950 (JSC::JIT::emitSlow_op_dec): 3951 * jit/JITArithmetic32_64.cpp: 3952 (JSC::JIT::emit_op_inc): 3953 (JSC::JIT::emitSlow_op_inc): 3954 (JSC::JIT::emit_op_dec): 3955 (JSC::JIT::emitSlow_op_dec): Removed post_inc/dec, and updated for renames. 3956 3957 * jit/JITOpcodes.cpp: 3958 (JSC::JIT::emit_op_to_number): 3959 (JSC::JIT::emitSlow_op_to_number): Removed a test for number cells. There's 3960 no such thing! 3961 3962 * jit/JITOpcodes32_64.cpp: 3963 (JSC::JIT::emit_op_to_number): Use LowestTag to avoid making assumptions 3964 about the lowest valued tag. 3965 3966 (JSC::JIT::emitSlow_op_to_number): Updated for renames. 3967 3968 * jit/JITStubs.cpp: 3969 (JSC::DEFINE_STUB_FUNCTION): 3970 * jit/JITStubs.h: 3971 * llint/LLIntSlowPaths.cpp: 3972 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 3973 * llint/LLIntSlowPaths.h: 3974 * llint/LowLevelInterpreter32_64.asm: 3975 * llint/LowLevelInterpreter64.asm: 3976 * parser/NodeConstructors.h: 3977 (JSC::UnaryPlusNode::UnaryPlusNode): Removed post_inc/dec, and updated for renames. 3978 3979 * runtime/Operations.cpp: 3980 (JSC::jsIsObjectType): Removed a test for number cells. There's 3981 no such thing! 3982 39832013-04-27 Julien Brianceau <jbrianceau@nds.com> 3984 3985 REGRESSION(r149114): cache flush for SH4 arch may flush an extra page. 3986 https://bugs.webkit.org/show_bug.cgi?id=115305 3987 3988 Reviewed by Andreas Kling. 3989 3990 * assembler/SH4Assembler.h: 3991 (JSC::SH4Assembler::cacheFlush): 3992 39932013-04-26 Geoffrey Garen <ggaren@apple.com> 3994 3995 Re-landing <http://trac.webkit.org/changeset/148999> 3996 3997 Filled out more cases of branch folding in bytecode when emitting 3998 expressions into a branching context 3999 https://bugs.webkit.org/show_bug.cgi?id=115057 4000 4001 Reviewed by Phil Pizlo. 4002 4003 We can't fold the number == 1 case to boolean because all non-zero numbers 4004 down-cast to true, but only 1 is == to true. 4005 40062013-04-26 Filip Pizlo <fpizlo@apple.com> 4007 4008 Correct indentation of SymbolTable.h 4009 4010 Rubber stamped by Mark Hahnenberg. 4011 4012 * runtime/SymbolTable.h: 4013 40142013-04-26 Roger Fong <roger_fong@apple.com> 4015 4016 Make Apple Windows VS2010 build results into and get dependencies from __32 suffixed folders. 4017 Make the DebugSuffix configuration use _debug dependencies. 4018 4019 * JavaScriptCore.vcxproj/JavaScriptCore.make: 4020 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: 4021 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: 4022 * JavaScriptCore.vcxproj/JavaScriptCoreCF.props: 4023 * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: 4024 * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props: 4025 * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props: 4026 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: 4027 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: 4028 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: 4029 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: 4030 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: 4031 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: 4032 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: 4033 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: 4034 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: 4035 * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: 4036 * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: 4037 * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props: 4038 * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props: 4039 * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props: 4040 * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props: 4041 * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd: 4042 * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd: 4043 * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props: 4044 * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props: 4045 * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props: 4046 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make: 4047 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: 4048 * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: 4049 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make: 4050 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: 4051 * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: 4052 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: 4053 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: 4054 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: 4055 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props: 4056 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props: 4057 * JavaScriptCore.vcxproj/build-generated-files.sh: 4058 * JavaScriptCore.vcxproj/copy-files.cmd: 4059 * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: 4060 * JavaScriptCore.vcxproj/jsc/jscCommon.props: 4061 * JavaScriptCore.vcxproj/jsc/jscDebug.props: 4062 * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd: 4063 * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd: 4064 * JavaScriptCore.vcxproj/jsc/jscProduction.props: 4065 * JavaScriptCore.vcxproj/jsc/jscRelease.props: 4066 * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: 4067 * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: 4068 * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: 4069 * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props: 4070 * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: 4071 * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: 4072 * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props: 4073 * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props: 4074 * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: 4075 * JavaScriptCore.vcxproj/testapi/testapiCommon.props: 4076 * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: 4077 * JavaScriptCore.vcxproj/testapi/testapiDebug.props: 4078 * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props: 4079 * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: 4080 * JavaScriptCore.vcxproj/testapi/testapiProduction.props: 4081 * JavaScriptCore.vcxproj/testapi/testapiRelease.props: 4082 * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props: 4083 40842013-04-26 Roger Fong <roger_fong@apple.com> 4085 4086 Disable sub-pixel layout on mac. 4087 https://bugs.webkit.org/show_bug.cgi?id=114999. 4088 4089 Reviewed by Simon Fraser. 4090 4091 * Configurations/FeatureDefines.xcconfig: 4092 40932013-04-26 Oliver Hunt <oliver@apple.com> 4094 4095 Make stack tracing more robust 4096 https://bugs.webkit.org/show_bug.cgi?id=115272 4097 4098 Reviewed by Geoffrey Garen. 4099 4100 CallFrame already handles stack walking confusion robustly, 4101 so we should make sure that the actual walk handles that as well. 4102 4103 * interpreter/Interpreter.cpp: 4104 (JSC::getCallerInfo): 4105 41062013-04-26 Mark Hahnenberg <mhahnenberg@apple.com> 4107 4108 REGRESSION(r149165): It made many tests crash on 32 bit 4109 https://bugs.webkit.org/show_bug.cgi?id=115227 4110 4111 Reviewed by Csaba Osztrogonác. 4112 4113 m_reservation is uninitialized when ENABLE(SUPER_REGION) is false. 4114 4115 * heap/SuperRegion.cpp: 4116 (JSC::SuperRegion::~SuperRegion): 4117 41182013-04-26 Julien Brianceau <jbrianceau@nds.com> 4119 4120 Fix SH4 build broken since r149159. 4121 https://bugs.webkit.org/show_bug.cgi?id=115229 4122 4123 Add BranchTruncateType enum in SH4 port and handle it in branchTruncateDoubleToInt32. 4124 4125 Reviewed by Allan Sandfeld Jensen. 4126 4127 * assembler/MacroAssemblerSH4.h: 4128 (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32): 4129 41302013-04-25 Mark Hahnenberg <mhahnenberg@apple.com> 4131 4132 SuperRegion doesn't call deallocate() on its PageReservation 4133 https://bugs.webkit.org/show_bug.cgi?id=115208 4134 4135 Reviewed by Geoffrey Garen. 4136 4137 It should. This doesn't cause us to leak physical memory, but it does cause us to leak virtual 4138 address space (and probably mach ports), which is also bad :-( FixedVMPoolExecutableAllocator 4139 also has this bug, but it doesn't matter much because there's only one instance of that class 4140 throughout the entire lifetime of the process, whereas each VM has its own SuperRegion. 4141 4142 * heap/SuperRegion.cpp: 4143 (JSC::SuperRegion::~SuperRegion): 4144 * heap/SuperRegion.h: 4145 (SuperRegion): 4146 * jit/ExecutableAllocatorFixedVMPool.cpp: 4147 (FixedVMPoolExecutableAllocator): 4148 (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator): 4149 41502013-04-25 Filip Pizlo <fpizlo@apple.com> 4151 4152 DFG doesn't support to_jsnumber 4153 https://bugs.webkit.org/show_bug.cgi?id=115129 4154 4155 Reviewed by Geoffrey Garen. 4156 4157 Based on Oliver's patch. Implements to_jsnumber as Identity(Number:@thingy), and then does 4158 an optimization in Fixup to turn Identity(Number:) into Identity(Int32:) if the predictions 4159 tell us to. Identity is later turned into Phantom. 4160 4161 Also fixed BackPropMask, which appeared to have NodeDoesNotExit included in it. That's 4162 wrong; NodeDoesNotExit is not a backward propagation property. 4163 4164 Also fixed Identity to be marked as CanExit (i.e. not NodeDoesNotExit). 4165 4166 This more than doubles the FPS on ammo. 4167 4168 * dfg/DFGByteCodeParser.cpp: 4169 (JSC::DFG::ByteCodeParser::parseBlock): 4170 * dfg/DFGCapabilities.h: 4171 (JSC::DFG::canCompileOpcode): 4172 * dfg/DFGFixupPhase.cpp: 4173 (JSC::DFG::FixupPhase::fixupNode): 4174 (FixupPhase): 4175 (JSC::DFG::FixupPhase::observeUseKindOnNode): 4176 (JSC::DFG::FixupPhase::observeUseKindOnEdge): 4177 * dfg/DFGNodeFlags.h: 4178 (DFG): 4179 * dfg/DFGNodeType.h: 4180 (DFG): 4181 * dfg/DFGPredictionPropagationPhase.cpp: 4182 (JSC::DFG::PredictionPropagationPhase::propagate): 4183 41842013-04-24 Oliver Hunt <oliver@apple.com> 4185 4186 Add support for Math.imul 4187 https://bugs.webkit.org/show_bug.cgi?id=115143 4188 4189 Reviewed by Filip Pizlo. 4190 4191 Add support for Math.imul, a thunk generator for Math.imul, 4192 and an intrinsic. 4193 4194 Fairly self explanatory set of changes, DFG intrinsics simply 4195 leverages the existing ValueToInt32 nodes. 4196 4197 * create_hash_table: 4198 * dfg/DFGAbstractState.cpp: 4199 (JSC::DFG::AbstractState::executeEffects): 4200 * dfg/DFGBackwardsPropagationPhase.cpp: 4201 (JSC::DFG::BackwardsPropagationPhase::propagate): 4202 * dfg/DFGByteCodeParser.cpp: 4203 (JSC::DFG::ByteCodeParser::handleIntrinsic): 4204 * dfg/DFGCSEPhase.cpp: 4205 (JSC::DFG::CSEPhase::performNodeCSE): 4206 * dfg/DFGFixupPhase.cpp: 4207 (JSC::DFG::FixupPhase::fixupNode): 4208 * dfg/DFGNodeType.h: 4209 (DFG): 4210 * dfg/DFGPredictionPropagationPhase.cpp: 4211 (JSC::DFG::PredictionPropagationPhase::propagate): 4212 * dfg/DFGSpeculativeJIT.cpp: 4213 (JSC::DFG::SpeculativeJIT::compileArithIMul): 4214 * dfg/DFGSpeculativeJIT.h: 4215 (SpeculativeJIT): 4216 * dfg/DFGSpeculativeJIT32_64.cpp: 4217 (JSC::DFG::SpeculativeJIT::compile): 4218 * dfg/DFGSpeculativeJIT64.cpp: 4219 (JSC::DFG::SpeculativeJIT::compile): 4220 * jit/ThunkGenerators.cpp: 4221 (JSC::imulThunkGenerator): 4222 (JSC): 4223 * jit/ThunkGenerators.h: 4224 (JSC): 4225 * runtime/Intrinsic.h: 4226 * runtime/MathObject.cpp: 4227 (JSC): 4228 (JSC::mathProtoFuncIMul): 4229 * runtime/VM.cpp: 4230 (JSC::thunkGeneratorForIntrinsic): 4231 42322013-04-25 Filip Pizlo <fpizlo@apple.com> 4233 4234 Unreviewed, roll out http://trac.webkit.org/changeset/148999 4235 It broke http://kripken.github.io/ammo.js/examples/new/ammo.html 4236 4237 * JavaScriptCore.order: 4238 * bytecompiler/BytecodeGenerator.cpp: 4239 (JSC::BytecodeGenerator::emitNewArray): 4240 (JSC::BytecodeGenerator::emitThrowReferenceError): 4241 (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded): 4242 * bytecompiler/BytecodeGenerator.h: 4243 (JSC::BytecodeGenerator::shouldEmitProfileHooks): 4244 (BytecodeGenerator): 4245 * bytecompiler/NodesCodegen.cpp: 4246 (JSC): 4247 (JSC::NullNode::emitBytecode): 4248 (JSC::BooleanNode::emitBytecode): 4249 (JSC::NumberNode::emitBytecode): 4250 (JSC::StringNode::emitBytecode): 4251 (JSC::IfNode::emitBytecode): 4252 (JSC::IfElseNode::emitBytecode): 4253 * parser/ASTBuilder.h: 4254 (JSC::ASTBuilder::createIfStatement): 4255 (ASTBuilder): 4256 * parser/NodeConstructors.h: 4257 (JSC): 4258 (JSC::NullNode::NullNode): 4259 (JSC::BooleanNode::BooleanNode): 4260 (JSC::NumberNode::NumberNode): 4261 (JSC::StringNode::StringNode): 4262 (JSC::IfNode::IfNode): 4263 (JSC::IfElseNode::IfElseNode): 4264 * parser/Nodes.h: 4265 (JSC::ExpressionNode::isPure): 4266 (JSC::ExpressionNode::isSubtract): 4267 (StatementNode): 4268 (NullNode): 4269 (JSC::NullNode::isNull): 4270 (BooleanNode): 4271 (JSC::BooleanNode::isPure): 4272 (NumberNode): 4273 (JSC::NumberNode::value): 4274 (JSC::NumberNode::isPure): 4275 (StringNode): 4276 (JSC::StringNode::isPure): 4277 (JSC::StringNode::isString): 4278 (BinaryOpNode): 4279 (IfNode): 4280 (JSC): 4281 (IfElseNode): 4282 (ContinueNode): 4283 (BreakNode): 4284 * parser/Parser.cpp: 4285 (JSC::::parseIfStatement): 4286 * parser/ResultType.h: 4287 (ResultType): 4288 * runtime/JSCJSValueInlines.h: 4289 (JSC::JSValue::pureToBoolean): 4290 * runtime/JSCell.h: 4291 (JSCell): 4292 * runtime/JSCellInlines.h: 4293 (JSC): 4294 42952013-04-25 Filip Pizlo <fpizlo@apple.com> 4296 4297 PreciseJumpTargets should treat loop_hint as a jump target 4298 https://bugs.webkit.org/show_bug.cgi?id=115209 4299 4300 Reviewed by Mark Hahnenberg. 4301 4302 I didn't add a test but I turned this into a release assertion. Running Octane is enough 4303 to trigger it. 4304 4305 * bytecode/PreciseJumpTargets.cpp: 4306 (JSC::computePreciseJumpTargets): 4307 * dfg/DFGByteCodeParser.cpp: 4308 (JSC::DFG::ByteCodeParser::parseBlock): 4309 43102013-04-25 Roman Zhuykov <zhroma@ispras.ru> 4311 4312 Fix problems with processing negative zero on DFG. 4313 https://bugs.webkit.org/show_bug.cgi?id=113862 4314 4315 Reviewed by Filip Pizlo. 4316 4317 Fix NodeNeedsNegZero flag propagation in BackwardPropagationPhase. 4318 Function arithNodeFlags should not mask NodeNeedsNegZero flag for ArithNegate and DoubleAsInt32 4319 nodes and this flag should be always used to decide where we need to generate nezative-zero checks. 4320 Remove unnecessary negative-zero checks from integer ArithDiv on ARM. 4321 Also remove such checks from integer ArithMod on ARM and X86, and make them always to 4322 check not only "modulo_result == 0" but also "dividend < 0". 4323 Generate faster code for case when ArithMod operation divisor is constant power of 2 on ARMv7 4324 in the same way as on ARMv7s, and add negative-zero checks into this code when needed. 4325 Change speculationCheck ExitKind from Overflow to NegativeZero where applicable. 4326 4327 This shows 30% speedup of math-spectral-norm, and 5% speedup 4328 on SunSpider overall on ARMv7 Linux. 4329 4330 * assembler/MacroAssemblerARM.h: 4331 (JSC::MacroAssemblerARM::branchConvertDoubleToInt32): 4332 * assembler/MacroAssemblerARMv7.h: 4333 (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32): 4334 * assembler/MacroAssemblerMIPS.h: 4335 (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32): 4336 * assembler/MacroAssemblerSH4.h: 4337 (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32): 4338 * assembler/MacroAssemblerX86Common.h: 4339 (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32): 4340 * dfg/DFGBackwardsPropagationPhase.cpp: 4341 (JSC::DFG::BackwardsPropagationPhase::isNotNegZero): 4342 (JSC::DFG::BackwardsPropagationPhase::isNotPosZero): 4343 (JSC::DFG::BackwardsPropagationPhase::propagate): 4344 * dfg/DFGNode.h: 4345 (JSC::DFG::Node::arithNodeFlags): 4346 * dfg/DFGSpeculativeJIT.cpp: 4347 (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32): 4348 (JSC::DFG::SpeculativeJIT::compileSoftModulo): 4349 (JSC::DFG::SpeculativeJIT::compileArithNegate): 4350 43512013-04-25 Oliver Hunt <oliver@apple.com> 4352 4353 Stack guards are too conservative 4354 https://bugs.webkit.org/show_bug.cgi?id=115147 4355 4356 Reviewed by Mark Hahnenberg. 4357 4358 Increase stack guard to closer to old size. 4359 4360 * interpreter/Interpreter.cpp: 4361 (JSC::Interpreter::StackPolicy::StackPolicy): 4362 43632013-04-25 Oliver Hunt <oliver@apple.com> 4364 4365 Stack guards are too conservative 4366 https://bugs.webkit.org/show_bug.cgi?id=115147 4367 4368 Reviewed by Geoffrey Garen. 4369 4370 Reduce the limits and simplify the decision making. 4371 4372 * interpreter/Interpreter.cpp: 4373 (JSC::Interpreter::StackPolicy::StackPolicy): 4374 43752013-04-25 Nick Diego Yamane <nick.yamane@openbossa.org> 4376 4377 JSC: Fix interpreter misbehavior in builds with JIT disabled 4378 https://bugs.webkit.org/show_bug.cgi?id=115190 4379 4380 Reviewed by Oliver Hunt. 4381 4382 Commit http://trac.webkit.org/changeset/147858 modified 4383 some details on how JS stack traces are built. The method 4384 "getLineNumberForCallFrame", renamed in that changeset to 4385 "getBytecodeOffsetForCallFrame" is always returning `0' when 4386 JIT is disabled 4387 4388 How to reproduce: 4389 - Build webkit with JIT disabled 4390 - Open MiniBrowser, for example, with http://google.com 4391 - In a debug build, WebProcess will hit the following ASSERT: 4392 Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:279 ASSERT(low); 4393 4394 * interpreter/Interpreter.cpp: 4395 (JSC::getBytecodeOffsetForCallFrame): 4396 43972013-04-25 Oliver Hunt <oliver@apple.com> 4398 4399 Make checkSyntax take a VM instead of an ExecState 4400 4401 RS=Tim 4402 4403 * jsc.cpp: 4404 (runInteractive): 4405 * runtime/Completion.cpp: 4406 (JSC::checkSyntax): 4407 * runtime/Completion.h: 4408 (JSC): 4409 44102013-04-25 Michael Saboff <msaboff@apple.com> 4411 4412 32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean 4413 https://bugs.webkit.org/show_bug.cgi?id=115188 4414 4415 Reviewed by Geoffrey Garen. 4416 4417 Changed the RegExpTest node to set the AbstractValue to boolean, since that 4418 what it is. 4419 4420 * dfg/DFGAbstractState.cpp: 4421 (JSC::DFG::AbstractState::executeEffects): 4422 44232013-04-25 Julien Brianceau <jbrianceau@nds.com> 4424 4425 REGRESSION(r137994): Random crashes occur with SH4 JSC. 4426 https://bugs.webkit.org/show_bug.cgi?id=115167. 4427 4428 Reviewed by Oliver Hunt. 4429 4430 Since r137994, uncommited pages could be inside the area of memory in 4431 parameter of the cacheFlush function. That's why we have to flush each 4432 page separately to avoid a fail of the whole flush, if an uncommited page 4433 is in the area. 4434 4435 This patch is very similar to changeset 145194 made for ARMv7 architecture, 4436 see https://bugs.webkit.org/show_bug.cgi?id=111441 for further information. 4437 4438 * assembler/SH4Assembler.h: 4439 (JSC::SH4Assembler::cacheFlush): 4440 44412013-04-24 Mark Lam <mark.lam@apple.com> 4442 4443 Add watchdog timer polling for the DFG. 4444 https://bugs.webkit.org/show_bug.cgi?id=115134. 4445 4446 Reviewed by Geoffrey Garen. 4447 4448 The strategy is to add a speculation check to the DFG generated code to 4449 test if the watchdog timer has fired or not. If the watchdog timer has 4450 fired, the generated code will do an OSR exit to the baseline JIT, and 4451 let it handle servicing the watchdog timer. 4452 4453 If the watchdog is not enabled, this speculation check will not be 4454 emitted. 4455 4456 * API/tests/testapi.c: 4457 (currentCPUTime_callAsFunction): 4458 (extendTerminateCallback): 4459 (main): 4460 - removed try/catch statements so that we can test the watchdog on the DFG. 4461 - added JS bindings to a native currentCPUTime() function so that the timeout 4462 tests can be more accurate. 4463 - also shortened the time values so that the tests can complete sooner. 4464 4465 * bytecode/ExitKind.h: 4466 * dfg/DFGAbstractState.cpp: 4467 (JSC::DFG::AbstractState::executeEffects): 4468 * dfg/DFGByteCodeParser.cpp: 4469 (JSC::DFG::ByteCodeParser::parseBlock): 4470 * dfg/DFGFixupPhase.cpp: 4471 (JSC::DFG::FixupPhase::fixupNode): 4472 * dfg/DFGNodeType.h: 4473 * dfg/DFGPredictionPropagationPhase.cpp: 4474 (JSC::DFG::PredictionPropagationPhase::propagate): 4475 * dfg/DFGSpeculativeJIT32_64.cpp: 4476 (JSC::DFG::SpeculativeJIT::compile): 4477 * dfg/DFGSpeculativeJIT64.cpp: 4478 (JSC::DFG::SpeculativeJIT::compile): 4479 * runtime/Watchdog.cpp: 4480 (JSC::Watchdog::setTimeLimit): 4481 44822013-04-24 Filip Pizlo <fpizlo@apple.com> 4483 4484 Special thunks for math functions should work on ARMv7 4485 https://bugs.webkit.org/show_bug.cgi?id=115144 4486 4487 Reviewed by Gavin Barraclough and Oliver Hunt. 4488 4489 The only hard bit here was ensuring that we implemented the very special 4490 "cheap C call" convention on ARMv7. 4491 4492 * assembler/AbstractMacroAssembler.h: 4493 (JSC::isARMv7s): 4494 (JSC): 4495 (JSC::isX86): 4496 * dfg/DFGCommon.h: 4497 * jit/SpecializedThunkJIT.h: 4498 (SpecializedThunkJIT): 4499 (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn): 4500 * jit/ThunkGenerators.cpp: 4501 (JSC::floorThunkGenerator): 4502 (JSC::ceilThunkGenerator): 4503 (JSC::roundThunkGenerator): 4504 (JSC::expThunkGenerator): 4505 (JSC::logThunkGenerator): 4506 45072013-04-24 Julien Brianceau <jbrianceau@nds.com> 4508 4509 Misc bugfix and cleaning in sh4 base JIT. 4510 https://bugs.webkit.org/show_bug.cgi?id=115022. 4511 4512 Reviewed by Oliver Hunt. 4513 4514 Remove unused add32() and sub32() with scratchreg parameter to avoid 4515 confusion as this function prototype means another behaviour. 4516 Remove unused "void push(Address)" function which seems quite buggy. 4517 4518 * assembler/MacroAssemblerSH4.h: 4519 (JSC::MacroAssemblerSH4::and32): Cosmetic change. 4520 (JSC::MacroAssemblerSH4::lshift32): Cosmetic change. 4521 (JSC::MacroAssemblerSH4::or32): Cosmetic change. 4522 (JSC::MacroAssemblerSH4::xor32): Cosmetic change. 4523 (MacroAssemblerSH4): 4524 (JSC::MacroAssemblerSH4::load32): Cosmetic change. 4525 (JSC::MacroAssemblerSH4::load8Signed): Fix invalid offset upper limit 4526 when using r0 register and cosmetic changes. 4527 (JSC::MacroAssemblerSH4::load8): Reuse load8Signed to avoid duplication. 4528 (JSC::MacroAssemblerSH4::load16): Fix invalid offset upper limit when 4529 using r0 register, fix missing offset shift and cosmetic changes. 4530 (JSC::MacroAssemblerSH4::store32): Cosmetic change. 4531 (JSC::MacroAssemblerSH4::branchAdd32): Store result value before branch. 4532 45332013-04-24 Patrick Gansterer <paroga@webkit.org> 4534 4535 [WIN] Remove pthread from Visual Studio files in JavaScriptCore 4536 https://bugs.webkit.org/show_bug.cgi?id=114864 4537 4538 Reviewed by Brent Fulgham. 4539 4540 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: 4541 * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: 4542 * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: 4543 * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: 4544 * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: 4545 * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: 4546 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: 4547 * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: 4548 * JavaScriptCore.vcxproj/jsc/jscCommon.props: 4549 * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: 4550 * JavaScriptCore.vcxproj/testapi/testapiCommon.props: 4551 * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: 4552 45532013-04-24 Filip Pizlo <fpizlo@apple.com> 4554 4555 DFG should keep the operand to create_this alive if it's emitting code for create_this 4556 https://bugs.webkit.org/show_bug.cgi?id=115133 4557 4558 Reviewed by Mark Hahnenberg. 4559 4560 The DFG must model bytecode liveness, or else OSR exit is going to have a really bad time. 4561 4562 * dfg/DFGByteCodeParser.cpp: 4563 (JSC::DFG::ByteCodeParser::parseBlock): 4564 45652013-04-24 Roger Fong <roger_fong@apple.com> 4566 4567 Have VS2010 WebKit solution look in WebKit_Libraries/lib32 for dependencies. 4568 4569 * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: 4570 * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd: 4571 * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd: 4572 * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd: 4573 * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: 4574 * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: 4575 * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: 4576 * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: 4577 45782013-04-24 Geoffrey Garen <ggaren@apple.com> 4579 4580 32-bit build fix. 4581 4582 Unreviewed. 4583 4584 * dfg/DFGSpeculativeJIT.cpp: 4585 (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): Explicitly 4586 truncate to 32-bit to avoid compiler warnings. It's safe to truncate 4587 because the payload of a boolean is the low bits on both 64-bit and 32-bit. 4588 45892013-04-23 Geoffrey Garen <ggaren@apple.com> 4590 4591 Filled out more cases of branch folding in the DFG 4592 https://bugs.webkit.org/show_bug.cgi?id=115088 4593 4594 Reviewed by Oliver Hunt. 4595 4596 No change on the benchmarks we track, but a 3X speedup on a 4597 microbenchmark that uses these techniques. 4598 4599 * dfg/DFGByteCodeParser.cpp: 4600 (JSC::DFG::ByteCodeParser::parseBlock): (!/=)= and (!/=)== can constant 4601 fold all types, not just numbers, because true constants have no 4602 side effects when type-converted at runtime. 4603 4604 * dfg/DFGFixupPhase.cpp: 4605 (JSC::DFG::FixupPhase::fixupNode): 4606 * dfg/DFGNode.h: 4607 (JSC::DFG::Node::shouldSpeculateBoolean): Added support for fixing up 4608 boolean uses, like we do for other types like number. 4609 4610 * dfg/DFGSpeculativeJIT.cpp: 4611 (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): 4612 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): 4613 (JSC::DFG::SpeculativeJIT::compare): 4614 (JSC::DFG::SpeculativeJIT::compileStrictEq): 4615 (JSC::DFG::SpeculativeJIT::compileBooleanCompare): Peephole fuse 4616 boolean compare and/or compare-branch, now that we have the types for 4617 them. 4618 4619 * dfg/DFGSpeculativeJIT.h: Updated declarations. 4620 4621== Rolled over to ChangeLog-2013-04-24 == 4622