[WebKit-https.git] / JavaScriptCore / ChangeLog

2008-10-22  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - fix https://bugs.webkit.org/show_bug.cgi?id=21294
          Bug 21294: Devirtualize getOwnPropertySlot()

        A bit over 3% faster on V8 tests.

        * JavascriptCore.exp: Export leak-related functions..

        * API/JSCallbackConstructor.h:
        (JSC::JSCallbackConstructor::createStructureID): Set HasStandardGetOwnPropertySlot
        since this class doesn't override getPropertySlot.
        * API/JSCallbackFunction.h:
        (JSC::JSCallbackFunction::createStructureID): Ditto.

        * VM/ExceptionHelpers.cpp:
        (JSC::InterruptedExecutionError::InterruptedExecutionError): Use a structure
        that's created just for this class instead of trying to share a single "null
        prototype" structure.

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_create_arguments_no_params): Rename
        Arguments::ArgumentsNoParameters to Arguments::NoParameters.
        
        * kjs/Arguments.h: Rename the enum from Arguments::ArgumentsParameters to
        Arguments::NoParametersType and the value from Arguments::ArgumentsNoParameters
        to Arguments::NoParameters.
        (JSC::Arguments::createStructureID): Added. Returns a structure without
        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
        (JSC::Arguments::Arguments): Added an assertion that there are no parameters.

        * kjs/DatePrototype.h:
        (JSC::DatePrototype::createStructureID): Added. Returns a structure without
        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.

        * kjs/FunctionPrototype.h:
        (JSC::FunctionPrototype::createStructureID): Set HasStandardGetOwnPropertySlot
        since this class doesn't override getPropertySlot.
        * kjs/InternalFunction.h:
        (JSC::InternalFunction::createStructureID): Ditto.

        * kjs/JSArray.h:
        (JSC::JSArray::createStructureID): Added. Returns a structure without
        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.

        * kjs/JSCell.h: Added declaration of fastGetOwnPropertySlot; a non-virtual
        version that uses the structure bit to decide whether to call the virtual
        version.

        * kjs/JSFunction.h:
        (JSC::JSFunction::createStructureID): Added. Returns a structure without
        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.

        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Initialize new structures; removed
        nullProtoStructureID.
        * kjs/JSGlobalData.h: Added new structures. Removed nullProtoStructureID.

        * kjs/JSGlobalObject.h:
        (JSC::JSGlobalObject::createStructureID): Added. Returns a structure without
        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.

        * kjs/JSNotAnObject.h:
        (JSC::JSNotAnObjectErrorStub::JSNotAnObjectErrorStub): Use a structure
        that's created just for this class instead of trying to share a single "null
        prototype" structure.
        (JSC::JSNotAnObjectErrorStub::isNotAnObjectErrorStub): Marked this function
        virtual for clarity and made it private since no one should call it if they
        already have a pointer to this specific type.
        (JSC::JSNotAnObject::JSNotAnObject): Use a structure that's created just
        for this class instead of trying to share a single "null prototype" structure.
        (JSC::JSNotAnObject::createStructureID): Added. Returns a structure without
        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.

        * kjs/JSObject.h:
        (JSC::JSObject::createStructureID): Added HasStandardGetOwnPropertySlot.
        (JSC::JSObject::inlineGetOwnPropertySlot): Added. Used so we can share code
        between getOwnPropertySlot and fastGetOwnPropertySlot.
        (JSC::JSObject::getOwnPropertySlot): Moved so that functions are above the
        functions that call them. Moved the guts of this function into
        inlineGetOwnPropertySlot.
        (JSC::JSCell::fastGetOwnPropertySlot): Added. Checks the
        HasStandardGetOwnPropertySlot bit and if it's set, calls
        inlineGetOwnPropertySlot, otherwise calls getOwnPropertySlot.
        (JSC::JSObject::getPropertySlot): Changed to call fastGetOwnPropertySlot.
        (JSC::JSValue::get): Changed to call fastGetOwnPropertySlot.

        * kjs/JSWrapperObject.h: Made constructor protected to emphasize that
        this class is only a base class and never instantiated.

        * kjs/MathObject.h:
        (JSC::MathObject::createStructureID): Added. Returns a structure without
        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
        * kjs/NumberConstructor.h:
        (JSC::NumberConstructor::createStructureID): Ditto.
        * kjs/RegExpConstructor.h:
        (JSC::RegExpConstructor::createStructureID): Ditto.
        * kjs/RegExpObject.h:
        (JSC::RegExpObject::createStructureID): Ditto.
        * kjs/StringObject.h:
        (JSC::StringObject::createStructureID): Ditto.

        * kjs/TypeInfo.h: Added HasStandardGetOwnPropertySlot flag and
        hasStandardGetOwnPropertySlot accessor function.

2008-10-22  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Geoff Garen.

        Bug 21803: Fuse op_jfalse with op_eq_null and op_neq_null
        <https://bugs.webkit.org/show_bug.cgi?id=21803>

        Fuse op_jfalse with op_eq_null and op_neq_null to make the new opcodes
        op_jeq_null and op_jneq_null.

        This is a 2.6% speedup on the V8 Raytrace benchmark, and strangely also
        a 4.7% speedup on the V8 Arguments benchmark, even though it uses
        neither of the two new opcodes.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitJumpIfTrue):
        (JSC::CodeGenerator::emitJumpIfFalse):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        * VM/Opcode.h:

2008-10-22  Darin Fisher  <darin@chromium.org>

        Reviewed by Eric Seidel.

        Should not define PLATFORM(WIN,MAC,GTK) when PLATFORM(CHROMIUM) is defined
        https://bugs.webkit.org/show_bug.cgi?id=21757

        PLATFORM(CHROMIUM) implies HAVE_ACCESSIBILITY

        * wtf/Platform.h:

2008-10-22  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Alexey Proskuryakov.

        Correct opcode names in documentation.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):

2008-10-21  Oliver Hunt <oliver@apple.com>

        RS=Maciej Stachowiak.

        Force FastMalloc to make all allocated pages executable in
        a vague hope this will allow the Win2k3 bot to be able to
        run tests.

        Filed Bug 21783: Need more granular control over allocation of executable memory
        to cover a more granular version of this patch.

        * wtf/TCSystemAlloc.cpp:
        (TryVirtualAlloc):

2008-10-21  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=21769
        MessagePort should be GC protected if there are messages to be delivered

        * wtf/MessageQueue.h:
        (WTF::::isEmpty): Added. Also added a warning for methods that return a snapshot of queue
        state, thus likely to cause race conditions.

2008-10-21  Darin Adler  <darin@apple.com>

        Reviewed by Maciej Stachowiak.

        - convert post-increment to pre-increment in a couple more places for speed

        Speeds up V8 benchmarks a little on most computers. (But, strangely, slows
        them down a little on my computer.)

        * kjs/nodes.cpp:
        (JSC::statementListEmitCode): Removed default argument, since we always want
        to specify this explicitly.
        (JSC::ForNode::emitCode): Tolerate ignoredResult() as the dst -- means the
        same thing as 0.
        (JSC::ReturnNode::emitCode): Ditto.
        (JSC::ThrowNode::emitCode): Ditto.
        (JSC::FunctionBodyNode::emitCode): Pass ignoredResult() so that we know we
        don't have to compute the result of function statements.

2008-10-21  Peter Kasting  <pkasting@google.com>

        Reviewed by Maciej Stachowiak.

        Fix an include of a non-public header to use "" instead of <>.

        * API/JSProfilerPrivate.cpp:

2008-10-20  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21766
        REGRESSION: 12 JSC tests fail

        The JSGlobalObject was mutating the shared nullProtoStructureID when
        used in jsc.  Instead of using nullProtoStructureID, use a new StructureID.

        * API/JSCallbackObject.h:
        * API/JSCallbackObjectFunctions.h:
        (JSC::::JSCallbackObject):
        * API/JSContextRef.cpp:
        (JSGlobalContextCreateInGroup):
        * kjs/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObject):
        * kjs/Shell.cpp:
        (GlobalObject::GlobalObject):
        (jscmain):

2008-10-20  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Remove an untaken branch in CodeGenerator::emitJumpIfFalse(). This
        function is never called with a backwards target LabelID, and there is
        even an assertion to this effect at the top of the function body.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitJumpIfFalse):

2008-10-20  Cameron Zwarich  <zwarich@apple.com>

        Rubber-stamped by Sam Weinig.

        Add opcode documentation for undocumented opcodes.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):

2008-10-16  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21683
        Don't create intermediate StructureIDs for builtin objects

        Second stage in reduce number of StructureIDs created when initializing the
        JSGlobalObject.

        - Use putDirectWithoutTransition for the remaining singleton objects to reduce
          the number of StructureIDs create for about:blank from 132 to 73.

        * kjs/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        * kjs/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        * kjs/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * kjs/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * kjs/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * kjs/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * kjs/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * kjs/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        (JSC::FunctionPrototype::addFunctionProperties):
        * kjs/FunctionPrototype.h:
        (JSC::FunctionPrototype::createStructureID):
        * kjs/InternalFunction.cpp:
        * kjs/InternalFunction.h:
        (JSC::InternalFunction::InternalFunction):
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * kjs/JSObject.h:
        * kjs/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * kjs/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        * kjs/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * kjs/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        * kjs/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * kjs/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::RegExpPrototype):
        * kjs/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * kjs/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * kjs/StructureID.cpp:
        (JSC::StructureID::dumpStatistics):
        * kjs/StructureID.h:
        (JSC::StructureID::setPrototypeWithoutTransition):

2008-10-20  Alp Toker  <alp@nuanti.com>

        Fix autotools dist build target by listing recently added header
        files only. Not reviewed.

        * GNUmakefile.am:

2008-10-20  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Anders Carlsson.

        * VM/Machine.cpp:
        (JSC::Machine::tryCacheGetByID): Removed a redundant and sometimes
        incorrect cast, which started ASSERTing after Darin's last checkin.

2008-10-20  Geoffrey Garen  <ggaren@apple.com>

        Not reviewed.
        
        Re-enable CTI, which I accidentally disabled while checking in fixes
        to bytecode.

        * wtf/Platform.h:

2008-10-20  Alp Toker  <alp@nuanti.com>

        Rubber-stamped by Mark Rowe.

        Typo fix in function name: mimimum -> minimum.

        * kjs/DateMath.cpp:
        (JSC::minimumYearForDST):
        (JSC::equivalentYearForDST):

2008-10-20  Alp Toker  <alp@nuanti.com>

        Reviewed by Mark Rowe.

        Use pthread instead of GThread where possible in the GTK+ port. This
        fixes issues with global initialisation, particularly on GTK+/Win32
        where a late g_thread_init() will cause hangs.

        * GNUmakefile.am:
        * wtf/Platform.h:
        * wtf/Threading.h:
        * wtf/ThreadingGtk.cpp:
        * wtf/ThreadingPthreads.cpp:

2008-10-20  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=21735
        Emit profiling instrumentation only if the Web Inspector's profiling
        feature is enabled

        22.2% speedup on empty function call benchmark.
        2.9% speedup on v8 benchmark.
        0.7% speedup on SunSpider.
        
        Lesser but similar speedups in bytecode.

        * VM/CTI.cpp:
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases): Nixed JITed profiler hooks. Profiler
        hooks now have their own opcodes. Added support for compiling profiler
        hook opcodes.
        
        (JSC::CodeBlock::dump): Dump support for the new profiling opcodes.

        * VM/CodeGenerator.h:
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        (JSC::CodeGenerator::emitCall):
        (JSC::CodeGenerator::emitConstruct): Conditionally emit profiling hooks
        around call and construct, at the call site. (It's easier to get things
        right this way, if you have profiled code calling non-profiled code.
        Also, you get a slightly more accurate profile, since you charge the full
        cost of the call / construct operation to the callee.)
        
        Also, fixed a bug where construct would fetch the ".prototype" property
        from the constructor before evaluating the arguments to the constructor,
        incorrectly allowing an "invalid constructor" exception to short-circuit
        argument evaluation. I encountered this bug when trying to make
        constructor exceptions work with profiling.

        * VM/Machine.cpp:
        (JSC::Machine::callEval): Removed obsolete profiler hooks.

        (JSC::Machine::throwException): Added a check for an exception thrown
        within a call instruction. We didn't need this before because the call
        instruction would check for a valid call before involing the profiler.
        (JSC::Machine::execute): Added a didExecute hook at the end of top-level
        function invocation, since op_ret no longer does this for us.

        (JSC::Machine::privateExecute): Removed obsolete profiler hooks. Added
        profiler opcodes. Changed some ++vPC to vPC[x] notation, since the
        latter is better for performance, and it makes reasoning about the
        current opcode in exception handling much simpler.

        (JSC::Machine::cti_op_call_NotJSFunction): Removed obsolete profiler
        hooks.

        (JSC::Machine::cti_op_create_arguments_no_params): Added missing
        CTI_STACK_HACK that I noticed when adding CTI_STACK_HACK to the new
        profiler opcode functions.

        (JSC::Machine::cti_op_profile_will_call):
        (JSC::Machine::cti_op_profile_did_call): The new profiler opcode
        functions.

        (JSC::Machine::cti_op_construct_NotJSConstruct): Removed obsolete profiler
        hooks.

        * VM/Machine.h:
        (JSC::Machine::isCallOpcode): Helper for exception handling.

        * VM/Opcode.h: Declare new opcodes.

        * kjs/JSGlobalObject.h:
        (JSC::JSGlobalObject::supportsProfiling): Added virtual interface that
        allows WebCore to specify whether the target global object has the Web
        Inspector's profiling feature enabled.

        * profiler/Profiler.cpp:
        (JSC::Profiler::willExecute):
        (JSC::Profiler::didExecute):
        (JSC::Profiler::createCallIdentifier):
        * profiler/Profiler.h: Added support for invoking the profiler with
        an arbitrary JSValue*, and not a known object. We didn't need this
        before because the call instruction would check for a valid call before
        involing the profiler.

2008-10-20  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        - get CTI working on Windows again

        * VM/CTI.cpp:
        (JSC::CTI::emitCTICall): Add an overload for functions that
        return JSObject*.
        * VM/CTI.h: Use JSValue* and JSObject* as return types for
        cti_op functions. Apparently, MSVC doesn't handle returning
        the JSValuePtr struct in a register. We'll have to look into
        this more.

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_convert_this):
        (JSC::Machine::cti_op_add):
        (JSC::Machine::cti_op_pre_inc):
        (JSC::Machine::cti_op_new_object):
        (JSC::Machine::cti_op_get_by_id):
        (JSC::Machine::cti_op_get_by_id_second):
        (JSC::Machine::cti_op_get_by_id_generic):
        (JSC::Machine::cti_op_get_by_id_fail):
        (JSC::Machine::cti_op_instanceof):
        (JSC::Machine::cti_op_del_by_id):
        (JSC::Machine::cti_op_mul):
        (JSC::Machine::cti_op_new_func):
        (JSC::Machine::cti_op_push_activation):
        (JSC::Machine::cti_op_call_NotJSFunction):
        (JSC::Machine::cti_op_new_array):
        (JSC::Machine::cti_op_resolve):
        (JSC::Machine::cti_op_construct_JSConstructFast):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        (JSC::Machine::cti_op_get_by_val):
        (JSC::Machine::cti_op_sub):
        (JSC::Machine::cti_op_lesseq):
        (JSC::Machine::cti_op_negate):
        (JSC::Machine::cti_op_resolve_base):
        (JSC::Machine::cti_op_resolve_skip):
        (JSC::Machine::cti_op_resolve_global):
        (JSC::Machine::cti_op_div):
        (JSC::Machine::cti_op_pre_dec):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_eq):
        (JSC::Machine::cti_op_lshift):
        (JSC::Machine::cti_op_bitand):
        (JSC::Machine::cti_op_rshift):
        (JSC::Machine::cti_op_bitnot):
        (JSC::Machine::cti_op_new_func_exp):
        (JSC::Machine::cti_op_mod):
        (JSC::Machine::cti_op_less):
        (JSC::Machine::cti_op_neq):
        (JSC::Machine::cti_op_urshift):
        (JSC::Machine::cti_op_bitxor):
        (JSC::Machine::cti_op_new_regexp):
        (JSC::Machine::cti_op_bitor):
        (JSC::Machine::cti_op_call_eval):
        (JSC::Machine::cti_op_throw):
        (JSC::Machine::cti_op_next_pname):
        (JSC::Machine::cti_op_typeof):
        (JSC::Machine::cti_op_is_undefined):
        (JSC::Machine::cti_op_is_boolean):
        (JSC::Machine::cti_op_is_number):
        (JSC::Machine::cti_op_is_string):
        (JSC::Machine::cti_op_is_object):
        (JSC::Machine::cti_op_is_function):
        (JSC::Machine::cti_op_stricteq):
        (JSC::Machine::cti_op_nstricteq):
        (JSC::Machine::cti_op_to_jsnumber):
        (JSC::Machine::cti_op_in):
        (JSC::Machine::cti_op_push_new_scope):
        (JSC::Machine::cti_op_del_by_val):
        (JSC::Machine::cti_op_new_error):
        (JSC::Machine::cti_vm_throw):
        Change these functions to return pointer types, and never
        JSValuePtr.
        * VM/Machine.h: Ditto.

2008-10-20  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Fixed some recent break-age in bytecode mode.

        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::printStructureIDs): Fixed up an ASSERT caused by
        Gavin's last checkin. This is a temporary fix so I can keep on moving.
        I'll send email about what I think is an underlying problem soon.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute): Removed a redundant and sometimes
        incorrect cast, which started ASSERTing after Darin's last checkin.

2008-10-20  Darin Adler  <darin@apple.com>

        - another similar Windows build fix

        * VM/CTI.cpp: Changed return type to JSObject* instead of JSValuePtr.

2008-10-20  Darin Adler  <darin@apple.com>

        - try to fix Windows build

        * VM/CTI.cpp: Use JSValue* instead of JSValuePtr for ctiTrampoline.
        * VM/CTI.h: Ditto.

2008-10-19  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - finish https://bugs.webkit.org/show_bug.cgi?id=21732
          improve performance by eliminating JSValue as a base class for JSCell

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_call_profiler): Use asFunction.
        (JSC::Machine::cti_vm_lazyLinkCall): Ditto.
        (JSC::Machine::cti_op_construct_JSConstructFast): Use asObject.

        * kjs/JSCell.h: Re-sort friend classes. Eliminate inheritance from
        JSValue. Changed cast in asCell from static_cast to reinterpret_cast.
        Removed JSValue::getNumber(double&) and one of JSValue::getObject
        overloads.

        * kjs/JSValue.h: Made the private constructor and destructor both
        non-virtual and also remove the definitions. This class can never
        be instantiated or derived.

2008-10-19  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
          improve performance by eliminating JSValue as a base class for JSCell

        Change JSValuePtr from a typedef into a class. This allows us to support
        conversion from JSCell* to JSValuePtr even if JSCell isn't derived from
        JSValue.

        * JavaScriptCore.exp: Updated symbols that involve JSValuePtr, since
        it's now a distinct type.

        * API/APICast.h:
        (toRef): Extract the JSValuePtr payload explicitly since we can't just
        cast any more.
        * VM/CTI.cpp:
        (JSC::CTI::asInteger): Ditto.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::addConstant): Get at the payload directly.
        (JSC::CodeGenerator::emitLoad): Added an overload of JSCell* because
        otherwise classes derived from JSValue end up calling the bool
        overload instead of JSValuePtr.
        * VM/CodeGenerator.h: Ditto. Also update traits to use JSValue*
        and the payload functions.

        * VM/Register.h: Added a JSCell* overload and use of payload functions.

        * kjs/JSCell.h:
        (JSC::asCell): Use payload function.
        (JSC::JSValue::asCell): Use JSValue* instead of JSValuePtr.
        (JSC::JSValuePtr::JSValuePtr): Added. Constructor that takes JSCell*
        and creates a JSValuePtr.

        * kjs/JSImmediate.h: Added JSValuePtr class. Also updated makeValue
        and makeInt to work with JSValue* and the payload function.

        * kjs/JSValue.h: Added == and != operators for JSValuePtr. Put them
        here because eventually all the JSValue functions should go here
        except what's needed by JSImmediate. Also fix asValue to use
        JSValue* instead of JSValuePtr.

        * kjs/PropertySlot.h: Change constructor to take JSValuePtr.

        * kjs/protect.h: Update gcProtect functions to work with JSCell*
        as well as JSValuePtr. Also updated the ProtectedPtr<JSValuePtr>
        specialization to work more directly. Also changed all the call
        sites to use gcProtectNullTolerant.

2008-10-19  Darin Adler  <darin@apple.com>

        Reviewed by Oliver Hunt.

        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
          improve performance by eliminating JSValue as a base class for JSCell

        Remove most uses of JSValue, which will be removed in a future patch.

        * VM/Machine.cpp:
        (JSC::fastToUInt32): Call toUInt32SlowCase function; no longer a member
        of JSValue.
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::toInt32): Ditto.
        (JSC::JSNumberCell::toUInt32): Ditto.

        * kjs/JSValue.cpp:
        (JSC::toInt32SlowCase): Made a non-member function.
        (JSC::JSValue::toInt32SlowCase): Changed to call non-member function.
        (JSC::toUInt32SlowCase): More of the same.
        (JSC::JSValue::toUInt32SlowCase): Ditto.

        * kjs/JSValue.h: Moved static member function so they are no longer
        member functions at all.

        * VM/CTI.h: Removed forward declaration of JSValue.
        * VM/ExceptionHelpers.h: Ditto.
        * kjs/CallData.h: Ditto.
        * kjs/ConstructData.h: Ditto.
        * kjs/JSGlobalObjectFunctions.h: Ditto.
        * kjs/PropertyMap.h: Ditto.
        * kjs/StructureID.h: Ditto.
        * kjs/collector.h: Ditto.
        * kjs/completion.h: Ditto.

        * kjs/grammar.y:
        (JSC::makeBitwiseNotNode): Call new non-member toInt32 function.
        (JSC::makeLeftShiftNode): More of the same.
        (JSC::makeRightShiftNode): Ditto.

        * kjs/protect.h: Added a specialization for ProtectedPtr<JSValuePtr>
        so this can be used with JSValuePtr.

2008-10-18  Darin Adler  <darin@apple.com>

        Reviewed by Oliver Hunt.

        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
          improve performance by eliminating JSValue as a base class for JSCell

        Tweak a little more to get closer to where we can make JSValuePtr a class.

        * API/APICast.h:
        (toJS): Change back to JSValue* here, since we're converting the
        pointer type.
        * VM/CTI.cpp:
        (JSC::CTI::unlinkCall): Call asPointer.
        * VM/CTI.h: Cast to JSValue* here, since it's a pointer cast.
        * kjs/DebuggerCallFrame.h:
        (JSC::DebuggerCallFrame::DebuggerCallFrame): Call noValue.
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Call noValue.
        * kjs/JSImmediate.cpp:
        (JSC::JSImmediate::toObject): Remove unneeded const_cast.
        * kjs/JSWrapperObject.h:
        (JSC::JSWrapperObject::JSWrapperObject): Call noValue.

2008-10-18  Darin Adler  <darin@apple.com>

        - fix non-all-in-one build

        * kjs/completion.h:
        (JSC::Completion::Completion): Add include of JSValue.h.

2008-10-18  Darin Adler  <darin@apple.com>

        Reviewed by Oliver Hunt.

        - fix assertions I introduced with my casting changes

        These were showing up as failures in the JavaScriptCore tests.

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_instanceof): Remove the bogus asCell casting that
        was at the top of the function, and instead cast at the point of use.
        (JSC::Machine::cti_op_construct_NotJSConstruct): Moved the cast to
        object after checking the construct type.

2008-10-18  Darin Adler  <darin@apple.com>

        - fix non-all-in-one build

        * kjs/JSGlobalObjectFunctions.h: Add include of JSImmedate.h (for now).

2008-10-18  Darin Adler  <darin@apple.com>

        - fix build

        * kjs/interpreter.h: Include JSValue.h instead of JSImmediate.h.

2008-10-18  Darin Adler  <darin@apple.com>

        * kjs/interpreter.h: Fix include of JSImmediate.h.

2008-10-18  Darin Adler  <darin@apple.com>

        - fix non-all-in-one build

        * kjs/interpreter.h: Add include of JSImmediate.h.

2008-10-18  Darin Adler  <darin@apple.com>

        - fix non-all-in-one build

        * kjs/ConstructData.h: Add include of JSImmedate.h (for now).

2008-10-18  Darin Adler  <darin@apple.com>

        - try to fix Windows build

        * VM/Machine.cpp:
        (JSC::Machine::Machine): Use JSCell* type since MSVC seems to only allow
        calling ~JSCell directly if it's a JSCell*.

2008-10-18  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - next step on https://bugs.webkit.org/show_bug.cgi?id=21732
          improve performance by eliminating JSValue as a base class for JSCell

        Use JSValuePtr everywhere instead of JSValue*. In the future, we'll be
        changing JSValuePtr to be a class, and then eventually renaming it
        to JSValue once that's done.

        * JavaScriptCore.exp: Update entry points, since some now take JSValue*
        instead of const JSValue*.

        * API/APICast.h:
        * API/JSCallbackConstructor.h:
        * API/JSCallbackFunction.cpp:
        * API/JSCallbackFunction.h:
        * API/JSCallbackObject.h:
        * API/JSCallbackObjectFunctions.h:
        * API/JSContextRef.cpp:
        * API/JSObjectRef.cpp:
        * API/JSValueRef.cpp:
        * VM/CTI.cpp:
        * VM/CTI.h:
        * VM/CodeBlock.cpp:
        * VM/CodeBlock.h:
        * VM/CodeGenerator.cpp:
        * VM/CodeGenerator.h:
        * VM/ExceptionHelpers.cpp:
        * VM/ExceptionHelpers.h:
        * VM/JSPropertyNameIterator.cpp:
        * VM/JSPropertyNameIterator.h:
        * VM/Machine.cpp:
        * VM/Machine.h:
        * VM/Register.h:
        * kjs/ArgList.cpp:
        * kjs/ArgList.h:
        * kjs/Arguments.cpp:
        * kjs/Arguments.h:
        * kjs/ArrayConstructor.cpp:
        * kjs/ArrayPrototype.cpp:
        * kjs/BooleanConstructor.cpp:
        * kjs/BooleanConstructor.h:
        * kjs/BooleanObject.h:
        * kjs/BooleanPrototype.cpp:
        * kjs/CallData.cpp:
        * kjs/CallData.h:
        * kjs/ConstructData.cpp:
        * kjs/ConstructData.h:
        * kjs/DateConstructor.cpp:
        * kjs/DateInstance.h:
        * kjs/DatePrototype.cpp:
        * kjs/DebuggerCallFrame.cpp:
        * kjs/DebuggerCallFrame.h:
        * kjs/ErrorConstructor.cpp:
        * kjs/ErrorPrototype.cpp:
        * kjs/ExecState.cpp:
        * kjs/ExecState.h:
        * kjs/FunctionConstructor.cpp:
        * kjs/FunctionPrototype.cpp:
        * kjs/GetterSetter.cpp:
        * kjs/GetterSetter.h:
        * kjs/InternalFunction.h:
        * kjs/JSActivation.cpp:
        * kjs/JSActivation.h:
        * kjs/JSArray.cpp:
        * kjs/JSArray.h:
        * kjs/JSCell.cpp:
        * kjs/JSCell.h:
        * kjs/JSFunction.cpp:
        * kjs/JSFunction.h:
        * kjs/JSGlobalData.h:
        * kjs/JSGlobalObject.cpp:
        * kjs/JSGlobalObject.h:
        * kjs/JSGlobalObjectFunctions.cpp:
        * kjs/JSGlobalObjectFunctions.h:
        * kjs/JSImmediate.cpp:
        * kjs/JSImmediate.h:
        * kjs/JSNotAnObject.cpp:
        * kjs/JSNotAnObject.h:
        * kjs/JSNumberCell.cpp:
        * kjs/JSNumberCell.h:
        * kjs/JSObject.cpp:
        * kjs/JSObject.h:
        * kjs/JSStaticScopeObject.cpp:
        * kjs/JSStaticScopeObject.h:
        * kjs/JSString.cpp:
        * kjs/JSString.h:
        * kjs/JSValue.h:
        * kjs/JSVariableObject.h:
        * kjs/JSWrapperObject.h:
        * kjs/MathObject.cpp:
        * kjs/NativeErrorConstructor.cpp:
        * kjs/NumberConstructor.cpp:
        * kjs/NumberConstructor.h:
        * kjs/NumberObject.cpp:
        * kjs/NumberObject.h:
        * kjs/NumberPrototype.cpp:
        * kjs/ObjectConstructor.cpp:
        * kjs/ObjectPrototype.cpp:
        * kjs/ObjectPrototype.h:
        * kjs/PropertyMap.h:
        * kjs/PropertySlot.cpp:
        * kjs/PropertySlot.h:
        * kjs/RegExpConstructor.cpp:
        * kjs/RegExpConstructor.h:
        * kjs/RegExpMatchesArray.h:
        * kjs/RegExpObject.cpp:
        * kjs/RegExpObject.h:
        * kjs/RegExpPrototype.cpp:
        * kjs/Shell.cpp:
        * kjs/StringConstructor.cpp:
        * kjs/StringObject.cpp:
        * kjs/StringObject.h:
        * kjs/StringObjectThatMasqueradesAsUndefined.h:
        * kjs/StringPrototype.cpp:
        * kjs/StructureID.cpp:
        * kjs/StructureID.h:
        * kjs/collector.cpp:
        * kjs/collector.h:
        * kjs/completion.h:
        * kjs/grammar.y:
        * kjs/interpreter.cpp:
        * kjs/interpreter.h:
        * kjs/lookup.cpp:
        * kjs/lookup.h:
        * kjs/nodes.h:
        * kjs/operations.cpp:
        * kjs/operations.h:
        * kjs/protect.h:
        * profiler/ProfileGenerator.cpp:
        Replace JSValue* with JSValuePtr.

2008-10-18  Darin Adler  <darin@apple.com>

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_call_eval): Removed stray parentheses from my
        last check-in.

2008-10-18  Darin Adler  <darin@apple.com>

        Reviewed by Oliver Hunt.

        - first step of https://bugs.webkit.org/show_bug.cgi?id=21732
          improve performance by eliminating JSValue as a base class for JSCell

        Remove casts from JSValue* to derived classes, replacing them with
        calls to inline casting functions. These functions are also a bit
        better than aidrect cast because they also do a runtime assertion.

        Removed use of 0 as for JSValue*, changing call sites to use a
        noValue() function instead.

        Move things needed by classes derived from JSValue out of the class,
        since the classes won't be deriving from JSValue any more soon.

        I did most of these changes by changing JSValue to not be JSValue* any
        more, then fixing a lot of the compilation problems, then rolling out
        the JSValue change.

        1.011x as fast on SunSpider (presumably due to some of the Machine.cpp changes)

        * API/APICast.h: Removed unneeded forward declarations.

        * API/JSCallbackObject.h: Added an asCallbackObject function for casting.
        * API/JSCallbackObjectFunctions.h:
        (JSC::JSCallbackObject::asCallbackObject): Added.
        (JSC::JSCallbackObject::getOwnPropertySlot): Use asObject.
        (JSC::JSCallbackObject::call): Use noValue.
        (JSC::JSCallbackObject::staticValueGetter): Use asCallbackObject.
        (JSC::JSCallbackObject::staticFunctionGetter): Ditto.
        (JSC::JSCallbackObject::callbackGetter): Ditto.

        * JavaScriptCore.exp: Updated.

        * JavaScriptCore.xcodeproj/project.pbxproj: Added RegExpMatchesArray.h.

        * VM/CTI.cpp:
        (JSC::CTI::asInteger): Added. For use casting a JSValue to an integer.
        (JSC::CTI::emitGetArg): Use asInteger.
        (JSC::CTI::emitGetPutArg): Ditto.
        (JSC::CTI::getConstantImmediateNumericArg): Ditto. Also use noValue.
        (JSC::CTI::emitInitRegister): Use asInteger.
        (JSC::CTI::getDeTaggedConstantImmediate): Ditto.
        (JSC::CTI::compileOpCallInitializeCallFrame): Ditto.
        (JSC::CTI::compileOpCall): Ditto.
        (JSC::CTI::compileOpStrictEq): Ditto.
        (JSC::CTI::privateCompileMainPass): Ditto.
        (JSC::CTI::privateCompileGetByIdProto): Ditto.
        (JSC::CTI::privateCompileGetByIdChain): Ditto.
        (JSC::CTI::privateCompilePutByIdTransition): Ditto.
        * VM/CTI.h: Rewrite the ARG-related macros to use C++ casts instead of
        C casts and get rid of some extra parentheses. Addd declaration of
        asInteger.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitEqualityOp): Use asString.
        (JSC::CodeGenerator::emitLoad): Use noValue.
        (JSC::CodeGenerator::findScopedProperty): Change globalObject argument
        to JSObject* instead of JSValue*.
        (JSC::CodeGenerator::emitResolve): Remove unneeded cast.
        (JSC::CodeGenerator::emitGetScopedVar): Use asCell.
        (JSC::CodeGenerator::emitPutScopedVar): Ditto.
        * VM/CodeGenerator.h: Changed out argument of findScopedProperty.
        Also change the JSValueMap to use PtrHash explicitly instead of
        getting it from DefaultHash.

        * VM/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::toPrimitive): Use noValue.
        * VM/JSPropertyNameIterator.h:
        (JSC::JSPropertyNameIterator::next): Ditto.

        * VM/Machine.cpp:
        (JSC::fastIsNumber): Moved isImmediate check here instead of
        checking for 0 inside Heap::isNumber. Use asCell and asNumberCell.
        (JSC::fastToInt32): Ditto.
        (JSC::fastToUInt32): Ditto.
        (JSC::jsLess): Use asString.
        (JSC::jsLessEq): Ditto.
        (JSC::jsAdd): Ditto.
        (JSC::jsTypeStringForValue): Use asObject.
        (JSC::jsIsObjectType): Ditto.
        (JSC::jsIsFunctionType): Ditto.
        (JSC::inlineResolveBase): Use noValue.
        (JSC::Machine::callEval): Use asString. Initialize result to
        undefined, not 0.
        (JSC::Machine::Machine): Remove unneeded casts to JSCell*.
        (JSC::Machine::throwException): Use asObject.
        (JSC::Machine::debug): Remove explicit calls to the DebuggerCallFrame
        constructor.
        (JSC::Machine::checkTimeout): Use noValue.
        (JSC::cachePrototypeChain): Use asObject.
        (JSC::Machine::tryCachePutByID): Use asCell.
        (JSC::Machine::tryCacheGetByID): Use aCell and asObject.
        (JSC::Machine::privateExecute): Use noValue, asCell, asObject, asString,
        asArray, asActivation, asFunction. Changed code that creates call frames
        for host functions to pass 0 for the function pointer -- the call frame
        needs a JSFunction* and a host function object is not one. This was
        caught by the assertions in the casting functions. Also remove some
        unneeded casts in cases where two values are compared.
        (JSC::Machine::retrieveLastCaller): Use noValue.
        (JSC::Machine::tryCTICachePutByID): Use asCell.
        (JSC::Machine::tryCTICacheGetByID): Use aCell and asObject.
        (JSC::setUpThrowTrampolineReturnAddress): Added this function to restore
        the PIC-branch-avoidance that was recently lost.
        (JSC::Machine::cti_op_add): Use asString.
        (JSC::Machine::cti_op_instanceof): Use asCell and asObject.
        (JSC::Machine::cti_op_call_JSFunction): Use asFunction.
        (JSC::Machine::cti_op_call_NotJSFunction): Changed code to pass 0 for
        the function pointer, since we don't have a JSFunction. Use asObject.
        (JSC::Machine::cti_op_tear_off_activation): Use asActivation.
        (JSC::Machine::cti_op_construct_JSConstruct): Use asFunction and asObject.
        (JSC::Machine::cti_op_construct_NotJSConstruct): use asObject.
        (JSC::Machine::cti_op_get_by_val): Use asArray and asString.
        (JSC::Machine::cti_op_resolve_func): Use asPointer; this helps prepare
        us for a situation where JSValue is not a pointer.
        (JSC::Machine::cti_op_put_by_val): Use asArray.
        (JSC::Machine::cti_op_put_by_val_array): Ditto.
        (JSC::Machine::cti_op_resolve_global): Use asGlobalObject.
        (JSC::Machine::cti_op_post_inc): Change VM_CHECK_EXCEPTION_2 to
        VM_CHECK_EXCEPTION_AT_END, since there's no observable work done after
        that point. Also use asPointer.
        (JSC::Machine::cti_op_resolve_with_base): Use asPointer.
        (JSC::Machine::cti_op_post_dec): Change VM_CHECK_EXCEPTION_2 to
        VM_CHECK_EXCEPTION_AT_END, since there's no observable work done after
        that point. Also use asPointer.
        (JSC::Machine::cti_op_call_eval): Use asObject, noValue, and change
        VM_CHECK_EXCEPTION_ARG to VM_THROW_EXCEPTION_AT_END.
        (JSC::Machine::cti_op_throw): Change return value to a JSValue*.
        (JSC::Machine::cti_op_in): Use asObject.
        (JSC::Machine::cti_op_switch_char): Use asString.
        (JSC::Machine::cti_op_switch_string): Ditto.
        (JSC::Machine::cti_op_put_getter): Use asObject.
        (JSC::Machine::cti_op_put_setter): Ditto.
        (JSC::Machine::cti_vm_throw): Change return value to a JSValue*.
        Use noValue.
        * VM/Machine.h: Change return values of both cti_op_throw and
        cti_vm_throw to JSValue*.

        * VM/Register.h: Remove nullJSValue, which is the same thing
        as noValue(). Also removed unneeded definition of JSValue.

        * kjs/ArgList.h: Removed unneeded definition of JSValue.

        * kjs/Arguments.h:
        (JSC::asArguments): Added.

        * kjs/ArrayPrototype.cpp:
        (JSC::getProperty): Use noValue.
        (JSC::arrayProtoFuncToString): Use asArray.
        (JSC::arrayProtoFuncToLocaleString): Ditto.
        (JSC::arrayProtoFuncConcat): Ditto.
        (JSC::arrayProtoFuncPop): Ditto. Also removed unneeded initialization
        of the result, which is set in both sides of the branch.
        (JSC::arrayProtoFuncPush): Ditto.
        (JSC::arrayProtoFuncShift): Removed unneeded initialization
        of the result, which is set in both sides of the branch.
        (JSC::arrayProtoFuncSort): Use asArray.

        * kjs/BooleanObject.h:
        (JSC::asBooleanObject): Added.

        * kjs/BooleanPrototype.cpp:
        (JSC::booleanProtoFuncToString): Use asBooleanObject.
        (JSC::booleanProtoFuncValueOf): Ditto.

        * kjs/CallData.cpp:
        (JSC::call): Use asObject and asFunction.
        * kjs/ConstructData.cpp:
        (JSC::construct): Ditto.

        * kjs/DateConstructor.cpp:
        (JSC::constructDate): Use asDateInstance.

        * kjs/DateInstance.h:
        (JSC::asDateInstance): Added.

        * kjs/DatePrototype.cpp:
        (JSC::dateProtoFuncToString): Use asDateInstance.
        (JSC::dateProtoFuncToUTCString): Ditto.
        (JSC::dateProtoFuncToDateString): Ditto.
        (JSC::dateProtoFuncToTimeString): Ditto.
        (JSC::dateProtoFuncToLocaleString): Ditto.
        (JSC::dateProtoFuncToLocaleDateString): Ditto.
        (JSC::dateProtoFuncToLocaleTimeString): Ditto.
        (JSC::dateProtoFuncValueOf): Ditto.
        (JSC::dateProtoFuncGetTime): Ditto.
        (JSC::dateProtoFuncGetFullYear): Ditto.
        (JSC::dateProtoFuncGetUTCFullYear): Ditto.
        (JSC::dateProtoFuncToGMTString): Ditto.
        (JSC::dateProtoFuncGetMonth): Ditto.
        (JSC::dateProtoFuncGetUTCMonth): Ditto.
        (JSC::dateProtoFuncGetDate): Ditto.
        (JSC::dateProtoFuncGetUTCDate): Ditto.
        (JSC::dateProtoFuncGetDay): Ditto.
        (JSC::dateProtoFuncGetUTCDay): Ditto.
        (JSC::dateProtoFuncGetHours): Ditto.
        (JSC::dateProtoFuncGetUTCHours): Ditto.
        (JSC::dateProtoFuncGetMinutes): Ditto.
        (JSC::dateProtoFuncGetUTCMinutes): Ditto.
        (JSC::dateProtoFuncGetSeconds): Ditto.
        (JSC::dateProtoFuncGetUTCSeconds): Ditto.
        (JSC::dateProtoFuncGetMilliSeconds): Ditto.
        (JSC::dateProtoFuncGetUTCMilliseconds): Ditto.
        (JSC::dateProtoFuncGetTimezoneOffset): Ditto.
        (JSC::dateProtoFuncSetTime): Ditto.
        (JSC::setNewValueFromTimeArgs): Ditto.
        (JSC::setNewValueFromDateArgs): Ditto.
        (JSC::dateProtoFuncSetYear): Ditto.
        (JSC::dateProtoFuncGetYear): Ditto.

        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::thisObject): Use asObject.
        (JSC::DebuggerCallFrame::evaluate): Use noValue.
        * kjs/DebuggerCallFrame.h: Added a constructor that
        takes only a callFrame.

        * kjs/ExecState.h:
        (JSC::ExecState::clearException): Use noValue.

        * kjs/FunctionPrototype.cpp:
        (JSC::functionProtoFuncToString): Use asFunction.
        (JSC::functionProtoFuncApply): Use asArguments and asArray.

        * kjs/GetterSetter.cpp:
        (JSC::GetterSetter::getPrimitiveNumber): Use noValue.

        * kjs/GetterSetter.h:
        (JSC::asGetterSetter): Added.

        * kjs/InternalFunction.cpp:
        (JSC::InternalFunction::name): Use asString.

        * kjs/InternalFunction.h:
        (JSC::asInternalFunction): Added.

        * kjs/JSActivation.cpp:
        (JSC::JSActivation::argumentsGetter): Use asActivation.

        * kjs/JSActivation.h:
        (JSC::asActivation): Added.

        * kjs/JSArray.cpp:
        (JSC::JSArray::putSlowCase): Use noValue.
        (JSC::JSArray::deleteProperty): Ditto.
        (JSC::JSArray::increaseVectorLength): Ditto.
        (JSC::JSArray::setLength): Ditto.
        (JSC::JSArray::pop): Ditto.
        (JSC::JSArray::sort): Ditto.
        (JSC::JSArray::compactForSorting): Ditto.
        * kjs/JSArray.h:
        (JSC::asArray): Added.

        * kjs/JSCell.cpp:
        (JSC::JSCell::getJSNumber): Use noValue.

        * kjs/JSCell.h:
        (JSC::asCell): Added.
        (JSC::JSValue::asCell): Changed to not preserve const.
        Given the wide use of JSValue* and JSCell*, it's not
        really useful to use const.
        (JSC::JSValue::isNumber): Use asValue.
        (JSC::JSValue::isString): Ditto.
        (JSC::JSValue::isGetterSetter): Ditto.
        (JSC::JSValue::isObject): Ditto.
        (JSC::JSValue::getNumber): Ditto.
        (JSC::JSValue::getString): Ditto.
        (JSC::JSValue::getObject): Ditto.
        (JSC::JSValue::getCallData): Ditto.
        (JSC::JSValue::getConstructData): Ditto.
        (JSC::JSValue::getUInt32): Ditto.
        (JSC::JSValue::getTruncatedInt32): Ditto.
        (JSC::JSValue::getTruncatedUInt32): Ditto.
        (JSC::JSValue::mark): Ditto.
        (JSC::JSValue::marked): Ditto.
        (JSC::JSValue::toPrimitive): Ditto.
        (JSC::JSValue::getPrimitiveNumber): Ditto.
        (JSC::JSValue::toBoolean): Ditto.
        (JSC::JSValue::toNumber): Ditto.
        (JSC::JSValue::toString): Ditto.
        (JSC::JSValue::toObject): Ditto.
        (JSC::JSValue::toThisObject): Ditto.
        (JSC::JSValue::needsThisConversion): Ditto.
        (JSC::JSValue::toThisString): Ditto.
        (JSC::JSValue::getJSNumber): Ditto.

        * kjs/JSFunction.cpp:
        (JSC::JSFunction::argumentsGetter): Use asFunction.
        (JSC::JSFunction::callerGetter): Ditto.
        (JSC::JSFunction::lengthGetter): Ditto.
        (JSC::JSFunction::construct): Use asObject.

        * kjs/JSFunction.h:
        (JSC::asFunction): Added.

        * kjs/JSGlobalObject.cpp:
        (JSC::lastInPrototypeChain): Use asObject.

        * kjs/JSGlobalObject.h:
        (JSC::asGlobalObject): Added.
        (JSC::ScopeChainNode::globalObject): Use asGlobalObject.

        * kjs/JSImmediate.h: Added noValue, asPointer, and makeValue
        functions. Use rawValue, makeValue, and noValue consistently
        instead of doing reinterpret_cast in various functions.

        * kjs/JSNumberCell.h:
        (JSC::asNumberCell): Added.
        (JSC::JSValue::uncheckedGetNumber): Use asValue and asNumberCell.
        (JSC::JSValue::toJSNumber): Use asValue.

        * kjs/JSObject.cpp:
        (JSC::JSObject::put): Use asObject and asGetterSetter.
        (JSC::callDefaultValueFunction): Use noValue.
        (JSC::JSObject::defineGetter): Use asGetterSetter.
        (JSC::JSObject::defineSetter): Ditto.
        (JSC::JSObject::lookupGetter): Ditto. Also use asObject.
        (JSC::JSObject::lookupSetter): Ditto.
        (JSC::JSObject::hasInstance): Use asObject.
        (JSC::JSObject::fillGetterPropertySlot): Use asGetterSetter.

        * kjs/JSObject.h:
        (JSC::JSObject::getDirect): Use noValue.
        (JSC::asObject): Added.
        (JSC::JSValue::isObject): Use asValue.
        (JSC::JSObject::get): Removed unneeded const_cast.
        (JSC::JSObject::getPropertySlot): Use asObject.
        (JSC::JSValue::get): Removed unneeded const_cast.
        Use asValue, asCell, and asObject.
        (JSC::JSValue::put): Ditto.
        (JSC::JSObject::allocatePropertyStorageInline): Fixed spelling
        of "oldPropertStorage".

        * kjs/JSString.cpp:
        (JSC::JSString::getOwnPropertySlot): Use asObject.

        * kjs/JSString.h:
        (JSC::asString): Added.
        (JSC::JSValue::toThisJSString): Use asValue.

        * kjs/JSValue.h: Make PreferredPrimitiveType a top level enum
        instead of a member of JSValue. Added an asValue function that
        returns this. Removed overload of asCell for const. Use asValue
        instead of getting right at this.

        * kjs/ObjectPrototype.cpp:
        (JSC::objectProtoFuncIsPrototypeOf): Use asObject.
        (JSC::objectProtoFuncDefineGetter): Ditto.
        (JSC::objectProtoFuncDefineSetter): Ditto.

        * kjs/PropertySlot.h:
        (JSC::PropertySlot::PropertySlot): Take a const JSValue* so the
        callers don't have to worry about const.
        (JSC::PropertySlot::clearBase): Use noValue.
        (JSC::PropertySlot::clearValue): Ditto.

        * kjs/RegExpConstructor.cpp:
        (JSC::regExpConstructorDollar1): Use asRegExpConstructor.
        (JSC::regExpConstructorDollar2): Ditto.
        (JSC::regExpConstructorDollar3): Ditto.
        (JSC::regExpConstructorDollar4): Ditto.
        (JSC::regExpConstructorDollar5): Ditto.
        (JSC::regExpConstructorDollar6): Ditto.
        (JSC::regExpConstructorDollar7): Ditto.
        (JSC::regExpConstructorDollar8): Ditto.
        (JSC::regExpConstructorDollar9): Ditto.
        (JSC::regExpConstructorInput): Ditto.
        (JSC::regExpConstructorMultiline): Ditto.
        (JSC::regExpConstructorLastMatch): Ditto.
        (JSC::regExpConstructorLastParen): Ditto.
        (JSC::regExpConstructorLeftContext): Ditto.
        (JSC::regExpConstructorRightContext): Ditto.
        (JSC::setRegExpConstructorInput): Ditto.
        (JSC::setRegExpConstructorMultiline): Ditto.
        (JSC::constructRegExp): Use asObject.

        * kjs/RegExpConstructor.h:
        (JSC::asRegExpConstructor): Added.

        * kjs/RegExpObject.cpp:
        (JSC::regExpObjectGlobal): Use asRegExpObject.
        (JSC::regExpObjectIgnoreCase): Ditto.
        (JSC::regExpObjectMultiline): Ditto.
        (JSC::regExpObjectSource): Ditto.
        (JSC::regExpObjectLastIndex): Ditto.
        (JSC::setRegExpObjectLastIndex): Ditto.
        (JSC::callRegExpObject): Ditto.

        * kjs/RegExpObject.h:
        (JSC::asRegExpObject): Added.

        * kjs/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncTest): Use asRegExpObject.
        (JSC::regExpProtoFuncExec): Ditto.
        (JSC::regExpProtoFuncCompile): Ditto.
        (JSC::regExpProtoFuncToString): Ditto.

        * kjs/StringObject.h:
        (JSC::StringObject::internalValue): Use asString.
        (JSC::asStringObject): Added.

        * kjs/StringPrototype.cpp:
        (JSC::stringProtoFuncReplace): Use asRegExpObject.
        (JSC::stringProtoFuncToString): Ue asStringObject.
        (JSC::stringProtoFuncMatch): Use asRegExpObject.
        (JSC::stringProtoFuncSearch): Ditto.
        (JSC::stringProtoFuncSplit): Ditto.

        * kjs/StructureID.cpp:
        (JSC::StructureID::getEnumerablePropertyNames): Use asObject.
        (JSC::StructureID::createCachedPrototypeChain): Ditto.
        (JSC::StructureIDChain::StructureIDChain): Use asCell and asObject.

        * kjs/collector.h:
        (JSC::Heap::isNumber): Removed null handling. This can only be called
        on valid cells.
        (JSC::Heap::cellBlock): Removed overload for const and non-const.
        Whether the JSCell* is const or not really should have no effect on
        whether you can modify the collector block it's in.

        * kjs/interpreter.cpp:
        (JSC::Interpreter::evaluate): Use noValue and noObject.

        * kjs/nodes.cpp:
        (JSC::FunctionCallResolveNode::emitCode): Use JSObject for the global
        object rather than JSValue.
        (JSC::PostfixResolveNode::emitCode): Ditto.
        (JSC::PrefixResolveNode::emitCode): Ditto.
        (JSC::ReadModifyResolveNode::emitCode): Ditto.
        (JSC::AssignResolveNode::emitCode): Ditto.

        * kjs/operations.h:
        (JSC::equalSlowCaseInline): Use asString, asCell, asNumberCell, 
        (JSC::strictEqualSlowCaseInline): Ditto.

2008-10-18  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 21702: Special op_create_activation for the case where there are no named parameters
        <https://bugs.webkit.org/show_bug.cgi?id=21702>

        This is a 2.5% speedup on the V8 Raytrace benchmark and a 1.1% speedup
        on the V8 Earley-Boyer benchmark.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_create_arguments_no_params):
        * VM/Machine.h:
        * kjs/Arguments.h:
        (JSC::Arguments::):
        (JSC::Arguments::Arguments):

2008-10-17  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - in debug builds, alter the stack to avoid blowing out MallocStackLogging
        
        (In essence, while executing a CTI function we alter the return
        address to jscGeneratedNativeCode so that a single consistent
        function is on the stack instead of many random functions without
        symbols.)

        * VM/CTI.h:
        * VM/Machine.cpp:
        (JSC::doSetReturnAddress):
        (JSC::):
        (JSC::StackHack::StackHack):
        (JSC::StackHack::~StackHack):
        (JSC::Machine::cti_op_convert_this):
        (JSC::Machine::cti_op_end):
        (JSC::Machine::cti_op_add):
        (JSC::Machine::cti_op_pre_inc):
        (JSC::Machine::cti_timeout_check):
        (JSC::Machine::cti_register_file_check):
        (JSC::Machine::cti_op_loop_if_less):
        (JSC::Machine::cti_op_loop_if_lesseq):
        (JSC::Machine::cti_op_new_object):
        (JSC::Machine::cti_op_put_by_id):
        (JSC::Machine::cti_op_put_by_id_second):
        (JSC::Machine::cti_op_put_by_id_generic):
        (JSC::Machine::cti_op_put_by_id_fail):
        (JSC::Machine::cti_op_get_by_id):
        (JSC::Machine::cti_op_get_by_id_second):
        (JSC::Machine::cti_op_get_by_id_generic):
        (JSC::Machine::cti_op_get_by_id_fail):
        (JSC::Machine::cti_op_instanceof):
        (JSC::Machine::cti_op_del_by_id):
        (JSC::Machine::cti_op_mul):
        (JSC::Machine::cti_op_new_func):
        (JSC::Machine::cti_op_call_profiler):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_vm_lazyLinkCall):
        (JSC::Machine::cti_vm_compile):
        (JSC::Machine::cti_op_push_activation):
        (JSC::Machine::cti_op_call_NotJSFunction):
        (JSC::Machine::cti_op_create_arguments):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_tear_off_arguments):
        (JSC::Machine::cti_op_ret_profiler):
        (JSC::Machine::cti_op_ret_scopeChain):
        (JSC::Machine::cti_op_new_array):
        (JSC::Machine::cti_op_resolve):
        (JSC::Machine::cti_op_construct_JSConstructFast):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        (JSC::Machine::cti_op_get_by_val):
        (JSC::Machine::cti_op_resolve_func):
        (JSC::Machine::cti_op_sub):
        (JSC::Machine::cti_op_put_by_val):
        (JSC::Machine::cti_op_put_by_val_array):
        (JSC::Machine::cti_op_lesseq):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_negate):
        (JSC::Machine::cti_op_resolve_base):
        (JSC::Machine::cti_op_resolve_skip):
        (JSC::Machine::cti_op_resolve_global):
        (JSC::Machine::cti_op_div):
        (JSC::Machine::cti_op_pre_dec):
        (JSC::Machine::cti_op_jless):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        (JSC::Machine::cti_op_post_inc):
        (JSC::Machine::cti_op_eq):
        (JSC::Machine::cti_op_lshift):
        (JSC::Machine::cti_op_bitand):
        (JSC::Machine::cti_op_rshift):
        (JSC::Machine::cti_op_bitnot):
        (JSC::Machine::cti_op_resolve_with_base):
        (JSC::Machine::cti_op_new_func_exp):
        (JSC::Machine::cti_op_mod):
        (JSC::Machine::cti_op_less):
        (JSC::Machine::cti_op_neq):
        (JSC::Machine::cti_op_post_dec):
        (JSC::Machine::cti_op_urshift):
        (JSC::Machine::cti_op_bitxor):
        (JSC::Machine::cti_op_new_regexp):
        (JSC::Machine::cti_op_bitor):
        (JSC::Machine::cti_op_call_eval):
        (JSC::Machine::cti_op_throw):
        (JSC::Machine::cti_op_get_pnames):
        (JSC::Machine::cti_op_next_pname):
        (JSC::Machine::cti_op_push_scope):
        (JSC::Machine::cti_op_pop_scope):
        (JSC::Machine::cti_op_typeof):
        (JSC::Machine::cti_op_is_undefined):
        (JSC::Machine::cti_op_is_boolean):
        (JSC::Machine::cti_op_is_number):
        (JSC::Machine::cti_op_is_string):
        (JSC::Machine::cti_op_is_object):
        (JSC::Machine::cti_op_is_function):
        (JSC::Machine::cti_op_stricteq):
        (JSC::Machine::cti_op_nstricteq):
        (JSC::Machine::cti_op_to_jsnumber):
        (JSC::Machine::cti_op_in):
        (JSC::Machine::cti_op_push_new_scope):
        (JSC::Machine::cti_op_jmp_scopes):
        (JSC::Machine::cti_op_put_by_index):
        (JSC::Machine::cti_op_switch_imm):
        (JSC::Machine::cti_op_switch_char):
        (JSC::Machine::cti_op_switch_string):
        (JSC::Machine::cti_op_del_by_val):
        (JSC::Machine::cti_op_put_getter):
        (JSC::Machine::cti_op_put_setter):
        (JSC::Machine::cti_op_new_error):
        (JSC::Machine::cti_op_debug):
        (JSC::Machine::cti_vm_throw):

2008-10-17  Gavin Barraclough  <barraclough@apple.com>

        Optimize op_call by allowing call sites to be directly linked to callees.

        For the hot path of op_call, CTI now generates a check (initially for an impossible
        value), and the first time the call is executed we attempt to link the call directly
        to the callee.  We can currently only do so if the arity of the caller and callee
        match.  The (optimized) setup for the call on the hot path is linked directly to
        the ctiCode for the callee, without indirection.
        
        Two forms of the slow case of the call are generated, the first will be executed the
        first time the call is reached.  As well as this path attempting to link the call to
        a callee, it also relinks the slow case to a second slow case, which will not continue
        to attempt relinking the call.  (This policy could be changed in future, but for not
        this is intended to prevent thrashing).

        If a callee that the caller has been linked to is garbage collected, then the link
        in the caller's JIt code will be reset back to a value that cannot match - to prevent
        any false positive matches.

        ~20% progression on deltablue & richards, >12% overall reduction in v8-tests
        runtime, one or two percent progression on sunspider.

        Reviewed by Oliver Hunt.

        * VM/CTI.cpp:
        (JSC::):
        (JSC::CTI::emitNakedCall):
        (JSC::unreachable):
        (JSC::CTI::compileOpCallInitializeCallFrame):
        (JSC::CTI::compileOpCallSetupArgs):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        (JSC::CTI::unlinkCall):
        (JSC::CTI::linkCall):
        * VM/CTI.h:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::~CodeBlock):
        (JSC::CodeBlock::unlinkCallers):
        (JSC::CodeBlock::derefStructureIDs):
        * VM/CodeBlock.h:
        (JSC::StructureStubInfo::StructureStubInfo):
        (JSC::CallLinkInfo::CallLinkInfo):
        (JSC::CodeBlock::addCaller):
        (JSC::CodeBlock::removeCaller):
        (JSC::CodeBlock::getStubInfo):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitCall):
        (JSC::CodeGenerator::emitConstruct):
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_call_profiler):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_vm_lazyLinkCall):
        (JSC::Machine::cti_op_construct_JSConstructFast):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        * VM/Machine.h:
        * kjs/JSFunction.cpp:
        (JSC::JSFunction::~JSFunction):
        * kjs/JSFunction.h:
        * kjs/nodes.h:
        (JSC::FunctionBodyNode::):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::getDifferenceBetweenLabels):

2008-10-17  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff Garen.
        
        - remove ASSERT that makes the leaks buildbot cry

        * kjs/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):

2008-10-17  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich
        
        - don't bother to do arguments tearoff when it will have no effect

        ~1% on v8 raytrace
        
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitReturn):

2008-10-17  Marco Barisione  <marco.barisione@collabora.co.uk>

        Reviewed by Sam Weinig. Landed by Jan Alonzo.

        https://bugs.webkit.org/show_bug.cgi?id=21603
        [GTK] Minor fixes to GOwnPtr

        * wtf/GOwnPtr.cpp:
        (WTF::GError):
        (WTF::GList):
        (WTF::GCond):
        (WTF::GMutex):
        (WTF::GPatternSpec):
        (WTF::GDir):
        * wtf/GOwnPtr.h:
        (WTF::freeOwnedGPtr):
        (WTF::GOwnPtr::~GOwnPtr):
        (WTF::GOwnPtr::outPtr):
        (WTF::GOwnPtr::set):
        (WTF::GOwnPtr::clear):
        * wtf/Threading.h:

2008-10-17  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - speed up transitions that resize the property storage a fair bit
        
        ~3% speedup on v8 RayTrace benchmark, ~1% on DeltaBlue

        * VM/CTI.cpp:
        (JSC::resizePropertyStorage): renamed from transitionObject, and reduced to just resize
        the object's property storage with one inline call.
        (JSC::CTI::privateCompilePutByIdTransition): Use a separate function for property storage
        resize, but still do all the rest of the work in assembly in that case, and pass the known
        compile-time constants of old and new size rather than structureIDs, saving a bunch of
        redundant memory access.
        * kjs/JSObject.cpp:
        (JSC::JSObject::allocatePropertyStorage): Just call the inline version.
        * kjs/JSObject.h:
        (JSC::JSObject::allocatePropertyStorageInline): Inline version of allocatePropertyStorage
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::pushl_i32): Add code to assmeble push of a constant; code originally by Cameron Zwarich.

2008-10-17  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Remove some C style casts.

        * masm/X86Assembler.h:
        (JSC::JITCodeBuffer::putIntUnchecked):
        (JSC::X86Assembler::link):
        (JSC::X86Assembler::linkAbsoluteAddress):
        (JSC::X86Assembler::getRelocatedAddress):

2008-10-17  Cameron Zwarich  <zwarich@apple.com>

        Rubber-stamped by Maciej Stachowiak.

        Remove some C style casts.

        * VM/CTI.cpp:
        (JSC::CTI::patchGetByIdSelf):
        (JSC::CTI::patchPutByIdReplace):
        * VM/Machine.cpp:
        (JSC::Machine::tryCTICachePutByID):
        (JSC::Machine::tryCTICacheGetByID):
        (JSC::Machine::cti_op_put_by_id):
        (JSC::Machine::cti_op_put_by_id_fail):
        (JSC::Machine::cti_op_get_by_id):
        (JSC::Machine::cti_op_get_by_id_fail):

2008-10-17  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - Avoid restoring the caller's 'r' value in op_ret
        https://bugs.webkit.org/show_bug.cgi?id=21319

        This patch stops writing the call frame at call and return points;
        instead it does so immediately before any CTI call.
        
        0.5% speedup or so on the v8 benchmark
               
        * VM/CTI.cpp:
        (JSC::CTI::emitCTICall):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::emitSlowScriptCheck):
        (JSC::CTI::compileBinaryArithOpSlowCase):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        * VM/CTI.h:

2008-10-17  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Sam Weinig.

        Make WREC require CTI because it won't actually compile otherwise.

        * wtf/Platform.h:

2008-10-16  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff Garen.

        - fixed <rdar://problem/5806316> JavaScriptCore should not force building with gcc 4.0
        - use gcc 4.2 when building with Xcode 3.1 or newer on Leopard, even though this is not the default

        This time there is no performance regression; we can avoid having
        to use the fastcall calling convention for CTI functions by using
        varargs to prevent the compiler from moving things around on the
        stack.
        
        * Configurations/DebugRelease.xcconfig:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * VM/CTI.cpp:
        * VM/Machine.h:
        * wtf/Platform.h:

2008-10-16  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.

        - fix for REGRESSION: r37631 causing crashes on buildbot
        https://bugs.webkit.org/show_bug.cgi?id=21682
        
        * kjs/collector.cpp:
        (JSC::Heap::collect): Avoid crashing when a GC occurs while no global objects are live.

2008-10-16  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21683
        Don't create intermediate StructureIDs for builtin objects

        First step in reduce number of StructureIDs created when initializing the
        JSGlobalObject.

        - In order to avoid creating the intermediate StructureIDs use the new putDirectWithoutTransition
          and putDirectFunctionWithoutTransition to add properties to JSObjects without transitioning
          the StructureID.  This patch just implements this strategy for ObjectPrototype but alone
          reduces the number of StructureIDs create for about:blank by 10, from 142 to 132.

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * kjs/JSObject.cpp:
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        * kjs/JSObject.h:
        (JSC::JSObject::putDirectWithoutTransition):
        * kjs/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::ObjectPrototype):
        * kjs/ObjectPrototype.h:
        * kjs/StructureID.cpp:
        (JSC::StructureID::addPropertyWithoutTransition):
        * kjs/StructureID.h:

2008-10-16  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - fix for: REGRESSION: over 100 StructureIDs leak loading about:blank (result of fix for bug 21633)
        
        Apparent slight progression (< 0.5%) on v8 benchmarks and SunSpider.

        * kjs/StructureID.cpp:
        (JSC::StructureID::~StructureID): Don't deref this object's parent's pointer to
        itself from the destructor; that doesn't even make sense.
        (JSC::StructureID::addPropertyTransition): Don't refer the single transition;
        the rule is that parent StructureIDs are ref'd but child ones are not. Refing
        the child creates a cycle.

2008-10-15  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=21609
        Make MessagePorts protect their peers across heaps

        * JavaScriptCore.exp:
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::markCrossHeapDependentObjects):
        * kjs/JSGlobalObject.h:
        * kjs/collector.cpp:
        (JSC::Heap::collect):
        Before GC sweep phase, a function supplied by global object is now called for all global
        objects in the heap, making it possible to implement cross-heap dependencies.

2008-10-15  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=21610
        run-webkit-threads --threaded crashes in StructureID destructor

        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::~StructureID):
        Protect access to a static (debug-only) HashSet with a lock.

2008-10-15  Sam Weinig  <sam@webkit.org>

        Reviewed by Goeffrey Garen.

        Add function to dump statistics for StructureIDs.

        * kjs/StructureID.cpp:
        (JSC::StructureID::dumpStatistics):
        (JSC::StructureID::StructureID):
        (JSC::StructureID::~StructureID):
        * kjs/StructureID.h:

2008-10-15  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21633: Avoid using a HashMap when there is only a single transition
        <https://bugs.webkit.org/show_bug.cgi?id=21633>

        This is a 0.8% speedup on SunSpider and between a 0.5% and 1.0% speedup
        on the V8 benchmark suite, depending on which harness we use. It will
        also slightly reduce the memory footprint of a StructureID.

        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::~StructureID):
        (JSC::StructureID::addPropertyTransition):
        * kjs/StructureID.h:
        (JSC::StructureID::):

2008-10-15  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>

        Reviewed by Geoffrey Garen.

        1.40% speedup on SunSpider, 1.44% speedup on V8. (Linux)
        
        No change on Mac.

        * VM/Machine.cpp:
        (JSC::fastIsNumber): ALWAYS_INLINE modifier added.

2008-10-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.

        Fixed https://bugs.webkit.org/show_bug.cgi?id=21345
        Start the debugger without reloading the inspected page

        * JavaScriptCore.exp: New symbols.
        * JavaScriptCore.xcodeproj/project.pbxproj: New files.

        * VM/CodeBlock.h:
        (JSC::EvalCodeCache::get): Updated for tweak to parsing API.

        * kjs/CollectorHeapIterator.h: Added. An iterator for the object heap,
        which we use to find all the live functions and recompile them.

        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate): Updated for tweak to parsing API.

        * kjs/FunctionConstructor.cpp:
        (JSC::constructFunction): Updated for tweak to parsing API.

        * kjs/JSFunction.cpp:
        (JSC::JSFunction::JSFunction): Try to validate our SourceCode in debug
        builds by ASSERTing that it's syntactically valid. This doesn't catch
        all SourceCode bugs, but it catches a lot of them.

        * kjs/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval): Updated for tweak to parsing API.

        * kjs/Parser.cpp:
        (JSC::Parser::parse):
        * kjs/Parser.h:
        (JSC::Parser::parse): Tweaked the parser to make it possible to parse
        without an ExecState, and to allow the client to specify a debugger to
        notify (or not) about the source we parse. This allows the inspector
        to recompile even though no JavaScript is executing, then notify the
        debugger about all source code when it's done.

        * kjs/Shell.cpp:
        (prettyPrintScript): Updated for tweak to parsing API.

        * kjs/SourceRange.h:
        (JSC::SourceCode::isNull): Added to help with ASSERTs.

        * kjs/collector.cpp:
        (JSC::Heap::heapAllocate):
        (JSC::Heap::sweep):
        (JSC::Heap::primaryHeapBegin):
        (JSC::Heap::primaryHeapEnd):
        * kjs/collector.h:
        (JSC::): Moved a bunch of declarations around to enable compilation of
        CollectorHeapIterator.

        * kjs/interpreter.cpp:
        (JSC::Interpreter::checkSyntax):
        (JSC::Interpreter::evaluate): Updated for tweak to parsing API.

        * kjs/lexer.h:
        (JSC::Lexer::sourceCode): BUG FIX: Calculate SourceCode ranges relative
        to the SourceCode range in which we're lexing, otherwise nested functions
        that are compiled individually get SourceCode ranges that don't reflect
        their nesting.

        * kjs/nodes.cpp:
        (JSC::FunctionBodyNode::FunctionBodyNode):
        (JSC::FunctionBodyNode::finishParsing):
        (JSC::FunctionBodyNode::create):
        (JSC::FunctionBodyNode::copyParameters):
        * kjs/nodes.h:
        (JSC::ScopeNode::setSource):
        (JSC::FunctionBodyNode::parameterCount): Added some helper functions for
        copying one FunctionBodyNode's parameters to another. The recompiler uses
        these when calling "finishParsing".

2008-10-15  Joerg Bornemann  <joerg.bornemann@trolltech.com>

        Reviewed by Darin Adler.

        - part of https://bugs.webkit.org/show_bug.cgi?id=20746
          Fix compilation on Windows CE.

        str(n)icmp, strdup and vsnprintf are not available on Windows CE,
        they are called _str(n)icmp, etc. instead

        * wtf/StringExtras.h: Added inline function implementations.

2008-10-15  Gabor Loki  <loki@inf.u-szeged.hu>

        Reviewed by Cameron Zwarich.

        <https://bugs.webkit.org/show_bug.cgi?id=20912>
        Use simple uint32_t multiplication on op_mul if both operands are
        immediate number and they are between zero and 0x7FFF.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):

2008-10-09  Darin Fisher  <darin@chromium.org>

        Reviewed by Sam Weinig.

        Make pan scrolling a platform configurable option.
        https://bugs.webkit.org/show_bug.cgi?id=21515

        * wtf/Platform.h: Add ENABLE_PAN_SCROLLING

2008-10-14  Maciej Stachowiak  <mjs@apple.com>

        Rubber stamped by Sam Weinig.
        
        - revert r37572 and r37581 for now
        
        Turns out GCC 4.2 is still a (small) regression, we'll have to do
        more work to turn it on.

        * Configurations/DebugRelease.xcconfig:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * VM/CTI.cpp:
        * VM/CTI.h:
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_convert_this):
        (JSC::Machine::cti_op_end):
        (JSC::Machine::cti_op_add):
        (JSC::Machine::cti_op_pre_inc):
        (JSC::Machine::cti_timeout_check):
        (JSC::Machine::cti_register_file_check):
        (JSC::Machine::cti_op_loop_if_less):
        (JSC::Machine::cti_op_loop_if_lesseq):
        (JSC::Machine::cti_op_new_object):
        (JSC::Machine::cti_op_put_by_id):
        (JSC::Machine::cti_op_put_by_id_second):
        (JSC::Machine::cti_op_put_by_id_generic):
        (JSC::Machine::cti_op_put_by_id_fail):
        (JSC::Machine::cti_op_get_by_id):
        (JSC::Machine::cti_op_get_by_id_second):
        (JSC::Machine::cti_op_get_by_id_generic):
        (JSC::Machine::cti_op_get_by_id_fail):
        (JSC::Machine::cti_op_instanceof):
        (JSC::Machine::cti_op_del_by_id):
        (JSC::Machine::cti_op_mul):
        (JSC::Machine::cti_op_new_func):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_vm_compile):
        (JSC::Machine::cti_op_push_activation):
        (JSC::Machine::cti_op_call_NotJSFunction):
        (JSC::Machine::cti_op_create_arguments):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_tear_off_arguments):
        (JSC::Machine::cti_op_ret_profiler):
        (JSC::Machine::cti_op_ret_scopeChain):
        (JSC::Machine::cti_op_new_array):
        (JSC::Machine::cti_op_resolve):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        (JSC::Machine::cti_op_get_by_val):
        (JSC::Machine::cti_op_resolve_func):
        (JSC::Machine::cti_op_sub):
        (JSC::Machine::cti_op_put_by_val):
        (JSC::Machine::cti_op_put_by_val_array):
        (JSC::Machine::cti_op_lesseq):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_negate):
        (JSC::Machine::cti_op_resolve_base):
        (JSC::Machine::cti_op_resolve_skip):
        (JSC::Machine::cti_op_resolve_global):
        (JSC::Machine::cti_op_div):
        (JSC::Machine::cti_op_pre_dec):
        (JSC::Machine::cti_op_jless):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        (JSC::Machine::cti_op_post_inc):
        (JSC::Machine::cti_op_eq):
        (JSC::Machine::cti_op_lshift):
        (JSC::Machine::cti_op_bitand):
        (JSC::Machine::cti_op_rshift):
        (JSC::Machine::cti_op_bitnot):
        (JSC::Machine::cti_op_resolve_with_base):
        (JSC::Machine::cti_op_new_func_exp):
        (JSC::Machine::cti_op_mod):
        (JSC::Machine::cti_op_less):
        (JSC::Machine::cti_op_neq):
        (JSC::Machine::cti_op_post_dec):
        (JSC::Machine::cti_op_urshift):
        (JSC::Machine::cti_op_bitxor):
        (JSC::Machine::cti_op_new_regexp):
        (JSC::Machine::cti_op_bitor):
        (JSC::Machine::cti_op_call_eval):
        (JSC::Machine::cti_op_throw):
        (JSC::Machine::cti_op_get_pnames):
        (JSC::Machine::cti_op_next_pname):
        (JSC::Machine::cti_op_push_scope):
        (JSC::Machine::cti_op_pop_scope):
        (JSC::Machine::cti_op_typeof):
        (JSC::Machine::cti_op_is_undefined):
        (JSC::Machine::cti_op_is_boolean):
        (JSC::Machine::cti_op_is_number):
        (JSC::Machine::cti_op_is_string):
        (JSC::Machine::cti_op_is_object):
        (JSC::Machine::cti_op_is_function):
        (JSC::Machine::cti_op_stricteq):
        (JSC::Machine::cti_op_nstricteq):
        (JSC::Machine::cti_op_to_jsnumber):
        (JSC::Machine::cti_op_in):
        (JSC::Machine::cti_op_push_new_scope):
        (JSC::Machine::cti_op_jmp_scopes):
        (JSC::Machine::cti_op_put_by_index):
        (JSC::Machine::cti_op_switch_imm):
        (JSC::Machine::cti_op_switch_char):
        (JSC::Machine::cti_op_switch_string):
        (JSC::Machine::cti_op_del_by_val):
        (JSC::Machine::cti_op_put_getter):
        (JSC::Machine::cti_op_put_setter):
        (JSC::Machine::cti_op_new_error):
        (JSC::Machine::cti_op_debug):
        (JSC::Machine::cti_vm_throw):
        * VM/Machine.h:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::emitRestoreArgumentReference):
        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
        * wtf/Platform.h:

2008-10-14  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=20256
        Array.push and other standard methods disappear

        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::~JSGlobalData):
        Don't use static hash tables even on platforms that don't enable JSC_MULTIPLE_THREADS -
        these tables reference IdentifierTable, which is always per-GlobalData.

2008-10-14  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - always use CTI_ARGUMENTS and CTI_ARGUMENTS_FASTCALL
        
        This is a small regression for GCC 4.0, but simplifies the code
        for future improvements and lets us focus on GCC 4.2+ and MSVC.

        * VM/CTI.cpp:
        * VM/CTI.h:
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_convert_this):
        (JSC::Machine::cti_op_end):
        (JSC::Machine::cti_op_add):
        (JSC::Machine::cti_op_pre_inc):
        (JSC::Machine::cti_timeout_check):
        (JSC::Machine::cti_register_file_check):
        (JSC::Machine::cti_op_loop_if_less):
        (JSC::Machine::cti_op_loop_if_lesseq):
        (JSC::Machine::cti_op_new_object):
        (JSC::Machine::cti_op_put_by_id):
        (JSC::Machine::cti_op_put_by_id_second):
        (JSC::Machine::cti_op_put_by_id_generic):
        (JSC::Machine::cti_op_put_by_id_fail):
        (JSC::Machine::cti_op_get_by_id):
        (JSC::Machine::cti_op_get_by_id_second):
        (JSC::Machine::cti_op_get_by_id_generic):
        (JSC::Machine::cti_op_get_by_id_fail):
        (JSC::Machine::cti_op_instanceof):
        (JSC::Machine::cti_op_del_by_id):
        (JSC::Machine::cti_op_mul):
        (JSC::Machine::cti_op_new_func):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_vm_compile):
        (JSC::Machine::cti_op_push_activation):
        (JSC::Machine::cti_op_call_NotJSFunction):
        (JSC::Machine::cti_op_create_arguments):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_tear_off_arguments):
        (JSC::Machine::cti_op_ret_profiler):
        (JSC::Machine::cti_op_ret_scopeChain):
        (JSC::Machine::cti_op_new_array):
        (JSC::Machine::cti_op_resolve):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        (JSC::Machine::cti_op_get_by_val):
        (JSC::Machine::cti_op_resolve_func):
        (JSC::Machine::cti_op_sub):
        (JSC::Machine::cti_op_put_by_val):
        (JSC::Machine::cti_op_put_by_val_array):
        (JSC::Machine::cti_op_lesseq):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_negate):
        (JSC::Machine::cti_op_resolve_base):
        (JSC::Machine::cti_op_resolve_skip):
        (JSC::Machine::cti_op_resolve_global):
        (JSC::Machine::cti_op_div):
        (JSC::Machine::cti_op_pre_dec):
        (JSC::Machine::cti_op_jless):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        (JSC::Machine::cti_op_post_inc):
        (JSC::Machine::cti_op_eq):
        (JSC::Machine::cti_op_lshift):
        (JSC::Machine::cti_op_bitand):
        (JSC::Machine::cti_op_rshift):
        (JSC::Machine::cti_op_bitnot):
        (JSC::Machine::cti_op_resolve_with_base):
        (JSC::Machine::cti_op_new_func_exp):
        (JSC::Machine::cti_op_mod):
        (JSC::Machine::cti_op_less):
        (JSC::Machine::cti_op_neq):
        (JSC::Machine::cti_op_post_dec):
        (JSC::Machine::cti_op_urshift):
        (JSC::Machine::cti_op_bitxor):
        (JSC::Machine::cti_op_new_regexp):
        (JSC::Machine::cti_op_bitor):
        (JSC::Machine::cti_op_call_eval):
        (JSC::Machine::cti_op_throw):
        (JSC::Machine::cti_op_get_pnames):
        (JSC::Machine::cti_op_next_pname):
        (JSC::Machine::cti_op_push_scope):
        (JSC::Machine::cti_op_pop_scope):
        (JSC::Machine::cti_op_typeof):
        (JSC::Machine::cti_op_is_undefined):
        (JSC::Machine::cti_op_is_boolean):
        (JSC::Machine::cti_op_is_number):
        (JSC::Machine::cti_op_is_string):
        (JSC::Machine::cti_op_is_object):
        (JSC::Machine::cti_op_is_function):
        (JSC::Machine::cti_op_stricteq):
        (JSC::Machine::cti_op_nstricteq):
        (JSC::Machine::cti_op_to_jsnumber):
        (JSC::Machine::cti_op_in):
        (JSC::Machine::cti_op_push_new_scope):
        (JSC::Machine::cti_op_jmp_scopes):
        (JSC::Machine::cti_op_put_by_index):
        (JSC::Machine::cti_op_switch_imm):
        (JSC::Machine::cti_op_switch_char):
        (JSC::Machine::cti_op_switch_string):
        (JSC::Machine::cti_op_del_by_val):
        (JSC::Machine::cti_op_put_getter):
        (JSC::Machine::cti_op_put_setter):
        (JSC::Machine::cti_op_new_error):
        (JSC::Machine::cti_op_debug):
        (JSC::Machine::cti_vm_throw):
        * VM/Machine.h:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::emitRestoreArgumentReference):
        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
        * wtf/Platform.h:

2008-10-13  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - make Machine::getArgumentsData an Arguments method and inline it
        
        ~2% on v8 raytrace

        * VM/Machine.cpp:
        * kjs/Arguments.h:
        (JSC::Machine::getArgumentsData):

2008-10-13  Alp Toker  <alp@nuanti.com>

        Fix autotools dist build target by listing recently added header
        files only. Not reviewed.

        * GNUmakefile.am:

2008-10-13  Maciej Stachowiak  <mjs@apple.com>

        Rubber stamped by Mark Rowe.
        
        - fixed <rdar://problem/5806316> JavaScriptCore should not force building with gcc 4.0
        - use gcc 4.2 when building with Xcode 3.1 or newer on Leopard, even though this is not the default

        * Configurations/DebugRelease.xcconfig:
        * JavaScriptCore.xcodeproj/project.pbxproj:

2008-10-13  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Geoff Garen.

        Bug 21541: Move RegisterFile growth check to callee
        <https://bugs.webkit.org/show_bug.cgi?id=21541>

        Move the RegisterFile growth check to the callee in the common case,
        where some of the information is known statically at JIT time. There is
        still a check in the caller in the case where the caller provides too
        few arguments.

        This is a 2.1% speedup on the V8 benchmark, including a 5.1% speedup on
        the Richards benchmark, a 4.1% speedup on the DeltaBlue benchmark, and a
        1.4% speedup on the Earley-Boyer benchmark. It is also a 0.5% speedup on
        SunSpider.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompile):
        * VM/Machine.cpp:
        (JSC::Machine::cti_register_file_check):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_construct_JSConstruct):
        * VM/Machine.h:
        * VM/RegisterFile.h:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::cmpl_mr):
        (JSC::X86Assembler::emitUnlinkedJg):

2008-10-13  Sam Weinig  <sam@webkit.org>

        Reviewed by Dan Bernstein.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21577
        5 false positive StructureID leaks

        - Add leak ignore set to StructureID to selectively ignore leaking some StructureIDs.
        - Add create method to JSGlolalData to be used when the data will be intentionally
          leaked and ignore all leaks caused the StructureIDs stored in it.

        * JavaScriptCore.exp:
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::createLeaked):
        * kjs/JSGlobalData.h:
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::~StructureID):
        (JSC::StructureID::startIgnoringLeaks):
        (JSC::StructureID::stopIgnoringLeaks):
        * kjs/StructureID.h:

2008-10-13  Marco Barisione  <marco.barisione@collabora.co.uk>

        Reviewed by Darin Adler. Landed by Jan Alonzo.

        WebKit GTK Port needs a smartpointer to handle g_free (GFreePtr?)
        http://bugs.webkit.org/show_bug.cgi?id=20483

        Add a GOwnPtr smart pointer (similar to OwnPtr) to handle memory
        allocated by GLib and start the conversion to use it.

        * GNUmakefile.am:
        * wtf/GOwnPtr.cpp: Added.
        (WTF::GError):
        (WTF::GList):
        (WTF::GCond):
        (WTF::GMutex):
        (WTF::GPatternSpec):
        (WTF::GDir):
        * wtf/GOwnPtr.h: Added.
        (WTF::freeOwnedPtr):
        (WTF::GOwnPtr::GOwnPtr):
        (WTF::GOwnPtr::~GOwnPtr):
        (WTF::GOwnPtr::get):
        (WTF::GOwnPtr::release):
        (WTF::GOwnPtr::rawPtr):
        (WTF::GOwnPtr::set):
        (WTF::GOwnPtr::clear):
        (WTF::GOwnPtr::operator*):
        (WTF::GOwnPtr::operator->):
        (WTF::GOwnPtr::operator!):
        (WTF::GOwnPtr::operator UnspecifiedBoolType):
        (WTF::GOwnPtr::swap):
        (WTF::swap):
        (WTF::operator==):
        (WTF::operator!=):
        (WTF::getPtr):
        * wtf/Threading.h:
        * wtf/ThreadingGtk.cpp:
        (WTF::Mutex::~Mutex):
        (WTF::Mutex::lock):
        (WTF::Mutex::tryLock):
        (WTF::Mutex::unlock):
        (WTF::ThreadCondition::~ThreadCondition):
        (WTF::ThreadCondition::wait):
        (WTF::ThreadCondition::timedWait):
        (WTF::ThreadCondition::signal):
        (WTF::ThreadCondition::broadcast):

2008-10-12  Gabriella Toth  <gtoth@inf.u-szeged.hu>

        Reviewed by Darin Adler.

        - part of https://bugs.webkit.org/show_bug.cgi?id=21055
          Bug 21055: not invoked functions

        * kjs/nodes.cpp: Deleted a function that is not invoked:
        statementListInitializeVariableAccessStack.

2008-10-12  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        * wtf/unicode/icu/UnicodeIcu.h: Fixed indentation to match WebKit coding style.
        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.

2008-10-12  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=21556
          Bug 21556: non-ASCII digits are allowed in places where only ASCII should be

        * wtf/unicode/icu/UnicodeIcu.h: Removed isDigit, digitValue, and isFormatChar.
        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.

2008-10-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin Adler.

        Make the append method that takes a Vector more strict - it now requires the elements 
        of the vector to be appended same type as the elements of the Vector they're being appended to.
        
        This would cause problems when dealing with Vectors containing other Vectors.
        
        * wtf/Vector.h:
        (WTF::::append):

2008-10-11  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Sam Weinig.

        Clean up RegExpMatchesArray.h to match our coding style.

        * kjs/RegExpMatchesArray.h:
        (JSC::RegExpMatchesArray::getOwnPropertySlot):
        (JSC::RegExpMatchesArray::put):
        (JSC::RegExpMatchesArray::deleteProperty):
        (JSC::RegExpMatchesArray::getPropertyNames):

2008-10-11  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Sam Weinig.

        Bug 21525: 55 StructureID leaks on Wikitravel's main page
        <https://bugs.webkit.org/show_bug.cgi?id=21525>

        Bug 21533: Simple JavaScript code leaks StructureIDs
        <https://bugs.webkit.org/show_bug.cgi?id=21533>

        StructureID::getEnumerablePropertyNames() ends up calling back to itself
        via JSObject::getPropertyNames(), which causes the PropertyNameArray to
        be cached twice. This leads to a memory leak in almost every use of
        JSObject::getPropertyNames() on an object. The fix here is based on a
        suggestion of Sam Weinig.

        This patch also fixes every StructureID leaks that occurs while running
        the Mozilla MemBuster test.

        * kjs/PropertyNameArray.h:
        (JSC::PropertyNameArray::PropertyNameArray):
        (JSC::PropertyNameArray::setCacheable):
        (JSC::PropertyNameArray::cacheable):
        * kjs/StructureID.cpp:
        (JSC::StructureID::getEnumerablePropertyNames):

2008-10-10  Oliver Hunt  <oliver@apple.com>

        Reviewed by Cameron Zwarich.

        Use fastcall calling convention on GCC > 4.0

        Results in a 2-3% improvement in GCC 4.2 performance, so
        that it is no longer a regression vs. GCC 4.0

        * VM/CTI.cpp:
        * VM/Machine.h:
        * wtf/Platform.h:

2008-10-10  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        - Add a workaround for a bug in ceil in Darwin libc.
        - Remove old workarounds for JS math functions that are not needed
          anymore.

        The math functions are heavily tested by fast/js/math.html.

        * kjs/MathObject.cpp:
        (JSC::mathProtoFuncAbs): Remove workaround.
        (JSC::mathProtoFuncCeil): Ditto.
        (JSC::mathProtoFuncFloor): Ditto.
        * wtf/MathExtras.h:
        (wtf_ceil): Add ceil workaround for darwin.

2008-10-10  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler

        Add Assertions to JSObject constructor.

        * kjs/JSObject.h:
        (JSC::JSObject::JSObject):

2008-10-10  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Remove now unused m_getterSetterFlag variable from PropertyMap.

        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::operator=):
        * kjs/PropertyMap.h:
        (JSC::PropertyMap::PropertyMap):

2008-10-09  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Add leaks checking to StructureID.

        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::~StructureID):

2008-10-09  Alp Toker  <alp@nuanti.com>

        Reviewed by Mark Rowe.

        https://bugs.webkit.org/show_bug.cgi?id=20760
        Implement support for x86 Linux in CTI

        Prepare to enable CTI/WREC on supported architectures.

        Make it possible to use the CTI_ARGUMENT workaround with GCC as well
        as MSVC by fixing some preprocessor conditionals.

        Note that CTI/WREC no longer requires CTI_ARGUMENT on Linux so we
        don't actually enable it except when building with MSVC. GCC on Win32
        remains untested.

        Adapt inline ASM code to use the global symbol underscore prefix only
        on Darwin and to call the properly mangled Machine::cti_vm_throw
        symbol name depending on CTI_ARGUMENT.

        Also avoid global inclusion of the JIT infrastructure headers
        throughout WebCore and WebKit causing recompilation of about ~1500
        source files after modification to X86Assembler.h, CTI.h, WREC.h,
        which are only used deep inside JavaScriptCore.

        * GNUmakefile.am:
        * VM/CTI.cpp:
        * VM/CTI.h:
        * VM/Machine.cpp:
        * VM/Machine.h:
        * kjs/regexp.cpp:
        (JSC::RegExp::RegExp):
        (JSC::RegExp::~RegExp):
        (JSC::RegExp::match):
        * kjs/regexp.h:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::emitConvertToFastCall):
        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
        (JSC::X86Assembler::emitRestoreArgumentReference):

2008-10-09  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Fix for bug #21160, x=0;1/(x*-1) == -Infinity

        * ChangeLog:
        * VM/CTI.cpp:
        (JSC::CTI::emitFastArithDeTagImmediate):
        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
        (JSC::CTI::compileBinaryArithOp):
        (JSC::CTI::compileBinaryArithOpSlowCase):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CTI.h:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::emitUnlinkedJs):

2008-10-09  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 21459: REGRESSION (r37324): Safari crashes inside JavaScriptCore while browsing hulu.com
        <https://bugs.webkit.org/show_bug.cgi?id=21459>

        After r37324, an Arguments object does not mark an associated activation
        object. This change was made because Arguments no longer directly used
        the activation object in any way. However, if an activation is torn off,
        then the backing store of Arguments becomes the register array of the
        activation object. Arguments directly marks all of the arguments, but
        the activation object is being collected, which causes its register
        array to be freed and new memory to be allocated in its place.

        Unfortunately, it does not seem possible to reproduce this issue in a
        layout test.

        * kjs/Arguments.cpp:
        (JSC::Arguments::mark):
        * kjs/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        (JSC::JSActivation::copyRegisters):

2008-10-09  Ariya Hidayat  <ariya.hidayat@trolltech.com>

        Reviewed by Simon.

        Build fix for MinGW.

        * wtf/AlwaysInline.h:

2008-10-08  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21497: REGRESSION (r37433): Bytecode JSC tests are severely broken
        <https://bugs.webkit.org/show_bug.cgi?id=21497>

        Fix a typo in r37433 that causes the failure of a large number of JSC
        tests with the bytecode interpreter enabled.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):

2008-10-08  Mark Rowe  <mrowe@apple.com>

        Windows build fix.

        * VM/CTI.cpp:
        (JSC::): Update type of argument to ctiTrampoline.

2008-10-08  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - https://bugs.webkit.org/show_bug.cgi?id=21403
          Bug 21403: use new CallFrame class rather than Register* for call frame manipulation

        Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
        client over to the new name.

        Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
        as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
        accessor functions to get at things in the frame.

        Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
        JSGlobalData* and in other cases eliminating them entirely.

        * API/JSObjectRef.cpp:
        (JSObjectMakeFunctionWithCallback):
        (JSObjectMakeFunction):
        (JSObjectHasProperty):
        (JSObjectGetProperty):
        (JSObjectSetProperty):
        (JSObjectDeleteProperty):
        * API/OpaqueJSString.cpp:
        * API/OpaqueJSString.h:
        * VM/CTI.cpp:
        (JSC::CTI::getConstant):
        (JSC::CTI::emitGetArg):
        (JSC::CTI::emitGetPutArg):
        (JSC::CTI::getConstantImmediateNumericArg):
        (JSC::CTI::printOpcodeOperandTypes):
        (JSC::CTI::CTI):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::compileBinaryArithOp):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompile):
        (JSC::CTI::privateCompileGetByIdProto):
        (JSC::CTI::privateCompileGetByIdChain):
        (JSC::CTI::compileRegExp):
        * VM/CTI.h:
        * VM/CodeBlock.h:
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitEqualityOp):
        (JSC::CodeGenerator::emitLoad):
        (JSC::CodeGenerator::emitUnexpectedLoad):
        (JSC::CodeGenerator::emitConstruct):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::jsLess):
        (JSC::jsLessEq):
        (JSC::jsAddSlowCase):
        (JSC::jsAdd):
        (JSC::jsTypeStringForValue):
        (JSC::Machine::resolve):
        (JSC::Machine::resolveSkip):
        (JSC::Machine::resolveGlobal):
        (JSC::inlineResolveBase):
        (JSC::Machine::resolveBase):
        (JSC::Machine::resolveBaseAndProperty):
        (JSC::Machine::resolveBaseAndFunc):
        (JSC::Machine::slideRegisterWindowForCall):
        (JSC::isNotObject):
        (JSC::Machine::callEval):
        (JSC::Machine::dumpCallFrame):
        (JSC::Machine::dumpRegisters):
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::throwException):
        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
        (JSC::Machine::execute):
        (JSC::Machine::debug):
        (JSC::Machine::createExceptionScope):
        (JSC::cachePrototypeChain):
        (JSC::Machine::tryCachePutByID):
        (JSC::Machine::tryCacheGetByID):
        (JSC::Machine::privateExecute):
        (JSC::Machine::retrieveArguments):
        (JSC::Machine::retrieveCaller):
        (JSC::Machine::retrieveLastCaller):
        (JSC::Machine::findFunctionCallFrame):
        (JSC::Machine::getArgumentsData):
        (JSC::Machine::tryCTICachePutByID):
        (JSC::Machine::getCTIArrayLengthTrampoline):
        (JSC::Machine::getCTIStringLengthTrampoline):
        (JSC::Machine::tryCTICacheGetByID):
        (JSC::Machine::cti_op_convert_this):
        (JSC::Machine::cti_op_end):
        (JSC::Machine::cti_op_add):
        (JSC::Machine::cti_op_pre_inc):
        (JSC::Machine::cti_timeout_check):
        (JSC::Machine::cti_op_loop_if_less):
        (JSC::Machine::cti_op_loop_if_lesseq):
        (JSC::Machine::cti_op_new_object):
        (JSC::Machine::cti_op_put_by_id):
        (JSC::Machine::cti_op_put_by_id_second):
        (JSC::Machine::cti_op_put_by_id_generic):
        (JSC::Machine::cti_op_put_by_id_fail):
        (JSC::Machine::cti_op_get_by_id):
        (JSC::Machine::cti_op_get_by_id_second):
        (JSC::Machine::cti_op_get_by_id_generic):
        (JSC::Machine::cti_op_get_by_id_fail):
        (JSC::Machine::cti_op_instanceof):
        (JSC::Machine::cti_op_del_by_id):
        (JSC::Machine::cti_op_mul):
        (JSC::Machine::cti_op_new_func):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_vm_compile):
        (JSC::Machine::cti_op_push_activation):
        (JSC::Machine::cti_op_call_NotJSFunction):
        (JSC::Machine::cti_op_create_arguments):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_tear_off_arguments):
        (JSC::Machine::cti_op_ret_profiler):
        (JSC::Machine::cti_op_ret_scopeChain):
        (JSC::Machine::cti_op_new_array):
        (JSC::Machine::cti_op_resolve):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        (JSC::Machine::cti_op_get_by_val):
        (JSC::Machine::cti_op_resolve_func):
        (JSC::Machine::cti_op_sub):
        (JSC::Machine::cti_op_put_by_val):
        (JSC::Machine::cti_op_put_by_val_array):
        (JSC::Machine::cti_op_lesseq):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_negate):
        (JSC::Machine::cti_op_resolve_base):
        (JSC::Machine::cti_op_resolve_skip):
        (JSC::Machine::cti_op_resolve_global):
        (JSC::Machine::cti_op_div):
        (JSC::Machine::cti_op_pre_dec):
        (JSC::Machine::cti_op_jless):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        (JSC::Machine::cti_op_post_inc):
        (JSC::Machine::cti_op_eq):
        (JSC::Machine::cti_op_lshift):
        (JSC::Machine::cti_op_bitand):
        (JSC::Machine::cti_op_rshift):
        (JSC::Machine::cti_op_bitnot):
        (JSC::Machine::cti_op_resolve_with_base):
        (JSC::Machine::cti_op_new_func_exp):
        (JSC::Machine::cti_op_mod):
        (JSC::Machine::cti_op_less):
        (JSC::Machine::cti_op_neq):
        (JSC::Machine::cti_op_post_dec):
        (JSC::Machine::cti_op_urshift):
        (JSC::Machine::cti_op_bitxor):
        (JSC::Machine::cti_op_new_regexp):
        (JSC::Machine::cti_op_bitor):
        (JSC::Machine::cti_op_call_eval):
        (JSC::Machine::cti_op_throw):
        (JSC::Machine::cti_op_get_pnames):
        (JSC::Machine::cti_op_next_pname):
        (JSC::Machine::cti_op_push_scope):
        (JSC::Machine::cti_op_pop_scope):
        (JSC::Machine::cti_op_typeof):
        (JSC::Machine::cti_op_to_jsnumber):
        (JSC::Machine::cti_op_in):
        (JSC::Machine::cti_op_push_new_scope):
        (JSC::Machine::cti_op_jmp_scopes):
        (JSC::Machine::cti_op_put_by_index):
        (JSC::Machine::cti_op_switch_imm):
        (JSC::Machine::cti_op_switch_char):
        (JSC::Machine::cti_op_switch_string):
        (JSC::Machine::cti_op_del_by_val):
        (JSC::Machine::cti_op_put_getter):
        (JSC::Machine::cti_op_put_setter):
        (JSC::Machine::cti_op_new_error):
        (JSC::Machine::cti_op_debug):
        (JSC::Machine::cti_vm_throw):
        * VM/Machine.h:
        * VM/Register.h:
        * VM/RegisterFile.h:
        * kjs/Arguments.h:
        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::functionName):
        (JSC::DebuggerCallFrame::type):
        (JSC::DebuggerCallFrame::thisObject):
        (JSC::DebuggerCallFrame::evaluate):
        * kjs/DebuggerCallFrame.h:
        * kjs/ExecState.cpp:
        (JSC::CallFrame::thisValue):
        * kjs/ExecState.h:
        * kjs/FunctionConstructor.cpp:
        (JSC::constructFunction):
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::JSActivation):
        (JSC::JSActivation::argumentsGetter):
        * kjs/JSActivation.h:
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
        * kjs/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval):
        * kjs/JSVariableObject.h:
        * kjs/Parser.cpp:
        (JSC::Parser::parse):
        * kjs/RegExpConstructor.cpp:
        (JSC::constructRegExp):
        * kjs/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncCompile):
        * kjs/Shell.cpp:
        (prettyPrintScript):
        * kjs/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):
        * kjs/identifier.cpp:
        (JSC::Identifier::checkSameIdentifierTable):
        * kjs/interpreter.cpp:
        (JSC::Interpreter::checkSyntax):
        (JSC::Interpreter::evaluate):
        * kjs/nodes.cpp:
        (JSC::ThrowableExpressionData::emitThrowError):
        (JSC::RegExpNode::emitCode):
        (JSC::ArrayNode::emitCode):
        (JSC::InstanceOfNode::emitCode):
        * kjs/nodes.h:
        * kjs/regexp.cpp:
        (JSC::RegExp::RegExp):
        (JSC::RegExp::create):
        * kjs/regexp.h:
        * profiler/HeavyProfile.h:
        * profiler/Profile.h:
        * wrec/WREC.cpp:
        * wrec/WREC.h:

2008-10-08  Mark Rowe  <mrowe@apple.com>

        Typed by Maciej Stachowiak, reviewed by Mark Rowe.

        Fix crash in fast/js/constant-folding.html with CTI disabled.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):

2008-10-08  Timothy Hatcher  <timothy@apple.com>

        Roll out r37427 because it causes an infinite recursion loading about:blank.

        https://bugs.webkit.org/show_bug.cgi?id=21476

2008-10-08  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - https://bugs.webkit.org/show_bug.cgi?id=21403
          Bug 21403: use new CallFrame class rather than Register* for call frame manipulation

        Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
        client over to the new name.

        Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
        as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
        accessor functions to get at things in the frame.

        Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
        JSGlobalData* and in other cases eliminating them entirely.

        * API/JSObjectRef.cpp:
        (JSObjectMakeFunctionWithCallback):
        (JSObjectMakeFunction):
        (JSObjectHasProperty):
        (JSObjectGetProperty):
        (JSObjectSetProperty):
        (JSObjectDeleteProperty):
        * API/OpaqueJSString.cpp:
        * API/OpaqueJSString.h:
        * VM/CTI.cpp:
        (JSC::CTI::getConstant):
        (JSC::CTI::emitGetArg):
        (JSC::CTI::emitGetPutArg):
        (JSC::CTI::getConstantImmediateNumericArg):
        (JSC::CTI::printOpcodeOperandTypes):
        (JSC::CTI::CTI):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::compileBinaryArithOp):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompile):
        (JSC::CTI::privateCompileGetByIdProto):
        (JSC::CTI::privateCompileGetByIdChain):
        (JSC::CTI::compileRegExp):
        * VM/CTI.h:
        * VM/CodeBlock.h:
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitEqualityOp):
        (JSC::CodeGenerator::emitLoad):
        (JSC::CodeGenerator::emitUnexpectedLoad):
        (JSC::CodeGenerator::emitConstruct):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::jsLess):
        (JSC::jsLessEq):
        (JSC::jsAddSlowCase):
        (JSC::jsAdd):
        (JSC::jsTypeStringForValue):
        (JSC::Machine::resolve):
        (JSC::Machine::resolveSkip):
        (JSC::Machine::resolveGlobal):
        (JSC::inlineResolveBase):
        (JSC::Machine::resolveBase):
        (JSC::Machine::resolveBaseAndProperty):
        (JSC::Machine::resolveBaseAndFunc):
        (JSC::Machine::slideRegisterWindowForCall):
        (JSC::isNotObject):
        (JSC::Machine::callEval):
        (JSC::Machine::dumpCallFrame):
        (JSC::Machine::dumpRegisters):
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::throwException):
        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
        (JSC::Machine::execute):
        (JSC::Machine::debug):
        (JSC::Machine::createExceptionScope):
        (JSC::cachePrototypeChain):
        (JSC::Machine::tryCachePutByID):
        (JSC::Machine::tryCacheGetByID):
        (JSC::Machine::privateExecute):
        (JSC::Machine::retrieveArguments):
        (JSC::Machine::retrieveCaller):
        (JSC::Machine::retrieveLastCaller):
        (JSC::Machine::findFunctionCallFrame):
        (JSC::Machine::getArgumentsData):
        (JSC::Machine::tryCTICachePutByID):
        (JSC::Machine::getCTIArrayLengthTrampoline):
        (JSC::Machine::getCTIStringLengthTrampoline):
        (JSC::Machine::tryCTICacheGetByID):
        (JSC::Machine::cti_op_convert_this):
        (JSC::Machine::cti_op_end):
        (JSC::Machine::cti_op_add):
        (JSC::Machine::cti_op_pre_inc):
        (JSC::Machine::cti_timeout_check):
        (JSC::Machine::cti_op_loop_if_less):
        (JSC::Machine::cti_op_loop_if_lesseq):
        (JSC::Machine::cti_op_new_object):
        (JSC::Machine::cti_op_put_by_id):
        (JSC::Machine::cti_op_put_by_id_second):
        (JSC::Machine::cti_op_put_by_id_generic):
        (JSC::Machine::cti_op_put_by_id_fail):
        (JSC::Machine::cti_op_get_by_id):
        (JSC::Machine::cti_op_get_by_id_second):
        (JSC::Machine::cti_op_get_by_id_generic):
        (JSC::Machine::cti_op_get_by_id_fail):
        (JSC::Machine::cti_op_instanceof):
        (JSC::Machine::cti_op_del_by_id):
        (JSC::Machine::cti_op_mul):
        (JSC::Machine::cti_op_new_func):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_vm_compile):
        (JSC::Machine::cti_op_push_activation):
        (JSC::Machine::cti_op_call_NotJSFunction):
        (JSC::Machine::cti_op_create_arguments):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_tear_off_arguments):
        (JSC::Machine::cti_op_ret_profiler):
        (JSC::Machine::cti_op_ret_scopeChain):
        (JSC::Machine::cti_op_new_array):
        (JSC::Machine::cti_op_resolve):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        (JSC::Machine::cti_op_get_by_val):
        (JSC::Machine::cti_op_resolve_func):
        (JSC::Machine::cti_op_sub):
        (JSC::Machine::cti_op_put_by_val):
        (JSC::Machine::cti_op_put_by_val_array):
        (JSC::Machine::cti_op_lesseq):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_negate):
        (JSC::Machine::cti_op_resolve_base):
        (JSC::Machine::cti_op_resolve_skip):
        (JSC::Machine::cti_op_resolve_global):
        (JSC::Machine::cti_op_div):
        (JSC::Machine::cti_op_pre_dec):
        (JSC::Machine::cti_op_jless):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        (JSC::Machine::cti_op_post_inc):
        (JSC::Machine::cti_op_eq):
        (JSC::Machine::cti_op_lshift):
        (JSC::Machine::cti_op_bitand):
        (JSC::Machine::cti_op_rshift):
        (JSC::Machine::cti_op_bitnot):
        (JSC::Machine::cti_op_resolve_with_base):
        (JSC::Machine::cti_op_new_func_exp):
        (JSC::Machine::cti_op_mod):
        (JSC::Machine::cti_op_less):
        (JSC::Machine::cti_op_neq):
        (JSC::Machine::cti_op_post_dec):
        (JSC::Machine::cti_op_urshift):
        (JSC::Machine::cti_op_bitxor):
        (JSC::Machine::cti_op_new_regexp):
        (JSC::Machine::cti_op_bitor):
        (JSC::Machine::cti_op_call_eval):
        (JSC::Machine::cti_op_throw):
        (JSC::Machine::cti_op_get_pnames):
        (JSC::Machine::cti_op_next_pname):
        (JSC::Machine::cti_op_push_scope):
        (JSC::Machine::cti_op_pop_scope):
        (JSC::Machine::cti_op_typeof):
        (JSC::Machine::cti_op_to_jsnumber):
        (JSC::Machine::cti_op_in):
        (JSC::Machine::cti_op_push_new_scope):
        (JSC::Machine::cti_op_jmp_scopes):
        (JSC::Machine::cti_op_put_by_index):
        (JSC::Machine::cti_op_switch_imm):
        (JSC::Machine::cti_op_switch_char):
        (JSC::Machine::cti_op_switch_string):
        (JSC::Machine::cti_op_del_by_val):
        (JSC::Machine::cti_op_put_getter):
        (JSC::Machine::cti_op_put_setter):
        (JSC::Machine::cti_op_new_error):
        (JSC::Machine::cti_op_debug):
        (JSC::Machine::cti_vm_throw):
        * VM/Machine.h:
        * VM/Register.h:
        * VM/RegisterFile.h:
        * kjs/Arguments.h:
        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::functionName):
        (JSC::DebuggerCallFrame::type):
        (JSC::DebuggerCallFrame::thisObject):
        (JSC::DebuggerCallFrame::evaluate):
        * kjs/DebuggerCallFrame.h:
        * kjs/ExecState.cpp:
        (JSC::CallFrame::thisValue):
        * kjs/ExecState.h:
        * kjs/FunctionConstructor.cpp:
        (JSC::constructFunction):
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::JSActivation):
        (JSC::JSActivation::argumentsGetter):
        * kjs/JSActivation.h:
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
        * kjs/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval):
        * kjs/JSVariableObject.h:
        * kjs/Parser.cpp:
        (JSC::Parser::parse):
        * kjs/RegExpConstructor.cpp:
        (JSC::constructRegExp):
        * kjs/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncCompile):
        * kjs/Shell.cpp:
        (prettyPrintScript):
        * kjs/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):
        * kjs/identifier.cpp:
        (JSC::Identifier::checkSameIdentifierTable):
        * kjs/interpreter.cpp:
        (JSC::Interpreter::checkSyntax):
        (JSC::Interpreter::evaluate):
        * kjs/nodes.cpp:
        (JSC::ThrowableExpressionData::emitThrowError):
        (JSC::RegExpNode::emitCode):
        (JSC::ArrayNode::emitCode):
        (JSC::InstanceOfNode::emitCode):
        * kjs/nodes.h:
        * kjs/regexp.cpp:
        (JSC::RegExp::RegExp):
        (JSC::RegExp::create):
        * kjs/regexp.h:
        * profiler/HeavyProfile.h:
        * profiler/Profile.h:
        * wrec/WREC.cpp:
        * wrec/WREC.h:

2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>

        Reviewed by Oliver Hunt.

        Avoid endless loops when compiling without the computed goto
        optimization.

        NEXT_OPCODE expands to "continue", which will not work inside
        loops.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):

2008-10-08  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.

        Re-landing the following fix with the crashing bug in it fixed (r37405):
        
        - optimize away multiplication by constant 1.0
        
        2.3% speedup on v8 RayTrace benchmark

        Apparently it's not uncommon for JavaScript code to multiply by
        constant 1.0 in the mistaken belief that this converts integer to
        floating point and that there is any operational difference.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
        case where parameter is already number.
        (JSC::CTI::privateCompileSlowCases): ditto
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute): ditto
        * kjs/grammar.y:
        (makeMultNode): Transform as follows:
        +FOO * BAR ==> FOO * BAR
        FOO * +BAR ==> FOO * BAR
        FOO * 1 ==> +FOO
        1 * FOO ==> +FOO
        (makeDivNode): Transform as follows:
        +FOO / BAR ==> FOO / BAR
        FOO / +BAR ==> FOO / BAR
        (makeSubNode): Transform as follows:
        +FOO - BAR ==> FOO - BAR
        FOO - +BAR ==> FOO - BAR
        * kjs/nodes.h:
        (JSC::ExpressionNode::stripUnaryPlus): Helper for above
        grammar.y changes
        (JSC::UnaryPlusNode::stripUnaryPlus): ditto

2008-10-08  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.
        
        - correctly handle appending -0 to a string, it should stringify as just 0

        * kjs/ustring.cpp:
        (JSC::concatenate):

2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>

        Reviewed by Simon.

        Fix WebKit compilation with VC2008SP1

        Apply the TR1 workaround for JavaScriptCore, too.

        * JavaScriptCore.pro:

2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>

        Reviewed by Simon.

        Fix compilation errors on VS2008 64Bit

        * kjs/collector.cpp:
        (JSC::currentThreadStackBase):

2008-10-08  André Pönitz  <apoenitz@trolltech.com>

        Reviewed by Simon.

        Fix compilation with Qt namespaces.

        * wtf/Threading.h:

2008-10-07  Sam Weinig  <sam@webkit.org>

        Roll out r37405.

2008-10-07  Oliver Hunt  <oliver@apple.com>

        Reviewed by Cameron Zwarich.

        Switch CTI runtime calls to the fastcall calling convention

        Basically this means that we get to store the argument for CTI
        calls in the ECX register, which saves a register->memory write
        and subsequent memory->register read.
        
        This is a 1.7% progression in SunSpider and 2.4% on commandline
        v8 tests on Windows

        * VM/CTI.cpp:
        (JSC::):
        (JSC::CTI::privateCompilePutByIdTransition):
        (JSC::CTI::privateCompilePatchGetArrayLength):
        * VM/CTI.h:
        * VM/Machine.h:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::emitRestoreArgumentReference):
        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
          We need this to correctly reload ecx from inside certain property access
          trampolines.
        * wtf/Platform.h:

2008-10-07  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Mark Rowe.
        
        - optimize away multiplication by constant 1.0
        
        2.3% speedup on v8 RayTrace benchmark

        Apparently it's not uncommon for JavaScript code to multiply by
        constant 1.0 in the mistaken belief that this converts integer to
        floating point and that there is any operational difference.
        
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
        case where parameter is already number.
        (JSC::CTI::privateCompileSlowCases): ditto
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute): ditto
        * kjs/grammar.y:
        (makeMultNode): Transform as follows:
        +FOO * BAR ==> FOO * BAR
        FOO * +BAR ==> FOO * BAR
        FOO * 1 ==> +FOO
        1 * FOO ==> +FOO
        (makeDivNode): Transform as follows:
        +FOO / BAR ==> FOO / BAR
        FOO / +BAR ==> FOO / BAR
        (makeSubNode): Transform as follows:
        +FOO - BAR ==> FOO - BAR
        FOO - +BAR ==> FOO - BAR
        * kjs/nodes.h:
        (JSC::ExpressionNode::stripUnaryPlus): Helper for above
        grammar.y changes
        (JSC::UnaryPlusNode::stripUnaryPlus): ditto

2008-10-07  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.
        
        - make constant folding code more consistent
        
        Added a makeSubNode to match add, mult and div; use the makeFooNode functions always,
        instead of allocating nodes directly in other places in the grammar.

        * kjs/grammar.y:

2008-10-07  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Move hasGetterSetterProperties flag from PropertyMap to StructureID.

        * kjs/JSObject.cpp:
        (JSC::JSObject::put):
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        * kjs/JSObject.h:
        (JSC::JSObject::hasGetterSetterProperties):
        (JSC::JSObject::getOwnPropertySlotForWrite):
        (JSC::JSObject::getOwnPropertySlot):
        * kjs/PropertyMap.h:
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::addPropertyTransition):
        (JSC::StructureID::toDictionaryTransition):
        (JSC::StructureID::changePrototypeTransition):
        (JSC::StructureID::getterSetterTransition):
        * kjs/StructureID.h:
        (JSC::StructureID::hasGetterSetterProperties):
        (JSC::StructureID::setHasGetterSetterProperties):

2008-10-07  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Roll r37370 back in with bug fixes.

        - PropertyMap::storageSize() should reflect the number of keys + deletedOffsets
          and has nothing to do with the internal deletedSentinel count anymore.

2008-10-07  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Move callframe initialization into JIT code, again.
        
        As a part of the restructuring the second result from functions is now
        returned in edx, allowing the new value of 'r' to be returned via a
        register, and stored to the stack from JIT code, too.

        4.5% progression on v8-tests. (3% in their harness)

        * VM/CTI.cpp:
        (JSC::):
        (JSC::CTI::emitCall):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        * VM/CTI.h:
        (JSC::CallRecord::CallRecord):
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_resolve_func):
        (JSC::Machine::cti_op_post_inc):
        (JSC::Machine::cti_op_resolve_with_base):
        (JSC::Machine::cti_op_post_dec):
        * VM/Machine.h:
        * kjs/JSFunction.h:
        * kjs/ScopeChain.h:

2008-10-07  Mark Rowe  <mrowe@apple.com>

        Fix typo in method name.

        * wrec/WREC.cpp:
        * wrec/WREC.h:

2008-10-07  Cameron Zwarich  <zwarich@apple.com>

        Rubber-stamped by Mark Rowe.

        Roll out r37370.

2008-10-06  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21415
        Improve the division between PropertyStorageArray and PropertyMap

        - Rework ProperyMap to store offsets in the value so that they don't
          change when rehashing.  This allows us not to have to keep the 
          PropertyStorageArray in sync and thus not have to pass it in.
        - Rename PropertyMap::getOffset -> PropertyMap::get since put/remove
          now also return offsets.
        - A Vector of deleted offsets is now needed since the storage is out of
          band.

        1% win on SunSpider.  Wash on V8 suite.

        * JavaScriptCore.exp:
        * VM/CTI.cpp:
        (JSC::transitionWillNeedStorageRealloc):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        Transition logic can be greatly simplified by the fact that
        the storage capacity is always known, and is correct for the
        inline case.
        * kjs/JSObject.cpp:
        (JSC::JSObject::put): Rename getOffset -> get.
        (JSC::JSObject::deleteProperty): Ditto.
        (JSC::JSObject::getPropertyAttributes): Ditto.
        (JSC::JSObject::removeDirect): Use returned offset to
        clear the value in the PropertyNameArray.
        (JSC::JSObject::allocatePropertyStorage): Add assert.
        * kjs/JSObject.h:
        (JSC::JSObject::getDirect): Rename getOffset -> get
        (JSC::JSObject::getDirectLocation): Rename getOffset -> get
        (JSC::JSObject::putDirect): Use propertyStorageCapacity to determine whether
        or not to resize.  Also, since put now returns an offset (and thus 
        addPropertyTransition does also) setting of the PropertyStorageArray is
        now done here.
        (JSC::JSObject::transitionTo):
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::checkConsistency): PropertyStorageArray is no longer 
        passed in.
        (JSC::PropertyMap::operator=): Copy the delete offsets vector.
        (JSC::PropertyMap::put): Instead of setting the PropertyNameArray
        explicitly, return the offset where the value should go.
        (JSC::PropertyMap::remove): Instead of removing from the PropertyNameArray
        explicitly, return the offset where the value should be removed.
        (JSC::PropertyMap::get): Switch to using the stored offset, instead
        of the implicit one.
        (JSC::PropertyMap::insert):
        (JSC::PropertyMap::expand): This is never called when m_table is null,
        so remove that branch and add it as an assertion.
        (JSC::PropertyMap::createTable): Consistency checks no longer take
        a PropertyNameArray.
        (JSC::PropertyMap::rehash): No need to rehash the PropertyNameArray
        now that it is completely out of band.
        * kjs/PropertyMap.h:
        (JSC::PropertyMapEntry::PropertyMapEntry): Store offset into PropertyNameArray.
        (JSC::PropertyMap::get): Switch to using the stored offset, instead
        of the implicit one.
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID): Initialize the propertyStorageCapacity to 
        JSObject::inlineStorageCapacity.
        (JSC::StructureID::growPropertyStorageCapacity): Grow the storage capacity as
        described below.
        (JSC::StructureID::addPropertyTransition): Copy the storage capacity.
        (JSC::StructureID::toDictionaryTransition): Ditto.
        (JSC::StructureID::changePrototypeTransition): Ditto.
        (JSC::StructureID::getterSetterTransition): Ditto.
        * kjs/StructureID.h:
        (JSC::StructureID::propertyStorageCapacity): Add propertyStorageCapacity
        which is the current capacity for the JSObjects PropertyStorageArray.
        It starts at the JSObject::inlineStorageCapacity (currently 2), then
        when it first needs to be resized moves to the JSObject::nonInlineBaseStorageCapacity
        (currently 16), and after that doubles each time.

2008-10-06  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 21396: Remove the OptionalCalleeActivation call frame slot
        <https://bugs.webkit.org/show_bug.cgi?id=21396>

        Remove the OptionalCalleeActivation call frame slot. We have to be
        careful to store the activation object in a register, because objects
        in the scope chain do not get marked.

        This is a 0.3% speedup on both SunSpider and the V8 benchmark.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        (JSC::CodeGenerator::emitReturn):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::Machine::dumpRegisters):
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_push_activation):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_construct_JSConstruct):
        * VM/Machine.h:
        (JSC::Machine::initializeCallFrame):
        * VM/RegisterFile.h:
        (JSC::RegisterFile::):

2008-10-06  Tony Chang  <tony@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Chromium doesn't use pthreads on windows, so make its use conditional.
        
        Also convert a WORD to a DWORD to avoid a compiler warning.  This
        matches the other methods around it.

        * wtf/ThreadingWin.cpp:
        (WTF::wtfThreadEntryPoint):
        (WTF::ThreadCondition::broadcast):

2008-10-06  Mark Mentovai  <mark@moxienet.com>

        Reviewed by Tim Hatcher.

        Allow ENABLE_DASHBOARD_SUPPORT and ENABLE_MAC_JAVA_BRIDGE to be
        disabled on the Mac.

        https://bugs.webkit.org/show_bug.cgi?id=21333

        * wtf/Platform.h:

2008-10-06  Steve Falkenburg  <sfalken@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=21416
        Pass 0 for size to VirtualAlloc, as documented by MSDN.
        Identified by Application Verifier.
        
        Reviewed by Darin Adler.

        * kjs/collector.cpp:
        (KJS::freeBlock):

2008-10-06  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Tim Hatcheri and Oliver Hunt.

        https://bugs.webkit.org/show_bug.cgi?id=21412
        Bug 21412: Refactor user initiated profile count to be more stable
        - Export UString::from for use with creating the profile title.

        * JavaScriptCore.exp:

2008-10-06  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed. Build fix.
        
        - revert toBoolean changes (r37333 and r37335); need to make WebCore work with these

        * API/JSValueRef.cpp:
        (JSValueToBoolean):
        * ChangeLog:
        * JavaScriptCore.exp:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        * kjs/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncFilter):
        (JSC::arrayProtoFuncEvery):
        (JSC::arrayProtoFuncSome):
        * kjs/BooleanConstructor.cpp:
        (JSC::constructBoolean):
        (JSC::callBooleanConstructor):
        * kjs/GetterSetter.h:
        * kjs/JSCell.h:
        (JSC::JSValue::toBoolean):
        * kjs/JSNumberCell.cpp:
        (JSC::JSNumberCell::toBoolean):
        * kjs/JSNumberCell.h:
        * kjs/JSObject.cpp:
        (JSC::JSObject::toBoolean):
        * kjs/JSObject.h:
        * kjs/JSString.cpp:
        (JSC::JSString::toBoolean):
        * kjs/JSString.h:
        * kjs/JSValue.h:
        * kjs/RegExpConstructor.cpp:
        (JSC::setRegExpConstructorMultiline):
        * kjs/RegExpObject.cpp:
        (JSC::RegExpObject::match):
        * kjs/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncToString):

2008-10-06  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Sam Weinig.
        
        - optimize op_jtrue, op_loop_if_true and op_not in various ways
        https://bugs.webkit.org/show_bug.cgi?id=21404
        
        1) Make JSValue::toBoolean nonvirtual and completely inline by
        making use of the StructureID type field.
        
        2) Make JSValue::toBoolean not take an ExecState; doesn't need it.
        
        3) Make op_not, op_loop_if_true and op_jtrue not read the
        ExecState (toBoolean doesn't need it any more) and not check
        exceptions (toBoolean can't throw).

        * API/JSValueRef.cpp:
        (JSValueToBoolean):
        * JavaScriptCore.exp:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        * kjs/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncFilter):
        (JSC::arrayProtoFuncEvery):
        (JSC::arrayProtoFuncSome):
        * kjs/BooleanConstructor.cpp:
        (JSC::constructBoolean):
        (JSC::callBooleanConstructor):
        * kjs/GetterSetter.h:
        * kjs/JSCell.h:
        (JSC::JSValue::toBoolean):
        * kjs/JSNumberCell.cpp:
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::toBoolean):
        * kjs/JSObject.cpp:
        * kjs/JSObject.h:
        (JSC::JSObject::toBoolean):
        (JSC::JSCell::toBoolean):
        * kjs/JSString.cpp:
        * kjs/JSString.h:
        (JSC::JSString::toBoolean):
        * kjs/JSValue.h:
        * kjs/RegExpConstructor.cpp:
        (JSC::setRegExpConstructorMultiline):
        * kjs/RegExpObject.cpp:
        (JSC::RegExpObject::match):
        * kjs/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncToString):

2008-10-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>

        Reviewed by Simon.

        Build fix for MinGW.

        * JavaScriptCore.pri:
        * kjs/DateMath.cpp:
        (JSC::highResUpTime):

2008-10-05  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Remove ScopeNode::containsClosures() now that it is unused.

        * kjs/nodes.h:
        (JSC::ScopeNode::containsClosures):

2008-10-05  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - fix releas-only test failures caused by the fix to bug 21375

        * VM/Machine.cpp:
        (JSC::Machine::unwindCallFrame): Update ExecState while unwinding call frames;
        it now matters more to have a still-valid ExecState, since dynamicGlobalObject
        will make use of the ExecState's scope chain.
        * VM/Machine.h:

2008-10-05  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
        <https://bugs.webkit.org/show_bug.cgi?id=21364>

        Use information from the parser to detect whether an activation is
        needed or 'arguments' is used, and emit explicit instructions to tear
        them off before op_ret. This allows a branch to be removed from op_ret
        and simplifies some other code. This does cause a small change in the
        behaviour of 'f.arguments'; it is no longer live when 'arguments' is not
        mentioned in the lexical scope of the function.

        It should now be easy to remove the OptionaCalleeActivation slot in the
        call frame, but this will be done in a later patch.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitReturn):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::privateExecute):
        (JSC::Machine::retrieveArguments):
        (JSC::Machine::cti_op_create_arguments):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_tear_off_arguments):
        * VM/Machine.h:
        * VM/Opcode.h:
        * kjs/Arguments.cpp:
        (JSC::Arguments::mark):
        * kjs/Arguments.h:
        (JSC::Arguments::isTornOff):
        (JSC::Arguments::Arguments):
        (JSC::Arguments::copyRegisters):
        (JSC::JSActivation::copyRegisters):
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::argumentsGetter):
        * kjs/JSActivation.h:

2008-10-05  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.
        
        - fixed "REGRESSION (r37297): fast/js/deep-recursion-test takes too long and times out"
        https://bugs.webkit.org/show_bug.cgi?id=21375
        
        The problem is that dynamicGlobalObject had become O(N) in number
        of call frames, but unwinding the stack for an exception called it
        for every call frame, resulting in O(N^2) behavior for an
        exception thrown from inside deep recursion.

        Instead of doing it that way, stash the dynamic global object in JSGlobalData.
        
        * JavaScriptCore.exp:
        * VM/Machine.cpp:
        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Helper class to temporarily
        store and later restore a dynamicGlobalObject in JSGlobalData.
        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
        (JSC::Machine::execute): In each version, establish a DynamicGlobalObjectScope.
        For ProgramNode, always establish set new dynamicGlobalObject, for FunctionBody and Eval,
        only if none is currently set.
        * VM/Machine.h:
        * kjs/ExecState.h:
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Ininitalize new dynamicGlobalObject field to 0.
        * kjs/JSGlobalData.h:
        * kjs/JSGlobalObject.h:
        (JSC::ExecState::dynamicGlobalObject): Moved here from ExecState for benefit of inlining.
        Return lexical global object if this is a globalExec(), otherwise look in JSGlobalData
        for the one stashed there.

2008-10-05  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Avoid an extra lookup when transitioning to an existing StructureID
        by caching the offset of property that caused the transition.

        1% win on V8 suite.  Wash on SunSpider.

        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::put):
        * kjs/PropertyMap.h:
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::addPropertyTransition):
        * kjs/StructureID.h:
        (JSC::StructureID::setCachedTransistionOffset):
        (JSC::StructureID::cachedTransistionOffset):

2008-10-05  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
        <https://bugs.webkit.org/show_bug.cgi?id=21364>

        This patch does not yet remove the branch, but it does a bit of refactoring
        so that a CodeGenerator now knows whether the associated CodeBlock will need
        a full scope before doing any code generation. This makes it possible to emit
        explicit tear-off instructions before every op_ret.

        * VM/CodeBlock.h:
        (JSC::CodeBlock::CodeBlock):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::generate):
        (JSC::CodeGenerator::CodeGenerator):
        (JSC::CodeGenerator::emitPushScope):
        (JSC::CodeGenerator::emitPushNewScope):
        * kjs/nodes.h:
        (JSC::ScopeNode::needsActivation):

2008-10-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Fix for bug #21387 - using SamplingTool with CTI.

        (1) A repatch offset offset changes due to an additional instruction to update SamplingTool state.
        (2) Fix an incusion order problem due to ExecState changes.
        (3) Change to a MACHINE_SAMPLING macro, use of exec should now be accessing global data.

        * VM/CTI.h:
        (JSC::CTI::execute):
        * VM/SamplingTool.h:
        (JSC::SamplingTool::privateExecuteReturned):
        * kjs/Shell.cpp:

2008-10-04  Mark Rowe  <mrowe@apple.com>

        Reviewed by Tim Hatcher.

        Add a 'Check For Weak VTables' build phase to catch weak vtables as early as possible.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2008-10-04  Sam Weinig  <sam@webkit.org>

        Reviewed by Oliver Hunt.

        Fix https://bugs.webkit.org/show_bug.cgi?id=21320
        leaks of PropertyNameArrayData seen on buildbot

        - Fix RefPtr cycle by making PropertyNameArrayData's pointer back
          to the StructureID a weak pointer.

        * kjs/PropertyNameArray.h:
        (JSC::PropertyNameArrayData::setCachedStructureID):
        (JSC::PropertyNameArrayData::cachedStructureID):
        * kjs/StructureID.cpp:
        (JSC::StructureID::getEnumerablePropertyNames):
        (JSC::StructureID::clearEnumerationCache):
        (JSC::StructureID::~StructureID):

2008-10-04  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - https://bugs.webkit.org/show_bug.cgi?id=21295
          Bug 21295: Replace ExecState with a call frame Register pointer

        10% faster on Richards; other v8 benchmarks faster too.
        A wash on SunSpider.

        This does the minimum necessary to get the speedup. Next step in
        cleaning this up is to replace ExecState with a CallFrame class,
        and be more judicious about when to pass a call frame and when
        to pass a global data pointer, global object pointer, or perhaps
        something else entirely.

        * VM/CTI.cpp: Remove the debug-only check of the exception in
        ctiVMThrowTrampoline -- already checked in the code the trampoline
        jumps to, so not all that useful. Removed the exec argument from
        ctiTrampoline. Removed emitDebugExceptionCheck -- no longer needed.
        (JSC::CTI::emitCall): Removed code to set ExecState::m_callFrame.
        (JSC::CTI::privateCompileMainPass): Removed code in catch to extract
        the exception from ExecState::m_exception; instead, the code that
        jumps into catch will make sure the exception is already in eax.
        * VM/CTI.h: Removed exec from the ctiTrampoline. Also removed the
        non-helpful "volatile". Temporarily left ARG_exec in as a synonym
        for ARG_r; I'll change that on a future cleanup pass when introducing
        more use of the CallFrame type.
        (JSC::CTI::execute): Removed the ExecState* argument.

        * VM/ExceptionHelpers.cpp:
        (JSC::InterruptedExecutionError::InterruptedExecutionError): Take
        JSGlobalData* instead of ExecState*.
        (JSC::createInterruptedExecutionException): Ditto.
        * VM/ExceptionHelpers.h: Ditto. Also removed an unneeded include.

        * VM/Machine.cpp:
        (JSC::slideRegisterWindowForCall): Removed the exec and
        exceptionValue arguments. Changed to return 0 when there's a stack
        overflow rather than using a separate exception argument to cut
        down on memory accesses in the calling convention.
        (JSC::Machine::unwindCallFrame): Removed the exec argument when
        constructing a DebuggerCallFrame. Also removed code to set
        ExecState::m_callFrame.
        (JSC::Machine::throwException): Removed the exec argument when
        construction a DebuggerCallFrame.
        (JSC::Machine::execute): Updated to use the register instead of
        ExecState and also removed various uses of ExecState.
        (JSC::Machine::debug):
        (JSC::Machine::privateExecute): Put globalData into a local
        variable so it can be used throughout the interpreter. Changed
        the VM_CHECK_EXCEPTION to get the exception in globalData instead
        of through ExecState.
        (JSC::Machine::retrieveLastCaller): Turn exec into a registers
        pointer by calling registers() instead of by getting m_callFrame.
        (JSC::Machine::callFrame): Ditto.
        Tweaked exception macros. Made new versions for when you know
        you have an exception. Get at global exception with ARG_globalData.
        Got rid of the need to pass in the return value type.
        (JSC::Machine::cti_op_add): Update to use new version of exception
        macros.
        (JSC::Machine::cti_op_pre_inc): Ditto.
        (JSC::Machine::cti_timeout_check): Ditto.
        (JSC::Machine::cti_op_instanceof): Ditto.
        (JSC::Machine::cti_op_new_func): Ditto.
        (JSC::Machine::cti_op_call_JSFunction): Optimized by using the
        ARG values directly instead of through local variables -- this gets
        rid of code that just shuffles things around in the stack frame.
        Also get rid of ExecState and update for the new way exceptions are
        handled in slideRegisterWindowForCall.
        (JSC::Machine::cti_vm_compile): Update to make exec out of r since
        they are both the same thing now.
        (JSC::Machine::cti_op_call_NotJSFunction): Ditto.
        (JSC::Machine::cti_op_init_arguments): Ditto.
        (JSC::Machine::cti_op_resolve): Ditto.
        (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
        (JSC::Machine::cti_op_construct_NotJSConstruct): Ditto.
        (JSC::Machine::cti_op_resolve_func): Ditto.
        (JSC::Machine::cti_op_put_by_val): Ditto.
        (JSC::Machine::cti_op_put_by_val_array): Ditto.
        (JSC::Machine::cti_op_resolve_skip): Ditto.
        (JSC::Machine::cti_op_resolve_global): Ditto.
        (JSC::Machine::cti_op_post_inc): Ditto.
        (JSC::Machine::cti_op_resolve_with_base): Ditto.
        (JSC::Machine::cti_op_post_dec): Ditto.
        (JSC::Machine::cti_op_call_eval): Ditto.
        (JSC::Machine::cti_op_throw): Ditto. Also rearranged to return
        the exception value as the return value so it can be used by
        op_catch.
        (JSC::Machine::cti_op_push_scope): Ditto.
        (JSC::Machine::cti_op_in): Ditto.
        (JSC::Machine::cti_op_del_by_val): Ditto.
        (JSC::Machine::cti_vm_throw): Ditto. Also rearranged to return
        the exception value as the return value so it can be used by
        op_catch.

        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::functionName): Pass globalData.
        (JSC::DebuggerCallFrame::evaluate): Eliminated code to make a
        new ExecState.
        * kjs/DebuggerCallFrame.h: Removed ExecState argument from
        constructor.

        * kjs/ExecState.h: Eliminated all data members and made ExecState
        inherit privately from Register instead. Also added a typedef to
        the future name for this class, which is CallFrame. It's just a
        Register* that knows it's a pointer at a call frame. The new class
        can't be constructed or copied. Changed all functions to use
        the this pointer instead of m_callFrame. Changed exception-related
        functions to access an exception in JSGlobalData. Removed functions
        used by CTI to pass the return address to the throw machinery --
        this is now done directly with a global in the global data.

        * kjs/FunctionPrototype.cpp:
        (JSC::functionProtoFuncToString): Pass globalData instead of exec.

        * kjs/InternalFunction.cpp:
        (JSC::InternalFunction::name): Take globalData instead of exec.
        * kjs/InternalFunction.h: Ditto.

        * kjs/JSGlobalData.cpp: Initialize the new exception global to 0.
        * kjs/JSGlobalData.h: Declare two new globals. One for the current
        exception and another for the return address used by CTI to
        implement the throw operation.

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init): Removed code to set up globalExec,
        which is now the same thing as globalCallFrame.
        (JSC::JSGlobalObject::reset): Get globalExec from our globalExec
        function so we don't have to repeat the logic twice.
        (JSC::JSGlobalObject::mark): Removed code to mark the exception;
        the exception is now stored in JSGlobalData and marked there.
        (JSC::JSGlobalObject::globalExec): Return a pointer to the end
        of the global call frame.
        * kjs/JSGlobalObject.h: Removed the globalExec data member.

        * kjs/JSObject.cpp:
        (JSC::JSObject::putDirectFunction): Pass globalData instead of exec.

        * kjs/collector.cpp:
        (JSC::Heap::collect): Mark the global exception.

        * profiler/ProfileGenerator.cpp:
        (JSC::ProfileGenerator::addParentForConsoleStart): Pass globalData
        instead of exec to createCallIdentifier.

        * profiler/Profiler.cpp:
        (JSC::Profiler::willExecute): Pass globalData instead of exec to
        createCallIdentifier.
        (JSC::Profiler::didExecute): Ditto.
        (JSC::Profiler::createCallIdentifier): Take globalData instead of
        exec.
        (JSC::createCallIdentifierFromFunctionImp): Ditto.
        * profiler/Profiler.h: Change interface to take a JSGlobalData
        instead of an ExecState.

2008-10-04  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Darin Adler.

        Bug 21369: Add opcode documentation for all undocumented opcodes
        <https://bugs.webkit.org/show_bug.cgi?id=21369>

        This patch adds opcode documentation for all undocumented opcodes, and
        it also renames op_init_arguments to op_create_arguments.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_create_arguments):
        * VM/Machine.h:
        * VM/Opcode.h:

2008-10-03  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - "this" object in methods called on primitives should be wrapper object
        https://bugs.webkit.org/show_bug.cgi?id=21362

        I changed things so that functions which use "this" do a fast
        version of toThisObject conversion if needed. Currently we miss
        the conversion entirely, at least for primitive types. Using
        TypeInfo and the primitive check, I made the fast case bail out
        pretty fast.
        
        This is inexplicably an 1.007x SunSpider speedup (and a wash on V8 benchmarks).
     
        Also renamed some opcodes for clarity:
        
        init ==> enter
        init_activation ==> enter_with_activation
        
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::generate):
        (JSC::CodeGenerator::CodeGenerator):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_convert_this):
        * VM/Machine.h:
        * VM/Opcode.h:
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::JSActivation):
        * kjs/JSActivation.h:
        (JSC::JSActivation::createStructureID):
        * kjs/JSCell.h:
        (JSC::JSValue::needsThisConversion):
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * kjs/JSGlobalData.h:
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::createStructureID):
        * kjs/JSStaticScopeObject.h:
        (JSC::JSStaticScopeObject::JSStaticScopeObject):
        (JSC::JSStaticScopeObject::createStructureID):
        * kjs/JSString.h:
        (JSC::JSString::createStructureID):
        * kjs/JSValue.h:
        * kjs/TypeInfo.h:
        (JSC::TypeInfo::needsThisConversion):
        * kjs/nodes.h:
        (JSC::ScopeNode::usesThis):

2008-10-03  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21356: The size of the RegisterFile differs depending on 32-bit / 64-bit and Debug / Release
        <https://bugs.webkit.org/show_bug.cgi?id=21356>

        The RegisterFile decreases in size (measured in terms of numbers of
        Registers) as the size of a Register increases. This causes

            js1_5/Regress/regress-159334.js

        to fail in 64-bit debug builds. This fix makes the RegisterFile on all
        platforms the same size that it is in 32-bit Release builds.

        * VM/RegisterFile.h:
        (JSC::RegisterFile::RegisterFile):

2008-10-03  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - Some code cleanup to how we handle code features.
        
        1) Rename FeatureInfo typedef to CodeFeatures.
        2) Rename NodeFeatureInfo template to NodeInfo.
        3) Keep CodeFeature bitmask in ScopeNode instead of trying to break it out into individual bools.
        4) Rename misleadingly named "needsClosure" method to "containsClosures", which better describes the meaning
        of ClosureFeature.
        5) Make setUsersArguments() not take an argument since it only goes one way.

        * JavaScriptCore.exp:
        * VM/CodeBlock.h:
        (JSC::CodeBlock::CodeBlock):
        * kjs/NodeInfo.h:
        * kjs/Parser.cpp:
        (JSC::Parser::didFinishParsing):
        * kjs/Parser.h:
        (JSC::Parser::parse):
        * kjs/grammar.y:
        * kjs/nodes.cpp:
        (JSC::ScopeNode::ScopeNode):
        (JSC::ProgramNode::ProgramNode):
        (JSC::ProgramNode::create):
        (JSC::EvalNode::EvalNode):
        (JSC::EvalNode::create):
        (JSC::FunctionBodyNode::FunctionBodyNode):
        (JSC::FunctionBodyNode::create):
        * kjs/nodes.h:
        (JSC::ScopeNode::usesEval):
        (JSC::ScopeNode::containsClosures):
        (JSC::ScopeNode::usesArguments):
        (JSC::ScopeNode::setUsesArguments):

2008-10-03  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
        <https://bugs.webkit.org/show_bug.cgi?id=21343>

        A fix was landed for this issue in r37253, and the ChangeLog assumes
        that it is a compiler bug, but it turns out that it is a subtle issue
        with mixing signed and unsigned 32-bit values in a 64-bit environment.
        In order to properly fix this bug, we should convert our signed offsets
        into the register file to use ptrdiff_t.

        This may not be the only instance of this issue, but I will land this
        fix first and look for more later.

        * VM/Machine.cpp:
        (JSC::Machine::getArgumentsData):
        * VM/Machine.h:
        * kjs/Arguments.cpp:
        (JSC::Arguments::getOwnPropertySlot):
        * kjs/Arguments.h:
        (JSC::Arguments::init):

2008-10-03  Darin Adler  <darin@apple.com>

        * VM/CTI.cpp: Another Windows build fix. Change the args of ctiTrampoline.

        * kjs/JSNumberCell.h: A build fix for newer versions of gcc. Added
        declarations of JSGlobalData overloads of jsNumberCell.

2008-10-03  Darin Adler  <darin@apple.com>

        - try to fix Windows build

        * kjs/ScopeChain.h: Add forward declaration of JSGlobalData.

2008-10-03  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        - next step of https://bugs.webkit.org/show_bug.cgi?id=21295
          Turn ExecState into a call frame pointer.

        Remove m_globalObject and m_globalData from ExecState.

        SunSpider says this is a wash (slightly faster but not statistically
        significant); which is good enough since it's a preparation step and
        not supposed to be a spedup.

        * API/JSCallbackFunction.cpp:
        (JSC::JSCallbackFunction::JSCallbackFunction):
        * kjs/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        * kjs/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        * kjs/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * kjs/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * kjs/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * kjs/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        * kjs/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * kjs/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        * kjs/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        * kjs/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * kjs/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * kjs/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        Pass JSGlobalData* instead of ExecState* to the InternalFunction
        constructor.

        * API/OpaqueJSString.cpp: Added now-needed include.

        * JavaScriptCore.exp: Updated.

        * VM/CTI.cpp:
        (JSC::CTI::emitSlowScriptCheck): Changed to use ARGS_globalData
        instead of ARGS_exec.

        * VM/CTI.h: Added a new argument to the CTI, the global data pointer.
        While it's possible to get to the global data pointer using the
        ExecState pointer, it's slow enough that it's better to just keep
        it around in the CTI arguments.

        * VM/CodeBlock.h: Moved the CodeType enum here from ExecState.h.

        * VM/Machine.cpp:
        (JSC::Machine::execute): Pass fewer arguments when constructing
        ExecState, and pass the global data pointer when invoking CTI.
        (JSC::Machine::firstCallFrame): Added. Used to get the dynamic global
        object, which is in the scope chain of the first call frame.
        (JSC::Machine::cti_op_add): Use globalData instead of exec when
        possible, to keep fast cases fast, since it's now more expensive to
        get to it through the exec pointer.
        (JSC::Machine::cti_timeout_check): Ditto.
        (JSC::Machine::cti_op_put_by_id_second): Ditto.
        (JSC::Machine::cti_op_get_by_id_second): Ditto.
        (JSC::Machine::cti_op_mul): Ditto.
        (JSC::Machine::cti_vm_compile): Ditto.
        (JSC::Machine::cti_op_get_by_val): Ditto.
        (JSC::Machine::cti_op_sub): Ditto.
        (JSC::Machine::cti_op_put_by_val): Ditto.
        (JSC::Machine::cti_op_put_by_val_array): Ditto.
        (JSC::Machine::cti_op_negate): Ditto.
        (JSC::Machine::cti_op_div): Ditto.
        (JSC::Machine::cti_op_pre_dec): Ditto.
        (JSC::Machine::cti_op_post_inc): Ditto.
        (JSC::Machine::cti_op_lshift): Ditto.
        (JSC::Machine::cti_op_bitand): Ditto.
        (JSC::Machine::cti_op_rshift): Ditto.
        (JSC::Machine::cti_op_bitnot): Ditto.
        (JSC::Machine::cti_op_mod): Ditto.
        (JSC::Machine::cti_op_post_dec): Ditto.
        (JSC::Machine::cti_op_urshift): Ditto.
        (JSC::Machine::cti_op_bitxor): Ditto.
        (JSC::Machine::cti_op_bitor): Ditto.
        (JSC::Machine::cti_op_call_eval): Ditto.
        (JSC::Machine::cti_op_throw): Ditto.
        (JSC::Machine::cti_op_is_string): Ditto.
        (JSC::Machine::cti_op_debug): Ditto.
        (JSC::Machine::cti_vm_throw): Ditto.

        * VM/Machine.h: Added firstCallFrame.

        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate): Pass fewer arguments when
        constructing ExecState.

        * kjs/ExecState.cpp: Deleted contents. Later we'll remove the
        file altogether.

        * kjs/ExecState.h: Removed m_globalObject and m_globalData.
        Moved CodeType into another header.
        (JSC::ExecState::ExecState): Take only a single argument, a
        call frame pointer.
        (JSC::ExecState::dynamicGlobalObject): Get the object from
        the first call frame since it's no longer stored.
        (JSC::ExecState::globalData): Get the global data from the
        scope chain, since we no longer store a pointer to it here.
        (JSC::ExecState::identifierTable): Ditto.
        (JSC::ExecState::propertyNames): Ditto.
        (JSC::ExecState::emptyList): Ditto.
        (JSC::ExecState::lexer): Ditto.
        (JSC::ExecState::parser): Ditto.
        (JSC::ExecState::machine): Ditto.
        (JSC::ExecState::arrayTable): Ditto.
        (JSC::ExecState::dateTable): Ditto.
        (JSC::ExecState::mathTable): Ditto.
        (JSC::ExecState::numberTable): Ditto.
        (JSC::ExecState::regExpTable): Ditto.
        (JSC::ExecState::regExpConstructorTable): Ditto.
        (JSC::ExecState::stringTable): Ditto.
        (JSC::ExecState::heap): Ditto.

        * kjs/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor): Pass
        JSGlobalData* instead of ExecState* to the InternalFunction
        constructor.
        (JSC::constructFunction): Pass the global data pointer when
        constructing a new scope chain.

        * kjs/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction): Take a JSGlobalData*
        instead of an ExecState*. Later we can change more places to
        work this way -- it's more efficient to take the type you need
        since the caller might already have it.
        * kjs/InternalFunction.h: Ditto.

        * kjs/JSCell.h:
        (JSC::JSCell::operator new): Added an overload that takes a
        JSGlobalData*