<https://bugs.webkit.org/show_bug.cgi?id=23049> [jsfunfuzz] With blocks do not correc...

[WebKit-https.git] / JavaScriptCore / ChangeLog

2008-12-30  Oliver Hunt  <oliver@apple.com>

        Reviewed by Darin Adler.

        <https://bugs.webkit.org/show_bug.cgi?id=23049> [jsfunfuzz] With blocks do not correctly protect their scope object
        <rdar://problem/6469742> Crash in JSC::TypeInfo::hasStandardGetOwnPropertySlot() running jsfunfuzz

        The problem that caused this was that with nodes were not correctly protecting
        the final object that was placed in the scope chain.  We correct this by forcing
        the use of a temporary register (which stops us relying on a local register
        protecting the scope) and changing the behaviour of op_push_scope so that it
        will store the final scope object.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitPushScope):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        (JSC::Interpreter::cti_op_push_scope):
        * interpreter/Interpreter.h:
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        * parser/Nodes.cpp:
        (JSC::WithNode::emitBytecode):

2008-12-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Sam Weinig.

        Bug 23037: Parsing and reparsing disagree on automatic semicolon insertion
        <https://bugs.webkit.org/show_bug.cgi?id=23037>
        <rdar://problem/6467124>

        Parsing and reparsing disagree about automatic semicolon insertion, so that a
        function like

        function() { a = 1, }

        is parsed as being syntactically valid but gets a syntax error upon reparsing.
        This leads to an assertion failure in Parser::reparse(). It is not that big of
        an issue in practice, because in a Release build such a function will return
        'undefined' when called.

        In this case, we are not following the spec and it should be a syntax error.
        However, unless there is a newline separating the ',' and the '}', WebKit would
        not treat it as a syntax error in the past either. It would be a bit of work to
        make the automatic semicolon insertion match the spec exactly, so this patch
        changes it to match our past behaviour.

        The problem is that even during reparsing, the Lexer adds a semicolon at the
        end of the input, which confuses allowAutomaticSemicolon(), because it is
        expecting either a '}', the end of input, or a terminator like a newline.

        * parser/Lexer.cpp:
        (JSC::Lexer::Lexer): Initialize m_isReparsing to false.
        (JSC::Lexer::lex): Do not perform automatic semicolon insertion in the Lexer if
        we are in the middle of reparsing.
        (JSC::Lexer::clear): Set m_isReparsing to false.
        * parser/Lexer.h:
        (JSC::Lexer::setIsReparsing): Added.
        * parser/Parser.cpp:
        (JSC::Parser::reparse): Call Lexer::setIsReparsing() to notify the Lexer of
        reparsing.

2008-12-29  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Yet another attempt to fix Tiger.

        * wtf/RandomNumber.cpp:
        (WTF::randomNumber):

2008-12-29  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Tiger build fix (correct this time)

        * wtf/RandomNumber.cpp:

2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Rubber-stamped by Alexey Proskuryakov.

        Revert r39509, because kjsyydebug is used in the generated code if YYDEBUG is 1.

        * parser/Grammar.y:

2008-12-29  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Tiger build fix.

        * wtf/RandomNumber.cpp:

2008-12-29  Oliver Hunt  <oliver@apple.com>

        Reviewed by Mark Rowe.

        <rdar://problem/6358108> Insecure randomness in Math.random() leads to user tracking

        Switch to arc4random on PLATFORM(DARWIN), this is ~1.5x slower than random(), but the
        it is still so fast that there is no fathomable way it could be a bottleneck for anything.

        randomNumber is called in two places
          * During form submission where it is called once per form
          * Math.random in JSC.  For this difference to show up you have to be looping on
            a cached local copy of random, for a large (>10000) calls.

        No change in SunSpider.

        * wtf/RandomNumber.cpp:
        (WTF::randomNumber):
        * wtf/RandomNumberSeed.h:
        (WTF::initializeRandomNumberGenerator):

2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Rubber-stamped by Sam Weinig.

        Remove unused kjsyydebug #define.

        * parser/Grammar.y:

2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt and Sam Weinig.

        Bug 23029: REGRESSION (r39337): jsfunfuzz generates identical test files
        <https://bugs.webkit.org/show_bug.cgi?id=23029>
        <rdar://problem/6469185>

        The unification of random number generation in r39337 resulted in random()
        being initialized on Darwin, but rand() actually being used. Fix this by
        making randomNumber() use random() instead of rand() on Darwin.

        * wtf/RandomNumber.cpp:
        (WTF::randomNumber):

2008-12-29  Sam Weinig  <sam@webkit.org>

        Fix buildbots.

        * runtime/Structure.cpp:

2008-12-29  Sam Weinig  <sam@webkit.org>

        Reviewed by Oliver Hunt.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=23026
        Move the deleted offsets vector into the PropertyMap

        Saves 3 words per Structure.

        * runtime/PropertyMapHashTable.h:
        * runtime/Structure.cpp:
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::changePrototypeTransition):
        (JSC::Structure::getterSetterTransition):
        (JSC::Structure::toDictionaryTransition):
        (JSC::Structure::fromDictionaryTransition):
        (JSC::Structure::copyPropertyTable):
        (JSC::Structure::put):
        (JSC::Structure::remove):
        (JSC::Structure::rehashPropertyMapHashTable):
        * runtime/Structure.h:
        (JSC::Structure::propertyStorageSize):

2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt.

        Change code using m_body.get() as a boolean to take advantage of the 
        implicit conversion of RefPtr to boolean.

        * runtime/JSFunction.cpp:
        (JSC::JSFunction::~JSFunction):

2008-12-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt.

        Bug 22840: REGRESSION (r38349): Gmail doesn't load with profiling enabled
        <https://bugs.webkit.org/show_bug.cgi?id=22840>
        <rdar://problem/6468077>

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitNewArray): Add an assertion that the range
        of registers passed to op_new_array is sequential.
        (JSC::BytecodeGenerator::emitCall): Correct the relocation of registers
        when emitting profiler hooks so that registers aren't leaked. Also, add
        an assertion that the 'this' register is always ref'd (because it is),
        remove the needless protection of the 'this' register when relocating,
        and add an assertion that the range of registers passed to op_call for
        function call arguments is sequential.
        (JSC::BytecodeGenerator::emitConstruct): Correct the relocation of
        registers when emitting profiler hooks so that registers aren't leaked.
        Also, add an assertion that the range of registers passed to op_construct
        for function call arguments is sequential.

2008-12-26  Mark Rowe  <mrowe@apple.com>

        Reviewed by Alexey Proskuryakov.

        <rdar://problem/6467376> Race condition in WTF::currentThread can lead to a thread using two different identifiers during its lifetime

        If a newly-created thread calls WTF::currentThread() before WTF::createThread calls establishIdentifierForPthreadHandle
        then more than one identifier will be used for the same thread.  We can avoid this by adding some extra synchronization
        during thread creation that delays the execution of the thread function until the thread identifier has been set up, and
        an assertion to catch this problem should it reappear in the future.

        * wtf/Threading.cpp: Added.
        (WTF::NewThreadContext::NewThreadContext):
        (WTF::threadEntryPoint):
        (WTF::createThread): Add cross-platform createThread function that delays the execution of the thread function until
        after the thread identifier has been set up.
        * wtf/Threading.h:
        * wtf/ThreadingGtk.cpp:
        (WTF::establishIdentifierForThread):
        (WTF::createThreadInternal):
        * wtf/ThreadingNone.cpp:
        (WTF::createThreadInternal):
        * wtf/ThreadingPthreads.cpp:
        (WTF::establishIdentifierForPthreadHandle):
        (WTF::createThreadInternal):
        * wtf/ThreadingQt.cpp:
        (WTF::identifierByQthreadHandle):
        (WTF::establishIdentifierForThread):
        (WTF::createThreadInternal):
        * wtf/ThreadingWin.cpp:
        (WTF::storeThreadHandleByIdentifier):
        (WTF::createThreadInternal):

        Add Threading.cpp to the build.

        * GNUmakefile.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.scons:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * JavaScriptCoreSources.bkl:

2008-12-26  Sam Weinig  <sam@webkit.org>

        Reviewed by Alexey Proskuryakov.

        Remove unused method.

        * runtime/Structure.h: Remove mutableTypeInfo.

2008-12-22  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Fix rounding / bounds / signed comparison bug in ExecutableAllocator.

        ExecutableAllocator::alloc assumed that m_freePtr would be aligned.  This was
        not always true, since the first allocation from an additional pool would not
        be rounded up.  Subsequent allocations would be unaligned, and too much memory
        could be erroneously allocated from the pool, when the size requested was
        available, but the size rounded up to word granularity was not available in the
        pool.  This may result in the value of m_freePtr being greater than m_end.

        Under these circumstances, the unsigned check for space will always pass,
        resulting in pointers to memory outside of the arena being returned, and
        ultimately segfaulty goodness when attempting to memcpy the hot freshly jitted
        code from the AssemblerBuffer.

        https://bugs.webkit.org/show_bug.cgi?id=22974
        ... and probably many, many more.

        * jit/ExecutableAllocator.h:
        (JSC::ExecutablePool::alloc):
        (JSC::ExecutablePool::roundUpAllocationSize):
        (JSC::ExecutablePool::ExecutablePool):
        (JSC::ExecutablePool::poolAllocate):

2008-12-22  Sam Weinig  <sam@webkit.org>

        Reviewed by Gavin Barraclough.

        Rename all uses of the term "repatch" to "patch".

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::DataLabelPtr::patch):
        (JSC::MacroAssembler::DataLabel32::patch):
        (JSC::MacroAssembler::Jump::patch):
        (JSC::MacroAssembler::PatchBuffer::PatchBuffer):
        (JSC::MacroAssembler::PatchBuffer::setPtr):
        (JSC::MacroAssembler::loadPtrWithAddressOffsetPatch):
        (JSC::MacroAssembler::storePtrWithAddressOffsetPatch):
        (JSC::MacroAssembler::storePtrWithPatch):
        (JSC::MacroAssembler::jnePtrWithPatch):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::patchAddress):
        (JSC::X86Assembler::patchImmediate):
        (JSC::X86Assembler::patchPointer):
        (JSC::X86Assembler::patchBranchOffset):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::tryCTICachePutByID):
        (JSC::Interpreter::tryCTICacheGetByID):
        (JSC::Interpreter::cti_op_put_by_id):
        (JSC::Interpreter::cti_op_get_by_id):
        (JSC::Interpreter::cti_op_get_by_id_self_fail):
        (JSC::Interpreter::cti_op_get_by_id_proto_list):
        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
        * jit/JIT.cpp:
        (JSC::ctiPatchCallByReturnAddress):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompile):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        * jit/JITCall.cpp:
        (JSC::JIT::unlinkCall):
        (JSC::JIT::linkCall):
        (JSC::JIT::compileOpCall):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::compilePutByIdSlowCase):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::patchGetByIdSelf):
        (JSC::JIT::patchPutByIdReplace):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        (JSC::JIT::privateCompileGetByIdSelf):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdSelfList):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):
        (JSC::JIT::privateCompilePutByIdReplace):

2008-12-22  Adam Roben  <aroben@apple.com>

        Build fix after r39428

        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallSlowCase): Added a missing MacroAssembler::

2008-12-22  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>

        Rubber-stamped by George Staikos.

        Unify all TorchMobile copyright lines. Consolidate in a single line, as requested by Mark Rowe, some time ago.

        * wtf/RandomNumber.cpp:
        * wtf/RandomNumber.h:
        * wtf/RandomNumberSeed.h:

2008-12-21  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>

        Rubber-stamped by George Staikos.

        Fix copyright of the new RandomNumber* files.

        * wtf/RandomNumber.cpp:
        * wtf/RandomNumber.h:
        * wtf/RandomNumberSeed.h:

2008-12-21  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt & Cameron Zwarich.

        Add support for call and property access repatching on x86-64.

        No change in performance on current configurations (2x impovement on v8-tests with JIT enabled on x86-64).

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::DataLabelPtr::repatch):
        (JSC::MacroAssembler::DataLabelPtr::operator X86Assembler::JmpDst):
        (JSC::MacroAssembler::DataLabel32::repatch):
        (JSC::MacroAssembler::RepatchBuffer::addressOf):
        (JSC::MacroAssembler::add32):
        (JSC::MacroAssembler::sub32):
        (JSC::MacroAssembler::loadPtrWithAddressOffsetRepatch):
        (JSC::MacroAssembler::storePtrWithAddressOffsetRepatch):
        (JSC::MacroAssembler::jePtr):
        (JSC::MacroAssembler::jnePtr):
        (JSC::MacroAssembler::jnePtrWithRepatch):
        (JSC::MacroAssembler::differenceBetween):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::addl_im):
        (JSC::X86Assembler::subl_im):
        (JSC::X86Assembler::cmpl_rm):
        (JSC::X86Assembler::movq_rm_disp32):
        (JSC::X86Assembler::movq_mr_disp32):
        (JSC::X86Assembler::repatchPointer):
        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp32):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        * jit/JITCall.cpp:
        (JSC::JIT::unlinkCall):
        (JSC::JIT::linkCall):
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITInlineMethods.h:
        (JSC::JIT::restoreArgumentReferenceForTrampoline):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::compilePutByIdSlowCase):
        (JSC::resizePropertyStorage):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):
        * wtf/Platform.h:

2008-12-20  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Port optimized property access generation to the MacroAssembler.

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::AbsoluteAddress::AbsoluteAddress):
        (JSC::MacroAssembler::DataLabelPtr::repatch):
        (JSC::MacroAssembler::DataLabel32::DataLabel32):
        (JSC::MacroAssembler::DataLabel32::repatch):
        (JSC::MacroAssembler::Label::operator X86Assembler::JmpDst):
        (JSC::MacroAssembler::Jump::repatch):
        (JSC::MacroAssembler::JumpList::empty):
        (JSC::MacroAssembler::RepatchBuffer::link):
        (JSC::MacroAssembler::add32):
        (JSC::MacroAssembler::and32):
        (JSC::MacroAssembler::sub32):
        (JSC::MacroAssembler::loadPtrWithAddressRepatch):
        (JSC::MacroAssembler::storePtrWithAddressRepatch):
        (JSC::MacroAssembler::push):
        (JSC::MacroAssembler::ja32):
        (JSC::MacroAssembler::jePtr):
        (JSC::MacroAssembler::jnePtr):
        (JSC::MacroAssembler::jnePtrWithRepatch):
        (JSC::MacroAssembler::align):
        (JSC::MacroAssembler::differenceBetween):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::movl_rm_disp32):
        (JSC::X86Assembler::movl_mr_disp32):
        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp32):
        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
        * jit/JIT.cpp:
        (JSC::ctiRepatchCallByReturnAddress):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompile):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::compilePutByIdSlowCase):
        (JSC::resizePropertyStorage):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::patchGetByIdSelf):
        (JSC::JIT::patchPutByIdReplace):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        (JSC::JIT::privateCompileGetByIdSelf):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdSelfList):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):
        (JSC::JIT::privateCompilePutByIdReplace):
        * wtf/RefCounted.h:
        (WTF::RefCountedBase::addressOfCount):

2008-12-19  Gustavo Noronha Silva  <gns@gnome.org>

        Reviewed by Holger Freyther.

        https://bugs.webkit.org/show_bug.cgi?id=22686

        Added file which was missing to the javascriptcore_sources
        variable, so that it shows up in the tarball created by `make
        dist'.

        * GNUmakefile.am:

2008-12-19  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Antti Koivisto.

        Build fix when building JS API tests with a c89 c compiler

        Do not use C++ style comments and convert them to C comments.

        * wtf/Platform.h:

2008-12-18  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Same as last revision, adding cases for pre & post inc & dec.

        https://bugs.webkit.org/show_bug.cgi?id=22928

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):

2008-12-18  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Fixes for the JIT's handling of JSImmediate values on x86-64.
        On 64-bit systems, the code in JSImmediate.h relies on the upper
        bits of a JSImmediate being a sign extension of the low 32-bits.
        This was not being enforced by the JIT, since a number of inline
        operations were being performed on 32-bit values in registers, and
        when a 32-bit result is written to a register on x86-64 the value
        is zero-extended to 64-bits.
        
        This fix honors previous behavoir.  A better fix in the long run
        (when the JIT is enabled by default) may be to change JSImmediate.h
        so it no longer relies on the upper bits of the pointer,... though
        if we're going to change JSImmediate.h for 64-bit, we probably may
        as well change the format so that the full range of 32-bit ints can
        be stored, rather than just 31-bits.

        https://bugs.webkit.org/show_bug.cgi?id=22925

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::addPtr):
        (JSC::MacroAssembler::andPtr):
        (JSC::MacroAssembler::orPtr):
        (JSC::MacroAssembler::or32):
        (JSC::MacroAssembler::xor32):
        (JSC::MacroAssembler::xorPtr):
        (JSC::MacroAssembler::signExtend32ToPtr):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::andq_rr):
        (JSC::X86Assembler::andq_ir):
        (JSC::X86Assembler::orq_rr):
        (JSC::X86Assembler::xorq_ir):
        (JSC::X86Assembler::movsxd_rr):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitFastArithReTagImmediate):
        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
        (JSC::JIT::emitFastArithImmToInt):

2008-12-18  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Just a tidy up - rename & refactor some the #defines configuring the JIT.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::cti_op_convert_this):
        (JSC::Interpreter::cti_op_end):
        (JSC::Interpreter::cti_op_add):
        (JSC::Interpreter::cti_op_pre_inc):
        (JSC::Interpreter::cti_timeout_check):
        (JSC::Interpreter::cti_register_file_check):
        (JSC::Interpreter::cti_op_loop_if_less):
        (JSC::Interpreter::cti_op_loop_if_lesseq):
        (JSC::Interpreter::cti_op_new_object):
        (JSC::Interpreter::cti_op_put_by_id_generic):
        (JSC::Interpreter::cti_op_get_by_id_generic):
        (JSC::Interpreter::cti_op_put_by_id):
        (JSC::Interpreter::cti_op_put_by_id_second):
        (JSC::Interpreter::cti_op_put_by_id_fail):
        (JSC::Interpreter::cti_op_get_by_id):
        (JSC::Interpreter::cti_op_get_by_id_second):
        (JSC::Interpreter::cti_op_get_by_id_self_fail):
        (JSC::Interpreter::cti_op_get_by_id_proto_list):
        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
        (JSC::Interpreter::cti_op_get_by_id_array_fail):
        (JSC::Interpreter::cti_op_get_by_id_string_fail):
        (JSC::Interpreter::cti_op_instanceof):
        (JSC::Interpreter::cti_op_del_by_id):
        (JSC::Interpreter::cti_op_mul):
        (JSC::Interpreter::cti_op_new_func):
        (JSC::Interpreter::cti_op_call_JSFunction):
        (JSC::Interpreter::cti_op_call_arityCheck):
        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
        (JSC::Interpreter::cti_vm_lazyLinkCall):
        (JSC::Interpreter::cti_op_push_activation):
        (JSC::Interpreter::cti_op_call_NotJSFunction):
        (JSC::Interpreter::cti_op_create_arguments):
        (JSC::Interpreter::cti_op_create_arguments_no_params):
        (JSC::Interpreter::cti_op_tear_off_activation):
        (JSC::Interpreter::cti_op_tear_off_arguments):
        (JSC::Interpreter::cti_op_profile_will_call):
        (JSC::Interpreter::cti_op_profile_did_call):
        (JSC::Interpreter::cti_op_ret_scopeChain):
        (JSC::Interpreter::cti_op_new_array):
        (JSC::Interpreter::cti_op_resolve):
        (JSC::Interpreter::cti_op_construct_JSConstruct):
        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
        (JSC::Interpreter::cti_op_get_by_val):
        (JSC::Interpreter::cti_op_resolve_func):
        (JSC::Interpreter::cti_op_sub):
        (JSC::Interpreter::cti_op_put_by_val):
        (JSC::Interpreter::cti_op_put_by_val_array):
        (JSC::Interpreter::cti_op_lesseq):
        (JSC::Interpreter::cti_op_loop_if_true):
        (JSC::Interpreter::cti_op_negate):
        (JSC::Interpreter::cti_op_resolve_base):
        (JSC::Interpreter::cti_op_resolve_skip):
        (JSC::Interpreter::cti_op_resolve_global):
        (JSC::Interpreter::cti_op_div):
        (JSC::Interpreter::cti_op_pre_dec):
        (JSC::Interpreter::cti_op_jless):
        (JSC::Interpreter::cti_op_not):
        (JSC::Interpreter::cti_op_jtrue):
        (JSC::Interpreter::cti_op_post_inc):
        (JSC::Interpreter::cti_op_eq):
        (JSC::Interpreter::cti_op_lshift):
        (JSC::Interpreter::cti_op_bitand):
        (JSC::Interpreter::cti_op_rshift):
        (JSC::Interpreter::cti_op_bitnot):
        (JSC::Interpreter::cti_op_resolve_with_base):
        (JSC::Interpreter::cti_op_new_func_exp):
        (JSC::Interpreter::cti_op_mod):
        (JSC::Interpreter::cti_op_less):
        (JSC::Interpreter::cti_op_neq):
        (JSC::Interpreter::cti_op_post_dec):
        (JSC::Interpreter::cti_op_urshift):
        (JSC::Interpreter::cti_op_bitxor):
        (JSC::Interpreter::cti_op_new_regexp):
        (JSC::Interpreter::cti_op_bitor):
        (JSC::Interpreter::cti_op_call_eval):
        (JSC::Interpreter::cti_op_throw):
        (JSC::Interpreter::cti_op_get_pnames):
        (JSC::Interpreter::cti_op_next_pname):
        (JSC::Interpreter::cti_op_push_scope):
        (JSC::Interpreter::cti_op_pop_scope):
        (JSC::Interpreter::cti_op_typeof):
        (JSC::Interpreter::cti_op_is_undefined):
        (JSC::Interpreter::cti_op_is_boolean):
        (JSC::Interpreter::cti_op_is_number):
        (JSC::Interpreter::cti_op_is_string):
        (JSC::Interpreter::cti_op_is_object):
        (JSC::Interpreter::cti_op_is_function):
        (JSC::Interpreter::cti_op_stricteq):
        (JSC::Interpreter::cti_op_nstricteq):
        (JSC::Interpreter::cti_op_to_jsnumber):
        (JSC::Interpreter::cti_op_in):
        (JSC::Interpreter::cti_op_push_new_scope):
        (JSC::Interpreter::cti_op_jmp_scopes):
        (JSC::Interpreter::cti_op_put_by_index):
        (JSC::Interpreter::cti_op_switch_imm):
        (JSC::Interpreter::cti_op_switch_char):
        (JSC::Interpreter::cti_op_switch_string):
        (JSC::Interpreter::cti_op_del_by_val):
        (JSC::Interpreter::cti_op_put_getter):
        (JSC::Interpreter::cti_op_put_setter):
        (JSC::Interpreter::cti_op_new_error):
        (JSC::Interpreter::cti_op_debug):
        (JSC::Interpreter::cti_vm_throw):
        * interpreter/Interpreter.h:
        * jit/JIT.cpp:
        (JSC::):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        * jit/JITInlineMethods.h:
        (JSC::JIT::restoreArgumentReference):
        (JSC::JIT::restoreArgumentReferenceForTrampoline):
        * wtf/Platform.h:

2008-12-18  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Geoff Garen.

        Bug 21855: REGRESSION (r37323): Gmail complains about popup blocking when opening a link
        <https://bugs.webkit.org/show_bug.cgi?id=21855>
        <rdar://problem/6278244>

        Move DynamicGlobalObjectScope to JSGlobalObject.h so that it can be used
        from WebCore.

        * interpreter/Interpreter.cpp:
        * runtime/JSGlobalObject.h:
        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):

2008-12-17  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Gavin Barraclough.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=22393
        Segfault when caching property accesses to primitive cells.
        
        Changed some asObject casts to asCell casts in cases where a primitive
        value may be a cell and not an object.
        
        Re-enabled property caching for primitives in cases where it had been
        disabled because of this bug.
        
        Updated a comment to better explain something Darin thought needed
        explaining in an old patch review.

        * interpreter/Interpreter.cpp:
        (JSC::countPrototypeChainEntriesAndCheckForProxies):
        (JSC::Interpreter::tryCacheGetByID):
        (JSC::Interpreter::tryCTICacheGetByID):
        (JSC::Interpreter::cti_op_get_by_id_self_fail):
        (JSC::Interpreter::cti_op_get_by_id_proto_list):

2008-12-17  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Fixes for Sunspider failures with the JIT enabled on x86-64.

        * assembler/MacroAssembler.h:
            Switch the order of the RegisterID & Address form of je32, to keep it consistent with jne32.
        * jit/JIT.cpp:
        * jit/JIT.h:
        * jit/JITInlineMethods.h:
            Port the m_ctiVirtualCall tramopline generation to use the MacroAssembler interface.
        * jit/JITCall.cpp:
            Fix bug in the non-optimizing code path, vptr check should have been to the memory address pointer
            to by the register, not to the register itself.
        * wrec/WRECGenerator.cpp:
            See assembler/MacroAssembler.h, above.

2008-12-17  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        print("Hello, 64-bit jitted world!");
        Get hello-world working through the JIT, on x86-64.

        * assembler/X86Assembler.h:
            Fix encoding of opcode + RegisterID format instructions for 64-bit.
        * interpreter/Interpreter.cpp:
        * interpreter/Interpreter.h:
            Make VoidPtrPair actually be a pair of void*s.
            (Possibly should make this change for 32-bit Mac platforms, too - but won't change 32-bit behaviour in this patch).
        * jit/JIT.cpp:
        * jit/JIT.h:
            Provide names for the timeoutCheckRegister & callFrameRegister on x86-64,
            force x86-64 ctiTrampoline arguments onto the stack,
            implement the asm trampolines for x86-64,
            implement the restoreArgumentReference methods for x86-64 calling conventions.
        * jit/JITCall.cpp:
        * jit/JITInlineMethods.h:
        * wtf/Platform.h:
            Add switch settings to ENABLE(JIT), on PLATFORM(X86_64) (currently still disabled).

2008-12-17  Sam Weinig  <sam@webkit.org>

        Reviewed by Gavin Barraclough.

        Add more CodeBlock statistics.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpStatistics):

2008-12-17  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=22897
        <rdar://problem/6428342>
        Look into feasibility of discarding bytecode after native codegen

        Clear the bytecode Instruction vector at the end JIT generation.

        Saves 4.8 MB on Membuster head.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump): Add logging for the case that someone tries
        to dump the instructions of a CodeBlock that has had its bytecode
        vector cleared.
        (JSC::CodeBlock::CodeBlock): Initialize the instructionCount
        (JSC::CodeBlock::handlerForBytecodeOffset): Use instructionCount instead
        of the size of the instruction vector in the assertion.
        (JSC::CodeBlock::lineNumberForBytecodeOffset): Ditto.
        (JSC::CodeBlock::expressionRangeForBytecodeOffset): Ditto.
        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset): Ditto.
        (JSC::CodeBlock::functionRegisterForBytecodeOffset): Ditto.
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::setInstructionCount): Store the instruction vector size
        in debug builds for assertions.
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::generate):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile): Clear the bytecode vector unless we
        have compiled with Opcode sampling where we will continue to require it

2008-12-17  Cary Clark  <caryclark@google.com>

        Reviewed by Darin Adler.
        Landed by Adam Barth.

        Add ENABLE_TEXT_CARET to permit the ANDROID platform
        to invalidate and draw the caret in a separate thread.

        * wtf/Platform.h:
        Default ENABLE_TEXT_CARET to 1.

2008-12-17  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin Adler.

        Don't use unique context group in JSGlobalContextCreate() on Tiger or Leopard, take two.

        * API/JSContextRef.cpp: The previous patch that claimed to do this was making Tiger and
        Leopard always use unique context group instead.

2008-12-16  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=22838
        Remove dependency on the bytecode Instruction buffer in Interpreter::throwException
        Part of <rdar://problem/6428342>

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::functionRegisterForBytecodeOffset): Added. Function to get
        a function Register index in a callFrame for a bytecode offset.
        (JSC::CodeBlock::shrinkToFit): Shrink m_getByIdExceptionInfo and m_functionRegisterInfos.
        * bytecode/CodeBlock.h:
        (JSC::FunctionRegisterInfo::FunctionRegisterInfo): Added.
        (JSC::CodeBlock::addFunctionRegisterInfo):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitCall):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::throwException): Use functionRegisterForBytecodeOffset in JIT
        mode.

2008-12-16  Sam Weinig  <sam@webkit.org>

        Reviewed by Gavin Barraclough.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=22837
        Remove dependency on the bytecode Instruction buffer in Interpreter::cti_op_call_NotJSFunction
        Part of <rdar://problem/6428342>

        * interpreter/CallFrame.h: Added comment regarding returnPC storing a void*.
        * interpreter/Interpreter.cpp:
        (JSC::bytecodeOffsetForPC): We no longer have any cases of the PC
        being in the instruction stream for JIT, so we can remove the check.
        (JSC::Interpreter::cti_op_call_NotJSFunction): Use the CTI_RETURN_ADDRESS
        as the call frame returnPC as it is only necessary for looking up when
        throwing an exception.
        * interpreter/RegisterFile.h:
        (JSC::RegisterFile::): Added comment regarding returnPC storing a void*.
        * jit/JIT.h: Remove ARG_instr4.
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallSetupArgs): Don't pass the instruction pointer.

2008-12-16  Darin Adler  <darin@apple.com>

        Reviewed and landed by Cameron Zwarich.

        Preparatory work for fixing

        Bug 22887: Make UString::Rep use RefCounted rather than implementing its own ref counting
        <https://bugs.webkit.org/show_bug.cgi?id=22887>

        Change the various string translators used by Identifier:add() so that
        they never zero the ref count of a newly created UString::Rep.

        * runtime/Identifier.cpp:
        (JSC::CStringTranslator::translate):
        (JSC::Identifier::add):
        (JSC::UCharBufferTranslator::translate):

2008-12-16  Gavin Barraclough  <barraclough@apple.com>

        Build fix for 'doze.

        * assembler/AssemblerBuffer.h:

2008-12-16  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Make the JIT compile on x86-64.
        This largely involves populting the missing calls in MacroAssembler.h.
        In addition some reinterpret_casts need removing from the JIT, and the
        repatching property access code will need to be fully compiled out for
        now.  The changes in interpret.cpp are to reorder the functions so that
        the _generic forms come before all other property access methods, and
        then to place all property access methods other than the generic forms
        under control of the ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS macro.

        No performance impact.

        * assembler/AssemblerBuffer.h:
        (JSC::AssemblerBuffer::putInt64Unchecked):
        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::loadPtr):
        (JSC::MacroAssembler::load32):
        (JSC::MacroAssembler::storePtr):
        (JSC::MacroAssembler::storePtrWithRepatch):
        (JSC::MacroAssembler::store32):
        (JSC::MacroAssembler::poke):
        (JSC::MacroAssembler::move):
        (JSC::MacroAssembler::testImm64):
        (JSC::MacroAssembler::jePtr):
        (JSC::MacroAssembler::jnePtr):
        (JSC::MacroAssembler::jnzPtr):
        (JSC::MacroAssembler::jzPtr):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::cmpq_rr):
        (JSC::X86Assembler::cmpq_rm):
        (JSC::X86Assembler::cmpq_im):
        (JSC::X86Assembler::testq_i32m):
        (JSC::X86Assembler::movl_mEAX):
        (JSC::X86Assembler::movl_i32r):
        (JSC::X86Assembler::movl_EAXm):
        (JSC::X86Assembler::movq_rm):
        (JSC::X86Assembler::movq_mEAX):
        (JSC::X86Assembler::movq_mr):
        (JSC::X86Assembler::movq_i64r):
        (JSC::X86Assembler::movl_mr):
        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64):
        (JSC::X86Assembler::X86InstructionFormatter::immediate64):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::cti_op_put_by_id_generic):
        (JSC::Interpreter::cti_op_get_by_id_generic):
        (JSC::Interpreter::cti_op_put_by_id):
        (JSC::Interpreter::cti_op_put_by_id_second):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompile):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallSetupArgs):
        (JSC::JIT::compileOpCall):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compilePutByIdHotPath):
        * runtime/JSImmediate.h:
        (JSC::JSImmediate::makeInt):

2008-12-16  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Darin Adler.

        Bug 22869: REGRESSION (r38407): http://news.cnet.com/8301-13579_3-9953533-37.html crashes
        <https://bugs.webkit.org/show_bug.cgi?id=22869>
        <rdar://problem/6402499>

        Before r38407, Structure::m_nameInPrevious was ref'd due to it being
        stored in a PropertyMap. However, PropertyMaps are created lazily after
        r38407, so Structure::m_nameInPrevious is not necessarily ref'd while
        it is being used. Making it a RefPtr instead of a raw pointer fixes
        the problem.

        Unfortunately, the crash in the bug is rather intermittent, and it is
        impossible to add an assertion in UString::Ref::ref() to catch this bug
        because some users of UString::Rep deliberately zero out the reference
        count. Therefore, there is no layout test accompanying this bug fix.

        * runtime/Structure.cpp:
        (JSC::Structure::~Structure): Use get().
        (JSC::Structure::materializePropertyMap): Use get().
        (JSC::Structure::addPropertyTransitionToExistingStructure): Use get().
        (JSC::Structure::addPropertyTransition): Use get().
        * runtime/Structure.h: Make Structure::m_nameInPrevious a RefPtr instead
        of a raw pointer.

2008-12-16  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>

        Not reviewed. Attempt to fix win build. No 'using namespace WTF' in this file, needs manual WTF:: prefix.
        Not sure why the build works as is here.

        * runtime/MathObject.cpp:
        (JSC::mathProtoFuncRandom):

2008-12-16  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>

        Reviewed by Darin Adler.

        Fixes: https://bugs.webkit.org/show_bug.cgi?id=22876

        Unify random number generation in JavaScriptCore & WebCore, by introducing
        wtf/RandomNumber.h and moving wtf_random/wtf_random_init out of MathExtras.h.

        wtf_random_init() has been renamed to initializeRandomNumberGenerator() and
        lives in it's own private header: wtf/RandomNumberSeed.h, only intended to
        be used from within JavaScriptCore.

        wtf_random() has been renamed to randomNumber() and lives in a public header
        wtf/RandomNumber.h, usable from within JavaScriptCore & WebCore. It encapsulates
        the code taking care of initializing the random number generator (only when
        building without ENABLE(JSC_MULTIPLE_THREADS), otherwhise initializeThreading()
        already took care of that).

        Functional change on darwin: Use random() instead of rand(), as it got a larger
        period (more randomness). HTMLFormElement already contains this implementation
        and I just moved it in randomNumber(), as  special case for PLATFORM(DARWIN).

        * GNUmakefile.am: Add RandomNumber.(cpp/h) / RandomNumberSeed.h.
        * JavaScriptCore.exp: Ditto.
        * JavaScriptCore.pri: Ditto.
        * JavaScriptCore.scons: Ditto.
        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
        * JavaScriptCoreSources.bkl: Ditto.
        * runtime/MathObject.cpp: Use new WTF::randomNumber() functionality.
        (JSC::mathProtoFuncRandom):
        * wtf/MathExtras.h: Move wtf_random / wtf_random_init to new files.
        * wtf/RandomNumber.cpp: Added.
        (WTF::randomNumber):
        * wtf/RandomNumber.h: Added.
        * wtf/RandomNumberSeed.h: Added. Internal usage within JSC only.
        (WTF::initializeRandomNumberGenerator):
        * wtf/ThreadingGtk.cpp: Rename wtf_random_init() to initializeRandomNumberGenerator().
        (WTF::initializeThreading):
        * wtf/ThreadingPthreads.cpp: Ditto.
        (WTF::initializeThreading):
        * wtf/ThreadingQt.cpp: Ditto.
        (WTF::initializeThreading):
        * wtf/ThreadingWin.cpp: Ditto.
        (WTF::initializeThreading):

2008-12-16 Yael Aharon <yael.aharon@nokia.com>

        Reviewed by Tor Arne Vestbø.

        Qt/Win build fix

        * JavaScriptCore.pri:

2008-12-15  Mark Rowe  <mrowe@apple.com>

        Reviewed by Cameron Zwarich.

        Fix the build with GCC 4.0.

        * Configurations/JavaScriptCore.xcconfig:  GCC 4.0 appears to have a bug when compiling with -funwind-tables on,
        so don't use it with that compiler version.

2008-12-15  Mark Rowe  <mrowe@apple.com>

        Rubber-stamped by Cameron Zwarich.

        <rdar://problem/6289933> Change WebKit-related projects to build with GCC 4.2 on Leopard.

        * Configurations/Base.xcconfig:
        * Configurations/DebugRelease.xcconfig:

2008-12-15  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin Adler.

        Don't use unique context group in JSGlobalContextCreate() on Tiger or Leopard.

        * API/JSContextRef.cpp: (JSGlobalContextCreate):

2008-12-15  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin Adler.

        <rdar://problem/6445089> Mach ports leak from worker threads

        * interpreter/Interpreter.cpp: (JSC::getCPUTime):
        Deallocate the thread self port.

2008-12-15  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Mark Rowe.

        Construct stack frames in JIT code, so that backtracing can still work.
        <rdar://problem/6447870> JIT should play nice with attempts to take stack traces

        * jit/JIT.cpp:
        (JSC::):
        (JSC::JIT::privateCompileMainPass):

2008-12-15  Mark Rowe  <mrowe@apple.com>

        Reviewed by Gavin Barraclough.

        <rdar://problem/6402262> JavaScriptCore needs exception handling tables in order to get stack traces without frame pointers

        * Configurations/JavaScriptCore.xcconfig:

2008-12-15  Gavin Barraclough  <barraclough@apple.com>

        Rubber stamped by Mark Rowe.

        Revert r39226 / Bug 22818: Unify JIT callback argument access OS X / Windows
        This causes Acid3 failures – reverting for now & will revisit later.
        https://bugs.webkit.org/show_bug.cgi?id=22873

        * interpreter/Interpreter.h:
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        * jit/JITInlineMethods.h:
        (JSC::JIT::restoreArgumentReference):
        (JSC::JIT::restoreArgumentReferenceForTrampoline):
        (JSC::JIT::emitCTICall_internal):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):
        * wtf/Platform.h:

2008-12-15  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - fix <rdar://problem/6427048> crash due to infinite recursion after setting window.__proto__ = window

        Replaced toGlobalObject with the more generally useful unwrappedObject and used it to
        fix the cycle detection code in put(__proto__).

        * JavaScriptCore.exp: Updated.

        * runtime/JSGlobalObject.cpp: Removed toGlobalObject. We now use unwrappedObject instead.
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::isGlobalObject): Ditto.

        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval): Use unwrappedObject and isGlobalObject here rather than toGlobalObject.

        * runtime/JSObject.cpp:
        (JSC::JSObject::put): Rewrote prototype cycle checking loop. Use unwrappedObject in the loop now.
        (JSC::JSObject::unwrappedObject): Replaced toGlobalObject with this new function.
        * runtime/JSObject.h: More of the same.

2008-12-15  Steve Falkenburg  <sfalken@apple.com>

        Windows build fix.
        
        Visual Studio requires visibility of forward declarations to match class declaration.

        * assembler/X86Assembler.h:

2008-12-15  Gustavo Noronha Silva  <kov@kov.eti.br>

        Reviewed by Mark Rowe.

        https://bugs.webkit.org/show_bug.cgi?id=22686

        GTK+ build fix.

        * GNUmakefile.am:

2008-12-15  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Add support to X86Assembler emitting instructions that access all 16 registers on x86-64.
        Add a new formating class, that is reponsible for both emitting the opcode bytes and the
        ModRm  bytes of an instruction in a single call; this can insert the REX byte as necessary
        before the opcode, but has access to the register numbers to build the REX.

        * assembler/AssemblerBuffer.h:
        (JSC::AssemblerBuffer::isAligned):
        (JSC::AssemblerBuffer::data):
        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::addPtr):
        (JSC::MacroAssembler::add32):
        (JSC::MacroAssembler::and32):
        (JSC::MacroAssembler::or32):
        (JSC::MacroAssembler::sub32):
        (JSC::MacroAssembler::xor32):
        (JSC::MacroAssembler::loadPtr):
        (JSC::MacroAssembler::load32):
        (JSC::MacroAssembler::load16):
        (JSC::MacroAssembler::storePtr):
        (JSC::MacroAssembler::storePtrWithRepatch):
        (JSC::MacroAssembler::store32):
        (JSC::MacroAssembler::pop):
        (JSC::MacroAssembler::push):
        (JSC::MacroAssembler::compareImm32ForBranch):
        (JSC::MacroAssembler::compareImm32ForBranchEquality):
        (JSC::MacroAssembler::testImm32):
        (JSC::MacroAssembler::jae32):
        (JSC::MacroAssembler::jb32):
        (JSC::MacroAssembler::je16):
        (JSC::MacroAssembler::jg32):
        (JSC::MacroAssembler::jnePtr):
        (JSC::MacroAssembler::jne32):
        (JSC::MacroAssembler::jump):
        * assembler/X86Assembler.h:
        (JSC::X86::):
        (JSC::X86Assembler::):
        (JSC::X86Assembler::size):
        (JSC::X86Assembler::push_r):
        (JSC::X86Assembler::pop_r):
        (JSC::X86Assembler::push_i32):
        (JSC::X86Assembler::push_m):
        (JSC::X86Assembler::pop_m):
        (JSC::X86Assembler::addl_rr):
        (JSC::X86Assembler::addl_mr):
        (JSC::X86Assembler::addl_ir):
        (JSC::X86Assembler::addq_ir):
        (JSC::X86Assembler::addl_im):
        (JSC::X86Assembler::andl_rr):
        (JSC::X86Assembler::andl_ir):
        (JSC::X86Assembler::orl_rr):
        (JSC::X86Assembler::orl_mr):
        (JSC::X86Assembler::orl_ir):
        (JSC::X86Assembler::subl_rr):
        (JSC::X86Assembler::subl_mr):
        (JSC::X86Assembler::subl_ir):
        (JSC::X86Assembler::subl_im):
        (JSC::X86Assembler::xorl_rr):
        (JSC::X86Assembler::xorl_ir):
        (JSC::X86Assembler::sarl_i8r):
        (JSC::X86Assembler::sarl_CLr):
        (JSC::X86Assembler::shll_i8r):
        (JSC::X86Assembler::shll_CLr):
        (JSC::X86Assembler::imull_rr):
        (JSC::X86Assembler::imull_i32r):
        (JSC::X86Assembler::idivl_r):
        (JSC::X86Assembler::cmpl_rr):
        (JSC::X86Assembler::cmpl_rm):
        (JSC::X86Assembler::cmpl_mr):
        (JSC::X86Assembler::cmpl_ir):
        (JSC::X86Assembler::cmpl_ir_force32):
        (JSC::X86Assembler::cmpl_im):
        (JSC::X86Assembler::cmpl_im_force32):
        (JSC::X86Assembler::cmpw_rm):
        (JSC::X86Assembler::testl_rr):
        (JSC::X86Assembler::testl_i32r):
        (JSC::X86Assembler::testl_i32m):
        (JSC::X86Assembler::testq_rr):
        (JSC::X86Assembler::testq_i32r):
        (JSC::X86Assembler::testb_i8r):
        (JSC::X86Assembler::sete_r):
        (JSC::X86Assembler::setz_r):
        (JSC::X86Assembler::setne_r):
        (JSC::X86Assembler::setnz_r):
        (JSC::X86Assembler::cdq):
        (JSC::X86Assembler::xchgl_rr):
        (JSC::X86Assembler::movl_rr):
        (JSC::X86Assembler::movl_rm):
        (JSC::X86Assembler::movl_mr):
        (JSC::X86Assembler::movl_i32r):
        (JSC::X86Assembler::movl_i32m):
        (JSC::X86Assembler::movq_rr):
        (JSC::X86Assembler::movq_rm):
        (JSC::X86Assembler::movq_mr):
        (JSC::X86Assembler::movzwl_mr):
        (JSC::X86Assembler::movzbl_rr):
        (JSC::X86Assembler::leal_mr):
        (JSC::X86Assembler::call):
        (JSC::X86Assembler::jmp):
        (JSC::X86Assembler::jmp_r):
        (JSC::X86Assembler::jmp_m):
        (JSC::X86Assembler::jne):
        (JSC::X86Assembler::jnz):
        (JSC::X86Assembler::je):
        (JSC::X86Assembler::jl):
        (JSC::X86Assembler::jb):
        (JSC::X86Assembler::jle):
        (JSC::X86Assembler::jbe):
        (JSC::X86Assembler::jge):
        (JSC::X86Assembler::jg):
        (JSC::X86Assembler::ja):
        (JSC::X86Assembler::jae):
        (JSC::X86Assembler::jo):
        (JSC::X86Assembler::jp):
        (JSC::X86Assembler::js):
        (JSC::X86Assembler::addsd_rr):
        (JSC::X86Assembler::addsd_mr):
        (JSC::X86Assembler::cvtsi2sd_rr):
        (JSC::X86Assembler::cvttsd2si_rr):
        (JSC::X86Assembler::movd_rr):
        (JSC::X86Assembler::movsd_rm):
        (JSC::X86Assembler::movsd_mr):
        (JSC::X86Assembler::mulsd_rr):
        (JSC::X86Assembler::mulsd_mr):
        (JSC::X86Assembler::pextrw_irr):
        (JSC::X86Assembler::subsd_rr):
        (JSC::X86Assembler::subsd_mr):
        (JSC::X86Assembler::ucomis_rr):
        (JSC::X86Assembler::int3):
        (JSC::X86Assembler::ret):
        (JSC::X86Assembler::predictNotTaken):
        (JSC::X86Assembler::label):
        (JSC::X86Assembler::align):
        (JSC::X86Assembler::link):
        (JSC::X86Assembler::executableCopy):
        (JSC::X86Assembler::X86InstructionFormater::prefix):
        (JSC::X86Assembler::X86InstructionFormater::oneByteOp):
        (JSC::X86Assembler::X86InstructionFormater::twoByteOp):
        (JSC::X86Assembler::X86InstructionFormater::oneByteOp64):
        (JSC::X86Assembler::X86InstructionFormater::oneByteOp8):
        (JSC::X86Assembler::X86InstructionFormater::twoByteOp8):
        (JSC::X86Assembler::X86InstructionFormater::instructionImmediate8):
        (JSC::X86Assembler::X86InstructionFormater::instructionImmediate32):
        (JSC::X86Assembler::X86InstructionFormater::instructionRel32):
        (JSC::X86Assembler::X86InstructionFormater::size):
        (JSC::X86Assembler::X86InstructionFormater::isAligned):
        (JSC::X86Assembler::X86InstructionFormater::data):
        (JSC::X86Assembler::X86InstructionFormater::executableCopy):
        (JSC::X86Assembler::X86InstructionFormater::registerModRM):
        (JSC::X86Assembler::X86InstructionFormater::memoryModRM):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompile):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JITArithmetic.cpp:
        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
        (JSC::JIT::compileBinaryArithOp):
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):

2008-12-15  Darin Adler  <darin@apple.com>

        * interpreter/RegisterFile.h: Tweak include formatting.

2008-12-15  Holger Hans Peter Freyther  <zecke@selfish.org>

        Build fix for Gtk+.

        * interpreter/RegisterFile.h: Include stdio.h for fprintf

2008-12-15  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Oliver Hunt.

        <rdar://problem/6444455> Worker Thread crash running multiple workers for a moderate amount of time

        * interpreter/RegisterFile.h: (JSC::RegisterFile::RegisterFile):
        Improve error handling: if mmap fails, crash immediately, and print out the reason.

2008-12-13  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Re-enable WREC on 64-bit.
        Implements one of the MacroAssembler::jnzPtr methods, previously only implemented for 32-bit x86.

        https://bugs.webkit.org/show_bug.cgi?id=22849

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::testImm64):
        (JSC::MacroAssembler::jnzPtr):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::testq_i32r):
        (JSC::X86Assembler::testq_rr):
        * wtf/Platform.h:

2008-12-13  Gavin Barraclough  <barraclough@apple.com>

        Fix PPC builds.

        * assembler/MacroAssembler.h:

2008-12-13  Gavin Barraclough  <barraclough@apple.com>

        Build fix only, no review.

        * bytecode/CodeBlock.h:

2008-12-13  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Port the remainder of the JIT, bar calling convention related code, and code
        implementing optimizations which can be disabled, to use the MacroAssembler.

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::DataLabelPtr::DataLabelPtr):
        (JSC::MacroAssembler::RepatchBuffer::RepatchBuffer):
        (JSC::MacroAssembler::RepatchBuffer::link):
        (JSC::MacroAssembler::RepatchBuffer::addressOf):
        (JSC::MacroAssembler::RepatchBuffer::setPtr):
        (JSC::MacroAssembler::addPtr):
        (JSC::MacroAssembler::lshift32):
        (JSC::MacroAssembler::mod32):
        (JSC::MacroAssembler::rshift32):
        (JSC::MacroAssembler::storePtrWithRepatch):
        (JSC::MacroAssembler::jnzPtr):
        (JSC::MacroAssembler::jzPtr):
        (JSC::MacroAssembler::jump):
        (JSC::MacroAssembler::label):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::xchgl_rr):
        (JSC::X86Assembler::jmp_m):
        (JSC::X86Assembler::repatchAddress):
        (JSC::X86Assembler::getRelocatedAddress):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecode/CodeBlock.h:
        (JSC::JITCodeRef::JITCodeRef):
        (JSC::CodeBlock::setJITCode):
        (JSC::CodeBlock::jitCode):
        (JSC::CodeBlock::executablePool):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileLinkPass):
        (JSC::JIT::privateCompile):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        (JSC::CallRecord::CallRecord):
        (JSC::JumpTable::JumpTable):
        (JSC::JIT::emitCTICall):
        (JSC::JIT::JSRInfo::JSRInfo):
        * jit/JITArithmetic.cpp:
        * jit/JITCall.cpp:
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitNakedCall):
        (JSC::JIT::emitCTICall_internal):
        (JSC::JIT::checkStructure):
        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
        (JSC::JIT::addSlowCase):
        (JSC::JIT::addJump):
        (JSC::JIT::emitJumpSlowToHot):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):

2008-12-12  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Sam Weinig.

        Fix the failures of the following layout tests, which regressed in
        r39255:

        fast/dom/StyleSheet/ownerNode-lifetime-2.html
        fast/xsl/transform-xhr-doc.xhtml

        The binary search in CodeBlock::getByIdExceptionInfoForBytecodeOffset()
        doesn't guarantee that it actually finds a match, so add an explicit check
        for this.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):

2008-12-12  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Replace emitPutCallArg methods with emitPutJITStubArg methods.  Primarily to make the argument numbering
        more sensible (1-based incrementing by 1, rather than 0-based incrementing by 4).  The CTI name also seems
        to be being deprecated from the code generally.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        * jit/JITArithmetic.cpp:
        (JSC::JIT::compileBinaryArithOp):
        (JSC::JIT::compileBinaryArithOpSlowCase):
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallSetupArgs):
        (JSC::JIT::compileOpCallEvalSetupArgs):
        (JSC::JIT::compileOpConstructSetupArgs):
        (JSC::JIT::compileOpCall):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitPutJITStubArg):
        (JSC::JIT::emitPutJITStubArgConstant):
        (JSC::JIT::emitGetJITStubArg):
        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::compilePutByIdSlowCase):

2008-12-12  Gavin Barraclough  <barraclough@apple.com>

        Fix windows builds.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):

2008-12-12  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Remove loop counter 'i' from the JIT generation passes, replace with a member m_bytecodeIndex.

        No impact on performance.

        * jit/JIT.cpp:
        (JSC::JIT::compileOpStrictEq):
        (JSC::JIT::emitSlowScriptCheck):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        (JSC::CallRecord::CallRecord):
        (JSC::JmpTable::JmpTable):
        (JSC::JIT::emitCTICall):
        * jit/JITArithmetic.cpp:
        (JSC::JIT::compileBinaryArithOp):
        (JSC::JIT::compileBinaryArithOpSlowCase):
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitGetVirtualRegister):
        (JSC::JIT::emitGetVirtualRegisters):
        (JSC::JIT::emitNakedCall):
        (JSC::JIT::emitCTICall_internal):
        (JSC::JIT::emitJumpSlowCaseIfJSCell):
        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
        (JSC::JIT::addSlowCase):
        (JSC::JIT::addJump):
        (JSC::JIT::emitJumpSlowToHot):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::compilePutByIdSlowCase):

2008-12-12  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        <rdar://problem/6428342> Look into feasibility of discarding bytecode after native codegen

        Move more JIT functionality to using offsets into the Instruction buffer
        instead of raw pointers. Two to go!

        * interpreter/Interpreter.cpp:
        (JSC::bytecodeOffsetForPC): Rename from vPCForPC.
        (JSC::Interpreter::resolve): Pass offset to exception helper.
        (JSC::Interpreter::resolveSkip): Ditto.
        (JSC::Interpreter::resolveGlobal): Ditto.
        (JSC::Interpreter::resolveBaseAndProperty): Ditto.
        (JSC::Interpreter::resolveBaseAndFunc): Ditto.
        (JSC::isNotObject): Ditto.
        (JSC::Interpreter::unwindCallFrame): Call bytecodeOffsetForPC.
        (JSC::Interpreter::throwException): Use offsets instead of vPCs.
        (JSC::Interpreter::privateExecute): Pass offset to exception helper.
        (JSC::Interpreter::retrieveLastCaller): Ditto.
        (JSC::Interpreter::cti_op_instanceof): Ditto.
        (JSC::Interpreter::cti_op_call_NotJSFunction): Ditto.
        (JSC::Interpreter::cti_op_resolve): Pass offset to exception helper.
        (JSC::Interpreter::cti_op_construct_NotJSConstruct): Ditto.
        (JSC::Interpreter::cti_op_resolve_func): Ditto.
        (JSC::Interpreter::cti_op_resolve_skip): Ditto.
        (JSC::Interpreter::cti_op_resolve_global): Ditto.
        (JSC::Interpreter::cti_op_resolve_with_base): Ditto.
        (JSC::Interpreter::cti_op_throw): Ditto.
        (JSC::Interpreter::cti_op_in): Ditto.
        (JSC::Interpreter::cti_vm_throw): Ditto.
        * interpreter/Interpreter.h:

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass): Don't pass unnecessary vPC to stub.
        * jit/JIT.h: Remove ARG_instr1 - ARG_instr3 and ARG_instr5 - ARG_instr6.
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallEvalSetupArgs): Don't pass unnecessary vPC to stub..
        (JSC::JIT::compileOpConstructSetupArgs): Ditto.

        * runtime/ExceptionHelpers.cpp:
        (JSC::createUndefinedVariableError): Take an offset instead of vPC.
        (JSC::createInvalidParamError): Ditto.
        (JSC::createNotAConstructorError): Ditto.
        (JSC::createNotAFunctionError): Ditto.
        (JSC::createNotAnObjectError): Ditto.
        * runtime/ExceptionHelpers.h:

2008-12-12  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 22835: Crash during bytecode generation when comparing to null
        <https://bugs.webkit.org/show_bug.cgi?id=22835>
        <rdar://problem/6286749>

        Change the special cases in bytecode generation for comparison to null
        to use tempDestination().

        * parser/Nodes.cpp:
        (JSC::BinaryOpNode::emitBytecode):
        (JSC::EqualNode::emitBytecode):

2008-12-12  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Move slow-cases of JIT code generation over to the MacroAssembler interface.

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::Label::Label):
        (JSC::MacroAssembler::jae32):
        (JSC::MacroAssembler::jg32):
        (JSC::MacroAssembler::jzPtr):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        (JSC::JIT::emitGetVariableObjectRegister):
        (JSC::JIT::emitPutVariableObjectRegister):
        * jit/JIT.h:
        (JSC::SlowCaseEntry::SlowCaseEntry):
        (JSC::JIT::getSlowCase):
        (JSC::JIT::linkSlowCase):
        * jit/JITArithmetic.cpp:
        (JSC::JIT::compileBinaryArithOpSlowCase):
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
        (JSC::JIT::linkSlowCaseIfNotJSCell):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::compilePutByIdSlowCase):

2008-12-12  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Sam Weinig.

        Bug 22828: Do not inspect bytecode instruction stream for op_get_by_id exception information
        <https://bugs.webkit.org/show_bug.cgi?id=22828>

        In order to remove the bytecode instruction stream after generating
        native code, all inspection of bytecode instructions at runtime must
        be removed. One particular instance of this is the special handling of
        exceptions thrown by the op_get_by_id emitted directly before an
        op_construct or an op_instanceof. This patch moves that information to
        an auxiliary data structure in CodeBlock.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::addGetByIdExceptionInfo):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitConstruct):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::emitGetByIdExceptionInfo):
        * parser/Nodes.cpp:
        (JSC::InstanceOfNode::emitBytecode):
        * runtime/ExceptionHelpers.cpp:
        (JSC::createNotAnObjectError):

2008-12-12  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Change exception information accessors to take offsets into the bytecode
        instruction buffer instead of pointers so that they can work even even
        if the bytecode buffer is purged.

        * bytecode/CodeBlock.cpp:
        (JSC::instructionOffsetForNth):
        (JSC::CodeBlock::handlerForBytecodeOffset):
        (JSC::CodeBlock::lineNumberForBytecodeOffset):
        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
        * bytecode/CodeBlock.h:
        * bytecode/SamplingTool.cpp:
        (JSC::SamplingTool::dump):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::throwException):
        (JSC::Interpreter::privateExecute):
        (JSC::Interpreter::retrieveLastCaller):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        * runtime/ExceptionHelpers.cpp:
        (JSC::createUndefinedVariableError):
        (JSC::createInvalidParamError):
        (JSC::createNotAConstructorError):
        (JSC::createNotAFunctionError):
        (JSC::createNotAnObjectError):

2008-12-12  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.
        
        Tiny bit of refactoring in quantifier generation.

        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateNonGreedyQuantifier):
        (JSC::WREC::Generator::generateGreedyQuantifier):

2008-12-11  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Remove dependancy on having the Instruction buffer in order to
        deref Structures used for property access and global resolves.
        Instead, we put references to the necessary Structures in auxiliary
        data structures on the CodeBlock. This is not an ideal solution,
        as we still pay for having the Structures in two places and we
        would like to eventually just hold on to offsets into the machine
        code buffer.

        - Also removes CodeBlock bloat in non-JIT by #ifdefing the JIT
          only data structures.

        * GNUmakefile.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.scons:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * JavaScriptCoreSources.bkl:
        * bytecode/CodeBlock.cpp:
        (JSC::isGlobalResolve):
        (JSC::isPropertyAccess):
        (JSC::instructionOffsetForNth):
        (JSC::printGlobalResolveInfo):
        (JSC::printStructureStubInfo):
        (JSC::CodeBlock::printStructures):
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::~CodeBlock):
        (JSC::CodeBlock::shrinkToFit):
        * bytecode/CodeBlock.h:
        (JSC::GlobalResolveInfo::GlobalResolveInfo):
        (JSC::getNativePC):
        (JSC::CodeBlock::instructions):
        (JSC::CodeBlock::getStubInfo):
        (JSC::CodeBlock::getBytecodeIndex):
        (JSC::CodeBlock::addPropertyAccessInstruction):
        (JSC::CodeBlock::addGlobalResolveInstruction):
        (JSC::CodeBlock::numberOfStructureStubInfos):
        (JSC::CodeBlock::addStructureStubInfo):
        (JSC::CodeBlock::structureStubInfo):
        (JSC::CodeBlock::addGlobalResolveInfo):
        (JSC::CodeBlock::globalResolveInfo):
        (JSC::CodeBlock::numberOfCallLinkInfos):
        (JSC::CodeBlock::addCallLinkInfo):
        (JSC::CodeBlock::callLinkInfo):
        * bytecode/Instruction.h:
        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
        * bytecode/Opcode.h:
        (JSC::):
        * bytecode/StructureStubInfo.cpp: Copied from bytecode/CodeBlock.cpp.
        (JSC::StructureStubInfo::deref):
        * bytecode/StructureStubInfo.h: Copied from bytecode/CodeBlock.h.
        (JSC::StructureStubInfo::StructureStubInfo):
        (JSC::StructureStubInfo::initGetByIdSelf):
        (JSC::StructureStubInfo::initGetByIdProto):
        (JSC::StructureStubInfo::initGetByIdChain):
        (JSC::StructureStubInfo::initGetByIdSelfList):
        (JSC::StructureStubInfo::initGetByIdProtoList):
        (JSC::StructureStubInfo::initPutByIdTransition):
        (JSC::StructureStubInfo::initPutByIdReplace):
        (JSC::StructureStubInfo::):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitCall):
        (JSC::BytecodeGenerator::emitConstruct):
        (JSC::BytecodeGenerator::emitCatch):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::tryCTICachePutByID):
        (JSC::Interpreter::tryCTICacheGetByID):
        (JSC::Interpreter::cti_op_get_by_id_self_fail):
        (JSC::getPolymorphicAccessStructureListSlot):
        (JSC::Interpreter::cti_op_get_by_id_proto_list):
        (JSC::Interpreter::cti_op_resolve_global):
        * jit/JIT.cpp:
        (JSC::JIT::JIT):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::compilePutByIdSlowCase):
        (JSC::JIT::privateCompileGetByIdSelfList):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):

2008-12-11  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Remove CTI_ARGUMENTS mode, use va_start implementation on Windows,
        unifying JIT callback (cti_*) argument access on OS X & Windows

        No performance impact.

        * interpreter/Interpreter.h:
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitCTICall):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):
        * wtf/Platform.h:

2008-12-11  Holger Freyther  <zecke@selfish.org>

        Reviewed by Simon Hausmann.

        https://bugs.webkit.org/show_bug.cgi?id=20953

        For Qt it is not pratical to have a FontCache and GlyphPageTreeNode
        implementation. This is one of the reasons why the Qt port is currently not
        using WebCore/platform/graphics/Font.cpp. By allowing to not use
        the simple/fast-path the Qt port will be able to use it.

        Introduce USE(FONT_FAST_PATH) and define it for every port but the
        Qt one.

        * wtf/Platform.h: Enable USE(FONT_FAST_PATH)

2008-12-11  Gabor Loki  <loki@inf.u-szeged.hu>

        Reviewed by Darin Adler and landed by Holger Freyther.

        <https://bugs.webkit.org/show_bug.cgi?id=22648>
        Fix threading on Qt-port and Gtk-port for Sampling tool.

        * wtf/ThreadingGtk.cpp:
        (WTF::waitForThreadCompletion):
        * wtf/ThreadingQt.cpp:
        (WTF::waitForThreadCompletion):

2008-12-10  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 22734: Debugger crashes when stepping into a function call in a return statement
        <https://bugs.webkit.org/show_bug.cgi?id=22734>
        <rdar://problem/6426796>

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator): The DebuggerCallFrame uses
        the 'this' value stored in a callFrame, so op_convert_this should be
        emitted at the beginning of a function body when generating bytecode
        with debug hooks.
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::thisObject): The assertion inherent in the call
        to asObject() here is valid, because any 'this' value should have been
        converted to a JSObject*.

2008-12-10  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Port more of the JIT to use the MacroAssembler interface.
        
        Everything in the main pass, bar a few corner cases (operations with required
        registers, or calling convention code).  Slightly refactors array creation,
        moving the offset calculation into the callFrame into C code (reducing code
        planted).

        Overall this appears to be a 1% win on v8-tests, due to the smaller immediates
        being planted (in jfalse in particular).

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::cti_op_new_array):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateEnter):

2008-12-10  Sam Weinig  <sam@webkit.org>

        Fix non-JIT builds.

        * bytecode/CodeBlock.h:

2008-12-10  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        <rdar://problem/6428332> Remove the CTI return address table from CodeBlock

        Step 2:

        Convert the return address table from a HashMap to a sorted Vector.  This
        reduces the size of the data structure by ~4.5MB on Membuster head.

        SunSpider reports a 0.5% progression.

        * bytecode/CodeBlock.cpp:
        (JSC::sizeInBytes): Generic method to get the cost of a Vector.
        (JSC::CodeBlock::dumpStatistics): Add dumping of member sizes.
        * bytecode/CodeBlock.h:
        (JSC::PC::PC): Struct representing NativePC -> VirtualPC mappings.
        (JSC::getNativePC): Helper for binary chop.
        (JSC::CodeBlock::getBytecodeIndex): Used to get the VirtualPC from a
        NativePC using a binary chop of the pcVector.
        (JSC::CodeBlock::pcVector): Accessor.

        * interpreter/Interpreter.cpp:
        (JSC::vPCForPC): Use getBytecodeIndex instead of jitReturnAddressVPCMap().get().
        (JSC::Interpreter::cti_op_instanceof): Ditto.
        (JSC::Interpreter::cti_op_resolve): Ditto.
        (JSC::Interpreter::cti_op_resolve_func): Ditto.
        (JSC::Interpreter::cti_op_resolve_skip): Ditto.
        (JSC::Interpreter::cti_op_resolve_with_base): Ditto.
        (JSC::Interpreter::cti_op_throw): Ditto.
        (JSC::Interpreter::cti_op_in): Ditto.
        (JSC::Interpreter::cti_vm_throw): Ditto.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompile): Reserve exact capacity and fill the pcVector.

2008-12-09  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Added WREC support for an assertion followed by a quantifier. Fixed
        PCRE to match.

        * wrec/WRECParser.cpp:
        (JSC::WREC::Parser::parseParentheses): Throw away the quantifier, since
        it's meaningless. (Firefox does the same.)

        * pcre/pcre_compile.cpp:
        (compileBranch): ditto.

2008-12-09  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.

        In preparation for compiling WREC without PCRE:
        
        Further relaxed WREC's parsing to be more web-compatible. Fixed PCRE to
        match in cases where it didn't already.
        
        Changed JavaScriptCore to report syntax errors detected by WREC, rather
        than falling back on PCRE any time WREC sees an error.
        
        * pcre/pcre_compile.cpp:
        (checkEscape): Relaxed parsing of \c and \N escapes to be more
        web-compatible.
        
        * runtime/RegExp.cpp:
        (JSC::RegExp::RegExp): Only fall back on PCRE if WREC has not reported
        a syntax error.

        * wrec/WREC.cpp:
        (JSC::WREC::Generator::compileRegExp): Fixed some error reporting to
        match PCRE.

        * wrec/WRECParser.cpp: Added error messages that match PCRE.

        (JSC::WREC::Parser::consumeGreedyQuantifier):
        (JSC::WREC::Parser::parseParentheses):
        (JSC::WREC::Parser::parseCharacterClass):
        (JSC::WREC::Parser::parseNonCharacterEscape): Updated the above functions to
        use the new setError API.

        (JSC::WREC::Parser::consumeEscape): Relaxed parsing of \c \N \u \x \B
        to be more web-compatible.

        (JSC::WREC::Parser::parseAlternative): Distinguish between a malformed
        quantifier and a quantifier with no prefix, like PCRE does.

        (JSC::WREC::Parser::consumeParenthesesType): Updated to use the new setError API.

        * wrec/WRECParser.h:
        (JSC::WREC::Parser::error):
        (JSC::WREC::Parser::syntaxError):
        (JSC::WREC::Parser::parsePattern):
        (JSC::WREC::Parser::reset):
        (JSC::WREC::Parser::setError): Store error messages instead of error codes,
        to provide for exception messages. Use a setter for reporting errors, so
        errors detected early are not overwritten by errors detected later.

2008-12-09  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Use va_args to access cti function arguments.
        https://bugs.webkit.org/show_bug.cgi?id=22774

        This may be a minor regression, but we'll take the hit if so to reduce fragility.

        * interpreter/Interpreter.cpp:
        * interpreter/Interpreter.h:

2008-12-09  Sam Weinig  <sam@webkit.org>

        Reviewed twice by Cameron Zwarich.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=22752
        Clear SymbolTable after codegen for Function codeblocks that
        don't require an activation

        This is a ~1.5MB improvement on Membuster-head.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpStatistics): Add logging of non-empty symbol tables
        and total size used by symbol tables.
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::generate): Clear the symbol table here.

2008-12-09  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Remove unnecessary extra lookup when throwing an exception.
        We used to first lookup the target offset using getHandlerForVPC
        and then we would lookup the native code stub using 
        nativeExceptionCodeForHandlerVPC.  Instead, we can just pass around
        the HandlerInfo.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::handlerForVPC): Return the HandlerInfo.
        * bytecode/CodeBlock.h: Remove nativeExceptionCodeForHandlerVPC.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::throwException): Return a HandlerInfo instead of
        and Instruction offset.
        (JSC::Interpreter::privateExecute): Get the offset from HandlerInfo.
        (JSC::Interpreter::cti_op_throw): Get the native code from the HandleInfo.
        (JSC::Interpreter::cti_vm_throw): Ditto.
        * interpreter/Interpreter.h:

2008-12-09  Eric Seidel  <eric@webkit.org>

        Build fix only, no review.

        Speculative fix for the Chromium-Windows bot.
        Add JavaScriptCore/os-win32 to the include path (for stdint.h)
        Strangely it builds fine on my local windows box (or at least doesn't hit this error)

        * JavaScriptCore.scons:

2008-12-09  Eric Seidel  <eric@webkit.org>

        No review, build fix only.
        
        Add ExecutableAllocator files missing from Scons build.

        * JavaScriptCore.scons:

2008-12-09  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Timothy Hatcher.

        https://bugs.webkit.org/show_bug.cgi?id=22631
        Allow ScriptCallFrame query names of functions in the call stack.

        * JavaScriptCore.exp: added InternalFunction::name and
        UString operator==() as exported symbol

2008-12-08  Judit Jasz  <jasy@inf.u-szeged.hu>

        Reviewed and tweaked by Cameron Zwarich.

        Bug 22352: Annotate opcodes with their length
        <https://bugs.webkit.org/show_bug.cgi?id=22352>

        * bytecode/Opcode.cpp:
        * bytecode/Opcode.h:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):

2008-12-08  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Implemented more of the relaxed and somewhat weird rules for deciding
        how to interpret a non-pattern-character.
        
        * wrec/Escapes.h:
        (JSC::WREC::Escape::):
        (JSC::WREC::Escape::Escape): Eliminated Escape::None because it was
        unused. If you see an '\\', it's either a valid escape or an error.

        * wrec/Quantifier.h:
        (JSC::WREC::Quantifier::Quantifier):
        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateNonGreedyQuantifier):
        (JSC::WREC::Generator::generateGreedyQuantifier): Renamed "noMaxSpecified"
        to "Infinity", since that's what it means.

        * wrec/WRECParser.cpp:
        (JSC::WREC::Parser::consumeGreedyQuantifier): Re-wrote {n,m} parsing rules
        because they were too strict before. Added support for backtracking
        in the case where the {n,m} fails to parse as a quantifier, and yet is
        not a syntax error.

        (JSC::WREC::Parser::parseCharacterClass):
        (JSC::WREC::Parser::parseNonCharacterEscape): Eliminated Escape::None,
        as above.

        (JSC::WREC::Parser::consumeEscape): Don't treat ASCII and _ escapes
        as syntax errors. See fast/regex/non-pattern-characters.html.
        
        * wrec/WRECParser.h:
        (JSC::WREC::Parser::SavedState::SavedState):
        (JSC::WREC::Parser::SavedState::restore): Added a state backtracker,
        since parsing {n,m} forms requires backtracking if the form turns out
        not to be a quantifier.

2008-12-08  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Refactored WREC parsing so that only one piece of code needs to know
        the relaxed and somewhat weird rules for deciding how to interpret a
        non-pattern-character, in preparation for implementing those rules.
        
        Also, implemented the relaxed and somewhat weird rules for '}' and ']'.

        * wrec/WREC.cpp: Reduced the regular expression size limit. Now that
        WREC handles ']' properly, it compiles fast/js/regexp-charclass-crash.html,
        which makes it hang at the old limit. (The old limit was based on the
        misimpression that the same value in PCRE limited the regular expression
        pattern size; in reality, it limited the expected compiled regular
        expression size. WREC doesn't have a way to calculate an expected
        compiled regular expression size, but this should be good enough.)

        * wrec/WRECParser.cpp:
        (JSC::WREC::parsePatternCharacterSequence): Nixed this function because
        it contained a second copy of the logic for handling non-pattern-characters,
        which is about to get a lot more complicated.

        (JSC::WREC::PatternCharacterSequence::PatternCharacterSequence): 
        (JSC::WREC::PatternCharacterSequence::size):
        (JSC::WREC::PatternCharacterSequence::append):
        (JSC::WREC::PatternCharacterSequence::flush): Helper object for generating
        an optimized sequence of pattern characters.

        (JSC::WREC::Parser::parseNonCharacterEscape): Renamed to reflect the fact
        that the main parseAlternative loop handles character escapes.

        (JSC::WREC::Parser::parseAlternative): Moved pattern character sequence
        logic from parsePatternCharacterSequence to here, using
        PatternCharacterSequence to help with the details.

        * wrec/WRECParser.h: Updated for renames.

2008-12-08  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Geoff Garen.

        <rdar://problem/6166088> Give JSGlobalContextCreate a behavior that is concurrency aware,
        and un-deprecate it

        * API/JSContextRef.cpp: (JSGlobalContextCreate):
        * API/JSContextRef.h:
        Use a unique context group for the context, unless the application was linked against old
        JavaScriptCore.

2008-12-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Fix for <rdar://problem/6428332> Remove the CTI return address table from CodeBlock

        Step 1:

        Remove use of jitReturnAddressVPCMap when looking for vPC to store Structures
        in for cached lookup.  Instead, use the offset in the StructureStubInfo that is
        already required.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpStatistics): Fix extraneous semicolon.
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::tryCTICachePutByID):
        (JSC::Interpreter::tryCTICacheGetByID):
        (JSC::Interpreter::cti_op_get_by_id_self_fail):
        (JSC::Interpreter::cti_op_get_by_id_proto_list):
        * jit/JIT.h:
        (JSC::JIT::compileGetByIdSelf):
        (JSC::JIT::compileGetByIdProto):
        (JSC::JIT::compileGetByIdChain):
        (JSC::JIT::compilePutByIdReplace):
        (JSC::JIT::compilePutByIdTransition):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::patchGetByIdSelf):
        (JSC::JIT::patchPutByIdReplace):
        (JSC::JIT::privateCompilePatchGetArrayLength): Remove extra call to getStubInfo.
        (JSC::JIT::privateCompileGetByIdSelf):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdChain):
        (JSC::JIT::privateCompilePutByIdReplace):

2008-12-08  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Port the op_j?n?eq_null JIT code generation to use the MacroAssembler,
        and clean up slightly at the same time.  The 'j' forms currently compare,
        then set a register, then compare again, then branch.  Branch directly on
        the result of the first compare.

        Around a 1% progression on deltablue, crypto & early boyer, for about 1/2%
        overall on v8-tests.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdSlowCase):

2008-12-08  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Expand MacroAssembler to support more operations, required by the JIT.

        Generally adds more operations and permutations of operands to the existing
        interface.  Rename 'jset' to 'jnz' and 'jnset' to 'jz', which seem clearer,
        and require that immediate pointer operands (though not pointer addresses to
        load and store instructions) are wrapped in a ImmPtr() type, akin to Imm32().

        No performance impact.

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::):
        (JSC::MacroAssembler::ImmPtr::ImmPtr):
        (JSC::MacroAssembler::add32):
        (JSC::MacroAssembler::and32):
        (JSC::MacroAssembler::or32):
        (JSC::MacroAssembler::sub32):
        (JSC::MacroAssembler::xor32):
        (JSC::MacroAssembler::loadPtr):
        (JSC::MacroAssembler::load32):
        (JSC::MacroAssembler::storePtr):
        (JSC::MacroAssembler::store32):
        (JSC::MacroAssembler::poke):
        (JSC::MacroAssembler::move):
        (JSC::MacroAssembler::testImm32):
        (JSC::MacroAssembler::jae32):
        (JSC::MacroAssembler::jb32):
        (JSC::MacroAssembler::jePtr):
        (JSC::MacroAssembler::je32):
        (JSC::MacroAssembler::jnePtr):
        (JSC::MacroAssembler::jne32):
        (JSC::MacroAssembler::jnzPtr):
        (JSC::MacroAssembler::jnz32):
        (JSC::MacroAssembler::jzPtr):
        (JSC::MacroAssembler::jz32):
        (JSC::MacroAssembler::joSub32):
        (JSC::MacroAssembler::jump):
        (JSC::MacroAssembler::sete32):
        (JSC::MacroAssembler::setne32):
        (JSC::MacroAssembler::setnz32):
        (JSC::MacroAssembler::setz32):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::addl_mr):
        (JSC::X86Assembler::andl_i8r):
        (JSC::X86Assembler::cmpl_rm):
        (JSC::X86Assembler::cmpl_mr):
        (JSC::X86Assembler::cmpl_i8m):
        (JSC::X86Assembler::subl_mr):
        (JSC::X86Assembler::testl_i32m):
        (JSC::X86Assembler::xorl_i32r):
        (JSC::X86Assembler::movl_rm):
        (JSC::X86Assembler::modRm_opmsib):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitGetVirtualRegister):
        (JSC::JIT::emitPutCTIArgConstant):
        (JSC::JIT::emitPutCTIParam):
        (JSC::JIT::emitPutImmediateToCallFrameHeader):
        (JSC::JIT::emitInitRegister):
        (JSC::JIT::checkStructure):
        (JSC::JIT::emitJumpIfJSCell):
        (JSC::JIT::emitJumpIfNotJSCell):
        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):

2008-12-08  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Fixed a bug where WREC would allow a quantifier whose minimum was
        greater than its maximum.
        
        * wrec/Quantifier.h:
        (JSC::WREC::Quantifier::Quantifier): ASSERT that the quantifier is not
        backwards.
        
        * wrec/WRECParser.cpp:
        (JSC::WREC::Parser::consumeGreedyQuantifier): Verify that the minimum
        is not greater than the maximum.

2008-12-08  Eric Seidel  <eric@webkit.org>
        
        Build fix only, no review.

        * JavaScriptCore.scons: add bytecode/JumpTable.cpp

2008-12-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=22716
        <rdar://problem/6428315>
        Add RareData structure to CodeBlock for infrequently used auxiliary data
        members.

        Reduces memory on Membuster-head by ~.5MB 

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::dumpStatistics):
        (JSC::CodeBlock::mark):
        (JSC::CodeBlock::getHandlerForVPC):
        (JSC::CodeBlock::nativeExceptionCodeForHandlerVPC):
        (JSC::CodeBlock::shrinkToFit):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::numberOfExceptionHandlers):
        (JSC::CodeBlock::addExceptionHandler):
        (JSC::CodeBlock::exceptionHandler):
        (JSC::CodeBlock::addFunction):
        (JSC::CodeBlock::function):
        (JSC::CodeBlock::addUnexpectedConstant):
        (JSC::CodeBlock::unexpectedConstant):
        (JSC::CodeBlock::addRegExp):
        (JSC::CodeBlock::regexp):
        (JSC::CodeBlock::numberOfImmediateSwitchJumpTables):
        (JSC::CodeBlock::addImmediateSwitchJumpTable):
        (JSC::CodeBlock::immediateSwitchJumpTable):
        (JSC::CodeBlock::numberOfCharacterSwitchJumpTables):
        (JSC::CodeBlock::addCharacterSwitchJumpTable):
        (JSC::CodeBlock::characterSwitchJumpTable):
        (JSC::CodeBlock::numberOfStringSwitchJumpTables):
        (JSC::CodeBlock::addStringSwitchJumpTable):
        (JSC::CodeBlock::stringSwitchJumpTable):
        (JSC::CodeBlock::evalCodeCache):
        (JSC::CodeBlock::createRareDataIfNecessary):

2008-11-26  Peter Kasting  <pkasting@google.com>

        Reviewed by Anders Carlsson.

        https://bugs.webkit.org/show_bug.cgi?id=16814
        Allow ports to disable ActiveX->NPAPI conversion for Media Player.
        Improve handling of miscellaneous ActiveX objects.

        * wtf/Platform.h: Add another ENABLE(...).

2008-12-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Mark Rowe.

        Add dumping of CodeBlock member structure usage.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpStatistics):
        * bytecode/EvalCodeCache.h:
        (JSC::EvalCodeCache::isEmpty):

2008-12-08  David Kilzer  <ddkilzer@apple.com>

        Bug 22555: Sort "children" sections in Xcode project files

        <https://bugs.webkit.org/show_bug.cgi?id=22555>

        Reviewed by Eric Seidel.

        * JavaScriptCore.xcodeproj/project.pbxproj: Sorted.

2008-12-08  Tony Chang  <tony@chromium.org>

        Reviewed by Eric Seidel.

        Enable Pan scrolling only when building on PLATFORM(WIN_OS)
        Previously platforms like Apple Windows WebKit, Cairo Windows WebKit,
        Wx and Chromium were enabling it explicitly, now we just turn it on
        for all WIN_OS, later platforms can turn it off as needed on Windows
        (or turn it on under Linux, etc.)
        https://bugs.webkit.org/show_bug.cgi?id=22698

        * wtf/Platform.h:

2008-12-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Add basic memory statistics dumping for CodeBlock.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpStatistics):
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::~CodeBlock):
        * bytecode/CodeBlock.h:

2008-12-08  Simon Hausmann  <simon.hausmann@nokia.com>

        Fix the Linux build with newer gcc/glibc.

        * jit/ExecutableAllocatorPosix.cpp: Include unistd.h for
        getpagesize(), according to
        http://opengroup.org/onlinepubs/007908775/xsh/getpagesize.html

2008-12-08  Simon Hausmann  <simon.hausmann@nokia.com>

        Fix the build with Qt on Windows.

        * JavaScriptCore.pri: Compile ExecutableAllocatorWin.cpp on Windows.

2008-12-07  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Buildfix).

        Fix non-WREC builds

        * runtime/RegExp.cpp:
        (JSC::RegExp::RegExp):

2008-12-07  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Put ENABLE(ASSEMBLER) guards around use of ExecutableAllocator in global data

        Correct Qt and Gtk project files

        * GNUmakefile.am:
        * JavaScriptCore.pri:
        * runtime/JSGlobalData.h:

2008-12-07  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Add new files to other projects.

        * GNUmakefile.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.pro:

2008-12-07  Oliver Hunt  <oliver@apple.com>

        Rubber stamped by Mark Rowe.

        Rename ExecutableAllocatorMMAP to the more sensible ExecutableAllocatorPosix

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * jit/ExecutableAllocator.h:
        * jit/ExecutableAllocatorPosix.cpp: Renamed from JavaScriptCore/jit/ExecutableAllocatorMMAP.cpp.
        (JSC::ExecutableAllocator::intializePageSize):
        (JSC::ExecutablePool::systemAlloc):
        (JSC::ExecutablePool::systemRelease):

2008-12-07  Oliver Hunt  <oliver@apple.com>

        Reviewed by Cameron Zwarich and Sam Weinig

        <rdar://problem/6309878> Need more granular control over allocation of executable memory (21783)
        <https://bugs.webkit.org/show_bug.cgi?id=21783>

        Add a new allocator for use by the JIT that provides executable pages, so
        we can get rid of the current hack that makes the entire heap executable.

        1-2% progression on SunSpider-v8, 1% on SunSpider.  Reduces memory usage as well!

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * assembler/AssemblerBuffer.h:
        (JSC::AssemblerBuffer::size):
        (JSC::AssemblerBuffer::executableCopy):
        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::size):
        (JSC::MacroAssembler::copyCode):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::size):
        (JSC::X86Assembler::executableCopy):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::~CodeBlock):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::executablePool):
        (JSC::CodeBlock::setExecutablePool):
        * bytecode/Instruction.h:
        (JSC::PolymorphicAccessStructureList::derefStructures):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::~Interpreter):
        * interpreter/Interpreter.h:
        * jit/ExecutableAllocator.cpp: Added.
        * jit/ExecutableAllocator.h: Added.
        (JSC::ExecutablePool::create):
        (JSC::ExecutablePool::alloc):
        (JSC::ExecutablePool::~ExecutablePool):
        (JSC::ExecutablePool::available):
        (JSC::ExecutablePool::ExecutablePool):
        (JSC::ExecutablePool::poolAllocate):
        (JSC::ExecutableAllocator::ExecutableAllocator):
        (JSC::ExecutableAllocator::poolForSize):
        (JSC::ExecutablePool::sizeForAllocation):
        * jit/ExecutableAllocatorMMAP.cpp: Added.
        (JSC::ExecutableAllocator::intializePageSize):
        (JSC::ExecutablePool::systemAlloc):
        (JSC::ExecutablePool::systemRelease):
        * jit/ExecutableAllocatorWin.cpp: Added.
        (JSC::ExecutableAllocator::intializePageSize):
        (JSC::ExecutablePool::systemAlloc):
        (JSC::ExecutablePool::systemRelease):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        (JSC::JIT::compileCTIMachineTrampolines):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        (JSC::JIT::privateCompileGetByIdSelf):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdSelfList):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):
        (JSC::JIT::privateCompilePutByIdReplace):
        * parser/Nodes.cpp:
        (JSC::RegExpNode::emitBytecode):
        * runtime/JSGlobalData.h:
        (JSC::JSGlobalData::poolForSize):
        * runtime/RegExp.cpp:
        (JSC::RegExp::RegExp):
        (JSC::RegExp::create):
        (JSC::RegExp::~RegExp):
        * runtime/RegExp.h:
        * runtime/RegExpConstructor.cpp:
        (JSC::constructRegExp):
        * runtime/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncCompile):
        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):
        * wrec/WREC.cpp:
        (JSC::WREC::Generator::compileRegExp):
        * wrec/WRECGenerator.h:
        * wtf/FastMalloc.cpp:
        * wtf/FastMalloc.h:
        * wtf/TCSystemAlloc.cpp:
        (TryMmap):
        (TryVirtualAlloc):
        (TryDevMem):
        (TCMalloc_SystemRelease):

2008-12-06  Sam Weinig  <sam@webkit.org>

        Fix the Gtk build.

        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compilePutByIdHotPath):

2008-12-06  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich,

        Move CodeBlock constructor into the .cpp file.

        Sunspider reports a .7% progression, but I can only assume this
        is noise.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecode/CodeBlock.h:

2008-12-06  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Split JumpTable code into its own file.

        * GNUmakefile.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * JavaScriptCoreSources.bkl:
        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:
        * bytecode/JumpTable.cpp: Copied from bytecode/CodeBlock.cpp.
        * bytecode/JumpTable.h: Copied from bytecode/CodeBlock.h.

2008-12-05  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=22715
        Encapsulate more CodeBlock members in preparation
        of moving some of them to a rare data structure.

        * bytecode/CodeBlock.cpp:
        (JSC::locationForOffset):
        (JSC::printConditionalJump):
        (JSC::printGetByIdOp):
        (JSC::printPutByIdOp):
        (JSC::CodeBlock::printStructure):
        (JSC::CodeBlock::printStructures):
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::~CodeBlock):
        (JSC::CodeBlock::unlinkCallers):
        (JSC::CodeBlock::derefStructures):
        (JSC::CodeBlock::refStructures):
        (JSC::CodeBlock::mark):
        (JSC::CodeBlock::getHandlerForVPC):
        (JSC::CodeBlock::nativeExceptionCodeForHandlerVPC):
        (JSC::CodeBlock::lineNumberForVPC):
        (JSC::CodeBlock::expressionRangeForVPC):
        (JSC::CodeBlock::shrinkToFit):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::addCaller):
        (JSC::CodeBlock::removeCaller):
        (JSC::CodeBlock::isKnownNotImmediate):
        (JSC::CodeBlock::isConstantRegisterIndex):
        (JSC::CodeBlock::getConstant):
        (JSC::CodeBlock::isTemporaryRegisterIndex):
        (JSC::CodeBlock::getStubInfo):
        (JSC::CodeBlock::getCallLinkInfo):
        (JSC::CodeBlock::instructions):
        (JSC::CodeBlock::setJITCode):
        (JSC::CodeBlock::jitCode):
        (JSC::CodeBlock::ownerNode):
        (JSC::CodeBlock::setGlobalData):
        (JSC::CodeBlock::setThisRegister):
        (JSC::CodeBlock::thisRegister):
        (JSC::CodeBlock::setNeedsFullScopeChain):
        (JSC::CodeBlock::needsFullScopeChain):
        (JSC::CodeBlock::setUsesEval):
        (JSC::CodeBlock::usesEval):
        (JSC::CodeBlock::setUsesArguments):
        (JSC::CodeBlock::usesArguments):
        (JSC::CodeBlock::codeType):
        (JSC::CodeBlock::source):
        (JSC::CodeBlock::sourceOffset):
        (JSC::CodeBlock::addGlobalResolveInstruction):
        (JSC::CodeBlock::numberOfPropertyAccessInstructions):
        (JSC::CodeBlock::addPropertyAccessInstruction):
        (JSC::CodeBlock::propertyAccessInstruction):
        (JSC::CodeBlock::numberOfCallLinkInfos):
        (JSC::CodeBlock::addCallLinkInfo):
        (JSC::CodeBlock::callLinkInfo):
        (JSC::CodeBlock::numberOfJumpTargets):
        (JSC::CodeBlock::addJumpTarget):
        (JSC::CodeBlock::jumpTarget):
        (JSC::CodeBlock::lastJumpTarget):
        (JSC::CodeBlock::numberOfExceptionHandlers):
        (JSC::CodeBlock::addExceptionHandler):
        (JSC::CodeBlock::exceptionHandler):
        (JSC::CodeBlock::addExpressionInfo):
        (JSC::CodeBlock::numberOfLineInfos):
        (JSC::CodeBlock::addLineInfo):
        (JSC::CodeBlock::lastLineInfo):
        (JSC::CodeBlock::jitReturnAddressVPCMap):
        (JSC::CodeBlock::numberOfIdentifiers):
        (JSC::CodeBlock::addIdentifier):
        (JSC::CodeBlock::identifier):
        (JSC::CodeBlock::numberOfConstantRegisters):
        (JSC::CodeBlock::addConstantRegister):
        (JSC::CodeBlock::constantRegister):
        (JSC::CodeBlock::addFunction):
        (JSC::CodeBlock::function):
        (JSC::CodeBlock::addFunctionExpression):
        (JSC::CodeBlock::functionExpression):
        (JSC::CodeBlock::addUnexpectedConstant):
        (JSC::CodeBlock::unexpectedConstant):
        (JSC::CodeBlock::addRegExp):
        (JSC::CodeBlock::regexp):
        (JSC::CodeBlock::symbolTable):
        (JSC::CodeBlock::evalCodeCache):
        New inline setters/getters.

        (JSC::ProgramCodeBlock::ProgramCodeBlock):
        (JSC::ProgramCodeBlock::~ProgramCodeBlock):
        (JSC::ProgramCodeBlock::clearGlobalObject):
        * bytecode/SamplingTool.cpp:
        (JSC::ScopeSampleRecord::sample):
        (JSC::SamplingTool::dump):
        * bytecompiler/BytecodeGenerator.cpp:
        * bytecompiler/BytecodeGenerator.h:
        * bytecompiler/Label.h:
        * interpreter/CallFrame.cpp:
        * interpreter/Interpreter.cpp:
        * jit/JIT.cpp:
        * jit/JITCall.cpp:
        * jit/JITInlineMethods.h:
        * jit/JITPropertyAccess.cpp:
        * parser/Nodes.cpp:
        * runtime/Arguments.h:
        * runtime/ExceptionHelpers.cpp:
        * runtime/JSActivation.cpp:
        * runtime/JSActivation.h:
        * runtime/JSGlobalObject.cpp:
        Change direct access to use new getter/setters.

2008-12-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Prevent GCC4.2 from hanging when trying to compile Interpreter.cpp.
        Added "-fno-var-tracking" compiler flag.

        https://bugs.webkit.org/show_bug.cgi?id=22704

        * JavaScriptCore.xcodeproj/project.pbxproj:

2008-12-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Ordering of branch operands in MacroAssembler in unnecessarily  inconsistent.

        je, jg etc take an immediate operand as the second argument, but for the
        equality branches (je, jne) the immediate operand was the first argument.  This
        was unnecessarily inconsistent.  Change je, jne methods to take the immediate
        as the second argument.

        https://bugs.webkit.org/show_bug.cgi?id=22703

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::je32):
        (JSC::MacroAssembler::jne32):
        * jit/JIT.cpp:
        (JSC::JIT::compileOpStrictEq):
        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateEnter):
        (JSC::WREC::Generator::generateNonGreedyQuantifier):
        (JSC::WREC::Generator::generateGreedyQuantifier):
        (JSC::WREC::Generator::generatePatternCharacterPair):
        (JSC::WREC::Generator::generatePatternCharacter):
        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
        (JSC::WREC::Generator::generateCharacterClassInverted):
        (JSC::WREC::Generator::generateAssertionBOL):
        (JSC::WREC::Generator::generateAssertionWordBoundary):

2008-12-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Second tranche of porting JIT.cpp to MacroAssembler interface.

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::mul32):
        (JSC::MacroAssembler::jl32):
        (JSC::MacroAssembler::jnzSub32):
        (JSC::MacroAssembler::joAdd32):
        (JSC::MacroAssembler::joMul32):
        (JSC::MacroAssembler::jzSub32):
        * jit/JIT.cpp:
        (JSC::JIT::emitSlowScriptCheck):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitJumpIfNotJSCell):
        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):

2008-12-05  David Kilzer  <ddkilzer@apple.com>

        Bug 22609: Provide a build-time choice when generating hash tables for properties of built-in DOM objects

        <https://bugs.webkit.org/show_bug.cgi?id=22609>
        <rdar://problem/6331749>

        Reviewed by Darin Adler.

        Initial patch by Yosen Lin.  Adapted for ToT WebKit by David Kilzer.

        Added back the code that generates a "compact" hash (instead of a
        perfect hash) as a build-time option using the
        ENABLE(PERFECT_HASH_SIZE) macro as defined in Lookup.h.

        * create_hash_table: Rename variables to differentiate perfect hash
        values from compact hash values.  Added back code to compute compact
        hash tables.  Generate both hash table sizes and emit
        conditionalized code based on ENABLE(PERFECT_HASH_SIZE).
        * runtime/Lookup.cpp:
        (JSC::HashTable::createTable): Added version of createTable() for
        use with compact hash tables.
        (JSC::HashTable::deleteTable): Updated to work with compact hash
        tables.
        * runtime/Lookup.h: Defined ENABLE(PERFECT_HASH_SIZE) macro here.
        (JSC::HashEntry::initialize): Set m_next to zero when using compact
        hash tables.
        (JSC::HashEntry::setNext): Added for compact hash tables.
        (JSC::HashEntry::next): Added for compact hash tables.
        (JSC::HashTable::entry): Added version of entry() for use with
        compact hash tables.
        * runtime/Structure.cpp:
        (JSC::Structure::getEnumerablePropertyNames): Updated to work with
        compact hash tables.

2008-12-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Remove redundant calls to JIT::emitSlowScriptCheck.
        This is checked in the hot path, so is not needed on the slow path - and the code
        was being planted before the start of the slow case, so was completely unreachable!

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileSlowCases):

2008-12-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Move JIT::compileOpStrictEq to MacroAssembler interface.

        The rewrite also looks like a small (<1%) performance progression.

        https://bugs.webkit.org/show_bug.cgi?id=22697

        * jit/JIT.cpp:
        (JSC::JIT::compileOpStrictEq):
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitJumpIfJSCell):
        (JSC::JIT::emitJumpSlowCaseIfJSCell):

2008-12-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Remove m_assembler from MacroAssembler::Jump.
        Keeping a pointer allowed for some syntactic sugar - "link()" looks nicer
        than "link(this)".  But maintaining this doubles the size of Jump, which
        is even more unfortunate for the JIT, since there are many large structures
        holding JmpSrcs.  Probably best to remove it.

        https://bugs.webkit.org/show_bug.cgi?id=22693

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::Jump::Jump):
        (JSC::MacroAssembler::Jump::link):
        (JSC::MacroAssembler::Jump::linkTo):
        (JSC::MacroAssembler::JumpList::link):
        (JSC::MacroAssembler::JumpList::linkTo):
        (JSC::MacroAssembler::jae32):
        (JSC::MacroAssembler::je32):
        (JSC::MacroAssembler::je16):
        (JSC::MacroAssembler::jg32):
        (JSC::MacroAssembler::jge32):
        (JSC::MacroAssembler::jl32):
        (JSC::MacroAssembler::jle32):
        (JSC::MacroAssembler::jnePtr):
        (JSC::MacroAssembler::jne32):
        (JSC::MacroAssembler::jnset32):
        (JSC::MacroAssembler::jset32):
        (JSC::MacroAssembler::jump):
        (JSC::MacroAssembler::jzSub32):
        (JSC::MacroAssembler::joAdd32):
        (JSC::MacroAssembler::call):
        * wrec/WREC.cpp:
        (JSC::WREC::Generator::compileRegExp):
        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateEnter):
        (JSC::WREC::Generator::generateBackreferenceQuantifier):
        (JSC::WREC::Generator::generateNonGreedyQuantifier):
        (JSC::WREC::Generator::generateGreedyQuantifier):
        (JSC::WREC::Generator::generatePatternCharacter):
        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
        (JSC::WREC::Generator::generateCharacterClassInverted):
        (JSC::WREC::Generator::generateCharacterClass):
        (JSC::WREC::Generator::generateParenthesesAssertion):
        (JSC::WREC::Generator::generateParenthesesInvertedAssertion):
        (JSC::WREC::Generator::generateParenthesesNonGreedy):
        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
        (JSC::WREC::Generator::generateAssertionBOL):
        (JSC::WREC::Generator::generateAssertionEOL):
        (JSC::WREC::Generator::generateAssertionWordBoundary):
        (JSC::WREC::Generator::generateBackreference):
        (JSC::WREC::Generator::terminateAlternative):
        (JSC::WREC::Generator::terminateDisjunction):
        * wrec/WRECParser.h:

2008-12-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoffrey Garen.

        Simplify JIT generated checks for timeout code, by moving more work into the C function.
        https://bugs.webkit.org/show_bug.cgi?id=22688

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::cti_timeout_check):
        * interpreter/Interpreter.h:
        * jit/JIT.cpp:
        (JSC::JIT::emitSlowScriptCheck):

2008-12-05  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Encapsulate access to jump tables in the CodeBlock in preparation
        of moving them to a rare data structure.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::shrinkToFit):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::numberOfImmediateSwitchJumpTables):
        (JSC::CodeBlock::addImmediateSwitchJumpTable):
        (JSC::CodeBlock::immediateSwitchJumpTable):
        (JSC::CodeBlock::numberOfCharacterSwitchJumpTables):
        (JSC::CodeBlock::addCharacterSwitchJumpTable):
        (JSC::CodeBlock::characterSwitchJumpTable):
        (JSC::CodeBlock::numberOfStringSwitchJumpTables):
        (JSC::CodeBlock::addStringSwitchJumpTable):
        (JSC::CodeBlock::stringSwitchJumpTable):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::generate):
        (JSC::BytecodeGenerator::endSwitch):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        (JSC::Interpreter::cti_op_switch_imm):
        (JSC::Interpreter::cti_op_switch_char):
        (JSC::Interpreter::cti_op_switch_string):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):

2008-12-05  Adam Roben  <aroben@apple.com>

        Windows build fix after r39020

        * jit/JITInlineMethods.h:
        (JSC::JIT::restoreArgumentReference):
        (JSC::JIT::restoreArgumentReferenceForTrampoline):
        Add some apparently-missing __.

2008-12-04  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        https://bugs.webkit.org/show_bug.cgi?id=22673
        
        Added support for the assertion (?=) and inverted assertion (?!) atoms
        in WREC.

        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateParenthesesAssertion):
        (JSC::WREC::Generator::generateParenthesesInvertedAssertion): Split the
        old (unused) generateParentheses into these two functions, with more
        limited capabilities.
        
        * wrec/WRECGenerator.h:
        (JSC::WREC::Generator::): Moved an enum to the top of the class definition,
        to match the WebKit style, and removed a defunct comment.

        * wrec/WRECParser.cpp:
        (JSC::WREC::Parser::parseParentheses):
        (JSC::WREC::Parser::consumeParenthesesType):
        * wrec/WRECParser.h:
        (JSC::WREC::Parser::): Added support for parsing (?=) and (?!).

2008-12-05  Simon Hausmann  <simon.hausmann@nokia.com>

        Rubber-stamped by Tor Arne Vestbø.

        Disable the JIT for the Qt build alltogether again, after observing
        more miscompilations in a wider range of newer gcc versions.

        * JavaScriptCore.pri:

2008-12-05  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Tor Arne Vestbø.

        Disable the JIT for the Qt build on Linux unless gcc is >= 4.2,
        due to miscompilations.

        * JavaScriptCore.pri:

2008-12-04  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Start porting the JIT to use the MacroAssembler.

        https://bugs.webkit.org/show_bug.cgi?id=22671
        No change in performance.

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::Jump::operator X86Assembler::JmpSrc):
        (JSC::MacroAssembler::add32):
        (JSC::MacroAssembler::and32):
        (JSC::MacroAssembler::lshift32):
        (JSC::MacroAssembler::rshift32):
        (JSC::MacroAssembler::storePtr):
        (JSC::MacroAssembler::store32):
        (JSC::MacroAssembler::poke):
        (JSC::MacroAssembler::move):
        (JSC::MacroAssembler::compareImm32ForBranchEquality):
        (JSC::MacroAssembler::jnePtr):
        (JSC::MacroAssembler::jnset32):
        (JSC::MacroAssembler::jset32):
        (JSC::MacroAssembler::jzeroSub32):
        (JSC::MacroAssembler::joverAdd32):
        (JSC::MacroAssembler::call):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::shll_i8r):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompile):
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JIT.h:
        * jit/JITArithmetic.cpp:
        (JSC::JIT::compileBinaryArithOp):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitGetVirtualRegister):
        (JSC::JIT::emitPutCTIArg):
        (JSC::JIT::emitPutCTIArgConstant):
        (JSC::JIT::emitGetCTIArg):
        (JSC::JIT::emitPutCTIArgFromVirtualRegister):
        (JSC::JIT::emitPutCTIParam):
        (JSC::JIT::emitGetCTIParam):
        (JSC::JIT::emitPutToCallFrameHeader):
        (JSC::JIT::emitPutImmediateToCallFrameHeader):
        (JSC::JIT::emitGetFromCallFrameHeader):
        (JSC::JIT::emitPutVirtualRegister):
        (JSC::JIT::emitInitRegister):
        (JSC::JIT::emitNakedCall):
        (JSC::JIT::restoreArgumentReference):
        (JSC::JIT::restoreArgumentReferenceForTrampoline):
        (JSC::JIT::emitCTICall):
        (JSC::JIT::checkStructure):
        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
        (JSC::JIT::emitFastArithDeTagImmediate):
        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
        (JSC::JIT::emitFastArithReTagImmediate):
        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
        (JSC::JIT::emitFastArithImmToInt):
        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
        (JSC::JIT::emitFastArithIntToImmNoCheck):
        (JSC::JIT::emitTagAsBoolImmediate):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):

2008-12-04  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Some refactoring for generateGreedyQuantifier.
        
        SunSpider reports no change (possibly a 0.3% speedup).

        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateGreedyQuantifier): Clarified label
        meanings and unified some logic to simplify things.

        * wrec/WRECParser.h:
        (JSC::WREC::Parser::parseAlternative): Added a version of parseAlternative
        that can jump to a Label, instead of a JumpList, upon failure. (Eventually,
        when we have a true Label class, this will be redundant.) This makes
        things easier for generateGreedyQuantifier, because it can avoid
        explicitly linking things.

2008-12-04  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Holger Freyther.

        Fix crashes in the Qt build on Linux/i386 with non-executable memory
        by enabling TCSystemAlloc and the PROT_EXEC flag for mmap.

        * JavaScriptCore.pri: Enable the use of TCSystemAlloc if the JIT is
        enabled.
        * wtf/TCSystemAlloc.cpp: Extend the PROT_EXEC permissions to
        PLATFORM(QT).

2008-12-04  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Tor Arne Vestbø.

        Enable ENABLE_JIT_OPTIMIZE_CALL, ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS
        and ENABLE_JIT_OPTIMIZE_ARITHMETIC, as suggested by Niko.

        * JavaScriptCore.pri: 

2008-12-04  Kent Hansen  <khansen@trolltech.com>

        Reviewed by Simon Hausmann.

        Enable the JSC jit for the Qt build by default for release builds on
        linux-g++ and win32-msvc.

        * JavaScriptCore.pri:

2008-12-04  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Allow JIT to function without property access repatching and arithmetic optimizations.
        Controlled by ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS and ENABLE_JIT_OPTIMIZE_ARITHMETIC switches.

        https://bugs.webkit.org/show_bug.cgi?id=22643

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        * jit/JITArithmetic.cpp: Copied from jit/JIT.cpp.
        (JSC::JIT::compileBinaryArithOp):
        (JSC::JIT::compileBinaryArithOpSlowCase):
        * jit/JITPropertyAccess.cpp: Copied from jit/JIT.cpp.
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::compilePutByIdHotPath):
        (JSC::JIT::compilePutByIdSlowCase):
        (JSC::resizePropertyStorage):
        (JSC::transitionWillNeedStorageRealloc):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::patchGetByIdSelf):
        (JSC::JIT::patchPutByIdReplace):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        * wtf/Platform.h:

2008-12-03  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Optimized sequences of characters in regular expressions by comparing
        two characters at a time.
        
        1-2% speedup on SunSpider, 19-25% speedup on regexp-dna.

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::load32):
        (JSC::MacroAssembler::jge32): Filled out a few more macro methods.

        * assembler/X86Assembler.h:
        (JSC::X86Assembler::movl_mr): Added a verion of movl_mr that operates
        without an offset, to allow the macro assembler to optmize for that case.
        
        * wrec/WREC.cpp:
        (JSC::WREC::Generator::compileRegExp): Test the saved value of index
        instead of the index register when checking for "end of input." The
        index register doesn't increment by 1 in an orderly fashion, so testing
        it for == "end of input" is not valid.
        
        Also, jump all the way to "return failure" upon reaching "end of input,"
        instead of executing the next alternative. This is more logical, and
        it's a slight optimization in the case of an expression with many alternatives.

        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateIncrementIndex): Added support for
        jumping to a failure label in the case where the index has reached "end
        of input."

        (JSC::WREC::Generator::generatePatternCharacterSequence):
        (JSC::WREC::Generator::generatePatternCharacterPair): This is the
        optmization. It's basically like generatePatternCharacter, but it runs two
        characters at a time.
        
        (JSC::WREC::Generator::generatePatternCharacter): Changed to use isASCII,
        since it's clearer than comparing to a magic hex value.
        
        * wrec/WRECGenerator.h:

2008-12-03  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Allow JIT to operate without the call-repatching optimization.
        Controlled by ENABLE(JIT_OPTIMIZE_CALL), defaults on, disabling
        this leads to significant performance regression.

        https://bugs.webkit.org/show_bug.cgi?id=22639

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        * jit/JITCall.cpp: Copied from jit/JIT.cpp.
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCallSetupArgs):
        (JSC::JIT::compileOpCallEvalSetupArgs):
        (JSC::JIT::compileOpConstructSetupArgs):
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        (JSC::unreachable):
        * jit/JITInlineMethods.h: Copied from jit/JIT.cpp.
        (JSC::JIT::checkStructure):
        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
        (JSC::JIT::emitTagAsBoolImmediate):
        * wtf/Platform.h:

2008-12-03  Eric Seidel  <eric@webkit.org>

        Rubber-stamped by David Hyatt.

        Make HAVE_ACCESSIBILITY only define if !defined

        * wtf/Platform.h:

2008-12-03  Sam Weinig  <sam@webkit.org>

        Fix build.

        * assembler/X86Assembler.h:
        (JSC::X86Assembler::orl_i32r):

2008-12-03  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Remove shared AssemblerBuffer 1MB buffer and instead give AssemblerBuffer
        an 256 byte inline capacity.

        1% progression on Sunspider.

        * assembler/AssemblerBuffer.h:
        (JSC::AssemblerBuffer::AssemblerBuffer):
        (JSC::AssemblerBuffer::~AssemblerBuffer):
        (JSC::AssemblerBuffer::grow):
        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::MacroAssembler):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::X86Assembler):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::Interpreter):
        * interpreter/Interpreter.h:
        * jit/JIT.cpp:
        (JSC::JIT::JIT):
        * parser/Nodes.cpp:
        (JSC::RegExpNode::emitBytecode):
        * runtime/RegExp.cpp:
        (JSC::RegExp::RegExp):
        (JSC::RegExp::create):
        * runtime/RegExp.h:
        * runtime/RegExpConstructor.cpp:
        (JSC::constructRegExp):
        * runtime/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncCompile):
        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):
        * wrec/WREC.cpp:
        (JSC::WREC::Generator::compileRegExp):
        * wrec/WRECGenerator.h:
        (JSC::WREC::Generator::Generator):
        * wrec/WRECParser.h:
        (JSC::WREC::Parser::Parser):

2008-12-03  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt, with help from Gavin Barraclough.
        
        orl_i32r was actually coded as an 8bit OR. So, I renamed orl_i32r to
        orl_i8r, changed all orl_i32r clients to use orl_i8r, and then added
        a new orl_i32r that actually does a 32bit OR.
        
        (32bit OR is currently unused, but a patch I'm working on uses it.)

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::or32): Updated to choose between 8bit and 32bit OR.

        * assembler/X86Assembler.h:
        (JSC::X86Assembler::orl_i8r): The old orl_i32r.
        (JSC::X86Assembler::orl_i32r): The new orl_i32r.
        
        * jit/JIT.cpp:
        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
        (JSC::JIT::emitTagAsBoolImmediate): Use orl_i8r, since we're ORing 8bit
        values.

2008-12-03  Dean Jackson  <dino@apple.com>

        Reviewed by Dan Bernstein.

        Helper functions for turn -> degrees.
        https://bugs.webkit.org/show_bug.cgi?id=22497

        * wtf/MathExtras.h:
        (turn2deg):
        (deg2turn):

2008-12-02  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Geoff Garen.

        Bug 22504: Crashes during code generation occur due to refing of ignoredResult()
        <https://bugs.webkit.org/show_bug.cgi?id=22504>

        Since ignoredResult() was implemented by casting 1 to a RegisterID*, any
        attempt to ref ignoredResult() results in a crash. This will occur in
        code generation of a function body where a node emits another node with
        the dst that was passed to it, and then refs the returned RegisterID*.

        To fix this problem, make ignoredResult() a member function of
        BytecodeGenerator that simply returns a pointe to a fixed RegisterID
        member of BytecodeGenerator.

        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::ignoredResult):
        * bytecompiler/RegisterID.h:
        * parser/Nodes.cpp:
        (JSC::NullNode::emitBytecode):
        (JSC::BooleanNode::emitBytecode):
        (JSC::NumberNode::emitBytecode):
        (JSC::StringNode::emitBytecode):
        (JSC::RegExpNode::emitBytecode):
        (JSC::ThisNode::emitBytecode):
        (JSC::ResolveNode::emitBytecode):
        (JSC::ObjectLiteralNode::emitBytecode):
        (JSC::PostfixResolveNode::emitBytecode):
        (JSC::PostfixBracketNode::emitBytecode):
        (JSC::PostfixDotNode::emitBytecode):
        (JSC::DeleteValueNode::emitBytecode):
        (JSC::VoidNode::emitBytecode):
        (JSC::TypeOfResolveNode::emitBytecode):
        (JSC::TypeOfValueNode::emitBytecode):
        (JSC::PrefixResolveNode::emitBytecode):
        (JSC::AssignResolveNode::emitBytecode):
        (JSC::CommaNode::emitBytecode):
        (JSC::ForNode::emitBytecode):
        (JSC::ForInNode::emitBytecode):
        (JSC::ReturnNode::emitBytecode):
        (JSC::ThrowNode::emitBytecode):
        (JSC::FunctionBodyNode::emitBytecode):
        (JSC::FuncDeclNode::emitBytecode):

2008-12-02  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=22537
        REGRESSION (r38745): Assertion failure in jsSubstring() at ge.com

        The bug was that index would become greater than length, so our
        "end of input" checks, which all check "index == length", would fail.
        
        The solution is to check for end of input before incrementing index,
        to ensure that index is always <= length.
        
        As a side benefit, generateJumpIfEndOfInput can now use je instead of
        jg, which should be slightly faster.

        * wrec/WREC.cpp:
        (JSC::WREC::Generator::compileRegExp):
        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generateJumpIfEndOfInput):

2008-12-02  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoffrey Garen.

        Plant shift right immediate instructions, which are awesome.
        https://bugs.webkit.org/show_bug.cgi?id=22610
        ~5% on the v8-crypto test.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):

2008-12-02  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Cleaned up SegmentedVector by abstracting segment access into helper
        functions.
        
        SunSpider reports no change.

        * bytecompiler/SegmentedVector.h:
        (JSC::SegmentedVector::SegmentedVector):
        (JSC::SegmentedVector::~SegmentedVector):
        (JSC::SegmentedVector::size):
        (JSC::SegmentedVector::at):
        (JSC::SegmentedVector::operator[]):
        (JSC::SegmentedVector::last):
        (JSC::SegmentedVector::append):
        (JSC::SegmentedVector::removeLast):
        (JSC::SegmentedVector::grow):
        (JSC::SegmentedVector::clear):
        (JSC::SegmentedVector::deleteAllSegments):
        (JSC::SegmentedVector::segmentFor):
        (JSC::SegmentedVector::subscriptFor):
        (JSC::SegmentedVector::ensureSegmentsFor):
        (JSC::SegmentedVector::ensureSegment):

2008-12-02  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Geoffrey Garen. (Patch by Cameron Zwarich <zwarich@apple.com>.)
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=22482
        REGRESSION (r37991): Occasionally see "Scene rendered incorrectly"
        message when running the V8 Raytrace benchmark
        
        Rolled out r37991. It didn't properly save xmm0, which is caller-save,
        before calling helper functions.
        
        SunSpider and v8 benchmarks show little change -- possibly a .2%
        SunSpider regression, possibly a .2% v8 benchmark speedup.

        * assembler/X86Assembler.h:
        (JSC::X86Assembler::):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * bytecode/Instruction.h:
        (JSC::Instruction::):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitUnaryOp):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::emitToJSNumber):
        (JSC::BytecodeGenerator::emitTypeOf):
        (JSC::BytecodeGenerator::emitGetPropertyNames):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        * interpreter/Interpreter.h:
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        * parser/Nodes.cpp:
        (JSC::UnaryOpNode::emitBytecode):
        (JSC::BinaryOpNode::emitBytecode):
        (JSC::EqualNode::emitBytecode):
        * parser/ResultType.h:
        (JSC::ResultType::isReusable):
        (JSC::ResultType::mightBeNumber):
        * runtime/JSNumberCell.h:

2008-12-01  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoffrey Garen.

        Remove unused (sampling only, and derivable) argument to JIT::emitCTICall.
        https://bugs.webkit.org/show_bug.cgi?id=22587

        * jit/JIT.cpp:
        (JSC::JIT::emitCTICall):
        (JSC::JIT::compileOpCall):
        (JSC::JIT::emitSlowScriptCheck):
        (JSC::JIT::compileBinaryArithOpSlowCase):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        * jit/JIT.h:

2008-12-02  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Eric Seidel.
        
        Fix the inheritance chain for JSFunction.

        * runtime/JSFunction.cpp:
        (JSC::JSFunction::info): Add InternalFunction::info as parent class

2008-12-02  Simon Hausmann  <hausmann@webkit.org>

        Reviewed by Tor Arne Vestbø.

        Fix ability to include JavaScriptCore.pri from other .pro files.

        * JavaScriptCore.pri: Moved -O3 setting into the .pro files.
        * JavaScriptCore.pro:
        * jsc.pro:

2008-12-01  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich, with help from Gavin Barraclough.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=22583.

        Refactored regular expression parsing to parse sequences of characters
        as a single unit, in preparation for optimizing sequences of characters.
        
        SunSpider reports no change.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wrec/Escapes.h: Added. Set of classes for representing an escaped
        token in a pattern.

        * wrec/Quantifier.h:
        (JSC::WREC::Quantifier::Quantifier): Simplified this constructor slightly,
        to match the new Escape constructor.

        * wrec/WRECGenerator.cpp:
        (JSC::WREC::Generator::generatePatternCharacterSequence):
        * wrec/WRECGenerator.h: Added an interface for generating a sequence
        of pattern characters at a time. It doesn't do anything special yet.

        * wrec/WRECParser.cpp:
        (JSC::WREC::Parser::consumeGreedyQuantifier):
        (JSC::WREC::Parser::consumeQuantifier): Renamed "parse" to "consume" in
        these functions, to match "consumeEscape."

        (JSC::WREC::Parser::parsePatternCharacterSequence): New function for
        iteratively aggregating a sequence of characters in a pattern.

        (JSC::WREC::Parser::parseCharacterClassQuantifier):
        (JSC::WREC::Parser::parseBackreferenceQuantifier): Renamed "parse" to
        "consume" in these functions, to match "consumeEscape."

        (JSC::WREC::Parser::parseCharacterClass): Refactored to use the common
        escape processing code in consumeEscape.

        (JSC::WREC::Parser::parseEscape): Refactored to use the common
        escape processing code in consumeEscape.

        (JSC::WREC::Parser::consumeEscape): Factored escaped token processing
        into a common function, since we were doing this in a few places.

        (JSC::WREC::Parser::parseTerm): Refactored to use the common
        escape processing code in consumeEscape.

        * wrec/WRECParser.h:
        (JSC::WREC::Parser::consumeOctal): Refactored to use a helper function
        for reading a digit.

2008-12-01  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 20340: SegmentedVector segment allocations can lead to unsafe use of temporary registers
        <https://bugs.webkit.org/show_bug.cgi?id=20340>

        SegmentedVector currently frees segments and reallocates them when used
        as a stack. This can lead to unsafe use of pointers into freed segments.

        In order to fix this problem, SegmentedVector will be changed to only
        grow and never shrink. Also, rename the reserveCapacity() member
        function to grow() to match the actual usage in BytecodeGenerator, where
        this function is used to allocate a group of registers at once, rather
        than merely saving space for them.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator): Use grow() instead of