[WebKit-https.git] / JavaScriptCore / ChangeLog

2008-05-23  Oliver Hunt  <oliver@apple.com>

       <rdar://problem/5951561> Turn on JavaScript Profiler

        Reviewed by Kevin McCullough.

        Flipped the switch on the profiler, rearranged how we
        signal the the profiler is active so that calls aren't
        needed in the general case.
        
        Also fixed the entry point for Machine::execute(FunctionBodyNode..)
        to correctly indicate function exit.

        Results in a 0.7-1.0% regression in SunSpider :-(

        * VM/Machine.cpp:
        (KJS::callEval):
        (KJS::Machine::unwindCallFrame):
        (KJS::Machine::execute):
        (KJS::Machine::privateExecute):
        * kjs/config.h:
        * profiler/Profiler.cpp:
        (KJS::Profiler::profiler):
        (KJS::Profiler::startProfiling):
        (KJS::Profiler::stopProfiling):
        * profiler/Profiler.h:
        (KJS::Profiler::enabledProfilerReference):

2008-05-23  Simon Hausmann  <hausmann@webkit.org>

        Fix the Qt build by adding profiler/ to the include search path.

        * JavaScriptCore.pri:

2008-05-22  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Adam.

        Fix a bug in the profiler where time in the current function is given to
        (idle).

        * profiler/Profile.cpp:
        (KJS::Profile::didExecute): Set the start time and then call didExecute
        to calculate the time spent in this function.
        * profiler/ProfileNode.cpp: Remove confusing calculations that are no
        longer necessary.
        (KJS::ProfileNode::insertNode):
        * profiler/ProfileNode.h: Expose access to the start time to allow the
        simpler time calculations above.
        (KJS::ProfileNode::startTime):
        (KJS::ProfileNode::setStartTime):

2008-05-22  Adam Roben  <aroben@apple.com>

        Show "(Function object)" instead of "(JSInpectorCallbackWrapper
        object)" in profiles

        Reviewed by Kevin McCullough.

        * profiler/Profiler.cpp:
        (KJS::createCallIdentifier): Use JSObject::className instead of
        getting the class name from the ClassInfo directly. JSObject
        subclasses can override className to provide a custom class name, and
        it seems like we should honor that.

2008-05-22  Timothy Hatcher  <timothy@apple.com>

        Added Profile::restoreAll and added ProfileNode::restoreAll
        to the export file.

        Reviewed by Adam Roben.

        * JavaScriptCore.exp:
        * profiler/Profile.h:

2008-05-22  Alp Toker  <alp@nuanti.com>

        GTK+ build fix. Add JavaScriptCore/profiler to include path.

        * GNUmakefile.am:

2008-05-22  Adam Roben  <aroben@apple.com>

        Implement sub-millisecond profiling on Windows

        Reviewed by Kevin McCullough.

        * profiler/ProfileNode.cpp:
        (KJS::getCount): Added. On Windows, we use QueryPerformanceCounter. On
        other platforms, we use getCurrentUTCTimeWithMicroseconds.
        (KJS::ProfileNode::endAndRecordCall): Use getCount instead of
        getCurrentUTCTimeWithMicroseconds.
        (KJS::ProfileNode::startTimer): Ditto.

2008-05-22  Adam Roben  <aroben@apple.com>

        Fix a profiler assertion when calling a NodeList as a function

        Reviewed by Kevin McCullough.

        * profiler/Profiler.cpp:
        (KJS::createCallIdentifier): Don't assert when a non-function object
        is called as a function. Instead, build up a CallIdentifier using the
        object's class name.

2008-05-22  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Darin.

        <rdar://problem/5951529> JSProfiler: Allow the profiler to "Exclude" a
        profile node.
        -Implement 'exclude'; where the excluded node attributes its time to its
        parent's self time.

        * JavaScriptCore.exp: Export the exclude function.
        * profiler/Profile.h: 
        (KJS::Profile::exclude):
        * profiler/ProfileNode.cpp: 
        (KJS::ProfileNode::setTreeVisible): New function that allows a change in
        visiblitiy to be propogated to all the children of a node.
        (KJS::ProfileNode::exclude): If the node matches the callIdentifier then
        set the visiblity of this node and all of its children to false and
        attribute it's total time to it's caller's self time.
        * profiler/ProfileNode.h:

2008-05-22  Mark Rowe  <mrowe@apple.com>

        Reviewed by Oliver Hunt.

        Fix access to static global variables in Windows release builds.

        * kjs/JSGlobalObject.h: Don't store a reference to an Identifier
        in GlobalPropertyInfo as the Identifier is likely to be a temporary
        and therefore may be destroyed before the GlobalPropertyInfo.

2008-05-22  Kevin McCullough  <kmccullough@apple.com>

        Build fix.

        * VM/Machine.cpp:
        (KJS::callEval):

2008-05-22  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Sam.

        <rdar://problem/5951561> Turn on JavaScript Profiler
        Get basic JS profiling working.
        Even with this patch the profiler will not be compiled in because we do
        not know the extend, if any, of the performance regression it would cause
        when it is not in use. However with these changes, if the profiler were
        on, it would not crash and show good profiling data.

        * VM/Machine.cpp: Instrument the calls sites that are needed for profiling.
        (KJS::callEval):
        (KJS::Machine::unwindCallFrame):
        (KJS::Machine::execute):
        (KJS::Machine::privateExecute):
        * kjs/function.cpp: Ditto.
        (KJS::globalFuncEval):
        * kjs/interpreter.cpp: Ditto.
        (KJS::Interpreter::evaluate):
        * profiler/Profile.cpp: 
        (KJS::Profile::willExecute):
        (KJS::Profile::didExecute): Because we do not get a good context when
        startProfiling is called it is possible that m_currentNode will be at the
        top of the known stack when a didExecute() is called.  What we then do is
        create a new node that represents the function being exited and insert
        it between the head and the currently known children, since they should
        be children of this new node.
        * profiler/ProfileNode.cpp:
        (KJS::ProfileNode::ProfileNode):
        (KJS::ProfileNode::willExecute): Rename the add function for consistency.
        (KJS::ProfileNode::addChild): Appends the child to this node but also
        sets the parent pointer of the children to this node.
        (KJS::ProfileNode::insertNode): Insert a node between this node and its
        children.  Also set the time for the new node since it is now exiting
        and we don't really know when it started.
        (KJS::ProfileNode::stopProfiling):
        (KJS::ProfileNode::startTimer):
        * profiler/ProfileNode.h:
        (KJS::CallIdentifier::toString): Added for debugging.
        (KJS::ProfileNode::setParent):
        (KJS::ProfileNode::setSelfTime): Fixed an old bug where we set the
        visibleTotalTime not the visibleSelfTime.
        (KJS::ProfileNode::children):
        (KJS::ProfileNode::toString): Added for debugging.
        * profiler/Profiler.cpp: remove unecessary calls.
        (KJS::Profiler::startProfiling):

2008-05-22  Sam Weinig  <sam@webkit.org>

        Reviewed by Oliver Hunt.

        Rename register arguments for op_call, op_call_eval, op_end, and op_construct 
        to document what they are for.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitCall):
        (KJS::CodeGenerator::emitCallEval):
        (KJS::CodeGenerator::emitEnd):
        (KJS::CodeGenerator::emitConstruct):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-05-22  Oliver Hunt  <oliver@apple.com>

        Reviewed by Darin.

        Bug 19116: SquirrelFish shouldn't regress on variable lookups
        <https://bugs.webkit.org/show_bug.cgi?id=19116>

        Last of the multiscope look up optimisations.  This is a wash overall on SunSpider
        but is a factor of 5-10 improvement in multiscope read/write/modify (eg. ++, --, +=,
        ... applied to any non-local var).

        * kjs/nodes.cpp:
        (KJS::PostIncResolveNode::emitCode):
        (KJS::PostDecResolveNode::emitCode):
        (KJS::PreIncResolveNode::emitCode):
        (KJS::PreDecResolveNode::emitCode):
        (KJS::ReadModifyResolveNode::emitCode):

2008-05-22  David Kilzer  <ddkilzer@apple.com>

        <rdar://problem/5954233> Add method to release free memory from FastMalloc

        Patch suggested by Mark Rowe.  Rubber-stamped by Maciej.

        * JavaScriptCore.exp: Export _releaseFastMallocFreeMemory.
        * wtf/FastMalloc.cpp:
        (WTF::TCMallocStats::): Added releaseFastMallocFreeMemory() for both
        system malloc and FastMalloc code paths.
        * wtf/FastMalloc.h: Define releaseFastMallocFreeMemory().

2008-05-22  Oliver Hunt  <oliver@apple.com>

        RS=Maciej.

        Roll out r34020 as it causes recursion tests to fail.

        * kjs/object.cpp:
        (KJS::JSObject::call):

2008-05-22  Oliver Hunt  <oliver@apple.com>

        Reviewed by Mark.

        Don't leak the SymbolTable when compiling eval code.

        * kjs/nodes.cpp:
        (KJS::EvalNode::generateCode):

2008-05-22  Simon Hausmann  <hausmann@webkit.org>

        Reviewed by Oliver.

        Qt build fix.

        * JavaScriptCore.pri: Added DebuggerCallFrame to the build.
        * VM/LabelID.h: Include limits.h for UINT_MAX.
        * wtf/VectorTraits.h: Include memory for std::auto_ptr.

2008-05-22  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Adam Roben.
        
        Removed the old recursion guard mechanism, since squirrelfish has its
        own mechanism. Also removed some old JS call tracing code, since we
        have other ways to do that, too.
        
        SunSpider reports no change.

        * kjs/object.cpp:
        (KJS::JSObject::call):

2008-05-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fixed <rdar://problem/5954979> crash on celtic kane JS benchmark

        * kjs/nodes.cpp:
        (KJS::WithNode::emitCode):
        (KJS::TryNode::emitCode):

2008-05-21  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Maciej and Geoff.

        <rdar://problem/5951561> Turn on JavaScript Profiler
        -As part of the effort to turn on the profiler it would be helpful if it
        did not need ExecStates to represent the stack location of the currently
        executing statement.
        -We now create each node as necessary with a reference to the current
        node and each node knows its parent so that the tree can be made without
        the entire stack.

        * profiler/Profile.cpp:
        (KJS::Profile::Profile): The current node starts at the head.
        (KJS::Profile::stopProfiling): The current node is cleared when profiling
        stops.
        (KJS::Profile::willExecute): The current node either adds a new child or
        starts and returns a reference to an already existing child if the call
        ID that is requested already exists.
        (KJS::Profile::didExecute): The current node finishes and returns its
        parent.
        * profiler/Profile.h: Use a single callIdentifier instead of a vector
        since we no longer use the whole stack.
        * profiler/ProfileNode.cpp: Now profile nodes keep a reference to their
        parent.
        (KJS::ProfileNode::ProfileNode): Initialize the parent.
        (KJS::ProfileNode::didExecute): Record the time and return the parent.
        (KJS::ProfileNode::addOrStartChild): If the given callIdentifier is
        already a child, start it and return it, otherwise create a new one and
        return that.
        (KJS::ProfileNode::stopProfiling): Same logic, just use the new function.
        * profiler/ProfileNode.h: Utilize the parent.
        (KJS::ProfileNode::create):
        (KJS::ProfileNode::parent):
        * profiler/Profiler.cpp: 
        (KJS::Profiler::startProfiling): Here is the only place where the
        ExecState is used to figure out where in the stack the profiler is
        currently profiling.
        (KJS::dispatchFunctionToProfiles): Only send one CallIdentifier instead
        of a vector of them.
        (KJS::Profiler::willExecute): Ditto.
        (KJS::Profiler::didExecute): Ditto.
        (KJS::createCallIdentifier): Create only one CallIdentifier.
        (KJS::createCallIdentifierFromFunctionImp): Ditto.
        * profiler/Profiler.h:

2008-05-21  Darin Adler  <darin@apple.com>

        Reviewed by Maciej.

        - https://bugs.webkit.org/show_bug.cgi?id=19180
          speed up the < operator for the case when both values are integers

        Makes standalone SunSpider 1.022x faster.

        * VM/Machine.cpp:
        (KJS::jsLess): Add a special case for when both are numbers that fit in a JSImmediate.

2008-05-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver and Sam.
        
        - fixed <rdar://problem/5815631> REGRESSION (r31239): Multiscope optimisation of function calls results in incorrect this value (breaks tvtv.de)
        
        Track global this value in the scope chain so we can retrieve it
        efficiently but it follows lexical scope properly.

        * kjs/ExecState.h:
        (KJS::ExecState::globalThisValue):
        * kjs/JSGlobalObject.h:
        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        * kjs/function_object.cpp:
        (KJS::FunctionObjectImp::construct):
        * kjs/scope_chain.h:
        (KJS::ScopeChainNode::ScopeChainNode):
        (KJS::ScopeChainNode::globalThisObject):
        (KJS::ScopeChainNode::push):
        (KJS::ScopeChain::ScopeChain):

2008-05-21  Kevin McCullough  <kmccullough@apple.com>

        Sadness :(

        * kjs/config.h:

2008-05-21  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5950867> JSProfiler: Allow the profiler to "Focus" a
        profile node.
        - This patch updatest the times of the visible nodes correctly, but to do
        so, some of the design of the ProfileNode changed.

        * JavaScriptCore.exp: export focus' symbol.
        * profiler/Profile.cpp: ProfileNodes now take a reference to the head of
        the profile tree to get up-to-date accurate total profile time.
        (KJS::Profile::Profile): Pass 0 for the head node.
        (KJS::Profile::stopProfiling): stopProfiling no longer needs the time
        passed into it, since it can get it from the head and it does not need to
        be told it is the head because it can figure it out on it's own.
        (KJS::Profile::willExecute): Set the head node for each created node.
        * profiler/Profile.h:
        (KJS::Profile::focus): Instead of taking a CallIdentifier that the caller
        would have to create, now focus() takes a ProfileNode that they should
        already have a reference to and focus() can extract the CallIdentifier
        from it.
        * profiler/ProfileNode.cpp: Create actual and visible versions fo the
        total and self times for focus and exclude.  Also add a head node
        reference so that nodes can get information from their head.
        (KJS::ProfileNode::ProfileNode):
        (KJS::ProfileNode::stopProfiling): Rename the total and self time
        variables and set the visual ones to the actual ones, so that without any
        changes to the visual versions of these variables, their times will match
        the actual times.
        (KJS::ProfileNode::focus): Now focus() has a bool to force it's children
        to be visible if this node is visible.  If this node does not match the
        CallIdentifier being focused then the visibleTotalTime is only updated if
        one or more of it's children is the CallIdentifier being focused. 
        (KJS::ProfileNode::restoreAll): Restores all variables with respect to
        the visible data in the ProfileNode.
        (KJS::ProfileNode::endAndRecordCall): Name change.
        (KJS::ProfileNode::debugPrintData): Dump the new variables.
        (KJS::ProfileNode::debugPrintDataSampleStyle): Name change.
        * profiler/ProfileNode.h: Use the new variables and reference to the head
        node.
        (KJS::ProfileNode::create):
        (KJS::ProfileNode::totalTime):
        (KJS::ProfileNode::setTotalTime):
        (KJS::ProfileNode::selfTime):
        (KJS::ProfileNode::setSelfTime):
        (KJS::ProfileNode::totalPercent):
        (KJS::ProfileNode::selfPercent):
        (KJS::ProfileNode::setVisible):

2008-05-21  Alp Toker  <alp@nuanti.com>

        GTK+/UNIX testkjs build fix. Include signal.h.

        * kjs/testkjs.cpp:

2008-05-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Yet more windows build fixes

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:

2008-05-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Yet more windows build fixes

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:

2008-05-21  Alp Toker  <alp@nuanti.com>

        GTK+ build fix. Add DebuggerCallFrame.cpp and take AllInOneFile.cpp
        changes into account.

        * GNUmakefile.am:

2008-05-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Add DebuggerCallFrame.{h,cpp} to the project file

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:

2008-05-21  Alp Toker  <alp@nuanti.com>

        GTK+ port build fixes following squirrelfish merge r33979.

        * GNUmakefile.am:

2008-05-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - save a hash lookup wne writing to global properties
        0.3% speedup on SunSpider, 7% on bitops-bitwise-and

        * VM/Machine.cpp:
        (KJS::resolveBase): Check for being a the end of the scope chain
        before hash lookup.

2008-05-21  Alp Toker  <alp@nuanti.com>

        Rubber-stamped by Maciej.

        Replace non-standard #pragma marks with comments to avoid compiler
        warnings.

        * profiler/ProfileNode.cpp:

2008-05-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Mark Rowe.

        Fix layout test failure in fast/dom/getter-on-window-object2 introduced in r33961.

        * JavaScriptCore.exp:
        * kjs/JSGlobalObject.cpp:
        (KJS::JSGlobalObject::defineGetter):
        (KJS::JSGlobalObject::defineSetter):
        * kjs/JSGlobalObject.h:

=== End merge of squirrelfish ===

2008-05-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Tim Hatcher.
        
        Merged with trunk WebCore's new debugger.

        * kjs/DebuggerCallFrame.cpp:
        (KJS::DebuggerCallFrame::evaluate): Changed this function to separate
        the exception value from the return value. The WebKit debugger treats
        them as one, but the WebCore debugger doesn't.

        * kjs/DebuggerCallFrame.h:
        (KJS::DebuggerCallFrame::dynamicGlobalObject): Added a new accessor for
        the dynamic global object, since the debugger doesn't want the lexical
        global object.

2008-05-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 19116: SquirrelFish shouldn't regress on variable lookups
        <https://bugs.webkit.org/show_bug.cgi?id=19116>

        Optimise cross scope assignment, 0.4% progression in sunspider.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitPutScopedVar):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::AssignResolveNode::emitCode):

2008-05-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - check property map before symbol table in JSGlobalObject::getOwnPropertySlot
        0.5% speedup on SunSpider

        * kjs/JSGlobalObject.h:
        (KJS::JSGlobalObject::getOwnPropertySlot): Check property map before symbol table
        because symbol table access is likely to have been optimized.

2008-05-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 19116: SquirrelFish shouldn't regress on variable lookups
        <https://bugs.webkit.org/show_bug.cgi?id=19116>

        Optimise multiscope lookup of statically resolvable function calls.
        SunSpider reports a 1.5% improvement, including 37% on 
        controlflow-recursive for some reason :D

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitResolve):
        * VM/CodeGenerator.h:
        * kjs/nodes.cpp:
        (KJS::FunctionCallResolveNode::emitCode):

2008-05-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - give JSGlobalObject a special version of getOwnPropertySlot that tells you if the slot is directly writable
        (WebCore change using this is a 2.6% speedup on in-browser SunSpider).

        * JavaScriptCore.exp:
        * kjs/JSGlobalObject.h:
        (KJS::JSGlobalObject::getOwnPropertySlot):
        * kjs/JSVariableObject.h:
        (KJS::JSVariableObject::symbolTableGet):
        * kjs/object.h:
        (KJS::JSObject::getDirectLocation):
        (KJS::JSObject::getOwnPropertySlotForWrite):
        * kjs/property_map.cpp:
        (KJS::PropertyMap::getLocation):
        * kjs/property_map.h:
        * kjs/property_slot.h:
        (KJS::PropertySlot::putValue):

2008-05-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 19116: SquirrelFish shouldn't regress on variable lookups
        <https://bugs.webkit.org/show_bug.cgi?id=19116>

        This restores multiscope optimisation to simple resolve, producing
        a 2.6% progression in SunSpider.  Have verified that none of the
        sites broken by the multiscope optimisation in trunk were effected
        by this change.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeBlock.h:
        (KJS::CodeBlock::CodeBlock):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::findScopedProperty):
        (KJS::CodeGenerator::emitResolve):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::resolve_n):
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/JSVariableObject.h:

2008-05-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY (Build fix).

        Fixerate the windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * VM/CodeGenerator.cpp:
        * VM/RegisterFile.h:
        * kjs/JSGlobalObject.h:
        * kjs/Parser.cpp:
        * kjs/interpreter.h:

2008-05-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 19110: SquirrelFish: Google Maps - no maps
        <https://bugs.webkit.org/show_bug.cgi?id=19110>

        Correct a comedy of errors present in my original patch to "fix"
        exceptions occurring midway through pre and post increment. This
        solution is cleaner than the original, doesn't need the additional
        opcodes, and as an added benefit does not break Google Maps.

        Sunspider reports a 0.4% progression.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::PreIncResolveNode::emitCode):
        (KJS::PreDecResolveNode::emitCode):
        (KJS::PreIncBracketNode::emitCode):
        (KJS::PreDecBracketNode::emitCode):
        (KJS::PreIncDotNode::emitCode):
        (KJS::PreDecDotNode::emitCode):

2008-05-20  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - inline JSGlobalObject::getOwnPropertySlot
        1% improvement on in-browser SunSpider (a wash command-line)

        * kjs/JSGlobalObject.cpp:
        * kjs/JSGlobalObject.h:
        (KJS::JSGlobalObject::getOwnPropertySlot):

2008-05-18  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
        <https://bugs.webkit.org/show_bug.cgi?id=18752>

        Handle exceptions thrown by toString conversion in subscript operators,
        this should basically complete exception handling in SquirrelFish.

        Sunspider reports no regression.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-05-17  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        [Reapplying patch with previously missing files from r33553 -- Oliver]

        Behold: debugging.
        
        SunSpider reports no change.

        * JavaScriptCore.xcodeproj/project.pbxproj: Added DebuggerCallFrame.h/.cpp,
        and created a debugger folder.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::generate): If the debugger is attached, always
        generate full scope chains for its sake.

        * VM/Machine.cpp:
        (KJS::Machine::unwindCallFrame): Notify the debugger when unwinding
        due to an exception, so it doesn't keep stale call frames around.

        (KJS::Machine::execute): Set Callee to 0 in eval frames, so the
        debugger can distinguish them from function call frames.

        (KJS::Machine::debug): Simplified this function, since the debugger
        doesn't actually need all the information we used to provide.

        (KJS::Machine::privateExecute): Treat debugging hooks like other function
        calls, so the code we hook into (the debugger UI) can be optimized.

        * kjs/debugger.cpp: Nixed these default callback implementations and
        made the callbacks pure virtual instead, so the compiler could tell me
        if I made a mistake in one of the subclasses.

        * kjs/debugger.h: Removed a bunch of irrelevent data from the debugger
        callbacks. Changed from passing an ExecState* to passing a
        DebuggerCallFrame*, since an ExecState* doesn't contain sufficient
        information anymore.

        * kjs/function.cpp:
        (KJS::globalFuncEval): Easiest bug fix evar!

        [Previously missing files from r33553]
        * kjs/DebuggerCallFrame.cpp: Copied from JavaScriptCore/profiler/FunctionCallProfile.h.
        (KJS::DebuggerCallFrame::functionName):
        (KJS::DebuggerCallFrame::thisObject):
        (KJS::DebuggerCallFrame::evaluateScript):
        * kjs/DebuggerCallFrame.h: Copied from JavaScriptCore/VM/Register.h.
        (KJS::DebuggerCallFrame::DebuggerCallFrame):
        (KJS::DebuggerCallFrame::scopeChain):
        (KJS::DebuggerCallFrame::exception):

2008-05-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Bug 18991: SquirrelFish: Major codegen issue in a.b=expr, a[b]=expr
        <https://bugs.webkit.org/show_bug.cgi?id=18991>

        Fix the last remaining blocking cases of this bug.

        * kjs/grammar.y:
        * kjs/nodes.cpp:
        (KJS::ReadModifyResolveNode::emitCode):

2008-05-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Partial fix for:

        Bug 18991: SquirrelFish: Major codegen issue in a.b=expr, a[b]=expr
        <https://bugs.webkit.org/show_bug.cgi?id=18991>

        Ensure that the code generated for assignments uses temporaries whenever
        necessary. This patch covers the vast majority of situations, but there
        are still a few left.

        This patch also adds some missing cases to CodeBlock::dump().

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.h:
        (KJS::CodeGenerator::destinationForAssignResult):
        (KJS::CodeGenerator::leftHandSideNeedsCopy):
        (KJS::CodeGenerator::emitNodeForLeftHandSide):
        * kjs/NodeInfo.h:
        * kjs/grammar.y:
        * kjs/nodes.cpp:
        (KJS::AssignDotNode::emitCode):
        (KJS::ReadModifyDotNode::emitCode):
        (KJS::AssignBracketNode::emitCode):
        (KJS::ReadModifyBracketNode::emitCode):
        (KJS::ForInNode::ForInNode):
        * kjs/nodes.h:
        (KJS::ReadModifyResolveNode::):
        (KJS::AssignResolveNode::):
        (KJS::ReadModifyBracketNode::):
        (KJS::AssignBracketNode::):
        (KJS::AssignDotNode::):
        (KJS::ReadModifyDotNode::):

2008-05-17  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 19106: SquirrelFish: Activation is not marked correctly
        <https://bugs.webkit.org/show_bug.cgi?id=19106>

        We can't rely on the symbol table for a count of the number of globals
        we need to mark as that misses duplicate parameters and 'this'.  Now we
        use the actual local register count from the codeBlock.

        * kjs/JSActivation.cpp:
        (KJS::JSActivation::mark):

2008-05-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 19076: SquirrelFish: RegisterFile can be corrupted if implictly reenter global scope with no declared vars
        <https://bugs.webkit.org/show_bug.cgi?id=19076>

        Don't delay allocation of initial global RegisterFile, as we can't guarantee we will be able
        to allocate the global 'this' register safely at any point after initialisation of the Global
        Object.

        Unfortunately this initial allocation caused a regression of 0.2-0.3%, however this patch adds
        support for the static slot optimisation for the global Math object which brings it to a 0.3%
        progression.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::programCodeThis):
        (KJS::CodeGenerator::CodeGenerator):
        (KJS::CodeGenerator::addParameter):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * kjs/ExecState.h:
        * kjs/JSGlobalObject.cpp:
        (KJS::JSGlobalObject::reset):
        * kjs/JSGlobalObject.h:
        (KJS::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
        (KJS::JSGlobalObject::addStaticGlobals):
        * kjs/nodes.cpp:

2008-05-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt.

        Bug 19098: SquirrelFish: Ref'd temporaries can be clobbered
        <https://bugs.webkit.org/show_bug.cgi?id=19098>

        When doing code generation for a statement list, increase the reference
        count on a register that might eventually be returned, so that it doesn't
        get clobbered by a request for a new temporary.

        * kjs/nodes.cpp:
        (KJS::statementListEmitCode):

2008-05-16  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fixed Bug 19044: SquirrelFish: Bogus values enter evaluation when closing over scope with parameter and var with same name
        https://bugs.webkit.org/show_bug.cgi?id=19044

        * kjs/JSActivation.cpp:
        (KJS::JSActivation::copyRegisters): Use numLocals from the code
        block rather than the size of the symbol table for the number of
        registers to copy, to account for duplicate parameters and vars
        with the same name as parameters (we still have potentially
        suboptimal codegen in that we allocate a local register for the
        var in the latter case but it is never used).
        
2008-05-15  Geoffrey Garen  <ggaren@apple.com>

        Not reviewed.
        
        We regret to inform you that your program is crashing because you were
        stupid.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute): Math is hard.

2008-05-14  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        A little more debugger action: filled in op_debug. All debugger control
        flow works now, but variable inspection and backtraces still don't.
        
        SunSpider reports no change.

        * VM/CodeGenerator.cpp: Changed op_debug to accept line number parameters.

        * VM/Machine.cpp:
        (KJS::Machine::getFunctionAndArguments): Moved op_debug into a
        NEVER_INLINE function to avoid a stunning 10% performance regression.
        Also factored out a common function for retrieving the function and 
        arguments from a  call frame. 

        * kjs/JSActivation.cpp:
        (KJS::JSActivation::createArgumentsObject): Use the new factored out
        function mentioned above.

        * kjs/Parser.cpp:
        (KJS::Parser::parse): Increment m_sourceId before assigning it, so the
        sourceId we send to the debugger matches the sourceId recorded in the
        node.

        * kjs/nodes.cpp: Emit debugging hooks.

2008-05-14  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 19024: SQUIRRELFISH: ASSERTION FAILED: activation->isActivationObject() in Machine::unwindCallFrame
        <https://bugs.webkit.org/show_bug.cgi?id=19024>

        This fixes a number of issues.  The most important is that we now check every register
        file for tainting rather than just looking for function register files as that was
        insufficient. Additionally guarded against implicit re-entry into Eval code.

        Also added a few additional assertions to reduce the amout of time between something
        going wrong and us seeing the error.

        * VM/Machine.cpp:
        (KJS::Machine::execute):
        (KJS::Machine::privateExecute):
        * VM/RegisterFile.cpp:
        (KJS::RegisterFile::growBuffer):
        (KJS::RegisterFile::addGlobalSlots):
        * VM/RegisterFileStack.cpp:
        (KJS::RegisterFileStack::pushGlobalRegisterFile):
        (KJS::RegisterFileStack::pushFunctionRegisterFile):
        * VM/RegisterFileStack.h:
        (KJS::RegisterFileStack::inImplicitCall):

2008-05-14  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        A little more debugger action: emit opcodes for debugger hooks. Right
        now, the opcode implementation is just a stub.
        
        SunSpider reports no change.
        
        Some example codegen for "function f() { 1; }":

            [   0] dbg         DidEnterCallFrame
            [   2] dbg         WillExecuteStatement
            [   4] load        tr0, 1(@k0)
            [   7] load        tr0, undefined(@k1)
            [  10] dbg         WillLeaveCallFrame
            [  12] ret         tr0

2008-05-14  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 19025: SQUIRRELFISH: malformed syntax in onload handler causes crash
        <https://bugs.webkit.org/show_bug.cgi?id=19025>

        Simple fix -- move the use of functionBodyNode to after the null check.

        * kjs/function_object.cpp:
        (KJS::FunctionObjectImp::construct):

2008-05-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed a codegen crash with run-time parse errors.
        
        SunSpider reports no change.
        
        emitThrowError needs to return the temporary holding the error, not dst,
        since dst may be NULL. In fact, emitThrowError shouldn't take a dst
        parameter at all, since exceptions should not modify the destination
        register.

2008-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 19027: SquirrelFish: Incorrect codegen for pre-increment
        <https://bugs.webkit.org/show_bug.cgi?id=19027>

        This fixes the codegen issues for the pre-inc/decrement operators
        to prevent incorrectly clobbering the destination in the event of
        an exception.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitPreInc):
        (KJS::CodeGenerator::emitPreDec):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::PreIncResolveNode::emitCode):
        (KJS::PreDecResolveNode::emitCode):
        (KJS::PreIncBracketNode::emitCode):
        (KJS::PreDecBracketNode::emitCode):
        (KJS::PreIncDotNode::emitCode):
        (KJS::PreDecDotNode::emitCode):

2008-05-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        A little more debugger action: supply a real line number, sourceId,
        and sourceURL in op_new_error.
        
        SunSpider reports a .2% speedup. Not sure what that's about.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute): Use the new good stuff in op_new_error.

        * kjs/nodes.cpp:
        (KJS::RegExpNode::emitCode): Use the shared emitThrowError instead of
        rolling our own.

2008-05-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        A little more debugger action: implemented the exception callback.
        
        SunSpider reports a .2% speedup. Not sure what that's about.

        * VM/CodeBlock.h: A little refactoring here. Store a pointer to our
        owner ScopeNode so we can retrieve data from it. This allows us to
        stop storing copies of the data ourselves. Also, store a "this" register
        instead of a code type, since we were only using the code type to
        calculate the "this" register.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::generate): Calculate the "this" register mentioned
        above. Also, take care of removing "this" from the symbol table after
        codegen is done, since relying on the timing of a destructor for correct
        behavior is not so good.

        * VM/Machine.cpp:
        (KJS::Machine::throwException): Invoke the debugger's exception callback.
        (KJS::Machine::privateExecute): Use the "this" register mentioned above.

2008-05-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Removed some unused exception machinery.
        
        SunSpider reports a .3% speedup.

        * API/JSCallbackObject.h:
        * API/JSCallbackObjectFunctions.h:
        * JavaScriptCore.exp:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * kjs/internal.cpp:
        * kjs/object.cpp:
        * kjs/object.h:
        * kjs/value.h:

2008-05-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        A little more debugger action.

        * kjs/debugger.cpp:
        * kjs/debugger.h: Removed debuggersPresent because it was unused.
        Replaced AttachedGlobalObject linked list with a HashSet because HashSet
        is faster and simpler. Changed all functions to return void instead of
        bool, because no clients ever return false, and we don't want to support
        it.

        * kjs/nodes.cpp: Did some up-keep to avoid build bustage.
        (KJS::Node::handleException):
        (KJS::BreakpointCheckStatement::execute):
        (KJS::FunctionBodyNodeWithDebuggerHooks::execute):

2008-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Darin.

        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
        <https://bugs.webkit.org/show_bug.cgi?id=18752>

        Replace old attempt at "branchless" exceptions as the extra information
        being passed made gcc an unhappy compiler, replacing these custom toNumber
        calls with ordinary toNumber logic (by relying on toNumber now preventing
        side effects after an exception has been thrown) provided sufficient leeway
        to add the additional checks for the remaining unchecked cases.

        This leaves only toString conversions in certain contexts as possibly
        misbehaving.

        * VM/Machine.cpp:
        (KJS::jsAdd):
        (KJS::resolve):
        (KJS::resolveBaseAndProperty):
        (KJS::resolveBaseAndFunc):
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/value.h:
        (KJS::JSValue::safeGetNumber):

2008-05-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        First steps toward supporting the debugger API: support the sourceParsed
        callback; plus some minor fixups.

        SunSpider reports no regression.

        * VM/CodeGenerator.h: Removed a misleading comment.

        * kjs/Parser.h: Changed the parser to take an ExecState*, so it can
        implement the sourceParsed callback -- that way, we only have to
        implement the callback in one place.

        * kjs/debugger.cpp: Nixed DebuggerImp, because its sole purpose in life
        was to demonstrate the misapplication of design patterns.

        * kjs/debugger.h: Changed sourceParsed to take a SourceProvider, to
        reduce copying, and not to return a value, because pausing execution
        after parsing is complicated, and no clients needed that ability, anyway.

        * kjs/grammar.y: Make sure never to pass a NULL SourceElements* to
        didFinishParsing -- that simplifies some code down the road.
        
        * kjs/nodes.cpp: Don't generate special AST nodes just because the
        debugger is attached -- that's a relic of the old AST execution model,
        and those nodes haven't been maintained.

2008-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
        <https://bugs.webkit.org/show_bug.cgi?id=18752>

        First step: prevent incorrect evaluation of valueOf/toString conversion
        in right hand side of expression after earlier conversion throws.

        * API/JSCallbackObjectFunctions.h:
        (KJS::::toNumber):
        * kjs/object.cpp:
        (KJS::JSObject::defaultValue):

2008-05-12  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 18934: SQUIRRELFISH: ASSERT @ nytimes.com due to RegisterFile being clobbered
        <https://bugs.webkit.org/show_bug.cgi?id=18934>

        Unfortunately we cannot create new statically optimised globals if there are any
        tainted RegisterFiles on the RegisterFileStack.  To handle this we re-introduce
        (in a slightly cleaner form) the inImplicitCall concept to the RegisterFileStack.

        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * VM/RegisterFileStack.cpp:
        (KJS::RegisterFileStack::pushFunctionRegisterFile):
        * VM/RegisterFileStack.h:

2008-05-12  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Introduced support for function.caller.
        
        Improved support for walking interesting scopes for function introspection.
        
        This fixes all remaining layout tests not blocked by rebasing to trunk.
        
        SunSpider reports no change.

        * VM/Machine.cpp:
        (KJS::Machine::dumpRegisters): Fixed a spacing issue.

2008-05-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Bug 18961: SQUIRRELFISH: Gmail doesn't load
        <https://bugs.webkit.org/show_bug.cgi?id=18961>

        Fix codegen for logical nodes so that they don't use their destination
        as a temporary.

        * kjs/nodes.cpp:
        (KJS::LogicalAndNode::emitCode):
        (KJS::LogicalOrNode::emitCode):

2008-05-10  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.

        - JavaScriptCore part of fix for: "SQUIRRELFISH: function toString broken after calling"
        https://bugs.webkit.org/show_bug.cgi?id=18869
       
        Three layout tests are fixed:
          fast/js/toString-elision-trailing-comma.html
          fast/js/toString-prefix-postfix-preserve-parens.html
          fast/js/kde/lval-exceptions.html
        
        Functions now save a shared subrange of the original source used
        to make them (so in the common case this adds no storage above the
        memory cache).
        
        * kjs/SourceProvider.h: Added.
        (KJS::SourceProvider): New abstract base class for classes that provide on-demand access
        to the source for a JavaScript program. This allows function objects to have access to their
        original source without copying.
        (KJS::UStringSourceProvider): SourceProvider subclass backed by a KJS::UString.
        (KJS::UStringSourceProvider::create):
        (KJS::UStringSourceProvider::getRange):
        (KJS::UStringSourceProvider::data):
        (KJS::UStringSourceProvider::length):
        (KJS::UStringSourceProvider::UStringSourceProvider):
        * kjs/SourceRange.h: Added.
        (KJS::SourceRange::SourceRange): Class that holds a SourceProvider and a character range into
        the source, to encapsulate on-demand access to the source of a function.
        (KJS::SourceRange::toString):
        * VM/Machine.cpp:
        (KJS::eval): Pass a UStringSourceProvider to the parser.
        * kjs/Parser.cpp:
        (KJS::Parser::parse): Take a SourceProvider and pass it on to the lexer.
        * kjs/Parser.h:
        (KJS::Parser::parse): Take a SourceProvider.
        * kjs/lexer.cpp:
        (KJS::Lexer::setCode): Take a SourceProvider; keep it around, and
        use it to get the raw buffer and length.
        * kjs/lexer.h:
        (KJS::Lexer::sourceRange): Convenience function to get a source
        range based on the lexer's source provieder, and char offsets
        right before and after the desired range.
        * kjs/function.cpp:
        (KJS::globalFuncEval): Pass a UStringSourceProvider to the parser.
        * kjs/function_object.cpp:
        (KJS::functionProtoFuncToString): Use toSourceString to get the source.
        (KJS::FunctionObjectImp::construct): Give the parser a UStringSourceProvider.
        * kjs/grammar.y: When parsing a function declaration, function
        expression, or getter or setter, tell the function body about its
        SourceRange.
        * kjs/interpreter.cpp:
        (KJS::Interpreter::checkSyntax): Pass a SourceProvider to the parser.
        (KJS::Interpreter::evaluate): Pass a SourceProvider to the parser.
        * kjs/interpreter.h:
        * kjs/nodes.h:
        (KJS::FunctionBodyNode::setSource): Establish a SourceRange for this function.
        (KJS::FunctionBodyNode::toSourceString): Get the source string out
        of the SourceRange.
        (KJS::FuncExprNode::): Take a SourceRange and set it on the body.
        (KJS::FuncDeclNode::): ditto
        * kjs/testkjs.cpp:
        (prettyPrintScript): Use a SourceProvider appropriately.
        * JavaScriptCore.exp: Export new symbols.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add new files.
        * JavaScriptCore.xcodeproj/project.pbxproj: Add new files.

2008-05-09  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bring back RegisterFile tainting in order to correctly handle
        natively implemented getters and setters that re-enter JavaScript

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/RegisterFile.h:
        * kjs/function.cpp:
        (KJS::FunctionImp::callAsFunction):
        * kjs/object.cpp:
        (KJS::JSObject::put):
        (KJS::tryGetAndCallProperty):
        * kjs/property_slot.cpp:
        (KJS::PropertySlot::functionGetter):

2008-05-09  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - track character offsets of open and close braces, in preparation for saving function source
        
        I verified that there is no performance regression from this change.

        * kjs/grammar.y:
        * kjs/lexer.cpp:
        (KJS::Lexer::lex):
        (KJS::Lexer::matchPunctuator):
        * kjs/lexer.h:

2008-05-09  Oliver Hunt  <oliver@apple.com>

        Reviewed by Nobody (build fix).

        Debug build fix

        * kjs/JSGlobalObject.cpp:
        (KJS::JSGlobalObject::restoreLocalStorage):

2008-05-09  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Build fixes for SquirrelFish on windows.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
        * VM/Register.h:
        * kjs/JSGlobalObject.cpp:
        (KJS::JSGlobalObject::restoreLocalStorage):
        * kjs/collector.cpp:
        (KJS::Collector::allocate):
        (KJS::Collector::allocateNumber):
        * kjs/collector.h:
        (KJS::Collector::allocate):
        (KJS::Collector::allocateNumber):
        * kjs/property_slot.cpp:

2008-05-08  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.
        
        - fix activation tearoff in the case where functions are called with too many arguments
        
        Fixes:
        fast/canvas/patternfill-repeat.html
        fast/dom/SelectorAPI/bug-17313.html

        * VM/Machine.cpp:
        (KJS::slideRegisterWindowForCall):
        (KJS::scopeChainForCall):
        (KJS::Machine::execute):
        (KJS::Machine::privateExecute):

2008-05-08  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed failure in fast/canvas/canvas-pattern-behaviour.html.
        
        SunSpider reports a small speedup. Not sure what that's about.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump): Fixed op_call_eval to dump as "op_call_eval".
        This helped me while debugging.

        * VM/Machine.cpp:
        (KJS::Machine::unwindCallFrame): When looking for an activation to tear
        off, don't use the scope chain. Inside eval, the scope chain doesn't
        belong to us; it belongs to our calling function.
        
        Also, don't use the needsFullScopeChain flag to decide whether to tear
        off the activation. "function.arguments" can create an activation
        for a function whose needsFullScopeChain flag is set to false.

2008-05-08  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fix function.call for calls of more than 8 arguments
        
        Fixes svg/carto.net/button.svg

        * kjs/list.cpp:
        (KJS::List::getSlice): properly set up the m_buffer of the target list.

2008-05-08  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - don't return a null RegisterID from RegExpNode in the exception case, since the caller may need a real register

        Fixes:
        - fast/regex/early-acid3-86.html
        - http/tests/misc/acid3.html
        
        * kjs/nodes.cpp:
        (KJS::RegExpNode::emitCode):

2008-05-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Fix a performance regression caused by the introduction of property
        attributes to SymbolTable in r32859 by encoding the attributes and the
        register index into a single field of SymbolTableEntry.

        This leaves Node::optimizeVariableAccess() definitely broken, although
        it was probably not entirely correct in SquirrelFish before this change.

        * VM/CodeBlock.h:
        (KJS::missingThisObjectMarker):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::addVar):
        (KJS::CodeGenerator::CodeGenerator):
        (KJS::CodeGenerator::registerForLocal):
        (KJS::CodeGenerator::registerForLocalConstInit):
        (KJS::CodeGenerator::isLocalConstant):
        (KJS::CodeGenerator::addConstant):
        (KJS::CodeGenerator::emitCall):
        * VM/CodeGenerator.h:
        (KJS::CodeGenerator::IdentifierMapIndexHashTraits::emptyValue):
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * kjs/JSGlobalObject.cpp:
        (KJS::JSGlobalObject::saveLocalStorage):
        * kjs/JSVariableObject.cpp:
        (KJS::JSVariableObject::getPropertyNames):
        (KJS::JSVariableObject::getPropertyAttributes):
        * kjs/JSVariableObject.h:
        (KJS::JSVariableObject::symbolTableGet):
        (KJS::JSVariableObject::symbolTablePut):
        (KJS::JSVariableObject::symbolTablePutWithAttributes):
        * kjs/SymbolTable.h:
        (KJS::SymbolTableEntry::SymbolTableEntry):
        (KJS::SymbolTableEntry::isEmpty):
        (KJS::SymbolTableEntry::getIndex):
        (KJS::SymbolTableEntry::getAttributes):
        (KJS::SymbolTableEntry::setAttributes):
        (KJS::SymbolTableEntry::isReadOnly):
        * kjs/nodes.cpp:
        (KJS::getSymbolTableEntry):
        (KJS::PostIncResolveNode::optimizeVariableAccess):
        (KJS::PostDecResolveNode::optimizeVariableAccess):
        (KJS::DeleteResolveNode::optimizeVariableAccess):
        (KJS::TypeOfResolveNode::optimizeVariableAccess):
        (KJS::PreIncResolveNode::optimizeVariableAccess):
        (KJS::PreDecResolveNode::optimizeVariableAccess):
        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
        (KJS::AssignResolveNode::optimizeVariableAccess):
        (KJS::ProgramNode::initializeSymbolTable):

2008-05-06  Maciej Stachowiak  <mjs@apple.com>

        Rubber stamped by Oliver.
        
        - add missing ! in an assert that I failed to reverse

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::CodeGenerator):

2008-05-06  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fixed "SQUIRRELFISH: window.this shows up as a property, but it shouldn't"
        https://bugs.webkit.org/show_bug.cgi?id=18868
        
        The basic approach is to have "this" only be present in the symbol
        table at compile time, not runtime.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::~CodeGenerator): Remove "this" from symbol table.
        (KJS::CodeGenerator::CodeGenerator): Add "this" back when re-using
        a symbol table.
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::execute): Don't assert that "this" is in the symbol table.

2008-05-06  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Trivial support for function.arguments: Currently, we only support
        function.arguments from within the scope of function.
        
        This fixes the remaining Mozilla JS test failures.
        
        SunSpider reports no change.

        * JavaScriptCore.exp:

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute): Separated scope chain deref from
        activation register copying: since it is now possible for client code
        to create an activation on behalf of a function that otherwise wouldn't
        need one, having an activation no longer necessarily means that you need
        to deref the scope chain.
        
        (KJS::Machine::getCallFrame): For now, this function only examines the
        current scope. Walking parent scopes requires some refactoring in the
        way we track execution stacks.

        * kjs/ExecState.cpp:
        (KJS::ExecState::ExecState): We use a negative call frame offset to
        indicate that a given scope is not a function call scope.
        
2008-05-05  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Fix call frame set up for native -> JS function calls.

        * VM/Machine.cpp:
        (KJS::Machine::execute):

2008-05-05  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed ecma_3/Object/8.6.2.6-001.js, and similar bugs.
        
        SunSpider reports a .4% speedup. Not sure what that's about.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute): Check for exception return from equal,
        since toPrimitive can throw.

        * kjs/operations.cpp:
        (KJS::strictEqual): In response to an error I made in an earlier version
        of this patch, I changed strictEqual to make clear the fact that it
        performs no conversions and can't throw, making it slightly more efficient
        in the process.

2008-05-05  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fix some dumb mistakes in my last patch

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitPushScope):
        (KJS::CodeGenerator::emitGetPropertyNames):
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-05-05  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - document opcodes relating to jumps, scopes, and property name iteration
        
        Documented jmp, jtrue, false, push_scope, pop_scope, get_pnames,
        next_pname and jmp_scopes.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitJump):
        (KJS::CodeGenerator::emitJumpIfTrue):
        (KJS::CodeGenerator::emitJumpIfFalse):
        (KJS::CodeGenerator::emitPushScope):
        (KJS::CodeGenerator::emitNextPropertyName):
        (KJS::CodeGenerator::emitGetPropertyNames):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * kjs/nodes.cpp:
        (KJS::LogicalAndNode::emitCode):
        (KJS::LogicalOrNode::emitCode):
        (KJS::ConditionalNode::emitCode):
        (KJS::IfNode::emitCode):
        (KJS::IfElseNode::emitCode):
        (KJS::DoWhileNode::emitCode):
        (KJS::WhileNode::emitCode):
        (KJS::ForNode::emitCode):
        (KJS::ForInNode::emitCode):
        (KJS::WithNode::emitCode):

2008-05-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Bug 18749: SQUIRRELFISH: const support is broken
        <https://bugs.webkit.org/show_bug.cgi?id=18749>

        Adds support for const during code generation.

        Fixes 2 layout tests.

        * ChangeLog:
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::addVar):
        (KJS::CodeGenerator::CodeGenerator):
        (KJS::CodeGenerator::isLocalConstant):
        * VM/CodeGenerator.h:
        (KJS::CodeGenerator::addVar):
        * kjs/nodes.cpp:
        (KJS::PostIncResolveNode::emitCode):
        (KJS::PostDecResolveNode::emitCode):
        (KJS::PreIncResolveNode::emitCode):
        (KJS::PreDecResolveNode::emitCode):
        (KJS::ReadModifyResolveNode::emitCode):
        (KJS::AssignResolveNode::emitCode):

2008-05-04  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.
        
        - document some more opcodes (and fix argument names)
        
        Added docs for eq, neq, stricteq, nstriceq, less and lesseq.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitEqual):
        (KJS::CodeGenerator::emitNotEqual):
        (KJS::CodeGenerator::emitStrictEqual):
        (KJS::CodeGenerator::emitNotStrictEqual):
        (KJS::CodeGenerator::emitLess):
        (KJS::CodeGenerator::emitLessEq):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * kjs/nodes.cpp:
        (KJS::LessNode::emitCode):
        (KJS::GreaterNode::emitCode):
        (KJS::LessEqNode::emitCode):
        (KJS::GreaterEqNode::emitCode):
        (KJS::EqualNode::emitCode):
        (KJS::NotEqualNode::emitCode):
        (KJS::StrictEqualNode::emitCode):
        (KJS::NotStrictEqualNode::emitCode):
        (KJS::CaseBlockNode::emitCodeForBlock):

2008-05-04  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        More scaffolding for f.arguments.
        
        Track the offset of the last call frame in the ExecState, so we can
        produce a backtrace at any time.
        
        Also, record numLocals, the sum of numVars + numParameters, in each code
        block, to make updates to the ExecState a little cheaper than they
        would be otherwise.
        
        We now use numLocals in a bunch of places where we used to calculate
        numVars + numParameters or -numVars - numParameters.
        
        Reports are mixed, but all in all, this seems to be a wash on SunSpider.

2008-05-04  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Whoops, correctly handle properties that don't exist in the 
        symbol table.

        * kjs/JSVariableObject.h:
        (KJS::JSVariableObject::symbolTablePutWithAttributes):

2008-05-04  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Add attribute information to SymbolTable as ground work for
        various DontEnum and ReadOnly issues.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::addVar):
        (KJS::CodeGenerator::CodeGenerator):
        (KJS::CodeGenerator::registerForLocal):
        (KJS::CodeGenerator::registerForLocalConstInit):
        (KJS::CodeGenerator::addConstant):
        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * kjs/JSGlobalObject.cpp:
        (KJS::JSGlobalObject::saveLocalStorage):
        * kjs/JSVariableObject.cpp:
        (KJS::JSVariableObject::getPropertyNames):
        (KJS::JSVariableObject::getPropertyAttributes):
        * kjs/JSVariableObject.h:
        (KJS::JSVariableObject::symbolTablePut):
        (KJS::JSVariableObject::symbolTablePutWithAttributes):
        * kjs/SymbolTable.h:
        (KJS::SymbolTableEntry::SymbolTableEntry):
        (KJS::SymbolTableIndexHashTraits::emptyValue):
        * kjs/nodes.cpp:
        (KJS::getSymbolTableEntry):
        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
        (KJS::AssignResolveNode::optimizeVariableAccess):
        (KJS::ProgramNode::initializeSymbolTable):

2008-05-04  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        More scaffolding for f.arguments.
        
        Store the register file associated with an ExecState in the ExecState.
        
        SunSpider reports no change.

        * kjs/JSGlobalObject.h:
        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Moved
        registerFileStack above globalExec, so it gets initialized first.
        Removed remnants of old activation scheme.

2008-05-04  Maciej Stachowiak  <mjs@apple.com>

        Rubber stamped by Oliver.
        
        - renamed a few opcodes and fixed assembly formatting to accomodate the longest opcode
        
        equal --> eq
        nequal --> neq
        resolve_base_and_property --> resolve_with_base
        resolve_base_and_func --> resolve_func
        get_prop_id --> get_by_id
        put_prop_id --> put_by_id
        delete_prop_id --> del_by_id
        get_prop_val --> get_by_val
        put_prop_val --> put_by_val
        delete_prop_val --> del_by_val
        put_prop_index --> put_by_index
        
        * VM/CodeBlock.cpp:
        (KJS::printUnaryOp):
        (KJS::printBinaryOp):
        (KJS::printConditionalJump):
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitEqual):
        (KJS::CodeGenerator::emitNotEqual):
        (KJS::CodeGenerator::emitResolveWithBase):
        (KJS::CodeGenerator::emitResolveFunction):
        (KJS::CodeGenerator::emitGetById):
        (KJS::CodeGenerator::emitPutById):
        (KJS::CodeGenerator::emitDeleteById):
        (KJS::CodeGenerator::emitGetByVal):
        (KJS::CodeGenerator::emitPutByVal):
        (KJS::CodeGenerator::emitDeleteByVal):
        (KJS::CodeGenerator::emitPutByIndex):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::ArrayNode::emitCode):
        (KJS::PropertyListNode::emitCode):
        (KJS::BracketAccessorNode::emitCode):
        (KJS::DotAccessorNode::emitCode):
        (KJS::EvalFunctionCallNode::emitCode):
        (KJS::FunctionCallResolveNode::emitCode):
        (KJS::FunctionCallBracketNode::emitCode):
        (KJS::FunctionCallDotNode::emitCode):
        (KJS::PostIncResolveNode::emitCode):
        (KJS::PostDecResolveNode::emitCode):
        (KJS::PostIncBracketNode::emitCode):
        (KJS::PostDecBracketNode::emitCode):
        (KJS::PostIncDotNode::emitCode):
        (KJS::PostDecDotNode::emitCode):
        (KJS::DeleteResolveNode::emitCode):
        (KJS::DeleteBracketNode::emitCode):
        (KJS::DeleteDotNode::emitCode):
        (KJS::TypeOfResolveNode::emitCode):
        (KJS::PreIncResolveNode::emitCode):
        (KJS::PreDecResolveNode::emitCode):
        (KJS::PreIncBracketNode::emitCode):
        (KJS::PreDecBracketNode::emitCode):
        (KJS::PreIncDotNode::emitCode):
        (KJS::PreDecDotNode::emitCode):
        (KJS::ReadModifyResolveNode::emitCode):
        (KJS::AssignResolveNode::emitCode):
        (KJS::AssignDotNode::emitCode):
        (KJS::ReadModifyDotNode::emitCode):
        (KJS::AssignBracketNode::emitCode):
        (KJS::ReadModifyBracketNode::emitCode):
        (KJS::ConstDeclNode::emitCodeSingle):
        (KJS::ForInNode::emitCode):
        (KJS::TryNode::emitCode):

2008-05-04  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Fix assertion when accessing arguments object with too many arguments provided

        The arguments constructor was assuming that the register offset given for argv
        was an absolute offset into the registerfile, rather than the offset from the
        frame.  This patches corrects that issue.

        * kjs/JSActivation.cpp:
        (KJS::JSActivation::createArgumentsObject):

2008-05-04  Geoffrey Garen  <ggaren@apple.com>

        Rubber stamped by Sam Weinig.
        
        Cleaned up Machine.cpp according to our style guidelines: moved static
        data to the top of the file; moved stand-alone functions below that;
        moved the Machine constructor above other Machine member functions.

2008-05-03  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Sam.
        
        - fix accidental breakage from last patch

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-05-03  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.
        
        - a bunch more opcode documentation and corresponding parameter name fixes

        I renamed a few opcodes:
        
        type_of --> typeof (that's what the JS operator is named)
        instance_of --> instanceof (ditto)
        create_error --> new_error (for consistency with other new_* opcodes)
        
        I documented the following opcodes:
        
        - load
        - new_object
        - new_array
        - new_regexp
        - mov
        - pre_inc
        - pre_dec
        - post_inc
        - post_dec
        - to_jsnumber
        - negate
        - bitnot
        - not
        - instanceof
        - typeof
        - in
        - new_func
        - new_funcexp
        - new_error

        I also fixed formatting on some existing opcode docs.
        
        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitMove):
        (KJS::CodeGenerator::emitNot):
        (KJS::CodeGenerator::emitPreInc):
        (KJS::CodeGenerator::emitPreDec):
        (KJS::CodeGenerator::emitPostInc):
        (KJS::CodeGenerator::emitPostDec):
        (KJS::CodeGenerator::emitToJSNumber):
        (KJS::CodeGenerator::emitNegate):
        (KJS::CodeGenerator::emitBitNot):
        (KJS::CodeGenerator::emitInstanceOf):
        (KJS::CodeGenerator::emitTypeOf):
        (KJS::CodeGenerator::emitIn):
        (KJS::CodeGenerator::emitLoad):
        (KJS::CodeGenerator::emitNewObject):
        (KJS::CodeGenerator::emitNewArray):
        (KJS::CodeGenerator::emitNewRegExp):
        (KJS::CodeGenerator::emitNewError):
        * VM/CodeGenerator.h:
        (KJS::CodeGenerator::scopeDepth):
        (KJS::CodeGenerator::addVar):
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::Node::emitThrowError):
        (KJS::RegExpNode::emitCode):
        (KJS::TypeOfValueNode::emitCode):
        (KJS::UnaryPlusNode::emitCode):
        (KJS::NegateNode::emitCode):
        (KJS::BitwiseNotNode::emitCode):
        (KJS::LogicalNotNode::emitCode):
        (KJS::InstanceOfNode::emitCode):
        (KJS::InNode::emitCode):

2008-05-03  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff and Sam.
        
        - generate HTML bytecode docs at build time

        * DerivedSources.make:
        * docs: Added.
        * docs/make-bytecode-docs.pl: Added.

2008-05-03  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Update ExecState::m_scopeChain when switching scope chains inside the
        machine.
        
        This fixes uses of lexicalGlobalObject, such as, in a subframe

            alert(top.makeArray() instanceof Array ? "FAIL" : "PASS");
        
        and a bunch of the security failures listed in
        https://bugs.webkit.org/show_bug.cgi?id=18870. (Those tests still fail,
        seemingly because of regressions in exception messages).
        
        SunSpider reports no change.

        * VM/Machine.cpp: Factored out scope chain updating into a common
        function that takes care to update ExecState::m_scopeChain, too.

        * kjs/ExecState.h: I made Machine a friend of ExecState so that Machine
        could update ExecState::m_scopeChain, even though that value is
        read-only for everyone else.

        * kjs/JSGlobalObject.h:
        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Changed
        this client to be a little friendlier to ExecState's internal
        storage type for scope chain data.

2008-05-03  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=18876
        Squirrelfish: ScopeChainNode leak in op_jmp_scopes.
        
        SunSpider reports no change.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute): Don't construct a ScopeChain object,
        since the direct threaded interpreter will goto across its destructor.

2008-05-03  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        A bit more efficient fix than r32832: Don't copy globals into function
        register files; instead, have the RegisterFileStack track only the base
        of the last *global* register file, so the global object's register
        references stay good.
        
        SunSpider reports a .3% speedup. Not sure what that's about.

2008-05-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18864: SquirrelFish: Support getter and setter definition in object literals
        <https://bugs.webkit.org/show_bug.cgi?id=18864>

        Add new opcodes to allow us to add getters and setters to an object.  These are
        only used by the codegen for object literals.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitPutGetter):
        (KJS::CodeGenerator::emitPutSetter):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::PropertyListNode::emitCode):

2008-05-02  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - properly copy globals into and out of implicit call register
        files, otherwise they will fail at global lookup

        Fixes fast/js/array-tostring-and-join.html layout test.
        
        * VM/RegisterFileStack.cpp:
        (KJS::RegisterFileStack::pushGlobalRegisterFile):
        (KJS::RegisterFileStack::popGlobalRegisterFile):
        (KJS::RegisterFileStack::pushFunctionRegisterFile):
        (KJS::RegisterFileStack::popFunctionRegisterFile):

2008-05-02  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=18822
        SQUIRRELFISH: incorrect eval used in some cases
        
        Changed all code inside the machine to fetch the lexical global object
        directly from the scope chain, instead of from the ExecState.
        
        Clients who fetch the lexical global object through the ExecState
        still don't work.
        
        SunSpider reports no change.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute): Fetch the lexical global object from
        the scope chain.
        
        * kjs/ExecState.h:
        (KJS::ExecState::ExecState::lexicalGlobalObject): Moved the logic for
        this function into ScopeChainNode, but kept this function around to
        support existing clients.

2008-05-02  Geoffrey Garen  <ggaren@apple.com>

        Rubber stamped by Oliver Hunt.
        
        Removed ExecState.cpp from AllInOneFile.cpp, for a .2% speedup.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/AllInOneFile.cpp:

2008-05-01  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff and Maciej.

        Bug 18827: SquirrelFish: Prevent getters and setters from destroying the current RegisterFile
        <https://bugs.webkit.org/show_bug.cgi?id=18827>

        Remove safe/unsafe RegisterFile concept, and instead just add additional
        logic to ensure we always push/pop RegisterFiles when executing getters
        and setters, similar to the logic for valueOf and toString.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/RegisterFile.h:
        * kjs/function.cpp:
        (KJS::FunctionImp::callAsFunction):
        * kjs/object.cpp:
        (KJS::JSObject::put):
        * kjs/property_slot.cpp:
        (KJS::PropertySlot::functionGetter):

2008-05-01  Oliver Hunt  <oliver@apple.com>

        RS=Geoff

        Rename unsafeForReentry to safeForReentry to avoid double negatives.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/RegisterFile.h:
        * kjs/function.cpp:
        (KJS::FunctionImp::callAsFunction):

2008-05-01  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18827: SquirrelFish: Prevent getters and setters from destroying the current RegisterFile
        <https://bugs.webkit.org/show_bug.cgi?id=18827>
        
        This patch makes getters and setters work.  It does this by
        tracking whether the RegisterFile is "safe", that is whether
        the interpreter is in a state that in which it can handle
        the RegisterFile being reallocated.

        * VM/Machine.cpp:
        (KJS::resolve):
        (KJS::Machine::privateExecute):
        * VM/RegisterFile.h:
        * kjs/function.cpp:
        (KJS::FunctionImp::callAsFunction):

2008-04-30  Geoffrey Garen  <ggaren@apple.com>

        Release build fix: Always compile in "isGlobalObject", since it's
        listed in our .exp file.

        * kjs/ExecState.cpp:
        (KJS::ExecState::isGlobalObject):
        * kjs/ExecState.h:

2008-04-30  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Minor code restructuring to prepare for getters and setters, 
        also helps exception semantics a bit.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-04-30  Geoffrey Garen  <ggaren@apple.com>

        Fixed tyop.

        * kjs/ExecState.h:

2008-04-30  Geoffrey Garen  <ggaren@apple.com>

        Debug build fix: export a missing symbol.

        * JavaScriptCore.exp:

2008-04-30  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        A little more ExecState refactoring: Now, only the global object creates
        an ExecState.
        
        Also inlined ExecState::lexicalGlobalObject().
        
        SunSpider reports no change.

2008-04-30  Geoffrey Garen  <ggaren@apple.com>

        WebCore build fix: forward-declare ScopeChain.

        * kjs/interpreter.h:

2008-04-30  Geoffrey Garen  <ggaren@apple.com>

        Build fix for JavaScriptGlue: export a missing symbol.

        * JavaScriptCore.exp:

2008-04-30  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Removed a lot of unused bits from ExecState, moving them into
        OldInterpreterExecState, the fake scaffolding class.
        
        The clutter was making it hard to see the forest from the trees.
        
        .4% SunSpider speedup, probably because ExecState::lexicalGlobalObject()
        is faster now.

2008-04-29  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18643: SQUIRRELFISH: need to support implicit function calls (valueOf, toString, getters/setters)
        <https://bugs.webkit.org/show_bug.cgi?id=18643>

        Prevent static slot optimisation for new variables and functions in
        globally re-entrant code called from an an implicit function call.

        This is necessary to prevent us from needing to resize the global
        slot portion of the root RegisterFile during an implicit (and hence
        unguarded) function call.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::CodeGenerator):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * VM/RegisterFile.h:
        * VM/RegisterFileStack.cpp:
        (KJS::RegisterFileStack::pushGlobalRegisterFile):
        (KJS::RegisterFileStack::popGlobalRegisterFile):
        (KJS::RegisterFileStack::pushFunctionRegisterFile):
        (KJS::RegisterFileStack::popFunctionRegisterFile):
        * VM/RegisterFileStack.h:
        (KJS::RegisterFileStack::inImplicitFunctionCall):
        (KJS::RegisterFileStack::lastGlobal):
        * kjs/nodes.cpp:
        (KJS::ProgramNode::generateCode):
        * kjs/nodes.h:
        (KJS::ProgramNode::):

2008-04-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        In nested program code, don't propogate "this" back to the parent
        register file. ("this" should remain constant in the parent register
        file, regardless of the scripts it invokes.)

        * VM/RegisterFile.cpp:
        (KJS::RegisterFile::copyGlobals):

2008-04-28  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Restore base pointer when popping a global RegisterFile

        * VM/RegisterFileStack.cpp:
        (KJS::RegisterFileStack::popGlobalRegisterFile):

2008-04-28  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 18643: SQUIRRELFISH: need to support implicit function calls (valueOf, toString, getters/setters)
        <https://bugs.webkit.org/show_bug.cgi?id=18643>

        Partial fix.  This results in all implicit calls to toString or valueOf
        executing in a separate RegisterFile, so ensuring that the the pointers
        in the triggering interpreter don't get trashed.  This still leaves the
        task of preventing new global re-entry from toString and valueOf from
        clobbering the RegisterFile.

        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * VM/RegisterFileStack.cpp:
        (KJS::RegisterFileStack::pushFunctionRegisterFile):
        (KJS::RegisterFileStack::popFunctionRegisterFile):
        * VM/RegisterFileStack.h:
        * kjs/object.cpp:
        (KJS::tryGetAndCallProperty):

2008-04-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Simplified activation object a bit: No need to store the callee
        in the activation object -- we can pull it out of the call frame
        when needed, instead.
        
        SunSpider reports no change.

2008-04-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        RS by Oliver Hunt on moving JSArguments.cpp out of AllInOneFile.cpp.

        Substantially more handling of "arguments": "arguments" works fully
        now, but "f.arguments" still doesn't work.

        Fixes 10 regression tests.
        
        SunSpider reports no regression.

        * kjs/JSActivation.cpp:
        (KJS::JSActivation::createArgumentsObject): Reconstruct an arguments
        List to pass to the arguments object constructor.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/AllInOneFile.cpp: Removed JSActivation.cpp from AllInOneFile.cpp
        because that seems to make GCC happy. (Previously, I had added
        JSActivation.cpp to AllInOneFile.cpp because *that* seemed to make GCC
        happy. So it goes.)

2008-04-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Groundwork for more handling of "arguments". I'm not checking in the
        actual handling of "arguments" yet, because it still needs a little
        fiddling to avoid a performance regression.
        
        SunSpider reports no change.

        * VM/Machine.cpp:
        (KJS::initializeCallFrame): Put argc in the register file, so the
        arguments object can find it later, to determine arguments.length.

        * kjs/nodes.h:
        (KJS::FunctionBodyNode::): Added a special code accessor for when you
        know the code has already been generated, and you don't have a scopeChain
        to supply for potential code generation. (This is the case when the
        activation object creates the arguments object.)

2008-04-28  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Replace unsafe use of auto_ptr in Vector with manual memory
        management.

        * VM/RegisterFileStack.cpp:
        (KJS::RegisterFileStack::~RegisterFileStack):
        (KJS::RegisterFileStack::popRegisterFile):
        * VM/RegisterFileStack.h:

2008-04-27  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej.

        Bug 18746: SQUIRRELFISH: indirect eval used when direct eval should be used
        <https://bugs.webkit.org/show_bug.cgi?id=18746>

        Change the base to the correct value of the 'this' object after the direct
        eval test instead of before.

        Fixes 5 layout tests.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * kjs/nodes.cpp:
        (KJS::EvalFunctionCallNode::emitCode):

2008-04-26  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - document all property getting, setting and deleting opcodes
        
        (And fix function parameter names to match corresponding opcode parameter names.)

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitResolve):
        (KJS::CodeGenerator::emitResolveBase):
        (KJS::CodeGenerator::emitResolveBaseAndProperty):
        (KJS::CodeGenerator::emitResolveBaseAndFunc):
        (KJS::CodeGenerator::emitGetPropId):
        (KJS::CodeGenerator::emitPutPropId):
        (KJS::CodeGenerator::emitDeletePropId):
        (KJS::CodeGenerator::emitPutPropVal):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::resolve):
        (KJS::resolveBase):
        (KJS::resolveBaseAndProperty):
        (KJS::resolveBaseAndFunc):
        (KJS::Machine::privateExecute):
        * kjs/nodes.cpp:
        (KJS::ResolveNode::emitCode):
        (KJS::ArrayNode::emitCode):
        (KJS::PropertyListNode::emitCode):
        (KJS::BracketAccessorNode::emitCode):
        (KJS::EvalFunctionCallNode::emitCode):
        (KJS::FunctionCallResolveNode::emitCode):
        (KJS::FunctionCallBracketNode::emitCode):
        (KJS::PostIncResolveNode::emitCode):
        (KJS::PostDecResolveNode::emitCode):
        (KJS::PostIncBracketNode::emitCode):
        (KJS::PostDecBracketNode::emitCode):
        (KJS::PostIncDotNode::emitCode):
        (KJS::PostDecDotNode::emitCode):
        (KJS::DeleteResolveNode::emitCode):
        (KJS::TypeOfResolveNode::emitCode):
        (KJS::PreIncResolveNode::emitCode):
        (KJS::PreDecResolveNode::emitCode):
        (KJS::PreIncBracketNode::emitCode):
        (KJS::PreDecBracketNode::emitCode):
        (KJS::AssignResolveNode::emitCode):
        (KJS::AssignDotNode::emitCode):
        (KJS::ReadModifyDotNode::emitCode):
        (KJS::AssignBracketNode::emitCode):
        (KJS::ReadModifyBracketNode::emitCode):
        (KJS::ConstDeclNode::emitCodeSingle):

2008-04-26  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18628: SQUIRRELFISH: need to support recursion limit
        <https://bugs.webkit.org/show_bug.cgi?id=18628>

        Basically completes recursion limiting.  There is still some
        tuning we may want to do to make things better in the face of
        very bad code, but certainly nothing worse than anything already
        possible in trunk.

        Also fixes a WebKit test by fixing the exception text :D

        * JavaScriptCore.exp:
        * VM/ExceptionHelpers.cpp:
        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * VM/RegisterFile.cpp:
        (KJS::RegisterFile::growBuffer):
        (KJS::RegisterFile::addGlobalSlots):
        * VM/RegisterFile.h:
        (KJS::RegisterFile::grow):
        (KJS::RegisterFile::uncheckedGrow):
        * VM/RegisterFileStack.cpp:
        (KJS::RegisterFileStack::pushRegisterFile):
        * VM/RegisterFileStack.h:

2008-04-25  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 18628: SQUIRRELFISH: need to support recursion limit
        <https://bugs.webkit.org/show_bug.cgi?id=18628>

        Put a limit on the level of reentry recursion.  128 levels of re-entrant recursion
        seems reasonable as it is greater than the old eval limit, and a long way short of
        the reentry depth needed to overflow the stack.

        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * VM/Machine.h:

2008-04-25  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        A tiny bit of cleanup to the regexp code.
        
        Removed some static_cast.
        
        Removed createRegExpImp because it's no longer used.

2008-04-25  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18736: SQUIRRELFISH: switch statements with no default have incorrect codegen
        <https://bugs.webkit.org/show_bug.cgi?id=18736>

        Ensure the "default" target is correct in the absence of an explicit default handler.

        * kjs/nodes.cpp:
        (KJS::CaseBlockNode::emitCodeForBlock):

2008-04-25  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18628: SQUIRRELFISH: need to support recursion limit
        <https://bugs.webkit.org/show_bug.cgi?id=18628>

        More bounds checking.

        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * VM/RegisterFile.cpp:
        (KJS::RegisterFile::growBuffer):
        * VM/RegisterFile.h:

2008-04-25  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fix signal catching magic
        
        The signal handlers are restored to _exit but are only set when
        running under run-javascriptcore-tests. fprintf from a signal
        handler is not safe.

        * kjs/testkjs.cpp:
        (main):
        (parseArguments):
        * tests/mozilla/jsDriver.pl:

2008-04-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej.

        Bug 18732: SQUIRRELFISH: exceptions thrown by native constructors are ignored
        <https://bugs.webkit.org/show_bug.cgi?id=18732>

        Fixes another regression test.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-04-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej.

        Bug 18728: SQUIRRELFISH: invalid regular expression constants should throw exceptions
        <https://bugs.webkit.org/show_bug.cgi?id=18728>

        Fixes another regression test.

        * kjs/nodes.cpp:
        (KJS::RegExpNode::emitCode):

2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Geoffrey Garen.

        Bug 18735: SQUIRRELFISH: closures are sometimes given an incorrect 'this' value when called
        <https://bugs.webkit.org/show_bug.cgi?id=18735>

        The overloaded toThisObject method was not copied over to JSActivation.

        Fixes two regression tests.

        * kjs/JSActivation.cpp:
        (KJS::JSActivation::toThisObject):
        * kjs/JSActivation.h:

2008-04-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Added support for arguments.callee.

2008-04-24  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18628: SQUIRRELFISH: need to support recursion limit
        <https://bugs.webkit.org/show_bug.cgi?id=18628>

        Partial fix -- this gets us some of the required bounds checking, but not
        complete coverage.  But it does manage to do them without regressing :D

        * VM/ExceptionHelpers.cpp:
        (KJS::createError):
        (KJS::createStackOverflowError):
        * VM/ExceptionHelpers.h:
        * VM/Machine.cpp:
        (KJS::slideRegisterWindowForCall):
        (KJS::Machine::execute):
        (KJS::Machine::privateExecute):
        * VM/RegisterFile.cpp:
        * VM/RegisterFile.h:
        (KJS::RegisterFile::):
        (KJS::RegisterFile::RegisterFile):
        (KJS::RegisterFile::grow):

2008-04-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        A tiny bit more handling of "arguments": create a real, but mostly
        hollow, arguments object.
        
        Fixes 2 regression tests.

2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Bug 18717: SQUIRRELFISH: eval returns the wrong value for a variable declaration statement
        <https://bugs.webkit.org/show_bug.cgi?id=18717>

        Fixes a regression test, but exposes the failure of another due to the
        lack of getters and setters.

        * kjs/nodes.cpp:
        (KJS::ConstDeclNode::emitCodeSingle):
        (KJS::ConstDeclNode::emitCode):
        (KJS::ConstStatementNode::emitCode):
        (KJS::VarStatementNode::emitCode):
        * kjs/nodes.h:

2008-04-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Print a CRASH statement when crashing, so test failures are not a
        mystery.

        * kjs/testkjs.cpp:
        (handleCrash):
        (main):

2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Geoffrey Garen.

        Bug 18716: SQUIRRELFISH: typeof should return undefined for an undefined variable reference
        <https://bugs.webkit.org/show_bug.cgi?id=18716>

        This fixes 2 more regression tests.

        * kjs/nodes.cpp:
        (KJS::TypeOfResolveNode::emitCode):

2008-04-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Put the callee in the call frame.
        
        Necessary in order to support "arguments" and "arguments.callee".

        Also fixes a latent GC bug, where an executing function could be
        subject to GC if the register holding it were overwritten. Here's
        an example that would have caused problems:
        
        function f()
        {
            // Flood the machine stack to eliminate any old pointers to f.
            g.call({});
            
            // Overwrite f in the register file.
            f = 1;

            // Force a GC.
            for (var i = 0; i < 5000; ++i) {
                ({});
            }
            
            // Welcome to crash-ville.
        }

        function g()
        {
        }

        f();

        * VM/Machine.h: Changed the order of arguments to
        execute(FunctionBodyNode*...) to match the other execute functions.
        * kjs/function.cpp: Updated to match new argument requirements from
        execute(FunctionBodyNode*...). Renamed newObj to thisObj to match the
        rest of JavaScriptCore.

        SunSpider reports no change.

2008-04-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej.

        Bug 18707: SQUIRRELFISH: eval always performs toString() on its argument
        <https://bugs.webkit.org/show_bug.cgi?id=18707>

        This fixes 4 more regression tests.

        * VM/Machine.cpp:
        (KJS::eval):

2008-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fix logic bug in SegmentedVector::grow which would sometimes fail to resize a segment when needed
        
        Fixes 3 JSC tests.

        * VM/SegmentedVector.h:
        (KJS::SegmentedVector::grow):

2008-04-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Degenerate handling of "arguments" as a property of the activation
        object. Currently, we just return a vanilla object.
        
        SunSpider reports no change.

        Fixes:

        ecma_3/Function/regress-94506.js.
        
        Reveals to have been secretly broken:

        ecma_3/Function/15.3.4.3-1.js
        ecma_3/Function/15.3.4.4-1.js
        
        These tests were passing incorrectly. testkjs creates a global array
        named "arguments" to hold command-line arguments. That array was
        tricking these tests into thinking that an arguments object with length
        0 had been created. Since our new vanilla object shadows the global
        property named arguments, that object no longer fools these tests into
        passing.
        
        Net change: +1 failing test.

        * kjs/AllInOneFile.cpp: Had to put JSActivation.cpp into AllInOneFile.cpp
        to solve a surprising 8.6% regression in bitops-3bit-bits-in-byte.

2008-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - save and restore callFrame

        * VM/Machine.cpp:
        (KJS::slideRegisterWindowForCall):
        (KJS::Machine::execute):
        (KJS::Machine::privateExecute):
        * kjs/testkjs.cpp:
        (main):

2008-04-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed scopes for named function expressions.
        
        Fixes one regression test.
        
        Two changes here:
        
        (1) The function's name is supposed to have attributes DontDelete,
        ReadOnly, regardless of the type of code executing.
        
        (2) Push the name object on the function's scope chain, rather than
        the ExecState's scope chain because, well, that's where it belongs.

2008-04-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Inlined JSObject::putDirect, for a .4% SunSpider speedup.
        
        I did this as a first step toward removing nodes.cpp from
        AllInOneFile.cpp, but I'm putting that larger project aside for now.

2008-04-23  Maciej Stachowiak  <mjs@apple.com>

        Rubber stamped by Geoff.
        
        - add OldInterpreterExecState class and use it in dead code
        
        This will allow removing things from the real ExecState class
        without having to figure out how to remove all this code without
        getting a perf regression.

        * kjs/nodes.cpp:
        (KJS::ExpressionNode::evaluateToNumber):
        (KJS::ExpressionNode::evaluateToBoolean):
        (KJS::ExpressionNode::evaluateToInt32):
        (KJS::ExpressionNode::evaluateToUInt32):
        (KJS::Node::setErrorCompletion):
        (KJS::Node::throwError):
        (KJS::Node::throwUndefinedVariableError):
        (KJS::Node::handleException):
        (KJS::Node::rethrowException):
        (KJS::BreakpointCheckStatement::execute):
        (KJS::BreakpointCheckStatement::optimizeVariableAccess):
        (KJS::NullNode::evaluate):
        (KJS::FalseNode::evaluate):
        (KJS::TrueNode::evaluate):
        (KJS::NumberNode::evaluate):
        (KJS::NumberNode::evaluateToNumber):
        (KJS::NumberNode::evaluateToBoolean):
        (KJS::NumberNode::evaluateToInt32):
        (KJS::NumberNode::evaluateToUInt32):
        (KJS::ImmediateNumberNode::evaluate):
        (KJS::ImmediateNumberNode::evaluateToInt32):
        (KJS::ImmediateNumberNode::evaluateToUInt32):
        (KJS::StringNode::evaluate):
        (KJS::StringNode::evaluateToNumber):
        (KJS::StringNode::evaluateToBoolean):
        (KJS::RegExpNode::evaluate):
        (KJS::ThisNode::evaluate):
        (KJS::ResolveNode::inlineEvaluate):
        (KJS::ResolveNode::evaluate):
        (KJS::ResolveNode::evaluateToNumber):
        (KJS::ResolveNode::evaluateToBoolean):
        (KJS::ResolveNode::evaluateToInt32):
        (KJS::ResolveNode::evaluateToUInt32):
        (KJS::getSymbolTableEntry):
        (KJS::ResolveNode::optimizeVariableAccess):
        (KJS::LocalVarAccessNode::inlineEvaluate):
        (KJS::LocalVarAccessNode::evaluate):
        (KJS::LocalVarAccessNode::evaluateToNumber):
        (KJS::LocalVarAccessNode::evaluateToBoolean):
        (KJS::LocalVarAccessNode::evaluateToInt32):
        (KJS::LocalVarAccessNode::evaluateToUInt32):
        (KJS::getNonLocalSymbol):
        (KJS::ScopedVarAccessNode::inlineEvaluate):
        (KJS::ScopedVarAccessNode::evaluate):
        (KJS::ScopedVarAccessNode::evaluateToNumber):
        (KJS::ScopedVarAccessNode::evaluateToBoolean):
        (KJS::ScopedVarAccessNode::evaluateToInt32):
        (KJS::ScopedVarAccessNode::evaluateToUInt32):
        (KJS::NonLocalVarAccessNode::inlineEvaluate):
        (KJS::NonLocalVarAccessNode::evaluate):
        (KJS::NonLocalVarAccessNode::evaluateToNumber):
        (KJS::NonLocalVarAccessNode::evaluateToBoolean):
        (KJS::NonLocalVarAccessNode::evaluateToInt32):
        (KJS::NonLocalVarAccessNode::evaluateToUInt32):
        (KJS::ElementNode::optimizeVariableAccess):
        (KJS::ElementNode::evaluate):
        (KJS::ArrayNode::optimizeVariableAccess):
        (KJS::ArrayNode::evaluate):
        (KJS::ObjectLiteralNode::optimizeVariableAccess):
        (KJS::ObjectLiteralNode::evaluate):
        (KJS::PropertyListNode::optimizeVariableAccess):
        (KJS::PropertyListNode::evaluate):
        (KJS::PropertyNode::optimizeVariableAccess):
        (KJS::PropertyNode::evaluate):
        (KJS::BracketAccessorNode::optimizeVariableAccess):
        (KJS::BracketAccessorNode::inlineEvaluate):
        (KJS::BracketAccessorNode::evaluate):
        (KJS::BracketAccessorNode::evaluateToNumber):
        (KJS::BracketAccessorNode::evaluateToBoolean):
        (KJS::BracketAccessorNode::evaluateToInt32):
        (KJS::BracketAccessorNode::evaluateToUInt32):
        (KJS::DotAccessorNode::optimizeVariableAccess):
        (KJS::DotAccessorNode::inlineEvaluate):
        (KJS::DotAccessorNode::evaluate):
        (KJS::DotAccessorNode::evaluateToNumber):
        (KJS::DotAccessorNode::evaluateToBoolean):
        (KJS::DotAccessorNode::evaluateToInt32):
        (KJS::DotAccessorNode::evaluateToUInt32):
        (KJS::ArgumentListNode::optimizeVariableAccess):
        (KJS::ArgumentListNode::evaluateList):
        (KJS::ArgumentsNode::optimizeVariableAccess):
        (KJS::NewExprNode::optimizeVariableAccess):
        (KJS::NewExprNode::inlineEvaluate):
        (KJS::NewExprNode::evaluate):
        (KJS::NewExprNode::evaluateToNumber):
        (KJS::NewExprNode::evaluateToBoolean):
        (KJS::NewExprNode::evaluateToInt32):
        (KJS::NewExprNode::evaluateToUInt32):
        (KJS::ExpressionNode::resolveAndCall):
        (KJS::EvalFunctionCallNode::optimizeVariableAccess):
        (KJS::EvalFunctionCallNode::evaluate):
        (KJS::FunctionCallValueNode::optimizeVariableAccess):
        (KJS::FunctionCallValueNode::evaluate):
        (KJS::FunctionCallResolveNode::optimizeVariableAccess):
        (KJS::FunctionCallResolveNode::inlineEvaluate):
        (KJS::FunctionCallResolveNode::evaluate):
        (KJS::FunctionCallResolveNode::evaluateToNumber):
        (KJS::FunctionCallResolveNode::evaluateToBoolean):
        (KJS::FunctionCallResolveNode::evaluateToInt32):
        (KJS::FunctionCallResolveNode::evaluateToUInt32):
        (KJS::LocalVarFunctionCallNode::inlineEvaluate):
        (KJS::LocalVarFunctionCallNode::evaluate):
        (KJS::LocalVarFunctionCallNode::evaluateToNumber):
        (KJS::LocalVarFunctionCallNode::evaluateToBoolean):
        (KJS::LocalVarFunctionCallNode::evaluateToInt32):
        (KJS::LocalVarFunctionCallNode::evaluateToUInt32):
        (KJS::ScopedVarFunctionCallNode::inlineEvaluate):
        (KJS::ScopedVarFunctionCallNode::evaluate):
        (KJS::ScopedVarFunctionCallNode::evaluateToNumber):
        (KJS::ScopedVarFunctionCallNode::evaluateToBoolean):
        (KJS::ScopedVarFunctionCallNode::evaluateToInt32):
        (KJS::ScopedVarFunctionCallNode::evaluateToUInt32):
        (KJS::NonLocalVarFunctionCallNode::inlineEvaluate):
        (KJS::NonLocalVarFunctionCallNode::evaluate):
        (KJS::NonLocalVarFunctionCallNode::evaluateToNumber):
        (KJS::NonLocalVarFunctionCallNode::evaluateToBoolean):
        (KJS::NonLocalVarFunctionCallNode::evaluateToInt32):
        (KJS::NonLocalVarFunctionCallNode::evaluateToUInt32):
        (KJS::FunctionCallBracketNode::optimizeVariableAccess):
        (KJS::FunctionCallBracketNode::evaluate):
        (KJS::FunctionCallDotNode::optimizeVariableAccess):
        (KJS::FunctionCallDotNode::inlineEvaluate):
        (KJS::FunctionCallDotNode::evaluate):
        (KJS::FunctionCallDotNode::evaluateToNumber):
        (KJS::FunctionCallDotNode::evaluateToBoolean):
        (KJS::FunctionCallDotNode::evaluateToInt32):
        (KJS::FunctionCallDotNode::evaluateToUInt32):
        (KJS::PostIncResolveNode::optimizeVariableAccess):
        (KJS::PostIncResolveNode::evaluate):
        (KJS::PostIncLocalVarNode::evaluate):
        (KJS::PostDecResolveNode::optimizeVariableAccess):
        (KJS::PostDecResolveNode::evaluate):
        (KJS::PostDecLocalVarNode::evaluate):
        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
        (KJS::PostDecLocalVarNode::evaluateToNumber):
        (KJS::PostDecLocalVarNode::evaluateToBoolean):
        (KJS::PostDecLocalVarNode::evaluateToInt32):
        (KJS::PostDecLocalVarNode::evaluateToUInt32):
        (KJS::PostfixBracketNode::optimizeVariableAccess):
        (KJS::PostIncBracketNode::evaluate):
        (KJS::PostDecBracketNode::evaluate):
        (KJS::PostfixDotNode::optimizeVariableAccess):
        (KJS::PostIncDotNode::evaluate):
        (KJS::PostDecDotNode::evaluate):
        (KJS::PostfixErrorNode::evaluate):
        (KJS::DeleteResolveNode::optimizeVariableAccess):
        (KJS::DeleteResolveNode::evaluate):
        (KJS::LocalVarDeleteNode::evaluate):
        (KJS::DeleteBracketNode::optimizeVariableAccess):
        (KJS::DeleteBracketNode::evaluate):
        (KJS::DeleteDotNode::optimizeVariableAccess):
        (KJS::DeleteDotNode::evaluate):
        (KJS::DeleteValueNode::optimizeVariableAccess):
        (KJS::DeleteValueNode::evaluate):
        (KJS::VoidNode::optimizeVariableAccess):
        (KJS::VoidNode::evaluate):
        (KJS::TypeOfValueNode::optimizeVariableAccess):
        (KJS::TypeOfResolveNode::optimizeVariableAccess):
        (KJS::LocalVarTypeOfNode::evaluate):
        (KJS::TypeOfResolveNode::evaluate):
        (KJS::TypeOfValueNode::evaluate):
        (KJS::PreIncResolveNode::optimizeVariableAccess):
        (KJS::PreIncLocalVarNode::evaluate):
        (KJS::PreIncResolveNode::evaluate):
        (KJS::PreDecResolveNode::optimizeVariableAccess):
        (KJS::PreDecLocalVarNode::evaluate):
        (KJS::PreDecResolveNode::evaluate):
        (KJS::PreIncConstNode::evaluate):
        (KJS::PreDecConstNode::evaluate):
        (KJS::PostIncConstNode::evaluate):
        (KJS::PostDecConstNode::evaluate):
        (KJS::PrefixBracketNode::optimizeVariableAccess):
        (KJS::PreIncBracketNode::evaluate):
        (KJS::PreDecBracketNode::evaluate):
        (KJS::PrefixDotNode::optimizeVariableAccess):
        (KJS::PreIncDotNode::evaluate):
        (KJS::PreDecDotNode::evaluate):
        (KJS::PrefixErrorNode::evaluate):
        (KJS::UnaryPlusNode::optimizeVariableAccess):
        (KJS::UnaryPlusNode::evaluate):
        (KJS::UnaryPlusNode::evaluateToBoolean):
        (KJS::UnaryPlusNode::evaluateToNumber):
        (KJS::UnaryPlusNode::evaluateToInt32):
        (KJS::UnaryPlusNode::evaluateToUInt32):
        (KJS::NegateNode::optimizeVariableAccess):
        (KJS::NegateNode::evaluate):
        (KJS::NegateNode::evaluateToNumber):
        (KJS::BitwiseNotNode::optimizeVariableAccess):
        (KJS::BitwiseNotNode::inlineEvaluateToInt32):
        (KJS::BitwiseNotNode::evaluate):
        (KJS::BitwiseNotNode::evaluateToNumber):
        (KJS::BitwiseNotNode::evaluateToBoolean):
        (KJS::BitwiseNotNode::evaluateToInt32):
        (KJS::BitwiseNotNode::evaluateToUInt32):
        (KJS::LogicalNotNode::optimizeVariableAccess):
        (KJS::LogicalNotNode::evaluate):
        (KJS::LogicalNotNode::evaluateToBoolean):
        (KJS::MultNode::optimizeVariableAccess):
        (KJS::MultNode::inlineEvaluateToNumber):
        (KJS::MultNode::evaluate):
        (KJS::MultNode::evaluateToNumber):
        (KJS::MultNode::evaluateToBoolean):
        (KJS::MultNode::evaluateToInt32):
        (KJS::MultNode::evaluateToUInt32):
        (KJS::DivNode::optimizeVariableAccess):
        (KJS::DivNode::inlineEvaluateToNumber):
        (KJS::DivNode::evaluate):
        (KJS::DivNode::evaluateToNumber):
        (KJS::DivNode::evaluateToInt32):
        (KJS::DivNode::evaluateToUInt32):
        (KJS::ModNode::optimizeVariableAccess):
        (KJS::ModNode::inlineEvaluateToNumber):
        (KJS::ModNode::evaluate):
        (KJS::ModNode::evaluateToNumber):
        (KJS::ModNode::evaluateToBoolean):
        (KJS::ModNode::evaluateToInt32):
        (KJS::ModNode::evaluateToUInt32):
        (KJS::throwOutOfMemoryErrorToNumber):
        (KJS::addSlowCase):
        (KJS::addSlowCaseToNumber):
        (KJS::add):
        (KJS::addToNumber):
        (KJS::AddNode::optimizeVariableAccess):
        (KJS::AddNode::evaluate):
        (KJS::AddNode::inlineEvaluateToNumber):
        (KJS::AddNode::evaluateToNumber):
        (KJS::AddNode::evaluateToInt32):
        (KJS::AddNode::evaluateToUInt32):
        (KJS::AddNumbersNode::inlineEvaluateToNumber):
        (KJS::AddNumbersNode::evaluate):
        (KJS::AddNumbersNode::evaluateToNumber):
        (KJS::AddNumbersNode::evaluateToInt32):
        (KJS::AddNumbersNode::evaluateToUInt32):
        (KJS::AddStringsNode::evaluate):
        (KJS::AddStringLeftNode::evaluate):
        (KJS::AddStringRightNode::evaluate):
        (KJS::SubNode::optimizeVariableAccess):
        (KJS::SubNode::inlineEvaluateToNumber):
        (KJS::SubNode::evaluate):
        (KJS::SubNode::evaluateToNumber):
        (KJS::SubNode::evaluateToInt32):
        (KJS::SubNode::evaluateToUInt32):
        (KJS::LeftShiftNode::optimizeVariableAccess):
        (KJS::LeftShiftNode::inlineEvaluateToInt32):
        (KJS::LeftShiftNode::evaluate):
        (KJS::LeftShiftNode::evaluateToNumber):
        (KJS::LeftShiftNode::evaluateToInt32):
        (KJS::LeftShiftNode::evaluateToUInt32):
        (KJS::RightShiftNode::optimizeVariableAccess):
        (KJS::RightShiftNode::inlineEvaluateToInt32):
        (KJS::RightShiftNode::evaluate):
        (KJS::RightShiftNode::evaluateToNumber):
        (KJS::RightShiftNode::evaluateToInt32):
        (KJS::RightShiftNode::evaluateToUInt32):
        (KJS::UnsignedRightShiftNode::optimizeVariableAccess):
        (KJS::UnsignedRightShiftNode::inlineEvaluateToUInt32):
        (KJS::UnsignedRightShiftNode::evaluate):
        (KJS::UnsignedRightShiftNode::evaluateToNumber):
        (KJS::UnsignedRightShiftNode::evaluateToInt32):
        (KJS::UnsignedRightShiftNode::evaluateToUInt32):
        (KJS::lessThan):
        (KJS::lessThanEq):
        (KJS::LessNode::optimizeVariableAccess):
        (KJS::LessNode::inlineEvaluateToBoolean):
        (KJS::LessNode::evaluate):
        (KJS::LessNode::evaluateToBoolean):
        (KJS::LessNumbersNode::inlineEvaluateToBoolean):
        (KJS::LessNumbersNode::evaluate):
        (KJS::LessNumbersNode::evaluateToBoolean):
        (KJS::LessStringsNode::inlineEvaluateToBoolean):
        (KJS::LessStringsNode::evaluate):
        (KJS::LessStringsNode::evaluateToBoolean):
        (KJS::GreaterNode::optimizeVariableAccess):
        (KJS::GreaterNode::inlineEvaluateToBoolean):
        (KJS::GreaterNode::evaluate):
        (KJS::GreaterNode::evaluateToBoolean):
        (KJS::LessEqNode::optimizeVariableAccess):
        (KJS::LessEqNode::inlineEvaluateToBoolean):
        (KJS::LessEqNode::evaluate):
        (KJS::LessEqNode::evaluateToBoolean):
        (KJS::GreaterEqNode::optimizeVariableAccess):
        (KJS::GreaterEqNode::inlineEvaluateToBoolean):
        (KJS::GreaterEqNode::evaluate):
        (KJS::GreaterEqNode::evaluateToBoolean):
        (KJS::InstanceOfNode::optimizeVariableAccess):
        (KJS::InstanceOfNode::evaluate):
        (KJS::InstanceOfNode::evaluateToBoolean):
        (KJS::InNode::optimizeVariableAccess):
        (KJS::InNode::evaluate):
        (KJS::InNode::evaluateToBoolean):
        (KJS::EqualNode::optimizeVariableAccess):
        (KJS::EqualNode::inlineEvaluateToBoolean):
        (KJS::EqualNode::evaluate):
        (KJS::EqualNode::evaluateToBoolean):
        (KJS::NotEqualNode::optimizeVariableAccess):
        (KJS::NotEqualNode::inlineEvaluateToBoolean):
        (KJS::NotEqualNode::evaluate):
        (KJS::NotEqualNode::evaluateToBoolean):
        (KJS::StrictEqualNode::optimizeVariableAccess):
        (KJS::StrictEqualNode::inlineEvaluateToBoolean):
        (KJS::StrictEqualNode::evaluate):
        (KJS::StrictEqualNode::evaluateToBoolean):
        (KJS::NotStrictEqualNode::optimizeVariableAccess):
        (KJS::NotStrictEqualNode::inlineEvaluateToBoolean):
        (KJS::NotStrictEqualNode::evaluate):
        (KJS::NotStrictEqualNode::evaluateToBoolean):
        (KJS::BitAndNode::optimizeVariableAccess):
        (KJS::BitAndNode::evaluate):
        (KJS::BitAndNode::inlineEvaluateToInt32):
        (KJS::BitAndNode::evaluateToNumber):
        (KJS::BitAndNode::evaluateToBoolean):
        (KJS::BitAndNode::evaluateToInt32):
        (KJS::BitAndNode::evaluateToUInt32):
        (KJS::BitXOrNode::optimizeVariableAccess):
        (KJS::BitXOrNode::inlineEvaluateToInt32):
        (KJS::BitXOrNode::evaluate):
        (KJS::BitXOrNode::evaluateToNumber):
        (KJS::BitXOrNode::evaluateToBoolean):
        (KJS::BitXOrNode::evaluateToInt32):
        (KJS::BitXOrNode::evaluateToUInt32):
        (KJS::BitOrNode::optimizeVariableAccess):
        (KJS::BitOrNode::inlineEvaluateToInt32):
        (KJS::BitOrNode::evaluate):
        (KJS::BitOrNode::evaluateToNumber):
        (KJS::BitOrNode::evaluateToBoolean):
        (KJS::BitOrNode::evaluateToInt32):
        (KJS::BitOrNode::evaluateToUInt32):
        (KJS::LogicalAndNode::optimizeVariableAccess):
        (KJS::LogicalAndNode::evaluate):
        (KJS::LogicalAndNode::evaluateToBoolean):
        (KJS::LogicalOrNode::optimizeVariableAccess):
        (KJS::LogicalOrNode::evaluate):
        (KJS::LogicalOrNode::evaluateToBoolean):
        (KJS::ConditionalNode::optimizeVariableAccess):
        (KJS::ConditionalNode::evaluate):
        (KJS::ConditionalNode::evaluateToBoolean):
        (KJS::ConditionalNode::evaluateToNumber):
        (KJS::ConditionalNode::evaluateToInt32):
        (KJS::ConditionalNode::evaluateToUInt32):
        (KJS::valueForReadModifyAssignment):
        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
        (KJS::AssignResolveNode::optimizeVariableAccess):
        (KJS::ReadModifyLocalVarNode::evaluate):
        (KJS::AssignLocalVarNode::evaluate):
        (KJS::ReadModifyConstNode::evaluate):
        (KJS::AssignConstNode::evaluate):
        (KJS::ReadModifyResolveNode::evaluate):
        (KJS::AssignResolveNode::evaluate):
        (KJS::AssignDotNode::optimizeVariableAccess):
        (KJS::AssignDotNode::evaluate):
        (KJS::ReadModifyDotNode::optimizeVariableAccess):
        (KJS::ReadModifyDotNode::evaluate):
        (KJS::AssignErrorNode::evaluate):
        (KJS::AssignBracketNode::optimizeVariableAccess):
        (KJS::AssignBracketNode::evaluate):
        (KJS::ReadModifyBracketNode::optimizeVariableAccess):
        (KJS::ReadModifyBracketNode::evaluate):
        (KJS::CommaNode::optimizeVariableAccess):
        (KJS::CommaNode::evaluate):
        (KJS::ConstDeclNode::optimizeVariableAccess):
        (KJS::ConstDeclNode::handleSlowCase):
        (KJS::ConstDeclNode::evaluateSingle):
        (KJS::ConstDeclNode::evaluate):
        (KJS::ConstStatementNode::optimizeVariableAccess):
        (KJS::ConstStatementNode::execute):
        (KJS::statementListExecute):
        (KJS::BlockNode::optimizeVariableAccess):
        (KJS::BlockNode::execute):
        (KJS::EmptyStatementNode::execute):
        (KJS::ExprStatementNode::optimizeVariableAccess):
        (KJS::ExprStatementNode::execute):
        (KJS::VarStatementNode::optimizeVariableAccess):
        (KJS::VarStatementNode::execute):
        (KJS::IfNode::optimizeVariableAccess):
        (KJS::IfNode::execute):
        (KJS::IfElseNode::optimizeVariableAccess):
        (KJS::IfElseNode::execute):
        (KJS::DoWhileNode::optimizeVariableAccess):
        (KJS::DoWhileNode::execute):
        (KJS::WhileNode::optimizeVariableAccess):
        (KJS::WhileNode::execute):
        (KJS::ForNode::optimizeVariableAccess):
        (KJS::ForNode::execute):
        (KJS::ForInNode::optimizeVariableAccess):
        (KJS::ForInNode::execute):
        (KJS::ContinueNode::execute):
        (KJS::BreakNode::execute):
        (KJS::ReturnNode::optimizeVariableAccess):
        (KJS::ReturnNode::execute):
        (KJS::WithNode::optimizeVariableAccess):
        (KJS::WithNode::execute):
        (KJS::CaseClauseNode::optimizeVariableAccess):
        (KJS::CaseClauseNode::evaluate):
        (KJS::CaseClauseNode::executeStatements):
        (KJS::ClauseListNode::optimizeVariableAccess):
        (KJS::CaseBlockNode::optimizeVariableAccess):
        (KJS::CaseBlockNode::executeBlock):
        (KJS::SwitchNode::optimizeVariableAccess):
        (KJS::SwitchNode::execute):
        (KJS::LabelNode::optimizeVariableAccess):
        (KJS::LabelNode::execute):
        (KJS::ThrowNode::optimizeVariableAccess):
        (KJS::ThrowNode::execute):
        (KJS::TryNode::optimizeVariableAccess):
        (KJS::TryNode::execute):
        (KJS::ProgramNode::initializeSymbolTable):
        (KJS::ScopeNode::optimizeVariableAccess):
        (KJS::ProgramNode::processDeclarations):
        (KJS::EvalNode::processDeclarations):
        (KJS::ProgramNode::execute):
        (KJS::EvalNode::execute):
        (KJS::FunctionBodyNodeWithDebuggerHooks::execute):
        (KJS::FuncDeclNode::execute):
        (KJS::FuncExprNode::evaluate):
        * kjs/nodes.h:
        (KJS::Node::):
        (KJS::FalseNode::):
        (KJS::TrueNode::):
        (KJS::ArgumentsNode::):

2008-04-23  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 18672: SQUIRRELFISH: codegen fails with a large number of temporaries
        <https://bugs.webkit.org/show_bug.cgi?id=18672>

        Add a SegmentedVector type, which provides a Vector<T> which maintains
        existing memory locations during resize.  This allows dynamically sizing
        local, temporary and label "vectors" in CodeGenerator.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::addVar):
        (KJS::CodeGenerator::CodeGenerator):
        (KJS::CodeGenerator::newTemporary):
        (KJS::CodeGenerator::newLabel):
        * VM/CodeGenerator.h:
        * VM/SegmentedVector.h: Added.
        (KJS::SegmentedVector::SegmentedVector):
        (KJS::SegmentedVector::~SegmentedVector):
        (KJS::SegmentedVector::last):
        (KJS::SegmentedVector::append):
        (KJS::SegmentedVector::removeLast):
        (KJS::SegmentedVector::size):
        (KJS::SegmentedVector::operator[]):
        (KJS::SegmentedVector::resize):
        (KJS::SegmentedVector::shrink):
        (KJS::SegmentedVector::grow):

2008-04-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        A little refactoring in preparation for supporting 'arguments'.
        
        Fixes 2 regression tests.

        SunSpider reports no change.        

        We now check the activation register, instead of the codeBlock, to
        determine whether we need to tear off the activation. This is to support
        "f.arguments", which will create an activation/arguments pair for f,
        even though the needsFullScopeChain flag is false for f's codeBlock.
        
        The test fixes resulted from calling initializeCallFrame for re-entrant
        function code, instead of initializing (not enough) parts of the call
        frame by hand.

2008-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Sam.
        
        - propagate the "this" value properly to local eval
        
        (fixes a measly one regression test)

        * VM/CodeBlock.h:
        (KJS::CodeBlock::CodeBlock):
        (KJS::ProgramCodeBlock::ProgramCodeBlock):
        (KJS::EvalCodeBlock::EvalCodeBlock):
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-04-22  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej.

        Add support for function declarations in eval code.

        (this fixes 12 more regression tests)
        
        * VM/CodeBlock.h:
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::CodeGenerator):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * kjs/nodes.cpp:
        (KJS::EvalNode::generateCode):

2008-04-22  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Implement LabelNode.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::pushJumpContext):
        (KJS::CodeGenerator::jumpContextForContinue):
        (KJS::CodeGenerator::jumpContextForBreak):
        * VM/CodeGenerator.h:
        * kjs/nodes.cpp:
        (KJS::DoWhileNode::emitCode):
        (KJS::WhileNode::emitCode):
        (KJS::ForNode::emitCode):
        (KJS::ForInNode::emitCode):
        (KJS::ContinueNode::emitCode):
        (KJS::BreakNode::emitCode):
        (KJS::SwitchNode::emitCode):
        (KJS::LabelNode::emitCode):

2008-04-22  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed crash when unwinding from exceptions inside eval.

        * VM/Machine.cpp:
        (KJS::Machine::unwindCallFrame): Don't assume that the top of the
        current call frame's scope chain is an activation: it can be the global
        object, instead.

2008-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.

        * kjs/testkjs.cpp:
        (main): Convert signals to exit codes, so that crashing tests are
        detected as regression test failures.

2008-04-22  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt and Maciej Stachowiak.
        
        Renamed "needsActivation" to "needsFullScopeChain" because lying will
        make hair grow on the backs of your hands.

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed ScopeChainNode lifetime problems:
        
        (1) In "with" and "catch" scopes, we would construct a ScopeChain
        object and then jump across its destructor, leaking the ScopeChainNode
        we had pushed.

        (2) In global and eval scopes, we would fail to initially ref
        "scopeChain", causing us to overrelease it later. Now that we ref
        "scopeChain" properly, we also need to deref it when the script
        terminates.

        SunSpider reports a .2% regression, but an earlier round of ScopeChain
        refactoring was a .4% speedup, so there.

2008-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Alexey.
        
        - use global object instead of null for "this" on unqualified calls
        
        This fixes 10 more JSC test regressions.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - throw proper exceptions for objects that don't implement call or construct
        
        This fixes 21 more JSC test regressions. It is also seemingly an
        0.5% progression.

        * VM/ExceptionHelpers.cpp:
        (KJS::createNotAnObjectError):
        (KJS::createNotAConstructorError):
        (KJS::createNotAFunctionError):
        * VM/ExceptionHelpers.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-04-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Implement emitCode for ConstDeclNode.

        This fixes the crash (assertion) in js1_5/Scope/scope-001.js

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::registerForLocalConstInit):
        * VM/CodeGenerator.h:
        * kjs/nodes.cpp:
        (KJS::AssignResolveNode::emitCode):
        (KJS::ConstDeclNode::emitCodeSingle):
        (KJS::ConstDeclNode::emitCode):
        (KJS::ConstStatementNode::emitCode):
        * kjs/nodes.h:

2008-04-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Sam.
        
        - add some support for the split window object

        This fixes many layout tests.
        
        * VM/Machine.cpp:
        (KJS::resolveBaseAndFunc): Use toThisObject() to ensure we get the
        wrapper global, if one exists, as the "this" object.
        * kjs/function.cpp:
        (KJS::globalFuncEval): Use toGlobalObject() to handle the wrapper
        case properly.

2008-04-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - restore ScopeChain::operator= to avoid crash on many layout tests
        
        Otherwise, FunctionImp::setScope would cause a reference
        underflow. I implemented using the copy construct and swap idiom.

        * kjs/scope_chain.h:
        (KJS::ScopeChain::swap):
        (KJS::ScopeChain::operator=):

2008-04-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Bug 18649: SQUIRRELFISH: correctly handle exceptions in eval code
        <https://bugs.webkit.org/show_bug.cgi?id=18649>

        Allocate a callframe for eval() and initialise with a null codeBlock to
        indicate native code.  This prevents the unwinder from clobbering the
        register stack.

        * VM/Machine.cpp:
        (KJS::Machine::execute):

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Removed ScopeChain::push(ScopeChain&) because it was unused. Moved
        ScopeChain::print to ScopeChainNode.
        
        ScopeChain is now nothing more than a resource-handling wrapper around
        ScopeChainNode.

2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej.

        Bug 18671: SquirrelFish: continue inside switch fails
        <https://bugs.webkit.org/show_bug.cgi?id=18671>

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::jumpContextForLabel):
        * VM/CodeGenerator.h:
        * kjs/nodes.cpp:
        (KJS::ContinueNode::emitCode):

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Moved push(JSObject*) and pop() from ScopeChain to ScopeChainNode,
        rearranging scope_chain.h a bit.

        SunSpider reports no change.

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Moved bottom() from ScopeChain to ScopeChainNode, simplifying it based
        on the knowledge that the ScopeChain is never empty.

        SunSpider reports no change.

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Moved begin() and end() from ScopeChain to ScopeChainNode. 
        
        Also marked a few methods "const".

        SunSpider reports no change.
        
2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Turned ScopeChain::depth into a stand-alone function, and simplified it
        a bit. 
        
        I also moved ScopeChain::depth to Machine.cpp because it doesn't report
        the true depth of the ScopeChain -- just the Machine's perspective of
        its depth within a given call frame.

        SunSpider reports no change.
        
2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Removed indirection in ScopeChain::ref / ScopeChain::deref.
        
        SunSpider reports no change.
        
        * kjs/scope_chain.h:
        (KJS::ScopeChain::ScopeChain):
        (KJS::ScopeChain::~ScopeChain):
        (KJS::ScopeChain::clear):

2008-04-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by NOBODY(Build fix)

        Fix debug build

        * kjs/nodes.cpp:
        (KJS::ConstDeclNode::evaluateSingle):

2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Bug 18664: SQUIRRELFISH: correctly throw a SyntaxError when parsing of eval code fails
        <https://bugs.webkit.org/show_bug.cgi?id=18664>

        Correctly throw a SyntaxError when parsing of eval code fails.

        * VM/Machine.cpp:
        (KJS::eval):

2008-04-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Partial fix for Bug 18649: SQUIRRELFISH: correctly handle exceptions in eval code

        Make sure we correct the register state before jumping to vm_throw.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Simplified ScopeChain ref/deref.
        
        SunSpider reports a .4% speedup.
        
        * kjs/scope_chain.h:
        (KJS::ScopeChainNode::ref): Removed this function because it was nonsense.
        ScopeChainNodes are initialized with a refCount of 1, so the loop was
        guaranteed to iterate exactly once.

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Removed support for empty ScopeChains.

        SunSpider reports no change.

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Removed some completely unused ScopeChain member functions.

        SunSpider reports no change.

2008-04-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Avoid creating unnecessary ScopeChain objects, to reduce refcount churn.

        SunSpider reports no change.

2008-04-21  Maciej Stachowiak  <mjs@apple.com>

        Rubber stamped by Alexey.
        
        Add some braces.x

        * kjs/testkjs.cpp:
        (runWithScripts):

2008-04-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - only print "End:" output when -d flag is passed.
        
        This fixes half of our failing JSC regression tests.

        * kjs/testkjs.cpp:
        (runWithScripts):

2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej.

        Add support for variable declarations in eval code.

        * VM/CodeBlock.h:
        (KJS::EvalCodeBlock::EvalCodeBlock):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::CodeGenerator):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * VM/Machine.h:
        * kjs/function.cpp:
        (KJS::globalFuncEval):
        * kjs/nodes.cpp:
        (KJS::EvalNode::generateCode):
        * kjs/nodes.h:
        (KJS::EvalNode::):

2008-04-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Throw exceptions for invalid continue, break, and return statements.

        Simple refactoring and extension of Cameron's AssignErrorNode, etc patch

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::CodeGenerator):
        (KJS::CodeGenerator::pushJumpContext):
        (KJS::CodeGenerator::popJumpContext):
        (KJS::CodeGenerator::jumpContextForLabel):
        * VM/CodeGenerator.h:
        * kjs/nodes.cpp:
        (KJS::Node::emitThrowError):
        (KJS::ContinueNode::emitCode):
        (KJS::BreakNode::emitCode):
        (KJS::ReturnNode::emitCode):
        * kjs/nodes.h:

2008-04-20  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Removed Machine.cpp from AllInOneFile.cpp, and manually inlined a few
        things that used to be inlined automatically.
        
        1.9% speedup on SunSpider.
        
        My hope is that we'll face fewer surprises in Machine.cpp codegen, now
        that GCC is making fewer decisions. The speedup seems to confirm that.

2008-04-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18642: Iterator context may get placed into the return register, leading to much badness
        <https://bugs.webkit.org/show_bug.cgi?id=18642>

        To prevent incorrectly reusing what will become the result register for
        eval and global code execution, we need to request and ref the destination
        in advance of codegen.  Unfortunately this may lead to unnecessary copying,
        although in future we can probably limit this.  Curiously SunSpider shows
        a progression in a number of tests, although it comes out as a wash overall.

        * kjs/nodes.cpp:
        (KJS::EvalNode::emitCode):
        (KJS::ProgramNode::emitCode):

2008-04-20  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej.

        Add support for AssignErrorNode, PrefixErrorNode, and PostfixErrorNode.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitCreateError):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::PostfixErrorNode::emitCode):
        (KJS::PrefixErrorNode::emitCode):
        (KJS::AssignErrorNode::emitCode):
        * kjs/nodes.h:

2008-04-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff and Mark.

        Provide line number information in exceptions

        Simple patch, adds line number information metadata to CodeBlock
        and a simple method to get the line number responsible for a given
        Instruction*.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::lineNumberForVPC):
        * VM/CodeBlock.h:
        * VM/CodeGenerator.h:
        (KJS::CodeGenerator::emitNode):
        * VM/Machine.cpp:
        (KJS::Machine::throwException):

2008-04-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Provide "sourceURL" in exceptions

        * VM/CodeBlock.h:
        * VM/Machine.cpp:
        (KJS::Machine::throwException):
        * kjs/nodes.cpp:
        (KJS::EvalNode::generateCode):
        (KJS::ProgramNode::generateCode):

2008-04-19  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Don't call emitCode directly on subnodes, instead use CodeGenerator::emitNode

        This patch just a preparation for tracking line numbers.

        * kjs/nodes.cpp:
        (KJS::ObjectLiteralNode::emitCode):
        (KJS::PropertyListNode::emitCode):
        (KJS::ArgumentListNode::emitCode):
        (KJS::TryNode::emitCode):

2008-04-19  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18619: Support continue, break, and return in try .. finally blocks
        <https://bugs.webkit.org/show_bug.cgi?id=18619>

        This patch replaces the current partial finally support (which uses code
        duplication to achieve what it does) with a subroutine based approach.
        This has a number of advantages over code duplication:
          * Reduced code size
          * Simplified exception handling as the finaliser code only exists in 
            one place, so no "magic" is needed to get the correct handler for a 
            finaliser.
          * When we support instruction to line number mapping we won't need to
            worry about the dramatic code movement caused by duplication

        On the downside it is necessary to add two new opcodes, op_jsr and op_sret
        to enter and exit the finaliser subroutines, happily SunSpider reports
        a performance progression (gcc amazes me) and ubench reports a wash.

        While jsr and sret provide a mechanism that allows us to enter and exit
        any arbitrary finaliser we need to, it was still necessary to increase
        the amount of information tracked when entering and exiting both finaliser
        scopes and dynamic scopes ("with").  This means "scopeDepth" is now
        the combination of "finaliserDepth" and "dynamicScopeDepth".  We also
        now use a scopeContextStack to ensure that we pop scopes and execute
        finalisers in the correct order.  This increases the cost of "with" nodes
        during codegen, but it should not be significant enough to effect real
        world performance and greatly simplifies codegen for return, break and
        continue when interacting with finalisers.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
          Pretty printing of jsr/sret opcodes

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::CodeGenerator):
        (KJS::CodeGenerator::emitPushScope):
        (KJS::CodeGenerator::emitPopScope):
          Dynamic scopes need to be tracked on the scopeContextStack now

        (KJS::CodeGenerator::pushFinallyContext):
        (KJS::CodeGenerator::popFinallyContext):
          Handle entry and exit from code regions with finalisers.  This is
          needed solely to support return, continue and break inside finaliser
          regions.

        (KJS::CodeGenerator::emitComplexJumpScopes):
          Helper function for emitJumpScopes to handle the complex codegen
          needed to handle return, continue and break inside a finaliser region

        (KJS::CodeGenerator::emitJumpScopes):
          Updated to be aware of finalisers, if a cross-scope jump occurs inside
          a finaliser we hand off codegen to emitComplexJumpScopes, otherwise
          we can handle the normal (trivial) case with a single instruction.

        (KJS::CodeGenerator::emitJumpSubroutine):
        (KJS::CodeGenerator::emitSubroutineReturn):
          Trivial opcode emitter functions.

        * VM/CodeGenerator.h:
        (KJS::CodeGenerator::scopeDepth):
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
          Implement op_jsr and op_sret.

        * VM/Opcode.h:
          Ad op_jsr and op_sret

        * kjs/nodes.cpp:
        (KJS::TryNode::emitCode):
          Fix codegen for new finaliser model.

2008-04-17  Mark Rowe  <mrowe@apple.com>

        Rubber-stamped by Oliver Hunt.

        Remove unnecessary files from testkjs, testapi and minidom targets.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2008-04-17  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed ASSERT seen during run-sunspider of a debug build.

        * VM/CodeGenerator.h: Made the default codegen buffers bigger. SunSpider
        runs all tests in one global environment, so you end up with more than
        128 locals. This is just a stop-gap until we code up a real
        solution to arbitrary symbol and label limits.

2008-04-17  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed a bug in exception unwinding, where we wouldn't deref the scope
        chain in global scope, so we would leak ScopeChainNodes when exceptions
        were thrown inside "with" and "catch" scopes.
        
        Also did some cleanup of the unwinding code along the way.
        
        Scope chain reference counting is still wrong in a few ways. I thought
        I would fix this portion of it first.
        
        run-sunspider shows no change.

        * VM/Machine.cpp:
        (KJS::Machine::unwindCallFrame):
        (KJS::Machine::throwException):
        (KJS::Machine::privateExecute):
        * VM/Machine.h:

2008-04-17  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Add more exception checking to toNumber conversions

        This corrects op_pre_dec, op_negate, op_mod and op_sub.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):

2008-04-17  Geoffrey Garen  <ggaren@apple.com> and Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt.
        
        Behold: eval.
        
        Introduced a new opcode: op_call_eval. In the normal case, it performs
        an eval. In the case where eval has been overridden in some way, it
        performs a function call.

        * VM/CodeGenerator.h: Added a feature so the code generator knows not
        to optimized locals in eval code.
        
2008-04-17  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Added some ASSERTs to document codegen failures in
        run-javascriptcore-tests.
        
        For all tests, program-level codegen now either succeeds, or fails with
        an ASSERT.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::addVar):
        (KJS::CodeGenerator::CodeGenerator):
        (KJS::CodeGenerator::newTemporary):
        (KJS::CodeGenerator::newLabel):

2008-04-17  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed another case of a dst register being an unreferenced temporary
        (caused an ASSERT when running the full sunspider suite).

        * kjs/nodes.cpp:
        (KJS::CaseBlockNode::emitCodeForBlock):

2008-04-16  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.
        
        - add documentation (and meaningful parameter names) for arithmetic and bitwise binary ops

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitMul):
        (KJS::CodeGenerator::emitDiv):
        (KJS::CodeGenerator::emitMod):
        (KJS::CodeGenerator::emitSub):
        (KJS::CodeGenerator::emitLeftShift):
        (KJS::CodeGenerator::emitRightShift):
        (KJS::CodeGenerator::emitUnsignedRightShift):
        (KJS::CodeGenerator::emitBitAnd):
        (KJS::CodeGenerator::emitBitXOr):
        (KJS::CodeGenerator::emitBitOr):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::MultNode::emitCode):
        (KJS::DivNode::emitCode):
        (KJS::ModNode::emitCode):
        (KJS::SubNode::emitCode):
        (KJS::LeftShiftNode::emitCode):
        (KJS::RightShiftNode::emitCode):
        (KJS::UnsignedRightShiftNode::emitCode):
        (KJS::BitAndNode::emitCode):
        (KJS::BitXOrNode::emitCode):
        (KJS::BitOrNode::emitCode):
        (KJS::emitReadModifyAssignment):
        (KJS::ReadModifyResolveNode::emitCode):

2008-04-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        Exception checks for toNumber in op_pre_inc

        This is somewhat more convoluted than the simple hadException checks
        we currently use.  Instead we use special toNumber conversions that
        select between the exception and ordinary vPC.  This allows us to 
        remove any branches in the common case (incrementing a number).

        * API/JSCallbackObject.h:
        * API/JSCallbackObjectFunctions.h:
        (KJS::::toNumber):
        * ChangeLog:
        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * VM/JSPropertyNameIterator.cpp:
        (KJS::JSPropertyNameIterator::toNumber):
        * VM/JSPropertyNameIterator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/ExecState.cpp:
        (KJS::ExecState::ExecState):
        * kjs/ExecState.h:
        * kjs/JSNotAnObject.cpp:
        (KJS::JSNotAnObject::toNumber):
        * kjs/JSNotAnObject.h:
        * kjs/internal.cpp:
        (KJS::StringImp::toNumber):
        (KJS::NumberImp::toNumber):
        (KJS::GetterSetterImp::toNumber):
        * kjs/internal.h:
        * kjs/object.cpp:
        (KJS::JSObject::toNumber):
        * kjs/object.h:
        * kjs/value.h:
        (KJS::JSValue::toNumber):

2008-04-16  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.
        
        - ensure that activations are kept in a register to protect them from GC
        
        Also renamed OptionalCalleeScopeChain constant to OptionalCalleeActivation, since
        that is what is now kept there, and there is no more need to keep the scope chain in
        the register file.

        * VM/Machine.cpp:
        (KJS::initializeCallFrame):
        (KJS::scopeChainForCall):
        * VM/Machine.h:
        (KJS::Machine::):

2008-04-16  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Made "this" work in program code / global scope.
        
        The machine can initialize "this" prior to execution because it knows
        that, for program code, "this" is always stored in lr1. 

        * VM/Machine.cpp:
        (KJS::Machine::execute):
        * VM/Machine.h:
        (KJS::Machine::):
        * kjs/interpreter.cpp:
        (KJS::Interpreter::evaluate):

2008-04-16  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed a codegen bug when returning from inside a dynamic scope (a with
        or catch block): we need to pop any dynamic scope(s) that have been
        added so op_ret can find the activation object at the top of the scope
        chain.

        * kjs/nodes.cpp:
        (KJS::ReturnNode::emitCode): If we're returning from inside a dynamic
        scope, emit a jmp_scopes to take care of popping any dynamic scope(s)
        and then branching to the return instruction.

2008-04-16  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.
        
        - document the add and get_prop_id opcodes
        
        In addition to adding documentation in comments, I changed
        references to register IDs or indices relating to these opcodes to
        have meaningful names instead of r0 r1 r2.

        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitAdd):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * kjs/nodes.cpp:
        (KJS::DotAccessorNode::emitCode):
        (KJS::FunctionCallDotNode::emitCode):
        (KJS::PostIncDotNode::emitCode):
        (KJS::PostDecDotNode::emitCode):
        (KJS::PreIncDotNode::emitCode):
        (KJS::PreDecDotNode::emitCode):
        (KJS::AddNode::emitCode):
        (KJS::ReadModifyDotNode::emitCode):

2008-04-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt and Maciej Stachowiak.
        
        Fixed a codegen bug in with and switch, and added an ASSERT to
        make sure it doesn't happen again.
        
        emitCode() assumes that dst, if non-zero, is either referenced or
        non-temporary (i.e., it assumes that newTemporary() will return a
        register not equal to dst). Certain callers to emitCode() weren't
        guaranteeing that to be so, so temporary register values were being
        overwritten.

        * VM/CodeGenerator.h:
        (KJS::CodeGenerator::emitNode): ASSERT that dst is referenced or non-temporary.

        * kjs/nodes.cpp:
        (KJS::CommaNode::emitCode): Reference the dst we pass.

        (KJS::WithNode::emitCode): No need to pass an explicit dst register.
        
        (KJS::CaseBlockNode::emitCodeForBlock): No need to pass an explicit dst register.
        (KJS::SwitchNode::emitCode): No need to pass an explicit dst register.

        * kjs/nodes.h: Made dst the last parameter to emitCodeForBlock, to match
        emitCode.

2008-04-15  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18526: Throw exceptions when resolve fails for op_resolve_base_and_func.
        <https://bugs.webkit.org/show_bug.cgi?id=18526>

        Very simple fix, sunspider shows a 0.7% progression, ubench shows a 0.4% regression.

        * VM/Machine.cpp:
        (KJS::resolveBaseAndFunc):
        (KJS::Machine::privateExecute):

2008-04-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fix incorrect result on 3d-raytrace test
        
        Oliver found and tracked down this bug, I just typed in the fix.

        * VM/Machine.cpp:
        (KJS::slideRegisterWindowForCall): When setting omitted parameters to undefined,
        account for the space for local variables.

2008-04-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fix codegen handling of dst registers
        
        1.006x speedup (not sure why).
        
        Most emitCode functions take an optional "dst" parameter that says
        where the output of the instruction should be written. I made some
        functions for convenient handling of the dst register:

        * VM/CodeGenerator.h:
        (KJS::CodeGenerator::tempDestination): Takes the dst register. Returns it if
        it is not null and is a temporary, otherwise allocates a new temporary. This is
        intended for cases where an intermediate value might be written into the dst

        (KJS::CodeGenerator::finalDestination): Takes the dst register and an optional
        register that was used as a temp destination. Picks the right thing for the final
        output. Intended to be used as the output register for the instruction that generates
        the final value of a particular node.
        
        (KJS::CodeGenerator::moveToDestinationIfNeeded): Takes dst and a
        RegisterID; moves from the register to dst if dst is defined and
        different from the register. This is intended for cases where the
        result of a node is already in a specific register (likely a
        local), and so no code needs to be generated unless a specific
        destination has been requested, in which case a move is needed.
        
        I also applied these methods throughout emitCode functions. In
        some cases this was just cleanup, in other cases I fixed actual
        codegen bugs. Below I have given specific comments for the cases
        where I believe I fixed a codegen bug, or improved quality of codegen.
        
        * kjs/nodes.cpp:
        (KJS::NullNode::emitCode):
        (KJS::FalseNode::emitCode):
        (KJS::TrueNode::emitCode):
        (KJS::NumberNode::emitCode):
        (KJS::StringNode::emitCode):
        (KJS::RegExpNode::emitCode):
        (KJS::ThisNode::emitCode): Now avoids emitting a mov when dst is
        the same as the this register (the unlikely case of "this = this");
        (KJS::ResolveNode::emitCode): Now avoids emitting a mov when dst
        is the same as the local regiester, in the local var case (the
        unlikely case of "x = x");
        (KJS::ArrayNode::emitCode): Fixed a codegen bug where array
        literal element expressions may have observed an intermediate
        value of constructing the array.
        (KJS::ObjectLiteralNode::emitCode): 
        (KJS::PropertyListNode::emitCode): Fixed a codegen bug where object literal
        property definition expressions may have obesrved an intermediate value of
        constructing the object.
        (KJS::BracketAccessorNode::emitCode):
        (KJS::DotAccessorNode::emitCode):
        (KJS::NewExprNode::emitCode):
        (KJS::FunctionCallValueNode::emitCode):
        (KJS::FunctionCallBracketNode::emitCode):
        (KJS::FunctionCallDotNode::emitCode):
        (KJS::PostIncResolveNode::emitCode):
        (KJS::PostDecResolveNode::emitCode):
        (KJS::PostIncBracketNode::emitCode):
        (KJS::PostDecBracketNode::emitCode):
        (KJS::PostIncDotNode::emitCode):
        (KJS::PostDecDotNode::emitCode):
        (KJS::DeleteResolveNode::emitCode):
        (KJS::DeleteBracketNode::emitCode):
        (KJS::DeleteDotNode::emitCode):
        (KJS::DeleteValueNode::emitCode):
        (KJS::VoidNode::emitCode):
        (KJS::TypeOfResolveNode::emitCode):
        (KJS::TypeOfValueNode::emitCode):
        (KJS::PreIncResolveNode::emitCode): Fixed a codegen bug where the final
        value would not be output to the dst register in the local var case.
        (KJS::PreDecResolveNode::emitCode): Fixed a codegen bug where the final
        value would not be output to the dst register in the local var case.
        (KJS::PreIncBracketNode::emitCode):
        (KJS::PreDecBracketNode::emitCode):
        (KJS::PreIncDotNode::emitCode):
        (KJS::PreDecDotNode::emitCode):
        (KJS::UnaryPlusNode::emitCode):
        (KJS::NegateNode::emitCode):
        (KJS::BitwiseNotNode::emitCode):
        (KJS::LogicalNotNode::emitCode):
        (KJS::MultNode::emitCode):
        (KJS::DivNode::emitCode):
        (KJS::ModNode::emitCode):
        (KJS::AddNode::emitCode):
        (KJS::SubNode::emitCode):
        (KJS::LeftShiftNode::emitCode):
        (KJS::RightShiftNode::emitCode):
        (KJS::UnsignedRightShiftNode::emitCode):
        (KJS::LessNode::emitCode):
        (KJS::GreaterNode::emitCode):
        (KJS::LessEqNode::emitCode):
        (KJS::GreaterEqNode::emitCode):
        (KJS::InstanceOfNode::emitCode):
        (KJS::InNode::emitCode):
        (KJS::EqualNode::emitCode):
        (KJS::NotEqualNode::emitCode):
        (KJS::StrictEqualNode::emitCode):
        (KJS::NotStrictEqualNode::emitCode):
        (KJS::BitAndNode::emitCode):
        (KJS::BitXOrNode::emitCode):
        (KJS::BitOrNode::emitCode):
        (KJS::LogicalAndNode::emitCode):
        (KJS::LogicalOrNode::emitCode):
        (KJS::ConditionalNode::emitCode):
        (KJS::emitReadModifyAssignment): Allow an out argument separate from the operands,
        needed for fixes below.
        (KJS::ReadModifyResolveNode::emitCode): Fixed a codegen bug where the right side of
        the expression may observe an intermediate value.
        (KJS::AssignResolveNode::emitCode): Fixed a codegen bug where the right side of the
        expression may observe an intermediate value.
        (KJS::ReadModifyDotNode::emitCode): Fixed a codegen bug where the right side of the
        expression may observe an intermediate value.
        (KJS::ReadModifyBracketNode::emitCode): Fixed a codegen bug where the right side of the
        expression may observe an intermediate value.
        (KJS::CommaNode::emitCode): Avoid writing temporary value to dst register.
        (KJS::ReturnNode::emitCode): Void return should return undefined, not null.
        (KJS::FuncExprNode::emitCode):

2008-04-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.

        - fix huge performance regression (from trunk) in string-unpack-code
        
        This restores string-unpack-code performance to parity with
        trunk (2.27x speedup relative to previous SquirrelFish)
        
        * VM/Machine.cpp:
        (KJS::Machine::execute): Shrink register file after call to avoid
        growing repeatedly.

2008-04-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Fixed dumpCallFrame to match our new convention of passing around a
        ScopeChainNode* instead of a ScopeChain*.

        * JavaScriptCore.exp:
        * VM/Machine.cpp:
        (KJS::Machine::dumpCallFrame):
        * VM/Machine.h:

2008-04-15  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        Bug 18436: Need to throw exception on read/modify/write or similar resolve for nonexistent property
        <https://bugs.webkit.org/show_bug.cgi?id=18436>

        Add op_resolve_base_and_property for read/modify/write operations,
        this adds a "superinstruction" to resolve the base and value of a
        property simultaneously.  Just using resolveBase and resolve results 
        in an 5% regression in ubench, 30% in loop-empty-resolve (which is 
        expected).  1.3% progression in sunspider, 2.1% in ubench, with a 
        21% gain in loop-empty-resolve.  The only outlier is function-missing-args
        which gets a 3% regression that I could never resolve.

        * VM/CodeBlock.cpp:
        (KJS::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (KJS::CodeGenerator::emitResolveBaseAndProperty):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (KJS::resolveBaseAndProperty):
        (KJS::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (KJS::PostIncResolveNode::emitCode):
        (KJS::PostDecResolveNode::emitCode):
        (KJS::PreIncResolveNode::emitCode):
        (KJS::PreDecResolveNode::emitCode):
        (KJS::ReadModifyResolveNode::emitCode):

2008-04-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fixed "SquirrelFish crashes due to bad scope chain on some SunSpider tests"
        https://bugs.webkit.org/show_bug.cgi?id=18508