Bug 19968: Slow Script at www.huffingtonpost.com

[WebKit-https.git] / JavaScriptCore / ChangeLog

2008-09-23  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 19968: Slow Script at www.huffingtonpost.com
        <https://bugs.webkit.org/show_bug.cgi?id=19968>

        Finally found the cause of this accursed issue.  It is triggered
        by synchronous creation of a new global object from JS.  The new
        global object resets the timer state in this execution group's
        Machine, taking timerCheckCount to 0.  Then when JS returns the
        timerCheckCount is decremented making it non-zero.  The next time
        we execute JS we will start the timeout counter, however the non-zero
        timeoutCheckCount means we don't reset the timer information. This
        means that the timeout check is now checking the cumulative time
        since the creation of the global object rather than the time since
        JS was last entered.  At this point the slow script dialog is guaranteed
        to eventually be displayed incorrectly unless a page is loaded
        asynchronously (which will reset everything into a sane state).

        The fix for this is rather trivial -- the JSGlobalObject constructor
        should not be resetting the machine timer state.

        * VM/Machine.cpp:
        (JSC::Machine::Machine):
          Now that we can't rely on the GlobalObject initialising the timeout
          state, we do it in the Machine constructor.

        * VM/Machine.h:
        (JSC::Machine::stopTimeoutCheck):
          Add assertions to guard against this happening.

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
          Don't reset the timeout state.

2008-09-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=21038 | <rdar://problem/6240812>
        Uncaught exceptions in regex replace callbacks crash webkit
        
        This was a combination of two problems:
        
        (1) the replace function would continue execution after an exception
        had been thrown.
        
        (2) In some cases, the Machine would return 0 in the case of an exception,
        despite the fact that a few clients dereference the Machine's return
        value without first checking for an exception.
        
        * VM/Machine.cpp:
        (JSC::Machine::execute):
        
        ^ Return jsNull() instead of 0 in the case of an exception, since some
        clients depend on using our return value.
        
        ^ ASSERT that execution does not continue after an exception has been
        thrown, to help catch problems like this in the future.

        * kjs/StringPrototype.cpp:
        (JSC::stringProtoFuncReplace):
        
        ^ Stop execution if an exception has been thrown.

2008-09-23  Geoffrey Garen  <ggaren@apple.com>

        Try to fix the windows build.

        * VM/CTI.cpp:
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):

2008-09-23  Alp Toker  <alp@nuanti.com>

        Build fix.

        * VM/CTI.h:

2008-09-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        * wtf/Platform.h: Removed duplicate #if.

2008-09-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Changed the layout of the call frame from
        
        { header, parameters, locals | constants, temporaries }
        
        to
        
        { parameters, header | locals, constants, temporaries }
        
        This simplifies function entry+exit, and enables a number of future
        optimizations.
        
        13.5% speedup on empty call benchmark for bytecode; 23.6% speedup on
        empty call benchmark for CTI.
        
        SunSpider says no change. SunSpider --v8 says 1% faster.

        * VM/CTI.cpp:
        
        Added a bit of abstraction for calculating whether a register is a
        constant, since this patch changes that calculation:
        (JSC::CTI::isConstant):
        (JSC::CTI::getConstant):
        (JSC::CTI::emitGetArg):
        (JSC::CTI::emitGetPutArg):
        (JSC::CTI::getConstantImmediateNumericArg):

        Updated for changes to callframe header location:
        (JSC::CTI::emitPutToCallFrameHeader):
        (JSC::CTI::emitGetFromCallFrameHeader):
        (JSC::CTI::printOpcodeOperandTypes):
        
        Renamed to spite Oliver:
        (JSC::CTI::emitInitRegister):
        
        Added an abstraction for emitting a call through a register, so that
        calls through registers generate exception info, too:
        (JSC::CTI::emitCall):

        Updated to match the new callframe header layout, and to support calls
        through registers, which have no destination address:
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):

        * VM/CTI.h:

        More of the above:
        (JSC::CallRecord::CallRecord):

        * VM/CodeBlock.cpp:

        Updated for new register layout:
        (JSC::registerName):
        (JSC::CodeBlock::dump):

        * VM/CodeBlock.h:
        
        Updated CodeBlock to track slightly different information about the
        register frame, and tweaked the style of an ASSERT_NOT_REACHED.
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::getStubInfo):

        * VM/CodeGenerator.cpp:
        
        Added some abstraction around constant register allocation, since this
        patch changes it, changed codegen to account for the new callframe
        layout, and added abstraction around register fetching code
        that used to assume that all local registers lived at negative indices,
        since vars now live at positive indices:
        (JSC::CodeGenerator::generate):
        (JSC::CodeGenerator::addVar):
        (JSC::CodeGenerator::addGlobalVar):
        (JSC::CodeGenerator::allocateConstants):
        (JSC::CodeGenerator::CodeGenerator):
        (JSC::CodeGenerator::addParameter):
        (JSC::CodeGenerator::registerFor):
        (JSC::CodeGenerator::constRegisterFor):
        (JSC::CodeGenerator::newRegister):
        (JSC::CodeGenerator::newTemporary):
        (JSC::CodeGenerator::highestUsedRegister):
        (JSC::CodeGenerator::addConstant):
        
        ASSERT that our caller referenced the registers it passed to us.
        Otherwise, we might overwrite them with parameters:
        (JSC::CodeGenerator::emitCall):
        (JSC::CodeGenerator::emitConstruct):

        * VM/CodeGenerator.h:
        
        Added some abstraction for getting a RegisterID for a given index,
        since the rules are a little weird:
        (JSC::CodeGenerator::registerFor):

        * VM/Machine.cpp:

        Utility function to transform a machine return PC to a virtual machine
        return VPC, for the sake of stack unwinding, since both PCs are stored
        in the same location now:
        (JSC::vPCForPC):

        Tweaked to account for new call frame:
        (JSC::Machine::initializeCallFrame):
        
        Tweaked to account for registerOffset supplied by caller:
        (JSC::slideRegisterWindowForCall):

        Tweaked to account for new register layout:
        (JSC::scopeChainForCall):
        (JSC::Machine::callEval):
        (JSC::Machine::dumpRegisters):
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::execute):

        Changed op_call and op_construct to implement the new calling convention:
        (JSC::Machine::privateExecute):

        Tweaked to account for the new register layout:
        (JSC::Machine::retrieveArguments):
        (JSC::Machine::retrieveCaller):
        (JSC::Machine::retrieveLastCaller):
        (JSC::Machine::callFrame):
        (JSC::Machine::getArgumentsData):

        Changed CTI call helpers to implement the new calling convention:
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_call_NotJSFunction):
        (JSC::Machine::cti_op_ret_activation):
        (JSC::Machine::cti_op_ret_profiler):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        (JSC::Machine::cti_op_call_eval):

        * VM/Machine.h:

        * VM/Opcode.h:
        
        Renamed op_initialise_locals to op_init, because this opcode
        doesn't initialize all locals, and it doesn't initialize only locals.
        Also, to spite Oliver.
        
        * VM/RegisterFile.h:
        
        New call frame enumeration values:
        (JSC::RegisterFile::):

        Simplified the calculation of whether a RegisterID is a temporary,
        since we can no longer assume that all positive non-constant registers
        are temporaries:
        * VM/RegisterID.h:
        (JSC::RegisterID::RegisterID):
        (JSC::RegisterID::setTemporary):
        (JSC::RegisterID::isTemporary):

        Renamed firstArgumentIndex to firstParameterIndex because the assumption
        that this variable pertained to the actual arguments supplied by the
        caller caused me to write some buggy code:
        * kjs/Arguments.cpp:
        (JSC::ArgumentsData::ArgumentsData):
        (JSC::Arguments::Arguments):
        (JSC::Arguments::fillArgList):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::put):

        Updated for new call frame layout:
        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::functionName):
        (JSC::DebuggerCallFrame::type):
        * kjs/DebuggerCallFrame.h:

        Changed the activation object to account for the fact that a call frame
        header now sits between parameters and local variables. This change
        requires all variable objects to do their own marking, since they
        now use their register storage differently:
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::mark):
        (JSC::JSActivation::copyRegisters):
        (JSC::JSActivation::createArgumentsObject):
        * kjs/JSActivation.h:

        Updated global object to use the new interfaces required by the change
        to JSActivation above:
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::mark):
        (JSC::JSGlobalObject::copyGlobalsFrom):
        (JSC::JSGlobalObject::copyGlobalsTo):
        * kjs/JSGlobalObject.h:
        (JSC::JSGlobalObject::addStaticGlobals):

        Updated static scope object to use the new interfaces required by the 
        change to JSActivation above:
        * kjs/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::mark):
        (JSC::JSStaticScopeObject::~JSStaticScopeObject):
        * kjs/JSStaticScopeObject.h:
        (JSC::JSStaticScopeObject::JSStaticScopeObject):
        (JSC::JSStaticScopeObject::d):

        Updated variable object to use the new interfaces required by the 
        change to JSActivation above:
        * kjs/JSVariableObject.cpp:
        (JSC::JSVariableObject::copyRegisterArray):
        (JSC::JSVariableObject::setRegisters):
        * kjs/JSVariableObject.h:

        Changed the bit twiddling in symbol table not to assume that all indices
        are negative, since they can be positive now:
        * kjs/SymbolTable.h:
        (JSC::SymbolTableEntry::SymbolTableEntry):
        (JSC::SymbolTableEntry::isNull):
        (JSC::SymbolTableEntry::getIndex):
        (JSC::SymbolTableEntry::getAttributes):
        (JSC::SymbolTableEntry::setAttributes):
        (JSC::SymbolTableEntry::isReadOnly):
        (JSC::SymbolTableEntry::pack):
        (JSC::SymbolTableEntry::isValidIndex):

        Changed call and construct nodes to ref their functions and/or bases,
        so that emitCall/emitConstruct doesn't overwrite them with parameters.
        Also, updated for rename to registerFor:
        * kjs/nodes.cpp:
        (JSC::ResolveNode::emitCode):
        (JSC::NewExprNode::emitCode):
        (JSC::EvalFunctionCallNode::emitCode):
        (JSC::FunctionCallValueNode::emitCode):
        (JSC::FunctionCallResolveNode::emitCode):
        (JSC::FunctionCallBracketNode::emitCode):
        (JSC::FunctionCallDotNode::emitCode):
        (JSC::PostfixResolveNode::emitCode):
        (JSC::DeleteResolveNode::emitCode):
        (JSC::TypeOfResolveNode::emitCode):
        (JSC::PrefixResolveNode::emitCode):
        (JSC::ReadModifyResolveNode::emitCode):
        (JSC::AssignResolveNode::emitCode):
        (JSC::ConstDeclNode::emitCodeSingle):
        (JSC::ForInNode::emitCode):

        Added abstraction for getting exception info out of a call through a
        register:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::emitCall):
        
        Removed duplicate #if:
        * wtf/Platform.h:

2008-09-23  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Darin.

        Bug 21030: The JS debugger breaks on the do of a do-while not the while
        (where the conditional statement is)
        https://bugs.webkit.org/show_bug.cgi?id=21030
        Now the statementListEmitCode detects if a do-while node is being
        emited and emits the debug hook on the last line instead of the first.

        This change had no effect on sunspider.

        * kjs/nodes.cpp:
        (JSC::statementListEmitCode):
        * kjs/nodes.h:
        (JSC::StatementNode::isDoWhile):
        (JSC::DoWhileNode::isDoWhile):

2008-09-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Camron Zwarich.

        - inline the fast case of instanceof
        https://bugs.webkit.org/show_bug.cgi?id=20818

        ~2% speedup on EarleyBoyer test.
        
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_instanceof):

2008-09-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - add forgotten slow case logic for !==

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileSlowCases):

2008-09-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.

        - inline the fast cases of !==, same as for ===
        
        2.9% speedup on EarleyBoyer benchmark

        * VM/CTI.cpp:
        (JSC::CTI::compileOpStrictEq): Factored stricteq codegen into this function,
        and parameterized so it can do the reverse version as well.
        (JSC::CTI::privateCompileMainPass): Use the above for stricteq and nstricteq.
        * VM/CTI.h:
        (JSC::CTI::): Declare above stuff.
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_nstricteq): Removed fast cases, now handled inline.

2008-09-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt.

        Bug 20989: Aguments constructor should put 'callee' and 'length' properties in a more efficient way
        <https://bugs.webkit.org/show_bug.cgi?id=20989>

        Make special cases for the 'callee' and 'length' properties in the
        Arguments object.

        This is somewhere between a 7.8% speedup and a 10% speedup on the V8
        Raytrace benchmark, depending on whether it is run alone or with the
        other V8 benchmarks.

        * kjs/Arguments.cpp:
        (JSC::ArgumentsData::ArgumentsData):
        (JSC::Arguments::Arguments):
        (JSC::Arguments::mark):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::put):
        (JSC::Arguments::deleteProperty):

2008-09-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.

        - speed up instanceof some more
        https://bugs.webkit.org/show_bug.cgi?id=20818
        
        ~2% speedup on EarleyBoyer

        The idea here is to record in the StructureID whether the class
        needs a special hasInstance or if it can use the normal logic from
        JSObject. 
        
        Based on this I inlined the real work directly into
        cti_op_instanceof and put the fastest checks up front and the
        error handling at the end (so it should be fairly straightforward
        to split off the beginning to be inlined if desired).

        I only did this for CTI, not the bytecode interpreter.
        
        * API/JSCallbackObject.h:
        (JSC::JSCallbackObject::createStructureID):
        * ChangeLog:
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_instanceof):
        * kjs/JSImmediate.h:
        (JSC::JSImmediate::isAnyImmediate):
        * kjs/TypeInfo.h:
        (JSC::TypeInfo::overridesHasInstance):
        (JSC::TypeInfo::flags):

2008-09-22  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=21019
          make FunctionBodyNode::ref/deref fast

        Speeds up v8-raytrace by 7.2%.

        * kjs/nodes.cpp:
        (JSC::FunctionBodyNode::FunctionBodyNode): Initialize m_refCount to 0.
        * kjs/nodes.h:
        (JSC::FunctionBodyNode::ref): Call base class ref once, and thereafter use
        m_refCount.
        (JSC::FunctionBodyNode::deref): Ditto, but the deref side.

2008-09-22  Darin Adler  <darin@apple.com>

        Pointed out by Sam Weinig.

        * kjs/Arguments.cpp:
        (JSC::Arguments::fillArgList): Fix bad copy and paste. Oops!

2008-09-22  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - https://bugs.webkit.org/show_bug.cgi?id=20983
          ArgumentsData should have some room to allocate some extra arguments inline

        Speeds up v8-raytrace by 5%.

        * kjs/Arguments.cpp:
        (JSC::ArgumentsData::ArgumentsData): Use a fixed buffer if there are 4 or fewer
        extra arguments.
        (JSC::Arguments::Arguments): Use a fixed buffer if there are 4 or fewer
        extra arguments.
        (JSC::Arguments::~Arguments): Delete the buffer if necessary.
        (JSC::Arguments::mark): Update since extraArguments are now Register.
        (JSC::Arguments::fillArgList): Added special case for the only case that's
        actually used in the practice, when there are no parameters. There are some
        other special cases in there too, but that's the only one that matters.
        (JSC::Arguments::getOwnPropertySlot): Updated to use setValueSlot since there's
        no operation to get you at the JSValue* inside a Register as a "slot".

2008-09-22  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=21014
        Speed up for..in by using StructureID to avoid calls to hasProperty

        Speeds up fasta by 8%.

        * VM/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::invalidate):
        * VM/JSPropertyNameIterator.h:
        (JSC::JSPropertyNameIterator::next):
        * kjs/PropertyNameArray.h:
        (JSC::PropertyNameArrayData::begin):
        (JSC::PropertyNameArrayData::end):
        (JSC::PropertyNameArrayData::setCachedStructureID):
        (JSC::PropertyNameArrayData::cachedStructureID):
        * kjs/StructureID.cpp:
        (JSC::StructureID::getEnumerablePropertyNames):
        (JSC::structureIDChainsAreEqual):
        * kjs/StructureID.h:

2008-09-22  Kelvin Sherlock  <ksherlock@gmail.com>

        Updated and tweaked by Sam Weinig.

        Reviewed by Geoffrey Garen.

        Bug 20020: Proposed enhancement to JavaScriptCore API
        <https://bugs.webkit.org/show_bug.cgi?id=20020>

        Add JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError, and JSObjectMakeRegExp
        functions to create JavaScript Array, Date, Error, and RegExp objects, respectively.

        * API/JSObjectRef.cpp: The functions
        * API/JSObjectRef.h: Function prototype and documentation
        * JavaScriptCore.exp: Added functions to exported function list
        * API/tests/testapi.c: Added basic functionality tests.

        * kjs/DateConstructor.cpp:
        Replaced static JSObject* constructDate(ExecState* exec, JSObject*, const ArgList& args)
        with JSObject* constructDate(ExecState* exec, const ArgList& args).
        Added static JSObject* constructWithDateConstructor(ExecState* exec, JSObject*, const ArgList& args) function

        * kjs/DateConstructor.h:
        added prototype for JSObject* constructDate(ExecState* exec, const ArgList& args)

        * kjs/ErrorConstructor.cpp:
        removed static qualifier from ErrorInstance* constructError(ExecState* exec, const ArgList& args)

        * kjs/ErrorConstructor.h:
        added prototype for ErrorInstance* constructError(ExecState* exec, const ArgList& args)

        * kjs/RegExpConstructor.cpp:
        removed static qualifier from JSObject* constructRegExp(ExecState* exec, const ArgList& args)

        * kjs/RegExpConstructor.h:
        added prototype for JSObject* constructRegExp(ExecState* exec, const ArgList& args)

2008-09-22  Matt Lilek  <webkit@mattlilek.com>

        Not reviewed, Windows build fix.

        * kjs/Arguments.cpp:
        * kjs/FunctionPrototype.cpp:

2008-09-22  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=20982
        Speed up the apply method of functions by special-casing array and 'arguments' objects

        1% speedup on v8-raytrace.

        Test: fast/js/function-apply.html

        * kjs/Arguments.cpp:
        (JSC::Arguments::fillArgList):
        * kjs/Arguments.h:
        * kjs/FunctionPrototype.cpp:
        (JSC::functionProtoFuncApply):
        * kjs/JSArray.cpp:
        (JSC::JSArray::fillArgList):
        * kjs/JSArray.h:

2008-09-22  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=20993
          Array.push/pop need optimized cases for JSArray

        3% or so speedup on DeltaBlue benchmark.

        * kjs/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncPop): Call JSArray::pop when appropriate.
        (JSC::arrayProtoFuncPush): Call JSArray::push when appropriate.

        * kjs/JSArray.cpp:
        (JSC::JSArray::putSlowCase): Set m_fastAccessCutoff when appropriate, getting
        us into the fast code path.
        (JSC::JSArray::pop): Added.
        (JSC::JSArray::push): Added.
        * kjs/JSArray.h: Added push and pop.

        * kjs/operations.cpp:
        (JSC::throwOutOfMemoryError): Don't inline this. Helps us avoid PIC branches.

2008-09-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - speed up instanceof operator by replacing implementsHasInstance method with a TypeInfo flag

        Partial work towards <https://bugs.webkit.org/show_bug.cgi?id=20818>
        
        2.2% speedup on EarleyBoyer benchmark.

        * API/JSCallbackConstructor.cpp:
        * API/JSCallbackConstructor.h:
        (JSC::JSCallbackConstructor::createStructureID):
        * API/JSCallbackFunction.cpp:
        * API/JSCallbackFunction.h:
        (JSC::JSCallbackFunction::createStructureID):
        * API/JSCallbackObject.h:
        (JSC::JSCallbackObject::createStructureID):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::hasInstance):
        * API/JSValueRef.cpp:
        (JSValueIsInstanceOfConstructor):
        * JavaScriptCore.exp:
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_instanceof):
        * kjs/InternalFunction.cpp:
        * kjs/InternalFunction.h:
        (JSC::InternalFunction::createStructureID):
        * kjs/JSObject.cpp:
        * kjs/JSObject.h:
        * kjs/TypeInfo.h:
        (JSC::TypeInfo::implementsHasInstance):

2008-09-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Dave Hyatt.
        
        Based on initial work by Darin Adler.
        
        - replace masqueradesAsUndefined virtual method with a flag in TypeInfo
        - use this to JIT inline code for eq_null and neq_null
        https://bugs.webkit.org/show_bug.cgi?id=20823

        0.5% speedup on SunSpider
        ~4% speedup on Richards benchmark
        
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/Machine.cpp:
        (JSC::jsTypeStringForValue):
        (JSC::jsIsObjectType):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_is_undefined):
        * VM/Machine.h:
        * kjs/JSCell.h:
        * kjs/JSValue.h:
        * kjs/StringObjectThatMasqueradesAsUndefined.h:
        (JSC::StringObjectThatMasqueradesAsUndefined::create):
        (JSC::StringObjectThatMasqueradesAsUndefined::createStructureID):
        * kjs/StructureID.h:
        (JSC::StructureID::mutableTypeInfo):
        * kjs/TypeInfo.h:
        (JSC::TypeInfo::TypeInfo):
        (JSC::TypeInfo::masqueradesAsUndefined):
        * kjs/operations.cpp:
        (JSC::equal):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::setne_r):
        (JSC::X86Assembler::setnz_r):
        (JSC::X86Assembler::testl_i32m):

2008-09-22  Tor Arne Vestbø  <tavestbo@trolltech.com>

        Reviewed by Simon.

        Initialize QCoreApplication in kjs binary/Shell.cpp
        
        This allows us to use QCoreApplication::instance() to
        get the main thread in ThreadingQt.cpp

        * kjs/Shell.cpp:
        (main):
        * wtf/ThreadingQt.cpp:
        (WTF::initializeThreading):

2008-09-21  Darin Adler  <darin@apple.com>

        - blind attempt to fix non-all-in-one builds

        * kjs/JSGlobalObject.cpp: Added includes of Arguments.h and RegExpObject.h.

2008-09-21  Darin Adler  <darin@apple.com>

        - fix debug build

        * kjs/StructureID.cpp:
        (JSC::StructureID::addPropertyTransition): Use typeInfo().type() instead of m_type.
        (JSC::StructureID::createCachedPrototypeChain): Ditto.

2008-09-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.
        
        - introduce a TypeInfo class, for holding per-type (in the C++ class sense) date in StructureID
        https://bugs.webkit.org/show_bug.cgi?id=20981

        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompilePutByIdTransition):
        * VM/Machine.cpp:
        (JSC::jsIsObjectType):
        (JSC::Machine::Machine):
        * kjs/AllInOneFile.cpp:
        * kjs/JSCell.h:
        (JSC::JSCell::isObject):
        (JSC::JSCell::isString):
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * kjs/JSGlobalObject.h:
        (JSC::StructureID::prototypeForLookup):
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::createStructureID):
        * kjs/JSObject.cpp:
        (JSC::JSObject::createInheritorID):
        * kjs/JSObject.h:
        (JSC::JSObject::createStructureID):
        * kjs/JSString.h:
        (JSC::JSString::createStructureID):
        * kjs/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * kjs/RegExpConstructor.cpp:
        * kjs/RegExpMatchesArray.h: Added.
        (JSC::RegExpMatchesArray::getOwnPropertySlot):
        (JSC::RegExpMatchesArray::put):
        (JSC::RegExpMatchesArray::deleteProperty):
        (JSC::RegExpMatchesArray::getPropertyNames):
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::addPropertyTransition):
        (JSC::StructureID::toDictionaryTransition):
        (JSC::StructureID::changePrototypeTransition):
        (JSC::StructureID::getterSetterTransition):
        * kjs/StructureID.h:
        (JSC::StructureID::create):
        (JSC::StructureID::typeInfo):
        * kjs/TypeInfo.h: Added.
        (JSC::TypeInfo::TypeInfo):
        (JSC::TypeInfo::type):

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - fix crash logging into Gmail due to recent Arguments change

        * kjs/Arguments.cpp:
        (JSC::Arguments::Arguments): Fix window where mark() function could
        see d->extraArguments with uninitialized contents.
        (JSC::Arguments::mark): Check d->extraArguments for 0 to handle two
        cases: 1) Inside the constructor before it's initialized.
        2) numArguments <= numParameters.

2008-09-21  Darin Adler  <darin@apple.com>

        - fix loose end from the "duplicate constant values" patch

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitLoad): Add a special case for values the
        hash table can't handle.

2008-09-21  Mark Rowe  <mrowe@apple.com>

        Fix the non-AllInOneFile build.

        * kjs/Arguments.cpp: Add missing #include.

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich and Mark Rowe.

        - fix test failure caused by my recent IndexToNameMap patch

        * kjs/Arguments.cpp:
        (JSC::Arguments::deleteProperty): Added the accidentally-omitted
        check of the boolean result from toArrayIndex.

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Maciej Stachowiak.

        - https://bugs.webkit.org/show_bug.cgi?id=20975
          inline immediate-number case of ==

        * VM/CTI.h: Renamed emitJumpSlowCaseIfNotImm to
        emitJumpSlowCaseIfNotImmNum, since the old name was incorrect.

        * VM/CTI.cpp: Updated for new name.
        (JSC::CTI::privateCompileMainPass): Added op_eq.
        (JSC::CTI::privateCompileSlowCases): Added op_eq.

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_eq): Removed fast case, since it's now
        compiled.

2008-09-21  Peter Gal  <galpter@inf.u-szeged.hu>

        Reviewed by Tim Hatcher and Eric Seidel.

        Fix the QT/Linux JavaScriptCore segmentation fault.
        https://bugs.webkit.org/show_bug.cgi?id=20914

        * wtf/ThreadingQt.cpp:
        (WTF::initializeThreading): Use currentThread() if
        platform is not a MAC (like in pre 36541 revisions)

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        * kjs/debugger.h: Removed some unneeded includes and declarations.

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=20972
          speed up Arguments further by eliminating the IndexToNameMap

        No change on SunSpider. 1.29x as fast on V8 Raytrace.

        * kjs/Arguments.cpp: Moved ArgumentsData in here. Eliminated the
        indexToNameMap and hadDeletes data members. Changed extraArguments into
        an OwnArrayPtr and added deletedArguments, another OwnArrayPtr.
        Replaced numExtraArguments with numParameters, since that's what's
        used more directly in hot code paths.
        (JSC::Arguments::Arguments): Pass in argument count instead of ArgList.
        Initialize ArgumentsData the new way.
        (JSC::Arguments::mark): Updated.
        (JSC::Arguments::getOwnPropertySlot): Overload for the integer form so
        we don't have to convert integers to identifiers just to get an argument.
        Integrated the deleted case with the fast case.
        (JSC::Arguments::put): Ditto.
        (JSC::Arguments::deleteProperty): Ditto.

        * kjs/Arguments.h: Minimized includes. Made everything private. Added
        overloads for the integral property name case. Eliminated mappedIndexSetter.
        Moved ArgumentsData into the .cpp file.

        * kjs/IndexToNameMap.cpp: Emptied out and prepared for deletion.
        * kjs/IndexToNameMap.h: Ditto.

        * kjs/JSActivation.cpp:
        (JSC::JSActivation::createArgumentsObject): Elminated ArgList.

        * GNUmakefile.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * JavaScriptCoreSources.bkl:
        * kjs/AllInOneFile.cpp:
        Removed IndexToNameMap.

2008-09-21  Darin Adler  <darin@apple.com>

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitLoad): One more tweak: Wrote this in a slightly
        clearer style.

2008-09-21  Judit Jasz  <jasy@inf.u-szeged.hu>

        Reviewed and tweaked by Darin Adler.

        - https://bugs.webkit.org/show_bug.cgi?id=20645
          Elminate duplicate constant values in CodeBlocks.

        Seems to be a wash on SunSpider.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitLoad): Use m_numberMap and m_stringMap to guarantee
        we emit the same JSValue* for identical numbers and strings.
        * VM/CodeGenerator.h: Added overload of emitLoad for const Identifier&.
        Add NumberMap and IdentifierStringMap types and m_numberMap and m_stringMap.
        * kjs/nodes.cpp:
        (JSC::StringNode::emitCode): Call the new emitLoad and let it do the
        JSString creation.

2008-09-21  Paul Pedriana  <webkit@pedriana.com>

        Reviewed and tweaked by Darin Adler.

        - https://bugs.webkit.org/show_bug.cgi?id=16925
          Fixed lack of Vector buffer alignment for both GCC and MSVC.
          Since there's no portable way to do this, for now we don't support
          other compilers.

        * wtf/Vector.h: Added WTF_ALIGH_ON, WTF_ALIGNED, AlignedBufferChar, and AlignedBuffer.
        Use AlignedBuffer insteadof an array of char in VectorBuffer.

2008-09-21  Gabor Loki  <loki@inf.u-szeged.hu>

        Reviewed by Darin Adler.

        - https://bugs.webkit.org/show_bug.cgi?id=19408
          Add lightweight constant folding to the parser for *, /, + (only for numbers), <<, >>, ~ operators.

        1.008x as fast on SunSpider.

        * kjs/grammar.y:
        (makeNegateNode): Fold if expression is a number > 0.
        (makeBitwiseNotNode): Fold if expression is a number.
        (makeMultNode): Fold if expressions are both numbers.
        (makeDivNode): Fold if expressions are both numbers.
        (makeAddNode): Fold if expressions are both numbers.
        (makeLeftShiftNode): Fold if expressions are both numbers.
        (makeRightShiftNode): Fold if expressions are both numbers.

2008-09-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - speed up === operator by generating inline machine code for the fast paths
        https://bugs.webkit.org/show_bug.cgi?id=20820

        * VM/CTI.cpp:
        (JSC::CTI::emitJumpSlowCaseIfNotImmediateNumber):
        (JSC::CTI::emitJumpSlowCaseIfNotImmediateNumbers):
        (JSC::CTI::emitJumpSlowCaseIfNotImmediates):
        (JSC::CTI::emitTagAsBoolImmediate):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CTI.h:
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_stricteq):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::sete_r):
        (JSC::X86Assembler::setz_r):
        (JSC::X86Assembler::movzbl_rr):
        (JSC::X86Assembler::emitUnlinkedJnz):

2008-09-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Free memory allocated for extra arguments in the destructor of the
        Arguments object.

        * kjs/Arguments.cpp:
        (JSC::Arguments::~Arguments):
        * kjs/Arguments.h:

2008-09-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20815: 'arguments' object creation is non-optimal
        <https://bugs.webkit.org/show_bug.cgi?id=20815>

        Fix our inefficient way of creating the arguments object by only
        creating named properties for each of the arguments after a use of the
        'delete' statement. This patch also speeds up access to the 'arguments'
        object slightly, but it still does not use the array fast path for
        indexed access that exists for many opcodes.

        This is about a 20% improvement on the V8 Raytrace benchmark, and a 1.5%
        improvement on the Earley-Boyer benchmark, which gives a 4% improvement
        overall.

        * kjs/Arguments.cpp:
        (JSC::Arguments::Arguments):
        (JSC::Arguments::mark):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::put):
        (JSC::Arguments::deleteProperty):
        * kjs/Arguments.h:
        (JSC::Arguments::ArgumentsData::ArgumentsData):
        * kjs/IndexToNameMap.h:
        (JSC::IndexToNameMap::size):
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::createArgumentsObject):
        * kjs/JSActivation.h:
        (JSC::JSActivation::uncheckedSymbolTableGet):
        (JSC::JSActivation::uncheckedSymbolTableGetValue):
        (JSC::JSActivation::uncheckedSymbolTablePut):
        * kjs/JSFunction.h:
        (JSC::JSFunction::numParameters):

2008-09-20  Darin Adler  <darin@apple.com>

        Reviewed by Mark Rowe.

        - fix crash seen on buildbot

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::mark): Add back mark of arrayPrototype,
        deleted by accident in my recent check-in.

2008-09-20  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed, build fix.
        
        - speculative fix for non-AllInOne builds

        * kjs/operations.h:

2008-09-20  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.
        
        - assorted optimizations to === and !== operators
        (work towards <https://bugs.webkit.org/show_bug.cgi?id=20820>)
        
        2.5% speedup on earley-boyer test

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_stricteq): Use inline version of
        strictEqualSlowCase; remove unneeded exception check.
        (JSC::Machine::cti_op_nstricteq): ditto
        * kjs/operations.cpp:
        (JSC::strictEqual): Use strictEqualSlowCaseInline
        (JSC::strictEqualSlowCase): ditto
        * kjs/operations.h:
        (JSC::strictEqualSlowCaseInline): Version of strictEqualSlowCase that can be inlined,
        since the extra function call indirection is a lose for CTI.

2008-09-20  Darin Adler  <darin@apple.com>

        Reviewed by Maciej Stachowiak.

        - finish https://bugs.webkit.org/show_bug.cgi?id=20858
          make each distinct C++ class get a distinct JSC::Structure

        This also includes some optimizations that make the change an overall
        small speedup. Without those it was a bit of a slowdown.

        * API/JSCallbackConstructor.cpp:
        (JSC::JSCallbackConstructor::JSCallbackConstructor): Take a structure.
        * API/JSCallbackConstructor.h: Ditto.
        * API/JSCallbackFunction.cpp:
        (JSC::JSCallbackFunction::JSCallbackFunction): Pass a structure.
        * API/JSCallbackObject.h: Take a structure.
        * API/JSCallbackObjectFunctions.h:
        (JSC::JSCallbackObject::JSCallbackObject): Ditto.

        * API/JSClassRef.cpp:
        (OpaqueJSClass::prototype): Pass in a structure. Call setPrototype
        if there's a custom prototype involved.
        * API/JSObjectRef.cpp:
        (JSObjectMake): Ditto.
        (JSObjectMakeConstructor): Pass in a structure.

        * JavaScriptCore.exp: Updated.

        * VM/Machine.cpp:
        (JSC::jsLess): Added a special case for when both arguments are strings.
        This avoids converting both strings to with UString::toDouble.
        (JSC::jsLessEq): Ditto.
        (JSC::Machine::privateExecute): Pass in a structure.
        (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
        (JSC::Machine::cti_op_new_regexp): Ditto.
        (JSC::Machine::cti_op_is_string): Ditto.
        * VM/Machine.h: Made isJSString public so it can be used in the CTI.

        * kjs/Arguments.cpp:
        (JSC::Arguments::Arguments): Pass in a structure.

        * kjs/JSCell.h: Mark constructor explicit.

        * kjs/JSGlobalObject.cpp:
        (JSC::markIfNeeded): Added an overload for marking structures.
        (JSC::JSGlobalObject::reset): Eliminate code to set data members to
        zero. We now do that in the constructor, and we no longer use this
        anywhere except in the constructor. Added code to create structures.
        Pass structures rather than prototypes when creating objects.
        (JSC::JSGlobalObject::mark): Mark the structures.

        * kjs/JSGlobalObject.h: Removed unneeded class declarations.
        Added initializers for raw pointers in JSGlobalObjectData so
        everything starts with a 0. Added structure data and accessor
        functions.

        * kjs/JSImmediate.cpp:
        (JSC::JSImmediate::nonInlineNaN): Added.
        * kjs/JSImmediate.h:
        (JSC::JSImmediate::toDouble): Rewrote to avoid PIC branches.

        * kjs/JSNumberCell.cpp:
        (JSC::jsNumberCell): Made non-inline to avoid PIC branches
        in functions that call this one.
        (JSC::jsNaN): Ditto.
        * kjs/JSNumberCell.h: Ditto.

        * kjs/JSObject.h: Removed constructor that takes a prototype.
        All callers now pass structures.

        * kjs/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * kjs/ArrayConstructor.h:
        * kjs/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::ArrayPrototype):
        * kjs/ArrayPrototype.h:
        * kjs/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * kjs/BooleanConstructor.h:
        * kjs/BooleanObject.cpp:
        (JSC::BooleanObject::BooleanObject):
        * kjs/BooleanObject.h:
        * kjs/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * kjs/BooleanPrototype.h:
        * kjs/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        (JSC::constructDate):
        * kjs/DateConstructor.h:
        * kjs/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * kjs/DateInstance.h:
        * kjs/DatePrototype.cpp:
        (JSC::DatePrototype::DatePrototype):
        * kjs/DatePrototype.h:
        * kjs/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        (JSC::constructError):
        * kjs/ErrorConstructor.h:
        * kjs/ErrorInstance.cpp:
        (JSC::ErrorInstance::ErrorInstance):
        * kjs/ErrorInstance.h:
        * kjs/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * kjs/ErrorPrototype.h:
        * kjs/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * kjs/FunctionConstructor.h:
        * kjs/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        (JSC::FunctionPrototype::addFunctionProperties):
        * kjs/FunctionPrototype.h:
        * kjs/GlobalEvalFunction.cpp:
        (JSC::GlobalEvalFunction::GlobalEvalFunction):
        * kjs/GlobalEvalFunction.h:
        * kjs/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        * kjs/InternalFunction.h:
        (JSC::InternalFunction::InternalFunction):
        * kjs/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::constructEmptyArray):
        (JSC::constructArray):
        * kjs/JSArray.h:
        * kjs/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::construct):
        * kjs/JSObject.cpp:
        (JSC::constructEmptyObject):
        * kjs/JSString.cpp:
        (JSC::StringObject::create):
        * kjs/JSWrapperObject.h:
        * kjs/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * kjs/MathObject.h:
        * kjs/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        (JSC::NativeErrorConstructor::construct):
        * kjs/NativeErrorConstructor.h:
        * kjs/NativeErrorPrototype.cpp:
        (JSC::NativeErrorPrototype::NativeErrorPrototype):
        * kjs/NativeErrorPrototype.h:
        * kjs/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        (JSC::constructWithNumberConstructor):
        * kjs/NumberConstructor.h:
        * kjs/NumberObject.cpp:
        (JSC::NumberObject::NumberObject):
        (JSC::constructNumber):
        (JSC::constructNumberFromImmediateNumber):
        * kjs/NumberObject.h:
        * kjs/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * kjs/NumberPrototype.h:
        * kjs/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::constructObject):
        * kjs/ObjectConstructor.h:
        * kjs/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::ObjectPrototype):
        * kjs/ObjectPrototype.h:
        * kjs/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * kjs/PrototypeFunction.h:
        * kjs/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        (JSC::RegExpMatchesArray::RegExpMatchesArray):
        (JSC::constructRegExp):
        * kjs/RegExpConstructor.h:
        * kjs/RegExpObject.cpp:
        (JSC::RegExpObject::RegExpObject):
        * kjs/RegExpObject.h:
        * kjs/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::RegExpPrototype):
        * kjs/RegExpPrototype.h:
        * kjs/Shell.cpp:
        (GlobalObject::GlobalObject):
        * kjs/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        (JSC::constructWithStringConstructor):
        * kjs/StringConstructor.h:
        * kjs/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * kjs/StringObject.h:
        * kjs/StringObjectThatMasqueradesAsUndefined.h:
        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
        * kjs/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * kjs/StringPrototype.h:
        Take and pass structures.

2008-09-19  Alp Toker  <alp@nuanti.com>

        Build fix for the 'gold' linker and recent binutils. New behaviour
        requires that we link to used libraries explicitly.

        * GNUmakefile.am:

2008-09-19  Sam Weinig  <sam@webkit.org>

        Roll r36694 back in.  It did not cause the crash.

        * JavaScriptCore.exp:
        * VM/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::invalidate):
        * VM/JSPropertyNameIterator.h:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::create):
        * kjs/JSObject.cpp:
        (JSC::JSObject::getPropertyNames):
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::getEnumerablePropertyNames):
        * kjs/PropertyMap.h:
        * kjs/PropertyNameArray.cpp:
        (JSC::PropertyNameArray::add):
        * kjs/PropertyNameArray.h:
        (JSC::PropertyNameArrayData::create):
        (JSC::PropertyNameArrayData::propertyNameVector):
        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
        (JSC::PropertyNameArrayData::cachedPrototypeChain):
        (JSC::PropertyNameArrayData::begin):
        (JSC::PropertyNameArrayData::end):
        (JSC::PropertyNameArrayData::PropertyNameArrayData):
        (JSC::PropertyNameArray::PropertyNameArray):
        (JSC::PropertyNameArray::addKnownUnique):
        (JSC::PropertyNameArray::size):
        (JSC::PropertyNameArray::operator[]):
        (JSC::PropertyNameArray::begin):
        (JSC::PropertyNameArray::end):
        (JSC::PropertyNameArray::setData):
        (JSC::PropertyNameArray::data):
        (JSC::PropertyNameArray::releaseData):
        * kjs/StructureID.cpp:
        (JSC::structureIDChainsAreEqual):
        (JSC::StructureID::getEnumerablePropertyNames):
        (JSC::StructureID::clearEnumerationCache):
        (JSC::StructureID::createCachedPrototypeChain):
        * kjs/StructureID.h:

2008-09-19  Sam Weinig  <sam@webkit.org>

        Roll out r36694.

        * JavaScriptCore.exp:
        * VM/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::invalidate):
        * VM/JSPropertyNameIterator.h:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::create):
        * kjs/JSObject.cpp:
        (JSC::JSObject::getPropertyNames):
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::getEnumerablePropertyNames):
        * kjs/PropertyMap.h:
        * kjs/PropertyNameArray.cpp:
        (JSC::PropertyNameArray::add):
        * kjs/PropertyNameArray.h:
        (JSC::PropertyNameArray::PropertyNameArray):
        (JSC::PropertyNameArray::addKnownUnique):
        (JSC::PropertyNameArray::begin):
        (JSC::PropertyNameArray::end):
        (JSC::PropertyNameArray::size):
        (JSC::PropertyNameArray::operator[]):
        (JSC::PropertyNameArray::releaseIdentifiers):
        * kjs/StructureID.cpp:
        (JSC::StructureID::getEnumerablePropertyNames):
        * kjs/StructureID.h:
        (JSC::StructureID::clearEnumerationCache):

2008-09-19  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        Improve peformance of local variable initialisation.

        Pull local and constant initialisation out of slideRegisterWindowForCall
        and into its own opcode.  This allows the JIT to generate the initialisation
        code for a function directly into the instruction stream and so avoids a few
        branches on function entry.

        Results a 1% progression in SunSpider, particularly in a number of the bitop
        tests where the called functions are very fast. 

        * VM/CTI.cpp:
        (JSC::CTI::emitInitialiseRegister):
        (JSC::CTI::privateCompileMainPass):
        * VM/CTI.h:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        * VM/Machine.cpp:
        (JSC::slideRegisterWindowForCall):
        (JSC::Machine::privateExecute):
        * VM/Opcode.h:

2008-09-19  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=20928
        Speed up JS property enumeration by caching entire PropertyNameArray

        1.3% speedup on Sunspider, 30% on string-fasta.

        * JavaScriptCore.exp:
        * VM/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::invalidate):
        * VM/JSPropertyNameIterator.h:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::create):
        * kjs/JSObject.cpp:
        (JSC::JSObject::getPropertyNames):
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::getEnumerablePropertyNames):
        * kjs/PropertyMap.h:
        * kjs/PropertyNameArray.cpp:
        (JSC::PropertyNameArray::add):
        * kjs/PropertyNameArray.h:
        (JSC::PropertyNameArrayData::create):
        (JSC::PropertyNameArrayData::propertyNameVector):
        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
        (JSC::PropertyNameArrayData::cachedPrototypeChain):
        (JSC::PropertyNameArrayData::begin):
        (JSC::PropertyNameArrayData::end):
        (JSC::PropertyNameArrayData::PropertyNameArrayData):
        (JSC::PropertyNameArray::PropertyNameArray):
        (JSC::PropertyNameArray::addKnownUnique):
        (JSC::PropertyNameArray::size):
        (JSC::PropertyNameArray::operator[]):
        (JSC::PropertyNameArray::begin):
        (JSC::PropertyNameArray::end):
        (JSC::PropertyNameArray::setData):
        (JSC::PropertyNameArray::data):
        (JSC::PropertyNameArray::releaseData):
        * kjs/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * kjs/StructureID.cpp:
        (JSC::structureIDChainsAreEqual):
        (JSC::StructureID::getEnumerablePropertyNames):
        (JSC::StructureID::clearEnumerationCache):
        (JSC::StructureID::createCachedPrototypeChain):
        * kjs/StructureID.h:

2008-09-19  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Maciej Stachowiak.

        Fix a mismatched new[]/delete in JSObject::allocatePropertyStorage

        * kjs/JSObject.cpp:
        (JSC::JSObject::allocatePropertyStorage): Spotted by valgrind.

2008-09-19  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - part 2 of https://bugs.webkit.org/show_bug.cgi?id=20858
          make each distinct C++ class get a distinct JSC::Structure

        * JavaScriptCore.exp: Exported constructEmptyObject for use in WebCore.

        * kjs/JSGlobalObject.h: Changed the protected constructor to take a
        structure instead of a prototype.

        * kjs/JSVariableObject.h: Removed constructor that takes a prototype.

2008-09-19  Julien Chaffraix  <jchaffraix@pleyo.com>

        Reviewed by Alexey Proskuryakov.

        Use the template hoisting technique on the RefCounted class. This reduces the code bloat due to
        non-template methods' code been copied for each instance of the template.
        The patch splits RefCounted between a base class that holds non-template methods and attributes
        and the template RefCounted class that keeps the same functionnality.

        On my Linux with gcc 4.3 for the Gtk port, this is:
        - a ~600KB save on libwebkit.so in release.
        - a ~1.6MB save on libwebkit.so in debug.

        It is a wash on Sunspider and a small win on Dromaeo (not sure it is relevant).
        On the whole, it should be a small win as we reduce the compiled code size and the only
        new function call should be inlined by the compiler.

        * wtf/RefCounted.h:
        (WTF::RefCountedBase::ref): Copied from RefCounted.
        (WTF::RefCountedBase::hasOneRef): Ditto.
        (WTF::RefCountedBase::refCount): Ditto.
        (WTF::RefCountedBase::RefCountedBase): Ditto.
        (WTF::RefCountedBase::~RefCountedBase): Ditto.
        (WTF::RefCountedBase::derefBase): Tweaked from the RefCounted version to remove
        template section.
        (WTF::RefCounted::RefCounted):
        (WTF::RefCounted::deref): Small wrapper around RefCountedBase::derefBase().
        (WTF::RefCounted::~RefCounted): Keep private destructor.

2008-09-18  Darin Adler  <darin@apple.com>

        Reviewed by Maciej Stachowiak.

        - part 1 of https://bugs.webkit.org/show_bug.cgi?id=20858
          make each distinct C++ class get a distinct JSC::Structure

        * kjs/lookup.h: Removed things here that were used only in WebCore:
        cacheGlobalObject, JSC_DEFINE_PROTOTYPE, JSC_DEFINE_PROTOTYPE_WITH_PROTOTYPE,
        and JSC_IMPLEMENT_PROTOTYPE.

2008-09-18  Darin Adler  <darin@apple.com>

        Reviewed by Maciej Stachowiak.

        - https://bugs.webkit.org/show_bug.cgi?id=20927
          simplify/streamline the code to turn strings into identifiers while parsing

        * kjs/grammar.y: Get rid of string from the union, and use ident for STRING as
        well as for IDENT.

        * kjs/lexer.cpp:
        (JSC::Lexer::lex): Use makeIdentifier instead of makeUString for String.
        * kjs/lexer.h: Remove makeUString.

        * kjs/nodes.h: Changed StringNode to hold an Identifier instead of UString.

        * VM/CodeGenerator.cpp:
        (JSC::keyForCharacterSwitch): Updated since StringNode now holds an Identifier.
        (JSC::prepareJumpTableForStringSwitch): Ditto.
        * kjs/nodes.cpp:
        (JSC::StringNode::emitCode): Ditto. The comment from here is now in the lexer.
        (JSC::processClauseList): Ditto.
        * kjs/nodes2string.cpp:
        (JSC::StringNode::streamTo): Ditto.

2008-09-18  Sam Weinig  <sam@webkit.org>

        Fix style.

        * VM/Instruction.h:
        (JSC::Instruction::Instruction):

2008-09-18  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 20911: REGRESSION(r36480?): Reproducible assertion failure below derefStructureIDs 64-bit JavaScriptCore
        <https://bugs.webkit.org/show_bug.cgi?id=20911>

        The problem was simply caused by the int constructor for Instruction
        failing to initialise the full struct in 64bit builds.

        * VM/Instruction.h:
        (JSC::Instruction::Instruction):

2008-09-18  Darin Adler  <darin@apple.com>

        - fix release build

        * wtf/RefCountedLeakCounter.cpp: Removed stray "static".

2008-09-18  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        * kjs/JSGlobalObject.h: Tiny style guideline tweak.

2008-09-18  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - fix https://bugs.webkit.org/show_bug.cgi?id=20925
          LEAK messages appear every time I quit

        * JavaScriptCore.exp: Updated, and also added an export
        needed for future WebCore use of JSC::StructureID.

        * wtf/RefCountedLeakCounter.cpp:
        (WTF::RefCountedLeakCounter::suppressMessages): Added.
        (WTF::RefCountedLeakCounter::cancelMessageSuppression): Added.
        (WTF::RefCountedLeakCounter::RefCountedLeakCounter): Tweaked a bit.
        (WTF::RefCountedLeakCounter::~RefCountedLeakCounter): Added code to
        log the reason there was no leak checking done.
        (WTF::RefCountedLeakCounter::increment): Tweaked a bit.
        (WTF::RefCountedLeakCounter::decrement): Ditto.

        * wtf/RefCountedLeakCounter.h: Replaced setLogLeakMessages with two
        new functions, suppressMessages and cancelMessageSuppression. Also
        added m_ prefixes to the data member names.

2008-09-18  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Mark Rowe.

        https://bugs.webkit.org/show_bug.cgi?id=20437

        Add a proper #define to define which XML Parser implementation to use. Client
        code can use #if USE(QXMLSTREAM) to decide if the Qt XML StreamReader
        implementation is going to be used.

        * wtf/Platform.h:

2008-09-18  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Make a Unicode non-breaking space count as a whitespace character in
        PCRE. This change was already made in WREC, and it fixes one of the
        Mozilla JS tests. Since it is now fixed in PCRE as well, we can check
        in a new set of expected test results.

        * pcre/pcre_internal.h:
        (isSpaceChar):
        * tests/mozilla/expected.html:

2008-09-18  Stephanie Lewis  <slewis@apple.com>

        Reviewed by Mark Rowe and Maciej Stachowiak.

        add an option use arch to specify which architecture to run.

        * tests/mozilla/jsDriver.pl:

2008-09-17  Oliver Hunt  <oliver@apple.com>

        Correctly restore argument reference prior to SFX runtime calls.
        
        Reviewed by Steve Falkenburg.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):

2008-09-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20876: REGRESSION (r36417, r36427): fast/js/exception-expression-offset.html fails
        <https://bugs.webkit.org/show_bug.cgi?id=20876>

        r36417 and r36427 caused an get_by_id opcode to be emitted before the
        instanceof and construct opcodes, in order to enable inline caching of
        the prototype property. Unfortunately, this regressed some tests dealing
        with exceptions thrown by 'instanceof' and the 'new' operator. We fix
        these problems by detecting whether an "is not an object" exception is
        thrown before op_instanceof or op_construct, and emit the proper
        exception in those cases.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitConstruct):
        * VM/CodeGenerator.h:
        * VM/ExceptionHelpers.cpp:
        (JSC::createInvalidParamError):
        (JSC::createNotAConstructorError):
        (JSC::createNotAnObjectError):
        * VM/ExceptionHelpers.h:
        * VM/Machine.cpp:
        (JSC::Machine::getOpcode):
        (JSC::Machine::privateExecute):
        * VM/Machine.h:
        * kjs/nodes.cpp:
        (JSC::NewExprNode::emitCode):
        (JSC::InstanceOfNode::emitCode):

2008-09-17  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        JIT generation cti_op_construct_verify.
        
        Quarter to half percent progression on v8-tests.
        Roughly not change on SunSpider (possible minor progression).

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/Machine.cpp:
        * VM/Machine.h:

2008-09-15  Steve Falkenburg  <sfalken@apple.com>

        Improve timer accuracy for JavaScript Date object on Windows.
        
        Use a combination of ftime and QueryPerformanceCounter.
        ftime returns the information we want, but doesn't have sufficient resolution.
        QueryPerformanceCounter has high resolution, but is only usable to measure time intervals.
        To combine them, we call ftime and QueryPerformanceCounter initially. Later calls will use
        QueryPerformanceCounter by itself, adding the delta to the saved ftime.  We re-sync to
        correct for drift if the low-res and high-res elapsed time between calls differs by more
        than twice the low-resolution timer resolution.
        
        QueryPerformanceCounter may be inaccurate due to a problems with:
        - some PCI bridge chipsets (http://support.microsoft.com/kb/274323)
        - BIOS bugs (http://support.microsoft.com/kb/895980/)
        - BIOS/HAL bugs on multiprocessor/multicore systems (http://msdn.microsoft.com/en-us/library/ms644904.aspx)
        
        Reviewed by Darin Adler.

        * kjs/DateMath.cpp:
        (JSC::highResUpTime):
        (JSC::lowResUTCTime):
        (JSC::qpcAvailable):
        (JSC::getCurrentUTCTimeWithMicroseconds):

2008-09-17  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Implement JIT generation of CallFrame initialization, for op_call.

        1% sunspider 2.5% v8-tests.

        * VM/CTI.cpp:
        (JSC::CTI::compileOpCall):
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_call_NotJSFunction):

2008-09-17  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Optimizations for op_call in CTI.  Move check for (ctiCode == 0) into JIT code,
        move copying of scopeChain for CodeBlocks that needFullScopeChain into head of
        functions, instead of checking prior to making the call.

        3% on v8-tests (4% on richards, 6% in delta-blue)

        * VM/CTI.cpp:
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        * VM/Machine.cpp:
        (JSC::Machine::execute):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_vm_compile):
        (JSC::Machine::cti_vm_updateScopeChain):
        (JSC::Machine::cti_op_construct_JSConstruct):
        * VM/Machine.h:

2008-09-17  Tor Arne Vestbø  <tavestbo@trolltech.com>

        Fix the QtWebKit/Mac build

        * wtf/ThreadingQt.cpp:
        (WTF::initializeThreading): use QCoreApplication to get the main thread

2008-09-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20857: REGRESSION (r36427): ASSERTION FAILED: m_refCount >= 0 in RegisterID::deref()
        <https://bugs.webkit.org/show_bug.cgi?id=20857>

        Fix a problem stemming from the slightly unsafe behaviour of the
        CodeGenerator::finalDestination() method by putting the "func" argument
        of the emitConstruct() method in a RefPtr in its caller. Also, add an
        assertion guaranteeing that this is always the case.

        CodeGenerator::finalDestination() is still incorrect and can cause
        problems with a different allocator; see bug 20340 for more details.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitConstruct):
        * kjs/nodes.cpp:
        (JSC::NewExprNode::emitCode):

2008-09-16  Alice Liu  <alice.liu@apple.com>

        build fix.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):

2008-09-16  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        CTI code generation for op_ret.  The majority of the work
        (updating variables on the stack & on exec) can be performed
        directly in generated code.

        We still need to check, & to call out to C-code to handle
        activation records, profiling, and full scope chains.

        +1.5% Sunspider, +5/6% v8 tests.

        * VM/CTI.cpp:
        (JSC::CTI::emitPutCTIParam):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        * VM/CTI.h:
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_ret_activation):
        (JSC::Machine::cti_op_ret_profiler):
        (JSC::Machine::cti_op_ret_scopeChain):
        * VM/Machine.h:

2008-09-16  Dimitri Glazkov  <dglazkov@chromium.org>

        Fix the Windows build.

        Add some extra parentheses to stop MSVC from complaining so much.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_stricteq):
        (JSC::Machine::cti_op_nstricteq):
        * kjs/operations.cpp:
        (JSC::strictEqual):

2008-09-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - speed up the === and !== operators by choosing the fast cases better
        
        No effect on SunSpider but speeds up the V8 EarlyBoyer benchmark about 4%.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_stricteq):
        (JSC::Machine::cti_op_nstricteq):
        * kjs/JSImmediate.h:
        (JSC::JSImmediate::areBothImmediate):
        * kjs/operations.cpp:
        (JSC::strictEqual):
        (JSC::strictEqualSlowCase):
        * kjs/operations.h:

2008-09-15  Oliver Hunt  <oliver@apple.com>

        RS=Sam Weinig.

        Coding style cleanup.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):

2008-09-15  Oliver Hunt  <oliver@apple.com>

        Reviewed by Cameron Zwarich.

        Bug 20874: op_resolve does not do any form of caching
        <https://bugs.webkit.org/show_bug.cgi?id=20874>

        This patch adds an op_resolve_global opcode to handle (and cache)
        property lookup we can statically determine must occur on the global
        object (if at all).

        3% progression on sunspider, 3.2x improvement to bitops-bitwise-and, and
        10% in math-partial-sums

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CTI.h:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::findScopedProperty):
        (JSC::CodeGenerator::emitResolve):
        * VM/Machine.cpp:
        (JSC::resolveGlobal):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_resolve_global):
        * VM/Machine.h:
        * VM/Opcode.h:

2008-09-15  Sam Weinig  <sam@webkit.org>

        Roll out r36462.  It broke document.all.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CTI.h:
        * VM/Machine.cpp:
        (JSC::Machine::Machine):
        (JSC::Machine::cti_op_eq_null):
        (JSC::Machine::cti_op_neq_null):
        * VM/Machine.h:
        (JSC::Machine::isJSString):
        * kjs/JSCell.h:
        * kjs/JSWrapperObject.h:
        * kjs/StringObject.h:
        * kjs/StringObjectThatMasqueradesAsUndefined.h:

2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20863: ASSERTION FAILED: addressOffset < instructions.size() in CodeBlock::getHandlerForVPC
        <https://bugs.webkit.org/show_bug.cgi?id=20863>

        r36427 changed the number of arguments to op_construct without changing
        the argument index for the vPC in the call to initializeCallFrame() in
        the CTI case. This caused a JSC test failure. Correcting the argument
        index fixes the test failure.

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_construct_JSConstruct):

2008-09-15  Mark Rowe  <mrowe@apple.com>

        Fix GCC 4.2 build.

        * VM/CTI.h:

2008-09-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed a typo in op_get_by_id_chain that caused it to miss every time
        in the interpreter.
        
        Also, a little cleanup.

        * VM/Machine.cpp:
        (JSC::Machine::privateExecute): Set up baseObject before entering the
        loop, so we compare against the right values.

2008-09-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Removed the CalledAsConstructor flag from the call frame header. Now,
        we use an explicit opcode at the call site to fix up constructor results.

        SunSpider says 0.4% faster.
        
        cti_op_construct_verify is an out-of-line function call for now, but we
        can fix that once StructureID holds type information like isObject.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass): Codegen for the new opcode.

        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):

        * VM/CodeGenerator.cpp: Codegen for the new opcode. Also...
        (JSC::CodeGenerator::emitCall): ... don't test for known non-zero value.
        (JSC::CodeGenerator::emitConstruct): ... ditto.

        * VM/Machine.cpp: No more CalledAsConstructor
        (JSC::Machine::privateExecute): Implementation for the new opcode.
        (JSC::Machine::cti_op_ret): The speedup: no need to check whether we were
        called as a constructor.
        (JSC::Machine::cti_op_construct_verify): Implementation for the new opcode.
        * VM/Machine.h:

        * VM/Opcode.h: Declare new opcode.

        * VM/RegisterFile.h:
        (JSC::RegisterFile::): No more CalledAsConstructor

2008-09-15  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Inline code generation of eq_null/neq_null for CTI.  Uses vptr checking for
        StringObjectsThatAreMasqueradingAsBeingUndefined.  In the long run, the
        masquerading may be handled differently (through the StructureIDs - see bug
        #20823).

        >1% on v8-tests.

        * VM/CTI.cpp:
        (JSC::CTI::emitJumpSlowCaseIfIsJSCell):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CTI.h:
        * VM/Machine.cpp:
        (JSC::Machine::Machine):
        (JSC::Machine::cti_op_eq_null):
        (JSC::Machine::cti_op_neq_null):
        * VM/Machine.h:
        (JSC::Machine::doesMasqueradesAsUndefined):
        * kjs/JSWrapperObject.h:
        (JSC::JSWrapperObject::):
        (JSC::JSWrapperObject::JSWrapperObject):
        * kjs/StringObject.h:
        (JSC::StringObject::StringObject):
        * kjs/StringObjectThatMasqueradesAsUndefined.h:
        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):

2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Rubber-stamped by Oliver Hunt.

        r36427 broke CodeBlock::dump() by changing the number of arguments to
        op_construct without changing the code that prints it. This patch fixes
        it by printing the additional argument.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):

2008-09-15  Adam Roben  <aroben@apple.com>

        Build fix

        * kjs/StructureID.cpp: Removed a stray semicolon.

2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Fix a crash in fast/js/exception-expression-offset.html caused by not
        updating all mentions of the length of op_construct in r36427.

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_construct_NotJSConstruct):

2008-09-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - fix layout test failure introduced by fix for 20849
        
        (The failing test was fast/js/delete-then-put.html)

        * kjs/JSObject.cpp:
        (JSC::JSObject::removeDirect): Clear enumeration cache
        in the dictionary case.
        * kjs/JSObject.h:
        (JSC::JSObject::putDirect): Ditto.
        * kjs/StructureID.h:
        (JSC::StructureID::clearEnumerationCache): Inline to handle the
        clear.

2008-09-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - fix JSC test failures introduced by fix for 20849

        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::getEnumerablePropertyNames): Use the correct count.

2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20851: REGRESSION (r36410): fast/js/kde/GlobalObject.html fails
        <https://bugs.webkit.org/show_bug.cgi?id=20851>

        r36410 introduced an optimization for parseInt() that is incorrect when
        its argument is larger than the range of a 32-bit integer. If the
        argument is a number that is not an immediate integer, then the correct
        behaviour is to return the floor of its value, unless it is an infinite
        value, in which case the correct behaviour is to return 0.

        * kjs/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncParseInt):

2008-09-15  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=20849
        Cache property names for getEnumerablePropertyNames in the StructureID.

        ~0.5% speedup on Sunspider overall (9.7% speedup on string-fasta).  ~1% speedup
        on the v8 test suite.

        * kjs/JSObject.cpp:
        (JSC::JSObject::getPropertyNames):
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::getEnumerablePropertyNames):
        * kjs/PropertyMap.h:
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::getEnumerablePropertyNames):
        * kjs/StructureID.h:

2008-09-14  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - speed up JS construction by extracting "prototype" lookup so PIC applies.
        
        ~0.5% speedup on SunSpider
        Speeds up some of the V8 tests as well, most notably earley-boyer.

        * VM/CTI.cpp:
        (JSC::CTI::compileOpCall): Account for extra arg for prototype.
        (JSC::CTI::privateCompileMainPass): Account for increased size of op_construct.
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitConstruct): Emit separate lookup to get prototype property.
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute): Expect prototype arg in op_construct.
        (JSC::Machine::cti_op_construct_JSConstruct): ditto
        (JSC::Machine::cti_op_construct_NotJSConstruct): ditto

2008-09-10  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Eric Seidel.

        Add a protected destructor for RefCounted.

        It is wrong to call its destructor directly, because (1) this should be taken care of by
        deref(), and (2) many classes that use RefCounted have non-virtual destructors.

        No change in behavior.

        * wtf/RefCounted.h: (WTF::RefCounted::~RefCounted):

2008-09-14  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Accelerated property accesses.

        Inline more of the array access code into the JIT code for get/put_by_val.
        Accelerate get/put_by_id by speculatively inlining a disable direct access
        into the hot path of the code, and repatch this with the correct StructureID
        and property map offset once these are known.  In the case of accesses to the
        prototype and reading the array-length a trampoline is genertaed, and the
        branch to the slow-case is relinked to jump to this.

        By repatching, we mean rewriting the x86 instruction stream.  Instructions are
        only modified in a simple fasion - altering immediate operands, memory access
        deisplacements, and branch offsets.
        
        For regular get_by_id/put_by_id accesses to an object, a StructureID in an
        instruction's immediate operant is updateded, and a memory access operation's
        displacement is updated to access the correct field on the object.  In the case
        of more complex accesses (array length and get_by_id_prototype) the offset on
        the branch to slow-case is updated, to now jump to a trampoline.

        +2.8% sunspider, +13% v8-tests

        * VM/CTI.cpp:
        (JSC::CTI::emitCall):
        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
        (JSC::CTI::CTI):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        (JSC::CTI::privateCompileGetByIdSelf):
        (JSC::CTI::privateCompileGetByIdProto):
        (JSC::CTI::privateCompileGetByIdChain):
        (JSC::CTI::privateCompilePutByIdReplace):
        (JSC::CTI::privateCompilePutByIdTransition):
        (JSC::CTI::privateCompileArrayLengthTrampoline):
        (JSC::CTI::privateCompileStringLengthTrampoline):
        (JSC::CTI::patchGetByIdSelf):
        (JSC::CTI::patchPutByIdReplace):
        (JSC::CTI::privateCompilePatchGetArrayLength):
        (JSC::CTI::privateCompilePatchGetStringLength):
        * VM/CTI.h:
        (JSC::CTI::compileGetByIdSelf):
        (JSC::CTI::compileGetByIdProto):
        (JSC::CTI::compileGetByIdChain):
        (JSC::CTI::compilePutByIdReplace):
        (JSC::CTI::compilePutByIdTransition):
        (JSC::CTI::compileArrayLengthTrampoline):
        (JSC::CTI::compileStringLengthTrampoline):
        (JSC::CTI::compilePatchGetArrayLength):
        (JSC::CTI::compilePatchGetStringLength):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::~CodeBlock):
        * VM/CodeBlock.h:
        (JSC::StructureStubInfo::StructureStubInfo):
        (JSC::CodeBlock::getStubInfo):
        * VM/Machine.cpp:
        (JSC::Machine::tryCTICachePutByID):
        (JSC::Machine::tryCTICacheGetByID):
        (JSC::Machine::cti_op_put_by_val_array):
        * VM/Machine.h:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::cmpl_i8m):
        (JSC::X86Assembler::emitUnlinkedJa):
        (JSC::X86Assembler::getRelocatedAddress):
        (JSC::X86Assembler::getDifferenceBetweenLabels):
        (JSC::X86Assembler::emitModRm_opmsib):

2008-09-14  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - split the "prototype" lookup for hasInstance into opcode stream so it can be cached
        
        ~5% speedup on v8 earley-boyer test

        * API/JSCallbackObject.h: Add a parameter for the pre-looked-up prototype.
        * API/JSCallbackObjectFunctions.h:
        (JSC::::hasInstance): Ditto.
        * API/JSValueRef.cpp:
        (JSValueIsInstanceOfConstructor): Look up and pass in prototype.
        * JavaScriptCore.exp:
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass): Pass along prototype.
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump): Print third arg.
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitInstanceOf): Implement this, now that there
        is a third argument.
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute): Pass along the prototype.
        (JSC::Machine::cti_op_instanceof): ditto
        * kjs/JSObject.cpp:
        (JSC::JSObject::hasInstance): Expect to get a pre-looked-up prototype.
        * kjs/JSObject.h:
        * kjs/nodes.cpp:
        (JSC::InstanceOfNode::emitCode): Emit a get_by_id of the prototype
        property and pass that register to instanceof.
        * kjs/nodes.h:

2008-09-14  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Remove unnecessary virtual function call from cti_op_call_JSFunction -
        ~5% on richards, ~2.5% on v8-tests, ~0.5% on sunspider.

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_call_JSFunction):

2008-09-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20827: the 'typeof' operator is slow
        <https://bugs.webkit.org/show_bug.cgi?id=20827>

        Optimize the 'typeof' operator when its result is compared to a constant
        string.

        This is a 5.5% speedup on the V8 Earley-Boyer test.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitEqualityOp):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::jsIsObjectType):
        (JSC::jsIsFunctionType):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_is_undefined):
        (JSC::Machine::cti_op_is_boolean):
        (JSC::Machine::cti_op_is_number):
        (JSC::Machine::cti_op_is_string):
        (JSC::Machine::cti_op_is_object):
        (JSC::Machine::cti_op_is_function):
        * VM/Machine.h:
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (JSC::BinaryOpNode::emitCode):
        (JSC::EqualNode::emitCode):
        (JSC::StrictEqualNode::emitCode):
        * kjs/nodes.h:

2008-09-14  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=20844
        Speed up parseInt for numbers

        Sunspider reports this as 1.029x as fast overall and 1.37x as fast on string-unpack-code.
        No change on the v8 suite.

        * kjs/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncParseInt): Don't convert numbers to strings just to
        convert them back to numbers.

2008-09-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt.

        Bug 20816: op_lesseq should be optimized
        <https://bugs.webkit.org/show_bug.cgi?id=20816>

        Add a loop_if_lesseq opcode that is similar to the loop_if_less opcode.

        This is a 9.4% speedup on the V8 Crypto benchmark.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitJumpIfTrue):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_loop_if_lesseq):
        * VM/Machine.h:
        * VM/Opcode.h:

2008-09-14  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Cleanup Sampling code.

        * VM/CTI.cpp:
        (JSC::CTI::emitCall):
        (JSC::CTI::privateCompileMainPass):
        * VM/CTI.h:
        (JSC::CTI::execute):
        * VM/SamplingTool.cpp:
        (JSC::):
        (JSC::SamplingTool::run):
        (JSC::SamplingTool::dump):
        * VM/SamplingTool.h:
        (JSC::SamplingTool::callingHostFunction):

2008-09-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Cameron Zwarich.

        Bug 20821: Cache property transitions to speed up object initialization
        https://bugs.webkit.org/show_bug.cgi?id=20821

        Implement a transition cache to improve the performance of new properties
        being added to objects.  This is extremely beneficial in constructors and
        shows up as a 34% improvement on access-binary-trees in SunSpider (0.8%
        overall)

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::):
        (JSC::transitionWillNeedStorageRealloc):
        (JSC::CTI::privateCompilePutByIdTransition):
        * VM/CTI.h:
        (JSC::CTI::compilePutByIdTransition):
        * VM/CodeBlock.cpp:
        (JSC::printPutByIdOp):
        (JSC::CodeBlock::printStructureIDs):
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::derefStructureIDs):
        (JSC::CodeBlock::refStructureIDs):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitPutById):
        * VM/Machine.cpp:
        (JSC::cachePrototypeChain):
        (JSC::Machine::tryCachePutByID):
        (JSC::Machine::tryCacheGetByID):
        (JSC::Machine::privateExecute):
        (JSC::Machine::tryCTICachePutByID):
        (JSC::Machine::tryCTICacheGetByID):
        * VM/Machine.h:
        * VM/Opcode.h:
        * kjs/JSObject.h:
        (JSC::JSObject::putDirect):
        (JSC::JSObject::transitionTo):
        * kjs/PutPropertySlot.h:
        (JSC::PutPropertySlot::PutPropertySlot):
        (JSC::PutPropertySlot::wasTransition):
        (JSC::PutPropertySlot::setWasTransition):
        * kjs/StructureID.cpp:
        (JSC::StructureID::transitionTo):
        (JSC::StructureIDChain::StructureIDChain):
        * kjs/StructureID.h:
        (JSC::StructureID::previousID):
        (JSC::StructureID::setCachedPrototypeChain):
        (JSC::StructureID::cachedPrototypeChain):
        (JSC::StructureID::propertyMap):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::addl_i8m):
        (JSC::X86Assembler::subl_i8m):

2008-09-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20819: JSValue::isObject() is slow
        <https://bugs.webkit.org/show_bug.cgi?id=20819>

        Optimize JSCell::isObject() and JSCell::isString() by making them
        non-virtual calls that rely on the StructureID type information.

        This is a 0.7% speedup on SunSpider and a 1.0% speedup on the V8
        benchmark suite.

        * JavaScriptCore.exp:
        * kjs/JSCell.cpp:
        * kjs/JSCell.h:
        (JSC::JSCell::isObject):
        (JSC::JSCell::isString):
        * kjs/JSObject.cpp:
        * kjs/JSObject.h:
        * kjs/JSString.cpp:
        * kjs/JSString.h:
        (JSC::JSString::JSString):
        * kjs/StructureID.h:
        (JSC::StructureID::type):

2008-09-11  Stephanie Lewis  <slewis@apple.com>

        Reviewed by Oliver Hunt.

        Turn off PGO Optimization on CTI.cpp -> <rdar://problem/6207709>.  Fixes
        crash on CNN and on Dromaeo.
        Fix Missing close tag in vcproj. 

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:

2008-09-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Not reviewed.

        Correct an SVN problem with the last commit and actually add the new
        files.

        * wrec/CharacterClassConstructor.cpp: Added.
        (JSC::):
        (JSC::getCharacterClassNewline):
        (JSC::getCharacterClassDigits):
        (JSC::getCharacterClassSpaces):
        (JSC::getCharacterClassWordchar):
        (JSC::getCharacterClassNondigits):
        (JSC::getCharacterClassNonspaces):
        (JSC::getCharacterClassNonwordchar):
        (JSC::CharacterClassConstructor::addSorted):
        (JSC::CharacterClassConstructor::addSortedRange):
        (JSC::CharacterClassConstructor::put):
        (JSC::CharacterClassConstructor::flush):
        (JSC::CharacterClassConstructor::append):
        * wrec/CharacterClassConstructor.h: Added.
        (JSC::CharacterClassConstructor::CharacterClassConstructor):
        (JSC::CharacterClassConstructor::isUpsideDown):
        (JSC::CharacterClassConstructor::charClass):

2008-09-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20788: Split CharacterClassConstructor into its own file
        <https://bugs.webkit.org/show_bug.cgi?id=20788>

        Split CharacterClassConstructor into its own file and clean up some
        style issues.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wrec/CharacterClassConstructor.cpp: Added.
        (JSC::):
        (JSC::getCharacterClassNewline):
        (JSC::getCharacterClassDigits):
        (JSC::getCharacterClassSpaces):
        (JSC::getCharacterClassWordchar):
        (JSC::getCharacterClassNondigits):
        (JSC::getCharacterClassNonspaces):
        (JSC::getCharacterClassNonwordchar):
        (JSC::CharacterClassConstructor::addSorted):
        (JSC::CharacterClassConstructor::addSortedRange):
        (JSC::CharacterClassConstructor::put):
        (JSC::CharacterClassConstructor::flush):
        (JSC::CharacterClassConstructor::append):
        * wrec/CharacterClassConstructor.h: Added.
        (JSC::CharacterClassConstructor::CharacterClassConstructor):
        (JSC::CharacterClassConstructor::isUpsideDown):
        (JSC::CharacterClassConstructor::charClass):
        * wrec/WREC.cpp:
        (JSC::WRECParser::parseCharacterClass):

2008-09-10  Simon Hausmann  <hausmann@webkit.org>

        Not reviewed but trivial one-liner for yet unused macro.

        Changed PLATFORM(WINCE) to PLATFORM(WIN_CE) as requested by Mark.

        (part of https://bugs.webkit.org/show_bug.cgi?id=20746)

        * wtf/Platform.h:

2008-09-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Rubber-stamped by Oliver Hunt.

        Fix a typo by renaming the overloaded orl_rr that takes an immediate to
        orl_i32r.

        * VM/CTI.cpp:
        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::orl_i32r):
        * wrec/WREC.cpp:
        (JSC::WRECGenerator::generatePatternCharacter):
        (JSC::WRECGenerator::generateCharacterClassInverted):

2008-09-10  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoff Garen.

        Add inline property storage for JSObject.

        1.2% progression on Sunspider. .5% progression on the v8 test suite.

        * JavaScriptCore.exp:
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileGetByIdProto):
        (JSC::CTI::privateCompileGetByIdChain):
        * kjs/JSObject.cpp:
        (JSC::JSObject::mark): There is no reason to check storageSize now that
        we start from 0.
        (JSC::JSObject::allocatePropertyStorage): Allocates/reallocates heap storage.
        * kjs/JSObject.h:
        (JSC::JSObject::offsetForLocation): m_propertyStorage is not an OwnArrayPtr
        now so there is no reason to .get()
        (JSC::JSObject::usingInlineStorage):
        (JSC::JSObject::JSObject): Start with m_propertyStorage pointing to the
        inline storage.
        (JSC::JSObject::~JSObject): Free the heap storage if not using the inline
        storage.
        (JSC::JSObject::putDirect): Switch to the heap storage only when we know
        we know that we are about to add a property that will overflow the inline
        storage.
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::createTable): Don't allocate the propertyStorage, that is
        now handled by JSObject.
        (JSC::PropertyMap::rehash): PropertyStorage is not a OwnArrayPtr anymore.
        * kjs/PropertyMap.h:
        (JSC::PropertyMap::storageSize): Rename from markingCount.
        * kjs/StructureID.cpp:
        (JSC::StructureID::addPropertyTransition): Don't resize the property storage
        if we are using inline storage.
        * kjs/StructureID.h:

2008-09-10  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff Garen.

        Inline immediate number version of op_mul.

        Renamed mull_rr to imull_rr as that's what it's 
        actually doing, and added imull_i32r for the constant
        case immediate multiply.

        1.1% improvement to SunSpider.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::imull_rr):
        (JSC::X86Assembler::imull_i32r):

2008-09-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Not reviewed.

        Mac build fix.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2008-09-09  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        Add optimised access to known properties on the global object.

        Improve cross scope access to the global object by emitting
        code to access it directly rather than by walking the scope chain.

        This is a 0.8% win in SunSpider and a 1.7% win in the v8 benchmarks.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::emitGetVariableObjectRegister):
        (JSC::CTI::emitPutVariableObjectRegister):
        * VM/CTI.h:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::findScopedProperty):
        (JSC::CodeGenerator::emitResolve):
        (JSC::CodeGenerator::emitGetScopedVar):
        (JSC::CodeGenerator::emitPutScopedVar):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        * VM/Opcode.h:
        * kjs/nodes.cpp:
        (JSC::FunctionCallResolveNode::emitCode):
        (JSC::PostfixResolveNode::emitCode):
        (JSC::PrefixResolveNode::emitCode):
        (JSC::ReadModifyResolveNode::emitCode):
        (JSC::AssignResolveNode::emitCode):

2008-09-10  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - enable polymorphic inline caching of properties of primitives
        
        1.012x speedup on SunSpider.

        We create special structure IDs for JSString and
        JSNumberCell. Unlike normal structure IDs, these cannot hold the
        true prototype. Due to JS autoboxing semantics, the prototype used
        when looking up string or number properties depends on the lexical
        global object of the call site, not the creation site. Thus we
        enable StructureIDs to handle this quirk for primitives.
        
        Everything else should be straightforward.
        
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileGetByIdProto):
        (JSC::CTI::privateCompileGetByIdChain):
        * VM/CTI.h:
        (JSC::CTI::compileGetByIdProto):
        (JSC::CTI::compileGetByIdChain):
        * VM/JSPropertyNameIterator.h:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        * VM/Machine.cpp:
        (JSC::Machine::Machine):
        (JSC::cachePrototypeChain):
        (JSC::Machine::tryCachePutByID):
        (JSC::Machine::tryCacheGetByID):
        (JSC::Machine::privateExecute):
        (JSC::Machine::tryCTICachePutByID):
        (JSC::Machine::tryCTICacheGetByID):
        * kjs/GetterSetter.h:
        (JSC::GetterSetter::GetterSetter):
        * kjs/JSCell.h:
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * kjs/JSGlobalData.h:
        * kjs/JSGlobalObject.h:
        (JSC::StructureID::prototypeForLookup):
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::JSNumberCell):
        (JSC::jsNumberCell):
        * kjs/JSObject.h:
        (JSC::JSObject::prototype):
        * kjs/JSString.cpp:
        (JSC::jsString):
        (JSC::jsSubstring):
        (JSC::jsOwnedString):
        * kjs/JSString.h:
        (JSC::JSString::JSString):
        (JSC::JSString::):
        (JSC::jsSingleCharacterString):
        (JSC::jsSingleCharacterSubstring):
        (JSC::jsNontrivialString):
        * kjs/SmallStrings.cpp:
        (JSC::SmallStrings::createEmptyString):
        (JSC::SmallStrings::createSingleCharacterString):
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::addPropertyTransition):
        (JSC::StructureID::getterSetterTransition):
        (JSC::StructureIDChain::StructureIDChain):
        * kjs/StructureID.h:
        (JSC::StructureID::create):
        (JSC::StructureID::storedPrototype):

2008-09-09  Joerg Bornemann  <joerg.bornemann@trolltech.com>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=20746

        Added WINCE platform macro.

        * wtf/Platform.h:

2008-09-09  Sam Weinig  <sam@webkit.org>

        Reviewed by Mark Rowe.

        Remove unnecessary override of getOffset.

        Sunspider reports this as a .6% progression.

        * JavaScriptCore.exp:
        * kjs/JSObject.h:
        (JSC::JSObject::getDirectLocation):
        (JSC::JSObject::getOwnPropertySlotForWrite):
        (JSC::JSObject::putDirect):
        * kjs/PropertyMap.cpp:
        * kjs/PropertyMap.h:

2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20759: Remove MacroAssembler
        <https://bugs.webkit.org/show_bug.cgi?id=20759>

        Remove MacroAssembler and move its functionality to X86Assembler.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * VM/CTI.cpp:
        (JSC::CTI::emitGetArg):
        (JSC::CTI::emitGetPutArg):
        (JSC::CTI::emitPutArg):
        (JSC::CTI::emitPutCTIParam):
        (JSC::CTI::emitGetCTIParam):
        (JSC::CTI::emitPutToCallFrameHeader):
        (JSC::CTI::emitGetFromCallFrameHeader):
        (JSC::CTI::emitPutResult):
        (JSC::CTI::emitDebugExceptionCheck):
        (JSC::CTI::emitJumpSlowCaseIfNotImm):
        (JSC::CTI::emitJumpSlowCaseIfNotImms):
        (JSC::CTI::emitFastArithDeTagImmediate):
        (JSC::CTI::emitFastArithReTagImmediate):
        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
        (JSC::CTI::emitFastArithImmToInt):
        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
        (JSC::CTI::emitFastArithIntToImmNoCheck):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::emitSlowScriptCheck):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        (JSC::CTI::privateCompileGetByIdSelf):
        (JSC::CTI::privateCompileGetByIdProto):
        (JSC::CTI::privateCompileGetByIdChain):
        (JSC::CTI::privateCompilePutByIdReplace):
        (JSC::CTI::privateArrayLengthTrampoline):
        (JSC::CTI::privateStringLengthTrampoline):
        (JSC::CTI::compileRegExp):
        * VM/CTI.h:
        (JSC::CallRecord::CallRecord):
        (JSC::JmpTable::JmpTable):
        (JSC::SlowCaseEntry::SlowCaseEntry):
        (JSC::CTI::JSRInfo::JSRInfo):
        * masm/MacroAssembler.h: Removed.
        * masm/MacroAssemblerWin.cpp: Removed.
        * masm/X86Assembler.h:
        (JSC::X86Assembler::emitConvertToFastCall):
        (JSC::X86Assembler::emitRestoreArgumentReference):
        * wrec/WREC.h:
        (JSC::WRECGenerator::WRECGenerator):
        (JSC::WRECParser::WRECParser):

2008-09-09  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Don't waste the first item in the PropertyStorage.

        - Fix typo (makingCount -> markingCount)
        - Remove undefined method declaration.

        No change on Sunspider.

        * kjs/JSObject.cpp:
        (JSC::JSObject::mark):
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::put):
        (JSC::PropertyMap::remove):
        (JSC::PropertyMap::getOffset):
        (JSC::PropertyMap::insert):
        (JSC::PropertyMap::rehash):
        (JSC::PropertyMap::resizePropertyStorage):
        (JSC::PropertyMap::checkConsistency):
        * kjs/PropertyMap.h:
        (JSC::PropertyMap::markingCount): Fix typo.

2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Not reviewed.

        Speculative Windows build fix.

        * masm/MacroAssemblerWin.cpp:
        (JSC::MacroAssembler::emitConvertToFastCall):
        (JSC::MacroAssembler::emitRestoreArgumentReference):

2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20755: Create an X86 namespace for register names and other things
        <https://bugs.webkit.org/show_bug.cgi?id=20755>

        Create an X86 namespace to put X86 register names. Perhaps I will move
        opcode names here later as well.

        * VM/CTI.cpp:
        (JSC::CTI::emitGetArg):
        (JSC::CTI::emitGetPutArg):
        (JSC::CTI::emitPutArg):
        (JSC::CTI::emitPutArgConstant):
        (JSC::CTI::emitPutCTIParam):
        (JSC::CTI::emitGetCTIParam):
        (JSC::CTI::emitPutToCallFrameHeader):
        (JSC::CTI::emitGetFromCallFrameHeader):
        (JSC::CTI::emitPutResult):
        (JSC::CTI::emitDebugExceptionCheck):
        (JSC::CTI::emitJumpSlowCaseIfNotImms):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::emitSlowScriptCheck):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        (JSC::CTI::privateCompileGetByIdSelf):
        (JSC::CTI::privateCompileGetByIdProto):
        (JSC::CTI::privateCompileGetByIdChain):
        (JSC::CTI::privateCompilePutByIdReplace):
        (JSC::CTI::privateArrayLengthTrampoline):
        (JSC::CTI::privateStringLengthTrampoline):
        (JSC::CTI::compileRegExp):
        * VM/CTI.h:
        * masm/X86Assembler.h:
        (JSC::X86::):
        (JSC::X86Assembler::emitModRm_rm):
        (JSC::X86Assembler::emitModRm_rm_Unchecked):
        (JSC::X86Assembler::emitModRm_rmsib):
        * wrec/WREC.cpp:
        (JSC::WRECGenerator::generateNonGreedyQuantifier):
        (JSC::WRECGenerator::generateGreedyQuantifier):
        (JSC::WRECGenerator::generateParentheses):
        (JSC::WRECGenerator::generateBackreference):
        (JSC::WRECGenerator::gernerateDisjunction):
        * wrec/WREC.h:

2008-09-09  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Remove unnecessary friend declaration.

        * kjs/PropertyMap.h:

2008-09-09  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Replace uses of PropertyMap::get and PropertyMap::getLocation with
        PropertyMap::getOffset.

        Sunspider reports this as a .6% improvement.

        * JavaScriptCore.exp:
        * kjs/JSObject.cpp:
        (JSC::JSObject::put):
        (JSC::JSObject::deleteProperty):
        (JSC::JSObject::getPropertyAttributes):
        * kjs/JSObject.h:
        (JSC::JSObject::getDirect):
        (JSC::JSObject::getDirectLocation):
        (JSC::JSObject::locationForOffset):
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::remove):
        (JSC::PropertyMap::getOffset):
        * kjs/PropertyMap.h:

2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Sam Weinig.

        Bug 20754: Remove emit prefix from assembler opcode methods
        <https://bugs.webkit.org/show_bug.cgi?id=20754>

        * VM/CTI.cpp:
        (JSC::CTI::emitGetArg):
        (JSC::CTI::emitGetPutArg):
        (JSC::CTI::emitPutArg):
        (JSC::CTI::emitPutArgConstant):
        (JSC::CTI::emitPutCTIParam):
        (JSC::CTI::emitGetCTIParam):
        (JSC::CTI::emitPutToCallFrameHeader):
        (JSC::CTI::emitGetFromCallFrameHeader):
        (JSC::CTI::emitPutResult):
        (JSC::CTI::emitDebugExceptionCheck):
        (JSC::CTI::emitCall):
        (JSC::CTI::emitJumpSlowCaseIfNotImm):
        (JSC::CTI::emitJumpSlowCaseIfNotImms):
        (JSC::CTI::emitFastArithDeTagImmediate):
        (JSC::CTI::emitFastArithReTagImmediate):
        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
        (JSC::CTI::emitFastArithImmToInt):
        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
        (JSC::CTI::emitFastArithIntToImmNoCheck):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::emitSlowScriptCheck):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        (JSC::CTI::privateCompileGetByIdSelf):
        (JSC::CTI::privateCompileGetByIdProto):
        (JSC::CTI::privateCompileGetByIdChain):
        (JSC::CTI::privateCompilePutByIdReplace):
        (JSC::CTI::privateArrayLengthTrampoline):
        (JSC::CTI::privateStringLengthTrampoline):
        (JSC::CTI::compileRegExp):
        * masm/MacroAssemblerWin.cpp:
        (JSC::MacroAssembler::emitConvertToFastCall):
        (JSC::MacroAssembler::emitRestoreArgumentReference):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::pushl_r):
        (JSC::X86Assembler::pushl_m):
        (JSC::X86Assembler::popl_r):
        (JSC::X86Assembler::popl_m):
        (JSC::X86Assembler::movl_rr):
        (JSC::X86Assembler::addl_rr):
        (JSC::X86Assembler::addl_i8r):
        (JSC::X86Assembler::addl_i32r):
        (JSC::X86Assembler::addl_mr):
        (JSC::X86Assembler::andl_rr):
        (JSC::X86Assembler::andl_i32r):
        (JSC::X86Assembler::cmpl_i8r):
        (JSC::X86Assembler::cmpl_rr):
        (JSC::X86Assembler::cmpl_rm):
        (JSC::X86Assembler::cmpl_i32r):
        (JSC::X86Assembler::cmpl_i32m):
        (JSC::X86Assembler::cmpw_rm):
        (JSC::X86Assembler::orl_rr):
        (JSC::X86Assembler::subl_rr):
        (JSC::X86Assembler::subl_i8r):
        (JSC::X86Assembler::subl_i32r):
        (JSC::X86Assembler::subl_mr):
        (JSC::X86Assembler::testl_i32r):
        (JSC::X86Assembler::testl_rr):
        (JSC::X86Assembler::xorl_i8r):
        (JSC::X86Assembler::xorl_rr):
        (JSC::X86Assembler::sarl_i8r):
        (JSC::X86Assembler::sarl_CLr):
        (JSC::X86Assembler::shl_i8r):
        (JSC::X86Assembler::shll_CLr):
        (JSC::X86Assembler::mull_rr):
        (JSC::X86Assembler::idivl_r):
        (JSC::X86Assembler::cdq):
        (JSC::X86Assembler::movl_mr):
        (JSC::X86Assembler::movzwl_mr):
        (JSC::X86Assembler::movl_rm):
        (JSC::X86Assembler::movl_i32r):
        (JSC::X86Assembler::movl_i32m):
        (JSC::X86Assembler::leal_mr):
        (JSC::X86Assembler::ret):
        (JSC::X86Assembler::jmp_r):
        (JSC::X86Assembler::jmp_m):
        (JSC::X86Assembler::call_r):
        * wrec/WREC.cpp:
        (JSC::WRECGenerator::generateBacktrack1):
        (JSC::WRECGenerator::generateBacktrackBackreference):
        (JSC::WRECGenerator::generateBackreferenceQuantifier):
        (JSC::WRECGenerator::generateNonGreedyQuantifier):
        (JSC::WRECGenerator::generateGreedyQuantifier):
        (JSC::WRECGenerator::generatePatternCharacter):
        (JSC::WRECGenerator::generateCharacterClassInvertedRange):
        (JSC::WRECGenerator::generateCharacterClassInverted):
        (JSC::WRECGenerator::generateCharacterClass):
        (JSC::WRECGenerator::generateParentheses):
        (JSC::WRECGenerator::gererateParenthesesResetTrampoline):
        (JSC::WRECGenerator::generateAssertionBOL):
        (JSC::WRECGenerator::generateAssertionEOL):
        (JSC::WRECGenerator::generateAssertionWordBoundary):
        (JSC::WRECGenerator::generateBackreference):
        (JSC::WRECGenerator::gernerateDisjunction):

2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Clean up the WREC code some more.

        * VM/CTI.cpp:
        (JSC::CTI::compileRegExp):
        * wrec/WREC.cpp:
        (JSC::getCharacterClassNewline):
        (JSC::getCharacterClassDigits):
        (JSC::getCharacterClassSpaces):
        (JSC::getCharacterClassWordchar):
        (JSC::getCharacterClassNondigits):
        (JSC::getCharacterClassNonspaces):
        (JSC::getCharacterClassNonwordchar):
        (JSC::WRECGenerator::generateBacktrack1):
        (JSC::WRECGenerator::generateBacktrackBackreference):
        (JSC::WRECGenerator::generateBackreferenceQuantifier):
        (JSC::WRECGenerator::generateNonGreedyQuantifier):
        (JSC::WRECGenerator::generateGreedyQuantifier):
        (JSC::WRECGenerator::generatePatternCharacter):
        (JSC::WRECGenerator::generateCharacterClassInvertedRange):
        (JSC::WRECGenerator::generateCharacterClassInverted):
        (JSC::WRECGenerator::generateCharacterClass):
        (JSC::WRECGenerator::generateParentheses):
        (JSC::WRECGenerator::gererateParenthesesResetTrampoline):
        (JSC::WRECGenerator::generateAssertionBOL):
        (JSC::WRECGenerator::generateAssertionEOL):
        (JSC::WRECGenerator::generateAssertionWordBoundary):
        (JSC::WRECGenerator::generateBackreference):
        (JSC::WRECGenerator::gernerateDisjunction):
        (JSC::WRECParser::parseCharacterClass):
        (JSC::WRECParser::parseEscape):
        (JSC::WRECParser::parseTerm):
        * wrec/WREC.h:

2008-09-09  Mark Rowe  <mrowe@apple.com>

        Build fix, rubber-stamped by Anders Carlsson.

        Silence spurious build warnings about missing format attributes on functions in Assertions.cpp.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2008-09-09  Mark Rowe  <mrowe@apple.com>

        Rubber-stamped by Oliver Hunt.

        Fix builds using the "debug" variant.

        This reverts r36130 and tweaks Identifier to export the same symbols for Debug
        and Release configurations.

        * Configurations/JavaScriptCore.xcconfig:
        * DerivedSources.make:
        * JavaScriptCore.Debug.exp: Removed.
        * JavaScriptCore.base.exp: Removed.
        * JavaScriptCore.exp: Added.
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/identifier.cpp:
        (JSC::Identifier::addSlowCase): #ifdef the call to checkSameIdentifierTable so that
        there is no overhead in Release builds.
        (JSC::Identifier::checkSameIdentifierTable): Add empty functions for Release builds.
        * kjs/identifier.h:
        (JSC::Identifier::add): #ifdef the calls to checkSameIdentifierTable so that there is
        no overhead in Release builds, and remove the inline definitions of checkSameIdentifierTable.

2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Clean up WREC a bit to bring it closer to our coding style guidelines.

        * wrec/WREC.cpp:
        (JSC::):
        (JSC::getCharacterClass_newline):
        (JSC::getCharacterClass_d):
        (JSC::getCharacterClass_s):
        (JSC::getCharacterClass_w):
        (JSC::getCharacterClass_D):
        (JSC::getCharacterClass_S):
        (JSC::getCharacterClass_W):
        (JSC::CharacterClassConstructor::append):
        (JSC::WRECGenerator::generateNonGreedyQuantifier):
        (JSC::WRECGenerator::generateGreedyQuantifier):
        (JSC::WRECGenerator::generateCharacterClassInverted):
        (JSC::WRECParser::parseQuantifier):
        (JSC::WRECParser::parsePatternCharacterQualifier):
        (JSC::WRECParser::parseCharacterClassQuantifier):
        (JSC::WRECParser::parseBackreferenceQuantifier):
        * wrec/WREC.h:
        (JSC::Quantifier::):
        (JSC::Quantifier::Quantifier):

2008-09-09  Jungshik Shin  <jungshik.shin@gmail.com>

        Reviewed by Alexey Proskuryakov.

        Try MIME charset names before trying IANA names 
        ( https://bugs.webkit.org/show_bug.cgi?id=17537 )

        * wtf/StringExtras.h: (strcasecmp): Added.

2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Mark Rowe.

        Bug 20719: REGRESSION (r36135-36244): Hangs, then crashes after several seconds
        <https://bugs.webkit.org/show_bug.cgi?id=20719>
        <rdar://problem/6205787>

        Fix a typo in the case-insensitive matching of character patterns.

        * wrec/WREC.cpp:
        (JSC::WRECGenerator::generatePatternCharacter):

2008-09-09  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Sam Weinig.
        
        - allow polymorphic inline cache to handle Math object functions and possibly other similar things
        
        1.012x speedup on SunSpider.

        * kjs/MathObject.cpp:
        (JSC::MathObject::getOwnPropertySlot):
        * kjs/lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * kjs/lookup.h:
        (JSC::getStaticPropertySlot):

2008-09-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak and Oliver Hunt.

        Split storage of properties out of the PropertyMap and into the JSObject
        to allow sharing PropertyMap on the StructureID.  In order to get this
        function correctly, the StructureID's transition mappings were changed to
        transition based on property name and attribute pairs, instead of just
        property name.

        - Removes the single property optimization now that the PropertyMap is shared.
          This will be replaced by in-lining some values on the JSObject.

        This is a wash on Sunspider and a 6.7% win on the v8 test suite.

        * JavaScriptCore.base.exp:
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileGetByIdSelf): Get the storage directly off the JSObject.
        (JSC::CTI::privateCompileGetByIdProto): Ditto.
        (JSC::CTI::privateCompileGetByIdChain): Ditto.
        (JSC::CTI::privateCompilePutByIdReplace): Ditto.
        * kjs/JSObject.cpp:
        (JSC::JSObject::mark): Mark the PropertyStorage.
        (JSC::JSObject::put): Update to get the propertyMap of the StructureID.
        (JSC::JSObject::deleteProperty): Ditto.
        (JSC::JSObject::defineGetter): Return early if the property is already a getter/setter.
        (JSC::JSObject::defineSetter): Ditto.
        (JSC::JSObject::getPropertyAttributes): Update to get the propertyMap of the StructureID
        (JSC::JSObject::getPropertyNames): Ditto.
        (JSC::JSObject::removeDirect): Ditto.
        * kjs/JSObject.h: Remove PropertyMap and add PropertyStorage.
        (JSC::JSObject::propertyStorage): return the PropertyStorage.
        (JSC::JSObject::getDirect): Update to get the propertyMap of the StructureID.
        (JSC::JSObject::getDirectLocation): Ditto.
        (JSC::JSObject::offsetForLocation): Compute location directly.
        (JSC::JSObject::hasCustomProperties): Update to get the propertyMap of the StructureID.
        (JSC::JSObject::hasGetterSetterProperties): Ditto.
        (JSC::JSObject::getDirectOffset): Get by indexing into PropertyStorage.
        (JSC::JSObject::putDirectOffset): Put by indexing into PropertyStorage.
        (JSC::JSObject::getOwnPropertySlotForWrite): Update to get the propertyMap of the StructureID.
        (JSC::JSObject::getOwnPropertySlot): Ditto.
        (JSC::JSObject::putDirect): Move putting into the StructureID unless the property already exists.
        * kjs/PropertyMap.cpp: Use the propertyStorage as the storage for the JSValues.
        (JSC::PropertyMap::checkConsistency): 
        (JSC::PropertyMap::operator=):
        (JSC::PropertyMap::~PropertyMap):
        (JSC::PropertyMap::get):
        (JSC::PropertyMap::getLocation):
        (JSC::PropertyMap::put):
        (JSC::PropertyMap::getOffset):
        (JSC::PropertyMap::insert):
        (JSC::PropertyMap::expand):
        (JSC::PropertyMap::rehash):
        (JSC::PropertyMap::createTable):
        (JSC::PropertyMap::resizePropertyStorage): Resize the storage to match the size of the map
        (JSC::PropertyMap::remove):
        (JSC::PropertyMap::getEnumerablePropertyNames):
        * kjs/PropertyMap.h: 
        (JSC::PropertyMapEntry::PropertyMapEntry):
        (JSC::PropertyMap::isEmpty):
        (JSC::PropertyMap::size):
        (JSC::PropertyMap::makingCount):
        (JSC::PropertyMap::PropertyMap):

        * kjs/StructureID.cpp: 
        (JSC::StructureID::addPropertyTransition): Transitions now are based off the property name
        and attributes. 
        (JSC::StructureID::toDictionaryTransition): Copy the map.
        (JSC::StructureID::changePrototypeTransition): Copy the map.
        (JSC::StructureID::getterSetterTransition): Copy the map.
        (JSC::StructureID::~StructureID): 
        * kjs/StructureID.h:
        (JSC::TransitionTableHash::hash): Custom hash for transition map.
        (JSC::TransitionTableHash::equal): Ditto.
        (JSC::TransitionTableHashTraits::emptyValue): Custom traits for transition map
        (JSC::TransitionTableHashTraits::constructDeletedValue): Ditto.
        (JSC::TransitionTableHashTraits::isDeletedValue): Ditto.
        (JSC::StructureID::propertyMap): Added.

2008-09-08  Oliver Hunt  <oliver@apple.com>

        Reviewed by Mark Rowe.

        Bug 20694: Slow Script error pops up when running Dromaeo tests

        Correct error in timeout logic where execution tick count would
        be reset to incorrect value due to incorrect offset and indirection.
        Codegen for the slow script dialog was factored out into a separate
        method (emitSlowScriptCheck) rather than having multiple copies of
        the same code.  Also added calls to generate slow script checks
        for loop_if_less and loop_if_true opcodes.

        * VM/CTI.cpp:
        (JSC::CTI::emitSlowScriptCheck):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CTI.h:

2008-09-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Remove references to the removed WRECompiler class.

        * VM/Machine.h:
        * wrec/WREC.h:

2008-09-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Rubber-stamped by Mark Rowe.

        Fix the build with CTI enabled but WREC disabled.

        * VM/CTI.cpp:
        * VM/CTI.h:

2008-09-08  Dan Bernstein  <mitz@apple.com>

        - build fix

        * kjs/nodes.h:
        (JSC::StatementNode::):
        (JSC::BlockNode::):

2008-09-08  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Geoff.

       <rdar://problem/6134407> Breakpoints in for loops, while loops or
       conditions without curly braces don't break. (19306)
       -Statement Lists already emit debug hooks but conditionals without
       brackets are not lists.

        * kjs/nodes.cpp:
        (KJS::IfNode::emitCode):
        (KJS::IfElseNode::emitCode):
        (KJS::DoWhileNode::emitCode):
        (KJS::WhileNode::emitCode):
        (KJS::ForNode::emitCode):
        (KJS::ForInNode::emitCode):
        * kjs/nodes.h:
        (KJS::StatementNode::):
        (KJS::BlockNode::):

2008-09-08  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Anders Carlsson.
        
        - Cache the code generated for eval to speed up SunSpider and web sites
        https://bugs.webkit.org/show_bug.cgi?id=20718
        
        1.052x on SunSpider
        2.29x on date-format-tofte
        
        Lots of real sites seem to get many hits on this cache as well,
        including GMail, Google Spreadsheets, Slate and Digg (the last of
        these gets over 100 hits on initial page load).

        * VM/CodeBlock.h:
        (JSC::EvalCodeCache::get):
        * VM/Machine.cpp:
        (JSC::Machine::callEval):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_call_eval):
        * VM/Machine.h:

2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt.

        Bug 20711: Change KJS prefix on preprocessor macros to JSC
        <https://bugs.webkit.org/show_bug.cgi?id=20711>

        * kjs/CommonIdentifiers.cpp:
        (JSC::CommonIdentifiers::CommonIdentifiers):
        * kjs/CommonIdentifiers.h:
        * kjs/PropertySlot.h:
        (JSC::PropertySlot::getValue):
        (JSC::PropertySlot::putValue):
        (JSC::PropertySlot::setValueSlot):
        (JSC::PropertySlot::setValue):
        (JSC::PropertySlot::setRegisterSlot):
        * kjs/lookup.h:
        * kjs/nodes.cpp:
        * kjs/nodes.h:
        (JSC::Node::):
        (JSC::ExpressionNode::):
        (JSC::StatementNode::):
        (JSC::NullNode::):
        (JSC::BooleanNode::):
        (JSC::NumberNode::):
        (JSC::ImmediateNumberNode::):
        (JSC::StringNode::):
        (JSC::RegExpNode::):
        (JSC::ThisNode::):
        (JSC::ResolveNode::):
        (JSC::ElementNode::):
        (JSC::ArrayNode::):
        (JSC::PropertyNode::):
        (JSC::PropertyListNode::):
        (JSC::ObjectLiteralNode::):
        (JSC::BracketAccessorNode::):
        (JSC::DotAccessorNode::):
        (JSC::ArgumentListNode::):
        (JSC::ArgumentsNode::):
        (JSC::NewExprNode::):
        (JSC::EvalFunctionCallNode::):
        (JSC::FunctionCallValueNode::):
        (JSC::FunctionCallResolveNode::):
        (JSC::FunctionCallBracketNode::):
        (JSC::FunctionCallDotNode::):
        (JSC::PrePostResolveNode::):
        (JSC::PostfixResolveNode::):
        (JSC::PostfixBracketNode::):
        (JSC::PostfixDotNode::):
        (JSC::PostfixErrorNode::):
        (JSC::DeleteResolveNode::):
        (JSC::DeleteBracketNode::):
        (JSC::DeleteDotNode::):
        (JSC::DeleteValueNode::):
        (JSC::VoidNode::):
        (JSC::TypeOfResolveNode::):
        (JSC::TypeOfValueNode::):
        (JSC::PrefixResolveNode::):
        (JSC::PrefixBracketNode::):
        (JSC::PrefixDotNode::):
        (JSC::PrefixErrorNode::):
        (JSC::UnaryPlusNode::):
        (JSC::NegateNode::):
        (JSC::BitwiseNotNode::):
        (JSC::LogicalNotNode::):
        (JSC::MultNode::):
        (JSC::DivNode::):
        (JSC::ModNode::):
        (JSC::AddNode::):
        (JSC::SubNode::):
        (JSC::LeftShiftNode::):
        (JSC::RightShiftNode::):
        (JSC::UnsignedRightShiftNode::):
        (JSC::LessNode::):
        (JSC::GreaterNode::):
        (JSC::LessEqNode::):
        (JSC::GreaterEqNode::):
        (JSC::ThrowableBinaryOpNode::):
        (JSC::InstanceOfNode::):
        (JSC::InNode::):
        (JSC::EqualNode::):
        (JSC::NotEqualNode::):
        (JSC::StrictEqualNode::):
        (JSC::NotStrictEqualNode::):
        (JSC::BitAndNode::):
        (JSC::BitOrNode::):
        (JSC::BitXOrNode::):
        (JSC::LogicalOpNode::):
        (JSC::ConditionalNode::):
        (JSC::ReadModifyResolveNode::):
        (JSC::AssignResolveNode::):
        (JSC::ReadModifyBracketNode::):
        (JSC::AssignBracketNode::):
        (JSC::AssignDotNode::):
        (JSC::ReadModifyDotNode::):
        (JSC::AssignErrorNode::):
        (JSC::CommaNode::):
        (JSC::VarDeclCommaNode::):
        (JSC::ConstDeclNode::):
        (JSC::ConstStatementNode::):
        (JSC::EmptyStatementNode::):
        (JSC::DebuggerStatementNode::):
        (JSC::ExprStatementNode::):
        (JSC::VarStatementNode::):
        (JSC::IfNode::):
        (JSC::IfElseNode::):
        (JSC::DoWhileNode::):
        (JSC::WhileNode::):
        (JSC::ForNode::):
        (JSC::ContinueNode::):
        (JSC::BreakNode::):
        (JSC::ReturnNode::):
        (JSC::WithNode::):
        (JSC::LabelNode::):
        (JSC::ThrowNode::):
        (JSC::TryNode::):
        (JSC::ParameterNode::):
        (JSC::ScopeNode::):
        (JSC::ProgramNode::):
        (JSC::EvalNode::):
        (JSC::FunctionBodyNode::):
        (JSC::FuncExprNode::):
        (JSC::FuncDeclNode::):
        (JSC::CaseClauseNode::):
        (JSC::ClauseListNode::):
        (JSC::CaseBlockNode::):
        (JSC::SwitchNode::):

2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20704: Replace the KJS namespace
        <https://bugs.webkit.org/show_bug.cgi?id=20704>

        Rename the KJS namespace to JSC. There are still some uses of KJS in
        preprocessor macros and comments, but these will also be changed some
        time in the near future.

        * API/APICast.h:
        (toJS):
        (toRef):
        (toGlobalRef):
        * API/JSBase.cpp:
        * API/JSCallbackConstructor.cpp:
        * API/JSCallbackConstructor.h:
        * API/JSCallbackFunction.cpp:
        * API/JSCallbackFunction.h:
        * API/JSCallbackObject.cpp:
        * API/JSCallbackObject.h:
        * API/JSCallbackObjectFunctions.h:
        * API/JSClassRef.cpp:
        (OpaqueJSClass::staticValues):
        (OpaqueJSClass::staticFunctions):
        * API/JSClassRef.h:
        * API/JSContextRef.cpp:
        * API/JSObjectRef.cpp:
        * API/JSProfilerPrivate.cpp:
        * API/JSStringRef.cpp:
        * API/JSValueRef.cpp:
        (JSValueGetType):
        * API/OpaqueJSString.cpp:
        * API/OpaqueJSString.h:
        * JavaScriptCore.Debug.exp:
        * JavaScriptCore.base.exp:
        * VM/CTI.cpp:
        (JSC::):
        * VM/CTI.h:
        * VM/CodeBlock.cpp:
        * VM/CodeBlock.h:
        * VM/CodeGenerator.cpp:
        * VM/CodeGenerator.h:
        * VM/ExceptionHelpers.cpp:
        * VM/ExceptionHelpers.h:
        * VM/Instruction.h:
        * VM/JSPropertyNameIterator.cpp:
        * VM/JSPropertyNameIterator.h:
        * VM/LabelID.h:
        * VM/Machine.cpp:
        * VM/Machine.h:
        * VM/Opcode.cpp:
        * VM/Opcode.h:
        * VM/Register.h:
        (WTF::):
        * VM/RegisterFile.cpp:
        * VM/RegisterFile.h:
        * VM/RegisterID.h:
        (WTF::):
        * VM/SamplingTool.cpp:
        * VM/SamplingTool.h:
        * VM/SegmentedVector.h:
        * kjs/ArgList.cpp:
        * kjs/ArgList.h:
        * kjs/Arguments.cpp:
        * kjs/Arguments.h:
        * kjs/ArrayConstructor.cpp:
        * kjs/ArrayConstructor.h:
        * kjs/ArrayPrototype.cpp:
        * kjs/ArrayPrototype.h:
        * kjs/BatchedTransitionOptimizer.h:
        * kjs/BooleanConstructor.cpp:
        * kjs/BooleanConstructor.h:
        * kjs/BooleanObject.cpp:
        * kjs/BooleanObject.h:
        * kjs/BooleanPrototype.cpp:
        * kjs/BooleanPrototype.h:
        * kjs/CallData.cpp:
        * kjs/CallData.h:
        * kjs/ClassInfo.h:
        * kjs/CommonIdentifiers.cpp:
        * kjs/CommonIdentifiers.h:
        * kjs/ConstructData.cpp:
        * kjs/ConstructData.h:
        * kjs/DateConstructor.cpp:
        * kjs/DateConstructor.h:
        * kjs/DateInstance.cpp:
        (JSC::DateInstance::msToGregorianDateTime):
        * kjs/DateInstance.h:
        * kjs/DateMath.cpp:
        * kjs/DateMath.h:
        * kjs/DatePrototype.cpp:
        * kjs/DatePrototype.h:
        * kjs/DebuggerCallFrame.cpp:
        * kjs/DebuggerCallFrame.h:
        * kjs/Error.cpp:
        * kjs/Error.h:
        * kjs/ErrorConstructor.cpp:
        * kjs/ErrorConstructor.h:
        * kjs/ErrorInstance.cpp:
        * kjs/ErrorInstance.h:
        * kjs/ErrorPrototype.cpp:
        * kjs/ErrorPrototype.h:
        * kjs/ExecState.cpp:
        * kjs/ExecState.h:
        * kjs/FunctionConstructor.cpp:
        * kjs/FunctionConstructor.h:
        * kjs/FunctionPrototype.cpp:
        * kjs/FunctionPrototype.h:
        * kjs/GetterSetter.cpp:
        * kjs/GetterSetter.h:
        * kjs/GlobalEvalFunction.cpp:
        * kjs/GlobalEvalFunction.h:
        * kjs/IndexToNameMap.cpp:
        * kjs/IndexToNameMap.h:
        * kjs/InitializeThreading.cpp:
        * kjs/InitializeThreading.h:
        * kjs/InternalFunction.cpp:
        * kjs/InternalFunction.h:
        (JSC::InternalFunction::InternalFunction):
        * kjs/JSActivation.cpp:
        * kjs/JSActivation.h:
        * kjs/JSArray.cpp:
        * kjs/JSArray.h:
        * kjs/JSCell.cpp:
        * kjs/JSCell.h:
        * kjs/JSFunction.cpp:
        * kjs/JSFunction.h:
        (JSC::JSFunction::JSFunction):
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * kjs/JSGlobalData.h:
        * kjs/JSGlobalObject.cpp:
        * kjs/JSGlobalObject.h:
        * kjs/JSGlobalObjectFunctions.cpp:
        * kjs/JSGlobalObjectFunctions.h:
        * kjs/JSImmediate.cpp:
        * kjs/JSImmediate.h:
        * kjs/JSLock.cpp:
        * kjs/JSLock.h:
        * kjs/JSNotAnObject.cpp:
        * kjs/JSNotAnObject.h:
        * kjs/JSNumberCell.cpp:
        * kjs/JSNumberCell.h:
        * kjs/JSObject.cpp:
        * kjs/JSObject.h:
        * kjs/JSStaticScopeObject.cpp:
        * kjs/JSStaticScopeObject.h:
        * kjs/JSString.cpp:
        * kjs/JSString.h:
        * kjs/JSType.h:
        * kjs/JSValue.cpp:
        * kjs/JSValue.h:
        * kjs/JSVariableObject.cpp:
        * kjs/JSVariableObject.h:
        * kjs/JSWrapperObject.cpp:
        * kjs/JSWrapperObject.h:
        * kjs/LabelStack.cpp:
        * kjs/LabelStack.h:
        * kjs/MathObject.cpp:
        * kjs/MathObject.h:
        * kjs/NativeErrorConstructor.cpp:
        * kjs/NativeErrorConstructor.h:
        * kjs/NativeErrorPrototype.cpp:
        * kjs/NativeErrorPrototype.h:
        * kjs/NodeInfo.h:
        * kjs/NumberConstructor.cpp:
        * kjs/NumberConstructor.h:
        * kjs/NumberObject.cpp:
        * kjs/NumberObject.h:
        * kjs/NumberPrototype.cpp:
        * kjs/NumberPrototype.h:
        * kjs/ObjectConstructor.cpp:
        * kjs/ObjectConstructor.h:
        * kjs/ObjectPrototype.cpp:
        * kjs/ObjectPrototype.h:
        * kjs/Parser.cpp:
        * kjs/Parser.h:
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
        * kjs/PropertyMap.h:
        * kjs/PropertyNameArray.cpp:
        * kjs/PropertyNameArray.h:
        * kjs/PropertySlot.cpp:
        * kjs/PropertySlot.h:
        * kjs/PrototypeFunction.cpp:
        * kjs/PrototypeFunction.h:
        * kjs/PutPropertySlot.h:
        * kjs/RegExpConstructor.cpp:
        * kjs/RegExpConstructor.h:
        * kjs/RegExpObject.cpp:
        * kjs/RegExpObject.h:
        * kjs/RegExpPrototype.cpp:
        * kjs/RegExpPrototype.h:
        * kjs/ScopeChain.cpp:
        * kjs/ScopeChain.h:
        * kjs/ScopeChainMark.h:
        * kjs/Shell.cpp:
        (jscmain):
        * kjs/SmallStrings.cpp:
        * kjs/SmallStrings.h:
        * kjs/SourceProvider.h:
        * kjs/SourceRange.h:
        * kjs/StringConstructor.cpp:
        * kjs/StringConstructor.h:
        * kjs/StringObject.cpp:
        * kjs/StringObject.h:
        * kjs/StringObjectThatMasqueradesAsUndefined.h:
        * kjs/StringPrototype.cpp:
        * kjs/StringPrototype.h:
        * kjs/StructureID.cpp:
        * kjs/StructureID.h:
        * kjs/SymbolTable.h:
        * kjs/collector.cpp:
        * kjs/collector.h:
        * kjs/completion.h:
        * kjs/create_hash_table:
        * kjs/debugger.cpp:
        * kjs/debugger.h:
        * kjs/dtoa.cpp:
        * kjs/dtoa.h:
        * kjs/grammar.y:
        * kjs/identifier.cpp:
        * kjs/identifier.h:
        (JSC::Identifier::equal):
        * kjs/interpreter.cpp:
        * kjs/interpreter.h:
        * kjs/lexer.cpp:
        (JSC::Lexer::Lexer):
        (JSC::Lexer::clear):
        (JSC::Lexer::makeIdentifier):
        * kjs/lexer.h:
        * kjs/lookup.cpp:
        * kjs/lookup.h:
        * kjs/nodes.cpp:
        * kjs/nodes.h:
        * kjs/nodes2string.cpp:
        * kjs/operations.cpp:
        * kjs/operations.h:
        * kjs/protect.h:
        * kjs/regexp.cpp:
        * kjs/regexp.h: