Unreviewed, rolling out r241784.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog-2013-10-13
1 2013-10-13  Anders Carlsson  <andersca@apple.com>
2
3         Try to fix the Lion build.
4
5         * Configurations/JavaScriptCore.xcconfig:
6
7 2013-10-12  Alexey Proskuryakov  <ap@apple.com>
8
9         Add a feature define for SubtleCrypto
10         https://bugs.webkit.org/show_bug.cgi?id=122683
11
12         Reviewed by Anders Carlsson.
13
14         * Configurations/FeatureDefines.xcconfig:
15
16 2013-10-12  Julien Brianceau  <jbriance@cisco.com>
17
18         Fix potential register trampling in JIT since r157313.
19         https://bugs.webkit.org/show_bug.cgi?id=122691
20
21         Reviewed by Michael Saboff.
22
23         * jit/CCallHelpers.h:
24         (JSC::CCallHelpers::setupArgumentsWithExecState):
25
26 2013-10-12  Julien Brianceau  <jbriance@cisco.com>
27
28         [sh4] Add missing spaces in JITStubsSH4.h
29         https://bugs.webkit.org/show_bug.cgi?id=122690
30
31         Reviewed by Andreas Kling.
32
33         * jit/JITStubsSH4.h: Space between string concatenation is mandatory with C++11
34
35 2013-10-12  Julien Brianceau  <jbriance@cisco.com>
36
37         [sh4] Add missing test32 implementation in macro assembler.
38         https://bugs.webkit.org/show_bug.cgi?id=122689
39
40         Reviewed by Andreas Kling.
41
42         * assembler/MacroAssemblerSH4.h:
43         (JSC::MacroAssemblerSH4::test32):
44
45 2013-10-11  Darin Adler  <darin@apple.com>
46
47         Change most call sites to call ICU directly instead of through WTF::Unicode
48         https://bugs.webkit.org/show_bug.cgi?id=122635
49
50         Reviewed by Alexey Proskuryakov.
51
52         * parser/Lexer.cpp:
53         (JSC::isNonLatin1IdentStart): Take a UChar since that's what the only caller wants to pass.
54         Use U_GET_GC_MASK instead of WTF::Unicode::category.
55         (JSC::isNonLatin1IdentPart): Ditto.
56
57         * parser/Lexer.h:
58         (JSC::Lexer::isWhiteSpace): Use u_charType instead of WTF::Unicode::isSeparatorSpace.
59
60         * runtime/JSFunction.cpp: Removed "using namespace" for WTF::Unicode, this will no longer
61         compile since this doesn't include anything that defines that namespace.
62
63         * runtime/JSGlobalObjectFunctions.cpp:
64         (JSC::isStrWhiteSpace): Use u_charType instead of WTF::Unicode::isSeparatorSpace.
65
66         * yarr/YarrInterpreter.cpp:
67         (JSC::Yarr::ByteCompiler::atomPatternCharacter): Use u_tolower and u_toupper instead of
68         Unicode::toLower and Unicode::toUpper. Also added some assertions since this code assumes
69         it can convert any UChar to lowercase or uppercase in another UChar, with no risk of needing
70         a UChar32 for the result. I guess that's probably true, but it would be good to know in a
71         debug build if not.
72
73 2013-10-11  Nadav Rotem  <nrotem@apple.com>
74
75         DFG: Add JIT support for  LogicalNot(String/StringIdent)
76         https://bugs.webkit.org/show_bug.cgi?id=122627
77
78         Reviewed by Filip Pizlo.
79
80         * dfg/DFGAbstractInterpreterInlines.h:
81         (JSC::DFG::::executeEffects):
82         * dfg/DFGFixupPhase.cpp:
83         (JSC::DFG::FixupPhase::fixupNode):
84         * dfg/DFGSpeculativeJIT.cpp:
85         (JSC::DFG::SpeculativeJIT::compileStringZeroLength):
86         * dfg/DFGSpeculativeJIT.h:
87         * dfg/DFGSpeculativeJIT32_64.cpp:
88         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
89         * dfg/DFGSpeculativeJIT64.cpp:
90         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
91
92 2013-10-11  Filip Pizlo  <fpizlo@apple.com>
93
94         sunspider-1.0/math-spectral-norm.js.dfg-eager occasionally fails with Trap 5 (i.e int $3)
95         https://bugs.webkit.org/show_bug.cgi?id=122462
96
97         Reviewed by Mark Hahnenberg.
98         
99         This fixes two bugs, both of which led to GetByVal on Int32 trapping because the
100         array no longer had Int32 shape but the check wasn't executed:
101         
102         1) We weren't snapshotting the structures of mustHandleValues. This led to an awesome
103            race where if a mustHandleValue JSValue's structure changed on the main thread
104            between runs of the AI, the AI would contradict each other and things would just
105            get corrupted in funny ways.
106         
107         2) The constant folder has a long standing bug! It will fold a node to a constant if
108            the AI proved it to be a constant. But it's possible that the original node also
109            proved things about the constant's structure. In that case "folding" to a
110            JSConstant actually loses information since JSConstant doesn't guarantee anything
111            about a constant's structure. There are various things we could do here to ensure
112            that a folded constant's structure doesn't change, and that if it does, we
113            deoptimize the code. But for now we can just make this sound by disabling folding
114            in this pathological case.
115
116         * dfg/DFGConstantFoldingPhase.cpp:
117         (JSC::DFG::ConstantFoldingPhase::foldConstants):
118         * dfg/DFGGraph.cpp:
119         (JSC::DFG::Graph::Graph):
120         * dfg/DFGGraph.h:
121         * dfg/DFGInPlaceAbstractState.cpp:
122         (JSC::DFG::InPlaceAbstractState::initialize):
123
124 2013-10-11  Filip Pizlo  <fpizlo@apple.com>
125
126         Fix handling of indirect stackmap locations in FTL OSR exit
127         https://bugs.webkit.org/show_bug.cgi?id=122666
128
129         Reviewed by Mark Hahnenberg.
130         
131         With this change, the llvm.webkit.stackmap-based OSR exit only fails one test, down from
132         five tests previously.
133
134         * ftl/FTLLocation.cpp:
135         (JSC::FTL::Location::gpr): It's OK to call this method when kind() == Indirect, so asserting that isGPR() is wrong; change to assert that involvesGPR().
136         (JSC::FTL::Location::restoreInto): Stack-related registers aren't saved to the scratch buffer, so use them directly.
137         * ftl/FTLLocation.h: Add comment about requirements for stack layout.
138         * ftl/FTLOSRExitCompiler.cpp:
139         (JSC::FTL::compileStubWithOSRExitStackmap): Make enough room on the stack so that saveAllRegisters() has a scratchpad to save things to. Without this, saveAllRegisters() may clobber a spilled value.
140
141 2013-10-11  Commit Queue  <commit-queue@webkit.org>
142
143         Unreviewed, rolling out r157307.
144         http://trac.webkit.org/changeset/157307
145         https://bugs.webkit.org/show_bug.cgi?id=122671
146
147         Many assertion failures (Requested by ap on #webkit).
148
149         * jit/ThunkGenerators.cpp:
150         (JSC::arrayIteratorNextThunkGenerator):
151         * jit/ThunkGenerators.h:
152         * runtime/ArrayIteratorPrototype.cpp:
153         (JSC::ArrayIteratorPrototype::finishCreation):
154         (JSC::createIteratorResult):
155         (JSC::arrayIteratorPrototypeNext):
156         * runtime/Intrinsic.h:
157         * runtime/JSArrayIterator.cpp:
158         (JSC::JSArrayIterator::finishCreation):
159         * runtime/VM.cpp:
160         (JSC::thunkGeneratorForIntrinsic):
161
162 2013-10-11  Mark Lam  <mark.lam@apple.com>
163
164         Transition op_new_* JITStubs to JIT operations.
165         https://bugs.webkit.org/show_bug.cgi?id=122460.
166
167         Reviewed by Michael Saboff.
168
169         Also:
170         - Removed the redundant operationNewFunctionExpression().  It is identical to
171           operationNewFunctionNoCheck().
172         - Sorted JIT operation signature keys in the comment in JITOperations.h.
173         - Removed the unused returnValue2Register definition for X86_64.
174
175         * dfg/DFGOperations.cpp:
176         * dfg/DFGOperations.h:
177         * dfg/DFGSpeculativeJIT.cpp:
178         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
179         * jit/CCallHelpers.h:
180         (JSC::CCallHelpers::setupArgumentsWithExecState):
181         * jit/JIT.h:
182         * jit/JITInlines.h:
183         (JSC::JIT::callOperation):
184         * jit/JITOpcodes.cpp:
185         (JSC::JIT::emitSlow_op_new_object):
186         (JSC::JIT::emit_op_new_func):
187         (JSC::JIT::emit_op_new_func_exp):
188         (JSC::JIT::emit_op_new_array):
189         (JSC::JIT::emit_op_new_array_with_size):
190         (JSC::JIT::emit_op_new_array_buffer):
191         * jit/JITOpcodes32_64.cpp:
192         (JSC::JIT::emitSlow_op_new_object):
193         * jit/JITOperations.cpp:
194         * jit/JITOperations.h:
195         * jit/JITStubs.cpp:
196         * jit/JITStubs.h:
197         * jit/JSInterfaceJIT.h:
198
199 2013-10-11  Oliver Hunt  <oliver@apple.com>
200
201         Separate out array iteration intrinsics
202         https://bugs.webkit.org/show_bug.cgi?id=122656
203
204         Reviewed by Michael Saboff.
205
206         Separate out the intrinsics for key and values iteration
207         of arrays.
208
209         This requires moving moving array iteration into the iterator
210         instance, rather than the prototype, but this is essentially
211         unobservable so we'll live with it for now.
212
213         * jit/ThunkGenerators.cpp:
214         (JSC::arrayIteratorNextThunkGenerator):
215         (JSC::arrayIteratorNextKeyThunkGenerator):
216         (JSC::arrayIteratorNextValueThunkGenerator):
217         * jit/ThunkGenerators.h:
218         * runtime/ArrayIteratorPrototype.cpp:
219         (JSC::ArrayIteratorPrototype::finishCreation):
220         * runtime/Intrinsic.h:
221         * runtime/JSArrayIterator.cpp:
222         (JSC::JSArrayIterator::finishCreation):
223         (JSC::createIteratorResult):
224         (JSC::arrayIteratorNext):
225         (JSC::arrayIteratorNextKey):
226         (JSC::arrayIteratorNextValue):
227         (JSC::arrayIteratorNextGeneric):
228         * runtime/VM.cpp:
229         (JSC::thunkGeneratorForIntrinsic):
230
231 2013-10-11  Andreas Kling  <akling@apple.com>
232
233         Pass VM instead of ExecState to JSGenericTypedArrayViewPrototype.
234         <https://webkit.org/b/122632>
235
236         Reviewed by Sam Weinig.
237
238         This code was only using the ExecState to find the VM.
239
240 2013-10-11  Julien Brianceau  <jbriance@cisco.com>
241
242         [sh4] Fix build after r157209.
243         https://bugs.webkit.org/show_bug.cgi?id=122643
244
245         Reviewed by Ryosuke Niwa.
246
247         * assembler/MacroAssemblerSH4.h: Add framePointerRegister declaration.
248         * assembler/SH4Assembler.h: Add firstRegister() declaration.
249         (JSC::SH4Assembler::firstRegister):
250
251 2013-10-10  Filip Pizlo  <fpizlo@apple.com>
252
253         FTL shouldn't pass i1's into llvm.webkit.stackmap's
254         https://bugs.webkit.org/show_bug.cgi?id=122629
255         <rdar://problem/15203037>
256
257         Reviewed by Sam Weinig and Nadav Rotem.
258         
259         LLVM's stackmap support requires that we only pass operands with legal types (i.e. types
260         that are hardware-representable). i1, which the FTL previously used for Booleans, is not
261         legal.
262         
263         We have two options: either add support in LLVM to legalize stackmap operands, or add
264         support to the FTL to legalize stackmap operands. It's easier to fix this in FTL, and
265         that's what this patch does.
266
267         * ftl/FTLLowerDFGToLLVM.cpp:
268         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
269
270 2013-10-09  Oliver Hunt  <oliver@apple.com>
271
272         Further improve ArrayIterator performance
273         https://bugs.webkit.org/show_bug.cgi?id=122575
274
275         Reviewed by Mark Hahnenberg.
276
277         Add an assembly thunk for ArrayIterator.@@next so that we
278         can avoid marshalling costs when iterating arrays.
279
280         * jit/SpecializedThunkJIT.h:
281         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
282         (JSC::SpecializedThunkJIT::loadSpecificClassArgument):
283         * jit/ThunkGenerators.cpp:
284         (JSC::arrayIteratorNextThunkGenerator):
285         * jit/ThunkGenerators.h:
286         * runtime/ArrayIteratorPrototype.cpp:
287         (JSC::ArrayIteratorPrototype::finishCreation):
288         * runtime/Intrinsic.h:
289         * runtime/JSArrayIterator.h:
290         (JSC::JSArrayIterator::offsetOfIterationKind):
291         (JSC::JSArrayIterator::offsetOfIteratedObject):
292         (JSC::JSArrayIterator::offsetOfNextIndex):
293         * runtime/JSCJSValue.h:
294         (JSC::JSValue::offsetOfPayload):
295         * runtime/JSGlobalObject.cpp:
296         (JSC::JSGlobalObject::reset):
297         * runtime/JSGlobalObject.h:
298         (JSC::JSGlobalObject::iteratorResultStructureOffset):
299         * runtime/VM.cpp:
300         (JSC::thunkGeneratorForIntrinsic):
301
302 2013-10-10  Michael Saboff  <msaboff@apple.com>
303
304         transition cti_op_* methods returning int to JIT operations.
305         https://bugs.webkit.org/show_bug.cgi?id=122563
306
307         Reviewed by Oliver Hunt.
308
309         Moved serveral operationCompare* functions from DFGOperations to JITOperations as well as changing
310         dfgConvertJSValueToBoolean to operationConvertJSValueToBoolean so that they can be shared with the baseline JIT.
311         Added JITOperation operationHasProperty().  Added needed callOperation helpers and transitioned baseline JIT code
312         to use the new operations.
313         
314         * dfg/DFGOperations.cpp:
315         * dfg/DFGOperations.h:
316         * dfg/DFGSpeculativeJIT32_64.cpp:
317         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
318         (JSC::DFG::SpeculativeJIT::emitBranch):
319         * dfg/DFGSpeculativeJIT64.cpp:
320         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
321         (JSC::DFG::SpeculativeJIT::emitBranch):
322         * jit/JIT.h:
323         * jit/JITArithmetic.cpp:
324         (JSC::JIT::emitSlow_op_jless):
325         (JSC::JIT::emitSlow_op_jlesseq):
326         (JSC::JIT::emitSlow_op_jgreater):
327         (JSC::JIT::emitSlow_op_jgreatereq):
328         (JSC::JIT::emitSlow_op_jnless):
329         (JSC::JIT::emitSlow_op_jnlesseq):
330         (JSC::JIT::emitSlow_op_jngreater):
331         (JSC::JIT::emitSlow_op_jngreatereq):
332         (JSC::JIT::emit_compareAndJumpSlow):
333         * jit/JITArithmetic32_64.cpp:
334         (JSC::JIT::emit_compareAndJumpSlow):
335         * jit/JITInlines.h:
336         (JSC::JIT::callOperation):
337         * jit/JITOpcodes.cpp:
338         (JSC::JIT::emit_op_next_pname):
339         (JSC::JIT::emitSlow_op_jfalse):
340         (JSC::JIT::emitSlow_op_jtrue):
341         (JSC::JIT::emitSlow_op_eq):
342         (JSC::JIT::emitSlow_op_neq):
343         * jit/JITOpcodes32_64.cpp:
344         (JSC::JIT::emitSlow_op_jfalse):
345         (JSC::JIT::emitSlow_op_jtrue):
346         (JSC::JIT::emitSlow_op_eq):
347         (JSC::JIT::emitSlow_op_neq):
348         (JSC::JIT::emit_op_next_pname):
349         * jit/JITOperations.cpp:
350         * jit/JITOperations.h:
351         * jit/JITStubs.cpp:
352         * jit/JITStubs.h:
353
354 2013-10-10  Filip Pizlo  <fpizlo@apple.com>
355
356         OSR exit using llvm.webkit.stackmap should pass more tests
357         https://bugs.webkit.org/show_bug.cgi?id=122518
358
359         Reviewed by Mark Hahnenberg.
360         
361         - Make the X86Assembler capable of dealing with all XMM registers.
362         
363         - Make the StackMaps code on WebKit's side capable of dealing with XMM registers.
364         
365         - Factor out most of the smarts of StackMaps::Location into a self-contained object.
366           Previously you needed both StackMaps::Location and a StackMaps reference to do most
367           things since the Location might have referred to a constant. Now you can just get a
368           self-contained Location object.
369         
370         - Fix a bug where OSR exit generation thunk generator was assuming that the call frame
371           register is already in argumentGPR0. In the future, the call frame will just be the
372           machine FP and we won't have to do anything special. But for now the "call frame" is
373           just a normal value in LLVM IR and may end up in any register. Make the OSR exit
374           generation thunk generator polymorphic over the call frame argument's Location.
375         
376         - Move the stuff that depends on the polymorphic OSR exit generation thunk generator
377           into the finalizer, since generating and linking one of those thunks requires a cache
378           flush and we need to do that on the main thread.
379
380         * JavaScriptCore.xcodeproj/project.pbxproj:
381         * assembler/ARMv7Assembler.h:
382         (JSC::ARMv7Assembler::firstRegister):
383         (JSC::ARMv7Assembler::lastRegister):
384         (JSC::ARMv7Assembler::firstFPRegister):
385         (JSC::ARMv7Assembler::lastFPRegister):
386         * assembler/AbstractMacroAssembler.h:
387         (JSC::AbstractMacroAssembler::firstFPRegister):
388         (JSC::AbstractMacroAssembler::lastFPRegister):
389         * assembler/MacroAssembler.h:
390         (JSC::MacroAssembler::nextFPRegister):
391         * assembler/MacroAssemblerARMv7.h:
392         * assembler/MacroAssemblerX86Common.h:
393         * assembler/X86Assembler.h:
394         (JSC::X86Assembler::firstFPRegister):
395         (JSC::X86Assembler::lastFPRegister):
396         * dfg/DFGDriver.cpp:
397         (JSC::DFG::compileImpl):
398         * ftl/FTLCompile.cpp:
399         (JSC::FTL::fixFunctionBasedOnStackMaps):
400         * ftl/FTLExitThunkGenerator.cpp:
401         (JSC::FTL::ExitThunkGenerator::emitThunk):
402         (JSC::FTL::ExitThunkGenerator::emitThunks):
403         * ftl/FTLJITFinalizer.cpp:
404         (JSC::FTL::JITFinalizer::finalizeFunction):
405         * ftl/FTLJITFinalizer.h:
406         * ftl/FTLLink.cpp:
407         (JSC::FTL::link):
408         * ftl/FTLLocation.cpp: Added.
409         (JSC::FTL::Location::forStackmaps):
410         (JSC::FTL::Location::dump):
411         (JSC::FTL::Location::involvesGPR):
412         (JSC::FTL::Location::isGPR):
413         (JSC::FTL::Location::gpr):
414         (JSC::FTL::Location::isFPR):
415         (JSC::FTL::Location::fpr):
416         (JSC::FTL::Location::restoreInto):
417         (WTF::printInternal):
418         * ftl/FTLLocation.h: Added.
419         (JSC::FTL::Location::Location):
420         (JSC::FTL::Location::forRegister):
421         (JSC::FTL::Location::forIndirect):
422         (JSC::FTL::Location::forConstant):
423         (JSC::FTL::Location::kind):
424         (JSC::FTL::Location::hasDwarfRegNum):
425         (JSC::FTL::Location::dwarfRegNum):
426         (JSC::FTL::Location::hasOffset):
427         (JSC::FTL::Location::offset):
428         (JSC::FTL::Location::hasConstant):
429         (JSC::FTL::Location::constant):
430         (JSC::FTL::Location::operator!):
431         (JSC::FTL::Location::isHashTableDeletedValue):
432         (JSC::FTL::Location::operator==):
433         (JSC::FTL::Location::hash):
434         (JSC::FTL::LocationHash::hash):
435         (JSC::FTL::LocationHash::equal):
436         * ftl/FTLLowerDFGToLLVM.cpp:
437         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
438         (JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
439         * ftl/FTLSaveRestore.cpp:
440         (JSC::FTL::bytesForFPRs):
441         (JSC::FTL::requiredScratchMemorySizeInBytes):
442         (JSC::FTL::offsetOfFPR):
443         (JSC::FTL::saveAllRegisters):
444         (JSC::FTL::restoreAllRegisters):
445         * ftl/FTLSaveRestore.h:
446         * ftl/FTLStackMaps.cpp:
447         (JSC::FTL::StackMaps::Location::restoreInto):
448         * ftl/FTLStackMaps.h:
449         * ftl/FTLState.h:
450         * ftl/FTLThunks.cpp:
451         (JSC::FTL::osrExitGenerationWithoutStackMapThunkGenerator):
452         (JSC::FTL::osrExitGenerationWithStackMapThunkGenerator):
453         * ftl/FTLThunks.h:
454         (JSC::FTL::generateIfNecessary):
455         (JSC::FTL::Thunks::getOSRExitGenerationThunk):
456         * runtime/VM.cpp:
457         (JSC::VM::VM):
458         * runtime/VM.h:
459
460 2013-10-09  Filip Pizlo  <fpizlo@apple.com>
461
462         FTL: Soft-link LLVM as a workaround for LLVM's static initializers and exit-time destructors
463         https://bugs.webkit.org/show_bug.cgi?id=122566
464
465         Reviewed by Mark Rowe.
466         
467         The JSC project now builds a libllvmForJSC.dylib. If FTL is enabled, this
468         gets copied into JavaScriptCore.framework/Versions/A/Libraries. JSC will
469         load the dylib by finding it using NSBundle APIs and then doing dlopen().
470         That will only happen lazily, when something happens that requires LLVM.
471         
472         This mostly takes care of LLVM static initialization overhead by deferring
473         it until it's really needed.
474         
475         This takes care of LLVM's exit-time destructors because inside
476         libllvmForJSC.dylib, we override __cxa_atexit.
477         
478         * Configurations/JavaScriptCore.xcconfig:
479         * Configurations/LLVMForJSC.xcconfig: Added.
480         * JavaScriptCore.xcodeproj/project.pbxproj:
481         * dfg/DFGPlan.cpp:
482         (JSC::DFG::Plan::compileInThreadImpl):
483         * disassembler/LLVMDisassembler.cpp:
484         (JSC::tryToDisassembleWithLLVM):
485         * ftl/FTLAbbreviatedTypes.h:
486         * ftl/FTLAbbreviations.h:
487         (JSC::FTL::voidType):
488         (JSC::FTL::int1Type):
489         (JSC::FTL::int8Type):
490         (JSC::FTL::int16Type):
491         (JSC::FTL::int32Type):
492         (JSC::FTL::int64Type):
493         (JSC::FTL::intPtrType):
494         (JSC::FTL::floatType):
495         (JSC::FTL::doubleType):
496         (JSC::FTL::pointerType):
497         (JSC::FTL::structType):
498         (JSC::FTL::functionType):
499         (JSC::FTL::typeOf):
500         (JSC::FTL::mdKindID):
501         (JSC::FTL::mdString):
502         (JSC::FTL::mdNode):
503         (JSC::FTL::setMetadata):
504         (JSC::FTL::addFunction):
505         (JSC::FTL::setLinkage):
506         (JSC::FTL::setFunctionCallingConv):
507         (JSC::FTL::getParam):
508         (JSC::FTL::constInt):
509         (JSC::FTL::constReal):
510         (JSC::FTL::constIntToPtr):
511         (JSC::FTL::constBitCast):
512         (JSC::FTL::appendBasicBlock):
513         (JSC::FTL::insertBasicBlock):
514         (JSC::FTL::buildPhi):
515         (JSC::FTL::addIncoming):
516         (JSC::FTL::buildAlloca):
517         (JSC::FTL::buildAdd):
518         (JSC::FTL::buildSub):
519         (JSC::FTL::buildMul):
520         (JSC::FTL::buildDiv):
521         (JSC::FTL::buildRem):
522         (JSC::FTL::buildNeg):
523         (JSC::FTL::buildFAdd):
524         (JSC::FTL::buildFSub):
525         (JSC::FTL::buildFMul):
526         (JSC::FTL::buildFDiv):
527         (JSC::FTL::buildFRem):
528         (JSC::FTL::buildFNeg):
529         (JSC::FTL::buildAnd):
530         (JSC::FTL::buildOr):
531         (JSC::FTL::buildXor):
532         (JSC::FTL::buildShl):
533         (JSC::FTL::buildAShr):
534         (JSC::FTL::buildLShr):
535         (JSC::FTL::buildNot):
536         (JSC::FTL::buildLoad):
537         (JSC::FTL::buildStore):
538         (JSC::FTL::buildSExt):
539         (JSC::FTL::buildZExt):
540         (JSC::FTL::buildFPToSI):
541         (JSC::FTL::buildFPToUI):
542         (JSC::FTL::buildSIToFP):
543         (JSC::FTL::buildUIToFP):
544         (JSC::FTL::buildIntCast):
545         (JSC::FTL::buildFPCast):
546         (JSC::FTL::buildIntToPtr):
547         (JSC::FTL::buildPtrToInt):
548         (JSC::FTL::buildBitCast):
549         (JSC::FTL::buildICmp):
550         (JSC::FTL::buildFCmp):
551         (JSC::FTL::buildCall):
552         (JSC::FTL::setTailCall):
553         (JSC::FTL::buildExtractValue):
554         (JSC::FTL::buildSelect):
555         (JSC::FTL::buildBr):
556         (JSC::FTL::buildCondBr):
557         (JSC::FTL::buildSwitch):
558         (JSC::FTL::addCase):
559         (JSC::FTL::buildRet):
560         (JSC::FTL::buildUnreachable):
561         (JSC::FTL::dumpModule):
562         (JSC::FTL::verifyModule):
563         * ftl/FTLCompile.cpp:
564         (JSC::FTL::compile):
565         * ftl/FTLFail.cpp:
566         (JSC::FTL::fail):
567         * ftl/FTLJITCode.h:
568         * ftl/FTLJITFinalizer.h:
569         * ftl/FTLLink.cpp:
570         * ftl/FTLLowerDFGToLLVM.cpp:
571         (JSC::FTL::LowerDFGToLLVM::lower):
572         * ftl/FTLOutput.cpp:
573         (JSC::FTL::Output::Output):
574         (JSC::FTL::Output::~Output):
575         * ftl/FTLOutput.h:
576         (JSC::FTL::Output::appendTo):
577         * ftl/FTLState.cpp:
578         (JSC::FTL::State::State):
579         (JSC::FTL::State::~State):
580         * ftl/WebKitLLVMLibraryAnchor.cpp: Removed.
581         * jsc.cpp:
582         (jscmain):
583         * llvm: Added.
584         * llvm/InitializeLLVM.cpp: Added.
585         (JSC::initializeLLVM):
586         * llvm/InitializeLLVM.h: Added.
587         * llvm/InitializeLLVMMac.mm: Added.
588         (JSC::initializeLLVMImpl):
589         * llvm/InitializeLLVMPOSIX.cpp: Added.
590         (JSC::initializeLLVMPOSIX):
591         * llvm/InitializeLLVMPOSIX.h: Added.
592         * llvm/LLVMAPI.cpp: Added.
593         * llvm/LLVMAPI.h: Added.
594         * llvm/LLVMAPIFunctions.h: Added.
595         * llvm/LLVMHeaders.h: Added.
596         * llvm/library: Added.
597         * llvm/library/LLVMAnchor.cpp: Added.
598         * llvm/library/LLVMExports.cpp: Added.
599         (initializeAndGetJSCLLVMAPI):
600         * llvm/library/LLVMOverrides.cpp: Added.
601         (__cxa_atexit):
602         * llvm/library/config_llvm.h: Added.
603         * runtime/InitializeThreading.cpp:
604         (JSC::initializeThreadingOnce):
605         * runtime/Options.h:
606
607 2013-10-10  Mark Hahnenberg  <mhahnenberg@apple.com>
608
609         currentThis and currentArguments crash if called from outside a callback
610         https://bugs.webkit.org/show_bug.cgi?id=122620
611
612         Reviewed by Filip Pizlo.
613
614         The documentation for these methods claims that they will return nil if called 
615         from somewhere other than an API callback, but currently they both crash.
616
617         * API/JSContext.mm:
618         (+[JSContext currentThis]):
619         (+[JSContext currentArguments]):
620         * API/tests/testapi.mm:
621
622 2013-10-10  Filip Pizlo  <fpizlo@apple.com>
623
624         Minor clean-ups in the JSC Xcode project.
625
626         Rubber stamped by Mark Rowe.
627         
628         - When we copy the jsc binary into the framework,
629           $(BUILT_PRODUCTS_DIR)/JavaScriptCore.framework/Resources/jsc is the *output* file not
630           the input file. The input file is $(BUILT_PRODUCTS_DIR)/jsc.
631         
632         - Correct capitalization of "JavaScriptcore.framework" in a comment in a shell script in
633           the project.
634         
635         Roll back in after confirming that Mark's fixes make this work right.
636
637         * JavaScriptCore.xcodeproj/project.pbxproj:
638
639 2013-10-10  Mark Hahnenberg  <mhahnenberg@apple.com>
640
641         CallbackData unnecessarily caches the JSValue for currentThis
642         https://bugs.webkit.org/show_bug.cgi?id=122616
643
644         Reviewed by Oliver Hunt.
645
646         CallbackData implements its own version of caching the JSValue* for the JSValueRef it stores. 
647         +[JSValue valueWithJSValueRef:inContext:] already does caching, thus obviating the need for 
648         CallbackData to do its own caching.
649
650         * API/JSContext.mm:
651         (+[JSContext currentThis]):
652         (-[JSContext beginCallbackWithData:thisValue:argumentCount:arguments:]):
653         (-[JSContext endCallbackWithData:]):
654         * API/JSContextInternal.h:
655
656 2013-10-10  Filip Pizlo  <fpizlo@apple.com>
657
658         Unreviewed, roll out r157193. It broke some builds.
659
660         * JavaScriptCore.xcodeproj/project.pbxproj:
661
662 2013-10-10  Mark Rowe  <mrowe@apple.com>
663
664         <rdar://problem/13341666> WebKit should always build against an SDK.
665
666         Have all projects default to building against the OS X Internal SDK for the Production
667         configuration. For the Debug and Release configurations, look for UseInternalSDK.xcconfig
668         to determine whether the OS X Internal SDK should be used. If not, use the normal OS X SDK.
669
670         Reviewed by Dan Bernstein.
671
672         * Configurations/Base.xcconfig:
673         * Configurations/DebugRelease.xcconfig:
674
675 2013-10-10  Mark Rowe  <mrowe@apple.com>
676
677         <rdar://problem/13871507> JavaScriptCore fails to build with C++ 98 conformance changes
678
679         Reviewed by Andreas Kling.
680
681         * heap/VTableSpectrum.cpp:
682         (JSC::VTableSpectrum::dump): strrchr returns a const char* when passed one.
683         Update the type of the local variable to accommodate that.
684
685 2013-10-10  Mark Hahnenberg  <mhahnenberg@apple.com>
686
687         Objective-C API: blocks aren't callable via 'new'
688         https://bugs.webkit.org/show_bug.cgi?id=122561
689
690         Reviewed by Oliver Hunt.
691
692         Currently the only way for clients to vend new native objects to JavaScript code 
693         is via factory methods in the form of exported class methods or blocks. Blocks can 
694         be called like normal functions from JavaScript code, but they cannot be invoked 
695         with 'new'. This would give a simple way for clients to expose constructor-like 
696         behavior to their JavaScript code.
697
698         This patch adds the ability for blocks to be invoked as if they were a constructor.
699         Blocks invoked as constructors are required to return an object. If the block doesn't
700         return an object then an error is thrown. The 'this' object is not provided to the 
701         block and must be created within the block itself. 
702
703         This patch also unifies the native 'construct' callback used in both the C and Obj-C
704         APIs under the APICallbackFunction struct, similar to how we unified the 'call' callback
705         between ObjCCallbackFunction and JSCallbackFunction before.
706
707         This patch also adds tests to make sure that different blocks generate objects that
708         correctly behave when queried with instanceof. It also makes sure that the correct 
709         JS exception is thrown when a block fails to return an object.
710
711         * API/APICallbackFunction.h:
712         (JSC::APICallbackFunction::call):
713         (JSC::APICallbackFunction::construct):
714         * API/JSCallbackConstructor.cpp:
715         (JSC::JSCallbackConstructor::getConstructData):
716         * API/JSCallbackConstructor.h:
717         (JSC::JSCallbackConstructor::constructCallback):
718         * API/JSCallbackFunction.h:
719         (JSC::JSCallbackFunction::functionCallback):
720         * API/ObjCCallbackFunction.h:
721         (JSC::ObjCCallbackFunction::functionCallback):
722         (JSC::ObjCCallbackFunction::constructCallback):
723         * API/ObjCCallbackFunction.mm:
724         (JSC::objCCallbackFunctionCallAsConstructor):
725         (JSC::ObjCCallbackFunction::ObjCCallbackFunction):
726         (JSC::ObjCCallbackFunction::create):
727         (JSC::ObjCCallbackFunction::getConstructData):
728         * API/tests/testapi.mm:
729
730 2013-10-08  Filip Pizlo  <fpizlo@apple.com>
731
732         FTL should be able to do simple OSR exits using llvm.webkit.stackmap
733         https://bugs.webkit.org/show_bug.cgi?id=122538
734
735         Reviewed by Oliver Hunt.
736         
737         This gives the FTL the ability to OSR exit using the llvm.webkit.stackmap intrinsic.
738         
739         - The FTL compiles all OSR exit calls as calls to llvm.webkit.stackmap with a unique
740           ID, passing a requested size that is big enough for own jump replacement.
741         
742         - After LLVM compilation, we parse the new LLVM stackmap section.
743         
744         - For all llvm.webkit.stackmaps that we used for OSR exits, we do a jumpReplacement,
745           which targets exit thunks that we generate.
746         
747         - If an exit thunk fires, it causes JSC to compile an exit off-ramp that uses a
748           combination of the JSC-internal OSR exit accounting (FTL::ExitValue and friends) and
749           LLVM stackmap's accounting of where data actually ended up (register, indirect,
750           constant) to reconstruct bytecode state.
751         
752         This still has shortcomings; for example it cannot handle XMM or YMM registers. Handling
753         YMM registers will require adding some basic YMM support to our assemblers - really we
754         just need the ability to move a YMM's value into a GPR.
755         
756         This patch preserves all of the old, intrinsic-less, FTL OSR exit support. Hence it
757         manages to pass all existing FTL tests even despite its incompleteness. I think that's
758         the right way to go since this is already a big patch, and anyway it would be great to
759         keep the intrinsic-less FTL OSR exit support so long as the LLVM side of this hasn't
760         landed.
761
762         * JavaScriptCore.xcodeproj/project.pbxproj:
763         * assembler/AbstractMacroAssembler.h:
764         (JSC::AbstractMacroAssembler::firstRegister):
765         (JSC::AbstractMacroAssembler::lastRegister):
766         * assembler/MacroAssembler.h:
767         (JSC::MacroAssembler::isStackRelated):
768         (JSC::MacroAssembler::firstRealRegister):
769         (JSC::MacroAssembler::nextRegister):
770         (JSC::MacroAssembler::secondRealRegister):
771         * assembler/MacroAssemblerX86Common.h:
772         * assembler/X86Assembler.h:
773         (JSC::X86Assembler::firstRegister):
774         (JSC::X86Assembler::lastRegister):
775         * dfg/DFGPlan.cpp:
776         (JSC::DFG::Plan::compileInThreadImpl):
777         * ftl/FTLCArgumentGetter.cpp:
778         (JSC::FTL::CArgumentGetter::loadNextAndBox):
779         * ftl/FTLCArgumentGetter.h:
780         (JSC::FTL::CArgumentGetter::loadNextDoubleIntoGPR):
781         * ftl/FTLCompile.cpp:
782         (JSC::FTL::mmAllocateCodeSection):
783         (JSC::FTL::mmAllocateDataSection):
784         (JSC::FTL::dumpDataSection):
785         (JSC::FTL::fixFunctionBasedOnStackMaps):
786         (JSC::FTL::compile):
787         * ftl/FTLExitThunkGenerator.cpp:
788         (JSC::FTL::ExitThunkGenerator::emitThunk):
789         (JSC::FTL::ExitThunkGenerator::emitThunks):
790         * ftl/FTLExitThunkGenerator.h:
791         * ftl/FTLExitValue.h:
792         (JSC::FTL::ExitValue::isInJSStackSomehow):
793         (JSC::FTL::ExitValue::valueFormat):
794         * ftl/FTLFail.cpp:
795         (JSC::FTL::fail):
796         * ftl/FTLIntrinsicRepository.h:
797         * ftl/FTLJITCode.h:
798         * ftl/FTLLowerDFGToLLVM.cpp:
799         (JSC::FTL::generateExitThunks):
800         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
801         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
802         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
803         (JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
804         * ftl/FTLOSRExit.h:
805         * ftl/FTLOSRExitCompilationInfo.h:
806         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
807         * ftl/FTLOSRExitCompiler.cpp:
808         (JSC::FTL::compileStubWithOSRExitStackmap):
809         (JSC::FTL::compileStubWithoutOSRExitStackmap):
810         (JSC::FTL::compileFTLOSRExit):
811         * ftl/FTLSaveRestore.cpp: Added.
812         (JSC::FTL::bytesForGPRs):
813         (JSC::FTL::requiredScratchMemorySizeInBytes):
814         (JSC::FTL::offsetOfGPR):
815         (JSC::FTL::saveAllRegisters):
816         (JSC::FTL::restoreAllRegisters):
817         * ftl/FTLSaveRestore.h: Added.
818         * ftl/FTLStackMaps.cpp: Added.
819         (JSC::FTL::readObject):
820         (JSC::FTL::StackMaps::Constant::parse):
821         (JSC::FTL::StackMaps::Constant::dump):
822         (JSC::FTL::StackMaps::Location::parse):
823         (JSC::FTL::StackMaps::Location::dump):
824         (JSC::FTL::StackMaps::Location::involvesGPR):
825         (JSC::FTL::StackMaps::Location::isGPR):
826         (JSC::FTL::StackMaps::Location::gpr):
827         (JSC::FTL::StackMaps::Location::restoreInto):
828         (JSC::FTL::StackMaps::Record::parse):
829         (JSC::FTL::StackMaps::Record::dump):
830         (JSC::FTL::StackMaps::parse):
831         (JSC::FTL::StackMaps::dump):
832         (JSC::FTL::StackMaps::dumpMultiline):
833         (JSC::FTL::StackMaps::getRecordMap):
834         (WTF::printInternal):
835         * ftl/FTLStackMaps.h: Added.
836         * ftl/FTLState.h:
837         * ftl/FTLThunks.cpp:
838         (JSC::FTL::osrExitGenerationThunkGenerator):
839         * ftl/FTLValueFormat.cpp:
840         (JSC::FTL::reboxAccordingToFormat):
841         * ftl/FTLValueFormat.h:
842         * runtime/DataView.cpp:
843         (JSC::DataView::create):
844         * runtime/DataView.h:
845         (JSC::DataView::read):
846         * runtime/Options.h:
847
848 2013-10-09  Filip Pizlo  <fpizlo@apple.com>
849
850         Minor clean-ups in the JSC Xcode project.
851
852         Rubber stamped by Mark Rowe.
853         
854         - When we copy the jsc binary into the framework,
855           $(BUILT_PRODUCTS_DIR)/JavaScriptCore.framework/Resources/jsc is the *output* file not
856           the input file. The input file is $(BUILT_PRODUCTS_DIR)/jsc.
857         
858         - Correct capitalization of "JavaScriptcore.framework" in a comment in a shell script in
859           the project.
860
861         * JavaScriptCore.xcodeproj/project.pbxproj:
862
863 2013-10-09  Julien Brianceau  <jbriance@cisco.com>
864
865         [arm] Inverted src and dest FP registers in DFG speculative JIT when using hardfp.
866         https://bugs.webkit.org/show_bug.cgi?id=122555
867
868         Reviewed by Michael Saboff.
869
870         * dfg/DFGSpeculativeJIT.h:
871         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
872         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
873
874 2013-10-08  Michael Saboff  <msaboff@apple.com>
875
876         Transition call and construct JITStubs to CCallHelper functions
877         https://bugs.webkit.org/show_bug.cgi?id=122453
878
879         Reviewed by Geoffrey Garen.
880
881         Transitioned cti_op_call_eval to operationCallEval.  Migrated baseline JIT to use the same 
882         call thunks as the DFG.  Eliminated all of the "oldStyle" thunks and related functions.
883
884         * bytecode/CallLinkInfo.cpp:
885         (JSC::CallLinkInfo::unlink):
886         * jit/JIT.cpp:
887         (JSC::JIT::linkFor):
888         (JSC::JIT::linkSlowCall):
889         * jit/JIT.h:
890         * jit/JITCall.cpp:
891         (JSC::JIT::compileCallEval):
892         (JSC::JIT::compileCallEvalSlowCase):
893         (JSC::JIT::compileOpCallSlowCase):
894         (JSC::JIT::privateCompileClosureCall):
895         * jit/JITCall32_64.cpp:
896         (JSC::JIT::compileCallEval):
897         (JSC::JIT::compileCallEvalSlowCase):
898         (JSC::JIT::compileOpCallSlowCase):
899         (JSC::JIT::privateCompileClosureCall):
900         * jit/JITInlines.h:
901         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
902         * jit/JITOperations.cpp:
903         * jit/JITOperations.h:
904         * jit/JITStubs.cpp:
905         * jit/JITStubs.h:
906         * jit/ThunkGenerators.cpp:
907         * jit/ThunkGenerators.h:
908
909 2013-10-09  Julien Brianceau  <jbriance@cisco.com>
910
911         [sh4] Fix lots of unused parameter warnings.
912         https://bugs.webkit.org/show_bug.cgi?id=122545
913
914         Reviewed by Csaba Osztrogon√°c.
915
916         * assembler/MacroAssemblerSH4.h:
917         (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranchPtrWithPatch):
918         * assembler/SH4Assembler.h:
919         (JSC::SH4Assembler::andlImm8r):
920         (JSC::SH4Assembler::orlImm8r):
921         (JSC::SH4Assembler::xorlImm8r):
922         (JSC::SH4Assembler::cmpEqImmR0):
923         (JSC::SH4Assembler::testlImm8r):
924         (JSC::SH4Assembler::movwPCReg):
925         (JSC::SH4Assembler::movwMemReg):
926         (JSC::SH4Assembler::movbMemReg):
927         (JSC::SH4Assembler::printInstr):
928         (JSC::SH4Assembler::printBlockInstr):
929
930 2013-10-09  Julien Brianceau  <jbriance@cisco.com>
931
932         [sh4] Add sh4 support when building with CMake.
933         https://bugs.webkit.org/show_bug.cgi?id=122542
934
935         Reviewed by Csaba Osztrogon√°c.
936
937         * CMakeLists.txt:
938
939 2013-10-08  Oliver Hunt  <oliver@apple.com>
940
941         Convert for-of iteration to in-band signalling so we can trivially avoid unnecessary object allocation
942         https://bugs.webkit.org/show_bug.cgi?id=122532
943
944         Reviewed by Michael Saboff.
945
946         Switch for-of enumeration to use in band signalling to determine the end
947         of iteration.  This allows us to trivially remove an otherwise unnecessary
948         object allocation, and paves the way for optimised thunks in future.
949
950         We can re-add explicit .next() functions in future that would marshall
951         the true iteration functions, but for now we'll ignore them.
952
953         This results in a huge improvement in the performance of for-of (in the order
954         of 2x) but there's still a long way to go in order to get the performance to
955         a satisfactory level.
956
957         * bytecompiler/NodesCodegen.cpp:
958         (JSC::ForOfNode::emitBytecode):
959         * runtime/ArrayIteratorPrototype.cpp:
960         (JSC::ArrayIteratorPrototype::finishCreation):
961         (JSC::createIteratorResult):
962         * runtime/CommonIdentifiers.cpp:
963         (JSC::CommonIdentifiers::CommonIdentifiers):
964         * runtime/CommonIdentifiers.h:
965         * runtime/Identifier.cpp:
966         (JSC::Identifier::addSlowCase):
967         * runtime/JSObject.h:
968         (JSC::JSFinalObject::create):
969         * runtime/VM.cpp:
970         (JSC::VM::VM):
971         * runtime/VM.h:
972
973 2013-10-08  Alex Christensen  <achristensen@webkit.org>
974
975         Fixed compile errors while compiling without the JIT enabled.
976         https://bugs.webkit.org/show_bug.cgi?id=122530
977
978         Reviewed by Brent Fulgham.
979
980         * jit/JITOperations.cpp:
981         Protected with #if ENABLE(JIT) like the rest of the JIT source.
982
983 2013-10-07  Mark Hahnenberg  <mhahnenberg@apple.com>
984
985         JSManagedValue should be able to store non-object JSValues
986         https://bugs.webkit.org/show_bug.cgi?id=122351
987
988         Reviewed by Oliver Hunt.
989
990         We decided not to support this because we thought it didn't make sense to have a 
991         "weak" JSValue that wasn't an object.
992
993         Our general thought process was if you have a JSObject-ObjC object pair (i.e. an 
994         Obj-C object that you exported to JavaScript-land), it makes more sense to store 
995         a non-object JSValue on the JavaScript-land version of the object rather than as 
996         an ivar in the Objective-C object.
997
998         In retrospect, this may not have been a good decision at least w.r.t. consistency 
999         in client code. If you're storing a bag of JSValues off an Obj-C object, you'd 
1000         like to store all of them either in ObjC-land or JavaScript-land, but doing some 
1001         in one and some in the other doesn't sound too good. Also, what if the object you 
1002         want to hang these values off of doesn't have a corresponding object in JavaScript-
1003         land in which to store them?
1004
1005         The solution is to fix JSManagedValue to be able to reference non-object JSValues. 
1006         Right now, all JSManagedValues contain a Weak<JSObject>. We'll change this so that
1007         they can contain either a non-cell JSValue or a JSObject*, along with a weak 
1008         reference to the JSGlobalObject for reconstructing a JSValue later on.
1009
1010         * API/JSManagedValue.mm:
1011         (PrimitiveOrObject::PrimitiveOrObject):
1012         (PrimitiveOrObject::~PrimitiveOrObject):
1013         (PrimitiveOrObject::clear):
1014         (PrimitiveOrObject::isClear):
1015         (PrimitiveOrObject::isSet):
1016         (PrimitiveOrObject::isPrimitive):
1017         (PrimitiveOrObject::isObject):
1018         (PrimitiveOrObject::setPrimitive):
1019         (PrimitiveOrObject::setObject):
1020         (PrimitiveOrObject::object):
1021         (PrimitiveOrObject::primitive):
1022         (-[JSManagedValue initWithValue:]):
1023         (-[JSManagedValue value]):
1024         (-[JSManagedValue disconnectValue]):
1025
1026 2013-10-08  Robert Plociennik  <r.plociennik@samsung.com>
1027
1028         JavaScriptCore fails to build
1029         https://bugs.webkit.org/show_bug.cgi?id=122440
1030
1031         Reviewed by Darin Adler.
1032
1033         Compilation fails in debug due to 'comparison of unsigned expression >= 0 is
1034         always true'.
1035
1036         * debugger/DebuggerCallFrame.cpp:
1037         (JSC::DebuggerCallFrame::positionForCallFrame): Removed the offending ASSERTS.
1038
1039 2013-10-07  Andreas Kling  <akling@apple.com>
1040
1041         Pass VM instead of ExecState to JSNotAnObject constructor.
1042         <https://webkit.org/b/122474>
1043
1044         Reviewed by Sam Weinig.
1045
1046         JSNotAnObject was only using the ExecState to find the VM.
1047
1048 2013-10-07  Filip Pizlo  <fpizlo@apple.com>
1049
1050         FTL memory allocator should be able to allocate data sections in non-executable memory
1051         https://bugs.webkit.org/show_bug.cgi?id=116189
1052
1053         Reviewed by Sam Weinig.
1054         
1055         Use a RefCountedArray<int64_t> for data sections. This works out great because
1056         RefCountedArray<> knows its own size and because the reference counting makes passing
1057         it around very easy (you don't have to stress out about ownership).
1058
1059         * ftl/FTLCompile.cpp:
1060         (JSC::FTL::mmAllocateDataSection):
1061         (JSC::FTL::compile):
1062         * ftl/FTLJITCode.cpp:
1063         (JSC::FTL::JITCode::addDataSection):
1064         * ftl/FTLJITCode.h:
1065         (JSC::FTL::JITCode::dataSections):
1066
1067 2013-10-07  Roger Fong  <roger_fong@apple.com>
1068
1069         Modify JavascriptCore makefile for x64 build.
1070         https://bugs.webkit.org/show_bug.cgi?id=122467.
1071         <rdar://problem/15169174>.
1072
1073         Reviewed by Brent Fulgham.
1074
1075         * JavaScriptCore.vcxproj/JavaScriptCore.make:
1076
1077 2013-10-07  Nadav Rotem  <nrotem@apple.com>
1078
1079         FTL: Optimize IsString(@2<String>) -> JSConst(true) + Phantom()
1080         https://bugs.webkit.org/show_bug.cgi?id=122363
1081
1082         Reviewed by Filip Pizlo.
1083
1084         * dfg/DFGFixupPhase.cpp:
1085         (JSC::DFG::FixupPhase::fixupNode):
1086
1087 2013-10-04  Michael Saboff  <msaboff@apple.com>
1088
1089         Transition stack check JITStubs to CCallHelper functions
1090         https://bugs.webkit.org/show_bug.cgi?id=122289
1091
1092         Reviewed by Filip Pizlo.
1093
1094         Replaced jit stubs cti_stack_check, cti_op_call_arityCheck and cti_op_construct_arityCheck with
1095         jit operations operationStackCheck, operationCallArityCheck & operationConstructArityCheck.
1096         Added new callOperationWithCallFrameRollbackOnException() in baseline and DFG JITs to call
1097         these new functions.  Added code to unwind one frame in JIT::privateCompileExceptionHandlers() 
1098         and JITCompiler::compileExceptionHandlers() for these cases that need to throw exceptions in
1099         their caller frame when the stack is exhausted.
1100
1101         * assembler/MacroAssembler.h:
1102         (JSC::MacroAssembler::andPtr): Added to handle masking a pointer with a literal.
1103         * assembler/MacroAssemblerX86_64.h:
1104         (JSC::MacroAssemblerX86_64::and64): Added to handle masking a pointer with a literal.
1105         * dfg/DFGJITCompiler.cpp:
1106         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1107         (JSC::DFG::JITCompiler::compileFunction):
1108         (JSC::DFG::JITCompiler::linkFunction):
1109         * dfg/DFGJITCompiler.h:
1110         (JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
1111         * dfg/DFGSpeculativeJIT.h:
1112         (JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
1113         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1114         (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnException):
1115         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
1116         (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnExceptionSetResult):
1117         * ftl/FTLLink.cpp:
1118         (JSC::FTL::link):
1119         * interpreter/CallFrame.h:
1120         (JSC::ExecState::hostCallFrameFlag):
1121         * jit/AssemblyHelpers.cpp:
1122         (JSC::AssemblyHelpers::jitAssertIsNull):
1123         * jit/AssemblyHelpers.h:
1124         (JSC::AssemblyHelpers::jitAssertIsNull):
1125         * jit/JIT.cpp:
1126         (JSC::JIT::privateCompile):
1127         (JSC::JIT::privateCompileExceptionHandlers):
1128         * jit/JIT.h:
1129         (JSC::JIT::exceptionCheckWithCallFrameRollback):
1130         * jit/JITInlines.h:
1131         (JSC::JIT::appendCallWithCallFrameRollbackOnException):
1132         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1133         * jit/JITOperations.cpp:
1134         * jit/JITOperations.h:
1135         * jit/JITStubs.cpp:
1136         * jit/JITStubs.h:
1137
1138 2013-10-07  Filip Pizlo  <fpizlo@apple.com>
1139
1140         ASSERTION FAILED: isUInt32() in jsc-layout-tests.yaml/js/script-tests/dfg-uint32-to-number-in-middle-of-copy-propagation.js.layout-dfg-eager-no-cjit
1141         https://bugs.webkit.org/show_bug.cgi?id=122419
1142
1143         Reviewed by Oliver Hunt.
1144         
1145         AI was using JSValue::asUInt32() incorrectly. That method presumes that the input is
1146         both a int32 and a uint32 (it's in the range [0, 2^31)). The UInt32ToNumber node is
1147         instead dealing with an input that is always represented as a int32 but that has the
1148         meaning of a uint32 - so AI should use JSValue::asInt32() and then do the cast.
1149
1150         * dfg/DFGAbstractInterpreterInlines.h:
1151         (JSC::DFG::::executeEffects):
1152
1153 2013-10-07  Julien Brianceau  <jbriance@cisco.com>
1154
1155         [sh4] Jump over maxJumpReplacementSize in revertJumpToMove.
1156         https://bugs.webkit.org/show_bug.cgi?id=120007
1157
1158         Reviewed by Oliver Hunt.
1159
1160         Jump over maxJumpReplacementSize in revertJumpToMove, even if there is no constant
1161         value within the area. This patch fixes debug ASSERTs failures for sh4 architecture.
1162
1163         * assembler/SH4Assembler.h:
1164         (JSC::SH4Assembler::revertJumpToMove):
1165
1166 2013-10-06  Anders Carlsson  <andersca@apple.com>
1167
1168         Add OVERRIDE and virtual where appropriate
1169         https://bugs.webkit.org/show_bug.cgi?id=122439
1170
1171         Reviewed by Antti Koivisto.
1172
1173         * API/JSAPIWrapperObject.mm:
1174         * API/JSCallbackObject.h:
1175         (JSC::JSCallbackObjectData::~JSCallbackObjectData):
1176         * API/JSManagedValue.mm:
1177         * API/JSScriptRef.cpp:
1178         (OpaqueJSScript::~OpaqueJSScript):
1179         * bytecode/CodeBlock.h:
1180         * bytecode/StructureStubClearingWatchpoint.h:
1181         * dfg/DFGArrayifySlowPathGenerator.h:
1182         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1183         * dfg/DFGFailedFinalizer.h:
1184         * dfg/DFGJITCode.h:
1185         * dfg/DFGJITFinalizer.h:
1186         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
1187         * dfg/DFGSlowPathGenerator.h:
1188         * dfg/DFGSpeculativeJIT64.cpp:
1189         * heap/Heap.h:
1190         * heap/IncrementalSweeper.h:
1191         * heap/SuperRegion.h:
1192         * jit/ClosureCallStubRoutine.h:
1193         * jit/ExecutableAllocatorFixedVMPool.cpp:
1194         * jit/GCAwareJITStubRoutine.h:
1195         * jit/JITCode.h:
1196         * jit/JITStubs.cpp:
1197         * jit/JITToDFGDeferredCompilationCallback.h:
1198         * jit/JumpReplacementWatchpoint.h:
1199         * parser/Nodes.h:
1200         * runtime/DataView.h:
1201         * runtime/GCActivityCallback.h:
1202         * runtime/GenericTypedArrayView.h:
1203         * runtime/RegExpCache.h:
1204         * runtime/SimpleTypedArrayController.h:
1205         * runtime/WeakMapData.h:
1206
1207 2013-10-07  Filip Pizlo  <fpizlo@apple.com>
1208
1209         Trap 5 (most likely int $3) in jsc-layout-tests.yaml/js/script-tests/integer-division-neg2tothe32-by-neg1.js.layout-dfg-eager-no-cjit
1210         https://bugs.webkit.org/show_bug.cgi?id=122420
1211
1212         Reviewed by Michael Saboff.
1213         
1214         For the (-2^31/-1)|0 case, we were returning the left operand (i.e. -2^31) but we were
1215         failing to account for the possibility that this operand has high-bit garbage and
1216         int32Result() requires that the high bits are zero.
1217
1218         * dfg/DFGSpeculativeJIT.cpp:
1219         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1220
1221 2013-10-06  Filip Pizlo  <fpizlo@apple.com>
1222
1223         ASSERTION FAILED: bitwise_cast<WriteBarrier<Unknown>*>(callFrame) == m_registers in jsc-layout-tests.yaml/js/script-tests/dfg-inline-arguments-capture-throw-exception.js.layout-dfg-eager-no-cjit
1224         https://bugs.webkit.org/show_bug.cgi?id=122418
1225
1226         Reviewed by Oliver Hunt.
1227
1228         This is pretty awesome. With stack compression, Arguments created in the DFG will point
1229         their m_registers pointers into a different slab of stack than they would have in byte
1230         code.
1231
1232         Hence OSR exit must repoint any Arguments objects' m_registers pointers. It previously
1233         neglected to do so. This patch fixes that.
1234         
1235         Fixing this unveiled another bug: the stack reversal broke the reification of inlined
1236         phantom arguments.
1237         
1238         * dfg/DFGOSRExitCompiler32_64.cpp:
1239         (JSC::DFG::OSRExitCompiler::compileExit):
1240         * dfg/DFGOSRExitCompiler64.cpp:
1241         (JSC::DFG::OSRExitCompiler::compileExit):
1242         * dfg/DFGOSRExitCompilerCommon.cpp:
1243         (JSC::DFG::reifyInlinedCallFrames):
1244         * dfg/DFGSpeculativeJIT.cpp:
1245         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
1246         (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
1247         * dfg/DFGSpeculativeJIT64.cpp:
1248         (JSC::DFG::SpeculativeJIT::compile):
1249         * runtime/Arguments.h:
1250         (JSC::Arguments::offsetOfNumArguments):
1251         (JSC::Arguments::offsetOfRegisters):
1252         (JSC::Arguments::offsetOfSlowArgumentData):
1253         (JSC::Arguments::offsetOfOverrodeLength):
1254
1255 2013-10-06  Filip Pizlo  <fpizlo@apple.com>
1256
1257         Unified test infrastructure via the jsc shell
1258         https://bugs.webkit.org/show_bug.cgi?id=120696
1259
1260         Reviewed by Oliver Hunt.
1261         
1262         Add a mozilla-tests.yaml list. This is autogenerated by create-mozilla-js-test-list.
1263         I think it's better to leave this checked in; we may even just edit it directly in
1264         the future. Also generating it is not cheap.
1265         
1266         Fix some low-hanging fruit bugs that I caught by introducing more test coverage.
1267         
1268         - We were not emitting labels for CFA-unreachable blocks, which caused link errors.
1269           It's possible for a CFA-unreachable block to be jumped to, if the thing that causes
1270           it to be unreachable is a speculation in a Branch or peephole compare.
1271         
1272         - The register allocation assertions didn't handle peephole branches correctly. Since
1273           the peephole branch handling returns early from compile(), the clearBlahbittyBlah()
1274           method wasn't being called.
1275
1276         * dfg/DFGSpeculativeJIT.cpp:
1277         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
1278         * dfg/DFGSpeculativeJIT32_64.cpp:
1279         (JSC::DFG::SpeculativeJIT::compile):
1280         * dfg/DFGSpeculativeJIT64.cpp:
1281         (JSC::DFG::SpeculativeJIT::compile):
1282         * tests/mozilla/mozilla-tests.yaml: Added.
1283
1284 2013-10-05  Andreas Kling  <akling@apple.com>
1285
1286         Pass VM instead of ExecState to StringObject constructor.
1287         <https://webkit.org/b/122395>
1288
1289         Reviewed by Sam Weinig.
1290
1291         StringObject() only uses the ExecState to find the VM.
1292
1293 2013-10-05  Filip Pizlo  <fpizlo@apple.com>
1294
1295         Compress DFG stack layout
1296         https://bugs.webkit.org/show_bug.cgi?id=122024
1297
1298         Reviewed by Oliver Hunt.
1299         
1300         The DFG needs to be able to store things at a known offset from frame pointer so that
1301         the runtime can read those things. Prior to this patch, the DFG would use the exact
1302         offsets that the bytecode asked for, even in the case of inlining, where it would use
1303         the callsite stack offset to shift all of the inlined function's variables over just as
1304         they would have been if a bytecode interpreter had really made the call.
1305         
1306         But this won't work once WebKit-LLVM integration is complete. LLVM has no notion of
1307         storing things at a fixed offset from the frame pointer. We could try to hack LLVM to do
1308         that, but it would seriously complicate LLVM's stack layout. But what we might be able
1309         to do is have LLVM tell us (via an addressof intrinsic and a side-channel) where some
1310         alloca landed relative to the frame pointer. Hence if the DFG can put all of its flushed
1311         variables in a contiguous range that can be expressed to LLVM as a struct that we
1312         alloca, then all of this can still work just fine.
1313         
1314         Previously the flushed variables didn't fit in a contiguous range, but this patch makes
1315         them contiguous by allowing the stack layout to be compressed.
1316         
1317         What this really means is that there is now a distinction between where the DFG saw a
1318         variable stored in bytecode and where it will actually store it in the resulting machine
1319         code. Henceforth when the DFG says "local" or "virtual register" it means the variable
1320         according to bytecode (with the stack offsetting for inlined code as before), but when
1321         it says "machine local" or "machine virtual register" it means the actual place where it
1322         will store things in the resulting machine code. All of the OSR exit, inlined arguments,
1323         captured variables, and various stack unwinding machine now knows about all of this.
1324         
1325         Note that the DFG's abstract interpretation still uses bytecode variables rather than
1326         machine variables. Same for CSE and abstract heaps. This makes sense since it means that
1327         we don't have to decide on machine variable allocation just to do those optimizations.
1328         
1329         The decision of what a local's machine location becomes is deferred to very late in
1330         compilation. We only need to assign machine locations to variables that must be stored
1331         to the stack. It's now mandatory to run some kind of "stack layout phase" that makes the
1332         decision and updates all data structures.
1333         
1334         So far the way that this is being used is just to compress the DFG stack layout, which
1335         is something that we should have done anyway, a long time ago. And the compression isn't
1336         even that good - the current StackLayoutPhase just identifies local indices that are
1337         unused in machine code and slides all other variables towards zero. This doesn't achieve
1338         particularly good compression but it is better than nothing. Note that this phase makes
1339         it seem like the bytecode-machine mapping is based on bytecode local indices; for
1340         example if bytecode local 4 is mapped to machine local 3 then it always will be. That's
1341         true for the current StackLayoutPhase but it _will not_ be true for all possible stack
1342         layout phases and it would be incorrect to assume that it should be true. This is why
1343         the current data structures have each VariableAccessData hold its own copy of the
1344         machine virtual register, and also have each InlineCallFrame report their own machine
1345         virtual registers for the various things. The DFG backend is likely to always use the
1346         dumb StackLayoutPhase since it is very cheap to run, but the FTL backend is likely to
1347         eventually get a better one, where we do some kind of constraint-based coloring: we
1348         institute constraints where some VariableAccessData's must have the same indices as some
1349         other ones, and also must be right next to some other ones; then we process all
1350         VariableAccessData's and attempt to assign them machine locals while preserving those
1351         constraints. This could lead to two VariableAccessDatas for the same bytecode local
1352         ending up with different machine locals.
1353
1354         * CMakeLists.txt:
1355         * GNUmakefile.list.am:
1356         * JavaScriptCore.xcodeproj/project.pbxproj:
1357         * bytecode/CodeBlock.cpp:
1358         (JSC::CodeBlock::CodeBlock):
1359         (JSC::CodeBlock::isCaptured):
1360         (JSC::CodeBlock::framePointerOffsetToGetActivationRegisters):
1361         (JSC::CodeBlock::machineSlowArguments):
1362         * bytecode/CodeBlock.h:
1363         (JSC::CodeBlock::hasSlowArguments):
1364         * bytecode/CodeOrigin.cpp:
1365         (JSC::CodeOrigin::dump):
1366         (JSC::InlineCallFrame::calleeForCallFrame):
1367         (JSC::InlineCallFrame::dumpInContext):
1368         * bytecode/CodeOrigin.h:
1369         (JSC::InlineCallFrame::InlineCallFrame):
1370         (JSC::InlineCallFrame::calleeConstant):
1371         * bytecode/Operands.h:
1372         (JSC::Operands::indexForOperand):
1373         * dfg/DFGBasicBlock.cpp:
1374         (JSC::DFG::BasicBlock::SSAData::SSAData):
1375         * dfg/DFGBasicBlock.h:
1376         * dfg/DFGByteCodeParser.cpp:
1377         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1378         (JSC::DFG::ByteCodeParser::get):
1379         (JSC::DFG::ByteCodeParser::getLocal):
1380         (JSC::DFG::ByteCodeParser::flushDirect):
1381         (JSC::DFG::ByteCodeParser::flush):
1382         (JSC::DFG::ByteCodeParser::handleInlining):
1383         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1384         (JSC::DFG::ByteCodeParser::parse):
1385         * dfg/DFGCommon.h:
1386         * dfg/DFGCommonData.h:
1387         (JSC::DFG::CommonData::CommonData):
1388         * dfg/DFGDesiredWriteBarriers.cpp:
1389         (JSC::DFG::DesiredWriteBarrier::trigger):
1390         * dfg/DFGDesiredWriteBarriers.h:
1391         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1392         (JSC::DFG::FlushLivenessAnalysisPhase::run):
1393         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1394         (JSC::DFG::FlushLivenessAnalysisPhase::reportError):
1395         * dfg/DFGFlushedAt.cpp: Added.
1396         (JSC::DFG::FlushedAt::dump):
1397         (JSC::DFG::FlushedAt::dumpInContext):
1398         * dfg/DFGFlushedAt.h: Added.
1399         (JSC::DFG::FlushedAt::FlushedAt):
1400         (JSC::DFG::FlushedAt::operator!):
1401         (JSC::DFG::FlushedAt::format):
1402         (JSC::DFG::FlushedAt::virtualRegister):
1403         (JSC::DFG::FlushedAt::operator==):
1404         (JSC::DFG::FlushedAt::operator!=):
1405         * dfg/DFGGraph.cpp:
1406         (JSC::DFG::Graph::Graph):
1407         (JSC::DFG::Graph::dump):
1408         * dfg/DFGGraph.h:
1409         (JSC::DFG::Graph::bytecodeRegisterForArgument):
1410         (JSC::DFG::Graph::argumentsRegisterFor):
1411         (JSC::DFG::Graph::machineArgumentsRegisterFor):
1412         (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
1413         (JSC::DFG::Graph::activationRegister):
1414         (JSC::DFG::Graph::uncheckedActivationRegister):
1415         (JSC::DFG::Graph::machineActivationRegister):
1416         (JSC::DFG::Graph::uncheckedMachineActivationRegister):
1417         * dfg/DFGJITCompiler.cpp:
1418         (JSC::DFG::JITCompiler::link):
1419         * dfg/DFGJITCompiler.h:
1420         (JSC::DFG::JITCompiler::noticeOSREntry):
1421         * dfg/DFGNode.h:
1422         (JSC::DFG::Node::convertToGetLocalUnlinked):
1423         (JSC::DFG::Node::convertToGetLocal):
1424         (JSC::DFG::Node::machineLocal):
1425         (JSC::DFG::Node::hasUnlinkedMachineLocal):
1426         (JSC::DFG::Node::setUnlinkedMachineLocal):
1427         (JSC::DFG::Node::unlinkedMachineLocal):
1428         (JSC::DFG::Node::hasInlineStartData):
1429         (JSC::DFG::Node::inlineStartData):
1430         * dfg/DFGNodeFlags.cpp:
1431         (JSC::DFG::dumpNodeFlags):
1432         * dfg/DFGOSREntry.cpp:
1433         (JSC::DFG::prepareOSREntry):
1434         * dfg/DFGOSREntry.h:
1435         (JSC::DFG::OSREntryReshuffling::OSREntryReshuffling):
1436         * dfg/DFGOSRExitCompiler64.cpp:
1437         (JSC::DFG::OSRExitCompiler::compileExit):
1438         * dfg/DFGOSRExitCompilerCommon.cpp:
1439         (JSC::DFG::reifyInlinedCallFrames):
1440         * dfg/DFGOperations.cpp:
1441         * dfg/DFGOperations.h:
1442         * dfg/DFGPlan.cpp:
1443         (JSC::DFG::Plan::compileInThreadImpl):
1444         * dfg/DFGScoreBoard.h:
1445         (JSC::DFG::ScoreBoard::ScoreBoard):
1446         * dfg/DFGSpeculativeJIT.cpp:
1447         (JSC::DFG::SpeculativeJIT::compileInlineStart):
1448         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
1449         (JSC::DFG::SpeculativeJIT::createOSREntries):
1450         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
1451         * dfg/DFGSpeculativeJIT.h:
1452         (JSC::DFG::SpeculativeJIT::calleeFrameOffset):
1453         (JSC::DFG::SpeculativeJIT::callFrameSlot):
1454         (JSC::DFG::SpeculativeJIT::argumentSlot):
1455         (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
1456         (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
1457         (JSC::DFG::SpeculativeJIT::argumentTagSlot):
1458         (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
1459         (JSC::DFG::SpeculativeJIT::framePointerOffsetToGetActivationRegisters):
1460         (JSC::DFG::SpeculativeJIT::callOperation):
1461         (JSC::DFG::SpeculativeJIT::recordSetLocal):
1462         * dfg/DFGSpeculativeJIT32_64.cpp:
1463         (JSC::DFG::SpeculativeJIT::emitCall):
1464         (JSC::DFG::SpeculativeJIT::compile):
1465         * dfg/DFGSpeculativeJIT64.cpp:
1466         (JSC::DFG::SpeculativeJIT::emitCall):
1467         (JSC::DFG::SpeculativeJIT::compile):
1468         * dfg/DFGStackLayoutPhase.cpp: Added.
1469         (JSC::DFG::StackLayoutPhase::StackLayoutPhase):
1470         (JSC::DFG::StackLayoutPhase::run):
1471         (JSC::DFG::performStackLayout):
1472         * dfg/DFGStackLayoutPhase.h: Added.
1473         * dfg/DFGValidate.cpp:
1474         (JSC::DFG::Validate::validate):
1475         * dfg/DFGVariableAccessData.h:
1476         (JSC::DFG::VariableAccessData::machineLocal):
1477         (JSC::DFG::VariableAccessData::flushedAt):
1478         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1479         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1480         * ftl/FTLExitValue.h:
1481         (JSC::FTL::ExitValue::inJSStack):
1482         (JSC::FTL::ExitValue::inJSStackAsInt32):
1483         (JSC::FTL::ExitValue::inJSStackAsInt52):
1484         (JSC::FTL::ExitValue::inJSStackAsDouble):
1485         (JSC::FTL::ExitValue::virtualRegister):
1486         * ftl/FTLLowerDFGToLLVM.cpp:
1487         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
1488         (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
1489         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
1490         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
1491         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
1492         * ftl/FTLOSRExitCompiler.cpp:
1493         (JSC::FTL::compileStub):
1494         * ftl/FTLValueSource.cpp:
1495         (JSC::FTL::ValueSource::dump):
1496         * ftl/FTLValueSource.h:
1497         (JSC::FTL::ValueSource::ValueSource):
1498         (JSC::FTL::ValueSource::kind):
1499         (JSC::FTL::ValueSource::operator!):
1500         (JSC::FTL::ValueSource::node):
1501         (JSC::FTL::ValueSource::virtualRegister):
1502         * interpreter/Interpreter.cpp:
1503         (JSC::unwindCallFrame):
1504         * interpreter/StackVisitor.cpp:
1505         (JSC::StackVisitor::readInlinedFrame):
1506         (JSC::StackVisitor::Frame::createArguments):
1507         (JSC::StackVisitor::Frame::existingArguments):
1508         * interpreter/StackVisitor.h:
1509         * jit/AssemblyHelpers.h:
1510         (JSC::AssemblyHelpers::addressFor):
1511         (JSC::AssemblyHelpers::tagFor):
1512         (JSC::AssemblyHelpers::payloadFor):
1513         (JSC::AssemblyHelpers::offsetOfArgumentsIncludingThis):
1514         * runtime/Arguments.cpp:
1515         (JSC::Arguments::tearOff):
1516         * runtime/Arguments.h:
1517         (JSC::Arguments::allocateSlowArguments):
1518         (JSC::Arguments::tryDeleteArgument):
1519         (JSC::Arguments::isDeletedArgument):
1520         (JSC::Arguments::isArgument):
1521         (JSC::Arguments::argument):
1522         (JSC::Arguments::finishCreation):
1523         * runtime/JSActivation.h:
1524         (JSC::JSActivation::create):
1525         (JSC::JSActivation::JSActivation):
1526         * runtime/JSFunction.cpp:
1527         (JSC::RetrieveArgumentsFunctor::operator()):
1528
1529 2013-10-05  Anders Carlsson  <andersca@apple.com>
1530
1531         Remove createOwned
1532         https://bugs.webkit.org/show_bug.cgi?id=122388
1533
1534         Reviewed by Darin Adler.
1535
1536         * profiler/ProfilerDatabase.cpp:
1537         (JSC::Profiler::Database::save):
1538
1539 2013-10-05  Darin Adler  <darin@apple.com>
1540
1541         Cut down on use of String::number
1542         https://bugs.webkit.org/show_bug.cgi?id=122382
1543
1544         Reviewed by Anders Carlsson.
1545
1546         * API/JSCallbackObjectFunctions.h:
1547         (JSC::JSCallbackObject::putByIndex): Use Identifier::from instead of calling
1548         String::number and creating an identifier from that. Can save creating and then
1549         destroying a string if an identifier already exists.
1550         * runtime/Arguments.cpp:
1551         (JSC::Arguments::getOwnPropertySlotByIndex): Ditto.
1552         (JSC::Arguments::getOwnPropertyNames): Ditto.
1553         (JSC::Arguments::putByIndex): Ditto.
1554         * runtime/JSGenericTypedArrayViewInlines.h:
1555         (JSC::::getOwnPropertyNames): Ditto.
1556         * runtime/StringObject.cpp:
1557         (JSC::StringObject::getOwnPropertyNames): Ditto.
1558
1559 2013-10-04  Mark Lam  <mark.lam@apple.com>
1560
1561         Change ScriptDebugServer to use DebuggerCallFrame instead of JavaScriptCallFrame.
1562         https://bugs.webkit.org/show_bug.cgi?id=121969.
1563
1564         Reviewed by Geoffrey Garen.
1565
1566         1. Make JavaScriptCallFrame a thin shell around the DebuggerCallFrame.
1567            DebuggerCallFrame now tracks whether it is valid instead of needing
1568            JavaScriptCallFrame do it.
1569         2. ScriptDebugServer now only instantiates an DebuggerCallFrame when needed
1570            just before it pauses and calls back to its client, and then invalidates
1571            it immediately when the callback returns. Every subsequent callback to
1572            the client will use a new instance of the DebuggerCallFrame.
1573         3. Similarly, ScriptDebugServer now only creates a JavaScriptCallFrame when
1574            it "pauses".
1575         4. DebuggerCallFrame only creates its caller DebuggerCallFrame when
1576            it is needed i.e. when the client calls callerFrame(). Similarly,
1577            JavaScriptCallFrame only creates its caller when it's requested.
1578         5. DebuggerCallFrame's line() and column() now returns a base-zero int.
1579         6. WebScriptDebugDelegate now only caches the functionName of the frame
1580            instead of the entire DebuggerCallFrame because that is all that is
1581            needed.
1582         7. Also removed evaluateInGlobalCallFrame() which is not used anywhere.
1583
1584         * debugger/Debugger.cpp:
1585         * debugger/Debugger.h:
1586         * debugger/DebuggerCallFrame.cpp:
1587         (JSC::DebuggerCallFrame::DebuggerCallFrame):
1588         (JSC::DebuggerCallFrame::callerFrame):
1589         (JSC::DebuggerCallFrame::dynamicGlobalObject):
1590         (JSC::DebuggerCallFrame::sourceId):
1591         (JSC::DebuggerCallFrame::functionName):
1592         (JSC::DebuggerCallFrame::scope):
1593         (JSC::DebuggerCallFrame::type):
1594         (JSC::DebuggerCallFrame::thisValue):
1595         (JSC::DebuggerCallFrame::evaluate):
1596         (JSC::DebuggerCallFrame::evaluateWithCallFrame):
1597         (JSC::DebuggerCallFrame::invalidate):
1598         (JSC::DebuggerCallFrame::positionForCallFrame):
1599         (JSC::DebuggerCallFrame::sourceIdForCallFrame):
1600         (JSC::DebuggerCallFrame::thisValueForCallFrame):
1601         * debugger/DebuggerCallFrame.h:
1602         (JSC::DebuggerCallFrame::create):
1603         (JSC::DebuggerCallFrame::exec):
1604         (JSC::DebuggerCallFrame::line):
1605         (JSC::DebuggerCallFrame::column):
1606         (JSC::DebuggerCallFrame::position):
1607         (JSC::DebuggerCallFrame::isValid):
1608         * interpreter/StackVisitor.cpp:
1609
1610 2013-10-04  Brent Fulgham  <bfulgham@apple.com>
1611
1612         Silence compiler warning when building 64-bit (on Windows)
1613
1614         Reviewed by Geoffrey Garen.
1615
1616         * jit/JSInterfaceJIT.h: Add a static cast for assignment.
1617
1618 2013-10-04  Nadav Rotem  <nrotem@apple.com>
1619
1620         FTL: Add support for ValueToInt32(bool(x))
1621         https://bugs.webkit.org/show_bug.cgi?id=122346
1622
1623         Reviewed by Geoffrey Garen.
1624
1625         * ftl/FTLCapabilities.cpp:
1626         (JSC::FTL::canCompile):
1627         * ftl/FTLLowerDFGToLLVM.cpp:
1628         (JSC::FTL::LowerDFGToLLVM::compileNode):
1629         (JSC::FTL::LowerDFGToLLVM::compileValueToInt32):
1630
1631 2013-10-04  Oliver Hunt  <oliver@apple.com>
1632
1633         Build fix.
1634
1635         * runtime/JSArrayIterator.cpp:
1636
1637 2013-10-04  Oliver Hunt  <oliver@apple.com>
1638
1639         Support for-of syntax
1640         https://bugs.webkit.org/show_bug.cgi?id=122339
1641
1642         Reviewed by Geoffrey Garen.
1643
1644         Add support for for-of syntax to JSC.  As part of doing this I had to make
1645         us support unique empty strings as identifiers.  In a follow on patch i'm
1646         going to remove the distinction entirely as it's purely a complicating
1647         separation.
1648
1649         Otherwise the logic here is fairly self-explanatory.
1650
1651         * bytecompiler/BytecodeGenerator.cpp:
1652         (JSC::BytecodeGenerator::addConstant):
1653         (JSC::BytecodeGenerator::emitCall):
1654         * bytecompiler/BytecodeGenerator.h:
1655         * bytecompiler/NodesCodegen.cpp:
1656         (JSC::CallArguments::CallArguments):
1657         (JSC::ForOfNode::emitBytecode):
1658         * jit/JITOperations.cpp:
1659         * parser/ASTBuilder.h:
1660         (JSC::ASTBuilder::createForOfLoop):
1661         * parser/NodeConstructors.h:
1662         (JSC::EnumerationNode::EnumerationNode):
1663         (JSC::ForInNode::ForInNode):
1664         (JSC::ForOfNode::ForOfNode):
1665         * parser/Nodes.h:
1666         * parser/Parser.cpp:
1667         (JSC::::parseVarDeclarationList):
1668         (JSC::::parseForStatement):
1669         * parser/Parser.h:
1670         (JSC::Parser::isofToken):
1671         * parser/SyntaxChecker.h:
1672         (JSC::SyntaxChecker::createForOfLoop):
1673         * runtime/ArrayIteratorPrototype.cpp:
1674         (JSC::ArrayIteratorPrototype::finishCreation):
1675         (JSC::arrayIteratorPrototypeIterate):
1676         * runtime/ArrayPrototype.cpp:
1677         (JSC::ArrayPrototype::create):
1678         (JSC::ArrayPrototype::finishCreation):
1679         * runtime/ArrayPrototype.h:
1680         * runtime/CommonIdentifiers.cpp:
1681         (JSC::CommonIdentifiers::CommonIdentifiers):
1682         * runtime/CommonIdentifiers.h:
1683         * runtime/Identifier.h:
1684         (JSC::Identifier::from):
1685         * runtime/JSCJSValue.cpp:
1686         (JSC::JSValue::dumpInContext):
1687         * runtime/JSGlobalObject.cpp:
1688         (JSC::JSGlobalObject::reset):
1689         * runtime/JSObject.cpp:
1690         (JSC::JSObject::putDirectNativeFunction):
1691         * runtime/PrivateName.h:
1692         (JSC::PrivateName::PrivateName):
1693         * runtime/PropertyName.h:
1694         (JSC::PropertyName::PropertyName):
1695
1696 2013-10-04  Michael Saboff  <msaboff@apple.com>
1697
1698         FTL::OSRExit::convertToForward() shouldn't misuse Operands<>::operator[]
1699         https://bugs.webkit.org/show_bug.cgi?id=122336
1700
1701         Reviewed by Geoffrey Garen.
1702
1703         Changed code in change set r156900 to use the operand() accessor instead of operator[].
1704
1705         * ftl/FTLOSRExit.cpp:
1706         (JSC::FTL::OSRExit::convertToForward):
1707
1708 2013-10-04  Michael Saboff  <msaboff@apple.com>
1709
1710         FTL: Crash in OSRExit::convertToForward() using VirtualRegister.offset() as array index
1711         https://bugs.webkit.org/show_bug.cgi?id=122332
1712
1713         Reviewed by Oliver Hunt.
1714
1715         Changed the uses of .offset(), which returns a negative number for locals, to be
1716         toLocal() which returns a local's ordinal number.
1717
1718         * ftl/FTLOSRExit.cpp:
1719         (JSC::FTL::OSRExit::convertToForward):
1720
1721 2013-10-04  Michael Saboff  <msaboff@apple.com>
1722
1723         Add callOperation to Baseline JIT
1724         https://bugs.webkit.org/show_bug.cgi?id=122306
1725
1726         Reviewed by Geoffrey Garen.
1727
1728         Created baseline JIT compatible versions for a few flavors of callOperation().
1729         Migrated cti_op_new_regexp() and its caller to callOperation(operationNewRegexp()).
1730
1731         * dfg/DFGOperations.cpp: Moved operationNewRegexp() to JITOperations
1732         * dfg/DFGOperations.h:
1733         * jit/JIT.h:
1734         (JSC::JIT::appendCall):
1735         * jit/JITInlines.h:
1736         (JSC::JIT::appendCallWithExceptionCheck):
1737         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResult):
1738         (JSC::JIT::callOperation):
1739         * jit/JITOpcodes.cpp:
1740         (JSC::JIT::emit_op_new_regexp):
1741         * jit/JITOperations.cpp:
1742         * jit/JITOperations.h:
1743         * jit/JITStubs.cpp:
1744         * jit/JITStubs.h:
1745         * jit/JSInterfaceJIT.h:
1746
1747 2013-10-03  Mark Rowe  <mrowe@apple.com>
1748
1749         REGRESSION (r156811): WebCore rebuilds from scratch when doing an incremental build
1750
1751         The change in r156811 resulted in several public headers in the JavaScriptCore framework having their modification
1752         date touched on every build, even if their contents had not changed. This resulted in a large portion of WebCore
1753         needing to rebuilt after an incremental build of JavaScriptCore.
1754
1755         Reviewed by Dan Bernstein.
1756
1757         * JavaScriptCore.xcodeproj/project.pbxproj: Have unifdef generate its output to a temporary file. If its exit status
1758         indicates that the content did not change, remove the temporary file. If the content changed, moved the temporary file
1759         over the destination.
1760
1761 2013-10-03  Brent Fulgham  <bfulgham@apple.com>
1762
1763         [Win] Unreviewed gardening.
1764
1765         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Clean up the
1766         paths for various files added outside of Visual Studio. They are all
1767         displayed in the root of the project, rather than the proper sub-folder.
1768
1769 2013-10-03  Brent Fulgham  <bfulgham@apple.com>
1770
1771         [Win] Update solutions and projects to support 64-bit builds.
1772         https://bugs.webkit.org/show_bug.cgi?id=122225
1773
1774         Reviewed by Anders Carlsson.
1775
1776         Revise ordering of CPU(X86) and CPU(X86_64) tests, because MSVC always defines
1777         both when targeting a 64-bit build.
1778
1779         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add an x64 target
1780         for 64-bit builds.
1781
1782 2013-10-03  Michael Saboff  <msaboff@apple.com>
1783
1784         Eliminate unused JITStub function declarations
1785         https://bugs.webkit.org/show_bug.cgi?id=122288
1786
1787         Reviewed by Geoffrey Garen.
1788
1789         Removed unused JITStub declarations.
1790
1791         * jit/JITStubs.h:
1792
1793 2013-10-03  Sergio Correia  <sergio.correia@openbossa.org>
1794
1795         [EFL] [DEBUG] JavaScriptCore fails to build
1796         https://bugs.webkit.org/show_bug.cgi?id=122267
1797
1798         Reviewed by Michael Saboff.
1799
1800         Build fails due to an expression containing comparison between signed
1801         and unsigned integer.
1802
1803         * llint/LLIntData.cpp:
1804         (JSC::LLInt::Data::performAssertions): Add cast to avoid signed vs.
1805         unsigned comparison warning.
1806
1807 2013-10-03  Nadav Rotem  <nrotem@apple.com>
1808
1809         DFG: ConstProp the pattern ValueToInt32(Bool(x)) -> Int32(x)
1810         https://bugs.webkit.org/show_bug.cgi?id=122263
1811
1812         Reviewed by Geoffrey Garen.
1813
1814         * dfg/DFGAbstractInterpreterInlines.h:
1815         (JSC::DFG::::executeEffects):
1816
1817 2013-10-02  Dan Bernstein  <mitz@apple.com>
1818
1819         REGRESSION (r156811): Objective-C JavaScriptCore API test failing on Mountain Lion bots
1820         https://bugs.webkit.org/show_bug.cgi?id=122260
1821
1822         Reviewed by Mark Rowe.
1823
1824         For the API to work, the tests need to be compiled with a newer version of the LLVM
1825         compiler. Until the bots are updated to that version, disable the tests on 10.8.
1826
1827         * API/tests/testapi.mm:
1828
1829 2013-10-02  Mark Lam  <mark.lam@apple.com>
1830
1831         Make LLINT exception stack unwinding consistent with the JIT.
1832         https://bugs.webkit.org/show_bug.cgi?id=122255.
1833
1834         Reviewed by Filip Pizlo.
1835
1836         Previously, the CommonSlowPaths code is expected to behave in an
1837         inconsistent way in terms of whether to unwind the stack when handling
1838         exceptions or not. For the LLINT, the slow path should unwind the stack
1839         before returning. For the JIT, the slow path should not unwind the stack.
1840         This can result in the stack being unwound twice when the exception
1841         being handled is a TerminationException.
1842
1843         This patch fixes the LLINT's expectation so that it expects the same
1844         slow path behavior as the JIT does.
1845
1846         * llint/LLIntExceptions.cpp:
1847         (JSC::LLInt::returnToThrow):
1848         (JSC::LLInt::callToThrow):
1849         * llint/LLIntSlowPaths.cpp:
1850         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1851         * llint/LLIntSlowPaths.h:
1852         * llint/LowLevelInterpreter32_64.asm:
1853         * llint/LowLevelInterpreter64.asm:
1854         * runtime/CommonSlowPathsExceptions.cpp:
1855         (JSC::CommonSlowPaths::interpreterThrowInCaller):
1856
1857 2013-10-02  Filip Pizlo  <fpizlo@apple.com>
1858
1859         The DFG should use always DFG::Graph methods for determining where special registers are
1860         https://bugs.webkit.org/show_bug.cgi?id=122248
1861
1862         Reviewed by Michael Saboff.
1863         
1864         This makes it possible to have the DFG use different registers than the other engines
1865         for things like activation and arguments.
1866
1867         * dfg/DFGCSEPhase.cpp:
1868         (JSC::DFG::CSEPhase::setLocalStoreElimination):
1869         * dfg/DFGClobberize.h:
1870         (JSC::DFG::clobberize):
1871         * dfg/DFGGraph.h:
1872         (JSC::DFG::Graph::activationRegister):
1873         (JSC::DFG::Graph::uncheckedActivationRegister):
1874         * dfg/DFGOSRExitCompiler32_64.cpp:
1875         (JSC::DFG::OSRExitCompiler::compileExit):
1876         * dfg/DFGOSRExitCompiler64.cpp:
1877         (JSC::DFG::OSRExitCompiler::compileExit):
1878         * dfg/DFGSpeculativeJIT32_64.cpp:
1879         (JSC::DFG::SpeculativeJIT::compile):
1880         * dfg/DFGSpeculativeJIT64.cpp:
1881         (JSC::DFG::SpeculativeJIT::compile):
1882         * jit/AssemblyHelpers.h:
1883         (JSC::AssemblyHelpers::baselineArgumentsRegisterFor):
1884
1885 2013-10-02  Dan Bernstein  <mitz@apple.com>
1886
1887         The Objective-C API should be available in 10.8 builds
1888         https://bugs.webkit.org/show_bug.cgi?id=122245
1889
1890         Reviewed by Mark Rowe.
1891
1892         Enabled the Objective-C API when building on OS X 10.8 with the modern Objective-C runtime,
1893         but kept the availability attributes in API headers for 10.9 and later as they were.
1894
1895         * API/JSBase.h: When JSC_OBJC_API_AVAILABLE_MAC_OS_X_1080 is defined, made
1896         JSC_OBJC_API_ENABLED true on 10.8 and above.
1897         * API/JSContext.h: When JSC_OBJC_API_AVAILABLE_MAC_OS_X_1080 is defined, marked the class
1898         as available on all OS X versions.
1899         * API/JSManagedValue.h: Ditto.
1900         * API/JSValue.h: Ditto.
1901         * API/JSVirtualMachine.h: Ditto.
1902         * Configurations/Base.xcconfig: Added JSC_OBJC_API_AVAILABLE_MAC_OS_X_1080 to
1903         GCC_PREPROCESSOR_DEFINITIONS.
1904         * JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase to unifdef the
1905         above header files with JSC_OBJC_API_AVAILABLE_MAC_OS_X_1080 either defined or not based on
1906         the OS X version we are targeting.
1907
1908 2013-10-02  Michael Saboff  <msaboff@apple.com>
1909
1910         Make Baseline JIT exception handling work like the DFG JIT
1911         https://bugs.webkit.org/show_bug.cgi?id=122244
1912
1913         Reviewed by Filip Pizlo.
1914
1915         Added a jump list (m_exceptionChecks) to JIT as a common place for exception processing within
1916         generated code.  Added exceptionCheck() helpers that check for an exception which add a branch
1917         to the list.
1918
1919         * jit/JIT.cpp:
1920         (JSC::JIT::privateCompile):
1921         (JSC::JIT::privateCompileExceptionHandlers):
1922         * jit/JIT.h:
1923         (JSC::JIT::exceptionCheck):
1924
1925 2013-10-02  Oliver Hunt  <oliver@apple.com>
1926
1927         Fix MSVC build
1928
1929         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1930
1931 2013-10-02  Geoffrey Garen  <ggaren@apple.com>
1932
1933         Optimized VM access from C++ code
1934         https://bugs.webkit.org/show_bug.cgi?id=122241
1935
1936         Reviewed by Filip Pizlo.
1937
1938         * runtime/JSScope.h:
1939         (JSC::JSScope::vm): Use MarkedBlock instead of Heap, since both have a
1940         pointer to the VM, and Heap is one extra load.
1941
1942 2013-10-02  Michael Saboff  <msaboff@apple.com>
1943
1944         The LLInt should not use JITStackFrame
1945         https://bugs.webkit.org/show_bug.cgi?id=122231
1946
1947         Reviewed by Filip Pizlo.
1948
1949         Replaced uses of JITStackFrame::vm with code to either access the vm via the CodeBlock from
1950         known JavaScript call frames or via the JSScope* for host call frames.  This eliminates
1951         all uses of JITStackFrame from the LLInt.
1952
1953         * heap/MarkedBlock.h: Made LLIntOffsetsExtractor a friend to access member offsets.
1954         * heap/WeakSet.h: Made LLIntOffsetsExtractor a friend to access member offsets.
1955         * llint/LLIntData.cpp:
1956         (JSC::LLInt::Data::performAssertions): Added an ASSERT for the newly added MarkedBlockMask
1957         * llint/LowLevelInterpreter.asm:
1958         * llint/LowLevelInterpreter32_64.asm:
1959         * llint/LowLevelInterpreter64.asm:
1960
1961 2013-10-01  Oliver Hunt  <oliver@apple.com>
1962
1963         Implement Array key, value and entries iterators
1964         https://bugs.webkit.org/show_bug.cgi?id=122195
1965
1966         Reviewed by Filip Pizlo.
1967
1968         Add implementation of ES6 Array iterators for keys(), values() and entries()
1969
1970         Fairly self explanatory as we just need a simple implementation so that we can
1971         implement and test other features.
1972
1973         * JavaScriptCore.xcodeproj/project.pbxproj:
1974         * runtime/ArrayIteratorConstructor.cpp: Added.
1975         (JSC::ArrayIteratorConstructor::finishCreation):
1976         * runtime/ArrayIteratorConstructor.h: Added.
1977         (JSC::ArrayIteratorConstructor::create):
1978         (JSC::ArrayIteratorConstructor::createStructure):
1979         (JSC::ArrayIteratorConstructor::ArrayIteratorConstructor):
1980         * runtime/ArrayIteratorPrototype.cpp: Added.
1981         (JSC::ArrayIteratorPrototype::finishCreation):
1982         (JSC::createIteratorResult):
1983         (JSC::arrayIteratorPrototypeNext):
1984         * runtime/ArrayIteratorPrototype.h: Added.
1985         (JSC::ArrayIteratorPrototype::create):
1986         (JSC::ArrayIteratorPrototype::createStructure):
1987         (JSC::ArrayIteratorPrototype::ArrayIteratorPrototype):
1988         * runtime/ArrayPrototype.cpp:
1989         (JSC::arrayProtoFuncValues):
1990         (JSC::arrayProtoFuncEntries):
1991         (JSC::arrayProtoFuncKeys):
1992         * runtime/CommonIdentifiers.h:
1993         * runtime/Identifier.h:
1994         (JSC::Identifier::createEmptyUnique):
1995         * runtime/JSArrayIterator.cpp: Added.
1996         (JSC::JSArrayIterator::finishCreation):
1997         * runtime/JSArrayIterator.h: Added.
1998         (JSC::JSArrayIterator::createStructure):
1999         (JSC::JSArrayIterator::create):
2000         (JSC::JSArrayIterator::iterationKind):
2001         (JSC::JSArrayIterator::iteratedObject):
2002         (JSC::JSArrayIterator::nextIndex):
2003         (JSC::JSArrayIterator::setNextIndex):
2004         (JSC::JSArrayIterator::finish):
2005         (JSC::JSArrayIterator::JSArrayIterator):
2006         * runtime/JSGlobalObject.cpp:
2007         (JSC::JSGlobalObject::reset):
2008         * runtime/JSGlobalObject.h:
2009         (JSC::JSGlobalObject::iteratorResultStructure):
2010
2011 2013-10-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2012
2013         get_callee and to_this aren't properly cleared during finalizeUnconditionally
2014         https://bugs.webkit.org/show_bug.cgi?id=122224
2015
2016         Reviewed by Geoffrey Garen.
2017
2018         Even though there is code to clear unmarked inline cache objects in finalizeUnconditionally,
2019         it will never run because get_callee and to_this weren't added to the proper Vector in the 
2020         UnlinkedCodeBlock that is iterated during finalizeUnconditionally.
2021
2022         * bytecompiler/BytecodeGenerator.cpp:
2023         (JSC::BytecodeGenerator::BytecodeGenerator):
2024         (JSC::BytecodeGenerator::emitCreateThis):
2025
2026 2013-09-25  Oliver Hunt  <oliver@apple.com>
2027
2028         Implement prefixed-destructuring assignment
2029         https://bugs.webkit.org/show_bug.cgi?id=121930
2030
2031         Reviewed by Mark Hahnenberg.
2032
2033         Relanding with fix after rollout - it helps to not completely destroy
2034         optimisations for no reason.
2035
2036 2013-10-02  Nadav Rotem  <nrotem@apple.com>
2037
2038         FTL: Refactor compileArithDiv and compileArithMod into one function.
2039         https://bugs.webkit.org/show_bug.cgi?id=122205
2040
2041         Reviewed by Filip Pizlo.
2042
2043         * ftl/FTLLowerDFGToLLVM.cpp:
2044         (JSC::FTL::LowerDFGToLLVM::compileNode):
2045         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
2046         (JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
2047
2048 2013-10-02  Anders Carlsson  <andersca@apple.com>
2049
2050         Get rid of Qt code from JavaScriptCore
2051         https://bugs.webkit.org/show_bug.cgi?id=122223
2052
2053         Reviewed by Oliver Hunt.
2054
2055         * API/JSStringRefQt.cpp: Removed.
2056         * API/JSStringRefQt.h: Removed.
2057         * API/OpaqueJSString.h:
2058         * DerivedSources.pri: Removed.
2059         * JavaScriptCore.pri: Removed.
2060         * JavaScriptCore.pro: Removed.
2061         * LLIntOffsetsExtractor.pro: Removed.
2062         * Target.pri: Removed.
2063         * assembler/AbstractMacroAssembler.h:
2064         * assembler/MacroAssembler.h:
2065         (JSC::MacroAssembler::urshift32):
2066         * assembler/MacroAssemblerARMv7.h:
2067         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
2068         * assembler/MacroAssemblerX86Common.h:
2069         * dfg/DFGSpeculativeJIT.cpp:
2070         (JSC::DFG::SpeculativeJIT::compileArithSub):
2071         * heap/HeapTimer.cpp:
2072         (JSC::HeapTimer::timerEvent):
2073         * heap/HeapTimer.h:
2074         * heap/IncrementalSweeper.cpp:
2075         (JSC::IncrementalSweeper::scheduleTimer):
2076         * heap/IncrementalSweeper.h:
2077         * jit/JITArithmetic32_64.cpp:
2078         (JSC::JIT::emitSub32Constant):
2079         * jsc.cpp:
2080         (main):
2081         * jsc.pro: Removed.
2082         * runtime/DateConstructor.cpp:
2083         * runtime/GCActivityCallback.cpp:
2084         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2085         (JSC::DefaultGCActivityCallback::cancelTimer):
2086         * runtime/GCActivityCallback.h:
2087         * testRegExp.cpp:
2088         (main):
2089         * yarr/yarr.pri: Removed.
2090
2091 2013-10-01  Filip Pizlo  <fpizlo@apple.com>
2092
2093         FTL should use the new version of LLVM MCJIT memory manager APIs that take a SectionName
2094         https://bugs.webkit.org/show_bug.cgi?id=122193
2095
2096         Reviewed by Geoffrey Garen.
2097         
2098         Update our usage of the LLVM C API since the API is about to change.
2099
2100         * ftl/FTLCompile.cpp:
2101         (JSC::FTL::mmAllocateCodeSection):
2102         (JSC::FTL::mmAllocateDataSection):
2103
2104 2013-10-01  Filip Pizlo  <fpizlo@apple.com>
2105
2106         REGRESSION(156464): 50% regression on SunSpider/string-fasta
2107         https://bugs.webkit.org/show_bug.cgi?id=122202
2108
2109         Unreviewed, roll out r156464.
2110         
2111         This is a progression on string-fasta, since it fixes the regression.
2112
2113         * bytecode/UnlinkedCodeBlock.cpp:
2114         (JSC::UnlinkedFunctionExecutable::paramString):
2115         * bytecompiler/BytecodeGenerator.cpp:
2116         (JSC::BytecodeGenerator::BytecodeGenerator):
2117         * bytecompiler/BytecodeGenerator.h:
2118         (JSC::BytecodeGenerator::emitExpressionInfo):
2119         * bytecompiler/NodesCodegen.cpp:
2120         (JSC::ForInNode::emitBytecode):
2121         (JSC::FuncExprNode::emitBytecode):
2122         * parser/ASTBuilder.h:
2123         (JSC::ASTBuilder::createFormalParameterList):
2124         (JSC::ASTBuilder::createForInLoop):
2125         (JSC::ASTBuilder::addVar):
2126         * parser/NodeConstructors.h:
2127         (JSC::CommaNode::CommaNode):
2128         (JSC::ParameterNode::ParameterNode):
2129         (JSC::ForInNode::ForInNode):
2130         * parser/Nodes.cpp:
2131         (JSC::FunctionParameters::create):
2132         (JSC::FunctionParameters::FunctionParameters):
2133         (JSC::FunctionParameters::~FunctionParameters):
2134         * parser/Nodes.h:
2135         (JSC::ExpressionNode::isDotAccessorNode):
2136         (JSC::CommaNode::append):
2137         (JSC::ParameterNode::ident):
2138         (JSC::FunctionParameters::at):
2139         (JSC::FunctionParameters::identifiers):
2140         * parser/Parser.cpp:
2141         (JSC::::Parser):
2142         (JSC::::parseVarDeclaration):
2143         (JSC::::parseVarDeclarationList):
2144         (JSC::::parseForStatement):
2145         (JSC::::parseFormalParameters):
2146         (JSC::::parseAssignmentExpression):
2147         * parser/Parser.h:
2148         (JSC::Scope::declareParameter):
2149         (JSC::Parser::declareParameter):
2150         * parser/SyntaxChecker.h:
2151         (JSC::SyntaxChecker::createFormalParameterList):
2152         (JSC::SyntaxChecker::createForInLoop):
2153         (JSC::SyntaxChecker::operatorStackPop):
2154         * runtime/JSONObject.cpp:
2155         * runtime/JSONObject.h:
2156
2157 2013-10-01  Filip Pizlo  <fpizlo@apple.com>
2158
2159         Variable event stream (for DFG OSR exit) should be explicit about where on the stack a SetLocal put a value
2160         https://bugs.webkit.org/show_bug.cgi?id=122178
2161
2162         Reviewed by Geoffrey Garen.
2163         
2164         Now if the DFG stores the value of a variable into the stack explicitly via a SetLocal,
2165         it will record where on the stack it stored the value in addition to recording where on
2166         the stack the bytecode would have done the SetLocal. Previously it just recorded the
2167         format and the bytecode variable. Recording just the bytecode variable is currently fine
2168         since the DFG always executes SetLocal's to the same stack location that the bytecode
2169         would have used. But that prevents stack compression (webkit.org/b/122024) so this patch
2170         allows the SetLocal to say both the bytecode variable that we're speaking of and the
2171         actual stack location to which the SetLocal stored the value.
2172         
2173         This had to touch a lot of code, so I took the opportunity to also resolve
2174         webkit.org/b/108019.
2175
2176         * bytecode/Operands.h:
2177         (JSC::Operands::hasOperand):
2178         * dfg/DFGFlushFormat.h:
2179         (JSC::DFG::dataFormatFor):
2180         * dfg/DFGMinifiedID.h:
2181         (JSC::DFG::MinifiedID::bits):
2182         (JSC::DFG::MinifiedID::invalidID):
2183         (JSC::DFG::MinifiedID::otherInvalidID):
2184         * dfg/DFGSpeculativeJIT.cpp:
2185         (JSC::DFG::SpeculativeJIT::compileMovHint):
2186         (JSC::DFG::SpeculativeJIT::compileInlineStart):
2187         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2188         * dfg/DFGSpeculativeJIT.h:
2189         (JSC::DFG::SpeculativeJIT::recordSetLocal):
2190         * dfg/DFGSpeculativeJIT32_64.cpp:
2191         (JSC::DFG::SpeculativeJIT::compile):
2192         * dfg/DFGSpeculativeJIT64.cpp:
2193         (JSC::DFG::SpeculativeJIT::compile):
2194         * dfg/DFGValueSource.cpp:
2195         (JSC::DFG::ValueSource::dump):
2196         * dfg/DFGValueSource.h:
2197         (JSC::DFG::ValueSource::ValueSource):
2198         (JSC::DFG::ValueSource::forFlushFormat):
2199         (JSC::DFG::ValueSource::forDataFormat):
2200         (JSC::DFG::ValueSource::isSet):
2201         (JSC::DFG::ValueSource::kind):
2202         (JSC::DFG::ValueSource::valueRecovery):
2203         (JSC::DFG::ValueSource::id):
2204         (JSC::DFG::ValueSource::virtualRegister):
2205         * dfg/DFGVariableEvent.cpp:
2206         (JSC::DFG::VariableEvent::dump):
2207         (JSC::DFG::VariableEvent::dumpSpillInfo):
2208         * dfg/DFGVariableEvent.h:
2209         (JSC::DFG::VariableEvent::fillGPR):
2210         (JSC::DFG::VariableEvent::fillPair):
2211         (JSC::DFG::VariableEvent::fillFPR):
2212         (JSC::DFG::VariableEvent::spill):
2213         (JSC::DFG::VariableEvent::death):
2214         (JSC::DFG::VariableEvent::setLocal):
2215         (JSC::DFG::VariableEvent::movHint):
2216         (JSC::DFG::VariableEvent::id):
2217         (JSC::DFG::VariableEvent::gpr):
2218         (JSC::DFG::VariableEvent::tagGPR):
2219         (JSC::DFG::VariableEvent::payloadGPR):
2220         (JSC::DFG::VariableEvent::fpr):
2221         (JSC::DFG::VariableEvent::spillRegister):
2222         (JSC::DFG::VariableEvent::bytecodeRegister):
2223         (JSC::DFG::VariableEvent::machineRegister):
2224         (JSC::DFG::VariableEvent::variableRepresentation):
2225         * dfg/DFGVariableEventStream.cpp:
2226         (JSC::DFG::VariableEventStream::reconstruct):
2227
2228 2013-10-01  Nadav Rotem  <nrotem@apple.com>
2229
2230         FTL: split overflow checks into non-overflow arithmetic and an additional call to the overflow intrinsic check.
2231         https://bugs.webkit.org/show_bug.cgi?id=122170
2232
2233         Reviewed by Filip Pizlo.
2234
2235         Overflow intrinsics are preventing SCEV and other LLVM analysis passes from analyzing loops. This patch changes the FTL-IR gen by splitting arithmetic calculations into two parts:
2236         1. Generate the arithmetic calculation (that may overflow)
2237         2. Generate the overflow check (that is only used by the OSR-exit logic).
2238
2239         We trust LLVM (SelectionDAG) to merge these calculations into a single opcode.
2240
2241         This JS function:
2242
2243         function foo() {
2244             for (i=0; i < 10000000; i++) { }
2245         }
2246
2247         Is now compiled into this LLVM-IR: 
2248
2249         "OSR exit continuation for @24<Int32>":           ; preds = %"Block #0", %"OSR exit continuation for @24<Int32>2"
2250           %4 = phi i64 [ %10, %"OSR exit continuation for @24<Int32>2" ], [ -281474976710656, %"Block #0" ]
2251           %5 = trunc i64 %4 to i32
2252           %6 = add i32 %5, 1
2253           %7 = tail call { i32, i1 } @llvm.sadd.with.overflow.i32(i32 %5, i32 1)
2254           %8 = extractvalue { i32, i1 } %7, 1
2255           br i1 %8, label %"OSR exit failCase for @24<Int32>1", label %"OSR exit continuation for @24<Int32>2"
2256
2257          And into this assembly:
2258
2259         LBB0_1:                                 ## %OSR exit continuation for @24<Int32>
2260                                         ## =>This Inner Loop Header: Depth=1
2261             movl  %ecx, %esi
2262             incl  %esi
2263             jo  LBB0_4
2264
2265         * ftl/FTLLowerDFGToLLVM.cpp:
2266         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
2267         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
2268         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
2269
2270 2013-10-01  Nadav Rotem  <nrotem@apple.com>
2271
2272         Consolidate multiple OSRExit calls into one.
2273         https://bugs.webkit.org/show_bug.cgi?id=122168
2274
2275         Reviewed by Filip Pizlo.
2276
2277         * ftl/FTLLowerDFGToLLVM.cpp:
2278         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
2279         (JSC::FTL::LowerDFGToLLVM::compileArithDiv):
2280         (JSC::FTL::LowerDFGToLLVM::compileArithMod):
2281
2282 2013-09-30  Filip Pizlo  <fpizlo@apple.com>
2283
2284         SpeculativeJIT::m_arguments/m_variables are vestiges of a time long gone
2285         https://bugs.webkit.org/show_bug.cgi?id=122140
2286
2287         Reviewed by Darin Adler.
2288         
2289         Just killing code.
2290
2291         * dfg/DFGSpeculativeJIT.cpp:
2292         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
2293         (JSC::DFG::SpeculativeJIT::compileInlineStart):
2294         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2295         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2296         * dfg/DFGSpeculativeJIT.h:
2297         (JSC::DFG::SpeculativeJIT::recordSetLocal):
2298
2299 2013-10-01  Daniel Bates  <dabates@apple.com>
2300
2301         [iOS] JavaScriptCore fails to build with newer versions of clang
2302         https://bugs.webkit.org/show_bug.cgi?id=122162
2303
2304         Reviewed by Darin Adler.
2305
2306         * runtime/GCActivityCallback.cpp: Add !PLATFORM(IOS)-guard around constant pagingTimeOut
2307         as we don't compile the code that uses it on iOS.
2308
2309 2013-09-30  Sam Weinig  <sam@webkit.org>
2310
2311         Remove support for DOMFileSystem
2312         https://bugs.webkit.org/show_bug.cgi?id=122137
2313
2314         Reviewed by Anders Carlsson.
2315
2316         * Configurations/FeatureDefines.xcconfig:
2317
2318 2013-09-30  Dan Bernstein  <mitz@apple.com>
2319
2320         <rdar://problem/15114974> Assertion failure under -[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:] if no classes conform to JSExport
2321         https://bugs.webkit.org/show_bug.cgi?id=122124
2322
2323         Reviewed by Darin Adler.
2324
2325         * API/JSWrapperMap.mm: Defined an empty class that conforms to the JSExport protocol, to
2326         ensure that the protocol is always registered with the runtime by the time
2327         getJSExportProtocol() is called.
2328
2329 2013-09-30  Benjamin Poulain  <benjamin@webkit.org>
2330
2331         Remove the code guarded by STYLE_SCOPED
2332         https://bugs.webkit.org/show_bug.cgi?id=122123
2333
2334         Reviewed by Anders Carlsson.
2335
2336         * Configurations/FeatureDefines.xcconfig:
2337
2338 2013-09-30  Andreas Kling  <akling@apple.com>
2339
2340         Pass VM instead of ExecState to ObjectPrototype constructor.
2341         <https://webkit.org/b/122116>
2342
2343         Reviewed by Geoffrey Garen.
2344
2345         The ObjectPrototype constructor was only using the ExecState to get
2346         to the VM.
2347
2348 2013-09-30  Andreas Kling  <akling@apple.com>
2349
2350         Pass VM instead of JSGlobalObject to MathObject constructor.
2351         <https://webkit.org/b/122119>
2352
2353         Reviewed by Geoffrey Garen.
2354
2355         The MathObject constructor was only using the global object to get
2356         to the VM. finishCreation() still uses it to set up functions.
2357
2358 2013-09-30  Filip Pizlo  <fpizlo@apple.com>
2359
2360         Get rid of the AlreadyInJSStack recoveries since they are totally redundant with the DisplacedInJSStack recoveries
2361         https://bugs.webkit.org/show_bug.cgi?id=122065
2362
2363         Reviewed by Mark Hahnenberg.
2364         
2365         This mostly just kills a bunch of code.
2366         
2367         But incidentaly while killing that code, I uncovered a bug in our FTL OSR entrypoint
2368         creation phase. The phase inserts a sequence of SetLocal(ExtractOSREntryLocal) nodes.
2369         If we hoist some type check into the local, then we might inject a conversion node
2370         between the ExtractOSREntryLocal and the SetLocal - for example we might put in a
2371         Int32ToDouble node. But currently the FixupPhase will make all conversion nodes placed
2372         on an edge of a SetLocal use forward exit. This then confuses the OSR exit machinery.
2373         When OSR exit sees a forward exit, it tries to "roll forward" execution from the exiting
2374         node to the first node that has a different CodeOrigin. This only works if the nodes
2375         after the forward exit are MovHints or other tnings that the OSR exit compiler can
2376         forward-execute. But here, it will see a bunch of SetLocal and ExtractOSREntryLocal
2377         nodes for the same bytecode index. Two possible solutions exist. We could teach the
2378         forward-execution logic how to deal with multiple SetLocals and ExtractOSREntryLocals.
2379         This would be a lot of complexity; right now it just needs to deal with exactly one
2380         SetLocal-like operation. The alternative is to make sure that the conversion node that
2381         we inject ends up exiting *backward* rather than forward.
2382         
2383         But making the conversion nodes exit backward is somewhat tricky. Before this patch,
2384         conversion nodes always exit forward for SetLocals and backwards otherwise. It turns out
2385         that the solution is to rationalize how we choose the speculation direciton for a
2386         conversion node. The conversion node's speculation direction should be the same as the
2387         speculation direction of the node for which it is doing a conversion. Since SetLocal's
2388         already exit forward by default, this policy preserves our previous behavior. But it
2389         also allows the OSR entrypoint creation phase to make its SetLocals exit backward
2390         instead.
2391         
2392         Of course, if the SetLocal(ExtractOSREntryLocal) sequences exit backward, then we need
2393         to make sure that the OSR exit machine knows that the local variables are indeed live.
2394         Consider that if we have:
2395         
2396             a: ExtractOSREntryLocal(loc1)
2397             b: SetLocal(@a, loc1)
2398             c: ExtractOSRentryLocal(loc2)
2399             d: SetLocal(@c, loc2)
2400         
2401         Without additional magic, the exit at @b will think that loc2 is dead and the OSR exit
2402         compiler will clobber loc2 with Undefined. So we need to make sure that we actually
2403         emit code like:
2404         
2405             a: ExtractOSREntryLocal(loc1)
2406             b: ExtractOSREntryLocal(loc2)
2407             c: SetLocal(@a, loc1)
2408             d: SetLocal(@b, loc2)
2409             e: SetLocal(@a, loc1)
2410             f: SetLocal(@b, loc2)
2411
2412         * CMakeLists.txt:
2413         * GNUmakefile.list.am:
2414         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2415         * JavaScriptCore.xcodeproj/project.pbxproj:
2416         * Target.pri:
2417         * bytecode/CodeOrigin.h:
2418         * bytecode/ValueRecovery.cpp: Added.
2419         (JSC::ValueRecovery::recover):
2420         (JSC::ValueRecovery::dumpInContext):
2421         (JSC::ValueRecovery::dump):
2422         * bytecode/ValueRecovery.h:
2423         * dfg/DFGFixupPhase.cpp:
2424         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
2425         (JSC::DFG::FixupPhase::fixEdge):
2426         * dfg/DFGJITCode.cpp:
2427         (JSC::DFG::JITCode::reconstruct):
2428         * dfg/DFGNode.h:
2429         (JSC::DFG::Node::speculationDirection):
2430         (JSC::DFG::Node::setSpeculationDirection):
2431         * dfg/DFGOSREntrypointCreationPhase.cpp:
2432         (JSC::DFG::OSREntrypointCreationPhase::run):
2433         * dfg/DFGOSRExitCompiler32_64.cpp:
2434         (JSC::DFG::OSRExitCompiler::compileExit):
2435         * dfg/DFGOSRExitCompiler64.cpp:
2436         (JSC::DFG::OSRExitCompiler::compileExit):
2437         * dfg/DFGSpeculativeJIT.cpp:
2438         (JSC::DFG::SpeculativeJIT::compileInlineStart):
2439         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2440         * dfg/DFGSpeculativeJIT.h:
2441         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2442         * dfg/DFGValueSource.h:
2443         (JSC::DFG::ValueSource::valueRecovery):
2444         * dfg/DFGVariableEventStream.cpp:
2445         (JSC::DFG::VariableEventStream::reconstruct):
2446         * ftl/FTLLowerDFGToLLVM.cpp:
2447         (JSC::FTL::LowerDFGToLLVM::speculate):
2448         (JSC::FTL::LowerDFGToLLVM::speculateMachineInt):
2449         * interpreter/Register.h:
2450         (JSC::Register::unboxedStrictInt52):
2451         * runtime/Arguments.cpp:
2452         (JSC::Arguments::tearOff):
2453         * runtime/Arguments.h:
2454
2455 2013-09-30  Alex Christensen  <alex.christensen@flexsim.com>
2456
2457         Win64 compile fix after r1256490.
2458         https://bugs.webkit.org/show_bug.cgi?id=122117
2459
2460         Reviewed by Michael Saboff.
2461
2462         * jit/JITStubsMSVC64.asm:
2463         Implemented getHostCallReturnValue for Windows x86_64 processors.
2464
2465 2013-09-30  Andreas Kling  <akling@apple.com>
2466
2467         Pass VM instead of JSGlobalObject to RegExp constructor.
2468         <https://webkit.org/b/122113>
2469
2470         Reviewed by Darin Adler.
2471
2472         RegExps don't need anything from the global object during their
2473         construction and only use it to get to the VM. Reduce loads by
2474         simply passing the VM around instead.
2475
2476         JSC release binary size -= 120 bytes(!)
2477
2478 2013-09-30  Patrick Gansterer  <paroga@webkit.org>
2479
2480         Fix compilation for COMPILER(MSVC) && !CPU(X86) after r156490.
2481         https://bugs.webkit.org/show_bug.cgi?id=122102
2482
2483         Reviewed by Geoffrey Garen.
2484
2485         _AddressOfReturnAddress() is supported for all platforms of
2486         ths Microsoft compiler, so we can use it for !CPU(X86) too.
2487
2488         * jit/JITOperationWrappers.h:
2489
2490 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
2491
2492         Unreviewed. Build fix for DEBUG_VERBOSE mode after r156511.
2493
2494         * dfg/DFGSpeculativeJIT.cpp:
2495         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2496
2497 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
2498
2499         Unreviewed. Speculative build fix on ARMv7 Thumb2 after r156490.
2500
2501         * dfg/DFGSpeculativeJIT.cpp:
2502         (JSC::DFG::fmodAsDFGOperation):
2503
2504 2013-09-29  Nadav Rotem  <nrotem@apple.com>
2505
2506         FTL: refactor compileAdd and compileArithSub into one function.
2507         https://bugs.webkit.org/show_bug.cgi?id=122081
2508
2509         Reviewed by Geoffrey Garen.
2510
2511         * ftl/FTLLowerDFGToLLVM.cpp:
2512         (JSC::FTL::LowerDFGToLLVM::compileNode):
2513         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
2514
2515 2013-09-29  Andreas Kling  <akling@apple.com>
2516
2517         Pass VM instead of JSGlobalObject to function constructors.
2518         <https://webkit.org/b/122082>
2519
2520         Reviewed by Darin Adler.
2521
2522         Functions don't need anything from the global object during their
2523         construction and only use it to get to the VM. Reduce loads by
2524         simply passing the VM around instead.
2525
2526         This patch is mostly mechanical, I just changed the signature of
2527         InternalFunction and worked my way from there until it built.
2528
2529         JSC release binary size -= 4840 bytes.
2530
2531 2013-09-29  Andreas Kling  <akling@apple.com>
2532
2533         Pass VM instead of JSGlobalObject to ArrayPrototype constructor.
2534         <https://webkit.org/b/122079>
2535
2536         Reviewed by Geoffrey Garen.
2537
2538         ArrayPrototype doesn't need the global object for anything during
2539         construction, so reduce the amount of loads by just passing the VM.
2540
2541 2013-09-29  Andreas Kling  <akling@apple.com>
2542
2543         Pass VM instead of ExecState to simple builtin constructors.
2544         <https://webkit.org/b/122077>
2545
2546         Reviewed by Sam Weinig.
2547
2548         None of the simple builtins need the ExecState for anything during
2549         their construction, so reduce the amount of loads by just passing
2550         the VM around instead.
2551
2552 2013-09-29  Nadav Rotem  <nrotem@apple.com>
2553
2554         Refactor code for finding x86 scratch register.
2555         https://bugs.webkit.org/show_bug.cgi?id=122072
2556
2557         Reviewed by Geoffrey Garen.
2558
2559         * assembler/MacroAssemblerX86Common.h:
2560         (JSC::MacroAssemblerX86Common::getUnusedRegister):
2561         (JSC::MacroAssemblerX86Common::store8):
2562         (JSC::MacroAssemblerX86Common::store16):
2563
2564 2013-09-28  Mark Rowe  <mrowe@apple.com>
2565
2566         Take Xcode's advice and enable some extra warnings.
2567
2568         Reviewed by Sam Weinig.
2569
2570         * Configurations/Base.xcconfig:
2571         * JavaScriptCore.xcodeproj/project.pbxproj:
2572
2573 2013-09-28  Andreas Kling  <akling@apple.com>
2574
2575         Pass VM instead of ExecState to JSFunction constructors.
2576         <https://webkit.org/b/122014>
2577
2578         Reviewed by Geoffrey Garen.
2579
2580         JSFunction doesn't need the ExecState for anything during its
2581         construction, so reduce the amount of loads by just passing the
2582         VM around instead.
2583
2584         Factored out putDirectNonIndexAccessor() from the existing
2585         putDirectAccessor() to avoid snowballing the patch (and because
2586         it's kinda neat to avoid the extra branch.)
2587
2588         JSC release binary size -= 9680 bytes.
2589
2590 2013-09-28  Mark Rowe  <mrowe@apple.com>
2591
2592         JavaScriptCore fails to build with newer versions of clang.
2593
2594         Reviewed by Sam Weinig.
2595
2596         * interpreter/Interpreter.cpp: Remove an unused function.
2597         * parser/SourceProvider.cpp: Ditto.
2598         * runtime/GCActivityCallback.cpp: #if a constant that's only used on non-CF platforms.
2599         * runtime/JSCJSValue.cpp: Remove an unused constant.
2600         * runtime/JSString.cpp: Ditto.
2601
2602 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
2603
2604         Get rid of SetMyScope/SetCallee; use normal variables for the scope and callee of inlined call frames of closures
2605         https://bugs.webkit.org/show_bug.cgi?id=122047
2606
2607         Reviewed by Oliver Hunt.
2608         
2609         Currently we have the DFG reserve space for inline call frames at exactly the same stack
2610         offsets that you would have gotten if the baseline interpreter/JIT had made the calls.
2611         We need to get rid of that. One of the weirder parts of this is that we have special DFG
2612         operations for accessing these inlined call frame headers. It's really hard for any
2613         analysis of DFG IR to see what the liveness of any of those frame header "variables" is;
2614         the liveness behaves like flushed arguments (it's all live until end of the inlinee) but
2615         we don't have anything like a Flush node for those special variables.
2616         
2617         This patch gets rid of the special operations for accessing inline call frame headers.
2618         GetMyScope and GetCallee still remain, and are only for accessing the machine call
2619         frame's scope/callee entries. The inline call frame's scope/callee now behave like
2620         normal variables, and have Flush behavior just like inline arguments.
2621
2622         * dfg/DFGAbstractInterpreterInlines.h:
2623         (JSC::DFG::::executeEffects):
2624         * dfg/DFGByteCodeParser.cpp:
2625         (JSC::DFG::ByteCodeParser::getDirect):
2626         (JSC::DFG::ByteCodeParser::get):
2627         (JSC::DFG::ByteCodeParser::setDirect):
2628         (JSC::DFG::ByteCodeParser::set):
2629         (JSC::DFG::ByteCodeParser::setLocal):
2630         (JSC::DFG::ByteCodeParser::setArgument):
2631         (JSC::DFG::ByteCodeParser::flush):
2632         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
2633         (JSC::DFG::ByteCodeParser::handleInlining):
2634         (JSC::DFG::ByteCodeParser::getScope):
2635         * dfg/DFGCSEPhase.cpp:
2636         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
2637         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
2638         (JSC::DFG::CSEPhase::performNodeCSE):
2639         * dfg/DFGClobberize.h:
2640         (JSC::DFG::clobberize):
2641         * dfg/DFGFixupPhase.cpp:
2642         (JSC::DFG::FixupPhase::fixupNode):
2643         * dfg/DFGNodeType.h:
2644         * dfg/DFGPredictionPropagationPhase.cpp:
2645         (JSC::DFG::PredictionPropagationPhase::propagate):
2646         * dfg/DFGSafeToExecute.h:
2647         (JSC::DFG::safeToExecute):
2648         * dfg/DFGSpeculativeJIT32_64.cpp:
2649         (JSC::DFG::SpeculativeJIT::compile):
2650         * dfg/DFGSpeculativeJIT64.cpp:
2651         (JSC::DFG::SpeculativeJIT::compile):
2652
2653 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
2654
2655         Deoptimize 32-bit deoptimization
2656         https://bugs.webkit.org/show_bug.cgi?id=122025
2657
2658         Reviewed by Oliver Hunt.
2659         
2660         Just simplifying a bunch of code. I don't want the old, super-complicated,
2661         deoptimization code to get in the way of changes I'll be making to DFG stack layout.
2662
2663         * bytecode/ValueRecovery.h:
2664         (JSC::ValueRecovery::inGPR):
2665         (JSC::ValueRecovery::isInRegisters):
2666         (JSC::ValueRecovery::gpr):
2667         (JSC::ValueRecovery::dumpInContext):
2668         * dfg/DFGOSRExitCompiler32_64.cpp:
2669         (JSC::DFG::OSRExitCompiler::compileExit):
2670         * dfg/DFGOSRExitCompiler64.cpp:
2671         (JSC::DFG::OSRExitCompiler::compileExit):
2672
2673 2013-09-27  Alex Christensen  <alex.christensen@flexsim.com>
2674
2675         Fixed Win64 build after r156184.
2676         https://bugs.webkit.org/show_bug.cgi?id=121994
2677
2678         Reviewed by Oliver Hunt.
2679
2680         * jit/CCallHelpers.h:
2681         (JSC::CCallHelpers::setupTwoStubArgsGPR):
2682         (JSC::CCallHelpers::setupTwoStubArgsFPR):
2683         Renamed from setupTwoStubArgs.
2684         Visual Studio x64 compiler fails to see that this is an overloaded template function.
2685         (JSC::CCallHelpers::setupStubArguments):
2686         (JSC::CCallHelpers::setupArguments):
2687         (JSC::CCallHelpers::setupArgumentsWithExecState):
2688         Use setupTwoStubArgsGPR or setupTwoStubArgsFPR instead of setupTwoStubArgs.
2689
2690 2013-09-27  Gabor Rapcsanyi  <rgabor@webkit.org>
2691
2692         LLInt alignment problem on ARM in debug mode
2693         https://bugs.webkit.org/show_bug.cgi?id=122012
2694
2695         Reviewed by Michael Saboff.
2696
2697         Force GCC to put the LLInt code to .text section.
2698
2699         * llint/LowLevelInterpreter.cpp:
2700
2701 2013-09-06  Jer Noble  <jer.noble@apple.com>
2702
2703         [Mac] Implement the media controls in JavaScript.
2704         https://bugs.webkit.org/show_bug.cgi?id=120895
2705
2706         Reviewed by Dean Jackson.
2707
2708         Define and turn on ENABLE_MEDIA_CONTROLS_SCRIPT.
2709
2710         * Configurations/FeatureDefines.xcconfig:
2711
2712 2013-09-27  Andreas Kling  <akling@apple.com>
2713
2714         Pass VM instead of ExecState to JSDateMath functions.
2715         <https://webkit.org/b/121997>
2716
2717         Reviewed by Geoffrey Garen.
2718
2719         The JSC date math functions only need the VM, so pass that from
2720         callers instead of the whole ExecState.
2721
2722 2013-09-26  Andreas Kling  <akling@apple.com>
2723
2724         GetterSetter construction should take a VM instead of ExecState.
2725         <https://webkit.org/b/121993>
2726
2727         Reviewed by Sam Weinig.
2728
2729         Pass VM& instead of ExecState* to GetterSetter. Updated surrounding
2730         code at touched sites to cache VM in a local for fewer loads.
2731
2732         JSC release binary size -= 4120 bytes.
2733
2734 2013-09-26  Oliver Hunt  <oliver@apple.com>
2735
2736         Make GCC happy
2737
2738         * parser/Parser.h:
2739
2740 2013-09-25  Oliver Hunt  <oliver@apple.com>
2741
2742         Implement prefixed-destructuring assignment
2743         https://bugs.webkit.org/show_bug.cgi?id=121930
2744
2745         Reviewed by Mark Hahnenberg.
2746
2747         Relanding with fix after rollout
2748
2749 2013-09-26  Michael Saboff  <msaboff@apple.com>
2750
2751         VirtualRegister should be a class
2752         https://bugs.webkit.org/show_bug.cgi?id=121732
2753
2754         Reviewed by Geoffrey Garen.
2755
2756         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
2757         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
2758         and the similar functions for locals to VirtualRegister class.
2759
2760         This is in preparation for changing the offset for the first local register from
2761         0 to -1.  This is needed since most native calling conventions have the architected
2762         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
2763         pointer.  Local values start below that address.
2764
2765         * bytecode/CodeBlock.cpp:
2766         * bytecode/CodeBlock.h:
2767         * bytecode/Instruction.h:
2768         * bytecode/LazyOperandValueProfile.h:
2769         * bytecode/MethodOfGettingAValueProfile.cpp:
2770         * bytecode/Operands.h:
2771         * bytecode/UnlinkedCodeBlock.cpp:
2772         * bytecode/UnlinkedCodeBlock.h:
2773         * bytecode/ValueRecovery.h:
2774         * bytecode/VirtualRegister.h:
2775         * bytecompiler/BytecodeGenerator.cpp:
2776         * bytecompiler/BytecodeGenerator.h:
2777         * bytecompiler/RegisterID.h:
2778         * debugger/DebuggerCallFrame.cpp:
2779         * dfg/DFGAbstractHeap.h:
2780         * dfg/DFGAbstractInterpreterInlines.h:
2781         * dfg/DFGArgumentPosition.h:
2782         * dfg/DFGArgumentsSimplificationPhase.cpp:
2783         * dfg/DFGByteCodeParser.cpp:
2784         * dfg/DFGCFGSimplificationPhase.cpp:
2785         * dfg/DFGCPSRethreadingPhase.cpp:
2786         * dfg/DFGCapabilities.cpp:
2787         * dfg/DFGConstantFoldingPhase.cpp:
2788         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2789         * dfg/DFGGraph.cpp:
2790         * dfg/DFGGraph.h:
2791         * dfg/DFGJITCode.cpp:
2792         * dfg/DFGNode.h:
2793         * dfg/DFGOSREntry.cpp:
2794         * dfg/DFGOSREntrypointCreationPhase.cpp:
2795         * dfg/DFGOSRExit.h:
2796         * dfg/DFGOSRExitCompiler32_64.cpp:
2797         * dfg/DFGOSRExitCompiler64.cpp:
2798         * dfg/DFGRegisterBank.h:
2799         * dfg/DFGScoreBoard.h:
2800         * dfg/DFGSpeculativeJIT.cpp:
2801         * dfg/DFGSpeculativeJIT.h:
2802         * dfg/DFGSpeculativeJIT32_64.cpp:
2803         * dfg/DFGSpeculativeJIT64.cpp:
2804         * dfg/DFGValidate.cpp:
2805         * dfg/DFGValueRecoveryOverride.h:
2806         * dfg/DFGVariableAccessData.h:
2807         * dfg/DFGVariableEvent.h:
2808         * dfg/DFGVariableEventStream.cpp:
2809         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2810         * ftl/FTLExitArgumentForOperand.h:
2811         * ftl/FTLLink.cpp:
2812         * ftl/FTLLowerDFGToLLVM.cpp:
2813         * ftl/FTLOSREntry.cpp:
2814         * ftl/FTLOSRExit.cpp:
2815         * ftl/FTLOSRExit.h:
2816         * ftl/FTLOSRExitCompiler.cpp:
2817         * interpreter/CallFrame.h:
2818         * interpreter/Interpreter.cpp:
2819         * jit/AssemblyHelpers.h:
2820         * jit/JIT.h:
2821         * jit/JITCall.cpp:
2822         * jit/JITCall32_64.cpp:
2823         * jit/JITInlines.h:
2824         * jit/JITOpcodes.cpp:
2825         * jit/JITOpcodes32_64.cpp:
2826         * jit/JITPropertyAccess32_64.cpp:
2827         * jit/JITStubs.cpp:
2828         * llint/LLIntSlowPaths.cpp:
2829         * profiler/ProfilerBytecodeSequence.cpp:
2830         * runtime/CommonSlowPaths.cpp:
2831         * runtime/JSActivation.cpp:
2832
2833 2013-09-26  Anders Carlsson  <andersca@apple.com>
2834
2835         Work around another MSVC bug.
2836
2837         * runtime/PrototypeMap.cpp:
2838         (JSC::PrototypeMap::emptyObjectStructureForPrototype):
2839
2840 2013-09-26  Anders Carlsson  <andersca@apple.com>
2841
2842         Attempt to fix the FTL build.
2843
2844         * ftl/FTLAbstractHeap.cpp:
2845         (JSC::FTL::IndexedAbstractHeap::atSlow):
2846
2847 2013-09-26  Andreas Kling  <akling@apple.com>
2848
2849         Pass VM instead of ExecState to many finishCreation() functions.
2850         <https://webkit.org/b/121975>
2851
2852         Reviewed by Sam Weinig.
2853
2854         Reduce unnecessary loads by passing the VM to object creation
2855         functions that don't need the ExecState.
2856
2857         There are tons of opportunities in this area, I'm just scratching
2858         the surface.
2859
2860 2013-09-26  Commit Queue  <commit-queue@webkit.org>
2861
2862         Unreviewed, rolling out r156464 and r156480.
2863         http://trac.webkit.org/changeset/156464
2864         http://trac.webkit.org/changeset/156480
2865         https://bugs.webkit.org/show_bug.cgi?id=121981
2866
2867         Leaking too much and killi\1cng buildbot. (Requested by xenon on
2868         #webkit).
2869
2870         * bytecode/UnlinkedCodeBlock.cpp:
2871         (JSC::UnlinkedFunctionExecutable::paramString):
2872         * bytecompiler/BytecodeGenerator.cpp:
2873         (JSC::BytecodeGenerator::BytecodeGenerator):
2874         * bytecompiler/BytecodeGenerator.h:
2875         (JSC::BytecodeGenerator::emitExpressionInfo):
2876         * bytecompiler/NodesCodegen.cpp:
2877         (JSC::ForInNode::emitBytecode):
2878         (JSC::FuncExprNode::emitBytecode):
2879         * parser/ASTBuilder.h:
2880         (JSC::ASTBuilder::createFormalParameterList):
2881         (JSC::ASTBuilder::createForInLoop):
2882         (JSC::ASTBuilder::addVar):
2883         * parser/NodeConstructors.h:
2884         (JSC::CommaNode::CommaNode):
2885         (JSC::ParameterNode::ParameterNode):
2886         (JSC::ForInNode::ForInNode):
2887         * parser/Nodes.cpp:
2888         (JSC::FunctionParameters::create):
2889         (JSC::FunctionParameters::FunctionParameters):
2890         (JSC::FunctionParameters::~FunctionParameters):
2891         * parser/Nodes.h:
2892         (JSC::CommaNode::append):
2893         (JSC::ParameterNode::ident):
2894         (JSC::FunctionParameters::at):
2895         (JSC::FunctionParameters::identifiers):
2896         * parser/Parser.cpp:
2897         (JSC::::Parser):
2898         (JSC::::parseVarDeclaration):
2899         (JSC::::parseVarDeclarationList):
2900         (JSC::::parseForStatement):
2901         (JSC::::parseFormalParameters):
2902         (JSC::::parseAssignmentExpression):
2903         * parser/Parser.h:
2904         (JSC::Scope::declareParameter):
2905         * parser/SyntaxChecker.h:
2906         (JSC::SyntaxChecker::createFormalParameterList):
2907         (JSC::SyntaxChecker::createForInLoop):
2908         (JSC::SyntaxChecker::operatorStackPop):
2909         * runtime/JSONObject.cpp:
2910         * runtime/JSONObject.h:
2911
2912 2013-09-26  Anders Carlsson  <andersca@apple.com>
2913
2914         Try to fix the Windows build.
2915
2916         * jit/JITThunks.cpp:
2917         (JSC::JITThunks::hostFunctionStub):
2918         * jit/JITThunks.h:
2919
2920 2013-09-26  Anders Carlsson  <andersca@apple.com>
2921
2922         Change a couple of HashMap value types from OwnPtr to std::unique_ptr
2923         https://bugs.webkit.org/show_bug.cgi?id=121973
2924
2925         Reviewed by Andreas Kling.
2926
2927         * API/JSClassRef.cpp:
2928         (OpaqueJSClassContextData::OpaqueJSClassContextData):
2929         (OpaqueJSClass::contextData):
2930         * API/JSClassRef.h:
2931         * bytecode/SamplingTool.h:
2932         * ftl/FTLAbstractHeap.h:
2933         * parser/Parser.cpp:
2934         (JSC::::parseFunctionInfo):
2935         * parser/SourceProviderCache.cpp:
2936         (JSC::SourceProviderCache::add):
2937         * parser/SourceProviderCache.h:
2938         * parser/SourceProviderCacheItem.h:
2939         (JSC::SourceProviderCacheItem::create):
2940         * profiler/ProfilerCompilation.cpp:
2941         (JSC::Profiler::Compilation::executionCounterFor):
2942         (JSC::Profiler::Compilation::toJS):
2943         * profiler/ProfilerCompilation.h:
2944         * runtime/JSGlobalObject.h:
2945
2946 2013-09-26  Mark Lam  <mark.lam@apple.com>
2947
2948         Move DFG inline caching logic into jit/.
2949         https://bugs.webkit.org/show_bug.cgi?id=121749.
2950
2951         Reviewed by Geoffrey Garen.
2952
2953         Relanding http://trac.webkit.org/changeset/156235 after rebasing to latest
2954         revision and fixing build breakages on Windows.
2955
2956         * CMakeLists.txt:
2957         * GNUmakefile.list.am:
2958         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2959         * JavaScriptCore.xcodeproj/project.pbxproj:
2960         * Target.pri:
2961         * bytecode/CallLinkInfo.cpp:
2962         (JSC::CallLinkInfo::unlink):
2963         * bytecode/CodeBlock.cpp:
2964         (JSC::CodeBlock::resetStubInternal):
2965         * bytecode/StructureStubInfo.h:
2966         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2967         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
2968         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
2969         * dfg/DFGJITCompiler.h:
2970         * dfg/DFGOSRExitCompiler.h:
2971         * dfg/DFGOperations.cpp:
2972         (JSC::DFG::operationPutByValInternal):
2973         * dfg/DFGOperations.h:
2974         (JSC::DFG::operationNewTypedArrayWithSizeForType):
2975         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
2976         * dfg/DFGRegisterSet.h: Removed.
2977         * dfg/DFGRepatch.cpp: Removed.
2978         * dfg/DFGRepatch.h: Removed.
2979         * dfg/DFGScratchRegisterAllocator.h: Removed.
2980         * dfg/DFGSpeculativeJIT.cpp:
2981         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
2982         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2983         (JSC::DFG::SpeculativeJIT::compare):
2984         * dfg/DFGSpeculativeJIT.h:
2985         (JSC::DFG::SpeculativeJIT::callOperation):
2986         * dfg/DFGSpeculativeJIT32_64.cpp:
2987         (JSC::DFG::SpeculativeJIT::cachedPutById):
2988         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2989         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2990         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2991         (JSC::DFG::SpeculativeJIT::compile):
2992         * dfg/DFGSpeculativeJIT64.cpp:
2993         (JSC::DFG::SpeculativeJIT::cachedPutById):
2994         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2995         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2996         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2997         (JSC::DFG::SpeculativeJIT::compile):
2998         * dfg/DFGThunks.cpp:
2999         * dfg/DFGThunks.h:
3000         * ftl/FTLIntrinsicRepository.h:
3001         * ftl/FTLLowerDFGToLLVM.cpp:
3002         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
3003         * ftl/FTLOSRExitCompiler.h:
3004         * jit/AssemblyHelpers.h:
3005         (JSC::AssemblyHelpers::writeBarrier):
3006         * jit/JIT.cpp:
3007         (JSC::JIT::linkFor):
3008         (JSC::JIT::linkSlowCall):
3009         * jit/JITCall.cpp:
3010         (JSC::JIT::compileCallEvalSlowCase):
3011         (JSC::JIT::compileOpCallSlowCase):
3012         (JSC::JIT::privateCompileClosureCall):
3013         * jit/JITCall32_64.cpp:
3014         (JSC::JIT::compileCallEvalSlowCase):
3015         (JSC::JIT::compileOpCallSlowCase):
3016         (JSC::JIT::privateCompileClosureCall):
3017         * jit/JITOperationWrappers.h: Copied from Source/JavaScriptCore/jit/JITOperationWrappers.h.
3018         * jit/JITOperations.cpp: Copied from Source/JavaScriptCore/jit/JITOperations.cpp.
3019         (JSC::getHostCallReturnValueWithExecState):
3020         * jit/JITOperations.h: Copied from Source/JavaScriptCore/jit/JITOperations.h.
3021         * jit/RegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
3022         * jit/Repatch.cpp: Copied from Source/JavaScriptCore/jit/Repatch.cpp.
3023         (JSC::tryBuildGetByIDList):
3024         * jit/Repatch.h: Copied from Source/JavaScriptCore/jit/Repatch.h.
3025         * jit/ScratchRegisterAllocator.h: Copied from Source/JavaScriptCore/jit/ScratchRegisterAllocator.h.
3026         * jit/ThunkGenerators.cpp:
3027         (JSC::oldStyleGenerateSlowCaseFor):
3028         (JSC::oldStyleLinkForGenerator):
3029         (JSC::oldStyleLinkCallGenerator):
3030         (JSC::oldStyleLinkConstructGenerator):
3031         (JSC::oldStyleLinkClosureCallGenerator):
3032         (JSC::oldStyleVirtualForGenerator):
3033         (JSC::oldStyleVirtualCallGenerator):
3034         (JSC::oldStyleVirtualConstructGenerator):
3035         (JSC::emitPointerValidation):
3036         (JSC::throwExceptionFromCallSlowPathGenerator):
3037         (JSC::slowPathFor):
3038         (JSC::linkForThunkGenerator):
3039         (JSC::linkCallThunkGenerator):
3040         (JSC::linkConstructThunkGenerator):
3041         (JSC::linkClosureCallThunkGenerator):
3042         (JSC::virtualForThunkGenerator):
3043         (JSC::virtualCallThunkGenerator):
3044         (JSC::virtualConstructThunkGenerator):
3045         * jit/ThunkGenerators.h:
3046
3047 2013-09-26  Anders Carlsson  <andersca@apple.com>
3048
3049         Remove PassWeak.h
3050         https://bugs.webkit.org/show_bug.cgi?id=121971
3051
3052         Reviewed by Geoffrey Garen.
3053
3054         * GNUmakefile.list.am:
3055         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3056         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3057         * JavaScriptCore.xcodeproj/project.pbxproj:
3058         * heap/PassWeak.h: Removed.
3059         * heap/WeakInlines.h:
3060
3061 2013-09-26  Anders Carlsson  <andersca@apple.com>
3062
3063         Stop using PassWeak
3064         https://bugs.webkit.org/show_bug.cgi?id=121968
3065
3066         Reviewed by Sam Weinig.
3067
3068         * heap/Weak.h:
3069         Remove all knowledge of PassWeak.
3070
3071         (JSC::Weak::Weak):
3072         These constructors don't need to be explicit.
3073
3074         * heap/WeakInlines.h:
3075         (JSC::weakAdd):
3076         Change Value to be an rvalue reference and use std::forward.
3077
3078         * jit/JITThunks.cpp:
3079         (JSC::JITThunks::hostFunctionStub):
3080         Remove PassWeak.
3081
3082         * runtime/RegExpCache.cpp:
3083         (JSC::RegExpCache::lookupOrCreate):
3084         Use Weak instead of PassWeak.
3085
3086         * runtime/SimpleTypedArrayController.cpp:
3087         Change add and set to take Weak by value and std::move into place.
3088
3089         * runtime/WeakGCMap.h:
3090         (JSC::WeakGCMap::get):
3091         (JSC::WeakGCMap::set):
3092         (JSC::WeakGCMap::add):
3093
3094 2013-09-26  Commit Queue  <commit-queue@webkit.org>
3095
3096         Unreviewed, rolling out r156474.
3097         http://trac.webkit.org/changeset/156474
3098         https://bugs.webkit.org/show_bug.cgi?id=121966
3099
3100         Broke the builds. (Requested by xenon on #webkit).
3101
3102         * bytecode/CodeBlock.cpp:
3103         (JSC::CodeBlock::registerName):
3104         (JSC::CodeBlock::dumpBytecode):
3105         (JSC::CodeBlock::CodeBlock):
3106         (JSC::CodeBlock::createActivation):
3107         (JSC::CodeBlock::nameForRegister):
3108         * bytecode/CodeBlock.h:
3109         (JSC::unmodifiedArgumentsRegister):
3110         (JSC::CodeBlock::isKnownNotImmediate):
3111         (JSC::CodeBlock::setThisRegister):
3112         (JSC::CodeBlock::thisRegister):
3113         (JSC::CodeBlock::setArgumentsRegister):
3114         (JSC::CodeBlock::argumentsRegister):
3115         (JSC::CodeBlock::uncheckedArgumentsRegister):
3116         (JSC::CodeBlock::setActivationRegister):
3117         (JSC::CodeBlock::activationRegister):
3118         (JSC::CodeBlock::uncheckedActivationRegister):
3119         (JSC::CodeBlock::usesArguments):
3120         (JSC::CodeBlock::isCaptured):
3121         * bytecode/Instruction.h:
3122         * bytecode/LazyOperandValueProfile.h:
3123         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
3124         (JSC::LazyOperandValueProfileKey::operator!):
3125         (JSC::LazyOperandValueProfileKey::hash):
3126         (JSC::LazyOperandValueProfileKey::operand):
3127         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
3128         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
3129         * bytecode/MethodOfGettingAValueProfile.cpp:
3130         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
3131         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
3132         * bytecode/Operands.h:
3133         (JSC::localToOperand):
3134         (JSC::operandIsLocal):
3135         (JSC::operandToLocal):
3136         (JSC::operandIsArgument):
3137         (JSC::operandToArgument):
3138         (JSC::argumentToOperand):
3139         (JSC::Operands::operand):
3140         (JSC::Operands::hasOperand):
3141         (JSC::Operands::setOperand):
3142         (JSC::Operands::operandForIndex):
3143         (JSC::Operands::setOperandFirstTime):
3144         * bytecode/UnlinkedCodeBlock.cpp:
3145         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
3146         * bytecode/UnlinkedCodeBlock.h:
3147         (JSC::UnlinkedCodeBlock::setThisRegister):
3148         (JSC::UnlinkedCodeBlock::setActivationRegister):
3149         (JSC::UnlinkedCodeBlock::setArgumentsRegister):
3150         (JSC::UnlinkedCodeBlock::usesArguments):
3151         (JSC::UnlinkedCodeBlock::argumentsRegister):
3152         (JSC::UnlinkedCodeBlock::usesGlobalObject):
3153         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
3154         (JSC::UnlinkedCodeBlock::globalObjectRegister):
3155         (JSC::UnlinkedCodeBlock::thisRegister):
3156         (JSC::UnlinkedCodeBlock::activationRegister):
3157         * bytecode/ValueRecovery.h:
3158         (JSC::ValueRecovery::displacedInJSStack):
3159         (JSC::ValueRecovery::virtualRegister):
3160         (JSC::ValueRecovery::dumpInContext):
3161         * bytecode/VirtualRegister.h:
3162         (WTF::printInternal):
3163         * bytecompiler/BytecodeGenerator.cpp:
3164         (JSC::BytecodeGenerator::generate):
3165         (JSC::BytecodeGenerator::addVar):
3166         (JSC::BytecodeGenerator::BytecodeGenerator):
3167         (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
3168         (JSC::BytecodeGenerator::newRegister):
3169         (JSC::BytecodeGenerator::emitLoadGlobalObject):
3170         (JSC::BytecodeGenerator::emitGetArgumentsLength):
3171         (JSC::BytecodeGenerator::emitGetArgumentByVal):
3172         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
3173         (JSC::BytecodeGenerator::emitReturn):
3174         * bytecompiler/BytecodeGenerator.h:
3175         (JSC::BytecodeGenerator::registerFor):
3176         * bytecompiler/RegisterID.h:
3177         (JSC::RegisterID::RegisterID):
3178         (JSC::RegisterID::setIndex):
3179         (JSC::RegisterID::index):
3180         * debugger/DebuggerCallFrame.cpp:
3181         (JSC::DebuggerCallFrame::thisObject):
3182         * dfg/DFGAbstractHeap.h:
3183         (JSC::DFG::AbstractHeap::Payload::Payload):
3184         * dfg/DFGAbstractInterpreterInlines.h:
3185         (JSC::DFG::::executeEffects):
3186         (JSC::DFG::::clobberCapturedVars):
3187         * dfg/DFGArgumentPosition.h:
3188         (JSC::DFG::ArgumentPosition::dump):
3189         * dfg/DFGArgumentsSimplificationPhase.cpp:
3190         (JSC::DFG::ArgumentsSimplificationPhase::run):
3191         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
3192         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
3193         * dfg/DFGByteCodeParser.cpp:
3194         (JSC::DFG::ByteCodeParser::newVariableAccessData):
3195         (JSC::DFG::ByteCodeParser::getDirect):
3196         (JSC::DFG::ByteCodeParser::get):
3197         (JSC::DFG::ByteCodeParser::setDirect):
3198         (JSC::DFG::ByteCodeParser::set):
3199         (JSC::DFG::ByteCodeParser::getLocal):
3200         (JSC::DFG::ByteCodeParser::setLocal):
3201         (JSC::DFG::ByteCodeParser::getArgument):
3202         (JSC::DFG::ByteCodeParser::setArgument):
3203         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
3204         (JSC::DFG::ByteCodeParser::findArgumentPosition):
3205         (JSC::DFG::ByteCodeParser::flush):
3206         (JSC::DFG::ByteCodeParser::flushDirect):
3207         (JSC::DFG::ByteCodeParser::getToInt32):
3208         (JSC::DFG::ByteCodeParser::getThis):
3209         (JSC::DFG::ByteCodeParser::addCall):
3210         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
3211         (JSC::DFG::ByteCodeParser::handleCall):
3212         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
3213         (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
3214         (JSC::DFG::ByteCodeParser::handleInlining):
3215         (JSC::DFG::ByteCodeParser::handleMinMax):
3216         (JSC::DFG::ByteCodeParser::handleIntrinsic):
3217         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
3218         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3219         (JSC::DFG::ByteCodeParser::handleGetByOffset):
3220         (JSC::DFG::ByteCodeParser::handleGetById):
3221         (JSC::DFG::ByteCodeParser::parseBlock):
3222         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3223         (JSC::DFG::ByteCodeParser::parse):
3224         * dfg/DFGCFGSimplificationPhase.cpp:
3225         * dfg/DFGCPSRethreadingPhase.cpp:
3226         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
3227         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
3228         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
3229         * dfg/DFGCapabilities.cpp:
3230         (JSC::DFG::capabilityLevel):
3231         * dfg/DFGConstantFoldingPhase.cpp:
3232         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
3233         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
3234         (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
3235         * dfg/DFGGraph.cpp:
3236         (JSC::DFG::Graph::dump):
3237         * dfg/DFGGraph.h:
3238         (JSC::DFG::Graph::argumentsRegisterFor):
3239         (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
3240         (JSC::DFG::Graph::uncheckedActivationRegisterFor):
3241         (JSC::DFG::Graph::valueProfileFor):
3242         * dfg/DFGJITCode.cpp:
3243         (JSC::DFG::JITCode::reconstruct):
3244         * dfg/DFGNode.h:
3245         (JSC::DFG::Node::Node):
3246         (JSC::DFG::Node::convertToGetLocalUnlinked):
3247         (JSC::DFG::Node::hasVirtualRegister):
3248         (JSC::DFG::Node::virtualRegister):
3249         (JSC::DFG::Node::setVirtualRegister):
3250         * dfg/DFGOSREntry.cpp:
3251         (JSC::DFG::prepareOSREntry):
3252         * dfg/DFGOSREntrypointCreationPhase.cpp:
3253         (JSC::DFG::OSREntrypointCreationPhase::run):
3254         * dfg/DFGOSRExit.h:
3255         * dfg/DFGOSRExitCompiler32_64.cpp:
3256         (JSC::DFG::OSRExitCompiler::compileExit):
3257         * dfg/DFGOSRExitCompiler64.cpp:
3258         (JSC::DFG::OSRExitCompiler::compileExit):
3259         * dfg/DFGRegisterBank.h:
3260         (JSC::DFG::RegisterBank::tryAllocate):
3261         (JSC::DFG::RegisterBank::allocateSpecific):
3262         (JSC::DFG::RegisterBank::retain):
3263         (JSC::DFG::RegisterBank::isInUse):
3264         (JSC::DFG::RegisterBank::dump):
3265         (JSC::DFG::RegisterBank::releaseAtIndex):
3266         (JSC::DFG::RegisterBank::allocateInternal):
3267         (JSC::DFG::RegisterBank::MapEntry::MapEntry):
3268         * dfg/DFGScoreBoard.h:
3269         (JSC::DFG::ScoreBoard::allocate):
3270         (JSC::DFG::ScoreBoard::use):
3271         * dfg/DFGSpeculativeJIT.cpp:
3272         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
3273         (JSC::DFG::SpeculativeJIT::checkConsistency):
3274         (JSC::DFG::SpeculativeJIT::compileMovHint):
3275         (JSC::DFG::SpeculativeJIT::compileInlineStart):
3276         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
3277         * dfg/DFGSpeculativeJIT.h:
3278         (JSC::DFG::SpeculativeJIT::allocate):
3279         (JSC::DFG::SpeculativeJIT::fprAllocate):
3280         (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
3281         (JSC::DFG::SpeculativeJIT::flushRegisters):